idnits 2.17.1
draft-ietf-netconf-restconf-client-server-06.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document date (June 4, 2018) is 2147 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Outdated reference: A later version (-35) exists of
draft-ietf-netconf-keystore-04
== Outdated reference: A later version (-41) exists of
draft-ietf-netconf-tls-client-server-05
== Outdated reference: A later version (-36) exists of
draft-ietf-netconf-netconf-client-server-05
-- Obsolete informational reference (is this intentional?): RFC 5246
(Obsoleted by RFC 8446)
-- Obsolete informational reference (is this intentional?): RFC 6536
(Obsoleted by RFC 8341)
Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETCONF Working Group K. Watsen
3 Internet-Draft Juniper Networks
4 Intended status: Standards Track G. Wu
5 Expires: December 6, 2018 Cisco Networks
6 June 4, 2018
8 RESTCONF Client and Server Models
9 draft-ietf-netconf-restconf-client-server-06
11 Abstract
13 This document defines two YANG modules, one module to configure a
14 RESTCONF client and the other module to configure a RESTCONF server.
15 Both modules support the TLS transport protocol with both standard
16 RESTCONF and RESTCONF Call Home connections.
18 Editorial Note (To be removed by RFC Editor)
20 This draft contains many placeholder values that need to be replaced
21 with finalized values at the time of publication. This note
22 summarizes all of the substitutions that are needed. No other RFC
23 Editor instructions are specified elsewhere in this document.
25 This document contains references to other drafts in progress, both
26 in the Normative References section, as well as in body text
27 throughout. Please update the following references to reflect their
28 final RFC assignments:
30 o I-D.ietf-netconf-keystore
32 o I-D.ietf-netconf-tls-client-server
34 Artwork in this document contains shorthand references to drafts in
35 progress. Please apply the following replacements:
37 o "XXXX" --> the assigned RFC value for this draft
39 o "ZZZZ" --> the assigned RFC value for I-D.ietf-netconf-tls-client-
40 server
42 Artwork in this document contains placeholder values for the date of
43 publication of this draft. Please apply the following replacement:
45 o "2018-06-04" --> the publication date of this draft
47 The following Appendix section is to be removed prior to publication:
49 o Appendix A. Change Log
51 Status of This Memo
53 This Internet-Draft is submitted in full conformance with the
54 provisions of BCP 78 and BCP 79.
56 Internet-Drafts are working documents of the Internet Engineering
57 Task Force (IETF). Note that other groups may also distribute
58 working documents as Internet-Drafts. The list of current Internet-
59 Drafts is at https://datatracker.ietf.org/drafts/current/.
61 Internet-Drafts are draft documents valid for a maximum of six months
62 and may be updated, replaced, or obsoleted by other documents at any
63 time. It is inappropriate to use Internet-Drafts as reference
64 material or to cite them other than as "work in progress."
66 This Internet-Draft will expire on December 6, 2018.
68 Copyright Notice
70 Copyright (c) 2018 IETF Trust and the persons identified as the
71 document authors. All rights reserved.
73 This document is subject to BCP 78 and the IETF Trust's Legal
74 Provisions Relating to IETF Documents
75 (https://trustee.ietf.org/license-info) in effect on the date of
76 publication of this document. Please review these documents
77 carefully, as they describe your rights and restrictions with respect
78 to this document. Code Components extracted from this document must
79 include Simplified BSD License text as described in Section 4.e of
80 the Trust Legal Provisions and are provided without warranty as
81 described in the Simplified BSD License.
83 Table of Contents
85 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
86 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
87 2. The RESTCONF Client Model . . . . . . . . . . . . . . . . . . 3
88 2.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4
89 2.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 6
90 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 8
91 3. The RESTCONF Server Model . . . . . . . . . . . . . . . . . . 17
92 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 17
93 3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 20
94 3.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 23
95 4. Security Considerations . . . . . . . . . . . . . . . . . . . 32
96 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33
97 5.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 33
98 5.2. The YANG Module Names Registry . . . . . . . . . . . . . 34
99 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 34
100 6.1. Normative References . . . . . . . . . . . . . . . . . . 34
101 6.2. Informative References . . . . . . . . . . . . . . . . . 35
102 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 37
103 A.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 37
104 A.2. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 37
105 A.3. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 37
106 A.4. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 37
107 A.5. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 37
108 A.6. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 38
109 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 38
110 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38
112 1. Introduction
114 This document defines two YANG [RFC7950] modules, one module to
115 configure a RESTCONF client and the other module to configure a
116 RESTCONF server [RFC8040]. Both modules support the TLS [RFC5246]
117 transport protocol with both standard RESTCONF and RESTCONF Call Home
118 connections [RFC8071].
120 1.1. Terminology
122 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
123 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
124 "OPTIONAL" in this document are to be interpreted as described in BCP
125 14 [RFC2119] [RFC8174] when, and only when, they appear in all
126 capitals, as shown here.
128 2. The RESTCONF Client Model
130 The RESTCONF client model presented in this section supports both
131 clients initiating connections to servers, as well as clients
132 listening for connections from servers calling home.
134 This model, like that presented in
135 [I-D.ietf-netconf-netconf-client-server], is designed to support any
136 number of possible transports. RESTCONF only supports the TLS
137 transport currently, thus this model only supports the TLS transport.
139 All private keys and trusted certificates are held in the keystore
140 model defined in [I-D.ietf-netconf-keystore].
142 YANG feature statements are used to enable implementations to
143 advertise which parts of the model the RESTCONF client supports.
145 2.1. Tree Diagram
147 The following tree diagram [RFC8340] provides an overview of the data
148 model for the "ietf-restconf-client" module. Just the container is
149 displayed below, but there is also a reuable grouping by the same
150 name that the container is using.
152 [Note: '\' line wrapping for formatting only]
154 module: ietf-restconf-client
155 +--rw restconf-client
156 +--rw initiate! {initiate}?
157 | +--rw restconf-server* [name]
158 | +--rw name string
159 | +--rw endpoints
160 | +--rw endpoint* [name]
161 | +--rw name string
162 | +--rw (transport)
163 | | +--:(tls) {tls-initiate}?
164 | | +--rw tls
165 | | +--rw address inet:host
166 | | +--rw port? inet:port-number
167 | | +--rw client-identity
168 | | | +--rw (auth-type)
169 | | | +--:(certificate)
170 | | | +--rw certificate
171 | | | +--rw (local-or-keystore)
172 | | | +--:(local)
173 | | | | +--rw algorithm
174 | | | | | ct:key-algorithm\
175 -ref
176 | | | | +--rw public-key
177 | | | | | binary
178 | | | | +--rw private-key
179 | | | | | union
180 | | | | +--rw cert
181 | | | | | ct:end-entity-ce\
182 rt-cms
183 | | | | +---n certificate-expira\
184 tion
185 | | | | +-- expiration-date?
186 | | | | yang:date-and\
187 -time
188 | | | +--:(keystore)
189 | | | {keystore-implemen\
190 ted}?
191 | | | +--rw reference
192 | | | ks:asymmetric-ke\
193 y-certificate-ref
194 | | +--rw server-auth
195 | | | +--rw pinned-ca-certs?
196 | | | | ta:pinned-certificates-ref
197 | | | +--rw pinned-server-certs?
198 | | | ta:pinned-certificates-ref
199 | | +--rw hello-params
200 | | {tls-client-hello-params-config}?
201 | | +--rw tls-versions
202 | | | +--rw tls-version* identityref
203 | | +--rw cipher-suites
204 | | +--rw cipher-suite* identityref
205 | +--rw connection-type
206 | | +--rw (connection-type)?
207 | | +--:(persistent-connection)
208 | | | +--rw persistent!
209 | | | +--rw idle-timeout? uint32
210 | | | +--rw keep-alives
211 | | | +--rw max-wait? uint16
212 | | | +--rw max-attempts? uint8
213 | | +--:(periodic-connection)
214 | | +--rw periodic!
215 | | +--rw idle-timeout? uint16
216 | | +--rw reconnect-timeout? uint16
217 | +--rw reconnect-strategy
218 | +--rw start-with? enumeration
219 | +--rw max-attempts? uint8
220 +--rw listen! {listen}?
221 +--rw idle-timeout? uint16
222 +--rw endpoint* [name]
223 +--rw name string
224 +--rw (transport)
225 +--:(tls) {tls-listen}?
226 +--rw tls
227 +--rw address? inet:ip-address
228 +--rw port? inet:port-number
229 +--rw client-identity
230 | +--rw (auth-type)
231 | +--:(certificate)
232 | +--rw certificate
233 | +--rw (local-or-keystore)
234 | +--:(local)
235 | | +--rw algorithm
236 | | | ct:key-algorithm-ref
237 | | +--rw public-key
238 | | | binary
239 | | +--rw private-key
240 | | | union
241 | | +--rw cert
242 | | | ct:end-entity-cert-cms\
244 | | +---n certificate-expiration
245 | | +-- expiration-date?
246 | | yang:date-and-time
247 | +--:(keystore)
248 | {keystore-implemented}?
249 | +--rw reference
250 | ks:asymmetric-key-cert\
251 ificate-ref
252 +--rw server-auth
253 | +--rw pinned-ca-certs?
254 | | ta:pinned-certificates-ref
255 | +--rw pinned-server-certs?
256 | ta:pinned-certificates-ref
257 +--rw hello-params
258 {tls-client-hello-params-config}?
259 +--rw tls-versions
260 | +--rw tls-version* identityref
261 +--rw cipher-suites
262 +--rw cipher-suite* identityref
264 2.2. Example Usage
266 The following example illustrates configuring a RESTCONF client to
267 initiate connections, as well as listening for call-home connections.
269 This example is consistent with the examples presented in Section 2.2
270 of [I-D.ietf-netconf-keystore].
272 [Note: '\' line wrapping for formatting only]
274 file "ietf-restconf-client@2018-06-04.yang"
361 module ietf-restconf-client {
362 yang-version 1.1;
364 namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-client";
365 prefix "rcc";
367 import ietf-inet-types {
368 prefix inet;
369 reference
370 "RFC 6991: Common YANG Data Types";
371 }
373 import ietf-tls-client {
374 prefix ts;
375 revision-date 2018-06-04; // stable grouping definitions
376 reference
377 "RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers";
378 }
380 organization
381 "IETF NETCONF (Network Configuration) Working Group";
383 contact
384 "WG Web:
791 3. The RESTCONF Server Model
793 The RESTCONF server model presented in this section supports servers
794 both listening for connections as well as initiating call-home
795 connections.
797 All private keys and trusted certificates are held in the keystore
798 model defined in [I-D.ietf-netconf-keystore].
800 YANG feature statements are used to enable implementations to
801 advertise which parts of the model the RESTCONF server supports.
803 3.1. Tree Diagram
805 The following tree diagram [RFC8340] provides an overview of the data
806 model for the "ietf-restconf-client" module. Just the container is
807 displayed below, but there is also a reuable grouping by the same
808 name that the container is using.
810 [Note: '\' line wrapping for formatting only]
812 module: ietf-restconf-server
813 +--rw restconf-server
814 +--rw listen! {listen}?
815 | +--rw endpoint* [name]
816 | +--rw name string
817 | +--rw (transport)
818 | +--:(tls) {tls-listen}?
819 | +--rw tls
820 | +--rw address? inet:ip-address
821 | +--rw port? inet:port-number
822 | +--rw server-identity
823 | | +--rw (local-or-keystore)
824 | | +--:(local)
825 | | | +--rw algorithm
826 | | | | ct:key-algorithm-ref
827 | | | +--rw public-key binary
828 | | | +--rw private-key union
829 | | | +--rw cert
830 | | | | ct:end-entity-cert-cms
831 | | | +---n certificate-expiration
832 | | | +-- expiration-date?
833 | | | yang:date-and-time
834 | | +--:(keystore) {keystore-implemented}?
835 | | +--rw reference
836 | | ks:asymmetric-key-certificate-r\
837 ef
838 | +--rw client-auth
839 | | +--rw pinned-ca-certs?
840 | | | ta:pinned-certificates-ref
841 | | +--rw pinned-client-certs?
842 | | | ta:pinned-certificates-ref
843 | | +--rw cert-maps
844 | | +--rw cert-to-name* [id]
845 | | +--rw id uint32
846 | | +--rw fingerprint
847 | | | x509c2n:tls-fingerprint
848 | | +--rw map-type identityref
849 | | +--rw name string
850 | +--rw hello-params
851 | {tls-server-hello-params-config}?
852 | +--rw tls-versions
853 | | +--rw tls-version* identityref
854 | +--rw cipher-suites
855 | +--rw cipher-suite* identityref
856 +--rw call-home! {call-home}?
857 +--rw restconf-client* [name]
858 +--rw name string
859 +--rw endpoints
860 | +--rw endpoint* [name]
861 | +--rw name string
862 | +--rw (transport)
863 | +--:(tls) {tls-call-home}?
864 | +--rw tls
865 | +--rw address inet:host
866 | +--rw port? inet:port-number
867 | +--rw server-identity
868 | | +--rw (local-or-keystore)
869 | | +--:(local)
870 | | | +--rw algorithm
871 | | | | ct:key-algorithm-ref
872 | | | +--rw public-key
873 | | | | binary
874 | | | +--rw private-key
875 | | | | union
876 | | | +--rw cert
877 | | | | ct:end-entity-cert-cms
878 | | | +---n certificate-expiration
879 | | | +-- expiration-date?
880 | | | yang:date-and-time
881 | | +--:(keystore) {keystore-implemented\
882 }?
883 | | +--rw reference
884 | | ks:asymmetric-key-certifi\
885 cate-ref
886 | +--rw client-auth
887 | | +--rw pinned-ca-certs?
888 | | | ta:pinned-certificates-ref
889 | | +--rw pinned-client-certs?
890 | | | ta:pinned-certificates-ref
891 | | +--rw cert-maps
892 | | +--rw cert-to-name* [id]
893 | | +--rw id uint32
894 | | +--rw fingerprint
895 | | | x509c2n:tls-fingerprint
896 | | +--rw map-type identityref
897 | | +--rw name string
898 | +--rw hello-params
899 | {tls-server-hello-params-config}?
900 | +--rw tls-versions
901 | | +--rw tls-version* identityref
902 | +--rw cipher-suites
903 | +--rw cipher-suite* identityref
904 +--rw connection-type
905 | +--rw (connection-type)?
906 | +--:(persistent-connection)
907 | | +--rw persistent!
908 | | +--rw idle-timeout? uint32
909 | | +--rw keep-alives
910 | | +--rw max-wait? uint16
911 | | +--rw max-attempts? uint8
912 | +--:(periodic-connection)
913 | +--rw periodic!
914 | +--rw idle-timeout? uint16
915 | +--rw reconnect-timeout? uint16
916 +--rw reconnect-strategy
917 +--rw start-with? enumeration
918 +--rw max-attempts? uint8
920 3.2. Example Usage
922 The following example illustrates configuring a RESTCONF server to
923 listen for RESTCONF client connections, as well as configuring call-
924 home to one RESTCONF client.
926 This example is consistent with the examples presented in Section 2.2
927 of [I-D.ietf-netconf-keystore].
929 [Note: '\' line wrapping for formatting only]
931
file "ietf-restconf-server@2018-06-04.yang"
1064 module ietf-restconf-server {
1065 yang-version 1.1;
1067 namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-server";
1068 prefix "rcs";
1070 import ietf-inet-types {
1071 prefix inet;
1072 reference
1073 "RFC 6991: Common YANG Data Types";
1074 }
1076 import ietf-x509-cert-to-name {
1077 prefix x509c2n;
1078 reference
1079 "RFC 7407: A YANG Data Model for SNMP Configuration";
1080 }
1082 import ietf-tls-server {
1083 prefix ts;
1084 revision-date 2018-06-04; // stable grouping definitions
1085 reference
1086 "RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers";
1087 }
1089 organization
1090 "IETF NETCONF (Network Configuration) Working Group";
1092 contact
1093 "WG Web:
1094 WG List:
1096 Author: Kent Watsen
1097
1099 Author: Gary Wu
1100
1102 Author: Juergen Schoenwaelder
1103 ";
1105 description
1106 "This module contains a collection of YANG definitions for
1107 configuring RESTCONF servers.
1109 Copyright (c) 2017 IETF Trust and the persons identified as
1110 authors of the code. All rights reserved.
1112 Redistribution and use in source and binary forms, with or
1113 without modification, is permitted pursuant to, and subject
1114 to the license terms contained in, the Simplified BSD
1115 License set forth in Section 4.c of the IETF Trust's
1116 Legal Provisions Relating to IETF Documents
1117 (http://trustee.ietf.org/license-info).
1119 This version of this YANG module is part of RFC XXXX; see
1120 the RFC itself for full legal notices.";
1122 revision "2018-06-04" {
1123 description
1124 "Initial version";
1125 reference
1126 "RFC XXXX: RESTCONF Client and Server Models";
1127 }
1129 // Features
1131 feature listen {
1132 description
1133 "The 'listen' feature indicates that the RESTCONF server
1134 supports opening a port to accept RESTCONF client connections
1135 using at least one transport (e.g., TLS, etc.).";
1136 }
1138 feature tls-listen {
1139 if-feature listen;
1140 description
1141 "The 'tls-listen' feature indicates that the RESTCONF server
1142 supports opening a port to listen for incoming RESTCONF
1143 client connections. This feature exists as TLS might not
1144 be a mandatory to implement transport in the future.";
1145 reference
1146 "RFC 8040: RESTCONF Protocol";
1147 }
1148 feature call-home {
1149 description
1150 "The 'call-home' feature indicates that the RESTCONF
1151 server supports initiating RESTCONF call home connections
1152 to RESTCONF clients using at least one transport (e.g.,
1153 TLS, etc.).";
1154 reference
1155 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
1156 }
1158 feature tls-call-home {
1159 if-feature call-home;
1160 description
1161 "The 'tls-call-home' feature indicates that the RESTCONF
1162 server supports initiating connections to RESTCONF clients.
1163 This feature exists as TLS might not be a mandatory to
1164 implement transport in the future.";
1165 reference
1166 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
1167 }
1169 container restconf-server {
1170 uses restconf-server;
1171 description
1172 "Top-level container for RESTCONF server configuration.";
1173 }
1175 grouping restconf-server {
1176 description
1177 "Top-level grouping for RESTCONF server configuration.";
1179 container listen {
1180 if-feature listen;
1181 presence "Enables server to listen for TCP connections";
1182 description "Configures listen behavior";
1183 list endpoint {
1184 key name;
1185 min-elements 1;
1186 description
1187 "List of endpoints to listen for RESTCONF connections.";
1188 leaf name {
1189 type string;
1190 description
1191 "An arbitrary name for the RESTCONF listen endpoint.";
1192 }
1193 choice transport {
1194 mandatory true;
1195 description
1196 "Selects between available transports. This is a
1197 'choice' statement so as to support additional
1198 transport options to be augmented in.";
1199 case tls {
1200 if-feature tls-listen;
1201 container tls {
1202 description
1203 "TLS-specific listening configuration for inbound
1204 connections.";
1205 leaf address {
1206 type inet:ip-address;
1207 description
1208 "The IP address to listen on for incoming
1209 connections. The RESTCONF server will listen
1210 on all configured interfaces if no value is
1211 specified. INADDR_ANY (0.0.0.0) or INADDR6_ANY
1212 (0:0:0:0:0:0:0:0 a.k.a. ::) MUST be used when
1213 the server is to listen on all IPv4 or IPv6
1214 addresses, respectively.";
1215 }
1216 leaf port {
1217 type inet:port-number;
1218 default 443;
1219 description
1220 "The local port number to listen on. If no value
1221 is specified, the IANA-assigned port value for
1222 'https' (443) is used.";
1223 }
1224 uses ts:tls-server-grouping {
1225 refine "client-auth" {
1226 must 'pinned-ca-certs or pinned-client-certs';
1227 description
1228 "RESTCONF servers MUST be able to validate
1229 clients.";
1230 }
1231 augment "client-auth" {
1232 description
1233 "Augments in the cert-to-name structure,
1234 so the RESTCONF server can map TLS-layer
1235 client certificates to RESTCONF usernames.";
1236 container cert-maps {
1237 uses x509c2n:cert-to-name;
1238 description
1239 "The cert-maps container is used by a TLS-
1240 based RESTCONF server to map the RESTCONF
1241 client's presented X.509 certificate to
1242 a RESTCONF username. If no matching and
1243 valid cert-to-name list entry can be found,
1244 then the RESTCONF server MUST close the
1245 connection, and MUST NOT accept RESTCONF
1246 messages over it.";
1247 reference
1248 "RFC 7407: A YANG Data Model for SNMP
1249 Configuration.";
1250 }
1251 }
1252 }
1253 } // end tls container
1254 } // end tls case
1255 } // end transport
1256 } // end endpoint
1257 } // end listen
1259 container call-home {
1260 if-feature call-home;
1261 presence "Enables server to initiate TCP connections";
1262 description "Configures call-home behavior";
1263 list restconf-client {
1264 key name;
1265 min-elements 1;
1266 description
1267 "List of RESTCONF clients the RESTCONF server is to
1268 initiate call-home connections to in parallel.";
1269 leaf name {
1270 type string;
1271 description
1272 "An arbitrary name for the remote RESTCONF client.";
1273 }
1274 container endpoints {
1275 description
1276 "Container for the list of endpoints.";
1277 list endpoint {
1278 key name;
1279 min-elements 1;
1280 ordered-by user;
1281 description
1282 "User-ordered list of endpoints for this RESTCONF
1283 client. Defining more than one enables high-
1284 availability.";
1285 leaf name {
1286 type string;
1287 description
1288 "An arbitrary name for this endpoint.";
1289 }
1290 choice transport {
1291 mandatory true;
1292 description
1293 "Selects between available transports. This is a
1294 'choice' statement so as to support additional
1295 transport options to be augmented in.";
1296 case tls {
1297 if-feature tls-call-home;
1298 container tls {
1299 description
1300 "Specifies TLS-specific call-home transport
1301 configuration.";
1302 leaf address {
1303 type inet:host;
1304 mandatory true;
1305 description
1306 "The IP address or hostname of the endpoint.
1307 If a domain name is configured, then the
1308 DNS resolution should happen on each usage
1309 attempt. If the DNS resolution results in
1310 multiple IP addresses, the IP addresses will
1311 be tried according to local preference order
1312 until a connection has been established or
1313 until all IP addresses have failed.";
1314 }
1315 leaf port {
1316 type inet:port-number;
1317 default 4336;
1318 description
1319 "The IP port for this endpoint. The RESTCONF
1320 server will use the IANA-assigned well-known
1321 port for 'restconf-ch-tls' (4336) if no value
1322 is specified.";
1323 }
1324 uses ts:tls-server-grouping {
1325 refine "client-auth" {
1326 must 'pinned-ca-certs or pinned-client-certs';
1327 description
1328 "RESTCONF servers MUST be able to validate
1329 clients.";
1330 }
1331 augment "client-auth" {
1332 description
1333 "Augments in the cert-to-name structure,
1334 so the RESTCONF server can map TLS-layer
1335 client certificates to RESTCONF usernames.";
1336 container cert-maps {
1337 uses x509c2n:cert-to-name;
1338 description
1339 "The cert-maps container is used by a
1340 TLS-based RESTCONF server to map the
1341 RESTCONF client's presented X.509
1342 certificate to a RESTCONF username. If
1343 no matching and valid cert-to-name list
1344 entry can be found, then the RESTCONF
1345 server MUST close the connection, and
1346 MUST NOT accept RESTCONF messages over
1347 it.";
1348 reference
1349 "RFC 7407: A YANG Data Model for SNMP
1350 Configuration.";
1351 }
1352 }
1353 }
1354 }
1355 }
1356 } // end transport
1357 } // end endpoint
1358 } // end endpoints
1359 container connection-type {
1360 description
1361 "Indicates the RESTCONF client's preference for how the
1362 RESTCONF server's connection is maintained.";
1363 choice connection-type {
1364 default persistent-connection;
1365 description
1366 "Selects between available connection types.";
1367 case persistent-connection {
1368 container persistent {
1369 presence
1370 "Indicates that a persistent connection is to be
1371 maintained.";
1372 description
1373 "Maintain a persistent connection to the RESTCONF
1374 client. If the connection goes down, immediately
1375 start trying to reconnect to it, using the
1376 reconnection strategy.
1378 This connection type minimizes any RESTCONF
1379 client to RESTCONF server data-transfer delay,
1380 albeit at the expense of holding resources
1381 longer.";
1382 leaf idle-timeout {
1383 type uint32;
1384 units "seconds";
1385 default 86400; // one day;
1386 description
1387 "Specifies the maximum number of seconds that
1388 the underlying TLS session may remain idle.
1389 A TLS session will be dropped if it is idle
1390 for an interval longer than this number of
1391 seconds. If set to zero, then the server
1392 will never drop a session because it is idle.
1393 Sessions that have a notification subscription
1394 active are never dropped.";
1395 }
1396 container keep-alives {
1397 description
1398 "Configures the keep-alive policy, to
1399 proactively test the aliveness of the TLS
1400 client. An unresponsive TLS client will
1401 be dropped after approximately (max-attempts
1402 * max-wait) seconds.";
1403 reference
1404 "RFC 8071: NETCONF Call Home and RESTCONF
1405 Call Home, Section 3.1, item S6";
1406 leaf max-wait {
1407 type uint16 {
1408 range "1..max";
1409 }
1410 units seconds;
1411 default 30;
1412 description
1413 "Sets the amount of time in seconds after
1414 which if no data has been received from
1415 the TLS client, a TLS-level message will
1416 be sent to test the aliveness of the TLS
1417 client.";
1418 }
1419 leaf max-attempts {
1420 type uint8;
1421 default 3;
1422 description
1423 "Sets the maximum number of sequential keep-
1424 alive messages that can fail to obtain a
1425 response from the TLS client before assuming
1426 the TLS client is no longer alive.";
1427 }
1428 }
1429 }
1430 }
1431 case periodic-connection {
1432 container periodic {
1433 presence
1434 "Indicates that a periodic connection is to be
1435 maintained.";
1437 description
1438 "Periodically connect to the RESTCONF client, so
1439 that the RESTCONF client may send requests pending
1440 for the RESTCONF server. Once the connection has
1441 been closed, for whatever reason, the server will
1442 restart its timer until the next connection.";
1443 leaf idle-timeout {
1444 type uint16;
1445 units "seconds";
1446 default 300; // five minutes
1447 description
1448 "Specifies the maximum number of seconds that
1449 the underlying TLS session may remain idle.
1450 A TLS session will be dropped if it is idle
1451 for an interval longer than this number of
1452 seconds. If set to zero, then the server
1453 will never drop a session because it is idle.
1454 Sessions that have a notification subscription
1455 active are never dropped.";
1456 }
1457 leaf reconnect-timeout {
1458 type uint16 {
1459 range "1..max";
1460 }
1461 units minutes;
1462 default 60;
1463 description
1464 "The maximum amount of unconnected time
1465 the RESTCONF server will wait before
1466 re-establishing a connection to the
1467 RESTCONF client. The RESTCONF server
1468 may initiate a connection to the RESTCONF
1469 client before this time if desired
1470 (e.g., to deliver a notification).";
1471 }
1472 }
1473 }
1474 }
1475 }
1476 container reconnect-strategy {
1477 description
1478 "The reconnection strategy directs how a RESTCONF
1479 server reconnects to a RESTCONF client after after
1480 discovering its connection to the client has dropped,
1481 even if due to a reboot. The RESTCONF server starts
1482 with the specified endpoint and tries to connect to
1483 it max-attempts times before trying the next endpoint
1484 in the list (round robin).";
1486 leaf start-with {
1487 type enumeration {
1488 enum first-listed {
1489 description
1490 "Indicates that reconnections should start with
1491 the first endpoint listed.";
1492 }
1493 enum last-connected {
1494 description
1495 "Indicates that reconnections should start with
1496 the endpoint last connected to. If no previous
1497 connection has ever been established, then the
1498 first endpoint configured is used. RESTCONF
1499 servers SHOULD be able to remember the last
1500 endpoint connected to across reboots.";
1501 }
1502 }
1503 default first-listed;
1504 description
1505 "Specifies which of the RESTCONF client's endpoints
1506 the RESTCONF server should start with when trying
1507 to connect to the RESTCONF client.";
1508 }
1509 leaf max-attempts {
1510 type uint8 {
1511 range "1..max";
1512 }
1513 default 3;
1514 description
1515 "Specifies the number times the RESTCONF server tries
1516 to connect to a specific endpoint before moving on to
1517 the next endpoint in the list (round robin).";
1518 }
1519 }
1520 }
1521 }
1522 }
1523 }
1524
1526 4. Security Considerations
1528 The YANG module defined in this document uses a grouping defined in
1529 [I-D.ietf-netconf-tls-client-server]. Please see the Security
1530 Considerations section in that document for concerns related that
1531 grouping.
1533 The YANG module defined in this document is designed to be accessed
1534 via YANG based management protocols, such as NETCONF [RFC6241] and
1535 RESTCONF [RFC8040]. Both of these protocols have mandatory-to-
1536 implement secure transport layers (e.g., SSH, TLS) with mutual
1537 authentication.
1539 The NETCONF access control model (NACM) [RFC6536] provides the means
1540 to restrict access for particular users to a pre-configured subset of
1541 all available protocol operations and content.
1543 There are a number of data nodes defined in this YANG module that are
1544 writable/creatable/deletable (i.e., config true, which is the
1545 default). These data nodes may be considered sensitive or vulnerable
1546 in some network environments. Write operations (e.g., edit-config)
1547 to these data nodes without proper protection can have a negative
1548 effect on network operations. These are the subtrees and data nodes
1549 and their sensitivity/vulnerability:
1551 /: The entire data trees defined by the modules defined in this
1552 draft are sensitive to write operations. For instance, the
1553 addition or removal of references to keys, certificates,
1554 trusted anchors, etc., can dramatically alter the implemented
1555 security policy. However, no NACM annotations are applied as
1556 the data SHOULD be editable by users other than a designated
1557 'recovery session'.
1559 Some of the readable data nodes in this YANG module may be considered
1560 sensitive or vulnerable in some network environments. It is thus
1561 important to control read access (e.g., via get, get-config, or
1562 notification) to these data nodes. These are the subtrees and data
1563 nodes and their sensitivity/vulnerability:
1565 NONE
1567 Some of the RPC operations in this YANG module may be considered
1568 sensitive or vulnerable in some network environments. It is thus
1569 important to control access to these operations. These are the
1570 operations and their sensitivity/vulnerability:
1572 NONE
1574 5. IANA Considerations
1576 5.1. The IETF XML Registry
1578 This document registers two URIs in the IETF XML registry [RFC3688].
1579 Following the format in [RFC3688], the following registrations are
1580 requested:
1582 URI: urn:ietf:params:xml:ns:yang:ietf-restconf-client
1583 Registrant Contact: The NETCONF WG of the IETF.
1584 XML: N/A, the requested URI is an XML namespace.
1586 URI: urn:ietf:params:xml:ns:yang:ietf-restconf-server
1587 Registrant Contact: The NETCONF WG of the IETF.
1588 XML: N/A, the requested URI is an XML namespace.
1590 5.2. The YANG Module Names Registry
1592 This document registers two YANG modules in the YANG Module Names
1593 registry [RFC7950]. Following the format in [RFC7950], the the
1594 following registrations are requested:
1596 name: ietf-restconf-client
1597 namespace: urn:ietf:params:xml:ns:yang:ietf-restconf-client
1598 prefix: ncc
1599 reference: RFC XXXX
1601 name: ietf-restconf-server
1602 namespace: urn:ietf:params:xml:ns:yang:ietf-restconf-server
1603 prefix: ncs
1604 reference: RFC XXXX
1606 6. References
1608 6.1. Normative References
1610 [I-D.ietf-netconf-keystore]
1611 Watsen, K., "YANG Data Model for a "Keystore" Mechanism",
1612 draft-ietf-netconf-keystore-04 (work in progress), October
1613 2017.
1615 [I-D.ietf-netconf-tls-client-server]
1616 Watsen, K. and G. Wu, "YANG Groupings for TLS Clients and
1617 TLS Servers", draft-ietf-netconf-tls-client-server-05
1618 (work in progress), October 2017.
1620 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1621 Requirement Levels", BCP 14, RFC 2119,
1622 DOI 10.17487/RFC2119, March 1997,
1623 .
1625 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
1626 RFC 6991, DOI 10.17487/RFC6991, July 2013,
1627 .
1629 [RFC7407] Bjorklund, M. and J. Schoenwaelder, "A YANG Data Model for
1630 SNMP Configuration", RFC 7407, DOI 10.17487/RFC7407,
1631 December 2014, .
1633 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
1634 RFC 7950, DOI 10.17487/RFC7950, August 2016,
1635 .
1637 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
1638 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
1639 .
1641 [RFC8071] Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
1642 RFC 8071, DOI 10.17487/RFC8071, February 2017,
1643 .
1645 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
1646 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
1647 May 2017, .
1649 6.2. Informative References
1651 [I-D.ietf-netconf-netconf-client-server]
1652 Watsen, K. and G. Wu, "NETCONF Client and Server Models",
1653 draft-ietf-netconf-netconf-client-server-05 (work in
1654 progress), October 2017.
1656 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1657 DOI 10.17487/RFC3688, January 2004,
1658 .
1660 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
1661 (TLS) Protocol Version 1.2", RFC 5246,
1662 DOI 10.17487/RFC5246, August 2008,
1663 .
1665 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
1666 and A. Bierman, Ed., "Network Configuration Protocol
1667 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
1668 .
1670 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
1671 Protocol (NETCONF) Access Control Model", RFC 6536,
1672 DOI 10.17487/RFC6536, March 2012,
1673 .
1675 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
1676 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
1677 .
1679 Appendix A. Change Log
1681 A.1. 00 to 01
1683 o Renamed "keychain" to "keystore".
1685 A.2. 01 to 02
1687 o Filled in previously missing 'ietf-restconf-client' module.
1689 o Updated the ietf-restconf-server module to accomodate new grouping
1690 'ietf-tls-server-grouping'.
1692 A.3. 02 to 03
1694 o Refined use of tls-client-grouping to add a must statement
1695 indicating that the TLS client must specify a client-certificate.
1697 o Changed restconf-client??? to be a grouping (not a container).
1699 A.4. 03 to 04
1701 o Added RFC 8174 to Requirements Language Section.
1703 o Replaced refine statement in ietf-restconf-client to add a
1704 mandatory true.
1706 o Added refine statement in ietf-restconf-server to add a must
1707 statement.
1709 o Now there are containers and groupings, for both the client and
1710 server models.
1712 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams
1714 o Updated examples to inline key and certificates (no longer a
1715 leafref to keystore)
1717 A.5. 04 to 05
1719 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams
1721 o Updated examples to inline key and certificates (no longer a
1722 leafref to keystore)
1724 A.6. 05 to 06
1726 o Fixed change log missing section issue.
1728 o Updated examples to match latest updates to the crypto-types,
1729 trust-anchors, and keystore drafts.
1731 o Reduced line length of the YANG modules to fit within 69 columns.
1733 Acknowledgements
1735 The authors would like to thank for following for lively discussions
1736 on list and in the halls (ordered by last name): Andy Bierman, Martin
1737 Bjorklund, Benoit Claise, Mehmet Ersue, Balazs Kovacs, David
1738 Lamparter, Alan Luchuk, Ladislav Lhotka, Radek Krejci, Tom Petch,
1739 Juergen Schoenwaelder, Phil Shafer, Sean Turner, and Bert Wijnen.
1741 Authors' Addresses
1743 Kent Watsen
1744 Juniper Networks
1746 EMail: kwatsen@juniper.net
1748 Gary Wu
1749 Cisco Networks
1751 EMail: garywu@cisco.com