idnits 2.17.1
draft-ietf-netconf-restconf-client-server-08.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document date (October 22, 2018) is 2012 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Outdated reference: A later version (-35) exists of
draft-ietf-netconf-keystore-06
== Outdated reference: A later version (-41) exists of
draft-ietf-netconf-tls-client-server-07
== Outdated reference: A later version (-36) exists of
draft-ietf-netconf-netconf-client-server-07
Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETCONF Working Group K. Watsen
3 Internet-Draft Juniper Networks
4 Intended status: Standards Track October 22, 2018
5 Expires: April 25, 2019
7 RESTCONF Client and Server Models
8 draft-ietf-netconf-restconf-client-server-08
10 Abstract
12 This document defines two YANG modules, one module to configure a
13 RESTCONF client and the other module to configure a RESTCONF server.
14 Both modules support the TLS transport protocol with both standard
15 RESTCONF and RESTCONF Call Home connections.
17 Editorial Note (To be removed by RFC Editor)
19 This draft contains many placeholder values that need to be replaced
20 with finalized values at the time of publication. This note
21 summarizes all of the substitutions that are needed. No other RFC
22 Editor instructions are specified elsewhere in this document.
24 This document contains references to other drafts in progress, both
25 in the Normative References section, as well as in body text
26 throughout. Please update the following references to reflect their
27 final RFC assignments:
29 o I-D.ietf-netconf-keystore
31 o I-D.ietf-netconf-tls-client-server
33 Artwork in this document contains shorthand references to drafts in
34 progress. Please apply the following replacements:
36 o "XXXX" --> the assigned RFC value for this draft
38 o "ZZZZ" --> the assigned RFC value for I-D.ietf-netconf-tls-client-
39 server
41 Artwork in this document contains placeholder values for the date of
42 publication of this draft. Please apply the following replacement:
44 o "2018-10-22" --> the publication date of this draft
46 The following Appendix section is to be removed prior to publication:
48 o Appendix A. Change Log
50 Status of This Memo
52 This Internet-Draft is submitted in full conformance with the
53 provisions of BCP 78 and BCP 79.
55 Internet-Drafts are working documents of the Internet Engineering
56 Task Force (IETF). Note that other groups may also distribute
57 working documents as Internet-Drafts. The list of current Internet-
58 Drafts is at https://datatracker.ietf.org/drafts/current/.
60 Internet-Drafts are draft documents valid for a maximum of six months
61 and may be updated, replaced, or obsoleted by other documents at any
62 time. It is inappropriate to use Internet-Drafts as reference
63 material or to cite them other than as "work in progress."
65 This Internet-Draft will expire on April 25, 2019.
67 Copyright Notice
69 Copyright (c) 2018 IETF Trust and the persons identified as the
70 document authors. All rights reserved.
72 This document is subject to BCP 78 and the IETF Trust's Legal
73 Provisions Relating to IETF Documents
74 (https://trustee.ietf.org/license-info) in effect on the date of
75 publication of this document. Please review these documents
76 carefully, as they describe your rights and restrictions with respect
77 to this document. Code Components extracted from this document must
78 include Simplified BSD License text as described in Section 4.e of
79 the Trust Legal Provisions and are provided without warranty as
80 described in the Simplified BSD License.
82 Table of Contents
84 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
85 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
86 2. The RESTCONF Client Model . . . . . . . . . . . . . . . . . . 3
87 2.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4
88 2.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 7
89 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 9
90 3. The RESTCONF Server Model . . . . . . . . . . . . . . . . . . 18
91 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 18
92 3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 21
93 3.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 24
94 4. Security Considerations . . . . . . . . . . . . . . . . . . . 34
95 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35
96 5.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 35
97 5.2. The YANG Module Names Registry . . . . . . . . . . . . . 35
99 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 36
100 6.1. Normative References . . . . . . . . . . . . . . . . . . 36
101 6.2. Informative References . . . . . . . . . . . . . . . . . 37
102 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 38
103 A.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 38
104 A.2. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 38
105 A.3. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 38
106 A.4. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 38
107 A.5. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 38
108 A.6. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 39
109 A.7. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 39
110 A.8. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 39
111 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 39
112 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 39
114 1. Introduction
116 This document defines two YANG [RFC7950] modules, one module to
117 configure a RESTCONF client and the other module to configure a
118 RESTCONF server [RFC8040]. Both modules support the TLS [RFC8446]
119 transport protocol with both standard RESTCONF and RESTCONF Call Home
120 connections [RFC8071].
122 1.1. Terminology
124 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
125 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
126 "OPTIONAL" in this document are to be interpreted as described in BCP
127 14 [RFC2119] [RFC8174] when, and only when, they appear in all
128 capitals, as shown here.
130 2. The RESTCONF Client Model
132 The RESTCONF client model presented in this section supports both
133 clients initiating connections to servers, as well as clients
134 listening for connections from servers calling home.
136 This model, like that presented in
137 [I-D.ietf-netconf-netconf-client-server], is designed to support any
138 number of possible transports. RESTCONF only supports the TLS
139 transport currently, thus this model only supports the TLS transport.
141 All private keys and trusted certificates are held in the keystore
142 model defined in [I-D.ietf-netconf-keystore].
144 YANG feature statements are used to enable implementations to
145 advertise which parts of the model the RESTCONF client supports.
147 2.1. Tree Diagram
149 The following tree diagram [RFC8340] provides an overview of the data
150 model for the "ietf-restconf-client" module. Just the container is
151 displayed below, but there is also a reusable grouping called
152 "restconf-client-grouping" that the container is using.
154 [Note: '\' line wrapping for formatting only]
156 module: ietf-restconf-client
157 +--rw restconf-client
158 +--rw initiate! {initiate}?
159 | +--rw restconf-server* [name]
160 | +--rw name string
161 | +--rw endpoints
162 | +--rw endpoint* [name]
163 | +--rw name string
164 | +--rw (transport)
165 | | +--:(tls) {tls-initiate}?
166 | | +--rw tls
167 | | +--rw address inet:host
168 | | +--rw port? inet:port-number
169 | | +--rw client-identity
170 | | | +--rw (auth-type)
171 | | | +--:(certificate)
172 | | | +--rw certificate
173 | | | +--rw (local-or-keystore)
174 | | | +--:(local)
175 | | | | {local-keys-suppor\
176 ted}?
177 | | | | +--rw algorithm?
178 | | | | | asymmetric-key-e\
179 ncryption-algorithm-ref
180 | | | | +--rw public-key?
181 | | | | | binary
182 | | | | +--rw private-key?
183 | | | | | union
184 | | | | +---x generate-hidden-key
185 | | | | | +---w input
186 | | | | | +---w algorithm
187 | | | | | asymmetric\
188 -key-encryption-algorithm-ref
189 | | | | +---x install-hidden-key
190 | | | | | +---w input
191 | | | | | +---w algorithm
192 | | | | | | asymmetric\
193 -key-encryption-algorithm-ref
194 | | | | | +---w public-key?
195 | | | | | | binary
196 | | | | | +---w private-key?
197 | | | | | binary
198 | | | | +--rw cert?
199 | | | | | end-entity-cert-\
200 cms
201 | | | | +---n certificate-expira\
202 tion
203 | | | | +-- expiration-date
204 | | | | yang:date-and\
205 -time
206 | | | +--:(keystore)
207 | | | {keystore-supporte\
208 d}?
209 | | | +--rw reference?
210 | | | ks:asymmetric-ke\
211 y-certificate-ref
212 | | +--rw server-auth
213 | | | +--rw pinned-ca-certs?
214 | | | | ta:pinned-certificates-ref
215 | | | | {ta:x509-certificates}?
216 | | | +--rw pinned-server-certs?
217 | | | ta:pinned-certificates-ref
218 | | | {ta:x509-certificates}?
219 | | +--rw hello-params
220 | | {tls-client-hello-params-config}?
221 | | +--rw tls-versions
222 | | | +--rw tls-version* identityref
223 | | +--rw cipher-suites
224 | | +--rw cipher-suite* identityref
225 | +--rw connection-type
226 | | +--rw (connection-type)
227 | | +--:(persistent-connection)
228 | | | +--rw persistent!
229 | | | +--rw keep-alives
230 | | | +--rw max-wait? uint16
231 | | | +--rw max-attempts? uint8
232 | | +--:(periodic-connection)
233 | | +--rw periodic!
234 | | +--rw period? uint16
235 | | +--rw anchor-time? yang:date-and-time
236 | | +--rw idle-timeout? uint16
237 | +--rw reconnect-strategy
238 | +--rw start-with? enumeration
239 | +--rw max-attempts? uint8
240 +--rw listen! {listen}?
241 +--rw idle-timeout? uint16
242 +--rw endpoint* [name]
243 +--rw name string
244 +--rw (transport)
245 +--:(tls) {tls-listen}?
246 +--rw tls
247 +--rw address? inet:ip-address
248 +--rw port? inet:port-number
249 +--rw client-identity
250 | +--rw (auth-type)
251 | +--:(certificate)
252 | +--rw certificate
253 | +--rw (local-or-keystore)
254 | +--:(local) {local-keys-supported\
255 }?
256 | | +--rw algorithm?
257 | | | asymmetric-key-encrypt\
258 ion-algorithm-ref
259 | | +--rw public-key?
260 | | | binary
261 | | +--rw private-key?
262 | | | union
263 | | +---x generate-hidden-key
264 | | | +---w input
265 | | | +---w algorithm
266 | | | asymmetric-key-e\
267 ncryption-algorithm-ref
268 | | +---x install-hidden-key
269 | | | +---w input
270 | | | +---w algorithm
271 | | | | asymmetric-key-e\
272 ncryption-algorithm-ref
273 | | | +---w public-key? bin\
274 ary
275 | | | +---w private-key? bin\
276 ary
277 | | +--rw cert?
278 | | | end-entity-cert-cms
279 | | +---n certificate-expiration
280 | | +-- expiration-date
281 | | yang:date-and-time
282 | +--:(keystore) {keystore-supporte\
283 d}?
284 | +--rw reference?
285 | ks:asymmetric-key-cert\
286 ificate-ref
287 +--rw server-auth
288 | +--rw pinned-ca-certs?
289 | | ta:pinned-certificates-ref
290 | | {ta:x509-certificates}?
291 | +--rw pinned-server-certs?
292 | ta:pinned-certificates-ref
293 | {ta:x509-certificates}?
294 +--rw hello-params
295 {tls-client-hello-params-config}?
296 +--rw tls-versions
297 | +--rw tls-version* identityref
298 +--rw cipher-suites
299 +--rw cipher-suite* identityref
301 2.2. Example Usage
303 The following example illustrates configuring a RESTCONF client to
304 initiate connections, as well as listening for call-home connections.
306 This example is consistent with the examples presented in Section 3.2
307 of [I-D.ietf-netconf-keystore].
309 [Note: '\' line wrapping for formatting only]
311
314
315
316
317 corp-fw1
318
319
320 corp-fw1.example.com
321
322 corp-fw1.example.com
323
324
325 ct:rsa2048
327 base64encodedvalue==
328 base64encodedvalue==
329 base64encodedvalue==
330
331
332
333 explicitly-trusted-server-ca-certs
335 explicitly-trusted-server-certs
337
338
339
340
341
342
343
344 corp-fw2.example.com
345
346 corp-fw2.example.com
347
348
349 ct:rsa2048
351 base64encodedvalue==
352 base64encodedvalue==
353 base64encodedvalue==
354
355
356
357 explicitly-trusted-server-ca-certs
359 explicitly-trusted-server-certs
361
362
363
364
365
366
367
368
369
371
372
373
374 Intranet-facing listener
375
376 11.22.33.44
377
378
379 ct:rsa2048
381 base64encodedvalue==
382 base64encodedvalue==
383 base64encodedvalue==
384
386
387
388 explicitly-trusted-server-ca-certs
390 explicitly-trusted-server-certs
392
393
394
395
396
398 2.3. YANG Module
400 This YANG module has normative references to [RFC6991], [RFC8040],
401 and [RFC8071], and [I-D.ietf-netconf-tls-client-server].
403 file "ietf-restconf-client@2018-10-22.yang"
404 module ietf-restconf-client {
405 yang-version 1.1;
407 namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-client";
408 prefix "rcc";
410 import ietf-yang-types {
411 prefix yang;
412 reference
413 "RFC 6991: Common YANG Data Types";
414 }
416 import ietf-inet-types {
417 prefix inet;
418 reference
419 "RFC 6991: Common YANG Data Types";
420 }
422 import ietf-tls-client {
423 prefix ts;
424 revision-date 2018-10-22; // stable grouping definitions
425 reference
426 "RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers";
427 }
429 organization
430 "IETF NETCONF (Network Configuration) Working Group";
432 contact
433 "WG Web:
434 WG List:
436 Author: Kent Watsen
437
439 Author: Gary Wu
440 ";
442 description
443 "This module contains a collection of YANG definitions for
444 configuring RESTCONF clients.
446 Copyright (c) 2017 IETF Trust and the persons identified as
447 authors of the code. All rights reserved.
449 Redistribution and use in source and binary forms, with or
450 without modification, is permitted pursuant to, and subject
451 to the license terms contained in, the Simplified BSD
452 License set forth in Section 4.c of the IETF Trust's
453 Legal Provisions Relating to IETF Documents
454 (http://trustee.ietf.org/license-info).
456 This version of this YANG module is part of RFC XXXX; see
457 the RFC itself for full legal notices.";
459 revision "2018-10-22" {
460 description
461 "Initial version";
462 reference
463 "RFC XXXX: RESTCONF Client and Server Models";
464 }
466 // Features
468 feature initiate {
469 description
470 "The 'initiate' feature indicates that the RESTCONF client
471 supports initiating RESTCONF connections to RESTCONF servers
472 using at least one transport (e.g., TLS, etc.).";
473 }
475 feature tls-initiate {
476 if-feature initiate;
477 description
478 "The 'tls-initiate' feature indicates that the RESTCONF client
479 supports initiating TLS connections to RESTCONF servers. This
480 feature exists as TLS might not be a mandatory to implement
481 transport in the future.";
482 reference
483 "RFC 8040: RESTCONF Protocol";
484 }
486 feature listen {
487 description
488 "The 'listen' feature indicates that the RESTCONF client
489 supports opening a port to accept RESTCONF server call
490 home connections using at least one transport (e.g.,
491 TLS, etc.).";
492 }
494 feature tls-listen {
495 if-feature listen;
496 description
497 "The 'tls-listen' feature indicates that the RESTCONF client
498 supports opening a port to listen for incoming RESTCONF
499 server call-home TLS connections. This feature exists as
500 TLS might not be a mandatory to implement transport in the
501 future.";
502 reference
503 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
504 }
506 container restconf-client {
507 uses restconf-client-grouping;
508 description
509 "Top-level container for RESTCONF client configuration.";
510 }
512 grouping restconf-client-grouping {
513 description
514 "Top-level grouping for RESTCONF client configuration.";
516 container initiate {
517 if-feature initiate;
518 presence "Enables client to initiate TCP connections";
519 description
520 "Configures client initiating underlying TCP connections.";
521 list restconf-server {
522 key name;
523 min-elements 1;
524 description
525 "List of RESTCONF servers the RESTCONF client is to
526 initiate connections to in parallel.";
527 leaf name {
528 type string;
529 description
530 "An arbitrary name for the RESTCONF server.";
531 }
532 container endpoints {
533 description
534 "Container for the list of endpoints.";
535 list endpoint {
536 key name;
537 min-elements 1;
538 ordered-by user;
539 description
540 "A non-empty user-ordered list of endpoints for this
541 RESTCONF client to try to connect to in sequence.
542 Defining more than one enables high-availability.";
543 leaf name {
544 type string;
545 description
546 "An arbitrary name for this endpoint.";
547 }
548 choice transport {
549 mandatory true;
550 description
551 "Selects between available transports. This is a
552 'choice' statement so as to support additional
553 transport options to be augmented in.";
554 case tls {
555 if-feature tls-initiate;
556 container tls {
557 description
558 "Specifies TLS-specific transport
559 configuration.";
560 leaf address {
561 type inet:host;
562 mandatory true;
563 description
564 "The IP address or hostname of the endpoint.
565 If a domain name is configured, then the
566 DNS resolution should happen on each usage
567 attempt. If the the DNS resolution results
568 in multiple IP addresses, the IP addresses
569 will be tried according to local preference
570 order until a connection has been established
571 or until all IP addresses have failed.";
572 }
573 leaf port {
574 type inet:port-number;
575 default 443;
576 description
577 "The IP port for this endpoint. The RESTCONF
578 client will use the IANA-assigned well-known
579 port for 'https' (443) if no value is
580 specified.";
581 }
582 uses ts:tls-client-grouping {
583 refine "client-identity/auth-type" {
584 mandatory true;
585 description
586 "RESTCONF clients MUST pass some
587 authentication credentials.";
588 }
589 }
590 }
591 } // end tls
592 } // end transport
593 container connection-type {
594 description
595 "Indicates the kind of connection to use.";
596 choice connection-type {
597 mandatory true;
598 description
599 "Selects between available connection types.";
600 case persistent-connection {
601 container persistent {
602 presence
603 "Indicates that a persistent connection is
604 to be maintained.";
605 description
606 "Maintain a persistent connection to the
607 RESTCONF server. If the connection goes down,
608 immediately start trying to reconnect to it,
609 using the reconnection strategy. This
610 connection type minimizes any RESTCONF server
611 to RESTCONF client data-transfer delay, albeit
612 at the expense of holding resources longer.";
613 container keep-alives {
614 description
615 "Configures the keep-alive policy, to
616 proactively test the aliveness of the TLS
617 server. An unresponsive TLS server will
618 be dropped after approximately max-attempts
619 * max-wait seconds.";
620 leaf max-wait {
621 type uint16 {
622 range "1..max";
623 }
624 units seconds;
625 default 30;
626 description
627 "Sets the amount of time in seconds after
628 which if no data has been received from
629 the TLS server, a TLS-level message will
630 be sent to test the aliveness of the TLS
631 server.";
632 }
633 leaf max-attempts {
634 type uint8;
635 default 3;
636 description
637 "Sets the maximum number of sequential
638 keep-alive messages that can fail to
639 obtain a response from the TLS server
640 before assuming the TLS server is no
641 longer alive.";
642 }
643 }
644 }
645 }
646 case periodic-connection {
647 container periodic {
648 presence
649 "Indicates that a periodic connection is to be
650 maintained.";
651 description
652 "Periodically connect to the NETCONF server.
653 The RESTCONF server should close the underlying
654 TLS connection upon completing planned
655 activities.
657 This connection type increases resource
658 utilization, albeit with increased delay in
659 RESTCONF server to RESTCONF client
660 interactions.";
661 leaf period {
662 type uint16;
663 units "minutes";
664 default 60;
665 description
666 "Duration of time between periodic
667 connections.";
668 }
669 leaf anchor-time {
670 type yang:date-and-time {
671 // constrained to minute-level granularity
672 pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}'
673 + '(Z|[\+\-]\d{2}:\d{2})';
674 }
675 description
676 "Designates a timestamp before or after which
677 a series of periodic connections are
678 determined. The periodic connections occur
679 at a whole multiple interval from the anchor
680 time. For example, for an anchor time is 15
681 minutes past midnight and a period interval
682 of 24 hours, then a periodic connection will
683 occur 15 minutes past midnight everyday.";
684 }
685 leaf idle-timeout {
686 type uint16;
687 units "seconds";
688 default 120; // two minutes
689 description
690 "Specifies the maximum number of seconds
691 that the underlying TLS session may remain
692 idle. A TLS session will be dropped if it
693 is idle for an interval longer than this
694 number of seconds If set to zero, then the
695 RESTCONF client will never drop a session
696 because it is idle.";
697 }
698 }
699 } // end periodic-connection
700 } // end connection-type
701 } // end connection-type
702 container reconnect-strategy {
703 description
704 "The reconnection strategy directs how a RESTCONF
705 client reconnects to a RESTCONF server, after
706 discovering its connection to the server has
707 dropped, even if due to a reboot. The RESTCONF
708 client starts with the specified endpoint and
709 tries to connect to it max-attempts times before
710 trying the next endpoint in the list (round
711 robin).";
712 leaf start-with {
713 type enumeration {
714 enum first-listed {
715 description
716 "Indicates that reconnections should start
717 with the first endpoint listed.";
718 }
719 enum last-connected {
720 description
721 "Indicates that reconnections should start
722 with the endpoint last connected to. If
723 no previous connection has ever been
724 established, then the first endpoint
725 configured is used. RESTCONF clients
726 SHOULD be able to remember the last
727 endpoint connected to across reboots.";
728 }
729 enum random-selection {
730 description
731 "Indicates that reconnections should start with
732 a random endpoint.";
733 }
734 }
735 default first-listed;
736 description
737 "Specifies which of the RESTCONF server's
738 endpoints the RESTCONF client should start
739 with when trying to connect to the RESTCONF
740 server.";
741 }
742 leaf max-attempts {
743 type uint8 {
744 range "1..max";
745 }
746 default 3;
747 description
748 "Specifies the number times the RESTCONF client
749 tries to connect to a specific endpoint before
750 moving on to the next endpoint in the list
751 (round robin).";
752 }
753 } // end reconnect-strategy
754 } // end endpoint
755 } // end endpoints
756 } // end restconf-server
757 } // end initiate
759 container listen {
760 if-feature listen;
761 presence "Enables client to accept call-home connections";
762 description
763 "Configures client accepting call-home TCP connections.";
765 leaf idle-timeout {
766 type uint16;
767 units "seconds";
768 default 3600; // one hour
769 description
770 "Specifies the maximum number of seconds that an
771 underlying TLS session may remain idle. A TLS session
772 will be dropped if it is idle for an interval longer
773 than this number of seconds. If set to zero, then
774 the server will never drop a session because it is
775 idle. Sessions that have a notification subscription
776 active are never dropped.";
777 }
779 list endpoint {
780 key name;
781 min-elements 1;
782 description
783 "List of endpoints to listen for RESTCONF connections.";
784 leaf name {
785 type string;
786 description
787 "An arbitrary name for the RESTCONF listen endpoint.";
788 }
789 choice transport {
790 mandatory true;
791 description
792 "Selects between available transports. This is a
793 'choice' statement so as to support additional
794 transport options to be augmented in.";
795 case tls {
796 if-feature tls-listen;
797 container tls {
798 description
799 "TLS-specific listening configuration for inbound
800 connections.";
801 leaf address {
802 type inet:ip-address;
803 description
804 "The IP address to listen on for incoming call-
805 home connections. The RESTCONF client will
806 listen on all configured interfaces if no
807 value is specified. INADDR_ANY (0.0.0.0) or
808 INADDR6_ANY (0:0:0:0:0:0:0:0 a.k.a. ::) MUST
809 be used when the server is to listen on all
810 IPv4 or IPv6 addresses, respectively.";
811 }
812 leaf port {
813 type inet:port-number;
814 default 4336;
815 description
816 "The port number to listen on for call-home
817 connections. The RESTCONF client will listen
818 on the IANA-assigned well-known port for
819 'restconf-ch-tls' (4336) if no value is
820 specified.";
821 }
822 uses ts:tls-client-grouping {
823 refine "client-identity/auth-type" {
824 mandatory true;
825 description
826 "RESTCONF clients MUST pass some authentication
827 credentials.";
828 }
829 }
830 }
831 }
832 } // end transport
833 } // end endpoint
834 } // end listen
835 } // end restconf-client
836 }
837
839 3. The RESTCONF Server Model
841 The RESTCONF server model presented in this section supports servers
842 both listening for connections as well as initiating call-home
843 connections.
845 All private keys and trusted certificates are held in the keystore
846 model defined in [I-D.ietf-netconf-keystore].
848 YANG feature statements are used to enable implementations to
849 advertise which parts of the model the RESTCONF server supports.
851 3.1. Tree Diagram
853 The following tree diagram [RFC8340] provides an overview of the data
854 model for the "ietf-restconf-server" module. Just the container is
855 displayed below, but there is also a reusable grouping called
856 "restconf-server-grouping" that the container is using.
858 [Note: '\' line wrapping for formatting only]
860 module: ietf-restconf-server
861 +--rw restconf-server
862 +--rw listen! {listen}?
863 | +--rw endpoint* [name]
864 | +--rw name string
865 | +--rw (transport)
866 | +--:(tls) {tls-listen}?
867 | +--rw tls
868 | +--rw address? inet:ip-address
869 | +--rw port? inet:port-number
870 | +--rw server-identity
871 | | +--rw (local-or-keystore)
872 | | +--:(local) {local-keys-supported}?
873 | | | +--rw algorithm?
874 | | | | asymmetric-key-encryption-algor\
875 ithm-ref
876 | | | +--rw public-key? binary
877 | | | +--rw private-key? union
878 | | | +---x generate-hidden-key
879 | | | | +---w input
880 | | | | +---w algorithm
881 | | | | asymmetric-key-encryption\
882 -algorithm-ref
883 | | | +---x install-hidden-key
884 | | | | +---w input
885 | | | | +---w algorithm
886 | | | | | asymmetric-key-encryption\
887 -algorithm-ref
888 | | | | +---w public-key? binary
889 | | | | +---w private-key? binary
890 | | | +--rw cert?
891 | | | | end-entity-cert-cms
892 | | | +---n certificate-expiration
893 | | | +-- expiration-date
894 | | | yang:date-and-time
895 | | +--:(keystore) {keystore-supported}?
896 | | +--rw reference?
897 | | ks:asymmetric-key-certificate-r\
898 ef
899 | +--rw client-auth
900 | | +--rw pinned-ca-certs?
901 | | | ta:pinned-certificates-ref
902 | | | {ta:x509-certificates}?
903 | | +--rw pinned-client-certs?
904 | | | ta:pinned-certificates-ref
905 | | | {ta:x509-certificates}?
906 | | +--rw cert-maps
907 | | +--rw cert-to-name* [id]
908 | | +--rw id uint32
909 | | +--rw fingerprint
910 | | | x509c2n:tls-fingerprint
911 | | +--rw map-type identityref
912 | | +--rw name string
913 | +--rw hello-params
914 | {tls-server-hello-params-config}?
915 | +--rw tls-versions
916 | | +--rw tls-version* identityref
917 | +--rw cipher-suites
918 | +--rw cipher-suite* identityref
919 +--rw call-home! {call-home}?
920 +--rw restconf-client* [name]
921 +--rw name string
922 +--rw endpoints
923 | +--rw endpoint* [name]
924 | +--rw name string
925 | +--rw (transport)
926 | +--:(tls) {tls-call-home}?
927 | +--rw tls
928 | +--rw address inet:host
929 | +--rw port? inet:port-number
930 | +--rw server-identity
931 | | +--rw (local-or-keystore)
932 | | +--:(local) {local-keys-supported}?
933 | | | +--rw algorithm?
934 | | | | asymmetric-key-encryption\
935 -algorithm-ref
936 | | | +--rw public-key?
937 | | | | binary
938 | | | +--rw private-key?
939 | | | | union
940 | | | +---x generate-hidden-key
941 | | | | +---w input
942 | | | | +---w algorithm
943 | | | | asymmetric-key-encr\
944 yption-algorithm-ref
945 | | | +---x install-hidden-key
946 | | | | +---w input
947 | | | | +---w algorithm
948 | | | | | asymmetric-key-encr\
949 yption-algorithm-ref
950 | | | | +---w public-key? binary
951 | | | | +---w private-key? binary
952 | | | +--rw cert?
953 | | | | end-entity-cert-cms
954 | | | +---n certificate-expiration
955 | | | +-- expiration-date
956 | | | yang:date-and-time
957 | | +--:(keystore) {keystore-supported}?
958 | | +--rw reference?
959 | | ks:asymmetric-key-certifi\
961 cate-ref
962 | +--rw client-auth
963 | | +--rw pinned-ca-certs?
964 | | | ta:pinned-certificates-ref
965 | | | {ta:x509-certificates}?
966 | | +--rw pinned-client-certs?
967 | | | ta:pinned-certificates-ref
968 | | | {ta:x509-certificates}?
969 | | +--rw cert-maps
970 | | +--rw cert-to-name* [id]
971 | | +--rw id uint32
972 | | +--rw fingerprint
973 | | | x509c2n:tls-fingerprint
974 | | +--rw map-type identityref
975 | | +--rw name string
976 | +--rw hello-params
977 | {tls-server-hello-params-config}?
978 | +--rw tls-versions
979 | | +--rw tls-version* identityref
980 | +--rw cipher-suites
981 | +--rw cipher-suite* identityref
982 +--rw connection-type
983 | +--rw (connection-type)
984 | +--:(persistent-connection)
985 | | +--rw persistent!
986 | | +--rw keep-alives
987 | | +--rw max-wait? uint16
988 | | +--rw max-attempts? uint8
989 | +--:(periodic-connection)
990 | +--rw periodic!
991 | +--rw period? uint16
992 | +--rw anchor-time? yang:date-and-time
993 | +--rw idle-timeout? uint16
994 +--rw reconnect-strategy
995 +--rw start-with? enumeration
996 +--rw max-attempts? uint8
998 3.2. Example Usage
1000 The following example illustrates configuring a RESTCONF server to
1001 listen for RESTCONF client connections, as well as configuring call-
1002 home to one RESTCONF client.
1004 This example is consistent with the examples presented in Section 3.2
1005 of [I-D.ietf-netconf-keystore].
1007 [Note: '\' line wrapping for formatting only]
1008
1012
1013
1014
1015 netconf/tls
1016
1017 11.22.33.44
1018
1019 ct:rsa2048
1021 base64encodedvalue==
1022 base64encodedvalue==
1023 base64encodedvalue==
1024
1025
1026 explicitly-trusted-client-ca-certs
1028 explicitly-trusted-client-certs
1030
1031
1032 1
1033 11:0A:05:11:00
1034 x509c2n:san-any
1035
1036
1037 2
1038 B3:4F:A1:8C:54
1039 x509c2n:specified
1040 scooby-doo
1041
1042
1043
1044
1045
1046
1048
1049
1050
1051 config-manager
1052
1053
1054 east-data-center
1055
1056 22.33.44.55
1057
1058 ct:rsa2048
1060 base64encodedvalue==
1061 base64encodedvalue==
1062 base64encodedvalue==
1063
1064
1065 explicitly-trusted-client-ca-certs
1067 explicitly-trusted-client-certs
1069
1070
1071 1
1072 11:0A:05:11:00
1073 x509c2n:san-any
1074
1075
1076 2
1077 B3:4F:A1:8C:54
1078 x509c2n:specified
1079 scooby-doo
1080
1081
1082
1083
1084
1085
1086 west-data-center
1087
1088 33.44.55.66
1089
1090 ct:rsa2048
1092 base64encodedvalue==
1093 base64encodedvalue==
1094 base64encodedvalue==
1095
1096
1097 explicitly-trusted-client-ca-certs
1099 explicitly-trusted-client-certs
1101
1102
1103 1
1104 11:0A:05:11:00
1105 x509c2n:san-any
1106
1107
1108 2
1109 B3:4F:A1:8C:54
1110 x509c2n:specified
1111 scooby-doo
1112
1113
1114
1115
1116
1117
1118
1119
1120 300
1121 60
1122
1123
1124
1125 last-connected
1126 3
1127
1128
1129
1130
1132 3.3. YANG Module
1134 This YANG module has normative references to [RFC6991], [RFC7407],
1135 [RFC8040], [RFC8071], and [I-D.ietf-netconf-tls-client-server].
1137 file "ietf-restconf-server@2018-10-22.yang"
1138 module ietf-restconf-server {
1139 yang-version 1.1;
1141 namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-server";
1142 prefix "rcs";
1144 import ietf-yang-types {
1145 prefix yang;
1146 reference
1147 "RFC 6991: Common YANG Data Types";
1148 }
1150 import ietf-inet-types {
1151 prefix inet;
1152 reference
1153 "RFC 6991: Common YANG Data Types";
1154 }
1156 import ietf-x509-cert-to-name {
1157 prefix x509c2n;
1158 reference
1159 "RFC 7407: A YANG Data Model for SNMP Configuration";
1160 }
1162 import ietf-tls-server {
1163 prefix ts;
1164 revision-date 2018-10-22; // stable grouping definitions
1165 reference
1166 "RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers";
1167 }
1169 organization
1170 "IETF NETCONF (Network Configuration) Working Group";
1172 contact
1173 "WG Web:
1174 WG List:
1176 Author: Kent Watsen
1177
1179 Author: Gary Wu
1180
1182 Author: Juergen Schoenwaelder
1183 ";
1185 description
1186 "This module contains a collection of YANG definitions for
1187 configuring RESTCONF servers.
1189 Copyright (c) 2017 IETF Trust and the persons identified as
1190 authors of the code. All rights reserved.
1192 Redistribution and use in source and binary forms, with or
1193 without modification, is permitted pursuant to, and subject
1194 to the license terms contained in, the Simplified BSD
1195 License set forth in Section 4.c of the IETF Trust's
1196 Legal Provisions Relating to IETF Documents
1197 (http://trustee.ietf.org/license-info).
1198 This version of this YANG module is part of RFC XXXX; see
1199 the RFC itself for full legal notices.";
1201 revision "2018-10-22" {
1202 description
1203 "Initial version";
1204 reference
1205 "RFC XXXX: RESTCONF Client and Server Models";
1206 }
1208 // Features
1210 feature listen {
1211 description
1212 "The 'listen' feature indicates that the RESTCONF server
1213 supports opening a port to accept RESTCONF client connections
1214 using at least one transport (e.g., TLS, etc.).";
1215 }
1217 feature tls-listen {
1218 if-feature listen;
1219 description
1220 "The 'tls-listen' feature indicates that the RESTCONF server
1221 supports opening a port to listen for incoming RESTCONF
1222 client connections. This feature exists as TLS might not
1223 be a mandatory to implement transport in the future.";
1224 reference
1225 "RFC 8040: RESTCONF Protocol";
1226 }
1228 feature call-home {
1229 description
1230 "The 'call-home' feature indicates that the RESTCONF
1231 server supports initiating RESTCONF call home connections
1232 to RESTCONF clients using at least one transport (e.g.,
1233 TLS, etc.).";
1234 reference
1235 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
1236 }
1238 feature tls-call-home {
1239 if-feature call-home;
1240 description
1241 "The 'tls-call-home' feature indicates that the RESTCONF
1242 server supports initiating connections to RESTCONF clients.
1243 This feature exists as TLS might not be a mandatory to
1244 implement transport in the future.";
1246 reference
1247 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
1248 }
1250 container restconf-server {
1251 uses restconf-server-grouping;
1252 description
1253 "Top-level container for RESTCONF server configuration.";
1254 }
1256 grouping restconf-server-grouping {
1257 description
1258 "Top-level grouping for RESTCONF server configuration.";
1260 container listen {
1261 if-feature listen;
1262 presence "Enables server to listen for TCP connections";
1263 description "Configures listen behavior";
1264 list endpoint {
1265 key name;
1266 min-elements 1;
1267 description
1268 "List of endpoints to listen for RESTCONF connections.";
1269 leaf name {
1270 type string;
1271 description
1272 "An arbitrary name for the RESTCONF listen endpoint.";
1273 }
1274 choice transport {
1275 mandatory true;
1276 description
1277 "Selects between available transports. This is a
1278 'choice' statement so as to support additional
1279 transport options to be augmented in.";
1280 case tls {
1281 if-feature tls-listen;
1282 container tls {
1283 description
1284 "TLS-specific listening configuration for inbound
1285 connections.";
1286 leaf address {
1287 type inet:ip-address;
1288 description
1289 "The IP address to listen on for incoming
1290 connections. The RESTCONF server will listen
1291 on all configured interfaces if no value is
1292 specified. INADDR_ANY (0.0.0.0) or INADDR6_ANY
1293 (0:0:0:0:0:0:0:0 a.k.a. ::) MUST be used when
1294 the server is to listen on all IPv4 or IPv6
1295 addresses, respectively.";
1296 }
1297 leaf port {
1298 type inet:port-number;
1299 default 443;
1300 description
1301 "The local port number to listen on. If no value
1302 is specified, the IANA-assigned port value for
1303 'https' (443) is used.";
1304 }
1305 uses ts:tls-server-grouping {
1306 refine "client-auth" {
1307 must 'pinned-ca-certs or pinned-client-certs';
1308 description
1309 "RESTCONF servers MUST be able to validate
1310 clients.";
1311 }
1312 augment "client-auth" {
1313 description
1314 "Augments in the cert-to-name structure,
1315 so the RESTCONF server can map TLS-layer
1316 client certificates to RESTCONF usernames.";
1317 container cert-maps {
1318 uses x509c2n:cert-to-name;
1319 description
1320 "The cert-maps container is used by a TLS-
1321 based RESTCONF server to map the RESTCONF
1322 client's presented X.509 certificate to
1323 a RESTCONF username. If no matching and
1324 valid cert-to-name list entry can be found,
1325 then the RESTCONF server MUST close the
1326 connection, and MUST NOT accept RESTCONF
1327 messages over it.";
1328 reference
1329 "RFC 7407: A YANG Data Model for SNMP
1330 Configuration.";
1331 }
1332 }
1333 }
1334 } // end tls container
1335 } // end tls case
1336 } // end transport
1337 } // end endpoint
1338 } // end listen
1340 container call-home {
1341 if-feature call-home;
1342 presence "Enables server to initiate TCP connections";
1343 description "Configures call-home behavior";
1344 list restconf-client {
1345 key name;
1346 min-elements 1;
1347 description
1348 "List of RESTCONF clients the RESTCONF server is to
1349 initiate call-home connections to in parallel.";
1350 leaf name {
1351 type string;
1352 description
1353 "An arbitrary name for the remote RESTCONF client.";
1354 }
1355 container endpoints {
1356 description
1357 "Container for the list of endpoints.";
1358 list endpoint {
1359 key name;
1360 min-elements 1;
1361 ordered-by user;
1362 description
1363 "User-ordered list of endpoints for this RESTCONF
1364 client. Defining more than one enables high-
1365 availability.";
1366 leaf name {
1367 type string;
1368 description
1369 "An arbitrary name for this endpoint.";
1370 }
1371 choice transport {
1372 mandatory true;
1373 description
1374 "Selects between available transports. This is a
1375 'choice' statement so as to support additional
1376 transport options to be augmented in.";
1377 case tls {
1378 if-feature tls-call-home;
1379 container tls {
1380 description
1381 "Specifies TLS-specific call-home transport
1382 configuration.";
1383 leaf address {
1384 type inet:host;
1385 mandatory true;
1386 description
1387 "The IP address or hostname of the endpoint.
1388 If a domain name is configured, then the
1389 DNS resolution should happen on each usage
1390 attempt. If the DNS resolution results in
1391 multiple IP addresses, the IP addresses will
1392 be tried according to local preference order
1393 until a connection has been established or
1394 until all IP addresses have failed.";
1395 }
1396 leaf port {
1397 type inet:port-number;
1398 default 4336;
1399 description
1400 "The IP port for this endpoint. The RESTCONF
1401 server will use the IANA-assigned well-known
1402 port for 'restconf-ch-tls' (4336) if no value
1403 is specified.";
1404 }
1405 uses ts:tls-server-grouping {
1406 refine "client-auth" {
1407 must 'pinned-ca-certs or pinned-client-certs';
1408 description
1409 "RESTCONF servers MUST be able to validate
1410 clients.";
1411 }
1412 augment "client-auth" {
1413 description
1414 "Augments in the cert-to-name structure,
1415 so the RESTCONF server can map TLS-layer
1416 client certificates to RESTCONF usernames.";
1417 container cert-maps {
1418 uses x509c2n:cert-to-name;
1419 description
1420 "The cert-maps container is used by a
1421 TLS-based RESTCONF server to map the
1422 RESTCONF client's presented X.509
1423 certificate to a RESTCONF username. If
1424 no matching and valid cert-to-name list
1425 entry can be found, then the RESTCONF
1426 server MUST close the connection, and
1427 MUST NOT accept RESTCONF messages over
1428 it.";
1429 reference
1430 "RFC 7407: A YANG Data Model for SNMP
1431 Configuration.";
1432 }
1433 }
1434 }
1435 }
1436 }
1437 } // end transport
1439 } // end endpoint
1440 } // end endpoints
1441 container connection-type {
1442 description
1443 "Indicates the RESTCONF client's preference for how the
1444 RESTCONF server's connection is maintained.";
1445 choice connection-type {
1446 mandatory true;
1447 description
1448 "Selects between available connection types.";
1449 case persistent-connection {
1450 container persistent {
1451 presence
1452 "Indicates that a persistent connection is to be
1453 maintained.";
1454 description
1455 "Maintain a persistent connection to the RESTCONF
1456 client. If the connection goes down, immediately
1457 start trying to reconnect to it, using the
1458 reconnection strategy.
1460 This connection type minimizes any RESTCONF
1461 client to RESTCONF server data-transfer delay,
1462 albeit at the expense of holding resources
1463 longer.";
1464 container keep-alives {
1465 description
1466 "Configures the keep-alive policy, to
1467 proactively test the aliveness of the TLS
1468 client. An unresponsive TLS client will
1469 be dropped after approximately (max-attempts
1470 * max-wait) seconds.";
1471 reference
1472 "RFC 8071: NETCONF Call Home and RESTCONF
1473 Call Home, Section 4.1, item S7";
1474 leaf max-wait {
1475 type uint16 {
1476 range "1..max";
1477 }
1478 units seconds;
1479 default 30;
1480 description
1481 "Sets the amount of time in seconds after
1482 which if no data has been received from
1483 the TLS client, a TLS-level message will
1484 be sent to test the aliveness of the TLS
1485 client.";
1486 }
1487 leaf max-attempts {
1488 type uint8;
1489 default 3;
1490 description
1491 "Sets the maximum number of sequential keep-
1492 alive messages that can fail to obtain a
1493 response from the TLS client before assuming
1494 the TLS client is no longer alive.";
1495 }
1496 }
1497 }
1498 }
1499 case periodic-connection {
1500 container periodic {
1501 presence
1502 "Indicates that a periodic connection is to be
1503 maintained.";
1504 description
1505 "Periodically connect to the RESTCONF client. The
1506 RESTCONF client should close the underlying TLS
1507 connection upon completing planned activities.
1509 This connection type increases resource
1510 utilization, albeit with increased delay in
1511 RESTCONF client to RESTCONF client interactions.";
1512 leaf period {
1513 type uint16;
1514 units "minutes";
1515 default 60;
1516 description
1517 "Duration of time between periodic connections.";
1518 }
1519 leaf anchor-time {
1520 type yang:date-and-time {
1521 // constrained to minute-level granularity
1522 pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}'
1523 + '(Z|[\+\-]\d{2}:\d{2})';
1524 }
1525 description
1526 "Designates a timestamp before or after which a
1527 series of periodic connections are determined.
1528 The periodic connections occur at a whole
1529 multiple interval from the anchor time. For
1530 example, for an anchor time is 15 minutes past
1531 midnight and a period interval of 24 hours, then
1532 a periodic connection will occur 15 minutes past
1533 midnight everyday.";
1534 }
1535 leaf idle-timeout {
1536 type uint16;
1537 units "seconds";
1538 default 120; // two minutes
1539 description
1540 "Specifies the maximum number of seconds that
1541 the underlying TLS session may remain idle.
1542 A TLS session will be dropped if it is idle
1543 for an interval longer than this number of
1544 seconds. If set to zero, then the server
1545 will never drop a session because it is idle.";
1546 }
1547 }
1548 }
1549 }
1550 }
1551 container reconnect-strategy {
1552 description
1553 "The reconnection strategy directs how a RESTCONF server
1554 reconnects to a RESTCONF client after discovering its
1555 connection to the client has dropped, even if due to a
1556 reboot. The RESTCONF server starts with the specified
1557 endpoint and tries to connect to it max-attempts times
1558 before trying the next endpoint in the list (round
1559 robin).";
1560 leaf start-with {
1561 type enumeration {
1562 enum first-listed {
1563 description
1564 "Indicates that reconnections should start with
1565 the first endpoint listed.";
1566 }
1567 enum last-connected {
1568 description
1569 "Indicates that reconnections should start with
1570 the endpoint last connected to. If no previous
1571 connection has ever been established, then the
1572 first endpoint configured is used. RESTCONF
1573 servers SHOULD be able to remember the last
1574 endpoint connected to across reboots.";
1575 }
1576 enum random-selection {
1577 description
1578 "Indicates that reconnections should start with
1579 a random endpoint.";
1580 }
1581 }
1582 default first-listed;
1583 description
1584 "Specifies which of the RESTCONF client's endpoints
1585 the RESTCONF server should start with when trying
1586 to connect to the RESTCONF client.";
1587 }
1588 leaf max-attempts {
1589 type uint8 {
1590 range "1..max";
1591 }
1592 default 3;
1593 description
1594 "Specifies the number times the RESTCONF server tries
1595 to connect to a specific endpoint before moving on to
1596 the next endpoint in the list (round robin).";
1597 }
1598 }
1599 }
1600 }
1601 }
1602 }
1603
1605 4. Security Considerations
1607 The YANG module defined in this document uses a grouping defined in
1608 [I-D.ietf-netconf-tls-client-server]. Please see the Security
1609 Considerations section in that document for concerns related that
1610 grouping.
1612 The YANG module defined in this document is designed to be accessed
1613 via YANG based management protocols, such as NETCONF [RFC6241] and
1614 RESTCONF [RFC8040]. Both of these protocols have mandatory-to-
1615 implement secure transport layers (e.g., SSH, TLS) with mutual
1616 authentication.
1618 The NETCONF access control model (NACM) [RFC8341] provides the means
1619 to restrict access for particular users to a pre-configured subset of
1620 all available protocol operations and content.
1622 There are a number of data nodes defined in this YANG module that are
1623 writable/creatable/deletable (i.e., config true, which is the
1624 default). These data nodes may be considered sensitive or vulnerable
1625 in some network environments. Write operations (e.g., edit-config)
1626 to these data nodes without proper protection can have a negative
1627 effect on network operations. These are the subtrees and data nodes
1628 and their sensitivity/vulnerability:
1630 /: The entire data trees defined by the modules defined in this
1631 draft are sensitive to write operations. For instance, the
1632 addition or removal of references to keys, certificates,
1633 trusted anchors, etc., can dramatically alter the implemented
1634 security policy. However, no NACM annotations are applied as
1635 the data SHOULD be editable by users other than a designated
1636 'recovery session'.
1638 Some of the readable data nodes in this YANG module may be considered
1639 sensitive or vulnerable in some network environments. It is thus
1640 important to control read access (e.g., via get, get-config, or
1641 notification) to these data nodes. These are the subtrees and data
1642 nodes and their sensitivity/vulnerability:
1644 NONE
1646 Some of the RPC operations in this YANG module may be considered
1647 sensitive or vulnerable in some network environments. It is thus
1648 important to control access to these operations. These are the
1649 operations and their sensitivity/vulnerability:
1651 NONE
1653 5. IANA Considerations
1655 5.1. The IETF XML Registry
1657 This document registers two URIs in the "ns" subregistry of the IETF
1658 XML Registry [RFC3688]. Following the format in [RFC3688], the
1659 following registrations are requested:
1661 URI: urn:ietf:params:xml:ns:yang:ietf-restconf-client
1662 Registrant Contact: The NETCONF WG of the IETF.
1663 XML: N/A, the requested URI is an XML namespace.
1665 URI: urn:ietf:params:xml:ns:yang:ietf-restconf-server
1666 Registrant Contact: The NETCONF WG of the IETF.
1667 XML: N/A, the requested URI is an XML namespace.
1669 5.2. The YANG Module Names Registry
1671 This document registers two YANG modules in the YANG Module Names
1672 registry [RFC6020]. Following the format in [RFC6020], the the
1673 following registrations are requested:
1675 name: ietf-restconf-client
1676 namespace: urn:ietf:params:xml:ns:yang:ietf-restconf-client
1677 prefix: ncc
1678 reference: RFC XXXX
1680 name: ietf-restconf-server
1681 namespace: urn:ietf:params:xml:ns:yang:ietf-restconf-server
1682 prefix: ncs
1683 reference: RFC XXXX
1685 6. References
1687 6.1. Normative References
1689 [I-D.ietf-netconf-keystore]
1690 Watsen, K., "YANG Data Model for a Centralized Keystore
1691 Mechanism", draft-ietf-netconf-keystore-06 (work in
1692 progress), September 2018.
1694 [I-D.ietf-netconf-tls-client-server]
1695 Watsen, K. and G. Wu, "YANG Groupings for TLS Clients and
1696 TLS Servers", draft-ietf-netconf-tls-client-server-07
1697 (work in progress), September 2018.
1699 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1700 Requirement Levels", BCP 14, RFC 2119,
1701 DOI 10.17487/RFC2119, March 1997,
1702 .
1704 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
1705 the Network Configuration Protocol (NETCONF)", RFC 6020,
1706 DOI 10.17487/RFC6020, October 2010,
1707 .
1709 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
1710 RFC 6991, DOI 10.17487/RFC6991, July 2013,
1711 .
1713 [RFC7407] Bjorklund, M. and J. Schoenwaelder, "A YANG Data Model for
1714 SNMP Configuration", RFC 7407, DOI 10.17487/RFC7407,
1715 December 2014, .
1717 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
1718 RFC 7950, DOI 10.17487/RFC7950, August 2016,
1719 .
1721 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
1722 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
1723 .
1725 [RFC8071] Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
1726 RFC 8071, DOI 10.17487/RFC8071, February 2017,
1727 .
1729 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
1730 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
1731 May 2017, .
1733 6.2. Informative References
1735 [I-D.ietf-netconf-netconf-client-server]
1736 Watsen, K., "NETCONF Client and Server Models", draft-
1737 ietf-netconf-netconf-client-server-07 (work in progress),
1738 September 2018.
1740 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1741 DOI 10.17487/RFC3688, January 2004,
1742 .
1744 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
1745 and A. Bierman, Ed., "Network Configuration Protocol
1746 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
1747 .
1749 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
1750 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
1751 .
1753 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
1754 Access Control Model", STD 91, RFC 8341,
1755 DOI 10.17487/RFC8341, March 2018,
1756 .
1758 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
1759 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
1760 .
1762 Appendix A. Change Log
1764 A.1. 00 to 01
1766 o Renamed "keychain" to "keystore".
1768 A.2. 01 to 02
1770 o Filled in previously missing 'ietf-restconf-client' module.
1772 o Updated the ietf-restconf-server module to accomodate new grouping
1773 'ietf-tls-server-grouping'.
1775 A.3. 02 to 03
1777 o Refined use of tls-client-grouping to add a must statement
1778 indicating that the TLS client must specify a client-certificate.
1780 o Changed restconf-client??? to be a grouping (not a container).
1782 A.4. 03 to 04
1784 o Added RFC 8174 to Requirements Language Section.
1786 o Replaced refine statement in ietf-restconf-client to add a
1787 mandatory true.
1789 o Added refine statement in ietf-restconf-server to add a must
1790 statement.
1792 o Now there are containers and groupings, for both the client and
1793 server models.
1795 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams
1797 o Updated examples to inline key and certificates (no longer a
1798 leafref to keystore)
1800 A.5. 04 to 05
1802 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams
1804 o Updated examples to inline key and certificates (no longer a
1805 leafref to keystore)
1807 A.6. 05 to 06
1809 o Fixed change log missing section issue.
1811 o Updated examples to match latest updates to the crypto-types,
1812 trust-anchors, and keystore drafts.
1814 o Reduced line length of the YANG modules to fit within 69 columns.
1816 A.7. 06 to 07
1818 o removed "idle-timeout" from "persistent" connection config.
1820 o Added "random-selection" for reconnection-strategy's "starts-with"
1821 enum.
1823 o Replaced "connection-type" choice default (persistent) with
1824 "mandatory true".
1826 o Reduced the periodic-connection's "idle-timeout" from 5 to 2
1827 minutes.
1829 o Replaced reconnect-timeout with period/anchor-time combo.
1831 A.8. 07 to 08
1833 o Modified examples to be compatible with new crypto-types algs
1835 Acknowledgements
1837 The authors would like to thank for following for lively discussions
1838 on list and in the halls (ordered by last name): Andy Bierman, Martin
1839 Bjorklund, Benoit Claise, Mehmet Ersue, Balazs Kovacs, David
1840 Lamparter, Alan Luchuk, Ladislav Lhotka, Radek Krejci, Tom Petch,
1841 Juergen Schoenwaelder, Phil Shafer, Sean Turner, and Bert Wijnen.
1843 Author's Address
1845 Kent Watsen
1846 Juniper Networks
1848 EMail: kwatsen@juniper.net