idnits 2.17.1
draft-ietf-netconf-restconf-client-server-11.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 1646 has weird spacing: '...address ine...'
== Line 1763 has weird spacing: '...address ine...'
== Line 1883 has weird spacing: '...address ine...'
== Line 1981 has weird spacing: '...address ine...'
== Line 2089 has weird spacing: '...address ine...'
== (1 more instance...)
-- The document date (April 7, 2019) is 1846 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Outdated reference: A later version (-35) exists of
draft-ietf-netconf-keystore-08
== Outdated reference: A later version (-41) exists of
draft-ietf-netconf-tls-client-server-10
== Outdated reference: A later version (-05) exists of
draft-kwatsen-netconf-http-client-server-00
== Outdated reference: A later version (-02) exists of
draft-kwatsen-netconf-tcp-client-server-00
== Outdated reference: A later version (-28) exists of
draft-ietf-netconf-trust-anchors-03
Summary: 0 errors (**), 0 flaws (~~), 12 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETCONF Working Group K. Watsen
3 Internet-Draft Watsen Networks
4 Intended status: Standards Track April 7, 2019
5 Expires: October 9, 2019
7 RESTCONF Client and Server Models
8 draft-ietf-netconf-restconf-client-server-11
10 Abstract
12 This document defines two YANG modules, one module to configure a
13 RESTCONF client and the other module to configure a RESTCONF server.
14 Both modules support the TLS transport protocol with both standard
15 RESTCONF and RESTCONF Call Home connections.
17 Editorial Note (To be removed by RFC Editor)
19 This draft contains many placeholder values that need to be replaced
20 with finalized values at the time of publication. This note
21 summarizes all of the substitutions that are needed. No other RFC
22 Editor instructions are specified elsewhere in this document.
24 This document contains references to other drafts in progress, both
25 in the Normative References section, as well as in body text
26 throughout. Please update the following references to reflect their
27 final RFC assignments:
29 o I-D.ietf-netconf-keystore
31 o I-D.ietf-netconf-tcp-client-server
33 o I-D.ietf-netconf-tls-client-server
35 o I-D.ietf-netconf-http-client-server
37 Artwork in this document contains shorthand references to drafts in
38 progress. Please apply the following replacements:
40 o "XXXX" --> the assigned RFC value for this draft
42 o "AAAA" --> the assigned RFC value for I-D.ietf-netconf-tcp-client-
43 server
45 o "BBBB" --> the assigned RFC value for I-D.ietf-netconf-tls-client-
46 server
48 o "CCCC" --> the assigned RFC value for I-D.ietf-netconf-http-
49 client-server
51 Artwork in this document contains placeholder values for the date of
52 publication of this draft. Please apply the following replacement:
54 o "2019-04-07" --> the publication date of this draft
56 The following Appendix section is to be removed prior to publication:
58 o Appendix B. Change Log
60 Status of This Memo
62 This Internet-Draft is submitted in full conformance with the
63 provisions of BCP 78 and BCP 79.
65 Internet-Drafts are working documents of the Internet Engineering
66 Task Force (IETF). Note that other groups may also distribute
67 working documents as Internet-Drafts. The list of current Internet-
68 Drafts is at https://datatracker.ietf.org/drafts/current/.
70 Internet-Drafts are draft documents valid for a maximum of six months
71 and may be updated, replaced, or obsoleted by other documents at any
72 time. It is inappropriate to use Internet-Drafts as reference
73 material or to cite them other than as "work in progress."
75 This Internet-Draft will expire on October 9, 2019.
77 Copyright Notice
79 Copyright (c) 2019 IETF Trust and the persons identified as the
80 document authors. All rights reserved.
82 This document is subject to BCP 78 and the IETF Trust's Legal
83 Provisions Relating to IETF Documents
84 (https://trustee.ietf.org/license-info) in effect on the date of
85 publication of this document. Please review these documents
86 carefully, as they describe your rights and restrictions with respect
87 to this document. Code Components extracted from this document must
88 include Simplified BSD License text as described in Section 4.e of
89 the Trust Legal Provisions and are provided without warranty as
90 described in the Simplified BSD License.
92 Table of Contents
94 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
95 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
96 2. The RESTCONF Client Model . . . . . . . . . . . . . . . . . . 4
97 2.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4
98 2.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 5
99 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 9
100 3. The RESTCONF Server Model . . . . . . . . . . . . . . . . . . 17
101 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 17
102 3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 18
103 3.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 22
104 4. Security Considerations . . . . . . . . . . . . . . . . . . . 31
105 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
106 5.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 32
107 5.2. The YANG Module Names Registry . . . . . . . . . . . . . 33
108 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 33
109 6.1. Normative References . . . . . . . . . . . . . . . . . . 33
110 6.2. Informative References . . . . . . . . . . . . . . . . . 34
111 Appendix A. Expanded Tree Diagrams . . . . . . . . . . . . . . . 36
112 A.1. Expanded Tree Diagram for 'ietf-restconf-client' . . . . 36
113 A.2. Expanded Tree Diagram for 'ietf-restconf-server' . . . . 45
114 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 49
115 B.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 49
116 B.2. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 49
117 B.3. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 49
118 B.4. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 49
119 B.5. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 50
120 B.6. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 50
121 B.7. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 50
122 B.8. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 50
123 B.9. 08 to 09 . . . . . . . . . . . . . . . . . . . . . . . . 50
124 B.10. 09 to 10 . . . . . . . . . . . . . . . . . . . . . . . . 51
125 B.11. 10 to 11 . . . . . . . . . . . . . . . . . . . . . . . . 51
126 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 51
127 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 51
129 1. Introduction
131 This document defines two YANG [RFC7950] modules, one module to
132 configure a RESTCONF client and the other module to configure a
133 RESTCONF server [RFC8040]. Both modules support the TLS [RFC8446]
134 transport protocol with both standard RESTCONF and RESTCONF Call Home
135 connections [RFC8071].
137 1.1. Terminology
139 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
140 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
141 "OPTIONAL" in this document are to be interpreted as described in BCP
142 14 [RFC2119] [RFC8174] when, and only when, they appear in all
143 capitals, as shown here.
145 2. The RESTCONF Client Model
147 The RESTCONF client model presented in this section supports both
148 clients initiating connections to servers, as well as clients
149 listening for connections from servers calling home.
151 YANG feature statements are used to enable implementations to
152 advertise which potentially uncommon parts of the model the RESTCONF
153 client supports.
155 2.1. Tree Diagram
157 The following tree diagram [RFC8340] provides an overview of the data
158 model for the "ietf-restconf-client" module.
160 This tree diagram only shows the nodes defined in this module; it
161 does show the nodes defined by "grouping" statements used by this
162 module.
164 Please see Appendix A.1 for a tree diagram that illustrates what the
165 module looks like with all the "grouping" statements expanded.
167 module: ietf-restconf-client
168 +--rw restconf-client
169 +---u restconf-client-grouping
171 grouping restconf-client-grouping
172 +-- initiate! {initiate}?
173 | +-- restconf-server* [name]
174 | +-- name? string
175 | +-- endpoints
176 | | +-- endpoint* [name]
177 | | +-- name? string
178 | | +-- (transport)
179 | | +--:(https) {https-initiate}?
180 | | +-- https
181 | | +---u restconf-client-grouping
182 | +-- connection-type
183 | | +-- (connection-type)
184 | | +--:(persistent-connection)
185 | | | +-- persistent!
186 | | +--:(periodic-connection)
187 | | +-- periodic!
188 | | +-- period? uint16
189 | | +-- anchor-time? yang:date-and-time
190 | | +-- idle-timeout? uint16
191 | +-- reconnect-strategy
192 | +-- start-with? enumeration
193 | +-- max-attempts? uint8
194 +-- listen! {listen}?
195 +-- idle-timeout? uint16
196 +-- endpoint* [name]
197 +-- name? string
198 +-- (transport)
199 +--:(https) {https-listen}?
200 +-- https
201 +---u restconf-client-grouping
203 2.2. Example Usage
205 The following example illustrates configuring a RESTCONF client to
206 initiate connections, as well as listening for call-home connections.
208 This example is consistent with the examples presented in Section 2
209 of [I-D.ietf-netconf-trust-anchors] and Section 3.2 of
210 [I-D.ietf-netconf-keystore].
212 =========== NOTE: '\' line wrapping per BCP XX (RFC XXXX) ===========
214
217
218
219
220 corp-fw1
221
222
223 corp-fw1.example.com
224
225
226 corp-fw1.example.com
227
228 15
229 3
230 30
231
232
233
234
235
236
237 ct:rsa2048
239 base64encodedvalue==
240 base64encodedvalue==
241 base64encodedvalue==
242
243
244
245
246 explicitly-trusted-server-ca-certs<\
247 /pinned-ca-certs>
248 explicitly-trusted-server-certs\
249
250
251
252 30
253 3
254
255
256
257 HTTP/1.1
258
259
260 bob
261 secret
262
264
265
266
267
268
269 corp-fw2.example.com
270
271
272 corp-fw2.example.com
273
274 15
275 3
276 30
277
278
279
280
281
282
283 ct:rsa2048
285 base64encodedvalue==
286 base64encodedvalue==
287 base64encodedvalue==
288
289
290
291
292 explicitly-trusted-server-ca-certs<\
293 /pinned-ca-certs>
294 explicitly-trusted-server-certs\
295
296
297
298 30
299 3
300
301
302
303 HTTP/1.1
304
305
306 bob
307 secret
308
309
310
311
313
314
315
316
317
318
319
321
322
323
324 Intranet-facing listener
325
326
327 11.22.33.44
328
329
330
331
332
333 ct:rsa2048
335 base64encodedvalue==
336 base64encodedvalue==
337 base64encodedvalue==
338
339
340
341
342 explicitly-trusted-server-ca-certs
344 explicitly-trusted-server-certs
346
347
348
349 HTTP/1.1
350
351
352 bob
353 secret
354
355
356
357
358
359
360
362 2.3. YANG Module
364 This YANG module has normative references to [RFC6991], [RFC8040],
365 and [RFC8071], [I-D.kwatsen-netconf-tcp-client-server],
366 [I-D.ietf-netconf-tls-client-server], and
367 [I-D.kwatsen-netconf-http-client-server].
369 file "ietf-restconf-client@2019-04-07.yang"
370 module ietf-restconf-client {
371 yang-version 1.1;
372 namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-client";
373 prefix rcc;
375 import ietf-yang-types {
376 prefix yang;
377 reference
378 "RFC 6991: Common YANG Data Types";
379 }
381 import ietf-tcp-client {
382 prefix tcpc;
383 reference
384 "RFC AAAA: YANG Groupings for TCP Clients and TCP Servers";
385 }
387 import ietf-tcp-server {
388 prefix tcps;
389 reference
390 "RFC AAAA: YANG Groupings for TCP Clients and TCP Servers";
391 }
393 import ietf-tls-client {
394 prefix tlsc;
395 reference
396 "RFC BBBB: YANG Groupings for TLS Clients and TLS Servers";
397 }
399 import ietf-http-client {
400 prefix httpc;
401 reference
402 "RFC CCCC: YANG Groupings for HTTP Clients and HTTP Servers";
403 }
405 organization
406 "IETF NETCONF (Network Configuration) Working Group";
408 contact
409 "WG Web:
410 WG List:
411 Author: Kent Watsen
412 Author: Gary Wu ";
414 description
415 "This module contains a collection of YANG definitions
416 for configuring RESTCONF clients.
418 Copyright (c) 2019 IETF Trust and the persons identified
419 as authors of the code. All rights reserved.
421 Redistribution and use in source and binary forms, with
422 or without modification, is permitted pursuant to, and
423 subject to the license terms contained in, the Simplified
424 BSD License set forth in Section 4.c of the IETF Trust's
425 Legal Provisions Relating to IETF Documents
426 (https://trustee.ietf.org/license-info).
428 This version of this YANG module is part of RFC XXXX
429 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
430 itself for full legal notices.;
432 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
433 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
434 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
435 are to be interpreted as described in BCP 14 (RFC 2119)
436 (RFC 8174) when, and only when, they appear in all
437 capitals, as shown here.";
439 revision 2019-04-07 {
440 description
441 "Initial version";
442 reference
443 "RFC XXXX: RESTCONF Client and Server Models";
444 }
446 // Features
448 feature initiate {
449 description
450 "The 'initiate' feature indicates that the RESTCONF client
451 supports initiating RESTCONF connections to RESTCONF servers
452 using at least one transport (e.g., HTTPS, etc.).";
453 }
455 feature https-initiate {
456 if-feature "initiate";
457 description
458 "The 'https-initiate' feature indicates that the RESTCONF
459 client supports initiating HTTPS connections to RESTCONF
460 servers. This feature exists as HTTPS might not be a
461 mandatory to implement transport in the future.";
462 reference
463 "RFC 8040: RESTCONF Protocol";
464 }
466 feature listen {
467 description
468 "The 'listen' feature indicates that the RESTCONF client
469 supports opening a port to accept RESTCONF server call
470 home connections using at least one transport (e.g.,
471 HTTPS, etc.).";
472 }
474 feature https-listen {
475 if-feature "listen";
476 description
477 "The 'https-listen' feature indicates that the RESTCONF client
478 supports opening a port to listen for incoming RESTCONF
479 server call-home connections. This feature exists as not
480 all RESTCONF clients may support RESTCONF call home.";
481 reference
482 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
483 }
485 // Groupings
487 grouping restconf-client-grouping {
488 description
489 "Top-level grouping for RESTCONF client configuration.";
490 container initiate {
491 if-feature "initiate";
492 presence "Enables client to initiate TCP connections";
493 description
494 "Configures client initiating underlying TCP connections.";
495 list restconf-server {
496 key "name";
497 min-elements 1;
498 description
499 "List of RESTCONF servers the RESTCONF client is to
500 initiate connections to in parallel.";
501 leaf name {
502 type string;
503 description
504 "An arbitrary name for the RESTCONF server.";
505 }
506 container endpoints {
507 description
508 "Container for the list of endpoints.";
509 list endpoint {
510 key "name";
511 min-elements 1;
512 ordered-by user;
513 description
514 "A non-empty user-ordered list of endpoints for this
515 RESTCONF client to try to connect to in sequence.
516 Defining more than one enables high-availability.";
517 leaf name {
518 type string;
519 description
520 "An arbitrary name for this endpoint.";
521 }
522 choice transport {
523 mandatory true;
524 description
525 "Selects between available transports. This is a
526 'choice' statement so as to support additional
527 transport options to be augmented in.";
528 case https {
529 if-feature "https-initiate";
530 container https {
531 description
532 "Specifies HTTPS-specific transport
533 configuration.";
534 uses tcpc:tcp-client-grouping {
535 refine "tcp-client-parameters/remote-port" {
536 default "443";
537 description
538 "The RESTCONF client will attempt to
539 connect to the IANA-assigned well-known
540 port value for 'https' (443) if no value
541 is specified.";
542 }
543 }
544 uses tlsc:tls-client-grouping {
545 refine "tls-client-parameters/client-identity"
546 + "/auth-type" {
547 mandatory true;
548 description
549 "RESTCONF clients MUST pass some
550 authentication credentials.";
551 }
552 }
553 uses httpc:http-client-grouping;
555 }
556 } // https
557 } // transport
558 } // endpoint
559 } // endpoints
560 container connection-type {
561 description
562 "Indicates the RESTCONF client's preference for how
563 the RESTCONF connection is maintained.";
564 choice connection-type {
565 mandatory true;
566 description
567 "Selects between available connection types.";
568 case persistent-connection {
569 container persistent {
570 presence "Indicates that a persistent connection
571 is to be maintained.";
572 description
573 "Maintain a persistent connection to the
574 RESTCONF server. If the connection goes down,
575 immediately start trying to reconnect to it,
576 using the reconnection strategy. This
577 connection type minimizes any RESTCONF server
578 to RESTCONF client data-transfer delay, albeit
579 at the expense of holding resources longer.";
580 }
581 }
582 case periodic-connection {
583 container periodic {
584 must 'not (../../endpoints/endpoint/https/'
585 + 'tcp-client-parameters/keepalives '
586 + 'or ../../endpoints/endpoint/https/'
587 + 'tls-client-parameters/keepalives)';
588 presence "Indicates that a periodic connection is
589 to be maintained.";
590 description
591 "Periodically connect to the RESTCONF server.
592 The RESTCONF server should close the
593 underlying TCP connection upon completing
594 planned activities.
596 This connection type increases resource
597 utilization, albeit with increased delay in
598 RESTCONF server to RESTCONF client
599 interactions.";
600 leaf period {
601 type uint16;
602 units "minutes";
603 default "60";
604 description
605 "Duration of time between periodic
606 connections.";
607 }
608 leaf anchor-time {
609 type yang:date-and-time {
610 // constrained to minute-level granularity
611 pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}'
612 + '(Z|[\+\-]\d{2}:\d{2})';
613 }
614 description
615 "Designates a timestamp before or after which
616 a series of periodic connections are
617 determined. The periodic connections occur
618 at a whole multiple interval from the anchor
619 time. For example, for an anchor time is 15
620 minutes past midnight and a period interval
621 of 24 hours, then a periodic connection will
622 occur 15 minutes past midnight everyday.";
623 }
624 leaf idle-timeout {
625 type uint16;
626 units "seconds";
627 default 120; // two minutes
628 description
629 "Specifies the maximum number of seconds
630 that the underlying TCP session may remain
631 idle. A TCP session will be dropped if it
632 is idle for an interval longer than this
633 number of seconds If set to zero, then the
634 RESTCONF client will never drop a session
635 because it is idle.";
636 }
637 }
638 } // periodic-connection
639 } // connection-type
640 } // connection-type
641 container reconnect-strategy {
642 description
643 "The reconnection strategy directs how a RESTCONF
644 client reconnects to a RESTCONF server, after
645 discovering its connection to the server has
646 dropped, even if due to a reboot. The RESTCONF
647 client starts with the specified endpoint and
648 tries to connect to it max-attempts times before
649 trying the next endpoint in the list (round
650 robin).";
652 leaf start-with {
653 type enumeration {
654 enum first-listed {
655 description
656 "Indicates that reconnections should start
657 with the first endpoint listed.";
658 }
659 enum last-connected {
660 description
661 "Indicates that reconnections should start
662 with the endpoint last connected to. If
663 no previous connection has ever been
664 established, then the first endpoint
665 configured is used. RESTCONF clients
666 SHOULD be able to remember the last
667 endpoint connected to across reboots.";
668 }
669 enum random-selection {
670 description
671 "Indicates that reconnections should start with
672 a random endpoint.";
673 }
674 }
675 default "first-listed";
676 description
677 "Specifies which of the RESTCONF server's
678 endpoints the RESTCONF client should start
679 with when trying to connect to the RESTCONF
680 server.";
681 }
682 leaf max-attempts {
683 type uint8 {
684 range "1..max";
685 }
686 default "3";
687 description
688 "Specifies the number times the RESTCONF client
689 tries to connect to a specific endpoint before
690 moving on to the next endpoint in the list
691 (round robin).";
692 }
693 } // reconnect-strategy
694 } // restconf-server
695 } // initiate
697 container listen {
698 if-feature "listen";
699 presence "Enables client to accept call-home connections";
700 description
701 "Configures client accepting call-home TCP connections.";
702 leaf idle-timeout {
703 type uint16;
704 units "seconds";
705 default 3600; // one hour
706 description
707 "Specifies the maximum number of seconds that an
708 underlying TCP session may remain idle. A TCP session
709 will be dropped if it is idle for an interval longer
710 then this number of seconds. If set to zero, then
711 the server will never drop a session because it is
712 idle. Sessions that have a notification subscription
713 active are never dropped.";
714 }
715 list endpoint {
716 key "name";
717 min-elements 1;
718 description
719 "List of endpoints to listen for RESTCONF connections.";
720 leaf name {
721 type string;
722 description
723 "An arbitrary name for the RESTCONF listen endpoint.";
724 }
725 choice transport {
726 mandatory true;
727 description
728 "Selects between available transports. This is a
729 'choice' statement so as to support additional
730 transport options to be augmented in.";
731 case https {
732 if-feature "https-listen";
733 container https {
734 description
735 "HTTPS-specific listening configuration for inbound
736 connections.";
737 uses tcps:tcp-server-grouping {
738 refine "tcp-server-parameters/local-port" {
739 default "4336";
740 description
741 "The RESTCONF client will listen on the IANA-
742 assigned well-known port for 'restconf-ch-tls'
743 (4336) if no value is specified.";
744 }
745 }
746 uses tlsc:tls-client-grouping {
747 refine
748 "tls-client-parameters/client-identity/auth-type" {
749 mandatory true;
750 description
751 "RESTCONF clients MUST pass some authentication
752 credentials.";
753 }
754 }
755 uses httpc:http-client-grouping;
756 }
757 } // case https
758 } // transport
759 } // endpoint
760 } // listen
761 } // restconf-client
763 // Protocol accessible node, for servers that implement this
764 // module.
766 container restconf-client {
767 uses restconf-client-grouping;
768 description
769 "Top-level container for RESTCONF client configuration.";
770 }
771 }
772
774 3. The RESTCONF Server Model
776 The RESTCONF server model presented in this section supports both
777 listening for connections as well as initiating call-home
778 connections.
780 YANG feature statements are used to enable implementations to
781 advertise which potentially uncommon parts of the model the RESTCONF
782 server supports.
784 3.1. Tree Diagram
786 The following tree diagram [RFC8340] provides an overview of the data
787 model for the "ietf-restconf-server" module.
789 This tree diagram only shows the nodes defined in this module; it
790 does show the nodes defined by "grouping" statements used by this
791 module.
793 Please see Appendix A.2 for a tree diagram that illustrates what the
794 module looks like with all the "grouping" statements expanded.
796 module: ietf-restconf-server
797 +--rw restconf-server
798 +---u restconf-server-grouping
800 grouping restconf-server-grouping
801 +-- listen! {listen}?
802 | +-- endpoint* [name]
803 | +-- name? string
804 | +-- (transport)
805 | +--:(https) {https-listen}?
806 | +-- https
807 | +---u restconf-server-grouping
808 +-- call-home! {call-home}?
809 +-- restconf-client* [name]
810 +-- name? string
811 +-- endpoints
812 | +-- endpoint* [name]
813 | +-- name? string
814 | +-- (transport)
815 | +--:(https) {https-call-home}?
816 | +-- https
817 | +---u restconf-server-grouping
818 +-- connection-type
819 | +-- (connection-type)
820 | +--:(persistent-connection)
821 | | +-- persistent!
822 | +--:(periodic-connection)
823 | +-- periodic!
824 | +-- period? uint16
825 | +-- anchor-time? yang:date-and-time
826 | +-- idle-timeout? uint16
827 +-- reconnect-strategy
828 +-- start-with? enumeration
829 +-- max-attempts? uint8
831 3.2. Example Usage
833 The following example illustrates configuring a RESTCONF server to
834 listen for RESTCONF client connections, as well as configuring call-
835 home to one RESTCONF client.
837 This example is consistent with the examples presented in Section 2
838 of [I-D.ietf-netconf-trust-anchors] and Section 3.2 of
839 [I-D.ietf-netconf-keystore].
841 =========== NOTE: '\' line wrapping per BCP XX (RFC XXXX) ===========
843
847
848
849
850 netconf/tls
851
852
853 11.22.33.44
854
855
856
857
858 ct:rsa2048
860 base64encodedvalue==
861 base64encodedvalue==
862 base64encodedvalue==
863
864
865
866 explicitly-trusted-client-ca-certs
868 explicitly-trusted-client-certs
870
871
872 1
873 11:0A:05:11:00
874 x509c2n:san-any
875
876
877 2
878 B3:4F:A1:8C:54
879 x509c2n:specified
880 scooby-doo
881
882
883
884
885
886 foo.example.com
887
888 HTTP/1.1
889 HTTP/2.0
890
891
893
894
895
897
898
899
900 config-manager
901
902
903 east-data-center
904
905
906 east.example.com
907
908
909
910
911 ct:rsa2048
913 base64encodedvalue==
914 base64encodedvalue==
915 base64encodedvalue==
916
917
918
919 explicitly-trusted-client-ca-certs<\
920 /pinned-ca-certs>
921 explicitly-trusted-client-certs\
922
923
924
925 1
926 11:0A:05:11:00
927 x509c2n:san-any
928
929
930 2
931 B3:4F:A1:8C:54
932 x509c2n:specified
933 scooby-doo
934
935
936
937
938
939 foo.example.com
940
941 HTTP/1.1
942 HTTP/2.0
943
944
945
946
947
948 west-data-center
949
950
951 west.example.com
952
953
954
955
956 ct:rsa2048
958 base64encodedvalue==
959 base64encodedvalue==
960 base64encodedvalue==
961
962
963
964 explicitly-trusted-client-ca-certs<\
965 /pinned-ca-certs>
966 explicitly-trusted-client-certs\
967
968
969
970 1
971 11:0A:05:11:00
972 x509c2n:san-any
973
974
975 2
976 B3:4F:A1:8C:54
977 x509c2n:specified
978 scooby-doo
979
980
981
982
983
984 foo.example.com
985
986 HTTP/1.1
987 HTTP/2.0
988
990
991
992
993
994
995
996 300
997 60
998
999
1000
1001 last-connected
1002 3
1003
1004
1005
1006
1008 3.3. YANG Module
1010 This YANG module has normative references to [RFC6991], [RFC7407],
1011 [RFC8040], [RFC8071], [I-D.kwatsen-netconf-tcp-client-server],
1012 [I-D.ietf-netconf-tls-client-server], and
1013 [I-D.kwatsen-netconf-http-client-server].
1015 file "ietf-restconf-server@2019-04-07.yang"
1016 module ietf-restconf-server {
1017 yang-version 1.1;
1018 namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-server";
1019 prefix rcs;
1021 import ietf-yang-types {
1022 prefix yang;
1023 reference
1024 "RFC 6991: Common YANG Data Types";
1025 }
1027 import ietf-x509-cert-to-name {
1028 prefix x509c2n;
1029 reference
1030 "RFC 7407: A YANG Data Model for SNMP Configuration";
1031 }
1033 import ietf-tcp-client {
1034 prefix tcpc;
1035 reference
1036 "RFC AAAA: YANG Groupings for TCP Clients and TCP Servers";
1037 }
1038 import ietf-tcp-server {
1039 prefix tcps;
1040 reference
1041 "RFC AAAA: YANG Groupings for TCP Clients and TCP Servers";
1042 }
1044 import ietf-tls-server {
1045 prefix tlss;
1046 reference
1047 "RFC BBBB: YANG Groupings for TLS Clients and TLS Servers";
1048 }
1050 import ietf-http-server {
1051 prefix https;
1052 reference
1053 "RFC CCCC: YANG Groupings for HTTP Clients and HTTP Servers";
1054 }
1056 organization
1057 "IETF NETCONF (Network Configuration) Working Group";
1059 contact
1060 "WG Web:
1061 WG List:
1062 Author: Kent Watsen
1063 Author: Gary Wu
1064 Author: Juergen Schoenwaelder
1065 ";
1067 description
1068 "This module contains a collection of YANG definitions
1069 for configuring RESTCONF servers.
1071 Copyright (c) 2019 IETF Trust and the persons identified
1072 as authors of the code. All rights reserved.
1074 Redistribution and use in source and binary forms, with
1075 or without modification, is permitted pursuant to, and
1076 subject to the license terms contained in, the Simplified
1077 BSD License set forth in Section 4.c of the IETF Trust's
1078 Legal Provisions Relating to IETF Documents
1079 (https://trustee.ietf.org/license-info).
1081 This version of this YANG module is part of RFC XXXX
1082 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
1083 itself for full legal notices.;
1085 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
1086 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
1087 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
1088 are to be interpreted as described in BCP 14 (RFC 2119)
1089 (RFC 8174) when, and only when, they appear in all
1090 capitals, as shown here.";
1092 revision 2019-04-07 {
1093 description
1094 "Initial version";
1095 reference
1096 "RFC XXXX: RESTCONF Client and Server Models";
1097 }
1099 // Features
1101 feature listen {
1102 description
1103 "The 'listen' feature indicates that the RESTCONF server
1104 supports opening a port to accept RESTCONF client connections
1105 using at least one transport (e.g., HTTPS, etc.).";
1106 }
1108 feature https-listen {
1109 if-feature "listen";
1110 description
1111 "The 'https-listen' feature indicates that the RESTCONF server
1112 supports opening a port to listen for incoming RESTCONF
1113 client connections. This feature exists as HTTPS might not
1114 be a mandatory to implement transport in the future.";
1115 reference
1116 "RFC 8040: RESTCONF Protocol";
1117 }
1119 feature call-home {
1120 description
1121 "The 'call-home' feature indicates that the RESTCONF
1122 server supports initiating RESTCONF call home connections
1123 to RESTCONF clients using at least one transport (e.g.,
1124 HTTPS, etc.).";
1125 reference
1126 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
1127 }
1129 feature https-call-home {
1130 if-feature "call-home";
1131 description
1132 "The 'https-call-home' feature indicates that the RESTCONF
1133 server supports initiating connections to RESTCONF clients.
1135 This feature exists as not all RESTCONF servers may
1136 support RESTCONF call home.";
1137 reference
1138 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
1139 }
1141 // Groupings
1143 grouping restconf-server-grouping {
1144 description
1145 "Top-level grouping for RESTCONF server configuration.";
1146 container listen {
1147 if-feature "listen";
1148 presence "Enables server to listen for TCP connections";
1149 description "Configures listen behavior";
1150 list endpoint {
1151 key "name";
1152 min-elements 1;
1153 description
1154 "List of endpoints to listen for RESTCONF connections.";
1155 leaf name {
1156 type string;
1157 description
1158 "An arbitrary name for the RESTCONF listen endpoint.";
1159 }
1160 choice transport {
1161 mandatory true;
1162 description
1163 "Selects between available transports. This is a
1164 'choice' statement so as to support additional
1165 transport options to be augmented in.";
1166 case https {
1167 if-feature "https-listen";
1168 container https {
1169 description
1170 "HTTPS-specific listening configuration for inbound
1171 connections.";
1172 uses tcps:tcp-server-grouping {
1173 refine "tcp-server-parameters/local-port" {
1174 default "443";
1175 description
1176 "The RESTCONF server will listen on the IANA-
1177 assigned well-known port value for 'https'
1178 (443) if no value is specified.";
1179 }
1180 }
1181 uses tlss:tls-server-grouping {
1182 refine
1183 "tls-server-parameters/client-authentication" {
1184 must 'pinned-ca-certs or pinned-client-certs';
1185 description
1186 "RESTCONF servers MUST be able to validate
1187 clients.";
1188 }
1189 augment
1190 "tls-server-parameters/client-authentication" {
1191 description
1192 "Augments in the cert-to-name structure,
1193 so the RESTCONF server can map TLS-layer
1194 client certificates to RESTCONF usernames.";
1195 container cert-maps {
1196 uses x509c2n:cert-to-name;
1197 description
1198 "The cert-maps container is used by a TLS-
1199 based RESTCONF server to map the RESTCONF
1200 client's presented X.509 certificate to
1201 a RESTCONF username. If no matching and
1202 valid cert-to-name list entry can be found,
1203 then the RESTCONF server MUST close the
1204 connection, and MUST NOT accept RESTCONF
1205 messages over it.";
1206 reference
1207 "RFC 7407: A YANG Data Model for SNMP
1208 Configuration.";
1209 }
1210 }
1211 }
1212 uses https:http-server-grouping;
1213 } // https container
1214 } // tls case
1215 } // transport
1216 } // endpoint
1217 } // listen
1219 container call-home {
1220 if-feature "call-home";
1221 presence "Enables server to initiate TCP connections";
1222 description "Configures call-home behavior";
1223 list restconf-client {
1224 key "name";
1225 min-elements 1;
1226 description
1227 "List of RESTCONF clients the RESTCONF server is to
1228 initiate call-home connections to in parallel.";
1229 leaf name {
1230 type string;
1231 description
1232 "An arbitrary name for the remote RESTCONF client.";
1233 }
1234 container endpoints {
1235 description
1236 "Container for the list of endpoints.";
1237 list endpoint {
1238 key "name";
1239 min-elements 1;
1240 ordered-by user;
1241 description
1242 "User-ordered list of endpoints for this RESTCONF
1243 client. Defining more than one enables high-
1244 availability.";
1245 leaf name {
1246 type string;
1247 description
1248 "An arbitrary name for this endpoint.";
1249 }
1250 choice transport {
1251 mandatory true;
1252 description
1253 "Selects between available transports. This is a
1254 'choice' statement so as to support additional
1255 transport options to be augmented in.";
1256 case https {
1257 if-feature "https-call-home";
1258 container https {
1259 description
1260 "Specifies HTTPS-specific call-home transport
1261 configuration.";
1262 uses tcpc:tcp-client-grouping {
1263 refine "tcp-client-parameters/remote-port" {
1264 default "4336";
1265 description
1266 "The RESTCONF server will attempt to connect
1267 to the IANA-assigned well-known port for
1268 'restconf-ch-tls' (4336) if no value is
1269 specified.";
1270 }
1271 }
1272 uses tlss:tls-server-grouping {
1273 refine
1274 "tls-server-parameters/client-authentication" {
1275 must 'pinned-ca-certs or pinned-client-certs';
1276 description
1277 "RESTCONF servers MUST be able to validate
1278 clients.";
1280 }
1281 augment
1282 "tls-server-parameters/client-authentication" {
1283 description
1284 "Augments in the cert-to-name structure,
1285 so the RESTCONF server can map TLS-layer
1286 client certificates to RESTCONF usernames.";
1287 container cert-maps {
1288 uses x509c2n:cert-to-name;
1289 description
1290 "The cert-maps container is used by a
1291 TLS-based RESTCONF server to map the
1292 RESTCONF client's presented X.509
1293 certificate to a RESTCONF username. If
1294 no matching and valid cert-to-name list
1295 entry can be found, then the RESTCONF
1296 server MUST close the connection, and
1297 MUST NOT accept RESTCONF messages over
1298 it.";
1299 reference
1300 "RFC 7407: A YANG Data Model for SNMP
1301 Configuration.";
1302 }
1303 }
1304 }
1305 uses https:http-server-grouping;
1306 }
1307 }
1308 } // transport
1309 } // endpoint
1310 } // endpoints
1311 container connection-type {
1312 description
1313 "Indicates the RESTCONF server's preference for how the
1314 RESTCONF connection is maintained.";
1315 choice connection-type {
1316 mandatory true;
1317 description
1318 "Selects between available connection types.";
1319 case persistent-connection {
1320 container persistent {
1321 presence "Indicates that a persistent connection is
1322 to be maintained.";
1323 description
1324 "Maintain a persistent connection to the RESTCONF
1325 client. If the connection goes down, immediately
1326 start trying to reconnect to it, using the
1327 reconnection strategy.
1329 This connection type minimizes any RESTCONF
1330 client to RESTCONF server data-transfer delay,
1331 albeit at the expense of holding resources
1332 longer.";
1333 }
1334 }
1335 case periodic-connection {
1336 container periodic {
1337 must 'not (../../endpoints/endpoint/https/'
1338 + 'tcp-client-parameters/keepalives '
1339 + 'or ../../endpoints/endpoint/https/'
1340 + 'tls-server-parameters/keepalives)';
1341 presence "Indicates that a periodic connection is
1342 to be maintained.";
1343 description
1344 "Periodically connect to the RESTCONF client. The
1345 RESTCONF client should close the underlying TCP
1346 connection upon completing planned activities.
1348 This connection type increases resource
1349 utilization, albeit with increased delay in
1350 RESTCONF client to RESTCONF client interactions.";
1351 leaf period {
1352 type uint16;
1353 units "minutes";
1354 default "60";
1355 description
1356 "Duration of time between periodic connections.";
1357 }
1358 leaf anchor-time {
1359 type yang:date-and-time {
1360 // constrained to minute-level granularity
1361 pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}'
1362 + '(Z|[\+\-]\d{2}:\d{2})';
1363 }
1364 description
1365 "Designates a timestamp before or after which a
1366 series of periodic connections are determined.
1367 The periodic connections occur at a whole
1368 multiple interval from the anchor time. For
1369 example, for an anchor time is 15 minutes past
1370 midnight and a period interval of 24 hours, then
1371 a periodic connection will occur 15 minutes past
1372 midnight everyday.";
1373 }
1374 leaf idle-timeout {
1375 type uint16;
1376 units "seconds";
1377 default 120; // two minutes
1378 description
1379 "Specifies the maximum number of seconds that
1380 the underlying TCP session may remain idle.
1381 A TCP session will be dropped if it is idle
1382 for an interval longer than this number of
1383 seconds. If set to zero, then the server
1384 will never drop a session because it is idle.";
1385 }
1386 }
1387 }
1388 }
1389 }
1390 container reconnect-strategy {
1391 description
1392 "The reconnection strategy directs how a RESTCONF server
1393 reconnects to a RESTCONF client after discovering its
1394 connection to the client has dropped, even if due to a
1395 reboot. The RESTCONF server starts with the specified
1396 endpoint and tries to connect to it max-attempts times
1397 before trying the next endpoint in the list (round
1398 robin).";
1399 leaf start-with {
1400 type enumeration {
1401 enum first-listed {
1402 description
1403 "Indicates that reconnections should start with
1404 the first endpoint listed.";
1405 }
1406 enum last-connected {
1407 description
1408 "Indicates that reconnections should start with
1409 the endpoint last connected to. If no previous
1410 connection has ever been established, then the
1411 first endpoint configured is used. RESTCONF
1412 servers SHOULD be able to remember the last
1413 endpoint connected to across reboots.";
1414 }
1415 enum random-selection {
1416 description
1417 "Indicates that reconnections should start with
1418 a random endpoint.";
1419 }
1420 }
1421 default "first-listed";
1422 description
1423 "Specifies which of the RESTCONF client's endpoints
1424 the RESTCONF server should start with when trying
1425 to connect to the RESTCONF client.";
1426 }
1427 leaf max-attempts {
1428 type uint8 {
1429 range "1..max";
1430 }
1431 default "3";
1432 description
1433 "Specifies the number times the RESTCONF server tries
1434 to connect to a specific endpoint before moving on to
1435 the next endpoint in the list (round robin).";
1436 }
1437 }
1438 } // restconf-client
1439 } // call-home
1440 } // restconf-server-grouping
1442 // Protocol accessible node, for servers that implement this
1443 // module.
1445 container restconf-server {
1446 uses restconf-server-grouping;
1447 description
1448 "Top-level container for RESTCONF server configuration.";
1449 }
1450 }
1451
1453 4. Security Considerations
1455 The YANG module defined in this document uses groupings defined in
1456 [I-D.kwatsen-netconf-tcp-client-server],
1457 [I-D.ietf-netconf-tls-client-server], and
1458 [I-D.kwatsen-netconf-http-client-server]. Please see the Security
1459 Considerations section in those documents for concerns related those
1460 groupings.
1462 The YANG modules defined in this document are designed to be accessed
1463 via YANG based management protocols, such as NETCONF [RFC6241] and
1464 RESTCONF [RFC8040]. Both of these protocols have mandatory-to-
1465 implement secure transport layers (e.g., SSH, TLS) with mutual
1466 authentication.
1468 The NETCONF access control model (NACM) [RFC8341] provides the means
1469 to restrict access for particular users to a pre-configured subset of
1470 all available protocol operations and content.
1472 There are a number of data nodes defined in the YANG modules that are
1473 writable/creatable/deletable (i.e., config true, which is the
1474 default). Some of these data nodes may be considered sensitive or
1475 vulnerable in some network environments. Write operations (e.g.,
1476 edit-config) to these data nodes without proper protection can have a
1477 negative effect on network operations. These are the subtrees and
1478 data nodes and their sensitivity/vulnerability:
1480 None of the subtrees or data nodes in the modules defined in this
1481 document need to be protected from write operations.
1483 Some of the readable data nodes in the YANG modules may be considered
1484 sensitive or vulnerable in some network environments. It is thus
1485 important to control read access (e.g., via get, get-config, or
1486 notification) to these data nodes. These are the subtrees and data
1487 nodes and their sensitivity/vulnerability:
1489 None of the subtrees or data nodes in the modules defined in this
1490 document need to be protected from read operations.
1492 Some of the RPC operations in the YANG modules may be considered
1493 sensitive or vulnerable in some network environments. It is thus
1494 important to control access to these operations. These are the
1495 operations and their sensitivity/vulnerability:
1497 The modules defined in this document do not define any 'RPC' or
1498 'action' statements.
1500 5. IANA Considerations
1502 5.1. The IETF XML Registry
1504 This document registers two URIs in the "ns" subregistry of the IETF
1505 XML Registry [RFC3688]. Following the format in [RFC3688], the
1506 following registrations are requested:
1508 URI: urn:ietf:params:xml:ns:yang:ietf-restconf-client
1509 Registrant Contact: The NETCONF WG of the IETF.
1510 XML: N/A, the requested URI is an XML namespace.
1512 URI: urn:ietf:params:xml:ns:yang:ietf-restconf-server
1513 Registrant Contact: The NETCONF WG of the IETF.
1514 XML: N/A, the requested URI is an XML namespace.
1516 5.2. The YANG Module Names Registry
1518 This document registers two YANG modules in the YANG Module Names
1519 registry [RFC6020]. Following the format in [RFC6020], the the
1520 following registrations are requested:
1522 name: ietf-restconf-client
1523 namespace: urn:ietf:params:xml:ns:yang:ietf-restconf-client
1524 prefix: ncc
1525 reference: RFC XXXX
1527 name: ietf-restconf-server
1528 namespace: urn:ietf:params:xml:ns:yang:ietf-restconf-server
1529 prefix: ncs
1530 reference: RFC XXXX
1532 6. References
1534 6.1. Normative References
1536 [I-D.ietf-netconf-keystore]
1537 Watsen, K., "YANG Data Model for a Centralized Keystore
1538 Mechanism", draft-ietf-netconf-keystore-08 (work in
1539 progress), March 2019.
1541 [I-D.ietf-netconf-tls-client-server]
1542 Watsen, K., Wu, G., and L. Xia, "YANG Groupings for TLS
1543 Clients and TLS Servers", draft-ietf-netconf-tls-client-
1544 server-10 (work in progress), March 2019.
1546 [I-D.kwatsen-netconf-http-client-server]
1547 Watsen, K., "YANG Groupings for HTTP Clients and HTTP
1548 Servers", draft-kwatsen-netconf-http-client-server-00
1549 (work in progress), March 2019.
1551 [I-D.kwatsen-netconf-tcp-client-server]
1552 Watsen, K., "YANG Groupings for TCP Clients and TCP
1553 Servers", draft-kwatsen-netconf-tcp-client-server-00 (work
1554 in progress), March 2019.
1556 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1557 Requirement Levels", BCP 14, RFC 2119,
1558 DOI 10.17487/RFC2119, March 1997,
1559 .
1561 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
1562 the Network Configuration Protocol (NETCONF)", RFC 6020,
1563 DOI 10.17487/RFC6020, October 2010,
1564 .
1566 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
1567 RFC 6991, DOI 10.17487/RFC6991, July 2013,
1568 .
1570 [RFC7407] Bjorklund, M. and J. Schoenwaelder, "A YANG Data Model for
1571 SNMP Configuration", RFC 7407, DOI 10.17487/RFC7407,
1572 December 2014, .
1574 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
1575 RFC 7950, DOI 10.17487/RFC7950, August 2016,
1576 .
1578 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
1579 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
1580 .
1582 [RFC8071] Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
1583 RFC 8071, DOI 10.17487/RFC8071, February 2017,
1584 .
1586 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
1587 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
1588 May 2017, .
1590 6.2. Informative References
1592 [I-D.ietf-netconf-trust-anchors]
1593 Watsen, K., "YANG Data Model for Global Trust Anchors",
1594 draft-ietf-netconf-trust-anchors-03 (work in progress),
1595 March 2019.
1597 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1598 DOI 10.17487/RFC3688, January 2004,
1599 .
1601 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
1602 and A. Bierman, Ed., "Network Configuration Protocol
1603 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
1604 .
1606 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
1607 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
1608 .
1610 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
1611 Access Control Model", STD 91, RFC 8341,
1612 DOI 10.17487/RFC8341, March 2018,
1613 .
1615 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
1616 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
1617 .
1619 Appendix A. Expanded Tree Diagrams
1621 A.1. Expanded Tree Diagram for 'ietf-restconf-client'
1623 The following tree diagram [RFC8340] provides an overview of the data
1624 model for the "ietf-restconf-client" module.
1626 This tree diagram shows all the nodes defined in this module,
1627 including those defined by "grouping" statements used by this module.
1629 Please see Section 2.1 for a tree diagram that illustrates what the
1630 module looks like without all the "grouping" statements expanded.
1632 ========== NOTE: '\\' line wrapping per BCP XX (RFC XXXX) ===========
1634 module: ietf-restconf-client
1635 +--rw restconf-client
1636 +--rw initiate! {initiate}?
1637 | +--rw restconf-server* [name]
1638 | +--rw name string
1639 | +--rw endpoints
1640 | | +--rw endpoint* [name]
1641 | | +--rw name string
1642 | | +--rw (transport)
1643 | | +--:(https) {https-initiate}?
1644 | | +--rw https
1645 | | +--rw tcp-client-parameters
1646 | | | +--rw remote-address inet:host
1647 | | | +--rw remote-port? inet:port-number
1648 | | | +--rw local-address? inet:ip-address
1649 | | | +--rw local-port? inet:port-number
1650 | | | +--rw keepalives!
1651 | | | {tcp-client-keepalives}?
1652 | | | +--rw idle-time uint16
1653 | | | +--rw max-probes? uint16
1654 | | | +--rw probe-interval? uint16
1655 | | +--rw tls-client-parameters
1656 | | | +--rw client-identity
1657 | | | | +--rw (auth-type)
1658 | | | | +--:(certificate)
1659 | | | | +--rw certificate
1660 | | | | +--rw (local-or-keystore)
1661 | | | | +--:(local)
1662 | | | | | {local-keys-sup\
1663 \ported}?
1664 | | | | | +--rw local-definition
1665 | | | | | +--rw algorithm?
1666 | | | | | | asymmetric\
1668 \-key-algorithm-ref
1669 | | | | | +--rw public-key?
1670 | | | | | | binary
1671 | | | | | +--rw private-key?
1672 | | | | | | union
1673 | | | | | +---x generate-hid\
1674 \den-key
1675 | | | | | | +---w input
1676 | | | | | | +---w algori\
1677 \thm
1678 | | | | | | asym\
1679 \metric-key-algorithm-ref
1680 | | | | | +---x install-hidd\
1681 \en-key
1682 | | | | | | +---w input
1683 | | | | | | +---w algori\
1684 \thm
1685 | | | | | | | asym\
1686 \metric-key-algorithm-ref
1687 | | | | | | +---w public\
1688 \-key?
1689 | | | | | | | bina\
1690 \ry
1691 | | | | | | +---w privat\
1692 \e-key?
1693 | | | | | | bina\
1694 \ry
1695 | | | | | +--rw cert?
1696 | | | | | | end-entity\
1697 \-cert-cms
1698 | | | | | +---n certificate-\
1699 \expiration
1700 | | | | | +-- expiration-\
1701 \date
1702 | | | | | yang:da\
1703 \te-and-time
1704 | | | | +--:(keystore)
1705 | | | | {keystore-suppo\
1706 \rted}?
1707 | | | | +--rw keystore-refere\
1708 \nce?
1709 | | | | ks:asymmetric\
1710 \-key-certificate-ref
1711 | | | +--rw server-authentication
1712 | | | | +--rw pinned-ca-certs?
1713 | | | | | ta:pinned-certificates-ref
1714 | | | | | {ta:x509-certificates}?
1715 | | | | +--rw pinned-server-certs?
1716 | | | | ta:pinned-certificates-ref
1717 | | | | {ta:x509-certificates}?
1718 | | | +--rw hello-params
1719 | | | | {tls-client-hello-params-config\
1720 \}?
1721 | | | | +--rw tls-versions
1722 | | | | | +--rw tls-version* identityref
1723 | | | | +--rw cipher-suites
1724 | | | | +--rw cipher-suite* identityref
1725 | | | +--rw keepalives!
1726 | | | {tls-client-keepalives}?
1727 | | | +--rw max-wait? uint16
1728 | | | +--rw max-attempts? uint8
1729 | | +--rw http-client-parameters
1730 | | +--rw protocol-version? enumeration
1731 | | +--rw client-identity
1732 | | | +--rw (auth-type)?
1733 | | | +--:(basic)
1734 | | | | +--rw basic {basic-auth}?
1735 | | | | +--rw user-id? string
1736 | | | | +--rw password? string
1737 | | | +--:(bearer)
1738 | | | | +--rw bearer {bearer-auth}?
1739 | | | | +--rw token? string
1740 | | | +--:(digest)
1741 | | | | +--rw digest {digest-auth}?
1742 | | | | +--rw username? string
1743 | | | | +--rw password? string
1744 | | | +--:(hoba)
1745 | | | | +--rw hoba {hoba-auth}?
1746 | | | +--:(mutual)
1747 | | | | +--rw mutual {mutual-auth}?
1748 | | | +--:(negotiate)
1749 | | | | +--rw negotiate
1750 | | | | {negotiate-auth}?
1751 | | | +--:(oauth)
1752 | | | | +--rw oauth {oauth-auth}?
1753 | | | +--:(scram-sha-1)
1754 | | | | +--rw scram-sha-1
1755 | | | | {scram-sha-1-auth}?
1756 | | | +--:(scram-sha-256)
1757 | | | | +--rw scram-sha-256
1758 | | | | {scram-sha-256-auth}?
1759 | | | +--:(vapid)
1760 | | | +--rw vapid {vapid-auth}?
1761 | | +--rw proxy-server! {proxy-connect}?
1762 | | +--rw tcp-client-parameters
1763 | | | +--rw remote-address inet:host
1764 | | | +--rw remote-port?
1765 | | | | inet:port-number
1766 | | | +--rw local-address?
1767 | | | | inet:ip-address
1768 | | | +--rw local-port?
1769 | | | | inet:port-number
1770 | | | +--rw keepalives!
1771 | | | {tcp-client-keepalives}?
1772 | | | +--rw idle-time uint16
1773 | | | +--rw max-probes? uint16
1774 | | | +--rw probe-interval? uint16
1775 | | +--rw tls-client-parameters
1776 | | | +--rw client-identity
1777 | | | | +--rw (auth-type)?
1778 | | | | +--:(certificate)
1779 | | | | +--rw certificate
1780 | | | | +--rw (local-or-keyst\
1781 \ore)
1782 | | | | +--:(local)
1783 | | | | | {local-ke\
1784 \ys-supported}?
1785 | | | | | +--rw local-def\
1786 \inition
1787 | | | | | +--rw algori\
1788 \thm?
1789 | | | | | | asym\
1790 \metric-key-algorithm-ref
1791 | | | | | +--rw public\
1792 \-key?
1793 | | | | | | bina\
1794 \ry
1795 | | | | | +--rw privat\
1796 \e-key?
1797 | | | | | | union
1798 | | | | | +---x genera\
1799 \te-hidden-key
1800 | | | | | | +---w inp\
1801 \ut
1802 | | | | | | +---w \
1803 \algorithm
1804 | | | | | | \
1805 \ asymmetric-key-algorithm-ref
1806 | | | | | +---x instal\
1807 \l-hidden-key
1808 | | | | | | +---w inp\
1809 \ut
1810 | | | | | | +---w \
1811 \algorithm
1812 | | | | | | | \
1813 \ asymmetric-key-algorithm-ref
1814 | | | | | | +---w \
1815 \public-key?
1816 | | | | | | | \
1817 \ binary
1818 | | | | | | +---w \
1819 \private-key?
1820 | | | | | | \
1821 \ binary
1822 | | | | | +--rw cert?
1823 | | | | | | end-\
1824 \entity-cert-cms
1825 | | | | | +---n certif\
1826 \icate-expiration
1827 | | | | | +-- expir\
1828 \ation-date
1829 | | | | | y\
1830 \ang:date-and-time
1831 | | | | +--:(keystore)
1832 | | | | {keystore\
1833 \-supported}?
1834 | | | | +--rw keystore-\
1835 \reference?
1836 | | | | ks:asym\
1837 \metric-key-certificate-ref
1838 | | | +--rw server-authentication
1839 | | | | +--rw pinned-ca-certs?
1840 | | | | | ta:pinned-certificates\
1841 \-ref
1842 | | | | | {ta:x509-certificates}?
1843 | | | | +--rw pinned-server-certs?
1844 | | | | ta:pinned-certificates\
1845 \-ref
1846 | | | | {ta:x509-certificates}?
1847 | | | +--rw hello-params
1848 | | | | {tls-client-hello-params-\
1849 \config}?
1850 | | | | +--rw tls-versions
1851 | | | | | +--rw tls-version*
1852 | | | | | identityref
1853 | | | | +--rw cipher-suites
1854 | | | | +--rw cipher-suite*
1855 | | | | identityref
1856 | | | +--rw keepalives!
1857 | | | {tls-client-keepalives}?
1858 | | | +--rw max-wait? uint16
1859 | | | +--rw max-attempts? uint8
1860 | | +--rw proxy-client-identity
1861 | | +--rw user-id? string
1862 | | +--rw password? string
1863 | +--rw connection-type
1864 | | +--rw (connection-type)
1865 | | +--:(persistent-connection)
1866 | | | +--rw persistent!
1867 | | +--:(periodic-connection)
1868 | | +--rw periodic!
1869 | | +--rw period? uint16
1870 | | +--rw anchor-time? yang:date-and-time
1871 | | +--rw idle-timeout? uint16
1872 | +--rw reconnect-strategy
1873 | +--rw start-with? enumeration
1874 | +--rw max-attempts? uint8
1875 +--rw listen! {listen}?
1876 +--rw idle-timeout? uint16
1877 +--rw endpoint* [name]
1878 +--rw name string
1879 +--rw (transport)
1880 +--:(https) {https-listen}?
1881 +--rw https
1882 +--rw tcp-server-parameters
1883 | +--rw local-address inet:ip-address
1884 | +--rw local-port? inet:port-number
1885 | +--rw keepalives! {tcp-server-keepalives}?
1886 | +--rw idle-time uint16
1887 | +--rw max-probes? uint16
1888 | +--rw probe-interval? uint16
1889 +--rw tls-client-parameters
1890 | +--rw client-identity
1891 | | +--rw (auth-type)
1892 | | +--:(certificate)
1893 | | +--rw certificate
1894 | | +--rw (local-or-keystore)
1895 | | +--:(local)
1896 | | | {local-keys-supported\
1897 \}?
1898 | | | +--rw local-definition
1899 | | | +--rw algorithm?
1900 | | | | asymmetric-key-a\
1901 \lgorithm-ref
1902 | | | +--rw public-key?
1903 | | | | binary
1904 | | | +--rw private-key?
1905 | | | | union
1906 | | | +---x generate-hidden-key
1907 | | | | +---w input
1908 | | | | +---w algorithm
1909 | | | | asymmetric\
1910 \-key-algorithm-ref
1911 | | | +---x install-hidden-key
1912 | | | | +---w input
1913 | | | | +---w algorithm
1914 | | | | | asymmetric\
1915 \-key-algorithm-ref
1916 | | | | +---w public-key?
1917 | | | | | binary
1918 | | | | +---w private-key?
1919 | | | | binary
1920 | | | +--rw cert?
1921 | | | | end-entity-cert-\
1922 \cms
1923 | | | +---n certificate-expira\
1924 \tion
1925 | | | +-- expiration-date
1926 | | | yang:date-and\
1927 \-time
1928 | | +--:(keystore)
1929 | | {keystore-supported}?
1930 | | +--rw keystore-reference?
1931 | | ks:asymmetric-key-c\
1932 \ertificate-ref
1933 | +--rw server-authentication
1934 | | +--rw pinned-ca-certs?
1935 | | | ta:pinned-certificates-ref
1936 | | | {ta:x509-certificates}?
1937 | | +--rw pinned-server-certs?
1938 | | ta:pinned-certificates-ref
1939 | | {ta:x509-certificates}?
1940 | +--rw hello-params
1941 | | {tls-client-hello-params-config}?
1942 | | +--rw tls-versions
1943 | | | +--rw tls-version* identityref
1944 | | +--rw cipher-suites
1945 | | +--rw cipher-suite* identityref
1946 | +--rw keepalives! {tls-client-keepalives}?
1947 | +--rw max-wait? uint16
1948 | +--rw max-attempts? uint8
1949 +--rw http-client-parameters
1950 +--rw protocol-version? enumeration
1951 +--rw client-identity
1952 | +--rw (auth-type)?
1953 | +--:(basic)
1954 | | +--rw basic {basic-auth}?
1955 | | +--rw user-id? string
1956 | | +--rw password? string
1957 | +--:(bearer)
1958 | | +--rw bearer {bearer-auth}?
1959 | | +--rw token? string
1960 | +--:(digest)
1961 | | +--rw digest {digest-auth}?
1962 | | +--rw username? string
1963 | | +--rw password? string
1964 | +--:(hoba)
1965 | | +--rw hoba {hoba-auth}?
1966 | +--:(mutual)
1967 | | +--rw mutual {mutual-auth}?
1968 | +--:(negotiate)
1969 | | +--rw negotiate {negotiate-auth}?
1970 | +--:(oauth)
1971 | | +--rw oauth {oauth-auth}?
1972 | +--:(scram-sha-1)
1973 | | +--rw scram-sha-1 {scram-sha-1-auth}?
1974 | +--:(scram-sha-256)
1975 | | +--rw scram-sha-256
1976 | | {scram-sha-256-auth}?
1977 | +--:(vapid)
1978 | +--rw vapid {vapid-auth}?
1979 +--rw proxy-server! {proxy-connect}?
1980 +--rw tcp-client-parameters
1981 | +--rw remote-address inet:host
1982 | +--rw remote-port? inet:port-number
1983 | +--rw local-address? inet:ip-address
1984 | +--rw local-port? inet:port-number
1985 | +--rw keepalives!
1986 | {tcp-client-keepalives}?
1987 | +--rw idle-time uint16
1988 | +--rw max-probes? uint16
1989 | +--rw probe-interval? uint16
1990 +--rw tls-client-parameters
1991 | +--rw client-identity
1992 | | +--rw (auth-type)?
1993 | | +--:(certificate)
1994 | | +--rw certificate
1995 | | +--rw (local-or-keystore)
1996 | | +--:(local)
1997 | | | {local-keys-sup\
1998 \ported}?
1999 | | | +--rw local-definition
2000 | | | +--rw algorithm?
2001 | | | | asymmetric\
2002 \-key-algorithm-ref
2003 | | | +--rw public-key?
2004 | | | | binary
2005 | | | +--rw private-key?
2006 | | | | union
2007 | | | +---x generate-hid\
2008 \den-key
2009 | | | | +---w input
2010 | | | | +---w algori\
2011 \thm
2012 | | | | asym\
2013 \metric-key-algorithm-ref
2014 | | | +---x install-hidd\
2015 \en-key
2016 | | | | +---w input
2017 | | | | +---w algori\
2018 \thm
2019 | | | | | asym\
2020 \metric-key-algorithm-ref
2021 | | | | +---w public\
2022 \-key?
2023 | | | | | bina\
2024 \ry
2025 | | | | +---w privat\
2026 \e-key?
2027 | | | | bina\
2028 \ry
2029 | | | +--rw cert?
2030 | | | | end-entity\
2031 \-cert-cms
2032 | | | +---n certificate-\
2033 \expiration
2034 | | | +-- expiration-\
2035 \date
2036 | | | yang:da\
2037 \te-and-time
2038 | | +--:(keystore)
2039 | | {keystore-suppo\
2040 \rted}?
2041 | | +--rw keystore-refere\
2042 \nce?
2043 | | ks:asymmetric\
2044 \-key-certificate-ref
2045 | +--rw server-authentication
2046 | | +--rw pinned-ca-certs?
2047 | | | ta:pinned-certificates-ref
2048 | | | {ta:x509-certificates}?
2049 | | +--rw pinned-server-certs?
2050 | | ta:pinned-certificates-ref
2051 | | {ta:x509-certificates}?
2052 | +--rw hello-params
2053 | | {tls-client-hello-params-config\
2054 \}?
2055 | | +--rw tls-versions
2056 | | | +--rw tls-version* identityref
2057 | | +--rw cipher-suites
2058 | | +--rw cipher-suite* identityref
2059 | +--rw keepalives!
2060 | {tls-client-keepalives}?
2061 | +--rw max-wait? uint16
2062 | +--rw max-attempts? uint8
2063 +--rw proxy-client-identity
2064 +--rw user-id? string
2065 +--rw password? string
2067 A.2. Expanded Tree Diagram for 'ietf-restconf-server'
2069 The following tree diagram [RFC8340] provides an overview of the data
2070 model for the "ietf-restconf-server" module.
2072 This tree diagram shows all the nodes defined in this module,
2073 including those defined by "grouping" statements used by this module.
2075 Please see Section 3.1 for a tree diagram that illustrates what the
2076 module looks like without all the "grouping" statements expanded.
2078 =========== NOTE: '\' line wrapping per BCP XX (RFC XXXX) ===========
2080 module: ietf-restconf-server
2081 +--rw restconf-server
2082 +--rw listen! {listen}?
2083 | +--rw endpoint* [name]
2084 | +--rw name string
2085 | +--rw (transport)
2086 | +--:(https) {https-listen}?
2087 | +--rw https
2088 | +--rw tcp-server-parameters
2089 | | +--rw local-address inet:ip-address
2090 | | +--rw local-port? inet:port-number
2091 | | +--rw keepalives! {tcp-server-keepalives}?
2092 | | +--rw idle-time uint16
2093 | | +--rw max-probes? uint16
2094 | | +--rw probe-interval? uint16
2095 | +--rw tls-server-parameters
2096 | | +--rw server-identity
2097 | | | +--rw (local-or-keystore)
2098 | | | +--:(local) {local-keys-supported}?
2099 | | | | +--rw local-definition
2100 | | | | +--rw algorithm?
2101 | | | | | asymmetric-key-algorithm-\
2102 ref
2103 | | | | +--rw public-key?
2104 | | | | | binary
2105 | | | | +--rw private-key?
2106 | | | | | union
2107 | | | | +---x generate-hidden-key
2108 | | | | | +---w input
2109 | | | | | +---w algorithm
2110 | | | | | asymmetric-key-algo\
2111 rithm-ref
2112 | | | | +---x install-hidden-key
2113 | | | | | +---w input
2114 | | | | | +---w algorithm
2115 | | | | | | asymmetric-key-algo\
2116 rithm-ref
2117 | | | | | +---w public-key? binary
2118 | | | | | +---w private-key? binary
2119 | | | | +--rw cert?
2120 | | | | | end-entity-cert-cms
2121 | | | | +---n certificate-expiration
2122 | | | | +-- expiration-date
2123 | | | | yang:date-and-time
2124 | | | +--:(keystore) {keystore-supported}?
2125 | | | +--rw keystore-reference?
2126 | | | ks:asymmetric-key-certificat\
2127 e-ref
2128 | | +--rw client-authentication
2129 | | | +--rw pinned-ca-certs?
2130 | | | | ta:pinned-certificates-ref
2131 | | | | {ta:x509-certificates}?
2132 | | | +--rw pinned-client-certs?
2133 | | | | ta:pinned-certificates-ref
2134 | | | | {ta:x509-certificates}?
2135 | | | +--rw cert-maps
2136 | | | +--rw cert-to-name* [id]
2137 | | | +--rw id uint32
2138 | | | +--rw fingerprint
2139 | | | | x509c2n:tls-fingerprint
2140 | | | +--rw map-type identityref
2141 | | | +--rw name string
2142 | | +--rw hello-params
2143 | | | {tls-server-hello-params-config}?
2144 | | | +--rw tls-versions
2145 | | | | +--rw tls-version* identityref
2146 | | | +--rw cipher-suites
2147 | | | +--rw cipher-suite* identityref
2148 | | +--rw keepalives! {tls-server-keepalives}?
2149 | | +--rw max-wait? uint16
2150 | | +--rw max-attempts? uint8
2151 | +--rw http-server-parameters
2152 | +--rw server-name? string
2153 | +--rw protocol-versions
2154 | +--rw protocol-version* enumeration
2155 +--rw call-home! {call-home}?
2156 +--rw restconf-client* [name]
2157 +--rw name string
2158 +--rw endpoints
2159 | +--rw endpoint* [name]
2160 | +--rw name string
2161 | +--rw (transport)
2162 | +--:(https) {https-call-home}?
2163 | +--rw https
2164 | +--rw tcp-client-parameters
2165 | | +--rw remote-address inet:host
2166 | | +--rw remote-port? inet:port-number
2167 | | +--rw local-address? inet:ip-address
2168 | | +--rw local-port? inet:port-number
2169 | | +--rw keepalives!
2170 | | {tcp-client-keepalives}?
2171 | | +--rw idle-time uint16
2172 | | +--rw max-probes? uint16
2173 | | +--rw probe-interval? uint16
2174 | +--rw tls-server-parameters
2175 | | +--rw server-identity
2176 | | | +--rw (local-or-keystore)
2177 | | | +--:(local)
2178 | | | | {local-keys-supported}?
2179 | | | | +--rw local-definition
2180 | | | | +--rw algorithm?
2181 | | | | | asymmetric-key-algo\
2182 rithm-ref
2183 | | | | +--rw public-key?
2184 | | | | | binary
2185 | | | | +--rw private-key?
2186 | | | | | union
2187 | | | | +---x generate-hidden-key
2188 | | | | | +---w input
2189 | | | | | +---w algorithm
2190 | | | | | asymmetric-ke\
2191 y-algorithm-ref
2192 | | | | +---x install-hidden-key
2193 | | | | | +---w input
2194 | | | | | +---w algorithm
2195 | | | | | | asymmetric-ke\
2197 y-algorithm-ref
2198 | | | | | +---w public-key?
2199 | | | | | | binary
2200 | | | | | +---w private-key?
2201 | | | | | binary
2202 | | | | +--rw cert?
2203 | | | | | end-entity-cert-cms
2204 | | | | +---n certificate-expiration
2205 | | | | +-- expiration-date
2206 | | | | yang:date-and-ti\
2207 me
2208 | | | +--:(keystore)
2209 | | | {keystore-supported}?
2210 | | | +--rw keystore-reference?
2211 | | | ks:asymmetric-key-cert\
2212 ificate-ref
2213 | | +--rw client-authentication
2214 | | | +--rw pinned-ca-certs?
2215 | | | | ta:pinned-certificates-ref
2216 | | | | {ta:x509-certificates}?
2217 | | | +--rw pinned-client-certs?
2218 | | | | ta:pinned-certificates-ref
2219 | | | | {ta:x509-certificates}?
2220 | | | +--rw cert-maps
2221 | | | +--rw cert-to-name* [id]
2222 | | | +--rw id uint32
2223 | | | +--rw fingerprint
2224 | | | | x509c2n:tls-fingerprint
2225 | | | +--rw map-type
2226 | | | | identityref
2227 | | | +--rw name string
2228 | | +--rw hello-params
2229 | | | {tls-server-hello-params-config\
2230 }?
2231 | | | +--rw tls-versions
2232 | | | | +--rw tls-version* identityref
2233 | | | +--rw cipher-suites
2234 | | | +--rw cipher-suite* identityref
2235 | | +--rw keepalives!
2236 | | {tls-server-keepalives}?
2237 | | +--rw max-wait? uint16
2238 | | +--rw max-attempts? uint8
2239 | +--rw http-server-parameters
2240 | +--rw server-name? string
2241 | +--rw protocol-versions
2242 | +--rw protocol-version* enumeration
2243 +--rw connection-type
2244 | +--rw (connection-type)
2245 | +--:(persistent-connection)
2246 | | +--rw persistent!
2247 | +--:(periodic-connection)
2248 | +--rw periodic!
2249 | +--rw period? uint16
2250 | +--rw anchor-time? yang:date-and-time
2251 | +--rw idle-timeout? uint16
2252 +--rw reconnect-strategy
2253 +--rw start-with? enumeration
2254 +--rw max-attempts? uint8
2256 Appendix B. Change Log
2258 B.1. 00 to 01
2260 o Renamed "keychain" to "keystore".
2262 B.2. 01 to 02
2264 o Filled in previously missing 'ietf-restconf-client' module.
2266 o Updated the ietf-restconf-server module to accommodate new
2267 grouping 'ietf-tls-server-grouping'.
2269 B.3. 02 to 03
2271 o Refined use of tls-client-grouping to add a must statement
2272 indicating that the TLS client must specify a client-certificate.
2274 o Changed restconf-client??? to be a grouping (not a container).
2276 B.4. 03 to 04
2278 o Added RFC 8174 to Requirements Language Section.
2280 o Replaced refine statement in ietf-restconf-client to add a
2281 mandatory true.
2283 o Added refine statement in ietf-restconf-server to add a must
2284 statement.
2286 o Now there are containers and groupings, for both the client and
2287 server models.
2289 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams
2291 o Updated examples to inline key and certificates (no longer a
2292 leafref to keystore)
2294 B.5. 04 to 05
2296 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams
2298 o Updated examples to inline key and certificates (no longer a
2299 leafref to keystore)
2301 B.6. 05 to 06
2303 o Fixed change log missing section issue.
2305 o Updated examples to match latest updates to the crypto-types,
2306 trust-anchors, and keystore drafts.
2308 o Reduced line length of the YANG modules to fit within 69 columns.
2310 B.7. 06 to 07
2312 o removed "idle-timeout" from "persistent" connection config.
2314 o Added "random-selection" for reconnection-strategy's "starts-with"
2315 enum.
2317 o Replaced "connection-type" choice default (persistent) with
2318 "mandatory true".
2320 o Reduced the periodic-connection's "idle-timeout" from 5 to 2
2321 minutes.
2323 o Replaced reconnect-timeout with period/anchor-time combo.
2325 B.8. 07 to 08
2327 o Modified examples to be compatible with new crypto-types algs
2329 B.9. 08 to 09
2331 o Corrected use of "mandatory true" for "address" leafs.
2333 o Updated examples to reflect update to groupings defined in the
2334 keystore draft.
2336 o Updated to use groupings defined in new TCP and HTTP drafts.
2338 o Updated copyright date, boilerplate template, affiliation, and
2339 folding algorithm.
2341 B.10. 09 to 10
2343 o Reformatted YANG modules.
2345 B.11. 10 to 11
2347 o Adjusted for the top-level "demux container" added to groupings
2348 imported from other modules.
2350 o Added "must" expressions to ensure that keepalives are not
2351 configured for "periodic" connections.
2353 o Updated the boilerplate text in module-level "description"
2354 statement to match copyeditor convention.
2356 o Moved "expanded" tree diagrams to the Appendix.
2358 Acknowledgements
2360 The authors would like to thank for following for lively discussions
2361 on list and in the halls (ordered by last name): Andy Bierman, Martin
2362 Bjorklund, Benoit Claise, Ramkumar Dhanapal, Mehmet Ersue, Balazs
2363 Kovacs, David Lamparter, Alan Luchuk, Ladislav Lhotka, Radek Krejci,
2364 Tom Petch, Juergen Schoenwaelder, Phil Shafer, Sean Turner, and Bert
2365 Wijnen.
2367 Author's Address
2369 Kent Watsen
2370 Watsen Networks
2372 EMail: kent+ietf@watsen.net