idnits 2.17.1 draft-ietf-netmod-factory-default-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 29, 2019) is 1755 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC3688' is mentioned on line 294, but not defined == Missing Reference: 'RFC6020' is mentioned on line 304, but not defined == Unused Reference: 'RFC7950' is defined on line 349, but no explicit reference was found in the text == Outdated reference: A later version (-21) exists of draft-ietf-netmod-yang-instance-file-format-02 Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD Working Group Q. Wu 3 Internet-Draft Huawei 4 Intended status: Standards Track B. Lengyel 5 Expires: December 31, 2019 Ericsson Hungary 6 Y. Niu 7 Huawei 8 June 29, 2019 10 Factory Default Setting 11 draft-ietf-netmod-factory-default-02 13 Abstract 15 This document defines a method to reset a server to its factory- 16 default content. The reset operation may be used e.g. during initial 17 zero-touch configuration or when the existing configuration has major 18 errors, so re-starting the configuration process from scratch is the 19 best option. 21 A new factory-reset RPC is defined. Several methods of documenting 22 the factory-default content are specified. 24 Optionally a new "factory-default" read-only datastore is defined, 25 that contains the data that will be copied over to the running 26 datastore at reset. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on December 31, 2019. 45 Copyright Notice 47 Copyright (c) 2019 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 64 2. Factory-Reset RPC . . . . . . . . . . . . . . . . . . . . . . 4 65 3. Factory-Default Datastore . . . . . . . . . . . . . . . . . . 4 66 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 5 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 68 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 69 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 70 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 71 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 72 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 73 9.2. Informative References . . . . . . . . . . . . . . . . . 8 74 Appendix A. Open Issues . . . . . . . . . . . . . . . . . . . . 9 75 Appendix B. Difference between datastore and datastore . . . . . . . . . . . . . . . . . 9 77 Appendix C. Changes between revisions . . . . . . . . . . . . . 9 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 80 1. Introduction 82 This document defines a method to reset a server to its factory- 83 default content. The reset operation may be used e.g. during initial 84 zero-touch configuration [RFC8572] or when the existing configuration 85 has major errors, so re-starting the configuration process from 86 scratch is the best option. When resetting a datastore all previous 87 configuration settings will be lost and replaced by the factory- 88 default content. 90 A new factory-reset RPC is defined. Several methods of documenting 91 the factory-default content are specified. 93 Optionally a new "factory-default" read-only datastore is defined, 94 that contains the data that will be copied over to all read-write 95 configuration datastores at reset. This datastore can also be used 96 in or operations. 98 NETCONF defines the operation that allows resetting the 99 datastore and the operation that copies 100 the content of the datastore into the 101 datastore. However it is not possible to reset the running 102 datastore, to reset the candidate datastore without changing the 103 running datastore or to reset any dynamic datastore. 105 A RESTCONF server MAY implement the above NETCONF operations, but 106 that would still not allow it to reset the running configuration. 108 1.1. Terminology 110 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 111 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 112 "OPTIONAL" in this document are to be interpreted as described in BCP 113 14 [RFC2119] [RFC8174] when, and only when, they appear in all 114 capitals, as shown here. 116 The following terms are defined in [RFC8342] and are not redefined 117 here: 119 o server 121 o startup configuration datastore 123 o candiate configuration datastore 125 o running configuration datastore 127 o intended configuration datastore 129 o operational state datastore 131 The following terms are defined in this document as follows: 133 o factory-default datastore: A read-only datastore holding a 134 preconfigured minimal initial configuration that can be used to 135 initialize the configuration of a server. The content of the 136 datastore is usually static, but MAY depend on external factors 137 like available HW. 139 2. Factory-Reset RPC 141 A new "factory-reset" RPC is introduced. Upon receiveing the RPC the 142 server resets the content of all read-write configuration datastores 143 (e.g., and ) to its factory-default content. Read- 144 only datastores receive their content from other datastores (e.g. 145 gets its content from ). 147 Factory-default content SHALL be specified by one of the following 148 means in order of precedence 150 1. For the , and datastores as the 151 content of the datastore, if it exists 153 2. YANG Instance Data [I-D.ietf-netmod-yang-instance-file-format] 155 3. In some implementation specific manner 157 4. For dynamic datastores unless otherwise specified the factory- 158 default content is empty. 160 In addition to set the content of the read-write configuration 161 datastores, the "factory-reset" RPC might also be used to clean up 162 files, restart the node or some of the SW processes, or it might set 163 some security data/passwords to the default value, remove logs, 164 remove any temporary data (from datastore or elsewhere) etc. 166 3. Factory-Default Datastore 168 Following guidelines for defining Datastores in the appendix A of 169 [RFC8342], this document introduces a new datastore resource named 170 'Factory-Default' that represents a preconfigured minimal initial 171 configuration that can be used to initialize the configuration of a 172 server. 174 o Name: "factory-default" 176 o YANG modules: all 178 o YANG nodes: all "config true" data nodes 180 o Management operations: The content of the datastore is set by the 181 server in an implementation dependent manner. The content can not 182 be changed by management operations via NETCONF, RESTCONF,the CLI 183 etc. unless specialized, dedicated operations are provided. The 184 contents of the datastore can be read using NETCONF, RESTCONF 185 and operations. The operation can be used to copy the factory default content to a set of 187 read-write configuration datastores and then the content of these 188 datastores is propagated automatically to any other read only 189 datastores, e.g., and . 191 o Origin: This document does not define a new origin identity as it 192 does not interact with datastore. 194 o Protocols: RESTCONF, NETCONF and other management protocol. 196 o Defining YANG module: "ietf-factory-default". 198 The datastore content is usually defined by the device vendor. It is 199 usually static, but MAY change e.g., depending on external factors 200 like HW available or during device upgrade. 202 On devices that support non-volatile storage, the contents of 203 MUST persist across restarts. 205 4. YANG Module 207 file "ietf-factory-default.yang" 208 module ietf-factory-default { 209 yang-version 1.1; 210 namespace urn:ietf:params:xml:ns:yang:ietf-factory-default; 211 prefix fd; 213 import ietf-netconf { prefix nc ; } 214 import ietf-datastores { prefix ds; } 216 organization 217 "IETF NETMOD (Network Modeling) Working Group"; 218 contact 219 "WG Web: 220 WG List: 222 Editor: Balazs Lengyel 223 224 Editor: Qin Wu 225 226 Editor: Ye Niu 227 "; 228 description 229 "This module defines the 230 - factory-reset RPC 231 - factory-default datastore 233 It provides functionality to reset a server to its 234 factory-default content. 236 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 237 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 238 'MAY', and 'OPTIONAL' in this document are to be interpreted as 239 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 240 they appear in all capitals, as shown here. 242 Copyright (c) 2019 IETF Trust and the persons identified as 243 authors of the code. All rights reserved. 245 Redistribution and use in source and binary forms, with or 246 without modification, is permitted pursuant to, and subject 247 to the license terms contained in, the Simplified BSD License 248 set forth in Section 4.c of the IETF Trust's Legal Provisions 249 Relating to IETF Documents 250 (http://trustee.ietf.org/license-info). 252 This version of this YANG module is part of RFC XXXX; 253 see the RFC itself for full legal notices."; 255 revision 2019-05-03 { 256 description 257 "Initial revision."; 258 reference "RFC XXXX: Factory default Setting"; 259 } 261 feature factory-default-as-datastore { 262 description "Indicates that the factory default configuration is 263 also available as a separate datastore"; 264 } 266 rpc factory-reset { 267 description "The server resets the content of all read-write 268 configuration datastores (e.g., and ) to 269 its factory default content."; 270 } 272 identity factory-default { 273 base ds:datastore; 274 if-feature factory-default-as-datastore; 275 description "The read-only datastore contains the configuration that 276 will be copied into e.g., the running datastore by the 277 factory-reset operation if the target is the running 278 datastore."; 279 } 280 augment /nc:get-config/nc:input/nc:source/nc:config-source { 281 if-feature factory-default-as-datastore; 282 description "Allows the get-config operation to use the 283 factory-default datastore as a source"; 285 leaf factory-default { 286 type empty ; 287 description 288 "The factory-default datastore is the source."; } 289 } 290 292 5. IANA Considerations 294 This document registers one URI in the IETF XML Registry [RFC3688]. 295 The following registration has been made: 297 URI: urn:ietf:params:xml:ns:yang:ietf-factory-default 299 Registrant Contact: The IESG. 301 XML: N/A, the requested URI is an XML namespace. 303 This document registers one YANG module in the YANG Module Names 304 Registry [RFC6020]. The following registration has been made: 306 name: ietf-factory-default 308 namespace: urn:ietf:params:xml:ns:yang:ietf-factory-default 310 prefix: fd 312 RFC: xxxx 314 6. Security Considerations 316 The RPC can overwrite important and security 317 sensitive information in one of the other datastores e.g. running, 318 therefore it is important to restrict access to this RPC using the 319 standard access control methods. [RFC8341] 321 The content of the factory-default datastore is usually not security 322 sensitive as it is the same on any device of a certain type. In case 323 there is any sensitive content in the factory-default datastore, it 324 should be protected in a secure way,e.g.,sign or encrypt the 325 sensitive information. 327 7. Acknowledgements 329 Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell,Joe 330 Clark,Robert Wilton, Kent Watsen, Joel Jaeggli,Andy Berman,Susan 331 Hares to review this draft and provide important input to this 332 document. 334 8. Contributors 336 Rohit R Ranade 337 Huawei 338 Email: rohitrranade@huawei.com 340 9. References 342 9.1. Normative References 344 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 345 Requirement Levels", BCP 14, RFC 2119, 346 DOI 10.17487/RFC2119, March 1997, 347 . 349 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 350 RFC 7950, DOI 10.17487/RFC7950, August 2016, 351 . 353 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 354 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 355 May 2017, . 357 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 358 Access Control Model", STD 91, RFC 8341, 359 DOI 10.17487/RFC8341, March 2018, 360 . 362 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 363 and R. Wilton, "Network Management Datastore Architecture 364 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 365 . 367 9.2. Informative References 369 [I-D.ietf-netmod-yang-instance-file-format] 370 Lengyel, B. and B. Claise, "YANG Instance Data File 371 Format", draft-ietf-netmod-yang-instance-file-format-02 372 (work in progress), February 2019. 374 [RFC8572] Watsen, K., Farrer, I., and M. Abrahamsson, "Secure Zero 375 Touch Provisioning (SZTP)", RFC 8572, 376 DOI 10.17487/RFC8572, April 2019, 377 . 379 Appendix A. Open Issues 381 o Do we need an extra parameter that may order a restart of the 382 YANG-server or the whole system? 384 o Do we allow different datastore have different factory default 385 content? No 387 Appendix B. Difference between datastore and datastore 390 When the device first boots up, the content of the and 391 will be identical. The content of can be 392 subsequently changed by using as a target in a operation. The is a read-only datastore 394 and it is usually static as described in earlier sections. 396 Appendix C. Changes between revisions 398 v01 - v02 400 o Address security issue in the security consideration section. 402 o Remove an extension to the NETCONF operation which 403 allows it to operate on the factory-default datastore. 405 o Add an extension to the NETCONF . 416 o Add clarification text on factory-reset protocol operation 417 behavior. 419 v03 - v00 421 o Change draft name from draft-wu to draft-ietf-netmod-factory- 422 default-00 without content changes. 424 v02 - v03 425 o Change reset-datastore RPC into factory-reset RPC to allow reset 426 the whole device with factory default content. 428 o Remove target datastore parameter from factory-reset RPC. 430 o Other editorial changes. 432 v01 - v02 434 o Add copy-config based on Rob's comment. 436 o Reference Update. 438 v03 - v00 - v01 440 o Changed name from draft-wu-netconf-restconf-factory-restore to 441 draft-wu-netmod-factory-default 443 o Removed copy-config ; reset-datastore is enough 445 v02 - v03 447 o Restructured 449 o Made new datastore optional 451 o Removed Netconf capability 453 o Listed Open issues 455 v01 - v02 457 o - 459 v00 - v01 461 o - 463 Authors' Addresses 465 Qin Wu 466 Huawei 467 101 Software Avenue, Yuhua District 468 Nanjing, Jiangsu 210012 469 China 471 Email: bill.wu@huawei.com 472 Balazs Lengyel 473 Ericsson Hungary 474 Magyar Tudosok korutja 11 475 1117 Budapest 476 Hungary 478 Phone: +36-70-330-7909 479 Email: balazs.lengyel@ericsson.com 481 Ye Niu 482 Huawei 484 Email: niuye@huawei.com