idnits 2.17.1 draft-ietf-netmod-factory-default-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 290 has weird spacing: '... that will ...' -- The document date (November 2, 2019) is 1637 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC6421' is mentioned on line 215, but not defined == Missing Reference: 'RFC3688' is mentioned on line 306, but not defined == Missing Reference: 'RFC6020' is mentioned on line 316, but not defined == Missing Reference: 'RFC6241' is mentioned on line 329, but not defined == Missing Reference: 'RFC8040' is mentioned on line 329, but not defined == Missing Reference: 'RFC6242' is mentioned on line 331, but not defined == Missing Reference: 'RFC8446' is mentioned on line 333, but not defined == Unused Reference: 'RFC7950' is defined on line 372, but no explicit reference was found in the text == Outdated reference: A later version (-21) exists of draft-ietf-netmod-yang-instance-file-format-04 Summary: 0 errors (**), 0 flaws (~~), 11 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD Working Group Q. Wu 3 Internet-Draft Huawei 4 Intended status: Standards Track B. Lengyel 5 Expires: May 5, 2020 Ericsson Hungary 6 Y. Niu 7 Huawei 8 November 2, 2019 10 Factory Default Setting 11 draft-ietf-netmod-factory-default-06 13 Abstract 15 This document defines a method to reset a server to its factory- 16 default content. The reset operation may be used e.g. during initial 17 zero-touch configuration or when the existing configuration has major 18 errors, so re-starting the configuration process from scratch is the 19 best option. 21 A new factory-reset RPC is defined. Several methods of documenting 22 the factory-default content are specified. 24 Optionally a new "factory-default" read-only datastore is defined, 25 that contains the data that will be copied over to the running 26 datastore at reset. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on May 5, 2020. 45 Copyright Notice 47 Copyright (c) 2019 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 64 2. Factory-Reset RPC . . . . . . . . . . . . . . . . . . . . . . 4 65 3. Factory-Default Datastore . . . . . . . . . . . . . . . . . . 4 66 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 5 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 68 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 69 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 70 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 71 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 72 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 73 9.2. Informative References . . . . . . . . . . . . . . . . . 9 74 Appendix A. Difference between datastore and datastore . . . . . . . . . . . . . . . . . 9 76 Appendix B. Changes between revisions . . . . . . . . . . . . . 9 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 79 1. Introduction 81 This document defines a method to reset a server to its factory- 82 default content. The reset operation may be used, e.g. during 83 initial zero-touch configuration [RFC8572] or when the existing 84 configuration has major errors, so re-starting the configuration 85 process from scratch is the best option. When resetting a datastore 86 all previous configuration settings will be lost and replaced by the 87 factory-default content. 89 A new factory-reset RPC is defined. Several methods of documenting 90 the factory-default content are specified. 92 Optionally a new "factory-default" read-only datastore is defined, 93 that contains the data that will be copied over to all read-write 94 configuration datastores at reset. This datastore can also be used 95 in or operations. 97 NETCONF defines the operation that allows resetting the 98 datastore and the operation that copies 99 the content of the datastore into the 100 datastore. However it is not possible to reset the running 101 datastore, to reset the candidate datastore without changing the 102 running datastore or to reset any dynamic datastore. 104 A RESTCONF server MAY implement the above NETCONF operations, but 105 that would still not allow it to reset the running configuration. 107 The YANG data model in this document conforms to the Network 108 Management Datastore Architecture defined in [RFC8342]. 110 1.1. Terminology 112 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 113 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 114 "OPTIONAL" in this document are to be interpreted as described in BCP 115 14 [RFC2119] [RFC8174] when, and only when, they appear in all 116 capitals, as shown here. 118 The following terms are defined in [RFC8342] and are not redefined 119 here: 121 o server 123 o startup configuration datastore 125 o candiate configuration datastore 127 o running configuration datastore 129 o intended configuration datastore 131 o operational state datastore 133 The following terms are defined in this document as follows: 135 o factory-default datastore: A read-only datastore holding a 136 preconfigured minimal initial configuration that can be used to 137 initialize the configuration of a server. The content of the 138 datastore is usually static, but MAY depend on external factors 139 like available HW. 141 2. Factory-Reset RPC 143 A new "factory-reset" RPC is introduced. Upon receiveing the RPC the 144 server resets the content of all read-write configuration datastores 145 (e.g., and ) to their factory-default content. 146 Read-only datastores receive their content from other datastores 147 (e.g. gets its content from ). 149 Factory-default content MAY be specified by one of the following 150 means in descending order of precedence 152 1. datastore, if it exists; 154 2. by vendors using a file in YANG Instance Data 155 [I-D.ietf-netmod-yang-instance-file-format] format or some other 156 format in vendor's website or other places where similar off-line 157 documents are kept; 159 3. In some implementation specific manner; 161 For the server supporting zero touch bootstrapping mechanisms, the 162 factory default configuration causes the bootstrapping process to 163 execute,e.g.,the server resets configuration to device's factory 164 default configuration,for the version of operating system software it 165 is running. In addition,the "factory-reset" RPC MAY also be used to 166 trigger some other restoring and resetting tasks such as files 167 cleanup, restarting the node or some of the software processes, 168 setting some security data/passwords to the default value, removing 169 logs, or removing any temporary data (from datastore or elsewhere), 170 etc. When and why these tasks are triggered is not the scope of this 171 document. 173 3. Factory-Default Datastore 175 Following guidelines for defining Datastores in the appendix A of 176 [RFC8342], this document introduces a new datastore resource named 177 'factory-default' that represents a preconfigured minimal initial 178 configuration that can be used to initialize the configuration of a 179 server. 181 o Name: "factory-default" 183 o YANG modules: all 185 o YANG nodes: all "config true" data nodes 187 o Management operations: The content of the datastore is set by the 188 server in an implementation dependent manner. The content can not 189 be changed by management operations via NETCONF, RESTCONF,the CLI 190 etc. unless specialized, dedicated operations are provided. The 191 contents of the datastore can be read using NETCONF and 192 operations, and the RESTCONF protocol equivalents. 193 The operation copies the factory default content 194 to and, if present, and then the content of 195 these datastores is propagated automatically to any other read 196 only datastores, e.g., and . 198 o Origin: This document does not define a new origin identity as it 199 does not interact with datastore. 201 o Protocols: RESTCONF, NETCONF and other management protocol. 203 o Defining YANG module: "ietf-factory-default". 205 The datastore content is usually defined by the device vendor. It is 206 usually static, but MAY change e.g., depending on external factors 207 like HW available or during device upgrade. 209 On devices that support non-volatile storage, the contents of 210 MUST persist across restarts. 212 4. YANG Module 214 This module imports typedefs from [RFC8342], and it references 215 [RFC6421],[RFC8341]. 217 file "ietf-factory-default.yang" 218 module ietf-factory-default { 219 yang-version 1.1; 220 namespace urn:ietf:params:xml:ns:yang:ietf-factory-default; 221 prefix fd; 223 import ietf-netconf { prefix nc ; } 224 import ietf-datastores { prefix ds; } 225 import ietf-netconf-acm { prefix nacm;} 227 organization 228 "IETF NETMOD (Network Modeling) Working Group"; 229 contact 230 "WG Web: 231 WG List: 233 Editor: Qin Wu 234 235 Editor: Balazs Lengyel 236 238 Editor: Ye Niu 239 "; 240 description 241 "This module defines the 242 - factory-reset RPC 243 - factory-default datastore 244 - an extension to the NETCONF operation to 245 allow it to operate on the factory-default datastore. 247 It provides functionality to reset a server to its 248 factory-default content. 250 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 251 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 252 'MAY', and 'OPTIONAL' in this document are to be interpreted as 253 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 254 they appear in all capitals, as shown here. 256 Copyright (c) 2019 IETF Trust and the persons identified as 257 authors of the code. All rights reserved. 259 Redistribution and use in source and binary forms, with or 260 without modification, is permitted pursuant to, and subject 261 to the license terms contained in, the Simplified BSD License 262 set forth in Section 4.c of the IETF Trust's Legal Provisions 263 Relating to IETF Documents 264 (http://trustee.ietf.org/license-info). 266 This version of this YANG module is part of RFC XXXX; 267 see the RFC itself for full legal notices."; 269 revision 2019-05-03 { 270 description 271 "Initial revision."; 272 reference "RFC XXXX: Factory default Setting"; 273 } 275 feature factory-default-as-datastore { 276 description "Indicates that the factory default configuration is 277 also available as a separate datastore"; 278 } 280 rpc factory-reset { 281 nacm:default-deny-all; 282 description "The server resets the content of all read-write 283 configuration datastores (e.g., and ) to 284 their factory default content."; 285 } 286 identity factory-default { 287 base ds:datastore; 288 if-feature factory-default-as-datastore; 289 description "The read-only datastore contains the configuration 290 that will be copied into and, if present, 291 ."; 292 } 293 augment /nc:get-config/nc:input/nc:source/nc:config-source { 294 if-feature factory-default-as-datastore; 295 description "Allows the get-config operation to use the 296 factory-default datastore as a source"; 297 leaf factory-default { 298 type empty ; 299 description 300 "The factory-default datastore is the source."; } 301 } 302 304 5. IANA Considerations 306 This document registers one URI in the IETF XML Registry [RFC3688]. 307 The following registration has been made: 309 URI: urn:ietf:params:xml:ns:yang:ietf-factory-default 311 Registrant Contact: The IESG. 313 XML: N/A, the requested URI is an XML namespace. 315 This document registers one YANG module in the YANG Module Names 316 Registry [RFC6020]. The following registration has been made: 318 name: ietf-factory-default 320 namespace: urn:ietf:params:xml:ns:yang:ietf-factory-default 322 prefix: fd 324 RFC: xxxx 326 6. Security Considerations 328 The YANG module defined in this document extends the base operations 329 for NETCONF [RFC6241] and RESTCONF [RFC8040]. The lowest NETCONF 330 layer is the secure transport layer, and the mandatory-to-implement 331 secure transport is Secure Shell (SSH) [RFC6242]. The lowest 332 RESTCONF layer is HTTPS, and the mandatory-to-implement secure 333 transport is TLS [RFC8446]. 335 The RPC operation may be considered sensitive in some 336 network enviroments,e.g., remote access to reset the device or 337 overwrite security sensitive information in one of the other 338 datastores, e.g. running, therefore it is important to restrict 339 access to this RPC using the standard access control methods. 340 [RFC8341] 342 The 'factory-reset' RPC can prevent any further management of the 343 device if the session and client config is included in the factory- 344 reset contents. 346 The operational disruption caused by setting the config to factory- 347 reset contents varies greatly depending on the implementation and 348 current config. 350 7. Acknowledgements 352 Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell, Joe 353 Clarke, Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy 354 Bierman, Susan Hares to review this draft and provide important input 355 to this document. 357 8. Contributors 359 Rohit R Ranade 360 Huawei 361 Email: rohitrranade@huawei.com 363 9. References 365 9.1. Normative References 367 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 368 Requirement Levels", BCP 14, RFC 2119, 369 DOI 10.17487/RFC2119, March 1997, 370 . 372 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 373 RFC 7950, DOI 10.17487/RFC7950, August 2016, 374 . 376 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 377 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 378 May 2017, . 380 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 381 Access Control Model", STD 91, RFC 8341, 382 DOI 10.17487/RFC8341, March 2018, 383 . 385 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 386 and R. Wilton, "Network Management Datastore Architecture 387 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 388 . 390 9.2. Informative References 392 [I-D.ietf-netmod-yang-instance-file-format] 393 Lengyel, B. and B. Claise, "YANG Instance Data File 394 Format", draft-ietf-netmod-yang-instance-file-format-04 395 (work in progress), August 2019. 397 [RFC8572] Watsen, K., Farrer, I., and M. Abrahamsson, "Secure Zero 398 Touch Provisioning (SZTP)", RFC 8572, 399 DOI 10.17487/RFC8572, April 2019, 400 . 402 Appendix A. Difference between datastore and datastore 405 When the device first boots up, the content of the and 406 will be identical. The content of can be 407 subsequently changed by using as a target in a operation. The is a read-only datastore 409 and it is usually static as described in earlier sections. 411 Appendix B. Changes between revisions 413 Editorial Note (To be removed by RFC Editor) 415 v05 - 06 417 o Additional text to enhance security section. 419 o Add nacm:default-deny-all on "factory-reset" RPC. 421 o A few clarification on Factory-default content specification. 423 v03 - 04 425 o Additional text to clarify factory-reset RPC usage. 427 v02 - 03 429 o Update security consideration section. 431 v01 - v02 433 o Address security issue in the security consideration section. 435 o Remove an extension to the NETCONF operation which 436 allows it to operate on the factory-default datastore. 438 o Add an extension to the NETCONF operation which 439 allows it to operate on the factory-default datastore. 441 v00 - v01 443 o Change YANG server into server defined in NMDA architecture based 444 on discussion. 446 o Allow reset the content of all read-write configuraton datastores 447 to its factory-default content except . 449 o Add clarification text on factory-reset protocol operation 450 behavior. 452 v03 - v00 454 o Change draft name from draft-wu to draft-ietf-netmod-factory- 455 default-00 without content changes. 457 v02 - v03 459 o Change reset-datastore RPC into factory-reset RPC to allow reset 460 the whole device with factory default content. 462 o Remove target datastore parameter from factory-reset RPC. 464 o Other editorial changes. 466 v01 - v02 468 o Add copy-config based on Rob's comment. 470 o Reference Update. 472 v03 - v00 - v01 474 o Changed name from draft-wu-netconf-restconf-factory-restore to 475 draft-wu-netmod-factory-default 477 o Removed copy-config ; reset-datastore is enough 479 v02 - v03 481 o Restructured 483 o Made new datastore optional 485 o Removed Netconf capability 487 o Listed Open issues 489 v01 - v02 491 o - 493 v00 - v01 495 o - 497 Authors' Addresses 499 Qin Wu 500 Huawei 501 101 Software Avenue, Yuhua District 502 Nanjing, Jiangsu 210012 503 China 505 Email: bill.wu@huawei.com 507 Balazs Lengyel 508 Ericsson Hungary 509 Magyar Tudosok korutja 11 510 1117 Budapest 511 Hungary 513 Phone: +36-70-330-7909 514 Email: balazs.lengyel@ericsson.com 515 Ye Niu 516 Huawei 518 Email: niuye@huawei.com