idnits 2.17.1 draft-ietf-netmod-factory-default-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 2 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 6, 2019) is 1603 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC6421' is mentioned on line 212, but not defined == Missing Reference: 'RFC3688' is mentioned on line 296, but not defined == Missing Reference: 'RFC6020' is mentioned on line 306, but not defined == Missing Reference: 'RFC6241' is mentioned on line 319, but not defined == Missing Reference: 'RFC8040' is mentioned on line 319, but not defined == Missing Reference: 'RFC6242' is mentioned on line 321, but not defined == Missing Reference: 'RFC8446' is mentioned on line 323, but not defined == Missing Reference: 'RFC8573' is mentioned on line 408, but not defined == Unused Reference: 'I-D.ietf-netmod-yang-instance-file-format' is defined on line 382, but no explicit reference was found in the text == Outdated reference: A later version (-21) exists of draft-ietf-netmod-yang-instance-file-format-06 Summary: 1 error (**), 0 flaws (~~), 11 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD Working Group Q. Wu 3 Internet-Draft Huawei 4 Intended status: Standards Track B. Lengyel 5 Expires: June 8, 2020 Ericsson Hungary 6 Y. Niu 7 Huawei 8 December 6, 2019 10 Factory Default Setting 11 draft-ietf-netmod-factory-default-09 13 Abstract 15 This document defines a method to reset a server to its factory- 16 default content. The reset operation may be used, e.g., when the 17 existing configuration has major errors so re-starting the 18 configuration process from scratch is the best option. 20 A new factory-reset RPC is defined. When resetting a datastore, all 21 previous configuration settings will be lost and replaced by the 22 factory-default content. 24 A new optional "factory-default" read-only datastore is defined, that 25 contains the data that will be copied over to the running datastore 26 at reset. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on June 8, 2020. 45 Copyright Notice 47 Copyright (c) 2019 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 64 2. Factory-Reset RPC . . . . . . . . . . . . . . . . . . . . . . 3 65 3. Factory-Default Datastore . . . . . . . . . . . . . . . . . . 4 66 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 5 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 68 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 69 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 70 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 71 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 72 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 73 9.2. Informative References . . . . . . . . . . . . . . . . . 9 74 Appendix A. Changes between revisions . . . . . . . . . . . . . 9 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 77 1. Introduction 79 This document defines a method to reset a server to its factory- 80 default content. The reset operation may be used, e.g., when the 81 existing configuration has major errors so re-starting the 82 configuration process from scratch is the best option. 84 A factory-reset RPC is defined. When resetting a datastore, all 85 previous configuration settings will be lost and replaced by the 86 factory-default content. 88 A "factory-default" read-only datastore is defined, that contains the 89 data to replace the contents of implemented read-write conventional 90 configuration datastores at reset. This datastore can also be used 91 in operation. 93 NETCONF defines the RPC operation, but that only acts 94 on the , whereas the RPC operation 95 can perform additional changes to the device to fully reset the 96 device back to a factory-default state 98 The YANG data model in this document conforms to the Network 99 Management Datastore Architecture defined in [RFC8342]. 101 1.1. Terminology 103 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 104 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 105 "OPTIONAL" in this document are to be interpreted as described in BCP 106 14 [RFC2119] [RFC8174] when, and only when, they appear in all 107 capitals, as shown here. 109 The following terms are defined in [RFC8342] [RFC7950] and are not 110 redefined here: 112 o server 114 o startup configuration datastore 116 o candidate configuration datastore 118 o running configuration datastore 120 o intended configuration datastore 122 o operational state datastore 124 o conventional configuration datastore 126 o RPC operation 128 The following terms are defined in this document as follows: 130 o factory-default datastore: A read-only configuration datastore 131 holding a preconfigured minimal initial configuration that can be 132 used to initialize the configuration of a server. The content of 133 the datastore is usually static, but MAY depend on external 134 factors like available HW. 136 2. Factory-Reset RPC 138 A new "factory-reset" RPC is introduced. Upon receiving the RPC 139 o All supported conventional read-write configuration datastores 140 (i.e. , , and ) are all reset to the 141 contents of . 143 o Read-only datastores receive their content from other 144 datastores(e.g. gets its content from ). 146 o All data in any ephemeral datastores MUST be discarded. 148 o The contents of the datastore MUST be reset back to 149 an appropriate factory-default state. 151 In addition, the "factory-reset" RPC MUST restore storage to factory 152 condition, including remove log files, remove temporary files (from 153 datastore or elsewhere). It MUST also remove security credentials 154 and restoring default security settings including remove 155 certificates, keys, zero passwords, etc. The process invoked by the 156 "factory-reset" RPC SHOULD zero/pattern-write than remove sensitive 157 files such as the TLS keys, configuration stores, etc. The "factory- 158 reset" RPC MAY also be used to trigger some other resetting tasks 159 such as restarting the node or some of the software processes. 161 Note that operators should be aware that since all read-write 162 datastores are immediately reset to factory default, the device may 163 become unreachable on the network. It is important to understand how 164 a given vendor's device will behave after the RPC is executed. 165 Implementors SHOULD reboot the device or otherwise restart processes 166 needed to bootstrap it. 168 3. Factory-Default Datastore 170 Following guidelines for defining Datastores in the appendix A of 171 [RFC8342], this document introduces a new optional datastore resource 172 named 'factory-default' that represents a preconfigured minimal 173 initial configuration that can be used to initialize the 174 configuration of a server. A device MAY only implement the RPC without implementing the 'factory-default' datastore, 176 which make it lose the ability to see what configuration the device 177 would be reset back to. 179 o Name: "factory-default" 181 o YANG modules: all 183 o YANG nodes: all "config true" data nodes 185 o Management operations: The content of the datastore is set by the 186 server in an implementation dependent manner. The content can not 187 be changed by management operations via NETCONF, RESTCONF,the CLI 188 etcunless specialized, dedicated operations are provided. The 189 datastore can be read using the standard NETCONF/RESTCONF protocol 190 operations. The operation copies the factory 191 default content to and, if present, and then 192 the content of these datastores is propagated automatically to any 193 other read only datastores, e.g., and . 195 o Origin: This document does not define a new origin identity as it 196 does not interact with datastore. 198 o Protocols: RESTCONF, NETCONF and other management protocol. 200 o Defining YANG module: "ietf-factory-default". 202 The datastore content is usually defined by the device vendor. It is 203 usually static, but MAY change e.g., depending on external factors 204 like HW available or during device upgrade. 206 The contents of MUST persist across device 207 restarts. 209 4. YANG Module 211 This module imports typedefs from [RFC8342], and it references 212 [RFC6421],[RFC8341]. 214 file "ietf-factory-default@2019-11-27.yang" 215 module ietf-factory-default { 216 yang-version 1.1; 217 namespace "urn:ietf:params:xml:ns:yang:ietf-factory-default"; 218 prefix fd; 220 import ietf-datastores { 221 prefix ds; 222 } 223 import ietf-netconf-acm { 224 prefix nacm; 225 } 227 organization 228 "IETF NETMOD (Network Modeling) Working Group"; 229 contact 230 "WG Web: 231 WG List: 233 Editor: Qin Wu 234 236 Editor: Balazs Lengyel 237 238 Editor: Ye Niu 239 "; 240 description 241 "This module defines the 242 - factory-reset RPC 243 - factory-default datastore 245 It provides functionality to reset a server to its 246 factory-default content. 248 Copyright (c) 2019 IETF Trust and the persons identified as 249 authors of the code. All rights reserved. 251 Redistribution and use in source and binary forms, with or 252 without modification, is permitted pursuant to, and subject 253 to the license terms contained in, the Simplified BSD License 254 set forth in Section 4.c of the IETF Trust's Legal Provisions 255 Relating to IETF Documents 256 (http://trustee.ietf.org/license-info). 258 This version of this YANG module is part of RFC XXXX; 259 see the RFC itself for full legal notices."; 261 revision 2019-11-27 { 262 description 263 "Initial revision."; 264 reference 265 "RFC XXXX: Factory default Setting"; 266 } 268 feature factory-default-datastore { 269 description 270 "Indicates that the factory default configuration is 271 available as a datastore."; 272 } 274 rpc factory-reset { 275 nacm:default-deny-all; 276 description 277 "The server resets the content of all read-write 278 configuration datastores (i.e., , ,and 279 ) to their factory default content."; 280 } 282 identity factory-default { 283 if-feature "factory-default-datastore"; 284 base ds:datastore; 285 description 286 "This read-only datastore contains the configuration data used to 287 replace the contents ofthe read-write conventional configuration 288 datastores during a factory-reset RPC operation."; 289 } 290 } 292 294 5. IANA Considerations 296 This document registers one URI in the IETF XML Registry [RFC3688]. 297 The following registration has been made: 299 URI: urn:ietf:params:xml:ns:yang:ietf-factory-default 301 Registrant Contact: The IESG. 303 XML: N/A, the requested URI is an XML namespace. 305 This document registers one YANG module in the YANG Module Names 306 Registry [RFC6020]. The following registration has been made: 308 name: ietf-factory-default 310 namespace: urn:ietf:params:xml:ns:yang:ietf-factory-default 312 prefix: fd 314 RFC: xxxx 316 6. Security Considerations 318 The YANG module defined in this document extends the base operations 319 for NETCONF [RFC6241] and RESTCONF [RFC8040]. The lowest NETCONF 320 layer is the secure transport layer, and the mandatory-to-implement 321 secure transport is Secure Shell (SSH) [RFC6242]. The lowest 322 RESTCONF layer is HTTPS, and the mandatory-to-implement secure 323 transport is TLS [RFC8446]. 325 The RPC operation may be considered sensitive in some 326 network enviroments,e.g., remote access to reset the device or 327 overwrite security sensitive information in one of the other 328 datastores, e.g. running, therefore it is important to restrict 329 access to this RPC using the standard access control methods. 330 [RFC8341] 332 The 'factory-reset' RPC can prevent any further management of the 333 device if the session and client config is included in the factory- 334 reset contents. 336 The operational disruption caused by setting the config to factory- 337 reset contents varies greatly depending on the implementation and 338 current config. 340 7. Acknowledgements 342 Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell, Joe 343 Clarke, Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy 344 Bierman, Susan Hares to review this draft and provide important input 345 to this document. 347 8. Contributors 349 Rohit R Ranade 350 Huawei 351 Email: rohitrranade@huawei.com 353 9. References 355 9.1. Normative References 357 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 358 Requirement Levels", BCP 14, RFC 2119, 359 DOI 10.17487/RFC2119, March 1997, 360 . 362 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 363 RFC 7950, DOI 10.17487/RFC7950, August 2016, 364 . 366 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 367 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 368 May 2017, . 370 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 371 Access Control Model", STD 91, RFC 8341, 372 DOI 10.17487/RFC8341, March 2018, 373 . 375 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 376 and R. Wilton, "Network Management Datastore Architecture 377 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 378 . 380 9.2. Informative References 382 [I-D.ietf-netmod-yang-instance-file-format] 383 Lengyel, B. and B. Claise, "YANG Instance Data File 384 Format", draft-ietf-netmod-yang-instance-file-format-06 385 (work in progress), December 2019. 387 Appendix A. Changes between revisions 389 Editorial Note (To be removed by RFC Editor) 391 v08 - 09 393 o Provide some guideline for operators and implementor who implement 394 factory defaut method. 396 v07 - 08 398 o Provide clarification and recommendation on the relationship 399 between factory-reset RPC and reboot. 401 o Nits fixed based on YANG Doctor Review. 403 v06 - 07 405 o Remove Factory-default content specification; 407 o Remove reference to YANG instance data file format and zero touch 408 provision [RFC8573]; 410 o Remove copy-config operation extension on factory-default 411 datastore 413 v05 - 06 415 o Additional text to enhance security section. 417 o Add nacm:default-deny-all on "factory-reset" RPC. 419 o A few clarification on Factory-default content specification. 421 v03 - 04 422 o Additional text to clarify factory-reset RPC usage. 424 v02 - 03 426 o Update security consideration section. 428 v01 - v02 430 o Address security issue in the security consideration section. 432 o Remove an extension to the NETCONF operation which 433 allows it to operate on the factory-default datastore. 435 o Add an extension to the NETCONF operation which 436 allows it to operate on the factory-default datastore. 438 v00 - v01 440 o Change YANG server into server defined in NMDA architecture based 441 on discussion. 443 o Allow reset the content of all read-write configuraton datastores 444 to its factory-default content except . 446 o Add clarification text on factory-reset protocol operation 447 behavior. 449 v03 - v00 451 o Change draft name from draft-wu to draft-ietf-netmod-factory- 452 default-00 without content changes. 454 v02 - v03 456 o Change reset-datastore RPC into factory-reset RPC to allow reset 457 the whole device with factory default content. 459 o Remove target datastore parameter from factory-reset RPC. 461 o Other editorial changes. 463 v01 - v02 465 o Add copy-config based on Rob's comment. 467 o Reference Update. 469 v03 - v00 - v01 470 o Changed name from draft-wu-netconf-restconf-factory-restore to 471 draft-wu-netmod-factory-default 473 o Removed copy-config ; reset-datastore is enough 475 v02 - v03 477 o Restructured 479 o Made new datastore optional 481 o Removed Netconf capability 483 o Listed Open issues 485 v01 - v02 487 o - 489 v00 - v01 491 o - 493 Authors' Addresses 495 Qin Wu 496 Huawei 497 101 Software Avenue, Yuhua District 498 Nanjing, Jiangsu 210012 499 China 501 Email: bill.wu@huawei.com 503 Balazs Lengyel 504 Ericsson Hungary 505 Magyar Tudosok korutja 11 506 1117 Budapest 507 Hungary 509 Phone: +36-70-330-7909 510 Email: balazs.lengyel@ericsson.com 512 Ye Niu 513 Huawei 515 Email: niuye@huawei.com