idnits 2.17.1 draft-ietf-netmod-factory-default-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 16, 2020) is 1531 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC8573' is mentioned on line 425, but not defined Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD Working Group Q. Wu 3 Internet-Draft Huawei 4 Intended status: Standards Track B. Lengyel 5 Expires: August 19, 2020 Ericsson Hungary 6 Y. Niu 7 Huawei 8 February 16, 2020 10 Factory Default Setting 11 draft-ietf-netmod-factory-default-12 13 Abstract 15 This document defines a method to reset a server to its factory 16 default content. The reset operation may be used, e.g., when the 17 existing configuration has major errors so re-starting the 18 configuration process from scratch is the best option. 20 A new "factory-reset" RPC is defined. When resetting a device, all 21 previous configuration settings will be lost and replaced by the 22 factory default content. 24 A new optional "factory-default" read-only datastore is defined, that 25 contains the factory default configuration for the device. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on August 19, 2020. 44 Copyright Notice 46 Copyright (c) 2020 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (https://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Factory-Reset RPC . . . . . . . . . . . . . . . . . . . . . . 3 64 3. Factory-Default Datastore . . . . . . . . . . . . . . . . . . 4 65 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 67 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 68 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 69 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 70 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 71 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 72 9.2. Informative References . . . . . . . . . . . . . . . . . 8 73 Appendix A. Changes between revisions . . . . . . . . . . . . . 9 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 76 1. Introduction 78 This document defines a method to reset a server to its factory 79 default content. The reset operation may be used, e.g., when the 80 existing configuration has major errors so re-starting the 81 configuration process from scratch is the best option. 83 A "factory-reset" RPC is defined. When resetting a device, all 84 previous configuration settings will be lost and replaced by the 85 factory default content. 87 A "factory-default" read-only datastore is defined, that contains the 88 data to replace the contents of implemented read-write conventional 89 configuration datastores at reset. This datastore can also be used 90 in the operation. 92 The YANG data model in this document conforms to the Network 93 Management Datastore Architecture defined in [RFC8342]. 95 1.1. Terminology 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 99 "OPTIONAL" in this document are to be interpreted as described in BCP 100 14 [RFC2119] [RFC8174] when, and only when, they appear in all 101 capitals, as shown here. 103 The following terms are defined in [RFC8342] [RFC7950] and are not 104 redefined here: 106 o server 108 o startup configuration datastore 110 o candidate configuration datastore 112 o running configuration datastore 114 o intended configuration datastore 116 o operational state datastore 118 o conventional configuration datastore 120 o RPC operation 122 The following terms are defined in this document as follows: 124 o factory-default datastore: A read-only configuration datastore 125 holding a preconfigured initial configuration that is used to 126 initialize the configuration of a server. 128 2. Factory-Reset RPC 130 A new "factory-reset" RPC is introduced. Upon receiving the RPC 132 o All supported conventional read-write configuration datastores 133 (i.e. , , and ) are all reset to the 134 contents of . 136 o Read-only datastores receive their content from other 137 datastores(e.g. gets its content from ). 139 o All data in any ephemeral datastores MUST be discarded. 141 o The contents of the datastore MUST reflect the 142 operational state of the device after applying the factory default 143 configuration. 145 In addition, the "factory-reset" RPC MUST restore non-volatile 146 storage to factory condition. Depending on the system, this may 147 entail deleting dynamically generated files, such as those containing 148 keys (e.g., /etc/ssl/private), certificates (e.g., /etc/ssl), logs 149 (e.g., /var/log), and temporary files (e.g., /tmp/*). All security 150 sensitive data (i.e., private keys, passwords, etc.) SHOULD be 151 overwritten with zeros or a pattern before deletion. The "factory- 152 reset" RPC MAY also be used to trigger some other resetting tasks 153 such as restarting the node or some of the software processes. 155 Note that operators should be aware that since all read-write 156 datastores are immediately reset to factory default, the device may 157 become unreachable on the network. It is important to understand how 158 a given vendor's device will behave after the RPC is executed. 159 Implementors SHOULD reboot the device or otherwise restart processes 160 needed to bootstrap it. 162 3. Factory-Default Datastore 164 Following the guidelines for defining Datastores in the appendix A of 165 [RFC8342], this document introduces a new optional datastore resource 166 named "factory-default" that represents a preconfigured minimal 167 initial configuration that can be used to initialize the 168 configuration of a server. A device MAY implement the "factory- 169 reset" RPC without implementing the "factory-default" datastore, 170 which would only eliminate the ability to programmatically determine 171 the factory default configuration. 173 o Name: "factory-default" 175 o YANG modules: all 177 o YANG nodes: all "config true" data nodes 179 o Management operations: The content of the datastore is set by the 180 server in an implementation dependent manner. The content can not 181 be changed by management operations via NETCONF, RESTCONF, the CLI 182 etc. unless specialized, dedicated operations are provided. The 183 datastore can be read using the standard NETCONF/RESTCONF protocol 184 operations. The "factory-reset" operation copies the factory 185 default content to and, if present, and/or 186 and then the content of these datastores is propagated 187 automatically to any other read only datastores, e.g., 188 and . 190 o Origin: This document does not define a new origin identity as it 191 does not interact with datastore. 193 o Protocols: RESTCONF, NETCONF and other management protocol. 195 o Defining YANG module: "ietf-factory-default". 197 The contents of is defined by the device vendor and 198 MUST persist across device restarts. 200 4. YANG Module 202 This module uses the "datastore" identity [RFC8342], and the 203 "default-deny-all" extension statement from [RFC8341]. 205 file "ietf-factory-default@2019-11-27.yang" 206 module ietf-factory-default { 207 yang-version 1.1; 208 namespace "urn:ietf:params:xml:ns:yang:ietf-factory-default"; 209 prefix fd; 211 import ietf-datastores { 212 prefix ds; 213 reference 214 "RFC 8342: Network Management Datastore Architecture (NMDA)"; 215 } 216 import ietf-netconf-acm { 217 prefix nacm; 218 reference 219 "RFC8341: Network Configuration Access Control Model"; 220 } 222 organization 223 "IETF NETMOD (Network Modeling) Working Group"; 224 contact 225 "WG Web: 226 WG List: 228 Editor: Qin Wu 229 230 Editor: Balazs Lengyel 231 232 Editor: Ye Niu 233 "; 234 description 235 "This module provides functionality to reset a server to its 236 factory default configuration and, when supported, to discover 237 the factory default configuration contents independent of 238 resetting the server. 240 Copyright (c) 2020 IETF Trust and the persons identified as 241 authors of the code. All rights reserved. 243 Redistribution and use in source and binary forms, with or 244 without modification, is permitted pursuant to, and subject 245 to the license terms contained in, the Simplified BSD License 246 set forth in Section 4.c of the IETF Trust's Legal Provisions 247 Relating to IETF Documents 248 (http://trustee.ietf.org/license-info). 250 This version of this YANG module is part of RFC XXXX; 251 see the RFC itself for full legal notices."; 253 revision 2019-11-27 { 254 description 255 "Initial revision."; 256 reference 257 "RFC XXXX: Factory default Setting"; 258 } 260 feature factory-default-datastore { 261 description 262 "Indicates that the factory default configuration is 263 available as a datastore."; 264 } 266 rpc factory-reset { 267 nacm:default-deny-all; 268 description 269 "The server resets the content of all read-write 270 configuration datastores (i.e.,, , 271 and ) to their factory default content."; 272 } 274 identity factory-default { 275 if-feature "factory-default-datastore"; 276 base ds:datastore; 277 description 278 "This read-only datastore contains the factory default 279 configuration for the device used to replace the contents 280 of the read-write conventional configuration datastores 281 during a 'factory-reset' RPC operation."; 282 } 283 } 284 286 5. IANA Considerations 288 This document registers one URI in the IETF XML Registry [RFC3688]. 289 The following registration has been made: 291 URI: urn:ietf:params:xml:ns:yang:ietf-factory-default 292 Registrant Contact: The IESG. 293 XML: N/A, the requested URI is an XML namespace. 295 This document registers one YANG module in the YANG Module Names 296 Registry [RFC6020]. The following registration has been made: 298 name: ietf-factory-default 299 namespace: urn:ietf:params:xml:ns:yang:ietf-factory-default 300 prefix: fd 301 RFC: xxxx 303 6. Security Considerations 305 The YANG module defined in this document extends the base operations 306 for NETCONF [RFC6241] and RESTCONF [RFC8040]. The lowest NETCONF 307 layer is the secure transport layer, and the mandatory-to-implement 308 secure transport is Secure Shell (SSH) [RFC6242]. The lowest 309 RESTCONF layer is HTTPS, and the mandatory-to-implement secure 310 transport is TLS [RFC8446]. 312 Access to the "factory-reset" RPC operation is considered sensitive 313 and therefore has been restricted using the "default-deny-all" access 314 control defined in [RFC8341]. 316 The "factory-reset" RPC can prevent any further management of the 317 device if the session and client config is included in the factory 318 default contents. 320 The operational disruption caused by setting the config to factory 321 default contents varies greatly depending on the implementation and 322 current config. 324 7. Acknowledgements 326 Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell, Joe 327 Clarke, Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy 328 Bierman, Susan Hares to review this draft and provide important input 329 to this document. 331 8. Contributors 333 Rohit R Ranade 334 Huawei 335 Email: rohitrranade@huawei.com 337 9. References 339 9.1. Normative References 341 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 342 Requirement Levels", BCP 14, RFC 2119, 343 DOI 10.17487/RFC2119, March 1997, 344 . 346 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 347 DOI 10.17487/RFC3688, January 2004, 348 . 350 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 351 the Network Configuration Protocol (NETCONF)", RFC 6020, 352 DOI 10.17487/RFC6020, October 2010, 353 . 355 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 356 RFC 7950, DOI 10.17487/RFC7950, August 2016, 357 . 359 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 360 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 361 May 2017, . 363 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 364 Access Control Model", STD 91, RFC 8341, 365 DOI 10.17487/RFC8341, March 2018, 366 . 368 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 369 and R. Wilton, "Network Management Datastore Architecture 370 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 371 . 373 9.2. Informative References 375 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 376 and A. Bierman, Ed., "Network Configuration Protocol 377 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 378 . 380 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 381 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 382 . 384 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 385 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 386 . 388 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 389 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 390 . 392 Appendix A. Changes between revisions 394 Editorial Note (To be removed by RFC Editor) 396 v11 - 12 398 o Fix IDnits and reference issues from Shepherd review. 400 v10 - 11 402 o Incorporate additional Shepherd review's comments. 404 v09 - 10 406 o Incorporate Shepherd review's comments. 408 v08 - 09 410 o Provide some guideline for operators and implementor who implement 411 factory defaut method. 413 v07 - 08 415 o Provide clarification and recommendation on the relationship 416 between factory-reset RPC and reboot. 418 o Nits fixed based on YANG Doctor Review. 420 v06 - 07 422 o Remove Factory default content specification; 424 o Remove reference to YANG instance data file format and zero touch 425 provision [RFC8573]; 427 o Remove copy-config operation extension on factory-default 428 datastore 430 v05 - 06 432 o Additional text to enhance security section. 434 o Add nacm:default-deny-all on "factory-reset" RPC. 436 o A few clarification on Factory default content specification. 438 v03 - 04 440 o Additional text to clarify factory-reset RPC usage. 442 v02 - 03 444 o Update security consideration section. 446 v01 - v02 448 o Address security issue in the security consideration section. 450 o Remove an extension to the NETCONF operation which 451 allows it to operate on the factory-default datastore. 453 o Add an extension to the NETCONF operation which 454 allows it to operate on the factory-default datastore. 456 v00 - v01 458 o Change YANG server into server defined in NMDA architecture based 459 on discussion. 461 o Allow reset the content of all read-write configuraton datastores 462 to its factory default content except . 464 o Add clarification text on factory-reset protocol operation 465 behavior. 467 v03 - v00 469 o Change draft name from draft-wu to draft-ietf-netmod-factory- 470 default-00 without content changes. 472 v02 - v03 473 o Change reset-datastore RPC into factory-reset RPC to allow reset 474 the whole device with factory default content. 476 o Remove target datastore parameter from factory-reset RPC. 478 o Other editorial changes. 480 v01 - v02 482 o Add copy-config based on Rob's comment. 484 o Reference Update. 486 v03 - v00 - v01 488 o Changed name from draft-wu-netconf-restconf-factory-restore to 489 draft-wu-netmod-factory-default 491 o Removed copy-config ; reset-datastore is enough 493 v02 - v03 495 o Restructured 497 o Made new datastore optional 499 o Removed Netconf capability 501 o Listed Open issues 503 v01 - v02 505 o - 507 v00 - v01 509 o - 511 Authors' Addresses 513 Qin Wu 514 Huawei 515 101 Software Avenue, Yuhua District 516 Nanjing, Jiangsu 210012 517 China 519 Email: bill.wu@huawei.com 520 Balazs Lengyel 521 Ericsson Hungary 522 Magyar Tudosok korutja 11 523 1117 Budapest 524 Hungary 526 Phone: +36-70-330-7909 527 Email: balazs.lengyel@ericsson.com 529 Ye Niu 530 Huawei 532 Email: niuye@huawei.com