idnits 2.17.1 draft-ietf-netmod-yang-usage-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 11, 2010) is 5000 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFC4742' is mentioned on line 841, but not defined ** Obsolete undefined reference: RFC 4742 (Obsoleted by RFC 6242) ** Obsolete normative reference: RFC 2223 (Obsoleted by RFC 7322) ** Obsolete normative reference: RFC 4741 (Obsoleted by RFC 6241) ** Obsolete normative reference: RFC 5741 (Obsoleted by RFC 7841) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 4 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force A. Bierman 3 Internet-Draft Brocade 4 Intended status: Informational August 11, 2010 5 Expires: February 12, 2011 7 Guidelines for Authors and Reviewers of YANG Data Model Documents 8 draft-ietf-netmod-yang-usage-10 10 Abstract 12 This memo provides guidelines for authors and reviewers of standards 13 track specifications containing YANG data model modules. Applicable 14 portions may be used as a basis for reviews of other YANG data model 15 documents. Recommendations and procedures are defined, which are 16 intended to increase interoperability and usability of Network 17 Configuration Protocol (NETCONF) implementations which utilize YANG 18 data model modules. 20 Status of this Memo 22 This Internet-Draft is submitted to IETF in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on February 12, 2011. 37 Copyright Notice 39 Copyright (c) 2010 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 56 2.1. Requirements Notation . . . . . . . . . . . . . . . . . . 5 57 2.2. NETCONF Terms . . . . . . . . . . . . . . . . . . . . . . 5 58 2.3. YANG Terms . . . . . . . . . . . . . . . . . . . . . . . . 5 59 2.4. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 6 60 3. General Documentation Guidelines . . . . . . . . . . . . . . . 7 61 3.1. Module Copyright . . . . . . . . . . . . . . . . . . . . . 7 62 3.2. Narrative Sections . . . . . . . . . . . . . . . . . . . . 8 63 3.3. Definitions Section . . . . . . . . . . . . . . . . . . . 8 64 3.4. Security Considerations Section . . . . . . . . . . . . . 8 65 3.5. IANA Considerations Section . . . . . . . . . . . . . . . 9 66 3.5.1. Documents that Create a New Name Space . . . . . . . . 9 67 3.5.2. Documents that Extend an Existing Name Space . . . . . 9 68 3.6. Reference Sections . . . . . . . . . . . . . . . . . . . . 10 69 3.7. Intellectual Property Section . . . . . . . . . . . . . . 10 70 4. YANG Usage Guidelines . . . . . . . . . . . . . . . . . . . . 11 71 4.1. Module Naming Conventions . . . . . . . . . . . . . . . . 11 72 4.2. Identifiers . . . . . . . . . . . . . . . . . . . . . . . 11 73 4.3. Defaults . . . . . . . . . . . . . . . . . . . . . . . . . 11 74 4.4. Conditional Statements . . . . . . . . . . . . . . . . . . 12 75 4.5. XPath Usage . . . . . . . . . . . . . . . . . . . . . . . 12 76 4.6. Lifecycle Management . . . . . . . . . . . . . . . . . . . 13 77 4.7. Module Header, Meta, and Revision Statements . . . . . . . 14 78 4.8. Namespace Assignments . . . . . . . . . . . . . . . . . . 15 79 4.9. Top Level Data Definitions . . . . . . . . . . . . . . . . 16 80 4.10. Data Types . . . . . . . . . . . . . . . . . . . . . . . . 16 81 4.11. Reusable Type Definitions . . . . . . . . . . . . . . . . 17 82 4.12. Data Definitions . . . . . . . . . . . . . . . . . . . . . 17 83 4.13. Operation Definitions . . . . . . . . . . . . . . . . . . 19 84 4.14. Notification Definitions . . . . . . . . . . . . . . . . . 19 85 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 86 6. Security Considerations . . . . . . . . . . . . . . . . . . . 21 87 6.1. Security Considerations Section Template . . . . . . . . . 21 88 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 24 89 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 90 8.1. Normative References . . . . . . . . . . . . . . . . . . . 25 91 8.2. Informative References . . . . . . . . . . . . . . . . . . 25 92 Appendix A. Module Review Checklist . . . . . . . . . . . . . . . 27 93 Appendix B. YANG Module Template . . . . . . . . . . . . . . . . 29 94 Appendix C. Change Log . . . . . . . . . . . . . . . . . . . . . 32 95 C.1. Changes from 09 to 10 . . . . . . . . . . . . . . . . . . 32 96 C.2. Changes from 08 to 09 . . . . . . . . . . . . . . . . . . 32 97 C.3. Changes from 07 to 08 . . . . . . . . . . . . . . . . . . 32 98 C.4. Changes from 06 to 07 . . . . . . . . . . . . . . . . . . 32 99 C.5. Changes from 05 to 06 . . . . . . . . . . . . . . . . . . 32 100 C.6. Changes from 04 to 05 . . . . . . . . . . . . . . . . . . 32 101 C.7. Changes from 03 to 04 . . . . . . . . . . . . . . . . . . 33 102 C.8. Changes from 02 to 03 . . . . . . . . . . . . . . . . . . 34 103 C.9. Changes from 01 to 02 . . . . . . . . . . . . . . . . . . 34 104 C.10. Changes from 00 to 01 . . . . . . . . . . . . . . . . . . 34 105 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 36 107 1. Introduction 109 The standardization of network configuration interfaces for use with 110 the Network Configuration Protocol (NETCONF) [RFC4741] requires a 111 modular set of data models, which can be reused and extended over 112 time. 114 This document defines a set of usage guidelines for standards track 115 documents containing YANG [I-D.ietf-netmod-yang] data models. YANG 116 is used to define the data structures, protocol operations, and 117 notification content used within a NETCONF server. A server which 118 supports a particular YANG module will support client NETCONF 119 operation requests, as indicated by the specific content defined in 120 the YANG module. 122 This document is similar to the SMIv2 usage guidelines specification 123 [RFC4181] in intent and structure. However, since that document was 124 written a decade after SMIv2 modules had been in use, it was 125 published as a 'best current practice' (BCP). This document is not a 126 BCP, but rather an informational reference, intended to promote 127 consistency in documents containing YANG modules. 129 Many YANG constructs are defined as optional to use, such as the 130 description statement. However, in order to maximize 131 interoperability of NETCONF implementations utilizing YANG data 132 models, it is desirable to define a set of usage guidelines which may 133 require a higher level of compliance than the minimum level defined 134 in the YANG specification. 136 In addition, YANG allows constructs such as infinite length 137 identifiers and string values, or top-level mandatory nodes, that a 138 compliant server is not required to support. Only constructs which 139 all servers are required to support can be used in IETF YANG modules. 141 This document defines usage guidelines related to the NETCONF 142 operations layer, and NETCONF content layer, as defined in [RFC4741]. 143 These guidelines are intended to be used by authors and reviewers to 144 improve the readability and interoperability of published YANG data 145 models. 147 2. Terminology 149 2.1. Requirements Notation 151 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 152 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 153 document are to be interpreted as described in [RFC2119]. 155 RFC 2119 language is used here to express the views of the NETMOD 156 working group regarding content for YANG modules. YANG modules 157 complying with this document will treat the RFC 2119 terminology as 158 if it were describing best current practices. 160 2.2. NETCONF Terms 162 The following terms are defined in [RFC4741] and are not redefined 163 here: 165 o capabilities 167 o client 169 o operation 171 o server 173 2.3. YANG Terms 175 The following terms are defined in [I-D.ietf-netmod-yang] and are not 176 redefined here: 178 o data node 180 o module 182 o namespace 184 o submodule 186 o version 188 o YANG 190 o YIN 192 Note that the term 'module' may be used as a generic term for a YANG 193 module or submodule. When describing properties which are specific 194 to submodules, the term 'submodule' is used instead. 196 2.4. Terms 198 The following terms are used throughout this document: 200 published: A stable release of a module or submodule, usually 201 contained in an RFC. 203 unpublished: An unstable release of a module or submodule, usually 204 contained in an Internet-Draft. 206 3. General Documentation Guidelines 208 YANG data model modules under review are likely to be contained in 209 Internet-Drafts. All guidelines for Internet-Draft authors MUST be 210 followed. These guidelines are defined in [RFC2223] and updated in 211 [RFC5741]. Additional information is also available online at: 213 http://www.rfc-editor.org/rfc-editor/instructions2authors.txt 215 The following sections MUST be present in an Internet-Draft 216 containing a module: 218 o Narrative sections 220 o Definitions section 222 o Security Considerations section 224 o IANA Considerations section 226 o References section 228 3.1. Module Copyright 230 The module description statement MUST contain a reference to the 231 latest approved IETF Trust Copyright statement, which is available 232 on-line at: 234 http://trustee.ietf.org/license-info/ 236 Each YANG module or submodule contained within an Internet-Draft or 237 RFC is considered to be a code component. The strings '' and '' MUST be used to identify each code 239 component. 241 The '' tag SHOULD be followed by a string identifying 242 the file name specified in section 5.2 of [I-D.ietf-netmod-yang]. 243 The following example is for the '2010-01-18' revision of the 'ietf- 244 foo' module: 246 file "ietf-foo@2010-01-18.yang" 247 module ietf-foo { 248 // ... 249 revision 2010-01-18 { 250 description "Latest revision"; 251 reference "RFC XXXXX"; 252 } 253 // ... 254 } 255 257 Figure 1 259 3.2. Narrative Sections 261 The narrative part MUST include an overview section that describes 262 the scope and field of application of the module(s) defined by the 263 specification and that specifies the relationship (if any) of these 264 modules to other standards, particularly to standards containing 265 other YANG modules. The narrative part SHOULD include one or more 266 sections to briefly describe the structure of the modules defined in 267 the specification. 269 If the module(s) defined by the specification import definitions from 270 other modules (except for those defined in the YANG 271 [I-D.ietf-netmod-yang] or YANG Types [I-D.ietf-netmod-yang-types] 272 documents), or are always implemented in conjunction with other 273 modules, then those facts MUST be noted in the overview section, as 274 MUST be noted any special interpretations of definitions in other 275 modules. 277 3.3. Definitions Section 279 This section contains the module(s) defined by the specification. 280 These modules MUST be written using the YANG syntax defined in 281 [I-D.ietf-netmod-yang]. A YIN syntax version of the module MAY also 282 be present in the document. There MAY also be other types of modules 283 present in the document, such as SMIv2, which are not affected by 284 these guidelines. 286 See Section 4 for guidelines on YANG usage. 288 3.4. Security Considerations Section 290 Each specification that defines one or more modules MUST contain a 291 section that discusses security considerations relevant to those 292 modules. This section MUST be patterned after the latest approved 293 template (available at 294 http://www.ops.ietf.org/netconf/yang-security-considerations.txt). 296 In particular: 298 o Writable data nodes that could be especially disruptive if abused 299 MUST be explicitly listed by name and the associated security 300 risks MUST be explained. 302 o Readable data nodes that contain especially sensitive information 303 or that raise significant privacy concerns MUST be explicitly 304 listed by name and the reasons for the sensitivity/privacy 305 concerns MUST be explained. 307 o Operations (i.e., YANG 'rpc' statements) which are potentially 308 harmful to system behavior or that raise significant privacy 309 concerns MUST be explicitly listed by name and the reasons for the 310 sensitivity/privacy concerns MUST be explained. 312 3.5. IANA Considerations Section 314 In order to comply with IESG policy as set forth in 315 http://www.ietf.org/ID-Checklist.html, every Internet-Draft that is 316 submitted to the IESG for publication which has action items for IANA 317 MUST contain an IANA Considerations section. The requirements for 318 this section vary depending what actions are required of the IANA. 319 If there are no IANA considerations applicable to the document, then 320 the IANA Considerations section is not required. Refer to the 321 guidelines in [RFC5226] for more details. 323 3.5.1. Documents that Create a New Name Space 325 If an Internet-Draft defines a new name space that is to be 326 administered by the IANA, then the document MUST include an IANA 327 Considerations section, that specifies how the name space is to be 328 administered. 330 Specifically, if any YANG module namespace statement value contained 331 in the document is not already registered with IANA, then a new YANG 332 Namespace registry entry MUST be requested from the IANA. The YANG 333 [I-D.ietf-netmod-yang] specification includes the procedure for this 334 purpose in its IANA Considerations section. 336 3.5.2. Documents that Extend an Existing Name Space 338 It is possible to extend an existing namespace using a YANG submodule 339 which belongs to an existing module already administered by IANA. In 340 this case, the document containing the main module MUST be updated to 341 use the latest revision of the submodule. 343 3.6. Reference Sections 345 For every import or include statement which appears in a module 346 contained in the specification, which identifies a module in a 347 separate document, a corresponding normative reference to that 348 document MUST appear in the Normative References section. The 349 reference MUST correspond to the specific module version actually 350 used within the specification. 352 For every normative reference statement which appears in a module 353 contained in the specification, which identifies a separate document, 354 a corresponding normative reference to that document SHOULD appear in 355 the Normative References section. The reference SHOULD correspond to 356 the specific document version actually used within the specification. 357 If the reference statement identifies an informative reference, which 358 identifies a separate document, a corresponding informative reference 359 to that document MAY appear in the Informative References section. 361 3.7. Intellectual Property Section 363 The proper IPR statements MUST be present in the document, according 364 to the most current Internet-Draft boilerplate. Refer to the IETF 365 Trust Legal Provision for the exact legal text that needs to be 366 included. 368 4. YANG Usage Guidelines 370 In general, modules in IETF standards-track specifications MUST 371 comply with all syntactic and semantic requirements of YANG. 372 [I-D.ietf-netmod-yang]. The guidelines in this section are intended 373 to supplement the YANG specification, which is intended to define a 374 minimum set of conformance requirements. 376 In order to promote interoperability and establish a set of practices 377 based on previous experience, the following sections establish usage 378 guidelines for specific YANG constructs. 380 Only guidelines which clarify or restrict the minimum conformance 381 requirements are included here. 383 4.1. Module Naming Conventions 385 Modules contained in standards track documents SHOULD be named 386 according to the guidelines in the IANA considerations section of 387 [I-D.ietf-netmod-yang]. 389 A distinctive word or acronym (e.g., protocol name or working group 390 acronym) SHOULD be used in the module name. If new definitions are 391 being defined to extend one or more existing modules, then the same 392 word or acronym should be reused, instead of creating a new one. 394 All published module names MUST be unique. For a YANG module 395 published in an RFC, this uniqueness is guaranteed by IANA. For 396 unpublished modules, the authors need to check that no other work in 397 progress is using the same module name. 399 Once a module name is published, it MUST NOT be reused, even if the 400 RFC containing the module is reclassified to 'Historic' status. 402 4.2. Identifiers 404 Identifiers for all YANG identifiers in published modules MUST be 405 between 1 and 64 characters in length. These include any construct 406 specified as an 'identifier-arg-str' token in the ABNF in section 12 407 of [I-D.ietf-netmod-yang]. 409 4.3. Defaults 411 In general, it is suggested that sub-statements containing very 412 common default values SHOULD NOT be present. The following sub- 413 statements are commonly used with the default value, which would make 414 the module difficult to read if used everywhere they are allowed. 416 +---------------+---------------+ 417 | Statement | Default Value | 418 +---------------+---------------+ 419 | config | true | 420 | | | 421 | mandatory | false | 422 | | | 423 | max-elements | unbounded | 424 | | | 425 | min-elements | 0 | 426 | | | 427 | ordered-by | system | 428 | | | 429 | status | current | 430 | | | 431 | yin-element | false | 432 +---------------+---------------+ 434 4.4. Conditional Statements 436 A module may be conceptually partitioned in several ways, using the 437 'if-feature' and/or 'when' statements. 439 Data model designers need to carefully consider all modularity 440 aspects, including the use of YANG conditional statements. 442 If a data definition is optional, depending on server support for a 443 NETCONF protocol capability, then a YANG 'feature' statement SHOULD 444 be defined to indicate that the NETCONF capability is supported 445 within the data model. 447 If any notification data, or any data definition, for a non- 448 configuration data node is not mandatory, then the server may or may 449 not be required to return an instance of this data node. If any 450 conditional requirements exist for returning the data node in a 451 notification payload or retrieval request, they MUST be documented 452 somewhere. For example, a 'when' or 'if-feature' statement could 453 apply to the data node, or the conditional requirements could be 454 explained in a 'description' statement within the data node or one of 455 its ancestors (if any). 457 4.5. XPath Usage 459 This section describes guidelines for using the XML Path Language 460 [W3C.REC-xpath-19991116] (XPath) within YANG modules. 462 The 'attribute' and 'namespace' axes are not supported in YANG, and 463 MAY be empty in a NETCONF server implementation. 465 The 'position' and 'last' functions MAY be used with caution. A 466 server is not required to maintain any particular XML document order 467 for system-ordered data nodes. A server is only required to maintain 468 the relative XML document order of all instances of a particular 469 user-ordered list or leaf-list. 471 The 'preceding', and 'following' axes SHOULD NOT be used. These 472 constructs rely on XML document order within a NETCONF server 473 configuration database, which may not be supported consistently or 474 produce reliable results across implementations. Predicate 475 expressions based on static node properties (e.g., element name or 476 value, 'ancestor' or 'descendant' axes) SHOULD be used instead. 478 The 'preceding-sibling' and 'following-sibling' axes MAY be used, 479 with caution. A server is not required to maintain a persistent or 480 deterministic XML document order, which will affect use of these 481 axes. 483 Implicit 'position' function calls within predicates MAY be used with 484 caution. (e.g., '//chapter[42]'). Note that a NETCONF server is only 485 required to maintain relative document order for related instances of 486 a user-ordered list or leaf-list data definition (i.e., 'ordered-by' 487 statement set to 'user'). 489 Data nodes which use the 'int64' and 'uint64' built-in type MAY be 490 used with caution, within 'RelationalExpr' expressions. There are 491 boundary conditions in which the translation from the YANG 64-bit 492 type to an XPath number can cause incorrect results. Specifically, 493 an XPath 'double' precision floating point number cannot represent 494 very large positive or negative 64-bit numbers because it only 495 provides a total precision of 53 bits. 497 Data modelers need to be careful not to confuse the YANG value space 498 and the XPath value space. The data types are not the same in both, 499 and conversion between YANG and XPath data types SHOULD be considered 500 carefully. 502 Explicit XPath data type conversions MAY be used (e.g., 'string', 503 'boolean', or 'number' functions), instead of implicit XPath data 504 type conversions. 506 4.6. Lifecycle Management 508 The status statement MUST be present if its value is 'deprecated' or 509 'obsolete'. 511 The module or submodule name MUST NOT be changed, once the document 512 containing the module or submodule is published. 514 The module namespace URI value MUST NOT be changed, once the document 515 containing the module is published. 517 The revision-date sub-statement within the imports statement SHOULD 518 be present if any groupings are used from the external module. 520 The revision-date sub-statement within the include statement SHOULD 521 be present if any groupings are used from the external sub-module. 523 If submodules are used, then the document containing the main module 524 MUST be updated so that the main module revision date is equal or 525 more recent than the revision date of any submodule which is 526 (directly or indirectly) included by the main module. 528 4.7. Module Header, Meta, and Revision Statements 530 For published modules, the namespace MUST be a globally unique URI, 531 as defined in [RFC3986]. This value is usually assigned by the IANA. 533 The organization statement MUST be present. If the module is 534 contained in a document intended for standards-track status, then the 535 organization SHOULD be the IETF working group chartered to write the 536 document. 538 The contact statement MUST be present. If the module is contained in 539 a document intended for standards-track status, then the working 540 group WEB and mailing information MUST be present, and the main 541 document author or editor contact information SHOULD be present. If 542 additional authors or editors exist, their contact information MAY be 543 present. In addition, the Area Director and other contact 544 information MAY be present. 546 The description statement MUST be present. The appropriate IETF 547 Trust Copyright text MUST be present, as described in Section 3.1. 549 If the module relies on information contained in other documents, 550 which are not the same documents implied by the import statements 551 present in the module, then these documents MUST be identified in the 552 reference statement. 554 A revision statement MUST be present for each published version of 555 the module. The revision statement MUST have a reference 556 substatement. It MUST identify the published document which contains 557 the module. Modules are often extracted from their original 558 documents and it is useful for developers and operators to know how 559 to find the original source document in a consistent manner. The 560 revision statement MAY have a description substatement. 562 Each new revision MUST include a revision date which is higher than 563 any other revision date in the module. The revision date does not 564 need to be updated if the module contents do not change in the new 565 document revision. 567 It is acceptable to reuse the same revision statement within 568 unpublished versions (i.e., Internet-Drafts), but the revision date 569 MUST be updated to a higher value each time the Internet-Draft is re- 570 published. 572 4.8. Namespace Assignments 574 It is RECOMMENDED that only valid YANG modules are included in 575 documents, whether they are published yet or not. This allows: 577 o the module to compile correctly instead of generating disruptive 578 fatal errors. 580 o early implementors to use the modules without picking a random 581 value for the XML namespace. 583 o early interoperability testing since independent implementations 584 will use the same XML namespace value. 586 Until a URI is assigned by the IANA, a proposed namespace URI MUST be 587 provided for the namespace statement in a YANG module. A value 588 SHOULD be selected which is not likely to collide with other YANG 589 namespaces. Standard module names, prefixes, and URI strings already 590 listed in the YANG Module Registry MUST NOT be used. 592 A standard namespace statement value SHOULD have the following form: 594 : 596 The following URN prefix string SHOULD be used for published and 597 unpublished YANG modules: 599 urn:ietf:params:xml:ns:yang: 601 The following example URNs would be valid temporary namespace 602 statement values for standards-track modules: 604 urn:ietf:params:xml:ns:yang:ietf-netconf-partial-lock 606 urn:ietf:params:xml:ns:yang:ietf-netconf-state 608 urn:ietf:params:xml:ns:yang:ietf-netconf 610 Note that a different URN prefix string SHOULD be used for non- 611 standards track modules. The string SHOULD be selected according to 612 the guidelines in [I-D.ietf-netmod-yang]. 614 The following examples of non-standards track modules are only 615 suggestions. There are no guidelines for this type of URN in this 616 document: 618 http://example.com/ns/example-interfaces 620 http://example.com/ns/example-system 622 4.9. Top Level Data Definitions 624 There SHOULD only be one top-level data node defined in each YANG 625 module, if any data nodes are defined at all. 627 The top-level data organization SHOULD be considered carefully, in 628 advance. Data model designers need to consider how the functionality 629 for a given protocol or protocol family will grow over time. 631 The names and data organization SHOULD reflect persistent 632 information, such as the name of a protocol. The name of the working 633 group SHOULD NOT be used because this may change over time. 635 A mandatory database data definition is defined as a node that a 636 client must provide for the database to be valid. The server is not 637 required to provide a value. 639 Top-level database data definitions MUST NOT be mandatory. If a 640 mandatory node appears at the top-level, it will immediately cause 641 the database to be invalid. This can occur when the server boots or 642 when a module is loaded dynamically at runtime. 644 4.10. Data Types 646 Selection of an appropriate data type (i.e., built-in type, existing 647 derived type, or new derived type) is very subjective and therefore 648 few requirements can be specified on that subject. 650 Data model designers SHOULD use the most appropriate built-in data 651 type for the particular application. 653 If extensibility of enumerated values is required, then the 654 'identityref' data type SHOULD be used instead of an enumeration or 655 other built-in type. 657 For string data types, if a machine-readable pattern can be defined 658 for the desired semantics, then one or more pattern statements SHOULD 659 be present. 661 For string data types, if the length of the string is required to be 662 bounded in all implementations, then a length statement MUST be 663 present. 665 For numeric data types, if the values allowed by the intended 666 semantics are different than those allowed by the unbounded intrinsic 667 data type (e.g., 'int32'), then a range statement SHOULD be present. 669 The signed numeric data types (i.e., 'int8', 'int16', 'int32', and 670 'int64') SHOULD NOT be used unless negative values are allowed for 671 the desired semantics. 673 For 'enumeration' or 'bits' data types, the semantics for each 'enum' 674 or 'bit' SHOULD be documented. A separate description statement 675 (within each 'enum' or 'bit' statement) SHOULD be present. 677 4.11. Reusable Type Definitions 679 If an appropriate derived type exists in any standard module, such as 680 [I-D.ietf-netmod-yang-types], then it SHOULD be used instead of 681 defining a new derived type. 683 If an appropriate units identifier can be associated with the desired 684 semantics, then a units statement SHOULD be present. 686 If an appropriate default value can be associated with the desired 687 semantics, then a default statement SHOULD be present. 689 If a significant number of derived types are defined, and it is 690 anticipated that these data types will be reused by multiple modules, 691 then these derived types SHOULD be contained in a separate module or 692 submodule, to allow easier reuse without unnecessary coupling. 694 The description statement MUST be present. 696 If the type definition semantics are defined in an external document 697 (other than another YANG module indicated by an import statement), 698 then the reference statement MUST be present. 700 4.12. Data Definitions 702 The description statement MUST be present in the following YANG 703 statements: 705 o anyxml 707 o augment 709 o choice 711 o container 713 o extension 715 o feature 717 o grouping 719 o identity 721 o leaf 723 o leaf-list 725 o list 727 o notification 729 o rpc 731 o typedef 733 If the data definition semantics are defined in an external document, 734 (other than another YANG module indicated by an import statement), 735 then a reference statement MUST be present. 737 The 'anyxml' construct MAY be used with caution within configuration 738 data. This may be useful to represent an HTML banner containing 739 markup elements, such as and . However, this construct 740 SHOULD NOT be used if other YANG data node types can be used instead 741 to represent the desired syntax and semantics. 743 If there are referential integrity constraints associated with the 744 desired semantics that can be represented with XPath, then one or 745 more must statements SHOULD be present. 747 For list and leaf-list data definitions, if the number of possible 748 instances is required to be bounded for all implementations, then the 749 max-elements statements SHOULD be present. 751 If any must or when statements are used within the data definition, 752 then the data definition description statement SHOULD describe the 753 purpose of each one. 755 4.13. Operation Definitions 757 If the operation semantics are defined in an external document (other 758 than another YANG module indicated by an import statement), then a 759 reference statement MUST be present. 761 If the operation impacts system behavior in some way, it SHOULD be 762 mentioned in the description statement. 764 If the operation is potentially harmful to system behavior in some 765 way, it MUST be mentioned in the Security Considerations section of 766 the document. 768 4.14. Notification Definitions 770 The description statement MUST be present. 772 If the notification semantics are defined in an external document 773 (other than another YANG module indicated by an import statement), 774 then a reference statement MUST be present. 776 5. IANA Considerations 778 This document registers one URI in the IETF XML registry [RFC3688]. 779 The following registration is requested: 781 URI: urn:ietf:params:xml:ns:yang:ietf-template 783 Registrant Contact: The NETMOD WG of the IETF. 785 XML: N/A, the requested URI is an XML namespace. 787 This document requests the following assignment in the YANG Module 788 Names Registry for the YANG module template in Appendix B. 790 +---------------+-------------------------------------------+ 791 | Field | Value | 792 +---------------+-------------------------------------------+ 793 | name | ietf-template | 794 | | | 795 | namespace | urn:ietf:params:xml:ns:yang:ietf-template | 796 | | | 797 | prefix | temp | 798 | | | 799 | reference | RFCXXXX | 800 +---------------+-------------------------------------------+ 802 6. Security Considerations 804 This document defines documentation guidelines for NETCONF content 805 defined with the YANG data modeling language. The guidelines for how 806 to write a Security Considerations section for a YANG module are 807 defined in the online document 809 http://www.ops.ietf.org/netconf/yang-security-considerations.txt 811 This document does not introduce any new or increased security risks 812 into the management system. 814 The following section contains the security considerations template 815 dated 2010-06-16. Be sure to check the WEB page at the URL listed 816 above in case there is a more recent version available. 818 Each specification that defines one or more YANG modules MUST contain 819 a section that discusses security considerations relevant to those 820 modules. This section MUST be patterned after the latest approved 821 template (available at [ed: URL TBD]). 823 In particular, writable data nodes that could be especially 824 disruptive if abused MUST be explicitly listed by name and the 825 associated security risks MUST be spelled out. 827 Similarly, readable data nodes that contain especially sensitive 828 information or that raise significant privacy concerns MUST be 829 explicitly listed by name and the reasons for the sensitivity/privacy 830 concerns MUST be explained. 832 Further, if new RPC operations have been defined, then the security 833 considerations of each new RPC operation MUST be explained. 835 6.1. Security Considerations Section Template 836 X. Security Considerations 838 The YANG module defined in this memo is designed to be accessed 839 via the NETCONF protocol [RFC4741]. The lowest NETCONF layer is 840 the secure transport layer and the mandatory to implement secure 841 transport is SSH [RFC4742]. 843 -- if you have any writeable data nodes (those are all the 844 -- "config true" nodes, and remember, that is the default) 845 -- describe their specific sensitivity or vulnerability. 847 There are a number of data nodes defined in this YANG module 848 which are writable/creatable/deletable (i.e. config true, which 849 is the default). These data nodes may be considered sensitive 850 or vulnerable in some network environments. Write operations 851 (e.g. edit-config) to these data nodes without proper protection 852 can have a negative effect on network operations. These are 853 the subtrees and data nodes and their sensitivity/vulnerability: 855 857 -- for all YANG modules you must evaluate whether any readable data 858 -- nodes (those are all the "config false" nodes, but also all other 859 -- nodes, because they can also be read via operations like get or 860 -- get-config) are sensitive or vulnerable (for instance, if they 861 -- might reveal customer information or violate personal privacy 862 -- laws such as those of the European Union if exposed to 863 -- unauthorized parties) 865 Some of the readable data nodes in this YANG module may be 866 considered sensitive or vulnerable in some network environments. 867 It is thus important to control read access (e.g. via get, 868 get-config or notification) to these data nodes. These are the 869 subtrees and data nodes and their sensitivity/vulnerability: 871 873 -- if your YANG module has defined any rpc operations 874 -- describe their specific sensitivity or vulnerability. 876 Some of the RPC operations in this YANG module may be considered 877 sensitive or vulnerable in some network environments. It is thus 878 important to control access to these operations. These are the 879 operations and their sensitivity/vulnerability: 881 882 Figure 2 884 7. Acknowledgments 886 The structure and contents of this document are adapted from 887 Guidelines for MIB Documents [RFC4181], by C. M. Heard. 889 The working group thanks Martin Bjorklund and Juergen Schoenwaelder 890 for their extensive reviews and contributions to this document. 892 8. References 894 8.1. Normative References 896 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 897 Requirement Levels", BCP 14, RFC 2119, March 1997. 899 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 900 RFC 2223, October 1997. 902 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 903 January 2004. 905 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 906 Resource Identifier (URI): Generic Syntax", STD 66, 907 RFC 3986, January 2005. 909 [RFC4741] Enns, R., "NETCONF Configuration Protocol", RFC 4741, 910 December 2006. 912 [RFC5378] Bradner, S. and J. Contreras, "Rights Contributors Provide 913 to the IETF Trust", BCP 78, RFC 5378, November 2008. 915 [RFC5741] Daigle, L., Kolkman, O., and IAB, "RFC Streams, Headers, 916 and Boilerplates", RFC 5741, December 2009. 918 [W3C.REC-xpath-19991116] 919 Clark, J. and S. DeRose, "XML Path Language (XPath) 920 Version 1.0", World Wide Web Consortium 921 Recommendation REC-xpath-19991116, November 1999, 922 . 924 [I-D.ietf-netmod-yang] 925 Bjorklund, M., "YANG - A data modeling language for the 926 Network Configuration Protocol (NETCONF)", 927 draft-ietf-netmod-yang-13 (work in progress), June 2010. 929 [I-D.ietf-netmod-yang-types] 930 Schoenwaelder, J., "Common YANG Data Types", 931 draft-ietf-netmod-yang-types-09 (work in progress), 932 April 2010. 934 8.2. Informative References 936 [RFC4181] Heard, C., "Guidelines for Authors and Reviewers of MIB 937 Documents", BCP 111, RFC 4181, September 2005. 939 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 940 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 941 May 2008. 943 Appendix A. Module Review Checklist 945 This section is adapted from RFC 4181. 947 The purpose of a YANG module review is to review the YANG module both 948 for technical correctness and for adherence to IETF documentation 949 requirements. The following checklist may be helpful when reviewing 950 a draft document: 952 1. I-D Boilerplate -- verify that the draft contains the required 953 Internet-Draft boilerplate (see 954 http://www.ietf.org/ietf/1id-guidelines.txt), including the 955 appropriate statement to permit publication as an RFC, and that 956 I-D boilerplate does not contain references or section numbers. 958 2. Abstract -- verify that the abstract does not contain references, 959 that it does not have a section number, and that its content 960 follows the guidelines in 961 http://www.ietf.org/ietf/1id-guidelines.txt. 963 3. IETF Trust Copyright -- verify that the draft has the appropriate 964 text regarding the rights that document contributers provide to 965 the IETF Trust [RFC5378]. Some guidelines related to this 966 requirement are described in Section 3.1. The IETF Trust license 967 policy (TLP) can be found at: 969 http://trustee.ietf.org/docs/IETF-Trust-License-Policy.pdf 971 4. Security Considerations Section -- verify that the draft uses the 972 latest approved template from the OPS area web site (http:// 973 www.ops.ietf.org/netconf/yang-security-considerations.txt) and 974 that the guidelines therein have been followed. 976 5. IANA Considerations Section -- this section must always be 977 present. For each module within the document, ensure that the 978 IANA Considerations section contains entries for the following 979 IANA registries: 981 XML Namespace Registry: Register the YANG module namespace. 983 YANG Module Registry: Register the YANG module name, prefix, 984 namespace, and RFC number, according to the rules specified in 985 [I-D.ietf-netmod-yang]. 987 6. References -- verify that the references are properly divided 988 between normative and informative references, that RFC 2119 is 989 included as a normative reference if the terminology defined 990 therein is used in the document, that all references required by 991 the boilerplate are present, that all YANG modules containing 992 imported items are cited as normative references, and that all 993 citations point to the most current RFCs unless there is a valid 994 reason to do otherwise (for example, it is OK to include an 995 informative reference to a previous version of a specification to 996 help explain a feature included for backward compatibility). Be 997 sure citations for all imported modules are present somewhere in 998 the document text (outside the YANG module). 1000 7. Copyright Notices -- verify that the draft contains an 1001 abbreviated IETF Trust copyright notice in the description 1002 statement of each YANG module or sub-module, and that it contains 1003 the full IETF Trust copyright notice at the end of the document. 1004 Make sure that the correct year is used in all copyright dates. 1005 Use the approved text from the latest Trust Legal Provisions 1006 (TLP) document, which can be found at: 1008 http://trustee.ietf.org/license-info/ 1010 8. Other Issues -- check for any issues mentioned in 1011 http://www.ietf.org/ID-Checklist.html that are not covered 1012 elsewhere. 1014 9. Technical Content -- review the actual technical content for 1015 compliance with the guidelines in this document. The use of a 1016 YANG module compiler is recommended when checking for syntax 1017 errors. A list of freely available tools and other information 1018 can be found at: 1020 http://trac.tools.ietf.org/wg/netconf/trac/wiki 1022 Checking for correct syntax, however, is only part of the job. 1023 It is just as important to actually read the YANG module document 1024 from the point of view of a potential implementor. It is 1025 particularly important to check that description statements are 1026 sufficiently clear and unambiguous to allow interoperable 1027 implementations to be created. 1029 Appendix B. YANG Module Template 1031 file "ietf-template@2010-05-18.yang" 1033 module ietf-template { 1035 // replace this string with a unique namespace URN value 1036 namespace 1037 "urn:ietf:params:xml:ns:yang:ietf-template"; 1039 // replace this string, and try to pick a unique prefix 1040 prefix "temp"; 1042 // import statements here: e.g., 1043 // import ietf-yang-types { prefix yang; } 1044 // import ietf-inet-types { prefix inet; } 1046 // identify the IETF working group if applicable 1047 organization 1048 "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; 1050 // update this contact statement with your info 1051 contact 1052 "WG Web: 1053 WG List: 1055 WG Chair: your-WG-chair 1056 1058 Editor: your-name 1059 "; 1061 // replace the first sentence in this description statement. 1062 // replace the copyright notice with the most recent 1063 // version, if it has been updated since the publication 1064 // of this document 1065 description 1066 "This module defines a template for other YANG modules. 1068 Copyright (c) 2010 IETF Trust and the persons identified as 1069 the document authors. All rights reserved. 1071 Redistribution and use in source and binary forms, with or 1072 without modification, is permitted pursuant to, and subject 1073 to the license terms contained in, the Simplified BSD License 1074 set forth in Section 4.c of the IETF Trust's Legal Provisions 1075 Relating to IETF Documents 1076 (http://trustee.ietf.org/license-info). 1078 This version of this YANG module is part of RFC XXXX; see 1079 the RFC itself for full legal notices."; 1081 // RFC Ed.: replace XXXX with actual RFC number and remove this note 1083 reference "RFC XXXX"; 1085 // RFC Ed.: remove this note 1086 // Note: extracted from draft-ietf-netmod-yang-usage-04.txt 1088 // replace '2010-05-18' with the module publication date 1089 // The format is (year-month-day) 1090 revision "2010-05-18" { 1091 description 1092 "Initial version"; 1093 } 1095 // extension statements 1097 // feature statements 1099 // identity statements 1101 // typedef statements 1103 // grouping statements 1105 // data definition statements 1107 // augment statements 1109 // rpc statements 1111 // notification statements 1113 // DO NOT put deviation statements in a published module 1115 } 1117 1118 Figure 3 1120 Appendix C. Change Log 1122 C.1. Changes from 09 to 10 1124 o Added security considerations section template. 1126 o Added guideline for documenting conditional requirements for non- 1127 mandatory non-configuration data nodes. 1129 o Clarified that revision date update applies to the module 1130 contents. 1132 C.2. Changes from 08 to 09 1134 o Clarifications and corrections to address Gen-ART review comments. 1136 C.3. Changes from 07 to 08 1138 o Corrected YANG security considerations URL. 1140 o Expanded 'CODE BEGINS' example. 1142 o Added RPC operations to the security considerations guidelines 1143 section. 1145 o Removed guideline about leading and trailing whitespace. 1147 C.4. Changes from 06 to 07 1149 o Corrected title change bug; supposed to be page header instead. 1151 o Fixed typos added to last revision. 1153 o Added sentence to checklist to make sure text outside module 1154 contains citations for imports. 1156 C.5. Changes from 05 to 06 1158 o Several clarifications and corrections, based on the AD review by 1159 Dan Romascanu. 1161 C.6. Changes from 04 to 05 1163 o Changed 'object' terminology to 'data definition'. 1165 o Put XPath guidelines in separate section. 1167 o Clarified XPath usage for XML document order dependencies. 1169 o Updated guidelines to current conventions. 1171 o Added informative reference for IANA considerations guidelines and 1172 XML registry. 1174 o Updated IANA Considerations section to reserve the ietf-template 1175 module in the YANG Module Name Registry so it cannot be reused 1176 accidently. 1178 o Many other clarifications and fixed typos found in WGLC reviews. 1180 C.7. Changes from 03 to 04 1182 o Removed figure 1 to reduce duplication, just refer to 4741bis 1183 draft. 1185 o Fixed bugs and typos found in WGLC reviews. 1187 o Removed some guidelines and referring to YANG draft instead of 1188 duplicating YANG rules here. 1190 o Changed security guidelines so they refer to the IETF Trust TLP 1191 instead of MIB-specific references. 1193 o Change temporary namespace guidelines so the DRAFT-XX and RFC-nnnn 1194 suffix strings are not used. 1196 o Changed some MIB boilerplate so it refers to YANG boilerplate 1197 instead. 1199 o Introduced dangling URL reference to online YANG security 1200 guidelines 1202 http://www.ops.ietf.org/yang-security.html 1204 [ed.: Text from Bert Wijnen will be completed soon and posted 1205 online, and then this URL will be finalized.] 1207 o Moved reference for identifying the source document inside the 1208 each revision statement. 1210 o Removed guideline about valid XPath since YANG already requires 1211 valid XPath. 1213 o Added guideline that strings should not rely on preservation of 1214 leading and trailing whitespace characters. 1216 o Relaxed some XPath and anyxml guidelines from SHOULD NOT or MUST 1217 NOT to MAY use with caution. 1219 o Updated the TLP text within the example module again. 1221 o Reversed order of change log so most recent entries are first. 1223 C.8. Changes from 02 to 03 1225 o Updated figure 1 to align with 4741bis draft. 1227 o Updated guidelines for import-by-revision and include-by-revision. 1229 o Added file name to code begins convention in ietf-template module. 1231 C.9. Changes from 01 to 02 1233 o Updated figure 1 per mailing list comments. 1235 o Updated suggested organization to include the working group name. 1237 o Updated ietf-template.yang to use new organization statement 1238 value. 1240 o Updated Code Component requirements as per new TLP. 1242 o Updated ietf-template.yang to use new Code Component begin and end 1243 markers. 1245 o Updated references to the TLP in a couple sections. 1247 o Change manager/agent terminology to client/server. 1249 C.10. Changes from 00 to 01 1251 o Added transport 'TLS' to figure 1. 1253 o Added note about RFC 2119 terminology. 1255 o Corrected URL for instructions to authors. 1257 o Updated namespace procedures section. 1259 o Updated guidelines on module contact, reference, and organization 1260 statements. 1262 o Added note on use of preceding-sibling and following-sibling axes 1263 in XPath expressions. 1265 o Added section on temporary namespace statement values. 1267 o Added section on top level database objects. 1269 o Added ietf-template.yang appendix. 1271 Author's Address 1273 Andy Bierman 1274 Brocade 1276 Email: andy.bierman@brocade.com