idnits 2.17.1 

draft-lengyel-ngo-partial-lock-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 16.

  -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on
     line 425.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 436.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 443.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 449.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust Copyright Line does not match the
     current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (August 01, 2007) is 6114 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Obsolete normative reference: RFC 4741 (Obsoleted by RFC 6241)


     Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	NETCONF                                                       B. Lengyel
3	Internet-Draft                                          Ericsson Hungary
4	Intended status: Standards Track                            M. Bjorklund
5	Expires: February 2, 2008                                 Tail-f Systems
6	                                                         August 01, 2007

8	                      Partial Lock RPC for NETCONF
9	                   draft-lengyel-ngo-partial-lock-01

11	Status of this Memo

13	   By submitting this Internet-Draft, each author represents that any
14	   applicable patent or other IPR claims of which he or she is aware
15	   have been or will be disclosed, and any of which he or she becomes
16	   aware will be disclosed, in accordance with Section 6 of BCP 79.

18	   Internet-Drafts are working documents of the Internet Engineering
19	   Task Force (IETF), its areas, and its working groups.  Note that
20	   other groups may also distribute working documents as Internet-
21	   Drafts.

23	   Internet-Drafts are draft documents valid for a maximum of six months
24	   and may be updated, replaced, or obsoleted by other documents at any
25	   time.  It is inappropriate to use Internet-Drafts as reference
26	   material or to cite them other than as "work in progress."

28	   The list of current Internet-Drafts can be accessed at
29	   http://www.ietf.org/ietf/1id-abstracts.txt.

31	   The list of Internet-Draft Shadow Directories can be accessed at
32	   http://www.ietf.org/shadow.html.

34	   This Internet-Draft will expire on February 2, 2008.

36	Copyright Notice

38	   Copyright (C) The IETF Trust (2007).

40	Abstract

42	   The NETCONF protocol defines the lock and unlock RPCs that lock
43	   entire configuration datastores.  In some situations, a way to lock
44	   only parts of a configuration datastore is required.  This document
45	   defines a capability-based extension to the NETCONF protocol for
46	   locking portions of a configuration datastore.

48	Table of Contents

50	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
51	     1.1.  Definition of Terms  . . . . . . . . . . . . . . . . . . .  3
52	   2.  Partial Locking Capability . . . . . . . . . . . . . . . . . .  3
53	     2.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . .  3
54	     2.2.  Dependencies . . . . . . . . . . . . . . . . . . . . . . .  3
55	     2.3.  Capability Identifier  . . . . . . . . . . . . . . . . . .  4
56	     2.4.  New Operations . . . . . . . . . . . . . . . . . . . . . .  4
57	       2.4.1.  <partial-lock> . . . . . . . . . . . . . . . . . . . .  4
58	       2.4.2.  <partial-unlock> . . . . . . . . . . . . . . . . . . .  6
59	     2.5.  Modifications to Existing Operations . . . . . . . . . . .  7
60	     2.6.  Interactions with Other Capabilities . . . . . . . . . . .  7
61	       2.6.1.  Writable-Running Capability  . . . . . . . . . . . . .  7
62	       2.6.2.  Candidate Configuration Capability . . . . . . . . . .  7
63	       2.6.3.  Distinct Startup Capability  . . . . . . . . . . . . .  7
64	   3.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
65	   4.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  7
66	   5.  Change Log . . . . . . . . . . . . . . . . . . . . . . . . . .  8
67	     5.1.  Open Issues  . . . . . . . . . . . . . . . . . . . . . . .  8
68	   6.  XML Schema for Partial Locking . . . . . . . . . . . . . . . .  8
69	   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  9
70	   8.  Normative References . . . . . . . . . . . . . . . . . . . . .  9
71	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
72	   Intellectual Property and Copyright Statements . . . . . . . . . . 11

74	1.  Introduction

76	   The NETCONF protocol [RFC4741] describes the lock and unlock RPCs
77	   that operate on entire configuration datastores.  Often, multiple
78	   management sessions need to be able to modify the configuration of a
79	   managed device in parallel.  In these cases, locking only parts of a
80	   configuration datastore is needed.  This document defines an
81	   extension to the NETCONF protocol to allow this.

83	   The mechanism for partial locking will be based on the existing XPath
84	   filtering mechanisms.

86	   Partial locking will be introduced as a capability to NETCONF.

88	1.1.  Definition of Terms

90	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
91	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
92	   document are to be interpreted as described in RFC 2119.

94	2.  Partial Locking Capability

96	2.1.  Overview

98	   The :partial-locking capability indicates that the device supports
99	   the locking of its configuration with a scope smaller then a complete
100	   configuration datastore.  Partial locking covers configuration data,
101	   but not state data.

103	   The system will ensure that configuration resources covered by the
104	   lock will not be modified by other NETCONF or non-NETCONF management
105	   operations such as SNMP and the CLI.

107	   The duration of the partial lock is defined as beginning when the
108	   partial lock is granted and lasting until either the corresponding
109	   <partial-unlock> operation succeeds or the NETCONF session
110	   terminates.

112	   A NETCONF session MAY have multiple parts of one or more datastores
113	   locked using partial lock operations.  The <partial-lock> operation
114	   returns a lock-id to identify each successfully acquired lock.

116	2.2.  Dependencies

118	   If the :xpath capability is supported, the filter expressions can be
119	   full XPath 1.0 expressions.

121	2.3.  Capability Identifier

123	   urn:ietf:params:netconf:capability:partial-lock:1.0

125	2.4.  New Operations

127	2.4.1.  <partial-lock>

129	   The <partial-lock> operation allows the client to lock a portion of a
130	   data store.  The portion to lock is specified by using XPath filter
131	   parameters in the <partial-lock> operation.  Each XPath expression
132	   MUST return a node set.  A <partial-lock> operation MUST be handled
133	   atomically by the NETCONF server.  The server either locks all
134	   requested parts of the data store or none.

136	   The XPath filter expressions are evaluated only once at lock time.
137	   If the configuration data is altered later in a way that would make
138	   the original XPath filter expressions evaluate to a different set of
139	   nodes, this does not affect the scope of the partial lock.

141	   If a node is locked by a session, only that same session will be able
142	   to modify that node or any node in the subtree underneath it.

144	   If a top level node of a locked subtree is deleted, any other session
145	   can recreate it, as it is not covered by the lock anymore.

147	   A partial lock MUST fail if:

149	   o  Any part of the scope to be locked is already locked by another
150	      management session/protocol, including other NETCONF sessions
151	      using the (global) <lock> operation or <partial-lock> or any other
152	      non-NETCONF management method.

154	   o  The locking user does not have at least some basic access rights,
155	      e.g., read rights, to all of the datastore section to be locked.
156	      The exact handling of access rights is outside the scope of this
157	      document, but it is assumed that there is an access control system
158	      that MAY deny or allow the partial lock operation.

160	   As with most locking systems, there is a possibility that two users
161	   trying to lock different parts of the configuration become dead-
162	   locked.  To avoid this situation, clients SHOULD lock everything they
163	   need in one operation.  If that operation still fails, the client
164	   SHOULD back down, release any already acquired locks, and retry the
165	   procedure after some time interval.  The length of the interval
166	   should preferably be random to avoid repeated dead-locks when both
167	   (or all) clients back down and then repeat locking.

169	   Parameters:

171	   target:  Name of the configuration datastore of which a part will be
172	       locked.  URIs are not accepted.

174	   filter:  The filter element contains a 'select' attribute, which
175	       contains an XPath expression.  The XPath expression is evaluated
176	       in a context where the context node is the root of the server's
177	       conceptual data model, and the set of namespace declarations are
178	       those in scope on the filter element.

180	       The filter MUST return a node set.

182	       If the device does not support the :xpath capability, the XPath
183	       expression MUST be limited to an Instance Identifier expression
184	       [Editor's Note: add text or reference.  An Instance Identifier is
185	       an absolute path expression in abbreviated syntax, where
186	       predicates are used only to specify values for nodes defined as
187	       keys to distinguish multiple instances.]

189	   Example: Lock virtual router 1 and interface eth1

191	   <nc:rpc
192	     xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
193	     xmlns="urn:ietf:params:netconf:capability:partial-lock:1.0"
194	     xmlns:rte="http://example.com/ns/route">
195	     xmlns:if="http://example.com/ns/interface">
196	     nc:message-id="135">
197	       <partial-lock>
198	           <nc:running/>
199	           <filter select="/rte:routing/rte:virtualRouter[rte:id='1']"/>
200	           <filter select="/if:interfaces/[if:interfaceId='eth1']"/>
201	       </partial-lock>
202	   </nc:rpc>

204	   <nc:rpc-reply
205	     xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
206	     xmlns="urn:ietf:params:netconf:capability:partial-lock:1.0"
207	     xmlns:rte="http://example.com/ns/route">
208	     xmlns:if="http://example.com/ns/interface">
209	     nc:message-id="135">
210	       <nc:data>
211	           <lock-id>127</lock-id>
212	       </nc:data>
213	   </nc:rpc-reply>
214	   Positive Response:

216	   If the device was able to satisfy the request, an <rpc-reply> is sent
217	   with a <lock-id> element (lock identifier) in the <data> element.

219	   Negative Response:

221	   If a lock is already held on any node within the subtrees to be
222	   locked, the <error-tag> element will be 'lock-denied' and the <error-
223	   info> element will include the <session-id> of the lock owner.  If
224	   the lock is held by a non-NETCONF entity, a <session-id> of 0 (zero)
225	   is included.

227	   If the filters return an empty node set, the <error-tag> will be
228	   'operation-failed', and the <error-app-tag> will be 'no-matches'.

230	   If any filter returns anything but a node set, the <error-tag> will
231	   be 'invalid-value'.

233	   If the :xpath capability is not supported and the XPath expression is
234	   not an Instance Identifier, the <error-tag> will be 'invalid-value'.

236	   If access control denies the partial lock, the <error-tag> will be
237	   'access-denied'.

239	2.4.2.  <partial-unlock>

241	   The operation unlocks a part of a datastore that was previously
242	   locked using <partial-lock> during the same session.

244	   Parameters:

246	   lock-id:  Lock identifier to unlock; taken from a reply to a previous
247	       <partial-lock> operation.

249	   Example: Unlock

251	   <nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
252	       xmlns="urn:ietf:params:netconf:capability:partial-lock:1.0"
253	       nc:message-id="136">
254	       <partial-unlock>
255	           <lock-id>127</lock-id>
256	       </partial-unlock>
257	   </nc:rpc>

259	   Positive Response:

261	   If the device was able to satisfy the request, an <rpc-reply> is sent
262	   that contains an <ok> element.  A positive response MUST be sent even
263	   if all of the locked part of the datastore has already been deleted.

265	   Negative Response:

267	   If the <lock-id> parameter does not identify a lock which is owned by
268	   the session, an 'invalid-value' error is returned.

270	2.5.  Modifications to Existing Operations

272	   None.

274	2.6.  Interactions with Other Capabilities

276	2.6.1.  Writable-Running Capability

278	   Partial locking of the running datastore can only be done if the
279	   :writable-running capability is supported by the device.

281	2.6.2.  Candidate Configuration Capability

283	   Partial locking of the candidate datastore can only be done if the
284	   :candidate capability is supported by the device.  The partial
285	   locking of the candidate datastore does not depend on whether the
286	   datastore was modified or not.

288	2.6.3.  Distinct Startup Capability

290	   Partial locking of the startup datastore can only be done if the
291	   :startup capability is supported by the device.

293	3.  Security Considerations

295	   The same considerations as for the base NETCONF Protocol [RFC4741]
296	   are valid.  It is assumed that the <partial-lock> and <partial-
297	   unlock> RPCs are only allowed for an authenticated user after passing
298	   some access control mechanism.

300	4.  IANA Considerations

302	   The capability's URI should be registered by IANA.

304	5.  Change Log

306	   draft-00  Initial version

308	5.1.  Open Issues

310	      Shall we allow the locking of non-existent nodes?  The operator
311	      might want to reserve an object or rather its key/name even if he
312	      will create the object later.

314	      Should we include more detailed information in error results to
315	      help debug lock conflicts, e.g. the userId of the conflicting
316	      session, the XPATH expression of the conflicting session, the
317	      instanceId of the first object where the lock conflict was found?

319	      Should we allow users to lock parts of multiple datastores (e.g.
320	      /top/routing both in the candidate and the running datastore) in
321	      one operation?  This would decrease the probability of a dead-
322	      lock, but currently the (global) <lock> operation doesn't support
323	      this.

325	6.  XML Schema for Partial Locking

327	   The following XML Schema defines the <partial-lock> and <partial-
328	   unlock> operations:

330	 <?xml version="1.0" encoding="UTF-8"?>
331	 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
332	   xmlns="urn:ietf:params:netconf:capability:partial-lock:1.0"
333	   xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
334	   targetNamespace="urn:ietf:params:netconf:capability:partial-lock:1.0"
335	   elementFormDefault="qualified" attributeFormDefault="unqualified">

337	   <xs:annotation>
338	     <xs:documentation>
339	         Schema defining the partial-lock and unlock operations.
340	      </xs:documentation>
341	   </xs:annotation>

343	   <xs:import namespace="urn:ietf:params:xml:ns:netconf:base:1.0"
344	     schemaLocation="urn:ietf:params:xml:ns:netconf:base:1.0"/>

346	   <xs:complexType name="filterType">
347	     <xs:complexContent>
348	       <xs:extension base="xs:anyType">
349	         <xs:attribute name="select" use="required"/>
350	       </xs:extension>

352	     </xs:complexContent>
353	   </xs:complexType>

355	   <xs:complexType name="partialLockType">
356	     <xs:complexContent>
357	       <xs:extension base="nc:rpcOperationType">
358	         <xs:sequence>
359	           <xs:element ref="nc:config-name"/>
360	           <xs:element name="filter" type="filterType"
361	                       maxOccurs="unbounded"/>
362	         </xs:sequence>
363	       </xs:extension>
364	     </xs:complexContent>
365	   </xs:complexType>

367	   <xs:complexType name="partialUnLockType">
368	     <xs:complexContent>
369	       <xs:extension base="nc:rpcOperationType">
370	         <xs:sequence>
371	           <xs:element name="lock-id" type="xs:unsignedInt"/>
372	         </xs:sequence>
373	       </xs:extension>
374	     </xs:complexContent>
375	   </xs:complexType>

377	   <!-- <partial-lock> operation -->
378	   <xs:element name="partial-lock" type="partialLockType"
379	               substitutionGroup="nc:rpcOperation"/>

381	   <!-- <partial-unlock> operation -->
382	   <xs:element name="partial-unlock" type="partialUnLockType"
383	               substitutionGroup="nc:rpcOperation"/>

385	   <!-- reply to <partial-lock> -->
386	   <xs:element name="lock-id" type="xs:unsignedInt"/>

388	 </xs:schema>

390	7.  Acknowledgements

392	   Thanks to Andy Bierman for providing important input to this
393	   document.

395	8.  Normative References

397	   [RFC4741]  "NETCONF Configuration Protocol", RFC 4741, December 2006.

399	Authors' Addresses

401	   Balazs Lengyel
402	   Ericsson Hungary

404	   Email: balazs.lengyel@ericsson.com

406	   Martin Bjorklund
407	   Tail-f Systems

409	   Email: mbj@tail-f.com

411	Full Copyright Statement

413	   Copyright (C) The IETF Trust (2007).

415	   This document is subject to the rights, licenses and restrictions
416	   contained in BCP 78, and except as set forth therein, the authors
417	   retain all their rights.

419	   This document and the information contained herein are provided on an
420	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
421	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
422	   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
423	   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
424	   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
425	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

427	Intellectual Property

429	   The IETF takes no position regarding the validity or scope of any
430	   Intellectual Property Rights or other rights that might be claimed to
431	   pertain to the implementation or use of the technology described in
432	   this document or the extent to which any license under such rights
433	   might or might not be available; nor does it represent that it has
434	   made any independent effort to identify any such rights.  Information
435	   on the procedures with respect to rights in RFC documents can be
436	   found in BCP 78 and BCP 79.

438	   Copies of IPR disclosures made to the IETF Secretariat and any
439	   assurances of licenses to be made available, or the result of an
440	   attempt made to obtain a general license or permission for the use of
441	   such proprietary rights by implementers or users of this
442	   specification can be obtained from the IETF on-line IPR repository at
443	   http://www.ietf.org/ipr.

445	   The IETF invites any interested party to bring to its attention any
446	   copyrights, patents or patent applications, or other proprietary
447	   rights that may cover technology that may be required to implement
448	   this standard.  Please address the information to the IETF at
449	   ietf-ipr@ietf.org.

451	Acknowledgment

453	   Funding for the RFC Editor function is provided by the IETF
454	   Administrative Support Activity (IASA).