idnits 2.17.1 draft-wwx-netmod-event-yang-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 18 instances of too long lines in the document, the longest one being 22 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 582 has weird spacing: '...rw name str...' == Line 721 has weird spacing: '...rw name str...' -- The document date (July 12, 2020) is 1381 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC3198' is mentioned on line 94, but not defined == Missing Reference: 'RFC5277' is mentioned on line 169, but not defined == Missing Reference: 'XPATH' is mentioned on line 475, but not defined == Missing Reference: 'GNCA' is mentioned on line 1530, but not defined ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) Summary: 2 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD Working Group A. Bierman 3 Internet-Draft YumaWorks 4 Intended status: Standards Track Q. Wu 5 Expires: January 13, 2021 Huawei 6 I. Bryskin 7 Individual 8 H. Birkholz 9 Fraunhofer SIT 10 X. Liu 11 Volta Networks 12 B. Claise 13 Cisco 14 July 12, 2020 16 A YANG Data model for ECA Policy Management 17 draft-wwx-netmod-event-yang-08 19 Abstract 21 This document defines a YANG data model for the Event Condition 22 Action (ECA) policy management. The ECA policy YANG provides the 23 ability to delegate the network management function to the server and 24 control the configuration and monitor state change and take simple 25 and instant action on the server when a trigger condition on the 26 system state is met. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on January 13, 2021. 45 Copyright Notice 47 Copyright (c) 2020 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Conventions used in this document . . . . . . . . . . . . . . 4 64 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 65 2.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 5 66 3. Overview of ECA YANG Data Model . . . . . . . . . . . . . . . 5 67 3.1. ECA Policy Variable and Value . . . . . . . . . . . . . . 6 68 3.2. ECA Event . . . . . . . . . . . . . . . . . . . . . . . . 7 69 3.3. ECA Condition . . . . . . . . . . . . . . . . . . . . . . 9 70 3.3.1. Mapping Policy Variables to XPath Variables . . . . . 10 71 3.3.2. ECA XPath Context . . . . . . . . . . . . . . . . . . 11 72 3.3.3. ECA Evaluation Exceptions . . . . . . . . . . . . . . 12 73 3.4. ECA Action . . . . . . . . . . . . . . . . . . . . . . . 12 74 3.5. ECA . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 75 3.5.1. ECA XPath Function Library (ECALIB) . . . . . . . . . 14 76 4. ECA YANG Model (Tree Structure) . . . . . . . . . . . . . . . 16 77 5. ECA YANG Module . . . . . . . . . . . . . . . . . . . . . . . 18 78 6. Security Considerations . . . . . . . . . . . . . . . . . . . 32 79 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 80 8. Acknowledges . . . . . . . . . . . . . . . . . . . . . . . . 34 81 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 34 82 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 83 10.1. Normative References . . . . . . . . . . . . . . . . . . 35 84 10.2. Informative References . . . . . . . . . . . . . . . . . 36 85 Appendix A. ECA Condition Expression Examples . . . . . . . . . 37 86 Appendix B. ECA Model Self Monitoring Usage Example . . . . . . 37 87 Appendix C. Changes between Revisions . . . . . . . . . . . . . 40 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42 90 1. Introduction 92 Traditional approaches for network to automatically perform 93 corrective actions in response to network events have been largely 94 built on centralized policy based management [RFC3198]. With 95 centralized network mangement, the managed object state or 96 operational state spanning across the devices needs to be retrieved 97 by the client from various different servers. However there are 98 issues associated with centrallized network management: 100 o Centralized network management incurs massive data collection and 101 processing, the resource consumption (e.g., network bandwidth 102 usage, the state to be maintained) is huge. 104 o Centralized network management leads to slow reaction to the 105 network changes when large amount of managed object state from 106 devices needs to collected and correlated at the central point 107 where decisions about resource adjustment are made; 109 o Centralized network management can not control or influence 110 management behavior within the server if the server is 111 disconnected from any network or the existing configuration on the 112 server has major errors; 114 o Centralized network management doesn't scale well when thousands 115 of devices needs to send hundeds of event notifications or 116 millions of managed data objects need to be polled by the client; 118 A more effective alternative to centralized network management is to 119 delegate network management function to servers in the network and 120 allow each server monitor state changes of managed objects. 121 Accordingly there is a need for a service to provide continuous 122 peformance monitoring and detect defects and failures and take 123 corrective action. 125 This document defines a ECA Policy management YANG data model. The 126 ECA Policy YANG provides the ability to move the network management 127 task to the server for self monitoring and self healing and control 128 the configurations and monitor state parameters and take simple and 129 instant action on the server when a trigger condition on the system 130 state is met. 132 The data model in this document is designed to be compliant with the 133 Network Management Datastore Architecture (NMDA) [RFC8342]. 135 2. Conventions used in this document 137 2.1. Terminology 139 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 140 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 141 document are to be interpreted as described in [RFC2119]. In this 142 document, these words will appear with that interpretation only when 143 in ALL CAPS. Lower case uses of these words are not to be 144 interpreted as carrying [RFC2119] significance. 146 The following terms are defined in [RFC7950] [RFC3460] and are not 147 redefined here: 149 o Server 151 o Client 153 o Policy variable 155 o Policy value 157 o Implicit policy variable 159 o explicit policy variable 161 This document uses the following terms: 163 Event: An event is something that happens that may be of interest - 164 a configuration change, a fault, a change in status, crossing a 165 threshold, or an external input to the system, for example. 166 Often, this results in an asynchronous message, sometimes referred 167 to as a notification or event notification, being sent to 168 interested parties to notify them that this event has occurred 169 [RFC5277]. 171 Condition: Condition can be seen as a logical test that, if 172 satisfied or evaluated to be true, cause the action to be carried 173 out. 175 Action: Updates or invocations on local managed object attributes. 177 ECA Event: The input to the ECA logic that initiates the processing 178 Derived from extensible list of platform event types. 180 Server Event: An event that happens in the server for which a 181 Notification could be generated in an Event Stream subscription. 183 Datastore Event: An event that happens within a datastore within the 184 server for a Notification could be generated in a datastore 185 subscription. 187 Timer Event: A pseudo-event in the server that allows ECA logic to 188 be invoked periodically. 190 Diagnostic Event: A pseudo-event initiated by the client to test ECA 191 logic. 193 Self Monitoring: Automatic monitoring and control of resources to 194 ensure the optimal functioning with respect to the defined 195 requirements. 197 Self Healing: Automatic discovery, and correction of faults; 198 automatically applying all necessary actions to bring system back 199 to normal operation. 201 Policy Variable (PV): Represents datastore states that change (or 202 "vary"), and that is set or evaluated by software. 204 PV-Source: Represents an XPath result, which contains one of four 205 data types: Boolean, Number, String, and Node Set. 207 PV-Result: Represents the value of the result of an Policy Variable 208 evaluation. 210 2.2. Tree Diagrams 212 Tree diagrams used in this document follow the notation defined in 213 [RFC8340]. 215 3. Overview of ECA YANG Data Model 217 A ECA policy rule is read as: when event occurs in a situation where 218 condition is true, then action is executed. Therefore ECA comprises 219 three key elements: event, associated conditions, and actions. These 220 three elements should be pushed down and configured on the server by 221 the client. If the action is rejected by the server duing ECA policy 222 execution, the action should be rolled back and cleaned up. 224 3.1. ECA Policy Variable and Value 226 ECA policy variable (PV) generically represents datastore states that 227 change (or "vary"), and that is set or evaluated by software. The 228 value of ECA policy variable is used for modeling values and 229 constants used in policy conditions and actions. In policy, 230 conditions and actions can abstract information as "policy variables" 231 to be evaluated in logical expressions, or set by actions, e.g., the 232 policy condition has the semantics "variable matches value" while 233 policy action has the semantics "set variable to value". 235 In ECA, two type of policy variables are defined, pv-source variable 236 and pv-result variable. pv-source variable represents an XPath 237 result, which contains one of four data types: Boolean, Number, 238 String, and Node Set while pv-result variable represents the value of 239 the result of an Policy Variable evaluation. 241 o A pv-source is always config=true. 243 o A pv-result is always config=false. 245 o A single anydata cannot be used for all values since it is only 246 allowed to contain child nodes. Separate scalar and nodeset 247 values are needed. 249 Each ECA policy variable has the following two attributes: 251 o Name with Globally unique or ECA unique scope ; 253 o Type either pv-source or pv-result; 255 The following operations are allowed with/on a PV: 257 o initialize (with a constant/enum/identity); 259 o set (with contents of another same type PV); 261 o read (retrieve datastore contents pointed by the specified same 262 type XPath/sub-tree); 264 o write (modify configuration data in the datastore with the PV's 265 content/value); 267 o insert (PV's content into a same type list); 269 o iterate (copy into PV one by one same type list elements) 270 o function calls in a form of F(arg1,arg2,...), where F is an 271 identity of a function from extendable function library, 272 arg1,arg2,etc are PVs respectively, the function's input 273 parameters, with the result returned in result policy variable. 275 PVs could also be a source of information sent to the client in 276 notification messages. 278 PVs could be also used in condition expressions. 280 The model structure for the Policy Variable is shown below: 282 +--rw policy-variables 283 | +--rw policy-variable* [name] 284 | +--rw name string 285 | +--rw (xpath-value-choice)? 286 | +--:(policy-source) 287 | | +--rw (pv-source) 288 | | +--:(xpath-expr) 289 | | | +--rw xpath-expr? yang:xpath1.0 290 | | +--:(scalar-constant) 291 | | | +--rw scalar-constant? string 292 | | +--:(nodeset-constant) 293 | | +--rw nodeset-constant? 294 | +--:(policy-result) 295 | +--rw (pv-result) 296 | +--:(scalar-value) 297 | | +--rw scalar-value? string 298 | +--:(nodeset-value) 299 | +--rw nodeset-value? 301 3.2. ECA Event 303 The ECA Event is any subscribable event notification either 304 explicitly defined in a YANG module (e.g., interface management 305 model) supported by the server or a event stream conveyed to the 306 server via YANG Push subscription. The ECA event are used to keep 307 track of state of changes associated with one of multiple operational 308 state data objects in the network device. 310 Each ECA Event has the following attributes: 312 o event-name, the name of ECA event; 314 o event-type, typical examples of ECA event type include server 315 event, datastore event, timer event and diagnostic event. 317 o event-stream,in case of server event. 319 o event-module, in case of server event. 321 o event-name, in case of server event. 323 o event, it is event stream conveyed to the server in case of server 324 event. 326 o datastore, in case of datastore event. 328 o data-path, in case of datastore event. 330 o data, it is event notification defined in a YANG module, in case 331 of datastore event. 333 o period, in case of timer event. 335 A client may define an event of interest by making use of YANG PUSH 336 subscription. Specifically, the client may configure an ECA event 337 according to the ECA model specifying the event's name, as well as 338 the name of corresponding PUSH subscrition. In this case, the server 339 is expected to: 341 o Register the event recording its name and using the referred PUSH 342 subsription trigger as definition of the event firing trigger; 344 o Auto-configure the event's ECA input in the form of local PVs 345 using the PUSH subscription's filters; 347 o At the moment of event firing intercept the notifications that 348 would be normally sent to the PUSH subscription's client(s); copy 349 the data store states pointed by the PUSH subscription's filters 350 into the auto-configured ECA's local PVs and execute the ECA's 351 condition-action chain. 353 All events (specified in at least one ECA pushed to the server) are 354 required to be constantly monitored by the server. One way to think 355 of this is that the server subscribes to its own publications with 356 respect to all events that are associated with at least one ECA. 358 The model structure for the ECA Event is shown below: 360 +--rw events 361 | +--rw event* [event-name] 362 | +--rw event-name string 363 | +--rw event-type? identityref 364 | +--rw policy-variable* -> /gncd/policy-variables/policy-variable/name 365 | +--rw local-policy-variable* -> /gncd/ecas/eca/policy-variable/name 366 | +--rw (type-choice)? 367 | +--:(server-event) 368 | | +--rw event-stream? string 369 | | +--rw event-module? string 370 | | +--rw event? 371 | +--:(datastore-event) 372 | | +--rw datatore? string 373 | | +--rw data-path? string 374 | | +--rw data? 375 | +--:(timer-event) 376 | | +--rw time-schedule! 377 | | +--rw period? centiseconds 378 | | +--rw count? uint16 379 | +--:(diagnostics-event) 381 3.3. ECA Condition 383 The ECA Condition is the logical expression that is specified in a 384 form of Xpath expression and evaluated to TRUE or FALSE. The XPath 385 expression specifies an arbitrary logical/mathematical expression; 386 The elements of the ECA Condition expression are referred by the 387 XPaths pointing to referred datastore states. 389 The ECA Condition expression in the form of XPath expression allows 390 for specifying a condition of arbitrary complexity as a single string 391 with an XPath expression, in which pertinent PVs and datastore states 392 are referred to by their respective positions in the YANG tree. 394 ECA Conditions are associated with ECA Events and evaluated only 395 within event threads triggered by the event detection. 397 When an ECA Condition is evaluated to TRUE, the associated ECA Action 398 is executed. 400 The model structure for the condition is shown below: 402 +--rw conditions 403 | +--rw condition* [name] 404 | +--rw name string 405 | +--rw (expression-choice)? 406 | +--:(xpath) 407 | +--rw condition-xpath? string 409 3.3.1. Mapping Policy Variables to XPath Variables 411 Policy variables are mapped to XPath variable bindings so they can be 412 referenced in the XPath expression for a Condition. 414 o The 'name' leaf value for the policy variable is mapped to the 415 local-name of the XPath variable. No namespace is used for ECA 416 varaibles. Eg., the policy variable named 'foo' would be 417 accessible with a variable refernece '$foo'. 419 o The local-name 'USER' is reserved and defined in NACM. The server 420 SHOULD provide the USER variable as NACM is implemented. 422 o The values of all available policy variables are updated by the 423 server (if required) before the XPath expression is evaluated. 424 The variable binding value MUST NOT change while the XPath 425 expression is being evaluated. If multiple references to the same 426 variable exist in an XPath expression, they MUST resolve to the 427 same value in each instance. 429 Example: "/test1[name=$badfan] and /test2[name=$badfan]" 430 The same value of 'badfan' is expected in each instance. 432 o If a variable reference cannot be resolved because no policy 433 variable with that name is accessible to the ECA under evaluation, 434 then an eca-exception notification SHOULD be generated, and the 435 XPath evaluation MUST be terminated with an error. 437 o Example: 439 [TBD: Need to determine what XPath parsers support. 440 Need to support simple expressions like 441 PV(x) = $A 442 PV(x) = $A + $B 444 May need to wrapper in function calls 446 PV(x) = number($A) 447 PV(x) = number($A) + number($B) 449 TBD: How to do conditional assignments 451 if nmda-supported() 452 PV(top) = /interfaces 453 else 454 PV(top) = /interfaces-state 455 end 457 Then an XPath expression can use 459 $top/interface/name 461 3.3.2. ECA XPath Context 463 All XPath expressions used in ECA share the following XPath context 464 definition. 466 o The set of namespace declarations is the set of all modules loaded 467 into the server at the moment. Prefix bindings can reference the 468 set of namespace URIs for this set of modules. 470 o All names SHOULD be namespace-qualified. There is no default 471 namespace to use if no namespace is specified. If no namespace is 472 used then the XPath step matches the local-name in all namespaces. 474 o The function library is the core function library defined in 475 [XPATH], the functions defined in Section 10 of [RFC7950], and the 476 ECALIB functions defined in this document Section 3.5.1. 478 o The set of variable bindings is set to all policy variables that 479 are visible to the ECA under evaluation. This includes the local- 480 policy-variable and policy-variable entries configured for the 481 'eca' entry. Since pv-source values can reference other policy 482 variables, the order that these fields are set is significant. 484 o The accessible tree is all state data in the server, and the 485 running configuration datastore. The root node has all top-level 486 data nodes in all modules as children. 488 o The context node for all ECA XPath evaluation is the root node. 490 3.3.3. ECA Evaluation Exceptions 492 Not all errors can be detected at configuration time. Error that 493 occur while ECA logis is being evaluated will cause the server to 494 generate an eca-exception notification. 496 TBD: Does an exception cause the ECA entry to be disabled 497 automatically? 499 identity eca-exception-reason { 500 description 501 "Base of all values for the 'reason' leaf in the 502 eca-exception notification."; 503 } 505 identity varbind-unknown { 506 base eca-exception-reason; 507 description 508 "The requested policy variable binding is not defined. 509 The variable binding cannot be resolved in the XPath 510 evaluation."; 511 } 513 // TBD: define exceptions as needed 515 notification eca-exception { 516 description 517 "This notification is sent when some error occurs 518 while the server is processing ECA logic. 519 [TBD: lots more detail and parameters]"; 520 leaf reason { 521 type eca-exception-reason; 522 } 523 } 525 3.4. ECA Action 527 The ECA Action list consists of updates or invocations on local 528 managed object attributes and a set of actions are defined as 529 follows, which will be performed when the corresponding event is 530 triggered: 532 o sending one time notification 534 o (re-)configuration scheduling - scheduling one time or periodic 535 (re-)configuration in the future 537 o stopping current ECA; 539 o invoking another ECA; 541 Three points are worth noting: 543 o When a "Send notification" action is configured as an ECA Action, 544 the notification message to be sent to the client may contain not 545 only elements of the data store (as, for example, YANG PUSH or 546 smart filter notifications do), but also the contents of global 547 and local PVs, which store results of arbitrary operations 548 performed on the data store contents (possibly over arbitrary 549 period of time) to determine, for example, history/evolution of 550 data store changes, median values, ranges and rates of the 551 changes, results of configured function calls and expressions, 552 etc. - in short, any data the client may find interesting about 553 the associated event with all the logic to compute said data 554 delegated to the server. Importantly, ECA notifications are the 555 only ECA actions that directly interact with and hence need to be 556 unambiguously understood by the client. Furthermore, the same ECA 557 may originate numerous single or repetitive semantically different 558 notifications within the same or separate event firings. In order 559 to facilitate for the client the correlation of events and ECA 560 notifications received from the server, the ECA model requires 561 each notification to carry mandatory information, such as event 562 and (event scope unique) notification names. 564 o Multiple ECA Actions could be triggered by a single ECA event. 566 o Any given ECA Condition or Action may appear in more than one 567 ECAs. 569 The model structure for the actions is shown below: 571 +--rw actions 572 | +--rw action* [name] 573 | +--rw name string 574 | +--rw action-element* [name] 575 | | +--rw name string 576 | | +--rw action-type? identityref 577 | | +--rw (action-operation)? 578 | | +--:(notify-operation) 579 | | +--rw notify-operation 580 | | +--rw name? string 581 | | +--rw policy-variable* [name] 582 | | +--rw name string 583 | +--rw time-schedule! 584 | | +--rw period? centiseconds 585 | | +--rw count? uint16 587 3.5. ECA 589 An ECA container includes: 591 o ECA name. 593 o List of local PVs and global PVs. As mentioned, These PVs could 594 be configured as dynamic (their instances appear/disappear with 595 start/stop of the ECA execution) or as static (their instances 596 exist as long as the ECA is configured). Global PV will be shared 597 by multiple ECA instances while local PVs are within the scope of 598 a specific ECA instance. 600 o Normal CONDITION-ACTION list: configured conditions each with 601 associated actions to be executed if the condition is evaluated to 602 TRUE 604 TBD: how different ECAs do not impact each other if they share PVs 605 and other components is not in the scope of this document at this 606 moment. 608 3.5.1. ECA XPath Function Library (ECALIB) 610 A set of common event PVs need to be set for every invocation of 611 condition or action logic: 613 $event-type (string) 614 $event-name (string) 616 For event-type = "server-event" 618 $event-stream (string) 619 $event-module (string) 620 $event-name (string) 621 $event (node-set) 623 The condition can use these PVs directly in an expression 624 An expression can access client-configured PVs of course 626 $event/child[name=$some-global-var] > 10 628 For event-type = "datastore" 630 $datastore (string) 631 $data-path (string) 632 $data (node-set) 634 The data is defined to be a container with the requested data as child nodes 636 $data/interface[type=$gigabit-eth] // (node-set is an array of data nodes, usually siblings) 638 A standard sustained-event func call should be defined to specify how many seconds the 639 XPath expression needs to be true to consider the function result true 641 // check every 5 seconds up to 60 seconds 642 sustained-event("$event/child[name=$some-global-var] > 10", 5, 12) 644 function boolean sustained-event (string expr, number interval, number count) 645 test expression 'expr' once per 'interval'. Keep testing once per interval until 646 false result reached or 'count' number of interval on specific interface has been 647 tested true.Return true if condition tested true for count intervals; Returns 648 false otherwise 650 The ECA XPath function library is expected to grow over time and 651 additional standard or vendor function libraries should be possible. 652 The server should provide a read-only leaf-list of ECA function 653 libraries supported. 655 TBD: How can ECA access specific datastores? Currently no NMDA 656 support for config=true values in is provided. Access 657 to datastore is not possible. 659 4. ECA YANG Model (Tree Structure) 661 The following tree diagrams [RFC8340] provide an overview of the data 662 model for the "ietf-eca" module. 664 module: ietf-eca 665 +--rw gncd 666 +--rw policy-variables 667 | +--rw policy-variable* [name] 668 | +--rw name string 669 | +--rw (xpath-value-choice)? 670 | +--:(policy-source) 671 | | +--rw (pv-source) 672 | | +--:(xpath-expr) 673 | | | +--rw xpath-expr? yang:xpath1.0 674 | | +--:(scalar-constant) 675 | | | +--rw scalar-constant? string 676 | | +--:(nodeset-constant) 677 | | +--rw nodeset-constant? 678 | +--:(policy-result) 679 | +--rw (pv-result) 680 | +--:(scalar-value) 681 | | +--rw scalar-value? string 682 | +--:(nodeset-value) 683 | +--rw nodeset-value? 684 +--rw events 685 | +--rw event* [event-name] 686 | +--rw event-name string 687 | +--rw event-type? identityref 688 | +--rw policy-variable* -> /gncd/policy-variables/policy-variable/name 689 | +--rw local-policy-variable* -> /gncd/ecas/eca/policy-variable/name 690 | +--rw (type-choice)? 691 | +--:(server-event) 692 | | +--rw event-stream? string 693 | | +--rw event-module? string 694 | | +--rw event? 695 | +--:(datastore-event) 696 | | +--rw datatore? string 697 | | +--rw data-path? string 698 | | +--rw data? 699 | +--:(timer-event) 700 | | +--rw time-schedule! 701 | | +--rw period? centiseconds 702 | | +--rw count? uint16 703 | +--:(diagnostics-event) 704 +--rw conditions 705 | +--rw condition* [name] 706 | +--rw name string 707 | +--rw (expression-choice)? 708 | +--:(xpath) 709 | +--rw condition-xpath? string 710 +--rw actions 711 | +--rw action* [name] 712 | +--rw name string 713 | +--rw action-element* [name] 714 | | +--rw name string 715 | | +--rw action-type? identityref 716 | | +--rw (action-operation)? 717 | | +--:(notify-operation) 718 | | +--rw notify-operation 719 | | +--rw name? string 720 | | +--rw policy-variable* [name] 721 | | +--rw name string 722 | +--rw time-schedule! 723 | | +--rw period? centiseconds 724 | | +--rw count? uint16 725 +--rw ecas 726 +--rw eca* [name] 727 +--rw name string 728 +--rw username string 729 +--rw event-name string 730 +--rw policy-variable* [name] 731 | +--rw name string 732 | +--rw (xpath-value-choice)? 733 | | +--:(policy-source) 734 | | | +--rw (pv-source) 735 | | | +--:(xpath-expr) 736 | | | | +--rw xpath-expr? yang:xpath1.0 737 | | | +--:(scalar-constant) 738 | | | | +--rw scalar-constant? string 739 | | | +--:(nodeset-constant) 740 | | | +--rw nodeset-constant? 741 | | +--:(policy-result) 742 | | +--rw (pv-result) 743 | | +--:(scalar-value) 744 | | | +--rw scalar-value? string 745 | | +--:(nodeset-value) 746 | | +--rw nodeset-value? 747 | +--rw is-static? boolean 748 +--rw condition-action* [name] 749 | +--rw name string 750 | +--rw condition? -> /gncd/conditions/condition/name 751 | +--rw action? -> /gncd/actions/action/name 752 +---x start 753 +---x stop 754 +---x next-action 756 notifications: 757 +---n eca-exception 758 +--ro reason? identityref 760 5. ECA YANG Module 762 file "ietf-eca@2019-10-28.yang" 764 module ietf-eca { 765 yang-version 1.1; 766 namespace "urn:ietf:params:xml:ns:yang:ietf-eca"; 767 prefix gnca; 769 import ietf-yang-types { 770 prefix yang; 771 } 772 import ietf-netconf-acm { 773 prefix nacm; 774 reference 775 "RFC8341: Network Configuration Access Control Model"; 776 } 778 organization 779 "IETF Network Configuration (NETCONF) Working Group"; 780 contact 781 "WG Web: 782 WG List: 783 Editor: Qin Wu 784 785 Editor: Igor Bryskin 786 787 Editor: Henk Birkholz 788 789 Editor: Xufeng Liu 790 791 Editor: Benoit Claise 792 793 Editor: Andy Bierman 794 795 Editor: Alexander Clemm 796 "; 797 description 798 "Event Condition Action (ECA) model."; 800 revision 2018-06-22 { 801 description 802 "Initial revision"; 803 reference 804 "RFC XXXX"; 805 } 807 identity argument-type { 808 description 809 "Possible values are: 810 constant, variable, or datastore state."; 811 } 813 identity comparison-type { 814 description 815 "Possible values are: 816 equal, not-equal, greater, greater-equal, less, less-equal."; 817 } 819 identity logical-operation-type { 820 description 821 "Possible values are: 822 not, or, and."; 823 } 825 identity function-type { 826 description 827 "Possible values are: 828 plus, minus, mult, divide, sustained-event."; 829 } 831 identity sustained-event { 832 description 833 "Identity for standard sustained-event function call, 834 the input variables for sustained-event include string 835 expr, number interval, number count. Keep testing 836 expression 'expr'once per interval until false result 837 reached or 'count' number of interval on specific interface 838 has been tested true.Return true if condition tested true 839 for count intervals; Returns false otherwise."; 840 } 842 identity plus { 843 description 844 "Identity for standard plus function call, the input 845 variables for plus function call include src policy argument 846 and dst policy arugment."; 847 } 849 identity mius { 850 description 851 "Identity for standard minus function call, the input 852 variables for plus function call include src policy argument 853 and dst policy arugment."; 854 } 856 identity multiply { 857 description 858 "Identity for standard multiply function call, the input 859 variables for multiply function call include src policy argument 860 and dst policy arugment."; 861 } 863 identity divide { 864 description 865 "Identity for standard divide function call, the input 866 variables for multiply function call include src policy argument 867 and dst policy arugment."; 868 } 870 identity content-moving-operation-type { 871 description 872 "Possible values are: 873 copy, iterate, insert."; 874 } 876 identity action-type { 877 description 878 "Possible values are: 879 action, content-move, function-call, rpc, notify."; 880 } 882 identity policy-variable-type { 883 description 884 "Possible values are: 885 boolean, int32, int64, uint32, uint64, string, etc."; 886 } 888 identity event-type { 889 description 890 "Base identity for Event Type."; 891 } 893 identity server-event { 894 base event-type; 895 description 896 "Identity for server event."; 897 } 899 identity datastore-event { 900 base event-type; 901 description 902 "Identity for datastore event."; 903 } 905 identity timer-event { 906 base event-type; 907 description 908 "Identity for timer event."; 909 } 911 identity diagnostics-event { 912 base event-type; 913 description 914 "Identity for diagnostics event."; 915 } 917 identity eca-exception-reason { 918 description 919 "Base of all values for the 'reason' leaf in the 920 eca-exception notification."; 921 } 923 identity varbind-unknown { 924 base eca-exception-reason; 925 description 926 "The requested policy variable binding is not defined. 927 The variable binding cannot be resolved in the XPath 928 evaluation."; 929 } 931 typedef centiseconds { 932 type uint32; 933 description 934 "A period of time, measured in units of 0.01 seconds."; 935 } 937 typedef oper-status { 938 type enumeration { 939 enum completed { 940 description 941 "Completed with no error."; 942 } 943 enum running { 944 description 945 "Currently with no error."; 946 } 947 enum sleeping { 948 description 949 "Sleeping because of time schedule."; 950 } 951 enum stoped { 952 description 953 "Stopped by the operator."; 954 } 955 enum failed { 956 description 957 "Failed with errors."; 958 } 959 enum error-handling { 960 description 961 "Asking the operator to handle an error."; 962 } 963 } 964 description 965 "The operational status of an ECA execution."; 966 } 968 grouping scalar-value { 969 leaf scalar-value { 970 type string; 971 description 972 "Represents an XPath simple value that has an 973 XPath type of Boolean, String, or Number. 974 This value will be converted to an XPath type, 975 as needed. 977 A YANG value is encoded as a string using the same 978 rules as the 'default' value for the data type. 980 An eca-exception notification is generated if a scalar 981 XPath value is used in a path expression, where a 982 node-set is expected. Normally XPath will treat this result 983 as an empty node-set, but this is an ECA programming error."; 984 } 985 } 987 grouping nodeset-value { 988 anydata nodeset-value { 989 description 990 "Represents an XPath node set. A 'node-set' anydata node 991 with no child data nodes represents an empty node-set. 992 Each child node in within this anydata structure 993 represents a subtree that is present in the XPath 994 node-set. 996 An XPath node-set is not required to contain a top-level 997 YANG data node. It is not required to contain an entire 998 complete subtree. 1000 It is am implementation-specific manner how a 1001 representation of YANG 'anydata' nodes are mapped 1002 to specific YANG module schema definitions."; 1003 } 1004 } 1006 grouping scalar-constant { 1007 leaf scalar-constant { 1008 type string; 1009 description 1010 "Represents an XPath simple value that has an 1011 XPath type of Boolean, String, or Number. 1012 This value will be converted to an XPath type, 1013 as needed. 1015 A YANG value is encoded as a string using the same 1016 rules as the 'default' value for the data type. 1018 An eca-exception notification is generated if a scalar 1019 XPath value is used in a path expression, where a 1020 node-set is expected. Normally XPath will treat this result 1021 as an empty node-set, but this is an ECA programming error."; 1022 } 1023 } 1025 grouping nodeset-constant { 1026 anydata nodeset-constant { 1027 description 1028 "Represents an XPath node set. A 'node-set' anydata node 1029 with no child data nodes represents an empty node-set. 1030 Each child node in within this anydata structure 1031 represents a subtree that is present in the XPath 1032 node-set. 1034 An XPath node-set is not required to contain a top-level 1035 YANG data node. It is not required to contain an entire 1036 complete subtree. 1038 It is am implementation-specific manner how a 1039 representation of YANG 'anydata' nodes are mapped 1040 to specific YANG module schema definitions."; 1041 } 1042 } 1043 grouping pv-source { 1044 choice pv-source { 1045 mandatory true; 1046 description 1047 "A PV source represents an XPath result, which contains 1048 one of four data types: Boolean, Number, String, 1049 and Node Set. XPath defines mechanisms to covert 1050 values between these four types. 1052 The 'xpath-expr' leaf is used to assign the PV source 1053 to the result of an arbitrary XPath expression. 1054 The result of this expression evaluation is used 1055 internally as needed. The result may be any one of 1056 the XPath data types. 1058 The 'scalar-constant' leaf is used to represent a Boolean, 1059 String, or Number XPath constant value. 1061 The 'nodeset-constant' anydata structure is used to 1062 represent a constant XPath node-set."; 1063 leaf xpath-expr { 1064 type yang:xpath1.0; 1065 description 1066 "Contains an XPath expression that must be evaluated 1067 to produce an XPath value. [section X.X] describes 1068 the XPath execution environment used to process this 1069 object."; 1070 } 1071 case scalar-constant { 1072 uses scalar-constant; 1073 } 1074 case nodeset-constant { 1075 uses nodeset-constant; 1076 } 1077 } 1078 } 1080 grouping pv-result { 1081 choice pv-result { 1082 mandatory true; 1083 description 1084 "Represents the value of the result of an 1085 Policy Variable evaluation. 1087 The 'scalar-value' leaf is used to represent a Boolean, 1088 String, or Number XPath result value. 1090 The 'nodeset-value' anydata structure is used to represent 1091 an XPath node-set result."; 1092 case scalar-value { 1093 uses scalar-value; 1094 } 1095 case nodeset-value { 1096 uses nodeset-value; 1097 } 1098 } 1099 } 1101 grouping policy-variable-attributes { 1102 description 1103 "Defining the policy variable attributes, including name, type 1104 and value. These attributes are used as part of the Policy 1105 Variable (PV) definition."; 1106 leaf name { 1107 type string; 1108 description 1109 "A string to uniquely identify a Policy Variable (PV), either 1110 globally for a global PV, or within the scope of ECA for a 1111 local PV."; 1112 } 1113 choice xpath-value-choice { 1114 description 1115 "The type of a policy variable may be either a common 1116 primative type like boolean or a type from existing 1117 schema node referenced by an XPath string."; 1118 case policy-source { 1119 uses pv-source; 1120 } 1121 case policy-result { 1122 uses pv-result; 1123 } 1124 } 1125 } 1127 grouping action-element-attributes { 1128 description 1129 "Grouping of action element attributes."; 1130 leaf action-type { 1131 type identityref { 1132 base action-type; 1133 } 1134 description 1135 "Identifies the action type."; 1136 } 1137 choice action-operation { 1138 description 1139 "The operation choices that an ECA Action can take."; 1140 case notify-operation { 1141 container notify-operation { 1142 description 1143 "The operation is to send a YANG notification."; 1144 leaf name { 1145 type string; 1146 description 1147 "Name of the subscribed YANG notification."; 1148 } 1149 list policy-variable { 1150 key "name"; 1151 description 1152 "A list of policy arguments carried in the notification 1153 message."; 1154 leaf name { 1155 type string; 1156 description 1157 "A string name used as the list key to form a list 1158 of policy arguments."; 1159 } 1160 } 1161 } 1162 } 1163 } 1164 } 1166 grouping time-schedule-container { 1167 description 1168 "Grouping to define a container of a time schedule."; 1169 container time-schedule { 1170 presence "Presence indicates that the timer is enabled."; 1171 description 1172 "Specifying the time schedule to execute an ECA Action, or 1173 trigger an event."; 1174 leaf period { 1175 type centiseconds; 1176 description 1177 "Duration of time that should occur between periodic 1178 push updates, in units of 0.01 seconds."; 1179 } 1180 leaf count { 1181 type uint16; 1182 description 1183 "specify the count number of interval that has to pass before 1184 successive adaptive periodic push update records for the same 1185 subscription are generated for a receiver."; 1186 } 1188 } 1189 } 1191 container gncd { 1192 nacm:default-deny-all; 1193 description 1194 "Top level container for Generalized Network Control Automation 1195 (gncd)."; 1196 container policy-variables { 1197 description 1198 "Container of global Policy Variables (PVs)."; 1199 list policy-variable { 1200 key "name"; 1201 description 1202 "A list of global Policy Variables (PVs), with a string 1203 name as the entry key."; 1204 uses policy-variable-attributes; 1205 } 1206 } 1207 container events { 1208 description 1209 "Container of ECA events."; 1210 list event { 1211 key "event-name"; 1212 description 1213 "A list of events used as the triggers of ECAs."; 1214 leaf event-name { 1215 type string; 1216 description 1217 "The name of the event."; 1218 } 1219 leaf event-type { 1220 type identityref { 1221 base event-type; 1222 } 1223 description 1224 "The type of the event."; 1225 } 1226 leaf-list policy-variable { 1227 type leafref { 1228 path "/gncd/policy-variables/policy-variable/name"; 1229 } 1230 description 1231 "global policy variables, which 1232 are shared by all ECA scripts."; 1233 } 1234 leaf-list local-policy-variable { 1235 type leafref { 1236 path "/gncd/ecas/eca/policy-variable/name"; 1237 } 1238 description 1239 "local policy variables, which 1240 are kept within an ECA instance, and appears/ 1241 disappears with start/stop of the ECA execution."; 1242 } 1243 choice type-choice { 1244 description 1245 "The type of an event, including server event and datastore event."; 1246 case server-event { 1247 leaf event-stream { 1248 type string; 1249 description 1250 "The name of a subscribed stream ."; 1251 } 1252 leaf event-module { 1253 type string; 1254 description 1255 "The name of YANG data module associated with the subscribed 1256 stream."; 1257 } 1258 anydata event { 1259 description 1260 "This anydata value MUST Contain the absolute XPath 1261 expression identifying the element path to the node that is 1262 associated with subscribed stream."; 1263 } 1264 } 1265 case datastore-event { 1266 leaf datatore { 1267 type string; 1268 description 1269 "The name of a datatore from which applications 1270 subscribe to updates."; 1271 } 1272 leaf data-path { 1273 type string; 1274 description 1275 "The absolute XPath expression identifying the 1276 element path to the node that is associated with 1277 subscribed stream.."; 1278 } 1279 anydata data { 1280 description 1281 "This anydata value MUST Contain the node that is 1282 associated with the data path."; 1283 } 1285 } 1286 case timer-event { 1287 uses time-schedule-container { 1288 description 1289 "Specifying the time schedule to trigger the event. 1290 If not specified, the event is not triggered."; 1291 } 1292 } 1293 case diagnostics-event; 1294 } 1295 } 1296 } 1297 container conditions { 1298 description 1299 "Container of ECA Conditions."; 1300 list condition { 1301 key "name"; 1302 description 1303 "A list of ECA Conditions."; 1304 leaf name { 1305 type string; 1306 description 1307 "A string name to uniquely identify an ECA Condition 1308 globally."; 1309 } 1310 choice expression-choice { 1311 description 1312 "The choices of expression format to specify a condition, 1313 which can be either a XPath string."; 1314 case xpath { 1315 leaf condition-xpath { 1316 type string; 1317 description 1318 "A XPath string, representing a logical expression, 1319 which can contain comparisons of datastore values 1320 and logical operations in the XPath format."; 1321 } 1322 } 1323 } 1324 } 1325 } 1326 container actions { 1327 description 1328 "Container of ECA Actions."; 1329 list action { 1330 key "name"; 1331 description 1332 "A list of ECA Actions."; 1334 leaf name { 1335 type string; 1336 description 1337 "A string name to uniquely identify an ECA Action 1338 globally."; 1339 } 1340 list action-element { 1341 key "name"; 1342 description 1343 "A list of elements contained in an ECA Action. "; 1344 leaf name { 1345 type string; 1346 description 1347 "A string name to uniquely identify the action element 1348 within the scope of an ECA action."; 1349 } 1350 uses action-element-attributes; 1351 } 1352 uses time-schedule-container { 1353 description 1354 "Specifying the time schedule to execute this ECA 1355 Action. 1356 If not specified, the ECA Action is executed immediately 1357 when it is called."; 1358 } 1359 } 1360 } 1361 container ecas { 1362 description 1363 "Container of ECAs."; 1364 list eca { 1365 key "name"; 1366 description 1367 "A list of ECAs"; 1368 leaf name { 1369 type string; 1370 description 1371 "A string name to uniquely identify an ECA globally."; 1372 } 1373 leaf username { 1374 type string; 1375 mandatory true; 1376 description 1377 "Name of the user for the session."; 1378 } 1379 leaf event-name { 1380 type string; 1381 mandatory true; 1382 description 1383 "The name of an event that triggers the execution of 1384 this ECA."; 1385 } 1386 list policy-variable { 1387 key "name"; 1388 description 1389 "A list of ECA local Policy Variables (PVs), with a 1390 string name as the entry key."; 1391 uses policy-variable-attributes; 1392 leaf is-static { 1393 type boolean; 1394 description 1395 "'true' if the PV is static; 'false' if the PV is 1396 dynamic. 1397 A dynamic PV appears/disappears with the start/stop 1398 of the ECA execution; a static PV exists as long as 1399 the ECA is configured."; 1400 } 1401 } 1402 list condition-action { 1403 key "name"; 1404 ordered-by user; 1405 description 1406 "A list of Condition-Actions, which are configured 1407 conditions each with associated actions to be executed 1408 if the condition is evaluated to TRUE. 1409 [TBD Does the server do all the actions where the condition 1410 is true? Does it stop after one condition-action is 1411 completed? How is it possible to require multiple conditions 1412 to be true in order to do 1 action? How will conditions be 1413 reusable and not giant cut-and-paste combination of other 1414 entries?]"; 1415 leaf name { 1416 type string; 1417 description 1418 "A string name uniquely identify a Condition-Action 1419 within this ECA."; 1420 } 1421 leaf condition { 1422 type leafref { 1423 path "/gncd/conditions/condition/name"; 1424 } 1425 description 1426 "The reference to a configured condition."; 1427 } 1428 leaf action { 1429 type leafref { 1430 path "/gncd/actions/action/name"; 1431 } 1432 description 1433 "The reference to a configured action."; 1434 } 1435 } 1436 action start { 1437 description 1438 "Start to execute this ECA."; 1439 } 1440 action stop { 1441 description 1442 "Stop the execution of this ECA."; 1443 } 1444 action next-action { 1445 description 1446 "Resume the execution of this ECA to complete the next 1447 action."; 1448 } 1449 } 1450 } 1451 } 1453 notification eca-exception { 1454 description 1455 "This notification is sent when some error occurs 1456 while the server is processing ECA logic. 1457 [TBD: lots more detail and parameters]"; 1458 leaf reason { 1459 type identityref { 1460 base eca-exception-reason; 1461 } 1462 } 1463 } 1464 } 1466 1468 6. Security Considerations 1470 The YANG modules defined in this document MAY be accessed via the 1471 RESTCONF protocol [RFC8040] or NETCONF protocol ([RFC6241]). The 1472 lowest RESTCONF or NETCONF layer requires that the transport-layer 1473 protocol provides both data integrity and confidentiality, see 1474 Section 2 in [RFC8040] and [RFC6241]. The lowest NETCONF layer is 1475 the secure transport layer, and the mandatory-to-implement secure 1476 transport is Secure Shell (SSH)[RFC6242] . The lowest RESTCONF layer 1477 is HTTPS, and the mandatory-to-implement secure transport is TLS 1478 [RFC5246]. 1480 The NETCONF access control model [RFC6536] provides the means to 1481 restrict access for particular NETCONF or RESTCONF users to a 1482 preconfigured subset of all available NETCONF or RESTCONF protocol 1483 operations and content. 1485 There are a number of data nodes defined in this YANG module that are 1486 writable/creatable/deletable (i.e., config true, which is the 1487 default). These data nodes may be considered sensitive or vulnerable 1488 in some network environments. Write operations (e.g., edit-config) 1489 to these data nodes without proper protection can have a negative 1490 effect on network operations. These are the subtrees and data nodes 1491 and their sensitivity/vulnerability: 1493 o /gnca:policy-variables/gnca:policy-variable/gnca:name 1495 o /gnca:events/gnca:event/gnca:name 1497 o /gnca:conditions/gnca:condition/gnca:name 1499 o /gnca:actions/gnca:action/gnca:name 1501 o /gnca:ecas/gnca:eca/gnca:name 1503 o /gnca:ecas/gnca:eca/gnca:username 1505 7. IANA Considerations 1507 This document registers two URIs in the IETF XML registry [RFC3688]. 1508 Following the format in [RFC3688], the following registrations are 1509 requested to be made: 1511 --------------------------------------------------------------------- 1512 URI: urn:ietf:params:xml:ns:yang:ietf-eca 1513 Registrant Contact: The IESG. 1514 XML: N/A, the requested URI is an XML namespace. 1515 --------------------------------------------------------------------- 1517 This document registers one YANG module in the YANG Module Names 1518 registry [RFC6020]. 1520 --------------------------------------------------------------------- 1521 Name: ietf-eca 1522 Namespace: urn:ietf:params:xml:ns:yang:ietf-eca 1523 Prefix: gnca 1524 Reference: RFC xxxx 1525 --------------------------------------------------------------------- 1527 8. Acknowledges 1529 Igor Bryskin, Xufeng Liu, Alexander Clemm, Henk Birkholz, Tianran 1530 Zhou contributed to an earlier version of [GNCA]. We would like to 1531 thank the authors of that document on event response behaviors 1532 delegation for material that assisted in thinking that helped improve 1533 this document. 1535 9. Contributors 1536 Alexander Clemm 1537 Futurewei 1538 Email: ludwig@clemm.org 1540 Michale Wang 1541 Huawei 1542 Email:wangzitao@huawei.com 1544 Chongfeng Xie 1545 China Telecom 1546 Email: xiechf@ctbri.com.cn 1548 Xiaopeng Qin 1549 Huawei 1550 Huawei Bld., No.156 Beiqing Rd. 1551 Beijing 100095 1552 China 1553 qinxiaopeng@huawei.com 1555 Tianran Zhou 1556 Huawei 1557 Email: zhoutianran@huawei.com 1559 Aihua Guo 1560 Individual 1561 aihguo1@gmail.com 1563 Nicola Sambo 1564 Scuola Superiore Sant'Anna 1565 Via Moruzzi 1 1566 Pisa 56124 1567 Italy 1568 Email: nicola.sambo@sssup.it 1570 Giuseppe Fioccola 1571 Huawei Technologies 1572 Riesstrasse, 25 1573 Munich 80992 1574 Germany 1575 Email: giuseppe.fioccola@huawei.com 1577 10. References 1579 10.1. Normative References 1581 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1582 Requirement Levels", March 1997. 1584 [RFC3460] Moore, B., Ed., "Policy Core Information Model (PCIM) 1585 Extensions", RFC 3460, DOI 10.17487/RFC3460, January 2003, 1586 . 1588 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1589 DOI 10.17487/RFC3688, January 2004, 1590 . 1592 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1593 the Network Configuration Protocol (NETCONF)", RFC 6020, 1594 DOI 10.17487/RFC6020, October 2010, 1595 . 1597 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1598 and A. Bierman, Ed., "Network Configuration Protocol 1599 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1600 . 1602 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1603 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1604 . 1606 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1607 Protocol (NETCONF) Access Control Model", RFC 6536, 1608 DOI 10.17487/RFC6536, March 2012, 1609 . 1611 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1612 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1613 . 1615 10.2. Informative References 1617 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1618 (TLS) Protocol Version 1.2", RFC 5246, 1619 DOI 10.17487/RFC5246, August 2008, 1620 . 1622 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1623 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1624 . 1626 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1627 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1628 . 1630 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1631 and R. Wilton, "Network Management Datastore Architecture 1632 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1633 . 1635 Appendix A. ECA Condition Expression Examples 1637 Here are two examples of Condition Expression: 1639 (a) a condition that only includes data store states and constants, 1640 for example: 1642 TE metric of Link L in Topology T greater than 100, 1643 it can be expressed as follows: 1645 "/nw:networks/nw:network[network-id='T']/nt:link[link-id='L']/tet:te\ 1646 /tet:te-link-attributes/tet:te-delay-metric > 100" 1648 (b) a condition that also includes a Policy Variable, for example: 1650 Allocated bandwidth of Link L in Topology T greater than 75% of 1651 what is stored in Policy Variable B, it can be expressed as follows: 1653 "/nw:networks/nw:network[network-id='T']/nt:link[link-id='L']/tet:te\ 1654 /tet:te-link-attributes/tet:max-resv-link-bandwidth\ 1655 > (ietf-eca:policy-variables/policy-variable[name='B']/value) * 0.75" 1657 Appendix B. ECA Model Self Monitoring Usage Example 1659 +---------------------------+ 1660 | Management System | 1661 +---------------------------+ 1662 | 1663 ECA | 1664 Model | 1665 | 1666 V 1667 +----------------------^-----+ 1668 | Managed Device | | 1669 | | | 1670 | //--\\ Condition--+ | 1671 | | Event| / \ | 1672 | | |----->|Actions | 1673 | \\--// \ / | 1674 | ---- | 1675 +----------------------------+ 1677 The management system designs a new ECA policy based on monitored 1678 objects in ietf-interfaces module that support threshold checking and 1679 pushes down the ECA policy to control interface behavior in the 1680 managed device that supports NETCONF/RESTCONF protocol operation, 1681 i.e.,scan all interfaces for a certain type every 5 seconds up to 60 1682 seconds and check the counters or status, return an array of 1683 interface entries (XPath node-set) that match the search. The XML 1684 example snippet is shown as below: 1686 1687 1688 1689 event-name 1690 interface-self-monitoring 1691 1692 1693 event-type 1694 server-event 1695 1696 1697 event-stream 1698 NETCONF 1699 1700 1701 event-module 1702 ietf-interfacs 1703 1704 1705 event 1706 if:interfaces/if:interface[if:type=if:gigabitEthernet] 1707 1708 1709 1710 1711 interface-self-monitoring 1712 server-event 1713 NETCONF 1714 ietf-interfacs 1715 if:interfaces/if:interface[if:type=if:gigabitEthernet] 1716 1717 1718 1719 1720 if-monitoring-condition 1721 event/statistics/in-errors > 1000 1722 1723 1724 1725 1726 if-matched-statistics 1727 1728 1729 1730 5 1731 12 1732 1733 1734 1735 1736 1737 interface-eca-handling 1738 interface-self-monitoring 1739 1740 sustained-event 1741 if-monitoring-condition 1742 if-matched-statistics 1743 1744 1745 1746 1748 1749 2016-11-21T13:51:00Z 1750 1751 1754 1755 GE0 1756 ianaift:gigabitEthernet 1757 false 1758 1760 1761 GE1 1762 ianaift:gigabitEthernet 1763 true 1764 1766 1767 GE2 1768 ianaift:gigabitEthernet 1769 true 1770 1771 1772 1773 1774 2016-11-21T13:53:00Z 1775 1776 completed 1777 interface-self-monitoring 1778 server-event 1779 NETCONF 1780 ietf-interfacs 1781 5 1782 12 1783 1784 1786 In this example, the event name is set to 'interface-self- 1787 monitoring', the event type is set to 'server-event', the name of 1788 'condition-action' is corresponding to standard function call 1789 'sustained-event'. 1791 Appendix C. Changes between Revisions 1793 v07 - v08 1795 Replace ECA model usage example with self monitoring usage example 1796 in the appendix. 1798 Clean up references. 1800 Add a new section to discuss Mapping Policy Variables to XPath 1801 Variables. 1803 Add a new section to discuss ECA XPath Context. 1805 Add a new section to discuss ECA Evaluation Exceptions. 1807 Rewrite Introduction to highlight elevator pitch. 1809 Replace implicit variable and explicit variable with pv-source 1810 variable and pv-result variable. 1812 Take out function-call, cleanup-condition-action list, execution 1813 list, policy argument container, eca-script list at this moment. 1815 v06 - v07 1817 o Reuse alarm notification event received on an event stream (RFC 1818 8639) in ECA logic; 1820 o Represent ECA condition expression only in the form of Xpath 1821 expression; 1823 o Add ECA condition expression example in the appendix; 1825 o Add ECA model usage example in the appendix; 1827 o Remove the section to discuss the relation with YANG push; 1829 o Remove the dependency to SUPA framework draft; 1831 o Remove smart filter extension example in the Appendix. 1833 o Bind ECA script with condition expression in the model. 1835 v05 - v06 1837 o Decouple ECA model from NETCONF protocol and make it applicable to 1838 other network mangement protocols. 1840 o Move objective section to the last section with additional generic 1841 objectives. 1843 v04 - v05 1845 o Harmonize with draft-bryskin and add additional attributes in the 1846 models (e.g., policy variable, func call enhancement, rpc 1847 execution); 1849 o ECA conditions part harmonization; 1851 o ECA Event, Condition, Action, Policy Variable and Value 1852 definition; 1854 o Change ietf-event.yang into ietf-eca.yang and remove ietf-event- 1855 trigger.yang 1857 v02 - v03 1859 o Usage Example Update: add an usage example to introduce how to 1860 reuse the ietf-event-trigger module to define the subscription- 1861 notification smarter filter. 1863 v01 - v02 1865 o Introduce the group-id which allow group a set of events that can 1866 be executed together 1868 o Change threshold trigger condition into variation trigger 1869 condition to further clarify the difference between boolean 1870 trigger condition and variation trigger condition. 1872 o Module structure optimization. 1874 o Usage Example Update. 1876 v00 - v01 1878 o Separate ietf-event-trigger.yang from Event management modeland 1879 ietf-event.yang and make it reusable in other YANG models. 1881 o Clarify the difference between boolean trigger condition and 1882 threshold trigger condition. 1884 o Change evt-smp-min and evt-smp-max into min-data-object and max- 1885 data-object in the data model. 1887 Authors' Addresses 1889 Andy Bierman 1890 YumaWorks 1892 Email: andy@yumaworks.com 1894 Qin Wu 1895 Huawei 1896 101 Software Avenue, Yuhua District 1897 Nanjing, Jiangsu 210012 1898 China 1900 Email: bill.wu@huawei.com 1902 Igor Bryskin 1903 Individual 1905 Email: i_bryskin@yahoo.com 1907 Henk Birkholz 1908 Fraunhofer SIT 1910 Email: henk.birkholz@sit.fraunhofer.de 1911 Xufeng Liu 1912 Volta Networks 1914 Email: xufeng.liu.ietf@gmail.com 1916 Benoit Claise 1917 Cisco 1919 Email: bclaise@cisco.com