[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-chisholm-netconf-monitoring) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 RFC 6022

Network Working Group                                           M. Scott
Internet-Draft                                                    Nortel
Intended status: Standards Track                            M. Bjorklund
Expires: April 17, 2010                                   Tail-f Systems
                                                        October 14, 2009


                       NETCONF Monitoring Schema
                    draft-ietf-netconf-monitoring-09

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.  This document may contain material
   from IETF Documents or IETF Contributions published or made publicly
   available before November 10, 2008.  The person(s) controlling the
   copyright in some of this material may not have granted the IETF
   Trust the right to allow modifications of such material outside the
   IETF Standards Process.  Without obtaining an adequate license from
   the person(s) controlling the copyright in such materials, this
   document may not be modified outside the IETF Standards Process, and
   derivative works of it may not be created outside the IETF Standards
   Process, except to format it for publication as an RFC or to
   translate it into languages other than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on April 17, 2010.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.




Scott & Bjorklund        Expires April 17, 2010                 [Page 1]


Internet-Draft          NETCONF Monitoring Schema           October 2009


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.














































Scott & Bjorklund        Expires April 17, 2010                 [Page 2]


Internet-Draft          NETCONF Monitoring Schema           October 2009


Abstract

   This document defines a NETCONF data model to be used to monitor the
   NETCONF protocol.  The monitoring data model includes information
   about NETCONF datastores, sessions, locks and statistics.  This data
   facilitates the management of a NETCONF server.  This document also
   defines methods for NETCONF clients to discover data models supported
   by a NETCONF server and defines a new NETCONF <get-schema> operation
   to retrieve them.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  Definition of Terms  . . . . . . . . . . . . . . . . . . .  4
   2.  Data Model to Monitor NETCONF  . . . . . . . . . . . . . . . .  5
     2.1.  The /netconf-state Subtree . . . . . . . . . . . . . . . .  5
       2.1.1.  The /netconf-state/capabilities Subtree  . . . . . . .  6
       2.1.2.  The /netconf-state/datastores Subtree  . . . . . . . .  6
       2.1.3.  The /netconf-state/schemas Subtree . . . . . . . . . .  6
       2.1.4.  The /netconf-state/sessions Subtree  . . . . . . . . .  8
       2.1.5.  The /netconf-state/statistics Subtree  . . . . . . . .  9
   3.  Schema Specific Operations . . . . . . . . . . . . . . . . . . 11
     3.1.  The <get-schema> Operation . . . . . . . . . . . . . . . . 11
   4.  Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
     4.1.  Retrieving Schema List via <get> Operation . . . . . . . . 12
     4.2.  Retrieving Schema Instances  . . . . . . . . . . . . . . . 14
   5.  NETCONF Monitoring Schema  . . . . . . . . . . . . . . . . . . 16
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 25
   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 26
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 27
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 28
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 28
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 29
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30
















Scott & Bjorklund        Expires April 17, 2010                 [Page 3]


Internet-Draft          NETCONF Monitoring Schema           October 2009


1.  Introduction

   This document defines a [YANG - A data modeling language for NETCONF]
   model to be used to monitor the NETCONF protocol.  It provides
   information about NETCONF sessions and supported schema.  The
   capabilities of a NETCONF server may change over time.  However, once
   a NETCONF server has announced its capabilities in the <hello>
   message, the capabilities for that session MUST NOT change.  A server
   MUST reply with a 'capabilities-changed' error if the client sends a
   request which is affected by a modified capability.  A server MAY
   choose to send 'capabilities-changed' as the response to any request
   other than <close-session> if its capabilities has changed.

   Considerations such as different schema formats, feature optionality
   and access controls can all impact the applicability and level of
   detail the NETCONF server sends to a client during session setup.
   Through updated monitoring data NETCONF clients can adjust their
   capabilities throughout a session.  Specifically the details returned
   can be used by a client to determine whether retrieval of new schema
   information is required and includes the information required to
   facilitate the retrieval.  The methods defined in this document
   address the need for further means to query and retrieve schema and
   netconf state information from a NETCONF server.  These are provided
   to complement existing base NETCONF capabilities and operations and
   in no way affect existing behaviour.

   A new <get-schema> operation is also defined to support explicit
   schema retrieval via NETCONF.

1.1.  Definition of Terms

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [Key words for use in
   RFCs to Indicate Requirement Levels].

   Schema:  A machine readable data model definition.  The schema is
      independent of which data modeling language is used for the data
      model.

   YANG:  YANG is a data modeling language used to model configuration
      and state data manipulated by the NETCONF protocol, NETCONF remote
      procedure calls, and NETCONF notifications.








Scott & Bjorklund        Expires April 17, 2010                 [Page 4]


Internet-Draft          NETCONF Monitoring Schema           October 2009


2.  Data Model to Monitor NETCONF

   The following data allows a NETCONF client to monitor both the
   NETCONF server itself and the associated network device operational
   data.  A server that implements the data model defined in this
   document MUST advertise the capability URI
   "urn:ietf:params:xml:ns:netconf:state".  The specific monitoring data
   defined in this draft which MUST be present follows.

2.1.  The /netconf-state Subtree


  The /netconf-state subtree is the root of the monitoring
  data model.  It acts as the container for the other monitored data.

    netconf-state
     /capabilities
     /datastores
     /schemas
     /sessions
     /statistics

  capabilities (list)
    List of NETCONF capabilities supported by the server.

  datastores (list)
    List of NETCONF datastores on the server.
    Includes all supported datastore types (running, candidate, startup)

  schemas (list)
    List of schemas supported on the server.
    Includes all the information required to identify the schemas and
    to support their retrieval.

  sessions (list)
    List of all active NETCONF sessions on the device.
    Includes per session counters for all NETCONF sessions.

    Per session counters are zero based with following reset behaviour:
       - at start of a session
       - when max value is reached

  statistics (Container)
    Contains global counters for the NETCONF server .

    Global counters are zero based with following reset behaviour:
       - re-initialization of NETCONF server
       - when max value is reached



Scott & Bjorklund        Expires April 17, 2010                 [Page 5]


Internet-Draft          NETCONF Monitoring Schema           October 2009


2.1.1.  The /netconf-state/capabilities Subtree

   The /netconf-state/capabilibiles subtree contains the capabilities
   supported by the NETCONF server.  The list MUST include all
   capabilities exchanged during session setup still applicable at the
   time of the request.

2.1.2.  The /netconf-state/datastores Subtree

The /netconf-state/datastores subtree contains the list of
available datastores for the NETCONF server and includes
information on their lock state.

configuration (list)
     /name
     /locks

name (container, netconf-datastore-type)
   Enumeration of supported datastores; candidate, running, startup.

locks (grouping, lock-info)
   The NETCONF <lock> and <partial-lock> operations allow a client
   to lock specific resources in a datastore.  The NETCONF server will
   prevent changes to the locked resources by all sessions except
   the one which acquired the lock(s).

   To provide clients the ability to manage locked resources lock
   information is provided for each ConfigurationDataStore instance.
   The lock data includes details such as the session which acquired
   the lock, the type of lock (global or partial) and the list of locked
   resources.  Multiple locks per datastore are supported.

   Both a global lock and a partial lock MUST contain the NETCONF
   session-id.

   For partial locks the list of locked nodes and the select expressions
   originally used to request the lock are returned. The scope of the
   partial lock is defined by the list of locked nodes. This list might
   change during the lifetime of the lock.  The select expressions
   indicate the original intended scope of the lock.

2.1.3.  The /netconf-state/schemas Subtree


  The list of supported schema for the NETCONF server.

  schema
      /identifier   (key)



Scott & Bjorklund        Expires April 17, 2010                 [Page 6]


Internet-Draft          NETCONF Monitoring Schema           October 2009


      /version      (key)
      /format       (key)
      /namespace
      /location

  The elements identifier, version, and format are used as a key in the
  schema list.  These are used in the <get-schema> operation.

  identifier (string)
    Identifier for the schema list entry.  For modeling languages which
    support or require a data model name (eg: YANG module name) the
    identifier MUST match that name.  For YANG data models, the
    identifier is the name of the module or submodule.  In other cases
    an identifier such as a filename MAY be used instead.

    Identifier is used in the <get-schema> operation and may
    be used for other means such as file retrieval.

  version (string)
    Version of the schema supported.  Multiple versions MAY be supported
    simultaneously by a NETCONF server.  Each version MUST be reported
    individually in the schema list, i.e. with same identifier, possibly
    different location, but different version.

    For YANG data models, version is the value of the most recent YANG
    "revision" statement in the module or submodule, or the empty string
    if no revision statement is present.

  format (identifyref, schema-format)
    The data modeling language of the file/module.  Current selection of
    xsd, yang, yin, rng and rnc.

    For YANG data models, the format is one of "yang" or "yin".

  namespace(inet:uri)
    The XML namespace defined by the data model.

  location (union: enum, inet:uri)
    One of more locations from which this specific schema can be
    retrieved.  The list SHOULD contain at least one entry per schema.

    A schema entry may be located on a network device (eg: xs:anyURI),
    a remote file system (eg: xs:string reference to file system for
    ftp retrieval) or available explicitly via NETCONF (xs:string
    value 'NETCONF') for NETCONF servers which support the
    <get-schema> operation.

    For YANG data models, this is the module's namespace.  If the list



Scott & Bjorklund        Expires April 17, 2010                 [Page 7]


Internet-Draft          NETCONF Monitoring Schema           October 2009


    entry describes a submodule, this field contains the namespace of
    the module to which the submodule belongs.


2.1.4.  The /netconf-state/sessions Subtree


   Includes session specific data for NETCONF management sessions.
   The session list MUST include all currently active NETCONF sessions,
   and MAY include other sessions as well.

   sessions (list):

   session
          /session-id (key)
          /transport
          /username
          /source-host
          /login-time
          /in-rpcs
          /in-bad-rpcs
          /out-rpc-errors
          /out-notifications

   session-id (session-id)
     Unique identifier for the session.  If the session is a NETCONF
     session, this value is the NETCONF session identifier, as defined
     in [NETCONF Configuration Protocol].

     For purposes of NETCONF management all sessions are one of:

       Known session:  any session which can be managed by the
         NETCONF server SHOULD be reported in this table.

       Unknown session:  such sessions are not managed by the
         NETCONF server and map to NETCONF session identifier 0.
            These MUST be excluded from the session table as a result.

   transport (identityref, transport)
     Idenfities type for each session, e.g. "netconf-ssh",
     "netconf-soap", etc.

   username (string)
     If present, the username contains an identifier which can be
     used to uniquely identify an individual client (human or
     machine).  This is likely to be implementation specific and
     subject to the security requirements of the device vendor
     and/or operators,  e.g., an SSH user, a host RSA fingerprint



Scott & Bjorklund        Expires April 17, 2010                 [Page 8]


Internet-Draft          NETCONF Monitoring Schema           October 2009


     or other identifier deemed acceptable.

   source-host (inet:host)
     Host identifier (IP address or name) of the client.

   login-time (yang:date-and-time)
     Time at which the session was established.

   in-rpcs (yang:zero-based-counter32)
     Number of correct <rpc> requests received.

   in-bad-rpcs (yang:zero-based-counter32)
     Number of messages received when a <rpc> message was expected,
     that were not correct <rpc> messages.  This includes XML parse
     errors and errors on the rpc layer.

   out-rpc-errors (yang:zero-based-counter32)
     Number of <rpc-reply> messages sent which contained an <rpc-error>
     element.

   out-notifications (yang:zero-based-counter32)
     Number of <notification> messages sent.

2.1.5.  The /netconf-state/statistics Subtree

  Statistical data pertaining to the NETCONF server.

  statistics
     /netconf-start-time
     /in-bad-hellos
     /in-sessions
     /dropped-sessions
     /in-rpcs
     /in-bad-rpcs
     /out-rpc-errors
     /out-notifications

  statistics:
    Contains management session related performance data for the NETCONF
    server.

  netconf-start-time (yang:date-and-time)
    Date and time at which the management subsystem was started.

  in-bad-hellos (yang:zero-based-counter32)
    Number of sessions silently dropped because an
    invalid <hello> message was received.  This includes hello
    messages with a 'session-id' attribute, bad namespace, and



Scott & Bjorklund        Expires April 17, 2010                 [Page 9]


Internet-Draft          NETCONF Monitoring Schema           October 2009


    bad capability declarations.

  in-sessions (yang:zero-based-counter32)
    Number of sessions started.  This counter is incremented when
    a <hello> message with a <session-id> is sent.
    I.e. 'in-sessions' - 'in-bad-hellos' = number of correctly
    started netconf sessions

  dropped-sessions (yang:zero-based-counter32)
    Number of sessions that were abnormally terminated, e.g. due
    to idle timeout or transport close.  This counter is not
    incremented when a session is properly closed by a
    <close-session> operation, or killed by a <kill-session>
    operation.

  in-rpcs (yang:zero-based-counter32)
    Number of correct <rpc> requests received.

  in-bad-rpcs (yang:zero-based-counter32)
    Number of messages received when a <rpc> message was expected,
    that were not correct <rpc> messages.  This includes XML parse
    errors and errors on the rpc layer.

  out-rpc-errors (yang:zero-based-counter32)
    Number of <rpc-reply> messages sent which contained an <rpc-error>
    element.

  out-notifications (yang:zero-based-counter32)
    Number of <notification> messages sent.






















Scott & Bjorklund        Expires April 17, 2010                [Page 10]


Internet-Draft          NETCONF Monitoring Schema           October 2009


3.  Schema Specific Operations

3.1.  The <get-schema> Operation


   Description:

   When the schema is available on the device this operation is
   used to return it via NETCONF.

   Parameters:

     identifier (string):
       Identifier for the schema list entry.
       Mandatory parameter.

     version (string):
       Version of the schema supported.
       Optional parameter.

     format (identityref, schema-format):
       The data modeling language of the schema.
       Optional parameter.
       Default value is 'yang' when not specified.

   Positive Response:

     The NETCONF server returns the requested schema.

   Negative Response:

     If requested schema does not exist, the <error-tag> is
     'invalid-value'.

     If requested schema is not unique, the <error-tag> is
     'operation-failed', and <error-app-tag> is 'data-not-unique'.















Scott & Bjorklund        Expires April 17, 2010                [Page 11]


Internet-Draft          NETCONF Monitoring Schema           October 2009


4.  Examples

4.1.  Retrieving Schema List via <get> Operation


A NETCONF client retrieves the list of supported schema from
a NETCONF server by retrieving the /netconf-state/schemas
subtree via a <get> operation.

Available schema for the requesting session are returned in the
reply containing the <identifier>,<version>, <format>,
and <location> elements.

Since the same schema may be available in multiple locations
and/or have multiple versions and/or multiple formats no
particular attribute is unique.

The response data can be used to determine the available schema
and their versions.  The schema itself (i.e. schema content) is
not returned in the response.  The URL details returned in the
list SHOULD facilitate retrieval from a network location via a
means such as ftp or http.

Additionally the ability to retrieve a schema via NETCONF SHOULD be
supported.  When a schema is available on the device and the
<get-schema> operation is supported by the NETCONF server a
location value of 'NETCONF' MUST be used to indicate that it can be
retrieved via NETCONF using the <get-schema> operation described
in section 3.1.

Example:

<rpc message-id="101"
     xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
   <get>
     <filter type="subtree">
       <netconf-state xmlns="urn:ietf:params:xml:ns:netconf:state">
         <schemas/>
       </netconf-state>
     </filter>
   </get>
 </rpc>


The NETCONF server returns a list of data models available for
retrieval.





Scott & Bjorklund        Expires April 17, 2010                [Page 12]


Internet-Draft          NETCONF Monitoring Schema           October 2009


<rpc-reply message-id="101"
           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <data>
    <netconf-state xmlns="urn:ietf:params:xml:ns:netconf:state">
      <schemas>
        <schema>
          <identifier>foo</identifier>
          <version>1.0</version>
          <format>xsd</format>
          <namespace>http://example.com/foo</namespace>
          <location>ftp://ftp.example.com/schemas/foo_1.0.xsd</location>
          <location>http://www.example.com/schema/foo_1.0.xsd</location>
          <location>NETCONF</location>
        </schema>
        <schema>
          <identifier>foo</identifier>
          <version>1.1</version>
          <format>xsd</format>
          <namespace>http://example.com/foo</namespace>
          <location>ftp://ftp.example.com/schemas/foo_1.1.xsd</location>
          <location>http://www.example.com/schema/foo_1.1.xsd</location>
          <location>NETCONF</location>
        </schema>
        <schema>
          <identifier>bar</identifier>
          <version>2008-06-01</version>
          <format>yang</format>
          <namespace>http://example.com/bar</namespace>
          <location>
            http://example.com/schema/bar-2008-06-01.yang
          </location>
          <location>NETCONF</location>
        </schema>
        <schema>
          <identifier>bar-types</identifier>
          <version>2008-06-01</version>
          <format>yang</format>
          <namespace>http://example.com/bar</namespace>
          <location>
            http://example.com/schema/bar-types-2008-06-01.yang
          </location>
          <location>NETCONF</location>
        </schema>
      </schemas>
    </netconf-state>
  </data>
</rpc-reply>




Scott & Bjorklund        Expires April 17, 2010                [Page 13]


Internet-Draft          NETCONF Monitoring Schema           October 2009


4.2.  Retrieving Schema Instances

   Given the reply in the previous section, the following examples
   illustrate the retrieval of 'foo', 'bar', and 'bar-types' schema at
   multiple locations, with multiple formats, and in multiple locations.

     1.  foo,  version 1.0 in xsd format:

       a.  Via FTP using location
           ftp://ftp.example.com/schemas/foo_1.0.xsd

       b.  Via HTTP using location
           http://www.example.com/schema/foo_1.0.xsd

       c.  Via <get-schema> using identifier, version, and
       format parameters.


       <rpc message-id="101"
         xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
         <get-schema xmlns="urn:ietf:params:xml:ns:netconf:state">
           <identifier>foo</identifier>
           <version>1.0</version>
           <format>xsd</format>
         </get-schema>
       </rpc>

       <rpc-reply message-id="101"
         xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
         <data xmlns="urn:ietf:params:xml:ns:netconf:state">
           <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
             <!-- foo 1.0 xsd schema contents here -->
           </xs:schema>
         </data>
       </rpc-reply>

     2. bar, version 2008-06-01 in YANG format:

       a.  Via HTTP using location
           http://example.com/schema/bar-2008-06-01.yang

       b.  Via <get-schema> using identifer, version, and
           format parameters:

         <rpc message-id="102"
           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
           <get-schema xmlns="urn:ietf:params:xml:ns:netconf:state">
             <identifer>bar</identifer>



Scott & Bjorklund        Expires April 17, 2010                [Page 14]


Internet-Draft          NETCONF Monitoring Schema           October 2009


             <version>2008-06-01</version>
             <format>yang</format>
           </get-schema>
         </rpc>

         <rpc-reply message-id="102"
           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
           <data xmlns="urn:ietf:params:xml:ns:netconf:state">
             module bar {
               bar version 2008-06-01 yang module
               contents here ...
             }
           </data>
         </rpc-reply>


     3. bar-types, version 2008-06-01 in default YANG format:

       a. Via <get-schema> using identifer, version, and
          format parameters:

       <rpc message-id="103"
         xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
         <get-schema xmlns="urn:ietf:params:xml:ns:netconf:state">
           <identifer>bar-types</identifer>
           <version>2008-06-01</version>
         </get-schema>
       </rpc>

       <rpc-reply message-id="103"
         xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
         <data xmlns="urn:ietf:params:xml:ns:netconf:state">
           module bar-types {
             bar-types version 2008-06-01 yang module
             contents here ...
           }
         </data>
       </rpc-reply>













Scott & Bjorklund        Expires April 17, 2010                [Page 15]


Internet-Draft          NETCONF Monitoring Schema           October 2009


5.  NETCONF Monitoring Schema



The data model described in this memo is defined in the
following YANG module.

<CODE BEGINS>
module ietf-netconf-state {

  namespace "urn:ietf:params:xml:ns:netconf:state";
  prefix "ns";

  import ietf-yang-types { prefix yang; }
  import ietf-inet-types { prefix inet; }

  organization
    "IETF NETCONF (Network Configuration) Working Group";

  contact
    "WG Web:   <http://tools.ietf.org/wg/netconf/>
     WG List:  <mailto:netconf@ietf.org>

     WG Chair: Mehmet Ersue
               <mailto:mehmet.ersue@nsn.com>

     WG Chair: Bert Wijnen
               <mailto:bertietf@bwijnen.net>

     Editor:   Mark Scott
               <mailto:markscot@nortel.com>";

  description
    "NETCONF Monitoring Module.
     All elements in this module are read-only.

     This version of this YANG module is part of RFC XXXX; see the
     RFC itself for full legal notices.";
     // RFC Ed.: replace XXXX with actual RFC number
     // and remove this note

  revision 2009-06-16 {
    description
      "Initial revision, published as RFC XXXX.";
    // RFC Ed.: replace XXXX with actual RFC number
    // and remove this note
  }




Scott & Bjorklund        Expires April 17, 2010                [Page 16]


Internet-Draft          NETCONF Monitoring Schema           October 2009


  // 'session-id-type' from 'ietf-netconf' module
  // can be replaced with import when 4741bis is published
  typedef session-id {
    description
      "NETCONF Session Id";
    type uint32 {
      range "1..max";
    }
    reference "RFC 4741: NETCONF Configuration Protocol";
  }

  // to be added to base protocol 'ietf-netconf' module
  // and imported when 4741bis is published
  grouping netconf-datastore-type {
    description
      "Enumeration of possible NETCONF datastore types.";
    reference "RFC 4741: NETCONF Configuration Protocol";
    choice datastore {
      mandatory true;
      leaf running {
        type empty;
      }
      leaf candidate {
        type empty;
      }
      leaf startup {
        type empty;
      }
    }
  }

  identity transport {
    description
      "Base identity for session types.";
  }

  identity netconf-ssh {
    base transport;
    reference "RFC 4742";
  }

  identity netconf-soap-over-beep {
    base transport;
    reference "RFC 4743";
  }

  identity netconf-soap-over-https {
    base transport;



Scott & Bjorklund        Expires April 17, 2010                [Page 17]


Internet-Draft          NETCONF Monitoring Schema           October 2009


    reference "RFC 4743";
  }

  identity netconf-beep {
    base transport;
    reference "RFC 4744";
  }

  identity netconf-tls {
    base transport;
    reference "RFC 5539";
  }

  identity schema-format {
    description
      "Base identity for data model schema languages.";
  }

  identity xsd {
    base schema-format;
    reference "W3C REC REC-xmlschema-1-20041028";
  }

  identity rng {
    base schema-format;
    reference "ISO/IEC 19757-2";
  }

  identity yang {
    base schema-format;
    reference "RFC XXXX:  YANG - A data modeling language for NETCONF";
  }

  identity yin {
    base schema-format;
    reference "RFC XXXX:  YANG - A data modeling language for NETCONF";
  }

  identity rnc {
    base schema-format;
    reference "ISO/IEC 19757-2";
  }

  grouping common-counters {
    description
      "Counters that exist both per session, and also globally,
      accumulated from all sessions.";
    leaf in-rpcs {



Scott & Bjorklund        Expires April 17, 2010                [Page 18]


Internet-Draft          NETCONF Monitoring Schema           October 2009


      type yang:zero-based-counter32;
      description
        "Number of correct <rpc> requests received.";
    }
    leaf in-bad-rpcs {
      type yang:zero-based-counter32;
      description
        "Number of messages received when a <rpc> message was expected,
        that were not correct <rpc> messages.  This includes XML parse
        errors and errors on the rpc layer.";
    }
    leaf out-rpc-errors {
      type yang:zero-based-counter32;
      description
        "Number of <rpc-reply> messages sent which contained an
        <rpc-error> element.";
    }
    leaf out-notifications {
      type yang:zero-based-counter32;
      description
        "Number of <notification> messages sent.";
    }
  }

  container netconf-state {
    config false;

    container capabilities {
      description
        "The list of currently provided NETCONF capabilities
         exchanged during session setup (i.e. hello).";
      leaf-list capability {
        type inet:uri;
      }
    }

    container datastores {
      description
        "List of NETCONF configuration datastores (e.g. running,
         startup, candidate) supported on this device and related
         information.";
      list datastore {
        container name {
          uses netconf-datastore-type;
        }
        container locks {
          description
            "An indication of whether a resource is locked or



Scott & Bjorklund        Expires April 17, 2010                [Page 19]


Internet-Draft          NETCONF Monitoring Schema           October 2009


             unlocked.  If locked, additional information about
             the locking such as user an time stamp is provided.";

          grouping lock-info {
            leaf locked-by-session {
              type session-id;
              description
                "The session ID of the session that has locked
                 this resource.";
            }
            leaf locked-time {
              type yang:date-and-time;
              description
                "The date and time of when the resource was
                 locked.";
            }
          }

          choice lock-type {
            container global-lock {
              description
                "Present if the global lock is set.";
              uses lock-info;
            }
            list partial-locks {
              key lock-id;
              description
                "For a partial lock this is the lock id returned
                  in the <partial-lock> response.";
              leaf lock-id {
                type uint32;
              }

              uses lock-info;
              leaf-list select {
                type string;
                min-elements 1;
                description
                  "The xpath expression which was used to request
                   the lock.";
              }
              leaf-list locked-nodes {
                type instance-identifier;
                description
                  "The list of instance-identifiers (i.e. the
                   locked nodes).";
              }
            }



Scott & Bjorklund        Expires April 17, 2010                [Page 20]


Internet-Draft          NETCONF Monitoring Schema           October 2009


          }
        }
      }
    }

    container schemas {
      list schema {
        key "identifier version format";
        leaf identifier {
          type string;
          description
            "Identifier to uniquely reference the schema";
        }
        leaf version {
          type string;
          description
            "Version of the schema supported.  Multiple versions can be
             supported simultaneously.";
        }
        leaf format {
          type identityref {
            base schema-format;
          }
          description
            "Schema language for the file/module.";
            }
        leaf namespace {
          type inet:uri;
          description
            "The XML namespace defined by the data model.";
        }
        leaf-list location {
          type union {
            type enumeration {
              enum "NETCONF";
            }
            type inet:uri;
          }
          description
          "One or more locations from which the schema can be
          retrieved. Can be either on the network device
          retrievable explicitly via the <get-schema> NETCONF
          operation (denoted by the value 'NETCONF') or some
          network location (i.e. URL).";
        }
      }
    }




Scott & Bjorklund        Expires April 17, 2010                [Page 21]


Internet-Draft          NETCONF Monitoring Schema           October 2009


    container sessions {
      description
        "List of management sessions currently active on this device.";

      list session {
        key session-id;
        leaf session-id {
          type session-id;
        }
        leaf transport {
          mandatory true;
          type identityref {
            base transport;
          }
        }
        leaf username  {
          type string;
        }
        leaf source-host {
          type inet:host;
        }
        leaf login-time {
          mandatory true;
          type yang:date-and-time;
          description
            "Time at which the session was established.";
        }
        uses common-counters {
          description
            "Per-session counters.";
        }
      }
    }

    container statistics {
      leaf netconf-start-time {
        type yang:date-and-time;
        description
          "Date and time at which the NETCONF server process was
           started.  Allows for calculation of time interval for
           reported metrics.";
      }
      leaf in-bad-hellos {
        type yang:zero-based-counter32;
        description
          "Number of sessions silently dropped because an
          invalid <hello> message was received.  This includes hello
          messages with a 'session-id' attribute, bad namespace, and



Scott & Bjorklund        Expires April 17, 2010                [Page 22]


Internet-Draft          NETCONF Monitoring Schema           October 2009


          bad capability declarations.";
      }
      leaf in-sessions {
        type yang:zero-based-counter32;
        description
          "Number of sessions started.  This counter is incremented when
          a <hello> message with a <session-id> is sent.

          'in-sessions' - 'in-bad-hellos' = 'number of correctly started
                                             netconf sessions'";
      }
      leaf dropped-sessions {
        type yang:zero-based-counter32;
        description
          "Number of sessions that were abnormally terminated, e.g. due
           to idle timeout or transport close.  This counter is not
           incremented when a session is properly closed by a
           <close-session> operation, or killed by a <kill-session>
           operation.";
      }
      uses common-counters {
        description
          "Global counters, accumulated from all sessions.";
      }

    }

  }

  rpc get-schema {
    description
      "When the schema is available on the device this operation is
      used to return it via NETCONF.  If requested schema does not
      exist, the <error-tag> is 'invalid-value'.  If requested schema
      is not unique, the <error-tag> is  'operation-failed' and the
      <error-app-tag> is 'data-not-unique'.";
    input {
      leaf identifier {
        type string;
        mandatory true;
      }
      leaf version {
        type string;
      }
      leaf format {
        type identityref {
          base schema-format;
        }



Scott & Bjorklund        Expires April 17, 2010                [Page 23]


Internet-Draft          NETCONF Monitoring Schema           October 2009


      }
    }
    output {
      anyxml data {
        description "Contains the schema content.";
      }
    }
  }
}
<CODE ENDS>









































Scott & Bjorklund        Expires April 17, 2010                [Page 24]


Internet-Draft          NETCONF Monitoring Schema           October 2009


6.  Security Considerations

   The NETCONF monitoring schema as defined in this document provides
   information about a NETCONF system that could be used to aid an
   attack on that system.  The same considerations as for the base
   [RFC4741] are valid.  It is assumed that access to the data and
   operations defined in this document are subject to appropriate access
   control on the device.











































Scott & Bjorklund        Expires April 17, 2010                [Page 25]


Internet-Draft          NETCONF Monitoring Schema           October 2009


7.  Acknowledgements

   The authors would like to thank Andy Bierman, Sharon Chisholm, Mehmet
   Ersue, Washam Fan, David Harrington, Balazs Lengyel, Hideki Okita,
   Juergen Schoenwaelder, Bert Wijnen and many other members of the
   NETCONF WG for providing important input to this document.













































Scott & Bjorklund        Expires April 17, 2010                [Page 26]


Internet-Draft          NETCONF Monitoring Schema           October 2009


8.  IANA Considerations

   -- Editor note to IANA/RFC-Editor: we request that you make these
   assignments, in which case it is to be documented as below.

   This document registers one URI in the IETF XML registry.

   Following the format in [The IETF XML Registry], the following
   registration is requested.


        URI: urn:ietf:params:xml:ns:netconf:state
        Registrant Contact: The IESG.
        XML: N/A, the requested URI is an XML namespace.

   This document registers one YANG module in the YANG Module Names
   registry [RFC XXXX].

        name: ietf-netconf-state
        namespace: urn:ietf:params:xml:ns:netconf:state
        prefix: ns
        reference: RFCXXXX





























Scott & Bjorklund        Expires April 17, 2010                [Page 27]


Internet-Draft          NETCONF Monitoring Schema           October 2009


9.  References

9.1.  Normative References

   [ISO/IEC 19757-2:2008]
              ISO/IEC, "Document Schema Definition Language (DSDL) --
              Part 2: Regular-grammar-based validation -- RELAX NG",
              December 2008, <http://www.iso.org/iso/
              catalogue_detail.htm?csnumber=37605>.

   [Key words for use in RFCs to Indicate Requirement Levels]
              Bradner, s., ""Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14", RFC 2119, March 1997,
              <http://www.ietf.org/rfc/rfc2119.txt>.

   [Partial Lock RPC for NETCONF]
              Lengyel, Balazs., "Partial Lock RPC for NETCONF",
              February 2009, <http://tools.ietf.org/html/
              draft-ietf-netconf-partial-lock-09>.

   [RFC4741]  Enns, R., "NETCONF Configuration Protocol", RFC 4741,
              February 2006, <http://www.ietf.org/rfc/rfc4741.txt>.

   [RFC4742]  Wasserman, M. and T. Goddard, "Using the NETCONF
              Configuration Protocol over Secure SHell (SSH)",
              December 2006, <http://tools.ietf.org/html/rfc4742>.

   [RFC4743]  Goddard, T., "Using NETCONF over the Simple Object Access
              Protocol (SOAP)", December 2006,
              <http://tools.ietf.org/html/rfc4743>.

   [RFC4744]  Lear, E. and K. Crozier, "Using the NETCONF Protocol over
              the Blocks Extensible Exchange Protocol (BEEP)",
              December 2008, <http://tools.ietf.org/html/rfc4744>.

   [RFC5277]  Chisholm, S. and H. Trevino, "NETCONF Event
              Notifications", ID draft-ietf-netconf-notification-14,
              July 2008, <http://www.ietf.org/rfc/rfc4741.txt>.

   [RFC5539]  Badra, M., "NETCONF over Transport Layer Security (TLS)",
              May 2009, <http://tools.ietf.org/html/rfc5539>.

   [The IETF XML Registry]
              Bradner, s., ""Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14", RFC 2119, March 1997,
              <http://tools.ietf.org/html/rfc3688>.

   [XML]      World Wide Web Consortium, "Extensible Markup Language



Scott & Bjorklund        Expires April 17, 2010                [Page 28]


Internet-Draft          NETCONF Monitoring Schema           October 2009


              (XML) 1.0", W3C XML, February 1998,
              <http://www.w3.org/TR/1998/REC-xml-19980210>.

   [xmlschema-2]
              Biron, Paul V. and Ashok. Malhotra, "XML Schema Part 2:
              Datatypes Second Edition W3C Recommendation 28 October
              2004", RFC 2119, October 2004,
              <http://www.w3.org/TR/xmlschema-2>.

9.2.  Informative References

   [Common YANG Data Types]
              Schoenwaelder, J., "Common YANG Data Types", June 2009, <h
              ttp://tools.ietf.org/html/
              draft-ietf-netmod-yang-types-03>.

   [YANG - A data modeling language for NETCONF]
              Bjorklund, M., "YANG - A data modeling language for
              NETCONF", June 2009,
              <http://tools.ietf.org/html/draft-ietf-netmod-yang-07>.































Scott & Bjorklund        Expires April 17, 2010                [Page 29]


Internet-Draft          NETCONF Monitoring Schema           October 2009


Authors' Addresses

   Mark Scott
   Nortel
   3500 Carling Ave
   Nepean, Ontario  K2H 8E9
   Canada

   Email: markscot@nortel.com


   Martin Bjorklund
   Tail-f Systems
   Klara Norra Kyrkogata 31
   SE-111 22 Stockholm,
   Sweden

   Email: mbj@tail-f.com

































Scott & Bjorklund        Expires April 17, 2010                [Page 30]


Html markup produced by rfcmarkup 1.129b, available from https://tools.ietf.org/tools/rfcmarkup/