draft-ietf-i2rs-ephemeral-state-06.txt   draft-ietf-i2rs-ephemeral-state-07.txt 
I2RS working group J. Haas I2RS working group J. Haas
Internet-Draft Juniper Internet-Draft Juniper
Intended status: Standards Track S. Hares Intended status: Standards Track S. Hares
Expires: November 6, 2016 Huawei Expires: November 26, 2016 Huawei
May 5, 2016 May 25, 2016
I2RS Ephemeral State Requirements I2RS Ephemeral State Requirements
draft-ietf-i2rs-ephemeral-state-06 draft-ietf-i2rs-ephemeral-state-07
Abstract Abstract
This document covers requests to the netmod and netconf Working This document covers requests to the NETMOD and NETCONF Working
Groups for functionality to support the ephemeral state requirements Groups for functionality to support the ephemeral state requirements
to implement the I2RS architecture. to implement the I2RS architecture.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 6, 2016. This Internet-Draft will expire on November 26, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 10 skipping to change at page 2, line 10
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Review of Requirements from I2RS architecture document . . . 3 2. Review of Requirements from I2RS architecture document . . . 3
3. Ephemeral State Requirements . . . . . . . . . . . . . . . . 4 3. Ephemeral State Requirements . . . . . . . . . . . . . . . . 5
3.1. Persistence . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Persistence . . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Constraints . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. Constraints . . . . . . . . . . . . . . . . . . . . . . . 5
3.3. Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . 5 3.3. Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . 5
3.4. Changes to YANG . . . . . . . . . . . . . . . . . . . . . 5 4. YANG Features for Ephemeral State for I2RS Protocol version 1 5
3.4.1. Suggested Yang syntax changes . . . . . . . . . . . . 5 5. NETCONF Features for Ephemeral State for I2RS Protocol
3.5. Minimal Changes to NETCONF for I2RS Protocol version 1 . 6 version 1 . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.5.1. Dependencies . . . . . . . . . . . . . . . . . . . . 7 6. RESTCONF Features for Ephemeral State for I2RS Protocol
3.5.2. Modified operations . . . . . . . . . . . . . . . . . 7 version 1 . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.5.3. Unsupported operations . . . . . . . . . . . . . . . 7 7. Requirements regarding Supporting Multi-Head Control via
3.5.4. Interactions with existing capabilities . . . . . . . 7 Client Priority . . . . . . . . . . . . . . . . . . . . . . . 9
3.6. Changes to RESTCONF for Ephemeral State . . . . . . . . . 7 8. Multiple Message Transactions . . . . . . . . . . . . . . . . 10
3.6.1. dependencies for RESTCONF . . . . . . . . . . . . . . 8 9. Pub/Sub Requirements Expanded for Ephemeral State . . . . . . 11
3.6.2. modification to context . . . . . . . . . . . . . . . 9 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
3.6.3. modification to existing operations . . . . . . . . . 9 11. Security Considerations . . . . . . . . . . . . . . . . . . . 11
3.7. Requirements regarding Identity, Secondary-Identity and 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11
Priority . . . . . . . . . . . . . . . . . . . . . . . . 9 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.7.1. Identity Requirements . . . . . . . . . . . . . . . . 9 13.1. Normative References: . . . . . . . . . . . . . . . . . 12
3.7.2. Priority Requirements . . . . . . . . . . . . . . . . 9 13.2. Informative References . . . . . . . . . . . . . . . . . 14
3.7.3. Transactions . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
3.7.4. Subscriptions to Changed State Requirements . . . . . 11
4. Previously Considered Ideas . . . . . . . . . . . . . . . . . 12
4.1. A Separate Ephemeral Data store . . . . . . . . . . . . . 12
4.2. Panes of Glass/Overlay . . . . . . . . . . . . . . . . . 13
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
6. Security Considerations . . . . . . . . . . . . . . . . . . . 13
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
8.1. Normative References: . . . . . . . . . . . . . . . . . . 14
8.2. Informative References . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
The Interface to the Routing System (I2RS) Working Group is chartered The Interface to the Routing System (I2RS) Working Group is chartered
with providing architecture and mechanisms to inject into and with providing architecture and mechanisms to inject into and
retrieve information from the routing system. The I2RS Architecture retrieve information from the routing system. The I2RS Architecture
document [I-D.ietf-i2rs-architecture] abstractly documents a number document [I-D.ietf-i2rs-architecture] abstractly documents a number
of requirements for implementing the I2RS requirements. of requirements for implementing the I2RS requirements. Section 2
reviews 10 key requirements related to ephemeral state.
The I2RS Working Group has chosen to use the YANG data modeling The I2RS Working Group has chosen to use the YANG data modeling
language [RFC6020] as the basis to implement its mechanisms. language [RFC6020] as the basis to implement its mechanisms.
Additionally, the I2RS Working group has chosen to use the NETCONF Additionally, the I2RS Working group has chosen to re-use two
[RFC6241] and its similar but lighter-weight relative RESTCONF existing protocols, NETCONF [RFC6241] and its similar but lighter-
[I-D.ietf-netconf-restconf] as the protocols for carrying I2RS. weight relative RESTCONF [I-D.ietf-netconf-restconf], as the
protocols for carrying I2RS.
While YANG, NETCONF and RESTCONF are a good starting basis for I2RS, What does re-use of a protocol mean? Re-use means that while YANG,
there are some things needed from each of them in order for I2RS to NETCONF and RESTCONF are a good starting basis for the I2RS protocol,
be implemented. the creation of the I2RS protocol implementations requires that the
I2RS requirements
1. select features from YANG, NETCONF, and RESTCONF per version of
the I2RS protocol (See sections 4, 5, and 6)
2. propose additions to YANG, NETCONF, and RESTCONF per version of
the I2RS protocol for key functions (ephemeral state, protocol
security, publication/subscription service, traceability),
3. suggest protocol strawman as ideas for the NETCONF, RESTCONF, and
YANG changes.
The purpose of these requirements and the suggested protocol straw
man is to provide a quick turnaround on creating the I2RS protocol.
Support for ephemeral state is I2RS protocol requirement that
requires datastore changes (see section 3), Yang additions (see
section 4), NETCONF additions (see section 5), and RESTCONF additions
(see section 6).
Sections 7-9 provide details that expand upon the changes in sections
3-6 to clarify requirements discussed by the I2RS and NETCONF working
groups. Sections 7 provide additional requirements that detail how
write-conflicts should be resolved if two I2RS client write the same
data. Section 8 provides an additional requirement that details on
I2RS support of multiple message transactions. Section 9 highlights
two requirements in the I2RS publication/subscription requirements
[I-D.ietf-i2rs-pub-sub-requirements] that must be expanded for
ephemeral state.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
2. Review of Requirements from I2RS architecture document 2. Review of Requirements from I2RS architecture document
The following are ten requirements that [I-D.ietf-i2rs-architecture] The I2RS architecture defines important high-level requirements for
contains which are important high level requirements: the I2RS protocol. The following are ten requirements that
[I-D.ietf-i2rs-architecture] contains which provide context for the
ephemeral data state requirements given in sections 3-8:
1. The I2RS protocol SHOULD support highly reliable notifications 1. The I2RS protocol SHOULD support highly reliable notifications
(but not perfectly reliable notifications) from an I2RS agent to (but not perfectly reliable notifications) from an I2RS agent to
an I2RS client. an I2RS client.
2. The I2RS protocol SHOULD support a high bandwidth, asynchronous 2. The I2RS protocol SHOULD support a high bandwidth, asynchronous
interface, with real-time guarantees on getting data from an interface, with real-time guarantees on getting data from an
I2RS agent by an I2RS client. I2RS agent by an I2RS client.
3. The I2RS protocol will operate on data models which may be 3. The I2RS protocol will operate on data models which MAY be
protocol independent or protocol dependent. protocol independent or protocol dependent.
4. I2RS Agent needs to record the client identity when a node is 4. I2RS Agent MUST record the client identity when a node is
created or modified. The I2RS Agent needs to be able to read created or modified. The I2RS Agent SHOULD to be able to read
the client identity of a node and use the client identity's the client identity of a node and use the client identity's
associated priority to resolve conflicts. The secondary associated priority to resolve conflicts. The secondary
identity is useful for traceability and may also be recorded. identity is useful for traceability and may also be recorded.
5. Client identity will have only one priority for the client 5. Client identity MUST have only one priority for the client's
identity. A collision on writes is considered an error, but identifer. A collision on writes is considered an error, but
priority is utilized to compare requests from two different the priority associated with each client identifier is utilized
clients in order to modify an existing node entry. Only an to compare requests from two different clients in order to
entry from a client which is higher priority can modify an modify an existing node entry. Only an entry from a client
existing entry (First entry wins). Priority only has meaning at which is higher priority can modify an existing entry (First
the time of use. entry wins). Priority only has meaning at the time of use.
6. The Agent identity and the Client identity should be passed 6. The Agent identity and the Client identity SHOULD be passed
outside of the I2RS protocol in a authentication and outside of the I2RS protocol in a authentication and
authorization protocol (AAA). Client priority may be passed in authorization protocol (AAA). Client priority may be passed in
the AAA protocol. The values of identities are originally set the AAA protocol. The values of identities are originally set
by operators, and not standardized. by operators, and not standardized.
7. An I2RS Client and I2RS Agent mutually authenticate each other 7. An I2RS Client and I2RS Agent MUST mutually authenticate each
based on pre-established authenticated identities. other based on pre-established authenticated identities.
8. Secondary identity data is read-only meta-data that is recorded 8. Secondary identity data is read-only meta-data that is recorded
by the I2RS agent associated with a data model's node is by the I2RS agent associated with a data model's node is
written, updated or deleted. Just like the primary identity, written, updated or deleted. Just like the primary identity,
the secondary identity is only recorded when the data node is the secondary identity SHOULD only be recorded when the data
written or updated or deleted node is written or updated or deleted
9. I2RS agent can have a lower priority I2RS client attempting to 9. I2RS agent MAY have a lower priority I2RS client attempting to
modify a higher priority client's entry in a data model. The modify a higher priority client's entry in a data model. The
filtering out of lower priority clients attempting to write or filtering out of lower priority clients attempting to write or
modify a higher priority client's entry in a data model SHOULD modify a higher priority client's entry in a data model SHOULD
be effectively handled and not put an undue strain on the I2RS be effectively handled and not put an undue strain on the I2RS
agent. Note: Jeff's suggests that priority is kept at the NACM agent.
([RFC6536])at the client level (rather than the path level or
the group level) will allow these lower priority clients to be
filtered out using an extended NACM approach. This is only a
suggestion of a method to provide the requirement 9.
10. The I2RS protocol MUST support the use of a secure transport. 10. The I2RS protocol MUST support the use of a secure transport.
However, certain functions such as notifications MAY use a non- However, certain functions such as notifications MAY use a non-
secure transport. Each model or service (notification, logging) secure transport. Each model or service (notification, logging)
must define within the model or service the valid uses of a non- must define within the model or service the valid uses of a non-
secure transport. secure transport.
3. Ephemeral State Requirements 3. Ephemeral State Requirements
3.1. Persistence 3.1. Persistence
skipping to change at page 5, line 17 skipping to change at page 5, line 37
constraints. constraints.
Ephemeral-REQ-04: Ephemeral state MAY refer to non-ephemeral state Ephemeral-REQ-04: Ephemeral state MAY refer to non-ephemeral state
for purposes of implementing constraints. The designer of ephemeral for purposes of implementing constraints. The designer of ephemeral
state modules are advised that such constraints may impact the speed state modules are advised that such constraints may impact the speed
of processing ephemeral state commits and should avoid them when of processing ephemeral state commits and should avoid them when
speed is essential. speed is essential.
3.3. Hierarchy 3.3. Hierarchy
Ephemeral-REQ-05: The ability to add on an object (or a hierarchy of Ephemeral-REQ-05: The ability to augment an object with appropriate
objects) that have the property of being ephemeral. YANG structures that have the property of being ephemeral. An object
defined as Yang module, schema tree, a schema node, submodule or
components of a submodule (derived types, groupings, data node, RPCs,
actions, and notifications".
3.4. Changes to YANG 4. YANG Features for Ephemeral State for I2RS Protocol version 1
Ephemeral-REQ-06: Yang MUST have a way to indicate in a data model Ephemeral-REQ-06: Yang MUST have a way to indicate in a data model
that nodes have the following properties: ephemeral, writable/not- that nodes have the following properties: ephemeral, writable/not-
writable, status/configuration, and secure/non-secure transport. writable, status/configuration, and secure/non-secure transport. (If
you desire examples, please see [I-D.hares-i2rs-protocol-strawman]
3.4.1. Suggested Yang syntax changes for potential yang syntax).
The minimal changes to Yang are:
1. protocol version support - "I2RS version 1",
2. ephemeral true; (key word)
3. data models indicate which component protocol is supported
"NETCONF", "RESTCONF"
4. encoding support - XML or JSON
5. data models indicate which transports protocol supported:"SSH",
"TLS", "TCP" (nonsecure);
6. configuration for non-secure transport
1. i2rs-transport-non-secure ok;
7. Configuration for no validation checks: ephemeral-validation no
check;
1. The key word "no-check" implies the I2RS client has done all
the validation and the I2RS agent is only validating the
message context. The risk in this validation method
2. the key word "full" implies the I2RS Client is doing all
validation normally done for a configuration node.
8. These key words can apply to ephemeral leafs, ephemeral sub-
modules, ephemeral modules, and rpc allowing flexible validation
levels. This validation level can also be set on an rpc command
(e.g. rpc for creating a new route in the I2RS RIB). The default
for all I2RS ephemeral writes is full.
9. Note: Anything less than full validation runs the risk of having
bad data in the I2RS ephemeral state.
3.5. Minimal Changes to NETCONF for I2RS Protocol version 1 5. NETCONF Features for Ephemeral State for I2RS Protocol version 1
Ephemeral-REQ-07: The conceptual changes to NETCONF Ephemeral-REQ-07: The conceptual changes to NETCONF
o protocol version support - "I2RS-version 1", 1. protocol version support for I2RS modifications - (e.g. I2RS
version 1)
o ephemeral model scope - ephemeral modules, mixed config module
(ephemeral and config), mixed derived state (ephemeral and
config).
o multiple message support - "all or nothing",
o pane of glass support - single ephemeral pane only.
o protocol support - NETCONF [RFC6241], yang pub-sub push
[I-D.ietf-netconf-yang-push], yang module library
[I-D.ietf-netconf-yang-library], call-home
[I-D.ietf-netconf-call-home], and server modules
[I-D.ietf-netconf-server-model] (server module must be augmented
to support mutual authentication).
o encoding support - XML or JSON
o transports protocol supported: "TCP", "SSH", "TLS", non-secure,
and others.
o ability to select transports data model available for management 2. support for ephemeral model scope indication - which indicates
protocol. Insecure portions must be able to select a insecure whether a module is an ephemeral-only module, mixed config module
transport. (ephemeral and config), mixed derived state (ephemeral and
config).
o yang modules syntax changes described in section 3.4. 3. multiple message support - supports the I2RS "all or nothing"
concept ([I-D.ietf-i2rs-architecture] section 7.9) which is the
same as NETCONF "roll-back-on-error".
3.5.1. Dependencies 4. support for the following transports protocol supported: "TCP",
"SSH", "TLS", and non-secure transport (see
[I-D.ietf-i2rs-protocol-security-requirements] section 3.2 in
requirements SEC-REQ-09 and SEC-REQ-11 for details). NETCONF
should be able to expand the number of secure transport protocols
supported as I2RS may add additional transport protocols.
1. Yang data models, sub-modules, or modules must be flagged with 5. ability to restrict insecure transport support to specific
ephemeral data store flag, portions of a data models marked as valid to transfer via
insecure protocol.
2. Yang modules must support notification of write conflicts. 6. ephemeral state overwriting of configuration state MUST be
controlled by the following policy knobs (as defined by
[I-D.ietf-i2rs-architecture] section 6.3 and 6.3.1):
3. yang modules syntax changes described in section 3.4. * ephemeral configuration overwrites local configuration (true/
false; normal value: true), and
4. Yang modules must support the following NETCONF/RESTCONF * Update of local configuration value supercedes and overwrites
features: the ephemeral configuration (true/false; normal value: false).
1. The yang module library feature 7. The ephemeral overwriting to local configuration described in (8)
[I-D.ietf-netconf-yang-library], above is considered to be the composite of all ephemeral values
by all clients. Some may consider this approach as a single pane
of glass for ephemeral state.
2. Publication-Subscription model found in 8. The ephemeral state must support notification of write conflicts
[I-D.ietf-netconf-yang-push] using the priority requirements defined in section 3.7 below in
requirements Ephemeral-REQ-09 through Ephemeral-REQ-14).
3. Server initiated connection to a client 9. Ephemeral data stores SHOULD not require support interactions
[I-D.ietf-netconf-call-home] with writable-running, candidate data store, confirmed commit,
and a distinct start-up capability,
4. data models to configure RESTCONF/NETCONF servers This list of requirements require the following the following
[I-D.ietf-netconf-server-model], existing features are supported:
3.5.2. Modified operations support for the following encodings: XML or JSON.
<get-config>, <edit-config> <copy-config>, <delete-config> <get> support for the following transports protocol supported: "TCP",
<close-session>, <kill-session> are altered to abide by ephemeral "SSH", "TLS".
data store rules.
3.5.3. Unsupported operations all of the following NETCONF protocol [RFC6241] specifications:
<lock> and <unlock> are not supported for a target of ephemeral. * yang pub-sub push [I-D.ietf-netconf-yang-push],
3.5.4. Interactions with existing capabilities * yang module library [I-D.ietf-netconf-yang-library],
Ephemeral data stores do not support interactions with writable- * call-home [I-D.ietf-netconf-call-home], and
running, candidate data store, confirmed commit, and a distinct
start-up capability,
Ephemeral data stores only support a "roll-back-on error" (I2RS all- * server model [I-D.ietf-netconf-server-model] with the server
or-nothing), URL capability and XPATH capability in source or target. module must be augmented to support mutual authentication (see
[I-D.ietf-i2rs-protocol-security-requirements] section 3.1 in
requirements: SEC-REQ-01 to SEC-REQ-08).
3.6. Changes to RESTCONF for Ephemeral State 6. RESTCONF Features for Ephemeral State for I2RS Protocol version 1
Ephemeral-REQ-08: The conceptual changes to RESTCONF are: Ephemeral-REQ-08: The conceptual changes to RESTCONF are:
o protocol version support - "I2RS-version 1". 1. protocol version support for I2RS protocol modification (e.g.
I2RS-version 1).
o ephemeral model scope allowed - ephemeral modules, mixed config
module (ephemeral and config), mixed derived state (ephemeral and
config).
o multiple message support - "all or nothing",
o pane of glass support - "single ephemeral pane only".
o protocol support - RESTCONF [I-D.ietf-netconf-restconf], yang pub-
sub push [I-D.ietf-netconf-yang-push], yang module library
[I-D.ietf-netconf-yang-library], call-home
[I-D.ietf-netconf-call-home], and server modules
[I-D.ietf-netconf-server-model] (server module must be augmented
to support mutual authentication).
o encoding support - XML or JSON
o transports protocol supported: "SSH", "TLS", "TCP"(non-secure).
o ability to select insecure transport for portion of data model.
3.6.1. dependencies for RESTCONF
1. Yang data models, sub-modules, or modules must be flagged with
ephemeral data store flag,
2. Yang modules must support notification of write conflicts. 2. ephemeral model scope allowed - ephemeral modules, mixed config
module (ephemeral and config), mixed derived state (ephemeral and
config).
3. yang modules syntax changes described in section 3.4. 3. support for both of the following transport protocol suites:
4. Yang modules must support the following NETCONF/RESTCONF * HTTP over TLS (secure HTTP as defined in RESTCONF
features: [I-D.ietf-netconf-restconf] section 2),
1. the yang-patch features as specified in * HTTP used in a non-secure fashion (See
[I-D.ietf-netconf-yang-patch]. [I-D.ietf-i2rs-protocol-security-requirements], section 3.2,
requirements SEC-REQ-09 and SEC-REQ-11 for details), and
2. The yang module library feature * RESTCONF SHOULD be able to expand the transports supported as
[I-D.ietf-netconf-yang-library], as future I2RS protocol versions may support other transports.
3. Publication-Subscription model found in 4. The ability to restrict insecure transports to specific portions
[I-D.ietf-netconf-yang-push] of a data model marked as valid to transfer via an insecure
protocol.
4. Server initiated connection to a client 5. Support for the development of a RESTCONF based yang pub-sub push
[I-D.ietf-netconf-call-home] based on the requirements in [I-D.ietf-i2rs-pub-sub-requirements]
and equivalent to the netconf . [I-D.ietf-netconf-yang-push]
5. data models to configure RESTCONF/NETCONF servers 6. ephemeral state overwriting of configuration state MUST be
[I-D.ietf-netconf-server-model], controlled by the following policy knobs (as defined by
[I-D.ietf-i2rs-architecture] section 6.3 and 6.3.1)
3.6.2. modification to context * Ephemeral configuration overwrites local configuration (true/
false; normal value:true), and
RESTCONF must be able to support ephemeral data with an ephemeral * Update of local configuration value supercedes and overwrites
context that supports "edit-collision" features that include the ephemeral configuration (true/false; normal value:false).
timestamp, Entity tag, and the ability to compare I2RS client-
priorities.
3.6.3. modification to existing operations 7. The ephemeral state overwriting a local configuration described
above is considered to be the composite of all ephemeral state
values by all clients. Some may consider this a single "pane of
glass" for the ephemeral values.
The following modification to the existing operations are required: 8. RESTCONF support ephemeral state MUST support notification of
write conflicts using the priority requirements (see section 3.7
below, specifically requirements Ephemeral-REQ-09 through
Ephemeral-REQ-14). Expansion of existing "edit-collision"
features (timestamp and Entity tag) to include I2RS client-
priorities is preferred since I2RS client-Agents exchange MAY
wish to use the existing edit-collision features in RESTCONF.
1. OPTIONS - provide indication of ephemeral in modules, 9. Ephemeral data stores SHOULD not require support for interactions
with writeable-running, candidate data stores, confirmed commit,
and a distinct start-up capability.
2. HEAD - able to get HEAD of ephemeral or config module or the head This requirement also requires that RESTCONF support all of the
of groups of ephemeral or configuration nodes in a module. following specifications:
3. GET,Post,PUT, Patch, Delete, Query Parameters - must be able to 1. support for the following encodings: XML or JSON.
handle a context="Ephemeral".
4. Ephemeral database must support publication notifications or 2. all of the following curren RESTCONF specifications:
errors as event stream, and subscribing to portions of that event
stream. (see [I-D.ietf-netconf-yang-push]
3.7. Requirements regarding Identity, Secondary-Identity and Priority 1. RESTCONF [I-D.ietf-netconf-restconf],
3.7.1. Identity Requirements 2. the yang-patch features as specified in
[I-D.ietf-netconf-yang-patch],
Ephemeral-REQ-09:Clients shall have identifiers and secondary 3. yang module library [I-D.ietf-netconf-yang-library] as
identifiers. defined in RESTCONF [I-D.ietf-netconf-restconf] section
3.3.3),
Explanation: 4. call-home [I-D.ietf-netconf-call-home],
I2RS requires clients to have an identifier. This identifier will be 5. zero-touch [I-D.ietf-netconf-zerotouch], and
used by the Agent authentication mechanism over the appropriate
protocol.
The Secondary identities can be carried as part of rpc or meta-data 6. server modules [I-D.ietf-netconf-server-model] (server module
[I-D.ietf-netmod-yang-metadata]. The primary purpose of the must be augmented to support mutual authentication).
secondary identity is for traceability information which logs (who
modifies certain nodes). This secondary identity is an opaque value.
[I-D.ietf-i2rs-traceability] provides an example of how the secondary
identity can be used for traceability.
3.7.2. Priority Requirements 7. Requirements regarding Supporting Multi-Head Control via Client
Priority
To support Multi-Headed Control, I2RS requires that there be a To support Multi-Headed Control, I2RS requires that there be a
decidable means of arbitrating the correct state of data when decidable means of arbitrating the correct state of data when
multiple clients attempt to manipulate the same piece of data. This multiple clients attempt to manipulate the same piece of data. This
is done via a priority mechanism with the highest priority winning. is done via a priority mechanism with the highest priority winning.
This priority is per-client. This priority is per-client.
Ephemeral-REQ-09: The data nodes MAY store I2RS client identity and Ephemeral-REQ-09: The data nodes MAY store I2RS client identity and
not the effective priority at the time the data node is stored. The not the effective priority at the time the data node is stored. Per
I2RS Client MUST have one priority at a time. The priority MAY be SEC-REQ-07 in section 3.1 of
dynamically changed by AAA, but the exact actions are part of the [I-D.ietf-i2rs-protocol-security-requirements], an identifier must
protocol definition as long as collisions are handled as described in have just one priority. Therefore, the data nodes MAY store I2RS
client identity and not the effective priority of the I2RS client at
the time the data node is stored. The priority MAY be dynamically
changed by AAA, but the exact actions are part of the protocol
definition as long as collisions are handled as described in
Ephemeral-REQ-10, Ephemeral-REQ-11, and Ephemeral-REQ-12. Ephemeral-REQ-10, Ephemeral-REQ-11, and Ephemeral-REQ-12.
Ephemeral-REQ-10: When a collision occurs as two clients are trying Ephemeral-REQ-10: When a collision occurs as two clients are trying
to write the same data node, this collision is considered an error to write the same data node, this collision is considered an error
and priorities were created to give a deterministic result. When and priorities were created to give a deterministic result. When
there is a collision, a notification MUST BE sent to the original there is a collision, a notification MUST BE sent to the original
client to give the original client a chance to deal with the issues client to give the original client a chance to deal with the issues
surrounding the collision. The original client may need to fix their surrounding the collision. The original client may need to fix their
state. state.
skipping to change at page 10, line 34 skipping to change at page 10, line 7
Multi-headed control is not tied to ephemeral state. I2RS is not Multi-headed control is not tied to ephemeral state. I2RS is not
mandating how AAA supports priority. Mechanisms which prevent mandating how AAA supports priority. Mechanisms which prevent
collisions of two clients trying the same node of data are the focus. collisions of two clients trying the same node of data are the focus.
Ephemeral-REQ-12: If two clients have the same priority, the Ephemeral-REQ-12: If two clients have the same priority, the
architecture says the first one wins. The I2RS protocol has this architecture says the first one wins. The I2RS protocol has this
requirement to prevent was the oscillation between clients. If one requirement to prevent was the oscillation between clients. If one
uses the last wins scenario, you may oscillate. That was our uses the last wins scenario, you may oscillate. That was our
opinion, but a design which prevents oscillation is the key point. opinion, but a design which prevents oscillation is the key point.
Hints for Implementation 8. Multiple Message Transactions
Ephemeral configuration state nodes that are created or altered by
users that match a rule carrying i2rs-priority will have those nodes
annotated with meta data. Additionally, during commit processing, if
nodes are found where i2rs-priority is already present, and the
priority is better than the transaction's user's priority for that
node, the commit should fail. An appropriate error should be
returned to the user stating the nodes where the user had
insufficient priority to override the state.
3.7.3. Transactions
Ephemeral-REQ-13: Section 7.9 of the [I-D.ietf-i2rs-architecture] Ephemeral-REQ-13: Section 7.9 of the [I-D.ietf-i2rs-architecture]
states the I2RS architecture does not include multi-message atomicity states the I2RS architecture does not include multi-message atomicity
and roll-back mechanisms. I2RS notes multiple operations in one or and roll-back mechanisms. I2RS notes multiple operations in one or
more messages handling can handle errors within the set of operations more messages handling can handle errors within the set of operations
in many ways. No multi-message commands SHOULD cause errors to be in many ways. No multi-message commands SHOULD cause errors to be
inserted into the I2RS ephemeral data-store. inserted into the I2RS ephemeral data-store.
Explanation: Explanation:
skipping to change at page 11, line 39 skipping to change at page 11, line 5
Discussion of Current NETCONF/RESTCONF versus Discussion of Current NETCONF/RESTCONF versus
RESTCONF does an atomic action within a http session, and NETCONF has RESTCONF does an atomic action within a http session, and NETCONF has
atomic actions within a commit. These features may be used to atomic actions within a commit. These features may be used to
perform these features. perform these features.
I2RS processing is dependent on the I2RS model. The I2RS model must I2RS processing is dependent on the I2RS model. The I2RS model must
consider the dependencies within multiple operations work within a consider the dependencies within multiple operations work within a
model. model.
3.7.4. Subscriptions to Changed State Requirements 9. Pub/Sub Requirements Expanded for Ephemeral State
I2RS clients require the ability to monitor changes to ephemeral I2RS clients require the ability to monitor changes to ephemeral
state. While subscriptions are well defined for receiving state. While subscriptions are well defined for receiving
notifications, the need to create a notification set for all notifications, the need to create a notification set for all
ephemeral configuration state may be overly burdensome to the user. ephemeral configuration state may be overly burdensome to the user.
There is thus a need for a general subscription mechanism that can There is thus a need for a general subscription mechanism that can
provide notification of changed state, with sufficient information to provide notification of changed state, with sufficient information to
permit the client to retrieve the impacted nodes. This should be permit the client to retrieve the impacted nodes. This should be
doable without requiring the notifications to be created as part of doable without requiring the notifications to be created as part of
every single I2RS module. every single I2RS module.
The following requirements from the The publication/subscription requirements for I2RS are in
[I-D.ietf-i2rs-pub-sub-requirements] apply to ephemeral state: [I-D.ietf-i2rs-pub-sub-requirements], and the following general
requirements SHOULD be understood to be expanded to to include
o PubSub-REQ-1: The I2RS interface SHOULD support user subscriptions ephemeral state:
to data with the following parameters: push of data synchronously
or asynchronously via registered subscriptions.
o PubSub-REQ-2: Real time for notifications SHOULD be defined by the
data models.
o PubSub-REQ-3: Security of the pub/sub data stream SHOULD be able
to be model dependent.
o PubSub-REQ-4: The Pub/Sub mechanism SHOULD allow subscription to
critical Node Events. Examples of critical node events are BGP
peers down or ISIS protocol overload bits.
o PubSub-REQ-5:I2RS telemetry data for certain protocols (E.g. BGP)
will require a hierarchy of filters or XPATHs. The I2RS protocol
design MUST balance security against the throughput of the
telemetry data.
o PubSub-REQ-6: I2RS Filters SHOULD be able to be dynamic.
o PubSub-REQ-7: I2rs protocol MUST be able to allow I2RS agent to
set limits on the data models it will support for pub/sub and
within data models to support knobs for maximum frequency or
resolution of pub/sub data.
4. Previously Considered Ideas
4.1. A Separate Ephemeral Data store
The primary advantage of a fully separate data store is that the
semantics of its contents are always clearly ephemeral. It also
provides strong segregation of I2RS configuration and operational
state from the rest of the system within the network element.
The most obvious disadvantage of such a fully separate data store is
that interaction with the network element's operational or
configuration state becomes significantly more difficult. As an
example, a BGP I2RS use case would be the dynamic instantiation of a
BGP peer. While it is readily possible to re-use any defined
groupings from an IETF-standardized BGP module in such an I2RS
ephemeral data store's modules, one cannot currently reference state
from one data store to another
For example, XPath queries are done in the context document of the
data store in question and thus it is impossible for an I2RS model to
fulfil a "must" or "when" requirement in the BGP module in the
standard data stores. To implement such a mechanism would require
appropriate semantics for XPath.
4.2. Panes of Glass/Overlay
I2RS ephemeral configuration state is generally expected to be
disjoint from persistent configuration. In some cases, extending
persistent configuration with ephemeral attributes is expected to be
useful. A case that is considered potentially useful but problematic
was explored was the ability to "overlay" persistent configuration
with ephemeral configuration.
In this overlay scenario, persistent configuration that was not
shadowed by ephemeral configuration could be "read through".
There were two perceived disadvantages to this mechanism:
The general complexity with managing the overlay mechanism itself. o Pub-Sub-REQ-01: The Subscription Service MUST support
subscriptions against ephemeral data in operational data stores,
configuration data stores or both.
Consistency issues with validation should the ephemeral state be o Pub-Sub-REQ-02: The Subscription Service MUST support filtering so
lost, perhaps on reboot. In such a case, the previously shadowed that subscribed updates under a target node might publish only
persistent state may no longer validate. ephemeral data in operational data or configuration data, or
publish both ephemeral and operational data.
5. IANA Considerations 10. IANA Considerations
There are no IANA requirements for this document. There are no IANA requirements for this document.
6. Security Considerations 11. Security Considerations
The security requirements for the I2RS protocol are covered in The security requirements for the I2RS protocol are covered in
[I-D.ietf-i2rs-protocol-security-requirements] document. [I-D.ietf-i2rs-protocol-security-requirements] document. The
security requirements for the I2RS protocol environment are in
[I-D.ietf-i2rs-security-environment-reqs].
7. Acknowledgements 12. Acknowledgements
This document is an attempt to distill lengthy conversations on the This document is an attempt to distill lengthy conversations on the
I2RS mailing list for an architecture that was for a long period of I2RS mailing list for an architecture that was for a long period of
time a moving target. Some individuals in particular warrant time a moving target. Some individuals in particular warrant
specific mention for their extensive help in providing the basis for specific mention for their extensive help in providing the basis for
this document: this document:
o Alia Atlas o Alia Atlas
o Andy Bierman o Andy Bierman
o Martin Bjorklund o Martin Bjorklund
o Dean Bogdanavich o Dean Bogdanavich
o Rex Fernando o Rex Fernando
o Joel Halpern o Joel Halpern
o Thomas Nadeau o Thomas Nadeau
o Juergen Schoenwaelder o Juergen Schoenwaelder
skipping to change at page 14, line 16 skipping to change at page 12, line 20
o Rex Fernando o Rex Fernando
o Joel Halpern o Joel Halpern
o Thomas Nadeau o Thomas Nadeau
o Juergen Schoenwaelder o Juergen Schoenwaelder
o Kent Watsen o Kent Watsen
8. References 13. References
8.1. Normative References: 13.1. Normative References:
[I-D.ietf-i2rs-architecture] [I-D.ietf-i2rs-architecture]
Atlas, A., Halpern, J., Hares, S., Ward, D., and T. Atlas, A., Halpern, J., Hares, S., Ward, D., and T.
Nadeau, "An Architecture for the Interface to the Routing Nadeau, "An Architecture for the Interface to the Routing
System", draft-ietf-i2rs-architecture-15 (work in System", draft-ietf-i2rs-architecture-15 (work in
progress), April 2016. progress), April 2016.
[I-D.ietf-i2rs-protocol-security-requirements] [I-D.ietf-i2rs-protocol-security-requirements]
Hares, S., Migault, D., and J. Halpern, "I2RS Security Hares, S., Migault, D., and J. Halpern, "I2RS Security
Related Requirements", draft-ietf-i2rs-protocol-security- Related Requirements", draft-ietf-i2rs-protocol-security-
requirements-03 (work in progress), March 2016. requirements-06 (work in progress), May 2016.
[I-D.ietf-i2rs-pub-sub-requirements] [I-D.ietf-i2rs-pub-sub-requirements]
Voit, E., Clemm, A., and A. Prieto, "Requirements for Voit, E., Clemm, A., and A. Prieto, "Requirements for
Subscription to YANG Datastores", draft-ietf-i2rs-pub-sub- Subscription to YANG Datastores", draft-ietf-i2rs-pub-sub-
requirements-07 (work in progress), May 2016. requirements-09 (work in progress), May 2016.
[I-D.ietf-i2rs-security-environment-reqs]
Migault, D., Halpern, J., and S. Hares, "I2RS Environment
Security Requirements", draft-ietf-i2rs-security-
environment-reqs-01 (work in progress), April 2016.
[I-D.ietf-i2rs-traceability] [I-D.ietf-i2rs-traceability]
Clarke, J., Salgueiro, G., and C. Pignataro, "Interface to Clarke, J., Salgueiro, G., and C. Pignataro, "Interface to
the Routing System (I2RS) Traceability: Framework and the Routing System (I2RS) Traceability: Framework and
Information Model", draft-ietf-i2rs-traceability-09 (work Information Model", draft-ietf-i2rs-traceability-11 (work
in progress), May 2016. in progress), May 2016.
[I-D.ietf-netconf-call-home] [I-D.ietf-netconf-call-home]
Watsen, K., "NETCONF Call Home and RESTCONF Call Home", Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
draft-ietf-netconf-call-home-17 (work in progress), draft-ietf-netconf-call-home-17 (work in progress),
December 2015. December 2015.
[I-D.ietf-netconf-restconf] [I-D.ietf-netconf-restconf]
Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", draft-ietf-netconf-restconf-13 (work in Protocol", draft-ietf-netconf-restconf-13 (work in
skipping to change at page 15, line 26 skipping to change at page 13, line 36
Bierman, A., Bjorklund, M., and K. Watsen, "YANG Patch Bierman, A., Bjorklund, M., and K. Watsen, "YANG Patch
Media Type", draft-ietf-netconf-yang-patch-08 (work in Media Type", draft-ietf-netconf-yang-patch-08 (work in
progress), March 2016. progress), March 2016.
[I-D.ietf-netconf-yang-push] [I-D.ietf-netconf-yang-push]
Clemm, A., Prieto, A., Voit, E., Tripathy, A., and E. Clemm, A., Prieto, A., Voit, E., Tripathy, A., and E.
Einar, "Subscribing to YANG datastore push updates", Einar, "Subscribing to YANG datastore push updates",
draft-ietf-netconf-yang-push-02 (work in progress), March draft-ietf-netconf-yang-push-02 (work in progress), March
2016. 2016.
[I-D.ietf-netconf-zerotouch]
Watsen, K. and M. Abrahamsson, "Zero Touch Provisioning
for NETCONF or RESTCONF based Management", draft-ietf-
netconf-zerotouch-08 (work in progress), April 2016.
[I-D.ietf-netmod-yang-metadata] [I-D.ietf-netmod-yang-metadata]
Lhotka, L., "Defining and Using Metadata with YANG", Lhotka, L., "Defining and Using Metadata with YANG",
draft-ietf-netmod-yang-metadata-07 (work in progress), draft-ietf-netmod-yang-metadata-07 (work in progress),
March 2016. March 2016.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<http://www.rfc-editor.org/info/rfc6241>. <http://www.rfc-editor.org/info/rfc6241>.
8.2. Informative References 13.2. Informative References
[I-D.hares-i2rs-protocol-strawman]
Hares, S., Bierman, A., and a. amit.dass@ericsson.com,
"I2RS protocol strawman", draft-hares-i2rs-protocol-
strawman-02 (work in progress), May 2016.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020, the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, DOI 10.17487/RFC6020, October 2010,
<http://www.rfc-editor.org/info/rfc6020>. <http://www.rfc-editor.org/info/rfc6020>.
 End of changes. 85 change blocks. 
330 lines changed or deleted 246 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/