draft-ietf-netconf-restconf-client-server-00.txt   draft-ietf-netconf-restconf-client-server-01.txt 
NETCONF Working Group K. Watsen NETCONF Working Group K. Watsen
Internet-Draft Juniper Networks Internet-Draft Juniper Networks
Intended status: Standards Track J. Schoenwaelder Intended status: Standards Track J. Schoenwaelder
Expires: January 9, 2017 Jacobs University Bremen Expires: May 7, 2017 Jacobs University Bremen
July 8, 2016 November 3, 2016
RESTCONF Client and Server Models RESTCONF Client and Server Models
draft-ietf-netconf-restconf-client-server-00 draft-ietf-netconf-restconf-client-server-01
Abstract Abstract
This document defines two YANG modules, one module to configure a This document defines two YANG modules, one module to configure a
RESTCONF client and the other module to configure a RESTCONF server. RESTCONF client and the other module to configure a RESTCONF server.
Both modules support the TLS transport protocol with both standard Both modules support the TLS transport protocol with both standard
RESTCONF and RESTCONF Call Home connections. RESTCONF and RESTCONF Call Home connections.
Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
This draft contains many placeholder values that need to be replaced This draft contains many placeholder values that need to be replaced
with finalized values at the time of publication. This note with finalized values at the time of publication. This note
summarizes all of the substitutions that are needed. No other RFC summarizes all of the substitutions that are needed. No other RFC
Editor instructions are specified elsewhere in this document. Editor instructions are specified elsewhere in this document.
This document contains references to other drafts in progress, both This document contains references to other drafts in progress, both
in the Normative References section, as well as in body text in the Normative References section, as well as in body text
throughout. Please update the following references to reflect their throughout. Please update the following references to reflect their
final RFC assignments: final RFC assignments:
o draft-ietf-netconf-system-keychain o draft-ietf-netconf-keystore
o draft-ietf-netconf-tls-client-server o draft-ietf-netconf-tls-client-server
Artwork in this document contains shorthand references to drafts in Artwork in this document contains shorthand references to drafts in
progress. Please apply the following replacements: progress. Please apply the following replacements:
o "XXXX" --> the assigned RFC value for this draft o "XXXX" --> the assigned RFC value for this draft
o "YYYY" --> the assigned RFC value for draft-ietf-netconf-restconf o "YYYY" --> the assigned RFC value for draft-ietf-netconf-restconf
o "ZZZZ" --> the assigned RFC value for draft-ietf-netconf-tls- o "ZZZZ" --> the assigned RFC value for draft-ietf-netconf-tls-
client-server client-server
Artwork in this document contains placeholder values for the date of Artwork in this document contains placeholder values for the date of
publication of this draft. Please apply the following replacement: publication of this draft. Please apply the following replacement:
o "2016-07-08" --> the publication date of this draft o "2016-11-02" --> the publication date of this draft
The following two Appendix sections are to be removed prior to The following two Appendix sections are to be removed prior to
publication: publication:
o Appendix A. Change Log o Appendix A. Change Log
o Appendix B. Open Issues o Appendix B. Open Issues
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 2, line 26 skipping to change at page 2, line 26
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2017. This Internet-Draft will expire on May 7, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 22 skipping to change at page 4, line 22
EDITOR NOTE: Please ignore this section, it is incomplete. EDITOR NOTE: Please ignore this section, it is incomplete.
The RESTCONF client model presented in this section supports both The RESTCONF client model presented in this section supports both
clients initiating connections to servers, as well as clients clients initiating connections to servers, as well as clients
listening for connections from servers calling home. listening for connections from servers calling home.
This model supports both TLS transport protocols using the TLS client This model supports both TLS transport protocols using the TLS client
groupings defined in [draft-ietf-netconf-tls-client-server]. groupings defined in [draft-ietf-netconf-tls-client-server].
All private keys and trusted certificates are held in the keychain All private keys and trusted certificates are held in the keystore
model defined in [draft-ietf-netconf-system-keychain]. model defined in [draft-ietf-netconf-keystore].
YANG feature statements are used to enable implementations to YANG feature statements are used to enable implementations to
advertise which parts of the model the RESTCONF client supports. advertise which parts of the model the RESTCONF client supports.
2.1. Tree Diagram 2.1. Tree Diagram
Note: all lines are folded at column 71 with no '\' character. Note: all lines are folded at column 71 with no '\' character.
module: ietf-restconf-client module: ietf-restconf-client
+--rw restconf-client +--rw restconf-client
+--rw initiate {tls-initiate}? +--rw initiate {tls-initiate}?
+--rw listen {tls-listen}? +--rw listen {tls-listen}?
2.2. Example Usage 2.2. Example Usage
The following example illustrates configuring a RESTCONF client to The following example illustrates configuring a RESTCONF client to
initiate connections, as well as listening for call-home connections. initiate connections, as well as listening for call-home connections.
This example is consistent with the examples presented in Section 2.2 This example is consistent with the examples presented in Section 2.2
of [draft-ietf-netconf-system-keychain]. of [draft-ietf-netconf-keystore].
FIXME FIXME
2.3. YANG Model 2.3. YANG Model
This YANG module imports YANG types from [RFC6991] and [RFC7407]. This YANG module imports YANG types from [RFC6991] and [RFC7407].
<CODE BEGINS> file "ietf-restconf-client@2016-07-08.yang" <CODE BEGINS> file "ietf-restconf-client@2016-11-02.yang"
// Editor's Note: // Editor's Note:
// This module is incomplete at this time. Below is // This module is incomplete at this time. Below is
// just a skeleton so there's something in the draft. // just a skeleton so there's something in the draft.
// Please ignore this module for now! // Please ignore this module for now!
module ietf-restconf-client { module ietf-restconf-client {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-client"; namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-client";
prefix "rcc"; prefix "rcc";
skipping to change at page 5, line 37 skipping to change at page 5, line 37
//} //}
import ietf-x509-cert-to-name { import ietf-x509-cert-to-name {
prefix x509c2n; prefix x509c2n;
reference reference
"RFC 7407: A YANG Data Model for SNMP Configuration"; "RFC 7407: A YANG Data Model for SNMP Configuration";
} }
import ietf-tls-client { import ietf-tls-client {
prefix ts; prefix ts;
revision-date 2016-07-08; // stable grouping definitions revision-date 2016-11-02; // stable grouping definitions
reference reference
"RFC ZZZZ: TLS Client and Server Models"; "RFC ZZZZ: TLS Client and Server Models";
} }
*/ */
organization organization
"IETF NETCONF (Network Configuration) Working Group"; "IETF NETCONF (Network Configuration) Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/netconf/> "WG Web: <http://tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org> WG List: <mailto:netconf@ietf.org>
skipping to change at page 6, line 28 skipping to change at page 6, line 28
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision "2016-07-08" { revision "2016-11-02" {
description description
"Initial version"; "Initial version";
reference reference
"RFC XXXX: RESTCONF Client and Server Models"; "RFC XXXX: RESTCONF Client and Server Models";
} }
// Features // Features
feature tls-initiate { feature tls-initiate {
description description
skipping to change at page 7, line 35 skipping to change at page 7, line 35
3. The RESTCONF Server Model 3. The RESTCONF Server Model
The RESTCONF Server model presented in this section supports servers The RESTCONF Server model presented in this section supports servers
both listening for connections as well as initiating call-home both listening for connections as well as initiating call-home
connections. connections.
This model supports the TLS using the TLS server groupings defined in This model supports the TLS using the TLS server groupings defined in
[draft-ietf-netconf-tls-client-server]. [draft-ietf-netconf-tls-client-server].
All private keys and trusted certificates are held in the keychain All private keys and trusted certificates are held in the keystore
model defined in [draft-ietf-netconf-system-keychain]. model defined in [draft-ietf-netconf-keystore].
YANG feature statements are used to enable implementations to YANG feature statements are used to enable implementations to
advertise which parts of the model the RESTCONF server supports. advertise which parts of the model the RESTCONF server supports.
3.1. Tree Diagram 3.1. Tree Diagram
Note: all lines are folded at column 71 with no '\' character. Note: all lines are folded at column 71 with no '\' character.
module: ietf-restconf-server module: ietf-restconf-server
+--rw restconf-server +--rw restconf-server
+--rw listen {listen}? +--rw listen {listen}?
| +--rw max-sessions? uint16 | +--rw max-sessions? uint16
| +--rw endpoint* [name] | +--rw endpoint* [name]
| +--rw name string | +--rw name string
| +--rw (transport) | +--rw (transport)
| +--:(tls) {tls-listen}? | +--:(tls) {tls-listen}?
| +--rw tls | +--rw tls
| +--rw address? inet:ip-address | +--rw address? inet:ip-address
| +--rw port? inet:port-number | +--rw port? inet:port-number
| +--rw certificates | +--rw certificates
| | +--rw certificate* [name] | | +--rw certificate* [name]
| | +--rw name -> /kc:keychain/private-keys/p | | +--rw name -> /ks:keystore/private-keys/
rivate-key/certificate-chains/certificate-chain/name private-key/certificate-chains/certificate-chain/name
| +--rw client-auth | +--rw client-auth
| +--rw trusted-ca-certs? -> /kc:keychain/t | +--rw trusted-ca-certs? -> /ks:keystore/
rusted-certificates/name trusted-certificates/name
| +--rw trusted-client-certs? -> /kc:keychain/t | +--rw trusted-client-certs? -> /ks:keystore/
rusted-certificates/name trusted-certificates/name
| +--rw cert-maps | +--rw cert-maps
| +--rw cert-to-name* [id] | +--rw cert-to-name* [id]
| +--rw id uint32 | +--rw id uint32
| +--rw fingerprint x509c2n:tls-fingerpr | +--rw fingerprint x509c2n:tls-fingerp
int rint
| +--rw map-type identityref | +--rw map-type identityref
| +--rw name string | +--rw name string
+--rw call-home {call-home}? +--rw call-home {call-home}?
+--rw restconf-client* [name] +--rw restconf-client* [name]
+--rw name string +--rw name string
+--rw (transport) +--rw (transport)
| +--:(tls) {tls-call-home}? | +--:(tls) {tls-call-home}?
| +--rw tls | +--rw tls
| +--rw endpoints | +--rw endpoints
| | +--rw endpoint* [name] | | +--rw endpoint* [name]
| | +--rw name string | | +--rw name string
| | +--rw address inet:host | | +--rw address inet:host
| | +--rw port? inet:port-number | | +--rw port? inet:port-number
| +--rw certificates | +--rw certificates
| | +--rw certificate* [name] | | +--rw certificate* [name]
| | +--rw name -> /kc:keychain/private-keys/p | | +--rw name -> /ks:keystore/private-keys/
rivate-key/certificate-chains/certificate-chain/name private-key/certificate-chains/certificate-chain/name
| +--rw client-auth | +--rw client-auth
| +--rw trusted-ca-certs? -> /kc:keychain/t | +--rw trusted-ca-certs? -> /ks:keystore/
rusted-certificates/name trusted-certificates/name
| +--rw trusted-client-certs? -> /kc:keychain/t | +--rw trusted-client-certs? -> /ks:keystore/
rusted-certificates/name trusted-certificates/name
| +--rw cert-maps | +--rw cert-maps
| +--rw cert-to-name* [id] | +--rw cert-to-name* [id]
| +--rw id uint32 | +--rw id uint32
| +--rw fingerprint x509c2n:tls-fingerpr | +--rw fingerprint x509c2n:tls-fingerp
int rint
| +--rw map-type identityref | +--rw map-type identityref
| +--rw name string | +--rw name string
+--rw connection-type +--rw connection-type
| +--rw (connection-type)? | +--rw (connection-type)?
| +--:(persistent-connection) | +--:(persistent-connection)
| | +--rw persistent! | | +--rw persistent!
| | +--rw keep-alives | | +--rw keep-alives
| | +--rw max-wait? uint16 | | +--rw max-wait? uint16
| | +--rw max-attempts? uint8 | | +--rw max-attempts? uint8
| +--:(periodic-connection) | +--:(periodic-connection)
| +--rw periodic! | +--rw periodic!
| +--rw reconnect-timeout? uint16 | +--rw reconnect-timeout? uint16
+--rw reconnect-strategy +--rw reconnect-strategy
+--rw start-with? enumeration +--rw start-with? enumeration
+--rw max-attempts? uint8 +--rw max-attempts? uint8
3.2. Example Usage 3.2. Example Usage
The following example illustrates configuring a RESTCONF server to The following example illustrates configuring a RESTCONF server to
listen for RESTCONF client connections, as well as configuring call- listen for RESTCONF client connections, as well as configuring call-
home to one RESTCONF client. home to one RESTCONF client.
This example is consistent with the examples presented in Section 2.2 This example is consistent with the examples presented in Section 2.2
of [draft-ietf-netconf-system-keychain]. of [draft-ietf-netconf-keystore].
<restconf-server <restconf-server
xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-server"> xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-server">
<!-- listening for TLS (HTTPS) connections --> <!-- listening for TLS (HTTPS) connections -->
<listen> <listen>
<endpoint> <endpoint>
<name>netconf/tls</name> <name>netconf/tls</name>
<tls> <tls>
<address>11.22.33.44</address> <address>11.22.33.44</address>
skipping to change at page 11, line 28 skipping to change at page 11, line 28
</reconnect-strategy> </reconnect-strategy>
</restconf-client> </restconf-client>
</call-home> </call-home>
</restconf-server> </restconf-server>
3.3. YANG Model 3.3. YANG Model
This YANG module imports YANG types from [RFC6991] and [RFC7407]. This YANG module imports YANG types from [RFC6991] and [RFC7407].
<CODE BEGINS> file "ietf-restconf-server@2016-07-08.yang" <CODE BEGINS> file "ietf-restconf-server@2016-11-02.yang"
module ietf-restconf-server { module ietf-restconf-server {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-server"; namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-server";
prefix "rcs"; prefix "rcs";
//import ietf-netconf-acm { //import ietf-netconf-acm {
// prefix nacm; // prefix nacm;
// reference // reference
skipping to change at page 12, line 9 skipping to change at page 12, line 9
} }
import ietf-x509-cert-to-name { import ietf-x509-cert-to-name {
prefix x509c2n; prefix x509c2n;
reference reference
"RFC 7407: A YANG Data Model for SNMP Configuration"; "RFC 7407: A YANG Data Model for SNMP Configuration";
} }
import ietf-tls-server { import ietf-tls-server {
prefix ts; prefix ts;
revision-date 2016-07-08; // stable grouping definitions revision-date 2016-11-02; // stable grouping definitions
reference reference
"RFC ZZZZ: TLS Client and Server Models"; "RFC ZZZZ: TLS Client and Server Models";
} }
organization organization
"IETF NETCONF (Network Configuration) Working Group"; "IETF NETCONF (Network Configuration) Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/netconf/> "WG Web: <http://tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org> WG List: <mailto:netconf@ietf.org>
skipping to change at page 12, line 47 skipping to change at page 12, line 47
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision "2016-07-08" { revision "2016-11-02" {
description description
"Initial version"; "Initial version";
reference reference
"RFC XXXX: RESTCONF Client and Server Models"; "RFC XXXX: RESTCONF Client and Server Models";
} }
// Features // Features
feature listen { feature listen {
description description
skipping to change at page 21, line 9 skipping to change at page 21, line 9
and Bert Wijnen. and Bert Wijnen.
Juergen Schoenwaelder and was partly funded by Flamingo, a Network of Juergen Schoenwaelder and was partly funded by Flamingo, a Network of
Excellence project (ICT-318488) supported by the European Commission Excellence project (ICT-318488) supported by the European Commission
under its Seventh Framework Programme. under its Seventh Framework Programme.
7. References 7. References
7.1. Normative References 7.1. Normative References
[draft-ietf-netconf-keystore]
Watsen, K., "Keystore Model", draft-ieft-netconf-
keystore-00 (work in progress), 2016,
<https://datatracker.ietf.org/html/draft-ieft-netconf-
keystore>.
[draft-ietf-netconf-restconf] [draft-ietf-netconf-restconf]
Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", draft-ieft-netconf-restconf-13 (work in Protocol", draft-ieft-netconf-restconf-13 (work in
progress), 2016, <https://datatracker.ietf.org/html/draft- progress), 2016, <https://datatracker.ietf.org/html/draft-
ieft-netconf-restconf>. ieft-netconf-restconf>.
[draft-ietf-netconf-system-keychain]
Watsen, K., "System Keychain Model", draft-ieft-netconf-
system-keychain-00 (work in progress), 2016,
<https://datatracker.ietf.org/html/draft-ieft-netconf-
system-keychain>.
[draft-ietf-netconf-tls-client-server] [draft-ietf-netconf-tls-client-server]
Watsen, K., "TLS Client and Server Models", draft-ieft- Watsen, K., "TLS Client and Server Models", draft-ieft-
netconf-tls-client-server-00 (work in progress), 2016, netconf-tls-client-server-00 (work in progress), 2016,
<https://datatracker.ietf.org/html/draft-ieft-netconf-tls- <https://datatracker.ietf.org/html/draft-ieft-netconf-tls-
client-server>. client-server>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
 End of changes. 19 change blocks. 
93 lines changed or deleted 93 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/