| draft-ietf-netmod-factory-default-03.txt | draft-ietf-netmod-factory-default-04.txt | |||
|---|---|---|---|---|
| NETMOD Working Group Q. Wu | NETMOD Working Group Q. Wu | |||
| Internet-Draft Huawei | Internet-Draft Huawei | |||
| Intended status: Standards Track B. Lengyel | Intended status: Standards Track B. Lengyel | |||
| Expires: March 13, 2020 Ericsson Hungary | Expires: April 28, 2020 Ericsson Hungary | |||
| Y. Niu | Y. Niu | |||
| Huawei | Huawei | |||
| September 10, 2019 | October 26, 2019 | |||
| Factory Default Setting | Factory Default Setting | |||
| draft-ietf-netmod-factory-default-03 | draft-ietf-netmod-factory-default-04 | |||
| Abstract | Abstract | |||
| This document defines a method to reset a server to its factory- | This document defines a method to reset a server to its factory- | |||
| default content. The reset operation may be used e.g. during initial | default content. The reset operation may be used e.g. during initial | |||
| zero-touch configuration or when the existing configuration has major | zero-touch configuration or when the existing configuration has major | |||
| errors, so re-starting the configuration process from scratch is the | errors, so re-starting the configuration process from scratch is the | |||
| best option. | best option. | |||
| A new factory-reset RPC is defined. Several methods of documenting | A new factory-reset RPC is defined. Several methods of documenting | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 13, 2020. | This Internet-Draft will expire on April 28, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 4, line 27 ¶ | skipping to change at page 4, line 27 ¶ | |||
| content of the <factory-default> datastore, if it exists | content of the <factory-default> datastore, if it exists | |||
| 2. YANG Instance Data [I-D.ietf-netmod-yang-instance-file-format] | 2. YANG Instance Data [I-D.ietf-netmod-yang-instance-file-format] | |||
| 3. In some implementation specific manner | 3. In some implementation specific manner | |||
| 4. For dynamic datastores unless otherwise specified the factory- | 4. For dynamic datastores unless otherwise specified the factory- | |||
| default content is empty. | default content is empty. | |||
| In addition,the "factory-reset" RPC might also be used to trigger | In addition,the "factory-reset" RPC might also be used to trigger | |||
| files cleanup, restarting the node or some of the SW processes, or | some other restoring and resetting tasks such as files cleanup, | |||
| setting some security data/passwords to the default value, removing | restarting the node or some of the SW processes, or setting some | |||
| logs, removing any temporary data (from datastore or elsewhere) etc. | security data/passwords to the default value, removing logs, removing | |||
| How the "factory-reset" RPC is triggered is out of scope of this | any temporary data (from datastore or elsewhere) etc. When and why | |||
| document. | these tasks are triggered is not the scope of this document. | |||
| 3. Factory-Default Datastore | 3. Factory-Default Datastore | |||
| Following guidelines for defining Datastores in the appendix A of | Following guidelines for defining Datastores in the appendix A of | |||
| [RFC8342], this document introduces a new datastore resource named | [RFC8342], this document introduces a new datastore resource named | |||
| 'Factory-Default' that represents a preconfigured minimal initial | 'Factory-Default' that represents a preconfigured minimal initial | |||
| configuration that can be used to initialize the configuration of a | configuration that can be used to initialize the configuration of a | |||
| server. | server. | |||
| o Name: "factory-default" | o Name: "factory-default" | |||
| skipping to change at page 7, line 47 ¶ | skipping to change at page 7, line 47 ¶ | |||
| The YANG module defined in this document extends the base operations | The YANG module defined in this document extends the base operations | |||
| for NETCONF [RFC6241] and RESTCONF [RFC8040]. The lowest NETCONF | for NETCONF [RFC6241] and RESTCONF [RFC8040]. The lowest NETCONF | |||
| layer is the secure transport layer, and the mandatory-to-implement | layer is the secure transport layer, and the mandatory-to-implement | |||
| secure transport is Secure Shell (SSH) [RFC6242]. The lowest | secure transport is Secure Shell (SSH) [RFC6242]. The lowest | |||
| RESTCONF layer is HTTPS, and the mandatory-to-implement secure | RESTCONF layer is HTTPS, and the mandatory-to-implement secure | |||
| transport is TLS [RFC8446]. | transport is TLS [RFC8446]. | |||
| The <factory-reset> RPC operation may be considered sensitive in some | The <factory-reset> RPC operation may be considered sensitive in some | |||
| network enviroments,e.g., remote access to reset the device or | network enviroments,e.g., remote access to reset the device or | |||
| overwrite important and security sensitive information in one of the | overwrite security sensitive information in one of the other | |||
| other datastores e.g. running, therefore it is important to restrict | datastores, e.g. running, therefore it is important to restrict | |||
| access to this RPC using the standard access control methods. | access to this RPC using the standard access control methods. | |||
| [RFC8341] | [RFC8341] | |||
| The NETCONF Access Control Model (NACM) [RFC8341] provides the means | The NETCONF Access Control Model (NACM) [RFC8341] provides the means | |||
| to restrict access for particular users to a pre-configured subset of | to restrict access for particular users to a pre-configured subset of | |||
| all available protocol operations and content. | all available protocol operations and content. | |||
| 7. Acknowledgements | 7. Acknowledgements | |||
| Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell,Joe | Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell,Joe | |||
| Clark,Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy | Clark,Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy | |||
| skipping to change at page 9, line 36 ¶ | skipping to change at page 9, line 36 ¶ | |||
| default> datastore | default> datastore | |||
| When the device first boots up, the content of the <startup> and | When the device first boots up, the content of the <startup> and | |||
| <factory-default> will be identical. The content of <startup> can be | <factory-default> will be identical. The content of <startup> can be | |||
| subsequently changed by using <startup> as a target in a <copy- | subsequently changed by using <startup> as a target in a <copy- | |||
| config> operation. The <factory-default> is a read-only datastore | config> operation. The <factory-default> is a read-only datastore | |||
| and it is usually static as described in earlier sections. | and it is usually static as described in earlier sections. | |||
| Appendix C. Changes between revisions | Appendix C. Changes between revisions | |||
| v03 - 04 | ||||
| o Additional text to clarify factory-reset RPC usage. | ||||
| v02 - 03 | v02 - 03 | |||
| o Update security consideration section. | o Update security consideration section. | |||
| v01 - v02 | v01 - v02 | |||
| o Address security issue in the security consideration section. | o Address security issue in the security consideration section. | |||
| o Remove an extension to the NETCONF <copy-config> operation which | o Remove an extension to the NETCONF <copy-config> operation which | |||
| allows it to operate on the factory-default datastore. | allows it to operate on the factory-default datastore. | |||
| End of changes. 7 change blocks. | ||||
| 11 lines changed or deleted | 15 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||