System-defined Configuration

System-defined Configuration Huawei

101 Software Avenue, Yuhua District Nanjing Jiangsu 210012 China maqiufang1@huawei.com

Huawei

101 Software Avenue, Yuhua District Nanjing Jiangsu 210012 China bill.wu@huawei.com

fengchongllly@gmail.com

ops NETMOD system config This document defines how a management client and server handle YANG-modeled configuration data that is defined by the server itself. The system-defined configuration can be referenced (e.g. leafref) by configuration explicitly created by a client. The Network Management Datastore Architecture (NMDA) defined in RFC 8342 is updated with a read-only conventional configuration datastore called "system" to hold system-defined configuration. As an alternative to clients explicitly copying referenced system-defined configuration into the target configuration datastore (e.g., <running>) so that the datastore is valid, a "resolve-system" parameter is defined to allow the server acting as a "system client" to copy referenced system nodes automatically. This solution enables clients manipulating the target configuration datastore (e.g., <running>) to reference nodes defined in <system>, override system-provided values, and configure descendant nodes of system-defined configuration. This document updates RFC 8342, RFC 6241, RFC 8526 and RFC 8040.

The Network Management Datastore Architecture (NMDA) defines system configuration as the configuration that is supplied by the device itself and appears in <operational> when it is in use (Figure 2 in ). However, there is a desire to enable a server to better structure and expose the system configuration. NETCONF/RESTCONF clients can benefit from a standard mechanism to retrieve what system configuration is available on a server. Some servers allow the NETCONF/RESTCONF client to reference a system-defined node which isn't present in the target datastore (e.g., <running>). The absence of the system configuration in the datastore can render the datastore invalid from the perspective of a client or offline tools (e.g., missing leafref targets). This document describes several approaches to bring the datastore to a valid state and satisfy referential integrity constraints. Some servers allow the descendant nodes of system-defined configuration to be configured or modified. For example, the system configuration may contain an almost empty physical interface, while the client needs to be able to add, modify, or remove a number of descendant nodes. Some descendant nodes may not be modifiable (e.g., the interface "type" set by the system). This document updates the Network Management Datastore Architecture (NMDA) defined in RFC 8342 with a read-only conventional configuration datastore called "system" to hold system-defined configuration. As an alternative to clients explicitly copying referenced system-defined configuration into the target configuration datastore (e.g., <running>) so that the datastore is valid, a "resolve-system" parameter is defined to allow the server acting as a "system client" to copy referenced system nodes automatically. This solution enables clients manipulating the target configuration datastore (e.g., <running>) to reference nodes defined in <system>, override system-provided values, and configure descendant nodes of system-defined configuration. If a system-defined node is referenced, it refers to one of the following cases throughout this document: It is present in a leafref "path" statement and referred as the leafref value It is used as an "instance-identifier" type value It is present in an XPath expression of "when" or "must" constraints It is defined to satisfy the "mandatory" constraints It is defined to exactly satisfy the "min-element" constraints Conformance to this document requires the NMDA servers to implement the "ietf-system-datastore" YANG module ().

This document assumes that the reader is familiar with the contents of , , , , and and uses terminologies from those documents. The following terms are defined in this document: Configuration that is provided by the system itself. System configuration is present in the system configuration datastore (regardless of whether it is applied or referenced) and appears in <intended> unless explicitly overridden. System configuration that is considered active appears in <operational> with origin="system". It is a different and separate concept from factory default configuration defined in RFC 8808 (which represents a preset initial configuration that is used to initialize the configuration of a server). A configuration datastore holding configuration provided by the system itself. This datastore is referred to as "<system>". This document redefines the term "conventional configuration datastore" in Section 3 of to add "system" to the list of conventional configuration datastores: One of the following set of configuration datastores: <running>, <startup>, <candidate>, <system>, and <intended>. These datastores share a common datastore schema, and protocol operations allow copying data between these datastores. The term "conventional" is chosen as a generic umbrella term for these datastores.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

This document updates RFC 8342 to define a configuration datastore called "system" to hold system configuration (), it also redefines the term "conventional configuration datastore" from to add "system" to the list of conventional configuration datastores. Configuration in <running> is merged into <system> to create the contents of <intended> after the configuration transformations to <running> (e.g., template expansion, removal of inactive configuration defined in ) have been performed. This document updates the definition of "intended" origin metadata annotation identity to allow a subset of configuration provided by <intended> to use "system" as origin value as it flows into <operational>. Applied system configuration appears in <operational> with origin value being reported as "system" ().

This document augments <edit-config> and <edit-data> RPC operations defined in and respectively, with a new additional input parameter "resolve-system" to allow the server to copy referenced system nodes into target datastore automatically without the client doing so explicitly. The <copy-config> RPC operation defined in is also augmented to support "resolve-system" parameter (). This document defines a NETCONF protocol capability to indicate support for this parameter. NETCONF server that supports "resolve-system" parameter MUST advertise the following capability identifier:

urn:ietf:params:netconf:capability:resolve-system:1.0

This document extends Sections 4.8 and 9.1.1 of to add a new query parameter "resolve-system" and corresponding query parameter capability URI.

The "resolve-system" parameter controls whether to allow a server to copy any referenced system-defined configuration automatically without the client doing so explicitly. This parameter is only allowed with no values carried. If this parameter has any unexpected value, then a "400 Bad Request" status-line is returned.

To enable a RESTCONF client to discover if the "resolve-system" query parameter is supported by the server, the following capability URI is defined, which is advertised by the server if supported, using the "ietf-restconf-monitoring" module defined in RFC 8040:

urn:ietf:params:restconf:capability:resolve-system:1.0

There are three types of system configurations defined in this document: immediately-active system configuration, conditionally-active system configuration, and inactive-until-referenced system configuration. Active system configuration refers to system configuration that is currently in use. As per definition of the operational state datastore in , if system configuration is inactive, it does not appear in <operational>. However, system configuration is present in <system> once it is generated, regardless of whether it is active or not.

Immediately-active refers to system configuration which is generated in <system> and applied immediately when the device is powered on (e.g., a loopback interface), irrespective of physical resource present or not, a special functionality enabled or not.

System configuration which is generated in <system> and applied based on specific conditions being met in a system, e.g., if a physical resource is present (e.g., insert interface card), the system will automatically detect it and load associated configuration; when the physical resource is not present (remove interface card), the system configuration will be automatically cleared. Another example is when a special functionality is enabled, e.g., when a QoS feature is enabled, related QoS policies are automatically created by the system.

There are some system configuration predefined (e.g., application ids, anti-x signatures, trust anchor certs, etc.) as a convenience for the clients, which must be referenced to be active. The clients can also define their own configurations for their unique requirements. Inactive-until-referenced system configuration is generated in <system> immediately when the device is powered on, but it is not active until being referenced.

NMDA servers compliant with this document MUST implement a system configuration datastore, and they SHOULD also implement <intended>. Following guidelines for defining datastores in the appendix A of [RFC8342], this document introduces a new datastore resource named 'system' that represents the system configuration. Name: "system" YANG modules: all YANG nodes: all "config true" data nodes up to the root of the tree, generated by the system Management operations: The content of the datastore is set by the server in an implementation dependent manner. The content can not be changed by management operations via protocols such as NETCONF, RESTCONF, but may change itself by license change, device upgrade and/or system-controlled resources change. The datastore can be read using the standard network management protocols such as NETCONF and RESCTCONF. Origin: This document does not define any new origin identity when it interacts with <intended> and flows into <operational>. The "system" origin Metadata Annotation is used to indicate the origin of a data item is system, which is achieved by updating the definition of "intended" origin metadata annotation in . Protocols: YANG-driven management protocols, such as NETCONF and RESTCONF. Defining YANG module: "ietf-system-datastore". The datastore's content is defined by the server and read-only to clients. Upon the content is created or changed, it will be merged into <intended>. Unlike <factory-default> , it MAY change dynamically, e.g., depending on factors like license change, device upgrade or system-controlled resources change (e.g., HW available). The system configuration datastore doesn't persist across reboots; <factory-reset> RPC operation defined in can reset it to its factory default configuration without including configuration generated due to the system update or client-enabled functionality. The system datastore is defined as a conventional configuration datastore and shares a common datastore schema with other conventional datastores.

The system datastore is read-only (i.e., edits towards <system> directly MUST be denied), though the client may be allowed to override the value of a system-initialized node (see ).

System configuration may change dynamically, e.g., depending on factors like license change, device upgrade, or system-controlled resources (e.g., HW available) change. In some implementations, when a QoS feature is enabled, QoS-related policies are created by the system. The updates of system configuration may be obtained through YANG notifications (e.g., on-change notification) . If system configuration changes (e.g., due to device upgrade), <running> MAY become invalid. The server behaviors of migrating updated system data into <running> is beyond the scope of this document. That said, the following gives a list of examples of server implementations that might be possible: Servers migrate system configuration update into <running> with the clients' awareness to keep <running> valid Servers don't migrate any system configuration update into <running> and clients are responsible to correct the configuration in <running> if it becomes invalid Servers rejects the operation to change system configuration (e.g., device upgrade fails) and needs the client to correct the configuration in <running> as a prerequisite to ensure validity

This work intends to have no impact to <operational>. System configuration appears in <operational> with origin value being reported as "system" if not configured or overridden explicitly in <running>. This document enables a subset of those system generated nodes to be defined like configuration, i.e., made visible to clients in order for being referenced or configurable prior to present in <operational>. "Config false" nodes are out of scope, hence existing "config false" nodes are not impacted by this work.

This document introduces a datastore named "system" which is used to hold all three types of system configurations defined in . When the device is powered on, immediately-active system configuration is generated in <system> and active immediately, but inactive-until-referenced system configuration only becomes active if referenced by client-defined configuration. However, conditionally-active system configuration will only be created and active when specific conditions on system resources are met. All above three types of system configurations appear in <system>. Clients MAY reference nodes defined in <system>, override system-provided values, and configure descendant nodes of system-defined configuration, by copying or writing intended configurations into the target configuration datastore (e.g., <running>). To ensure the validity of <intended>, configuration in <running> is merged into <system> to become <intended>, in which process, configuration appearing in <running> takes precedence over the same node in <system>; additional nodes to a list entry or new list/leaf-list entries appearing in <running> extends the list entry or the whole list/leaf-list defined in <system> if the server allows the list/leaf-list to be updated. If <running> includes configuration that requires further transformation (e.g., template expansion, removal of inactive configuration defined in ) before it can be applied, configuration transformations MUST be performed before <running> is merged into <system>. If a server implements <intended>, <system> MUST be merged into <intended>. As a result, Figure 2 in Section 5 of RFC 8342 is updated with the below conceptual model of datastores which incorporates the system configuration datastore.

+-------------+ +-----------+ | <candidate> | | <startup> | | (ct, rw) |<---+ +--->| (ct, rw) | +-------------+ | | +-----------+ | | | | +-----------+ | +-----------+ | | <system> | +-------->| <running> |<--------+ | (ct, ro) | | (ct, rw) | +-----+-----+ +----+------+ | | // configuration transformations, +--------+ | // e.g., removal of nodes marked | | // as "inactive", expansion of |<------------+ // templates | V +------------+ | <intended> | // subject to validation | (ct, ro) | +------------+ | | // changes applied, subject to | // local factors, e.g., missing | // resources, delays dynamic | configuration | +-------- learned configuration datastores -----+ | +-------- default configuration | | | v v v +---------------+ | <operational> | <-- system state | (ct + cf, ro) | +---------------+ ct = config true; cf = config false rw = read-write; ro = read-only boxes denote named datastores The "intended" identity of origin value defined in RFC 8342 to represent the origin of configuration provided by <intended>, this document updates its definition as origin source of configuration explicitly provided by <running>, and allows a subset of configuration in <intended> that flows from <system> yet is not configured or overridden explicitly in <running> to use "system" as its origin value. Configuration copied from <system> into <running> has its origin value reported as "intended" when it flows into <operational>. Configuration in <system> is non-deletable to clients, even though a client may delete a copied system node from <running>. If system initializes a value for a particular leaf which is overridden by the client with a different value in <running>, the client may delete it in <running>, in which case system-initialized value defined in <system> may still be in use and appear in <operational>. Any deletable system-provided configuration that is populated as part of <running> by the system at boot up, without being part of the contents of a <startup> datastore, must be defined in <factory-default> , which is used to initialize <running> when the device is first-time powered on or reset to its factory default condition.

It is possible for a client to explicitly declare system configuration nodes in the target datastore (e.g., <running>) with the same values as in <system>, by configuring a node (list/leaf-list entry, leaf, etc.) in the target datastore (e.g., <running>) that matches the same node and value in <system>. The explicit configuration of system-defined nodes in the target datastore (e.g., <running>) can be useful, for example, when the client does not want a "system client" to have a role or not support the "resolve-system" parameter but needs the datastore to be referentially complete. The client can explicitly declare (i.e., configure in the datastore like <running>) the list entries (with at least the keys) that are referenced elsewhere in <running>. The client does not necessarily need to declare all the contents of the list entry (i.e. the descendant nodes), only the parts that are required to make the datastore appear valid.

This document defines a new parameter "resolve-system" to the input for the <edit-config>, <edit-data>, and <copy-config> operations. Clients that are aware of the "resolve-system" parameter MAY use this parameter to avoid the requirement to provide a referentially complete configuration in <running>. The "resolve-system" parameter is optional and has no value. If it is present, and the server supports this capability, the server MUST copy referenced system nodes into the target datastore (e.g., <running>) without the client doing the copy/paste explicitly, to resolve any references not resolved by the client. The server acting as a "system client" like any other remote clients copies the referenced system-defined nodes when triggered by the "resolve-system" parameter. Legacy clients interacting with servers that support this parameter don't see any changes in <edit- config>/<edit-data> and <copy-config> behaviors. The server's copy referenced nodes from <system> to the target datastore MUST be enforced at the end of the <edit-config>/<edit-data> or <copy-config> operations during the validation processing, regardless of which target datastore it is. The server may automatically configure the list entries (with at least the keys) in the target datastore (e.g., <running>) that are referenced elsewhere by the clients. Similarly, not all the contents of the list entry (i.e., the descendant nodes) are necessarily copied by the server - only the parts that are required to make configuration valid. There is no distinction between the configuration in the target datastore (e.g., <running>) automatically configured by the server and the one explicitly declared by the client, e.g., a read back of the datastore (i.e., <get>, <get-config> or <get-data> operation) returns automatically configured nodes. Note that even an auto-configured node is allowed to be deleted from the target datastore by the client, the system may automatically configure the deleted node again to make configuration valid, when a "resolve-system" parameter is carried. It is also possible that the operation request (e.g., <edit-config>) may not succeed due to incomplete referential integrity. Support for the "resolve-system" parameter is OPTIONAL. Servers not supporting NMDA MAY also implement this parameter without implementing the system configuration datastore, which would only eliminate the ability to expose the system configuration via protocol operations. If a server implements <system>, referenced system configuration is copied from <system> into the target datastore (e.g., <running>) when the "resolve-system" parameter is used; otherwise it is an implementation decision where to copy referenced system configuration into the target datastore (e.g., <running>). If the "resolve-system" parameter is not given by the client, the server should not modify <running> in any way otherwise not specified by the client. Not using capitalized "SHOULD NOT" in the previous sentence is intentional. The intention is to bring awareness to the general need to not surprise clients with unexpected changes. It is desirable for clients to always opt into using mechanisms having server-side changes. This document enables a client to opt into this behavior using the "resolve-system" parameter. An example of this type of opt-in behavior can also be found in RFC 7317, which enables a client to opt into its behavior using a "$0$" prefix (see ianach:crypt-hash type defined in ). Implementation specifics are beyond the scope of this document, however, due to the extra complexity brought by the "resolve-system" parameter, clients should be aware that it would cost a reasonable amount of time for the server to resolve reference, retrieve and copy the referenced system configuration from <system>, which could take multiple rounds since some errors may depend on the resolution of previous ones.

In some cases, a server may allow some parts of system configuration to be modified. Modification of system configuration is achieved by the client writing configuration to <running> that overrides the system configuration. Configurations defined in <running> take precedence over system configuration nodes in <system> if the server allows the nodes to be modified. For instance, descendant nodes in a system-defined list entry may be modifiable or not, even if some system configuration has been copied into <running> earlier. If a system node is non-modifiable, then writing a different value for that node MUST return an error. The immutability of system configuration is defined in . A server may also allow a client to add data nodes to a list entry in <system> by writing those additional nodes in <running>. Those additional data nodes may not exist in <system> (i.e., an *addition* rather than an override).

This section presents some sample data models and corresponding contents of various datastores with different dynamical behaviors above. The XML snippets are used only for examples.

In this subsection, the following fictional module is used:

The server may predefine some applications as a convenience for the clients. These predefined configurations are active only after being referenced by other configurations, which fall into the "inactive-until-referenced" system configuration as defined in . The system-instantiated application entries may be present in <system> as follows:

ftp tcp

tftp udp

smtp tcp

]]> The client may also define its customized applications. Suppose the configuration of applications is present in <running> as follows:

my-app-1 tcp

2345

my-app-2 udp

]]> A fictional ACL YANG module is used as follows, which defines a leafref for the leaf-list "application" data node to refer to an existing application name.

If a client configures an ACL rule referencing system provided applications which are not present in <running>, take NETCONF protocol for example, the client may issue an <edit-config> operation with the parameter "resolve-system" as follows:

allow_access_to_ftp_tftp 198.51.100.0/24 192.0.2.0/24 ftp tftp my-app-1 forward

]]> The following gives the configuration of applications in <running> which is returned in the response to a follow-up retrieval operation:

my-app-1 tcp

2345

my-app-2 udp

ftp tftp ]]> And the configuration of applications is present in <operational> as follows:

my-app-1 tcp

2345

my-app-2 udp

ftp tcp

tftp udp

]]> Since the configuration of application "smtp" is not referenced by the client, and the server treats application "smtp" configuration as "inactive-until-referenced", it does not appear in <operational> but only in <system>.

It's also possible for a client to explicitly declare the system-defined configurations that are referenced instead of using the "resolve-system" parameter. For instance, in the above example, the client MAY also explicitly configure the following system defined applications "ftp" and "tftp" only with the list key "name" before referencing:

ftp tftp ]]> Then the client configures the following ACL rule referencing applications "ftp" and "tftp" as follows:

allow_access_to_ftp_tftp 198.51.100.0/24 192.0.2.0/24 ftp tftp my-app-1 forward ]]> Once the data is written to <running>, it makes no difference whether it is explicitly declared by the client or automatically copied by the server. The configuration for applications in <running> and <operational> would be identical to the ones in .

This subsection uses the following fictional interface YANG module:

Suppose the system provides a loopback interface (named "lo0") with a MTU value "65536", a default IPv4 address of "127.0.0.1", and a default IPv6 address of "::1". The configuration of "lo0" interface is present in <system> as follows:

lo0 65536

127.0.0.1

::1

]]> A client modifies the value of MTU to 65535 and adds the following configuration into <running>:

lo0 65535 ]]> Then the configuration of interfaces is present in <operational> as follows:

lo0 65535

127.0.0.1

::1

]]>

In the above example, image the client further configures the description node of a "lo0" interface in <running> as follows:

lo0 loopback ]]> The configuration of interface "lo0" is present in <operational> as follows:

lo0 loopback 65535

127.0.0.1

::1

]]>

This YANG module defines a new YANG identity named "system" that uses the "ds:datastore" identity defined in [RFC8342]. A client can discover the system configuration datastore support on the server by reading the YANG library information from the operational state datastore. Note that no new origin identity is defined in this document, the "or:system" origin Metadata Annotation is used to indicate the origin of a data item is system. Support for the "origin" annotation is identified with the feature "origin" defined in . The following diagram illustrates the relationship amongst the "identity" statements defined in the "ietf-system-datastore" and "ietf-datastores" YANG modules:

This section gives an example of data retrieval from <system>. The fictional YANG module used following are from Appendix C.2 of [RFC8342].

container bgp { leaf local-as { type uint32; } leaf peer-as { type uint32; } list peer { key name; leaf name { type inet:ip-address; } leaf local-as { type uint32; description "... Defaults to ../local-as."; } leaf peer-as { type uint32; description "... Defaults to ../peer-as."; } leaf local-port { type inet:port; } leaf remote-port { type inet:port; default 179; } leaf state { config false; type enumeration { enum init; enum established; enum closing; } } } } All the messages are presented in a protocol-independent manner. JSON is used to not imply a preferred encoding in this document. Suppose the following BGP peer configuration is added to <running>:

{ "bgp": { "local-as": "64501", "peer-as": "64502", "peer": { "name": "2001:db8::2:3", "local-as": "64501", "peer-as": "64502" } } } The local port and remote port are used when the BGP peer connection is established. Since both are not supplied explicitly in <running> and <intended>, the default value for "bgp/peer/remote-port" is used, and there is no default statement for "bgp/peer/local-port", the system will select a value for it. So the contents of <system> are shown as follows:

{ "bgp": { "peer": { "name": "2001:db8::2:3", "local-port": "60794" } } }

<CODE BEGINS> file "ietf-system-datastore@2024-02-21.yang" Author: Qiufang Ma Author: Qin Wu Author: Chong Feng "; description "This module defines a new YANG identity that uses the ds:datastore identity defined in [RFC8342]. Copyright (c) 2024 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC HHHH (https://www.rfc-editor.org/info/rfcHHHH); see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here."; revision 2024-02-21 { description "Initial version."; reference "RFC XXXX: System-defined Configuration"; } identity system { base ds:conventional; description "This read-only datastore contains the configuration provided by the system itself."; } } ]]> <CODE ENDS>

This YANG module is optional to implement.

This YANG module augments NETCONF <edit-config>, <edit-data> and <copy-config> operations with a new parameter "resolve-system" in the input parameters. If the "resolve-system" parameter is present, the server will copy the referenced system configuration into target datastore automatically. A NETCONF client can discover the "resolve-system" parameter support on the server by checking the server's capabilities included in the <hello> message. The following tree diagram [RFC8340] illustrates the "ietf-netconf-resolve-system" module:

module: ietf-netconf-resolve-system augment /nc:edit-config/nc:input: +---w resolve-system? empty augment /nc:copy-config/nc:input: +---w resolve-system? empty augment /ncds:edit-data/ncds:input: +---w resolve-system? empty The following tree diagram [RFC8340] illustrates "edit-config", "copy-config" and "edit-data" rpcs defined in "ietf-netconf" and "ietf-netconf-nmda" respectively, augmented by "ietf-netconf-resolve-system" YANG module:

rpcs: +---x edit-config | +---w input | +---w target | | +---w (config-target) | | +--:(candidate) | | | +---w candidate? empty {candidate}? | | +--:(running) | | +---w running? empty {writable-running}? | +---w default-operation? enumeration | +---w test-option? enumeration {validate}? | +---w error-option? enumeration | +---w (edit-content) | | +--:(config) | | | +---w config? <anyxml> | | +--:(url) | | +---w url? inet:uri {url}? | +---w resolve-system? empty +---x copy-config | +---w input | +---w target | | +---w (config-target) | | +--:(candidate) | | | +---w candidate? empty {candidate}? | | +--:(running) | | | +---w running? empty {writable-running}? | | +--:(startup) | | | +---w startup? empty {startup}? | | +--:(url) | | +---w url? inet:uri {url}? | +---w source | | +---w (config-source) | | +--:(candidate) | | | +---w candidate? empty {candidate}? | | +--:(running) | | | +---w running? empty | | +--:(startup) | | | +---w startup? empty {startup}? | | +--:(url) | | | +---w url? inet:uri {url}? | | +--:(config) | | +---w config? <anyxml> | +---w resolve-system? empty +---x edit-data +---w input +---w datastore ds:datastore-ref +---w default-operation? enumeration +---w (edit-content) | +--:(config) | | +---w config? <anydata> | +--:(url) | +---w url? inet:uri {nc:url}? +---w resolve-system? empty

Please refer to for example usage of the "resolve-system" parameter.

<CODE BEGINS> file "ietf-netconf-resolve-system@2024-02-21.yang" WG List: Author: Qiufang Ma Author: Qin Wu Author: Chong Feng "; description "This module defines an extension to the NETCONF protocol that allows the NETCONF client to control whether the server is allowed to copy referenced system configuration automatically without the client doing so explicitly. Copyright (c) 2024 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC HHHH (https://www.rfc-editor.org/info/rfcHHHH); see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here."; revision 2024-02-21 { description "Initial version."; reference "RFC XXXX: System-defined Configuration"; } grouping resolve-system-grouping { description "Define the resolve-system parameter grouping."; leaf resolve-system { type empty; description "When present, the server is allowed to automatically configure referenced system configuration into the target configuration datastore."; } } augment "/nc:edit-config/nc:input" { description "Allows the server to automatically configure referenced system configuration to make configuration valid."; uses resolve-system-grouping; } augment "/nc:copy-config/nc:input" { description "Allows the server to automatically configure referenced system configuration to make configuration valid."; uses resolve-system-grouping; } augment "/ncds:edit-data/ncds:input" { description "Allows the server to automatically configure referenced system configuration to make configuration valid."; uses resolve-system-grouping; } } ]]> <CODE ENDS>

This document registers two XML namespace URNs in the 'IETF XML registry', following the format defined in .

URI: urn:ietf:params:xml:ns:yang:ietf-system-datastore Registrant Contact: The IESG. XML: N/A, the requested URIs are XML namespaces. URI: urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system Registrant Contact: The IESG. XML: N/A, the requested URIs are XML namespaces.

This document registers two module names in the 'YANG Module Names' registry, defined in .

name: ietf-system-datastore prefix: sys namespace: urn:ietf:params:xml:ns:yang:ietf-system-datatstore maintained by IANA: N RFC: XXXX // RFC Ed.: replace XXXX and remove this comment name: ietf-netconf-resolve-system prefix: ncrs namespace: urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system maintained by IANA: N RFC: XXXX // RFC Ed.: replace XXXX and remove this comment

This document registers the following capability identifier URN in the 'Network Configuration Protocol (NETCONF) Capability URNs' registry:

urn:ietf:params:netconf:capability:resolve-system:1.0

This document registers a capability in the 'RESTCONF Capability URNs' registry [RFC8040]:

Index Capability Identifier ----------------------------------------------------------------------- :resolve-system urn:ietf:params:restconf:capability:resolve-system:1.0

The YANG module defined in this document extends the base operations for NETCONF and RESTCONF . The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) . The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS . The Network Configuration Access Control Model (NACM) provides the means to restrict access for particular NETCONF users to a preconfigured subset of all available NETCONF protocol operations and content.

The YANG module defined in this document extends the base operations for NETCONF and . The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) . The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS . The Network Configuration Access Control Model (NACM) provides the means to restrict access for particular NETCONF users to a preconfigured subset of all available NETCONF protocol operations and content. The security considerations for the base NETCONF protocol operations (see Section 9 of apply to the new extended RPC operations defined in this document.

Kent Watsen Watsen Networks Email: kent+ietf@watsen.net Jan Lindblad Cisco Systems Email: jlindbla@cisco.com Chongfeng Xie China Telecom Beijing China Email: xiechf@chinatelecom.cn Jason Sterne Nokia Email: jason.sterne@nokia.com

The authors would like to thank for following for discussions and providing input to this document (ordered by first name): Alex Clemm, Andy Bierman, Balazs Lengyel, Juergen Schoenwaelder, Martin Bjorklund, Mohamed Boucadair, Robert Wilton and Timothy Carey.

Following provides three use cases related to system-defined configuration lifecycle management. The simple interface data model defined in Appendix C.3 of is used. For each use case, corresponding sample configuration in <running>, <system>, <intended> and <operational> are shown. The XML snippets are used only for examples.

<running>:

No configuration for interfaces appears in <running>; <system>:

<interfaces> <interface> <name>lo0</name> <ip-address>127.0.0.1</ip-address> <ip-address>::1</ip-address> </interface> </interfaces> <intended>:

<interfaces> <interface> <name>lo0</name> <ip-address>127.0.0.1</ip-address> <ip-address>::1</ip-address> </interface> </interfaces> <operational>:

If a client creates an interface "et-0/0/0" but the interface does not physically exist at this point: <running>:

<interfaces> <interface> <name>et-0/0/0</name> <description>Test interface</description> </interface> </interfaces> <system>:

<interfaces> <interface> <name>lo0</name> <ip-address>127.0.0.1</ip-address> <ip-address>::1</ip-address> </interface> </interfaces> <intended>:

<interfaces> <interface> <name>lo0</name> <ip-address>127.0.0.1</ip-address> <ip-address>::1</ip-address> </interface> <interface> <name>et-0/0/0</name> <description>Test interface</description> </interface> </interfaces> <operational>:

<running>:

<interfaces> <interface> <name>et-0/0/0</name> <description>Test interface</description> </interface> </interfaces> <system>:

<interfaces> <interface> <name>lo0</name> <ip-address>127.0.0.1</ip-address> <ip-address>::1</ip-address> </interface> <interface> <name>et-0/0/0</name> <mtu>1500</mtu> </interface> </interfaces> <intended>:

<interfaces xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin" or:origin="or:intended"> <interface or:origin="or:system"> <name>lo0</name> <ip-address>127.0.0.1</ip-address> <ip-address>::1</ip-address> </interface> <interface> <name>et-0/0/0</name> <description>Test interface</description> <mtu or:origin="or:system">1500</mtu> </interface> </interfaces>

v04 - v05 Explicitly state that system configuration copied from <system> into <running> have its origin value being reported as "intended" and update the examples accordingly to reflect it Update the definition of "intended" origin identity in 8342 to allow a subset of configuration in <intended> to use "system" as origin value State server behaviors of migrating updated system data into <running> is beyond the scope of this document, and give a couple of implementation examples Remove the related statement which mandates referenced system configuration must be copied into <running> Refine usage examples (e.g., fix validation errors, remove redundancy) v03 - v04 Add some implementation consideration for "resolve-system" parameter Define a NETCONF capability identifier for "resolve-system" parameter so that the client can discover if it is supported by the server. state servers may upgrade copied system configuration in <running> as well during device upgrade or licensing change. v02 - v03 remove the merge mechanism related comments, as discussed in https://github.com/netconf-wg/netconf-next/issues/19 Editorial changes v01 - v02 Define referenced system configuration better clarify "resolve-system" parameter update Figure 2 in NMDA RFC Editorial changes v00 - v01 Clarify why client's explicit copy is not preferred but cannot be avoided if resolve-system parameter is not defined Clarify active system configuration Update the timing when the server's auto copy should be enforced if a resolve-system parameter is used Editorial changes