]> Swisscom

Binzring 17 Zurich 8045 Switzerland ahmed.elhassany@swisscom.com

Swisscom

Binzring 17 Zurich 8045 Switzerland thomas.graf@swisscom.com

General NETMOD This document describes a method to use YANG RFC 8525 and standard YANG validation rules in RFC 7950 to validate YANG data nodes that are children of an "anydata" data node.

Introduction defines the "anydata" statement to represent an unknown set of YANG nodes for which the data model is not known at module design time. However, left the verification of the "anydata" tree open to become known through protocol signaling or other means. Several IETF models, e.g., NETCONF Extensions for the NMDA, NMDA Datastores, Subscribed Notifications, YANG-Push, and RESTCONT, use "anydata" in their definitions. Current YANG implementations accept syntactically valid YANG data nodes as children of an "anydata" node but do not check the data type of these data nodes against a YANG schema. Unvalidated "anydata" subtrees prevents the automation of a YANG data processing chain. This becomes a challenge for network operators collecting a large amount of YANG data, Big Data, from their networks. For example, assume that YANG-Push collects interface octet counters, YANG Interface Management, from thousands of network nodes and a network analytics component computes the total traffic volume across the network. Suppose one of the nodes has a software defect and sends a YANG-Push notification with a large negative value for the interface octets counter. In that case, the consumer without the ability to validate the "anydata" subtree will not be able to detect the error and will compute an incorrect total traffic volume, which could lead to inaccurate billing or capacity planning decisions. Without the capability to validate the "anydata" subtree, the YANG data consumer is vulnerable to such errors, and troubleshooting such issues is challenging and time-consuming. YANG Schema Mount allows mounting complete data models at implementation and run time. While powerful, schema mount cannot address use cases where the user selects an arbitrary subset of an instantiated data tree, such as . A current proposed approach, YANG Full Include , complements YANG Schema Mount and applies at design time, yet cannot address dynamic filtering of an instantiated YANG data tree. This document propeses using the to define the context in which anydata trees are validated. This would require the YANG tooling to implement additional flags that enables validating "anydata" subtrees in the context of a YANG Library. The validation of "anydata" subtrees is optional and allows a consumer of YANG messages to decide on how to process messages with "anydata" subtrees that do not conform to the expected schema. For instance, a consumer might choose to ignore non-conforming messages, log them for further analysis, or trigger an alert to notify administrators of potential issues. This allows the consumer to avoid catastrophic errors in large-scale production environments

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Terminology This document uses the terminology defined in YANG for schema node and schema tree but refines data node and data tree to be more precise.

• data node: A node in the schema tree that can be instantiated in a data tree. One of container, leaf, leaf-list, list, anydata, and anyxml. This document does not change how YANG handles anyxml data nodes.
• instantiated data node: an instantiated instance of a data node that contains before fully qualified name (module namespace + identifier) for the data node and the data modeled within YANG.
• data tree: a tree of data nodes (with no values).
• datastore: defined in YANG and refined in Network Management Datastore Architecture (NMDA) is realized as an instantiated data tree.

Survey of existing use of "anydata" Several IETF models use "anydata" in their definitions. The various IETF documents so far have used anydata to either operate on a datastore or to represent undefined YANG-like data.

Documents that use "anydata" to operate on a datastore Documents are using "anydata" for one or more of the following four use-cases:

1. To represent a subtree filter NETCONF for selecting an instantiated YANG data subtree from a given datastore NETCONF Extensions for the NMDA, NMDA Datastores, and YANG-Push.
2. To represent the output of either a subtree filter or XPATH query on a datastore NETCONF Extensions for the NMDA, NMDA Datastores, and YANG-Push.
3. To represent edit operations on an instantiated YANG data tree YANG Patch and NMDA Datastores.
4. To store an instance of a YANG data tree YANG Instance Data.

To operate on YANG-like data There are currently only two documents that are using "anydata" to represent undefined YANG-like data. The first one is Subscribed Notifications, which uses "anydata" to encode a filter on the stream of events without defining the source of these events. The second one is RESTCONF to convey error information in the response body without defining the structure of this information.

Instantiated data node schema lookup This document builds on the fact that when a YANG validator examines a node in an instantiated data tree, it can find the corresponding data node in a YANG schema. For the existing YANG encodings, the following rules are defined to encode instantiated data nodes:

• In YANG XML encoding, The element's local name is the data node identifier, and its namespace is the module's XML namespace.
• In JSON encoding, each object member must be identical to the corresponding YANG data node identifier or namespace-qualified - the data node identifier is prefixed with the name of the module in which the data node is defined, separated from the data node identifier by the colon character (":").
• In CBOR encoding, node should include information that would allow each node to be - identified in a stateless way, for instance, the SID number associated with the node, the SID delta from another SID in the application payload, the namespace-qualified name, or the instance-identifier.

Given the encoding rules that maintain complete information to identify the corresponding data node for each instantiated data node, the YANG validator can easily find the schema for the data node in the YANG Library.

Validating "anydata" Data Tree This document introduces two new YANG validation options: anydata-complete and anydata-candidate. These two options align with , such that the complete validation validates the contents of the anydata subtree, which MUST obey all validation rules defined in the corresponding schema in the YANG Library. The candidate does not apply the constraint checks.

Note to the RFC-Editor: Please remove this section before publishing. anydata-candidate validation is implemented for libyang and avaiable at

IANA Considerations This memo includes no request to IANA.

Security Considerations TBD

References Normative References Informative References

Acknowledgements The authors would like to thank Jean Quilbeuf, Benoit Claise, and Alex Huang Feng for their review and valuable comments.