Draft-kwatsen-netconf-server Configuration Model for SSH and TLS Transports.

Slides:



Advertisements
Similar presentations
71 th IETF meeting Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-06) Tomoyuki Iijima, Yoshifumi Atarashi, Hiroyasu.
Advertisements

Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)
NAT-PT Applicability Statement Design Team IETF #57, IETF V6OPS WG Vienna, Austria July 16, 2003.
Simple tutorial Yang & Netconf.
Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-02 NETCONF WG IETF #92 Dallas, TX, USA.
Lionel Morand DIME WG IETF 79 Diameter Design Guidelines Thursday, November 11, 2010 Lionel Morand.
MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.
Application Layer Protocol Negotiation
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 Diffserv Yang Model
NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.
draft-kwatsen-netconf-zerotouch-01
Dean Cheng Jouni Korhonen Mehamed Boucadair
draft-ietf-netconf-call-home-01
1 Notification Rate Control draft-ietf-sipcore-event-rate-control th IETF,
© Hitachi, Ltd All rights reserved. NETCONF Configuration I/F Advertisement by WSDL and XSD Hideki Okita, Tomoyuki Iijima, Yoshifumi Atarashi, Ray.
Yang Shi, Chris Elliott, Yong Zhang IETF 73 rd 18 Nov 2008, Minneapolis CAPWAP WG MIB Drafts Report.
68th IETF – OPS area – XML MIB Modules XML MIB Modules draft-stephan-ops-xml-mib-module-template-00 draft-stephan-ops-xml-mib-module-template-00.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
NETCONF WG IETF 92 - Dallas TUESDAY, March 24, CDT Mehmet Ersue Mahesh Jethanandani 3/24/ IETF #92- NETCONF WG session.
Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.
Slide title minimum 48 pt Slide subtitle minimum 30 pt IANA Service Name and Port Number Procedures draft-ietf-tsvwg-iana-ports-08 M. Cotton (ICANN), L.
YANG in a Nutshell The YANG Gang IETF 71. YANG has... A reasonable self-contained specification A focus on readers and reviewers Text-based , patch,
SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.
Protocol for I2RS I2RS WG IETF #89 London, UK Dean Bogdanovic v0.1.
WSON Summary Young Lee Document Relationships Information Gen-constraints Encode WSON Encode Signal Compatibility OSPF Gen-constraints.
Interactive Connectivity Establishment : ICE
Abierman-netconf-mar07 1 NETCONF WG 68 th IETF Prague, CZ March 19, 2007.
IETF #86 - NETCONF WG session 1 NETCONF WG IETF 86 - Orlando, FL, USA MONDAY, March 11, Bert Wijnen Mehmet Ersue.
#3: Protocol Document (draft-ietf-drinks-spprov) Presenter: Syed Ali (On behalf of the authors: Ken Cartwright, Syed Ali, Alex Mayrhofer and Jean-Francois.
IETF 92 Dallas, TX Yang Data Model for OSPF Protocol draft-ietf-ospf-yang-00 Yingzhen Qu Derek Yeung YingZhen Qu
- 1 -P. Kyzivatdraft-sipping-gruu-reg-event-00 Reg Event Package Extensions draft-sipping-gruu-reg-event-00 IETF64 Nov-2005.
Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.
Diameter SIP Application
IETF #81 - NETCONF WG session 1 NETCONF WG IETF 81, Quebec City, Canada MONDAY, July 25, Bert Wijnen Mehmet Ersue.
Draft-wilton-netmod-intf-ext-yang-01 draft-wilton-netmod-intf-vlan-yang-01 Rob Wilton IETF 94 – Yokohama, NETMOD WG.
SIEVE Mail Filtering WG IETF 70, Vancouver WG Chairs: Cyrus Daboo, Alexey Melnikov Mailing List: Jabber:
SDP draft-ietf-mmusic-sdp-new-21.txt Colin Perkins.
Draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model
Draft-kwatsen-netconf-zerotouch-00 Zero Touch Provisioning for NETCONF Call Home.
NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-07 NETCONF WG IETF 93 Prague.
YANG Data Model for RIP draft-liu-rtgwg-yang-rip-01
draft-ietf-teas-yang-te-topo-05
draft-ietf-l3sm-l3vpn-service-model IETF 94 - Yokohama
draft-litkowski-isis-yang-isis-cfg IETF 90 - Toronto
Routing Area Yang Architecture Design Team Update
AAA and AAAS URI Miguel A. Garcia draft-garcia-dime-aaa-uri-00.txt
draft-ietf-netconf-reverse-ssh
IETF 95 – Buenos Aires April 2016
Voucher and Voucher Revocation Profiles for Bootstrapping Protocols draft-kwatsen-netconf-voucher-00 NETCONF WG IETF 97 (Seoul)
Subscribing to YANG datastore push updates draft-netconf-yang-push-00 IETF #94 Yokohama A. Clemm A. Gonzalez Prieto
Rest Style Large MeAsurement Platform Protocol
NETCONF Configuration I/F Advertisement by WSDL and XSD
Partial Locking of a Datastore in NETCONF
Subscribing to YANG datastore push updates draft-ietf-netconf-yang-push-02 NETMOD WG IETF #95 Buenos Aires 4-April-2015 Alexander Clemm Alberto Gonzalez.
CCAMP IETF 103 Bangkok Giuseppe Fioccola, Huawei Kwang-Koog Lee, KT
Joe Clarke (presenting)
UDP based Publication Channel for Streaming Telemetry
STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,
Updates to YANG Data Model for IEEE 1588v2
Yingzhen Qu YANG Data Model for OSPF Protocol draft-ietf-ospf-yang-08 draft-ietf-ospf-sr-yang-02 IETF99, Prague Derek Yeung
STIR WG IETF-99 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-00) July, 2017 Ray P. Singh, Martin Dolly, Subir Das, and An.
RFC 5539 Update Status draft-badra-netconf-rfc5539bis-00
Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-19 NETCONF WG IETF 100 (Singapore)
YANG Data Model for FlexE Interface Management
draft-ietf-teas-yang-l3-te-topo-02
QoS Yang Model Aseem Choudhary, Norm Strahle, Ing-Whar Chen,
YANG data model for Flexi-Grid Optical Networks
IETF Montreal BFD YANG Data Model
Interface extensions YANG & VLAN sub-interface YANG Status update
Schema version selection Reshad Rahman (presenting), Rob Wilton
Presentation transcript:

draft-kwatsen-netconf-server Configuration Model for SSH and TLS Transports

Introduction The IETF 88 meeting agreed to unify the configuration data model used between RFC 5539bis and draft-ietf-netconf-reverse-ssh. The resulting data-model defined in this draft supports the SSH and TLS transports simultaneously, for both the listening and call-home use cases. 2

Updates since -00 From -00 to -01 – Restructured YANG module slightly, to provide groupings useful to the ZeroTouch draft. From -01 to -02 (not posted yet!) – YANG Moved transport selection deeper into tree Renamed “application” to “network-manager” Renamed “server” to “endpoint” – Text Enhanced definition for Keep Alives Clarified persistent connection behavior if app closes connection 3

Objectives Support all NETCONF transports Align transport-specific configurations Support transport-independent configuration Support both inbound and outbound connections For Outbound Connections – Support More than one Network Manager – Support Network Managers having more than one endpoint – Support a reconnection strategy – Support both persistent and periodic connections – Keep-Alives for persistent connections – Customizations for periodic connections 4

Data Model Module’s Top-Level Container 5 container netconf { description "Top-level container for NETCONF server configuration."; container listen { uses listen-config; } container call-home { uses call-home-config; // grouping reused by zerotouch } container tls { if-feature tls; uses tls-global-config; // grouping reused by zerotouch }

Data Model (cont.) The “listen” grouping 6 +--rw listen +--rw ssh {inbound-ssh}? | +--rw (one-or-many)? | +--:(one-port) | | +--rw port? inet:port-number | +--:(many-ports) | +--rw interface* [address] | +--rw address inet:ip-address | +--rw port? inet:port- number +--rw tls {inbound-tls}? +--rw (one-or-many)? +--:(one-port) | +--rw port? inet:port-number +--:(many-ports) +--rw interface* [address] +--rw address inet:ip-address +--rw port? inet:port- number

Data Model (cont.) The “call-home” grouping 7 +--rw call-home +--rw network-managers +--rw network-manager* [name] +--rw name string +--rw description? string +--rw endpoints | +--rw endpoint* [address] | +--rw address inet:host | +--rw port? inet:port-number +--rw transport | +--rw ssh {outbound-ssh}? | | +--rw host-keys | | +--rw host-key* [name] | | +--rw name string | +--rw tls! {outbound-tls}? +--rw connection-type rw reconnect-strategy...

Data Model (cont.) The “connection-type” and “reconnect-strategy” containers 8 +--rw connection-type | +--rw (connection-type)? | +--:(persistent-connection) | | +--rw persistent | | +--rw keep-alives | | +--rw interval-secs? uint8 | | +--rw count-max? uint8 | +--:(periodic-connection) | +--rw periodic | +--rw timeout-mins? uint8 | +--rw linger-secs? uint8 +--rw reconnect-strategy +--rw start-with? enumeration +--rw interval-secs? uint8 +--rw count-max? uint8

Data Model (cont.) The “tls” grouping 9 +--rw tls {tls}? +--rw cert-maps {tls-map-certificates}? | +--rw cert-to-name* [id] | +--rw id uint32 | +--rw fingerprint x509c2n:tls-fingerprint | +--rw map-type identityref | +--rw name string +--rw psk-maps {tls-map-pre-shared-keys}? +--rw psk-map* [psk-identity] +--rw psk-identity string +--rw user-name nacm:user-name-type +--rw not-valid-before? yang:date-and-time +--rw not-valid-after? yang:date-and-time +--rw key yang:hex-string

Security Considerations This document defines a YANG module to configure NETCONF's SSH and TLS transports. Please see the Security Considerations section in those RFCs for transport-specific security issues. 10

IANA Considerations Registers one URI in the IETF XML registry: URI: urn:ietf:params:xml:ns:yang:ietf-netconf-server Registrant Contact: The NETCONF WG of the IETF. XML: N/A, the requested URI is an XML namespace. Registers one YANG module in the YANG Module Names registry: name: ietf-netconf-server namespace: urn:ietf:params:xml:ns:yang:ietf-netconf-server prefix: ncserver reference: RFC XXXX 11

Open Issues In the “listen” grouping: – Is the “one-or-many” choice OK? In the “call-home” grouping: – Rethink persistent/periodic choice? Add a “schedule” and then use it to configure “periodic” connections? 12

Questions / Concerns ? 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.