Draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model https://github.com/netconf-wg/server-model.

Slides:



Advertisements
Similar presentations
Radius based ssh authentication Location of Radius server – radius-server host auth-port 1812 acct-port 1813 key WinRadius – The same config.
Advertisements

RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement.
August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.
draft-kwatsen-netconf-zerotouch-01
draft-ietf-netconf-call-home-01
Abierman-nanog-30may03 1 XML Router Configs BOF Operator Involvement Andy Bierman
NETCONF WG IETF 92 - Dallas TUESDAY, March 24, CDT Mehmet Ersue Mahesh Jethanandani 3/24/ IETF #92- NETCONF WG session.
Yang Shi (Richard), Yong Zhang IETF 74 th 26 March 2009, San Francisco CAPWAP WG MIB Drafts Report.
I2RS draft-rfernando-yang-mods.txt I2RS Yang Extensions draft-rfernando-yang-data-mods R.Fernando, P.Chinnakannan, M.Madhayyan, A.Clemm.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Draft-ietf-fecframe-config-signaling-02 1 FEC framework Configuration Signaling draft-ietf-fecframe-config-signaling-02.txt IETF 76 Rajiv Asati.
Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.
ISMS IETF72 David Harrington. Status IETF72 Transport Subsystem for the Simple Network Management Protocol (SNMP) –IETF69: draft-ietf-isms-tmsm-09.txt.
SSHSM Issues David Harrington IETF64 ISMS WG Vancouver, BC.
7/27/2004IETF San-Diego Plenary meeting 8/2004 EPON MIBs Lior Khermosh – Passave Technologies
IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.
RPKI Certificate Policy Status Update Stephen Kent.
Dynamic Allocation of Shared IPv4 Addresses draft-ietf-dhc-dynamic-shared-v4allocation-01 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF.
Draft-ietf-pim-port-03 wglc. WGLC responses Thomas suggested a long list of changes, mostly editorial –I believe I addressed all Dimitri also had comments.
DIME WG IETF 84 Diameter Design Guidelines draft-ietf-dime-app-design-guide-15 Tuesday, July 31, 2012 Lionel Morand.
Multiple Interfaces (MIF) WG documents status MIF WG IETF 80, Prague Problem statement and current practices documents.
Draft-kwatsen-netconf-server Configuration Model for SSH and TLS Transports.
SPPP Transport Session Peering Provisioning Protocol draft-ietf-drinks-sppp-over-soap-04.
Globally Identifiable Number (GIN) Registration Adam Roach draft-martini-roach-gin-01 IETF 77 – Anaheim, CA, USA March 22, 2010.
I2rs Requirements for NETCONF IETF 93. Requirement Documents
1 RFC 4247 Update Status draft-ietf-netconf-rfc4742bis-01.txt Margaret Wasserman IETF 78, Maastricht July 26, 2010.
Draft-kwatsen-netconf-zerotouch-00 Zero Touch Provisioning for NETCONF Call Home.
NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-07 NETCONF WG IETF 93 Prague.
draft-ietf-simple-message-sessions-00 Ben Campbell
NETCONF WG IETF 93 - Prague, Czech Republic THURSDAY, July 23, 2015
draft-ietf-netconf-reverse-ssh
In-Band Authentication Extension for Protocol Independent Multicast (PIM) draft-bhatia-zhang-pim-auth-extension-00 Manav Bhatia
LIME Base YANG Model Work Update draft-tissa-lime-yang-oam-model draft-wang-lime-yang-pm Deepak Kumar Qin WU IETF93 Prage,Czech.
Overview of E2E Security CRs
NAT Behavioral Requirements for Unicast UDP
Nancy Cam-Winget June 2015 SACM Requirements Nancy Cam-Winget June 2015.
IETF-70 EAP Method Update (EMU)
Subscribing to YANG datastore push updates draft-netconf-yang-push-00 IETF #94 Yokohama A. Clemm A. Gonzalez Prieto
draft-dthakore-tls-authz
NETCONF Configuration I/F Advertisement by WSDL and XSD
draft-ietf-geopriv-lbyr-requirements-02 status update
Geospatial Database Create Geodatabase Practical Session
draft-ietf-pim-igmp-mld-yang-04
Joe Clarke (presenting)
IETF #101 - NETCONF WG session
Factory default Setting draft-wu-netmod-factory-default-01
STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,
Post WG LC NMDA datastore architecture draft
Daniel Kaiser, Christian Huitema IETF 98 March 28, 2017
Recap At IETF 97 we presented the Voucher document for the first time as an ANIMA draft Bootstrapping Design team has met weekly since, about 50% discussion.
Evolution of the Subscription & Event Notification Drafts IETF #98 Chicago Eric Voit 28-Mar-2017 DRAFT Authors on at least 1 drafts Andy Bierman Alexander.
Agenda Create certificates for the GlobalProtect Portal, internal gateway, and external gateway. Attach certificates to a SSL-TLS Service Profile. Configure.
RFC 5539 Update Status draft-badra-netconf-rfc5539bis-00
draft-eckert-anima-noc-autoconfig-00 draft-eckert-anima-grasp-dnssd-01
LIME CO Model Update draft-ietf-lime-yang-oam-model-07
P802.11aq Waiver Request Introduction
Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-19 NETCONF WG IETF 100 (Singapore)
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
IETF 103 – Bangkok November 2018
Handling YANG Revisions – Discussion Kickoff
IETF Montreal BFD YANG Data Model
LISP YANG model (-09 update)
Joe Clarke (presenting)
YANG Data Models for TE and RSVP draft-ietf-teas-yang-te-21 draft-ietf-teas-yang-rsvp-11 draft-ietf-teas-yang-rsvp-te-07 Tarek Saad, Juniper Networks Rakesh.
Interoperabilty Cipher Suites
Schema version selection Reshad Rahman (presenting), Rob Wilton
YANG Data Models for TE and RSVP draft-ietf-teas-yang-te-21 draft-ietf-teas-yang-rsvp-11 draft-ietf-teas-yang-rsvp-te-07 Tarek Saad, Juniper Networks Rakesh.
E. Bellagamba, Ericsson P. Sköldström, Acreo D. Ward, Juniper
Presentation transcript:

draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model

Relationship to other WG documents 2 RFC 5539 bis (TLS) RFC 6242 (SSH) draft-ietf-netconf-call-home draft-ietf-netconf-server-model Dependency on these drafts completing

Updates since IETF 90 Added to the Objectives section the need to support specifying which server key(s) to use, how to authenticate client-certificates, and how to map authenticated client-certificates to NETCONF usernames Added to the data-model the ability for listen/call-home instances to specify which host-keys and/or certificates to use Brought back the TLS client auth model (includes cert-maps) Removed the "one-to-many" construct Removed "address" as a key field Removed the "network-manager" terminology Reduced the number of grouping statements Removed psk-maps from model Clarified that the last-connected setting should span reboots Clarified support for indirect client certificate authentication Added keep-alive configuration for listen connections Added the /netconf-server/session-options subtree for global parameters Uses new YANG 1.1 feature statement syntax 3

Open Issues 4

Support SSH X.509-based client certs? Fact: client-certs are not required for NETCONF/SSH – Not even when server has a X.509-based host-key – No difference if a standard or a call-home connection – Standard password and public-key mechanisms work fine That said, it’s likely that a server with a X.509-based host-key would also support clients having X.509 based certificates… Fairly easy addition: just add same client-auth container from “tls” tree to “ssh” tree WG opinion? 5

Support config of host-keys and certs? 1.Current draft assumes external generation of host-keys and certificates Can / should we do more? A model for configuring such things? 2.Related, current draft enables NETCONF server to report its host-keys and certificates (config false) Is this out of place? Should how user learns names be out of scope of this draft? 6

Next Steps Close previously mentioned open issues Make any other discovered needed changes Begin WGLC on server-model-05 (Dec 2014) – Along with dependencies 5539bis and zerotouch 7

Questions / Concerns / Suggestions ? 8