NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.

Slides:



Advertisements
Similar presentations
ANCP Best Practice–Adjacency Carrier Analysis Thomas Haag; Birgit Witschurke,
Advertisements

Draft-ietf-dhc-stateless-dhcpv6- renumbering-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-02 NETCONF WG IETF #92 Dallas, TX, USA.
NETCONF Light. Motivation To support devices unable to implement the full NETCONF protocol – The “-00” draft noted hardware-based resource constraints.
Session Announcement Protocol Colin Perkins University College London.
Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.
WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.
Draft-campbell-dime-load- considerations-01 IETF 92 DIME Working Group Meeting Dallas, Texas.
draft-kwatsen-netconf-zerotouch-01
draft-ietf-netconf-call-home-01
© Hitachi, Ltd All rights reserved. NETCONF Configuration I/F Advertisement by WSDL and XSD Hideki Okita, Tomoyuki Iijima, Yoshifumi Atarashi, Ray.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.
NETCONF WG IETF 92 - Dallas TUESDAY, March 24, CDT Mehmet Ersue Mahesh Jethanandani 3/24/ IETF #92- NETCONF WG session.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
1 82 nd IETF meeting NETCONF over WebSocket ( ) Tomoyuki Iijima, (Hitachi) Hiroyasu Kimura,
YANG in a Nutshell The YANG Gang IETF 71. YANG has... A reasonable self-contained specification A focus on readers and reviewers Text-based , patch,
TURN -01 Changes and Issues Rohan Mahy BEHAVE at IETF66 - Montreal.
1 Virtual Router Redundancy Protocol (VRRP) San Francisco IETF VRRP Working Group March 2003 San Francisco IETF Mukesh Gupta / Nokia Chair.
Protocol for I2RS I2RS WG IETF #89 London, UK Dean Bogdanovic v0.1.
March 2006 CAPWAP Protocol Specification Update March 2006
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.
Representing Netconf Data Models using Document Schema Definition Languages (DSDL) Rohan Mahy Sharon Chisholm Lada Lhotka IETF 72 - Dublin.
IETF #86 - NETCONF WG session 1 NETCONF WG IETF 86 - Orlando, FL, USA MONDAY, March 11, Bert Wijnen Mehmet Ersue.
IETF66 DIME WG John Loughney, Hannes Tschofenig and Victor Fajardo 3588-bis: Current Issues.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,
1 ipv6-node-02.PPT/ 18 November 2002 / John Loughney IETF 55 IPv6 Working Group IPv6 Node Requirements draft-ietf-ipv6-node-requirements-02.txt John Loughney.
NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.
IETF 65 – Lemonade – March 20, Lemonade Status Updates for IETF’65: Our Assigned drafts for Mar 20, 2006 WG session (*)
Netconf Event Notifications IETF 66 Sharon Chisholm Hector Trevino
RFC 4068bis draft-ietf-mipshop-fmipv6-rfc4068bis-01.txt Rajeev Koodli.
Netconf Schema Query Mark Scott IETF 70 Vancouver December 2007
Multiple Interfaces (MIF) WG documents status MIF WG IETF 80, Prague Problem statement and current practices documents.
IPFIX Requirements: Document Changes and New Issues Raised Jürgen Quittek, NEC Benoit Claise, Cisco Tanja Zseby, Sebstian Zander, FhG FOKUS.
Draft-kwatsen-netconf-server Configuration Model for SSH and TLS Transports.
Globally Identifiable Number (GIN) Registration Adam Roach draft-martini-roach-gin-01 IETF 77 – Anaheim, CA, USA March 22, 2010.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials draft-bajko-nsis-fw-reqs-01 Gábor Bajkó IETF Interim May 2005.
Conditional Enablement draft-kwatsen-conditional-enablement-00.
I2rs Requirements for NETCONF IETF 93. Requirement Documents
Draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model
Netconf Notifications Sharon Chisholm Hector Trevino IETF 67 November 2006.
NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-07 NETCONF WG IETF 93 Prague.
Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.
draft-ietf-l3sm-l3vpn-service-model IETF 94 - Yokohama
ietf-syslog Model Status
ALTO Protocol draft-ietf-alto-protocol-14
draft-ietf-simple-message-sessions-00 Ben Campbell
NAT Behavioral Requirements for Unicast UDP
Subscribing to YANG datastore push updates draft-netconf-yang-push-00 IETF #94 Yokohama A. Clemm A. Gonzalez Prieto
Rest Style Large MeAsurement Platform Protocol
Subscribing to YANG datastore push updates draft-ietf-netconf-yang-push-02 NETMOD WG IETF #95 Buenos Aires 4-April-2015 Alexander Clemm Alberto Gonzalez.
draft-ietf-pim-igmp-mld-yang-04
Migration-Issues-xx Where it’s been and might be going
NMDA Q & A draft-dsdt-nmda-guidelines &
Post WG LC NMDA datastore architecture draft
Updates to YANG Data Model for IEEE 1588v2
Yingzhen Qu YANG Data Model for OSPF Protocol draft-ietf-ospf-yang-08 draft-ietf-ospf-sr-yang-02 IETF99, Prague Derek Yeung
Multi-server Namespace in NFSv4.x Previous and Pending Updates
Message Queuing Telemetry Transport (Internet of Things)
RFC 5539 Update Status draft-badra-netconf-rfc5539bis-00
TG1 Draft Topics Date: Authors: September 2012 Month Year
Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-19 NETCONF WG IETF 100 (Singapore)
5G Use Case Configuration & PNF SW Upgrade using NETCONF ONAP DDF, Jan 9, 2019 Ericsson.
Handling YANG Revisions – Discussion Kickoff
Subscription to Multiple Stream Originators
IETF Prague BFD Unsolicited
IETF Montreal BFD YANG Data Model
YANG Data Models for TE and RSVP draft-ietf-teas-yang-te-21 draft-ietf-teas-yang-rsvp-11 draft-ietf-teas-yang-rsvp-te-07 Tarek Saad, Juniper Networks Rakesh.
Schema version selection Reshad Rahman (presenting), Rob Wilton
YANG Data Models for TE and RSVP draft-ietf-teas-yang-te-21 draft-ietf-teas-yang-rsvp-11 draft-ietf-teas-yang-rsvp-te-07 Tarek Saad, Juniper Networks Rakesh.
Presentation transcript:

NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA

Updates since IETF 90 Removed YANG 1.1 style if-feature statements Removed the read-only lists of SSH host-keys and TLS certs Added ability to configure trust-anchors for SSH X.509 client certs Now imports by revision, per best practice (?) Added support for RESTCONF server Added RFC Editor instructions Added NACM statements to YANG modules for sensitive nodes Added client-cert-auth subtree to ietf-restconf-server module Added description for braces to tree diagram section Renamed feature from "rfc6187" to "ssh-x509-certs"

Last Call Results Model changes needed Some editorial clarifications needed

Open Issues https://github.com/netconf-wg/server-model/issues

#32: rename "application" node name to "netconf-client”? Current: Proposed: module: ietf-netconf-server +--rw netconf-server +--rw call-home {call-home}? +--rw application* [name] +--rw ssh +--rw endpoints +--rw endpoint* [name] ... module: ietf-netconf-server +--rw netconf-server +--rw call-home {call-home}? +--rw netconf-client* [name] +--rw ssh +--rw endpoints +--rw endpoint* [name] ...

#33: Is it a good idea to name the top-level node "netconf-server"? Is this name consistent with how we name other things? what might be better? FWIW, RFC 6022 has "netconf-state” Example using current naming strategy: <netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server"> <session-options>...</session-options> <listen>...</listen> <call-home>...</call-home> <ssh>...</ssh> </netconf-server>

#34: Are the current features granular enough? For NETCONF only, it’s not possible to advertise being able to listen for just SSH and call-home with just TLS +--rw netconf-server +--rw listen {listen}? | +--rw endpoint* [name] | +--rw (transport) | +--:(ssh) {ssh}? | +--:(tls) {tls}? +--rw call-home {call-home}? | +--rw application* [name] | +--rw (transport) | +--:(ssh) {ssh}? | +--:(tls) {tls}? +--rw ssh {ssh}? ... +--rw tls {tls}? YANG 1.1’s new if-feature syntax was designed to support this case, but can’t use because 6020bis isn’t stable yet…

#36: is import by revision needed? At the time I submitted this draft, it was my understanding that import by revision was best practice, and that prior YANG modules were in violation. Recent YANG 1.1 conformance discussions seem to be swinging the other direction now, but with potential to swing back again. Unclear what the right thing to do is ! Perhaps taking it out is the way to go because, even if it's wrong, it will at least be in the company of other published modules ;)

#38: remove upper-bound on hello-timeout, idle-timeout, and max-sessions? leaf hello-timeout { type uint32 { range "0 | 10 .. 3600"; } units "seconds"; leaf idle-timeout { range "0 | 10 .. 360000"; leaf max-sessions { type uint16 { range "0 .. 1024";

#39: move away from a number with a fixed unit? Removing upper-bounds is well and good, but large values can become unreadable: Example: 3 days or 259,200 seconds? How about a 2-tuple? One leaf for a numerical value One leaf for an enum [secs, mins, hours, days, etc.] Or something like a XSD’s “duration”? Example: PnYnMnDTnHnMnS

#40: move "max-sessions" to global session-param? Currently under the “listen” leaf If moved to global level, how to catch if configured number of call-homes exceed the value? Can an must statement catch this? count(/call-home/application) <= /session-options/max-sessions

#41: should address be mandatory? Currently, neither address nor port are mandatory for a listening endpoint but port has a default should address be mandatory or should no specified address be treated as a wildcard?

#43: keep-alive, linger, reconnect interval defaults OK? …/connection-type/persistent/keep-alives/interval-secs: 15 seconds …/connection-type/periodic/linger-secs: 30 seconds …/reconnect-strategy/interval-secs: 5 minutes

E.g., let's say an application has 3 endpoints #45: how do interval-secs and count-max work for reconnect-strategy if an endpoint resolves to multiple IP addresses? E.g., let's say an application has 3 endpoints name1, name2, and name3 And each expands into two IP addresses: {ip1.1, ip1.2}, {ip2.1, ip2.2}, {ip3.1, ip3.2} Proposal: treat as if IPs were configured explicitly E.g., ip1.1  ip1.2  ip2.1  ip2.2  ip3.1  ip3.2

#46: move "peer_allowed_to_send" to CH draft? Currently Call Home draft says nothing about keep alives! It should say “Servers SHOULD send keep-alives…” But in order to do so, TLS [RFC 6520] requires the client to advertise "peer_allowed_to_send” Thus we also need “Clients MUST advertise "peer_allowed_to_send" Proposal: move entire Section 5 to Call Home draft Section 5: Implementation strategy for keep-alives Covers both SSH and TLS keep-alives

#47: introduce a 2nd timeout for periodic connections for when there's data to send? Current text says that a device SHOULD pro-actively connect to the client if it has messages to send Options: Leave as it is have another configurable timer (less than periodic interval) for how long device should wait? Or an absolute time (e.g., 2:00am) ?

#49: combine trusted-ca-certs and trusted-client-certs for ssh/tls? Current text has separate lists for configuring trusted CA-certs and client-certs for SSH and TLS There doesn’t seem to be a Security reason for why these are separate Would like to combine, but how to set if-feature statement? Ideally would use YANG 1.1 if-feature syntax if-feature “(ssh-x509-certs or tls)”; Create feature called “ssh-x509-or-tls”?

Next Steps Need to work through issues Submit server-model-07 ASAP Another Last Call will be necessary

Thank you