Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model https://github.com/netconf-wg/server-model.

Published byRoderick Small Modified over 8 years ago

Similar presentations

Presentation on theme: "Draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model https://github.com/netconf-wg/server-model."— Presentation transcript:

1 draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model https://github.com/netconf-wg/server-model

2 Relationship to other WG documents 2 RFC 5539 bis (TLS) RFC 6242 (SSH) draft-ietf-netconf-call-home draft-ietf-netconf-server-model Dependency on these drafts completing

3 Updates since IETF 90 Added to the Objectives section the need to support specifying which server key(s) to use, how to authenticate client-certificates, and how to map authenticated client-certificates to NETCONF usernames Added to the data-model the ability for listen/call-home instances to specify which host-keys and/or certificates to use Brought back the TLS client auth model (includes cert-maps) Removed the "one-to-many" construct Removed "address" as a key field Removed the "network-manager" terminology Reduced the number of grouping statements Removed psk-maps from model Clarified that the last-connected setting should span reboots Clarified support for indirect client certificate authentication Added keep-alive configuration for listen connections Added the /netconf-server/session-options subtree for global parameters Uses new YANG 1.1 feature statement syntax 3

4 Open Issues 4 https://github.com/netconf-wg/server-model/issues

5 Support SSH X.509-based client certs? Fact: client-certs are not required for NETCONF/SSH – Not even when server has a X.509-based host-key – No difference if a standard or a call-home connection – Standard password and public-key mechanisms work fine That said, it’s likely that a server with a X.509-based host-key would also support clients having X.509 based certificates… Fairly easy addition: just add same client-auth container from “tls” tree to “ssh” tree WG opinion? 5

6 Support config of host-keys and certs? 1.Current draft assumes external generation of host-keys and certificates Can / should we do more? A model for configuring such things? 2.Related, current draft enables NETCONF server to report its host-keys and certificates (config false) Is this out of place? Should how user learns names be out of scope of this draft? 6

7 Next Steps Close previously mentioned open issues Make any other discovered needed changes Begin WGLC on server-model-05 (Dec 2014) – Along with dependencies 5539bis and zerotouch 7

8 Questions / Concerns / Suggestions ? 8

Download ppt "Draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model https://github.com/netconf-wg/server-model."

Similar presentations

Radius based ssh authentication Location of Radius server – radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius – The same config.

Radius based ssh authentication Location of Radius server – radius-server host auth-port 1812 acct-port 1813 key WinRadius – The same config.
RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement.

RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement.
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.

NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.
draft-kwatsen-netconf-zerotouch-01

draft-kwatsen-netconf-zerotouch-01
draft-ietf-netconf-call-home-01

draft-ietf-netconf-call-home-01
Abierman-nanog-30may03 1 XML Router Configs BOF Operator Involvement Andy Bierman

Abierman-nanog-30may03 1 XML Router Configs BOF Operator Involvement Andy Bierman
NETCONF WG IETF 92 - Dallas TUESDAY, March 24, 2015 1300-1500 CDT Mehmet Ersue Mahesh Jethanandani 3/24/2015 1 IETF #92- NETCONF WG session.

NETCONF WG IETF 92 - Dallas TUESDAY, March 24, CDT Mehmet Ersue Mahesh Jethanandani 3/24/ IETF #92- NETCONF WG session.
Yang Shi (Richard), Yong Zhang IETF 74 th 26 March 2009, San Francisco CAPWAP WG MIB Drafts Report.

Yang Shi (Richard), Yong Zhang IETF 74 th 26 March 2009, San Francisco CAPWAP WG MIB Drafts Report.
I2RS draft-rfernando-yang-mods.txt I2RS Yang Extensions draft-rfernando-yang-data-mods R.Fernando, P.Chinnakannan, M.Madhayyan, A.Clemm.

I2RS draft-rfernando-yang-mods.txt I2RS Yang Extensions draft-rfernando-yang-data-mods R.Fernando, P.Chinnakannan, M.Madhayyan, A.Clemm.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Draft-ietf-fecframe-config-signaling-02 1 FEC framework Configuration Signaling draft-ietf-fecframe-config-signaling-02.txt IETF 76 Rajiv Asati.

Draft-ietf-fecframe-config-signaling-02 1 FEC framework Configuration Signaling draft-ietf-fecframe-config-signaling-02.txt IETF 76 Rajiv Asati.
Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.
ISMS IETF72 David Harrington. Status IETF72 Transport Subsystem for the Simple Network Management Protocol (SNMP) –IETF69: draft-ietf-isms-tmsm-09.txt.

ISMS IETF72 David Harrington. Status IETF72 Transport Subsystem for the Simple Network Management Protocol (SNMP) –IETF69: draft-ietf-isms-tmsm-09.txt.
SSHSM Issues David Harrington IETF64 ISMS WG Vancouver, BC.

SSHSM Issues David Harrington IETF64 ISMS WG Vancouver, BC.
7/27/2004IETF San-Diego Plenary meeting 8/2004 EPON MIBs Lior Khermosh – Passave Technologies

7/27/2004IETF San-Diego Plenary meeting 8/2004 EPON MIBs Lior Khermosh – Passave Technologies
IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.

IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
Dynamic Allocation of Shared IPv4 Addresses draft-ietf-dhc-dynamic-shared-v4allocation-01 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF.

Dynamic Allocation of Shared IPv4 Addresses draft-ietf-dhc-dynamic-shared-v4allocation-01 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF.

Similar presentations

Ads by Google