draft-ietf-netconf-privcand-03.txt | draft-ietf-netconf-privcand-04.txt | |||
---|---|---|---|---|
Internet Engineering Task Force JG. Cumming | Internet Engineering Task Force JG. Cumming | |||
Internet-Draft Nokia | Internet-Draft Nokia | |||
Updates: 6241, 8526, 9144 (if approved) R. Wills | Updates: 6241, 8342, 8526, 9144 (if approved) R. Wills | |||
Intended status: Standards Track Cisco Systems | Intended status: Standards Track Cisco Systems | |||
Expires: 1 December 2024 30 May 2024 | Expires: 3 January 2025 2 July 2024 | |||
NETCONF Private Candidates | NETCONF Private Candidates | |||
draft-ietf-netconf-privcand-03 | draft-ietf-netconf-privcand-04 | |||
Abstract | Abstract | |||
This document provides a mechanism to extend the Network | This document provides a mechanism to extend the Network | |||
Configuration Protocol (NETCONF) and RESTCONF protocol to support | Configuration Protocol (NETCONF) and RESTCONF protocol to support | |||
multiple clients making configuration changes simultaneously and | multiple clients making configuration changes simultaneously and | |||
ensuring that they commit only those changes that they defined. | ensuring that they commit only those changes that they defined. | |||
This document addresses two specific aspects: The interaction with a | This document addresses two specific aspects: The interaction with a | |||
private candidate over the NETCONF and RESTCONF protocols and the | private candidate over the NETCONF and RESTCONF protocols and the | |||
skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on 1 December 2024. | This Internet-Draft will expire on 3 January 2025. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
extracted from this document must include Revised BSD License text as | extracted from this document must include Revised BSD License text as | |||
described in Section 4.e of the Trust Legal Provisions and are | described in Section 4.e of the Trust Legal Provisions and are | |||
provided without warranty as described in the Revised BSD License. | provided without warranty as described in the Revised BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | |||
1.2. Updates to RFC 6241 and RFC 8526 . . . . . . . . . . . . 4 | ||||
1.3. Updates to RFC 8342 . . . . . . . . . . . . . . . . . . . 4 | ||||
1.4. Updates to RFC 9144 . . . . . . . . . . . . . . . . . . . 4 | ||||
2. Definitions and terminology . . . . . . . . . . . . . . . . . 4 | 2. Definitions and terminology . . . . . . . . . . . . . . . . . 4 | |||
2.1. Session specific datastore . . . . . . . . . . . . . . . 4 | 2.1. Session specific datastore . . . . . . . . . . . . . . . 4 | |||
2.2. Shared candidate configuration . . . . . . . . . . . . . 4 | 2.2. Shared candidate configuration . . . . . . . . . . . . . 4 | |||
2.3. Private candidate configuration . . . . . . . . . . . . . 4 | 2.3. Private candidate configuration . . . . . . . . . . . . . 4 | |||
3. Limitations using the shared candidate configuration for | 3. Limitations using the shared candidate configuration for | |||
multiple clients . . . . . . . . . . . . . . . . . . . . 5 | multiple clients . . . . . . . . . . . . . . . . . . . . 5 | |||
3.1. Issues . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3.1. Issues . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
3.1.1. Unintended deployment of alternate users configuration | 3.1.1. Unintended deployment of alternate users configuration | |||
changes . . . . . . . . . . . . . . . . . . . . . . . 5 | changes . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
3.2. Current mitigation strategies . . . . . . . . . . . . . . 5 | 3.2. Current mitigation strategies . . . . . . . . . . . . . . 6 | |||
3.2.1. Locking the shared candidate configuration | 3.2.1. Locking the shared candidate configuration | |||
datastore . . . . . . . . . . . . . . . . . . . . . . 5 | datastore . . . . . . . . . . . . . . . . . . . . . . 6 | |||
3.2.2. Always use the running configuration datastore . . . 6 | 3.2.2. Always use the running configuration datastore . . . 6 | |||
3.2.3. Fine-grained locking . . . . . . . . . . . . . . . . 6 | 3.2.3. Fine-grained locking . . . . . . . . . . . . . . . . 6 | |||
4. Private candidates solution . . . . . . . . . . . . . . . . . 6 | 4. Private candidates solution . . . . . . . . . . . . . . . . . 7 | |||
4.1. What is a private candidate . . . . . . . . . . . . . . . 7 | 4.1. What is a private candidate . . . . . . . . . . . . . . . 7 | |||
4.2. When is a private candidate created . . . . . . . . . . . 7 | 4.2. When is a private candidate created . . . . . . . . . . . 7 | |||
4.3. When is a private candidate destroyed . . . . . . . . . . 7 | 4.3. When is a private candidate destroyed . . . . . . . . . . 8 | |||
4.4. How to signal the use of private candidates . . . . . . . 7 | 4.4. How to signal the use of private candidates . . . . . . . 8 | |||
4.4.1. Server . . . . . . . . . . . . . . . . . . . . . . . 7 | 4.4.1. Server . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
4.4.2. NETCONF client . . . . . . . . . . . . . . . . . . . 8 | 4.4.2. NETCONF client . . . . . . . . . . . . . . . . . . . 8 | |||
4.4.3. RESTCONF client . . . . . . . . . . . . . . . . . . . 10 | 4.4.3. RESTCONF client . . . . . . . . . . . . . . . . . . . 11 | |||
4.5. Interaction between running and private-candidate(s) . . 11 | 4.5. Interaction between running and private-candidate(s) . . 12 | |||
4.6. Detecting and resolving conflicts . . . . . . . . . . . . 13 | 4.6. Detecting and resolving conflicts . . . . . . . . . . . . 14 | |||
4.6.1. What is a conflict? . . . . . . . . . . . . . . . . . 13 | 4.6.1. What is a conflict? . . . . . . . . . . . . . . . . . 14 | |||
4.6.2. Detecting and reporting conflicts . . . . . . . . . . 14 | 4.6.2. Detecting and reporting conflicts . . . . . . . . . . 15 | |||
4.6.3. Conflict resolution . . . . . . . . . . . . . . . . . 15 | 4.6.3. Conflict resolution . . . . . . . . . . . . . . . . . 16 | |||
4.6.4. Default resolution mode and advertisement of this | 4.6.4. Default resolution mode and advertisement of this | |||
mode . . . . . . . . . . . . . . . . . . . . . . . . 22 | mode . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
4.6.5. Supported resolution modes . . . . . . . . . . . . . 23 | 4.6.5. Supported resolution modes . . . . . . . . . . . . . 24 | |||
4.7. NETCONF operations . . . . . . . . . . . . . . . . . . . 23 | 4.7. NETCONF operations . . . . . . . . . . . . . . . . . . . 24 | |||
4.7.1. New NETCONF operations . . . . . . . . . . . . . . . 23 | 4.7.1. New NETCONF operations . . . . . . . . . . . . . . . 24 | |||
4.7.2. Updated NETCONF operations . . . . . . . . . . . . . 24 | 4.7.2. Updated NETCONF operations . . . . . . . . . . . . . 25 | |||
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 28 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | |||
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 28 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 29 | |||
7.1. Normative References . . . . . . . . . . . . . . . . . . 28 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 29 | |||
7.2. Informative References . . . . . . . . . . . . . . . . . 29 | 7.2. Informative References . . . . . . . . . . . . . . . . . 30 | |||
Appendix A. Behaviour with unaltered NETCONF operations . . . . 29 | Appendix A. Behaviour with unaltered NETCONF operations . . . . 30 | |||
A.1. <get> . . . . . . . . . . . . . . . . . . . . . . . . . . 29 | A.1. <get> . . . . . . . . . . . . . . . . . . . . . . . . . . 30 | |||
A.2. <cancel-commit> . . . . . . . . . . . . . . . . . . . . . 29 | A.2. <cancel-commit> . . . . . . . . . . . . . . . . . . . . . 30 | |||
Appendix B. YANG modules . . . . . . . . . . . . . . . . . . . . 29 | Appendix B. YANG modules . . . . . . . . . . . . . . . . . . . . 30 | |||
B.1. ietf-netconf@2024-04-16.yang . . . . . . . . . . . . . . 29 | B.1. ietf-netconf@2024-04-16.yang . . . . . . . . . . . . . . 30 | |||
B.2. ietf-datastores@2024-04-16.yang . . . . . . . . . . . . . 51 | B.2. ietf-datastores@2024-04-16.yang . . . . . . . . . . . . . 52 | |||
B.3. ietf-nmda-compare@2024-04-16.yang . . . . . . . . . . . . 53 | B.3. ietf-nmda-compare@2024-04-16.yang . . . . . . . . . . . . 55 | |||
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 58 | Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 59 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 58 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 59 | |||
1. Introduction | 1. Introduction | |||
NETCONF [RFC6241] and RESTCONF [RFC8040] both provide a mechanism for | NETCONF [RFC6241] and RESTCONF [RFC8040] both provide a mechanism for | |||
one or more clients to make configuration changes to a device running | one or more clients to make configuration changes to a device running | |||
as a NETCONF/RESTCONF server. Each client has the ability to make | as a NETCONF/RESTCONF server. Each client has the ability to make | |||
one or more configuration changes to the server's shared candidate | one or more configuration changes to the server's shared candidate | |||
configuration. | configuration. | |||
As the name shared candidate suggests, all clients have access to the | As the name shared candidate suggests, all clients have access to the | |||
skipping to change at page 4, line 5 ¶ | skipping to change at page 4, line 5 ¶ | |||
candidates. | candidates. | |||
1.1. Requirements Language | 1.1. Requirements Language | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
"OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
capitals, as shown here. | capitals, as shown here. | |||
1.2. Updates to RFC 6241 and RFC 8526 | ||||
This document updates [RFC6241] to augment the NETCONF <edit-config>, | ||||
<copy-config>, <get-config>, <commit>, <lock> and <unlock> operations | ||||
to describe how they work with a private candidate datastore. These | ||||
updates are described in Section 4.7.2. This document also adds a | ||||
new <update> operation, described in Section 4.7.1. | ||||
This document also updates [RFC8526] to augment the NETCONF <edit- | ||||
data> and <get-data> operations to describe how they work with a | ||||
private candidate datastore. These updates are described in | ||||
Section 4.7.2. | ||||
1.3. Updates to RFC 8342 | ||||
This document updates [RFC8342] to show how the private candidate | ||||
datastore relates to other datastores. This is shown in | ||||
Section 4.4.2.2. | ||||
Specifially, NMDA is updated to add additional writeable | ||||
configuration datastores called private candidates. | ||||
1.4. Updates to RFC 9144 | ||||
This document updates [RFC9144] to augment the <compare> operation to | ||||
describe how it works with the private candidate datastore. These | ||||
updates are described in Section 4.7.2.4. | ||||
2. Definitions and terminology | 2. Definitions and terminology | |||
2.1. Session specific datastore | 2.1. Session specific datastore | |||
A session specific datastore is a configuration datastore that, | A session specific datastore is a configuration datastore that, | |||
unlike the candidate and running configuration datastores which have | unlike the candidate and running configuration datastores which have | |||
only one per system, is bound to the specific NETCONF session. | only one per system, is bound to the specific NETCONF session. | |||
2.2. Shared candidate configuration | 2.2. Shared candidate configuration | |||
skipping to change at page 9, line 15 ¶ | skipping to change at page 10, line 9 ¶ | |||
4.4.2.2. Private candidate datastore | 4.4.2.2. Private candidate datastore | |||
The private candidate configuration datastore is exposed as its own | The private candidate configuration datastore is exposed as its own | |||
datastore similar to other NMDA [RFC8342] capable datastores. This | datastore similar to other NMDA [RFC8342] capable datastores. This | |||
datastore is called private-candidate. | datastore is called private-candidate. | |||
+-------------+ +-----------+ +---------------------+ | +-------------+ +-----------+ +---------------------+ | |||
| <candidate> | | <startup> | | <private-candidate> |-+ | | <candidate> | | <startup> | | <private-candidate> |-+ | |||
| (ct, rw) |<---+ +--->| (ct, rw) | +->| (ct, rw) | |-+ | | (ct, rw) |<---+ +--->| (ct, rw) | +->| (ct, rw) | |-+ | |||
+-------------+ | | +-----------+ | +---------------------+ | | | +-------------+ | | +-----------+ | +---------------------+ | | | |||
| | | | | +---------------------+ | | | | | | | +----------------------+ | | |||
| +-----------+<--------+ | +---------------------+ | | +-----------+<--------+ | +----------------------+ | |||
+-------->| <running> | | | // multiple | +-------->| <running> | | | // multiple | |||
| (ct, rw) |-------------------+ | // private-candidates | | (ct, rw) |-------------------+ | // private-candidates | |||
+-----------+<-------------------------------+ // possible | +-----------+<-------------------------------+ // possible | |||
| | | | |||
| // configuration transformations, | | // configuration transformations, | |||
| // e.g., removal of nodes marked as | | // e.g., removal of nodes marked as | |||
| // "inactive", expansion of | | // "inactive", expansion of | |||
| // templates | | // templates | |||
v | v | |||
+------------+ | +------------+ | |||
skipping to change at page 24, line 31 ¶ | skipping to change at page 25, line 31 ¶ | |||
Sending an <edit-config> request to private-candidate after one has | Sending an <edit-config> request to private-candidate after one has | |||
been sent to the shared candidate datastore in the same session will | been sent to the shared candidate datastore in the same session will | |||
fail (and visa-versa). | fail (and visa-versa). | |||
Multiple <edit-config> requests may be sent to the private-candidate | Multiple <edit-config> requests may be sent to the private-candidate | |||
datastore in a single session. | datastore in a single session. | |||
4.7.2.2. <edit-data> | 4.7.2.2. <edit-data> | |||
The <edit-data> operation is updated to accept private-candidate as | The <edit-data> [RFC8526] operation is updated to accept private- | |||
valid input to the <datastore> field. (datastore is an identityref | candidate as valid input to the <datastore> field. (datastore is an | |||
and so the actual input will be ds:private-candidate). | identityref and so the actual input will be ds:private-candidate). | |||
The use of <edit-data> will create a private candidate configuration | The use of <edit-data> will create a private candidate configuration | |||
if one does not already exist for that NETCONF session. | if one does not already exist for that NETCONF session. | |||
Multiple <edit-data> requests may be sent to the private-candidate | Multiple <edit-data> requests may be sent to the private-candidate | |||
datastore in a single session. | datastore in a single session. | |||
4.7.2.3. <lock> and <unlock> | 4.7.2.3. <lock> and <unlock> | |||
Performing a <lock> on the private-candidate datastore is a valid | Performing a <lock> on the private-candidate datastore is a valid | |||
skipping to change at page 26, line 19 ¶ | skipping to change at page 27, line 19 ¶ | |||
The use of <get-config> will create a private candidate configuration | The use of <get-config> will create a private candidate configuration | |||
if one does not already exist for that NETCONF session. | if one does not already exist for that NETCONF session. | |||
Sending an <get-config> request to private-candidate after one has | Sending an <get-config> request to private-candidate after one has | |||
been sent to the shared candidate datastore in the same session will | been sent to the shared candidate datastore in the same session will | |||
fail (and visa-versa). | fail (and visa-versa). | |||
4.7.2.6. <get-data> | 4.7.2.6. <get-data> | |||
The <get-data> operation accepts the private-candidate as a valid | The <get-data> [RFC8526] operation accepts the private-candidate as a | |||
datastore. | valid datastore. | |||
The use of <get-data> will create a private candidate configuration | The use of <get-data> will create a private candidate configuration | |||
if one does not already exist for that NETCONF session. | if one does not already exist for that NETCONF session. | |||
Sending an <get-data> request to private-candidate after one has been | Sending an <get-data> request to private-candidate after one has been | |||
sent to the shared candidate datastore in the same session will fail | sent to the shared candidate datastore in the same session will fail | |||
(and visa-versa). | (and visa-versa). | |||
4.7.2.7. <copy-config> | 4.7.2.7. <copy-config> | |||
skipping to change at page 29, line 5 ¶ | skipping to change at page 30, line 5 ¶ | |||
[RFC5717] Lengyel, B. and M. Bjorklund, "Partial Lock Remote | [RFC5717] Lengyel, B. and M. Bjorklund, "Partial Lock Remote | |||
Procedure Call (RPC) for NETCONF", RFC 5717, | Procedure Call (RPC) for NETCONF", RFC 5717, | |||
DOI 10.17487/RFC5717, December 2009, | DOI 10.17487/RFC5717, December 2009, | |||
<https://www.rfc-editor.org/info/rfc5717>. | <https://www.rfc-editor.org/info/rfc5717>. | |||
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | |||
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | |||
<https://www.rfc-editor.org/info/rfc8040>. | <https://www.rfc-editor.org/info/rfc8040>. | |||
[RFC8526] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | ||||
and R. Wilton, "NETCONF Extensions to Support the Network | ||||
Management Datastore Architecture", RFC 8526, | ||||
DOI 10.17487/RFC8526, March 2019, | ||||
<https://www.rfc-editor.org/info/rfc8526>. | ||||
[RFC8527] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | [RFC8527] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | |||
and R. Wilton, "RESTCONF Extensions to Support the Network | and R. Wilton, "RESTCONF Extensions to Support the Network | |||
Management Datastore Architecture", RFC 8527, | Management Datastore Architecture", RFC 8527, | |||
DOI 10.17487/RFC8527, March 2019, | DOI 10.17487/RFC8527, March 2019, | |||
<https://www.rfc-editor.org/info/rfc8527>. | <https://www.rfc-editor.org/info/rfc8527>. | |||
7.2. Informative References | 7.2. Informative References | |||
Appendix A. Behaviour with unaltered NETCONF operations | Appendix A. Behaviour with unaltered NETCONF operations | |||
End of changes. 16 change blocks. | ||||
42 lines changed or deleted | 79 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |