YANG Library
draft-ietf-netconf-rfc7895bis-06
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 8525.
|
|
|---|---|---|---|
| Authors | Andy Bierman , Martin Björklund , Jürgen Schönwälder , Kent Watsen , Robert Wilton | ||
| Last updated | 2018-10-11 (Latest revision 2018-04-08) | ||
| Replaces | draft-nmdsdt-netconf-rfc7895bis | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Mahesh Jethanandani | ||
| Shepherd write-up | Show Last changed 2018-04-09 | ||
| IESG | IESG state | Became RFC 8525 (Proposed Standard) | |
| Consensus boilerplate | Yes | ||
| Telechat date | (None) | ||
| Responsible AD | Ignas Bagdonas | ||
| Send notices to | Mahesh Jethanandani <mjethanandani@gmail.com> | ||
| IANA | IANA review state | IANA OK - Actions Needed |
draft-ietf-netconf-rfc7895bis-06
";
uses common-leafs {
status deprecated;
}
uses schema-leaf {
status deprecated;
}
}
}
}
/*
* Legacy operational state data nodes
*/
container modules-state {
config false;
status deprecated;
Bierman, et al. Expires October 11, 2018 [Page 19]
Internet-Draft YANG Library April 2018
description
"Contains YANG module monitoring information.";
leaf module-set-id {
type string;
mandatory true;
status deprecated;
description
"Contains a server-specific identifier representing
the current set of modules and submodules. The
server MUST change the value of this leaf if the
information represented by the 'module' list instances
has changed.";
}
uses module-list {
status deprecated;
}
}
/*
* Legacy notifications
*/
notification yang-library-change {
status deprecated;
description
"Generated when the set of modules and submodules supported
by the server has changed.";
leaf module-set-id {
type leafref {
path "/yanglib:modules-state/yanglib:module-set-id";
}
mandatory true;
status deprecated;
description
"Contains the module-set-id value representing the
set of modules and submodules supported at the server
at the time the notification is generated.";
}
}
}
<CODE ENDS>
Bierman, et al. Expires October 11, 2018 [Page 20]
Internet-Draft YANG Library April 2018
5. IANA Considerations
RFC 7895 previously registered one URI in the IETF XML registry
[RFC3688]. This document takes over this registration entry made by
RFC 7895 and changes the Registrant to the IESG according to
Section 4 in [RFC3688].
URI: urn:ietf:params:xml:ns:yang:ietf-yang-library
Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace.
RFC 7895 previously registered one YANG module in the "YANG Module
Names" registry [RFC6020] as follows:
name: ietf-yang-library
namespace: urn:ietf:params:xml:ns:yang:ietf-yang-library
prefix: yanglib
reference: RFC 7895
This document takes over this registration entry made by RFC 7895.
6. Security Considerations
The YANG module specified in this document defines a schema for data
that is accessed by network management protocols such as NETCONF
[RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the
secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC5246].
The NETCONF access control model [RFC6536] provides the means to
restrict access for particular NETCONF or RESTCONF users to a
preconfigured subset of all available NETCONF or RESTCONF protocol
operations and content.
Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability:
The "/yang-library" subtree of the YANG library may help an attacker
identify the server capabilities and server implementations with
known bugs since the set of YANG modules supported by a server may
reveal the kind of device and the manufacturer of the device.
Bierman, et al. Expires October 11, 2018 [Page 21]
Internet-Draft YANG Library April 2018
Although some of this information may be available to all NETCONF
users via the NETCONF <hello> message (or similar messages in other
management protocols), this YANG module potentially exposes
additional details that could be of some assistance to an attacker.
Server vulnerabilities may be specific to particular modules, module
revisions, module features, or even module deviations. For example,
if a particular operation on a particular data node is known to cause
a server to crash or significantly degrade device performance, then
the module list information will help an attacker identify server
implementations with such a defect, in order to launch a denial-of-
service attack on the device.
7. Acknowledgments
Contributions to this material by Andy Bierman are based upon work
supported by the The Space & Terrestrial Communications Directorate
(S&TCD) under Contract No. W15P7T-13-C-A616. Any opinions, findings
and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect the views of
The Space & Terrestrial Communications Directorate (S&TCD).
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997, <https://www.rfc-editor.org/info/
rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, <https://www.rfc-
editor.org/info/rfc3688>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/
RFC5246, August 2008, <https://www.rfc-editor.org/info/
rfc5246>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, <https://www.rfc-
editor.org/info/rfc6020>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
Bierman, et al. Expires October 11, 2018 [Page 22]
Internet-Draft YANG Library April 2018
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
Protocol (NETCONF) Access Control Model", RFC 6536, DOI
10.17487/RFC6536, March 2012, <https://www.rfc-
editor.org/info/rfc6536>.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC
6991, DOI 10.17487/RFC6991, July 2013, <https://www.rfc-
editor.org/info/rfc6991>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>.
8.2. Informative References
[I-D.ietf-netconf-nmda-netconf]
Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "NETCONF Extensions to Support the Network
Management Datastore Architecture", draft-ietf-netconf-
nmda-netconf-04 (work in progress), March 2018.
[I-D.ietf-netconf-nmda-restconf]
Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "RESTCONF Extensions to Support the Network
Management Datastore Architecture", draft-ietf-netconf-
nmda-restconf-03 (work in progress), March 2018.
[I-D.ietf-netmod-schema-mount]
Bjorklund, M. and L. Lhotka, "YANG Schema Mount", draft-
ietf-netmod-schema-mount-09 (work in progress), March
2018.
Bierman, et al. Expires October 11, 2018 [Page 23]
Internet-Draft YANG Library April 2018
[RFC5277] Chisholm, S. and H. Trevino, "NETCONF Event
Notifications", RFC 5277, DOI 10.17487/RFC5277, July 2008,
<https://www.rfc-editor.org/info/rfc5277>.
[RFC6470] Bierman, A., "Network Configuration Protocol (NETCONF)
Base Notifications", RFC 6470, DOI 10.17487/RFC6470,
February 2012, <https://www.rfc-editor.org/info/rfc6470>.
[RFC7895] Bierman, A., Bjorklund, M., and K. Watsen, "YANG Module
Library", RFC 7895, DOI 10.17487/RFC7895, June 2016,
<https://www.rfc-editor.org/info/rfc7895>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>.
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
<https://www.rfc-editor.org/info/rfc8343>.
[RFC8344] Bjorklund, M., "A YANG Data Model for IP Management", RFC
8344, DOI 10.17487/RFC8344, March 2018, <https://www.rfc-
editor.org/info/rfc8344>.
[RFC8345] Clemm, A., Medved, J., Varga, R., Bahadur, N.,
Ananthakrishnan, H., and X. Liu, "A YANG Data Model for
Network Topologies", RFC 8345, DOI 10.17487/RFC8345, March
2018, <https://www.rfc-editor.org/info/rfc8345>.
[RFC8348] Bierman, A., Bjorklund, M., Dong, J., and D. Romascanu, "A
YANG Data Model for Hardware Management", RFC 8348, DOI
10.17487/RFC8348, March 2018, <https://www.rfc-
editor.org/info/rfc8348>.
[RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for
Routing Management (NMDA Version)", RFC 8349, DOI
10.17487/RFC8349, March 2018, <https://www.rfc-
editor.org/info/rfc8349>.
Appendix A. Summary of Changes from RFC 7895
This document updates [RFC7895] in the following ways:
o Renamed document title from "YANG Module Library" to "YANG
Library".
Bierman, et al. Expires October 11, 2018 [Page 24]
Internet-Draft YANG Library April 2018
o Added a new top-level "/yang-library" container to hold the entire
YANG library providing information about module sets, schemas, and
datastores.
o Refactored the "/modules-state" container into a new
"/yang-library/module-set" list.
o Added a new "/yang-library/schema" list and a new "/yang-library/
datastore" list.
o Added a set of new groupings as replacements for the deprecated
groupings.
o Added a "yang-library-update" notification as a replacement for
the deprecated "yang-library-change" notification.
o Deprecated the "/modules-state" tree.
o Deprecated the "/module-list" grouping.
o Deprecated the "/yang-library-change" notification.
Appendix B. Example YANG Library Instance for a Basic Server
The following example shows the YANG Library of a basic server
implementing the "ietf-interfaces" [RFC8343] and "ietf-ip" [RFC8344]
modules in the <running>, <startup>, and <operational> datastores and
the "ietf-hardware" [RFC8348] module in the <operational> datastore.
Newlines in leaf values are added for formatting reasons.
<yang-library
xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<module-set>
<name>config-modules</name>
<module>
<name>ietf-interfaces</name>
<revision>2018-01-09</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-interfaces
</namespace>
</module>
<module>
<name>ietf-ip</name>
<revision>2018-01-09</revision> <!-- RFC Ed. update this -->
<namespace>
Bierman, et al. Expires October 11, 2018 [Page 25]
Internet-Draft YANG Library April 2018
urn:ietf:params:xml:ns:yang:ietf-ip
</namespace>
</module>
<import-only-module>
<name>ietf-yang-types</name>
<revision>2013-07-15</revision>
<namespace>
urn:ietf:params:xml:ns:yang:ietf-yang-types
</namespace>
</import-only-module>
<import-only-module>
<name>ietf-inet-types</name>
<revision>2013-07-15</revision>
<namespace>
urn:ietf:params:xml:ns:yang:ietf-inet-types
</namespace>
</import-only-module>
</module-set>
<module-set>
<name>state-modules</name>
<module>
<name>ietf-hardware</name>
<revision>2018-12-18</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-hardware
</namespace>
</module>
<import-only-module>
<name>ietf-inet-types</name>
<revision>2013-07-15</revision>
<namespace>
urn:ietf:params:xml:ns:yang:ietf-inet-types
</namespace>
</import-only-module>
<import-only-module>
<name>ietf-yang-types</name>
<revision>2013-07-15</revision>
<namespace>
urn:ietf:params:xml:ns:yang:ietf-yang-types
</namespace>
</import-only-module>
<import-only-module>
<name>iana-hardware</name>
<revision>2017-12-18</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:iana-hardware
</namespace>
Bierman, et al. Expires October 11, 2018 [Page 26]
Internet-Draft YANG Library April 2018
</import-only-module>
</module-set>
<schema>
<name>config-schema</name>
<module-set>config-modules</module-set>
</schema>
<schema>
<name>state-schema</name>
<module-set>config-modules</module-set>
<module-set>state-modules</module-set>
</schema>
<datastore>
<name>ds:startup</name>
<schema>config-schema</schema>
</datastore>
<datastore>
<name>ds:running</name>
<schema>config-schema</schema>
</datastore>
<datastore>
<name>ds:operational</name>
<schema>state-schema</schema>
</datastore>
<checksum>75a43df9bd56b92aacc156a2958fbe12312fb285</checksum>
</yang-library>
Appendix C. Example YANG Library Instance for an Advanced Server
The following example extends the preceding Basic Server YANG Library
example, by using modules from [RFC8345] and [RFC8349], to illustrate
a slightly more advanced server that:
o Has a module with features only enabled in <operational>; the
"ietf-routing module" is supported in <running>, <startup>, and
<operational>, but the "multiple-ribs" and "router-id" features
are only enabled in <operational>. Hence the "router-id" leaf may
be read but not configured.
o Supports a dynamic configuration datastore "example-ds-ephemeral",
with only the "ietf-network" and "ietf-network-topology" modules
configurable via a notional dynamic configuration protocol.
o Shows an example of datastore specific deviations. The module
"example-vendor-hardware-deviations" is included in the schema for
Bierman, et al. Expires October 11, 2018 [Page 27]
Internet-Draft YANG Library April 2018
<operational> to remove data nodes that cannot be supported by the
server.
o Shows how module-sets can be used to organize related modules
together.
<yang-library
xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores"
xmlns:ex-ds-eph="urn:example:ds-ephemeral">
<module-set>
<name>config-state-modules</name>
<module>
<name>ietf-interfaces</name>
<revision>2018-01-09</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-interfaces
</namespace>
</module>
<module>
<name>ietf-ip</name>
<revision>2018-01-09</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-ip
</namespace>
</module>
<module>
<name>ietf-routing</name>
<revision>2018-01-25</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-routing
</namespace>
</module>
<import-only-module>
<name>ietf-yang-types</name>
<revision>2013-07-15</revision>
<namespace>
urn:ietf:params:xml:ns:yang:ietf-yang-types
</namespace>
</import-only-module>
<import-only-module>
<name>ietf-inet-types</name>
<revision>2013-07-15</revision>
<namespace>
urn:ietf:params:xml:ns:yang:ietf-inet-types
</namespace>
</import-only-module>
Bierman, et al. Expires October 11, 2018 [Page 28]
Internet-Draft YANG Library April 2018
</module-set>
<module-set>
<name>config-only-modules</name>
<module>
<name>ietf-routing</name>
<revision>2018-01-25</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-routing
</namespace>
</module>
</module-set>
<module-set>
<name>dynamic-config-state-modules</name>
<module>
<name>ietf-network</name>
<revision>2017-12-18</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-network
</namespace>
</module>
<module>
<name>ietf-network-topology</name>
<revision>2017-12-18</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-network-topology
</namespace>
</module>
<import-only-module>
<name>ietf-inet-types</name>
<revision>2013-07-15</revision>
<namespace>
urn:ietf:params:xml:ns:yang:ietf-inet-types
</namespace>
</import-only-module>
</module-set>
<module-set>
<name>state-only-modules</name>
<module>
<name>ietf-hardware</name>
<revision>2018-12-18</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-hardware
</namespace>
<deviation>example-vendor-hardware-deviations</deviation>
</module>
Bierman, et al. Expires October 11, 2018 [Page 29]
Internet-Draft YANG Library April 2018
<module>
<name>ietf-routing</name>
<revision>2018-01-25</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:ietf-routing
</namespace>
<feature>multiple-ribs</feature>
<feature>router-id</feature>
</module>
<module>
<name>example-vendor-hardware-deviations</name>
<revision>2018-01-31</revision>
<namespace>
urn:example:example-vendor-hardware-deviations
</namespace>
</module>
<import-only-module>
<name>ietf-inet-types</name>
<revision>2013-07-15</revision>
<namespace>
urn:ietf:params:xml:ns:yang:ietf-inet-types
</namespace>
</import-only-module>
<import-only-module>
<name>ietf-yang-types</name>
<revision>2013-07-15</revision>
<namespace>
urn:ietf:params:xml:ns:yang:ietf-yang-types
</namespace>
</import-only-module>
<import-only-module>
<name>iana-hardware</name>
<revision>2017-12-18</revision> <!-- RFC Ed. update this -->
<namespace>
urn:ietf:params:xml:ns:yang:iana-hardware
</namespace>
</import-only-module>
</module-set>
<schema>
<name>config-schema</name>
<module-set>config-state-modules</module-set>
<module-set>config-only-modules</module-set>
</schema>
<schema>
<name>dynamic-config-schema</name>
<module-set>dynamic-config-state-modules</module-set>
</schema>
Bierman, et al. Expires October 11, 2018 [Page 30]
Internet-Draft YANG Library April 2018
<schema>
<name>state-schema</name>
<module-set>config-state-modules</module-set>
<module-set>dynamic-config-state-modules</module-set>
<module-set>state-only-modules</module-set>
</schema>
<datastore>
<name>ds:startup</name>
<schema>config-schema</schema>
</datastore>
<datastore>
<name>ds:running</name>
<schema>config-schema</schema>
</datastore>
<datastore>
<name>ex-ds-eph:ds-ephemeral</name>
<schema>dynamic-config-schema</schema>
</datastore>
<datastore>
<name>ds:operational</name>
<schema>state-schema</schema>
</datastore>
<checksum>14782ab9bd56b92aacc156a2958fbe12312fb285</checksum>
</yang-library>
Authors' Addresses
Andy Bierman
YumaWorks
Email: andy@yumaworks.com
Martin Bjorklund
Tail-f Systems
Email: mbj@tail-f.com
Juergen Schoenwaelder
Jacobs University
Email: j.schoenwaelder@jacobs-university.de
Bierman, et al. Expires October 11, 2018 [Page 31]
Internet-Draft YANG Library April 2018
Kent Watsen
Juniper Networks
Email: kwatsen@juniper.net
Robert Wilton
Cisco Systems
Email: rwilton@cisco.com
Bierman, et al. Expires October 11, 2018 [Page 32]