draft-ietf-netconf-4741bis-06.txt   draft-ietf-netconf-4741bis-07.txt 
Network Working Group R. Enns, Ed. Network Working Group R. Enns, Ed.
Internet-Draft Juniper Networks Internet-Draft Juniper Networks
Obsoletes: RFC4741 M. Bjorklund, Ed. Obsoletes: 4741 (if approved) M. Bjorklund, Ed.
(if approved) Tail-f Systems Intended status: Standards Track Tail-f Systems
Intended status: Standards Track J. Schoenwaelder, Ed. Expires: July 20, 2011 J. Schoenwaelder, Ed.
Expires: April 28, 2011 Jacobs University Jacobs University
A. Bierman, Ed. A. Bierman, Ed.
Brocade Brocade
October 25, 2010 January 16, 2011
Network Configuration Protocol (NETCONF) Network Configuration Protocol (NETCONF)
draft-ietf-netconf-4741bis-06 draft-ietf-netconf-4741bis-07
Abstract Abstract
The Network Configuration Protocol (NETCONF) defined in this document The Network Configuration Protocol (NETCONF) defined in this document
provides mechanisms to install, manipulate, and delete the provides mechanisms to install, manipulate, and delete the
configuration of network devices. It uses an Extensible Markup configuration of network devices. It uses an Extensible Markup
Language (XML)-based data encoding for the configuration data as well Language (XML)-based data encoding for the configuration data as well
as the protocol messages. The NETCONF protocol operations are as the protocol messages. The NETCONF protocol operations are
realized as Remote Procedure Calls (RPC). realized as Remote Procedure Calls (RPC).
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 28, 2011. This Internet-Draft will expire on July 20, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 12, line 50 skipping to change at page 12, line 50
holds a lock, the server can perform any appropriate recovery. The holds a lock, the server can perform any appropriate recovery. The
lock operation is further discussed in Section 7.5. lock operation is further discussed in Section 7.5.
2.2. Authentication, Integrity, and Confidentiality 2.2. Authentication, Integrity, and Confidentiality
NETCONF connections must provide authentication, data integrity, NETCONF connections must provide authentication, data integrity,
confidentiality, and replay protection. NETCONF depends on the confidentiality, and replay protection. NETCONF depends on the
transport protocol for this capability. A NETCONF peer assumes that transport protocol for this capability. A NETCONF peer assumes that
appropriate levels of security and confidentiality are provided appropriate levels of security and confidentiality are provided
independently of this document. For example, connections may be independently of this document. For example, connections may be
encrypted in TLS [15] or SSH [14], depending on the underlying encrypted in TLS [16] or SSH [14], depending on the underlying
protocol. protocol.
2.3. Authentication 2.3. Authentication
NETCONF connections must be authenticated. The transport protocol is NETCONF connections must be authenticated. The transport protocol is
responsible for authentication of the server to the client and responsible for authentication of the server to the client and
authentication of the client to the server. A NETCONF peer assumes authentication of the client to the server. A NETCONF peer assumes
that the connection's authentication information has been validated that the connection's authentication information has been validated
by the underlying transport protocol using sufficiently trustworthy by the underlying transport protocol using sufficiently trustworthy
mechanisms and that the peer's identity has been sufficiently proven. mechanisms and that the peer's identity has been sufficiently proven.
skipping to change at page 14, line 13 skipping to change at page 14, line 13
mapping [4]. mapping [4].
3. XML Considerations 3. XML Considerations
XML serves as the encoding format for NETCONF, allowing complex XML serves as the encoding format for NETCONF, allowing complex
hierarchical data to be expressed in a text format that can be read, hierarchical data to be expressed in a text format that can be read,
saved, and manipulated with both traditional text tools and tools saved, and manipulated with both traditional text tools and tools
specific to XML. specific to XML.
All NETCONF messages MUST be well-formed XML, encoded in UTF-8. If a All NETCONF messages MUST be well-formed XML, encoded in UTF-8. If a
peer receives a message that is not well-formed XML, it MUST reply peer receives an 'rpc' message that is not well-formed XML, it SHOULD
with an 'operation-failed' error. reply with an 'operation-failed' error. If a reply cannot be sent
for any reason, the server MUST close the session.
A NETCONF message MAY begin with an XML declaration (see section 2.8 A NETCONF message MAY begin with an XML declaration (see section 2.8
of [1]). of [1]).
This section discusses a small number of XML-related considerations This section discusses a small number of XML-related considerations
pertaining to NETCONF. pertaining to NETCONF.
3.1. Namespace 3.1. Namespace
All NETCONF protocol elements are defined in the following namespace: All NETCONF protocol elements are defined in the following namespace:
skipping to change at page 16, line 25 skipping to change at page 16, line 25
The following example invokes the NETCONF <get> method with no The following example invokes the NETCONF <get> method with no
parameters: parameters:
<rpc message-id="101" <rpc message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get/> <get/>
</rpc> </rpc>
4.2. <rpc-reply> Element 4.2. <rpc-reply> Element
The <rpc-reply> message is sent in response to an <rpc> operation. The <rpc-reply> message is sent in response to an <rpc> message.
The <rpc-reply> element has a mandatory attribute "message-id", which The <rpc-reply> element has a mandatory attribute "message-id", which
is equal to the "message-id" attribute of the <rpc> for which this is is equal to the "message-id" attribute of the <rpc> for which this is
a response. a response.
A NETCONF server MUST also return any additional attributes included A NETCONF server MUST also return any additional attributes included
in the <rpc> element unmodified in the <rpc-reply> element. in the <rpc> element unmodified in the <rpc-reply> element.
The response data is encoded as one or more child elements to the The response data is encoded as one or more child elements to the
<rpc-reply> element. <rpc-reply> element.
skipping to change at page 18, line 30 skipping to change at page 18, line 30
or implementation-specific error condition, if one exists. This or implementation-specific error condition, if one exists. This
element will not be present if no appropriate application error element will not be present if no appropriate application error
tag can be associated with a particular error condition. If a tag can be associated with a particular error condition. If a
data-model specific and a implementation-specific error-app-tag data-model specific and a implementation-specific error-app-tag
both exist, then the data-model specific value MUST be used by the both exist, then the data-model specific value MUST be used by the
server. server.
error-path: Contains the absolute XPath [2] expression identifying error-path: Contains the absolute XPath [2] expression identifying
the element path to the node that is associated with the error the element path to the node that is associated with the error
being reported in a particular rpc-error element. This element being reported in a particular rpc-error element. This element
will not be present if no appropriate payload element or data will not be present if no appropriate payload element or datastore
store node can be associated with a particular error condition. node can be associated with a particular error condition.
The XPath expression is interpreted in the following context: The XPath expression is interpreted in the following context:
* The set of namespace declarations are those in scope on the * The set of namespace declarations are those in scope on the
rpc-error element. rpc-error element.
* The set of variable bindings is empty. * The set of variable bindings is empty.
* The function library is the core function library. * The function library is the core function library.
skipping to change at page 50, line 43 skipping to change at page 50, line 43
on the locked configuration datastore and using the locked on the locked configuration datastore and using the locked
configuration as a target of the <copy-config> operation will be configuration as a target of the <copy-config> operation will be
disallowed by any other NETCONF session. Additionally, the system disallowed by any other NETCONF session. Additionally, the system
will ensure that these locked configuration resources will not be will ensure that these locked configuration resources will not be
modified by other non-NETCONF management operations such as SNMP modified by other non-NETCONF management operations such as SNMP
and CLI. The <kill-session> operation can be used to force the and CLI. The <kill-session> operation can be used to force the
release of a lock owned by another NETCONF session. It is beyond release of a lock owned by another NETCONF session. It is beyond
the scope of this document to define how to break locks held by the scope of this document to define how to break locks held by
other entities. other entities.
A lock MUST not be granted if either of the following conditions A lock MUST NOT be granted if either of the following conditions
is true: is true:
* A lock is already held by any NETCONF session or another * A lock is already held by any NETCONF session or another
entity. entity.
* The target configuration is <candidate>, it has already been * The target configuration is <candidate>, it has already been
modified, and these changes have not been committed or rolled modified, and these changes have not been committed or rolled
back. back.
The server MUST respond with either an <ok> element or an The server MUST respond with either an <ok> element or an
skipping to change at page 65, line 6 skipping to change at page 65, line 6
was issued, by using the <cancel-commit> operation. was issued, by using the <cancel-commit> operation.
For shared configurations, this feature can cause other configuration For shared configurations, this feature can cause other configuration
changes (for example, via other NETCONF sessions) to be inadvertently changes (for example, via other NETCONF sessions) to be inadvertently
altered or removed, unless the configuration locking feature is used altered or removed, unless the configuration locking feature is used
(in other words, the lock is obtained before the edit-config (in other words, the lock is obtained before the edit-config
operation is started). Therefore, it is strongly suggested that in operation is started). Therefore, it is strongly suggested that in
order to use this feature with shared configuration datastores, order to use this feature with shared configuration datastores,
configuration locking should also be used. configuration locking should also be used.
Version 1.0 of this capability was defined in [16]. Version 1.1 is Version 1.0 of this capability was defined in [15]. Version 1.1 is
defined in this document, and extends version 1.0 by adding a new defined in this document, and extends version 1.0 by adding a new
operation, <cancel-commit>, and two new optional parameters, operation, <cancel-commit>, and two new optional parameters,
<persist> and <persist-id>. For backwards compatibility with old <persist> and <persist-id>. For backwards compatibility with old
clients, servers confirming to this specification MAY advertise clients, servers confirming to this specification MAY advertise
version 1.0 in addition to version 1.1. version 1.0 in addition to version 1.1.
8.4.2. Dependencies 8.4.2. Dependencies
The :confirmed-commit:1.1 capability is only relevant if the The :confirmed-commit:1.1 capability is only relevant if the
:candidate capability is also supported. :candidate capability is also supported.
skipping to change at page 70, line 19 skipping to change at page 70, line 19
Validation consists of checking a complete configuration for Validation consists of checking a complete configuration for
syntactical and semantic errors before applying the configuration to syntactical and semantic errors before applying the configuration to
the device. the device.
If this capability is advertised, the device supports the <validate> If this capability is advertised, the device supports the <validate>
protocol operation and checks at least for syntax errors. In protocol operation and checks at least for syntax errors. In
addition, this capability supports the test-option parameter to the addition, this capability supports the test-option parameter to the
<edit-config> operation and, when it is provided, checks at least for <edit-config> operation and, when it is provided, checks at least for
syntax errors. syntax errors.
Version 1.0 of this capability was defined in [16]. Version 1.1 is Version 1.0 of this capability was defined in [15]. Version 1.1 is
defined in this document, and extends version 1.0 by adding a new defined in this document, and extends version 1.0 by adding a new
value, "test-only", to the test-option parameter of the edit-config value, "test-only", to the test-option parameter of the edit-config
operation. For backwards compatibility with old clients, servers operation. For backwards compatibility with old clients, servers
confirming to this specification MAY advertise version 1.0 in confirming to this specification MAY advertise version 1.0 in
addition to version 1.1. addition to version 1.1.
8.6.2. Dependencies 8.6.2. Dependencies
None. None.
skipping to change at page 82, line 24 skipping to change at page 82, line 24
[2] DeRose, S. and J. Clark, "XML Path Language (XPath) Version [2] DeRose, S. and J. Clark, "XML Path Language (XPath) Version
1.0", World Wide Web Consortium Recommendation REC-xpath- 1.0", World Wide Web Consortium Recommendation REC-xpath-
19991116, November 1999, 19991116, November 1999,
<http://www.w3.org/TR/1999/REC-xpath-19991116>. <http://www.w3.org/TR/1999/REC-xpath-19991116>.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[4] Wasserman, M. and T. Goddard, "Using the NETCONF Configuration [4] Wasserman, M. and T. Goddard, "Using the NETCONF Configuration
Protocol over Secure Shell (SSH)", Protocol over Secure Shell (SSH)",
draft-ietf-netconf-rfc4742bis-03 (work in progress), draft-ietf-netconf-rfc4742bis-05 (work in progress),
October 2010. December 2010.
[5] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [5] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986,
January 2005. January 2005.
[6] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An IETF [6] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An IETF
URN Sub-namespace for Registered Protocol Parameters", BCP 73, URN Sub-namespace for Registered Protocol Parameters", BCP 73,
RFC 3553, June 2003. RFC 3553, June 2003.
[7] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [7] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
skipping to change at page 83, line 16 skipping to change at page 83, line 16
Authentication Dial In User Service (RADIUS)", RFC 2865, Authentication Dial In User Service (RADIUS)", RFC 2865,
June 2000. June 2000.
[13] Hollenbeck, S., Rose, M., and L. Masinter, "Guidelines for the [13] Hollenbeck, S., Rose, M., and L. Masinter, "Guidelines for the
Use of Extensible Markup Language (XML) within IETF Protocols", Use of Extensible Markup Language (XML) within IETF Protocols",
BCP 70, RFC 3470, January 2003. BCP 70, RFC 3470, January 2003.
[14] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) Protocol [14] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) Protocol
Architecture", RFC 4251, January 2006. Architecture", RFC 4251, January 2006.
[15] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) [15] Enns, R., "NETCONF Configuration Protocol", RFC 4741,
Protocol Version 1.1", RFC 4346, April 2006.
[16] Enns, R., "NETCONF Configuration Protocol", RFC 4741,
December 2006. December 2006.
[16] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
Protocol Version 1.2", RFC 5246, August 2008.
Appendix A. NETCONF Error List Appendix A. NETCONF Error List
This section is normative. This section is normative.
For each error-tag, the valid error-type and error-severity values For each error-tag, the valid error-type and error-severity values
are listed, together with any mandatory error-info, if any. are listed, together with any mandatory error-info, if any.
error-tag: in-use error-tag: in-use
error-type: protocol, application error-type: protocol, application
error-severity: error error-severity: error
error-info: none error-info: none
Description: The request requires a resource that already is in use. Description: The request requires a resource that already is in
use.
error-tag: invalid-value error-tag: invalid-value
error-type: protocol, application error-type: protocol, application
error-severity: error error-severity: error
error-info: none error-info: none
Description: The request specifies an unacceptable value for one Description: The request specifies an unacceptable value for one
or more parameters. or more parameters.
error-tag: too-big error-tag: too-big
error-type: transport, rpc, protocol, application error-type: transport, rpc, protocol, application
error-severity: error error-severity: error
error-info: none error-info: none
Description: The request or response (that would be generated) is Description: The request or response (that would be generated) is
too large for the implementation to handle. too large for the implementation to handle.
error-tag: missing-attribute error-tag: missing-attribute
error-type: rpc, protocol, application error-type: rpc, protocol, application
error-severity: error error-severity: error
error-info: <bad-attribute> : name of the missing attribute error-info: <bad-attribute> : name of the missing attribute
<bad-element> : name of the element that should <bad-element> : name of the element that should
contain the missing attribute contain the missing attribute
Description: An expected attribute is missing. Description: An expected attribute is missing.
error-tag: bad-attribute error-tag: bad-attribute
error-type: rpc, protocol, application error-type: rpc, protocol, application
error-severity: error error-severity: error
error-info: <bad-attribute> : name of the attribute w/ bad value error-info: <bad-attribute> : name of the attribute w/ bad value
<bad-element> : name of the element that contains <bad-element> : name of the element that contains
the attribute with the bad value the attribute with the bad value
Description: An attribute value is not correct; e.g., wrong type, Description: An attribute value is not correct; e.g., wrong type,
out of range, pattern mismatch. out of range, pattern mismatch.
error-tag: unknown-attribute error-tag: unknown-attribute
error-type: rpc, protocol, application error-type: rpc, protocol, application
error-severity: error error-severity: error
error-info: <bad-attribute> : name of the unexpected attribute error-info: <bad-attribute> : name of the unexpected attribute
<bad-element> : name of the element that contains <bad-element> : name of the element that contains
the unexpected attribute the unexpected attribute
Description: An unexpected attribute is present. Description: An unexpected attribute is present.
error-tag: missing-element error-tag: missing-element
error-type: protocol, application error-type: protocol, application
error-severity: error error-severity: error
error-info: <bad-element> : name of the missing element error-info: <bad-element> : name of the missing element
Description: An expected element is missing. Description: An expected element is missing.
error-tag: bad-element error-tag: bad-element
error-type: protocol, application error-type: protocol, application
error-severity: error error-severity: error
error-info: <bad-element> : name of the element w/ bad value error-info: <bad-element> : name of the element w/ bad value
Description: An element value is not correct; e.g., wrong type, Description: An element value is not correct; e.g., wrong type,
out of range, pattern mismatch. out of range, pattern mismatch.
error-tag: unknown-element error-tag: unknown-element
error-type: protocol, application error-type: protocol, application
error-severity: error error-severity: error
error-info: <bad-element> : name of the unexpected element error-info: <bad-element> : name of the unexpected element
Description: An unexpected element is present. Description: An unexpected element is present.
error-tag: unknown-namespace error-tag: unknown-namespace
error-type: protocol, application error-type: protocol, application
error-severity: error error-severity: error
error-info: <bad-element> : name of the element that contains error-info: <bad-element> : name of the element that contains
the unexpected namespace the unexpected namespace
<bad-namespace> : name of the unexpected namespace <bad-namespace> : name of the unexpected namespace
Description: An unexpected namespace is present. Description: An unexpected namespace is present.
error-tag: access-denied error-tag: access-denied
error-type: protocol, application error-type: protocol, application
error-severity: error error-severity: error
error-info: none error-info: none
Description: Access to the requested protocol operation, or Description: Access to the requested protocol operation, or
data model is denied because authorization failed. data model is denied because authorization failed.
error-tag: lock-denied error-tag: lock-denied
error-type: protocol error-type: protocol
error-severity: error error-severity: error
error-info: <session-id> : session ID of session holding the error-info: <session-id> : session ID of session holding the
requested lock, or zero to indicate a non-NETCONF requested lock, or zero to indicate a non-NETCONF
entity holds the lock entity holds the lock
Description: Access to the requested lock is denied because the Description: Access to the requested lock is denied because the
lock is currently held by another entity. lock is currently held by another entity.
error-tag: resource-denied error-tag: resource-denied
error-type: transport, rpc, protocol, application error-type: transport, rpc, protocol, application
error-severity: error error-severity: error
error-info: none error-info: none
Description: Request could not be completed because of Description: Request could not be completed because of
insufficient resources. insufficient resources.
error-tag: rollback-failed error-tag: rollback-failed
error-type: protocol, application error-type: protocol, application
error-severity: error error-severity: error
error-info: none error-info: none
Description: Request to rollback some configuration change (via Description: Request to rollback some configuration change (via
rollback-on-error or discard-changes operations) was rollback-on-error or discard-changes operations) was
not completed for some reason. not completed for some reason.
error-tag: data-exists error-tag: data-exists
error-type: application error-type: application
error-severity: error error-severity: error
error-info: none error-info: none
Description: Request could not be completed because the relevant Description: Request could not be completed because the relevant
data model content already exists. For example, data model content already exists. For example,
a 'create' operation was attempted on data that a 'create' operation was attempted on data that
already exists. already exists.
error-tag: data-missing error-tag: data-missing
error-type: application error-type: application
error-severity: error error-severity: error
error-info: none error-info: none
Description: Request could not be completed because the relevant Description: Request could not be completed because the relevant
data model content does not exist. For example, data model content does not exist. For example,
a 'delete' operation was attempted on a 'delete' operation was attempted on
data that does not exist. data that does not exist.
error-tag: operation-not-supported error-tag: operation-not-supported
error-type: protocol, application error-type: protocol, application
error-severity: error error-severity: error
error-info: none error-info: none
Description: Request could not be completed because the requested Description: Request could not be completed because the requested
operation is not supported by this implementation. operation is not supported by this implementation.
error-tag: operation-failed error-tag: operation-failed
error-type: rpc, protocol, application error-type: rpc, protocol, application
error-severity: error error-severity: error
error-info: none error-info: none
Description: Request could not be completed because the requested Description: Request could not be completed because the requested
operation failed for some reason not covered by operation failed for some reason not covered by
any other error condition. any other error condition.
error-tag: partial-operation error-tag: partial-operation
error-type: application error-type: application
error-severity: error error-severity: error
error-info: <ok-element> : identifies an element in the data error-info: <ok-element> : identifies an element in the data
model for which the requested operation has been model for which the requested operation has been
completed for that node and all its child nodes. completed for that node and all its child nodes.
This element can appear zero or more times in the This element can appear zero or more times in the
<error-info> container. <error-info> container.
<err-element> : identifies an element in the data <err-element> : identifies an element in the data
model for which the requested operation has failed model for which the requested operation has failed
for that node and all its child nodes. for that node and all its child nodes.
This element can appear zero or more times in the This element can appear zero or more times in the
<error-info> container. <error-info> container.
<noop-element> : identifies an element in the data <noop-element> : identifies an element in the data
model for which the requested operation was not model for which the requested operation was not
attempted for that node and all its child nodes. attempted for that node and all its child nodes.
This element can appear zero or more times in the This element can appear zero or more times in the
<error-info> container. <error-info> container.
Description: This error-tag is obsolete, and SHOULD NOT be sent Description: This error-tag is obsolete, and SHOULD NOT be sent
by servers conforming to this document. by servers conforming to this document.
Some part of the requested operation failed or was Some part of the requested operation failed or was
not attempted for some reason. Full cleanup has not attempted for some reason. Full cleanup has
not been performed (e.g., rollback not supported) not been performed (e.g., rollback not supported)
by the server. The error-info container is used by the server. The error-info container is used
to identify which portions of the application to identify which portions of the application
data model content for which the requested operation data model content for which the requested operation
has succeeded (<ok-element>), failed (<bad-element>), has succeeded (<ok-element>), failed (<bad-element>),
or not been attempted (<noop-element>). or not been attempted (<noop-element>).
Appendix B. XML Schema for NETCONF Messages Layer Appendix B. XML Schema for NETCONF Messages Layer
This section is normative. This section is normative.
<CODE BEGINS> file "netconf.xsd" <CODE BEGINS> file "netconf.xsd"
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
targetNamespace="urn:ietf:params:xml:ns:netconf:base:1.0" targetNamespace="urn:ietf:params:xml:ns:netconf:base:1.0"
elementFormDefault="qualified" elementFormDefault="qualified"
attributeFormDefault="unqualified" attributeFormDefault="unqualified"
xml:lang="en" xml:lang="en"
version="1.1"> version="1.1">
<xs:annotation> <xs:annotation>
<xs:documentation> <xs:documentation>
This schema defines the syntax for the NETCONF Message layer This schema defines the syntax for the NETCONF Messages layer
messages 'hello', 'rpc', and 'rpc-reply'. messages 'hello', 'rpc', and 'rpc-reply'.
</xs:documentation> </xs:documentation>
</xs:annotation> </xs:annotation>
<!-- <!--
import standard XML definitions import standard XML definitions
--> -->
<xs:import namespace="http://www.w3.org/XML/1998/namespace" <xs:import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="http://www.w3.org/2001/xml.xsd"> schemaLocation="http://www.w3.org/2001/xml.xsd">
<xs:annotation> <xs:annotation>
<xs:documentation> <xs:documentation>
This import accesses the xml: attribute groups for the This import accesses the xml: attribute groups for the
xml:lang as declared on the error-message element. xml:lang as declared on the error-message element.
</xs:documentation> </xs:documentation>
</xs:annotation> </xs:annotation>
</xs:import> </xs:import>
<!-- <!--
message-id attribute message-id attribute
--> -->
<xs:simpleType name="messageIdType"> <xs:simpleType name="messageIdType">
<xs:restriction base="xs:string"> <xs:restriction base="xs:string">
<xs:maxLength value="4095"/> <xs:maxLength value="4095"/>
</xs:restriction> </xs:restriction>
</xs:simpleType> </xs:simpleType>
<!-- <!--
Types used for session-id Types used for session-id
--> -->
<xs:simpleType name="SessionId"> <xs:simpleType name="SessionId">
<xs:restriction base="xs:unsignedInt"> <xs:restriction base="xs:unsignedInt">
<xs:minInclusive value="1"/> <xs:minInclusive value="1"/>
</xs:restriction> </xs:restriction>
</xs:simpleType> </xs:simpleType>
<xs:simpleType name="SessionIdOrZero"> <xs:simpleType name="SessionIdOrZero">
<xs:restriction base="xs:unsignedInt"/> <xs:restriction base="xs:unsignedInt"/>
</xs:simpleType> </xs:simpleType>
<!-- <!--
<rpc> element <rpc> element
--> -->
<xs:complexType name="rpcType"> <xs:complexType name="rpcType">
<xs:sequence> <xs:sequence>
<xs:element ref="rpcOperation"/> <xs:element ref="rpcOperation"/>
</xs:sequence> </xs:sequence>
<xs:attribute name="message-id" type="messageIdType" <xs:attribute name="message-id" type="messageIdType"
use="required"/> use="required"/>
<!-- <!--
Arbitrary attributes can be supplied with <rpc> element. Arbitrary attributes can be supplied with <rpc> element.
--> -->
<xs:anyAttribute processContents="lax"/> <xs:anyAttribute processContents="lax"/>
</xs:complexType> </xs:complexType>
<xs:element name="rpc" type="rpcType"/> <xs:element name="rpc" type="rpcType"/>
<!-- <!--
data types and elements used to construct rpc-errors data types and elements used to construct rpc-errors
--> -->
<xs:simpleType name="ErrorType"> <xs:simpleType name="ErrorType">
<xs:restriction base="xs:string"> <xs:restriction base="xs:string">
<xs:enumeration value="transport"/> <xs:enumeration value="transport"/>
<xs:enumeration value="rpc"/> <xs:enumeration value="rpc"/>
<xs:enumeration value="protocol"/> <xs:enumeration value="protocol"/>
<xs:enumeration value="application"/> <xs:enumeration value="application"/>
</xs:restriction> </xs:restriction>
</xs:simpleType> </xs:simpleType>
<xs:simpleType name="ErrorTag"> <xs:simpleType name="ErrorTag">
skipping to change at page 90, line 23 skipping to change at page 90, line 23
<xs:enumeration value="warning"/> <xs:enumeration value="warning"/>
</xs:restriction> </xs:restriction>
</xs:simpleType> </xs:simpleType>
<xs:complexType name="errorInfoType"> <xs:complexType name="errorInfoType">
<xs:sequence> <xs:sequence>
<xs:choice> <xs:choice>
<xs:element name="session-id" type="SessionIdOrZero"/> <xs:element name="session-id" type="SessionIdOrZero"/>
<xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:sequence> <xs:sequence>
<xs:element name="bad-attribute" type="xs:QName" <xs:element name="bad-attribute" type="xs:QName"
minOccurs="0" maxOccurs="1"/> minOccurs="0" maxOccurs="1"/>
<xs:element name="bad-element" type="xs:QName" <xs:element name="bad-element" type="xs:QName"
minOccurs="0" maxOccurs="1"/> minOccurs="0" maxOccurs="1"/>
<xs:element name="ok-element" type="xs:QName" <xs:element name="ok-element" type="xs:QName"
minOccurs="0" maxOccurs="1"/> minOccurs="0" maxOccurs="1"/>
<xs:element name="err-element" type="xs:QName" <xs:element name="err-element" type="xs:QName"
minOccurs="0" maxOccurs="1"/> minOccurs="0" maxOccurs="1"/>
<xs:element name="noop-element" type="xs:QName" <xs:element name="noop-element" type="xs:QName"
minOccurs="0" maxOccurs="1"/> minOccurs="0" maxOccurs="1"/>
<xs:element name="bad-namespace" type="xs:string" <xs:element name="bad-namespace" type="xs:string"
minOccurs="0" maxOccurs="1"/> minOccurs="0" maxOccurs="1"/>
</xs:sequence> </xs:sequence>
</xs:sequence> </xs:sequence>
</xs:choice> </xs:choice>
<!-- elements from any other namespace are also allowed <!-- elements from any other namespace are also allowed
to follow the NETCONF elements --> to follow the NETCONF elements -->
<xs:any namespace="##other" processContents="lax" <xs:any namespace="##other" processContents="lax"
minOccurs="0" maxOccurs="unbounded"/> minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
<xs:complexType name="rpcErrorType"> <xs:complexType name="rpcErrorType">
skipping to change at page 91, line 13 skipping to change at page 91, line 13
<xs:element name="error-message" minOccurs="0"> <xs:element name="error-message" minOccurs="0">
<xs:complexType> <xs:complexType>
<xs:simpleContent> <xs:simpleContent>
<xs:extension base="xs:string"> <xs:extension base="xs:string">
<xs:attribute ref="xml:lang" use="optional"/> <xs:attribute ref="xml:lang" use="optional"/>
</xs:extension> </xs:extension>
</xs:simpleContent> </xs:simpleContent>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:element name="error-info" type="errorInfoType" <xs:element name="error-info" type="errorInfoType"
minOccurs="0"/> minOccurs="0"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
<!-- <!--
operation attribute used in <edit-config> operation attribute used in <edit-config>
--> -->
<xs:simpleType name="editOperationType"> <xs:simpleType name="editOperationType">
<xs:restriction base="xs:string"> <xs:restriction base="xs:string">
<xs:enumeration value="merge"/> <xs:enumeration value="merge"/>
<xs:enumeration value="replace"/> <xs:enumeration value="replace"/>
<xs:enumeration value="create"/> <xs:enumeration value="create"/>
<xs:enumeration value="delete"/> <xs:enumeration value="delete"/>
<xs:enumeration value="remove"/> <xs:enumeration value="remove"/>
</xs:restriction> </xs:restriction>
</xs:simpleType> </xs:simpleType>
<xs:attribute name="operation" type="editOperationType"/> <xs:attribute name="operation" type="editOperationType"/>
<!-- <!--
<rpc-reply> element <rpc-reply> element
--> -->
<xs:complexType name="rpcReplyType"> <xs:complexType name="rpcReplyType">
<xs:choice> <xs:choice>
<xs:element name="ok"/> <xs:element name="ok"/>
<xs:group ref="rpcResponse"/> <xs:sequence>
<xs:element ref="rpc-error"
minOccurs="0" maxOccurs="unbounded"/>
<xs:element ref="rpcResponse"
minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:choice> </xs:choice>
<xs:attribute name="message-id" type="messageIdType" <xs:attribute name="message-id" type="messageIdType"
use="optional"/> use="optional"/>
<!-- <!--
Any attributes supplied with <rpc> element must be returned Any attributes supplied with <rpc> element must be returned
on <rpc-reply>. on <rpc-reply>.
--> -->
<xs:anyAttribute processContents="lax"/> <xs:anyAttribute processContents="lax"/>
</xs:complexType> </xs:complexType>
<xs:group name="rpcResponse">
<xs:sequence>
<xs:element ref="rpc-error"
minOccurs="0" maxOccurs="unbounded"/>
<xs:any namespace="##any" processContents="lax"
minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:group>
<xs:element name="rpc-reply" type="rpcReplyType"/> <xs:element name="rpc-reply" type="rpcReplyType"/>
<!-- <!--
<rpc-error> element <rpc-error> element
--> -->
<xs:element name="rpc-error" type="rpcErrorType"/> <xs:element name="rpc-error" type="rpcErrorType"/>
<!-- <!--
rpcOperationType: used as a base type for all rpcOperationType: used as a base type for all
NETCONF operations NETCONF operations
--> -->
<xs:complexType name="rpcOperationType"/> <xs:complexType name="rpcOperationType"/>
<xs:element name="rpcOperation" <xs:element name="rpcOperation" type="rpcOperationType"
type="rpcOperationType" abstract="true"/> abstract="true"/>
<!-- <!--
<hello> element rpcResponseType: used as a base type for all
NETCONF responses
-->
<xs:complexType name="rpcResponseType"/>
<xs:element name="rpcResponse" type="rpcResponseType"
abstract="true"/>
<!--
<hello> element
--> -->
<xs:element name="hello"> <xs:element name="hello">
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>
<xs:element name="capabilities"> <xs:element name="capabilities">
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>
<xs:element name="capability" type="xs:anyURI" <xs:element name="capability" type="xs:anyURI"
maxOccurs="unbounded"/> maxOccurs="unbounded"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:element name="session-id" <xs:element name="session-id" type="SessionId"
type="SessionId" minOccurs="0"/> minOccurs="0"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
</xs:schema> </xs:schema>
<CODE ENDS> <CODE ENDS>
Appendix C. YANG Module for NETCONF Protocol Operations Appendix C. YANG Module for NETCONF Protocol Operations
This section is normative. This section is normative.
The ietf-netconf YANG module imports typedefs from [10]. The ietf-netconf YANG module imports typedefs from [10].
// RFC Ed.: please update the date to the date of publication // RFC Ed.: please update the date to the date of publication
<CODE BEGINS> file "ietf-netconf@2010-10-21.yang" <CODE BEGINS> file "ietf-netconf@2011-01-16.yang"
module ietf-netconf { module ietf-netconf {
// the namespace for NETCONF XML definitions has not changed // the namespace for NETCONF XML definitions has not changed
// this value is pre-determined by RFC 4741 // this value is pre-determined by RFC 4741
namespace "urn:ietf:params:xml:ns:netconf:base:1.0"; namespace "urn:ietf:params:xml:ns:netconf:base:1.0";
prefix nc; prefix nc;
import ietf-inet-types { import ietf-inet-types {
skipping to change at page 94, line 17 skipping to change at page 94, line 17
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this note // RFC Ed.: replace XXXX with actual RFC number and remove this note
// RFC Ed.: please update the date to the date of publication // RFC Ed.: please update the date to the date of publication
revision 2010-10-20 { revision 2011-01-16 {
description description
"Initial revision"; "Initial revision";
reference reference
"RFC XXXX: Network Configuration Protocol"; "RFC XXXX: Network Configuration Protocol";
} }
extension get-filter-element-attributes { extension get-filter-element-attributes {
description description
"If this extension is present within the "If this extension is present within the
an 'anyxml' statement named 'filter', which must be an 'anyxml' statement named 'filter', which must be
skipping to change at page 101, line 33 skipping to change at page 101, line 33
} }
anyxml filter { anyxml filter {
description description
"Subtree or XPath filter to use."; "Subtree or XPath filter to use.";
nc:get-filter-element-attributes; nc:get-filter-element-attributes;
} }
} }
output { output {
container data { anyxml data {
presence
"An empty data container indicates that the
request did not produce any results.";
description description
"Copy of the source datastore subset which matched "Copy of the source datastore subset which matched
the filter criteria (if any)."; the filter criteria (if any). An empty data container
indicates that the request did not produce any results.";
} }
} }
} }
rpc edit-config { rpc edit-config {
description description
"The 'edit-config' operation loads all or part of a specified "The 'edit-config' operation loads all or part of a specified
configuration to the specified target configuration."; configuration to the specified target configuration.";
reference "RFC XXXX, section 7.2."; reference "RFC XXXX, section 7.2.";
input { input {
skipping to change at page 108, line 38 skipping to change at page 108, line 38
input { input {
anyxml filter { anyxml filter {
description description
"This parameter specifies the portion of the system "This parameter specifies the portion of the system
configuration and state data to retrieve."; configuration and state data to retrieve.";
nc:get-filter-element-attributes; nc:get-filter-element-attributes;
} }
} }
output { output {
container data { anyxml data {
presence
"An empty data container indicates that the filter
request did not match any results.";
description description
"Copy of the running datastore subset and/or state "Copy of the running datastore subset and/or state
data which matched the filter criteria (if any)."; data which matched the filter criteria (if any).
An empty data container indicates that the request did not
produce any results.";
} }
} }
} }
rpc close-session { rpc close-session {
description description
"Request graceful termination of a NETCONF session."; "Request graceful termination of a NETCONF session.";
reference "RFC XXXX, section 7.8."; reference "RFC XXXX, section 7.8.";
} }
rpc kill-session { rpc kill-session {
description description
"Force the termination of a NETCONF session."; "Force the termination of a NETCONF session.";
reference "RFC XXXX, section 7.9."; reference "RFC XXXX, section 7.9.";
input { input {
leaf session-id { leaf session-id {
 End of changes. 71 change blocks. 
223 lines changed or deleted 226 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/