Network Working Group R. Enns, Ed. Request for Comments: 4741 Juniper Networks Category: Standards Track December 2006
Network Working Group R. Enns, Ed. Request for Comments: 4741 Juniper Networks Category: Standards Track December 2006
NETCONF Configuration Protocol
NETCONF配置协议
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The IETF Trust (2006).
版权所有(C)IETF信托基金(2006年)。
Abstract
摘要
The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized on top of a simple Remote Procedure Call (RPC) layer.
本文档中定义的网络配置协议(NETCONF)提供了安装、操作和删除网络设备配置的机制。它对配置数据和协议消息使用基于可扩展标记语言(XML)的数据编码。NETCONF协议操作是在简单远程过程调用(RPC)层上实现的。
Table of Contents
目录
1. Introduction ....................................................5 1.1. Protocol Overview ..........................................6 1.2. Capabilities ...............................................7 1.3. Separation of Configuration and State Data .................7 2. Transport Protocol Requirements .................................8 2.1. Connection-Oriented Operation ..............................9 2.2. Authentication, Integrity, and Confidentiality .............9 2.3. Authentication .............................................9 2.4. Mandatory Transport Protocol ..............................10 3. XML Considerations .............................................10 3.1. Namespace .................................................10 3.2. No Document Type Declarations .............................10 4. RPC Model ......................................................10 4.1. <rpc> Element .............................................10 4.2. <rpc-reply> Element .......................................12 4.3. <rpc-error> Element .......................................12 4.4. <ok> Element ..............................................16 4.5. Pipelining ................................................16 5. Configuration Model ............................................16 5.1. Configuration Datastores ..................................16 5.2. Data Modeling .............................................17 6. Subtree Filtering ..............................................17 6.1. Overview ..................................................17 6.2. Subtree Filter Components .................................18 6.2.1. Namespace Selection ................................18 6.2.2. Attribute Match Expressions ........................19 6.2.3. Containment Nodes ..................................19 6.2.4. Selection Nodes ....................................20 6.2.5. Content Match Nodes ................................20 6.3. Subtree Filter Processing .................................22 6.4. Subtree Filtering Examples ................................22 6.4.1. No Filter ..........................................22 6.4.2. Empty Filter .......................................23 6.4.3. Select the Entire <users> Subtree ..................23 6.4.4. Select All <name> Elements within the <users> Subtree ....................................25 6.4.5. One Specific <user> Entry ..........................26 6.4.6. Specific Elements from a Specific <user> Entry .....27 6.4.7. Multiple Subtrees ..................................28 6.4.8. Elements with Attribute Naming .....................29 7. Protocol Operations ............................................31 7.1. <get-config> ..............................................31 7.2. <edit-config> .............................................34 7.3. <copy-config> .............................................39 7.4. <delete-config> ...........................................41 7.5. <lock> ....................................................42
1. Introduction ....................................................5 1.1. Protocol Overview ..........................................6 1.2. Capabilities ...............................................7 1.3. Separation of Configuration and State Data .................7 2. Transport Protocol Requirements .................................8 2.1. Connection-Oriented Operation ..............................9 2.2. Authentication, Integrity, and Confidentiality .............9 2.3. Authentication .............................................9 2.4. Mandatory Transport Protocol ..............................10 3. XML Considerations .............................................10 3.1. Namespace .................................................10 3.2. No Document Type Declarations .............................10 4. RPC Model ......................................................10 4.1. <rpc> Element .............................................10 4.2. <rpc-reply> Element .......................................12 4.3. <rpc-error> Element .......................................12 4.4. <ok> Element ..............................................16 4.5. Pipelining ................................................16 5. Configuration Model ............................................16 5.1. Configuration Datastores ..................................16 5.2. Data Modeling .............................................17 6. Subtree Filtering ..............................................17 6.1. Overview ..................................................17 6.2. Subtree Filter Components .................................18 6.2.1. Namespace Selection ................................18 6.2.2. Attribute Match Expressions ........................19 6.2.3. Containment Nodes ..................................19 6.2.4. Selection Nodes ....................................20 6.2.5. Content Match Nodes ................................20 6.3. Subtree Filter Processing .................................22 6.4. Subtree Filtering Examples ................................22 6.4.1. No Filter ..........................................22 6.4.2. Empty Filter .......................................23 6.4.3. Select the Entire <users> Subtree ..................23 6.4.4. Select All <name> Elements within the <users> Subtree ....................................25 6.4.5. One Specific <user> Entry ..........................26 6.4.6. Specific Elements from a Specific <user> Entry .....27 6.4.7. Multiple Subtrees ..................................28 6.4.8. Elements with Attribute Naming .....................29 7. Protocol Operations ............................................31 7.1. <get-config> ..............................................31 7.2. <edit-config> .............................................34 7.3. <copy-config> .............................................39 7.4. <delete-config> ...........................................41 7.5. <lock> ....................................................42
7.6. <unlock> ..................................................44 7.7. <get> .....................................................45 7.8. <close-session> ...........................................47 7.9. <kill-session> ............................................48 8. Capabilities ...................................................49 8.1. Capabilities Exchange .....................................49 8.2. Writable-Running Capability ...............................50 8.2.1. Description ........................................50 8.2.2. Dependencies .......................................50 8.2.3. Capability Identifier ..............................50 8.2.4. New Operations .....................................51 8.2.5. Modifications to Existing Operations ...............51 8.3. Candidate Configuration Capability ........................51 8.3.1. Description ........................................51 8.3.2. Dependencies .......................................52 8.3.3. Capability Identifier ..............................52 8.3.4. New Operations .....................................52 8.3.5. Modifications to Existing Operations ...............53 8.4. Confirmed Commit Capability ...............................55 8.4.1. Description ........................................55 8.4.2. Dependencies .......................................55 8.4.3. Capability Identifier ..............................56 8.4.4. New Operations .....................................56 8.4.5. Modifications to Existing Operations ...............56 8.5. Rollback on Error Capability ..............................57 8.5.1. Description ........................................57 8.5.2. Dependencies .......................................57 8.5.3. Capability Identifier ..............................57 8.5.4. New Operations .....................................57 8.5.5. Modifications to Existing Operations ...............57 8.6. Validate Capability .......................................58 8.6.1. Description ........................................58 8.6.2. Dependencies .......................................58 8.6.3. Capability Identifier ..............................58 8.6.4. New Operations .....................................58 8.7. Distinct Startup Capability ...............................60 8.7.1. Description ........................................60 8.7.2. Dependencies .......................................60 8.7.3. Capability Identifier ..............................60 8.7.4. New Operations .....................................60 8.7.5. Modifications to Existing Operations ...............60 8.8. URL Capability ............................................61 8.8.1. Description ........................................61 8.8.2. Dependencies .......................................61 8.8.3. Capability Identifier ..............................62 8.8.4. New Operations .....................................62 8.8.5. Modifications to Existing Operations ...............62
7.6. <unlock> ..................................................44 7.7. <get> .....................................................45 7.8. <close-session> ...........................................47 7.9. <kill-session> ............................................48 8. Capabilities ...................................................49 8.1. Capabilities Exchange .....................................49 8.2. Writable-Running Capability ...............................50 8.2.1. Description ........................................50 8.2.2. Dependencies .......................................50 8.2.3. Capability Identifier ..............................50 8.2.4. New Operations .....................................51 8.2.5. Modifications to Existing Operations ...............51 8.3. Candidate Configuration Capability ........................51 8.3.1. Description ........................................51 8.3.2. Dependencies .......................................52 8.3.3. Capability Identifier ..............................52 8.3.4. New Operations .....................................52 8.3.5. Modifications to Existing Operations ...............53 8.4. Confirmed Commit Capability ...............................55 8.4.1. Description ........................................55 8.4.2. Dependencies .......................................55 8.4.3. Capability Identifier ..............................56 8.4.4. New Operations .....................................56 8.4.5. Modifications to Existing Operations ...............56 8.5. Rollback on Error Capability ..............................57 8.5.1. Description ........................................57 8.5.2. Dependencies .......................................57 8.5.3. Capability Identifier ..............................57 8.5.4. New Operations .....................................57 8.5.5. Modifications to Existing Operations ...............57 8.6. Validate Capability .......................................58 8.6.1. Description ........................................58 8.6.2. Dependencies .......................................58 8.6.3. Capability Identifier ..............................58 8.6.4. New Operations .....................................58 8.7. Distinct Startup Capability ...............................60 8.7.1. Description ........................................60 8.7.2. Dependencies .......................................60 8.7.3. Capability Identifier ..............................60 8.7.4. New Operations .....................................60 8.7.5. Modifications to Existing Operations ...............60 8.8. URL Capability ............................................61 8.8.1. Description ........................................61 8.8.2. Dependencies .......................................61 8.8.3. Capability Identifier ..............................62 8.8.4. New Operations .....................................62 8.8.5. Modifications to Existing Operations ...............62
8.9. XPath Capability ..........................................63 8.9.1. Description ........................................63 8.9.2. Dependencies .......................................63 8.9.3. Capability Identifier ..............................63 8.9.4. New Operations .....................................63 8.9.5. Modifications to Existing Operations ...............63 9. Security Considerations ........................................64 10. IANA Considerations ...........................................66 10.1. NETCONF XML Namespace ....................................66 10.2. NETCONF XML Schema .......................................66 10.3. NETCONF Capability URNs ..................................66 11. Authors and Acknowledgements ..................................68 12. References ....................................................68 12.1. Normative References .....................................68 12.2. Informative References ...................................69 Appendix A. NETCONF Error List ....................................70 Appendix B. XML Schema for NETCONF RPC and Protocol Operations ....74 Appendix C. Capability Template ...................................86 C.1. capability-name (template) ................................86 C.1.1. Overview ...........................................86 C.1.2. Dependencies .......................................86 C.1.3. Capability Identifier ..............................86 C.1.4. New Operations .....................................86 C.1.5. Modifications to Existing Operations ...............86 C.1.6. Interactions with Other Capabilities ...............86 Appendix D. Configuring Multiple Devices with NETCONF ............87 D.1. Operations on Individual Devices ..........................87 D.1.1. Acquiring the Configuration Lock ...................87 D.1.2. Loading the Update .................................88 D.1.3. Validating the Incoming Configuration ..............89 D.1.4. Checkpointing the Running Configuration ............89 D.1.5. Changing the Running Configuration .................90 D.1.6. Testing the New Configuration ......................91 D.1.7. Making the Change Permanent ........................91 D.1.8. Releasing the Configuration Lock ...................92 D.2. Operations on Multiple Devices ............................92 Appendix E. Deferred Features .....................................93
8.9. XPath Capability ..........................................63 8.9.1. Description ........................................63 8.9.2. Dependencies .......................................63 8.9.3. Capability Identifier ..............................63 8.9.4. New Operations .....................................63 8.9.5. Modifications to Existing Operations ...............63 9. Security Considerations ........................................64 10. IANA Considerations ...........................................66 10.1. NETCONF XML Namespace ....................................66 10.2. NETCONF XML Schema .......................................66 10.3. NETCONF Capability URNs ..................................66 11. Authors and Acknowledgements ..................................68 12. References ....................................................68 12.1. Normative References .....................................68 12.2. Informative References ...................................69 Appendix A. NETCONF Error List ....................................70 Appendix B. XML Schema for NETCONF RPC and Protocol Operations ....74 Appendix C. Capability Template ...................................86 C.1. capability-name (template) ................................86 C.1.1. Overview ...........................................86 C.1.2. Dependencies .......................................86 C.1.3. Capability Identifier ..............................86 C.1.4. New Operations .....................................86 C.1.5. Modifications to Existing Operations ...............86 C.1.6. Interactions with Other Capabilities ...............86 Appendix D. Configuring Multiple Devices with NETCONF ............87 D.1. Operations on Individual Devices ..........................87 D.1.1. Acquiring the Configuration Lock ...................87 D.1.2. Loading the Update .................................88 D.1.3. Validating the Incoming Configuration ..............89 D.1.4. Checkpointing the Running Configuration ............89 D.1.5. Changing the Running Configuration .................90 D.1.6. Testing the New Configuration ......................91 D.1.7. Making the Change Permanent ........................91 D.1.8. Releasing the Configuration Lock ...................92 D.2. Operations on Multiple Devices ............................92 Appendix E. Deferred Features .....................................93
The NETCONF protocol defines a simple mechanism through which a network device can be managed, configuration data information can be retrieved, and new configuration data can be uploaded and manipulated. The protocol allows the device to expose a full, formal application programming interface (API). Applications can use this straightforward API to send and receive full and partial configuration data sets.
NETCONF协议定义了一种简单的机制,通过该机制可以管理网络设备、检索配置数据信息以及上载和操作新的配置数据。该协议允许设备公开完整、正式的应用程序编程接口(API)。应用程序可以使用这个简单的API发送和接收完整和部分配置数据集。
The NETCONF protocol uses a remote procedure call (RPC) paradigm. A client encodes an RPC in XML [1] and sends it to a server using a secure, connection-oriented session. The server responds with a reply encoded in XML. The contents of both the request and the response are fully described in XML DTDs or XML schemas, or both, allowing both parties to recognize the syntax constraints imposed on the exchange.
NETCONF协议使用远程过程调用(RPC)范例。客户端用XML[1]对RPC进行编码,并使用安全的、面向连接的会话将其发送到服务器。服务器用XML编码的回复进行响应。请求和响应的内容都用XML DTD或XML模式(或两者)完全描述,允许双方识别施加在交换上的语法约束。
A key aspect of NETCONF is that it allows the functionality of the management protocol to closely mirror the native functionality of the device. This reduces implementation costs and allows timely access to new features. In addition, applications can access both the syntactic and semantic content of the device's native user interface.
NETCONF的一个关键方面是,它允许管理协议的功能紧密镜像设备的本机功能。这降低了实施成本,并允许及时访问新功能。此外,应用程序可以访问设备本机用户界面的语法和语义内容。
NETCONF allows a client to discover the set of protocol extensions supported by a server. These "capabilities" permit the client to adjust its behavior to take advantage of the features exposed by the device. The capability definitions can be easily extended in a noncentralized manner. Standard and non-standard capabilities can be defined with semantic and syntactic rigor. Capabilities are discussed in Section 8.
NETCONF允许客户端发现服务器支持的协议扩展集。这些“功能”允许客户端调整其行为,以利用设备公开的功能。能力定义可以以非集中的方式轻松扩展。标准和非标准功能可以通过严格的语义和语法定义。功能在第8节中讨论。
The NETCONF protocol is a building block in a system of automated configuration. XML is the lingua franca of interchange, providing a flexible but fully specified encoding mechanism for hierarchical content. NETCONF can be used in concert with XML-based transformation technologies, such as XSLT [8], to provide a system for automated generation of full and partial configurations. The system can query one or more databases for data about networking topologies, links, policies, customers, and services. This data can be transformed using one or more XSLT scripts from a task-oriented, vendor-independent data schema into a form that is specific to the vendor, product, operating system, and software release. The resulting data can be passed to the device using the NETCONF protocol.
NETCONF协议是自动配置系统中的一个构建块。XML是交换的通用语言,为分层内容提供了灵活但完全指定的编码机制。NETCONF可以与基于XML的转换技术(如XSLT[8])配合使用,以提供一个自动生成完整和部分配置的系统。系统可以查询一个或多个数据库中有关网络拓扑、链接、策略、客户和服务的数据。可以使用一个或多个XSLT脚本将这些数据从面向任务、独立于供应商的数据模式转换为特定于供应商、产品、操作系统和软件版本的形式。生成的数据可以使用NETCONF协议传递到设备。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [3].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[3]中所述进行解释。
NETCONF uses a simple RPC-based mechanism to facilitate communication between a client and a server. The client can be a script or application typically running as part of a network manager. The server is typically a network device. The terms "device" and "server" are used interchangeably in this document, as are "client" and "application".
NETCONF使用一种简单的基于RPC的机制来促进客户端和服务器之间的通信。客户端可以是脚本或应用程序,通常作为网络管理器的一部分运行。服务器通常是一个网络设备。术语“设备”和“服务器”在本文档中互换使用,“客户端”和“应用程序”也是如此。
A NETCONF session is the logical connection between a network administrator or network configuration application and a network device. A device MUST support at least one NETCONF session and SHOULD support multiple sessions. Global configuration attributes can be changed during any authorized session, and the effects are visible in all sessions. Session-specific attributes affect only the session in which they are changed.
NETCONF会话是网络管理员或网络配置应用程序与网络设备之间的逻辑连接。设备必须至少支持一个NETCONF会话,并且应支持多个会话。全局配置属性可以在任何授权会话期间更改,并且效果在所有会话中都可见。特定于会话的属性仅影响更改它们的会话。
NETCONF can be conceptually partitioned into four layers:
NETCONF在概念上可分为四层:
Layer Example +-------------+ +-----------------------------+ (4) | Content | | Configuration data | +-------------+ +-----------------------------+ | | +-------------+ +-----------------------------+ (3) | Operations | | <get-config>, <edit-config> | +-------------+ +-----------------------------+ | | +-------------+ +-----------------------------+ (2) | RPC | | <rpc>, <rpc-reply> | +-------------+ +-----------------------------+ | | +-------------+ +-----------------------------+ (1) | Transport | | BEEP, SSH, SSL, console | | Protocol | | | +-------------+ +-----------------------------+
Layer Example +-------------+ +-----------------------------+ (4) | Content | | Configuration data | +-------------+ +-----------------------------+ | | +-------------+ +-----------------------------+ (3) | Operations | | <get-config>, <edit-config> | +-------------+ +-----------------------------+ | | +-------------+ +-----------------------------+ (2) | RPC | | <rpc>, <rpc-reply> | +-------------+ +-----------------------------+ | | +-------------+ +-----------------------------+ (1) | Transport | | BEEP, SSH, SSL, console | | Protocol | | | +-------------+ +-----------------------------+
1. The transport protocol layer provides a communication path between the client and server. NETCONF can be layered over any transport protocol that provides a set of basic requirements. Section 2 discusses these requirements.
1. 传输协议层提供客户端和服务器之间的通信路径。NETCONF可以在提供一组基本需求的任何传输协议上分层。第2节讨论了这些要求。
2. The RPC layer provides a simple, transport-independent framing mechanism for encoding RPCs. Section 4 documents this protocol.
2. RPC层为RPC编码提供了一种简单、独立于传输的帧机制。第4节记录了本协议。
3. The operations layer defines a set of base operations invoked as RPC methods with XML-encoded parameters. Section 7 details the list of base operations.
3. 操作层定义了一组基本操作,这些操作作为带有XML编码参数的RPC方法调用。第7节详细介绍了基本操作列表。
4. The content layer is outside the scope of this document. Given the current proprietary nature of the configuration data being manipulated, the specification of this content depends on the NETCONF implementation. It is expected that a separate effort to specify a standard data definition language and standard content will be undertaken.
4. 内容层不在本文档的范围内。鉴于所操纵的配置数据的当前专有性质,此内容的规范取决于NETCONF实现。预计将单独努力指定标准数据定义语言和标准内容。
A NETCONF capability is a set of functionality that supplements the base NETCONF specification. The capability is identified by a uniform resource identifier (URI). These URIs should follow the guidelines as described in Section 8.
NETCONF功能是一组补充基本NETCONF规范的功能。该功能由统一资源标识符(URI)标识。这些URI应遵循第8节所述的指南。
Capabilities augment the base operations of the device, describing both additional operations and the content allowed inside operations. The client can discover the server's capabilities and use any additional operations, parameters, and content defined by those capabilities.
功能增强了设备的基本操作,描述了附加操作和操作中允许的内容。客户端可以发现服务器的功能,并使用这些功能定义的任何其他操作、参数和内容。
The capability definition may name one or more dependent capabilities. To support a capability, the server MUST support any capabilities upon which it depends.
能力定义可以命名一个或多个相关能力。要支持某项功能,服务器必须支持它所依赖的任何功能。
Section 8 defines the capabilities exchange that allows the client to discover the server's capabilities. Section 8 also lists the set of capabilities defined in this document.
第8节定义了允许客户端发现服务器功能的功能交换。第8节还列出了本文件中定义的一组功能。
Additional capabilities can be defined at any time in external documents, allowing the set of capabilities to expand over time. Standards bodies may define standardized capabilities, and implementations may define proprietary ones. A capability URI MUST sufficiently distinguish the naming authority to avoid naming collisions.
可以随时在外部文档中定义其他功能,从而允许功能集随时间扩展。标准机构可以定义标准化功能,实现可以定义专有功能。功能URI必须充分区分命名机构,以避免命名冲突。
The information that can be retrieved from a running system is separated into two classes, configuration data and state data. Configuration data is the set of writable data that is required to transform a system from its initial default state into its current state. State data is the additional data on a system that is not
可以从正在运行的系统中检索的信息分为两类:配置数据和状态数据。配置数据是将系统从初始默认状态转换为当前状态所需的一组可写数据。状态数据是系统上不可用的附加数据
configuration data such as read-only status information and collected statistics. When a device is performing configuration operations, a number of problems would arise if state data were included:
配置数据,如只读状态信息和收集的统计信息。当设备执行配置操作时,如果包含状态数据,则会出现许多问题:
o Comparisons of configuration data sets would be dominated by irrelevant entries such as different statistics.
o 配置数据集的比较主要是不相关的条目,如不同的统计数据。
o Incoming data could contain nonsensical requests, such as attempts to write read-only data.
o 传入数据可能包含无意义的请求,例如试图写入只读数据。
o The data sets would be large.
o 数据集将会很大。
o Archived data could contain values for read-only data items, complicating the processing required to restore archived data.
o 归档数据可能包含只读数据项的值,从而使恢复归档数据所需的处理复杂化。
To account for these issues, the NETCONF protocol recognizes the difference between configuration data and state data and provides operations for each. The <get-config> operation retrieves configuration data only, while the <get> operation retrieves configuration and state data.
为了解决这些问题,NETCONF协议识别配置数据和状态数据之间的差异,并为每种数据提供操作。<get config>操作仅检索配置数据,而<get>操作检索配置和状态数据。
Note that the NETCONF protocol is focused on the information required to get the device into its desired running state. The inclusion of other important, persistent data is implementation specific. For example, user files and databases are not treated as configuration data by the NETCONF protocol.
请注意,NETCONF协议主要关注使设备进入所需运行状态所需的信息。包含其他重要的持久性数据是特定于实现的。例如,NETCONF协议不将用户文件和数据库视为配置数据。
If a local database of user authentication data is stored on the device, whether it is included in configuration data is an implementation-dependent matter.
如果用户认证数据的本地数据库存储在设备上,则配置数据中是否包含该数据库取决于实现。
NETCONF uses an RPC-based communication paradigm. A client sends a series of one or more RPC request operations, which cause the server to respond with a corresponding series of RPC replies.
NETCONF使用基于RPC的通信范例。客户端发送一系列的一个或多个RPC请求操作,这会导致服务器以相应的一系列RPC响应进行响应。
The NETCONF protocol can be layered on any transport protocol that provides the required set of functionality. It is not bound to any particular transport protocol, but allows a mapping to define how it can be implemented over any specific protocol.
NETCONF协议可以在提供所需功能集的任何传输协议上分层。它不绑定到任何特定的传输协议,但允许映射定义如何在任何特定协议上实现它。
The transport protocol MUST provide a mechanism to indicate the session type (client or server) to the NETCONF protocol layer.
传输协议必须提供向NETCONF协议层指示会话类型(客户端或服务器)的机制。
This section details the characteristics that NETCONF requires from the underlying transport protocol.
本节详细介绍了NETCONF对底层传输协议的要求。
NETCONF is connection-oriented, requiring a persistent connection between peers. This connection must provide reliable, sequenced data delivery.
NETCONF是面向连接的,需要对等方之间的持久连接。此连接必须提供可靠、有序的数据传输。
NETCONF connections are long-lived, persisting between protocol operations. This allows the client to make changes to the state of the connection that will persist for the lifetime of the connection. For example, authentication information specified for a connection remains in effect until the connection is closed.
NETCONF连接是长期的,在协议操作之间保持。这允许客户端对连接的状态进行更改,该更改将持续到连接的生命周期。例如,为连接指定的身份验证信息在连接关闭之前保持有效。
In addition, resources requested from the server for a particular connection MUST be automatically released when the connection closes, making failure recovery simpler and more robust. For example, when a lock is acquired by a client, the lock persists until either it is explicitly released or the server determines that the connection has been terminated. If a connection is terminated while the client holds a lock, the server can perform any appropriate recovery. The lock operation is further discussed in Section 7.5.
此外,当连接关闭时,必须自动释放为特定连接从服务器请求的资源,从而使故障恢复更简单、更可靠。例如,当客户端获取锁时,该锁将一直保持,直到显式释放该锁或服务器确定连接已终止。如果在客户端持有锁时终止连接,则服务器可以执行任何适当的恢复。第7.5节将进一步讨论锁定操作。
NETCONF connections must provide authentication, data integrity, and confidentiality. NETCONF depends on the transport protocol for this capability. A NETCONF peer assumes that appropriate levels of security and confidentiality are provided independently of this document. For example, connections may be encrypted in TLS [9] or SSH [10], depending on the underlying protocol.
NETCONF连接必须提供身份验证、数据完整性和机密性。NETCONF依赖于此功能的传输协议。NETCONF对等方假定提供了与本文档无关的适当级别的安全性和机密性。例如,连接可以在TLS[9]或SSH[10]中加密,具体取决于底层协议。
NETCONF connections must be authenticated. The transport protocol is responsible for authentication. The peer assumes that the connection's authentication information has been validated by the underlying protocol using sufficiently trustworthy mechanisms and that the peer's identity has been sufficiently proven.
NETCONF连接必须经过身份验证。传输协议负责身份验证。对等方假设连接的身份验证信息已由底层协议使用充分可信的机制进行验证,并且对等方的身份已得到充分证明。
One goal of NETCONF is to provide a programmatic interface to the device that closely follows the functionality of the device's native interface. Therefore, it is expected that the underlying protocol uses existing authentication mechanisms defined by the device. For example, a device that supports RADIUS [11] should allow the use of RADIUS to authenticate NETCONF sessions.
NETCONF的一个目标是为设备提供一个编程接口,该接口紧密遵循设备本机接口的功能。因此,预期基础协议使用设备定义的现有身份验证机制。例如,支持RADIUS[11]的设备应允许使用RADIUS对NETCONF会话进行身份验证。
The authentication process should result in an identity whose permissions are known to the device. These permissions MUST be enforced during the remainder of the NETCONF session.
身份验证过程应产生设备已知其权限的标识。这些权限必须在NETCONF会话的剩余时间内强制执行。
A NETCONF implementation MUST support the SSH transport protocol mapping [4].
NETCONF实现必须支持SSH传输协议映射[4]。
XML serves as the encoding format for NETCONF, allowing complex hierarchical data to be expressed in a text format that can be read, saved, and manipulated with both traditional text tools and tools specific to XML.
XML作为NETCONF的编码格式,允许以文本格式表示复杂的层次结构数据,可以使用传统的文本工具和特定于XML的工具来读取、保存和操作文本格式。
This section discusses a small number of XML-related considerations pertaining to NETCONF.
本节讨论与NETCONF有关的少量XML相关注意事项。
All NETCONF protocol elements are defined in the following namespace:
所有NETCONF协议元素都在以下命名空间中定义:
urn:ietf:params:xml:ns:netconf:base:1.0
urn:ietf:params:xml:ns:netconf:base:1.0
NETCONF capability names MUST be URIs [5]. NETCONF capabilities are discussed in Section 8.
NETCONF功能名称必须是URI[5]。第8节讨论了NETCONF功能。
Document type declarations MUST NOT appear in NETCONF content.
文档类型声明不得出现在NETCONF内容中。
The NETCONF protocol uses an RPC-based communication model. NETCONF peers use <rpc> and <rpc-reply> elements to provide transport protocol-independent framing of NETCONF requests and responses.
NETCONF协议使用基于RPC的通信模型。NETCONF对等方使用<rpc>和<rpc reply>元素提供NETCONF请求和响应的传输协议独立框架。
The <rpc> element is used to enclose a NETCONF request sent from the client to the server.
元素用于封装从客户端发送到服务器的NETCONF请求。
The <rpc> element has a mandatory attribute "message-id", which is an arbitrary string chosen by the sender of the RPC that will commonly encode a monotonically increasing integer. The receiver of the RPC does not decode or interpret this string but simply saves it to be used as a "message-id" attribute in any resulting <rpc-reply> message. For example:
<rpc>元素有一个强制属性“message id”,这是rpc的发送者选择的任意字符串,它通常编码一个单调递增的整数。RPC的接收者不解码或解释此字符串,而只是将其保存为任何结果<RPC reply>消息中的“消息id”属性。例如:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <some-method> <!-- method parameters here... --> </some-method> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <some-method> <!-- method parameters here... --> </some-method> </rpc>
If additional attributes are present in an <rpc> element, a NETCONF peer MUST return them unmodified in the <rpc-reply> element.
如果<rpc>元素中存在其他属性,则NETCONF对等方必须在<rpc reply>元素中返回未经修改的属性。
The name and parameters of an RPC are encoded as the contents of the <rpc> element. The name of the RPC is an element directly inside the <rpc> element, and any parameters are encoded inside this element.
RPC的名称和参数被编码为<RPC>元素的内容。RPC的名称是直接位于<RPC>元素内的元素,任何参数都在该元素内编码。
The following example invokes a method called <my-own-method>, which has two parameters, <my-first-parameter>, with a value of "14", and <another-parameter>, with a value of "fred":
下面的示例调用一个名为<my own method>的方法,该方法有两个参数,<my first parameter>,值为“14”,和<Other parameter>,值为“fred”:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <my-own-method xmlns="http://example.net/me/my-own/1.0"> <my-first-parameter>14</my-first-parameter> <another-parameter>fred</another-parameter> </my-own-method> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <my-own-method xmlns="http://example.net/me/my-own/1.0"> <my-first-parameter>14</my-first-parameter> <another-parameter>fred</another-parameter> </my-own-method> </rpc>
The following example invokes a <rock-the-house> method with a <zip-code> parameter of "27606-0100":
以下示例使用参数“27606-0100”调用<rock The house>方法:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <rock-the-house xmlns="http://example.net/rock/1.0"> <zip-code>27606-0100</zip-code> </rock-the-house> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <rock-the-house xmlns="http://example.net/rock/1.0"> <zip-code>27606-0100</zip-code> </rock-the-house> </rpc>
The following example invokes the NETCONF <get> method with no parameters:
以下示例不带参数调用NETCONF<get>方法:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get/> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get/> </rpc>
The <rpc-reply> message is sent in response to an <rpc> operation.
<rpc reply>消息是响应<rpc>操作而发送的。
The <rpc-reply> element has a mandatory attribute "message-id", which is equal to the "message-id" attribute of the <rpc> for which this is a response.
<rpc reply>元素有一个强制属性“message id”,它等于<rpc>的“message id”属性,这是对该属性的响应。
A NETCONF peer MUST also return any additional attributes included in the <rpc> element unmodified in the <rpc-reply> element.
NETCONF对等方还必须返回<rpc reply>元素中未修改的<rpc>元素中包含的任何附加属性。
The response name and response data are encoded as the contents of the <rpc-reply> element. The name of the reply is an element directly inside the <rpc-reply> element, and any data is encoded inside this element.
响应名称和响应数据被编码为<rpc reply>元素的内容。回复的名称是直接位于<rpc reply>元素内的元素,任何数据都在该元素内编码。
For example:
例如:
The following <rpc> element invokes the NETCONF <get> method and includes an additional attribute called "user-id". Note that the "user-id" attribute is not in the NETCONF namespace. The returned <rpc-reply> element returns the "user-id" attribute, as well as the requested content.
下面的<rpc>元素调用NETCONF<get>方法,并包含一个名为“user id”的附加属性。请注意,“用户id”属性不在NETCONF命名空间中。返回的<rpc reply>元素返回“user id”属性以及请求的内容。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:ex="http://example.net/content/1.0" ex:user-id="fred"> <get/> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:ex="http://example.net/content/1.0" ex:user-id="fred"> <get/> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:ex="http://example.net/content/1.0" ex:user-id="fred"> <data> <!-- contents here... --> </data> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:ex="http://example.net/content/1.0" ex:user-id="fred"> <data> <!-- contents here... --> </data> </rpc-reply>
The <rpc-error> element is sent in <rpc-reply> messages if an error occurs during the processing of an <rpc> request.
如果在处理<rpc>请求期间发生错误,则在<rpc reply>消息中发送<rpc error>元素。
If a server encounters multiple errors during the processing of an <rpc> request, the <rpc-reply> MAY contain multiple <rpc-error> elements. However, a server is not required to detect or report more
If a server encounters multiple errors during the processing of an <rpc> request, the <rpc-reply> MAY contain multiple <rpc-error> elements. However, a server is not required to detect or report more
than one <rpc-error> element, if a request contains multiple errors. A server is not required to check for particular error conditions in a specific sequence. A server MUST return an <rpc-error> element if any error conditions occur during processing and SHOULD return an <rpc-error> element if any warning conditions occur during processing.
如果请求包含多个错误,则有多个<rpc error>元素。服务器不需要按特定顺序检查特定错误条件。如果在处理过程中出现任何错误条件,服务器必须返回<rpc error>元素,如果在处理过程中出现任何警告条件,则应返回<rpc error>元素。
A server MUST NOT return application-level- or data-model-specific error information in an <rpc-error> element for which the client does not have sufficient access rights.
服务器不得在客户端没有足够访问权限的<rpc error>元素中返回特定于应用程序级别或数据模型的错误信息。
The <rpc-error> element includes the following information:
<rpc error>元素包含以下信息:
error-type: Defines the conceptual layer that the error occurred. Enumeration. One of:
错误类型:定义发生错误的概念层。枚举。什么之中的一个:
* transport
* 运输
* rpc
* rpc
* protocol
* 协议
* application
* 应用
error-tag: Contains a string identifying the error condition. See Appendix A for allowed values.
错误标记:包含标识错误条件的字符串。允许值见附录A。
error-severity: Contains a string identifying the error severity, as determined by the device. One of:
错误严重性:包含一个字符串,标识由设备确定的错误严重性。什么之中的一个:
* error
* 错误
* warning
* 警告
error-app-tag: Contains a string identifying the data-model-specific or implementation-specific error condition, if one exists. This element will not be present if no appropriate application error tag can be associated with a particular error condition.
error app tag:包含一个字符串,标识特定于数据模型或特定于实现的错误条件(如果存在)。如果没有合适的应用程序错误标记与特定错误条件相关联,则此元素将不存在。
error-path: Contains the absolute XPath [2] expression identifying the element path to the node that is associated with the error being reported in a particular rpc-error element. This element will not be present if no appropriate payload element can be associated with a particular error condition, or if the 'bad-element' QString returned in the 'error-info' container is sufficient to identify the node associated with the error. When
错误路径:包含绝对XPath[2]表达式,该表达式标识与特定rpc错误元素中报告的错误相关联的节点的元素路径。如果没有合适的有效负载元素可以与特定错误条件相关联,或者如果“error info”容器中返回的“bad element”QString足以识别与错误关联的节点,则此元素将不存在。什么时候
the XPath expression is interpreted, the set of namespace declarations are those in scope on the rpc-error element, including the default namespace.
解释XPath表达式时,名称空间声明集是rpc错误元素范围内的声明,包括默认名称空间。
error-message: Contains a string suitable for human display that describes the error condition. This element will not be present if no appropriate message is provided for a particular error condition. This element SHOULD include an xml:lang attribute as defined in [1] and discussed in [12].
错误消息:包含一个适合人工显示的字符串,用于描述错误条件。如果没有为特定错误条件提供适当的消息,则此元素将不存在。此元素应包括[1]中定义并在[12]中讨论的xml:lang属性。
error-info: Contains protocol- or data-model-specific error content. This element will not be present if no such error content is provided for a particular error condition. The list in Appendix A defines any mandatory error-info content for each error. After any protocol-mandated content, a data model definition may mandate that certain application-layer error information be included in the error-info container. An implementation may include additional elements to provide extended and/or implementation-specific debugging information.
错误信息:包含协议或数据模型特定的错误内容。如果没有为特定错误条件提供此类错误内容,则此元素将不存在。附录A中的列表定义了每个错误的任何强制性错误信息内容。在任何协议授权的内容之后,数据模型定义可以授权将某些应用层错误信息包括在错误信息容器中。实现可以包括额外的元素,以提供扩展的和/或实现特定的调试信息。
Appendix A enumerates the standard NETCONF errors.
附录A列举了标准NETCONF错误。
Example:
例子:
An error is returned if an <rpc> element is received without a message-id attribute. Note that only in this case is it acceptable for the NETCONF peer to omit the message-id attribute in the <rpc-reply> element.
如果接收到的<rpc>元素没有消息id属性,则返回错误。注意,只有在这种情况下,NETCONF对等方才可以忽略<rpc reply>元素中的message id属性。
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> </get-config> </rpc>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> </get-config> </rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <rpc-error> <error-type>rpc</error-type> <error-tag>missing-attribute</error-tag> <error-severity>error</error-severity> <error-info> <bad-attribute>message-id</bad-attribute> <bad-element>rpc</bad-element> </error-info> </rpc-error> </rpc-reply>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <rpc-error> <error-type>rpc</error-type> <error-tag>missing-attribute</error-tag> <error-severity>error</error-severity> <error-info> <bad-attribute>message-id</bad-attribute> <bad-element>rpc</bad-element> </error-info> </rpc-error> </rpc-reply>
The following <rpc-reply> illustrates the case of returning multiple <rpc-error> elements.
下面的<rpc reply>说明了返回多个<rpc error>元素的情况。
Note that the data models used in the examples in this section use the <name> element to distinguish between multiple instances of the <interface> element.
请注意,本节示例中使用的数据模型使用<name>元素来区分<interface>元素的多个实例。
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <rpc-error> <error-type>application</error-type> <error-tag>invalid-value</error-tag> <error-severity>error</error-severity> <error-message xml:lang="en"> MTU value 25000 is not within range 256..9192 </error-message> <error-info> <top xmlns="http://example.com/schema/1.2/config"> <interface> <name>Ethernet0/0</name> <mtu>25000</mtu> </interface> </top> </error-info> </rpc-error> <rpc-error> <error-type>application</error-type> <error-tag>invalid-value</error-tag> <error-severity>error</error-severity> <error-message xml:lang="en"> Invalid IP address for interface Ethernet1/0 </error-message> <error-info> <top xmlns="http://example.com/schema/1.2/config"> <interface xc:operation="replace"> <name>Ethernet1/0</name> <address> <name>1.4</name> <prefix-length>24</prefix-length> </address> </interface> </top> </error-info> </rpc-error> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <rpc-error> <error-type>application</error-type> <error-tag>invalid-value</error-tag> <error-severity>error</error-severity> <error-message xml:lang="en"> MTU value 25000 is not within range 256..9192 </error-message> <error-info> <top xmlns="http://example.com/schema/1.2/config"> <interface> <name>Ethernet0/0</name> <mtu>25000</mtu> </interface> </top> </error-info> </rpc-error> <rpc-error> <error-type>application</error-type> <error-tag>invalid-value</error-tag> <error-severity>error</error-severity> <error-message xml:lang="en"> Invalid IP address for interface Ethernet1/0 </error-message> <error-info> <top xmlns="http://example.com/schema/1.2/config"> <interface xc:operation="replace"> <name>Ethernet1/0</name> <address> <name>1.4</name> <prefix-length>24</prefix-length> </address> </interface> </top> </error-info> </rpc-error> </rpc-reply>
The <ok> element is sent in <rpc-reply> messages if no errors or warnings occurred during the processing of an <rpc> request. For example:
如果在处理<rpc>请求期间未发生错误或警告,则<ok>元素将在<rpc reply>消息中发送。例如:
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
NETCONF <rpc> requests MUST be processed serially by the managed device. Additional <rpc> requests MAY be sent before previous ones have been completed. The managed device MUST send responses only in the order the requests were received.
NETCONF<rpc>请求必须由受管设备串行处理。其他<rpc>请求可能在以前的请求完成之前发送。受管设备必须仅按照接收请求的顺序发送响应。
NETCONF provides an initial set of operations and a number of capabilities that can be used to extend the base. NETCONF peers exchange device capabilities when the session is initiated as described in Section 8.1.
NETCONF提供了一组初始操作和一些可用于扩展基础的功能。如第8.1节所述,当会话启动时,NETCONF对等交换设备功能。
NETCONF defines the existence of one or more configuration datastores and allows configuration operations on them. A configuration datastore is defined as the complete set of configuration data that is required to get a device from its initial default state into a desired operational state. The configuration datastore does not include state data or executive commands.
NETCONF定义一个或多个配置数据存储的存在,并允许对其进行配置操作。配置数据存储定义为使设备从初始默认状态进入所需操作状态所需的完整配置数据集。配置数据存储不包括状态数据或执行命令。
Only the <running> configuration datastore is present in the base model. Additional configuration datastores may be defined by capabilities. Such configuration datastores are available only on devices that advertise the capabilities.
基本模型中仅存在<running>配置数据存储。其他配置数据存储可能由功能定义。此类配置数据存储仅在发布功能的设备上可用。
o Running: The complete configuration currently active on the network device. Only one configuration datastore of this type exists on the device, and it is always present. NETCONF protocol operations refer to this datastore using the <running> element.
o 正在运行:网络设备上当前处于活动状态的完整配置。设备上仅存在一个此类型的配置数据存储,并且始终存在。NETCONF协议操作使用<running>元素引用此数据存储。
The capabilities in Sections 8.3 and 8.7 define the <candidate> and <startup> configuration datastores, respectively.
第8.3节和第8.7节中的功能分别定义了<candidate>和<startup>配置数据存储。
Data modeling and content issues are outside the scope of the NETCONF protocol. An assumption is made that the device's data model is well-known to the application and that both parties are aware of issues such as the layout, containment, keying, lookup, replacement, and management of the data, as well as any other constraints imposed by the data model.
数据建模和内容问题不在NETCONF协议的范围内。假设应用程序熟知设备的数据模型,并且双方都知道数据的布局、包含、键控、查找、替换和管理等问题,以及数据模型施加的任何其他约束。
NETCONF carries configuration data inside the <config> element that is specific to device's data model. The protocol treats the contents of that element as opaque data. The device uses capabilities to announce the set of data models that the device implements. The capability definition details the operation and constraints imposed by data model.
NETCONF在<config>元素中携带特定于设备数据模型的配置数据。协议将该元素的内容视为不透明数据。设备使用功能宣布设备实现的数据模型集。能力定义详细说明了数据模型施加的操作和约束。
Devices and managers may support multiple data models, including both standard and proprietary data models.
设备和管理器可能支持多种数据模型,包括标准和专有数据模型。
XML subtree filtering is a mechanism that allows an application to select particular XML subtrees to include in the <rpc-reply> for a <get> or <get-config> operation. A small set of filters for inclusion, simple content exact-match, and selection is provided, which allows some useful, but also very limited, selection mechanisms. The agent does not need to utilize any data-model-specific semantics during processing, allowing for simple and centralized implementation strategies.
XML子树过滤是一种机制,允许应用程序为<get>或<get config>操作选择要包含在<rpc reply>中的特定XML子树。提供了一组用于包含、简单内容精确匹配和选择的过滤器,允许一些有用但也非常有限的选择机制。代理在处理过程中不需要使用任何特定于数据模型的语义,从而实现简单而集中的实现策略。
Conceptually, a subtree filter is comprised of zero or more element subtrees, which represent the filter selection criteria. At each containment level within a subtree, the set of sibling nodes is logically processed by the server to determine if its subtree and path of elements to the root are included in the filter output.
从概念上讲,子树过滤器由零个或多个元素子树组成,这些子树表示过滤器选择标准。在子树中的每个包含级别上,服务器对同级节点集进行逻辑处理,以确定其子树和元素到根的路径是否包含在过滤器输出中。
All elements present in a particular subtree within a filter must match associated nodes present in the server's conceptual data model. XML namespaces may be specified (via 'xmlns' declarations) within the filter data model. If they are, the declared namespace must first exactly match a namespace supported by the server. Note that prefix values for qualified namespaces are not relevant when comparing filter elements to elements in the underlying data model. Only data associated with a specified namespace will be included in the filter output.
筛选器中特定子树中的所有元素必须与服务器概念数据模型中的关联节点匹配。可以在筛选器数据模型中指定XML名称空间(通过“xmlns”声明)。如果是,则声明的命名空间必须首先与服务器支持的命名空间完全匹配。请注意,在将筛选器元素与基础数据模型中的元素进行比较时,限定名称空间的前缀值不相关。筛选器输出中将仅包含与指定命名空间关联的数据。
Each node specified in a subtree filter represents an inclusive filter. Only associated nodes in underlying data model(s) within the specified configuration datastore on the server are selected by the filter. A node must exactly match the namespace and hierarchy of elements given in the filter data, except that the filter absolute path name is adjusted to start from the layer below <filter>.
子树筛选器中指定的每个节点表示一个包含筛选器。筛选器仅选择服务器上指定配置数据存储中的基础数据模型中的关联节点。节点必须与筛选器数据中给定的元素的名称空间和层次结构完全匹配,但筛选器绝对路径名称被调整为从<filter>下面的层开始。
Response messages contain only the subtrees selected by the filter. Any selection criteria that were present in the request, within a particular selected subtree, are also included in the response. Note that some elements expressed in the filter as leaf nodes will be expanded (i.e., subtrees included) in the filter output. Specific data instances are not duplicated in the response in the event that the request contains multiple filter subtree expressions that select the same data.
响应消息仅包含筛选器选择的子树。响应中还包括请求中存在的、特定选定子树中的任何选择标准。请注意,过滤器中表示为叶节点的某些元素将在过滤器输出中展开(即包括子树)。如果请求包含多个选择相同数据的筛选器子树表达式,则特定数据实例不会在响应中重复。
A subtree filter is comprised of XML elements and their XML attributes. There are five types of components that may be present in a subtree filter:
子树过滤器由XML元素及其XML属性组成。子树筛选器中可能存在五种类型的组件:
o Namespace Selection
o 名称空间选择
o Attribute Match Expressions
o 属性匹配表达式
o Containment Nodes
o 包容节点
o Selection Nodes
o 选择节点
o Content Match Nodes
o 内容匹配节点
If namespaces are used, then the filter output will only include elements from the specified namespace. A namespace is considered to match (for filter purposes) if the content of the 'xmlns' attributes are the same in the filter and the underlying data model. Note that namespace selection cannot be used by itself. At least one element must be specified in the filter any elements to be included in the filter output.
如果使用名称空间,则过滤器输出将仅包括指定名称空间中的元素。如果筛选器和基础数据模型中的“xmlns”属性的内容相同,则认为命名空间匹配(出于筛选目的)。请注意,名称空间选择本身不能使用。必须在筛选器中至少指定一个元素—要包括在筛选器输出中的任何元素。
Example:
例子:
<filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"/> </filter>
<filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"/> </filter>
In this example, the <top> element is a selection node, and only this node and any child nodes (from the underlying data model) in the 'http://example.com/schema/1.2/config' namespace will be included in the filter output.
在本例中,<top>元素是一个选择节点,并且只有该节点和任何子节点(来自基础数据模型)位于http://example.com/schema/1.2/config'命名空间将包含在筛选器输出中。
An attribute that appears in a subtree filter is part of an "attribute match expression". Any number of (unqualified or qualified) XML attributes may be present in any type of filter node. In addition to the selection criteria normally applicable to that node, the selected data must have matching values for every attribute specified in the node. If an element is not defined to include a specified attribute, then it is not selected in the filter output.
出现在子树筛选器中的属性是“属性匹配表达式”的一部分。任何类型的筛选器节点中都可能存在任意数量的(非限定的或限定的)XML属性。除了通常适用于该节点的选择标准外,所选数据必须具有节点中指定的每个属性的匹配值。如果未将元素定义为包含指定属性,则不会在过滤器输出中选择该元素。
Example:
例子:
<filter type="subtree"> <t:top xmlns:t="http://example.com/schema/1.2/config"> <t:interfaces> <t:interface t:ifName="eth0"/> </t:interfaces> </t:top> </filter>
<filter type="subtree"> <t:top xmlns:t="http://example.com/schema/1.2/config"> <t:interfaces> <t:interface t:ifName="eth0"/> </t:interfaces> </t:top> </filter>
In this example, the <top>, <interfaces>, and <interface> elements are containment nodes, and 'ifName' is an attribute match expression. Only 'interface' nodes in the 'http://example.com/schema/1.2/config' namespace that have an 'ifName' attribute with the value 'eth0' and occur within 'interfaces' nodes within 'top' nodes will be included in the filter output.
在本例中,<top>、<interfaces>和<interface>元素是包含节点,“ifName”是属性匹配表达式。仅“接口”节点位于http://example.com/schema/1.2/config'具有值为'eth0'的'ifName'属性且出现在'top'节点内的'interfaces'节点中的命名空间将包含在筛选器输出中。
Nodes that contain child elements within a subtree filter are called "containment nodes". Each child element can be any type of node, including another containment node. For each containment node specified in a subtree filter, all data model instances that exactly match the specified namespaces, element hierarchy, and any attribute match expressions are included in the filter output.
子树过滤器中包含子元素的节点称为“包含节点”。每个子元素可以是任何类型的节点,包括另一个包含节点。对于子树过滤器中指定的每个包含节点,过滤器输出中包括与指定名称空间、元素层次结构和任何属性匹配表达式完全匹配的所有数据模型实例。
Example:
例子:
<filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users/> </top> </filter>
<filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users/> </top> </filter>
In this example, the <top> element is a containment node.
在本例中,<top>元素是一个包含节点。
An empty leaf node within a filter is called a "selection node", and it represents an "explicit selection" filter on the underlying data model. Presence of any selection nodes within a set of sibling nodes will cause the filter to select the specified subtree(s) and suppress automatic selection of the entire set of sibling nodes in the underlying data model. For filtering purposes, an empty leaf node can be declared either with an empty tag (e.g., <foo/>) or with explicit start and end tags (e.g., <foo> </foo>). Any whitespace characters are ignored in this form.
过滤器中的空叶节点称为“选择节点”,它表示基础数据模型上的“显式选择”过滤器。如果一组同级节点中存在任何选择节点,则过滤器将选择指定的子树,并禁止在基础数据模型中自动选择整个同级节点集。出于筛选目的,可以使用空标记(例如,<foo/>)或显式的开始和结束标记(例如,<foo></foo>)声明空叶节点。在此表单中忽略任何空白字符。
Example:
例子:
<filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users/> </top> </filter>
<filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users/> </top> </filter>
In this example, the <top> element is a containment node, and the <users> element is a selection node. Only 'users' nodes in the 'http://example.com/schema/1.2/config' namespace that occur within a 'top' element that is the root of the configuration datastore will be included in the filter output.
在本例中,<top>元素是包含节点,<users>元素是选择节点。仅“用户”节点位于http://example.com/schema/1.2/config'在作为配置数据存储的根的'top'元素中出现的命名空间将包含在筛选器输出中。
A leaf node that contains simple content is called a "content match node". It is used to select some or all of its sibling nodes for filter output, and it represents an exact-match filter on the leaf node element content. The following constraints apply to content match nodes:
包含简单内容的叶节点称为“内容匹配节点”。它用于选择过滤器输出的部分或全部同级节点,并表示叶节点元素内容上的精确匹配过滤器。以下约束适用于内容匹配节点:
o A content match node must not contain nested elements (i.e., must resolve to a simpleType in the XML Schema Definition (XSD)).
o 内容匹配节点不得包含嵌套元素(即,必须解析为XML架构定义(XSD)中的simpleType)。
o Multiple content match nodes (i.e., sibling nodes) are logically combined in an "AND" expression.
o 多个内容匹配节点(即同级节点)在逻辑上组合在一个“和”表达式中。
o Filtering of mixed content is not supported.
o 不支持筛选混合内容。
o Filtering of list content is not supported.
o 不支持筛选列表内容。
o Filtering of whitespace-only content is not supported.
o 不支持过滤纯空白内容。
o A content match node must contain non-whitespace characters. An empty element (e.g., <foo></foo>) will be interpreted as a selection node (e.g., <foo/>).
o 内容匹配节点必须包含非空白字符。空元素(例如,<foo></foo>)将被解释为选择节点(例如,<foo/>)。
o Leading and trailing whitespace characters are ignored, but any whitespace characters within a block of text characters are not ignored or modified.
o 将忽略前导和尾随空白字符,但不会忽略或修改文本字符块中的任何空白字符。
If all specified sibling content match nodes in a subtree filter expression are 'true', then the filter output nodes are selected in the following manner:
如果子树筛选器表达式中所有指定的同级内容匹配节点均为“true”,则将按以下方式选择筛选器输出节点:
o Each content match node in the sibling set is included in the filter output.
o 同级集中的每个内容匹配节点都包含在过滤器输出中。
o If any containment nodes are present in the sibling set, then they are processed further and included if any nested filter criteria are also met.
o 如果同级集中存在任何包含节点,则会进一步处理这些节点,并在满足任何嵌套筛选条件时将其包括在内。
o If any selection nodes are present in the sibling set, then all of them are included in the filter output.
o 如果兄弟节点集中存在任何选择节点,则所有选择节点都将包含在过滤器输出中。
o Otherwise (i.e., there are no selection or containment nodes in the filter sibling set), all the nodes defined at this level in the underlying data model (and their subtrees, if any) are returned in the filter output.
o 否则(即,过滤器同级集合中没有选择或包含节点),在基础数据模型(及其子树,如果有的话)中在该级别定义的所有节点都将在过滤器输出中返回。
If any of the sibling content match node tests are 'false', then no further filter processing is performed on that sibling set, and none of the sibling subtrees are selected by the filter, including the content match node(s).
如果任何同级内容匹配节点测试为“false”,则不会对该同级集执行进一步的筛选处理,并且筛选器不会选择任何同级子树,包括内容匹配节点。
Example:
例子:
<filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> </user> </users> </top> </filter>
<filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> </user> </users> </top> </filter>
In this example, the <users> and <user> nodes are both containment nodes, and <name> is a content match node. Since no sibling nodes of <name> are specified (and therefore no containment or selection nodes), all of the sibling nodes of <name> are returned in the filter
In this example, the <users> and <user> nodes are both containment nodes, and <name> is a content match node. Since no sibling nodes of <name> are specified (and therefore no containment or selection nodes), all of the sibling nodes of <name> are returned in the filter
output. Only 'user' nodes in the 'http://example.com/schema/1.2/config' namespace that match the element hierarchy and for which the <name> element is equal to 'fred' will be included in the filter output.
输出仅“用户”节点位于http://example.com/schema/1.2/config'与元素层次结构匹配且<name>元素等于'fred'的命名空间将包含在筛选器输出中。
The filter output (the set of selected nodes) is initially empty.
过滤器输出(所选节点集)最初为空。
Each subtree filter can contain one or more data model fragments, which represent portions of the data model that should be selected (with all child nodes) in the filter output.
每个子树筛选器都可以包含一个或多个数据模型片段,这些片段表示应在筛选器输出中选择(与所有子节点一起)的数据模型部分。
Each subtree data fragment is compared by the server to the internal data models supported by the server. If the entire subtree data-fragment filter (starting from the root to the innermost element specified in the filter) exactly matches a corresponding portion of the supported data model, then that node and all its children are included in the result data.
服务器将每个子树数据片段与服务器支持的内部数据模型进行比较。如果整个子树数据片段过滤器(从根到过滤器中指定的最内层元素)完全匹配受支持数据模型的相应部分,则该节点及其所有子节点都将包含在结果数据中。
The server processes all nodes with the same parent node (sibling set) together, starting from the root to the leaf nodes. The root elements in the filter are considered in the same sibling set (assuming they are in the same namespace), even though they do not have a common parent.
服务器一起处理具有相同父节点(同级节点集)的所有节点,从根节点到叶节点。筛选器中的根元素被视为在同一个同级集中(假设它们位于同一命名空间中),即使它们没有公共父级。
For each sibling set, the server determines which nodes are included (or potentially included) in the filter output, and which sibling subtrees are excluded (pruned) from the filter output. The server first determines which types of nodes are present in the sibling set and processes the nodes according to the rules for their type. If any nodes in the sibling set are selected, then the process is recursively applied to the sibling sets of each selected node. The algorithm continues until all sibling sets in all subtrees specified in the filter have been processed.
对于每个同级集,服务器确定过滤器输出中包括(或可能包括)哪些节点,以及从过滤器输出中排除(修剪)哪些同级子树。服务器首先确定同级集中存在哪些类型的节点,并根据其类型的规则处理这些节点。如果选择了同级节点集中的任何节点,则该过程将递归应用于每个选定节点的同级节点集。该算法将继续,直到处理完筛选器中指定的所有子树中的所有同级集。
Leaving out the filter on the get operation returns the entire data model.
在get操作中省略过滤器将返回整个数据模型。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get/> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get/> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <!-- ... entire set of data returned ... --> </data> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <!-- ... entire set of data returned ... --> </data> </rpc-reply>
An empty filter will select nothing because no content match or selection nodes are present. This is not an error. The filter type attribute used in these examples is discussed further in Section 7.1.
空筛选器将不选择任何内容,因为不存在内容匹配或选择节点。这不是一个错误。第7.1节将进一步讨论这些示例中使用的过滤器类型属性。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> </filter> </get> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> </filter> </get> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> </data> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> </data> </rpc-reply>
The filter in this example contains one selection node (<users>), so just that subtree is selected by the filter. This example represents the fully-populated <users> data model in most of the filter examples that follow. In a real data model, the <company-info> would not likely be returned with the list of users for a particular host or network.
本例中的过滤器包含一个选择节点(<users>),因此过滤器仅选择该子树。这个例子代表了后面大多数过滤器例子中完全填充的<users>数据模型。在实际数据模型中,<company info>不可能与特定主机或网络的用户列表一起返回。
NOTE: The filtering and configuration examples used in this document appear in the namespace "http://example.com/schema/1.2/config". The root element of this namespace is <top>. The <top> element and its descendents represent an example configuration data model only.
注意:本文档中使用的筛选和配置示例出现在命名空间中“http://example.com/schema/1.2/config". 此命名空间的根元素是<top>。<top>元素及其子元素仅代表一个示例配置数据模型。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree">
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree">
<top xmlns="http://example.com/schema/1.2/config"> <users/> </top> </filter> </get-config> </rpc>
<top xmlns="http://example.com/schema/1.2/config"> <users/> </top> </filter> </get-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <type>superuser</type> <full-name>Charlie Root</full-name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user> <user> <name>fred</name> <type>admin</type> <full-name>Fred Flintstone</full-name> <company-info> <dept>2</dept> <id>2</id> </company-info> </user> <user> <name>barney</name> <type>admin</type> <full-name>Barney Rubble</full-name> <company-info> <dept>2</dept> <id>3</id> </company-info> </user> </users> </top> </data> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <type>superuser</type> <full-name>Charlie Root</full-name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user> <user> <name>fred</name> <type>admin</type> <full-name>Fred Flintstone</full-name> <company-info> <dept>2</dept> <id>2</id> </company-info> </user> <user> <name>barney</name> <type>admin</type> <full-name>Barney Rubble</full-name> <company-info> <dept>2</dept> <id>3</id> </company-info> </user> </users> </top> </data> </rpc-reply>
The following filter request would have produced the same result, but only because the container <users> defines one child element (<user>).
以下筛选器请求将产生相同的结果,但这只是因为容器<users>定义了一个子元素(<user>)。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user/> </users> </top> </filter> </get-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user/> </users> </top> </filter> </get-config> </rpc>
This filter contains two containment nodes (<users>, <user>) and one selector node (<name>). All instances of the <name> element in the same sibling set are selected in the filter output. The manager may need to know that <name> is used as an instance identifier in this particular data structure, but the server does not need to know that meta-data in order to process the request.
此筛选器包含两个包含节点(<users>,<user>)和一个选择器节点(<name>)。在过滤器输出中选择同一同级集中<name>元素的所有实例。管理器可能需要知道<name>在这个特定的数据结构中被用作实例标识符,但是服务器不需要知道元数据来处理请求。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name/> </user> </users> </top> </filter> </get-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name/> </user> </users> </top> </filter> </get-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users>
<user> <name>root</name> </user> <user> <name>fred</name> </user> <user> <name>barney</name> </user> </users> </top> </data> </rpc-reply>
<user> <name>root</name> </user> <user> <name>fred</name> </user> <user> <name>barney</name> </user> </users> </top> </data> </rpc-reply>
This filter contains two containment nodes (<users>, <user>) and one content match node (<name>). All instances of the sibling set containing <name> for which the value of <name> equals "fred" are selected in the filter output.
此筛选器包含两个包含节点(<users>,<user>)和一个内容匹配节点(<name>)。在过滤器输出中选择包含<name>的同级集合的所有实例,其中<name>的值等于“fred”。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> </user> </users> </top> </filter> </get-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> </user> </users> </top> </filter> </get-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> <type>admin</type> <full-name>Fred Flintstone</full-name>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> <type>admin</type> <full-name>Fred Flintstone</full-name>
<company-info> <dept>2</dept> <id>2</id> </company-info> </user> </users> </top> </data> </rpc-reply>
<company-info> <dept>2</dept> <id>2</id> </company-info> </user> </users> </top> </data> </rpc-reply>
This filter contains two containment nodes (<users>, <user>), one content match node (<name>), and two selector nodes (<type>, <full-name>). All instances of the <type> and <full-name> elements in the same sibling set containing <name> for which the value of <name> equals "fred" are selected in the filter output. The <company-info> element is not included because the sibling set contains selection nodes.
此筛选器包含两个包含节点(<users>,<user>),一个内容匹配节点(<name>),和两个选择器节点(<type>,<full name>)。在过滤器输出中选择同一同级集合中包含<name>且<name>值等于“fred”的<type>和<full name>元素的所有实例。不包括<company info>元素,因为同级集合包含选择节点。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> <type/> <full-name/> </user> </users> </top> </filter> </get-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> <type/> <full-name/> </user> </users> </top> </filter> </get-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> <type>admin</type>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>fred</name> <type>admin</type>
<full-name>Fred Flintstone</full-name> </user> </users> </top> </data> </rpc-reply>
<full-name>Fred Flintstone</full-name> </user> </users> </top> </data> </rpc-reply>
This filter contains three subtrees (name=root, fred, barney).
此筛选器包含三个子树(name=root、fred、barney)。
The "root" subtree filter contains two containment nodes (<users>, <user>), one content match node (<name>), and one selector node (<company-info>). The subtree selection criteria is met, and just the company-info subtree for "root" is selected in the filter output.
“根”子树筛选器包含两个包含节点(<users>,<user>)、一个内容匹配节点(<name>)和一个选择器节点(<company info>)。满足子树选择条件,并且仅在过滤器输出中选择“根”的公司信息子树。
The "fred" subtree filter contains three containment nodes (<users>, <user>, <company-info>), one content match node (<name>), and one selector node (<id>). The subtree selection criteria is met, and just the <id> element within the company-info subtree for "fred" is selected in the filter output.
“fred”子树筛选器包含三个包含节点(<users>、<user>、<company info>)、一个内容匹配节点(<name>)和一个选择器节点(<id>)。满足子树选择标准,并且在过滤器输出中仅选择公司信息子树中“fred”的<id>元素。
The "barney" subtree filter contains three containment nodes (<users>, <user>, <company-info>), two content match nodes (<name>, <type>), and one selector node (<dept>). The subtree selection criteria is not met because user "barney" is not a "superuser", and the entire subtree for "barney" (including its parent <user> entry) is excluded from the filter output.
“barney”子树筛选器包含三个包含节点(<users>、<users>、<company info>)、两个内容匹配节点(<name>、<type>)和一个选择器节点(<dept>)。未满足子树选择条件,因为用户“barney”不是“超级用户”,并且“barney”的整个子树(包括其父<user>条目)从过滤器输出中排除。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <company-info/> </user> <user> <name>fred</name> <company-info> <id/> </company-info> </user>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <company-info/> </user> <user> <name>fred</name> <company-info> <id/> </company-info> </user>
<user> <name>barney</name> <type>superuser</type> <company-info> <dept/> </company-info> </user> </users> </top> </filter> </get-config> </rpc>
<user> <name>barney</name> <type>superuser</type> <company-info> <dept/> </company-info> </user> </users> </top> </filter> </get-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user> <user> <name>fred</name> <company-info> <id>2</id> </company-info> </user> </users> </top> </data> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user> <user> <name>fred</name> <company-info> <id>2</id> </company-info> </user> </users> </top> </data> </rpc-reply>
In this example, the filter contains one containment node (<interfaces>), one attribute match expression (ifName), and one selector node (<interface>). All instances of the <interface> subtree that have an ifName attribute equal to "eth0" are selected in the filter output. The filter data elements and attributes must be qualified because the ifName attribute will not be considered part of the 'schema/1.2' namespace if it is unqualified.
在此示例中,筛选器包含一个包含节点(<interface>)、一个属性匹配表达式(ifName)和一个选择器节点(<interface>)。在过滤器输出中选择ifName属性等于“eth0”的<interface>子树的所有实例。筛选器数据元素和属性必须是限定的,因为如果ifName属性是非限定的,则不会将其视为“schema/1.2”命名空间的一部分。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <t:top xmlns:t="http://example.com/schema/1.2/stats"> <t:interfaces> <t:interface t:ifName="eth0"/> </t:interfaces> </t:top> </filter> </get> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <t:top xmlns:t="http://example.com/schema/1.2/stats"> <t:interfaces> <t:interface t:ifName="eth0"/> </t:interfaces> </t:top> </filter> </get> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <t:top xmlns:t="http://example.com/schema/1.2/stats"> <t:interfaces> <t:interface t:ifName="eth0"> <t:ifInOctets>45621</t:ifInOctets> <t:ifOutOctets>774344</t:ifOutOctets> </t:interface> </t:interfaces> </t:top> </data> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <t:top xmlns:t="http://example.com/schema/1.2/stats"> <t:interfaces> <t:interface t:ifName="eth0"> <t:ifInOctets>45621</t:ifInOctets> <t:ifOutOctets>774344</t:ifOutOctets> </t:interface> </t:interfaces> </t:top> </data> </rpc-reply>
If ifName were a child node instead of an attribute, then the following request would produce similar results.
如果ifName是子节点而不是属性,那么下面的请求将产生类似的结果。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/stats"> <interfaces> <interface> <ifName>eth0</ifName> </interface> </interfaces> </top> </filter> </get> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/stats"> <interfaces> <interface> <ifName>eth0</ifName> </interface> </interfaces> </top> </filter> </get> </rpc>
The NETCONF protocol provides a small set of low-level operations to manage device configurations and retrieve device state information. The base protocol provides operations to retrieve, configure, copy, and delete configuration datastores. Additional operations are provided, based on the capabilities advertised by the device.
NETCONF协议提供了一小部分低级操作,用于管理设备配置和检索设备状态信息。基本协议提供检索、配置、复制和删除配置数据存储的操作。根据设备公布的功能,提供附加操作。
The base protocol includes the following protocol operations:
基本协议包括以下协议操作:
o get
o 收到
o get-config
o 获取配置
o edit-config
o 编辑配置
o copy-config
o 复制配置
o delete-config
o 删除配置
o lock
o 锁
o unlock
o 解锁
o close-session
o 闭门会议
o kill-session
o 终止会话
A protocol operation may fail for various reasons, including "operation not supported". An initiator should not assume that any operation will always succeed. The return values in any RPC reply should be checked for error responses.
协议操作可能因各种原因而失败,包括“不支持操作”。发起者不应假定任何操作总是成功的。应检查任何RPC回复中的返回值是否有错误响应。
The syntax and XML encoding of the protocol operations are formally defined in the XML schema in Appendix B. The following sections describe the semantics of each protocol operation.
协议操作的语法和XML编码在附录B的XML模式中正式定义。以下各节描述了每个协议操作的语义。
Description:
说明:
Retrieve all or part of a specified configuration.
检索指定配置的全部或部分。
Parameters:
参数:
source:
资料来源:
Name of the configuration datastore being queried, such as <running/>.
正在查询的配置数据存储的名称,例如<running/>。
filter:
过滤器:
The filter element identifies the portions of the device configuration to retrieve. If this element is unspecified, the entire configuration is returned.
过滤器元件标识要检索的设备配置部分。如果未指定此元素,则返回整个配置。
The filter element may optionally contain a "type" attribute. This attribute indicates the type of filtering syntax used within the filter element. The default filtering mechanism in NETCONF is referred to as subtree filtering and is described in Section 6. The value "subtree" explicitly identifies this type of filtering.
过滤器元素可以选择性地包含“类型”属性。此属性指示筛选器元素中使用的筛选语法的类型。NETCONF中的默认过滤机制称为子树过滤,第6节对此进行了描述。值“subtree”明确标识这种类型的筛选。
If the NETCONF peer supports the :xpath capability (Section 8.9), the value "xpath" may be used to indicate that the select attribute on the filter element contains an XPath expression.
如果NETCONF对等方支持:xpath功能(第8.9节),则值“xpath”可用于指示过滤器元素上的select属性包含xpath表达式。
Positive Response:
积极回应:
If the device can satisfy the request, the server sends an <rpc-reply> element containing a <data> element with the results of the query.
如果设备能够满足请求,服务器将发送一个<rpc reply>元素,其中包含一个<data>元素以及查询结果。
Negative Response:
否定回答:
An <rpc-error> element is included in the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
Example: To retrieve the entire <users> subtree:
示例:要检索整个<users>子树,请执行以下操作:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users/> </top>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/config"> <users/> </top>
</filter> </get-config> </rpc>
</filter> </get-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <type>superuser</type> <full-name>Charlie Root</full-name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user> <!-- additional <user> elements appear here... --> </users> </top> </data> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <type>superuser</type> <full-name>Charlie Root</full-name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user> <!-- additional <user> elements appear here... --> </users> </top> </data> </rpc-reply>
If the configuration is available in multiple formats, such as XML and text, an XML namespace can be used to specify which format is desired. In the following example, the client uses a specific element (<config-text>) in a specific namespace to indicate to the server the desire to receive the configuration in an alternative format. The server may support any number of distinct formats or views into the configuration data, with the client using the <filter> parameter to select between them.
If the configuration is available in multiple formats, such as XML and text, an XML namespace can be used to specify which format is desired. In the following example, the client uses a specific element (<config-text>) in a specific namespace to indicate to the server the desire to receive the configuration in an alternative format. The server may support any number of distinct formats or views into the configuration data, with the client using the <filter> parameter to select between them.translate error, please retry
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <!-- request a text version of the configuration --> <config-text xmlns="http://example.com/text/1.2/config"/> </filter> </get-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <!-- request a text version of the configuration --> <config-text xmlns="http://example.com/text/1.2/config"/> </filter> </get-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data> <config-text xmlns="http://example.com/text/1.2/config"> <!-- configuration text... --> </config-text> </data> </rpc-reply>
<data> <config-text xmlns="http://example.com/text/1.2/config"> <!-- configuration text... --> </config-text> </data> </rpc-reply>
Section 6 contains additional examples of subtree filtering.
第6节包含子树过滤的其他示例。
Description:
说明:
The <edit-config> operation loads all or part of a specified configuration to the specified target configuration. This operation allows the new configuration to be expressed in several ways, such as using a local file, a remote file, or inline. If the target configuration does not exist, it will be created. If a NETCONF peer supports the :url capability (Section 8.8), the <url> element can appear instead of the <config> parameter and should identify a local configuration file.
<edit config>操作将指定配置的全部或部分加载到指定的目标配置。此操作允许以多种方式表示新配置,例如使用本地文件、远程文件或内联文件。如果目标配置不存在,将创建它。如果NETCONF对等机支持:url功能(第8.8节),则可以显示<url>元素而不是<config>参数,并且应该标识本地配置文件。
The device analyzes the source and target configurations and performs the requested changes. The target configuration is not necessarily replaced, as with the <copy-config> message. Instead, the target configuration is changed in accordance with the source's data and requested operations.
设备分析源和目标配置,并执行请求的更改。与<copy config>消息一样,不必替换目标配置。相反,目标配置会根据源的数据和请求的操作进行更改。
Attributes:
属性:
operation:
操作:
Elements in the <config> subtree may contain an "operation" attribute. The attribute identifies the point in the configuration to perform the operation and MAY appear on multiple elements throughout the <config> subtree.
<config>子树中的元素可能包含“operation”属性。该属性标识配置中执行操作的点,并可能出现在整个<config>子树的多个元素上。
If the operation attribute is not specified, the configuration is merged into the configuration datastore.
如果未指定操作属性,则配置将合并到配置数据存储中。
The operation attribute has one of the following values:
“操作”属性具有以下值之一:
merge: The configuration data identified by the element containing this attribute is merged with the configuration at the corresponding level in the configuration datastore identified by the target parameter. This is the default behavior.
合并:由包含此属性的元素标识的配置数据与目标参数标识的配置数据存储中相应级别的配置合并。这是默认行为。
replace: The configuration data identified by the element containing this attribute replaces any related configuration in the configuration datastore identified by the target parameter. Unlike a <copy-config> operation, which replaces the entire target configuration, only the configuration actually present in the config parameter is affected.
替换:由包含此属性的元素标识的配置数据替换由目标参数标识的配置数据存储中的任何相关配置。与替换整个目标配置的<copy config>操作不同,只有config参数中实际存在的配置会受到影响。
create: The configuration data identified by the element containing this attribute is added to the configuration if and only if the configuration data does not already exist on the device. If the configuration data exists, an <rpc-error> element is returned with an <error-tag> value of data-exists.
创建:当且仅当设备上不存在配置数据时,由包含此属性的元素标识的配置数据才会添加到配置中。如果配置数据存在,则返回一个<rpc error>元素,其中包含一个<error tag>值。
delete: The configuration data identified by the element containing this attribute is deleted in the configuration datastore identified by the target parameter.
删除:由包含此属性的元素标识的配置数据将在由目标参数标识的配置数据存储中删除。
Parameters:
参数:
target:
目标:
Name of the configuration datastore being edited, such as <running/> or <candidate/>.
正在编辑的配置数据存储的名称,例如<running/>或<candidate/>。
default-operation:
默认操作:
Selects the default operation (as described in the "operation" attribute) for this <edit-config> request. The default value for the default-operation parameter is "merge".
为此<edit config>请求选择默认操作(如“操作”属性中所述)。默认操作参数的默认值为“合并”。
The default-operation parameter is optional, but if provided, it must have one of the following values:
默认操作参数是可选的,但如果提供,它必须具有以下值之一:
merge: The configuration data in the <config> parameter is merged with the configuration at the corresponding level in the target datastore. This is the default behavior.
合并:<config>参数中的配置数据与目标数据存储中相应级别的配置合并。这是默认行为。
replace: The configuration data in the <config> parameter completely replaces the configuration in the target datastore. This is useful for loading previously saved configuration data.
替换:<config>参数中的配置数据完全替换目标数据存储中的配置。这对于加载以前保存的配置数据非常有用。
none: The target datastore is unaffected by the configuration in the <config> parameter, unless and until the incoming configuration data uses the "operation" attribute to request a different operation. If the configuration in the <config> parameter contains data for which there is not a
无:目标数据存储不受<config>参数中配置的影响,除非传入的配置数据使用“operation”属性请求不同的操作。如果<config>参数中的配置包含的数据没有
corresponding level in the target datastore, an <rpc-error> is returned with an <error-tag> value of data-missing. Using "none" allows operations like "delete" to avoid unintentionally creating the parent hierarchy of the element to be deleted.
在目标数据存储中的相应级别,返回一个<rpc error>,其中缺少一个<error tag>数据值。使用“none”允许像“delete”这样的操作,以避免无意中创建要删除的元素的父层次结构。
test-option:
测试选项:
The test-option element may be specified only if the device advertises the :validate capability (Section 8.6).
仅当设备宣传:验证功能(第8.6节)时,才可指定测试选项元素。
The test-option element has one of the following values:
测试选项元素具有以下值之一:
test-then-set: Perform a validation test before attempting to set. If validation errors occur, do not perform the <edit-config> operation. This is the default test-option.
测试然后设置:在尝试设置之前执行验证测试。如果出现验证错误,请不要执行<edit config>操作。这是默认的测试选项。
set: Perform a set without a validation test first.
set:先执行set而不进行验证测试。
error-option:
错误选项:
The error-option element has one of the following values:
错误选项元素具有以下值之一:
stop-on-error: Abort the edit-config operation on first error. This is the default error-option.
错误时停止:第一个错误时中止编辑配置操作。这是默认的错误选项。
continue-on-error: Continue to process configuration data on error; error is recorded, and negative response is generated if any errors occur.
出错时继续:出错时继续处理配置数据;记录错误,如果出现任何错误,将生成否定响应。
rollback-on-error: If an error condition occurs such that an error severity <rpc-error> element is generated, the server will stop processing the edit-config operation and restore the specified configuration to its complete state at the start of this edit-config operation. This option requires the server to support the :rollback-on-error capability described in Section 8.5.
错误时回滚:如果出现错误情况,导致生成错误严重性<rpc error>元素,服务器将停止处理编辑配置操作,并在该编辑配置操作开始时将指定配置恢复到其完整状态。此选项要求服务器支持第8.5节中描述的:错误时回滚功能。
config:
配置:
A hierarchy of configuration data as defined by one of the device's data models. The contents MUST be placed in an appropriate namespace, to allow the device to detect the appropriate data model, and the contents MUST follow the constraints of that data model, as defined by its capability definition. Capabilities are discussed in Section 8.
由设备数据模型之一定义的配置数据层次结构。内容必须放置在适当的名称空间中,以允许设备检测适当的数据模型,并且内容必须遵循该数据模型的约束,如其功能定义所定义。功能在第8节中讨论。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent containing an <ok> element.
如果设备能够满足请求,则发送包含<ok>元素的<rpc reply>。
Negative Response:
否定回答:
An <rpc-error> response is sent if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,将发送<rpc error>响应。
Example:
例子:
The <edit-config> examples in this section utilize a simple data model, in which multiple instances of the 'interface' element may be present, and an instance is distinguished by the 'name' element within each 'interface' element.
本节中的<edit config>示例使用了一个简单的数据模型,其中可能存在“interface”元素的多个实例,每个“interface”元素中的“name”元素可以区分一个实例。
Set the MTU to 1500 on an interface named "Ethernet0/0" in the running configuration:
在运行配置中名为“Ethernet0/0”的接口上将MTU设置为1500:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <config> <top xmlns="http://example.com/schema/1.2/config"> <interface> <name>Ethernet0/0</name> <mtu>1500</mtu> </interface> </top> </config> </edit-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <config> <top xmlns="http://example.com/schema/1.2/config"> <interface> <name>Ethernet0/0</name> <mtu>1500</mtu> </interface> </top> </config> </edit-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
Add an interface named "Ethernet0/0" to the running configuration, replacing any previous interface with that name:
将名为“Ethernet0/0”的接口添加到正在运行的配置中,用该名称替换以前的任何接口:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config>
<target> <running/> </target> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <top xmlns="http://example.com/schema/1.2/config"> <interface xc:operation="replace"> <name>Ethernet0/0</name> <mtu>1500</mtu> <address> <name>192.0.2.4</name> <prefix-length>24</prefix-length> </address> </interface> </top> </config> </edit-config> </rpc>
<target> <running/> </target> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <top xmlns="http://example.com/schema/1.2/config"> <interface xc:operation="replace"> <name>Ethernet0/0</name> <mtu>1500</mtu> <address> <name>192.0.2.4</name> <prefix-length>24</prefix-length> </address> </interface> </top> </config> </edit-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
Delete the configuration for an interface named "Ethernet0/0" from the running configuration:
从正在运行的配置中删除名为“Ethernet0/0”的接口的配置:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <default-operation>none</default-operation> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <top xmlns="http://example.com/schema/1.2/config"> <interface xc:operation="delete"> <name>Ethernet0/0</name> </interface> </top> </config> </edit-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <default-operation>none</default-operation> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <top xmlns="http://example.com/schema/1.2/config"> <interface xc:operation="delete"> <name>Ethernet0/0</name> </interface> </top> </config> </edit-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
Delete interface 192.0.2.4 from an OSPF area (other interfaces configured in the same area are unaffected):
从OSPF区域删除接口192.0.2.4(在同一区域中配置的其他接口不受影响):
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <default-operation>none</default-operation> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <top xmlns="http://example.com/schema/1.2/config"> <protocols> <ospf> <area> <name>0.0.0.0</name> <interfaces> <interface xc:operation="delete"> <name>192.0.2.4</name> </interface> </interfaces> </area> </ospf> </protocols> </top> </config> </edit-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <default-operation>none</default-operation> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <top xmlns="http://example.com/schema/1.2/config"> <protocols> <ospf> <area> <name>0.0.0.0</name> <interfaces> <interface xc:operation="delete"> <name>192.0.2.4</name> </interface> </interfaces> </area> </ospf> </protocols> </top> </config> </edit-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
Description:
说明:
Create or replace an entire configuration datastore with the contents of another complete configuration datastore. If the target datastore exists, it is overwritten. Otherwise, a new one is created, if allowed.
使用另一个完整配置数据存储的内容创建或替换整个配置数据存储。如果目标数据存储存在,它将被覆盖。否则,如果允许,将创建一个新的。
If a NETCONF peer supports the :url capability (Section 8.8), the <url> element can appear as the <source> or <target> parameter.
如果NETCONF对等机支持:url功能(第8.8节),则<url>元素可以显示为<source>或<target>参数。
Even if it advertises the :writable-running capability, a device may choose not to support the <running/> configuration datastore
Even if it advertises the :writable-running capability, a device may choose not to support the <running/> configuration datastore
as the <target> parameter of a <copy-config> operation. A device may choose not to support remote-to-remote copy operations, where both the <source> and <target> parameters use the <url> element.
作为<copy config>操作的<target>参数。设备可以选择不支持远程到远程复制操作,其中<source>和<target>参数都使用<url>元素。
If the source and target parameters identify the same URL or configuration datastore, an error MUST be returned with an error-tag containing invalid-value.
如果源参数和目标参数标识相同的URL或配置数据存储,则必须返回包含无效值的错误标记。
Parameters:
参数:
target:
目标:
Name of the configuration datastore to use as the destination of the copy operation.
要用作复制操作目标的配置数据存储的名称。
source:
资料来源:
Name of the configuration datastore to use as the source of the copy operation or the <config> element containing the configuration subtree to copy.
要用作复制操作源的配置数据存储或包含要复制的配置子树的<config>元素的名称。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent that includes an <ok> element.
如果设备能够满足请求,则发送包含<ok>元素的<rpc reply>。
Negative Response:
否定回答:
An <rpc-error> element is included within the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
Example:
例子:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <target> <running/> </target> <source> <url>https://user@example.com:passphrase/cfg/new.txt</url> </source> </copy-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <target> <running/> </target> <source> <url>https://user@example.com:passphrase/cfg/new.txt</url> </source> </copy-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
Description:
说明:
Delete a configuration datastore. The <running> configuration datastore cannot be deleted.
删除配置数据存储。无法删除<running>配置数据存储。
If a NETCONF peer supports the :url capability (Section 8.8), the <url> element can appear as the <target> parameter.
如果NETCONF对等机支持:url功能(第8.8节),则<url>元素可以显示为<target>参数。
Parameters:
参数:
target:
目标:
Name of the configuration datastore to delete.
要删除的配置数据存储的名称。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent that includes an <ok> element.
如果设备能够满足请求,则发送包含<ok>元素的<rpc reply>。
Negative Response:
否定回答:
An <rpc-error> element is included within the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
Example:
例子:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <delete-config> <target> <startup/> </target> </delete-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <delete-config> <target> <startup/> </target> </delete-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
Description:
说明:
The lock operation allows the client to lock the configuration system of a device. Such locks are intended to be short-lived and allow a client to make a change without fear of interaction with other NETCONF clients, non-NETCONF clients (e.g., SNMP and command line interface (CLI) scripts), and human users.
锁定操作允许客户端锁定设备的配置系统。此类锁的使用期限很短,允许客户端进行更改,而无需担心与其他NETCONF客户端、非NETCONF客户端(例如SNMP和命令行界面(CLI)脚本)以及人类用户的交互。
An attempt to lock the configuration MUST fail if an existing session or other entity holds a lock on any portion of the lock target.
如果现有会话或其他实体持有锁定目标任何部分的锁,则锁定配置的尝试必须失败。
When the lock is acquired, the server MUST prevent any changes to the locked resource other than those requested by this session. SNMP and CLI requests to modify the resource MUST fail with an appropriate error.
获取锁后,服务器必须防止对锁定的资源进行除此会话请求的更改以外的任何更改。修改资源的SNMP和CLI请求必须失败,并出现相应错误。
The duration of the lock is defined as beginning when the lock is acquired and lasting until either the lock is released or the NETCONF session closes. The session closure may be explicitly performed by the client, or implicitly performed by the server based on criteria such as failure of the underlying transport, or simple inactivity timeout. This criteria is dependent on the implementation and the underlying transport.
锁的持续时间定义为从获取锁时开始,持续到释放锁或NETCONF会话关闭。会话关闭可以由客户端显式执行,也可以由服务器基于诸如底层传输失败或简单的不活动超时等标准隐式执行。该标准取决于实施和基础传输。
The lock operation takes a mandatory parameter, target. The target parameter names the configuration that will be locked. When a lock is active, using the <edit-config> operation on the locked configuration and using the locked configuration as a target of the <copy-config> operation will be disallowed by any other NETCONF session. Additionally, the system will ensure that these locked configuration resources will not be modified by other non-NETCONF management operations such as SNMP and CLI. The <kill-session> message (at the RPC layer) can be used to force the release of a lock owned by another NETCONF session. It is beyond the scope of this document to define how to break locks held by other entities.
锁定操作采用强制参数target。目标参数命名将被锁定的配置。当锁定处于活动状态时,任何其他NETCONF会话都不允许对锁定的配置使用<edit config>操作并将锁定的配置用作<copy config>操作的目标。此外,系统将确保这些锁定的配置资源不会被其他非NETCONF管理操作(如SNMP和CLI)修改。<kill session>消息(在RPC层)可用于强制释放另一个NETCONF会话拥有的锁。定义如何打破其他实体持有的锁超出了本文档的范围。
A lock MUST not be granted if either of the following conditions is true:
如果满足以下任一条件,则不得授予锁定:
* A lock is already held by any NETCONF session or another entity.
* 任何NETCONF会话或其他实体都已持有锁。
* The target configuration is <candidate>, it has already been modified, and these changes have not been committed or rolled back.
* 目标配置是<candidate>,它已被修改,并且这些更改尚未提交或回滚。
The server MUST respond with either an <ok> element or an <rpc-error>.
服务器必须使用<ok>元素或<rpc error>进行响应。
A lock will be released by the system if the session holding the lock is terminated for any reason.
如果持有锁的会话因任何原因终止,系统将释放锁。
Parameters:
参数:
target:
目标:
Name of the configuration datastore to lock.
要锁定的配置数据存储的名称。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent that contains an <ok> element.
如果设备能够满足请求,则发送包含<ok>元素的<rpc reply>。
Negative Response:
否定回答:
An <rpc-error> element is included in the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
If the lock is already held, the <error-tag> element will be 'lock-denied' and the <error-info> element will include the <session-id> of the lock owner. If the lock is held by a non-NETCONF entity, a <session-id> of 0 (zero) is included. Note that any other entity performing a lock on even a partial piece of a target will prevent a NETCONF lock (which is global) from being obtained on that target.
如果锁已经被持有,<error tag>元素将被“lock denied”,并且<error info>元素将包括锁所有者的<session id>。如果锁由非NETCONF实体持有,则包含0(零)的<session id>。请注意,任何其他实体即使对目标的一部分执行锁定,也会阻止在该目标上获得NETCONF锁(全局)。
Example:
例子:
The following example shows a successful acquisition of a lock.
下面的示例显示成功获取锁。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target> </lock> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target> </lock> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> <!-- lock succeeded --> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> <!-- lock succeeded --> </rpc-reply>
Example:
例子:
The following example shows a failed attempt to acquire a lock when the lock is already in use.
以下示例显示了当锁已在使用时获取锁的失败尝试。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target> </lock> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target> </lock> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <rpc-error> <!-- lock failed --> <error-type>protocol</error-type> <error-tag>lock-denied</error-tag> <error-severity>error</error-severity> <error-message> Lock failed, lock is already held </error-message> <error-info> <session-id>454</session-id> <!-- lock is held by NETCONF session 454 --> </error-info> </rpc-error> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <rpc-error> <!-- lock failed --> <error-type>protocol</error-type> <error-tag>lock-denied</error-tag> <error-severity>error</error-severity> <error-message> Lock failed, lock is already held </error-message> <error-info> <session-id>454</session-id> <!-- lock is held by NETCONF session 454 --> </error-info> </rpc-error> </rpc-reply>
Description:
说明:
The unlock operation is used to release a configuration lock, previously obtained with the <lock> operation.
解锁操作用于释放先前通过<lock>操作获得的配置锁。
An unlock operation will not succeed if any of the following conditions are true:
如果满足以下任一条件,解锁操作将不会成功:
* the specified lock is not currently active
* 指定的锁当前未处于活动状态
* the session issuing the <unlock> operation is not the same session that obtained the lock
* 发出<unlock>操作的会话与获得锁的会话不同
The server MUST respond with either an <ok> element or an <rpc-error>.
服务器必须使用<ok>元素或<rpc error>进行响应。
Parameters:
参数:
target:
目标:
Name of the configuration datastore to unlock.
要解锁的配置数据存储的名称。
A NETCONF client is not permitted to unlock a configuration datastore that it did not lock.
不允许NETCONF客户端解锁未锁定的配置数据存储。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent that contains an <ok> element.
如果设备能够满足请求,则发送包含<ok>元素的<rpc reply>。
Negative Response:
否定回答:
An <rpc-error> element is included in the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
Example:
例子:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <unlock> <target> <running/> </target> </unlock> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <unlock> <target> <running/> </target> </unlock> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
Description:
说明:
Retrieve running configuration and device state information.
检索正在运行的配置和设备状态信息。
Parameters:
参数:
filter:
过滤器:
This parameter specifies the portion of the system configuration and state data to retrieve. If this parameter is empty, all the device configuration and state information is returned.
此参数指定要检索的系统配置和状态数据的部分。如果此参数为空,则返回所有设备配置和状态信息。
The filter element may optionally contain a 'type' attribute. This attribute indicates the type of filtering syntax used within the filter element. The default filtering mechanism in NETCONF is referred to as subtree filtering and is described in Section 6. The value 'subtree' explicitly identifies this type of filtering.
筛选器元素可以选择性地包含“type”属性。此属性指示筛选器元素中使用的筛选语法的类型。NETCONF中的默认过滤机制称为子树过滤,第6节对此进行了描述。值“subtree”明确标识这种类型的筛选。
If the NETCONF peer supports the :xpath capability (Section 8.9), the value "xpath" may be used to indicate that the select attribute of the filter element contains an XPath expression.
如果NETCONF对等方支持:xpath功能(第8.9节),则值“xpath”可用于指示过滤器元素的select属性包含xpath表达式。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent. The <data> section contains the appropriate subset.
如果设备能够满足请求,则发送<rpc reply>。<data>部分包含适当的子集。
Negative Response:
否定回答:
An <rpc-error> element is included in the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
Example:
例子:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/stats"> <interfaces> <interface> <ifName>eth0</ifName> </interface> </interfaces> </top> </filter> </get> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <top xmlns="http://example.com/schema/1.2/stats"> <interfaces> <interface> <ifName>eth0</ifName> </interface> </interfaces> </top> </filter> </get> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/stats"> <interfaces> <interface> <ifName>eth0</ifName> <ifInOctets>45621</ifInOctets> <ifOutOctets>774344</ifOutOctets> </interface> </interfaces> </top> </data> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/stats"> <interfaces> <interface> <ifName>eth0</ifName> <ifInOctets>45621</ifInOctets> <ifOutOctets>774344</ifOutOctets> </interface> </interfaces> </top> </data> </rpc-reply>
Description:
说明:
Request graceful termination of a NETCONF session.
请求终止NETCONF会话。
When a NETCONF server receives a <close-session> request, it will gracefully close the session. The server will release any locks and resources associated with the session and gracefully close any associated connections. Any NETCONF requests received after a <close-session> request will be ignored.
当NETCONF服务器收到<close session>请求时,它将正常关闭会话。服务器将释放与会话关联的所有锁和资源,并正常关闭所有关联的连接。在<close session>请求之后收到的任何NETCONF请求都将被忽略。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent that includes an <ok> element.
如果设备能够满足请求,则发送包含<ok>元素的<rpc reply>。
Negative Response:
否定回答:
An <rpc-error> element is included in the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
Example:
例子:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <close-session/> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <close-session/> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
Description:
说明:
Force the termination of a NETCONF session.
强制终止NETCONF会话。
When a NETCONF entity receives a <kill-session> request for an open session, it will abort any operations currently in process, release any locks and resources associated with the session, and close any associated connections.
当NETCONF实体收到打开会话的<kill session>请求时,它将中止当前正在进行的任何操作,释放与会话相关的所有锁和资源,并关闭所有相关连接。
If a NETCONF server receives a <kill-session> request while processing a confirmed commit (Section 8.4), it must restore the configuration to its state before the confirmed commit was issued.
如果NETCONF服务器在处理确认提交(第8.4节)时收到<kill session>请求,则必须将配置恢复到发出确认提交之前的状态。
Otherwise, the <kill-session> operation does not roll back configuration or other device state modifications made by the entity holding the lock.
否则,<kill session>操作不会回滚持有锁的实体所做的配置或其他设备状态修改。
Parameters:
参数:
session-id:
会话id:
Session identifier of the NETCONF session to be terminated. If this value is equal to the current session ID, an 'invalid-value' error is returned.
要终止的NETCONF会话的会话标识符。如果此值等于当前会话ID,则返回“无效值”错误。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent that includes an <ok> element.
如果设备能够满足请求,则发送包含<ok>元素的<rpc reply>。
Negative Response:
否定回答:
An <rpc-error> element is included in the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
Example:
例子:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <kill-session> <session-id>4</session-id> </kill-session> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <kill-session> <session-id>4</session-id> </kill-session> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
This section defines a set of capabilities that a client or a server MAY implement. Each peer advertises its capabilities by sending them during an initial capabilities exchange. Each peer needs to understand only those capabilities that it might use and MUST ignore any capability received from the other peer that it does not require or does not understand.
本节定义了客户机或服务器可以实现的一组功能。每个对等方通过在初始功能交换期间发送功能来宣传其功能。每个对等方只需要了解它可能使用的那些功能,并且必须忽略从另一个对等方收到的它不需要或不了解的任何功能。
Additional capabilities can be defined using the template in Appendix C. Future capability definitions may be published as standards by standards bodies or published as proprietary extensions.
可使用附录C中的模板定义其他能力。未来的能力定义可由标准机构作为标准发布,或作为专有扩展发布。
A NETCONF capability is identified with a URI. The base capabilities are defined using URNs following the method described in RFC 3553 [6]. Capabilities defined in this document have the following format:
NETCONF功能由URI标识。基本功能是按照RFC 3553[6]中描述的方法使用URN定义的。本文档中定义的功能具有以下格式:
urn:ietf:params:netconf:capability:{name}:1.0
urn:ietf:params:netconf:capability:{name}:1.0
where {name} is the name of the capability. Capabilities are often referenced in discussions and email using the shorthand :{name}. For example, the foo capability would have the formal name "urn:ietf:params:netconf:capability:foo:1.0" and be called ":foo". The shorthand form MUST NOT be used inside the protocol.
其中{name}是功能的名称。讨论和电子邮件中经常使用缩写:{name}引用功能。例如,foo功能的正式名称为“urn:ietf:params:netconf:capability:foo:1.0”,并称为“:foo”。协议中不得使用速记形式。
Capabilities are advertised in messages sent by each peer during session establishment. When the NETCONF session is opened, each peer (both client and server) MUST send a <hello> element containing a list of that peer's capabilities. Each peer MUST send at least the base NETCONF capability, "urn:ietf:params:netconf:base:1.0".
在会话建立期间,在每个对等方发送的消息中公布功能。打开NETCONF会话时,每个对等方(客户端和服务器)都必须发送一个<hello>元素,其中包含该对等方的功能列表。每个对等方必须至少发送基本NETCONF功能“urn:ietf:params:NETCONF:base:1.0”。
A server sending the <hello> element MUST include a <session-id> element containing the session ID for this NETCONF session. A client sending the <hello> element MUST NOT include a <session-id> element.
发送<hello>元素的服务器必须包含包含此NETCONF会话会话id的<session id>元素。发送<hello>元素的客户端不得包含<session id>元素。
A server receiving a <session-id> element MUST NOT continue the NETCONF session. Similarly, a client that does not receive a <session-id> element in the server's <hello> message MUST NOT continue the NETCONF session. In both cases, the underlying transport should be closed.
接收<session id>元素的服务器不能继续NETCONF会话。类似地,在服务器的<hello>消息中未接收到<session id>元素的客户端不得继续NETCONF会话。在这两种情况下,底层传输都应该关闭。
In the following example, a server advertises the base NETCONF capability, one NETCONF capability defined in the base NETCONF document, and one implementation-specific capability.
在下面的示例中,一个服务器公布基本NETCONF功能、一个在基本NETCONF文档中定义的NETCONF功能和一个特定于实现的功能。
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> <capability> urn:ietf:params:netconf:capability:startup:1.0 </capability> <capability> http://example.net/router/2.3/myfeature </capability> </capabilities> <session-id>4</session-id> </hello>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability> urn:ietf:params:netconf:base:1.0 </capability> <capability> urn:ietf:params:netconf:capability:startup:1.0 </capability> <capability> http://example.net/router/2.3/myfeature </capability> </capabilities> <session-id>4</session-id> </hello>
Each peer sends its <hello> element simultaneously as soon as the connection is open. A peer MUST NOT wait to receive the capability set from the other side before sending its own set.
一旦连接打开,每个对等方都会同时发送其<hello>元素。对等方在发送自己的能力集之前,不能等待从另一方接收能力集。
The :writable-running capability indicates that the device supports direct writes to the <running> configuration datastore. In other words, the device supports edit-config and copy-config operations where the <running> configuration is the target.
:writable running功能表示设备支持直接写入<running>配置数据存储。换句话说,设备支持以<running>配置为目标的编辑配置和复制配置操作。
None.
没有一个
The :writable-running capability is identified by the following capability string:
可写运行功能由以下功能字符串标识:
urn:ietf:params:netconf:capability:writable-running:1.0
urn:ietf:params:netconf:capability:writable-running:1.0
None.
没有一个
The :writable-running capability modifies the <edit-config> operation to accept the <running> element as a <target>.
:writable running功能修改<edit config>操作以接受<running>元素作为<target>。
The :writable-running capability modifies the <copy-config> operation to accept the <running> element as a <target>.
:writable running功能修改<copy config>操作以接受<running>元素作为<target>。
The candidate configuration capability, :candidate, indicates that the device supports a candidate configuration datastore, which is used to hold configuration data that can be manipulated without impacting the device's current configuration. The candidate configuration is a full configuration data set that serves as a work place for creating and manipulating configuration data. Additions, deletions, and changes may be made to this data to construct the desired configuration data. A <commit> operation may be performed at any time that causes the device's running configuration to be set to the value of the candidate configuration.
候选配置功能:candidate表示设备支持候选配置数据存储,该存储用于保存配置数据,这些数据可以在不影响设备当前配置的情况下进行操作。候选配置是一个完整的配置数据集,用作创建和操作配置数据的工作场所。可以对该数据进行添加、删除和更改,以构建所需的配置数据。任何时候都可以执行<commit>操作,从而将设备的运行配置设置为候选配置的值。
The <commit> operation effectively sets the running configuration to the current contents of the candidate configuration. While it could be modeled as a simple copy, it is done as a distinct operation for a number of reasons. In keeping high-level concepts as first class operations, we allow developers to see more clearly both what the client is requesting and what the server must perform. This keeps the intentions more obvious, the special cases less complex, and the interactions between operations more straightforward. For example, the :confirmed-commit capability (Section 8.4) would make no sense as a "copy confirmed" operation.
<commit>操作有效地将正在运行的配置设置为候选配置的当前内容。虽然它可以建模为一个简单的副本,但出于许多原因,它是作为一个独特的操作来完成的。在将高级概念保持为第一类操作的过程中,我们允许开发人员更清楚地看到客户机正在请求什么以及服务器必须执行什么。这使得意图更加明显,特殊情况不那么复杂,操作之间的交互更加直观。例如:确认提交功能(第8.4节)作为“复制确认”操作毫无意义。
The candidate configuration may be shared among multiple sessions. Unless a client has specific information that the candidate configuration is not shared, it must assume that other sessions may be able to modify the candidate configuration at the same time. It is therefore prudent for a client to lock the candidate configuration before modifying it.
候选配置可以在多个会话之间共享。除非客户机具有未共享候选配置的特定信息,否则它必须假设其他会话可以同时修改候选配置。因此,客户机在修改候选配置之前锁定该配置是谨慎的。
The client can discard any uncommitted changes to the candidate configuration by executing the <discard-changes> operation. This operation reverts the contents of the candidate configuration to the contents of the running configuration.
客户端可以通过执行<discard changes>操作放弃对候选配置的任何未提交的更改。此操作将候选配置的内容还原为正在运行的配置的内容。
None.
没有一个
The :candidate capability is identified by the following capability string:
:候选能力由以下能力字符串标识:
urn:ietf:params:netconf:capability:candidate:1.0
urn:ietf:params:netconf:capability:candidate:1.0
Description:
说明:
When a candidate configuration's content is complete, the configuration data can be committed, publishing the data set to the rest of the device and requesting the device to conform to the behavior described in the new configuration.
当候选配置的内容完成时,可以提交配置数据,将数据集发布到设备的其余部分,并请求设备符合新配置中描述的行为。
To commit the candidate configuration as the device's new current configuration, use the <commit> operation.
要将候选配置提交为设备的新当前配置,请使用<commit>操作。
The <commit> operation instructs the device to implement the configuration data contained in the candidate configuration. If the device is unable to commit all of the changes in the candidate configuration datastore, then the running configuration MUST remain unchanged. If the device does succeed in committing, the running configuration MUST be updated with the contents of the candidate configuration.
<commit>操作指示设备实现候选配置中包含的配置数据。如果设备无法提交候选配置数据存储中的所有更改,则运行的配置必须保持不变。如果设备确实成功提交,则必须使用候选配置的内容更新正在运行的配置。
If the system does not have the :candidate capability, the <commit> operation is not available.
如果系统没有:候选功能,则<commit>操作不可用。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent that contains an <ok> element.
如果设备能够满足请求,则发送包含<ok>元素的<rpc reply>。
Negative Response:
否定回答:
An <rpc-error> element is included in the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
Example:
例子:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <commit/> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <commit/> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
If the client decides that the candidate configuration should not be committed, the <discard-changes> operation can be used to revert the candidate configuration to the current running configuration.
如果客户端决定不提交候选配置,则可以使用<discard changes>操作将候选配置还原为当前正在运行的配置。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <discard-changes/> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <discard-changes/> </rpc>
This operation discards any uncommitted changes by resetting the candidate configuration with the content of the running configuration.
此操作通过使用运行配置的内容重置候选配置来丢弃任何未提交的更改。
The candidate configuration can be used as a source or target of any <get-config>, <edit-config>, <copy-config>, or <validate> operation as a <source> or <target> parameter. The <candidate> element is used to indicate the candidate configuration:
候选配置可以用作任何<get config>、<edit config>、<copy config>或<validate>操作的源或目标,作为<source>或<target>参数。<candidate>元素用于指示候选配置:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <!-- any NETCONF operation --> <source> <candidate/> </source> </get-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <!-- any NETCONF operation --> <source> <candidate/> </source> </get-config> </rpc>
The candidate configuration can be locked using the <lock> operation with the <candidate> element as the <target> parameter:
可以使用<lock>操作将<candidate>元素作为<target>参数来锁定候选配置:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <candidate/> </target> </lock> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <candidate/> </target> </lock> </rpc>
Similarly, the candidate configuration is unlocked using the <candidate> element as the <target> parameter:
类似地,使用<candidate>元素作为<target>参数解锁候选配置:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <unlock> <target> <candidate/> </target> </unlock> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <unlock> <target> <candidate/> </target> </unlock> </rpc>
When a client fails with outstanding changes to the candidate configuration, recovery can be difficult. To facilitate easy recovery, any outstanding changes are discarded when the lock is released, whether explicitly with the <unlock> operation or implicitly from session failure.
当客户机出现故障并对候选配置进行了未完成的更改时,恢复可能会很困难。为了便于恢复,释放锁时,无论是显式地使用<unlock>操作还是隐式地从会话失败中释放,都会丢弃任何未完成的更改。
The :confirmed-commit capability indicates that the server will support the <confirmed> and <confirm-timeout> parameters for the <commit> protocol operation. See Section 8.3 for further details on the <commit> operation.
:confirm commit功能表示服务器将支持<commit>协议操作的<confirm>和<confirm timeout>参数。有关<commit>操作的更多详细信息,请参见第8.3节。
A confirmed commit operation MUST be reverted if a follow-up commit (called the "confirming commit") is not issued within 600 seconds (10 minutes). The timeout period can be adjusted with the <confirm-timeout> element. The confirming commit can itself include a <confirmed> parameter.
如果后续提交(称为“确认提交”)未在600秒(10分钟)内发出,则必须还原确认提交操作。可以使用<confirm timeout>元素调整超时时间。确认提交本身可以包含一个<confirm>参数。
If the session issuing the confirmed commit is terminated for any reason before the confirm timeout expires, the server MUST restore the configuration to its state before the confirmed commit was issued.
如果发出确认提交的会话在确认超时过期之前因任何原因终止,服务器必须将配置恢复到发出确认提交之前的状态。
If the device reboots for any reason before the confirm timeout expires, the server MUST restore the configuration to its state before the confirmed commit was issued.
如果设备在确认超时过期之前因任何原因重新启动,服务器必须将配置恢复到发出确认提交之前的状态。
If a confirming commit is not issued, the device will revert its configuration to the state prior to the issuance of the confirmed commit. Note that any commit operation, including a commit which introduces additional changes to the configuration, will serve as a confirming commit. Thus to cancel a confirmed commit and revert changes without waiting for the confirm timeout to expire, the manager can explicitly restore the configuration to its state before the confirmed commit was issued.
如果未发出确认提交,则设备将其配置恢复到发出确认提交之前的状态。请注意,任何提交操作(包括对配置引入额外更改的提交)都将用作确认提交。因此,要取消确认的提交并在不等待确认超时过期的情况下恢复更改,管理器可以显式地将配置恢复到发出确认的提交之前的状态。
For shared configurations, this feature can cause other configuration changes (for example, via other NETCONF sessions) to be inadvertently altered or removed, unless the configuration locking feature is used (in other words, the lock is obtained before the edit-config operation is started). Therefore, it is strongly suggested that in order to use this feature with shared configuration databases, configuration locking should also be used.
对于共享配置,此功能可能会导致其他配置更改(例如,通过其他NETCONF会话)被意外更改或删除,除非使用了配置锁定功能(换句话说,锁定是在开始编辑配置操作之前获得的)。因此,强烈建议,为了在共享配置数据库中使用此功能,还应使用配置锁定。
The :confirmed-commit capability is only relevant if the :candidate capability is also supported.
:确认提交功能仅在:候选功能也受支持时才相关。
The :confirmed-commit capability is identified by the following capability string:
确认提交功能由以下功能字符串标识:
urn:ietf:params:netconf:capability:confirmed-commit:1.0
urn:ietf:params:netconf:capability:confirmed-commit:1.0
None.
没有一个
The :confirmed-commit capability allows 2 additional parameters to the <commit> operation.
:确认提交功能允许为<commit>操作添加2个额外参数。
Parameters:
参数:
confirmed:
确认:
Perform a confirmed commit operation.
执行确认的提交操作。
confirm-timeout:
确认超时:
Timeout period for confirmed commit, in seconds. If unspecified, the confirm timeout defaults to 600 seconds.
确认提交的超时时间,以秒为单位。如果未指定,确认超时默认为600秒。
Example:
例子:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <commit> <confirmed/> <confirm-timeout>120</confirm-timeout> </commit> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <commit> <confirmed/> <confirm-timeout>120</confirm-timeout> </commit> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
This capability indicates that the server will support the 'rollback-on-error' value in the <error-option> parameter to the <edit-config> operation.
此功能表示服务器将支持<edit config>操作的<error option>参数中的“rollback on error”值。
For shared configurations, this feature can cause other configuration changes (for example, via other NETCONF sessions) to be inadvertently altered or removed, unless the configuration locking feature is used (in other words, the lock is obtained before the edit-config operation is started). Therefore, it is strongly suggested that in order to use this feature with shared configuration databases, configuration locking also be used.
对于共享配置,此功能可能会导致其他配置更改(例如,通过其他NETCONF会话)被意外更改或删除,除非使用了配置锁定功能(换句话说,锁定是在开始编辑配置操作之前获得的)。因此,强烈建议为了在共享配置数据库中使用此功能,还应使用配置锁定。
None
没有一个
The :rollback-on-error capability is identified by the following capability string:
错误时回滚功能由以下功能字符串标识:
urn:ietf:params:netconf:capability:rollback-on-error:1.0
urn:ietf:params:netconf:capability:rollback-on-error:1.0
None.
没有一个
The :rollback-on-error capability allows the 'rollback-on-error' value to the <error-option> parameter on the <edit-config> operation.
:错误时回滚功能允许将“错误时回滚”值添加到<edit config>操作的<error option>参数中。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <error-option>rollback-on-error</error-option> <config> <top xmlns="http://example.com/schema/1.2/config">
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <error-option>rollback-on-error</error-option> <config> <top xmlns="http://example.com/schema/1.2/config">
<interface> <name>Ethernet0/0</name> <mtu>100000</mtu> </interface> </top> </config> </edit-config> </rpc>
<interface> <name>Ethernet0/0</name> <mtu>100000</mtu> </interface> </top> </config> </edit-config> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
Validation consists of checking a candidate configuration for syntactical and semantic errors before applying the configuration to the device.
验证包括在将配置应用于设备之前检查候选配置的语法和语义错误。
If this capability is advertised, the device supports the <validate> protocol operation and checks at least for syntax errors. In addition, this capability supports the test-option parameter to the <edit-config> operation and, when it is provided, checks at least for syntax errors.
如果公布此功能,则设备支持<validate>协议操作,并至少检查语法错误。此外,该功能支持<edit config>操作的test option参数,并且在提供该参数时,至少检查语法错误。
None.
没有一个
The :validate capability is identified by the following capability string:
验证功能由以下功能字符串标识:
urn:ietf:params:netconf:capability:validate:1.0
urn:ietf:params:netconf:capability:validate:1.0
Description:
说明:
This protocol operation validates the contents of the specified configuration.
此协议操作验证指定配置的内容。
Parameters:
参数:
source:
资料来源:
Name of the configuration datastore being validated, such as <candidate> or the <config> element containing the configuration subtree to validate.
正在验证的配置数据存储的名称,例如<candidate>或包含要验证的配置子树的<config>元素。
Positive Response:
积极回应:
If the device was able to satisfy the request, an <rpc-reply> is sent that contains an <ok> element.
如果设备能够满足请求,则发送包含<ok>元素的<rpc reply>。
Negative Response:
否定回答:
An <rpc-error> element is included in the <rpc-reply> if the request cannot be completed for any reason.
如果由于任何原因无法完成请求,则<rpc error>元素将包含在<rpc reply>中。
A validate operation can fail for any of the following reasons:
验证操作可能因以下任何原因而失败:
+ Syntax errors
+ 语法错误
+ Missing parameters
+ 缺失参数
+ References to undefined configuration data
+ 对未定义的配置数据的引用
Example:
例子:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <validate> <source> <candidate/> </source> </validate> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <validate> <source> <candidate/> </source> </validate> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
The device supports separate running and startup configuration datastores. Operations that affect the running configuration will not be automatically copied to the startup configuration. An explicit <copy-config> operation from the <running> to the <startup> must be invoked to update the startup configuration to the current contents of the running configuration. NETCONF protocol operations refer to the startup datastore using the <startup> element.
该设备支持单独的运行和启动配置数据存储。影响运行配置的操作不会自动复制到启动配置。必须调用从<running>到<startup>的显式<copy config>操作,以将启动配置更新为运行配置的当前内容。NETCONF协议操作是指使用<startup>元素的启动数据存储。
None.
没有一个
The :startup capability is identified by the following capability string:
:启动功能由以下功能字符串标识:
urn:ietf:params:netconf:capability:startup:1.0
urn:ietf:params:netconf:capability:startup:1.0
None.
没有一个
The :startup capability adds the <startup/> configuration datastore to arguments of several NETCONF operations. The server MUST support the following additional values:
:startup功能将<startup/>配置数据存储添加到几个NETCONF操作的参数中。服务器必须支持以下附加值:
+--------------------+--------------------------+-------------------+ | Operation | Parameters | Notes | +--------------------+--------------------------+-------------------+ | <get-config> | <source> | | | | | | | <copy-config> | <source> <target> | | | | | | | <lock> | <target> | | | | | | | <unlock> | <target> | | | | | | | <validate> | <source> | If :validate is | | | | advertised | +--------------------+--------------------------+-------------------+
+--------------------+--------------------------+-------------------+ | Operation | Parameters | Notes | +--------------------+--------------------------+-------------------+ | <get-config> | <source> | | | | | | | <copy-config> | <source> <target> | | | | | | | <lock> | <target> | | | | | | | <unlock> | <target> | | | | | | | <validate> | <source> | If :validate is | | | | advertised | +--------------------+--------------------------+-------------------+
To save the startup configuration, use the copy-config operation to copy the <running> configuration datastore to the <startup> configuration datastore.
要保存启动配置,请使用复制配置操作将<running>配置数据存储复制到<startup>配置数据存储。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <source> <running/> </source> <target> <startup/> </target> </copy-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <source> <running/> </source> <target> <startup/> </target> </copy-config> </rpc>
The NETCONF peer has the ability to accept the <url> element in <source> and <target> parameters. The capability is further identified by URL arguments indicating the URL schemes supported.
NETCONF对等方能够接受<source>和<target>参数中的<url>元素。该功能通过指示支持的URL方案的URL参数进一步标识。
None.
没有一个
The :url capability is identified by the following capability string:
:url功能由以下功能字符串标识:
urn:ietf:params:netconf:capability:url:1.0?scheme={name,...}
urn:ietf:params:netconf:capability:url:1.0?scheme={name,...}
The :url capability URI MUST contain a "scheme" argument assigned a comma-separated list of scheme names indicating which schemes the NETCONF peer supports. For example:
:url功能URI必须包含一个“scheme”参数,该参数指定了一个逗号分隔的方案名称列表,该列表指示NETCONF对等方支持哪些方案。例如:
urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file
urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file
None.
没有一个
The :url capability modifies the <edit-config> operation to accept the <url> element as an alternative to the <config> parameter. If the <url> element is specified, then it should identify a local configuration file.
:url功能修改<edit config>操作以接受<url>元素作为<config>参数的替代。如果指定了<url>元素,那么它应该标识本地配置文件。
The :url capability modifies the <copy-config> operation to accept the <url> element as the value of the <source> and the <target> parameters.
:url功能修改<copy config>操作以接受<url>元素作为<source>和<target>参数的值。
The :url capability modifies the <delete-config> operation to accept the <url> element as the value of the <target> parameters. If this parameter contains a URL, then it should identify a local configuration file.
:url功能修改<delete config>操作以接受<url>元素作为<target>参数的值。如果此参数包含URL,则应标识本地配置文件。
The :url capability modifies the <validate> operation to accept the <url> element as the value of the <source> parameter.
:url功能修改<validate>操作以接受<url>元素作为<source>参数的值。
The XPath capability indicates that the NETCONF peer supports the use of XPath expressions in the <filter> element. XPath is described in [2].
XPath功能表明NETCONF对等方支持在<filter>元素中使用XPath表达式。[2]中描述了XPath。
The XPath expression must return a node-set.
XPath表达式必须返回节点集。
The XPath expression is evaluated in a context where the context node is the root node, and the set of namespace declarations are those in scope on the filter element, including the default namespace.
XPath表达式在上下文中求值,其中上下文节点是根节点,命名空间声明集是过滤器元素范围内的声明,包括默认命名空间。
None.
没有一个
The :xpath capability is identified by the following capability string:
:xpath功能由以下功能字符串标识:
urn:ietf:params:netconf:capability:xpath:1.0
urn:ietf:params:netconf:capability:xpath:1.0
None.
没有一个
The :xpath capability modifies the <get> and <get-config> operations to accept the value "xpath" in the type attribute of the filter element. When the type attribute is set to "xpath", a select attribute MUST be present on the filter element. The select attribute will be treated as an XPath expression and used to filter the returned data. The filter element itself MUST be empty in this case.
:xpath功能修改<get>和<get config>操作,以接受过滤器元素的type属性中的值“xpath”。当要在筛选器上设置“类型”属性时,必须选择“xpath元素”。select属性将被视为XPath表达式,并用于过滤返回的数据。在这种情况下,滤芯本身必须为空。
For example:
例如:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/>
</source> <!-- get the user named fred --> <filter type="xpath" select="top/users/user[name='fred']"/> </get-config> </rpc>
</source> <!-- get the user named fred --> <filter type="xpath" select="top/users/user[name='fred']"/> </get-config> </rpc>
This document does not specify an authorization scheme, as such a scheme should be tied to a meta-data model or a data model. Implementors SHOULD provide a comprehensive authorization scheme with NETCONF.
本文档未指定授权方案,因为此类方案应绑定到元数据模型或数据模型。实现者应该使用NETCONF提供一个全面的授权方案。
Authorization of individual users via the NETCONF server may or may not map 1:1 to other interfaces. First, the data models may be incompatible. Second, it may be desirable to authorize based on mechanisms available in the transport protocol layer (TELNET, SSH, etc).
通过NETCONF服务器对单个用户的授权可能会也可能不会将1:1映射到其他接口。首先,数据模型可能不兼容。其次,可能需要基于传输协议层(TELNET、SSH等)中可用的机制进行授权。
In addition, operations on configurations may have unintended consequences if those operations are also not guarded by the global lock on the files or objects being operated upon. For instance, a partially complete access list could be committed from a candidate configuration unbeknownst to the owner of the lock of the candidate configuration, leading to either an insecure or inaccessible device if the lock on the candidate configuration does not also apply to the <copy-config> operation when applied to it.
此外,如果配置上的操作也不受正在操作的文件或对象的全局锁保护,则这些操作可能会产生意外后果。例如,部分完整的访问列表可能会在未知的情况下从候选配置提交给候选配置锁的所有者,如果候选配置上的锁在应用于<copy config>操作时也不适用于该操作,则会导致设备不安全或不可访问。
Configuration information is by its very nature sensitive. Its transmission in the clear and without integrity checking leaves devices open to classic eavesdropping attacks. Configuration information often contains passwords, user names, service descriptions, and topological information, all of which are sensitive. Because of this, this protocol should be implemented carefully with adequate attention to all manner of attack one might expect to experience with other management interfaces.
配置信息本质上是敏感的。它以清晰且无完整性检查的方式传输,使得设备容易受到经典的窃听攻击。配置信息通常包含密码、用户名、服务描述和拓扑信息,所有这些信息都是敏感的。因此,应仔细实施该协议,并充分注意可能在其他管理接口中遇到的各种攻击。
The protocol, therefore, must minimally support options for both confidentiality and authentication. It is anticipated that the underlying protocol (SSH, BEEP, etc) will provide for both confidentiality and authentication, as is required. It is further expected that the identity of each end of a NETCONF session will be available to the other in order to determine authorization for any given request. One could also easily envision additional information, such as transport and encryption methods, being made available for purposes of authorization. NETCONF itself provide no means to re-authenticate, much less authenticate. All such actions occur at lower layers.
因此,协议必须至少支持机密性和身份验证选项。预计底层协议(SSH、BEEP等)将根据需要提供机密性和身份验证。此外,还期望NETCONF会话的每一端的标识将可供另一端使用,以便确定对任何给定请求的授权。人们还可以很容易地设想为授权目的提供额外的信息,如传输和加密方法。NETCONF本身不提供重新验证的方法,更不用说验证了。所有这些动作都发生在较低层。
Different environments may well allow different rights prior to and then after authentication. Thus, an authorization model is not specified in this document. When an operation is not properly authorized, a simple "access denied" is sufficient. Note that authorization information may be exchanged in the form of configuration information, which is all the more reason to ensure the security of the connection.
在身份验证之前和之后,不同的环境可能允许不同的权限。因此,本文档中未指定授权模型。当一个操作没有得到适当授权时,简单的“拒绝访问”就足够了。请注意,授权信息可以以配置信息的形式交换,这更是确保连接安全的原因。
That having been said, it is important to recognize that some operations are clearly more sensitive by nature than others. For instance, <copy-config> to the startup or running configurations is clearly not a normal provisioning operation, whereas <edit-config> is. Such global operations MUST disallow the changing of information that an individual does not have authorization to perform. For example, if a user A is not allowed to configure an IP address on an interface but user B has configured an IP address on an interface in the <candidate> configuration, user A must not be allowed to commit the <candidate> configuration.
尽管如此,重要的是要认识到,某些行动显然比其他行动更敏感。例如,<copy config>到启动或运行配置显然不是正常的配置操作,而<edit config>则是。此类全局操作必须禁止更改个人无权执行的信息。例如,如果不允许用户a在接口上配置IP地址,但用户B在<candidate>配置中在接口上配置了IP地址,则不得允许用户a提交<candidate>配置。
Similarly, just because someone says "go write a configuration through the URL capability at a particular place", this does not mean that an element should do it without proper authorization.
类似地,仅仅因为有人说“在特定位置通过URL功能编写配置”,这并不意味着元素应该在没有适当授权的情况下进行配置。
The <lock> operation will demonstrate that NETCONF is intended for use by systems that have at least some trust of the administrator. As specified in this document, it is possible to lock portions of a configuration that a principal might not otherwise have access to. After all, the entire configuration is locked. To mitigate this problem, there are two approaches. It is possible to kill another NETCONF session programmatically from within NETCONF if one knows the session identifier of the offending session. The other possible way to break a lock is to provide an function within the device's native user interface. These two mechanisms suffer from a race condition that may be ameliorated by removing the offending user from an AAA server. However, such a solution is not useful in all deployment scenarios, such as those where SSH public/private key pairs are used.
<lock>操作将证明NETCONF供至少对管理员有一定信任的系统使用。如本文所述,可以锁定主体可能无法访问的配置部分。毕竟,整个配置都被锁定了。要缓解此问题,有两种方法。如果知道有问题会话的会话标识符,可以从NETCONF中以编程方式终止另一个NETCONF会话。另一种打破锁定的可能方式是在设备的本机用户界面中提供功能。这两种机制都存在竞争情况,可以通过从AAA服务器中删除违规用户来改善这种情况。但是,这样的解决方案并不是在所有部署场景中都有用,例如使用SSH公钥/私钥对的场景。
This document registers a URI for the NETCONF XML namespace in the IETF XML registry [7].
本文档在IETF XML注册表中注册NETCONF XML命名空间的URI[7]。
Following the format in RFC 3688, IANA has made the following registration.
按照RFC 3688中的格式,IANA进行了以下注册。
URI: urn:ietf:params:xml:ns:netconf:base:1.0
URI: urn:ietf:params:xml:ns:netconf:base:1.0
Registrant Contact: The IESG.
注册人联系人:IESG。
XML: N/A, the requested URI is an XML namespace.
XML:N/A,请求的URI是一个XML名称空间。
This document registers a URI for the NETCONF XML schema in the IETF XML registry [7].
本文档在IETF XML注册表中注册NETCONF XML模式的URI[7]。
Following the format in RFC 3688, IANA has made the following registration.
按照RFC 3688中的格式,IANA进行了以下注册。
URI: urn:ietf:params:xml:schema:netconf
URI: urn:ietf:params:xml:schema:netconf
Registrant Contact: The IESG.
注册人联系人:IESG。
XML: Appendix B of this document.
XML:本文件附录B。
This document creates a registry that allocates NETCONF capability identifiers. Additions to the registry require IETF Standards Action.
本文档创建一个注册表,用于分配NETCONF功能标识符。添加到注册表需要IETF标准操作。
The initial content of the registry contains the capability URNs defined in Section 8.
注册表的初始内容包含第8节中定义的功能URN。
Following the guidelines in RFC 3553 [6], IANA assigned a NETCONF sub-namespace as follows:
按照RFC 3553[6]中的指导原则,IANA分配了一个NETCONF子名称空间,如下所示:
Registry name: netconf
注册表名:netconf
Specification: Section 8 of this document.
规范:本文件第8节。
Repository: The following table.
存储库:见下表。
+--------------------+----------------------------------------------+ | Index | Capability Identifier | +--------------------+----------------------------------------------+ | :writable-running | urn:ietf:params:netconf:capability:writable- | | | running:1.0 | | | | | :candidate | urn:ietf:params:netconf:capability:candidate | | | :1.0 | | | | | :confirmed-commit | urn:ietf:params:netconf:capability:confirmed | | | -commit:1.0 | | | | | :rollback-on-error | urn:ietf:params:netconf:capability:rollback- | | | on-error:1.0 | | | | | :validate | urn:ietf:params:netconf:capability:validate: | | | 1.0 | | | | | :startup | urn:ietf:params:netconf:capability:startup:1 | | | .0 | | | | | :url | urn:ietf:params:netconf:capability:url:1.0 | | | | | :xpath | urn:ietf:params:netconf:capability:xpath:1.0 | +--------------------+----------------------------------------------+
+--------------------+----------------------------------------------+ | Index | Capability Identifier | +--------------------+----------------------------------------------+ | :writable-running | urn:ietf:params:netconf:capability:writable- | | | running:1.0 | | | | | :candidate | urn:ietf:params:netconf:capability:candidate | | | :1.0 | | | | | :confirmed-commit | urn:ietf:params:netconf:capability:confirmed | | | -commit:1.0 | | | | | :rollback-on-error | urn:ietf:params:netconf:capability:rollback- | | | on-error:1.0 | | | | | :validate | urn:ietf:params:netconf:capability:validate: | | | 1.0 | | | | | :startup | urn:ietf:params:netconf:capability:startup:1 | | | .0 | | | | | :url | urn:ietf:params:netconf:capability:url:1.0 | | | | | :xpath | urn:ietf:params:netconf:capability:xpath:1.0 | +--------------------+----------------------------------------------+
Index value: The capability name.
索引值:功能名称。
This document was written by:
本文件由以下人员编写:
Andy Bierman
安迪比尔曼
Ken Crozier, Cisco Systems
Ken Crozier,思科系统公司
Rob Enns, Juniper Networks
Rob Enns,Juniper Networks
Ted Goddard, IceSoft
特德·戈达德,冰软
Eliot Lear, Cisco Systems
艾略特·李尔,思科系统公司
Phil Shafer, Juniper Networks
Phil Shafer,Juniper Networks
Steve Waldbusser
史蒂夫·瓦尔德布瑟
Margaret Wasserman, ThingMagic
玛格丽特·沃瑟曼,神奇的东西
The authors would like to acknowledge the members of the NETCONF working group. In particular, we would like to thank Wes Hardaker for his persistance and patience in assisting us with security considerations. We would also like to thank Randy Presuhn, Sharon Chisholm, Juergen Schoenwalder, Glenn Waters, David Perkins, Weijing Chen, Simon Leinen, Keith Allen, and Dave Harrington for all of their valuable advice.
提交人要感谢NETCONF工作组的成员。特别是,我们要感谢韦斯·哈达克(Wes Hardaker)坚持和耐心地协助我们处理安全问题。我们还要感谢Randy Presohn、Sharon Chisholm、Juergen Schoenwalder、Glenn Waters、David Perkins、Weijing Chen、Simon Leinen、Keith Allen和Dave Harrington提供的宝贵建议。
[1] Sperberg-McQueen, C., Paoli, J., Maler, E., and T. Bray, "Extensible Markup Language (XML) 1.0 (Second Edition)", World Wide Web Consortium, http://www.w3.org/TR/2000/REC-xml-20001006, October 2000.
[1] Sperberg McQueen,C.,Paoli,J.,Maler,E.,和T.Bray,“可扩展标记语言(XML)1.0(第二版)”,万维网联盟,http://www.w3.org/TR/2000/REC-xml-20001006,2000年10月。
[2] Clark, J. and S. DeRose, "XML Path Language (XPath) Version 1.0", World Wide Web Consortium Recommendation, http://www.w3.org/TR/1999/REC-xpath-19991116, November 1999.
[2] Clark,J.和S.DeRose,“XML路径语言(XPath)1.0版”,万维网联盟建议,http://www.w3.org/TR/1999/REC-xpath-19991116,1999年11月。
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[3] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[4] Wasserman, M. and T. Goddard, "Using the NETCONF Configuration Protocol over Secure SHell (SSH)", RFC 4742, December 2006.
[4] Wasserman,M.和T.Goddard,“在安全SHell(SSH)上使用NETCONF配置协议”,RFC 4742,2006年12月。
[5] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.
[5] Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,2005年1月。
[6] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An IETF URN Sub-namespace for Registered Protocol Parameters", BCP 73, RFC 3553, June 2003.
[6] Mealling,M.,Masinter,L.,Hardie,T.,和G.Klyne,“注册协议参数的IETF URN子名称空间”,BCP 73,RFC 35532003年6月。
[7] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004.
[7] Mealling,M.,“IETF XML注册表”,BCP 81,RFC 3688,2004年1月。
[8] Clark, J., "XSL Transformations (XSLT) Version 1.0", World Wide Web Consortium Recommendation, http://www.w3.org/TR/1999/REC-xslt-19991116, November 1999.
[8] Clark,J.,“XSL转换(XSLT)1.0版”,万维网联盟建议,http://www.w3.org/TR/1999/REC-xslt-19991116,1999年11月。
[9] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006.
[9] Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.1”,RFC 4346,2006年4月。
[10] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) Protocol Architecture", RFC 4251, January 2006.
[10] Ilonen,T.和C.Lonvick,“安全外壳(SSH)协议架构”,RFC 42512006年1月。
[11] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[11] Rigney,C.,Willens,S.,Rubens,A.,和W.Simpson,“远程认证拨入用户服务(RADIUS)”,RFC 28652000年6月。
[12] Hollenbeck, S., Rose, M., and L. Masinter, "Guidelines for the Use of Extensible Markup Language (XML) within IETF Protocols", BCP 70, RFC 3470, January 2003.
[12] Hollenbeck,S.,Rose,M.,和L.Masinter,“IETF协议中可扩展标记语言(XML)的使用指南”,BCP 70,RFC 3470,2003年1月。
Tag: in-use Error-type: protocol, application Severity: error Error-info: none Description: The request requires a resource that already in use.
标记:正在使用错误类型:协议,应用程序严重性:错误错误信息:无描述:请求需要已在使用的资源。
Tag: invalid-value Error-type: protocol, application Severity: error Error-info: none Description: The request specifies an unacceptable value for one or more parameters.
标记:无效值错误类型:协议,应用程序严重性:错误信息:无描述:请求为一个或多个参数指定了不可接受的值。
Tag: too-big Error-type: transport, rpc, protocol, application Severity: error Error-info: none Description: The request or response (that would be generated) is too large for the implementation to handle.
标记:太大错误类型:传输、rpc、协议、应用程序严重性:错误信息:无描述:请求或响应(将生成)太大,实现无法处理。
Tag: missing-attribute Error-type: rpc, protocol, application Severity: error Error-info: <bad-attribute> : name of the missing attribute <bad-element> : name of the element that should contain the missing attribute Description: An expected attribute is missing.
标记:缺少属性错误类型:rpc、协议、应用程序严重性:错误错误信息:<bad attribute>:缺少属性的名称<bad element>:应包含缺少属性描述的元素的名称:缺少预期属性。
Tag: bad-attribute Error-type: rpc, protocol, application Severity: error Error-info: <bad-attribute> : name of the attribute w/ bad value <bad-element> : name of the element that contains the attribute with the bad value Description: An attribute value is not correct; e.g., wrong type, out of range, pattern mismatch.
标记:坏属性错误类型:rpc、协议、应用程序严重性:错误错误信息:<bad attribute>:属性名称w/坏值<bad element>:包含具有坏值说明的属性的元素名称:属性值不正确;e、 例如,类型错误、超出范围、图案不匹配。
Tag: unknown-attribute Error-type: rpc, protocol, application Severity: error Error-info: <bad-attribute> : name of the unexpected attribute <bad-element> : name of the element that contains the unexpected attribute Description: An unexpected attribute is present.
标记:未知属性错误类型:rpc、协议、应用程序严重性:错误错误信息:<bad attribute>:意外属性的名称<bad element>:包含意外属性描述的元素的名称:存在意外属性。
Tag: missing-element Error-type: rpc, protocol, application Severity: error Error-info: <bad-element> : name of the missing element Description: An expected element is missing.
标记:缺少元素错误类型:rpc、协议、应用程序严重性:错误信息:<bad element>:缺少元素的名称说明:缺少预期的元素。
Tag: bad-element Error-type: rpc, protocol, application Severity: error Error-info: <bad-element> : name of the element w/ bad value Description: An element value is not correct; e.g., wrong type, out of range, pattern mismatch.
标记:错误元素错误类型:rpc、协议、应用程序严重性:错误信息:<bad element>:元素名称w/错误值说明:元素值不正确;e、 例如,类型错误、超出范围、图案不匹配。
Tag: unknown-element Error-type: rpc, protocol, application Severity: error Error-info: <bad-element> : name of the unexpected element Description: An unexpected element is present.
标记:未知元素错误类型:rpc、协议、应用程序严重性:错误信息:<bad element>:意外元素的名称说明:存在意外元素。
Tag: unknown-namespace Error-type: rpc, protocol, application Severity: error Error-info: <bad-element> : name of the element that contains the unexpected namespace <bad-namespace> : name of the unexpected namespace Description: An unexpected namespace is present.
标记:未知命名空间错误类型:rpc、协议、应用程序严重性:错误错误信息:<bad element>:包含意外命名空间的元素名称<bad namespace>:意外命名空间的名称说明:存在意外命名空间。
Tag: access-denied Error-type: rpc, protocol, application Severity: error Error-info: none Description: Access to the requested RPC, protocol operation, or data model is denied because authorization failed.
标记:拒绝访问错误类型:rpc、协议、应用程序严重性:错误信息:无描述:由于授权失败,对请求的rpc、协议操作或数据模型的访问被拒绝。
Tag: lock-denied Error-type: protocol Severity: error Error-info: <session-id> : session ID of session holding the requested lock, or zero to indicate a non-NETCONF entity holds the lock Description: Access to the requested lock is denied because the lock is currently held by another entity.
Tag:lock denied错误类型:协议严重性:错误信息:<session id>:持有请求锁的会话的会话id,或零表示非NETCONF实体持有锁描述:拒绝访问请求的锁,因为锁当前由另一个实体持有。
Tag: resource-denied Error-type: transport, rpc, protocol, application Severity: error Error-info: none Description: Request could not be completed because of insufficient resources.
标记:资源被拒绝错误类型:传输、rpc、协议、应用程序严重性:错误信息:无描述:由于资源不足,无法完成请求。
Tag: rollback-failed Error-type: protocol, application Severity: error Error-info: none Description: Request to rollback some configuration change (via rollback-on-error or discard-changes operations) was not completed for some reason.
标记:回滚失败错误类型:协议,应用程序严重性:错误错误信息:无描述:由于某种原因,回滚某些配置更改(通过错误时回滚或放弃更改操作)的请求未完成。
Tag: data-exists Error-type: application Severity: error Error-info: none Description: Request could not be completed because the relevant data model content already exists. For example, a 'create' operation was attempted on data that already exists.
标记:数据存在错误类型:应用程序严重性:错误信息:无描述:无法完成请求,因为相关数据模型内容已存在。例如,尝试对已存在的数据执行“创建”操作。
Tag: data-missing Error-type: application Severity: error Error-info: none Description: Request could not be completed because the relevant data model content does not exist. For example, a 'replace' or 'delete' operation was attempted on data that does not exist.
标记:数据丢失错误类型:应用程序严重性:错误错误信息:无描述:由于相关数据模型内容不存在,无法完成请求。例如,尝试对不存在的数据执行“替换”或“删除”操作。
Tag: operation-not-supported Error-type: rpc, protocol, application Severity: error Error-info: none Description: Request could not be completed because the requested operation is not supported by this implementation.
标记:操作不受支持错误类型:rpc、协议、应用程序严重性:错误信息:无描述:无法完成请求,因为此实现不支持请求的操作。
Tag: operation-failed Error-type: rpc, protocol, application Severity: error Error-info: none Description: Request could not be completed because the requested operation failed for some reason not covered by any other error condition.
标记:操作失败错误类型:rpc、协议、应用程序严重性:错误错误信息:无描述:请求无法完成,因为请求的操作因某些原因失败,而不包括在任何其他错误条件中。
Tag: partial-operation Error-type: application Severity: error Error-info: <ok-element> : identifies an element in the data model for which the requested operation has been completed for that node and all its child nodes. This element can appear zero or more times in the <error-info> container.
标记:部分操作错误类型:应用程序严重性:错误错误信息:<ok element>:标识数据模型中已完成该节点及其所有子节点的请求操作的元素。此元素可以在<error info>容器中出现零次或多次。
<err-element> : identifies an element in the data model for which the requested operation has failed for that node and all its child nodes. This element can appear zero or more times in the <error-info> container.
<err element>:标识数据模型中该节点及其所有子节点的请求操作失败的元素。此元素可以在<error info>容器中出现零次或多次。
<noop-element> : identifies an element in the data model for which the requested operation was not attempted for that node and all its child nodes. This element can appear zero or more times in the <error-info> container. Description: Some part of the requested operation failed or was not attempted for some reason. Full cleanup has not been performed (e.g., rollback not supported) by the server. The error-info container is used to identify which portions of the application data model content for which the requested operation has succeeded (<ok-element>), failed (<bad-element>), or not been attempted (<noop-element>).
<noop element>:标识数据模型中的一个元素,该节点及其所有子节点未尝试对该元素执行请求的操作。此元素可以在<error info>容器中出现零次或多次。描述:请求的操作的某些部分失败或由于某种原因未尝试。服务器尚未执行完全清理(例如,不支持回滚)。错误信息容器用于标识请求的操作已成功(<ok element>)、失败(<bad element>)或未尝试(<noop element>)的应用程序数据模型内容的哪些部分。
BEGIN
开始
<?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" targetNamespace="urn:ietf:params:xml:ns:netconf:base:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified" xml:lang="en"> <!-- import standard XML definitions --> <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"> <xs:annotation> <xs:documentation> This import accesses the xml: attribute groups for the xml:lang as declared on the error-message element. </xs:documentation> </xs:annotation> </xs:import> <!-- message-id attribute --> <xs:simpleType name="messageIdType"> <xs:restriction base="xs:string"> <xs:maxLength value="4095"/> </xs:restriction> </xs:simpleType> <!-- Types used for session-id --> <xs:simpleType name="SessionId"> <xs:restriction base="xs:unsignedInt"> <xs:minInclusive value="1"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="SessionIdOrZero"> <xs:restriction base="xs:unsignedInt"/> </xs:simpleType> <!-- <rpc> element --> <xs:complexType name="rpcType"> <xs:sequence> <xs:element ref="rpcOperation"/>
<?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" targetNamespace="urn:ietf:params:xml:ns:netconf:base:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified" xml:lang="en"> <!-- import standard XML definitions --> <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"> <xs:annotation> <xs:documentation> This import accesses the xml: attribute groups for the xml:lang as declared on the error-message element. </xs:documentation> </xs:annotation> </xs:import> <!-- message-id attribute --> <xs:simpleType name="messageIdType"> <xs:restriction base="xs:string"> <xs:maxLength value="4095"/> </xs:restriction> </xs:simpleType> <!-- Types used for session-id --> <xs:simpleType name="SessionId"> <xs:restriction base="xs:unsignedInt"> <xs:minInclusive value="1"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="SessionIdOrZero"> <xs:restriction base="xs:unsignedInt"/> </xs:simpleType> <!-- <rpc> element --> <xs:complexType name="rpcType"> <xs:sequence> <xs:element ref="rpcOperation"/>
</xs:sequence> <xs:attribute name="message-id" type="messageIdType" use="required"/> <!-- Arbitrary attributes can be supplied with <rpc> element. --> <xs:anyAttribute processContents="lax"/> </xs:complexType> <xs:element name="rpc" type="rpcType"/> <!-- data types and elements used to construct rpc-errors --> <xs:simpleType name="ErrorType"> <xs:restriction base="xs:string"> <xs:enumeration value="transport"/> <xs:enumeration value="rpc"/> <xs:enumeration value="protocol"/> <xs:enumeration value="application"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="ErrorTag"> <xs:restriction base="xs:string"> <xs:enumeration value="in-use"/> <xs:enumeration value="invalid-value"/> <xs:enumeration value="too-big"/> <xs:enumeration value="missing-attribute"/> <xs:enumeration value="bad-attribute"/> <xs:enumeration value="unknown-attribute"/> <xs:enumeration value="missing-element"/> <xs:enumeration value="bad-element"/> <xs:enumeration value="unknown-element"/> <xs:enumeration value="unknown-namespace"/> <xs:enumeration value="access-denied"/> <xs:enumeration value="lock-denied"/> <xs:enumeration value="resource-denied"/> <xs:enumeration value="rollback-failed"/> <xs:enumeration value="data-exists"/> <xs:enumeration value="data-missing"/> <xs:enumeration value="operation-not-supported"/> <xs:enumeration value="operation-failed"/> <xs:enumeration value="partial-operation"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="ErrorSeverity"> <xs:restriction base="xs:string"> <xs:enumeration value="error"/> <xs:enumeration value="warning"/> </xs:restriction>
</xs:sequence> <xs:attribute name="message-id" type="messageIdType" use="required"/> <!-- Arbitrary attributes can be supplied with <rpc> element. --> <xs:anyAttribute processContents="lax"/> </xs:complexType> <xs:element name="rpc" type="rpcType"/> <!-- data types and elements used to construct rpc-errors --> <xs:simpleType name="ErrorType"> <xs:restriction base="xs:string"> <xs:enumeration value="transport"/> <xs:enumeration value="rpc"/> <xs:enumeration value="protocol"/> <xs:enumeration value="application"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="ErrorTag"> <xs:restriction base="xs:string"> <xs:enumeration value="in-use"/> <xs:enumeration value="invalid-value"/> <xs:enumeration value="too-big"/> <xs:enumeration value="missing-attribute"/> <xs:enumeration value="bad-attribute"/> <xs:enumeration value="unknown-attribute"/> <xs:enumeration value="missing-element"/> <xs:enumeration value="bad-element"/> <xs:enumeration value="unknown-element"/> <xs:enumeration value="unknown-namespace"/> <xs:enumeration value="access-denied"/> <xs:enumeration value="lock-denied"/> <xs:enumeration value="resource-denied"/> <xs:enumeration value="rollback-failed"/> <xs:enumeration value="data-exists"/> <xs:enumeration value="data-missing"/> <xs:enumeration value="operation-not-supported"/> <xs:enumeration value="operation-failed"/> <xs:enumeration value="partial-operation"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="ErrorSeverity"> <xs:restriction base="xs:string"> <xs:enumeration value="error"/> <xs:enumeration value="warning"/> </xs:restriction>
</xs:simpleType> <xs:complexType name="errorInfoType"> <xs:sequence> <xs:choice> <xs:element name="session-id" type="SessionIdOrZero"/> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:sequence> <xs:element name="bad-attribute" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="bad-element" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="ok-element" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="err-element" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="noop-element" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="bad-namespace" type="xs:QName" minOccurs="0" maxOccurs="1"/> </xs:sequence> </xs:sequence> </xs:choice> <!-- elements from any other namespace are also allowed to follow the NETCONF elements --> <xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:complexType name="rpcErrorType"> <xs:sequence> <xs:element name="error-type" type="ErrorType"/> <xs:element name="error-tag" type="ErrorTag"/> <xs:element name="error-severity" type="ErrorSeverity"/> <xs:element name="error-app-tag" type="xs:string" minOccurs="0"/> <xs:element name="error-path" type="xs:string" minOccurs="0"/> <xs:element name="error-message" minOccurs="0"> <xs:complexType> <xs:simpleContent> <xs:extension base="xs:string"> <xs:attribute ref="xml:lang" use="optional"/> </xs:extension> </xs:simpleContent> </xs:complexType> </xs:element> <xs:element name="error-info" type="errorInfoType" minOccurs="0"/> </xs:sequence>
</xs:simpleType> <xs:complexType name="errorInfoType"> <xs:sequence> <xs:choice> <xs:element name="session-id" type="SessionIdOrZero"/> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:sequence> <xs:element name="bad-attribute" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="bad-element" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="ok-element" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="err-element" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="noop-element" type="xs:QName" minOccurs="0" maxOccurs="1"/> <xs:element name="bad-namespace" type="xs:QName" minOccurs="0" maxOccurs="1"/> </xs:sequence> </xs:sequence> </xs:choice> <!-- elements from any other namespace are also allowed to follow the NETCONF elements --> <xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:complexType name="rpcErrorType"> <xs:sequence> <xs:element name="error-type" type="ErrorType"/> <xs:element name="error-tag" type="ErrorTag"/> <xs:element name="error-severity" type="ErrorSeverity"/> <xs:element name="error-app-tag" type="xs:string" minOccurs="0"/> <xs:element name="error-path" type="xs:string" minOccurs="0"/> <xs:element name="error-message" minOccurs="0"> <xs:complexType> <xs:simpleContent> <xs:extension base="xs:string"> <xs:attribute ref="xml:lang" use="optional"/> </xs:extension> </xs:simpleContent> </xs:complexType> </xs:element> <xs:element name="error-info" type="errorInfoType" minOccurs="0"/> </xs:sequence>
</xs:complexType> <!-- <rpc-reply> element --> <xs:complexType name="rpcReplyType"> <xs:choice> <xs:element name="ok"/> <xs:group ref="rpcResponse"/> </xs:choice> <xs:attribute name="message-id" type="messageIdType" use="optional"/> <!-- Any attributes supplied with <rpc> element must be returned on <rpc-reply>. --> <xs:anyAttribute processContents="lax"/> </xs:complexType> <xs:group name="rpcResponse"> <xs:sequence> <xs:element name="rpc-error" type="rpcErrorType" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="data" type="dataInlineType" minOccurs="0"/> </xs:sequence> </xs:group> <xs:element name="rpc-reply" type="rpcReplyType"/> <!-- Type for <test-option> parameter to <edit-config> --> <xs:simpleType name="testOptionType"> <xs:restriction base="xs:string"> <xs:enumeration value="test-then-set"/> <xs:enumeration value="set"/> </xs:restriction> </xs:simpleType> <!-- Type for <error-option> parameter to <edit-config> --> <xs:simpleType name="errorOptionType"> <xs:restriction base="xs:string"> <xs:annotation> <xs:documentation> Use of the rollback-on-error value requires the :rollback-on-error capability. </xs:documentation> </xs:annotation> <xs:enumeration value="stop-on-error"/> <xs:enumeration value="continue-on-error"/> <xs:enumeration value="rollback-on-error"/>
</xs:complexType> <!-- <rpc-reply> element --> <xs:complexType name="rpcReplyType"> <xs:choice> <xs:element name="ok"/> <xs:group ref="rpcResponse"/> </xs:choice> <xs:attribute name="message-id" type="messageIdType" use="optional"/> <!-- Any attributes supplied with <rpc> element must be returned on <rpc-reply>. --> <xs:anyAttribute processContents="lax"/> </xs:complexType> <xs:group name="rpcResponse"> <xs:sequence> <xs:element name="rpc-error" type="rpcErrorType" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="data" type="dataInlineType" minOccurs="0"/> </xs:sequence> </xs:group> <xs:element name="rpc-reply" type="rpcReplyType"/> <!-- Type for <test-option> parameter to <edit-config> --> <xs:simpleType name="testOptionType"> <xs:restriction base="xs:string"> <xs:enumeration value="test-then-set"/> <xs:enumeration value="set"/> </xs:restriction> </xs:simpleType> <!-- Type for <error-option> parameter to <edit-config> --> <xs:simpleType name="errorOptionType"> <xs:restriction base="xs:string"> <xs:annotation> <xs:documentation> Use of the rollback-on-error value requires the :rollback-on-error capability. </xs:documentation> </xs:annotation> <xs:enumeration value="stop-on-error"/> <xs:enumeration value="continue-on-error"/> <xs:enumeration value="rollback-on-error"/>
</xs:restriction> </xs:simpleType> <!-- rpcOperationType: used as a base type for all NETCONF operations --> <xs:complexType name="rpcOperationType"/> <xs:element name="rpcOperation" type="rpcOperationType" abstract="true"/> <!-- Type for <config> element --> <xs:complexType name="configInlineType"> <xs:complexContent> <xs:extension base="xs:anyType"/> </xs:complexContent> </xs:complexType> <!-- Type for <data> element --> <xs:complexType name="dataInlineType"> <xs:complexContent> <xs:extension base="xs:anyType"/> </xs:complexContent> </xs:complexType> <!-- Type for <filter> element --> <xs:simpleType name="FilterType"> <xs:restriction base="xs:string"> <xs:annotation> <xs:documentation> Use of the xpath value requires the :xpath capability. </xs:documentation> </xs:annotation> <xs:enumeration value="subtree"/> <xs:enumeration value="xpath"/> </xs:restriction> </xs:simpleType> <xs:complexType name="filterInlineType"> <xs:complexContent> <xs:extension base="xs:anyType"> <xs:attribute name="type" type="FilterType" default="subtree"/> <!-- if type="xpath", the xpath expression appears in the select element --> <xs:attribute name="select"/> </xs:extension>
</xs:restriction> </xs:simpleType> <!-- rpcOperationType: used as a base type for all NETCONF operations --> <xs:complexType name="rpcOperationType"/> <xs:element name="rpcOperation" type="rpcOperationType" abstract="true"/> <!-- Type for <config> element --> <xs:complexType name="configInlineType"> <xs:complexContent> <xs:extension base="xs:anyType"/> </xs:complexContent> </xs:complexType> <!-- Type for <data> element --> <xs:complexType name="dataInlineType"> <xs:complexContent> <xs:extension base="xs:anyType"/> </xs:complexContent> </xs:complexType> <!-- Type for <filter> element --> <xs:simpleType name="FilterType"> <xs:restriction base="xs:string"> <xs:annotation> <xs:documentation> Use of the xpath value requires the :xpath capability. </xs:documentation> </xs:annotation> <xs:enumeration value="subtree"/> <xs:enumeration value="xpath"/> </xs:restriction> </xs:simpleType> <xs:complexType name="filterInlineType"> <xs:complexContent> <xs:extension base="xs:anyType"> <xs:attribute name="type" type="FilterType" default="subtree"/> <!-- if type="xpath", the xpath expression appears in the select element --> <xs:attribute name="select"/> </xs:extension>
</xs:complexContent> </xs:complexType> <!-- configuration datastore names --> <xs:annotation> <xs:documentation> The startup datastore can be used only if the :startup capability is advertised. The candidate datastore can be used only if the :candidate datastore is advertised. </xs:documentation> </xs:annotation> <xs:complexType name="configNameType"/> <xs:element name="config-name" type="configNameType" abstract="true"/> <xs:element name="startup" type="configNameType" substitutionGroup="config-name"/> <xs:element name="candidate" type="configNameType" substitutionGroup="config-name"/> <xs:element name="running" type="configNameType" substitutionGroup="config-name"/> <!-- operation attribute used in <edit-config> --> <xs:simpleType name="editOperationType"> <xs:restriction base="xs:string"> <xs:enumeration value="merge"/> <xs:enumeration value="replace"/> <xs:enumeration value="create"/> <xs:enumeration value="delete"/> </xs:restriction> </xs:simpleType> <xs:attribute name="operation" type="editOperationType" default="merge"/> <!-- <default-operation> element --> <xs:simpleType name="defaultOperationType"> <xs:restriction base="xs:string"> <xs:enumeration value="merge"/> <xs:enumeration value="replace"/> <xs:enumeration value="none"/> </xs:restriction> </xs:simpleType> <!-- <url> element --> <xs:complexType name="configURIType">
</xs:complexContent> </xs:complexType> <!-- configuration datastore names --> <xs:annotation> <xs:documentation> The startup datastore can be used only if the :startup capability is advertised. The candidate datastore can be used only if the :candidate datastore is advertised. </xs:documentation> </xs:annotation> <xs:complexType name="configNameType"/> <xs:element name="config-name" type="configNameType" abstract="true"/> <xs:element name="startup" type="configNameType" substitutionGroup="config-name"/> <xs:element name="candidate" type="configNameType" substitutionGroup="config-name"/> <xs:element name="running" type="configNameType" substitutionGroup="config-name"/> <!-- operation attribute used in <edit-config> --> <xs:simpleType name="editOperationType"> <xs:restriction base="xs:string"> <xs:enumeration value="merge"/> <xs:enumeration value="replace"/> <xs:enumeration value="create"/> <xs:enumeration value="delete"/> </xs:restriction> </xs:simpleType> <xs:attribute name="operation" type="editOperationType" default="merge"/> <!-- <default-operation> element --> <xs:simpleType name="defaultOperationType"> <xs:restriction base="xs:string"> <xs:enumeration value="merge"/> <xs:enumeration value="replace"/> <xs:enumeration value="none"/> </xs:restriction> </xs:simpleType> <!-- <url> element --> <xs:complexType name="configURIType">
<xs:annotation> <xs:documentation> Use of the url element requires the :url capability. </xs:documentation> </xs:annotation> <xs:simpleContent> <xs:extension base="xs:anyURI"/> </xs:simpleContent> </xs:complexType> <!-- Type for <source> element (except <get-config>) --> <xs:complexType name="rpcOperationSourceType"> <xs:choice> <xs:element name="config" type="configInlineType"/> <xs:element ref="config-name"/> <xs:element name="url" type="configURIType"/> </xs:choice> </xs:complexType> <!-- Type for <source> element in <get-config> --> <xs:complexType name="getConfigSourceType"> <xs:choice> <xs:element ref="config-name"/> <xs:element name="url" type="configURIType"/> </xs:choice> </xs:complexType> <!-- Type for <target> element --> <xs:complexType name="rpcOperationTargetType"> <xs:choice> <xs:element ref="config-name"/> <xs:element name="url" type="configURIType"/> </xs:choice> </xs:complexType> <!-- <get-config> operation --> <xs:complexType name="getConfigType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="source" type="getConfigSourceType"/> <xs:element name="filter" type="filterInlineType" minOccurs="0"/>
<xs:annotation> <xs:documentation> Use of the url element requires the :url capability. </xs:documentation> </xs:annotation> <xs:simpleContent> <xs:extension base="xs:anyURI"/> </xs:simpleContent> </xs:complexType> <!-- Type for <source> element (except <get-config>) --> <xs:complexType name="rpcOperationSourceType"> <xs:choice> <xs:element name="config" type="configInlineType"/> <xs:element ref="config-name"/> <xs:element name="url" type="configURIType"/> </xs:choice> </xs:complexType> <!-- Type for <source> element in <get-config> --> <xs:complexType name="getConfigSourceType"> <xs:choice> <xs:element ref="config-name"/> <xs:element name="url" type="configURIType"/> </xs:choice> </xs:complexType> <!-- Type for <target> element --> <xs:complexType name="rpcOperationTargetType"> <xs:choice> <xs:element ref="config-name"/> <xs:element name="url" type="configURIType"/> </xs:choice> </xs:complexType> <!-- <get-config> operation --> <xs:complexType name="getConfigType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="source" type="getConfigSourceType"/> <xs:element name="filter" type="filterInlineType" minOccurs="0"/>
</xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="get-config" type="getConfigType" substitutionGroup="rpcOperation"/> <!-- <edit-config> operation --> <xs:complexType name="editConfigType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:annotation> <xs:documentation> Use of the test-option element requires the :validate capability. Use of the url element requires the :url capability. </xs:documentation> </xs:annotation> <xs:element name="target" type="rpcOperationTargetType"/> <xs:element name="default-operation" type="defaultOperationType" minOccurs="0"/> <xs:element name="test-option" type="testOptionType" minOccurs="0"/> <xs:element name="error-option" type="errorOptionType" minOccurs="0"/> <xs:choice> <xs:element name="config" type="configInlineType"/> <xs:element name="url" type="configURIType"/> </xs:choice> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="edit-config" type="editConfigType" substitutionGroup="rpcOperation"/> <!-- <copy-config> operation --> <xs:complexType name="copyConfigType"> <xs:complexContent>
</xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="get-config" type="getConfigType" substitutionGroup="rpcOperation"/> <!-- <edit-config> operation --> <xs:complexType name="editConfigType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:annotation> <xs:documentation> Use of the test-option element requires the :validate capability. Use of the url element requires the :url capability. </xs:documentation> </xs:annotation> <xs:element name="target" type="rpcOperationTargetType"/> <xs:element name="default-operation" type="defaultOperationType" minOccurs="0"/> <xs:element name="test-option" type="testOptionType" minOccurs="0"/> <xs:element name="error-option" type="errorOptionType" minOccurs="0"/> <xs:choice> <xs:element name="config" type="configInlineType"/> <xs:element name="url" type="configURIType"/> </xs:choice> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="edit-config" type="editConfigType" substitutionGroup="rpcOperation"/> <!-- <copy-config> operation --> <xs:complexType name="copyConfigType"> <xs:complexContent>
<xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="target" type="rpcOperationTargetType"/> <xs:element name="source" type="rpcOperationSourceType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="copy-config" type="copyConfigType" substitutionGroup="rpcOperation"/> <!-- <delete-config> operation --> <xs:complexType name="deleteConfigType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="target" type="rpcOperationTargetType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="delete-config" type="deleteConfigType" substitutionGroup="rpcOperation"/> <!-- <get> operation --> <xs:complexType name="getType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="filter" type="filterInlineType" minOccurs="0"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="get" type="getType" substitutionGroup="rpcOperation"/> <!-- <lock> operation --> <xs:complexType name="lockType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="target" type="rpcOperationTargetType"/>
<xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="target" type="rpcOperationTargetType"/> <xs:element name="source" type="rpcOperationSourceType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="copy-config" type="copyConfigType" substitutionGroup="rpcOperation"/> <!-- <delete-config> operation --> <xs:complexType name="deleteConfigType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="target" type="rpcOperationTargetType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="delete-config" type="deleteConfigType" substitutionGroup="rpcOperation"/> <!-- <get> operation --> <xs:complexType name="getType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="filter" type="filterInlineType" minOccurs="0"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="get" type="getType" substitutionGroup="rpcOperation"/> <!-- <lock> operation --> <xs:complexType name="lockType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="target" type="rpcOperationTargetType"/>
</xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="lock" type="lockType" substitutionGroup="rpcOperation"/> <!-- <unlock> operation --> <xs:complexType name="unlockType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="target" type="rpcOperationTargetType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="unlock" type="unlockType" substitutionGroup="rpcOperation"/> <!-- <validate> operation --> <xs:complexType name="validateType"> <xs:annotation> <xs:documentation> The validate operation requires the :validate capability. </xs:documentation> </xs:annotation> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="source" type="rpcOperationSourceType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="validate" type="validateType" substitutionGroup="rpcOperation"/> <!-- <commit> operation --> <xs:simpleType name="confirmTimeoutType"> <xs:restriction base="xs:unsignedInt"> <xs:minInclusive value="1"/> </xs:restriction> </xs:simpleType> <xs:complexType name="commitType">
</xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="lock" type="lockType" substitutionGroup="rpcOperation"/> <!-- <unlock> operation --> <xs:complexType name="unlockType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="target" type="rpcOperationTargetType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="unlock" type="unlockType" substitutionGroup="rpcOperation"/> <!-- <validate> operation --> <xs:complexType name="validateType"> <xs:annotation> <xs:documentation> The validate operation requires the :validate capability. </xs:documentation> </xs:annotation> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="source" type="rpcOperationSourceType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="validate" type="validateType" substitutionGroup="rpcOperation"/> <!-- <commit> operation --> <xs:simpleType name="confirmTimeoutType"> <xs:restriction base="xs:unsignedInt"> <xs:minInclusive value="1"/> </xs:restriction> </xs:simpleType> <xs:complexType name="commitType">
<xs:annotation> <xs:documentation> The commit operation requires the :candidate capability. </xs:documentation> </xs:annotation> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:annotation> <xs:documentation> Use of the confirmed and confirm-timeout elements requires the :confirmed-commit capability. </xs:documentation> </xs:annotation> <xs:element name="confirmed" minOccurs="0"/> <xs:element name="confirm-timeout" type="confirmTimeoutType" minOccurs="0"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="commit" type="commitType" substitutionGroup="rpcOperation"/> <!-- <discard-changes> operation --> <xs:complexType name="discardChangesType"> <xs:annotation> <xs:documentation> The discard-changes operation requires the :candidate capability. </xs:documentation> </xs:annotation> <xs:complexContent> <xs:extension base="rpcOperationType"/> </xs:complexContent> </xs:complexType> <xs:element name="discard-changes" type="discardChangesType" substitutionGroup="rpcOperation"/> <!-- <close-session> operation --> <xs:complexType name="closeSessionType"> <xs:complexContent> <xs:extension base="rpcOperationType"/> </xs:complexContent>
<xs:annotation> <xs:documentation> The commit operation requires the :candidate capability. </xs:documentation> </xs:annotation> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:annotation> <xs:documentation> Use of the confirmed and confirm-timeout elements requires the :confirmed-commit capability. </xs:documentation> </xs:annotation> <xs:element name="confirmed" minOccurs="0"/> <xs:element name="confirm-timeout" type="confirmTimeoutType" minOccurs="0"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="commit" type="commitType" substitutionGroup="rpcOperation"/> <!-- <discard-changes> operation --> <xs:complexType name="discardChangesType"> <xs:annotation> <xs:documentation> The discard-changes operation requires the :candidate capability. </xs:documentation> </xs:annotation> <xs:complexContent> <xs:extension base="rpcOperationType"/> </xs:complexContent> </xs:complexType> <xs:element name="discard-changes" type="discardChangesType" substitutionGroup="rpcOperation"/> <!-- <close-session> operation --> <xs:complexType name="closeSessionType"> <xs:complexContent> <xs:extension base="rpcOperationType"/> </xs:complexContent>
</xs:complexType> <xs:element name="close-session" type="closeSessionType" substitutionGroup="rpcOperation"/> <!-- <kill-session> operation --> <xs:complexType name="killSessionType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="session-id" type="SessionId" minOccurs="1"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="kill-session" type="killSessionType" substitutionGroup="rpcOperation"/> <!-- <hello> element --> <xs:element name="hello"> <xs:complexType> <xs:sequence> <xs:element name="capabilities"> <xs:complexType> <xs:sequence> <xs:element name="capability" type="xs:anyURI" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="session-id" type="SessionId" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> </xs:schema>
</xs:complexType> <xs:element name="close-session" type="closeSessionType" substitutionGroup="rpcOperation"/> <!-- <kill-session> operation --> <xs:complexType name="killSessionType"> <xs:complexContent> <xs:extension base="rpcOperationType"> <xs:sequence> <xs:element name="session-id" type="SessionId" minOccurs="1"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="kill-session" type="killSessionType" substitutionGroup="rpcOperation"/> <!-- <hello> element --> <xs:element name="hello"> <xs:complexType> <xs:sequence> <xs:element name="capabilities"> <xs:complexType> <xs:sequence> <xs:element name="capability" type="xs:anyURI" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="session-id" type="SessionId" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> </xs:schema>
END
终止
The {name} capability is identified by the following capability string:
{name}功能由以下功能字符串标识:
{capability uri}
{capability uri}
If existing operations are not modified by this capability, this section may be omitted.
如果现有操作未通过此功能进行修改,则可省略本节。
If this capability does not interact with other capabilities, this section may be omitted.
如果此功能不与其他功能交互,则可以省略此部分。
Consider the work involved in performing a configuration update against a single individual device. In making a change to the configuration, the application needs to build trust that its change has been made correctly and that it has not impacted the operation of the device. The application (and the application user) should feel confident that their change has not damaged the network.
考虑对单个设备执行配置更新所涉及的工作。在对配置进行更改时,应用程序需要建立信任,确保其更改已正确进行,并且未影响设备的操作。应用程序(和应用程序用户)应该确信他们的更改没有损坏网络。
Protecting each individual device consists of a number of steps:
保护每个单独的设备包括多个步骤:
o Acquiring the configuration lock.
o 获取配置锁。
o Loading the update.
o 正在加载更新。
o Validating the incoming configuration.
o 正在验证传入的配置。
o Checkpointing the running configuration.
o 检查正在运行的配置。
o Changing the running configuration.
o 更改正在运行的配置。
o Testing the new configuration.
o 测试新配置。
o Making the change permanent (if desired).
o 使更改永久化(如果需要)。
o Releasing the configuration lock.
o 释放配置锁。
Let's look at the details of each step.
让我们看看每个步骤的细节。
A lock should be acquired to prevent simultaneous updates from multiple sources. If multiple sources are affecting the device, the application is hampered in both testing of its change to the configuration and in recovery should the update fail. Acquiring a short-lived lock is a simple defense to prevent other parties from introducing unrelated changes.
应获取锁以防止来自多个源的同时更新。如果多个源影响设备,则应用程序在测试其对配置的更改以及在更新失败时进行恢复时都会受到阻碍。获取短期锁是一种简单的防御措施,可以防止其他方引入不相关的更改。
The lock can be acquired using the <lock> operation.
可以使用<lock>操作获取锁。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target>
</lock> </rpc>
</lock> </rpc>
The configuration can be loaded onto the device without impacting the running system. If the :url capability is supported and lists "file" as a supported scheme, incoming changes can be placed in a local file.
配置可以加载到设备上,而不会影响正在运行的系统。如果支持:url功能并将“文件”列为受支持的方案,则传入的更改可以放在本地文件中。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <target> <url>file://incoming.conf</url> </target> <source> <config> <!-- place incoming configuration here --> </config> </source> </copy-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <target> <url>file://incoming.conf</url> </target> <source> <config> <!-- place incoming configuration here --> </config> </source> </copy-config> </rpc>
If the :candidate capability is supported, the candidate configuration can be used.
如果支持:候选功能,则可以使用候选配置。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <candidate/> </target> <config> <!-- place incoming configuration here --> </config> </edit-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <candidate/> </target> <config> <!-- place incoming configuration here --> </config> </edit-config> </rpc>
If the update fails, the user file can be deleted using the <delete-config> operation, or the candidate configuration can be reverted using the <discard-changes> operation.
如果更新失败,可以使用<delete config>操作删除用户文件,或者使用<discard changes>操作还原候选配置。
Before the incoming configuration is applied, validating it is often useful. Validation allows the application to gain confidence that the change will succeed and simplifies recovery if it does not.
在应用传入配置之前,验证它通常很有用。通过验证,应用程序可以获得更改成功的信心,如果更改不成功,则可以简化恢复。
If the device supports the :url capability and lists "file" as a supported scheme, use the <validate> operation with the <source> parameter set to the proper user file:
如果设备支持:url功能并将“文件”列为支持的方案,则使用<validate>操作,并将<source>参数设置为正确的用户文件:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <validate> <source> <url>file://incoming.conf</url> </source> </validate> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <validate> <source> <url>file://incoming.conf</url> </source> </validate> </rpc>
If the device supports the :candidate capability, some validation will be performed as part of loading the incoming configuration into the candidate. For full validation, either pass the <validate> parameter during the <edit-config> step given above, or use the <validate> operation with the <source> parameter set to <candidate>.
如果设备支持:候选者功能,将执行一些验证,作为将传入配置加载到候选者中的一部分。对于完全验证,可以在上面给出的<edit config>步骤中传递<validate>参数,或者使用<source>参数设置为<candidate>的<validate>操作。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <validate> <source> <candidate/> </source> </validate> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <validate> <source> <candidate/> </source> </validate> </rpc>
The running configuration can be saved into a local file as a checkpoint before loading the new configuration. If the update fails, the configuration can be restored by reloading the checkpoint file.
在加载新配置之前,可以将正在运行的配置保存到本地文件中作为检查点。如果更新失败,可以通过重新加载检查点文件来恢复配置。
The checkpoint file can be created using the <copy-config> operation.
可以使用<copy config>操作创建检查点文件。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <target> <url>file://checkpoint.conf</url>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <target> <url>file://checkpoint.conf</url>
</target> <source> <running/> </source> </copy-config> </rpc>
</target> <source> <running/> </source> </copy-config> </rpc>
To restore the checkpoint file, reverse the source and target parameters.
要还原检查点文件,请反转源参数和目标参数。
When the incoming configuration has been safely loaded onto the device and validated, it is ready to impact the running system.
当传入配置已安全加载到设备上并经过验证后,它就可以影响正在运行的系统。
If the device supports the :url capability and lists "file" as a supported scheme, use the <edit-config> operation to merge the incoming configuration into the running configuration.
如果设备支持:url功能并将“文件”列为受支持的方案,请使用<edit config>操作将传入配置合并到正在运行的配置中。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <config> <url>file://incoming.conf</url> </config> </edit-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <running/> </target> <config> <url>file://incoming.conf</url> </config> </edit-config> </rpc>
If the device supports the :candidate capability, use the <commit> operation to set the running configuration to the candidate configuration. Use the <confirmed> parameter to allow automatic reversion to the original configuration if connectivity to the device fails.
如果设备支持:候选功能,请使用<commit>操作将正在运行的配置设置为候选配置。如果设备连接失败,使用<confirm>参数允许自动恢复到原始配置。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <commit> <confirmed/> <confirm-timeout>120</confirm-timeout> </commit> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <commit> <confirmed/> <confirm-timeout>120</confirm-timeout> </commit> </rpc>
Now that the incoming configuration has been integrated into the running configuration, the application needs to gain trust that the change has affected the device in the way intended without affecting it negatively.
既然传入的配置已集成到正在运行的配置中,应用程序需要获得信任,即更改已以预期方式影响设备,而不会对其产生负面影响。
To gain this confidence, the application can run tests of the operational state of the device. The nature of the test is dependent on the nature of the change and is outside the scope of this document. Such tests may include reachability from the system running the application (using ping), changes in reachability to the rest of the network (by comparing the device's routing table), or inspection of the particular change (looking for operational evidence of the BGP peer that was just added).
为了获得这种信心,应用程序可以运行设备运行状态的测试。测试的性质取决于变更的性质,不在本文件的范围内。此类测试可能包括运行应用程序的系统的可达性(使用ping)、对网络其余部分的可达性的更改(通过比较设备的路由表)或对特定更改的检查(寻找刚刚添加的BGP对等方的操作证据)。
When the configuration change is in place and the application has sufficient faith in the proper function of this change, the application should make the change permanent.
当配置更改到位且应用程序对该更改的正确功能有足够的信心时,应用程序应使更改永久化。
If the device supports the :startup capability, the current configuration can be saved to the startup configuration by using the startup configuration as the target of the <copy-config> operation.
如果设备支持:启动功能,则可以将启动配置用作<copy config>操作的目标,将当前配置保存到启动配置中。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <target> <startup/> </target> <source> <running/> </source> </copy-config> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <copy-config> <target> <startup/> </target> <source> <running/> </source> </copy-config> </rpc>
If the device supports the :candidate capability and a confirmed commit was requested, the confirming commit must be sent before the timeout expires.
如果设备支持:候选功能并且请求了确认提交,则必须在超时过期之前发送确认提交。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <commit/> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <commit/> </rpc>
When the configuration update is complete, the lock must be released, allowing other applications access to the configuration.
配置更新完成后,必须释放锁,以允许其他应用程序访问配置。
Use the <unlock> operation to release the configuration lock.
使用<unlock>操作释放配置锁。
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <unlock> <target> <running/> </target> </unlock> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <unlock> <target> <running/> </target> </unlock> </rpc>
When a configuration change requires updates across a number of devices, care should be taken to provide the required transaction semantics. The NETCONF protocol contains sufficient primitives upon which transaction-oriented operations can be built. Providing complete transactional semantics across multiple devices is prohibitively expensive, but the size and number of windows for failure scenarios can be reduced.
当配置更改需要跨多个设备进行更新时,应注意提供所需的事务语义。NETCONF协议包含足够的原语,在这些原语上可以构建面向事务的操作。跨多个设备提供完整的事务语义代价高昂,但可以减少故障场景的窗口大小和数量。
There are two classes of multi-device operations. The first class allows the operation to fail on individual devices without requiring all devices to revert to their original state. The operation can be retried at a later time, or its failure simply reported to the user. An example of this class might be adding an NTP server. For this class of operations, failure avoidance and recovery are focused on the individual device. This means recovery of the device, reporting the failure, and perhaps scheduling another attempt.
有两类多设备操作。第一类允许操作在单个设备上失败,而不要求所有设备恢复到其原始状态。该操作可以在以后重试,或者将其失败简单地报告给用户。此类的一个示例可能是添加NTP服务器。对于这类操作,故障避免和恢复的重点是单个设备。这意味着恢复设备,报告故障,并可能安排另一次尝试。
The second class is more interesting, requiring that the operation should complete on all devices or be fully reversed. The network should either be transformed into a new state or be reset to its original state. For example, a change to a VPN may require updates to a number of devices. Another example of this might be adding a class-of-service definition. Leaving the network in a state where only a portion of the devices have been updated with the new definition will lead to future failures when the definition is referenced.
第二类更有趣,要求操作应在所有设备上完成或完全反转。网络应转换为新状态或重置为其原始状态。例如,对VPN的更改可能需要对多个设备进行更新。另一个例子可能是添加一个服务定义类。如果将网络保持在仅使用新定义更新了部分设备的状态,则在引用该定义时,将导致将来的故障。
To give transactional semantics, the same steps used in single device operations listed above are used, but are performed in parallel across all devices. Configuration locks should be acquired on all
为了给出事务语义,可以使用上面列出的单个设备操作中使用的相同步骤,但在所有设备上并行执行。应在所有服务器上获取配置锁
target devices and kept until all devices are updated and the changes made permanent. Configuration changes should be uploaded and validation performed across all devices. Checkpoints should be made on each device. Then the running configuration can be changed, tested, and made permanent. If any of these steps fail, the previous configurations can be restored on any devices upon which they were changed. After the changes have been completely implemented or completely discarded, the locks on each device can be released.
以设备为目标并保留,直到所有设备更新且更改永久化。应上传配置更改,并在所有设备上执行验证。应在每个设备上设置检查点。然后可以更改、测试运行配置并使其永久化。如果这些步骤中的任何一个失败,则可以在更改之前的配置的任何设备上恢复这些配置。在完全实现更改或完全放弃更改后,可以释放每个设备上的锁。
The following features have been deferred until a future revision of this document.
以下功能已推迟到本文件的未来版本。
o Granular locking of configuration objects.
o 配置对象的细粒度锁定。
o Named configuration files/datastores.
o 命名的配置文件/数据存储。
o Support for multiple NETCONF channels.
o 支持多个NETCONF通道。
o Asynchronous notifications.
o 异步通知。
o Explicit protocol support for rollback of configuration changes to prior versions.
o 显式协议支持将配置更改回滚到以前的版本。
Editor's Address
编辑地址
Rob Enns Juniper Networks 1194 North Mathilda Ave Sunnyvale, CA 94089 US
美国加利福尼亚州桑尼维尔北马蒂尔达大道1194号罗布·恩斯·朱尼珀网络公司,邮编94089
EMail: rpe@juniper.net
EMail: rpe@juniper.net
Full Copyright Statement
完整版权声明
Copyright (C) The IETF Trust (2006).
版权所有(C)IETF信托基金(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST, AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。