Internet Engineering Task Force (IETF) M. Bjorklund Request for Comments: 8526 Tail-f Systems Updates: 6241, 7950 J. Schoenwaelder Category: Standards Track Jacobs University ISSN: 2070-1721 P. Shafer Juniper Networks K. Watsen Watsen Networks R. Wilton Cisco Systems March 2019
Internet Engineering Task Force (IETF) M. Bjorklund Request for Comments: 8526 Tail-f Systems Updates: 6241, 7950 J. Schoenwaelder Category: Standards Track Jacobs University ISSN: 2070-1721 P. Shafer Juniper Networks K. Watsen Watsen Networks R. Wilton Cisco Systems March 2019
NETCONF Extensions to Support the Network Management Datastore Architecture
支持网络管理数据存储体系结构的NETCONF扩展
Abstract
摘要
This document extends the Network Configuration Protocol (NETCONF) defined in RFC 6241 in order to support the Network Management Datastore Architecture (NMDA) defined in RFC 8342.
本文档扩展了RFC 6241中定义的网络配置协议(NETCONF),以支持RFC 8342中定义的网络管理数据存储体系结构(NMDA)。
This document updates RFCs 6241 and 7950. The update to RFC 6241 adds new <get-data> and <edit-data> operations and augments existing <lock>, <unlock>, and <validate> operations. The update to RFC 7950 requires the usage of the YANG library (described in RFC 8525) by NETCONF servers implementing the NMDA.
本文件更新了RFCs 6241和7950。RFC 6241的更新增加了新的<get data>和<edit data>操作,并增加了现有的<lock>、<unlock>和<validate>操作。RFC 7950的更新要求实现NMDA的NETCONF服务器使用YANG库(如RFC 8525所述)。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8526.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8526.
Copyright Notice
版权公告
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
版权(c)2019 IETF信托基金和被确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................3 1.1. Terminology ................................................3 1.2. Tree Diagrams ..............................................3 2. Datastore and YANG Library Requirements .........................3 3. NETCONF Extensions ..............................................4 3.1. New NETCONF Operations .....................................4 3.1.1. The <get-data> Operation ............................4 3.1.2. The <edit-data> Operation ..........................10 3.2. Augmentations to NETCONF Operations .......................11 4. NETCONF Datastores YANG Module .................................12 5. IANA Considerations ............................................20 6. Security Considerations ........................................21 7. References .....................................................21 7.1. Normative References ......................................21 7.2. Informative References ....................................22 Authors' Addresses ................................................23
1. Introduction ....................................................3 1.1. Terminology ................................................3 1.2. Tree Diagrams ..............................................3 2. Datastore and YANG Library Requirements .........................3 3. NETCONF Extensions ..............................................4 3.1. New NETCONF Operations .....................................4 3.1.1. The <get-data> Operation ............................4 3.1.2. The <edit-data> Operation ..........................10 3.2. Augmentations to NETCONF Operations .......................11 4. NETCONF Datastores YANG Module .................................12 5. IANA Considerations ............................................20 6. Security Considerations ........................................21 7. References .....................................................21 7.1. Normative References ......................................21 7.2. Informative References ....................................22 Authors' Addresses ................................................23
This document extends the NETCONF protocol defined in [RFC6241] in order to support the Network Management Datastore Architecture (NMDA) defined in [RFC8342].
本文档扩展了[RFC6241]中定义的NETCONF协议,以支持[RFC8342]中定义的网络管理数据存储体系结构(NMDA)。
This document updates [RFC6241] in order to enable NETCONF clients to interact with all the datastores supported by a server implementing the NMDA. The update both adds new <get-data> and <edit-data> operations and augments existing <lock>, <unlock>, and <validate> operations.
本文档更新了[RFC6241],以使NETCONF客户端能够与实现NMDA的服务器支持的所有数据存储进行交互。该更新既添加了新的<get data>和<edit data>操作,又扩展了现有的<lock>、<unlock>和<validate>操作。
This document also updates [RFC7950] in order to enable NETCONF clients to both discover which datastores are supported by the NETCONF server and determine which modules are supported in each datastore. The update requires NETCONF servers implementing the NMDA to support the YANG library [RFC8525].
本文档还更新了[RFC7950],以使NETCONF客户端能够发现NETCONF服务器支持哪些数据存储,并确定每个数据存储中支持哪些模块。更新要求实现NMDA的NETCONF服务器支持YANG库[RFC8525]。
This document uses the terminology defined by the NMDA [RFC8342].
本文件使用NMDA[RFC8342]定义的术语。
The following term is defined in [RFC8525]:
[RFC8525]中定义了以下术语:
o YANG library content identifier
o 杨氏图书馆内容标识符
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。
Tree diagrams used in this document follow the notation defined in [RFC8340].
本文档中使用的树形图遵循[RFC8340]中定义的符号。
An NMDA-compliant NETCONF server MUST implement the "ietf-netconf-nmda" module defined in this document, MUST support the operational state datastore, and MUST implement at least revision 2019-01-04 of the "ietf-yang-library" module defined in [RFC8525].
符合NMDA的NETCONF服务器必须实现本文件中定义的“ietf NETCONF NMDA”模块,必须支持运行状态数据存储,并且必须至少实现[RFC8525]中定义的“ietf yang library”模块的2019-01-04版本。
A NETCONF client can discover which datastores and YANG modules the server supports by reading the YANG library information from the operational state datastore.
NETCONF客户端可以通过从运行状态数据存储中读取YANG库信息来发现服务器支持哪些数据存储和YANG模块。
The server MUST advertise the following capability in the <hello> message (line breaks and whitespace are used for formatting reasons only):
服务器必须在<hello>消息中公布以下功能(换行符和空格仅用于格式化原因):
urn:ietf:params:netconf:capability:yang-library:1.1? revision=<date>&content-id=<content-id-value>
urn:ietf:params:netconf:capability:yang-library:1.1? revision=<date>&content-id=<content-id-value>
The parameter "revision" has the same value as the revision date of the "ietf-yang-library" module implemented by the server. This parameter MUST be present.
参数“revision”的值与服务器实现的“ietf yang library”模块的修订日期相同。此参数必须存在。
The parameter "content-id" contains the YANG library content identifier [RFC8525]. This parameter MUST be present.
参数“content id”包含库内容标识符[RFC8525]。此参数必须存在。
With this mechanism, a client can cache the supported datastores and YANG modules for a server and only update the cache if the "content-id" value in the <hello> message changes.
通过这种机制,客户机可以缓存服务器支持的数据存储和模块,并且仅当<hello>消息中的“content id”值更改时才更新缓存。
This document updates Section 5.6.4 of [RFC7950] to allow servers to advertise the capability :yang-library:1.1 instead of :yang-library:1.0 and to implement the subtree "/yang-library" [RFC8525] instead of "/modules-state".
本文档更新了[RFC7950]第5.6.4节,以允许服务器公布功能:yang library:1.1而不是:yang library:1.0,并实现子树“/yang library”[RFC8525]而不是“/modules state”。
This section describes the NETCONF extensions needed to support the NMDA. These changes are defined in the new "ietf-netconf-nmda" YANG [RFC7950] module.
本节介绍支持NMDA所需的NETCONF扩展。这些更改在新的“ietf netconf nmda”模块[RFC7950]中定义。
These changes include the use of source and target parameters based on the "datastore" identity defined in the "ietf-datastores" module [RFC8342]. The use of identities allows future expansion in a way that the choice-based strategy from the original operations (e.g., <get-config> and <edit-config>) does not.
这些更改包括基于“ietf数据存储”模块[RFC8342]中定义的“数据存储”标识使用源和目标参数。身份的使用允许将来以原始操作中基于选择的策略(例如,<get config>和<edit config>)所不允许的方式进行扩展。
Two new operations -- <get-data> and <edit-data> -- are defined in this document in order to support the NMDA. These operations are similar to the <get-config> and <edit-config> operations, but they can work on an extensible set of datastores.
为了支持NMDA,本文档定义了两个新操作--<获取数据>和<编辑数据>。这些操作类似于<get config>和<edit config>操作,但它们可以在可扩展的数据存储集上工作。
The <get-data> operation retrieves data from a specific NMDA datastore. This operation is similar to NETCONF's <get-config> operation defined in [RFC6241], but it adds the flexibility to select the source datastore.
<get data>操作从特定NMDA数据存储中检索数据。此操作类似于[RFC6241]中定义的NETCONF的<get config>操作,但它增加了选择源数据存储的灵活性。
+---x get-data +---w input | +---w datastore ds:datastore-ref | +---w (filter-spec)? | | +--:(subtree-filter) | | | +---w subtree-filter? <anydata> | | +--:(xpath-filter) | | +---w xpath-filter? yang:xpath1.0 {nc:xpath}? | +---w config-filter? boolean | +---w (origin-filters)? {origin}? | | +--:(origin-filter) | | | +---w origin-filter* or:origin-ref | | +--:(negated-origin-filter) | | +---w negated-origin-filter* or:origin-ref | +---w max-depth? union | +---w with-origin? empty {origin}? | +---w with-defaults? with-defaults-mode +--ro output +--ro data? <anydata>
+---x get-data +---w input | +---w datastore ds:datastore-ref | +---w (filter-spec)? | | +--:(subtree-filter) | | | +---w subtree-filter? <anydata> | | +--:(xpath-filter) | | +---w xpath-filter? yang:xpath1.0 {nc:xpath}? | +---w config-filter? boolean | +---w (origin-filters)? {origin}? | | +--:(origin-filter) | | | +---w origin-filter* or:origin-ref | | +--:(negated-origin-filter) | | +---w negated-origin-filter* or:origin-ref | +---w max-depth? union | +---w with-origin? empty {origin}? | +---w with-defaults? with-defaults-mode +--ro output +--ro data? <anydata>
The "datastore" parameter indicates the datastore that is the source of the data to be retrieved. This is a "datastore" identity.
“datastore”参数表示作为要检索的数据源的数据存储。这是一个“数据存储”标识。
The <get-data> operation accepts a content filter parameter, similar to the "filter" parameter of <get-config>, but uses explicit nodes for subtree filtering ("subtree-filter") and XPath filtering ("xpath-filter").
<get data>操作接受内容筛选器参数,类似于<get config>的“filter”参数,但使用显式节点进行子树筛选(“子树筛选”)和XPath筛选(“XPath筛选”)。
The "config-filter" parameter can be used to retrieve only "config true" or "config false" nodes.
“config filter”参数只能用于检索“config true”或“config false”节点。
The "origin-filter" parameter, which can be present multiple times, selects nodes equal to or derived from any of the given values. The "negated-origin-filter", which can be present multiple times, selects nodes that are not equal to or derived from any of the given values. The "origin-filter" and "negated-origin-filter" parameters cannot be used together.
“origin filter”参数可以多次出现,用于选择等于或源自任何给定值的节点。“求反原点过滤器”可以多次出现,用于选择不等于或不源自任何给定值的节点。“原点过滤器”和“反原点过滤器”参数不能一起使用。
The "max-depth" parameter can be used by the client to limit the number of subtree levels that are returned in the reply.
客户端可以使用“max depth”参数来限制回复中返回的子树级别数。
The <get-data> operation defines a parameter named "with-origin", which if present, requests that the server includes "origin" metadata annotations in its response, as detailed in the NMDA. This parameter is only valid for the operational state datastore and any datastores with identities derived from the "operational" identity. Otherwise,
<get data>操作定义了一个名为“with origin”的参数,该参数如果存在,将请求服务器在其响应中包含“origin”元数据注释,详见NMDA。此参数仅对操作状态数据存储以及标识源自“操作”标识的任何数据存储有效。否则
if an invalid datastore is specified then an error is returned, as specified in the "ietf-netconf-nmda" module (see Section 4). Note that "origin" metadata annotations are not included in a response unless a client explicitly requests them.
如果指定了无效的数据存储,则返回错误,如“ietf netconf nmda”模块中所述(参见第4节)。请注意,“源”元数据注释不包括在响应中,除非客户端明确请求它们。
Data in the operational state datastore can come from multiple sources. The server should return the "origin" metadata annotation value that most accurately indicates the source of the operational value, as specified in Section 5.3.4 of [RFC8342].
操作状态数据存储中的数据可以来自多个源。按照[RFC8342]第5.3.4节的规定,服务器应返回最准确地指示操作值来源的“源”元数据注释值。
When encoding the "origin" metadata annotation for a hierarchy of returned nodes, the annotation may be omitted for a child node when the value matches that of the parent node, as described in the "ietf-origin" YANG module [RFC8342].
当为返回节点的层次结构编码“源”元数据注释时,如“ietf源”模块[RFC8342]中所述,当值与父节点的值匹配时,可以省略子节点的注释。
Support for the "with-origin" parameter is OPTIONAL. It is identified with the feature "origin".
对“with origin”参数的支持是可选的。它用特征“原点”标识。
If the "with-defaults" capability is supported by the server, then the "with-defaults" parameter, defined in [RFC6243], is supported for <get-data> operations that target conventional configuration datastores.
如果服务器支持“带默认值”功能,则[RFC6243]中定义的“带默认值”参数可用于针对传统配置数据存储的<get data>操作。
Support for the "with-defaults" parameter is OPTIONAL for <get-data> operations that target <operational>. The associated capability to indicate a server's support is identified with the URI:
对于以<operational>为目标的<get data>操作,对“with defaults”参数的支持是可选的。指示服务器支持的相关功能由URI标识:
urn:ietf:params:netconf:capability:with-operational-defaults:1.0
urn:ietf:params:netconf:capability:with-operational-defaults:1.0
If the "with-defaults" parameter is supported for <get-data> operations on <operational>, then all retrieval modes specified in either the 'basic-mode' or 'also-supported' parameter of the "with-defaults" capability are permitted. The behavior of the "with-defaults" parameter for <operational> is defined as below:
如果<operational>上的<get data>操作支持“with defaults”参数,则允许在“with defaults”功能的“basic mode”或“allow supported”参数中指定的所有检索模式。<operational>的“with defaults”参数的行为定义如下:
o If no "with-defaults" parameter is specified, or if it is set to "explicit", "report-all", or "report-all-tagged", then the "in use" values, as defined in Section 5.3 of [RFC8342], are returned from the operational state datastore, even if a node happens to have a default statement in the YANG module, and this default value is being used by the server. If the "with-defaults" parameter is set to "report-all-tagged", any values that match the schema default are tagged with additional metadata, as described in Section 3.4 of [RFC6243].
o 如果未指定“带默认值”参数,或者如果将其设置为“显式”、“全部报告”或“标记全部报告”,则[RFC8342]第5.3节中定义的“使用中”值将从运行状态数据存储中返回,即使节点在模块中恰好有默认语句,服务器正在使用此默认值。如果“with defaults”参数设置为“report all taged”,则任何与模式默认值匹配的值都将使用附加元数据进行标记,如[RFC6243]第3.4节所述。
o If the "with-defaults" parameter is set to "trim", all "in use" values are returned, except that the output is filtered to exclude any values that match the default defined in the YANG schema.
o 如果“with defaults”参数设置为“trim”,则返回所有“in use”值,但过滤输出以排除与模式中定义的默认值匹配的任何值。
Support for "with-defaults" in <get-data> operations on any datastore not defined in [RFC8342] should be defined by the specification for the datastore.
对[RFC8342]中未定义的任何数据存储的<get data>操作中的“带默认值”的支持应由数据存储的规范定义。
The following example shows the <get-data> version of the <get-config> example shown in Section 7.1 of [RFC6241], which selects the entire "/users" subtree:
以下示例显示了[RFC6241]第7.1节中所示的<get-data>版本的<get-config>示例,该示例选择整个“/users”子树:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda" xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores"> <datastore>ds:running</datastore> <subtree-filter> <top xmlns="http://example.com/schema/1.2/config"> <users/> </top> </subtree-filter> </get-data> </rpc>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda" xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores"> <datastore>ds:running</datastore> <subtree-filter> <top xmlns="http://example.com/schema/1.2/config"> <users/> </top> </subtree-filter> </get-data> </rpc>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <type>superuser</type> <full-name>Charlie Root</full-name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user> <!-- additional <user> elements appear here... --> </users> </top> </data> </rpc-reply>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <type>superuser</type> <full-name>Charlie Root</full-name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user> <!-- additional <user> elements appear here... --> </users> </top> </data> </rpc-reply>
The following example shows how the "origin-filter" can be used to retrieve nodes from <operational>. The example uses the fictional data model defined in Appendix C of [RFC8342].
下面的示例显示了如何使用“源过滤器”从<operational>检索节点。该示例使用[RFC8342]附录C中定义的虚构数据模型。
<rpc message-id="102" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda" xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores" xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"> <datastore>ds:operational</datastore> <subtree-filter> <bgp xmlns="http://example.com/ns/bgp"/> </subtree-filter> <origin-filter>or:intended</origin-filter> <origin-filter>or:system</origin-filter> <with-origin/> </get-data> </rpc>
<rpc message-id="102" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda" xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores" xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"> <datastore>ds:operational</datastore> <subtree-filter> <bgp xmlns="http://example.com/ns/bgp"/> </subtree-filter> <origin-filter>or:intended</origin-filter> <origin-filter>or:system</origin-filter> <with-origin/> </get-data> </rpc>
<rpc-reply message-id="102" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"> <bgp xmlns="http://example.com/ns/bgp" xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin" or:origin="or:intended"> <peer> <name>2001:db8::2:3</name> <local-port or:origin="or:system">60794</local-port> <state>established</state> </peer> </bgp> </data> </rpc-reply>
<rpc-reply message-id="102" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"> <bgp xmlns="http://example.com/ns/bgp" xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin" or:origin="or:intended"> <peer> <name>2001:db8::2:3</name> <local-port or:origin="or:system">60794</local-port> <state>established</state> </peer> </bgp> </data> </rpc-reply>
In order to not retrieve any system state nodes, the "config-filter" can be used:
为了不检索任何系统状态节点,可以使用“配置过滤器”:
<rpc message-id="103" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda" xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores" xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"> <datastore>ds:operational</datastore> <subtree-filter> <bgp xmlns="http://example.com/ns/bgp"/> </subtree-filter> <config-filter>true</config-filter> <origin-filter>or:intended</origin-filter> <origin-filter>or:system</origin-filter> <with-origin/> </get-data> </rpc>
<rpc message-id="103" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda" xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores" xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"> <datastore>ds:operational</datastore> <subtree-filter> <bgp xmlns="http://example.com/ns/bgp"/> </subtree-filter> <config-filter>true</config-filter> <origin-filter>or:intended</origin-filter> <origin-filter>or:system</origin-filter> <with-origin/> </get-data> </rpc>
<rpc-reply message-id="103" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"> <bgp xmlns="http://example.com/ns/bgp" xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin" or:origin="or:intended"> <peer> <name>2001:db8::2:3</name> <local-port or:origin="or:system">60794</local-port> </peer> </bgp> </data> </rpc-reply>
<rpc-reply message-id="103" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"> <bgp xmlns="http://example.com/ns/bgp" xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin" or:origin="or:intended"> <peer> <name>2001:db8::2:3</name> <local-port or:origin="or:system">60794</local-port> </peer> </bgp> </data> </rpc-reply>
The <edit-data> operation changes the contents of a writable datastore, similar to the <edit-config> operation defined in [RFC6241] but with additional flexibility in naming the target datastore. If an <edit-data> operation is invoked on a non-writable datastore, then an error is returned, as specified in the "ietf-netconf-nmda" module (see Section 4).
<edit data>操作更改可写数据存储的内容,类似于[RFC6241]中定义的<edit config>操作,但在命名目标数据存储时具有额外的灵活性。如果在不可写数据存储上调用<edit data>操作,则返回错误,如“ietf netconf nmda”模块中所述(参见第4节)。
+---x edit-data +---w input +---w datastore ds:datastore-ref +---w default-operation? enumeration +---w (edit-content) +--:(config) | +---w config? <anydata> +--:(url) +---w url? inet:uri {nc:url}?
+---x edit-data +---w input +---w datastore ds:datastore-ref +---w default-operation? enumeration +---w (edit-content) +--:(config) | +---w config? <anydata> +--:(url) +---w url? inet:uri {nc:url}?
The "datastore" parameter is a "datastore" identity that indicates the desired target datastore where changes should be made.
“datastore”参数是一个“datastore”标识,它指示应该在其中进行更改的所需目标数据存储。
The "default-operation" parameter selects the default operation to use. It is a copy of the "default-operation" parameter of the <edit-config> operation.
“默认操作”参数选择要使用的默认操作。它是<edit config>操作的“default operation”参数的副本。
The "edit-content" parameter specifies the content for the edit operation. It mirrors the "edit-content" choice of the <edit-config> operation. Note, however, that the "config" element in the "edit-content" choice of <edit-data> uses "anydata" (introduced in YANG 1.1 [RFC7950]) while the "config" element in the "edit-content" choice of <edit-config> used "anyxml".
“编辑内容”参数指定编辑操作的内容。它反映了<edit config>操作的“编辑内容”选项。但是,请注意,<edit data>的“edit content”选项中的“config”元素使用“anydata”(在YANG 1.1[RFC7950]中介绍),而<edit config>的“edit content”选项中的“config”元素使用“anyxml”。
The <edit-data> operation does not support the "error-option" and the "test-option" parameters that were part of the <edit-config> operation. The error behavior of <edit-data> corresponds to the "rollback-on-error" value in the "error-option" parameter.
<edit data>操作不支持作为<edit config>操作一部分的“错误选项”和“测试选项”参数。<edit data>的错误行为对应于“error option”参数中的“rollback on error”值。
If the "with-defaults" capability is supported by the server, the semantics of editing modes is the same as for <edit-config>, as described in Section 4.5.2 of [RFC6243].
如果服务器支持“带默认值”功能,则编辑模式的语义与<edit config>相同,如[RFC6243]第4.5.2节所述。
Semantics for "with-defaults" in <edit-data> operations on any non conventional configuration datastores should be defined by the specification for the datastore.
任何非常规配置数据存储上的<edit data>操作中的“带默认值”的语义应由数据存储规范定义。
The following example shows the <edit-data> version of the first <edit-config> example in Section 7.2 of [RFC6241]. In this example, the MTU is set to 1500 on an interface named "Ethernet0/0" in the running configuration datastore.
以下示例显示了[RFC6241]第7.2节中第一个<edit config>示例的<edit data>版本。在本例中,MTU在运行配置数据存储中名为“Ethernet0/0”的接口上设置为1500。
<rpc message-id="103" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda" xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores"> <datastore>ds:running</datastore> <config> <top xmlns="http://example.com/schema/1.2/config"> <interface> <name>Ethernet0/0</name> <mtu>1500</mtu> </interface> </top> </config> </edit-data> </rpc>
<rpc message-id="103" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda" xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores"> <datastore>ds:running</datastore> <config> <top xmlns="http://example.com/schema/1.2/config"> <interface> <name>Ethernet0/0</name> <mtu>1500</mtu> </interface> </top> </config> </edit-data> </rpc>
<rpc-reply message-id="103" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
<rpc-reply message-id="103" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>
The other <edit-config> examples shown in Section 7.2 of [RFC6241] can be translated to <edit-data> examples in a similar way.
[RFC6241]第7.2节中所示的其他<edit config>示例可以以类似方式转换为<edit data>示例。
Several of the operations defined in the base NETCONF YANG module "ietf-netconf" [RFC6241] may be used with new datastores. Hence, the <lock>, <unlock>, and <validate> operations are augmented with a new "datastore" leaf that can select the desired datastore. If a <lock>, <unlock>, or <validate> operation is not supported on a particular datastore, then an error is returned, as specified in the "ietf-netconf-nmda" module (see Section 4).
基本NETCONF模块“ietf NETCONF”[RFC6241]中定义的若干操作可用于新的数据存储。因此,<lock>、<unlock>和<validate>操作增加了一个新的“datastore”叶,可以选择所需的数据存储。如果特定数据存储不支持<lock>、<unlock>或<validate>操作,则返回错误,如“ietf netconf nmda”模块中所述(参见第4节)。
This module imports definitions from [RFC6991], [RFC6241], [RFC6243], and [RFC8342].
此模块从[RFC6991]、[RFC6241]、[RFC6243]和[RFC8342]导入定义。
<CODE BEGINS> file "ietf-netconf-nmda@2019-01-07.yang"
<CODE BEGINS> file "ietf-netconf-nmda@2019-01-07.yang"
module ietf-netconf-nmda { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"; prefix ncds;
module ietf-netconf-nmda { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"; prefix ncds;
import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; } import ietf-datastores { prefix ds; reference "RFC 8342: Network Management Datastore Architecture (NMDA)"; } import ietf-origin { prefix or; reference "RFC 8342: Network Management Datastore Architecture (NMDA)"; } import ietf-netconf { prefix nc; reference "RFC 6241: Network Configuration Protocol (NETCONF)"; } import ietf-netconf-with-defaults { prefix ncwd; reference "RFC 6243: With-defaults Capability for NETCONF"; }
import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; } import ietf-datastores { prefix ds; reference "RFC 8342: Network Management Datastore Architecture (NMDA)"; } import ietf-origin { prefix or; reference "RFC 8342: Network Management Datastore Architecture (NMDA)"; } import ietf-netconf { prefix nc; reference "RFC 6241: Network Configuration Protocol (NETCONF)"; } import ietf-netconf-with-defaults { prefix ncwd; reference "RFC 6243: With-defaults Capability for NETCONF"; }
organization "IETF NETCONF Working Group";
组织“IETF NETCONF工作组”;
contact "WG Web: <https://datatracker.ietf.org/wg/netconf/>
contact "WG Web: <https://datatracker.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org>
WG List: <mailto:netconf@ietf.org>
Author: Martin Bjorklund <mailto:mbj@tail-f.com>
Author: Martin Bjorklund <mailto:mbj@tail-f.com>
Author: Juergen Schoenwaelder <mailto:j.schoenwaelder@jacobs-university.de>
Author: Juergen Schoenwaelder <mailto:j.schoenwaelder@jacobs-university.de>
Author: Phil Shafer <mailto:phil@juniper.net>
Author: Phil Shafer <mailto:phil@juniper.net>
Author: Kent Watsen <mailto:kent+ietf@watsen.net>
Author: Kent Watsen <mailto:kent+ietf@watsen.net>
Author: Robert Wilton <mailto:rwilton@cisco.com>"; description "This YANG module defines a set of NETCONF operations to support the Network Management Datastore Architecture (NMDA).
作者:罗伯特·威尔顿<mailto:rwilton@cisco.com>“说明”此模块定义了一组NETCONF操作,以支持网络管理数据存储体系结构(NMDA)。
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here.
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可能”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14(RFC 2119)(RFC 8174)所述进行解释。
Copyright (c) 2019 IETF Trust and the persons identified as authors of the code. All rights reserved.
版权(c)2019 IETF信托基金和被认定为代码作者的人员。版权所有。
Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info).
根据IETF信托有关IETF文件的法律规定第4.c节规定的简化BSD许可证中包含的许可条款,允许以源代码和二进制格式重新分发和使用,无论是否修改(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 8526; see the RFC itself for full legal notices.";
此模块的此版本是RFC 8526的一部分;有关完整的法律通知,请参见RFC本身。“;
revision 2019-01-07 { description "Initial revision."; reference "RFC 8526: NETCONF Extensions to Support the Network Management Datastore Architecture";
revision 2019-01-07 { description "Initial revision."; reference "RFC 8526: NETCONF Extensions to Support the Network Management Datastore Architecture";
}
}
feature origin { description "Indicates that the server supports the 'origin' annotation."; reference "RFC 8342: Network Management Datastore Architecture (NMDA)"; }
feature origin { description "Indicates that the server supports the 'origin' annotation."; reference "RFC 8342: Network Management Datastore Architecture (NMDA)"; }
feature with-defaults { description "NETCONF :with-defaults capability. If the server advertises the :with-defaults capability for a session, then this feature must also be enabled for that session. Otherwise, this feature must not be enabled."; reference "RFC 6243: With-defaults Capability for NETCONF, Section 4; and RFC 8526: NETCONF Extensions to Support the Network Management Datastore Architecture, Section 3.1.1.2"; }
feature with-defaults { description "NETCONF :with-defaults capability. If the server advertises the :with-defaults capability for a session, then this feature must also be enabled for that session. Otherwise, this feature must not be enabled."; reference "RFC 6243: With-defaults Capability for NETCONF, Section 4; and RFC 8526: NETCONF Extensions to Support the Network Management Datastore Architecture, Section 3.1.1.2"; }
rpc get-data { description "Retrieve data from an NMDA datastore. The content returned by get-data must satisfy all filters, i.e., the filter criteria are logically ANDed.
rpc get data{description“从NMDA数据存储中检索数据。get data返回的内容必须满足所有筛选器,即筛选器条件在逻辑上为AND。
Any ancestor nodes (including list keys) of nodes selected by the filters are included in the response.
由过滤器选择的节点的任何祖先节点(包括列表键)都包含在响应中。
The 'with-origin' parameter is only valid for an operational datastore. If 'with-origin' is used with an invalid datastore, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'.
“with origin”参数仅对操作数据存储有效。如果“with origin”用于无效数据存储,则服务器必须返回<rpc error>元素,其<error tag>值为“invalid value”。
The 'with-defaults' parameter only applies to the operational datastore if the NETCONF :with-defaults and :with-operational-defaults capabilities are both advertised. If the 'with-defaults' parameter is present in a request for which it is not supported, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; input { leaf datastore { type ds:datastore-ref; mandatory true;
The 'with-defaults' parameter only applies to the operational datastore if the NETCONF :with-defaults and :with-operational-defaults capabilities are both advertised. If the 'with-defaults' parameter is present in a request for which it is not supported, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; input { leaf datastore { type ds:datastore-ref; mandatory true;
description "Datastore from which to retrieve data.
description“要从中检索数据的数据存储。
If the datastore is not supported by the server, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } choice filter-spec { description "The content filter specification for this request."; anydata subtree-filter { description "This parameter identifies the portions of the target datastore to retrieve."; reference "RFC 6241: Network Configuration Protocol (NETCONF), Section 6"; } leaf xpath-filter { if-feature "nc:xpath"; type yang:xpath1.0; description "This parameter contains an XPath expression identifying the portions of the target datastore to retrieve.
If the datastore is not supported by the server, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } choice filter-spec { description "The content filter specification for this request."; anydata subtree-filter { description "This parameter identifies the portions of the target datastore to retrieve."; reference "RFC 6241: Network Configuration Protocol (NETCONF), Section 6"; } leaf xpath-filter { if-feature "nc:xpath"; type yang:xpath1.0; description "This parameter contains an XPath expression identifying the portions of the target datastore to retrieve.
If the expression returns a node-set, all nodes in the node-set are selected by the filter. Otherwise, if the expression does not return a node-set, then the <get-data> operation fails.
如果表达式返回节点集,则过滤器将选择节点集中的所有节点。否则,如果表达式不返回节点集,则<get data>操作将失败。
The expression is evaluated in the following XPath context:
表达式在以下XPath上下文中求值:
o The set of namespace declarations are those in scope on the 'xpath-filter' leaf element.
o 命名空间声明集是“xpath筛选器”叶元素作用域中的声明。
o The set of variable bindings is empty.
o 变量绑定集为空。
o The function library is the core function library, and the XPath functions are defined in Section 10 of RFC 7950.
o 函数库是核心函数库,XPath函数在RFC 7950的第10节中定义。
o The context node is the root node of the target datastore."; } } leaf config-filter { type boolean;
o The context node is the root node of the target datastore."; } } leaf config-filter { type boolean;
description "Filter for nodes with the given value for their 'config' property. When this leaf is set to 'true', only 'config true' nodes are selected, and when set to 'false', only 'config false' nodes are selected. If this leaf is not present, no nodes are filtered."; } choice origin-filters { when 'derived-from-or-self(datastore, "ds:operational")'; if-feature "origin"; description "Filters configuration nodes based on the 'origin' annotation. Configuration nodes that do not have an 'origin' annotation are treated as if they have the 'origin' annotation 'or:unknown'.
description "Filter for nodes with the given value for their 'config' property. When this leaf is set to 'true', only 'config true' nodes are selected, and when set to 'false', only 'config false' nodes are selected. If this leaf is not present, no nodes are filtered."; } choice origin-filters { when 'derived-from-or-self(datastore, "ds:operational")'; if-feature "origin"; description "Filters configuration nodes based on the 'origin' annotation. Configuration nodes that do not have an 'origin' annotation are treated as if they have the 'origin' annotation 'or:unknown'.
System state nodes are not affected by origin-filters and thus not filtered. Note that system state nodes can be filtered with the 'config-filter' leaf.";
系统状态节点不受原点过滤器的影响,因此不会被过滤。请注意,可以使用“配置筛选器”叶筛选系统状态节点。“;
leaf-list origin-filter { type or:origin-ref; description "Filter based on the 'origin' annotation. A configuration node matches the filter if its 'origin' annotation is derived from or equal to any of the given filter values."; } leaf-list negated-origin-filter { type or:origin-ref; description "Filter based on the 'origin' annotation. A configuration node matches the filter if its 'origin' annotation is neither derived from nor equal to any of the given filter values."; } } leaf max-depth { type union { type uint16 { range "1..65535"; } type enumeration { enum unbounded { description "All descendant nodes are included."; } }
leaf-list origin-filter { type or:origin-ref; description "Filter based on the 'origin' annotation. A configuration node matches the filter if its 'origin' annotation is derived from or equal to any of the given filter values."; } leaf-list negated-origin-filter { type or:origin-ref; description "Filter based on the 'origin' annotation. A configuration node matches the filter if its 'origin' annotation is neither derived from nor equal to any of the given filter values."; } } leaf max-depth { type union { type uint16 { range "1..65535"; } type enumeration { enum unbounded { description "All descendant nodes are included."; } }
} default "unbounded"; description "For each node selected by the filters, this parameter selects how many conceptual subtree levels should be returned in the reply. If the depth is 1, the reply includes just the selected nodes but no children. If the depth is 'unbounded', all descendant nodes are included."; } leaf with-origin { when 'derived-from-or-self(../datastore, "ds:operational")'; if-feature "origin"; type empty; description "If this parameter is present, the server will return the 'origin' annotation for the nodes that have one."; } uses ncwd:with-defaults-parameters { if-feature "with-defaults"; } } output { anydata data { description "Copy of the source datastore subset that matched the filter criteria (if any). An empty data container indicates that the request did not produce any results."; } } }
} default "unbounded"; description "For each node selected by the filters, this parameter selects how many conceptual subtree levels should be returned in the reply. If the depth is 1, the reply includes just the selected nodes but no children. If the depth is 'unbounded', all descendant nodes are included."; } leaf with-origin { when 'derived-from-or-self(../datastore, "ds:operational")'; if-feature "origin"; type empty; description "If this parameter is present, the server will return the 'origin' annotation for the nodes that have one."; } uses ncwd:with-defaults-parameters { if-feature "with-defaults"; } } output { anydata data { description "Copy of the source datastore subset that matched the filter criteria (if any). An empty data container indicates that the request did not produce any results."; } } }
rpc edit-data { description "Edit data in an NMDA datastore.
rpc编辑数据{description“编辑NMDA数据存储中的数据。
If an error condition occurs such that an error severity <rpc-error> element is generated, the server will stop processing the <edit-data> operation and restore the specified configuration to its complete state at the start of this <edit-data> operation."; input { leaf datastore { type ds:datastore-ref; mandatory true;
If an error condition occurs such that an error severity <rpc-error> element is generated, the server will stop processing the <edit-data> operation and restore the specified configuration to its complete state at the start of this <edit-data> operation."; input { leaf datastore { type ds:datastore-ref; mandatory true;
description "Datastore that is the target of the <edit-data> operation.
description“作为<edit data>操作目标的数据存储。
If the target datastore is not writable, or is not supported by the server, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } leaf default-operation { type enumeration { enum merge { description "The default operation is merge."; } enum replace { description "The default operation is replace."; } enum none { description "There is no default operation."; } } default "merge"; description "The default operation to use."; } choice edit-content { mandatory true; description "The content for the edit operation."; anydata config { description "Inline config content."; } leaf url { if-feature "nc:url"; type inet:uri; description "URL-based config content."; } } } }
If the target datastore is not writable, or is not supported by the server, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } leaf default-operation { type enumeration { enum merge { description "The default operation is merge."; } enum replace { description "The default operation is replace."; } enum none { description "There is no default operation."; } } default "merge"; description "The default operation to use."; } choice edit-content { mandatory true; description "The content for the edit operation."; anydata config { description "Inline config content."; } leaf url { if-feature "nc:url"; type inet:uri; description "URL-based config content."; } } } }
/* * Augment the <lock> and <unlock> operations with a * "datastore" parameter.
/* * Augment the <lock> and <unlock> operations with a * "datastore" parameter.
*/
*/
augment "/nc:lock/nc:input/nc:target/nc:config-target" { description "Add NMDA datastore as target."; leaf datastore { type ds:datastore-ref; description "Datastore to lock.
augment "/nc:lock/nc:input/nc:target/nc:config-target" { description "Add NMDA datastore as target."; leaf datastore { type ds:datastore-ref; description "Datastore to lock.
The <lock> operation is only supported on writable datastores.
<lock>操作仅在可写数据存储上受支持。
If the <lock> operation is not supported by the server on the specified target datastore, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } }
If the <lock> operation is not supported by the server on the specified target datastore, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } }
augment "/nc:unlock/nc:input/nc:target/nc:config-target" { description "Add NMDA datastore as target."; leaf datastore { type ds:datastore-ref; description "Datastore to unlock.
augment "/nc:unlock/nc:input/nc:target/nc:config-target" { description "Add NMDA datastore as target."; leaf datastore { type ds:datastore-ref; description "Datastore to unlock.
The <unlock> operation is only supported on writable datastores.
<unlock>操作仅在可写数据存储上受支持。
If the <unlock> operation is not supported by the server on the specified target datastore, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } }
If the <unlock> operation is not supported by the server on the specified target datastore, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } }
/* * Augment the <validate> operation with a * "datastore" parameter. */
/* * Augment the <validate> operation with a * "datastore" parameter. */
augment "/nc:validate/nc:input/nc:source/nc:config-source" { description "Add NMDA datastore as source."; leaf datastore { type ds:datastore-ref;
augment "/nc:validate/nc:input/nc:source/nc:config-source" { description "Add NMDA datastore as source."; leaf datastore { type ds:datastore-ref;
description "Datastore to validate.
description“要验证的数据存储。
The <validate> operation is supported only on configuration datastores.
仅在配置数据存储上支持<validate>操作。
If the <validate> operation is not supported by the server on the specified target datastore, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } } }
If the <validate> operation is not supported by the server on the specified target datastore, then the server MUST return an <rpc-error> element with an <error-tag> value of 'invalid-value'."; } } }
<CODE ENDS>
<代码结束>
This document registers two capability identifier URNs in the "Network Configuration Protocol (NETCONF) Capability URNs" registry:
本文档在“网络配置协议(NETCONF)能力URN”注册表中注册了两个能力标识符URN:
Index Capability Identifier --------------------- :yang-library:1.1 urn:ietf:params:netconf:capability:yang-library:1.1
Index Capability Identifier --------------------- :yang-library:1.1 urn:ietf:params:netconf:capability:yang-library:1.1
:with-operational-defaults urn:ietf:params:netconf:capability:with-operational-defaults:1.0
:with-operational-defaults urn:ietf:params:netconf:capability:with-operational-defaults:1.0
This document registers a URI in the "IETF XML Registry" [RFC3688]. Following the format in RFC 3688, the following registration has been made.
本文档在“IETF XML注册表”[RFC3688]中注册URI。按照RFC 3688中的格式,进行了以下注册。
URI: urn:ietf:params:xml:ns:yang:ietf-netconf-nmda
URI: urn:ietf:params:xml:ns:yang:ietf-netconf-nmda
Registrant Contact: The IESG.
注册人联系人:IESG。
XML: N/A, the requested URI is an XML namespace.
XML:N/A,请求的URI是一个XML名称空间。
This document registers a YANG module in the "YANG Module Names" registry [RFC6020].
本文件在“阳模块名称”注册表[RFC6020]中注册阳模块。
name: ietf-netconf-nmda namespace: urn:ietf:params:xml:ns:yang:ietf-netconf-nmda prefix: ncds reference: RFC 8526
name: ietf-netconf-nmda namespace: urn:ietf:params:xml:ns:yang:ietf-netconf-nmda prefix: ncds reference: RFC 8526
The YANG module defined in this document extends the base operations of the NETCONF [RFC6241] protocol. The lowest NETCONF layer is the secure transport layer and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242].
本文档中定义的YANG模块扩展了NETCONF[RFC6241]协议的基本操作。最低的NETCONF层是安全传输层,实现安全传输的强制要求是安全Shell(SSH)[RFC6242]。
The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF users to a preconfigured subset of all available NETCONF protocol operations and content.
网络配置访问控制模型(NACM)[RFC8341]提供了将特定NETCONF用户的访问限制为所有可用NETCONF协议操作和内容的预配置子集的方法。
The security considerations for the base NETCONF protocol operations (see Section 9 of [RFC6241]) apply to the new NETCONF <get-data> and <edit-data> operations defined in this document.
基本NETCONF协议操作的安全注意事项(参见[RFC6241]第9节)适用于本文档中定义的新NETCONF<get data>和<edit data>操作。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, <https://www.rfc-editor.org/info/rfc3688>.
[RFC3688]Mealling,M.,“IETF XML注册表”,BCP 81,RFC 3688,DOI 10.17487/RFC3688,2004年1月<https://www.rfc-editor.org/info/rfc3688>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010, <https://www.rfc-editor.org/info/rfc6020>.
[RFC6020]Bjorklund,M.,Ed.“YANG-网络配置协议的数据建模语言(NETCONF)”,RFC 6020,DOI 10.17487/RFC6020,2010年10月<https://www.rfc-editor.org/info/rfc6020>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, <https://www.rfc-editor.org/info/rfc6241>.
[RFC6241]Enns,R.,Ed.,Bjorklund,M.,Ed.,Schoenwaeld,J.,Ed.,和A.Bierman,Ed.,“网络配置协议(NETCONF)”,RFC 6241,DOI 10.17487/RFC6241,2011年6月<https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, <https://www.rfc-editor.org/info/rfc6242>.
[RFC6242]Wasserman,M.“在安全外壳上使用NETCONF协议(SSH)”,RFC 6242,DOI 10.17487/RFC6242,2011年6月<https://www.rfc-editor.org/info/rfc6242>.
[RFC6243] Bierman, A. and B. Lengyel, "With-defaults Capability for NETCONF", RFC 6243, DOI 10.17487/RFC6243, June 2011, <https://www.rfc-editor.org/info/rfc6243>.
[RFC6243]Bierman,A.和B.Lengyel,“NETCONF的默认功能”,RFC 6243,DOI 10.17487/RFC6243,2011年6月<https://www.rfc-editor.org/info/rfc6243>.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, DOI 10.17487/RFC6991, July 2013, <https://www.rfc-editor.org/info/rfc6991>.
[RFC6991]Schoenwaeld,J.,Ed.,“常见杨数据类型”,RFC 6991,DOI 10.17487/RFC69911913年7月<https://www.rfc-editor.org/info/rfc6991>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, <https://www.rfc-editor.org/info/rfc7950>.
[RFC7950]Bjorklund,M.,Ed.“YANG 1.1数据建模语言”,RFC 7950,DOI 10.17487/RFC7950,2016年8月<https://www.rfc-editor.org/info/rfc7950>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<https://www.rfc-editor.org/info/rfc8174>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, March 2018, <https://www.rfc-editor.org/info/rfc8341>.
[RFC8341]Bierman,A.和M.Bjorklund,“网络配置访问控制模型”,STD 91,RFC 8341,DOI 10.17487/RFC8341,2018年3月<https://www.rfc-editor.org/info/rfc8341>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, <https://www.rfc-editor.org/info/rfc8342>.
[RFC8342]Bjorklund,M.,Schoenwaeld,J.,Shafer,P.,Watsen,K.,和R.Wilton,“网络管理数据存储体系结构(NMDA)”,RFC 8342,DOI 10.17487/RFC8342,2018年3月<https://www.rfc-editor.org/info/rfc8342>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., and R. Wilton, "YANG Library", RFC 8525, DOI 10.17487/RFC8525, March 2019, <https://www.rfc-editor.org/info/rfc8525>.
[RFC8525]Bierman,A.,Bjorklund,M.,Schoenwaeld,J.,Watsen,K.,和R.Wilton,“杨图书馆”,RFC 8525,DOI 10.17487/RFC85252019年3月<https://www.rfc-editor.org/info/rfc8525>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, <https://www.rfc-editor.org/info/rfc8340>.
[RFC8340]Bjorklund,M.和L.Berger,编辑,“杨树图”,BCP 215,RFC 8340,DOI 10.17487/RFC8340,2018年3月<https://www.rfc-editor.org/info/rfc8340>.
Authors' Addresses
作者地址
Martin Bjorklund Tail-f Systems
Martin Bjorklund Tail-f系统
Email: mbj@tail-f.com
Email: mbj@tail-f.com
Juergen Schoenwaelder Jacobs University
尤尔根·舍恩瓦埃尔德·雅各布斯大学
Email: j.schoenwaelder@jacobs-university.de
Email: j.schoenwaelder@jacobs-university.de
Phil Shafer Juniper Networks
Phil Shafer Juniper网络公司
Email: phil@juniper.net
Email: phil@juniper.net
Kent Watsen Watsen Networks
肯特沃特森网络公司
Email: kent+ietf@watsen.net
Email: kent+ietf@watsen.net
Robert Wilton Cisco Systems
罗伯特·威尔顿思科系统公司
Email: rwilton@cisco.com
Email: rwilton@cisco.com