Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-kwatsen-netconf-server Configuration Model for SSH and TLS Transports.

Published byDorcas Foster Modified over 8 years ago

Similar presentations

Presentation on theme: "Draft-kwatsen-netconf-server Configuration Model for SSH and TLS Transports."— Presentation transcript:

1 draft-kwatsen-netconf-server Configuration Model for SSH and TLS Transports

2 Introduction The IETF 88 meeting agreed to unify the configuration data model used between RFC 5539bis and draft-ietf-netconf-reverse-ssh. The resulting data-model defined in this draft supports the SSH and TLS transports simultaneously, for both the listening and call-home use cases. 2

3 Updates since -00 From -00 to -01 – Restructured YANG module slightly, to provide groupings useful to the ZeroTouch draft. From -01 to -02 (not posted yet!) – YANG Moved transport selection deeper into tree Renamed “application” to “network-manager” Renamed “server” to “endpoint” – Text Enhanced definition for Keep Alives Clarified persistent connection behavior if app closes connection 3

4 Objectives Support all NETCONF transports Align transport-specific configurations Support transport-independent configuration Support both inbound and outbound connections For Outbound Connections – Support More than one Network Manager – Support Network Managers having more than one endpoint – Support a reconnection strategy – Support both persistent and periodic connections – Keep-Alives for persistent connections – Customizations for periodic connections 4

5 Data Model Module’s Top-Level Container 5 container netconf { description "Top-level container for NETCONF server configuration."; container listen { uses listen-config; } container call-home { uses call-home-config; // grouping reused by zerotouch } container tls { if-feature tls; uses tls-global-config; // grouping reused by zerotouch }

6 Data Model (cont.) The “listen” grouping 6 +--rw listen +--rw ssh {inbound-ssh}? | +--rw (one-or-many)? | +--:(one-port) | | +--rw port? inet:port-number | +--:(many-ports) | +--rw interface* [address] | +--rw address inet:ip-address | +--rw port? inet:port- number +--rw tls {inbound-tls}? +--rw (one-or-many)? +--:(one-port) | +--rw port? inet:port-number +--:(many-ports) +--rw interface* [address] +--rw address inet:ip-address +--rw port? inet:port- number

7 Data Model (cont.) The “call-home” grouping 7 +--rw call-home +--rw network-managers +--rw network-manager* [name] +--rw name string +--rw description? string +--rw endpoints | +--rw endpoint* [address] | +--rw address inet:host | +--rw port? inet:port-number +--rw transport | +--rw ssh {outbound-ssh}? | | +--rw host-keys | | +--rw host-key* [name] | | +--rw name string | +--rw tls! {outbound-tls}? +--rw connection-type... +--rw reconnect-strategy...

8 Data Model (cont.) The “connection-type” and “reconnect-strategy” containers 8 +--rw connection-type | +--rw (connection-type)? | +--:(persistent-connection) | | +--rw persistent | | +--rw keep-alives | | +--rw interval-secs? uint8 | | +--rw count-max? uint8 | +--:(periodic-connection) | +--rw periodic | +--rw timeout-mins? uint8 | +--rw linger-secs? uint8 +--rw reconnect-strategy +--rw start-with? enumeration +--rw interval-secs? uint8 +--rw count-max? uint8

9 Data Model (cont.) The “tls” grouping 9 +--rw tls {tls}? +--rw cert-maps {tls-map-certificates}? | +--rw cert-to-name* [id] | +--rw id uint32 | +--rw fingerprint x509c2n:tls-fingerprint | +--rw map-type identityref | +--rw name string +--rw psk-maps {tls-map-pre-shared-keys}? +--rw psk-map* [psk-identity] +--rw psk-identity string +--rw user-name nacm:user-name-type +--rw not-valid-before? yang:date-and-time +--rw not-valid-after? yang:date-and-time +--rw key yang:hex-string

10 Security Considerations This document defines a YANG module to configure NETCONF's SSH and TLS transports. Please see the Security Considerations section in those RFCs for transport-specific security issues. 10

11 IANA Considerations Registers one URI in the IETF XML registry: URI: urn:ietf:params:xml:ns:yang:ietf-netconf-server Registrant Contact: The NETCONF WG of the IETF. XML: N/A, the requested URI is an XML namespace. Registers one YANG module in the YANG Module Names registry: name: ietf-netconf-server namespace: urn:ietf:params:xml:ns:yang:ietf-netconf-server prefix: ncserver reference: RFC XXXX 11

12 Open Issues In the “listen” grouping: – Is the “one-or-many” choice OK? In the “call-home” grouping: – Rethink persistent/periodic choice? Add a “schedule” and then use it to configure “periodic” connections? 12

13 Questions / Concerns ? 13

Download ppt "Draft-kwatsen-netconf-server Configuration Model for SSH and TLS Transports."

Similar presentations

71 th IETF meeting Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-06) Tomoyuki Iijima, Yoshifumi Atarashi, Hiroyasu.

71 th IETF meeting Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-06) Tomoyuki Iijima, Yoshifumi Atarashi, Hiroyasu.
Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)

Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)
NAT-PT Applicability Statement Design Team IETF #57, IETF V6OPS WG Vienna, Austria July 16, 2003.

NAT-PT Applicability Statement Design Team IETF #57, IETF V6OPS WG Vienna, Austria July 16, 2003.
Simple tutorial Yang & Netconf.

Simple tutorial Yang & Netconf.
Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-02 NETCONF WG IETF #92 Dallas, TX, USA.

Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-02 NETCONF WG IETF #92 Dallas, TX, USA.
Lionel Morand DIME WG IETF 79 Diameter Design Guidelines Thursday, November 11, 2010 Lionel Morand.

Lionel Morand DIME WG IETF 79 Diameter Design Guidelines Thursday, November 11, 2010 Lionel Morand.
MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.

MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.
Application Layer Protocol Negotiation

Application Layer Protocol Negotiation
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 Diffserv Yang Model

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 Diffserv Yang Model
NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.

NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.
draft-kwatsen-netconf-zerotouch-01

draft-kwatsen-netconf-zerotouch-01
Dean Cheng Jouni Korhonen Mehamed Boucadair

Dean Cheng Jouni Korhonen Mehamed Boucadair
draft-ietf-netconf-call-home-01

draft-ietf-netconf-call-home-01
1 Notification Rate Control draft-ietf-sipcore-event-rate-control-04 78th IETF,

1 Notification Rate Control draft-ietf-sipcore-event-rate-control th IETF,
© Hitachi, Ltd. 2007. All rights reserved. NETCONF Configuration I/F Advertisement by WSDL and XSD Hideki Okita, Tomoyuki Iijima, Yoshifumi Atarashi, Ray.

© Hitachi, Ltd All rights reserved. NETCONF Configuration I/F Advertisement by WSDL and XSD Hideki Okita, Tomoyuki Iijima, Yoshifumi Atarashi, Ray.
Yang Shi, Chris Elliott, Yong Zhang IETF 73 rd 18 Nov 2008, Minneapolis CAPWAP WG MIB Drafts Report.

Yang Shi, Chris Elliott, Yong Zhang IETF 73 rd 18 Nov 2008, Minneapolis CAPWAP WG MIB Drafts Report.
68th IETF – OPS area – XML MIB Modules XML MIB Modules draft-stephan-ops-xml-mib-module-template-00 draft-stephan-ops-xml-mib-module-template-00.

68th IETF – OPS area – XML MIB Modules XML MIB Modules draft-stephan-ops-xml-mib-module-template-00 draft-stephan-ops-xml-mib-module-template-00.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
NETCONF WG IETF 92 - Dallas TUESDAY, March 24, 2015 1300-1500 CDT Mehmet Ersue Mahesh Jethanandani 3/24/2015 1 IETF #92- NETCONF WG session.

NETCONF WG IETF 92 - Dallas TUESDAY, March 24, CDT Mehmet Ersue Mahesh Jethanandani 3/24/ IETF #92- NETCONF WG session.
Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.

Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.

Similar presentations

Ads by Google