draft-ietf-netmod-factory-default-05.txt   draft-ietf-netmod-factory-default-06.txt 
NETMOD Working Group Q. Wu NETMOD Working Group Q. Wu
Internet-Draft Huawei Internet-Draft Huawei
Intended status: Standards Track B. Lengyel Intended status: Standards Track B. Lengyel
Expires: May 2, 2020 Ericsson Hungary Expires: May 5, 2020 Ericsson Hungary
Y. Niu Y. Niu
Huawei Huawei
October 30, 2019 November 2, 2019
Factory Default Setting Factory Default Setting
draft-ietf-netmod-factory-default-05 draft-ietf-netmod-factory-default-06
Abstract Abstract
This document defines a method to reset a server to its factory- This document defines a method to reset a server to its factory-
default content. The reset operation may be used e.g. during initial default content. The reset operation may be used e.g. during initial
zero-touch configuration or when the existing configuration has major zero-touch configuration or when the existing configuration has major
errors, so re-starting the configuration process from scratch is the errors, so re-starting the configuration process from scratch is the
best option. best option.
A new factory-reset RPC is defined. Several methods of documenting A new factory-reset RPC is defined. Several methods of documenting
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 2, 2020. This Internet-Draft will expire on May 5, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 28 skipping to change at page 2, line 28
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Factory-Reset RPC . . . . . . . . . . . . . . . . . . . . . . 4 2. Factory-Reset RPC . . . . . . . . . . . . . . . . . . . . . . 4
3. Factory-Default Datastore . . . . . . . . . . . . . . . . . . 4 3. Factory-Default Datastore . . . . . . . . . . . . . . . . . . 4
4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
9.1. Normative References . . . . . . . . . . . . . . . . . . 8 9.1. Normative References . . . . . . . . . . . . . . . . . . 8
9.2. Informative References . . . . . . . . . . . . . . . . . 9 9.2. Informative References . . . . . . . . . . . . . . . . . 9
Appendix A. Difference between <startup> datastore and <factory- Appendix A. Difference between <startup> datastore and <factory-
default> datastore . . . . . . . . . . . . . . . . . 9 default> datastore . . . . . . . . . . . . . . . . . 9
Appendix B. Changes between revisions . . . . . . . . . . . . . 9 Appendix B. Changes between revisions . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
This document defines a method to reset a server to its factory- This document defines a method to reset a server to its factory-
default content. The reset operation may be used e.g. during initial default content. The reset operation may be used, e.g. during
zero-touch configuration [RFC8572] or when the existing configuration initial zero-touch configuration [RFC8572] or when the existing
has major errors, so re-starting the configuration process from configuration has major errors, so re-starting the configuration
scratch is the best option. When resetting a datastore all previous process from scratch is the best option. When resetting a datastore
configuration settings will be lost and replaced by the factory- all previous configuration settings will be lost and replaced by the
default content. factory-default content.
A new factory-reset RPC is defined. Several methods of documenting A new factory-reset RPC is defined. Several methods of documenting
the factory-default content are specified. the factory-default content are specified.
Optionally a new "factory-default" read-only datastore is defined, Optionally a new "factory-default" read-only datastore is defined,
that contains the data that will be copied over to all read-write that contains the data that will be copied over to all read-write
configuration datastores at reset. This datastore can also be used configuration datastores at reset. This datastore can also be used
in <get-data> or <get-config> operations. in <get-data> or <get-config> operations.
NETCONF defines the <delete> operation that allows resetting the NETCONF defines the <delete> operation that allows resetting the
<startup> datastore and the <discard-changes> operation that copies <startup> datastore and the <discard-changes> operation that copies
the content of the <running> datastore into the <candidate> the content of the <running> datastore into the <candidate>
datastore. However it is not possible to reset the running datastore. However it is not possible to reset the running
datastore, to reset the candidate datastore without changing the datastore, to reset the candidate datastore without changing the
running datastore or to reset any dynamic datastore. running datastore or to reset any dynamic datastore.
A RESTCONF server MAY implement the above NETCONF operations, but A RESTCONF server MAY implement the above NETCONF operations, but
that would still not allow it to reset the running configuration. that would still not allow it to reset the running configuration.
The YANG data model in this document conforms to the Network
Management Datastore Architecture defined in [RFC8342].
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
The following terms are defined in [RFC8342] and are not redefined The following terms are defined in [RFC8342] and are not redefined
here: here:
skipping to change at page 4, line 13 skipping to change at page 4, line 13
like available HW. like available HW.
2. Factory-Reset RPC 2. Factory-Reset RPC
A new "factory-reset" RPC is introduced. Upon receiveing the RPC the A new "factory-reset" RPC is introduced. Upon receiveing the RPC the
server resets the content of all read-write configuration datastores server resets the content of all read-write configuration datastores
(e.g.,<running> and <startup>) to their factory-default content. (e.g.,<running> and <startup>) to their factory-default content.
Read-only datastores receive their content from other datastores Read-only datastores receive their content from other datastores
(e.g. <intended> gets its content from <running>). (e.g. <intended> gets its content from <running>).
Factory-default content SHALL be specified by one of the following Factory-default content MAY be specified by one of the following
means in descending order of precedence means in descending order of precedence
1. For the <running>,<candidate> and <startup> datastores as the 1. <factory-default> datastore, if it exists;
content of the <factory-default> datastore, if it exists;
2. by vendors using YANG Instance Data 2. by vendors using a file in YANG Instance Data
[I-D.ietf-netmod-yang-instance-file-format] file format in [I-D.ietf-netmod-yang-instance-file-format] format or some other
vendor's website or other places where off-line document is kept; format in vendor's website or other places where similar off-line
documents are kept;
3. In some implementation specific manner; 3. In some implementation specific manner;
4. For dynamic datastores unless otherwise specified the factory-
default content is empty.
For the server supporting zero touch bootstrapping mechanisms, the For the server supporting zero touch bootstrapping mechanisms, the
factory default configuration causes the bootstrapping process to factory default configuration causes the bootstrapping process to
execute,e.g.,the server might reset configuration to device's factory execute,e.g.,the server resets configuration to device's factory
default configuration,for the version of operating system software it default configuration,for the version of operating system software it
is running. In addition,the "factory-reset" RPC might also be used is running. In addition,the "factory-reset" RPC MAY also be used to
to trigger some other restoring and resetting tasks such as files trigger some other restoring and resetting tasks such as files
cleanup, restarting the node or some of the software processes, cleanup, restarting the node or some of the software processes,
setting some security data/passwords to the default value, removing setting some security data/passwords to the default value, removing
logs, or removing any temporary data (from datastore or elsewhere), logs, or removing any temporary data (from datastore or elsewhere),
etc. When and why these tasks are triggered is not the scope of this etc. When and why these tasks are triggered is not the scope of this
document. document.
3. Factory-Default Datastore 3. Factory-Default Datastore
Following guidelines for defining Datastores in the appendix A of Following guidelines for defining Datastores in the appendix A of
[RFC8342], this document introduces a new datastore resource named [RFC8342], this document introduces a new datastore resource named
'Factory-Default' that represents a preconfigured minimal initial 'factory-default' that represents a preconfigured minimal initial
configuration that can be used to initialize the configuration of a configuration that can be used to initialize the configuration of a
server. server.
o Name: "factory-default" o Name: "factory-default"
o YANG modules: all o YANG modules: all
o YANG nodes: all "config true" data nodes o YANG nodes: all "config true" data nodes
o Management operations: The content of the datastore is set by the o Management operations: The content of the datastore is set by the
server in an implementation dependent manner. The content can not server in an implementation dependent manner. The content can not
be changed by management operations via NETCONF, RESTCONF,the CLI be changed by management operations via NETCONF, RESTCONF,the CLI
etc. unless specialized, dedicated operations are provided. The etc. unless specialized, dedicated operations are provided. The
contents of the datastore can be read using NETCONF, RESTCONF contents of the datastore can be read using NETCONF <get-data> and
<get-data> and <get-config> operations. The operation <factory- <get-config> operations, and the RESTCONF protocol equivalents.
reset> can be used to copy the factory default content to a set of The operation <factory- reset> copies the factory default content
read-write configuration datastores and then the content of these to <running> and, if present, <startup> and then the content of
datastores is propagated automatically to any other read only these datastores is propagated automatically to any other read
datastores, e.g., <intended> and <operational>. only datastores, e.g., <intended> and <operational>.
o Origin: This document does not define a new origin identity as it o Origin: This document does not define a new origin identity as it
does not interact with <operational> datastore. does not interact with <operational> datastore.
o Protocols: RESTCONF, NETCONF and other management protocol. o Protocols: RESTCONF, NETCONF and other management protocol.
o Defining YANG module: "ietf-factory-default". o Defining YANG module: "ietf-factory-default".
The datastore content is usually defined by the device vendor. It is The datastore content is usually defined by the device vendor. It is
usually static, but MAY change e.g., depending on external factors usually static, but MAY change e.g., depending on external factors
like HW available or during device upgrade. like HW available or during device upgrade.
On devices that support non-volatile storage, the contents of On devices that support non-volatile storage, the contents of
<factory > MUST persist across restarts. <factory > MUST persist across restarts.
4. YANG Module 4. YANG Module
<CODE BEGINS> file "ietf-factory-default.yang" This module imports typedefs from [RFC8342], and it references
module ietf-factory-default { [RFC6421],[RFC8341].
yang-version 1.1;
namespace urn:ietf:params:xml:ns:yang:ietf-factory-default;
prefix fd;
import ietf-netconf { prefix nc ; } <CODE BEGINS> file "ietf-factory-default.yang"
import ietf-datastores { prefix ds; } module ietf-factory-default {
yang-version 1.1;
namespace urn:ietf:params:xml:ns:yang:ietf-factory-default;
prefix fd;
organization import ietf-netconf { prefix nc ; }
"IETF NETMOD (Network Modeling) Working Group"; import ietf-datastores { prefix ds; }
contact import ietf-netconf-acm { prefix nacm;}
"WG Web: <https://tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org>
Editor: Balazs Lengyel organization
<mailto:balazs.lengyel@ericsson.com> "IETF NETMOD (Network Modeling) Working Group";
Editor: Qin Wu contact
<mailto:bill.wu@huawei.com> "WG Web: <https://tools.ietf.org/wg/netconf/>
Editor: Ye Niu WG List: <mailto:netconf@ietf.org>
<mailto:niuye@huawei.com>";
description Editor: Qin Wu
"This module defines the <mailto:bill.wu@huawei.com>
- factory-reset RPC Editor: Balazs Lengyel
- factory-default datastore <mailto:balazs.lengyel@ericsson.com>
- an extension to the NETCONF <get-config> operation to
allow it to operate on the factory-default datastore.
It provides functionality to reset a server to its Editor: Ye Niu
factory-default content. <mailto:niuye@huawei.com>";
description
"This module defines the
- factory-reset RPC
- factory-default datastore
- an extension to the NETCONF <get-config> operation to
allow it to operate on the factory-default datastore.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL It provides functionality to reset a server to its
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', factory-default content.
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
Copyright (c) 2019 IETF Trust and the persons identified as The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
authors of the code. All rights reserved. NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
Redistribution and use in source and binary forms, with or Copyright (c) 2019 IETF Trust and the persons identified as
without modification, is permitted pursuant to, and subject authors of the code. All rights reserved.
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; Redistribution and use in source and binary forms, with or
see the RFC itself for full legal notices."; without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
revision 2019-05-03 { This version of this YANG module is part of RFC XXXX;
description see the RFC itself for full legal notices.";
"Initial revision.";
reference "RFC XXXX: Factory default Setting";
}
feature factory-default-as-datastore { revision 2019-05-03 {
description "Indicates that the factory default configuration is description
also available as a separate datastore"; "Initial revision.";
} reference "RFC XXXX: Factory default Setting";
}
rpc factory-reset { feature factory-default-as-datastore {
description "The server resets the content of all read-write description "Indicates that the factory default configuration is
configuration datastores (e.g.,<running> and <startup>) to also available as a separate datastore";
their factory default content."; }
}
identity factory-default { rpc factory-reset {
base ds:datastore; nacm:default-deny-all;
if-feature factory-default-as-datastore; description "The server resets the content of all read-write
description "The read-only datastore contains the configuration that configuration datastores (e.g.,<running> and <startup>) to
will be copied into e.g., the running datastore by the their factory default content.";
factory-reset operation if the target is the running }
datastore."; identity factory-default {
} base ds:datastore;
augment /nc:get-config/nc:input/nc:source/nc:config-source { if-feature factory-default-as-datastore;
if-feature factory-default-as-datastore; description "The read-only datastore contains the configuration
description "Allows the get-config operation to use the that will be copied into <running> and, if present, <startup>
factory-default datastore as a source"; .";
leaf factory-default { }
type empty ; augment /nc:get-config/nc:input/nc:source/nc:config-source {
description if-feature factory-default-as-datastore;
"The factory-default datastore is the source."; } description "Allows the get-config operation to use the
} factory-default datastore as a source";
<CODE ENDS> leaf factory-default {
type empty ;
description
"The factory-default datastore is the source."; }
}
<CODE ENDS>
5. IANA Considerations 5. IANA Considerations
This document registers one URI in the IETF XML Registry [RFC3688]. This document registers one URI in the IETF XML Registry [RFC3688].
The following registration has been made: The following registration has been made:
URI: urn:ietf:params:xml:ns:yang:ietf-factory-default URI: urn:ietf:params:xml:ns:yang:ietf-factory-default
Registrant Contact: The IESG. Registrant Contact: The IESG.
skipping to change at page 8, line 12 skipping to change at page 8, line 21
RESTCONF layer is HTTPS, and the mandatory-to-implement secure RESTCONF layer is HTTPS, and the mandatory-to-implement secure
transport is TLS [RFC8446]. transport is TLS [RFC8446].
The <factory-reset> RPC operation may be considered sensitive in some The <factory-reset> RPC operation may be considered sensitive in some
network enviroments,e.g., remote access to reset the device or network enviroments,e.g., remote access to reset the device or
overwrite security sensitive information in one of the other overwrite security sensitive information in one of the other
datastores, e.g. running, therefore it is important to restrict datastores, e.g. running, therefore it is important to restrict
access to this RPC using the standard access control methods. access to this RPC using the standard access control methods.
[RFC8341] [RFC8341]
The NETCONF Access Control Model (NACM) [RFC8341] provides the means The 'factory-reset' RPC can prevent any further management of the
to restrict access for particular users to a pre-configured subset of device if the session and client config is included in the factory-
all available protocol operations and content. reset contents.
The operational disruption caused by setting the config to factory-
reset contents varies greatly depending on the implementation and
current config.
7. Acknowledgements 7. Acknowledgements
Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell,Joe Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell, Joe
Clark,Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy Clarke, Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy
Berman,Susan Hares to review this draft and provide important input Bierman, Susan Hares to review this draft and provide important input
to this document. to this document.
8. Contributors 8. Contributors
Rohit R Ranade Rohit R Ranade
Huawei Huawei
Email: rohitrranade@huawei.com Email: rohitrranade@huawei.com
9. References 9. References
skipping to change at page 9, line 33 skipping to change at page 9, line 46
default> datastore default> datastore
When the device first boots up, the content of the <startup> and When the device first boots up, the content of the <startup> and
<factory-default> will be identical. The content of <startup> can be <factory-default> will be identical. The content of <startup> can be
subsequently changed by using <startup> as a target in a <copy- subsequently changed by using <startup> as a target in a <copy-
config> operation. The <factory-default> is a read-only datastore config> operation. The <factory-default> is a read-only datastore
and it is usually static as described in earlier sections. and it is usually static as described in earlier sections.
Appendix B. Changes between revisions Appendix B. Changes between revisions
Editorial Note (To be removed by RFC Editor)
v05 - 06
o Additional text to enhance security section.
o Add nacm:default-deny-all on "factory-reset" RPC.
o A few clarification on Factory-default content specification.
v03 - 04 v03 - 04
o Additional text to clarify factory-reset RPC usage. o Additional text to clarify factory-reset RPC usage.
v02 - 03 v02 - 03
o Update security consideration section. o Update security consideration section.
v01 - v02 v01 - v02
 End of changes. 33 change blocks. 
109 lines changed or deleted 127 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/