Network Configuration (netconf) Charter Network Configuration (netconf) In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at: Additional NETCONF Web Page Last Modified: 2008-01-24 Additional information is available at tools.ietf.org/wg/netconf Chair(s): Bert Wijnen Mehmet Ersue Operations and Management Area Director(s): Dan Romascanu Ronald Bonica Operations and Management Area Advisor: Dan Romascanu Technical Advisor(s): Charlie Kaufman Mailing Lists: General Discussion: netconf@ops.ietf.org To Subscribe: netconf-request@ops.ietf.org In Body: in msg body: subscribe Archive: https://ops.ietf.org/lists/netconf Description of Working Group: Charlie Kaufman is Technical Advisor for Security Matters Configuration of networks of devices has become a critical requirement for operators in today's highly interoperable networks. Operators from large to small have developed their own mechanisms or used vendor specific mechanisms to transfer configuration data to and from a device, and for examining device state information which may impact the configuration. Each of these mechanisms may be different in various aspects, such as session establishment, user authentication, configuration data exchange, and error responses. The NETCONF Working Group is chartered to produce a protocol suitable for network configuration, with the following characteristics: - Provides retrieval mechanisms which can differentiate between configuration data and non-configuration data - Is extensible enough so that vendors will provide access to all configuration data on the device using a single protocol - Has a programmatic interface (avoids screen scraping and formatting-related changes between releases) - Uses a textual data representation, that can be easily manipulated using non-specialized text manipulation tools. - Supports integration with existing user authentication methods - Supports integration with existing configuration database systems - Supports network wide configuration transactions (with features such as locking and rollback capability) - Is as transport-independent as possible - Provides support for asynchronous notifications. The NETCONF protocol is using XML for data encoding purposes, because XML is a widely deployed standard which is supported by a large number of applications. The NETCONF protocol should be independent of the data definition language and data models used to describe configuration and state data. However, the authorization model used in the protocol is dependent on the data model. Although these issues must be fully addressed to develop standard data models, only a small part of this work will be initially addressed. This group will specify requirements for standard data models in order to fully support the NETCONF protocol, such as: - identification of principals, such as user names or distinguished names - mechanism to distinguish configuration from non-configuration data - XML namespace conventions - XML usage guidelines The initial work started in 2003 and has already been completed and was restricted to following items: a) NETCONF Protocol Specification, which defines the operational model, protocol operations, transaction model, data model requirements, security requirements, and transport layer requirements. b) NETCONF over SSH Specification: Implementation Mandatory, c) NETCONF over BEEP Specification: Implementation Optional, d) NETCONF over SOAP Specification: Implementation Optional. These documents define how the NETCONF protocol is used with each transport protocol selected by the working group, and how it meets the security and transport layer requirements of the NETCONF Protocol Specification. e) NETCONF Notification Specification, which defines mechanisms that provide an asynchronous message notification delivery service for the NETCONF protocol. NETCONF Notification is an optional capability built on top of the base NETCONF definition and provides the capabilities and operations necessary to support this service. In the current phase of the incremental development of NETCONF the workgroup will focus on following items: 1. Fine-grain locking: The base NETCONF protocol only provides a lock for the entire configuration datastore, which is not deemed to meet important operational and security requirements. The NETCONF working group will produce a standards-track RFC specifying a mechanism for fine-grain locking of the NETCONF configuration datastore. 2. NETCONF monitoring: It is considered best practice for IETF working groups to include management of their protocols within the scope of the solution they are providing. The NETCONF working group will produce a standards-track RFC with mechanisms allowing NETCONF itself to be used to monitor some aspects of NETCONF operation. 3. Schema advertisement: Currently the NETCONF protocol is able to advertise which protocol features are supported on a particular netconf-capable device. However, there is currently no way to discover which XML Schema are supported on the device. The NETCONF working group will produce a standards-track RFC with mechanisms making this discovery possible (this item may be merged with "NETCONF monitoring" into a single document). 4. NETCONF over TLS: Based on implementation experience there is a need for a standards track document to define NETCONF over TLS as an optional transport for the NETCONF protocol. The following items have been identified as important but are currently not considered in scope for re-chartering and may be candidates for work when there is community consensus to take them on: - General improvements to the base protocol - Access Control requirements - NETCONF access to SMI-based MIB data Goals and Milestones: Done Working Group formed Done Submit initial Netconf Protocol draft Done Submit initial Netconf over (transport-TBD) draft Done Begin Working Group Last Call for the Netconf Protocol draft Done Begin Working Group Last Call for the Netconf over (transport-TBD) draft Done Submit final version of the Netconf Protocol draft to the IESG Done Submit final version of the Netconf over SOAP draft to the IESG Done Submit final version of the Netconf over BEEP draft to the IESG Done Submit final version of the Netconf over SSH draft to the IESG Done Update charter Done Submit first version of NETCONF Notifications document Done Begin WGLC of NETCONF Notifications document Done Submit final version of NETCONF Notifications document to IESG for consideration as Proposed Standard Done -00 draft for fine Grain Locking Done -00 draft for NETCONF over TLS Done -00 draft for NETCONF Monitoring Feb 2008 -00 draft for Schema Advertisement Mar 2008 Early Review of client authentication approach (for NETCONF over TLS) with the security community at IETF 71 Aug 2008 WG Last Call on NETCONF Monitoring after IETF72 Aug 2008 WG Last Call on Schema Advertisement after IETF72 Aug 2008 WG Last Call on Fine Grain Locking after IETF72 Aug 2008 WG Last Call on NETCONF over TLS after IETF72 Aug 2008 Send four documents to the IESG for consideration as proposed standards Internet-Drafts: NETCONF Event Notifications (80759 bytes) NETCONF over TLS (18287 bytes) Partial Lock RPC for NETCONF (20876 bytes) NETCONF Monitoring Schema (20785 bytes) Request For Comments: NETCONF Configuration Protocol (RFC 4741) (173914 bytes) Using the NETCONF Configuration Protocol over Secure Shell (SSH) (RFC 4742) (17807 bytes) Using the NETCONF Protocol over Blocks Extensible Exchange Protocol (BEEP) (RFC 4744) (19287 bytes) Using the Network Configuration Protocol (NETCONF) Over the Simple Object Access Protocol (SOAP) (RFC 4743) (39734 bytes) IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org. Return to working group directory. Return to IETF home page.