RFC 6241 (NETCONF protocol) compliance

105 views
Skip to first unread message

David Charlap

unread,
Mar 30, 2015, 12:55:27 PM3/30/15
to libne...@googlegroups.com
I have gone through RFC 6241 (NETCONF protocol).  I have prepared the following summary of libnetconf's compliance, but it is not complete.  Please look for the sections in boldface and fill in the information that I was not able to determine on my own.  Also, if you notice any mistakes, please correct them.  Feel free to retain this table for your own information - you may find it useful if/when others ask similar questions in the future.

(I will be posting additional messages later today for RFCs 6242, 5277, 5717, 6020, 6991, 6243 and 6470.)


Thanks in advance,

-- David

  1. Introduction - non-normative.  No compliance issues
    1. Terminology - non-normative.  No compliance issues
    2. Protocol overview - Compliant.  The optional requirement to support multiple parallel sessions is supported.
    3. Capabilities - Compliant
    4. Separation of Configuration and State Data - Compliant
  2. Transport Protocol Requirements - Compliant
    1. Connection-Oriented Operation - Compliant
    2. Authentication, Integrity and Confidentiality - Compliant, via external SSH2 and TLS libraries.
    3. Mandatory Transport Protocol - Compliant
  3. XML Considerations - Compliant, via external libxml2 library
    1. Namespace - Compliant
    2. Document Type Declarations - Compliant
  4. RPC Model
    1. <rpc> Element - Compliant
    2. <rpc-reply> Element - Compliant
    3. <rpc-error> Element - Compliant
    4. <ok> Element - Compliant
    5. Pipelining - Compliant
  5. Configuration Model - Compliant
    1. Configuration Datastores - Compliant
      1. Filtering - Partially Compliant
        1. XPath - Non compliant - The optional XPath capability is not implemented
        2. Subtree Filtering - Compliant
    2. Data Modeling - Compliant
  6. Subtree Filtering - Compliant, but note that the implementation is not efficient for large models or data sets.  Filtering is supported by the model implementation preparing an XML document with the complete set of data, which is subsequently filtered.  This is expected to be fixed in a future release of libnetconf.
    1. Overview - Compliant
    2. Subtree Filter Components - Compliant
      1. Namespace Selection - Compliant
      2. Attribute Match Expressions - Compliant
      3. Containment Nodes - Compliant
      4. Selection Nodes - Compliant
      5. Content Match Nodes - Compliant
    3. Subtree Filter Processing - Compliant
    4. Subtree Filtering Examples - non-normative.  No compliance issues
      1. No Filter - non-normative.  No compliance issues
      2. Empty Filter - non-normative.  No compliance issues
      3. Select the Entire <users> subtree - non-normative.  No compliance issues
      4. Select All <name> Elements within the <users> Subtree - non-normative.  No compliance issues
      5. One Specific <user> Entry - non-normative.  No compliance issues
      6. Specific Elements from a Specific <user> Entry - non-normative.  No compliance issues
      7. Multiple Subtrees - non-normative.  No compliance issues
      8. Elements with Attribute Naming - non-normative.  No compliance issues
  7. Protocol Operations - Partially compliant.  See below for details
    1. <get-config> - Compliant
    2. <edit-config> - Compliant
    3. <copy-config> - Compliant
    4. <delete-config> Compliant
    5. <lock> - Compliant.
    6. <unlock> - Compliant
    7. <get> - Compliant, but can be inefficient for large models or data sets.  See comments for section 6, above.
    8. <close-session> - N/A.  libnetconf does not implement <close-session>, but requires NETCONF servers using libnetconf to implement this operation.  Compliance will depend on the server's implementation.
    9. <lil-session> - N/A.  libnetconf does not implement <kill-session>, but requires NETCONF servers using libnetconf to implement this operation.  Compliance will depend on the server's implementation.
  8. Capabilities - Compliant
    1. Capabilities Exchange - Compliant
    2. Writable-Running Capability - Compliant
      1. Description - Compliant
      2. Dependencies - Compliant
      3. Capability Identifier - Compliant
      4. New Operations - Compliant
      5. Modifications to Existing Operations - Complint
    3. Candidate Configuration Capability - Compliant
      1. Description - Compliant
      2. Dependencies - Compliant
      3. Capability Identifier - Compliant
      4. New Operations - Compliant
      5. Modifications to Existing Operations - Compliant
    4. Confirmed Commit Capability - Not compliant.  Not supported by libnetconf.  May be supported in a future release of libnetconf
      1. Description - Not compliant
      2. Dependencies - Not compliant
      3. Capability Identifier - Not compliant
      4. New Operations - Not compliant
      5. Modifications to Existing Operations - Not compliant
    5. Rollback-on-Error Capability - Compliant
      1. Description - Compliant
      2. Dependencies - Compliant
      3. Capability Identifier - Compliant
      4. New Operations - Compliant
      5. Modifications to Existing Operations - Compliant
    6. Validate Capability - Compliant
      1. Description - Compliant
      2. Dependencies - Compliant
      3. Capability Identifier - Compliant
      4. New Operations - Compliant
      5. Modifications to Existing Operations - Compliant.  Can we validate on all datastores or just <running>?
    7. Distinct Startup Capability - Compliant
      1. Description - Compliant
      2. Dependencies - Compliant
      3. Capabilitiy Identifier - Compliant
      4. New Operations - Compliant
      5. Modifications to Existing Operations - Compliant
    8. URL Capability - Compliant, via use of the external "cURL" library.  If cURL is not available at compile time, the URL capability will be disabled.
      1. Description - Compliant
      2. Dependencies - Compliant
      3. Capability Identifier - Compliant
      4. New Operations - Compliant
      5. Modifications to Existing Operations - Compliant
    9. XPath Capability - Not compliant.  XPath is used during validation (via the external RelaxNG and Schematron libraries) but is not used elsewhere in libnetconf.  The XPath capability itself is not supported and is not advertised
      1. Description - Not compliant
      2. Dependencies - Not compliant
      3. Capability Identifier - Not compliant
      4. New Operations - Not compliant
      5. Modifications to Existing Operation - Not compliant
  9. Security Considerations - Compliant
  10. IANA Considerations - Compliant
    1. NETCONF XML Namespace - Compliant
    2. NETCONF XML Schema Compliant
    3. NETCONF YANG Module - Compliant
    4. NETCONF Capability URNs - Compliant - for those capabilities that are supported
  11. Contributors - non-normative.  No compliance issues
  12. Acknowledgements - non-normative.  No compliance issues
  13. References - non-normative.  No compliance issues
    1. Normative References - non-normative.  No compliance issues
    2. Informative References - non-normative.  No compliance issues
  • Appendix A.  NETCONF Error List - Compliant
  • Appendix B. XML Schema for NETCONF Messages Layer - Compliant
  • Appendix C.  YANG Module for NETCONF Protocol Operations - Compliant
  • Appendix D. Capability Template - Compliant
    1. capability-name - Compliant
      1. Overview - Compliant
      2. Dependencies - Compliant
      3. Capability Identifier - Compliant
      4. New Operations - Compliant
      5. Modifications to Existing Operations - Compliant
      6. Interactions with Other Capabilities - Compliant
  • Appendix E. Configuring Multiple Devices with NETCONF - non-normative.  No compliance issues
    1. Operations on Individual Devices - non-normative.  No compliance issues
      1. Acquiring the Configuration Lock - non-normative.  No compliance issues
      2. Checkpointing the Running Configuration - non-normative.  No compliance issues
      3. Loading and Validating the Incoming Configuration - non-normative.  No compliance issues
      4. Changing the Running Configuration - non-normative.  No compliance issues
      5. Testing the New Configuration - non-normative.  No compliance issues
      6. Making the Change Permanent - non-normative.  No compliance issues
      7. Releasing the Configuration Lock - non-normative.  No compliance issues
    2. Operations on Multiple Devices - non-normative.  No compliance issues
  • Appendix F.  Deferred Features - non-normative.  No compliance issues
  • Appendix G. Ghanges from RFC 4741 - non-normative.  No compliance issues


Tomáš Čejka

unread,
Mar 30, 2015, 3:36:48 PM3/30/15
to libne...@googlegroups.com
Hello David,
as far as I know, validation is possible:
http://libnetconf.googlecode.com/git/doc/doxygen/html/db/de9/group__rpc.html#ga14fa1c78362457a646d5d820206d5158
Tomas Cejka


Dne 30.3.2015 v 18:55 David Charlap napsal(a):
--
You received this message because you are subscribed to the Google Groups "libnetconf" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libnetconf+...@googlegroups.com.
Visit this group at http://groups.google.com/group/libnetconf.
For more options, visit https://groups.google.com/d/optout.

Radek Krejčí

unread,
Mar 31, 2015, 9:46:25 AM3/31/15
to Tomáš Čejka, libne...@googlegroups.com
As Tomas wrote, yes, it is possible - did you try using Netopeer [1]? Please do.

Radek

[1] - https://code.google.com/p/netopeer/

Dne 30.3.2015 v 21:36 Tomáš Čejka napsal(a):
-- 
Radek Krejci
mobile  : +420 732 212 714
office  : +420 234 680 256
e-mail  : rkr...@cesnet.cz
LinkedIn: http://www.linkedin.com/in/radekkrejci

CESNET, Association of Legal Entities
Zikova 4
160 00 Praha 6
Czech Republic
Reply all
Reply to author
Forward
0 new messages