1 module ietf-netconf-client {
3 namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-client";
6 import ietf-yang-types {
9 "RFC 6991: Common YANG Data Types";
12 import ietf-tcp-client {
15 "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
18 import ietf-tcp-server {
21 "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
24 import ietf-ssh-client {
27 "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
30 import ietf-tls-client {
33 "RFC FFFF: YANG Groupings for TLS Clients and TLS Servers";
37 "IETF NETCONF (Network Configuration) Working Group";
40 "WG Web: https://datatracker.ietf.org/wg/netconf
41 WG List: NETCONF WG list <mailto:netconf@ietf.org>
42 Author: Kent Watsen <mailto:kent+ietf@watsen.net>";
45 "This module contains a collection of YANG definitions
46 for configuring NETCONF clients.
48 Copyright (c) 2023 IETF Trust and the persons identified
49 as authors of the code. All rights reserved.
51 Redistribution and use in source and binary forms, with
52 or without modification, is permitted pursuant to, and
53 subject to the license terms contained in, the Revised
54 BSD License set forth in Section 4.c of the IETF Trust's
55 Legal Provisions Relating to IETF Documents
56 (https://trustee.ietf.org/license-info).
58 This version of this YANG module is part of RFC HHHH
59 (https://www.rfc-editor.org/info/rfcHHHH); see the RFC
60 itself for full legal notices.
62 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
63 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
64 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
65 are to be interpreted as described in BCP 14 (RFC 2119)
66 (RFC 8174) when, and only when, they appear in all
67 capitals, as shown here.";
73 "RFC HHHH: NETCONF Client and Server Models";
78 feature ssh-initiate {
80 "The 'ssh-initiate' feature indicates that the NETCONF client
81 supports initiating SSH connections to NETCONF servers.";
84 Using the NETCONF Protocol over Secure Shell (SSH)";
87 feature tls-initiate {
89 "The 'tls-initiate' feature indicates that the NETCONF client
90 supports initiating TLS connections to NETCONF servers.";
92 "RFC 7589: Using the NETCONF Protocol over Transport
93 Layer Security (TLS) with Mutual X.509 Authentication";
98 "The 'ssh-listen' feature indicates that the NETCONF client
99 supports opening a port to listen for incoming NETCONF
100 server call-home SSH connections.";
102 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
107 "The 'tls-listen' feature indicates that the NETCONF client
108 supports opening a port to listen for incoming NETCONF
109 server call-home TLS connections.";
111 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
114 feature central-netconf-client-supported {
116 "The 'central-netconf-client-supported' feature indicates
117 that the server that implements this module supports
118 the top-level 'netconf-client' node.
120 This feature is needed as some servers may want to use
121 features defined in this module, which requires this
122 module to be implemented, without having to support
123 the top-level 'netconf-client' node.";
128 grouping netconf-client-grouping {
130 "A reusable grouping for configuring a NETCONF client
131 without any consideration for how underlying transport
132 sessions are established.
134 This grouping currently does not define any nodes. It
135 exists only so the model can be consistent with other
136 'client-server' models.";
139 grouping netconf-client-initiate-stack-grouping {
141 "A reusable grouping for configuring a NETCONF client
142 'initiate' protocol stack for a single connection.";
146 "Selects between available transports.";
148 if-feature "ssh-initiate";
151 "Specifies IP and SSH specific configuration
152 for the connection.";
153 container tcp-client-parameters {
155 "A wrapper around the TCP client parameters
156 to avoid name collisions.";
157 uses tcpc:tcp-client-grouping {
158 refine "remote-port" {
161 "The NETCONF client will attempt to connect
162 to the IANA-assigned well-known port value
163 for 'netconf-ssh' (830) if no value is
168 container ssh-client-parameters {
170 "A wrapper around the SSH client parameters to
171 avoid name collisions.";
172 uses sshc:ssh-client-grouping;
174 container netconf-client-parameters {
176 "A wrapper around the NETCONF client parameters
177 to avoid name collisions.
179 This container does not define any nodes. It
180 exists as a potential augmentation target by
182 uses ncc:netconf-client-grouping;
187 if-feature "tls-initiate";
190 "Specifies IP and TLS specific configuration
191 for the connection.";
192 container tcp-client-parameters {
194 "A wrapper around the TCP client parameters
195 to avoid name collisions.";
196 uses tcpc:tcp-client-grouping {
197 refine "remote-port" {
200 "The NETCONF client will attempt to connect
201 to the IANA-assigned well-known port value
202 for 'netconf-tls' (6513) if no value is
207 container tls-client-parameters {
208 must client-identity {
210 "NETCONF/TLS clients MUST pass some
211 authentication credentials.";
214 "A wrapper around the TLS client parameters
215 to avoid name collisions.";
216 uses tlsc:tls-client-grouping;
218 container netconf-client-parameters {
220 "A wrapper around the NETCONF client parameters
221 to avoid name collisions.
223 This container does not define any nodes. It
224 exists as a potential augmentation target by
226 uses ncc:netconf-client-grouping;
231 } // netconf-client-initiate-stack-grouping
233 grouping netconf-client-listen-stack-grouping {
235 "A reusable grouping for configuring a NETCONF client
236 'listen' protocol stack for a single connection. The
237 'listen' stack supports call home connections, as
238 described in RFC 8071";
240 "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
244 "Selects between available transports.";
246 if-feature "ssh-listen";
249 "SSH-specific listening configuration for inbound
251 container tcp-server-parameters {
253 "A wrapper around the TCP server parameters
254 to avoid name collisions.";
255 uses tcps:tcp-server-grouping {
256 refine "local-port" {
259 "The NETCONF client will listen on the IANA-
260 assigned well-known port for 'netconf-ch-ssh'
261 (4334) if no value is specified.";
265 container ssh-client-parameters {
267 "A wrapper around the SSH client parameters
268 to avoid name collisions.";
269 uses sshc:ssh-client-grouping;
271 container netconf-client-parameters {
273 "A wrapper around the NETCONF client parameters
274 to avoid name collisions.
276 This container does not define any nodes. It
277 exists as a potential augmentation target by
279 uses ncc:netconf-client-grouping;
284 if-feature "tls-listen";
287 "TLS-specific listening configuration for inbound
289 container tcp-server-parameters {
291 "A wrapper around the TCP server parameters
292 to avoid name collisions.";
293 uses tcps:tcp-server-grouping {
294 refine "local-port" {
297 "The NETCONF client will listen on the IANA-
298 assigned well-known port for 'netconf-ch-tls'
299 (4335) if no value is specified.";
303 container tls-client-parameters {
304 must client-identity {
306 "NETCONF/TLS clients MUST pass some
307 authentication credentials.";
310 "A wrapper around the TLS client parameters
311 to avoid name collisions.";
312 uses tlsc:tls-client-grouping;
314 container netconf-client-parameters {
316 "A wrapper around the NETCONF client parameters
317 to avoid name collisions.
319 This container does not define any nodes. It
320 exists as a potential augmentation target by
322 uses ncc:netconf-client-grouping;
327 } // netconf-client-listen-stack-grouping
329 grouping netconf-client-app-grouping {
331 "A reusable grouping for configuring a NETCONF client
332 application that supports both 'initiate' and 'listen'
333 protocol stacks for a multiplicity of connections.";
335 if-feature "ssh-initiate or tls-initiate";
337 "Indicates that client-initiated connections have been
338 configured. This statement is present so the mandatory
339 descendant nodes do not imply that this node must be
342 "Configures client initiating underlying TCP connections.";
343 list netconf-server {
347 "List of NETCONF servers the NETCONF client is to
348 maintain simultaneous connections with.";
352 "An arbitrary name for the NETCONF server.";
354 container endpoints {
356 "Container for the list of endpoints.";
362 "A user-ordered list of endpoints that the NETCONF
363 client will attempt to connect to in the specified
364 sequence. Defining more than one enables
369 "An arbitrary name for the endpoint.";
371 uses netconf-client-initiate-stack-grouping;
373 } // container endpoints
375 container connection-type {
377 "Indicates the NETCONF client's preference for how the
378 NETCONF connection is maintained.";
379 choice connection-type {
382 "Selects between available connection types.";
383 case persistent-connection {
384 container persistent {
386 "Indicates that a persistent connection is to be
389 "Maintain a persistent connection to the NETCONF
390 server. If the connection goes down, immediately
391 start trying to reconnect to the NETCONF server,
392 using the reconnection strategy.
394 This connection type minimizes any NETCONF server
395 to NETCONF client data-transfer delay, albeit at
396 the expense of holding resources longer.";
399 case periodic-connection {
401 presence "Indicates that a periodic connection is
404 "Periodically connect to the NETCONF server.
406 This connection type decreases resource
407 utilization, albeit with increased delay in
408 NETCONF server to NETCONF client interactions.
410 The NETCONF client should close the underlying
411 TCP connection upon completing planned activities.
413 Connections are established at the same start
414 time regardless how long the previous connection
417 In the case that the previous connection is still
418 active, establishing a new connection is NOT
425 "Duration of time between periodic connections.";
428 type yang:date-and-time {
429 // constrained to minute-level granularity
430 pattern '[0-9]{4}-(1[0-2]|0[1-9])-(0[1-9]|[1-2]'
431 + '[0-9]|3[0-1])T(0[0-9]|1[0-9]|2[0-3]):['
432 + '0-5][0-9]:00(Z|[\+\-]((1[0-3]|0[0-9]):'
433 + '([0-5][0-9])|14:00))?';
436 "Designates a timestamp before or after which a
437 series of periodic connections are determined.
438 The periodic connections occur at a whole
439 multiple interval from the anchor time.
441 If an 'anchor-time' is not provided, then the
442 server may implicitly set it to the time when
443 this configuraton is applied (e.g., on boot).
445 For example, for an anchor time is 15 minutes
446 past midnight and a period interval of 24 hours,
447 then a periodic connection will occur 15 minutes
448 past midnight everyday.";
453 default 180; // three minutes
455 "Specifies the maximum number of seconds that
456 a NETCONF session may remain idle. A NETCONF
457 session will be dropped if it is idle for an
458 interval longer then this number of seconds.
459 If set to zero, then the NETCONF client will
460 never drop a session because it is idle.";
466 container reconnect-strategy {
468 "The reconnection strategy directs how a NETCONF client
469 reconnects to a NETCONF server, after discovering its
470 connection to the server has dropped, even if due to a
471 reboot. The NETCONF client starts with the specified
472 endpoint and tries to connect to it max-attempts times
473 before trying the next endpoint in the list (round
479 "Indicates that reconnections should start with
480 the first endpoint listed.";
482 enum last-connected {
484 "Indicates that reconnections should start with
485 the endpoint last connected to. If no previous
486 connection has ever been established, then the
487 first endpoint configured is used. NETCONF
488 clients SHOULD be able to remember the last
489 endpoint connected to across reboots.";
491 enum random-selection {
493 "Indicates that reconnections should start with
497 default "first-listed";
499 "Specifies which of the NETCONF server's endpoints
500 the NETCONF client should start with when trying
501 to connect to the NETCONF server.";
510 "Specifies the amount of time in seconds after which,
511 if the connection is not established, an endpoint
512 connection attempt is considered unsuccessful.";
520 "Specifies the number times the NETCONF client tries
521 to connect to a specific endpoint before moving on
522 to the next endpoint in the list (round robin).";
529 if-feature "ssh-listen or tls-listen";
531 "Indicates that client-listening ports have been configured.
532 This statement is present so the mandatory descendant nodes
533 do not imply that this node must be configured.";
535 "Configures the client to accept call-home TCP connections.";
539 default "180"; // three minutes
541 "Specifies the maximum number of seconds that a NETCONF
542 session may remain idle. A NETCONF session will be
543 dropped if it is idle for an interval longer than this
544 number of seconds. If set to zero, then the server
545 will never drop a session because it is idle.";
551 "List of endpoints to listen for NETCONF connections.";
555 "An arbitrary name for the NETCONF listen endpoint.";
557 uses netconf-client-listen-stack-grouping;
560 } // netconf-client-app-grouping
562 // Protocol accessible node for clients that implement this module.
563 container netconf-client {
564 if-feature central-netconf-client-supported;
565 uses netconf-client-app-grouping;
567 "Top-level container for NETCONF client configuration.";