RESTCONF ProtocolYumaWorksandy@yumaworks.comTail-f Systemsmbj@tail-f.comJuniper Networkskwatsen@juniper.net
This document describes an HTTP-based protocol that provides
a programmatic interface for accessing data defined in YANG,
using the datastore concepts defined in NETCONF.
There is a need for standard mechanisms to allow Web applications
to access the configuration data, state data,
data-model-specific RPC operations, and event notifications
within a networking device, in a modular and extensible manner.
This document defines an HTTP based protocol called
RESTCONF, for configuring data defined in YANG version 1 or
YANG version 1.1 , using the datastore
concepts defined in NETCONF .
NETCONF defines configuration datastores and
a set of Create, Retrieve, Update, Delete (CRUD) operations
that can be used to access these datastores.
NETCONF also defines a protocol for invoking these operations.
The YANG language defines the syntax and semantics
of datastore content, configuration, state data, RPC operations,
and event notifications.
RESTCONF uses HTTP methods to provide CRUD operations on a
conceptual datastore containing YANG-defined data, which is
compatible with a server which implements NETCONF datastores.
If a RESTCONF server is co-located with a NETCONF server,
then there are protocol interactions with the NETCONF protocol,
which are described in .
The RESTCONF server MAY provide access to specific datastores using
operation resources, as described in .
The RESTCONF protocol does not specify any
mandatory operation resources. The semantics of each operation
resource determine if and how datastores are accessed.
Configuration data and state data are exposed as resources that
can be retrieved with the GET method.
Resources representing configuration data
can be modified with the DELETE, PATCH, POST, and PUT methods.
Data is encoded with either XML
or JSON .
Data-model-specific RPC operations defined with the YANG "rpc" or
"action" statements can be invoked with the POST method.
Data-model-specific event notifications defined with the YANG "notification"
statement can be accessed.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
.
The following terms are defined in :
candidate configuration datastore
configuration data
datastore
configuration datastore
running configuration datastore
startup configuration datastore
state data
user
The following terms are defined in :
fragment
path
query
The following terms are defined in :
header field
message-body
request-line
request URI
status-line
The following terms are defined in :
method
request
resource
The following terms are defined in :
entity-tag
The following terms are defined in :
action
container
data node
key leaf
leaf
leaf-list
list
mandatory node
ordered-by user
presence container
RPC operation
top-level data node
The following terms are defined in :
notification replay
The following terms are used within this document:
API resource: the resource that models the RESTCONF root resource
and the sub-resources to access YANG-defined content.
It is defined with the YANG data template named "yang‑api"
in the "ietf‑restconf" module.
client: a RESTCONF client
data resource: a resource that models a YANG data node.
It is defined with YANG data definition statements.
datastore resource: the resource that models a
programmatic interface using NETCONF datastore concepts.
By default, RESTCONF methods access a unified view
of the underlying datastore implementation on the server.
It is defined as a sub-resource within the API resource.
edit operation: a RESTCONF operation on a data resource
using either a POST, PUT, PATCH, or DELETE method. This is
not the same as the NETCONF edit operation (i.e., one of
the values for the "nc:operation" attribute:
"create", "replace", "merge", "delete", or "remove").
event stream resource: This resource represents
an SSE (Server-Sent Events) event stream. The content consists of text
using the media type "text/event‑stream", as defined by the
SSE specification.
Event stream contents are described in .
media-type: HTTP uses Internet media types in the Content-Type
and Accept header fields in order to provide open and extensible
data typing and type negotiation.
NETCONF client: a client which implements the NETCONF protocol.
Called "client" in .
NETCONF server: a server which implements the NETCONF protocol.
Called "server" in .
operation: the conceptual RESTCONF operation for a message,
derived from the HTTP method, request URI, header fields, and message-body.
operation resource: a resource that models a data-model-specific
operation, that is defined with a YANG "rpc" or "action" statement.
It is invoked with the POST method.
patch: a PATCH method on the target datastore
or data resource.
The media type of the message-body content will identify
the patch type in use.
plain patch: a specific media type for use with the PATCH method,
defined in ,
that can be used for simple merge operations.
It is specified by a request Content-Type of
"application/yang‑data‑xml" or "application/yang‑data+json".
query parameter: a parameter (and its value if any),
encoded within the query component of the request URI.
resource type: one of the RESTCONF resource classes defined in
this document. One of "api", "datastore", "data", "operation",
"schema", or "event stream".
RESTCONF capability: An optional RESTCONF protocol feature
supported by the server, which is identified by an IANA registered
NETCONF Capability URI, and advertised with an entry in
the "capability" leaf-list defined in .
RESTCONF client: a client which implements the RESTCONF protocol.
RESTCONF server: a server which implements the RESTCONF protocol.
retrieval request: a request using the GET or HEAD methods.
schema resource: a resource that used by the client to retrieve
a YANG schema with the GET method. It has a representation
with the media type "application/yang".
server: a RESTCONF server
stream list: the set of data resource instances that describe
the event stream resources available from the server.
This information is defined in the "ietf‑restconf‑monitoring"
module as the "stream" list. It can be retrieved using the
target resource
"{+restconf}/data/ietf‑restconf‑monitoring:restconf‑state/streams/stream".
The stream list contains information about each stream,
such as the URL to retrieve the event stream data.
stream resource: An event stream resource.
target resource: the resource that is associated with
a particular message, identified by the "path" component
of the request URI.
yang-data extension: A YANG external statement that conforms
to the "yang‑data" extension statement found in .
The yang-data extension is used to define YANG data structures that
are meant to be used as YANG data templates. These data structures
are not intended to be implemented as part of a configuration
datastore or as operational state within the server, so
normal YANG data definition statements cannot be used.
YANG data template: a schema for modeling protocol message components
as conceptual data structure using YANG.
This allows the messages to be defined in an encoding-independent manner.
Each YANG data template is defined with the "yang‑data" extension,
found in . Representations of instances conforming to
a particular YANG data template can be defined for YANG.
The XML representation is defined in
YANG version 1.1 , and
supported with the "application/yang‑data‑xml" media type.
The JSON representation is defined in
JSON Encoding of Data Modeled with YANG ,
and supported with the "application/yang‑data+json" media type.
Throughout this document, the URI template syntax
"{+restconf}" is used to refer to the RESTCONF root resource outside
of an example. See for details.
For simplicity, all of the examples in this document use "/restconf"
as the discovered RESTCONF API root path.
Many of the examples throughout the document are based on the "example‑jukebox"
YANG module, defined in .
Many protocol header lines and message-body text
within examples throughout the document
are split into multiple lines for display purposes only.
When a line ends with backslash ('\') as the last character,
the line is wrapped for display purposes. It is to be
considered to be joined to the next line by deleting the
backslash, the following line break,
and the leading whitespace of the next line.
A simplified graphical representation of the data model is used in
this document. The meaning of the symbols in these
diagrams is as follows:
Brackets "[" and "]" enclose list keys.
Abbreviations before data node names: "rw" means configuration
data (read-write), "ro" state data (read-only), and "x"
operation resource (executable)
Symbols after data node names: "?" means an optional node, "!" means
a presence container, and "*" denotes a list and leaf-list.
Parentheses enclose choice and case nodes, and case nodes are also
marked with a colon (":").
Ellipsis ("...") stands for contents of subtrees that are not shown.
RESTCONF does not need to mirror the full functionality of the NETCONF
protocol, but it does need to be compatible with NETCONF. RESTCONF
achieves this by implementing a subset of the interaction capabilities
provided by the NETCONF protocol, for instance, by eliminating
datastores and explicit locking.
RESTCONF uses HTTP methods to implement the equivalent of NETCONF
operations, enabling basic CRUD operations on a hierarchy of
conceptual resources.
The HTTP POST, PUT, PATCH, and DELETE methods are used to
edit data resources represented by YANG data models.
These basic edit operations allow the running configuration
to be altered by a RESTCONF client.
RESTCONF is not intended to replace NETCONF, but rather provide
an HTTP interface that follows
Representational State Transfer (REST) principles ,
and is compatible with the NETCONF datastore model.
The following figure shows the system components if a RESTCONF server
is co-located with a NETCONF server:
The following figure shows the system components if a RESTCONF server
is implemented in a device that does not have a NETCONF server:
Note that there are no interactions at all between
the NETCONF protocol and RESTCONF protocol. It is possible
that locks are in use on a RESTCONF server, even though
RESTCONF cannot manipulate locks. In such a case,
the RESTCONF protocol will not be granted write access to
data resources within a datastore.
RESTCONF combines the simplicity of the HTTP protocol with the
predictability and automation potential of a schema-driven API.
Knowing the YANG modules used by the server,
a client can derive all management resource URLs and the
proper structure of all RESTCONF requests and responses.
This strategy obviates the need for responses provided
by the server to contain Hypermedia as the Engine of Application State
(HATEOAS) links, originally described in
Roy Fielding's doctoral dissertation ,
because the client can determine the links it needs from
the YANG modules.
RESTCONF utilizes the YANG Library
to allow a client to discover the YANG module conformance information
for the server, in case the client wants to use it.
The server can optionally support retrieval of the
YANG modules it uses, as identified in its YANG library.
See for details.
The URIs for data-model-specific RPC operations and datastore content
are predictable, based on the YANG module definitions.
The RESTCONF protocol operates on a conceptual datastore defined with
the YANG data modeling language. The server lists each YANG
module it supports using the "ietf‑yang‑library"
YANG module, defined in .
The server MUST implement the "ietf‑yang‑library" module,
which MUST identify all the YANG modules used by the server,
in the "modules‑state/module" list.
The conceptual datastore contents, data-model-specific
RPC operations and event notifications are identified by this set of
YANG modules.
The classification of data as configuration or
non-configuration is derived from the YANG "config" statement.
Data ordering behavior is derived from the YANG "ordered‑by"
statement. Non-configuration data is also called "state data".
The RESTCONF datastore editing model is simple and direct,
similar to the behavior of the :writable-running
capability in NETCONF. Each RESTCONF edit of a data
resource within the datastore resource
is activated upon successful completion of the edit.
RESTCONF can be implemented on a device that supports
the NETCONF protocol.
If the NETCONF server supports :writable-running, all edits to configuration
nodes in {+restconf}/data are performed in the running configuration
datastore. The URI template "{+restconf}" is defined in .
Otherwise, if the device supports :candidate, all edits to
configuration nodes in {+restconf}/data are performed in the candidate
configuration datastore. The candidate MUST be automatically committed to
running immediately after each successful edit. Any edits from other
sources that are
in the candidate datastore will also be committed. If a confirmed commit
procedure is in progress by any NETCONF client, then this commit will act as the confirming commit.
If the NETCONF server is expecting a "persist‑id" parameter to complete the confirmed
commit procedure then the RESTCONF edit operation MUST fail with a
"409 Conflict" status-line. There error-tag "in‑use" is returned in this case.
The error-tag value "resource‑denied" is used in this case.
If the NETCONF server supports :startup, the RESTCONF server MUST automatically
update the non-volatile startup configuration datastore, after the
running datastore has been altered as
a consequence of a RESTCONF edit operation.
If a datastore that would be modified by a RESTCONF operation has an active lock
from a NETCONF client, the RESTCONF edit operation MUST fail with a "409 Conflict"
status-line. There error-tag "in‑use" is returned in this case.
There are two extensibility mechanisms built into RESTCONF:
protocol version
optional capabilities
This document defines version 1 of the RESTCONF protocol.
If a future version of this protocol is defined, then that document
will specify how the new version of RESTCONF is identified.
It is expected that a different RESTCONF root resource will be used
which will be located using a different link relation
(See ).
The server will advertise all protocol versions that it supports
in its host-meta data.
In this example, the server supports both RESTCONF version 1 and a
fictitious version 2.
The client might send:
The server might respond:
RESTCONF also supports a server-defined list of optional capabilities,
which are listed by a server using the "ietf‑restconf‑monitoring" module
defined in . This document defines
several query parameters in . Each optional parameter
has a corresponding capability URI defined in
that is advertised by the server if supported.
The "capabilities" list can identify any
sort of server extension. Currently this extension mechanism is used
to identify optional query parameters that are supported,
but it is not limited to that purpose.
For example, the "defaults" URI defined in
specifies a mandatory URI identifying server defaults handling behavior.
A new sub-resource type could be identified with a capability if
it is optional to implement. Mandatory protocol features and
new resource types require a new revision of the RESTCONF protocol.
HTTP is an application layer protocol that may be layered on
any reliable transport-layer protocol. RESTCONF is defined on top of
HTTP, but due to the sensitive nature of the information conveyed,
RESTCONF requires that the transport-layer protocol provides both data
integrity and confidentiality. A RESTCONF server MUST support the TLS
protocol . The RESTCONF protocol MUST NOT be used over HTTP
without using the TLS protocol.
HTTP/2 MAY be used for RESTCONF.
The server MUST respond using a single HTTP/2 stream for all client
requests from a stream. The server MAY respond using same HTTP/2 stream
that was used for the corresponding request.
Given the nearly ubiquitous support for HTTP over TLS ,
RESTCONF implementations MUST support the "https" URI scheme, which
has the IANA assigned default port 443.
RESTCONF servers MUST present an X.509v3 based certificate when
establishing a TLS connection with a RESTCONF client. The
use of X.509v3 based certificates is consistent with NETCONF over TLS
.
The RESTCONF client MUST either use X.509 certificate path validation
to verify the integrity of the RESTCONF server's TLS
certificate, or match the server’s TLS certificate with a certificate
obtained by a trusted mechanism (e.g. a pinned certificate). If X.509
certificate path validation fails, and the presented X.509 certificate
does not match a certificate obtained by a trusted mechanism, the
connection MUST be terminated, as described in Section 7.2.1 of
.
The RESTCONF client MUST check the identity of the
server according to Section 6 of , including processing the
outcome as described in Section 6.6 of .
The RESTCONF server MUST authenticate client access to any
protected resource. If the RESTCONF client is not authenticated,
the server SHOULD send an HTTP response with
"401 Unauthorized" status-line, as defined in Section 3.1 of
. The error-tag value "access‑denied" is used in this case.
To authenticate a client, a RESTCONF server MUST use TLS
based client certificates (Section 7.4.6 of ), or
MUST use any HTTP authentication scheme defined in the
HTTP Authentication Scheme Registry (Section 5.1 in ).
A server MAY also support the combination of both client
certificates and an HTTP client authentication scheme,
with the determination of how to process this combination
left as an implementation decision.
The RESTCONF client identity derived from the authentication
mechanism used is hereafter known as the "RESTCONF username" and
subject to the NETCONF Access Control Module (NACM) .
When a client certificate is presented, the RESTCONF username MUST
be derived using the algorithm defined in Section 7 of .
For all other cases, when HTTP authentication is used, the
RESTCONF username MUST be provided by the HTTP authentication
scheme used.
The RESTCONF protocol operates on a hierarchy of resources, starting
with the top-level API resource itself
(). Each resource represents a manageable
component within the device.
A resource can be considered as a collection of data and the
set of allowed methods on that data. It can contain nested child
resources. The child resource types and methods allowed on them are
data-model-specific.
A resource has a representation associated with a
media type identifier, as represented
by the "Content‑Type" header field in the HTTP response message.
A resource has one or more representations, each associated with a
different media type. When a representation of a resource is sent
in an HTTP message, the associated media type is given in
the "Content‑Type" header.
A resource can contain zero or more nested resources.
A resource can be created and deleted independently of its
parent resource, as long as the parent resource exists.
The RESTCONF resources are accessed via a set of
URIs defined in this document.
The set of YANG modules supported by the server
will determine the data model specific RPC operations,
top-level data nodes, and event notification messages
supported by the server.
The RESTCONF protocol does not include a
data resource discovery mechanism. Instead, the definitions
within the YANG modules advertised by the server
are used to construct an RPC operation or data
resource identifier.
In line with the best practices defined by , RESTCONF
enables deployments to specify where the RESTCONF API is located.
When first connecting to a RESTCONF server, a RESTCONF client MUST
determine the root of the RESTCONF API. There MUST be exactly
one "restconf" link relation returned by the device.
The client discovers this
by getting the "/.well‑known/host‑meta" resource () and
using the <Link> element containing the "restconf" attribute :
Example returning /restconf:
The client might send:
The server might respond:
After discovering the RESTCONF API root, the client MUST use
this value as the initial part of the path
in the request URI, in any subsequent request for a RESTCONF resource.
In this example, the client would use the path "/restconf"
as the RESTCONF root resource.
Example returning /top/restconf:
The client might send:
The server might respond:
In this example, the client would use the path "/top/restconf"
as the RESTCONF root resource.
The client can now determine the
operation resources supported by the the server.
In this example a custom "play" operation is supported:
The client might send:
The server might respond:
If the Extensible Resource Descriptor (XRD)
contains more than one link relation, then only the
relation named "restconf" is relevant to this specification.
Note that any given endpoint (host:port)
can only support one RESTCONF server,
due to the root resource discovery mechanism.
This limits the number of RESTCONF servers that can run
concurrently on a host, since each server must use a different port.
The RESTCONF protocol defines two application specific media
types to identify representations of data which conforms
to the schema for a particular YANG construct.
This document defines media types for XML and JSON serialization
of YANG data. Other documents MAY define other media types for
different serializations of YANG data.
The "application/yang‑data‑xml" media-type is defined in .
The "application/yang‑data+json" media-type is defined in .
The API resource contains the RESTCONF root resource for
the RESTCONF datastore and operation resources.
It is the top-level resource located at {+restconf} and has the media type
"application/yang‑data‑xml" or "application/yang‑data+json".
YANG Tree Diagram for an API Resource:
The "yang‑api" YANG data template is defined using
the "yang‑data" extension
in the "ietf‑restconf" module, found in .
It specifies the structure and syntax
of the conceptual child resources within the API resource.
The API resource can be retrieved with the GET method.
The {+restconf} root resource name used in responses
representing the root of the "ietf‑restconf" module
MUST identify the "ietf‑restconf" YANG module.
For example, a request to GET the root resource "/restconf"
in JSON format will return a representation of
the API resource named "ietf‑restconf:restconf".
This resource has the following child resources:
Child ResourceDescriptiondataContains all data resourcesoperationsData-model-specific operationsyang-library-versionietf-yang-library module date
This mandatory resource represents the combined configuration
and state data resources that can be accessed by a client.
It cannot be created or deleted by the client.
The datastore resource type is defined in .
Example:
This example request by the client
would retrieve only the non-configuration data nodes
that exist within the "library" resource, using the "content"
query parameter (see ).
The server might respond:
This optional resource is a container that provides access to the
data-model-specific RPC operations supported by the server.
The server MAY omit this resource if no data-model-specific
RPC operations are advertised.
Any data-model-specific RPC operations defined in the YANG
modules advertised by the server MUST be available as child nodes of
this resource.
The access point for each RPC operation is represented as
an empty leaf. If an operation resource is retrieved,
the empty leaf representation is returned by the server.
Operation resources are defined in .
This mandatory leaf identifies the revision date of the "ietf‑yang‑library"
YANG module that is implemented by this server. Note that the
revision date for the module version found in is used.
Example:
The server might respond:
The "{+restconf}/data" subtree represents the datastore resource,
which is a collection of configuration data and state data nodes.
The fragment field in the request URI has no defined purpose
if the target resource is a datastore resource.
This resource type is an abstraction of the system's underlying datastore
implementation. The client uses it to edit and retrieve data resources,
as the conceptual root of all configuration and state data
that is present on the device.
Configuration edit transaction management and configuration persistence
are handled by the server and not controlled by the client.
A datastore resource can be written directly with
the POST and PATCH methods. Each RESTCONF edit of a datastore resource is
saved to non-volatile storage by the server, if the server supports
non-volatile storage of configuration data,
as described in .
If the datastore resource represented by the "{+restconf}/data" subtree
is retrieved, then the datastore and its contents are returned
by the server. The datastore is represented by a node named "data"
in the "ietf‑restconf" module namespace.
Two edit collision detection and prevention mechanisms are provided
in RESTCONF for the datastore resource: a timestamp and an entity-tag.
Any change to configuration data resources updates the timestamp
and entity tag of the datastore resource.
In addition, the RESTCONF server will return an error if
the datastore is locked by an external source (e.g., NETCONF server).
The last change time is maintained and
the "Last‑Modified" (, Section 2.2) header field is returned in the
response for a retrieval request.
The "If‑Unmodified‑Since" header field (, Section 3.4) can be used
in edit operation requests to cause the server
to reject the request if the resource has been modified
since the specified timestamp.
The server SHOULD maintain a last-modified timestamp for the
datastore resource, defined in .
This timestamp is only affected by configuration
child data resources, and MUST NOT be updated
for changes to non-configuration child data resources.
Last-modified timestamps for data resources are discussed in .
If the RESTCONF server is colocated with a NETCONF server, then the
last-modified timestamp MUST be for the "running" datastore.
Note that it is possible other protocols can cause the last-modified
timestamp to be updated. Such mechanisms are out of scope
for this document.
The server MUST maintain a unique opaque entity-tag for the
datastore resource and MUST return it in the "ETag" (,
Section 2.3) header in the response for a retrieval request. The
client MAY use an "If‑Match" header in edit operation requests to
cause the server to reject the request if the resource entity-tag
does not match the specified value.
The server MUST maintain an entity-tag for the
top-level {+restconf}/data resource.
This entity-tag is only
affected by configuration data resources, and MUST NOT be updated
for changes to non-configuration data.
Entity-tags for data resources are discussed in .
Note that each representation (e.g. XML vs. JSON) requires a
different entity-tag.
If the RESTCONF server is colocated with a NETCONF server, then this
entity-tag MUST be for the "running" datastore.
Note that it is possible other protocols can cause the entity-tag
to be updated. Such mechanisms are out of scope
for this document.
Changes to configuration data resources affect the timestamp
and entity-tag for that resource, any ancestor data resources,
and the datastore resource.
For example, an edit to disable an interface might be
done by setting the leaf "/interfaces/interface/enabled" to "false".
The "enabled" data node and its ancestors
(one "interface" list instance, and the "interfaces" container)
are considered to be changed. The datastore is considered to be
changed when any top-level configuration data node is changed
(e.g., "interfaces").
A data resource represents a YANG data node that is a descendant
node of a datastore resource. Each YANG-defined data node can be uniquely
targeted by the request-line of an HTTP method. Containers,
leafs, leaf-list entries, list entries, anydata and
anyxml nodes are data resources.
The representation maintained for each data resource is the YANG
defined subtree for that node. HTTP methods on a data
resource affect both the targeted data node and all
its descendants, if any.
A data resource can be retrieved with the GET method.
Data resources are accessed via the "{+restconf}/data" URI.
This sub-tree is used to retrieve and edit data resources.
The fragment field in the request URI has no defined purpose
if the target resource is a data resource.
For configuration data resources,
the server MAY maintain a last-modified timestamp for the
resource, and return the "Last‑Modified" header field when it
is retrieved with the GET or HEAD methods.
The "Last‑Modified" header field can be used by a
RESTCONF client in subsequent requests, within the "If‑Modified‑Since"
and "If‑Unmodified‑Since" header fields.
If maintained, the resource timestamp MUST be set to the current
time whenever the resource
or any configuration resource within the resource is altered.
If not maintained, then the resource timestamp for the datastore
MUST be used instead.
If the RESTCONF server is colocated with a NETCONF server, then the
last-modified timestamp for a configuration data resource MUST represent
the instance within the "running" datastore.
This timestamp is only
affected by configuration data resources, and MUST NOT be updated
for changes to non-configuration data.
For configuration data resources,
the server SHOULD maintain a resource entity-tag for each
resource, and return the "ETag" header field when it
is retrieved as the target resource with the GET or HEAD methods.
If maintained, the resource entity-tag MUST be updated
whenever the resource
or any configuration resource within the resource is altered.
If not maintained, then the resource entity-tag for the datastore
MUST be used instead.
The "ETag" header field can be used by a
RESTCONF client in subsequent requests, within the "If‑Match"
and "If‑None‑Match" header fields.
This entity-tag is only
affected by configuration data resources, and MUST NOT be updated
for changes to non-configuration data.
If the RESTCONF server is colocated with a NETCONF server, then the
entity-tag for a configuration data resource MUST represent
the instance within the "running" datastore.
In YANG, data nodes can be identified with an absolute
XPath expression, defined in , starting
from the document root to the target resource.
In RESTCONF, URI-encoded path expressions are used instead.
A predictable location for a data resource
is important, since applications will code to the YANG
data model module, which uses static naming and defines an
absolute path location for all data nodes.
A RESTCONF data resource identifier is
encoded from left to right, starting with the top-level data node,
according to the "api‑path" rule in . The node name of
each ancestor of the target resource node is encoded in order, ending
with the node name for the target resource. If a node in the path is
defined in another module than its parent node,
or its parent is the datastore, then the module name
followed by a colon character (":") MUST be prepended to the node name in
the resource identifier. See for details.
If a data node in the path expression is a YANG leaf-list node,
then the leaf-list value MUST be encoded according to the following rules:
The identifier for the leaf-list MUST be encoded
using one path segment .
The path segment is constructed by having the leaf-list name,
followed by an "=" character, followed by the leaf-list value.
(e.g., /restconf/data/top-leaflist=fred).
The leaf-list value is specified as a string, using the
canonical representation for the YANG data type.
Any reserved characters MUST be
percent-encoded, according to , section 2.1 and 2.5.
YANG 1.1 allows duplicate leaf-list values
for non-configuration data. In this case there is no
mechanism to specify the exact matching leaf-list instance.
The comma (',') character is percent-encoded, even though
multiple key values are not possible for a leaf-list.
This is more consistent and avoids special processing rules.
If a data node in the path expression is a YANG list node,
then the key values for the list (if any) MUST be encoded
according to the following rules:
The key leaf values for a data resource representing a YANG
list MUST be encoded using one path segment .
If there is only one key leaf value, the path segment is constructed
by having the list name, followed by an "=" character,
followed by the single key leaf value.
If there are multiple key leaf values,
the path segment is constructed by having the list name,
followed by the value of each leaf
identified in the "key" statement, encoded
in the order specified in the YANG "key" statement.
Each key leaf value except the last one is followed by a comma
character.
The key value is specified as a string, using the
canonical representation for the YANG data type.
Any reserved characters MUST be
percent-encoded, according to , section 2.1 and 2.5.
The comma (',') character MUST be percent-encoded if it is
present in the key value.
All the components in the "key" statement MUST be encoded.
Partial instance identifiers are not supported.
Missing key values are not allowed,
so two consecutive commas are interpreted as
a comma, followed by a zero-length string, followed by a comma.
For example, "list1=foo,,baz" would be interpreted as a
list named "list1" with 3 key values,
and the second key value is a zero-length string.
Note that non-configuration lists are not required to define keys.
In this case, a single list instance cannot be accessed.
The "list‑instance" ABNF rule defined in
represents the syntax of a list instance identifier.
Examples:
For the above YANG definition, the container "top" is defined in
the "example‑top" YANG module, and a target resource URI for leaf "X"
would be encoded as follows:
For the above YANG definition, a target resource URI for leaf-list "Y"
would be encoded as follows:
The following example shows how reserved characters are
percent-encoded within a key value. The value of "key1" contains a
comma, single-quote, double-quote, colon, double-quote, space, and
forward slash. (,'":" /). Note that double-quote is not a reserved
characters and does not need to be percent-encoded. The value of
"key2" is the empty string, and the value of "key3" is the string
"foo".
Example URL:
The "api‑path" Augmented Backus-Naur Form (ABNF) syntax
is used to construct RESTCONF path identifiers.
Note that this syntax is used for all resources,
and the API path starts with the RESTCONF root resource.
Data resources are required to be identified under
the subtree "+{restconf}/data".
An identifier is not allowed to start with the case-insensitive
string "XML", according to YANG identifier rules.
The syntax for "api‑identifier" and "key‑value" MUST conform to the
JSON identifier encoding rules in Section 4 of :
The RESTCONF root resource path is required.
Additional sub-resource identifiers are optional.
The characters in a key value string are constrained,
and some characters need to be percent-encoded,
as described in .
RESTCONF requires that a server report its default handling mode
(see for details). If the optional "with‑defaults" query
parameter is supported by the server, a client may use it to control
retrieval of default values (see for details).
If a leaf or leaf-list is missing from the configuration
and there is a YANG-defined default for that data resource, then
the server MUST use the YANG-defined default as the configured value.
If the target of a GET method is a data node
that represents a leaf or leaf-list that has a default value,
and the leaf or leaf-list has not been instantiated yet, the server MUST
return the default value(s) that are in use by the server. In this case,
the server MUST ignore its basic-mode, described in ,
and return the default value.
If the target of a GET method is a data node
that represents a container or list that has any child resources
with default values, for the child resources that have not been given
value yet, the server MAY
return the default values that are in use by the server, in accordance
with its reported default handing mode and query parameters passed by the client.
An operation resource represents an RPC operation
defined with the YANG "rpc" statement or a data-model-specific
action defined with a YANG "action" statement.
It is invoked using a POST method on the operation resource.
The fragment field in the request URI has no defined purpose
if the target resource is an operation resource.
An RPC operation is invoked as:
The <operation> field identifies the module name and rpc identifier
string for the desired operation.
For example, if "module‑A" defined a "reset" rpc operation, then
invoking the operation would be requested as follows:
An action is invoked as:
where <data‑resource‑identifier> contains the path to the data node
where the action is defined, and <action> is the name of the
action.
For example, if "module‑A" defined a "reset‑all" action in the
container "interfaces", then invoking this action would be requested
as follows:
If the RPC operation is invoked without errors, and
if the "rpc" or "action" statement has no "output" section, the
response message MUST NOT include a message-body, and MUST send a "204
No Content" status-line instead.
All operation resources representing RPC operations
supported by the server MUST be identified
in the {+restconf}/operations subtree defined in .
Operation resources representing YANG actions are not
identified in this subtree since they are invoked
using a URI within the {+restconf}/data subtree.
If the "rpc" or "action" statement has an "input" section then
instances of these input parameters are encoded
in the module namespace where the "rpc" or "action" statement is defined,
in an XML element or JSON object named "input",
which is in the module namespace where the "rpc"
or "action" statement is defined.
If the "rpc" or "action" statement has an "input" section and the
"input" object tree contains any child data nodes which are considered
mandatory nodes, then a message-body MUST be sent by the client in the request.
If the "rpc" or "action" statement has an "input" section and the
"input" object tree does not contain any child nodes which are
considered mandatory nodes, then a message-body
MAY be sent by the client in the request.
If the "rpc" or "action" statement has no "input" section, the
request message MUST NOT include a message-body.
Examples:
The following YANG module is used for the RPC operation
examples in this section.
The following YANG module is used for the YANG action
examples in this section.
RPC Input Example:
The client might send the following POST request message
to invoke the "reboot" RPC operation:
The server might respond:
The same example request message is shown here using JSON encoding:
Action Input Example:
The client might send the following POST request message
to invoke the "reset" action:
The server might respond:
The same example request message is shown here using JSON encoding:
If the "rpc" or "action" statement has an "output" section then
instances of these output parameters are encoded
in the module namespace where the "rpc" or "action" statement is defined,
in an XML element or JSON object named "output",
which is in the module namespace where the "rpc"
or "action" statement is defined.
If the RPC operation is invoked without errors,
and if the "rpc" or "action" statement has an "output" section and the
"output" object tree contains any child data nodes which are considered
mandatory nodes, then a response message-body MUST be sent by the server in the response.
If the RPC operation is invoked without errors,
and if the "rpc" or "action" statement has an "output" section and the
"output" object tree does not contain any child nodes which are
considered mandatory nodes, then a response message-body
MAY be sent by the server in the response.
The request URI is not returned in the response.
Knowledge of the request URI may be needed to associate
the output with the specific "rpc" or "action"
statement used in the request.
Examples:
RPC Output Example:
The "example‑ops" YANG module defined in
is used for this example.
The client might send the following POST request message
to invoke the "get‑reboot‑info" operation:
The server might respond:
The same response is shown here using XML encoding:
Action Output Example:
The "example‑actions" YANG module defined in
is used for this example.
The client might send the following POST request message
to invoke the "get‑last‑reset‑time" action:
The server might respond:
If any errors occur while attempting to invoke the operation
or action, then an "errors" media type is returned with the
appropriate error status.
If the RPC operation input is not valid, or the RPC operation is invoked but
errors occur, then a message-body
MUST be sent by the server, containing an "errors" resource,
as defined in . A detailed example of
an operation resource error response can be found in
.
Using the "reboot" RPC operation from the example in
,
the client might send the following POST request message:
The server might respond with an "invalid‑value" error:
The same response is shown here in JSON encoding:
The server can optionally support retrieval of the YANG modules it
supports. If retrieval is supported, then the "schema"
leaf MUST be present in the associated "module" list entry,
defined in .
To retrieve a YANG module, a client first needs to get
the URL for retrieving the schema, which is stored in the
"schema" leaf. Note that there is no required structure
for this URL. The URL value shown below is just an example.
The client might send the following GET request message:
The server might respond:
Next the client needs to retrieve the actual YANG schema.
The client might send the following GET request message:
The server might respond:
An "event stream" resource represents a source for system generated
event notifications. Each stream is created and modified
by the server only. A client can retrieve a stream resource
or initiate a long-poll server sent event stream,
using the procedure specified in .
An event stream functions according to the NETCONF
Notifications specification . The available streams
can be retrieved from the stream list,
which specifies the syntax and semantics of the stream resources.
The fragment field in the request URI has no defined purpose
if the target resource is an event stream resource.
The "errors" YANG data template models a collection
of error information that
is sent as the message-body in a server response message,
if an error occurs while processing a request message.
It is not considered as a resource type because no instances
can be retrieved with a GET request.
The "ietf‑restconf" YANG module contains the "yang‑errors"
YANG data template, that specifies the syntax and
semantics of an "errors" container within a RESTCONF response.
RESTCONF error handling behavior is defined in .
The RESTCONF protocol uses HTTP methods to identify
the CRUD operations requested for a particular resource.
The following table shows how the RESTCONF operations relate to
NETCONF protocol operations and for the NETCONF <edit‑config>
operation, the "nc:operation" attribute.
RESTCONFNETCONFOPTIONSnoneHEADnoneGET<get-config>, <get>POST<edit-config> (nc:operation="create")POSTinvoke an RPC operationPUT<edit-config> (nc:operation="create/replace")PATCH<edit-config> (nc:operation="merge")DELETE<edit-config> (nc:operation="delete")
The "remove" edit operation attribute for the NETCONF <edit‑config>
RPC operation is not supported by the HTTP DELETE method.
The resource must exist or the DELETE method will fail.
The PATCH method is equivalent to
a "merge" edit operation when using a plain patch (see );
other media-types may provide more granular control.
Access control mechanisms are used to limit what CRUD operations
can be used. In particular, RESTCONF is compatible with the
NETCONF Access Control Model (NACM) , as there is a
specific mapping between RESTCONF and NETCONF operations.
The resource path needs
to be converted internally by the server to the corresponding
YANG instance-identifier. Using this information,
the server can apply the NACM access control rules to RESTCONF
messages.
The server MUST NOT allow any RESTCONF operation
for any resources that the client is not authorized to access.
Implementation of all methods (except PATCH )
are defined in .
This section defines the RESTCONF protocol usage for
each HTTP method.
The OPTIONS method is sent by the client to
discover which methods are supported by the server
for a specific resource (e.g., GET, POST, DELETE, etc.).
The server MUST implement this method.
If the PATCH method is supported, then the "Accept‑Patch" header field MUST
be supported and returned in the response to the OPTIONS request, as
defined in .
The RESTCONF server MUST support the HEAD method.
The HEAD method is sent by the client to
retrieve just the header fields
(which contain the metadata for a resource) that would be returned
for the comparable GET method, without the response message-body.
It is supported for all resources that support the GET method.
The request MUST contain a request URI
that contains at least the root resource.
The same query parameters supported by the GET method
are supported by the HEAD method.
The access control behavior is enforced
as if the method was GET instead of HEAD.
The server MUST respond the same as if the method
was GET instead of HEAD, except that no
response message-body is included.
The RESTCONF server MUST support the GET method.
The GET method is sent by the client to
retrieve data and metadata for a resource.
It is supported for all resource types, except operation
resources.
The request MUST contain a request URI
that contains at least the root resource.
The server MUST NOT return any data resources for which the user
does not have read privileges.
If the user is not authorized to read the target resource, an error
response containing a "401 Unauthorized" status-line SHOULD be
returned.
The error-tag value "access‑denied" is returned in this case.
A server MAY return a "404 Not Found" status-line, as
described in section 6.5.3 in .
The error-tag value "invalid‑value" is returned in this case.
If the user is authorized to read some but not all of
the target resource, the unauthorized content is omitted
from the response message-body, and the authorized content
is returned to the client.
If any content is returned to the client, then the server MUST
send a valid response message-body. More than one element
MUST NOT be returned for XML encoding.
If multiple elements are sent in a JSON message-body,
then they MUST be sent as a JSON array. In this case
any timestamp or entity-tag returned in the response
MUST be associated with the first element returned.
If a retrieval request for a data resource representing
a YANG leaf-list or list object
identifies more than one instance, and XML encoding
is used in the response, then an error response containing
a "400 Bad Request" status-line MUST be returned by the server.
The error-tag value "invalid‑value" is used in this case.
Note that a non-configuration list is not required to defined any keys.
In this case, retrieval of a single list instance is not possible.
If a retrieval request for a data resource represents
an instance that does not exist,
then an error response containing a "404 Not Found" status-line
MUST be returned by the server.
The error-tag value "invalid‑value" is used in this case.
If the target resource of a retrieval request is for an operation
resource
then a "405 Method Not Allowed" status-line MUST be returned by the server.
The error-tag value "operation‑not‑supported" is used in this case.
Note that the way that access control is applied to data resources may
not be completely compatible with HTTP caching. The Last-Modified
and ETag header fields maintained for a data resource are not affected
by changes to the access control rules for that data resource. It is possible
for the representation of a data resource that is visible to
a particular client to be changed without detection via the Last-Modified
or ETag values.
Example:
The client might request the response header fields for an
XML representation of the a specific "album" resource:
The server might respond:
The RESTCONF server MUST support the POST method.
The POST method is sent by the client to create a data resource
or invoke an operation resource.
The server uses the target resource type
to determine how to process the request.
TypeDescriptionDatastoreCreate a top-level configuration data resourceDataCreate a configuration data child resourceOperationInvoke an RPC operation
If the target resource type is a datastore or data resource, then the
POST is treated as a request to create a top-level resource or child
resource, respectively. The message-body is expected to contain the
content of a child resource to create within the parent (target
resource). The message-body MUST contain exactly one instance
of the expected data resource. The data-model for the child tree
is the subtree as defined by YANG for the child resource.
The "insert" and "point" query parameters MUST be supported
by the POST method for datastore and data resources.
These parameters are only allowed if the list or leaf-list
is ordered-by user.
If the POST method succeeds,
a "201 Created" status-line is returned and there is
no response message-body. A "Location" header field identifying
the child resource that was created MUST be present
in the response in this case.
If the data resource already exists, then the POST request MUST
fail and a "409 Conflict" status-line MUST be returned.
The error-tag value "resource‑denied" is used in this case.
If the user is not authorized to create the target resource,
an error response containing a "403 Forbidden" status-line SHOULD be
returned. The error-tag value "access‑denied" is used in this case.
A server MAY return a "404 Not Found" status-line, as
described in section 6.5.3 in .
The error-tag value "invalid‑value" is used in this case.
All other error responses are handled according to
the procedures defined in .
Example:
To create a new "jukebox" resource, the client might send:
If the resource is created, the server might respond as follows:
Refer to for more resource creation examples.
If the target resource type is an operation resource,
then the POST method is treated as a request to invoke that operation.
The message-body (if any) is processed as the operation input
parameters. Refer to for details
on operation resources.
If the POST request succeeds, a "200 OK" status-line
is returned if there is a response message-body, and
a "204 No Content" status-line is returned if there is
no response message-body.
If the user is not authorized to invoke the target operation,
an error response containing
a "403 Forbidden" status-line is returned to
the client. The error-tag value "access‑denied" is used in this case.
All other error responses are handled according to
the procedures defined in .
Example:
In this example, the client is invoking the "play" operation
defined in the "example‑jukebox" YANG module.
A client might send a "play" request as follows:
The server might respond:
The RESTCONF server MUST support the PUT method.
The PUT method is sent by the client to create or replace
the target data resource. A request message-body MUST be present,
representing the new data resource, or the server MUST return
"400 Bad Request" status-line.
The error-tag value "invalid‑value" is used in this case.
Both the POST and PUT methods can be used to create data resources.
The difference is that for POST, the client does not provide
the resource identifier for the resource that will be created.
The target resource for the POST method for resource creation
is the parent of the new resource.
The target resource for the PUT method for resource creation
is the new resource.
The PUT method MUST be supported for data and datastore resources.
A PUT on the datastore resource is used to replace the entire contents
of the datastore. A PUT on a data resource only replaces that data resource
within the datastore.
The "insert" () and "point" () query parameters MUST be
supported by the PUT method for data resources.
These parameters are only allowed if the list or leaf-list
is ordered-by user.
Consistent with , if the PUT request creates a new resource,
a "201 Created" status-line is returned. If an existing resource
is modified, a "204 No Content" status-line is returned.
If the user is not authorized to create or replace the target resource
an error response containing a "403 Forbidden" status-line SHOULD be
returned. The error-tag value "access‑denied" is used in this case.
If the target resource represents a YANG leaf-list, then the
PUT method MUST NOT change the value of the leaf-list instance.
If the target resource represents a YANG list instance, then
the key leaf values in message-body representation
MUST be the same as the key leaf values in the request URI.
The PUT method MUST NOT be used to change the key leaf
values for a data resource instance.
Example:
An "album" child resource defined in the "example‑jukebox" YANG module
is replaced or created if it does not already exist.
To replace the "album" resource contents,
the client might send as follows:
If the resource is updated, the server might respond:
The same request is shown here using XML encoding:
The RESTCONF server MUST support the PATCH method.
RESTCONF uses the HTTP PATCH method defined
in to provide an extensible framework for
resource patching mechanisms. It is optional to implement
by the server. Each patch mechanism needs a unique
media type. Zero or more patch media types MAY be supported
by the server. The media types supported by a server can be
discovered by the client by sending an OPTIONS request,
and examining the Accept-Patch header field in the response.
(see ).
This document defines one patch mechanism (). Another
patch mechanism, the YANG PATCH mechanism, is defined in
. Other patch mechanisms may be
defined by future specifications.
If the target resource instance does not exist, the server MUST NOT
create it.
If the PATCH request succeeds, a "200 OK" status-line
is returned if there is a message-body, and "204 No Content"
is returned if no response message-body is sent.
If the user is not authorized to alter the target resource
an error response containing a "403 Forbidden" status-line SHOULD be
returned. A server MAY return a "404 Not Found" status-line, as
described in section 6.5.3 in .
The error-tag value "invalid‑value" is used in this case.
All other error responses are handled according to
the procedures defined in .
The plain patch mechanism merges the contents of the message-body with
the target resource. The message-body for a plain patch
MUST be present and MUST be represented by the
media type "application/yang‑data‑xml" or "application/yang‑data+json".
Plain patch can be used to create or update, but not delete, a child
resource within the target resource. Please see
for an alternate media-type supporting
the ability to delete child resources.
The YANG Patch Media Type allows multiple
sub-operations (e.g., merge, delete) within a single PATCH method.
If the target resource represents a YANG leaf-list, then the
PATCH method MUST NOT change the value of the leaf-list instance.
If the target resource represents a YANG list instance, then
the key leaf values in message-body representation
MUST be the same as the key leaf values in the request URI.
The PATCH method MUST NOT be used to change the key leaf
values for a data resource instance.
After the plain patch is processed by the server.
a response will be returned to the client, as specified in .
Example:
To replace just the "year" field in the "album" resource
(instead of replacing the entire resource with the PUT method),
the client might send a plain patch as follows.
If the field is updated, the server might respond:
The RESTCONF server MUST support the DELETE method.
The DELETE method is used to delete the target resource.
If the DELETE request succeeds, a "204 No Content" status-line
is returned.
If the user is not authorized to delete the target resource then
an error response containing a "403 Forbidden" status-line SHOULD be
returned. The error-tag value "access‑denied" is returned in this case.
A server MAY return a "404 Not Found" status-line, as
described in section 6.5.3 in .
The error-tag value "invalid‑value" is returned in this case.
All other error responses are handled according to
the procedures defined in .
If the target resource represents a configuration leaf-list
or list data node, then it MUST represent a single YANG leaf-list
or list instance. The server MUST NOT use the
DELETE method to delete more than one such instance.
Example:
To delete the "album" resource with the key "Wasting Light",
the client might send:
If the resource is deleted, the server might respond:
Each RESTCONF operation allows zero or more query
parameters to be present in the request URI.
The specific parameters that are allowed depends
on the resource type, and sometimes the specific target
resource used, in the request.
Query parameters can be given in any order.
Each parameter can appear at most once in a request URI.
If more than one instance of a query parameter is present, then a "400 Bad Request"
status-line MUST be returned by the server.
The error-tag value "invalid‑value" is returned in this case.
A default value may apply if the parameter is missing.
Query parameter names and values are case-sensitive
A server MUST return an error with a '400 Bad Request' status-line
if a query parameter is unexpected.
The error-tag value "invalid‑value" is returned in this case.
NameMethodsDescriptioncontentGET, HEADSelect config and/or non-config data resourcesdepthGET, HEADRequest limited sub-tree depth in the reply contentfieldsGET, HEADRequest a subset of the target resource contentsfilterGET, HEADBoolean notification filter for event stream resourcesinsertPOST, PUTInsertion mode for ordered-by user data resourcespointPOST, PUTInsertion point for ordered-by user data resourcesstart-timeGET, HEADReplay buffer start time for event stream resourcesstop-timeGET, HEADReplay buffer stop time for event stream resourceswith-defaultsGET, HEADControl retrieval of default values
Refer to for examples of query parameter usage.
If vendors define additional query parameters, they SHOULD use a
prefix (such as the enterprise or organization name) for query
parameter names in order to avoid collisions with other parameters.
The "content" parameter controls how descendant nodes of
the requested data nodes will be processed in the reply.
The allowed values are:
ValueDescriptionconfigReturn only configuration descendant data nodesnonconfigReturn only non-configuration descendant data nodesallReturn all descendant data nodes
This parameter is only allowed for GET methods on datastore and data
resources. A "400 Bad Request" status-line is returned if used for other
methods or resource types.
If this query parameter is not present, the default value is "all".
This query parameter MUST be supported by the server.
The "depth" parameter is used to limit the depth of
subtrees returned by the server.
Data nodes with a depth value greater than the "depth" parameter
are not returned in a response for a GET method.
The requested data node has a depth level of '1'.
If the "fields" parameter
() is used to select descendant data nodes, then these nodes
and all their ancestor nodes have a depth value of 1.
(This has the effect of including the
nodes specified by the fields, even if the "depth" value is less
than the actual depth level of the specified fields.)
Any other child node has a depth value that is 1 greater than its parent.
The value of the "depth" parameter is either an integer between 1 and
65535, or the string "unbounded". "unbounded" is the default.
This parameter is only allowed for GET methods on API, datastore, and
data resources. A "400 Bad Request" status-line is returned if it used for
other methods or resource types.
By default, the server will include all sub-resources within a
retrieved resource, which have the same resource type as the requested
resource. The exception is
the datastore resource. If this resource type is retrieved then
by default the datastore and all child data resources are returned.
If the "depth" query parameter URI is listed in
the "capability" leaf-list in , then the server
supports the "depth" query parameter.
The "fields" query parameter is used to optionally identify
data nodes within the target resource to be retrieved in a
GET method. The client can use this parameter to retrieve
a subset of all nodes in a resource.
The server will return a message-body representing the
target resource, with descendant nodes pruned as specified
in the "fields‑expr" value. The server does not return a set
separate sub-resources.
A value of the "fields" query parameter matches the
following rule:
"api‑identifier" is defined in .
";" is used to select multiple nodes. For example, to
retrieve only the "genre" and "year" of an album, use:
"fields=genre;year".
Parentheses are used to specify sub-selectors of a node.
Note that there is no path separator character '/'
between a "path" field and left parenthesis character '('.
For example, assume the target resource is the "album" list.
To retrieve only the "label" and
"catalogue‑number" of the "admin" container within an album, use:
"fields=admin(label;catalogue‑number)".
"/" is used in a path to retrieve a child node of a node.
For example, to retrieve only the "label" of an album, use:
"fields=admin/label".
This parameter is only allowed for GET methods on api,
datastore, and data resources. A "400 Bad Request" status-line
is returned if used for other methods or resource types.
If the "fields" query parameter URI is listed in the
"capability" leaf-list in , then the server
supports the "fields" parameter.
The "filter" parameter is used to indicate which subset of
all possible events are of interest. If not present, all
events not precluded by other parameters will be sent.
This parameter is only allowed for GET methods on an
event stream resource.
A "400 Bad Request" status-line
is returned if used for other methods or resource types.
The format of this parameter is an XPath 1.0 expression, and is
evaluated in the following context:
The set of namespace declarations is the set of
prefix and namespace pairs for all supported YANG
modules, where the prefix is the YANG module name, and
the namespace is as defined by the "namespace" statement
in the YANG module.
The function library is the core function library defined
in XPath 1.0, plus any functions defined by the data model.
The set of variable bindings is empty.
The context node is the root node.
The filter is used as defined in , Section 3.6.
If the boolean result of the expression is true when applied
to the conceptual "notification" document root, then the
event notification is delivered to the client.
If the "filter" query parameter URI is listed in the "capability" leaf-list
in , then the server supports the "filter" query parameter.
The "insert" parameter is used to specify how a
resource should be inserted within a ordered-by user list.
The allowed values are:
ValueDescriptionfirstInsert the new data as the new first entry.lastInsert the new data as the new last entry.beforeInsert the new data before the insertion point, as specified by the value of the "point" parameter.afterInsert the new data after the insertion point, as specified by the value of the "point" parameter.
The default value is "last".
This parameter is only supported for the POST and PUT
methods. It is also only supported if the target
resource is a data resource, and that data represents
a YANG list or leaf-list that is ordered-by user.
If the values "before" or "after" are used,
then a "point" query parameter for the insertion
parameter MUST also be present, or a "400 Bad Request"
status-line is returned.
The "insert" query parameter MUST be supported by the server.
The "point" parameter is used to specify the
insertion point for a data resource that is being
created or moved within an ordered-by user list or leaf-list.
The value of the "point" parameter is a string that identifies
the path to the insertion point object. The format is
the same as a target resource URI string.
This parameter is only supported for the POST and PUT
methods. It is also only supported if the target
resource is a data resource, and that data represents
a YANG list or leaf-list that is ordered-by user.
If the "insert" query parameter is not present, or has
a value other than "before" or "after", then a "400 Bad Request"
status-line is returned.
This parameter contains the instance identifier of the
resource to be used as the insertion point for a
POST or PUT method.
The "point" query parameter MUST be supported by the server.
The "start‑time" parameter is used to trigger
the notification replay feature defined in and indicate
that the replay should start at the time specified.
If the stream does not support replay, per the
"replay‑support" attribute returned by stream list
entry for the stream resource, then the server MUST
return a "400 Bad Request" status-line.
The value of the "start‑time" parameter is of type
"date‑and‑time", defined in the "ietf‑yang" YANG module
.
This parameter is only allowed for GET methods on a
text/event-stream data resource. A "400 Bad Request" status-line
is returned if used for other methods or resource types.
If this parameter is not present, then a replay subscription
is not being requested. It is not valid to specify start
times that are later than the current time. If the value
specified is earlier than the log can support, the replay
will begin with the earliest available notification.
A client can obtain a server's current time by examining the "Date"
header field that the server returns in response messages, according
to .
If this query parameter is supported by the server, then the
"replay" query parameter URI MUST be listed in the "capability" leaf-list
in , anf the "stop‑time" query parameter MUST also be supported
by the server.
If the "replay‑support" leaf has the value 'true' in the "stream"
entry (defined in ) then the server MUST support
the "start‑time" and "stop‑time" query parameters for that stream.
The "stop‑time" parameter is used with the
replay feature to indicate the newest notifications of
interest. This parameter MUST be used with and have a
value later than the "start‑time" parameter.
The value of the "stop‑time" parameter is of type
"date‑and‑time", defined in the "ietf‑yang" YANG module
.
This parameter is only allowed for GET methods on a
text/event-stream data resource. A "400 Bad Request" status-line
is returned if used for other methods or resource types.
If this parameter is not present, the notifications will
continue until the subscription is terminated.
Values in the future are valid.
If this query parameter is supported by the server, then the
"replay" query parameter URI MUST be listed in the "capability" leaf-list
in , and the "start‑time" query parameter MUST also be supported
by the server.
If the "replay‑support" leaf is present in the "stream"
entry (defined in ) then the server MUST support
the "start‑time" and "stop‑time" query parameters for that stream.
The "with‑defaults" parameter is used to specify how
information about default data nodes should be returned
in response to GET requests on data resources.
If the server supports this capability, then it MUST implement
the behavior in Section 4.5.1 of , except applied to
the RESTCONF GET operation, instead of the NETCONF operations.
ValueDescriptionreport-allAll data nodes are reportedtrimData nodes set to the YANG default are not reportedexplicitData nodes set to the YANG default by the client are reportedreport-all-taggedAll data nodes are reported and defaults are tagged
If the "with‑defaults" parameter is set to "report‑all" then the server MUST
adhere to the defaults reporting behavior defined in
Section 3.1 of .
If the "with‑defaults" parameter is set to "trim" then the server MUST
adhere to the defaults reporting behavior defined in
Section 3.2 of .
If the "with‑defaults" parameter is set to "explicit" then the server MUST
adhere to the defaults reporting behavior defined in
Section 3.3 of .
If the "with‑defaults" parameter is set to "report‑all‑tagged"
then the server MUST adhere to the defaults reporting behavior defined in
Section 3.4 of . Metadata is reported by the server
as specified in . The XML encoding
for the "default" attribute
sent by the server for default nodes is defined in section 6 of .
The JSON encoding for the "default" attribute MUST use the same
values as defined in , but encoded according to the
rules in . The module
name "ietf‑netconf‑with‑defaults" MUST be used for the "default" attribute.
If the "with‑defaults" parameter is not present
then the server MUST adhere to the defaults reporting behavior defined in
its "basic‑mode" parameter for the "defaults" protocol capability URI,
defined in .
If the server includes the "with‑defaults" query parameter URI in
the "capability" leaf-list in , then the "with‑defaults"
query parameter MUST be supported.
Since the server does not report the "also‑supported" parameter
as described in section 4.3 of , it is possible that some
values for the "with‑defaults" parameter will not be supported.
If the server does not support the requested value of the "with‑defaults"
parameter, the server MUST return a response with a
"400 Bad Request" status-line.
The error-tag value "invalid‑value" is used in this case.
The RESTCONF protocol uses HTTP entities for messages.
A single HTTP message corresponds to a single protocol method.
Most messages can perform a single task on a single resource,
such as retrieving a resource or editing a resource.
The exception is the PATCH method, which allows multiple datastore
edits within a single message.
Resources are represented with URIs following the structure
for generic URIs in .
A RESTCONF operation is derived from the HTTP method
and the request URI, using the following conceptual fields:
method: the HTTP method identifying the RESTCONF operation
requested by the client, to act upon the target resource
specified in the request URI. RESTCONF operation details are
described in .
entry: the root of the RESTCONF API configured on this HTTP
server, discovered by getting the "/.well‑known/host‑meta"
resource, as described in .
resource: the path expression identifying the resource
that is being accessed by the RESTCONF operation.
If this field is not present, then the target resource
is the API itself, represented by the YANG data template
named "yang‑api", found in .
query: the set of parameters associated with the RESTCONF
message, as defined in section 3.4 of .
RESTCONF parameters have the familiar form of "name=value" pairs.
Most query parameters are optional to implement by the server
and optional to use by the client. Each optional query parameter is
identified by a URI. The server MUST list the
optional query parameter URIs it supports in the "capabilities"
list defined in .
There is a specific set of parameters defined,
although the server MAY choose to support query
parameters not defined in this document.
The contents of the any query parameter value MUST be encoded
according to , Section 3.4. Any reserved characters
MUST be percent-encoded, according to , section 2.1 and 2.5.
Note that the fragment component not used by the RESTCONF protocol.
The fragment is excluded from the target URI by a server, as described
in section 5.1 of .
When new resources are created by the client, a "Location" header field
is returned, which identifies the path of the newly created resource.
The client uses this exact path identifier to access
the resource once it has been created.
The "target" of a RESTCONF operation is a resource.
The "path" field in the request URI represents
the target resource for the RESTCONF operation.
Refer to for examples of RESTCONF Request URIs.
RESTCONF messages are encoded in HTTP according to .
The "utf‑8" character set is used for all messages.
RESTCONF message content is sent in the HTTP message-body.
Content is encoded in either JSON or XML format.
A server MUST support one of either XML or JSON encoding.
A server MAY support both XML and JSON encoding.
XML encoding rules for data nodes are defined in .
The same encoding rules are used for all XML content.
JSON encoding rules are defined in .
Additional JSON encoding rules for metadata are defined
in .
This encoding is valid JSON, but also has
special encoding rules to identify module namespaces
and provide consistent type processing of YANG data.
Request input content encoding format is identified with the Content-Type
header field. This field MUST be present if a message-body is sent
by the client.
The server MUST support the "Accept" header field and "406 Not Acceptable"
status-line, as defined in .
The response output content encoding formats that the client
will accept are identified with the Accept
header field in the request. If it is not specified, the request
input encoding format SHOULD be used, or the server MAY choose
any supported content encoding format.
If there was no request input, then the default output encoding
is XML or JSON, depending on server preference.
File extensions encoded in the request are not used to identify
format encoding.
A client can determine if the RESTCONF server supports an
encoding format by sending a request using a specific format
in the Content-Type and/or Accept header field. If the server does not
support the requested input encoding for a request,
then it MUST return an error response with
a '415 Unsupported Media Type' status-line.
If the server does not
support any of the requested output encodings for a request,
then it MUST return an error response with
a '406 Not Acceptable' status-line.
The RESTCONF protocol needs support retrieval of the same metadata that is
used in the NETCONF protocol. Information about default leafs,
last-modified timestamps, etc. are commonly used to annotate
representations of the datastore contents.
With the XML encoding, the metadata is encoded as attributes in XML,
according to section 3.3 of .
With the JSON encoding, the metadata is encoded as specified in
.
The following examples are based on the example in .
The "report‑all‑tagged" mode for the "with‑defaults" query parameter
requires that a "default" attribute be returned for default nodes.
This example shows that attribute for the "mtu" leaf .
The server might respond as follows.
Note that RFC 6243 defines the "default" attribute with XSD, not YANG,
so the YANG module name has to be assigned instead of derived
from the YANG module.
The value "ietf‑netconf‑with‑defaults" is assigned for JSON metadata
encoding.
The server might respond as follows.
Each message represents some sort of resource access.
An HTTP "status‑line" header field is returned for each request.
If a "4xx" range status code is returned in the status-line,
then the error information SHOULD be returned in the response,
according to the format defined in .
If a "5xx" range status code is returned in the status-line,
then the error information MAY be returned in the response,
according to the format defined in .
If a 1xx, 2xx, or 3xx range status code is returned in the status-line,
then error information MUST NOT be returned in the response,
since these ranges do not represent error conditions.
Since the datastore contents change at unpredictable times,
responses from a RESTCONF server generally SHOULD NOT be cached.
The server SHOULD include a "Cache‑Control" header field in every response
that specifies whether the response should be cached.
Instead of relying on HTTP caching, the client SHOULD track the "ETag"
and/or "Last‑Modified" header fields returned by the server for the
datastore resource (or data resource if the server supports it).
A retrieval request for a resource can include
the "If‑None‑Match" and/or "If‑Modified‑Since" header fields, which
will cause the server to return a "304 Not Modified" status-line
if the resource has not changed.
The client MAY use the HEAD method to retrieve just
the message header fields, which SHOULD include the "ETag"
and "Last‑Modified" header fields, if this metadata is maintained
for the target resource.
Note that the way that access control is applied to data resources
the values in the Last-Modified and ETag headers maintained
for a data resource may not be reliable, as described in .
The RESTCONF protocol supports YANG-defined event notifications. The
solution preserves aspects of NETCONF Event Notifications
while utilizing the Server-Sent Events
transport strategy.
A RESTCONF server MAY support RESTCONF notifications.
Clients may determine if a server supports RESTCONF notifications by
using the HTTP method OPTIONS, HEAD, or GET on the stream list.
The server does not support RESTCONF notifications if an HTTP error
code is returned (e.g., "404 Not Found" status-line).
A RESTCONF server that supports notifications will populate a
stream resource for each notification delivery service access point.
A RESTCONF client can retrieve the list of supported event streams from
a RESTCONF server using the GET method on the stream list.
The "restconf‑state/streams" container definition in
the "ietf‑restconf‑monitoring" module
(defined in ) is used to specify the structure and syntax
of the conceptual child resources within the "streams" resource.
For example:
The client might send the following request:
The server might send the following response:
RESTCONF clients can determine the URL for the subscription resource
(to receive notifications) by sending an
HTTP GET request for the "location" leaf with the stream list
entry. The value returned by the server can be used for the actual
notification subscription.
The client will send an HTTP GET request for the URL returned
by the server with the "Accept" type "text/event‑stream".
The server will treat the connection as an event stream, using the
Server Sent Events transport strategy.
The server MAY support query parameters for a GET method on this
resource. These parameters are specific to each event stream.
For example:
The client might send the following request:
The server might send the following response:
The RESTCONF client can then use this URL value to start
monitoring the event stream:
A RESTCONF client MAY request that the server compress the events using
the HTTP header field "Accept‑Encoding". For instance:
The server SHOULD support the "NETCONF" event stream
defined in section 3.2.3 of . For this stream,
The server MAY support the "start‑time", "stop‑time",
and "filter" query parameters, defined in .
Refer to for filter parameter examples.
RESTCONF notifications are encoded according to the
definition of the event stream. The NETCONF stream
defined in is encoded in XML format.
The structure of the event data is based on the "notification"
element definition in Section 4 of .
It MUST conform to the schema for the "notification" element
in Section 4 of , except the XML namespace for
the event data element is defined as:
For JSON encoding purposes, the module name for
the "notification" element is "ietf‑restconf".
Two child nodes within the "notification" container
are expected, representing the event time and
the event payload. The "event‑time" node is
defined within the "ietf‑restconf" module namespace.
The name and namespace of the payload element are determined
by the YANG module containing the notification-stmt.
In the following example, the YANG module "example‑mod"
is used:
An example SSE event notification encoded using XML:
An example SSE event notification encoded using JSON:
Alternatively, since neither XML nor JSON are whitespace sensitive,
the above messages can be encoded onto a single line. For example:
For example:
The SSE specifications supports the following additional fields:
event, id and retry. A RESTCONF server MAY send the "retry" field
and, if it does, RESTCONF clients SHOULD use it.
A RESTCONF server SHOULD NOT send the "event" or "id" fields,
as there are no meaningful values that could be used for them
that would not be redundant to the contents of the notification itself.
RESTCONF servers that do not send the "id" field also do not need
to support the HTTP header field "Last‑Event‑Id". RESTCONF servers that
do send the "id" field SHOULD support the "start‑time" query
parameter as the preferred means for a client to specify where to
restart the event stream.
HTTP status codes are used to report success or failure
for RESTCONF operations.
The error information that NETCONF error responses contain in the
<rpc‑error> element is adapted for use in RESTCONF, and an <errors>
data tree information is returned for "4xx" and "5xx" class of
status codes.
Since an operation resource is defined with a YANG "rpc"
statement, and an action is defined with a YANG "action" statement,
a mapping from the NETCONF <error‑tag> value
to the HTTP status code is needed. The specific error-tag
and response code to use are data-model-specific
and might be contained in the YANG "description" statement
for the "action" or "rpc" statement.
error-tagstatus codein-use409invalid-value400, 404 or 406(request) too-big413(response) too-big400missing-attribute400bad-attribute400unknown-attribute400bad-element400unknown-element400unknown-namespace400access-denied401, 403lock-denied409resource-denied409rollback-failed500data-exists409data-missing409operation-not-supported405 or 501operation-failed412 or 500partial-operation500malformed-message400
When an error occurs for a request message on any resource
type, and the status code that will be returned is in the "4xx" range
(except for status code "403 Forbidden"),
then the server SHOULD send a response message-body containing
the information described by the "yang‑errors" YANG data template
within the "ietf‑restconf" module, found in .
The Content-Type of this response message MUST be
"application/yang‑data", plus optionally a structured syntax name
suffix.
The client SHOULD specify the desired encoding(s) for response
messages by specifying the appropriate media-type(s) in the Accept
header. If the client did not specify an Accept header,
then the same structured syntax name suffix
used in the request message SHOULD be used, or the server MAY choose
any supported message encoding format. If there is no request message
the server MUST select "application/yang‑data‑xml"
or "application/yang‑data+json", depending on server preference.
All of the examples
in this document, except for the one below, assume
that XML encoding will be returned if there is an error.
YANG Tree Diagram for <errors> data:
The semantics and syntax for RESTCONF error messages are
defined with the "yang‑errors" YANG data template
extension, found in .
Examples:
The following example shows an error returned for
an "lock‑denied" error that can occur if a NETCONF
client has locked a datastore. The RESTCONF client
is attempting to delete a data resource. Note that
an Accept header field is used to specify the desired
encoding for the error message. There would be no response
message-body content if this operation was successful.
The server might respond:
The following example shows an error returned for
a "data‑exists" error on a data resource.
The "jukebox" resource already exists so it cannot be created.
The client might send:
The server might respond:
The "ietf‑restconf" module defines conceptual definitions
within an extension and two groupings, which are
not meant to be implemented as datastore contents by a server.
E.g., the "restconf" container is not intended to be implemented
as a top-level data node (under the "/restconf/data" URI).
Note that the "ietf‑restconf" module does not have any
protocol-accessible objects, so no YANG tree diagram is shown.
RFC Ed.: update the date below with the date of RFC publication and
remove this note.
<CODE BEGINS> file "ietf-restconf@2016-08-15.yang"<CODE ENDS>
The "ietf‑restconf‑monitoring" module provides information about
the RESTCONF protocol capabilities and event streams
available from the server.
A RESTCONF server MUST implement the "ietf‑restconf‑monitoring" module.
YANG tree diagram for "ietf‑restconf‑monitoring" module:
This mandatory container holds the RESTCONF
protocol capability URIs supported by the server.
The server MAY maintain a last-modified timestamp for this
container, and return the "Last‑Modified" header field when this
data node is retrieved with the GET or HEAD methods.
Note that the last-modified timestamp for the datastore resource is not
affected by changes to this subtree.
The server SHOULD maintain an entity-tag for this
container, and return the "ETag" header field when this
data node is retrieved with the GET or HEAD methods.
Note that the entity-tag for the datastore resource is not
affected by changes to this subtree.
The server MUST include a "capability" URI leaf-list entry for
the "defaults" mode used by the server, defined in .
The server MUST include a "capability" URI leaf-list entry identifying
each supported optional protocol feature. This includes optional
query parameters and MAY include other capability URIs defined
outside this document.
A new set of RESTCONF Capability URIs are defined to identify the specific
query parameters (defined in )
supported by the server.
The server MUST include a "capability" leaf-list entry for each
optional query parameter that it supports.
NameSectionURIdepthurn:ietf:params:restconf:capability:depth:1.0fieldsurn:ietf:params:restconf:capability:fields:1.0filterurn:ietf:params:restconf:capability:filter:1.0replayurn:ietf:params:restconf:capability:replay:1.0with-defaultsurn:ietf:params:restconf:capability:with-defaults:1.0
This URI identifies the "basic‑mode" defaults handling mode that is used by the
server for processing default leafs in requests for data resources.
This protocol capability URI MUST be supported by the server, and
MUST be listed in the "capability" leaf-list in .
NameURIdefaultsurn:ietf:params:restconf:capability:defaults:1.0
The URI MUST contain a query parameter named "basic‑mode"
with one of the values listed below:
ValueDescriptionreport-allNo data nodes are considered defaulttrimValues set to the YANG default-stmt value are defaultexplicitValues set by the client are never considered default
The "basic‑mode" definitions are specified in the "With-Defaults
Capability for NETCONF" .
If the "basic‑mode" is set to "report‑all" then the server MUST
adhere to the defaults handling behavior defined in
Section 2.1 of .
If the "basic‑mode" is set to "trim" then the server MUST
adhere to the defaults handling behavior defined in
Section 2.2 of .
If the "basic‑mode" is set to "explicit" then the server MUST
adhere to the defaults handling behavior defined in
Section 2.3 of .
Example: (split for display purposes only)
This optional container provides access to the
event streams supported by the server.
The server MAY omit this container if no
event streams are supported.
The server will populate this container with a stream list entry for
each stream type it supports. Each stream contains a leaf
called "events" which contains a URI that
represents an event stream resource.
Stream resources are defined in .
Notifications are defined in .
The "ietf‑restconf‑monitoring" module defines monitoring
information for the RESTCONF protocol.
The "ietf‑yang‑types" and "ietf‑inet‑types" modules from
are used by this module for some type definitions.
RFC Ed.: update the date below with the date of RFC publication and
remove this note.
<CODE BEGINS> file "ietf-restconf-monitoring@2016-08-15.yang"<CODE ENDS>
The "ietf‑yang‑library" module defined in
provides information about
the YANG modules and submodules used by the RESTCONF server.
Implementation is mandatory for RESTCONF servers.
All YANG modules and submodules used by the server MUST
be identified in the YANG module library.
This mandatory list contains one entry
for each YANG data model module supported by the server.
There MUST be an instance of this list for every
YANG module that is used by the server.
The contents of this list are defined in
the "module" YANG list statement in .
Note that there are no protocol accessible objects in the "ietf‑restconf"
module to implement, but it is possible that a server will
list the "ietf‑restconf" module in the YANG library
if it is imported (directly or indirectly) by an implemented module.
This specification registers the "restconf" relation type in the Link
Relation Type Registry defined by :
`
This document registers two URIs as namespaces in the IETF XML registry
. Following the format in RFC 3688, the following
registration is requested:
This document registers two YANG modules in the YANG Module Names
registry :
This document defines a registry for RESTCONF capability identifiers.
The name of the registry is "RESTCONF Capability URNs".
The review policy for this registry is "IETF Review".
The registry shall record for each entry:
the name of the RESTCONF capability. By convention, this name begins
with the colon ':' character.
the URN for the RESTCONF capability.
This document registers several capability identifiers in
"RESTCONF Capability URNs" registry:
The "ietf‑restconf‑monitoring" YANG module defined in this memo
is designed to be accessed via the NETCONF protocol .
The lowest NETCONF layer is the secure transport layer,
and the mandatory-to-implement secure transport is Secure Shell
(SSH) . The NETCONF access control model
provides the means to restrict access for particular NETCONF users
to a pre-configured subset of all available NETCONF protocol
operations and content.
The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement
secure transport is TLS . The RESTCONF protocol uses the
NETCONF access control model , which provides the means to
restrict access for particular RESTCONF users to a preconfigured
subset of all available RESTCONF protocol operations and content.
This section provides security considerations for the resources
defined by the RESTCONF protocol. Security considerations for
HTTPS are defined in . RESTCONF does not specify
which YANG modules a server needs to support, except the
"ietf‑restconf‑monitoring" module.
Security considerations for the other
modules manipulated by RESTCONF can be found in the documents
defining those YANG modules.
This document does not require use of a specific client authentication
mechanism or authorization model, but it does require that a client
authentication mechanism and authorization model is used whenever a
client accesses a protected resource. Client authentication MUST be
implemented using client certificates or MUST be implemented using an
HTTP authentication scheme. Client authorization MAY be configured
using the NETCONF Access Control Model (NACM) .
Configuration information is by its very nature sensitive. Its
transmission in the clear and without integrity checking leaves
devices open to classic eavesdropping and false data injection
attacks. Configuration information often contains passwords, user
names, service descriptions, and topological information, all of
which are sensitive.
There are many patterns of attack that have been observed
through operational practice with existing management interfaces.
It would be wise for implementers to research them,
and take them into account when implementing this protocol.
Different environments may well allow different rights prior to and
then after authentication. When a RESTCONF operation is not properly authorized,
the RESTCONF server MUST return a "401 Unauthorized" status-line.
Note that authorization information can be exchanged in the form of
configuration information, which is all the more reason to ensure the
security of the connection. Note that it is possible for a client
to detect configuration changes in data resources it is not authorized
to access by monitoring changes in the ETag and Last-Modified
header fields returned by the server for the datastore resource.
A RESTCONF server implementation SHOULD attempt to prevent
system disruption due to excessive resource consumption
required to fulfill edit requests via the POST, PUT, and PATCH methods.
It may be possible to construct
an attack on such a RESTCONF server, which attempts to
consume all available memory or other resource types.
The authors would like to thank the following people for
their contributions to this document: Ladislav Lhotka,
Juergen Schoenwaelder, Rex Fernando, Robert Wilton,
and Jonathan Hansford.
The authors would like to thank the following people for
their excellent technical reviews of this document:
Mehmet Ersue, Mahesh Jethanandani, Qin Wu, Joe Clarke, Bert Wijnen,
Ladislav Lhotka, Rodney Cummings, Frank Xialiang, Tom Petch, Robert Sparks,
Balint Uveges, Randy Presuhn, Sue Hares, Mark Nottingham,
Benoit Claise, Dale Worley, and Lionel Morand.
Contributions to this material by Andy Bierman are based upon work
supported by the United States Army,
Space & Terrestrial Communications Directorate
(S&TCD) under Contract No. W15P7T-13-C-A616. Any opinions, findings
and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect the views of
The Space & Terrestrial Communications Directorate (S&TCD).
Multipurpose Internet Mail Extensions (MIME) Part Two: Media TypesInnosoft International, Inc.First Virtual HoldingsKey words for use in RFCs to Indicate Requirement LevelsHarvard UniversityIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.The Transport Layer Security (TLS) Protocol Version 1.2This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. [STANDARDS-TRACK]Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)Many application technologies enable secure communication between two entities by means of Internet Public Key Infrastructure Using X.509 (PKIX) certificates in the context of Transport Layer Security (TLS). This document specifies procedures for representing and verifying the identity of application services in such interactions. [STANDARDS-TRACK]Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and RoutingThe Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document provides an overview of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defines the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations.Hypertext Transfer Protocol (HTTP/1.1): Semantics and ContentThe Hypertext Transfer Protocol (HTTP) is a stateless \%application- level protocol for distributed, collaborative, hypertext information systems. This document defines the semantics of HTTP/1.1 messages, as expressed by request methods, request header fields, response status codes, and response header fields, along with the payload of messages (metadata and body content) and mechanisms for content negotiation.Hypertext Transfer Protocol (HTTP/1.1): Conditional RequestsThe Hypertext Transfer Protocol (HTTP) is a stateless application- level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP/1.1 conditional requests, including metadata header fields for indicating state changes, request header fields for making preconditions on such state, and rules for constructing the responses to a conditional request when one or more preconditions evaluate to false.Hypertext Transfer Protocol (HTTP/1.1): AuthenticationThe Hypertext Transfer Protocol (HTTP) is a stateless application- level protocol for distributed, collaborative, hypermedia information systems. This document defines the HTTP Authentication framework.The IETF XML RegistryThis document describes an IANA maintained registry for IETF standards which use Extensible Markup Language (XML) related items such as Namespaces, Document Type Declarations (DTDs), Schemas, and Resource Description Framework (RDF) Schemas.Uniform Resource Identifier (URI): Generic SyntaxWorld Wide Web ConsortiumMassachusetts Institute of Technology77 Massachusetts AvenueCambridgeMA02139USA+1-617-253-5702+1-617-258-5999timbl@w3.orghttp://www.w3.org/People/Berners-Lee/Day Software5251 California Ave., Suite 110IrvineCA92617USA+1-949-679-2960+1-949-679-2972fielding@gbiv.comhttp://roy.gbiv.com/Adobe Systems Incorporated345 Park AveSan JoseCA95110USA+1-408-536-3024LMM@acm.orghttp://larry.masinter.net/
Applications
uniform resource identifierURIURLURNWWWresource
A Uniform Resource Identifier (URI) is a compact sequence of characters
that identifies an abstract or physical resource. This specification
defines the generic URI syntax and a process for resolving URI references
that might be in relative form, along with guidelines and security
considerations for the use of URIs on the Internet.
The URI syntax defines a grammar that is a superset of all valid URIs,
allowing an implementation to parse the common components of a URI
reference without knowing the scheme-specific requirements of every
possible identifier. This specification does not define a generative
grammar for URIs; that task is performed by the individual
specifications of each URI scheme.
NETCONF Event NotificationsNortelCiscoYANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications. [STANDARDS TRACK]Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) ProfileNISTMicrosoftTrinity College DublinEntrustVigil SecurityNISTThis memo profiles the X.509 v3 certificate and X.509 v2 certificate
revocation list (CRL) for use in the Internet. An overview of this
approach and model is provided as an introduction. The X.509 v3
certificate format is described in detail, with additional
information regarding the format and semantics of Internet name
forms. Standard certificate extensions are described and two
Internet-specific extensions are defined. A set of required
certificate extensions is specified. The X.509 v2 CRL format is
described in detail along with standard and Internet-specific
extensions. An algorithm for X.509 certification path validation is
described. An ASN.1 module and examples are provided in the
appendices.PATCH Method for HTTPSeveral applications extending the Hypertext Transfer Protocol (HTTP) require a feature to do partial resource modification. The existing HTTP PUT method only allows a complete replacement of a document. This proposal adds a new HTTP method, PATCH, to modify an existing HTTP resource. [STANDARDS-TRACK]Web LinkingYANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)YANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications. [STANDARDS TRACK]The YANG 1.1 Data Modeling LanguageYANG is a data modeling language used to model configuration data, state data, remote procedure calls, and notifications for network management protocols like the Network Configuration Protocol (NETCONF).Network Configuration Protocol (NETCONF)Using the NETCONF Protocol over Secure Shell (SSH)
This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. This document obsoletes RFC 4742. [STANDARDS-TRACK]
With-defaults Capability for NETCONFThe Network Configuration Protocol (NETCONF) defines ways to read and edit configuration data from a NETCONF server. In some cases, part of this data may not be set by the NETCONF client, but rather a default value known to the server is used instead. In many situations the NETCONF client has a priori knowledge about default data, so the NETCONF server does not need to save it in a NETCONF configuration datastore or send it to the client in a retrieval operation reply. In other situations the NETCONF client will need this data from the server. Not all server implementations treat this default data the same way. This document defines a capability-based extension to the NETCONF protocol that allows the NETCONF client to identify how defaults are processed by the server, and also defines new mechanisms for client control of server processing of default data. [STANDARDS-TRACK]Network Configuration Protocol (NETCONF) Access Control ModelThe standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF protocol access for particular users to a pre-configured subset of all available NETCONF protocol operations and content. This document defines such an access control model. [STANDARDS-TRACK]URI TemplateGoogleAdobeMITRERackspaceSalesforce.comJSON Encoding of Data Modeled with YANGCZ.NICDefining and Using Metadata with YANGCZ.NICWeb Host MetadataCommon YANG Data TypesThis document introduces a collection of common data types to be used with the YANG data modeling language. This document obsoletes RFC 6021.Server-Sent EventsExtensible Markup Language (XML) 1.0 (Fifth Edition)
The JavaScript Object Notation (JSON) Data Interchange Format
JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data.
This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.
URI Design and Ownership
Section 1.1.1 of RFC 3986 defines URI syntax as "a federated and extensible naming system wherein each scheme's specification may further restrict the syntax and semantics of identifiers using that scheme." In other words, the structure of a URI is defined by its scheme. While it is common for schemes to further delegate their substructure to the URI's owner, publishing independent standards that mandate particular forms of URI substructure is inappropriate, because that essentially usurps ownership. This document further describes this problematic practice and provides some acceptable alternatives for use in standards.
Hypertext Transfer Protocol Version 2 (HTTP/2)
This specification describes an optimized expression of the semantics of the Hypertext Transfer Protocol (HTTP), referred to as HTTP version 2 (HTTP/2). HTTP/2 enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. It also introduces unsolicited push of representations from servers to clients.
This specification is an alternative to, but does not obsolete, the HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged.
Using the NETCONF Protocol over Transport Layer Security (TLS) with Mutual X.509 AuthenticationThe Network Configuration Protocol (NETCONF) provides mechanisms to install, manipulate, and delete the configuration of network devices. This document describes how to use the Transport Layer Security (TLS) protocol with mutual X.509 authentication to secure the exchange of NETCONF messages. This revision of RFC 5539 documents the new message framing used by NETCONF 1.1 and it obsoletes RFC 5539.YANG Module LibraryXML Path Language (XPath) Version 1.0Architectural Styles and
the Design of Network-based Software ArchitecturesUniversity of California, IrvineYANG Patch Media Type
The RESTCONF issue tracker can be found here:
https://github.com/netconf-wg/restconf/issues
changed media type application/yang-data to application/yang-data-xml
changed header to header field
added linewrap convention in terminology and applied in many examples
clarified DELETE for leaf-list and list
clarified URI format for lists without keys or duplicate leaf-lists
added 'yang-data extension' term and clarified 'YANG data template' term
clarified that the fragment component is not part
of the request URI, per HTTP
clarified request URI "api‑path" syntax
clarified many examples
added text for HTTP/2 usage
changed media type definitions per review comments
added some clarifications and typos
added error-tag mapping for 406 and 412 errors
added clarifications based on ops-dir review by Lionel Morand
clarified PUT and POST differences for creating a data resource
clarify PUT for a datastore resource
added clarifications from Gen-Art review by Robert Sparks
clarified terminology in many places
This release addresses github issues #61, #62, #63, #65, #66, and #67.
change term 'server' to 'NETCONF server'
add term 'RESTCONF server' also called 'server'
change term 'client' to 'NETCONF client'
add term 'RESTCONF client' also called 'client'
remove unused YANG terms
clarified operation resource and schema resource terms
clarified abstract and intro: RESTCONF uses NETCONF datastore concepts
removed term 'protocol operation'; use 'RPC operation' instead
clarified edit operation from NETCONF as nc:operation
clarified retrieval of an operation resource
remove ETag and Last-Modified requirements for /modules-state
and /modules-state/module objects, since these are not configuration data nodes
clarified Last-Modified and ETag requirements for datastore and data resources
clarified defaults retrieval for leaf and leaf-list target resources
clarified request message-body for operation resources
clarified query parameters for GET also allowed for HEAD
clarified error handling for query parameters
clarified XPath function library for "filter" parameter
added example for 'edit a data resource'
added term 'notification replay' from RFC 5277
clarified unsupported encoding format error handling
change term 'meta‑data' to 'metadata'
clarified RESTCONF metadata definition
clarified error info not returned for 1xx, 2xx, and 3xx ranges
clarified operations description in ietf-restconf module
clarified Acknowledgements section
clarified some examples
update some references
update RFC 2119 boilerplate
remove requirements that simply restate HTTP requirements
remove Pragma: no-cache from examples since RFC 7234 says
this pragma is not defined for responses
remove suggestion MAY send Pragma: no-cache in response
remove table of HTTP status codes used in RESTCONF
changed media type names so they conform to RFC 6838
clarified too-big error-tag conversion
update SSE reference
clarify leaf-list identifier encoding
removed all media types except yang-data
changed restconf-media-type extension to be more generic yang-data extension
fix YANG library module examples (now called module-state)
fix terminology idnit issue
removed RFC 2818 reference (changed citation to RFC 7230)
clarify query parameter requirements
move filter query section to match table order in sec. 4.8
clarify that depth default is entire subtree for datastore resource
change ietf-restconf to YANG 1.1 to use anydata instead of anyxml
made implementation of timestamps optional since ETags are mandatory
removed confusing text about data resource definition revision date
clarify that errors should be returned for any resource type
clarified media subtype (not type) for error response
clarified client SHOULD (not MAY) specify errors format in Accept header
clarified terminology in many sections
change term 'operational data' to 'state data'
clarify :startup behavior
clarify X.509 security text
change '403 Forbidden' to '401 Unauthorized' for GET error
clarify MUST have one "restconf" link relation
clarify that NV-storage is not mandatory
clarify how "Last‑Modified" and "ETag" header info can be used by a client
clarify meaning of mandatory parameter
fix module name in action examples
clarify operation resource request needs to be known to parse the output
clarify ordered-by user terminology
fixed JSON example in D.1.1
address review comments: github issue #36
removed intro text about no knowledge of NETCONF needed
clarified candidate and confirmed-commit behavior in sec. 1.3
clarified that a RESTCONF server MUST support TLS
clarified choice of 403 or 404 error
fixed forward references to URI template (w/reference at first use)
added reference to HTML5
made error terminology more consistent
clarified that only 1 list or leaf-list instance can be returned
in an XML response message-body
clarified that more than 1 instance must not be created by
a POST method
clarified that PUT cannot be used to change a leaf-list value
or any list key values
clarified that PATCH cannot be used to change a leaf-list value
or any list key values
clarified that DELETE should not be used to delete more than one instance
of a leaf-list or list
update JSON RFC reference
specified that leaf-list instances are data resources
specified how a leaf-list instance identifier is constructed
fixed get-schema example
clarified that if no Accept header the server SHOULD return
the type specified in RESTCONF, but MAY return any media-type,
according to HTTP rules
clarified that server SHOULD maintain timestamp and etag for data resources
clarified default for content query parameter
moved terminology section earlier in doc to avoid forward usage
clarified intro text wrt/ interactions with NETCONF and access
to specific datastores
clarified server implementation requirements for YANG defaults
clarified that Errors is not a resource, just a media type
clarified that HTTP without TLS MUST NOT be used
add RESTCONF Extensibility section to make it clear how
RESTCONF will be extended in the future
add text warning that NACM does not work with HTTP caching
remove sec. 5.2 Message Headers
remove 202 Accepted from list of used status-lines -- not allowed
made implementation of OPTIONS MUST instead of SHOULD
clarified that successful PUT for altering data returns 204
fixed "point" parameter example
added example of alternate value for root resource discovery
added YANG action examples
fixed some JSON examples
changed default value for content query parameter to "all"
changed empty container JSON encoding from "[null]" to "{}"
added mandatory /restconf/yang-library-version leaf to
advertise revision-date of the YANG library implemented by the server
clarified URI encoding rules for leaf-list
clarified sec. 2.2 wrt/ certificates and TLS
added update procedure for entity tag and timestamp
fix introduction text regarding implementation requirements
for the ietf-yang-library
clarified HTTP authentication requirements
fix host-meta example
changed list key encoding to clarify that quoted strings are not allowed.
Percent-encoded values are used if quotes would be required. A missing
key is treated as a zero-length string
Fixed example of percent-encoded string to match YANG model
Changed streams examples to align with naming already used
add support for YANG 1.1 action statement
changed mandatory encoding from XML to XML or JSON
fix syntax in fields parameter definition
add meta-data encoding examples for XML and JSON
remove RFC 2396 references and update with 3986
change encoding of a key so quoted string are not used, since
they are already percent-encoded. A zero-length string is
not encoded (/list=foo,,baz)
Add example of percent-encoded key value
fixed all issues identified in email from Jernej Tuljak
in netconf email 2015-06-22
fixed error example bug where error-urlpath was still used.
Changed to error-path.
added mention of YANG Patch and informative reference
added support for YANG 1.1, specifically support for anydata and
actions
removed the special field value "*", since it is no longer needed
fixed RESTCONF issue #23 (ietf-restconf-monitoring bug)
changed term 'notification event' to 'event notification'
removed intro text about framework and meta-model
removed early mention of API resources
removed term unified datastore and cleaned up text about NETCONF datastores
removed text about not immediate persistence of edits
removed RESTCONF-specific data-resource-identifier typedef and its usage
clarified encoding of key leafs
changed several examples from JSON to XML encoding
made 'insert' and 'point' query parameters mandatory to implement
removed ":insert" capability URI
renamed stream/encoding to stream/access
renamed stream/encoding/type to stream/access/encoding
renamed stream/encoding/events to stream/access/location
changed XPath from informative to normative reference
changed rest-dissertation from normative to informative reference
changed example-jukebox playlist 'id' from a data-resource-identifier
to a leafref pointing at the song name
renamed 'select' to 'fields' (#1)
moved collection resource and page capability
to draft-ietf-netconf-restconf-collection-00 (#3)
added mandatory "defaults" protocol capability URI (#4)
added optional "with‑defaults" query parameter URI (#4)
clarified authentication procedure (#9)
moved ietf-yang-library module to draft-ietf-netconf-yang-library-00 (#13)
clarified that JSON encoding of module name in a URI
MUST follow the netmod-yang-json encoding rules (#14)
added restconf-media-type extension (#15)
remove "content" query parameter URI and made this
parameter mandatory (#16)
clarified datastore usage
changed lock-denied error example
added with-defaults query parameter example
added term "RESTCONF Capability"
changed NETCONF Capability URI registry usage to new
RESTCONF Capability URI Registry usage
added collection resource
added "page" query parameter capability
added "limit" and "offset" query parameters, which are available if
the "page" capability is supported
added "stream list" term
fixed bugs in some examples
added "encoding" list within the "stream" list to allow
different <events> URLs for XML and JSON encoding.
made XML MUST implement and JSON MAY implement for servers
re-add JSON notification examples (previously removed)
updated JSON references
moved query parameter definitions from the YANG module
back to the plain text sections
made all query parameters optional to implement
defined query parameter capability URI
moved 'streams' to new YANG module (ietf-restconf-monitoring)
added 'capabilities' container to new YANG module (ietf-restconf-monitoring)
moved 'modules' container to new YANG module (ietf-yang-library)
added new leaf 'module‑set‑id' (ietf-yang-library)
added new leaf 'conformance' (ietf-yang-library)
changed 'schema' leaf to type inet:uri that returns the location
of the YANG schema (instead of returning the schema directly)
changed 'events' leaf to type inet:uri that returns the location
of the event stream resource (instead of returning events directly)
changed examples for yang.api resource since the monitoring information
is no longer in this resource
closed issue #1 'select parameter' since no objections to the proposed
syntax
closed "encoding of list keys" issue since no objection to new encoding
of list keys in a target resource URI.
moved open issues list to the issue tracker on github
fixed content=nonconfig example (non-config was incorrect)
closed open issue 'message‑id'. There is no need for a message-id
field, and RFC 2392 does not apply.
closed open issue 'server support verification'. The headers used
by RESTCONF are widely supported.
removed encoding rules from section on RESTCONF Meta-Data. This is now
defined in "I‑D.lhotka‑netmod‑yang‑json".
added media type application/yang.errors to map to errors YANG grouping.
Updated error examples to use new media type.
closed open issue 'additional datastores'. Support may be added in the
future to identify new datastores.
closed open issue 'PATCH media type discovery'. The section
on PATCH has an added sentence on the Accept-Patch header.
closed open issue 'YANG to resource mapping'. Current mapping
of all data nodes to resources will be used in order to allow
mandatory DELETE support. The PATCH operation is optional,
as well as the YANG Patch media type.
closed open issue '_self links for HATEOAS support'. It was decided
that they are redundant because they can be derived from the YANG module
for the specific data.
added explanatory text for the 'select' parameter.
added RESTCONF Path Resolution section for discovering the
root of the RESTCONF API using the /.well-known/host-meta.
added an "error" media type to for structured error messages
added Secure Transport section requiring TLS
added Security Considerations section
removed all references to "REST‑like"
updated open issues section
The RESTCONF issues are tracked on github.com:
https://github.com/netconf-wg/restconf/issues
The example YANG module used in this document represents
a simple media jukebox interface.
YANG Tree Diagram for "example‑jukebox" Module
The examples within this document use the normative
YANG module "ietf‑restconf" defined in and the non-normative
example YANG module "example‑jukebox" defined in .
This section shows some typical RESTCONF message exchanges.
The client starts by retrieving the RESTCONF root resource:
The server might respond:
The client may then retrieve the top-level
API resource, using the root resource "/restconf".
The server might respond as follows:
[RFC Editor Note: Adjust the date (2016-04-09)
for ietf-yang-library below to the
date in the published ietf-yang-library YANG module, and remove this
note.]
To request that the response content to be encoded in XML,
the "Accept" header can be used, as in this example request:
The server will return the same conceptual data either way,
which might be as follows :
[RFC Editor Note: Adjust the date for ietf-yang-library below to the
date in the published ietf-yang-library YANG module, and remove this
note.]
It is possible the YANG library module will change over time.
The client can retrieve the revision date of the ietf-yang-library
supported by the server from the API resource, as described in the
previous section.
In this example the client is retrieving the modules information
from the server in JSON format:
The server might respond as follows:
[RFC Editor Note: Adjust the date for ietf-yang-library below to the
date in the published ietf-yang-library YANG module, and remove this
note.]
In this example the client is retrieving the capability information
from the server in XML format, and the server supports all
the RESTCONF query parameters, plus one vendor parameter:
The server might respond as follows:
To create a new "artist" resource within the "library"
resource, the client might send the following request.
If the resource is created, the server might respond as follows:
To create a new "album" resource for this artist within the "jukebox"
resource, the client might send the following request:
If the resource is created, the server might respond as follows:
In this example, the server just supports the
datastore last-changed timestamp.
After the previous request, the client has cached the "Last‑Modified"
header and the Location header from the response
to provide in the following request to patch an "album" list entry
with key value "Wasting Light". Only the "genre" field is being
updated.
In this example the datastore resource has changed
since the time specified in the "If‑Unmodified‑Since"
header. The server might respond:
In this example, assume there is a top-level data resource
named "system" from the example-system module,
and this container has a child leaf
called "enable‑jukebox‑streaming":
In this example PATCH is used by the client
to modify 2 top-level resources at
once, in order to enable jukebox streaming
and add an "album" sub-resource to eachof 2 "artist" resources:
In this example, the client modifies one data node by
adding an "album" sub-resource by sending a PATCH for the data resource:
The "content" parameter is used to select the type of
data child resources (configuration and/or not configuration)
that are returned by the server for a GET method request.
In this example, a simple YANG list that has configuration
and non-configuration child resources.
Example 1: content=all
To retrieve all the child resources, the "content" parameter
is set to "all", or omitted, since this is the default value.
The client might send:
The server might respond:
Example 2: content=config
To retrieve only the configuration child resources,
the "content" parameter is set to "config".
Note that the "ETag" and "Last‑Modified" headers are only returned if
the content parameter value is "config".
The server might respond:
Example 3: content=nonconfig
To retrieve only the non-configuration child resources,
the "content" parameter is set to "nonconfig". Note
that configuration ancestors (if any) and list key leafs
(if any) are also returned. The client might send:
The server might respond:
The "depth" parameter is used to limit the number of levels
of child resources that are returned by the server for
a GET method request.
The depth parameter starts counting levels at the
level of the target resource that is specified,
so that a depth level of "1" includes just the target resource
level itself. A depth level of "2" includes the target resource
level and its child nodes.
This example shows how different values of the "depth"
parameter would affect the reply content for
retrieval of the top-level "jukebox" data resource.
Example 1: depth=unbounded
To retrieve all the child resources, the "depth" parameter
is not present or set to the default value "unbounded".
The server might respond:
Example 2: depth=1
To determine if 1 or more resource instances exist for
a given target resource, the value one is used.
The server might respond:
Example 3: depth=3
To limit the depth level to the target resource plus 2 child resource layers
the value "3" is used.
The server might respond:
In this example the client is retrieving the datastore resource
in JSON format, but retrieving only the "modules‑state/module" list, and
only the "name" and "revision" nodes
from each list entry. Note that top node returned
by the server matches the target resource node (which is "data"
in this example). The "module‑set‑id" leaf is not returned because it
is not selected in the fields expression.
The server might respond as follows.
[RFC Editor Note: Adjust the date for ietf-yang-library below to the
date in the published ietf-yang-library YANG module, and remove this
note.]
[RFC Editor Note: Adjust the date for ietf-restconf-monitoring below to the
date in the published ietf-restconf-monitoring YANG module, and remove this
note.]
In this example, a new first song entry in the "Foo‑One" playlist
is being created.
Request from client:
Response from server.
In this example, the client is inserting a new "song"
resource within an "album" resource after another song.
Request from client:
Response from server:
The following URIs show some examples of notification filter
specifications:
The following URI shows an example of the "start‑time" query parameter:
The following URI shows an example of the "stop‑time" query parameter:
Assume the server implements the module "example" defined in
Appendix A.1 of . Assume the server's datastore is as
defined in Appendix A.2 of .
If the server defaults-uri basic-mode is "trim", the the
following request for interface "eth1" might be as follows:
Without query parameter:
The server might respond as follows.
Note that the "mtu" leaf is missing because it is set to
the default "1500", and the server defaults handling
basic-mode is "trim".
With query parameter:
The server might respond as follows.
Note that the server returns the "mtu" leaf because the "report‑all"
mode was requested with the "with‑defaults" query parameter.