netconfcentral logo

ietf-restconf-server

HTML

ietf-restconf-server@2017-10-30



  module ietf-restconf-server {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-restconf-server";

    prefix rcs;

    import ietf-inet-types {
      prefix inet;
      reference
        "RFC 6991: Common YANG Data Types";


    }
    import ietf-x509-cert-to-name {
      prefix x509c2n;
      reference
        "RFC 7407: A YANG Data Model for SNMP Configuration";


    }
    import ietf-tls-server {
      prefix ts;
      revision-date "2017-10-30";
      reference
        "RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers";


    }

    organization
      "IETF NETCONF (Network Configuration) Working Group";

    contact
      "WG Web:   <http://tools.ietf.org/wg/netconf/>
    WG List:  <mailto:netconf@ietf.org>

    Author:   Kent Watsen
              <mailto:kwatsen@juniper.net>

    Author:   Gary Wu
              <mailto:garywu@cisco.com>

    Author:   Juergen Schoenwaelder
              <mailto:j.schoenwaelder@jacobs-university.de>";

    description
      "This module contains a collection of YANG definitions for
    configuring RESTCONF servers.

    Copyright (c) 2017 IETF Trust and the persons identified as
    authors of the code. All rights reserved.

    Redistribution and use in source and binary forms, with or
    without modification, is permitted pursuant to, and subject
    to the license terms contained in, the Simplified BSD
    License set forth in Section 4.c of the IETF Trust's
    Legal Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info).

    This version of this YANG module is part of RFC XXXX; see
    the RFC itself for full legal notices.";

    revision "2017-10-30" {
      description "Initial version";
      reference
        "RFC XXXX: RESTCONF Client and Server Models";

    }


    feature listen {
      description
        "The 'listen' feature indicates that the RESTCONF server
      supports opening a port to accept RESTCONF client connections
      using at least one transport (e.g., TLS, etc.).";
    }

    feature tls-listen {
      if-feature listen;
      description
        "The 'tls-listen' feature indicates that the RESTCONF server
      supports opening a port to listen for incoming RESTCONF
      client connections.  This feature exists as TLS might not
      be a mandatory-to-implement transport in the future.";
      reference
        "RFC 8040: RESTCONF Protocol";

    }

    feature call-home {
      description
        "The 'call-home' feature indicates that the RESTCONF server
      supports initiating RESTCONF call home connections to RESTCONF
      clients using at least one transport (e.g., TLS, etc.).";
      reference
        "RFC 8071: NETCONF Call Home and RESTCONF Call Home";

    }

    feature tls-call-home {
      if-feature call-home;
      description
        "The 'tls-call-home' feature indicates that the RESTCONF server
      supports initiating connections to RESTCONF clients.  This
      feature exists as TLS might not be a mandatory-to-implement
      transport in the future.";
      reference
        "RFC 8071: NETCONF Call Home and RESTCONF Call Home";

    }

    container restconf-server {
      description
        "Top-level container for RESTCONF server configuration.";
      uses restconf-server;
    }  // container restconf-server

    grouping restconf-server {
      description
        "Top-level grouping for RESTCONF server configuration.";
      container listen {
        if-feature listen;
        description
          "Configures listen behavior";
        list endpoint {
          key "name";
          description
            "List of endpoints to listen for RESTCONF connections.";
          leaf name {
            type string;
            description
              "An arbitrary name for the RESTCONF listen endpoint.";
          }

          choice transport {
            mandatory true;
            description
              "Selects between available transports. This is a 'choice'
             statement so as to support additional transport options
             to be augmented in.";
            case tls {
              if-feature tls-listen;
              container tls {
                description
                  "TLS-specific listening configuration for inbound
                 connections.";
                leaf address {
                  type inet:ip-address;
                  description
                    "The IP address to listen on for incoming connections.
                 The RESTCONF server will listen on all configured
                 interfaces if no value is specified.  INADDR_ANY
                 (0.0.0.0) or INADDR6_ANY (0:0:0:0:0:0:0:0 a.k.a. ::)
                 MUST be used when the server is to listen on all IPv4
                 or IPv6 addresses, respectively.";
                }

                leaf port {
                  type inet:port-number;
                  default '443';
                  description
                    "The local port number to listen on.  If no value is
                  specified, the IANA-assigned port value for 'https'
                  (443) is used.";
                }

                uses ts:tls-server-grouping {
                  refine 
                  augment client-auth {
                    description
                      "Augments in the cert-to-name structure,
                     so the RESTCONF server can map TLS-layer
                     client certificates to RESTCONF usernames.";
                    container cert-maps {
                      description
                        "The cert-maps container is used by a TLS-based
                      RESTCONF server to map the RESTCONF client's
                      presented X.509 certificate to a RESTCONF
                      username.  If no matching and valid
                      cert-to-name list entry can be found, then
                      the RESTCONF server MUST close the connection,
                      and MUST NOT accept RESTCONF messages over
                      it.";
                      reference
                        "RFC 7407: A YANG Data Model for SNMP
                        	  Configuration.";

                      uses x509c2n:cert-to-name;
                    }  // container cert-maps
                  }
                }
              }  // container tls
            }  // case tls
          }  // choice transport
        }  // list endpoint
      }  // container listen

      container call-home {
        if-feature call-home;
        description
          "Configures call-home behavior";
        list restconf-client {
          key "name";
          description
            "List of RESTCONF clients the RESTCONF server is to
           initiate call-home connections to in parallel.";
          leaf name {
            type string;
            description
              "An arbitrary name for the remote RESTCONF client.";
          }

          container endpoints {
            description
              "Container for the list of endpoints.";
            list endpoint {
              key "name";
              min-elements 1;
              ordered-by user;
              description
                "User-ordered list of endpoints for this RESTCONF
               client.  Defining more than one enables high-
               availability.";
              leaf name {
                type string;
                description
                  "An arbitrary name for this endpoint.";
              }

              choice transport {
                mandatory true;
                description
                  "Selects between available transports. This is a
                 'choice' statement so as to support additional
                 transport options to be augmented in.";
                case tls {
                  if-feature tls-call-home;
                  container tls {
                    description
                      "Specifies TLS-specific call-home transport
                     configuration.";
                    leaf address {
                      type inet:host;
                      mandatory true;
                      description
                        "The IP address or hostname of the endpoint.
                      If a domain name is configured, then the DNS
                      resolution should happen on each usage attempt.
                      If the DNS resolution results in multiple IP
                      addresses, the IP addresses will be tried
                      according to local preference order until a
                      connection has been established or until all
                      IP addresses have failed.";
                    }

                    leaf port {
                      type inet:port-number;
                      default '4336';
                      description
                        "The IP port for this endpoint.  The RESTCONF
                      server will use the IANA-assigned well-known
                      port for 'restconf-ch-tls' (4336) if no value
                      is specified.";
                    }

                    uses ts:tls-server-grouping {
                      refine 
                      augment client-auth {
                        description
                          "Augments in the cert-to-name structure,
                         so the RESTCONF server can map TLS-layer
                         client certificates to RESTCONF usernames.";
                        container cert-maps {
                          description
                            "The cert-maps container is used by a
                          TLS-based RESTCONF server to map the
                          RESTCONF client's presented X.509
                          certificate to a RESTCONF username. If
                          no matching and valid cert-to-name list
                          entry can be found, then the RESTCONF
                          server MUST close the connection, and
                          MUST NOT accept RESTCONF messages over
                          it.";
                          reference
                            "RFC 7407: A YANG Data Model for SNMP
                            Configuration.";

                          uses x509c2n:cert-to-name;
                        }  // container cert-maps
                      }
                    }
                  }  // container tls
                }  // case tls
              }  // choice transport
            }  // list endpoint
          }  // container endpoints

          container connection-type {
            description
              "Indicates the RESTCONF client's preference for how the
            RESTCONF server's connection is maintained.";
            choice connection-type {
              description
                "Selects between available connection types.";
              container persistent {
                presence 'true';
                description
                  "Maintain a persistent connection to the RESTCONF
                  client. If the connection goes down, immediately
                  start trying to reconnect to it, using the
                  reconnection strategy.

                  This connection type minimizes any RESTCONF client
                  to RESTCONF server data-transfer delay, albeit at
                  the expense of holding resources longer.";
                leaf idle-timeout {
                  type uint32;
                  units "seconds";
                  default '86400';
                  description
                    "Specifies the maximum number of seconds that the
                     underlying TLS session may remain idle. A TLS
                     session will be dropped if it is idle for an
                     interval longer than this number of seconds.
                     If set to zero, then the server will never drop
                     a session because it is idle.  Sessions that
                     have a notification subscription active are
                     never dropped.";
                }

                container keep-alives {
                  description
                    "Configures the keep-alive policy, to proactively
                     test the aliveness of the TLS client.  An
                     unresponsive TLS client will be dropped after
                     approximately (max-attempts * max-wait)
                     seconds.";
                  reference
                    "RFC 8071: NETCONF Call Home and RESTCONF Call
                    Home, Section 3.1, item S6";

                  leaf max-wait {
                    type uint16 {
                      range "1..max";
                    }
                    units "seconds";
                    default '30';
                    description
                      "Sets the amount of time in seconds after which
                      if no data has been received from the TLS
                      client, a TLS-level message will be sent to
                      test the aliveness of the TLS client.";
                  }

                  leaf max-attempts {
                    type uint8;
                    default '3';
                    description
                      "Sets the maximum number of sequential keep-alive
                      messages that can fail to obtain a response from
                      the TLS client before assuming the TLS client is
                      no longer alive.";
                  }
                }  // container keep-alives
              }  // container persistent
              container periodic {
                presence 'true';
                description
                  "Periodically connect to the RESTCONF client, so that
                  the RESTCONF client may send requests pending for
                  the RESTCONF server.  Once the connection has been
                  closed, for whatever reason, the server will restart
                  its timer until the next connection.";
                leaf idle-timeout {
                  type uint16;
                  units "seconds";
                  default '300';
                  description
                    "Specifies the maximum number of seconds that the
                     underlying TLS session may remain idle.  A TLS
                     session will be dropped if it is idle for an
                     interval longer than this number of seconds.
                     If set to zero, then the server will never drop
                     a session because it is idle.  Sessions that
                     have a notification subscription active are
                     never dropped.";
                }

                leaf reconnect-timeout {
                  type uint16 {
                    range "1..max";
                  }
                  units "minutes";
                  default '60';
                  description
                    "The maximum amount of unconnected time the
                    RESTCONF server will wait before re-establishing
                    a connection to the RESTCONF client.  The
                    RESTCONF server may initiate a connection to
                    the RESTCONF client before this time if desired
                    (e.g., to deliver a notification).";
                }
              }  // container periodic
            }  // choice connection-type
          }  // container connection-type

          container reconnect-strategy {
            description
              "The reconnection strategy directs how a RESTCONF server
            reconnects to a RESTCONF client after after discovering
            its connection to the client has dropped, even if due to
            a reboot.  The RESTCONF server starts with the specified
            endpoint and tries to connect to it max-attempts times
            before trying the next endpoint in the list (round
            robin).";
            leaf start-with {
              type enumeration {
                enum "first-listed" {
                  value 0;
                  description
                    "Indicates that reconnections should start with
                   the first endpoint listed.";
                }
                enum "last-connected" {
                  value 1;
                  description
                    "Indicates that reconnections should start with
                   the endpoint last connected to.  If no previous
                   connection has ever been established, then the
                   first endpoint configured is used.   RESTCONF
                   servers SHOULD be able to remember the last
                   endpoint connected to across reboots.";
                }
              }
              default 'first-listed';
              description
                "Specifies which of the RESTCONF client's endpoints the
              RESTCONF server should start with when trying to connect
              to the RESTCONF client.";
            }

            leaf max-attempts {
              type uint8 {
                range "1..max";
              }
              default '3';
              description
                "Specifies the number times the RESTCONF server tries to
              connect to a specific endpoint before moving on to the
              next endpoint in the list (round robin).";
            }
          }  // container reconnect-strategy
        }  // list restconf-client
      }  // container call-home
    }  // grouping restconf-server
  }  // module ietf-restconf-server

Summary

  
ietf-restconf-server  
  
Organization IETF NETCONF (Network Configuration) Working Group
  
Module ietf-restconf-server
Version 2015-02-02
File ietf-restconf-server.yang
  
Prefix rcserver
Namespace urn:ietf:params:xml:ns:yang:ietf-restconf-server
  
Cooked /cookedmodules/ietf-restconf-server/2015-02-02
YANG /src/ietf-restconf-server@2015-02-02.yang
XSD /xsd/ietf-restconf-server@2015-02-02.xsd
  
Abstract This module contains a collection of YANG definitions for configuring RESTCONF servers. Copyright (c) 2014 IETF Trust and the p...
  
Contact
WG Web:   <http://tools.ietf.org/wg/netconf/>
WG List:  <mailto:netconf@ietf.org>

WG Chair: Mehmet Ersue
	  <mailto:mehmet.ersue@nsn.com>

WG Chair: Mahesh Jethanandani
	  <mailto:mjethanandani@gmail.com>

Editor:   Kent Watsen
	  <mailto:kwatsen@juniper.net>
  
ietf-restconf-server  
  
Organization IETF NETCONF (Network Configuration) Working Group
  
Module ietf-restconf-server
Version 2017-10-30
File ietf-restconf-server@2017-10-30.yang
  
Prefix rcs
Namespace urn:ietf:params:xml:ns:yang:ietf-restconf-server
  
Cooked /cookedmodules/ietf-restconf-server/2017-10-30
YANG /src/ietf-restconf-server@2017-10-30.yang
XSD /xsd/ietf-restconf-server@2017-10-30.xsd
  
Abstract This module contains a collection of YANG definitions for configuring RESTCONF servers. Copyright (c) 2017 IETF Trust and the p...
  
Contact
WG Web:   <http://tools.ietf.org/wg/netconf/>
WG List:  <mailto:netconf@ietf.org>

Author:   Kent Watsen
	  <mailto:kwatsen@juniper.net>

Author:   Gary Wu
	  <mailto:garywu@cisco.com>

Author:   Juergen Schoenwaelder
	  <mailto:j.schoenwaelder@jacobs-university.de>

Description

 
ietf-restconf-server
This module contains a collection of YANG definitions for
configuring RESTCONF servers.

Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC VVVV; see
the RFC itself for full legal notices.
 
ietf-restconf-server
This module contains a collection of YANG definitions for
configuring RESTCONF servers.

Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.

Groupings

Grouping Objects Abstract
address-and-port-grouping address port This grouping is usd by both the ssh and tls containers for listen configuration.
call-home-container call-home This grouping is used only to help improve readability of the YANG module.
certificates-container certificates This grouping is used by both the listen and call-home containers
client-cert-auth-container client-cert-auth This grouping is used only to help improve readability of the YANG module.
endpoints-container endpoints This grouping is used by both the ssh and tls containers for call-home configurations.
keep-alives-container keep-alives This grouping is use by both listen and call-home configurations.
listen-container listen This grouping is used only to help improve readability of the YANG module.
restconf-server listen call-home Top-level grouping for RESTCONF server configuration.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
restconf-server container Top-level container for RESTCONF server configuration.
restconf-server container Top-level container for RESTCONF server configuration.
   call-home container Configures call-home behavior
   call-home container Configures call-home behavior
      application list List of RESTCONF clients the RESTCONF server is to initiate call-home connections to.
         connection-type container Indicates the RESTCONF client's preference for how the RESTCONF server's connection is maintained.
            connection-type choice Selects between persistent and periodic connections.
               periodic-connection case periodic
                  periodic container Periodically connect to RESTCONF client, using the reconnection strategy, so the RESTCONF client can deliver pending messages to the RESTCONF server. For messages the RESTCONF server wants to send to to the RESTCONF client, the RESTCONF server should pro...
                     linger-secs leaf The amount of time the RESTCONF server should wait after last receiving data from or sending data to the RESTCONF client's endpoint before closing its connection to it. This is an optimization to prevent unnecessary connections.
                     timeout-mins leaf The maximum amount of unconnected time the RESTCONF server will wait until establishing a connection to the RESTCONF client again. The RESTCONF server MAY establish a connection before this time if it has data it needs to send to the RESTCONF client. Note...
               persistent-connection case persistent
                  persistent container Maintain a persistent connection to the RESTCONF client. If the connection goes down, immediately start trying to reconnect to it, using the reconnection strategy. This connection type minimizes any RESTCONF client to RESTCONF server data-transfer delay,...
                     keep-alives container Configures the keep-alive policy, to proactively test the aliveness of the RESTCONF client.
                        count-max leaf Sets the number of keep-alive messages that may be sent without receiving any data from the RESTCONF client before assuming the RESTCONF client is no longer alive. If this threshold is reached, the transport-level connection will be disconnected, which w...
                        interval-secs leaf Sets a timeout interval in seconds after which if no data has been received from the RESTCONF client, a message will be sent to request a response from the RESTCONF client. A value of '0' indicates that no keep-alive messages should be sent.
         name leaf An arbitrary name for the remote RESTCONF client.
         reconnect-strategy container The reconnection strategy guides how a RESTCONF server reconnects to an RESTCONF client, after losing a connection to it, even if due to a reboot. The RESTCONF server starts with the specified endpoint and tries to connect to it count-max times, waiting ...
            count-max leaf Specifies the number times the RESTCONF server tries to connect to a specific endpoint before moving on to the next endpoint in the list (round robin).
            interval-secs leaf Specifies the time delay between connection attempts to the same endpoint. Note: this value differs from the periodic-connection's timeout-mins value.
            start-with leaf Specifies which of the RESTCONF client's endpoints the RESTCONF server should start with when trying to connect to the RESTCONF client. If no previous connection has ever been established, last-connected defaults to the first endpoint listed.
         transport choice Selects between TLS and any future transports augmented in.
            tls case tls
               tls container Specifies TLS-specific call-home transport configuration.
                  certificates container Parent container for the list of certificates.
                     certificate leaf-list An unordered list of certificates the TLS server can pick from when sending its Server Certificate message. The value of the string is the unique identifier for a certificate configured on the system. How valid values are discovered is outside the scope...
                  endpoints container Container for the list of endpoints.
                     endpoint list User-ordered list of endpoints for this RESTCONF client. Defining more than one enables high-availability.
                        address leaf The hostname or IP address or hostname of the endpoint. If a hostname is provided and DNS resolves to more than one IP address, the RESTCONF server SHOULD try all of the ones it can based on how its networking stack is configured (e.g. v4, v6, dual-stack)...
                        name leaf An arbitrary name for the endpoint to connect to.
                        port leaf The IP port for this endpoint. The RESTCONF server will use the IANA-assigned well-known port if not specified.
      restconf-client list List of RESTCONF clients the RESTCONF server is to initiate call-home connections to in parallel.
         connection-type container Indicates the RESTCONF client's preference for how the RESTCONF server's connection is maintained.
            connection-type choice Selects between available connection types.
               periodic-connection case periodic
                  periodic container Periodically connect to the RESTCONF client, so that the RESTCONF client may send requests pending for the RESTCONF server. Once the connection has been closed, for whatever reason, the server will restart its timer until the next connection.
                     idle-timeout leaf Specifies the maximum number of seconds that the underlying TLS session may remain idle. A TLS session will be dropped if it is idle for an interval longer than this number of seconds. If set to zero, then the server will never drop a session because it ...
                     reconnect-timeout leaf The maximum amount of unconnected time the RESTCONF server will wait before re-establishing a connection to the RESTCONF client. The RESTCONF server may initiate a connection to the RESTCONF client before this time if desired (e.g., to deliver a notifica...
               persistent-connection case persistent
                  persistent container Maintain a persistent connection to the RESTCONF client. If the connection goes down, immediately start trying to reconnect to it, using the reconnection strategy. This connection type minimizes any RESTCONF client to RESTCONF server data-transfer delay,...
                     idle-timeout leaf Specifies the maximum number of seconds that the underlying TLS session may remain idle. A TLS session will be dropped if it is idle for an interval longer than this number of seconds. If set to zero, then the server will never drop a session because it i...
                     keep-alives container Configures the keep-alive policy, to proactively test the aliveness of the TLS client. An unresponsive TLS client will be dropped after approximately (max-attempts * max-wait) seconds.
                        max-attempts leaf Sets the maximum number of sequential keep-alive messages that can fail to obtain a response from the TLS client before assuming the TLS client is no longer alive.
                        max-wait leaf Sets the amount of time in seconds after which if no data has been received from the TLS client, a TLS-level message will be sent to test the aliveness of the TLS client.
         endpoints container Container for the list of endpoints.
            endpoint list User-ordered list of endpoints for this RESTCONF client. Defining more than one enables high- availability.
               name leaf An arbitrary name for this endpoint.
               transport choice Selects between available transports. This is a 'choice' statement so as to support additional transport options to be augmented in.
                  tls case tls
                     tls container Specifies TLS-specific call-home transport configuration.
                        address leaf The IP address or hostname of the endpoint. If a domain name is configured, then the DNS resolution should happen on each usage attempt. If the DNS resolution results in multiple IP addresses, the IP addresses will be tried according to local preference o...
                        client-auth container A reference to a list of pinned certificate authority (CA) certificates and a reference to a list of pinned client certificates.
                           cert-maps container The cert-maps container is used by a TLS-based RESTCONF server to map the RESTCONF client's presented X.509 certificate to a RESTCONF username. If no matching and valid cert-to-name list entry can be found, then the RESTCONF server MUST close the connecti...
                           pinned-ca-certs leaf A reference to a list of certificate authority (CA) certificates used by the TLS server to authenticate TLS client certificates. A client certificate is authenticated if it has a valid chain of trust to a configured pinned CA certificate.
                           pinned-client-certs leaf A reference to a list of client certificates used by the TLS server to authenticate TLS client certificates. A clients certificate is authenticated if it is an exact match to a configured pinned client certificate.
                        hello-params container Configurable parameters for the TLS hello message.
                           cipher-suites container Parameters regarding cipher suites.
                              cipher-suite leaf-list Acceptable cipher suites in order of descending preference. If this leaf-list is not configured (has zero elements) the acceptable cipher suites are implementation- defined.
                           tls-versions container Parameters regarding TLS versions.
                              tls-version leaf-list Acceptable TLS protocol versions. If this leaf-list is not configured (has zero elements) the acceptable TLS protocol versions are implementation- defined.
                        port leaf The IP port for this endpoint. The RESTCONF server will use the IANA-assigned well-known port for 'restconf-ch-tls' (4336) if no value is specified.
                        server-identity container The list of certificates the TLS server will present when establishing a TLS connection in its Certificate message, as defined in Section 7.4.2 in RFC 5246.
                           algorithm leaf Identifies the key's algorithm. More specifically, this leaf specifies how the 'private-key' and 'public-key' binary leafs are encoded.
                           certificates container Certificates associated with this key. More than one certificate supports, for instance, a TPM-protected key that has both IDevID and LDevID certificates associated.
                              certificate list A certificate for this private key.
                                 name leaf An arbitrary name for the certificate.
                                 value leaf A PKCS #7 SignedData structure, as specified by Section 9.1 in RFC 2315, containing just certificates (no content, signatures, or CRLs), encoded using ASN.1 distinguished encoding rules (DER), as specified in ITU-T X.690. This structure contains the cert...
                           private-key leaf A binary that contains the value of the private key. The interpretation of the content is defined by the key algorithm. For example, a DSA key is an integer, an RSA key is represented as RSAPrivateKey as defined in [RFC3447], and an Elliptic Curve Crypt...
                           public-key leaf A binary that contains the value of the public key. The interpretation of the content is defined by the key algorithm. For example, a DSA key is an integer, an RSA key is represented as RSAPublicKey as defined in [RFC3447], and an Elliptic Curve Cryptog...
         name leaf An arbitrary name for the remote RESTCONF client.
         reconnect-strategy container The reconnection strategy directs how a RESTCONF server reconnects to a RESTCONF client after after discovering its connection to the client has dropped, even if due to a reboot. The RESTCONF server starts with the specified endpoint and tries to connect...
            max-attempts leaf Specifies the number times the RESTCONF server tries to connect to a specific endpoint before moving on to the next endpoint in the list (round robin).
            start-with leaf Specifies which of the RESTCONF client's endpoints the RESTCONF server should start with when trying to connect to the RESTCONF client.
   client-cert-auth container Container for TLS client certificate authentication configuration.
      cert-maps container The cert-maps container is used by a NETCONF server to map the NETCONF client's presented X.509 certificate to a NETCONF username. If no matching and valid cert-to-name list entry can be found, then the NETCONF server MUST close the connection, and MUST ...
         cert-to-name list This list defines how certificates are mapped to names. The name is derived by considering each cert-to-name list entry in order. The cert-to-name entry's fingerprint determines whether the list entry is a match: 1) If the cert-to-name list entry's fing...
            fingerprint leaf Specifies a value with which the fingerprint of the full certificate presented by the peer is compared. If the fingerprint of the full certificate presented by the peer does not match the fingerprint configured, then the entry is skipped, and the search ...
            id leaf The id specifies the order in which the entries in the cert-to-name list are searched. Entries with lower numbers are searched first.
            map-type leaf Specifies the algorithm used to map the certificate presented by the peer to a name. Mappings that need additional configuration objects should use the 'when' statement to make them conditional based on the map-type.
            name leaf Directly specifies the NETCONF username when the map-type is 'specified'.
      trusted-ca-certs container A list of Certificate Authority (CA) certificates that a NETCONF server can use to authenticate NETCONF client certificates. A client's certificate is authenticated if there is a chain of trust to a configured trusted CA certificate. The client certific...
         trusted-ca-cert leaf-list The binary certificate structure as specified by RFC 5246, Section 7.4.6, i.e.,: opaque ASN.1Cert<1..2^24>;
      trusted-client-certs container A list of client certificates that a NETCONF server can use to authenticate a NETCONF client's certificate. A client's certificate is authenticated if it is an exact match to a configured trusted client certificates.
         trusted-client-cert leaf-list The binary certificate structure, as specified by RFC 5246, Section 7.4.6, i.e.,: opaque ASN.1Cert<1..2^24>;
   listen container Configures listen behavior
   listen container Configures listen behavior
      endpoint list List of endpoints to listen for RESTCONF connections on.
      endpoint list List of endpoints to listen for RESTCONF connections.
         keep-alives container Configures the keep-alive policy, to proactively test the aliveness of the RESTCONF client.
            count-max leaf Sets the number of keep-alive messages that may be sent without receiving any data from the RESTCONF client before assuming the RESTCONF client is no longer alive. If this threshold is reached, the transport-level connection will be disconnected, which w...
            interval-secs leaf Sets a timeout interval in seconds after which if no data has been received from the RESTCONF client, a message will be sent to request a response from the RESTCONF client. A value of '0' indicates that no keep-alive messages should be sent.
         name leaf An arbitrary name for the RESTCONF listen endpoint.
         name leaf An arbitrary name for the RESTCONF listen endpoint.
         transport choice Selects between available transports.
         transport choice Selects between available transports. This is a 'choice' statement so as to support additional transport options to be augmented in.
            tls case tls
            tls case tls
               tls container TLS-specific listening configuration for inbound connections.
               tls container TLS-specific listening configuration for inbound connections.
                  address leaf The IP address of the interface to listen on.
                  address leaf The IP address to listen on for incoming connections. The RESTCONF server will listen on all configured interfaces if no value is specified. INADDR_ANY (0.0.0.0) or INADDR6_ANY (0:0:0:0:0:0:0:0 a.k.a. ::) MUST be used when the server is to listen on all ...
                  certificates container Parent container for the list of certificates.
                     certificate leaf-list An unordered list of certificates the TLS server can pick from when sending its Server Certificate message. The value of the string is the unique identifier for a certificate configured on the system. How valid values are discovered is outside the scope...
                  client-auth container A reference to a list of pinned certificate authority (CA) certificates and a reference to a list of pinned client certificates.
                     cert-maps container The cert-maps container is used by a TLS-based RESTCONF server to map the RESTCONF client's presented X.509 certificate to a RESTCONF username. If no matching and valid cert-to-name list entry can be found, then the RESTCONF server MUST close the connect...
                     pinned-ca-certs leaf A reference to a list of certificate authority (CA) certificates used by the TLS server to authenticate TLS client certificates. A client certificate is authenticated if it has a valid chain of trust to a configured pinned CA certificate.
                     pinned-client-certs leaf A reference to a list of client certificates used by the TLS server to authenticate TLS client certificates. A clients certificate is authenticated if it is an exact match to a configured pinned client certificate.
                  hello-params container Configurable parameters for the TLS hello message.
                     cipher-suites container Parameters regarding cipher suites.
                        cipher-suite leaf-list Acceptable cipher suites in order of descending preference. If this leaf-list is not configured (has zero elements) the acceptable cipher suites are implementation- defined.
                     tls-versions container Parameters regarding TLS versions.
                        tls-version leaf-list Acceptable TLS protocol versions. If this leaf-list is not configured (has zero elements) the acceptable TLS protocol versions are implementation- defined.
                  port leaf The local port number on this interface the RESTCONF server listens on.
                  port leaf The local port number to listen on. If no value is specified, the IANA-assigned port value for 'https' (443) is used.
                  server-identity container The list of certificates the TLS server will present when establishing a TLS connection in its Certificate message, as defined in Section 7.4.2 in RFC 5246.
                     algorithm leaf Identifies the key's algorithm. More specifically, this leaf specifies how the 'private-key' and 'public-key' binary leafs are encoded.
                     certificates container Certificates associated with this key. More than one certificate supports, for instance, a TPM-protected key that has both IDevID and LDevID certificates associated.
                        certificate list A certificate for this private key.
                           name leaf An arbitrary name for the certificate.
                           value leaf A PKCS #7 SignedData structure, as specified by Section 9.1 in RFC 2315, containing just certificates (no content, signatures, or CRLs), encoded using ASN.1 distinguished encoding rules (DER), as specified in ITU-T X.690. This structure contains the cert...
                     private-key leaf A binary that contains the value of the private key. The interpretation of the content is defined by the key algorithm. For example, a DSA key is an integer, an RSA key is represented as RSAPrivateKey as defined in [RFC3447], and an Elliptic Curve Crypt...
                     public-key leaf A binary that contains the value of the public key. The interpretation of the content is defined by the key algorithm. For example, a DSA key is an integer, an RSA key is represented as RSAPublicKey as defined in [RFC3447], and an Elliptic Curve Cryptog...
      max-sessions leaf Specifies the maximum number of concurrent sessions that can be active at one time. The value 0 indicates that no artificial session limit should be used.