NETCONF R. Gagliano Internet-Draft Cisco Systems Intended status: Standards Track K. Larsson Expires: 18 September 2026 Deutsche Telekom AG J. Lindblad All For Eco 17 March 2026 RESTCONF Extension to Support Trace Context Headers draft-ietf-netconf-restconf-trace-ctx-headers-08 Abstract This document defines an extension to the RESTCONF protocol in order to support Trace Context propagation as defined by the W3C. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://github.com/ netconf-wg/restconf-trace-ctx-headers/blob/gh-pages/draft-ietf- netconf-restconf-trace-ctx-headers.txt. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf- netconf-restconf-trace-ctx-headers/. Discussion of this document takes place on the NETCONF Working Group mailing list (mailto:netconf@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/netconf/. Subscribe at https://www.ietf.org/mailman/listinfo/netconf/. Source for this draft and an issue tracker can be found at https://github.com/https://github.com/netconf-wg/restconf-trace-ctx- headers. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Gagliano, et al. Expires 18 September 2026 [Page 1] Internet-Draft RESTCONF Trace Context Headers March 2026 Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 18 September 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. RESTCONF Extensions . . . . . . . . . . . . . . . . . . . . . 3 2.1. Error Handling . . . . . . . . . . . . . . . . . . . . . 4 2.2. Trace Context Header Versioning . . . . . . . . . . . . . 4 3. Security Considerations . . . . . . . . . . . . . . . . . . . 4 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 6.1. Normative References . . . . . . . . . . . . . . . . . . 5 6.2. Informative References . . . . . . . . . . . . . . . . . 6 Appendix A. Example RESTCONF Calls . . . . . . . . . . . . . . . 6 A.1. Successful creation of New Data Resources (from Appendix B.2.1 of RFC8040) . . . . . . . . . . . . . . . 6 A.2. Unsuccessful creation of New Data Resources (from Appendix B.2.1 of RFC8040) . . . . . . . . . . . . . . . 7 Appendix B. Changes (to be deleted by RFC Editor) . . . . . . . 8 B.1. From version 07 to 08 . . . . . . . . . . . . . . . . . . 8 B.2. From version 06 to 07 . . . . . . . . . . . . . . . . . . 8 B.3. From version 05 to 06 . . . . . . . . . . . . . . . . . . 9 B.4. From version 04 to 05 . . . . . . . . . . . . . . . . . . 9 B.5. From version 03 to 04 . . . . . . . . . . . . . . . . . . 9 B.6. From version 02 to 03 . . . . . . . . . . . . . . . . . . 9 B.7. From version 01 to 02 . . . . . . . . . . . . . . . . . . 9 B.8. From version 00 to -01 . . . . . . . . . . . . . . . . . 10 Gagliano, et al. Expires 18 September 2026 [Page 2] Internet-Draft RESTCONF Trace Context Headers March 2026 B.9. From version 00 to draft-ietf-netconf-restconf-trace-ctx-headers-00 . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 1. Introduction Network automation and management systems commonly consist of multiple sub-systems and, together with the network devices they manage, they effectively form a distributed system. Distributed tracing is a methodology implemented by tracing tools to track, analyze and debug operations such as configuration transactions, across multiple distributed systems. The W3C has defined two HTTP headers (traceparent and tracestate) in [W3C-Trace-Context] for context propagation that are useful for distributed systems like the ones defined in section 4 of [RFC8309]. While the traceparent header is portable and mandatory, the tracestate header is optional and meant to transport vendor-specific data presented by a set of key/value pairs. According to the W3C specification, each operation is uniquely identified by a "trace-id" field, and carries multiple metadata fields about the operation. Propagating this Trace Context between systems provides a coherent view of the entire operation as carried out by all involved systems. In [I-D.draft-ietf-netconf-trace-ctx-extension], the NETCONF protocol extension is defined and we will re-use several of the YANG and XML objects defined in that document for RESTCONF. Please refer to that document for additional context and example applications. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT","SHOULD","SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. RESTCONF Extensions A RESTCONF server that implements the Trace Context propagation mechanism defined in this document MUST support the Trace Context traceparent header as defined in [W3C-Trace-Context]. A RESTCONF server MAY support the Trace Context tracestate header as defined in [W3C-Trace-Context]. Gagliano, et al. Expires 18 September 2026 [Page 3] Internet-Draft RESTCONF Trace Context Headers March 2026 When interacting with these headers, the RESTCONF server follow the specifications of section 2.3 in [W3C-Trace-Context]. A detailed processing model example is also provided in the document. 2.1. Error Handling It is NOT RECOMMENDED to reject an RPC because of the Trace Context header values. If a server decides to reject an RPC because of the Trace Context header values, the server MUST return a RESTCONF rpc-error with the following values: error-tag: operation-failed error-type: protocol error-severity: error Additionally, the error-info tag SHOULD contain a relevant details about the error. Finally, the sx:structure defined in [I-D.draft-ietf-netconf-trace-ctx-extension] SHOULD be present in any error message from the server. 2.2. Trace Context Header Versioning The RESTCONF protocol extension described in this document refers to the [W3C-Trace-Context] Trace Context capability. The W3C traceparent and tracestate headers include the notion of versions. It would be desirable for a RESTCONF client to be able to discover the one or multiple versions of these headers supported by a server. [I-D.draft-ietf-netconf-trace-ctx-extension] defines a pair YANG modules that SHOULD be included in the YANG library per [RFC8525] of the RESTCONF server supporting the RESTCONF Trace Context extension that will refer to the headers' supported versions. 3. Security Considerations The related document [I-D.draft-ietf-netconf-trace-ctx-extension] defines two YANG modules that are used when implementing the Trace Context concept, regardless of YANG-based protocol. These modules are completely empty, and therefore have very limited security considerations. Their purpose is only to indicate which Trace Context header versions the server supports using YANG Library [RFC8525]. Gagliano, et al. Expires 18 September 2026 [Page 4] Internet-Draft RESTCONF Trace Context Headers March 2026 The traceparent and tracestate headers make it easier to track and correlate the flow of requests and their downstream effect on other systems. This is indeed the whole point with these headers. This knowledge may be used by unauthorized entities to infer a map of a managed network. All advice mentioned in the [W3C-Trace-Context] under the Privacy Considerations and Security Considerations also apply to this document. The RESTCONF protocol has to (1) use a secure transport layer (e.g., TLS [RFC8446] and QUIC [RFC9000]) and (2) has to use mutual authentication. 4. IANA Considerations This document has no IANA actions. 5. Acknowledgments The authors would like to acknowledge the valuable implementation feedback from Christian Rennerskog and Per Andersson. Many thanks to Raul Rivas Felix, Alexander Stoklasa, Luca Relandini and Erwin Vrolijk for their help with the demos regarding integrations. The help and support from Med Boucadair, Jean Quilbeuf and BenoƮt Claise has also been invaluable to this work. 6. References 6.1. Normative References [I-D.draft-ietf-netconf-trace-ctx-extension] Gagliano, R., Larsson, K., and J. Lindblad, "NETCONF Extension to support Trace Context propagation", Work in Progress, Internet-Draft, draft-ietf-netconf-trace-ctx- extension-05, 19 October 2025, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, . Gagliano, et al. Expires 18 September 2026 [Page 5] Internet-Draft RESTCONF Trace Context Headers March 2026 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, . [RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., and R. Wilton, "YANG Library", RFC 8525, DOI 10.17487/RFC8525, March 2019, . [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based Multiplexed and Secure Transport", RFC 9000, DOI 10.17487/RFC9000, May 2021, . [W3C-Trace-Context] "W3C Recommendation on Trace Context", 23 November 2021, . 6.2. Informative References [RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018, . Appendix A. Example RESTCONF Calls All examples from Appendix B of [RFC8040] could be recreated in this section by adding the new header described in this document. We selected one example from that document as reference. A.1. Successful creation of New Data Resources (from Appendix B.2.1 of [RFC8040]) To create a new "artist" resource within the "library" resource, a client might send the following request: Gagliano, et al. Expires 18 September 2026 [Page 6] Internet-Draft RESTCONF Trace Context Headers March 2026 POST /restconf/data/example-jukebox:jukebox/library HTTP/1.1 Host: example.com Content-Type: application/yang-data+json traceparent: 00-405062f633be64ee006089dfca95a153-e021f9e263aad8e2-01 tracestate: vendorname1=opaqueValue1,vendorname2=opaqueValue2 { "example-jukebox:artist" : [ { "name" : "Foo Fighters" } ] } If the resource is created, the server might respond as follows: HTTP/1.1 201 Created Date: Thu, 26 Jan 2017 20:56:30 GMT Server: example-server Location: https://example.com/restconf/data/\ example-jukebox:jukebox/library/artist=Foo%20Fighters Last-Modified: Thu, 26 Jan 2017 20:56:30 GMT ETag: "b3830f23a4c" traceparent: 00-405062f633be64ee006089dfca95a153-e021f9e263aad8e2-01 tracestate: vendorname1=opaqueValue1,vendorname2=opaqueValue2 A.2. Unsuccessful creation of New Data Resources (from Appendix B.2.1 of [RFC8040]) [W3C-Trace-Context] specifies that a vendor MAY validate the tracestate header and the processing rules SHOULD be followed. Example of a badly formated tracestate header using [RFC8040] example (Appendix B.2.1), in which a server receives a higher traceparent version 03: Gagliano, et al. Expires 18 September 2026 [Page 7] Internet-Draft RESTCONF Trace Context Headers March 2026 POST /restconf/data/example-jukebox:jukebox/library HTTP/1.1 Host: example.com Content-Type: application/yang-data+json traceparent: 03-405062f633be64ee006089dfca95a153-e021f9e263aad8e2-01 tracestate: SomeBadFormatHere { "example-jukebox:artist" : [ { "name" : "Foo Fighters" } ] } In this case, the server cannot parse the traceparent header and the response would be: HTTP/1.1 201 Created Date: Thu, 26 Jan 2017 20:56:30 GMT Server: example-server Location: https://example.com/restconf/data/\ example-jukebox:jukebox/library/artist=Foo%20Fighters Last-Modified: Thu, 26 Jan 2017 20:56:30 GMT ETag: "b3830f23a4c" traceparent: 00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-00 Note that the API call was succesful but the traceparent header is new with its trace-flags set to 0 and the tracestate header was deleted. Appendix B. Changes (to be deleted by RFC Editor) B.1. From version 07 to 08 * Improved Error-handling example to show the most common scenario based on W3C standard. * Uplifting dates * Serveral edits based on OpsDir comments * Security considerations for Quic and Mutual Authentication B.2. From version 06 to 07 * More missing edits, uplifting dates Gagliano, et al. Expires 18 September 2026 [Page 8] Internet-Draft RESTCONF Trace Context Headers March 2026 B.3. From version 05 to 06 * More missing edits B.4. From version 04 to 05 * Removed unused references and terminology B.5. From version 03 to 04 * Abbreviation change * "ietf-trace-contex:trace-context-error-info" should have been a container in example B.6. From version 02 to 03 * Added abbreviations to terminology * error messages are SHOULD to align with W3C handling. * Addapted example to YANG module changes in reference. B.7. From version 01 to 02 * Added WGLC comments * Changed namespaces and module name * Fix error in error response * Comments from Med Boucadair * Removed markdown formatting of tracestate and traceparent, as toolchain could not handle this properly * Removed references to RFC8341 (NACM) as the passage in the security considerations no longer need it * Rearranged text in introduction to include referenes in a more natural order * Removed several references to "we" and replaced with more neutral language Gagliano, et al. Expires 18 September 2026 [Page 9] Internet-Draft RESTCONF Trace Context Headers March 2026 * Clarified that everything described as MUST requirements in this document only apply to RESTCONF implementations that implement this document. Other RESTCONF implementations do not need to care about this document, it's an optional extension * Clarified that the YANG modules used by this document is defined by the sibling document for NETCONF * Lots of updated wording based on review feedback B.8. From version 00 to -01 * Added Security considerations * Added Acknowledgements * Added several Normative references * Added links to latest document on github * Added RESTCONF example for success and error * Modified Error Handling to reflect better W3C alignment based on implementation feedback * Firmed up error handling and YANG-library to MUST-requirements B.9. From version 00 to draft-ietf-netconf-restconf-trace-ctx- headers-00 * Adopted by NETCONF WG * Moved repository to NETCONF WG * Changed build system to use martinthomson's excellent framework * Ran make fix-lint to remove white space at EOL etc. * Added this change note. No other content changes Authors' Addresses Roque Gagliano Cisco Systems Avenue des Uttins 5 CH-1180 Rolle Switzerland Email: rogaglia@cisco.com Gagliano, et al. Expires 18 September 2026 [Page 10] Internet-Draft RESTCONF Trace Context Headers March 2026 Kristian Larsson Deutsche Telekom AG Email: kll@dev.terastrm.net Jan Lindblad All For Eco Email: jan.lindblad+ietf@for.eco Gagliano, et al. Expires 18 September 2026 [Page 11]