| < draft-boucadair-dots-rfc8782-yang-update-00.txt | draft-boucadair-dots-rfc8782-yang-update-01.txt > | |||
|---|---|---|---|---|
| DOTS M. Boucadair | DOTS M. Boucadair | |||
| Internet-Draft Orange | Internet-Draft Orange | |||
| Updates: 8782 (if approved) J. Shallow | Updates: 8782 (if approved) J. Shallow | |||
| Intended status: Standards Track July 6, 2020 | Intended status: Standards Track July 9, 2020 | |||
| Expires: January 7, 2021 | Expires: January 10, 2021 | |||
| A YANG Data Model for Distributed Denial-of-Service Open Threat | A YANG Data Model for Distributed Denial-of-Service Open Threat | |||
| Signaling (DOTS) Signal Channel | Signaling (DOTS) Signal Channel | |||
| draft-boucadair-dots-rfc8782-yang-update-00 | draft-boucadair-dots-rfc8782-yang-update-01 | |||
| Abstract | Abstract | |||
| This document specifies an updated version of the Distributed Denial- | This document specifies an updated version of the Distributed Denial- | |||
| of-Service Open Threat Signaling (DOTS) Signal Channel YANG data | of-Service Open Threat Signaling (DOTS) Signal Channel YANG data | |||
| model. This updated version makes use of the new mechanisms for | model. This updated version makes use of the new mechanisms for | |||
| defining abstract data structures with YANG as specified in RFC8791. | defining abstract data structures with YANG as specified in RFC8791. | |||
| This document updates RFC 8782. | This document updates RFC 8782. | |||
| skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 37 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 7, 2021. | This Internet-Draft will expire on January 10, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 6 ¶ | skipping to change at page 3, line 6 ¶ | |||
| [RFC8340] and [RFC8791]. | [RFC8340] and [RFC8791]. | |||
| 2. Summary of Changes From RFC8782 | 2. Summary of Changes From RFC8782 | |||
| The main changes compared to the YANG version published in [RFC8782] | The main changes compared to the YANG version published in [RFC8782] | |||
| are as follows: | are as follows: | |||
| o Follow the new YANG data structure specified in [RFC8791]. | o Follow the new YANG data structure specified in [RFC8791]. | |||
| o Add in "choice" to indicate the communication direction in which a | o Add in "choice" to indicate the communication direction in which a | |||
| data node applies. If no "choice" is indicated, a node can appear | data node applies. If no "choice" is indicated, a data node can | |||
| in both directions (i.e., from DOTS clients to DOTS servers and | appear in both directions (i.e., from DOTS clients to DOTS servers | |||
| vice versa). | and vice versa). | |||
| o Remove "config" clauses. Note that "config" statements will be | o Remove "config" clauses. Note that "config" statements will be | |||
| ignored (if present) anyway according to Section 4 of [RFC8791]. | ignored (if present) anyway according to Section 4 of [RFC8791]. | |||
| This supersedes the references to the use of 'ro' and 'rw' which | ||||
| are now covered by "choice" above. | ||||
| o Remove "cuid", "cdid", and "sid" nodes from the structure because | o Remove "cuid", "cdid", and "sid" data nodes from the structure | |||
| these nodes are included as Uri-Path options, not within the | because these data nodes are included as Uri-Path options, not | |||
| message body. | within the message body. | |||
| o Remove the list keys for the mitigation scope message type (i.e., | o Remove the list keys for the mitigation scope message type (i.e., | |||
| "cuid" and "mid"). "mid" is not indicated as a key because it is | "cuid" and "mid"). "mid" is not indicated as a key because it is | |||
| included as Uri-Path option for requests and in the message body | included as Uri-Path option for requests and in the message body | |||
| for responses. Note that Section 4 of [RFC8791] specifies that a | for responses. Note that Section 4 of [RFC8791] specifies that a | |||
| list does not require to have a key statement defined. | list does not require to have a key statement defined. | |||
| These changes are made with the constraint to avoid changes to the | These changes are made with the constraint to avoid changes to the | |||
| mapping table defined in Table 5 of [RFC8782]. A DOTS signal channel | mapping table defined in Table 5 of [RFC8782]. A DOTS signal channel | |||
| attribute that may be present in both requests and responses will | attribute that may be present in both requests and responses will | |||
| skipping to change at page 9, line 19 ¶ | skipping to change at page 9, line 20 ¶ | |||
| type boolean; | type boolean; | |||
| default "true"; | default "true"; | |||
| description | description | |||
| "If set to 'false', DDoS mitigation will not be | "If set to 'false', DDoS mitigation will not be | |||
| triggered unless the DOTS signal channel | triggered unless the DOTS signal channel | |||
| session is lost."; | session is lost."; | |||
| } | } | |||
| choice direction { | choice direction { | |||
| description | description | |||
| "Indicates the communication direction in which the | "Indicates the communication direction in which the | |||
| nodes can be included."; | data nodes can be included."; | |||
| case server-to-client-only { | case server-to-client-only { | |||
| description | description | |||
| "These nodes appear only in a mitigation message | "These data nodes appear only in a mitigation message | |||
| sent from the server to the client."; | sent from the server to the client."; | |||
| leaf mid { | leaf mid { | |||
| type uint32; | type uint32; | |||
| description | description | |||
| "Mitigation request identifier. | "Mitigation request identifier. | |||
| This identifier must be unique for each mitigation | This identifier must be unique for each mitigation | |||
| request bound to the DOTS client."; | request bound to the DOTS client."; | |||
| } | } | |||
| leaf mitigation-start { | leaf mitigation-start { | |||
| skipping to change at page 12, line 32 ¶ | skipping to change at page 12, line 34 ¶ | |||
| "Subset of DOTS signal channel session configuration."; | "Subset of DOTS signal channel session configuration."; | |||
| container heartbeat-interval { | container heartbeat-interval { | |||
| description | description | |||
| "DOTS agents regularly send heartbeats to each other | "DOTS agents regularly send heartbeats to each other | |||
| after mutual authentication is successfully | after mutual authentication is successfully | |||
| completed in order to keep the DOTS signal channel | completed in order to keep the DOTS signal channel | |||
| open."; | open."; | |||
| choice direction { | choice direction { | |||
| description | description | |||
| "Indicates the communication direction in which the | "Indicates the communication direction in which the | |||
| nodes can be included."; | data nodes can be included."; | |||
| case server-to-client-only { | case server-to-client-only { | |||
| description | description | |||
| "These nodes appear only in a mitigation message | "These data nodes appear only in a mitigation message | |||
| sent from the server to the client."; | sent from the server to the client."; | |||
| leaf max-value { | leaf max-value { | |||
| type uint16; | type uint16; | |||
| units "seconds"; | units "seconds"; | |||
| description | description | |||
| "Maximum acceptable heartbeat-interval value."; | "Maximum acceptable heartbeat-interval value."; | |||
| } | } | |||
| leaf min-value { | leaf min-value { | |||
| type uint16; | type uint16; | |||
| units "seconds"; | units "seconds"; | |||
| skipping to change at page 12, line 50 ¶ | skipping to change at page 13, line 4 ¶ | |||
| description | description | |||
| "Maximum acceptable heartbeat-interval value."; | "Maximum acceptable heartbeat-interval value."; | |||
| } | } | |||
| leaf min-value { | leaf min-value { | |||
| type uint16; | type uint16; | |||
| units "seconds"; | units "seconds"; | |||
| description | description | |||
| "Minimum acceptable heartbeat-interval value."; | "Minimum acceptable heartbeat-interval value."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| leaf current-value { | leaf current-value { | |||
| type uint16; | type uint16; | |||
| units "seconds"; | units "seconds"; | |||
| default "30"; | default "30"; | |||
| description | description | |||
| "Current heartbeat-interval value. | "Current heartbeat-interval value. | |||
| '0' means that heartbeat mechanism is deactivated."; | '0' means that heartbeat mechanism is deactivated."; | |||
| } | } | |||
| } | } | |||
| container missing-hb-allowed { | container missing-hb-allowed { | |||
| description | description | |||
| "Maximum number of missing heartbeats allowed."; | "Maximum number of missing heartbeats allowed."; | |||
| choice direction { | choice direction { | |||
| description | description | |||
| "Indicates the communication direction in which the | "Indicates the communication direction in which the | |||
| nodes can be included."; | data nodes can be included."; | |||
| case server-to-client-only { | case server-to-client-only { | |||
| description | description | |||
| "These nodes appear only in a mitigation message | "These data nodes appear only in a mitigation message | |||
| sent from the server to the client."; | sent from the server to the client."; | |||
| leaf max-value { | leaf max-value { | |||
| type uint16; | type uint16; | |||
| description | description | |||
| "Maximum acceptable missing-hb-allowed value."; | "Maximum acceptable missing-hb-allowed value."; | |||
| } | } | |||
| leaf min-value { | leaf min-value { | |||
| type uint16; | type uint16; | |||
| description | description | |||
| "Minimum acceptable missing-hb-allowed value."; | "Minimum acceptable missing-hb-allowed value."; | |||
| skipping to change at page 13, line 50 ¶ | skipping to change at page 14, line 4 ¶ | |||
| "Current missing-hb-allowed value."; | "Current missing-hb-allowed value."; | |||
| } | } | |||
| } | } | |||
| container probing-rate { | container probing-rate { | |||
| description | description | |||
| "The limit for sending Non-confirmable messages with | "The limit for sending Non-confirmable messages with | |||
| no response."; | no response."; | |||
| choice direction { | choice direction { | |||
| description | description | |||
| "Indicates the communication direction in which the | "Indicates the communication direction in which the | |||
| nodes can be included."; | data nodes can be included."; | |||
| case server-to-client-only { | case server-to-client-only { | |||
| description | description | |||
| "These nodes appear only in a mitigation message | "These data nodes appear only in a mitigation message | |||
| sent from the server to the client."; | sent from the server to the client."; | |||
| leaf max-value { | leaf max-value { | |||
| type uint16; | type uint16; | |||
| units "byte/second"; | units "byte/second"; | |||
| description | description | |||
| "Maximum acceptable probing-rate value."; | "Maximum acceptable probing-rate value."; | |||
| } | } | |||
| leaf min-value { | leaf min-value { | |||
| type uint16; | type uint16; | |||
| units "byte/second"; | units "byte/second"; | |||
| skipping to change at page 14, line 36 ¶ | skipping to change at page 14, line 38 ¶ | |||
| "Current probing-rate value."; | "Current probing-rate value."; | |||
| } | } | |||
| } | } | |||
| container max-retransmit { | container max-retransmit { | |||
| description | description | |||
| "Maximum number of retransmissions of a Confirmable | "Maximum number of retransmissions of a Confirmable | |||
| message."; | message."; | |||
| choice direction { | choice direction { | |||
| description | description | |||
| "Indicates the communication direction in which the | "Indicates the communication direction in which the | |||
| nodes can be included."; | data nodes can be included."; | |||
| case server-to-client-only { | case server-to-client-only { | |||
| description | description | |||
| "These nodes appear only in a mitigation message | "These data nodes appear only in a mitigation message | |||
| sent from the server to the client."; | sent from the server to the client."; | |||
| leaf max-value { | leaf max-value { | |||
| type uint16; | type uint16; | |||
| description | description | |||
| "Maximum acceptable max-retransmit value."; | "Maximum acceptable max-retransmit value."; | |||
| } | } | |||
| leaf min-value { | leaf min-value { | |||
| type uint16; | type uint16; | |||
| description | description | |||
| "Minimum acceptable max-retransmit value."; | "Minimum acceptable max-retransmit value."; | |||
| skipping to change at page 14, line 50 ¶ | skipping to change at page 15, line 4 ¶ | |||
| sent from the server to the client."; | sent from the server to the client."; | |||
| leaf max-value { | leaf max-value { | |||
| type uint16; | type uint16; | |||
| description | description | |||
| "Maximum acceptable max-retransmit value."; | "Maximum acceptable max-retransmit value."; | |||
| } | } | |||
| leaf min-value { | leaf min-value { | |||
| type uint16; | type uint16; | |||
| description | description | |||
| "Minimum acceptable max-retransmit value."; | "Minimum acceptable max-retransmit value."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| leaf current-value { | leaf current-value { | |||
| type uint16; | type uint16; | |||
| default "3"; | default "3"; | |||
| description | description | |||
| "Current max-retransmit value."; | "Current max-retransmit value."; | |||
| } | } | |||
| } | } | |||
| container ack-timeout { | container ack-timeout { | |||
| description | description | |||
| "Initial retransmission timeout value."; | "Initial retransmission timeout value."; | |||
| choice direction { | choice direction { | |||
| description | description | |||
| "Indicates the communication direction in which the | "Indicates the communication direction in which the | |||
| nodes can be included."; | data nodes can be included."; | |||
| case server-to-client-only { | case server-to-client-only { | |||
| description | description | |||
| "These nodes appear only in a mitigation message | "These data nodes appear only in a mitigation message | |||
| sent from the server to the client."; | sent from the server to the client."; | |||
| leaf max-value-decimal { | leaf max-value-decimal { | |||
| type decimal64 { | type decimal64 { | |||
| fraction-digits 2; | fraction-digits 2; | |||
| } | } | |||
| units "seconds"; | units "seconds"; | |||
| description | description | |||
| "Maximum ack-timeout value."; | "Maximum ack-timeout value."; | |||
| } | } | |||
| leaf min-value-decimal { | leaf min-value-decimal { | |||
| skipping to change at page 15, line 51 ¶ | skipping to change at page 16, line 4 ¶ | |||
| } | } | |||
| leaf current-value-decimal { | leaf current-value-decimal { | |||
| type decimal64 { | type decimal64 { | |||
| fraction-digits 2; | fraction-digits 2; | |||
| } | } | |||
| units "seconds"; | units "seconds"; | |||
| default "2"; | default "2"; | |||
| description | description | |||
| "Current ack-timeout value."; | "Current ack-timeout value."; | |||
| } | } | |||
| } | } | |||
| container ack-random-factor { | container ack-random-factor { | |||
| description | description | |||
| "Random factor used to influence the timing of | "Random factor used to influence the timing of | |||
| retransmissions."; | retransmissions."; | |||
| choice direction { | choice direction { | |||
| description | description | |||
| "Indicates the communication direction in which the | "Indicates the communication direction in which the | |||
| nodes can be included."; | data nodes can be included."; | |||
| case server-to-client-only { | case server-to-client-only { | |||
| description | description | |||
| "These nodes appear only in a mitigation message | "These data nodes appear only in a mitigation message | |||
| sent from the server to the client."; | sent from the server to the client."; | |||
| leaf max-value-decimal { | leaf max-value-decimal { | |||
| type decimal64 { | type decimal64 { | |||
| fraction-digits 2; | fraction-digits 2; | |||
| } | } | |||
| description | description | |||
| "Maximum acceptable ack-random-factor value."; | "Maximum acceptable ack-random-factor value."; | |||
| } | } | |||
| leaf min-value-decimal { | leaf min-value-decimal { | |||
| type decimal64 { | type decimal64 { | |||
| skipping to change at page 16, line 50 ¶ | skipping to change at page 17, line 4 ¶ | |||
| } | } | |||
| grouping signal-config { | grouping signal-config { | |||
| description | description | |||
| "DOTS signal channel session configuration."; | "DOTS signal channel session configuration."; | |||
| container mitigating-config { | container mitigating-config { | |||
| description | description | |||
| "Configuration parameters to use when a mitigation | "Configuration parameters to use when a mitigation | |||
| is active."; | is active."; | |||
| uses config-parameters; | uses config-parameters; | |||
| } | } | |||
| container idle-config { | container idle-config { | |||
| description | description | |||
| "Configuration parameters to use when no mitigation | "Configuration parameters to use when no mitigation | |||
| is active."; | is active."; | |||
| uses config-parameters; | uses config-parameters; | |||
| } | } | |||
| } | } | |||
| grouping redirected-signal { | grouping redirected-signal { | |||
| description | description | |||
| "Grouping for the redirected signaling."; | "Grouping for the redirected signaling."; | |||
| choice direction { | choice direction { | |||
| description | description | |||
| "Indicates the communication direction in which the | "Indicates the communication direction in which the | |||
| nodes can be included."; | data nodes can be included."; | |||
| case server-to-client-only { | case server-to-client-only { | |||
| description | description | |||
| "These nodes appear only in a mitigation message | "These data nodes appear only in a mitigation message | |||
| sent from the server to the client."; | sent from the server to the client."; | |||
| leaf alt-server { | leaf alt-server { | |||
| type string; | type string; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "FQDN of an alternate server."; | "FQDN of an alternate server."; | |||
| } | } | |||
| leaf-list alt-server-record { | leaf-list alt-server-record { | |||
| type inet:ip-address; | type inet:ip-address; | |||
| description | description | |||
| End of changes. 27 change blocks. | ||||
| 27 lines changed or deleted | 32 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||