< draft-ietf-lisp-yang-08.txt   draft-ietf-lisp-yang-09.txt >
LISP Working Group V. Ermagan LISP Working Group V. Ermagan
Internet-Draft A. Rodriguez-Natal Internet-Draft A. Rodriguez-Natal
Intended status: Experimental F. Coras Intended status: Experimental F. Coras
Expires: December 31, 2018 C. Moberg Expires: April 21, 2019 C. Moberg
R. Rahman R. Rahman
Cisco Systems Cisco Systems
A. Cabellos-Aparicio A. Cabellos-Aparicio
Technical University of Catalonia Technical University of Catalonia
F. Maino F. Maino
Cisco Systems Cisco Systems
June 29, 2018 October 18, 2018
LISP YANG Model LISP YANG Model
draft-ietf-lisp-yang-08 draft-ietf-lisp-yang-09
Abstract Abstract
This document describes a YANG data model to use with the Locator/ID This document describes a YANG data model to use with the Locator/ID
Separation Protocol (LISP). Separation Protocol (LISP).
The YANG modules in this document conform to the Network Management The YANG modules in this document conform to the Network Management
Datastore Architecture (NMDA). Datastore Architecture (NMDA).
Status of This Memo Status of This Memo
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 31, 2018. This Internet-Draft will expire on April 21, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 26 skipping to change at page 2, line 26
1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3
2. LISP Module . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. LISP Module . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Module Structure . . . . . . . . . . . . . . . . . . . . 3 2.1. Module Structure . . . . . . . . . . . . . . . . . . . . 3
2.2. Module Definition . . . . . . . . . . . . . . . . . . . . 6 2.2. Module Definition . . . . . . . . . . . . . . . . . . . . 6
3. LISP-ITR Module . . . . . . . . . . . . . . . . . . . . . . . 16 3. LISP-ITR Module . . . . . . . . . . . . . . . . . . . . . . . 16
3.1. Module Structure . . . . . . . . . . . . . . . . . . . . 16 3.1. Module Structure . . . . . . . . . . . . . . . . . . . . 16
3.2. Module Definition . . . . . . . . . . . . . . . . . . . . 21 3.2. Module Definition . . . . . . . . . . . . . . . . . . . . 21
4. LISP-ETR Module . . . . . . . . . . . . . . . . . . . . . . . 25 4. LISP-ETR Module . . . . . . . . . . . . . . . . . . . . . . . 25
4.1. Module Structure . . . . . . . . . . . . . . . . . . . . 25 4.1. Module Structure . . . . . . . . . . . . . . . . . . . . 25
4.2. Module Definition . . . . . . . . . . . . . . . . . . . . 27 4.2. Module Definition . . . . . . . . . . . . . . . . . . . . 27
5. LISP-Map-Server Module . . . . . . . . . . . . . . . . . . . 31 5. LISP-Map-Server Module . . . . . . . . . . . . . . . . . . . 32
5.1. Module Structure . . . . . . . . . . . . . . . . . . . . 32 5.1. Module Structure . . . . . . . . . . . . . . . . . . . . 32
5.2. Module Definition . . . . . . . . . . . . . . . . . . . . 40 5.2. Module Definition . . . . . . . . . . . . . . . . . . . . 40
6. LISP-Map-Resolver Module . . . . . . . . . . . . . . . . . . 46 6. LISP-Map-Resolver Module . . . . . . . . . . . . . . . . . . 46
6.1. Module Structure . . . . . . . . . . . . . . . . . . . . 46 6.1. Module Structure . . . . . . . . . . . . . . . . . . . . 47
6.2. Module Definition . . . . . . . . . . . . . . . . . . . . 47 6.2. Module Definition . . . . . . . . . . . . . . . . . . . . 47
7. LISP-Address-Types Module . . . . . . . . . . . . . . . . . . 49 7. LISP-Address-Types Module . . . . . . . . . . . . . . . . . . 49
7.1. Module Definition . . . . . . . . . . . . . . . . . . . . 49 7.1. Module Definition . . . . . . . . . . . . . . . . . . . . 49
7.2. Data Model examples . . . . . . . . . . . . . . . . . . . 63 7.2. Data Model examples . . . . . . . . . . . . . . . . . . . 64
7.2.1. LISP protocol instance . . . . . . . . . . . . . . . 64 7.2.1. LISP protocol instance . . . . . . . . . . . . . . . 64
7.2.2. LISP ITR . . . . . . . . . . . . . . . . . . . . . . 65 7.2.2. LISP ITR . . . . . . . . . . . . . . . . . . . . . . 65
7.2.3. LISP ETR . . . . . . . . . . . . . . . . . . . . . . 65 7.2.3. LISP ETR . . . . . . . . . . . . . . . . . . . . . . 66
7.2.4. LISP Map-Server . . . . . . . . . . . . . . . . . . . 67 7.2.4. LISP Map-Server . . . . . . . . . . . . . . . . . . . 68
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 68 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 69
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 68 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 69
10. Security Considerations . . . . . . . . . . . . . . . . . . . 70 10. Security Considerations . . . . . . . . . . . . . . . . . . . 71
11. Normative References . . . . . . . . . . . . . . . . . . . . 70 11. Normative References . . . . . . . . . . . . . . . . . . . . 74
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 71 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 76
1. Introduction 1. Introduction
The Locator/ID Separation Protocol (LISP) defines several network The Locator/ID Separation Protocol (LISP) defines several network
elements subject to be configured. This document presents the YANG elements subject to be configured. This document presents the YANG
data models required for basic configuration of all major LISP data models required for basic configuration of all major LISP
[RFC6830] elements. The models also capture some essential [RFC6830] elements. The models also capture some essential
operational data elements as well. operational data elements as well.
1.1. Requirements Language 1.1. Requirements Language
skipping to change at page 15, line 23 skipping to change at page 15, line 23
type uint64; type uint64;
description "Site ID"; description "Site ID";
} }
leaf xtr-id { leaf xtr-id {
type lisp:xtr-id-type; type lisp:xtr-id-type;
description "xTR ID"; description "xTR ID";
} }
} }
container virtual-networks { container virtual-networks {
when "../lisp-role/lisp-role-type = 'itr' or
../lisp-role/lisp-role-type = 'pitr' or
../lisp-role/lisp-role-type = 'etr' or
../lisp-role/lisp-role-type = 'petr'" {
description "Only when ITR, PITR, ETR or PETR.";
}
description "Virtual networks"; description "Virtual networks";
list virtual-network { list virtual-network {
key vni; key vni;
description "List of virtual networks"; description "List of virtual networks";
leaf vni { leaf vni {
type lcaf:instance-id-type; type lcaf:instance-id-type;
description description
"Virtual network identifier"; "Virtual network identifier";
} }
skipping to change at page 70, line 10 skipping to change at page 71, line 4
URI: urn:ietf:params:xml:ns:yang:ietf-lisp-mapresolver URI: urn:ietf:params:xml:ns:yang:ietf-lisp-mapresolver
Registrant Contact: The IESG. Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace. XML: N/A, the requested URI is an XML namespace.
-------------------------------------------------------------------- --------------------------------------------------------------------
-------------------------------------------------------------------- --------------------------------------------------------------------
URI: urn:ietf:params:xml:ns:yang:ietf-lisp-address-types URI: urn:ietf:params:xml:ns:yang:ietf-lisp-address-types
Registrant Contact: The IESG. Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace. XML: N/A, the requested URI is an XML namespace.
-------------------------------------------------------------------- --------------------------------------------------------------------
10. Security Considerations 10. Security Considerations
Security Considerations TBD The YANG modules specified in this document define a schema for data
that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
is the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC8446].
The NETCONF access control model [RFC8341] provides the means to
restrict access for particular NETCONF or RESTCONF users to a pre-
configured subset of all available NETCONF or RESTCONF protocol
operations and content.
The security considerations of LISP control-plane [RFC6833] and LISP
data-plane [RFC6830] as well as the LISP threat analysis [RFC7835]
apply to this YANG model.
There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability:
/rt:routing/rt:control-plane-protocols/rt:control-plane-protocol/
lisp:lisp/
Access to the locator-sets node may modify which interfaces are used
for data and/or control traffic as well as affect the load balancing
of data-plane traffic. Access to the lisp-role node may prevent the
device from perform its intended data-plane and/or control-plane
operation. Access to the router-id node allows to modify the unique
identifier of the device, which may result in disruption of its LISP
control-plane operation. Access to the virtual-networks node may
allow to redirect data-plane traffic to erroneous local or remote
network instances.
/rt:routing/rt:control-plane-protocols/rt:control-plane-
protocol/lisp:lisp/lisp:map-server
Access to the sites node can prevent authorized devices from
registering mappings in the Map-Server and/or allow unauthorized
devices to so. Access to the virtual-network-ids node can result in
corrupted mapping sate that may propagate across the LISP network,
potentially resulting in forwarding of data-plane traffic to
arbitrary destinations and general disruption of the data-plane
operation. Access to mapping-system-type and/or ddt-mapping-system
nodes may prevent the device to connect to the Mapping System
infrastructure and consequentially to attract Map-Request messages.
/rt:routing/rt:control-plane-protocols/rt:control-plane-
protocol/lisp:lisp/lisp:map-resolver
Access to mapping-system-type, ms-address and/or ddt-mapping-system
nodes may prevent the device to connect to the Mapping System
infrastructure and forward Map-Request messages.
/rt:routing/rt:control-plane-protocols/rt:control-plane-
protocol/lisp:lisp/lisp:itr
Access to the rloc-probing node can increase the control-plane
overhead in the device or affect the capability of the device to
detect failures on the underlay. Access to the itr-rlocs node may
prevent the device from getting Map-Reply messages. Access to the
map-resolvers node can prevent the device from sending its Map-
Request messages to valid Map-Resolvers. Access to the proxy-etrs
nodes can affect the capability of the device to send data-plane
traffic towards non-LISP destinations. Access to the map-cache node
can result in forwarding of data-plane traffic to arbitrary
destinations and general disruption of data-plane operation.
/rt:routing/rt:control-plane-protocols/rt:control-plane-
protocol/lisp:lisp/lisp:etr
Access to the map-servers node can prevent the device from
registering its local mappings into the Mapping System. Access to
the local-eids node can disrupt data-plane operation on the device
and/or result in the device registering corrupted mappings into the
Mapping System.
Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability:
/rt:routing/rt:control-plane-protocols/rt:control-plane-protocol/
lisp:lisp
Access to the locator-sets node can expose the locators the device is
using for its control and/or data operation. Access to the lisp-role
node can disclose the LISP roles instantiated at the device which
facilitates mounting attacks against the device. Access to the
router-id node can expose the unique identifier of device which may
allow a third party to track its control-plane operation and/or
impersonate the device. Access to the virtual-networks node can leak
the local mapping between LISP Instance IDs and local network
instances.
/rt:routing/rt:control-plane-protocols/rt:control-plane-
protocol/lisp:lisp/lisp:map-server
Access to the sites node can expose the credentials used to register
mappings and allow unauthorized devices to do so. Access to the
virtual-network-ids node can expose the mappings currently registered
in the device, which has privacy implications. Access to the
mapping-system-type node may reveal the Mapping System in use which
can be used to mount attacks against the device and/or the Mapping
System. Access to the summary and counters nodes may expose
operational statistics of the device.
/rt:routing/rt:control-plane-protocols/rt:control-plane-
protocol/lisp:lisp/lisp:map-resolver
Access to the mapping-system-type node may reveal the Mapping System
in use which can be used to mount attacks against the device and/or
the Mapping System. Access to the ms-address and/or ddt-mapping-
system nodes can leak the information about the Mapping System
infrastructure used by the device, which can be used to block
communication and/or mount attacks against it.
/rt:routing/rt:control-plane-protocols/rt:control-plane-
protocol/lisp:lisp/lisp:itr
Access to the rloc-probing node can expose if and how the device is
using control-plane signaling to probe underlay locators. Access to
the itr-rlocs node may disclose the addresses the device is using to
receive Map-Reply messages. Access to the map-resolvers node can
expose the Map-Resolvers used by the device, which can be used to
mount attacks against the device and/or the Mapping System. Access
to the proxy-etrs node can disclose the PETRs used by the device,
which can be used to mount attacks against the device and/or PETRs.
Access to the map-cache node can expose the mappings currently cached
in the device, which has privacy implications.
/rt:routing/rt:control-plane-protocols/rt:control-plane-
protocol/lisp:lisp/lisp:etr
Access to the map-servers node can expose the credentials used by the
device to register mappings into the Mapping System allowing an
unauthorized device to impersonate and register mappings on behalf
the authorized device. Access to the local-eids node can expose the
local EIDs currently being served by the device, which has privacy
implications.
11. Normative References 11. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The [RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
Locator/ID Separation Protocol (LISP)", RFC 6830, Locator/ID Separation Protocol (LISP)", RFC 6830,
DOI 10.17487/RFC6830, January 2013, DOI 10.17487/RFC6830, January 2013,
<https://www.rfc-editor.org/info/rfc6830>. <https://www.rfc-editor.org/info/rfc6830>.
[RFC6832] Lewis, D., Meyer, D., Farinacci, D., and V. Fuller, [RFC6832] Lewis, D., Meyer, D., Farinacci, D., and V. Fuller,
"Interworking between Locator/ID Separation Protocol "Interworking between Locator/ID Separation Protocol
(LISP) and Non-LISP Sites", RFC 6832, (LISP) and Non-LISP Sites", RFC 6832,
DOI 10.17487/RFC6832, January 2013, DOI 10.17487/RFC6832, January 2013,
<https://www.rfc-editor.org/info/rfc6832>. <https://www.rfc-editor.org/info/rfc6832>.
skipping to change at page 71, line 10 skipping to change at page 75, line 10
[RFC6833] Fuller, V. and D. Farinacci, "Locator/ID Separation [RFC6833] Fuller, V. and D. Farinacci, "Locator/ID Separation
Protocol (LISP) Map-Server Interface", RFC 6833, Protocol (LISP) Map-Server Interface", RFC 6833,
DOI 10.17487/RFC6833, January 2013, DOI 10.17487/RFC6833, January 2013,
<https://www.rfc-editor.org/info/rfc6833>. <https://www.rfc-editor.org/info/rfc6833>.
[RFC6836] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis, [RFC6836] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis,
"Locator/ID Separation Protocol Alternative Logical "Locator/ID Separation Protocol Alternative Logical
Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836, Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836,
January 2013, <https://www.rfc-editor.org/info/rfc6836>. January 2013, <https://www.rfc-editor.org/info/rfc6836>.
[RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
Separation Protocol (LISP) Threat Analysis", RFC 7835,
DOI 10.17487/RFC7835, April 2016,
<https://www.rfc-editor.org/info/rfc7835>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical [RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical
Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060, Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060,
February 2017, <https://www.rfc-editor.org/info/rfc8060>. February 2017, <https://www.rfc-editor.org/info/rfc8060>.
[RFC8111] Fuller, V., Lewis, D., Ermagan, V., Jain, A., and A. [RFC8111] Fuller, V., Lewis, D., Ermagan, V., Jain, A., and A.
Smirnov, "Locator/ID Separation Protocol Delegated Smirnov, "Locator/ID Separation Protocol Delegated
Database Tree (LISP-DDT)", RFC 8111, DOI 10.17487/RFC8111, Database Tree (LISP-DDT)", RFC 8111, DOI 10.17487/RFC8111,
May 2017, <https://www.rfc-editor.org/info/rfc8111>. May 2017, <https://www.rfc-editor.org/info/rfc8111>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>. <https://www.rfc-editor.org/info/rfc8340>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>.
[RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for
Routing Management (NMDA Version)", RFC 8349, Routing Management (NMDA Version)", RFC 8349,
DOI 10.17487/RFC8349, March 2018, DOI 10.17487/RFC8349, March 2018,
<https://www.rfc-editor.org/info/rfc8349>. <https://www.rfc-editor.org/info/rfc8349>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
Authors' Addresses Authors' Addresses
Vina Ermagan Vina Ermagan
Cisco Systems Cisco Systems
San Jose, CA San Jose, CA
USA USA
Email: vermagan@cisco.com Email: vermagan@cisco.com
Alberto Rodriguez-Natal Alberto Rodriguez-Natal
 End of changes. 15 change blocks. 
16 lines changed or deleted 192 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/