< draft-ietf-spring-sr-yang-25.txt   draft-ietf-spring-sr-yang-26.txt >
SPRING Working Group S. Litkowski SPRING Working Group S. Litkowski
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Standards Track Y. Qu Intended status: Standards Track Y. Qu
Expires: May 28, 2021 Futurewei Expires: May 29, 2021 Futurewei
A. Lindem A. Lindem
Cisco Systems Cisco Systems
P. Sarkar P. Sarkar
Individual Individual
J. Tantsura J. Tantsura
Apstra Apstra
November 24, 2020 November 25, 2020
YANG Data Model for Segment Routing YANG Data Model for Segment Routing
draft-ietf-spring-sr-yang-25 draft-ietf-spring-sr-yang-26
Abstract Abstract
This document defines a YANG data model for segment routing This document defines a YANG data model for segment routing
configuration and operation, which is to be augmented by different configuration and operation, which is to be augmented by different
segment routing data planes. The document also defines a YANG model segment routing data planes. The document also defines a YANG model
that is intended to be used on network elements to configure or that is intended to be used on network elements to configure or
operate segment routing MPLS data plane, as well as some generic operate segment routing MPLS data plane, as well as some generic
containers to be reused by IGP protocol modules to support segment containers to be reused by IGP protocol modules to support segment
routing. routing.
skipping to change at page 1, line 43 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 28, 2021. This Internet-Draft will expire on May 29, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 36 skipping to change at page 2, line 36
5.1.1.1. Bundling . . . . . . . . . . . . . . . . . . . . 7 5.1.1.1. Bundling . . . . . . . . . . . . . . . . . . . . 7
5.1.1.2. Protection . . . . . . . . . . . . . . . . . . . 8 5.1.1.2. Protection . . . . . . . . . . . . . . . . . . . 8
6. State Data . . . . . . . . . . . . . . . . . . . . . . . . . 8 6. State Data . . . . . . . . . . . . . . . . . . . . . . . . . 8
7. Notifications . . . . . . . . . . . . . . . . . . . . . . . . 8 7. Notifications . . . . . . . . . . . . . . . . . . . . . . . . 8
8. YANG Modules . . . . . . . . . . . . . . . . . . . . . . . . 8 8. YANG Modules . . . . . . . . . . . . . . . . . . . . . . . . 8
8.1. YANG Module for Segment Routing . . . . . . . . . . . . . 9 8.1. YANG Module for Segment Routing . . . . . . . . . . . . . 9
8.2. YANG Module for Segment Routing Common Types . . . . . . 10 8.2. YANG Module for Segment Routing Common Types . . . . . . 10
8.3. YANG Module for Segment Routing MPLS . . . . . . . . . . 16 8.3. YANG Module for Segment Routing MPLS . . . . . . . . . . 16
9. Security Considerations . . . . . . . . . . . . . . . . . . . 28 9. Security Considerations . . . . . . . . . . . . . . . . . . . 28
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 29 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 29
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30
12.1. Normative References . . . . . . . . . . . . . . . . . . 30 12.1. Normative References . . . . . . . . . . . . . . . . . . 30
12.2. Informative References . . . . . . . . . . . . . . . . . 32 12.2. Informative References . . . . . . . . . . . . . . . . . 33
Appendix A. Configuration examples . . . . . . . . . . . . . . . 32 Appendix A. Configuration examples . . . . . . . . . . . . . . . 33
A.1. SR MPLS with IPv4 . . . . . . . . . . . . . . . . . . . . 32 A.1. SR MPLS with IPv4 . . . . . . . . . . . . . . . . . . . . 33
A.2. SR MPLS with IPv6 . . . . . . . . . . . . . . . . . . . . 35 A.2. SR MPLS with IPv6 . . . . . . . . . . . . . . . . . . . . 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39
1. Introduction 1. Introduction
This document defines a YANG data model [RFC7950] for segment routing This document defines a YANG data model [RFC7950] for segment routing
[RFC8402] configuration and operation. The document also defines a [RFC8402] configuration and operation. The document also defines a
YANG model that is intended to be used on network elements to YANG model that is intended to be used on network elements to
configure or operate segment routing MPLS data plane [RFC8660]. This configure or operate segment routing MPLS data plane [RFC8660]. This
document does not define the IGP extensions to support segment document does not define the IGP extensions to support segment
routing but defines generic groupings that SHOULD be reused by IGP routing but defines generic groupings that SHOULD be reused by IGP
extension modules. The reason of this design choice is to not extension modules. The reason of this design choice is to not
skipping to change at page 9, line 11 skipping to change at page 9, line 11
but are referenced in the ietf-segment-routing-common.yang and/or but are referenced in the ietf-segment-routing-common.yang and/or
ietf-segment-routing.yang module: [RFC6991], [RFC8294], [RFC8476], ietf-segment-routing.yang module: [RFC6991], [RFC8294], [RFC8476],
[RFC8491], [RFC8665], and [RFC8667]. [RFC8491], [RFC8665], and [RFC8667].
8.1. YANG Module for Segment Routing 8.1. YANG Module for Segment Routing
ietf-segment-routing.yang: This module defines a generic framework ietf-segment-routing.yang: This module defines a generic framework
for Segment Routing, and it is to be augmented by models for for Segment Routing, and it is to be augmented by models for
different SR data planes. different SR data planes.
<CODE BEGINS> file "ietf-segment-routing@2020-11-24.yang" <CODE BEGINS> file "ietf-segment-routing@2020-11-25.yang"
module ietf-segment-routing { module ietf-segment-routing {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-segment-routing"; namespace "urn:ietf:params:xml:ns:yang:ietf-segment-routing";
prefix sr; prefix sr;
import ietf-routing { import ietf-routing {
prefix rt; prefix rt;
reference "RFC 8349: A YANG Data Model for Routing reference "RFC 8349: A YANG Data Model for Routing
Management (NMDA Version)"; Management (NMDA Version)";
} }
skipping to change at page 10, line 21 skipping to change at page 10, line 21
see the RFC itself for full legal notices. see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as 'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here."; they appear in all capitals, as shown here.";
reference "RFC XXXX: YANG Data Model for Segment Routing."; reference "RFC XXXX: YANG Data Model for Segment Routing.";
revision 2020-11-24 { revision 2020-11-25 {
description description
"Initial Version"; "Initial Version";
reference "RFC XXXX: YANG Data Model for Segment Routing."; reference "RFC XXXX: YANG Data Model for Segment Routing.";
} }
augment "/rt:routing" { augment "/rt:routing" {
description description
"This module augments routing data model (RFC 8349) "This module augments routing data model (RFC 8349)
with Segment Routing (SR)."; with Segment Routing (SR).";
container segment-routing { container segment-routing {
skipping to change at page 10, line 47 skipping to change at page 10, line 47
} }
} }
} }
<CODE ENDS> <CODE ENDS>
8.2. YANG Module for Segment Routing Common Types 8.2. YANG Module for Segment Routing Common Types
ietf-segment-routing-common.yang: This module defines a collection of ietf-segment-routing-common.yang: This module defines a collection of
generic types and groupings for SR as defined in [RFC8402]. generic types and groupings for SR as defined in [RFC8402].
<CODE BEGINS> file "ietf-segment-routing-common@2020-11-24.yang" <CODE BEGINS> file "ietf-segment-routing-common@2020-11-25.yang"
module ietf-segment-routing-common { module ietf-segment-routing-common {
yang-version 1.1; yang-version 1.1;
namespace namespace
"urn:ietf:params:xml:ns:yang:ietf-segment-routing-common"; "urn:ietf:params:xml:ns:yang:ietf-segment-routing-common";
prefix sr-cmn; prefix sr-cmn;
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference "RFC 6991: Common YANG Data Types"; reference "RFC 6991: Common YANG Data Types";
} }
skipping to change at page 12, line 11 skipping to change at page 12, line 11
see the RFC itself for full legal notices. see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as 'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here."; they appear in all capitals, as shown here.";
reference "RFC XXXX: YANG Data Model for Segment Routing."; reference "RFC XXXX: YANG Data Model for Segment Routing.";
revision 2020-11-24 { revision 2020-11-25 {
description description
"Initial version"; "Initial version";
reference "RFC XXXX: YANG Data Model for Segment Routing."; reference "RFC XXXX: YANG Data Model for Segment Routing.";
} }
feature sid-last-hop-behavior { feature sid-last-hop-behavior {
description description
"Configurable last hop behavior."; "Configurable last hop behavior.";
reference "RFC 8660: Segment Routing with the MPLS Data Plane"; reference "RFC 8660: Segment Routing with the MPLS Data Plane";
} }
skipping to change at page 16, line 22 skipping to change at page 16, line 22
} }
} }
} }
<CODE ENDS> <CODE ENDS>
8.3. YANG Module for Segment Routing MPLS 8.3. YANG Module for Segment Routing MPLS
ietf-segment-routing-mpls.yang: This module defines the configuration ietf-segment-routing-mpls.yang: This module defines the configuration
and operational states for Segment Routing MPLS data plane. and operational states for Segment Routing MPLS data plane.
<CODE BEGINS> file "ietf-segment-routing-mpls@2020-11-24.yang" <CODE BEGINS> file "ietf-segment-routing-mpls@2020-11-25.yang"
module ietf-segment-routing-mpls { module ietf-segment-routing-mpls {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-segment-routing-mpls"; namespace "urn:ietf:params:xml:ns:yang:ietf-segment-routing-mpls";
prefix sr-mpls; prefix sr-mpls;
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference "RFC 6991: Common YANG Data Types"; reference "RFC 6991: Common YANG Data Types";
} }
import ietf-routing { import ietf-routing {
prefix rt; prefix rt;
reference "RFC 8349: A YANG Data Model for Routing reference "RFC 8349: A YANG Data Model for Routing
Management (NMDA Version)"; Management (NMDA Version)";
} }
import ietf-interfaces { import ietf-interfaces {
prefix if; prefix if;
reference "RFC 8343: A YANG Data Model for Interface reference "RFC 8343: A YANG Data Model for Interface
Management (NMDA Version)"; Management (NMDA Version)";
} }
import ietf-routing-types { import ietf-routing-types {
prefix rt-types; prefix rt-types;
reference "RFC 8294: Common YANG Data Types for the reference "RFC 8294: Common YANG Data Types for the
Routing Area"; Routing Area";
} }
import ietf-segment-routing { import ietf-segment-routing {
prefix sr; prefix sr;
reference "RFC XXXX: YANG Data Model for Segment Routing."; reference "RFC XXXX: YANG Data Model for Segment Routing.";
} }
import ietf-segment-routing-common { import ietf-segment-routing-common {
prefix sr-cmn; prefix sr-cmn;
reference "RFC XXXX: YANG Data Model for Segment Routing."; reference "RFC XXXX: YANG Data Model for Segment Routing.";
} }
organization organization
"IETF SPRING - SPRING Working Group"; "IETF SPRING - SPRING Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/spring/> "WG Web: <http://tools.ietf.org/wg/spring/>
WG List: <mailto:spring@ietf.org> WG List: <mailto:spring@ietf.org>
Author: Stephane Litkowski Author: Stephane Litkowski
<mailto:slitkows.ietf@gmail.com> <mailto:slitkows.ietf@gmail.com>
Author: Yingzhen Qu Author: Yingzhen Qu
<mailto:yingzhen.qu@futurewei.com> <mailto:yingzhen.qu@futurewei.com>
Author: Acee Lindem Author: Acee Lindem
<mailto:acee@cisco.com> <mailto:acee@cisco.com>
Author: Pushpasis Sarkar Author: Pushpasis Sarkar
<mailto:pushpasis.ietf@gmail.com> <mailto:pushpasis.ietf@gmail.com>
Author: Jeff Tantsura Author: Jeff Tantsura
<jefftant.ietf@gmail.com> <jefftant.ietf@gmail.com>
"; ";
description description
"The YANG module defines a generic configuration model for "The YANG module defines a generic configuration model for
Segment Routing MPLS data plane. Segment Routing MPLS data plane.
This YANG model conforms to the Network Management This YANG model conforms to the Network Management
Datastore Architecture (NMDA) as described in RFC 8242. Datastore Architecture (NMDA) as described in RFC 8242.
Copyright (c) 2020 IETF Trust and the persons identified as Copyright (c) 2020 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; This version of this YANG module is part of RFC XXXX;
see the RFC itself for full legal notices. see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as 'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here."; they appear in all capitals, as shown here.";
reference "RFC XXXX: YANG Data Model for Segment Routing.";
revision 2020-11-24 {
description
"Initial Version";
reference "RFC XXXX: YANG Data Model for Segment Routing."; reference "RFC XXXX: YANG Data Model for Segment Routing.";
} revision 2020-11-25 {
description
"Initial Version";
reference "RFC XXXX: YANG Data Model for Segment Routing.";
}
feature mapping-server { feature mapping-server {
description description
"Support for Segment Routing Mapping Server (SRMS)."; "Support for Segment Routing Mapping Server (SRMS).";
reference "RFC 8661: Segment Routing MPLS Interworking reference "RFC 8661: Segment Routing MPLS Interworking
with LDP"; with LDP";
} }
feature protocol-srgb { feature protocol-srgb {
description description
"Support for per-protocol Segment Routing Global Block "Support for per-protocol Segment Routing Global Block
(SRGB) configuration."; (SRGB) configuration.";
reference "RFC 8660: Segment Routing with the MPLS reference "RFC 8660: Segment Routing with the MPLS
Data Plane"; Data Plane";
} }
feature max-sid-depth { feature max-sid-depth {
description description
"Support for signaling MSD (Maximum SID Depth) in IGP."; "Support for signaling MSD (Maximum SID Depth) in IGP.";
reference "RFC 8476: Signaling Maximum SID Depth (MSD) reference "RFC 8476: Signaling Maximum SID Depth (MSD)
Using OSPF Using OSPF
RFC 8491: Signaling Maximum SID Depth (MSD) RFC 8491: Signaling Maximum SID Depth (MSD)
Using IS-IS"; Using IS-IS";
} }
typedef system-id { typedef system-id {
type string { type string {
pattern pattern
'[0-9A-Fa-f]{4}\.[0-9A-Fa-f]{4}\.[0-9A-Fa-f]{4}'; '[0-9A-Fa-f]{4}\.[0-9A-Fa-f]{4}\.[0-9A-Fa-f]{4}';
}
description
"This type defines IS-IS system-id using pattern,
An example system-id is 0143.0438.AEF0";
} }
description
"This type defines IS-IS system-id using pattern,
An example system-id is 0143.0438.AEF0";
}
typedef router-or-system-id { typedef router-or-system-id {
type union { type union {
type rt-types:router-id; type rt-types:router-id;
type system-id; type system-id;
}
description
"OSPF/BGP router-id or ISIS system ID.";
} }
description grouping sr-control-plane {
"OSPF/BGP router-id or ISIS system ID.";
}
grouping sr-control-plane {
description
"Defines protocol configuration.";
container segment-routing {
description description
"Segment Routing global configuration."; "Defines protocol configuration.";
leaf enabled { container segment-routing {
type boolean;
default "false";
description
"Enables segment-routing protocol extensions.";
}
container bindings {
if-feature mapping-server;
description description
"Control of binding advertisement and reception."; "Segment Routing global configuration.";
container advertise { leaf enabled {
type boolean;
default "false";
description description
"Control advertisement of local mappings "Enables segment-routing control-plane protocol
in binding TLVs."; extensions.";
leaf-list policies { }
type leafref { container bindings {
path "/rt:routing/sr:segment-routing/sr-mpls:sr-mpls" if-feature mapping-server;
+ "/sr-mpls:bindings/sr-mpls:mapping-server" description
+ "/sr-mpls:policy/sr-mpls:name"; "Control of binding advertisement and reception.";
container advertise {
description
"Control advertisement of local mappings
in binding TLVs.";
leaf-list policies {
type leafref {
path "/rt:routing/sr:segment-routing/sr-mpls:sr-mpls"
+ "/sr-mpls:bindings/sr-mpls:mapping-server"
+ "/sr-mpls:policy/sr-mpls:name";
}
description
"List of binding advertisement policies.";
}
} }
leaf receive {
type boolean;
default "true";
description description
"List of binding advertisement policies."; "Allow the reception and usage of binding TLVs.";
} }
} }
leaf receive {
type boolean;
default "true";
description
"Allow the reception and usage of binding TLVs.";
}
} }
} }
}
grouping igp-interface { grouping igp-interface {
description
"Grouping for IGP interface configuration.";
container segment-routing {
description description
"Container for SR interface configuration."; "Grouping for IGP interface configuration.";
container adjacency-sid { container segment-routing {
description description
"Adjacency SID configuration."; "Container for SR interface configuration.";
reference "RFC 8660: Segment Routing with the MPLS container adjacency-sid {
Data Plane"; description
list adj-sids { "Adjacency SID configuration.";
key "value"; reference "RFC 8660: Segment Routing with the MPLS
uses sr-cmn:sid-value-type; Data Plane";
leaf value { list adj-sids {
type uint32; key "value";
description uses sr-cmn:sid-value-type;
"Value of the Adj-SID."; leaf value {
} type uint32;
leaf protected { description
type boolean; "Value of the Adj-SID.";
default false; }
leaf protected {
type boolean;
default false;
description
"It is used to protect the manual adj-SID, e.g. using
IPFRR or MPLS-FRR.";
}
leaf weight {
type uint8;
description
"The load-balancing factor over parallel adjacencies.";
reference "RFC 8402: Segment Routing Architecture
RFC 8665: OSPF Extensions for Segment Routing
RFC 8667: IS-IS Extensions for Segment
Routing";
}
description description
"It is used to protect the manual adj-SID, e.g. using "List of adj-sid configuration.";
IPFRR or MPLS-FRR.";
} }
leaf weight { list advertise-adj-group-sid {
type uint8; key "group-id";
description description
"The load-balancing factor over parallel adjacencies."; "Control advertisement of S or G flag. Enable
reference "RFC 8402: Segment Routing Architecture advertisement of a common Adj-SID for parallel
RFC 8665: OSPF Extensions for Segment Routing links.";
reference "RFC 8665: OSPF Extensions for Segment Routing
Section 6.1
RFC 8667: IS-IS Extensions for Segment RFC 8667: IS-IS Extensions for Segment
Routing"; Routing Section 2.2.1";
} leaf group-id {
description type uint32;
"List of adj-sid configuration.";
}
list advertise-adj-group-sid {
key "group-id";
description
"Control advertisement of S or G flag. Enable advertisement
of a common Adj-SID for parallel links.";
reference "RFC 8665: OSPF Extensions for Segment Routing
Section 6.1
RFC 8667: IS-IS Extensions for Segment
Routing Section 2.2.1";
leaf group-id {
type uint32;
description
"The value is an internal value to identify a
group-ID. Interfaces with the same group-ID will be
bundled together.";
}
}
leaf advertise-protection {
type enumeration {
enum "single" {
description description
"A single Adj-SID is associated with the adjacency "The value is an internal value to identify a
and reflects the protection configuration."; group-ID. Interfaces with the same group-ID
will be bundled together.";
} }
enum "dual" {
description }
"Two Adj-SIDs will be associated with the adjacency leaf advertise-protection {
if the interface is protected. In this case, will type enumeration {
be advertised with backup flag set, the other will enum "single" {
be advertised with the backup flag clear. In case description
protection is not configured, single Adj-SID will "A single Adj-SID is associated with the adjacency
be advertised with the backup flag clear."; and reflects the protection configuration.";
}
enum "dual" {
description
"Two Adj-SIDs will be associated with the adjacency
if the interface is protected. In this case, will
be advertised with backup flag set, the other will
be advertised with the backup flag clear. In case
protection is not configured, single Adj-SID will
be advertised with the backup flag clear.";
}
} }
description
"If set, the Adj-SID refers to a protected adjacency.";
reference "RFC 8665: OSPF Extensions for Segment Routing
Section 6.1
RFC 8667: IS-IS Extensions for Segment
Routing Section 2.2.1";
} }
description
"If set, the Adj-SID refers to a protected adjacency.";
reference "RFC 8665: OSPF Extensions for Segment Routing
Section 6.1
RFC 8667: IS-IS Extensions for Segment
Routing Section 2.2.1";
} }
} }
} }
}
grouping max-sid-depth { grouping max-sid-depth {
description
"Maximum SID Depth (MSD)D configuration grouping.";
leaf node-msd {
type uint8;
description
"Node MSD is the lowest MSD supported by the node.";
}
container link-msds {
description description
"MSD supported by an individual interface."; "Maximum SID Depth (MSD)D configuration grouping.";
list link-msds { leaf node-msd {
key "interface"; type uint8;
description description
"List of link MSDs."; "Node MSD is the lowest MSD supported by the node.";
leaf interface { }
type if:interface-ref; container link-msds {
description description
"Reference to device interface."; "MSD supported by an individual interface.";
} list link-msds {
leaf msd { key "interface";
type uint8;
description description
"MSD supported by the interface."; "List of link MSDs.";
leaf interface {
type if:interface-ref;
description
"Reference to device interface.";
}
leaf msd {
type uint8;
description
"MSD supported by the interface.";
}
} }
} }
} }
}
augment "/rt:routing/sr:segment-routing" { augment "/rt:routing/sr:segment-routing" {
description
"This augments routing data model (RFC 8349)
with Segment Routing (SR).";
container sr-mpls {
description description
"Segment Routing global configuration."; "This augments routing data model (RFC 8349)
uses sr-cmn:node-capabilities; with Segment Routing (SR).";
container msd { container sr-mpls {
if-feature "max-sid-depth";
description
"MSD configuration.";
uses max-sid-depth;
}
container bindings {
description description
"List of bindings."; "Segment Routing global configuration.";
container mapping-server { uses sr-cmn:node-capabilities;
if-feature "mapping-server"; container msd {
if-feature "max-sid-depth";
description description
"Configuration of mapping-server local entries."; "MSD configuration.";
list policy { uses max-sid-depth;
key "name"; }
container bindings {
description
"List of bindings.";
container mapping-server {
if-feature "mapping-server";
description description
"List mapping-server policies."; "Configuration of mapping-server local entries.";
leaf name { list policy {
type string; key "name";
description
"Name of the mapping policy.";
}
container entries {
description description
"IPv4/IPv6 mapping entries."; "List mapping-server policies.";
list mapping-entry { leaf name {
key "prefix algorithm"; type string;
description description
"Mapping entries."; "Name of the mapping policy.";
uses sr-cmn:prefix-sid;
} }
} container entries {
description
"IPv4/IPv6 mapping entries.";
list mapping-entry {
key "prefix algorithm";
description
"Mapping entries.";
uses sr-cmn:prefix-sid;
}
}
}
} }
} container connected-prefix-sid-map {
container connected-prefix-sid-map {
description
"Prefix SID configuration.";
list connected-prefix-sid {
key "prefix algorithm";
description description
"List of prefix SID mapped to IPv4/IPv6 "Prefix SID configuration.";
local prefixes."; list connected-prefix-sid {
uses sr-cmn:prefix-sid; key "prefix algorithm";
uses sr-cmn:last-hop-behavior; description
"List of prefix SID mapped to IPv4/IPv6
local prefixes.";
uses sr-cmn:prefix-sid;
uses sr-cmn:last-hop-behavior;
}
} }
} container local-prefix-sid {
container local-prefix-sid {
description
"Local sid configuration.";
list local-prefix-sid {
key "prefix algorithm";
description description
"List of local IPv4/IPv6 prefix-sids."; "Local sid configuration.";
uses sr-cmn:prefix-sid; list local-prefix-sid {
key "prefix algorithm";
description
"List of local IPv4/IPv6 prefix-sids.";
uses sr-cmn:prefix-sid;
}
} }
} }
} container global-srgb {
container global-srgb {
description
"Global SRGB configuration.";
uses sr-cmn:srgb;
}
container srlb {
description
"Segment Routing Local Block (SRLB) configuration.";
uses sr-cmn:srlb;
}
list label-blocks {
config false;
description
"List of label blocks currently in use.";
leaf lower-bound {
type uint32;
description
"Lower bound of the label block.";
}
leaf upper-bound {
type uint32;
description
"Upper bound of the label block.";
}
leaf size {
type uint32;
description
"Number of indexes in the block.";
}
leaf free {
type uint32;
description
"Number of free indexes in the block.";
}
leaf used {
type uint32;
description description
"Number of indexes in use in the block."; "Global SRGB configuration.";
uses sr-cmn:srgb;
} }
leaf scope { container srlb {
type enumeration {
enum "global" {
description
"Global SID.";
}
enum "local" {
description
"Local SID.";
}
}
description description
"Scope of this label block."; "Segment Routing Local Block (SRLB) configuration.";
uses sr-cmn:srlb;
} }
}
container sid-db { list label-blocks {
config false; config false;
description
"List of prefix and SID associations.";
list sid {
key "target sid source source-protocol binding-type";
ordered-by system;
description description
"SID Binding."; "List of label blocks currently in use.";
leaf target { leaf lower-bound {
type string; type uint32;
description description
"Defines the target of the binding. It can be a "Lower bound of the label block.";
prefix or something else.";
} }
leaf sid { leaf upper-bound {
type uint32; type uint32;
description description
"Index associated with the prefix."; "Upper bound of the label block.";
} }
leaf algorithm { leaf size {
type uint8; type uint32;
description description
"Algorithm to be used for the prefix SID."; "Number of indexes in the block.";
reference "RFC 8665: OSPF Extensions for Segment Routing
RFC 8667: IS-IS Extensions for Segment
Routing";
} }
leaf source { leaf free {
type inet:ip-address; type uint32;
description description
"IP address of the router that owns the binding."; "Number of free indexes in the block.";
} }
leaf used { leaf used {
type boolean; type uint32;
description
"Indicates if the binding is installed in the
forwarding plane.";
}
leaf source-protocol {
type leafref {
path "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol/rt:name";
}
description
"Routing protocol that owns the binding";
}
leaf binding-type {
type enumeration {
enum "prefix-sid" {
description
"Binding is learned from a prefix SID.";
}
enum "binding-tlv" {
description
"Binding is learned from a binding TLV.";
}
}
description description
"Type of binding."; "Number of indexes in use in the block.";
} }
leaf scope { leaf scope {
type enumeration { type enumeration {
enum "global" { enum "global" {
description description
"Global SID."; "Global SID.";
} }
enum "local" { enum "local" {
description description
"Local SID."; "Local SID.";
} }
} }
description description
"SID scoping."; "Scope of this label block.";
}
}
container sid-db {
config false;
description
"List of prefix and SID associations.";
list sid {
key "target sid source source-protocol binding-type";
ordered-by system;
description
"SID Binding.";
leaf target {
type string;
description
"Defines the target of the binding. It can be a
prefix or something else.";
}
leaf sid {
type uint32;
description
"Index associated with the prefix.";
}
leaf algorithm {
type uint8;
description
"Algorithm to be used for the prefix SID.";
reference "RFC 8665: OSPF Extensions for Segment Routing
RFC 8667: IS-IS Extensions for Segment
Routing";
}
leaf source {
type inet:ip-address;
description
"IP address of the router that owns the binding.";
}
leaf used {
type boolean;
description
"Indicates if the binding is installed in the
forwarding plane.";
}
leaf source-protocol {
type leafref {
path "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol/rt:name";
}
description
"Routing protocol that owns the binding";
}
leaf binding-type {
type enumeration {
enum "prefix-sid" {
description
"Binding is learned from a prefix SID.";
}
enum "binding-tlv" {
description
"Binding is learned from a binding TLV.";
}
}
description
"Type of binding.";
}
leaf scope {
type enumeration {
enum "global" {
description
"Global SID.";
}
enum "local" {
description
"Local SID.";
}
}
description
"SID scoping.";
}
} }
} }
} }
} }
}
notification segment-routing-global-srgb-collision { notification segment-routing-global-srgb-collision {
description
"This notification is sent when SRGB blocks received from
routers collide.";
list srgb-collisions {
description description
"List of SRGB blocks that collide."; "This notification is sent when SRGB blocks received from
leaf lower-bound { routers collide.";
type uint32; list srgb-collisions {
description description
"Lower value in the block."; "List of SRGB blocks that collide.";
leaf lower-bound {
type uint32;
description
"Lower value in the block.";
}
leaf upper-bound {
type uint32;
description
"Upper value in the block.";
}
leaf routing-protocol {
type leafref {
path "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol/rt:name";
}
description
"Routing protocol reference for SRGB collision.";
}
leaf originating-rtr-id {
type router-or-system-id;
description
"Originating Router ID of this SRGB block.";
}
} }
leaf upper-bound { }
notification segment-routing-global-sid-collision {
description
"This notification is sent when a new mapping is learned
containing a mapping where the SID is already used.
The notification generation must be throttled with at least
a 5 second gap between notifications.";
leaf received-target {
type string;
description
"Target received in the router advertisement that caused
the SID collision.";
}
leaf new-sid-rtr-id {
type router-or-system-id;
description
"Router ID that advertised the colliding SID.";
}
leaf original-target {
type string;
description
"Target already available in the database with the same SID
as the received target.";
}
leaf original-sid-rtr-id {
type router-or-system-id;
description
"Router-ID for the router that originally advertised the
conlliding SID, i.e., the instance in the database.";
}
leaf index {
type uint32; type uint32;
description description
"Upper value in the block."; "Value of the index used by two different prefixes.";
} }
leaf routing-protocol { leaf routing-protocol {
type leafref { type leafref {
path "/rt:routing/rt:control-plane-protocols/" path "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol/rt:name"; + "rt:control-plane-protocol/rt:name";
} }
description description
"Routing protocol reference for SRGB collision."; "Routing protocol reference for colliding SID.";
}
leaf originating-rtr-id {
type router-or-system-id;
description
"Originating Router ID of this SRGB block.";
} }
} }
} notification segment-routing-index-out-of-range {
notification segment-routing-global-sid-collision {
description
"This notification is sent when a new mapping is learned
containing a mapping where the SID is already used.
The notification generation must be throttled with at least
a 5 second gap between notifications.";
leaf received-target {
type string;
description
"Target received in the router advertisement that caused
the SID collision.";
}
leaf new-sid-rtr-id {
type router-or-system-id;
description
"Router ID that advertised the colliding SID.";
}
leaf original-target {
type string;
description
"Target already available in the database with the same SID
as the received target.";
}
leaf original-sid-rtr-id {
type router-or-system-id;
description
"Router-ID for the router that originally advertised the
conlliding SID, i.e., the instance in the database.";
}
leaf index {
type uint32;
description description
"Value of the index used by two different prefixes."; "This notification is sent when a binding is received
} containing a segment index which is out of the local
leaf routing-protocol { configured ranges. The notification generation must be
type leafref { throttled with at least a 5 second gap between
path "/rt:routing/rt:control-plane-protocols/" notifications.";
+ "rt:control-plane-protocol/rt:name"; leaf received-target {
type string;
description
"Target received in the router advertisement with
the out-of-range index.";
} }
description leaf received-index {
"Routing protocol reference for colliding SID."; type uint32;
} description
} "Value of the index received.";
notification segment-routing-index-out-of-range { }
description leaf routing-protocol {
"This notification is sent when a binding is received type leafref {
containing a segment index which is out of the local path "/rt:routing/rt:control-plane-protocols/"
configured ranges. The notification generation must be + "rt:control-plane-protocol/rt:name";
throttled with at least a 5 second gap between }
notifications."; description
leaf received-target { "Routing protocol reference for out-of-range indexd.";
type string;
description
"Target received in the router advertisement with
the out-of-range index.";
}
leaf received-index {
type uint32;
description
"Value of the index received.";
}
leaf routing-protocol {
type leafref {
path "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol/rt:name";
} }
description
"Routing protocol reference for out-of-range indexd.";
} }
} }
} <CODE ENDS>
<CODE ENDS>
9. Security Considerations 9. Security Considerations
The YANG modules specified in this document define a schema for data The YANG modules specified in this document define a schema for data
that is designed to be accessed via network management protocols such that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
is the secure transport layer, and the mandatory-to-implement secure is the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC5246]. [RFC5246].
skipping to change at page 28, line 49 skipping to change at page 28, line 51
The NETCONF access control model [RFC6536] provides the means to The NETCONF access control model [RFC6536] provides the means to
restrict access for particular NETCONF or RESTCONF users to a pre- restrict access for particular NETCONF or RESTCONF users to a pre-
configured subset of all available NETCONF or RESTCONF protocol configured subset of all available NETCONF or RESTCONF protocol
operations and content. operations and content.
There are a number of data nodes defined in the modules that are There are a number of data nodes defined in the modules that are
writable/creatable/deletable (i.e., config true, which is the writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config) in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative to these data nodes without proper protection can have a negative
effect on network operations. effect on network operations. Writable data node represent
configuration of the router's MSD, Bindings, and the global and local
label blocks. These correspond to the following schema nodes:
/segment-routing
/segment-routing/mpls
/segment-routing/mpls/bindings - Modification to the local
bindings could result in a Denial of Service (DoS) attack.
Additionally, the addition of bindings could result in traffic
being redirected to the router.
/segment-routing/mpls/global-srgb - Modification of the Segment
Routing Global Block (SRGB) could be used to mount a DoS attack.
/segment-routing/mpls/srlb - Modification of the Segment Routing
Local Block (SRLB) could be used to mount a DoS attack.
/segment-routing/mpls/label-blocks - Modification of the Segment
Routing label blocks could be used to mount a DoS attack.
Some of the readable data nodes in the modules may be considered Some of the readable data nodes in the modules may be considered
sensitive or vulnerable in some network environments. It is thus sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or important to control read access (e.g., via get, get-config, or
notification) to these data nodes. notification) to these data nodes. The exposure of both local
bindings and SID database will exposure segment routing paths that
may be attacked. These correspond to the following schema nodes:
/segment-routing/mpls/bindings - Knowledge of these data nodes can
be used to attack the local router with either a a Denial of
Service (DoS) attack or rediection of traffic destined to the
local router.
/segment-routing/mpls/sid-db - Knowledge of these data nodes can
be used to attack the other routers in the segment routing domain
with either a a Denial of Service (DoS) attack or rediection
traffic destined for those routers.
10. Acknowledgements 10. Acknowledgements
The authors would like to thank Derek Yeung, Greg Hankins, Hannes The authors would like to thank Derek Yeung, Greg Hankins, Hannes
Gredler, Uma Chunduri, Jeffrey Zhang, Shradda Hedge, Les Ginsberg for Gredler, Uma Chunduri, Jeffrey Zhang, Shradda Hedge, Les Ginsberg for
their contributions. their contributions.
Thanks to Ladislav Lhotka and Tom Petch for their thorough reviews Thanks to Ladislav Lhotka and Tom Petch for their thorough reviews
and helpful comments. and helpful comments.
 End of changes. 96 change blocks. 
484 lines changed or deleted 522 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/