idnits 2.17.1 draft-an-savi-yang-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 79 instances of too long lines in the document, the longest one being 67 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 362 has weird spacing: '...-method str...' == Line 370 has weird spacing: '...-method str...' == Line 1559 has weird spacing: '...ifetime yan...' == Line 1566 has weird spacing: '...ifetime yan...' == Line 1575 has weird spacing: '...ifetime yan...' == (4 more instances...) == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (August 16, 2017) is 2442 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Missing Reference: 'RFC3688' is mentioned on line 1379, but not defined == Unused Reference: 'RFC2131' is defined on line 1440, but no explicit reference was found in the text == Unused Reference: 'RFC3315' is defined on line 1444, but no explicit reference was found in the text == Unused Reference: 'RFC2223' is defined on line 1499, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1503, but no explicit reference was found in the text == Unused Reference: 'RFC2863' is defined on line 1507, but no explicit reference was found in the text == Unused Reference: 'RFC3410' is defined on line 1511, but no explicit reference was found in the text == Unused Reference: 'RFC4181' is defined on line 1517, but no explicit reference was found in the text == Unused Reference: 'RFC4293' is defined on line 1521, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) -- Obsolete informational reference (is this intentional?): RFC 2223 (Obsoleted by RFC 7322) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 4 errors (**), 0 flaws (~~), 17 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SAVI C. An 3 Internet-Draft J. Yang 4 Intended status: Experimental J. Wu 5 Expires: February 17, 2018 J. Bi 6 CERNET 7 August 16, 2017 9 A Yang Data Model for SAVI Management 10 draft-an-savi-yang-02 12 Abstract 14 This document contains a specification of YANG modules for the 15 management of SAVI (Source Address Validation Improvements) protocol. 17 The core SAVI data module ietf-savi serves as a framework for 18 configuring and managing SAVI instance and provides common building 19 blocks. It is expected to be augmented by additional YANG modules 20 for specific IP address assignment methods. 22 The other four modules augment the core SAVI data module and define 23 data models for different IP address assignment methods. Module 24 ietf-savi-fcfs defines module specific for Stateless Address Auto 25 Configuration (SLAAC), module ietf-savi-dhcpv4 and ietf-savi-dhcpv6 26 define modules specific for Dynamic Host Configuration Protocol 27 version 4 and version 6 (DHCPv4 and DHCPv6), and module ietf-savi- 28 send defines module specific for Secure Neighbor Discovery (SEND). 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at http://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on February 17, 2018. 47 Copyright Notice 49 Copyright (c) 2017 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3 66 2.1. Glossary of New Terms . . . . . . . . . . . . . . . . . . 6 67 2.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 6 68 2.3. Prefixes in Data Node Names . . . . . . . . . . . . . . . 7 69 3. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . 7 70 4. The Design of the SAVI Data Model . . . . . . . . . . . . . . 7 71 4.1. System-Controlled and User-Controlled List Entries . . . 9 72 5. Basic Building Blocks . . . . . . . . . . . . . . . . . . . . 10 73 5.1. SAVI Instance . . . . . . . . . . . . . . . . . . . . . . 10 74 5.2. Binding Table . . . . . . . . . . . . . . . . . . . . . . 10 75 5.3. Binding State Table . . . . . . . . . . . . . . . . . . . 11 76 5.4. Interface Attribute . . . . . . . . . . . . . . . . . . . 11 77 5.5. SAVI Statistics . . . . . . . . . . . . . . . . . . . . . 11 78 6. Definition of ietf-savi module . . . . . . . . . . . . . . . 11 79 7. Definition of ietf-savi-fcfs module . . . . . . . . . . . . . 16 80 8. Definition of ietf-savi-dhcpv4 module . . . . . . . . . . . . 19 81 9. Definition of ietf-savi-dhcpv6 module . . . . . . . . . . . . 23 82 10. Definition of ietf-savi-send module . . . . . . . . . . . . . 27 83 11. Security Considerations . . . . . . . . . . . . . . . . . . . 30 84 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 85 13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 31 86 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 87 14.1. Normative References . . . . . . . . . . . . . . . . . . 31 88 14.2. Informative References . . . . . . . . . . . . . . . . . 33 89 14.3. URL References . . . . . . . . . . . . . . . . . . . . . 33 90 Appendix A. The Complete Data Trees . . . . . . . . . . . . . . 34 91 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 37 92 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 94 1. Introduction 96 The Source Address Validation Improvement protocol was developed to 97 complement ingress filtering with finer-grained, standard IP source 98 address validation( [RFC7039]). A SAVI protocol instance is located 99 on the path of hosts' packets, enforcing the hosts' use of legitimate 100 IP source addresses. 102 SAVI protocol determines whether the IP address obtaining process is 103 legitimate according to IP address assignment method. For links with 104 Stateless Address Auto Configuration (SLAAC), the process is defined 105 in [RFC6620]. For links with Dynamic Host Configuration Protocol 106 (DHCP), the process is defined in [RFC7513]. For links with Secure 107 Neighbor Discovery (SEND), the process is defined in [RFC7219]. 109 This document contains a core SAVI data module serving as a framework 110 for configuring and managing SAVI instance and provides common 111 building blocks. The other four modules augment the core SAVI data 112 module and define data models for different IP address assignment 113 methods. 115 o Module "ietf-savi" defines a core data module which provides 116 generic components of SAVI data model, and is intended as a basis 117 for future data model development covering more IP address 118 assignment methods. 120 o Module "ietf-savi-fcfs" augments the "ietf-savi" module with 121 additional data specific to SAVI FCFS ([RFC6620]). 123 o Module "ietf-savi-dhcp4" augments the "ietf-savi" module with 124 additional data specific to SAVI DHCP ([RFC7513]) for IPv4 address 125 assignment. 127 o Module "ietf-savi-dhcp6" augments the "ietf-savi" module with 128 additional data specific to SAVI DHCP ([RFC7513]) for IPv6 address 129 assignment. 131 o Module "ietf-savi-send" augments the "ietf-savi" module with 132 additional data specific to SAVI SEND ( [RFC7219]). 134 2. Terminology and Notation 136 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 137 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 138 document are to be interpreted as described in RFC 2119 [RFC2119]. 140 The following terms are defined in RFC6241 [RFC6241]: 142 o client, 144 o message, 146 o protocol operation, 148 o server 150 The following terms are defined in RFC6020 [RFC6020]: 152 o augment, 154 o configuration data, 156 o container, 158 o data model, 160 o data node, 162 o leaf, 164 o list, 166 o mandatory node, 168 o module 170 The following terms are defined in [RFC7039]. 172 o IP Address Assignment Methods, 174 o SAVI method, 176 o Binding Anchors, 178 o SAVI instance 180 The following terms are defined in [RFC6620]. 182 o SAVI FCFS, 184 o Validating Ports (VPs), 186 o Trusted Ports (TPs), 188 o Lifetime 189 o Status: either NO_BIND, TENTATIVE, VALID, TESTING_VP, or 190 TESTING_TP-LT, 192 o Creation time, 194 o TENT_LT, 196 o DEFAULT_LT, 198 o T_WAIT 200 The following terms are defined in [RFC7513]. 202 o SAVI DHCP, 204 o Binding entry: A rule that associates an IP address with a binding 205 anchor, 207 o Binding State Table (BST): The data structure that contains the 208 binding entries, 210 o Binding entry limit: The maximum number of binding entries that 211 may be associated with a binding anchor, 213 o Status: either NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, or 214 VERIFY, 216 o Trust Attribute, 218 o DHCP-Trust Attribute, 220 o DHCP-Snooping Attribute, 222 o Data-Snooping Attribute, 224 o Validating Attribute, 226 o MAX_DHCP_RESPONSE_TIME, 228 o MAX_LEASEQUERY_DELAY, 230 o DETECTION_TIMEOUT, 232 o DATA_SNOOPING_INTERVAL, 234 o OFFLINK_DELAY 236 The following terms are defined in [RFC6620]. 238 o SAVI SEND, 240 o Validating Ports (VPs), 242 o Trusted Ports (TPs), 244 o Status: either TENTATIVE_DAD, TENTATIVE_NUD, VALID, TESTING_VP, or 245 TESTING_VP', 247 o TENT_LT, 249 o DEFAULT_LT 251 2.1. Glossary of New Terms 253 system-controlled entry: An entry of a list in state data ("config 254 false") that is created by the system independently of what has been 255 explicitly configured. See Section 4.1 for details. 257 user-controlled entry: An entry of a list in state data ("config 258 false") that is created and deleted as a direct consequence of 259 certain configuration changes. See Section 4.1 for details. 261 2.2. Tree Diagrams 263 Simplified graphical representation of the data tree is presented in 264 this document. The meaning of the symbols in these diagrams is as 265 follows: 267 o Brackets "[" and "]" enclose list keys. 269 o Curly braces "{" and "}" contain names of optional features that 270 make the corresponding node conditional. 272 o Abbreviations before data node names: "rw" means configuration 273 (read-write), "ro" state data (read-only), "-x" RPC operations, 274 and "-n" notifications. 276 o Symbols after data node names: "?" means an optional node, "!" a 277 container with presence, and "*" denotes a "list" or "leaf-list". 279 o Parentheses enclose choice and case nodes, and case nodes are also 280 marked with a colon (":"). 282 o Ellipsis ("...") stands for contents of subtrees that are not 283 shown. 285 2.3. Prefixes in Data Node Names 287 In this document, names of data nodes, RPC operations and other data 288 model objects are often used without a prefix, as long as it is clear 289 from the context in which YANG module each name is defined. 290 Otherwise, names are prefixed using the standard prefix associated 291 with the corresponding YANG module, as shown in Table 1. 293 +---------------+---------------------------+------------+ 294 | Prefix | YANG module | Reference | 295 +---------------+---------------------------+------------+ 296 | if | ietf-interfaces | [RFC7223] | 297 | savi | ietf-savi | Section 6 | 298 | savi-fcfs | ietf-savi-fcfs | Section 7 | 299 | savi-dhcpv4 | ietf-savi-dhcpv4 | Section 8 | 300 | savi-dhcpv6 | ietf-savi-dhcpv6 | Section 9 | 301 | savi-send | ietf-savi-send | Section 10 | 302 | yang | ietf-yang-types | [RFC6991] | 303 | inet | ietf-inet-types | [RFC6991] | 304 +---------------+---------------------------+------------+ 306 Table 1: Prefixes and corresponding YANG modules 308 3. Objectives 310 The initial design of the SAVI data model was driven by the following 311 objectives: 313 o The data model should be suitable for different IP address 314 assignment method proposed now, and can be augmented to support 315 new IP address assignment method in different scenarios, such as 316 WLAN, IPv4/IPv6 Transition Network, etc. 318 o The data model should be suitable for the common address families, 319 in particular IPv4 and IPv6. 321 o A simple IP assignment system, such as one that uses only static 322 IP, should be configurable in a simple way, which are called savi- 323 manual. 325 4. The Design of the SAVI Data Model 327 The SAVI data model consists of five YANG modules. The first module, 328 "ietf-savi", defines the generic components of a SAVI system. The 329 other four modules, "ietf-savi-fcfs", "ietf-savi-dhcpv4", "ietf-savi- 330 dhcpv6" and "ietf-savi-send", augment the "ietf-savi" module with 331 additional data nodes that are needed for the specific IP address 332 assignment method, respectively. Figures 1 and 2 show abridged views 333 of the configuration and state data hierarchies. See Appendix A for 334 the complete data trees. 336 +--rw savi 337 +--rw savi-instances 338 | +--rw savi-instance* [savi-method] 339 | +--rw savi-method string 340 | +--rw enable? boolean 341 | +--rw preference? uint32 342 | +--rw savi-fcfs:params 343 | | +--... 344 | +--rw savi-dhcpv4:params 345 | | +--... 346 | +--rw savi-dhcpv6:params 347 | | +--... 348 | +--rw savi-send:params 349 | +--... 350 +--rw interfaces 351 | +--rw interface* [ifname] 352 | +--rw ifname if:interface-ref 353 | +--rw filtering-enabled? boolean 354 +--rw binding-table 355 +--rw ipv4 356 | +--rw binding-entry* [ifname address] 357 | +--rw address inet:ipv4-address 358 | +--rw ifname if:interface-ref 359 | +--rw mac? yang:mac-address 360 | +--rw lifetime yang:timeticks 361 | +--rw creationtime yang:timestamp 362 | +--rw binding-method string 363 +--rw ipv6 364 +--rw binding-entry* [ifname address] 365 +--rw address inet:ipv6-address 366 +--rw ifname if:interface-ref 367 +--rw mac? yang:mac-address 368 +--rw lifetime yang:timeticks 369 +--rw creationtime yang:timestamp 370 +--rw binding-method string 372 Figure 1: Configuration data hierarchy. 374 +--ro savi-state 375 +--ro savi-instances 376 | | +--ro savi-instance* [savi-method] 377 | | +--ro savi-method string 378 | | +--ro preference? uint32 379 | | +--ro savi-fcfs:binding-state-table 380 | | | +--ro savi-fcfs:binding-state-entry* [ifname address] 381 | | | +--... 382 | | +--ro savi-dhcpv4:binding-state-table 383 | | | +--ro savi-dhcpv4:binding-state-entry* [ifname address] 384 | | | +--... 385 | | +--ro savi-dhcpv6:binding-state-table 386 | | | +--ro savi-dhcpv6:binding-state-entry* [ifname address] 387 | | | +--... 388 | | +--ro savi-send:binding-state-table 389 | | +--ro savi-send:binding-state-entry* [ifname address] 390 | | +--... 391 | +--ro binding-table 392 | | +--ro ipv4 393 | | | +--ro binding-entry* [ifname address] 394 | | | +--... 395 | | +--ro ipv6 396 | | +--ro binding-entry* [ifname address] 397 | | +--... 398 | +--ro statistics 399 | +--ro bst-entry-volume? uint32 400 | +--ro bst-entry-counts? uint32 401 | +--ro filtering-pks 402 | +--ro if-filtering-pks* [ifname] 403 | +--ro ifname if:interface-ref 404 | +--ro filtering-pks? uint32 406 Figure 2: State data hierarchy. 408 As can be seen from Figures 1 and 2, the SAVI data model includes 409 several generic components: SAVI instance, binding table, binding 410 state table, interface attribute, and statistics. Section 5 411 describes these components in more detail. 413 4.1. System-Controlled and User-Controlled List Entries 415 The SAVI data model defines several lists in the schema tree, such as 416 "binding-table". 418 In such a list, the server creates the required item as a so-called 419 system-controlled entry in state data, i.e., inside the "binding- 420 table" container. 422 Additional entries may be created in the configuration by a client, 423 e.g., via the NETCONF protocol. These are so-called user-controlled 424 entries. If the server accepts a configured user-controlled entry, 425 then this entry also appears in the state data version of the list. 427 Corresponding entries in both versions of the list (in state data and 428 configuration) have the same value of the list key. 430 A client may also provide supplemental configuration of system- 431 controlled entries. To do so, the client creates a new entry in the 432 configuration with the desired contents. In order to bind this entry 433 to the corresponding entry in the state data list, the key of the 434 configuration entry has to be set to the same value as the key of the 435 state entry. 437 Deleting a user-controlled entry from the configuration list results 438 in the removal of the corresponding entry in the state data list. In 439 contrast, if a system-controlled entry is deleted from the 440 configuration list, only the extra configuration specified in that 441 entry is removed but the corresponding state data entry remains in 442 the list. 444 5. Basic Building Blocks 446 This section presents the basic building blocks of the SAVI data 447 model. 449 5.1. SAVI Instance 451 SAVI data model supports one or more IP address assignment method. 452 Each SAVI method runs as a SAVI instance. Each SAVI instance has 453 separate configuration and state data. The SAVI instance can be set 454 to enable or disable and be configured with preference value. When 455 multiple SAVI instance running in the same system, the binding entry 456 with high preference will be used to filter packets. 458 5.2. Binding Table 460 Entries in binding table are used to filter packets. Each binding 461 entry includes source IP address, mac address, interface name, 462 lifetime, creation time, binding method. Entries will be inserted or 463 deleted by SAVI instance. And an entry can also be inserted or 464 deleted by client if it is a manual binding entry. 466 5.3. Binding State Table 468 There is a binding state table for each IP address assignment method. 469 Each binding state entry includes source IP address, mac address, 470 interface name, state, lifetime, and other parameters specific for 471 the SAVI method. For different SAVI method, the state is different. 472 e.g. for SAVI FCFS, the state includes NO_BIND, TENTATIVE, VALID, 473 TESTING_VP, and TESTING_TP-LT, and for SAVI DHCP, the state includes 474 NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, and VERIFY. 476 5.4. Interface Attribute 478 There is corresponding interface attribute for each SAVI method. 479 Such as for SAVI FCFS, the interface attribute includes Validating 480 Port and Trusted Port, for SAVI DHCP, the interface attributes 481 includes Trust Attribute, DHCP-Trust Attribute, DHCP-Snooping 482 Attribute, Data-Snooping Attribute, and Validating Attribute. 484 5.5. SAVI Statistics 486 The SAVI Statistics contains counters for the collection of 487 statistics, including volume and count of binding table, count of 488 packets dropped because of IP address validation. 490 6. Definition of ietf-savi module 492 file "ietf-savi@2017-08-15.yang" 493 module ietf-savi { 494 namespace "urn:ietf:params:xml:ns:yang:ietf-savi"; 495 prefix savi; 496 import ietf-yang-types { 497 prefix yang; 498 } 499 import ietf-inet-types { 500 prefix inet; 501 } 502 import ietf-interfaces { 503 prefix if; 504 } 505 organization "IETF SAVI Working Group"; 506 contact 507 " 508 WG Web: 509 Editor: Changqing An 510 511 "; 512 description 513 "This YANG module defines essential components for the management 514 of a savi subsystem."; 516 revision 2017-08-15{ 517 description "Initial revision."; 518 reference "DRAFT XXX: A YANG Data Model for SAVI Management."; 519 } 521 /* Identities */ 523 identity binding-state { 524 description "Base identity for the sates of binding entry."; 525 } 527 /* Groupings */ 529 grouping binding-entry { 530 description "This grouping provides basic parameters of a binding entry."; 532 leaf ifname { 533 type if:interface-ref; 534 description "The name of the interface."; 536 } 537 leaf mac { 538 type yang:mac-address; 539 description "The binding source mac address."; 540 } 541 leaf lifetime { 542 type yang:timeticks; 543 mandatory true; 544 description 545 "The remaining lifetime of the entry."; 546 } 547 } 549 grouping binding-table { 550 description "This grouping defines binding table for both IPv4 and IPv6."; 551 container binding-table { 552 description "Container for binding table."; 554 container ipv4 { 555 description "Container for binding table for IPv4 protocol."; 556 list binding-entry { 557 key "ifname address"; 558 description "Definition of a binding entry"; 559 leaf address { 560 type inet:ipv4-address; 561 description "IPv4 address of the binding host."; 562 } 563 uses binding-entry; 564 leaf creationtime { 565 type yang:timestamp; 566 mandatory true; 567 description "The value of the local clock when the entry was firstly created."; 568 } 569 leaf binding-method { 570 type string; 571 mandatory true; 572 description "IP address assignment methods."; 573 } 574 } 575 } 577 container ipv6 { 578 description "Container for binding table for IPv4 protocol."; 579 list binding-entry { 580 key "ifname address"; 581 description "Definition of a binding entry"; 582 leaf address { 583 type inet:ipv6-address; 584 description "IPv6 address of the binding host."; 585 } 586 uses binding-entry; 587 leaf creationtime { 588 type yang:timestamp; 589 mandatory true; 590 description "The value of the local clock when the entry was firstly created."; 591 } 592 leaf binding-method { 593 type string; 594 mandatory true; 595 description "IP address assignment methods."; 596 } 597 } 598 } 599 } 600 } 602 /* State data */ 604 container savi-state { 605 config false; 606 description "State data of the savi subsystem."; 607 container savi-instances { 608 description "Container of parameters for each savi method."; 609 list savi-instance { 610 key savi-method; 611 description "A list of parameters for each savi method."; 612 leaf savi-method { 613 type string; 614 description "IP address assignment methods."; 615 } 616 leaf preference { 617 type uint32; 618 description "Preference of the savi method."; 619 } 620 } 621 } 623 uses binding-table; 624 container statistics { 625 description "Container of statistics parameters for savi subsystem."; 626 leaf bst-entry-volume { 627 type uint32; 628 description "The volume of the the binding state table."; 629 } 630 leaf bst-entry-counts { 631 type uint32; 632 description "The count of the binding state table."; 633 } 634 container filtering-pks { 635 description "Container of parameters for counting filtering packets."; 636 list if-filtering-pks { 637 key ifname; 638 description "A list of parameters for counting filtering packets."; 639 leaf ifname { 640 type if:interface-ref; 641 description "The name of the interface."; 642 } 643 leaf filtering-pks { 644 type uint32; 645 description "The count of filtering packets."; 646 } 647 } 648 } 649 } 650 } 652 /* Configuration Data */ 654 container savi { 655 description "Configuration data of the savi subsystem."; 656 container savi-instances { 657 description "Container of parameters for each savi method."; 658 list savi-instance { 659 key savi-method; 660 description "A list of parameters for each savi method."; 661 leaf savi-method { 662 type string; 663 description "IP address assignment methods."; 664 } 665 leaf enable { 666 type boolean; 667 description "If the savi method is enabled?"; 668 } 669 leaf preference { 670 type uint32; 671 description "Preference of the savi method."; 672 } 673 } 674 } 676 container if-filtering-attributes { 677 description "Container for defining filtering attributes of each interface, common for every savi instance."; 678 list if-filtering-attribute { 679 key ifname; 680 description "A list of filtering attributes for each interface."; 681 leaf ifname { 682 type if:interface-ref; 683 description "The name of the interface."; 684 } 685 leaf filtering-enabled { 686 type boolean; 687 default true; 688 description "If the filtering attribute is enabled? "; 689 } 690 } 691 } 692 /* Binding table for manual entry which can be configured by operators*/ 693 uses binding-table { 694 when "/savi/savi-instances/savi-instance[savi-method = 'savi-manual']/enable = 'true'"; 695 } 696 } //container savi 697 } 699 700 7. Definition of ietf-savi-fcfs module 702 file "ietf-savi-fcfs@2017-08-15.yang" 703 module ietf-savi-fcfs { 704 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-fcfs"; 705 prefix savi-fcfs; 706 import ietf-yang-types { 707 prefix yang; 708 } 709 import ietf-inet-types { 710 prefix inet; 711 } 712 import ietf-interfaces { 713 prefix if; 714 } 716 import ietf-savi { 717 prefix savi; 718 } 719 organization "IETF SAVI Working Group"; 720 contact 721 " 722 WG Web: 723 Editor: Changqing An 724 725 "; 726 description 727 " 728 The Yang data module defined for SAVI FCFS. 729 "; 731 revision 2017-08-15 { 732 description "Initial revision."; 733 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 734 } 736 /* Identities */ 738 identity savi-fcfs-state { 739 base savi:binding-state; 740 description "Base identity for the sates definition of SAVI FCFS."; 741 } 742 identity tentative { 743 base savi-fcfs-state; 744 description "A state defined in SAVI FCFS."; 745 } 746 identity valid { 747 base savi-fcfs-state; 748 description "A state defined in SAVI FCFS."; 749 } 750 identity testing_vp { 751 base savi-fcfs-state; 752 description "A state defined in SAVI FCFS."; 753 } 754 identity testing_vp-lt { 755 base savi-fcfs-state; 756 description "A state defined in SAVI FCFS."; 757 } 759 /* State data */ 761 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 762 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-fcfs'"; 763 description "Binding state table specific for SAVI FCFS."; 764 container binding-state-table { 765 description "Binding state table specific for SAVI FCFS."; 766 list binding-state-entry { 767 key "ifname address"; 768 description "A binding status entry specific for SAVI FCFS."; 769 leaf address { 770 type inet:ipv6-address; 771 description "The binding source IP address."; 772 } 773 uses savi:binding-entry; 774 leaf state { 775 type identityref { 776 base savi-fcfs-state; 777 } 778 description "State of the entry as defined in SAVI FCFS: NO_BIND, TENTATIVE, VALID, TESTING_VP, TESTING_TP-LT"; 779 } 780 } 781 } 782 } 784 /* Configuration Data */ 786 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 787 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-fcfs'"; 788 description "Parameters specific to SAVI FCFS."; 789 container params { 790 description "Parameters specific to SAVI FCFS."; 791 leaf tent_lt { 792 type yang:timeticks; 793 default 50; 794 description "A default value defined in SAVI FCFS."; 795 reference "TENT_LT from [RFC6620]."; 796 } 798 leaf default_lt { 799 type yang:timeticks; 800 default 30000; 801 description "A default value defined in SAVI FCFS."; 802 reference "DEFAULT_LT from [RFC6620]"; 803 } 805 leaf twait { 806 type yang:timeticks; 807 default 25; 808 description "A default value defined in SAVI FCFS"; 809 reference "T_WAIT from [RFC6620]."; 810 } 811 container if-attributes { 812 description "Interface attributes specific to SAVI SEND."; 813 list if-attribute { 814 key ifname; 815 description "A list of attributes for each interface."; 816 leaf ifname { 817 type if:interface-ref; 818 description "The name of the interface."; 819 } 820 leaf validating { 821 type boolean; 822 must .=not(../trust); 823 default true; 824 description "SAVI FCFS processing is performed in the port."; 825 } 827 leaf trust { 828 type boolean; 829 must .=not(../validating); 830 default false; 831 description "SAVI FCFS processing is not performed in the port."; 832 } 833 } //list 834 } //container 835 } //container 836 } //augment 837 } 839 840 8. Definition of ietf-savi-dhcpv4 module 842 file "ietf-savi-dhcpv4@2017-08-15.yang" 843 module ietf-savi-dhcpv4 { 844 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv4"; 845 prefix savi-dhcpv4; 846 import ietf-yang-types { 847 prefix yang; 848 } 849 import ietf-inet-types { 850 prefix inet; 851 } 852 import ietf-interfaces { 853 prefix if; 854 } 855 import ietf-savi { 856 prefix savi; 857 } 858 organization "IETF SAVI Working Group"; 859 contact 860 " 861 WG Web: 862 Editor: Changqing An 863 864 "; 865 description 866 " 867 The Yang data module defined for SAVI DHCPv4. 868 "; 870 revision 2017-08-15 { 871 description "Initial revision."; 872 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 873 } 875 /* Identities */ 877 identity savi-dhcp-state { 878 base savi:binding-state; 879 description "Base identity for the sates definition of SAVI DHCPv4."; 881 } 882 identity no_bind { 883 base savi-dhcp-state; 884 description "A state defined in SAVI DHCPv4."; 885 } 886 identity init_bind { 887 base savi-dhcp-state; 888 description "A state defined in SAVI DHCPv4."; 889 } 890 identity bind { 891 base savi-dhcp-state; 892 description "A state defined in SAVI DHCPv4."; 893 } 894 identity detection { 895 base savi-dhcp-state; 896 description "A state defined in SAVI DHCPv4."; 897 } 898 identity recovery { 899 base savi-dhcp-state; 900 description "A state defined in SAVI DHCPv4."; 901 } 902 identity verify { 903 base savi-dhcp-state; 904 description "A state defined in SAVI DHCPv4."; 905 } 907 /* State data */ 909 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 910 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv4'"; 911 description "Binding state table specific for SAVI DHCPv4."; 912 container binding-state-table { 913 description "Binding state table specific for SAVI DHCPv4."; 914 list binding-state-entry { 915 key "ifname address"; 916 description "A binding state entry specific for SAVI DHCPv4."; 917 leaf address { 918 type inet:ipv4-address; 919 description "The binding source IP address."; 920 } 921 uses savi:binding-entry; 922 leaf state { 923 type identityref { 924 base savi-dhcp-state; 925 } 926 description "State of the entry as defined in SAVI DHCP: NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, VERIFY."; 927 } 928 leaf tid { 929 type uint32; 930 description "The Transaction ID of the corresponding DHCP transaction."; 931 } 932 leaf timeouts { 933 when "/savi:savi/savi:savi-instances/savi:savi-instance/params/if-attributes/if-attribute/data-snooping = 'true'"; 934 type uint32; 935 description "the number of timeouts that expired in the current state"; 937 } 938 } 939 } 940 } 942 /* Configuration Data */ 944 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 945 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv4'"; 946 description "Parameters specific to SAVI DHCPv4"; 947 container params { 948 description "Parameters specific to SAVI DHCPv4"; 949 leaf max-dhcp-responsetime { 950 type yang:timeticks; 951 default 12000; 952 description "Maximum Solicit timeout value. Default is 120s."; 953 reference "SOL_MAX_RT from [RFC3315]"; 954 } 955 leaf max-leasequery-delay { 956 type yang:timeticks; 957 default 1000; 958 description "Maximum LEASEQUERY timeout value. Default is 10s."; 959 reference "LQ_MAX_RT from [RFC5007]"; 960 } 961 leaf datasnooping-interval { 962 type yang:timeticks; 963 default 6000; 964 description 965 "Minimum interval between two successive EVE_DATA_UNMATCH 966 events triggered by an attachment. Recommended interval: 967 60s and configurable."; 968 reference "DATA_SNOOPING_INTERVAL from [RFC7513]"; 969 } 970 leaf offlink-delay { 971 type yang:timeticks; 972 default 3000; 973 description 974 "Period after a client is last detected before the binding 975 anchor is being removed. Recommended delay: 30s."; 976 reference "OFFLINK_DELAY from [RFC7513]."; 977 } 978 leaf detection-timeout { 979 type yang:timeticks; 980 default 50; 981 description 982 "Maximum duration of a hardware address verification step 983 in the VERIFY state."; 984 reference "DETECTION_TIMEOUT from [RFC7513]"; 986 } 987 container if-attributes { 988 description "Interface attributes specific to SAVI DHCPv4."; 989 list if-attribute { 990 key ifname; 991 description "A list of attributes for each interface."; 992 leaf ifname { 993 type if:interface-ref; 994 description "The name of the interface."; 995 } 996 leaf trust-attribute { 997 type boolean; 998 default false; 999 description "An attribute defined in SAVI DHCP."; 1000 } 1001 leaf dhcp-trust { 1002 type boolean; 1003 default false; 1004 description "An attribute defined in SAVI DHCP."; 1005 } 1006 leaf dhcp-snooping { 1007 type boolean; 1008 default true; 1009 description "An attribute defined in SAVI DHCP."; 1010 } 1011 leaf data-snooping { 1012 type boolean; 1013 default false; 1014 description "An attribute defined in SAVI DHCP."; 1015 } 1016 leaf validating { 1017 type boolean; 1018 default true; 1019 description "An attribute defined in SAVI DHCP."; 1020 } 1021 } //list 1022 } //container 1023 } //container 1024 } //augment 1025 } 1027 1028 9. Definition of ietf-savi-dhcpv6 module 1030 file "ietf-savi-dhcpv6@2017-08-15.yang" 1031 module ietf-savi-dhcpv6 { 1032 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv6"; 1033 prefix savi-dhcpv6; 1034 import ietf-yang-types { 1035 prefix yang; 1036 } 1037 import ietf-inet-types { 1038 prefix inet; 1039 } 1040 import ietf-interfaces { 1041 prefix if; 1042 } 1044 import ietf-savi { 1045 prefix savi; 1046 } 1047 organization "IETF SAVI Working Group"; 1048 contact 1049 " 1050 WG Web: 1051 Editor: Changqing An 1052 1053 "; 1054 description 1055 " 1056 The Yang data module defined for SAVI DHCPv6. 1057 "; 1059 revision 2017-08-15 { 1060 description "Initial revision."; 1061 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 1062 } 1064 /* Identities */ 1066 identity savi-dhcp-state { 1067 base savi:binding-state; 1068 description "Base identity for the sates definition of SAVI DHCPv6."; 1069 } 1070 identity no_bind { 1071 base savi-dhcp-state; 1072 description "A state defined in SAVI DHCPv6."; 1073 } 1074 identity init_bind { 1075 base savi-dhcp-state; 1076 description "A state defined in SAVI DHCPv6."; 1077 } 1078 identity bind { 1079 base savi-dhcp-state; 1080 description "A state defined in SAVI DHCPv6."; 1081 } 1082 identity detection { 1083 base savi-dhcp-state; 1084 description "A state defined in SAVI DHCPv6."; 1085 } 1086 identity recovery { 1087 base savi-dhcp-state; 1088 description "A state defined in SAVI DHCPv6."; 1089 } 1090 identity verify { 1091 base savi-dhcp-state; 1092 description "A state defined in SAVI DHCPv6."; 1093 } 1095 /* State data */ 1097 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 1098 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv6'"; 1099 description "Binding state table specific for SAVI DHCPv6."; 1100 container binding-state-table { 1101 description "Binding state table specific for SAVI DHCPv6."; 1102 list binding-state-entry { 1103 key "ifname address"; 1104 description "A binding state entry specific for SAVI DHCPv6."; 1105 leaf address { 1106 type inet:ipv6-address; 1107 description "The binding source IP address."; 1108 } 1109 uses savi:binding-entry; 1110 leaf state { 1111 type identityref { 1112 base savi-dhcp-state; 1113 } 1114 description "State of the entry as defined in SAVI DHCP: NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, VERIFY."; 1115 } 1116 leaf tid { 1117 type uint32; 1118 description "The Transaction ID of the corresponding DHCP transaction."; 1119 } 1120 leaf timeouts { 1121 when "/savi:savi/savi:savi-instances/savi:savi-instance/params/if-attributes/if-attribute/data-snooping = 'true'"; 1122 type uint32; 1123 description "The number of timeouts that expired in the current state."; 1124 } 1125 } 1126 } 1127 } 1129 /* Configuration Data */ 1131 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 1132 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv6'"; 1133 description "Parameters specific to SAVI DHCPv6"; 1134 container params { 1135 description "Parameters specific to SAVI DHCPv6"; 1136 leaf max-dhcp-responsetime { 1137 type yang:timeticks; 1138 default 12000; 1139 description "Maximum Solicit timeout value. Default is 120s."; 1140 reference "SOL_MAX_RT from [RFC3315]"; 1141 } 1142 leaf max-leasequery-delay { 1143 type yang:timeticks; 1144 default 1000; 1145 description "Maximum LEASEQUERY timeout value. Default is 10s."; 1146 reference "LQ_MAX_RT from [RFC5007]"; 1147 } 1148 leaf datasnooping-interval { 1149 type yang:timeticks; 1150 default 6000; 1151 description 1152 "Minimum interval between two successive EVE_DATA_UNMATCH 1153 events triggered by an attachment. Recommended interval: 1154 60s and configurable."; 1155 reference "DATA_SNOOPING_INTERVAL from [RFC7513]"; 1156 } 1157 leaf offlink-delay { 1158 type yang:timeticks; 1159 default 3000; 1160 description 1161 "Period after a client is last detected before the binding 1162 anchor is being removed. Recommended delay: 30s."; 1163 reference "OFFLINK_DELAY from [RFC7513]."; 1164 } 1165 leaf detection-timeout { 1166 type yang:timeticks; 1167 default 50; 1168 description 1169 "Maximum duration of a hardware address verification step 1170 in the VERIFY state."; 1172 reference "DETECTION_TIMEOUT from [RFC7513]"; 1173 } 1174 container if-attributes { 1175 description "Interface attributes specific to SAVI DHCPv6."; 1176 list if-attribute { 1177 key ifname; 1178 description "A list of attributes for each interface."; 1179 leaf ifname { 1180 type if:interface-ref; 1181 description "The name of the interface."; 1182 } 1183 leaf trust-attribute { 1184 type boolean; 1185 default false; 1186 description "An attribute defined in SAVI DHCP."; 1187 } 1188 leaf dhcp-trust { 1189 type boolean; 1190 default false; 1191 description "An attribute defined in SAVI DHCP."; 1192 } 1193 leaf dhcp-snooping { 1194 type boolean; 1195 default true; 1196 description "An attribute defined in SAVI DHCP."; 1197 } 1198 leaf data-snooping { 1199 type boolean; 1200 default false; 1201 description "An attribute defined in SAVI DHCP."; 1202 } 1203 leaf validating { 1204 type boolean; 1205 default true; 1206 description "An attribute defined in SAVI DHCP."; 1207 } 1208 } //list 1209 } //container 1210 } //container 1211 } //augment 1212 } 1214 1215 10. Definition of ietf-savi-send module 1217 file "ietf-savi-send@2017-08-15.yang" 1218 module ietf-savi-send { 1219 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-send"; 1220 prefix savi-send; 1221 import ietf-yang-types { 1222 prefix yang; 1223 } 1224 import ietf-inet-types { 1225 prefix inet; 1226 } 1227 import ietf-interfaces { 1228 prefix if; 1229 } 1230 import ietf-savi { 1231 prefix savi; 1232 } 1233 organization "IETF SAVI Working Group"; 1234 contact 1235 " 1236 WG Web: 1237 Editor: Changqing An 1238 1239 "; 1240 description 1241 " 1242 The Yang data module defined for SAVI SEND. 1243 "; 1245 revision 2017-08-15 { 1246 description "Initial revision."; 1247 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 1248 } 1250 /* Identities */ 1252 identity savi-send-state { 1253 base savi:binding-state; 1254 description "Base identity for the sates definition of SAVI SEND."; 1255 } 1256 identity tentative-dad { 1257 base savi-send-state; 1258 description "A state defined in SAVI SEND."; 1259 } 1260 identity tentative-nud { 1261 base savi-send-state; 1262 description "A state defined in SAVI SEND."; 1263 } 1264 identity valid { 1265 base savi-send-state; 1266 description "A state defined in SAVI SEND."; 1267 } 1269 identity testing_vp { 1270 base savi-send-state; 1271 description "A state defined in SAVI SEND."; 1272 } 1273 identity testing_vp_1 { 1274 base savi-send-state; 1275 description "A state defined in SAVI SEND."; 1276 } 1278 /* State data */ 1280 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 1281 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-send'"; 1282 description "Binding state table specific for SAVI SEND."; 1283 container binding-state-table { 1284 description "Binding state table specific for SAVI SEND."; 1285 list binding-state-entry { 1286 key "ifname address"; 1287 description "A binding state entry specific for SAVI SEND."; 1288 leaf address { 1289 type inet:ipv6-address; 1290 description "The binding source IP address."; 1291 } 1292 uses savi:binding-entry; 1293 leaf alternative-if { 1294 type if:interface-ref; 1295 description "Alternative interface is a parameter defined in SAVI SEND."; 1296 } 1298 leaf state { 1299 type identityref { 1300 base savi-send-state; 1301 } 1302 description "State of the entry as defined in SAVI SEND: TENTATIVE_DAD, TENTATIVE_NUD, VALID, TESTING_VP, TESTING_VP'"; 1303 } 1304 } 1305 } 1306 } 1308 /* Configuration Data */ 1310 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 1311 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-send'"; 1312 description "Parameters specific to SAVI SEND."; 1313 container params { 1314 description "Parameters specific to SAVI SEND."; 1315 leaf tent_lt { 1316 type yang:timeticks; 1317 default 50; 1318 description "A default value defined in SAVI SEND."; 1319 reference "TENT_LT from [RFC7219]."; 1320 } 1322 leaf default_lt { 1323 type yang:timeticks; 1324 default 30000; 1325 description "A default value defined in SAVI SEND."; 1326 reference "DEFAULT_LT from [RFC7219]"; 1327 } 1328 container if-attributes { 1329 description "Interface attributes specific to SAVI SEND."; 1330 list if-attribute { 1331 key ifname; 1332 description "A list of attributes for each interface."; 1333 leaf ifname { 1334 type if:interface-ref; 1335 description "The name of the interface."; 1336 } 1337 leaf validating { 1338 type boolean; 1339 must .=not(../trust); 1340 default true; 1341 description "SAVI SEND processing is performed in the port."; 1342 } 1344 leaf trust { 1345 type boolean; 1346 must .=not(../validating); 1347 default false; 1348 description "SAVI SEND processing is not performed in the port."; 1349 } 1350 } //list 1351 } //container 1352 } //container 1353 } //augment 1354 } 1356 1357 11. Security Considerations 1359 Configuration and state data conforming to the SAVI yang data model 1360 (defined in this document) are designed to be accessed via the 1361 NETCONF protocol [RFC6241]. The lowest NETCONF layer is the secure 1362 transport layer and the mandatory-to-implement secure transport is 1363 SSH [RFC6242]. The NETCONF access control model [RFC6536] provides 1364 the means to restrict access for particular NETCONF users to a pre- 1365 configured subset of all available NETCONF protocol operations and 1366 content. 1368 A number of data nodes defined in the YANG modules belonging to the 1369 configuration part of the SAVI data model are writable/creatable/ 1370 deletable (i.e., "config true" in YANG terms, which is the default). 1371 These data nodes may be considered sensitive or vulnerable in some 1372 network environments. Write operations to these data nodes, such as 1373 "edit-config", can have negative effects on the network if the 1374 protocol operations are not properly protected. 1376 12. IANA Considerations 1378 This document registers the following namespace URIs in the IETF XML 1379 registry [RFC3688]: 1381 URI: urn:ietf:params:xml:ns:yang:ietf-savi 1382 Registrant Contact: The IESG. 1383 XML: N/A, the requested URI is an XML namespace. 1385 URI: urn:ietf:params:xml:ns:yang:ietf-savi-fcfs 1386 Registrant Contact: The IESG. 1387 XML: N/A, the requested URI is an XML namespace. 1389 URI: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv4 1390 Registrant Contact: The IESG. 1391 XML: N/A, the requested URI is an XML namespace. 1393 URI: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv6 1394 Registrant Contact: The IESG. 1395 XML: N/A, the requested URI is an XML namespace. 1397 URI: urn:ietf:params:xml:ns:yang:ietf-savi-send 1398 Registrant Contact: The IESG. 1399 XML: N/A, the requested URI is an XML namespace. 1401 This document registers the following YANG modules in the YANG Module 1402 Names registry [RFC6020]: 1404 name: ietf-savi 1405 namespace: urn:ietf:params:xml:ns:yang:ietf-savi 1406 prefix: savi 1407 reference: RFC XXXX 1409 name: ietf-savi-fcfs 1410 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-fcfs 1411 prefix: savi-fcfs 1412 reference: RFC XXXX 1414 name: ietf-savi-dhcpv4 1415 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv4 1416 prefix: savi-dhcpv4 1417 reference: RFC XXXX 1419 name: ietf-savi-dhcpv6 1420 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv6 1421 prefix: savi-dhcpv6 1422 reference: RFC XXXX 1424 name: ietf-savi-send 1425 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-send 1426 prefix: savi-send 1427 reference: RFC XXXX 1429 13. Contributors 1431 14. References 1433 14.1. Normative References 1435 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1436 Requirement Levels", BCP 14, RFC 2119, 1437 DOI 10.17487/RFC2119, March 1997, 1438 . 1440 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 1441 RFC 2131, DOI 10.17487/RFC2131, March 1997, 1442 . 1444 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 1445 C., and M. Carney, "Dynamic Host Configuration Protocol 1446 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 1447 2003, . 1449 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1450 the Network Configuration Protocol (NETCONF)", RFC 6020, 1451 DOI 10.17487/RFC6020, October 2010, 1452 . 1454 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1455 and A. Bierman, Ed., "Network Configuration Protocol 1456 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1457 . 1459 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1460 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1461 . 1463 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1464 Protocol (NETCONF) Access Control Model", RFC 6536, 1465 DOI 10.17487/RFC6536, March 2012, 1466 . 1468 [RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS 1469 SAVI: First-Come, First-Served Source Address Validation 1470 Improvement for Locally Assigned IPv6 Addresses", 1471 RFC 6620, DOI 10.17487/RFC6620, May 2012, 1472 . 1474 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1475 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1476 . 1478 [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed., 1479 "Source Address Validation Improvement (SAVI) Framework", 1480 RFC 7039, DOI 10.17487/RFC7039, October 2013, 1481 . 1483 [RFC7219] Bagnulo, M. and A. Garcia-Martinez, "SEcure Neighbor 1484 Discovery (SEND) Source Address Validation Improvement 1485 (SAVI)", RFC 7219, DOI 10.17487/RFC7219, May 2014, 1486 . 1488 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1489 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1490 . 1492 [RFC7513] Bi, J., Wu, J., Yao, G., and F. Baker, "Source Address 1493 Validation Improvement (SAVI) Solution for DHCP", 1494 RFC 7513, DOI 10.17487/RFC7513, May 2015, 1495 . 1497 14.2. Informative References 1499 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 1500 RFC 2223, DOI 10.17487/RFC2223, October 1997, 1501 . 1503 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1504 DOI 10.17487/RFC2629, June 1999, 1505 . 1507 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1508 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 1509 . 1511 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1512 "Introduction and Applicability Statements for Internet- 1513 Standard Management Framework", RFC 3410, 1514 DOI 10.17487/RFC3410, December 2002, 1515 . 1517 [RFC4181] Heard, C., Ed., "Guidelines for Authors and Reviewers of 1518 MIB Documents", BCP 111, RFC 4181, DOI 10.17487/RFC4181, 1519 September 2005, . 1521 [RFC4293] Routhier, S., Ed., "Management Information Base for the 1522 Internet Protocol (IP)", RFC 4293, DOI 10.17487/RFC4293, 1523 April 2006, . 1525 14.3. URL References 1527 [idguidelines] 1528 IETF Internet Drafts editor, 1529 "http://www.ietf.org/ietf/1id-guidelines.txt". 1531 [idnits] IETF Internet Drafts editor, 1532 "http://www.ietf.org/ID-Checklist.html". 1534 [ietf] IETF Tools Team, "http://tools.ietf.org". 1536 [ops] the IETF OPS Area, "http://www.ops.ietf.org". 1538 [xml2rfc] XML2RFC tools and documentation, 1539 "http://xml.resource.org". 1541 Appendix A. The Complete Data Trees 1543 This appendix presents the complete configuration and state data 1544 trees of the SAVI data model. See Section 2.2 for an explanation of 1545 the symbols used. Data type of every leaf node is shown near the 1546 right end of the corresponding line. 1548 module: ietf-savi 1549 +--ro savi-state 1550 | +--ro savi-instances 1551 | | +--ro savi-instance* [savi-method] 1552 | | +--ro savi-method string 1553 | | +--ro preference? uint32 1554 | | +--ro savi-fcfs:binding-state-table 1555 | | | +--ro savi-fcfs:binding-state-entry* [ifname address] 1556 | | | +--ro savi-fcfs:address inet:ipv6-address 1557 | | | +--ro savi-fcfs:ifname if:interface-ref 1558 | | | +--ro savi-fcfs:mac? yang:mac-address 1559 | | | +--ro savi-fcfs:lifetime yang:timeticks 1560 | | | +--ro savi-fcfs:state? identityref 1561 | | +--ro savi-dhcpv4:binding-state-table 1562 | | | +--ro savi-dhcpv4:binding-state-entry* [ifname address] 1563 | | | +--ro savi-dhcpv4:address inet:ipv4-address 1564 | | | +--ro savi-dhcpv4:ifname if:interface-ref 1565 | | | +--ro savi-dhcpv4:mac? yang:mac-address 1566 | | | +--ro savi-dhcpv4:lifetime yang:timeticks 1567 | | | +--ro savi-dhcpv4:state? identityref 1568 | | | +--ro savi-dhcpv4:tid? uint32 1569 | | | +--ro savi-dhcpv4:timeouts? uint32 1570 | | +--ro savi-dhcpv6:binding-state-table 1571 | | | +--ro savi-dhcpv6:binding-state-entry* [ifname address] 1572 | | | +--ro savi-dhcpv6:address inet:ipv6-address 1573 | | | +--ro savi-dhcpv6:ifname if:interface-ref 1574 | | | +--ro savi-dhcpv6:mac? yang:mac-address 1575 | | | +--ro savi-dhcpv6:lifetime yang:timeticks 1576 | | | +--ro savi-dhcpv6:state? identityref 1577 | | | +--ro savi-dhcpv6:tid? uint32 1578 | | | +--ro savi-dhcpv6:timeouts? uint32 1579 | | +--ro savi-send:binding-state-table 1580 | | +--ro savi-send:binding-state-entry* [ifname address] 1581 | | +--ro savi-send:address inet:ipv6-address 1582 | | +--ro savi-send:ifname if:interface-ref 1583 | | +--ro savi-send:mac? yang:mac-address 1584 | | +--ro savi-send:lifetime yang:timeticks 1585 | | +--ro savi-send:alternative-if? if:interface-ref 1586 | | +--ro savi-send:state? identityref 1587 | +--ro binding-table 1588 | | +--ro ipv4 1589 | | | +--ro binding-entry* [ifname address] 1590 | | | +--ro address inet:ipv4-address 1591 | | | +--ro ifname if:interface-ref 1592 | | | +--ro mac? yang:mac-address 1593 | | | +--ro lifetime yang:timeticks 1594 | | | +--ro creationtime yang:timestamp 1595 | | | +--ro binding-method string 1596 | | +--ro ipv6 1597 | | +--ro binding-entry* [ifname address] 1598 | | +--ro address inet:ipv6-address 1599 | | +--ro ifname if:interface-ref 1600 | | +--ro mac? yang:mac-address 1601 | | +--ro lifetime yang:timeticks 1602 | | +--ro creationtime yang:timestamp 1603 | | +--ro binding-method string 1604 | +--ro statistics 1605 | +--ro bst-entry-volume? uint32 1606 | +--ro bst-entry-counts? uint32 1607 | +--ro filtering-pks 1608 | +--ro if-filtering-pks* [ifname] 1609 | +--ro ifname if:interface-ref 1610 | +--ro filtering-pks? uint32 1611 +--rw savi 1612 +--rw savi-instances 1613 | +--rw savi-instance* [savi-method] 1614 | +--rw savi-method string 1615 | +--rw enable? boolean 1616 | +--rw preference? uint32 1617 | +--rw savi-fcfs:params 1618 | | +--rw savi-fcfs:tent_lt? yang:timeticks 1619 | | +--rw savi-fcfs:default_lt? yang:timeticks 1620 | | +--rw savi-fcfs:twait? yang:timeticks 1621 | | +--rw savi-fcfs:if-attributes 1622 | | +--rw savi-fcfs:if-attribute* [ifname] 1623 | | +--rw savi-fcfs:ifname if:interface-ref 1624 | | +--rw savi-fcfs:validating? boolean 1625 | | +--rw savi-fcfs:trust? boolean 1626 | +--rw savi-dhcpv4:params 1627 | | +--rw savi-dhcpv4:max-dhcp-responsetime? yang:timeticks 1628 | | +--rw savi-dhcpv4:max-leasequery-delay? yang:timeticks 1629 | | +--rw savi-dhcpv4:datasnooping-interval? yang:timeticks 1630 | | +--rw savi-dhcpv4:offlink-delay? yang:timeticks 1631 | | +--rw savi-dhcpv4:detection-timeout? yang:timeticks 1632 | | +--rw savi-dhcpv4:if-attributes 1633 | | +--rw savi-dhcpv4:if-attribute* [ifname] 1634 | | +--rw savi-dhcpv4:ifname if:interface-ref 1635 | | +--rw savi-dhcpv4:trust-attribute? boolean 1636 | | +--rw savi-dhcpv4:dhcp-trust? boolean 1637 | | +--rw savi-dhcpv4:dhcp-snooping? boolean 1638 | | +--rw savi-dhcpv4:data-snooping? boolean 1639 | | +--rw savi-dhcpv4:validating? boolean 1640 | +--rw savi-dhcpv6:params 1641 | | +--rw savi-dhcpv6:max-dhcp-responsetime? yang:timeticks 1642 | | +--rw savi-dhcpv6:max-leasequery-delay? yang:timeticks 1643 | | +--rw savi-dhcpv6:datasnooping-interval? yang:timeticks 1644 | | +--rw savi-dhcpv6:offlink-delay? yang:timeticks 1645 | | +--rw savi-dhcpv6:detection-timeout? yang:timeticks 1646 | | +--rw savi-dhcpv6:if-attributes 1647 | | +--rw savi-dhcpv6:if-attribute* [ifname] 1648 | | +--rw savi-dhcpv6:ifname if:interface-ref 1649 | | +--rw savi-dhcpv6:trust-attribute? boolean 1650 | | +--rw savi-dhcpv6:dhcp-trust? boolean 1651 | | +--rw savi-dhcpv6:dhcp-snooping? boolean 1652 | | +--rw savi-dhcpv6:data-snooping? boolean 1653 | | +--rw savi-dhcpv6:validating? boolean 1654 | +--rw savi-send:params 1655 | +--rw savi-send:tent_lt? yang:timeticks 1656 | +--rw savi-send:default_lt? yang:timeticks 1657 | +--rw savi-send:if-attributes 1658 | +--rw savi-send:if-attribute* [ifname] 1659 | +--rw savi-send:ifname if:interface-ref 1660 | +--rw savi-send:validating? boolean 1661 | +--rw savi-send:trust? boolean 1662 +--rw if-filtering-attributes 1663 | +--rw if-filtering-attribute* [ifname] 1664 | +--rw ifname if:interface-ref 1665 | +--rw filtering-enabled? boolean 1666 +--rw binding-table 1667 +--rw ipv4 1668 | +--rw binding-entry* [ifname address] 1669 | +--rw address inet:ipv4-address 1670 | +--rw ifname if:interface-ref 1671 | +--rw mac? yang:mac-address 1672 | +--rw lifetime yang:timeticks 1673 | +--rw creationtime yang:timestamp 1674 | +--rw binding-method string 1675 +--rw ipv6 1676 +--rw binding-entry* [ifname address] 1677 +--rw address inet:ipv6-address 1678 +--rw ifname if:interface-ref 1679 +--rw mac? yang:mac-address 1680 +--rw lifetime yang:timeticks 1681 +--rw creationtime yang:timestamp 1682 +--rw binding-method string 1684 Appendix B. Change Log 1686 Authors' Addresses 1688 Changqing An 1689 CERNET 1690 Network Research Center, Tsinghua University 1691 Beijing 100084 1692 China 1694 Phone: +86 10 62603113 1695 EMail: acq@tsinghua.edu.cn 1697 Jiahai Yang 1698 CERNET 1699 Network Research Center, Tsinghua University 1700 Beijing 100084 1701 China 1703 Phone: +86 10 62783492 1704 EMail: yang@cernet.edu.cn 1706 Jianping Wu 1707 CERNET 1708 Network Research Center, Tsinghua University 1709 Beijing 100084 1710 China 1712 EMail: jianping@cernet.edu.cn 1714 Jun Bi 1715 CERNET 1716 Network Research Center, Tsinghua University 1717 Beijing 100084 1718 China 1720 EMail: junbi@cernet.edu.cn