idnits 2.17.1 draft-an-savi-yang-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 77 instances of too long lines in the document, the longest one being 67 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 362 has weird spacing: '...-method str...' == Line 370 has weird spacing: '...-method str...' == Line 1547 has weird spacing: '...ifetime yan...' == Line 1554 has weird spacing: '...ifetime yan...' == Line 1563 has weird spacing: '...ifetime yan...' == (4 more instances...) == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (February 8, 2018) is 2270 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Missing Reference: 'RFC3688' is mentioned on line 1367, but not defined == Unused Reference: 'RFC2131' is defined on line 1428, but no explicit reference was found in the text == Unused Reference: 'RFC3315' is defined on line 1432, but no explicit reference was found in the text == Unused Reference: 'RFC2223' is defined on line 1487, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1491, but no explicit reference was found in the text == Unused Reference: 'RFC2863' is defined on line 1495, but no explicit reference was found in the text == Unused Reference: 'RFC3410' is defined on line 1499, but no explicit reference was found in the text == Unused Reference: 'RFC4181' is defined on line 1505, but no explicit reference was found in the text == Unused Reference: 'RFC4293' is defined on line 1509, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) -- Obsolete informational reference (is this intentional?): RFC 2223 (Obsoleted by RFC 7322) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 4 errors (**), 0 flaws (~~), 17 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SAVI C. An 3 Internet-Draft J. Yang 4 Intended status: Experimental J. Wu 5 Expires: August 12, 2018 J. Bi 6 Tsinghua University 7 February 8, 2018 9 A Yang Data Model for SAVI Management 10 draft-an-savi-yang-03 12 Abstract 14 This document contains a specification of YANG modules for the 15 management of SAVI (Source Address Validation Improvements) protocol. 17 The core SAVI data module ietf-savi serves as a framework for 18 configuring and managing SAVI instance and provides common building 19 blocks. It is expected to be augmented by additional YANG modules 20 for specific IP address assignment methods. 22 The other four modules augment the core SAVI data module and define 23 data models for different IP address assignment methods. Module 24 ietf-savi-fcfs defines module specific for Stateless Address Auto 25 Configuration (SLAAC), module ietf-savi-dhcpv4 and ietf-savi-dhcpv6 26 define modules specific for Dynamic Host Configuration Protocol 27 version 4 and version 6 (DHCPv4 and DHCPv6), and module ietf-savi- 28 send defines module specific for Secure Neighbor Discovery (SEND). 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on August 12, 2018. 47 Copyright Notice 49 Copyright (c) 2018 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3 66 2.1. Glossary of New Terms . . . . . . . . . . . . . . . . . . 6 67 2.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 6 68 2.3. Prefixes in Data Node Names . . . . . . . . . . . . . . . 7 69 3. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . 7 70 4. The Design of the SAVI Data Model . . . . . . . . . . . . . . 7 71 4.1. System-Controlled and User-Controlled List Entries . . . 9 72 5. Basic Building Blocks . . . . . . . . . . . . . . . . . . . . 10 73 5.1. SAVI Instance . . . . . . . . . . . . . . . . . . . . . . 10 74 5.2. Binding Table . . . . . . . . . . . . . . . . . . . . . . 10 75 5.3. Binding State Table . . . . . . . . . . . . . . . . . . . 11 76 5.4. Interface Attribute . . . . . . . . . . . . . . . . . . . 11 77 5.5. SAVI Statistics . . . . . . . . . . . . . . . . . . . . . 11 78 6. Definition of ietf-savi module . . . . . . . . . . . . . . . 11 79 7. Definition of ietf-savi-fcfs module . . . . . . . . . . . . . 15 80 8. Definition of ietf-savi-dhcpv4 module . . . . . . . . . . . . 18 81 9. Definition of ietf-savi-dhcpv6 module . . . . . . . . . . . . 22 82 10. Definition of ietf-savi-send module . . . . . . . . . . . . . 26 83 11. Security Considerations . . . . . . . . . . . . . . . . . . . 29 84 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 85 13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 31 86 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 87 14.1. Normative References . . . . . . . . . . . . . . . . . . 31 88 14.2. Informative References . . . . . . . . . . . . . . . . . 33 89 14.3. URL References . . . . . . . . . . . . . . . . . . . . . 33 90 Appendix A. The Complete Data Trees . . . . . . . . . . . . . . 34 91 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 37 92 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 94 1. Introduction 96 The Source Address Validation Improvement protocol was developed to 97 complement ingress filtering with finer-grained, standard IP source 98 address validation( [RFC7039]). A SAVI protocol instance is located 99 on the path of hosts' packets, enforcing the hosts' use of legitimate 100 IP source addresses. 102 SAVI protocol determines whether the IP address obtaining process is 103 legitimate according to IP address assignment method. For links with 104 Stateless Address Auto Configuration (SLAAC), the process is defined 105 in [RFC6620]. For links with Dynamic Host Configuration Protocol 106 (DHCP), the process is defined in [RFC7513]. For links with Secure 107 Neighbor Discovery (SEND), the process is defined in [RFC7219]. 109 This document contains a core SAVI data module serving as a framework 110 for configuring and managing SAVI instance and provides common 111 building blocks. The other four modules augment the core SAVI data 112 module and define data models for different IP address assignment 113 methods. 115 o Module "ietf-savi" defines a core data module which provides 116 generic components of SAVI data model, and is intended as a basis 117 for future data model development covering more IP address 118 assignment methods. 120 o Module "ietf-savi-fcfs" augments the "ietf-savi" module with 121 additional data specific to SAVI FCFS ([RFC6620]). 123 o Module "ietf-savi-dhcp4" augments the "ietf-savi" module with 124 additional data specific to SAVI DHCP ([RFC7513]) for IPv4 address 125 assignment. 127 o Module "ietf-savi-dhcp6" augments the "ietf-savi" module with 128 additional data specific to SAVI DHCP ([RFC7513]) for IPv6 address 129 assignment. 131 o Module "ietf-savi-send" augments the "ietf-savi" module with 132 additional data specific to SAVI SEND ( [RFC7219]). 134 2. Terminology and Notation 136 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 137 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 138 document are to be interpreted as described in RFC 2119 [RFC2119]. 140 The following terms are defined in RFC6241 [RFC6241]: 142 o client, 144 o message, 146 o protocol operation, 148 o server 150 The following terms are defined in RFC6020 [RFC6020]: 152 o augment, 154 o configuration data, 156 o container, 158 o data model, 160 o data node, 162 o leaf, 164 o list, 166 o mandatory node, 168 o module 170 The following terms are defined in [RFC7039]. 172 o IP Address Assignment Methods, 174 o SAVI method, 176 o Binding Anchors, 178 o SAVI instance 180 The following terms are defined in [RFC6620]. 182 o SAVI FCFS, 184 o Validating Ports (VPs), 186 o Trusted Ports (TPs), 188 o Lifetime 189 o Status: either NO_BIND, TENTATIVE, VALID, TESTING_VP, or 190 TESTING_TP-LT, 192 o Creation time, 194 o TENT_LT, 196 o DEFAULT_LT, 198 o T_WAIT 200 The following terms are defined in [RFC7513]. 202 o SAVI DHCP, 204 o Binding entry: A rule that associates an IP address with a binding 205 anchor, 207 o Binding State Table (BST): The data structure that contains the 208 binding entries, 210 o Binding entry limit: The maximum number of binding entries that 211 may be associated with a binding anchor, 213 o Status: either NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, or 214 VERIFY, 216 o Trust Attribute, 218 o DHCP-Trust Attribute, 220 o DHCP-Snooping Attribute, 222 o Data-Snooping Attribute, 224 o Validating Attribute, 226 o MAX_DHCP_RESPONSE_TIME, 228 o MAX_LEASEQUERY_DELAY, 230 o DETECTION_TIMEOUT, 232 o DATA_SNOOPING_INTERVAL, 234 o OFFLINK_DELAY 236 The following terms are defined in [RFC6620]. 238 o SAVI SEND, 240 o Validating Ports (VPs), 242 o Trusted Ports (TPs), 244 o Status: either TENTATIVE_DAD, TENTATIVE_NUD, VALID, TESTING_VP, or 245 TESTING_VP', 247 o TENT_LT, 249 o DEFAULT_LT 251 2.1. Glossary of New Terms 253 system-controlled entry: An entry of a list in state data ("config 254 false") that is created by the system independently of what has been 255 explicitly configured. See Section 4.1 for details. 257 user-controlled entry: An entry of a list in state data ("config 258 false") that is created and deleted as a direct consequence of 259 certain configuration changes. See Section 4.1 for details. 261 2.2. Tree Diagrams 263 Simplified graphical representation of the data tree is presented in 264 this document. The meaning of the symbols in these diagrams is as 265 follows: 267 o Brackets "[" and "]" enclose list keys. 269 o Curly braces "{" and "}" contain names of optional features that 270 make the corresponding node conditional. 272 o Abbreviations before data node names: "rw" means configuration 273 (read-write), "ro" state data (read-only), "-x" RPC operations, 274 and "-n" notifications. 276 o Symbols after data node names: "?" means an optional node, "!" a 277 container with presence, and "*" denotes a "list" or "leaf-list". 279 o Parentheses enclose choice and case nodes, and case nodes are also 280 marked with a colon (":"). 282 o Ellipsis ("...") stands for contents of subtrees that are not 283 shown. 285 2.3. Prefixes in Data Node Names 287 In this document, names of data nodes, RPC operations and other data 288 model objects are often used without a prefix, as long as it is clear 289 from the context in which YANG module each name is defined. 290 Otherwise, names are prefixed using the standard prefix associated 291 with the corresponding YANG module, as shown in Table 1. 293 +---------------+---------------------------+------------+ 294 | Prefix | YANG module | Reference | 295 +---------------+---------------------------+------------+ 296 | if | ietf-interfaces | [RFC7223] | 297 | savi | ietf-savi | Section 6 | 298 | savi-fcfs | ietf-savi-fcfs | Section 7 | 299 | savi-dhcpv4 | ietf-savi-dhcpv4 | Section 8 | 300 | savi-dhcpv6 | ietf-savi-dhcpv6 | Section 9 | 301 | savi-send | ietf-savi-send | Section 10 | 302 | yang | ietf-yang-types | [RFC6991] | 303 | inet | ietf-inet-types | [RFC6991] | 304 +---------------+---------------------------+------------+ 306 Table 1: Prefixes and corresponding YANG modules 308 3. Objectives 310 The initial design of the SAVI data model was driven by the following 311 objectives: 313 o The data model should be suitable for different IP address 314 assignment method proposed now, and can be augmented to support 315 new IP address assignment method in different scenarios, such as 316 WLAN, IPv4/IPv6 Transition Network, etc. 318 o The data model should be suitable for the common address families, 319 in particular IPv4 and IPv6. 321 o A simple IP assignment system, such as one that uses only static 322 IP, should be configurable in a simple way, which are called savi- 323 manual. 325 4. The Design of the SAVI Data Model 327 The SAVI data model consists of five YANG modules. The first module, 328 "ietf-savi", defines the generic components of a SAVI system. The 329 other four modules, "ietf-savi-fcfs", "ietf-savi-dhcpv4", "ietf-savi- 330 dhcpv6" and "ietf-savi-send", augment the "ietf-savi" module with 331 additional data nodes that are needed for the specific IP address 332 assignment method, respectively. Figures 1 and 2 show abridged views 333 of the configuration and state data hierarchies. See Appendix A for 334 the complete data trees. 336 +--rw savi 337 +--rw savi-instances 338 | +--rw savi-instance* [savi-method] 339 | +--rw savi-method string 340 | +--rw enable? boolean 341 | +--rw preference? uint32 342 | +--rw savi-fcfs:params 343 | | +--... 344 | +--rw savi-dhcpv4:params 345 | | +--... 346 | +--rw savi-dhcpv6:params 347 | | +--... 348 | +--rw savi-send:params 349 | +--... 350 +--rw interfaces 351 | +--rw interface* [ifname] 352 | +--rw ifname if:interface-ref 353 | +--rw filtering-enabled? boolean 354 +--rw binding-table 355 +--rw ipv4 356 | +--rw binding-entry* [ifname address] 357 | +--rw address inet:ipv4-address 358 | +--rw ifname if:interface-ref 359 | +--rw mac? yang:mac-address 360 | +--rw lifetime yang:timeticks 361 | +--rw creationtime yang:timestamp 362 | +--rw binding-method string 363 +--rw ipv6 364 +--rw binding-entry* [ifname address] 365 +--rw address inet:ipv6-address 366 +--rw ifname if:interface-ref 367 +--rw mac? yang:mac-address 368 +--rw lifetime yang:timeticks 369 +--rw creationtime yang:timestamp 370 +--rw binding-method string 372 Figure 1: Configuration data hierarchy. 374 +--ro savi-state 375 +--ro savi-instances 376 | | +--ro savi-instance* [savi-method] 377 | | +--ro savi-method string 378 | | +--ro preference? uint32 379 | | +--ro savi-fcfs:binding-state-table 380 | | | +--ro savi-fcfs:binding-state-entry* [ifname address] 381 | | | +--... 382 | | +--ro savi-dhcpv4:binding-state-table 383 | | | +--ro savi-dhcpv4:binding-state-entry* [ifname address] 384 | | | +--... 385 | | +--ro savi-dhcpv6:binding-state-table 386 | | | +--ro savi-dhcpv6:binding-state-entry* [ifname address] 387 | | | +--... 388 | | +--ro savi-send:binding-state-table 389 | | +--ro savi-send:binding-state-entry* [ifname address] 390 | | +--... 391 | +--ro binding-table 392 | | +--ro ipv4 393 | | | +--ro binding-entry* [ifname address] 394 | | | +--... 395 | | +--ro ipv6 396 | | +--ro binding-entry* [ifname address] 397 | | +--... 398 | +--ro statistics 399 | +--ro if-filtering-pks* [ifname] 400 | +--ro ifname if:interface-ref 401 | +--ro filtering-pks? uint32 403 Figure 2: State data hierarchy. 405 As can be seen from Figures 1 and 2, the SAVI data model includes 406 several generic components: SAVI instance, binding table, binding 407 state table, interface attribute, and statistics. Section 5 408 describes these components in more detail. 410 4.1. System-Controlled and User-Controlled List Entries 412 The SAVI data model defines several lists in the schema tree, such as 413 "binding-table". 415 In such a list, the server creates the required item as a so-called 416 system-controlled entry in state data, i.e., inside the "binding- 417 table" container. 419 Additional entries may be created in the configuration by a client, 420 e.g., via the NETCONF protocol. These are so-called user-controlled 421 entries. If the server accepts a configured user-controlled entry, 422 then this entry also appears in the state data version of the list. 424 Corresponding entries in both versions of the list (in state data and 425 configuration) have the same value of the list key. 427 A client may also provide supplemental configuration of system- 428 controlled entries. To do so, the client creates a new entry in the 429 configuration with the desired contents. In order to bind this entry 430 to the corresponding entry in the state data list, the key of the 431 configuration entry has to be set to the same value as the key of the 432 state entry. 434 Deleting a user-controlled entry from the configuration list results 435 in the removal of the corresponding entry in the state data list. In 436 contrast, if a system-controlled entry is deleted from the 437 configuration list, only the extra configuration specified in that 438 entry is removed but the corresponding state data entry remains in 439 the list. 441 5. Basic Building Blocks 443 This section presents the basic building blocks of the SAVI data 444 model. 446 5.1. SAVI Instance 448 SAVI data model supports one or more IP address assignment method. 449 Each SAVI method runs as a SAVI instance. Each SAVI instance has 450 separate configuration and state data. The SAVI instance can be set 451 to enable or disable and be configured with preference value. When 452 multiple SAVI instance running in the same system, the binding entry 453 with high preference will be used to filter packets. 455 5.2. Binding Table 457 Entries in binding table are used to filter packets. Each binding 458 entry includes source IP address, mac address, interface name, 459 lifetime, creation time, binding method. Entries will be inserted or 460 deleted by SAVI instance. And an entry can also be inserted or 461 deleted by client if it is a manual binding entry. 463 5.3. Binding State Table 465 There is a binding state table for each IP address assignment method. 466 Each binding state entry includes source IP address, mac address, 467 interface name, state, lifetime, and other parameters specific for 468 the SAVI method. For different SAVI method, the state is different. 469 e.g. for SAVI FCFS, the state includes NO_BIND, TENTATIVE, VALID, 470 TESTING_VP, and TESTING_TP-LT, and for SAVI DHCP, the state includes 471 NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, and VERIFY. 473 5.4. Interface Attribute 475 There is corresponding interface attribute for each SAVI method. 476 Such as for SAVI FCFS, the interface attribute includes Validating 477 Port and Trusted Port, for SAVI DHCP, the interface attributes 478 includes Trust Attribute, DHCP-Trust Attribute, DHCP-Snooping 479 Attribute, Data-Snooping Attribute, and Validating Attribute. 481 5.5. SAVI Statistics 483 The SAVI Statistics contains counters for the collection of 484 statistics, including count of packets dropped because of IP address 485 validation. 487 6. Definition of ietf-savi module 489 file "ietf-savi@2018-01-08.yang" 490 module ietf-savi { 491 namespace "urn:ietf:params:xml:ns:yang:ietf-savi"; 492 prefix savi; 493 import ietf-yang-types { 494 prefix yang; 495 } 496 import ietf-inet-types { 497 prefix inet; 498 } 499 import ietf-interfaces { 500 prefix if; 501 } 502 organization "IETF SAVI Working Group"; 503 contact 504 " 505 WG Web: 506 Editor: Changqing An 507 508 "; 509 description 510 "This YANG module defines essential components for the management 511 of a savi subsystem."; 513 revision 2018-01-08{ 514 description "Initial revision."; 515 reference "DRAFT XXX: A YANG Data Model for SAVI Management."; 516 } 518 /* Identities */ 520 identity binding-state { 521 description "Base identity for the sates of binding entry."; 522 } 524 /* Groupings */ 526 grouping binding-entry { 527 description "This grouping provides basic parameters of a binding entry."; 529 leaf ifname { 530 type if:interface-ref; 531 description "The name of the interface."; 533 } 534 leaf mac { 535 type yang:mac-address; 536 description "The binding source mac address."; 537 } 538 leaf lifetime { 539 type yang:timeticks; 540 mandatory true; 541 description 542 "The remaining lifetime of the entry."; 543 } 544 } 546 grouping binding-table { 547 description "This grouping defines binding table for both IPv4 and IPv6."; 548 container binding-table { 549 description "Container for binding table."; 551 container ipv4 { 552 description "Container for binding table for IPv4 protocol."; 553 list binding-entry { 554 key "ifname address"; 555 description "Definition of a binding entry"; 556 leaf address { 557 type inet:ipv4-address; 558 description "IPv4 address of the binding host."; 559 } 560 uses binding-entry; 561 leaf creationtime { 562 type yang:timestamp; 563 mandatory true; 564 description "The value of the local clock when the entry was firstly created."; 565 } 566 leaf binding-method { 567 type string; 568 mandatory true; 569 description "IP address assignment methods."; 570 } 571 } 572 } 574 container ipv6 { 575 description "Container for binding table for IPv4 protocol."; 576 list binding-entry { 577 key "ifname address"; 578 description "Definition of a binding entry"; 579 leaf address { 580 type inet:ipv6-address; 581 description "IPv6 address of the binding host."; 582 } 583 uses binding-entry; 584 leaf creationtime { 585 type yang:timestamp; 586 mandatory true; 587 description "The value of the local clock when the entry was firstly created."; 588 } 589 leaf binding-method { 590 type string; 591 mandatory true; 592 description "IP address assignment methods."; 593 } 594 } 595 } 596 } 597 } 599 /* State data */ 601 container savi-state { 602 config false; 603 description "State data of the savi subsystem."; 604 container savi-instances { 605 description "Container of parameters for each savi method."; 606 list savi-instance { 607 key savi-method; 608 description "A list of parameters for each savi method."; 609 leaf savi-method { 610 type string; 611 description "IP address assignment methods."; 612 } 613 leaf preference { 614 type uint32; 615 description "Preference of the savi method."; 616 } 617 } 618 } 620 uses binding-table; 621 container statistics { 622 description "Container of statistics parameters for savi subsystem."; 623 list if-filtering-pks { 624 key ifname; 625 description "A list of parameters for counting filtering packets."; 626 leaf ifname { 627 type if:interface-ref; 628 description "The name of the interface."; 629 } 630 leaf filtering-pks { 631 type uint32; 632 description "The count of filtering packets."; 633 } 634 } 635 } 636 } 638 /* Configuration Data */ 640 container savi { 641 description "Configuration data of the savi subsystem."; 642 container savi-instances { 643 description "Container of parameters for each savi method."; 644 list savi-instance { 645 key savi-method; 646 description "A list of parameters for each savi method."; 647 leaf savi-method { 648 type string; 649 description "IP address assignment methods."; 650 } 651 leaf enable { 652 type boolean; 653 description "If the savi method is enabled?"; 654 } 655 leaf preference { 656 type uint32; 657 description "Preference of the savi method."; 658 } 659 } 660 } 662 container if-filtering-attributes { 663 description "Container for defining filtering attributes of each interface, common for every savi instance."; 664 list if-filtering-attribute { 665 key ifname; 666 description "A list of filtering attributes for each interface."; 667 leaf ifname { 668 type if:interface-ref; 669 description "The name of the interface."; 670 } 671 leaf filtering-enabled { 672 type boolean; 673 default true; 674 description "If the filtering attribute is enabled? "; 675 } 676 } 677 } 678 /* Binding table for manual entry which can be configured by operators*/ 679 uses binding-table { 680 when "/savi/savi-instances/savi-instance[savi-method = 'savi-manual']/enable = 'true'"; 681 } 682 } //container savi 683 } 685 687 7. Definition of ietf-savi-fcfs module 689 file "ietf-savi-fcfs@2018-01-08.yang" 690 module ietf-savi-fcfs { 691 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-fcfs"; 692 prefix savi-fcfs; 693 import ietf-yang-types { 694 prefix yang; 695 } 696 import ietf-inet-types { 697 prefix inet; 699 } 700 import ietf-interfaces { 701 prefix if; 702 } 704 import ietf-savi { 705 prefix savi; 706 } 707 organization "IETF SAVI Working Group"; 708 contact 709 " 710 WG Web: 711 Editor: Changqing An 712 713 "; 714 description 715 " 716 The Yang data module defined for SAVI FCFS. 717 "; 719 revision 2018-01-08 { 720 description "Initial revision."; 721 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 722 } 724 /* Identities */ 726 identity savi-fcfs-state { 727 base savi:binding-state; 728 description "Base identity for the sates definition of SAVI FCFS."; 729 } 730 identity tentative { 731 base savi-fcfs-state; 732 description "A state defined in SAVI FCFS."; 733 } 734 identity valid { 735 base savi-fcfs-state; 736 description "A state defined in SAVI FCFS."; 737 } 738 identity testing_vp { 739 base savi-fcfs-state; 740 description "A state defined in SAVI FCFS."; 741 } 742 identity testing_vp-lt { 743 base savi-fcfs-state; 744 description "A state defined in SAVI FCFS."; 745 } 746 /* State data */ 748 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 749 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-fcfs'"; 750 description "Binding state table specific for SAVI FCFS."; 751 container binding-state-table { 752 description "Binding state table specific for SAVI FCFS."; 753 list binding-state-entry { 754 key "ifname address"; 755 description "A binding status entry specific for SAVI FCFS."; 756 leaf address { 757 type inet:ipv6-address; 758 description "The binding source IP address."; 759 } 760 uses savi:binding-entry; 761 leaf state { 762 type identityref { 763 base savi-fcfs-state; 764 } 765 description "State of the entry as defined in SAVI FCFS: NO_BIND, TENTATIVE, VALID, TESTING_VP, TESTING_TP-LT"; 766 } 767 } 768 } 769 } 771 /* Configuration Data */ 773 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 774 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-fcfs'"; 775 description "Parameters specific to SAVI FCFS."; 776 container params { 777 description "Parameters specific to SAVI FCFS."; 778 leaf tent_lt { 779 type yang:timeticks; 780 default 50; 781 description "A default value defined in SAVI FCFS."; 782 reference "TENT_LT from [RFC6620]."; 783 } 785 leaf default_lt { 786 type yang:timeticks; 787 default 30000; 788 description "A default value defined in SAVI FCFS."; 789 reference "DEFAULT_LT from [RFC6620]"; 790 } 792 leaf twait { 793 type yang:timeticks; 794 default 25; 795 description "A default value defined in SAVI FCFS"; 796 reference "T_WAIT from [RFC6620]."; 797 } 798 container if-attributes { 799 description "Interface attributes specific to SAVI SEND."; 800 list if-attribute { 801 key ifname; 802 description "A list of attributes for each interface."; 803 leaf ifname { 804 type if:interface-ref; 805 description "The name of the interface."; 806 } 807 leaf validating { 808 type boolean; 809 must .=not(../trust); 810 default true; 811 description "SAVI FCFS processing is performed in the port."; 812 } 814 leaf trust { 815 type boolean; 816 must .=not(../validating); 817 default false; 818 description "SAVI FCFS processing is not performed in the port."; 819 } 820 } //list 821 } //container 822 } //container 823 } //augment 824 } 826 828 8. Definition of ietf-savi-dhcpv4 module 830 file "ietf-savi-dhcpv4@2018-01-08.yang" 831 module ietf-savi-dhcpv4 { 832 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv4"; 833 prefix savi-dhcpv4; 834 import ietf-yang-types { 835 prefix yang; 836 } 837 import ietf-inet-types { 838 prefix inet; 839 } 840 import ietf-interfaces { 841 prefix if; 842 } 843 import ietf-savi { 844 prefix savi; 845 } 846 organization "IETF SAVI Working Group"; 847 contact 848 " 849 WG Web: 850 Editor: Changqing An 851 852 "; 853 description 854 " 855 The Yang data module defined for SAVI DHCPv4. 856 "; 858 revision 2018-01-08 { 859 description "Initial revision."; 860 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 861 } 863 /* Identities */ 865 identity savi-dhcp-state { 866 base savi:binding-state; 867 description "Base identity for the sates definition of SAVI DHCPv4."; 869 } 870 identity no_bind { 871 base savi-dhcp-state; 872 description "A state defined in SAVI DHCPv4."; 873 } 874 identity init_bind { 875 base savi-dhcp-state; 876 description "A state defined in SAVI DHCPv4."; 877 } 878 identity bind { 879 base savi-dhcp-state; 880 description "A state defined in SAVI DHCPv4."; 881 } 882 identity detection { 883 base savi-dhcp-state; 884 description "A state defined in SAVI DHCPv4."; 885 } 886 identity recovery { 887 base savi-dhcp-state; 888 description "A state defined in SAVI DHCPv4."; 890 } 891 identity verify { 892 base savi-dhcp-state; 893 description "A state defined in SAVI DHCPv4."; 894 } 896 /* State data */ 898 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 899 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv4'"; 900 description "Binding state table specific for SAVI DHCPv4."; 901 container binding-state-table { 902 description "Binding state table specific for SAVI DHCPv4."; 903 list binding-state-entry { 904 key "ifname address"; 905 description "A binding state entry specific for SAVI DHCPv4."; 906 leaf address { 907 type inet:ipv4-address; 908 description "The binding source IP address."; 909 } 910 uses savi:binding-entry; 911 leaf state { 912 type identityref { 913 base savi-dhcp-state; 914 } 915 description "State of the entry as defined in SAVI DHCP: NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, VERIFY."; 916 } 917 leaf tid { 918 type uint32; 919 description "The Transaction ID of the corresponding DHCP transaction."; 920 } 921 leaf timeouts { 922 when "/savi:savi/savi:savi-instances/savi:savi-instance/params/if-attributes/if-attribute/data-snooping = 'true'"; 923 type uint32; 924 description "the number of timeouts that expired in the current state"; 925 } 926 } 927 } 928 } 930 /* Configuration Data */ 932 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 933 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv4'"; 934 description "Parameters specific to SAVI DHCPv4"; 935 container params { 936 description "Parameters specific to SAVI DHCPv4"; 937 leaf max-dhcp-responsetime { 938 type yang:timeticks; 939 default 12000; 940 description "Maximum Solicit timeout value. Default is 120s."; 941 reference "SOL_MAX_RT from [RFC3315]"; 942 } 943 leaf max-leasequery-delay { 944 type yang:timeticks; 945 default 1000; 946 description "Maximum LEASEQUERY timeout value. Default is 10s."; 947 reference "LQ_MAX_RT from [RFC5007]"; 948 } 949 leaf datasnooping-interval { 950 type yang:timeticks; 951 default 6000; 952 description 953 "Minimum interval between two successive EVE_DATA_UNMATCH 954 events triggered by an attachment. Recommended interval: 955 60s and configurable."; 956 reference "DATA_SNOOPING_INTERVAL from [RFC7513]"; 957 } 958 leaf offlink-delay { 959 type yang:timeticks; 960 default 3000; 961 description 962 "Period after a client is last detected before the binding 963 anchor is being removed. Recommended delay: 30s."; 964 reference "OFFLINK_DELAY from [RFC7513]."; 965 } 966 leaf detection-timeout { 967 type yang:timeticks; 968 default 50; 969 description 970 "Maximum duration of a hardware address verification step 971 in the VERIFY state."; 972 reference "DETECTION_TIMEOUT from [RFC7513]"; 973 } 974 container if-attributes { 975 description "Interface attributes specific to SAVI DHCPv4."; 976 list if-attribute { 977 key ifname; 978 description "A list of attributes for each interface."; 979 leaf ifname { 980 type if:interface-ref; 981 description "The name of the interface."; 982 } 983 leaf trust-attribute { 984 type boolean; 985 default false; 986 description "An attribute defined in SAVI DHCP."; 987 } 988 leaf dhcp-trust { 989 type boolean; 990 default false; 991 description "An attribute defined in SAVI DHCP."; 992 } 993 leaf dhcp-snooping { 994 type boolean; 995 default true; 996 description "An attribute defined in SAVI DHCP."; 997 } 998 leaf data-snooping { 999 type boolean; 1000 default false; 1001 description "An attribute defined in SAVI DHCP."; 1002 } 1003 leaf validating { 1004 type boolean; 1005 default true; 1006 description "An attribute defined in SAVI DHCP."; 1007 } 1008 } //list 1009 } //container 1010 } //container 1011 } //augment 1012 } 1014 1016 9. Definition of ietf-savi-dhcpv6 module 1018 file "ietf-savi-dhcpv6@2018-01-08.yang" 1019 module ietf-savi-dhcpv6 { 1020 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv6"; 1021 prefix savi-dhcpv6; 1022 import ietf-yang-types { 1023 prefix yang; 1024 } 1025 import ietf-inet-types { 1026 prefix inet; 1027 } 1028 import ietf-interfaces { 1029 prefix if; 1030 } 1031 import ietf-savi { 1032 prefix savi; 1033 } 1034 organization "IETF SAVI Working Group"; 1035 contact 1036 " 1037 WG Web: 1038 Editor: Changqing An 1039 1040 "; 1041 description 1042 " 1043 The Yang data module defined for SAVI DHCPv6. 1044 "; 1046 revision 2018-01-08 { 1047 description "Initial revision."; 1048 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 1049 } 1051 /* Identities */ 1053 identity savi-dhcp-state { 1054 base savi:binding-state; 1055 description "Base identity for the sates definition of SAVI DHCPv6."; 1056 } 1057 identity no_bind { 1058 base savi-dhcp-state; 1059 description "A state defined in SAVI DHCPv6."; 1060 } 1061 identity init_bind { 1062 base savi-dhcp-state; 1063 description "A state defined in SAVI DHCPv6."; 1064 } 1065 identity bind { 1066 base savi-dhcp-state; 1067 description "A state defined in SAVI DHCPv6."; 1068 } 1069 identity detection { 1070 base savi-dhcp-state; 1071 description "A state defined in SAVI DHCPv6."; 1072 } 1073 identity recovery { 1074 base savi-dhcp-state; 1075 description "A state defined in SAVI DHCPv6."; 1076 } 1077 identity verify { 1078 base savi-dhcp-state; 1079 description "A state defined in SAVI DHCPv6."; 1080 } 1082 /* State data */ 1084 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 1085 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv6'"; 1086 description "Binding state table specific for SAVI DHCPv6."; 1087 container binding-state-table { 1088 description "Binding state table specific for SAVI DHCPv6."; 1089 list binding-state-entry { 1090 key "ifname address"; 1091 description "A binding state entry specific for SAVI DHCPv6."; 1092 leaf address { 1093 type inet:ipv6-address; 1094 description "The binding source IP address."; 1095 } 1096 uses savi:binding-entry; 1097 leaf state { 1098 type identityref { 1099 base savi-dhcp-state; 1100 } 1101 description "State of the entry as defined in SAVI DHCP: NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, VERIFY."; 1102 } 1103 leaf tid { 1104 type uint32; 1105 description "The Transaction ID of the corresponding DHCP transaction."; 1106 } 1107 leaf timeouts { 1108 when "/savi:savi/savi:savi-instances/savi:savi-instance/params/if-attributes/if-attribute/data-snooping = 'true'"; 1109 type uint32; 1110 description "The number of timeouts that expired in the current state."; 1111 } 1112 } 1113 } 1114 } 1116 /* Configuration Data */ 1118 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 1119 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv6'"; 1120 description "Parameters specific to SAVI DHCPv6"; 1121 container params { 1122 description "Parameters specific to SAVI DHCPv6"; 1123 leaf max-dhcp-responsetime { 1124 type yang:timeticks; 1125 default 12000; 1126 description "Maximum Solicit timeout value. Default is 120s."; 1127 reference "SOL_MAX_RT from [RFC3315]"; 1128 } 1129 leaf max-leasequery-delay { 1130 type yang:timeticks; 1131 default 1000; 1132 description "Maximum LEASEQUERY timeout value. Default is 10s."; 1133 reference "LQ_MAX_RT from [RFC5007]"; 1134 } 1135 leaf datasnooping-interval { 1136 type yang:timeticks; 1137 default 6000; 1138 description 1139 "Minimum interval between two successive EVE_DATA_UNMATCH 1140 events triggered by an attachment. Recommended interval: 1141 60s and configurable."; 1142 reference "DATA_SNOOPING_INTERVAL from [RFC7513]"; 1143 } 1144 leaf offlink-delay { 1145 type yang:timeticks; 1146 default 3000; 1147 description 1148 "Period after a client is last detected before the binding 1149 anchor is being removed. Recommended delay: 30s."; 1150 reference "OFFLINK_DELAY from [RFC7513]."; 1151 } 1152 leaf detection-timeout { 1153 type yang:timeticks; 1154 default 50; 1155 description 1156 "Maximum duration of a hardware address verification step 1157 in the VERIFY state."; 1158 reference "DETECTION_TIMEOUT from [RFC7513]"; 1159 } 1160 container if-attributes { 1161 description "Interface attributes specific to SAVI DHCPv6."; 1162 list if-attribute { 1163 key ifname; 1164 description "A list of attributes for each interface."; 1165 leaf ifname { 1166 type if:interface-ref; 1167 description "The name of the interface."; 1168 } 1169 leaf trust-attribute { 1170 type boolean; 1171 default false; 1172 description "An attribute defined in SAVI DHCP."; 1173 } 1174 leaf dhcp-trust { 1175 type boolean; 1176 default false; 1177 description "An attribute defined in SAVI DHCP."; 1178 } 1179 leaf dhcp-snooping { 1180 type boolean; 1181 default true; 1182 description "An attribute defined in SAVI DHCP."; 1183 } 1184 leaf data-snooping { 1185 type boolean; 1186 default false; 1187 description "An attribute defined in SAVI DHCP."; 1188 } 1189 leaf validating { 1190 type boolean; 1191 default true; 1192 description "An attribute defined in SAVI DHCP."; 1193 } 1194 } //list 1195 } //container 1196 } //container 1197 } //augment 1198 } 1200 1202 10. Definition of ietf-savi-send module 1204 file "ietf-savi-send@2018-01-08.yang" 1205 module ietf-savi-send { 1206 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-send"; 1207 prefix savi-send; 1208 import ietf-yang-types { 1209 prefix yang; 1210 } 1211 import ietf-inet-types { 1212 prefix inet; 1213 } 1214 import ietf-interfaces { 1215 prefix if; 1216 } 1217 import ietf-savi { 1218 prefix savi; 1219 } 1220 organization "IETF SAVI Working Group"; 1221 contact 1222 " 1223 WG Web: 1224 Editor: Changqing An 1225 1226 "; 1227 description 1228 " 1229 The Yang data module defined for SAVI SEND. 1230 "; 1232 revision 2018-01-08 { 1233 description "Initial revision."; 1234 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 1235 } 1237 /* Identities */ 1239 identity savi-send-state { 1240 base savi:binding-state; 1241 description "Base identity for the sates definition of SAVI SEND."; 1242 } 1243 identity tentative-dad { 1244 base savi-send-state; 1245 description "A state defined in SAVI SEND."; 1246 } 1247 identity tentative-nud { 1248 base savi-send-state; 1249 description "A state defined in SAVI SEND."; 1250 } 1251 identity valid { 1252 base savi-send-state; 1253 description "A state defined in SAVI SEND."; 1254 } 1256 identity testing_vp { 1257 base savi-send-state; 1258 description "A state defined in SAVI SEND."; 1259 } 1260 identity testing_vp_1 { 1261 base savi-send-state; 1262 description "A state defined in SAVI SEND."; 1263 } 1265 /* State data */ 1267 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 1268 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-send'"; 1269 description "Binding state table specific for SAVI SEND."; 1270 container binding-state-table { 1271 description "Binding state table specific for SAVI SEND."; 1272 list binding-state-entry { 1273 key "ifname address"; 1274 description "A binding state entry specific for SAVI SEND."; 1275 leaf address { 1276 type inet:ipv6-address; 1277 description "The binding source IP address."; 1278 } 1279 uses savi:binding-entry; 1280 leaf alternative-if { 1281 type if:interface-ref; 1282 description "Alternative interface is a parameter defined in SAVI SEND."; 1283 } 1285 leaf state { 1286 type identityref { 1287 base savi-send-state; 1288 } 1289 description "State of the entry as defined in SAVI SEND: TENTATIVE_DAD, TENTATIVE_NUD, VALID, TESTING_VP, TESTING_VP'"; 1290 } 1291 } 1292 } 1293 } 1295 /* Configuration Data */ 1297 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 1298 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-send'"; 1299 description "Parameters specific to SAVI SEND."; 1300 container params { 1301 description "Parameters specific to SAVI SEND."; 1302 leaf tent_lt { 1303 type yang:timeticks; 1304 default 50; 1305 description "A default value defined in SAVI SEND."; 1306 reference "TENT_LT from [RFC7219]."; 1307 } 1309 leaf default_lt { 1310 type yang:timeticks; 1311 default 30000; 1312 description "A default value defined in SAVI SEND."; 1313 reference "DEFAULT_LT from [RFC7219]"; 1314 } 1315 container if-attributes { 1316 description "Interface attributes specific to SAVI SEND."; 1317 list if-attribute { 1318 key ifname; 1319 description "A list of attributes for each interface."; 1320 leaf ifname { 1321 type if:interface-ref; 1322 description "The name of the interface."; 1323 } 1324 leaf validating { 1325 type boolean; 1326 must .=not(../trust); 1327 default true; 1328 description "SAVI SEND processing is performed in the port."; 1329 } 1331 leaf trust { 1332 type boolean; 1333 must .=not(../validating); 1334 default false; 1335 description "SAVI SEND processing is not performed in the port."; 1336 } 1337 } //list 1338 } //container 1339 } //container 1340 } //augment 1341 } 1343 1345 11. Security Considerations 1347 Configuration and state data conforming to the SAVI yang data model 1348 (defined in this document) are designed to be accessed via the 1349 NETCONF protocol [RFC6241]. The lowest NETCONF layer is the secure 1350 transport layer and the mandatory-to-implement secure transport is 1351 SSH [RFC6242]. The NETCONF access control model [RFC6536] provides 1352 the means to restrict access for particular NETCONF users to a pre- 1353 configured subset of all available NETCONF protocol operations and 1354 content. 1356 A number of data nodes defined in the YANG modules belonging to the 1357 configuration part of the SAVI data model are writable/creatable/ 1358 deletable (i.e., "config true" in YANG terms, which is the default). 1359 These data nodes may be considered sensitive or vulnerable in some 1360 network environments. Write operations to these data nodes, such as 1361 "edit-config", can have negative effects on the network if the 1362 protocol operations are not properly protected. 1364 12. IANA Considerations 1366 This document registers the following namespace URIs in the IETF XML 1367 registry [RFC3688]: 1369 URI: urn:ietf:params:xml:ns:yang:ietf-savi 1370 Registrant Contact: The IESG. 1371 XML: N/A, the requested URI is an XML namespace. 1373 URI: urn:ietf:params:xml:ns:yang:ietf-savi-fcfs 1374 Registrant Contact: The IESG. 1375 XML: N/A, the requested URI is an XML namespace. 1377 URI: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv4 1378 Registrant Contact: The IESG. 1379 XML: N/A, the requested URI is an XML namespace. 1381 URI: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv6 1382 Registrant Contact: The IESG. 1383 XML: N/A, the requested URI is an XML namespace. 1385 URI: urn:ietf:params:xml:ns:yang:ietf-savi-send 1386 Registrant Contact: The IESG. 1387 XML: N/A, the requested URI is an XML namespace. 1389 This document registers the following YANG modules in the YANG Module 1390 Names registry [RFC6020]: 1392 name: ietf-savi 1393 namespace: urn:ietf:params:xml:ns:yang:ietf-savi 1394 prefix: savi 1395 reference: RFC XXXX 1397 name: ietf-savi-fcfs 1398 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-fcfs 1399 prefix: savi-fcfs 1400 reference: RFC XXXX 1402 name: ietf-savi-dhcpv4 1403 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv4 1404 prefix: savi-dhcpv4 1405 reference: RFC XXXX 1407 name: ietf-savi-dhcpv6 1408 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv6 1409 prefix: savi-dhcpv6 1410 reference: RFC XXXX 1412 name: ietf-savi-send 1413 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-send 1414 prefix: savi-send 1415 reference: RFC XXXX 1417 13. Contributors 1419 14. References 1421 14.1. Normative References 1423 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1424 Requirement Levels", BCP 14, RFC 2119, 1425 DOI 10.17487/RFC2119, March 1997, 1426 . 1428 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 1429 RFC 2131, DOI 10.17487/RFC2131, March 1997, 1430 . 1432 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 1433 C., and M. Carney, "Dynamic Host Configuration Protocol 1434 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 1435 2003, . 1437 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1438 the Network Configuration Protocol (NETCONF)", RFC 6020, 1439 DOI 10.17487/RFC6020, October 2010, 1440 . 1442 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1443 and A. Bierman, Ed., "Network Configuration Protocol 1444 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1445 . 1447 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1448 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1449 . 1451 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1452 Protocol (NETCONF) Access Control Model", RFC 6536, 1453 DOI 10.17487/RFC6536, March 2012, 1454 . 1456 [RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS 1457 SAVI: First-Come, First-Served Source Address Validation 1458 Improvement for Locally Assigned IPv6 Addresses", 1459 RFC 6620, DOI 10.17487/RFC6620, May 2012, 1460 . 1462 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1463 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1464 . 1466 [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed., 1467 "Source Address Validation Improvement (SAVI) Framework", 1468 RFC 7039, DOI 10.17487/RFC7039, October 2013, 1469 . 1471 [RFC7219] Bagnulo, M. and A. Garcia-Martinez, "SEcure Neighbor 1472 Discovery (SEND) Source Address Validation Improvement 1473 (SAVI)", RFC 7219, DOI 10.17487/RFC7219, May 2014, 1474 . 1476 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1477 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1478 . 1480 [RFC7513] Bi, J., Wu, J., Yao, G., and F. Baker, "Source Address 1481 Validation Improvement (SAVI) Solution for DHCP", 1482 RFC 7513, DOI 10.17487/RFC7513, May 2015, 1483 . 1485 14.2. Informative References 1487 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 1488 RFC 2223, DOI 10.17487/RFC2223, October 1997, 1489 . 1491 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1492 DOI 10.17487/RFC2629, June 1999, 1493 . 1495 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1496 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 1497 . 1499 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1500 "Introduction and Applicability Statements for Internet- 1501 Standard Management Framework", RFC 3410, 1502 DOI 10.17487/RFC3410, December 2002, 1503 . 1505 [RFC4181] Heard, C., Ed., "Guidelines for Authors and Reviewers of 1506 MIB Documents", BCP 111, RFC 4181, DOI 10.17487/RFC4181, 1507 September 2005, . 1509 [RFC4293] Routhier, S., Ed., "Management Information Base for the 1510 Internet Protocol (IP)", RFC 4293, DOI 10.17487/RFC4293, 1511 April 2006, . 1513 14.3. URL References 1515 [idguidelines] 1516 IETF Internet Drafts editor, 1517 "http://www.ietf.org/ietf/1id-guidelines.txt". 1519 [idnits] IETF Internet Drafts editor, 1520 "http://www.ietf.org/ID-Checklist.html". 1522 [ietf] IETF Tools Team, "http://tools.ietf.org". 1524 [ops] the IETF OPS Area, "http://www.ops.ietf.org". 1526 [xml2rfc] XML2RFC tools and documentation, 1527 "http://xml.resource.org". 1529 Appendix A. The Complete Data Trees 1531 This appendix presents the complete configuration and state data 1532 trees of the SAVI data model. See Section 2.2 for an explanation of 1533 the symbols used. Data type of every leaf node is shown near the 1534 right end of the corresponding line. 1536 module: ietf-savi 1537 +--ro savi-state 1538 | +--ro savi-instances 1539 | | +--ro savi-instance* [savi-method] 1540 | | +--ro savi-method string 1541 | | +--ro preference? uint32 1542 | | +--ro savi-fcfs:binding-state-table 1543 | | | +--ro savi-fcfs:binding-state-entry* [ifname address] 1544 | | | +--ro savi-fcfs:address inet:ipv6-address 1545 | | | +--ro savi-fcfs:ifname if:interface-ref 1546 | | | +--ro savi-fcfs:mac? yang:mac-address 1547 | | | +--ro savi-fcfs:lifetime yang:timeticks 1548 | | | +--ro savi-fcfs:state? identityref 1549 | | +--ro savi-dhcpv4:binding-state-table 1550 | | | +--ro savi-dhcpv4:binding-state-entry* [ifname address] 1551 | | | +--ro savi-dhcpv4:address inet:ipv4-address 1552 | | | +--ro savi-dhcpv4:ifname if:interface-ref 1553 | | | +--ro savi-dhcpv4:mac? yang:mac-address 1554 | | | +--ro savi-dhcpv4:lifetime yang:timeticks 1555 | | | +--ro savi-dhcpv4:state? identityref 1556 | | | +--ro savi-dhcpv4:tid? uint32 1557 | | | +--ro savi-dhcpv4:timeouts? uint32 1558 | | +--ro savi-dhcpv6:binding-state-table 1559 | | | +--ro savi-dhcpv6:binding-state-entry* [ifname address] 1560 | | | +--ro savi-dhcpv6:address inet:ipv6-address 1561 | | | +--ro savi-dhcpv6:ifname if:interface-ref 1562 | | | +--ro savi-dhcpv6:mac? yang:mac-address 1563 | | | +--ro savi-dhcpv6:lifetime yang:timeticks 1564 | | | +--ro savi-dhcpv6:state? identityref 1565 | | | +--ro savi-dhcpv6:tid? uint32 1566 | | | +--ro savi-dhcpv6:timeouts? uint32 1567 | | +--ro savi-send:binding-state-table 1568 | | +--ro savi-send:binding-state-entry* [ifname address] 1569 | | +--ro savi-send:address inet:ipv6-address 1570 | | +--ro savi-send:ifname if:interface-ref 1571 | | +--ro savi-send:mac? yang:mac-address 1572 | | +--ro savi-send:lifetime yang:timeticks 1573 | | +--ro savi-send:alternative-if? if:interface-ref 1574 | | +--ro savi-send:state? identityref 1575 | +--ro binding-table 1576 | | +--ro ipv4 1577 | | | +--ro binding-entry* [ifname address] 1578 | | | +--ro address inet:ipv4-address 1579 | | | +--ro ifname if:interface-ref 1580 | | | +--ro mac? yang:mac-address 1581 | | | +--ro lifetime yang:timeticks 1582 | | | +--ro creationtime yang:timestamp 1583 | | | +--ro binding-method string 1584 | | +--ro ipv6 1585 | | +--ro binding-entry* [ifname address] 1586 | | +--ro address inet:ipv6-address 1587 | | +--ro ifname if:interface-ref 1588 | | +--ro mac? yang:mac-address 1589 | | +--ro lifetime yang:timeticks 1590 | | +--ro creationtime yang:timestamp 1591 | | +--ro binding-method string 1592 | +--ro statistics 1593 | +--ro if-filtering-pks* [ifname] 1594 | +--ro ifname if:interface-ref 1595 | +--ro filtering-pks? uint32 1596 +--rw savi 1597 +--rw savi-instances 1598 | +--rw savi-instance* [savi-method] 1599 | +--rw savi-method string 1600 | +--rw enable? boolean 1601 | +--rw preference? uint32 1602 | +--rw savi-fcfs:params 1603 | | +--rw savi-fcfs:tent_lt? yang:timeticks 1604 | | +--rw savi-fcfs:default_lt? yang:timeticks 1605 | | +--rw savi-fcfs:twait? yang:timeticks 1606 | | +--rw savi-fcfs:if-attributes 1607 | | +--rw savi-fcfs:if-attribute* [ifname] 1608 | | +--rw savi-fcfs:ifname if:interface-ref 1609 | | +--rw savi-fcfs:validating? boolean 1610 | | +--rw savi-fcfs:trust? boolean 1611 | +--rw savi-dhcpv4:params 1612 | | +--rw savi-dhcpv4:max-dhcp-responsetime? yang:timeticks 1613 | | +--rw savi-dhcpv4:max-leasequery-delay? yang:timeticks 1614 | | +--rw savi-dhcpv4:datasnooping-interval? yang:timeticks 1615 | | +--rw savi-dhcpv4:offlink-delay? yang:timeticks 1616 | | +--rw savi-dhcpv4:detection-timeout? yang:timeticks 1617 | | +--rw savi-dhcpv4:if-attributes 1618 | | +--rw savi-dhcpv4:if-attribute* [ifname] 1619 | | +--rw savi-dhcpv4:ifname if:interface-ref 1620 | | +--rw savi-dhcpv4:trust-attribute? boolean 1621 | | +--rw savi-dhcpv4:dhcp-trust? boolean 1622 | | +--rw savi-dhcpv4:dhcp-snooping? boolean 1623 | | +--rw savi-dhcpv4:data-snooping? boolean 1624 | | +--rw savi-dhcpv4:validating? boolean 1625 | +--rw savi-dhcpv6:params 1626 | | +--rw savi-dhcpv6:max-dhcp-responsetime? yang:timeticks 1627 | | +--rw savi-dhcpv6:max-leasequery-delay? yang:timeticks 1628 | | +--rw savi-dhcpv6:datasnooping-interval? yang:timeticks 1629 | | +--rw savi-dhcpv6:offlink-delay? yang:timeticks 1630 | | +--rw savi-dhcpv6:detection-timeout? yang:timeticks 1631 | | +--rw savi-dhcpv6:if-attributes 1632 | | +--rw savi-dhcpv6:if-attribute* [ifname] 1633 | | +--rw savi-dhcpv6:ifname if:interface-ref 1634 | | +--rw savi-dhcpv6:trust-attribute? boolean 1635 | | +--rw savi-dhcpv6:dhcp-trust? boolean 1636 | | +--rw savi-dhcpv6:dhcp-snooping? boolean 1637 | | +--rw savi-dhcpv6:data-snooping? boolean 1638 | | +--rw savi-dhcpv6:validating? boolean 1639 | +--rw savi-send:params 1640 | +--rw savi-send:tent_lt? yang:timeticks 1641 | +--rw savi-send:default_lt? yang:timeticks 1642 | +--rw savi-send:if-attributes 1643 | +--rw savi-send:if-attribute* [ifname] 1644 | +--rw savi-send:ifname if:interface-ref 1645 | +--rw savi-send:validating? boolean 1646 | +--rw savi-send:trust? boolean 1647 +--rw if-filtering-attributes 1648 | +--rw if-filtering-attribute* [ifname] 1649 | +--rw ifname if:interface-ref 1650 | +--rw filtering-enabled? boolean 1651 +--rw binding-table 1652 +--rw ipv4 1653 | +--rw binding-entry* [ifname address] 1654 | +--rw address inet:ipv4-address 1655 | +--rw ifname if:interface-ref 1656 | +--rw mac? yang:mac-address 1657 | +--rw lifetime yang:timeticks 1658 | +--rw creationtime yang:timestamp 1659 | +--rw binding-method string 1660 +--rw ipv6 1661 +--rw binding-entry* [ifname address] 1662 +--rw address inet:ipv6-address 1663 +--rw ifname if:interface-ref 1664 +--rw mac? yang:mac-address 1665 +--rw lifetime yang:timeticks 1666 +--rw creationtime yang:timestamp 1667 +--rw binding-method string 1669 Appendix B. Change Log 1671 Authors' Addresses 1673 Changqing An 1674 Tsinghua University 1675 Institute for Network Sciences and Cyberspace, Tsinghua University 1676 Beijing 100084 1677 China 1679 Phone: +86 10 62603113 1680 EMail: acq@tsinghua.edu.cn 1682 Jiahai Yang 1683 Tsinghua University 1684 Institute for Network Sciences and Cyberspace, Tsinghua University 1685 Beijing 100084 1686 China 1688 Phone: +86 10 62783492 1689 EMail: yang@cernet.edu.cn 1691 Jianping Wu 1692 Tsinghua University 1693 Institute for Network Sciences and Cyberspace, Tsinghua University 1694 Beijing 100084 1695 China 1697 EMail: jianping@cernet.edu.cn 1699 Jun Bi 1700 Tsinghua University 1701 Institute for Network Sciences and Cyberspace, Tsinghua University 1702 Beijing 100084 1703 China 1705 EMail: junbi@cernet.edu.cn