idnits 2.17.1 draft-an-savi-yang-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 79 instances of too long lines in the document, the longest one being 67 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 360 has weird spacing: '...ifetime yan...' == Line 366 has weird spacing: '...ifetime yan...' == Line 1577 has weird spacing: '...ifetime yan...' == Line 1584 has weird spacing: '...ifetime yan...' == Line 1593 has weird spacing: '...ifetime yan...' == (4 more instances...) == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (August 10, 2018) is 2084 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Missing Reference: 'RFC3688' is mentioned on line 1397, but not defined == Unused Reference: 'RFC2131' is defined on line 1458, but no explicit reference was found in the text == Unused Reference: 'RFC3315' is defined on line 1462, but no explicit reference was found in the text == Unused Reference: 'RFC2223' is defined on line 1517, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1521, but no explicit reference was found in the text == Unused Reference: 'RFC2863' is defined on line 1525, but no explicit reference was found in the text == Unused Reference: 'RFC3410' is defined on line 1529, but no explicit reference was found in the text == Unused Reference: 'RFC4181' is defined on line 1535, but no explicit reference was found in the text == Unused Reference: 'RFC4293' is defined on line 1539, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) -- Obsolete informational reference (is this intentional?): RFC 2223 (Obsoleted by RFC 7322) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 4 errors (**), 0 flaws (~~), 17 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SAVI C. An 3 Internet-Draft J. Yang 4 Intended status: Experimental J. Wu 5 Expires: February 11, 2019 J. Bi 6 Tsinghua University 7 August 10, 2018 9 A Yang Data Model for SAVI Management 10 draft-an-savi-yang-04 12 Abstract 14 This document contains a specification of YANG modules for the 15 management of SAVI (Source Address Validation Improvements) protocol. 17 The core SAVI data module ietf-savi serves as a framework for 18 configuring and managing SAVI instance and provides common building 19 blocks. It is expected to be augmented by additional YANG modules 20 for specific IP address assignment methods. 22 The other four modules augment the core SAVI data module and define 23 data models for different IP address assignment methods. Module 24 ietf-savi-fcfs defines module specific for Stateless Address Auto 25 Configuration (SLAAC), module ietf-savi-dhcpv4 and ietf-savi-dhcpv6 26 define modules specific for Dynamic Host Configuration Protocol 27 version 4 and version 6 (DHCPv4 and DHCPv6), and module ietf-savi- 28 send defines module specific for Secure Neighbor Discovery (SEND). 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on February 11, 2019. 47 Copyright Notice 49 Copyright (c) 2018 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3 66 2.1. Glossary of New Terms . . . . . . . . . . . . . . . . . . 6 67 2.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 6 68 2.3. Prefixes in Data Node Names . . . . . . . . . . . . . . . 7 69 3. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . 7 70 4. The Design of the SAVI Data Model . . . . . . . . . . . . . . 7 71 4.1. System-Controlled and User-Controlled List Entries . . . 9 72 5. Basic Building Blocks . . . . . . . . . . . . . . . . . . . . 10 73 5.1. SAVI Instance . . . . . . . . . . . . . . . . . . . . . . 10 74 5.2. Binding Table . . . . . . . . . . . . . . . . . . . . . . 10 75 5.3. Binding State Table . . . . . . . . . . . . . . . . . . . 10 76 5.4. Interface Attribute . . . . . . . . . . . . . . . . . . . 11 77 5.5. SAVI Statistics . . . . . . . . . . . . . . . . . . . . . 11 78 6. Definition of ietf-savi module . . . . . . . . . . . . . . . 11 79 7. Definition of ietf-savi-fcfs module . . . . . . . . . . . . . 16 80 8. Definition of ietf-savi-dhcpv4 module . . . . . . . . . . . . 19 81 9. Definition of ietf-savi-dhcpv6 module . . . . . . . . . . . . 23 82 10. Definition of ietf-savi-send module . . . . . . . . . . . . . 27 83 11. Security Considerations . . . . . . . . . . . . . . . . . . . 30 84 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 85 13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 31 86 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 87 14.1. Normative References . . . . . . . . . . . . . . . . . . 31 88 14.2. Informative References . . . . . . . . . . . . . . . . . 33 89 14.3. URL References . . . . . . . . . . . . . . . . . . . . . 33 90 Appendix A. The Complete Data Trees . . . . . . . . . . . . . . 34 91 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 36 92 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 94 1. Introduction 96 The Source Address Validation Improvement protocol was developed to 97 complement ingress filtering with finer-grained, standard IP source 98 address validation( [RFC7039]). A SAVI protocol instance is located 99 on the path of hosts' packets, enforcing the hosts' use of legitimate 100 IP source addresses. 102 SAVI protocol determines whether the IP address obtaining process is 103 legitimate according to IP address assignment method. For links with 104 Stateless Address Auto Configuration (SLAAC), the process is defined 105 in [RFC6620]. For links with Dynamic Host Configuration Protocol 106 (DHCP), the process is defined in [RFC7513]. For links with Secure 107 Neighbor Discovery (SEND), the process is defined in [RFC7219]. 109 This document contains a core SAVI data module serving as a framework 110 for configuring and managing SAVI instance and provides common 111 building blocks. The other four modules augment the core SAVI data 112 module and define data models for different IP address assignment 113 methods. 115 o Module "ietf-savi" defines a core data module which provides 116 generic components of SAVI data model, and is intended as a basis 117 for future data model development covering more IP address 118 assignment methods. 120 o Module "ietf-savi-fcfs" augments the "ietf-savi" module with 121 additional data specific to SAVI FCFS ([RFC6620]). 123 o Module "ietf-savi-dhcp4" augments the "ietf-savi" module with 124 additional data specific to SAVI DHCP ([RFC7513]) for IPv4 address 125 assignment. 127 o Module "ietf-savi-dhcp6" augments the "ietf-savi" module with 128 additional data specific to SAVI DHCP ([RFC7513]) for IPv6 address 129 assignment. 131 o Module "ietf-savi-send" augments the "ietf-savi" module with 132 additional data specific to SAVI SEND ( [RFC7219]). 134 2. Terminology and Notation 136 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 137 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 138 document are to be interpreted as described in RFC 2119 [RFC2119]. 140 The following terms are defined in RFC6241 [RFC6241]: 142 o client, 144 o message, 146 o protocol operation, 148 o server 150 The following terms are defined in RFC6020 [RFC6020]: 152 o augment, 154 o configuration data, 156 o container, 158 o data model, 160 o data node, 162 o leaf, 164 o list, 166 o mandatory node, 168 o module 170 The following terms are defined in [RFC7039]. 172 o IP Address Assignment Methods, 174 o SAVI method, 176 o Binding Anchors, 178 o SAVI instance 180 The following terms are defined in [RFC6620]. 182 o SAVI FCFS, 184 o Validating Ports (VPs), 186 o Trusted Ports (TPs), 188 o Lifetime 189 o Status: either NO_BIND, TENTATIVE, VALID, TESTING_VP, or 190 TESTING_TP-LT, 192 o Creation time, 194 o TENT_LT, 196 o DEFAULT_LT, 198 o T_WAIT 200 The following terms are defined in [RFC7513]. 202 o SAVI DHCP, 204 o Binding entry: A rule that associates an IP address with a binding 205 anchor, 207 o Binding State Table (BST): The data structure that contains the 208 binding entries, 210 o Binding entry limit: The maximum number of binding entries that 211 may be associated with a binding anchor, 213 o Status: either NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, or 214 VERIFY, 216 o Trust Attribute, 218 o DHCP-Trust Attribute, 220 o DHCP-Snooping Attribute, 222 o Data-Snooping Attribute, 224 o Validating Attribute, 226 o MAX_DHCP_RESPONSE_TIME, 228 o MAX_LEASEQUERY_DELAY, 230 o DETECTION_TIMEOUT, 232 o DATA_SNOOPING_INTERVAL, 234 o OFFLINK_DELAY 236 The following terms are defined in [RFC6620]. 238 o SAVI SEND, 240 o Validating Ports (VPs), 242 o Trusted Ports (TPs), 244 o Status: either TENTATIVE_DAD, TENTATIVE_NUD, VALID, TESTING_VP, or 245 TESTING_VP', 247 o TENT_LT, 249 o DEFAULT_LT 251 2.1. Glossary of New Terms 253 system-controlled entry: An entry of a list in state data ("config 254 false") that is created by the system independently of what has been 255 explicitly configured. See Section 4.1 for details. 257 user-controlled entry: An entry of a list in state data ("config 258 false") that is created and deleted as a direct consequence of 259 certain configuration changes. See Section 4.1 for details. 261 2.2. Tree Diagrams 263 Simplified graphical representation of the data tree is presented in 264 this document. The meaning of the symbols in these diagrams is as 265 follows: 267 o Brackets "[" and "]" enclose list keys. 269 o Curly braces "{" and "}" contain names of optional features that 270 make the corresponding node conditional. 272 o Abbreviations before data node names: "rw" means configuration 273 (read-write), "ro" state data (read-only), "-x" RPC operations, 274 and "-n" notifications. 276 o Symbols after data node names: "?" means an optional node, "!" a 277 container with presence, and "*" denotes a "list" or "leaf-list". 279 o Parentheses enclose choice and case nodes, and case nodes are also 280 marked with a colon (":"). 282 o Ellipsis ("...") stands for contents of subtrees that are not 283 shown. 285 2.3. Prefixes in Data Node Names 287 In this document, names of data nodes, RPC operations and other data 288 model objects are often used without a prefix, as long as it is clear 289 from the context in which YANG module each name is defined. 290 Otherwise, names are prefixed using the standard prefix associated 291 with the corresponding YANG module, as shown in Table 1. 293 +---------------+---------------------------+------------+ 294 | Prefix | YANG module | Reference | 295 +---------------+---------------------------+------------+ 296 | if | ietf-interfaces | [RFC7223] | 297 | savi | ietf-savi | Section 6 | 298 | savi-fcfs | ietf-savi-fcfs | Section 7 | 299 | savi-dhcpv4 | ietf-savi-dhcpv4 | Section 8 | 300 | savi-dhcpv6 | ietf-savi-dhcpv6 | Section 9 | 301 | savi-send | ietf-savi-send | Section 10 | 302 | yang | ietf-yang-types | [RFC6991] | 303 | inet | ietf-inet-types | [RFC6991] | 304 +---------------+---------------------------+------------+ 306 Table 1: Prefixes and corresponding YANG modules 308 3. Objectives 310 The initial design of the SAVI data model was driven by the following 311 objectives: 313 o The data model should be suitable for different IP address 314 assignment method proposed now, and can be augmented to support 315 new IP address assignment method in different scenarios, such as 316 WLAN, IPv4/IPv6 Transition Network, etc. 318 o The data model should be suitable for the common address families, 319 in particular IPv4 and IPv6. 321 o A simple IP assignment system, such as one that uses only static 322 IP, should be configurable in a simple way, which are called savi- 323 manual. 325 4. The Design of the SAVI Data Model 327 The SAVI data model consists of five YANG modules. The first module, 328 "ietf-savi", defines the generic components of a SAVI system. The 329 other four modules, "ietf-savi-fcfs", "ietf-savi-dhcpv4", "ietf-savi- 330 dhcpv6" and "ietf-savi-send", augment the "ietf-savi" module with 331 additional data nodes that are needed for the specific IP address 332 assignment method, respectively. Figures 1 and 2 show abridged views 333 of the configuration and state data hierarchies. See Appendix A for 334 the complete data trees. 336 +--rw savi 337 +--rw savi-instances 338 | +--rw savi-instance* [savi-method] 339 | +--rw savi-method string 340 | +--rw enable? boolean 341 | +--rw preference? uint32 342 | +--rw savi-fcfs:params 343 | | +--... 344 | +--rw savi-dhcpv4:params 345 | | +--... 346 | +--rw savi-dhcpv6:params 347 | | +--... 348 | +--rw savi-send:params 349 | +--... 350 +--rw interfaces 351 | +--rw interface* [ifname] 352 | +--rw ifname if:interface-ref 353 | +--rw filtering-enabled? boolean 354 +--rw manual-binding-table 355 +--rw ipv4 356 | +--rw binding-entry* [ifname address] 357 | +--rw address inet:ipv4-address 358 | +--rw ifname if:interface-ref 359 | +--rw mac? yang:mac-address 360 | +--rw lifetime yang:timeticks 361 +--rw ipv6 362 +--rw binding-entry* [ifname address] 363 +--rw address inet:ipv6-address 364 +--rw ifname if:interface-ref 365 +--rw mac? yang:mac-address 366 +--rw lifetime yang:timeticks 368 Figure 1: Configuration data hierarchy. 370 +--ro savi-state 371 +--ro savi-instances 372 | | +--ro savi-instance* [savi-method] 373 | | +--ro savi-method string 374 | | +--ro preference? uint32 375 | | +--ro savi-fcfs:binding-state-table 376 | | | +--ro savi-fcfs:binding-state-entry* [ifname address] 377 | | | +--... 378 | | +--ro savi-dhcpv4:binding-state-table 379 | | | +--ro savi-dhcpv4:binding-state-entry* [ifname address] 380 | | | +--... 381 | | +--ro savi-dhcpv6:binding-state-table 382 | | | +--ro savi-dhcpv6:binding-state-entry* [ifname address] 383 | | | +--... 384 | | +--ro savi-send:binding-state-table 385 | | +--ro savi-send:binding-state-entry* [ifname address] 386 | | +--... 387 | +--ro binding-table 388 | | +--ro ipv4 389 | | | +--ro binding-entry* [ifname address] 390 | | | +--... 391 | | +--ro ipv6 392 | | +--ro binding-entry* [ifname address] 393 | | +--... 394 | +--ro statistics 395 | +--ro if-filtering-pks* [ifname] 396 | +--ro ifname if:interface-ref 397 | +--ro filtering-pks? uint32 399 Figure 2: State data hierarchy. 401 As can be seen from Figures 1 and 2, the SAVI data model includes 402 several generic components: SAVI instance, binding table, binding 403 state table, interface attribute, and statistics. Section 5 404 describes these components in more detail. 406 4.1. System-Controlled and User-Controlled List Entries 408 The SAVI data model defines several lists in the schema tree, such as 409 "binding-table". 411 In such a list, the server creates the required item as a so-called 412 system-controlled entry in state data, i.e., inside the "binding- 413 table" container. 415 Additional entries may be created in the configuration by a client, 416 e.g., via the NETCONF protocol. These are so-called user-controlled 417 entries. If the server accepts a configured user-controlled entry, 418 then this entry also appears in the state data version of the list. 420 Corresponding entries in both versions of the list (in state data and 421 configuration) have the same value of the list key. 423 A client may also provide supplemental configuration of system- 424 controlled entries. To do so, the client creates a new entry in the 425 configuration with the desired contents. In order to bind this entry 426 to the corresponding entry in the state data list, the key of the 427 configuration entry has to be set to the same value as the key of the 428 state entry. 430 Deleting a user-controlled entry from the configuration list results 431 in the removal of the corresponding entry in the state data list. In 432 contrast, if a system-controlled entry is deleted from the 433 configuration list, only the extra configuration specified in that 434 entry is removed but the corresponding state data entry remains in 435 the list. 437 5. Basic Building Blocks 439 This section presents the basic building blocks of the SAVI data 440 model. 442 5.1. SAVI Instance 444 SAVI data model supports one or more IP address assignment method. 445 Each SAVI method runs as a SAVI instance. Each SAVI instance has 446 separate configuration and state data. The SAVI instance can be set 447 to enable or disable and be configured with preference value. When 448 multiple SAVI instance running in the same system, the binding entry 449 with high preference will be used to filter packets. 451 5.2. Binding Table 453 Entries in binding table are used to filter packets. Each binding 454 entry includes source IP address, mac address, interface name, 455 lifetime, creation time, binding method. Entries will be inserted or 456 deleted by SAVI instance. And an entry can also be inserted or 457 deleted by client if it is a manual binding entry. 459 5.3. Binding State Table 461 There is a binding state table for each IP address assignment method. 462 Each binding state entry includes source IP address, mac address, 463 interface name, state, lifetime, and other parameters specific for 464 the SAVI method. For different SAVI method, the state is different. 465 e.g. for SAVI FCFS, the state includes NO_BIND, TENTATIVE, VALID, 466 TESTING_VP, and TESTING_TP-LT, and for SAVI DHCP, the state includes 467 NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, and VERIFY. 469 5.4. Interface Attribute 471 There is corresponding interface attribute for each SAVI method. 472 Such as for SAVI FCFS, the interface attribute includes Validating 473 Port and Trusted Port, for SAVI DHCP, the interface attributes 474 includes Trust Attribute, DHCP-Trust Attribute, DHCP-Snooping 475 Attribute, Data-Snooping Attribute, and Validating Attribute. 477 5.5. SAVI Statistics 479 The SAVI Statistics contains counters for the collection of 480 statistics, including count of packets dropped because of IP address 481 validation. 483 6. Definition of ietf-savi module 485 file "ietf-savi@2018-08-09.yang" 486 module ietf-savi { 487 namespace "urn:ietf:params:xml:ns:yang:ietf-savi"; 488 prefix savi; 489 import ietf-yang-types { 490 prefix yang; 491 } 492 import ietf-inet-types { 493 prefix inet; 494 } 495 import ietf-interfaces { 496 prefix if; 497 } 498 organization "IETF SAVI Working Group"; 499 contact 500 " 501 WG Web: 502 Editor: Changqing An 503 504 "; 505 description 506 "This YANG module defines essential components for the management 507 of a savi subsystem."; 509 revision 2018-08-09{ 510 description "Initial revision."; 511 reference "DRAFT XXX: A YANG Data Model for SAVI Management."; 512 } 514 /* Identities */ 516 identity binding-state { 517 description "Base identity for the sates of binding entry."; 518 } 520 /* Groupings */ 522 grouping binding-entry { 523 description "This grouping provides basic parameters of a binding entry."; 525 leaf ifname { 526 type if:interface-ref; 527 description "The name of the interface."; 529 } 530 leaf mac { 531 type yang:mac-address; 532 description "The binding source mac address."; 533 } 534 leaf lifetime { 535 type yang:timeticks; 536 mandatory true; 537 description 538 "The remaining lifetime of the entry."; 539 } 540 } 542 grouping binding-table { 543 description "This grouping defines binding table for both IPv4 and IPv6."; 544 container binding-table { 545 description "Container for binding table."; 547 container ipv4 { 548 description "Container for binding table for IPv4 protocol."; 549 list binding-entry { 550 key "ifname address"; 551 description "Definition of a binding entry"; 552 leaf address { 553 type inet:ipv4-address; 554 description "IPv4 address of the binding host."; 555 } 556 uses binding-entry; 557 leaf creationtime { 558 type yang:timestamp; 559 mandatory true; 560 description "The value of the local clock when the entry was firstly created."; 561 } 562 leaf binding-method { 563 type string; 564 mandatory true; 565 description "IP address assignment methods."; 566 } 567 } 568 } 570 container ipv6 { 571 description "Container for binding table for IPv4 protocol."; 572 list binding-entry { 573 key "ifname address"; 574 description "Definition of a binding entry"; 575 leaf address { 576 type inet:ipv6-address; 577 description "IPv6 address of the binding host."; 578 } 579 uses binding-entry; 580 leaf creationtime { 581 type yang:timestamp; 582 mandatory true; 583 description "The value of the local clock when the entry was firstly created."; 584 } 585 leaf binding-method { 586 type string; 587 mandatory true; 588 description "IP address assignment methods."; 589 } 590 } 591 } 592 } 593 } 595 grouping manual-binding-table { 596 description "This grouping defines manual binding table for both IPv4 and IPv6."; 597 container manual-binding-table { 598 description "Container for binding table."; 600 container ipv4 { 601 description "Container for binding table for IPv4 protocol."; 602 list binding-entry { 603 key "ifname address"; 604 description "Definition of a binding entry"; 605 leaf address { 606 type inet:ipv4-address; 607 description "IPv4 address of the binding host."; 608 } 609 uses binding-entry; 610 } 612 } 614 container ipv6 { 615 description "Container for binding table for IPv4 protocol."; 616 list binding-entry { 617 key "ifname address"; 618 description "Definition of a binding entry"; 619 leaf address { 620 type inet:ipv6-address; 621 description "IPv6 address of the binding host."; 622 } 623 uses binding-entry; 624 } 625 } 626 } 627 } 629 /* State data */ 631 container savi-state { 632 config false; 633 description "State data of the savi subsystem."; 635 container savi-instances { 636 description "Container of parameters for each savi method."; 637 list savi-instance { 638 key savi-method; 639 description "A list of parameters for each savi method."; 640 leaf savi-method { 641 type string; 642 description "IP address assignment methods."; 643 } 644 leaf preference { 645 type uint32; 646 description "Preference of the savi method."; 647 } 648 } 649 } 651 uses binding-table; 652 container statistics { 653 description "Container of statistics parameters for savi subsystem."; 654 list if-filtering-pks { 655 key ifname; 656 description "A list of parameters for counting filtering packets."; 657 leaf ifname { 658 type if:interface-ref; 659 description "The name of the interface."; 661 } 662 leaf filtering-pks { 663 type uint32; 664 description "The count of filtering packets."; 665 } 666 } 667 } 668 } 670 /* Configuration Data */ 672 container savi { 673 description "Configuration data of the savi subsystem."; 674 container savi-instances { 675 description "Container of parameters for each savi method."; 676 list savi-instance { 677 key savi-method; 678 description "A list of parameters for each savi method."; 679 leaf savi-method { 680 type string; 681 description "IP address assignment methods."; 682 } 683 leaf enable { 684 type boolean; 685 description "If the savi method is enabled?"; 686 } 687 leaf preference { 688 type uint32; 689 description "Preference of the savi method."; 690 } 691 } 692 } 694 container if-filtering-attributes { 695 description "Container for defining filtering attributes of each interface, common for every savi instance."; 696 list if-filtering-attribute { 697 key ifname; 698 description "A list of filtering attributes for each interface."; 699 leaf ifname { 700 type if:interface-ref; 701 description "The name of the interface."; 702 } 703 leaf filtering-enabled { 704 type boolean; 705 default true; 706 description "If the filtering attribute is enabled? "; 707 } 708 } 710 } 711 /* Binding table for manual entry which can be configured by operators*/ 712 uses manual-binding-table; 713 } //container savi 714 } 716 718 7. Definition of ietf-savi-fcfs module 720 file "ietf-savi-fcfs@2018-08-09.yang" 721 module ietf-savi-fcfs { 722 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-fcfs"; 723 prefix savi-fcfs; 724 import ietf-yang-types { 725 prefix yang; 726 } 727 import ietf-inet-types { 728 prefix inet; 729 } 730 import ietf-interfaces { 731 prefix if; 732 } 734 import ietf-savi { 735 prefix savi; 736 } 737 organization "IETF SAVI Working Group"; 738 contact 739 " 740 WG Web: 741 Editor: Changqing An 742 743 "; 744 description 745 " 746 The Yang data module defined for SAVI FCFS. 747 "; 749 revision 2018-08-09 { 750 description "Initial revision."; 751 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 752 } 754 /* Identities */ 756 identity savi-fcfs-state { 757 base savi:binding-state; 758 description "Base identity for the sates definition of SAVI FCFS."; 759 } 760 identity tentative { 761 base savi-fcfs-state; 762 description "A state defined in SAVI FCFS."; 763 } 764 identity valid { 765 base savi-fcfs-state; 766 description "A state defined in SAVI FCFS."; 767 } 768 identity testing_vp { 769 base savi-fcfs-state; 770 description "A state defined in SAVI FCFS."; 771 } 772 identity testing_vp-lt { 773 base savi-fcfs-state; 774 description "A state defined in SAVI FCFS."; 775 } 777 /* State data */ 779 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 780 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-fcfs'"; 781 description "Binding state table specific for SAVI FCFS."; 782 container binding-state-table { 783 description "Binding state table specific for SAVI FCFS."; 784 list binding-state-entry { 785 key "ifname address"; 786 description "A binding status entry specific for SAVI FCFS."; 787 leaf address { 788 type inet:ipv6-address; 789 description "The binding source IP address."; 790 } 791 uses savi:binding-entry; 792 leaf state { 793 type identityref { 794 base savi-fcfs-state; 795 } 796 description "State of the entry as defined in SAVI FCFS: NO_BIND, TENTATIVE, VALID, TESTING_VP, TESTING_TP-LT"; 797 } 798 } 799 } 800 } 802 /* Configuration Data */ 804 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 805 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-fcfs'"; 806 description "Parameters specific to SAVI FCFS."; 807 container params { 808 description "Parameters specific to SAVI FCFS."; 809 leaf tent_lt { 810 type yang:timeticks; 811 default 50; 812 description "A default value defined in SAVI FCFS."; 813 reference "TENT_LT from [RFC6620]."; 814 } 816 leaf default_lt { 817 type yang:timeticks; 818 default 30000; 819 description "A default value defined in SAVI FCFS."; 820 reference "DEFAULT_LT from [RFC6620]"; 821 } 823 leaf twait { 824 type yang:timeticks; 825 default 25; 826 description "A default value defined in SAVI FCFS"; 827 reference "T_WAIT from [RFC6620]."; 828 } 829 container if-attributes { 830 description "Interface attributes specific to SAVI SEND."; 831 list if-attribute { 832 key ifname; 833 description "A list of attributes for each interface."; 834 leaf ifname { 835 type if:interface-ref; 836 description "The name of the interface."; 837 } 838 leaf validating { 839 type boolean; 840 must .=not(../trust); 841 default true; 842 description "SAVI FCFS processing is performed in the port."; 843 } 845 leaf trust { 846 type boolean; 847 must .=not(../validating); 848 default false; 849 description "SAVI FCFS processing is not performed in the port."; 850 } 851 } //list 853 } //container 854 } //container 855 } //augment 856 } 858 860 8. Definition of ietf-savi-dhcpv4 module 862 file "ietf-savi-dhcpv4@2018-08-09.yang" 863 module ietf-savi-dhcpv4 { 864 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv4"; 865 prefix savi-dhcpv4; 866 import ietf-yang-types { 867 prefix yang; 868 } 869 import ietf-inet-types { 870 prefix inet; 871 } 872 import ietf-interfaces { 873 prefix if; 874 } 875 import ietf-savi { 876 prefix savi; 877 } 878 organization "IETF SAVI Working Group"; 879 contact 880 " 881 WG Web: 882 Editor: Changqing An 883 884 "; 885 description 886 " 887 The Yang data module defined for SAVI DHCPv4. 888 "; 890 revision 2018-08-09 { 891 description "Initial revision."; 892 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 893 } 895 /* Identities */ 897 identity savi-dhcp-state { 898 base savi:binding-state; 899 description "Base identity for the sates definition of SAVI DHCPv4."; 901 } 902 identity no_bind { 903 base savi-dhcp-state; 904 description "A state defined in SAVI DHCPv4."; 905 } 906 identity init_bind { 907 base savi-dhcp-state; 908 description "A state defined in SAVI DHCPv4."; 909 } 910 identity bind { 911 base savi-dhcp-state; 912 description "A state defined in SAVI DHCPv4."; 913 } 914 identity detection { 915 base savi-dhcp-state; 916 description "A state defined in SAVI DHCPv4."; 917 } 918 identity recovery { 919 base savi-dhcp-state; 920 description "A state defined in SAVI DHCPv4."; 921 } 922 identity verify { 923 base savi-dhcp-state; 924 description "A state defined in SAVI DHCPv4."; 925 } 927 /* State data */ 929 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 930 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv4'"; 931 description "Binding state table specific for SAVI DHCPv4."; 932 container binding-state-table { 933 description "Binding state table specific for SAVI DHCPv4."; 934 list binding-state-entry { 935 key "ifname address"; 936 description "A binding state entry specific for SAVI DHCPv4."; 937 leaf address { 938 type inet:ipv4-address; 939 description "The binding source IP address."; 940 } 941 uses savi:binding-entry; 942 leaf state { 943 type identityref { 944 base savi-dhcp-state; 945 } 946 description "State of the entry as defined in SAVI DHCP: NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, VERIFY."; 947 } 948 leaf tid { 949 type uint32; 950 description "The Transaction ID of the corresponding DHCP transaction."; 951 } 952 leaf timeouts { 953 when "/savi:savi/savi:savi-instances/savi:savi-instance/params/if-attributes/if-attribute/data-snooping = 'true'"; 954 type uint32; 955 description "the number of timeouts that expired in the current state"; 956 } 957 } 958 } 959 } 961 /* Configuration Data */ 963 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 964 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv4'"; 965 description "Parameters specific to SAVI DHCPv4"; 966 container params { 967 description "Parameters specific to SAVI DHCPv4"; 968 leaf max-dhcp-responsetime { 969 type yang:timeticks; 970 default 12000; 971 description "Maximum Solicit timeout value. Default is 120s."; 972 reference "SOL_MAX_RT from [RFC3315]"; 973 } 974 leaf max-leasequery-delay { 975 type yang:timeticks; 976 default 1000; 977 description "Maximum LEASEQUERY timeout value. Default is 10s."; 978 reference "LQ_MAX_RT from [RFC5007]"; 979 } 980 leaf datasnooping-interval { 981 type yang:timeticks; 982 default 6000; 983 description 984 "Minimum interval between two successive EVE_DATA_UNMATCH 985 events triggered by an attachment. Recommended interval: 986 60s and configurable."; 987 reference "DATA_SNOOPING_INTERVAL from [RFC7513]"; 988 } 989 leaf offlink-delay { 990 type yang:timeticks; 991 default 3000; 992 description 993 "Period after a client is last detected before the binding 994 anchor is being removed. Recommended delay: 30s."; 995 reference "OFFLINK_DELAY from [RFC7513]."; 996 } 997 leaf detection-timeout { 998 type yang:timeticks; 999 default 50; 1000 description 1001 "Maximum duration of a hardware address verification step 1002 in the VERIFY state."; 1003 reference "DETECTION_TIMEOUT from [RFC7513]"; 1004 } 1005 container if-attributes { 1006 description "Interface attributes specific to SAVI DHCPv4."; 1007 list if-attribute { 1008 key ifname; 1009 description "A list of attributes for each interface."; 1010 leaf ifname { 1011 type if:interface-ref; 1012 description "The name of the interface."; 1013 } 1014 leaf trust-attribute { 1015 type boolean; 1016 default false; 1017 description "An attribute defined in SAVI DHCP."; 1018 } 1019 leaf dhcp-trust { 1020 type boolean; 1021 default false; 1022 description "An attribute defined in SAVI DHCP."; 1023 } 1024 leaf dhcp-snooping { 1025 type boolean; 1026 default true; 1027 description "An attribute defined in SAVI DHCP."; 1028 } 1029 leaf data-snooping { 1030 type boolean; 1031 default false; 1032 description "An attribute defined in SAVI DHCP."; 1033 } 1034 leaf validating { 1035 type boolean; 1036 default true; 1037 description "An attribute defined in SAVI DHCP."; 1038 } 1039 } //list 1040 } //container 1041 } //container 1042 } //augment 1043 } 1044 1046 9. Definition of ietf-savi-dhcpv6 module 1048 file "ietf-savi-dhcpv6@2018-08-09.yang" 1049 module ietf-savi-dhcpv6 { 1050 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv6"; 1051 prefix savi-dhcpv6; 1052 import ietf-yang-types { 1053 prefix yang; 1054 } 1055 import ietf-inet-types { 1056 prefix inet; 1057 } 1058 import ietf-interfaces { 1059 prefix if; 1060 } 1062 import ietf-savi { 1063 prefix savi; 1064 } 1065 organization "IETF SAVI Working Group"; 1066 contact 1067 " 1068 WG Web: 1069 Editor: Changqing An 1070 1071 "; 1072 description 1073 " 1074 The Yang data module defined for SAVI DHCPv6. 1075 "; 1077 revision 2018-08-09 { 1078 description "Initial revision."; 1079 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 1080 } 1082 /* Identities */ 1084 identity savi-dhcp-state { 1085 base savi:binding-state; 1086 description "Base identity for the sates definition of SAVI DHCPv6."; 1087 } 1088 identity no_bind { 1089 base savi-dhcp-state; 1090 description "A state defined in SAVI DHCPv6."; 1091 } 1092 identity init_bind { 1093 base savi-dhcp-state; 1094 description "A state defined in SAVI DHCPv6."; 1095 } 1096 identity bind { 1097 base savi-dhcp-state; 1098 description "A state defined in SAVI DHCPv6."; 1099 } 1100 identity detection { 1101 base savi-dhcp-state; 1102 description "A state defined in SAVI DHCPv6."; 1103 } 1104 identity recovery { 1105 base savi-dhcp-state; 1106 description "A state defined in SAVI DHCPv6."; 1107 } 1108 identity verify { 1109 base savi-dhcp-state; 1110 description "A state defined in SAVI DHCPv6."; 1111 } 1113 /* State data */ 1115 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 1116 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv6'"; 1117 description "Binding state table specific for SAVI DHCPv6."; 1118 container binding-state-table { 1119 description "Binding state table specific for SAVI DHCPv6."; 1120 list binding-state-entry { 1121 key "ifname address"; 1122 description "A binding state entry specific for SAVI DHCPv6."; 1123 leaf address { 1124 type inet:ipv6-address; 1125 description "The binding source IP address."; 1126 } 1127 uses savi:binding-entry; 1128 leaf state { 1129 type identityref { 1130 base savi-dhcp-state; 1131 } 1132 description "State of the entry as defined in SAVI DHCP: NO_BIND, INIT_BIND, BOUND, DETECTION , RECOVERY, VERIFY."; 1133 } 1134 leaf tid { 1135 type uint32; 1136 description "The Transaction ID of the corresponding DHCP transaction."; 1138 } 1139 leaf timeouts { 1140 when "/savi:savi/savi:savi-instances/savi:savi-instance/params/if-attributes/if-attribute/data-snooping = 'true'"; 1141 type uint32; 1142 description "The number of timeouts that expired in the current state."; 1143 } 1144 } 1145 } 1146 } 1148 /* Configuration Data */ 1150 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 1151 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-dhcpv6'"; 1152 description "Parameters specific to SAVI DHCPv6"; 1153 container params { 1154 description "Parameters specific to SAVI DHCPv6"; 1155 leaf max-dhcp-responsetime { 1156 type yang:timeticks; 1157 default 12000; 1158 description "Maximum Solicit timeout value. Default is 120s."; 1159 reference "SOL_MAX_RT from [RFC3315]"; 1160 } 1161 leaf max-leasequery-delay { 1162 type yang:timeticks; 1163 default 1000; 1164 description "Maximum LEASEQUERY timeout value. Default is 10s."; 1165 reference "LQ_MAX_RT from [RFC5007]"; 1166 } 1167 leaf datasnooping-interval { 1168 type yang:timeticks; 1169 default 6000; 1170 description 1171 "Minimum interval between two successive EVE_DATA_UNMATCH 1172 events triggered by an attachment. Recommended interval: 1173 60s and configurable."; 1174 reference "DATA_SNOOPING_INTERVAL from [RFC7513]"; 1175 } 1176 leaf offlink-delay { 1177 type yang:timeticks; 1178 default 3000; 1179 description 1180 "Period after a client is last detected before the binding 1181 anchor is being removed. Recommended delay: 30s."; 1182 reference "OFFLINK_DELAY from [RFC7513]."; 1183 } 1184 leaf detection-timeout { 1185 type yang:timeticks; 1186 default 50; 1187 description 1188 "Maximum duration of a hardware address verification step 1189 in the VERIFY state."; 1190 reference "DETECTION_TIMEOUT from [RFC7513]"; 1191 } 1192 container if-attributes { 1193 description "Interface attributes specific to SAVI DHCPv6."; 1194 list if-attribute { 1195 key ifname; 1196 description "A list of attributes for each interface."; 1197 leaf ifname { 1198 type if:interface-ref; 1199 description "The name of the interface."; 1200 } 1201 leaf trust-attribute { 1202 type boolean; 1203 default false; 1204 description "An attribute defined in SAVI DHCP."; 1205 } 1206 leaf dhcp-trust { 1207 type boolean; 1208 default false; 1209 description "An attribute defined in SAVI DHCP."; 1210 } 1211 leaf dhcp-snooping { 1212 type boolean; 1213 default true; 1214 description "An attribute defined in SAVI DHCP."; 1215 } 1216 leaf data-snooping { 1217 type boolean; 1218 default false; 1219 description "An attribute defined in SAVI DHCP."; 1220 } 1221 leaf validating { 1222 type boolean; 1223 default true; 1224 description "An attribute defined in SAVI DHCP."; 1225 } 1226 } //list 1227 } //container 1228 } //container 1229 } //augment 1230 } 1232 1233 10. Definition of ietf-savi-send module 1235 file "ietf-savi-send@2018-08-09.yang" 1236 module ietf-savi-send { 1237 namespace "urn:ietf:params:xml:ns:yang:ietf-savi-send"; 1238 prefix savi-send; 1239 import ietf-yang-types { 1240 prefix yang; 1241 } 1242 import ietf-inet-types { 1243 prefix inet; 1244 } 1245 import ietf-interfaces { 1246 prefix if; 1247 } 1248 import ietf-savi { 1249 prefix savi; 1250 } 1251 organization "IETF SAVI Working Group"; 1252 contact 1253 " 1254 WG Web: 1255 Editor: Changqing An 1256 1257 "; 1258 description 1259 " 1260 The Yang data module defined for SAVI SEND. 1261 "; 1263 revision 2018-08-09 { 1264 description "Initial revision."; 1265 reference "DRAFT XXX: A YANG Data Model for SAVI Management"; 1266 } 1268 /* Identities */ 1270 identity savi-send-state { 1271 base savi:binding-state; 1272 description "Base identity for the sates definition of SAVI SEND."; 1273 } 1274 identity tentative-dad { 1275 base savi-send-state; 1276 description "A state defined in SAVI SEND."; 1277 } 1278 identity tentative-nud { 1279 base savi-send-state; 1280 description "A state defined in SAVI SEND."; 1281 } 1282 identity valid { 1283 base savi-send-state; 1284 description "A state defined in SAVI SEND."; 1285 } 1287 identity testing_vp { 1288 base savi-send-state; 1289 description "A state defined in SAVI SEND."; 1290 } 1291 identity testing_vp_1 { 1292 base savi-send-state; 1293 description "A state defined in SAVI SEND."; 1294 } 1296 /* State data */ 1298 augment "/savi:savi-state/savi:savi-instances/savi:savi-instance" { 1299 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-send'"; 1300 description "Binding state table specific for SAVI SEND."; 1301 container binding-state-table { 1302 description "Binding state table specific for SAVI SEND."; 1303 list binding-state-entry { 1304 key "ifname address"; 1305 description "A binding state entry specific for SAVI SEND."; 1306 leaf address { 1307 type inet:ipv6-address; 1308 description "The binding source IP address."; 1309 } 1310 uses savi:binding-entry; 1311 leaf alternative-if { 1312 type if:interface-ref; 1313 description "Alternative interface is a parameter defined in SAVI SEND."; 1314 } 1316 leaf state { 1317 type identityref { 1318 base savi-send-state; 1319 } 1320 description "State of the entry as defined in SAVI SEND: TENTATIVE_DAD, TENTATIVE_NUD, VALID, TESTING_VP, TESTING_VP'"; 1321 } 1322 } 1323 } 1324 } 1326 /* Configuration Data */ 1328 augment "/savi:savi/savi:savi-instances/savi:savi-instance" { 1329 when "/savi:savi/savi:savi-instances/savi:savi-instance/savi:savi-method = 'savi-send'"; 1330 description "Parameters specific to SAVI SEND."; 1331 container params { 1332 description "Parameters specific to SAVI SEND."; 1333 leaf tent_lt { 1334 type yang:timeticks; 1335 default 50; 1336 description "A default value defined in SAVI SEND."; 1337 reference "TENT_LT from [RFC7219]."; 1338 } 1340 leaf default_lt { 1341 type yang:timeticks; 1342 default 30000; 1343 description "A default value defined in SAVI SEND."; 1344 reference "DEFAULT_LT from [RFC7219]"; 1345 } 1346 container if-attributes { 1347 description "Interface attributes specific to SAVI SEND."; 1348 list if-attribute { 1349 key ifname; 1350 description "A list of attributes for each interface."; 1351 leaf ifname { 1352 type if:interface-ref; 1353 description "The name of the interface."; 1354 } 1355 leaf validating { 1356 type boolean; 1357 must .=not(../trust); 1358 default true; 1359 description "SAVI SEND processing is performed in the port."; 1360 } 1362 leaf trust { 1363 type boolean; 1364 must .=not(../validating); 1365 default false; 1366 description "SAVI SEND processing is not performed in the port."; 1367 } 1368 } //list 1369 } //container 1370 } //container 1371 } //augment 1372 } 1374 1375 11. Security Considerations 1377 Configuration and state data conforming to the SAVI yang data model 1378 (defined in this document) are designed to be accessed via the 1379 NETCONF protocol [RFC6241]. The lowest NETCONF layer is the secure 1380 transport layer and the mandatory-to-implement secure transport is 1381 SSH [RFC6242]. The NETCONF access control model [RFC6536] provides 1382 the means to restrict access for particular NETCONF users to a pre- 1383 configured subset of all available NETCONF protocol operations and 1384 content. 1386 A number of data nodes defined in the YANG modules belonging to the 1387 configuration part of the SAVI data model are writable/creatable/ 1388 deletable (i.e., "config true" in YANG terms, which is the default). 1389 These data nodes may be considered sensitive or vulnerable in some 1390 network environments. Write operations to these data nodes, such as 1391 "edit-config", can have negative effects on the network if the 1392 protocol operations are not properly protected. 1394 12. IANA Considerations 1396 This document registers the following namespace URIs in the IETF XML 1397 registry [RFC3688]: 1399 URI: urn:ietf:params:xml:ns:yang:ietf-savi 1400 Registrant Contact: The IESG. 1401 XML: N/A, the requested URI is an XML namespace. 1403 URI: urn:ietf:params:xml:ns:yang:ietf-savi-fcfs 1404 Registrant Contact: The IESG. 1405 XML: N/A, the requested URI is an XML namespace. 1407 URI: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv4 1408 Registrant Contact: The IESG. 1409 XML: N/A, the requested URI is an XML namespace. 1411 URI: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv6 1412 Registrant Contact: The IESG. 1413 XML: N/A, the requested URI is an XML namespace. 1415 URI: urn:ietf:params:xml:ns:yang:ietf-savi-send 1416 Registrant Contact: The IESG. 1417 XML: N/A, the requested URI is an XML namespace. 1419 This document registers the following YANG modules in the YANG Module 1420 Names registry [RFC6020]: 1422 name: ietf-savi 1423 namespace: urn:ietf:params:xml:ns:yang:ietf-savi 1424 prefix: savi 1425 reference: RFC XXXX 1427 name: ietf-savi-fcfs 1428 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-fcfs 1429 prefix: savi-fcfs 1430 reference: RFC XXXX 1432 name: ietf-savi-dhcpv4 1433 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv4 1434 prefix: savi-dhcpv4 1435 reference: RFC XXXX 1437 name: ietf-savi-dhcpv6 1438 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-dhcpv6 1439 prefix: savi-dhcpv6 1440 reference: RFC XXXX 1442 name: ietf-savi-send 1443 namespace: urn:ietf:params:xml:ns:yang:ietf-savi-send 1444 prefix: savi-send 1445 reference: RFC XXXX 1447 13. Contributors 1449 14. References 1451 14.1. Normative References 1453 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1454 Requirement Levels", BCP 14, RFC 2119, 1455 DOI 10.17487/RFC2119, March 1997, 1456 . 1458 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 1459 RFC 2131, DOI 10.17487/RFC2131, March 1997, 1460 . 1462 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 1463 C., and M. Carney, "Dynamic Host Configuration Protocol 1464 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 1465 2003, . 1467 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1468 the Network Configuration Protocol (NETCONF)", RFC 6020, 1469 DOI 10.17487/RFC6020, October 2010, 1470 . 1472 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1473 and A. Bierman, Ed., "Network Configuration Protocol 1474 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1475 . 1477 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1478 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1479 . 1481 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1482 Protocol (NETCONF) Access Control Model", RFC 6536, 1483 DOI 10.17487/RFC6536, March 2012, 1484 . 1486 [RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS 1487 SAVI: First-Come, First-Served Source Address Validation 1488 Improvement for Locally Assigned IPv6 Addresses", 1489 RFC 6620, DOI 10.17487/RFC6620, May 2012, 1490 . 1492 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1493 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1494 . 1496 [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed., 1497 "Source Address Validation Improvement (SAVI) Framework", 1498 RFC 7039, DOI 10.17487/RFC7039, October 2013, 1499 . 1501 [RFC7219] Bagnulo, M. and A. Garcia-Martinez, "SEcure Neighbor 1502 Discovery (SEND) Source Address Validation Improvement 1503 (SAVI)", RFC 7219, DOI 10.17487/RFC7219, May 2014, 1504 . 1506 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1507 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1508 . 1510 [RFC7513] Bi, J., Wu, J., Yao, G., and F. Baker, "Source Address 1511 Validation Improvement (SAVI) Solution for DHCP", 1512 RFC 7513, DOI 10.17487/RFC7513, May 2015, 1513 . 1515 14.2. Informative References 1517 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 1518 RFC 2223, DOI 10.17487/RFC2223, October 1997, 1519 . 1521 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1522 DOI 10.17487/RFC2629, June 1999, 1523 . 1525 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1526 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 1527 . 1529 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1530 "Introduction and Applicability Statements for Internet- 1531 Standard Management Framework", RFC 3410, 1532 DOI 10.17487/RFC3410, December 2002, 1533 . 1535 [RFC4181] Heard, C., Ed., "Guidelines for Authors and Reviewers of 1536 MIB Documents", BCP 111, RFC 4181, DOI 10.17487/RFC4181, 1537 September 2005, . 1539 [RFC4293] Routhier, S., Ed., "Management Information Base for the 1540 Internet Protocol (IP)", RFC 4293, DOI 10.17487/RFC4293, 1541 April 2006, . 1543 14.3. URL References 1545 [idguidelines] 1546 IETF Internet Drafts editor, 1547 "http://www.ietf.org/ietf/1id-guidelines.txt". 1549 [idnits] IETF Internet Drafts editor, 1550 "http://www.ietf.org/ID-Checklist.html". 1552 [ietf] IETF Tools Team, "http://tools.ietf.org". 1554 [ops] the IETF OPS Area, "http://www.ops.ietf.org". 1556 [xml2rfc] XML2RFC tools and documentation, 1557 "http://xml.resource.org". 1559 Appendix A. The Complete Data Trees 1561 This appendix presents the complete configuration and state data 1562 trees of the SAVI data model. See Section 2.2 for an explanation of 1563 the symbols used. Data type of every leaf node is shown near the 1564 right end of the corresponding line. 1566 module: ietf-savi 1567 +--ro savi-state 1568 | +--ro savi-instances 1569 | | +--ro savi-instance* [savi-method] 1570 | | +--ro savi-method string 1571 | | +--ro preference? uint32 1572 | | +--ro savi-fcfs:binding-state-table 1573 | | | +--ro savi-fcfs:binding-state-entry* [ifname address] 1574 | | | +--ro savi-fcfs:address inet:ipv6-address 1575 | | | +--ro savi-fcfs:ifname if:interface-ref 1576 | | | +--ro savi-fcfs:mac? yang:mac-address 1577 | | | +--ro savi-fcfs:lifetime yang:timeticks 1578 | | | +--ro savi-fcfs:state? identityref 1579 | | +--ro savi-dhcpv4:binding-state-table 1580 | | | +--ro savi-dhcpv4:binding-state-entry* [ifname address] 1581 | | | +--ro savi-dhcpv4:address inet:ipv4-address 1582 | | | +--ro savi-dhcpv4:ifname if:interface-ref 1583 | | | +--ro savi-dhcpv4:mac? yang:mac-address 1584 | | | +--ro savi-dhcpv4:lifetime yang:timeticks 1585 | | | +--ro savi-dhcpv4:state? identityref 1586 | | | +--ro savi-dhcpv4:tid? uint32 1587 | | | +--ro savi-dhcpv4:timeouts? uint32 1588 | | +--ro savi-dhcpv6:binding-state-table 1589 | | | +--ro savi-dhcpv6:binding-state-entry* [ifname address] 1590 | | | +--ro savi-dhcpv6:address inet:ipv6-address 1591 | | | +--ro savi-dhcpv6:ifname if:interface-ref 1592 | | | +--ro savi-dhcpv6:mac? yang:mac-address 1593 | | | +--ro savi-dhcpv6:lifetime yang:timeticks 1594 | | | +--ro savi-dhcpv6:state? identityref 1595 | | | +--ro savi-dhcpv6:tid? uint32 1596 | | | +--ro savi-dhcpv6:timeouts? uint32 1597 | | +--ro savi-send:binding-state-table 1598 | | +--ro savi-send:binding-state-entry* [ifname address] 1599 | | +--ro savi-send:address inet:ipv6-address 1600 | | +--ro savi-send:ifname if:interface-ref 1601 | | +--ro savi-send:mac? yang:mac-address 1602 | | +--ro savi-send:lifetime yang:timeticks 1603 | | +--ro savi-send:alternative-if? if:interface-ref 1604 | | +--ro savi-send:state? identityref 1605 | +--ro binding-table 1606 | | +--ro ipv4 1607 | | | +--ro binding-entry* [ifname address] 1608 | | | +--ro address inet:ipv4-address 1609 | | | +--ro ifname if:interface-ref 1610 | | | +--ro mac? yang:mac-address 1611 | | | +--ro lifetime yang:timeticks 1612 | | | +--ro creationtime yang:timestamp 1613 | | | +--ro binding-method string 1614 | | +--ro ipv6 1615 | | +--ro binding-entry* [ifname address] 1616 | | +--ro address inet:ipv6-address 1617 | | +--ro ifname if:interface-ref 1618 | | +--ro mac? yang:mac-address 1619 | | +--ro lifetime yang:timeticks 1620 | | +--ro creationtime yang:timestamp 1621 | | +--ro binding-method string 1622 | +--ro statistics 1623 | +--ro if-filtering-pks* [ifname] 1624 | +--ro ifname if:interface-ref 1625 | +--ro filtering-pks? uint32 1626 +--rw savi 1627 +--rw savi-instances 1628 | +--rw savi-instance* [savi-method] 1629 | +--rw savi-method string 1630 | +--rw enable? boolean 1631 | +--rw preference? uint32 1632 | +--rw savi-fcfs:params 1633 | | +--rw savi-fcfs:tent_lt? yang:timeticks 1634 | | +--rw savi-fcfs:default_lt? yang:timeticks 1635 | | +--rw savi-fcfs:twait? yang:timeticks 1636 | | +--rw savi-fcfs:if-attributes 1637 | | +--rw savi-fcfs:if-attribute* [ifname] 1638 | | +--rw savi-fcfs:ifname if:interface-ref 1639 | | +--rw savi-fcfs:validating? boolean 1640 | | +--rw savi-fcfs:trust? boolean 1641 | +--rw savi-dhcpv4:params 1642 | | +--rw savi-dhcpv4:max-dhcp-responsetime? yang:timeticks 1643 | | +--rw savi-dhcpv4:max-leasequery-delay? yang:timeticks 1644 | | +--rw savi-dhcpv4:datasnooping-interval? yang:timeticks 1645 | | +--rw savi-dhcpv4:offlink-delay? yang:timeticks 1646 | | +--rw savi-dhcpv4:detection-timeout? yang:timeticks 1647 | | +--rw savi-dhcpv4:if-attributes 1648 | | +--rw savi-dhcpv4:if-attribute* [ifname] 1649 | | +--rw savi-dhcpv4:ifname if:interface-ref 1650 | | +--rw savi-dhcpv4:trust-attribute? boolean 1651 | | +--rw savi-dhcpv4:dhcp-trust? boolean 1652 | | +--rw savi-dhcpv4:dhcp-snooping? boolean 1653 | | +--rw savi-dhcpv4:data-snooping? boolean 1654 | | +--rw savi-dhcpv4:validating? boolean 1655 | +--rw savi-dhcpv6:params 1656 | | +--rw savi-dhcpv6:max-dhcp-responsetime? yang:timeticks 1657 | | +--rw savi-dhcpv6:max-leasequery-delay? yang:timeticks 1658 | | +--rw savi-dhcpv6:datasnooping-interval? yang:timeticks 1659 | | +--rw savi-dhcpv6:offlink-delay? yang:timeticks 1660 | | +--rw savi-dhcpv6:detection-timeout? yang:timeticks 1661 | | +--rw savi-dhcpv6:if-attributes 1662 | | +--rw savi-dhcpv6:if-attribute* [ifname] 1663 | | +--rw savi-dhcpv6:ifname if:interface-ref 1664 | | +--rw savi-dhcpv6:trust-attribute? boolean 1665 | | +--rw savi-dhcpv6:dhcp-trust? boolean 1666 | | +--rw savi-dhcpv6:dhcp-snooping? boolean 1667 | | +--rw savi-dhcpv6:data-snooping? boolean 1668 | | +--rw savi-dhcpv6:validating? boolean 1669 | +--rw savi-send:params 1670 | +--rw savi-send:tent_lt? yang:timeticks 1671 | +--rw savi-send:default_lt? yang:timeticks 1672 | +--rw savi-send:if-attributes 1673 | +--rw savi-send:if-attribute* [ifname] 1674 | +--rw savi-send:ifname if:interface-ref 1675 | +--rw savi-send:validating? boolean 1676 | +--rw savi-send:trust? boolean 1677 +--rw if-filtering-attributes 1678 | +--rw if-filtering-attribute* [ifname] 1679 | +--rw ifname if:interface-ref 1680 | +--rw filtering-enabled? boolean 1681 +--rw manual-binding-table 1682 +--rw ipv4 1683 | +--rw binding-entry* [ifname address] 1684 | +--rw address inet:ipv4-address 1685 | +--rw ifname if:interface-ref 1686 | +--rw mac? yang:mac-address 1687 | +--rw lifetime yang:timeticks 1688 +--rw ipv6 1689 +--rw binding-entry* [ifname address] 1690 +--rw address inet:ipv6-address 1691 +--rw ifname if:interface-ref 1692 +--rw mac? yang:mac-address 1693 +--rw lifetime yang:timeticks 1695 Appendix B. Change Log 1696 Authors' Addresses 1698 Changqing An 1699 Tsinghua University 1700 Institute for Network Sciences and Cyberspace, Tsinghua University 1701 Beijing 100084 1702 China 1704 Phone: +86 10 62603113 1705 EMail: acq@tsinghua.edu.cn 1707 Jiahai Yang 1708 Tsinghua University 1709 Institute for Network Sciences and Cyberspace, Tsinghua University 1710 Beijing 100084 1711 China 1713 Phone: +86 10 62783492 1714 EMail: yang@cernet.edu.cn 1716 Jianping Wu 1717 Tsinghua University 1718 Institute for Network Sciences and Cyberspace, Tsinghua University 1719 Beijing 100084 1720 China 1722 EMail: jianping@cernet.edu.cn 1724 Jun Bi 1725 Tsinghua University 1726 Institute for Network Sciences and Cyberspace, Tsinghua University 1727 Beijing 100084 1728 China 1730 EMail: junbi@cernet.edu.cn