idnits 2.17.1 draft-bestbar-teas-resmgr-yang-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 228 has weird spacing: '...main-id uin...' == Line 231 has weird spacing: '...node-id ine...' == Line 243 has weird spacing: '...riority uin...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (July 12, 2021) is 1013 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-05) exists of draft-bestbar-teas-yang-topology-filter-00 Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TEAS Working Group T. Saad 3 Internet-Draft V. Beeram 4 Intended status: Standards Track Juniper Networks 5 Expires: January 13, 2022 X. Liu 6 Volta Networks 7 July 12, 2021 9 A YANG Data Model for Network Resource Reservation Manager 10 draft-bestbar-teas-resmgr-yang-00 12 Abstract 14 This document defines a YANG data model for the network Resource 15 Reservation Manager (RRM). The RRM can be deployed to manage set of 16 network resources scoped to a node, a region of a network, a domain 17 of the network, or globally for all resources in a network. 19 This model covers data for configuration, operational state, remote 20 procedural calls pertaining to links managed by the RRM. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on January 13, 2022. 39 Copyright Notice 41 Copyright (c) 2021 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 58 2.1. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 59 2.2. Model Tree Diagrams . . . . . . . . . . . . . . . . . . . 4 60 3. Design Considerations . . . . . . . . . . . . . . . . . . . . 4 61 4. Network Resource Reservation Manager YANG Model . . . . . . . 4 62 4.1. Module Structure . . . . . . . . . . . . . . . . . . . . 5 63 4.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 5 64 4.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 8 65 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 66 6. Security Considerations . . . . . . . . . . . . . . . . . . . 19 67 7. Normative References . . . . . . . . . . . . . . . . . . . . 21 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 70 1. Introduction 72 YANG [RFC6020] and [RFC7950] is a data modeling language that was 73 introduced to define the contents of a conceptual data store that 74 allows networked devices to be managed using NETCONF [RFC6241]. YANG 75 data models can be used as the basis of implementation for other 76 interfaces, such as gRPC, CLI and other programmatic APIs. 78 This document describes YANG data model for the Resource Reservation 79 Manager (RRM). The RRM can be deployed to manage set of network 80 resources scoped to a node, a region of a network, a domain of the 81 network, or globally for all resources in a network. 83 The RRM can acquire topological elements and their attributes from 84 the devices using routing protocols or another suitable interface to 85 the network devices. An aggregate view of the dynamic resource 86 reservation state on links managed by the RRM can be downloaded to 87 the device. The device can then disseminate the dynamic link state 88 to the network using known means (e.g. link state protocols). The 89 headend or Path Computation Engine (PCE) can update their topologies 90 with current network state and use it to make further for path 91 computations. 93 It is possible to deploy multiple instances of RRM to service 94 different parts of the network. For example, a per-domain RRM may be 95 deployed to service requests within a domain. A per-node RRM 96 instance may be deployed to manage resources specific to a node. 98 2. Requirements Language 100 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 101 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 102 "OPTIONAL" in this document are to be interpreted as described in 103 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 104 capitals, as shown here. 106 The following terms are defined in [RFC6241] and are used in this 107 specification: 109 o client 111 o configuration data 113 o state data 115 This document also makes use of the following terminology introduced 116 in the YANG Data Modeling Language [RFC7950]: 118 o augment 120 o data model 122 o data node 124 2.1. Prefixes in Data Node Names 126 In this document, names of data nodes and other data model objects 127 are prefixed using the standard prefix associated with the 128 corresponding YANG imported modules, as shown in Table 1. 130 +-------------+------------------+----------------------------------+ 131 | Prefix | YANG module | Reference | 132 +-------------+------------------+----------------------------------+ 133 | inet | ietf-inet-types | [RFC6991] | 134 | | | | 135 | te-types | ietf-te-types | [RFC8776] | 136 | | | | 137 | te-packet- | ietf-te-packet- | [RFC8776] | 138 | types | types | | 139 | | | | 140 | topo-filt | ietf-topology- | {{!I-D.bestbar-teas-yang- | 141 | | filter | topology-filter | 142 | | | | 143 | rt | ietf-routing | [RFC8349] | 144 | | | | 145 | rrm | ietf-resmgr | this document | 146 +-------------+------------------+----------------------------------+ 148 Table 1: Prefixes and corresponding YANG modules 150 2.2. Model Tree Diagrams 152 The tree diagrams extracted from the module(s) defined in this 153 document are given in subsequent sections as per the syntax defined 154 in [RFC8340]. 156 3. Design Considerations 158 The following other design considerations are taken into account with 159 respect data organization: 161 o In general, minimal elements in the model are designated as 162 "mandatory" to allow freedom to vendors to adapt the data model to 163 their specific product implementation. 165 o For optional data nodes, default values are specified when multi- 166 vendor implementations can agree on the default behavior. 168 o The Network Management Datastore Architecture (NMDA) [RFC8342] 169 addresses modeling state data for ephemeral objects. This 170 document adopts the NMDA model for configuration and state data 171 representation as per IETF guidelines for new IETF YANG models. 173 4. Network Resource Reservation Manager YANG Model 175 The network RRM YANG module ('ietf-resmgr') is meant to manage 176 resource reservation on a set of resources of a network. 178 This includes admitting and releasing paths on specific links and 179 nodes managed by the RRM. 181 4.1. Module Structure 183 The 'ietf-resmgr' structured hierarchically. The set of network 184 resources managed by the RRM are organized by domain and node 185 membership. 187 domains: 189 A YANG container that includes the list of domain resources 190 managed by this RRM. 192 nodes: 194 A YANG container that includes the list of node resources under a 195 specific domain that are managed by this RRM. 197 links: 199 A YANG container that includes the list of link resources under a 200 specific node in a domain that are managed by this RRM. 202 path-admit: 204 A Remote Procedure Call (RPC) to request path admission of a 205 specific path on a set of network resources managed by this RRM. 207 topology-update: 209 An RPC to request a addition or removal of a network element whose 210 resources are managed by this RRM. 212 4.2. Tree Diagram 214 Figure 1 shows the tree diagram of the generic TE YANG model defined 215 in modules 'ietf-resmgr.yang'. 217 module: ietf-resmgr 218 +--rw resmgr 219 +--rw external-rrms 220 | +--rw external-rrm* [external-rrm-id] 221 | +--rw external-rrm-id inet:ip-address 222 | +--rw external-rrm-role? enumeration 223 | +--rw topology-filter 224 | +--rw filter? leafref 225 | +--rw filter-set? leafref 226 +--rw domains 227 +--rw domain* [domain-id] 228 +--rw domain-id uint32 229 +--rw nodes 230 +--rw node* [node-id] 231 +--rw node-id inet:ip-address 232 +--rw links 233 +--rw link* [local-id remote-id] 234 +--rw local-id inet:ip-address 235 +--rw remote-id inet:ip-address 236 +--rw local-domain-id? uint32 237 +--rw remote-domain-id? uint32 238 +--rw total-bw? uint64 239 +--rw max-reservable-bw? uint64 240 +--rw max-link-bw? uint64 241 +--rw link-name? string 242 +--ro available-bw* [priority] 243 | +--ro priority uint8 244 | +--ro val? uint64 245 +--rw admission-method? identityref 246 +--rw external-rrm 247 | +--rw resmgr-server-address? 248 | inet:ip-address 249 +--rw paths 250 +--rw path* 251 [client-id tunnel-id 252 path-instance-id multipath-id 253 source destination] 254 +--rw client-id 255 | string 256 +--rw source 257 | inet:ip-address 258 +--rw destination 259 | inet:ip-address 260 +--rw context? 261 | string 262 +--rw tunnel-id 263 | uint32 264 +--rw path-instance-id 265 | uint32 266 +--rw multipath-id 267 | uint32 268 +--rw admission-timestamp? 269 | uint64 270 +--rw admission-bw? 271 | uint64 272 +--rw admission-priority? 273 | uint8 274 +--rw admission-reservation-style? 275 identityref 277 rpcs: 278 +---x path-admit 279 | +---w input 280 | | +---w action? enumeration 281 | | +---w path-info 282 | | +---w client-id? string 283 | | +---w source? inet:ip-address 284 | | +---w destination? inet:ip-address 285 | | +---w context? string 286 | | +---w tunnel-id? uint32 287 | | +---w path-instance-id? uint32 288 | | +---w multipath-id? uint32 289 | | +---w admission-priority? uint8 290 | | +---w nodes 291 | | +---w node* [node-id] 292 | | +---w node-id inet:ip-address 293 | | +---w node-name? string 294 | | +---w links 295 | | +---w link* [local-id remote-id] 296 | | +---w local-id inet:ip-address 297 | | +---w remote-id inet:ip-address 298 | | +---w local-domain-id? uint32 299 | | +---w remote-domain-id? uint32 300 | | +---w admission-bw? uint64 301 | +--ro output 302 | +--ro result? enumeration 303 +---x topology-update 304 +---w input 305 +---w topology-element-type? enumeration 306 +---w action? enumeration 307 +---w topology-elemnt-info 308 +---w (element-type) 309 +--:(ne-link) 310 | +---w local-id? inet:ip-address 311 | +---w remote-id? inet:ip-address 312 | +---w local-domain-id? uint32 313 | +---w remote-domain-id? uint32 314 +--:(ne-node) 315 +---w node-id? inet:ip-address 317 Figure 1: The RRM data model YANG tree diagram 319 4.3. YANG Module 321 The RRM YANG module 'ietf-resmgr' imports the following modules: 323 o ietf-yang-types and ietf-inet-types defined in [RFC6991] 325 o ietf-te-types defined in [RFC8776] 327 o ietf-routing defined in [RFC8349] 329 o ietf-topology-filter defined in 330 [I-D.bestbar-teas-yang-topology-filter] 332 file "ietf-resmgr@2021-07-01.yang" 333 module ietf-resmgr { 334 yang-version 1.1; 335 namespace "urn:ietf:params:xml:ns:yang:ietf-resmgr"; 336 prefix rrm; 338 import ietf-inet-types { 339 prefix inet; 340 reference 341 "RFC6991: Common YANG Data Types"; 342 } 343 import ietf-topology-filter { 344 prefix topo-filt; 345 reference 346 "I-D.bestbar-teas-yang-topology-filter"; 347 } 348 import ietf-routing { 349 prefix rt; 350 reference 351 "RFC8349: A YANG Data Model for Routing Management"; 352 } 354 organization 355 "IETF Traffic Engineering Architecture and Signaling (TEAS) 356 Working Group."; 357 contact 358 "WG Web: 359 WG List: 361 Editor: Tarek Saad 362 364 Editor: Vishnu Pavan Beeram 365 "; 366 description 367 "YANG data module for configuration, state, and RPCs of 368 a Resource Reservation Manager. 369 The model fully conforms to the Network Management 370 Datastore Architecture (NMDA). 372 Copyright (c) 2019 IETF Trust and the persons 373 identified as authors of the code. All rights reserved. 375 Redistribution and use in source and binary forms, with or 376 without modification, is permitted pursuant to, and subject 377 to the license terms contained in, the Simplified BSD License 378 set forth in Section 4.c of the IETF Trust's Legal Provisions 379 Relating to IETF Documents 380 (https://trustee.ietf.org/license-info). 381 This version of this YANG module is part of RFC XXXX; see 382 the RFC itself for full legal notices."; 384 // RFC Ed.: replace XXXX with actual RFC number and remove this 385 // note. 386 // RFC Ed.: update the date below with the date of RFC publication 387 // and remove this note. 389 revision 2021-07-01 { 390 description 391 "Initial revision"; 392 reference 393 "RFC XXXX: A YANG data model for the Resource Reservation 394 Manager."; 395 } 397 identity path-admission-method { 398 description 399 "Base identity for path admission method."; 400 } 402 identity path-admission-local { 403 base path-admission-method; 404 description 405 "Indicates path admission is managed local RRM."; 406 } 408 identity path-admission-external { 409 base path-admission-method; 410 description 411 "Indicates path admission is managed by external RRM."; 412 } 414 identity path-reservation-style { 415 description 416 "Base identity for reservation style."; 417 } 419 identity path-reservation-fixed-filter { 420 base path-reservation-style; 421 description 422 "Fixed-Filter (FF) Style."; 423 reference 424 "RFC2205"; 425 } 427 identity path-reservation-shared-explicit { 428 base path-reservation-style; 429 description 430 "Shared Explicit (SE) Style."; 431 reference 432 "RFC2205"; 433 } 435 grouping path-key { 436 description 437 "Grouping for leafs that identify a specific path."; 438 leaf client-id { 439 type string; 440 description 441 "A client identifier"; 442 } 443 leaf source { 444 type inet:ip-address; 445 description 446 "The path source address."; 447 } 448 leaf destination { 449 type inet:ip-address; 450 description 451 "The path destination address."; 452 } 453 leaf context { 454 type string; 455 description 456 "The path context set by the tunnel manager. For 457 example, this can be the SR Candidate Path name"; 458 } 459 leaf tunnel-id { 460 type uint32; 461 description 462 "The tunnel ID that is shared for multiple path-instances 463 belonging to the tunnel."; 464 } 465 leaf path-instance-id { 466 type uint32; 467 description 468 "The path instance identifier. Multiple path instances may 469 be instantiated for the same tunnel."; 470 } 471 leaf multipath-id { 472 type uint32; 473 description 474 "An identifier that uniquely distinguishes the path within 475 a set of multiple paths for a path instance."; 476 } 477 } 479 grouping link-key { 480 description 481 "A grouping for a link key descriptor"; 482 leaf local-id { 483 type inet:ip-address; 484 description 485 "Link local identifier."; 486 } 487 leaf remote-id { 488 type inet:ip-address; 489 description 490 "Link remote identifier."; 491 } 492 leaf local-domain-id { 493 type uint32; 494 description 495 "The local domain identifier."; 496 } 497 leaf remote-domain-id { 498 type uint32; 499 description 500 "The remote domain identifier."; 501 } 502 } 504 grouping node-key { 505 description 506 "Node properties."; 507 leaf node-id { 508 type inet:ip-address; 509 description 510 "The node identifier."; 512 } 513 } 515 container resmgr { 516 description 517 "A container that holds all RRM information."; 519 container external-rrms { 520 description 521 "A container for the list of external RRMs."; 523 list external-rrm { 524 key "external-rrm-id"; 525 description 526 "An entry in the list of external RRMs."; 528 leaf external-rrm-id { 529 type inet:ip-address; 530 description 531 "The IP address of the external RRM managing network 532 resources."; 533 } 534 leaf external-rrm-role { 535 type enumeration { 536 enum redundancy-active { 537 description 538 "External RRM in active role."; 539 } 540 enum redundancy-stanby { 541 description 542 "External RRM in standby role."; 543 } 544 } 545 description 546 "The redundancy role of the external RRM managing the 547 network resources."; 548 } 549 container topology-filter { 550 description 551 "A container for the set of topology filters that 552 describe network resources managed by the RRM."; 553 leaf filter { 554 type leafref { 555 path "/rt:routing/topo-filt:topology-filters/" 556 + "topo-filt:topology-filter/topo-filt:name"; 557 } 558 description 559 "A filter that describes the set of network resources 560 managed by the RRM."; 561 } 562 leaf filter-set { 563 type leafref { 564 path "/rt:routing/topo-filt:topology-filter-sets/" 565 + "topo-filt:topology-filter-set/topo-filt:name"; 566 } 567 description 568 "A filter set that describes the network resources 569 managed by the RRM."; 570 } 571 } 572 } 573 } 575 container domains { 576 description 577 "A container for the list of managed domains."; 578 list domain { 579 key "domain-id"; 580 description 581 "Represents a domain in the network."; 582 leaf domain-id { 583 type uint32; 584 description 585 "The domain identifier."; 586 } 587 container nodes { 588 description 589 "A container for the list of managed nodes."; 590 list node { 591 key "node-id"; 592 description 593 "Represents a node entry in a domain."; 594 uses node-key; 595 // Node attributes 596 container links { 597 description 598 "A container for the list of managed links."; 599 list link { 600 key "local-id remote-id"; 601 description 602 "A resource reservation managed link entry."; 603 uses link-key; 604 // Static Link attributes 605 leaf total-bw { 606 type uint64; 607 description 608 "Link total bandwidth (capacity) of this link."; 609 } 610 leaf max-reservable-bw { 611 type uint64; 612 description 613 "The maximum reservable bandwidth of this link."; 614 } 615 leaf max-link-bw { 616 type uint64; 617 description 618 "The maximum bandwidth of this link."; 619 } 620 leaf link-name { 621 type string; 622 description 623 "The symbolic name of this link (e.g. FQDN)."; 624 } 625 list available-bw { 626 key "priority"; 627 config false; 628 description 629 "A list of available bandwidth (by priority)."; 630 leaf priority { 631 type uint8; 632 description 633 "The reservation priority."; 634 } 635 leaf val { 636 type uint64; 637 description 638 "Available bandwidth value at specific 639 priority."; 640 } 641 } 642 leaf admission-method { 643 type identityref { 644 base path-admission-method; 645 } 646 default "path-admission-local"; 647 description 648 "The path admission method. By default, it is 649 locally managed by the RRM."; 650 } 651 container external-rrm { 652 when "derived-from-or-self(../admission-method, " 653 + "'path-admission-external')" { 654 description 655 "The external RRM where the path admission is 656 managed."; 657 } 658 description 659 "The container that holds information about 660 RRM external server managing path admission."; 661 leaf resmgr-server-address { 662 type inet:ip-address; 663 description 664 "The IP address of the RRM server externally 665 managing link resources."; 666 } 667 } 668 // Admitted paths 669 container paths { 670 description 671 "A container for the list of admitted paths on a 672 link."; 673 list path { 674 key "client-id tunnel-id path-instance-id" 675 + " multipath-id source destination"; 676 description 677 "A list of paths admitted on a link."; 678 uses path-key; 679 leaf admission-timestamp { 680 type uint64; 681 description 682 "The admission timestamp."; 683 } 684 leaf admission-bw { 685 type uint64; 686 description 687 "The admitted bandwidth on this link."; 688 } 689 leaf admission-priority { 690 type uint8; 691 description 692 "The admission priority for this path."; 693 } 694 leaf admission-reservation-style { 695 type identityref { 696 base path-reservation-style; 697 } 698 default "path-reservation-shared-explicit"; 699 description 700 "The path admssion bandwidth reservation 701 style."; 702 } 703 } 705 } 706 } 707 } 708 } 709 } 710 } 711 } 712 } 714 rpc path-admit { 715 description 716 "Input arguments for the RPC to admit/release a path on a 717 specific set of resource links."; 718 input { 719 leaf action { 720 type enumeration { 721 enum add { 722 description 723 "Operation add."; 724 } 725 enum delete { 726 description 727 "Operation delete."; 728 } 729 } 730 description 731 "Admit/release RPC."; 732 } 733 container path-info { 734 description 735 "A container that includes information about the admitted 736 path."; 737 uses path-key; 738 leaf admission-priority { 739 type uint8; 740 description 741 "The admission priority for this path."; 742 } 743 container nodes { 744 description 745 "A container for the list of nodes that the path is being 746 admitted on."; 747 list node { 748 key "node-id"; 749 description 750 "A node that holds resources for the admitted path."; 751 uses node-key; 752 leaf node-name { 753 type string; 754 description 755 "The symbolic name of this node (e.g. FQDN)."; 756 } 757 // Node attributes 758 container links { 759 description 760 "A container for the list of links used by the 761 admitted path."; 762 list link { 763 key "local-id remote-id"; 764 description 765 "A link that is used by the admitted path."; 766 uses link-key; 767 leaf admission-bw { 768 type uint64; 769 description 770 "The admitted bandwidth on this link."; 771 } 772 } 773 } 774 } 775 } 776 } 777 } 778 output { 779 leaf result { 780 type enumeration { 781 enum unknown { 782 description 783 "The RPC result is unknown."; 784 } 785 enum successful { 786 description 787 "The RPC result is successful."; 788 } 789 enum rejected { 790 description 791 "The RPC result is rejected."; 792 } 793 enum in-progress { 794 description 795 "The RPC result is in-progress."; 796 } 797 } 798 description 799 "Result of admission RPC."; 800 } 802 } 803 } 805 rpc topology-update { 806 description 807 "Input arguments for the RPC to update the topological 808 elements managed by the Resource Reservation Manager."; 809 input { 810 leaf topology-element-type { 811 type enumeration { 812 enum link { 813 description 814 "Topology element link type."; 815 } 816 enum node { 817 description 818 "Topology element node type."; 819 } 820 } 821 description 822 "Type of topology element."; 823 } 824 leaf action { 825 type enumeration { 826 enum add { 827 description 828 "Operation add."; 829 } 830 enum delete { 831 description 832 "Operation delete."; 833 } 834 } 835 description 836 "Add/delete topology element."; 837 } 838 container topology-elemnt-info { 839 description 840 "A container for the network element information."; 841 choice element-type { 842 mandatory true; 843 description 844 "The network element type."; 845 case ne-link { 846 uses link-key; 847 } 848 case ne-node { 849 uses node-key; 851 } 852 } 853 } 854 } 855 } 856 } 857 859 Figure 2: The network RRM YANG module 861 5. IANA Considerations 863 This document registers the following URIs in the IETF XML registry 864 [RFC3688]. Following the format in [RFC3688], the following 865 registrations are requested to be made. 867 URI: urn:ietf:params:xml:ns:yang:ietf-resmgr 868 Registrant Contact: The IESG. 869 XML: N/A, the requested URI is an XML namespace. 871 This document registers two YANG modules in the YANG Module Names 872 registry [RFC6020]. 874 Name: ietf-resmgr 875 Namespace: urn:ietf:params:xml:ns:yang:ietf-resmgr 876 Prefix: rrm 877 Reference: RFCXXXX 879 6. Security Considerations 881 The YANG module specified in this document defines a schema for data 882 that is designed to be accessed via network management protocols such 883 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 884 is the secure transport layer, and the mandatory-to-implement secure 885 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 886 is HTTPS, and the mandatory-to-implement secure transport is TLS 887 [RFC8446]. 889 The Network Configuration Access Control Model (NACM) [RFC8341] 890 provides the means to restrict access for particular NETCONF or 891 RESTCONF users to a preconfigured subset of all available NETCONF or 892 RESTCONF protocol operations and content. 894 There are a number of data nodes defined in this YANG module that are 895 writable/creatable/deletable (i.e., config true, which is the 896 default). These data nodes may be considered sensitive or vulnerable 897 in some network environments. Write operations (e.g., edit-config) 898 to these data nodes without proper protection can have a negative 899 effect on network operations. These are the subtrees and data nodes 900 and their sensitivity/vulnerability: 902 "/resmgr/topology-filters": This container and any of its 903 encompassing data nodes defines the filter for the network resources 904 managed by this RRM. Unauthorized access to this list could cause 905 the RRM to ignore some network resources and could cause preemptions 906 and disruptions in the network. 908 "/resmgr/domains": This container and any of its encompassing data 909 nodes represent the set of network resources managed by this RRM. 910 Unauthorized access to this list could cause the RRM to preempt 911 existing path and causing disruptions to existing services in the 912 network. 914 Some of the readable data nodes in this YANG module may be considered 915 sensitive or vulnerable in some network environments. It is thus 916 important to control read access (e.g., via get, get-config, or 917 notification) to these data nodes. These are the subtrees and data 918 nodes and their sensitivity/vulnerability. 920 Some of the RPC operations in this YANG module may be considered 921 sensitive or vulnerable in some network environments. It is thus 922 important to control access to these operations. These are the 923 operations and their sensitivity/vulnerability: 925 "path-admit": using this RPC, an attacker can attempt to deplete 926 certain network resources managed by this RRM. Also, it is possible 927 for an attacker to preempt existing admitted paths on a set of 928 resources by sending higher priority requests on the same set of 929 network resources. This may affect paths that can be carrying live 930 traffic, and hence may result in interruptions to services carried 931 over the network. 933 "topology-update": using this RPC, an attacker can attempt to delete 934 certain network resources that are already managed by this RRM. This 935 may result in preemption of existing paths admitted on those network 936 resources and result in interruptions to services carried over the 937 network. 939 The security considerations spelled out in the YANG 1.1 specification 940 [RFC7950] apply for this document as well. 942 7. Normative References 944 [I-D.bestbar-teas-yang-topology-filter] 945 Beeram, V. P. and T. Saad, "YANG Data Model for Topology 946 Filter", draft-bestbar-teas-yang-topology-filter-00 (work 947 in progress), July 2021. 949 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 950 Requirement Levels", BCP 14, RFC 2119, 951 DOI 10.17487/RFC2119, March 1997, 952 . 954 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 955 DOI 10.17487/RFC3688, January 2004, 956 . 958 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 959 the Network Configuration Protocol (NETCONF)", RFC 6020, 960 DOI 10.17487/RFC6020, October 2010, 961 . 963 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 964 and A. Bierman, Ed., "Network Configuration Protocol 965 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 966 . 968 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 969 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 970 . 972 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 973 RFC 6991, DOI 10.17487/RFC6991, July 2013, 974 . 976 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 977 RFC 7950, DOI 10.17487/RFC7950, August 2016, 978 . 980 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 981 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 982 . 984 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 985 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 986 May 2017, . 988 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 989 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 990 . 992 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 993 Access Control Model", STD 91, RFC 8341, 994 DOI 10.17487/RFC8341, March 2018, 995 . 997 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 998 and R. Wilton, "Network Management Datastore Architecture 999 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1000 . 1002 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1003 Routing Management (NMDA Version)", RFC 8349, 1004 DOI 10.17487/RFC8349, March 2018, 1005 . 1007 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1008 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1009 . 1011 [RFC8776] Saad, T., Gandhi, R., Liu, X., Beeram, V., and I. Bryskin, 1012 "Common YANG Data Types for Traffic Engineering", 1013 RFC 8776, DOI 10.17487/RFC8776, June 2020, 1014 . 1016 Authors' Addresses 1018 Tarek Saad 1019 Juniper Networks 1021 Email: tsaad@juniper.net 1023 Vishnu Pavan Beeram 1024 Juniper Networks 1026 Email: vbeeram@juniper.net 1028 Xufeng Liu 1029 Volta Networks 1031 Email: xufeng.liu.ietf@gmail.com