idnits 2.17.1 draft-bestbar-teas-yang-topology-filter-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 171 has weird spacing: '...ance-id uin...' == Line 172 has weird spacing: '...sion-id uin...' == Line 180 has weird spacing: '...ance-id uin...' == Line 181 has weird spacing: '...sion-id uin...' == Line 189 has weird spacing: '...ance-id uin...' == (7 more instances...) == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (July 12, 2021) is 1019 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TEAS Working Group V. Beeram 3 Internet-Draft T. Saad 4 Intended status: Standards Track Juniper Networks 5 Expires: January 13, 2022 July 12, 2021 7 YANG Data Model for Topology Filter 8 draft-bestbar-teas-yang-topology-filter-00 10 Abstract 12 This document defines a YANG data model for the management of 13 topology filters/filter-sets on network elements and controllers. 15 Requirements Language 17 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 18 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 19 "OPTIONAL" in this document are to be interpreted as described in BCP 20 14 [RFC2119] [RFC8174] when, and only when, they appear in all 21 capitals, as shown here. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on January 13, 2022. 40 Copyright Notice 42 Copyright (c) 2021 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (https://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.2. Tree Structure . . . . . . . . . . . . . . . . . . . . . 3 60 2. Topology Filter Data Model . . . . . . . . . . . . . . . . . 3 61 2.1. Model Structure . . . . . . . . . . . . . . . . . . . . . 3 62 2.1.1. Topology Filters . . . . . . . . . . . . . . . . . . 3 63 2.1.1.1. Topology Reference . . . . . . . . . . . . . . . 3 64 2.1.1.2. Filters . . . . . . . . . . . . . . . . . . . . . 4 65 2.1.2. Topology Filter-Sets . . . . . . . . . . . . . . . . 5 66 2.2. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 5 67 3. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 68 4. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 11 69 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 70 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 71 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 72 7.1. Normative References . . . . . . . . . . . . . . . . . . 13 73 7.2. Informative References . . . . . . . . . . . . . . . . . 14 74 Appendix A. Complete Model Tree Structure . . . . . . . . . . . 15 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 77 1. Introduction 79 A topology filter is a data construct that can be applied on either a 80 native topology or a customized topology to produce a filtered set of 81 topological elements. A topology filter-set is a union of multiple 82 topology filters that can be applied in tandem on a topology. This 83 document defines a YANG data model for the management of topology 84 filters/filter-sets on network elements and controllers. 86 1.1. Terminology 88 The terminology for describing YANG data models is found in 89 [RFC7950]. 91 The reader is expected to be familiar with the topology modeling 92 terminology specified in [RFC8345], [RFC8776] and [RFC8795]. 94 1.2. Tree Structure 96 A simplified graphical representation of the data model is presented 97 in Appendix A of this document. The tree format defined in [RFC8340] 98 is used for the YANG data model tree representation. 100 2. Topology Filter Data Model 102 2.1. Model Structure 104 The high-level model structure defined by this document is as shown 105 below: 107 module: ietf-topology-filter 108 augment /rt:routing: 109 +--rw topology-filters! 110 | +--rw topology-filter* [name] 111 | +--rw name string 112 | +--rw topology-ref 113 | | .......... 114 | +--rw include-any 115 | | .......... 116 | +--rw include-all 117 | | .......... 118 | +--rw exclude 119 | .......... 120 +--rw topology-filter-sets! 121 +--rw topology-filter-set* [name] 122 +--rw name string 123 + .......... 125 The top-level 'routing' container [RFC8349] is augmented with a set 126 of topology filters and a set of topology filter-sets. 128 2.1.1. Topology Filters 130 The 'topology-filters' container carries a list of topology filters. 131 Each topology-filter entry specifies a set of include-any, include- 132 all and exclude filtering rules that can be applied on either the 133 native topology or a user specified topology. 135 2.1.1.1. Topology Reference 137 The 'topology-reference' container indicates the topology on which 138 the filtering rules need to be applied. The referenced topology 139 could be a predefined TE topology and/or a specific IGP domain. The 140 absence of the 'topology-reference' indicates that the filtering 141 rules are to be applied on the native topology. 143 +--rw topology-ref 144 +--rw igp-domain-identifier 145 | +--rw protocol-id? igp-protocol 146 | +--rw instance-id? uint32 147 | +--rw division-id? uint32 148 | +--rw algo-id? uint8 149 | +--rw mt-id? uint16 150 +--rw te-topology-identifier 151 +--rw provider-id? te-global-id 152 +--rw client-id? te-global-id 153 +--rw topology-id? te-topology-id 155 2.1.1.2. Filters 157 The 'include-any', 'include-all' and 'exclude' containers carry a 158 varied set of attributes that can be used as rules to filter the 159 topology. If the topology-filter entry carries no filtering rules 160 and only references a specific topology, then the set of filtered 161 topological elements produced is the same as the one defined by the 162 referenced topology. 164 +--rw include-any 165 | +--rw link-affinity* string 166 | +--rw link-name* string 167 | +--rw node-prefix* inet:ip-prefix 168 | +--rw as* inet:as-number 169 | +--rw info-source* [source-id instance-id division-id] 170 | +--rw source-id tet:te-info-source 171 | +--rw instance-id uint32 172 | +--rw division-id uint32 173 +--rw include-all 174 | +--rw link-affinity* string 175 | +--rw link-name* string 176 | +--rw node-prefix* inet:ip-prefix 177 | +--rw as* inet:as-number 178 | +--rw info-source* [source-id instance-id division-id] 179 | +--rw source-id tet:te-info-source 180 | +--rw instance-id uint32 181 | +--rw division-id uint32 182 +--rw exclude 183 +--rw link-affinity* string 184 +--rw link-name* string 185 +--rw node-prefix* inet:ip-prefix 186 +--rw as* inet:as-number 187 +--rw info-source* [source-id instance-id division-id] 188 +--rw source-id tet:te-info-source 189 +--rw instance-id uint32 190 +--rw division-id uint32 192 2.1.2. Topology Filter-Sets 194 The 'topology-filter-sets' container carries a list of topology 195 filter-sets. Each topology-filter-set entry constitutes a list of 196 topology-filter references. This is used when there is a need to 197 create a union of multiple topology filters. 199 +--rw topology-filter-sets! 200 +--rw topology-filter-set* [name] 201 +--rw name string 202 +--rw topology-filter* 203 -> ../../../topology-filters/topology-filter/name 205 2.2. YANG Module 207 file "ietf-topology-filter@2021-07-12.yang" 208 module ietf-topology-filter { 209 yang-version 1.1; 210 namespace "urn:ietf:params:xml:ns:yang:ietf-topology-filter"; 211 prefix "topo-filt"; 213 import ietf-inet-types { 214 prefix "inet"; 215 reference 216 "RFC 6991: Common YANG Data Types"; 217 } 219 import ietf-routing { 220 prefix rt; 221 reference 222 "RFC 8349: A YANG Data Model for Routing Management 223 (NMDA Version)"; 224 } 226 import ietf-te-types { 227 prefix te-types; 228 reference 229 "RFC 8776: Common YANG Data Types for Traffic Engineering"; 230 } 232 import ietf-te-topology { 233 prefix tet; 234 reference 235 "RFC 8795: YANG Data Model for Traffic Engineering Topologies"; 236 } 238 organization 239 "IETF Traffic Engineering Architecture and Signaling (TEAS) 240 Working Group."; 242 contact 243 "WG Web: 244 WG List: 246 Editor: Vishnu Pavan Beeram 247 249 Editor: Tarek Saad 250 "; 252 description 253 "This YANG module defines data definitions for managing 254 topology filters. 256 Copyright (c) 2021 IETF Trust and the persons identified as 257 authors of the code. All rights reserved. 259 Redistribution and use in source and binary forms, with or 260 without modification, is permitted pursuant to, and subject to 261 the license terms contained in, the Simplified BSD License set 262 forth in Section 4.c of the IETF Trust's Legal Provisions 263 Relating to IETF Documents 264 (https://trustee.ietf.org/license-info). 266 This version of this YANG module is part of RFC XXXX; see the 267 RFC itself for full legal notices."; 269 revision "2021-07-11" { 270 description "Initial revision."; 271 reference 272 "RFC XXXX: YANG Data Model for Topology Filters."; 273 } 275 /* 276 * T Y P E D E F S 277 */ 279 typedef igp-protocol { 280 type enumeration { 281 enum ospfv2 { 282 description 283 "OSPFv2."; 284 } 285 enum ospfv3 { 286 description 287 "OSPFv3."; 289 } 290 enum isis { 291 description 292 "IS-IS."; 293 } 294 } 295 description 296 "IGP Protocol Type."; 297 } 299 /* 300 * G R O U P I N G S 301 */ 303 /* 304 * Grouping - Topology Information Source. 305 */ 306 grouping igp-topology-info-source { 307 description 308 "Grouping for igp topology information source."; 309 leaf protocol-id { 310 type igp-protocol; 311 description 312 "IGP Protocol Type."; 313 } 314 leaf instance-id { 315 type uint32; 316 description 317 "Information Source Instance."; 318 } 319 leaf division-id { 320 type uint32; 321 description 322 "Information Source Division."; 323 } 324 } 326 /* 327 * Grouping - IGP Domain Identifier. 328 */ 329 grouping igp-domain-identifier { 330 description 331 "Grouping for igp domain identifier."; 332 container igp-domain-identifier { 333 description 334 "Container for igp domain identifier."; 335 uses igp-topology-info-source; 336 leaf algo-id { 337 type uint8; 338 description 339 "Algorithm ID."; 340 } 341 leaf mt-id { 342 type uint16; 343 description 344 "Multi Topology ID."; 345 } 346 } 347 } 349 /* 350 * Grouping - Topology Reference 351 */ 352 grouping topology-reference { 353 description 354 "Grouping for topology reference."; 355 container topology-ref { 356 description 357 "Container for topology reference."; 358 uses igp-domain-identifier; 359 uses te-types:te-topology-identifier; 360 } 361 } 363 /* 364 * Grouping - Topology Information Sources 365 */ 366 grouping topology-info-sources { 367 description 368 "Grouping for topology information sources."; 369 list info-source { 370 key "source-id instance-id division-id"; 371 description 372 "List of information-sources."; 373 leaf source-id { 374 type tet:te-info-source; 375 description 376 "Information Source."; 377 } 378 leaf instance-id { 379 type uint32; 380 description 381 "Information Source Instance."; 382 } 383 leaf division-id { 384 type uint32; 385 description 386 "Information Source Division."; 387 } 388 } 389 } 391 /* 392 * Grouping - Custom Topology Filters 393 */ 394 grouping custom-topology-filters { 395 description 396 "Grouping for custom topology filters."; 397 leaf-list link-affinity { 398 type string; 399 description 400 "List of link affinities."; 401 } 402 leaf-list link-name { 403 type string; 404 description 405 "List of link names."; 406 } 407 leaf-list node-prefix { 408 type inet:ip-prefix; 409 description 410 "List of node IDs."; 411 } 412 leaf-list as { 413 type inet:as-number; 414 description 415 "List of AS numbers."; 416 } 417 uses topology-info-sources; 418 } 420 /* 421 * Grouping - Topology Filters 422 */ 423 grouping topology-filters { 424 description 425 "Grouping for topology filters."; 426 container topology-filters { 427 presence "Enable Topology Filters."; 428 description 429 "Container for topology filters."; 430 list topology-filter { 431 key "name"; 432 description 433 "List of topology filters."; 434 leaf name { 435 type string; 436 description 437 "A string that uniquely identifies the topology filter."; 438 } 439 uses topology-reference; 440 container include-any { 441 description 442 "Include-any filters."; 443 uses custom-topology-filters; 444 } 445 container include-all { 446 description 447 "Include-all filters."; 448 uses custom-topology-filters; 449 } 450 container exclude { 451 description 452 "Exclude filters."; 453 uses custom-topology-filters; 454 } 455 } 456 } 457 } 459 /* 460 * Grouping - Topology Filter Sets 461 */ 462 grouping topology-filter-sets { 463 description 464 "Grouping for topology filter sets."; 465 container topology-filter-sets { 466 presence "Enable Topology Filter-Sets."; 467 description 468 "Container for topology filter sets."; 469 list topology-filter-set { 470 key "name"; 471 description 472 "List of topology filter sets."; 473 leaf name { 474 type string; 475 description 476 "A string that uniquely identifies the topology 477 filter-set."; 478 } 479 leaf-list topology-filter { 480 type leafref { 481 path "../../../topo-filt:topology-filters/" 482 + "topo-filt:topology-filter/topo-filt:name"; 483 } 484 description 485 "Reference to a specific topology filter from the list 486 of topology filters."; 487 } 488 } 489 } 490 } 492 /* 493 * Augment - Topology Filters / Topology Filter-Sets 494 */ 495 augment "/rt:routing" { 496 description 497 "Augment routing with topology-filters and 498 topology-filter-sets."; 499 uses topology-filters; 500 uses topology-filter-sets; 501 } 502 } 503 505 3. Acknowledgements 507 The authors would like to thank Sudharsana Venkatraman for her input 508 from discussions. 510 4. Contributors 512 The following individuals contributed to this document: 514 Colby Barth 515 Juniper Networks 516 Email: cbarth@juniper.net 518 Srihari R. Sangli 519 Juniper Networks 520 Email: ssangli@juniper.net 522 Chandra Ramachandran 523 Juniper Networks 524 Email: csekar@juniper.net 526 5. IANA Considerations 528 This document registers the following URI in the IETF XML registry 529 [RFC3688]. Following the format in [RFC3688], the following 530 registration is requested to be made. 532 URI: urn:ietf:params:xml:ns:yang:ietf-topology-filter 533 Registrant Contact: The TEAS WG of the IETF. 534 XML: N/A, the requested URI is an XML namespace. 536 This document registers a YANG module in the YANG Module Names 537 registry [RFC6020]. 539 name: ietf-topology-filter 540 namespace: urn:ietf:params:xml:ns:yang:ietf-topology-filter 541 prefix: ns-phd 542 reference: RFCXXXX 544 6. Security Considerations 546 The YANG module specified in this document defines a schema for data 547 that is designed to be accessed via network management protocols such 548 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 549 is the secure transport layer, and the mandatory-to-implement secure 550 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 551 is HTTPS, and the mandatory-to-implement secure transport is TLS 552 [RFC8446]. 554 The Network Configuration Access Control Model (NACM) [RFC8341] 555 provides the means to restrict access for particular NETCONF or 556 RESTCONF users to a preconfigured subset of all available NETCONF or 557 RESTCONF protocol operations and content. 559 The data nodes defined in this YANG module that are 560 writable/creatable/deletable (i.e., config true, which is the 561 default) may be considered sensitive or vulnerable in some network 562 environments. Write operations (e.g., edit-config) to these data 563 nodes without proper protection can have a negative effect on network 564 operations. These are the subtrees and data nodes and their 565 sensitivity/vulnerability: 567 * "/routing/topology-filters/": This subtree specifies the 568 configurations for topology filters. By manipulating these data 569 nodes, a malicious attacker may cause unauthorized and improper 570 behavior to any service that is making use of the filtered set of 571 topological elements produced by the application of the 572 compromised topology filter. 574 * "/routing/topology-filter-sets": This subtree specifies the 575 configurations for topology filter-sets. By manipulating these 576 data nodes, a malicious attacker may cause unauthorized and 577 improper behavior to any service that is making use of the 578 filtered set of topological elements produced by the application 579 of the compromised topology filter-set. 581 The readable data nodes in this YANG module may be considered 582 sensitive or vulnerable in some network environments. It is thus 583 important to control read access (e.g., via get, get-config, or 584 notification) to these data nodes. These are the subtrees and data 585 nodes and their sensitivity/vulnerability: 587 * "/routing/topology-filter": Unauthorized access to this subtree 588 can disclose the topology filters used in the network. 590 * "/routing/topology-filter-sets": Unauthorized access to this 591 subtree can disclose the topology filter-sets used in the network. 593 7. References 595 7.1. Normative References 597 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 598 Requirement Levels", BCP 14, RFC 2119, 599 DOI 10.17487/RFC2119, March 1997, 600 . 602 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 603 DOI 10.17487/RFC3688, January 2004, 604 . 606 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 607 the Network Configuration Protocol (NETCONF)", RFC 6020, 608 DOI 10.17487/RFC6020, October 2010, 609 . 611 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 612 and A. Bierman, Ed., "Network Configuration Protocol 613 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 614 . 616 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 617 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 618 . 620 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 621 RFC 7950, DOI 10.17487/RFC7950, August 2016, 622 . 624 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 625 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 626 . 628 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 629 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 630 May 2017, . 632 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 633 Access Control Model", STD 91, RFC 8341, 634 DOI 10.17487/RFC8341, March 2018, 635 . 637 [RFC8345] Clemm, A., Medved, J., Varga, R., Bahadur, N., 638 Ananthakrishnan, H., and X. Liu, "A YANG Data Model for 639 Network Topologies", RFC 8345, DOI 10.17487/RFC8345, March 640 2018, . 642 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 643 Routing Management (NMDA Version)", RFC 8349, 644 DOI 10.17487/RFC8349, March 2018, 645 . 647 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 648 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 649 . 651 [RFC8776] Saad, T., Gandhi, R., Liu, X., Beeram, V., and I. Bryskin, 652 "Common YANG Data Types for Traffic Engineering", 653 RFC 8776, DOI 10.17487/RFC8776, June 2020, 654 . 656 [RFC8795] Liu, X., Bryskin, I., Beeram, V., Saad, T., Shah, H., and 657 O. Gonzalez de Dios, "YANG Data Model for Traffic 658 Engineering (TE) Topologies", RFC 8795, 659 DOI 10.17487/RFC8795, August 2020, 660 . 662 7.2. Informative References 664 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 665 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 666 . 668 Appendix A. Complete Model Tree Structure 669 module: ietf-topology-filter 670 augment /rt:routing: 671 +--rw topology-filters! 672 | +--rw topology-filter* [name] 673 | +--rw name string 674 | +--rw topology-ref 675 | | +--rw igp-domain-identifier 676 | | | +--rw protocol-id? igp-protocol 677 | | | +--rw instance-id? uint32 678 | | | +--rw division-id? uint32 679 | | | +--rw algo-id? uint8 680 | | | +--rw mt-id? uint16 681 | | +--rw te-topology-identifier 682 | | +--rw provider-id? te-global-id 683 | | +--rw client-id? te-global-id 684 | | +--rw topology-id? te-topology-id 685 | +--rw include-any 686 | | +--rw link-affinity* string 687 | | +--rw link-name* string 688 | | +--rw node-prefix* inet:ip-prefix 689 | | +--rw as* inet:as-number 690 | | +--rw info-source* [source-id instance-id division-id] 691 | | +--rw source-id tet:te-info-source 692 | | +--rw instance-id uint32 693 | | +--rw division-id uint32 694 | +--rw include-all 695 | | +--rw link-affinity* string 696 | | +--rw link-name* string 697 | | +--rw node-prefix* inet:ip-prefix 698 | | +--rw as* inet:as-number 699 | | +--rw info-source* [source-id instance-id division-id] 700 | | +--rw source-id tet:te-info-source 701 | | +--rw instance-id uint32 702 | | +--rw division-id uint32 703 | +--rw exclude 704 | +--rw link-affinity* string 705 | +--rw link-name* string 706 | +--rw node-prefix* inet:ip-prefix 707 | +--rw as* inet:as-number 708 | +--rw info-source* [source-id instance-id division-id] 709 | +--rw source-id tet:te-info-source 710 | +--rw instance-id uint32 711 | +--rw division-id uint32 712 +--rw topology-filter-sets! 713 +--rw topology-filter-set* [name] 714 +--rw name string 715 +--rw topology-filter* 716 -> ../../../topology-filters/topology-filter/name 718 Authors' Addresses 720 Vishnu Pavan Beeram 721 Juniper Networks 723 Email: vbeeram@juniper.net 725 Tarek Saad 726 Juniper Networks 728 Email: tsaad@juniper.net