idnits 2.17.1 draft-boucadair-pcp-yang-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 12 instances of too long lines in the document, the longest one being 53 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 188 has weird spacing: '...version uin...' == Line 207 has weird spacing: '...version uin...' == Line 211 has weird spacing: '...ress-id uin...' == Line 283 has weird spacing: '...version enu...' == Line 324 has weird spacing: '...version uin...' == (6 more instances...) == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (October 16, 2017) is 2384 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) -- Obsolete informational reference (is this intentional?): RFC 6087 (Obsoleted by RFC 8407) Summary: 2 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Boucadair 3 Internet-Draft C. Jacquenet 4 Intended status: Standards Track Orange 5 Expires: April 19, 2018 S. Sivakumar 6 Cisco Systems 7 S. Vinapamula 8 Juniper Networks 9 October 16, 2017 11 YANG Modules for the Port Control Protocol (PCP) 12 draft-boucadair-pcp-yang-05 14 Abstract 16 This document defines YANG modules for the Port Control Protocol 17 (PCP), including PCP client, PCP server, PCP proxy, and Universal 18 Plug and Play (UPnP) Internet Gateway Device - Port Control Protocol 19 Interworking Function. 21 Editorial Note (To be removed by RFC Editor) 23 Please update this statement with the RFC number to be assigned to 24 this document: 26 "This version of this YANG module is part of RFC XXXX;" 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on April 19, 2018. 45 Copyright Notice 47 Copyright (c) 2017 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 64 1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 65 1.3. IP Address Format . . . . . . . . . . . . . . . . . . . . 4 66 2. Overview of the PCP YANG Modules . . . . . . . . . . . . . . 4 67 2.1. Common PCP . . . . . . . . . . . . . . . . . . . . . . . 4 68 2.2. PCP Client . . . . . . . . . . . . . . . . . . . . . . . 4 69 2.3. UPnP IGD/PCP Interworking Function . . . . . . . . . . . 6 70 2.4. PCP Proxy . . . . . . . . . . . . . . . . . . . . . . . . 7 71 2.5. PCP Server . . . . . . . . . . . . . . . . . . . . . . . 7 72 3. YANG Modules . . . . . . . . . . . . . . . . . . . . . . . . 10 73 3.1. Common PCP Module . . . . . . . . . . . . . . . . . . . . 10 74 3.2. PCP Client . . . . . . . . . . . . . . . . . . . . . . . 30 75 3.3. UPnP IGD/PCP Interworking Function . . . . . . . . . . . 34 76 3.4. PCP Proxy . . . . . . . . . . . . . . . . . . . . . . . . 37 77 3.5. PCP Server . . . . . . . . . . . . . . . . . . . . . . . 39 78 4. Security Considerations . . . . . . . . . . . . . . . . . . . 51 79 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 51 80 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 53 81 6.1. Normative references . . . . . . . . . . . . . . . . . . 53 82 6.2. Informative references . . . . . . . . . . . . . . . . . 54 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 54 85 1. Introduction 87 This document defines a data model for the Port Control Protocol 88 (PCP, [RFC6887]) using the YANG data modeling language [RFC7950]. 89 The following functional elements are in scope: 91 o PCP client [RFC6887]. 93 o PCP server [RFC6887]. 95 o PCP proxy [RFC7648]. 97 o Universal Plug and Play (UPnP) Internet Gateway Device - Port 98 Control Protocol Interworking Function (UPnP IGD-PCP IWF) 99 [RFC6970]. 101 In addition to the base features defined in [RFC6887], this document 102 covers the following capabilities: 104 o PCP Description option [RFC7220]. 106 o PCP Prefix64 discovery option [RFC7225]. 108 o PCP Port set allocation [RFC7753]. 110 In conformance with [RFC7291] and [RFC7488], this document assumes 111 that multiple PCP servers may be configured to a PCP client, PCP 112 proxy, or UPnP IGD-PCP IWF; each server is defined by a list of IP 113 addresses. 115 This document follows the guidelines of [RFC6087]. 117 This document uses the common YANG types defined in [RFC6991]. 119 This document does not allow to manage advanced PCP authentication 120 features [RFC7652]. 122 1.1. Requirements Language 124 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 125 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 126 document are to be interpreted as described in [RFC2119]. 128 This document makes use of the terms defined in [RFC6887], [RFC7648], 129 [RFC6970], and [RFC6970]. 131 The terminology for describing YANG modules is defined in [RFC7950]. 133 1.2. Tree Diagrams 135 The meaning of the symbols in these diagrams is as follows: 137 o Brackets "[" and "]" enclose list keys. 139 o Curly braces "{" and "}" contain names of optional features that 140 make the corresponding node conditional. 142 o Abbreviations before data node names: "rw" means configuration 143 (read-write), "ro" state data (read-only). 145 o Symbols after data node names: "?" means an optional node, "!" a 146 container with presence, and "*" denotes a "list" or "leaf-list". 148 o Parentheses enclose choice and case nodes, and case nodes are also 149 marked with a colon (":"). 151 o Ellipsis ("...") stands for contents of subtrees that are not 152 shown. 154 1.3. IP Address Format 156 Following the rationale defined in Section 5 of [RFC6887], this 157 document uses IPv4-mapped IPv6 addresses to encode IPv4 addresses. 159 The all-zeros IPv6 address are expressed as (::). 161 The all-zeros IPv4 address is expressed by 80 bits of zeros, 16 bits 162 of ones, and 32 bits of zeros (::ffff:0:0). 164 2. Overview of the PCP YANG Modules 166 The following sub-sections provide an overview of the PCP data 167 models. 169 2.1. Common PCP 171 Common PCP YANG module groups a set of common definitions that are 172 used in all PCP YANG modules. 174 2.2. PCP Client 176 Figure 1 depicts the YANG module for the PCP client. 178 module: ietf-pcp-client 179 +--rw pcp-client 180 +--rw enable? boolean 181 +--rw description? string 182 +--rw instances 183 +--rw instance* [id] 184 +--rw id uint32 185 +--rw name? string 186 +--rw capabilities 187 | +--rw supported-version* [version] 188 | | +--rw version uint8 189 | +--rw preferred-version? uint8 190 | +--rw authentication-support? boolean 191 | +--rw opcode-capability 192 | | +--rw map? boolean 193 | | +--rw peer? boolean 194 | | +--rw announce? boolean 195 | +--rw option-capability 196 | +--rw third-party? boolean 197 | +--rw prefer-failure? boolean 198 | +--rw filter 199 | | +--rw filter-enabled? boolean 200 | | +--rw max-filters? uint32 201 | +--rw port-set? boolean 202 | +--rw description 203 | | +--rw description-enabled? boolean 204 | | +--rw max-description? uint32 205 | +--rw prefix64? boolean 206 +--rw version* [version] 207 | +--rw version uint8 208 +--rw pcp-servers* [pcp-server-id] 209 | +--rw pcp-server-id uint32 210 | +--rw pcp-server-ip-address* [address-id] 211 | | +--rw address-id uint32 212 | | +--rw ip-address? inet:ipv6-address 213 | +--rw external-address-familly? inet:ip-version 214 | +--rw stale-external-ip-address? inet:ipv6-prefix 215 +--rw authentication-enable? boolean 216 +--rw opcode-configuration 217 | +--rw map? boolean 218 | +--rw peer? boolean 219 | +--rw announce? boolean 220 +--rw option-configuration 221 | +--rw third-party? boolean 222 | +--rw prefer-failure? boolean 223 | +--rw filter 224 | | +--rw filter-enabled? boolean 225 | | +--rw max-filters? uint32 226 | +--rw port-set? boolean 227 | +--rw description 228 | | +--rw description-enabled? boolean 229 | | +--rw max-description? uint32 230 | +--rw prefix64? boolean 231 +--rw mapping-table 232 | +--rw mapping-entry* [index] 233 | +--rw index uint32 234 | +--rw status? enumeration 235 | +--rw mapping-nonce? string 236 | +--rw internal-ip-address? inet:ipv6-prefix 237 | +--rw internal-port 238 | | +--rw start-port-number? inet:port-number 239 | | +--rw end-port-number? inet:port-number 240 | +--rw external-ip-address? inet:ipv6-prefix 241 | +--rw external-port 242 | | +--rw start-port-number? inet:port-number 243 | | +--rw end-port-number? inet:port-number 244 | +--rw protocol? uint8 245 | +--rw lifetime? uint32 246 | +--rw third-party-address? inet:ipv6-prefix 247 | +--rw filter* [filter-id] 248 | | +--rw filter-id uint32 249 | | +--rw remote-ip-prefix? inet:ipv6-prefix 250 | | +--rw remote-port-number? inet:port-number 251 | +--rw description? string 252 | +--rw prefer-failure-tagged? boolean 253 +--rw traffic-statistics 254 +--rw traffic-statistics 255 | +--rw sent-packet? yang:zero-based-counter64 256 | +--rw sent-byte? yang:zero-based-counter64 257 | +--rw rcvd-packet? yang:zero-based-counter64 258 | +--rw rcvd-byte? yang:zero-based-counter64 259 | +--rw dropped-packet? yang:zero-based-counter64 260 | +--rw dropped-byte? yang:zero-based-counter64 261 +--rw opcode-statistics 262 | +--rw sent-map? yang:zero-based-counter64 263 | +--rw rcvd-map? yang:zero-based-counter64 264 | +--rw sent-peer? yang:zero-based-counter64 265 | +--rw rcvd-peer? yang:zero-based-counter64 266 | +--rw sent-annonce? yang:zero-based-counter64 267 | +--rw rcvd-announce? yang:zero-based-counter64 268 | +--rw rcvd-unknown? yang:zero-based-counter64 269 | +--rw rcvd-malformed? yang:zero-based-counter64 270 +--rw mapping-table 271 +--rw current-mt-size? yang:zero-based-counter64 272 +--rw max-mt-size? uint32 274 Figure 1: PCP Client YANG Module 276 2.3. UPnP IGD/PCP Interworking Function 278 Figure 2 depicts the YANG module for the UPnP IGD-PCP IWF. 280 module: ietf-pcp-iwf 281 augment /pcp-client:pcp-client/pcp-client:instances/pcp-client:instance/pcp-client:capabilities: 282 +--rw igd-supported-version* [igd-version] 283 +--rw igd-version enumeration 284 augment /pcp-client:pcp-client/pcp-client:instances/pcp-client:instance: 285 +--rw igd-version 286 +--rw igd-version? enumeration 287 augment /pcp-client:pcp-client/pcp-client:instances/pcp-client:instance/pcp-client:mapping-table/pcp-client:mapping-entry: 288 +--rw igd-control-point-address? inet:ip-address 289 +--rw igd-control-point-port? inet:port-number 291 Figure 2: IWF YANG Module 293 2.4. PCP Proxy 295 Figure 3 depicts the YANG module for the PCP proxy. 297 module: ietf-pcp-proxy 298 augment /pcp-client:pcp-client/pcp-client:instances/pcp-client:instance/pcp-client:option-configuration: 299 +--rw relay-mandatory-unknown-option? boolean 300 +--rw relay-optionnal-unknown-option? boolean 301 augment /pcp-client:pcp-client/pcp-client:instances/pcp-client:instance: 302 +--rw terminate-proxy-recursion? boolean 303 augment /pcp-client:pcp-client/pcp-client:instances/pcp-client:instance/pcp-client:mapping-table/pcp-client:mapping-entry: 304 +--rw local-assigned-ip-address? inet:ipv6-prefix 305 +--rw local-assigned-port 306 +--rw start-port-number? inet:port-number 307 +--rw end-port-number? inet:port-number 309 Figure 3: PCP Proxy YANG Module 311 2.5. PCP Server 313 Figure 4 depicts the YANG module for the PCP server. 315 module: ietf-pcp-server 316 +--rw pcp-serve 317 +--rw enable? boolean 318 +--rw instances 319 +--rw instance* [id] 320 +--rw id uint32 321 +--rw name? string 322 +--rw capabilities 323 | +--rw supported-version* [version] 324 | | +--rw version uint8 325 | +--rw preferred-version? uint8 326 | +--rw authentication-support? boolean 327 | +--rw opcode-capability 328 | | +--rw map? boolean 329 | | +--rw peer? boolean 330 | | +--rw announce? boolean 331 | +--rw option-capability 332 | | +--rw third-party? boolean 333 | | +--rw prefer-failure? boolean 334 | | +--rw filter 335 | | | +--rw filter-enabled? boolean 336 | | | +--rw max-filters? uint32 337 | | +--rw port-set? boolean 338 | | +--rw description 339 | | | +--rw description-enabled? boolean 340 | | | +--rw max-description? uint32 341 | | +--rw prefix64? boolean 342 | +--rw port-randomization-support? boolean 343 | +--rw port-preservation-suport? boolean 344 | +--rw port-parity-preservation-support? boolean 345 | +--rw protocol-capabilities* [protocol-id] 346 | | +--rw protocol-id uint8 347 | +--rw pcp-controlled-function-capability 348 | +--rw pcp-controlled-function* identityref 349 +--rw version* [version] 350 | +--rw version uint8 351 +--rw pcp-server-ip-address* [address-id] 352 | +--rw address-id uint32 353 | +--rw ip-address? inet:ipv6-address 354 +--rw authentication-enable? boolean 355 +--rw opcode-configuration 356 | +--rw map? boolean 357 | +--rw peer? boolean 358 | +--rw announce? boolean 359 +--rw option-configuration 360 | +--rw third-party? boolean 361 | +--rw prefer-failure? boolean 362 | +--rw filter 363 | | +--rw filter-enabled? boolean 364 | | +--rw max-filters? uint32 365 | +--rw port-set-option 366 | | +--rw port-set-enable? boolean 367 | | +--rw default-port-set-size? uint16 368 | | +--rw maximum-port-set-size? uint16 369 | +--rw description 370 | | +--rw description-enabled? boolean 371 | | +--rw max-description? uint32 372 | +--rw prefix64-option 373 | +--rw prefix64-option-enable? boolean 374 | +--rw prefix64* [prefix64-id] 375 | +--rw prefix64-id uint32 376 | +--rw prefix64? inet:ipv6-prefix 377 | +--rw suffix? yang:hex-string 378 | +--rw dest-ipv4-prefix* [ipv4-prefix-id] 379 | +--rw ipv4-prefix-id uint32 380 | +--rw ipv4-prefix? inet:ipv4-prefix 381 +--rw port-randomization-enable? boolean 382 +--rw port-preservation-enable? boolean 383 +--rw port-parity-preservation-enable? boolean 384 +--rw nonce-validation-checks-enable? boolean 385 +--rw subscriber-mask? uint8 386 +--rw port-quota? uint16 387 +--rw exclude-ports* [id] 388 | +--rw id uint16 389 | +--rw start-port-number? inet:port-number 390 | +--rw end-port-number? inet:port-number 391 +--rw protocol* [protocol-id] 392 | +--rw protocol-id uint8 393 +--rw epoch-set? uint32 394 +--rw lifetime 395 | +--rw minimum-lifetime? uint32 396 | +--rw maximum-lifetime? uint32 397 +--rw error-lifetime 398 | +--rw minimum-error-lifetime? uint32 399 | +--rw maximum-error-lifetime? uint32 400 +--rw mapping-table 401 | +--rw mapping-entry* [index] 402 | +--rw index uint32 403 | +--rw status? enumeration 404 | +--rw mapping-nonce? string 405 | +--rw internal-ip-address? inet:ipv6-prefix 406 | +--rw internal-port 407 | | +--rw start-port-number? inet:port-number 408 | | +--rw end-port-number? inet:port-number 409 | +--rw external-ip-address? inet:ipv6-prefix 410 | +--rw external-port 411 | | +--rw start-port-number? inet:port-number 412 | | +--rw end-port-number? inet:port-number 413 | +--rw protocol? uint8 414 | +--rw lifetime? uint32 415 | +--rw third-party-address? inet:ipv6-prefix 416 | +--rw filter* [filter-id] 417 | | +--rw filter-id uint32 418 | | +--rw remote-ip-prefix? inet:ipv6-prefix 419 | | +--rw remote-port-number? inet:port-number 420 | +--rw description? string 421 | +--rw prefer-failure-tagged? boolean 422 +--rw traffic-statistics 423 +--rw traffic-statistics 424 | +--rw sent-packet? yang:zero-based-counter64 425 | +--rw sent-byte? yang:zero-based-counter64 426 | +--rw rcvd-packet? yang:zero-based-counter64 427 | +--rw rcvd-byte? yang:zero-based-counter64 428 | +--rw dropped-packet? yang:zero-based-counter64 429 | +--rw dropped-byte? yang:zero-based-counter64 430 +--rw opcode-statistics 431 | +--rw sent-map? yang:zero-based-counter64 432 | +--rw rcvd-map? yang:zero-based-counter64 433 | +--rw sent-peer? yang:zero-based-counter64 434 | +--rw rcvd-peer? yang:zero-based-counter64 435 | +--rw sent-annonce? yang:zero-based-counter64 436 | +--rw rcvd-announce? yang:zero-based-counter64 437 | +--rw rcvd-unknown? yang:zero-based-counter64 438 | +--rw rcvd-malformed? yang:zero-based-counter64 439 +--rw mapping-table 440 | +--rw current-mt-size? yang:zero-based-counter64 441 | +--rw max-mt-size? uint32 442 +--rw port-in-use? percent 444 Figure 4: PCP Server YANG Module 446 3. YANG Modules 448 3.1. Common PCP Module 450 file "ietf-pcp@2017-10-17.yang" 451 module ietf-pcp { 452 yang-version 1.1; 453 namespace "urn:ietf:params:xml:ns:yang:ietf-pcp"; 454 prefix pcp; 456 import ietf-inet-types { prefix inet; } 457 import ietf-yang-types { prefix yang; } 459 organization "xxx Working Group"; 460 contact 461 "Mohamed Boucadair 462 Christian Jacquenet "; 464 description 465 "This module embeds the core PCP characteristics, including 466 the description of PCP operations, options and mapping entries. 468 Copyright (c) 2017 IETF Trust and the persons identified as 469 authors of the code. All rights reserved. 471 Redistribution and use in source and binary forms, with or 472 without modification, is permitted pursuant to, and subject 473 to the license terms contained in, the Simplified BSD License 474 set forth in Section 4.c of the IETF Trust's Legal Provisions 475 Relating to IETF Documents 476 (http://trustee.ietf.org/license-info). 478 This version of this YANG module is part of RFC XXXX; see 479 the RFC itself for full legal notices."; 481 revision 2017-10-17 { 482 description "Align with NMDA"; 483 reference "-05"; 484 } 486 revision 2015-08-05 { 487 description "Changes tbc."; 488 reference "-00"; 489 } 491 /* 492 * Identities 493 */ 495 identity c_function { 496 description 497 "Base identity for controlled function."; 499 reference 500 "RFC 3022."; 501 } 503 identity nat44 { 504 base pcp:c_function; 505 description 506 "Base identity for NAT44 type."; 508 reference 509 "RFC 3022."; 510 } 512 identity nat64 { 513 base pcp:c_function; 514 description 515 "Base identity for NAT64 type."; 517 reference 518 "RFC 6146."; 519 } 521 identity dslite { 522 base pcp:c_function; 523 description 524 "Base identity for DS-Lite type."; 526 reference 527 "RFC 6333."; 528 } 530 identity nptv6 { 531 base pcp:c_function; 532 description 533 "Base identity for NPTv6 type."; 535 reference 536 "RFC 6296."; 537 } 539 identity ipv4-firewall { 540 base pcp:c_function; 541 description 542 "Base identity for IPv4 firewall type."; 543 } 545 identity ipv6-firewall { 546 base pcp:c_function; 547 description 548 "Base identity for IPv6 firewall type."; 549 } 551 identity port-range-router { 552 base pcp:c_function; 553 description 554 "Base identity for Port Range Router type."; 556 reference 557 "RFC 6346."; 558 } 560 /* 561 * Grouping 562 */ 564 //Description option 566 grouping description-option { 567 description 568 "used to configure DESCRIPTION option."; 570 leaf description-enabled { 571 type boolean; 573 description 574 "Enable/disable DESCRIPTION option."; 576 reference 577 "RFC 7220"; 578 } 580 leaf max-description { 581 type uint32; 583 description 584 "Indicates the maximum length of the description 585 associated with a mapping."; 587 reference 588 "RFC 7220"; 589 } 590 } 592 //Filter option 594 grouping filter-option { 595 description 596 "FILTER option"; 598 leaf filter-enabled { 599 type boolean; 601 description 602 "Enable/disable FILTER option."; 604 reference 605 "RFC 6887"; 606 } 608 leaf max-filters { 609 type uint32; 611 description 612 "Indicates the maximum number of filters 613 associated with a mapping."; 615 reference 616 "RFC 6887"; 617 } 618 } 620 // Port set option 622 grouping port-set-option { 623 description 624 "PORT_SET option."; 626 leaf port-set-enable { 627 type boolean; 629 description 630 "Enable/disable PORT_SET option."; 632 reference 633 "RFC 7753"; 634 } 636 leaf default-port-set-size { 637 type uint16; 639 description 640 "Indicates the default size of a port set."; 642 reference 643 "RFC 7753"; 644 } 646 leaf maximum-port-set-size { 647 type uint16; 649 description 650 "Indicates the maximum size of a port set."; 652 reference 653 "RFC 7753"; 654 } 655 } 657 //Opcodes 658 grouping opcode { 659 description 660 "Indicates the set of supported/enabled PCP opcodes."; 662 leaf map { 663 type boolean; 665 description 666 "MAP opcode"; 668 reference 669 "RFC 6887"; 670 } 672 leaf peer { 673 type boolean; 675 description 676 "PEER opcode"; 678 reference 679 "RFC 6887"; 680 } 682 leaf announce { 683 type boolean; 685 description 686 "ANNOUNCE opcode."; 688 reference 689 "RFC 6887"; 690 } 691 } 693 //Options 695 grouping option { 696 description 697 "a set of PCP options."; 699 leaf third-party { 700 type boolean; 702 description 703 "THIRD_PARTY option is used when a PCP client wants 704 to control a mapping to an internal host other 705 than itself."; 707 reference 708 "RFC 6887"; 710 } 712 leaf prefer-failure { 713 type boolean; 715 description 716 "This option indicates that if the PCP server is unable 717 to map both the suggested external port and suggested 718 external address, the PCP server should not create 719 a mapping. This differs from the behavior without this 720 option, which is to create a mapping. 722 PREFER_FAILURE is never necessary for a PCP client to 723 manage mappings for itself, and its use causes 724 additional work in the PCP client and in the PCP 725 server. See Section 13.2 of [RFC6887]."; 727 reference 728 "Section 13.2 ofRFC 6887"; 729 } 731 container filter { 732 description 733 "This option indicates that filtering incoming packets 734 is desired."; 736 uses filter-option; 737 } 739 leaf port-set { 740 type boolean; 742 description 743 "Indicates whether PORT_SET is supported/enabled."; 744 } 746 container description { 747 description 748 "Associates a description with a mapping."; 750 uses description-option; 752 reference 753 "RFC 7220"; 754 } 755 leaf prefix64 { 756 type boolean; 758 description 759 "PREFIX64 PCP option."; 761 reference 762 "RFC 7225"; 763 } 764 } 766 // port numbers: single or port range 768 grouping port-number { 769 description 770 "Individual port or a range of ports. 771 When only start-port-numbert is present, 772 it represents a single port."; 774 leaf start-port-number { 775 type inet:port-number; 777 description 778 "Begining of the port range."; 780 reference 781 "Section 3.2.9 of RFC 8045."; 782 } 784 leaf end-port-number { 785 type inet:port-number; 787 must ". >= ../start-port-number" 788 { 789 error-message 790 "The end-port-number must be greater than or 791 equal to start-port-number."; 792 } 794 description 795 "End of the port range."; 797 reference 798 "Section 3.2.10 of RFC 8045."; 799 } 800 } 802 // Filter 803 grouping filter { 804 description 805 "The remote peer IP address and remote peer port of 806 the FILTER option indicate the permitted remote peer's 807 source IP address and source port for packets from 808 the Internet; other traffic from other addresses 809 is blocked."; 811 leaf filter-id { 812 type uint32; 814 description 815 "An identifier of the filter."; 816 } 818 leaf remote-ip-prefix { 819 type inet:ipv6-prefix; 821 description 822 "The IP address of the remote peer."; 823 } 825 leaf remote-port-number { 826 type inet:port-number; 828 description 829 "The port number of the remote peer. Value 0 830 indicates 'all ports'."; 831 } 832 } 834 // PCP mapping entry 836 grouping mapping-entry { 837 description 838 "A PCP mapping entry."; 840 leaf index { 841 type uint32; 843 description 844 "A unique identifier of a mapping entry."; 845 } 847 leaf status { 848 type enumeration { 850 enum "disabled" { 851 description 852 "The mapping entry is not in use (Disabled)."; 853 } 855 enum "requested" { 856 description 857 "A PCP request has been sent for this mapping. 858 Still waiting for a response from the server."; 859 } 861 enum "assigned" { 862 description 863 "This mapping has been granted by the server."; 864 } 866 enum "stale" { 867 description 868 "This is a stale mapping (case of reboot)."; 869 } 870 } 871 description 872 "Indicates the status of a mapping entry."; 873 } 875 leaf mapping-nonce { 876 type string; 878 description 879 "A random value chosen by the PCP client"; 880 } 882 leaf internal-ip-address { 883 type inet:ipv6-prefix; 885 description 886 "Corresponds to the PCP Client's IP Address 887 defined in [RFC6887]."; 888 } 890 container internal-port { 891 description 892 "Internal port for the mapping. Value 0 indicates 893 'all ports', and is legal when the lifetime is zero 894 (a delete request), if the protocol does not use 895 16-bit port numbers, or the client is requesting 896 'all ports'. If the protocol is zero 897 (meaning 'all protocols'), then internal port 898 is set to zero."; 900 uses port-number; 901 } 903 leaf external-ip-address { 904 type inet:ipv6-prefix; 906 description 907 "External IP address. Can be 'Suggested' or 'Assigned'. 909 It can be set by a client to stale-ip-address, if available 910 or to (::) (for requesting external IPv6 addresses) 911 or (::ffff:0:0) (for requesting external IPv4 addresses)."; 912 } 914 container external-port { 915 description 916 "External port number. Can be 'Suggested' or 'Assigned'."; 918 uses port-number; 919 } 921 leaf protocol { 922 type uint8; 924 description 925 "Upper-layer protocol associated with this Opcode. 926 Values are taken from the IANA protocol registry. 927 For example, this field contains 6 (TCP) if the Opcode 928 is intended to create a TCP mapping. This field contains 929 17 (UDP) if the Opcode is intended to create a UDP mapping. 931 The value 0 has a special meaning for 'all protocols'."; 932 } 934 leaf lifetime { 935 type uint32; 937 description 938 "Lifetime of the mapping. 940 Can be requested/assigned/remaining"; 941 } 943 leaf third-party-address { 944 type inet:ipv6-prefix; 946 description 947 "used to indicate the internal IP address 948 when THIRD_PARTY is in use."; 949 } 951 list filter { 952 key filter-id; 954 description 955 "a list of filters associated with the mapping."; 957 uses filter; 958 } 960 leaf description { 961 type string; 963 description 964 "a description string associated with the mapping."; 965 } 967 leaf prefer-failure-tagged { 968 type boolean; 970 description 971 "a tag which indicates whether PREFER_FAILURE 972 is (to be) used."; 973 } 974 } 976 // PCP result code 978 grouping status-code { 979 description 980 "stores the result status code"; 982 leaf status-code { 983 type enumeration { 984 enum "SUCCESS" { 985 description 986 "Success"; 987 } 989 enum "unsupported-version" { 990 description 991 "The version number at the start of the PCP Request 992 header is not recognized by this PCP server. 993 This is a long lifetime error."; 994 } 995 enum "not-authorized" { 996 description 997 "The requested operation is disabled for this PCP 998 client, or the PCP client requested an operation 999 that cannot be fulfilled by the PCP server's 1000 security policy. 1002 This is a long lifetime error."; 1003 } 1005 enum "malformed-request" { 1006 description 1007 "The request could not be successfully parsed. 1009 This is a long lifetime error."; 1010 } 1012 enum "unsupported-opcode" { 1013 description 1014 "Unsupported Opcode. 1015 This is a long lifetime error."; 1016 } 1018 enum "unsupported-option" { 1019 description 1020 "Unsupported option. This error only occurs if 1021 the option is in the mandatory-to-process range. 1023 This is a long lifetime error."; 1024 } 1026 enum "malformed-option" { 1027 description 1028 "Malformed option (e.g., appears too many times, 1029 invalid length). 1031 This is a long lifetime error."; 1032 } 1034 enum "network-failure" { 1035 description 1036 "The PCP server or the device it controls is 1037 experiencing a network failure of some sort 1038 (e.g., has not yet obtained an external 1039 IP address). 1041 This is a short lifetime error."; 1042 } 1043 enum "no-resources" { 1044 description 1045 "Request is well-formed and valid, but the server 1046 has insufficient resources to complete 1047 the requested operation at this time. 1049 For example, the NAT device cannot create more 1050 mappings at this time, is short of CPU cycles 1051 or memory, or is unable to handle the request 1052 due to some other temporary condition. 1054 The same request may succeed in the future. 1055 This is a system-wide error, different from 1056 USER_EX_QUOTA. This can be used as a 1057 catch-all error, should no other error 1058 message be suitable. 1060 This is a short lifetime error."; 1061 } 1063 enum "unsupported-protocol" { 1064 description 1065 "Unsupported transport protocol, e.g., 1066 SCTP in a NAT that handles only UDP and TCP. 1068 This is a long lifetime error."; 1069 } 1071 enum "ex-quota" { 1072 description 1073 "This attempt to create a new mapping would 1074 exceed this subscriber's port quota. 1076 This is a short lifetime error."; 1077 } 1079 enum "cannot-provide-external" { 1080 description 1081 "The suggested external port and/or 1082 external address cannot be provided. 1083 This error must only be returned for: 1084 * MAP requests that included the 1085 PREFER_FAILURE option 1086 * MAP requests for the SCTP protocol 1087 (PREFER_FAILURE is implied) 1088 * PEER requests."; 1089 } 1090 enum "address-mismatch" { 1091 description 1092 "The source IP address of the request 1093 packet does not match the contents of the 1094 PCP Client's IP Address field, due to an 1095 unexpected NAT on the path between the PCP 1096 client and the PCP-controlled NAT or firewall. 1098 This is a long lifetime error."; 1099 } 1101 enum "extensive-remote-peer" { 1102 description 1103 "The PCP server was not able to create the 1104 filters in this request. This result code must 1105 only be returned if the MAP request contained 1106 the FILTER option. 1108 This is a long lifetime error."; 1109 } 1110 } 1111 description 1112 "result status code."; 1113 } 1114 } 1116 // PCP servers list 1118 grouping pcp-server-address { 1120 description 1121 "A list of PCP servers. Each PCP server can be identified 1122 by one or multiple IP addresses."; 1124 leaf pcp-server-id { 1125 type uint32; 1126 description 1127 "A unique identifier."; 1128 } 1130 list pcp-server-ip-address { 1132 key address-id; 1134 description 1135 "a list of IP addresses of a PCP server"; 1137 leaf address-id { 1138 type uint32; 1139 description 1140 "An identifier"; 1141 } 1143 leaf ip-address { 1144 type inet:ipv6-address; 1145 description 1146 "An IP address of a PCP server."; 1147 } 1148 } 1150 leaf external-address-familly { 1151 type inet:ip-version; 1152 description 1153 "The address family of the external address(es) 1154 managed by the PCP server. 1155 Can be IPv4, IPv6 or both."; 1156 } 1158 leaf stale-external-ip-address { 1159 type inet:ipv6-prefix; 1160 description 1161 "A stale address that can be used by the PCP client 1162 to be assigned the same address upon reboot 1163 or other failure events."; 1164 } 1165 } 1167 // status of the communication with configured PCP servers 1169 grouping pcp-server-address-status { 1171 description 1172 "Groups the status of the communication between 1173 a PCP client a server."; 1175 uses pcp-server-address; 1177 leaf source { 1178 type enumeration { 1179 enum "manual-configuration"{ 1180 description 1181 "The server has been manually configured."; 1182 } 1184 enum "dhcpv6"{ 1185 description 1186 "Retrieved from DHCPv6 [RFC7291]."; 1187 } 1189 enum "dhcpv4"{ 1190 description 1191 "Retrieved from DHCPv4 [RFC7291]."; 1192 } 1194 enum "else"{ 1195 description 1196 "Else (e.g., TR-96.)"; 1197 } 1198 } 1199 description 1200 "source of the PCP server reachability information."; 1201 } 1203 leaf in-use { 1204 type boolean; 1205 description 1206 "Indicates whether this in-use instance of the server 1207 is the result of the selection 1208 process defined in [RFC7488]."; 1209 } 1211 leaf server-epoch { 1212 type uint32; 1213 description 1214 "The PCP server's Epoch."; 1215 } 1217 leaf client-epoch { 1218 type uint32; 1219 description 1220 "The PCP client's Epoch."; 1221 } 1223 leaf current-version { 1224 type uint8; 1225 description 1226 "The version that is selected as per the version negotiation 1227 procedure specified in Section 9 of [RFC6877]."; 1228 } 1229 } 1231 // type of the PCP-controlled function. 1233 grouping pcp-controlled-function { 1234 description 1235 "A set of PCP-controlled functions. 1236 One or multiple functions can be controlled 1237 by the same PCP server. "; 1239 leaf-list pcp-controlled-function { 1240 type identityref { 1241 base c_function; 1242 } 1243 description 1244 "Type of NAT."; 1245 } 1246 } 1248 // traffic statistics 1250 grouping traffic-stat { 1251 description 1252 "Groups a set of statistics."; 1254 container traffic-statistics { 1255 description 1256 "Generic traffic statistics."; 1258 leaf sent-packet { 1259 type yang:zero-based-counter64; 1260 description 1261 "Packets sent"; 1262 } 1264 leaf sent-byte { 1265 type yang:zero-based-counter64; 1266 description 1267 "Counter for sent traffic in bytes."; 1268 } 1270 leaf rcvd-packet { 1271 type yang:zero-based-counter64; 1272 description 1273 "Counter for received packets."; 1274 } 1276 leaf rcvd-byte { 1277 type yang:zero-based-counter64; 1278 description 1279 "Counter for received traffic in bytes."; 1280 } 1281 leaf dropped-packet { 1282 type yang:zero-based-counter64; 1283 description 1284 "Counter for dropped packets."; 1285 } 1287 leaf dropped-byte { 1288 type yang:zero-based-counter64; 1289 description 1290 "Counter for dropped traffic in bytes."; 1291 } 1292 } 1294 container opcode-statistics { 1295 description 1296 "Opcode-related statistics."; 1298 leaf sent-map { 1299 type yang:zero-based-counter64; 1300 description 1301 "Counter for sent MAP messages"; 1302 } 1304 leaf rcvd-map { 1305 type yang:zero-based-counter64; 1306 description 1307 "Counter for received MAP messages"; 1308 } 1310 leaf sent-peer { 1311 type yang:zero-based-counter64; 1312 description 1313 "Counter for sent PEER messages"; 1314 } 1316 leaf rcvd-peer { 1317 type yang:zero-based-counter64; 1318 description 1319 "Counter for received PEER messages"; 1320 } 1322 leaf sent-annonce { 1323 type yang:zero-based-counter64; 1324 description 1325 "Counter for sent ANNOUNCE messages"; 1326 } 1328 leaf rcvd-announce { 1329 type yang:zero-based-counter64; 1330 description 1331 "Counter for received ANNOUNCED messages"; 1332 } 1334 leaf rcvd-unknown { 1335 type yang:zero-based-counter64; 1336 description 1337 "Counter for received unknown opcodes"; 1338 } 1340 leaf rcvd-malformed { 1341 type yang:zero-based-counter64; 1342 description 1343 "Counter for received malformed opcodes"; 1344 } 1345 } 1346 } 1348 // mapping table statistics 1350 grouping mapping-table-stats { 1351 description 1352 "PCP mapping table related statistics."; 1354 leaf current-mt-size { 1355 type yang:zero-based-counter64; 1356 description 1357 "Size of the mapping table"; 1358 } 1360 leaf max-mt-size { 1361 type uint32; 1362 description 1363 "Maximum configured size of the mapping table."; 1364 } 1365 } 1367 // PCP versions 1369 grouping pcp-version { 1370 description 1371 "PCP version(s)"; 1373 leaf version { 1374 type uint8; 1375 description 1376 "Indicates a PCP server. 1377 Current versions are: 0, 1, and 2."; 1378 } 1379 } 1380 } 1382 1384 3.2. PCP Client 1386 file "ietf-pcp-client@2017-10-17.yang" 1387 module ietf-pcp-client { 1388 yang-version 1.1; 1390 namespace "urn:ietf:params:xml:ns:yang:ietf-pcp-client"; 1391 prefix pcp-client; 1393 import ietf-pcp { prefix pcp; } 1395 organization "N/A Working Group"; 1396 contact 1397 "Mohamed Boucadair 1398 Christian Jacquenet "; 1400 description 1401 "This module contains a collection of YANG definitions for 1402 PCP client implementations. 1404 Copyright (c) 2017 IETF Trust and the persons identified as 1405 authors of the code. All rights reserved. 1407 Redistribution and use in source and binary forms, with or 1408 without modification, is permitted pursuant to, and subject 1409 to the license terms contained in, the Simplified BSD License 1410 set forth in Section 4.c of the IETF Trust's Legal Provisions 1411 Relating to IETF Documents 1412 (http://trustee.ietf.org/license-info). 1414 This version of this YANG module is part of RFC XXXX; see 1415 the RFC itself for full legal notices."; 1417 revision 2017-10-17 { 1418 description "Align with NMDA"; 1419 reference "-05"; 1420 } 1422 revision 2015-08-05 { 1423 description "Changes tbc."; 1424 reference "tbc"; 1425 } 1427 /* 1428 *PCP Client 1429 */ 1431 container pcp-client { 1432 description 1433 "PCP client "; 1435 leaf enable { 1436 type boolean; 1438 description 1439 "Enable/disable the PCP client."; 1440 } 1442 leaf description { 1443 type string; 1445 description 1446 "Associated a description with the module."; 1447 } 1449 container instances { 1450 description 1451 "A set of PCP client instances."; 1453 list instance { 1454 key "id"; 1456 description 1457 "A PCP client instance."; 1459 leaf id { 1460 type uint32; 1462 description 1463 "An identifier of the PCP client instance."; 1464 } 1466 leaf name { 1467 type string; 1469 description 1470 "A name of the PCP client instance."; 1471 } 1472 container capabilities { 1473 description "Capabilities"; 1475 list supported-version { 1476 key version; 1478 description 1479 "list of supported PCP versions"; 1481 uses pcp:pcp-version; 1482 } 1484 leaf preferred-version { 1485 type uint8; 1487 description 1488 "The preferred version configured 1489 by an administrator."; 1490 } 1492 leaf authentication-support { 1493 type boolean; 1495 description 1496 "Indicates whether PCP authentication is 1497 supported."; 1498 } 1500 container opcode-capability { 1501 description 1502 "Opcode-related capabilities."; 1504 uses pcp:opcode; 1505 } 1507 container option-capability { 1508 description 1509 "Option-related capabilities"; 1511 uses pcp:option; 1512 } 1513 } 1515 list version { 1516 key version; 1518 description 1519 "Indicates the set of supported PCP versions 1520 (0, 1, 2)"; 1522 uses pcp:pcp-version; 1523 } 1525 list pcp-servers { 1526 key "pcp-server-id"; 1528 description 1529 "List of provisioned PCP servers."; 1531 uses pcp:pcp-server-address; 1532 } 1534 leaf authentication-enable { 1535 type boolean; 1537 description 1538 "Enable/Disable PCP authentication."; 1539 } 1541 container opcode-configuration { 1542 description 1543 "Opcode-related configuration"; 1545 uses pcp:opcode; 1546 } 1548 container option-configuration { 1549 description 1550 "Options-related configuration."; 1552 uses pcp:option; 1553 } 1555 container mapping-table { 1556 description 1557 "Mapping table maintained by a PCP client 1558 instance."; 1560 list mapping-entry { 1561 key "index"; 1563 description 1564 "PCP Mapping entry."; 1566 uses pcp:mapping-entry; 1567 } 1569 } 1571 container traffic-statistics { 1572 description 1573 "traffic statistics."; 1575 uses pcp:traffic-stat; 1577 container mapping-table { 1578 description 1579 "mapping table related statistics."; 1581 uses pcp:mapping-table-stats; 1582 } 1583 } 1584 } 1585 } 1586 } 1587 } 1589 1591 3.3. UPnP IGD/PCP Interworking Function 1593 file "ietf-pcp-iwf@2017-10-17.yang" 1594 module ietf-pcp-iwf { 1595 yang-version 1.1; 1597 namespace "urn:ietf:params:xml:ns:yang:ietf-pcp-iwf"; 1598 prefix pcp-iwf; 1600 import ietf-inet-types { prefix inet; } 1601 import ietf-pcp-client { prefix pcp-client; } 1603 organization "xxxx Working Group"; 1604 contact 1605 "Mohamed Boucadair 1606 Christian Jacquenet "; 1608 description 1609 "This module contains a collection of YANG definitions for 1610 UPnP IGD/PCP Interworking implementations. 1612 Copyright (c) 2017 IETF Trust and the persons identified as 1613 authors of the code. All rights reserved. 1615 Redistribution and use in source and binary forms, with or 1616 without modification, is permitted pursuant to, and subject 1617 to the license terms contained in, the Simplified BSD License 1618 set forth in Section 4.c of the IETF Trust's Legal Provisions 1619 Relating to IETF Documents 1620 (http://trustee.ietf.org/license-info). 1622 This version of this YANG module is part of RFC XXXX; see 1623 the RFC itself for full legal notices."; 1625 revision 2017-10-17 { 1626 description "Align with NMDA"; 1627 reference "-05"; 1628 } 1630 revision 2015-08-05 { 1631 description "Changes xxxx."; 1632 reference "xxxx"; 1633 } 1635 // IGD versions 1637 grouping igd-version { 1638 description 1639 "UPnp IGD Version"; 1641 leaf igd-version { 1643 type enumeration { 1645 enum "igd:1" { 1646 description 1647 "UPnP IGD:1"; 1648 } 1650 enum "igd:2" { 1651 description 1652 "UPnP IGD:2"; 1653 } 1655 enum "both" { 1656 description 1657 "UPnP IGD:1 and UPnP IGD:2"; 1658 } 1659 } 1660 description 1661 "UPnP IGD Version"; 1662 } 1664 } 1666 augment "/pcp-client:pcp-client/pcp-client:instances/pcp-client:instance/pcp-client:capabilities" { 1667 description "Capabilities"; 1669 list igd-supported-version { 1671 key igd-version; 1673 description 1674 "list of supported IGD versions"; 1676 uses igd-version; 1677 } 1679 } 1681 augment "/pcp-client:pcp-client/pcp-client:instances/pcp-client:instance" { 1682 description 1683 "IGD version(s)"; 1685 container igd-version { 1686 description 1687 "Configure UPnP IGD version(s)."; 1689 uses igd-version; 1690 } 1691 } 1693 augment "/pcp-client:pcp-client/pcp-client:instances/pcp-client:instance/pcp-client:mapping-table/pcp-client:mapping-entry" { 1694 description 1695 "Mapping table as maintained by a 1696 UPnP IGD/PCP IWF instance"; 1698 leaf igd-control-point-address { 1699 type inet:ip-address; 1701 description 1702 "IP address of the UPnP Control Point."; 1703 } 1705 leaf igd-control-point-port { 1706 type inet:port-number; 1708 description 1709 "Port number of the UPnP Control Point."; 1710 } 1712 } 1713 } 1715 1717 3.4. PCP Proxy 1719 file "ietf-pcp-proxy@2017-10-17.yang" 1720 module ietf-pcp-proxy { 1721 yang-version 1.1; 1723 namespace "urn:ietf:params:xml:ns:yang:ietf-pcp-proxy"; 1724 prefix pcp-proxy; 1726 import ietf-inet-types { prefix inet; } 1727 import ietf-pcp { prefix pcp; } 1728 import ietf-pcp-client { prefix pcp-client; } 1730 organization "xxxx Working Group"; 1731 contact 1732 "Mohamed Boucadair 1733 Christian Jacquenet "; 1735 description 1736 "This module contains a collection of YANG definitions for 1737 PCP Proxy implementations. 1739 Copyright (c) 2017 IETF Trust and the persons identified as 1740 authors of the code. All rights reserved. 1742 Redistribution and use in source and binary forms, with or 1743 without modification, is permitted pursuant to, and subject 1744 to the license terms contained in, the Simplified BSD License 1745 set forth in Section 4.c of the IETF Trust's Legal Provisions 1746 Relating to IETF Documents 1747 (http://trustee.ietf.org/license-info). 1749 This version of this YANG module is part of RFC XXXX; see 1750 the RFC itself for full legal notices."; 1752 revision 2017-10-17 { 1753 description "Align with NMDA"; 1754 reference "-05"; 1755 } 1757 revision 2015-08-05 { 1758 description "Changes xxxx."; 1759 reference "xxxx"; 1761 } 1763 augment "/pcp-client:pcp-client/pcp-client:instances/pcp-client:instance/pcp-client:option-configuration" { 1764 description 1765 "Augment the PCP client module with proxy 1766 specific parameters: instruct the behavior 1767 with regards to unknown options."; 1769 leaf relay-mandatory-unknown-option { 1770 type boolean; 1772 description 1773 "The proxy can be instructed to relay or 1774 to reject mandatory unknown options."; 1775 } 1777 leaf relay-optionnal-unknown-option { 1778 type boolean; 1780 description 1781 "The proxy can be instructed to relay or 1782 to reject optional unknown options."; 1783 } 1784 } 1786 augment "/pcp-client:pcp-client/pcp-client:instances/pcp-client:instance" { 1787 description 1788 "Instruct the proxy to terminate recusion."; 1790 leaf terminate-proxy-recursion { 1791 type boolean; 1793 description 1794 "The proxy can be instructed to terminate 1795 proxy recursion."; 1796 } 1797 } 1799 augment "/pcp-client:pcp-client/pcp-client:instances/pcp-client:instance/pcp-client:mapping-table/pcp-client:mapping-entry" { 1800 description 1801 "Augment the local mapping table with locally 1802 assigned parameters."; 1804 leaf local-assigned-ip-address { 1805 type inet:ipv6-prefix; 1806 description 1807 "If the local PCP-controlled function 1808 alters the source IP address, this 1809 information must be stored."; 1810 } 1812 container local-assigned-port { 1813 description 1814 "If the local PCP-controlled function 1815 alters the source port, this 1816 information must be stored."; 1818 uses pcp:port-number; 1819 } 1820 } 1821 } 1823 1825 3.5. PCP Server 1827 file "ietf-pcp-server@2017-10-17.yang" 1828 module ietf-pcp-server { 1829 yang-version 1.1; 1831 namespace "urn:ietf:params:xml:ns:yang:ietf-pcp-server"; 1832 prefix pcp-server; 1834 import ietf-inet-types { prefix inet; } 1835 import ietf-yang-types { prefix yang; } 1836 import ietf-pcp { prefix pcp; } 1838 organization "xxxx Working Group"; 1839 contact 1840 "Mohamed Boucadair 1841 Christian Jacquenet "; 1843 description 1844 "This module contains a collection of YANG definitions for 1845 PCP server implementations. 1847 Copyright (c) 2017 IETF Trust and the persons identified as 1848 authors of the code. All rights reserved. 1850 Redistribution and use in source and binary forms, with or 1851 without modification, is permitted pursuant to, and subject 1852 to the license terms contained in, the Simplified BSD License 1853 set forth in Section 4.c of the IETF Trust's Legal Provisions 1854 Relating to IETF Documents 1855 (http://trustee.ietf.org/license-info). 1857 This version of this YANG module is part of RFC XXXX; see 1858 the RFC itself for full legal notices."; 1860 revision 2017-10-17 { 1861 description "Align with NMDA"; 1862 reference "-05"; 1863 } 1865 revision 2015-08-05 { 1866 description "Changes xxxx."; 1867 reference "xxxx"; 1868 } 1870 // Typedef 1872 typedef percent { 1873 type uint8 { 1874 range "0 .. 100"; 1875 } 1876 description 1877 "Percentage"; 1878 } 1880 /* 1881 * Grouping 1882 */ 1884 // Port set option 1886 grouping port-set-option { 1887 description 1888 "PORT_SET option."; 1890 leaf port-set-enable { 1891 type boolean; 1892 description 1893 "Enable/disable PORT_SET option."; 1894 } 1896 leaf default-port-set-size { 1897 type uint16; 1898 description 1899 "Indicates the default size of a port set."; 1901 } 1903 leaf maximum-port-set-size { 1904 type uint16; 1905 description 1906 "Indicates the maximum size of a port set."; 1907 } 1908 } 1910 // Prefix64 port set 1912 grouping prefix64-option { 1913 description 1914 "PREFIX64 option as defined in [RFC7225]."; 1916 leaf prefix64-option-enable { 1917 type boolean; 1918 description 1919 "Indicates whether the option is enabled/disabled."; 1920 } 1922 list prefix64 { 1923 key "prefix64-id"; 1924 description 1925 "maintains a list of Prefix64s."; 1927 leaf prefix64-id { 1928 type uint32; 1929 description 1930 "An identifier of a Prefix64."; 1931 } 1933 leaf prefix64 { 1934 type inet:ipv6-prefix; 1935 description 1936 "A Prefix64"; 1937 } 1939 leaf suffix { 1940 type yang:hex-string; 1941 description 1942 "The suffix is used for constructing an 1943 IPv4-converted IPv6 address from an IPv4 address as 1944 specified in Section 2.2 of [RFC6052]. No suffix is 1945 included if a /96 Prefix64 is used."; 1946 } 1948 list dest-ipv4-prefix { 1949 key "ipv4-prefix-id"; 1950 description 1951 "used to solve the destination-dependent 1952 Pref64::/n discovery problem discussed in 1953 Section 5.1 of [RFC7050]."; 1955 leaf ipv4-prefix-id { 1956 type uint32; 1957 description 1958 "An identifier of a destination IPv4 prefix"; 1959 } 1961 leaf ipv4-prefix { 1962 type inet:ipv4-prefix; 1963 description 1964 "an IPv4 prefix."; 1965 } 1966 } 1967 } 1968 } 1970 //option list: server side 1972 grouping option-server { 1973 description 1974 "Used for option-related operations 1975 at the server's side."; 1977 leaf third-party { 1978 type boolean; 1979 description 1980 "enable/disable THIRD_PARTY option."; 1981 } 1983 leaf prefer-failure { 1984 type boolean; 1985 description 1986 "enable/disable PREFER_FAILURE option."; 1987 } 1989 container filter { 1990 description 1991 "enable/disable FILTER option."; 1993 uses pcp:filter-option; 1994 } 1996 container port-set-option { 1997 description 1998 "enable/disable PORT_SET option."; 2000 uses pcp:port-set-option; 2001 } 2003 container description { 2004 description 2005 "enable/disable DESCRIPTION option."; 2006 uses pcp:description-option; 2007 } 2009 container prefix64-option { 2010 description 2011 "enable/disable PREFIX64 option."; 2012 uses prefix64-option; 2013 } 2014 } 2016 /* 2017 * PCP Server Instances 2018 */ 2020 container pcp-serve { 2021 description 2022 "PCP server"; 2024 leaf enable { 2025 type boolean; 2026 description 2027 "Enable/Disable PCP server function."; 2028 } 2030 container instances { 2031 description 2032 "PCP server instances"; 2034 list instance { 2035 key "id"; 2036 description 2037 "a PCP server instance."; 2039 leaf id { 2040 type uint32; 2041 description 2042 "PCP server instance identifier."; 2043 } 2044 leaf name { 2045 type string; 2046 description 2047 "A name associated with the PCP server instance"; 2048 } 2050 container capabilities { 2051 description 2052 "Capabilities"; 2054 list supported-version { 2055 key version; 2056 description 2057 "List of supported PCP versions."; 2059 uses pcp:pcp-version; 2060 } 2062 leaf preferred-version { 2063 type uint8; 2064 description 2065 "List of preferred version. 2066 Mainly used for unsolicited messages."; 2067 } 2069 leaf authentication-support { 2070 type boolean; 2071 description 2072 "Status of the support of PCP authentication"; 2073 } 2075 container opcode-capability { 2076 description 2077 "Opcode-related capabilities"; 2078 uses pcp:opcode; 2079 } 2081 container option-capability { 2082 description 2083 "Option-related capabilities"; 2085 uses pcp:option; 2086 } 2088 leaf port-randomization-support { 2089 type boolean; 2090 description 2091 "Indicates whether port randomization is 2092 supported."; 2093 } 2095 leaf port-preservation-suport { 2096 type boolean; 2097 description 2098 "Indicates whether port preservation 2099 is supported."; 2100 } 2102 leaf port-parity-preservation-support { 2103 type boolean; 2104 description 2105 "Indicates whether port parity preservation is 2106 supported."; 2107 } 2109 list protocol-capabilities { 2110 key "protocol-id"; 2111 description 2112 "A set of supported transported protocols"; 2114 leaf protocol-id { 2115 type uint8; 2116 description 2117 "transport protocol"; 2118 } 2119 } 2121 container pcp-controlled-function-capability { 2122 description 2123 "list of controlled functions."; 2125 uses pcp:pcp-controlled-function; 2126 } 2127 } 2129 list version { 2130 key version; 2131 description 2132 "Indicates the PCP version(s) supported by the 2133 PCP server. 2134 Current supported versions are 0, 1, and 2."; 2136 uses pcp:pcp-version; 2137 } 2138 list pcp-server-ip-address { 2140 key address-id; 2142 description 2143 "set one or multiple IP addresses for 2144 the PCP server"; 2146 leaf address-id { 2147 type uint32; 2148 description 2149 "The identifier of the address"; 2150 } 2152 leaf ip-address { 2153 type inet:ipv6-address; 2154 description 2155 "IP (v4/v6) address of the PCP server"; 2156 } 2157 } 2159 leaf authentication-enable { 2160 type boolean; 2161 description 2162 "Enable/disable PCP authentication"; 2163 } 2165 container opcode-configuration { 2166 description 2167 "Opcode-related configuration"; 2169 uses pcp:opcode; 2170 } 2172 container option-configuration { 2173 description 2174 "Option-related configuration"; 2176 uses option-server; 2177 } 2179 leaf port-randomization-enable { 2180 type boolean; 2181 description 2182 "Enable/disable port randomization 2183 feature."; 2184 } 2185 leaf port-preservation-enable { 2186 type boolean; 2187 description 2188 "Indicates whether the PCP server should 2189 preserve the internal port number."; 2190 } 2192 leaf port-parity-preservation-enable { 2193 type boolean; 2194 description 2195 "Indicates whether the PCP server should 2196 preserve the port parity of the 2197 internal port number."; 2198 } 2200 leaf nonce-validation-checks-enable { 2201 type boolean; 2202 description 2203 "Indicates whether the PCP server has to 2204 disable/enable Nonce validation checks."; 2205 } 2207 leaf subscriber-mask { 2208 type uint8 { 2209 range "0 .. 128"; 2210 } 2211 description 2212 "The subscriber-mask is an integer that indicates 2213 the length of significant bits to be applied on 2214 the source IPv6 address (internal side) to 2215 identify unambiguously a CPE. 2217 Subscriber-mask is a system-wide configuration 2218 parameter that is used to enforce generic per-subscriber 2219 policies (e.g., port-quota). 2221 Applying these generic policies does not require 2222 configuring every subscriber's prefix. 2224 Example: suppose the 2001:db8:100:100::/56 prefix is 2225 assigned to a DS-Lite enabled CPE. Suppose also that the 2226 2001:db8:100:100::1 is the IPv6 address used by the 2227 client that resides in that CPE. When the server 2228 receives a packet from this client, 2229 the server applies the subscriber-mask (e.g., 56) on 2230 the source IPv6 address to compute the associated prefix 2231 for this client (that is 2001:db8:100:100::/56). Then, 2232 the server enforces policies based on that prefix 2233 (2001:db8:100:100::/56), not on the exact 2234 source IPv6 address."; 2235 } 2237 leaf port-quota { 2238 type uint16; 2239 description 2240 "configure a port quota to be assigned per 2241 PCP client/subscriber."; 2242 } 2244 list exclude-ports { 2245 key "id"; 2246 description 2247 "The set of ports not to be assigned 2248 by the server."; 2250 leaf id { 2251 type uint16; 2252 description 2253 "An identifier"; 2254 } 2256 uses pcp:port-number; 2257 } 2259 list protocol { 2260 key "protocol-id"; 2261 description 2262 "set of protocols supported by 2263 the PCP-controlled function."; 2265 leaf protocol-id { 2266 type uint8; 2267 description 2268 "identifier of the protocol"; 2269 } 2270 } 2272 leaf epoch-set { 2273 type uint32; 2274 description 2275 "Set the Epoch parameter."; 2276 } 2278 container lifetime { 2279 description 2280 "Configure values for the lifetime to be 2281 assigned to requesting PCP clients. 2283 The client requests a certain lifetime, and the server 2284 responds with the assigned lifetime. 2286 The server may grant a lifetime smaller or larger than 2287 the requested lifetime. 2289 The minimum value should be 120 seconds. 2291 The maximum value should be the remaining 2292 lifetime of the IP address assigned to 2293 the PCP client if that information is available, 2294 or half the lifetime of IP address 2295 assignments, or 24 hours. 2297 Excessively long lifetimes can cause consumption 2298 of ports even if the internal host is no longer 2299 interested in receiving the traffic or is no 2300 longer connected to the network. 2301 (Section 15 [RFC6877]."; 2303 leaf minimum-lifetime { 2304 type uint32; 2305 default 120; 2306 description 2307 "Minimum lifetime."; 2308 } 2310 leaf maximum-lifetime { 2311 type uint32; 2312 default 86400; 2313 description 2314 "Maximum lifetime."; 2315 } 2316 } 2318 container error-lifetime { 2319 description 2320 "Configure values for the error lifetime to be 2321 returned to requesting PCP clients."; 2323 leaf minimum-error-lifetime { 2324 type uint32; 2325 default 30; 2326 description 2327 "Minimum error lifetime, in seconds. 2329 [RFC6877] recommends that short lifetime 2330 errors use a 30-second lifetime."; 2331 } 2333 leaf maximum-error-lifetime { 2334 type uint32; 2335 default 1800; 2336 description 2337 "Maximum error lifetime, in seconds. 2339 [RFC6877] recommends that long lifetime 2340 errors use a 30-minute lifetime."; 2341 } 2342 } 2344 container mapping-table { 2345 description 2346 "PCP mapping table as maintained by 2347 the PCP server"; 2349 list mapping-entry { 2350 key "index"; 2351 description 2352 "PCP mapping entry"; 2353 uses pcp:mapping-entry; 2354 } 2355 } 2357 container traffic-statistics { 2359 description 2360 "traffic statistics"; 2362 uses pcp:traffic-stat; 2364 container mapping-table { 2365 description 2366 "mapping table statistics"; 2368 uses pcp:mapping-table-stats; 2369 } 2371 leaf port-in-use { 2372 type percent; 2373 description 2374 "ratio of the port usage."; 2375 } 2377 } 2378 } 2379 } 2380 } 2381 } 2383 2385 4. Security Considerations 2387 The YANG module defined in this memo is designed to be accessed via 2388 the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the 2389 secure transport layer and the support of SSH is mandatory to 2390 implement secure transport [RFC6242]. The NETCONF access control 2391 model [RFC6536] provides means to restrict access for particular 2392 NETCONF users to a pre-configured subset of all available NETCONF 2393 protocol operations and contents. 2395 There is a number of data nodes defined in the YANG module which can, 2396 be created, modified and deleted (i.e., config true, which is the 2397 default). These data nodes may be considered sensitive or vulnerable 2398 in some network environments. Write operations (e.g., edit-config) 2399 applied to these data nodes without proper protection can negatively 2400 affect network operations. In particular, configuring a fake PCP 2401 server may ve used to redirect the traffic from a PCP client to an 2402 illegitimate server. 2404 5. IANA Considerations 2406 This document requests IANA to register the following URIs in the 2407 "IETF XML Registry" [RFC3688]: 2409 URI: urn:ietf:params:xml:ns:yang:ietf-pcp 2410 Registrant Contact: The IESG. 2411 XML: N/A; the requested URI is an XML namespace. 2413 URI: urn:ietf:params:xml:ns:yang:ietf-pcp-client 2414 Registrant Contact: The IESG. 2415 XML: N/A; the requested URI is an XML namespace. 2417 URI: urn:ietf:params:xml:ns:yang:ietf-pcp-iwf 2418 Registrant Contact: The IESG. 2419 XML: N/A; the requested URI is an XML namespace. 2421 URI: urn:ietf:params:xml:ns:yang:ietf-pcp-proxy 2422 Registrant Contact: The IESG. 2423 XML: N/A; the requested URI is an XML namespace. 2425 URI: urn:ietf:params:xml:ns:yang:ietf-pcp-server 2426 Registrant Contact: The IESG. 2427 XML: N/A; the requested URI is an XML namespace. 2429 This document requests IANA to register the following YANG modules in 2430 the "YANG Module Names" registry [RFC7950]. 2432 name: ietf-pcp 2433 namespace: urn:ietf:params:xml:ns:yang:ietf-pcp 2434 prefix: pcp 2435 reference: RFC XXXX 2437 name: ietf-pcp-client 2438 namespace: urn:ietf:params:xml:ns:yang:ietf-pcp-client 2439 prefix: pcp-client 2440 reference: RFC XXXX 2442 name: ietf-pcp-iwf 2443 namespace: urn:ietf:params:xml:ns:yang:ietf-pcp-iwf 2444 prefix: pcp-iwf 2445 reference: RFC XXXX 2447 name: ietf-pcp-proxy 2448 namespace: urn:ietf:params:xml:ns:yang:ietf-pcp-proxy 2449 prefix: pcp-proxy 2450 reference: RFC XXXX 2452 name: ietf-pcp-server 2453 namespace: urn:ietf:params:xml:ns:yang:ietf-pcp-server 2454 prefix: pcp-server 2455 reference: RFC XXXX 2457 6. References 2459 6.1. Normative references 2461 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2462 Requirement Levels", BCP 14, RFC 2119, 2463 DOI 10.17487/RFC2119, March 1997, 2464 . 2466 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2467 DOI 10.17487/RFC3688, January 2004, 2468 . 2470 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2471 and A. Bierman, Ed., "Network Configuration Protocol 2472 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2473 . 2475 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2476 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2477 . 2479 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 2480 Protocol (NETCONF) Access Control Model", RFC 6536, 2481 DOI 10.17487/RFC6536, March 2012, 2482 . 2484 [RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and 2485 P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, 2486 DOI 10.17487/RFC6887, April 2013, 2487 . 2489 [RFC6970] Boucadair, M., Penno, R., and D. Wing, "Universal Plug and 2490 Play (UPnP) Internet Gateway Device - Port Control 2491 Protocol Interworking Function (IGD-PCP IWF)", RFC 6970, 2492 DOI 10.17487/RFC6970, July 2013, 2493 . 2495 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2496 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2497 . 2499 [RFC7220] Boucadair, M., Penno, R., and D. Wing, "Description Option 2500 for the Port Control Protocol (PCP)", RFC 7220, 2501 DOI 10.17487/RFC7220, May 2014, 2502 . 2504 [RFC7225] Boucadair, M., "Discovering NAT64 IPv6 Prefixes Using the 2505 Port Control Protocol (PCP)", RFC 7225, 2506 DOI 10.17487/RFC7225, May 2014, 2507 . 2509 [RFC7291] Boucadair, M., Penno, R., and D. Wing, "DHCP Options for 2510 the Port Control Protocol (PCP)", RFC 7291, 2511 DOI 10.17487/RFC7291, July 2014, 2512 . 2514 [RFC7488] Boucadair, M., Penno, R., Wing, D., Patil, P., and T. 2515 Reddy, "Port Control Protocol (PCP) Server Selection", 2516 RFC 7488, DOI 10.17487/RFC7488, March 2015, 2517 . 2519 [RFC7648] Perreault, S., Boucadair, M., Penno, R., Wing, D., and S. 2520 Cheshire, "Port Control Protocol (PCP) Proxy Function", 2521 RFC 7648, DOI 10.17487/RFC7648, September 2015, 2522 . 2524 [RFC7652] Cullen, M., Hartman, S., Zhang, D., and T. Reddy, "Port 2525 Control Protocol (PCP) Authentication Mechanism", 2526 RFC 7652, DOI 10.17487/RFC7652, September 2015, 2527 . 2529 [RFC7753] Sun, Q., Boucadair, M., Sivakumar, S., Zhou, C., Tsou, T., 2530 and S. Perreault, "Port Control Protocol (PCP) Extension 2531 for Port-Set Allocation", RFC 7753, DOI 10.17487/RFC7753, 2532 February 2016, . 2534 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2535 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2536 . 2538 6.2. Informative references 2540 [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG 2541 Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, 2542 January 2011, . 2544 Authors' Addresses 2546 Mohamed Boucadair 2547 Orange 2548 Rennes 35000 2549 France 2551 EMail: mohamed.boucadair@orange.com 2552 Christian Jacquenet 2553 Orange 2554 Rennes 35000 2555 France 2557 EMail: christian.jacquenet@orange.com 2559 Senthil Sivakumar 2560 Cisco Systems 2561 7100-8 Kit Creek Road 2562 Research Triangle Park, North Carolina 27709 2563 USA 2565 Phone: +1 919 392 5158 2566 EMail: ssenthil@cisco.com 2568 Suresh Vinapamula 2569 Juniper Networks 2570 1194 North Mathilda Avenue 2571 Sunnyvale, CA 94089 2572 USA 2574 Phone: +1 408 936 5441 2575 EMail: sureshk@juniper.net