idnits 2.17.1 draft-ietf-i2rs-pkt-eca-data-model-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 414 has weird spacing: '... +--rw ecq-q...' == Line 425 has weird spacing: '...ext-hop rib-n...' == Line 470 has weird spacing: '...dentity match...' -- The document date (March 13, 2017) is 2601 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-15) exists of draft-ietf-i2rs-rib-data-model-07 == Outdated reference: A later version (-17) exists of draft-ietf-i2rs-rib-info-model-10 == Outdated reference: A later version (-21) exists of draft-ietf-netmod-acl-model-10 == Outdated reference: A later version (-10) exists of draft-ietf-netmod-revised-datastores-00 == Outdated reference: A later version (-04) exists of draft-ietf-supa-generic-policy-data-model-02 == Outdated reference: A later version (-03) exists of draft-ietf-supa-generic-policy-info-model-02 Summary: 0 errors (**), 0 flaws (~~), 10 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 I2RS working group S. Hares 3 Internet-Draft L. Dunbar 4 Intended status: Standards Track Huawei 5 Expires: September 14, 2017 R. White 6 Ericsson 7 March 13, 2017 9 Filter-Based Packet Forwarding ECA Policy 10 draft-ietf-i2rs-pkt-eca-data-model-03.txt 12 Abstract 14 This document describes the yang data model for packet forwarding 15 policy that filters received packets and forwards (or drops) the 16 packets. Filters for Layer 2, Layer 3, Layer 4, and packet-arrival 17 time are linked together to support filtering for the routing layer. 18 Prior to forwarding the packets out other interfaces, some of the 19 fields in the packets may be modified. (If one considers the packet 20 reception an event, this packet policy is a minimalistic Event-Match 21 Condition-Action policy.) This policy controls forwarding of packets 22 received by a routing device on one or more interfaces on which this 23 policy is enabled. 25 This data model may be used in either the configuration datastore, 26 control plane datastores, or the I2RS ephemeral control plane 27 datastore. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at http://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on September 14, 2017. 46 Copyright Notice 48 Copyright (c) 2017 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 64 1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 4 65 2. Generic Route Filters/Policy Overview . . . . . . . . . . . . 4 66 3. BNP Rule Groups . . . . . . . . . . . . . . . . . . . . . . . 5 67 4. BNP Generic Info Model in High Level Yang . . . . . . . . . . 7 68 5. i2rs-eca-policy Yang module . . . . . . . . . . . . . . . . . 10 69 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 70 7. Security Considerations . . . . . . . . . . . . . . . . . . . 37 71 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 38 72 8.1. Normative References . . . . . . . . . . . . . . . . . . 38 73 8.2. Informative References . . . . . . . . . . . . . . . . . 38 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 76 1. Introduction 78 This document describes the yang data model for packet forwarding 79 policy that filters received packets and forwards (or drops) the 80 packets. Prior to forwarding the packets out other interfaces, some 81 of the fields in the packets may be modified. Filters for Layer 2, 82 Layer 3, Layer-4 and packet arrival time are linked together to 83 support filtering for the routing layer. 85 If one considers the reception of a packet as an event, this 86 minimalistic Event-Match Condition-Action policy. Full event-match- 87 condition policy can be found at 88 [I-D.ietf-supa-generic-policy-data-model] (or the information model 89 at [I-D.ietf-supa-generic-policy-info-model]). This document will 90 use the term packet-only ECA policy for this model utilizing the term 91 "packet" in this fashion. 93 ACL data models [I-D.ietf-netmod-acl-model] can also provide a 94 minimal set of filtering for packet-eca by compiling a large group of 95 filters. However, this data model also provides the L2-L4 filters 96 plus a concept of grouping and policy rules. The pkt-eca structure 97 helps create users with structures with more substantial policy for 98 security or data flow direction. 100 This packet-only ECA policy data model supports an ordered list of 101 ECA policy rules 103 o packet headers for layer 2 to layer 4, 105 o interfaces the packet was received on, 107 o time packet was received, and 109 o size of packet. 111 The actions include packet modify actions and forwarding options. 112 The modify options allow for the following: 114 o setting fields in the packet header at Layer 2 (L2) to Layer 4 115 (L4), and 117 o encapsulation and decapsulation the packet. 119 The forwardinng actions allow forwardsing the packet via interfaces, 120 tunnels, next-hops, or dropping the packet. setting things within 121 the packet at Layer 2 (L2) to layer 4 (L4). 123 This packet policy draft has been developed as a set of protocol 124 independent policy It may be used for the configuration datastore, a 125 control plane datastore, or an I2RS ephemeral control plane datastore 126 [RFC7921]. For more information configuration and control plane 127 datastores please see [I-D.ietf-netmod-revised-datastores]. This 128 yang model may be transmitted over NETCONF [RFC6241] or RESTCONF 129 [RFC8040]. For use with the control plane datastores and ephemeral 130 control plane datastores, additional capabilities support control 131 plane daatastores will need to be added to the base NETCONF and 132 RESTCONF to support these datastores. 134 This yang data model depends on the the I2RS RIB 135 [I-D.ietf-i2rs-rib-data-model] which can be deployed in an 136 configuration datastore, a control plane datastore, or the I2RS 137 ephemeral control plane datastore. )for informational module see 138 [I-D.ietf-i2rs-rib-info-model]. The update of RIB entries via the 139 rpc features allows datastore validation differences to be handled in 140 the rpc code. 142 The first section of this draft contains an overview of the policy 143 structure. The second provides a high-level yang module. The third 144 contains the yang module. 146 1.1. Definitions and Acronyms 148 INSTANCE: Routing Code often has the ability to spin up multiple 149 copies of itself into virtual machines. Each Routing code 150 instance or each protocol instance is denoted as Foo_INSTANCE in 151 the text below. 153 NETCONF: The Network Configuration Protocol 155 PCIM - Policy Core Information Model 157 RESTconf - http programmatic protocol to access yang modules 159 2. Generic Route Filters/Policy Overview 161 This generic policy model represents filter or routing policies as 162 rules and groups of rules. 164 The basic concept are: 166 Rule Group 168 A rule group is is an ordered set of rules . 170 Rule 172 A Rule is represented by the semantics "If Condition then Action". 173 A Rule may have a priority assigned to it. 175 +-----------+ +------------+ 176 |Rule Group | | Rule Group | 177 +-----------+ +------------+ 178 ^ ^ 179 | | 180 | | 181 +--------^-------+ +-------^-------+ 182 | Rule | | Rule | 183 +----------------+ +---------------+ 184 : : 185 : : 186 ......: :..... 187 : : 188 +---------V---------+ +-V-------------+ 189 | Rule Condition | | Rule Action | 190 +-------------------+ +---------------+ 191 : : : : : : 192 .....: . :..... .....: . :..... 193 : : : : : : 194 +----V---+ +---V----+ +--V---+ +-V------++--V-----++--V---+ 195 | Match | | match | |match | | Action || action ||action| 196 |Operator| |Variable| |Value | |Operator||Variable|| Value| 197 +--------+ +--------+ +------+ +--------++--------++------+ 199 Figure 1: ECA rule structure 201 3. BNP Rule Groups 203 The pkt ECA policy is an order set of pkt-ECA policy rules. The 204 rules assume the event is the reception of a packet on the machine on 205 a set of interfaces. This policy is associated with a set of 206 interfaces on a routing device (physical or virtual). 208 A Rule group allows for the easy combination of rules for management 209 stations or users. A Rule group has the following elements: 211 o name that identifies the grouping of policy rules 213 o module reference - reference to a yang module(s) in the yang 214 module library that this group of policy writes policy to 216 o list of rules 218 Rule groups may have multiple policy groups at specific orders. For 219 example, policy gorup 1 could have three policy rules at rule order 1 220 and four policy rules at rule order 5. 222 The rule has the following elements: name, order, status, priority, 223 reference cnt, and match condition, and action as shown as shown in 224 figure 2. The order indicates the order of the rule within the the 225 complete list. The status of the rule is (active, inactive). The 226 priority is the priority within a specific order of policy/filter 227 rules. A reference count (refcnt) indicates the number of entities 228 (E.g. network modules) using this policy. The generic rule match- 229 action conditions have match operator, a match variable and a match 230 value. The rule actions have an action operator, action variable, 231 and an action value. 233 Rules can exist with the same rule order and same priority. Rules 234 with the same rule order and same priority are not guaranteed to be 235 at any specific ordering. The order number and priority have 236 sufficient depth that administrators who wish order can specify it. 238 Figure 2 - Rule Group 239 +--------------------------------------+ 240 | Rule Group | 241 +--------------------------------------+ 242 * * * 243 | | | 244 | | | 245 | | | 246 +------+ +-------------------+ 247 | Name | | Rule_list | 248 | | | | 249 +------+ +------|------------+ 250 +----------------|-----------------------------+ 251 | rule | 252 |-|------|----------|-----------|------------|-+ 253 | | | | | 254 +---|--+ +-|----+ +---|-------+ +-|------+ +-------+ 255 | Name | |rule | | ECA | |rule | |ref-cnt| 256 +------+ |order | | match | |priority| +-------+ 257 |number| |qos-actions| +--------+ 258 +------+ |fwd-actions| 259 +-----------+ 261 The generic match conditions are specific to a particular layer are 262 refined by matches to a specific layer (as figure 3 shows), and 263 figure 5's high-level yang defines. The general actions may be 264 generic actions that are specific to a particular layer (L2, L3, or 265 L4) or time of day or packet size. The qos actions can be setting 266 fields in the packet at any layer (L2-l4) or encapsulating or 267 decapsulating the packet at a layer. The fwd-actions are forwarding 268 functions that forward on an interface or to a next-hop. The rule 269 status is the operational status per rule. 271 Figure 3 272 +-------------+ 273 | Match | 274 | Condition | 275 +-------|-----+ 276 | 277 +-------------+-|-----------+-----------+ 278 | | | | 279 V V V V 280 ............ ............ ............ ........... 281 : interface: : L2 : : L3 : : L4 : . . . 282 : match : : match : : match : : match : 283 '''''''''''' '''''''''''' '''''''''''' ''''''''''' 285 4. BNP Generic Info Model in High Level Yang 287 Below is the high level inclusion 289 Figure 5 290 module:pkt-eca-policy 291 import ietf-inet-types {prefix "inet"} 292 import ietf-interface {prefix "if"} 293 import ietf-i2rs-rib {prefix "iir"} 295 import ietf-interfaces { 296 prefix "if"; 297 } 298 import ietf-inet-types { 299 prefix inet; 300 //rfc6991 301 } 303 Below is the high level yang diagram 305 module ietf-pkt-eca-policy 306 +--rw pkt-eca-policy-cfg 307 | +--rw pkt-eca-policy-set 308 | +--rw groups* [group-name] 309 | | +--rw group-name string 310 | | +--rw vrf-name string 311 | | +--rw address-family 312 | | +--rw group-rule-list* [rule-name] 313 | | | +--rw rule-name 314 | | | +--rw rule-order-id 315 | | | +--rw default-action-id integer 316 | | | +--rw default-resolution-strategy-id integer 317 | +--rw rules* [order-id rule-name] 318 | +--rw order-id 319 | +--rw rule-name 320 | +--rw cfg-rule-conditions [cfgr-cnd-id] 321 | | +--rw cfgr-cnd-id integer 322 | | +--rw eca-event-match 323 | | | +--rw time-event-match* 324 | | | | .. (time of day) 325 | | +--rw eca-condition-match 326 | | | +--rw eca-pkt-matches* 327 | | | | ... (L2-L4 matches) 328 | +--rw cfg-rule-actions [cfgr-action-id] 329 | | +--rw cfgr-action-id 330 | | +--rw eca-actions* [action-id] 331 | | | +--rw action-id uint32 332 | | | +--rw eca-ingress-act* 333 | | | | ... (permit, deny, mirror) 334 | | | +--rw eca-fwd-actions* 335 | | | | ... (invoke, tunnel encap, fwd) 336 | | | +--rw eca-egress-act* 337 | | | | .. . 338 | | | +--rw eca-qos-actions* 339 | | | | ... 340 | | | +--rw ext-data-id integer 341 | +--rw cfg-external-data* [cfg-ext-data-id] 342 | | +--rw cfg-ext-data-id integer 343 | | +--rw data-type integer 344 | | +--rw priority uint64 345 | | | uses external-data-forms 346 | | ... (other external data) 347 +--rw pkt-eca-policy-opstate 348 +--rw pkt-eca-opstate 349 +--rw groups* [group-name] 350 | +--rw rules-installed; 351 | +--rw rules_status* [rule-name] 352 | +--rw strategy-used [strategy-id] 353 | +--rw 354 +--rw rule-group-link* [rule-name] 355 | +--rw group-name 356 +--rw rules_opstate* [rule-order rule-name] 357 | +--rw status 358 | +--rw rule-inactive-reason 359 | +--rw rule-install-reason 360 | +--rw rule-installer 361 | +--rw refcnt 362 +--rw rules_op-stats* [rule-order rule-name] 363 | +--rw pkts-matched 364 | +--rw pkts-modified 365 | +--rw pkts-forward 366 +--rw op-external-data [op-ext-data-id] 367 | +--rw op-ext-data-id integer 368 | +--rw type identityref 369 | +--rw installed-priority integer 370 | | (other details on external data ) 372 The three levels of policy are expressed as: 374 Config Policy definitions 375 ======================================= 376 Policy level: pkt-eca-policy-set 377 group level: pkt-eca-policy-set:groups 378 rule level: pkt-eca-policy-set:rules 379 external id: pkt-eca-policy-set:cfg-external-data 381 Operational State for Policy 382 ======================================= 383 Policy level: pkt-eca-policy-opstate 384 group level: pkt-eca-opstate:groups 385 group-rule: pkt-eca-opstate:rule-group-link* 386 rule level: pkt-eca_opstate:rules_opstate* 387 pkt-eca_op-stats 389 figure 391 The filter matches struture is shown below 392 module:i2rs-pkt-eca-policy 393 +--rw pkt-eca-policy-cfg 394 | +--rw pkt-eca-policy-set 395 | +--rw groups* [group-name] 396 | | ... 397 | +--rw rules [order-id rule-name] 398 | +--rw eca-matches 399 | | | +--case: interface-match 400 | | | +--case: L2-header-match 401 | | | +--case: L3-header-match 402 | | | +--case: L4-header-match 403 | | | +--case: packet-size 404 | | | +--case: time-of-day 406 module:i2rs-pkt-eca-policy 407 +--rw pkt-eca-policy-cfg 408 | +--rw pkt-eca-policy-set 409 | +--rw groups* [group-name] 410 | | ... 411 | +--rw rules* [order-id rule-name] 412 | +--rw eca-matches 413 | | . . . 414 | +--rw ecq-qos-actions 415 | | +--rw cnt-actions 416 | | +--rw mod-actions 417 | | | +--case interface-actions 418 | | | +--case L2-action 419 | | | +--case L3-action 420 | | | +--case L4-action 421 | +--rw eca-fwd-actions 422 | | +--rw num-fwd-actions 423 | | +--rw fwd-actions 424 | | | +--rw interface interface-ref 425 | | | +--rw next-hop rib-nexthop-ref 426 | | | +--rw route-attributes 427 | | | +--rw rib-route-attributes-ref 428 | | | +--rw fb-std-drop 430 5. i2rs-eca-policy Yang module 432 file "ietf-pkt-eca-policy@2017-03-13.yang" 433 module ietf-pkt-eca-policy { 434 namespace "urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy"; 435 // replace with iana namespace when assigned 436 prefix "pkt-eca-policy"; 437 import ietf-routing { 438 prefix "rt"; 439 } 440 import ietf-interfaces { 441 prefix "if"; 442 } 443 import ietf-inet-types { 444 prefix inet; 445 //rfc6991 446 } 448 import ietf-i2rs-rib { 449 prefix "iir"; 450 } 452 // meta 453 organization "IETF I2RS WG"; 455 contact 456 "email: shares@ndzh.com 457 email: russ.white@riw.com 458 email: linda.dunbar@huawei.com 459 email: bill.wu@huawei.com"; 461 description 462 "This module describes a basic network policy 463 model with filter per layer."; 465 revision "2017-03-13" { 466 description "third revision"; 467 reference "draft-ietf-i2rs-pkt-eca-policy-dm-03"; 468 } 470 // interfaces - no identity matches 472 // L2 header match identities 473 identity l2-header-match-type { 474 description 475 " l2 header type for match "; 476 } 478 identity l2-802-1Q { 479 base l2-header-match-type; 480 description 481 " l2 header type for 802.1Q match "; 482 } 483 identity l2-802-11 { 484 base l2-header-match-type; 485 description 486 " l2 header type for 802.11 match "; 487 } 489 identity l2-802-15 { 490 base l2-header-match-type; 491 description 492 " l2 header type for 802.15 match "; 493 } 495 identity l2-NVGRE { 496 base l2-header-match-type; 497 description 498 " l2 header type for NVGRE match "; 499 } 500 identity l2-mpls { 501 base l2-header-match-type; 502 description 503 " l2 header type for MPLS match "; 504 } 506 identity l2-VXLAN { 507 base l2-header-match-type; 508 description 509 " l2 header type for VXLAN match "; 510 } 512 // L3 header match identities 513 identity l3-header-match-type { 514 description 515 " l3 header type for match "; 516 } 518 identity l3-ipv4-hdr { 519 base l3-header-match-type; 520 description 521 " l3 header type for IPv4 match "; 522 } 524 identity l3-ipv6-hdr { 525 base l3-header-match-type; 526 description 527 " l3 header type for IPv6 match "; 528 } 529 identity l3-gre-tunnel { 530 base l3-header-match-type; 531 description "l3 header r 532 type for GRE tunnel match "; 533 } 535 identity l3-icmp-header { 536 base l3-header-match-type; 537 description "L3 header match for ICMP"; 538 } 540 identity l3-ipsec-ah-header { 541 base l3-header-match-type; 542 description "AH IPSEC header "; 543 } 545 identity l3-ipsec-esp-header { 546 base l3-header-match-type; 547 description "AH IPSEC header "; 548 } 550 // L4 header match identities 552 identity l4-header-match-type { 553 description "L4 header 554 match types. (TCP, UDP, 555 SCTP, UDPLite, etc. )"; 556 } 558 identity l4-tcp-header { 559 base l4-header-match-type; 560 description "L4 header for TCP"; 561 } 563 identity l4-udp-header { 564 base l4-header-match-type; 565 description "L4 header match for UDP"; 566 } 568 identity l4-udplite { 569 base l4-header-match-type; 570 description "L4 header match for 571 UDP lite"; 572 } 574 identity l4-sctp-header { 575 base l4-header-match-type; 576 description "L4 header match for SCTP"; 577 } 579 identity rule-status-type { 580 description "status 581 values for rule: invalid (0), 582 valid (1), valid and installed (2)"; 583 } 585 identity rule-status-invalid { 586 base rule-status-type; 587 description "invalid rule status."; 588 } 590 identity rule-status-valid { 591 base rule-status-type; 592 description "This status indicates 593 a valid rule."; 595 } 597 identity rule-status-valid-installed { 598 base rule-status-type; 599 description "This status indicates 600 an installed rule."; 601 } 602 identity rule-status-valid-inactive { 603 base rule-status-type; 604 description "This status indicates 605 a valid ruled that is not installed."; 606 } 608 grouping interface-match { 609 leaf match-if-name { 610 type if:interface-ref; 611 description "match on interface name"; 612 } 613 description "interface 614 has name, description, type, enabled 615 as potential matches"; 616 } 618 grouping interface-actions { 619 description 620 "interface action up/down and 621 enable/disable"; 622 leaf interface-up { 623 type boolean; 624 description 625 "action to put interface up"; 626 } 627 leaf interface-down { 628 type boolean; 629 description 630 "action to put interface down"; 631 } 632 leaf interface-enable { 633 type boolean; 634 description 635 "action to enable interface"; 636 } 637 leaf interface-disable { 638 type boolean; 639 description 640 "action to disable interface"; 641 } 642 } 644 grouping L2-802-1Q-header { 645 description 646 "This is short-term 802.1 header 647 match which will be replaced 648 by reference to IEEE yang when 649 it arrives. Qtag 1 is 802.1Q 650 Qtag2 is 802.1AD"; 652 leaf vlan-present { 653 type boolean; 654 description " Include VLAN in header"; 655 } 656 leaf qtag1-present { 657 type boolean; 658 description " This flag value indicates 659 inclusion of one 802.1Q tag in header"; 660 } 661 leaf qtag2-present{ 662 type boolean; 663 description "This flag indicates the 664 inclusion of second 802.1Q tag in header"; 665 } 667 leaf dest-mac { 669 type uint64; //change to uint48 670 description "IEEE destination MAC value 671 from the header"; 672 } 673 leaf src-mac { 674 type uint64; //change to uint48 675 description "IEEE source MAC 676 from the header"; 678 } 679 leaf vlan-tag { 680 type uint16; 681 description "IEEE VLAN Tag 682 from the header"; 683 } 684 leaf qtag1 { 685 type uint32; 686 description "Qtag1 value 687 from the header"; 688 } 689 leaf qtag2 { 690 type uint32; 691 description "Qtag1 value 692 from the header"; 693 } 694 leaf L2-ethertype { 695 type uint16; 696 description "Ether type 697 from the header"; 698 } 699 } 701 grouping L2-VXLAN-header { 702 container vxlan-header { 703 uses iir:ipv4-header; 704 leaf vxlan-network-id { 705 type uint32; 706 description "VLAN network id"; 707 } 708 description " choices for 709 L2-VLAN header matches. 710 Outer-header only. 711 Need to fix inner header. "; 712 } 713 description 714 "This VXLAN header may 715 be replaced by actual VXLAN yang 716 module reference"; 717 } 719 grouping L2-NVGRE-header { 721 container nvgre-header { 722 uses L2-802-1Q-header; 723 uses iir:ipv4-header; 724 leaf gre-version { 725 type uint8; 726 description "L2-NVGRE GRE version"; 727 } 728 leaf gre-proto { 729 type uint16; 730 description "L2-NVGRE protocol value"; 731 } 732 leaf virtual-subnet-id { 733 type uint32; 734 description "L2-NVGRE subnet id value"; 735 } 736 leaf flow-id { 737 type uint16; 738 description "L2-NVGRE Flow id value"; 739 } 740 // uses L2-802-1Q-header; 741 description 742 "This NVGRE header may 743 be replaced by actual NVGRE yang 744 module reference"; 745 } 746 description "Grouping for 747 L2 NVGRE header."; 748 } 750 grouping L2-header-match { 752 choice l2-header-match-type { 753 case l2-802-1Q { 754 uses L2-802-1Q-header; 755 } 756 case l2-802-11 { 757 // matches for 802.11 headers 758 } 759 case l2-802-15 { 760 // matches for 802.1 Ethernet 761 } 762 case l2-NVGRE { 763 // matches for NVGRE 764 uses L2-NVGRE-header; 765 } 766 case l2-VXLAN-header { 767 uses L2-VXLAN-header; 768 } 769 case l2-mpls-header { 770 uses iir:mpls-header; 771 } 772 description "Choice of L2 773 headers for L2 match"; 774 } 775 description 776 " The layer 2 header match includes 777 any reference to L2 technology"; 778 } 780 grouping L2-NVGRE-mod-acts { 781 // actions for NVGRE 782 leaf set-vsid { 783 type boolean; 784 description 785 "Boolean flag to set VSID in packet"; 786 } 787 leaf set-flowid { 788 type boolean; 789 description 790 "Boolean flag to set VSID in packet"; 791 } 792 leaf vsi { 793 type uint32; 794 description 795 "VSID value to set in packet"; 796 } 797 leaf flow-id { 798 type uint16; 799 description 800 "flow-id value to set in packet"; 801 } 802 description "L2-NVRE Actions"; 803 } 805 grouping L2-VXLAN-mod-acts { 806 leaf set-network-id { 807 type boolean; 808 description 809 "flag to set network id in packet"; 810 } 811 leaf network-id { 812 type uint32; 813 description 814 "network id value to set in packet"; 815 } 816 description "VXLAN header 817 modification actions."; 818 } 820 grouping L2-mpls-mod-acts { 821 leaf pop { 822 type boolean; 823 description 824 "Boolean flag to pop mpls header"; 825 } 826 leaf push { 827 type boolean; 828 description 829 "Boolean flag to push value into 830 mpls header"; 831 } 832 leaf mpls-label { 833 type uint32; 834 description 835 "mpls label to push in header"; 836 } 837 description "MPLS modify 838 header actions"; 839 } 841 grouping l2-header-mod-actions { 842 leaf l2-802-1Q { 843 type uint8; 844 description "actions for 802.1Q"; 845 } 846 leaf l2-802-11 { 847 type uint8; 848 description "actions for 802.11"; 849 } 850 leaf l2-802-15 { 851 type uint8; 852 description "ations for 802.15"; 853 } 855 uses L2-NVGRE-mod-acts; 856 uses L2-VXLAN-mod-acts; 857 uses L2-mpls-mod-acts; 858 description 859 " The layer 2 header match includes 860 any reference to L2 technology"; 861 } 863 grouping L3-header-match { 865 choice L3-header-match-type { 866 case l3-ipv4-hdr { 867 uses iir:ipv4-header; 868 } 869 case l3-ipv6-hdr { 870 uses iir:ipv6-header; 871 } 872 case L3-gre-tunnel { 873 uses iir:gre-header; 874 } 875 description "match for L3 876 headers for IPv4, IPv6, 877 and GRE tunnels"; 878 } 879 description "match for L3 headers"; 880 } 882 grouping ipv4-encapsulate-gre { 883 leaf encapsulate { 884 type boolean; 885 description "flag to encapsulate headers"; 886 } 887 leaf ipv4-dest-address { 888 type inet:ipv4-address; 889 description 890 "Destination Address for GRE header"; 891 } 892 leaf ipv4-source-address { 893 type inet:ipv4-address; 894 description 895 "Source Address for GRE header"; 896 } 897 description 898 "encapsulation actions for IPv4 headers"; 899 } 901 grouping L3-header-actions { 902 choice l3-header-act-type { 903 case l3-ipv4-hdr { 904 leaf set-ttl { 905 type boolean; 906 description "flag to set TTL"; 907 } 908 leaf set-dscp { 909 type boolean; 910 description "flag to set DSCP"; 911 } 912 leaf ttl-value { 913 type uint8; 914 description "TTL value to set"; 915 } 916 leaf dscp-val { 917 type uint8; 918 description "dscp value to set"; 919 } 920 } 921 case l3-ipv6-hdr { 922 leaf set-next-header { 923 type boolean; 924 description 925 "flag to set next routing 926 header in IPv6 header"; 927 } 928 leaf set-traffic-class { 929 type boolean; 930 description 931 "flag to set traffic class 932 in IPv6 header"; 934 } 935 leaf set-flow-label { 936 type boolean; 937 description 938 "flag to set flow label 939 in IPv6 header"; 940 } 941 leaf set-hop-limit { 942 type boolean; 943 description "flag 944 to set hop limit in 945 L3 packet"; 946 } 947 leaf ipv6-next-header { 948 type uint8; 949 description "value to 950 set in next IPv6 header"; 951 } 952 leaf ipv6-traffic-class { 953 type uint8; 954 description "value to set 955 in traffic class"; 957 } 958 leaf ipv6-flow-label { 959 type uint16; 960 description "value to set 961 in IPOv6 flow label"; 962 } 963 leaf ipv6-hop-limit { 964 type uint8; 965 description "value to set 966 in hop count"; 967 } 968 } 970 case L3-gre-tunnel { 971 leaf decapsulate { 972 type boolean; 973 description "flag to 974 decapsulate GRE packet"; 975 } 976 description "GRE tunnel 977 actions" ; 978 } 979 description "actions that can 980 be performed on L3 header"; 981 } 982 description "actions to 983 be performed on L3 header"; 984 } 986 grouping tcp-header-match { 987 leaf tcp-src-port { 988 type uint16; 989 description "source port match value"; 990 } 991 leaf tcp-dst-port { 992 type uint16; 993 description "dest port value 994 to match"; 995 } 996 leaf sequence-number { 997 type uint32; 998 description "sequence number 999 value to match"; 1001 } 1002 leaf ack-number { 1003 type uint32; 1004 description "action value to 1005 match"; 1006 } 1007 description "match for TCP 1008 header"; 1009 } 1011 grouping tcp-header-action { 1012 leaf set-tcp-src-port { 1013 type boolean; 1014 description "flag to set 1015 source port value"; 1016 } 1017 leaf set-tcp-dst-port { 1018 type boolean; 1019 description "flag to set source port value"; 1020 } 1022 leaf tcp-s-port { 1023 type uint16; 1024 description "source port match value"; 1025 } 1026 leaf tcp-d-port { 1027 type uint16; 1028 description "dest port value 1029 to match"; 1030 } 1031 leaf seq-num { 1032 type uint32; 1033 description "sequence number 1034 value to match"; 1035 } 1036 leaf ack-num { 1037 type uint32; 1038 description "action value to 1039 match"; 1040 } 1041 description "Actions to 1042 modify TCP header"; 1043 } 1045 grouping udp-header-match { 1046 leaf udp-src-port { 1047 type uint16; 1048 description "UDP source 1049 port match value"; 1050 } 1051 leaf udp-dst-port { 1052 type uint16; 1053 description "UDP Destination 1054 port match value"; 1055 } 1056 description "match values for 1057 UDP header"; 1059 } 1061 grouping udp-header-action { 1062 leaf set-udp-src-port { 1063 type boolean; 1064 description "flag to set 1065 UDP source port match value"; 1066 } 1067 leaf set-udp-dst-port { 1068 type boolean; 1069 description 1070 "flag to set UDP destination port match value"; 1071 } 1072 leaf udp-s-port { 1073 type uint16; 1074 description "UDP source 1075 port match value"; 1076 } 1077 leaf udp-d-port { 1078 type uint16; 1079 description "UDP Destination 1080 port match value"; 1081 } 1083 description "actions to set 1084 values in UDP header"; 1085 } 1087 grouping sctp-chunk { 1088 leaf chunk-type { 1089 type uint8; 1090 description "sctp chunk type value"; 1091 } 1092 leaf chunk-flag { 1093 type uint8; 1094 description "sctp chunk type 1095 flag value"; 1096 } 1097 leaf chunk-length { 1098 type uint16; 1099 description "sctp chunk length"; 1100 } 1102 leaf chunk-data-byte-zero { 1103 type uint32; 1104 description "byte zero of 1105 stcp chunk data"; 1106 } 1107 description "sctp chunck 1108 header match fields"; 1109 } 1111 grouping sctp-header-match { 1112 uses sctp-chunk; 1113 leaf stcp-src-port { 1114 type uint16; 1115 description "sctp header match 1116 source port value"; 1117 } 1118 leaf sctp-dst-port { 1119 type uint16; 1120 description "sctp header match 1121 destination port value"; 1122 } 1123 leaf sctp-verify-tag { 1124 type uint32; 1125 description "sctp header match 1126 verification tag value"; 1127 } 1128 description "SCTP header 1129 match values"; 1130 } 1132 grouping sctp-header-action { 1133 leaf set-stcp-src-port { 1134 type boolean; 1135 description "set source port in sctp header"; 1136 } 1137 leaf set-stcp-dst-port { 1138 type boolean; 1139 description "set destination port in sctp header"; 1140 } 1141 leaf set-stcp-chunk1 { 1142 type boolean; 1143 description "set chunk value in sctp header"; 1144 } 1145 leaf chunk-type-value { 1146 type uint8; 1147 description "sctp chunk type value"; 1148 } 1149 leaf chunk-flag-value { 1150 type uint8; 1151 description "sctp chunk type 1152 flag value"; 1153 } 1155 leaf chunk-len { 1156 type uint16; 1157 description "sctp chunk length"; 1158 } 1160 leaf chunk-data-bzero { 1161 type uint32; 1162 description "byte zero of 1163 stcp chunk data"; 1164 } 1165 description "sctp qos actions"; 1166 } 1168 grouping L4-header-match { 1169 choice l4-header-match-type { 1170 case l4-tcp-header { 1171 uses tcp-header-match; 1172 } 1173 case l4-udp-header { 1174 uses udp-header-match; 1175 } 1176 case l4-sctp { 1177 uses sctp-header-match; 1178 } 1179 description "L4 match 1180 header choices"; 1181 } 1182 description "L4 header 1183 match type"; 1184 } 1186 grouping L4-header-actions { 1187 uses tcp-header-action; 1188 uses udp-header-action; 1189 uses sctp-header-action; 1190 description "L4 header matches"; 1192 } 1194 grouping rule_status { 1195 leaf rule-status { 1196 type string; 1197 description "status information 1198 free form string."; 1199 } 1200 leaf rule-inactive-reason { 1201 type string; 1202 description "description of 1203 why rule is inactive"; 1204 } 1205 leaf rule-install-reason { 1206 type string; 1207 description "response on rule installed"; 1208 } 1209 leaf rule-installer { 1210 type string; 1211 description "client id of installer"; 1212 } 1213 leaf refcnt { 1214 type uint16; 1215 description "reference count on rule. "; 1216 } 1217 description 1218 "rule operational status"; 1219 } 1221 // group status 1222 grouping groups-status { 1223 list group_opstate { 1224 key "grp-name"; 1225 leaf grp-name { 1226 type string; 1227 description "eca group name"; 1228 } 1229 leaf rules-installed { 1230 type uint32; 1231 description "rules in 1232 group installed"; 1233 } 1234 list rules_status { 1235 key "rule-name"; 1236 leaf rule-name { 1237 type string; 1238 description "name of rule "; 1239 } 1241 leaf rule-order { 1242 type uint32; 1243 description "rule-order"; 1244 } 1245 description "rules per 1246 group"; 1247 } 1248 description "group operational 1249 status"; 1250 } 1251 description "group to rules 1252 list"; 1253 } 1255 // links between rule to group 1257 grouping rule-group-link { 1258 list rule-group { 1259 key rule-name; 1260 leaf rule-name { 1261 type string; 1262 description "rule name"; 1263 } 1264 leaf group-name { 1265 type string; 1266 description "group name"; 1267 } 1268 description "link between 1269 group and link"; 1270 } 1271 description "rule-name to 1272 group link"; 1273 } 1275 // rule status by name 1276 grouping rules_opstate { 1277 list rules_status { 1278 key "rule-order rule-name"; 1279 leaf rule-order { 1280 type uint32; 1281 description "order of rules"; 1282 } 1283 leaf rule-name { 1284 type string; 1285 description "rule name"; 1286 } 1287 uses rule_status; 1288 description "eca rule list"; 1290 } 1291 description "rules 1292 operational state"; 1293 } 1295 // rule statistics by name and order 1296 grouping rules_opstats { 1297 list rule-stat { 1298 key "rule-order rule-name"; 1299 leaf rule-order { 1300 type uint32; 1301 description "order of rules"; 1302 } 1303 leaf rule-name { 1304 type string; 1305 description "name of rule"; 1306 } 1307 leaf pkts-matched { 1308 type uint64; 1309 description "number of 1310 packets that matched filter"; 1311 } 1312 leaf pkts-modified { 1313 type uint64; 1314 description "number of 1315 packets that filter caused 1316 to be modified"; 1317 } 1318 leaf pkts-dropped { 1319 type uint64; 1320 description "number of 1321 packets that filter caused 1322 to be modified"; 1323 } 1324 leaf bytes-dropped { 1325 type uint64; 1326 description "number of 1327 packets that filter caused 1328 to be modified"; 1329 } 1330 leaf pkts-forwarded { 1331 type uint64; 1332 description "number of 1333 packets that filter caused 1334 to be forwarded."; 1335 } 1336 leaf bytes-forwarded { 1337 type uint64; 1338 description "number of 1339 packets that filter caused 1340 to be forwarded."; 1341 } 1343 description "list of 1344 operational statistics for each 1345 rule."; 1346 } 1347 description "statistics 1348 on packet filter matches, and 1349 based on matches on many were 1350 modified and/or forwarded"; 1351 } 1353 grouping packet-size-match { 1354 leaf l2-size-match { 1355 type uint32; 1356 description "L2 packet match size."; 1357 } 1358 leaf l3-size-match { 1359 type uint32; 1360 description "L3 packet match size."; 1361 } 1362 leaf l4-size-match { 1363 type uint32; 1364 description "L4 packet match size."; 1365 } 1367 description "packet size by layer 1368 only non-zero values are matched"; 1369 } 1371 grouping time-day-match { 1373 leaf hour { 1374 type uint8; 1375 description "hour 1376 of day in 24 hours. 1377 (add range)"; 1378 } 1379 leaf minute { 1380 type uint8; 1381 description 1382 "minute in day."; 1383 } 1384 leaf second { 1385 type uint8; 1386 description 1387 "second in day."; 1388 } 1390 description "matches for 1391 time of day."; 1393 } 1395 grouping eca-event-matches { 1396 uses time-day-match; 1397 description "matches for events 1398 which include: 1399 time of day."; 1401 } 1403 grouping eca-pkt-matches { 1404 uses interface-match; 1405 uses L2-header-match; 1406 uses L3-header-match; 1407 uses L4-header-match; 1408 uses packet-size-match; 1409 description "ECA matches"; 1410 } 1412 grouping user-status-matches { 1413 leaf user { 1414 type string; 1415 description "user"; 1416 } 1417 leaf region { 1418 type string; 1419 description "region"; 1420 } 1421 leaf state { 1422 type string; 1423 description "state"; 1424 } 1426 leaf user-status { 1427 type string; 1428 description "status of user"; 1429 } 1430 description "user status 1431 matches - region, 1432 target, location"; 1433 } 1435 grouping eca-condition-matches { 1436 uses eca-pkt-matches; 1437 uses user-status-matches; 1438 description "pkt 1439 and user status matches"; 1440 } 1442 grouping eca-qos-actions { 1443 leaf cnt-actions { 1444 type uint32; 1445 description "count of ECA actions"; 1446 } 1447 list qos-actions { 1448 key "action-id"; 1449 leaf action-id { 1450 type uint32; 1451 description "action id"; 1452 } 1453 uses interface-actions; 1454 uses l2-header-mod-actions; 1455 uses L3-header-actions; 1456 uses L4-header-actions; 1458 description "ECA set or change 1459 packet Actions. Actions may be 1460 added here for interface, 1461 L2, L3, and L4 1462 headers."; 1463 } 1464 description "eca- qos actions"; 1465 } 1467 grouping ip-next-fwd { 1468 leaf rib-name { 1469 type string; 1470 description "name of RIB"; 1471 } 1472 leaf next-hop-name { 1473 type string; 1474 description "name of next hop"; 1475 } 1476 description "ECA set or change 1477 packet Actions"; 1479 } 1481 grouping eca-ingress-actions { 1482 leaf permit { 1483 type boolean; 1484 description "permit ingress 1485 traffic. False 1486 means to deny."; 1487 } 1488 leaf mirror { 1489 type boolean; 1490 description "copy bytes 1491 ingressed to mirror port"; 1492 } 1493 description "ingress eca match"; 1494 } 1496 grouping eca-fwd-actions { 1497 leaf interface-fwd { 1498 type if:interface-ref; 1499 description "name of interface to forward on"; 1500 } 1501 uses iir:nexthop; 1502 uses ip-next-fwd; 1503 leaf drop-packet { 1504 type boolean; 1505 description "drop packet flag"; 1506 } 1507 description "ECA forwarding actions"; 1508 } 1510 grouping eca-security-actions { 1511 leaf actions-exist { 1512 type boolean; 1513 description "existance of 1514 eca security actions"; 1515 } 1516 description "content actions 1517 for security. Needs more 1518 description."; 1519 } 1521 grouping eca-egress-actions { 1522 leaf packet-rate { 1523 type uint32; 1524 description "maximum packet-rate"; 1525 } 1526 leaf byte-rate { 1527 type uint64; 1528 description "maximum byte-rate "; 1529 } 1530 description "packet security actions"; 1531 } 1533 grouping policy-conflict-resolution { 1534 list resolution-strategy { 1535 key "strategy-id"; 1536 leaf strategy-id { 1537 type uint32; 1538 description "Id for strategy"; 1539 } 1540 leaf stategy-name { 1541 type string; 1542 description "name of strategy"; 1543 } 1544 leaf filter-strategy { 1545 type string; 1546 description "type of resolution"; 1548 } 1549 leaf global-strategy { 1550 type boolean; 1551 description "global strategy"; 1552 } 1553 leaf mandatory-strategy { 1554 type boolean; 1555 description "required strategy"; 1556 } 1557 leaf local-strategy { 1558 type boolean; 1559 description "local strategy"; 1560 } 1561 leaf resolution-fcn { 1562 type uint64; 1563 description "resolution function id "; 1564 } 1565 leaf resolution-value { 1566 type uint64; 1567 description "resolution value"; 1568 } 1569 leaf resolution-info { 1570 type string; 1571 description "resolution info"; 1572 } 1573 list associate-ext-data { 1574 key "ext-data-id"; 1575 leaf ext-data-id { 1576 type uint64; 1577 description "ID of external data"; 1578 } 1579 leaf ext-data { 1580 type string; 1581 description "external data"; 1582 } 1583 description "linked external data"; 1584 } 1585 description "list of strategies"; 1586 } 1587 description "policy conflict 1588 resolution strategies"; 1589 } 1591 grouping cfg-external-data { 1592 list cfg-ext-data { 1593 key "cfg-ext-data-id"; 1594 leaf cfg-ext-data-id { 1595 type uint64; 1596 description "id for external data"; 1597 } 1598 leaf data-type { 1599 type uint32; 1600 description "external data type ID"; 1601 } 1602 leaf priority { 1603 type uint64; 1604 description "priority of data"; 1605 } 1606 leaf other-data { 1607 type string; 1608 description "string 1609 external data"; 1610 } 1611 description "external data"; 1612 } 1613 description "external data list"; 1614 } 1616 grouping pkt-eca-policy-set { 1617 list groups { 1618 key "group-name"; 1619 leaf group-name { 1620 type string; 1621 description 1622 "name of group of rules"; 1623 } 1624 leaf vrf-name { 1625 type string; 1626 description "VRF name"; 1627 } 1628 uses rt:address-family; 1629 list group-rule-list { 1630 key "rule-name"; 1631 leaf rule-name { 1632 type string; 1633 description "name of rule"; 1634 } 1635 leaf rule-order-id { 1636 type uint16; 1637 description "rule-order-id"; 1638 } 1639 description "rules per group"; 1640 } 1641 description "pkt eca rule groups"; 1642 } 1643 list eca-rules { 1644 key "order-id"; 1645 ordered-by user; 1646 leaf order-id { 1647 type uint16; 1648 description "Number of order 1649 in ordered list (ascending)"; 1650 } 1651 leaf eca-rule-name { 1652 type string; 1653 description "name of rule"; 1654 } 1655 leaf installer { 1656 type string; 1657 description 1658 "Id of I2RS client 1659 that installs this rule."; 1660 } 1661 uses eca-event-matches; 1662 uses eca-ingress-actions; 1663 uses eca-qos-actions; 1664 uses eca-security-actions; 1665 uses eca-fwd-actions; 1666 uses eca-egress-actions; 1667 uses cfg-external-data; 1668 uses policy-conflict-resolution; 1670 description "ECA rules"; 1671 } // end of rule 1672 description "Policy sets."; 1673 } 1675 grouping pkt-eca-opstate { 1676 uses groups-status; 1677 uses rule-group-link; 1678 uses rules_opstate; 1679 uses rules_opstats; 1680 description "pkt eca policy 1681 op-state main"; 1682 } 1684 container pkt-eca-policy-opstate { 1685 config "false"; 1686 uses pkt-eca-opstate; 1687 description "operational state"; 1688 } 1690 } 1692 1694 6. IANA Considerations 1696 This draft requests IANA Assign a urn in the IETF yang module space 1697 for: 1699 "urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy"; 1701 associated prefix "pkt-eca"; 1703 7. Security Considerations 1705 These generic filters are filter packets in a traffic stream, act to 1706 modify packets, and forward data packets. These filters operate 1707 dynamically at same level as currently deployed configured filter- 1708 based RIBs to filter, change, and forward traffic. 1710 Due to the potential to use Filters as an attack vector, this data 1711 model should be used with the secure transport described in the 1712 [I-D.ietf-i2rs-protocol-security-requirements] 1714 8. References 1716 8.1. Normative References 1718 [I-D.ietf-i2rs-rib-data-model] 1719 Wang, L., Ananthakrishnan, H., Chen, M., 1720 amit.dass@ericsson.com, a., Kini, S., and N. Bahadur, "A 1721 YANG Data Model for Routing Information Base (RIB)", 1722 draft-ietf-i2rs-rib-data-model-07 (work in progress), 1723 January 2017. 1725 8.2. Informative References 1727 [I-D.ietf-i2rs-protocol-security-requirements] 1728 Hares, S., Migault, D., and J. Halpern, "I2RS Security 1729 Related Requirements", draft-ietf-i2rs-protocol-security- 1730 requirements-17 (work in progress), September 2016. 1732 [I-D.ietf-i2rs-rib-info-model] 1733 Bahadur, N., Kini, S., and J. Medved, "Routing Information 1734 Base Info Model", draft-ietf-i2rs-rib-info-model-10 (work 1735 in progress), December 2016. 1737 [I-D.ietf-netmod-acl-model] 1738 Bogdanovic, D., Koushik, K., Huang, L., and D. Blair, 1739 "Network Access Control List (ACL) YANG Data Model", 1740 draft-ietf-netmod-acl-model-10 (work in progress), March 1741 2017. 1743 [I-D.ietf-netmod-revised-datastores] 1744 Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1745 and R. Wilton, "A Revised Conceptual Model for YANG 1746 Datastores", draft-ietf-netmod-revised-datastores-00 (work 1747 in progress), December 2016. 1749 [I-D.ietf-supa-generic-policy-data-model] 1750 Halpern, J. and J. Strassner, "Generic Policy Data Model 1751 for Simplified Use of Policy Abstractions (SUPA)", draft- 1752 ietf-supa-generic-policy-data-model-02 (work in progress), 1753 October 2016. 1755 [I-D.ietf-supa-generic-policy-info-model] 1756 Strassner, J., Halpern, J., and S. Meer, "Generic Policy 1757 Information Model for Simplified Use of Policy 1758 Abstractions (SUPA)", draft-ietf-supa-generic-policy-info- 1759 model-02 (work in progress), January 2017. 1761 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1762 and A. Bierman, Ed., "Network Configuration Protocol 1763 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1764 . 1766 [RFC7921] Atlas, A., Halpern, J., Hares, S., Ward, D., and T. 1767 Nadeau, "An Architecture for the Interface to the Routing 1768 System", RFC 7921, DOI 10.17487/RFC7921, June 2016, 1769 . 1771 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1772 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1773 . 1775 Authors' Addresses 1777 Susan Hares 1778 Huawei 1779 7453 Hickory Hill 1780 Saline, MI 48176 1781 USA 1783 Email: shares@ndzh.com 1785 Linda Dunbar 1786 Huawei 1788 Email: Linda.Dunbar@huawei.com 1790 Russ White 1791 Ericsson 1793 Email: russw@riw.us