idnits 2.17.1 draft-ietf-pim-igmp-mld-snooping-yang-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 12 instances of too long lines in the document, the longest one being 12 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 233 has weird spacing: '...er-mode fil...' == Line 324 has weird spacing: '...er-mode fil...' == The document doesn't use any RFC 2119 keywords, yet has text resembling RFC 2119 boilerplate text. -- The document date (December 10, 2018) is 1958 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC2119' is mentioned on line 100, but not defined == Missing Reference: 'RFC6241' is mentioned on line 1532, but not defined == Missing Reference: 'RFC8040' is mentioned on line 1532, but not defined == Missing Reference: 'RFC7950' is mentioned on line 1623, but not defined == Missing Reference: 'RFC6242' is mentioned on line 1534, but not defined == Missing Reference: 'RFC5246' is mentioned on line 1535, but not defined ** Obsolete undefined reference: RFC 5246 (Obsoleted by RFC 8446) == Missing Reference: 'RFC6536' is mentioned on line 1537, but not defined ** Obsolete undefined reference: RFC 6536 (Obsoleted by RFC 8341) == Missing Reference: 'RFC3688' is mentioned on line 1610, but not defined == Missing Reference: 'RFC7951' is mentioned on line 1856, but not defined == Unused Reference: 'RFC2236' is defined on line 1642, but no explicit reference was found in the text == Unused Reference: 'RFC2710' is defined on line 1645, but no explicit reference was found in the text == Unused Reference: 'RFC3376' is defined on line 1648, but no explicit reference was found in the text == Unused Reference: 'RFC3810' is defined on line 1652, but no explicit reference was found in the text == Unused Reference: 'RFC4604' is defined on line 1660, but no explicit reference was found in the text == Unused Reference: 'RFC4607' is defined on line 1665, but no explicit reference was found in the text == Unused Reference: 'RFC6021' is defined on line 1672, but no explicit reference was found in the text == Unused Reference: 'RFC6991' is defined on line 1675, but no explicit reference was found in the text == Unused Reference: 'RFC8343' is defined on line 1681, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 4541 ** Obsolete normative reference: RFC 6021 (Obsoleted by RFC 6991) Summary: 5 errors (**), 0 flaws (~~), 22 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 PIM Working Group H. Zhao 2 Internet Draft Ericsson 3 Intended status: Standards Track X. Liu 4 Expires: June 09, 2019 Volta Networks 5 Y. Liu 6 Huawei 7 M. Sivakumar 8 Juniper 9 A. Peter 10 Individual 12 December 10, 2018 14 A Yang Data Model for IGMP and MLD Snooping 15 draft-ietf-pim-igmp-mld-snooping-yang-06.txt 17 Abstract 19 This document defines a YANG data model that can be used to 20 configure and manage Internet Group Management Protocol (IGMP) and 21 Multicast Listener Discovery (MLD) Snooping devices. The YANG module in 22 this document conforms to Network Management Datastore Architecture 23 (NMDA). 25 Status of this Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF), its areas, and its working groups. Note that 32 other groups may also distribute working documents as Internet- 33 Drafts. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 The list of current Internet-Drafts can be accessed at 41 http://www.ietf.org/ietf/1id-abstracts.txt 43 The list of Internet-Draft Shadow Directories can be accessed at 44 http://www.ietf.org/shadow.html 45 This Internet-Draft will expire on June 09, 2019. 47 Copyright Notice 49 Copyright (c) 2018 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction...................................................3 65 1.1. Terminology...............................................3 66 1.2. Tree Diagrams.............................................3 67 2. Design of Data Model...........................................3 68 2.1. Overview..................................................4 69 2.2. IGMP Snooping Instances...................................4 70 2.3. MLD Snooping Instances....................................6 71 2.4. IGMP and MLD Snooping Instances Reference.................8 72 2.5. IGMP and MLD Snooping RPC.................................9 73 3. IGMP and MLD Snooping YANG Module..............................9 74 4. Security Considerations.......................................31 75 5. IANA Considerations...........................................33 76 6. Normative References..........................................34 77 Appendix A. Data Tree Example...................................36 78 A.1 Bridge scenario...........................................36 79 A.2 L2VPN scenario............................................39 80 Authors' Addresses...............................................43 82 1. Introduction 84 This document defines a YANG [RFC6020] data model for the management of 85 Internet Group Management Protocol (IGMP) and Multicast Listener 86 Discovery (MLD) Snooping devices. 88 The YANG module in this document conforms to the Network Management 89 Datastore Architecture defined in [RFC8342]. The "Network Management 90 Datastore Architecture" (NMDA) adds the ability to inspect the current 91 operational values for configuration, allowing clients to use identical 92 paths for retrieving the configured values and the operational values. 94 1.1. Terminology 96 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 97 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 98 "OPTIONAL" in this document are to be interpreted as described in BCP 14 99 [RFC2119]. 101 The terminology for describing YANG data models is found in [RFC6020]. 103 1.2. Tree Diagrams 105 A simplified graphical representation of the data model is used in this 106 document. The meaning of the symbols in these diagrams is as follows: 108 o Brackets "[" and "]" enclose list keys. 110 o Abbreviations before data node names: "rw" means configuration 111 (read-write), and "ro" means state data (read-only). 113 o Symbols after data node names: "?" means an optional node, "!" 114 means a presence container, and "*" denotes a list and leaf-list. 116 o Parentheses enclose choice and case nodes, and case nodes are also 117 marked with a colon (":"). 119 o Ellipsis ("...") stands for contents of subtrees that are not 120 shown. 122 2. Design of Data Model 124 The model covers Considerations for Internet Group Management Protocol 125 (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches 126 [RFC4541]. 128 The goal of this document is to define a data model that provides a 129 common user interface to IGMP and MLD Snooping. 131 2.1. Overview 133 The IGMP and MLD Snooping YANG module defined in this document has all 134 the common building blocks for the IGMP and MLD Snooping protocol. 136 The YANG module includes IGMP and MLD Snooping instance definition, 137 instance reference in the scenario of BRIDGE and L2VPN. The module also 138 includes the RPC methods for clearing IGMP and MLD Snooping group 139 tables. 141 This YANG module conforms to Network Management Datastore Architecture 142 (NMDA)[RFC8342]. This NMDA architecture provides an architectural 143 framework for datastores as they are used by network management 144 protocols such as NETCONF [RFC6241], RESTCONF [RFC8040] and the YANG 145 [RFC7950] data modeling language. 147 2.2. IGMP Snooping Instances 149 The YANG module defines igmp-snooping-instance which augments 150 /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol. 152 All the IGMP Snooping related attributes have been defined in the igmp- 153 snooping-instance. The read-write attribute means configurable data. The 154 read-only attribute means state data. 156 One igmp-snooping-instance could be referenced in one BRIDGE instance or 157 L2VPN instance. One igmp-snooping-instance corresponds to one BRIDGE 158 instance or L2VPN instance. 160 The value of scenario in igmp-snooping-instance is bridge or l2vpn. When 161 it is bridge, the igmp-snooping-instance will be referenced in the 162 BRIDGE scenario. When it is l2vpn, the igmp-snooping-instance will be 163 referenced in the L2VPN scenario. 165 The value of bridge-mrouter-interface, l2vpn-mrouter-interface-ac, 166 l2vpn-mrouter-interface-pw are filled by snooping device dynamically. 167 They are different from static-bridge-mrouter-interface, static-l2vpn- 168 mrouter-interface-ac, and static-l2vpn-mrouter-interface-pw which are 169 configured statically. 171 The attributes under the interfaces show the statistics of IGMP Snooping 172 related packets. 174 module: ietf-igmp-mld-snooping 175 augment /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol: 176 +--rw igmp-snooping-instance {feature-igmp-snooping}? 177 | +--rw scenario? snooping-scenario-type 178 | +--rw enable? boolean 179 | +--rw forwarding-mode? enumeration 180 | +--rw explicit-tracking? boolean 181 | | {explicit-tracking}? 182 | +--rw exclude-lite? boolean 183 | | {exclude-lite}? 184 | +--rw send-query? boolean 185 | +--rw immediate-leave? empty 186 | | {immediate-leave}? 187 | +--rw last-member-query-interval? uint16 188 | +--rw query-interval? uint16 189 | +--rw query-max-response-time? uint16 190 | +--rw require-router-alert? boolean 191 | | {require-router-alert}? 192 | +--rw robustness-variable? uint8 193 | +--rw static-bridge-mrouter-interface* if:interface-ref 194 | | {static-mrouter-interface}? 195 | +--rw static-l2vpn-mrouter-interface-ac* if:interface-ref 196 | | {static-mrouter-interface}? 197 | +--rw static-l2vpn-mrouter-interface-pw* l2vpn-instance-pw-ref 198 | | {static-mrouter-interface}? 199 | +--rw version? uint8 200 | +--rw querier-source? inet:ipv4-address 201 | +--rw static-l2-multicast-group* [group source-addr] 202 | | {static-l2-multicast-group}? 203 | | +--rw group 204 | | | rt-types:ipv4-multicast-group-address 205 | | +--rw source-addr 206 | | | rt-types:ipv4-multicast-source-address 207 | | +--rw bridge-outgoing-interface* if:interface-ref 208 | | +--rw l2vpn-outgoing-ac* l2vpn-instance-ac-ref 209 | | +--rw l2vpn-outgoing-pw* l2vpn-instance-pw-ref 210 | +--ro entries-count? uint32 211 | +--ro bridge-mrouter-interface* if:interface-ref 212 | +--ro l2vpn-mrouter-interface-ac* if:interface-ref 213 | +--ro l2vpn-mrouter-interface-pw* l2vpn-instance-pw-ref 214 | +--ro group* [address] 215 | | +--ro address rt-types:ipv4-multicast-group-address 216 | | +--ro mac-address? yang:phys-address 217 | | +--ro expire uint32 218 | | +--ro up-time uint32 219 | | +--ro last-reporter? inet:ipv4-address 220 | | +--ro source* [address] 221 | | +--ro address 222 | | | rt-types:ipv4-multicast-source-address 223 | | +--ro bridge-outgoing-interface* if:interface-ref 224 | | +--ro l2vpn-outgoing-ac* l2vpn-instance-ac-ref 225 | | +--ro l2vpn-outgoing-pw* l2vpn-instance-pw-ref 226 | | +--ro up-time uint32 227 | | +--ro expire uint32 228 | | +--ro host-count? uint32 229 | | | {explicit-tracking}? 230 | | +--ro last-reporter? inet:ipv4-address 231 | | +--ro host* [host-address] {explicit-tracking}? 232 | | +--ro host-address inet:ipv4-address 233 | | +--ro host-filter-mode filter-mode-type 234 | +--ro interfaces 235 | +--ro interface* [name] 236 | +--ro name if:interface-ref 237 | +--ro statistics 238 | +--ro received 239 | | +--ro num-query? yang:counter64 240 | | +--ro num-membership-report-v1? yang:counter64 241 | | +--ro num-membership-report-v2? yang:counter64 242 | | +--ro num-membership-report-v3? yang:counter64 243 | | +--ro num-leave? yang:counter64 244 | | +--ro num-non-member-leave? yang:counter64 245 | | +--ro num-pim-hello? yang:counter64 246 | +--ro sent 247 | +--ro num-query? yang:counter64 248 | +--ro num-membership-report-v1? yang:counter64 249 | +--ro num-membership-report-v2? yang:counter64 250 | +--ro num-membership-report-v3? yang:counter64 251 | +--ro num-leave? yang:counter64 252 | +--ro num-non-member-leave? yang:counter64 253 | +--ro num-pim-hello? yang:counter64 255 2.3. MLD Snooping Instances 257 The YANG module defines mld-snooping-instance which could be referenced 258 in the BRIDGE or L2VPN scenario to enable MLD Snooping. 260 The mld-snooping-instance is the same as IGMP snooping except changing 261 IPV4 addresses to IPV6 addresses. 263 module: ietf-igmp-mld-snooping 264 augment /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol: 265 +--rw igmp-snooping-instance {feature-igmp-snooping}? 266 | ... 267 +--rw mld-snooping-instance {feature-mld-snooping}? 268 +--rw scenario? snooping-scenario-type 269 +--rw enable? boolean 270 +--rw forwarding-mode? enumeration 271 +--rw explicit-tracking? boolean 272 | {explicit-tracking}? 273 +--rw exclude-lite? boolean 274 | {exclude-lite}? 275 +--rw send-query? boolean 276 +--rw immediate-leave? empty 277 | {immediate-leave}? 278 +--rw last-member-query-interval? uint16 279 +--rw query-interval? uint16 280 +--rw query-max-response-time? uint16 281 +--rw require-router-alert? boolean 282 | {require-router-alert}? 283 +--rw robustness-variable? uint8 284 +--rw static-bridge-mrouter-interface* if:interface-ref 285 | {static-mrouter-interface}? 286 +--rw static-l2vpn-mrouter-interface-ac* if:interface-ref 287 | {static-mrouter-interface}? 288 +--rw static-l2vpn-mrouter-interface-pw* l2vpn-instance-pw-ref 289 | {static-mrouter-interface}? 290 +--rw version? uint8 291 +--rw querier-source? inet:ipv6-address 292 +--rw static-l2-multicast-group* [group source-addr] 293 | {static-l2-multicast-group}? 294 | +--rw group 295 | | rt-types:ipv6-multicast-group-address 296 | +--rw source-addr 297 | | rt-types:ipv6-multicast-source-address 298 | +--rw bridge-outgoing-interface* if:interface-ref 299 | +--rw l2vpn-outgoing-ac* l2vpn-instance-ac-ref 300 | +--rw l2vpn-outgoing-pw* l2vpn-instance-pw-ref 301 +--ro entries-count? uint32 302 +--ro bridge-mrouter-interface* if:interface-ref 303 +--ro l2vpn-mrouter-interface-ac* if:interface-ref 304 +--ro l2vpn-mrouter-interface-pw* l2vpn-instance-pw-ref 305 +--ro group* [address] 306 | +--ro address rt-types:ipv6-multicast-group-address 307 | +--ro mac-address? yang:phys-address 308 | +--ro expire uint32 309 | +--ro up-time uint32 310 | +--ro last-reporter? inet:ipv6-address 311 | +--ro source* [address] 312 | +--ro address 313 | | rt-types:ipv6-multicast-source-address 314 | +--ro bridge-outgoing-interface* if:interface-ref 315 | +--ro l2vpn-outgoing-ac* l2vpn-instance-ac-ref 316 | +--ro l2vpn-outgoing-pw* l2vpn-instance-pw-ref 317 | +--ro up-time uint32 318 | +--ro expire uint32 319 | +--ro host-count? uint32 320 | | {explicit-tracking}? 321 | +--ro last-reporter? inet:ipv6-address 322 | +--ro host* [host-address] {explicit-tracking}? 323 | +--ro host-address inet:ipv6-address 324 | +--ro host-filter-mode filter-mode-type 325 +--ro interfaces 326 +--ro interface* [name] 327 +--ro name if:interface-ref 328 +--ro statistics 329 +--ro received 330 | +--ro num-query? yang:counter64 331 | +--ro num-report-v1? yang:counter64 332 | +--ro num-report-v2? yang:counter64 333 | +--ro num-done? yang:counter64 334 | +--ro num-pim-hello? yang:counter64 335 +--ro sent 336 +--ro num-query? yang:counter64 337 +--ro num-report-v1? yang:counter64 338 +--ro num-report-v2? yang:counter64 339 +--ro num-done? yang:counter64 340 +--ro num-pim-hello? yang:counter64 342 2.4. IGMP and MLD Snooping Instances Reference 344 The igmp-snooping-instance could be referenced in the scenario of BRIDGE 345 or L2VPN to configure the IGMP Snooping. 347 For the BRIDGE scenario this model augments /dot1q:bridges/dot1q:bridge 348 to reference igmp-snooping-instance. It means IGMP Snooping is enabled 349 in the whole bridge. 351 It also augments /dot1q:bridges/dot1q:bridge/dot1q:component/ 352 dot1q:bridge-vlan/dot1q:vlan to reference igmp-snooping-instance. It 353 means IGMP Snooping is enabled in the certain VLAN of the bridge. 355 augment /dot1q:bridges/dot1q:bridge: 356 +--rw igmp-snooping-instance? igmp-snooping-instance-ref 357 +--rw mld-snooping-instance? mld-snooping-instance-ref 359 augment /dot1q:bridges/dot1q:bridge/dot1q:component/dot1q:bridge-vlan/dot1q:vlan: 360 +--rw igmp-snooping-instance? igmp-snooping-instance-ref 361 +--rw mld-snooping-instance? mld-snooping-instance-ref 363 For the L2VPN scenario this model augments /ni:network-instances/ 364 ni:network-instance/ni:ni-type/l2vpn:l2vpn to reference igmp-snooping- 365 instance. It means IGMP Snooping is enabled in the specified l2vpn 366 instance. 368 augment /ni:network-instances/ni:network-instance/ni:ni-type/l2vpn:l2vpn: 369 +--rw igmp-snooping-instance? igmp-snooping-instance-ref 370 +--rw mld-snooping-instance? mld-snooping-instance-ref 372 The mld-snooping-instance could be referenced in concurrence with igmp- 373 snooping-instance to configure the MLD Snooping. 375 2.5. IGMP and MLD Snooping RPC 377 IGMP and MLD Snooping RPC clears the specified IGMP and MLD Snooping 378 group tables. 380 rpcs: 381 +---x clear-igmp-snooping-groups {rpc-clear-groups}? 382 | +---w input 383 | +---w name? igmp-mld-snooping-instance-ref 384 | | {feature-igmp-snooping}? 385 | +---w group? rt-types:ipv4-multicast-group-address 386 | +---w source? rt-types:ipv4-multicast-source-address 387 +---x clear-mld-snooping-groups {rpc-clear-groups}? 388 +---w input 389 +---w name? igmp-mld-snooping-instance-ref 390 | {feature-mld-snooping}? 391 +---w group? rt-types:ipv6-multicast-group-address 392 +---w source? rt-types:ipv6-multicast-source-address 394 3. IGMP and MLD Snooping YANG Module 396 file ietf-igmp-mld-snooping@2018-11-28.yang 397 module ietf-igmp-mld-snooping { 398 yang-version 1.1; 399 namespace "urn:ietf:params:xml:ns:yang:ietf-igmp-mld-snooping"; 401 prefix ims; 403 import ietf-inet-types { 404 prefix "inet"; 405 } 407 import ietf-yang-types { 408 prefix "yang"; 409 } 411 import ietf-interfaces { 412 prefix "if"; 413 } 415 import ietf-routing { 416 prefix "rt"; 417 } 419 import ietf-routing-types { 420 prefix "rt-types"; 421 } 423 import ietf-l2vpn { 424 prefix "l2vpn"; 425 } 427 import ietf-network-instance { 428 prefix "ni"; 429 } 431 import ieee802-dot1q-bridge { 432 prefix "dot1q"; 433 } 435 organization 436 "IETF PIM Working Group"; 438 contact 439 "WG Web: 440 WG List: 442 Editors: Hongji Zhao 443 445 Xufeng Liu 446 448 Yisong Liu 449 451 Anish Peter 452 454 Mahesh Sivakumar 455 457 "; 459 description 460 "The module defines a collection of YANG definitions common for 461 all Internet Group Management Protocol (IGMP) and Multicast 462 Listener Discovery (MLD) Snooping devices. 464 Copyright (c) 2018 IETF Trust and the persons identified as 465 authors of the code. All rights reserved. 467 Redistribution and use in source and binary forms, with or 468 without modification, is permitted pursuant to, and subject to 469 the license terms contained in, the Simplified BSD License set 470 forth in Section 4.c of the IETF Trust's Legal Provisions 471 Relating to IETF Documents 472 (http://trustee.ietf.org/license-info). 474 This version of this YANG module is part of RFC XXXX; see the 475 RFC itself for full legal notices."; 477 revision 2018-11-28 { 478 description 479 "Initial revision."; 480 reference 481 "RFC XXXX: A YANG Data Model for IGMP and MLD Snooping"; 482 } 484 /* 485 * Features 486 */ 488 feature feature-igmp-snooping { 489 description 490 "Support IGMP snooping protocol."; 491 reference 492 "RFC 4541, Section 1"; 493 } 495 feature feature-mld-snooping { 496 description 497 "Support MLD snooping protocol."; 498 reference 499 "RFC 4541, Section 1"; 500 } 502 feature immediate-leave { 503 description 504 "Support configuration of immediate-leave."; 505 reference 506 "RFC 2236, Section 10"; 507 } 509 feature require-router-alert { 510 description 511 "Support configuration of require-router-alert."; 512 reference 513 "RFC 3376, Section 5.2"; 514 } 516 feature static-l2-multicast-group { 517 description 518 "Support configuration of L2 multicast static-group."; 520 reference 521 "RFC 4541, Section 2.1"; 522 } 524 feature static-mrouter-interface { 525 description 526 "Support configuration of mrouter interface."; 527 reference 528 "RFC 4541, Section 2.1"; 529 } 531 feature rpc-clear-groups { 532 description 533 "Support clearing statistics by RPC for IGMP & MLD snooping."; 534 reference 535 "RFC 4541, Section 2.1"; 536 } 538 feature explicit-tracking { 539 description 540 "Support configuration of per instance explicit-tracking."; 541 reference 542 "RFC 3376, Appendix B"; 543 } 545 feature exclude-lite { 546 description 547 "Support configuration of per instance exclude-lite."; 548 reference 549 "RFC 5790, Section 3"; 550 } 552 /* identities */ 554 identity scenario-type { 555 description 556 "Base identity for scenario type in IGMP & MLD snooping"; 557 } 559 identity bridge { 560 base scenario-type; 561 description 562 "This identity represents BRIDGE scenario."; 563 } 565 identity l2vpn { 566 base scenario-type; 567 description 568 "This identity represents L2VPN scenario."; 569 } 570 identity filter-mode { 571 description 572 "Base identity for filter mode in IGMP & MLD snooping"; 573 } 575 identity include { 576 base filter-mode; 577 description 578 "This identity represents include mode."; 579 } 581 identity exclude { 582 base filter-mode; 583 description 584 "This identity represents exclude mode."; 585 } 587 identity igmp-snooping { 588 base rt:control-plane-protocol; 589 description 590 "IGMP snooping protocol"; 591 } 593 identity mld-snooping { 594 base rt:control-plane-protocol; 595 description 596 "MLD snooping protocol"; 597 } 599 /* 600 * Typedefs 601 */ 603 typedef snooping-scenario-type { 604 type identityref { 605 base "scenario-type"; 606 } 607 description "The IGMP & MLD snooping scenario type"; 608 } 610 typedef filter-mode-type { 611 type identityref { 612 base "filter-mode"; 613 } 614 description "The host filter mode"; 615 } 617 typedef igmp-mld-snooping-instance-ref { 618 type leafref { 619 path "/rt:routing/rt:control-plane-protocols"+ 620 "/rt:control-plane-protocol/rt:name"; 622 } 623 description 624 "This type is used by data models which need to 625 reference IGMP & MLD snooping instance."; 626 } 628 typedef l2vpn-instance-ac-ref { 629 type leafref { 630 path "/ni:network-instances/ni:network-instance"+ 631 "/l2vpn:endpoint/l2vpn:name"; 632 } 633 description "l2vpn-instance-ac-ref"; 634 } 636 typedef l2vpn-instance-pw-ref { 637 type leafref { 638 path "/ni:network-instances/ni:network-instance"+ 639 "/l2vpn:endpoint/l2vpn:name"; 640 } 641 description "l2vpn-instance-pw-ref"; 642 } 644 /* 645 * Groupings 646 */ 648 grouping instance-config-attributes-igmp-snooping { 649 description 650 "IGMP snooping configuration for each BRIDGE or L2VPN instance."; 652 uses instance-config-attributes-igmp-mld-snooping; 654 leaf version { 655 type uint8 { 656 range "1..3"; 657 } 658 default 2; 659 description "IGMP snooping version."; 660 } 662 leaf querier-source { 663 type inet:ipv4-address; 664 description 665 "Use the IGMP snooping querier to support IGMP 666 snooping in a VLAN where PIM and IGMP are not configured. 667 The IPV4 address is used as source address in messages."; 668 } 670 list static-l2-multicast-group { 671 if-feature static-l2-multicast-group; 672 key "group source-addr"; 673 description 674 "A static multicast route, (*,G) or (S,G)."; 676 leaf group { 677 type rt-types:ipv4-multicast-group-address; 678 description 679 "Multicast group IPV4 address"; 680 } 682 leaf source-addr { 683 type rt-types:ipv4-multicast-source-address; 684 description 685 "Multicast source IPV4 address."; 686 } 688 leaf-list bridge-outgoing-interface { 689 when "../../scenario = 'bridge'"; 690 type if:interface-ref; 691 description "Outgoing interface in BRIDGE forwarding"; 692 } 694 leaf-list l2vpn-outgoing-ac { 695 when "../../scenario = 'l2vpn'"; 696 type l2vpn-instance-ac-ref; 697 description "Outgoing AC in L2VPN forwarding"; 698 } 700 leaf-list l2vpn-outgoing-pw { 701 when "../../scenario = 'l2vpn'"; 702 type l2vpn-instance-pw-ref; 703 description "Outgoing PW in L2VPN forwarding"; 704 } 705 } // static-l2-multicast-group 706 } // instance-config-attributes-igmp-snooping 708 grouping instance-config-attributes-igmp-mld-snooping { 709 description 710 "IGMP and MLD snooping configuration of each VLAN."; 712 leaf enable { 713 type boolean; 714 default false; 715 description 716 "Set the value to true to enable IGMP & MLD snooping."; 717 } 719 leaf forwarding-mode { 720 type enumeration { 721 enum "mac" { 722 description 723 "MAC-based lookup mode"; 725 } 726 enum "ip" { 727 description 728 "IP-based lookup mode"; 729 } 730 } 731 default "ip"; 732 description "The default forwarding mode is ip"; 733 } 735 leaf explicit-tracking { 736 if-feature explicit-tracking; 737 type boolean; 738 default false; 739 description 740 "Track the IGMP & MLD snooping v3 membership reports 741 from individual hosts. It contributes to saving network 742 resources and shortening leave latency."; 743 } 745 leaf exclude-lite { 746 if-feature exclude-lite; 747 type boolean; 748 default false; 749 description 750 "Track the Lightweight IGMPv3 and MLDv2 protocol report"; 751 reference "RFC5790"; 752 } 754 leaf send-query { 755 type boolean; 756 default false; 757 description 758 "Enable quick response for topology changes. 759 To support IGMP snooping in a VLAN where PIM and IGMP are 760 not configured. It cooperates with parameter querier-source."; 761 } 763 leaf immediate-leave { 764 if-feature immediate-leave; 765 type empty; 766 description 767 "When immediate leave is enabled, the IGMP software assumes 768 that no more than one host is present on each VLAN port."; 769 } 771 leaf last-member-query-interval { 772 type uint16 { 773 range "1..1023"; 774 } 775 units seconds; 776 default 1; 777 description 778 "Last Member Query Interval, which may be tuned to modify 779 the leave latency of the network."; 780 reference "RFC3376. Sec. 8.8."; 781 } 783 leaf query-interval { 784 type uint16; 785 units seconds; 786 default 125; 787 description 788 "The Query Interval is the interval between General Queries 789 sent by the Querier."; 790 reference "RFC3376. Sec. 4.1.7, 8.2, 8.14.2."; 791 } 793 leaf query-max-response-time { 794 type uint16; 795 units seconds; 796 default 10; 797 description 798 "Query maximum response time specifies the maximum time 799 allowed before sending a responding report."; 800 reference "RFC3376. Sec. 4.1.1, 8.3, 8.14.3."; 801 } 803 leaf require-router-alert { 804 if-feature require-router-alert; 805 type boolean; 806 default false; 807 description 808 "When the value is true, router alert should exist 809 in the IP head of IGMP or MLD packet."; 810 } 812 leaf robustness-variable { 813 type uint8 { 814 range "1..7"; 815 } 816 default 2; 817 description 818 "Querier's Robustness Variable allows tuning for the 819 expected packet loss on a network."; 820 reference "RFC3376. Sec. 4.1.6, 8.1, 8.14.1."; 821 } 823 leaf-list static-bridge-mrouter-interface { 824 when "../scenario = 'bridge'"; 825 if-feature static-mrouter-interface; 826 type if:interface-ref; 827 description "static mrouter interface in BRIDGE forwarding"; 828 } 830 leaf-list static-l2vpn-mrouter-interface-ac { 831 when "../scenario = 'l2vpn'"; 832 if-feature static-mrouter-interface; 833 type if:interface-ref; 834 description 835 "static mrouter interface whose type is interface 836 in L2VPN forwarding"; 837 } 839 leaf-list static-l2vpn-mrouter-interface-pw { 840 when "../scenario = 'l2vpn'"; 841 if-feature static-mrouter-interface; 842 type l2vpn-instance-pw-ref; 843 description 844 "static mrouter interface whose type is PW 845 in L2VPN forwarding"; 846 } 847 } // instance-config-attributes-igmp-mld-snooping 849 grouping instance-config-attributes-mld-snooping { 850 description "MLD snooping configuration of each VLAN."; 852 uses instance-config-attributes-igmp-mld-snooping; 854 leaf version { 855 type uint8 { 856 range "1..2"; 857 } 858 default 2; 859 description "MLD snooping version."; 860 } 862 leaf querier-source { 863 type inet:ipv6-address; 864 description 865 "Use the MLD snooping querier to support MLD snooping where 866 PIM and MLD are not configured. The IPV6 address is used as 867 the source address in messages."; 868 } 870 list static-l2-multicast-group { 871 if-feature static-l2-multicast-group; 872 key "group source-addr"; 873 description 874 "A static multicast route, (*,G) or (S,G)."; 876 leaf group { 877 type rt-types:ipv6-multicast-group-address; 878 description 879 "Multicast group IPV6 address"; 880 } 882 leaf source-addr { 883 type rt-types:ipv6-multicast-source-address; 884 description 885 "Multicast source IPV6 address."; 886 } 888 leaf-list bridge-outgoing-interface { 889 when "../../scenario = 'bridge'"; 890 type if:interface-ref; 891 description "Outgoing interface in BRIDGE forwarding"; 892 } 894 leaf-list l2vpn-outgoing-ac { 895 when "../../scenario = 'l2vpn'"; 896 type l2vpn-instance-ac-ref; 897 description "Outgoing AC in L2VPN forwarding"; 898 } 900 leaf-list l2vpn-outgoing-pw { 901 when "../../scenario = 'l2vpn'"; 902 type l2vpn-instance-pw-ref; 903 description "Outgoing PW in L2VPN forwarding"; 904 } 905 } // static-l2-multicast-group 906 } // instance-config-attributes-mld-snooping 908 grouping instance-state-group-attributes-igmp-mld-snooping { 909 description 910 "Attributes for both IGMP and MLD snooping groups."; 912 leaf mac-address { 913 type yang:phys-address; 914 description "Destination MAC address for L2 multicast."; 915 } 917 leaf expire { 918 type uint32; 919 units seconds; 920 mandatory true; 921 description 922 "The time left before multicast group timeout."; 923 } 925 leaf up-time { 926 type uint32; 927 units seconds; 928 mandatory true; 929 description 930 "The time elapsed since L2 multicast record created."; 931 } 932 } // instance-state-group-attributes-igmp-mld-snooping 934 grouping instance-state-attributes-igmp-snooping { 935 description 936 "State attributes for IGMP snooping for each instance."; 938 uses instance-state-attributes-igmp-mld-snooping; 940 list group { 942 key "address"; 944 config false; 946 description "IGMP snooping information"; 948 leaf address { 949 type rt-types:ipv4-multicast-group-address; 950 description 951 "Multicast group IPV4 address"; 952 } 954 uses instance-state-group-attributes-igmp-mld-snooping; 956 leaf last-reporter { 957 type inet:ipv4-address; 958 description 959 "Address of the last host which has sent report to join 960 the multicast group."; 961 } 963 list source { 964 key "address"; 965 description "Source IPV4 address for multicast stream"; 967 leaf address { 968 type rt-types:ipv4-multicast-source-address; 969 description "Source IPV4 address for multicast stream"; 970 } 972 uses instance-state-source-attributes-igmp-mld-snooping; 974 leaf last-reporter { 975 type inet:ipv4-address; 976 description 977 "Address of the last host which has sent report 978 to join the multicast group."; 980 } 982 list host { 983 if-feature explicit-tracking; 984 key "host-address"; 985 description 986 "List of multicast membership hosts 987 of the specific multicast source-group."; 989 leaf host-address { 990 type inet:ipv4-address; 991 description 992 "Multicast membership host address."; 993 } 994 leaf host-filter-mode { 995 type filter-mode-type; 996 mandatory true; 997 description 998 "Filter mode for a multicast membership 999 host may be either include or exclude."; 1000 } 1001 }// list host 1003 } // list source 1004 } // list group 1005 } // instance-state-attributes-igmp-snooping 1007 grouping instance-state-attributes-igmp-mld-snooping { 1009 description 1010 "State attributes for IGMP & MLD snooping instance."; 1012 leaf entries-count { 1013 type uint32; 1014 config false; 1015 description 1016 "The number of L2 multicast entries in IGMP & MLD snooping"; 1017 } 1019 leaf-list bridge-mrouter-interface { 1020 when "../scenario = 'bridge'"; 1021 type if:interface-ref; 1022 config false; 1023 description "mrouter interface in BRIDGE forwarding"; 1024 } 1026 leaf-list l2vpn-mrouter-interface-ac { 1027 when "../scenario = 'l2vpn'"; 1028 type if:interface-ref; 1029 config false; 1030 description 1031 "mrouter interface whose type is interface 1032 in L2VPN forwarding"; 1034 } 1036 leaf-list l2vpn-mrouter-interface-pw { 1037 when "../scenario = 'l2vpn'"; 1038 type l2vpn-instance-pw-ref; 1039 config false; 1040 description 1041 "mrouter interface whose type is PW in L2VPN forwarding"; 1042 } 1043 } // instance-config-attributes-igmp-mld-snooping 1045 grouping instance-state-attributes-mld-snooping { 1046 description 1047 "State attributes for MLD snooping of each VLAN."; 1049 uses instance-state-attributes-igmp-mld-snooping; 1051 list group { 1052 key "address"; 1053 config false; 1054 description "MLD snooping statistics information"; 1056 leaf address { 1057 type rt-types:ipv6-multicast-group-address; 1058 description 1059 "Multicast group IPV6 address"; 1060 } 1062 uses instance-state-group-attributes-igmp-mld-snooping; 1064 leaf last-reporter { 1065 type inet:ipv6-address; 1066 description 1067 "Address of the last host which has sent report 1068 to join the multicast group."; 1069 } 1071 list source { 1072 key "address"; 1073 description "Source IPV6 address for multicast stream"; 1075 leaf address { 1076 type rt-types:ipv6-multicast-source-address; 1077 description "Source IPV6 address for multicast stream"; 1078 } 1080 uses instance-state-source-attributes-igmp-mld-snooping; 1081 leaf last-reporter { 1082 type inet:ipv6-address; 1083 description 1084 "Address of the last host which has sent report 1085 to join the multicast group."; 1086 } 1088 list host { 1089 if-feature explicit-tracking; 1090 key "host-address"; 1091 description 1092 "List of multicast membership hosts 1093 of the specific multicast source-group."; 1095 leaf host-address { 1096 type inet:ipv6-address; 1097 description 1098 "Multicast membership host address."; 1099 } 1100 leaf host-filter-mode { 1101 type filter-mode-type; 1102 mandatory true; 1103 description 1104 "Filter mode for a multicast membership 1105 host may be either include or exclude."; 1106 } 1107 }// list host 1108 } // list source 1109 } // list group 1110 } // instance-state-attributes-mld-snooping 1112 grouping instance-state-source-attributes-igmp-mld-snooping { 1113 description 1114 "State attributes for IGMP & MLD snooping instance."; 1116 leaf-list bridge-outgoing-interface { 1117 when "../../../scenario = 'bridge'"; 1118 type if:interface-ref; 1119 description "Outgoing interface in BRIDGE forwarding"; 1120 } 1122 leaf-list l2vpn-outgoing-ac { 1123 when "../../../scenario = 'l2vpn'"; 1124 type l2vpn-instance-ac-ref; 1125 description "Outgoing AC in L2VPN forwarding"; 1126 } 1128 leaf-list l2vpn-outgoing-pw { 1129 when "../../../scenario = 'l2vpn'"; 1130 type l2vpn-instance-pw-ref; 1131 description "Outgoing PW in L2VPN forwarding"; 1133 } 1135 leaf up-time { 1136 type uint32; 1137 units seconds; 1138 mandatory true; 1139 description 1140 "The time elapsed since L2 multicast record created"; 1141 } 1143 leaf expire { 1144 type uint32; 1145 units seconds; 1146 mandatory true; 1147 description 1148 "The time left before multicast group timeout."; 1149 } 1151 leaf host-count { 1152 if-feature explicit-tracking; 1153 type uint32; 1154 description 1155 "The number of host addresses."; 1156 } 1157 } // instance-state-source-attributes-igmp-mld-snooping 1159 grouping igmp-snooping-statistics { 1160 description 1161 "The statistics attributes for IGMP snooping."; 1163 leaf num-query { 1164 type yang:counter64; 1165 description 1166 "The number of query messages."; 1167 reference 1168 "RFC 2236, Section 2.1"; 1169 } 1170 leaf num-membership-report-v1 { 1171 type yang:counter64; 1172 description 1173 "The number of membership report v1 messages."; 1174 reference 1175 "RFC 3376, Section 4"; 1176 } 1177 leaf num-membership-report-v2 { 1178 type yang:counter64; 1179 description 1180 "The number of membership report v2 messages."; 1181 reference 1182 "RFC 3376, Section 4"; 1183 } 1184 leaf num-membership-report-v3 { 1185 type yang:counter64; 1186 description 1187 "The number of membership report v3 messages."; 1188 reference 1189 "RFC 3376, Section 4"; 1190 } 1191 leaf num-leave { 1192 type yang:counter64; 1193 description 1194 "The number of leave messages."; 1195 reference 1196 "RFC 3376, Section 4"; 1197 } 1198 leaf num-non-member-leave { 1199 type yang:counter64; 1200 description 1201 "The number of non member leave messages."; 1202 reference 1203 "RFC 3376, Section 4"; 1204 } 1205 leaf num-pim-hello { 1206 type yang:counter64; 1207 description 1208 "The number of PIM hello messages."; 1209 reference 1210 "RFC 7761, Section 4.9"; 1211 } 1212 } // igmp-snooping-statistics 1214 grouping mld-snooping-statistics { 1215 description 1216 "The statistics attributes for MLD snooping."; 1218 leaf num-query { 1219 type yang:counter64; 1220 description 1221 "The number of Multicast Listener Query messages."; 1222 reference 1223 "RFC 3810, Section 5"; 1224 } 1225 leaf num-report-v1 { 1226 type yang:counter64; 1227 description 1228 "The number of Version 1 Multicast Listener Report."; 1229 reference 1230 "RFC 3810, Section 5"; 1231 } 1232 leaf num-report-v2 { 1233 type yang:counter64; 1234 description 1235 "The number of Version 2 Multicast Listener Report."; 1236 reference 1237 "RFC 3810, Section 5"; 1238 } 1239 leaf num-done { 1240 type yang:counter64; 1241 description 1242 "The number of Version 1 Multicast Listener Done."; 1243 reference 1244 "RFC 3810, Section 5"; 1245 } 1246 leaf num-pim-hello { 1247 type yang:counter64; 1248 description 1249 "The number of PIM hello messages."; 1250 reference 1251 "RFC 7761, Section 4.9"; 1252 } 1253 } // mld-snooping-statistics 1255 grouping igmp-snooping-interface-statistics-attributes { 1257 description "Interface statistics attributes for IGMP snooping"; 1259 container interfaces { 1260 config false; 1262 description 1263 "Interfaces associated with the IGMP snooping instance"; 1265 list interface { 1266 key "name"; 1268 description 1269 "Interfaces associated with the IGMP snooping instance"; 1271 leaf name { 1272 type if:interface-ref; 1273 description 1274 "The name of interface"; 1276 } 1278 container statistics { 1279 description 1280 "The interface statistics for IGMP snooping"; 1282 container received { 1283 description 1284 "Statistics of received IGMP snooping packets."; 1286 uses igmp-snooping-statistics; 1287 } 1288 container sent { 1289 description 1290 "Statistics of sent IGMP snooping packets."; 1292 uses igmp-snooping-statistics; 1293 } 1294 } 1295 } 1296 } 1297 }//igmp-snooping-interface-statistics-attributes 1299 grouping mld-snooping-interface-statistics-attributes { 1301 description "Interface statistics attributes for MLD snooping"; 1303 container interfaces { 1304 config false; 1306 description 1307 "Interfaces associated with the MLD snooping instance"; 1309 list interface { 1310 key "name"; 1312 description 1313 "Interfaces associated with the MLD snooping instance"; 1315 leaf name { 1316 type if:interface-ref; 1317 description 1318 "The name of interface"; 1320 } 1322 container statistics { 1323 description 1324 "The interface statistics for MLD snooping"; 1326 container received { 1327 description 1328 "Statistics of received MLD snooping packets."; 1330 uses mld-snooping-statistics; 1331 } 1332 container sent { 1333 description 1334 "Statistics of sent MLD snooping packets."; 1336 uses mld-snooping-statistics; 1338 } 1339 } 1340 } 1341 } 1342 }//mld-snooping-interface-statistics-attributes 1344 augment "/rt:routing/rt:control-plane-protocols"+ 1345 "/rt:control-plane-protocol" { 1347 description 1348 "IGMP & MLD snooping augmentation to control plane protocol 1349 configuration and state."; 1351 /* 1352 * igmp-snooping-instance 1353 */ 1355 container igmp-snooping-instance { 1356 when "derived-from-or-self(../rt:type, 'ims:igmp-snooping')" { 1357 description 1358 "This container is only valid for IGMP snooping protocol."; 1359 } 1360 if-feature feature-igmp-snooping; 1361 description 1362 "IGMP snooping instance to configure the igmp-snooping."; 1364 leaf scenario { 1365 type snooping-scenario-type; 1366 default bridge; 1367 description 1368 "The scenario indicates BRIDGE or L2VPN."; 1369 } 1371 uses instance-config-attributes-igmp-snooping; 1373 uses instance-state-attributes-igmp-snooping; 1375 uses igmp-snooping-interface-statistics-attributes; 1377 } //igmp-snooping-instance 1379 /* 1380 * mld-snooping-instance 1381 */ 1383 container mld-snooping-instance { 1384 when "derived-from-or-self(../rt:type, 'ims:mld-snooping')" { 1385 description 1386 "This container is only valid for MLD snooping protocol."; 1387 } 1388 if-feature feature-mld-snooping; 1389 description 1390 "MLD snooping instance to configure the mld-snooping."; 1392 leaf scenario { 1393 type snooping-scenario-type; 1394 default bridge; 1395 description 1396 "The scenario indicates BRIDGE or L2VPN."; 1397 } 1399 uses instance-config-attributes-mld-snooping; 1401 uses instance-state-attributes-mld-snooping; 1403 uses mld-snooping-interface-statistics-attributes; 1405 }//mld-snooping-instance 1406 } 1408 augment "/dot1q:bridges/dot1q:bridge" { 1409 description 1410 "Reference IGMP & MLD snooping instance in BRIDGE scenario"; 1412 leaf igmp-snooping-instance { 1413 type igmp-mld-snooping-instance-ref; 1415 description 1416 "Configure IGMP snooping instance under bridge view"; 1417 } 1418 leaf mld-snooping-instance { 1419 type igmp-mld-snooping-instance-ref; 1421 description 1422 "Configure MLD snooping instance under bridge view"; 1423 } 1424 } 1426 augment "/dot1q:bridges/dot1q:bridge"+ 1427 "/dot1q:component/dot1q:bridge-vlan/dot1q:vlan" { 1428 description 1429 "Reference IGMP & MLD snooping instance in BRIDGE scenario"; 1431 leaf igmp-snooping-instance { 1432 type igmp-mld-snooping-instance-ref; 1434 description 1435 "Configure IGMP snooping instance under VLAN view"; 1436 } 1437 leaf mld-snooping-instance { 1438 type igmp-mld-snooping-instance-ref; 1440 description 1441 "Configure MLD snooping instance under VLAN view"; 1442 } 1443 } 1445 augment "/ni:network-instances/ni:network-instance"+ 1446 "/ni:ni-type/l2vpn:l2vpn" { 1448 description 1449 "Reference IGMP & MLD snooping instance in L2VPN scenario"; 1451 leaf igmp-snooping-instance { 1452 type igmp-mld-snooping-instance-ref; 1454 description 1455 "Configure IGMP snooping instance in L2VPN scenario"; 1456 } 1457 leaf mld-snooping-instance { 1458 type igmp-mld-snooping-instance-ref; 1460 description 1461 "Configure MLD snooping instance in L2VPN scenario"; 1462 } 1463 } 1465 /* RPCs */ 1467 rpc clear-igmp-snooping-groups { 1468 if-feature rpc-clear-groups; 1469 description 1470 "Clear the specified IGMP snooping cache tables."; 1472 input { 1474 leaf name { 1475 if-feature feature-igmp-snooping; 1476 type igmp-mld-snooping-instance-ref; 1477 description 1478 "Name of the igmp-snooping-instance"; 1479 } 1481 leaf group { 1482 type rt-types:ipv4-multicast-group-address; 1483 description 1484 "Multicast group IPv4 address. If it is not specified, 1485 all IGMP snooping group tables are cleared."; 1486 } 1488 leaf source { 1489 type rt-types:ipv4-multicast-source-address; 1490 description 1491 "Multicast source IPv4 address. If it is not specified, 1492 all IGMP snooping source-group tables are cleared."; 1493 } 1494 } 1495 } // rpc clear-igmp-snooping-groups 1497 rpc clear-mld-snooping-groups { 1498 if-feature rpc-clear-groups; 1499 description 1500 "Clear the specified MLD snooping cache tables."; 1502 input { 1503 leaf name { 1504 if-feature feature-mld-snooping; 1505 type igmp-mld-snooping-instance-ref; 1506 description 1507 "Name of the mld-snooping-instance"; 1508 } 1510 leaf group { 1511 type rt-types:ipv6-multicast-group-address; 1512 description 1513 "Multicast group IPv6 address. If it is not specified, 1514 all MLD snooping group tables are cleared."; 1515 } 1517 leaf source { 1518 type rt-types:ipv6-multicast-source-address; 1519 description 1520 "Multicast source IPv6 address. If it is not specified, 1521 all MLD snooping source-group tables are cleared."; 1522 } 1523 } 1524 } // rpc clear-mld-snooping-groups 1525 } 1526 1528 4. Security Considerations 1530 The YANG module specified in this document defines a schema for data 1531 that is designed to be accessed via network management protocols such as 1532 NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the 1533 secure transport layer, and the mandatory-to-implement secure transport 1534 is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1535 the mandatory-to-implement secure transport is TLS [RFC5246]. 1537 The NETCONF access control model [RFC6536] provides the means to 1538 restrict access for particular NETCONF or RESTCONF users to a 1539 preconfigured subset of all available NETCONF or RESTCONF protocol 1540 operations and content. 1542 There are a number of data nodes defined in this YANG module that are 1543 writable/creatable/deletable (i.e., config true, which is the default). 1544 These data nodes may be considered sensitive or vulnerable in some 1545 network environments. Write operations (e.g., edit-config) to these data 1546 nodes without proper protection can have a negative effect on network 1547 operations. These are the subtrees and data nodes and their 1548 sensitivity/vulnerability: 1550 /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol/ims:igmp-snooping- 1551 instance 1552 /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol/ims:mld-snooping- 1553 instance 1555 The subtrees under /dot1q:bridges/dot1q:bridge 1557 /dot1q:bridges/dot1q:bridge/ims:igmp-snooping-instance 1558 /dot1q:bridges/dot1q:bridge/ims:mld-snooping-instance 1560 The subtrees under 1561 /dot1q:bridges/dot1q:bridge/dot1q:component/dot1q:bridge-vlan/dot1q:vlan 1563 /dot1q:bridges/dot1q:bridge/dot1q:component/dot1q:bridge-vlan/dot1q:vlan/ims:igmp- 1564 snooping-instance 1565 /dot1q:bridges/dot1q:bridge/dot1q:component/dot1q:bridge-vlan/dot1q:vlan/ims:mld- 1566 snooping-instance 1568 The subtrees under /ni:network-instances/ni:network-instance/ni:ni- 1569 type/l2vpn:l2vpn 1571 /ni:network-instances/ni:network-instance/ni:ni-type/l2vpn:l2vpn/ims:igmp-snooping- 1572 instance 1573 /ni:network-instances/ni:network-instance/ni:ni-type/l2vpn:l2vpn/ims:mld-snooping- 1574 instance 1576 Unauthorized access to any data node of these subtrees can adversely 1577 affect the IGMP & MLD Snooping subsystem of both the local device and 1578 the network. This may lead to network malfunctions, delivery of packets 1579 to inappropriate destinations, and other problems. 1581 Some of the readable data nodes in this YANG module may be considered 1582 sensitive or vulnerable in some network environments. It is thus 1583 important to control read access (e.g., via get, get-config, or 1584 notification) to these data nodes. These are the subtrees and data nodes 1585 and their sensitivity/vulnerability: 1587 /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol/ims:igmp-snooping- 1588 instance 1589 /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol/ims:mld-snooping- 1590 instance 1592 Unauthorized access to any data node of these subtrees can disclose the 1593 operational state information of IGMP & MLD Snooping on this device. 1595 Some of the RPC operations in this YANG module may be considered 1596 sensitive or vulnerable in some network environments. It is thus 1597 important to control access to these operations. The IGMP & MLD Snooping 1598 Yang module support the "clear-igmp-snooping-groups" and " clear-mld- 1599 snooping-groups" RPCs. If it meets unauthorized RPC operation 1600 invocation, the IGMP and MLD Snooping group tables will be cleared 1601 unexpectedly. 1603 5. IANA Considerations 1605 RFC Ed.: In this section, replace all occurrences of 'XXXX' with the 1606 actual RFC number (and remove this note). 1608 This document registers the following namespace URIs in the IETF XML 1610 registry [RFC3688]: 1612 -------------------------------------------------------------------- 1614 URI: urn:ietf:params:xml:ns:yang:ietf-igmp-mld-snooping 1616 Registrant Contact: The IESG. 1618 XML: N/A, the requested URI is an XML namespace. 1620 -------------------------------------------------------------------- 1622 This document registers the following YANG modules in the YANG Module 1623 Names registry [RFC7950]: 1625 -------------------------------------------------------------------- 1626 name: ietf-igmp-mld-snooping 1628 namespace: urn:ietf:params:xml:ns:yang:ietf-igmp-mld-snooping 1630 prefix: ims 1632 reference: RFC XXXX 1634 -------------------------------------------------------------------- 1636 6. Normative References 1638 [P802.1Qcp/D2.2] IEEE Approved Draft Standard for Local and 1639 Metropolitan Area Networks, "Bridges and Bridged Networks Amendment: 1640 YANG Data Model", Mar 2018 1642 [RFC2236] Fenner, W., "Internet Group Management Protocol, Version 1643 2", RFC 2236, November 1997. 1645 [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast 1646 Listener Discovery (MLD) for IPv6", RFC 2710, October 1999. 1648 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 1649 Thyagarajan, "Internet Group Management Protocol, Version 1650 3", RFC 3376, October 2002. 1652 [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery 1653 Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. 1655 [RFC4541] M. Christensen, K. Kimball, F. Solensky, "Considerations 1656 for Internet Group Management Protocol (IGMP) and Multicast 1657 Listener Discovery (MLD) Snooping Switches", RFC 4541, May 1658 2006. 1660 [RFC4604] Holbrook, H., Cain, B., and B. Haberman, "Using Internet 1661 Group Management Protocol Version 3 (IGMPv3) and Multicast 1662 Listener Discovery Protocol Version 2 (MLDv2) for Source- 1663 Specific Multicast", RFC 4604, August 2006. 1665 [RFC4607] Holbrook, H. and B. Cain, "Source-Specific Multicast for 1666 IP", RFC 4607, August 2006. 1668 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1669 the Network Configuration Protocol (NETCONF)", RFC 6020, 1670 October 2010. 1672 [RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6021, 1673 October 2010. 1675 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, 1676 July 2013. 1678 [RFC8342] M. Bjorklund and J. Schoenwaelder, "Network Management 1679 Datastore Architecture (NMDA)", RFC 8342, March 2018. 1681 [RFC8343] M. Bjorklund, "A YANG Data Model for Interface Management", 1682 RFC 8343, March 2018. 1684 [draft-ietf-pim-igmp-mld-yang-06] X. Liu, F. Guo, M. Sivakumar, P. 1685 McAllister, A. Peter, "A YANG data model for Internet Group 1686 Management Protocol (IGMP) and Multicast Listener Discovery 1687 (MLD)", draft-ietf-pim-igmp-mld-yang-06, Oct 20, 2017. 1689 [draft-bjorklund-netmod-rfc7223bis-00] M. Bjorklund, "A YANG Data 1690 Model for Interface Management", draft-bjorklund-netmod- 1691 rfc7223bis-00, August 21, 2017 1693 [draft-bjorklund-netmod-rfc7277bis-00] M. Bjorklund, "A YANG Data 1694 Model for IP Management", draft-bjorklund-netmod- 1695 rfc7277bis-00, August 21, 2017 1697 [draft-ietf-netmod-revised-datastores-03] M. Bjorklund, J. 1698 Schoenwaelder, P. Shafer, K. Watsen, R. Wilton, "Network 1699 Management Datastore Architecture", draft-ietf-netmod- 1700 revised-datastores-03, July 3, 2017 1702 [draft-ietf-bess-evpn-yang-02] P.Brissette, A. Sajassi, H. Shah, Z. 1703 Li, H. Chen, K. Tiruveedhula, I. Hussain, J. Rabadan, "Yang 1704 Data Model for EVPN", draft-ietf-bess-evpn-yang-02, March 1705 13, 2017 1707 [draft-ietf-bess-l2vpn-yang-08] H. Shah, P. Brissette, I. Chen, I. 1708 Hussain, B. Wen, K. Tiruveedhula, "YANG Data Model for 1709 MPLS-based L2VPN", draft-ietf-bess-l2vpn-yang-06.txt, 1710 February 17, 2018 1712 [draft-ietf-rtgwg-ni-model-12] L. Berger, C. Hopps, A. Lindem, X. 1713 Liu, "YANG Model for Network Instances", draft-ietf-rtgwg- 1714 ni-model-12.txt, March 19, 2018 1716 Appendix A. Data Tree Example 1718 A.1 Bridge scenario 1720 This section contains an example for bridge scenario in the JSON 1721 encoding [RFC7951], containing both configuration and state data. 1723 +-----------+ 1724 + Source + 1725 +-----+-----+ 1726 | 1727 -----------------+---------------------------- 1728 |eth1/1 1729 +---+---+ 1730 + R1 + 1731 +-+---+-+ 1732 eth1/2 | \ eth1/3 1733 | \ 1734 | \ 1735 | \ 1736 | \ 1737 eth2/1 | \ eth3/1 1738 +---+---+ +--+---+ 1739 + R2 + + R3 + 1740 +---+---+ +--+---+ 1741 eth2/2 | | eth3/2 1742 | | 1743 ---------------+----------+------------------- 1744 | | 1745 | | 1746 +--------+--+ +---+--------+ 1747 + Receiver1 + + Receiver2 + 1748 +-----------+ +------------+ 1750 The configuration data for R1 in the above figure could be as follows: 1752 { 1753 "ietf-interfaces:interfaces":{ 1754 "interface":[ 1755 { 1756 "name":"eth1/1", 1757 "type":"iana-if-type:ethernetCsmacd" 1758 } 1759 ] 1760 }, 1761 "ietf-routing:routing":{ 1762 "control-plane-protocols":{ 1763 "control-plane-protocol":[ 1764 { 1765 "type":"ietf-igmp-mld-snooping:igmp-snooping", 1766 "name":"bis1", 1767 "ietf-igmp-mld-snooping:igmp-snooping-instance":{ 1768 "scenario":"ietf-igmp-mld-snooping:bridge", 1769 "enable":true 1770 } 1771 } 1772 ] 1773 } 1774 }, 1775 "ieee802-dot1q-bridge:bridges":{ 1776 "bridge":[ 1777 { 1778 "name":"isp1", 1779 "address":"00-23-ef-a5-77-12", 1780 "bridge-type":"ieee802-dot1q-bridge:customer-vlan-bridge", 1781 "component":[ 1782 { 1783 "name":"comp1", 1784 "type":"ieee802-dot1q-bridge:c-vlan-component", 1785 "bridge-vlan":{ 1786 "vlan":[ 1787 { 1788 "vid":101, 1789 "ietf-igmp-mld-snooping:igmp-snooping-instance":"bis1" 1790 } 1791 ] 1792 } 1793 } 1794 ] 1795 } 1796 ] 1797 } 1798 } 1800 The corresponding operational state data for R1 could be as follows: 1802 { 1803 "ietf-interfaces:interfaces": { 1804 "interface": [ 1805 { 1806 "name": "eth1/1", 1807 "type": "iana-if-type:ethernetCsmacd", 1808 "oper-status": "up", 1809 "statistics": { 1810 "discontinuity-time": "2018-05-23T12:34:56-05:00" 1811 } 1812 } 1813 ] 1814 }, 1815 "ietf-routing:routing": { 1816 "control-plane-protocols": { 1817 "control-plane-protocol": [ 1818 { 1819 "type": "ietf-igmp-mld-snooping:igmp-snooping", 1820 "name": "bis1", 1821 "ietf-igmp-mld-snooping:igmp-snooping-instance": { 1822 "scenario": "ietf-igmp-mld-snooping:bridge", 1823 "enable": true 1824 } 1825 } 1826 ] 1827 } 1828 }, 1829 "ieee802-dot1q-bridge:bridges": { 1830 "bridge": [ 1831 { 1832 "name": "isp1", 1833 "address": "00-23-ef-a5-77-12", 1834 "bridge-type": "ieee802-dot1q-bridge:customer-vlan-bridge", 1835 "component": [ 1836 { 1837 "name": "comp1", 1838 "type": "ieee802-dot1q-bridge:c-vlan-component", 1839 "bridge-vlan": { 1840 "vlan": [ 1841 { 1842 "vid": 101, 1843 "ietf-igmp-mld-snooping:igmp-snooping-instance": "bis1" 1844 } 1845 ] 1846 } 1847 } 1848 ] 1849 } 1850 ] 1851 } 1852 } 1853 A.2 L2VPN scenario 1855 This section contains an example for L2VPN scenario in the JSON encoding 1856 [RFC7951], containing both configuration and state data. 1858 +-----------+ 1859 + Source + 1860 +-----+-----+ 1861 | 1862 -----------------+---------------------------- 1863 |eth1/1 1864 +---+---+ 1865 + R1 + 1866 +-+---+-+ 1867 eth1/2 | \ eth1/3 1868 | \ 1869 | \ 1870 | \ 1871 | \ 1872 eth2/1 | \ eth3/1 1873 +-----+-+ +-+---+ 1874 + R2 +------+ R3 + 1875 +-----+-+ +-+---+ 1876 eth2/2 | | eth3/2 1877 | | 1878 ---------------+----------+------------------- 1879 | | 1880 | | 1881 +--------+--+ +--+--------+ 1882 + Receiver1 + + Receiver2 + 1883 +-----------+ +-----------+ 1885 The configuration data for R1 in the above figure could be as follows: 1886 { 1887 "ietf-interfaces:interfaces":{ 1888 "interface":[ 1889 { 1890 "name":"eth1/1", 1891 "type":"iana-if-type:ethernetCsmacd" 1892 } 1893 ] 1894 }, 1895 "ietf-pseudowires:pseudowires": { 1896 "pseudowire": [ 1897 { 1898 "name": "pw2" 1899 }, 1900 { 1901 "name": "pw3" 1902 } 1903 ] 1904 }, 1905 "ietf-network-instance:network-instances": { 1906 "network-instance": [ 1907 { 1908 "name": "vpls1", 1909 "ietf-igmp-mld-snooping:igmp-snooping-instance": "vis1", 1910 "ietf-l2vpn:type": "ietf-l2vpn:vpls-instance-type", 1911 "ietf-l2vpn:signaling-type": "ietf-l2vpn:ldp-signaling", 1912 "ietf-l2vpn:endpoint": [ 1913 { 1914 "name": "ac1", 1915 "primary-ac": { 1916 "name": "eth1/1" 1917 } 1918 }, 1919 { 1920 "name": "pw2", 1921 "primary-pw": [ 1922 { 1923 "name": "pw2" 1924 } 1925 ] 1926 }, 1927 { 1928 "name": "pw3", 1929 "primary-pw": [ 1930 { 1931 "name": "pw3" 1932 } 1933 ] 1934 } 1935 ] 1936 } 1937 ] 1938 }, 1939 "ietf-routing:routing": { 1940 "control-plane-protocols": { 1941 "control-plane-protocol": [ 1942 { 1943 "type": "ietf-igmp-mld-snooping:igmp-snooping", 1944 "name": "vis1", 1945 "ietf-igmp-mld-snooping:igmp-snooping-instance": { 1946 "scenario": "ietf-igmp-mld-snooping:l2vpn", 1947 "enable": true 1948 } 1949 } 1950 ] 1951 } 1953 } 1954 } 1956 The corresponding operational state data for R1 could be as follows: 1958 { 1959 "ietf-interfaces:interfaces":{ 1960 "interface":[ 1961 { 1962 "name":"eth1/1", 1963 "type":"iana-if-type:ethernetCsmacd", 1964 "oper-status": "up", 1965 "statistics": { 1966 "discontinuity-time": "2018-05-23T12:34:56-05:00" 1967 } 1968 } 1969 ] 1970 }, 1971 "ietf-pseudowires:pseudowires": { 1972 "pseudowire": [ 1973 { 1974 "name": "pw2" 1975 }, 1976 { 1977 "name": "pw3" 1978 } 1979 ] 1980 }, 1981 "ietf-network-instance:network-instances": { 1982 "network-instance": [ 1983 { 1984 "name": "vpls1", 1985 "ietf-igmp-mld-snooping:igmp-snooping-instance": "vis1", 1986 "ietf-l2vpn:type": "ietf-l2vpn:vpls-instance-type", 1987 "ietf-l2vpn:signaling-type": "ietf-l2vpn:ldp-signaling", 1988 "ietf-l2vpn:endpoint": [ 1989 { 1990 "name": "ac1", 1991 "primary-ac": { 1992 "name": "eth1/1" 1993 } 1994 }, 1995 { 1996 "name": "pw2", 1997 "primary-pw": [ 1998 { 1999 "name": "pw2" 2000 } 2001 ] 2002 }, 2003 { 2004 "name": "pw3", 2005 "primary-pw": [ 2006 { 2007 "name": "pw3" 2008 } 2009 ] 2010 } 2011 ] 2012 } 2013 ] 2014 }, 2015 "ietf-routing:routing": { 2016 "control-plane-protocols": { 2017 "control-plane-protocol": [ 2018 { 2019 "type": "ietf-igmp-mld-snooping:igmp-snooping", 2020 "name": "vis1", 2021 "ietf-igmp-mld-snooping:igmp-snooping-instance": { 2022 "scenario": "ietf-igmp-mld-snooping:l2vpn", 2023 "enable": true 2024 } 2025 } 2026 ] 2027 } 2028 } 2029 } 2030 Authors' Addresses 2032 Hongji Zhao 2033 Ericsson (China) Communications Company Ltd. 2034 Ericsson Tower, No. 5 Lize East Street, 2035 Chaoyang District Beijing 100102, P.R. China 2037 Email: hongji.zhao@ericsson.com 2039 Xufeng Liu 2040 Volta Networks 2041 USA 2043 EMail: xufeng.liu.ietf@gmail.com 2045 Yisong Liu 2046 Huawei Technologies 2047 Huawei Bld., No.156 Beiqing Rd. 2048 Beijing 100095 2049 China 2051 Email: liuyisong@huawei.com 2053 Anish Peter 2054 Individual 2056 EMail: anish.ietf@gmail.com 2058 Mahesh Sivakumar 2059 Juniper Networks 2060 1133 Innovation Way 2061 Sunnyvale, California 2062 USA 2064 EMail: sivakumar.mahesh@gmail.com