idnits 2.17.1 draft-ietf-pim-igmp-mld-snooping-yang-19.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 347 has weird spacing: '...er-mode fil...' == Line 370 has weird spacing: '... source rt-...' == Line 453 has weird spacing: '...er-mode fil...' == Line 474 has weird spacing: '... source rt-...' == Line 513 has weird spacing: '... source rt-...' == (1 more instance...) -- The document date (August 24, 2021) is 969 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 4541 ** Downref: Normative reference to an Informational RFC: RFC 6636 Summary: 2 errors (**), 0 flaws (~~), 7 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 PIM Working Group H. Zhao 2 Internet Draft Ericsson 3 Intended status: Standards Track X. Liu 4 Expires: February 23, 2022 Volta Networks 5 Y. Liu 6 China Mobile 7 M. Sivakumar 8 Juniper 9 A. Peter 10 Individual 12 August 24, 2021 14 A Yang Data Model for IGMP and MLD Snooping 15 draft-ietf-pim-igmp-mld-snooping-yang-19.txt 17 Abstract 19 This document defines a YANG data model that can be used to configure 20 and manage Internet Group Management Protocol (IGMP) and Multicast 21 Listener Discovery (MLD) Snooping devices. The YANG module in this 22 document conforms to Network Management Datastore Architecture (NMDA). 24 Status of this Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF), its areas, and its working groups. Note that 31 other groups may also distribute working documents as Internet- 32 Drafts. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 The list of current Internet-Drafts can be accessed at 40 http://www.ietf.org/ietf/1id-abstracts.txt 42 The list of Internet-Draft Shadow Directories can be accessed at 43 http://www.ietf.org/shadow.html 45 This Internet-Draft will expire on February 23, 2022. 47 Copyright Notice 49 Copyright (c) 2021 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction...................................................3 65 1.1. Terminology...............................................3 66 1.2. Tree Diagrams.............................................3 67 1.3. Prefixes in Data Node Names...............................4 68 2. Design of Data Model...........................................4 69 2.1. Overview..................................................5 70 2.2. Optional Capabilities.....................................5 71 2.3. Position of Address Family in Hierarchy...................6 72 3. Module Structure...............................................6 73 3.1. IGMP Snooping Instances...................................6 74 3.2. MLD Snooping Instances....................................8 75 3.3. Using IGMP and MLD Snooping Instances....................10 76 3.4. IGMP and MLD Snooping Actions............................11 77 4. IGMP and MLD Snooping YANG Module.............................11 78 5. Security Considerations.......................................31 79 6. IANA Considerations...........................................33 80 6.1. XML Registry.............................................33 81 6.2. YANG Module Names Registry...............................33 82 7. References....................................................34 83 7.1. Normative References.....................................34 84 7.2. Informative References...................................36 85 Appendix A. Data Tree Example...................................37 86 Authors' Addresses...............................................40 88 1. Introduction 90 This document defines a YANG [RFC7950] data model for the management of 91 Internet Group Management Protocol (IGMP) and Multicast Listener 92 Discovery (MLD) Snooping [RFC4541] devices. 94 The YANG module in this document conforms to the Network Management 95 Datastore Architecture defined in [RFC8342]. The "Network Management 96 Datastore Architecture" (NMDA) adds the ability to inspect the current 97 operational values for configuration, allowing clients to use identical 98 paths for retrieving the configured values and the operational values. 100 1.1. Terminology 102 The terminology for describing YANG data models is found in [RFC6020] 104 and [RFC7950], including: 106 * augment 108 * data model 110 * data node 112 * identity 114 * module 116 The following terminologies are used in this document: 118 * mrouter: multicast router, which is a router that has multicast 119 routing enabled [RFC4286]. 121 * mrouter interfaces: snooping switch ports where multicast routers 122 are attached [RFC4541]. 124 The following abbreviations are used in this document and defined model: 126 IGMP: Internet Group Management Protocol [RFC3376]. 128 MLD: Multicast Listener Discovery [RFC3810]. 130 1.2. Tree Diagrams 132 Tree diagrams used in this document follow the notation defined in 134 [RFC8340]. 136 1.3. Prefixes in Data Node Names 138 In this document, names of data nodes, actions, and other data model 139 objects are often used without a prefix, as long as it is clear from the 140 context in which YANG module each name is defined. Otherwise, names are 141 prefixed using the standard prefix associated with the corresponding 142 YANG module, as shown in Table 1. 144 +----------+-----------------------+---------------------------------+ 145 | Prefix | YANG module | Reference | 146 +==========+=======================+=================================+ 147 | inet | ietf-inet-types | [RFC6991] | 148 +----------+-----------------------+---------------------------------+ 149 | yang | ietf-yang-types | [RFC6991] | 150 +----------+-----------------------+---------------------------------+ 151 | if | ietf-interfaces | [RFC8343] | 152 +----------+-----------------------+---------------------------------+ 153 | rt | ietf-routing | [RFC8349] | 154 +----------+-----------------------+---------------------------------+ 155 | rt-types | ietf-routing-types | [RFC8294] | 156 +----------+-----------------------+---------------------------------+ 157 | dot1q | ieee802-dot1q-bridge | [dot1Qcp] | 158 +----------+-----------------------+---------------------------------+ 159 Table 1: Prefixes and Corresponding YANG Modules 161 2. Design of Data Model 163 An IGMP/MLD snooping switch [RFC4541] analyzes IGMP/MLD packets and sets 164 up forwarding tables for multicast traffic. If a switch does not run 165 IGMP/MLD snooping, multicast traffic will be flooded in the broadcast 166 domain. If a switch runs IGMP/MLD snooping, multicast traffic will be 167 forwarded based on the forwarding tables to avoid wasting bandwidth. The 168 IGMP/MLD snooping switch does not need to run any of the IGMP/MLD 169 protocols. Because the IGMP/MLD snooping is independent of the IGMP/MLD 170 protocols, the data model defined in this document does not augment, or 171 even require, the IGMP/MLD data model defined in [RFC8652]. 172 The model covers considerations for Internet Group Management Protocol 173 (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches 174 [RFC4541]. 176 IGMP and MLD snooping switches do not adhere to the conceptual model 177 that provides the strict separation of functionality between different 178 communications layers in the ISO model, and instead utilize information 179 in the upper level protocol headers as factors to be considered in 180 processing at the lower levels [RFC4541]. 182 IGMP Snooping switches utilize IGMP, and could support IGMPv1 [RFC1112], 183 IGMPv2 [RFC2236], and IGMPv3 [RFC3376]. MLD Snooping switches utilize 184 MLD, and could support MLDv1 [RFC2710] and MLDv2 [RFC3810]. The goal of 185 this document is to define a data model that provides a common user 186 interface to IGMP and MLD Snooping. 188 2.1. Overview 190 The IGMP and MLD Snooping YANG module defined in this document has all 191 the common building blocks for the IGMP and MLD Snooping switches. 193 The YANG module includes IGMP and MLD Snooping instance definition, 194 using instance in the L2 service type of BRIDGE [dot1Qcp]. It also 195 includes actions for clearing IGMP and MLD Snooping group tables. 197 The YANG module doesn't cover L2VPN, which will be specified in a 198 separated document. 200 2.2. Optional Capabilities 202 This model is designed to represent the basic capability subsets of IGMP 203 and MLD Snooping. The main design goals of this document are that the 204 basic capabilities described in the model are supported by any major 205 now-existing implementation, and that the configuration of all 206 implementations meeting the specifications is easy to express through 207 some combination of the optional features in the model and simple vendor 208 augmentations. 210 There is also value in widely supported features being standardized, to 211 provide a standardized way to access these features, to save work for 212 individual vendors, and so that mapping between different vendors' 213 configuration is not needlessly complicated. Therefore, this model 214 declares a number of features representing capabilities that not all 215 deployed devices support. 217 The extensive use of feature declarations should also substantially 218 simplify the capability negotiation process for a vendor's IGMP and MLD 219 Snooping implementations. 221 On the other hand, operational state parameters are not so widely 222 designated as features, as there are many cases where the defaulting 223 of an operational state parameter would not cause any harm to the 224 system, and it is much more likely that an implementation without 225 native support for a piece of operational state would be able to derive 226 a suitable value for a state variable that is not natively supported. 228 2.3. Position of Address Family in Hierarchy 230 IGMP Snooping only supports IPv4, while MLD Snooping only supports IPv6. 231 The data model defined in this document can be used for both IPv4 and 232 IPv6 address families. 234 This document defines IGMP Snooping and MLD Snooping as separate schema 235 branches in the structure. The benefits are: 237 * The model can support IGMP Snooping (IPv4), MLD Snooping (IPv6), or 238 both optionally and independently. Such flexibility cannot be achieved 239 cleanly with a combined branch. 241 * The structure is consistent with other YANG data models such as 242 [RFC8652], which uses separate branches for IPv4 and IPv6. 244 * Having separate branches for IGMP Snooping and MLD Snooping allows 245 minor differences in their behavior to be modelled more simply and 246 cleanly. The two branches can better support different features and node 247 types. 249 3. Module Structure 251 This model augments the core routing data model specified in [RFC8349]. 253 +--rw routing 254 +--rw router-id? 255 +--rw control-plane-protocols 256 | +--rw control-plane-protocol* [type name] 257 | +--rw type 258 | +--rw name 259 | +--rw igmp-snooping-instance <= Augmented by this Model 260 ... 261 | +--rw mld-snooping-instance <= Augmented by this Model 262 ... 263 The "igmp-snooping-instance" container instantiates an IGMP Snooping 264 Instance. The "mld-snooping-instance" container instantiates an MLD 265 Snooping Instance. 267 The YANG data model defined in this document conforms to the Network 268 Management Datastore Architecture (NMDA) [RFC8342]. The operational 269 state data is combined with the associated configuration data in the 270 same hierarchy [RFC8407]. 272 3.1. IGMP Snooping Instances 274 The YANG module ietf-igmp-mld-snooping augments /rt:routing/rt:control- 275 plane-protocols/rt:control-plane-protocol to add the igmp-snooping- 276 instance container. 278 All the IGMP Snooping related attributes have been defined in the igmp- 279 snooping-instance. The read-write attributes represent configurable 280 data. The read-only attributes represent state data. 282 One igmp-snooping-instance could be used in one BRIDGE [dot1Qcp] 283 instance, and it corresponds to one BRIDGE instance. 285 Currently the value of l2-service-type in igmp-snooping-instance could 286 only be set bridge. After it is set, igmp-snooping-instance could be 287 used in the BRIDGE service. 289 The values of bridge-mrouter-interface is filled by the snooping device 290 dynamically. It is different from static-bridge-mrouter-interface which 291 is configured. 293 The attributes under the interfaces show the statistics of IGMP Snooping 294 related packets. 296 augment /rt:routing/rt:control-plane-protocols 297 /rt:control-plane-protocol: 298 +--rw igmp-snooping-instance {igmp-snooping}? 299 +--rw l2-service-type? l2-service-type 300 +--rw enable? boolean 301 +--rw forwarding-table-type? enumeration 302 +--rw explicit-tracking? boolean 303 | {explicit-tracking}? 304 +--rw lite-exclude-filter? empty 305 | {lite-exclude-filter}? 306 +--rw send-query? boolean 307 +--rw immediate-leave? empty 308 | {immediate-leave}? 309 +--rw last-member-query-interval? uint16 310 +--rw query-interval? uint16 311 +--rw query-max-response-time? uint16 312 +--rw require-router-alert? boolean 313 | {require-router-alert}? 314 +--rw robustness-variable? uint8 315 +--rw static-bridge-mrouter-interface* if:interface-ref 316 | {static-mrouter-interface}? 317 +--rw igmp-version? uint8 318 +--rw querier-source? inet:ipv4-address 319 +--rw static-l2-multicast-group* [group source-addr] 320 | {static-l2-multicast-group}? 321 | +--rw group 322 | | rt-types:ipv4-multicast-group-address 323 | +--rw source-addr 324 | | rt-types:ipv4-multicast-source-address 325 | +--rw bridge-outgoing-interface* if:interface-ref 326 +--ro entries-count? yang:gauge32 327 +--ro bridge-mrouter-interface* if:interface-ref 328 +--ro group* [address] 329 | +--ro address 330 | | rt-types:ipv4-multicast-group-address 331 | +--ro mac-address? yang:phys-address 332 | +--ro expire? rt-types:timer-value-seconds16 333 | +--ro up-time uint32 334 | +--ro last-reporter? inet:ipv4-address 335 | +--ro source* [address] 336 | +--ro address 337 | | rt-types:ipv4-multicast-source-address 338 | +--ro bridge-outgoing-interface* if:interface-ref 339 | +--ro up-time uint32 340 | +--ro expire? 341 | | rt-types:timer-value-seconds16 342 | +--ro host-count? yang:gauge32 343 | | {explicit-tracking}? 344 | +--ro last-reporter? inet:ipv4-address 345 | +--ro host* [host-address] {explicit-tracking}? 346 | +--ro host-address inet:ipv4-address 347 | +--ro host-filter-mode filter-mode-type 348 +--ro interfaces 349 | +--ro interface* [name] 350 | +--ro name if:interface-ref 351 | +--ro statistics 352 | +--ro discontinuity-time? yang:date-and-time 353 | +--ro received 354 | | +--ro query-count? yang:counter64 355 | | +--ro membership-report-v1-count? yang:counter64 356 | | +--ro membership-report-v2-count? yang:counter64 357 | | +--ro membership-report-v3-count? yang:counter64 358 | | +--ro leave-count? yang:counter64 359 | | +--ro pim-hello-count? yang:counter64 360 | +--ro sent 361 | +--ro query-count? yang:counter64 362 | +--ro membership-report-v1-count? yang:counter64 363 | +--ro membership-report-v2-count? yang:counter64 364 | +--ro membership-report-v3-count? yang:counter64 365 | +--ro leave-count? yang:counter64 366 | +--ro pim-hello-count? yang:counter64 367 +---x clear-igmp-snooping-groups {action-clear-groups}? 368 +---w input 369 +---w group union 370 +---w source rt-types:ipv4-multicast-source-address 372 3.2. MLD Snooping Instances 374 The YANG module ietf-igmp-mld-snooping augments /rt:routing/rt:control- 375 plane-protocols/rt:control-plane-protocol to add the mld-snooping- 376 instance container. The mld-snooping-instance could be used in the 377 BRIDGE [dot1Qcp] service to enable MLD Snooping. 379 All the MLD Snooping related attributes have been defined in the mld- 380 snooping-instance. The read-write attributes represent configurable 381 data. The read-only attributes represent state data. 383 The mld-snooping-instance has similar structure as IGMP snooping. Some 384 of leaves are protocol related. The mld-snooping-instance uses IPv6 385 addresses and mld-version, while igmp-snooping-instance uses IPv4 386 addresses and igmp-version. Statistic counters in each of the above 387 snooping instances are also tailored to the specific protocol type. One 388 mld-snooping-instance could be used in one BRIDGE instance, and it 389 corresponds to one BRIDGE instance. 391 Currently the value of l2-service-type in mld-snooping-instance could 392 only be set bridge. After it is set, mld-snooping-instance could be used 393 in the BRIDGE service. 395 The value of bridge-mrouter-interface is filled by the snooping device 396 dynamically. It is different from static-bridge-mrouter-interface which 397 is configured. 399 The attributes under the interfaces show the statistics of MLD Snooping 400 related packets. 402 augment /rt:routing/rt:control-plane-protocols 403 /rt:control-plane-protocol: 404 +--rw mld-snooping-instance {mld-snooping}? 405 +--rw l2-service-type? l2-service-type 406 +--rw enable? boolean 407 +--rw forwarding-table-type? enumeration 408 +--rw explicit-tracking? boolean 409 | {explicit-tracking}? 410 +--rw lite-exclude-filter? empty 411 | {lite-exclude-filter}? 412 +--rw send-query? boolean 413 +--rw immediate-leave? empty 414 | {immediate-leave}? 415 +--rw last-member-query-interval? uint16 416 +--rw query-interval? uint16 417 +--rw query-max-response-time? uint16 418 +--rw require-router-alert? boolean 419 | {require-router-alert}? 420 +--rw robustness-variable? uint8 421 +--rw static-bridge-mrouter-interface* if:interface-ref 422 | {static-mrouter-interface}? 423 +--rw mld-version? uint8 424 +--rw querier-source? inet:ipv6-address 425 +--rw static-l2-multicast-group* [group source-addr] 426 | {static-l2-multicast-group}? 427 | +--rw group 428 | | rt-types:ipv6-multicast-group-address 429 | +--rw source-addr 430 | | rt-types:ipv6-multicast-source-address 431 | +--rw bridge-outgoing-interface* if:interface-ref 432 +--ro entries-count? yang:gauge32 433 +--ro bridge-mrouter-interface* if:interface-ref 434 +--ro group* [address] 435 | +--ro address 436 | | rt-types:ipv6-multicast-group-address 437 | +--ro mac-address? yang:phys-address 438 | +--ro expire? rt-types:timer-value-seconds16 439 | +--ro up-time uint32 440 | +--ro last-reporter? inet:ipv6-address 441 | +--ro source* [address] 442 | +--ro address 443 | | rt-types:ipv6-multicast-source-address 444 | +--ro bridge-outgoing-interface* if:interface-ref 445 | +--ro up-time uint32 446 | +--ro expire? 447 | | rt-types:timer-value-seconds16 448 | +--ro host-count? yang:gauge32 449 | | {explicit-tracking}? 450 | +--ro last-reporter? inet:ipv6-address 451 | +--ro host* [host-address] {explicit-tracking}? 452 | +--ro host-address inet:ipv6-address 453 | +--ro host-filter-mode filter-mode-type 454 +--ro interfaces 455 | +--ro interface* [name] 456 | +--ro name if:interface-ref 457 | +--ro statistics 458 | +--ro discontinuity-time? yang:date-and-time 459 | +--ro received 460 | | +--ro query-count? yang:counter64 461 | | +--ro report-v1-count? yang:counter64 462 | | +--ro report-v2-count? yang:counter64 463 | | +--ro done-count? yang:counter64 464 | | +--ro pim-hello-count? yang:counter64 465 | +--ro sent 466 | +--ro query-count? yang:counter64 467 | +--ro report-v1-count? yang:counter64 468 | +--ro report-v2-count? yang:counter64 469 | +--ro done-count? yang:counter64 470 | +--ro pim-hello-count? yang:counter64 471 +---x clear-mld-snooping-groups {action-clear-groups}? 472 +---w input 473 +---w group union 474 +---w source rt-types:ipv6-multicast-source-address 476 3.3. Using IGMP and MLD Snooping Instances 478 The igmp-snooping-instance could be used in the service of BRIDGE 479 [dot1Qcp] to configure the IGMP Snooping. 481 For the BRIDGE service this model augments /dot1q:bridges/dot1q:bridge 482 to use igmp-snooping-instance. It means IGMP Snooping is enabled in the 483 whole bridge. 485 It also augments /dot1q:bridges/dot1q:bridge/dot1q:component/ 486 dot1q:bridge-vlan/dot1q:vlan to use igmp-snooping-instance. It means 487 IGMP Snooping is enabled in the specified VLAN on the bridge. 489 The mld-snooping-instance could be used in concurrence with igmp- 490 snooping-instance to configure the MLD Snooping. 492 augment /dot1q:bridges/dot1q:bridge: 493 +--rw igmp-snooping-instance? igmp-mld-snooping-instance-ref 494 +--rw mld-snooping-instance? igmp-mld-snooping-instance-ref 496 augment /dot1q:bridges/dot1q:bridge/dot1q:component 497 /dot1q:bridge-vlan/dot1q:vlan: 498 +--rw igmp-snooping-instance? igmp-mld-snooping-instance-ref 499 +--rw mld-snooping-instance? igmp-mld-snooping-instance-ref 501 3.4. IGMP and MLD Snooping Actions 503 IGMP and MLD Snooping actions clear the specified IGMP and MLD Snooping 504 group tables. If both source X and group Y are specified, only source X 505 from group Y in that specific instance will be cleared. 507 augment /rt:routing/rt:control-plane-protocols 508 /rt:control-plane-protocol: 509 +--rw igmp-snooping-instance {igmp-snooping}? 510 +---x clear-igmp-snooping-groups {action-clear-groups}? 511 +---w input 512 +---w group union 513 +---w source rt-types:ipv4-multicast-source-address 515 augment /rt:routing/rt:control-plane-protocols 516 /rt:control-plane-protocol: 517 +--rw mld-snooping-instance {mld-snooping}? 518 +---x clear-mld-snooping-groups {action-clear-groups}? 519 +---w input 520 +---w group union 521 +---w source rt-types:ipv6-multicast-source-address 523 4. IGMP and MLD Snooping YANG Module 525 This module references [RFC1112],[RFC2236],[RFC2710],[RFC3376], 526 [RFC3810],[RFC4541],[RFC5790],[RFC6636],[RFC6991],[RFC7761], 527 [RFC8343],[dot1Qcp]. 529 file ietf-igmp-mld-snooping@2021-08-23.yang 530 module ietf-igmp-mld-snooping { 531 yang-version 1.1; 532 namespace "urn:ietf:params:xml:ns:yang:ietf-igmp-mld-snooping"; 534 prefix ims; 536 import ietf-inet-types { 537 prefix "inet"; 538 reference 539 "RFC 6991: Common YANG Data Types"; 540 } 542 import ietf-yang-types { 543 prefix "yang"; 544 reference 545 "RFC 6991: Common YANG Data Types"; 546 } 548 import ietf-interfaces { 549 prefix "if"; 550 reference 551 "RFC 8343: A YANG Data Model for Interface Management"; 552 } 554 import ietf-routing { 555 prefix "rt"; 556 reference 557 "RFC 8349: A YANG Data Model for Routing Management (NMDA 558 Version)"; 559 } 561 import ietf-routing-types { 562 prefix "rt-types"; 563 reference 564 "RFC 8294: Common YANG Data Types for the Routing Area"; 565 } 567 import ieee802-dot1q-bridge { 568 prefix "dot1q"; 569 reference 570 "dot1Qcp: IEEE 802.1Qcp-2018 Bridges and Bridged Networks 571 - Amendment: YANG Data Model"; 572 } 574 organization 575 "IETF PIM Working Group"; 577 contact 578 "WG Web: 579 WG List: 580 Editors: Hongji Zhao 581 583 Xufeng Liu 584 586 Yisong Liu 587 589 Anish Peter 590 592 Mahesh Sivakumar 593 595 "; 597 description 598 "The module defines a collection of YANG definitions common for 599 all devices that implement Internet Group Management Protocol 600 (IGMP) and Multicast Listener Discovery (MLD) Snooping which is 601 described in RFC 4541. 603 Copyright (c) 2021 IETF Trust and the persons identified as 604 authors of the code. All rights reserved. 606 Redistribution and use in source and binary forms, with or 607 without modification, is permitted pursuant to, and subject to 608 the license terms contained in, the Simplified BSD License set 609 forth in Section 4.c of the IETF Trust's Legal Provisions 610 Relating to IETF Documents 611 (http://trustee.ietf.org/license-info). 613 This version of this YANG module is part of RFC XXXX; see the 614 RFC itself for full legal notices."; 616 revision 2021-08-23 { 617 description 618 "Initial revision."; 619 reference 620 "RFC XXXX: A YANG Data Model for IGMP and MLD Snooping"; 621 } 623 /* 624 * Features 625 */ 627 feature igmp-snooping { 628 description 629 "Support IGMP snooping."; 630 reference 631 "RFC 4541"; 632 } 634 feature mld-snooping { 635 description 636 "Support MLD snooping."; 637 reference 638 "RFC 4541"; 639 } 641 feature immediate-leave { 642 description 643 "Support configuration of fast leave. The fast leave feature 644 does not send last member query messages to hosts."; 645 reference 646 "RFC 3376"; 647 } 649 feature static-l2-multicast-group { 650 description 651 "Support configuration of L2 multicast static-group."; 652 } 654 feature static-mrouter-interface { 655 description 656 "Support multicast router interface explicitly configured 657 by management"; 658 reference 659 "RFC 4541"; 660 } 662 feature action-clear-groups { 663 description 664 "Support clearing statistics by action for IGMP & MLD snooping."; 665 } 667 feature require-router-alert { 668 description 669 "Support configuration of require-router-alert."; 670 reference 671 "RFC 3376"; 672 } 674 feature lite-exclude-filter { 675 description 676 "Enable the support of the simplified EXCLUDE filter."; 677 reference 678 "RFC 5790"; 679 } 681 feature explicit-tracking { 682 description 683 "Support configuration of per instance explicit-tracking."; 684 reference 685 "RFC 6636"; 686 } 688 /* identities */ 690 identity l2-service-type { 691 description 692 "Base identity for L2 service type in IGMP & MLD snooping"; 693 } 695 identity bridge { 696 base l2-service-type; 697 description 698 "This identity represents BRIDGE service."; 699 } 701 identity filter-mode { 702 description 703 "Base identity for filter mode in IGMP & MLD snooping"; 704 } 706 identity include { 707 base filter-mode; 708 description 709 "This identity represents include mode."; 710 } 712 identity exclude { 713 base filter-mode; 714 description 715 "This identity represents exclude mode."; 716 } 718 identity igmp-snooping { 719 base rt:control-plane-protocol; 720 description 721 "IGMP snooping"; 722 } 724 identity mld-snooping { 725 base rt:control-plane-protocol; 726 description 727 "MLD snooping"; 728 } 730 /* 731 * Typedefs 732 */ 734 typedef l2-service-type { 735 type identityref { 736 base "l2-service-type"; 737 } 738 description "The L2 service type used with IGMP & MLD snooping "; 739 } 741 typedef filter-mode-type { 742 type identityref { 743 base "filter-mode"; 744 } 745 description "The host filter mode"; 746 } 748 typedef igmp-mld-snooping-instance-ref { 749 type leafref { 750 path "/rt:routing/rt:control-plane-protocols"+ 751 "/rt:control-plane-protocol/rt:name"; 752 } 753 description 754 "This type is used by data models which need to 755 reference IGMP & MLD snooping instance."; 756 } 758 /* 759 * Groupings 760 */ 762 grouping instance-config-attributes-igmp-mld-snooping { 763 description 764 "IGMP and MLD snooping configuration of each VLAN."; 766 leaf enable { 767 type boolean; 768 default false; 769 description 770 "Set the value to true to enable IGMP & MLD snooping."; 771 } 773 leaf forwarding-table-type { 774 type enumeration { 775 enum "mac" { 776 description 777 "MAC-based lookup mode"; 778 } 779 enum "ip" { 780 description 781 "IP-based lookup mode"; 782 } 783 } 784 default "ip"; 785 description "The default forwarding table type is ip"; 786 } 788 leaf explicit-tracking { 789 if-feature explicit-tracking; 790 type boolean; 791 default false; 792 description 793 "Track the IGMPv3 and MLDv2 snooping membership reports 794 from individual hosts. It contributes to saving network 795 resources and shortening leave latency."; 796 } 798 leaf lite-exclude-filter { 799 if-feature lite-exclude-filter; 800 type empty; 801 description 802 "For IGMP Snooping, the presence of this 803 leaf enables the support of the simplified EXCLUDE filter 804 in the Lightweight IGMPv3 protocol, which simplifies the 805 standard versions of IGMPv3. 806 For MLD Snooping, the presence of this 807 leaf enables the support of the simplified EXCLUDE filter 808 in the Lightweight MLDv2 protocol, which simplifies the 809 standard versions of MLDv2."; 810 reference 811 "RFC 5790"; 812 } 814 leaf send-query { 815 type boolean; 816 default false; 817 description 818 "Enable quick response for topology changes. 819 To support IGMP snooping in a VLAN where PIM and IGMP are 820 not configured. It cooperates with parameter querier-source."; 821 } 823 leaf immediate-leave { 824 if-feature immediate-leave; 825 type empty; 826 description 827 "When immediate leave is enabled, the IGMP software assumes 828 that no more than one host is present on each VLAN port."; 829 } 831 leaf last-member-query-interval { 832 type uint16 { 833 range "10..10230"; 834 } 835 units deciseconds; 836 default 10; 837 description 838 "Last Member Query Interval, which may be tuned to modify 839 the leave latency of the network. 840 It is represented in units of 1/10 second."; 841 reference "RFC 3376. Sec. 8.8."; 842 } 844 leaf query-interval { 845 type uint16; 846 units seconds; 847 default 125; 848 description 849 "The Query Interval is the interval between General Queries 850 sent by the Querier."; 851 reference "RFC 3376. Sec. 4.1.7, 8.2, 8.14.2."; 852 } 854 leaf query-max-response-time { 855 type uint16; 856 units deciseconds; 857 default 100; 858 description 859 "Query maximum response time specifies the maximum time 860 allowed before sending a responding report. 861 It is represented in units of 1/10 second."; 862 reference "RFC 3376. Sec. 4.1.1, 8.3, 8.14.3."; 863 } 865 leaf require-router-alert { 866 if-feature require-router-alert; 867 type boolean; 868 default false; 869 description 870 "When the value is true, router alert should exist 871 in the IP header of IGMP or MLD packet."; 872 } 874 leaf robustness-variable { 875 type uint8 { 876 range "1..7"; 877 } 878 default 2; 879 description 880 "Querier's Robustness Variable allows tuning for the 881 expected packet loss on a network."; 882 reference "RFC 3376. Sec. 4.1.6, 8.1, 8.14.1."; 883 } 885 leaf-list static-bridge-mrouter-interface { 886 when 'derived-from-or-self(../l2-service-type,"ims:bridge")'; 887 if-feature static-mrouter-interface; 888 type if:interface-ref; 889 description "static mrouter interface in BRIDGE forwarding"; 890 } 891 } // instance-config-attributes-igmp-mld-snooping 893 grouping instance-state-group-attributes-igmp-mld-snooping { 894 description 895 "Attributes for both IGMP and MLD snooping groups."; 897 leaf mac-address { 898 type yang:phys-address; 899 description "Destination MAC address for L2 multicast."; 900 } 902 leaf expire { 903 type rt-types:timer-value-seconds16; 904 units seconds; 905 description 906 "The time left before multicast group timeout."; 907 } 909 leaf up-time { 910 type uint32; 911 units seconds; 912 mandatory true; 913 description 914 "The time elapsed since L2 multicast record created."; 915 } 916 } // instance-state-group-attributes-igmp-mld-snooping 918 grouping instance-state-attributes-igmp-mld-snooping { 920 description 921 "State attributes for IGMP & MLD snooping instance."; 923 leaf entries-count { 924 type yang:gauge32; 925 config false; 926 description 927 "The number of L2 multicast entries in IGMP & MLD snooping"; 928 } 930 leaf-list bridge-mrouter-interface { 931 when 'derived-from-or-self(../l2-service-type,"ims:bridge")'; 932 type if:interface-ref; 933 config false; 934 description 935 "Indicates a list of mrouter interfaces dynamicly learned in a 936 bridge. When this switch receives IGMP/MLD queries from a 937 multicast router on an interface, the interface will become 938 mrouter interface for IGMP/MLD snooping."; 939 } 940 } // instance-config-attributes-igmp-mld-snooping 942 grouping instance-state-source-attributes-igmp-mld-snooping { 943 description 944 "State attributes for IGMP & MLD snooping instance."; 946 leaf-list bridge-outgoing-interface { 947 when 'derived-from-or-self(../../../l2-service- 948 type,"ims:bridge")'; 949 type if:interface-ref; 950 description "Outgoing interface in BRIDGE forwarding"; 951 } 953 leaf up-time { 954 type uint32; 955 units seconds; 956 mandatory true; 957 description 958 "The time elapsed since L2 multicast record created"; 959 } 961 leaf expire { 962 type rt-types:timer-value-seconds16; 963 units seconds; 964 description 965 "The time left before multicast group timeout."; 966 } 968 leaf host-count { 969 if-feature explicit-tracking; 970 type yang:gauge32; 971 description 972 "The number of host addresses."; 973 } 974 } // instance-state-source-attributes-igmp-mld-snooping 976 grouping igmp-snooping-statistics { 977 description 978 "The statistics attributes for IGMP snooping."; 980 leaf query-count { 981 type yang:counter64; 982 description 983 "The number of Membership Query messages."; 984 reference 985 "RFC 2236"; 986 } 987 leaf membership-report-v1-count { 988 type yang:counter64; 989 description 990 "The number of Version 1 Membership Report messages."; 991 reference 992 "RFC 1112"; 993 } 994 leaf membership-report-v2-count { 995 type yang:counter64; 996 description 997 "The number of Version 2 Membership Report messages."; 998 reference 999 "RFC 2236"; 1000 } 1001 leaf membership-report-v3-count { 1002 type yang:counter64; 1003 description 1004 "The number of Version 3 Membership Report messages."; 1005 reference 1006 "RFC 3376"; 1007 } 1008 leaf leave-count { 1009 type yang:counter64; 1010 description 1011 "The number of Leave Group messages."; 1012 reference 1013 "RFC 2236"; 1014 } 1015 leaf pim-hello-count { 1016 type yang:counter64; 1017 description 1018 "The number of PIM hello messages."; 1019 reference 1020 "RFC 7761"; 1021 } 1022 } // igmp-snooping-statistics 1024 grouping mld-snooping-statistics { 1025 description 1026 "The statistics attributes for MLD snooping."; 1028 leaf query-count { 1029 type yang:counter64; 1030 description 1031 "The number of Multicast Listener Query messages."; 1032 reference 1033 "RFC 3810"; 1034 } 1035 leaf report-v1-count { 1036 type yang:counter64; 1037 description 1038 "The number of Version 1 Multicast Listener Report."; 1039 reference 1040 "RFC 2710"; 1041 } 1042 leaf report-v2-count { 1043 type yang:counter64; 1044 description 1045 "The number of Version 2 Multicast Listener Report."; 1046 reference 1047 "RFC 3810"; 1048 } 1049 leaf done-count { 1050 type yang:counter64; 1051 description 1052 "The number of Version 1 Multicast Listener Done."; 1053 reference 1054 "RFC 2710"; 1055 } 1056 leaf pim-hello-count { 1057 type yang:counter64; 1058 description 1059 "The number of PIM hello messages."; 1060 reference 1061 "RFC 7761"; 1062 } 1063 } // mld-snooping-statistics 1065 augment "/rt:routing/rt:control-plane-protocols"+ 1066 "/rt:control-plane-protocol" { 1067 when 'derived-from-or-self(rt:type, "ims:igmp-snooping")' { 1068 description 1069 "This container is only valid for IGMP snooping."; 1070 } 1071 description 1072 "IGMP snooping augmentation to control plane protocol 1073 configuration and state."; 1075 container igmp-snooping-instance { 1076 if-feature igmp-snooping; 1077 description 1078 "IGMP snooping instance to configure igmp-snooping."; 1080 leaf l2-service-type { 1081 type l2-service-type; 1082 default bridge; 1083 description 1084 "The l2-service-type indicates BRIDGE or other services."; 1085 } 1087 uses instance-config-attributes-igmp-mld-snooping; 1088 leaf igmp-version { 1089 type uint8 { 1090 range "1..3"; 1091 } 1092 default 2; 1093 description "IGMP version."; 1094 } 1096 leaf querier-source { 1097 type inet:ipv4-address; 1098 description 1099 "Use the IGMP snooping querier to support IGMP 1100 snooping in a VLAN where PIM and IGMP are not configured. 1101 The IPv4 address is used as source address in messages."; 1102 } 1104 list static-l2-multicast-group { 1105 if-feature static-l2-multicast-group; 1106 key "group source-addr"; 1107 description 1108 "A static multicast route, (*,G) or (S,G)."; 1110 leaf group { 1111 type rt-types:ipv4-multicast-group-address; 1112 description 1113 "Multicast group IPv4 address"; 1114 } 1116 leaf source-addr { 1117 type rt-types:ipv4-multicast-source-address; 1118 description 1119 "Multicast source IPv4 address."; 1120 } 1122 leaf-list bridge-outgoing-interface { 1123 when 'derived-from-or-self(../../l2-service- 1124 type,"ims:bridge")'; 1125 type if:interface-ref; 1126 description "Outgoing interface in BRIDGE forwarding"; 1127 } 1128 } // static-l2-multicast-group 1130 uses instance-state-attributes-igmp-mld-snooping; 1132 list group { 1134 key "address"; 1136 config false; 1138 description "IGMP snooping information"; 1139 leaf address { 1140 type rt-types:ipv4-multicast-group-address; 1141 description 1142 "Multicast group IPv4 address"; 1143 } 1145 uses instance-state-group-attributes-igmp-mld-snooping; 1147 leaf last-reporter { 1148 type inet:ipv4-address; 1149 description 1150 "Address of the last host which has sent report to join 1151 the multicast group."; 1152 } 1154 list source { 1155 key "address"; 1156 description "Source IPv4 address for multicast stream"; 1158 leaf address { 1159 type rt-types:ipv4-multicast-source-address; 1160 description "Source IPv4 address for multicast stream"; 1161 } 1163 uses instance-state-source-attributes-igmp-mld-snooping; 1165 leaf last-reporter { 1166 type inet:ipv4-address; 1167 description 1168 "Address of the last host which has sent report 1169 to join the multicast group."; 1170 } 1172 list host { 1173 if-feature explicit-tracking; 1174 key "host-address"; 1175 description 1176 "List of multicast membership hosts 1177 of the specific multicast source-group."; 1179 leaf host-address { 1180 type inet:ipv4-address; 1181 description 1182 "Multicast membership host address."; 1183 } 1184 leaf host-filter-mode { 1185 type filter-mode-type; 1186 mandatory true; 1187 description 1188 "Filter mode for a multicast membership 1189 host may be either include or exclude."; 1190 } 1191 }// list host 1192 } // list source 1193 } // list group 1195 container interfaces { 1196 config false; 1198 description 1199 "Contains the interfaces associated with the IGMP snooping 1200 instance"; 1202 list interface { 1203 key "name"; 1205 description 1206 "A list of interfaces associated with the IGMP snooping 1207 instance"; 1209 leaf name { 1210 type if:interface-ref; 1211 description 1212 "The name of interface"; 1214 } 1216 container statistics { 1217 description 1218 "The interface statistics for IGMP snooping"; 1220 leaf discontinuity-time { 1221 type yang:date-and-time; 1222 description 1223 "The time on the most recent occasion at which any one 1224 or more of the statistic counters suffered a 1225 discontinuity. If no such discontinuities have 1226 occurred since the last re-initialization of the local 1227 management subsystem, then this node contains the time 1228 the local management subsystem re-initialized 1229 itself."; 1230 } 1231 container received { 1232 description 1233 "Number of received snooped IGMP packets"; 1235 uses igmp-snooping-statistics; 1236 } 1237 container sent { 1238 description 1239 "Number of sent snooped IGMP packets"; 1241 uses igmp-snooping-statistics; 1242 } 1243 } 1244 } 1245 } 1247 action clear-igmp-snooping-groups { 1248 if-feature action-clear-groups; 1249 description 1250 "Clear IGMP snooping cache tables."; 1252 input { 1253 leaf group { 1254 type union { 1255 type enumeration { 1256 enum 'all-groups' { 1257 description 1258 "All multicast group addresses."; 1259 } 1260 } 1261 type rt-types:ipv4-multicast-group-address; 1262 } 1263 mandatory true; 1264 description 1265 "Multicast group IPv4 address. If value 'all-groups' is 1266 specified, all IGMP snooping group entries are cleared 1267 for specified source address."; 1268 } 1269 leaf source { 1270 type rt-types:ipv4-multicast-source-address; 1271 mandatory true; 1272 description 1273 "Multicast source IPv4 address. If value '*' is specified, 1274 all IGMP snooping source-group tables are cleared."; 1275 } 1276 } 1277 } // action clear-igmp-snooping-groups 1278 } // igmp-snooping-instance 1279 } // augment 1281 augment "/rt:routing/rt:control-plane-protocols"+ 1282 "/rt:control-plane-protocol" { 1283 when 'derived-from-or-self(rt:type, "ims:mld-snooping")' { 1284 description 1285 "This container is only valid for MLD snooping."; 1286 } 1287 description 1288 "MLD snooping augmentation to control plane protocol 1289 configuration and state."; 1291 container mld-snooping-instance { 1292 if-feature mld-snooping; 1293 description 1294 "MLD snooping instance to configure mld-snooping."; 1296 leaf l2-service-type { 1297 type l2-service-type; 1298 default bridge; 1299 description 1300 "The l2-service-type indicates BRIDGE or other services."; 1301 } 1303 uses instance-config-attributes-igmp-mld-snooping; 1305 leaf mld-version { 1306 type uint8 { 1307 range "1..2"; 1308 } 1309 default 2; 1310 description "MLD version."; 1311 } 1313 leaf querier-source { 1314 type inet:ipv6-address; 1315 description 1316 "Use the MLD snooping querier to support MLD snooping where 1317 PIM and MLD are not configured. The IPv6 address is used as 1318 the source address in messages."; 1319 } 1321 list static-l2-multicast-group { 1322 if-feature static-l2-multicast-group; 1323 key "group source-addr"; 1324 description 1325 "A static multicast route, (*,G) or (S,G)."; 1327 leaf group { 1328 type rt-types:ipv6-multicast-group-address; 1329 description 1330 "Multicast group IPv6 address"; 1331 } 1333 leaf source-addr { 1334 type rt-types:ipv6-multicast-source-address; 1335 description 1336 "Multicast source IPv6 address."; 1337 } 1339 leaf-list bridge-outgoing-interface { 1340 when 'derived-from-or-self(../../l2-service- 1341 type,"ims:bridge")'; 1342 type if:interface-ref; 1343 description "Outgoing interface in BRIDGE forwarding"; 1344 } 1345 } // static-l2-multicast-group 1347 uses instance-state-attributes-igmp-mld-snooping; 1349 list group { 1350 key "address"; 1351 config false; 1352 description "MLD snooping statistics information"; 1354 leaf address { 1355 type rt-types:ipv6-multicast-group-address; 1356 description 1357 "Multicast group IPv6 address"; 1358 } 1360 uses instance-state-group-attributes-igmp-mld-snooping; 1362 leaf last-reporter { 1363 type inet:ipv6-address; 1364 description 1365 "Address of the last host which has sent report 1366 to join the multicast group."; 1367 } 1369 list source { 1370 key "address"; 1371 description "Source IPv6 address for multicast stream"; 1373 leaf address { 1374 type rt-types:ipv6-multicast-source-address; 1375 description "Source IPv6 address for multicast stream"; 1376 } 1378 uses instance-state-source-attributes-igmp-mld-snooping; 1380 leaf last-reporter { 1381 type inet:ipv6-address; 1382 description 1383 "Address of the last host which has sent report 1384 to join the multicast group."; 1385 } 1387 list host { 1388 if-feature explicit-tracking; 1389 key "host-address"; 1390 description 1391 "List of multicast membership hosts 1392 of the specific multicast source-group."; 1394 leaf host-address { 1395 type inet:ipv6-address; 1396 description 1397 "Multicast membership host address."; 1398 } 1399 leaf host-filter-mode { 1400 type filter-mode-type; 1401 mandatory true; 1402 description 1403 "Filter mode for a multicast membership 1404 host may be either include or exclude."; 1405 } 1406 }// list host 1407 } // list source 1408 } // list group 1410 container interfaces { 1411 config false; 1413 description 1414 "Contains the interfaces associated with the MLD snooping 1415 instance"; 1417 list interface { 1418 key "name"; 1420 description 1421 "A list of interfaces associated with the MLD snooping 1422 instance"; 1424 leaf name { 1425 type if:interface-ref; 1426 description 1427 "The name of interface"; 1429 } 1431 container statistics { 1432 description 1433 "The interface statistics for MLD snooping"; 1435 leaf discontinuity-time { 1436 type yang:date-and-time; 1437 description 1438 "The time on the most recent occasion at which any one 1439 or more of the statistic counters suffered a 1440 discontinuity. If no such discontinuities have 1441 occurred since the last re-initialization of the local 1442 management subsystem, then this node contains the time 1443 the local management subsystem re-initialized 1444 itself."; 1445 } 1446 container received { 1447 description 1448 "Number of received snooped MLD packets"; 1450 uses mld-snooping-statistics; 1451 } 1452 container sent { 1453 description 1454 "Number of sent snooped MLD packets"; 1456 uses mld-snooping-statistics; 1457 } 1458 } 1459 } 1460 } 1462 action clear-mld-snooping-groups { 1463 if-feature action-clear-groups; 1464 description 1465 "Clear MLD snooping cache tables."; 1467 input { 1468 leaf group { 1469 type union { 1470 type enumeration { 1471 enum 'all-groups' { 1472 description 1473 "All multicast group addresses."; 1474 } 1475 } 1476 type rt-types:ipv6-multicast-group-address; 1477 } 1478 mandatory true; 1479 description 1480 "Multicast group IPv6 address. If value 'all-groups' is 1481 specified, all MLD snooping group entries are cleared 1482 for specified source address."; 1483 } 1484 leaf source { 1485 type rt-types:ipv6-multicast-source-address; 1486 mandatory true; 1487 description 1488 "Multicast source IPv6 address. If value '*' is specified, 1489 all MLD snooping source-group tables are cleared."; 1490 } 1491 } 1492 } // action clear-mld-snooping-groups 1493 }// mld-snooping-instance 1495 } // augment 1497 augment "/dot1q:bridges/dot1q:bridge" { 1498 description 1499 "Use IGMP & MLD snooping instance in BRIDGE."; 1501 leaf igmp-snooping-instance { 1502 type igmp-mld-snooping-instance-ref; 1503 description 1504 "Configure IGMP snooping instance under bridge view"; 1505 } 1507 leaf mld-snooping-instance { 1508 type igmp-mld-snooping-instance-ref; 1509 description 1510 "Configure MLD snooping instance under bridge view"; 1511 } 1512 } 1514 augment "/dot1q:bridges/dot1q:bridge"+ 1515 "/dot1q:component/dot1q:bridge-vlan/dot1q:vlan" { 1516 description 1517 "Use IGMP & MLD snooping instance in certain VLAN of BRIDGE"; 1519 leaf igmp-snooping-instance { 1520 type igmp-mld-snooping-instance-ref; 1521 description 1522 "Configure IGMP snooping instance under VLAN view"; 1523 } 1525 leaf mld-snooping-instance { 1526 type igmp-mld-snooping-instance-ref; 1527 description 1528 "Configure MLD snooping instance under VLAN view"; 1529 } 1530 } 1531 } 1532 1534 5. Security Considerations 1536 The YANG module specified in this document defines a schema for data 1537 that is designed to be accessed via network management protocols such as 1538 NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the 1539 secure transport layer, and the mandatory-to-implement secure transport 1540 is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1541 the mandatory-to-implement secure transport is TLS [RFC8446]. 1543 The Network Configuration Access Control Model (NACM) [RFC8341] provides 1544 the means to restrict access for particular NETCONF or RESTCONF users to 1545 a preconfigured subset of all available NETCONF or RESTCONF protocol 1546 operations and content. 1548 There are a number of data nodes defined in this YANG module that are 1549 writable/creatable/deletable (i.e., config true, which is the default). 1550 These data nodes may be considered sensitive or vulnerable in some 1551 network environments. Write operations (e.g., edit-config) to these data 1552 nodes without proper protection can have a negative effect on network 1553 operations. These are the subtrees and data nodes and their 1554 sensitivity/vulnerability: 1556 Under /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol:/ 1558 ims:igmp-snooping-instance 1560 ims:mld-snooping-instance 1562 The subtrees under /dot1q:bridges/dot1q:bridge 1564 ims:igmp-snooping-instance 1566 ims:mld-snooping-instance 1568 The subtrees under /dot1q:bridges/dot1q:bridge/dot1q:component 1569 /dot1q:bridge-vlan/dot1q:vlan 1571 ims:igmp-snooping-instance 1573 ims:mld-snooping-instance 1575 Unauthorized access to any data node of these subtrees can adversely 1576 affect the IGMP & MLD Snooping subsystem of both the local device and 1577 the network. This may lead to network malfunctions, delivery of packets 1578 to inappropriate destinations, and other problems. 1580 Some of the readable data nodes in this YANG module may be considered 1581 sensitive or vulnerable in some network environments. It is thus 1582 important to control read access (e.g., via get, get-config, or 1583 notification) to these data nodes. These are the subtrees and data nodes 1584 and their sensitivity/vulnerability: 1586 Under /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol:/ 1588 ims:igmp-snooping-instance 1590 ims:mld-snooping-instance 1592 Unauthorized access to any data node of these subtrees can disclose the 1593 operational state information of IGMP & MLD Snooping on this device. The 1594 group/source/host information may expose multicast group memberships, 1595 and transitively the associations between the user on the host and the 1596 contents from the source which could be privately sensitive. Some of the 1597 action operations in this YANG module may be considered sensitive or 1598 vulnerable in some network environments. It is thus important to control 1599 access to these operations. These are the operations and their 1600 sensitivity/vulnerability: 1602 Under /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol:/ 1604 ims:igmp-snooping-instance/ims:clear-igmp-snooping-groups 1606 ims:mld-snooping-instance/ims:clear-mld-snooping-groups 1608 Some of the actions in this YANG module may be considered sensitive or 1609 vulnerable in some network environments. The IGMP & MLD Snooping YANG 1610 module supports the "clear-igmp-snooping-groups" and "clear-mld- 1611 snooping-groups" actions. If unauthorized action is invoked, the IGMP 1612 and MLD Snooping group tables will be cleared unexpectedly. Especially 1613 when using wildcard, all the multicast traffic will be flooded in the 1614 broadcast domain. The devices that use this YANG module should heed the 1615 Security Considerations in [RFC4541]. 1617 6. IANA Considerations 1619 RFC Ed.: In this section, replace all occurrences of 'XXXX' with the 1620 actual RFC number (and remove this note). 1622 6.1. XML Registry 1624 This document registers the following namespace URIs in the IETF XML 1626 registry [RFC3688]: 1628 -------------------------------------------------------------------- 1629 URI: urn:ietf:params:xml:ns:yang:ietf-igmp-mld-snooping 1630 Registrant Contact: The IETF. 1631 XML: N/A, the requested URI is an XML namespace. 1632 -------------------------------------------------------------------- 1634 6.2. YANG Module Names Registry 1636 This document registers the following YANG modules in the YANG Module 1637 Names registry [RFC7950]: 1638 -------------------------------------------------------------------- 1639 name: ietf-igmp-mld-snooping 1640 namespace: urn:ietf:params:xml:ns:yang:ietf-igmp-mld-snooping 1641 prefix: ims 1642 reference: RFC XXXX 1643 -------------------------------------------------------------------- 1645 7. References 1647 7.1. Normative References 1649 [dot1Qcp] IEEE, "Standard for Local and metropolitan area networks-- 1650 Bridges and Bridged Networks--Amendment 30: YANG Data 1651 Model", IEEE Std 802.1Qcp-2018 (Revision of IEEE Std 1652 802.1Q-2014), September 2018, 1653 1655 [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, 1656 RFC 1112, August 1989. 1658 [RFC2236] W. Fenner, "Internet Group Management Protocol, Version 2", 1659 RFC 2236, November 1997. 1661 [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast 1662 Listener Discovery (MLD) for IPv6", RFC 2710, October 1999. 1664 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 1665 Thyagarajan, "Internet Group Management Protocol, Version 1666 3", RFC 3376, October 2002. 1668 [RFC3688] Mealling, M., "The IETF XML Registry", RFC 3688, January 1669 2004. 1671 [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery 1672 Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. 1674 [RFC4286] B. Haberman and J. Martin, "Multicast Router Discovery", 1675 RFC 4286, December 2005. 1677 [RFC4541] M. Christensen, K. Kimball, F. Solensky, "Considerations 1678 for Internet Group Management Protocol (IGMP) and Multicast 1679 Listener Discovery (MLD) Snooping Switches", RFC 4541, May 1680 2006. 1682 [RFC5790] H. Liu, W. Cao, H. Asaeda, "Lightweight Internet Group 1683 Management Protocol Version 3 (IGMPv3) and Multicast 1684 Listener Discovery Version 2 (MLDv2) Protocols", RFC 5790, 1685 February 2010. 1687 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1688 the Network Configuration Protocol (NETCONF)", RFC 6020, 1689 October 2010. 1691 [RFC6241] R. Enns, Ed., M. Bjorklund, Ed., J. Schoenwaelder, Ed., A. 1692 Bierman, Ed., "Network Configuration Protocol (NETCONF)", 1693 RFC 6241, June 2011. 1695 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1696 Shell (SSH)", RFC 6242, June 2011. 1698 [RFC6636] H. Asaeda, H. Liu, Q. Wu, "Tuning the Behavior of the 1699 Internet Group Management Protocol (IGMP) and Multicast 1700 Listener Discovery (MLD) for Routers in Mobile and Wireless 1701 Networks", RFC 6636, May 2012. 1703 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, 1704 July 2013. 1706 [RFC7761] B. Fenner, M. Handley, H. Holbrook, I. Kouvelas, R. Parekh, 1707 Z. Zhang, L. Zheng, "Protocol Independent Multicast - 1708 Sparse Mode (PIM-SM): Protocol Specification (Revised)", 1709 RFC 7761, March 2016. 1711 [RFC7950] M. Bjorklund, Ed., "The YANG 1.1 Data Modeling Language", 1712 RFC 7950, August 2016. 1714 [RFC8040] A. Bierman, M. Bjorklund, K. Watsen, "RESTCONF Protocol", 1715 RFC 8040, January 2017. 1717 [RFC8294] X. Liu, Y. Qu, A. Lindem, C. Hopps, L. Berger, "Common YANG 1718 Data Types for the Routing Area", RFC 8294, December 2017. 1720 [RFC8340] M. Bjorklund, and L. Berger, Ed., "YANG Tree Diagrams", RFC 1721 8340, March 2018. 1723 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access 1724 Control Model", RFC 8341, March 2018. 1726 [RFC8342] M. Bjorklund and J. Schoenwaelder, "Network Management 1727 Datastore Architecture (NMDA)", RFC 8342, March 2018. 1729 [RFC8343] M. Bjorklund, "A YANG Data Model for Interface Management", 1730 RFC 8343, March 2018. 1732 [RFC8349] L. Lhotka, A. Lindem, Y. Qu, "A YANG Data Model for Routing 1733 Management (NMDA Version)", RFC 8349, March 2018. 1735 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1736 Version 1.3", RFC 8446, August 2018. 1738 7.2. Informative References 1740 [RFC7951] L. Lhotka, "JSON Encoding of Data Modeled with YANG", RFC 1741 7951, August 2016. 1743 [RFC8407] A. Bierman, "Guidelines for Authors and Reviewers of 1744 Documents Containing YANG Data Models", RFC 8407, October 1745 2018. 1747 [RFC8652] X. Liu, F. Guo, M. Sivakumar, P. McAllister, A. Peter, "A 1748 YANG Data Model for the Internet Group Management Protocol 1749 (IGMP) and Multicast Listener Discovery (MLD)", RFC 8652, 1750 November 2019. 1752 Appendix A. Data Tree Example 1754 This section contains an example for bridge service in the JSON encoding 1755 [RFC7951], containing both configuration and state data. 1757 +-----------+ 1758 + Source + 1759 +-----+-----+ 1760 | 1761 -----------------+---------------------------- 1762 |eth1/1 1763 +---+---+ 1764 + R1 + 1765 +-+---+-+ 1766 eth1/2 | \ eth1/3 1767 | \ 1768 | \ 1769 | \ 1770 | \ 1771 eth2/1 | \ eth3/1 1772 +---+---+ +--+---+ 1773 + R2 + + R3 + 1774 +---+---+ +--+---+ 1775 eth2/2 | | eth3/2 1776 | | 1777 ---------------+----------+------------------- 1778 | | 1779 | | 1780 +--------+--+ +---+--------+ 1781 + Receiver1 + + Receiver2 + 1782 +-----------+ +------------+ 1784 The configuration data for R1 in the above figure could be as follows: 1786 { 1787 "ietf-interfaces:interfaces":{ 1788 "interface":[ 1789 { 1790 "name":"eth1/1", 1791 "type":"iana-if-type:ethernetCsmacd" 1792 } 1793 ] 1794 }, 1795 "ietf-routing:routing":{ 1796 "control-plane-protocols":{ 1797 "control-plane-protocol":[ 1798 { 1799 "type":"ietf-igmp-mld-snooping:igmp-snooping", 1800 "name":"bis1", 1801 "ietf-igmp-mld-snooping:igmp-snooping-instance":{ 1802 "l2-service-type":"ietf-igmp-mld-snooping:bridge", 1803 "enable":true 1804 } 1805 } 1806 ] 1807 } 1808 }, 1809 "ieee802-dot1q-bridge:bridges":{ 1810 "bridge":[ 1811 { 1812 "name":"isp1", 1813 "address":"00-23-ef-a5-77-12", 1814 "bridge-type":"ieee802-dot1q-bridge:customer-vlan-bridge", 1815 "component":[ 1816 { 1817 "name":"comp1", 1818 "type":"ieee802-dot1q-bridge:c-vlan-component", 1819 "bridge-vlan":{ 1820 "vlan":[ 1821 { 1822 "vid":101, 1823 "ietf-igmp-mld-snooping:igmp-snooping-instance":"bis1" 1824 } 1825 ] 1826 } 1827 } 1828 ] 1829 } 1830 ] 1831 } 1832 } 1834 The corresponding operational state data for R1 could be as follows: 1836 { 1837 "ietf-interfaces:interfaces": { 1838 "interface": [ 1839 { 1840 "name": "eth1/1", 1841 "type": "iana-if-type:ethernetCsmacd", 1842 "oper-status": "up", 1843 "statistics": { 1844 "discontinuity-time": "2018-05-23T12:34:56-05:00" 1845 } 1846 } 1847 ] 1848 }, 1849 "ietf-routing:routing": { 1850 "control-plane-protocols": { 1851 "control-plane-protocol": [ 1852 { 1853 "type": "ietf-igmp-mld-snooping:igmp-snooping", 1854 "name": "bis1", 1855 "ietf-igmp-mld-snooping:igmp-snooping-instance": { 1856 "l2-service-type": "ietf-igmp-mld-snooping:bridge", 1857 "enable": true 1858 } 1859 } 1860 ] 1861 } 1862 }, 1863 "ieee802-dot1q-bridge:bridges": { 1864 "bridge": [ 1865 { 1866 "name": "isp1", 1867 "address": "00-23-ef-a5-77-12", 1868 "bridge-type": "ieee802-dot1q-bridge:customer-vlan-bridge", 1869 "component": [ 1870 { 1871 "name": "comp1", 1872 "type": "ieee802-dot1q-bridge:c-vlan-component", 1873 "bridge-vlan": { 1874 "vlan": [ 1875 { 1876 "vid": 101, 1877 "ietf-igmp-mld-snooping:igmp-snooping-instance": "bis1" 1878 } 1879 ] 1880 } 1881 } 1882 ] 1883 } 1884 ] 1885 } 1886 } 1887 The following action is to clear all the entries whose group address is 1888 225.1.1.1 for igmp-snooping-instance bis1. 1890 POST /restconf/operations/ietf-routing:routing/control-plane-protocols/\ 1891 control-plane-protocol=ietf-igmp-mld-snooping:igmp-snooping,bis1/\ 1892 ietf-igmp-mld-snooping:igmp-snooping-instance/\ 1893 clear-igmp-snooping-groups HTTP/1.1 1894 Host: example.com 1895 Content-Type: application/yang-data+json 1897 { 1898 "ietf-igmp-mld-snooping:input" : { 1899 "group": "225.1.1.1", 1900 "source": "*" 1901 } 1902 } 1903 Authors' Addresses 1905 Hongji Zhao 1906 Ericsson (China) Communications Company Ltd. 1907 Ericsson Tower, No. 5 Lize East Street, 1908 Chaoyang District Beijing 100102, China 1910 Email: hongji.zhao@ericsson.com 1912 Xufeng Liu 1913 Volta Networks 1914 USA 1916 EMail: xufeng.liu.ietf@gmail.com 1918 Yisong Liu 1919 China Mobile 1920 China 1922 Email: liuyisong@chinamobile.com 1924 Anish Peter 1925 Individual 1927 EMail: anish.ietf@gmail.com 1929 Mahesh Sivakumar 1930 Juniper Networks 1931 1133 Innovation Way 1932 Sunnyvale, California 1933 USA 1935 EMail: sivakumar.mahesh@gmail.com