idnits 2.17.1 draft-ietf-pim-igmp-mld-snooping-yang-20.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 346 has weird spacing: '...er-mode fil...' == Line 447 has weird spacing: '...er-mode fil...' == Line 503 has weird spacing: '... source rt-...' == Line 511 has weird spacing: '... source rt-...' -- The document date (October 08, 2021) is 932 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 4541 ** Downref: Normative reference to an Informational RFC: RFC 6636 Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 PIM Working Group H. Zhao 2 Internet Draft Ericsson 3 Intended status: Standards Track X. Liu 4 Expires: April 07, 2022 Volta Networks 5 Y. Liu 6 China Mobile 7 M. Sivakumar 8 Juniper 9 A. Peter 10 Individual 12 October 08, 2021 14 A Yang Data Model for IGMP and MLD Snooping 15 draft-ietf-pim-igmp-mld-snooping-yang-20.txt 17 Abstract 19 This document defines a YANG data model that can be used to configure 20 and manage Internet Group Management Protocol (IGMP) and Multicast 21 Listener Discovery (MLD) Snooping devices. The YANG module in this 22 document conforms to Network Management Datastore Architecture (NMDA). 24 Status of this Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF), its areas, and its working groups. Note that 31 other groups may also distribute working documents as Internet- 32 Drafts. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 The list of current Internet-Drafts can be accessed at 40 http://www.ietf.org/ietf/1id-abstracts.txt 42 The list of Internet-Draft Shadow Directories can be accessed at 43 http://www.ietf.org/shadow.html 45 This Internet-Draft will expire on April 07, 2022. 47 Copyright Notice 49 Copyright (c) 2021 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction...................................................3 65 1.1. Terminology...............................................3 66 1.2. Tree Diagrams.............................................3 67 1.3. Prefixes in Data Node Names...............................4 68 2. Design of Data Model...........................................4 69 2.1. Overview..................................................5 70 2.2. Optional Capabilities.....................................5 71 2.3. Position of Address Family in Hierarchy...................6 72 3. Module Structure...............................................6 73 3.1. IGMP Snooping Instances...................................6 74 3.2. MLD Snooping Instances....................................8 75 3.3. Using IGMP and MLD Snooping Instances....................10 76 3.4. IGMP and MLD Snooping Actions............................11 77 4. IGMP and MLD Snooping YANG Module.............................11 78 5. Security Considerations.......................................31 79 6. IANA Considerations...........................................33 80 6.1. XML Registry.............................................33 81 6.2. YANG Module Names Registry...............................33 82 7. References....................................................34 83 7.1. Normative References.....................................34 84 7.2. Informative References...................................35 85 Appendix A. Data Tree Example...................................36 86 Authors' Addresses...............................................39 88 1. Introduction 90 This document defines a YANG [RFC7950] data model for the management of 91 Internet Group Management Protocol (IGMP) and Multicast Listener 92 Discovery (MLD) Snooping [RFC4541] devices. 94 The YANG module in this document conforms to the Network Management 95 Datastore Architecture defined in [RFC8342]. The "Network Management 96 Datastore Architecture" (NMDA) adds the ability to inspect the current 97 operational values for configuration, allowing clients to use identical 98 paths for retrieving the configured values and the operational values. 100 1.1. Terminology 102 The terminology for describing YANG data models is found in [RFC6020] 104 and [RFC7950], including: 106 * augment 108 * data model 110 * data node 112 * identity 114 * module 116 The following terminologies are used in this document: 118 * mrouter: multicast router, which is a router that has multicast 119 routing enabled [RFC4286]. 121 * mrouter interfaces: snooping switch ports where multicast routers 122 are attached [RFC4541]. 124 The following abbreviations are used in this document and defined model: 126 IGMP: Internet Group Management Protocol [RFC3376]. 128 MLD: Multicast Listener Discovery [RFC3810]. 130 1.2. Tree Diagrams 132 Tree diagrams used in this document follow the notation defined in 134 [RFC8340]. 136 1.3. Prefixes in Data Node Names 138 In this document, names of data nodes, actions, and other data model 139 objects are often used without a prefix, as long as it is clear from the 140 context in which YANG module each name is defined. Otherwise, names are 141 prefixed using the standard prefix associated with the corresponding 142 YANG module, as shown in Table 1. 144 +----------+-----------------------+---------------------------------+ 145 | Prefix | YANG module | Reference | 146 +==========+=======================+=================================+ 147 | inet | ietf-inet-types | [RFC6991] | 148 +----------+-----------------------+---------------------------------+ 149 | yang | ietf-yang-types | [RFC6991] | 150 +----------+-----------------------+---------------------------------+ 151 | if | ietf-interfaces | [RFC8343] | 152 +----------+-----------------------+---------------------------------+ 153 | rt | ietf-routing | [RFC8349] | 154 +----------+-----------------------+---------------------------------+ 155 | rt-types | ietf-routing-types | [RFC8294] | 156 +----------+-----------------------+---------------------------------+ 157 | dot1q | ieee802-dot1q-bridge | [dot1Qcp] | 158 +----------+-----------------------+---------------------------------+ 159 Table 1: Prefixes and Corresponding YANG Modules 161 2. Design of Data Model 163 An IGMP/MLD snooping switch [RFC4541] analyzes IGMP/MLD packets and sets 164 up forwarding tables for multicast traffic. If a switch does not run 165 IGMP/MLD snooping, multicast traffic will be flooded in the broadcast 166 domain. If a switch runs IGMP/MLD snooping, multicast traffic will be 167 forwarded based on the forwarding tables to avoid wasting bandwidth. The 168 IGMP/MLD snooping switch does not need to run any of the IGMP/MLD 169 protocols. Because the IGMP/MLD snooping is independent of the IGMP/MLD 170 protocols, the data model defined in this document does not augment, or 171 even require, the IGMP/MLD data model defined in [RFC8652]. 172 The model covers considerations for Internet Group Management Protocol 173 (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches 174 [RFC4541]. 176 IGMP and MLD snooping switches do not adhere to the conceptual model 177 that provides the strict separation of functionality between different 178 communications layers in the ISO model, and instead utilize information 179 in the upper level protocol headers as factors to be considered in 180 processing at the lower levels [RFC4541]. 182 IGMP Snooping switches utilize IGMP, and could support IGMPv1 [RFC1112], 183 IGMPv2 [RFC2236], and IGMPv3 [RFC3376]. MLD Snooping switches utilize 184 MLD, and could support MLDv1 [RFC2710] and MLDv2 [RFC3810]. The goal of 185 this document is to define a data model that provides a common user 186 interface to IGMP and MLD Snooping. 188 2.1. Overview 190 The IGMP and MLD Snooping YANG module defined in this document has all 191 the common building blocks for the IGMP and MLD Snooping switches. 193 The YANG module includes IGMP and MLD Snooping instance definition, 194 using instance in the L2 service type of BRIDGE [dot1Qcp]. It also 195 includes actions for clearing IGMP and MLD Snooping group tables. 197 The YANG module doesn't cover L2VPN, which will be specified in a 198 separated document. 200 2.2. Optional Capabilities 202 This model is designed to represent the basic capability subsets of IGMP 203 and MLD Snooping. The main design goals of this document are that the 204 basic capabilities described in the model are supported by any major 205 now-existing implementation, and that the configuration of all 206 implementations meeting the specifications is easy to express through 207 some combination of the optional features in the model and simple vendor 208 augmentations. 210 There is also value in widely supported features being standardized, to 211 provide a standardized way to access these features, to save work for 212 individual vendors, and so that mapping between different vendors' 213 configuration is not needlessly complicated. Therefore, this model 214 declares a number of features representing capabilities that not all 215 deployed devices support. 217 The extensive use of feature declarations should also substantially 218 simplify the capability negotiation process for a vendor's IGMP and MLD 219 Snooping implementations. 221 On the other hand, operational state parameters are not so widely 222 designated as features, as there are many cases where the defaulting 223 of an operational state parameter would not cause any harm to the 224 system, and it is much more likely that an implementation without 225 native support for a piece of operational state would be able to derive 226 a suitable value for a state variable that is not natively supported. 228 2.3. Position of Address Family in Hierarchy 230 IGMP Snooping only supports IPv4, while MLD Snooping only supports IPv6. 231 The data model defined in this document can be used for both IPv4 and 232 IPv6 address families. 234 This document defines IGMP Snooping and MLD Snooping as separate schema 235 branches in the structure. The benefits are: 237 * The model can support IGMP Snooping (IPv4), MLD Snooping (IPv6), or 238 both optionally and independently. Such flexibility cannot be achieved 239 cleanly with a combined branch. 241 * The structure is consistent with other YANG data models such as 242 [RFC8652], which uses separate branches for IPv4 and IPv6. 244 * Having separate branches for IGMP Snooping and MLD Snooping allows 245 minor differences in their behavior to be modelled more simply and 246 cleanly. The two branches can better support different features and node 247 types. 249 3. Module Structure 251 This model augments the core routing data model specified in [RFC8349]. 253 +--rw routing 254 +--rw router-id? 255 +--rw control-plane-protocols 256 | +--rw control-plane-protocol* [type name] 257 | +--rw type 258 | +--rw name 259 | +--rw igmp-snooping-instance <= Augmented by this Model 260 ... 261 | +--rw mld-snooping-instance <= Augmented by this Model 262 ... 263 The "igmp-snooping-instance" container instantiates an IGMP Snooping 264 Instance. The "mld-snooping-instance" container instantiates an MLD 265 Snooping Instance. 267 The YANG data model defined in this document conforms to the Network 268 Management Datastore Architecture (NMDA) [RFC8342]. The operational 269 state data is combined with the associated configuration data in the 270 same hierarchy [RFC8407]. 272 3.1. IGMP Snooping Instances 274 The YANG module ietf-igmp-mld-snooping augments /rt:routing/rt:control- 275 plane-protocols/rt:control-plane-protocol to add the igmp-snooping- 276 instance container. 278 All the IGMP Snooping related attributes have been defined in the igmp- 279 snooping-instance. The read-write attributes represent configurable 280 data. The read-only attributes represent state data. 282 One igmp-snooping-instance could be used in one BRIDGE [dot1Qcp] 283 instance, and it corresponds to one BRIDGE instance. 285 Currently the value of l2-service-type in igmp-snooping-instance could 286 only be set bridge. After it is set, igmp-snooping-instance could be 287 used in the BRIDGE service. 289 The values of bridge-mrouter-interface is filled by the snooping device 290 dynamically. It is different from static-bridge-mrouter-interface which 291 is configured. 293 The attributes under the interfaces show the statistics of IGMP Snooping 294 related packets. 296 augment /rt:routing/rt:control-plane-protocols 297 /rt:control-plane-protocol: 298 +--rw igmp-snooping-instance {igmp-snooping}? 299 +--rw l2-service-type? l2-service-type 300 +--rw enable? boolean 301 +--rw forwarding-table-type? enumeration 302 +--rw explicit-tracking? boolean 303 | {explicit-tracking}? 304 +--rw lite-exclude-filter? empty 305 | {lite-exclude-filter}? 306 +--rw send-query? boolean 307 +--rw fast-leave? empty {fast-leave}? 308 +--rw last-member-query-interval? uint16 309 +--rw query-interval? uint16 310 +--rw query-max-response-time? uint16 311 +--rw require-router-alert? boolean 312 | {require-router-alert}? 313 +--rw robustness-variable? uint8 314 +--rw static-bridge-mrouter-interface* if:interface-ref 315 | {static-mrouter-interface}? 316 +--rw igmp-version? uint8 317 +--rw querier-source? inet:ipv4-address 318 +--rw static-l2-multicast-group* [group source-addr] 319 | {static-l2-multicast-group}? 320 | +--rw group 321 | | rt-types:ipv4-multicast-group-address 322 | +--rw source-addr 323 | | rt-types:ipv4-multicast-source-address 324 | +--rw bridge-outgoing-interface* if:interface-ref 325 +--ro entries-count? yang:gauge32 326 +--ro bridge-mrouter-interface* if:interface-ref 327 +--ro group* [address] 328 | +--ro address 329 | | rt-types:ipv4-multicast-group-address 330 | +--ro mac-address? yang:phys-address 331 | +--ro expire? rt-types:timer-value-seconds16 332 | +--ro up-time uint32 333 | +--ro last-reporter? inet:ipv4-address 334 | +--ro source* [address] 335 | +--ro address 336 | | rt-types:ipv4-multicast-source-address 337 | +--ro bridge-outgoing-interface* if:interface-ref 338 | +--ro up-time uint32 339 | +--ro expire? 340 | | rt-types:timer-value-seconds16 341 | +--ro host-count? yang:gauge32 342 | | {explicit-tracking}? 343 | +--ro last-reporter? inet:ipv4-address 344 | +--ro host* [address] {explicit-tracking}? 345 | +--ro address inet:ipv4-address 346 | +--ro filter-mode filter-mode-type 347 +--ro interfaces 348 +--ro interface* [name] 349 +--ro name if:interface-ref 350 +--ro statistics 351 +--ro discontinuity-time? yang:date-and-time 352 +--ro received 353 | +--ro query-count? yang:counter64 354 | +--ro membership-report-v1-count? yang:counter64 355 | +--ro membership-report-v2-count? yang:counter64 356 | +--ro membership-report-v3-count? yang:counter64 357 | +--ro leave-count? yang:counter64 358 | +--ro pim-hello-count? yang:counter64 359 +--ro sent 360 +--ro query-count? yang:counter64 361 +--ro membership-report-v1-count? yang:counter64 362 +--ro membership-report-v2-count? yang:counter64 363 +--ro membership-report-v3-count? yang:counter64 364 +--ro leave-count? yang:counter64 365 +--ro pim-hello-count? yang:counter64 367 3.2. MLD Snooping Instances 369 The YANG module ietf-igmp-mld-snooping augments /rt:routing/rt:control- 370 plane-protocols/rt:control-plane-protocol to add the mld-snooping- 371 instance container. The mld-snooping-instance could be used in the 372 BRIDGE [dot1Qcp] service to enable MLD Snooping. 374 All the MLD Snooping related attributes have been defined in the mld- 375 snooping-instance. The read-write attributes represent configurable 376 data. The read-only attributes represent state data. 378 The mld-snooping-instance has similar structure as IGMP snooping. Some 379 of leaves are protocol related. The mld-snooping-instance uses IPv6 380 addresses and mld-version, while igmp-snooping-instance uses IPv4 381 addresses and igmp-version. Statistic counters in each of the above 382 snooping instances are also tailored to the specific protocol type. One 383 mld-snooping-instance could be used in one BRIDGE instance, and it 384 corresponds to one BRIDGE instance. 386 Currently the value of l2-service-type in mld-snooping-instance could 387 only be set bridge. After it is set, mld-snooping-instance could be used 388 in the BRIDGE service. 390 The value of bridge-mrouter-interface is filled by the snooping device 391 dynamically. It is different from static-bridge-mrouter-interface which 392 is configured. 394 The attributes under the interfaces show the statistics of MLD Snooping 395 related packets. 397 augment /rt:routing/rt:control-plane-protocols 398 /rt:control-plane-protocol: 399 +--rw mld-snooping-instance {mld-snooping}? 400 +--rw l2-service-type? l2-service-type 401 +--rw enable? boolean 402 +--rw forwarding-table-type? enumeration 403 +--rw explicit-tracking? boolean 404 | {explicit-tracking}? 405 +--rw lite-exclude-filter? empty 406 | {lite-exclude-filter}? 407 +--rw send-query? boolean 408 +--rw fast-leave? empty {fast-leave}? 409 +--rw last-member-query-interval? uint16 410 +--rw query-interval? uint16 411 +--rw query-max-response-time? uint16 412 +--rw require-router-alert? boolean 413 | {require-router-alert}? 414 +--rw robustness-variable? uint8 415 +--rw static-bridge-mrouter-interface* if:interface-ref 416 | {static-mrouter-interface}? 417 +--rw mld-version? uint8 418 +--rw querier-source? inet:ipv6-address 419 +--rw static-l2-multicast-group* [group source-addr] 420 | {static-l2-multicast-group}? 421 | +--rw group 422 | | rt-types:ipv6-multicast-group-address 423 | +--rw source-addr 424 | | rt-types:ipv6-multicast-source-address 425 | +--rw bridge-outgoing-interface* if:interface-ref 426 +--ro entries-count? yang:gauge32 427 +--ro bridge-mrouter-interface* if:interface-ref 428 +--ro group* [address] 429 | +--ro address 430 | | rt-types:ipv6-multicast-group-address 431 | +--ro mac-address? yang:phys-address 432 | +--ro expire? rt-types:timer-value-seconds16 433 | +--ro up-time uint32 434 | +--ro last-reporter? inet:ipv6-address 435 | +--ro source* [address] 436 | +--ro address 437 | | rt-types:ipv6-multicast-source-address 438 | +--ro bridge-outgoing-interface* if:interface-ref 439 | +--ro up-time uint32 440 | +--ro expire? 441 | | rt-types:timer-value-seconds16 442 | +--ro host-count? yang:gauge32 443 | | {explicit-tracking}? 444 | +--ro last-reporter? inet:ipv6-address 445 | +--ro host* [address] {explicit-tracking}? 446 | +--ro address inet:ipv6-address 447 | +--ro filter-mode filter-mode-type 448 +--ro interfaces 449 +--ro interface* [name] 450 +--ro name if:interface-ref 451 +--ro statistics 452 +--ro discontinuity-time? yang:date-and-time 453 +--ro received 454 | +--ro query-count? yang:counter64 455 | +--ro report-v1-count? yang:counter64 456 | +--ro report-v2-count? yang:counter64 457 | +--ro done-count? yang:counter64 458 | +--ro pim-hello-count? yang:counter64 459 +--ro sent 460 +--ro query-count? yang:counter64 461 +--ro report-v1-count? yang:counter64 462 +--ro report-v2-count? yang:counter64 463 +--ro done-count? yang:counter64 464 +--ro pim-hello-count? yang:counter64 466 3.3. Using IGMP and MLD Snooping Instances 468 The igmp-snooping-instance could be used in the service of BRIDGE 469 [dot1Qcp] to configure the IGMP Snooping. 471 For the BRIDGE service this model augments /dot1q:bridges/dot1q:bridge 472 to use igmp-snooping-instance. It means IGMP Snooping is enabled in the 473 whole bridge. 475 It also augments /dot1q:bridges/dot1q:bridge/dot1q:component/ 476 dot1q:bridge-vlan/dot1q:vlan to use igmp-snooping-instance. It means 477 IGMP Snooping is enabled in the specified VLAN on the bridge. 479 The mld-snooping-instance could be used in concurrence with igmp- 480 snooping-instance to configure the MLD Snooping. 482 augment /dot1q:bridges/dot1q:bridge: 483 +--rw igmp-snooping-instance? igmp-mld-snooping-instance-ref 484 +--rw mld-snooping-instance? igmp-mld-snooping-instance-ref 486 augment /dot1q:bridges/dot1q:bridge/dot1q:component 487 /dot1q:bridge-vlan/dot1q:vlan: 488 +--rw igmp-snooping-instance? igmp-mld-snooping-instance-ref 489 +--rw mld-snooping-instance? igmp-mld-snooping-instance-ref 491 3.4. IGMP and MLD Snooping Actions 493 IGMP and MLD Snooping actions clear the specified IGMP and MLD Snooping 494 group tables. If both source X and group Y are specified, only source X 495 from group Y in that specific instance will be cleared. 497 augment /rt:routing/rt:control-plane-protocols 498 /rt:control-plane-protocol: 499 +--rw igmp-snooping-instance {igmp-snooping}? 500 +---x clear-igmp-snooping-groups {action-clear-groups}? 501 +---w input 502 +---w group union 503 +---w source rt-types:ipv4-multicast-source-address 505 augment /rt:routing/rt:control-plane-protocols 506 /rt:control-plane-protocol: 507 +--rw mld-snooping-instance {mld-snooping}? 508 +---x clear-mld-snooping-groups {action-clear-groups}? 509 +---w input 510 +---w group union 511 +---w source rt-types:ipv6-multicast-source-address 513 4. IGMP and MLD Snooping YANG Module 515 This module references [RFC1112],[RFC2236],[RFC2710],[RFC3376], 516 [RFC3810],[RFC4541],[RFC5790],[RFC6636],[RFC6991],[RFC7761], 517 [RFC8343],[dot1Qcp]. 519 file ietf-igmp-mld-snooping@2021-10-08.yang 520 module ietf-igmp-mld-snooping { 521 yang-version 1.1; 522 namespace "urn:ietf:params:xml:ns:yang:ietf-igmp-mld-snooping"; 524 prefix ims; 526 import ietf-inet-types { 527 prefix "inet"; 528 reference 529 "RFC 6991: Common YANG Data Types"; 530 } 532 import ietf-yang-types { 533 prefix "yang"; 534 reference 535 "RFC 6991: Common YANG Data Types"; 536 } 538 import ietf-interfaces { 539 prefix "if"; 540 reference 541 "RFC 8343: A YANG Data Model for Interface Management"; 542 } 544 import ietf-routing { 545 prefix "rt"; 546 reference 547 "RFC 8349: A YANG Data Model for Routing Management (NMDA 548 Version)"; 549 } 551 import ietf-routing-types { 552 prefix "rt-types"; 553 reference 554 "RFC 8294: Common YANG Data Types for the Routing Area"; 555 } 557 import ieee802-dot1q-bridge { 558 prefix "dot1q"; 559 reference 560 "dot1Qcp: IEEE 802.1Qcp-2018 Bridges and Bridged Networks 561 - Amendment: YANG Data Model"; 562 } 564 organization 565 "IETF PIM Working Group"; 567 contact 568 "WG Web: 569 WG List: 571 Editors: Hongji Zhao 572 574 Xufeng Liu 575 577 Yisong Liu 578 579 Anish Peter 580 582 Mahesh Sivakumar 583 585 "; 587 description 588 "The module defines a collection of YANG definitions common for 589 all devices that implement Internet Group Management Protocol 590 (IGMP) and Multicast Listener Discovery (MLD) Snooping which is 591 described in RFC 4541. 593 Copyright (c) 2021 IETF Trust and the persons identified as 594 authors of the code. All rights reserved. 596 Redistribution and use in source and binary forms, with or 597 without modification, is permitted pursuant to, and subject to 598 the license terms contained in, the Simplified BSD License set 599 forth in Section 4.c of the IETF Trust's Legal Provisions 600 Relating to IETF Documents 601 (http://trustee.ietf.org/license-info). 603 This version of this YANG module is part of RFC XXXX; see the 604 RFC itself for full legal notices."; 606 revision 2021-10-08 { 607 description 608 "Initial revision."; 609 reference 610 "RFC XXXX: A YANG Data Model for IGMP and MLD Snooping"; 611 } 613 /* 614 * Features 615 */ 617 feature igmp-snooping { 618 description 619 "Support IGMP snooping."; 620 reference 621 "RFC 4541"; 622 } 624 feature mld-snooping { 625 description 626 "Support MLD snooping."; 627 reference 628 "RFC 4541"; 630 } 632 feature fast-leave { 633 description 634 "Support configuration of fast leave. The fast leave feature 635 does not send last member query messages to hosts."; 636 reference 637 "RFC 3376"; 638 } 640 feature static-l2-multicast-group { 641 description 642 "Support configuration of static L2 multicast group."; 643 } 645 feature static-mrouter-interface { 646 description 647 "Support multicast router interface explicitly configured 648 by management"; 649 reference 650 "RFC 4541"; 651 } 653 feature action-clear-groups { 654 description 655 "Support clearing statistics by action for IGMP & MLD snooping."; 656 } 658 feature require-router-alert { 659 description 660 "Support configuration of require-router-alert."; 661 reference 662 "RFC 3376"; 663 } 665 feature lite-exclude-filter { 666 description 667 "Enable the support of the simplified EXCLUDE filter."; 668 reference 669 "RFC 5790"; 670 } 672 feature explicit-tracking { 673 description 674 "Support configuration of per instance explicit-tracking."; 675 reference 676 "RFC 6636"; 677 } 679 /* identities */ 680 identity l2-service-type { 681 description 682 "Base identity for L2 service type in IGMP & MLD snooping"; 683 } 685 identity bridge { 686 base l2-service-type; 687 description 688 "This identity represents BRIDGE service."; 689 } 691 identity filter-mode { 692 description 693 "Base identity for filter mode in IGMP & MLD snooping"; 694 } 696 identity include { 697 base filter-mode; 698 description 699 "This identity represents include mode."; 700 } 702 identity exclude { 703 base filter-mode; 704 description 705 "This identity represents exclude mode."; 706 } 708 identity igmp-snooping { 709 base rt:control-plane-protocol; 710 description 711 "IGMP snooping"; 712 } 714 identity mld-snooping { 715 base rt:control-plane-protocol; 716 description 717 "MLD snooping"; 718 } 720 /* 721 * Typedefs 722 */ 724 typedef l2-service-type { 725 type identityref { 726 base "l2-service-type"; 727 } 728 description "The L2 service type used with IGMP & MLD snooping "; 729 } 730 typedef filter-mode-type { 731 type identityref { 732 base "filter-mode"; 733 } 734 description "The host filter mode"; 735 } 737 typedef igmp-mld-snooping-instance-ref { 738 type leafref { 739 path "/rt:routing/rt:control-plane-protocols"+ 740 "/rt:control-plane-protocol/rt:name"; 741 } 742 description 743 "This type is used by data models which need to 744 reference IGMP & MLD snooping instance."; 745 } 747 /* 748 * Groupings 749 */ 751 grouping instance-config-attributes-igmp-mld-snooping { 752 description 753 "IGMP and MLD snooping configuration of each VLAN."; 755 leaf enable { 756 type boolean; 757 default false; 758 description 759 "Set the value to true to enable IGMP & MLD snooping."; 760 } 762 leaf forwarding-table-type { 763 type enumeration { 764 enum "mac" { 765 description 766 "MAC-based lookup mode"; 767 } 768 enum "ip" { 769 description 770 "IP-based lookup mode"; 771 } 772 } 773 default "ip"; 774 description "The default forwarding table type is ip"; 775 } 777 leaf explicit-tracking { 778 if-feature explicit-tracking; 779 type boolean; 780 default false; 781 description 782 "Track the IGMPv3 and MLDv2 snooping membership reports 783 from individual hosts. It contributes to saving network 784 resources and shortening leave latency."; 785 } 787 leaf lite-exclude-filter { 788 if-feature lite-exclude-filter; 789 type empty; 790 description 791 "For IGMP Snooping, the presence of this 792 leaf enables the support of the simplified EXCLUDE filter 793 in the Lightweight IGMPv3 protocol, which simplifies the 794 standard versions of IGMPv3. 795 For MLD Snooping, the presence of this 796 leaf enables the support of the simplified EXCLUDE filter 797 in the Lightweight MLDv2 protocol, which simplifies the 798 standard versions of MLDv2."; 799 reference 800 "RFC 5790"; 801 } 803 leaf send-query { 804 type boolean; 805 default false; 806 description 807 "When it is true, this switch will send out periodic 808 IGMP General Query Message or MLD General Query Message."; 809 } 811 leaf fast-leave { 812 if-feature fast-leave; 813 type empty; 814 description 815 "When immediate leave is enabled, the IGMP software assumes 816 that no more than one host is present on each VLAN port."; 817 } 819 leaf last-member-query-interval { 820 type uint16 { 821 range "10..10230"; 822 } 823 units deciseconds; 824 default 10; 825 description 826 "Last Member Query Interval, which may be tuned to modify 827 the leave latency of the network. 828 It is represented in units of 1/10 second."; 829 reference "RFC 3376. Sec. 8.8."; 830 } 831 leaf query-interval { 832 type uint16; 833 units seconds; 834 default 125; 835 description 836 "The Query Interval is the interval between General Queries 837 sent by the Querier."; 838 reference "RFC 3376. Sec. 4.1.7, 8.2, 8.14.2."; 839 } 841 leaf query-max-response-time { 842 type uint16; 843 units deciseconds; 844 default 100; 845 description 846 "Query maximum response time specifies the maximum time 847 allowed before sending a responding report. 848 It is represented in units of 1/10 second."; 849 reference "RFC 3376. Sec. 4.1.1, 8.3, 8.14.3."; 850 } 852 leaf require-router-alert { 853 if-feature require-router-alert; 854 type boolean; 855 default false; 856 description 857 "When the value is true, router alert should exist 858 in the IP header of IGMP or MLD packet. If it doesn't exist, 859 the IGMP or MLD packet will be ignored."; 860 reference "RFC 3376. Sec. 9.1, 9.2, 9.3."; 861 } 863 leaf robustness-variable { 864 type uint8 { 865 range "1..7"; 866 } 867 default 2; 868 description 869 "Querier's Robustness Variable allows tuning for the 870 expected packet loss on a network."; 871 reference "RFC 3376. Sec. 4.1.6, 8.1, 8.14.1."; 872 } 874 leaf-list static-bridge-mrouter-interface { 875 when 'derived-from-or-self(../l2-service-type,"ims:bridge")'; 876 if-feature static-mrouter-interface; 877 type if:interface-ref; 878 description "static mrouter interface in BRIDGE forwarding"; 879 } 880 } // instance-config-attributes-igmp-mld-snooping 881 grouping instance-state-group-attributes-igmp-mld-snooping { 882 description 883 "Attributes for both IGMP and MLD snooping groups."; 885 leaf mac-address { 886 type yang:phys-address; 887 description "Destination MAC address for L2 multicast."; 888 } 890 leaf expire { 891 type rt-types:timer-value-seconds16; 892 units seconds; 893 description 894 "The time left before multicast group timeout."; 895 } 897 leaf up-time { 898 type uint32; 899 units seconds; 900 mandatory true; 901 description 902 "The time elapsed since L2 multicast record created."; 903 } 904 } // instance-state-group-attributes-igmp-mld-snooping 906 grouping instance-state-attributes-igmp-mld-snooping { 908 description 909 "State attributes for IGMP & MLD snooping instance."; 911 leaf entries-count { 912 type yang:gauge32; 913 config false; 914 description 915 "The number of L2 multicast entries in IGMP & MLD snooping"; 916 } 918 leaf-list bridge-mrouter-interface { 919 when 'derived-from-or-self(../l2-service-type,"ims:bridge")'; 920 type if:interface-ref; 921 config false; 922 description 923 "Indicates a list of mrouter interfaces dynamically learned in a 924 bridge. When this switch receives IGMP/MLD queries from a 925 multicast router on an interface, the interface will become 926 mrouter interface for IGMP/MLD snooping."; 927 } 928 } // instance-config-attributes-igmp-mld-snooping 930 grouping instance-state-source-attributes-igmp-mld-snooping { 931 description 932 "State attributes for IGMP & MLD snooping instance."; 934 leaf-list bridge-outgoing-interface { 935 when 'derived-from-or-self(../../../l2-service- 936 type,"ims:bridge")'; 937 type if:interface-ref; 938 description "Outgoing interface in BRIDGE forwarding"; 939 } 941 leaf up-time { 942 type uint32; 943 units seconds; 944 mandatory true; 945 description 946 "The time elapsed since L2 multicast record created"; 947 } 949 leaf expire { 950 type rt-types:timer-value-seconds16; 951 units seconds; 952 description 953 "The time left before multicast group timeout."; 954 } 956 leaf host-count { 957 if-feature explicit-tracking; 958 type yang:gauge32; 959 description 960 "The number of host addresses."; 961 } 962 } // instance-state-source-attributes-igmp-mld-snooping 964 grouping igmp-snooping-statistics { 965 description 966 "The statistics attributes for IGMP snooping."; 968 leaf query-count { 969 type yang:counter64; 970 description 971 "The number of Membership Query messages."; 972 reference 973 "RFC 2236"; 974 } 975 leaf membership-report-v1-count { 976 type yang:counter64; 977 description 978 "The number of Version 1 Membership Report messages."; 979 reference 980 "RFC 1112"; 981 } 982 leaf membership-report-v2-count { 983 type yang:counter64; 984 description 985 "The number of Version 2 Membership Report messages."; 986 reference 987 "RFC 2236"; 988 } 989 leaf membership-report-v3-count { 990 type yang:counter64; 991 description 992 "The number of Version 3 Membership Report messages."; 993 reference 994 "RFC 3376"; 995 } 996 leaf leave-count { 997 type yang:counter64; 998 description 999 "The number of Leave Group messages."; 1000 reference 1001 "RFC 2236"; 1002 } 1003 leaf pim-hello-count { 1004 type yang:counter64; 1005 description 1006 "The number of PIM hello messages."; 1007 reference 1008 "RFC 7761"; 1009 } 1010 } // igmp-snooping-statistics 1012 grouping mld-snooping-statistics { 1013 description 1014 "The statistics attributes for MLD snooping."; 1016 leaf query-count { 1017 type yang:counter64; 1018 description 1019 "The number of Multicast Listener Query messages."; 1020 reference 1021 "RFC 3810"; 1022 } 1023 leaf report-v1-count { 1024 type yang:counter64; 1025 description 1026 "The number of Version 1 Multicast Listener Report."; 1027 reference 1028 "RFC 2710"; 1029 } 1030 leaf report-v2-count { 1031 type yang:counter64; 1032 description 1033 "The number of Version 2 Multicast Listener Report."; 1034 reference 1035 "RFC 3810"; 1036 } 1037 leaf done-count { 1038 type yang:counter64; 1039 description 1040 "The number of Version 1 Multicast Listener Done."; 1041 reference 1042 "RFC 2710"; 1043 } 1044 leaf pim-hello-count { 1045 type yang:counter64; 1046 description 1047 "The number of PIM hello messages."; 1048 reference 1049 "RFC 7761"; 1050 } 1051 } // mld-snooping-statistics 1053 augment "/rt:routing/rt:control-plane-protocols"+ 1054 "/rt:control-plane-protocol" { 1055 when 'derived-from-or-self(rt:type, "ims:igmp-snooping")' { 1056 description 1057 "This container is only valid for IGMP snooping."; 1058 } 1059 description 1060 "IGMP snooping augmentation to control plane protocol 1061 configuration and state."; 1063 container igmp-snooping-instance { 1064 if-feature igmp-snooping; 1065 description 1066 "IGMP snooping instance to configure igmp-snooping."; 1068 leaf l2-service-type { 1069 type l2-service-type; 1070 default bridge; 1071 description 1072 "It indicates BRIDGE or other services."; 1073 } 1075 uses instance-config-attributes-igmp-mld-snooping; 1077 leaf igmp-version { 1078 type uint8 { 1079 range "1..3"; 1080 } 1081 default 2; 1082 description "IGMP version."; 1083 } 1084 leaf querier-source { 1085 type inet:ipv4-address; 1086 description 1087 "The source address of IGMP General Query message, 1088 which is sent out by this switch."; 1089 } 1091 list static-l2-multicast-group { 1092 if-feature static-l2-multicast-group; 1093 key "group source-addr"; 1094 description 1095 "A static multicast route, (*,G) or (S,G)."; 1097 leaf group { 1098 type rt-types:ipv4-multicast-group-address; 1099 description 1100 "Multicast group IPv4 address"; 1101 } 1103 leaf source-addr { 1104 type rt-types:ipv4-multicast-source-address; 1105 description 1106 "Multicast source IPv4 address."; 1107 } 1109 leaf-list bridge-outgoing-interface { 1110 when 'derived-from-or-self(../../l2-service- 1111 type,"ims:bridge")'; 1112 type if:interface-ref; 1113 description "Outgoing interface in BRIDGE forwarding"; 1114 } 1115 } // static-l2-multicast-group 1117 uses instance-state-attributes-igmp-mld-snooping; 1119 list group { 1121 key "address"; 1123 config false; 1125 description "IGMP snooping information"; 1127 leaf address { 1128 type rt-types:ipv4-multicast-group-address; 1129 description 1130 "Multicast group IPv4 address"; 1131 } 1133 uses instance-state-group-attributes-igmp-mld-snooping; 1134 leaf last-reporter { 1135 type inet:ipv4-address; 1136 description 1137 "Address of the last host which has sent report to join 1138 the multicast group."; 1139 } 1141 list source { 1142 key "address"; 1143 description "Source IPv4 address for multicast stream"; 1145 leaf address { 1146 type rt-types:ipv4-multicast-source-address; 1147 description "Source IPv4 address for multicast stream"; 1148 } 1150 uses instance-state-source-attributes-igmp-mld-snooping; 1152 leaf last-reporter { 1153 type inet:ipv4-address; 1154 description 1155 "Address of the last host which has sent report 1156 to join the multicast group."; 1157 } 1159 list host { 1160 if-feature explicit-tracking; 1161 key "address"; 1162 description 1163 "List of multicast membership hosts 1164 of the specific multicast source-group."; 1166 leaf address { 1167 type inet:ipv4-address; 1168 description 1169 "Multicast membership host address."; 1170 } 1171 leaf filter-mode { 1172 type filter-mode-type; 1173 mandatory true; 1174 description 1175 "Filter mode for a multicast membership 1176 host may be either include or exclude."; 1177 } 1178 }// list host 1179 } // list source 1180 } // list group 1182 container interfaces { 1183 config false; 1184 description 1185 "Contains the interfaces associated with the IGMP snooping 1186 instance"; 1188 list interface { 1189 key "name"; 1191 description 1192 "A list of interfaces associated with the IGMP snooping 1193 instance"; 1195 leaf name { 1196 type if:interface-ref; 1197 description 1198 "The name of interface"; 1200 } 1202 container statistics { 1203 description 1204 "The interface statistics for IGMP snooping"; 1206 leaf discontinuity-time { 1207 type yang:date-and-time; 1208 description 1209 "The time on the most recent occasion at which any one 1210 or more of the statistic counters suffered a 1211 discontinuity. If no such discontinuities have 1212 occurred since the last re-initialization of the local 1213 management subsystem, then this node contains the time 1214 the local management subsystem re-initialized 1215 itself."; 1216 } 1217 container received { 1218 description 1219 "Number of received snooped IGMP packets"; 1221 uses igmp-snooping-statistics; 1222 } 1223 container sent { 1224 description 1225 "Number of sent snooped IGMP packets"; 1227 uses igmp-snooping-statistics; 1228 } 1229 } 1230 } 1231 } 1233 action clear-igmp-snooping-groups { 1234 if-feature action-clear-groups; 1235 description 1236 "Clear IGMP snooping cache tables."; 1238 input { 1239 leaf group { 1240 type union { 1241 type enumeration { 1242 enum 'all-groups' { 1243 description 1244 "All multicast group addresses."; 1245 } 1246 } 1247 type rt-types:ipv4-multicast-group-address; 1248 } 1249 mandatory true; 1250 description 1251 "Multicast group IPv4 address. If value 'all-groups' is 1252 specified, all IGMP snooping group entries are cleared 1253 for specified source address."; 1254 } 1255 leaf source { 1256 type rt-types:ipv4-multicast-source-address; 1257 mandatory true; 1258 description 1259 "Multicast source IPv4 address. If value '*' is specified, 1260 all IGMP snooping source-group tables are cleared."; 1261 } 1262 } 1263 } // action clear-igmp-snooping-groups 1264 } // igmp-snooping-instance 1265 } // augment 1267 augment "/rt:routing/rt:control-plane-protocols"+ 1268 "/rt:control-plane-protocol" { 1269 when 'derived-from-or-self(rt:type, "ims:mld-snooping")' { 1270 description 1271 "This container is only valid for MLD snooping."; 1272 } 1273 description 1274 "MLD snooping augmentation to control plane protocol 1275 configuration and state."; 1277 container mld-snooping-instance { 1278 if-feature mld-snooping; 1279 description 1280 "MLD snooping instance to configure mld-snooping."; 1282 leaf l2-service-type { 1283 type l2-service-type; 1284 default bridge; 1285 description 1286 "It indicates BRIDGE or other services."; 1287 } 1289 uses instance-config-attributes-igmp-mld-snooping; 1291 leaf mld-version { 1292 type uint8 { 1293 range "1..2"; 1294 } 1295 default 2; 1296 description "MLD version."; 1297 } 1299 leaf querier-source { 1300 type inet:ipv6-address; 1301 description 1302 "The source address of MLD General Query message, 1303 which is sent out by this switch."; 1304 } 1306 list static-l2-multicast-group { 1307 if-feature static-l2-multicast-group; 1308 key "group source-addr"; 1309 description 1310 "A static multicast route, (*,G) or (S,G)."; 1312 leaf group { 1313 type rt-types:ipv6-multicast-group-address; 1314 description 1315 "Multicast group IPv6 address"; 1316 } 1318 leaf source-addr { 1319 type rt-types:ipv6-multicast-source-address; 1320 description 1321 "Multicast source IPv6 address."; 1322 } 1324 leaf-list bridge-outgoing-interface { 1325 when 'derived-from-or-self(../../l2-service- 1326 type,"ims:bridge")'; 1327 type if:interface-ref; 1328 description "Outgoing interface in BRIDGE forwarding"; 1329 } 1330 } // static-l2-multicast-group 1332 uses instance-state-attributes-igmp-mld-snooping; 1334 list group { 1335 key "address"; 1336 config false; 1337 description "MLD snooping statistics information"; 1339 leaf address { 1340 type rt-types:ipv6-multicast-group-address; 1341 description 1342 "Multicast group IPv6 address"; 1343 } 1345 uses instance-state-group-attributes-igmp-mld-snooping; 1347 leaf last-reporter { 1348 type inet:ipv6-address; 1349 description 1350 "Address of the last host which has sent report 1351 to join the multicast group."; 1352 } 1354 list source { 1355 key "address"; 1356 description "Source IPv6 address for multicast stream"; 1358 leaf address { 1359 type rt-types:ipv6-multicast-source-address; 1360 description "Source IPv6 address for multicast stream"; 1361 } 1363 uses instance-state-source-attributes-igmp-mld-snooping; 1365 leaf last-reporter { 1366 type inet:ipv6-address; 1367 description 1368 "Address of the last host which has sent report 1369 to join the multicast group."; 1370 } 1372 list host { 1373 if-feature explicit-tracking; 1374 key "address"; 1375 description 1376 "List of multicast membership hosts 1377 of the specific multicast source-group."; 1379 leaf address { 1380 type inet:ipv6-address; 1381 description 1382 "Multicast membership host address."; 1383 } 1384 leaf filter-mode { 1385 type filter-mode-type; 1386 mandatory true; 1387 description 1388 "Filter mode for a multicast membership 1389 host may be either include or exclude."; 1390 } 1391 }// list host 1392 } // list source 1393 } // list group 1395 container interfaces { 1396 config false; 1398 description 1399 "Contains the interfaces associated with the MLD snooping 1400 instance"; 1402 list interface { 1403 key "name"; 1405 description 1406 "A list of interfaces associated with the MLD snooping 1407 instance"; 1409 leaf name { 1410 type if:interface-ref; 1411 description 1412 "The name of interface"; 1414 } 1416 container statistics { 1417 description 1418 "The interface statistics for MLD snooping"; 1420 leaf discontinuity-time { 1421 type yang:date-and-time; 1422 description 1423 "The time on the most recent occasion at which any one 1424 or more of the statistic counters suffered a 1425 discontinuity. If no such discontinuities have 1426 occurred since the last re-initialization of the local 1427 management subsystem, then this node contains the time 1428 the local management subsystem re-initialized 1429 itself."; 1430 } 1431 container received { 1432 description 1433 "Number of received snooped MLD packets"; 1435 uses mld-snooping-statistics; 1436 } 1437 container sent { 1438 description 1439 "Number of sent snooped MLD packets"; 1441 uses mld-snooping-statistics; 1442 } 1443 } 1444 } 1445 } 1447 action clear-mld-snooping-groups { 1448 if-feature action-clear-groups; 1449 description 1450 "Clear MLD snooping cache tables."; 1452 input { 1453 leaf group { 1454 type union { 1455 type enumeration { 1456 enum 'all-groups' { 1457 description 1458 "All multicast group addresses."; 1459 } 1460 } 1461 type rt-types:ipv6-multicast-group-address; 1462 } 1463 mandatory true; 1464 description 1465 "Multicast group IPv6 address. If value 'all-groups' is 1466 specified, all MLD snooping group entries are cleared 1467 for specified source address."; 1468 } 1469 leaf source { 1470 type rt-types:ipv6-multicast-source-address; 1471 mandatory true; 1472 description 1473 "Multicast source IPv6 address. If value '*' is specified, 1474 all MLD snooping source-group tables are cleared."; 1475 } 1476 } 1477 } // action clear-mld-snooping-groups 1478 }// mld-snooping-instance 1479 } // augment 1481 augment "/dot1q:bridges/dot1q:bridge" { 1482 description 1483 "Use IGMP & MLD snooping instance in BRIDGE."; 1485 leaf igmp-snooping-instance { 1486 type igmp-mld-snooping-instance-ref; 1487 description 1488 "Configure IGMP snooping instance under bridge view"; 1490 } 1492 leaf mld-snooping-instance { 1493 type igmp-mld-snooping-instance-ref; 1494 description 1495 "Configure MLD snooping instance under bridge view"; 1496 } 1497 } 1499 augment "/dot1q:bridges/dot1q:bridge"+ 1500 "/dot1q:component/dot1q:bridge-vlan/dot1q:vlan" { 1501 description 1502 "Use IGMP & MLD snooping instance in certain VLAN of BRIDGE"; 1504 leaf igmp-snooping-instance { 1505 type igmp-mld-snooping-instance-ref; 1506 description 1507 "Configure IGMP snooping instance under VLAN view"; 1508 } 1510 leaf mld-snooping-instance { 1511 type igmp-mld-snooping-instance-ref; 1512 description 1513 "Configure MLD snooping instance under VLAN view"; 1514 } 1515 } 1516 } 1517 1519 5. Security Considerations 1521 The YANG module specified in this document defines a schema for data 1522 that is designed to be accessed via network management protocols such as 1523 NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the 1524 secure transport layer, and the mandatory-to-implement secure transport 1525 is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1526 the mandatory-to-implement secure transport is TLS [RFC8446]. 1528 The Network Configuration Access Control Model (NACM) [RFC8341] provides 1529 the means to restrict access for particular NETCONF or RESTCONF users to 1530 a preconfigured subset of all available NETCONF or RESTCONF protocol 1531 operations and content. 1533 There are a number of data nodes defined in this YANG module that are 1534 writable/creatable/deletable (i.e., config true, which is the default). 1535 These data nodes may be considered sensitive or vulnerable in some 1536 network environments. Write operations (e.g., edit-config) to these data 1537 nodes without proper protection can have a negative effect on network 1538 operations. These are the subtrees and data nodes and their 1539 sensitivity/vulnerability: 1541 Under /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol:/ 1543 ims:igmp-snooping-instance 1545 ims:mld-snooping-instance 1547 The subtrees under /dot1q:bridges/dot1q:bridge 1549 ims:igmp-snooping-instance 1551 ims:mld-snooping-instance 1553 The subtrees under /dot1q:bridges/dot1q:bridge/dot1q:component 1554 /dot1q:bridge-vlan/dot1q:vlan 1556 ims:igmp-snooping-instance 1558 ims:mld-snooping-instance 1560 Unauthorized access to any data node of these subtrees can adversely 1561 affect the IGMP & MLD Snooping subsystem of both the local device and 1562 the network. This may lead to network malfunctions, delivery of packets 1563 to inappropriate destinations, and other problems. 1565 Some of the readable data nodes in this YANG module may be considered 1566 sensitive or vulnerable in some network environments. It is thus 1567 important to control read access (e.g., via get, get-config, or 1568 notification) to these data nodes. These are the subtrees and data nodes 1569 and their sensitivity/vulnerability: 1571 Under /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol:/ 1573 ims:igmp-snooping-instance 1575 ims:mld-snooping-instance 1577 Unauthorized access to any data node of these subtrees can disclose the 1578 operational state information of IGMP & MLD Snooping on this device. The 1579 group/source/host information may expose multicast group memberships, 1580 and transitively the associations between the user on the host and the 1581 contents from the source which could be privately sensitive. Some of the 1582 action operations in this YANG module may be considered sensitive or 1583 vulnerable in some network environments. It is thus important to control 1584 access to these operations. These are the operations and their 1585 sensitivity/vulnerability: 1587 Under /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol:/ 1589 ims:igmp-snooping-instance/ims:clear-igmp-snooping-groups 1591 ims:mld-snooping-instance/ims:clear-mld-snooping-groups 1592 Some of the actions in this YANG module may be considered sensitive or 1593 vulnerable in some network environments. The IGMP & MLD Snooping YANG 1594 module supports the "clear-igmp-snooping-groups" and "clear-mld- 1595 snooping-groups" actions. If unauthorized action is invoked, the IGMP 1596 and MLD Snooping group tables will be cleared unexpectedly. Especially 1597 when using wildcard, all the multicast traffic will be flooded in the 1598 broadcast domain. The devices that use this YANG module should heed the 1599 Security Considerations in [RFC4541]. 1601 6. IANA Considerations 1603 RFC Ed.: In this section, replace all occurrences of 'XXXX' with the 1604 actual RFC number (and remove this note). 1606 6.1. XML Registry 1608 This document registers the following namespace URIs in the IETF XML 1610 registry [RFC3688]: 1612 -------------------------------------------------------------------- 1613 URI: urn:ietf:params:xml:ns:yang:ietf-igmp-mld-snooping 1614 Registrant Contact: The IETF. 1615 XML: N/A, the requested URI is an XML namespace. 1616 -------------------------------------------------------------------- 1618 6.2. YANG Module Names Registry 1620 This document registers the following YANG modules in the YANG Module 1621 Names registry [RFC7950]: 1622 -------------------------------------------------------------------- 1623 name: ietf-igmp-mld-snooping 1624 namespace: urn:ietf:params:xml:ns:yang:ietf-igmp-mld-snooping 1625 prefix: ims 1626 reference: RFC XXXX 1627 -------------------------------------------------------------------- 1628 7. References 1630 7.1. Normative References 1632 [dot1Qcp] IEEE, "Standard for Local and metropolitan area networks-- 1633 Bridges and Bridged Networks--Amendment 30: YANG Data 1634 Model", IEEE Std 802.1Qcp-2018 (Revision of IEEE Std 1635 802.1Q-2014), September 2018, 1636 1638 [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, 1639 RFC 1112, August 1989. 1641 [RFC2236] W. Fenner, "Internet Group Management Protocol, Version 2", 1642 RFC 2236, November 1997. 1644 [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast 1645 Listener Discovery (MLD) for IPv6", RFC 2710, October 1999. 1647 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 1648 Thyagarajan, "Internet Group Management Protocol, Version 1649 3", RFC 3376, October 2002. 1651 [RFC3688] Mealling, M., "The IETF XML Registry", RFC 3688, January 1652 2004. 1654 [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery 1655 Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. 1657 [RFC4286] B. Haberman and J. Martin, "Multicast Router Discovery", 1658 RFC 4286, December 2005. 1660 [RFC4541] M. Christensen, K. Kimball, F. Solensky, "Considerations 1661 for Internet Group Management Protocol (IGMP) and Multicast 1662 Listener Discovery (MLD) Snooping Switches", RFC 4541, May 1663 2006. 1665 [RFC5790] H. Liu, W. Cao, H. Asaeda, "Lightweight Internet Group 1666 Management Protocol Version 3 (IGMPv3) and Multicast 1667 Listener Discovery Version 2 (MLDv2) Protocols", RFC 5790, 1668 February 2010. 1670 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1671 the Network Configuration Protocol (NETCONF)", RFC 6020, 1672 October 2010. 1674 [RFC6241] R. Enns, Ed., M. Bjorklund, Ed., J. Schoenwaelder, Ed., A. 1675 Bierman, Ed., "Network Configuration Protocol (NETCONF)", 1676 RFC 6241, June 2011. 1678 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1679 Shell (SSH)", RFC 6242, June 2011. 1681 [RFC6636] H. Asaeda, H. Liu, Q. Wu, "Tuning the Behavior of the 1682 Internet Group Management Protocol (IGMP) and Multicast 1683 Listener Discovery (MLD) for Routers in Mobile and Wireless 1684 Networks", RFC 6636, May 2012. 1686 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, 1687 July 2013. 1689 [RFC7761] B. Fenner, M. Handley, H. Holbrook, I. Kouvelas, R. Parekh, 1690 Z. Zhang, L. Zheng, "Protocol Independent Multicast - 1691 Sparse Mode (PIM-SM): Protocol Specification (Revised)", 1692 RFC 7761, March 2016. 1694 [RFC7950] M. Bjorklund, Ed., "The YANG 1.1 Data Modeling Language", 1695 RFC 7950, August 2016. 1697 [RFC8040] A. Bierman, M. Bjorklund, K. Watsen, "RESTCONF Protocol", 1698 RFC 8040, January 2017. 1700 [RFC8294] X. Liu, Y. Qu, A. Lindem, C. Hopps, L. Berger, "Common YANG 1701 Data Types for the Routing Area", RFC 8294, December 2017. 1703 [RFC8340] M. Bjorklund, and L. Berger, Ed., "YANG Tree Diagrams", RFC 1704 8340, March 2018. 1706 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access 1707 Control Model", RFC 8341, March 2018. 1709 [RFC8342] M. Bjorklund and J. Schoenwaelder, "Network Management 1710 Datastore Architecture (NMDA)", RFC 8342, March 2018. 1712 [RFC8343] M. Bjorklund, "A YANG Data Model for Interface Management", 1713 RFC 8343, March 2018. 1715 [RFC8349] L. Lhotka, A. Lindem, Y. Qu, "A YANG Data Model for Routing 1716 Management (NMDA Version)", RFC 8349, March 2018. 1718 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1719 Version 1.3", RFC 8446, August 2018. 1721 7.2. Informative References 1723 [RFC7951] L. Lhotka, "JSON Encoding of Data Modeled with YANG", RFC 1724 7951, August 2016. 1726 [RFC8407] A. Bierman, "Guidelines for Authors and Reviewers of 1727 Documents Containing YANG Data Models", RFC 8407, October 1728 2018. 1730 [RFC8652] X. Liu, F. Guo, M. Sivakumar, P. McAllister, A. Peter, "A 1731 YANG Data Model for the Internet Group Management Protocol 1732 (IGMP) and Multicast Listener Discovery (MLD)", RFC 8652, 1733 November 2019. 1735 Appendix A. Data Tree Example 1737 This section contains an example for bridge service in the JSON encoding 1738 [RFC7951], containing both configuration and state data. 1740 +-----------+ 1741 + Source + 1742 +-----+-----+ 1743 | 1744 -----------------+---------------------------- 1745 |eth1/1 1746 +---+---+ 1747 + R1 + 1748 +-+---+-+ 1749 eth1/2 | \ eth1/3 1750 | \ 1751 | \ 1752 | \ 1753 | \ 1754 eth2/1 | \ eth3/1 1755 +---+---+ +--+---+ 1756 + R2 + + R3 + 1757 +---+---+ +--+---+ 1758 eth2/2 | | eth3/2 1759 | | 1760 ---------------+----------+------------------- 1761 | | 1762 | | 1763 +--------+--+ +---+--------+ 1764 + Receiver1 + + Receiver2 + 1765 +-----------+ +------------+ 1767 The configuration data for R1 in the above figure could be as follows: 1769 { 1770 "ietf-interfaces:interfaces":{ 1771 "interface":[ 1772 { 1773 "name":"eth1/1", 1774 "type":"iana-if-type:ethernetCsmacd" 1775 } 1776 ] 1778 }, 1779 "ietf-routing:routing":{ 1780 "control-plane-protocols":{ 1781 "control-plane-protocol":[ 1782 { 1783 "type":"ietf-igmp-mld-snooping:igmp-snooping", 1784 "name":"bis1", 1785 "ietf-igmp-mld-snooping:igmp-snooping-instance":{ 1786 "l2-service-type":"ietf-igmp-mld-snooping:bridge", 1787 "enable":true 1788 } 1789 } 1790 ] 1791 } 1792 }, 1793 "ieee802-dot1q-bridge:bridges":{ 1794 "bridge":[ 1795 { 1796 "name":"isp1", 1797 "address":"00-23-ef-a5-77-12", 1798 "bridge-type":"ieee802-dot1q-bridge:customer-vlan-bridge", 1799 "component":[ 1800 { 1801 "name":"comp1", 1802 "type":"ieee802-dot1q-bridge:c-vlan-component", 1803 "bridge-vlan":{ 1804 "vlan":[ 1805 { 1806 "vid":101, 1807 "ietf-igmp-mld-snooping:igmp-snooping-instance":"bis1" 1808 } 1809 ] 1810 } 1811 } 1812 ] 1813 } 1814 ] 1815 } 1816 } 1818 The corresponding operational state data for R1 could be as follows: 1820 { 1821 "ietf-interfaces:interfaces": { 1822 "interface": [ 1823 { 1824 "name": "eth1/1", 1825 "type": "iana-if-type:ethernetCsmacd", 1826 "oper-status": "up", 1827 "statistics": { 1828 "discontinuity-time": "2018-05-23T12:34:56-05:00" 1830 } 1831 } 1832 ] 1833 }, 1834 "ietf-routing:routing": { 1835 "control-plane-protocols": { 1836 "control-plane-protocol": [ 1837 { 1838 "type": "ietf-igmp-mld-snooping:igmp-snooping", 1839 "name": "bis1", 1840 "ietf-igmp-mld-snooping:igmp-snooping-instance": { 1841 "l2-service-type": "ietf-igmp-mld-snooping:bridge", 1842 "enable": true 1843 } 1844 } 1845 ] 1846 } 1847 }, 1848 "ieee802-dot1q-bridge:bridges": { 1849 "bridge": [ 1850 { 1851 "name": "isp1", 1852 "address": "00-23-ef-a5-77-12", 1853 "bridge-type": "ieee802-dot1q-bridge:customer-vlan-bridge", 1854 "component": [ 1855 { 1856 "name": "comp1", 1857 "type": "ieee802-dot1q-bridge:c-vlan-component", 1858 "bridge-vlan": { 1859 "vlan": [ 1860 { 1861 "vid": 101, 1862 "ietf-igmp-mld-snooping:igmp-snooping-instance": "bis1" 1863 } 1864 ] 1865 } 1866 } 1867 ] 1868 } 1869 ] 1870 } 1871 } 1872 The following action is to clear all the entries whose group address is 1873 225.1.1.1 for igmp-snooping-instance bis1. 1875 POST /restconf/operations/ietf-routing:routing/control-plane-protocols/\ 1876 control-plane-protocol=ietf-igmp-mld-snooping:igmp-snooping,bis1/\ 1877 ietf-igmp-mld-snooping:igmp-snooping-instance/\ 1878 clear-igmp-snooping-groups HTTP/1.1 1879 Host: example.com 1880 Content-Type: application/yang-data+json 1881 { 1882 "ietf-igmp-mld-snooping:input" : { 1883 "group": "225.1.1.1", 1884 "source": "*" 1885 } 1886 } 1888 Authors' Addresses 1890 Hongji Zhao 1891 Ericsson (China) Communications Company Ltd. 1892 Ericsson Tower, No. 5 Lize East Street, 1893 Chaoyang District Beijing 100102, China 1895 Email: hongji.zhao@ericsson.com 1897 Xufeng Liu 1898 Volta Networks 1899 USA 1901 EMail: xufeng.liu.ietf@gmail.com 1903 Yisong Liu 1904 China Mobile 1905 China 1907 Email: liuyisong@chinamobile.com 1909 Anish Peter 1910 Individual 1912 EMail: anish.ietf@gmail.com 1914 Mahesh Sivakumar 1915 Juniper Networks 1916 1133 Innovation Way 1917 Sunnyvale, California 1918 USA 1920 EMail: sivakumar.mahesh@gmail.com