idnits 2.17.1 draft-ietf-pim-msdp-yang-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 16 instances of too long lines in the document, the longest one being 33 characters in excess of 72. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 562: '... SHOULD be set to 30 s...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 100 has weird spacing: '...-policy str...' -- The document date (October 12, 2018) is 2022 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.ietf-netmod-rfc6087bis' is defined on line 1024, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-rtgwg-policy-model' is defined on line 1029, but no explicit reference was found in the text == Unused Reference: 'RFC4624' is defined on line 1043, but no explicit reference was found in the text == Unused Reference: 'RFC6087' is defined on line 1057, but no explicit reference was found in the text == Unused Reference: 'RFC6991' is defined on line 1075, but no explicit reference was found in the text == Unused Reference: 'RFC7223' is defined on line 1079, but no explicit reference was found in the text == Unused Reference: 'RFC7277' is defined on line 1083, but no explicit reference was found in the text == Unused Reference: 'RFC8022' is defined on line 1087, but no explicit reference was found in the text == Unused Reference: 'RFC8177' is defined on line 1095, but no explicit reference was found in the text == Outdated reference: A later version (-31) exists of draft-ietf-rtgwg-policy-model-03 ** Downref: Normative reference to an Experimental RFC: RFC 3618 ** Downref: Normative reference to an Experimental RFC: RFC 4624 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6087 (Obsoleted by RFC 8407) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) ** Obsolete normative reference: RFC 7277 (Obsoleted by RFC 8344) ** Obsolete normative reference: RFC 8022 (Obsoleted by RFC 8349) Summary: 10 errors (**), 0 flaws (~~), 12 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PIM WG Xufeng. Liu 3 Internet-Draft Volta Networks 4 Intended status: Standards Track Zheng. Zhang 5 Expires: April 15, 2019 ZTE Corporation 6 Anish. Peter 7 Individual contributor 8 Mahesh. Sivakumar 9 Juniper networks 10 Feng. Guo 11 Huawei Technologies 12 Pete. McAllister 13 Metaswitch Networks 14 October 12, 2018 16 A YANG Data Model for Multicast Source Discovery Protocol (MSDP) 17 draft-ietf-pim-msdp-yang-05 19 Abstract 21 This document defines a YANG data model for the configuration and 22 management of Multicast Source Discovery Protocol (MSDP) Protocol. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on April 15, 2019. 41 Copyright Notice 43 Copyright (c) 2018 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. Design of the Data Model . . . . . . . . . . . . . . . . . . 2 60 3. MSDP configuration . . . . . . . . . . . . . . . . . . . . . 4 61 4. MSDP State . . . . . . . . . . . . . . . . . . . . . . . . . 5 62 5. MSDP RPC . . . . . . . . . . . . . . . . . . . . . . . . . . 5 63 6. MSDP YANG model . . . . . . . . . . . . . . . . . . . . . . . 5 64 7. Security Considerations . . . . . . . . . . . . . . . . . . . 20 65 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 66 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 22 67 10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 22 68 11. Normative References . . . . . . . . . . . . . . . . . . . . 22 69 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 71 1. Introduction 73 [RFC3618] introduces the protocol definition of MSDP. This document 74 defines a YANG data model that can be used to configure and manage 75 the MSDP protocol. The operational state data and statistics can 76 also be retrieved by this model. 78 This model is designed to be used along with other multicast YANG 79 models such as PIM, which are not covered in this document. 81 2. Design of the Data Model 83 This model imports and augments ietf-routing YANG model defined in 84 [RFC8349]. Both configuration data nodes and state data nodes of 85 [RFC8349] are augmented. The configuration data nodes cover global 86 configuration attributes and per peer configuration attributes. The 87 state data nodes include global, per peer, and source-active 88 information. The container "msdp" is the top level container in this 89 data model. The presence of this container is expected to enable 90 MSDP protocol functionality. No notification is defined in this 91 model. 93 module: ietf-msdp 94 augment /rt:routing/rt:control-plane-protocols: 95 +--rw msdp! 96 +--rw global 97 | +--rw tcp-connection-source? if:interface-ref 98 | +--rw default-peer* [peer-addr prefix-policy] {global-default-peer,global-default-peer-policy}? 99 | | +--rw peer-addr -> ../../../peers/peer/address 100 | | +--rw prefix-policy string 101 | +--rw originating-rp 102 | | +--rw interface? if:interface-ref 103 | +--rw sa-filter 104 | | +--rw in? string 105 | | +--rw out? string 106 | +--rw sa-limit? uint32 {global-sa-limit}? 107 | +--rw ttl-threshold? uint8 108 +--rw peers 109 | +--rw peer* [address] 110 | +--rw address inet:ipv4-address 111 | +--rw authentication 112 | | +--rw (authentication-type)? 113 | | +--:(key-chain) {peer-key-chain}? 114 | | | +--rw key-chain? key-chain:key-chain-ref 115 | | +--:(password) 116 | | +--rw key? string 117 | | +--rw crypto-algorithm? identityref 118 | +--rw enable? boolean {peer-admin-enable}? 119 | +--rw tcp-connection-source? if:interface-ref 120 | +--rw description? string {peer-description}? 121 | +--rw mesh-group? string 122 | +--rw peer-as? inet:as-number {peer-as}? 123 | +--rw sa-filter 124 | | +--rw in? string 125 | | +--rw out? string 126 | +--rw sa-limit? uint32 {peer-sa-limit}? 127 | +--rw timer 128 | | +--rw connect-retry-interval? uint16 129 | | +--rw holdtime-interval? uint16 130 | | +--rw keepalive-interval? uint16 131 | +--rw ttl-threshold? uint8 132 | +--ro session-state? enumeration 133 | +--ro elapsed-time? uint32 134 | +--ro connect-retry-expire? uint32 135 | +--ro hold-expire? uint16 136 | +--ro is-default-peer? boolean 137 | +--ro keepalive-expire? uint16 138 | +--ro reset-count? uint32 139 | +--ro statistics 140 | +--ro discontinuity-time? yang:date-and-time 141 | +--ro error 142 | | +--ro rpf-failure? uint32 143 | +--ro queue 144 | | +--ro size-in? uint32 145 | | +--ro size-out? uint32 146 | +--ro received 147 | | +--ro keepalive? yang:counter64 148 | | +--ro notification? yang:counter64 149 | | +--ro sa-message? yang:counter64 150 | | +--ro sa-response? yang:counter64 151 | | +--ro sa-request? yang:counter64 152 | | +--ro total? yang:counter64 153 | +--ro sent 154 | +--ro keepalive? yang:counter64 155 | +--ro notification? yang:counter64 156 | +--ro sa-message? yang:counter64 157 | +--ro sa-response? yang:counter64 158 | +--ro sa-request? yang:counter64 159 | +--ro total? yang:counter64 160 +--ro sa-cache 161 +--ro entry* [group source-addr] 162 +--ro group inet:ipv4-address 163 +--ro source-addr union 164 +--ro origin-rp* [rp-address] 165 | +--ro rp-address inet:ip-address 166 | +--ro is-local-rp? boolean 167 | +--ro sa-adv-expire? uint32 168 +--ro state-attributes 169 +--ro up-time? uint32 170 +--ro expire? uint32 171 +--ro holddown-interval? uint32 172 +--ro peer-learned-from? inet:ipv4-address 173 +--ro rpf-peer? inet:ipv4-address 175 rpcs: 176 +---x clear-peer 177 | +---w input 178 | +---w peer-address? inet:ipv4-address 179 +---x clear-sa-cache {rpc-clear-sa-cache}? 180 +---w input 181 +---w entry! 182 | +---w group rt-types:ipv4-multicast-group-address 183 | +---w source-addr? rt-types:ipv4-multicast-source-address 184 +---w peer-address? inet:ipv4-address 185 +---w peer-as? inet:as-number 187 3. MSDP configuration 189 MSDP configurations require peer configurations. Several peers may 190 be configured in a mesh-group. The Source-Active information may be 191 filtered by peers. 193 The configuration modeling branch is composed of MSDP global and peer 194 configurations. The two parts are the most important parts of MSDP. 196 Besides the fundamental features of MSDP protocol, several optional 197 features are included in the model. These features help the control 198 of MSDP protocol. The peer features and SA features make the 199 deployment and control easier. The connection parameters can be used 200 to control the TCP connection because MSDP protocol is based on TCP. 201 The authentication features make the protocol more secure. The 202 filter features selectively allow operators to prevent SA information 203 from being forwarded to peers. 205 4. MSDP State 207 MSDP states are composed of MSDP global state, MSDP peer state, 208 statistics information and SA cache information. The statistics 209 information and SA cache information helps the operator to retrieve 210 the protocol condition. 212 5. MSDP RPC 214 The RPC part is used to define some useful and ordinary operations of 215 protocol management. Network manager can delete all the information 216 from a given peer by using the clear-peer rpc. And network manager 217 can delete a given SA cache information by clear-sa-cache rpc. 219 6. MSDP YANG model 221 file "ietf-msdp.yang" 222 module ietf-msdp { 224 yang-version 1.1; 226 namespace "urn:ietf:params:xml:ns:yang:ietf-msdp"; 227 prefix msdp; 229 import ietf-yang-types { 230 prefix "yang"; 231 reference "RFC6991"; 232 } 234 import ietf-inet-types { 235 prefix "inet"; 236 reference "RFC6991"; 237 } 239 import ietf-routing { 240 prefix "rt"; 241 reference "RFC8022"; 242 } 244 import ietf-interfaces { 245 prefix "if"; 246 reference "RFC7223"; 247 } 249 import ietf-ip { 250 prefix "ip"; 251 reference "RFC7277"; 252 } 254 import ietf-key-chain { 255 prefix "key-chain"; 256 reference "RFC8177"; 257 } 259 import ietf-routing-types { 260 prefix "rt-types"; 261 reference "RFC8294"; 262 } 264 organization 265 "IETF PIM(Protocols for IP Multicast) Working Group"; 267 contact 268 "WG Web: 269 WG List: 271 Editor: Xufeng Liu 272 274 Editor: Zheng Zhang 275 277 Editor: Anish Peter 278 280 Editor: Mahesh Sivakumar 281 283 Editor: Feng Guo 284 286 Editor: Pete McAllister 287 "; 289 description 290 "The module defines the YANG definitions for MSDP. 292 Copyright (c) 2018 IETF Trust and the persons 293 identified as authors of the code. All rights reserved. 295 Redistribution and use in source and binary forms, with or 296 without modification, is permitted pursuant to, and 297 subject to the license terms contained in, the Simplified 298 BSD License set forth in Section 4.c of the IETF Trust's 299 Legal Provisions Relating to IETF Documents 300 (http://trustee.ietf.org/license-info). 301 This version of this YANG module is part of RFC 3618; see 302 the RFC itself for full legal notices."; 304 revision 2018-10-20 { 305 description 306 "Initial revision."; 307 reference 308 "RFC XXXX: A YANG Data Model for MSDP. 309 RFC 3618: Multicast Source Discovery Protocol (MSDP). 310 RFC 4624: Multicast Source Discovery Protocol (MSDP) MIB"; 311 } 313 /* 314 * Features 315 */ 316 feature global-tcp-connect-source { 317 description 318 "Support configuration of global tcp connect source."; 319 } 321 feature global-default-peer { 322 description 323 "Support configuration of global default peer."; 324 } 326 feature global-default-peer-policy { 327 description 328 "Support policy configuration of global default peer."; 329 } 331 feature global-sa-filter { 332 description 333 "Support configuration of global SA filter."; 334 } 336 feature global-sa-limit { 337 description 338 "Support configuration of global limit on SA entries."; 339 } 341 feature global-ttl-threshold { 342 description 343 "Support configuration of global TTL threshold."; 344 } 346 feature rpc-clear-sa-cache { 347 description 348 "Support the RPC to clear SA cache."; 349 } 351 feature peer-admin-enable { 352 description 353 "Support configuration of peer administrative enabling."; 354 } 356 feature peer-as { 357 description 358 "Support configuration of peer AS number."; 359 } 361 feature peer-tcp-connect-source { 362 description 363 "Support configuration of peer tcp connect source."; 364 } 366 feature peer-description { 367 description 368 "Support configuration of peer description."; 369 } 371 feature peer-key-chain { 372 description 373 "Support configuration of peer key-chain."; 374 } 376 feature peer-password { 377 description 378 "Support configuration of peer password."; 379 } 381 feature peer-sa-limit { 382 description 383 "Support configuration of per peer limit on SA entries."; 384 } 385 /* 386 * Groupings 387 */ 388 grouping authentication-container { 389 description 390 "Authentication attributes."; 391 container authentication { 392 description 393 "A container defining authentication attributes."; 394 choice authentication-type { 395 case key-chain { 396 if-feature peer-key-chain; 397 leaf key-chain { 398 type key-chain:key-chain-ref; 399 description 400 "Reference to a key-chain."; 401 } 402 } 403 case password { 404 leaf key { 405 type string; 406 description 407 "This leaf describes the authentication key."; 408 } 409 leaf crypto-algorithm { 410 type identityref { 411 base key-chain:crypto-algorithm; 412 } 413 description 414 "Cryptographic algorithm associated with key."; 415 } 416 } 417 description 418 "Choice of authentication."; 419 } 420 } 421 } // authentication-container 423 grouping tcp-connect-source { 424 description 425 "Attribute to configure peer TCP connection source."; 426 leaf tcp-connection-source { 427 type if:interface-ref; 428 must "/if:interfaces/if:interface[if:name = current()]/" 429 + "ip:ipv4" { 430 description 431 "The interface must have IPv4 enabled."; 432 } 433 description 434 "The interface is to be the source for the TCP 435 connection. It is a reference to an entry in the global 436 interface list."; 437 } 438 } // tcp-connection-source 440 grouping global-config-attributes { 441 description "Global MSDP configuration."; 443 uses tcp-connect-source { 444 if-feature global-tcp-connect-source; 445 } 446 list default-peer { 447 if-feature global-default-peer; 448 if-feature global-default-peer-policy; 449 key "peer-addr prefix-policy"; 451 description 452 "The default peer accepts all MSDP SA messages. 453 A default peer is needed in topologies where MSDP peers 454 do not coexist with BGP peers. The reverse path 455 forwarding (RPF) check on SA messages can fail, and no 456 SA messages are accepted. In these cases, you can configure 457 the peer as a default peer and bypass RPF checks."; 459 leaf peer-addr { 460 type leafref { 461 path "../../../peers/peer/address"; 462 } 463 mandatory true; 464 description 465 "Reference to a peer that is in the peer list."; 466 } 467 leaf prefix-policy { 468 type string; 469 description 470 "If specified, only those SA entries whose RP is 471 permitted in the prefix list are allowed; 472 if not specified, all SA messages from the default 473 peer are accepted."; 474 } 475 } // default-peer 477 container originating-rp { 478 description 479 "The container of Originating RP."; 480 leaf interface { 481 type if:interface-ref; 482 must "/if:interfaces/if:interface[if:name = current()]/" 483 + "ip:ipv4" { 484 description 485 "The interface must have IPv4 enabled."; 486 } 487 description 488 "Reference to an entry in the global interface 489 list. 490 IP address of the interface is used in the RP field of 491 an SA message entry. When Anycast RPs are used, all 492 RPs use the same IP address. This parameter can be 493 used to define a unique IP address for the RP of each 494 MSDP peer. 495 By default, the software uses the RP address of the 496 local system."; 497 } 498 } // originating-rp 500 uses sa-filter-container { 501 if-feature global-sa-filter; 502 } 503 leaf sa-limit { 504 if-feature global-sa-limit; 505 type uint32; 506 description 507 "A limit on the number of SA entries accepted. 508 By default, there is no limit."; 509 } 510 uses ttl-threshold { 511 if-feature global-ttl-threshold; 512 } 513 } // global-config-attributes 515 grouping peer-config-attributes { 516 description "Per peer configuration for MSDP."; 518 uses authentication-container; 519 leaf enable { 520 if-feature peer-admin-enable; 521 type boolean; 522 description 523 "'true' if peer is enabled; 524 'false' if peer is disabled."; 525 } 526 uses tcp-connect-source { 527 if-feature peer-tcp-connect-source; 528 } 529 leaf description { 530 if-feature peer-description; 531 type string; 532 description 533 "The peer description."; 534 } 535 leaf mesh-group { 536 type string; 537 description 538 "Configure this peer to be a member of a mesh group"; 539 } 540 leaf peer-as { 541 if-feature peer-as; 542 type inet:as-number; 543 description 544 "Peer's autonomous system number (ASN). Using peer-as to 545 do verification can provide more controlled ability."; 546 } 547 uses sa-filter-container; 548 leaf sa-limit { 549 if-feature peer-sa-limit; 550 type uint32; 551 description 552 "A limit on the number of SA entries accepted from this 553 peer. By default, there is no limit."; 554 } 555 container timer { 556 description "Timer attributes."; 557 leaf connect-retry-interval { 558 type uint16; 559 units seconds; 560 default 30; 561 description "Peer timer for connect-retry, 562 SHOULD be set to 30 seconds."; 563 } 564 leaf holdtime-interval { 565 type uint16 { 566 range "3..65535"; 567 } 568 units seconds; 569 must "(../keepalive-interval and . > ../keepalive-interval) or " 570 +"(not(../keepalive-interval) and . > 60)" { 571 error-message "The keep alive interval must be " 572 + "smaller than the hold time interval"; 573 } 574 default 75; 575 description "The SA hold down period of this MSDP peer."; 576 } 577 leaf keepalive-interval { 578 type uint16 { 579 range "1..65535"; 580 } 581 units seconds; 582 must "(../holdtime-interval and . < ../holdtime-interval) or " 583 +"(not(../holdtime-interval) and . < 75)" { 584 error-message "The keep alive interval must be " 585 + "smaller than the hold time interval"; 586 } 587 default 60; 588 description "The keepalive timer of this MSDP peer."; 589 } 590 } // timer 591 uses ttl-threshold; 592 } // peer-config-attributes 594 grouping peer-state-attributes { 595 description "Per peer state attributes for MSDP."; 597 leaf session-state { 598 type enumeration { 599 enum disabled { 600 description "Disabled."; 601 } 602 enum inactive { 603 description "Inactive."; 604 } 605 enum listen { 606 description "Listen."; 607 } 608 enum connecting { 609 description "Connecting."; 610 } 611 enum established { 612 description "Established."; 613 } 614 } 615 config false; 616 description 617 "Peer session state."; 618 reference 619 "RFC3618: Multicast Source Discovery Protocol (MSDP)."; 620 } 621 leaf elapsed-time { 622 type uint32; 623 units seconds; 624 config false; 625 description "Elapsed time for being in a state."; 626 } 627 leaf connect-retry-expire { 628 type uint32; 629 units seconds; 630 config false; 631 description "Connect retry expire time of peer connection."; 632 } 633 leaf hold-expire { 634 type uint16; 635 units seconds; 636 config false; 637 description "Hold expire time of peer connection."; 638 } 639 leaf is-default-peer { 640 type boolean; 641 config false; 642 description "If this peer is default peer."; 643 } 644 leaf keepalive-expire { 645 type uint16; 646 units seconds; 647 config false; 648 description "Keepalive expire time of this peer."; 649 } 650 leaf reset-count { 651 type uint32; 652 config false; 653 description "The reset count of this peer."; 654 } 656 container statistics { 657 config false; 658 description 659 "A container defining statistics attributes."; 661 leaf discontinuity-time { 662 type yang:date-and-time; 663 description 664 "The time on the most recent occasion at which any one 665 or more of the statistic counters suffered a 666 discontinuity. If no such discontinuities have occurred 667 since the last re-initialization of the local 668 management subsystem, then this node contains the time 669 the local management subsystem re-initialized itself."; 670 } 672 container error { 673 description 674 "A grouping defining error statistics attributes."; 675 leaf rpf-failure { 676 type uint32; 677 description "Number of RPF failures."; 678 } 679 } // statistics-error 681 container queue { 682 description 683 "A container includes queue statistics attributes."; 684 leaf size-in { 685 type uint32; 686 description 687 "The size of the input queue."; 688 } 689 leaf size-out { 690 type uint32; 691 description 692 "The size of the output queue."; 693 } 694 } // statistics-queue 696 container received { 697 description "Received message counters."; 698 uses statistics-sent-received; 699 } 700 container sent { 701 description "Sent message counters."; 702 uses statistics-sent-received; 703 } 704 } // statistics-container 705 } // peer-state-attributes 707 grouping sa-filter-container { 708 description "A container defining SA filters."; 709 container sa-filter { 710 description 711 "Specifies an access control list (ACL) to filter source 712 active (SA) messages coming in to or going out of the 713 peer."; 714 leaf in { 715 type string; 716 description 717 "Filters incoming SA messages only. 718 The string value is the name to uniquely identify a policy that 719 contains one or more policy rules used to accept or reject MSDP 720 SA messages. 722 If a policy is not specified, all MSDP SA messages are accepted, 723 The definition of such a policy is outside the scope of this document."; 724 } 725 leaf out { 726 type string; 727 description 728 "Filters outgoing SA messages only. 729 The string value is the name to uniquely identify a policy that 730 contains one or more policy rules used to accept or reject MSDP 731 SA messages. 732 If a policy is not specified, all MSDP SA messages are accepted, 733 The definition of such a policy is outside the scope of this document."; 734 } 735 } // sa-filter 736 } // sa-filter-container 738 grouping ttl-threshold { 739 description "Attribute to configure TTL threshold."; 740 leaf ttl-threshold { 741 type uint8 { 742 range 1..255; 743 } 744 description "Maximum number of hops data packets can 745 traverse before being dropped."; 746 } 747 } // sa-ttl-threshold 749 grouping statistics-sent-received { 750 description 751 "A grouping defining sent and received statistics attributes."; 752 leaf keepalive { 753 type yang:counter64; 754 description 755 "The number of keepalive messages."; 756 } 757 leaf notification { 758 type yang:counter64; 759 description 760 "The number of notification messages."; 761 } 762 leaf sa-message { 763 type yang:counter64; 764 description 765 "The number of SA messages."; 766 } 767 leaf sa-response { 768 type yang:counter64; 769 description 770 "The number of SA response messages."; 771 } 772 leaf sa-request { 773 type yang:counter64; 774 description 775 "The number of SA request messages."; 776 } 777 leaf total { 778 type yang:counter64; 779 description 780 "The number of total messages."; 781 } 782 } // statistics-sent-received 784 /* 785 * Data nodes 786 */ 787 augment "/rt:routing/rt:control-plane-protocols" { 788 description 789 "MSDP augmentation to routing instance. This augmentation 790 is only valid for a routing protocol instance of MSDP."; 792 container msdp { 793 presence "Container for MSDP protocol."; 794 description 795 "MSDP configuration data."; 797 container global { 798 description 799 "Global attributes."; 800 uses global-config-attributes; 801 } 803 container peers { 804 description 805 "Containing a list of peers."; 806 list peer { 807 key "address"; 808 description 809 "List of MSDP peers."; 810 leaf address { 811 type inet:ipv4-address; 812 description 813 "The address of peer"; 814 } 815 uses peer-config-attributes; 816 uses peer-state-attributes; 817 } // peer 819 } // peers 821 container sa-cache { 822 config false; 823 description 824 "The SA cache information."; 825 list entry { 826 key "group source-addr"; 827 description "A list of SA cache entries."; 828 leaf group { 829 type inet:ipv4-address; 830 description "The group address of this SA cache."; 831 } 832 leaf source-addr { 833 type union { 834 type enumeration { 835 enum '*' { 836 description "Any source address."; 837 } 838 } 839 type inet:ipv4-address; 840 } 841 description "Source IPv4 address."; 842 } 843 list origin-rp { 844 key "rp-address"; 845 description "Origin RP address."; 846 leaf rp-address { 847 type inet:ip-address; 848 description "The RP address."; 849 } 850 leaf is-local-rp { 851 type boolean; 852 description "The RP is local."; 853 } 854 leaf sa-adv-expire { 855 type uint32; 856 units seconds; 857 description 858 "The remaining time duration before expiration 859 of the periodic SA advertisement timer on a local RP."; 860 } 861 } 863 container state-attributes { 864 description "SA cache state attributes for MSDP."; 866 leaf up-time { 867 type uint32; 868 units seconds; 869 description "The duration time of receiving this SA cache."; 870 } 871 leaf expire { 872 type uint32; 873 units seconds; 874 description "The duration time since this SA cache expires."; 875 } 876 leaf holddown-interval { 877 type uint32; 878 units seconds; 879 description "Hold-down timer value for SA forwarding."; 880 } 881 leaf peer-learned-from { 882 type inet:ipv4-address; 883 description 884 "The address of the peer that we learned this SA from."; 885 } 886 leaf rpf-peer { 887 type inet:ipv4-address; 888 description 889 "The address is used to find the SA's originating RP."; 890 } 891 } // sa-cache-state-attributes 892 } // entry 893 } // sa-cache 894 } // msdp 895 } // augment 897 /* 898 * RPCs 899 */ 900 rpc clear-peer { 901 description 902 "Clears the TCP connection to the peer."; 903 input { 904 leaf peer-address { 905 type inet:ipv4-address; 906 description 907 "Address of peer to be cleared. If this is not provided 908 then all peers are cleared."; 909 } 910 } 911 } 913 rpc clear-sa-cache { 914 if-feature rpc-clear-sa-cache; 915 description 916 "Clears MSDP source active (SA) cache entries."; 917 input { 918 container entry { 919 presence "If a particular entry is cleared."; 920 description 921 "The SA cache (S,G) or (*,G) entry to be cleared. If 922 this is not provided, all entries are cleared."; 923 leaf group { 924 type rt-types:ipv4-multicast-group-address; 925 mandatory true; 926 description "The group address"; 927 } 928 leaf source-addr { 929 type rt-types:ipv4-multicast-source-address; 930 description 931 "Address of multicast source to be cleared. If this 932 is not provided then all entries related to the 933 given group are cleared."; 934 } 935 } // s-g 936 leaf peer-address { 937 type inet:ipv4-address; 938 description 939 "Peer IP address from which MSDP SA cache entries have 940 been learned. If this is not provided, entries learned 941 from all peers are cleared."; 942 } 943 leaf peer-as { 944 type inet:as-number; 945 description 946 "ASN from which MSDP SA cache entries have been learned. 947 If this is not provided, entries learned from all AS's 948 are cleared."; 949 } 950 } 951 } 952 } 953 955 7. Security Considerations 957 The YANG module specified in this document defines a schema for data 958 that is designed to be accessed via network management protocols such 959 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 960 is the secure transport layer, and the mandatory-to-implement secure 961 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 962 is HTTPS, and the mandatory-to-implement secure transport is TLS 963 [RFC5246]. 965 The NETCONF access control model [RFC6536] provides the means to 966 restrict access for particular NETCONF or RESTCONF users to a 967 preconfigured subset of all available NETCONF or RESTCONF protocol 968 operations and content. 970 There are a number of data nodes defined in this YANG module that are 971 writable/creatable/deletable (i.e., config true, which is the 972 default). These data nodes may be considered sensitive or vulnerable 973 in some network environments. Write operations (e.g., edit-config) 974 to these data nodes without proper protection can have a negative 975 effect on network operations. For MSDP, the ability to modify MSDP 976 configuration will allow the unexpected MSDP peer establishment and 977 unexpected SA information learning and advertisement. The "password" 978 field is also a sensitive readable configuration, the unauthorized 979 reading function may lead to the password leaking. The security 980 considerations of MSDP [RFC3618] are applicable. 982 The RPC operations in this YANG module may be considered sensitive or 983 vulnerable in some network environments. It is thus important to 984 control access to these operations. The MSDP Yang module supports 985 the "clear-peer" and "clear-sa-cache" RPCs. If access to either of 986 these is compromised, they can result in unexpected MSDP peer 987 breakdown and unexpected SA information deletion. 989 8. IANA Considerations 991 The IANA is requested to assign two new URIs from the IETF XML 992 registry ([RFC3688]). Authors are suggesting the following URI: 994 URI: urn:ietf:params:xml:ns:yang:ietf-msdp 996 Registrant Contact: PIM WG 998 XML: N/A, the requested URI is an XML namespace 1000 This document also requests one new YANG module name in the YANG 1001 Module Names registry ([RFC6020]) with the following suggestion: 1003 name: ietf-msdp 1005 namespace: urn:ietf:params:xml:ns:yang:ietf-msdp 1007 prefix: msdp 1009 reference: RFC XXXX 1011 9. Contributors 1013 The authors would like to thank Yisong Liu (liuyisong@huawei.com), 1014 Benchong Xu (xu.benchong@zte.com.cn), Tanmoy Kundu 1015 (tanmoy.kundu@alcatel-lucent.com) for their valuable contributions. 1017 10. Acknowledgement 1019 The authors would like to thank Stig Venaas, Jake Holland for their 1020 valuable comments and suggestions. 1022 11. Normative References 1024 [I-D.ietf-netmod-rfc6087bis] 1025 Bierman, A., "Guidelines for Authors and Reviewers of YANG 1026 Data Model Documents", draft-ietf-netmod-rfc6087bis-20 1027 (work in progress), March 2018. 1029 [I-D.ietf-rtgwg-policy-model] 1030 Qu, Y., Tantsura, J., Lindem, A., Liu, X., and A. Shaikh, 1031 "A YANG Data Model for Routing Policy Management", draft- 1032 ietf-rtgwg-policy-model-03 (work in progress), June 2018. 1034 [RFC3618] Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source 1035 Discovery Protocol (MSDP)", RFC 3618, 1036 DOI 10.17487/RFC3618, October 2003, 1037 . 1039 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1040 DOI 10.17487/RFC3688, January 2004, 1041 . 1043 [RFC4624] Fenner, B. and D. Thaler, "Multicast Source Discovery 1044 Protocol (MSDP) MIB", RFC 4624, DOI 10.17487/RFC4624, 1045 October 2006, . 1047 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1048 (TLS) Protocol Version 1.2", RFC 5246, 1049 DOI 10.17487/RFC5246, August 2008, 1050 . 1052 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1053 the Network Configuration Protocol (NETCONF)", RFC 6020, 1054 DOI 10.17487/RFC6020, October 2010, 1055 . 1057 [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG 1058 Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, 1059 January 2011, . 1061 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1062 and A. Bierman, Ed., "Network Configuration Protocol 1063 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1064 . 1066 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1067 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1068 . 1070 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1071 Protocol (NETCONF) Access Control Model", RFC 6536, 1072 DOI 10.17487/RFC6536, March 2012, 1073 . 1075 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1076 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1077 . 1079 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1080 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1081 . 1083 [RFC7277] Bjorklund, M., "A YANG Data Model for IP Management", 1084 RFC 7277, DOI 10.17487/RFC7277, June 2014, 1085 . 1087 [RFC8022] Lhotka, L. and A. Lindem, "A YANG Data Model for Routing 1088 Management", RFC 8022, DOI 10.17487/RFC8022, November 1089 2016, . 1091 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1092 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1093 . 1095 [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. 1096 Zhang, "YANG Data Model for Key Chains", RFC 8177, 1097 DOI 10.17487/RFC8177, June 2017, 1098 . 1100 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1101 Routing Management (NMDA Version)", RFC 8349, 1102 DOI 10.17487/RFC8349, March 2018, 1103 . 1105 Authors' Addresses 1107 Xufeng Liu 1108 Volta Networks 1110 Email: xufeng.liu.ietf@gmail.com 1112 Zheng Zhang 1113 ZTE Corporation 1114 No. 50 Software Ave, Yuhuatai Distinct 1115 Nanjing 1116 China 1118 Email: zzhang_ietf@hotmail.com 1120 Anish Peter 1121 Individual contributor 1123 Email: anish.ietf@gmail.com 1125 Mahesh Sivakumar 1126 Juniper networks 1127 1133 Innovation Way 1128 Sunnyvale, CALIFORNIA 94089 1129 USA 1131 Email: sivakumar.mahesh@gmail.com 1133 Feng Guo 1134 Huawei Technologies 1135 Huawei Bld., No.156 Beiqing Rd. 1136 Beijing 100095 1137 China 1139 Email: guofeng@huawei.com 1141 Pete McAllister 1142 Metaswitch Networks 1143 100 Church Street 1144 Enfield EN2 6BQ 1145 UK 1147 Email: pete.mcallister@metaswitch.com