idnits 2.17.1 draft-ietf-pim-msdp-yang-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 8, 2020) is 1563 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-31) exists of draft-ietf-rtgwg-policy-model-08 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PIM WG Xufeng. Liu 3 Internet-Draft Volta Networks 4 Intended status: Standards Track Zheng. Zhang 5 Expires: July 11, 2020 ZTE Corporation 6 Anish. Peter 7 Individual contributor 8 Mahesh. Sivakumar 9 Juniper networks 10 Feng. Guo 11 Huawei Technologies 12 Pete. McAllister 13 Metaswitch Networks 14 January 8, 2020 16 A YANG Data Model for Multicast Source Discovery Protocol (MSDP) 17 draft-ietf-pim-msdp-yang-07 19 Abstract 21 This document defines a YANG data model for the configuration and 22 management of Multicast Source Discovery Protocol (MSDP) Protocol. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on July 11, 2020. 41 Copyright Notice 43 Copyright (c) 2020 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 60 1.2. Conventions Used in This Document . . . . . . . . . . . . 3 61 1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 62 1.4. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 63 2. Design of the Data Model . . . . . . . . . . . . . . . . . . 4 64 2.1. Scope of Model . . . . . . . . . . . . . . . . . . . . . 4 65 2.2. Specification . . . . . . . . . . . . . . . . . . . . . . 4 66 3. Module Structure . . . . . . . . . . . . . . . . . . . . . . 5 67 3.1. MSDP Configuration . . . . . . . . . . . . . . . . . . . 7 68 3.2. MSDP State . . . . . . . . . . . . . . . . . . . . . . . 7 69 3.3. MSDP RPC . . . . . . . . . . . . . . . . . . . . . . . . 7 70 4. MSDP YANG Model . . . . . . . . . . . . . . . . . . . . . . . 7 71 5. Security Considerations . . . . . . . . . . . . . . . . . . . 23 72 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 73 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 25 74 8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 25 75 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 25 76 9.1. Normative References . . . . . . . . . . . . . . . . . . 25 77 9.2. Informative References . . . . . . . . . . . . . . . . . 27 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28 80 1. Introduction 82 [RFC3618] introduces the protocol definition of MSDP. This document 83 defines a YANG data model that can be used to configure and manage 84 the MSDP protocol. The operational state data and statistics can 85 also be retrieved by this model. 87 This model is designed to be used along with other multicast YANG 88 models such as PIM, which are not covered in this document. 90 1.1. Terminology 92 The terminology for describing YANG data models is found in [RFC6020] 93 and [RFC7950], including: 95 o augment 96 o data model 98 o data node 100 o identity 102 o module 104 The following abbreviations are used in this document and the defined 105 model: 107 MSDP: Multicast Source Discovery Protocol [RFC3618]. 109 SA: Source-Active [RFC3618]. 111 1.2. Conventions Used in This Document 113 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 114 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 115 "OPTIONAL" in this document are to be interpreted as described in BCP 116 14 [RFC2119] [RFC8174] when, and only when, they appear in all 117 capitals, as shown here. 119 1.3. Tree Diagrams 121 Tree diagrams used in this document follow the notation defined in 122 [RFC8340]. 124 1.4. Prefixes in Data Node Names 126 In this document, names of data nodes, actions, and other data model 127 objects are often used without a prefix, as long as it is clear from 128 the context in which YANG module each name is defined. Otherwise, 129 names are prefixed using the standard prefix associated with the 130 corresponding YANG module, as shown in Table 1. 132 +-----------+--------------------+-----------+ 133 | Prefix | YANG module | Reference | 134 +-----------+--------------------+-----------+ 135 | yang | ietf-yang-types | [RFC6991] | 136 | | | | 137 | inet | ietf-inet-types | [RFC6991] | 138 | | | | 139 | rt | ietf-routing | [RFC8349] | 140 | | | | 141 | if | ietf-interfaces | [RFC8343] | 142 | | | | 143 | ip | ietf-ip | [RFC8344] | 144 | | | | 145 | key-chain | ietf-key-chain | [RFC8177] | 146 | | | | 147 | rt-types | ietf-routing-types | [RFC8294] | 148 +-----------+--------------------+-----------+ 150 Table 1 152 2. Design of the Data Model 154 2.1. Scope of Model 156 The model covers MSDP [RFC3618]. 158 This model can be used to configure and manage MSDP protocols. The 159 operational state data and statistics can be retrieved by this model. 160 Even though no protocol-specific notifications are defined in this 161 model, the subscription and push mechanism defined in [RFC8639] and 162 [RFC8641] can be implemented by the user to subscribe to 163 notifications on the data nodes in this model. 165 The model contains all the basic configuration parameters to operate 166 the protocol. Depending on the implementation choices, some systems 167 may not allow some of the advanced parameters to be configurable. 168 The occasionally implemented parameters are modeled as optional 169 features in this model. This model can be extended, and it has been 170 structured in a way that such extensions can be conveniently made. 172 2.2. Specification 174 The configuration data nodes cover global configuration attributes 175 and per peer configuration attributes. The state data nodes include 176 global, per peer, and source-active information. The container 177 "msdp" is the top level container in this data model. The presence 178 of this container is expected to enable MSDP protocol functionality. 179 No notification is defined in this model. 181 3. Module Structure 183 This model imports and augments ietf-routing YANG model defined in 184 [RFC8349]. Both configuration data nodes and state data nodes of 185 [RFC8349] are augmented. 187 The YANG data model defined in this document conforms to the Network 188 Management Datastore Architecture (NMDA) [RFC8342]. The operational 189 state data is combined with the associated configuration data in the 190 same hierarchy [RFC8407]. 192 module: ietf-msdp 193 augment /rt:routing/rt:control-plane-protocols: 194 +--rw msdp! 195 +--rw global 196 | +--rw tcp-connection-source? if:interface-ref 197 | +--rw default-peer* [peer-addr prefix-policy] 198 {global-default-peer, 199 global-default-peer-policy}? 200 | | +--rw peer-addr -> ../../../peers/peer/address 201 | | +--rw prefix-policy string 202 | +--rw originating-rp 203 | | +--rw interface? if:interface-ref 204 | +--rw sa-filter 205 | | +--rw in? string 206 | | +--rw out? string 207 | +--rw sa-limit? uint32 {global-sa-limit}? 208 | +--rw ttl-threshold? uint8 209 +--rw peers 210 | +--rw peer* [address] 211 | +--rw address inet:ipv4-address 212 | +--rw authentication 213 | | +--rw (authentication-type)? 214 | | +--:(key-chain) {peer-key-chain}? 215 | | | +--rw key-chain? key-chain:key-chain-ref 216 | | +--:(password) 217 | | +--rw key? string 218 | | +--rw crypto-algorithm? identityref 219 | +--rw enable? boolean {peer-admin-enable}? 220 | +--rw tcp-connection-source? if:interface-ref 221 | +--rw description? string {peer-description}? 222 | +--rw mesh-group? string 223 | +--rw peer-as? inet:as-number {peer-as}? 224 | +--rw sa-filter 225 | | +--rw in? string 226 | | +--rw out? string 227 | +--rw sa-limit? uint32 {peer-sa-limit}? 228 | +--rw timer 229 | | +--rw connect-retry-interval? uint16 230 | | +--rw holdtime-interval? uint16 231 | | +--rw keepalive-interval? uint16 232 | +--rw ttl-threshold? uint8 233 | +--ro session-state? enumeration 234 | +--ro elapsed-time? uint32 235 | +--ro connect-retry-expire? uint32 236 | +--ro hold-expire? uint16 237 | +--ro is-default-peer? boolean 238 | +--ro keepalive-expire? uint16 239 | +--ro reset-count? uint32 240 | +--ro statistics 241 | +--ro discontinuity-time? yang:date-and-time 242 | +--ro error 243 | | +--ro rpf-failure? uint32 244 | +--ro queue 245 | | +--ro size-in? uint32 246 | | +--ro size-out? uint32 247 | +--ro received 248 | | +--ro keepalive? yang:counter64 249 | | +--ro notification? yang:counter64 250 | | +--ro sa-message? yang:counter64 251 | | +--ro sa-response? yang:counter64 252 | | +--ro sa-request? yang:counter64 253 | | +--ro total? yang:counter64 254 | +--ro sent 255 | +--ro keepalive? yang:counter64 256 | +--ro notification? yang:counter64 257 | +--ro sa-message? yang:counter64 258 | +--ro sa-response? yang:counter64 259 | +--ro sa-request? yang:counter64 260 | +--ro total? yang:counter64 261 +--ro sa-cache 262 +--ro entry* [group source-addr] 263 +--ro group inet:ipv4-address 264 +--ro source-addr union 265 +--ro origin-rp* [rp-address] 266 | +--ro rp-address inet:ip-address 267 | +--ro is-local-rp? boolean 268 | +--ro sa-adv-expire? uint32 269 +--ro state-attributes 270 +--ro up-time? uint32 271 +--ro expire? uint32 272 +--ro holddown-interval? uint32 273 +--ro peer-learned-from? inet:ipv4-address 274 +--ro rpf-peer? inet:ipv4-address 276 rpcs: 278 +---x clear-peer 279 | +---w input 280 | +---w peer-address? inet:ipv4-address 281 +---x clear-sa-cache {rpc-clear-sa-cache}? 282 +---w input 283 +---w entry! 284 | +---w group rt-types:ipv4-multicast-group-address 285 | +---w source-addr? rt-types:ipv4-multicast-source-address 286 +---w peer-address? inet:ipv4-address 287 +---w peer-as? inet:as-number 289 3.1. MSDP Configuration 291 MSDP configurations require peer configurations. Several peers may 292 be configured in a mesh-group. The Source-Active information may be 293 filtered by peers. 295 The configuration modeling branch is composed of MSDP global and peer 296 configurations. The two parts are the most important parts of MSDP. 298 Besides the fundamental features of MSDP protocol, several optional 299 features are included in the model. These features help the control 300 of MSDP protocol. The peer features and SA features make the 301 deployment and control easier. The connection parameters can be used 302 to control the TCP connection because MSDP protocol is based on TCP. 303 The authentication features make the protocol more secure. The 304 filter features selectively allow operators to prevent SA information 305 from being forwarded to peers. 307 3.2. MSDP State 309 MSDP states are composed of MSDP global state, MSDP peer state, 310 statistics information and SA cache information. The statistics 311 information and SA cache information helps the operator to retrieve 312 the protocol condition. 314 3.3. MSDP RPC 316 The RPC part is used to define some useful and ordinary operations of 317 protocol management. Network manager can delete all the information 318 from a given peer by using the clear-peer rpc. And network manager 319 can delete a given SA cache information by clear-sa-cache rpc. 321 4. MSDP YANG Model 323 This module references [RFC6991], [RFC8349], [RFC8343], [RFC8344], 324 [RFC8177], [RFC4624], [RFC8294], [I-D.ietf-rtgwg-policy-model]. 326 file "ietf-msdp.yang" 327 module ietf-msdp { 329 yang-version 1.1; 331 namespace "urn:ietf:params:xml:ns:yang:ietf-msdp"; 332 prefix msdp; 334 import ietf-yang-types { 335 prefix "yang"; 336 reference "RFC6991"; 337 } 339 import ietf-inet-types { 340 prefix "inet"; 341 reference "RFC6991"; 342 } 344 import ietf-routing { 345 prefix "rt"; 346 reference "RFC8349"; 347 } 349 import ietf-interfaces { 350 prefix "if"; 351 reference "RFC8343"; 352 } 354 import ietf-ip { 355 prefix "ip"; 356 reference "RFC8344"; 357 } 359 import ietf-key-chain { 360 prefix "key-chain"; 361 reference "RFC8177"; 362 } 364 import ietf-routing-types { 365 prefix "rt-types"; 366 reference "RFC8294"; 367 } 369 organization 370 "IETF PIM(Protocols for IP Multicast) Working Group"; 372 contact 373 "WG Web: 374 WG List: 376 Editor: Xufeng Liu 377 379 Editor: Zheng Zhang 380 382 Editor: Anish Peter 383 385 Editor: Mahesh Sivakumar 386 388 Editor: Feng Guo 389 391 Editor: Pete McAllister 392 "; 394 description 395 "The module defines the YANG model definitions for MSDP 396 [RFC3618]. 398 Copyright (c) 2019 IETF Trust and the persons identified as 399 authors of the code. All rights reserved. 401 Redistribution and use in source and binary forms, with or 402 without modification, is permitted pursuant to, and subject to 403 the license terms contained in, the Simplified BSD License set 404 forth in Section 4.c of the IETF Trust's Legal Provisions 405 Relating to IETF Documents 406 (https://trustee.ietf.org/license-info). 408 This version of this YANG module is part of RFC XXXX 409 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 410 for full legal notices. 412 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 413 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 414 'MAY', and 'OPTIONAL' in this document are to be interpreted as 415 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 416 they appear in all capitals, as shown here."; 418 revision 2020-01-08 { 419 description 420 "Initial revision."; 421 reference 422 "RFC XXXX: A YANG Data Model for MSDP. 423 RFC 3618: Multicast Source Discovery Protocol (MSDP). 424 RFC 4624: Multicast Source Discovery Protocol (MSDP) MIB"; 425 } 427 /* 428 * Features 429 */ 430 feature global-tcp-connect-source { 431 description 432 "Support configuration of global tcp connect source."; 433 } 435 feature global-default-peer { 436 description 437 "Support configuration of global default peer."; 438 } 440 feature global-default-peer-policy { 441 description 442 "Support policy configuration of global default peer."; 443 } 445 feature global-sa-filter { 446 description 447 "Support configuration of global SA filter."; 448 } 450 feature global-sa-limit { 451 description 452 "Support configuration of global limit on SA entries."; 453 } 455 feature global-ttl-threshold { 456 description 457 "Support configuration of global TTL threshold."; 458 } 460 feature rpc-clear-sa-cache { 461 description 462 "Support the RPC to clear SA cache."; 463 } 465 feature peer-admin-enable { 466 description 467 "Support configuration of peer administrative enabling."; 468 } 469 feature peer-as { 470 description 471 "Support configuration of peer AS number."; 472 } 474 feature peer-tcp-connect-source { 475 description 476 "Support configuration of peer tcp connect source."; 477 } 479 feature peer-description { 480 description 481 "Support configuration of peer description."; 482 } 484 feature peer-key-chain { 485 description 486 "Support configuration of peer key-chain."; 487 } 489 feature peer-password { 490 description 491 "Support configuration of peer password."; 492 } 494 feature peer-sa-limit { 495 description 496 "Support configuration of per peer limit on SA entries."; 497 } 499 /* 500 * Groupings 501 */ 502 grouping authentication-container { 503 description 504 "Authentication attributes."; 505 container authentication { 506 description 507 "A container defining authentication attributes."; 508 choice authentication-type { 509 case key-chain { 510 if-feature peer-key-chain; 511 leaf key-chain { 512 type key-chain:key-chain-ref; 513 description 514 "Reference to a key-chain."; 515 } 516 } 517 case password { 518 leaf key { 519 type string; 520 description 521 "This leaf describes the authentication key."; 522 } 523 leaf crypto-algorithm { 524 type identityref { 525 base key-chain:crypto-algorithm; 526 } 527 description 528 "Cryptographic algorithm associated with key."; 529 } 530 } 531 description 532 "Choice of authentication."; 533 } 534 } 535 } // authentication-container 537 grouping tcp-connect-source { 538 description 539 "Attribute to configure peer TCP connection source."; 540 leaf tcp-connection-source { 541 type if:interface-ref; 542 must "/if:interfaces/if:interface[if:name = current()]/" 543 + "ip:ipv4" { 544 description 545 "The interface must have IPv4 enabled."; 546 } 547 description 548 "The interface is to be the source for the TCP 549 connection. It is a reference to an entry in the global 550 interface list."; 551 } 552 } // tcp-connection-source 554 grouping global-config-attributes { 555 description "Global MSDP configuration."; 557 uses tcp-connect-source { 558 if-feature global-tcp-connect-source; 559 } 560 list default-peer { 561 if-feature global-default-peer; 562 if-feature global-default-peer-policy; 563 key "peer-addr prefix-policy"; 564 description 565 "The default peer accepts all MSDP SA messages. 566 A default peer is needed in topologies where MSDP peers 567 do not coexist with BGP peers. The reverse path 568 forwarding (RPF) check on SA messages can fail, and no 569 SA messages are accepted. In these cases, you can configure 570 the peer as a default peer and bypass RPF checks."; 572 leaf peer-addr { 573 type leafref { 574 path "../../../peers/peer/address"; 575 } 576 mandatory true; 577 description 578 "Reference to a peer that is in the peer list."; 579 } 580 leaf prefix-policy { 581 type string; 582 description 583 "If specified, only those SA entries whose RP is 584 permitted in the prefix list are allowed; 585 if not specified, all SA messages from the default 586 peer are accepted."; 587 } 588 } // default-peer 590 container originating-rp { 591 description 592 "The container of Originating RP."; 593 leaf interface { 594 type if:interface-ref; 595 must "/if:interfaces/if:interface[if:name = current()]/" 596 + "ip:ipv4" { 597 description 598 "The interface must have IPv4 enabled."; 599 } 600 description 601 "Reference to an entry in the global interface 602 list. 603 IP address of the interface is used in the RP field of 604 an SA message entry. When Anycast RPs are used, all 605 RPs use the same IP address. This parameter can be 606 used to define a unique IP address for the RP of each 607 MSDP peer. 608 By default, the software uses the RP address of the 609 local system."; 610 } 611 } // originating-rp 612 uses sa-filter-container { 613 if-feature global-sa-filter; 614 } 615 leaf sa-limit { 616 if-feature global-sa-limit; 617 type uint32; 618 description 619 "A limit on the number of SA entries accepted. 620 By default, there is no limit."; 621 } 622 uses ttl-threshold { 623 if-feature global-ttl-threshold; 624 } 625 } // global-config-attributes 627 grouping peer-config-attributes { 628 description "Per peer configuration for MSDP."; 630 uses authentication-container; 631 leaf enable { 632 if-feature peer-admin-enable; 633 type boolean; 634 description 635 "'true' if peer is enabled; 636 'false' if peer is disabled."; 637 } 638 uses tcp-connect-source { 639 if-feature peer-tcp-connect-source; 640 } 641 leaf description { 642 if-feature peer-description; 643 type string; 644 description 645 "The peer description."; 646 } 647 leaf mesh-group { 648 type string; 649 description 650 "Configure this peer to be a member of a mesh group"; 651 } 652 leaf peer-as { 653 if-feature peer-as; 654 type inet:as-number; 655 description 656 "Peer's autonomous system number (ASN). Using peer-as to 657 do verification can provide more controlled ability."; 658 } 659 uses sa-filter-container; 660 leaf sa-limit { 661 if-feature peer-sa-limit; 662 type uint32; 663 description 664 "A limit on the number of SA entries accepted from this 665 peer. By default, there is no limit."; 666 } 667 container timer { 668 description "Timer attributes."; 669 leaf connect-retry-interval { 670 type uint16; 671 units seconds; 672 default 30; 673 description "Peer timer for connect-retry, 674 SHOULD be set to 30 seconds."; 675 } 676 leaf holdtime-interval { 677 type uint16 { 678 range "3..65535"; 679 } 680 units seconds; 681 must "(../keepalive-interval and . > ../keepalive-interval) 682 or "+"(not(../keepalive-interval) and . > 60)" { 683 error-message "The keep alive interval must be " 684 + "smaller than the hold time interval"; 685 } 686 default 75; 687 description "The SA hold down period of this MSDP peer."; 688 } 689 leaf keepalive-interval { 690 type uint16 { 691 range "1..65535"; 692 } 693 units seconds; 694 must "(../holdtime-interval and . < ../holdtime-interval) 695 or "+"(not(../holdtime-interval) and . < 75)" { 696 error-message "The keep alive interval must be " 697 + "smaller than the hold time interval"; 698 } 699 default 60; 700 description "The keepalive timer of this MSDP peer."; 701 } 702 } // timer 703 uses ttl-threshold; 704 } // peer-config-attributes 706 grouping peer-state-attributes { 707 description "Per peer state attributes for MSDP."; 708 leaf session-state { 709 type enumeration { 710 enum disabled { 711 description "Disabled."; 712 } 713 enum inactive { 714 description "Inactive."; 715 } 716 enum listen { 717 description "Listen."; 718 } 719 enum connecting { 720 description "Connecting."; 721 } 722 enum established { 723 description "Established."; 724 } 725 } 726 config false; 727 description 728 "Peer session state."; 729 reference 730 "RFC3618: Multicast Source Discovery Protocol (MSDP)."; 731 } 732 leaf elapsed-time { 733 type uint32; 734 units seconds; 735 config false; 736 description "Elapsed time for being in a state."; 737 } 738 leaf connect-retry-expire { 739 type uint32; 740 units seconds; 741 config false; 742 description "Connect retry expire time of peer connection."; 743 } 744 leaf hold-expire { 745 type uint16; 746 units seconds; 747 config false; 748 description "Hold expire time of peer connection."; 749 } 750 leaf is-default-peer { 751 type boolean; 752 config false; 753 description "If this peer is default peer."; 754 } 755 leaf keepalive-expire { 756 type uint16; 757 units seconds; 758 config false; 759 description "Keepalive expire time of this peer."; 760 } 761 leaf reset-count { 762 type uint32; 763 config false; 764 description "The reset count of this peer."; 765 } 767 container statistics { 768 config false; 769 description 770 "A container defining statistics attributes."; 772 leaf discontinuity-time { 773 type yang:date-and-time; 774 description 775 "The time on the most recent occasion at which any one 776 or more of the statistic counters suffered a 777 discontinuity. If no such discontinuities have occurred 778 since the last re-initialization of the local 779 management subsystem, then this node contains the time 780 the local management subsystem re-initialized itself."; 781 } 783 container error { 784 description 785 "A grouping defining error statistics attributes."; 786 leaf rpf-failure { 787 type uint32; 788 description "Number of RPF failures."; 789 } 790 } // statistics-error 792 container queue { 793 description 794 "A container includes queue statistics attributes."; 795 leaf size-in { 796 type uint32; 797 description 798 "The size of the input queue."; 799 } 800 leaf size-out { 801 type uint32; 802 description 803 "The size of the output queue."; 805 } 806 } // statistics-queue 808 container received { 809 description "Received message counters."; 810 uses statistics-sent-received; 811 } 812 container sent { 813 description "Sent message counters."; 814 uses statistics-sent-received; 815 } 816 } // statistics-container 817 } // peer-state-attributes 819 grouping sa-filter-container { 820 description "A container defining SA filters."; 821 container sa-filter { 822 description 823 "Specifies an access control list (ACL) to filter source 824 active (SA) messages coming in to or going out of the 825 peer."; 826 leaf in { 827 type string; 828 description 829 "Filters incoming SA messages only. 830 The string value is the name to uniquely identify a 831 policy that contains one or more policy rules used to 832 accept or reject MSDP SA messages. 833 If a policy is not specified, all MSDP SA messages are 834 accepted, the definition of such a policy is outside 835 the scope of this document."; 836 } 837 leaf out { 838 type string; 839 description 840 "Filters outgoing SA messages only. 841 The string value is the name to uniquely identify a 842 policy that contains one or more policy rules used to 843 accept or reject MSDP SA messages. 844 If a policy is not specified, all MSDP SA messages are 845 accepted, the definition of such a policy is outside 846 the scope of this document."; 847 } 848 } // sa-filter 849 } // sa-filter-container 851 grouping ttl-threshold { 852 description "Attribute to configure TTL threshold."; 853 leaf ttl-threshold { 854 type uint8 { 855 range 1..255; 856 } 857 description "Maximum number of hops data packets can 858 traverse before being dropped."; 859 } 860 } // sa-ttl-threshold 862 grouping statistics-sent-received { 863 description 864 "A grouping defining sent and received statistics attributes."; 865 leaf keepalive { 866 type yang:counter64; 867 description 868 "The number of keepalive messages."; 869 } 870 leaf notification { 871 type yang:counter64; 872 description 873 "The number of notification messages."; 874 } 875 leaf sa-message { 876 type yang:counter64; 877 description 878 "The number of SA messages."; 879 } 880 leaf sa-response { 881 type yang:counter64; 882 description 883 "The number of SA response messages."; 884 } 885 leaf sa-request { 886 type yang:counter64; 887 description 888 "The number of SA request messages."; 889 } 890 leaf total { 891 type yang:counter64; 892 description 893 "The number of total messages."; 894 } 895 } // statistics-sent-received 897 /* 898 * Data nodes 899 */ 900 augment "/rt:routing/rt:control-plane-protocols" { 901 description 902 "MSDP augmentation to routing instance. This augmentation 903 is only valid for a routing protocol instance of MSDP."; 905 container msdp { 906 presence "Container for MSDP protocol."; 907 description 908 "MSDP configuration data."; 910 container global { 911 description 912 "Global attributes."; 913 uses global-config-attributes; 914 } 916 container peers { 917 description 918 "Containing a list of peers."; 919 list peer { 920 key "address"; 921 description 922 "List of MSDP peers."; 923 leaf address { 924 type inet:ipv4-address; 925 description 926 "The address of peer"; 927 } 928 uses peer-config-attributes; 929 uses peer-state-attributes; 930 } // peer 931 } // peers 933 container sa-cache { 934 config false; 935 description 936 "The SA cache information."; 937 list entry { 938 key "group source-addr"; 939 description "A list of SA cache entries."; 940 leaf group { 941 type inet:ipv4-address; 942 description "The group address of this SA cache."; 943 } 944 leaf source-addr { 945 type union { 946 type enumeration { 947 enum '*' { 948 description "Any source address."; 950 } 951 } 952 type inet:ipv4-address; 953 } 954 description "Source IPv4 address."; 955 } 956 list origin-rp { 957 key "rp-address"; 958 description "Origin RP address."; 959 leaf rp-address { 960 type inet:ip-address; 961 description "The RP address."; 962 } 963 leaf is-local-rp { 964 type boolean; 965 description "The RP is local."; 966 } 967 leaf sa-adv-expire { 968 type uint32; 969 units seconds; 970 description 971 "The remaining time duration before expiration 972 of the periodic SA advertisement timer on a 973 local RP."; 974 } 975 } 977 container state-attributes { 978 description "SA cache state attributes for MSDP."; 980 leaf up-time { 981 type uint32; 982 units seconds; 983 description "The duration time of receiving this 984 SA cache."; 985 } 986 leaf expire { 987 type uint32; 988 units seconds; 989 description "The duration time since this SA cache 990 expires."; 991 } 992 leaf holddown-interval { 993 type uint32; 994 units seconds; 995 description "Hold-down timer value for SA 996 forwarding."; 997 } 998 leaf peer-learned-from { 999 type inet:ipv4-address; 1000 description 1001 "The address of the peer that we learned this 1002 SA from."; 1003 } 1004 leaf rpf-peer { 1005 type inet:ipv4-address; 1006 description 1007 "The address is used to find the SA's 1008 originating RP."; 1009 } 1010 } // sa-cache-state-attributes 1011 } // entry 1012 } // sa-cache 1013 } // msdp 1014 } // augment 1016 /* 1017 * RPCs 1018 */ 1019 rpc clear-peer { 1020 description 1021 "Clears the TCP connection to the peer."; 1022 input { 1023 leaf peer-address { 1024 type inet:ipv4-address; 1025 description 1026 "Address of peer to be cleared. If this is not 1027 provided then all peers are cleared."; 1028 } 1029 } 1030 } 1032 rpc clear-sa-cache { 1033 if-feature rpc-clear-sa-cache; 1034 description 1035 "Clears MSDP source active (SA) cache entries."; 1036 input { 1037 container entry { 1038 presence "If a particular entry is cleared."; 1039 description 1040 "The SA cache (S,G) or (*,G) entry to be cleared. If 1041 this is not provided, all entries are cleared."; 1042 leaf group { 1043 type rt-types:ipv4-multicast-group-address; 1044 mandatory true; 1045 description "The group address"; 1047 } 1048 leaf source-addr { 1049 type rt-types:ipv4-multicast-source-address; 1050 description 1051 "Address of multicast source to be cleared. If this 1052 is not provided then all entries related to the 1053 given group are cleared."; 1054 } 1055 } // s-g 1056 leaf peer-address { 1057 type inet:ipv4-address; 1058 description 1059 "Peer IP address from which MSDP SA cache entries have 1060 been learned. If this is not provided, entries learned 1061 from all peers are cleared."; 1062 } 1063 leaf peer-as { 1064 type inet:as-number; 1065 description 1066 "ASN from which MSDP SA cache entries have been learned. 1067 If this is not provided, entries learned from all AS's 1068 are cleared."; 1069 } 1070 } 1071 } 1072 } 1073 1075 5. Security Considerations 1077 The YANG module specified in this document defines a schema for data 1078 that is designed to be accessed via network management protocols such 1079 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1080 is the secure transport layer, and the mandatory-to-implement secure 1081 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 1082 is HTTPS, and the mandatory-to-implement secure transport is TLS 1083 [RFC8446]. 1085 The NETCONF access control model [RFC8341] provides the means to 1086 restrict access for particular NETCONF or RESTCONF users to a 1087 preconfigured subset of all available NETCONF or RESTCONF protocol 1088 operations and content. 1090 There are a number of data nodes defined in this YANG module that are 1091 writable/creatable/deletable (i.e., config true, which is the 1092 default). These data nodes may be considered sensitive or vulnerable 1093 in some network environments. Write operations (e.g., edit-config) 1094 to these data nodes without proper protection can have a negative 1095 effect on network operations. These are the subtrees and data nodes 1096 and their sensitivity/vulnerability: 1098 Under /rt:routing/rt:control-plane-protocols/msdp, 1100 msdp:global 1102 This subtree specifies the configuration for the MSDP attributes 1103 at the global level. Modifying the configuration can cause MSDP 1104 default peers to be deleted or reconstructed, and the SA's 1105 unexpected filtering. 1107 msdp:peers 1109 This subtree specifies the configuration for the MSDP attributes 1110 at the peer level. The modification configuration will allow the 1111 unexpected MSDP peer establishment and unexpected SA information 1112 learning and advertisement. 1114 The "password" field is also a sensitive readable configuration, 1115 the unauthorized reading function may lead to the password 1116 leaking. The modification will allow the unexpected peer 1117 reconstruction. 1119 Some of the readable data nodes in this YANG module may be considered 1120 sensitive or vulnerable in some network environments. It is thus 1121 important to control read access (e.g., via get, get-config, or 1122 notification) to these data nodes. These are the subtrees and data 1123 nodes and their sensitivity/vulnerability: 1125 /rt:routing/rt:control-plane-protocols/msdp, 1127 Unauthorized access to any data node of the above subtree can 1128 disclose the operational state information of MSDP on this device. 1130 Some of the RPC operations in this YANG module may be considered 1131 sensitive or vulnerable in some network environments. It is thus 1132 important to control access to these operations. These are the 1133 operations and their sensitivity/vulnerability: 1135 /rt:routing/rt:control-plane-protocols/msdp:clear-peer, 1137 /rt:routing/rt:control-plane-protocols/msdp:clear-sa-cache, 1139 Unauthorized access to any of the above action operations can 1140 reconstruct the MSDP peers or delete SA records on this device. 1142 6. IANA Considerations 1144 The IANA is requested to assign two new URIs from the IETF XML 1145 registry [RFC3688]. Authors are suggesting the following URI: 1147 URI: urn:ietf:params:xml:ns:yang:ietf-msdp 1149 Registrant Contact: PIM WG 1151 XML: N/A, the requested URI is an XML namespace 1153 This document also requests one new YANG module name in the YANG 1154 Module Names registry ([RFC6020]) with the following suggestion: 1156 name: ietf-msdp 1158 namespace: urn:ietf:params:xml:ns:yang:ietf-msdp 1160 prefix: msdp 1162 reference: RFC XXXX 1164 7. Contributors 1166 The authors would like to thank Yisong Liu (liuyisong@huawei.com), 1167 Benchong Xu (xu.benchong@zte.com.cn), Tanmoy Kundu 1168 (tanmoy.kundu@alcatel-lucent.com) for their valuable contributions. 1170 8. Acknowledgement 1172 The authors would like to thank Stig Venaas, Jake Holland for their 1173 valuable comments and suggestions. 1175 9. References 1177 9.1. Normative References 1179 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1180 Requirement Levels", BCP 14, RFC 2119, 1181 DOI 10.17487/RFC2119, March 1997, 1182 . 1184 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1185 DOI 10.17487/RFC3688, January 2004, 1186 . 1188 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1189 the Network Configuration Protocol (NETCONF)", RFC 6020, 1190 DOI 10.17487/RFC6020, October 2010, 1191 . 1193 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1194 and A. Bierman, Ed., "Network Configuration Protocol 1195 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1196 . 1198 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1199 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1200 . 1202 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1203 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1204 . 1206 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1207 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1208 . 1210 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1211 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1212 . 1214 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1215 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1216 May 2017, . 1218 [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. 1219 Zhang, "YANG Data Model for Key Chains", RFC 8177, 1220 DOI 10.17487/RFC8177, June 2017, 1221 . 1223 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 1224 "Common YANG Data Types for the Routing Area", RFC 8294, 1225 DOI 10.17487/RFC8294, December 2017, 1226 . 1228 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1229 Access Control Model", STD 91, RFC 8341, 1230 DOI 10.17487/RFC8341, March 2018, 1231 . 1233 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1234 and R. Wilton, "Network Management Datastore Architecture 1235 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1236 . 1238 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1239 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1240 . 1242 [RFC8344] Bjorklund, M., "A YANG Data Model for IP Management", 1243 RFC 8344, DOI 10.17487/RFC8344, March 2018, 1244 . 1246 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1247 Routing Management (NMDA Version)", RFC 8349, 1248 DOI 10.17487/RFC8349, March 2018, 1249 . 1251 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1252 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1253 . 1255 9.2. Informative References 1257 [I-D.ietf-rtgwg-policy-model] 1258 Qu, Y., Tantsura, J., Lindem, A., and X. Liu, "A YANG Data 1259 Model for Routing Policy Management", draft-ietf-rtgwg- 1260 policy-model-08 (work in progress), January 2020. 1262 [RFC3618] Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source 1263 Discovery Protocol (MSDP)", RFC 3618, 1264 DOI 10.17487/RFC3618, October 2003, 1265 . 1267 [RFC4624] Fenner, B. and D. Thaler, "Multicast Source Discovery 1268 Protocol (MSDP) MIB", RFC 4624, DOI 10.17487/RFC4624, 1269 October 2006, . 1271 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1272 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1273 . 1275 [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of 1276 Documents Containing YANG Data Models", BCP 216, RFC 8407, 1277 DOI 10.17487/RFC8407, October 2018, 1278 . 1280 [RFC8639] Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard, 1281 E., and A. Tripathy, "Subscription to YANG Notifications", 1282 RFC 8639, DOI 10.17487/RFC8639, September 2019, 1283 . 1285 [RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications 1286 for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641, 1287 September 2019, . 1289 Authors' Addresses 1291 Xufeng Liu 1292 Volta Networks 1294 Email: xufeng.liu.ietf@gmail.com 1296 Zheng Zhang (editor) 1297 ZTE Corporation 1298 No. 50 Software Ave, Yuhuatai Distinct 1299 Nanjing 1300 China 1302 Email: zzhang_ietf@hotmail.com 1304 Anish Peter 1305 Individual contributor 1307 Email: anish.ietf@gmail.com 1309 Mahesh Sivakumar 1310 Juniper networks 1311 1133 Innovation Way 1312 Sunnyvale, CALIFORNIA 94089 1313 USA 1315 Email: sivakumar.mahesh@gmail.com 1317 Feng Guo 1318 Huawei Technologies 1319 Huawei Bld., No.156 Beiqing Rd. 1320 Beijing 100095 1321 China 1323 Email: guofeng@huawei.com 1324 Pete McAllister 1325 Metaswitch Networks 1326 100 Church Street 1327 Enfield EN2 6BQ 1328 UK 1330 Email: pete.mcallister@metaswitch.com