idnits 2.17.1 draft-ietf-pim-msdp-yang-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 11, 2020) is 1567 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Experimental RFC: RFC 3618 == Outdated reference: A later version (-31) exists of draft-ietf-rtgwg-policy-model-08 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PIM WG X. Liu 3 Internet-Draft Volta Networks 4 Intended status: Standards Track Z. Zhang, Ed. 5 Expires: July 14, 2020 ZTE Corporation 6 A. Peter 7 Individual contributor 8 M. Sivakumar 9 Juniper networks 10 F. Guo 11 Huawei Technologies 12 P. McAllister 13 Metaswitch Networks 14 January 11, 2020 16 A YANG Data Model for Multicast Source Discovery Protocol (MSDP) 17 draft-ietf-pim-msdp-yang-08 19 Abstract 21 This document defines a YANG data model for the configuration and 22 management of Multicast Source Discovery Protocol (MSDP) Protocol. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on July 14, 2020. 41 Copyright Notice 43 Copyright (c) 2020 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 60 1.2. Conventions Used in This Document . . . . . . . . . . . . 3 61 1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 62 1.4. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 63 2. Design of the Data Model . . . . . . . . . . . . . . . . . . 4 64 2.1. Scope of Model . . . . . . . . . . . . . . . . . . . . . 4 65 2.2. Specification . . . . . . . . . . . . . . . . . . . . . . 4 66 3. Module Structure . . . . . . . . . . . . . . . . . . . . . . 5 67 3.1. MSDP Configuration . . . . . . . . . . . . . . . . . . . 7 68 3.2. MSDP State . . . . . . . . . . . . . . . . . . . . . . . 7 69 3.3. MSDP RPC . . . . . . . . . . . . . . . . . . . . . . . . 7 70 4. MSDP YANG Model . . . . . . . . . . . . . . . . . . . . . . . 7 71 5. Security Considerations . . . . . . . . . . . . . . . . . . . 23 72 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 73 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 25 74 8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 25 75 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 25 76 9.1. Normative References . . . . . . . . . . . . . . . . . . 25 77 9.2. Informative References . . . . . . . . . . . . . . . . . 27 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28 80 1. Introduction 82 [RFC3618] introduces the protocol definition of MSDP. This document 83 defines a YANG data model that can be used to configure and manage 84 the MSDP protocol. The operational state data and statistics can 85 also be retrieved by this model. 87 This model is designed to be used along with other multicast YANG 88 models such as PIM [I-D.ietf-pim-yang], which are not covered in this 89 document. 91 1.1. Terminology 93 The terminology for describing YANG data models is found in [RFC6020] 94 and [RFC7950], including: 96 o augment 97 o data model 99 o data node 101 o identity 103 o module 105 The following abbreviations are used in this document and the defined 106 model: 108 MSDP: Multicast Source Discovery Protocol [RFC3618]. 110 SA: Source-Active [RFC3618]. 112 1.2. Conventions Used in This Document 114 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 115 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 116 "OPTIONAL" in this document are to be interpreted as described in BCP 117 14 [RFC2119] [RFC8174] when, and only when, they appear in all 118 capitals, as shown here. 120 1.3. Tree Diagrams 122 Tree diagrams used in this document follow the notation defined in 123 [RFC8340]. 125 1.4. Prefixes in Data Node Names 127 In this document, names of data nodes, actions, and other data model 128 objects are often used without a prefix, as long as it is clear from 129 the context in which YANG module each name is defined. Otherwise, 130 names are prefixed using the standard prefix associated with the 131 corresponding YANG module, as shown in Table 1. 133 +-----------+--------------------+-----------+ 134 | Prefix | YANG module | Reference | 135 +-----------+--------------------+-----------+ 136 | yang | ietf-yang-types | [RFC6991] | 137 | | | | 138 | inet | ietf-inet-types | [RFC6991] | 139 | | | | 140 | rt | ietf-routing | [RFC8349] | 141 | | | | 142 | if | ietf-interfaces | [RFC8343] | 143 | | | | 144 | ip | ietf-ip | [RFC8344] | 145 | | | | 146 | key-chain | ietf-key-chain | [RFC8177] | 147 | | | | 148 | rt-types | ietf-routing-types | [RFC8294] | 149 +-----------+--------------------+-----------+ 151 Table 1 153 2. Design of the Data Model 155 2.1. Scope of Model 157 The model covers MSDP [RFC3618]. 159 This model can be used to configure and manage MSDP protocols. The 160 operational state data and statistics can be retrieved by this model. 161 Even though no protocol-specific notifications are defined in this 162 model, the subscription and push mechanism defined in [RFC8639] and 163 [RFC8641] can be implemented by the user to subscribe to 164 notifications on the data nodes in this model. 166 The model contains all the basic configuration parameters to operate 167 the protocol. Depending on the implementation choices, some systems 168 may not allow some of the advanced parameters to be configurable. 169 The occasionally implemented parameters are modeled as optional 170 features in this model. This model can be extended, and it has been 171 structured in a way that such extensions can be conveniently made. 173 2.2. Specification 175 The configuration data nodes cover global configuration attributes 176 and per peer configuration attributes. The state data nodes include 177 global, per peer, and source-active information. The container 178 "msdp" is the top level container in this data model. The presence 179 of this container is expected to enable MSDP protocol functionality. 180 No notification is defined in this model. 182 3. Module Structure 184 This model imports and augments the ietf-routing YANG model defined 185 in [RFC8349]. Both configuration data nodes and state data nodes of 186 [RFC8349] are augmented. 188 The YANG data model defined in this document conforms to the Network 189 Management Datastore Architecture (NMDA) [RFC8342]. The operational 190 state data is combined with the associated configuration data in the 191 same hierarchy [RFC8407]. 193 module: ietf-msdp 194 augment /rt:routing/rt:control-plane-protocols: 195 +--rw msdp! 196 +--rw global 197 | +--rw tcp-connection-source? if:interface-ref 198 | +--rw default-peer* [peer-addr prefix-policy] 199 {global-default-peer, 200 global-default-peer-policy}? 201 | | +--rw peer-addr -> ../../../peers/peer/address 202 | | +--rw prefix-policy string 203 | +--rw originating-rp 204 | | +--rw interface? if:interface-ref 205 | +--rw sa-filter 206 | | +--rw in? string 207 | | +--rw out? string 208 | +--rw sa-limit? uint32 {global-sa-limit}? 209 | +--rw ttl-threshold? uint8 210 +--rw peers 211 | +--rw peer* [address] 212 | +--rw address inet:ipv4-address 213 | +--rw authentication 214 | | +--rw (authentication-type)? 215 | | +--:(key-chain) {peer-key-chain}? 216 | | | +--rw key-chain? key-chain:key-chain-ref 217 | | +--:(password) 218 | | +--rw key? string 219 | | +--rw crypto-algorithm? identityref 220 | +--rw enable? boolean {peer-admin-enable}? 221 | +--rw tcp-connection-source? if:interface-ref 222 | +--rw description? string {peer-description}? 223 | +--rw mesh-group? string 224 | +--rw peer-as? inet:as-number {peer-as}? 225 | +--rw sa-filter 226 | | +--rw in? string 227 | | +--rw out? string 228 | +--rw sa-limit? uint32 {peer-sa-limit}? 229 | +--rw timer 230 | | +--rw connect-retry-interval? uint16 231 | | +--rw holdtime-interval? uint16 232 | | +--rw keepalive-interval? uint16 233 | +--rw ttl-threshold? uint8 234 | +--ro session-state? enumeration 235 | +--ro elapsed-time? uint32 236 | +--ro connect-retry-expire? uint32 237 | +--ro hold-expire? uint16 238 | +--ro is-default-peer? boolean 239 | +--ro keepalive-expire? uint16 240 | +--ro reset-count? uint32 241 | +--ro statistics 242 | +--ro discontinuity-time? yang:date-and-time 243 | +--ro error 244 | | +--ro rpf-failure? uint32 245 | +--ro queue 246 | | +--ro size-in? uint32 247 | | +--ro size-out? uint32 248 | +--ro received 249 | | +--ro keepalive? yang:counter64 250 | | +--ro notification? yang:counter64 251 | | +--ro sa-message? yang:counter64 252 | | +--ro sa-response? yang:counter64 253 | | +--ro sa-request? yang:counter64 254 | | +--ro total? yang:counter64 255 | +--ro sent 256 | +--ro keepalive? yang:counter64 257 | +--ro notification? yang:counter64 258 | +--ro sa-message? yang:counter64 259 | +--ro sa-response? yang:counter64 260 | +--ro sa-request? yang:counter64 261 | +--ro total? yang:counter64 262 +--ro sa-cache 263 +--ro entry* [group source-addr] 264 +--ro group inet:ipv4-address 265 +--ro source-addr union 266 +--ro origin-rp* [rp-address] 267 | +--ro rp-address inet:ip-address 268 | +--ro is-local-rp? boolean 269 | +--ro sa-adv-expire? uint32 270 +--ro state-attributes 271 +--ro up-time? uint32 272 +--ro expire? uint32 273 +--ro holddown-interval? uint32 274 +--ro peer-learned-from? inet:ipv4-address 275 +--ro rpf-peer? inet:ipv4-address 277 rpcs: 279 +---x clear-peer 280 | +---w input 281 | +---w peer-address? inet:ipv4-address 282 +---x clear-sa-cache {rpc-clear-sa-cache}? 283 +---w input 284 +---w entry! 285 | +---w group rt-types:ipv4-multicast-group-address 286 | +---w source-addr? rt-types:ipv4-multicast-source-address 287 +---w peer-address? inet:ipv4-address 288 +---w peer-as? inet:as-number 290 3.1. MSDP Configuration 292 MSDP configurations require peer configurations. Several peers may 293 be configured in a mesh-group. The Source-Active information may be 294 filtered by peers. 296 The configuration modeling branch is composed of MSDP global and peer 297 configurations. The two parts are the most important parts of MSDP. 299 Besides the fundamental features of MSDP protocol, several optional 300 features are included in the model. These features help the control 301 of MSDP protocol. The peer features and SA features make the 302 deployment and control easier. The connection parameters can be used 303 to control the TCP connection because MSDP protocol is based on TCP. 304 The authentication features make the protocol more secure. The 305 filter features selectively allow operators to prevent SA information 306 from being forwarded to peers. 308 3.2. MSDP State 310 MSDP states are composed of MSDP global state, MSDP peer state, 311 statistics information and SA cache information. The statistics 312 information and SA cache information helps the operator to retrieve 313 the protocol condition. 315 3.3. MSDP RPC 317 The RPC part is used to define some useful and ordinary operations of 318 protocol management. Network managers can delete all the information 319 from a given peer by using the clear-peer rpc. And network managers 320 can delete a given SA cache information by clear-sa-cache rpc. 322 4. MSDP YANG Model 324 This module references [RFC6991], [RFC8349], [RFC8343], [RFC8344], 325 [RFC8177], [RFC3618], [RFC8294], [I-D.ietf-rtgwg-policy-model]. 327 file "ietf-msdp@2020-01-08.yang" 328 module ietf-msdp { 330 yang-version 1.1; 332 namespace "urn:ietf:params:xml:ns:yang:ietf-msdp"; 333 prefix msdp; 335 import ietf-yang-types { 336 prefix "yang"; 337 reference "RFC6991"; 338 } 340 import ietf-inet-types { 341 prefix "inet"; 342 reference "RFC6991"; 343 } 345 import ietf-routing { 346 prefix "rt"; 347 reference "RFC8349"; 348 } 350 import ietf-interfaces { 351 prefix "if"; 352 reference "RFC8343"; 353 } 355 import ietf-ip { 356 prefix "ip"; 357 reference "RFC8344"; 358 } 360 import ietf-key-chain { 361 prefix "key-chain"; 362 reference "RFC8177"; 363 } 365 import ietf-routing-types { 366 prefix "rt-types"; 367 reference "RFC8294"; 368 } 370 organization 371 "IETF PIM (Protocols for IP Multicast) Working Group"; 373 contact 374 "WG Web: 375 WG List: 377 Editor: Xufeng Liu 378 380 Editor: Zheng Zhang 381 383 Editor: Anish Peter 384 386 Editor: Mahesh Sivakumar 387 389 Editor: Feng Guo 390 392 Editor: Pete McAllister 393 "; 395 description 396 "The module defines the YANG model definitions for MSDP 397 [RFC3618]. 399 Copyright (c) 2019 IETF Trust and the persons identified as 400 authors of the code. All rights reserved. 402 Redistribution and use in source and binary forms, with or 403 without modification, is permitted pursuant to, and subject to 404 the license terms contained in, the Simplified BSD License set 405 forth in Section 4.c of the IETF Trust's Legal Provisions 406 Relating to IETF Documents 407 (https://trustee.ietf.org/license-info). 409 This version of this YANG module is part of RFC XXXX 410 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 411 for full legal notices. 413 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 414 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 415 'MAY', and 'OPTIONAL' in this document are to be interpreted as 416 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 417 they appear in all capitals, as shown here."; 419 revision 2020-01-08 { 420 description 421 "Initial revision."; 422 reference 423 "RFC XXXX: A YANG Data Model for MSDP."; 424 } 426 /* 427 * Features 428 */ 429 feature global-tcp-connect-source { 430 description 431 "Support configuration of global tcp connect source."; 432 } 434 feature global-default-peer { 435 description 436 "Support configuration of global default peer."; 437 } 439 feature global-default-peer-policy { 440 description 441 "Support policy configuration of global default peer."; 442 } 444 feature global-sa-filter { 445 description 446 "Support configuration of global SA filter."; 447 } 449 feature global-sa-limit { 450 description 451 "Support configuration of global limit on SA entries."; 452 } 454 feature global-ttl-threshold { 455 description 456 "Support configuration of global TTL threshold."; 457 } 459 feature rpc-clear-sa-cache { 460 description 461 "Support the RPC to clear SA cache."; 462 } 464 feature peer-admin-enable { 465 description 466 "Support configuration of peer administrative enabling."; 467 } 469 feature peer-as { 470 description 471 "Support configuration of peer AS number."; 472 } 474 feature peer-tcp-connect-source { 475 description 476 "Support configuration of peer tcp connect source."; 477 } 479 feature peer-description { 480 description 481 "Support configuration of peer description."; 482 } 484 feature peer-key-chain { 485 description 486 "Support configuration of peer key-chain."; 487 } 489 feature peer-password { 490 description 491 "Support configuration of peer password."; 492 } 494 feature peer-sa-limit { 495 description 496 "Support configuration of per peer limit on SA entries."; 497 } 499 /* 500 * Groupings 501 */ 502 grouping authentication-container { 503 description 504 "Authentication attributes."; 505 container authentication { 506 description 507 "A container defining authentication attributes."; 508 choice authentication-type { 509 case key-chain { 510 if-feature peer-key-chain; 511 leaf key-chain { 512 type key-chain:key-chain-ref; 513 description 514 "Reference to a key-chain. The key-chain model is 515 defined in RFC8177."; 516 } 517 } 518 case password { 519 leaf key { 520 type string; 521 description 522 "This leaf describes the authentication key."; 523 } 524 leaf crypto-algorithm { 525 type identityref { 526 base key-chain:crypto-algorithm; 527 } 528 description 529 "Cryptographic algorithm associated with key."; 530 } 531 } 532 description 533 "Choice of authentication."; 534 } 535 } 536 } // authentication-container 538 grouping tcp-connect-source { 539 description 540 "Attribute to configure peer TCP connection source."; 541 leaf tcp-connection-source { 542 type if:interface-ref; 543 must "/if:interfaces/if:interface[if:name = current()]/" 544 + "ip:ipv4" { 545 description 546 "The interface must have IPv4 enabled."; 547 } 548 description 549 "The interface is to be the source for the TCP 550 connection. It is a reference to an entry in the global 551 interface list."; 552 } 553 } // tcp-connection-source 555 grouping global-config-attributes { 556 description "Global MSDP configuration."; 558 uses tcp-connect-source { 559 if-feature global-tcp-connect-source; 560 } 561 list default-peer { 562 if-feature global-default-peer; 563 if-feature global-default-peer-policy; 564 key "peer-addr prefix-policy"; 566 description 567 "The default peer accepts all MSDP SA messages. 568 A default peer is needed in topologies where MSDP peers 569 do not coexist with BGP peers. The reverse path 570 forwarding (RPF) check on SA messages can fail, and no 571 SA messages are accepted. In these cases, you can configure 572 the peer as a default peer and bypass RPF checks."; 574 leaf peer-addr { 575 type leafref { 576 path "../../../peers/peer/address"; 577 } 578 mandatory true; 579 description 580 "Reference to a peer that is in the peer list."; 581 } 582 leaf prefix-policy { 583 type string; 584 description 585 "If specified, only those SA entries whose RP is 586 permitted in the prefix list are allowed; 587 if not specified, all SA messages from the default 588 peer are accepted. 589 The according policy model is defined in 590 'ietf-rtgwg-policy-model'."; 591 } 592 } // default-peer 594 container originating-rp { 595 description 596 "The container of Originating RP."; 597 leaf interface { 598 type if:interface-ref; 599 must "/if:interfaces/if:interface[if:name = current()]/" 600 + "ip:ipv4" { 601 description 602 "The interface must have IPv4 enabled."; 603 } 604 description 605 "Reference to an entry in the global interface 606 list. 607 IP address of the interface used in the RP field of 608 an SA message entry. When Anycast RPs are used, all 609 RPs use the same IP address. This parameter can be 610 used to define a unique IP address for the RP of each 611 MSDP peer. 612 By default, the software uses the RP address of the 613 local system."; 614 } 616 } // originating-rp 618 uses sa-filter-container { 619 if-feature global-sa-filter; 620 } 621 leaf sa-limit { 622 if-feature global-sa-limit; 623 type uint32; 624 description 625 "A limit on the number of SA entries accepted. 626 By default, there is no limit."; 627 } 628 uses ttl-threshold { 629 if-feature global-ttl-threshold; 630 } 631 } // global-config-attributes 633 grouping peer-config-attributes { 634 description "Per peer configuration for MSDP."; 636 uses authentication-container; 637 leaf enable { 638 if-feature peer-admin-enable; 639 type boolean; 640 description 641 "'true' if peer is enabled; 642 'false' if peer is disabled."; 643 } 644 uses tcp-connect-source { 645 if-feature peer-tcp-connect-source; 646 } 647 leaf description { 648 if-feature peer-description; 649 type string; 650 description 651 "The peer description."; 652 } 653 leaf mesh-group { 654 type string; 655 description 656 "Configure this peer to be a member of a mesh group"; 657 } 658 leaf peer-as { 659 if-feature peer-as; 660 type inet:as-number; 661 description 662 "Peer's autonomous system number (ASN). Using peer-as to 663 do verification can provide more controlled ability."; 665 } 666 uses sa-filter-container; 667 leaf sa-limit { 668 if-feature peer-sa-limit; 669 type uint32; 670 description 671 "A limit on the number of SA entries accepted from this 672 peer. By default, there is no limit."; 673 } 674 container timer { 675 description "Timer attributes."; 676 leaf connect-retry-interval { 677 type uint16; 678 units seconds; 679 default 30; 680 description "Peer timer for connect-retry, 681 SHOULD be set to 30 seconds."; 682 } 683 leaf holdtime-interval { 684 type uint16 { 685 range "3..65535"; 686 } 687 units seconds; 688 must "(../keepalive-interval and . > ../keepalive-interval) 689 or "+"(not(../keepalive-interval) and . > 60)" { 690 error-message "The keep alive interval must be " 691 + "smaller than the hold time interval"; 692 } 693 default 75; 694 description "The SA hold down period of this MSDP peer."; 695 } 696 leaf keepalive-interval { 697 type uint16 { 698 range "1..65535"; 699 } 700 units seconds; 701 must "(../holdtime-interval and . < ../holdtime-interval) 702 or "+"(not(../holdtime-interval) and . < 75)" { 703 error-message "The keep alive interval must be " 704 + "smaller than the hold time interval"; 705 } 706 default 60; 707 description "The keepalive timer of this MSDP peer."; 708 } 709 } // timer 710 uses ttl-threshold; 711 } // peer-config-attributes 712 grouping peer-state-attributes { 713 description "Per peer state attributes for MSDP."; 715 leaf session-state { 716 type enumeration { 717 enum disabled { 718 description "Disabled."; 719 } 720 enum inactive { 721 description "Inactive."; 722 } 723 enum listen { 724 description "Listen."; 725 } 726 enum connecting { 727 description "Connecting."; 728 } 729 enum established { 730 description "Established."; 731 } 732 } 733 config false; 734 description 735 "Peer session state."; 736 reference 737 "RFC3618: Multicast Source Discovery Protocol (MSDP)."; 738 } 739 leaf elapsed-time { 740 type uint32; 741 units seconds; 742 config false; 743 description "Elapsed time for being in a state."; 744 } 745 leaf connect-retry-expire { 746 type uint32; 747 units seconds; 748 config false; 749 description "Connect retry expire time of peer connection."; 750 } 751 leaf hold-expire { 752 type uint16; 753 units seconds; 754 config false; 755 description "Hold expire time of peer connection."; 756 } 757 leaf is-default-peer { 758 type boolean; 759 config false; 760 description "'true' if this peer is a default peer."; 761 } 762 leaf keepalive-expire { 763 type uint16; 764 units seconds; 765 config false; 766 description "Keepalive expire time of this peer."; 767 } 768 leaf reset-count { 769 type uint32; 770 config false; 771 description "The reset count of this peer."; 772 } 774 container statistics { 775 config false; 776 description 777 "A container defining statistics attributes."; 779 leaf discontinuity-time { 780 type yang:date-and-time; 781 description 782 "The time on the most recent occasion at which any one 783 or more of the statistic counters suffered a 784 discontinuity. If no such discontinuities have occurred 785 since the last re-initialization of the local 786 management subsystem, then this node contains the time 787 the local management subsystem re-initialized itself."; 788 } 790 container error { 791 description 792 "A grouping defining error statistics attributes."; 793 leaf rpf-failure { 794 type uint32; 795 description "Number of RPF failures."; 796 } 797 } // statistics-error 799 container queue { 800 description 801 "A container includes queue statistics attributes."; 802 leaf size-in { 803 type uint32; 804 description 805 "The size of the input queue."; 806 } 807 leaf size-out { 808 type uint32; 809 description 810 "The size of the output queue."; 811 } 812 } // statistics-queue 814 container received { 815 description "Received message counters."; 816 uses statistics-sent-received; 817 } 818 container sent { 819 description "Sent message counters."; 820 uses statistics-sent-received; 821 } 822 } // statistics-container 823 } // peer-state-attributes 825 grouping sa-filter-container { 826 description "A container defining SA filters."; 827 container sa-filter { 828 description 829 "Specifies an access control list (ACL) to filter source 830 active (SA) messages coming in to or going out of the 831 peer."; 832 leaf in { 833 type string; 834 description 835 "Filters incoming SA messages only. 836 The string value is the name to uniquely identify a 837 policy that contains one or more policy rules used to 838 accept or reject MSDP SA messages. 839 If a policy is not specified, all MSDP SA messages are 840 accepted, the definition of such a policy is outside 841 the scope of this document. 842 The according policy model is defined in 843 'ietf-rtgwg-policy-model'."; 844 } 845 leaf out { 846 type string; 847 description 848 "Filters outgoing SA messages only. 849 The string value is the name to uniquely identify a 850 policy that contains one or more policy rules used to 851 accept or reject MSDP SA messages. 852 If a policy is not specified, all MSDP SA messages are 853 accepted, the definition of such a policy is outside 854 the scope of this document. 855 The according policy model is defined in 856 'ietf-rtgwg-policy-model'."; 857 } 858 } // sa-filter 859 } // sa-filter-container 861 grouping ttl-threshold { 862 description "Attribute to configure TTL threshold."; 863 leaf ttl-threshold { 864 type uint8 { 865 range 1..255; 866 } 867 description "Maximum number of hops data packets can 868 traverse before being dropped."; 869 } 870 } // ttl-threshold 872 grouping statistics-sent-received { 873 description 874 "A grouping defining sent and received statistics attributes."; 875 leaf keepalive { 876 type yang:counter64; 877 description 878 "The number of keepalive messages."; 879 } 880 leaf notification { 881 type yang:counter64; 882 description 883 "The number of notification messages."; 884 } 885 leaf sa-message { 886 type yang:counter64; 887 description 888 "The number of SA messages."; 889 } 890 leaf sa-response { 891 type yang:counter64; 892 description 893 "The number of SA response messages."; 894 } 895 leaf sa-request { 896 type yang:counter64; 897 description 898 "The number of SA request messages."; 899 } 900 leaf total { 901 type yang:counter64; 902 description 903 "The number of total messages."; 905 } 906 } // statistics-sent-received 908 /* 909 * Data nodes 910 */ 911 augment "/rt:routing/rt:control-plane-protocols" { 912 description 913 "MSDP augmentation to routing instance. This augmentation 914 is only valid for a routing protocol instance of MSDP."; 916 container msdp { 917 presence "Container for MSDP protocol."; 918 description 919 "MSDP configuration data."; 921 container global { 922 description 923 "Global attributes."; 924 uses global-config-attributes; 925 } 927 container peers { 928 description 929 "Containing a list of peers."; 930 list peer { 931 key "address"; 932 description 933 "List of MSDP peers."; 934 leaf address { 935 type inet:ipv4-address; 936 description 937 "The address of the peer"; 938 } 939 uses peer-config-attributes; 940 uses peer-state-attributes; 941 } // peer 942 } // peers 944 container sa-cache { 945 config false; 946 description 947 "The SA cache information."; 948 list entry { 949 key "group source-addr"; 950 description "A list of SA cache entries."; 951 leaf group { 952 type inet:ipv4-address; 953 description "The group address of this SA cache."; 954 } 955 leaf source-addr { 956 type union { 957 type enumeration { 958 enum '*' { 959 description "Any source address."; 960 } 961 } 962 type inet:ipv4-address; 963 } 964 description "Source IPv4 address."; 965 } 966 list origin-rp { 967 key "rp-address"; 968 description "Origin RP address."; 969 leaf rp-address { 970 type inet:ip-address; 971 description "The RP address."; 972 } 973 leaf is-local-rp { 974 type boolean; 975 description "The RP is local."; 976 } 977 leaf sa-adv-expire { 978 type uint32; 979 units seconds; 980 description 981 "The remaining time duration before expiration 982 of the periodic SA advertisement timer on a 983 local RP."; 984 } 985 } 987 container state-attributes { 988 description "SA cache state attributes for MSDP."; 990 leaf up-time { 991 type uint32; 992 units seconds; 993 description "The duration time of receiving this 994 SA cache."; 995 } 996 leaf expire { 997 type uint32; 998 units seconds; 999 description "The duration time since this SA cache 1000 expires."; 1002 } 1003 leaf holddown-interval { 1004 type uint32; 1005 units seconds; 1006 description "Hold-down timer value for SA 1007 forwarding."; 1008 } 1009 leaf peer-learned-from { 1010 type inet:ipv4-address; 1011 description 1012 "The address of the peer that we learned this 1013 SA from."; 1014 } 1015 leaf rpf-peer { 1016 type inet:ipv4-address; 1017 description 1018 "The address is used to find the SA's 1019 originating RP."; 1020 } 1021 } // sa-cache-state-attributes 1022 } // entry 1023 } // sa-cache 1024 } // msdp 1025 } // augment 1027 /* 1028 * RPCs 1029 */ 1030 rpc clear-peer { 1031 description 1032 "Clears the TCP connection to the peer."; 1033 input { 1034 leaf peer-address { 1035 type inet:ipv4-address; 1036 description 1037 "Address of peer to be cleared. If this is not 1038 provided then all peers are cleared."; 1039 } 1040 } 1041 } 1043 rpc clear-sa-cache { 1044 if-feature rpc-clear-sa-cache; 1045 description 1046 "Clears MSDP source active (SA) cache entries."; 1047 input { 1048 container entry { 1049 presence "If a particular entry is cleared."; 1050 description 1051 "The SA cache (S,G) or (*,G) entry to be cleared. If 1052 this is not provided, all entries are cleared."; 1053 leaf group { 1054 type rt-types:ipv4-multicast-group-address; 1055 mandatory true; 1056 description "The group address"; 1057 } 1058 leaf source-addr { 1059 type rt-types:ipv4-multicast-source-address; 1060 description 1061 "Address of multicast source to be cleared. If this 1062 is not provided then all entries related to the 1063 given group are cleared."; 1064 } 1065 } // s-g 1066 leaf peer-address { 1067 type inet:ipv4-address; 1068 description 1069 "Peer IP address from which MSDP SA cache entries have 1070 been learned. If this is not provided, entries learned 1071 from all peers are cleared."; 1072 } 1073 leaf peer-as { 1074 type inet:as-number; 1075 description 1076 "ASN from which MSDP SA cache entries have been learned. 1077 If this is not provided, entries learned from all AS's 1078 are cleared."; 1079 } 1080 } 1081 } 1082 } 1083 1085 5. Security Considerations 1087 The YANG module specified in this document defines a schema for data 1088 that is designed to be accessed via network management protocols such 1089 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1090 is the secure transport layer, and the mandatory-to-implement secure 1091 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 1092 is HTTPS, and the mandatory-to-implement secure transport is TLS 1093 [RFC8446]. 1095 The NETCONF access control model [RFC8341] provides the means to 1096 restrict access for particular NETCONF or RESTCONF users to a 1097 preconfigured subset of all available NETCONF or RESTCONF protocol 1098 operations and content. 1100 There are a number of data nodes defined in this YANG module that are 1101 writable/creatable/deletable (i.e., config true, which is the 1102 default). These data nodes may be considered sensitive or vulnerable 1103 in some network environments. Write operations (e.g., edit-config) 1104 to these data nodes without proper protection can have a negative 1105 effect on network operations. These are the subtrees and data nodes 1106 and their sensitivity/vulnerability: 1108 Under /rt:routing/rt:control-plane-protocols/msdp, 1110 msdp:global 1112 This subtree specifies the configuration for the MSDP attributes 1113 at the global level. Modifying the configuration can cause MSDP 1114 default peers to be deleted or reconstructed, and the SA's 1115 unexpected filtering. 1117 msdp:peers 1119 This subtree specifies the configuration for the MSDP attributes 1120 at the peer level. The modification configuration will allow the 1121 unexpected MSDP peer establishment and unexpected SA information 1122 learning and advertisement. 1124 The "password" field is also a sensitive readable configuration, 1125 the unauthorized reading function may lead to the password 1126 leaking. The modification will allow the unexpected peer 1127 reconstruction. 1129 Some of the readable data nodes in this YANG module may be considered 1130 sensitive or vulnerable in some network environments. It is thus 1131 important to control read access (e.g., via get, get-config, or 1132 notification) to these data nodes. These are the subtrees and data 1133 nodes and their sensitivity/vulnerability: 1135 /rt:routing/rt:control-plane-protocols/msdp, 1137 Unauthorized access to any data node of the above subtree can 1138 disclose the operational state information of MSDP on this device. 1140 Some of the RPC operations in this YANG module may be considered 1141 sensitive or vulnerable in some network environments. It is thus 1142 important to control access to these operations. These are the 1143 operations and their sensitivity/vulnerability: 1145 /rt:routing/rt:control-plane-protocols/msdp:clear-peer, 1147 /rt:routing/rt:control-plane-protocols/msdp:clear-sa-cache, 1149 Unauthorized access to any of the above action operations can 1150 reconstruct the MSDP peers or delete SA records on this device. 1152 6. IANA Considerations 1154 The IANA is requested to assign two new URIs from the IETF XML 1155 registry [RFC3688]. Authors are suggesting the following URI: 1157 URI: urn:ietf:params:xml:ns:yang:ietf-msdp 1159 Registrant Contact: The IESG 1161 XML: N/A, the requested URI is an XML namespace 1163 This document also requests one new YANG module name in the YANG 1164 Module Names registry [RFC6020] with the following suggestion: 1166 name: ietf-msdp 1168 namespace: urn:ietf:params:xml:ns:yang:ietf-msdp 1170 prefix: msdp 1172 reference: RFC XXXX 1174 7. Contributors 1176 The authors would like to thank Yisong Liu (liuyisong@huawei.com), 1177 Benchong Xu (xu.benchong@zte.com.cn), Tanmoy Kundu 1178 (tanmoy.kundu@alcatel-lucent.com) for their valuable contributions. 1180 8. Acknowledgement 1182 The authors would like to thank Stig Venaas, Jake Holland for their 1183 valuable comments and suggestions. 1185 9. References 1187 9.1. Normative References 1189 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1190 Requirement Levels", BCP 14, RFC 2119, 1191 DOI 10.17487/RFC2119, March 1997, 1192 . 1194 [RFC3618] Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source 1195 Discovery Protocol (MSDP)", RFC 3618, 1196 DOI 10.17487/RFC3618, October 2003, 1197 . 1199 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1200 DOI 10.17487/RFC3688, January 2004, 1201 . 1203 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1204 the Network Configuration Protocol (NETCONF)", RFC 6020, 1205 DOI 10.17487/RFC6020, October 2010, 1206 . 1208 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1209 and A. Bierman, Ed., "Network Configuration Protocol 1210 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1211 . 1213 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1214 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1215 . 1217 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1218 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1219 . 1221 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1222 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1223 . 1225 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1226 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1227 . 1229 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1230 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1231 May 2017, . 1233 [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. 1234 Zhang, "YANG Data Model for Key Chains", RFC 8177, 1235 DOI 10.17487/RFC8177, June 2017, 1236 . 1238 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 1239 "Common YANG Data Types for the Routing Area", RFC 8294, 1240 DOI 10.17487/RFC8294, December 2017, 1241 . 1243 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1244 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1245 . 1247 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1248 Access Control Model", STD 91, RFC 8341, 1249 DOI 10.17487/RFC8341, March 2018, 1250 . 1252 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1253 and R. Wilton, "Network Management Datastore Architecture 1254 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1255 . 1257 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1258 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1259 . 1261 [RFC8344] Bjorklund, M., "A YANG Data Model for IP Management", 1262 RFC 8344, DOI 10.17487/RFC8344, March 2018, 1263 . 1265 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1266 Routing Management (NMDA Version)", RFC 8349, 1267 DOI 10.17487/RFC8349, March 2018, 1268 . 1270 [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of 1271 Documents Containing YANG Data Models", BCP 216, RFC 8407, 1272 DOI 10.17487/RFC8407, October 2018, 1273 . 1275 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1276 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1277 . 1279 9.2. Informative References 1281 [I-D.ietf-pim-yang] 1282 Liu, X., McAllister, P., Peter, A., Sivakumar, M., Liu, 1283 Y., and f. hu, "A YANG Data Model for Protocol Independent 1284 Multicast (PIM)", draft-ietf-pim-yang-17 (work in 1285 progress), May 2018. 1287 [I-D.ietf-rtgwg-policy-model] 1288 Qu, Y., Tantsura, J., Lindem, A., and X. Liu, "A YANG Data 1289 Model for Routing Policy Management", draft-ietf-rtgwg- 1290 policy-model-08 (work in progress), January 2020. 1292 [RFC8639] Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard, 1293 E., and A. Tripathy, "Subscription to YANG Notifications", 1294 RFC 8639, DOI 10.17487/RFC8639, September 2019, 1295 . 1297 [RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications 1298 for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641, 1299 September 2019, . 1301 Authors' Addresses 1303 Xufeng Liu 1304 Volta Networks 1306 Email: xufeng.liu.ietf@gmail.com 1308 Zheng Zhang (editor) 1309 ZTE Corporation 1310 No. 50 Software Ave, Yuhuatai Distinct 1311 Nanjing 1312 China 1314 Email: zzhang_ietf@hotmail.com 1316 Anish Peter 1317 Individual contributor 1319 Email: anish.ietf@gmail.com 1321 Mahesh Sivakumar 1322 Juniper networks 1323 1133 Innovation Way 1324 Sunnyvale, CALIFORNIA 94089 1325 USA 1327 Email: sivakumar.mahesh@gmail.com 1329 Feng Guo 1330 Huawei Technologies 1331 Huawei Bld., No.156 Beiqing Rd. 1332 Beijing 100095 1333 China 1335 Email: guofeng@huawei.com 1336 Pete McAllister 1337 Metaswitch Networks 1338 100 Church Street 1339 Enfield EN2 6BQ 1340 UK 1342 Email: pete.mcallister@metaswitch.com