idnits 2.17.1 draft-ietf-pim-msdp-yang-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (January 23, 2020) is 1548 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Experimental RFC: RFC 3618 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PIM WG X. Liu 3 Internet-Draft Volta Networks 4 Intended status: Standards Track Z. Zhang, Ed. 5 Expires: July 26, 2020 ZTE Corporation 6 A. Peter 7 Individual contributor 8 M. Sivakumar 9 Juniper networks 10 F. Guo 11 Huawei Technologies 12 P. McAllister 13 Metaswitch Networks 14 January 23, 2020 16 A YANG Data Model for Multicast Source Discovery Protocol (MSDP) 17 draft-ietf-pim-msdp-yang-12 19 Abstract 21 This document defines a YANG data model for the configuration and 22 management of Multicast Source Discovery Protocol (MSDP) Protocol. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on July 26, 2020. 41 Copyright Notice 43 Copyright (c) 2020 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 60 1.2. Conventions Used in This Document . . . . . . . . . . . . 3 61 1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 62 1.4. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 63 2. Design of the Data Model . . . . . . . . . . . . . . . . . . 4 64 2.1. Scope of Model . . . . . . . . . . . . . . . . . . . . . 4 65 2.2. Specification . . . . . . . . . . . . . . . . . . . . . . 4 66 3. Module Structure . . . . . . . . . . . . . . . . . . . . . . 5 67 3.1. MSDP Configuration . . . . . . . . . . . . . . . . . . . 7 68 3.2. MSDP State . . . . . . . . . . . . . . . . . . . . . . . 7 69 3.3. MSDP RPC . . . . . . . . . . . . . . . . . . . . . . . . 8 70 4. MSDP YANG Model . . . . . . . . . . . . . . . . . . . . . . . 8 71 5. Security Considerations . . . . . . . . . . . . . . . . . . . 25 72 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 73 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 27 74 8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 27 75 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 76 9.1. Normative References . . . . . . . . . . . . . . . . . . 27 77 9.2. Informative References . . . . . . . . . . . . . . . . . 29 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 80 1. Introduction 82 [RFC3618] introduces the protocol definition of MSDP. This document 83 defines a YANG data model that can be used to configure and manage 84 the MSDP protocol. The operational state data and statistics can 85 also be retrieved by this model. 87 This model is designed to be used along with other multicast YANG 88 models such as PIM [I-D.ietf-pim-yang], which are not covered in this 89 document. 91 1.1. Terminology 93 The terminology for describing YANG data models is found in [RFC6020] 94 and [RFC7950], including: 96 o augment 97 o data model 99 o data node 101 o identity 103 o module 105 The following abbreviations are used in this document and the defined 106 model: 108 MSDP: Multicast Source Discovery Protocol [RFC3618]. 110 SA: Source-Active [RFC3618]. 112 1.2. Conventions Used in This Document 114 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 115 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 116 "OPTIONAL" in this document are to be interpreted as described in BCP 117 14 [RFC2119] [RFC8174] when, and only when, they appear in all 118 capitals, as shown here. 120 1.3. Tree Diagrams 122 Tree diagrams used in this document follow the notation defined in 123 [RFC8340]. 125 1.4. Prefixes in Data Node Names 127 In this document, names of data nodes, actions, and other data model 128 objects are often used without a prefix, as long as it is clear from 129 the context in which YANG module each name is defined. Otherwise, 130 names are prefixed using the standard prefix associated with the 131 corresponding YANG module, as shown in Table 1. 133 +-----------+--------------------------+-----------+ 134 | Prefix | YANG module | Reference | 135 +-----------+--------------------------+-----------+ 136 | yang | ietf-yang-types | [RFC6991] | 137 | | | | 138 | inet | ietf-inet-types | [RFC6991] | 139 | | | | 140 | rt | ietf-routing | [RFC8349] | 141 | | | | 142 | if | ietf-interfaces | [RFC8343] | 143 | | | | 144 | ip | ietf-ip | [RFC8344] | 145 | | | | 146 | key-chain | ietf-key-chain | [RFC8177] | 147 | | | | 148 | rt-types | ietf-routing-types | [RFC8294] | 149 | | | | 150 | acl | ietf-access-control-list | [RFC8519] | 151 +-----------+--------------------------+-----------+ 153 Table 1 155 2. Design of the Data Model 157 2.1. Scope of Model 159 The model covers MSDP [RFC3618]. 161 This model can be used to configure and manage MSDP protocols. The 162 operational state data and statistics can be retrieved by this model. 163 Even though no protocol-specific notifications are defined in this 164 model, the subscription and push mechanism defined in [RFC8639] and 165 [RFC8641] can be implemented by the user to subscribe to 166 notifications on the data nodes in this model. 168 The model contains all the basic configuration parameters to operate 169 the protocol. Depending on the implementation choices, some systems 170 may not allow some of the advanced parameters to be configurable. 171 The occasionally implemented parameters are modeled as optional 172 features in this model. This model can be extended, and it has been 173 structured in a way that such extensions can be conveniently made. 175 2.2. Specification 177 The configuration data nodes cover global configuration attributes 178 and per peer configuration attributes. The state data nodes include 179 global, per peer, and source-active information. The container 180 "msdp" is the top level container in this data model. The presence 181 of this container is expected to enable MSDP protocol functionality. 182 No notification is defined in this model. 184 3. Module Structure 186 This model imports and augments the ietf-routing YANG model defined 187 in [RFC8349]. Both configuration data nodes and state data nodes of 188 [RFC8349] are augmented. 190 The YANG data model defined in this document conforms to the Network 191 Management Datastore Architecture (NMDA) [RFC8342]. The operational 192 state data is combined with the associated configuration data in the 193 same hierarchy [RFC8407]. 195 module: ietf-msdp 196 augment /rt:routing/rt:control-plane-protocols 197 /rt:control-plane-protocol: 198 +--rw msdp! 199 +--rw global 200 | +--rw tcp-connection-source? if:interface-ref 201 {global-tcp-connect-source}? 202 | +--rw default-peer* [peer-addr prefix-policy] 203 {global-default-peer, 204 global-default-peer-policy}? 205 | | +--rw peer-addr -> ../../../peers/peer/address 206 | | +--rw prefix-policy -> /acl:acls/acl/name 207 | +--rw originating-rp 208 | | +--rw interface? if:interface-ref 209 | +--rw sa-filter {global-sa-filter}? 210 | | +--rw in? -> /acl:acls/acl/name 211 | | +--rw out? -> /acl:acls/acl/name 212 | +--rw sa-limit? uint32 {global-sa-limit}? 213 | +--rw ttl-threshold? uint8 {global-ttl-threshold}? 214 +--rw peers 215 | +--rw peer* [address] 216 | +--rw address inet:ipv4-address 217 | +--rw authentication 218 | | +--rw (authentication-type)? 219 | | +--:(key-chain) {peer-key-chain}? 220 | | | +--rw key-chain? key-chain:key-chain-ref 221 | | +--:(password) 222 | | +--rw key? string 223 | | +--rw crypto-algorithm? identityref 224 | +--rw enable? boolean {peer-admin-enable}? 225 | +--rw tcp-connection-source? if:interface-ref 226 {peer-tcp-connect-source}? 227 | +--rw description? string {peer-description}? 228 | +--rw mesh-group? string 229 | +--rw peer-as? inet:as-number {peer-as}? 230 | +--rw sa-filter 231 | | +--rw in? -> /acl:acls/acl/name 232 | | +--rw out? -> /acl:acls/acl/name 233 | +--rw sa-limit? uint32 {peer-sa-limit}? 234 | +--rw timer 235 | | +--rw connect-retry-interval? uint16 236 | | +--rw holdtime-interval? uint16 237 | | +--rw keepalive-interval? uint16 238 | +--rw ttl-threshold? uint8 239 | +--ro session-state? enumeration 240 | +--ro elapsed-time? uint32 241 | +--ro connect-retry-expire? uint32 242 | +--ro hold-expire? uint16 243 | +--ro is-default-peer? boolean 244 | +--ro keepalive-expire? uint16 245 | +--ro reset-count? uint32 246 | +--ro statistics 247 | +--ro discontinuity-time? yang:date-and-time 248 | +--ro error 249 | | +--ro rpf-failure? uint32 250 | +--ro queue 251 | | +--ro size-in? uint32 252 | | +--ro size-out? uint32 253 | +--ro received 254 | | +--ro keepalive? yang:counter64 255 | | +--ro notification? yang:counter64 256 | | +--ro sa-message? yang:counter64 257 | | +--ro sa-response? yang:counter64 258 | | +--ro sa-request? yang:counter64 259 | | +--ro total? yang:counter64 260 | +--ro sent 261 | +--ro keepalive? yang:counter64 262 | +--ro notification? yang:counter64 263 | +--ro sa-message? yang:counter64 264 | +--ro sa-response? yang:counter64 265 | +--ro sa-request? yang:counter64 266 | +--ro total? yang:counter64 267 +--ro sa-cache 268 +--ro entry* [group source-addr] 269 +--ro group inet:ipv4-address 270 +--ro source-addr union 271 +--ro origin-rp* [rp-address] 272 | +--ro rp-address inet:ip-address 273 | +--ro is-local-rp? boolean 274 | +--ro sa-adv-expire? uint32 275 +--ro state-attributes 276 +--ro up-time? uint32 277 +--ro expire? uint32 278 +--ro holddown-interval? uint32 279 +--ro peer-learned-from? inet:ipv4-address 280 +--ro rpf-peer? inet:ipv4-address 282 rpcs: 283 +---x clear-peer 284 | +---w input 285 | +---w (peer) 286 | +--:(peer-address) 287 | | +---w peer-address? inet:ipv4-address 288 | +--:(all) 289 | +---w all-peers? empty 290 +---x clear-sa-cache {rpc-clear-sa-cache}? 291 +---w input 292 +---w entry! 293 | +---w group rt-types:ipv4-multicast-group-address 294 | +---w source-addr? rt-types:ipv4-multicast-source-address 295 +---w peer-address? inet:ipv4-address 296 +---w peer-as? inet:as-number 298 3.1. MSDP Configuration 300 MSDP configurations require peer configurations. Several peers may 301 be configured in a mesh-group. The Source-Active information may be 302 filtered by peers. 304 The configuration modeling branch is composed of MSDP global and peer 305 configurations. The two parts are the most important parts of MSDP. 307 Besides the fundamental features of MSDP protocol, several optional 308 features are included in the model. These features help the control 309 of MSDP protocol. The peer features and SA features make the 310 deployment and control easier. The connection parameters can be used 311 to control the TCP connection because MSDP protocol is based on TCP. 312 The authentication features make the protocol more secure. The 313 filter features selectively allow operators to prevent SA information 314 from being forwarded to peers. 316 3.2. MSDP State 318 MSDP states are composed of MSDP global state, MSDP peer state, 319 statistics information and SA cache information. The statistics 320 information and SA cache information helps the operator to retrieve 321 the protocol condition. 323 3.3. MSDP RPC 325 The RPC part is used to define some useful and ordinary operations of 326 protocol management. Network managers can delete all the information 327 from a given peer by using the clear-peer rpc. And network managers 328 can delete a given SA cache information by clear-sa-cache rpc. 330 4. MSDP YANG Model 332 This module references [RFC3618], [RFC6991], [RFC8177], [RFC8343], 333 [RFC8344], [RFC8349], [RFC8294], [RFC8519]. 335 file "ietf-msdp@2020-01-24.yang" 336 module ietf-msdp { 338 yang-version 1.1; 340 namespace "urn:ietf:params:xml:ns:yang:ietf-msdp"; 341 prefix msdp; 343 import ietf-yang-types { 344 prefix "yang"; 345 reference "RFC 6991: Common YANG Data Types"; 346 } 348 import ietf-inet-types { 349 prefix "inet"; 350 reference "RFC 6991: Common YANG Data Types"; 351 } 353 import ietf-routing { 354 prefix "rt"; 355 reference "RFC 8349: A YANG Data Model for Routing Management 356 (NMDA Version)"; 357 } 359 import ietf-interfaces { 360 prefix "if"; 361 reference "RFC 8343: A YANG Data Model for Interface Management"; 362 } 364 import ietf-ip { 365 prefix "ip"; 366 reference "RFC 8344: A YANG Data Model for IP Management"; 367 } 369 import ietf-key-chain { 370 prefix "key-chain"; 371 reference "RFC 8177: YANG Data Model for Key Chains"; 372 } 374 import ietf-routing-types { 375 prefix "rt-types"; 376 reference "RFC 8294: Common YANG Data Types for the Routing 377 Area"; 378 } 380 import ietf-access-control-list { 381 prefix acl; 382 reference 383 "RFC 8519: YANG Data Model for Network Access Control Lists 384 (ACLs)"; 385 } 387 organization 388 "IETF PIM (Protocols for IP Multicast) Working Group"; 390 contact 391 "WG Web: 392 WG List: 394 Editor: Xufeng Liu 395 397 Editor: Zheng Zhang 398 400 Editor: Anish Peter 401 403 Editor: Mahesh Sivakumar 404 406 Editor: Feng Guo 407 409 Editor: Pete McAllister 410 "; 412 description 413 "The module defines the YANG model definitions for 414 Multicast Source Discovery Protocol (MSDP). 416 Copyright (c) 2020 IETF Trust and the persons identified as 417 authors of the code. All rights reserved. 419 Redistribution and use in source and binary forms, with or 420 without modification, is permitted pursuant to, and subject 421 to the license terms contained in, the Simplified BSD 422 License set forth in Section 4.c of the IETF Trust's Legal 423 Provisions Relating to IETF Documents 424 (https://trustee.ietf.org/license-info). 426 This version of this YANG module is part of RFC XXXX 427 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC 428 itself for full legal notices. 430 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 431 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 432 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 433 are to be interpreted as described in BCP 14 (RFC 2119) 434 (RFC 8174) when, and only when, they appear in all 435 capitals, as shown here."; 437 revision 2020-01-24 { 438 description 439 "Initial revision."; 440 reference 441 "RFC XXXX: A YANG Data Model for MSDP."; 442 } 444 /* 445 * Features 446 */ 447 feature feature-msdp { 448 description 449 "Support MSDP protocol for IPv4 multicast source discovery."; 450 reference 451 "RFC 3618: Multicast Source Discovery Protocol (MSDP)"; 452 } 454 feature global-tcp-connect-source { 455 description 456 "Support configuration of global tcp connect source."; 457 } 459 feature global-default-peer { 460 description 461 "Support configuration of global default peer."; 462 } 464 feature global-default-peer-policy { 465 description 466 "Support policy configuration of global default peer."; 468 reference 469 "RFC 8519: YANG Data Model for Network Access Control 470 Lists (ACLs)"; 471 } 473 feature global-sa-filter { 474 description 475 "Support configuration of global SA filter."; 476 } 478 feature global-sa-limit { 479 description 480 "Support configuration of global limit on SA entries."; 481 } 483 feature global-ttl-threshold { 484 description 485 "Support configuration of global TTL threshold."; 486 } 488 feature rpc-clear-sa-cache { 489 description 490 "Support the RPC to clear SA cache."; 491 } 493 feature peer-admin-enable { 494 description 495 "Support configuration of peer administrative enabling."; 496 } 498 feature peer-as { 499 description 500 "Support configuration of peer AS number."; 501 } 503 feature peer-tcp-connect-source { 504 description 505 "Support configuration of peer tcp connect source."; 506 } 508 feature peer-description { 509 description 510 "Support configuration of peer description."; 511 } 513 feature peer-key-chain { 514 description 515 "Support configuration of peer key-chain."; 517 reference 518 "RFC 8177: YANG Data Model for Key Chains."; 519 } 521 feature peer-sa-limit { 522 description 523 "Support configuration of per peer limit on SA entries."; 524 } 526 /* 527 * Identities 528 */ 530 identity msdp { 531 if-feature "feature-msdp"; 532 base rt:control-plane-protocol; 533 description "Identity for the Multicast Source Discovery 534 Protocol (MSDP)."; 535 } 537 /* 538 * Groupings 539 */ 540 grouping authentication-container { 541 description 542 "Authentication attributes."; 543 container authentication { 544 description 545 "A container defining authentication attributes."; 546 choice authentication-type { 547 case key-chain { 548 if-feature peer-key-chain; 549 leaf key-chain { 550 type key-chain:key-chain-ref; 551 description 552 "Reference to a key-chain."; 553 reference 554 "RFC 8177: YANG Data Model for Key Chains."; 555 } 556 } 557 case password { 558 leaf key { 559 type string; 560 description 561 "This leaf describes the authentication key."; 562 reference 563 "RFC 8177: YANG Data Model for Key Chains."; 564 } 565 leaf crypto-algorithm { 566 type identityref { 567 base key-chain:crypto-algorithm; 568 } 569 description 570 "Cryptographic algorithm associated with key."; 571 reference 572 "RFC 8177: YANG Data Model for Key Chains."; 573 } 574 } 575 description 576 "Choice of authentication."; 577 } 578 } 579 } // authentication-container 581 grouping tcp-connect-source { 582 description 583 "Attribute to configure peer TCP connection source."; 584 leaf tcp-connection-source { 585 type if:interface-ref; 586 must "/if:interfaces/if:interface[if:name = current()]/" 587 + "ip:ipv4" { 588 error-message "The interface must have IPv4 enabled."; 589 description 590 "The interface must have IPv4 enabled."; 591 } 592 description 593 "The interface is to be the source for the TCP 594 connection. It is a reference to an entry in the global 595 interface list."; 596 } 597 } // tcp-connection-source 599 grouping global-config-attributes { 600 description "Global MSDP configuration."; 602 uses tcp-connect-source { 603 if-feature global-tcp-connect-source; 604 } 605 list default-peer { 606 if-feature global-default-peer; 607 if-feature global-default-peer-policy; 608 key "peer-addr prefix-policy"; 610 description 611 "The default peer accepts all MSDP SA messages. 612 A default peer is needed in topologies where MSDP peers 613 do not coexist with BGP peers. The reverse path 614 forwarding (RPF) check on SA messages can fail, and no 615 SA messages are accepted. In these cases, you can configure 616 the peer as a default peer and bypass RPF checks."; 618 leaf peer-addr { 619 type leafref { 620 path "../../../peers/peer/address"; 621 } 622 mandatory true; 623 description 624 "Reference to a peer that is in the peer list."; 625 } 626 leaf prefix-policy { 627 type leafref { 628 path "/acl:acls/acl:acl/acl:name"; 629 } 630 description 631 "If specified, only those SA entries whose RP is 632 permitted in the prefix list are allowed; 633 if not specified, all SA messages from the default 634 peer are accepted."; 635 reference 636 "RFC 8519: YANG Data Model for Network Access Control 637 Lists (ACLs)"; 638 } 639 } // default-peer 641 container originating-rp { 642 description 643 "The container of Originating RP."; 644 leaf interface { 645 type if:interface-ref; 646 must "/if:interfaces/if:interface[if:name = current()]/" 647 + "ip:ipv4" { 648 description 649 "The interface must have IPv4 enabled."; 650 } 651 description 652 "Reference to an entry in the global interface 653 list. 654 IP address of the interface used in the RP field of 655 an SA message entry. When Anycast RPs are used, all 656 RPs use the same IP address. This parameter can be 657 used to define a unique IP address for the RP of each 658 MSDP peer. 659 By default, the software uses the RP address of the 660 local system."; 662 } 663 } // originating-rp 665 uses sa-filter-container { 666 if-feature global-sa-filter; 667 } 668 leaf sa-limit { 669 if-feature global-sa-limit; 670 type uint32; 671 description 672 "A limit on the number of SA entries accepted. 673 By default, there is no limit."; 674 } 675 uses ttl-threshold { 676 if-feature global-ttl-threshold; 677 } 678 } // global-config-attributes 680 grouping peer-config-attributes { 681 description "Per peer configuration for MSDP."; 683 uses authentication-container; 684 leaf enable { 685 if-feature peer-admin-enable; 686 type boolean; 687 description 688 "'true' if peer is enabled; 689 'false' if peer is disabled."; 690 } 691 uses tcp-connect-source { 692 if-feature peer-tcp-connect-source; 693 } 694 leaf description { 695 if-feature peer-description; 696 type string; 697 description 698 "The peer description."; 699 } 700 leaf mesh-group { 701 type string; 702 description 703 "Configure this peer to be a member of a mesh group"; 704 } 705 leaf peer-as { 706 if-feature peer-as; 707 type inet:as-number; 708 description 709 "Peer's autonomous system number (ASN). Using peer-as to 710 do verification can provide more controlled ability."; 711 } 712 uses sa-filter-container; 713 leaf sa-limit { 714 if-feature peer-sa-limit; 715 type uint32; 716 description 717 "A limit on the number of SA entries accepted from this 718 peer. By default, there is no limit."; 719 } 720 container timer { 721 description "Timer attributes."; 722 leaf connect-retry-interval { 723 type uint16; 724 units seconds; 725 default 30; 726 description "Peer timer for connect-retry. 727 By default, MSDP peers wait 30 seconds after 728 session is reset."; 729 } 730 leaf holdtime-interval { 731 type uint16 { 732 range "3..65535"; 733 } 734 units seconds; 735 must "(../keepalive-interval and . > ../keepalive-interval) 736 or "+"(not(../keepalive-interval) and . > 60)" { 737 error-message "The keep alive interval must be " 738 + "smaller than the hold time interval"; 739 } 740 default 75; 741 description "The SA hold down period of this MSDP peer."; 742 } 743 leaf keepalive-interval { 744 type uint16 { 745 range "1..65535"; 746 } 747 units seconds; 748 must "(../holdtime-interval and . < ../holdtime-interval) 749 or "+"(not(../holdtime-interval) and . < 75)" { 750 error-message "The keep alive interval must be " 751 + "smaller than the hold time interval"; 752 } 753 default 60; 754 description "The keepalive timer of this MSDP peer."; 755 } 756 } // timer 757 uses ttl-threshold; 759 } // peer-config-attributes 761 grouping peer-state-attributes { 762 description "Per peer state attributes for MSDP."; 764 leaf session-state { 765 type enumeration { 766 enum disabled { 767 description "Disabled."; 768 } 769 enum inactive { 770 description "Inactive."; 771 } 772 enum listen { 773 description "Listen."; 774 } 775 enum connecting { 776 description "Connecting."; 777 } 778 enum established { 779 description "Established."; 780 } 781 } 782 config false; 783 description 784 "Peer session state."; 785 reference 786 "RFC 3618: Multicast Source Discovery Protocol (MSDP)."; 787 } 788 leaf elapsed-time { 789 type uint32; 790 units seconds; 791 config false; 792 description "Elapsed time for being in a state."; 793 } 794 leaf connect-retry-expire { 795 type uint32; 796 units seconds; 797 config false; 798 description "Connect retry expire time of peer connection."; 799 } 800 leaf hold-expire { 801 type uint16; 802 units seconds; 803 config false; 804 description "Hold expire time of peer connection."; 805 } 806 leaf is-default-peer { 807 type boolean; 808 config false; 809 description "'true' if this peer is a default peer."; 810 } 811 leaf keepalive-expire { 812 type uint16; 813 units seconds; 814 config false; 815 description "Keepalive expire time of this peer."; 816 } 817 leaf reset-count { 818 type uint32; 819 config false; 820 description "The reset count of this peer."; 821 } 823 container statistics { 824 config false; 825 description 826 "A container defining statistics attributes."; 828 leaf discontinuity-time { 829 type yang:date-and-time; 830 description 831 "The time on the most recent occasion at which any one 832 or more of the statistic counters suffered a 833 discontinuity. If no such discontinuities have occurred 834 since the last re-initialization of the local 835 management subsystem, then this node contains the time 836 the local management subsystem re-initialized itself."; 837 } 839 container error { 840 description 841 "A grouping defining error statistics attributes."; 842 leaf rpf-failure { 843 type uint32; 844 description "Number of RPF failures."; 845 } 846 } // statistics-error 848 container queue { 849 description 850 "A container includes queue statistics attributes."; 851 leaf size-in { 852 type uint32; 853 description 854 "The size of the input queue."; 856 } 857 leaf size-out { 858 type uint32; 859 description 860 "The size of the output queue."; 861 } 862 } // statistics-queue 864 container received { 865 description "Received message counters."; 866 uses statistics-sent-received; 867 } 868 container sent { 869 description "Sent message counters."; 870 uses statistics-sent-received; 871 } 872 } // statistics-container 873 } // peer-state-attributes 875 grouping sa-filter-container { 876 description "A container defining SA filters."; 877 container sa-filter { 878 description 879 "Specifies an access control list (ACL) to filter source 880 active (SA) messages coming in to or going out of the 881 peer."; 882 leaf in { 883 type leafref { 884 path "/acl:acls/acl:acl/acl:name"; 885 } 886 description 887 "Filters incoming SA messages only. 888 The value is the name to uniquely identify a 889 policy that contains one or more rules used to 890 accept or reject MSDP SA messages. 891 If the policy is not specified, all MSDP SA messages are 892 accepted."; 893 reference 894 "RFC 8519: YANG Data Model for Network Access Control 895 Lists (ACLs)"; 896 } 897 leaf out { 898 type leafref { 899 path "/acl:acls/acl:acl/acl:name"; 900 } 901 description 902 "Filters outgoing SA messages only. 903 The value is the name to uniquely identify a 904 policy that contains one or more rules used to 905 accept or reject MSDP SA messages. 906 If the policy is not specified, all MSDP SA messages are 907 sent."; 908 reference 909 "RFC 8519: YANG Data Model for Network Access Control 910 Lists (ACLs)"; 911 } 912 } // sa-filter 913 } // sa-filter-container 915 grouping ttl-threshold { 916 description "Attribute to configure TTL threshold."; 917 leaf ttl-threshold { 918 type uint8 { 919 range 1..255; 920 } 921 description "Maximum number of hops data packets can 922 traverse before being dropped."; 923 } 924 } // ttl-threshold 926 grouping statistics-sent-received { 927 description 928 "A grouping defining sent and received statistics attributes."; 929 leaf keepalive { 930 type yang:counter64; 931 description 932 "The number of keepalive messages."; 933 } 934 leaf notification { 935 type yang:counter64; 936 description 937 "The number of notification messages."; 938 } 939 leaf sa-message { 940 type yang:counter64; 941 description 942 "The number of SA messages."; 943 } 944 leaf sa-response { 945 type yang:counter64; 946 description 947 "The number of SA response messages."; 948 } 949 leaf sa-request { 950 type yang:counter64; 951 description 952 "The number of SA request messages."; 953 } 954 leaf total { 955 type yang:counter64; 956 description 957 "The number of total messages."; 958 } 959 } // statistics-sent-received 961 /* 962 * Data nodes 963 */ 964 augment "/rt:routing/rt:control-plane-protocols/" 965 + "rt:control-plane-protocol" { 966 description 967 "MSDP augmentation to routing instance. This augmentation 968 is only valid for a routing protocol instance of MSDP."; 970 container msdp { 971 presence "Container for MSDP protocol."; 972 description 973 "MSDP configuration data."; 975 container global { 976 description 977 "Global attributes."; 978 uses global-config-attributes; 979 } 981 container peers { 982 description 983 "Containing a list of peers."; 984 list peer { 985 key "address"; 986 description 987 "List of MSDP peers."; 988 leaf address { 989 type inet:ipv4-address; 990 description 991 "The address of the peer"; 992 } 993 uses peer-config-attributes; 994 uses peer-state-attributes; 995 } // peer 996 } // peers 998 container sa-cache { 999 config false; 1000 description 1001 "The SA cache information."; 1002 list entry { 1003 key "group source-addr"; 1004 description "A list of SA cache entries."; 1005 leaf group { 1006 type inet:ipv4-address; 1007 description "The group address of this SA cache."; 1008 } 1009 leaf source-addr { 1010 type union { 1011 type enumeration { 1012 enum '*' { 1013 description "Any source address."; 1014 } 1015 } 1016 type inet:ipv4-address; 1017 } 1018 description "Source IPv4 address."; 1019 } 1020 list origin-rp { 1021 key "rp-address"; 1022 description "Origin RP address."; 1023 leaf rp-address { 1024 type inet:ip-address; 1025 description "The RP address."; 1026 } 1027 leaf is-local-rp { 1028 type boolean; 1029 description "The RP is local."; 1030 } 1031 leaf sa-adv-expire { 1032 type uint32; 1033 units seconds; 1034 description 1035 "The remaining time duration before expiration 1036 of the periodic SA advertisement timer on a 1037 local RP."; 1038 } 1039 } 1041 container state-attributes { 1042 description "SA cache state attributes for MSDP."; 1044 leaf up-time { 1045 type uint32; 1046 units seconds; 1047 description "The duration time of receiving this 1048 SA cache."; 1049 } 1050 leaf expire { 1051 type uint32; 1052 units seconds; 1053 description "The duration time since this SA cache 1054 expires."; 1055 } 1056 leaf holddown-interval { 1057 type uint32; 1058 units seconds; 1059 description "Hold-down timer value for SA 1060 forwarding."; 1061 } 1062 leaf peer-learned-from { 1063 type inet:ipv4-address; 1064 description 1065 "The address of the peer that we learned this 1066 SA from."; 1067 } 1068 leaf rpf-peer { 1069 type inet:ipv4-address; 1070 description 1071 "The address is used to find the SA's 1072 originating RP."; 1073 } 1074 } // sa-cache-state-attributes 1075 } // entry 1076 } // sa-cache 1077 } // msdp 1078 } // augment 1080 /* 1081 * RPCs 1082 */ 1083 rpc clear-peer { 1084 description 1085 "Clears the TCP connection to the peer."; 1086 input { 1087 choice peer { 1088 mandatory true; 1089 description 1090 "Address of peer to be cleared."; 1091 case peer-address { 1092 leaf peer-address { 1093 type inet:ipv4-address; 1094 description 1095 "Address of peer to be cleared."; 1097 } 1098 } 1099 case all { 1100 leaf all-peers { 1101 type empty; 1102 description 1103 "All peers' TCP connection are cleared."; 1104 } 1105 } 1106 } 1107 } 1108 } 1110 rpc clear-sa-cache { 1111 if-feature rpc-clear-sa-cache; 1112 description 1113 "Clears MSDP source active (SA) cache entries."; 1114 input { 1115 container entry { 1116 presence "If a particular entry is cleared."; 1117 description 1118 "The SA cache (S,G) or (*,G) entry to be cleared. If 1119 this is not provided, all entries are cleared."; 1120 leaf group { 1121 type rt-types:ipv4-multicast-group-address; 1122 mandatory true; 1123 description "The group address"; 1124 } 1125 leaf source-addr { 1126 type rt-types:ipv4-multicast-source-address; 1127 description 1128 "Address of multicast source to be cleared. If this 1129 is not provided then all entries related to the 1130 given group are cleared."; 1131 } 1132 } // s-g 1133 leaf peer-address { 1134 type inet:ipv4-address; 1135 description 1136 "Peer IP address from which MSDP SA cache entries have 1137 been learned. If this is not provided, entries learned 1138 from all peers are cleared."; 1139 } 1140 leaf peer-as { 1141 type inet:as-number; 1142 description 1143 "ASN from which MSDP SA cache entries have been learned. 1144 If this is not provided, entries learned from all AS's 1145 are cleared."; 1146 } 1147 } 1148 } 1149 } 1150 1152 5. Security Considerations 1154 The YANG module specified in this document defines a schema for data 1155 that is designed to be accessed via network management protocols such 1156 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1157 is the secure transport layer, and the mandatory-to-implement secure 1158 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 1159 is HTTPS, and the mandatory-to-implement secure transport is TLS 1160 [RFC8446]. 1162 The NETCONF access control model [RFC8341] provides the means to 1163 restrict access for particular NETCONF or RESTCONF users to a 1164 preconfigured subset of all available NETCONF or RESTCONF protocol 1165 operations and content. 1167 There are a number of data nodes defined in this YANG module that are 1168 writable/creatable/deletable (i.e., config true, which is the 1169 default). These data nodes may be considered sensitive or vulnerable 1170 in some network environments. Write operations (e.g., edit-config) 1171 to these data nodes without proper protection can have a negative 1172 effect on network operations. These are the subtrees and data nodes 1173 and their sensitivity/vulnerability: 1175 Under /rt:routing/rt:control-plane-protocols/msdp, 1177 msdp:global 1179 This subtree specifies the configuration for the MSDP attributes 1180 at the global level. Modifying the configuration can cause MSDP 1181 default peers to be deleted or reconstructed, and the SA's 1182 unexpected filtering. 1184 msdp:peers 1186 This subtree specifies the configuration for the MSDP attributes 1187 at the peer level. The modification configuration will allow the 1188 unexpected MSDP peer establishment and unexpected SA information 1189 learning and advertisement. 1191 The "key" field is also a sensitive readable configuration, the 1192 unauthorized reading function may lead to the password leaking. 1193 The modification will allow the unexpected peer reconstruction. 1195 Some of the readable data nodes in this YANG module may be considered 1196 sensitive or vulnerable in some network environments. It is thus 1197 important to control read access (e.g., via get, get-config, or 1198 notification) to these data nodes. These are the subtrees and data 1199 nodes and their sensitivity/vulnerability: 1201 /rt:routing/rt:control-plane-protocols/msdp, 1203 Unauthorized access to any data node of the above subtree can 1204 disclose the operational state information of MSDP on this device. 1206 Some of the RPC operations in this YANG module may be considered 1207 sensitive or vulnerable in some network environments. It is thus 1208 important to control access to these operations. These are the 1209 operations and their sensitivity/vulnerability: 1211 /rt:routing/rt:control-plane-protocols/msdp:clear-peer, 1213 /rt:routing/rt:control-plane-protocols/msdp:clear-sa-cache, 1215 Unauthorized access to any of the above action operations can 1216 reconstruct the MSDP peers or delete SA records on this device. 1218 6. IANA Considerations 1220 RFC Ed.: Please replace all occurrences of 'XXXX' with the actual RFC 1221 number (and remove this note). 1223 The IANA is requested to assign one new URIs from the IETF XML 1224 registry [RFC3688]. Authors are suggesting the following URI: 1226 URI: urn:ietf:params:xml:ns:yang:ietf-msdp 1228 Registrant Contact: The IESG 1230 XML: N/A, the requested URI is an XML namespace 1232 This document also requests one new YANG module name in the YANG 1233 Module Names registry [RFC6020] with the following suggestion: 1235 name: ietf-msdp 1237 namespace: urn:ietf:params:xml:ns:yang:ietf-msdp 1238 prefix: msdp 1240 reference: RFC XXXX 1242 7. Contributors 1244 The authors would like to thank Yisong Liu (liuyisong@huawei.com), 1245 Benchong Xu (xu.benchong@zte.com.cn), Tanmoy Kundu 1246 (tanmoy.kundu@alcatel-lucent.com) for their valuable contributions. 1248 8. Acknowledgement 1250 The authors would like to thank Stig Venaas, Jake Holland for their 1251 valuable comments and suggestions. 1253 9. References 1255 9.1. Normative References 1257 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1258 Requirement Levels", BCP 14, RFC 2119, 1259 DOI 10.17487/RFC2119, March 1997, 1260 . 1262 [RFC3618] Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source 1263 Discovery Protocol (MSDP)", RFC 3618, 1264 DOI 10.17487/RFC3618, October 2003, 1265 . 1267 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1268 DOI 10.17487/RFC3688, January 2004, 1269 . 1271 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1272 the Network Configuration Protocol (NETCONF)", RFC 6020, 1273 DOI 10.17487/RFC6020, October 2010, 1274 . 1276 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1277 and A. Bierman, Ed., "Network Configuration Protocol 1278 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1279 . 1281 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1282 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1283 . 1285 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1286 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1287 . 1289 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1290 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1291 . 1293 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1294 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1295 . 1297 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1298 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1299 May 2017, . 1301 [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. 1302 Zhang, "YANG Data Model for Key Chains", RFC 8177, 1303 DOI 10.17487/RFC8177, June 2017, 1304 . 1306 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 1307 "Common YANG Data Types for the Routing Area", RFC 8294, 1308 DOI 10.17487/RFC8294, December 2017, 1309 . 1311 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1312 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1313 . 1315 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1316 Access Control Model", STD 91, RFC 8341, 1317 DOI 10.17487/RFC8341, March 2018, 1318 . 1320 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1321 and R. Wilton, "Network Management Datastore Architecture 1322 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1323 . 1325 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1326 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1327 . 1329 [RFC8344] Bjorklund, M., "A YANG Data Model for IP Management", 1330 RFC 8344, DOI 10.17487/RFC8344, March 2018, 1331 . 1333 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1334 Routing Management (NMDA Version)", RFC 8349, 1335 DOI 10.17487/RFC8349, March 2018, 1336 . 1338 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1339 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1340 . 1342 [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 1343 "YANG Data Model for Network Access Control Lists (ACLs)", 1344 RFC 8519, DOI 10.17487/RFC8519, March 2019, 1345 . 1347 9.2. Informative References 1349 [I-D.ietf-pim-yang] 1350 Liu, X., McAllister, P., Peter, A., Sivakumar, M., Liu, 1351 Y., and f. hu, "A YANG Data Model for Protocol Independent 1352 Multicast (PIM)", draft-ietf-pim-yang-17 (work in 1353 progress), May 2018. 1355 [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of 1356 Documents Containing YANG Data Models", BCP 216, RFC 8407, 1357 DOI 10.17487/RFC8407, October 2018, 1358 . 1360 [RFC8639] Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard, 1361 E., and A. Tripathy, "Subscription to YANG Notifications", 1362 RFC 8639, DOI 10.17487/RFC8639, September 2019, 1363 . 1365 [RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications 1366 for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641, 1367 September 2019, . 1369 Authors' Addresses 1371 Xufeng Liu 1372 Volta Networks 1374 Email: xufeng.liu.ietf@gmail.com 1375 Zheng Zhang (editor) 1376 ZTE Corporation 1377 No. 50 Software Ave, Yuhuatai Distinct 1378 Nanjing 1379 China 1381 Email: zzhang_ietf@hotmail.com 1383 Anish Peter 1384 Individual contributor 1386 Email: anish.ietf@gmail.com 1388 Mahesh Sivakumar 1389 Juniper networks 1390 1133 Innovation Way 1391 Sunnyvale, CALIFORNIA 94089 1392 USA 1394 Email: sivakumar.mahesh@gmail.com 1396 Feng Guo 1397 Huawei Technologies 1398 Huawei Bld., No.156 Beiqing Rd. 1399 Beijing 100095 1400 China 1402 Email: guofeng@huawei.com 1404 Pete McAllister 1405 Metaswitch Networks 1406 100 Church Street 1407 Enfield EN2 6BQ 1408 UK 1410 Email: pete.mcallister@metaswitch.com