idnits 2.17.1 draft-ietf-rtgwg-yang-vrrp-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 2 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 169 has weird spacing: '...erfaces ietf...' == Line 213 has weird spacing: '...address ine...' == Line 231 has weird spacing: '...address ine...' == Line 263 has weird spacing: '...address ine...' == Line 285 has weird spacing: '...address ine...' == (8 more instances...) == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (March 10, 2017) is 2601 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC6087' is defined on line 1661, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3768 (Obsoleted by RFC 5798) ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) ** Obsolete normative reference: RFC 7277 (Obsoleted by RFC 8344) == Outdated reference: A later version (-25) exists of draft-ietf-netconf-yang-push-05 -- Obsolete informational reference (is this intentional?): RFC 6087 (Obsoleted by RFC 8407) -- Obsolete informational reference (is this intentional?): RFC 6536 (Obsoleted by RFC 8341) Summary: 3 errors (**), 0 flaws (~~), 12 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group X. Liu, Ed. 3 Internet-Draft A. Kyparlis 4 Intended status: Standards Track Jabil 5 Expires: September 11, 2017 R. Parikh 6 VMware 7 A. Lindem 8 Cisco Systems 9 M. Zhang 10 Huawei Technologies 11 March 10, 2017 13 A YANG Data Model for Virtual Router Redundancy Protocol (VRRP) 14 draft-ietf-rtgwg-yang-vrrp-02 16 Abstract 18 This document describes a data model for Virtual Router Redundancy 19 Protocol (VRRP). Both version 2 and version 3 of VRRP are covered. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on September 11, 2017. 38 Copyright Notice 40 Copyright (c) 2017 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 57 1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 58 1.3. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 59 2. Design of the Data Model . . . . . . . . . . . . . . . . . . 4 60 2.1. Scope of the Model . . . . . . . . . . . . . . . . . . . 4 61 2.2. Relations with Interface Model and IP Model . . . . . . . 4 62 2.3. Protocol Configuration . . . . . . . . . . . . . . . . . 5 63 2.4. Protocol States . . . . . . . . . . . . . . . . . . . . . 6 64 2.5. Notifications . . . . . . . . . . . . . . . . . . . . . . 7 65 3. Tree Structure . . . . . . . . . . . . . . . . . . . . . . . 8 66 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 11 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 68 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 69 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 70 7.1. Normative References . . . . . . . . . . . . . . . . . . 34 71 7.2. Informative References . . . . . . . . . . . . . . . . . 35 72 Appendix A. Data Tree Example . . . . . . . . . . . . . . . . . 37 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 75 1. Introduction 77 This document introduces a YANG [RFC6020][RFC7950] data model for 78 Virtual Router Redundancy Protocol (VRRP) [RFC3768][RFC5798]. VRRP 79 provides higher resiliency by specifying an election protocol that 80 dynamically assigns responsibility for a virtual router to one of the 81 VRRP routers on a LAN. 83 This YANG model supports both version 2 and version 3 of VRRP. VRRP 84 version 2 defined in [RFC3768] supports IPv4. VRRP version 3 defined 85 in [RFC5798] supports both IPv4 and IPv6. 87 1.1. Terminology 89 The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 90 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 91 "OPTIONAL" in this document are to be interpreted as described in BCP 92 14, [RFC2119]. 94 The following terms are defined in [RFC7950] and are not redefined 95 here: 97 o augment 99 o data model 101 o data node 103 1.2. Tree Diagrams 105 A simplified graphical representation of the data model is used in 106 this document. The meaning of the symbols in these diagrams is as 107 follows: 109 o Brackets "[" and "]" enclose list keys. 111 o Curly braces "{" and "}" contain names of optional features that 112 make the corresponding node conditional. 114 o Abbreviations before data node names: "rw" means configuration 115 (read-write), and "ro" means state data (read-only). 117 o Symbols after data node names: "?" means an optional node, "!" 118 means a presence container, and "*" denotes a list and leaf-list. 120 o Parentheses enclose choice and case nodes, and case nodes are also 121 marked with a colon (":"). 123 o Ellipsis ("...") stands for contents of subtrees that are not 124 shown. 126 1.3. Prefixes in Data Node Names 128 In this document, names of data nodes, actions, and other data model 129 objects are often used without a prefix, as long as it is clear from 130 the context in which YANG module each name is defined. Otherwise, 131 names are prefixed using the standard prefix associated with the 132 corresponding YANG module, as shown in Table 1. 134 +--------+-----------------+-----------+ 135 | Prefix | YANG module | Reference | 136 +--------+-----------------+-----------+ 137 | yang | ietf-yang-types | [RFC6991] | 138 | inet | ietf-inet-types | [RFC6991] | 139 | if | ietf-interfaces | [RFC7223] | 140 | ip | ietf-ip | [RFC7277] | 141 +--------+-----------------+-----------+ 143 Table 1: Prefixes and Corresponding YANG Modules 145 2. Design of the Data Model 147 2.1. Scope of the Model 149 The model covers VRRP version 2 [RFC3768] and VRRP version 3 150 [RFC5798] protocols. The model is designed to be implemented on a 151 device where VRRP version 2 or version 3 is implemented. With the 152 help of a proper management protocol, the defined model can be used 153 to: 155 o Configure the VRRP version 2 or version 3 protocol. 157 o Manage the protocol operational behavior. 159 o Retrieve the protocol operational status. 161 o Receive the protocol notifications. 163 2.2. Relations with Interface Model and IP Model 165 This model augments the interface data model "ietf-interfaces" 166 [RFC7223] and IP management model "ietf-ip" [RFC7277]. The 167 augmentation relations are shown as follows: 169 ietf-interfaces ietf-ip ietf-vrrp 170 ========================================================= 171 +--rw interfaces 172 | +--rw interface* 173 | +--------------rw ipv4 174 | | +---------------rw vrrp 175 | | +--rw vrrp-instance* 176 | +--------------rw ipv6 177 | +---------------rw vrrp 178 | +--rw vrrp-instance* 179 +--ro interfaces-state 180 +--ro interface* 181 | +--------------ro ipv4 182 | | +---------------ro vrrp 183 | | +--ro vrrp-instance* 184 | +--------------ro ipv6 185 | +---------------ro vrrp 186 | +--ro vrrp-instance* 187 +---------------------------------ro vrrp-global 189 The "vrrp" container contains a list of vrrp-instance nodes, which 190 are instantiated under an interface for a specified address family 191 (IPv4 or IPv6). 193 2.3. Protocol Configuration 195 The model structure for the protocol configuration is as shown below: 197 augment /if:interfaces/if:interface/ip:ipv4: 198 +--rw vrrp 199 +--rw vrrp-instance* [vrid] 200 +--rw vrid uint8 201 | ... 202 +--rw track 203 | +--rw interfaces 204 | | +--rw interface* [interface] 205 | | +--rw interface if:interface-ref 206 | | ... 207 | +--rw networks 208 | +--rw network* [prefix] 209 | +--rw prefix inet:ipv4-prefix 210 | ... 211 +--rw virtual-ipv4-addresses 212 +--rw virtual-ipv4-address* [ipv4-address] 213 +--rw ipv4-address inet:ipv4-address 215 augment /if:interfaces/if:interface/ip:ipv6: 216 +--rw vrrp 217 +--rw vrrp-instance* [vrid] 218 +--rw vrid uint8 219 | ... 220 +--rw track 221 | +--rw interfaces 222 | | +--rw interface* [interface] 223 | | +--rw interface if:interface-ref 224 | | ... 225 | +--rw networks 226 | +--rw network* [prefix] 227 | +--rw prefix inet:ipv6-prefix 228 | ... 229 +--rw virtual-ipv6-addresses 230 +--rw virtual-ipv6-address* [ipv6-address] 231 +--rw ipv6-address inet:ipv6-address 233 The model allows to configure the following protocol entities: 235 o VRRP instance (version 2 or version 3). 237 o Virtual IPv4 or IPv6 address. 239 o Tracking interface. 241 o Tracking network. 243 2.4. Protocol States 245 The model structure for the protocol states is as shown below: 247 augment /if:interfaces-state/if:interface/ip:ipv4: 248 +--ro vrrp 249 +--ro vrrp-instance* [vrid] 250 +--ro vrid uint8 251 | ... 252 +--ro track 253 | +--ro interfaces 254 | | +--ro interface* [interface] 255 | | +--ro interface if:interface-ref 256 | | ... 257 | +--ro networks 258 | +--ro network* [prefix] 259 | +--ro prefix inet:ipv4-prefix 260 | ... 261 +--ro virtual-ipv4-addresses 262 | +--ro virtual-ipv4-address* [ipv4-address] 263 | +--ro ipv4-address inet:ipv4-address 264 | 265 +--ro 266 +--ro statistics 267 +--ro 269 augment /if:interfaces-state/if:interface/ip:ipv6: 270 +--ro vrrp 271 +--ro vrrp-instance* [vrid] 272 +--ro vrid uint8 273 + ... 274 +--ro track 275 | +--ro interfaces 276 | | +--ro interface* [interface] 277 | | +--ro interface if:interface-ref 278 | | ... 279 | +--ro networks 280 | +--ro network* [prefix] 281 | +--ro prefix inet:ipv6-prefix 282 | ... 283 +--ro virtual-ipv6-addresses 284 | +--ro virtual-ipv6-address* [ipv6-address] 285 | +--ro ipv6-address inet:ipv6-address 286 | 287 +--ro 288 +--ro statistics 289 +--ro 291 augment /if:interfaces-state: 292 +--ro vrrp-global 293 +--ro 294 +--ro statistics 295 +--ro 297 The model allows to retrieve protocol states at the following levels: 299 o VRRP instance (version 2 or version 3). 301 o Virtual IPv4 or IPv6 address. 303 o Tracking interface. 305 o Tracking network. 307 o Global states and statistics summarizing all instances. 309 2.5. Notifications 311 This model defines the following VRRP specific notifications: 313 o VRRP new master event. 315 o VRRP protocol error event for a message that fails to reach a VRRP 316 instance to be processed. 318 o VRRP virtual router error event for a message processed on a VRRP 319 instance. 321 In addition to the notifications specified above, the mechanism 322 defined in [I-D.ietf-netconf-yang-push] and 323 [I-D.ietf-netconf-rfc5277bis] can be used for other general 324 notifications. This mechanism currently allows the user to: 326 o Subscribe notifications on a per client basis. 328 o Specify subtree filters or xpath filters so that only interested 329 contents will be sent. 331 o Specify either periodic or on-demand notifications. 333 3. Tree Structure 335 This document defines the YANG module "ietf-vrrp", which has the 336 following tree structure: 338 module: ietf-vrrp 339 augment /if:interfaces/if:interface/ip:ipv4: 340 +--rw vrrp 341 +--rw vrrp-instance* [vrid] 342 +--rw vrid uint8 343 +--rw version identityref 344 +--rw log-state-change? boolean 345 +--rw preempt 346 | +--rw enabled? boolean 347 | +--rw hold-time? uint16 348 +--rw priority? uint8 349 +--rw accept-mode? boolean 350 +--rw (advertise-interval-choice)? 351 | +--:(v2) 352 | | +--rw advertise-interval-sec? uint8 353 | +--:(v3) 354 | +--rw advertise-interval-centi-sec? uint16 355 +--rw track 356 | +--rw interfaces 357 | | +--rw interface* [interface] 358 | | +--rw interface if:interface-ref 359 | | +--rw priority-decrement? uint8 360 | +--rw networks 361 | +--rw network* [prefix] 362 | +--rw prefix inet:ipv4-prefix 363 | +--rw priority-decrement? uint8 364 +--rw virtual-ipv4-addresses 365 +--rw virtual-ipv4-address* [ipv4-address] 366 +--rw ipv4-address inet:ipv4-address 367 augment /if:interfaces/if:interface/ip:ipv6: 368 +--rw vrrp 369 +--rw vrrp-instance* [vrid] 370 +--rw vrid uint8 371 +--rw version identityref 372 +--rw log-state-change? boolean 373 +--rw preempt 374 | +--rw enabled? boolean 375 | +--rw hold-time? uint16 376 +--rw priority? uint8 377 +--rw accept-mode? boolean 378 +--rw advertise-interval-centi-sec? uint16 379 +--rw track 380 | +--rw interfaces 381 | | +--rw interface* [interface] 382 | | +--rw interface if:interface-ref 383 | | +--rw priority-decrement? uint8 384 | +--rw networks 385 | +--rw network* [prefix] 386 | +--rw prefix inet:ipv6-prefix 387 | +--rw priority-decrement? uint8 388 +--rw virtual-ipv6-addresses 389 +--rw virtual-ipv6-address* [ipv6-address] 390 +--rw ipv6-address inet:ipv6-address 391 augment /if:interfaces-state/if:interface/ip:ipv4: 392 +--ro vrrp 393 +--ro vrrp-instance* [vrid] 394 +--ro vrid uint8 395 +--ro version identityref 396 +--ro log-state-change? boolean 397 +--ro preempt 398 | +--ro enabled? boolean 399 | +--ro hold-time? uint16 400 +--ro priority? uint8 401 +--ro accept-mode? boolean 402 +--ro (advertise-interval-choice)? 403 | +--:(v2) 404 | | +--ro advertise-interval-sec? uint8 405 | +--:(v3) 406 | +--ro advertise-interval-centi-sec? uint16 407 +--ro track 408 | +--ro interfaces 409 | | +--ro interface* [interface] 410 | | +--ro interface if:interface-ref 411 | | +--ro priority-decrement? uint8 412 | +--ro networks 413 | +--ro network* [prefix] 414 | +--ro prefix inet:ipv4-prefix 415 | +--ro priority-decrement? uint8 416 +--ro virtual-ipv4-addresses 417 | +--ro virtual-ipv4-address* [ipv4-address] 418 | +--ro ipv4-address inet:ipv4-address 419 +--ro state? identityref 420 +--ro is-owner? boolean 421 +--ro last-adv-source? inet:ip-address 422 +--ro up-datetime? yang:date-and-time 423 +--ro master-down-interval? uint32 424 +--ro skew-time? uint32 425 +--ro last-event? identityref 426 +--ro new-master-reason? new-master-reason-type 427 +--ro statistics 428 +--ro discontinuity-datetime? yang:date-and-time 429 +--ro master-transitions? yang:counter32 430 +--ro advertisement-recv? yang:counter64 431 +--ro advertisement-sent? yang:counter64 432 +--ro interval-errors? yang:counter64 433 {validate-interval-errors}? 434 +--ro priority-zero-pkts-rcvd? yang:counter64 435 +--ro priority-zero-pkts-sent? yang:counter64 436 +--ro invalid-type-pkts-rcvd? yang:counter64 437 +--ro address-list-errors? yang:counter64 438 {validate-address-list-errors}? 439 +--ro packet-length-errors? yang:counter64 440 augment /if:interfaces-state/if:interface/ip:ipv6: 441 +--ro vrrp 442 +--ro vrrp-instance* [vrid] 443 +--ro vrid uint8 444 +--ro version identityref 445 +--ro log-state-change? boolean 446 +--ro preempt 447 | +--ro enabled? boolean 448 | +--ro hold-time? uint16 449 +--ro priority? uint8 450 +--ro accept-mode? boolean 451 +--ro advertise-interval-centi-sec? uint16 452 +--ro track 453 | +--ro interfaces 454 | | +--ro interface* [interface] 455 | | +--ro interface if:interface-ref 456 | | +--ro priority-decrement? uint8 457 | +--ro networks 458 | +--ro network* [prefix] 459 | +--ro prefix inet:ipv6-prefix 460 | +--ro priority-decrement? uint8 461 +--ro virtual-ipv6-addresses 462 | +--ro virtual-ipv6-address* [ipv6-address] 463 | +--ro ipv6-address inet:ipv6-address 464 +--ro state? identityref 465 +--ro is-owner? boolean 466 +--ro last-adv-source? inet:ip-address 467 +--ro up-datetime? yang:date-and-time 468 +--ro master-down-interval? uint32 469 +--ro skew-time? uint32 470 +--ro last-event? identityref 471 +--ro new-master-reason? new-master-reason-type 472 +--ro statistics 473 +--ro discontinuity-datetime? yang:date-and-time 474 +--ro master-transitions? yang:counter32 475 +--ro advertisement-recv? yang:counter64 476 +--ro advertisement-sent? yang:counter64 477 +--ro interval-errors? yang:counter64 478 {validate-interval-errors}? 479 +--ro priority-zero-pkts-rcvd? yang:counter64 480 +--ro priority-zero-pkts-sent? yang:counter64 481 +--ro invalid-type-pkts-rcvd? yang:counter64 482 +--ro address-list-errors? yang:counter64 483 {validate-address-list-errors}? 484 +--ro packet-length-errors? yang:counter64 485 augment /if:interfaces-state: 486 +--ro vrrp-global 487 +--ro virtual-routers? uint32 488 +--ro interfaces? uint32 489 +--ro statistics 490 +--ro discontinuity-datetime? yang:date-and-time 491 +--ro checksum-errors? yang:counter64 492 +--ro version-errors? yang:counter64 493 +--ro vrid-errors? yang:counter64 494 +--ro ip-ttl-errors? yang:counter64 495 notifications: 496 +---n vrrp-new-master-event 497 | +--ro master-ip-address inet:ip-address 498 | +--ro new-master-reason new-master-reason-type 499 +---n vrrp-protocol-error-event 500 | +--ro protocol-error-reason identityref 501 +---n vrrp-virtual-router-error-event 502 +--ro interface if:interface-ref 503 +--ro ip-version enumeration 504 +--ro vrid-v4? leafref 505 +--ro vrid-v6? leafref 506 +--ro virtual-router-error-reason identityref 508 4. YANG Module 510 file "ietf-vrrp@2017-02-21.yang" 511 module ietf-vrrp { 512 yang-version 1.1; 513 namespace "urn:ietf:params:xml:ns:yang:ietf-vrrp"; 514 prefix "vrrp"; 516 import ietf-inet-types { 517 prefix "inet"; 519 } 521 import ietf-yang-types { 522 prefix "yang"; 523 } 525 import ietf-interfaces { 526 prefix "if"; 527 } 529 import ietf-ip { 530 prefix "ip"; 531 } 533 organization 534 "IETF Routing Area Working Group (RTGWG)"; 535 contact 536 "WG Web: 537 WG List: 539 WG Chair: Jeff Tantsura 540 542 WG Chair: Chris Bowers 543 545 Editor: Xufeng Liu 546 548 Editor: Athanasios Kyparlis 549 551 Editor: Ravi Parikh 552 554 Editor: Acee Lindem 555 557 Editor: Mingui Zhang 558 "; 560 description 561 "This YANG module defines a model for managing Virtual Router 562 Redundancy Protocol (VRRP) version 2 and version 3."; 564 revision 2017-02-21 { 565 description "Initial revision"; 566 reference 567 "RFC XXXX: A YANG Data Model for Virtual Router Redundancy 568 Protocol (VRRP). 569 RFC 2787: Definitions of Managed Objects for the Virtual 570 Router Redundancy Protocol. 571 RFC 3768: Virtual Router Redundancy Protocol (VRRP). 572 RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3. 573 RFC 6527: Definitions of Managed Objects for the Virtual 574 Router Redundancy Protocol Version 3 (VRRPv3)."; 575 } 577 /* 578 * Features 579 */ 581 feature validate-interval-errors { 582 description 583 "This feature indicates that the system validates that 584 the advertisement interval from advertisement packets 585 received is the same as the one configured for the local 586 VRRP router."; 587 } 589 feature validate-address-list-errors { 590 description 591 "This feature indicates that the system validates that 592 the address list from received packets matches the 593 locally configured list for the VRRP router."; 594 } 596 /* 597 * Typedefs 598 */ 600 typedef new-master-reason-type { 601 type enumeration { 602 enum not-master { 603 description 604 "The virtual router has never transitioned to master 605 state,"; 606 } 607 enum priority { 608 description "Priority was higher."; 609 } 610 enum preempted { 611 description "The master was preempted."; 612 } 613 enum master-no-response { 614 description "Previous master did not respond."; 616 } 617 } 618 description 619 "The reason for the virtual router to transition to master 620 state."; 621 } // new-master-reason-type 623 /* 624 * Identities 625 */ 627 /* vrrp-event-type identity and its derivatives. */ 628 identity vrrp-event-type { 629 description 630 "The type to indicate the type of a VRRP protocol event."; 631 } 632 identity vrrp-event-none { 633 base vrrp-event-type; 634 description 635 "Indicates a non-meaningful event."; 636 } 637 identity vrrp-event-startup { 638 base vrrp-event-type; 639 description 640 "Indicates that a VRRP router has initiated the protocol."; 641 } 642 identity vrrp-event-shutdown { 643 base vrrp-event-type; 644 description 645 "Indicates that a VRRP router has closed down the protocol."; 646 } 647 identity vrrp-event-higher-priority-backup { 648 base vrrp-event-type; 649 description 650 "Indicates that a backup router has a higher priority than 651 the current master."; 652 } 653 identity vrrp-event-master-timeout { 654 base vrrp-event-type; 655 description 656 "Indicates that the current master has not sent an 657 advertisement within the limit of master-down-interval."; 658 } 659 identity vrrp-event-interface-up { 660 base vrrp-event-type; 661 description 662 "Indicates that the VRRP enabled interface has become 663 operational up."; 665 } 666 identity vrrp-event-interface-down { 667 base vrrp-event-type; 668 description 669 "Indicates that the VRRP enabled interface has become 670 operational down."; 671 } 672 identity vrrp-event-no-primary-ip-address { 673 base vrrp-event-type; 674 description 675 "Indicates that the primary IP address on the VRRP enabled 676 interface has become unavailable."; 677 } 678 identity vrrp-event-primary-ip-address { 679 base vrrp-event-type; 680 description 681 "Indicates that the primary IP address on the VRRP enabled 682 interface has become available."; 683 } 684 identity vrrp-event-no-virtual-ip-addresses { 685 base vrrp-event-type; 686 description 687 "Indicates that there are no virtual IP addresses on the 688 virtual router."; 689 } 690 identity vrrp-event-virtual-ip-addresses { 691 base vrrp-event-type; 692 description 693 "Indicates that there are virtual IP addresses on the 694 virtual router."; 695 } 696 identity vrrp-event-preempt-hold-timeout { 697 base vrrp-event-type; 698 description 699 "Indicates that the configured preemption hold time has 700 passed."; 701 } 702 identity vrrp-event-lower-priority-master { 703 base vrrp-event-type; 704 description 705 "Indicates that there is a lower priority VRRP master."; 706 } 707 identity vrrp-event-owner-preempt { 708 base vrrp-event-type; 709 description 710 "Indicates that the owner has preempted another router to 711 become the master."; 712 } 713 /* vrrp-error-global identity and its derivatives. */ 714 identity vrrp-error-global { 715 description 716 "The type to indicate the type of a VRRP error that occurs 717 for a packet before it reaches a VRRP router."; 718 } 719 identity checksum-error { 720 base vrrp-error-global; 721 description 722 "A packet has been received with an invalid VRRP checksum 723 value."; 724 } 725 identity ip-ttl-error { 726 base vrrp-error-global; 727 description 728 "A packet has been received with IP TTL (Time-To-Live) 729 not equal to 255."; 730 } 731 identity version-error { 732 base vrrp-error-global; 733 description 734 "A packet has been received with an unknown or unsupported 735 version number."; 736 } 737 identity vrid-error { 738 base vrrp-error-global; 739 description 740 "A packet has been received with a VRID that is not valid 741 for any virtual router on this router."; 742 } 744 /* vrrp-error-virtual-router identity and its derivatives. */ 745 identity vrrp-error-virtual-router { 746 description 747 "The type to indicate the type of a VRRP error that occurs 748 after a packet reaches a VRRP router."; 749 } 750 identity address-list-error { 751 base vrrp-error-virtual-router; 752 description 753 "A packet has been received with an address list that 754 does not match the locally configured address list for 755 the virtual router."; 756 } 757 identity interval-error { 758 base vrrp-error-virtual-router; 759 description 760 "A packet has been received with an advertisement 761 interval different than the one configured for the local 762 virtual router"; 763 } 764 identity packet-length-error { 765 base vrrp-error-virtual-router; 766 description 767 "A packet has been received with a packet length less 768 than the length of the VRRP header."; 769 } 771 /* vrrp-state-type identity and its derivatives. */ 772 identity vrrp-state-type { 773 description 774 "The type to indicate the state of a virtual router."; 775 } 776 identity initialize { 777 base vrrp-state-type; 778 description 779 "Indicates that the virtual router is waiting 780 for a startup event."; 781 } 782 identity backup { 783 base vrrp-state-type; 784 description 785 "Indicates that the virtual router is monitoring the 786 availability of the master router."; 787 } 788 identity master { 789 base vrrp-state-type; 790 description 791 "Indicates that the virtual router is forwarding 792 packets for IP addresses that are associated with 793 this virtual router."; 794 } 796 /* vrrp-version identity and its derivatives. */ 797 identity vrrp-version { 798 description 799 "The version of the VRRP protocol."; 800 } 801 identity vrrp-v2 { 802 base vrrp-version; 803 description 804 "Indicates version 2 of the VRRP protocol."; 805 } 806 identity vrrp-v3 { 807 base vrrp-version; 808 description 809 "Indicates version 3 of the VRRP protocol."; 810 } 812 /* 813 * Groupings 814 */ 816 grouping vrrp-common-attributes { 817 description 818 "Group of VRRP attributes common to version 2 and version 3"; 820 leaf vrid { 821 type uint8 { 822 range 1..255; 823 } 824 description "Virtual router ID."; 825 } 827 leaf version { 828 type identityref { 829 base vrrp:vrrp-version; 830 } 831 mandatory "true"; 832 description "Version 2 or version 3 of VRRP."; 833 } 835 leaf log-state-change { 836 type boolean; 837 default "false"; 838 description 839 "Generates VRRP state change messages each time the VRRP 840 instance changes state (from up to down or down to up)."; 841 } 843 container preempt { 844 description 845 "Enables a higher priority Virtual Router Redundancy 846 Protocol (VRRP) backup router to preempt a lower priority 847 VRRP master."; 848 leaf enabled { 849 type boolean; 850 default "true"; 851 description 852 "'true' if preemption is enabled."; 853 } 854 leaf hold-time { 855 type uint16; 856 units seconds; 857 default 0; 858 description 859 "Hold time, in seconds, for which a higher priority VRRP 860 backup router must wait before preempting a lower priority 861 VRRP master."; 862 } 863 } 865 leaf priority { 866 type uint8 { 867 range 1..254; 868 } 869 default 100; 870 description 871 "Configures the Virtual Router Redundancy Protocol (VRRP) 872 election priority for the backup virtual router."; 873 } 875 leaf accept-mode { 876 when "derived-from-or-self(current()/../version, 'vrrp-v3')" { 877 description "Applicable only to version 3."; 878 } 879 type boolean; 880 default false; 881 description 882 "Controls whether a virtual router in Master state will 883 accept packets addressed to the address owner's IPvX address 884 as its own if it is not the IPvX address owner. The default 885 is false. Deployments that rely on, for example, pinging the 886 address owner's IPvX address may wish to configure 887 accept-mode to true. 889 Note: IPv6 Neighbor Solicitations and Neighbor 890 Advertisements MUST NOT be dropped when accept-mode is 891 false."; 892 } 893 } // vrrp-common-attributes 895 grouping vrrp-ipv4-attributes { 896 description 897 "Group of VRRP attributes for IPv4."; 899 uses vrrp-common-attributes; 901 choice advertise-interval-choice { 902 description 903 "The options for the advertisement interval at which VRRPv2 904 or VRRPv3 advertisements are sent from the specified 905 interface."; 907 case v2 { 908 when "derived-from-or-self(version, 'vrrp-v2')" { 909 description "Applicable only to version 2."; 910 } 911 leaf advertise-interval-sec { 912 type uint8 { 913 range 1..254; 914 } 915 units seconds; 916 default 1; 917 description 918 "Configures the interval that Virtual Router 919 Redundancy Protocol Version 2 (VRRPv2) advertisements 920 are sent from the specified interface."; 921 } 922 } 924 case v3 { 925 when "derived-from-or-self(version, 'vrrp-v3')" { 926 description "Applicable only to version 3."; 927 } 928 leaf advertise-interval-centi-sec { 929 type uint16 { 930 range 1..4095; 931 } 932 units centiseconds; 933 default 100; 934 description 935 "Configures the interval that Virtual Router 936 Redundancy Protocol version 3 (VRRPv3) advertisements 937 are sent from the specified interface."; 938 } 939 } 940 } // advertise-interval-choice 942 container track { 943 description 944 "Enables the specified VRRP instance to track interfaces 945 or networks."; 946 container interfaces { 947 description 948 "Enables the specified Virtual Router Redundancy Protocol 949 version 2 (VRRP) or version 3 (VRRPv3) instance to track 950 an interface."; 952 list interface { 953 key "interface"; 954 description 955 "Interface to track."; 957 leaf interface { 958 type if:interface-ref; 959 must "/if:interfaces/if:interface[if:name=.]/ip:ipv4" { 960 description "Interface is IPv4."; 961 } 962 description 963 "Interface to track."; 964 } 966 leaf priority-decrement { 967 type uint8 { 968 range 1..254; 969 } 970 default 10; 971 description 972 "Specifies how much to decrement the priority of the 973 VRRP instance if the interface goes down."; 974 } 975 } // interface 976 } // interfaces 978 container networks { 979 description 980 "Enables the backup Virtual Router Redundancy Protocol 981 version 2 (VRRP) or version 3 (VRRPv3) router to track a 982 specified network through the IP network prefix of that 983 network."; 984 list network { 985 key "prefix"; 986 description 987 "Enables the specified Virtual Router Redundancy 988 Protocol version 2 (VRRP) or version 3 (VRRPv3) 989 instance to track an IP network."; 991 leaf prefix { 992 type inet:ipv4-prefix; 993 description 994 "The prefix of the network to track."; 995 } 997 leaf priority-decrement { 998 type uint8 { 999 range 1..254; 1000 } 1001 default 10; 1002 description 1003 "Specifies how much to decrement the priority of the 1004 backup VRRP router if there is a failure in the IP 1005 network."; 1006 } 1007 } // track-network 1008 } // track-networks 1009 } // track 1011 container virtual-ipv4-addresses { 1012 description 1013 "Configures the virtual IP address for the Virtual Router 1014 Redundancy Protocol (VRRP) interface."; 1016 list virtual-ipv4-address { 1017 key "ipv4-address"; 1018 max-elements 16; 1019 description 1020 "Virtual IP addresses for a single VRRP instance. For a 1021 VRRP owner router, the virtual address must match one 1022 of the IP addresses configured on the interface 1023 corresponding to the virtual router."; 1025 leaf ipv4-address { 1026 type inet:ipv4-address; 1027 description 1028 "Virtual IPv4 address."; 1029 } 1030 } // virtual-ipv4-address 1031 } // virtual-ipv4-addresses 1032 } // grouping vrrp-ipv4-attributes 1034 grouping vrrp-ipv6-attributes { 1035 description 1036 "Group of VRRP attributes for IPv6."; 1038 uses vrrp-common-attributes; 1040 leaf advertise-interval-centi-sec { 1041 type uint16 { 1042 range 1..4095; 1043 } 1044 units centiseconds; 1045 default 100; 1046 description 1047 "Configures the interval that Virtual Router 1048 Redundancy Protocol version 3 (VRRPv3) advertisements 1049 are sent from the specified interface."; 1050 } 1052 container track { 1053 description 1054 "Enables the specified VRRP instance to track interfaces 1055 or networks."; 1056 container interfaces { 1057 description 1058 "Enables the specified Virtual Router Redundancy Protocol 1059 version 2 (VRRP) or version 3 (VRRPv3) instance to track 1060 an interface."; 1061 list interface { 1062 key "interface"; 1063 description 1064 "Interface to track."; 1066 leaf interface { 1067 type if:interface-ref; 1068 must "/if:interfaces/if:interface[if:name=.]/ip:ipv6" { 1069 description "Interface is IPv6."; 1070 } 1071 description 1072 "Interface to track."; 1073 } 1075 leaf priority-decrement { 1076 type uint8 { 1077 range 1..254; 1078 } 1079 default 10; 1080 description 1081 "Specifies how much to decrement the priority of the 1082 VRRP instance if the interface goes down."; 1083 } 1084 } // interface 1085 } // interfaces 1087 container networks { 1088 description 1089 "Enables the backup Virtual Router Redundancy Protocol 1090 version 2 (VRRP) or version 3 (VRRPv3) router to track a 1091 specified network through the IP network prefix of that 1092 network."; 1093 list network { 1094 key "prefix"; 1095 description 1096 "Enables the specified Virtual Router Redundancy 1097 Protocol version 2 (VRRP) or version 3 (VRRPv3) 1098 instance to track an IP network."; 1100 leaf prefix { 1101 type inet:ipv6-prefix; 1102 description 1103 "The prefix of the network to track."; 1104 } 1106 leaf priority-decrement { 1107 type uint8 { 1108 range 1..254; 1109 } 1110 default 10; 1111 description 1112 "Specifies how much to decrement the priority of the 1113 backup VRRP router if there is a failure in the IP 1114 network."; 1115 } 1116 } // track-network 1117 } // track-networks 1118 } // track 1120 container virtual-ipv6-addresses { 1121 description 1122 "Configures the virtual IP address for the Virtual Router 1123 Redundancy Protocol (VRRP) interface."; 1124 list virtual-ipv6-address { 1125 key "ipv6-address"; 1126 max-elements 2; 1127 description 1128 "Two IPv6 addresses are allowed. The first one must be 1129 a link-local address and the second one can be a 1130 link-local or global address."; 1132 leaf ipv6-address { 1133 type inet:ipv6-address; 1134 description 1135 "Virtual IPv6 address."; 1136 } 1137 } // virtual-ipv6-address 1138 } // virtual-ipv6-addresses 1139 } // grouping vrrp-ipv6-attributes 1141 grouping vrrp-state-attributes { 1142 description 1143 "Group of VRRP state attributes."; 1145 leaf state { 1146 type identityref { 1147 base vrrp:vrrp-state-type; 1148 } 1149 description 1150 "Operational state."; 1151 } 1153 leaf is-owner { 1154 type boolean; 1155 description 1156 "Set to true if this virtual router is owner."; 1157 } 1159 leaf last-adv-source { 1160 type inet:ip-address; 1161 description 1162 "Last advertised IPv4/IPv6 source address"; 1163 } 1165 leaf up-datetime { 1166 type yang:date-and-time; 1167 description 1168 "The date and time when this virtual router 1169 transitioned out of init state."; 1170 } 1172 leaf master-down-interval { 1173 type uint32; 1174 units centiseconds; 1175 description 1176 "Time interval for backup virtual router to declare 1177 Master down."; 1178 } 1180 leaf skew-time { 1181 type uint32; 1182 units microseconds; 1183 description 1184 "Calculated based on the priority and advertisement 1185 interval configuration command parameters. See RFC 3768."; 1186 } 1188 leaf last-event { 1189 type identityref { 1190 base vrrp:vrrp-event-type; 1191 } 1192 description 1193 "Last reported event."; 1194 } 1196 leaf new-master-reason { 1197 type new-master-reason-type; 1198 description 1199 "Indicates the reason for the virtual router to transition 1200 to master state."; 1201 } 1203 container statistics { 1204 description 1205 "VRRP statistics."; 1207 leaf discontinuity-datetime { 1208 type yang:date-and-time; 1209 description 1210 "The time on the most recent occasion at which any one or 1211 more of the VRRP statistic counters suffered a 1212 discontinuity. If no such discontinuities have occurred 1213 since the last re-initialization of the local management 1214 subsystem, then this node contains the time that the 1215 local management subsystem re-initialized itself."; 1216 } 1218 leaf master-transitions { 1219 type yang:counter32; 1220 description 1221 "The total number of times that this virtual router's 1222 state has transitioned to master"; 1223 } 1225 leaf advertisement-recv { 1226 type yang:counter64; 1227 description 1228 "The total number of VRRP advertisements received by 1229 this virtual router."; 1230 } 1232 leaf advertisement-sent { 1233 type yang:counter64; 1234 description 1235 "The total number of VRRP advertisements sent by 1236 this virtual router."; 1237 } 1239 leaf interval-errors { 1240 if-feature validate-interval-errors; 1241 type yang:counter64; 1242 description 1243 "The total number of VRRP advertisement packets 1244 received with an advertisement interval 1245 different than the one configured for the local 1246 virtual router"; 1247 } 1249 leaf priority-zero-pkts-rcvd { 1250 type yang:counter64; 1251 description 1252 "The total number of VRRP packets received by the 1253 virtual router with a priority of 0."; 1254 } 1256 leaf priority-zero-pkts-sent { 1257 type yang:counter64; 1258 description 1259 "The total number of VRRP packets sent by the 1260 virtual router with a priority of 0."; 1261 } 1263 leaf invalid-type-pkts-rcvd { 1264 type yang:counter64; 1265 description 1266 "The number of VRRP packets received by the virtual 1267 router with an invalid value in the 'type' field."; 1268 } 1270 leaf address-list-errors { 1271 if-feature validate-address-list-errors; 1272 type yang:counter64; 1273 description 1274 "The total number of packets received with an 1275 address list that does not match the locally 1276 configured address list for the virtual router."; 1277 } 1279 leaf packet-length-errors { 1280 type yang:counter64; 1281 description 1282 "The total number of packets received with a packet 1283 length less than the length of the VRRP header."; 1284 } 1285 } // container statistics 1286 } // grouping vrrp-state-attributes 1288 grouping vrrp-global-state-attributes { 1289 description 1290 "Group of VRRP global state attributes."; 1292 leaf virtual-routers { 1293 type uint32; 1294 description "Number of configured virtual routers."; 1295 } 1297 leaf interfaces { 1298 type uint32; 1299 description "Number of interface with VRRP configured."; 1300 } 1302 container statistics { 1303 description 1304 "VRRP global statistics."; 1306 leaf discontinuity-datetime { 1307 type yang:date-and-time; 1308 description 1309 "The time on the most recent occasion at which one of 1310 checksum-errors, version-errors, vrid-errors, and 1311 ip-ttl-errors suffered a discontinuity. 1313 If no such discontinuities have occurred since the last 1314 re-initialization of the local management subsystem, 1315 then this node contains the time that the local management 1316 subsystem re-initialized itself."; 1317 } 1319 leaf checksum-errors { 1320 type yang:counter64; 1321 description 1322 "The total number of VRRP packets received with an invalid 1323 VRRP checksum value."; 1324 reference "RFC 5798, Section 5.2.8"; 1325 } 1327 leaf version-errors { 1328 type yang:counter64; 1329 description 1330 "The total number of VRRP packets received with an unknown 1331 or unsupported version number."; 1332 reference "RFC 5798, Section 5.2.1"; 1333 } 1335 leaf vrid-errors { 1336 type yang:counter64; 1337 description 1338 "The total number of VRRP packets received with a VRID that 1339 is not valid for any virtual router on this router."; 1340 reference "RFC 5798, Section 5.2.3"; 1341 } 1343 leaf ip-ttl-errors { 1344 type yang:counter64; 1345 description 1346 "The total number of VRRP packets received by the 1347 virtual router with IP TTL (Time-To-Live) not equal 1348 to 255."; 1349 reference "RFC 5798, Sections 5.1.1.3 and 5.1.2.3."; 1350 } 1351 } // statistics 1352 } // vrrp-global-state-attributes 1354 /* 1355 * Configuration data nodes 1356 */ 1358 augment "/if:interfaces/if:interface/ip:ipv4" { 1359 description "Augment IPv4 interface."; 1361 container vrrp { 1362 description 1363 "Configures the Virtual Router Redundancy Protocol (VRRP) 1364 version 2 or version 3 for IPv4."; 1366 list vrrp-instance { 1367 key vrid; 1368 description 1369 "Defines a virtual router, identified by a virtual router 1370 identifier (VRID), within IPv4 address space."; 1372 uses vrrp-ipv4-attributes; 1373 } 1374 } 1375 } // augment ipv4 1377 augment "/if:interfaces/if:interface/ip:ipv6" { 1378 description "Augment IPv6 interface."; 1380 container vrrp { 1381 description 1382 "Configures the Virtual Router Redundancy Protocol (VRRP) 1383 version 3 for IPv6."; 1385 list vrrp-instance { 1386 must "derived-from-or-self(version, 'vrrp-v3')" { 1387 description 1388 "IPv6 is only supported by version 3."; 1389 } 1390 key vrid; 1391 description 1392 "Defines a virtual router, identified by a virtual router 1393 identifier (VRID), within IPv6 address space."; 1395 uses vrrp-ipv6-attributes; 1396 } // list vrrp-instance 1397 } // container vrrp 1398 } // augment ipv6 1400 /* 1401 * Operational state data nodes 1402 */ 1404 augment "/if:interfaces-state/if:interface/ip:ipv4" { 1405 description "Augment IPv4 interface state."; 1407 container vrrp { 1408 description 1409 "State information for Virtual Router Redundancy Protocol 1410 (VRRP) version 2 for IPv4."; 1412 list vrrp-instance { 1413 key vrid; 1414 description 1415 "States of a virtual router, identified by a virtual router 1416 identifier (VRID), within IPv4 address space."; 1418 uses vrrp-ipv4-attributes; 1419 uses vrrp-state-attributes; 1420 } // list vrrp-instance 1421 } 1422 } 1424 augment "/if:interfaces-state/if:interface/ip:ipv6" { 1425 description "Augment IPv6 interface state."; 1427 container vrrp { 1428 description 1429 "State information of the Virtual Router Redundancy Protocol 1430 (VRRP) version 2 or version 3 for IPv6."; 1432 list vrrp-instance { 1433 key vrid; 1434 description 1435 "States of a virtual router, identified by a virtual router 1436 identifier (VRID), within IPv6 address space."; 1438 uses vrrp-ipv6-attributes; 1439 uses vrrp-state-attributes; 1440 } // list vrrp-instance 1441 } 1442 } 1444 augment "/if:interfaces-state" { 1445 description "Specify VRRP state data at the global level."; 1447 container vrrp-global { 1448 description 1449 "State information of the Virtual Router Redundancy Protocol 1450 (VRRP) at the global level"; 1452 uses vrrp-global-state-attributes; 1453 } 1454 } 1456 /* 1457 * Notifications 1458 */ 1460 notification vrrp-new-master-event { 1461 description 1462 "Notification event for a change of VRRP new master."; 1463 leaf master-ip-address { 1464 type inet:ip-address; 1465 mandatory "true"; 1466 description 1467 "IPv4 or IPv6 address of the new master."; 1468 } 1469 leaf new-master-reason { 1470 type new-master-reason-type; 1471 mandatory "true"; 1472 description 1473 "Indicates the reason for the virtual router to transition 1474 to master state."; 1475 } 1476 } 1478 notification vrrp-protocol-error-event { 1479 description 1480 "Notification event for a VRRP protocol error."; 1482 leaf protocol-error-reason { 1483 type identityref { 1484 base vrrp:vrrp-error-global; 1485 } 1486 mandatory "true"; 1487 description 1488 "Indicates the reason for the protocol error."; 1489 } 1490 } 1492 notification vrrp-virtual-router-error-event { 1493 description 1494 "Notification event for an error happened on a virtual 1495 router."; 1496 leaf interface { 1497 type if:interface-ref; 1498 mandatory "true"; 1499 description 1500 "Indicates the interface for which statistics area 1501 to be cleared."; 1502 } 1503 leaf ip-version { 1504 type enumeration { 1505 enum 4 { 1506 description "IPv4"; 1507 } 1508 enum 6 { 1509 description "IPv6"; 1510 } 1511 } 1512 mandatory "true"; 1513 description "Indicates the IP version."; 1514 } 1515 leaf vrid-v4 { 1516 type leafref { 1517 path "/if:interfaces/if:interface" 1518 + "[if:name = current()/../vrrp:interface]/ip:ipv4/" 1519 + "vrrp:vrrp/vrrp:vrrp-instance/vrrp:vrid"; 1520 } 1521 description 1522 "Indicates the virtual router on which the event has 1523 occurred."; 1524 } 1526 leaf vrid-v6 { 1527 type leafref { 1528 path "/if:interfaces/if:interface" 1529 + "[if:name = current()/../vrrp:interface]/ip:ipv6/" 1530 + "vrrp:vrrp/vrrp:vrrp-instance/vrrp:vrid"; 1531 } 1532 description 1533 "Indicates the virtual router on which the event has 1534 occurred."; 1535 } 1536 leaf virtual-router-error-reason { 1537 type identityref { 1538 base vrrp:vrrp-error-virtual-router; 1539 } 1540 mandatory "true"; 1541 description 1542 "Indicates the reason for the virtual router error."; 1543 } 1544 } 1545 } 1546 1548 5. IANA Considerations 1550 RFC Ed.: In this section, replace all occurrences of 'XXXX' with the 1551 actual RFC number (and remove this note). 1553 This document registers the following namespace URIs in the IETF XML 1554 registry [RFC3688]: 1556 -------------------------------------------------------------------- 1557 URI: urn:ietf:params:xml:ns:yang:ietf-vrrp 1558 Registrant Contact: The IESG. 1559 XML: N/A, the requested URI is an XML namespace. 1560 -------------------------------------------------------------------- 1562 This document registers the following YANG modules in the YANG Module 1563 Names registry [RFC7950]: 1565 -------------------------------------------------------------------- 1566 name: ietf-vrrp 1567 namespace: urn:ietf:params:xml:ns:yang:ietf-vrrp 1568 prefix: vrrp 1569 reference: RFC XXXX 1570 -------------------------------------------------------------------- 1572 6. Security Considerations 1574 The configuration, state, and action data defined in this document 1575 are designed to be accessed via a management protocol with a secure 1576 transport layer, such as NETCONF [RFC6241]. The NETCONF access 1577 control model [RFC6536] provides the means to restrict access for 1578 particular NETCONF users to a preconfigured subset of all available 1579 NETCONF protocol operations and content. 1581 A number of configuration data nodes defined in this document are 1582 writable/creatable/deletable (i.e., "config true" in YANG terms, 1583 which is the default). These data nodes may be considered sensitive 1584 or vulnerable in some network environments. Write operations to 1585 these data nodes, such as "edit-config" in NETCONF, can have negative 1586 effects on the network if the protocol operations are not properly 1587 protected. The vulnerable "config true" parameters and subtrees are 1588 the following: 1590 /if:interfaces/if:interface/ip:ipv4/vrrp:vrrp/vrrp:vrrp-instance 1592 /if:interfaces/if:interface/ip:ipv6/vrrp:vrrp/vrrp:vrrp-instance 1594 Unauthorized access to any node of these can adversely affect the 1595 routing subsystem of both the local device and the network. This may 1596 lead to network malfunctions, delivery of packets to inappropriate 1597 destinations, and other problems. 1599 7. References 1601 7.1. Normative References 1603 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1604 Requirement Levels", BCP 14, RFC 2119, 1605 DOI 10.17487/RFC2119, March 1997, 1606 . 1608 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1609 DOI 10.17487/RFC3688, January 2004, 1610 . 1612 [RFC3768] Hinden, R., Ed., "Virtual Router Redundancy Protocol 1613 (VRRP)", RFC 3768, DOI 10.17487/RFC3768, April 2004, 1614 . 1616 [RFC5798] Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP) 1617 Version 3 for IPv4 and IPv6", RFC 5798, 1618 DOI 10.17487/RFC5798, March 2010, 1619 . 1621 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1622 the Network Configuration Protocol (NETCONF)", RFC 6020, 1623 DOI 10.17487/RFC6020, October 2010, 1624 . 1626 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1627 and A. Bierman, Ed., "Network Configuration Protocol 1628 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1629 . 1631 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1632 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1633 . 1635 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1636 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1637 . 1639 [RFC7277] Bjorklund, M., "A YANG Data Model for IP Management", 1640 RFC 7277, DOI 10.17487/RFC7277, June 2014, 1641 . 1643 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1644 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1645 . 1647 [I-D.ietf-netconf-rfc5277bis] 1648 Clemm, A., Prieto, A., Voit, E., Nilsen-Nygaard, E., 1649 Tripathy, A., Chisholm, S., and H. Trevino, "Subscribing 1650 to Event Notifications", draft-ietf-netconf-rfc5277bis-01 1651 (work in progress), October 2016. 1653 [I-D.ietf-netconf-yang-push] 1654 Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen- 1655 Nygaard, E., Bierman, A., and B. Lengyel, "Subscribing to 1656 YANG datastore push updates", draft-ietf-netconf-yang- 1657 push-05 (work in progress), March 2017. 1659 7.2. Informative References 1661 [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG 1662 Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, 1663 January 2011, . 1665 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1666 Protocol (NETCONF) Access Control Model", RFC 6536, 1667 DOI 10.17487/RFC6536, March 2012, 1668 . 1670 [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", 1671 RFC 7951, DOI 10.17487/RFC7951, August 2016, 1672 . 1674 Appendix A. Data Tree Example 1676 This section contains an example of an instance data tree in the JSON 1677 encoding [RFC7951], containing both configuration and state data. 1679 Virtual router IP address: 10.0.0.1 1680 +-----------------+ +-----------------+ 1681 | | | | 1682 | Router 1.1.1.1 | | Router 1.1.1.2 | 1683 | | | | 1684 +--------+--------+ +--------+--------+ 1685 |eth0 |eth0 1686 |10.0.1.1 |10.0.2.1 1687 -------+--------------------------+------- 1688 | | 1689 |10.0.2.1 |10.0.2.2 1690 +--------+--------+ +--------+--------+ 1691 | Host 1 | | Host 2 | 1692 | Default gateway:| | Default gateway:| 1693 | 10.0.0.1 | | 10.0.0.1 | 1694 +-----------------+ +-----------------+ 1696 The instance data tree for Router 1.1.1.1 in the above figure could 1697 be as follows: 1699 { 1700 "ietf-interfaces:interfaces": { 1701 "interface": [ 1702 { 1703 "name": "eth1", 1704 "type": "iana-if-type:ethernetCsmacd", 1705 "description": "An interface with VRRP enabled.", 1706 "ietf-ip:ipv4": { 1707 "address": [ 1708 { 1709 "ip": "10.0.1.1", 1710 "prefix-length": 24 1711 } 1712 ], 1713 "forwarding": true, 1714 "ietf-vrrp:vrrp": { 1715 "vrrp-instance": [ 1716 { 1717 "vrid": 1, 1718 "version": "vrrp-v3", 1719 "priority": 200, 1720 "advertise-interval-centi-sec": 50, 1721 "virtual-ipv4-addresses": { 1722 "virtual-ipv4-address": [ 1723 "ipv4-address": "10.0.0.1" 1724 ] 1725 } 1726 } 1727 ] 1728 } 1729 } 1730 } 1731 ] 1732 }, 1733 "ietf-interfaces:interfaces-state": { 1734 "interface": [ 1735 { 1736 "name": "eth1", 1737 "type": "iana-if-type:ethernetCsmacd", 1738 "phys-address": "00:0C:42:E5:B1:E9", 1739 "oper-status": "up", 1740 "statistics": { 1741 "discontinuity-time": "2016-10-24T17:11:27+02:00" 1742 }, 1743 "ietf-ip:ipv4": { 1744 "forwarding": true, 1745 "mtu": 1500, 1746 "address": [ 1747 { 1748 "ip": "10.0.1.1", 1749 "prefix-length": 24 1750 } 1751 ] 1752 "ietf-vrrp:vrrp": { 1753 "vrrp-instance": [ 1754 { 1755 "vrid": 1, 1756 "version": "vrrp-v3", 1757 "log-state-change": false, 1758 "preempt": { 1759 "enabled": true, 1760 "hold-time": 0 1761 } 1762 "priority": 200, 1763 "accept-mode": false, 1764 "advertise-interval-centi-sec": 50, 1765 "virtual-ipv4-addresses": { 1766 "virtual-ipv4-address": [ 1767 "ipv4-address": "10.0.0.1" 1768 ] 1769 }, 1770 "state": "master", 1771 "is-owner": false, 1772 "last-adv-source": "10.1.1.1", 1773 "up-datetime": "2016-10-24T17:11:27+02:00", 1774 "master-down-interval": 161, 1775 "skew-time": 11, 1776 "last-event": "vrrp-event-interface-up", 1777 "new-master-reason": "priority", 1778 "statistics": { 1779 "discontinuity-datetime": 1780 "2016-10-24T17:11:27+02:00", 1781 "master-transitions": 2, 1782 "advertisement-recv": 20, 1783 "advertisement-sent": 12, 1784 "interval-errors": 0, 1785 "priority-zero-pkts-rcvd": 0, 1786 "priority-zero-pkts-sent": 0, 1787 "invalid-type-pkts-rcvd": 0, 1788 "address-list-errors": 0, 1789 "packet-length-errors": 1 1790 } 1791 } 1792 ] 1793 } 1794 } 1795 } 1796 ], 1797 "vrrp-global": { 1798 "virtual-routers": 3, 1799 "interfaces": 2, 1800 "statistics": { 1801 "discontinuity-datetime": "2016-10-24T17:11:27+02:00", 1802 "checksum-errors": 2, 1803 "version-errors": 0, 1804 "vrid-errors": 0, 1805 "ip-ttl-errors": 1 1806 } 1807 } 1808 } 1809 } 1811 Authors' Addresses 1812 Xufeng Liu (editor) 1813 Jabil 1814 8281 Greensboro Drive, Suite 200 1815 McLean VA 22102 1816 USA 1818 EMail: Xufeng_Liu@jabil.com 1820 Athanasios Kyparlis 1821 Jabil 1822 8281 Greensboro Drive, Suite 200 1823 McLean VA 22102 1824 USA 1826 EMail: Athanasios_Kyparlis@jabil.com 1828 Ravi Parikh 1829 VMware 1830 3425 Hillview Avenue 1831 Palo Alto CA 94304 1832 USA 1834 EMail: parikhr@vmware.com 1836 Acee Lindem 1837 Cisco Systems 1838 301 Midenhall Way 1839 Cary NC 27513 1840 USA 1842 EMail: acee@cisco.com 1844 Mingui Zhang 1845 Huawei Technologies 1846 No. 156 Beiqing Rd. Haidian District 1847 Beijing 100095 1848 P.R. China 1850 EMail: zhangmingui@huawei.com