idnits 2.17.1 draft-ietf-rtgwg-yang-vrrp-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 210 has weird spacing: '...address ine...' == Line 228 has weird spacing: '...address ine...' == Line 273 has weird spacing: '...address ine...' == Line 314 has weird spacing: '...address ine...' == Line 366 has weird spacing: '...address ine...' == (13 more instances...) -- The document date (February 22, 2018) is 2248 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2787 (Obsoleted by RFC 6527) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) -- Obsolete informational reference (is this intentional?): RFC 3768 (Obsoleted by RFC 5798) == Outdated reference: A later version (-26) exists of draft-ietf-netconf-subscribed-notifications-09 == Outdated reference: A later version (-25) exists of draft-ietf-netconf-yang-push-14 == Outdated reference: A later version (-20) exists of draft-ietf-netmod-rfc6087bis-17 Summary: 3 errors (**), 0 flaws (~~), 10 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group X. Liu, Ed. 3 Internet-Draft A. Kyparlis 4 Intended status: Standards Track Jabil 5 Expires: August 26, 2018 R. Parikh 6 VMware 7 A. Lindem 8 Cisco Systems 9 M. Zhang 10 Huawei Technologies 11 February 22, 2018 13 A YANG Data Model for Virtual Router Redundancy Protocol (VRRP) 14 draft-ietf-rtgwg-yang-vrrp-11 16 Abstract 18 This document describes a data model for Virtual Router Redundancy 19 Protocol (VRRP). Both version 2 and version 3 of VRRP are covered. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on August 26, 2018. 38 Copyright Notice 40 Copyright (c) 2018 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 57 1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 58 1.3. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 59 2. Design of the Data Model . . . . . . . . . . . . . . . . . . 3 60 2.1. Scope of the Model . . . . . . . . . . . . . . . . . . . 3 61 2.2. Relations with Interface Model and IP Model . . . . . . . 4 62 2.3. Protocol Configuration . . . . . . . . . . . . . . . . . 5 63 2.4. Protocol States . . . . . . . . . . . . . . . . . . . . . 6 64 2.5. Notifications . . . . . . . . . . . . . . . . . . . . . . 8 65 3. Tree Structure . . . . . . . . . . . . . . . . . . . . . . . 10 66 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 12 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 68 6. Security Considerations . . . . . . . . . . . . . . . . . . . 35 69 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 70 7.1. Normative References . . . . . . . . . . . . . . . . . . 36 71 7.2. Informative References . . . . . . . . . . . . . . . . . 38 72 Appendix A. Data Tree Example . . . . . . . . . . . . . . . . . 39 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42 75 1. Introduction 77 This document introduces a YANG [RFC6020][RFC7950] data model for 78 Virtual Router Redundancy Protocol (VRRP) [RFC3768] [RFC5798]. VRRP 79 provides higher resiliency by specifying an election protocol that 80 dynamically assigns responsibility for a virtual router to one of the 81 VRRP routers on a LAN. 83 This YANG model supports both version 2 and version 3 of VRRP. VRRP 84 version 2 defined in [RFC3768] supports IPv4. VRRP version 3 defined 85 in [RFC5798] supports both IPv4 and IPv6. 87 1.1. Terminology 89 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 90 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 91 document are to be interpreted as described in [RFC2119]. 93 The following terms are defined in [RFC7950] and are not redefined 94 here: 96 o augment 97 o data model 99 o data node 101 1.2. Tree Diagrams 103 A simplified graphical representation of the data model is used in 104 this document. The meaning of the symbols in these diagrams is 105 defined in [I-D.ietf-netmod-yang-tree-diagrams]. 107 1.3. Prefixes in Data Node Names 109 In this document, names of data nodes, actions, and other data model 110 objects are often used without a prefix, as long as it is clear from 111 the context in which YANG module each name is defined. Otherwise, 112 names are prefixed using the standard prefix associated with the 113 corresponding YANG module, as shown in Table 1. 115 +--------+-----------------+------------------------------+ 116 | Prefix | YANG module | Reference | 117 +--------+-----------------+------------------------------+ 118 | yang | ietf-yang-types | [RFC6991] | 119 | inet | ietf-inet-types | [RFC6991] | 120 | if | ietf-interfaces | [I-D.ietf-netmod-rfc7223bis] | 121 | ip | ietf-ip | [I-D.ietf-netmod-rfc7277bis] | 122 +--------+-----------------+------------------------------+ 124 Table 1: Prefixes and Corresponding YANG Modules 126 2. Design of the Data Model 128 2.1. Scope of the Model 130 The model covers VRRP version 2 [RFC3768] and VRRP version 3 131 [RFC5798] protocols. The model is designed to be implemented on a 132 device where VRRP version 2 or version 3 is implemented. With the 133 help of a proper management protocol, the defined model can be used 134 to: 136 o Configure the VRRP version 2 or version 3 protocol. 138 o Manage the protocol operational behavior. 140 o Retrieve the protocol operational status. 142 o Receive the protocol notifications. 144 2.2. Relations with Interface Model and IP Model 146 This model augments the interface data model "ietf-interfaces" 147 [I-D.ietf-netmod-rfc7223bis] and the IP management model "ietf-ip" 148 [I-D.ietf-netmod-rfc7277bis]. The augmentation relations are shown 149 as follows: 151 module: ietf-interfaces 152 +--rw interfaces 153 +--rw interface* [name] 154 ... 155 +--rw ip:ipv4! 156 | +--rw ip:address* [ip] 157 ... 158 | +--rw vrrp:vrrp 159 | +--rw vrrp:vrrp-instance* [vrid] 160 | +--rw vrrp:vrid uint8 161 | +--rw vrrp:virtual-ipv4-addresses 162 ... 163 +--rw ip:ipv6! 164 +--rw ip:address* [ip] 165 ... 166 +--rw vrrp:vrrp 167 +--rw vrrp:vrrp-instance* [vrid] 168 +--rw vrrp:vrid uint8 169 +--rw vrrp:virtual-ipv6-addresses 170 ... 172 In the above figure, a tree node without a prefix is from the model 173 "ietf-interfaces". A tree node with prefix "ip:" is from the model 174 "ietf-ip". A tree node with prefix "vrrp:" is from the VRRP model 175 specified in this document. 177 The "vrrp" container contains a list of vrrp-instance nodes, which 178 are instantiated under an interface for a specified address family 179 (IPv4 or IPv6). 181 Each vrrp-instance node represents a VRRP router state machine 182 described in Section 6.4 of [RFC5798], providing the configuration 183 and state information for the election process of a virtual router. 184 The IP addresses on the augmented interface are the real addresses 185 through which the VRRP router operates. The IPv4 or IPv6 address(es) 186 associated with a virtual router (described in Section 1 of 187 [RFC5798]) are modeled as a list of IPv4 or IPv6 addresses under the 188 vrrp-instance. 190 2.3. Protocol Configuration 192 The model structure for the protocol configuration is as shown below: 194 augment /if:interfaces/if:interface/ip:ipv4: 195 +--rw vrrp 196 +--rw vrrp-instance* [vrid] 197 +--rw vrid uint8 198 | ... 199 +--rw track 200 | +--rw interfaces 201 | | +--rw interface* [interface] 202 | | +--rw interface if:interface-ref 203 | | ... 204 | +--rw networks 205 | +--rw network* [prefix] 206 | +--rw prefix inet:ipv4-prefix 207 | ... 208 +--rw virtual-ipv4-addresses 209 +--rw virtual-ipv4-address* [ipv4-address] 210 +--rw ipv4-address inet:ipv4-address 212 augment /if:interfaces/if:interface/ip:ipv6: 213 +--rw vrrp 214 +--rw vrrp-instance* [vrid] 215 +--rw vrid uint8 216 | ... 217 +--rw track 218 | +--rw interfaces 219 | | +--rw interface* [interface] 220 | | +--rw interface if:interface-ref 221 | | ... 222 | +--rw networks 223 | +--rw network* [prefix] 224 | +--rw prefix inet:ipv6-prefix 225 | ... 226 +--rw virtual-ipv6-addresses 227 +--rw virtual-ipv6-address* [ipv6-address] 228 +--rw ipv6-address inet:ipv6-address 230 The model allows to configure the following protocol entities: 232 o VRRP instance (version 2 or version 3), representing a VRRP 233 router. 235 o Virtual IPv4 or IPv6 address associated with a virtual router. 237 o Tracking interface, to detect interface connectivity failures. 239 o Tracking network, to detect interface connectivity failures. 241 2.4. Protocol States 243 The model structure for the protocol states is as shown below: 245 module: ietf-vrrp 246 +--ro vrrp 247 | // global operational states 248 +--ro virtual-routers? uint32 249 +--ro interfaces? uint32 250 +--ro statistics // global statistics 251 +--ro discontinuity-datetime? yang:date-and-time 252 +--ro checksum-errors? yang:counter64 253 +--ro version-errors? yang:counter64 254 +--ro vrid-errors? yang:counter64 255 +--ro ip-ttl-errors? yang:counter64 257 augment /if:interfaces/if:interface/ip:ipv4: 258 +--rw vrrp 259 +--rw vrrp-instance* [vrid] 260 +--rw vrid uint8 261 | ... 262 +--rw track 263 | +--rw interfaces 264 | | +--rw interface* [interface] 265 | | +--rw interface if:interface-ref 266 | | ... 267 | +--rw networks 268 | +--rw network* [prefix] 269 | +--rw prefix inet:ipv4-prefix 270 | ... 271 +--rw virtual-ipv4-addresses 272 | +--rw virtual-ipv4-address* [ipv4-address] 273 | +--rw ipv4-address inet:ipv4-address 274 | 275 | // per instance operational states 276 +--ro state? identityref 277 +--ro is-owner? boolean 278 +--ro last-adv-source? inet:ip-address 279 +--ro up-datetime? yang:date-and-time 280 +--ro master-down-interval? uint32 281 +--ro skew-time? uint32 282 +--ro last-event? identityref 283 +--ro new-master-reason? new-master-reason-type 284 +--ro statistics // per instance statistics 285 +--ro discontinuity-datetime? yang:date-and-time 286 +--ro master-transitions? yang:counter32 287 +--ro advertisement-recv? yang:counter64 288 +--ro advertisement-sent? yang:counter64 289 +--ro interval-errors? yang:counter64 290 | {validate-interval-errors}? 291 +--ro priority-zero-pkts-rcvd? yang:counter64 292 +--ro priority-zero-pkts-sent? yang:counter64 293 +--ro invalid-type-pkts-rcvd? yang:counter64 294 +--ro address-list-errors? yang:counter64 295 | {validate-address-list-errors}? 296 +--ro packet-length-errors? yang:counter64 298 augment /if:interfaces/if:interface/ip:ipv6: 299 +--rw vrrp 300 +--rw vrrp-instance* [vrid] 301 +--rw vrid uint8 302 + ... 303 +--rw track 304 | +--rw interfaces 305 | | +--rw interface* [interface] 306 | | +--rw interface if:interface-ref 307 | | ... 308 | +--rw networks 309 | +--rw network* [prefix] 310 | +--rw prefix inet:ipv6-prefix 311 | ... 312 +--rw virtual-ipv6-addresses 313 | +--rw virtual-ipv6-address* [ipv6-address] 314 | +--rw ipv6-address inet:ipv6-address 315 | 316 | // per instance operational states 317 +--ro state? identityref 318 +--ro is-owner? boolean 319 +--ro last-adv-source? inet:ip-address 320 +--ro up-datetime? yang:date-and-time 321 +--ro master-down-interval? uint32 322 +--ro skew-time? uint32 323 +--ro last-event? identityref 324 +--ro new-master-reason? new-master-reason-type 325 +--ro statistics // per instance statistics 326 +--ro discontinuity-datetime? yang:date-and-time 327 +--ro master-transitions? yang:counter32 328 +--ro advertisement-recv? yang:counter64 329 +--ro advertisement-sent? yang:counter64 330 +--ro interval-errors? yang:counter64 331 | {validate-interval-errors}? 332 +--ro priority-zero-pkts-rcvd? yang:counter64 333 +--ro priority-zero-pkts-sent? yang:counter64 334 +--ro invalid-type-pkts-rcvd? yang:counter64 335 +--ro address-list-errors? yang:counter64 336 | {validate-address-list-errors}? 337 +--ro packet-length-errors? yang:counter64 339 This model conforms to the Network Management Datastore Architecture 340 (NMDA) [I-D.ietf-netmod-revised-datastores]. The operational state 341 data is combined with the associated configuration data in the same 342 hierarchy [I-D.ietf-netmod-rfc6087bis]. When protocol states are 343 retrieved from the NMDA operational state datastore, the returned 344 states cover all "config true" (rw) and "config false" (ro) nodes 345 defined in the schema. 347 The model allows to retrieve protocol states at the following levels: 349 o VRRP instance (version 2 or version 3), representing a VRRP 350 router. 352 o Virtual IPv4 or IPv6 address associated with a virtual router. 354 o Tracking interface, to detect interface connectivity failures. 356 o Tracking network, to detect interface connectivity failures. 358 o Global states and statistics summarizing all instances. 360 2.5. Notifications 362 This model defines the following VRRP specific notifications: 364 notifications: 365 +---n vrrp-new-master-event 366 | +--ro master-ip-address inet:ip-address 367 | +--ro new-master-reason new-master-reason-type 368 +---n vrrp-protocol-error-event 369 | +--ro protocol-error-reason identityref 370 +---n vrrp-virtual-router-error-event 371 +--ro interface if:interface-ref 372 +--ro (ip-version) 373 | +--:(ipv4) 374 | | +--ro ipv4 375 | | +--ro vrid leafref 376 | +--:(ipv6) 377 | +--ro ipv6 378 | +--ro vrid leafref 379 +--ro virtual-router-error-reason identityref 381 Each notification type is used to indicate a type of VRRP state 382 changes or error occurances: 384 vrrp-new-master-event 385 VRRP new master event, indicating that a new master has been 386 elected. 388 vrrp-protocol-error-event 389 VRRP protocol error event for a message that fails to reach a VRRP 390 instance to be processed. 392 vrrp-virtual-router-error-event 393 VRRP virtual router error event for a message processed on a VRRP 394 instance. 396 In addition to the notifications specified above, the mechanism 397 defined in [I-D.ietf-netconf-subscribed-notifications] and 398 [I-D.ietf-netconf-yang-push] can be used for other general 399 notifications. This mechanism currently allows the user to: 401 o Subscribe notifications on a per client basis. 403 o Specify subtree filters or xpath filters so that only interested 404 contents will be sent. 406 o Specify either periodic or on-demand notifications. 408 3. Tree Structure 410 The VRRP YANG data model defined in this document has the following 411 tree structure: 413 module: ietf-vrrp 414 +--ro vrrp 415 +--ro virtual-routers? uint32 416 +--ro interfaces? uint32 417 +--ro statistics 418 +--ro discontinuity-datetime? yang:date-and-time 419 +--ro checksum-errors? yang:counter64 420 +--ro version-errors? yang:counter64 421 +--ro vrid-errors? yang:counter64 422 +--ro ip-ttl-errors? yang:counter64 423 augment /if:interfaces/if:interface/ip:ipv4: 424 +--rw vrrp 425 +--rw vrrp-instance* [vrid] 426 +--rw vrid uint8 427 +--rw version identityref 428 +--rw log-state-change? boolean 429 +--rw preempt 430 | +--rw enabled? boolean 431 | +--rw hold-time? uint16 432 +--rw priority? uint8 433 +--rw accept-mode? boolean 434 +--rw (advertise-interval-choice)? 435 | +--:(v2) 436 | | +--rw advertise-interval-sec? uint8 437 | +--:(v3) 438 | +--rw advertise-interval-centi-sec? uint16 439 +--rw track 440 | +--rw interfaces 441 | | +--rw interface* [interface] 442 | | +--rw interface if:interface-ref 443 | | +--rw priority-decrement? uint8 444 | +--rw networks 445 | +--rw network* [prefix] 446 | +--rw prefix inet:ipv4-prefix 447 | +--rw priority-decrement? uint8 448 +--rw virtual-ipv4-addresses 449 | +--rw virtual-ipv4-address* [ipv4-address] 450 | +--rw ipv4-address inet:ipv4-address 451 +--ro state? identityref 452 +--ro is-owner? boolean 453 +--ro last-adv-source? inet:ip-address 454 +--ro up-datetime? yang:date-and-time 455 +--ro master-down-interval? uint32 456 +--ro skew-time? uint32 457 +--ro last-event? identityref 458 +--ro new-master-reason? 459 new-master-reason-type 460 +--ro statistics 461 +--ro discontinuity-datetime? yang:date-and-time 462 +--ro master-transitions? yang:counter32 463 +--ro advertisement-recv? yang:counter64 464 +--ro advertisement-sent? yang:counter64 465 +--ro interval-errors? yang:counter64 466 | {validate-interval-errors}? 467 +--ro priority-zero-pkts-rcvd? yang:counter64 468 +--ro priority-zero-pkts-sent? yang:counter64 469 +--ro invalid-type-pkts-rcvd? yang:counter64 470 +--ro address-list-errors? yang:counter64 471 | {validate-address-list-errors}? 472 +--ro packet-length-errors? yang:counter64 473 augment /if:interfaces/if:interface/ip:ipv6: 474 +--rw vrrp 475 +--rw vrrp-instance* [vrid] 476 +--rw vrid uint8 477 +--rw version identityref 478 +--rw log-state-change? boolean 479 +--rw preempt 480 | +--rw enabled? boolean 481 | +--rw hold-time? uint16 482 +--rw priority? uint8 483 +--rw accept-mode? boolean 484 +--rw advertise-interval-centi-sec? uint16 485 +--rw track 486 | +--rw interfaces 487 | | +--rw interface* [interface] 488 | | +--rw interface if:interface-ref 489 | | +--rw priority-decrement? uint8 490 | +--rw networks 491 | +--rw network* [prefix] 492 | +--rw prefix inet:ipv6-prefix 493 | +--rw priority-decrement? uint8 494 +--rw virtual-ipv6-addresses 495 | +--rw virtual-ipv6-address* [ipv6-address] 496 | +--rw ipv6-address inet:ipv6-address 497 +--ro state? identityref 498 +--ro is-owner? boolean 499 +--ro last-adv-source? inet:ip-address 500 +--ro up-datetime? yang:date-and-time 501 +--ro master-down-interval? uint32 502 +--ro skew-time? uint32 503 +--ro last-event? identityref 504 +--ro new-master-reason? 505 new-master-reason-type 506 +--ro statistics 507 +--ro discontinuity-datetime? yang:date-and-time 508 +--ro master-transitions? yang:counter32 509 +--ro advertisement-recv? yang:counter64 510 +--ro advertisement-sent? yang:counter64 511 +--ro interval-errors? yang:counter64 512 | {validate-interval-errors}? 513 +--ro priority-zero-pkts-rcvd? yang:counter64 514 +--ro priority-zero-pkts-sent? yang:counter64 515 +--ro invalid-type-pkts-rcvd? yang:counter64 516 +--ro address-list-errors? yang:counter64 517 | {validate-address-list-errors}? 518 +--ro packet-length-errors? yang:counter64 520 notifications: 521 +---n vrrp-new-master-event 522 | +--ro master-ip-address inet:ip-address 523 | +--ro new-master-reason new-master-reason-type 524 +---n vrrp-protocol-error-event 525 | +--ro protocol-error-reason identityref 526 +---n vrrp-virtual-router-error-event 527 +--ro interface if:interface-ref 528 +--ro (ip-version) 529 | +--:(ipv4) 530 | | +--ro ipv4 531 | | +--ro vrid leafref 532 | +--:(ipv6) 533 | +--ro ipv6 534 | +--ro vrid leafref 535 +--ro virtual-router-error-reason identityref 537 4. YANG Module 539 This module references [RFC2787], [RFC3768], [RFC5798] and [RFC6527]. 541 file "ietf-vrrp@2018-01-09.yang" 542 module ietf-vrrp { 543 yang-version 1.1; 544 namespace "urn:ietf:params:xml:ns:yang:ietf-vrrp"; 545 prefix "vrrp"; 547 import ietf-inet-types { 548 prefix "inet"; 549 } 550 import ietf-yang-types { 551 prefix "yang"; 552 } 554 import ietf-interfaces { 555 prefix "if"; 556 } 558 import ietf-ip { 559 prefix "ip"; 560 } 562 organization 563 "IETF Routing Area Working Group (RTGWG)"; 564 contact 565 "WG Web: 566 WG List: 568 Editor: Xufeng Liu 569 571 Editor: Athanasios Kyparlis 572 574 Editor: Ravi Parikh 575 577 Editor: Acee Lindem 578 580 Editor: Mingui Zhang 581 "; 583 description 584 "This YANG module defines a model for managing Virtual Router 585 Redundancy Protocol (VRRP) version 2 and version 3. 587 Copyright (c) 2018 IETF Trust and the persons identified as 588 authors of the code. All rights reserved. 590 Redistribution and use in source and binary forms, with or 591 without modification, is permitted pursuant to, and subject to 592 the license terms contained in, the Simplified BSD License set 593 forth in Section 4.c of the IETF Trust's Legal Provisions 594 Relating to IETF Documents 595 (http://trustee.ietf.org/license-info). 597 This version of this YANG module is part of RFC XXXX; see the 598 RFC itself for full legal notices."; 600 revision 2018-01-09 { 601 description "Initial revision"; 602 reference 603 "RFC XXXX: A YANG Data Model for Virtual Router Redundancy 604 Protocol (VRRP). 605 RFC 2787: Definitions of Managed Objects for the Virtual 606 Router Redundancy Protocol. 607 RFC 3768: Virtual Router Redundancy Protocol (VRRP). 608 RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3. 609 RFC 6527: Definitions of Managed Objects for the Virtual 610 Router Redundancy Protocol Version 3 (VRRPv3)."; 611 } 613 /* 614 * Features 615 */ 617 feature validate-interval-errors { 618 description 619 "This feature indicates that the system validates that 620 the advertisement interval from advertisement packets 621 received is the same as the one configured for the local 622 VRRP router."; 623 } 625 feature validate-address-list-errors { 626 description 627 "This feature indicates that the system validates that 628 the address list from received packets matches the 629 locally configured list for the VRRP router."; 630 } 632 /* 633 * Typedefs 634 */ 636 typedef new-master-reason-type { 637 type enumeration { 638 enum not-master { 639 description 640 "The virtual router has never transitioned to master 641 state,"; 642 } 643 enum priority { 644 description "Priority was higher."; 645 } 646 enum preempted { 647 description "The master was preempted."; 648 } 649 enum no-response { 650 description "Previous master did not respond."; 651 } 652 } 653 description 654 "The reason for the virtual router to transition to master 655 state."; 656 } // new-master-reason-type 658 /* 659 * Identities 660 */ 662 /* vrrp-event-type identity and its derivatives. */ 663 identity vrrp-event-type { 664 description 665 "The type to indicate the type of a VRRP protocol event."; 666 } 667 identity vrrp-event-none { 668 base vrrp-event-type; 669 description 670 "Indicates a non-meaningful event."; 671 } 672 identity vrrp-event-startup { 673 base vrrp-event-type; 674 description 675 "Indicates that a VRRP router has initiated the protocol."; 676 } 677 identity vrrp-event-shutdown { 678 base vrrp-event-type; 679 description 680 "Indicates that a VRRP router has closed down the protocol."; 681 } 682 identity vrrp-event-higher-priority-backup { 683 base vrrp-event-type; 684 description 685 "Indicates that a backup router has a higher priority than 686 the current master."; 687 } 688 identity vrrp-event-master-timeout { 689 base vrrp-event-type; 690 description 691 "Indicates that the current master has not sent an 692 advertisement within the limit of master-down-interval."; 693 } 694 identity vrrp-event-interface-up { 695 base vrrp-event-type; 696 description 697 "Indicates that the VRRP enabled interface has become 698 operational up."; 699 } 700 identity vrrp-event-interface-down { 701 base vrrp-event-type; 702 description 703 "Indicates that the VRRP enabled interface has become 704 operational down."; 705 } 706 identity vrrp-event-no-primary-ip-address { 707 base vrrp-event-type; 708 description 709 "Indicates that the primary IP address on the VRRP enabled 710 interface has become unavailable."; 711 } 712 identity vrrp-event-primary-ip-address { 713 base vrrp-event-type; 714 description 715 "Indicates that the primary IP address on the VRRP enabled 716 interface has become available."; 717 } 718 identity vrrp-event-no-virtual-ip-addresses { 719 base vrrp-event-type; 720 description 721 "Indicates that there are no virtual IP addresses on the 722 virtual router."; 723 } 724 identity vrrp-event-virtual-ip-addresses { 725 base vrrp-event-type; 726 description 727 "Indicates that there are virtual IP addresses on the 728 virtual router."; 729 } 730 identity vrrp-event-preempt-hold-timeout { 731 base vrrp-event-type; 732 description 733 "Indicates that the configured preemption hold time has 734 passed."; 735 } 736 identity vrrp-event-lower-priority-master { 737 base vrrp-event-type; 738 description 739 "Indicates that there is a lower priority VRRP master."; 740 } 741 identity vrrp-event-owner-preempt { 742 base vrrp-event-type; 743 description 744 "Indicates that the owner has preempted another router to 745 become the master."; 746 } 748 /* vrrp-error-global identity and its derivatives. */ 749 identity vrrp-error-global { 750 description 751 "The type to indicate the type of a VRRP error that occurs 752 for a packet before it reaches a VRRP router."; 753 } 754 identity checksum-error { 755 base vrrp-error-global; 756 description 757 "A packet has been received with an invalid VRRP checksum 758 value."; 759 } 760 identity ip-ttl-error { 761 base vrrp-error-global; 762 description 763 "A packet has been received with IP TTL (Time-To-Live) 764 not equal to 255."; 765 } 766 identity version-error { 767 base vrrp-error-global; 768 description 769 "A packet has been received with an unknown or unsupported 770 version number."; 771 } 772 identity vrid-error { 773 base vrrp-error-global; 774 description 775 "A packet has been received with a VRID that is not valid 776 for any virtual router on this router."; 777 } 779 /* vrrp-error-virtual-router identity and its derivatives. */ 780 identity vrrp-error-virtual-router { 781 description 782 "The type to indicate the type of a VRRP error that occurs 783 after a packet reaches a VRRP router."; 784 } 785 identity address-list-error { 786 base vrrp-error-virtual-router; 787 description 788 "A packet has been received with an address list that 789 does not match the locally configured address list for 790 the virtual router."; 791 } 792 identity interval-error { 793 base vrrp-error-virtual-router; 794 description 795 "A packet has been received with an advertisement 796 interval different than the one configured for the local 797 virtual router"; 798 } 799 identity packet-length-error { 800 base vrrp-error-virtual-router; 801 description 802 "A packet has been received with a packet length less 803 than the length of the VRRP header."; 804 } 806 /* vrrp-state-type identity and its derivatives. */ 807 identity vrrp-state-type { 808 description 809 "The type to indicate the state of a virtual router."; 810 } 811 identity initialize { 812 base vrrp-state-type; 813 description 814 "Indicates that the virtual router is waiting 815 for a startup event."; 816 } 817 identity backup { 818 base vrrp-state-type; 819 description 820 "Indicates that the virtual router is monitoring the 821 availability of the master router."; 822 } 823 identity master { 824 base vrrp-state-type; 825 description 826 "Indicates that the virtual router is forwarding 827 packets for IP addresses that are associated with 828 this virtual router."; 829 } 831 /* vrrp-version identity and its derivatives. */ 832 identity vrrp-version { 833 description 834 "The version of the VRRP protocol."; 835 } 836 identity vrrp-v2 { 837 base vrrp-version; 838 description 839 "Indicates version 2 of the VRRP protocol."; 840 } 841 identity vrrp-v3 { 842 base vrrp-version; 843 description 844 "Indicates version 3 of the VRRP protocol."; 845 } 847 /* 848 * Groupings 849 */ 851 grouping vrrp-common-attributes { 852 description 853 "Group of VRRP attributes common to version 2 and version 3"; 855 leaf vrid { 856 type uint8 { 857 range 1..255; 858 } 859 description "Virtual router ID."; 860 } 862 leaf version { 863 type identityref { 864 base vrrp:vrrp-version; 865 } 866 mandatory true; 867 description "Version 2 or version 3 of VRRP."; 868 } 870 leaf log-state-change { 871 type boolean; 872 default "false"; 873 description 874 "Generates VRRP state change messages each time the VRRP 875 instance changes state (from up to down or down to up)."; 876 } 878 container preempt { 879 description 880 "Enables a higher priority Virtual Router Redundancy 881 Protocol (VRRP) backup router to preempt a lower priority 882 VRRP master."; 883 leaf enabled { 884 type boolean; 885 default "true"; 886 description 887 "'true' if preemption is enabled."; 888 } 889 leaf hold-time { 890 type uint16; 891 units seconds; 892 default 0; 893 description 894 "Hold time, in seconds, for which a higher priority VRRP 895 backup router must wait before preempting a lower priority 896 VRRP master."; 897 } 898 } 900 leaf priority { 901 type uint8 { 902 range 1..254; 903 } 904 default 100; 905 description 906 "Configures the Virtual Router Redundancy Protocol (VRRP) 907 election priority for the backup virtual router."; 908 } 910 leaf accept-mode { 911 when "derived-from-or-self(current()/../version, 'vrrp-v3')" { 912 description "Applicable only to version 3."; 913 } 914 type boolean; 915 default "false"; 916 description 917 "Controls whether a virtual router in Master state will 918 accept packets addressed to the address owner's IPvX address 919 as its own if it is not the IPvX address owner. The default 920 is false. Deployments that rely on, for example, pinging the 921 address owner's IPvX address may wish to configure 922 accept-mode to true. 924 Note: IPv6 Neighbor Solicitations and Neighbor 925 Advertisements MUST NOT be dropped when accept-mode is 926 false."; 927 } 928 } // vrrp-common-attributes 930 grouping vrrp-ipv4-attributes { 931 description 932 "Group of VRRP attributes for IPv4."; 934 uses vrrp-common-attributes; 936 choice advertise-interval-choice { 937 description 938 "The options for the advertisement interval at which VRRPv2 939 or VRRPv3 advertisements are sent from the specified 940 interface."; 942 case v2 { 943 when "derived-from-or-self(version, 'vrrp-v2')" { 944 description "Applicable only to version 2."; 945 } 946 leaf advertise-interval-sec { 947 type uint8 { 948 range 1..254; 949 } 950 units seconds; 951 default 1; 952 description 953 "Configures the interval that Virtual Router 954 Redundancy Protocol Version 2 (VRRPv2) advertisements 955 are sent from the specified interface."; 956 } 957 } 959 case v3 { 960 when "derived-from-or-self(version, 'vrrp-v3')" { 961 description "Applicable only to version 3."; 962 } 963 leaf advertise-interval-centi-sec { 964 type uint16 { 965 range 1..4095; 966 } 967 units centiseconds; 968 default 100; 969 description 970 "Configures the interval that Virtual Router 971 Redundancy Protocol version 3 (VRRPv3) advertisements 972 are sent from the specified interface."; 973 } 974 } 975 } // advertise-interval-choice 977 container track { 978 description 979 "Enables the specified VRRP instance to track interfaces 980 or networks."; 981 container interfaces { 982 description 983 "Enables the specified Virtual Router Redundancy Protocol 984 version 2 (VRRP) or version 3 (VRRPv3) instance to track 985 interfaces. 986 Interface tracking prevents traffic loss by detecting the 987 availability of interfaces. The operational states of 988 other interfaces are associated with the priority of a 989 VRRP router. When a tracked interface becomes unavailable 990 (or operational down), the priority of the backup router 991 decrements. When an unavailable interface becomes 992 available again, the priority of the backup VRRP router is 993 incremented by the same amount."; 995 list interface { 996 key "interface"; 997 description 998 "Interface to track."; 1000 leaf interface { 1001 type if:interface-ref; 1002 must "/if:interfaces/if:interface[if:name=current()]/" 1003 + "ip:ipv4" { 1004 description "Interface is IPv4."; 1005 } 1006 description 1007 "Interface to track."; 1008 } 1010 leaf priority-decrement { 1011 type uint8 { 1012 range 1..254; 1013 } 1014 default 10; 1015 description 1016 "Specifies how much to decrement the priority of the 1017 VRRP instance if the interface goes down."; 1018 } 1019 } // interface 1020 } // interfaces 1022 container networks { 1023 description 1024 "Enables the backup Virtual Router Redundancy Protocol 1025 version 2 (VRRP) or version 3 (VRRPv3) router to track 1026 specified networks through the IP network prefixes of 1027 these networks. 1028 Network tracking prevents traffic loss by detecting 1029 network connectivity failure. The states of connectivity 1030 to some networks are associated with the priority of a 1031 VRRP router. When connectivity to a tracked network 1032 represented by its prefix is lost, the priority of the 1033 backup VRRP router decrements. When an unavailable network 1034 is again reachable, the priority of the backup VRRP router 1035 is incremented by the same amount."; 1036 list network { 1037 key "prefix"; 1038 description 1039 "Enables the specified Virtual Router Redundancy 1040 Protocol version 2 (VRRP) or version 3 (VRRPv3) 1041 instance to track an IP network, by specifying the 1042 prefix of the IP network."; 1044 leaf prefix { 1045 type inet:ipv4-prefix; 1046 description 1047 "The prefix of the network to track."; 1048 } 1050 leaf priority-decrement { 1051 type uint8 { 1052 range 1..254; 1053 } 1054 default 10; 1055 description 1056 "Specifies how much to decrement the priority of the 1057 backup VRRP router if there is a failure in the IP 1058 network."; 1059 } 1060 } // track-network 1061 } // track-networks 1062 } // track 1064 container virtual-ipv4-addresses { 1065 description 1066 "Configures the virtual IP address for the Virtual Router 1067 Redundancy Protocol (VRRP) interface."; 1069 list virtual-ipv4-address { 1070 key "ipv4-address"; 1071 max-elements 16; 1072 description 1073 "Virtual IP addresses for a single VRRP instance. For a 1074 VRRP owner router, the virtual address must match one 1075 of the IP addresses configured on the interface 1076 corresponding to the virtual router."; 1078 leaf ipv4-address { 1079 type inet:ipv4-address; 1080 description 1081 "An IPv4 address associated with a virtual router."; 1082 reference 1083 "RFC 5798: Virtual Router Redundancy Protocol (VRRP) 1084 Version 3. Section 1.2."; 1085 } 1086 } // virtual-ipv4-address 1087 } // virtual-ipv4-addresses 1088 } // grouping vrrp-ipv4-attributes 1090 grouping vrrp-ipv6-attributes { 1091 description 1092 "Group of VRRP attributes for IPv6."; 1094 uses vrrp-common-attributes; 1096 leaf advertise-interval-centi-sec { 1097 type uint16 { 1098 range 1..4095; 1099 } 1100 units centiseconds; 1101 default 100; 1102 description 1103 "Configures the interval that Virtual Router 1104 Redundancy Protocol version 3 (VRRPv3) advertisements 1105 are sent from the specified interface."; 1106 } 1108 container track { 1109 description 1110 "Enables the specified VRRP instance to track interfaces 1111 or networks."; 1112 container interfaces { 1113 description 1114 "Enables the specified Virtual Router Redundancy Protocol 1115 version 2 (VRRP) or version 3 (VRRPv3) instance to track 1116 interfaces. 1117 Interface tracking prevents traffic loss by detecting the 1118 availability of interfaces. The operational states of 1119 other interfaces are associated with the priority of a 1120 VRRP router. When a tracked interface becomes unavailable 1121 (or operational down), the priority of the backup router 1122 decrements. When an unavailable interface becomes 1123 available again, the priority of the backup VRRP router is 1124 incremented by the same amount."; 1125 list interface { 1126 key "interface"; 1127 description 1128 "Interface to track."; 1130 leaf interface { 1131 type if:interface-ref; 1132 must "/if:interfaces/if:interface[if:name=current()]/" 1133 + "ip:ipv6" { 1134 description "Interface is IPv6."; 1135 } 1136 description 1137 "Interface to track."; 1138 } 1140 leaf priority-decrement { 1141 type uint8 { 1142 range 1..254; 1143 } 1144 default 10; 1145 description 1146 "Specifies how much to decrement the priority of the 1147 VRRP instance if the interface goes down."; 1148 } 1149 } // interface 1150 } // interfaces 1152 container networks { 1153 description 1154 "Enables the backup Virtual Router Redundancy Protocol 1155 version 2 (VRRP) or version 3 (VRRPv3) router to track 1156 specified networks through the IP network prefixes of 1157 these networks. 1158 Network tracking prevents traffic loss by detecting 1159 network connectivity failure. The states of connectivity 1160 to some networks are associated with the priority of a 1161 VRRP router. When connectivity to a tracked network 1162 represented by its prefix is lost, the priority of the 1163 backup VRRP router decrements. When an unavailable network 1164 is again reachable, the priority of the backup VRRP router 1165 is incremented by the same amount."; 1166 list network { 1167 key "prefix"; 1168 description 1169 "Enables the specified Virtual Router Redundancy 1170 Protocol version 2 (VRRP) or version 3 (VRRPv3) 1171 instance to track an IP network, by specifying the 1172 prefix of the IP network."; 1174 leaf prefix { 1175 type inet:ipv6-prefix; 1176 description 1177 "The prefix of the network to track."; 1178 } 1180 leaf priority-decrement { 1181 type uint8 { 1182 range 1..254; 1183 } 1184 default 10; 1185 description 1186 "Specifies how much to decrement the priority of the 1187 backup VRRP router if there is a failure in the IP 1188 network."; 1189 } 1190 } // track-network 1191 } // track-networks 1192 } // track 1194 container virtual-ipv6-addresses { 1195 description 1196 "Configures the virtual IP address for the Virtual Router 1197 Redundancy Protocol (VRRP) interface."; 1198 list virtual-ipv6-address { 1199 key "ipv6-address"; 1200 max-elements 2; 1201 description 1202 "Two IPv6 addresses are allowed. The first one must be 1203 a link-local address and the second one can be a 1204 link-local or global address."; 1206 leaf ipv6-address { 1207 type inet:ipv6-address; 1208 description 1209 "An IPv6 address associated with a virtual router."; 1210 reference 1211 "RFC 5798: Virtual Router Redundancy Protocol (VRRP) 1212 Version 3. Section 1.3."; 1213 } 1214 } // virtual-ipv6-address 1215 } // virtual-ipv6-addresses 1216 } // grouping vrrp-ipv6-attributes 1218 grouping vrrp-state-attributes { 1219 description 1220 "Group of VRRP state attributes."; 1222 leaf state { 1223 type identityref { 1224 base vrrp:vrrp-state-type; 1225 } 1226 config false; 1227 description 1228 "Operational state."; 1229 } 1231 leaf is-owner { 1232 type boolean; 1233 config false; 1234 description 1235 "Set to true if this virtual router is owner."; 1236 } 1238 leaf last-adv-source { 1239 type inet:ip-address; 1240 config false; 1241 description 1242 "Last advertised IPv4/IPv6 source address"; 1243 } 1245 leaf up-datetime { 1246 type yang:date-and-time; 1247 config false; 1248 description 1249 "The date and time when this virtual router 1250 transitioned out of init state."; 1251 } 1253 leaf master-down-interval { 1254 type uint32; 1255 units centiseconds; 1256 config false; 1257 description 1258 "Time interval for backup virtual router to declare 1259 Master down."; 1260 } 1262 leaf skew-time { 1263 type uint32; 1264 units microseconds; 1265 config false; 1266 description 1267 "Calculated based on the priority and advertisement 1268 interval configuration command parameters. See RFC 3768."; 1269 } 1270 leaf last-event { 1271 type identityref { 1272 base vrrp:vrrp-event-type; 1273 } 1274 config false; 1275 description 1276 "Last reported event."; 1277 } 1279 leaf new-master-reason { 1280 type new-master-reason-type; 1281 config false; 1282 description 1283 "Indicates the reason for the virtual router to transition 1284 to master state."; 1285 } 1287 container statistics { 1288 config false; 1289 description 1290 "VRRP statistics."; 1292 leaf discontinuity-datetime { 1293 type yang:date-and-time; 1294 description 1295 "The time on the most recent occasion at which any one or 1296 more of the VRRP statistic counters suffered a 1297 discontinuity. If no such discontinuities have occurred 1298 since the last re-initialization of the local management 1299 subsystem, then this node contains the time that the 1300 local management subsystem re-initialized itself."; 1301 } 1303 leaf master-transitions { 1304 type yang:counter32; 1305 description 1306 "The total number of times that this virtual router's 1307 state has transitioned to master"; 1308 } 1310 leaf advertisement-recv { 1311 type yang:counter64; 1312 description 1313 "The total number of VRRP advertisements received by 1314 this virtual router."; 1315 } 1317 leaf advertisement-sent { 1318 type yang:counter64; 1319 description 1320 "The total number of VRRP advertisements sent by 1321 this virtual router."; 1322 } 1324 leaf interval-errors { 1325 if-feature validate-interval-errors; 1326 type yang:counter64; 1327 description 1328 "The total number of VRRP advertisement packets 1329 received with an advertisement interval 1330 different than the one configured for the local 1331 virtual router"; 1332 } 1334 leaf priority-zero-pkts-rcvd { 1335 type yang:counter64; 1336 description 1337 "The total number of VRRP packets received by the 1338 virtual router with a priority of 0."; 1339 } 1341 leaf priority-zero-pkts-sent { 1342 type yang:counter64; 1343 description 1344 "The total number of VRRP packets sent by the 1345 virtual router with a priority of 0."; 1346 } 1348 leaf invalid-type-pkts-rcvd { 1349 type yang:counter64; 1350 description 1351 "The number of VRRP packets received by the virtual 1352 router with an invalid value in the 'type' field."; 1353 } 1355 leaf address-list-errors { 1356 if-feature validate-address-list-errors; 1357 type yang:counter64; 1358 description 1359 "The total number of packets received with an 1360 address list that does not match the locally 1361 configured address list for the virtual router."; 1362 } 1364 leaf packet-length-errors { 1365 type yang:counter64; 1366 description 1367 "The total number of packets received with a packet 1368 length less than the length of the VRRP header."; 1369 } 1370 } // container statistics 1371 } // grouping vrrp-state-attributes 1373 grouping vrrp-global-state-attributes { 1374 description 1375 "Group of VRRP global state attributes."; 1377 leaf virtual-routers { 1378 type uint32; 1379 description "Number of configured virtual routers."; 1380 } 1382 leaf interfaces { 1383 type uint32; 1384 description "Number of interface with VRRP configured."; 1385 } 1387 container statistics { 1388 description 1389 "VRRP global statistics."; 1391 leaf discontinuity-datetime { 1392 type yang:date-and-time; 1393 description 1394 "The time on the most recent occasion at which one of 1395 checksum-errors, version-errors, vrid-errors, and 1396 ip-ttl-errors suffered a discontinuity. 1398 If no such discontinuities have occurred since the last 1399 re-initialization of the local management subsystem, 1400 then this node contains the time that the local management 1401 subsystem re-initialized itself."; 1402 } 1404 leaf checksum-errors { 1405 type yang:counter64; 1406 description 1407 "The total number of VRRP packets received with an invalid 1408 VRRP checksum value."; 1409 reference "RFC 5798, Section 5.2.8"; 1410 } 1412 leaf version-errors { 1413 type yang:counter64; 1414 description 1415 "The total number of VRRP packets received with an unknown 1416 or unsupported version number."; 1417 reference "RFC 5798, Section 5.2.1"; 1418 } 1420 leaf vrid-errors { 1421 type yang:counter64; 1422 description 1423 "The total number of VRRP packets received with a VRID that 1424 is not valid for any virtual router on this router."; 1425 reference "RFC 5798, Section 5.2.3"; 1426 } 1428 leaf ip-ttl-errors { 1429 type yang:counter64; 1430 description 1431 "The total number of VRRP packets received by the 1432 virtual router with IP TTL (Time-To-Live) not equal 1433 to 255."; 1434 reference "RFC 5798, Sections 5.1.1.3 and 5.1.2.3."; 1435 } 1436 } // statistics 1437 } // vrrp-global-state-attributes 1439 /* 1440 * Configuration data and operational state data nodes 1441 */ 1443 augment "/if:interfaces/if:interface/ip:ipv4" { 1444 description "Augment IPv4 interface."; 1446 container vrrp { 1447 description 1448 "Configures the Virtual Router Redundancy Protocol (VRRP) 1449 version 2 or version 3 for IPv4."; 1451 list vrrp-instance { 1452 key "vrid"; 1453 description 1454 "Defines a virtual router, identified by a virtual router 1455 identifier (VRID), within IPv4 address space."; 1457 uses vrrp-ipv4-attributes; 1458 uses vrrp-state-attributes; 1459 } 1460 } 1461 } // augment ipv4 1462 augment "/if:interfaces/if:interface/ip:ipv6" { 1463 description "Augment IPv6 interface."; 1465 container vrrp { 1466 description 1467 "Configures the Virtual Router Redundancy Protocol (VRRP) 1468 version 3 for IPv6."; 1470 list vrrp-instance { 1471 must "derived-from-or-self(version, 'vrrp-v3')" { 1472 description 1473 "IPv6 is only supported by version 3."; 1474 } 1475 key "vrid"; 1476 description 1477 "Defines a virtual router, identified by a virtual router 1478 identifier (VRID), within IPv6 address space."; 1480 uses vrrp-ipv6-attributes; 1481 uses vrrp-state-attributes; 1482 } // list vrrp-instance 1483 } // container vrrp 1484 } // augment ipv6 1486 container vrrp { 1487 config false; 1488 description "VRRP data at the global level."; 1490 uses vrrp-global-state-attributes; 1491 } 1493 /* 1494 * Notifications 1495 */ 1497 notification vrrp-new-master-event { 1498 description 1499 "Notification event for a change of VRRP new master."; 1500 leaf master-ip-address { 1501 type inet:ip-address; 1502 mandatory true; 1503 description 1504 "IPv4 or IPv6 address of the new master."; 1505 } 1506 leaf new-master-reason { 1507 type new-master-reason-type; 1508 mandatory true; 1509 description 1510 "Indicates the reason for the virtual router to transition 1511 to master state."; 1512 } 1513 } 1515 notification vrrp-protocol-error-event { 1516 description 1517 "Notification event for a VRRP protocol error."; 1518 leaf protocol-error-reason { 1519 type identityref { 1520 base vrrp:vrrp-error-global; 1521 } 1522 mandatory true; 1523 description 1524 "Indicates the reason for the protocol error."; 1525 } 1526 } 1528 notification vrrp-virtual-router-error-event { 1529 description 1530 "Notification event for an error happened on a virtual 1531 router."; 1532 leaf interface { 1533 type if:interface-ref; 1534 mandatory true; 1535 description 1536 "Indicates the interface for which statistics area 1537 to be cleared."; 1538 } 1540 choice ip-version { 1541 mandatory true; 1542 description 1543 "The error may have happened on either an IPv4 virtual 1544 router or an IPv6 virtual router. The information 1545 related to a specific IP version is provided by one of 1546 the following cases."; 1547 case ipv4 { 1548 description "IPv4"; 1549 container ipv4 { 1550 description 1551 "Error information for IPv4."; 1552 leaf vrid { 1553 type leafref { 1554 path "/if:interfaces/if:interface" 1555 + "[if:name = current()/../../vrrp:interface]/" 1556 + "ip:ipv4/vrrp:vrrp/vrrp:vrrp-instance/vrrp:vrid"; 1557 } 1558 mandatory true; 1559 description 1560 "Indicates the virtual router on which the event has 1561 occurred."; 1562 } 1563 } 1564 } 1565 case ipv6 { 1566 description "IPv6"; 1567 container ipv6 { 1568 description 1569 "Error information for IPv6."; 1570 leaf vrid { 1571 type leafref { 1572 path "/if:interfaces/if:interface" 1573 + "[if:name = current()/../../vrrp:interface]/" 1574 + "ip:ipv6/vrrp:vrrp/vrrp:vrrp-instance/vrrp:vrid"; 1575 } 1576 mandatory true; 1577 description 1578 "Indicates the virtual router on which the event has 1579 occurred."; 1580 } 1581 } 1582 } 1583 } 1585 leaf virtual-router-error-reason { 1586 type identityref { 1587 base vrrp:vrrp-error-virtual-router; 1588 } 1589 mandatory true; 1590 description 1591 "Indicates the reason for the virtual router error."; 1592 } 1593 } 1594 } 1595 1597 5. IANA Considerations 1599 RFC Ed.: In this section, replace all occurrences of 'XXXX' with the 1600 actual RFC number (and remove this note). 1602 This document registers the following namespace URIs in the IETF XML 1603 registry [RFC3688]: 1605 -------------------------------------------------------------------- 1606 URI: urn:ietf:params:xml:ns:yang:ietf-vrrp 1607 Registrant Contact: The IESG. 1608 XML: N/A, the requested URI is an XML namespace. 1609 -------------------------------------------------------------------- 1611 This document registers the following YANG modules in the YANG Module 1612 Names registry [RFC7950]: 1614 -------------------------------------------------------------------- 1615 name: ietf-vrrp 1616 namespace: urn:ietf:params:xml:ns:yang:ietf-vrrp 1617 prefix: vrrp 1618 reference: RFC XXXX 1619 -------------------------------------------------------------------- 1621 6. Security Considerations 1623 The YANG module specified in this document defines a schema for data 1624 that is designed to be accessed via network management protocols such 1625 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1626 is the secure transport layer, and the mandatory-to-implement secure 1627 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 1628 is HTTPS, and the mandatory-to-implement secure transport is TLS 1629 [RFC5246]. 1631 The NETCONF access control model [RFC6536] provides the means to 1632 restrict access for particular NETCONF or RESTCONF users to a 1633 preconfigured subset of all available NETCONF or RESTCONF protocol 1634 operations and content. 1636 There are a number of data nodes defined in this YANG module that are 1637 writable/creatable/deletable (i.e., config true, which is the 1638 default). These data nodes may be considered sensitive or vulnerable 1639 in some network environments. Write operations (e.g., edit-config) 1640 to these data nodes without proper protection can have a negative 1641 effect on network operations. These are the subtrees and data nodes 1642 and their sensitivity/vulnerability: 1644 /if:interfaces/if:interface/ip:ipv4/vrrp:vrrp/vrrp:vrrp-instance 1646 /if:interfaces/if:interface/ip:ipv6/vrrp:vrrp/vrrp:vrrp-instance 1648 Unauthorized access to any data node of these subtrees can adversely 1649 affect the routing subsystem of both the local device and the 1650 network. This may lead to network malfunctions, delivery of packets 1651 to inappropriate destinations, and other problems. 1653 Some of the readable data nodes in this YANG module may be considered 1654 sensitive or vulnerable in some network environments. It is thus 1655 important to control read access (e.g., via get, get-config, or 1656 notification) to these data nodes. These are the subtrees and data 1657 nodes and their sensitivity/vulnerability: 1659 /ietf-vrrp:vrrp 1661 /if:interfaces/if:interface/ip:ipv4/vrrp:vrrp/vrrp:vrrp-instance 1663 /if:interfaces/if:interface/ip:ipv6/vrrp:vrrp/vrrp:vrrp-instance 1665 Unauthorized access to any data node of these subtrees can disclose 1666 the operational state information of VRRP on this device. 1668 7. References 1670 7.1. Normative References 1672 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1673 Requirement Levels", BCP 14, RFC 2119, 1674 DOI 10.17487/RFC2119, March 1997, . 1677 [RFC2787] Jewell, B. and D. Chuang, "Definitions of Managed Objects 1678 for the Virtual Router Redundancy Protocol", RFC 2787, 1679 DOI 10.17487/RFC2787, March 2000, . 1682 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1683 DOI 10.17487/RFC3688, January 2004, . 1686 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1687 (TLS) Protocol Version 1.2", RFC 5246, 1688 DOI 10.17487/RFC5246, August 2008, . 1691 [RFC5798] Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP) 1692 Version 3 for IPv4 and IPv6", RFC 5798, 1693 DOI 10.17487/RFC5798, March 2010, . 1696 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1697 the Network Configuration Protocol (NETCONF)", RFC 6020, 1698 DOI 10.17487/RFC6020, October 2010, . 1701 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1702 and A. Bierman, Ed., "Network Configuration Protocol 1703 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1704 . 1706 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1707 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1708 . 1710 [RFC6527] Tata, K., "Definitions of Managed Objects for Virtual 1711 Router Redundancy Protocol Version 3 (VRRPv3)", RFC 6527, 1712 DOI 10.17487/RFC6527, March 2012, . 1715 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1716 Protocol (NETCONF) Access Control Model", RFC 6536, 1717 DOI 10.17487/RFC6536, March 2012, . 1720 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1721 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1722 . 1724 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1725 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1726 . 1728 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1729 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1730 . 1732 [I-D.ietf-netmod-rfc7223bis] 1733 Bjorklund, M., "A YANG Data Model for Interface 1734 Management", draft-ietf-netmod-rfc7223bis-03 (work in 1735 progress), January 2018. 1737 [I-D.ietf-netmod-rfc7277bis] 1738 Bjorklund, M., "A YANG Data Model for IP Management", 1739 draft-ietf-netmod-rfc7277bis-03 (work in progress), 1740 January 2018. 1742 [I-D.ietf-netmod-revised-datastores] 1743 Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1744 and R. Wilton, "Network Management Datastore 1745 Architecture", draft-ietf-netmod-revised-datastores-10 1746 (work in progress), January 2018. 1748 7.2. Informative References 1750 [RFC3768] Hinden, R., Ed., "Virtual Router Redundancy Protocol 1751 (VRRP)", RFC 3768, DOI 10.17487/RFC3768, April 2004, 1752 . 1754 [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", 1755 RFC 7951, DOI 10.17487/RFC7951, August 2016, 1756 . 1758 [I-D.ietf-netconf-subscribed-notifications] 1759 Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and 1760 A. Tripathy, "Custom Subscription to Event Streams", 1761 draft-ietf-netconf-subscribed-notifications-09 (work in 1762 progress), January 2018. 1764 [I-D.ietf-netconf-yang-push] 1765 Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen- 1766 Nygaard, E., Bierman, A., and B. Lengyel, "YANG Datastore 1767 Subscription", draft-ietf-netconf-yang-push-14 (work in 1768 progress), February 2018. 1770 [I-D.ietf-netmod-rfc6087bis] 1771 Bierman, A., "Guidelines for Authors and Reviewers of YANG 1772 Data Model Documents", draft-ietf-netmod-rfc6087bis-17 1773 (work in progress), February 2018. 1775 [I-D.ietf-netmod-yang-tree-diagrams] 1776 Bjorklund, M. and L. Berger, "YANG Tree Diagrams", draft- 1777 ietf-netmod-yang-tree-diagrams-06 (work in progress), 1778 February 2018. 1780 Appendix A. Data Tree Example 1782 This section contains an example of an instance data tree in the JSON 1783 encoding [RFC7951], containing both configuration and state data. 1785 Virtual router IP address: fe80::1 1786 +-----------------+ +-----------------+ 1787 | | | | 1788 | Router 1 | | Router 2 | 1789 | | | | 1790 +--------+--------+ +--------+--------+ 1791 |eth1 |eth1 1792 |fe80::11 |fe80::12 1793 -------+--------------------------+------- 1794 | | 1795 |fe80::51 |fe80::52 1796 +--------+--------+ +--------+--------+ 1797 | Host 1 | | Host 2 | 1798 | Default gateway:| | Default gateway:| 1799 | fe80::1 | | fe80::1 | 1800 +-----------------+ +-----------------+ 1802 The configuration instance data for Router 1 in the above figure 1803 could be as follows: 1805 { 1806 "ietf-interfaces:interfaces": { 1807 "interface": [ 1808 { 1809 "name": "eth1", 1810 "description": "An interface with VRRP enabled.", 1811 "type": "iana-if-type:ethernetCsmacd", 1812 "ietf-ip:ipv6": { 1813 "address": [ 1814 { 1815 "ip": "2001:db8:0:1::1", 1816 "prefix-length": 64 1817 }, 1818 { 1819 "ip": "fe80::11", 1820 "prefix-length": 64 1821 } 1822 ], 1823 "forwarding": true, 1824 "ietf-vrrp:vrrp": { 1825 "vrrp-instance": [ 1826 { 1827 "vrid": 1, 1828 "version": "vrrp-v3", 1829 "priority": 200, 1830 "advertise-interval-centi-sec": 50, 1831 "virtual-ipv6-addresses": { 1832 "virtual-ipv6-address": [ 1833 "ipv6-address": "fe80::1" 1834 ] 1835 } 1836 } 1837 ] 1838 } 1839 } 1840 } 1841 ] 1842 } 1843 } 1845 The cooresponding operational state data for Router 1 could be as 1846 follows: 1848 { 1849 "ietf-interfaces:interfaces": { 1850 "interface": [ 1851 { 1852 "name": "eth1", 1853 "description": "An interface with VRRP enabled.", 1854 "type": "iana-if-type:ethernetCsmacd", 1855 "phys-address": "00:00:5e:00:53:01", 1856 "oper-status": "up", 1857 "statistics": { 1858 "discontinuity-time": "2016-10-24T17:11:27+02:00" 1859 }, 1860 "ietf-ip:ipv6": { 1861 "forwarding": true, 1862 "mtu": 1500, 1863 "address": [ 1864 { 1865 "ip": "2001:db8:0:1::1", 1866 "prefix-length": 64, 1867 "origin": "static", 1868 "status": "preferred" 1869 }, 1870 { 1871 "ip": "fe80::11", 1872 "prefix-length": 64, 1873 "origin": "static", 1874 "status": "preferred" 1875 } 1876 ] 1877 "ietf-vrrp:vrrp": { 1878 "vrrp-instance": [ 1879 { 1880 "vrid": 1, 1881 "version": "vrrp-v3", 1882 "log-state-change": false, 1883 "preempt": { 1884 "enabled": true, 1885 "hold-time": 0 1886 } 1887 "priority": 200, 1888 "accept-mode": false, 1889 "advertise-interval-centi-sec": 50, 1890 "virtual-ipv6-addresses": { 1891 "virtual-ipv6-address": [ 1892 "ipv6-address": "fe80::1" 1893 ] 1894 }, 1895 "state": "master", 1896 "is-owner": false, 1897 "last-adv-source": "fe80::11", 1898 "up-datetime": "2016-10-24T17:11:27+02:00", 1899 "master-down-interval": 161, 1900 "skew-time": 11, 1901 "last-event": "vrrp-event-interface-up", 1902 "new-master-reason": "priority", 1903 "statistics": { 1904 "discontinuity-datetime": 1905 "2016-10-24T17:11:27+02:00", 1906 "master-transitions": 2, 1907 "advertisement-recv": 20, 1908 "advertisement-sent": 12, 1909 "interval-errors": 0, 1910 "priority-zero-pkts-rcvd": 0, 1911 "priority-zero-pkts-sent": 0, 1912 "invalid-type-pkts-rcvd": 0, 1913 "address-list-errors": 0, 1914 "packet-length-errors": 1 1915 } 1916 } 1917 ] 1918 } 1919 } 1920 } 1921 ] 1922 } 1923 } 1925 { 1926 "ietf-vrrp:vrrp": { 1927 "virtual-routers": 3, 1928 "interfaces": 2, 1929 "statistics": { 1930 "discontinuity-datetime": "2016-10-24T17:11:27+02:00", 1931 "checksum-errors": 2, 1932 "version-errors": 0, 1933 "vrid-errors": 0, 1934 "ip-ttl-errors": 1 1935 } 1936 } 1937 } 1939 Authors' Addresses 1941 Xufeng Liu (editor) 1942 Jabil 1943 8281 Greensboro Drive, Suite 200 1944 McLean VA 22102 1945 USA 1947 EMail: Xufeng_Liu@jabil.com 1948 Athanasios Kyparlis 1949 Jabil 1950 8281 Greensboro Drive, Suite 200 1951 McLean VA 22102 1952 USA 1954 EMail: Athanasios_Kyparlis@jabil.com 1956 Ravi Parikh 1957 VMware 1958 3425 Hillview Avenue 1959 Palo Alto CA 94304 1960 USA 1962 EMail: parikhr@vmware.com 1964 Acee Lindem 1965 Cisco Systems 1966 301 Midenhall Way 1967 Cary NC 27513 1968 USA 1970 EMail: acee@cisco.com 1972 Mingui Zhang 1973 Huawei Technologies 1974 No. 156 Beiqing Rd. Haidian District 1975 Beijing 100095 1976 P.R. China 1978 EMail: zhangmingui@huawei.com