A YANG Data Model for the Multicast Source Discovery Protocol (MSDP)Volta Networksxufeng.liu.ietf@gmail.comZTE CorporationNo. 50 Software Avenue, Yuhuatai DistrictNanjingChinazhang.zheng@zte.com.cnIndividual Contributoranish.ietf@gmail.comJuniper Networks1133 Innovation WaySunnyvaleCA94089United States of Americasivakumar.mahesh@gmail.comHuawei TechnologiesHuawei Bldg., No. 156 Beiqing Rd.Beijing100095Chinaguofeng@huawei.comMetaswitch Networks100 Church StreetEnfieldEN2 6BQUnited Kingdompete.mcallister@metaswitch.comMSDPYANG
This document defines a YANG data model for the configuration and
management of Multicast Source Discovery Protocol (MSDP) protocol
operations.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by
the Internet Engineering Steering Group (IESG). Further
information on Internet Standards is available in Section 2 of
RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
. Introduction
. Terminology
. Conventions Used in This Document
. Tree Diagrams
. Prefixes in Data Node Names
. Design of the Data Model
. Scope of Model
. Specification
. Module Structure
. MSDP Configuration
. MSDP States
. MSDP YANG Data Model
. Security Considerations
. IANA Considerations
. References
. Normative References
. Informative References
. Data Tree Example
. The Global and Peer Configuration Example
. The State Example
. The Actions Example
Acknowledgements
Contributors
Authors' Addresses
Introduction introduces the protocol
definition of the Multicast Source Discovery Protocol (MSDP).
This document defines a YANG data model that can be used to configure
and manage MSDP protocol operations. The operational state data and
statistics can also be retrieved by this model.
This model is designed to be used along with other multicast
YANG data models such as PIM , which are not covered in this document.
TerminologyThe terminology for describing YANG data models is found in
and , including:
action
augment
choice
container
data model
data node
grouping
identity
leaf
list
module
uses
The following abbreviations are used in this document and the defined
model:MSDP: Multicast Source Discovery Protocol RP: Rendezvous Point RPF: Reverse Path Forwarding SA: Source-Active Conventions Used in This DocumentThe key words "MUST", "MUST NOT",
"REQUIRED", "SHALL",
"SHALL NOT", "SHOULD",
"SHOULD NOT",
"RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document
are to be interpreted as described in BCP 14
when, and only
when, they appear in all capitals, as shown here.Tree DiagramsTree diagrams used in this document follow the notation defined in
.Prefixes in Data Node NamesIn this document, names of data nodes, actions, and other data model
objects are often used without a prefix, as long as it is clear from
the context in which YANG module each name is defined. Otherwise,
names are prefixed using the standard prefix associated with the
corresponding YANG module, as shown in .
Prefix
YANG module
Reference
yang
ietf-yang-types
inet
ietf-inet-types
rt
ietf-routing
if
ietf-interfaces
ip
ietf-ip
key-chain
ietf-key-chain
rt-types
ietf-routing-types
acl
ietf-access-control-list
Design of the Data ModelScope of ModelThe model covers MSDP .This model can be used to configure and manage MSDP protocol operations. The operational state data and statistics
can be retrieved by this model. Even though no protocol-specific
notifications are defined in this model, the subscription and push
mechanisms, as defined in
and , can be implemented by
the user to subscribe to notifications on the data nodes in this
model.The model contains all the basic configuration parameters to operate
the protocol. Depending on the implementation choices,
some systems may not allow some of the advanced parameters to be
configurable. The occasionally implemented parameters are modeled as
optional features in this model.
This model can be extended, and it has been structured in a way that
such extensions can be conveniently made.Specification
The configuration data nodes cover global
configuration attributes and per-peer configuration
attributes. The state data nodes include global, per-peer,
and SA information. The container "msdp" is the
top-level container in this data model. The presence of
this container is expected to enable MSDP protocol functionality.
No notification is defined in this model.Module Structure
This model imports and augments the "ietf-routing" YANG data model
defined in . Both configuration
data nodes and state data nodes as mentioned in
are augmented.
The YANG data model defined in this document conforms to the Network
Management Datastore Architecture (NMDA) .
The operational state data is combined with the associated configuration
data in the same hierarchy .
module: ietf-msdp
augment /rt:routing/rt:control-plane-protocols
/rt:control-plane-protocol:
+--rw msdp
+--rw global
| +--rw tcp-connection-source? if:interface-ref
| +--rw default-peer* [peer-addr prefix-policy]
{filter-policy}?
| | +--rw peer-addr -> ../../../peers/peer/address
| | +--rw prefix-policy -> /acl:acls/acl/name
| +--rw originating-rp
| | +--rw interface? if:interface-ref
| +--rw sa-filter
| | +--rw in? -> /acl:acls/acl/name
| | +--rw out? -> /acl:acls/acl/name
| +--rw sa-limit? uint32
| +--rw ttl-threshold? uint8
+--rw peers
| +--rw peer* [address]
| +--rw address inet:ipv4-address
| +---x clear-peer
| +--rw authentication {peer-authentication}?
| | +--rw (authentication-type)?
| | +--:(key-chain)
| | | +--rw key-chain?
key-chain:key-chain-ref
| | +--:(password)
| | +--rw key? string
| | +--rw crypto-algorithm? identityref
| +--rw enabled? boolean
| +--rw tcp-connection-source? if:interface-ref
| +--rw description? string
| +--rw mesh-group? string
| +--rw peer-as? inet:as-number
{peer-as-verification}?
| +--rw sa-filter
| | +--rw in? -> /acl:acls/acl/name
| | +--rw out? -> /acl:acls/acl/name
| +--rw sa-limit? uint32
| +--rw timer
| | +--rw connect-retry-interval? uint16
| | +--rw holdtime-interval? uint16
| | +--rw keepalive-interval? uint16
| +--rw ttl-threshold? uint8
| +--ro session-state? enumeration
| +--ro elapsed-time? yang:gauge32
| +--ro connect-retry-expire? uint32
| +--ro hold-expire? uint16
| +--ro is-default-peer? boolean
| +--ro keepalive-expire? uint16
| +--ro reset-count? yang:zero-based-counter32
| +--ro statistics
| +--ro discontinuity-time? yang:date-and-time
| +--ro error
| | +--ro rpf-failure? uint32
| +--ro queue
| | +--ro size-in? uint32
| | +--ro size-out? uint32
| +--ro received
| | +--ro keepalive? yang:counter64
| | +--ro notification? yang:counter64
| | +--ro sa-message? yang:counter64
| | +--ro sa-response? yang:counter64
| | +--ro sa-request? yang:counter64
| | +--ro total? yang:counter64
| +--ro sent
| +--ro keepalive? yang:counter64
| +--ro notification? yang:counter64
| +--ro sa-message? yang:counter64
| +--ro sa-response? yang:counter64
| +--ro sa-request? yang:counter64
| +--ro total? yang:counter64
+---x clear-all-peers
+--ro sa-cache
+--ro entry* [group source-addr]
| +--ro group
rt-types:ipv4-multicast-group-address
| +--ro source-addr
rt-types:ipv4-multicast-source-address
| +--ro origin-rp* [rp-address]
| | +--ro rp-address inet:ipv4-address
| | +--ro is-local-rp? boolean
| | +--ro sa-adv-expire? uint32
| +--ro state-attributes
| +--ro up-time? yang:gauge32
| +--ro expire? yang:gauge32
| +--ro holddown-interval? uint32
| +--ro peer-learned-from? inet:ipv4-address
| +--ro rpf-peer? inet:ipv4-address
+---x clear
+---w input
+---w entry!
| +---w group
rt-types:ipv4-multicast-group-address
| +---w source-addr?
rt-types:ipv4-multicast-source-address
+---w peer-address? inet:ipv4-address
+---w peer-as? inet:as-numberMSDP Configuration
MSDP operation requires configuration information that is distributed
amongst several peers. Several peers may
be configured in a mesh-group. The SA information may be filtered
by peers.The configuration modeling branch is composed of MSDP global and
peer configurations.
These two parts are the most important parts of MSDP.Besides the fundamental features of MSDP, several optional features
are included in the model. These features help the control of MSDP.
The peer features and SA features make the deployment and control easier. The
connection parameters can be used to control the TCP connection because MSDP
is based on TCP. The authentication features make the protocol more
secure. The filter features selectively allow operators to prevent SA information
from being forwarded to peers.MSDP StatesMSDP states are composed of the MSDP global state, the MSDP peer state, statistics
information, and SA cache information. The statistics information and SA cache
information help the operator retrieve data regarding the protocol's condition.YANG actions are defined to clear the connection of one specific MSDP peer,
clear the connections of all MSDP peers, or clear some or all of the SA caches.MSDP YANG Data ModelThis module references , ,
, , ,
, , ,
, , and .
module ietf-msdp {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-msdp";
prefix msdp;
import ietf-yang-types {
prefix "yang";
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-inet-types {
prefix "inet";
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-routing {
prefix "rt";
reference
"RFC 8349: A YANG Data Model for Routing Management
(NMDA Version)";
}
import ietf-interfaces {
prefix "if";
reference
"RFC 8343: A YANG Data Model for Interface Management";
}
import ietf-ip {
prefix "ip";
reference
"RFC 8344: A YANG Data Model for IP Management";
}
import ietf-key-chain {
prefix "key-chain";
reference
"RFC 8177: YANG Data Model for Key Chains";
}
import ietf-routing-types {
prefix "rt-types";
reference
"RFC 8294: Common YANG Data Types for the Routing Area";
}
import ietf-access-control-list {
prefix acl;
reference
"RFC 8519: YANG Data Model for Network Access Control Lists
(ACLs)";
}
organization
"IETF Protocols for IP Multicast (pim) Working Group";
contact
"WG Web: <https://datatracker.ietf.org/wg/pim/>
WG List: <mailto:pim@ietf.org>
Editor: Xufeng Liu
<mailto:xufeng.liu.ietf@gmail.com>
Editor: Zheng Zhang
<mailto:zhang.zheng@zte.com.cn>
Editor: Anish Peter
<mailto:anish.ietf@gmail.com>
Editor: Mahesh Sivakumar
<mailto:sivakumar.mahesh@gmail.com>
Editor: Feng Guo
<mailto:guofeng@huawei.com>
Editor: Pete McAllister
<mailto:pete.mcallister@metaswitch.com>";
description
"This module defines the YANG data model definitions for the
Multicast Source Discovery Protocol (MSDP).
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
Copyright (c) 2020 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 8916; see the
RFC itself for full legal notices.";
revision 2020-10-31 {
description
"Initial revision.";
reference
"RFC 8916: A YANG Data Model for the Multicast Source
Discovery Protocol (MSDP)";
}
/*
* Features
*/
feature filter-policy {
description
"Support policy configuration of peer/message filtering.";
reference
"RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)";
}
feature peer-as-verification {
description
"Support configuration of a peer's Autonomous System Number
(ASN).";
reference
"RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
}
feature peer-authentication {
description
"Support configuration of peer authentication.";
reference
"RFC 8177: YANG Data Model for Key Chains";
}
/*
* Identities
*/
identity msdp {
base rt:control-plane-protocol;
description
"Identity for the Multicast Source Discovery Protocol (MSDP).";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP)";
}
/*
* Groupings
*/
grouping authentication-container {
description
"Authentication attributes.";
container authentication {
if-feature peer-authentication;
description
"A container defining authentication attributes.";
choice authentication-type {
case key-chain {
leaf key-chain {
type key-chain:key-chain-ref;
description
"Reference to a key-chain.";
reference
"RFC 8177: YANG Data Model for Key Chains";
}
}
case password {
leaf key {
type string;
description
"This leaf specifies the authentication key.";
}
leaf crypto-algorithm {
type identityref {
base key-chain:crypto-algorithm;
}
must "derived-from-or-self(., 'key-chain:md5')" {
error-message
"Only the md5 algorithm can be used for MSDP.";
description
"Check for crypto-algorithm.";
}
description
"Cryptographic algorithm associated with a key.
Only the md5 algorithm can be used for MSDP.
When 'md5' is specified, MSDP control messages
are secured by TCP MD5 signatures as described
in RFCs 3618 and 5925. Both peers of a
connection SHOULD be configured to the same
algorithm for the connection to be established.
When this leaf is not configured, unauthenticated
TCP is used.";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP)
RFC 5925: The TCP Authentication Option
RFC 8177: YANG Data Model for Key Chains";
}
}
description
"Choice of authentication.";
}
}
} // authentication-container
grouping tcp-connect-source {
description
"Attribute to configure a peer TCP connection source.";
leaf tcp-connection-source {
type if:interface-ref;
must "/if:interfaces/if:interface[if:name = current()]/"
+ "ip:ipv4/ip:enabled != 'false'" {
error-message
"The interface must have IPv4 enabled.";
description
"The interface must have IPv4 enabled.";
reference
"RFC 8343: A YANG Data Model for Interface Management";
}
description
"The interface is to be the source for the TCP
connection. It is a reference to an entry in the global
interface list.";
}
} // tcp-connect-source
grouping global-config-attributes {
description
"Global MSDP configuration.";
uses tcp-connect-source;
list default-peer {
if-feature filter-policy;
key "peer-addr prefix-policy";
description
"The default peer accepts all MSDP Source-Active (SA)
messages. A default peer is needed in topologies where
MSDP peers do not coexist with BGP peers. The Reverse Path
Forwarding (RPF) check on SA messages will fail, and no
SA messages will be accepted. In these cases, you can
configure the peer as a default peer and bypass
RPF checks.";
leaf peer-addr {
type leafref {
path "../../../peers/peer/address";
}
mandatory true;
description
"Reference to a peer that is in the peer list.";
}
leaf prefix-policy {
type leafref {
path "/acl:acls/acl:acl/acl:name";
}
description
"If specified, only those SA entries whose Rendezvous
Point (RP) is permitted in the prefix list are allowed;
if not specified, all SA messages from the default
peer are accepted.";
reference
"RFC 7761: Protocol Independent Multicast - Sparse Mode
(PIM-SM): Protocol Specification (Revised)
RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)";
}
} // default-peer
container originating-rp {
description
"The container of the originating RP.";
leaf interface {
type if:interface-ref;
must "/if:interfaces/if:interface[if:name = current()]/"
+ "ip:ipv4/ip:enabled != 'false'" {
error-message
"The interface must have IPv4 enabled.";
description
"The interface must have IPv4 enabled.";
reference
"RFC 8343: A YANG Data Model for Interface Management";
}
description
"Reference to an entry in the global interface list.
The IP address of the interface used in the RP field of
an SA message entry. When anycast RPs are used, all RPs
use the same IP address. This parameter can be used to
define a unique IP address for the RP of each MSDP peer.
By default, the software uses the RP address of the
local system.";
}
} // originating-rp
uses sa-filter-container;
leaf sa-limit {
type uint32;
description
"A limit on the number of SA entries accepted.
If not configured or the value is 0, there is no limit.";
}
uses ttl-threshold;
} // global-config-attributes
grouping peer-config-attributes {
description
"Per-peer configuration for MSDP.";
uses authentication-container;
leaf enabled {
type boolean;
description
"'true' if the peer is enabled;
'false' if the peer is disabled.";
}
uses tcp-connect-source;
leaf description {
type string;
description
"The peer description.";
}
leaf mesh-group {
type string;
description
"The name of the mesh-group to which this peer belongs.";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP),
Section 10.2";
}
leaf peer-as {
if-feature peer-as-verification;
type inet:as-number;
description
"The peer's ASN. Using peer-as to perform the verification
can provide more controlled ability. The value can be
compared with the BGP peer's ASN. If they are different,
the SA information that comes from this peer may be
rejected. If the ASN is the same as the local ASN, then
the peer is within the same domain; otherwise, this peer
is external to the domain. This is comparable to the
definition and usage in BGP; see RFC 4271.";
reference
"RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
}
uses sa-filter-container;
leaf sa-limit {
type uint32;
description
"A limit on the number of SA entries accepted from this
peer.
If not configured or the value is 0, there is no limit.";
}
container timer {
description
"Timer attributes.";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP),
Section 5";
leaf connect-retry-interval {
type uint16;
units seconds;
default 30;
description
"The peer timer for connect-retry. By default, MSDP peers
wait 30 seconds after the session is reset.";
}
leaf holdtime-interval {
type uint16 {
range "3..65535";
}
units seconds;
default 75;
description
"The SA hold-down period of this MSDP peer.";
}
leaf keepalive-interval {
type uint16 {
range "1..65535";
}
units seconds;
must '. < ../holdtime-interval' {
error-message
"The keepalive interval must be smaller than the "
+ "hold-time interval.";
}
default 60;
description
"The keepalive timer of this MSDP peer.";
}
} // timer
uses ttl-threshold;
} // peer-config-attributes
grouping peer-state-attributes {
description
"Per-peer state attributes for MSDP.";
leaf session-state {
type enumeration {
enum disabled {
description
"Disabled.";
}
enum inactive {
description
"Inactive.";
}
enum listen {
description
"Listen.";
}
enum connecting {
description
"Connecting.";
}
enum established {
description
"Established.";
}
}
config false;
description
"The peer's session state.";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP),
Section 11";
}
leaf elapsed-time {
type yang:gauge32;
units seconds;
config false;
description
"Elapsed time for being in a state.";
}
leaf connect-retry-expire {
type uint32;
units seconds;
config false;
description
"Connect retry expire time of a peer connection.";
}
leaf hold-expire {
type uint16;
units seconds;
config false;
description
"Hold expire time of a peer connection.";
}
leaf is-default-peer {
type boolean;
config false;
description
"'true' if this peer is one of the default peers.";
}
leaf keepalive-expire {
type uint16;
units seconds;
config false;
description
"Keepalive expire time of this peer.";
}
leaf reset-count {
type yang:zero-based-counter32;
config false;
description
"The reset count of this peer.";
}
container statistics {
config false;
description
"A container defining statistics attributes.";
leaf discontinuity-time {
type yang:date-and-time;
description
"The time on the most recent occasion at which any one
or more of the statistics counters suffered a
discontinuity. If no such discontinuities have occurred
since the last re-initialization of the local
management subsystem, then this node contains the time
the local management subsystem re-initialized itself.";
}
container error {
description
"A grouping defining error statistics attributes.";
leaf rpf-failure {
type uint32;
description
"The number of RPF failures.";
}
}
container queue {
description
"A container that includes queue statistics attributes.";
leaf size-in {
type uint32;
description
"The number of messages received from the peer
currently queued.";
}
leaf size-out {
type uint32;
description
"The number of messages queued to be sent to the peer.";
}
}
container received {
description
"Received message counters.";
uses statistics-sent-received;
}
container sent {
description
"Sent message counters.";
uses statistics-sent-received;
}
} // statistics
} // peer-state-attributes
grouping sa-filter-container {
description
"A container defining SA filters.";
container sa-filter {
description
"Specifies an Access Control List (ACL) to filter SA messages
coming into or going out of the peer.";
leaf in {
type leafref {
path "/acl:acls/acl:acl/acl:name";
}
description
"Filters incoming SA messages only.
The value is the name to uniquely identify a
policy that contains one or more rules used to
accept or reject MSDP SA messages.
If the policy is not specified, all MSDP SA messages are
accepted.";
reference
"RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)";
}
leaf out {
type leafref {
path "/acl:acls/acl:acl/acl:name";
}
description
"Filters outgoing SA messages only.
The value is the name to uniquely identify a
policy that contains one or more rules used to
accept or reject MSDP SA messages.
If the policy is not specified, all MSDP SA messages are
sent.";
reference
"RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)";
}
} // sa-filter
} // sa-filter-container
grouping ttl-threshold {
description
"Attribute to configure the TTL threshold.";
leaf ttl-threshold {
type uint8 {
range 1..255;
}
description
"The maximum number of hops data packets can traverse
before being dropped.";
}
} // ttl-threshold
grouping statistics-sent-received {
description
"A grouping defining sent and received statistics attributes.";
leaf keepalive {
type yang:counter64;
description
"The number of keepalive messages.";
}
leaf notification {
type yang:counter64;
description
"The number of notification messages.";
}
leaf sa-message {
type yang:counter64;
description
"The number of SA messages.";
}
leaf sa-response {
type yang:counter64;
description
"The number of SA response messages.";
}
leaf sa-request {
type yang:counter64;
description
"The number of SA request messages.";
}
leaf total {
type yang:counter64;
description
"The number of total messages.";
}
} // statistics-sent-received
/*
* Data nodes
*/
augment "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol" {
when "derived-from-or-self(rt:type, 'msdp:msdp')" {
description
"This augmentation is only valid for a routing protocol
instance of MSDP.";
}
description
"MSDP augmentation to routing control-plane protocol
configuration and state.";
container msdp {
description
"MSDP configuration and operational state data.";
container global {
description
"Global attributes.";
uses global-config-attributes;
}
container peers {
description
"Contains a list of peers.";
list peer {
key "address";
description
"A list of MSDP peers.";
leaf address {
type inet:ipv4-address;
description
"The address of the peer.";
}
action clear-peer {
description
"Clears the TCP connection to the peer.";
}
uses peer-config-attributes;
uses peer-state-attributes;
}
}
action clear-all-peers {
description
"All peers' TCP connections are cleared.";
}
container sa-cache {
config false;
description
"The SA cache information.";
list entry {
key "group source-addr";
description
"A list of SA cache entries.";
leaf group {
type rt-types:ipv4-multicast-group-address;
description
"The group address of this SA cache.";
}
leaf source-addr {
type rt-types:ipv4-multicast-source-address;
description
"Source IPv4 address.";
}
list origin-rp {
key "rp-address";
description
"Information regarding the originating RP.";
leaf rp-address {
type inet:ipv4-address;
description
"The RP address. This is the IP address used in the
RP field of an SA message entry.";
}
leaf is-local-rp {
type boolean;
description
"'true' if the RP is local;
'false' if the RP is not local.";
}
leaf sa-adv-expire {
type uint32;
units seconds;
description
"The remaining time duration before expiration
of the periodic SA advertisement timer on a
local RP.";
}
}
container state-attributes {
description
"SA cache state attributes for MSDP.";
leaf up-time {
type yang:gauge32;
units seconds;
description
"Indicates the duration time when this SA entry is
created in the cache. MSDP is a periodic protocol;
the value can be used to check the state of the
SA cache.";
}
leaf expire {
type yang:gauge32;
units seconds;
description
"Indicates the duration time when this SA entry in
the cache times out. MSDP is a periodic protocol;
the value can be used to check the state of the
SA cache.";
}
leaf holddown-interval {
type uint32;
units seconds;
description
"Hold-down timer value for SA forwarding.";
reference
"RFC 3618: Multicast Source Discovery Protocol
(MSDP), Section 5.3";
}
leaf peer-learned-from {
type inet:ipv4-address;
description
"The address of the peer from which we learned this
SA information.";
}
leaf rpf-peer {
type inet:ipv4-address;
description
"The address is the SA's originating RP.";
}
} // state-attributes
} // entry
action clear {
description
"Clears MSDP SA cache entries.";
input {
container entry {
presence "If a particular entry is cleared.";
description
"The SA cache (S,G) or (*,G) entry to be cleared.
If this is not provided, all entries are cleared.";
leaf group {
type rt-types:ipv4-multicast-group-address;
mandatory true;
description
"The group address.";
}
leaf source-addr {
type rt-types:ipv4-multicast-source-address;
description
"The address of the multicast source to be cleared.
If this is not provided, then all entries related
to the given group are cleared.";
}
}
leaf peer-address {
type inet:ipv4-address;
description
"The peer IP address from which MSDP SA cache entries
have been learned. If this is not provided, entries
learned from all peers are cleared.";
}
leaf peer-as {
type inet:as-number;
description
"The ASN from which MSDP SA cache entries have been
learned. If this is not provided, entries learned
from all ASes are cleared.";
}
}
} // clear
} // sa-cache
} // msdp
} // augment
}Security ConsiderationsThe YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such
as NETCONF or RESTCONF .
The lowest NETCONF layer is the secure transport layer, and the
mandatory-to-implement secure transport is Secure Shell (SSH) .
The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure
transport is TLS .The Network Configuration Access Control Model (NACM) provides the means to restrict access for particular
NETCONF or RESTCONF users to a preconfigured subset of all available
NETCONF or RESTCONF protocol operations and content.There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability:Under /rt:routing/rt:control-plane-protocols/msdp:msdp:globalThis subtree specifies the configuration for the MSDP attributes
at the global level. Modifying the configuration can cause MSDP
default peers to be deleted or the connection to be rebuilt and can
also cause unexpected filtering of the SA.msdp:peersThis subtree specifies the configuration for the MSDP attributes
at the peer level. Modifying the configuration will allow
unexpected MSDP peer establishment and
unexpected SA information learning and advertisement.The writability of the "key" field should be strictly controlled.
Misoperation of the key will break the existing MSDP connection,
and the associated SA caches will also be deleted.Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability:/rt:routing/rt:control-plane-protocols/msdp:Unauthorized access to any data node of the above subtree can
disclose the operational state information of MSDP on this device. For
example, disclosure of the peer information may lead to a forged connection
attack, and uncorrected modification of the ACL nodes may lead to filter
errors.The "key" field is also a sensitive readable configuration.
Unauthorized reading of this field may lead to leaking of the password.
Modification will allow the unexpected rebuilding of connected peers.Authentication configuration is supported via the
specification of key-chains or
the direct specification of the
key and the authentication algorithm. Hence, authentication
configuration in the
"authentication" container inherits the security considerations discussed in
. This includes the considerations with respect to the
local storage and handling of authentication keys.Some of the RPC operations in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control access to these operations. These are the
operations and their sensitivity/vulnerability:
/rt:routing/rt:control-plane-protocols/msdp:clear-peer/rt:routing/rt:control-plane-protocols/msdp:clear-sa-cacheUnauthorized access to either of the above action
operations can lead to rebuilding of the MSDP peers' connections or
deletion of SA records on this device.
IANA ConsiderationsIANA has registered the following URI in the "ns" subregistry within
the "IETF XML Registry" :
URI:
urn:ietf:params:xml:ns:yang:ietf-msdp
Registrant Contact:
The IESG.
XML:
N/A; the requested URI is an XML namespace.
IANA has registered the following YANG module in the "YANG Module
Names" subregistry within the
"YANG Parameters" registry:
Name:
ietf-msdp
Namespace:
urn:ietf:params:xml:ns:yang:ietf-msdp
Prefix:
msdp
Reference:
RFC 8916
ReferencesNormative ReferencesKey words for use in RFCs to Indicate Requirement LevelsIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Multicast Source Discovery Protocol (MSDP)The Multicast Source Discovery Protocol (MSDP) describes a mechanism to connect multiple IP Version 4 Protocol Independent Multicast Sparse-Mode (PIM-SM) domains together. Each PIM-SM domain uses its own independent Rendezvous Point (RP) and does not have to depend on RPs in other domains. This document reflects existing MSDP implementations.A Border Gateway Protocol 4 (BGP-4)This document discusses the Border Gateway Protocol (BGP), which is an inter-Autonomous System routing protocol.The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASes) that reachability information traverses. This information is sufficient for constructing a graph of AS connectivity for this reachability from which routing loops may be pruned, and, at the AS level, some policy decisions may be enforced.BGP-4 provides a set of mechanisms for supporting Classless Inter-Domain Routing (CIDR). These mechanisms include support for advertising a set of destinations as an IP prefix, and eliminating the concept of network "class" within BGP. BGP-4 also introduces mechanisms that allow aggregation of routes, including aggregation of AS paths.This document obsoletes RFC 1771. [STANDARDS-TRACK]The TCP Authentication OptionThis document specifies the TCP Authentication Option (TCP-AO), which obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5). TCP-AO specifies the use of stronger Message Authentication Codes (MACs), protects against replays even for long-lived TCP connections, and provides more details on the association of security with TCP connections than TCP MD5. TCP-AO is compatible with either a static Master Key Tuple (MKT) configuration or an external, out-of-band MKT management mechanism; in either case, TCP-AO also protects connections when using the same MKT across repeated instances of a connection, using traffic keys derived from the MKT, and coordinates MKT changes between endpoints. The result is intended to support current infrastructure uses of TCP MD5, such as to protect long-lived connections (as used, e.g., in BGP and LDP), and to support a larger set of MACs with minimal other system and operational changes. TCP-AO uses a different option identifier than TCP MD5, even though TCP-AO and TCP MD5 are never permitted to be used simultaneously. TCP-AO supports IPv6, and is fully compatible with the proposed requirements for the replacement of TCP MD5. [STANDARDS-TRACK]YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)YANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications. [STANDARDS-TRACK]Network Configuration Protocol (NETCONF)The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs). This document obsoletes RFC 4741. [STANDARDS-TRACK]Using the NETCONF Protocol over Secure Shell (SSH)This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. This document obsoletes RFC 4742. [STANDARDS-TRACK]Common YANG Data TypesThis document introduces a collection of common data types to be used with the YANG data modeling language. This document obsoletes RFC 6021.The YANG 1.1 Data Modeling LanguageYANG is a data modeling language used to model configuration data, state data, Remote Procedure Calls, and notifications for network management protocols. This document describes the syntax and semantics of version 1.1 of the YANG language. YANG version 1.1 is a maintenance release of the YANG language, addressing ambiguities and defects in the original specification. There are a small number of backward incompatibilities from YANG version 1. This document also specifies the YANG mappings to the Network Configuration Protocol (NETCONF).JSON Encoding of Data Modeled with YANGThis document defines encoding rules for representing configuration data, state data, parameters of Remote Procedure Call (RPC) operations or actions, and notifications defined using YANG as JavaScript Object Notation (JSON) text.RESTCONF ProtocolThis document describes an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in the Network Configuration Protocol (NETCONF).Ambiguity of Uppercase vs Lowercase in RFC 2119 Key WordsRFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.YANG Data Model for Key ChainsThis document describes the key chain YANG data model. Key chains are commonly used for routing protocol authentication and other applications requiring symmetric keys. A key chain is a list containing one or more elements containing a Key ID, key string, send/accept lifetimes, and the associated authentication or encryption algorithm. By properly overlapping the send and accept lifetimes of multiple key chain elements, key strings and algorithms may be gracefully updated. By representing them in a YANG data model, key distribution can be automated.Common YANG Data Types for the Routing AreaThis document defines a collection of common data types using the YANG data modeling language. These derived common types are designed to be imported by other modules defined in the routing area.YANG Tree DiagramsThis document captures the current syntax used in YANG module tree diagrams. The purpose of this document is to provide a single location for this definition. This syntax may be updated from time to time based on the evolution of the YANG language.Network Configuration Access Control ModelThe standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) or the RESTCONF protocol requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF or RESTCONF protocol access for particular users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. This document defines such an access control model.This document obsoletes RFC 6536.Network Management Datastore Architecture (NMDA)Datastores are a fundamental concept binding the data models written in the YANG data modeling language to network management protocols such as the Network Configuration Protocol (NETCONF) and RESTCONF. This document defines an architectural framework for datastores based on the experience gained with the initial simpler model, addressing requirements that were not well supported in the initial model. This document updates RFC 7950.A YANG Data Model for Interface ManagementThis document defines a YANG data model for the management of network interfaces. It is expected that interface-type-specific data models augment the generic interfaces data model defined in this document. The data model includes definitions for configuration and system state (status information and counters for the collection of statistics).The YANG data model in this document conforms to the Network Management Datastore Architecture (NMDA) defined in RFC 8342.This document obsoletes RFC 7223.A YANG Data Model for IP ManagementThis document defines a YANG data model for management of IP implementations. The data model includes configuration and system state.The YANG data model in this document conforms to the Network Management Datastore Architecture defined in RFC 8342.This document obsoletes RFC 7277.A YANG Data Model for Routing Management (NMDA Version)This document specifies three YANG modules and one submodule. Together, they form the core routing data model that serves as a framework for configuring and managing a routing subsystem. It is expected that these modules will be augmented by additional YANG modules defining data models for control-plane protocols, route filters, and other functions. The core routing data model provides common building blocks for such extensions -- routes, Routing Information Bases (RIBs), and control-plane protocols.The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA). This document obsoletes RFC 8022.The Transport Layer Security (TLS) Protocol Version 1.3This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.YANG Data Model for Network Access Control Lists (ACLs)This document defines a data model for Access Control Lists (ACLs). An ACL is a user-ordered set of rules used to configure the forwarding behavior in a device. Each rule is used to find a match on a packet and define actions that will be performed on the packet.Informative ReferencesA YANG Data Model for Protocol Independent Multicast (PIM)Work in ProgressThe IETF XML RegistryThis document describes an IANA maintained registry for IETF standards which use Extensible Markup Language (XML) related items such as Namespaces, Document Type Declarations (DTDs), Schemas, and Resource Description Framework (RDF) Schemas.Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)This document specifies Protocol Independent Multicast - Sparse Mode (PIM-SM). PIM-SM is a multicast routing protocol that can use the underlying unicast routing information base or a separate multicast-capable routing information base. It builds unidirectional shared trees rooted at a Rendezvous Point (RP) per group, and it optionally creates shortest-path trees per source.This document obsoletes RFC 4601 by replacing it, addresses the errata filed against it, removes the optional (*,*,RP), PIM Multicast Border Router features and authentication using IPsec that lack sufficient deployment experience (see Appendix A), and moves the PIM specification to Internet Standard.Guidelines for Authors and Reviewers of Documents Containing YANG Data ModelsThis memo provides guidelines for authors and reviewers of specifications containing YANG modules. Recommendations and procedures are defined, which are intended to increase interoperability and usability of Network Configuration Protocol (NETCONF) and RESTCONF protocol implementations that utilize YANG modules. This document obsoletes RFC 6087.Subscription to YANG NotificationsThis document defines a YANG data model and associated mechanisms enabling subscriber-specific subscriptions to a publisher's event streams. Applying these elements allows a subscriber to request and receive a continuous, customized feed of publisher-generated information.Subscription to YANG Notifications for Datastore UpdatesThis document describes a mechanism that allows subscriber applications to request a continuous and customized stream of updates from a YANG datastore. Providing such visibility into updates enables new capabilities based on the remote mirroring and monitoring of configuration and operational state.Data Tree ExampleThis appendix contains an example of an instance data tree in JSON
encoding , containing configuration data.The Global and Peer Configuration Example
{
"ietf-interfaces:interfaces": {
"interface": [
{
"name": "eth1",
"description": "An interface with MSDP enabled.",
"type": "iana-if-type:ethernetCsmacd",
"ietf-ip:ipv4": {
"forwarding": true,
"address": [
{
"ip": "192.0.2.1",
"prefix-length": 24
}
]
}
}
]
},
"ietf-access-control-list:acls": {
"acl": [
{
"name": "msdp-default-peer-policy",
"type": "ietf-access-control-list:ipv4-acl-type",
"aces": {
"ace": [
{
"name": "accept",
"actions": {
"forwarding": "ietf-access-control-list:accept"
}
}
]
}
}
]
},
"ietf-routing:routing": {
"router-id": "203.0.113.1",
"control-plane-protocols": {
"control-plane-protocol": [
{
"type": "ietf-msdp:msdp",
"name": "msdp-1",
"ietf-msdp:msdp": {
"global": {
"tcp-connection-source": "eth1",
"default-peer": [
{
"peer-addr": "198.51.100.8",
"prefix-policy": "msdp-default-peer-policy"
}
],
"originating-rp": {
"interface": "eth1"
},
"sa-limit": 0,
"ttl-threshold": 1
},
"peers": {
"peer": [
{
"address": "198.51.100.8",
"enabled": true,
"tcp-connection-source": "eth1",
"description": "x",
"mesh-group": "x",
"peer-as": 100,
"sa-limit": 0,
"timer": {
"connect-retry-interval": 0,
"holdtime-interval": 3,
"keepalive-interval": 1
},
"ttl-threshold": 1
}
]
}
}
}
]
}
}
}The State Example
{
"ietf-interfaces:interfaces": {
"interface": [
{
"name": "eth1",
"description": "An interface with MSDP enabled.",
"type": "iana-if-type:ethernetCsmacd",
"phys-address": "00:00:5e:00:53:01",
"oper-status": "up",
"statistics": {
"discontinuity-time": "2020-02-22T11:22:33+02:00"
},
"ietf-ip:ipv4": {
"forwarding": true,
"mtu": 1500,
"address": [
{
"ip": "192.0.2.1",
"prefix-length": 24,
"origin": "static"
}
]
}
}
]
},
"ietf-access-control-list:acls": {
"acl": [
{
"name": "msdp-default-peer-policy",
"type": "ietf-access-control-list:ipv4-acl-type",
"aces": {
"ace": [
{
"name": "accept",
"actions": {
"forwarding": "ietf-access-control-list:accept"
}
}
]
}
}
]
},
"ietf-routing:routing": {
"router-id": "203.0.113.1",
"control-plane-protocols": {
"control-plane-protocol": [
{
"type": "ietf-msdp:msdp",
"name": "msdp-1",
"ietf-msdp:msdp": {
"global": {
"tcp-connection-source": "eth1",
"default-peer": [
{
"peer-addr": "198.51.100.8",
"prefix-policy": "msdp-default-peer-policy"
}
],
"originating-rp": {
"interface": "eth1"
},
"sa-limit": 0,
"ttl-threshold": 1
},
"peers": {
"peer": [
{
"address": "198.51.100.8",
"enabled": true,
"tcp-connection-source": "eth1",
"description": "x",
"mesh-group": "x",
"peer-as": 100,
"sa-limit": 0,
"timer": {
"connect-retry-interval": 0,
"holdtime-interval": 3,
"keepalive-interval": 1
},
"ttl-threshold": 1,
"session-state": "established",
"elapsed-time": 5,
"is-default-peer": true,
"keepalive-expire": 1,
"reset-count": 1,
"statistics": {
"discontinuity-time": "2020-02-22T12:22:33+02:00"
}
}
]
},
"sa-cache": {
"entry": [
{
"group": "233.252.0.23",
"source-addr": "192.0.2.50",
"origin-rp": [
{
"rp-address": "203.0.113.10",
"is-local-rp": false,
"sa-adv-expire": 50
}
],
"state-attributes": {
"up-time": 1000,
"expire": 120,
"holddown-interval": 150,
"peer-learned-from": "198.51.100.8",
"rpf-peer": "198.51.100.8"
}
}
]
}
}
}
]
}
}
}The Actions ExampleThis example shows the input data (in JSON) for executing an "sa‑cache clear"
action to clear the cache of all entries that match the group address of 233.252.0.23.
{
"ietf-msdp:sa-cache": {
"input": {
"entry": {
"group": "233.252.0.23"
}
}
}
}AcknowledgementsThe authors would like to thank and
for their valuable comments and
suggestions.ContributorsThe authors would like to thank the following people
for their valuable contributions.liuyisong@chinamobile.comxu.benchong@zte.com.cntanmoy.kundu@alcatel-lucent.comAuthors' AddressesVolta Networksxufeng.liu.ietf@gmail.comZTE CorporationNo. 50 Software Avenue, Yuhuatai DistrictNanjingChinazhang.zheng@zte.com.cnIndividual Contributoranish.ietf@gmail.comJuniper Networks1133 Innovation WaySunnyvaleCA94089United States of Americasivakumar.mahesh@gmail.comHuawei TechnologiesHuawei Bldg., No. 156 Beiqing Rd.Beijing100095Chinaguofeng@huawei.comMetaswitch Networks100 Church StreetEnfieldEN2 6BQUnited Kingdompete.mcallister@metaswitch.com