Internet Engineering Task Force (IETF) X. Liu Request for Comments: 8916 Volta Networks Category: Standards Track Z. Zhang, Ed. ISSN: 2070-1721 ZTE Corporation A. Peter Individual Contributor M. Sivakumar Juniper Networks F. Guo Huawei Technologies P. McAllister Metaswitch Networks October 2020 A YANG Data Model for the Multicast Source Discovery Protocol (MSDP) Abstract This document defines a YANG data model for the configuration and management of Multicast Source Discovery Protocol (MSDP) protocol operations. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8916. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction 1.1. Terminology 1.2. Conventions Used in This Document 1.3. Tree Diagrams 1.4. Prefixes in Data Node Names 2. Design of the Data Model 2.1. Scope of Model 2.2. Specification 3. Module Structure 3.1. MSDP Configuration 3.2. MSDP States 4. MSDP YANG Data Model 5. Security Considerations 6. IANA Considerations 7. References 7.1. Normative References 7.2. Informative References Appendix A. Data Tree Example A.1. The Global and Peer Configuration Example A.2. The State Example A.3. The Actions Example Acknowledgements Contributors Authors' Addresses 1. Introduction [RFC3618] introduces the protocol definition of the Multicast Source Discovery Protocol (MSDP). This document defines a YANG data model that can be used to configure and manage MSDP protocol operations. The operational state data and statistics can also be retrieved by this model. This model is designed to be used along with other multicast YANG data models such as PIM [PIM-YANG], which are not covered in this document. 1.1. Terminology The terminology for describing YANG data models is found in [RFC6020] and [RFC7950], including: * action * augment * choice * container * data model * data node * grouping * identity * leaf * list * module * uses The following abbreviations are used in this document and the defined model: MSDP: Multicast Source Discovery Protocol [RFC3618] RP: Rendezvous Point [RFC7761] RPF: Reverse Path Forwarding [RFC7761] SA: Source-Active [RFC3618] 1.2. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.3. Tree Diagrams Tree diagrams used in this document follow the notation defined in [RFC8340]. 1.4. Prefixes in Data Node Names In this document, names of data nodes, actions, and other data model objects are often used without a prefix, as long as it is clear from the context in which YANG module each name is defined. Otherwise, names are prefixed using the standard prefix associated with the corresponding YANG module, as shown in Table 1. +===========+==========================+===========+ | Prefix | YANG module | Reference | +===========+==========================+===========+ | yang | ietf-yang-types | [RFC6991] | +-----------+--------------------------+-----------+ | inet | ietf-inet-types | [RFC6991] | +-----------+--------------------------+-----------+ | rt | ietf-routing | [RFC8349] | +-----------+--------------------------+-----------+ | if | ietf-interfaces | [RFC8343] | +-----------+--------------------------+-----------+ | ip | ietf-ip | [RFC8344] | +-----------+--------------------------+-----------+ | key-chain | ietf-key-chain | [RFC8177] | +-----------+--------------------------+-----------+ | rt-types | ietf-routing-types | [RFC8294] | +-----------+--------------------------+-----------+ | acl | ietf-access-control-list | [RFC8519] | +-----------+--------------------------+-----------+ Table 1 2. Design of the Data Model 2.1. Scope of Model The model covers MSDP [RFC3618]. This model can be used to configure and manage MSDP protocol operations. The operational state data and statistics can be retrieved by this model. Even though no protocol-specific notifications are defined in this model, the subscription and push mechanisms, as defined in [RFC8639] and [RFC8641], can be implemented by the user to subscribe to notifications on the data nodes in this model. The model contains all the basic configuration parameters to operate the protocol. Depending on the implementation choices, some systems may not allow some of the advanced parameters to be configurable. The occasionally implemented parameters are modeled as optional features in this model. This model can be extended, and it has been structured in a way that such extensions can be conveniently made. 2.2. Specification The configuration data nodes cover global configuration attributes and per-peer configuration attributes. The state data nodes include global, per-peer, and SA information. The container "msdp" is the top-level container in this data model. The presence of this container is expected to enable MSDP protocol functionality. No notification is defined in this model. 3. Module Structure This model imports and augments the "ietf-routing" YANG data model defined in [RFC8349]. Both configuration data nodes and state data nodes as mentioned in [RFC8349] are augmented. The YANG data model defined in this document conforms to the Network Management Datastore Architecture (NMDA) [RFC8342]. The operational state data is combined with the associated configuration data in the same hierarchy [RFC8407]. module: ietf-msdp augment /rt:routing/rt:control-plane-protocols /rt:control-plane-protocol: +--rw msdp +--rw global | +--rw tcp-connection-source? if:interface-ref | +--rw default-peer* [peer-addr prefix-policy] {filter-policy}? | | +--rw peer-addr -> ../../../peers/peer/address | | +--rw prefix-policy -> /acl:acls/acl/name | +--rw originating-rp | | +--rw interface? if:interface-ref | +--rw sa-filter | | +--rw in? -> /acl:acls/acl/name | | +--rw out? -> /acl:acls/acl/name | +--rw sa-limit? uint32 | +--rw ttl-threshold? uint8 +--rw peers | +--rw peer* [address] | +--rw address inet:ipv4-address | +---x clear-peer | +--rw authentication {peer-authentication}? | | +--rw (authentication-type)? | | +--:(key-chain) | | | +--rw key-chain? key-chain:key-chain-ref | | +--:(password) | | +--rw key? string | | +--rw crypto-algorithm? identityref | +--rw enabled? boolean | +--rw tcp-connection-source? if:interface-ref | +--rw description? string | +--rw mesh-group? string | +--rw peer-as? inet:as-number {peer-as-verification}? | +--rw sa-filter | | +--rw in? -> /acl:acls/acl/name | | +--rw out? -> /acl:acls/acl/name | +--rw sa-limit? uint32 | +--rw timer | | +--rw connect-retry-interval? uint16 | | +--rw holdtime-interval? uint16 | | +--rw keepalive-interval? uint16 | +--rw ttl-threshold? uint8 | +--ro session-state? enumeration | +--ro elapsed-time? yang:gauge32 | +--ro connect-retry-expire? uint32 | +--ro hold-expire? uint16 | +--ro is-default-peer? boolean | +--ro keepalive-expire? uint16 | +--ro reset-count? yang:zero-based-counter32 | +--ro statistics | +--ro discontinuity-time? yang:date-and-time | +--ro error | | +--ro rpf-failure? uint32 | +--ro queue | | +--ro size-in? uint32 | | +--ro size-out? uint32 | +--ro received | | +--ro keepalive? yang:counter64 | | +--ro notification? yang:counter64 | | +--ro sa-message? yang:counter64 | | +--ro sa-response? yang:counter64 | | +--ro sa-request? yang:counter64 | | +--ro total? yang:counter64 | +--ro sent | +--ro keepalive? yang:counter64 | +--ro notification? yang:counter64 | +--ro sa-message? yang:counter64 | +--ro sa-response? yang:counter64 | +--ro sa-request? yang:counter64 | +--ro total? yang:counter64 +---x clear-all-peers +--ro sa-cache +--ro entry* [group source-addr] | +--ro group rt-types:ipv4-multicast-group-address | +--ro source-addr rt-types:ipv4-multicast-source-address | +--ro origin-rp* [rp-address] | | +--ro rp-address inet:ipv4-address | | +--ro is-local-rp? boolean | | +--ro sa-adv-expire? uint32 | +--ro state-attributes | +--ro up-time? yang:gauge32 | +--ro expire? yang:gauge32 | +--ro holddown-interval? uint32 | +--ro peer-learned-from? inet:ipv4-address | +--ro rpf-peer? inet:ipv4-address +---x clear +---w input +---w entry! | +---w group rt-types:ipv4-multicast-group-address | +---w source-addr? rt-types:ipv4-multicast-source-address +---w peer-address? inet:ipv4-address +---w peer-as? inet:as-number 3.1. MSDP Configuration MSDP operation requires configuration information that is distributed amongst several peers. Several peers may be configured in a mesh- group. The SA information may be filtered by peers. The configuration modeling branch is composed of MSDP global and peer configurations. These two parts are the most important parts of MSDP. Besides the fundamental features of MSDP, several optional features are included in the model. These features help the control of MSDP. The peer features and SA features make the deployment and control easier. The connection parameters can be used to control the TCP connection because MSDP is based on TCP. The authentication features make the protocol more secure. The filter features selectively allow operators to prevent SA information from being forwarded to peers. 3.2. MSDP States MSDP states are composed of the MSDP global state, the MSDP peer state, statistics information, and SA cache information. The statistics information and SA cache information help the operator retrieve data regarding the protocol's condition. YANG actions are defined to clear the connection of one specific MSDP peer, clear the connections of all MSDP peers, or clear some or all of the SA caches. 4. MSDP YANG Data Model This module references [RFC3618], [RFC4271], [RFC5925], [RFC6991], [RFC7761], [RFC8177], [RFC8294], [RFC8343], [RFC8344], [RFC8349], and [RFC8519]. <CODE BEGINS> file "ietf-msdp@2020-10-31.yang" module ietf-msdp { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-msdp"; prefix msdp; import ietf-yang-types { prefix "yang"; reference "RFC 6991: Common YANG Data Types"; } import ietf-inet-types { prefix "inet"; reference "RFC 6991: Common YANG Data Types"; } import ietf-routing { prefix "rt"; reference "RFC 8349: A YANG Data Model for Routing Management (NMDA Version)"; } import ietf-interfaces { prefix "if"; reference "RFC 8343: A YANG Data Model for Interface Management"; } import ietf-ip { prefix "ip"; reference "RFC 8344: A YANG Data Model for IP Management"; } import ietf-key-chain { prefix "key-chain"; reference "RFC 8177: YANG Data Model for Key Chains"; } import ietf-routing-types { prefix "rt-types"; reference "RFC 8294: Common YANG Data Types for the Routing Area"; } import ietf-access-control-list { prefix acl; reference "RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } organization "IETF Protocols for IP Multicast (pim) Working Group"; contact "WG Web: <https://datatracker.ietf.org/wg/pim/> WG List: <mailto:pim@ietf.org> Editor: Xufeng Liu <mailto:xufeng.liu.ietf@gmail.com> Editor: Zheng Zhang <mailto:zhang.zheng@zte.com.cn> Editor: Anish Peter <mailto:anish.ietf@gmail.com> Editor: Mahesh Sivakumar <mailto:sivakumar.mahesh@gmail.com> Editor: Feng Guo <mailto:guofeng@huawei.com> Editor: Pete McAllister <mailto:pete.mcallister@metaswitch.com>"; description "This module defines the YANG data model definitions for the Multicast Source Discovery Protocol (MSDP). The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c) 2020 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 8916; see the RFC itself for full legal notices."; revision 2020-10-31 { description "Initial revision."; reference "RFC 8916: A YANG Data Model for the Multicast Source Discovery Protocol (MSDP)"; } /* * Features */ feature filter-policy { description "Support policy configuration of peer/message filtering."; reference "RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } feature peer-as-verification { description "Support configuration of a peer's Autonomous System Number (ASN)."; reference "RFC 4271: A Border Gateway Protocol 4 (BGP-4)"; } feature peer-authentication { description "Support configuration of peer authentication."; reference "RFC 8177: YANG Data Model for Key Chains"; } /* * Identities */ identity msdp { base rt:control-plane-protocol; description "Identity for the Multicast Source Discovery Protocol (MSDP)."; reference "RFC 3618: Multicast Source Discovery Protocol (MSDP)"; } /* * Groupings */ grouping authentication-container { description "Authentication attributes."; container authentication { if-feature peer-authentication; description "A container defining authentication attributes."; choice authentication-type { case key-chain { leaf key-chain { type key-chain:key-chain-ref; description "Reference to a key-chain."; reference "RFC 8177: YANG Data Model for Key Chains"; } } case password { leaf key { type string; description "This leaf specifies the authentication key."; } leaf crypto-algorithm { type identityref { base key-chain:crypto-algorithm; } must "derived-from-or-self(., 'key-chain:md5')" { error-message "Only the md5 algorithm can be used for MSDP."; description "Check for crypto-algorithm."; } description "Cryptographic algorithm associated with a key. Only the md5 algorithm can be used for MSDP. When 'md5' is specified, MSDP control messages are secured by TCP MD5 signatures as described in RFCs 3618 and 5925. Both peers of a connection SHOULD be configured to the same algorithm for the connection to be established. When this leaf is not configured, unauthenticated TCP is used."; reference "RFC 3618: Multicast Source Discovery Protocol (MSDP) RFC 5925: The TCP Authentication Option RFC 8177: YANG Data Model for Key Chains"; } } description "Choice of authentication."; } } } // authentication-container grouping tcp-connect-source { description "Attribute to configure a peer TCP connection source."; leaf tcp-connection-source { type if:interface-ref; must "/if:interfaces/if:interface[if:name = current()]/" + "ip:ipv4/ip:enabled != 'false'" { error-message "The interface must have IPv4 enabled."; description "The interface must have IPv4 enabled."; reference "RFC 8343: A YANG Data Model for Interface Management"; } description "The interface is to be the source for the TCP connection. It is a reference to an entry in the global interface list."; } } // tcp-connect-source grouping global-config-attributes { description "Global MSDP configuration."; uses tcp-connect-source; list default-peer { if-feature filter-policy; key "peer-addr prefix-policy"; description "The default peer accepts all MSDP Source-Active (SA) messages. A default peer is needed in topologies where MSDP peers do not coexist with BGP peers. The Reverse Path Forwarding (RPF) check on SA messages will fail, and no SA messages will be accepted. In these cases, you can configure the peer as a default peer and bypass RPF checks."; leaf peer-addr { type leafref { path "../../../peers/peer/address"; } mandatory true; description "Reference to a peer that is in the peer list."; } leaf prefix-policy { type leafref { path "/acl:acls/acl:acl/acl:name"; } description "If specified, only those SA entries whose Rendezvous Point (RP) is permitted in the prefix list are allowed; if not specified, all SA messages from the default peer are accepted."; reference "RFC 7761: Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised) RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } } // default-peer container originating-rp { description "The container of the originating RP."; leaf interface { type if:interface-ref; must "/if:interfaces/if:interface[if:name = current()]/" + "ip:ipv4/ip:enabled != 'false'" { error-message "The interface must have IPv4 enabled."; description "The interface must have IPv4 enabled."; reference "RFC 8343: A YANG Data Model for Interface Management"; } description "Reference to an entry in the global interface list. The IP address of the interface used in the RP field of an SA message entry. When anycast RPs are used, all RPs use the same IP address. This parameter can be used to define a unique IP address for the RP of each MSDP peer. By default, the software uses the RP address of the local system."; } } // originating-rp uses sa-filter-container; leaf sa-limit { type uint32; description "A limit on the number of SA entries accepted. If not configured or the value is 0, there is no limit."; } uses ttl-threshold; } // global-config-attributes grouping peer-config-attributes { description "Per-peer configuration for MSDP."; uses authentication-container; leaf enabled { type boolean; description "'true' if the peer is enabled; 'false' if the peer is disabled."; } uses tcp-connect-source; leaf description { type string; description "The peer description."; } leaf mesh-group { type string; description "The name of the mesh-group to which this peer belongs."; reference "RFC 3618: Multicast Source Discovery Protocol (MSDP), Section 10.2"; } leaf peer-as { if-feature peer-as-verification; type inet:as-number; description "The peer's ASN. Using peer-as to perform the verification can provide more controlled ability. The value can be compared with the BGP peer's ASN. If they are different, the SA information that comes from this peer may be rejected. If the ASN is the same as the local ASN, then the peer is within the same domain; otherwise, this peer is external to the domain. This is comparable to the definition and usage in BGP; see RFC 4271."; reference "RFC 4271: A Border Gateway Protocol 4 (BGP-4)"; } uses sa-filter-container; leaf sa-limit { type uint32; description "A limit on the number of SA entries accepted from this peer. If not configured or the value is 0, there is no limit."; } container timer { description "Timer attributes."; reference "RFC 3618: Multicast Source Discovery Protocol (MSDP), Section 5"; leaf connect-retry-interval { type uint16; units seconds; default 30; description "The peer timer for connect-retry. By default, MSDP peers wait 30 seconds after the session is reset."; } leaf holdtime-interval { type uint16 { range "3..65535"; } units seconds; default 75; description "The SA hold-down period of this MSDP peer."; } leaf keepalive-interval { type uint16 { range "1..65535"; } units seconds; must '. < ../holdtime-interval' { error-message "The keepalive interval must be smaller than the " + "hold-time interval."; } default 60; description "The keepalive timer of this MSDP peer."; } } // timer uses ttl-threshold; } // peer-config-attributes grouping peer-state-attributes { description "Per-peer state attributes for MSDP."; leaf session-state { type enumeration { enum disabled { description "Disabled."; } enum inactive { description "Inactive."; } enum listen { description "Listen."; } enum connecting { description "Connecting."; } enum established { description "Established."; } } config false; description "The peer's session state."; reference "RFC 3618: Multicast Source Discovery Protocol (MSDP), Section 11"; } leaf elapsed-time { type yang:gauge32; units seconds; config false; description "Elapsed time for being in a state."; } leaf connect-retry-expire { type uint32; units seconds; config false; description "Connect retry expire time of a peer connection."; } leaf hold-expire { type uint16; units seconds; config false; description "Hold expire time of a peer connection."; } leaf is-default-peer { type boolean; config false; description "'true' if this peer is one of the default peers."; } leaf keepalive-expire { type uint16; units seconds; config false; description "Keepalive expire time of this peer."; } leaf reset-count { type yang:zero-based-counter32; config false; description "The reset count of this peer."; } container statistics { config false; description "A container defining statistics attributes."; leaf discontinuity-time { type yang:date-and-time; description "The time on the most recent occasion at which any one or more of the statistics counters suffered a discontinuity. If no such discontinuities have occurred since the last re-initialization of the local management subsystem, then this node contains the time the local management subsystem re-initialized itself."; } container error { description "A grouping defining error statistics attributes."; leaf rpf-failure { type uint32; description "The number of RPF failures."; } } container queue { description "A container that includes queue statistics attributes."; leaf size-in { type uint32; description "The number of messages received from the peer currently queued."; } leaf size-out { type uint32; description "The number of messages queued to be sent to the peer."; } } container received { description "Received message counters."; uses statistics-sent-received; } container sent { description "Sent message counters."; uses statistics-sent-received; } } // statistics } // peer-state-attributes grouping sa-filter-container { description "A container defining SA filters."; container sa-filter { description "Specifies an Access Control List (ACL) to filter SA messages coming into or going out of the peer."; leaf in { type leafref { path "/acl:acls/acl:acl/acl:name"; } description "Filters incoming SA messages only. The value is the name to uniquely identify a policy that contains one or more rules used to accept or reject MSDP SA messages. If the policy is not specified, all MSDP SA messages are accepted."; reference "RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } leaf out { type leafref { path "/acl:acls/acl:acl/acl:name"; } description "Filters outgoing SA messages only. The value is the name to uniquely identify a policy that contains one or more rules used to accept or reject MSDP SA messages. If the policy is not specified, all MSDP SA messages are sent."; reference "RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } } // sa-filter } // sa-filter-container grouping ttl-threshold { description "Attribute to configure the TTL threshold."; leaf ttl-threshold { type uint8 { range 1..255; } description "The maximum number of hops data packets can traverse before being dropped."; } } // ttl-threshold grouping statistics-sent-received { description "A grouping defining sent and received statistics attributes."; leaf keepalive { type yang:counter64; description "The number of keepalive messages."; } leaf notification { type yang:counter64; description "The number of notification messages."; } leaf sa-message { type yang:counter64; description "The number of SA messages."; } leaf sa-response { type yang:counter64; description "The number of SA response messages."; } leaf sa-request { type yang:counter64; description "The number of SA request messages."; } leaf total { type yang:counter64; description "The number of total messages."; } } // statistics-sent-received /* * Data nodes */ augment "/rt:routing/rt:control-plane-protocols/" + "rt:control-plane-protocol" { when "derived-from-or-self(rt:type, 'msdp:msdp')" { description "This augmentation is only valid for a routing protocol instance of MSDP."; } description "MSDP augmentation to routing control-plane protocol configuration and state."; container msdp { description "MSDP configuration and operational state data."; container global { description "Global attributes."; uses global-config-attributes; } container peers { description "Contains a list of peers."; list peer { key "address"; description "A list of MSDP peers."; leaf address { type inet:ipv4-address; description "The address of the peer."; } action clear-peer { description "Clears the TCP connection to the peer."; } uses peer-config-attributes; uses peer-state-attributes; } } action clear-all-peers { description "All peers' TCP connections are cleared."; } container sa-cache { config false; description "The SA cache information."; list entry { key "group source-addr"; description "A list of SA cache entries."; leaf group { type rt-types:ipv4-multicast-group-address; description "The group address of this SA cache."; } leaf source-addr { type rt-types:ipv4-multicast-source-address; description "Source IPv4 address."; } list origin-rp { key "rp-address"; description "Information regarding the originating RP."; leaf rp-address { type inet:ipv4-address; description "The RP address. This is the IP address used in the RP field of an SA message entry."; } leaf is-local-rp { type boolean; description "'true' if the RP is local; 'false' if the RP is not local."; } leaf sa-adv-expire { type uint32; units seconds; description "The remaining time duration before expiration of the periodic SA advertisement timer on a local RP."; } } container state-attributes { description "SA cache state attributes for MSDP."; leaf up-time { type yang:gauge32; units seconds; description "Indicates the duration time when this SA entry is created in the cache. MSDP is a periodic protocol; the value can be used to check the state of the SA cache."; } leaf expire { type yang:gauge32; units seconds; description "Indicates the duration time when this SA entry in the cache times out. MSDP is a periodic protocol; the value can be used to check the state of the SA cache."; } leaf holddown-interval { type uint32; units seconds; description "Hold-down timer value for SA forwarding."; reference "RFC 3618: Multicast Source Discovery Protocol (MSDP), Section 5.3"; } leaf peer-learned-from { type inet:ipv4-address; description "The address of the peer from which we learned this SA information."; } leaf rpf-peer { type inet:ipv4-address; description "The address is the SA's originating RP."; } } // state-attributes } // entry action clear { description "Clears MSDP SA cache entries."; input { container entry { presence "If a particular entry is cleared."; description "The SA cache (S,G) or (*,G) entry to be cleared. If this is not provided, all entries are cleared."; leaf group { type rt-types:ipv4-multicast-group-address; mandatory true; description "The group address."; } leaf source-addr { type rt-types:ipv4-multicast-source-address; description "The address of the multicast source to be cleared. If this is not provided, then all entries related to the given group are cleared."; } } leaf peer-address { type inet:ipv4-address; description "The peer IP address from which MSDP SA cache entries have been learned. If this is not provided, entries learned from all peers are cleared."; } leaf peer-as { type inet:as-number; description "The ASN from which MSDP SA cache entries have been learned. If this is not provided, entries learned from all ASes are cleared."; } } } // clear } // sa-cache } // msdp } // augment } <CODE ENDS> 5. Security Considerations The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446]. The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability: Under /rt:routing/rt:control-plane-protocols/msdp: msdp:global This subtree specifies the configuration for the MSDP attributes at the global level. Modifying the configuration can cause MSDP default peers to be deleted or the connection to be rebuilt and can also cause unexpected filtering of the SA. msdp:peers This subtree specifies the configuration for the MSDP attributes at the peer level. Modifying the configuration will allow unexpected MSDP peer establishment and unexpected SA information learning and advertisement. The writability of the "key" field should be strictly controlled. Misoperation of the key will break the existing MSDP connection, and the associated SA caches will also be deleted. Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability: /rt:routing/rt:control-plane-protocols/msdp: Unauthorized access to any data node of the above subtree can disclose the operational state information of MSDP on this device. For example, disclosure of the peer information may lead to a forged connection attack, and uncorrected modification of the ACL nodes may lead to filter errors. The "key" field is also a sensitive readable configuration. Unauthorized reading of this field may lead to leaking of the password. Modification will allow the unexpected rebuilding of connected peers. Authentication configuration is supported via the specification of key-chains [RFC8177] or the direct specification of the key and the authentication algorithm. Hence, authentication configuration in the "authentication" container inherits the security considerations discussed in [RFC8177]. This includes the considerations with respect to the local storage and handling of authentication keys. Some of the RPC operations in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control access to these operations. These are the operations and their sensitivity/vulnerability: /rt:routing/rt:control-plane-protocols/msdp:clear-peer /rt:routing/rt:control-plane-protocols/msdp:clear-sa-cache Unauthorized access to either of the above action operations can lead to rebuilding of the MSDP peers' connections or deletion of SA records on this device. 6. IANA Considerations IANA has registered the following URI in the "ns" subregistry within the "IETF XML Registry" [RFC3688]: URI: urn:ietf:params:xml:ns:yang:ietf-msdp Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace. IANA has registered the following YANG module in the "YANG Module Names" subregistry [RFC6020] within the "YANG Parameters" registry: Name: ietf-msdp Namespace: urn:ietf:params:xml:ns:yang:ietf-msdp Prefix: msdp Reference: RFC 8916 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC3618] Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source Discovery Protocol (MSDP)", RFC 3618, DOI 10.17487/RFC3618, October 2003, <https://www.rfc-editor.org/info/rfc3618>. [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 10.17487/RFC4271, January 2006, <https://www.rfc-editor.org/info/rfc4271>. [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, DOI 10.17487/RFC5925, June 2010, <https://www.rfc-editor.org/info/rfc5925>. [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010, <https://www.rfc-editor.org/info/rfc6020>. [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, <https://www.rfc-editor.org/info/rfc6241>. [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, <https://www.rfc-editor.org/info/rfc6242>. [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, DOI 10.17487/RFC6991, July 2013, <https://www.rfc-editor.org/info/rfc6991>. [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, <https://www.rfc-editor.org/info/rfc7950>. [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", RFC 7951, DOI 10.17487/RFC7951, August 2016, <https://www.rfc-editor.org/info/rfc7951>. [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, <https://www.rfc-editor.org/info/rfc8040>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. Zhang, "YANG Data Model for Key Chains", RFC 8177, DOI 10.17487/RFC8177, June 2017, <https://www.rfc-editor.org/info/rfc8177>. [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, "Common YANG Data Types for the Routing Area", RFC 8294, DOI 10.17487/RFC8294, December 2017, <https://www.rfc-editor.org/info/rfc8294>. [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, <https://www.rfc-editor.org/info/rfc8340>. [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, March 2018, <https://www.rfc-editor.org/info/rfc8341>. [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, <https://www.rfc-editor.org/info/rfc8342>. [RFC8343] Bjorklund, M., "A YANG Data Model for Interface Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, <https://www.rfc-editor.org/info/rfc8343>. [RFC8344] Bjorklund, M., "A YANG Data Model for IP Management", RFC 8344, DOI 10.17487/RFC8344, March 2018, <https://www.rfc-editor.org/info/rfc8344>. [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for Routing Management (NMDA Version)", RFC 8349, DOI 10.17487/RFC8349, March 2018, <https://www.rfc-editor.org/info/rfc8349>. [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, <https://www.rfc-editor.org/info/rfc8446>. [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, "YANG Data Model for Network Access Control Lists (ACLs)", RFC 8519, DOI 10.17487/RFC8519, March 2019, <https://www.rfc-editor.org/info/rfc8519>. 7.2. Informative References [PIM-YANG] Liu, X., McAllister, P., Peter, A., Sivakumar, M., Liu, Y., and F. Hu, "A YANG Data Model for Protocol Independent Multicast (PIM)", Work in Progress, Internet-Draft, draft- ietf-pim-yang-17, 19 May 2018, <https://tools.ietf.org/html/draft-ietf-pim-yang-17>. [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, <https://www.rfc-editor.org/info/rfc3688>. [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 2016, <https://www.rfc-editor.org/info/rfc7761>. [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of Documents Containing YANG Data Models", BCP 216, RFC 8407, DOI 10.17487/RFC8407, October 2018, <https://www.rfc-editor.org/info/rfc8407>. [RFC8639] Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard, E., and A. Tripathy, "Subscription to YANG Notifications", RFC 8639, DOI 10.17487/RFC8639, September 2019, <https://www.rfc-editor.org/info/rfc8639>. [RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641, September 2019, <https://www.rfc-editor.org/info/rfc8641>. Appendix A. Data Tree Example This appendix contains an example of an instance data tree in JSON encoding [RFC7951], containing configuration data. A.1. The Global and Peer Configuration Example { "ietf-interfaces:interfaces": { "interface": [ { "name": "eth1", "description": "An interface with MSDP enabled.", "type": "iana-if-type:ethernetCsmacd", "ietf-ip:ipv4": { "forwarding": true, "address": [ { "ip": "192.0.2.1", "prefix-length": 24 } ] } } ] }, "ietf-access-control-list:acls": { "acl": [ { "name": "msdp-default-peer-policy", "type": "ietf-access-control-list:ipv4-acl-type", "aces": { "ace": [ { "name": "accept", "actions": { "forwarding": "ietf-access-control-list:accept" } } ] } } ] }, "ietf-routing:routing": { "router-id": "203.0.113.1", "control-plane-protocols": { "control-plane-protocol": [ { "type": "ietf-msdp:msdp", "name": "msdp-1", "ietf-msdp:msdp": { "global": { "tcp-connection-source": "eth1", "default-peer": [ { "peer-addr": "198.51.100.8", "prefix-policy": "msdp-default-peer-policy" } ], "originating-rp": { "interface": "eth1" }, "sa-limit": 0, "ttl-threshold": 1 }, "peers": { "peer": [ { "address": "198.51.100.8", "enabled": true, "tcp-connection-source": "eth1", "description": "x", "mesh-group": "x", "peer-as": 100, "sa-limit": 0, "timer": { "connect-retry-interval": 0, "holdtime-interval": 3, "keepalive-interval": 1 }, "ttl-threshold": 1 } ] } } } ] } } } A.2. The State Example { "ietf-interfaces:interfaces": { "interface": [ { "name": "eth1", "description": "An interface with MSDP enabled.", "type": "iana-if-type:ethernetCsmacd", "phys-address": "00:00:5e:00:53:01", "oper-status": "up", "statistics": { "discontinuity-time": "2020-02-22T11:22:33+02:00" }, "ietf-ip:ipv4": { "forwarding": true, "mtu": 1500, "address": [ { "ip": "192.0.2.1", "prefix-length": 24, "origin": "static" } ] } } ] }, "ietf-access-control-list:acls": { "acl": [ { "name": "msdp-default-peer-policy", "type": "ietf-access-control-list:ipv4-acl-type", "aces": { "ace": [ { "name": "accept", "actions": { "forwarding": "ietf-access-control-list:accept" } } ] } } ] }, "ietf-routing:routing": { "router-id": "203.0.113.1", "control-plane-protocols": { "control-plane-protocol": [ { "type": "ietf-msdp:msdp", "name": "msdp-1", "ietf-msdp:msdp": { "global": { "tcp-connection-source": "eth1", "default-peer": [ { "peer-addr": "198.51.100.8", "prefix-policy": "msdp-default-peer-policy" } ], "originating-rp": { "interface": "eth1" }, "sa-limit": 0, "ttl-threshold": 1 }, "peers": { "peer": [ { "address": "198.51.100.8", "enabled": true, "tcp-connection-source": "eth1", "description": "x", "mesh-group": "x", "peer-as": 100, "sa-limit": 0, "timer": { "connect-retry-interval": 0, "holdtime-interval": 3, "keepalive-interval": 1 }, "ttl-threshold": 1, "session-state": "established", "elapsed-time": 5, "is-default-peer": true, "keepalive-expire": 1, "reset-count": 1, "statistics": { "discontinuity-time": "2020-02-22T12:22:33+02:00" } } ] }, "sa-cache": { "entry": [ { "group": "233.252.0.23", "source-addr": "192.0.2.50", "origin-rp": [ { "rp-address": "203.0.113.10", "is-local-rp": false, "sa-adv-expire": 50 } ], "state-attributes": { "up-time": 1000, "expire": 120, "holddown-interval": 150, "peer-learned-from": "198.51.100.8", "rpf-peer": "198.51.100.8" } } ] } } } ] } } } A.3. The Actions Example This example shows the input data (in JSON) for executing an "sa-cache clear" action to clear the cache of all entries that match the group address of 233.252.0.23. { "ietf-msdp:sa-cache": { "input": { "entry": { "group": "233.252.0.23" } } } } Acknowledgements The authors would like to thank Stig Venaas and Jake Holland for their valuable comments and suggestions. Contributors The authors would like to thank the following people for their valuable contributions. Yisong Liu Email: liuyisong@chinamobile.com Benchong Xu Email: xu.benchong@zte.com.cn Tanmoy Kundu Email: tanmoy.kundu@alcatel-lucent.com Authors' Addresses Xufeng Liu Volta Networks Email: xufeng.liu.ietf@gmail.com Zheng Zhang (editor) ZTE Corporation No. 50 Software Avenue, Yuhuatai District Nanjing China Email: zhang.zheng@zte.com.cn Anish Peter Individual Contributor Email: anish.ietf@gmail.com Mahesh Sivakumar Juniper Networks 1133 Innovation Way Sunnyvale, CA 94089 United States of America Email: sivakumar.mahesh@gmail.com Feng Guo Huawei Technologies Huawei Bldg., No. 156 Beiqing Rd. Beijing 100095 China Email: guofeng@huawei.com Pete McAllister Metaswitch Networks 100 Church Street Enfield EN2 6BQ United Kingdom Email: pete.mcallister@metaswitch.com