--- 1/draft-ietf-ospf-yang-07.txt 2017-07-02 01:13:08.631326731 -0700 +++ 2/draft-ietf-ospf-yang-08.txt 2017-07-02 01:13:08.815331119 -0700 @@ -1,25 +1,25 @@ Internet D. Yeung Internet-Draft Arrcus -Intended status: Informational Y. Qu -Expires: September 14, 2017 Huawei +Intended status: Standards Track Y. Qu +Expires: January 3, 2018 Huawei J. Zhang Juniper Networks I. Chen Jabil A. Lindem Cisco Systems - March 13, 2017 + July 2, 2017 Yang Data Model for OSPF Protocol - draft-ietf-ospf-yang-07 + draft-ietf-ospf-yang-08 Abstract This document defines a YANG data model that can be used to configure and manage OSPF. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. @@ -27,21 +27,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 14, 2017. + This Internet-Draft will expire on January 3, 2018. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -49,60 +49,59 @@ to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. Design of Data Model . . . . . . . . . . . . . . . . . . . . 3 - 2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2.2. OSPFv2 and OSPFv3 . . . . . . . . . . . . . . . . . . . . 5 - 2.3. Optional Features . . . . . . . . . . . . . . . . . . . . 5 - 2.4. Inheritance . . . . . . . . . . . . . . . . . . . . . . . 5 - 2.5. OSPF Router Configuration . . . . . . . . . . . . . . . . 5 - 2.6. OSPF Instance Configuration . . . . . . . . . . . . . . . 6 - 2.7. OSPF Area Configuration . . . . . . . . . . . . . . . . . 7 - 2.8. OSPF Interface Configuration . . . . . . . . . . . . . . 9 - 2.9. OSPF notification . . . . . . . . . . . . . . . . . . . . 11 - 2.10. OSPF RPC Operations . . . . . . . . . . . . . . . . . . . 15 - 3. OSPF Yang Module . . . . . . . . . . . . . . . . . . . . . . 15 - 4. Security Considerations . . . . . . . . . . . . . . . . . . . 95 - 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 95 - 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 96 - 6.1. Normative References . . . . . . . . . . . . . . . . . . 96 - 6.2. Informative References . . . . . . . . . . . . . . . . . 97 - Appendix A. Contributors' Addreses . . . . . . . . . . . . . . . 98 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 98 + 2.1. OSPF Operational State . . . . . . . . . . . . . . . . . 3 + 2.2. Overview . . . . . . . . . . . . . . . . . . . . . . . . 3 + 2.3. OSPFv2 and OSPFv3 . . . . . . . . . . . . . . . . . . . . 5 + 2.4. Optional Features . . . . . . . . . . . . . . . . . . . . 5 + 2.5. OSPF Router Configuration/Operational State . . . . . . . 5 + 2.6. OSPF Instance Configuration/Operational State . . . . . . 5 + 2.7. OSPF Area Configuration/Operational State . . . . . . . . 8 + 2.8. OSPF Interface Configuration/Operational State . . . . . 13 + 2.9. OSPF notification . . . . . . . . . . . . . . . . . . . . 16 + 2.10. OSPF RPC Operations . . . . . . . . . . . . . . . . . . . 20 + 3. OSPF Yang Module . . . . . . . . . . . . . . . . . . . . . . 20 + 4. Security Considerations . . . . . . . . . . . . . . . . . . . 100 + 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 101 + 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 101 + 6.1. Normative References . . . . . . . . . . . . . . . . . . 101 + 6.2. Informative References . . . . . . . . . . . . . . . . . 103 + Appendix A. Contributors' Addreses . . . . . . . . . . . . . . . 104 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 104 1. Overview YANG [RFC6020] is a data definition language used to define the contents of a conceptual data store that allows networked devices to be managed using NETCONF [RFC6241]. YANG is proving relevant beyond its initial confines, as bindings to other interfaces (e.g., ReST) and encodings other than XML (e.g., JSON) are being defined. Furthermore, YANG data models can be used as the basis for implementation of other interfaces, such as CLI and programmatic APIs. This document defines a YANG data model that can be used to configure and manage OSPF and it is an augmentation to the core routing data model. A core routing data model is defined in [RFC8022], and it provides the basis for the development of data models for routing protocols. The interface data model is defined in [RFC7223] and is used for referencing interfaces from the routing protocol. The key- - chain data model used for OSPF authentication is defined in - - [I-D.ietf-rtgwg-yang-key-chain] and provides both a reference to - configured key-chains and an enumeration of cryptographic algorithms. + chain data model used for OSPF authentication is defined in [RFC8177] + and provides both a reference to configured key-chains and an + enumeration of cryptographic algorithms. Both OSPFv2 [RFC2328] and OSPFv3 [RFC5340] are supported. In addition to the core OSPF protocol, features described in other OSPF RFCs are also supported. These includes demand circuit [RFC1793], traffic engineering [RFC3630], multiple address family [RFC5838], graceful restart [RFC3623] [RFC5187], NSSA [RFC3101], and OSPF(v3) as a PE-CE Protocol [RFC4577], [RFC6565]. These non-core features are optional in the OSPF data model. 1.1. Requirements Language @@ -110,52 +109,57 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Design of Data Model Although the basis of OSPF configuration elements like routers, areas, and interfaces remains the same, the detailed configuration model varies among router vendors. Differences are observed in terms of how the protocol engine is tied to the routing domain, how - multiple protocol engines are be instantiated, and configuration - inheritance, among others. + multiple protocol engines are be instantiated among others. The goal of this document is to define a data model that provides a common user interface to the OSPFv2 and OSPFv3 protocols. There is very little information that is designated as "mandatory", providing freedom for vendors to adapt this data model to their respective product implementations. -2.1. Overview +2.1. OSPF Operational State + + The OSPF operational state is included in the same tree as OSPF + configuration consistent with Network Management Datastore + Architecture [I-D.ietf-netmod-revised-datastores]. Consequently, + only the routing container in the ietf-routing model [RFC8022] is + augmented. The routing-state container is not augmented. + +2.2. Overview The OSPF YANG module defined in this document has all the common building blocks for the OSPF protocol. The OSPF YANG module augments the /routing/control-plane-protocols/ control-plane-protocol path defined in the ietf-routing module. module: ietf-ospf augment /rt:routing/rt:control-plane-protocols/ rt:control-plane-protocol: +--rw ospf - +--rw all-instances-inherit {instance-inheritance}? . . +--rw operation-mode? identityref +--rw instance* [af] . . +--rw areas | +--rw area* [area-id] | +--rw area-id area-id-type - | +--rw all-interfaces-inherit {interface-inheritance}? | . | . | +--rw virtual-links | | +--rw virtual-link* [transit-area-id router-id] | | . | | . | +--rw sham-links {pe-ce-protocol}? | | +--rw sham-link* [local-id remote-id] | | . | | . @@ -172,101 +176,81 @@ configuration construct that is identified by the local identifier 'name'. The field 'version' allows support for OSPFv2 and OSPFv3. The ospf container includes one or more OSPF protocol engines, each enclosed in a separate instance entity. Each instance includes information for the routing domain based on the [routing-instance af] specification. There is no default routing domain assumed by the data model. For example, to enable OSPF on a vendor's default IPv4 routing domain, an explicit instance entity with a specification like ["default" "ipv4-unicast"] is required. The instance also contains - OSPF router level configuration + OSPF router level configuration and operational state. + The instance/area and instance/area/interface containers respectively - define the OSPF configuration for OSPF areas and interfaces. + define the OSPF configuration and operational state for OSPF areas + and interfaces. - The instance/topology container defines the OSPF configuration for - OSPF topologies when the multi-topology feature is supported. + The instance/topology container defines the OSPF configuration and + operational state for OSPF topologies when the multi-topology feature + is supported. -2.2. OSPFv2 and OSPFv3 +2.3. OSPFv2 and OSPFv3 The data model defined herein supports both OSPFv2 and OSPFv3. The field 'version' is used to indicate the OSPF version and is mandatory. Based on the configured version, the data model varies to accommodate the differences between OSPFv2 and OSPFv3. -2.3. Optional Features +2.4. Optional Features Optional features are beyond the basic OSPF configuration and it is the responsibility of each vendor to decide whether to support a given feature on a particular device. This model defines a number of features, such as NSR, max-LSA, etc. It is expected that vendors will support additional features through - vendor specific augmentations. - -2.4. Inheritance - - This data model supports configuration inheritance at different - levels including instance-level, area-level, and interface-level - inheritance. - - The all-instances-inherit, all-areas-inherit, and all-interfaces- - inherit containers are defined to provide a consistent way to - configure inheritable configuration parameters. For example, - parameters defined in the all-instances-inherit container apply to - all OSPF instances. However, a particular instance configuration can - include leaves that override this inheritance. - - Inheritance is defined as an optional feature, and vendors are - permitted to augment the inheritance containers with their own vendor - specific parameters. + vendor-specific augmentations. -2.5. OSPF Router Configuration +2.5. OSPF Router Configuration/Operational State The ospf container is the top level container in this data model. It contains shared information among the OSPF instances configured within the container. module: ietf-ospf augment /rt:routing/rt:control-plane-protocols/ rt:control-plane-protocol: +--rw ospf - +--rw all-instances-inherit {instance-inheritance}? - | +--rw area - | +--rw interface +--rw operation-mode? identityref +--rw instance* [af] . . -2.6. OSPF Instance Configuration +2.6. OSPF Instance Configuration/Operational State The instance container represents an OSPF protocol engine and - contains the router level configuration. The routing domain for each - instance is dictated through the specification of [routing-instance - af]. - - The all-areas-inherit container contains area configuration that may - be inherited by configured OSPF areas in the OSPF instance. + contains the router level configuration and operational state. The + routing domain for each instance is dictated through the + specification of [routing-instance af]. The instance level + operational state includes the instance level statistics, IETF SPF + delay statistics, AS-Scoped Link State Database, local RIB, SPF Log, + and the LSA log. module: ietf-ospf augment /rt:routing/rt:control-plane-protocols/ rt:control-plane-protocol: +--rw ospf . . +--rw instance* [af] +--rw af identityref - +--rw all-areas-inherit {area-inheritance}? - | +--rw area - | +--rw interface +--rw explicit-router-id? rt-types:router-id | {explicit-router-id}? +--rw preference | +--rw (scope)? | +--:(single-value) | | +--rw all? uint8 | +--:(multi-values) | +--rw (granularity)? | | +--:(detail) | | | +--rw intra-area? uint8 @@ -303,55 +287,205 @@ | +--rw te-rid {te-rid}? | | +--rw ipv4-router-id? inet:ipv4-address | | +--rw ipv6-router-id? inet:ipv6-address | +--rw ldp | +--rw igp-sync? boolean {ldp-igp-sync}? +--rw fast-reroute {fast-reroute}? | +--rw lfa {lfa}? +--rw node-tags {node-tag}? | +--rw node-tag* [tag] | +--rw tag uint32 + +--ro router-id? + +--ro local-rib + | +--ro route* [prefix] + | +--ro prefix inet:ip-prefix + | +--ro next-hops + | | +--ro next-hop* [next-hop] + | | +--ro outgoing-interface? if:interface-ref + | | +--ro next-hop inet:ip-address + | +--ro metric? uint32 + | +--ro route-type? route-type + | +--ro route-tag? uint32 + +--ro statistics + | +--ro originate-new-lsa-count? yang:counter32 + | +--ro rx-new-lsas-count? yang:counter32 + | +--ro as-scope-lsa-count? yang:gauge32 + | +--ro as-scope-lsa-chksum-sum? uint32 + | +--ro database + | +--ro as-scope-lsa-type* + | +--ro lsa-type? uint16 + | +--ro lsa-count? yang:gauge32 + | +--ro lsa-cksum-sum? int32 + +--ro ietf-spf-delay + | +--ro initial-delay? uint16 + | +--ro short-delay? uint16 + | +--ro long-delay? uint16 + | +--ro hold-down? uint16 + | +--ro time-to-learn? uint16 + | +--ro current-state? enumeration + | +--ro remaining-time-to-learn? uint16 + | +--ro remaining-hold-down? uint16 + | +--ro last-event-received? yang:timestamp + | +--ro next-spf-time? yang:timestamp + | +--ro last-spf-time? yang:timestamp + +--ro database + | +--ro as-scope-lsa-type* [lsa-type] + | +--ro as-scope-lsas + | +--ro as-scope-lsa* [lsa-id adv-router] + | +--ro lsa-id union + | +--ro adv-router inet:ipv4-address + | +--ro decoded-completed? boolean + | +--ro raw-data? yang:hex-string + | +--ro (version)? + | +--:(ospfv2) + | | +--ro ospfv2 + . . + . . + | +--:(ospfv3) + | +--ro ospfv3 + . + . + +--ro spf-log + | +--ro event* [id] + | +--ro id uint32 + | +--ro spf-type? enumeration + | +--ro schedule-timestamp? yang:timestamp + | +--ro start-timestamp? yang:timestamp + | +--ro end-timestamp? yang:timestamp + | +--ro trigger-lsa* + | +--ro area-id? area-id-type + | +--ro link-id? union + | +--ro type? uint16 + | +--ro lsa-id? yang:dotted-quad + | +--ro adv-router? yang:dotted-quad + | +--ro seq-num? uint32 + +--ro lsa-log + | +--ro event* [id] + | +--ro id uint32 + | +--ro lsa + | | +--ro area-id? area-id-type + | | +--ro link-id? union + | | +--ro type? uint16 + | | +--ro lsa-id? yang:dotted-quad + | | +--ro adv-router? yang:dotted-quad + | | +--ro seq-num? uint32 + | +--ro received-timestamp? yang:timestamp + | +--ro reason? identityref . . -2.7. OSPF Area Configuration +2.7. OSPF Area Configuration/Operational State The area container contains OSPF area configuration and the list of interface containers representing all the OSPF interfaces in the - area. - - The all-interfaces-inherit contains interface configuration that may - be inherited by all OSPF area interfaces. + area. The area operational state includes the area statistics and + the area Link State Database (LSDB). module: ietf-ospf augment /rt:routing/rt:control-plane-protocols/ rt:control-plane-protocol: +--rw ospf . . +--rw instance* [af] +--rw areas | +--rw area* [area-id] | +--rw area-id area-id-type - | +--rw all-interfaces-inherit {interface-inheritance}? - | | +--rw interface | +--rw area-type? identityref | +--rw summary? boolean | +--rw default-cost? uint32 | +--rw ranges | | +--rw range* [prefix] | | +--rw prefix inet:ip-prefix | | +--rw advertise? boolean | | +--rw cost? uint24 + | +--ro statistics + | | +--ro spf-runs-count? yang:counter32 + | | +--ro abr-count? yang:gauge32 + | | +--ro asbr-count? yang:gauge32 + | | +--ro ar-nssa-translator-event-count? + | | yang:counter32 + | | +--ro area-scope-lsa-count? yang:gauge32 + | | +--ro area-scope-lsa-cksum-sum? int32 + | | +--ro database + | | +--ro area-scope-lsa-type* + | | +--ro lsa-type? uint16 + | | +--ro lsa-count? yang:gauge32 + | | +--ro lsa-cksum-sum? int32 + | +--ro database + | | +--ro area-scope-lsa-type* [lsa-type] + | | +--ro lsa-type uint16 + | | +--ro area-scope-lsas + | | +--ro area-scope-lsa* [lsa-id adv-router] + | | +--ro lsa-id union + . . . + . . . + | | +--ro (version)? + | | +--:(ospfv2) + | | | +--ro ospfv2 + | | | +--ro header + . . . . + . . . . + | | | +--ro body + | | | +--ro router + . . . . + . . . . + + | | | +--ro network + . . . . + . . . . + | | | +--ro summary + . . . . + . . . . + | | | +--ro external + . . . . + . . . . + | | | +--ro opaque + . . . . + . . . . + | | +--:(ospfv3) + | | +--ro ospfv3 + | | +--ro header + . . . + . . . + | | +--ro body + | | +--ro router + . . . + . . . + | | +--ro network + . . . + . . . + | | +--ro inter-area-prefix + . . . + . . . + | | +--ro inter-area-router + . . . + . . . + | | +--ro as-external + . . . + . . . + | | +--ro nssa + . . . + . . . + | | +--ro link + . . . + . . . + | | +--ro intra-area-prefix + . . . + . . . + | | +--ro router-information + . . . + . . . | +--rw virtual-links | | +--rw virtual-link* [transit-area-id router-id] - | | +--rw transit-area-id -> ../../../area-id + | | +--rw transit-area-id -> ../../../../ + | | area/area-id | | +--rw router-id rt-types:router-id | | +--rw hello-interval? uint16 | | +--rw dead-interval? uint32 | | +--rw retransmit-interval? uint16 | | +--rw transmit-delay? uint16 | | +--rw lls? boolean {lls}? | | +--rw ttl-security {ttl-security}? | | | +--rw enable? boolean | | | +--rw hops? uint8 | | +--rw enable? boolean @@ -360,20 +494,60 @@ | | +--rw (auth-type-selection)? | | +--:(auth-ipsec) | | {ospfv3-authentication-ipsec}? | | | +--rw sa? string | | +--:(auth-trailer-key-chain) | | | +--rw key-chain? | | key-chain:key-chain-ref | | +--:(auth-trailer-key) | | +--rw key? string | | +--rw crypto-algorithm? identityref + | | +--ro cost? uint16 + | | +--ro state? if-state-type + | | +--ro hello-timer? uint32 + | | +--ro wait-timer? uint32 + | | +--ro dr-router-id? rt-types:router-id + | | +--ro dr-ip-addr? inet:ip-address + | | +--ro bdr-router-id? rt-types:router-id + | | +--ro bdr-ip-addr? inet:ip-address + | | +--ro statistics + | | | +--ro if-event-count? yang:counter32 + | | | +--ro link-scope-lsa-count? yang:gauge32 + | | | +--ro link-scope-lsa-cksum-sum? + | | | uint32 + | | | +--ro database + | | | +--ro link-scope-lsa-type* + | | | +--ro lsa-type? uint16 + | | | +--ro lsa-count? yang:gauge32 + | | | +--ro lsa-cksum-sum? int32 + | | +--ro neighbors + | | | +--ro neighbor* [neighbor-router-id] + | | | +--ro neighbor-router-id + | | | rt-types:router-id + | | | +--ro address? inet:ip-address + | | | +--ro dr-router-id? rt-types:router-id + | | | +--ro dr-ip-addr? inet:ip-address + | | | +--ro bdr-router-id? rt-types:router-id + | | | +--ro bdr-ip-addr? inet:ip-address + | | | +--ro state? nbr-state-type + | | | +--ro dead-timer? uint32 + | | | +--ro statistics + | | | +--ro nbr-event-count? + | | | yang:counter32 + | | | +--ro nbr-retrans-qlen? + | | | yang:gauge32 + | | +--ro database + | | +--ro link-scope-lsa-type* [lsa-type] + | | +--ro lsa-type uint16 + | | +--ro link-scope-lsas + . . + . . | +--rw sham-links {pe-ce-protocol}? | | +--rw sham-link* [local-id remote-id] | | +--rw local-id inet:ip-address | | +--rw remote-id inet:ip-address | | +--rw hello-interval? uint16 | | +--rw dead-interval? uint32 | | +--rw retransmit-interval? uint16 | | +--rw transmit-delay? uint16 | | +--rw lls? boolean {lls}? | | +--rw ttl-security {ttl-security}? @@ -390,26 +564,66 @@ | | | | +--rw key-chain? | | | key-chain:key-chain-ref | | | +--:(auth-trailer-key) | | | +--rw key? string | | | +--rw crypto-algorithm? identityref | | +--rw cost? uint16 | | +--rw mtu-ignore? boolean | | {mtu-ignore}? | | +--rw prefix-suppression? boolean | | {prefix-suppression}? + | | +--ro state? if-state-type + | | +--ro hello-timer? uint32 + | | +--ro wait-timer? uint32 + | | +--ro dr-router-id? rt-types:router-id + | | +--ro dr-ip-addr? inet:ip-address + | | +--ro bdr-router-id? rt-types:router-id + | | +--ro bdr-ip-addr? inet:ip-address + | | +--ro statistics + | | | +--ro if-event-count? yang:counter32 + | | | +--ro link-scope-lsa-count? yang:gauge32 + | | | +--ro link-scope-lsa-cksum-sum? + | | | uint32 + | | | +--ro database + | | | +--ro link-scope-lsa-type* + | | | +--ro lsa-type? uint16 + | | | +--ro lsa-count? yang:gauge32 + | | | +--ro lsa-cksum-sum? int32 + | | +--ro neighbors + | | | +--ro neighbor* [neighbor-router-id] + | | | +--ro neighbor-router-id + | | | rt-types:router-id + | | | +--ro address? inet:ip-address + | | | +--ro dr-router-id? rt-types:router-id + | | | +--ro dr-ip-addr? inet:ip-address + | | | +--ro bdr-router-id? rt-types:router-id + | | | +--ro bdr-ip-addr? inet:ip-address + | | | +--ro state? nbr-state-type + | | | +--ro dead-timer? uint32 + | | | +--ro statistics + | | | +--ro nbr-event-count? + | | | yang:counter32 + | | | +--ro nbr-retrans-qlen? + | | | yang:gauge32 + | | +--ro database + | | +--ro link-scope-lsa-type* [lsa-type] + | | +--ro lsa-type uint16 + | | +--ro link-scope-lsas . . . . -2.8. OSPF Interface Configuration +2.8. OSPF Interface Configuration/Operational State - The interface container contains OSPF interface configuration. + The interface container contains OSPF interface configuration and + operational state. The interface operational state includes the + statistics, list of neighbors, and link-local Link State database + (LSDB). module: ietf-ospf augment /rt:routing/rt:control-plane-protocols/ rt:control-plane-protocol: +--rw ospf . . +--rw instance* [af] . . @@ -464,20 +678,59 @@ | | | +--rw key-chain? | | | key-chain:key-chain-ref | | +--:(auth-trailer-key) | | +--rw key? string | | +--rw crypto-algorithm? identityref | +--rw cost? uint16 | +--rw mtu-ignore? boolean | | {mtu-ignore}? | +--rw prefix-suppression? boolean | | {prefix-suppression}? + | +--ro state? if-state-type + | +--ro hello-timer? uint32 + | +--ro wait-timer? uint32 + | +--ro dr-router-id? rt-types:router-id + | +--ro dr-ip-addr? inet:ip-address + | +--ro bdr-router-id? rt-types:router-id + | +--ro bdr-ip-addr? inet:ip-address + | +--ro statistics + | | +--ro if-event-count? yang:counter32 + | | +--ro link-scope-lsa-count? yang:gauge32 + | | +--ro link-scope-lsa-cksum-sum? + | | uint32 + | | +--ro database + | | +--ro link-scope-lsa-type* + | | +--ro lsa-type? uint16 + | | +--ro lsa-count? yang:gauge32 + | | +--ro lsa-cksum-sum? int32 + | +--ro neighbors + | | +--ro neighbor* [neighbor-router-id] + | | +--ro neighbor-router-id + | | rt-types:router-id + | | +--ro address? inet:ip-address + | | +--ro dr-router-id? rt-types:router-id + | | +--ro dr-ip-addr? inet:ip-address + | | +--ro bdr-router-id? rt-types:router-id + | | +--ro bdr-ip-addr? inet:ip-address + | | +--ro state? nbr-state-type + | | +--ro dead-timer? uint32 + | | +--ro statistics + | | +--ro nbr-event-count? + | | yang:counter32 + | | +--ro nbr-retrans-qlen? + | | yang:gauge32 + | +--ro database + | . +--ro link-scope-lsa-type* [lsa-type] + | . +--ro lsa-type uint16 + | . +--ro link-scope-lsas + . . + . . | +--rw topologies {ospf:multi-topology}? | | +--rw topology* [name] | | +--rw name -> ../../../../../../../../ | | ../../../rt:ribs/rib/name | | +--rw cost? uint32 | +--rw instance-id? uint8 . . 2.9. OSPF notification @@ -672,21 +925,21 @@ | + control-plane-protocol/name | +---w interface? if:interface-ref +---x clear-database +---w input +---w routing-protocol-name -> /rt:routing/control-plane-protocols/ control-plane-protocol/name 3. OSPF Yang Module - file "ietf-ospf@2017-03-12.yang" + file "ietf-ospf@2017-07-01.yang" module ietf-ospf { namespace "urn:ietf:params:xml:ns:yang:ietf-ospf"; prefix ospf; import ietf-inet-types { prefix "inet"; } import ietf-yang-types { @@ -694,77 +947,90 @@ } import ietf-interfaces { prefix "if"; } import ietf-routing-types { prefix "rt-types"; } + import iana-routing-types { + prefix "iana-rt-types"; + } import ietf-routing { prefix "rt"; } + import ietf-key-chain { prefix "key-chain"; } organization - "Cisco Systems - 170 West Tasman Drive - San Jose, CA 95134-1706 - USA"; + "IETF OSPF - OSPF Working Group"; contact - "WG Web: + "WG Web: WG List: - WG Chair: Acee Lindem - - - WG Chair: Abhay Roy - - Editor: Derek Yeung - Author: Derek Yeung - + Author: Acee Lindem + Author: Yingzhen Qu Author: Jeffrey Zhang Author: Ing-Wher Chen Author: Dean Bogdanovic Author: Kiran Agrahara Sreenivasa "; description "This YANG module defines the generic configuration and operational state for the OSPF protocol common to all vendor implementations. It is intended that the module will be extended by vendors to define vendor-specific OSPF configuration parameters and policies, for example route maps or route policies. - Terms and Acronyms - - OSPF (ospf): Open Shortest Path First + Copyright (c) 2017 IETF Trust and the persons identified as + authors of the code. All rights reserved. - IP (ip): Internet Protocol - IPv4 (ipv4):Internet Protocol Version 4 + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + This version of this YANG module is part of RFC XXXX; + see the RFC itself for full legal notices."; - IPv6 (ipv6): Internet Protocol Version 6 + reference "RFC XXXX"; - MTU (mtu) Maximum Transmission Unit + revision 2017-07-01 { + description + "* Restructure model to conform to NMDA. + * Remove features for instance, area and interface + inheritance. + * Update static neighbor identifier description to + allow for router-id, ipv4-address, and ipv6-address. + * Added spf-log and lsa-log. + * Use dotted-quad for OSPFv2 LSA ID. + * Fix virtual-link transit-area-id leafref path and + must statement. "; + reference + "RFC XXXX: A YANG Data Model for OSPF."; + } revision 2017-03-12 { description "* Update authors information. * Rename admin distance to preference. * Rename network type to interface type. * Add ietf-spf-delay as a feature. * Add node-tag as a feature and update LSA definition accordingly. * Remove LDP IGP autoconfig. @@ -914,20 +1181,152 @@ "RFC XXXX: A YANG Data Model for OSPF."; } revision 2015-03-09 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for OSPF."; } + feature multi-topology { + description + "Support Multiple-Topolgy Routing (MTR)."; + } + + feature multi-area-adj { + description + "OSPF multi-area adjacency support as in RFC 5185."; + } + feature explicit-router-id { + description + "Set Router-ID per instance explicitly."; + } + + feature demand-circuit { + description + "OSPF demand circuit support as in RFC 1793."; + } + + feature mtu-ignore { + description + "Disable OSPF Database Description packet MTU + mismatch checking."; + } + + feature lls { + description + "OSPF link-local signaling (LLS) as in RFC 5613."; + } + + feature prefix-suppression { + description + "OSPF prefix suppression support as in RFC 6860."; + } + + feature ttl-security { + description + "OSPF TTL security check."; + } + + feature nsr { + description + "Non-Stop-Routing (NSR)."; + } + + feature graceful-restart { + description + "Graceful OSPF Restart as defined in RFC 3623 and + RFC 5187."; + } + + feature admin-control { + description + "Administrative control of the protocol state."; + } + + feature auto-cost { + description + "Calculate OSPF interface cost according to + reference bandwidth."; + } + + feature max-ecmp { + description + "Setting maximum number of ECMP paths."; + } + + feature max-lsa { + description + "Setting maximum number of LSAs the OSPF instance + will accept."; + } + + feature te-rid { + description + "TE Router-ID."; + } + + feature ldp-igp-sync { + description + "LDP IGP synchronization."; + } + + feature ospfv3-authentication-ipsec { + description + "Use IPsec for OSPFv3 authentication."; + } + + feature fast-reroute { + description + "Support of IP Fast Reroute (IP-FRR)."; + } + + feature node-flag { + description + "Support of node flag."; + } + + feature node-tag { + description + "Support of node tag."; + } + + feature lfa { + description + "Support of Loop Free Alternates (LFAs)."; + } + feature remote-lfa { + description + "Support of Remote Loop Free Alternates (R-LFA)."; + } + + feature stub-router { + description + "Support of RFC 6987 OSPF Stub Router Advertisement."; + } + + feature pe-ce-protocol { + description + "Support PE-CE protocol"; + } + + feature ietf-spf-delay { + description + "Support of IETF SPF delay algorithm."; + } + + feature bfd { + description + "Support of BFD."; + } + identity ospfv2 { base "rt:routing-protocol"; description "OSPFv2"; } identity ospfv3 { base "rt:routing-protocol"; description "OSPFv3"; } @@ -954,23 +1354,51 @@ identity stub { base area-type; description "OSPF stub area."; } identity nssa { base area-type; description "OSPF NSSA area."; } + identity lsa-log-reason { + description + "Base identity for an LSA log reason."; + } + + identity lsa-refresh { + base lsa-log-reason; + description + "Identity used when the LSA is logged + as a result of receiving a refresh LSA."; + } + + identity lsa-content-change { + base lsa-log-reason; + description + "Identity used when the LSA is logged + as a result of a change in the content + of the LSA."; + } + + identity lsa-purge { + base lsa-log-reason; + description + "Identity used when the LSA is logged + as a result of being purged."; + } + typedef uint24 { type uint32 { range "0 .. 16777215"; + } description "24-bit unsigned integer."; } typedef area-id-type { type yang:dotted-quad; description "Area ID type."; } @@ -1215,166 +1642,20 @@ } typedef checksum16-type { type string { pattern '(0x)?[0-9a-fA-F]{4}'; } description "16-bit checksum in hex-string format 0xXXXX."; } - feature multi-topology { - description - "Support Multiple-Topolgy Routing (MTR)."; - } - - feature multi-area-adj { - description - "OSPF multi-area adjacency support as in RFC 5185."; - } - feature explicit-router-id { - description - "Set Router-ID per instance explicitly."; - } - feature demand-circuit { - description - "OSPF demand circuit support as in RFC 1793."; - } - - feature mtu-ignore { - description - "Disable OSPF Database Description packet MTU - mismatch checking."; - } - - feature lls { - description - "OSPF link-local signaling (LLS) as in RFC 5613."; - } - - feature prefix-suppression { - description - "OSPF prefix suppression support as in RFC 6860."; - } - - feature ttl-security { - description - "OSPF TTL security check."; - } - - feature nsr { - description - "Non-Stop-Routing (NSR)."; - } - - feature graceful-restart { - description - "Graceful OSPF Restart as defined in RFC 3623 and - RFC 5187."; - } - - feature admin-control { - description - "Administrative control of the protocol state."; - } - - feature auto-cost { - description - "Calculate OSPF interface cost according to - reference bandwidth."; - } - feature max-ecmp { - description - "Setting maximum number of ECMP paths."; - } - - feature max-lsa { - description - "Setting maximum number of LSAs the OSPF instance - will accept."; - } - - feature te-rid { - description - "TE Router-ID."; - } - - feature ldp-igp-sync { - description - "LDP IGP synchronization."; - } - - feature ospfv3-authentication-ipsec { - description - "Use IPsec for OSPFv3 authentication."; - } - - feature fast-reroute { - description - "Support of IP Fast Reroute (IP-FRR)."; - } - - feature node-flag { - description - "Support of node flag."; - } - - feature node-tag { - description - "Support of node tag."; - } - - feature lfa { - description - "Support of Loop Free Alternates (LFAs)."; - } - - feature remote-lfa { - description - "Support of Remote Loop Free Alternates (R-LFA)."; - } - - feature stub-router { - description - "Support of RFC 6987 OSPF Stub Router Advertisement."; - } - - feature instance-inheritance { - description - "Support instance inheritance"; - } - - feature area-inheritance { - description - "Support area inheritance"; - } - - feature interface-inheritance { - description - "Support interface inheritance"; - } - - feature pe-ce-protocol { - description - "Support PE-CE protocol"; - } - - feature ietf-spf-delay { - description - "Support of IETF SPF delay algorithm."; - } - - feature bfd { - description - "Support of BFD."; - } - grouping tlv { description "TLV"; leaf type { type uint16; description "TLV type."; } leaf length { type uint16; description "TLV length."; @@ -2204,28 +2483,29 @@ bit DN { description "When a type 3, 5 or 7 LSA is sent from a PE to a CE, the DN bit must be set. See RFC 4576."; } } mandatory true; description "LSA options."; } leaf lsa-id { - type inet:ipv4-address; + type yang:dotted-quad; mandatory true; description "LSA ID."; } leaf opaque-type { type uint8; description "Opaque type."; + } leaf opaque-id { type uint24; description "Opaque ID."; } uses lsa-header; } container body { @@ -2286,21 +2567,21 @@ uses ospfv3-lsa; } } } grouping lsa-key { description "OSPF LSA key."; leaf lsa-id { type union { - type inet:ipv4-address; + type yang:dotted-quad; type uint32; } description "LSA ID."; } leaf adv-router { type inet:ipv4-address; description "Advertising router."; } @@ -2732,21 +3012,22 @@ container static-neighbors { description "Statically configured neighbors."; list neighbor { key "identifier"; description "Specify a static OSPF neighbor."; leaf identifier { type inet:ip-address; - description "Neighbor IPv4 address or router ID."; + description + "Neighbor router ID, IPv4 address, or IPv6 address."; } leaf cost { type uint16 { range "1..65535"; } description "Neighbor cost."; } leaf poll-interval { type uint16 { @@ -2781,139 +3062,149 @@ description "True if BFD is enabled for the OSPF interface."; } } uses interface-fast-reroute-config; uses interface-common-config; uses interface-physical-link-config; } // grouping interface-config - grouping neighbor-operation { + grouping neighbor-state { description - "OSPF neighbor operation data."; + "OSPF neighbor operational state."; leaf address { type inet:ip-address; + config false; description "Neighbor address."; } leaf dr-router-id { type rt-types:router-id; + config false; description "Neighbor's Designated Router (DR) router ID."; } leaf dr-ip-addr { type inet:ip-address; + config false; description "Neighbor's Designated Router (DR) IP address."; } leaf bdr-router-id { type rt-types:router-id; + config false; description "Neighbor's Backup Designated Router (BDR) router ID."; } leaf bdr-ip-addr { type inet:ip-address; + config false; description "Neighbor's Backup Designated Router (BDR) IP Address."; } leaf state { type nbr-state-type; + config false; description "OSPF neighbor state."; } leaf dead-timer { type uint32; units "seconds"; + config false; description "This timer tracks the remaining time before the neighbor is declared dead."; } container statistics { + config false; description "Per neighbor statistics"; uses neighbor-stat; } } - grouping interface-common-operation { + grouping interface-common-state { description - "OSPF interface common operation state."; + "OSPF interface common operational state."; + reference "RFC2328 Section 9"; leaf state { type if-state-type; + config false; description "Interface state."; } leaf hello-timer { type uint32; units "seconds"; + config false; description "This timer tracks the remaining time before the next hello packet is sent."; } leaf wait-timer { type uint32; units "seconds"; + config false; description "This timer tracks the remaining time before the interface exits the Waiting state."; } leaf dr-router-id { type rt-types:router-id; + config false; description "Designated Router (DR) router ID."; } leaf dr-ip-addr { type inet:ip-address; + config false; description "Designated Router (DR) IP address."; } leaf bdr-router-id { type rt-types:router-id; + config false; description "Backup Designated Router (BDR) router ID."; } + leaf bdr-ip-addr { type inet:ip-address; + config false; description "Backup Designated Router (BDR) IP Address."; } - container statistics { + config false; description "Per interface statistics"; uses interface-stat; } container neighbors { + config false; description "All neighbors for the interface."; list neighbor { key "neighbor-router-id"; description "List of OSPF neighbors."; leaf neighbor-router-id { type rt-types:router-id; description "Neighbor router ID."; } - uses neighbor-operation; + uses neighbor-state; } // list of OSPF neighbors } - } // interface-common-operation - - grouping interface-operation { - description - "OSPF interface operation state."; - reference "RFC2328 Section 9"; - - uses interface-common-operation; - container database { + config false; description "Link scope LSA database."; list link-scope-lsa-type { key "lsa-type"; description "List OSPF link scope LSA databases."; leaf lsa-type { type uint16; description "OSPF link scope LSA type."; } container link-scope-lsas { @@ -2934,56 +3225,64 @@ must "../../../../../../../../../../../" + "rt:type = 'ospf:ospfv3'" { description "OSPFv3 LSA."; } } } } } } // list link-scope-lsas } + } // interface-common-state + + grouping interface-state { + description + "OSPF interface operational state."; + reference "RFC2328 Section 9"; + + uses interface-common-state; } grouping virtual-link-config { description "OSPF virtual link configuration state."; uses interface-common-config; } - grouping virtual-link-operation { + grouping virtual-link-state { description - "OSPF virtual link operation state."; + "OSPF virtual link operational state."; leaf cost { type uint16 { range "1..65535"; } + config false; description "Virtual link interface cost."; } - uses interface-common-operation; + uses interface-common-state; } grouping sham-link-config { description "OSPF sham link configuration state."; uses interface-common-config; uses interface-physical-link-config; } - - grouping sham-link-operation { + grouping sham-link-state { description - "OSPF sham link operation state."; - - uses interface-common-operation; + "OSPF sham link operational state."; + /* All container/leaf should be config false. */ + uses interface-common-state; } grouping af-area-config { description "OSPF address-family specific area config state."; container ranges { description "Container for summary ranges"; list range { @@ -3040,39 +3339,27 @@ description "Set the summary default route cost for a stub or NSSA area."; } } grouping area-config { description "OSPF area configuration state."; - container all-interfaces-inherit { - if-feature interface-inheritance; - description - "Inheritance for all interfaces"; - container interface { - description - "Interface config to be inherited by all - interfaces in the area."; - } - } - leaf area-type { type identityref { base area-type; } default normal; description "Area type."; - } uses area-common-config; uses af-area-config { when "../../../operation-mode = " + "'ospf:ships-in-the-night'" { description "Ships in the night configuration."; } @@ -3072,30 +3359,32 @@ uses af-area-config { when "../../../operation-mode = " + "'ospf:ships-in-the-night'" { description "Ships in the night configuration."; } } } - grouping area-operation { + grouping area-state { description - "OSPF area operation state."; + "OSPF area operational state."; container statistics { + config false; description "Per area statistics"; uses area-stat; } container database { + config false; description "Area scope LSA database."; list area-scope-lsa-type { key "lsa-type"; description "List OSPF area scope LSA databases."; leaf lsa-type { type uint16; description "OSPF area scope LSA type."; } container area-scope-lsas { description @@ -3121,20 +3410,21 @@ } } } } // list area-scope-lsas } } grouping local-rib { description "Local-rib grouping."; container local-rib { + config false; description "Local-rib."; list route { key "prefix"; description "Routes"; leaf prefix { type inet:ip-prefix; description "Destination prefix."; } container next-hops { description "All next hops for the route."; @@ -3197,60 +3487,66 @@ type uint16; units msec; description "Duration used to learn all the IGP events related to a single component failure."; } description "Grouping for IETF SPF delay configuration."; } - grouping ietf-spf-delay-operation { + grouping ietf-spf-delay-state { leaf current-state { type enumeration { enum "QUIET" { description "QUIET state"; } enum "SHORT_WAIT" { description "SHORT_WAIT state"; } enum "LONG_WAIT" { description "LONG_WAIT state"; } } + config false; description "Current state of the algorithm."; } leaf remaining-time-to-learn { type uint16; units "seconds"; + config false; description "Remaining time until time-to-learn timer fires."; } leaf remaining-hold-down { type uint16; units "seconds"; + config false; description "Remaining time until hold-down timer fires."; } leaf last-event-received { type yang:timestamp; + config false; description "Time of last IGP event received"; } leaf next-spf-time { type yang:timestamp; + config false; description "Time when next SPF has been scheduled."; } leaf last-spf-time { type yang:timestamp; + config false; description "Time of last SPF computation."; } description "Grouping for IETF SPF delay operational states."; } grouping node-tag-config { description "OSPF node tag config state."; @@ -3268,35 +3564,20 @@ } description "Container for node tags."; } } grouping instance-config { description "OSPF instance config state."; - container all-areas-inherit { - if-feature area-inheritance; - description - "Inheritance for all areas."; - container area { - description - "Area config to be inherited by all areas."; - } - container interface { - description - "Interface config to be inherited by all interfaces - in all areas."; - } - } - leaf explicit-router-id { if-feature explicit-router-id; type rt-types:router-id; description "Defined in RFC 2328. A 32-bit number that uniquely identifies the router."; } container preference { description "Route preference config state."; @@ -3500,47 +3783,50 @@ type boolean; description "Enable LDP IGP synchronization."; } } } uses instance-fast-reroute-config; uses node-tag-config; } - grouping instance-operation { + grouping instance-state { description - "OSPF Address Family operation state."; + "OSPF instance operational state."; leaf router-id { type rt-types:router-id; + config false; description "Defined in RFC 2328. A 32-bit number that uniquely identifies the router."; } - uses local-rib; container statistics { + config false; description "Per instance statistics"; uses instance-stat; } container ietf-spf-delay { if-feature ietf-spf-delay; + config false; uses ietf-spf-delay-config; - uses ietf-spf-delay-operation; + uses ietf-spf-delay-state; description "IETF SPF delay operational states."; } container database { + config false; description "AS scope LSA database."; list as-scope-lsa-type { key "lsa-type"; description "List OSPF AS scope LSA databases."; leaf lsa-type { type uint16; description "OSPF AS scope LSA type."; } container as-scope-lsas { description "All AS scope of LSA of this LSA type."; @@ -3556,58 +3842,46 @@ } } refine "version/ospfv3/ospfv3" { must "../../../../../../../rt:type = " + "'ospf:ospfv3'" { description "OSPFv3 LSA."; } } } } + } } // list as-scope-lsas } + uses spf-log; + uses lsa-log; } grouping ospf-config { description "OSPF top configuration state."; - container all-instances-inherit { - if-feature instance-inheritance; - description - "Inheritance support to all instances."; - container area { - description - "Area config to be inherited by all areas - in all instances."; - } - container interface { - description - "Interface config to be inherited by all - interfaces in all instances."; - } - } - leaf operation-mode { type identityref { base operation-mode; } default ospf:ships-in-the-night; description "OSPF operation mode."; } } - grouping ospf-operation { + grouping ospf-state { + /* All leaf/container must be config false. */ description - "OSPF top operation state."; + "OSPF top operational state."; } grouping multi-topology-area-common-config { description "OSPF multi-topology area common configuration state."; leaf summary { when "../../../../../areas/area[area-id=current()/../area-id]/" + "area-type = 'ospf:stub' or " + "../../../../../areas/area[area-id=current()/../area-id]/" + "area-type = 'ospf:nssa'" { @@ -3635,195 +3910,359 @@ "Set the summary default route cost for a stub or NSSA area."; } } grouping multi-topology-area-config { description "OSPF multi-topology area configuration state."; uses multi-topology-area-common-config; + uses af-area-config { when "../../../../../operation-mode = " + "'ospf:ships-in-the-night'" { description "Ships in the night configuration."; } } } - grouping multi-topology-area-operation { + grouping multi-topology-area-state { + /* All leaf/container must be config false. */ description - "OSPF multi-topology area operation state."; + "OSPF multi-topology area operational state."; } grouping multi-topology-config { description "OSPF multi-topology configuration state."; } - grouping multi-topology-operation { + grouping multi-topology-state { + /* All leaf/container must be config false. */ description - "OSPF multi-topology operation state."; + "OSPF multi-topology operational state."; uses local-rib; } grouping multi-topology-interface-config { description "OSPF multi-topology configuration state."; leaf cost { type uint32; description "Interface cost for this topology."; } } - grouping multi-topology-interface-operation { + grouping multi-topology-interface-state { + /* All leaf/container must be config false. */ description - "OSPF multi-topology operation state."; + "OSPF multi-topology operational state."; } grouping ospfv3-interface-config { description "OSPFv3 interface specific configuration state."; leaf instance-id { type uint8 { range "0 .. 31"; } description "OSPFv3 instance ID."; } } - grouping ospfv3-interface-operation { + grouping ospfv3-interface-state { description - "OSPFv3 interface specific operation state."; + "OSPFv3 interface specific operational state."; leaf interface-id { type uint16; + config false; description "OSPFv3 interface ID."; } } + grouping lsa-identifiers { + description + "The parameters that uniquely identify an LSA."; + leaf area-id { + type area-id-type; + description + "Area ID"; + + } + leaf link-id { + type union { + type inet:ipv4-address; + type yang:dotted-quad; + } + description "Link ID."; + } + leaf type { + type uint16; + description + "LSA type."; + } + leaf lsa-id { + type yang:dotted-quad; + description "LSA ID."; + } + leaf adv-router { + type yang:dotted-quad; + description + "LSA advertising router."; + } + leaf seq-num { + type uint32; + description + "LSA sequence number."; + } + } + + grouping spf-log { + description + "Grouping for SPF log."; + container spf-log { + config false; + description + "This container lists the SPF log."; + list event { + key id; + description + "List of SPF logs. + It is used as a wrapping buffer."; + leaf id { + type uint32; + description + "This leaf defines the event identifier. + This is a purely internal value."; + } + leaf spf-type { + type enumeration { + enum full { + description + "Computation done is a Full SPF."; + } + enum intra { + description + "Computation done is only for intra-area routes."; + } + enum inter { + description + "Computation done is only for inter-area + summary routes."; + } + enum external { + description + "Computation done is only for AS external routes."; + } + } + description + "The SPF computation type."; + } + leaf schedule-timestamp { + type yang:timestamp; + description + "This leaf describes the timestamp + when the computation was scheduled."; + } + leaf start-timestamp { + type yang:timestamp; + description + "This leaf describes the timestamp + when the computation was started."; + } + leaf end-timestamp { + type yang:timestamp; + description + "This leaf describes the timestamp + when the computation was completed."; + } + list trigger-lsa { + description + "The list of LSAs that triggered the computation."; + uses lsa-identifiers; + } + } + } + } + grouping lsa-log { + description + "Grouping for LSA log."; + container lsa-log { + config false; + description + "This conatiner lists the LSA log. + Local LSA modifications are also included + in the list."; + list event { + key id; + description + "List of LSA logs. + It is used as a wrapping buffer."; + leaf id { + type uint32; + description + "This leaf defines the event identifier. + This is a purely internal value."; + } + container lsa { + description + "This container describes the logged LSA."; + uses lsa-identifiers; + } + leaf received-timestamp { + type yang:timestamp; + description + "This leaf describes the timestamp + when the LSA was received. In case of + local LSA update, the timestamp refers + to the local LSA update time."; + } + leaf reason { + type identityref { + base lsa-log-reason; + } + description + "This leaf describes the reason + that resulted in this LSA log."; + } + } + } + } + augment "/rt:routing/rt:control-plane-protocols/" + "rt:control-plane-protocol" { when "rt:type = 'ospf:ospfv2' or rt:type = 'ospf:ospfv3'" { description "This augmentation is only valid for a routing protocol instance of OSPF (type 'ospfv2' or 'ospfv3')."; } description "OSPF augmentation."; container ospf { description "OSPF."; uses ospf-config; + uses ospf-state; list instance { key "af"; description "An OSPF routing protocol instance."; leaf af { type identityref { - base rt-types:address-family; + base iana-rt-types:address-family; } description "Address-family of the instance."; } uses instance-config; + uses instance-state; + container areas { description "All areas."; list area { key "area-id"; description "List of OSPF areas"; leaf area-id { type area-id-type; description "Area ID."; } uses area-config; + uses area-state; container virtual-links { when "../area-id = '0.0.0.0' and " + "../area-type = 'ospf:normal'" { description - "Virutal links must be in backbone area."; + "Virtual links must be in backbone area."; } description "All virtual links."; list virtual-link { key "transit-area-id router-id"; description "OSPF virtual link"; leaf transit-area-id { type leafref { - path "../../../area-id"; + path "../../../../area/area-id"; } - must "current() != '0.0.0.0'" { + must "../../../../area[area-id=current()]/" + + "area-id != '0.0.0.0' and " + + "../../../../area[area-id=current()]/" + + "area-type = 'ospf:normal'" { error-message "Virtual link transit area must " + "be non-zero."; description "Virtual-link trasit area must be non-zero area."; } description "Virtual link tranist area ID."; } leaf router-id { type rt-types:router-id; description "Virtual Link remote endpoint router ID."; } uses virtual-link-config; + uses virtual-link-state; } } container sham-links { if-feature pe-ce-protocol; description "All sham links."; list sham-link { key "local-id remote-id"; description "OSPF sham link"; leaf local-id { type inet:ip-address; description "Address of the local Sham Link endpoint."; } leaf remote-id { type inet:ip-address; description "Address of the remote Sham Link endpoint."; } uses sham-link-config; + uses sham-link-state; } } container interfaces { description "All interfaces."; list interface { key "name"; description "List of OSPF interfaces."; leaf name { type if:interface-ref; description "Interface name."; } uses interface-config; + uses interface-state; } // list of interfaces } } // list of areas } } // list of instance } // container ospf } augment "/rt:routing/rt:control-plane-protocols/" + "rt:control-plane-protocol/ospf:ospf/ospf:instance" { @@ -3845,33 +4284,35 @@ key "name"; description "OSPF topology."; leaf name { type leafref { path "../../../../../../../rt:ribs/rt:rib/rt:name"; } description "RIB"; } uses multi-topology-config; + uses multi-topology-state; container areas { description "All areas in the topology."; list area { key "area-id"; description "List of OSPF areas"; leaf area-id { type area-id-type; description "Area ID."; } uses multi-topology-area-config; + uses multi-topology-area-state; } } } } } augment "/rt:routing/rt:control-plane-protocols/" + "rt:control-plane-protocol/ospf:ospf/ospf:instance/" + "ospf:areas/ospf:area/ospf:interfaces/ospf:interface" { when "../../../../../../rt:type = 'ospf:ospfv2'" { @@ -3884,244 +4325,44 @@ augmentation."; container topologies { description "All topologies for the interface."; list topology { key "name"; description "OSPF interface topology."; leaf name { type leafref { path "../../../../../../../../../../../" + "rt:ribs/rt:rib/rt:name"; + } description "One of the topologies enabled on this interface."; } uses multi-topology-interface-config; + uses multi-topology-interface-state; } } } augment "/rt:routing/rt:control-plane-protocols/" + "rt:control-plane-protocol/ospf:ospf/ospf:instance/" + "ospf:areas/ospf:area/ospf:interfaces/ospf:interface" { when "../../../../../../rt:type = 'ospf:ospfv3'" { description "This augmentation is only valid for OSPFv3."; } description "OSPFv3 interface specific configuration state augmentation."; uses ospfv3-interface-config; - } - - augment "/rt:routing-state/" - + "rt:control-plane-protocols/rt:control-plane-protocol" { - when "rt:type = 'ospf:ospfv2' or " - + "rt:type = 'ospf:ospfv3'" { - description - "This augmentation is only valid for a routing protocol - instance of type 'ospfv2' or 'ospfv3'."; - } - description - "OSPF operational state."; - container ospf { - description "OSPF"; - - uses ospf-config; - uses ospf-operation; - list instance { - key "af"; - description - "An OSPF routing protocol instance."; - - leaf af { - type identityref { - base rt-types:address-family; - } - description - "Address-family of the instance."; - } - - uses instance-config; - uses instance-operation; - - container areas { - description "All areas"; - list area { - key "area-id"; - description "List of OSPF areas"; - leaf area-id { - type area-id-type; - description "Area ID."; - } - - uses area-config; - uses area-operation; - - container virtual-links { - description "All virtual links."; - list virtual-link { - description - "OSPF virtual link"; - leaf transit-area-id { - type leafref { - path "../../../area-id"; - } - description - "Virutal link transit area ID."; - } - leaf router-id { - type rt-types:router-id; - description - "Virtual link router ID."; - } - - uses virtual-link-config; - uses virtual-link-operation; - } - } - container sham-links { - description "All sham links."; - list sham-link { - description - "OSPF sham link"; - leaf local-id { - type inet:ip-address; - description - "Address of the local Sham Link endpoint."; - } - leaf remote-id { - type inet:ip-address; - description - "Address of the remote Sham Link endpoint."; - } - uses sham-link-config; - uses sham-link-operation; - } - } - - container interfaces { - description "All interfaces in the area."; - list interface { - key "name"; - description - "List of OSPF interfaces."; - leaf name { - // Should it refer to config state leaf? - type if:interface-ref; - description "Interface name."; - } - - uses interface-config; - uses interface-operation; - } // list of OSPF interfaces - } - } // list of OSPF areas - } - } // list of instances - } // container ospf - } - - augment "/rt:routing-state/" - + "rt:control-plane-protocols/rt:control-plane-protocol/" - + "ospf:ospf/ospf:instance" { - - when "../../rt:type = 'ospf:ospfv2'" { - description - "This augmentation is only valid for OSPFv2."; - } - if-feature multi-topology; - description - "OSPF multi-topology instance operation state - augmentation."; - container topologies { - description "All topologies."; - list topology { - // Topology must be in the same routing-instance - // and of same AF as the container. - key "name"; - description "OSPF topology."; - leaf name { - type leafref { - path "../../../../../../../" - + "rt:ribs/rt:rib/rt:name"; - } - description "RIB"; - } - - uses multi-topology-config; - uses multi-topology-operation; - - container areas { - description "All areas in the topology."; - list area { - key "area-id"; - description - "List of OSPF areas"; - leaf area-id { - type area-id-type; - description - "Area ID."; - } - uses multi-topology-area-config; - uses multi-topology-area-operation; - } - } - } - } - } - - augment "/rt:routing-state/" - + "rt:control-plane-protocols/rt:control-plane-protocol/" - + "ospf:ospf/ospf:instance/ospf:areas/ospf:area/" - + "ospf:interfaces/ospf:interface" { - when "../../../../../../rt:type = 'ospf:ospfv2'" { - description - "This augmentation is only valid for OSPFv2."; - } - if-feature ospf:multi-topology; - description - "OSPF multi-topology interface operation state - augmentation."; - container topologies { - description "All topologies."; - list topology { - key "name"; - description "OSPF interface topology."; - leaf name { - type leafref { - path "../../../../../../../../../../../" - + "rt:ribs/rt:rib/rt:name"; - } - description - "One of the topologies enabled on this interface."; - } - uses multi-topology-interface-config; - uses multi-topology-interface-operation; - } - } - } - - augment "/rt:routing-state/" - + "rt:control-plane-protocols/rt:control-plane-protocol/" - + "ospf:ospf/ospf:instance/ospf:areas/ospf:area/" - + "ospf:interfaces/ospf:interface" { - when "../../../../../../rt:type = 'ospf:ospfv3'" { - description - "This augmentation is only valid for OSPFv3."; - } - description - "OSPFv3 interface specific operation state - augmentation."; - uses ospfv3-interface-config; - uses ospfv3-interface-operation; + uses ospfv3-interface-state; } grouping route-content { description "This grouping defines OSPF-specific route attributes."; leaf metric { type uint32; description "OSPF route metric."; } leaf tag { @@ -4529,24 +4774,66 @@ description "This notification is sent when the graceful restart state for the router has changed."; } } 4. Security Considerations - The data model defined does not create any security implications. + The YANG module defined in this document is designed to be accessed + via network management protocols such as NETCONF [RFC6241] or + RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport + layer, and the mandatory-to-implement secure transport is Secure + Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the + mandatory-to-implement secure transport is TLS [RFC5246]. - This draft does not change any underlying security issues inherent in - [RFC8022]. + The NETCONF access control model [RFC6536] provides the means to + restrict access for particular NETCONF or RESTCONF users to a pre- + configured subset of all available NETCONF or RESTCONF protocol + operations and content. + + There are a number of data nodes defined in this YANG module that are + writable/creatable/deletable (i.e., config true, which is the + default). These data nodes may be considered sensitive or vulnerable + in some network environments. Write operations (e.g., edit-config) + to these data nodes without proper protection can have a negative + effect on network operations. For OSPF, the ability to modify OSPF + configuration will allow the entire OSPF domain to be compromised + including peering with unauthorized routers to misroute traffic or + mount a massive Denial-of-Service (DoS) attack. The security + considerations of OSPFv2 [RFC2328] and [RFC5340]. + + Some of the readable data nodes in this YANG module may be considered + sensitive or vulnerable in some network environments. It is thus + important to control read access (e.g., via get, get-config, or + notification) to these data nodes. The exposure of the Link State + Database (LSDB) will expose the detailed topology of the network. + This may be undesirable since both due to the fact that exposure may + facilitate other attacks. Additionally, network operators may + consider their topologies to be propritary. + + For OSPF authentication, configuration is supported via the + specification of key-chains [RFC8177] or the direct specification of + key and authentication algorithm. Hence, authentification + configuration using the "auth-table-trailer" case in the + "authentication" container inherits the security considerations of + [RFC8177]. This includes the considerations with respect to the + local storage and handling of authentication keys. + + Some of the RPC operations in this YANG module may be considered + sensitive or vulnerable in some network environments. It is thus + important to control access to these operations. The OSPF Yang + module support the "clear-neighbor" and "clear-database" RPCs. If + access too either of these is compromised, they can result in + temporary network outages be employed to mount DoS attacks. 5. Acknowledgements The authors wish to thank Yi Yang, Alexander Clemm, Gaurav Gupta, Ladislav Lhotka, Stephane Litkowski, Greg Hankins, Manish Gupta and Alan Davey for their thorough reviews and helpful comments. This document was produced using Marshall Rose's xml2rfc tool. 6. References @@ -4586,20 +4873,25 @@ [RFC4750] Joyal, D., Ed., Galecki, P., Ed., Giacalone, S., Ed., Coltun, R., and F. Baker, "OSPF Version 2 Management Information Base", RFC 4750, DOI 10.17487/RFC4750, December 2006, . [RFC5187] Pillay-Esnault, P. and A. Lindem, "OSPFv3 Graceful Restart", RFC 5187, DOI 10.17487/RFC5187, June 2008, . + [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security + (TLS) Protocol Version 1.2", RFC 5246, + DOI 10.17487/RFC5246, August 2008, + . + [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, . [RFC5643] Joyal, D., Ed. and V. Manral, Ed., "Management Information Base for OSPFv3", RFC 5643, DOI 10.17487/RFC5643, August 2009, . [RFC5838] Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and R. Aggarwal, "Support of Address Families in OSPFv3", @@ -4609,39 +4901,58 @@ [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010, . [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, . + [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure + Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, + . + + [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration + Protocol (NETCONF) Access Control Model", RFC 6536, + DOI 10.17487/RFC6536, March 2012, + . + [RFC6565] Pillay-Esnault, P., Moyer, P., Doyle, J., Ertekin, E., and M. Lundberg, "OSPFv3 as a Provider Edge to Customer Edge (PE-CE) Routing Protocol", RFC 6565, DOI 10.17487/RFC6565, June 2012, . [RFC7223] Bjorklund, M., "A YANG Data Model for Interface Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, . [RFC8022] Lhotka, L. and A. Lindem, "A YANG Data Model for Routing Management", RFC 8022, DOI 10.17487/RFC8022, November 2016, . + [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF + Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, + . + + [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. + Zhang, "YANG Data Model for Key Chains", RFC 8177, + DOI 10.17487/RFC8177, June 2017, + . + 6.2. Informative References - [I-D.ietf-rtgwg-yang-key-chain] - Lindem, A., Qu, Y., Yeung, D., Chen, I., Zhang, Z., and Y. - Yang, "Routing Key Chain YANG Data Model", draft-ietf- - rtgwg-yang-key-chain-15 (work in progress), February 2017. + [I-D.ietf-netmod-revised-datastores] + Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., + and R. Wilton, "Network Management Datastore + Architecture", draft-ietf-netmod-revised-datastores-02 + (work in progress), May 2017. Appendix A. Contributors' Addreses Dean Bogdanovic Volta Networks, Inc. EMail: dean@voltanet.io Kiran Koushik Agrahara Sreenivasa Cisco Systems