--- 1/draft-ietf-dhc-dhcpv6-yang-16.txt 2021-01-29 08:13:17.974934852 -0800 +++ 2/draft-ietf-dhc-dhcpv6-yang-17.txt 2021-01-29 08:13:18.134938943 -0800 @@ -1,25 +1,25 @@ DHC Working Group Y. Cui Internet-Draft L. Sun Intended status: Standards Track Tsinghua University -Expires: 11 July 2021 I. Farrer +Expires: 2 August 2021 I. Farrer S.Z. Zechlin Deutsche Telekom AG Z. He Tsinghua University M. Nowikowski Internet Systems Consortium - 7 January 2021 + 29 January 2021 YANG Data Model for DHCPv6 Configuration - draft-ietf-dhc-dhcpv6-yang-16 + draft-ietf-dhc-dhcpv6-yang-17 Abstract This document describes YANG data modules for the configuration and management of DHCPv6 servers, relays, and clients. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and @@ -35,21 +35,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on 11 July 2021. + This Internet-Draft will expire on 2 August 2021. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights @@ -62,55 +62,48 @@ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Extensibility of the DHCPv6 Server YANG Module . . . . . 3 1.2.1. DHCPv6 Option Definitions . . . . . . . . . . . . . . 4 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. DHCPv6 Tree Diagrams . . . . . . . . . . . . . . . . . . . . 5 2.1. DHCPv6 Server Tree Diagram . . . . . . . . . . . . . . . 5 2.2. DHCPv6 Relay Tree Diagram . . . . . . . . . . . . . . . . 12 2.3. DHCPv6 Client Tree Diagram . . . . . . . . . . . . . . . 14 - 3. DHCPv6 YANG Modules . . . . . . . . . . . . . . . . . . . . . 17 - 3.1. DHCPv6 Server YANG Module . . . . . . . . . . . . . . . . 17 - 3.2. DHCPv6 Relay YANG Module . . . . . . . . . . . . . . . . 32 - 3.3. DHCPv6 Client YANG Module . . . . . . . . . . . . . . . . 41 - 3.4. RFC8415 Server Options YANG Module . . . . . . . . . . . 50 - 3.5. RFC8415 Relay Options YANG Module . . . . . . . . . . . . 58 - 3.6. RFC8415 Client Options YANG Module . . . . . . . . . . . 62 - 3.7. DHCPv6 Common YANG Module . . . . . . . . . . . . . . . . 69 - 4. Security Considerations . . . . . . . . . . . . . . . . . . . 73 - 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 74 - 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 75 - 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 75 - 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 76 - 8.1. Normative References . . . . . . . . . . . . . . . . . . 76 - 8.2. Informative References . . . . . . . . . . . . . . . . . 78 + 3. DHCPv6 YANG Modules . . . . . . . . . . . . . . . . . . . . . 18 + 3.1. DHCPv6 Server YANG Module . . . . . . . . . . . . . . . . 18 + 3.2. DHCPv6 Relay YANG Module . . . . . . . . . . . . . . . . 35 + 3.3. DHCPv6 Client YANG Module . . . . . . . . . . . . . . . . 44 + 3.4. DHCPv6 Common YANG Module . . . . . . . . . . . . . . . . 56 + 4. Security Considerations . . . . . . . . . . . . . . . . . . . 63 + 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 64 + 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 64 + 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 65 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 65 + 8.1. Normative References . . . . . . . . . . . . . . . . . . 65 + 8.2. Informative References . . . . . . . . . . . . . . . . . 67 Appendix A. Example of Augmenting Additional DHCPv6 Option - Definitions . . . . . . . . . . . . . . . . . . . . . . . 78 + Definitions . . . . . . . . . . . . . . . . . . . . . . . 67 Appendix B. Example Vendor Specific Server Configuration - Module . . . . . . . . . . . . . . . . . . . . . . . . . 82 + Module . . . . . . . . . . . . . . . . . . . . . . . . . 71 Appendix C. Example definition of class selector - configuration . . . . . . . . . . . . . . . . . . . . . . 88 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 95 + configuration . . . . . . . . . . . . . . . . . . . . . . 77 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 84 1. Introduction DHCPv6 [RFC8415] is widely used for supplying configuration and other relevant parameters to clients in IPv6 networks. This document defines YANG modules for the configuration and management of DHCPv6 servers, relays and clients. Separate 'element' modules are defined - for each of these. There is an additional module per-element - defining DHCP options which are relevant for that element (taken from - the options defined in [RFC8415]). - - Additionally, a 'common' module contains typedefs and groupings used - by all of the element modules. + for each of these. Additionally, a 'common' module contains typedefs + and groupings used by all of the element modules. It is worth noting that as DHCPv6 is itself a client configuration protocol, it is not the intention of this document to provide a replacement for the allocation of DHCPv6 assigned addressing and parameters by using NETCONF/YANG. The DHCPv6 client module is intended for the configuration and monitoring of the DHCPv6 client function and does not play a part in the normal DHCPv6 message flow. 1.1. Scope @@ -132,42 +125,42 @@ level of variance between implementations is too great to attempt to standardize in a way that is useful without being restrictive. However, it is recognized that implementation specific configuration and management is also an essential part of DHCP deployment and operations. To resolve this, Appendix B contains an example YANG module for the configuration of implementation specific functions, illustrating how this functionality can be augmented into the main 'ietf-dhcpv6-server.yang' module. - In DHCPv6 the concept of 'class selection' for messages received by + In DHCPv6, the concept of 'class selection' for messages received by the server is common. This is the identification and classification of messages based on a number of parameters so that the correct provisioning information can be supplied. For example, allocating a prefix from the correct pool, or supplying a set of options relevant for a specific vendor's client implementation. During the development of this document, research has been carried out into a number of vendor's class selection implementations and the findings were that while this function is common to all, the method for configuring and implementing this function differs greatly. Therefore, configuration of the class selection function has been omitted from the DHCPv6 server module to allow implementors to define their own suitable YANG module. Appendix C provides an example of this, to demonstrate how this is can be integrated with the main 'ietf-dhcpv6-server.yang' module. 1.2.1. DHCPv6 Option Definitions A large number of DHCPv6 options have been created in addition to - those defined in [RFC8415]. As implementations differ widely in - which DHCPv6 options that they support, the following approach has - been taken to defining options: Only the DHCPv6 options defined in + those defined in [RFC8415]. As implementations differ widely as to + which DHCPv6 options they support, the following approach has been + taken to defining options: Only the DHCPv6 options defined in [RFC8415] are included in this document. Of these, only the options that require operator configuration are modelled. E.g. OPTION_IA_NA (3) is created by the DHCP server when requested by the client. The contents of the fields in the option are based on a number of input configuration parameters which the server will apply when it receives the request (e.g., the T1/T2 timers that are relevant for the pool of addresses). As a result, there are no fields that are directly configurable in the option, so it is not modelled. @@ -189,27 +182,26 @@ used in tree diagrams are defined in [RFC8340]. The reader should be familiar with DHCPv6 relevant terminology as defined in [RFC8415] and other relevant documents. 2. DHCPv6 Tree Diagrams 2.1. DHCPv6 Server Tree Diagram The tree diagram in Figure 1 provides an overview of the DHCPv6 - server module. The tree also includes the augmentations of the - relevant option definitions from Section 3.4 and the common functions - module Section 3.7. + server module. The tree also includes the common functions module + Section 3.4. module: ietf-dhcpv6-server - +--rw dhcpv6-node-type? identityref +--rw dhcpv6-server + +--rw enabled? boolean +--rw server-duid | +--rw type-code? uint16 | +--rw (duid-type)? | | +--:(duid-llt) | | | +--rw duid-llt-hardware-type? uint16 | | | +--rw duid-llt-time? yang:timeticks | | | +--rw duid-llt-link-layer-address? | | | yang:mac-address | | +--:(duid-en) | | | +--rw duid-en-enterprise-number? uint32 @@ -219,59 +211,54 @@ | | | +--rw duid-ll-link-layer-address? | | | yang:mac-address | | +--:(duid-uuid) | | | +--rw uuid? yang:uuid | | +--:(duid-unstructured) | | +--rw data? binary | +--ro active-duid? binary +--rw vendor-config +--rw option-sets | +--rw option-set* [option-set-id] - | +--rw option-set-id - | | uint32 - | +--rw description? - | | string - | +--rw rfc8415-srv:preference-option - | | +--rw rfc8415-srv:pref-value? uint8 - | +--rw rfc8415-srv:auth-option - | | +--rw rfc8415-srv:protocol? uint8 - | | +--rw rfc8415-srv:algorithm? uint8 - | | +--rw rfc8415-srv:rdm? uint8 - | | +--rw rfc8415-srv:replay-detection? uint64 - | | +--rw rfc8415-srv:auth-information? string - | +--rw rfc8415-srv:server-unicast-option - | | +--rw rfc8415-srv:server-address? - | | inet:ipv6-address - | +--rw rfc8415-srv:status-code-option - | | +--rw rfc8415-srv:status-code? uint16 - | | +--rw rfc8415-srv:status-message? string - | +--rw rfc8415-srv:rapid-commit-option! - | +--rw rfc8415-srv:vendor-specific-information-option - | | +--rw rfc8415-srv:vendor-specific-information-option- - instances* + | +--rw option-set-id uint32 + | +--rw description? string + | +--rw preference-option + | | +--rw pref-value? uint8 + | +--rw auth-option + | | +--rw protocol? uint8 + | | +--rw algorithm? uint8 + | | +--rw rdm? uint8 + | | +--rw replay-detection? uint64 + | | +--rw auth-information? string + | +--rw server-unicast-option + | | +--rw server-address? inet:ipv6-address + | +--rw status-code-option + | | +--rw status-code? uint16 + | | +--rw status-message? string + | +--rw rapid-commit-option! + | +--rw vendor-specific-information-option + | | +--rw vendor-specific-information-option-instances* | | [enterprise-number] - | | +--rw rfc8415-srv:enterprise-number uint32 - | | +--rw rfc8415-srv:vendor-option-data* - | | [sub-option-code] - | | +--rw rfc8415-srv:sub-option-code uint16 - | | +--rw rfc8415-srv:sub-option-data? string - | +--rw rfc8415-srv:reconfigure-message-option - | | +--rw rfc8415-srv:msg-type? uint8 - | +--rw rfc8415-srv:reconfigure-accept-option! - | +--rw rfc8415-srv:info-refresh-time-option - | | +--rw rfc8415-srv:info-refresh-time? + | | +--rw enterprise-number uint32 + | | +--rw vendor-option-data* [sub-option-code] + | | +--rw sub-option-code uint16 + | | +--rw sub-option-data? string + | +--rw reconfigure-message-option + | | +--rw msg-type? uint8 + | +--rw reconfigure-accept-option! + | +--rw info-refresh-time-option + | | +--rw info-refresh-time? | | dhcpv6-common:timer-seconds32 - | +--rw rfc8415-srv:sol-max-rt-option - | | +--rw rfc8415-srv:sol-max-rt-value? + | +--rw sol-max-rt-option + | | +--rw sol-max-rt-value? | | dhcpv6-common:timer-seconds32 - | +--rw rfc8415-srv:inf-max-rt-option - | +--rw rfc8415-srv:inf-max-rt-value? + | +--rw inf-max-rt-option + | +--rw inf-max-rt-value? | dhcpv6-common:timer-seconds32 +--rw class-selector +--rw network-ranges +--rw option-set-id* leafref +--rw valid-lifetime? | dhcpv6-common:timer-seconds32 +--rw renew-time? | dhcpv6-common:timer-seconds32 +--rw rebind-time? | dhcpv6-common:timer-seconds32 @@ -448,22 +435,21 @@ | +--:(declined-prefix) | +--ro prefix? inet:ipv6-prefix +---n non-success-code-sent +--ro status-code uint16 +--ro duid? binary Figure 1: DHCPv6 Server Data Module Structure Descriptions of important nodes: - * dhcpv6-node-type: The different functional DHCPv6 elements each - have their relevant identities. + * enabled: Enables/disables the function of the server. * dhcpv6-server: This container holds the server's DHCPv6 specific configuration. * server-duid: Each server must have a DUID (DHCP Unique Identifier) to identify itself to clients. A DUID consists of a two-octet type field and an arbitrary length (of no more than 128-bytes) content field. Currently there are four defined types of DUIDs in [RFC8415] and [RFC6355]: DUID-LLT, DUID-EN, DUID-LL, and DUID- UUID. DUID-Unknown is used for arbitrary DUID formats which do @@ -477,37 +463,38 @@ configuration of the device to be augmented. See Appendix B for an example of such a module. * option-sets: The server can be configured with multiple option- sets. These are groups of DHCPv6 options with common parameters which will be supplied to clients on request. The 'option-set-id' field is used to reference an option-set elsewhere in the server's configuration. * option-set: Holds configuration parameters for DHCPv6 options. - The initial set of definitions are contained in the module 'ietf- - dhcpv6-options-rfc8415-server.yang' and are augmented into the - server module at this point. Other DHCPv6 option modules can be - augmented here as required. + The initial set of applicable option definitions are defined here + and additional options that are also relevant to the relay and/or + client are imported from the 'ietf-dhcpv6-common' module. Where + needed, other DHCPv6 option modules can be augmented as they are + defined. * class-selector: This is provided as a location for additional implementation specific YANG nodes for vendor specific class selector nodes to be augmented. See Appendix C for an example of this. - * network-ranges: This module uses a hierarchical model for the - allocation of addresses and prefixes. At the top level 'network- - ranges' holds global configuration parameters. Under this, a list - of 'network-ranges' can be defined. Inside 'network-rages', - 'address-pools' (for IA_NA and IA_TA allocations), and 'prefix- - pools' (for IA_PD allocation) are defined. Finally within the - pools, specific host-reservations are held. + * network-ranges: A hierarchical model is used for the allocation of + addresses and prefixes. At the top level 'network-ranges' holds + global configuration parameters. Under this, a list of 'network- + ranges' can be defined. Inside 'network-rages', 'address-pools' + (for IA_NA and IA_TA allocations), and 'prefix-pools' (for IA_PD + allocation) are defined. Finally within the pools, specific host- + reservations are held. * prefix-pools: Defines pools to be used for prefix delegation to clients. As prefix delegation is not supported by all DHCPv6 server implementations, it is enabled by a feature statement. Information about notifications: * address/prefix-pool-utilization-threshold-exceeded: Raised when number of leased addresses or prefixes exceeds the configured usage threshold. @@ -516,43 +503,55 @@ client. A description of the error that has generated the notification can be included. * decline-received: Raised when a DHCPv6 Decline message is received from a client. * non-success-code-sent: Raised when a status message is raised for an error. Information about RPCs + * delete-address-lease: Allows the deletion of a lease for an individual IPv6 address from the server's lease database. * delete-prefix-lease: Allows the deletion of a lease for an individual IPv6 prefix from the server's lease database. 2.2. DHCPv6 Relay Tree Diagram The tree diagram in Figure 2 provides an overview of the DHCPv6 relay - module. The tree also includes the augmentations of the relevant - option definitions from Section 3.5 and the common functions module - Section 3.7. + module. The tree also includes the common functions module + Section 3.4. module: ietf-dhcpv6-relay - +--rw dhcpv6-node-type? identityref +--rw dhcpv6-relay + +--rw enabled? boolean +--rw relay-if* [if-name] | +--rw if-name | | if:interface-ref + | +--rw enabled? boolean | +--rw destination-addresses* | | inet:ipv6-address | +--rw link-address? binary | +--rw relay-options + | | +--rw auth-option + | | | +--rw protocol? uint8 + | | | +--rw algorithm? uint8 + | | | +--rw rdm? uint8 + | | | +--rw replay-detection? uint64 + | | | +--rw auth-information? string + | | +--rw status-code-option + | | | +--rw status-code? uint16 + | | | +--rw status-message? string + | | +--rw interface-id-option + | | +--rw interface-id? string | +--ro solicit-received-count? uint32 | +--ro advertise-sent-count? uint32 | +--ro request-received-count? uint32 | +--ro confirm-received-count? uint32 | +--ro renew-received-count? uint32 | +--ro rebind-received-count? uint32 | +--ro reply-sent-count? uint32 | +--ro release-received-count? uint32 | +--ro decline-received-count? uint32 | +--ro reconfigure-sent-count? uint32 @@ -595,47 +594,53 @@ +---n relay-event +--ro topology-change +--ro relay-if-name? | -> /dhcpv6-relay/relay-if/if-name +--ro last-ipv6-addr? inet:ipv6-address Figure 2: DHCPv6 Relay Data Module Structure Descriptions of important nodes: - * dhcpv6-node-type: The different functional DHCPv6 elements each - have their relevant identities. + * enabled: Globally enables/disables all DHCPv6 relay functions. * dhcpv6-relay: This container holds the relay's DHCPv6 specific configuration. * relay-if: As a relay may have multiple client-facing interfaces, they are configured in a list. The if-name leaf is the key and is an interface-ref to the applicable interface defined by the 'ietf- interfaces' YANG module. + * enabled: Enables/disables all DHCPv6 relay function for the + specific interface. + * destination-addresses: Defines a list of IPv6 addresses that client messages will be relayed to. May include unicast or multicast addresses. * link-address: Configures the value that the relay will put into the link-address field of Relay-Forward messages. * prefix-delegation: As prefix delegation is not supported by all DHCPv6 relay implementations, it is enabled by this feature statement where required. * pd-leases: Contains read-only nodes for holding information about active delegated prefix leases. - * relay-options: As with the Server module, DHCPv6 options that can - be sent by the relay are augmented here. + * relay-options: Holds configuration parameters for DHCPv6 options + which can be sent by the relay. The initial set of applicable + option definitions are defined here and additional options that + are also relevant to the server and/or client are imported from + the 'ietf-dhcpv6-common' module. Where needed, other DHCPv6 + option modules can be augmented as they are defined. Information about notifications: * topology-changed: Raised when the topology of the relay agent is changed, e.g. a client facing interface is reconfigured. Information about RPCs * clear-prefix-lease: Allows the removal of a delegated lease entry from the relay. @@ -643,50 +648,75 @@ * clear-client-prefixes: Allows the removal of all of the delegated lease entries for a single client (referenced by client DUID) from the relay. * clear-interface-prefixes: Allows the removal of all of the delegated lease entries from an interface on the relay. 2.3. DHCPv6 Client Tree Diagram The tree diagram in Figure 3 provides an overview of the DHCPv6 - client module. The tree also includes the augmentations of the - relevant option definitions from Section 3.6 and the common functions - module Section 3.7. + client module. The tree also includes the common functions module + Section 3.4. module: ietf-dhcpv6-client - +--rw dhcpv6-node-type? identityref +--rw dhcpv6-client + +--rw enabled? boolean +--rw client-if* [if-name] +--rw if-name | if:interface-ref + +--rw enabled? boolean +--rw type-code? uint16 +--rw (duid-type)? | +--:(duid-llt) | | +--rw duid-llt-hardware-type? uint16 | | +--rw duid-llt-time? yang:timeticks | | +--rw duid-llt-link-layer-address? | | yang:mac-address | +--:(duid-en) | | +--rw duid-en-enterprise-number? uint32 | | +--rw duid-en-identifier? string | +--:(duid-ll) | | +--rw duid-ll-hardware-type? uint16 | | +--rw duid-ll-link-layer-address? | | yang:mac-address | +--:(duid-uuid) | | +--rw uuid? yang:uuid | +--:(duid-unstructured) | +--rw data? binary +--ro active-duid? binary +--rw client-configured-options + | +--rw option-request-option + | | +--rw oro-option* uint16 + | +--rw status-code-option + | | +--rw status-code? uint16 + | | +--rw status-message? string + | +--rw rapid-commit-option! + | +--rw user-class-option + | | +--rw user-class-data* [user-class-datum-id] + | | +--rw user-class-datum-id uint8 + | | +--rw user-class-datum? string + | +--rw vendor-class-option + | | +--rw vendor-class-option-instances* + | | [enterprise-number] + | | +--rw enterprise-number uint32 + | | +--rw vendor-class* [vendor-class-datum-id] + | | +--rw vendor-class-datum-id uint8 + | | +--rw vendor-class-datum? string + | +--rw vendor-specific-information-option + | | +--rw vendor-specific-information-option-instances* + | | [enterprise-number] + | | +--rw enterprise-number uint32 + | | +--rw vendor-option-data* [sub-option-code] + | | +--rw sub-option-code uint16 + | | +--rw sub-option-data? string + | +--rw reconfigure-accept-option! +--rw ia-na* [iaid] | +--rw iaid uint32 | +--rw ia-na-options | +--ro lease-state | +--ro ia-na-address? inet:ipv6-address | +--ro preferred-lifetime? | | dhcpv6-common:timer-seconds32 | +--ro valid-lifetime? | | dhcpv6-common:timer-seconds32 | +--ro lease-t1? @@ -752,46 +782,56 @@ | -> /dhcpv6-client/client-if/ia-na/iaid +--ro lease-ia-ta? | -> /dhcpv6-client/client-if/ia-ta/iaid +--ro lease-ia-pd? -> /dhcpv6-client/client-if/ia-pd/iaid Figure 3: DHCPv6 Client Data Module Structure Descriptions of important nodes: - * dhcpv6-node-type: The different functional DHCPv6 elements each - have their relevant identities. + * enabled: Globally enables/disables all DHCPv6 client functions. * dhcpv6-client: This container holds the client's DHCPv6 specific configuration. * client-if: As a client may have multiple interfaces requesting configuration over DHCP, they are configured in a list. The if- name leaf is the key and is an interface-ref to the applicable interface defined by the 'ietf-interfaces' YANG module. + * enabled: Enables/disables all DHCPv6 client function for the + specific interface. + * client-duid: Each DHCP client must have a DUID (DHCP Unique - Identifier) to identify itself to clients. A DUID consists of a - two-octet type field and an arbitrary length (of no more than - 128-bytes) content field. Currently there are four defined types - of DUIDs in [RFC8415]: DUID-LLT, DUID-EN, DUID-LL, and DUID-UUID. - DUID-Unknown is used for arbitrary DUID formats which do not - follow any of these defined types. 'active-duid' is a read-only - field that the client's current DUID can be retrieved from. The - DUID definitions are imported from the 'ietf-dhcpv6-common.yang' - module. DUID is configured under the 'client-if' to allow a - client to have different DUIDs for each interface if required. + Identifier) to identify itself to servers and relays. A DUID + consists of a two-octet type field and an arbitrary length (of no + more than 128-bytes) content field. Currently there are four + defined types of DUIDs in [RFC8415]: DUID-LLT, DUID-EN, DUID-LL, + and DUID-UUID. DUID-Unknown is used for arbitrary DUID formats + which do not follow any of these defined types. 'active-duid' is + a read-only field that the client's current DUID can be retrieved + from. The DUID definitions are imported from the 'ietf- + dhcpv6-common.yang' module. DUID is configured under the 'client- + if' to allow a client to have different DUIDs for each interface + if required. + + * client-configured-options: Holds configuration parameters for + DHCPv6 options which can be sent by the client. The initial set + of applicable option definitions are defined here and additional + options that are also relevant to the relay and/or server are + imported from the 'ietf-dhcpv6-common' module. Where needed, + other DHCPv6 option modules can be augmented as they are defined. * ia-na, ia-ta, ia-pd: Contains configuration nodes relevant for - requesting one or more of each of the lease types. Also contains - read only nodes related to active leases. + requesting one or more of each of the lease types. Read-only + nodes related to the active lease are also located here. Information about notifications: * invalid-ia-detected: Raised when the identity association of the client can be proved to be invalid. Possible conditions include: duplicated address, illegal address, etc. * retransmission-failed: Raised when the retransmission mechanism defined in [RFC8415] has failed. @@ -849,24 +890,30 @@ Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 8513; see the RFC itself for full legal notices."; + revision 2021-01-29 { + description "Version update for draft -17 publication."; + reference "I-D: draft-ietf-dhc-dhcpv6-yang-17"; + } + revision 2021-01-06 { description "Version update for draft -16 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; } + revision 2020-12-22 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; } revision 2020-12-10 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-13"; } @@ -900,35 +947,20 @@ revision 2017-12-22 { description "Resolve most issues on Ian's github."; reference "I-D: draft-ietf-dhc-dhcpv6-yang"; } revision 2017-11-24 { description "First version of the separated server specific YANG model."; reference "I-D: draft-ietf-dhc-dhcpv6-yang"; } - /* - * Identities - */ - - identity server { - base "dhcpv6-common:dhcpv6-node"; - description "DHCPv6 server identity."; - } - - leaf dhcpv6-node-type { - type identityref { - base "dhcpv6-common:dhcpv6-node"; - } - description "Type for a DHCPv6 server."; - } /* * Features */ feature prefix-delegation { description "Denotes that the server implements DHCPv6 prefix delegation."; } @@ -1073,26 +1104,121 @@ description "Number of Reconfigure (10) messages sent."; } leaf information-request-count { type uint32; config "false"; description "Number of Information-request (11) messages received."; } } + grouping preference-option-group { + description "OPTION_PREFERENCE (7) Preference Option."; + reference "RFC8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)"; + container preference-option { + description "OPTION_PREFERENCE (7) Preference Option + container."; + leaf pref-value { + type uint8; + description "The preference value for the server in this + message. A 1-octet unsigned integer."; + } + } + } + + grouping server-unicast-option-group { + description "OPTION_UNICAST (12) Server Unicast Option."; + reference "RFC8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)"; + container server-unicast-option { + description "OPTION_UNICAST (12) Server Unicast Option + container."; + leaf server-address { + type inet:ipv6-address; + description "The 128-bit address to which the client + should send messages delivered using unicast."; + } + + } + } + + grouping reconfigure-message-option-group { + description "OPTION_RECONF_MSG (19) Reconfigure Message + Option."; + reference "RFC8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)"; + container reconfigure-message-option { + description "OPTION_RECONF_MSG (19) Reconfigure Message + Option."; + leaf msg-type { + type uint8; + description "5 for Renew message, 6 for Rebind message, + 11 for Information-request message."; + } + } + } + + grouping info-refresh-time-option-group { + description "OPTION_INFORMATION_REFRESH_TIME (32) + Information Refresh Time option."; + reference "RFC8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)"; + container info-refresh-time-option { + description "OPTION_INFORMATION_REFRESH_TIME (32) + Information Refresh Time option container."; + leaf info-refresh-time { + type dhcpv6-common:timer-seconds32; + description "Time duration relative to the current time, + expressed in units of seconds."; + } + } + } + + grouping sol-max-rt-option-group { + description "OPTION_SOL_MAX_RT (82) sol max rt option."; + reference "RFC8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)"; + container sol-max-rt-option { + description "OPTION_SOL_MAX_RT (82) sol max rt option + container."; + leaf sol-max-rt-value { + type dhcpv6-common:timer-seconds32; + description "sol max rt value"; + } + } + } + grouping inf-max-rt-option-group { + description "OPTION_INF_MAX_RT (83) inf max rt option."; + reference "RFC8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)"; + container inf-max-rt-option { + description "OPTION_INF_MAX_RT (83) inf max rt option + container."; + leaf inf-max-rt-value { + type dhcpv6-common:timer-seconds32; + description "inf max rt value"; + } + } + } + /* * Data Nodes */ container dhcpv6-server { description "Configuration nodes for the DHCPv6 server."; + leaf enabled { + description "Enables the DHCP server function."; + type boolean; + default true; + } container server-duid { description "DUID of the server."; uses dhcpv6-common:duid; } container vendor-config { description "This container provides a location for augmenting vendor or implementation specific configuration nodes."; } container option-sets { @@ -1102,26 +1228,38 @@ 'option-set' list is a set of options and their contents that will be returned to clients."; list option-set { key option-set-id; description "YANG definitions for DHCPv6 options are contained in separate YANG modules and augmented to this container as required."; leaf option-set-id { type uint32; description "Option set identifier."; + } leaf description { type string; description "An optional field for storing additional information relevant to the option set."; } + uses preference-option-group; + uses dhcpv6-common:auth-option-group; + uses server-unicast-option-group; + uses dhcpv6-common:status-code-option-group; + uses dhcpv6-common:rapid-commit-option-group; + uses dhcpv6-common:vendor-specific-information-option-group; + uses reconfigure-message-option-group; + uses dhcpv6-common:reconfigure-accept-option-group; + uses info-refresh-time-option-group; + uses sol-max-rt-option-group; + uses inf-max-rt-option-group; } } container class-selector { description "DHCPv6 servers use a 'class-selector' function in order to identify and classify incoming client messages so that they can be given the correct configuration. The mechanisms used for implementing this function vary greatly between different implementations such that they are not possible to include in this module. This container @@ -1546,20 +1685,25 @@ Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 8513; see the RFC itself for full legal notices."; + revision 2021-01-29 { + description "Version update for draft -17 publication."; + reference "I-D: draft-ietf-dhc-dhcpv6-yang-17"; + } + revision 2021-01-06 { description "Version update for draft -16 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; } revision 2020-12-22 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; } @@ -1599,43 +1743,26 @@ revision 2017-11-24 { description "First version of the separated relay specific YANG model."; reference "I-D: draft-ietf-dhc-dhcpv6-yang"; } /* - * Identities - */ - - identity relay { - base "dhcpv6-common:dhcpv6-node"; - description "DHCPv6 relay agent identity."; - } - - leaf dhcpv6-node-type { - type identityref { - base "dhcpv6-common:dhcpv6-node"; - } - description "Type for a DHCPv6 relay."; - } - - /* * Features */ feature prefix-delegation { description "Enable if the relay functions as a delegating router for DHCPv6 prefix delegation."; - } /* * Groupings */ grouping pd-lease-state { description "State data for the relay."; list pd-leases { key ia-pd-prefix; @@ -1776,55 +1904,84 @@ description "Number of Relay-forward (12) messages containing a message of unknown type received."; } leaf discarded-message-count { type uint32; config "false"; description "Number of messages that have been discarded for any reason."; } } + grouping interface-id-option-group { + description "OPTION_INTERFACE_ID (18) Interface-Id Option."; + reference "RFC8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)"; + container interface-id-option { + description "OPTION_INTERFACE_ID (18) Interface-Id Option + container."; + leaf interface-id { + type string; + description "An opaque value of arbitrary length generated + by the relay agent to identify one of the relay agent's + interfaces."; + } + } + } /* * Data Nodes */ container dhcpv6-relay { description "This container contains the configuration data nodes for the relay."; + leaf enabled { + description "Globally enables the DHCP relay function."; + type boolean; + default true; + } list relay-if { key if-name; description "List of interfaces configured for DHCPv6 relaying."; leaf if-name { type if:interface-ref; description "interface-ref to the relay interface."; } + leaf enabled { + description "Enables the DHCP relay function for this + interface."; + type boolean; + default true; + } leaf-list destination-addresses { type inet:ipv6-address; description "Each DHCPv6 relay agent may be configured with a list of destination addresses for relayed messages. The list may include unicast addresses, multicast addresses or other valid addresses."; } leaf link-address { type binary { length "0..16"; } description "An address that may be used by the server to identify the link on which the client is located."; } container relay-options { description "Definitions for DHCPv6 options that can be sent by the relay are augmented to this location from other YANG modules as required."; + uses dhcpv6-common:auth-option-group; + uses dhcpv6-common:status-code-option-group; + uses interface-id-option-group; } uses message-statistics; container prefix-delegation { if-feature prefix-delegation; presence "Enables prefix delegation for this interface."; description "Controls and holds state information for prefix delegation."; uses pd-lease-state; } } @@ -1974,30 +2129,34 @@ Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 8513; see the RFC itself for full legal notices."; + revision 2021-01-29 { + description "Version update for draft -17 publication."; + reference "I-D: draft-ietf-dhc-dhcpv6-yang-17"; + } + revision 2021-01-06 { description "Version update for draft -16 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; } revision 2020-12-22 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; } - revision 2020-12-10 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-13"; } revision 2020-12-01 { description "Version update for draft -12 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-12"; } @@ -2026,36 +2186,20 @@ reference "I-D: draft-ietf-dhc-dhcpv6-yang"; } revision 2017-11-24 { description "First version of the separated client specific YANG model."; reference "I-D: draft-ietf-dhc-dhcpv6-yang"; } /* - * Identities - */ - - identity client { - base "dhcpv6-common:dhcpv6-node"; - description "DHCPv6 client identity."; - } - - leaf dhcpv6-node-type { - type identityref { - base "dhcpv6-common:dhcpv6-node"; - } - description "Type for a DHCPv6 client."; - } - - /* * Groupings */ grouping message-statistics { description "Counters for DHCPv6 messages."; leaf solicit-count { type uint32; config "false"; description "Number of Solicit (1) messages sent."; } @@ -2104,41 +2248,139 @@ config "false"; description "Number of Reconfigure (10) messages received."; } leaf information-request-count { type uint32; config "false"; description "Number of Information-request (11) messages sent."; } } + + grouping option-request-option-group { + description "OPTION_ORO (6) Option Request Option. A client + MUST include an Option Request option in a Solicit, Request, + Renew, Rebind, or Information-request message to inform + the server about options the client wants the server to send + to the client."; + reference "RFC8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)"; + container option-request-option { + description "OPTION_ORO (6) Option Request Option container."; + leaf-list oro-option { + type uint16; + description "List of options that the client is requesting, + identified by option code"; + } + } + } + + grouping user-class-option-group { + description "OPTION_USER_CLASS (15) User Class Option"; + reference "RFC8415: Dynamic Host Configuration Protocol + for IPv6 (DHCPv6)"; + container user-class-option { + description "OPTION_USER_CLASS (15) User Class Option + container."; + list user-class-data { + key user-class-datum-id; + min-elements 1; + description "The user classes of which the client + is a member."; + leaf user-class-datum-id { + type uint8; + description "User class datum ID"; + } + leaf user-class-datum { + type string; + description "Opaque field representing a User Class + of which the client is a member."; + + } + } + } + } + + grouping vendor-class-option-group { + description "OPTION_VENDOR_CLASS (16) Vendor Class Option"; + reference "RFC8415: Dynamic Host Configuration Protocol + for IPv6 (DHCPv6)"; + container vendor-class-option { + description "OPTION_VENDOR_CLASS (16) Vendor Class Option + container."; + list vendor-class-option-instances { + key enterprise-number; + description "The vendor class option allows for multiple + instances in a single message. Each list entry defines + the contents of an instance of the option."; + leaf enterprise-number { + type uint32; + description "The vendor's registered Enterprise Number + as maintained by IANA."; + } + list vendor-class { + key vendor-class-datum-id; + description "The vendor classes of which the client is + a member."; + leaf vendor-class-datum-id { + type uint8; + description "Vendor class datum ID"; + } + leaf vendor-class-datum { + type string; + description "Opaque field representing a vendor class + of which the client is a member."; + } + } + } + } + } + /* * Data Nodes */ container dhcpv6-client { description "DHCPv6 client configuration and state."; + leaf enabled { + description "Globally enables the DHCP client function."; + type boolean; + default true; + } list client-if { key if-name; description "The list of interfaces that the client will be requesting DHCPv6 configuration for."; leaf if-name { type if:interface-ref; mandatory true; description "Reference to the interface entry that the requested configuration is relevant to."; } + leaf enabled { + description "Enables the DHCP client function for this + interface."; + type boolean; + default true; + } uses dhcpv6-common:duid; container client-configured-options { description "Definitions for DHCPv6 options that can be be sent by the client are augmented to this location from other YANG modules as required."; + uses option-request-option-group; + uses dhcpv6-common:status-code-option-group; + uses dhcpv6-common:rapid-commit-option-group; + uses user-class-option-group; + uses vendor-class-option-group; + uses dhcpv6-common:vendor-specific-information-option-group; + uses dhcpv6-common:reconfigure-accept-option-group; } list ia-na { key iaid; description "Configuration relevant for an IA_NA."; reference "RFC8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6)."; leaf iaid { type uint32; description "A unique identifier for this IA_NA."; } @@ -2383,84 +2624,71 @@ path "/dhcpv6-client/client-if/ia-ta/iaid"; } description "Reference to the IA_TA lease."; } leaf lease-ia-pd { type leafref { path "/dhcpv6-client/client-if/ia-pd/iaid"; } description "Reference to the IA_PD lease."; } + } } -3.4. RFC8415 Server Options YANG Module +3.4. DHCPv6 Common YANG Module This module imports typedefs from [RFC6991]. - file "ietf-dhcpv6-options-rfc8415-server.yang" + file "ietf-dhcpv6-common.yang" - module ietf-dhcpv6-options-rfc8415-server { + module ietf-dhcpv6-common { yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:" + - "ietf-dhcpv6-options-rfc8415-server"; - prefix "rfc8415-srv"; + namespace "urn:ietf:params:xml:ns:yang:ietf-dhcpv6-common"; + prefix "dhcpv6-common"; - import ietf-inet-types { - prefix inet; + import ietf-yang-types { + prefix yang; reference "RFC 6991: Common YANG Data Types"; } - import ietf-dhcpv6-common { - prefix dhcpv6-common; - reference - "To be updated on publication"; - } - - import ietf-dhcpv6-server { - prefix dhcpv6-server; - reference - "To be updated on publication"; - } - organization "DHC WG"; contact - "cuiyong@tsinghua.edu.cn - wangh13@mails.tsinghua.edu.cn + "yong@csnet1.cs.tsinghua.edu.cn lh.sunlinh@gmail.com ian.farrer@telekom.de sladjana.zechlin@telekom.de hezihao9512@gmail.com"; - description "This YANG module contains DHCPv6 options defined - in RFC8415 that can be used by DHCPv6 clients. + description "This YANG module defines common components + used for the configuration and management of DHCPv6. Copyright (c) 2021 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX - (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself - for full legal notices. - The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL - NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', - 'MAY', and 'OPTIONAL' in this document are to be interpreted as - described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, - they appear in all capitals, as shown here."; + This version of this YANG module is part of RFC 8513; see + the RFC itself for full legal notices."; + + revision 2021-01-29 { + description "Version update for draft -17 publication."; + reference "I-D: draft-ietf-dhc-dhcpv6-yang-17"; + + } revision 2021-01-06 { description "Version update for draft -16 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; } revision 2020-12-22 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; } @@ -2468,411 +2696,158 @@ revision 2020-12-10 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-13"; } revision 2020-12-01 { description "Version update for draft -12 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-12"; } - revision 2020-11-19 { - description "Separated into a client specific set of options."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-12"; - } - revision 2020-05-26 { description "Version update for draft -11 publication and to align revisions across the different modules."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-11"; } - revision 2019-06-07 { - description "Major reworking to only contain RFC8415 options. - if-feature for each option removed. Removed groupings - of features by device or combination of devices. Added "; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; - } revision 2018-09-04 { description ""; reference "I-D: draft-ietf-dhc-dhcpv6-yang"; } - revision 2018-03-04 { - description "Resolved most issues on the DHC official - github"; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; - } - - revision 2017-12-22 { - description "Resolve most issues on Ian's github."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; - } - - revision 2017-11-24 { - description "First version of the separated DHCPv6 options - YANG model."; + revision 2018-01-30 { + description "Initial revision"; reference "I-D:draft-ietf-dhc-dhcpv6-yang"; } - /* - * Groupings - */ - - grouping preference-option-group { - description "OPTION_PREFERENCE (7) Preference Option."; - reference "RFC8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6)"; - container preference-option { - description "OPTION_PREFERENCE (7) Preference Option - container."; - leaf pref-value { - type uint8; - description "The preference value for the server in this - message. A 1-octet unsigned integer."; + typedef threshold { + type union { + type uint16 { + range 0..100; } + type enumeration { + enum "disabled" { + description "No threshold"; } } - grouping auth-option-group { - description "OPTION_AUTH (11) Authentication Option."; - reference "RFC8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6)"; - container auth-option { - description "OPTION_AUTH (11) Authentication Option container."; - leaf protocol { - type uint8; - description "The authentication protocol used in this - Authentication option."; - } - leaf algorithm { - type uint8; - description "The algorithm used in the authentication - protocol."; - } - leaf rdm { - type uint8; - description "The replay detection method used - in this Authentication option."; - } - leaf replay-detection { - type uint64; - description "The replay detection information for the RDM."; - } - leaf auth-information { - type string; - description "The authentication information, as specified - by the protocol and algorithm used in this Authentication - option."; - } } + description "Threshold value in percent"; } - grouping server-unicast-option-group { - description "OPTION_UNICAST (12) Server Unicast Option."; - reference "RFC8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6)"; - container server-unicast-option { - description "OPTION_UNICAST (12) Server Unicast Option - container."; - leaf server-address { - type inet:ipv6-address; - description "The 128-bit address to which the client - should send messages delivered using unicast."; - } + typedef timer-seconds32 { + type uint32 { + range "1..4294967295"; } + units "seconds"; + description + "Timer value type, in seconds (32-bit range)."; } - grouping status-code-option-group { - description "OPTION_STATUS_CODE (13) Status Code Option."; - reference "RFC8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6)"; - container status-code-option { - description "OPTION_STATUS_CODE (13) Status Code Option - container."; - leaf status-code { + /* + * Groupings + */ + + grouping duid { + description "Each server and client has only one DUID (DHCP + Unique Identifier). The DUID here identifies a unique + DHCPv6 server for clients. DUID consists of a two-octet + type field and an arbitrary length (no more than 128 bytes) + content field. Currently there are four defined types of + DUIDs in RFC8415 and RFC6355 - DUID-LLT, DUID-EN, DUID-LL + and DUID-UUID. DUID-unstructured represents DUIDs which + do not follow any of the defined formats."; + reference "RFC8415: Section 11 and RFC6355: Section 4"; + leaf type-code { type uint16; - description "The numeric code for the status encoded - in this option. See the Status Codes registry at - - for the current list of status codes."; - } - leaf status-message { - type string; - description "A UTF-8 encoded text string suitable for - display to an end user. MUST NOT be null-terminated."; - } + default 65535; + description "Type code of this DUID."; } + choice duid-type { + default duid-unstructured; + description "Selects the format of the DUID."; + case duid-llt { + description "DUID Based on Link-layer Address Plus Time + (Type 1 - DUID-LLT)."; + reference "RFC8415 Section 11.2"; + leaf duid-llt-hardware-type { + type uint16; + description "Hardware type as assigned by IANA (RFC826)."; } + leaf duid-llt-time { + type yang:timeticks; + description "The time that the DUID is generated + represented in seconds since midnight (UTC), + January 1, 2000, modulo 2^32."; - grouping rapid-commit-option-group { - description "OPTION_RAPID_COMMIT (14) Rapid Commit Option."; - reference "RFC8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6)"; - container rapid-commit-option { - presence "Enable sending of this option"; - description "OPTION_RAPID_COMMIT (14) Rapid Commit Option - container."; } + leaf duid-llt-link-layer-address { + type yang:mac-address; + description "Link-layer address as described in RFC2464."; } - - grouping vendor-specific-information-option-group { - description "OPTION_VENDOR_OPTS (17) Vendor-specific - Information Option."; - reference "RFC8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6)"; - container vendor-specific-information-option { - description "OPTION_VENDOR_OPTS (17) Vendor-specific - Information Option container."; - list vendor-specific-information-option-instances { - key enterprise-number; - description "The vendor specific information option allows - for multiple instances in a single message. Each list entry - defines the contents of an instance of the option."; - leaf enterprise-number { + } + case duid-en { + description "DUID Assigned by Vendor Based on Enterprise + Number (Type 2 - DUID-EN)."; + reference "RFC8415 Section 11.3"; + leaf duid-en-enterprise-number { type uint32; - description "The vendor's registered Enterprise Number, + description "Vendor's registered Private Enterprise Number as maintained by IANA."; } - list vendor-option-data { - key sub-option-code; - description "Vendor options, interpreted by vendor-specific - client/server functions."; - leaf sub-option-code { - type uint16; - description "The code for the sub-option."; - } - leaf sub-option-data { + leaf duid-en-identifier { type string; - description "The data area for the sub-option."; - } - } - } - } - } - - grouping reconfigure-message-option-group { - description "OPTION_RECONF_MSG (19) Reconfigure Message - Option."; - reference "RFC8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6)"; - container reconfigure-message-option { - description "OPTION_RECONF_MSG (19) Reconfigure Message - Option."; - leaf msg-type { - type uint8; - description "5 for Renew message, 6 for Rebind message, - 11 for Information-request message."; - } - } - } - - grouping reconfigure-accept-option-group { - description "OPTION_RECONF_ACCEPT (20) Reconfigure Accept - Option. - A client uses the Reconfigure Accept option to announce to - the server whether the client is willing to accept Reconfigure - messages, and a server uses this option to tell the client - whether or not to accept Reconfigure messages. In the absence - of this option, the default behavior is that the client is - unwilling to accept Reconfigure messages. The presence node - is used to enable the option."; - reference "RFC8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6)"; - container reconfigure-accept-option { - presence "Enable sending of this option"; - description "OPTION_RECONF_ACCEPT (20) Reconfigure Accept - Option container."; - } - } - grouping info-refresh-time-option-group { - description "OPTION_INFORMATION_REFRESH_TIME (32) - Information Refresh Time option."; - reference "RFC8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6)"; - container info-refresh-time-option { - description "OPTION_INFORMATION_REFRESH_TIME (32) - Information Refresh Time option container."; - leaf info-refresh-time { - type dhcpv6-common:timer-seconds32; - description "Time duration relative to the current time, - expressed in units of seconds."; - } - } - } - - grouping sol-max-rt-option-group { - description "OPTION_SOL_MAX_RT (82) sol max rt option."; - reference "RFC8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6)"; - container sol-max-rt-option { - description "OPTION_SOL_MAX_RT (82) sol max rt option - container."; - leaf sol-max-rt-value { - type dhcpv6-common:timer-seconds32; - description "sol max rt value"; - } - } - } - - grouping inf-max-rt-option-group { - description "OPTION_INF_MAX_RT (83) inf max rt option."; - reference "RFC8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6)"; - container inf-max-rt-option { - description "OPTION_INF_MAX_RT (83) inf max rt option - container."; - leaf inf-max-rt-value { - type dhcpv6-common:timer-seconds32; - description "inf max rt value"; - } - } - } - - /* - * Augmentations - */ - - augment "/dhcpv6-server:dhcpv6-server/dhcpv6-server:option-sets/" + - "dhcpv6-server:option-set" { - when "../../../dhcpv6-server:dhcpv6-node-type=" + - "'dhcpv6-server:server'"; - description "Augment the option definition groupings to the - relay module."; - uses preference-option-group; - uses auth-option-group; - uses server-unicast-option-group; - uses status-code-option-group; - uses rapid-commit-option-group; - uses vendor-specific-information-option-group; - uses reconfigure-message-option-group; - uses reconfigure-accept-option-group; - uses info-refresh-time-option-group; - uses sol-max-rt-option-group; - uses inf-max-rt-option-group; - } - } - - -3.5. RFC8415 Relay Options YANG Module - - This module imports typedefs from [RFC6991]. - - file "ietf-dhcpv6-options-rfc8415-relay.yang" - - module ietf-dhcpv6-options-rfc8415-relay { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:" + - "ietf-dhcpv6-options-rfc8415-relay"; - prefix "rfc8415-rly"; - - import ietf-dhcpv6-relay { - prefix dhcpv6-relay; - reference - "To be updated on publication"; + description "Identifier, unique to the device."; } - - organization "DHC WG"; - contact - "cuiyong@tsinghua.edu.cn - wangh13@mails.tsinghua.edu.cn - lh.sunlinh@gmail.com - ian.farrer@telekom.de - sladjana.zechlin@telekom.de - hezihao9512@gmail.com"; - - description "This YANG module contains DHCPv6 options defined - in RFC8415 that can be used by DHCPv6 clients. - - Copyright (c) 2021 IETF Trust and the persons identified as - authors of the code. All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions - Relating to IETF Documents - (http://trustee.ietf.org/license-info). - - This version of this YANG module is part of RFC XXXX - (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself - for full legal notices. - - The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL - NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', - 'MAY', and 'OPTIONAL' in this document are to be interpreted as - described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, - they appear in all capitals, as shown here."; - - revision 2021-01-06 { - description "Version update for draft -16 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; } - - revision 2020-12-22 { - description "Version update for draft -13 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; + case duid-ll { + description "DUID Based on Link-layer Address + (Type 3 - DUID-LL)."; + reference "RFC8415 Section 11.4"; + leaf duid-ll-hardware-type { + type uint16; + description "Hardware type, as assigned by IANA (RFC826)."; } - - revision 2020-12-10 { - description "Version update for draft -13 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-13"; + leaf duid-ll-link-layer-address { + type yang:mac-address; + description "Link-layer address, as described in RFC2464"; } - - revision 2020-12-01 { - description "Version update for draft -12 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-12"; } - - revision 2020-11-19 { - description "Separated into a relay specific set of options."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-12"; + case duid-uuid { + description "DUID Based on Universally Unique Identifier + (Type 4 - DUID-UUID)."; + reference "RFC6335 Definition of the UUID-Based Unique + Identifier"; + leaf uuid { + type yang:uuid; + description "A Universally Unique Identifier in the string + representation, defined in RFC4122. The canonical + representation uses lowercase characters."; } - revision 2020-05-26 { - description "Version update for draft -11 publication and - to align revisions across the different modules."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-11"; } + case duid-unstructured { + description "DUID which does not follow any of the other + structures, expressed as bytes."; - revision 2019-06-07 { - description "Major reworking to only contain RFC8415 options. - if-feature for each option removed. Removed groupings - of features by device or combination of devices. Added "; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; + leaf data { + type binary; + description "The bits to be used as the identifier."; } - - revision 2018-09-04 { - description ""; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; } - - revision 2018-03-04 { - description "Resolved most issues on the DHC official - github"; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; } - - revision 2017-12-22 { - description "Resolve most issues on Ian's github."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; + leaf active-duid { + type binary; + config "false"; + description "The DUID which is currently in use."; } - - revision 2017-11-24 { - description "First version of the separated DHCPv6 options - YANG model."; - reference "I-D:draft-ietf-dhc-dhcpv6-yang"; } - /* - * Groupings - */ - grouping auth-option-group { description "OPTION_AUTH (11) Authentication Option."; reference "RFC8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6)"; container auth-option { description "OPTION_AUTH (11) Authentication Option container."; leaf protocol { type uint8; description "The authentication protocol used in this @@ -2893,208 +2868,20 @@ description "The replay detection information for the RDM."; } leaf auth-information { type string; description "The authentication information, as specified by the protocol and algorithm used in this Authentication option."; } } } - - grouping status-code-option-group { - description "OPTION_STATUS_CODE (13) Status Code Option."; - reference "RFC8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6)"; - container status-code-option { - description "OPTION_STATUS_CODE (13) Status Code Option - container."; - leaf status-code { - type uint16; - description "The numeric code for the status encoded - in this option. See the Status Codes registry at - - for the current list of status codes."; - } - leaf status-message { - type string; - description "A UTF-8 encoded text string suitable for - display to an end user. MUST NOT be null-terminated."; - } - } - } - grouping interface-id-option-group { - description "OPTION_INTERFACE_ID (18) Interface-Id Option."; - reference "RFC8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6)"; - container interface-id-option { - description "OPTION_INTERFACE_ID (18) Interface-Id Option - container."; - leaf interface-id { - type string; - description "An opaque value of arbitrary length generated - by the relay agent to identify one of the relay agent's - interfaces."; - } - } - } - - /* - * Augmentations - */ - - augment "/dhcpv6-relay:dhcpv6-relay/dhcpv6-relay:relay-if/" + - "dhcpv6-relay:relay-options" { - when "../../../dhcpv6-relay:dhcpv6-node-type=" + - "'dhcpv6-relay:relay'"; - description "Augment the option definition groupings to the - relay module."; - uses auth-option-group; - uses status-code-option-group; - uses interface-id-option-group; - } - } - - -3.6. RFC8415 Client Options YANG Module - - This module imports typedefs from [RFC6991]. - - file "ietf-dhcpv6-options-rfc8415-client.yang" - - module ietf-dhcpv6-options-rfc8415-client { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:" + - "ietf-dhcpv6-options-rfc8415-client"; - prefix "rfc8415-cli"; - - import ietf-dhcpv6-client { - prefix dhcpv6-client; - reference - "To be updated on publication"; - } - - organization "DHC WG"; - contact - "cuiyong@tsinghua.edu.cn - wangh13@mails.tsinghua.edu.cn - lh.sunlinh@gmail.com - ian.farrer@telekom.de - sladjana.zechlin@telekom.de - hezihao9512@gmail.com"; - - description "This YANG module contains DHCPv6 options defined - in RFC8415 that can be used by DHCPv6 clients. - - Copyright (c) 2021 IETF Trust and the persons identified as - authors of the code. All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions - Relating to IETF Documents - (http://trustee.ietf.org/license-info). - - This version of this YANG module is part of RFC XXXX - (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself - for full legal notices. - - The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL - NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', - 'MAY', and 'OPTIONAL' in this document are to be interpreted as - described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, - they appear in all capitals, as shown here."; - - revision 2021-01-06 { - description "Version update for draft -16 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; - } - - revision 2020-12-22 { - description "Version update for draft -13 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; - } - - revision 2020-12-10 { - description "Version update for draft -13 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-13"; - - } - - revision 2020-12-01 { - description "Version update for draft -12 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-12"; - } - - revision 2020-11-19 { - description "Separated into a client specific set of options."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-12"; - } - - revision 2020-05-26 { - description "Version update for draft -11 publication and - to align revisions across the different modules."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-11"; - } - - revision 2019-06-07 { - description "Major reworking to only contain RFC8415 options. - if-feature for each option removed. Removed groupings - of features by device or combination of devices. Added "; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; - } - - revision 2018-09-04 { - description ""; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; - } - - revision 2018-03-04 { - description "Resolved most issues on the DHC official - github"; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; - } - - revision 2017-12-22 { - description "Resolve most issues on Ian's github."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; - } - - revision 2017-11-24 { - description "First version of the separated DHCPv6 options - YANG model."; - reference "I-D:draft-ietf-dhc-dhcpv6-yang"; - } - - /* - * Groupings - */ - - grouping option-request-option-group { - description "OPTION_ORO (6) Option Request Option. A client - MUST include an Option Request option in a Solicit, Request, - Renew, Rebind, or Information-request message to inform - the server about options the client wants the server to send - to the client."; - reference "RFC8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6)"; - container option-request-option { - description "OPTION_ORO (6) Option Request Option container."; - leaf-list oro-option { - type uint16; - description "List of options that the client is requesting, - identified by option code"; - } - } - } - grouping status-code-option-group { description "OPTION_STATUS_CODE (13) Status Code Option."; reference "RFC8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6)"; container status-code-option { description "OPTION_STATUS_CODE (13) Status Code Option container."; leaf status-code { type uint16; description "The numeric code for the status encoded @@ -3104,96 +2891,33 @@ } leaf status-message { type string; description "A UTF-8 encoded text string suitable for display to an end user. MUST NOT be null-terminated."; } } } grouping rapid-commit-option-group { - description "OPTION_RAPID_COMMIT (14) Rapid Commit Option. - The presence node is used to enable the option."; + description "OPTION_RAPID_COMMIT (14) Rapid Commit Option."; reference "RFC8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6)"; - container rapid-commit-option { presence "Enable sending of this option"; description "OPTION_RAPID_COMMIT (14) Rapid Commit Option container."; } } - grouping user-class-option-group { - description "OPTION_USER_CLASS (15) User Class Option"; - reference "RFC8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6)"; - container user-class-option { - description "OPTION_USER_CLASS (15) User Class Option - container."; - list user-class-data { - key user-class-datum-id; - min-elements 1; - description "The user classes of which the client - is a member."; - leaf user-class-datum-id { - type uint8; - description "User class datum ID"; - } - leaf user-class-datum { - type string; - description "Opaque field representing a User Class - of which the client is a member."; - } - } - } - } - - grouping vendor-class-option-group { - description "OPTION_VENDOR_CLASS (16) Vendor Class Option"; - reference "RFC8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6)"; - container vendor-class-option { - description "OPTION_VENDOR_CLASS (16) Vendor Class Option - container."; - list vendor-class-option-instances { - key enterprise-number; - description "The vendor class option allows for multiple - instances in a single message. Each list entry defines - the contents of an instance of the option."; - leaf enterprise-number { - type uint32; - description "The vendor's registered Enterprise Number - as maintained by IANA."; - - } - list vendor-class { - key vendor-class-datum-id; - description "The vendor classes of which the client is - a member."; - leaf vendor-class-datum-id { - type uint8; - description "Vendor class datum ID"; - } - leaf vendor-class-datum { - type string; - description "Opaque field representing a vendor class - of which the client is a member."; - } - } - } - } - } - grouping vendor-specific-information-option-group { description "OPTION_VENDOR_OPTS (17) Vendor-specific - Information Option"; + Information Option."; reference "RFC8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6)"; container vendor-specific-information-option { description "OPTION_VENDOR_OPTS (17) Vendor-specific Information Option container."; list vendor-specific-information-option-instances { key enterprise-number; description "The vendor specific information option allows for multiple instances in a single message. Each list entry defines the contents of an instance of the option."; @@ -3217,257 +2940,34 @@ } } } } } grouping reconfigure-accept-option-group { description "OPTION_RECONF_ACCEPT (20) Reconfigure Accept Option. A client uses the Reconfigure Accept option to announce to - the server whether the client is willing to accept - Reconfigure messages, and a server uses this option to tell - the client whether or not to accept Reconfigure messages. - In the absence of this option, the default behavior is that - the client is unwilling to accept Reconfigure messages. - The presence node is used to enable the option."; - reference "RFC8415: Dynamic Host Configuration Protocol for IPv6 - (DHCPv6)"; + the server whether the client is willing to accept Reconfigure + messages, and a server uses this option to tell the client + whether or not to accept Reconfigure messages. In the absence + of this option, the default behavior is that the client is + unwilling to accept Reconfigure messages. The presence node + is used to enable the option."; + reference "RFC8415: Dynamic Host Configuration Protocol + for IPv6 (DHCPv6)"; container reconfigure-accept-option { presence "Enable sending of this option"; description "OPTION_RECONF_ACCEPT (20) Reconfigure Accept Option container."; } } - - /* - * Augmentations - */ - - augment "/dhcpv6-client:dhcpv6-client/dhcpv6-client:client-if/" + - "dhcpv6-client:client-configured-options" { - when "../../../dhcpv6-client:dhcpv6-node-type=" + - "'dhcpv6-client:client'"; - description "Augment the option definition groupings to the - client module."; - uses option-request-option-group; - uses status-code-option-group; - uses rapid-commit-option-group; - uses user-class-option-group; - uses vendor-class-option-group; - uses vendor-specific-information-option-group; - uses reconfigure-accept-option-group; - } - } - - -3.7. DHCPv6 Common YANG Module - - This module imports typedefs from [RFC6991]. - - file "ietf-dhcpv6-common.yang" - - module ietf-dhcpv6-common { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:ietf-dhcpv6-common"; - prefix "dhcpv6-common"; - - import ietf-yang-types { - prefix yang; - reference - "RFC 6991: Common YANG Data Types"; - } - - organization "DHC WG"; - contact - "yong@csnet1.cs.tsinghua.edu.cn - lh.sunlinh@gmail.com - ian.farrer@telekom.de - sladjana.zechlin@telekom.de - hezihao9512@gmail.com"; - - description "This YANG module defines common components - used for the configuration and management of DHCPv6. - - Copyright (c) 2021 IETF Trust and the persons identified as - authors of the code. All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions - Relating to IETF Documents - (http://trustee.ietf.org/license-info). - - This version of this YANG module is part of RFC 8513; see - the RFC itself for full legal notices."; - - revision 2021-01-06 { - description "Version update for draft -16 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; - } - - revision 2020-12-22 { - description "Version update for draft -13 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; - } - - revision 2020-12-10 { - description "Version update for draft -13 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-13"; - } - - revision 2020-12-01 { - description "Version update for draft -12 publication."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-12"; - } - - revision 2020-05-26 { - description "Version update for draft -11 publication and - to align revisions across the different modules."; - reference "I-D: draft-ietf-dhc-dhcpv6-yang-11"; - } - - revision 2018-09-04 { - description ""; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; - } - - revision 2018-01-30 { - description "Initial revision"; - reference "I-D: draft-ietf-dhc-dhcpv6-yang"; - } - - typedef threshold { - type union { - type uint16 { - range 0..100; - } - type enumeration { - enum "disabled" { - description "No threshold"; - } - } - } - description "Threshold value in percent"; - } - - typedef timer-seconds32 { - type uint32 { - range "1..4294967295"; - } - units "seconds"; - description - "Timer value type, in seconds (32-bit range)."; - } - - identity dhcpv6-node { - description "Abstract base type for DHCPv6 functional nodes"; - } - - /* - * Groupings - */ - - grouping duid { - description "Each server and client has only one DUID (DHCP - Unique Identifier). The DUID here identifies a unique - DHCPv6 server for clients. DUID consists of a two-octet - type field and an arbitrary length (no more than 128 bytes) - content field. Currently there are four defined types of - DUIDs in RFC8415 and RFC6355 - DUID-LLT, DUID-EN, DUID-LL - and DUID-UUID. DUID-unstructured represents DUIDs which - do not follow any of the defined formats."; - reference "RFC8415: Section 11 and RFC6355: Section 4"; - leaf type-code { - type uint16; - default 65535; - description "Type code of this DUID."; - } - choice duid-type { - default duid-unstructured; - description "Selects the format of the DUID."; - case duid-llt { - description "DUID Based on Link-layer Address Plus Time - (Type 1 - DUID-LLT)."; - reference "RFC8415 Section 11.2"; - leaf duid-llt-hardware-type { - type uint16; - description "Hardware type as assigned by IANA (RFC826)."; - } - leaf duid-llt-time { - type yang:timeticks; - description "The time that the DUID is generated - represented in seconds since midnight (UTC), - January 1, 2000, modulo 2^32."; - } - leaf duid-llt-link-layer-address { - type yang:mac-address; - description "Link-layer address as described in RFC2464."; - } - - } - case duid-en { - description "DUID Assigned by Vendor Based on Enterprise - Number (Type 2 - DUID-EN)."; - reference "RFC8415 Section 11.3"; - leaf duid-en-enterprise-number { - type uint32; - description "Vendor's registered Private Enterprise Number - as maintained by IANA."; - } - leaf duid-en-identifier { - type string; - description "Identifier, unique to the device."; - } - } - case duid-ll { - description "DUID Based on Link-layer Address - (Type 3 - DUID-LL)."; - reference "RFC8415 Section 11.4"; - leaf duid-ll-hardware-type { - type uint16; - description "Hardware type, as assigned by IANA (RFC826)."; - } - leaf duid-ll-link-layer-address { - type yang:mac-address; - description "Link-layer address, as described in RFC2464"; - } - } - case duid-uuid { - description "DUID Based on Universally Unique Identifier - (Type 4 - DUID-UUID)."; - reference "RFC6335 Definition of the UUID-Based Unique - Identifier"; - leaf uuid { - type yang:uuid; - description "A Universally Unique Identifier in the string - representation, defined in RFC4122. The canonical - representation uses lowercase characters."; - } - } - case duid-unstructured { - description "DUID which does not follow any of the other - structures, expressed as bytes."; - leaf data { - type binary; - description "The bits to be used as the identifier."; - } - } - - } - leaf active-duid { - type binary; - config "false"; - description "The DUID which is currently in use."; - } - } } 4. Security Considerations The YANG modules defined in this document are designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the @@ -3502,27 +3002,24 @@ various attacks, such as: * Re-configuring the relay's destination address to send messages to a rogue DHCPv6 server. * Deleting information about a client's delegated prefix, causing a denial of service attack as traffic will no longer be routed to the client. Some of the readable data nodes in this YANG module may be considered - sensitive or vulnerable in some network environments. It is thus - important to control read access (e.g., via get, get-config, or - notification) to these data nodes. These subtrees and data nodes can - be misused to track the activity of a host: - - * Re-configuring the relay's destination address to send messages to - a rogue DHCPv6 server. + sensitive or vulnerable in some network environments. Therefore, it + is important to control read access (e.g., only permitting get, get- + config, or notifications) to these data nodes. These subtrees and + data nodes can be misused to track the activity of a host: * Information the server holds about clients with active leases: (dhcpv6-server/network-ranges/network-range/ address-pools/ address-pool/active-leases) * Information the relay holds about clients with active leases: (dhcpv6-relay/relay-if/prefix-delegation/) Security considerations related to DHCPv6 are discussed in [RFC8415]. @@ -3546,46 +3043,25 @@ name: ietf-dhcpv6-client namespace: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-client prefix: dhcpv6-client reference: RFC XXXX YANG Data Model for DHCPv6 Configuration name: ietf-dhcpv6-relay namespace: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-relay prefix: dhcpv6-relay reference: RFC XXXX YANG Data Model for DHCPv6 Configuration - name: ietf-dhcpv6-options-rfc8415-server - namespace: - urn:ietf:params:xml:ns:yang:ietf-dhcpv6-options- - rfc8415-server - prefix: rfc8415-srv - reference: RFC XXXX YANG Data Model for DHCPv6 Configuration - - name: ietf-dhcpv6-options-rfc8415-relay - namespace: - urn:ietf:params:xml:ns:yang:ietf-dhcpv6-options- - rfc8415-relay - prefix: rfc8415-rly - reference: RFC XXXX YANG Data Model for DHCPv6 Configuration - - name: ietf-dhcpv6-options-rfc8415-client - namespace: - urn:ietf:params:xml:ns:yang:ietf-dhcpv6-options- - rfc8415-client - prefix: rfc8415-rly - reference: RFC XXXX YANG Data Model for DHCPv6 Configuration - 6. Acknowledgments The authors would like to thank Qi Sun, Lishan Li, Sladjana Zoric, - Tomek Mrugalski, Marcin Siodelski, and Bing Liu for their valuable - comments and contributions to this work. + Tomek Mrugalski, Marcin Siodelski, Bing Liu, and Tom Petch for their + valuable comments and contributions to this work. 7. Contributors The following individuals contributed to this effort: Hao Wang Tsinghua University Beijing 100084 P.R. China Phone: +86-10-6278-5822 @@ -3680,60 +3156,61 @@ 8.2. Informative References [RFC3319] Schulzrinne, H. and B. Volz, "Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers", RFC 3319, DOI 10.17487/RFC3319, July 2003, . Appendix A. Example of Augmenting Additional DHCPv6 Option Definitions The following section provides a example of how the DHCPv6 option - definitions can be extended for additional options. It is expected - that additional specification documents will be published in the - future for this. + definitions can be extended to include additional options. It is + expected that additional specification documents will be published + for this in the future. The example defines YANG models for OPTION_SIP_SERVER_D (21) and - OPTION_SIP_SERVER_D (22) defined in [RFC3319]. The overall structure - is as follows: + OPTION_SIP_SERVER_D (22) defined in [RFC3319]. The module is + constructed as follows: - * A separate grouping is used for each option. + * The module is named using a meaningful, shortened version of the + document which specifies the DHCP option format. + + * A separate grouping is used to define each option. * The name of the option is taken from the registered IANA name for the option, with an '-option' suffix added. * The description field is taken from the relevant option code name and number. * The reference section is the number and name of the RFC in which the DHCPv6 option is defined. * The remaining fields match the fields in the DHCP option. They are in the same order as defined in the DHCP option. Where-ever possible, the format that is defined for the DHCP field should be matched by the relevant YANG type. * Fields which can have multiple entries or instances are defined using list or leaf-list nodes. Below the groupings for option definitions, augment statements are used to add the option definitions for use in the relevant DHCP - element's module (server, relay and/or client). If an option is - relevant to more than one element type, then an augment statement for - each element is used. + element's module (server, relay and/or client). - file "ietf-example-dhcpv6-options-rfc3319-server.yang" + file "ietf-example-dhcpv6-options-sip-server.yang" - module ietf-example-dhcpv6-options-rfc3319-server { + module ietf-example-dhcpv6-options-sip-server { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:" + - "ietf-example-dhcpv6-options-rfc3319-server"; - prefix "rfc3319-srv"; + "ietf-example-dhcpv6-options-sip-server"; + prefix "sip-srv"; import ietf-inet-types { prefix inet; } import ietf-dhcpv6-server { prefix dhcpv6-server; } organization "DHC WG"; @@ -3750,20 +3227,25 @@ Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 8513; see the RFC itself for full legal notices."; + revision 2021-01-29 { + description "Version update for draft -17 publication."; + reference "I-D: draft-ietf-dhc-dhcpv6-yang-17"; + } + revision 2021-01-06 { description "Version update for draft -16 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; } revision 2020-12-22 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; } @@ -3796,32 +3278,34 @@ description "OPTION_SIP_SERVER_D (21) SIP Servers Domain Name List"; reference "RFC3319: Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers"; container sip-server-domain-name-list-option { description "OPTION_SIP_SERVER_D (21) SIP Servers Domain Name List container."; list sip-server { key sip-serv-id; - description "sip server info"; + description "SIP server information."; leaf sip-serv-id { type uint8; - description "sip server id"; + description "SIP server list identifier identifier."; + } leaf sip-serv-domain-name { type inet:domain-name; - description "sip server domain name"; + description "SIP server domain name."; } } } } + grouping sip-server-address-list-option-group { description "OPTION_SIP_SERVER_A (22) SIP Servers IPv6 Address List"; reference "RFC3319: Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers"; container sip-server-address-list-option { description "OPTION_SIP_SERVER_A (22) SIP Servers IPv6 Address List container."; list sip-server { @@ -3819,57 +3303,55 @@ description "OPTION_SIP_SERVER_A (22) SIP Servers IPv6 Address List"; reference "RFC3319: Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers"; container sip-server-address-list-option { description "OPTION_SIP_SERVER_A (22) SIP Servers IPv6 Address List container."; list sip-server { key sip-serv-id; - description "sip server info"; + description "SIP server information."; leaf sip-serv-id { type uint8; - description "sip server id"; + description "SIP server list entry identifier."; } leaf sip-serv-addr { type inet:ipv6-address; - description "sip server addr"; + description "SIP server IPv6 address."; } } } } /* * Augmentations */ augment "/dhcpv6-server:dhcpv6-server/dhcpv6-server:option-sets/" + "dhcpv6-server:option-set" { - when "../../../dhcpv6-server:dhcpv6-node-type=" + - "'dhcpv6-server:server'"; description "Augment the option definition groupings to the server module."; uses sip-server-domain-name-list-option-group; uses sip-server-address-list-option-group; } } - The correct location to augment the new option definition(s) will vary according to the specific rules defined for the use of that specific option. E.g. for options which will be augmented into the ietf-dhcpv6-server module, in many cases, these will be augmented to: '/dhcpv6-server:dhcpv6-server/dhcpv6-server:option-sets/\ dhcpv6- server:option-set' + so that they can be defined within option sets. However, there are some options which are only applicable for specific deployment scenarios and in these cases it may be more logical to augment the option group to a location relevant for the option. One example for this could be OPTION_PD_EXCLUDE (67). This option is only relevant in combination with a delegated prefix which contains a specific prefix. In this case, the following location for the augmentation may be more suitable: @@ -3884,21 +3366,21 @@ configuring access to a lease storage database. The example module defines additional server attributes such as name and description. Storage for leases is configured using a lease- storage container. It allows storing leases in one of three options: memory (memfile), MySQL and PosgreSQL. For each case, the necessary configuration parameters are provided. At the end there is an augment statement which adds the vendor specific configuration defined in "dhcpv6-server-config:config" under - '/dhcpv6-server:config/dhcpv6-server:vendor-config' mount point. + the "/dhcpv6-server:config/dhcpv6-server:vendor-config" mount point. file "ietf-example-dhcpv6-server-config.yang" module ietf-example-dhcpv6-server-config { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:" + "ietf-example-dhcpv6-server-config"; prefix "dhcpv6-server-config"; import ietf-inet-types { @@ -3934,20 +3416,25 @@ Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 8513; see the RFC itself for full legal notices."; + revision 2021-01-29 { + description "Version update for draft -17 publication."; + reference "I-D: draft-ietf-dhc-dhcpv6-yang-17"; + } + revision 2021-01-06 { description "Version update for draft -16 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; } revision 2020-12-22 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; } @@ -4250,20 +3738,25 @@ Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 8513; see the RFC itself for full legal notices."; + revision 2021-01-29 { + description "Version update for draft -17 publication."; + reference "I-D: draft-ietf-dhc-dhcpv6-yang-17"; + } + revision 2021-01-06 { description "Version update for draft -16 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-16"; } revision 2020-12-22 { description "Version update for draft -13 publication."; reference "I-D: draft-ietf-dhc-dhcpv6-yang-15"; }