--- 1/draft-ietf-dhc-dhcpv6-yang-24.txt 2022-03-07 13:13:45.782038953 -0800 +++ 2/draft-ietf-dhc-dhcpv6-yang-25.txt 2022-03-07 13:13:45.966043598 -0800 @@ -1,18 +1,18 @@ DHC Working Group I. Farrer, Ed. Internet-Draft Deutsche Telekom AG -Intended status: Standards Track 18 November 2021 -Expires: 22 May 2022 +Intended status: Standards Track 7 March 2022 +Expires: 8 September 2022 YANG Data Model for DHCPv6 Configuration - draft-ietf-dhc-dhcpv6-yang-24 + draft-ietf-dhc-dhcpv6-yang-25 Abstract This document describes YANG data modules for the configuration and management of DHCPv6 (Dynamic Host Configuration Protocol for IPv6 RFC8415) servers, relays, and clients. Status of This Memo This Internet-Draft is submitted in full conformance with the @@ -21,25 +21,25 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on 22 May 2022. + This Internet-Draft will expire on 8 September 2022. Copyright Notice - Copyright (c) 2021 IETF Trust and the persons identified as the + Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. @@ -48,44 +48,46 @@ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Extensibility of the DHCPv6 Server YANG Module . . . . . 3 1.2.1. DHCPv6 Option Definitions . . . . . . . . . . . . . . 4 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 6 3. DHCPv6 Tree Diagrams . . . . . . . . . . . . . . . . . . . . 6 3.1. DHCPv6 Server Tree Diagram . . . . . . . . . . . . . . . 6 3.2. DHCPv6 Relay Tree Diagram . . . . . . . . . . . . . . . . 13 - 3.3. DHCPv6 Client Tree Diagram . . . . . . . . . . . . . . . 15 + 3.3. DHCPv6 Client Tree Diagram . . . . . . . . . . . . . . . 16 4. DHCPv6 YANG Modules . . . . . . . . . . . . . . . . . . . . . 20 4.1. DHCPv6 Common YANG Module . . . . . . . . . . . . . . . . 20 - 4.2. DHCPv6 Server YANG Module . . . . . . . . . . . . . . . . 28 - 4.3. DHCPv6 Relay YANG Module . . . . . . . . . . . . . . . . 48 - 4.4. DHCPv6 Client YANG Module . . . . . . . . . . . . . . . . 58 - 5. Security Considerations . . . . . . . . . . . . . . . . . . . 73 - 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 74 - 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 75 - 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 75 - 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 76 - 9.1. Normative References . . . . . . . . . . . . . . . . . . 76 - 9.2. Informative References . . . . . . . . . . . . . . . . . 78 - Appendix A. Data Tree Examples . . . . . . . . . . . . . . . . . 78 - A.1. DHCPv6 Server Configuration Examples . . . . . . . . . . 79 - A.2. DHCPv6 Relay Configuration Example . . . . . . . . . . . 83 - A.3. DHCPv6 Client Configuration Example . . . . . . . . . . . 84 + 4.2. DHCPv6 Server YANG Module . . . . . . . . . . . . . . . . 29 + 4.3. DHCPv6 Relay YANG Module . . . . . . . . . . . . . . . . 50 + 4.4. DHCPv6 Client YANG Module . . . . . . . . . . . . . . . . 60 + 5. Security Considerations . . . . . . . . . . . . . . . . . . . 75 + 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 77 + 6.1. URI Registration . . . . . . . . . . . . . . . . . . . . 77 + 6.2. YANG Module Name Registration . . . . . . . . . . . . . . 78 + 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 78 + 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 78 + 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 79 + 9.1. Normative References . . . . . . . . . . . . . . . . . . 79 + 9.2. Informative References . . . . . . . . . . . . . . . . . 82 + Appendix A. Data Tree Examples . . . . . . . . . . . . . . . . . 82 + A.1. DHCPv6 Server Configuration Examples . . . . . . . . . . 82 + A.2. DHCPv6 Relay Configuration Example . . . . . . . . . . . 86 + A.3. DHCPv6 Client Configuration Example . . . . . . . . . . . 87 Appendix B. Example of Augmenting Additional DHCPv6 Option - Definitions . . . . . . . . . . . . . . . . . . . . . . . 87 + Definitions . . . . . . . . . . . . . . . . . . . . . . . 90 Appendix C. Example Vendor Specific Server Configuration - Module . . . . . . . . . . . . . . . . . . . . . . . . . 90 + Module . . . . . . . . . . . . . . . . . . . . . . . . . 93 Appendix D. Example definition of class-selector - configuration . . . . . . . . . . . . . . . . . . . . . . 97 - Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 104 + configuration . . . . . . . . . . . . . . . . . . . . . . 99 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 106 1. Introduction DHCPv6 [RFC8415] is used for supplying configuration and other relevant parameters to clients in IPv6 networks. This document defines YANG [RFC7950] modules for the configuration and management of DHCPv6 'element' (servers, relays, and clients) using the Network Configuration Protocol (NETCONF [RFC6241]) or RESTCONF [RFC8040] protocols. @@ -142,42 +144,42 @@ of messages based on a number of parameters so that the correct provisioning information can be supplied. For example, allocating a prefix from the correct pool, or supplying a set of options relevant for a specific vendor's client implementation. During the development of this document, implementations were researched and the findings were that while this function is common to all, the method for configuring and implementing this function differs greatly. Therefore, configuration of the class selection function has been omitted from the DHCPv6 server module to allow implementors to define their own suitable YANG modules. Appendix D provides an example of - this, to demonstrate how this is can be integrated with the main - 'ietf-dhcpv6-server.yang' module. + this, to demonstrate how this can be integrated with the main 'ietf- + dhcpv6-server.yang' module. 1.2.1. DHCPv6 Option Definitions A large number of DHCPv6 options have been created in addition to those defined in [RFC8415]. As implementations differ widely as to which DHCPv6 options they support, the following approach has been taken to defining options: Only the DHCPv6 options defined in [RFC8415] are included in this document. Of these, only the options that require operator configuration are - modelled. For example, OPTION_IA_NA (3) is created by the DHCP - server when requested by the client. The contents of the fields in - the option are based on a number of input configuration parameters - which the server will apply when it receives the request (e.g., the - T1/T2 timers that are relevant for the pool of addresses). As a - result, there are no fields that are directly configurable for the - option, so it is not modelled. + modeled. For example, OPTION_IA_NA (3) is created by the DHCP server + when requested by the client. The contents of the fields in the + option are based on a number of input configuration parameters which + the server will apply when it receives the request (e.g., the T1/T2 + timers that are relevant for the pool of addresses). As a result, + there are no fields that are directly configurable for the option, so + it is not modeled. The following table shows the DHCPv6 options that are modeled, the - element(s) they are sent by, and the relevant YANG module name: + element(s) they are modeled for, and the relevant YANG module name: +---------------------+------+-----+------+-------------------------+ | Name |Server|Relay|Client| Module Name | +=====================+======+=====+======+=========================+ |OPTION_ORO (6) Option| | | X | ietf-dhcpv6-client.yang | | Request Option | | | | | +---------------------+------+-----+------+-------------------------+ |OPTION_PREFERENCE (7)| X | | | ietf-dhcpv6-server.yang | | Preference Option | | | | | +---------------------+------+-----+------+-------------------------+ @@ -257,68 +259,72 @@ "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. DHCPv6 Tree Diagrams 3.1. DHCPv6 Server Tree Diagram The tree diagram in Figure 1 provides an overview of the DHCPv6 server module. The tree also includes the common functions module - Section 4.1. + defined in Section 4.1. module: ietf-dhcpv6-server +--rw dhcpv6-server +--rw enabled? boolean +--rw server-duid? dhc6:duid +--rw vendor-config +--rw option-sets | +--rw option-set* [option-set-id] - | +--rw option-set-id uint32 + | +--rw option-set-id string | +--rw description? string | +--rw preference-option | | +--rw pref-value? uint8 | +--rw auth-option - | | +--rw protocol? uint8 | | +--rw algorithm? uint8 | | +--rw rdm? uint8 | | +--rw replay-detection? uint64 - | | +--rw auth-information? string + | | +--rw (protocol)? + | | +--:(conf-token) + | | | +--rw token-auth-information? binary + | | +--:(rkap) + | | +--rw datatype? uint8 + | | +--rw auth-info-value? binary | +--rw server-unicast-option | | +--rw server-address? inet:ipv6-address | +--rw rapid-commit-option! | +--rw vendor-specific-information-options | | +--rw vendor-specific-information-option* | | [enterprise-number] | | +--rw enterprise-number uint32 | | +--rw vendor-option-data* [sub-option-code] | | +--rw sub-option-code uint16 - | | +--rw sub-option-data? string + | | +--rw sub-option-data? binary | +--rw reconfigure-message-option | | +--rw msg-type? uint8 | +--rw reconfigure-accept-option! | +--rw info-refresh-time-option | | +--rw info-refresh-time? dhc6:timer-seconds32 | +--rw sol-max-rt-option | | +--rw sol-max-rt-value? dhc6:timer-seconds32 | +--rw inf-max-rt-option | +--rw inf-max-rt-value? dhc6:timer-seconds32 +--rw class-selector +--rw allocation-ranges +--rw option-set-id* leafref +--rw valid-lifetime? dhc6:timer-seconds32 +--rw renew-time? dhc6:timer-seconds32 +--rw rebind-time? dhc6:timer-seconds32 +--rw preferred-lifetime? dhc6:timer-seconds32 +--rw rapid-commit? boolean +--rw allocation-range* [id] - | +--rw id uint32 + | +--rw id string | +--rw description? string | +--rw network-prefix inet:ipv6-prefix | +--rw option-set-id* leafref | +--rw valid-lifetime? dhc6:timer-seconds32 | +--rw renew-time? dhc6:timer-seconds32 | +--rw rebind-time? dhc6:timer-seconds32 | +--rw preferred-lifetime? dhc6:timer-seconds32 | +--rw rapid-commit? boolean | +--rw address-pools {na-assignment}? | | +--rw address-pool* [pool-id] @@ -427,31 +433,34 @@ | | dhc6:timer-seconds32 | +--ro valid-lifetime? | | dhc6:timer-seconds32 | +--ro lease-t1? | | dhc6:timer-seconds32 | +--ro lease-t2? | | dhc6:timer-seconds32 | +--ro status | +--ro code? uint16 | +--ro message? string - +--ro solicit-count? uint32 - +--ro advertise-count? uint32 - +--ro request-count? uint32 - +--ro confirm-count? uint32 - +--ro renew-count? uint32 - +--ro rebind-count? uint32 - +--ro reply-count? uint32 - +--ro release-count? uint32 - +--ro decline-count? uint32 - +--ro reconfigure-count? uint32 - +--ro information-request-count? uint32 + +--rw statistics + +--rw discontinuity-time? yang:date-and-time + +--ro solicit-count? yang:counter32 + +--ro advertise-count? yang:counter32 + +--ro request-count? yang:counter32 + +--ro confirm-count? yang:counter32 + +--ro renew-count? yang:counter32 + +--ro rebind-count? yang:counter32 + +--ro reply-count? yang:counter32 + +--ro release-count? yang:counter32 + +--ro decline-count? yang:counter32 + +--ro reconfigure-count? yang:counter32 + +--ro information-request-count? yang:counter32 + +--ro discarded-message-count? yang:counter32 rpcs: +---x delete-address-lease {na-assignment}? | +---w input | | +---w lease-address-to-delete leafref | +--ro output | +--ro return-message? string +---x delete-prefix-lease {prefix-delegation}? +---w input | +---w lease-prefix-to-delete leafref @@ -494,21 +503,21 @@ Descriptions of important nodes: * enabled: Enables/disables the function of the DHCPv6 server. * dhcpv6-server: This container holds the server's DHCPv6 specific configuration. * server-duid: Each server must have a DUID (DHCP Unique Identifier) to identify itself to clients. A DUID consists of a two-octet type field and an arbitrary length (of no more than 128-octets) - content field. Currently there are four defined types of DUIDs in + content field. Currently there are four DUID types defined in [RFC8415] and [RFC6355]. The DUID may be configured using the format for one of these types, or using the 'unstructured' format. The DUID type definitions are imported from the 'ietf- dhcpv6-common.yang' module. [IANA-HARDWARE-TYPES] and [IANA-PEN] are referenced for the relevant DUID types. * vendor-config: This container is provided as a location for additional implementation-specific YANG nodes for the configuration of the device to be augmented. See Appendix C for an example of such a module. @@ -525,152 +534,179 @@ client are imported from the 'ietf-dhcpv6-common' module. Where needed, other DHCPv6 option modules can be augmented as they are defined. * class-selector: This is provided as a location for additional implementation specific YANG nodes for vendor specific class selector nodes to be augmented. See Appendix D for an example of this. * allocation-ranges: A hierarchical model is used for the allocation - of addresses and prefixes. At the top level 'allocation-ranges' + of addresses and prefixes. The top level 'allocation-ranges' container holds global configuration parameters. Under this, the 'allocation-range' list is used for specifying IPv6 prefixes and additional, prefix specific parameters. * address-pools: Used for IA_NA and IA_TA pool allocations with a container for defining host reservations. State information about - active leases from the pool is also located here. + active leases from each pool is also located here. * prefix-pools: Defines pools to be used for prefix delegation to clients. Static host reservations can also be configured. As prefix delegation is not supported by all DHCPv6 server implementations, it is enabled by a feature statement. Information about RPCs * delete-address-lease: Allows the deletion of a lease for an individual IPv6 address from the server's lease database. * delete-prefix-lease: Allows the deletion of a lease for an individual IPv6 prefix from the server's lease database. Information about notifications: * address/prefix-pool-utilization-threshold-exceeded: Raised when - the number of leased addresses or prefixes exceeds the configured - usage threshold. + the number of leased addresses or prefixes in a pool exceeds the + configured usage threshold. * invalid-client-detected: Raised when the server detects an invalid client. A description of the error and message type that has generated the notification can be included. * decline-received: Raised when a DHCPv6 Decline message is received from a client. - * non-success-code-sent: Raised when there is a status message for - an failure. + * non-success-code-sent: Raised when there is a status message for a + failure. 3.2. DHCPv6 Relay Tree Diagram The tree diagram in Figure 2 provides an overview of the DHCPv6 relay - module. The tree also includes the common functions module - Section 4.1. + module. The tree also includes the common functions module defined + in Section 4.1. + + The RPCs in the module are taken from requirements defined in + [RFC8987]. module: ietf-dhcpv6-relay +--rw dhcpv6-relay +--rw enabled? boolean +--rw relay-if* [if-name] - | +--rw if-name - | | if:interface-ref + | +--rw if-name if:interface-ref | +--rw enabled? boolean - | +--rw destination-address* - | | inet:ipv6-address - | +--rw link-address? - | | inet:ipv6-address + | +--rw destination-address* inet:ipv6-address + | +--rw link-address? inet:ipv6-address | +--rw relay-options | | +--rw auth-option - | | | +--rw protocol? uint8 | | | +--rw algorithm? uint8 | | | +--rw rdm? uint8 | | | +--rw replay-detection? uint64 - | | | +--rw auth-information? string + | | | +--rw (protocol)? + | | | +--:(conf-token) + | | | | +--rw token-auth-information? binary + | | | +--:(rkap) + | | | +--rw datatype? uint8 + | | | +--rw auth-info-value? binary | | +--rw interface-id-option - | | +--rw interface-id? string - | +--ro solicit-received-count? uint32 - | +--ro advertise-sent-count? uint32 - | +--ro request-received-count? uint32 - | +--ro confirm-received-count? uint32 - | +--ro renew-received-count? uint32 - | +--ro rebind-received-count? uint32 - | +--ro reply-sent-count? uint32 - | +--ro release-received-count? uint32 - | +--ro decline-received-count? uint32 - | +--ro reconfigure-sent-count? uint32 - | +--ro information-request-received-count? uint32 - | +--ro unknown-message-received-count? uint32 - | +--ro unknown-message-sent-count? uint32 - | +--ro discarded-message-count? uint32 + | | +--rw interface-id? binary + | +--rw statistics + | | +--rw discontinuity-time? + | | | yang:date-and-time + | | +--ro solicit-received-count? + | | | yang:counter32 + | | +--ro advertise-sent-count? + | | | yang:counter32 + | | +--ro request-received-count? + | | | yang:counter32 + | | +--ro confirm-received-count? + | | | yang:counter32 + | | +--ro renew-received-count? + | | | yang:counter32 + | | +--ro rebind-received-count? + | | | yang:counter32 + | | +--ro reply-sent-count? + | | | yang:counter32 + | | +--ro release-received-count? + | | | yang:counter32 + | | +--ro decline-received-count? + | | | yang:counter32 + | | +--ro reconfigure-sent-count? + | | | yang:counter32 + | | +--ro information-request-received-count? + | | | yang:counter32 + | | +--ro unknown-message-received-count? + | | | yang:counter32 + | | +--ro unknown-message-sent-count? + | | | yang:counter32 + | | +--ro discarded-message-count? + | | yang:counter32 | +--rw prefix-delegation! {prefix-delegation}? | +--ro pd-leases* [ia-pd-prefix] | +--ro ia-pd-prefix inet:ipv6-prefix | +--ro last-renew? yang:date-and-time | +--ro client-peer-address? inet:ipv6-address | +--ro client-duid? dhc6:duid | +--ro server-duid? dhc6:duid - +--ro relay-forward-sent-count? uint32 - +--ro relay-forward-received-count? uint32 - +--ro relay-reply-received-count? uint32 - +--ro relay-forward-unknown-sent-count? uint32 - +--ro relay-forward-unknown-received-count? uint32 - +--ro discarded-message-count? uint32 + +--rw statistics + +--ro relay-forward-sent-count? + | yang:counter32 + +--ro relay-forward-received-count? + | yang:counter32 + +--ro relay-reply-received-count? + | yang:counter32 + +--ro relay-forward-unknown-sent-count? + | yang:counter32 + +--ro relay-forward-unknown-received-count? + | yang:counter32 + +--ro discarded-message-count? + yang:counter32 rpcs: +---x clear-prefix-entry {prefix-delegation}? | +---w input | | +---w lease-prefix leafref | +--ro output | +--ro return-message? string +---x clear-client-prefixes {prefix-delegation}? | +---w input | | +---w client-duid dhc6:duid | +--ro output | +--ro return-message? string +---x clear-interface-prefixes {prefix-delegation}? +---w input - | +---w interface - | -> ../../dhcpv6-relay/relay-if/if-name + | +---w interface -> /dhcpv6-relay/relay-if/if-name +--ro output +--ro return-message? string notifications: +---n relay-event +--ro topology-change +--ro relay-if-name? - | -> ../../../dhcpv6-relay/relay-if/if-name + | -> /dhcpv6-relay/relay-if/if-name +--ro last-ipv6-addr? inet:ipv6-address Figure 2: DHCPv6 Relay Data Module Structure Descriptions of important nodes: * enabled: Globally enables/disables all DHCPv6 relay functions. * dhcpv6-relay: This container holds the relay's DHCPv6-specific configuration. * relay-if: As a relay may have multiple client-facing interfaces, they are configured in a list. The if-name leaf is the key and is an interface-ref to the applicable interface defined by the 'ietf- interfaces' YANG module. - * enabled: Enables/disables all DHCPv6 relay function for the + * enabled: Enables/disables all DHCPv6 relay functions for the specific interface. * destination-addresses: Defines a list of IPv6 addresses that client messages will be relayed to. May include unicast or multicast addresses. * link-address: Configures the value that the relay will put into the link-address field of Relay-Forward messages. * prefix-delegation: As prefix delegation is not supported by all @@ -682,77 +718,74 @@ * relay-options: Holds configuration parameters for DHCPv6 options which can be sent by the relay. The initial set of applicable option definitions are defined here and additional options that are also relevant to the server and/or client are imported from the 'ietf-dhcpv6-common' module. Where needed, other DHCPv6 option modules can be augmented as they are defined. Information about RPCs - * clear-prefix-lease: Allows the removal of a delegated lease entry + * clear-prefix-entry: Allows the removal of a delegated lease entry from the relay. * clear-client-prefixes: Allows the removal of all of the delegated lease entries for a single client (referenced by client DUID) from the relay. * clear-interface-prefixes: Allows the removal of all of the delegated lease entries from an interface on the relay. Information about notifications: - * topology-changed: Raised when the topology of the relay agent is + * topology-change: Raised when the topology of the relay agent is changed, e.g., a client facing interface is reconfigured. 3.3. DHCPv6 Client Tree Diagram The tree diagram in Figure 3 provides an overview of the DHCPv6 client module. The tree also includes the common functions module defined in Section 4.1. module: ietf-dhcpv6-client +--rw dhcpv6-client +--rw enabled? boolean - +--rw client-duid? dhc6:duid - | {non-temp-addr or prefix-del or temp-addr - | and not anon-profile}? +--rw client-if* [if-name] +--rw if-name if:interface-ref +--rw enabled? boolean +--rw interface-duid? dhc6:duid - | {non-temp-addr or prefix-del or temp-addr - | and anon-profile}? + | {(non-temp-addr or prefix-delegation or temp-addr) + and anon-profile}? +--rw client-configured-options | +--rw option-request-option | | +--rw oro-option* uint16 | +--rw rapid-commit-option! | +--rw user-class-option! | | +--rw user-class-data-instance* | | [user-class-data-id] | | +--rw user-class-data-id uint8 - | | +--rw user-class-data? string + | | +--rw user-class-data? binary | +--rw vendor-class-option | | +--rw vendor-class-option-instances* | | [enterprise-number] | | +--rw enterprise-number uint32 | | +--rw vendor-class-data-element* | | [vendor-class-data-id] | | +--rw vendor-class-data-id uint8 - | | +--rw vendor-class-data? string + | | +--rw vendor-class-data? binary | +--rw vendor-specific-information-options | | +--rw vendor-specific-information-option* | | [enterprise-number] | | +--rw enterprise-number uint32 | | +--rw vendor-option-data* [sub-option-code] | | +--rw sub-option-code uint16 - | | +--rw sub-option-data? string + | | +--rw sub-option-data? binary | +--rw reconfigure-accept-option! +--rw ia-na* [ia-id] {non-temp-addr}? | +--rw ia-id uint32 | +--rw ia-na-options | +--ro lease-state | +--ro ia-na-address? inet:ipv6-address | +--ro lease-t1? dhc6:timer-seconds32 | +--ro lease-t2? dhc6:timer-seconds32 | +--ro preferred-lifetime? dhc6:timer-seconds32 | +--ro valid-lifetime? dhc6:timer-seconds32 @@ -768,47 +801,50 @@ | +--ro lease-state | +--ro ia-ta-address? inet:ipv6-address | +--ro preferred-lifetime? dhc6:timer-seconds32 | +--ro valid-lifetime? dhc6:timer-seconds32 | +--ro allocation-time? yang:date-and-time | +--ro last-renew-rebind? yang:date-and-time | +--ro server-duid? dhc6:duid | +--ro status | +--ro code? uint16 | +--ro message? string - +--rw ia-pd* [ia-id] {prefix-del}? + +--rw ia-pd* [ia-id] {prefix-delegation}? | +--rw ia-id uint32 | +--rw prefix-length-hint? uint8 | +--rw ia-pd-options | +--ro lease-state | +--ro ia-pd-prefix? inet:ipv6-prefix | +--ro lease-t1? dhc6:timer-seconds32 | +--ro lease-t2? dhc6:timer-seconds32 | +--ro preferred-lifetime? dhc6:timer-seconds32 | +--ro valid-lifetime? dhc6:timer-seconds32 | +--ro allocation-time? yang:date-and-time | +--ro last-renew-rebind? yang:date-and-time | +--ro server-duid? dhc6:duid | +--ro status | +--ro code? uint16 | +--ro message? string - +--ro solicit-count? uint32 - +--ro advertise-count? uint32 - +--ro request-count? uint32 - +--ro confirm-count? uint32 - +--ro renew-count? uint32 - +--ro rebind-count? uint32 - +--ro reply-count? uint32 - +--ro release-count? uint32 - +--ro decline-count? uint32 - +--ro reconfigure-count? uint32 - +--ro information-request-count? uint32 + +--rw statistics + +--rw discontinuity-time? yang:date-and-time + +--ro solicit-count? yang:counter32 + +--ro advertise-count? yang:counter32 + +--ro request-count? yang:counter32 + +--ro confirm-count? yang:counter32 + +--ro renew-count? yang:counter32 + +--ro rebind-count? yang:counter32 + +--ro reply-count? yang:counter32 + +--ro release-count? yang:counter32 + +--ro decline-count? yang:counter32 + +--ro reconfigure-count? yang:counter32 + +--ro information-request-count? yang:counter32 + +--ro discarded-message-count? yang:counter32 notifications: +---n invalid-ia-address-detected | {non-temp-addr or temp-addr}? | +--ro ia-id uint32 | +--ro ia-na-t1-timer? uint32 | +--ro ia-na-t2-timer? uint32 | +--ro invalid-address? inet:ipv6-address | +--ro preferred-lifetime? uint32 | +--ro valid-lifetime? uint32 @@ -816,68 +852,67 @@ | +--ro description? string +---n transmission-failed | +--ro failure-type enumeration | +--ro description? string +---n unsuccessful-status-code | +--ro server-duid dhc6:duid | +--ro status | +--ro code? uint16 | +--ro message? string +---n server-duid-changed - {non-temp-addr or prefix-del or temp-addr}? + {non-temp-addr or prefix-delegation or temp-addr}? +--ro new-server-duid dhc6:duid +--ro previous-server-duid dhc6:duid +--ro lease-ia-na? - | -> ../../dhcpv6-client/client-if/ia-na/ia-id + | -> /dhcpv6-client/client-if/ia-na/ia-id | {non-temp-addr}? +--ro lease-ia-ta? - | -> ../../dhcpv6-client/client-if/ia-ta/ia-id + | -> /dhcpv6-client/client-if/ia-ta/ia-id | {temp-addr}? +--ro lease-ia-pd? - -> ../../dhcpv6-client/client-if/ia-pd/ia-id - {prefix-del}? + -> /dhcpv6-client/client-if/ia-pd/ia-id + {prefix-delegation}? Figure 3: DHCPv6 Client Data Module Structure Descriptions of important nodes: * enabled: Globally enables/disables all DHCPv6 client functions. * dhcpv6-client: This container holds the client's DHCPv6 specific configuration. * client-if: As a client may have multiple interfaces requesting configuration over DHCP, they are configured in a list. The if- name leaf is the key and is an interface-ref to the applicable interface defined by the 'ietf-interfaces' YANG module. * enabled: Enables/disables all DHCPv6 client function for the specific interface. * client-duid/interface-duid: The DUID (DHCP Unique Identifier) is - used to identify the client to servers and relays. DUID - configuration may conditionally appear in one of two locations in - the client tree, depending on the features that the client - implements. If the client does not support requesting any address - or prefix leasing features, then there is no leaf for a DUID - value. If the client does not implement the 'anon-profile' - feature [RFC7844], then there is a single 'client-duid' leaf that - holds that DUID value which will be used for all DHCPv6 enabled - interfaces. If the 'anon-profile' is enabled, there is an - 'interface-duid' leaf for each DHCP enabled interface. A DUID + used to identify the client to servers and relays. A DUID consists of a two-octet type field and an arbitrary length (1-128 - octets) content field. Currently there are four defined types of - DUIDs in [RFC8415] and [RFC6355]. The DUID may be configured + octets) content field. Currently there are four DUID types + defined in [RFC8415] and [RFC6355]. The DUID may be configured using the format for one of these types, or using the 'unstructured' format. The DUID type definitions are imported from the 'ietf-dhcpv6-common.yang' module. [IANA-HARDWARE-TYPES] - and [IANA-PEN] are referenced for the relevant DUID types. + and [IANA-PEN] are referenced for the relevant DUID types. A DUID + only needs to be configured if the client is requesting addresses + and/or prefixes from the server. Presence of the 'client-duid' or + 'interface-duid' leaves is conditional on at least one of the + 'non-temp-addr', 'temp-addr', or 'prefix-delegation' features + being enabled. Additionally, if the 'anon-profile' [RFC7844] + feature is enabled, a unique DUID can be configured per DHCP + enabled interface using the 'interface-duid' leaf, otherwise there + is a global 'client-duid' leaf. * client-configured-options: Holds configuration parameters for DHCPv6 options which can be sent by the client. The initial set of applicable option definitions are defined here and additional options that are also relevant to the relay and/or server are imported from the 'ietf-dhcpv6-common' module. Where needed, other DHCPv6 option modules can be augmented as they are defined. * ia-na, ia-ta, ia-pd: Contains configuration nodes relevant for requesting one or more of each of the lease types. Read-only @@ -895,21 +930,21 @@ * retransmission-failed: Raised when the retransmission mechanism defined in [RFC8415] has failed. 4. DHCPv6 YANG Modules 4.1. DHCPv6 Common YANG Module This module imports typedefs from [RFC6991]. - file "ietf-dhcpv6-common@2021-11-18.yang" + file "ietf-dhcpv6-common@2022-03-07.yang" module ietf-dhcpv6-common { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-dhcpv6-common"; prefix "dhc6"; organization "IETF DHC (Dynamic Host Configuration) Working Group"; contact @@ -926,36 +961,38 @@ "This YANG module defines common components used for the configuration and management of DHCPv6. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. - Copyright (c) 2021 IETF Trust and the persons identified as + Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself + for full legal notices."; - revision 2021-10-25 { + revision 2022-03-07 { description "Initial Revision."; + reference "XXXX: YANG Data Model for DHCPv6 Configuration"; } typedef threshold { type uint8 { range 1..100; } description "Threshold value in percent."; @@ -967,67 +1004,70 @@ description "Timer value type, in seconds (32-bit range)."; } typedef duid-base { type string { pattern '([0-9a-fA-F]{2}){3,130}'; } description "Each DHCP server and client has a DUID (DHCP Unique - Identifier). The DUID consists of a two-octet - type field and an arbitrary length (1-128 octets) content - field. The duid-base type is used by other duid types with + Identifier). The DUID consists of a two-octet type field + and an arbitrary length (1-128 octets) content field. + The duid-base type is used by other duid types with additional pattern constraints. Currently, there are four defined types of DUIDs - in RFC 8415 and RFC 6355 - DUID-LLT, DUID-EN, DUID-LL - and DUID-UUID. DUID-unstructured represents DUIDs which - do not follow any of the defined formats."; + in RFC 8415 and RFC 6355 - DUID-LLT, DUID-EN, DUID-LL and + DUID-UUID. DUID-unstructured represents DUIDs which do not + follow any of the defined formats. + + Type 'string' is used to represent the hexadecimal DUID value + so that pattern constraints can be applied."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 11 RFC 6355: Definition of the UUID-Based DHCPv6 Unique Identifier (DUID-UUID), Section 4"; } typedef duid-llt { type duid-base { pattern '0001' + '[0-9a-fA-F]{12,}'; } description "DUID type 1, based on Link-Layer Address Plus Time (DUID-LLT). Constructed with a 2-octet hardware type assigned - by IANA, 4-octet containing the time the DUID is generated + by IANA, 4-octets containing the time the DUID is generated (represented in seconds since midnight (UTC), January 1, 2000, modulo 2^32), and a link-layer address. The address is encoded without separator characters. For example: +------+------+----------+--------------+ | 0001 | 0006 | 28490058 | 00005E005300 | +------+------+----------+--------------+ This example includes the 2-octet DUID type of 1 (0x01), the hardware type is 0x06 (IEEE Hardware Types) the creation - time is 0x028490058 (constructed as described above). Finally, + time is 0x28490058 (constructed as described above). Finally, the link-layer address is 0x5E005300 (EUI-48 address 00-00-5E-00-53-00)"; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 11.2 IANA 'Hardware Types' registry. "; } typedef duid-en { type duid-base { pattern '0002' - + '[0-9a-fA-F]{4,}'; + + '[0-9a-fA-F]{8,}'; } description "DUID type 2, assigned by vendor based on Enterprise Number (DUID-EN). This DUID consists of the 4-octet vendor's registered Private Enterprise Number as maintained by IANA followed by a unique identifier assigned by the vendor. For example: +------+----------+------------------+ | 0002 | 00007ED9 | 0CC084D303000912 | @@ -1052,23 +1090,23 @@ "DUID type 3, based on Link-Layer Address (DUID-LL). Constructed with a 2-octet hardware type assigned by IANA, and a link-layer address. The address is encoded without separator characters. For example: +------+------+--------------+ | 0003 | 0006 | 00005E005300 | +------+------+--------------+ This example includes the 2-octet DUID type of 3 (0x03), the - hardware type is 0x06 (IEEE Hardware Types), and the link-layer - - address is 0x5E005300 (EUI-48 address 00-00-5E-00-53-00)"; + hardware type is 0x06 (IEEE Hardware Types), and the + link-layer address is 0x5E005300 (EUI-48 address + 00-00-5E-00-53-00)"; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 11.4 IANA 'Hardware Types' registry. "; } typedef duid-uuid { type duid-base { pattern '0004' + '[0-9a-fA-F]{32}'; @@ -1079,29 +1117,27 @@ containing a 128-bit UUID. For example: +------+----------------------------------+ | 0004 | 9f03b182705747e38a1e422910078642 | +------+----------------------------------+ This example includes the 2-octet DUID type of 4 (0x04), and the UUID 9f03b182-7057-47e3-8a1e-422910078642."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 11.5 - RFC 6355: Definition of the UUID-Based DHCPv6 Unique Identifier - - (DUID-UUID)"; - + RFC 6355: Definition of the UUID-Based DHCPv6 Unique + Identifier (DUID-UUID)"; } typedef duid-unstructured { type duid-base { - pattern '(000[1-4].*|.*[^0-9a-fA-F].*)' { + pattern '(000[1-4].*)' { modifier invert-match; } } description "Used for DUIDs following any other formats than DUID types 1-4. For example: +----------------------------------+ | 7b6a164d325946539dc540fb539bc430 | +----------------------------------+ @@ -1158,111 +1194,114 @@ end user. It MUST NOT be null-terminated."; } } } grouping auth-option-group { description "OPTION_AUTH (11) Authentication Option."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.11 - IANA 'Dynamic Host Configuration Protocol (DHCP) Authentication - - Option Name Spaces' registry. + RFC 3118: Authentication for DHCP Messages + IANA 'Dynamic Host Configuration Protocol (DHCP) + Authentication Option Name Spaces' registry. "; container auth-option { description - "OPTION_AUTH (11) Authentication Option container."; - leaf protocol { - type uint8; - description - "The authentication protocol used by this Authentication - option."; - } + "OPTION_AUTH (11) Authentication Option."; leaf algorithm { type uint8; description "The algorithm used in the authentication protocol."; } leaf rdm { type uint8; description "The Replay Detection Method (RDM) used in this Authentication option."; } leaf replay-detection { type uint64; description "The replay detection information for the RDM."; } - leaf auth-information { - type string; + choice protocol { description - "The authentication information, as specified by the - protocol and algorithm used in this Authentication - option."; - } + "The authentication protocol used in the option. Namespace + values 1 (delayed authentication) and 2 (Delayed + Authentication (Obsolete) are not applicable and so are + not modeled."; + case conf-token { + leaf token-auth-information { + type binary; + description + "Protocol Namespace Value 0. The authentication + information, as specified by the protocol and + algorithm used in this Authentication option."; } } - - grouping status-code-option-group { - description - "OPTION_STATUS_CODE (13) Status Code Option."; - reference "RFC 8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6), Section 21.13"; - container status-code-option { + case rkap { description - "OPTION_STATUS_CODE (13) Status Code Option container."; - leaf status-code { - type uint16; + "Protocol Namespace Value 3. RKAP provides protection + against misconfiguration of a client caused by a + Reconfigure message sent by a malicious DHCP server."; + leaf datatype { + type uint8 { + range "1 .. 2"; + } description - "The numeric code for the status encoded in this option. - See the Status Codes registry at - - for the current list of status codes."; + "Type of data in the Value field carried in this + option. + 1 Reconfigure key value (used in the Reply + message). + 2 HMAC-MD5 digest of the message (used in + the Reconfigure message)."; + } + leaf auth-info-value { + type binary { + length 16; } - leaf status-message { - type string; description - "A UTF-8 encoded text string suitable for display to an - end user. It MUST NOT be null-terminated."; + "Data as defined by the Type field. A 16-octet field."; + } + } } } } grouping rapid-commit-option-group { description "OPTION_RAPID_COMMIT (14) Rapid Commit Option."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.14"; container rapid-commit-option { presence "Enable sending of this option"; description - "OPTION_RAPID_COMMIT (14) Rapid Commit Option container."; + "OPTION_RAPID_COMMIT (14) Rapid Commit Option."; } } grouping vendor-specific-information-option-group { description "OPTION_VENDOR_OPTS (17) Vendor-specific Information Option."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.17"; container vendor-specific-information-options { description "OPTION_VENDOR_OPTS (17) Vendor-specific Information - Option container."; + Option."; list vendor-specific-information-option { key enterprise-number; description - "The vendor-specific information option allows for + "The Vendor-specific Information option allows for multiple instances in a single message. Each list entry defines the contents of an instance of the option."; leaf enterprise-number { type uint32; description "The vendor's registered Enterprise Number, as maintained by IANA."; reference "IANA 'Private Enterprise Numbers' registry. "; } @@ -1270,29 +1309,27 @@ key sub-option-code; description "Vendor options, interpreted by vendor-specific client/server functions."; leaf sub-option-code { type uint16; description "The code for the sub-option."; } leaf sub-option-data { - type string { - pattern '([0-9a-fA-F]{2}){0,}'; - } + type binary; description "The data area for the sub-option."; } - } } + } } grouping reconfigure-accept-option-group { description "OPTION_RECONF_ACCEPT (20) Reconfigure Accept Option. A client uses the Reconfigure Accept option to announce to the server whether the client is willing to accept Reconfigure messages, and a server uses this option to tell the client whether or not to accept Reconfigure messages. In the absence @@ -1297,32 +1334,31 @@ messages, and a server uses this option to tell the client whether or not to accept Reconfigure messages. In the absence of this option, the default behavior is that the client is unwilling to accept Reconfigure messages. The presence node is used to enable the option."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.20"; container reconfigure-accept-option { presence "Enable sending of this option"; description - "OPTION_RECONF_ACCEPT (20) Reconfigure Accept Option - container."; + "OPTION_RECONF_ACCEPT (20) Reconfigure Accept Option."; } } } 4.2. DHCPv6 Server YANG Module This module imports typedefs from [RFC6991], [RFC8343]. - file "ietf-dhcpv6-server@2021-11-18.yang" + file "ietf-dhcpv6-server@2022-03-07.yang" module ietf-dhcpv6-server { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-dhcpv6-server"; prefix "dhc6-srv"; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; @@ -1357,40 +1392,40 @@ Author: Linhui Sun Editor: Ian Farrer Author: Sladjana Zeichlin Author: Zihao He Author: Michal Nowikowski "; description "This YANG module defines components for the configuration and management of DHCPv6 servers. - Copyright (c) 2021 IETF Trust and the persons identified as + Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself + for full legal notices."; - revision 2021-10-25 { + revision 2022-03-07 { description "Initial Revision."; reference "XXXX: YANG Data Model for DHCPv6 Configuration"; } - /* * Features */ feature na-assignment { description "Denotes that the server implements DHCPv6 non-temporary address assignment."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 6.2"; @@ -1418,48 +1453,48 @@ } description "The ID field of relevant set of DHCPv6 options (option-set) to be provisioned to clients using the allocation-range."; } leaf valid-lifetime { type dhc6:timer-seconds32; description "Valid lifetime for the Identity Association (IA)."; reference "RFC 8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6), Section 6"; + IPv6 (DHCPv6), Section 12.1"; } leaf renew-time { type dhc6:timer-seconds32; description "Renew (T1) time."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 4.2"; } leaf rebind-time { type dhc6:timer-seconds32; description "Rebind (T2) time."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 4.2"; } leaf preferred-lifetime { type dhc6:timer-seconds32; description "Preferred lifetime for the Identity Association (IA)."; reference "RFC 8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6), Section 6"; + IPv6 (DHCPv6), Section 12.1"; } leaf rapid-commit { type boolean; description - "When set to 'true', Specifies that the pool supports - client-server exchanges involving two messages."; + "When set to 'true', Specifies that client-server exchanges + involving two messages is supported."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 5.1"; } } grouping lease-information { description "Binding information for each client that has been allocated an IPv6 address or prefix."; leaf client-duid { @@ -1518,121 +1553,137 @@ leaf lease-t2 { type dhc6:timer-seconds32; description "The time interval after which the client should contact any available server to extend the lifetimes of the addresses assigned to the IA_PD."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 4.2"; } uses dhc6:status; - } - grouping message-stats { + grouping message-statistics { description "Counters for DHCPv6 messages."; + leaf discontinuity-time { + type yang:date-and-time; + description + "The time on the most recent occasion at which any one or + more of DHCPv6 server's counters suffered a discontinuity. + If no such discontinuities have occurred since the last + re-initialization of the local management subsystem, then + this node contains the time the local management subsystem + re-initialized itself."; + } leaf solicit-count { - type uint32; + type yang:counter32; config "false"; description "Number of Solicit (1) messages received."; } leaf advertise-count { - type uint32; + type yang:counter32; config "false"; description "Number of Advertise (2) messages sent."; } leaf request-count { - type uint32; + type yang:counter32; config "false"; description "Number of Request (3) messages received."; } leaf confirm-count { - type uint32; + type yang:counter32; config "false"; description "Number of Confirm (4) messages received."; } leaf renew-count { - type uint32; + type yang:counter32; config "false"; description "Number of Renew (5) messages received."; } leaf rebind-count { - type uint32; + type yang:counter32; config "false"; description "Number of Rebind (6) messages received."; } leaf reply-count { - type uint32; + type yang:counter32; config "false"; description "Number of Reply (7) messages sent."; } leaf release-count { - type uint32; + type yang:counter32; config "false"; description "Number of Release (8) messages received."; } leaf decline-count { - type uint32; + type yang:counter32; config "false"; description "Number of Decline (9) messages received."; } leaf reconfigure-count { - type uint32; + type yang:counter32; config "false"; description "Number of Reconfigure (10) messages sent."; } leaf information-request-count { - type uint32; + type yang:counter32; config "false"; description "Number of Information-request (11) messages received."; } + leaf discarded-message-count { + type yang:counter32; + config "false"; + description + "Number of messages that have been discarded for any + reason."; + } } grouping preference-option-group { description "OPTION_PREFERENCE (7) Preference Option."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.8"; container preference-option { description - "OPTION_PREFERENCE (7) Preference Option - container."; + "OPTION_PREFERENCE (7) Preference Option."; + leaf pref-value { type uint8; description - "The preference value for the server in this - message. A 1-octet unsigned integer."; + "The preference value for the server in this message. A + 1-octet unsigned integer."; } } } grouping server-unicast-option-group { description "OPTION_UNICAST (12) Server Unicast Option."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.12"; container server-unicast-option { description - "OPTION_UNICAST (12) Server Unicast Option container."; + "OPTION_UNICAST (12) Server Unicast Option."; leaf server-address { type inet:ipv6-address; description "The 128-bit address to which the client should send messages delivered using unicast."; } } } grouping reconfigure-message-option-group { @@ -1653,65 +1704,65 @@ } grouping info-refresh-time-option-group { description "OPTION_INFORMATION_REFRESH_TIME (32) Information Refresh Time Option."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.23"; container info-refresh-time-option { description - "OPTION_INFORMATION_REFRESH_TIME (32) - Information Refresh Time option container."; + "OPTION_INFORMATION_REFRESH_TIME (32) Information Refresh + Time Option."; leaf info-refresh-time { type dhc6:timer-seconds32; description - "Time duration relative to the current time, expressed - in units of seconds."; + "Time duration specifying an upper bound for how long a + client should wait before refreshing information retrieved + from a DHCP server."; } } } + grouping sol-max-rt-option-group { description "OPTION_SOL_MAX_RT (82) SOL_MAX_RT Option (Max Solicit timeout value)."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.24"; container sol-max-rt-option { description - "OPTION_SOL_MAX_RT (82) SOL_MAX_RT option container."; + "OPTION_SOL_MAX_RT (82) SOL_MAX_RT Option."; leaf sol-max-rt-value { type dhc6:timer-seconds32; description - "sol max rt value"; + "Maximum Solicit timeout value."; } } } grouping inf-max-rt-option-group { description "OPTION_INF_MAX_RT (83) INF_MAX_RT Option (Max Information-request timeout value)."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.25"; container inf-max-rt-option { description - "OPTION_INF_MAX_RT (83) inf max rt option - container."; + "OPTION_INF_MAX_RT (83) inf max rt Option."; leaf inf-max-rt-value { type dhc6:timer-seconds32; description - "inf max rt value"; + "Maximum Information-request timeout value."; } } } - /* * Data Nodes */ container dhcpv6-server { description "Configuration nodes for the DHCPv6 server."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 18.3"; leaf enabled { @@ -1722,41 +1772,40 @@ } leaf server-duid { type dhc6:duid; description "DUID of the server."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 11"; } container vendor-config { description - "This container provides a location for - augmenting vendor or implementation specific - configuration nodes."; + "This container provides a location for augmenting vendor + or implementation specific configuration nodes."; } container option-sets { description - "A server may allow different option sets - to be configured for clients matching specific parameters - such as topological location or client type. The - 'option-set' list is a set of options and their - contents that will be returned to clients."; + "A server may allow different option sets to be configured + for clients matching specific parameters such as topological + location or client type. The 'option-set' list is a set of + options and their contents that will be returned to + clients."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21"; list option-set { key option-set-id; description - "YANG definitions for DHCPv6 options are - contained in separate YANG modules and augmented to this - container as required."; + "YANG definitions for DHCPv6 options are contained in + separate YANG modules and augmented to this container as + required."; leaf option-set-id { - type uint32; + type string; description "Option set identifier."; } leaf description { type string; description "An optional field for storing additional information relevant to the option set."; } uses preference-option-group; @@ -1789,21 +1838,21 @@ "This model is based on an address and parameter allocation hierarchy. The top level is 'global' - which is defined as the container for all allocation-ranges. Under this are the individual allocation-ranges."; uses resource-config; list allocation-range { key id; description "Network-ranges are identified by the 'id' key."; leaf id { - type uint32; + type string; mandatory true; description "Unique identifier for the allocation range."; } leaf description { type string; description "Description for the allocation range."; } leaf network-prefix { @@ -1826,42 +1875,45 @@ leaf pool-id { type string; mandatory true; description "Unique identifier for the pool."; } leaf pool-prefix { type inet:ipv6-prefix; mandatory true; description - "IPv6 prefix for the pool."; + "IPv6 prefix for the pool. Should be contained + within the network-prefix, if configured."; } leaf start-address { type inet:ipv6-address-no-zone; mandatory true; description "Starting IPv6 address for the pool."; } leaf end-address { type inet:ipv6-address-no-zone; mandatory true; description "Ending IPv6 address for the pool."; } leaf max-address-utilization { type dhc6:threshold; description "Maximum amount of the addresses in the pool which can be simultaneously allocated, calculated as a percentage of the available addresses (end-address minus start-address plus - one)."; + one), rouded up. Used to set the value for the + address-pool-utilization-threshold-exceeded + notification"; } uses resource-config; container host-reservations { description "Configuration for host reservations from the address pool."; list host-reservation { key reserved-addr; description "List of host reservations."; @@ -1880,29 +1932,28 @@ } container active-leases { config false; description "Holds state related to active client leases."; leaf total-count { type uint64; mandatory true; description - "The total number of addresses in the - pool."; + "The total number of addresses in the pool."; } leaf allocated-count { type uint64; mandatory true; description - "The number of addresses or prefixes - in the pool that are currently allocated."; + "The number of addresses or prefixes in the pool + that are currently allocated."; } list active-lease { key leased-address; description "List of active address leases."; leaf leased-address { type inet:ipv6-address; description "Active address lease entry."; } @@ -1911,50 +1962,53 @@ } } } container prefix-pools { if-feature prefix-delegation; description "Configuration for the DHCPv6 server's prefix pools."; list prefix-pool { key pool-id; description - "List of prefix pools for allocation to - clients, distinguished by 'pool-id'."; + "List of prefix pools for allocation to clients, + distinguished by 'pool-id'."; leaf pool-id { type string; mandatory true; description "Unique identifier for the pool."; } leaf pool-prefix { type inet:ipv6-prefix; mandatory true; description - "IPv6 prefix for the pool."; + "IPv6 prefix for the pool. Should be contained + within the network-prefix, if configured."; } leaf client-prefix-length { type uint8 { range "1 .. 128"; } mandatory true; description "Length of the prefixes that will be delegated to clients."; } leaf max-pd-space-utilization { type dhc6:threshold; description - "Maximum amount of the prefixes in the - pool which can be simultaneously allocated, - calculated as a percentage of the available - prefixes, rounded up."; + "Maximum amount of the prefixes in the pool which + can be simultaneously allocated, calculated as a + percentage of the available prefixes, rounded up. + Used to set the value for the + prefix-pool-utilization-threshold-exceeded + notification"; } uses resource-config; container host-reservations { description "Configuration for host reservations from the prefix pool."; list prefix-reservation { key reserved-prefix; description "Reserved prefix reservation."; @@ -2000,92 +2054,99 @@ "List of active prefix leases."; leaf leased-prefix { type inet:ipv6-prefix; description "Active leased prefix entry."; } uses lease-information; } } } - } } - uses message-stats; + container statistics { + description + "DHCPv6 message counters for the server."; + uses message-statistics; + } } } /* * RPCs */ rpc delete-address-lease { nacm:default-deny-all; if-feature na-assignment; description - "Deletes a client's active address lease from the - server's lease database. Note this will not cause the address - to be revoked from the client, and the lease may be refreshed - or renewed by the client."; + "Deletes a client's active address lease from the server's + lease database. Note this will not cause the address to be + revoked from the client, and the lease may be refreshed or + renewed by the client."; input { leaf lease-address-to-delete { type leafref { - path "../../dhcpv6-server/allocation-ranges/" + + path "/dhcpv6-server/allocation-ranges/" + "allocation-range/address-pools/address-pool" + "/active-leases/active-lease/leased-address"; } mandatory true; description "IPv6 address of an active lease that will be deleted from the server."; } } output { leaf return-message { type string; description - "Response message from the server."; + "Response message from the server. If available, a + language identifier should be included in the message."; + reference "BCP 14 (RFC 2277) IETF Policy on Character Sets + and Languages, Section 4.2."; } } } rpc delete-prefix-lease { nacm:default-deny-all; if-feature prefix-delegation; description - "Deletes a client's active prefix lease from the - server's lease database. Note, this will not cause the prefix - to be revoked from the client, and the lease may be refreshed - or renewed by the client."; - + "Deletes a client's active prefix lease from the server's + lease database. Note, this will not cause the prefix to be + revoked from the client, and the lease may be refreshed or + renewed by the client."; input { leaf lease-prefix-to-delete { type leafref { - path "../../dhcpv6-server/allocation-ranges/" + + path "/dhcpv6-server/allocation-ranges/" + "allocation-range/prefix-pools/prefix-pool" + "/active-leases/active-lease/leased-prefix"; } mandatory true; description "IPv6 prefix of an active lease that will be deleted from the server."; } } output { leaf return-message { type string; description - "Response message from the server."; + "Response message from the server. If available, a + language identifier should be included in the message."; + reference "BCP 14 (RFC 2277) IETF Policy on Character Sets + and Languages, Section 4.2."; } } } - /* * Notifications */ notification address-pool-utilization-threshold-exceeded { if-feature na-assignment; description "Notification sent when the address pool utilization exceeds the threshold configured in max-address-utilization."; @@ -2084,63 +2145,63 @@ */ notification address-pool-utilization-threshold-exceeded { if-feature na-assignment; description "Notification sent when the address pool utilization exceeds the threshold configured in max-address-utilization."; leaf pool-id { type leafref { - path "../../dhcpv6-server/allocation-ranges/" + + path "/dhcpv6-server/allocation-ranges/" + "allocation-range/address-pools/address-pool" + "/pool-id"; } mandatory true; description - "Leafref to the address pool that the notification - is being generated for."; + "Leafref to the address pool that the notification is being + generated for."; } leaf total-pool-addresses { type uint64; mandatory true; description - "Total number of addresses in the pool - (end-address minus start-address plus one)."; + "Total number of addresses in the pool (end-address minus + start-address plus one)."; } leaf max-allocated-addresses { type uint64; mandatory true; description "Maximum number of addresses that can be simultaneously - allocated from the pool. This value may be less than - count of total addresses. Calculated as the + allocated from the pool. This value may be less than count + of total addresses. Calculated as the max-address-utilization (percentage) of the total-pool-addresses, rounded up."; } leaf allocated-address-count { type uint64; mandatory true; description "Number of addresses allocated from the pool."; } } notification prefix-pool-utilization-threshold-exceeded { if-feature prefix-delegation; description "Notification sent when the prefix pool utilization exceeds the threshold configured in max-pd-space-utilization."; leaf pool-id { type leafref { - path "../../dhcpv6-server/allocation-ranges" + + path "/dhcpv6-server/allocation-ranges" + "/allocation-range/prefix-pools/prefix-pool/pool-id"; } mandatory true; description "Unique identifier for the pool."; } leaf total-pool-prefixes { type uint64; mandatory true; description @@ -2159,22 +2220,22 @@ leaf allocated-prefixes-count { type uint64; mandatory true; description "Number of prefixes allocated from the pool."; } } notification invalid-client-detected { description - "Notification sent when the server detects an - invalid client."; + "Notification sent when the server detects an invalid + client."; leaf message-type { type enumeration { enum solicit { description "Solicit (1) message."; } enum request { description "Request (3) message."; } @@ -2209,30 +2269,30 @@ the error."; } leaf duid { type dhc6:duid; description "Client DUID."; } leaf description { type string; description - "Description of the event (e.g., and error code or log + "Description of the event (e.g., an error code or log message)."; } } notification decline-received { if-feature na-assignment; description - "Notification sent when the server has received a - Decline (9) message from a client."; + "Notification sent when the server has received a Decline (9) + message from a client."; leaf duid { type dhc6:duid; description "Client DUID."; } list declined-resources { description "List of declined addresses and/or prefixes."; choice resource-type { description @@ -2243,45 +2303,44 @@ description "Address that has been declined."; } } case declined-prefix { leaf prefix { type inet:ipv6-prefix; description "Prefix that has been declined."; } - } } } } notification non-success-code-sent { description - "Notification sent when the server responded - to a client with non-success status code."; + "Notification sent when the server responded to a client with + a non-success status code."; leaf duid { type dhc6:duid; description "Client DUID."; } uses dhc6:status; } } 4.3. DHCPv6 Relay YANG Module This module imports typedefs from [RFC6991], [RFC8343]. - file "ietf-dhcpv6-relay@2021-11-18.yang" + file "ietf-dhcpv6-relay@2022-03-07.yang" module ietf-dhcpv6-relay { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-dhcpv6-relay"; prefix "dhc6-rly"; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; @@ -2320,39 +2380,47 @@ Author: Linhui Sun Editor: Ian Farrer Author: Sladjana Zeichlin Author: Zihao He Author: Michal Nowikowski "; description "This YANG module defines components necessary for the configuration and management of DHCPv6 relays. - Copyright (c) 2021 IETF Trust and the persons identified as + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself + for full legal notices."; - revision 2021-10-25 { + revision 2022-03-07 { description "Initial Revision."; reference "XXXX: YANG Data Model for DHCPv6 Configuration"; } + /* * Features */ feature prefix-delegation { description "Enable if the relay functions as a delegating router for DHCPv6 prefix delegation."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 6.3"; @@ -2362,22 +2431,21 @@ * Groupings */ grouping pd-lease-state { description "State data for the relay."; list pd-leases { key ia-pd-prefix; config false; description - "Information about an active IA_PD prefix - delegation."; + "Information about an active IA_PD prefix delegation."; leaf ia-pd-prefix { type inet:ipv6-prefix; description "Prefix that is delegated."; } leaf last-renew { type yang:date-and-time; description "Time of the last successful refresh or renew of the delegated prefix."; @@ -2395,166 +2463,176 @@ leaf server-duid { type dhc6:duid; description "DUID of the delegating server."; } } } grouping message-statistics { description - "Contains counters for the different DHCPv6 - message types."; + "Contains counters for the different DHCPv6 message types."; + leaf discontinuity-time { + type yang:date-and-time; + description + "The time on the most recent occasion at which any one or + more of DHCPv6 relay's counters suffered a discontinuity. + If no such discontinuities have occurred since the last + re-initialization of the local management subsystem, then + this node contains the time the local management subsystem + re-initialized itself."; + } leaf solicit-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of Solicit (1) messages received."; } leaf advertise-sent-count { - type uint32; + type yang:counter32; config "false"; description "Number of Advertise (2) messages sent."; } leaf request-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of Request (3) messages received."; } leaf confirm-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of Confirm (4) messages received."; } leaf renew-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of Renew (5) messages received."; } leaf rebind-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of Rebind (6) messages received."; } leaf reply-sent-count { - type uint32; + type yang:counter32; config "false"; description - "Number of Reply (7) messages received."; + "Number of Reply (7) messages sent."; } leaf release-received-count { - type uint32; + type yang:counter32; config "false"; description - "Number of Release (8) messages sent."; + "Number of Release (8) messages received."; } leaf decline-received-count { - type uint32; + type yang:counter32; config "false"; description - "Number of Decline (9) messages sent."; + "Number of Decline (9) messages received."; } leaf reconfigure-sent-count { - type uint32; + type yang:counter32; config "false"; description "Number of Reconfigure (10) messages sent."; } leaf information-request-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of Information-request (11) messages received."; } leaf unknown-message-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of messages of unknown type that have been received."; } leaf unknown-message-sent-count { - type uint32; + type yang:counter32; config "false"; description "Number of messages of unknown type that have been sent."; } leaf discarded-message-count { - type uint32; + type yang:counter32; config "false"; description "Number of messages that have been discarded for any reason."; } + } grouping global-statistics { description "Global statistics for the device."; leaf relay-forward-sent-count { - type uint32; + type yang:counter32; config "false"; description "Number of Relay-forward (12) messages sent."; } leaf relay-forward-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of Relay-forward (12) messages received."; } leaf relay-reply-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of Relay-reply (13) messages received."; } leaf relay-forward-unknown-sent-count { - type uint32; + type yang:counter32; config "false"; description "Number of Relay-forward (12) messages containing a message of unknown type sent."; } leaf relay-forward-unknown-received-count { - type uint32; + type yang:counter32; config "false"; description "Number of Relay-forward (12) messages containing a message of unknown type received."; } leaf discarded-message-count { - type uint32; + type yang:counter32; config "false"; description "Number of messages that have been discarded for any reason."; } } + grouping interface-id-option-group { description "OPTION_INTERFACE_ID (18) Interface-Id Option."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.18"; container interface-id-option { description - "OPTION_INTERFACE_ID (18) Interface-Id Option - container."; + "OPTION_INTERFACE_ID (18) Interface-Id Option."; leaf interface-id { - type string; + type binary; description "An opaque value of arbitrary length generated by the relay agent to identify one of the relay agent's interfaces."; } } } /* * Data Nodes @@ -2567,32 +2645,30 @@ reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 19"; leaf enabled { type boolean; description "Globally enables the DHCP relay function."; } list relay-if { key if-name; description - "List of interfaces configured for DHCPv6 - relaying."; + "List of interfaces configured for DHCPv6 relaying."; leaf if-name { type if:interface-ref; description "interface-ref to the relay interface."; } leaf enabled { type boolean; description - "Enables the DHCP relay function for this - interface."; + "Enables the DHCP relay function for this interface."; } leaf-list destination-address { type inet:ipv6-address; description "Each DHCPv6 relay agent may be configured with a list of destination addresses for relayed messages. The list may include unicast addresses, multicast addresses or other valid addresses."; } leaf link-address { @@ -2602,62 +2678,73 @@ the link on which the client is located."; } container relay-options { description "Definitions for DHCPv6 options that can be sent by the relay are augmented to this location from other YANG modules as required."; uses dhc6:auth-option-group; uses interface-id-option-group; } + container statistics { + description + "DHCPv6 message counters for the relay's interface."; uses message-statistics; + } container prefix-delegation { if-feature prefix-delegation; presence "Enables prefix delegation for this interface."; description "Controls and holds state information for prefix delegation."; uses pd-lease-state; } } + container statistics { + description + "Global DHCPv6 message counters for the relay."; uses global-statistics; } + } /* * RPCs */ rpc clear-prefix-entry { nacm:default-deny-all; if-feature prefix-delegation; description "Clears an entry for an active delegated prefix from the relay."; reference "RFC8987: DHCPv6 Prefix Delegating Relay Requirements, Section 4.4"; input { leaf lease-prefix { type leafref { - path "../../dhcpv6-relay/relay-if/prefix-delegation" + + path "/dhcpv6-relay/relay-if/prefix-delegation" + "/pd-leases/ia-pd-prefix"; } mandatory true; description "IPv6 prefix of an active lease entry that will be deleted from the relay."; } } output { leaf return-message { type string; description - "Response message from the relay."; + "Response message from the server. If available, a language + identifier should be included in the message."; + reference "BCP 14 (RFC 2277) IETF Policy on Character Sets + and Languages, Section 4.2."; } } } rpc clear-client-prefixes { nacm:default-deny-all; if-feature prefix-delegation; description "Clears all active prefix entries for a single client."; reference "RFC8987: DHCPv6 Prefix Delegating Relay Requirements, @@ -2667,87 +2754,92 @@ type dhc6:duid; mandatory true; description "DUID of the client."; } } output { leaf return-message { type string; description - "Response message from the relay."; + "Response message from the server. If available, a + language identifier should be included in the message."; + reference "BCP 14 (RFC 2277) IETF Policy on Character Sets + and Languages, Section 4.2."; } } } rpc clear-interface-prefixes { nacm:default-deny-all; if-feature prefix-delegation; description "Clears all delegated prefix bindings from an interface on the relay."; reference "RFC8987: DHCPv6 Prefix Delegating Relay Requirements, Section 4.4"; input { leaf interface { type leafref { - path "../../dhcpv6-relay/relay-if/if-name"; + path "/dhcpv6-relay/relay-if/if-name"; } mandatory true; description "Reference to the relay interface that will have all active prefix delegation bindings deleted."; } } output { leaf return-message { type string; description - "Response message from the relay."; + "Response message from the server. If available, a + language identifier should be included in the message."; + reference "BCP 14 (RFC 2277) IETF Policy on Character Sets + and Languages, Section 4.2."; } } } /* * Notifications */ notification relay-event { description "DHCPv6 relay event notifications."; container topology-change { description - "Raised if the entry for an interface with DHCPv6 - related configuration or state is removed from - if:interface-refs."; + "Raised if the entry for an interface with DHCPv6 related + configuration or state is removed from if:interface-refs."; leaf relay-if-name { type leafref { - path "../../../dhcpv6-relay/relay-if/if-name"; + path "/dhcpv6-relay/relay-if/if-name"; } description "Name of the interface that has been removed."; } leaf last-ipv6-addr { type inet:ipv6-address; description "Last IPv6 address configured on the interface."; } } } } 4.4. DHCPv6 Client YANG Module This module imports typedefs from [RFC6991], [RFC8343]. - file "ietf-dhcpv6-client@2021-11-18.yang" + file "ietf-dhcpv6-client@2022-03-07.yang" module ietf-dhcpv6-client { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-dhcpv6-client"; prefix "dhc6-clnt"; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; @@ -2788,38 +2880,40 @@ "This YANG module defines components necessary for the configuration and management of DHCPv6 clients. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. - Copyright (c) 2021 IETF Trust and the persons identified as + Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself + for full legal notices."; - revision 2021-10-25 { + revision 2022-03-07 { description "Initial Revision."; reference "XXXX: YANG Data Model for DHCPv6 Configuration"; + } /* * Features */ feature non-temp-addr { description "Denotes that the client supports DHCPv6 non-temporary address allocations."; @@ -2818,119 +2912,134 @@ /* * Features */ feature non-temp-addr { description "Denotes that the client supports DHCPv6 non-temporary address allocations."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 6.2"; - - } - - feature prefix-del { - description - "Denotes that the client implements DHCPv6 prefix - delegation."; - reference "RFC 8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6), Section 6.3"; } feature temp-addr { description "Denotes that the client supports DHCPv6 temporary address allocations."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 6.5"; } + feature prefix-delegation { + description + "Denotes that the client implements DHCPv6 prefix + delegation."; + reference "RFC 8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6), Section 6.3"; + } + feature anon-profile { description - "Denotes that the client supports DHCP anonymity - profiles."; + "Denotes that the client supports DHCP anonymity profiles."; reference "RFC 7844: Anonymity Profiles for DHCP Clients"; } /* * Groupings */ grouping message-statistics { description "Counters for DHCPv6 messages."; + leaf discontinuity-time { + type yang:date-and-time; + description + "The time on the most recent occasion at which any one or + more of DHCPv6 client's counters suffered a discontinuity. + + If no such discontinuities have occurred since the last + re-initialization of the local management subsystem, then + this node contains the time the local management subsystem + re-initialized itself."; + } leaf solicit-count { - type uint32; + type yang:counter32; config "false"; description "Number of Solicit (1) messages sent."; } leaf advertise-count { - type uint32; + type yang:counter32; config "false"; description "Number of Advertise (2) messages received."; } leaf request-count { - type uint32; + type yang:counter32; config "false"; description "Number of Request (3) messages sent."; } leaf confirm-count { - type uint32; + type yang:counter32; config "false"; description "Number of Confirm (4) messages sent."; } leaf renew-count { - type uint32; + type yang:counter32; config "false"; description "Number of Renew (5) messages sent."; } leaf rebind-count { - type uint32; + type yang:counter32; config "false"; description "Number of Rebind (6) messages sent."; } leaf reply-count { - type uint32; + type yang:counter32; config "false"; description "Number of Reply (7) messages received."; } leaf release-count { - type uint32; + type yang:counter32; config "false"; description "Number of Release (8) messages sent."; } leaf decline-count { - type uint32; + type yang:counter32; config "false"; description "Number of Decline (9) messages sent."; } leaf reconfigure-count { - type uint32; + type yang:counter32; config "false"; description "Number of Reconfigure (10) messages received."; } leaf information-request-count { - type uint32; + type yang:counter32; config "false"; description - "Number of Information-request (11) messages - sent."; + "Number of Information-request (11) messages sent."; + } + leaf discarded-message-count { + type yang:counter32; + config "false"; + description + "Number of messages that have been discarded for any + reason."; } } grouping lease-state { description "Information about the active IA_NA lease."; leaf preferred-lifetime { type dhc6:timer-seconds32; description "The preferred lifetime for the leased address @@ -2962,60 +3071,62 @@ } grouping option-request-option-group { description "OPTION_ORO (6) Option Request Option. A client MUST include an Option Request option in a Solicit, Request, Renew, Rebind, or Information-request message to inform the server about options the client wants the server to send to the client."; reference "RFC 8415: Dynamic Host Configuration Protocol for - IPv6 (DHCPv6), Section 21.7"; - + IPv6 (DHCPv6), Sections 21.23, 21.24, 21.25, & 21.7"; container option-request-option { description - "OPTION_ORO (6) Option Request Option container."; + "OPTION_ORO (6) Option Request Option."; leaf-list oro-option { type uint16; description "List of options that the client is requesting, - identified by option code"; + identified by option code. This list MUST include the + code for option SOL_MAX_RT (82) when included in a + Solicit-message. If this option is being sent in an + Information-request message, then the code for option + OPTION_INFORMATION_REFRESH_TIME (32) and INF_MAX_RT (83) + MUST be included."; } } } grouping user-class-option-group { description "OPTION_USER_CLASS (15) User Class Option"; - reference "RFC 8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6), Section 21.15"; + reference "RFC 8415: Dynamic Host Configuration Protocol for + IPv6 (DHCPv6), Section 21.15"; container user-class-option { presence "Configures the option"; description - "OPTION_USER_CLASS (15) User Class Option - container."; + "OPTION_USER_CLASS (15) User Class Option."; list user-class-data-instance { key user-class-data-id; min-elements 1; description - "The user classes of which the client - is a member."; + "The user classes of which the client is a member."; leaf user-class-data-id { type uint8; description "User class data ID"; } leaf user-class-data { - type string; + type binary; description - "Opaque field representing a User Class - of which the client is a member."; + "Opaque field representing a User Class of which the + client is a member."; } } } } grouping vendor-class-option-group { description "OPTION_VENDOR_CLASS (16) Vendor Class Option"; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.16"; @@ -3012,48 +3123,46 @@ } } } } grouping vendor-class-option-group { description "OPTION_VENDOR_CLASS (16) Vendor Class Option"; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.16"; - container vendor-class-option { description - "OPTION_VENDOR_CLASS (16) Vendor Class Option - container."; + "OPTION_VENDOR_CLASS (16) Vendor Class Option."; list vendor-class-option-instances { key enterprise-number; description - "The vendor class option allows for multiple - instances in a single message. Each list entry defines - the contents of an instance of the option."; + "The vendor class option allows for multiple instances + in a single message. Each list entry defines the contents + of an instance of the option."; leaf enterprise-number { type uint32; description "The vendor's registered Enterprise Number as maintained by IANA."; } list vendor-class-data-element { key vendor-class-data-id; description "The vendor classes of which the client is a member."; leaf vendor-class-data-id { type uint8; description "Vendor class data ID"; } leaf vendor-class-data { - type string; + type binary; description "Opaque field representing a vendor class of which the client is a member."; } } } } } /* @@ -3061,25 +3170,24 @@ */ container dhcpv6-client { description "DHCPv6 client configuration and state."; leaf enabled { type boolean; default true; description "Globally enables the DHCP client function."; - } leaf client-duid { - if-feature "non-temp-addr or prefix-del " + - "or temp-addr and not anon-profile"; + if-feature "(non-temp-addr or prefix-delegation " + + "or temp-addr) and not anon-profile"; type dhc6:duid; description "A single Client DUID that will be used by all of the client's DHCPv6 enabled interfaces."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 11"; } list client-if { key if-name; description @@ -3092,22 +3200,22 @@ "Reference to the interface entry that the requested configuration is relevant to."; } leaf enabled { type boolean; default true; description "Enables the DHCP client function for this interface."; } leaf interface-duid { - if-feature "non-temp-addr or prefix-del " + - "or temp-addr and anon-profile"; + if-feature "(non-temp-addr or prefix-delegation " + + "or temp-addr) and anon-profile"; type dhc6:duid; description "Per-interface Client DUIDs for use with DHCP anonymity profiles."; reference "RFC 7844: Anonymity Profiles for DHCP Clients, Section 3"; } container client-configured-options { description "Definitions for DHCPv6 options that can be be sent by @@ -3197,43 +3304,43 @@ "Information about an active IA_TA lease."; leaf ia-ta-address { type inet:ipv6-address; description "Address that is currently leased."; } uses lease-state; } } list ia-pd { - if-feature prefix-del; + if-feature prefix-delegation; key ia-id; description "Configuration relevant for an IA_PD (Identity Association for Prefix Delegation)."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 13.3"; leaf ia-id { type uint32; description "The unique identifier for this IA_PD."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 12"; } leaf prefix-length-hint { type uint8 { range "1..128"; } - description "Prefix-length hint value included - in the messages sent to the server to indicate a - preference for the size of the prefix to be delegated."; + description + "Prefix-length hint value included in the messages sent + to the server to indicate a preference for the size of + the prefix to be delegated."; reference "RFC 8415: Dynamic Host Configuration Protocol - for IPv6 (DHCPv6), Section 18.2.1"; } container ia-pd-options { description "An augmentation point for additional options that the client will send in the IA_PD-options field of OPTION_IA_TA."; } container lease-state { config "false"; @@ -3255,35 +3362,38 @@ leaf lease-t2 { type dhc6:timer-seconds32; description "The time interval after which the client should contact any available server to extend the lifetimes of the addresses assigned to the IA_PD."; } uses lease-state; } } + container statistics { + description + "DHCPv6 message counters for the client."; uses message-statistics; } } + } /* * Notifications */ notification invalid-ia-address-detected { if-feature "non-temp-addr or temp-addr"; description - "Notification sent when an address received - in an identity association option is determined invalid. - Possible conditions include a duplicate or otherwise illegal - address."; + "Notification sent when an address received in an identity + association option is determined invalid. Possible conditions + include a duplicate or otherwise illegal address."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 18.2.10.1"; leaf ia-id { type uint32; mandatory true; description "IA-ID"; } leaf ia-na-t1-timer { type uint32; @@ -3389,67 +3497,66 @@ notification unsuccessful-status-code { description "Notification sent when the client receives a message that includes an unsuccessful Status Code option."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 21.13"; leaf server-duid { type dhc6:duid; mandatory true; description - "DUID of the server sending the unsuccessful - error code."; + "DUID of the server sending the unsuccessful error code."; } uses dhc6:status; } notification server-duid-changed { - if-feature "non-temp-addr or prefix-del or " + + if-feature "non-temp-addr or prefix-delegation or " + "temp-addr"; description - "Notification sent when the client receives a lease - from a server with different DUID to the one currently stored - by the client, e.g., in response to a Rebind message."; + "Notification sent when the client receives a lease from a + server with different DUID to the one currently stored by the + client, e.g., in response to a Rebind message."; reference "RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Section 18.2.5"; leaf new-server-duid { type dhc6:duid; mandatory true; description "DUID of the new server."; } leaf previous-server-duid { type dhc6:duid; mandatory true; description "DUID of the previous server."; } leaf lease-ia-na { if-feature non-temp-addr; type leafref { - path "../../dhcpv6-client/client-if/ia-na/ia-id"; + path "/dhcpv6-client/client-if/ia-na/ia-id"; } description "Reference to the IA_NA lease."; } leaf lease-ia-ta { if-feature temp-addr; type leafref { - path "../../dhcpv6-client/client-if/ia-ta/ia-id"; + path "/dhcpv6-client/client-if/ia-ta/ia-id"; } description "Reference to the IA_TA lease."; } leaf lease-ia-pd { - if-feature prefix-del; + if-feature prefix-delegation; type leafref { - path "../../dhcpv6-client/client-if/ia-pd/ia-id"; + path "/dhcpv6-client/client-if/ia-pd/ia-id"; } description "Reference to the IA_PD lease."; } } } 5. Security Considerations @@ -3464,93 +3571,129 @@ provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. All data nodes defined in the YANG modules which can be created, modified, and deleted (i.e., config true, which is the default) are considered sensitive. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. - As the RPCs for deleting/clearing active address and prefix entries - in the server and relay modules are particularly sensitive, these use - 'nacm:default-deny-all'. + The RPCs for deleting/clearing active address and prefix entries in + the server and relay modules are particularly sensitive. These RPCs + use 'nacm:default-deny-all'. - An attacker with read/write access the DHCPv6 server can undertake + An attacker with read/write access to the DHCPv6 server can undertake various attacks, such as: - * Denial of service attacks, based on re-configuring messages to a - rogue DHCPv6 server. + * Denial of service attacks, such as disabling the DHCP server + sevice, or removing address/prefix pool configuration. * Various attacks based on re-configuring the contents of DHCPv6 options, leading to several types of security or privacy threats. - For example, changing the address of a DNS server supplied in a - DHCP option to point to a rogue server. + These options could redirect clients to services under an + attacker's control. For example, changing the address of a DNS + server supplied in a DHCP option to point to a rogue server. + + An attacker sending DHCPv6 messages which cause the server to + generate 'invalid-client-detected' and 'decline-received' + notifications could be used as a DoS attack. Such an attack could be + mitigated by the NETCONF client unsubscribing from the affected + notifications. An attacker with read/write access the DHCPv6 relay can undertake various attacks, such as: + * Denial of service attacks, based on disabling the DHCP relay + function, or modifying the relay's "destination-address" to a non- + existant address. + * Modifying the relay's "destination-address" to send messages to a rogue DHCPv6 server. * Deleting information about a client's delegated prefix, causing a denial of service attack as traffic will no longer be routed to the client. Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. Therefore, it - is important to control read access (e.g., only permitting get, get- - config, or notifications) to these data nodes. These subtrees and - data nodes can be misused to track the activity of a host: + is important to control read access (e.g., via get, get-config, or + notification) to these data nodes. These subtrees and data nodes can + be misused to track the activity or fingerprint the device type of + the host: * Information the server holds about clients with active leases: (dhc6-srv/allocation-ranges/allocation-range/address-pools/ address-pool/active-leases) * Information the relay holds about clients with active leases: (dhc6-rly/relay-if/prefix-delegation/) + Information about a server's configured address and prefix pools may + be used by an attacker for network reconnaissance [RFC7707]. The + following subtrees and data nodes could be used for this purpose: + + * Information about client address allocation ranges: (dhc6-srv/ + allocation-ranges/allocation-range/address-pools/ address-pool/ + pool-prefix) + + * Information about client prefix allocation ranges: (dhc6-srv/ + allocation-ranges/allocation-range/prefix-pools/ prefix-pool/pool- + prefix) + + [RFC7844] describes anonymity profiles for DHCP clients. These can + be used to prevent client tracking on a visited network. Support for + this can be enabled by implementing the 'anon-profile' feature in the + client module. + [RFC7824] covers privacy considerations for DHCPv6 and is applicable here. Security considerations related to DHCPv6 are discussed in [RFC8415]. Security considerations given in [RFC7950] are also applicable here. 6. IANA Considerations - This document requests IANA to register the following URIs in the - "IETF XML Registry" [RFC3688]: + This document registers four URIs and four YANG modules. + +6.1. URI Registration + + This document requests IANA to register the following four URIs in + the "IETF XML Registry" [RFC3688]: URI: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-server Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace. URI: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-relay Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace. URI: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-client Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace. URI: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-common Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace. - This document registers the following YANG modules in the "YANG +6.2. YANG Module Name Registration + + This document registers the following four YANG modules in the "YANG Module Names" registry [RFC6020]. name: ietf-dhcpv6-server namespace: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-server prefix: dhc6-srv reference: RFC XXXX YANG Data Model for DHCPv6 Configuration + name: ietf-dhcpv6-relay namespace: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-relay prefix: dhc6-rly reference: RFC XXXX YANG Data Model for DHCPv6 Configuration name: ietf-dhcpv6-client namespace: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-client prefix: dhc6-clnt reference: RFC XXXX YANG Data Model for DHCPv6 Configuration @@ -3556,22 +3699,22 @@ name: ietf-dhcpv6-common namespace: urn:ietf:params:xml:ns:yang:ietf-dhcpv6-common prefix: dhc6 reference: RFC XXXX YANG Data Model for DHCPv6 Configuration 7. Acknowledgments The authors would like to thank Qi Sun, Lishan Li, Hao Wang, Tomek Mrugalski, Marcin Siodelski, Bernie Volz, Ted Lemon, Bing Liu, Tom - Petch, and Acee Lindem for their valuable comments and contributions - to this work. + Petch, Acee Lindem, and Benjamin Kaduk for their valuable comments + and contributions to this work. 8. Contributors The following individuals are co-authors of this document: Yong Cui Tsinghua University Beijing, 100084 P.R. China Email: cuiyong@tsinghua.edu.cn @@ -3603,20 +3746,28 @@ 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . + [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and + Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, + January 1998, . + + [RFC3118] Droms, R., Ed. and W. Arbaugh, Ed., "Authentication for + DHCP Messages", RFC 3118, DOI 10.17487/RFC3118, June 2001, + . + [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, . [RFC6355] Narten, T. and J. Johnson, "Definition of the UUID-Based DHCPv6 Unique Identifier (DUID-UUID)", RFC 6355, DOI 10.17487/RFC6355, August 2011, . [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for @@ -3675,63 +3826,85 @@ [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, . [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., Richardson, M., Jiang, S., Lemon, T., and T. Winters, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 8415, DOI 10.17487/RFC8415, November 2018, . + [RFC8987] Farrer, I., Kottapalli, N., Hunek, M., and R. Patterson, + "DHCPv6 Prefix Delegating Relay Requirements", RFC 8987, + DOI 10.17487/RFC8987, February 2021, + . + [IANA-HARDWARE-TYPES] Internet Assigned Numbers Authority, "Hardware Types", . [IANA-PEN] Internet Assigned Numbers Authority, "Private Enterprise Numbers", . + [IANA-DHCPV6-OPTION-CODES] + Internet Assigned Numbers Authority, "DHCPv6 Option + Codes", + . + + [IANA-DHCP-AUTH-NAMESPACES] + Internet Assigned Numbers Authority, "Dynamic Host + Configuration Protocol (DHCP) Authentication Option Name + Spaces", + >. + 9.2. Informative References [RFC3319] Schulzrinne, H. and B. Volz, "Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers", RFC 3319, DOI 10.17487/RFC3319, July 2003, . + [RFC7707] Gont, F. and T. Chown, "Network Reconnaissance in IPv6 + Networks", RFC 7707, DOI 10.17487/RFC7707, March 2016, + . + [RFC7824] Krishnan, S., Mrugalski, T., and S. Jiang, "Privacy Considerations for DHCPv6", RFC 7824, DOI 10.17487/RFC7824, May 2016, . - [RFC8987] Farrer, I., Kottapalli, N., Hunek, M., and R. Patterson, - "DHCPv6 Prefix Delegating Relay Requirements", RFC 8987, - DOI 10.17487/RFC8987, February 2021, - . + [I-D.ietf-netconf-tls-client-server] + Watsen, K., "YANG Groupings for TLS Clients and TLS + Servers", Work in Progress, Internet-Draft, draft-ietf- + netconf-tls-client-server-26, 14 December 2021, + . Appendix A. Data Tree Examples This section contains XML examples of data trees for the different DHCPv6 elements. A.1. DHCPv6 Server Configuration Examples The following example shows a basic configuration for a server. The configuration defines: - * Enabling the DHCP server function + * Enabling the DHCP server function. - * The server's DUID + * The server's DUID. * An option set (id=1) with configuration for the Solicit Max Retry Timeout (SOL_MAX_RT (82)) option. - * A single network range (2001:db8::/32) + * A single network range (2001:db8::/32). * A single address pool, with start and end addresses, relevant lease timers and an option-set-id of "1" referencing the option set configured above. true 000200090CC084D303000912 @@ -3797,23 +3970,23 @@ Figure 5: Server Host Reservation Configuration Example XML Snippet The following example configuration snippet shows a network range and pool to be used for delegating prefixes to clients. In this example, each client will receive a /56 prefix. - The 'max-pd-space-utilization' is set to 80 so that a 'prefix-pool- - utilization-threshold-exceeded' notification will be raised if the - number of prefix allocations exceeds this. + The 'max-pd-space-utilization' is set to 80 percent so that a + 'prefix-pool-utilization-threshold-exceeded' notification will be + raised if the number of prefix allocations exceeds this. 1 prefix-pool-example 2001:db8::/32 54000 7200 32400 @@ -3918,45 +4091,45 @@ true eth0 true 2001:db8:2::1 2001:db8:2::2 2001:db8:3::1 - EXAMPLE-INTERFACE-ID + EXAMPLEINTERFACEID01 Figure 8: Basic Relay Configuration Example XML A.3. DHCPv6 Client Configuration Example The following example shows a basic configuration for a DHCP client and its interaction with the ietf-interfaces module. The configuration shows two XML documents, one for ietf-interfaces and a second for ietf-dhcpv6-client defining: * Configuring an interface using the ietf-interfaces module that the client configuration will be applied to. - * Enabling the DHCP relay function globally and for the relevant + * Enabling the DHCP client function globally and for the relevant interface. * References the interface that the client configuration is relevant for via an inteface-ref to the ietf-interfaces module. - * Sets the client's DUID. + * Sets the DUID for the DHCPv6 enabled interface. * Configures a list of option codes that will be requested by the client in its Option Request Option (OPTION_ORO (5)). * Configures a single instance of the Vendor-specific Information Option (OPTION_VENDOR_OPTS (17)) with a single sub-option data item. * Requests a non-temporary IPv6 address (IA_NA) with an identity association interface identifier of 1. @@ -3970,24 +4143,24 @@ eth0 ianaift:ethernetCsmacd DHCPv6 Relay Interface true true - 000200090CC084D303000913 eth0 true + 000200090CC084D303000913 17 23 24 82 32473 @@ -4074,82 +4247,83 @@ Author: Linhui Sun Editor: Ian Farrer Author: Sladjana Zeichlin Author: Zihao He Author: Michal Nowikowski "; description "This YANG module contains DHCPv6 options defined in RFC 8415 that can be used by DHCPv6 servers. - Copyright (c) 2021 IETF Trust and the persons identified as + Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself + for full legal notices."; - revision 2021-10-25 { + revision 2022-03-07 { description "Initial Revision."; reference "XXXX: YANG Data Model for DHCPv6 Configuration"; } /* * Groupings */ grouping sip-server-domain-name-list-option-group { description "OPTION_SIP_SERVER_D (21) SIP Servers Domain-Name List"; reference "RFC 3319: Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers"; container sip-server-domain-name-list-option { description "OPTION_SIP_SERVER_D (21) SIP Servers Domain Name List - container."; + Option."; list sip-server { key sip-serv-id; description "SIP server information."; leaf sip-serv-id { type uint8; description - "SIP server list identifier identifier."; + "SIP server list identifier."; } leaf sip-serv-domain-name { type inet:domain-name; description "SIP server domain name."; } } } } grouping sip-server-address-list-option-group { description "OPTION_SIP_SERVER_A (22) SIP Servers IPv6 Address List"; reference "RFC 3319: Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers"; container sip-server-address-list-option { description "OPTION_SIP_SERVER_A (22) SIP Servers IPv6 Address List - container."; + Option."; list sip-server { key sip-serv-id; description "SIP server information."; leaf sip-serv-id { type uint8; description "SIP server list entry identifier."; } leaf sip-serv-addr { @@ -4198,23 +4372,31 @@ Appendix C. Example Vendor Specific Server Configuration Module This section shows how to extend the server YANG module defined in this document with vendor specific configuration nodes, e.g., configuring access to a lease storage database. The example module defines additional server attributes such as name and description. Storage for leases is configured using a lease- storage container. It allows storing leases in one of three options: - memory (memfile), MySQL and PosgreSQL. For each case, the necessary + memory (memfile), MySQL and PostgreSQL. For each case, the necessary configuration parameters are provided. + For simplicity, this example module assumes that the DHCPv6 server is + colocated with the MySQL or PostgreSQL database server and can serve + traffic securely on the localhost without additional cryptographic + protection. In a production deployment, these functions would likely + not be colocated and thus use TLS to secure the database connection + between the DHCPv6 server and database server. A YANG module for + configuring TLS is defined in [I-D.ietf-netconf-tls-client-server]. + At the end there is an augment statement which adds the vendor specific configuration defined in "dhcpv6-server-config:config" under the "/dhcpv6-server:config/dhcpv6-server:vendor-config" mount point. module example-dhcpv6-server-conf { yang-version 1.1; namespace "https://example.com/ns/" + "example-dhcpv6-server-conf"; prefix "dhc6-srv-conf"; @@ -4243,34 +4425,35 @@ Author: Zihao He Author: Michal Nowikowski "; description "This YANG module defines components for the configuration and management of vendor/implementation specific DHCPv6 server functionality. As this functionality varies greatly between different implementations, the module is provided as an example only. - Copyright (c) 2021 IETF Trust and the persons identified as + Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself + for full legal notices."; - revision 2021-10-25 { + revision 2022-03-07 { description "Initial Revision."; reference "XXXX: YANG Data Model for DHCPv6 Configuration"; } /* * Groupings */ @@ -4309,23 +4492,22 @@ description "Configures the server to listen for incoming messages on all IPv6 addresses (unicast and multicast) on all of its network interfaces."; } } case interface-list { leaf-list interfaces { type if:interface-ref; description - "List of interfaces on which the server will listen for - - incoming messages. Messages addressed to any + "List of interfaces on which the server will listen + for incoming messages. Messages addressed to any valid IPv6 address (unicast and multicast) will be received."; } } case address-list { leaf-list address-list { type inet:ipv6-address; description "List of IPv6 address(es) on which the server will listen for incoming DHCPv6 messages."; @@ -4334,26 +4516,25 @@ } leaf-list interfaces-config { type if:interface-ref; default "if:interfaces/if:interface/if:name"; description "A leaf list of interfaces on which the server should listen."; } container lease-storage { description - "Configures how the server will stores leases."; + "Configures how the server will store leases."; choice storage-type { description - "The type storage that will be used for lease + "The type of storage that will be used for lease information."; - case memfile { description "Configuration for storing leases information in a Comma-Separated Value (CSV) file."; leaf memfile-name { type string; description "Specifies the absolute location of the lease file. The format of the string follow the semantics of the relevant operating system."; @@ -4362,102 +4543,62 @@ type uint64; description "Specifies the interval in seconds, at which the server will perform a lease file cleanup (LFC)."; } } case mysql { leaf mysql-name { type string; description - "Name of the database."; - } - choice mysql-host { - description - "Define host or address for MySQL server."; - case mysql-server-hostname { - leaf mysql-hostname { - type inet:domain-name; - default "localhost"; - description - "If the database is located on a different - system to the DHCPv6 server, the domain name can - be specified."; - } - } - case mysql-server-address { - leaf mysql-address { - type inet:ip-address; - default "::"; - description - "Configure the location of the database using - an IP (v6 or v6) literal address"; - } - } + "Name of the MySQL database, running on the + localhost."; } leaf mysql-username { type string; description "User name of the account under which the server will access the database."; } leaf mysql-password { type string; description "Password of the account under which the server will access the database."; } leaf mysql-port { type inet:port-number; - default 5432; + default 3306; description "If the database is located on a different system, the port number may be specified."; } leaf mysql-lfc-interval { type uint64; description "Specifies the interval in seconds, at which the server will perform a lease file cleanup (LFC)."; } leaf mysql-connect-timeout { type uint64; description "Defines the timeout interval for connecting to the database. A longer interval can be specified if the database is remote."; } } case postgresql { - choice postgresql-host { - description - "Define host or address for postgresql server."; - case postgresql-server-hostname { - leaf postgresql-hostname { - type inet:domain-name; - default "localhost"; - description - "If the database is located on a different system - - to the DHCPv6 server, the domain name can be - specified."; - } - } - case postgresql-server-address { - leaf postgresql-address { - type inet:ip-address; - default "::"; + leaf postgresql-name { + type string; description - "Configure the location of the database using - an IP (v6 or v6) literal address"; - } - } + "Name of the PostgreSQL database, running on the + localhost."; } leaf postgresql-username { type string; description "User name of the account under which the server will access the database"; } leaf postgresql-password { type string; description @@ -4498,53 +4640,54 @@ description "Augment the server specific YANG to the ietf-dhcpv6-server module."; uses config; } } Appendix D. Example definition of class-selector configuration The module "ietf-example-dhcpv6-class-selector" provides an example - of how vendor-specific class selection configuration can be modelled + of how vendor-specific class selection configuration can be modeled and integrated with the "ietf-dhcpv6-server" module defined in this document. The example module defines "client-class-names" with associated matching rules. A client can be classified based on "client-id", "interface-id" (ingress interface of the client's messages), packet's source or destination address, relay link address, relay link interface-id and more. Actually, there are endless methods for classifying clients. So this standard does not try to provide full - specification for class selection, it only shows an example how it + specification for class selection, it only shows an example of how it could be defined. At the end of the example augment statements are used to add the defined class selector rules into the overall DHCPv6 addressing hierarchy. This is done in two main parts: * The augmented class-selector configuration in the main DHCPv6 Server configuration. * client-class leafrefs augmented to "allocation-range", "address- pool" and "pd-pool", pointing to the "client-class-name" that is required. The mechanism is as follows: class is associated to client based on - rules and then client is allowed to get address(es)/prefix(es) from + rules and then client is allowed to get address(es)/prefix(es) from a given allocation-range/pool if the class name matches. module example-dhcpv6-class-select { yang-version 1.1; namespace "https://example.com/ns/" + "example-dhcpv6-class-select"; prefix "dhc6-class-sel"; + import ietf-inet-types { prefix inet; } import ietf-interfaces { prefix if; } import ietf-dhcpv6-common { prefix dhc6; @@ -4567,50 +4710,52 @@ Author: Zihao He Author: Michal Nowikowski "; description "This YANG module defines components for the definition and configuration of the client class selector function for a DHCPv6 server. As this functionality varies greatly between different implementations, the module provided as an example only. - Copyright (c) 2021 IETF Trust and the persons identified as + Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself + for full legal notices."; - revision 2021-10-25 { + revision 2022-03-07 { description "Initial Revision."; reference "XXXX: YANG Data Model for DHCPv6 Configuration"; } /* * Groupings */ grouping client-class-id { description "Definitions of client message classification for authorization and assignment purposes."; leaf client-class-name { type string; + mandatory true; description "Unique Identifier for client class identification list entries."; } choice id-type { mandatory true; description "Definitions for different client identifier types."; case client-id-id { leaf client-id { @@ -4675,38 +4822,39 @@ leaf relay-peer-address { type inet:ipv6-prefix; mandatory true; description "Prefix of the peer-address field in the relay agent message header."; } } case relay-interface-id { description - "Client class selection based on the incoming - interface-id option."; + "Client class selection based on a received instance of + OPTION_INTERFACE_ID (18)."; leaf relay-interface { type string; description - "Reference to the interface entry for the incoming - DHCPv6 message."; + "An opaque value of arbitrary length generated by the + relay agent to identify one of the relay agent's + interfaces."; } } case user-class-option-id { description "Client class selection based on the value of the OPTION_USER_CLASS(15) and its user-class-data field."; leaf user-class-data { type string; mandatory true; description - "Value of the enterprise-number field."; + "User Class value to match."; } } case vendor-class-present-id { description "Client class selection based on the presence of OPTION_VENDOR_CLASS(16) in the received message."; leaf vendor-class-present { type boolean; mandatory true; description @@ -4718,77 +4867,60 @@ description "Client class selection based on the value of the enterprise-number field in OPTION_VENDOR_CLASS(16)."; leaf vendor-class-option-enterprise-number { type uint32; mandatory true; description "Value of the enterprise-number field."; } } - case vendor-class-option-data-id { + case vendor-class-option-data { description "Client class selection based on the value of a data field within a vendor-class-data entry for a matching enterprise-number field in OPTION_VENDOR_CLASS(16)."; container vendor-class-option-data { description "Vendor class option data container."; - leaf vendor-class-option-enterprise-number { + leaf enterprise-number { type uint32; - mandatory true; - description - "Value of the enterprise-number field for matching - the data contents."; - } - leaf vendor-class-data { - type string; - mandatory true; description - "Vendor class data to match."; - } - } + "The vendor's registered Enterprise Number as + maintained by IANA."; } - case remote-id { - description - "Client class selection based on the value of Remote-ID."; - container remote-id { - description - "Remote-id client class selector container."; - leaf vendor-class-option-enterprise-number { - type uint32; - mandatory true; + leaf vendor-class-data-id { + type uint8; description - "Value of the enterprise-number field for matching the - data contents."; + "Vendor class data ID"; } - leaf remote-id { + leaf vendor-class-data { type string; - mandatory true; description - "Remote-ID data to match."; + "Opaque field for matching the client's vendor class + data."; } } } case client-duid-id { description "Client class selection based on the value of the received client DUID."; leaf duid { type dhc6:duid; description "Client DUID."; } - } } } + } /* * Augmentations */ augment "/dhc6-srv:dhcpv6-server/dhc6-srv:class-selector" { description "Augment class selector functions to the DHCPv6 server module."; container client-classes {