--- 1/draft-ietf-ospf-yang-26.txt 2019-08-22 18:13:14.967356486 -0700 +++ 2/draft-ietf-ospf-yang-27.txt 2019-08-22 18:13:15.183361939 -0700 @@ -1,49 +1,49 @@ Internet D. Yeung Internet-Draft Arrcus Intended status: Standards Track Y. Qu -Expires: February 8, 2020 Futurewei +Expires: February 23, 2020 Futurewei J. Zhang Juniper Networks I. Chen The MITRE Corporation A. Lindem Cisco Systems - August 7, 2019 + August 22, 2019 YANG Data Model for OSPF Protocol - draft-ietf-ospf-yang-26 + draft-ietf-ospf-yang-27 Abstract This document defines a YANG data model that can be used to configure and manage OSPF. The model is based on YANG 1.1 as defined in RFC 7950 and conforms to the Network Management Datastore Architecture - (NDMA) as described in RFC 8342. + (NMDA) as described in RFC 8342. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on February 8, 2020. + This Internet-Draft will expire on February 23, 2020. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -62,44 +62,42 @@ 2.1. OSPF Operational State . . . . . . . . . . . . . . . . . 3 2.2. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. OSPFv2 and OSPFv3 . . . . . . . . . . . . . . . . . . . . 5 2.4. Optional Features . . . . . . . . . . . . . . . . . . . . 5 2.5. OSPF Router Configuration/Operational State . . . . . . . 7 2.6. OSPF Area Configuration/Operational State . . . . . . . . 10 2.7. OSPF Interface Configuration/Operational State . . . . . 16 2.8. OSPF Notifications . . . . . . . . . . . . . . . . . . . 19 2.9. OSPF RPC Operations . . . . . . . . . . . . . . . . . . . 23 3. OSPF YANG Module . . . . . . . . . . . . . . . . . . . . . . 23 - 4. Security Considerations . . . . . . . . . . . . . . . . . . . 117 - 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 119 - 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 119 - 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 119 - 7.1. Normative References . . . . . . . . . . . . . . . . . . 119 - 7.2. Informative References . . . . . . . . . . . . . . . . . 125 - Appendix A. Contributors' Addresses . . . . . . . . . . . . . . 126 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 126 + 4. Security Considerations . . . . . . . . . . . . . . . . . . . 119 + 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 120 + 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 121 + 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 121 + 7.1. Normative References . . . . . . . . . . . . . . . . . . 121 + 7.2. Informative References . . . . . . . . . . . . . . . . . 127 + Appendix A. Contributors' Addresses . . . . . . . . . . . . . . 128 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 128 1. Overview YANG [RFC6020][RFC7950] is a data definition language used to define the contents of a conceptual data store that allows networked devices - to be managed using NETCONF [RFC6241]. YANG is proving relevant - beyond its initial confines, as bindings to other interfaces (e.g., - ReST) and encodings other than XML (e.g., JSON) are being defined. - Furthermore, YANG data models can be used as the basis for - implementation of other interfaces, such as CLI and programmatic - APIs. + to be managed using NETCONF [RFC6241], RESTCONF [RFC8040], and other + Network Management protocols. Furthermore, YANG data models can be + used as the basis for implementation of other interfaces, such as CLI + and programmatic APIs. This document defines a YANG data model that can be used to configure and manage OSPF and it is an augmentation to the core routing data model. It fully conforms to the Network Management Datastore - Architecture (NDMA) [RFC8342]. A core routing data model is defined + Architecture (NMDA) [RFC8342]. A core routing data model is defined in [RFC8349], and it provides the basis for the development of data models for routing protocols. The interface data model is defined in [RFC8343] and is used for referencing interfaces from the routing protocol. The key-chain data model used for OSPF authentication is defined in [RFC8177] and provides both a reference to configured key- chains and an enumeration of cryptographic algorithms. Both OSPFv2 [RFC2328] and OSPFv3 [RFC5340] are supported. In addition to the core OSPF protocol, features described in other OSPF RFCs are also supported. These includes demand circuit [RFC1793], @@ -119,21 +117,21 @@ 1.2. Tree Diagrams This document uses the graphical representation of data models defined in [RFC8340]. 2. Design of Data Model Although the basis of OSPF configuration elements like routers, areas, and interfaces remains the same, the detailed configuration model varies among router vendors. Differences are observed in terms - of how the protocol instance is tied to the routing domain, how + of how the protocol instance is tied to the routing domain and how multiple protocol instances are be instantiated among others. The goal of this document is to define a data model that provides a common user interface to the OSPFv2 and OSPFv3 protocols. There is very little information that is designated as "mandatory", providing freedom for vendors to adapt this data model to their respective product implementations. 2.1. OSPF Operational State @@ -178,26 +176,24 @@ | | . | +--rw interfaces | +--rw interface* [name] | . | . +--rw topologies {multi-topology}? +--rw topology* [name] . . - The ospf module is intended to match to the vendor specific OSPF - configuration construct that is identified by the local identifier - 'name'. - The ospf container includes one OSPF protocol instance. The instance - includes OSPF router level configuration and operational state. + includes OSPF router level configuration and operational state. Each + OSPF instance maps to a control-plane-protcol instance as defined in + [RFC8349]. The area and area/interface containers define the OSPF configuration and operational state for OSPF areas and interfaces respectively. The topologies container defines the OSPF configuration and operational state for OSPF topologies when the multi-topology feature is supported. 2.3. OSPFv2 and OSPFv3 @@ -218,21 +214,21 @@ 1. multi-topology: Support Multi-Topology Routing (MTR) [RFC4915]. 2. multi-area-adj: Support OSPF multi-area adjacency [RFC5185]. 3. explicit-router-id: Support explicit per-instance Router-ID specification. 4. demand-circuit: Support OSPF demand circuits [RFC1793]. 5. mtu-ignore: Support disabling OSPF Database Description packet - MTU mismatch checking. + MTU mismatch checking specified in section 10.6 of [RFC2328]. 6. lls: Support OSPF link-local signaling (LLS) [RFC5613]. 7. prefix-suppression: Support OSPF prefix advertisement suppression [RFC6860]. 8. ttl-security: Support OSPF Time to Live (TTL) security check support [RFC5082]. 9. nsr: Support OSPF Non-Stop Routing (NSR). The OSPF NSR feature @@ -614,22 +610,24 @@ | | | +--:(auth-key-chain) {key-chain}? | | | | +--rw ospfv3-key-chain? | | | | key-chain:key-chain-ref | | | +--:(auth-key-explicit) | | | +--rw ospfv3-sa-id? uint16 | | | +--rw ospfv3-key? string | | | +--rw ospfv3-crypto-algorithm? | | | identityref | | +--ro cost? uint16 | | +--ro state? if-state-type - | | +--ro hello-timer? uint32 - | | +--ro wait-timer? uint32 + | | +--ro hello-timer? rt-types: + | | | rtimer-value-seconds16 + | | +--ro wait-timer? rt-types: + | | | rtimer-value-seconds16 | | +--ro dr-router-id? rt-types:router-id | | +--ro dr-ip-addr? inet:ip-address | | +--ro bdr-router-id? rt-types:router-id | | +--ro bdr-ip-addr? inet:ip-address | | +--ro statistics | | | +--ro if-event-count? yang:counter32 | | | +--ro link-scope-lsa-count? yang:gauge32 | | | +--ro link-scope-lsa-cksum-sum? | | | uint32 | | | +--ro database @@ -640,21 +638,22 @@ | | +--ro neighbors | | | +--ro neighbor* [neighbor-router-id] | | | +--ro neighbor-router-id | | | rt-types:router-id | | | +--ro address? inet:ip-address | | | +--ro dr-router-id? rt-types:router-id | | | +--ro dr-ip-addr? inet:ip-address | | | +--ro bdr-router-id? rt-types:router-id | | | +--ro bdr-ip-addr? inet:ip-address | | | +--ro state? nbr-state-type - | | | +--ro dead-timer? uint32 + | | | +--ro dead-timer? rt-types: + | | | | rtimer-value-seconds16 | | | +--ro statistics | | | +--ro nbr-event-count? | | | yang:counter32 | | | +--ro nbr-retrans-qlen? | | | yang:gauge32 | | +--ro database | | +--ro link-scope-lsa-type* [lsa-type] | | +--ro lsa-type uint16 | | +--ro link-scope-lsas . . @@ -700,22 +699,24 @@ | | | +--rw ospfv3-sa-id? uint16 | | | +--rw ospfv3-key? string | | | +--rw ospfv3-crypto-algorithm? | | | identityref | | +--rw cost? uint16 | | +--rw mtu-ignore? boolean | | {mtu-ignore}? | | +--rw prefix-suppression? boolean | | {prefix-suppression}? | | +--ro state? if-state-type - | | +--ro hello-timer? uint32 - | | +--ro wait-timer? uint32 + | | +--ro hello-timer? rt-types: + | | | rtimer-value-seconds16 + | | +--ro wait-timer? rt-types: + | | | rtimer-value-seconds16 | | +--ro dr-router-id? rt-types:router-id | | +--ro dr-ip-addr? inet:ip-address | | +--ro bdr-router-id? rt-types:router-id | | +--ro bdr-ip-addr? inet:ip-address | | +--ro statistics | | | +--ro if-event-count? yang:counter32 | | | +--ro link-scope-lsa-count? yang:gauge32 | | | +--ro link-scope-lsa-cksum-sum? | | | uint32 | | | +--ro database @@ -727,21 +728,22 @@ | | | +--ro neighbor* [neighbor-router-id] | | | +--ro neighbor-router-id | | | rt-types:router-id | | | +--ro address? inet:ip-address | | | +--ro dr-router-id? rt-types:router-id | | | +--ro dr-ip-addr? inet:ip-address | | | +--ro bdr-router-id? rt-types:router-id | | | +--ro bdr-ip-addr? inet:ip-address | | | +--ro state? nbr-state-type | | | +--ro cost? uint32 - | | | +--ro dead-timer? uint32 + | | | +--ro dead-timer? rt-types: + | | | | rtimer-value-seconds16 | | | +--ro statistics | | | +--ro nbr-event-count? | | | yang:counter32 | | | +--ro nbr-retrans-qlen? | | | yang:gauge32 | | +--ro database | | +--ro link-scope-lsa-type* [lsa-type] | | +--ro lsa-type uint16 | | +--ro link-scope-lsas . . @@ -829,22 +831,24 @@ | | +--rw ospfv3-sa-id? uint16 | | +--rw ospfv3-key? string | | +--rw ospfv3-crypto-algorithm? | | identityref | +--rw cost? uint16 | +--rw mtu-ignore? boolean | | {mtu-ignore}? | +--rw prefix-suppression? boolean | | {prefix-suppression}? | +--ro state? if-state-type - | +--ro hello-timer? uint32 - | +--ro wait-timer? uint32 + | +--ro hello-timer? rt-types: + | | rtimer-value-seconds16 + | +--ro wait-timer? rt-types: + | | rtimer-value-seconds16 | +--ro dr-router-id? rt-types:router-id | +--ro dr-ip-addr? inet:ip-address | +--ro bdr-router-id? rt-types:router-id | +--ro bdr-ip-addr? inet:ip-address | +--ro statistics | | +--ro if-event-count? yang:counter32 | | +--ro link-scope-lsa-count? yang:gauge32 | | +--ro link-scope-lsa-cksum-sum? | | uint32 | | +--ro database @@ -855,21 +859,22 @@ | +--ro neighbors | | +--ro neighbor* [neighbor-router-id] | | +--ro neighbor-router-id | | rt-types:router-id | | +--ro address? inet:ip-address | | +--ro dr-router-id? rt-types:router-id | | +--ro dr-ip-addr? inet:ip-address | | +--ro bdr-router-id? rt-types:router-id | | +--ro bdr-ip-addr? inet:ip-address | | +--ro state? nbr-state-type - | | +--ro dead-timer? uint32 + | | +--ro dead-timer? rt-types: + | | | rtimer-value-seconds16 | | +--ro statistics | | +--ro nbr-event-count? | | yang:counter32 | | +--ro nbr-retrans-qlen? | | yang:gauge32 | +--ro database | . +--ro link-scope-lsa-type* [lsa-type] | . +--ro lsa-type uint16 | . +--ro link-scope-lsas . . @@ -1082,41 +1087,41 @@ -> /rt:routing/control-plane-protocols/ control-plane-protocol/name 3. OSPF YANG Module The following RFCs and drafts are not referenced in the document text but are referenced in the ietf-ospf.yang module: [RFC0905], [RFC4576], [RFC4973], [RFC5250], [RFC5309], [RFC5642], [RFC5881], [RFC6991], [RFC7770], [RFC7884], [RFC8294], and [RFC8476]. - file "ietf-ospf@2019-08-07.yang" + file "ietf-ospf@2019-08-22.yang" module ietf-ospf { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-ospf"; prefix ospf; import ietf-inet-types { prefix "inet"; reference "RFC 6991: Common YANG Data Types"; } import ietf-yang-types { prefix "yang"; reference "RFC 6991: Common YANG Data Types"; } import ietf-interfaces { prefix "if"; reference "RFC 8343: A YANG Data Model for Interface - Management (NDMA Version)"; + Management (NMDA Version)"; } import ietf-routing-types { prefix "rt-types"; reference "RFC 8294: Common YANG Data Types for the Routing Area"; } import iana-routing-types { prefix "iana-rt-types"; @@ -1163,21 +1167,21 @@ description "This YANG module defines the generic configuration and operational state for the OSPF protocol common to all vendor implementations. It is intended that the module will be extended by vendors to define vendor-specific OSPF configuration parameters and policies, for example, route maps or route policies. This YANG model conforms to the Network Management - Datastore Architecture (NDMA) as described in RFC 8242. + Datastore Architecture (NMDA) as described in RFC 8242. Copyright (c) 2018 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). @@ -1188,21 +1192,21 @@ The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; - revision 2019-08-07 { + revision 2019-08-22 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for OSPF."; } feature multi-topology { description "Support Multiple-Topology Routing (MTR)."; reference "RFC 4915: Multi-Topology Routing"; @@ -1220,21 +1224,23 @@ feature demand-circuit { description "OSPF demand circuit support as in RFC 1793."; reference "RFC 1793: OSPF Demand Circuits"; } feature mtu-ignore { description "Disable OSPF Database Description packet MTU - mismatch checking."; + mismatch checking specified in the OSPF + protocol specification."; + reference "RFC 2328: OSPF Version 2, section 10.6"; } feature lls { description "OSPF link-local signaling (LLS) as in RFC 5613."; reference "RFC 5613: OSPF Link-Local Signaling"; } feature prefix-suppression { description @@ -1292,46 +1297,47 @@ description "Support configuration of the Traffic Engineering (TE) Router-ID, i.e., the Router Address described in Section 2.4.1 of RFC3630 or the Router IPv6 Address TLV described in Section 3 of RFC5329."; reference "RFC 3630: Traffic Engineering (TE) Extensions to OSPF Version 2 RFC 5329: Traffic Engineering (TE) Extensions to OSPF Version 3"; } + feature ldp-igp-sync { description "LDP IGP synchronization."; reference "RFC 5443: LDP IGP Synchronization"; } feature ospfv2-authentication-trailer { description - "Use OSPFv2 authentication trailer for OSPFv2 + "Support OSPFv2 authentication trailer for OSPFv2 authentication."; reference "RFC 5709: Supporting Authentication Trailer for OSPFv2 RFC 7474: Security Extension for OSPFv2 When Using Manual Key Management"; } feature ospfv3-authentication-ipsec { description - "Use IPsec for OSPFv3 authentication."; + "Support IPsec for OSPFv3 authentication."; reference "RFC 4552: Authentication/Confidentiality for OSPFv3"; } feature ospfv3-authentication-trailer { description - "Use OSPFv3 authentication trailer for OSPFv3 + "Support OSPFv3 authentication trailer for OSPFv3 authentication."; reference "RFC 7166: Supporting Authentication Trailer for OSPFv3"; } feature fast-reroute { description "Support for IP Fast Reroute (IP-FRR)."; reference "RFC 5714: IP Fast Reroute Framework"; } @@ -1772,123 +1780,127 @@ "E bit, this bit describes the way AS-external LSAs are flooded"; } identity v6-bit { base ospfv3-lsa-option; description "V6 bit, if clear, the router/link should be excluded from IPv6 routing calculation"; } + identity ospfv3-prefix-option { description "Base identity for OSPFv3 Prefix Options."; } identity nu-bit { base ospfv3-prefix-option; description - "When set, the prefix should be excluded + "NU Bit, when set, the prefix should be excluded from IPv6 unicast calculations."; } identity la-bit { base ospfv3-prefix-option; description - "When set, the prefix is actually an IPv6 interface - address of the Advertising Router."; + "LA bit, when set, the prefix is actually an IPv6 + interface address of the Advertising Router."; } identity p-bit { base ospfv3-prefix-option; description - "When set, the NSSA area prefix should be + "P bit, when set, the NSSA area prefix should be translated to an AS External LSA and advertised by the translating NSSA Border Router."; } identity dn-bit { base ospfv3-prefix-option; description - "When set, the inter-area-prefix LSA or + "DN bit, when set, the inter-area-prefix LSA or AS-external LSA prefix has been advertised as an L3VPN prefix."; } - identity ospfv2-lsa-option { description - "Baes idenity for OSPFv2 LSA option flags."; + "Base identity for OSPFv2 LSA option flags."; } identity mt-bit { base ospfv2-lsa-option; description - "When set, the router supports multi-topology as + "MT bit, When set, the router supports multi-topology as in RFC 4915."; } identity v2-dc-bit { base ospfv2-lsa-option; description - "When set, the router supports demand circuits."; + "DC bit, When set, the router supports demand circuits."; } identity v2-p-bit { base ospfv2-lsa-option; description - "Only used in type-7 LSA. When set, an NSSA + "P bit, wnly used in type-7 LSA. When set, an NSSA border router should translate the type-7 LSA to a type-5 LSA."; } identity mc-flag { base ospfv2-lsa-option; description - "When set, the router supports MOSPF."; + "MC Bit, when set, the router supports MOSPF."; } identity v2-e-flag { base ospfv2-lsa-option; description - "This bit describes the way AS-external LSAs + "E Bit, this bit describes the way AS-external LSAs are flooded."; } identity o-bit { base ospfv2-lsa-option; description - "When set, the router is opaque-capable as in + "O bit, when set, the router is opaque-capable as in RFC 5250."; } identity v2-dn-bit { base ospfv2-lsa-option; description - "When a type 3, 5 or 7 LSA is sent from a PE to a CE, - the DN bit must be set. See RFC 4576."; + "DN bit, when a type 3, 5 or 7 LSA is sent from a PE + to a CE, the DN bit must be set. See RFC 4576."; } identity ospfv2-extended-prefix-flag { description "Base identity for extended prefix TLV flag."; } identity a-flag { base ospfv2-extended-prefix-flag; description - "Attach flag."; + "Attach flag, when set it indicates that the prefix + corresponds and a route what is directly connected to + the advertising router.."; } identity node-flag { base ospfv2-extended-prefix-flag; description - "Node flag."; + "Node flag, when set, it indicates that the prefix is + used to represent the advertising node, e.g., a loopback + address."; } typedef ospf-metric { type uint32 { range "0 .. 16777215"; } description "OSPF Metric - 24-bit unsigned integer."; } @@ -2254,53 +2269,58 @@ list node-tag { leaf tag { type uint32; description "Node admin tag value."; } description "List of tags."; } } + grouping router-capabilities-tlv { description "OSPF Router Capabilities TLV grouping."; reference "RFC 7770: OSPF Router Capabilities"; container router-informational-capabilities { - leaf-list informational-capabilitiess { + leaf-list informational-capabilities { type identityref { base informational-capability; } description "Informational capability list. This list will contains the identities for the informational capabilities supported by router."; } description "OSPF Router Informational Flag Definitions."; } - list informational-capabilities { + list informational-capabilities-flags { leaf informational-flag { type uint32; description - "Informational flag."; + "Individual informational capability flag."; } description - "List of capabilities."; + "List of informational capability flags. This will + return all the 32-bit informational flags irrespective + of whether or not they are known to the device."; } list functional-capabilities { - leaf informational-flag { + leaf functional-flag { type uint32; description - "Functional flag."; + "Individual informational capability flag."; } description - "List of functional capabilities."; + "List of functional capability flags. This will + return all the 32-bit functional flags irrespective + of whether or not they are known to the device."; } } grouping dynamic-hostname-tlv { description "Dynamic Hostname TLV"; reference "RFC 5642: Dynamic Hostnames for OSPF"; leaf hostname { type string { length "1..255"; } @@ -2335,21 +2355,21 @@ type uint8; description "Maximum Segment Depth (MSD) value for the type"; } description "List of Maximum Segment Depth (MSD) tuples"; } } grouping ospf-router-lsa-bits { - container rputer-bits { + container router-bits { leaf-list rtr-lsa-bits { type identityref { base router-lsa-bit; } description "Router LSA bits list. This list will contain identities for the bits which are set in the Router-LSA bits."; } description "Router LSA Bits."; @@ -2424,28 +2443,28 @@ } container network { when "derived-from-or-self(../../header/type, " + "'ospfv2-network-lsa')" { description "Only applies to Network LSAs."; } description "Network LSA."; leaf network-mask { - type inet:ipv4-address; + type yang:dotted-quad; description "The IP address mask for the network."; } container attached-routers { description "All attached routers."; leaf-list attached-router { - type yang:dotted-quad; + type inet:ipv4-address; description "List of the routers attached to the network."; } } } container summary { when "derived-from(../../header/type, " + "'ospfv2-summary-lsa-type')" { description "Only applies to Summary LSAs."; @@ -2581,21 +2601,21 @@ description "Router address TLV."; leaf router-address { type inet:ipv4-address; description "Router address."; } } container link-tlv { - description "Describes a singel link, and it is constructed + description "Describes a single link, and it is constructed of a set of Sub-TLVs."; leaf link-type { type router-link-type; mandatory true; description "Link type."; } leaf link-id { type union { type inet:ipv4-address; type yang:dotted-quad; @@ -2808,23 +2827,24 @@ description "Forwarding address."; } leaf external-route-tag { type uint32; description "Route tag."; } leaf referenced-link-state-id { - type yang:dotted-quad; + type uint32; description "Referenced Link State ID."; + } } grouping ospfv3-lsa-body { description "OSPFv3 LSA body."; container router { when "derived-from-or-self(../../header/type, " + "'ospfv3-router-lsa')" { description "Only applies to Router LSAs."; @@ -2869,21 +2890,21 @@ description "Only applies to Network LSAs."; } description "Network LSA."; uses ospfv3-lsa-options; container attached-routers { description "All attached routers."; leaf-list attached-router { - type yang:dotted-quad; + type rt-types:router-id; description "List of the routers attached to the network."; } } } container inter-area-prefix { when "derived-from-or-self(../../header/type, " + "'ospfv3-inter-area-prefix-lsa')" { description "Only applies to Inter-Area-Prefix LSAs."; @@ -2986,21 +3006,21 @@ base ospfv3-lsa-type; } description "Referenced Link State type."; } leaf unknown-referenced-ls-type { type uint16; description "Value for an unknown Referenced Link State type."; } leaf referenced-link-state-id { - type yang:dotted-quad; + type uint32; description "Referenced Link State ID."; } leaf referenced-adv-router { type rt-types:router-id; description "Referenced Advertising Router."; } leaf num-of-prefixes { @@ -3169,21 +3189,21 @@ } grouping lsa-common { description "Common fields for OSPF LSA representation."; leaf decode-completed { type boolean; description "The OSPF LSA body was successfully decoded other than unknown TLVs. Unknown LSAs types and OSPFv2 unknown opaque LSA types are not decoded. Additionally, - malformed LSAs are generally not accepted and are + malformed LSAs are generally not accepted and will not be in the Link State Database."; } leaf raw-data { type yang:hex-string; description "The complete LSA in network byte order hexadecimal as received or originated."; } } @@ -3196,25 +3216,27 @@ "OSPFv2 or OSPFv3 LSA body."; container ospfv2 { description "OSPFv2 LSA"; uses ospfv2-lsa; } container ospfv3 { description "OSPFv3 LSA"; uses ospfv3-lsa; } } + } grouping lsa-key { description - "OSPF LSA key."; + "OSPF LSA key - the database key for each LSA of a given + type in the Link State DataBase (LSDB)."; leaf lsa-id { type union { type yang:dotted-quad; type uint32; } description "Link-State ID."; } leaf adv-router { type rt-types:router-id; @@ -3232,38 +3255,51 @@ type yang:counter32; description "The number of LSAs received."; } leaf as-scope-lsa-count { type yang:gauge32; description "The number of AS-scope LSAs."; } leaf as-scope-lsa-chksum-sum { type uint32; description - "The sum of the LSA checksums for AS-scope LSAs."; + "The module 2**32 sum of the LSA checksums + for AS-scope LSAs. The value should be treated as + unsigned when comparing two sums of checksums. While + differing checksums indicate a different combination + of LSAs, equivalent checksums don't guarantee that the + LSAs are the same given that multiple combinations of + LSAs can result in the same checksum."; } container database { description "Container for per AS-scope LSA statistics."; list as-scope-lsa-type { description "List of AS-scope LSA statistics"; leaf lsa-type { type uint16; description "AS-Scope LSA type."; } leaf lsa-count { type yang:gauge32; description "The number of LSAs of the LSA type."; } leaf lsa-cksum-sum { type uint32; description - "The sum of the LSA checksums of the LSA type."; + "The module 2**32 sum of the LSA checksums + for the LSAs of this type. The value should be + treated as unsigned when comparing two sums of + checksums. While differing checksums indicate a + different combination of LSAs, equivalent checksums + don't guarantee that the LSAs are the same given that + multiple combinations of LSAs can result in the same + checksum."; } } } uses instance-fast-reroute-state; } grouping area-stat { description "Per-area statistics."; leaf spf-runs-count { type yang:counter32; @@ -3286,80 +3322,107 @@ description "The number of NSSA translator-state changes."; } leaf area-scope-lsa-count { type yang:gauge32; description "The number of area-scope LSAs in the area."; } leaf area-scope-lsa-cksum-sum { type uint32; - description "The sum of the area-scope LSAs checksums."; + description + "The module 2**32 sum of the LSA checksums + for area-scope LSAs. The value should be treated as + unsigned when comparing two sums of checksums. While + differing checksums indicate a different combination + of LSAs, equivalent checksums don't guarantee that the + LSAs are the same given that multiple combinations of + LSAs can result in the same checksum."; } container database { description "Container for area-scope LSA type statistics."; list area-scope-lsa-type { description "List of area-scope LSA statistics"; leaf lsa-type { type uint16; description "Area-scope LSA type."; } leaf lsa-count { type yang:gauge32; description "The number of LSAs of the LSA type."; } leaf lsa-cksum-sum { type uint32; description - "The sum of the LSA checksums of the LSA type."; + "The module 2**32 sum of the LSA checksums + for the LSAs of this type. The value should be + treated as unsigned when comparing two sums of + checksums. While differing checksums indicate a + different combination of LSAs, equivalent checksums + don't guarantee that the LSAs are the same given that + multiple combinations of LSAs can result in the same + checksum."; } } } } grouping interface-stat { description "Per-interface statistics"; leaf if-event-count { type yang:counter32; description "The number of times this interface has changed its state or an error has occurred."; } leaf link-scope-lsa-count { type yang:gauge32; description "The number of link-scope LSAs."; } leaf link-scope-lsa-cksum-sum { type uint32; - description "The sum of link-scope LSA checksums."; + description + "The module 2**32 sum of the LSA checksums + for link-scope LSAs. The value should be treated as + unsigned when comparing two sums of checksums. While + differing checksums indicate a different combination + of LSAs, equivalent checksums don't guarantee that the + LSAs are the same given that multiple combinations of + LSAs can result in the same checksum."; } container database { description "Container for link-scope LSA type statistics."; list link-scope-lsa-type { description "List of link-scope LSA statistics"; leaf lsa-type { type uint16; description "Link scope LSA type."; } leaf lsa-count { type yang:gauge32; description "The number of LSAs of the LSA type."; } leaf lsa-cksum-sum { type uint32; description - "The sum of the LSA checksums of the LSA type."; + "The module 2**32 sum of the LSA checksums + for the LSAs of this type. The value should be + treated as unsigned when comparing two sums of + checksums. While differing checksums indicate a + different combination of LSAs, equivalent checksums + don't guarantee that the LSAs are the same given that + multiple combinations of LSAs can result in the same + checksum."; } } } } - grouping neighbor-stat { description "Per-neighbor statistics."; leaf nbr-event-count { type yang:counter32; description "The number of times this neighbor has changed state or an error has occurred."; } leaf nbr-retrans-qlen { type yang:gauge32; @@ -3629,31 +3687,31 @@ leaf cost { type ospf-link-metric; description "Interface cost."; } leaf mtu-ignore { if-feature mtu-ignore; type boolean; description "Enable/Disable bypassing the MTU mismatch check in - Database Description packets."; + Database Description packets specified in RFC 2328, + section 10.6."; } leaf prefix-suppression { if-feature prefix-suppression; type boolean; description "Suppress advertisement of the prefixes associated with the interface."; } } - grouping interface-common-config { description "Common configuration for all types of interfaces, including virtual links and sham links."; leaf hello-interval { type uint16; units seconds; description "Interval between hello packets (seconds). It must @@ -3654,67 +3712,69 @@ leaf hello-interval { type uint16; units seconds; description "Interval between hello packets (seconds). It must be the same for all routers on the same network. Different networks, implementations, and deployments will use different hello-intervals. A sample value for a LAN network would be 10 seconds."; + reference "RFC 2328: OSPF Version 2, Appendix C.3"; } leaf dead-interval { type uint16; units seconds; must "../dead-interval > ../hello-interval" { error-message "The dead interval must be " + "larger than the hello interval"; description - "The value MUST be greater than 'hello-interval'."; + "The value must be greater than the 'hello-interval'."; } description "Interval after which a neighbor is declared down (seconds) if hello packets are not received. It is typically 3 or 4 times the hello-interval. A typical value for LAN networks is 40 seconds."; + reference "RFC 2328: OSPF Version 2, Appendix C.3"; } leaf retransmit-interval { type uint16 { range "1..3600"; } units seconds; description "Interval between retransmitting unacknowledged Link State Advertisements (LSAs) (seconds). This should be well over the round-trip transmit delay for any two routers on the network. A sample value would be 5 seconds."; + reference "RFC 2328: OSPF Version 2, Appendix C.3"; } - leaf transmit-delay { type uint16; units seconds; description "Estimated time needed to transmit Link State Update (LSU) packets on the interface (seconds). LSAs have - their age incremented by this amount on advertised + their age incremented by this amount when advertised on the interface. A sample value would be 1 second."; + reference "RFC 2328: OSPF Version 2, Appendix C.3"; } leaf lls { if-feature lls; type boolean; description "Enable/Disable link-local signaling (LLS) support."; - } container ttl-security { if-feature ttl-security; description "Time to Live (TTL) security check."; leaf enable { type boolean; description "Enable/Disable TTL security check."; } @@ -3715,20 +3775,21 @@ description "Time to Live (TTL) security check."; leaf enable { type boolean; description "Enable/Disable TTL security check."; } leaf hops { type uint8 { range "1..254"; } + default 1; description "Maximum number of hops that an OSPF packet may have traversed before reception."; } } leaf enable { type boolean; default true; description "Enable/disable OSPF protocol on the interface."; @@ -3942,22 +4005,24 @@ proportional to the interface speed. Others will default to 1 equating the cost to a hop count." ; } leaf poll-interval { type uint16; units seconds; description "Neighbor poll interval (seconds) for sending OSPF hello packets to discover the neighbor on NBMA networks. This interval dictates the granularity for - discovery of new neighbors. A sample would be 2 minutes - for a legacy Packet Data Network (PDN) X.25 network."; + discovery of new neighbors. A sample would be + 120 seconds (2 minutes) for a legacy Packet Data + Network (PDN) X.25 network."; + reference "RFC 2328: OSPF Version 2, Appendix C.5"; } leaf priority { type uint8; description "Neighbor priority for DR election. A router with a higher priority will be preferred in the election and a value of 0 indicates the router is not eligible to become Designated Router or Backup Designated Router (BDR)."; } @@ -4062,21 +4127,21 @@ leaf hello-timer { type rt-types:timer-value-seconds16; config false; description "This timer tracks the remaining time before the next hello packet is sent on the interface."; } leaf wait-timer { - type rt-types:timer-value-seconds32; + type rt-types:timer-value-seconds16; config false; description "This timer tracks the remaining time before the interface exits the Waiting state."; } leaf dr-router-id { type rt-types:router-id; config false; description "Designated Router (DR) Router ID."; } @@ -4489,21 +4555,21 @@ leaf explicit-router-id { if-feature explicit-router-id; type rt-types:router-id; description "Defined in RFC 2328. A 32-bit number that uniquely identifies the router."; } container preference { description - "Route preference configuration In many + "Route preference configuration. In many implementations, preference is referred to as administrative distance."; reference "RFC 8349: A YANG Data Model for Routing Management (NMDA Version)"; choice scope { description "Options for expressing preference as single or multiple values."; case single-value { @@ -4847,21 +4917,24 @@ type area-id-type; description "Area ID"; } leaf type { type uint16; description "LSA type."; } leaf lsa-id { + type union { + type inet:ipv4-address; type yang:dotted-quad; + } description "Link-State ID."; } leaf adv-router { type rt-types:router-id; description "LSA advertising router."; } leaf seq-num { type uint32; description @@ -4873,21 +4946,24 @@ description "Grouping for SPF log."; container spf-log { config false; description "This container lists the SPF log."; list event { key id; description "List of SPF log entries represented - as a wrapping buffer."; + as a wrapping buffer in chronological + order with the oldest entry returned + first."; + leaf id { type uint32; description "Event identifier - Purely internal value."; } leaf spf-type { type enumeration { enum full { description "SPF computation was a Full SPF."; @@ -4942,21 +5018,22 @@ container lsa-log { config false; description "This container lists the LSA log. Local LSA modifications are also included in the list."; list event { key id; description "List of LSA log entries represented - as a wrapping buffer."; + as a wrapping buffer in chronological order + with the oldest entries returned first."; leaf id { type uint32; description "Event identifier - purely internal value."; } container lsa { description "This container describes the logged LSA."; uses lsa-identifiers; } @@ -5380,22 +5459,23 @@ grouping notification-neighbor { description "This grouping provides the neighbor information for neighbor specific notifications."; leaf neighbor-router-id { type rt-types:router-id; description "Neighbor Router ID."; } + leaf neighbor-ip-addr { - type yang:dotted-quad; + type inet:ip-address; description "Neighbor address."; } } notification if-state-change { uses notification-instance-hdr; uses notification-interface; leaf state { type if-state-type; @@ -5404,21 +5484,21 @@ description "This notification is sent when an interface state change is detected."; } notification if-config-error { uses notification-instance-hdr; uses notification-interface; leaf packet-source { - type yang:dotted-quad; + type inet:ip-address; description "Source address."; } leaf packet-type { type packet-type; description "OSPF packet type."; } leaf error { type enumeration { @@ -5473,23 +5553,24 @@ uses notification-instance-hdr; uses notification-interface; uses notification-neighbor; leaf state { type nbr-state-type; description "Neighbor state."; } description - "This notification is sent when aa neighbor + "This notification is sent when a neighbor state change is detected."; } + notification nbr-restart-helper-status-change { uses notification-instance-hdr; uses notification-interface; uses notification-neighbor; leaf status { type restart-helper-status-type; description "Restart helper status."; } @@ -5509,21 +5590,21 @@ description "This notification is sent when a neighbor restart helper status change is detected."; } notification if-rx-bad-packet { uses notification-instance-hdr; uses notification-interface; leaf packet-source { - type yang:dotted-quad; + type inet:ip-address; description "Source address."; } leaf packet-type { type packet-type; description "OSPF packet type."; } description "This notification is sent when an OSPF packet that @@ -5617,22 +5698,22 @@ 4. Security Considerations The YANG modules specified in this document define a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446]. - The NETCONF access control model [RFC8341] provides the means to - restrict access for particular NETCONF or RESTCONF users to a pre- + The NETCONF Access Control Model (NACM) [RFC8341] provides the means + to restrict access for particular NETCONF or RESTCONF users to a pre- configured subset of all available NETCONF or RESTCONF protocol operations and content. There are a number of data nodes defined in ietf-ospf.yang module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. For OSPF, the ability to modify OSPF configuration will allow the entire OSPF domain to be @@ -5649,33 +5730,33 @@ consider their topologies to be sensitive confidential data. For OSPF authentication, configuration is supported via the specification of key-chains [RFC8177] or the direct specification of key and authentication algorithm. Hence, authentication configuration using the "auth-table-trailer" case in the "authentication" container inherits the security considerations of [RFC8177]. This includes the considerations with respect to the local storage and handling of authentication keys. - Additionally, local specificationn of OSPF authentication keys and - the associated authentication algorithm is supported for legacy - implementations that do not support key-chains [RFC8177] for legacy - implementations that do not support key-chains. It is RECOMMENDED - that implementations migrate to key-chains due the seamless support - of key and algorithm rollover, as well as, the encryption of key - using the Advanced Encryption Standard (AES) Key Wrap Padding - Algorithm [RFC5649]. + Additionally, local specification of OSPF authentication keys and the + associated authentication algorithm is supported for legacy + implementations that do not support key-chains [RFC8177] It is + RECOMMENDED that implementations migrate to key-chains due the + seamless support of key and algorithm rollover, as well as, the + hexadecimal key specification affording more key entropy, and + encryption of keys using the Advanced Encryption Standard (AES) Key + Wrap Padding Algorithm [RFC5649]. Some of the RPC operations in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control access to these operations. The OSPF YANG - module support the "clear-neighbor" and "clear-database" RPCs. If + module supports the "clear-neighbor" and "clear-database" RPCs. If access to either of these is compromised, they can result in temporary network outages be employed to mount DoS attacks. 5. IANA Considerations This document registers a URI in the IETF XML registry [RFC3688]. Following the format in [RFC3688], the following registration is requested to be made: URI: urn:ietf:params:xml:ns:yang:ietf-ospf @@ -5694,20 +5775,23 @@ The authors wish to thank Yi Yang, Alexander Clemm, Gaurav Gupta, Ladislav Lhotka, Stephane Litkowski, Greg Hankins, Manish Gupta and Alan Davey for their thorough reviews and helpful comments. Thanks to Tom Petch for last call review and improvement of the document organization. Thanks to Alvaro Retana for AD comments. + Thanks to Benjamin Kaduk, Suresh Krishnan, and Roman Dannyliw for + IESG review comments. + This document was produced using Marshall Rose's xml2rfc tool. Author affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions or viewpoints expressed. MITRE has approved this document for Public Release, Distribution Unlimited, with Public Release Case Number 18-3194. 7. References