[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02

Network Working Group                                             L. Xia
Internet-Draft                                                  G. Zheng
Intended status: Standards Track                                  Huawei
Expires: December 6, 2018                                  June 04, 2018


  The Data Model of Network Infrastructure Device Data Plane Security
                                Baseline
               draft-xia-sacm-nid-dp-security-baseline-02

Abstract

   This document proposes one part of the security baseline YANG for
   network infrastructure device (i.e., router, switch, firewall, etc):
   data plane security baseline.  The companion documents [I-D.ietf-lin-
   sacm-nid-mp-security-baseline], [I- D.ietf-dong-sacm-nid-infra-
   security-baseline] cover other parts of the security baseline YANG
   for network infrastructure device respectively: management plane
   security baseline, infrastructure layer security baseline.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 6, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Xia & Zheng             Expires December 6, 2018                [Page 1]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Objective . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.2.  Security Baseline . . . . . . . . . . . . . . . . . . . .   3
     1.3.  Security Baseline Data Model Design . . . . . . . . . . .   4
     1.4.  Summary . . . . . . . . . . . . . . . . . . . . . . . . .   5
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   5
     2.1.  Key Words . . . . . . . . . . . . . . . . . . . . . . . .   5
     2.2.  Definition of Terms . . . . . . . . . . . . . . . . . . .   6
   3.  Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . . .   6
   4.  Data Model Structure  . . . . . . . . . . . . . . . . . . . .   6
     4.1.  Layer 2 protection  . . . . . . . . . . . . . . . . . . .   6
     4.2.  ARP . . . . . . . . . . . . . . . . . . . . . . . . . . .  10
     4.3.  URPF  . . . . . . . . . . . . . . . . . . . . . . . . . .  12
     4.4.  DHCP Snooping . . . . . . . . . . . . . . . . . . . . . .  13
     4.5.  CPU Protection  . . . . . . . . . . . . . . . . . . . . .  18
     4.6.  TCP/IP Attack Defence . . . . . . . . . . . . . . . . . .  21
   5.  Network Infrastructure Device Security Baseline Yang Module .  22
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  47
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  47
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  47
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  47
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .  47
     9.2.  Informative References  . . . . . . . . . . . . . . . . .  47
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  48

1.  Introduction

1.1.  Objective

   Network security is an essential part of the overall network
   deployment and operation.  Due to the following reasons, network
   infrastructure devices (e.g. switch, router, firewall) are always the
   objective and exploited by the network attackers, which bring damages
   to the victim network:

   o  The existence of a lot of unsafe access channels: for the history
      reason, some old and unsafe protocols still run in the network
      devices, like: SNMP v1/v2, Telnet, etc, and are not mandatory to
      be replaced by the according safer protocols (SNMP v3, SSH).
      Attackers easily exploit them for attack (e.g., invalid login,
      message eavesdropping);




Xia & Zheng             Expires December 6, 2018                [Page 2]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   o  The openness nature of TCP/IP network: despite the benefits of
      network architecutre design and connectivity brought by the
      network openness, a lot of threats exist at the same time.
      Spoofing address, security weakness for various protocols, traffic
      flooding, and other kinds of threat are originated from the
      network openness;

   o  The security challenge by the network complexity: network are
      becoming more complex, with massive nodes, various protocols and
      flexible topology.  Without careful design and strict management,
      as well as operation automation, the policy consistency of network
      security manangment cannot be ensured.  It's common that part of
      the network infrastructure is subject to attack;

   o  The complex functionality of device: the complexity of device
      itself increases the difficulty of carring out the security
      hardening measurements, as well as the skill requirements to the
      network administrator.  As a result, the network administrator may
      not be capable of or willing to realize all the security
      measurements, in addition to implementing the other basic
      functionalities;

   o  The capacity and capability mismatching between the data plane and
      the control plane: there are a large mismatching of the traffic
      processing capacity and capability between different planes.
      Without effective control, the large volume of traffic from the
      data plane will flooding attack the other planes easily.

   Therefore, the importance of ensuring the security of the network
   infrastructure devices is out of question.  To secure the network
   infrastructure devices, one important task is to identify as far as
   possible the threats and vulnerabilities in the device itself, such
   as: unnecessary services, insecure configurations, abnormal status,
   etc, then enforce the corresponding security hardening measurements,
   such as: update the patch, modify the security configuration, enhance
   the security mechanism, etc.  We call this task the developing and
   deploying the security baseline for the network infrastructure, which
   provides a solid foundation for the overall network security.  This
   document aims to describe the security baseline for the network
   infrastructure, which is called security baseline in short in this
   document.

1.2.  Security Baseline

   Basically, security baseline can be designed and deployed into
   different layers of the devices:





Xia & Zheng             Expires December 6, 2018                [Page 3]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   o  application layer: refers to the application platform security
      solution and the typical application security mechanisms it
      provided like: identity authentication, access control, permission
      management, encryption and decryption, auditing and tracking,
      privacy protection, to ensure secure application data
      transmission/exchange, secure storage, secure processing, ensuring
      the secure operation of the application system.  Specific examples
      may be: web application security, software integrity protection,
      encryption of sensitive data, privacy protection, and lawful
      interception interfaces and secure third-party component;

   o  network layer: refers to a series of security measures, to protect
      the network resources and network services running on the device
      network platform.  Network layer security over network product is
      complicated.  Therefore, it is divided into data plane, control
      plane, management plane to consider:

      *  data plane: focus on the security hardening configuration and
         status to protect the data plane traffic against eavesdropping,
         tampering, forging and flooding attacking the network;

      *  control plane: focus on the control signaling security of the
         network infrastructure device, to protect their normal exchange
         against various attacks (i.e., eavesdropping, tampering,
         forging and flooding attack) and restrict the malicious control
         signaling, for ensuring the correct network topology and
         forwarding behavior;

      *  management plane: focus on the management information and
         platform security.  More specific, it includes all the security
         configuration and status involved in the network OAM process;

   o  infrastructure layer: refers to all the security design about the
      device itself and its running OS.  As the foundation of the upper
      layer services, the secure infrastructure layer must be assured.
      The specific mechanisms include: OS security, key management,
      cryptography security, certificate management, software integrity.

1.3.  Security Baseline Data Model Design

   The security baseline varies according to many factors, like:
   different device types (i.e., router, switch, firewall), the
   supporting security features of device, the specific security
   requirements of network operator.  It's impossible to design a
   complete set for it, so this document and the companion ones are
   going to propose the most important and universal points of them.
   More baseline contents can be added in future following the data
   model scheme specified.



Xia & Zheng             Expires December 6, 2018                [Page 4]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   [I-D.ietf-birkholz-sacm-yang-content] defines a method of
   constructing the YANG data model scheme for the security posture
   assessment of the network infrastructure device by brokering of YANG
   push telemetry via SACM statements.  The basic steps are:

   o  use YANG push mechanism[I-D.ietf-netconf-yang-push]to collect the
      created streams of notifications (telemetry)
      [I-D.ietf-netconf-subscribed-notifications]providing SACM content
      on SACM data plane, and the filter expressions used in the context
      of YANG subscriptions constitute SACM content that is imperative
      guidance consumed by SACM components on SACM management plane;

   o  then encapsulate the above YANG push output into a SACM Content
      Element envelope, which is again encapsulated in a SACM statement
      envelope;

   o  lastly, publish the SACM statement into a SACM domain via xmpp-
      grid publisher.

   In this document, we follow the same way as [I-D.ietf-birkholz-sacm-
   yang-content] to define the YANG output for network infrastructure
   device security baseline posture based on the SACM information model
   definition [I-D.ietf-sacm-information-model].

1.4.  Summary

   The following contents propose part of the security baseline YANG
   output for network infrastructure device: data plane security
   baseline.  The companion documents [I-D.ietf- dong-sacm-nid-cp-
   security-baseline], [I-D.ietf-lin-sacm-nid-mp-security-baseline], [I-
   D.ietf-xia-sacm-nid-app-infr-layers-security-baseline] cover other
   parts of the security baseline YANG output for network infrastructure
   device respectively: control plane security baseline, management
   plane security baseline, application layer and infrastructure layer
   security baseline.

2.  Terminology

2.1.  Key Words

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].








Xia & Zheng             Expires December 6, 2018                [Page 5]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


2.2.  Definition of Terms

   This document uses the terms defined in [I-D.draft-ietf-sacm-
   terminology].

3.  Tree Diagrams

   A simplified graphical representation of the data model is used in
   this document.  The meaning of the symbols in these diagrams is as
   follows:

   o  Brackets "[" and "]" enclose list keys.

   o  Abbreviations before data node names: "rw" means configuration
      (read-write) and "ro" state data (read-only).

   o  Symbols after data node names: "?" means an optional node and "*"
      denotes a "list" and "leaf-list".

   o  Parentheses enclose choice and case nodes, and case nodes are also
      marked with a colon (":").

   o  Ellipsis ("...") stands for contents of subtrees that are not
      shown.

4.  Data Model Structure

   As the network infrastructure device, it makes decision of the
   forwarding path based on the IP/MAC address and sends the packet in
   data plane.The NP or ASIC are the main components for the data plane
   functions.

   This section describes the key data plane security baseline of the
   network infrastructure devices, and defines their specific data
   models.

4.1.  Layer 2 protection

   Mac table is the key resource in terms of layer 2 forwarding, also
   easily attacked by learning massive invalid mac address.  The mac
   limit function is to protect the mac table by limiting the maximum
   number of learned mac address in appointed interfaces.  The mac
   address is not learned and the packet is discarded when the up-limit
   is reached, and the alarm is created possibly.

   If the broadcast traffic is not suppressed in layer 2 network (i.e.,
   Ethernet), a great amount of network bandwidth is consumed by a great
   deal of broadcast traffic.  The network performance is degraded, even



Xia & Zheng             Expires December 6, 2018                [Page 6]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   interrupting the communication.In such a case, configuring the
   broadcast traffic suppression on the device to ensure some bandwidth
   can be reserved for unicast traffic forwarding when broadcast traffic
   bursts across the network.It's flexible to configure the device to
   suppress broadcast, multicast, and unknown unicast traffic on an
   interface, a specified interface in a VLAN, a sub-interface, and over
   a virtual switch instance (VSI) pseudo wire (PW).

module: ietf-mac-limit
    +--rw mac
       +--rw mac-limit-rules
       |  +--rw mac-limit-rule* [rule-name]
       |     +--rw rule-name    string
       |     +--rw maximum      uint32
       |     +--rw rate?        uint16
       |     +--rw action?      mac-limit-forward
       |     +--rw alarm?       mac-enable-status
       +--rw vlan-mac-limits
       |  +--rw vlan-mac-limit* [vlan-id]
       |     +--rw vlan-id    mac-vlan-id
       |     +--rw maximum    uint32
       |     +--rw rate?      uint16
       |     +--rw action?    mac-limit-forward
       |     +--rw alarm?     mac-enable-status
       +--rw vsi-mac-limits
       |  +--rw vsi-mac-limit* [vsi-name]
       |     +--rw vsi-name          string
       |     +--rw maximum           uint32
       |     +--rw rate?             uint16
       |     +--rw action?           mac-limit-forward
       |     +--rw alarm?            mac-enable-status
       |     +--rw up-threshold      uint8
       |     +--rw down-threshold    uint8
       +--rw bd-mac-limits
       |  +--rw bd-mac-limit* [bd-id]
       |     +--rw bd-id       uint32
       |     +--rw maximum    uint32
       |     +--rw rate?      uint16
       |     +--rw action?    mac-limit-forward
       |     +--rw alarm?     mac-enable-status
       +--rw pw-mac-limits
       |  +--rw pw-mac-limit* [vsi-name pw-name]
       |     +--rw vsi-name    string
       |     +--rw pw-name     string
       |     +--rw maximum     uint32
       |     +--rw rate?       uint16
       |     +--rw action?     mac-limit-forward
       |     +--rw alarm?      mac-enable-status



Xia & Zheng             Expires December 6, 2018                [Page 7]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


       +--rw if-mac-limits
       |  +--rw if-mac-limit* [if-name limit-type]
       |     +--rw if-name       string
       |     +--rw limit-type    limit-type
       |     +--rw rule-name?    -> /mac/mac-limit-rules/mac-limit-rule/rule-name
       |     +--rw maximum       uint32
       |     +--rw rate?         uint16
       |     +--rw action?       mac-limit-forward
       |     +--rw alarm?        mac-enable-status
       +--rw if-vlan-mac-limits
       |  +--ro if-vlan-mac-limit* [if-name vlan-begin limit-type]
       |     +--ro if-name       string
       |     +--ro vlan-begin    mac-vlan-id
       |     +--ro vlan-end?     mac-vlan-id
       |     +--ro limit-type    limit-type
       |     +--ro rule-name?    -> /mac/mac-limit-rules/mac-limit-rule/rule-name
       |     +--ro maximum       uint32
       |     +--ro rate          uint16
       |     +--ro action?       mac-limit-forward
       |     +--ro alarm?        mac-enable-status
       +--rw subif-mac-limits
       |  +--rw subif-mac-limit* [if-name limit-type]
       |     +--rw if-name       string
       |     +--rw limit-type    limit-type
       |     +--ro vsi-name      string
       |     +--rw rule-name     string
       |     +--rw maximum       uint32
       |     +--rw rate?         uint16
       |     +--rw action?       mac-limit-forward
       |     +--rw alarm?        mac-enable-status
       +--rw vsi-storm-supps
       |  +--rw vsi-storm-supp* [vsi-name suppress-type]
       |     +--rw vsi-name         string
       |     +--rw suppress-type    suppress-type
       |     +--rw cir?             uint64
       |     +--rw cbs?             uint64
       +--rw vlan-storm-supps
       |  +--rw vlan-storm-supp* [vlan-id suppress-type]
       |     +--rw vlan-id          mac-vlan-id
       |     +--rw suppress-type    suppress-type
       |     +--rw cir?             uint64
       |     +--rw cbs?             uint64
       +--rw sub-if-suppresss
       |  +--rw sub-if-suppress* [if-name suppress-type direction]
       |     +--rw if-name          string
       |     +--rw suppress-type    suppress-type
       |     +--rw direction        direction-type
       |     +--rw cir?             uint64



Xia & Zheng             Expires December 6, 2018                [Page 8]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


       |     +--rw cbs?             uint64
       +--rw pw-suppresss
       |  +--rw pw-suppress* [vsi-name pw-name suppress-type]
       |     +--rw vsi-name         string
       |     +--rw pw-name          string
       |     +--rw suppress-type    suppress-type
       |     +--rw cir?             uint64
       |     +--rw cbs?             uint64
       +--rw vsi-in-suppressions
       |  +--rw vsi-in-suppression* [vsi-name]
       |     +--rw vsi-name        string
       |     +--rw inbound-supp?   mac-enable-status
       +--rw vsi-out-suppressions
       |  +--rw vsi-out-suppression* [vsi-name]
       |     +--rw vsi-name          string
       |     +--rw out-bound-supp?   mac-enable-status
       +--rw vsi-suppresss
       |  +--rw vsi-suppress* [sub-if-name]
       |     +--rw vsi-name             string
       |     +--rw sub-if-name          string
       |     +--rw is-enable?           boolean
       |     +--rw suppress-type?       suppress-style
       |     +--rw broadcast?           uint32
       |     +--rw broadcast-percent?   uint32
       |     +--rw unicast?             uint32
       |     +--rw unicast-percent?     uint32
       |     +--rw multicast?           uint32
       |     +--rw multicast-percent?   uint32
       +--rw vsi-total-numbers
       |  +--ro vsi-total-number* [vsi-name slot-id mac-type]
       |     +--ro vsi-name    string
       |     +--ro slot-id     string
       |     +--ro mac-type    mac-type
       |     +--ro number      uint32
       +--rw if-storm-supps
       |  +--rw if-storm-supp* [if-name suppress-type]
       |     +--rw if-name          string
       |     +--rw suppress-type    suppress-type
       |     +--rw percent?         uint64
       |     +--rw packets?         uint64
       |     +--rw cir?             uint64
       |     +--rw cbs?             uint64
       +--rw if-storm-blocks
       |  +--rw if-storm-block* [if-name block-type direction]
       |     +--rw if-name       string
       |     +--rw block-type    suppress-type
       |     +--rw direction     direction-type
       +--rw if-storm-contrls



Xia & Zheng             Expires December 6, 2018                [Page 9]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          +--rw if-storm-contrl* [if-name]
             +--rw if-name                        string
             +--rw action?                        storm-ctrl-action-type
             +--rw trap-enable?                   enable-type
             +--rw log-enable?                    enable-type
             +--rw interval?                      uint64
             +--rw if-packet-contrl-attributes
             |  +--rw if-packet-contrl-attribute* [packet-type]
             |     +--rw packet-type    storm-ctrl-type
             |     +--rw rate-type?     storm-ctrl-rate-type
             |     +--rw min-rate       uint32
             |     +--rw max-rate       uint64
             +--rw ifstorm-contrl-infos
                +--ro ifstorm-contrl-info* [packet-type]
                   +--ro packet-type         storm-ctrl-type
                   +--ro punish-status?      storm-ctrl-action-type
                   +--ro last-punish-time?   string

4.2.  ARP

   ARP security is set of functions to protect the ARP protocol and
   networks against malicious attacks so that the network communication
   keeps stable and important user information is protected, which
   mainly includes:

      ARP anti-spoofing functions: protect devices against spoofing ARP
      attack packets, improving the security and reliability of network
      communication.

      ARP anti-flooding functions: relieve CPU load and prevent the ARP
      table overflow, ensuring normal network operation.




















Xia & Zheng             Expires December 6, 2018               [Page 10]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


module: ietf-arp-sec
    +--ro arp-sec
       +--ro arp-interf aces
       |  +--rw arp-interface* [if-name]
       |     +--rw if-name                   -> /if:interfaces/if:interface/if:name
       |     +--rw arp-learn-disable?         boolean  //arp-learning-control
       |     +--rw arp-learn-strict?          arp-strict-learn  //arp-learning-control
       |     +--rw fake-expire-time?          uint32   //arp-fake-expire-time?
       |     +--rw dst-mac-check?             boolean  //validate
       |     +--rw src-mac-check?             boolean  //validate
       +--rw sec-arp-grats
       |  +--rw sec-arp-grat* [if-name]
       |     +--rw if-name    -> /if:interfaces/if:interface/if:name
       +--rw sec-arp-chk-ip-ens
       |  +--rw sec-arp-chk-ip-en* [if-name]
       |     +--rw if-name    -> /if:interfaces/if:interface/if:name
       +--rw sec-arp-mac-ills
       |  +--rw sec-arp-mac-ill* [if-name]
       |     +--rw if-name    -> /if:interfaces/if:interface/if:name
       +--rw sec-arp-req-no-blks
       |  +--rw sec-arp-req-no-blk* [if-name]
       |     +--rw if-name    -> /if:interfaces/if:interface/if:name
       +--ro sec-dis-arp-chks
       |  +--ro sec-dis-arp-chk* [sec-slot-id sec-chk-type]
       |     +--ro sec-slot-id        -> /devm:devm/lpu-boards/lpu-board/position
       |     +--ro sec-chk-type       cpudefend-arp-attack-type
       |     +--ro sec-total-pkts?    uint64
       |     +--ro sec-passed-pkts?   uint64
       |     +--ro sec-droped-pkts?   uint64
       +--ro arp-if-limits //arp-table-limit
       |  +--rw arp-if-limit* [if-name vlan-id]
       |     +--rw if-name        -> /if:interfaces/if:interface/if:name
       |     +--rw vlan-id        uint16
       |     +--rw limit-num      uint32
       |     +--ro learned-num?   uint32
       +--ro arp-speed-limits  // arp-speed-limit
       |  +--rw arp-speed-limit* [slot-id suppress-type ip-type]
       |     +--rw slot-id           string
       |     +--rw suppress-type     enumeration
       |     +--rw ip-type           enumeration
       |     +--rw suppress-value    uint32
       +--ro arp-global-speed-limits  // arp-speed-limit
          +--rw arp-gspeed-limit* [g-suppress-type g-ip-type]
             +--rw g-suppress-type     arp-supp-type
             +--rw g-ip-type           arp-supp-ip-type
             +--rw g-port-type?        enumeration
             +--rw g-suppress-value    uint32




Xia & Zheng             Expires December 6, 2018               [Page 11]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


4.3.  URPF

   Unicast Reverse Path Forwarding (URPF) is a technology used to defend
   against network attacks based on source address spoofing.  Generally,
   upon receiving a packet, a router first obtains the destination IP
   address of the packet and then searches the forwarding table for a
   route to the destination address.  If the router finds such a route,
   it forwards the packet; otherwise, it discards the packet.  A URPF-
   enabled router, however, obtains the source IP address of a received
   packet and searches for a route to the source address.  If the router
   fails to find the route, it considers that the source address is a
   forged one and discards the packet.  In this manner, URPF can
   effectively protect against malicious attacks that are launched by
   changing the source addresses of packets.

   URPF can be performed in strict or loose mode.  The strict mode
   checks both the existence of source address in the route table and
   the interface consistency, while loose mode only checks if the source
   address is in the route table.  In some case, the router may have
   only one default route to the router of the ISP.  Therefore, matching
   the default route entry needs to be supported.

   URPF can be performed over interface, defined flow and traffic sent
   to local CPU.

   module: ietf-urpf-sec
       +--ro urpf-sec
          +--rw interface-urpf* [ifname]
          |     +--rw ifname           if:interface-ref
          |     +--rw mode?            enumeration
          |     +--rw allow-default?   boolean
         augment "/policy:policies/policy:policy-entry" +
          |     "/policy:classifier-entry" +
          |     "/policy:classifier-action-entry-cfg":
          +--rw (action-cfg-params)?
          |  +--:(urpf)
          |     +--rw urpf-cfg
          |        +--rw check-type?   urpf-check-type
          |        +--rw allow-default?   Boolean
          +--rw local-URPF
             +--rw cpu-defend-policy* [name]
             +--rw name          string
             +--description?        string
             +-- urpf-mode         enumeration
             +--allow-default    boolean
             +--slot-id          unit16





Xia & Zheng             Expires December 6, 2018               [Page 12]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


        Identity urpf  {
          base policy:action-type;
          description
            " urpf action type";
        }

   grouping urpf {
          container urpf-cfg {
            leaf check-type {
              type urpf-check-type;
              description
                "urpf checking";
            }
   leaf allow-default{
   type qos-switch-flag;
   description    " allow-default  flag";
   }
            description
              "urpf container";
          }
          description
            "dscp marking grouping";
        }



   augment "/policy:policies" +
                "/policy:policy-entry" +
                "/policy:classifier-entry" +
                "/policy:classifier-action-entry-cfg" +
                "/diffserv:action-cfg-params" {
   case urpf {
              uses sec-ac:urpf;
            description
              "urpf action";
          }
   }


4.4.  DHCP Snooping

   DHCP, which is widely used on networks, dynamically assigns IP
   addresses to clients and manages configuration information in a
   centralized manner.  During DHCP packet forwarding, some attacks may
   occur, such as bogus DHCP server attacks, DHCP exhaustion attacks,
   denial of service (DoS) attacks, and DHCP flooding attacks.





Xia & Zheng             Expires December 6, 2018               [Page 13]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   DHCP snooping is a DHCP security feature that functions in a similar
   way to a firewall between DHCP clients and servers.  A DHCP-snooping-
   capable device intercepts DHCP packets and uses information carried
   in the packets to create a DHCP snooping binding table.  This table
   records hosts' MAC addresses, IP addresses, IP address lease time,
   VLAN, and interface information.  The device uses this table to check
   the validity of received DHCP packets.  If a DHCP packet does not
   match any entry in this table, the device discards the packet.

   Besides the binding table, DHCP snooping has other security features
   such as trusted interface, max dhcp user limit and whitelist to
   defend against the bogus DHCP server, DHCP flooding and other fine-
   grained DHCP attacks.

module: ietf-dhcp-sec
    +--rw dhcp
       +--rw snooping
          +--rw dhcp-snp-global
          |  +--rw dhcp-snp-enable?                   boolean
          |  +--rw server-detect-enable?              boolean
          |  +--rw dhcp-snp-user-bind-auto-save-enable?   boolean
          |  +--rw dhcp-snp-user-bind-file-name?         string
          |  +--rw global-check-rate-enable?           boolean
          |  +--rw dhcp-snp-global-rate?               uint16
          |  +--rw check-rate-alarm-enable?            boolean
          |  +--rw rate-threshold?                   uint16
          |  +--rw alarm-threshold?                  uint16
          |  +--ro rate-limit-packet-count?            uint32
          |  +--rw dhcp-snp-user-offline-remove-mac?     boolean
          |  +--rw dhcp-snp-arp-detect-enable?          boolean
          |  +--rw dhcp-snp-global-max-user?            uint16
          |  +--rw dhcp-snp-user-transfer-enable?       boolean
          +--rw dhcp-snp-vlans
          |  +--rw dhcp-snp-vlan* [vlan-id]
          |     +--rw vlan-id                     uint16
          |     +--rw dhcp-snp-enable              boolean
          |     +--rw check-rate-enable            boolean
          |     +--rw dhcp-snp-vlan-rate            uint32
          |     +--rw dhcp-snp-vlan-trust-enable     boolean
          |     +--rw check-arp-enable             boolean
          |     +--rw alarm-arp-enable             boolean
          |     +--rw alarm-arp-threshold          uint16
          |     +--rw check-ip-enable              boolean
          |     +--rw alarm-ip-enable              boolean
          |     +--rw alarm-ip-threshold           uint16
          |     +--rw alarm-reply-enable           boolean
          |     +--rw alarm-reply-threshold        uint16
          |     +--rw check-mac-enable             boolean



Xia & Zheng             Expires December 6, 2018               [Page 14]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          |     +--rw alarm-mac-enable             boolean
          |     +--rw alarm-mac-threshold          uint16
          |     +--rw check-user-bind-enable        boolean
          |     +--rw alarm-user-bind-enable        boolean
          |     +--rw alarm-user-bind-threshold     uint16
          |     +--rw dhcp-snp-vlan-max-user-num      uint16
          |     +--rw alarm-user-limit-enable       boolean
          |     +--rw alarm-user-limit-threshold    uint16
          |     +--rw dhcp-snp-vlan-statistics
          |        +--ro drop-arp-pkt-cnt?              uint32
          |        +--ro drop-ip-pkt-cnt?               uint32
          |        +--ro drop-dhcp-req-cnt-by-bind-tbl?    uint32
          |        +--ro drop-dhcp-req-cnt-by-mac-check?   uint32
          |        +--ro drop-dhcp-reply-cnt?           uint32
          +--rw vlan-trust-interfaces
          |  +--rw vlan-trust-interface* [vlan-id if-name]
          |     +--rw vlan-id    uint16
          |     +--rw if-name    pub-type:if-name
          +--rw dhcp-snp-interfaces
          |  +--rw dhcp-snp-interface* [if-name]
          |     +--rw if-name                          pub-type:if-name
          |     +--rw dhcp-snp-enable                   boolean
          |     +--rw dhcp-snp-if-disable                boolean
          |     +--rw dhcp-snp-if-trust-enable            boolean
          |     +--rw dhcp-snp-if-rate                   uint16
          |     +--rw check-rate-enable                 boolean
          |     +--rw alarm-rate-enable                 boolean
          |     +--rw alarm-rate-threshold              uint16
          |     +--rw check-arp-enable                  boolean
          |     +--rw alarm-arp-enable                  boolean
          |     +--rw alarm-arp-threshold               uint16
          |     +--rw check-ip-enable                   boolean
          |     +--rw alarm-ip-enable                   boolean
          |     +--rw alarm-ip-threshold                uint16
          |     +--rw alarm-reply-enable                boolean
          |     +--rw alarm-reply-threshold             uint16
          |     +--rw check-mac-enable                  boolean
          |     +--rw alarm-mac-enable                  boolean
          |     +--rw alarm-mac-threshold               uint16
          |     +--rw check-user-bind-enable             boolean
          |     +--rw alarm-user-bind-enable             boolean
          |     +--rw alarm-user-bind-threshold          uint16
          |     +--rw dhcp-snp-intf-max-user-num           uint32
          |     +--rw alarm-user-limit-enable            boolean
          |     +--rw alarm-user-limit-threshold         uint16
          |     +--rw dhcp-snp-interf-sticky-mac-enable    boolean
          |     +--rw dhcp-snp-if-statistics
          |        +--ro drop-arp-pkt-cnt?              uint32



Xia & Zheng             Expires December 6, 2018               [Page 15]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          |        +--ro drop-ip-pkt-cnt?               uint32
          |        +--ro pkt-cnt-drop-by-user-bind?       uint32
          |        +--ro pkt-cnt-drop-by-mac?            uint32
          |        +--ro pkt-cnt-drop-by-untrust-reply?   uint32
          |        +--ro pkt-cnt-drop-by-rate?           uint32
          +--rw dhcp-snp-dyn-bind-tbls
          |  +--ro dhcp-snp-dyn-bind-tbl* [ip-address outer-vlan inner-vlan vsi-name vpn-name bridge-domain]
          |     +--ro ip-address       pub-type:ipv4address
          |     +--ro outer-vlan       uint16
          |     +--ro inner-vlan       uint16
          |     +--ro vsi-name         string
          |     +--ro vpn-name         string
          |     +--ro bridge-domain    uint32
          |     +--ro mac-address?     pub-type:mac-address
          |     +--ro if-name?         pub-type:if-name
          |     +--ro lease?          yang:date-and-time
          +--rw dhcp-snp-vlan-ifs
          |  +--rw dhcp-snp-vlan-if* [vlan-id if-name]
          |     +--rw vlan-id                     uint16
          |     +--rw if-name                     pub-type:if-name
          |     +--rw dhcp-snp-enable              boolean
          |     +--rw trust-flag                  boolean
          |     +--rw check-arp-enable             boolean
          |     +--rw alarm-arp-enable             boolean
          |     +--rw alarm-arp-threshold          uint32
          |     +--rw check-ip-enable              boolean
          |     +--rw alarm-ip-enable              boolean
          |     +--rw alarm-ip-threshold           uint32
          |     +--rw alarm-reply-enable           boolean
          |     +--rw alarm-reply-threshold        uint32
          |     +--rw check-chaddr-enable          boolean
          |     +--rw alarm-chaddr-enable          boolean
          |     +--rw alarm-chaddr-threshold       uint32
          |     +--rw check-req-enable             boolean
          |     +--rw alarm-req-enable             boolean
          |     +--rw alarm-req-threshold          uint32
          |     +--rw dhcp-snp-vlan-if-max-user-num    uint32
          |     +--rw alarm-user-limit-enable       boolean
          |     +--rw alarm-user-limit-threshold    uint32
          |     +--rw dhcp-snp-vlan-if-statistics
          |        +--ro drop-arp-pkt-cnt?              uint32
          |        +--ro drop-ip-pkt-cnt?               uint32
          |        +--ro drop-dhcp-req-cnt-by-bind-tbl?    uint32
          |        +--ro drop-dhcp-req-cnt-by-mac-check?   uint32
          |        +--ro drop-dhcp-reply-cnt?           uint32
          +--rw if-static-bind-tbls
          |  +--rw if-static-bind-tbl* [if-name ip-address vlan-id ce-vlan-id]
          |     +--rw if-name        pub-type:if-name



Xia & Zheng             Expires December 6, 2018               [Page 16]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          |     +--rw ip-address     pub-type:ip-address
          |     +--rw vlan-id        uint16
          |     +--rw ce-vlan-id      uint16
          |     +--rw mac-address?   pub-type:mac-address
          +--rw vlan-static-bind-tbls
          |  +--rw vlan-static-bind-tbl* [vlan-id ip-address ce-vlan-id]
          |     +--rw vlan-id        uint16
          |     +--rw ip-address     pub-type:ip-address
          |     +--rw ce-vlan-id      uint16
          |     +--rw mac-address?   pub-type:mac-address
          |     +--rw if-name?       pub-type:if-name
          +--rw dhcp-snp-bds
          |  +--rw dhcp-snp-bd* [bd-id]
          |     +--rw bd-id                       uint32
          |     +--rw dhcp-snp-enable?             boolean
          |     +--rw dhcp-snp-trust?              boolean
          |     +--rw check-arp-enable?            boolean
          |     +--rw alarm-arp-enable?            boolean
          |     +--rw alarm-arp-threshold?         uint32
          |     +--rw check-ip-enable?             boolean
          |     +--rw alarm-ip-enable?             boolean
          |     +--rw alarm-ip-threshold?          uint32
          |     +--rw alarm-reply-enable?          boolean
          |     +--rw alarm-reply-threshold?       uint32
          |     +--rw check-mac-enable?            boolean
          |     +--rw alarm-mac-enable?            boolean
          |     +--rw alarm-mac-threshold?         uint32
          |     +--rw check-request-enable?        boolean
          |     +--rw alarm-request-enable?        boolean
          |     +--rw alarm-request-threshold?     uint32
          |     +--rw max-user-num?                uint32
          |     +--rw alarm-user-limit-enable?      boolean
          |     +--rw alarm-user-limit-threshold?   uint32
          |     +--rw statistics
          |        +--ro drop-arp-pkt-cnt?              uint32
          |        +--ro drop-ip-pkt-cnt?               uint32
          |        +--ro drop-dhcp-req-cnt-by-bind-tbl?    uint32
          |        +--ro drop-dhcp-req-cnt-by-mac-check?   uint32
          |        +--ro drop-dhcp-reply-cnt?           uint32
          +--rw bd-static-bind-tbls
          |  +--rw global-bd-static-bind-tbl* [bd-id ip-address pe-vlan ce-vlan]
          |     +--rw bd-id          uint32
          |     +--rw ip-address     pub-type:ipv4address
          |     +--rw mac-address?   pub-type:mac-address
          |     +--rw pe-vlan        uint16
          |     +--rw ce-vlan        uint16
           +--rw dhcp-snp-white-lists
             +--rw dhcp-snp-white-list* [wht-lst-name]



Xia & Zheng             Expires December 6, 2018               [Page 17]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


                +--rw wht-lst-name           string
                +--rw apply-flag            boolean
                +--rw dhcp-snp-white-rules
                   +--rw dhcp-snp-white-rule* [rule-id]
                      +--rw rule-id     uint16
                      +--rw src-ip?     inet:ipv4-address-no-zone
                      +--rw src-mask?   inet:ipv4-address-no-zone
                      +--rw dst-ip?     inet:ipv4-address-no-zone
                      +--rw dst-mask?   inet:ipv4-address-no-zone
                      +--rw src-port?   dhcp-snp-port
                      +--rw dst-port?   dhcp-snp-port

4.5.  CPU Protection

   For the network device, there are maybe a large number of packets to
   be sent to its CPU, or malicious packets attempt to attack the device
   CPU.  If the CPU receives excessive packets, it will be overloaded
   and support the normal services with very poor performance; In
   extreme cases, the system fails.

   More specifically, services are negatively affected when the CPU is
   attacked because of the following reasons:

   o  Valid protocol packets are not distinguished from invalid protocol
      packets.  The CPU is busy in processing a large number of invalid
      protocol packets.  Consequently, the CPU usage rises sharply and
      valid packets cannot be processed properly

   o  Packets of some protocols are sent to the CPU through the same
      channel.  When excessive packets of a certain type of protocol
      packet block the channel, the transmission of other protocol
      packets is affected

   o  The bandwidth of a channel is not set appropriately.  When an
      attack occurs, processing of protocol packets on other channels is
      affected

   Accordingly, the following countermeasures can be taken by the
   network device for CPU protection:

   o  Collect and classify protocols related to various services running
      on equipment

   o  Use ACLs to filter the packets.  Valid protocol packets are put
      into the whitelist and a user-defined flow, other packets are put
      into the blacklist





Xia & Zheng             Expires December 6, 2018               [Page 18]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   o  Plan the priorities, channel bandwidth, length of packets, and
      alarm function of the preceding three lists

   o  Disable services that are not deployed on the equipment, and
      control the total forwarding bandwidth

   In this manner, the number of packets sent to the CPU is under
   control, and the bandwidth is ensured preferentially for services
   with higher priorities.  In addition, CPU overload is prevented and
   an alarm is generated when an attack occurs.

module: ietf-cpu-defend
    +--rw cpu-defend
       +--rw cpu-defend-policys
       |  +--rw cpu-defend-policy* [policy-id]
       |     +--rw policy-id        uint32
       |     +--rw description?    string
       |     +--rw white-list-acl-number?   uint32
       |     +--rw black-list-acl-number?   uint32
       |     +--rw user-defined-flows
       |     |  +--rw user-defined-flow* [flow-id]
       |     |     +--rw flow-id   uint32
       |     |     +--rw acl-number      uint32
       |     +--rw cpu-defend-rules
       |        +--rw cpu-defend-rule* [rule-type pkt-index user-defined-flow-id protocol-name tcp-ip-name]
       |           +--rw rule-type           cpu-defend-rule-type  // [total-packet | whitelist | blacklist | use-defined-flow | protocol-name | tcp-ip-type]
       |           +--rw pkt-index?          uint16
       |           +--rw user-defined-flow-id? uint32
       |           +--rw protocol-name?      protocol-type // [ftp-server | ssh-server | snmp | ... | na]
       |           +--rw tcp-ip-name?         tcp-iptype // [tcpsyn | fragment | na]
       |           +--rw CARAttr
       |           |  +--rw cir?        uint32
       |           |  +--rw cbs?        uint32
       |           |  +--rw pir?        uint32
       |           |  +--rw pbs?        uint32
       |           |  +--rw min-pkt-len?      uint32
       |           |  +--rw pkt-rate?        uint32
       |           |  +--rw weight?         uint16
       |           +--rw priority?          priority-enum //{ high | middle | low | be | af1 | af2 | af3 | af4 | ef | cs6 }
       |           +--rw alarm-drop-rate
       |              +--rw enable          boolean
       |              +--rw threshold?      uint32
       |              +--rw interval?       uint16
       |              +--rw speed-threshold? uint32
       +--rw cpu-defend-policy-cfgs
       |  +--rw cpu-defend-policy-cfg* [slot-id-str]
       |     +--rw slot-id-str    -> /devm:devm/lpu-boards/lpu-board/position
       |     +--rw policy-id     -> /cpudefend/cpu-defend-policys/cpu-defend-policy/policy-id



Xia & Zheng             Expires December 6, 2018               [Page 19]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


       +--ro display-cars-confs
       |  +--ro display-cars-conf* [slot-id pkt-index]
       |     +--ro slot-id       string
       |     +--ro pkt-index     uint16
       |     +--ro cir?         uint32
       |     +--ro cbs?         uint32
       |     +--ro min-pkt?      uint32
       |     +--ro priority?    priority-enum
       |     +--ro desc?        protocol-type
       +--ro protocol-stats
       |  +--ro protocol-stat* [slot-id]
       |     +--ro slot-id             string
       |     +--ro protocol-enable     protocol-type //{ftp-server | ssh-server | snmp | ...}
       |     +--ro default-act         protocol-enable-def-action  // {drop | min_to_cpu}
       |     +--ro default-cir         uint32
       |     +--ro default-cbs         uint32
       +--ro secnoncarstats
       |  +--ro secnoncarstat* [sec-slot-id sec-policy-type sec-policy-type-id]
       |     +--ro sec-slot-id          string
       |     +--ro sec-policy-type      cpudefend-no-car-policy-type
       |     +--ro sec-policy-type-id    cpudefend-sec-stat-type-id
       |     +--ro sec-sub-total-pkts?   uint64
       |     +--ro sec-sub-pass-pkts?    uint64
       |     +--ro sec-sub-drop-pkts?    uint64
       +--ro seccarstats
       |  +--ro seccarstat* [sec-slot-id sec-policy-type sec-policy-type-id]
       |     +--ro sec-slot-id          string
       |     +--ro sec-policy-type      cpudefend-policy-type
       |     +--ro sec-policy-type-id    uint32
       |     +--ro sec-app-enable?      boolean
       |     +--ro sec-app-def-act?      cpudefend-app-def-action
       |     +--ro sec-proto-enable?    boolean
       |     +--ro sec-passed-pkts?     uint64
       |     +--ro sec-droped-pkts?     uint64
       |     +--ro sec-cfg-cir?         uint32
       |     +--ro sec-cfg-cbs?         uint32
       |     +--ro sec-actual-cir?      uint32
       |     +--ro sec-actual-cbs?      uint32
       |     +--ro sec-priority?       cpudefend-priority
       |     +--ro sec-min-pkt-len?      uint32
       |     +--ro sec-acl-deny-pkts?    uint64
       |     +--ro sec-hist-pps?        uint64
       |     +--ro sec-hist-pps-time?    yang:date-and-time
       |     +--ro sec-last-pps?        uint64
       |     +--ro sec-last-drp-btime?   yang:date-and-time
       |     +--ro sec-last-drp-etime?   yang:date-and-time
       |     +--ro sec-ttl-drop-pkts?    uint64
       +--ro total-pkt-stats



Xia & Zheng             Expires December 6, 2018               [Page 20]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


       |  +--ro total-pkt-stat* [slot-id]
       |     +--ro slot-id        string
       |     +--ro total-pkt?     uint64
       |     +--ro pass-pkt?      uint64
       |     +--ro drop-pkt?      uint64
       +--rw hostcar-nodes
       |  +--rw hostcar-node* [slot-id host-car-type]
       |     +--rw slot-id         -> /devm:devm/lpu-boards/lpu-board/position
       |     +--rw host-car-type    host-car-type-enum  // {hostcar | http-hostcar | vlan-host-car}
       |     +--rw if-enable?      soc-if-enable
       |     +--rw cir?           uint32
       |     +--rw pir?           uint32
       |     +--rw cbs?           uint32
       |     +--rw pbs?           uint32
       |     +--rw drop-threshold?   uint32
       |     +--rw interval?        uint32
       +--ro host-car-stats
       |  +--ro host-car-stat* [slot-id host-car-type stat-type host-car-id http-host-car-id vlan-host-car-id]
       |     +--ro slot-id           -> /devm:devm/lpu-boards/lpu-board/position
       |     +--ro host-car-type      host-car-type-enum
       |     +--ro stat-type         stat-type-enum // {car-id | all | auto-adjust | dropped | non-dropped | active}
       |     +--ro host-car-id        uint32
       |     +--ro http-host-car-id    uint32
       |     +--ro vlan-host-car-id    uint32
       |     +--ro passed-bytes?     uint64
       |     +--ro dropped-bytes?    uint64
       +--ro host-car-cfgs
          +--ro host-car-cfg* [slot-id]
             +--ro slot-id       string
             +--ro host-car-type?    host-car-type-enum
             +--ro default-cir?     uint32
             +--ro default-pir?     uint32
             +--ro default-cbs?     uint32
             +--ro default-pbs?     uint32
             +--ro actual-cir?      uint32
             +--ro actual-pir?      uint32
             +--ro actual-cbs?      uint32
             +--ro actual-pbs?      uint32
             +--ro droprate-en?     if-enable
             +--ro log-interval?    uint32
             +--ro log-threshold?   uint32


4.6.  TCP/IP Attack Defence

   Defense against TCP/IP attacks is applied to the router on the edge
   of the network or other routers that are easily to be attacked by
   illegal TCP/IP packets.  Defense against TCP/IP attacks can protect



Xia & Zheng             Expires December 6, 2018               [Page 21]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   the CPU of the router against malformed packets, fragmented packets,
   TCP SYN packets, and UDP packets, ensuring that normal services can
   be processed.

   module: ietf-tcp-ip-attack-defence
   +--rw sec-anti-attack-enable
          |  +--rw anti-enable?        anti-attack-enable-cfg-type
          |  +--rw abnormal-enable?    anti-attack-enable-cfg-type
          |  +--rw udp-flood-enable?    anti-attack-enable-cfg-type
          |  +--rw tcp-syn-enable?      anti-attack-enable-cfg-type
          |  +--rw icmp-flood-enable?   anti-attack-enable-cfg-type
          |  +--rw fragment-enable?    anti-attack-enable-cfg-type
          +--rw sec-anti-attack-car-cfg
          |  +--rw cir-flag?   uint32
          |  +--rw cir-icmp?   uint32
          |  +--rw cir-tcp?    uint32
          +--rw sec-anti-attack-stats
          |  +--ro sec-anti-attack-stat* [attack-type]
          |     +--ro attack-type    anti-attack-type
          |     +--ro total-count?   uint64
          |     +--ro drop-count?    uint64
          |     +--ro pass-count?    uint64

5.  Network Infrastructure Device Security Baseline Yang Module

   <CODE BEGINS> file "ietf-mac-limit@2018-06-04.yang"



  module ietf-mac-limit {
  namespace "urn:ietf:params:xml:ns:yang:ietf-mac-limit";
  prefix mac-limit;
  organization
    "IETF SACM Working Group";
  contact
    "Liang Xia: Frank.xialiang@huawei.com;
    Guangying Zheng: Zhengguangying@huawei.com";
  description
    "MAC address limit.";

  revision 2018-06-04 {
    description
      "Init revision";
    reference "xxx.";
  }

  /*
   * Typedefs



Xia & Zheng             Expires December 6, 2018               [Page 22]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   */
  typedef mac-limit-forward {
    type enumeration {
      enum "forward" {
        description
          "Forward.";
      }
      enum "discard" {
        description
          "Discard.";
      }
    }
    description
      "MAC Limit Forward";
  }
  typedef mac-enable-status {
    type enumeration {
      enum "enable" {
        description
          "Enable.";
      }
      enum "disable" {
        description
          "Disable.";
      }
    }
    description
      "MAC Enable Status";
  }
  typedef mac-vlan-id {
    type uint16 {
      range "1..4094";
    }
    description
      "MAC Vlan Id";
  }
  typedef mac-type {
    type enumeration {
      enum "static" {
        description
          "Static MAC address entry.";
      }
      enum "dynamic" {
        description
          "Dynamic MAC address entry.";
      }
      enum "black-hole" {
        description



Xia & Zheng             Expires December 6, 2018               [Page 23]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          "Blackhole MAC address entry";
      }
      enum "sticky" {
        description
          "sticky MAC address entry";
      }
      enum "security" {
        description
          "security MAC address entry";
      }
      enum "evn" {
        description
          "EVN MAC address entry.";
      }
      enum "mux" {
        description
          "MUX MAC address entry.";
      }
      enum "snooping" {
        description
          "SNOOPING MAC address entry.";
      }
      enum "tunnel" {
        description
          "TUNNEL MAC address entry.";
      }
      enum "authen" {
        description
          "AUTHEN MAC address entry.";
      }
    }
    description
      "MAC Type";
  }
  typedef suppress-type {
    type enumeration {
      enum "broadcast" {
        description
          "Broadcast.";
      }
      enum "multicast" {
        description
          "Multicast.";
      }
      enum "unknown-unicast" {
        description
          "Unknown unicast.";
      }



Xia & Zheng             Expires December 6, 2018               [Page 24]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


      enum "unicast" {
        description
          "Unicast.";
      }
    }
    description
      "Suppress Type";
  }
  typedef limit-type {
    type enumeration {
      enum "-mac-limit" {
        description
          "Interface MAC rule limit.";
      }
      enum "mac-apply" {
        description
          "Interface MAC rule application.";
      }
    }
    description
      "Limit Type";
  }

  typedef mac-pw-encap-type {
    type enumeration {
      enum "ethernet" {
        description
          "Ethernet.";
      }
      enum "vlan" {
        description
          "VLAN.";
      }
    }
    description
      "MAC PW Encapsulation Type";
  }

  typedef suppress-style {
    type enumeration {
      enum "percent" {
        description
          "Percent.";
      }
      enum "absolute-value" {
        description
          "Absolute value.";
      }



Xia & Zheng             Expires December 6, 2018               [Page 25]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


    }
    description
      "Suppress Style";
  }

  typedef direction-type {
    type enumeration {
      enum "inbound" {
        description
          "Inbound.";
      }
      enum "outbound" {
        description
          "Outbound.";
      }
    }
    description
      "Direction Type";
  }

  typedef storm-ctrl-action-type {
    type enumeration {
      enum "normal" {
        description
          "Normal.";
      }
      enum "error-down" {
        description
          "Error down.";
      }
      enum "block" {
        description
          "Block.";
      }
      enum "suppress" {
        description
          "Suppress";
      }
    }
    description
      "Storm Ctrl Action Type";
  }

  typedef enable-type {
    type enumeration {
      enum "disable" {
        description
          "Disable.";



Xia & Zheng             Expires December 6, 2018               [Page 26]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


      }
      enum "enable" {
        description
          "Enable.";
      }
    }
    description
      "Enable Type";
  }

  typedef storm-ctrl-type {
    type enumeration {
      enum "broadcast" {
        description
          "Broadcast.";
      }
      enum "multicast" {
        description
          "Multicast.";
      }
      enum "unicast" {
        description
          "Unicast.";
      }
      enum "unknown-unicast" {
        description
          "Unknown unicast.";
      }
    }
    description
      "Storm Ctrl Type";
  }

  typedef storm-ctrl-rate-type {
    type enumeration {
      enum "pps" {
        description
          "Packets per second.";
      }
      enum "percent" {
        description
          "Percent.";
      }
      enum "kbps" {
        description
          "Kilo bits per second.";
      }
    }



Xia & Zheng             Expires December 6, 2018               [Page 27]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


    description
      "Storm Ctrl Rate Type";
  }




  container mac {
    description
      "MAC address forwarding. ";
    container mac-limit-rules {
      description
        "Global MAC address learning limit rule.";
      list mac-limit-rule {
        key "rule-name";
        description
          "Global MAC address learning limit.";
        leaf rule-name {
          type string {
            length "1..31";
          }
          description
            "Global MAC address learning limit rule name.";
        }
        leaf maximum {
          type uint32 {
            range "0..131072";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned.";
        }
        leaf action {
          type mac-limit-forward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number.";
        }
        leaf alarm {
          type mac-enable-status;



Xia & Zheng             Expires December 6, 2018               [Page 28]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number.";
        }
      }
    }
    container vlan-mac-limits {
      description
        "VLAN MAC address limit list.";
      list vlan-mac-limit {
        key "vlan-id";
        description
          "VLAN MAC address limit.";
        leaf vlan-id {
          type mac-vlan-id;
          description
            "VLAN ID.";
        }
        leaf maximum {
          type uint32 {
            range "0..130048";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned in a VLAN.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned in a VLAN.";
        }
        leaf action {
          type mac-limit-forward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number in a VLAN.";
        }
        leaf alarm {
          type mac-enable-status;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number in a VLAN.";
        }
      }
    }



Xia & Zheng             Expires December 6, 2018               [Page 29]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


    container vsi-mac-limits {
      description
        "VSI MAC address limit list.";
      list vsi-mac-limit {
        key "vsi-name";
        description
          "VSI MAC address limit.";
        leaf vsi-name {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf maximum {
          type uint32 {
            range "0..524288";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned in a VSI.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned in a VSI.";
        }
        leaf action {
          type mac-limit-forward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number in a VSI.";
        }
        leaf alarm {
          type mac-enable-status;
          default "disable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number in a VSI.";
        }
        leaf up-threshold {
          type uint8 {
            range "80..100";
          }
          mandatory true;
          description



Xia & Zheng             Expires December 6, 2018               [Page 30]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


            "Upper limit for the number of MAC addresses.";
        }
        leaf down-threshold {
          type uint8 {
            range "60..100";
          }
          mandatory true;
          description
            "Upper limit for the number of MAC addresses.";
        }
      }
    }
    container bd-mac-limits {
      description
        "BD MAC address limit list.";
      list bd-mac-limit {
        key "bd-id";
        description
          "BD MAC address limit.";
        leaf bd-id {
          type uint32 {
            range "1..16777215";
          }
          description
            "Specifies the ID of a bridge domain.";
        }
        leaf maximum {
          type uint32 {
            range "0..130048";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned in a BD.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned in a BD.";
        }
        leaf action {
          type mac-limit-forward;
          default "discard";

          description
            "Forward or discard the packet.";



Xia & Zheng             Expires December 6, 2018               [Page 31]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


        }
        leaf alarm {
          type mac-enable-status;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number.";
        }
      }
    }
    container pw-mac-limits {
      description
        "PW MAC address limit list.";
      list pw-mac-limit {
        key "vsi-name pw-name";
        description
          "PW MAC address limit.";
        leaf vsi-name {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf pw-name {
          type string {
            length "1..15";
          }
          description
            "PW name.";
        }
        leaf maximum {
          type uint32 {
            range "0..130048";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned in a PW.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned in a PW.";
        }
        leaf action {
          type mac-limit-forward;



Xia & Zheng             Expires December 6, 2018               [Page 32]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number in a PW.";
        }
        leaf alarm {
          type mac-enable-status;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number in a PW.";
        }
      }
    }
    container if-mac-limits {
      description
        "Interface MAC address limit list.";
      list if-mac-limit {
        key "if-name limit-type";
        description
          "Interface MAC address limit.";
        leaf if-name {
          type string;
          description
            "Interface name.";
        }
        leaf limit-type {
          type limit-type;
          description
            "Interface MAC limit type.";
        }
        leaf rule-name {
          type leafref {
            path "/mac/mac-limit-rules/mac-limit-rule/rule-name";
          }
          description
            "Rule name.";
        }
        leaf maximum {
          type uint32 {
            range "0..131072";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned on an interface.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }



Xia & Zheng             Expires December 6, 2018               [Page 33]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          default "0";
          description
            "Interval (ms) at which MAC addresses are learned on an interface.";
        }
        leaf action {
          type mac-limit-forward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number on an interface";
        }
        leaf alarm {
          type mac-enable-status;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number on an interface.";
        }
      }
    }
    container if-vlan-mac-limits {
      description
        "Interface + VLAN MAC address limit list.";
      list if-vlan-mac-limit {
        key "if-name vlan-begin limit-type";
        config false;
        description
          "Interface + VLAN MAC address limit.";
        leaf if-name {
          type string;
          description
            "-name of an interface. ";
        }
        leaf vlan-begin {
          type mac-vlan-id;
          description
            "Start VLAN ID.";
        }
        leaf vlan-end {
          type mac-vlan-id;
          description
            "End VLAN ID.";
        }
        leaf limit-type {
          type limit-type;
          description
            "Interface MAC limit type.";
        }
        leaf rule-name {
          type leafref {



Xia & Zheng             Expires December 6, 2018               [Page 34]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


            path "/mac/mac-limit-rules/mac-limit-rule/rule-name";
          }
          description
            "Rule name.";
        }
        leaf maximum {
          type uint32 {
            range "0..131072";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned on an interface.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          mandatory true;
          description
            "Interval (ms) at which MAC addresses are learned on an interface.";
        }
        leaf action {
          type mac-limit-forward;
          default "discard";
          description
            "Discard or forward the packet.";
        }
        leaf alarm {
          type mac-enable-status;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number.";
        }
      }
    }
    container subif-mac-limits {
      description
        "Sub-interface MAC address limit list.";
      list subif-mac-limit {
        key "if-name limit-type";
        description
          "Sub-interface MAC address limit.";
        leaf if-name {
          type string;
          description
            "-name of a sub-interface. ";
        }
        leaf limit-type {



Xia & Zheng             Expires December 6, 2018               [Page 35]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          type limit-type;
          description
            "Sub-interface MAC limit type.";
        }
        leaf vsi-name {
          type string {
            length "1..36";
          }
          config false;
          mandatory true;
          description
            "VSI name , EVPN name or bridge domain ID.";
        }
        leaf rule-name {
          type string {
            length "1..31";
          }
          mandatory true;
          description
            "Rule name.";
        }
        leaf maximum {
          type uint32 {
            range "0..131072";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned on a sub-interface.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval (ms) at which MAC addresses are learned on a sub-interface.";
        }
        leaf action {
          type mac-limit-forward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number on a sub-interface.";
        }
        leaf alarm {
          type mac-enable-status;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number on a sub-interface.";



Xia & Zheng             Expires December 6, 2018               [Page 36]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


        }
      }
    }
    container vsi-storm-supps {
      description
        "VSI Suppression List.";
      list vsi-storm-supp {
        key "vsi-name suppress-type";
        description
          "VSI Suppression.";
        leaf vsi-name {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf suppress-type {
          type suppress-type;
          description
            "Traffic suppression type.";
        }
        leaf cir {
          type uint64 {
            range "0..4294967295";
          }
          default "0";
          description
            "CIR value.";
        }
        leaf cbs {
          type uint64 {
            range "0..4294967295";
          }
          description
            "CBS value.";
        }
      }
    }
    container vlan-storm-supps {
      description
        "VLAN Suppression List.";
      list vlan-storm-supp {
        key "vlan-id suppress-type";
        description
          "VLAN Suppression.";
        leaf vlan-id {
          type mac-vlan-id;



Xia & Zheng             Expires December 6, 2018               [Page 37]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          description
            "VLAN ID.";
        }
        leaf suppress-type {
          type suppress-type;
          description
            "Traffic suppression type.";
        }
        leaf cir {
          type uint64 {
            range "64..4294967295";
          }
          default "64";
          description
            "CIR value.";
        }
        leaf cbs {
          type uint64 {
            range "10000..4294967295";
          }
          description
            "CBS value.";
        }
      }
    }
    container sub-if-suppresss {
      description
        "Sub-interface traffic suppression list.";
      list sub-if-suppress {
        key "if-name suppress-type direction";
        description
          "Sub-Interface traffic suppression.";
        leaf if-name {
          type string;
          description
            "Sub-interface name.";
        }
        leaf suppress-type {
          type suppress-type;
          description
            "Suppression type.";
        }
        leaf direction {
          type direction-type;
          description
            "Suppression direction.";
        }
        leaf cir {



Xia & Zheng             Expires December 6, 2018               [Page 38]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          type uint64 {
            range "0..4294967295";
          }
          default "0";
          description
            "CIR value.";
        }
        leaf cbs {
          type uint64 {
            range "0..4294967295";
          }
          description
            "CBS value.";
        }
      }
    }
    container pw-suppresss {
      description
        "PW traffic suppress list.";
      list pw-suppress {
        key "vsi-name pw-name suppress-type";
        description
          "PW traffic suppression.";
        leaf vsi-name {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf pw-name {
          type string {
            length "1..15";
          }
          description
            "PW name.";
        }
        leaf suppress-type {
          type suppress-type;
          description
            "Traffic suppression type.";
        }
        leaf cir {
          type uint64 {
            range "100..4294967295";
          }
          default "100";
          description



Xia & Zheng             Expires December 6, 2018               [Page 39]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


            "CIR value.";
        }
        leaf cbs {
          type uint64 {
            range "100..4294967295";
          }
          description
            "CBS value.";
        }
      }
    }

    container vsi-in-suppressions {
      description
        "VSI inbound traffic suppression list.";
      list vsi-in-suppression {
        key "vsi-name";
        description
          "VSI inbound traffic suppression.";
        leaf vsi-name {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf inbound-supp {
          type mac-enable-status;
          default "enable";
          description
            "Inbound suppression.";
        }
      }
    }
    container vsi-out-suppressions {
      description
        "VSI outbound traffic suppression list.";
      list vsi-out-suppression {
        key "vsi-name";
        description
          "VSI outbound traffic suppression.";
        leaf vsi-name {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }



Xia & Zheng             Expires December 6, 2018               [Page 40]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


        leaf out-bound-supp {
          type mac-enable-status;
          default "enable";
          description
            "Outbound suppression.";
        }
      }
    }
    container vsi-suppresss {
      description
        "VSI traffic suppression list.";
      list vsi-suppress {
        key "sub-if-name";
        description
          "VSI traffic suppression.";
        leaf vsi-name {
          type string {
            length "1..31";
          }
          mandatory true;
          description
            "VSI name.";
        }

        leaf sub-if-name {
          type string;
          description
            "Sub-interface name.";
        }
        leaf is-enable {
          type boolean;
          default "true";
          description
            "Enable status.";
        }
        leaf suppress-type {
          type suppress-style;
          default "percent";
          description
            "Traffic suppression type.";
        }
        leaf broadcast {
          type uint32 {
            range "0..200000000";
          }
          default "64";
          description
            "Broadcast suppression (kbit/s)";



Xia & Zheng             Expires December 6, 2018               [Page 41]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


        }
        leaf broadcast-percent {
          type uint32 {
            range "0..100";
          }
          default "1";
          description
            "Broadcast suppression.";
        }
        leaf unicast {
          type uint32 {
            range "0..200000000";
          }
          default "64";
          description
            "Unknown unicast suppression (kbit/s).";
        }
        leaf unicast-percent {
          type uint32 {
            range "0..100";
          }
          default "1";
          description
            "Unknown unicast suppression.";

        }
        leaf multicast {
          type uint32 {
            range "0..200000000";
          }
          default "64";
          description
            "Multicast suppression (kbit/s).";
        }
        leaf multicast-percent {
          type uint32 {
            range "0..100";
          }
          default "1";
          description
            "Multicast suppression.";
        }
      }
    }
    container vsi-total-numbers {
      description
        "List of MAC address total numbers in a VSI.";
      list vsi-total-number {



Xia & Zheng             Expires December 6, 2018               [Page 42]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


        key "vsi-name slot-id mac-type";
        config false;
        description
          "Total number of MAC addresses in a VSI.";
        leaf vsi-name {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf slot-id {
          type string {
            length "1..24";
          }
          description
            "Slot ID.";
        }
        leaf mac-type {
          type mac-type;
          description
            "MAC address type.";
        }
        leaf number {
          type uint32;
          mandatory true;
          description
            "Number of MAC addresses.";
        }
      }
    }
    container if-storm-supps {
      description
        "Interface traffic suppression list.";
      list if-storm-supp {
        key "if-name suppress-type";
        description
          "Interface traffic suppression.";
        leaf if-name {
          type string;
          description
            "-name of an interface. ";
        }
        leaf suppress-type {
          type suppress-type;
          description
            "Suppression type.";
        }



Xia & Zheng             Expires December 6, 2018               [Page 43]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


        leaf percent {
          type uint64 {
            range "0..99";
          }
          description
            "Percent.";
        }
        leaf packets {
          type uint64 {
            range "0..148810000";
          }
          description
            "Packets per second.";
        }
        leaf cir {
          type uint64 {
            range "0..100000000";
          }
          description
            "CIR(Kbit/s).";
        }
        leaf cbs {
          type uint64 {
            range "10000..4294967295";
          }
          description
            "CBS(Bytes).";
        }
      }
    }
    container if-storm-blocks {
      description
        "Interface traffic block list.";
      list if-storm-block {
        key "if-name block-type direction";
        description
          "Interface traffic suppression.";
        leaf if-name {
          type string;
          description
            "-name of an interface. ";
        }
        leaf block-type {
          type suppress-type;
          description
            "Block type.";
        }
        leaf direction {



Xia & Zheng             Expires December 6, 2018               [Page 44]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          type direction-type;
          description
            "Direction.";
        }
      }
    }
    container if-storm-contrls {
      description
        "Interface storm control list.";
      list if-storm-contrl {
        key "if-name";
        description
          "Interface storm control.";
        leaf if-name {
          type string;
          description
            "-name of an interface. ";
        }
        leaf action {
          type storm-ctrl-action-type;
          default "normal";
          description
            "Action type.";
        }
        leaf trap-enable {

          type enable-type;
          default "disable";
          description
            "Trap state.";
        }
        leaf log-enable {
          type enable-type;
          default "disable";
          description
            "Log state.";
        }
        leaf interval {
          type uint64 {
            range "1..180";
          }
          default "5";
          description
            "Detect interval.";
        }
        container if-packet-contrl-attributes {
          description
            "Storm control rate list.";



Xia & Zheng             Expires December 6, 2018               [Page 45]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


          list if-packet-contrl-attribute {
            key "packet-type";
            description
              "Storm control rate.";
            leaf packet-type {
              type storm-ctrl-type;
              description
                "Packet type.";
            }
            leaf rate-type {
              type storm-ctrl-rate-type;
              default "pps";
              description
                "Storm control rate type.";
            }
            leaf min-rate {
              type uint32 {
                range "1..148810000";
              }
              mandatory true;
              description
                "Storm control min rate.";
            }
            leaf max-rate {
              type uint64 {
                range "1..148810000";
              }
              mandatory true;
              description
                "Storm control max rate.";
            }
          }
        }
        container ifstorm-contrl-infos {
          description
            "Storm control info list.";
          list ifstorm-contrl-info {
            key "packet-type";
            config false;
            description
              "Storm control info";
            leaf packet-type {
              type storm-ctrl-type;
              description
                "Packet type.";
            }
            leaf punish-status {
              type storm-ctrl-action-type;



Xia & Zheng             Expires December 6, 2018               [Page 46]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


              description
                "Storm control status.";
            }
            leaf last-punish-time {
              type string {
                length "1..50";
              }
              description
                "Last punish time.";
            }
          }
        }
      }
    }
  }
}


   <CODE ENDS>

6.  IANA Considerations

   This document makes no request of IANA.

   Note to RFC Editor: this section may be removed on publication as an
   RFC.

7.  Security Considerations

   To be added.

8.  Acknowledgements

9.  References

9.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

9.2.  Informative References








Xia & Zheng             Expires December 6, 2018               [Page 47]


Internet-DraNetwork Infrastructure Device Data Plane Security  June 2018


   [I-D.ietf-netconf-subscribed-notifications]
              Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and
              A. Tripathy, "Customized Subscriptions to a Publisher's
              Event Streams", draft-ietf-netconf-subscribed-
              notifications-12 (work in progress), April 2018.

   [I-D.ietf-netconf-yang-push]
              Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen-
              Nygaard, E., Bierman, A., and B. Lengyel, "YANG Datastore
              Subscription", draft-ietf-netconf-yang-push-16 (work in
              progress), May 2018.

   [I-D.ietf-sacm-information-model]
              Waltermire, D., Watson, K., Kahn, C., Lorenzin, L., Cokus,
              M., Haynes, D., and H. Birkholz, "SACM Information Model",
              draft-ietf-sacm-information-model-10 (work in progress),
              April 2017.

Authors' Addresses

   Liang Xia
   Huawei

   Email: frank.xialiang@huawei.com


   Guangying Zheng
   Huawei

   Email: zhengguangying@huawei.com





















Xia & Zheng             Expires December 6, 2018               [Page 48]


Html markup produced by rfcmarkup 1.127, available from https://tools.ietf.org/tools/rfcmarkup/