draft-ietf-ospf-yang-27.txt   draft-ietf-ospf-yang-28.txt 
Internet D. Yeung Internet D. Yeung
Internet-Draft Arrcus Internet-Draft Arrcus
Intended status: Standards Track Y. Qu Intended status: Standards Track Y. Qu
Expires: February 23, 2020 Futurewei Expires: February 27, 2020 Futurewei
J. Zhang J. Zhang
Juniper Networks Juniper Networks
I. Chen I. Chen
The MITRE Corporation The MITRE Corporation
A. Lindem A. Lindem
Cisco Systems Cisco Systems
August 22, 2019 August 26, 2019
YANG Data Model for OSPF Protocol YANG Data Model for OSPF Protocol
draft-ietf-ospf-yang-27 draft-ietf-ospf-yang-28
Abstract Abstract
This document defines a YANG data model that can be used to configure This document defines a YANG data model that can be used to configure
and manage OSPF. The model is based on YANG 1.1 as defined in RFC and manage OSPF. The model is based on YANG 1.1 as defined in RFC
7950 and conforms to the Network Management Datastore Architecture 7950 and conforms to the Network Management Datastore Architecture
(NMDA) as described in RFC 8342. (NMDA) as described in RFC 8342.
Status of This Memo Status of This Memo
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 23, 2020. This Internet-Draft will expire on February 27, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 27 skipping to change at page 2, line 27
2.1. OSPF Operational State . . . . . . . . . . . . . . . . . 3 2.1. OSPF Operational State . . . . . . . . . . . . . . . . . 3
2.2. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3. OSPFv2 and OSPFv3 . . . . . . . . . . . . . . . . . . . . 5 2.3. OSPFv2 and OSPFv3 . . . . . . . . . . . . . . . . . . . . 5
2.4. Optional Features . . . . . . . . . . . . . . . . . . . . 5 2.4. Optional Features . . . . . . . . . . . . . . . . . . . . 5
2.5. OSPF Router Configuration/Operational State . . . . . . . 7 2.5. OSPF Router Configuration/Operational State . . . . . . . 7
2.6. OSPF Area Configuration/Operational State . . . . . . . . 10 2.6. OSPF Area Configuration/Operational State . . . . . . . . 10
2.7. OSPF Interface Configuration/Operational State . . . . . 16 2.7. OSPF Interface Configuration/Operational State . . . . . 16
2.8. OSPF Notifications . . . . . . . . . . . . . . . . . . . 19 2.8. OSPF Notifications . . . . . . . . . . . . . . . . . . . 19
2.9. OSPF RPC Operations . . . . . . . . . . . . . . . . . . . 23 2.9. OSPF RPC Operations . . . . . . . . . . . . . . . . . . . 23
3. OSPF YANG Module . . . . . . . . . . . . . . . . . . . . . . 23 3. OSPF YANG Module . . . . . . . . . . . . . . . . . . . . . . 23
4. Security Considerations . . . . . . . . . . . . . . . . . . . 119 4. Security Considerations . . . . . . . . . . . . . . . . . . . 120
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 120 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 123
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 121 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 123
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 121 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 124
7.1. Normative References . . . . . . . . . . . . . . . . . . 121 7.1. Normative References . . . . . . . . . . . . . . . . . . 124
7.2. Informative References . . . . . . . . . . . . . . . . . 127 7.2. Informative References . . . . . . . . . . . . . . . . . 129
Appendix A. Contributors' Addresses . . . . . . . . . . . . . . 128 Appendix A. Contributors' Addresses . . . . . . . . . . . . . . 131
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 128 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 131
1. Overview 1. Overview
YANG [RFC6020][RFC7950] is a data definition language used to define YANG [RFC6020][RFC7950] is a data definition language used to define
the contents of a conceptual data store that allows networked devices the contents of a conceptual data store that allows networked devices
to be managed using NETCONF [RFC6241], RESTCONF [RFC8040], and other to be managed using NETCONF [RFC6241], RESTCONF [RFC8040], and other
Network Management protocols. Furthermore, YANG data models can be Network Management protocols. Furthermore, YANG data models can be
used as the basis for implementation of other interfaces, such as CLI used as the basis for implementation of other interfaces, such as CLI
and programmatic APIs. and programmatic APIs.
skipping to change at page 9, line 27 skipping to change at page 9, line 27
| +--ro route* [prefix] | +--ro route* [prefix]
| +--ro prefix inet:ip-prefix | +--ro prefix inet:ip-prefix
| +--ro next-hops | +--ro next-hops
| | +--ro next-hop* [next-hop] | | +--ro next-hop* [next-hop]
| | +--ro outgoing-interface? if:interface-ref | | +--ro outgoing-interface? if:interface-ref
| | +--ro next-hop inet:ip-address | | +--ro next-hop inet:ip-address
| +--ro metric? uint32 | +--ro metric? uint32
| +--ro route-type? route-type | +--ro route-type? route-type
| +--ro route-tag? uint32 | +--ro route-tag? uint32
+--ro statistics +--ro statistics
| +--ro discontinuity-time yang:date-and-time
| +--ro originate-new-lsa-count? yang:counter32 | +--ro originate-new-lsa-count? yang:counter32
| +--ro rx-new-lsas-count? yang:counter32 | +--ro rx-new-lsas-count? yang:counter32
| +--ro as-scope-lsa-count? yang:gauge32 | +--ro as-scope-lsa-count? yang:gauge32
| +--ro as-scope-lsa-chksum-sum? uint32 | +--ro as-scope-lsa-chksum-sum? uint32
| +--ro database | +--ro database
| +--ro as-scope-lsa-type* | +--ro as-scope-lsa-type*
| +--ro lsa-type? uint16 | +--ro lsa-type? uint16
| +--ro lsa-count? yang:gauge32 | +--ro lsa-count? yang:gauge32
| +--ro lsa-cksum-sum? int32 | +--ro lsa-cksum-sum? int32
+--ro database +--ro database
skipping to change at page 11, line 22 skipping to change at page 11, line 23
| | +--rw name -> ../../../../../../../../ | | +--rw name -> ../../../../../../../../
| | ../../../rt:ribs/rib/name | | ../../../rt:ribs/rib/name
| | +--rw summary? boolean | | +--rw summary? boolean
| | +--rw default-cost? ospf-metric | | +--rw default-cost? ospf-metric
| | +--rw ranges | | +--rw ranges
| | +--rw range* [prefix] | | +--rw range* [prefix]
| | +--rw prefix inet:ip-prefix | | +--rw prefix inet:ip-prefix
| | +--rw advertise? boolean | | +--rw advertise? boolean
| | +--rw cost? ospf-metric | | +--rw cost? ospf-metric
| +--ro statistics | +--ro statistics
| | +--ro discontinuity-time yang:date-and-time
| | +--ro spf-runs-count? yang:counter32 | | +--ro spf-runs-count? yang:counter32
| | +--ro abr-count? yang:gauge32 | | +--ro abr-count? yang:gauge32
| | +--ro asbr-count? yang:gauge32 | | +--ro asbr-count? yang:gauge32
| | +--ro ar-nssa-translator-event-count? | | +--ro ar-nssa-translator-event-count?
| | yang:counter32 | | yang:counter32
| | +--ro area-scope-lsa-count? yang:gauge32 | | +--ro area-scope-lsa-count? yang:gauge32
| | +--ro area-scope-lsa-cksum-sum? int32 | | +--ro area-scope-lsa-cksum-sum? int32
| | +--ro database | | +--ro database
| | +--ro area-scope-lsa-type* | | +--ro area-scope-lsa-type*
| | +--ro lsa-type? uint16 | | +--ro lsa-type? uint16
skipping to change at page 14, line 7 skipping to change at page 14, line 9
| | +--ro state? if-state-type | | +--ro state? if-state-type
| | +--ro hello-timer? rt-types: | | +--ro hello-timer? rt-types:
| | | rtimer-value-seconds16 | | | rtimer-value-seconds16
| | +--ro wait-timer? rt-types: | | +--ro wait-timer? rt-types:
| | | rtimer-value-seconds16 | | | rtimer-value-seconds16
| | +--ro dr-router-id? rt-types:router-id | | +--ro dr-router-id? rt-types:router-id
| | +--ro dr-ip-addr? inet:ip-address | | +--ro dr-ip-addr? inet:ip-address
| | +--ro bdr-router-id? rt-types:router-id | | +--ro bdr-router-id? rt-types:router-id
| | +--ro bdr-ip-addr? inet:ip-address | | +--ro bdr-ip-addr? inet:ip-address
| | +--ro statistics | | +--ro statistics
| | | +--ro discontinuity-time yang:date-and-time
| | | +--ro if-event-count? yang:counter32 | | | +--ro if-event-count? yang:counter32
| | | +--ro link-scope-lsa-count? yang:gauge32 | | | +--ro link-scope-lsa-count? yang:gauge32
| | | +--ro link-scope-lsa-cksum-sum? | | | +--ro link-scope-lsa-cksum-sum?
| | | uint32 | | | uint32
| | | +--ro database | | | +--ro database
| | | +--ro link-scope-lsa-type* | | | +--ro link-scope-lsa-type*
| | | +--ro lsa-type? uint16 | | | +--ro lsa-type? uint16
| | | +--ro lsa-count? yang:gauge32 | | | +--ro lsa-count? yang:gauge32
| | | +--ro lsa-cksum-sum? int32 | | | +--ro lsa-cksum-sum? int32
| | +--ro neighbors | | +--ro neighbors
skipping to change at page 14, line 29 skipping to change at page 14, line 32
| | | rt-types:router-id | | | rt-types:router-id
| | | +--ro address? inet:ip-address | | | +--ro address? inet:ip-address
| | | +--ro dr-router-id? rt-types:router-id | | | +--ro dr-router-id? rt-types:router-id
| | | +--ro dr-ip-addr? inet:ip-address | | | +--ro dr-ip-addr? inet:ip-address
| | | +--ro bdr-router-id? rt-types:router-id | | | +--ro bdr-router-id? rt-types:router-id
| | | +--ro bdr-ip-addr? inet:ip-address | | | +--ro bdr-ip-addr? inet:ip-address
| | | +--ro state? nbr-state-type | | | +--ro state? nbr-state-type
| | | +--ro dead-timer? rt-types: | | | +--ro dead-timer? rt-types:
| | | | rtimer-value-seconds16 | | | | rtimer-value-seconds16
| | | +--ro statistics | | | +--ro statistics
| | | +--ro discontinuity-time
| | | yang:date-and-time
| | | +--ro nbr-event-count? | | | +--ro nbr-event-count?
| | | yang:counter32 | | | yang:counter32
| | | +--ro nbr-retrans-qlen? | | | +--ro nbr-retrans-qlen?
| | | yang:gauge32 | | | yang:gauge32
| | +--ro database | | +--ro database
| | +--ro link-scope-lsa-type* [lsa-type] | | +--ro link-scope-lsa-type* [lsa-type]
| | +--ro lsa-type uint16 | | +--ro lsa-type uint16
| | +--ro link-scope-lsas | | +--ro link-scope-lsas
. . . .
. . . .
skipping to change at page 15, line 48 skipping to change at page 16, line 5
| | +--ro state? if-state-type | | +--ro state? if-state-type
| | +--ro hello-timer? rt-types: | | +--ro hello-timer? rt-types:
| | | rtimer-value-seconds16 | | | rtimer-value-seconds16
| | +--ro wait-timer? rt-types: | | +--ro wait-timer? rt-types:
| | | rtimer-value-seconds16 | | | rtimer-value-seconds16
| | +--ro dr-router-id? rt-types:router-id | | +--ro dr-router-id? rt-types:router-id
| | +--ro dr-ip-addr? inet:ip-address | | +--ro dr-ip-addr? inet:ip-address
| | +--ro bdr-router-id? rt-types:router-id | | +--ro bdr-router-id? rt-types:router-id
| | +--ro bdr-ip-addr? inet:ip-address | | +--ro bdr-ip-addr? inet:ip-address
| | +--ro statistics | | +--ro statistics
| | | +--ro discontinuity-time yang:date-and-time
| | | +--ro if-event-count? yang:counter32 | | | +--ro if-event-count? yang:counter32
| | | +--ro link-scope-lsa-count? yang:gauge32 | | | +--ro link-scope-lsa-count? yang:gauge32
| | | +--ro link-scope-lsa-cksum-sum? | | | +--ro link-scope-lsa-cksum-sum?
| | | uint32 | | | uint32
| | | +--ro database | | | +--ro database
| | | +--ro link-scope-lsa-type* | | | +--ro link-scope-lsa-type*
| | | +--ro lsa-type? uint16 | | | +--ro lsa-type? uint16
| | | +--ro lsa-count? yang:gauge32 | | | +--ro lsa-count? yang:gauge32
| | | +--ro lsa-cksum-sum? int32 | | | +--ro lsa-cksum-sum? int32
| | +--ro neighbors | | +--ro neighbors
skipping to change at page 23, line 43 skipping to change at page 23, line 49
-> /rt:routing/control-plane-protocols/ -> /rt:routing/control-plane-protocols/
control-plane-protocol/name control-plane-protocol/name
3. OSPF YANG Module 3. OSPF YANG Module
The following RFCs and drafts are not referenced in the document text The following RFCs and drafts are not referenced in the document text
but are referenced in the ietf-ospf.yang module: [RFC0905], but are referenced in the ietf-ospf.yang module: [RFC0905],
[RFC4576], [RFC4973], [RFC5250], [RFC5309], [RFC5642], [RFC5881], [RFC4576], [RFC4973], [RFC5250], [RFC5309], [RFC5642], [RFC5881],
[RFC6991], [RFC7770], [RFC7884], [RFC8294], and [RFC8476]. [RFC6991], [RFC7770], [RFC7884], [RFC8294], and [RFC8476].
<CODE BEGINS> file "ietf-ospf@2019-08-22.yang" <CODE BEGINS> file "ietf-ospf@2019-08-26.yang"
module ietf-ospf { module ietf-ospf {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-ospf"; namespace "urn:ietf:params:xml:ns:yang:ietf-ospf";
prefix ospf; prefix ospf;
import ietf-inet-types { import ietf-inet-types {
prefix "inet"; prefix "inet";
reference "RFC 6991: Common YANG Data Types"; reference "RFC 6991: Common YANG Data Types";
} }
skipping to change at page 26, line 5 skipping to change at page 26, line 10
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as 'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here. they appear in all capitals, as shown here.
This version of this YANG module is part of RFC XXXX; This version of this YANG module is part of RFC XXXX;
see the RFC itself for full legal notices."; see the RFC itself for full legal notices.";
revision 2019-08-22 { revision 2019-08-26 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for OSPF."; "RFC XXXX: A YANG Data Model for OSPF.";
} }
feature multi-topology { feature multi-topology {
description description
"Support Multiple-Topology Routing (MTR)."; "Support Multiple-Topology Routing (MTR).";
reference "RFC 4915: Multi-Topology Routing"; reference "RFC 4915: Multi-Topology Routing";
skipping to change at page 49, line 4 skipping to change at page 49, line 10
} }
description description
"List of informational capability flags. This will "List of informational capability flags. This will
return all the 32-bit informational flags irrespective return all the 32-bit informational flags irrespective
of whether or not they are known to the device."; of whether or not they are known to the device.";
} }
list functional-capabilities { list functional-capabilities {
leaf functional-flag { leaf functional-flag {
type uint32; type uint32;
description description
"Individual informational capability flag."; "Individual functional capability flag.";
} }
description description
"List of functional capability flags. This will "List of functional capability flags. This will
return all the 32-bit functional flags irrespective return all the 32-bit functional flags irrespective
of whether or not they are known to the device."; of whether or not they are known to the device.";
} }
} }
grouping dynamic-hostname-tlv { grouping dynamic-hostname-tlv {
description "Dynamic Hostname TLV"; description "Dynamic Hostname TLV";
skipping to change at page 68, line 28 skipping to change at page 68, line 34
} }
leaf adv-router { leaf adv-router {
type rt-types:router-id; type rt-types:router-id;
description description
"Advertising router."; "Advertising router.";
} }
} }
grouping instance-stat { grouping instance-stat {
description "Per-instance statistics"; description "Per-instance statistics";
leaf discontinuity-time {
type yang:date-and-time;
description
"The time on the most recent occasion at which any one or
more of this OSPF instance's counters suffered a
discontinuity. If no such discontinuities have occurred
since the OSPF instance was last re-initialized, then
this node contains the time the OSPF instance was
re-initialized which normally occurs when it was
created.";
}
leaf originate-new-lsa-count { leaf originate-new-lsa-count {
type yang:counter32; type yang:counter32;
description "The number of new LSAs originated."; description
"The number of new LSAs originated. Discontinuities in the
value of this counter can occur when the OSPF instance is
re-initialized.";
} }
leaf rx-new-lsas-count { leaf rx-new-lsas-count {
type yang:counter32; type yang:counter32;
description "The number of LSAs received."; description
"The number of new LSAs received. Discontinuities in the
value of this counter can occur when the OSPF instance is
re-initialized.";
} }
leaf as-scope-lsa-count { leaf as-scope-lsa-count {
type yang:gauge32; type yang:gauge32;
description "The number of AS-scope LSAs."; description "The number of AS-scope LSAs.";
} }
leaf as-scope-lsa-chksum-sum { leaf as-scope-lsa-chksum-sum {
type uint32; type uint32;
description description
"The module 2**32 sum of the LSA checksums "The module 2**32 sum of the LSA checksums
for AS-scope LSAs. The value should be treated as for AS-scope LSAs. The value should be treated as
skipping to change at page 69, line 29 skipping to change at page 70, line 4
treated as unsigned when comparing two sums of treated as unsigned when comparing two sums of
checksums. While differing checksums indicate a checksums. While differing checksums indicate a
different combination of LSAs, equivalent checksums different combination of LSAs, equivalent checksums
don't guarantee that the LSAs are the same given that don't guarantee that the LSAs are the same given that
multiple combinations of LSAs can result in the same multiple combinations of LSAs can result in the same
checksum."; checksum.";
} }
} }
} }
uses instance-fast-reroute-state; uses instance-fast-reroute-state;
} }
grouping area-stat { grouping area-stat {
description "Per-area statistics."; description "Per-area statistics.";
leaf discontinuity-time {
type yang:date-and-time;
description
"The time on the most recent occasion at which any one or
more of this OSPF area's counters suffered a
discontinuity. If no such discontinuities have occurred
since the OSPF area was last re-initialized, then
this node contains the time the OSPF area was
re-initialized which normally occurs when it was
created.";
}
leaf spf-runs-count { leaf spf-runs-count {
type yang:counter32; type yang:counter32;
description description
"The number of times the intra-area SPF has run."; "The number of times the intra-area SPF has run.
Discontinuities in the value of this counter can occur
when the OSPF area is re-initialized.";
} }
leaf abr-count { leaf abr-count {
type yang:gauge32; type yang:gauge32;
description description
"The total number of Area Border Routers (ABRs) "The total number of Area Border Routers (ABRs)
reachable within this area."; reachable within this area.";
} }
leaf asbr-count { leaf asbr-count {
type yang:gauge32; type yang:gauge32;
description description
"The total number of AS Boundary Routers (ASBRs)."; "The total number of AS Boundary Routers (ASBRs).";
} }
leaf ar-nssa-translator-event-count { leaf ar-nssa-translator-event-count {
type yang:counter32; type yang:counter32;
description description
"The number of NSSA translator-state changes."; "The number of NSSA translator-state changes.
Discontinuities in the value of this counter can occur
when the OSPF area is re-initialized.";
} }
leaf area-scope-lsa-count { leaf area-scope-lsa-count {
type yang:gauge32; type yang:gauge32;
description description
"The number of area-scope LSAs in the area."; "The number of area-scope LSAs in the area.";
} }
leaf area-scope-lsa-cksum-sum { leaf area-scope-lsa-cksum-sum {
type uint32; type uint32;
description description
"The module 2**32 sum of the LSA checksums "The module 2**32 sum of the LSA checksums
skipping to change at page 71, line 4 skipping to change at page 71, line 42
don't guarantee that the LSAs are the same given that don't guarantee that the LSAs are the same given that
multiple combinations of LSAs can result in the same multiple combinations of LSAs can result in the same
checksum."; checksum.";
} }
} }
} }
} }
grouping interface-stat { grouping interface-stat {
description "Per-interface statistics"; description "Per-interface statistics";
leaf discontinuity-time {
type yang:date-and-time;
description
"The time on the most recent occasion at which any one or
more of this OSPF interface's counters suffered a
discontinuity. If no such discontinuities have occurred
since the OSPF interface was last re-initialized, then
this node contains the time the OSPF interface was
re-initialized which normally occurs when it was
created.";
}
leaf if-event-count { leaf if-event-count {
type yang:counter32; type yang:counter32;
description description
"The number of times this interface has changed its "The number of times this interface has changed its
state or an error has occurred."; state or an error has occurred. Discontinuities in the
value of this counter can occur when the OSPF interface
is re-initialized.";
} }
leaf link-scope-lsa-count { leaf link-scope-lsa-count {
type yang:gauge32; type yang:gauge32;
description "The number of link-scope LSAs."; description "The number of link-scope LSAs.";
} }
leaf link-scope-lsa-cksum-sum { leaf link-scope-lsa-cksum-sum {
type uint32; type uint32;
description description
"The module 2**32 sum of the LSA checksums "The module 2**32 sum of the LSA checksums
for link-scope LSAs. The value should be treated as for link-scope LSAs. The value should be treated as
skipping to change at page 71, line 49 skipping to change at page 73, line 4
description description
"The module 2**32 sum of the LSA checksums "The module 2**32 sum of the LSA checksums
for the LSAs of this type. The value should be for the LSAs of this type. The value should be
treated as unsigned when comparing two sums of treated as unsigned when comparing two sums of
checksums. While differing checksums indicate a checksums. While differing checksums indicate a
different combination of LSAs, equivalent checksums different combination of LSAs, equivalent checksums
don't guarantee that the LSAs are the same given that don't guarantee that the LSAs are the same given that
multiple combinations of LSAs can result in the same multiple combinations of LSAs can result in the same
checksum."; checksum.";
} }
} }
} }
} }
grouping neighbor-stat { grouping neighbor-stat {
description "Per-neighbor statistics."; description "Per-neighbor statistics.";
leaf discontinuity-time {
type yang:date-and-time;
description
"The time on the most recent occasion at which any one or
more of this OSPF neighbor's counters suffered a
discontinuity. If no such discontinuities have occurred
since the OSPF neighbor was last re-initialized, then
this node contains the time the OSPF neighbor was
re-initialized which normally occurs when the neighbor
is dynamically discovered andcreated.";
}
leaf nbr-event-count { leaf nbr-event-count {
type yang:counter32; type yang:counter32;
description description
"The number of times this neighbor has changed "The number of times this neighbor has changed
state or an error has occurred."; state or an error has occurred. Discontinuities in the
value of this counter can occur when the OSPF neighbor
is re-initialized.";
} }
leaf nbr-retrans-qlen { leaf nbr-retrans-qlen {
type yang:gauge32; type yang:gauge32;
description description
"The current length of the retransmission queue."; "The current length of the retransmission queue.";
} }
} }
grouping instance-fast-reroute-config { grouping instance-fast-reroute-config {
description description
skipping to change at page 119, line 40 skipping to change at page 121, line 10
The NETCONF Access Control Model (NACM) [RFC8341] provides the means The NETCONF Access Control Model (NACM) [RFC8341] provides the means
to restrict access for particular NETCONF or RESTCONF users to a pre- to restrict access for particular NETCONF or RESTCONF users to a pre-
configured subset of all available NETCONF or RESTCONF protocol configured subset of all available NETCONF or RESTCONF protocol
operations and content. operations and content.
There are a number of data nodes defined in ietf-ospf.yang module There are a number of data nodes defined in ietf-ospf.yang module
that are writable/creatable/deletable (i.e., config true, which is that are writable/creatable/deletable (i.e., config true, which is
the default). These data nodes may be considered sensitive or the default). These data nodes may be considered sensitive or
vulnerable in some network environments. Write operations (e.g., vulnerable in some network environments. Write operations (e.g.,
edit-config) to these data nodes without proper protection can have a edit-config) to these data nodes without proper protection can have a
negative effect on network operations. For OSPF, the ability to negative effect on network operations. Writable data node represent
modify OSPF configuration will allow the entire OSPF domain to be configuration of each instance, area, virtual link, sham-link, and
compromised including peering with unauthorized routers to misroute interface. These correspond to the following schema nodes:
traffic or mount a massive Denial-of-Service (DoS) attack.
/ospf
/ospf/areas/
/ospf/areas/area[area-id]
/ospf/virtual-links/
/ospf/virtual-links/virtual-link[transit-area-id router-id]
/ospf/areas/area[area-id]/interfaces
/ospf/areas/area[area-id]/interfaces/interface[name]
/ospf/area/area[area-id]/sham-links
/ospf/area/area[area-id]/sham-links/sham-link[local-id remote-id]
For OSPF, the ability to modify OSPF configuration will allow the
entire OSPF domain to be compromised including peering with
unauthorized routers to misroute traffic or mount a massive Denial-
of-Service (DoS) attack. For example, adding OSPF on any unprotected
interface could allow an OSPF adjacency to be formed with an
unauthorized and malicious neighbor. Once an adjacency is formed,
traffic could be hijacked. As a simpler example, a Denial-of-Service
attack could be mounted by changing the cost of an OSPF interface to
be asymmetric such that a hard routing loop ensues. In general,
unauthorized modification of most OSPF features will pose there own
set of security risks and the "Security Considerations" in the
respective reference RFCs should be consulted.
Some of the readable data nodes in the ietf-ospf.yang module may be Some of the readable data nodes in the ietf-ospf.yang module may be
considered sensitive or vulnerable in some network environments. It considered sensitive or vulnerable in some network environments. It
is thus important to control read access (e.g., via get, get-config, is thus important to control read access (e.g., via get, get-config,
or notification) to these data nodes. The exposure of the Link State or notification) to these data nodes. The exposure of the Link State
Database (LSDB) will expose the detailed topology of the network. Database (LSDB) will expose the detailed topology of the network.
This may be undesirable since both due to the fact that exposure may There is a separate Link State Database for each instance, area,
facilitate other attacks. Additionally, network operators may virtual link, sham-link, and interface. These correspond to the
consider their topologies to be sensitive confidential data. following schema nodes:
/ospf/database
/ospf/areas/area[area-id]/database
/ospf/virtual-links/virtual-link[transit-area-id router-
id]/database
/ospf/areas/area[area-id]/interfaces/interface[name]/database
/ospf/area/area[area-id]/sham-links/sham-link[local-id remote-
id]/database
Exposure of the Link State Database includes information beyond the
scope of the OSPF router and this may be undesirable since exposure
may facilitate other attacks. Additionally, in the case of an area
LSDB, the complete IP network topology and, if deployed, the traffic
engineering topology of the OSPF area can be reconstucted. Network
operators may consider their topologies to be sensitive confidential
data.
For OSPF authentication, configuration is supported via the For OSPF authentication, configuration is supported via the
specification of key-chains [RFC8177] or the direct specification of specification of key-chains [RFC8177] or the direct specification of
key and authentication algorithm. Hence, authentication key and authentication algorithm. Hence, authentication
configuration using the "auth-table-trailer" case in the configuration using the "auth-table-trailer" case in the
"authentication" container inherits the security considerations of "authentication" container inherits the security considerations of
[RFC8177]. This includes the considerations with respect to the [RFC8177]. This includes the considerations with respect to the
local storage and handling of authentication keys. local storage and handling of authentication keys.
Additionally, local specification of OSPF authentication keys and the Additionally, local specification of OSPF authentication keys and the
skipping to change at page 120, line 31 skipping to change at page 122, line 49
encryption of keys using the Advanced Encryption Standard (AES) Key encryption of keys using the Advanced Encryption Standard (AES) Key
Wrap Padding Algorithm [RFC5649]. Wrap Padding Algorithm [RFC5649].
Some of the RPC operations in this YANG module may be considered Some of the RPC operations in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus sensitive or vulnerable in some network environments. It is thus
important to control access to these operations. The OSPF YANG important to control access to these operations. The OSPF YANG
module supports the "clear-neighbor" and "clear-database" RPCs. If module supports the "clear-neighbor" and "clear-database" RPCs. If
access to either of these is compromised, they can result in access to either of these is compromised, they can result in
temporary network outages be employed to mount DoS attacks. temporary network outages be employed to mount DoS attacks.
The actual authentication key data (whether locally specified or part
of a key-chain) is sensitive and needs to be kept secret from
unauthorized parties; compromise of the key data would allow an
attacker to forge OSPF traffic that would be accepted as authentic,
potentially compromising the entirety OSPF domain.
5. IANA Considerations 5. IANA Considerations
This document registers a URI in the IETF XML registry [RFC3688]. This document registers a URI in the IETF XML registry [RFC3688].
Following the format in [RFC3688], the following registration is Following the format in [RFC3688], the following registration is
requested to be made: requested to be made:
URI: urn:ietf:params:xml:ns:yang:ietf-ospf URI: urn:ietf:params:xml:ns:yang:ietf-ospf
Registrant Contact: The IESG. Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace. XML: N/A, the requested URI is an XML namespace.
 End of changes. 29 change blocks. 
29 lines changed or deleted 153 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/