draft-ietf-tcpm-yang-tcp-00.txt   draft-ietf-tcpm-yang-tcp-01.txt 
TCPM M. Scharf TCPM M. Scharf
Internet-Draft Hochschule Esslingen Internet-Draft Hochschule Esslingen
Intended status: Standards Track V. Murgai Intended status: Standards Track V. Murgai
Expires: May 2, 2021 Expires: May 20, 2021 Samsung
M. Jethanandani M. Jethanandani
Kloud Services Kloud Services
October 29, 2020 November 16, 2020
YANG Model for Transmission Control Protocol (TCP) Configuration YANG Model for Transmission Control Protocol (TCP) Configuration
draft-ietf-tcpm-yang-tcp-00 draft-ietf-tcpm-yang-tcp-01
Abstract Abstract
This document specifies a YANG model for TCP on devices that are This document specifies a YANG model for TCP on devices that are
configured by network management protocols. The YANG model defines a configured by network management protocols. The YANG model defines a
container for all TCP connections and groupings of some of the container for all TCP connections and groupings of some of the
parameters that can be imported and used in TCP implementations or by parameters that can be imported and used in TCP implementations or by
other models that need to configure TCP parameters. The model other models that need to configure TCP parameters. The model
includes definitions from YANG Groupings for TCP Client and TCP includes definitions from YANG Groupings for TCP Client and TCP
Servers (I-D.ietf-netconf-tcp-client-server). The model is NMDA (RFC Servers (I-D.ietf-netconf-tcp-client-server). The model is NMDA (RFC
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 2, 2021. This Internet-Draft will expire on May 20, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 24 skipping to change at page 2, line 24
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
2.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 3 2.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 3
3. Model Overview . . . . . . . . . . . . . . . . . . . . . . . 4 3. Model Overview . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Modeling Scope . . . . . . . . . . . . . . . . . . . . . 4 3.1. Modeling Scope . . . . . . . . . . . . . . . . . . . . . 4
3.2. Model Design . . . . . . . . . . . . . . . . . . . . . . 5 3.2. Model Design . . . . . . . . . . . . . . . . . . . . . . 5
3.3. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 6 3.3. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 6
4. TCP YANG Model . . . . . . . . . . . . . . . . . . . . . . . 6 4. TCP YANG Model . . . . . . . . . . . . . . . . . . . . . . . 6
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
5.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 13 5.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 13
5.2. The YANG Module Names Registry . . . . . . . . . . . . . 13 5.2. The YANG Module Names Registry . . . . . . . . . . . . . 13
6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 15
7.1. Normative References . . . . . . . . . . . . . . . . . . 13 7.1. Normative References . . . . . . . . . . . . . . . . . . 15
7.2. Informative References . . . . . . . . . . . . . . . . . 15 7.2. Informative References . . . . . . . . . . . . . . . . . 16
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 16 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 18
Appendix B. Changes compared to previous versions . . . . . . . 16 Appendix B. Changes compared to previous versions . . . . . . . 18
Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 17 Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 19
C.1. Keepalive Configuration . . . . . . . . . . . . . . . . . 17 C.1. Keepalive Configuration . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 C.2. TCP-AO Configuration . . . . . . . . . . . . . . . . . . 20
Appendix D. Complete Tree Diagram . . . . . . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
The Transmission Control Protocol (TCP) [RFC0793] is used by many The Transmission Control Protocol (TCP) [RFC0793] is used by many
applications in the Internet, including control and management applications in the Internet, including control and management
protocols. Therefore, TCP is implemented on network elements that protocols. Therefore, TCP is implemented on network elements that
can be configured via network management protocols such as NETCONF can be configured via network management protocols such as NETCONF
[RFC6241] or RESTCONF [RFC8040]. This document specifies a YANG [RFC6241] or RESTCONF [RFC8040]. This document specifies a YANG
[RFC7950] 1.1 model for configuring TCP on network elements that [RFC7950] 1.1 model for configuring TCP on network elements that
support YANG data models, and is Network Management Datastore support YANG data models, and is Network Management Datastore
skipping to change at page 3, line 24 skipping to change at page 3, line 24
(MIB) for the Transmission Control Protocol (TCP) [RFC4022]. The (MIB) for the Transmission Control Protocol (TCP) [RFC4022]. The
basic statistics defined in this document follow the model of the TCP basic statistics defined in this document follow the model of the TCP
MIB. An TCP Extended Statistics MIB [RFC4898] is also available, but MIB. An TCP Extended Statistics MIB [RFC4898] is also available, but
this document does not cover such extended statistics. It is this document does not cover such extended statistics. It is
possible also to translate a MIB into a YANG model, for instance possible also to translate a MIB into a YANG model, for instance
using Translation of Structure of Management Information Version 2 using Translation of Structure of Management Information Version 2
(SMIv2) MIB Modules to YANG Modules [RFC6643]. However, this (SMIv2) MIB Modules to YANG Modules [RFC6643]. However, this
approach is not used in this document, as such a translated model approach is not used in this document, as such a translated model
would not be up-to-date. would not be up-to-date.
There are other existing TCP-related YANG models, which are othogonal There are other existing TCP-related YANG models, which are
to this specification. Examples are: orthogonal to this specification. Examples are:
o TCP header attributes are modeled in other models, such as YANG o TCP header attributes are modeled in other models, such as YANG
Data Model for Network Access Control Lists (ACLs) [RFC8519] and Data Model for Network Access Control Lists (ACLs) [RFC8519] and
Distributed Denial-of-Service Open Thread Signaling (DOTS) Data Distributed Denial-of-Service Open Thread Signaling (DOTS) Data
Channel Specification [I-D.ietf-dots-data-channel]. Channel Specification [RFC8783].
o TCP-related configuration of a NAT (e.g., NAT44, NAT64, o TCP-related configuration of a NAT (e.g., NAT44, NAT64,
Destination NAT, ...) is defined in A YANG Module for Network Destination NAT, ...) is defined in A YANG Module for Network
Address Translation (NAT) and Network Prefix Translation (NPT) Address Translation (NAT) and Network Prefix Translation (NPT)
[RFC8512] and A YANG Data Model for Dual-Stack Lite (DS-Lite) [RFC8512] and A YANG Data Model for Dual-Stack Lite (DS-Lite)
[RFC8513]. [RFC8513].
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
skipping to change at page 4, line 8 skipping to change at page 4, line 8
2.1. Note to RFC Editor 2.1. Note to RFC Editor
This document uses several placeholder values throughout the This document uses several placeholder values throughout the
document. Please replace them as follows and remove this note before document. Please replace them as follows and remove this note before
publication. publication.
RFC XXXX, where XXXX is the number assigned to this document at the RFC XXXX, where XXXX is the number assigned to this document at the
time of publication. time of publication.
2020-10-29 with the actual date of the publication of this document. 2020-11-16 with the actual date of the publication of this document.
3. Model Overview 3. Model Overview
3.1. Modeling Scope 3.1. Modeling Scope
TCP is implemented on many different system architectures. As a TCP is implemented on many different system architectures. As a
result, there are may different and often implementation-specific result, there are may different and often implementation-specific
ways to configure parameters of the TCP protocol engine. In ways to configure parameters of the TCP protocol engine. In
addition, in many TCP/IP stacks configuration exists for different addition, in many TCP/IP stacks configuration exists for different
scopes: scopes:
skipping to change at page 5, line 14 skipping to change at page 5, line 14
ways and design choices by the protocol engine often affect ways and design choices by the protocol engine often affect
configuration options. configuration options.
Nonetheless, a number of TCP stack parameters require configuration Nonetheless, a number of TCP stack parameters require configuration
by YANG models. This document therefore defines a minimal YANG model by YANG models. This document therefore defines a minimal YANG model
with fundamental parameters directly following from TCP standards. with fundamental parameters directly following from TCP standards.
An important use case is the TCP configuration on network elements An important use case is the TCP configuration on network elements
such as routers, which often use YANG data models. The model such as routers, which often use YANG data models. The model
therefore specifies TCP parameters that are important on such TCP therefore specifies TCP parameters that are important on such TCP
stacks. A typical example is the support of TCP-AO [RFC5925]. TCP- stacks.
AO is increasingly supported on routers to secure routing protocols
such as BGP. In that case, TCP-AO configuration is required on A typical example is the support of TCP-AO [RFC5925]. TCP-AO is
routers. increasingly supported on routers to secure routing protocols such as
BGP. In that case, TCP-AO configuration is required on routers. The
model includes the required TCP parameters for TCP-AO configuration.
The key chain for TCP-AO can be modeled by the YANG Data Model for
Key Chains [RFC8177].
Given an installed base, the model also allows enabling of the legacy Given an installed base, the model also allows enabling of the legacy
TCP MD5 [RFC2385] signature option. As the TCP MD5 signature option TCP MD5 [RFC2385] signature option. As the TCP MD5 signature option
is obsoleted by TCP-AO, it is strongly RECOMMENDED to use TCP-AO. is obsoleted by TCP-AO, it is strongly RECOMMENDED to use TCP-AO.
Similar to the TCP MIB [RFC4022], this document also specifies basic Similar to the TCP MIB [RFC4022], this document also specifies basic
statistics and a TCP connection table. statistics and a TCP connection table.
o Statistics: Counters for the number of active/passive opens, sent o Statistics: Counters for the number of active/passive opens, sent
and received segments, errors, and possibly other detailed and received segments, errors, and possibly other detailed
skipping to change at page 6, line 24 skipping to change at page 6, line 24
| ... | ...
+--rw server {server}? +--rw server {server}?
| ... | ...
+--rw client {client}? +--rw client {client}?
| ... | ...
+--ro statistics {statistics}? +--ro statistics {statistics}?
... ...
4. TCP YANG Model 4. TCP YANG Model
<CODE BEGINS> file "ietf-tcp@2020-10-29.yang" <CODE BEGINS> file "ietf-tcp@2020-11-16.yang"
module ietf-tcp { module ietf-tcp {
yang-version "1.1"; yang-version "1.1";
namespace "urn:ietf:params:xml:ns:yang:ietf-tcp"; namespace "urn:ietf:params:xml:ns:yang:ietf-tcp";
prefix "tcp"; prefix "tcp";
import ietf-yang-types { import ietf-yang-types {
prefix "yang"; prefix "yang";
reference reference
"RFC 6991: Common YANG Data Types."; "RFC 6991: Common YANG Data Types.";
skipping to change at page 7, line 14 skipping to change at page 7, line 14
"WG Web: <http://tools.ietf.org/wg/tcpm> "WG Web: <http://tools.ietf.org/wg/tcpm>
WG List: <tcpm@ietf.org> WG List: <tcpm@ietf.org>
Authors: Michael Scharf (michael.scharf at hs-esslingen dot de) Authors: Michael Scharf (michael.scharf at hs-esslingen dot de)
Vishal Murgai (vmurgai at gmail dot com) Vishal Murgai (vmurgai at gmail dot com)
Mahesh Jethanandani (mjethanandani at gmail dot com)"; Mahesh Jethanandani (mjethanandani at gmail dot com)";
description description
"This module focuses on fundamental and standard TCP functions "This module focuses on fundamental and standard TCP functions
that widely implemented. The model can be augmented to address that widely implemented. The model can be augmented to address
more advanced or implementation specific TCP features."; more advanced or implementation specific TCP features.
revision "2020-10-29" { Copyright (c) 2020 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.";
revision "2020-11-16" {
description description
"Initial Version"; "Initial Version";
reference reference
"RFC XXX, TCP Configuration."; "RFC XXXX, TCP Configuration.";
} }
// Features // Features
feature server { feature server {
description description
"TCP Server configuration supported."; "TCP Server configuration supported.";
} }
feature client { feature client {
description description
skipping to change at page 8, line 29 skipping to change at page 8, line 49
description description
"The RecvID is matched against the TCP-AO KeyID of incoming "The RecvID is matched against the TCP-AO KeyID of incoming
segments."; segments.";
reference reference
"RFC 5925: The TCP Authentication Option."; "RFC 5925: The TCP Authentication Option.";
} }
leaf include-tcp-options { leaf include-tcp-options {
type boolean; type boolean;
must "../enable-ao = 'true'"; must "../enable-ao = 'true'";
default true;
description description
"Include TCP options in HMAC calculation."; "Include TCP options in MAC calculation.";
} }
leaf accept-key-mismatch {
leaf accept-ao-mismatch {
type boolean; type boolean;
must "../enable-ao = 'true'"; must "../enable-ao = 'true'";
description description
"Accept packets with HMAC mismatch."; "Accept TCP segments with a Master Key Tuple (MKT) that is not
configured.";
} }
description description
"Authentication Option (AO) for TCP."; "Authentication Option (AO) for TCP.";
reference reference
"RFC 5925: The TCP Authentication Option."; "RFC 5925: The TCP Authentication Option.";
} }
// MD5 grouping // MD5 grouping
grouping md5 { grouping md5 {
skipping to change at page 13, line 45 skipping to change at page 14, line 20
is the secure transport layer, and the mandatory-to-implement secure is the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) described in Using the NETCONF transport is Secure Shell (SSH) described in Using the NETCONF
protocol over SSH [RFC6242]. The lowest RESTCONF layer is HTTPS, and protocol over SSH [RFC6242]. The lowest RESTCONF layer is HTTPS, and
the mandatory-to-implement secure transport is TLS [RFC8446]. the mandatory-to-implement secure transport is TLS [RFC8446].
The Network Configuration Access Control Model (NACM) [RFC8341] The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF or provides the means to restrict access for particular NETCONF or
RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content. RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., "config true", which is the
default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability:
o Server configuration. Unrestricted access to all the nodes under
server configuration, e.g. local-address or keepalive idle-timer,
can cause connections to the server to fail or to timeout
prematurely.
o Client configuration. Similar to server configuration,
unrestricted access to the nodes under client configuration can
cause connections from the client to fail, or connections to the
server to be redirected, and in case of keepalive, cause
connections to timeout prematurely etc.
Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability:
o Unrestricted access to connection information of the client or
server can be used by a malicious user to launch an attack, e.g.
MITM.
o Similarly, unrestricted access to statistics of the client or
server can be used by a malicious user to exploit any
vulnerabilities of the system.
Some of the RPC operations in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control access to these operations. These are the
operations and their sensitivity/vulnerability:
o The YANG module allows for the statistics to be cleared by
executing the reset action. This action should be restricted to
users with the right permission.
7. References 7. References
7.1. Normative References 7.1. Normative References
[I-D.ietf-netconf-tcp-client-server] [I-D.ietf-netconf-tcp-client-server]
Watsen, K. and M. Scharf, "YANG Groupings for TCP Clients Watsen, K. and M. Scharf, "YANG Groupings for TCP Clients
and TCP Servers", draft-ietf-netconf-tcp-client-server-08 and TCP Servers", draft-ietf-netconf-tcp-client-server-08
(work in progress), August 2020. (work in progress), August 2020.
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, [RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
skipping to change at page 15, line 9 skipping to change at page 16, line 21
<https://www.rfc-editor.org/info/rfc7950>. <https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>. <https://www.rfc-editor.org/info/rfc8040>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J.
Zhang, "YANG Data Model for Key Chains", RFC 8177,
DOI 10.17487/RFC8177, June 2017,
<https://www.rfc-editor.org/info/rfc8177>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>. <https://www.rfc-editor.org/info/rfc8340>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341, Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018, DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>. <https://www.rfc-editor.org/info/rfc8341>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>. <https://www.rfc-editor.org/info/rfc8342>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
7.2. Informative References 7.2. Informative References
[I-D.ietf-dots-data-channel]
Boucadair, M. and T. Reddy.K, "Distributed Denial-of-
Service Open Threat Signaling (DOTS) Data Channel
Specification", draft-ietf-dots-data-channel-31 (work in
progress), July 2019.
[I-D.ietf-idr-bgp-model] [I-D.ietf-idr-bgp-model]
Jethanandani, M., Patel, K., Hares, S., and J. Haas, "BGP Jethanandani, M., Patel, K., Hares, S., and J. Haas, "BGP
YANG Model for Service Provider Networks", draft-ietf-idr- YANG Model for Service Provider Networks", draft-ietf-idr-
bgp-model-09 (work in progress), June 2020. bgp-model-09 (work in progress), June 2020.
[I-D.ietf-taps-interface] [I-D.ietf-taps-interface]
Trammell, B., Welzl, M., Enghardt, T., Fairhurst, G., Trammell, B., Welzl, M., Enghardt, T., Fairhurst, G.,
Kuehlewind, M., Perkins, C., Tiesel, P., Wood, C., and T. Kuehlewind, M., Perkins, C., Tiesel, P., Wood, C., and T.
Pauly, "An Abstract Application Layer Interface to Pauly, "An Abstract Application Layer Interface to
Transport Services", draft-ietf-taps-interface-09 (work in Transport Services", draft-ietf-taps-interface-10 (work in
progress), July 2020. progress), November 2020.
[I-D.touch-tcpm-ao-test-vectors]
Touch, J. and J. Kuusisaari, "TCP-AO Test Vectors", draft-
touch-tcpm-ao-test-vectors-01 (work in progress), August
2020.
[RFC4022] Raghunarayan, R., Ed., "Management Information Base for [RFC4022] Raghunarayan, R., Ed., "Management Information Base for
the Transmission Control Protocol (TCP)", RFC 4022, the Transmission Control Protocol (TCP)", RFC 4022,
DOI 10.17487/RFC4022, March 2005, DOI 10.17487/RFC4022, March 2005,
<https://www.rfc-editor.org/info/rfc4022>. <https://www.rfc-editor.org/info/rfc4022>.
[RFC4898] Mathis, M., Heffner, J., and R. Raghunarayan, "TCP [RFC4898] Mathis, M., Heffner, J., and R. Raghunarayan, "TCP
Extended Statistics MIB", RFC 4898, DOI 10.17487/RFC4898, Extended Statistics MIB", RFC 4898, DOI 10.17487/RFC4898,
May 2007, <https://www.rfc-editor.org/info/rfc4898>. May 2007, <https://www.rfc-editor.org/info/rfc4898>.
skipping to change at page 16, line 30 skipping to change at page 17, line 47
[RFC8513] Boucadair, M., Jacquenet, C., and S. Sivakumar, "A YANG [RFC8513] Boucadair, M., Jacquenet, C., and S. Sivakumar, "A YANG
Data Model for Dual-Stack Lite (DS-Lite)", RFC 8513, Data Model for Dual-Stack Lite (DS-Lite)", RFC 8513,
DOI 10.17487/RFC8513, January 2019, DOI 10.17487/RFC8513, January 2019,
<https://www.rfc-editor.org/info/rfc8513>. <https://www.rfc-editor.org/info/rfc8513>.
[RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair,
"YANG Data Model for Network Access Control Lists (ACLs)", "YANG Data Model for Network Access Control Lists (ACLs)",
RFC 8519, DOI 10.17487/RFC8519, March 2019, RFC 8519, DOI 10.17487/RFC8519, March 2019,
<https://www.rfc-editor.org/info/rfc8519>. <https://www.rfc-editor.org/info/rfc8519>.
[RFC8783] Boucadair, M., Ed. and T. Reddy.K, Ed., "Distributed
Denial-of-Service Open Threat Signaling (DOTS) Data
Channel Specification", RFC 8783, DOI 10.17487/RFC8783,
May 2020, <https://www.rfc-editor.org/info/rfc8783>.
Appendix A. Acknowledgements Appendix A. Acknowledgements
Michael Scharf was supported by the StandICT.eu project, which is Michael Scharf was supported by the StandICT.eu project, which is
funded by the European Commission under the Horizon 2020 Programme. funded by the European Commission under the Horizon 2020 Programme.
The following persons have contributed to this document by reviews: The following persons have contributed to this document by reviews:
Mohamed Boucadair Mohamed Boucadair
Appendix B. Changes compared to previous versions Appendix B. Changes compared to previous versions
skipping to change at page 18, line 5 skipping to change at page 19, line 12
o Editorial improvements o Editorial improvements
Appendix C. Examples Appendix C. Examples
C.1. Keepalive Configuration C.1. Keepalive Configuration
This particular example demonstrates how both a particular connection This particular example demonstrates how both a particular connection
can be configured for keepalives. can be configured for keepalives.
[note: '\' line wrapping for formatting only]
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
This example shows how TCP keepalive can be configured for This example shows how TCP keepalive can be configured for
a given connection. An idle connection is dropped after a given connection. An idle connection is dropped after
idle-time + (max-probes * probe-interval). idle-time + (max-probes * probe-interval).
--> -->
<config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<tcp <tcp
xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp"> xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp">
<connections> <connections>
skipping to change at page 18, line 31 skipping to change at page 19, line 40
<keepalives> <keepalives>
<idle-time>5</idle-time> <idle-time>5</idle-time>
<max-probes>5</max-probes> <max-probes>5</max-probes>
<probe-interval>10</probe-interval> <probe-interval>10</probe-interval>
</keepalives> </keepalives>
</common> </common>
</connection> </connection>
</connections> </connections>
<!-- <!--
It is not clear why a server and client configuration is It is not clear why a server and client configuration is
needed here even as they under a feature statement and therefore needed here even as they under a feature statement and
are required only if the feature is declared. Adding it so therefore are required only if the feature is declared.
that yanglint allows this validation to run. Adding it so that yanglint allows this validation to run.
--> -->
<server> <server>
<local-address>192.168.1.1</local-address> <local-address>192.168.1.1</local-address>
</server> </server>
<client> <client>
<remote-address>192.168.1.2</remote-address> <remote-address>192.168.1.2</remote-address>
</client> </client>
</tcp> </tcp>
</config> </config>
C.2. TCP-AO Configuration
The following example demonstrates how to model a TCP-AO [RFC5925]
configuration for the example in TCP-AO Test Vectors
[I-D.touch-tcpm-ao-test-vectors], Section 5.1.1.
[note: '\' line wrapping for formatting only]
<?xml version="1.0" encoding="UTF-8"?>
<!--
This example sets TCP-AO configuration parameters as
demonstrated by examples in draft-touch-tcpm-ao-test-vectors.
-->
<config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<key-chains
xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain">
<key-chain>
<name>ao-config</name>
<description>"An example for TCP-AO configuration."</descriptio\
n>
<key>
<key-id>61</key-id>
<crypto-algorithm>hmac-sha-1-12</crypto-algorithm>
<key-string>
<hexadecimal-string>01:23:a5:93:b9:db:70:62:9b:be:2c:a6:77:cd:fd:e\
a:6f:e0:ac:ad</hexadecimal-string>
</key-string>
</key>
</key-chain>
</key-chains>
<tcp
xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp">
<!--
The example in draft-touch-tcpm-ao-test-vectors uses
IP addresses that are not valid for examples. Changing
them here to valid addresses.
-->
<server>
<local-address>192.168.1.1</local-address>
</server>
<client>
<remote-address>192.168.1.2</remote-address>
</client>
</tcp>
</config>
Appendix D. Complete Tree Diagram
Here is the complete tree diagram for the TCP YANG model.
module: ietf-tcp
+--rw tcp!
+--rw connections
| +--rw connection*
| [local-address remote-address local-port remote-port]
| +--rw local-address inet:ip-address
| +--rw remote-address inet:ip-address
| +--rw local-port inet:port-number
| +--rw remote-port inet:port-number
| +--rw common
| +--rw keepalives!
| | +--rw idle-time uint16
| | +--rw max-probes uint16
| | +--rw probe-interval uint16
| +--rw (authentication)?
| +--:(ao)
| | +--rw enable-ao? boolean
| | +--rw send-id? uint8
| | +--rw recv-id? uint8
| | +--rw include-tcp-options? boolean
| | +--rw accept-key-mismatch? boolean
| +--:(md5)
| +--rw enable-md5? boolean
+--rw server {server}?
| +--rw local-address inet:ip-address
| +--rw local-port? inet:port-number
| +--rw keepalives!
| +--rw idle-time uint16
| +--rw max-probes uint16
| +--rw probe-interval uint16
+--rw client {client}?
| +--rw remote-address inet:host
| +--rw remote-port? inet:port-number
| +--rw local-address? inet:ip-address
| +--rw local-port? inet:port-number
| +--rw keepalives!
| +--rw idle-time uint16
| +--rw max-probes uint16
| +--rw probe-interval uint16
+--ro statistics {statistics}?
+--ro active-opens? yang:counter32
+--ro passive-opens? yang:counter32
+--ro attempt-fails? yang:counter32
+--ro establish-resets? yang:counter32
+--ro currently-established? yang:gauge32
+--ro in-segments? yang:counter64
+--ro out-segments? yang:counter64
+--ro retransmitted-segments? yang:counter32
+--ro in-errors? yang:counter32
+--ro out-resets? yang:counter32
+---x reset
+---w input
| +---w reset-at? yang:date-and-time
+--ro output
+--ro reset-finished-at? yang:date-and-time
Authors' Addresses Authors' Addresses
Michael Scharf Michael Scharf
Hochschule Esslingen - University of Applied Sciences Hochschule Esslingen - University of Applied Sciences
Flandernstr. 101 Flandernstr. 101
Esslingen 73732 Esslingen 73732
Germany Germany
Email: michael.scharf@hs-esslingen.de Email: michael.scharf@hs-esslingen.de
Vishal Murgai Vishal Murgai
Samsung
Email: vmurgai@gmail.com Email: vmurgai@gmail.com
Mahesh Jethanandani Mahesh Jethanandani
Kloud Services Kloud Services
Email: mjethanandani@gmail.com Email: mjethanandani@gmail.com
 End of changes. 27 change blocks. 
40 lines changed or deleted 227 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/