draft-ietf-teas-yang-te-topo-20.txt   draft-ietf-teas-yang-te-topo-21.txt 
skipping to change at page 1, line 14 skipping to change at page 1, line 14
Intended status: Standards Track Igor Bryskin Intended status: Standards Track Igor Bryskin
Huawei Technologies Huawei Technologies
Vishnu Pavan Beeram Vishnu Pavan Beeram
Tarek Saad Tarek Saad
Juniper Networks Juniper Networks
Himanshu Shah Himanshu Shah
Ciena Ciena
Oscar Gonzalez De Dios Oscar Gonzalez De Dios
Telefonica Telefonica
Expires: October 12, 2019 April 12, 2019 Expires: November 23, 2019 May 23, 2019
YANG Data Model for Traffic Engineering (TE) Topologies YANG Data Model for Traffic Engineering (TE) Topologies
draft-ietf-teas-yang-te-topo-20 draft-ietf-teas-yang-te-topo-21
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on October 12, 2019. This Internet-Draft will expire on November 23, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 25 skipping to change at page 3, line 25
5.7. TED Information Sources..................................29 5.7. TED Information Sources..................................29
5.8. Overlay/Underlay Relationship............................30 5.8. Overlay/Underlay Relationship............................30
5.9. Templates................................................31 5.9. Templates................................................31
5.10. Scheduling Parameters...................................32 5.10. Scheduling Parameters...................................32
5.11. Notifications...........................................33 5.11. Notifications...........................................33
6. Guidance for Writing Technology Specific TE Topology Augmentations 6. Guidance for Writing Technology Specific TE Topology Augmentations
.................................................................33 .................................................................33
7. TE Topology YANG Module.......................................46 7. TE Topology YANG Module.......................................46
8. Security Considerations.......................................92 8. Security Considerations.......................................92
9. IANA Considerations...........................................94 9. IANA Considerations...........................................94
10. References...................................................94 10. References...................................................95
10.1. Normative References....................................94 10.1. Normative References....................................95
10.2. Informative References..................................96 10.2. Informative References..................................96
11. Acknowledgments.............................................100 11. Acknowledgments.............................................100
Appendix A. Complete Model Tree Structure.......................101 Appendix A. Complete Model Tree Structure.......................101
Appendix B. Companion YANG Model for Non-NMDA Compliant Appendix B. Companion YANG Model for Non-NMDA Compliant
Implementations.................................................163 Implementations.................................................163
Appendix C. Example: YANG Model for Technology Specific Augmentations Appendix C. Example: YANG Model for Technology Specific Augmentations
................................................................172 ................................................................172
Contributors....................................................210 Contributors....................................................210
Authors' Addresses..............................................210 Authors' Addresses..............................................210
skipping to change at page 92, line 35 skipping to change at page 92, line 35
There are a number of data nodes defined in this YANG module that are There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config) to in some network environments. Write operations (e.g., edit-config) to
these data nodes without proper protection can have a negative effect these data nodes without proper protection can have a negative effect
on network operations. These are the subtrees and data nodes and on network operations. These are the subtrees and data nodes and
their sensitivity/vulnerability: their sensitivity/vulnerability:
o /nw:networks/nw:network/nw:network-types/tet:te-topology o /nw:networks/nw:network/nw:network-types/tet:te-topology
This subtree specifies the TE topology type. Modifying the This subtree specifies the TE topology type. Modifying the
configurations can make TE topology type invalid and cause configurations can make TE topology type invalid. By such
interruption to all TE networks. modifications, a malicious attacker may disable the TE
capabilities on the related networks and cause traffic disrupted
or misrouted.
o /nw:networks/tet:te o /nw:networks/tet:te
This subtree specifies the TE node templates and TE link This subtree specifies the TE node templates and TE link
templates. Modifying the configurations in this subtree will templates. Modifying the configurations in this subtree will
change related future TE configurations. change the related future TE configurations. By such
modifications, a malicious attacker may change the TE capabilities
scheduled at a future time, to cause traffic disrupted or
misrouted.
o /nw:networks/nw:network o /nw:networks/nw:network
This subtree specifies the topology-wide configurations, including This subtree specifies the topology-wide configurations, including
the TE topology ID and topology-wide policies. Modifying the the TE topology ID and topology-wide policies. Modifying the
configurations here can cause traffic disabled or rerouted in this configurations in this subtree can add, remove, or modify TE
topology and the connected topologies. topologies. By adding a TE topology, a malicious attacker may
create an unauthorized traffic network. By removing or modifying a
TE topology, a malicious attacker may cause traffic disabled or
misrouted in the specified TE topology. Such traffic changes may
also affect the traffic in the connected TE topologies.
o /nw:networks/nw:network/nw:node o /nw:networks/nw:network/nw:node
This subtree specifies the configurations for TE nodes. Modifying This subtree specifies the configurations for TE nodes. Modifying
the configurations in this subtree can add, remove, or modify TE the configurations in this subtree can add, remove, or modify TE
nodes, causing traffic disabled or rerouted in the specified nodes nodes. By adding a TE node, a malicious attacker may create an
and the related TE topologies. unauthorized traffic path. By removing or modifying a TE node, a
malicious attacker may cause traffic disabled or misrouted in the
specified TE node. Such traffic changes may also affect the
traffic on the surrounding TE nodes and TE links in this TE
topology and the connected TE topologies.
o /nw:networks/nw:network/nt:link/tet:te o /nw:networks/nw:network/nt:link/tet:te
This subtree specifies the configurations for TE links. Modifying This subtree specifies the configurations for TE links. Modifying
the configurations in this subtree can add, remove, or modify TE the configurations in this subtree can add, remove, or modify TE
links, causing traffic disabled or rerouted on the specified TE links. By adding a TE link, a malicious attacker may create an
links and the related TE topologies. unauthorized traffic path. By removing or modifying a TE link, a
malicious attacker may cause traffic disabled or misrouted on the
specified TE link. Such traffic changes may also affect the
traffic on the surrounding TE nodes and TE links in this TE
topology and the connected TE topologies.
o /nw:networks/nw:network/nw:node/nt:termination-point o /nw:networks/nw:network/nw:node/nt:termination-point
This subtree specifies the configurations of TE link termination This subtree specifies the configurations of TE link termination
points. Modifying the configurations in this subtree can add, points. Modifying the configurations in this subtree can add,
remove, or modify TE link terminations points, causing traffic remove, or modify TE link termination points. By adding a TE link
disabled or rerouted on the related TE links and the related TE termination point, a malicious attacker may create an unauthorized
topologies. traffic path. By removing or modifying a TE link termination
point, a malicious attacker may cause traffic disabled or
misrouted on the specified TE link termination point. Such traffic
changes may also affect the traffic on the surrounding TE nodes
and TE links in this TE topology and the connected TE topologies.
Some of the readable data nodes in this YANG module may be considered Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability: nodes and their sensitivity/vulnerability:
o /nw:networks/nw:network/nw:network-types/tet:te-topology o /nw:networks/nw:network/nw:network-types/tet:te-topology
Unauthorized access to this subtree can disclose the TE topology Unauthorized access to this subtree can disclose the TE topology
type. type.
 End of changes. 10 change blocks. 
17 lines changed or deleted 38 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/