10. IANA Considerations
This document registers the following namespace URIs in the "IETF XML Registry" [RFC3688]: URI: urn:ietf:params:xml:ns:yang:ietf-routing Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace. URI: urn:ietf:params:xml:ns:yang:ietf-ipv4-unicast-routing Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace. URI: urn:ietf:params:xml:ns:yang:ietf-ipv6-unicast-routing Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace. This document registers the following YANG modules in the "YANG Module Names" registry [RFC6020]: Name: ietf-routing Namespace: urn:ietf:params:xml:ns:yang:ietf-routing Prefix: rt Reference: RFC 8022 Name: ietf-ipv4-unicast-routing Namespace: urn:ietf:params:xml:ns:yang:ietf-ipv4-unicast-routing Prefix: v4ur Reference: RFC 8022
Name: ietf-ipv6-unicast-routing Namespace: urn:ietf:params:xml:ns:yang:ietf-ipv6-unicast-routing Prefix: v6ur Reference: RFC 8022 This document registers the following YANG submodule in the "YANG Module Names" registry [RFC6020]: Name: ietf-ipv6-router-advertisements Module: ietf-ipv6-unicast-routing Reference: RFC 802211. Security Considerations
Configuration and state data conforming to the core routing data model (defined in this document) are designed to be accessed via a management protocol with a secure transport layer, such as NETCONF [RFC6241]. The NETCONF access control model [RFC6536] provides the means to restrict access for particular NETCONF users to a preconfigured subset of all available NETCONF protocol operations and content. A number of configuration data nodes defined in the YANG modules belonging to the core routing data model are writable/creatable/ deletable (i.e., "config true" in YANG terms, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations to these data nodes, such as "edit-config" in NETCONF, can have negative effects on the network if the protocol operations are not properly protected. The vulnerable "config true" parameters and subtrees are the following: /routing/control-plane-protocols/control-plane-protocol: This list specifies the control-plane protocols configured on a device. /routing/ribs/rib: This list specifies the RIBs configured for the device. Unauthorized access to any of these lists can adversely affect the routing subsystem of both the local device and the network. This may lead to network malfunctions, delivery of packets to inappropriate destinations, and other problems.
12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, <http://www.rfc-editor.org/info/rfc3688>. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, DOI 10.17487/RFC4861, September 2007, <http://www.rfc-editor.org/info/rfc4861>. [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010, <http://www.rfc-editor.org/info/rfc6020>. [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, <http://www.rfc-editor.org/info/rfc6241>. [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, DOI 10.17487/RFC6991, July 2013, <http://www.rfc-editor.org/info/rfc6991>. [RFC7223] Bjorklund, M., "A YANG Data Model for Interface Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, <http://www.rfc-editor.org/info/rfc7223>. [RFC7277] Bjorklund, M., "A YANG Data Model for IP Management", RFC 7277, DOI 10.17487/RFC7277, June 2014, <http://www.rfc-editor.org/info/rfc7277>. [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, <http://www.rfc-editor.org/info/rfc7950>.
12.2. Informative References
[RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, January 2011, <http://www.rfc-editor.org/info/rfc6087>. [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration Protocol (NETCONF) Access Control Model", RFC 6536, DOI 10.17487/RFC6536, March 2012, <http://www.rfc-editor.org/info/rfc6536>. [RFC7895] Bierman, A., Bjorklund, M., and K. Watsen, "YANG Module Library", RFC 7895, DOI 10.17487/RFC7895, June 2016, <http://www.rfc-editor.org/info/rfc7895>. [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", RFC 7951, DOI 10.17487/RFC7951, August 2016, <http://www.rfc-editor.org/info/rfc7951>.
Appendix A. The Complete Data Trees
This appendix presents the complete configuration and state data trees of the core routing data model. See Section 2.2 for an explanation of the symbols used. The data type of every leaf node is shown near the right end of the corresponding line.A.1. Configuration Data
+--rw routing +--rw router-id? yang:dotted-quad +--rw control-plane-protocols | +--rw control-plane-protocol* [type name] | +--rw type identityref | +--rw name string | +--rw description? string | +--rw static-routes | +--rw v6ur:ipv6 | | +--rw v6ur:route* [destination-prefix] | | +--rw v6ur:destination-prefix inet:ipv6-prefix | | +--rw v6ur:description? string | | +--rw v6ur:next-hop | | +--rw (v6ur:next-hop-options) | | +--:(v6ur:simple-next-hop) | | | +--rw v6ur:outgoing-interface? | | | +--rw v6ur:next-hop-address? | | +--:(v6ur:special-next-hop) | | | +--rw v6ur:special-next-hop? enumeration | | +--:(v6ur:next-hop-list) | | +--rw v6ur:next-hop-list | | +--rw v6ur:next-hop* [index] | | +--rw v6ur:index string | | +--rw v6ur:outgoing-interface? | | +--rw v6ur:next-hop-address? | +--rw v4ur:ipv4 | +--rw v4ur:route* [destination-prefix] | +--rw v4ur:destination-prefix inet:ipv4-prefix | +--rw v4ur:description? string | +--rw v4ur:next-hop | +--rw (v4ur:next-hop-options) | +--:(v4ur:simple-next-hop) | | +--rw v4ur:outgoing-interface? | | +--rw v4ur:next-hop-address? | +--:(v4ur:special-next-hop) | | +--rw v4ur:special-next-hop? enumeration | +--:(v4ur:next-hop-list) | +--rw v4ur:next-hop-list | +--rw v4ur:next-hop* [index]
| +--rw v4ur:index string | +--rw v4ur:outgoing-interface? | +--rw v4ur:next-hop-address? +--rw ribs +--rw rib* [name] +--rw name string +--rw address-family? identityref +--rw description? stringA.2. State Data
+--ro routing-state | +--ro router-id? yang:dotted-quad | +--ro interfaces | | +--ro interface* if:interface-state-ref | +--ro control-plane-protocols | | +--ro control-plane-protocol* [type name] | | +--ro type identityref | | +--ro name string | +--ro ribs | +--ro rib* [name] | +--ro name string | +--ro address-family identityref | +--ro default-rib? boolean {multiple-ribs}? | +--ro routes | | +--ro route* | | +--ro route-preference? route-preference | | +--ro next-hop | | | +--ro (next-hop-options) | | | +--:(simple-next-hop) | | | | +--ro outgoing-interface? | | | | +--ro v6ur:next-hop-address? | | | | +--ro v4ur:next-hop-address? | | | +--:(special-next-hop) | | | | +--ro special-next-hop? enumeration | | | +--:(next-hop-list) | | | +--ro next-hop-list | | | +--ro next-hop* | | | +--ro outgoing-interface? | | | +--ro v6ur:address? | | | +--ro v4ur:address? | | +--ro source-protocol identityref | | +--ro active? empty | | +--ro last-updated? yang:date-and-time | | +--ro v6ur:destination-prefix? inet:ipv6-prefix | | +--ro v4ur:destination-prefix? inet:ipv4-prefix | +---x active-route | +---w input
| | +---w v6ur:destination-address? inet:ipv6-address | | +---w v4ur:destination-address? inet:ipv4-address | +--ro output | +--ro route | +--ro next-hop | | +--ro (next-hop-options) | | +--:(simple-next-hop) | | | +--ro outgoing-interface? | | | +--ro v6ur:next-hop-address? | | | +--ro v4ur:next-hop-address? | | +--:(special-next-hop) | | | +--ro special-next-hop? enumeration | | +--:(next-hop-list) | | +--ro next-hop-list | | +--ro next-hop* | | +--ro outgoing-interface? | | +--ro v6ur:next-hop-address? | | +--ro v4ur:next-hop-address? | +--ro source-protocol identityref | +--ro active? empty | +--ro last-updated? yang:date-and-time | +--ro v6ur:destination-prefix? inet:ipv6-prefix | +--ro v4ur:destination-prefix? inet:ipv4-prefixAppendix B. Minimum Implementation
Some parts and options of the core routing model, such as user- defined RIBs, are intended only for advanced routers. This appendix gives basic non-normative guidelines for implementing a bare minimum of available functions. Such an implementation may be used for hosts or very simple routers. A minimum implementation does not support the feature "multiple-ribs". This means that a single system-controlled RIB is available for each supported address family -- IPv4, IPv6, or both. These RIBs are also the default RIBs. No user-controlled RIBs are allowed. In addition to the mandatory instance of the "direct" pseudo- protocol, a minimum implementation should support configuring instance(s) of the "static" pseudo-protocol. For hosts that are never intended to act as routers, the ability to turn on sending IPv6 router advertisements (Section 5.4) should be removed.
Platforms with severely constrained resources may use deviations for restricting the data model, e.g., limiting the number of "static" control-plane protocol instances.Appendix C. Example: Adding a New Control-Plane Protocol
This appendix demonstrates how the core routing data model can be extended to support a new control-plane protocol. The YANG module "example-rip" shown below is intended as an illustration rather than a real definition of a data model for the Routing Information Protocol (RIP). For the sake of brevity, this module does not obey all the guidelines specified in [RFC6087]. See also Section 5.3.2. module example-rip { yang-version "1.1"; namespace "http://example.com/rip"; prefix "rip"; import ietf-interfaces { prefix "if"; } import ietf-routing { prefix "rt"; } identity rip { base rt:routing-protocol; description "Identity for the Routing Information Protocol (RIP)."; } typedef rip-metric { type uint8 { range "0..16"; } } grouping route-content { description "This grouping defines RIP-specific route attributes."; leaf metric { type rip-metric; } leaf tag {
type uint16; default "0"; description "This leaf may be used to carry additional info, e.g., autonomous system (AS) number."; } } augment "/rt:routing-state/rt:ribs/rt:rib/rt:routes/rt:route" { when "derived-from-or-self(rt:source-protocol, 'rip:rip')" { description "This augment is only valid for a route whose source protocol is RIP."; } description "RIP-specific route attributes."; uses route-content; } augment "/rt:routing-state/rt:ribs/rt:rib/rt:active-route/" + "rt:output/rt:route" { description "RIP-specific route attributes in the output of 'active-route' RPC."; uses route-content; } augment "/rt:routing/rt:control-plane-protocols/" + "rt:control-plane-protocol" { when "derived-from-or-self(rt:type,'rip:rip')" { description "This augment is only valid for a routing protocol instance of type 'rip'."; } container rip { presence "RIP configuration"; description "RIP instance configuration."; container interfaces { description "Per-interface RIP configuration."; list interface { key "name"; description "RIP is enabled on interfaces that have an entry in this list, unless 'enabled' is set to 'false' for that entry."; leaf name {
type if:interface-ref; } leaf enabled { type boolean; default "true"; } leaf metric { type rip-metric; default "1"; } } } leaf update-interval { type uint8 { range "10..60"; } units "seconds"; default "30"; description "Time interval between periodic updates."; } } } }Appendix D. Data Tree Example
This section contains an example of an instance data tree in the JSON encoding [RFC7951], containing both configuration and state data. The data conforms to a data model that is defined by the following YANG library specification [RFC7895]: { "ietf-yang-library:modules-state": { "module-set-id": "c2e1f54169aa7f36e1a6e8d0865d441d3600f9c4", "module": [ { "name": "ietf-routing", "revision": "2016-11-04", "feature": [ "multiple-ribs", "router-id" ], "namespace": "urn:ietf:params:xml:ns:yang:ietf-routing", "conformance-type": "implement" }, { "name": "ietf-ipv4-unicast-routing",
"revision": "2016-11-04", "namespace": "urn:ietf:params:xml:ns:yang:ietf-ipv4-unicast-routing", "conformance-type": "implement" }, { "name": "ietf-ipv6-unicast-routing", "revision": "2016-11-04", "namespace": "urn:ietf:params:xml:ns:yang:ietf-ipv6-unicast-routing", "conformance-type": "implement" }, { "name": "ietf-interfaces", "revision": "2014-05-08", "namespace": "urn:ietf:params:xml:ns:yang:ietf-interfaces", "conformance-type": "implement" }, { "name": "ietf-inet-types", "namespace": "urn:ietf:params:xml:ns:yang:ietf-inet-types", "revision": "2013-07-15", "conformance-type": "import" }, { "name": "ietf-yang-types", "namespace": "urn:ietf:params:xml:ns:yang:ietf-yang-types", "revision": "2013-07-15", "conformance-type": "import" }, { "name": "iana-if-type", "namespace": "urn:ietf:params:xml:ns:yang:iana-if-type", "revision": "", "conformance-type": "implement" }, { "name": "ietf-ip", "revision": "2014-06-16", "namespace": "urn:ietf:params:xml:ns:yang:ietf-ip", "conformance-type": "implement" } ] } }
A simple network setup as shown in Figure 3 is assumed: router "A" uses static default routes with the "ISP" router as the next hop. IPv6 router advertisements are configured only on the "eth1" interface and disabled on the upstream "eth0" interface. +-----------------+ | | | Router ISP | | | +--------+--------+ |2001:db8:0:1::2 |192.0.2.2 | | |2001:db8:0:1::1 eth0|192.0.2.1 +--------+--------+ | | | Router A | | | +--------+--------+ eth1|198.51.100.1 |2001:db8:0:2::1 | Figure 3: Example of Network Configuration The instance data tree could then be as follows: { "ietf-interfaces:interfaces": { "interface": [ { "name": "eth0", "type": "iana-if-type:ethernetCsmacd", "description": "Uplink to ISP.", "ietf-ip:ipv4": { "address": [ { "ip": "192.0.2.1", "prefix-length": 24 } ], "forwarding": true }, "ietf-ip:ipv6": { "address": [ {
"ip": "2001:0db8:0:1::1", "prefix-length": 64 } ], "forwarding": true, "autoconf": { "create-global-addresses": false } } }, { "name": "eth1", "type": "iana-if-type:ethernetCsmacd", "description": "Interface to the internal network.", "ietf-ip:ipv4": { "address": [ { "ip": "198.51.100.1", "prefix-length": 24 } ], "forwarding": true }, "ietf-ip:ipv6": { "address": [ { "ip": "2001:0db8:0:2::1", "prefix-length": 64 } ], "forwarding": true, "autoconf": { "create-global-addresses": false }, "ietf-ipv6-unicast-routing:ipv6-router-advertisements": { "send-advertisements": true } } } ] }, "ietf-interfaces:interfaces-state": { "interface": [ { "name": "eth0", "type": "iana-if-type:ethernetCsmacd", "phys-address": "00:0C:42:E5:B1:E9", "oper-status": "up",
"statistics": { "discontinuity-time": "2015-10-24T17:11:27+02:00" }, "ietf-ip:ipv4": { "forwarding": true, "mtu": 1500, "address": [ { "ip": "192.0.2.1", "prefix-length": 24 } ] }, "ietf-ip:ipv6": { "forwarding": true, "mtu": 1500, "address": [ { "ip": "2001:0db8:0:1::1", "prefix-length": 64 } ], "ietf-ipv6-unicast-routing:ipv6-router-advertisements": { "send-advertisements": false } } }, { "name": "eth1", "type": "iana-if-type:ethernetCsmacd", "phys-address": "00:0C:42:E5:B1:EA", "oper-status": "up", "statistics": { "discontinuity-time": "2015-10-24T17:11:29+02:00" }, "ietf-ip:ipv4": { "forwarding": true, "mtu": 1500, "address": [ { "ip": "198.51.100.1", "prefix-length": 24 } ] }, "ietf-ip:ipv6": { "forwarding": true, "mtu": 1500,
"address": [ { "ip": "2001:0db8:0:2::1", "prefix-length": 64 } ], "ietf-ipv6-unicast-routing:ipv6-router-advertisements": { "send-advertisements": true, "prefix-list": { "prefix": [ { "prefix-spec": "2001:db8:0:2::/64" } ] } } } } ] }, "ietf-routing:routing": { "router-id": "192.0.2.1", "control-plane-protocols": { "control-plane-protocol": [ { "type": "ietf-routing:static", "name": "st0", "description": "Static routing is used for the internal network.", "static-routes": { "ietf-ipv4-unicast-routing:ipv4": { "route": [ { "destination-prefix": "0.0.0.0/0", "next-hop": { "next-hop-address": "192.0.2.2" } } ] }, "ietf-ipv6-unicast-routing:ipv6": { "route": [ { "destination-prefix": "::/0", "next-hop": { "next-hop-address": "2001:db8:0:1::2" } }
] } } } ] } }, "ietf-routing:routing-state": { "interfaces": { "interface": [ "eth0", "eth1" ] }, "control-plane-protocols": { "control-plane-protocol": [ { "type": "ietf-routing:static", "name": "st0" } ] }, "ribs": { "rib": [ { "name": "ipv4-master", "address-family": "ietf-ipv4-unicast-routing:ipv4-unicast", "default-rib": true, "routes": { "route": [ { "ietf-ipv4-unicast-routing:destination-prefix": "192.0.2.1/24", "next-hop": { "outgoing-interface": "eth0" }, "route-preference": 0, "source-protocol": "ietf-routing:direct", "last-updated": "2015-10-24T17:11:27+02:00" }, { "ietf-ipv4-unicast-routing:destination-prefix": "198.51.100.0/24", "next-hop": { "outgoing-interface": "eth1" }, "source-protocol": "ietf-routing:direct",
"route-preference": 0, "last-updated": "2015-10-24T17:11:27+02:00" }, { "ietf-ipv4-unicast-routing:destination-prefix": "0.0.0.0/0", "source-protocol": "ietf-routing:static", "route-preference": 5, "next-hop": { "ietf-ipv4-unicast-routing:next-hop-address": "192.0.2.2" }, "last-updated": "2015-10-24T18:02:45+02:00" } ] } }, { "name": "ipv6-master", "address-family": "ietf-ipv6-unicast-routing:ipv6-unicast", "default-rib": true, "routes": { "route": [ { "ietf-ipv6-unicast-routing:destination-prefix": "2001:db8:0:1::/64", "next-hop": { "outgoing-interface": "eth0" }, "source-protocol": "ietf-routing:direct", "route-preference": 0, "last-updated": "2015-10-24T17:11:27+02:00" }, { "ietf-ipv6-unicast-routing:destination-prefix": "2001:db8:0:2::/64", "next-hop": { "outgoing-interface": "eth1" }, "source-protocol": "ietf-routing:direct", "route-preference": 0, "last-updated": "2015-10-24T17:11:27+02:00" }, { "ietf-ipv6-unicast-routing:destination-prefix": "::/0", "next-hop": {
"ietf-ipv6-unicast-routing:next-hop-address": "2001:db8:0:1::2" }, "source-protocol": "ietf-routing:static", "route-preference": 5, "last-updated": "2015-10-24T18:02:45+02:00" } ] } } ] } } }Acknowledgments
The authors wish to thank Nitin Bahadur, Martin Bjorklund, Dean Bogdanovic, Jeff Haas, Joel Halpern, Wes Hardaker, Sriganesh Kini, David Lamparter, Andrew McGregor, Jan Medved, Xiang Li, Stephane Litkowski, Thomas Morin, Tom Petch, Yingzhen Qu, Bruno Rijsman, Juergen Schoenwaelder, Phil Shafer, Dave Thaler, Yi Yang, Derek Man-Kit Yeung, and Jeffrey Zhang for their helpful comments and suggestions.Authors' Addresses
Ladislav Lhotka CZ.NIC Email: lhotka@nic.cz Acee Lindem Cisco Systems Email: acee@cisco.com