draft-ietf-netmod-ip-cfg-05.txt   draft-ietf-netmod-ip-cfg-06.txt 
Network Working Group M. Bjorklund Network Working Group M. Bjorklund
Internet-Draft Tail-f Systems Internet-Draft Tail-f Systems
Intended status: Standards Track July 16, 2012 Intended status: Standards Track September 5, 2012
Expires: January 17, 2013 Expires: March 9, 2013
A YANG Data Model for IP Configuration A YANG Data Model for IP Configuration
draft-ietf-netmod-ip-cfg-05 draft-ietf-netmod-ip-cfg-06
Abstract Abstract
This document defines a YANG data model for configuration of IP This document defines a YANG data model for configuration of IP
implementations. implementations.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 31 skipping to change at page 1, line 31
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 17, 2013. This Internet-Draft will expire on March 9, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 17 skipping to change at page 4, line 17
The module "ietf-ip" augments the "interface" list defined in the The module "ietf-ip" augments the "interface" list defined in the
"ietf-interfaces" module [I-D.ietf-netmod-interfaces-cfg] with the "ietf-interfaces" module [I-D.ietf-netmod-interfaces-cfg] with the
following data nodes, where square brackets are used to enclose a following data nodes, where square brackets are used to enclose a
list's keys, and "?" means that the node is optional. Choice and list's keys, and "?" means that the node is optional. Choice and
case nodes are enclosed in parenthesis, and a case node is marked case nodes are enclosed in parenthesis, and a case node is marked
with a colon (":"). with a colon (":").
+--rw if:interfaces +--rw if:interfaces
+--rw if:interface [name] +--rw if:interface [name]
... ...
+--rw ipv4 +--rw ipv4?
| +--rw enabled? boolean | +--rw enabled? boolean
| +--rw ip-forwarding? boolean | +--rw ip-forwarding? boolean
| +--rw address [ip] | +--rw address [ip]
| | +--rw ip inet:ipv4-address | | +--rw ip inet:ipv4-address
| | +--rw (subnet)? | | +--rw (subnet)?
| | +--:(prefix-length) | | +--:(prefix-length)
| | | +--rw ip:prefix-length? uint8 | | | +--rw ip:prefix-length? uint8
| | +--:(netmask) | | +--:(netmask)
| | +--rw ip:netmask? inet:ipv4-address | | +--rw ip:netmask? inet:ipv4-address
| +--rw neighbor [ip] | +--rw neighbor [ip]
| +--rw ip inet:ipv4-address | +--rw ip inet:ipv4-address
| +--rw phys-address? yang:phys-address | +--rw phys-address? yang:phys-address
+--rw ipv6 +--rw ipv6?
+--rw enabled? boolean +--rw enabled? boolean
+--rw ip-forwarding? boolean +--rw ip-forwarding? boolean
+--rw address [ip] +--rw address [ip]
| +--rw ip inet:ipv6-address | +--rw ip inet:ipv6-address
| +--rw prefix-length? uint8 | +--rw prefix-length? uint8
+--rw neighbor [ip] +--rw neighbor [ip]
| +--rw ip inet:ipv6-address | +--rw ip inet:ipv6-address
| +--rw phys-address? yang:phys-address | +--rw phys-address? yang:phys-address
+--rw dup-addr-detect-transmits? uint32 +--rw dup-addr-detect-transmits? uint32
+--rw autoconf +--rw autoconf
skipping to change at page 7, line 8 skipping to change at page 7, line 8
| ipv6/address | ipAddressEntry | | ipv6/address | ipAddressEntry |
| ipv6/address/ip | ipAddressAddrType / ipAddressAddr | | ipv6/address/ip | ipAddressAddrType / ipAddressAddr |
| ipv6/neighbor | ipNetToPhysicalTable | | ipv6/neighbor | ipNetToPhysicalTable |
+--------------------+-----------------------------------+ +--------------------+-----------------------------------+
Mapping of YANG data nodes to IP-MIB objects Mapping of YANG data nodes to IP-MIB objects
4. IP configuration YANG Module 4. IP configuration YANG Module
This module imports typedefs from [RFC6021] and This module imports typedefs from [RFC6021] and
[I-D.ietf-netmod-interfaces-cfg], and references [RFC0826], [RFC4861] [I-D.ietf-netmod-interfaces-cfg], and references [RFC0826],
and [RFC4862]. [RFC4861], [RFC4862], and [RFC4941].
RFC Ed.: update the date below with the date of RFC publication and RFC Ed.: update the date below with the date of RFC publication and
remove this note. remove this note.
<CODE BEGINS> file "ietf-ip@2012-07-16.yang" <CODE BEGINS> file "ietf-ip@2012-09-05.yang"
module ietf-ip { module ietf-ip {
namespace "urn:ietf:params:xml:ns:yang:ietf-ip"; namespace "urn:ietf:params:xml:ns:yang:ietf-ip";
prefix ip; prefix ip;
import ietf-interfaces { import ietf-interfaces {
prefix if; prefix if;
} }
import ietf-inet-types { import ietf-inet-types {
skipping to change at page 8, line 20 skipping to change at page 8, line 20
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2012-07-16 { revision 2012-09-05 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for IP Configuration"; "RFC XXXX: A YANG Data Model for IP Configuration";
} }
/* Features */ /* Features */
feature non-contiguous-netmasks { feature ipv4-non-contiguous-netmasks {
description description
"Indicates support for configuring non-contiguous "Indicates support for configuring non-contiguous
subnet masks."; subnet masks.";
} }
feature ipv6-privacy-autoconf {
description
"Indicates support for Privacy Extensions for Stateless Address
Autoconfiguration in IPv6.";
reference
"RFC 4941: Privacy Extensions for Stateless Address
Autoconfiguration in IPv6";
}
/* Data nodes */ /* Data nodes */
augment "/if:interfaces/if:interface" { augment "/if:interfaces/if:interface" {
description description
"Parameters for configuring IP on interfaces. "Parameters for configuring IP on interfaces.
If an interface is not capable of running IP, the server If an interface is not capable of running IP, the server
must not allow the client to configure these parameters."; must not allow the client to configure these parameters.";
container ipv4 { container ipv4 {
presence "Configure IPv4 on this interface.";
description description
"Parameters for the IPv4 address family."; "Parameters for the IPv4 address family.";
leaf enabled { leaf enabled {
type boolean; type boolean;
default true; default true;
description description
"Controls if IPv4 is enabled or disabled on this "Controls if IPv4 is enabled or disabled on this
interface."; interface.";
} }
leaf ip-forwarding { leaf ip-forwarding {
type boolean; type boolean;
default false; default false;
description description
"Controls if IPv4 packet forwarding is enabled or disabled "Controls if IPv4 packet forwarding is enabled or disabled
on this interface."; on this interface.";
} }
list address { list address {
key "ip"; key "ip";
skipping to change at page 9, line 16 skipping to change at page 9, line 27
leaf ip-forwarding { leaf ip-forwarding {
type boolean; type boolean;
default false; default false;
description description
"Controls if IPv4 packet forwarding is enabled or disabled "Controls if IPv4 packet forwarding is enabled or disabled
on this interface."; on this interface.";
} }
list address { list address {
key "ip"; key "ip";
description description
"The list of manually configured IPv4 addresses "The list of IPv4 addresses on the interface.";
on the interface.";
leaf ip { leaf ip {
type inet:ipv4-address; type inet:ipv4-address;
description description
"The IPv4 address on the interface."; "The IPv4 address on the interface.";
} }
choice subnet { choice subnet {
default prefix-length; default prefix-length;
description description
"The subnet can be specified as a prefix-length, or, "The subnet can be specified as a prefix-length, or,
skipping to change at page 9, line 41 skipping to change at page 9, line 51
The default subnet is a prefix-length of 32."; The default subnet is a prefix-length of 32.";
leaf prefix-length { leaf prefix-length {
type uint8 { type uint8 {
range "0..32"; range "0..32";
} }
default 32; default 32;
description description
"The length of the subnet prefix."; "The length of the subnet prefix.";
} }
leaf netmask { leaf netmask {
if-feature non-contiguous-netmasks; if-feature ipv4-non-contiguous-netmasks;
type inet:ipv4-address; type inet:ipv4-address;
description description
"The subnet specified as a netmask."; "The subnet specified as a netmask.";
} }
} }
} }
list neighbor { list neighbor {
key "ip"; key "ip";
description description
"A list of manually configured mappings from IPv4 "A list of mappings from IPv4
addresses to physical addresses. addresses to physical addresses.
Entries in this list are used as static entries in the Entries in this list are used as static entries in the
ARP cache."; ARP cache.";
reference reference
"RFC 826: An Ethernet Address Resolution Protocol"; "RFC 826: An Ethernet Address Resolution Protocol";
leaf ip { leaf ip {
type inet:ipv4-address; type inet:ipv4-address;
description description
skipping to change at page 10, line 24 skipping to change at page 10, line 34
} }
leaf phys-address { leaf phys-address {
type yang:phys-address; type yang:phys-address;
description description
"The physical level address of the neihgbor node."; "The physical level address of the neihgbor node.";
} }
} }
} }
container ipv6 { container ipv6 {
presence "Configure IPv6 on this interface.";
description description
"Parameters for the IPv6 address family."; "Parameters for the IPv6 address family.";
leaf enabled { leaf enabled {
type boolean; type boolean;
default true; default true;
description description
"Controls if IPv6 is enabled or disabled on this "Controls if IPv6 is enabled or disabled on this
interface."; interface.";
} }
skipping to change at page 10, line 47 skipping to change at page 11, line 10
description description
"Controls if IPv6 packet forwarding is enabled or disabled "Controls if IPv6 packet forwarding is enabled or disabled
on this interface."; on this interface.";
reference reference
"RFC 4861: Neighbor Discovery for IP version 6 (IPv6) "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
Section 6.2.1, IsRouter"; Section 6.2.1, IsRouter";
} }
list address { list address {
key "ip"; key "ip";
description description
"The list of manually configured IPv6 addresses "The list of IPv6 addresses on the interface.";
on the interface.";
leaf ip { leaf ip {
type inet:ipv6-address; type inet:ipv6-address;
description description
"The IPv6 address on the interface."; "The IPv6 address on the interface.";
} }
leaf prefix-length { leaf prefix-length {
type uint8 { type uint8 {
range "0..128"; range "0..128";
} }
default 128; default 128;
description description
"The length of the subnet prefix."; "The length of the subnet prefix.";
} }
} }
list neighbor { list neighbor {
key "ip"; key "ip";
description description
"A list of manually configured mappings from IPv6 "A list of mappings from IPv6
addresses to physical addresses. addresses to physical addresses.
Entries in this list are used as static entries in the Entries in this list are used as static entries in the
Neighbor Cache."; Neighbor Cache.";
reference reference
"RFC 4861: Neighbor Discovery for IP version 6 (IPv6)"; "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)";
leaf ip { leaf ip {
type inet:ipv6-address; type inet:ipv6-address;
description description
"The IPv6 address of a neighbor node."; "The IPv6 address of a neighbor node.";
} }
leaf phys-address { leaf phys-address {
type yang:phys-address; type yang:phys-address;
description description
"The physical level address of the neihgbor node."; "The physical level address of the neighbor node.";
} }
} }
leaf dup-addr-detect-transmits { leaf dup-addr-detect-transmits {
type uint32; type uint32;
default 1; default 1;
description description
"The number of consecutive Neighbor Solicitation messages "The number of consecutive Neighbor Solicitation messages
sent while performing Duplicate Address Detection on a sent while performing Duplicate Address Detection on a
tentative address. A value of zero indicates that tentative address. A value of zero indicates that
Duplicate Address Detection is not performed on Duplicate Address Detection is not performed on
skipping to change at page 12, line 19 skipping to change at page 12, line 30
leaf create-global-addresses { leaf create-global-addresses {
type boolean; type boolean;
default true; default true;
description description
"If enabled, the host creates global addresses as "If enabled, the host creates global addresses as
described in section 5.5 of RFC 4862."; described in section 5.5 of RFC 4862.";
reference reference
"RFC 4862: IPv6 Stateless Address Autoconfiguration"; "RFC 4862: IPv6 Stateless Address Autoconfiguration";
} }
leaf create-temporary-addresses { leaf create-temporary-addresses {
if-feature ipv6-privacy-autoconf;
type boolean; type boolean;
default false; default false;
description description
"If enabled, the host creates temporary addresses as "If enabled, the host creates temporary addresses as
described in RFC 4941."; described in RFC 4941.";
reference reference
"RFC 4941: Privacy Extensions for Stateless Address "RFC 4941: Privacy Extensions for Stateless Address
Autoconfiguration in IPv6"; Autoconfiguration in IPv6";
} }
leaf temporary-valid-lifetime { leaf temporary-valid-lifetime {
if-feature ipv6-privacy-autoconf;
type uint32; type uint32;
units "seconds"; units "seconds";
default 604800; default 604800;
description description
"The time the temporary address is valid."; "The time period during which the temporary address
is valid.";
reference reference
"RFC 4941: Privacy Extensions for Stateless Address "RFC 4941: Privacy Extensions for Stateless Address
Autoconfiguration in IPv6 Autoconfiguration in IPv6
- TEMP_VALID_LIFETIME"; - TEMP_VALID_LIFETIME";
} }
leaf temporary-preferred-lifetime { leaf temporary-preferred-lifetime {
if-feature ipv6-privacy-autoconf;
type uint32; type uint32;
units "seconds"; units "seconds";
default 86400; default 86400;
description description
"The time the temporary address is preferred."; "The time period during which the temporary address is
preferred.";
reference reference
"RFC 4941: Privacy Extensions for Stateless Address "RFC 4941: Privacy Extensions for Stateless Address
Autoconfiguration in IPv6 Autoconfiguration in IPv6
- TEMP_PREFERED_LIFETIME"; - TEMP_PREFERED_LIFETIME";
} }
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
5. IANA Considerations 5. IANA Considerations
This document registers a URI in the IETF XML registry [RFC3688]. This document registers a URI in the IETF XML registry [RFC3688].
Following the format in RFC 3688, the following registration is Following the format in RFC 3688, the following registration is
requested to be made. requested to be made.
skipping to change at page 15, line 37 skipping to change at page 15, line 37
protocol. protocol.
ipv4/address and ipv6/address: These lists specify the configured IP ipv4/address and ipv6/address: These lists specify the configured IP
addresses on an interface. By modifying this information, an addresses on an interface. By modifying this information, an
attacker can cause a node to either ignore messages destined to it attacker can cause a node to either ignore messages destined to it
or accept (at least at the IP layer) messages it would otherwise or accept (at least at the IP layer) messages it would otherwise
ignore. The use of filtering or security associations may reduce ignore. The use of filtering or security associations may reduce
the potential damage in the latter case. the potential damage in the latter case.
ipv4/ip-forwarding and ipv6/ip-forwarding: These leafs allow a ipv4/ip-forwarding and ipv6/ip-forwarding: These leafs allow a
client to enable or disable the routing functions on the entity. client to enable or disable the forwarding functions on the
By disabling the routing functions, an attacker would possibly be entity. By disabling the forwarding functions, an attacker would
able to deny service to users. By enabling the routing functions, possibly be able to deny service to users. By enabling the
an attacker could open a conduit into an area. This might result forwarding functions, an attacker could open a conduit into an
in the area providing transit for packets it shouldn't or might area. This might result in the area providing transit for packets
allow the attacker access to the area bypassing security it shouldn't or might allow the attacker access to the area
safeguards. =ipv6/autoconf: The leafs in this branch control the bypassing security safeguards.
ipv6/autoconf: The leafs in this branch control the
autoconfiguration of IPv6 addresses and in particular whether autoconfiguration of IPv6 addresses and in particular whether
temporary addresses are used or not. By modifying the temporary addresses are used or not. By modifying the
corresponding leafs, an attacker might impact the addresses used corresponding leafs, an attacker might impact the addresses used
by a node and thus indirectly the privacy of the users using the by a node and thus indirectly the privacy of the users using the
node. node.
7. Acknowledgments 7. Acknowledgments
The author wishes to thank Ladislav Lhotka, Juergen Schoenwaelder, The author wishes to thank Ladislav Lhotka, Juergen Schoenwaelder,
and Dave Thaler for their helpful comments. and Dave Thaler for their helpful comments.
skipping to change at page 17, line 27 skipping to change at page 17, line 27
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004. January 2004.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007. September 2007.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, September 2007. Address Autoconfiguration", RFC 4862, September 2007.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, September 2007.
[RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the
Network Configuration Protocol (NETCONF)", RFC 6020, Network Configuration Protocol (NETCONF)", RFC 6020,
October 2010. October 2010.
[RFC6021] Schoenwaelder, J., "Common YANG Data Types", RFC 6021, [RFC6021] Schoenwaelder, J., "Common YANG Data Types", RFC 6021,
October 2010. October 2010.
8.2. Informative References 8.2. Informative References
[I-D.ietf-netmod-routing-cfg] [I-D.ietf-netmod-routing-cfg]
 End of changes. 29 change blocks. 
30 lines changed or deleted 50 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/