A YANG Data Model for the Multicast Source Discovery Protocol (MSDP)
Volta Networks
xufeng.liu.ietf@gmail.com
ZTE Corporation
No. 50 Software Avenue, Yuhuatai District
Nanjing
China
zhang.zheng@zte.com.cn
Individual Contributor
anish.ietf@gmail.com
Juniper Networks
1133 Innovation Way
Sunnyvale
CA
94089
United States of America
sivakumar.mahesh@gmail.com
Huawei Technologies
Huawei Bldg., No. 156 Beiqing Rd.
Beijing
100095
China
guofeng@huawei.com
Metaswitch Networks
100 Church Street
Enfield
EN2 6BQ
United Kingdom
pete.mcallister@metaswitch.com
MSDP
YANG
This document defines a YANG data model for the configuration and
management of Multicast Source Discovery Protocol (MSDP) protocol
operations.
Introduction
introduces the protocol
definition of the Multicast Source Discovery Protocol (MSDP).
This document defines a YANG data model that can be used to configure
and manage MSDP protocol operations. The operational state data and
statistics can also be retrieved by this model.
This model is designed to be used along with other multicast
YANG data models such as PIM , which are not covered in this document.
Terminology
The terminology for describing YANG data models is found in
and , including:
- action
- augment
- choice
- container
- data model
- data node
- grouping
- identity
- leaf
- list
- module
- uses
The following abbreviations are used in this document and the defined
model:
MSDP: Multicast Source Discovery Protocol
RP: Rendezvous Point
RPF: Reverse Path Forwarding
SA: Source-Active
Conventions Used in This Document
The key words "MUST", "MUST NOT",
"REQUIRED", "SHALL",
"SHALL NOT", "SHOULD",
"SHOULD NOT",
"RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document
are to be interpreted as described in BCP 14
when, and only
when, they appear in all capitals, as shown here.
Tree Diagrams
Tree diagrams used in this document follow the notation defined in
.
Prefixes in Data Node Names
In this document, names of data nodes, actions, and other data model
objects are often used without a prefix, as long as it is clear from
the context in which YANG module each name is defined. Otherwise,
names are prefixed using the standard prefix associated with the
corresponding YANG module, as shown in .
Prefix |
YANG module |
Reference |
yang |
ietf-yang-types |
|
inet |
ietf-inet-types |
|
rt |
ietf-routing |
|
if |
ietf-interfaces |
|
ip |
ietf-ip |
|
key-chain |
ietf-key-chain |
|
rt-types |
ietf-routing-types |
|
acl |
ietf-access-control-list |
|
Design of the Data Model
Scope of Model
The model covers MSDP .
This model can be used to configure and manage MSDP protocol operations. The operational state data and statistics
can be retrieved by this model. Even though no protocol-specific
notifications are defined in this model, the subscription and push
mechanisms, as defined in
and , can be implemented by
the user to subscribe to notifications on the data nodes in this
model.
The model contains all the basic configuration parameters to operate
the protocol. Depending on the implementation choices,
some systems may not allow some of the advanced parameters to be
configurable. The occasionally implemented parameters are modeled as
optional features in this model.
This model can be extended, and it has been structured in a way that
such extensions can be conveniently made.
Specification
The configuration data nodes cover global
configuration attributes and per-peer configuration
attributes. The state data nodes include global, per-peer,
and SA information. The container "msdp" is the
top-level container in this data model. The presence of
this container is expected to enable MSDP protocol functionality.
No notification is defined in this model.
Module Structure
This model imports and augments the "ietf-routing" YANG data model
defined in . Both configuration
data nodes and state data nodes as mentioned in
are augmented.
The YANG data model defined in this document conforms to the Network
Management Datastore Architecture (NMDA) .
The operational state data is combined with the associated configuration
data in the same hierarchy .
../../../peers/peer/address
| | +--rw prefix-policy -> /acl:acls/acl/name
| +--rw originating-rp
| | +--rw interface? if:interface-ref
| +--rw sa-filter
| | +--rw in? -> /acl:acls/acl/name
| | +--rw out? -> /acl:acls/acl/name
| +--rw sa-limit? uint32
| +--rw ttl-threshold? uint8
+--rw peers
| +--rw peer* [address]
| +--rw address inet:ipv4-address
| +---x clear-peer
| +--rw authentication {peer-authentication}?
| | +--rw (authentication-type)?
| | +--:(key-chain)
| | | +--rw key-chain?
key-chain:key-chain-ref
| | +--:(password)
| | +--rw key? string
| | +--rw crypto-algorithm? identityref
| +--rw enabled? boolean
| +--rw tcp-connection-source? if:interface-ref
| +--rw description? string
| +--rw mesh-group? string
| +--rw peer-as? inet:as-number
{peer-as-verification}?
| +--rw sa-filter
| | +--rw in? -> /acl:acls/acl/name
| | +--rw out? -> /acl:acls/acl/name
| +--rw sa-limit? uint32
| +--rw timer
| | +--rw connect-retry-interval? uint16
| | +--rw holdtime-interval? uint16
| | +--rw keepalive-interval? uint16
| +--rw ttl-threshold? uint8
| +--ro session-state? enumeration
| +--ro elapsed-time? yang:gauge32
| +--ro connect-retry-expire? uint32
| +--ro hold-expire? uint16
| +--ro is-default-peer? boolean
| +--ro keepalive-expire? uint16
| +--ro reset-count? yang:zero-based-counter32
| +--ro statistics
| +--ro discontinuity-time? yang:date-and-time
| +--ro error
| | +--ro rpf-failure? uint32
| +--ro queue
| | +--ro size-in? uint32
| | +--ro size-out? uint32
| +--ro received
| | +--ro keepalive? yang:counter64
| | +--ro notification? yang:counter64
| | +--ro sa-message? yang:counter64
| | +--ro sa-response? yang:counter64
| | +--ro sa-request? yang:counter64
| | +--ro total? yang:counter64
| +--ro sent
| +--ro keepalive? yang:counter64
| +--ro notification? yang:counter64
| +--ro sa-message? yang:counter64
| +--ro sa-response? yang:counter64
| +--ro sa-request? yang:counter64
| +--ro total? yang:counter64
+---x clear-all-peers
+--ro sa-cache
+--ro entry* [group source-addr]
| +--ro group
rt-types:ipv4-multicast-group-address
| +--ro source-addr
rt-types:ipv4-multicast-source-address
| +--ro origin-rp* [rp-address]
| | +--ro rp-address inet:ipv4-address
| | +--ro is-local-rp? boolean
| | +--ro sa-adv-expire? uint32
| +--ro state-attributes
| +--ro up-time? yang:gauge32
| +--ro expire? yang:gauge32
| +--ro holddown-interval? uint32
| +--ro peer-learned-from? inet:ipv4-address
| +--ro rpf-peer? inet:ipv4-address
+---x clear
+---w input
+---w entry!
| +---w group
rt-types:ipv4-multicast-group-address
| +---w source-addr?
rt-types:ipv4-multicast-source-address
+---w peer-address? inet:ipv4-address
+---w peer-as? inet:as-number]]>
MSDP Configuration
MSDP operation requires configuration information that is distributed
amongst several peers. Several peers may
be configured in a mesh-group. The SA information may be filtered
by peers.
The configuration modeling branch is composed of MSDP global and
peer configurations.
These two parts are the most important parts of MSDP.
Besides the fundamental features of MSDP, several optional features
are included in the model. These features help the control of MSDP.
The peer features and SA features make the deployment and control easier. The
connection parameters can be used to control the TCP connection because MSDP
is based on TCP. The authentication features make the protocol more
secure. The filter features selectively allow operators to prevent SA information
from being forwarded to peers.
MSDP States
MSDP states are composed of the MSDP global state, the MSDP peer state, statistics
information, and SA cache information. The statistics information and SA cache
information help the operator retrieve data regarding the protocol's condition.
YANG actions are defined to clear the connection of one specific MSDP peer,
clear the connections of all MSDP peers, or clear some or all of the SA caches.
MSDP YANG Data Model
This module references , ,
, , ,
, , ,
, , and .
WG List:
Editor: Xufeng Liu
Editor: Zheng Zhang
Editor: Anish Peter
Editor: Mahesh Sivakumar
Editor: Feng Guo
Editor: Pete McAllister
";
description
"This module defines the YANG data model definitions for the
Multicast Source Discovery Protocol (MSDP).
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
Copyright (c) 2020 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 8916; see the
RFC itself for full legal notices.";
revision 2020-10-31 {
description
"Initial revision.";
reference
"RFC 8916: A YANG Data Model for the Multicast Source
Discovery Protocol (MSDP)";
}
/*
* Features
*/
feature filter-policy {
description
"Support policy configuration of peer/message filtering.";
reference
"RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)";
}
feature peer-as-verification {
description
"Support configuration of a peer's Autonomous System Number
(ASN).";
reference
"RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
}
feature peer-authentication {
description
"Support configuration of peer authentication.";
reference
"RFC 8177: YANG Data Model for Key Chains";
}
/*
* Identities
*/
identity msdp {
base rt:control-plane-protocol;
description
"Identity for the Multicast Source Discovery Protocol (MSDP).";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP)";
}
/*
* Groupings
*/
grouping authentication-container {
description
"Authentication attributes.";
container authentication {
if-feature peer-authentication;
description
"A container defining authentication attributes.";
choice authentication-type {
case key-chain {
leaf key-chain {
type key-chain:key-chain-ref;
description
"Reference to a key-chain.";
reference
"RFC 8177: YANG Data Model for Key Chains";
}
}
case password {
leaf key {
type string;
description
"This leaf specifies the authentication key.";
}
leaf crypto-algorithm {
type identityref {
base key-chain:crypto-algorithm;
}
must "derived-from-or-self(., 'key-chain:md5')" {
error-message
"Only the md5 algorithm can be used for MSDP.";
description
"Check for crypto-algorithm.";
}
description
"Cryptographic algorithm associated with a key.
Only the md5 algorithm can be used for MSDP.
When 'md5' is specified, MSDP control messages
are secured by TCP MD5 signatures as described
in RFCs 3618 and 5925. Both peers of a
connection SHOULD be configured to the same
algorithm for the connection to be established.
When this leaf is not configured, unauthenticated
TCP is used.";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP)
RFC 5925: The TCP Authentication Option
RFC 8177: YANG Data Model for Key Chains";
}
}
description
"Choice of authentication.";
}
}
} // authentication-container
grouping tcp-connect-source {
description
"Attribute to configure a peer TCP connection source.";
leaf tcp-connection-source {
type if:interface-ref;
must "/if:interfaces/if:interface[if:name = current()]/"
+ "ip:ipv4/ip:enabled != 'false'" {
error-message
"The interface must have IPv4 enabled.";
description
"The interface must have IPv4 enabled.";
reference
"RFC 8343: A YANG Data Model for Interface Management";
}
description
"The interface is to be the source for the TCP
connection. It is a reference to an entry in the global
interface list.";
}
} // tcp-connect-source
grouping global-config-attributes {
description
"Global MSDP configuration.";
uses tcp-connect-source;
list default-peer {
if-feature filter-policy;
key "peer-addr prefix-policy";
description
"The default peer accepts all MSDP Source-Active (SA)
messages. A default peer is needed in topologies where
MSDP peers do not coexist with BGP peers. The Reverse Path
Forwarding (RPF) check on SA messages will fail, and no
SA messages will be accepted. In these cases, you can
configure the peer as a default peer and bypass
RPF checks.";
leaf peer-addr {
type leafref {
path "../../../peers/peer/address";
}
mandatory true;
description
"Reference to a peer that is in the peer list.";
}
leaf prefix-policy {
type leafref {
path "/acl:acls/acl:acl/acl:name";
}
description
"If specified, only those SA entries whose Rendezvous
Point (RP) is permitted in the prefix list are allowed;
if not specified, all SA messages from the default
peer are accepted.";
reference
"RFC 7761: Protocol Independent Multicast - Sparse Mode
(PIM-SM): Protocol Specification (Revised)
RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)";
}
} // default-peer
container originating-rp {
description
"The container of the originating RP.";
leaf interface {
type if:interface-ref;
must "/if:interfaces/if:interface[if:name = current()]/"
+ "ip:ipv4/ip:enabled != 'false'" {
error-message
"The interface must have IPv4 enabled.";
description
"The interface must have IPv4 enabled.";
reference
"RFC 8343: A YANG Data Model for Interface Management";
}
description
"Reference to an entry in the global interface list.
The IP address of the interface used in the RP field of
an SA message entry. When anycast RPs are used, all RPs
use the same IP address. This parameter can be used to
define a unique IP address for the RP of each MSDP peer.
By default, the software uses the RP address of the
local system.";
}
} // originating-rp
uses sa-filter-container;
leaf sa-limit {
type uint32;
description
"A limit on the number of SA entries accepted.
If not configured or the value is 0, there is no limit.";
}
uses ttl-threshold;
} // global-config-attributes
grouping peer-config-attributes {
description
"Per-peer configuration for MSDP.";
uses authentication-container;
leaf enabled {
type boolean;
description
"'true' if the peer is enabled;
'false' if the peer is disabled.";
}
uses tcp-connect-source;
leaf description {
type string;
description
"The peer description.";
}
leaf mesh-group {
type string;
description
"The name of the mesh-group to which this peer belongs.";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP),
Section 10.2";
}
leaf peer-as {
if-feature peer-as-verification;
type inet:as-number;
description
"The peer's ASN. Using peer-as to perform the verification
can provide more controlled ability. The value can be
compared with the BGP peer's ASN. If they are different,
the SA information that comes from this peer may be
rejected. If the ASN is the same as the local ASN, then
the peer is within the same domain; otherwise, this peer
is external to the domain. This is comparable to the
definition and usage in BGP; see RFC 4271.";
reference
"RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
}
uses sa-filter-container;
leaf sa-limit {
type uint32;
description
"A limit on the number of SA entries accepted from this
peer.
If not configured or the value is 0, there is no limit.";
}
container timer {
description
"Timer attributes.";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP),
Section 5";
leaf connect-retry-interval {
type uint16;
units seconds;
default 30;
description
"The peer timer for connect-retry. By default, MSDP peers
wait 30 seconds after the session is reset.";
}
leaf holdtime-interval {
type uint16 {
range "3..65535";
}
units seconds;
default 75;
description
"The SA hold-down period of this MSDP peer.";
}
leaf keepalive-interval {
type uint16 {
range "1..65535";
}
units seconds;
must '. < ../holdtime-interval' {
error-message
"The keepalive interval must be smaller than the "
+ "hold-time interval.";
}
default 60;
description
"The keepalive timer of this MSDP peer.";
}
} // timer
uses ttl-threshold;
} // peer-config-attributes
grouping peer-state-attributes {
description
"Per-peer state attributes for MSDP.";
leaf session-state {
type enumeration {
enum disabled {
description
"Disabled.";
}
enum inactive {
description
"Inactive.";
}
enum listen {
description
"Listen.";
}
enum connecting {
description
"Connecting.";
}
enum established {
description
"Established.";
}
}
config false;
description
"The peer's session state.";
reference
"RFC 3618: Multicast Source Discovery Protocol (MSDP),
Section 11";
}
leaf elapsed-time {
type yang:gauge32;
units seconds;
config false;
description
"Elapsed time for being in a state.";
}
leaf connect-retry-expire {
type uint32;
units seconds;
config false;
description
"Connect retry expire time of a peer connection.";
}
leaf hold-expire {
type uint16;
units seconds;
config false;
description
"Hold expire time of a peer connection.";
}
leaf is-default-peer {
type boolean;
config false;
description
"'true' if this peer is one of the default peers.";
}
leaf keepalive-expire {
type uint16;
units seconds;
config false;
description
"Keepalive expire time of this peer.";
}
leaf reset-count {
type yang:zero-based-counter32;
config false;
description
"The reset count of this peer.";
}
container statistics {
config false;
description
"A container defining statistics attributes.";
leaf discontinuity-time {
type yang:date-and-time;
description
"The time on the most recent occasion at which any one
or more of the statistics counters suffered a
discontinuity. If no such discontinuities have occurred
since the last re-initialization of the local
management subsystem, then this node contains the time
the local management subsystem re-initialized itself.";
}
container error {
description
"A grouping defining error statistics attributes.";
leaf rpf-failure {
type uint32;
description
"The number of RPF failures.";
}
}
container queue {
description
"A container that includes queue statistics attributes.";
leaf size-in {
type uint32;
description
"The number of messages received from the peer
currently queued.";
}
leaf size-out {
type uint32;
description
"The number of messages queued to be sent to the peer.";
}
}
container received {
description
"Received message counters.";
uses statistics-sent-received;
}
container sent {
description
"Sent message counters.";
uses statistics-sent-received;
}
} // statistics
} // peer-state-attributes
grouping sa-filter-container {
description
"A container defining SA filters.";
container sa-filter {
description
"Specifies an Access Control List (ACL) to filter SA messages
coming into or going out of the peer.";
leaf in {
type leafref {
path "/acl:acls/acl:acl/acl:name";
}
description
"Filters incoming SA messages only.
The value is the name to uniquely identify a
policy that contains one or more rules used to
accept or reject MSDP SA messages.
If the policy is not specified, all MSDP SA messages are
accepted.";
reference
"RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)";
}
leaf out {
type leafref {
path "/acl:acls/acl:acl/acl:name";
}
description
"Filters outgoing SA messages only.
The value is the name to uniquely identify a
policy that contains one or more rules used to
accept or reject MSDP SA messages.
If the policy is not specified, all MSDP SA messages are
sent.";
reference
"RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)";
}
} // sa-filter
} // sa-filter-container
grouping ttl-threshold {
description
"Attribute to configure the TTL threshold.";
leaf ttl-threshold {
type uint8 {
range 1..255;
}
description
"The maximum number of hops data packets can traverse
before being dropped.";
}
} // ttl-threshold
grouping statistics-sent-received {
description
"A grouping defining sent and received statistics attributes.";
leaf keepalive {
type yang:counter64;
description
"The number of keepalive messages.";
}
leaf notification {
type yang:counter64;
description
"The number of notification messages.";
}
leaf sa-message {
type yang:counter64;
description
"The number of SA messages.";
}
leaf sa-response {
type yang:counter64;
description
"The number of SA response messages.";
}
leaf sa-request {
type yang:counter64;
description
"The number of SA request messages.";
}
leaf total {
type yang:counter64;
description
"The number of total messages.";
}
} // statistics-sent-received
/*
* Data nodes
*/
augment "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol" {
when "derived-from-or-self(rt:type, 'msdp:msdp')" {
description
"This augmentation is only valid for a routing protocol
instance of MSDP.";
}
description
"MSDP augmentation to routing control-plane protocol
configuration and state.";
container msdp {
description
"MSDP configuration and operational state data.";
container global {
description
"Global attributes.";
uses global-config-attributes;
}
container peers {
description
"Contains a list of peers.";
list peer {
key "address";
description
"A list of MSDP peers.";
leaf address {
type inet:ipv4-address;
description
"The address of the peer.";
}
action clear-peer {
description
"Clears the TCP connection to the peer.";
}
uses peer-config-attributes;
uses peer-state-attributes;
}
}
action clear-all-peers {
description
"All peers' TCP connections are cleared.";
}
container sa-cache {
config false;
description
"The SA cache information.";
list entry {
key "group source-addr";
description
"A list of SA cache entries.";
leaf group {
type rt-types:ipv4-multicast-group-address;
description
"The group address of this SA cache.";
}
leaf source-addr {
type rt-types:ipv4-multicast-source-address;
description
"Source IPv4 address.";
}
list origin-rp {
key "rp-address";
description
"Information regarding the originating RP.";
leaf rp-address {
type inet:ipv4-address;
description
"The RP address. This is the IP address used in the
RP field of an SA message entry.";
}
leaf is-local-rp {
type boolean;
description
"'true' if the RP is local;
'false' if the RP is not local.";
}
leaf sa-adv-expire {
type uint32;
units seconds;
description
"The remaining time duration before expiration
of the periodic SA advertisement timer on a
local RP.";
}
}
container state-attributes {
description
"SA cache state attributes for MSDP.";
leaf up-time {
type yang:gauge32;
units seconds;
description
"Indicates the duration time when this SA entry is
created in the cache. MSDP is a periodic protocol;
the value can be used to check the state of the
SA cache.";
}
leaf expire {
type yang:gauge32;
units seconds;
description
"Indicates the duration time when this SA entry in
the cache times out. MSDP is a periodic protocol;
the value can be used to check the state of the
SA cache.";
}
leaf holddown-interval {
type uint32;
units seconds;
description
"Hold-down timer value for SA forwarding.";
reference
"RFC 3618: Multicast Source Discovery Protocol
(MSDP), Section 5.3";
}
leaf peer-learned-from {
type inet:ipv4-address;
description
"The address of the peer from which we learned this
SA information.";
}
leaf rpf-peer {
type inet:ipv4-address;
description
"The address is the SA's originating RP.";
}
} // state-attributes
} // entry
action clear {
description
"Clears MSDP SA cache entries.";
input {
container entry {
presence "If a particular entry is cleared.";
description
"The SA cache (S,G) or (*,G) entry to be cleared.
If this is not provided, all entries are cleared.";
leaf group {
type rt-types:ipv4-multicast-group-address;
mandatory true;
description
"The group address.";
}
leaf source-addr {
type rt-types:ipv4-multicast-source-address;
description
"The address of the multicast source to be cleared.
If this is not provided, then all entries related
to the given group are cleared.";
}
}
leaf peer-address {
type inet:ipv4-address;
description
"The peer IP address from which MSDP SA cache entries
have been learned. If this is not provided, entries
learned from all peers are cleared.";
}
leaf peer-as {
type inet:as-number;
description
"The ASN from which MSDP SA cache entries have been
learned. If this is not provided, entries learned
from all ASes are cleared.";
}
}
} // clear
} // sa-cache
} // msdp
} // augment
}]]>
Security Considerations
The YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such
as NETCONF or RESTCONF .
The lowest NETCONF layer is the secure transport layer, and the
mandatory-to-implement secure transport is Secure Shell (SSH) .
The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure
transport is TLS .
The Network Configuration Access Control Model (NACM) provides the means to restrict access for particular
NETCONF or RESTCONF users to a preconfigured subset of all available
NETCONF or RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability:
Under /rt:routing/rt:control-plane-protocols/msdp:
msdp:global
This subtree specifies the configuration for the MSDP attributes
at the global level. Modifying the configuration can cause MSDP
default peers to be deleted or the connection to be rebuilt and can
also cause unexpected filtering of the SA.
msdp:peers
This subtree specifies the configuration for the MSDP attributes
at the peer level. Modifying the configuration will allow
unexpected MSDP peer establishment and
unexpected SA information learning and advertisement.
The writability of the "key" field should be strictly controlled.
Misoperation of the key will break the existing MSDP connection,
and the associated SA caches will also be deleted.
Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability:
/rt:routing/rt:control-plane-protocols/msdp:
Unauthorized access to any data node of the above subtree can
disclose the operational state information of MSDP on this device. For
example, disclosure of the peer information may lead to a forged connection
attack, and uncorrected modification of the ACL nodes may lead to filter
errors.
The "key" field is also a sensitive readable configuration.
Unauthorized reading of this field may lead to leaking of the password.
Modification will allow the unexpected rebuilding of connected peers.
Authentication configuration is supported via the
specification of key-chains or
the direct specification of the
key and the authentication algorithm. Hence, authentication
configuration in the
"authentication" container inherits the security considerations discussed in
. This includes the considerations with respect to the
local storage and handling of authentication keys.
Some of the RPC operations in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control access to these operations. These are the
operations and their sensitivity/vulnerability:
/rt:routing/rt:control-plane-protocols/msdp:clear-peer
/rt:routing/rt:control-plane-protocols/msdp:clear-sa-cache
Unauthorized access to either of the above action
operations can lead to rebuilding of the MSDP peers' connections or
deletion of SA records on this device.
IANA Considerations
IANA has registered the following URI in the "ns" subregistry within
the "IETF XML Registry" :
- URI:
- urn:ietf:params:xml:ns:yang:ietf-msdp
- Registrant Contact:
- The IESG.
- XML:
- N/A; the requested URI is an XML namespace.
IANA has registered the following YANG module in the "YANG Module
Names" subregistry within the
"YANG Parameters" registry:
- Name:
- ietf-msdp
- Namespace:
- urn:ietf:params:xml:ns:yang:ietf-msdp
- Prefix:
- msdp
- Reference:
- RFC 8916
References
Normative References
Informative References
A YANG Data Model for Protocol Independent Multicast (PIM)
Data Tree Example
This appendix contains an example of an instance data tree in JSON
encoding , containing configuration data.
The Global and Peer Configuration Example
The Actions Example
This example shows the input data (in JSON) for executing an "sa&nbhy;cache clear"
action to clear the cache of all entries that match the group address of 233.252.0.23.
Acknowledgements
The authors would like to thank and
for their valuable comments and
suggestions.
Contributors
The authors would like to thank the following people
for their valuable contributions.
liuyisong@chinamobile.com
xu.benchong@zte.com.cn
tanmoy.kundu@alcatel-lucent.com