Home

RFC8916

  1. RFC 8916
Internet Engineering Task Force (IETF)                            X. Liu
Request for Comments: 8916                                Volta Networks
Category: Standards Track                                  Z. Zhang, Ed.
ISSN: 2070-1721                                          ZTE Corporation
                                                                A. Peter
                                                  Individual Contributor
                                                            M. Sivakumar
                                                        Juniper Networks
                                                                  F. Guo
                                                     Huawei Technologies
                                                           P. McAllister
                                                     Metaswitch Networks
                                                            October 2020


  A YANG Data Model for the Multicast Source Discovery Protocol (MSDP)

Abstract

   This document defines a YANG data model for the configuration and
   management of Multicast Source Discovery Protocol (MSDP) protocol
   operations.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8916.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
     1.1.  Terminology
     1.2.  Conventions Used in This Document
     1.3.  Tree Diagrams
     1.4.  Prefixes in Data Node Names
   2.  Design of the Data Model
     2.1.  Scope of Model
     2.2.  Specification
   3.  Module Structure
     3.1.  MSDP Configuration
     3.2.  MSDP States
   4.  MSDP YANG Data Model
   5.  Security Considerations
   6.  IANA Considerations
   7.  References
     7.1.  Normative References
     7.2.  Informative References
   Appendix A.  Data Tree Example
     A.1.  The Global and Peer Configuration Example
     A.2.  The State Example
     A.3.  The Actions Example
   Acknowledgements
   Contributors
   Authors' Addresses

1.  Introduction

   [RFC3618] introduces the protocol definition of the Multicast Source
   Discovery Protocol (MSDP).  This document defines a YANG data model
   that can be used to configure and manage MSDP protocol operations.
   The operational state data and statistics can also be retrieved by
   this model.

   This model is designed to be used along with other multicast YANG
   data models such as PIM [PIM-YANG], which are not covered in this
   document.

1.1.  Terminology

   The terminology for describing YANG data models is found in [RFC6020]
   and [RFC7950], including:

   *  action

   *  augment

   *  choice

   *  container

   *  data model

   *  data node

   *  grouping

   *  identity

   *  leaf

   *  list

   *  module

   *  uses

   The following abbreviations are used in this document and the defined
   model:

   MSDP: Multicast Source Discovery Protocol [RFC3618]

   RP: Rendezvous Point [RFC7761]

   RPF: Reverse Path Forwarding [RFC7761]

   SA: Source-Active [RFC3618]

1.2.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

1.3.  Tree Diagrams

   Tree diagrams used in this document follow the notation defined in
   [RFC8340].

1.4.  Prefixes in Data Node Names

   In this document, names of data nodes, actions, and other data model
   objects are often used without a prefix, as long as it is clear from
   the context in which YANG module each name is defined.  Otherwise,
   names are prefixed using the standard prefix associated with the
   corresponding YANG module, as shown in Table 1.

           +===========+==========================+===========+
           | Prefix    | YANG module              | Reference |
           +===========+==========================+===========+
           | yang      | ietf-yang-types          | [RFC6991] |
           +-----------+--------------------------+-----------+
           | inet      | ietf-inet-types          | [RFC6991] |
           +-----------+--------------------------+-----------+
           | rt        | ietf-routing             | [RFC8349] |
           +-----------+--------------------------+-----------+
           | if        | ietf-interfaces          | [RFC8343] |
           +-----------+--------------------------+-----------+
           | ip        | ietf-ip                  | [RFC8344] |
           +-----------+--------------------------+-----------+
           | key-chain | ietf-key-chain           | [RFC8177] |
           +-----------+--------------------------+-----------+
           | rt-types  | ietf-routing-types       | [RFC8294] |
           +-----------+--------------------------+-----------+
           | acl       | ietf-access-control-list | [RFC8519] |
           +-----------+--------------------------+-----------+

                                 Table 1

2.  Design of the Data Model

2.1.  Scope of Model

   The model covers MSDP [RFC3618].

   This model can be used to configure and manage MSDP protocol
   operations.  The operational state data and statistics can be
   retrieved by this model.  Even though no protocol-specific
   notifications are defined in this model, the subscription and push
   mechanisms, as defined in [RFC8639] and [RFC8641], can be implemented
   by the user to subscribe to notifications on the data nodes in this
   model.

   The model contains all the basic configuration parameters to operate
   the protocol.  Depending on the implementation choices, some systems
   may not allow some of the advanced parameters to be configurable.
   The occasionally implemented parameters are modeled as optional
   features in this model.  This model can be extended, and it has been
   structured in a way that such extensions can be conveniently made.

2.2.  Specification

   The configuration data nodes cover global configuration attributes
   and per-peer configuration attributes.  The state data nodes include
   global, per-peer, and SA information.  The container "msdp" is the
   top-level container in this data model.  The presence of this
   container is expected to enable MSDP protocol functionality.  No
   notification is defined in this model.

3.  Module Structure

   This model imports and augments the "ietf-routing" YANG data model
   defined in [RFC8349].  Both configuration data nodes and state data
   nodes as mentioned in [RFC8349] are augmented.

   The YANG data model defined in this document conforms to the Network
   Management Datastore Architecture (NMDA) [RFC8342].  The operational
   state data is combined with the associated configuration data in the
   same hierarchy [RFC8407].

   module: ietf-msdp
     augment /rt:routing/rt:control-plane-protocols
               /rt:control-plane-protocol:
       +--rw msdp
          +--rw global
          |  +--rw tcp-connection-source?   if:interface-ref
          |  +--rw default-peer* [peer-addr prefix-policy]
                                 {filter-policy}?
          |  |  +--rw peer-addr        -> ../../../peers/peer/address
          |  |  +--rw prefix-policy    -> /acl:acls/acl/name
          |  +--rw originating-rp
          |  |  +--rw interface?   if:interface-ref
          |  +--rw sa-filter
          |  |  +--rw in?    -> /acl:acls/acl/name
          |  |  +--rw out?   -> /acl:acls/acl/name
          |  +--rw sa-limit?                uint32
          |  +--rw ttl-threshold?           uint8
          +--rw peers
          |  +--rw peer* [address]
          |     +--rw address                  inet:ipv4-address
          |     +---x clear-peer
          |     +--rw authentication {peer-authentication}?
          |     |  +--rw (authentication-type)?
          |     |     +--:(key-chain)
          |     |     |  +--rw key-chain?
                                 key-chain:key-chain-ref
          |     |     +--:(password)
          |     |        +--rw key?                string
          |     |        +--rw crypto-algorithm?   identityref
          |     +--rw enabled?                 boolean
          |     +--rw tcp-connection-source?   if:interface-ref
          |     +--rw description?             string
          |     +--rw mesh-group?              string
          |     +--rw peer-as?                 inet:as-number
                                               {peer-as-verification}?
          |     +--rw sa-filter
          |     |  +--rw in?    -> /acl:acls/acl/name
          |     |  +--rw out?   -> /acl:acls/acl/name
          |     +--rw sa-limit?                uint32
          |     +--rw timer
          |     |  +--rw connect-retry-interval?   uint16
          |     |  +--rw holdtime-interval?        uint16
          |     |  +--rw keepalive-interval?       uint16
          |     +--rw ttl-threshold?           uint8
          |     +--ro session-state?           enumeration
          |     +--ro elapsed-time?            yang:gauge32
          |     +--ro connect-retry-expire?    uint32
          |     +--ro hold-expire?             uint16
          |     +--ro is-default-peer?         boolean
          |     +--ro keepalive-expire?        uint16
          |     +--ro reset-count?             yang:zero-based-counter32
          |     +--ro statistics
          |        +--ro discontinuity-time?   yang:date-and-time
          |        +--ro error
          |        |  +--ro rpf-failure?   uint32
          |        +--ro queue
          |        |  +--ro size-in?    uint32
          |        |  +--ro size-out?   uint32
          |        +--ro received
          |        |  +--ro keepalive?      yang:counter64
          |        |  +--ro notification?   yang:counter64
          |        |  +--ro sa-message?     yang:counter64
          |        |  +--ro sa-response?    yang:counter64
          |        |  +--ro sa-request?     yang:counter64
          |        |  +--ro total?          yang:counter64
          |        +--ro sent
          |           +--ro keepalive?      yang:counter64
          |           +--ro notification?   yang:counter64
          |           +--ro sa-message?     yang:counter64
          |           +--ro sa-response?    yang:counter64
          |           +--ro sa-request?     yang:counter64
          |           +--ro total?          yang:counter64
          +---x clear-all-peers
          +--ro sa-cache
             +--ro entry* [group source-addr]
             |  +--ro group
                        rt-types:ipv4-multicast-group-address
             |  +--ro source-addr
                        rt-types:ipv4-multicast-source-address
             |  +--ro origin-rp* [rp-address]
             |  |  +--ro rp-address       inet:ipv4-address
             |  |  +--ro is-local-rp?     boolean
             |  |  +--ro sa-adv-expire?   uint32
             |  +--ro state-attributes
             |     +--ro up-time?             yang:gauge32
             |     +--ro expire?              yang:gauge32
             |     +--ro holddown-interval?   uint32
             |     +--ro peer-learned-from?   inet:ipv4-address
             |     +--ro rpf-peer?            inet:ipv4-address
             +---x clear
                +---w input
                   +---w entry!
                   |  +---w group
                              rt-types:ipv4-multicast-group-address
                   |  +---w source-addr?
                              rt-types:ipv4-multicast-source-address
                   +---w peer-address?   inet:ipv4-address
                   +---w peer-as?        inet:as-number

3.1.  MSDP Configuration

   MSDP operation requires configuration information that is distributed
   amongst several peers.  Several peers may be configured in a mesh-
   group.  The SA information may be filtered by peers.

   The configuration modeling branch is composed of MSDP global and peer
   configurations.  These two parts are the most important parts of
   MSDP.

   Besides the fundamental features of MSDP, several optional features
   are included in the model.  These features help the control of MSDP.
   The peer features and SA features make the deployment and control
   easier.  The connection parameters can be used to control the TCP
   connection because MSDP is based on TCP.  The authentication features
   make the protocol more secure.  The filter features selectively allow
   operators to prevent SA information from being forwarded to peers.

3.2.  MSDP States

   MSDP states are composed of the MSDP global state, the MSDP peer
   state, statistics information, and SA cache information.  The
   statistics information and SA cache information help the operator
   retrieve data regarding the protocol's condition.

   YANG actions are defined to clear the connection of one specific MSDP
   peer, clear the connections of all MSDP peers, or clear some or all
   of the SA caches.

4.  MSDP YANG Data Model

   This module references [RFC3618], [RFC4271], [RFC5925], [RFC6991],
   [RFC7761], [RFC8177], [RFC8294], [RFC8343], [RFC8344], [RFC8349], and
   [RFC8519].

   <CODE BEGINS> file "ietf-msdp@2020-10-31.yang"
   module ietf-msdp {

     yang-version 1.1;

     namespace "urn:ietf:params:xml:ns:yang:ietf-msdp";
     prefix msdp;

     import ietf-yang-types {
       prefix "yang";
       reference
         "RFC 6991: Common YANG Data Types";
     }

     import ietf-inet-types {
       prefix "inet";
       reference
         "RFC 6991: Common YANG Data Types";
     }

     import ietf-routing {
       prefix "rt";
       reference
         "RFC 8349: A YANG Data Model for Routing Management
          (NMDA Version)";
     }

     import ietf-interfaces {
       prefix "if";
       reference
         "RFC 8343: A YANG Data Model for Interface Management";
     }

     import ietf-ip {
       prefix "ip";
       reference
         "RFC 8344: A YANG Data Model for IP Management";
     }

     import ietf-key-chain {
       prefix "key-chain";
       reference
         "RFC 8177: YANG Data Model for Key Chains";
     }

     import ietf-routing-types {
       prefix "rt-types";
       reference
         "RFC 8294: Common YANG Data Types for the Routing Area";
     }

     import ietf-access-control-list {
       prefix acl;
       reference
         "RFC 8519: YANG Data Model for Network Access Control Lists
          (ACLs)";
     }

     organization
       "IETF Protocols for IP Multicast (pim) Working Group";

     contact
       "WG Web:   <https://datatracker.ietf.org/wg/pim/>
        WG List:  <mailto:pim@ietf.org>

        Editor:   Xufeng Liu
                  <mailto:xufeng.liu.ietf@gmail.com>

        Editor:   Zheng Zhang
                  <mailto:zhang.zheng@zte.com.cn>

        Editor:   Anish Peter
                  <mailto:anish.ietf@gmail.com>

        Editor:   Mahesh Sivakumar
                  <mailto:sivakumar.mahesh@gmail.com>

        Editor:   Feng Guo
                  <mailto:guofeng@huawei.com>

        Editor:   Pete McAllister
                  <mailto:pete.mcallister@metaswitch.com>";

     description
       "This module defines the YANG data model definitions for the
        Multicast Source Discovery Protocol (MSDP).

        The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
        NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
        'MAY', and 'OPTIONAL' in this document are to be interpreted as
        described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
        they appear in all capitals, as shown here.

        Copyright (c) 2020 IETF Trust and the persons identified as
        authors of the code.  All rights reserved.

        Redistribution and use in source and binary forms, with or
        without modification, is permitted pursuant to, and subject to
        the license terms contained in, the Simplified BSD License set
        forth in Section 4.c of the IETF Trust's Legal Provisions
        Relating to IETF Documents
        (https://trustee.ietf.org/license-info).

        This version of this YANG module is part of RFC 8916; see the
        RFC itself for full legal notices.";

     revision 2020-10-31 {
       description
         "Initial revision.";
       reference
         "RFC 8916: A YANG Data Model for the Multicast Source
          Discovery Protocol (MSDP)";
     }

     /*
      * Features
      */

     feature filter-policy {
       description
         "Support policy configuration of peer/message filtering.";
       reference
         "RFC 8519: YANG Data Model for Network Access Control
          Lists (ACLs)";
     }

     feature peer-as-verification {
       description
         "Support configuration of a peer's Autonomous System Number
          (ASN).";
       reference
         "RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
     }

     feature peer-authentication {
       description
         "Support configuration of peer authentication.";
       reference
         "RFC 8177: YANG Data Model for Key Chains";
     }

     /*
      * Identities
      */

     identity msdp {
       base rt:control-plane-protocol;
       description
         "Identity for the Multicast Source Discovery Protocol (MSDP).";
       reference
         "RFC 3618: Multicast Source Discovery Protocol (MSDP)";
     }

     /*
      * Groupings
      */
     grouping authentication-container {
       description
         "Authentication attributes.";
       container authentication {
         if-feature peer-authentication;
         description
           "A container defining authentication attributes.";
         choice authentication-type {
           case key-chain {
             leaf key-chain {
               type key-chain:key-chain-ref;
               description
                 "Reference to a key-chain.";
               reference
                 "RFC 8177: YANG Data Model for Key Chains";
             }
           }
           case password {
             leaf key {
               type string;
               description
                 "This leaf specifies the authentication key.";
             }
             leaf crypto-algorithm {
               type identityref {
                 base key-chain:crypto-algorithm;
               }
               must "derived-from-or-self(., 'key-chain:md5')" {
                 error-message
                   "Only the md5 algorithm can be used for MSDP.";
                 description
                   "Check for crypto-algorithm.";
               }
               description
                 "Cryptographic algorithm associated with a key.
                  Only the md5 algorithm can be used for MSDP.
                  When 'md5' is specified, MSDP control messages
                  are secured by TCP MD5 signatures as described
                  in RFCs 3618 and 5925.  Both peers of a
                  connection SHOULD be configured to the same
                  algorithm for the connection to be established.
                  When this leaf is not configured, unauthenticated
                  TCP is used.";
               reference
                 "RFC 3618: Multicast Source Discovery Protocol (MSDP)
                  RFC 5925: The TCP Authentication Option
                  RFC 8177: YANG Data Model for Key Chains";
             }
           }
           description
             "Choice of authentication.";
         }
       }
     } // authentication-container

     grouping tcp-connect-source {
       description
         "Attribute to configure a peer TCP connection source.";
       leaf tcp-connection-source {
         type if:interface-ref;
         must "/if:interfaces/if:interface[if:name = current()]/"
            + "ip:ipv4/ip:enabled != 'false'" {
           error-message
             "The interface must have IPv4 enabled.";
           description
             "The interface must have IPv4 enabled.";
           reference
             "RFC 8343: A YANG Data Model for Interface Management";
         }
         description
           "The interface is to be the source for the TCP
            connection.  It is a reference to an entry in the global
            interface list.";
       }
     } // tcp-connect-source

     grouping global-config-attributes {
       description
         "Global MSDP configuration.";

       uses tcp-connect-source;

       list default-peer {
         if-feature filter-policy;
         key "peer-addr prefix-policy";

         description
           "The default peer accepts all MSDP Source-Active (SA)
            messages.  A default peer is needed in topologies where
            MSDP peers do not coexist with BGP peers.  The Reverse Path
            Forwarding (RPF) check on SA messages will fail, and no
            SA messages will be accepted.  In these cases, you can
            configure the peer as a default peer and bypass
            RPF checks.";

         leaf peer-addr {
           type leafref {
             path "../../../peers/peer/address";
           }
           mandatory true;
           description
             "Reference to a peer that is in the peer list.";
         }
         leaf prefix-policy {
           type leafref {
             path "/acl:acls/acl:acl/acl:name";
           }
           description
             "If specified, only those SA entries whose Rendezvous
              Point (RP) is permitted in the prefix list are allowed;
              if not specified, all SA messages from the default
              peer are accepted.";
           reference
             "RFC 7761: Protocol Independent Multicast - Sparse Mode
              (PIM-SM): Protocol Specification (Revised)
              RFC 8519: YANG Data Model for Network Access Control
              Lists (ACLs)";
         }
       } // default-peer

       container originating-rp {
         description
           "The container of the originating RP.";
         leaf interface {
           type if:interface-ref;
           must "/if:interfaces/if:interface[if:name = current()]/"
              + "ip:ipv4/ip:enabled != 'false'" {
             error-message
               "The interface must have IPv4 enabled.";
             description
               "The interface must have IPv4 enabled.";
             reference
               "RFC 8343: A YANG Data Model for Interface Management";
           }
           description
             "Reference to an entry in the global interface list.
              The IP address of the interface used in the RP field of
              an SA message entry.  When anycast RPs are used, all RPs
              use the same IP address.  This parameter can be used to
              define a unique IP address for the RP of each MSDP peer.
              By default, the software uses the RP address of the
              local system.";
         }
       } // originating-rp

       uses sa-filter-container;

       leaf sa-limit {
         type uint32;
         description
           "A limit on the number of SA entries accepted.
            If not configured or the value is 0, there is no limit.";
       }
       uses ttl-threshold;
     } // global-config-attributes

     grouping peer-config-attributes {
       description
         "Per-peer configuration for MSDP.";

       uses authentication-container;
       leaf enabled {
         type boolean;
         description
           "'true' if the peer is enabled;
            'false' if the peer is disabled.";
       }
       uses tcp-connect-source;

       leaf description {
         type string;
         description
           "The peer description.";
       }
       leaf mesh-group {
         type string;
         description
           "The name of the mesh-group to which this peer belongs.";
         reference
           "RFC 3618: Multicast Source Discovery Protocol (MSDP),
                      Section 10.2";
       }
       leaf peer-as {
         if-feature peer-as-verification;
         type inet:as-number;
         description
           "The peer's ASN.  Using peer-as to perform the verification
            can provide more controlled ability.  The value can be
            compared with the BGP peer's ASN.  If they are different,
            the SA information that comes from this peer may be
            rejected.  If the ASN is the same as the local ASN, then
            the peer is within the same domain; otherwise, this peer
            is external to the domain.  This is comparable to the
            definition and usage in BGP; see RFC 4271.";
         reference
           "RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
       }
       uses sa-filter-container;
       leaf sa-limit {
         type uint32;
         description
           "A limit on the number of SA entries accepted from this
            peer.
            If not configured or the value is 0, there is no limit.";
       }
       container timer {
         description
           "Timer attributes.";
         reference
           "RFC 3618: Multicast Source Discovery Protocol (MSDP),
                      Section 5";
         leaf connect-retry-interval {
           type uint16;
           units seconds;
           default 30;
           description
             "The peer timer for connect-retry.  By default, MSDP peers
              wait 30 seconds after the session is reset.";
         }
         leaf holdtime-interval {
           type uint16 {
             range "3..65535";
           }
           units seconds;
           default 75;
           description
             "The SA hold-down period of this MSDP peer.";
         }
         leaf keepalive-interval {
           type uint16 {
               range "1..65535";
           }
           units seconds;
           must '. < ../holdtime-interval' {
             error-message
               "The keepalive interval must be smaller than the "
             + "hold-time interval.";
           }
           default 60;
           description
             "The keepalive timer of this MSDP peer.";
         }
       } // timer
       uses ttl-threshold;
     } // peer-config-attributes

     grouping peer-state-attributes {
       description
         "Per-peer state attributes for MSDP.";

       leaf session-state {
         type enumeration {
           enum disabled  {
             description
               "Disabled.";
           }
           enum inactive {
             description
               "Inactive.";
           }
           enum listen {
             description
               "Listen.";
           }
           enum connecting {
             description
               "Connecting.";
           }
           enum established {
             description
               "Established.";
           }
         }
         config false;
         description
           "The peer's session state.";
         reference
           "RFC 3618: Multicast Source Discovery Protocol (MSDP),
                      Section 11";
       }
       leaf elapsed-time {
         type yang:gauge32;
         units seconds;
         config false;
         description
           "Elapsed time for being in a state.";
       }
       leaf connect-retry-expire {
         type uint32;
         units seconds;
         config false;
         description
           "Connect retry expire time of a peer connection.";
       }
       leaf hold-expire {
         type uint16;
         units seconds;
         config false;
         description
           "Hold expire time of a peer connection.";
       }
       leaf is-default-peer {
         type boolean;
         config false;
         description
           "'true' if this peer is one of the default peers.";
       }
       leaf keepalive-expire {
         type uint16;
         units seconds;
         config false;
         description
           "Keepalive expire time of this peer.";
       }
       leaf reset-count {
         type yang:zero-based-counter32;
         config false;
         description
           "The reset count of this peer.";
       }

       container statistics {
         config false;
         description
           "A container defining statistics attributes.";

         leaf discontinuity-time {
           type yang:date-and-time;
           description
             "The time on the most recent occasion at which any one
              or more of the statistics counters suffered a
              discontinuity.  If no such discontinuities have occurred
              since the last re-initialization of the local
              management subsystem, then this node contains the time
              the local management subsystem re-initialized itself.";
         }

         container error {
           description
             "A grouping defining error statistics attributes.";
           leaf rpf-failure {
             type uint32;
             description
               "The number of RPF failures.";
           }
         }

         container queue {
           description
             "A container that includes queue statistics attributes.";
           leaf size-in {
             type uint32;
             description
               "The number of messages received from the peer
                currently queued.";
           }
           leaf size-out {
             type uint32;
             description
               "The number of messages queued to be sent to the peer.";
           }
         }

         container received {
           description
             "Received message counters.";
           uses statistics-sent-received;
         }
         container sent {
           description
             "Sent message counters.";
           uses statistics-sent-received;
         }
       } // statistics
     } // peer-state-attributes

     grouping sa-filter-container {
       description
         "A container defining SA filters.";
       container sa-filter {
         description
           "Specifies an Access Control List (ACL) to filter SA messages
            coming into or going out of the peer.";
         leaf in {
           type leafref {
             path "/acl:acls/acl:acl/acl:name";
           }
           description
             "Filters incoming SA messages only.
              The value is the name to uniquely identify a
              policy that contains one or more rules used to
              accept or reject MSDP SA messages.
              If the policy is not specified, all MSDP SA messages are
              accepted.";
           reference
             "RFC 8519: YANG Data Model for Network Access Control
              Lists (ACLs)";
         }
         leaf out {
           type leafref {
             path "/acl:acls/acl:acl/acl:name";
           }
           description
             "Filters outgoing SA messages only.
              The value is the name to uniquely identify a
              policy that contains one or more rules used to
              accept or reject MSDP SA messages.
              If the policy is not specified, all MSDP SA messages are
              sent.";
           reference
             "RFC 8519: YANG Data Model for Network Access Control
              Lists (ACLs)";
         }
       } // sa-filter
     } // sa-filter-container

     grouping ttl-threshold {
       description
         "Attribute to configure the TTL threshold.";
       leaf ttl-threshold {
         type uint8 {
           range 1..255;
         }
         description
           "The maximum number of hops data packets can traverse
            before being dropped.";
       }
     } // ttl-threshold

     grouping statistics-sent-received {
       description
         "A grouping defining sent and received statistics attributes.";
       leaf keepalive {
         type yang:counter64;
         description
           "The number of keepalive messages.";
       }
       leaf notification {
         type yang:counter64;
         description
           "The number of notification messages.";
       }
       leaf sa-message {
         type yang:counter64;
         description
           "The number of SA messages.";
       }
       leaf sa-response {
         type yang:counter64;
         description
           "The number of SA response messages.";
       }
       leaf sa-request {
         type yang:counter64;
         description
           "The number of SA request messages.";
       }
       leaf total {
         type yang:counter64;
         description
           "The number of total messages.";
       }
     } // statistics-sent-received

     /*
      * Data nodes
      */
     augment "/rt:routing/rt:control-plane-protocols/"
           + "rt:control-plane-protocol" {
       when "derived-from-or-self(rt:type, 'msdp:msdp')" {
         description
           "This augmentation is only valid for a routing protocol
            instance of MSDP.";
       }
       description
         "MSDP augmentation to routing control-plane protocol
          configuration and state.";
       container msdp {
         description
           "MSDP configuration and operational state data.";

         container global {
           description
             "Global attributes.";
           uses global-config-attributes;
         }

         container peers {
           description
             "Contains a list of peers.";
           list peer {
             key "address";
             description
               "A list of MSDP peers.";
             leaf address {
               type inet:ipv4-address;
               description
                 "The address of the peer.";
             }
             action clear-peer {
               description
                 "Clears the TCP connection to the peer.";
             }
             uses peer-config-attributes;
             uses peer-state-attributes;
           }
         }

         action clear-all-peers {
           description
             "All peers' TCP connections are cleared.";
         }

         container sa-cache {
           config false;
           description
             "The SA cache information.";
           list entry {
             key "group source-addr";
             description
               "A list of SA cache entries.";
             leaf group {
               type rt-types:ipv4-multicast-group-address;
               description
                 "The group address of this SA cache.";
             }
             leaf source-addr {
               type rt-types:ipv4-multicast-source-address;
               description
                 "Source IPv4 address.";
             }
             list origin-rp {
               key "rp-address";
               description
                 "Information regarding the originating RP.";
               leaf rp-address {
                 type inet:ipv4-address;
                 description
                   "The RP address.  This is the IP address used in the
                    RP field of an SA message entry.";
               }
               leaf is-local-rp {
                 type boolean;
                 description
                   "'true' if the RP is local;
                    'false' if the RP is not local.";
               }
               leaf sa-adv-expire {
                 type uint32;
                 units seconds;
                 description
                   "The remaining time duration before expiration
                    of the periodic SA advertisement timer on a
                    local RP.";
               }
             }

             container state-attributes {
               description
                 "SA cache state attributes for MSDP.";

               leaf up-time {
                 type yang:gauge32;
                 units seconds;
                 description
                   "Indicates the duration time when this SA entry is
                    created in the cache.  MSDP is a periodic protocol;
                    the value can be used to check the state of the
                    SA cache.";
               }
               leaf expire {
                 type yang:gauge32;
                 units seconds;
                 description
                   "Indicates the duration time when this SA entry in
                    the cache times out.  MSDP is a periodic protocol;
                    the value can be used to check the state of the
                    SA cache.";
               }
               leaf holddown-interval {
                 type uint32;
                 units seconds;
                 description
                   "Hold-down timer value for SA forwarding.";
                 reference
                   "RFC 3618: Multicast Source Discovery Protocol
                    (MSDP), Section 5.3";
               }
               leaf peer-learned-from {
                 type inet:ipv4-address;
                 description
                   "The address of the peer from which we learned this
                    SA information.";
               }
               leaf rpf-peer {
                 type inet:ipv4-address;
                 description
                   "The address is the SA's originating RP.";
               }
             } // state-attributes
           } // entry

           action clear {
             description
               "Clears MSDP SA cache entries.";
             input {
               container entry {
                 presence "If a particular entry is cleared.";
                 description
                   "The SA cache (S,G) or (*,G) entry to be cleared.
                    If this is not provided, all entries are cleared.";
                 leaf group {
                   type rt-types:ipv4-multicast-group-address;
                   mandatory true;
                   description
                     "The group address.";
                 }
                 leaf source-addr {
                   type rt-types:ipv4-multicast-source-address;
                   description
                     "The address of the multicast source to be cleared.
                      If this is not provided, then all entries related
                      to the given group are cleared.";
                 }
               }
               leaf peer-address {
                 type inet:ipv4-address;
                 description
                   "The peer IP address from which MSDP SA cache entries
                    have been learned.  If this is not provided, entries
                    learned from all peers are cleared.";
               }
               leaf peer-as {
                 type inet:as-number;
                 description
                   "The ASN from which MSDP SA cache entries have been
                    learned.  If this is not provided, entries learned
                    from all ASes are cleared.";
               }
             }
           } // clear
         } // sa-cache
       } // msdp
     } // augment
   }
   <CODE ENDS>

5.  Security Considerations

   The YANG module specified in this document defines a schema for data
   that is designed to be accessed via network management protocols such
   as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF layer
   is the secure transport layer, and the mandatory-to-implement secure
   transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF layer
   is HTTPS, and the mandatory-to-implement secure transport is TLS
   [RFC8446].

   The Network Configuration Access Control Model (NACM) [RFC8341]
   provides the means to restrict access for particular NETCONF or
   RESTCONF users to a preconfigured subset of all available NETCONF or
   RESTCONF protocol operations and content.

   There are a number of data nodes defined in this YANG module that are
   writable/creatable/deletable (i.e., config true, which is the
   default).  These data nodes may be considered sensitive or vulnerable
   in some network environments.  Write operations (e.g., edit-config)
   to these data nodes without proper protection can have a negative
   effect on network operations.  These are the subtrees and data nodes
   and their sensitivity/vulnerability:

   Under /rt:routing/rt:control-plane-protocols/msdp:

      msdp:global

         This subtree specifies the configuration for the MSDP
         attributes at the global level.  Modifying the configuration
         can cause MSDP default peers to be deleted or the connection to
         be rebuilt and can also cause unexpected filtering of the SA.

      msdp:peers

         This subtree specifies the configuration for the MSDP
         attributes at the peer level.  Modifying the configuration will
         allow unexpected MSDP peer establishment and unexpected SA
         information learning and advertisement.

         The writability of the "key" field should be strictly
         controlled.  Misoperation of the key will break the existing
         MSDP connection, and the associated SA caches will also be
         deleted.

   Some of the readable data nodes in this YANG module may be considered
   sensitive or vulnerable in some network environments.  It is thus
   important to control read access (e.g., via get, get-config, or
   notification) to these data nodes.  These are the subtrees and data
   nodes and their sensitivity/vulnerability:

   /rt:routing/rt:control-plane-protocols/msdp:

      Unauthorized access to any data node of the above subtree can
      disclose the operational state information of MSDP on this device.
      For example, disclosure of the peer information may lead to a
      forged connection attack, and uncorrected modification of the ACL
      nodes may lead to filter errors.

      The "key" field is also a sensitive readable configuration.
      Unauthorized reading of this field may lead to leaking of the
      password.  Modification will allow the unexpected rebuilding of
      connected peers.

   Authentication configuration is supported via the specification of
   key-chains [RFC8177] or the direct specification of the key and the
   authentication algorithm.  Hence, authentication configuration in the
   "authentication" container inherits the security considerations
   discussed in [RFC8177].  This includes the considerations with
   respect to the local storage and handling of authentication keys.

   Some of the RPC operations in this YANG module may be considered
   sensitive or vulnerable in some network environments.  It is thus
   important to control access to these operations.  These are the
   operations and their sensitivity/vulnerability:

   /rt:routing/rt:control-plane-protocols/msdp:clear-peer

   /rt:routing/rt:control-plane-protocols/msdp:clear-sa-cache

      Unauthorized access to either of the above action operations can
      lead to rebuilding of the MSDP peers' connections or deletion of
      SA records on this device.

6.  IANA Considerations

   IANA has registered the following URI in the "ns" subregistry within
   the "IETF XML Registry" [RFC3688]:

   URI:  urn:ietf:params:xml:ns:yang:ietf-msdp
   Registrant Contact:  The IESG.
   XML:  N/A; the requested URI is an XML namespace.

   IANA has registered the following YANG module in the "YANG Module
   Names" subregistry [RFC6020] within the "YANG Parameters" registry:

   Name:  ietf-msdp
   Namespace:  urn:ietf:params:xml:ns:yang:ietf-msdp
   Prefix:  msdp
   Reference:  RFC 8916

7.  References

7.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC3618]  Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source
              Discovery Protocol (MSDP)", RFC 3618,
              DOI 10.17487/RFC3618, October 2003,
              <https://www.rfc-editor.org/info/rfc3618>.

   [RFC4271]  Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
              Border Gateway Protocol 4 (BGP-4)", RFC 4271,
              DOI 10.17487/RFC4271, January 2006,
              <https://www.rfc-editor.org/info/rfc4271>.

   [RFC5925]  Touch, J., Mankin, A., and R. Bonica, "The TCP
              Authentication Option", RFC 5925, DOI 10.17487/RFC5925,
              June 2010, <https://www.rfc-editor.org/info/rfc5925>.

   [RFC6020]  Bjorklund, M., Ed., "YANG - A Data Modeling Language for
              the Network Configuration Protocol (NETCONF)", RFC 6020,
              DOI 10.17487/RFC6020, October 2010,
              <https://www.rfc-editor.org/info/rfc6020>.

   [RFC6241]  Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
              and A. Bierman, Ed., "Network Configuration Protocol
              (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
              <https://www.rfc-editor.org/info/rfc6241>.

   [RFC6242]  Wasserman, M., "Using the NETCONF Protocol over Secure
              Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
              <https://www.rfc-editor.org/info/rfc6242>.

   [RFC6991]  Schoenwaelder, J., Ed., "Common YANG Data Types",
              RFC 6991, DOI 10.17487/RFC6991, July 2013,
              <https://www.rfc-editor.org/info/rfc6991>.

   [RFC7950]  Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
              RFC 7950, DOI 10.17487/RFC7950, August 2016,
              <https://www.rfc-editor.org/info/rfc7950>.

   [RFC7951]  Lhotka, L., "JSON Encoding of Data Modeled with YANG",
              RFC 7951, DOI 10.17487/RFC7951, August 2016,
              <https://www.rfc-editor.org/info/rfc7951>.

   [RFC8040]  Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
              Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
              <https://www.rfc-editor.org/info/rfc8040>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8177]  Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J.
              Zhang, "YANG Data Model for Key Chains", RFC 8177,
              DOI 10.17487/RFC8177, June 2017,
              <https://www.rfc-editor.org/info/rfc8177>.

   [RFC8294]  Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger,
              "Common YANG Data Types for the Routing Area", RFC 8294,
              DOI 10.17487/RFC8294, December 2017,
              <https://www.rfc-editor.org/info/rfc8294>.

   [RFC8340]  Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
              BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
              <https://www.rfc-editor.org/info/rfc8340>.

   [RFC8341]  Bierman, A. and M. Bjorklund, "Network Configuration
              Access Control Model", STD 91, RFC 8341,
              DOI 10.17487/RFC8341, March 2018,
              <https://www.rfc-editor.org/info/rfc8341>.

   [RFC8342]  Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
              and R. Wilton, "Network Management Datastore Architecture
              (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
              <https://www.rfc-editor.org/info/rfc8342>.

   [RFC8343]  Bjorklund, M., "A YANG Data Model for Interface
              Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
              <https://www.rfc-editor.org/info/rfc8343>.

   [RFC8344]  Bjorklund, M., "A YANG Data Model for IP Management",
              RFC 8344, DOI 10.17487/RFC8344, March 2018,
              <https://www.rfc-editor.org/info/rfc8344>.

   [RFC8349]  Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for
              Routing Management (NMDA Version)", RFC 8349,
              DOI 10.17487/RFC8349, March 2018,
              <https://www.rfc-editor.org/info/rfc8349>.

   [RFC8446]  Rescorla, E., "The Transport Layer Security (TLS) Protocol
              Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
              <https://www.rfc-editor.org/info/rfc8446>.

   [RFC8519]  Jethanandani, M., Agarwal, S., Huang, L., and D. Blair,
              "YANG Data Model for Network Access Control Lists (ACLs)",
              RFC 8519, DOI 10.17487/RFC8519, March 2019,
              <https://www.rfc-editor.org/info/rfc8519>.

7.2.  Informative References

   [PIM-YANG] Liu, X., McAllister, P., Peter, A., Sivakumar, M., Liu,
              Y., and F. Hu, "A YANG Data Model for Protocol Independent
              Multicast (PIM)", Work in Progress, Internet-Draft, draft-
              ietf-pim-yang-17, 19 May 2018,
              <https://tools.ietf.org/html/draft-ietf-pim-yang-17>.

   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
              DOI 10.17487/RFC3688, January 2004,
              <https://www.rfc-editor.org/info/rfc3688>.

   [RFC7761]  Fenner, B., Handley, M., Holbrook, H., Kouvelas, I.,
              Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent
              Multicast - Sparse Mode (PIM-SM): Protocol Specification
              (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March
              2016, <https://www.rfc-editor.org/info/rfc7761>.

   [RFC8407]  Bierman, A., "Guidelines for Authors and Reviewers of
              Documents Containing YANG Data Models", BCP 216, RFC 8407,
              DOI 10.17487/RFC8407, October 2018,
              <https://www.rfc-editor.org/info/rfc8407>.

   [RFC8639]  Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard,
              E., and A. Tripathy, "Subscription to YANG Notifications",
              RFC 8639, DOI 10.17487/RFC8639, September 2019,
              <https://www.rfc-editor.org/info/rfc8639>.

   [RFC8641]  Clemm, A. and E. Voit, "Subscription to YANG Notifications
              for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641,
              September 2019, <https://www.rfc-editor.org/info/rfc8641>.

Appendix A.  Data Tree Example

   This appendix contains an example of an instance data tree in JSON
   encoding [RFC7951], containing configuration data.

A.1.  The Global and Peer Configuration Example

   {
     "ietf-interfaces:interfaces": {
       "interface": [
         {
           "name": "eth1",
           "description": "An interface with MSDP enabled.",
           "type": "iana-if-type:ethernetCsmacd",
           "ietf-ip:ipv4": {
             "forwarding": true,
             "address": [
               {
                 "ip": "192.0.2.1",
                 "prefix-length": 24
               }
             ]
           }
         }
       ]
     },
     "ietf-access-control-list:acls": {
       "acl": [
         {
           "name": "msdp-default-peer-policy",
           "type": "ietf-access-control-list:ipv4-acl-type",
           "aces": {
             "ace": [
               {
                 "name": "accept",
                 "actions": {
                   "forwarding": "ietf-access-control-list:accept"
                 }
               }
             ]
           }
         }
       ]
     },
     "ietf-routing:routing": {
       "router-id": "203.0.113.1",
       "control-plane-protocols": {
         "control-plane-protocol": [
           {
             "type": "ietf-msdp:msdp",
             "name": "msdp-1",
             "ietf-msdp:msdp": {
               "global": {
                 "tcp-connection-source": "eth1",
                 "default-peer": [
                   {
                     "peer-addr": "198.51.100.8",
                     "prefix-policy": "msdp-default-peer-policy"
                   }
                 ],
                 "originating-rp": {
                   "interface": "eth1"
                 },
                 "sa-limit": 0,
                 "ttl-threshold": 1
               },
               "peers": {
                 "peer": [
                   {
                     "address": "198.51.100.8",
                     "enabled": true,
                     "tcp-connection-source": "eth1",
                     "description": "x",
                     "mesh-group": "x",
                     "peer-as": 100,
                     "sa-limit": 0,
                     "timer": {
                       "connect-retry-interval": 0,
                       "holdtime-interval": 3,
                       "keepalive-interval": 1
                     },
                     "ttl-threshold": 1
                   }
                 ]
               }
             }
           }
         ]
       }
     }
   }

A.2.  The State Example

   {
     "ietf-interfaces:interfaces": {
       "interface": [
         {
           "name": "eth1",
           "description": "An interface with MSDP enabled.",
           "type": "iana-if-type:ethernetCsmacd",
           "phys-address": "00:00:5e:00:53:01",
           "oper-status": "up",
           "statistics": {
             "discontinuity-time": "2020-02-22T11:22:33+02:00"
           },
           "ietf-ip:ipv4": {
             "forwarding": true,
             "mtu": 1500,
             "address": [
               {
                 "ip": "192.0.2.1",
                 "prefix-length": 24,
                 "origin": "static"
               }
             ]
           }
         }
       ]
     },
     "ietf-access-control-list:acls": {
       "acl": [
         {
           "name": "msdp-default-peer-policy",
           "type": "ietf-access-control-list:ipv4-acl-type",
           "aces": {
             "ace": [
               {
                 "name": "accept",
                 "actions": {
                   "forwarding": "ietf-access-control-list:accept"
                 }
               }
             ]
           }
         }
       ]
     },
     "ietf-routing:routing": {
       "router-id": "203.0.113.1",
       "control-plane-protocols": {
         "control-plane-protocol": [
           {
             "type": "ietf-msdp:msdp",
             "name": "msdp-1",
             "ietf-msdp:msdp": {
               "global": {
                 "tcp-connection-source": "eth1",
                 "default-peer": [
                   {
                     "peer-addr": "198.51.100.8",
                     "prefix-policy": "msdp-default-peer-policy"
                   }
                 ],
                 "originating-rp": {
                   "interface": "eth1"
                 },
                 "sa-limit": 0,
                 "ttl-threshold": 1
               },
               "peers": {
                 "peer": [
                   {
                     "address": "198.51.100.8",
                     "enabled": true,
                     "tcp-connection-source": "eth1",
                     "description": "x",
                     "mesh-group": "x",
                     "peer-as": 100,
                     "sa-limit": 0,
                     "timer": {
                       "connect-retry-interval": 0,
                       "holdtime-interval": 3,
                       "keepalive-interval": 1
                     },
                     "ttl-threshold": 1,
                     "session-state": "established",
                     "elapsed-time": 5,
                     "is-default-peer": true,
                     "keepalive-expire": 1,
                     "reset-count": 1,
                     "statistics": {
                       "discontinuity-time": "2020-02-22T12:22:33+02:00"
                     }
                   }
                 ]
               },
               "sa-cache": {
                 "entry": [
                   {
                     "group": "233.252.0.23",
                     "source-addr": "192.0.2.50",
                     "origin-rp": [
                       {
                         "rp-address": "203.0.113.10",
                         "is-local-rp": false,
                         "sa-adv-expire": 50
                       }
                     ],
                     "state-attributes": {
                       "up-time": 1000,
                       "expire": 120,
                       "holddown-interval": 150,
                       "peer-learned-from": "198.51.100.8",
                       "rpf-peer": "198.51.100.8"
                     }
                   }
                 ]
               }
             }
           }
         ]
       }
     }
   }

A.3.  The Actions Example

   This example shows the input data (in JSON) for executing an
   "sa-cache clear" action to clear the cache of all entries that match
   the group address of 233.252.0.23.

     {
       "ietf-msdp:sa-cache": {
         "input": {
           "entry": {
             "group": "233.252.0.23"
           }
         }
       }
     }

Acknowledgements

   The authors would like to thank Stig Venaas and Jake Holland for
   their valuable comments and suggestions.

Contributors

   The authors would like to thank the following people for their
   valuable contributions.

   Yisong Liu

   Email: liuyisong@chinamobile.com


   Benchong Xu

   Email: xu.benchong@zte.com.cn


   Tanmoy Kundu

   Email: tanmoy.kundu@alcatel-lucent.com


Authors' Addresses

   Xufeng Liu
   Volta Networks

   Email: xufeng.liu.ietf@gmail.com


   Zheng Zhang (editor)
   ZTE Corporation
   No. 50 Software Avenue, Yuhuatai District
   Nanjing
   China

   Email: zhang.zheng@zte.com.cn


   Anish Peter
   Individual Contributor

   Email: anish.ietf@gmail.com


   Mahesh Sivakumar
   Juniper Networks
   1133 Innovation Way
   Sunnyvale, CA 94089
   United States of America

   Email: sivakumar.mahesh@gmail.com


   Feng Guo
   Huawei Technologies
   Huawei Bldg., No. 156 Beiqing Rd.
   Beijing
   100095
   China

   Email: guofeng@huawei.com


   Pete McAllister
   Metaswitch Networks
   100 Church Street
   Enfield
   EN2 6BQ
   United Kingdom

   Email: pete.mcallister@metaswitch.com
  1. RFC 8916