| rfc9902v1.txt | rfc9902.txt | |||
|---|---|---|---|---|
| skipping to change at line 19 ¶ | skipping to change at line 19 ¶ | |||
| The MITRE Corporation | The MITRE Corporation | |||
| J. Tantsura | J. Tantsura | |||
| Nvidia | Nvidia | |||
| November 2025 | November 2025 | |||
| A YANG Data Model for IS-IS Segment Routing over the MPLS Data Plane | A YANG Data Model for IS-IS Segment Routing over the MPLS Data Plane | |||
| Abstract | Abstract | |||
| This document defines a YANG data model that can be used to manage | This document defines a YANG data model that can be used to manage | |||
| IS-IS extensions for Segment Routing over the MPLS data plane. | IS-IS extensions for Segment Routing (SR) over the MPLS data plane. | |||
| Status of This Memo | Status of This Memo | |||
| This is an Internet Standards Track document. | This is an Internet Standards Track document. | |||
| This document is a product of the Internet Engineering Task Force | This document is a product of the Internet Engineering Task Force | |||
| (IETF). It represents the consensus of the IETF community. It has | (IETF). It represents the consensus of the IETF community. It has | |||
| received public review and has been approved for publication by the | received public review and has been approved for publication by the | |||
| Internet Engineering Steering Group (IESG). Further information on | Internet Engineering Steering Group (IESG). Further information on | |||
| Internet Standards is available in Section 2 of RFC 7841. | Internet Standards is available in Section 2 of RFC 7841. | |||
| skipping to change at line 72 ¶ | skipping to change at line 72 ¶ | |||
| 6.1. Normative References | 6.1. Normative References | |||
| 6.2. Informative References | 6.2. Informative References | |||
| Appendix A. A Configuration Example | Appendix A. A Configuration Example | |||
| Appendix B. IS-IS MPLS Segment Routing Module Tree | Appendix B. IS-IS MPLS Segment Routing Module Tree | |||
| Acknowledgements | Acknowledgements | |||
| Authors' Addresses | Authors' Addresses | |||
| 1. Overview | 1. Overview | |||
| This document defines a device YANG data model [RFC7950] that can be | This document defines a device YANG data model [RFC7950] that can be | |||
| used to manage IS-IS extensions for Segment Routing [RFC8667] over | used to manage IS-IS extensions for Segment Routing (SR) [RFC8667] | |||
| the MPLS data plane. It is an augmentation to the IS-IS YANG data | over the MPLS data plane. It is an augmentation to the IS-IS YANG | |||
| model [RFC9130]. | data model [RFC9130]. | |||
| The YANG data model in this document conforms to the Network | The YANG data model in this document conforms to the Network | |||
| Management Datastore Architecture (NMDA) [RFC8342]. | Management Datastore Architecture (NMDA) [RFC8342]. | |||
| 1.1. Tree Diagrams | 1.1. Tree Diagrams | |||
| This document uses the graphical representation of a data model as | This document uses the graphical representation of a data model as | |||
| defined in [RFC8340]. | defined in [RFC8340]. | |||
| 2. Design of the IS-IS MPLS Segment Routing Module | 2. Design of the IS-IS MPLS Segment Routing Module | |||
| This document defines a YANG data model for IS-IS extensions for | The IS-IS SR MPLS YANG module requires support for the base SR module | |||
| Segment Routing over the MPLS data plane. It is an augmentation of | [RFC9020], which defines the global SR management independent of any | |||
| the IS-IS base model. | specific routing protocol configuration, and support of the IS-IS | |||
| base model [RFC9130], which defines the basic IS-IS configuration and | ||||
| The IS-IS SR MPLS YANG module requires support for the base Segment | state. | |||
| Routing module [RFC9020], which defines the global Segment Routing | ||||
| management independent of any specific routing protocol | ||||
| configuration, and support of the IS-IS base model [RFC9130], which | ||||
| defines the basic IS-IS configuration and state. | ||||
| The "ietf-isis-sr-mpls" data model defines both the data nodes to | The "ietf-isis-sr-mpls" data model defines both the data nodes to | |||
| configure IS-IS Segment Routing MPLS extensions and the additions to | configure IS-IS SR MPLS extensions and the additions to the IS-IS | |||
| the IS-IS Link State Protocol Data Units (LSPs) necessary to support | Link State Protocol Data Units (LSPs) necessary to support MPLS SR. | |||
| MPLS Segment Routing. | ||||
| 2.1. Segment Routing Activation | 2.1. Segment Routing Activation | |||
| Activation of IS-IS SR MPLS is done by setting the "enable" leaf to | Activation of IS-IS SR MPLS is done by setting the "enable" leaf to | |||
| true. This triggers advertisement of SR MPLS extensions based on the | true. This triggers advertisement of SR MPLS extensions based on the | |||
| configuration parameters that have been set up using the base Segment | configuration parameters that have been set up using the base SR | |||
| Routing module. | module. | |||
| 2.2. Advertising Mapping Server Policy | 2.2. Advertising Mapping Server Policy | |||
| The base Segment Routing module defines mapping server policies. By | The base SR module defines mapping server policies. By default, IS- | |||
| default, IS-IS will not advertise or process any mapping server | IS will not advertise or process any mapping server entry. The IS-IS | |||
| entry. The IS-IS SR MPLS module allows the advertisement of one or | SR MPLS module allows the advertisement of one or multiple mapping | |||
| multiple mapping server policies through the "bindings/advertise/ | server policies through the "bindings/advertise/policies" leaf-list. | |||
| policies" leaf-list. The "bindings/receive" leaf controls the | The "bindings/receive" leaf controls the reception and process of | |||
| reception and process of mapping server entries. | mapping server entries. | |||
| 2.3. IP Fast Reroute | 2.3. IP Fast Reroute | |||
| The IS-IS SR MPLS module augments the Fast Reroute (FRR) container | The IS-IS SR MPLS module augments the Fast Reroute (FRR) container | |||
| under interface. It brings the ability to activate Topology | under interface. It brings the ability to activate Topology | |||
| Independent Loop-Free Alternate (TI-LFA) and also enhances Remote LFA | Independent Loop-Free Alternate (TI-LFA) and also enhances Remote LFA | |||
| (RLFA) to use Segment Routing tunneling instead of LDP. | (RLFA) to use SR tunneling instead of LDP. | |||
| 3. IS-IS MPLS Segment Routing over MPLS YANG Module | 3. IS-IS MPLS Segment Routing over MPLS YANG Module | |||
| [RFC6991], [RFC8102], [RFC8294], [RFC8349], [RFC8667], [RFC9020], | [RFC6991], [RFC8102], [RFC8294], [RFC8349], [RFC8402], [RFC8667], | |||
| [RFC9130], and [RFC9855] are referenced in the YANG module. | [RFC9020], [RFC9130], and [RFC9855] are referenced in the YANG | |||
| module. | ||||
| <CODE BEGINS> file "ietf-isis-sr-mpls@2025-11-21.yang" | <CODE BEGINS> file "ietf-isis-sr-mpls@2025-11-21.yang" | |||
| module ietf-isis-sr-mpls { | module ietf-isis-sr-mpls { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-isis-sr-mpls"; | namespace "urn:ietf:params:xml:ns:yang:ietf-isis-sr-mpls"; | |||
| prefix isis-sr-mpls; | prefix isis-sr-mpls; | |||
| import ietf-routing { | import ietf-routing { | |||
| prefix rt; | prefix rt; | |||
| reference | reference | |||
| skipping to change at line 191 ¶ | skipping to change at line 187 ¶ | |||
| <mailto:yingzhen.ietf@gmail.com> | <mailto:yingzhen.ietf@gmail.com> | |||
| Author: Acee Lindem | Author: Acee Lindem | |||
| <mailto:acee.ietf@gmail.com> | <mailto:acee.ietf@gmail.com> | |||
| Author: Ing-Wher Chen | Author: Ing-Wher Chen | |||
| <mailto:ingwherchen@mitre.org> | <mailto:ingwherchen@mitre.org> | |||
| Author: Jeff Tantsura | Author: Jeff Tantsura | |||
| <mailto:jefftant.ietf@gmail.com> | <mailto:jefftant.ietf@gmail.com> | |||
| "; | "; | |||
| description | description | |||
| "The YANG module defines the generic configuration and | "The YANG module defines the generic configuration and | |||
| operational state for Segment Routing IS-IS extensions for the | operational state for SR IS-IS extensions for the | |||
| MPLS data plane. | MPLS data plane. | |||
| This YANG data model conforms to the Network Management | This YANG data model conforms to the Network Management | |||
| Datastore Architecture (NMDA) as described in RFC 8342. | Datastore Architecture (NMDA) as described in RFC 8342. | |||
| Copyright (c) 2025 IETF Trust and the persons identified as | Copyright (c) 2025 IETF Trust and the persons identified as | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject to | without modification, is permitted pursuant to, and subject to | |||
| skipping to change at line 234 ¶ | skipping to change at line 230 ¶ | |||
| feature remote-lfa-sr { | feature remote-lfa-sr { | |||
| description | description | |||
| "Enhance RLFA to use SR path."; | "Enhance RLFA to use SR path."; | |||
| reference | reference | |||
| "RFC 8102: Remote-LFA Node Protection and Manageability"; | "RFC 8102: Remote-LFA Node Protection and Manageability"; | |||
| } | } | |||
| feature ti-lfa { | feature ti-lfa { | |||
| description | description | |||
| "Topology Independent Loop-Free Alternate (TI-LFA) | "Topology Independent Loop-Free Alternate (TI-LFA) | |||
| computation using Segment Routing."; | computation using SR."; | |||
| reference | reference | |||
| "RFC 9855: Topology Independent Fast Reroute Using Segment | "RFC 9855: Topology Independent Fast Reroute Using Segment | |||
| Routing"; | Routing"; | |||
| } | } | |||
| /* Identities */ | /* Identities */ | |||
| identity sr-capability { | identity sr-capability { | |||
| description | description | |||
| "Base identity for IS-IS SR-Capabilities sub-TLV flags."; | "Base identity for IS-IS SR-Capabilities sub-TLV flags."; | |||
| skipping to change at line 486 ¶ | skipping to change at line 482 ¶ | |||
| "SR-Capability flags."; | "SR-Capability flags."; | |||
| leaf-list sr-capability-flag { | leaf-list sr-capability-flag { | |||
| type identityref { | type identityref { | |||
| base sr-capability; | base sr-capability; | |||
| } | } | |||
| description | description | |||
| "SR-Capability sub-TLV flags."; | "SR-Capability sub-TLV flags."; | |||
| } | } | |||
| container global-blocks { | container global-blocks { | |||
| description | description | |||
| "Segment Routing Global Blocks."; | "Segment Routing Global Blocks (SRGBs)."; | |||
| list global-block { | list global-block { | |||
| description | description | |||
| "Segment Routing Global Block."; | "Segment Routing Global Block."; | |||
| leaf range-size { | leaf range-size { | |||
| type rt-types:uint24; | type rt-types:uint24; | |||
| description | description | |||
| "The SID range."; | "The SID range."; | |||
| } | } | |||
| uses sid-tlv-encoding; | uses sid-tlv-encoding; | |||
| } | } | |||
| skipping to change at line 514 ¶ | skipping to change at line 510 ¶ | |||
| reference | reference | |||
| "RFC 8667: IS-IS Extensions for Segment Routing, Section 3.2"; | "RFC 8667: IS-IS Extensions for Segment Routing, Section 3.2"; | |||
| container sr-algorithms { | container sr-algorithms { | |||
| description | description | |||
| "All SR algorithms."; | "All SR algorithms."; | |||
| leaf-list sr-algorithm { | leaf-list sr-algorithm { | |||
| type identityref { | type identityref { | |||
| base sr-cmn:prefix-sid-algorithm; | base sr-cmn:prefix-sid-algorithm; | |||
| } | } | |||
| description | description | |||
| "The Segment Routing (SR) algorithms that the router is | "The SR algorithms that the router is | |||
| currently using."; | currently using."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| grouping srlb { | grouping srlb { | |||
| description | description | |||
| "SR Local Block grouping."; | "SR Local Block grouping."; | |||
| reference | reference | |||
| "RFC 8667: IS-IS Extensions for Segment Routing, Section 3.3"; | "RFC 8667: IS-IS Extensions for Segment Routing, Section 3.3"; | |||
| skipping to change at line 568 ¶ | skipping to change at line 564 ¶ | |||
| } | } | |||
| grouping adjacency-state { | grouping adjacency-state { | |||
| description | description | |||
| "This grouping extends adjacency state."; | "This grouping extends adjacency state."; | |||
| reference | reference | |||
| "RFC 8667: IS-IS Extensions for Segment Routing, Section 2.2"; | "RFC 8667: IS-IS Extensions for Segment Routing, Section 2.2"; | |||
| list adjacency-sid { | list adjacency-sid { | |||
| config false; | config false; | |||
| description | description | |||
| "List of adjacency Segment IDs."; | "List of Adj-SIDs."; | |||
| leaf value { | leaf value { | |||
| type uint32; | type uint32; | |||
| description | description | |||
| "Value of the Adj-SID."; | "Value of the Adj-SID."; | |||
| } | } | |||
| leaf address-family { | leaf address-family { | |||
| type iana-rt-types:address-family; | type iana-rt-types:address-family; | |||
| description | description | |||
| "Address-family associated with the | "Address-family associated with the | |||
| segment ID."; | segment ID."; | |||
| } | } | |||
| leaf weight { | leaf weight { | |||
| type uint8; | type uint8; | |||
| description | description | |||
| "Weight associated with | "Weight associated with | |||
| the adjacency SID."; | the Adj-SID."; | |||
| } | } | |||
| leaf protection-requested { | leaf protection-requested { | |||
| type boolean; | type boolean; | |||
| description | description | |||
| "Describe if the adjacency SID | "Describe if the Adj-SID | |||
| must be protected."; | must be protected."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| grouping prefix-sid-sub-tlv { | grouping prefix-sid-sub-tlv { | |||
| description | description | |||
| "This grouping defines the Segment Routing Prefix Segment | "This grouping defines the SR Prefix Segment | |||
| Identifier (Prefix-SID) sub-TLV."; | Identifier (Prefix-SID) sub-TLV."; | |||
| reference | reference | |||
| "RFC 8667: IS-IS Extensions for Segment Routing, Section 2.1"; | "RFC 8667: IS-IS Extensions for Segment Routing, Section 2.1"; | |||
| container prefix-sid-sub-tlvs { | container prefix-sid-sub-tlvs { | |||
| description | description | |||
| "Prefix-SID sub-TLVs."; | "Prefix-SID sub-TLVs."; | |||
| list prefix-sid-sub-tlv { | list prefix-sid-sub-tlv { | |||
| description | description | |||
| "List of Prefix-SID sub-TLVs."; | "List of Prefix-SID sub-TLVs."; | |||
| container prefix-sid-flags { | container prefix-sid-flags { | |||
| skipping to change at line 633 ¶ | skipping to change at line 629 ¶ | |||
| description | description | |||
| "Algorithm to be used for path computation."; | "Algorithm to be used for path computation."; | |||
| } | } | |||
| uses sid-tlv-encoding; | uses sid-tlv-encoding; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| grouping adjacency-segment-id { | grouping adjacency-segment-id { | |||
| description | description | |||
| "This grouping defines Segment Routing extensions | "This grouping defines SR extensions | |||
| for adjacencies."; | for adjacencies."; | |||
| reference | reference | |||
| "RFC 8667: IS-IS Extensions for Segment Routing, Section 2.2"; | "RFC 8667: IS-IS Extensions for Segment Routing, Section 2.2"; | |||
| container adj-sid-sub-tlvs { | container adj-sid-sub-tlvs { | |||
| description | description | |||
| "Adj-SID optional sub-TLVs."; | "Adj-SID optional sub-TLVs."; | |||
| list adj-sid-sub-tlv { | list adj-sid-sub-tlv { | |||
| description | description | |||
| "List of segments."; | "List of segments."; | |||
| container adj-sid-flags { | container adj-sid-flags { | |||
| skipping to change at line 731 ¶ | skipping to change at line 727 ¶ | |||
| augment "/rt:routing/" | augment "/rt:routing/" | |||
| + "rt:control-plane-protocols/rt:control-plane-protocol" | + "rt:control-plane-protocols/rt:control-plane-protocol" | |||
| + "/isis:isis" { | + "/isis:isis" { | |||
| when "derived-from-or-self(../rt:type, 'isis:isis')" { | when "derived-from-or-self(../rt:type, 'isis:isis')" { | |||
| description | description | |||
| "This augments the IS-IS routing protocol when used."; | "This augments the IS-IS routing protocol when used."; | |||
| } | } | |||
| description | description | |||
| "This augments the IS-IS protocol configuration | "This augments the IS-IS protocol configuration | |||
| with Segment Routing for the MPLS data plane."; | with SR for the MPLS data plane."; | |||
| uses sr-mpls:sr-control-plane; | uses sr-mpls:sr-control-plane; | |||
| container protocol-srgb { | container protocol-srgb { | |||
| if-feature "sr-mpls:protocol-srgb"; | if-feature "sr-mpls:protocol-srgb"; | |||
| description | description | |||
| "Per-protocol Segment Routing Global Block (SRGB)."; | "Per-protocol SRGB."; | |||
| reference | reference | |||
| "RFC 8402: Segment Routing Architecture, Section 2"; | "RFC 8402: Segment Routing Architecture, Section 2"; | |||
| uses sr-cmn:srgb; | uses sr-cmn:srgb; | |||
| } | } | |||
| } | } | |||
| augment "/rt:routing/" | augment "/rt:routing/" | |||
| + "rt:control-plane-protocols/rt:control-plane-protocol" | + "rt:control-plane-protocols/rt:control-plane-protocol" | |||
| + "/isis:isis/isis:interfaces/isis:interface" { | + "/isis:isis/isis:interfaces/isis:interface" { | |||
| when "derived-from-or-self(../../../rt:type, 'isis:isis')" { | when "derived-from-or-self(../../../rt:type, 'isis:isis')" { | |||
| description | description | |||
| "This augments the IS-IS routing protocol when used."; | "This augments the IS-IS routing protocol when used."; | |||
| } | } | |||
| description | description | |||
| "This augments the IS-IS protocol configuration | "This augments the IS-IS protocol configuration | |||
| with Segment Routing."; | with SR."; | |||
| uses sr-mpls:igp-interface { | uses sr-mpls:igp-interface { | |||
| augment "segment-routing/adjacency-sid/adj-sids" { | augment "segment-routing/adjacency-sid/adj-sids" { | |||
| when "../../../isis:interface-type = 'broadcast'" { | when "../../../isis:interface-type = 'broadcast'" { | |||
| description | description | |||
| "This augments the broadcast interface."; | "This augments the broadcast interface."; | |||
| } | } | |||
| description | description | |||
| "This augments the LAN interface adj-sid with system-id."; | "This augments the LAN interface adj-sid with system-id."; | |||
| leaf neighbor-system-id { | leaf neighbor-system-id { | |||
| type isis:system-id; | type isis:system-id; | |||
| skipping to change at line 869 ¶ | skipping to change at line 865 ¶ | |||
| augment "/rt:routing/" | augment "/rt:routing/" | |||
| + "rt:control-plane-protocols/rt:control-plane-protocol" | + "rt:control-plane-protocols/rt:control-plane-protocol" | |||
| + "/isis:isis/isis:interfaces/isis:interface" | + "/isis:isis/isis:interfaces/isis:interface" | |||
| + "/isis:fast-reroute/isis:lfa/isis:level-2" { | + "/isis:fast-reroute/isis:lfa/isis:level-2" { | |||
| when "derived-from-or-self(../../../../../../rt:type," | when "derived-from-or-self(../../../../../../rt:type," | |||
| + "'isis:isis')" { | + "'isis:isis')" { | |||
| description | description | |||
| "This augments the IS-IS routing protocol when used."; | "This augments the IS-IS routing protocol when used."; | |||
| } | } | |||
| description | description | |||
| "This augments the IS-IS IP interface level-2 FRR with | "This augments the IS-IS interface level-2 IP FRR with | |||
| TI-LFA."; | TI-LFA."; | |||
| container ti-lfa { | container ti-lfa { | |||
| if-feature "ti-lfa"; | if-feature "ti-lfa"; | |||
| description | description | |||
| "TI-LFA configuration."; | "TI-LFA configuration."; | |||
| leaf enabled { | leaf enabled { | |||
| type boolean; | type boolean; | |||
| default "false"; | default "false"; | |||
| description | description | |||
| "Enables TI-LFA computation."; | "Enables TI-LFA computation."; | |||
| skipping to change at line 894 ¶ | skipping to change at line 890 ¶ | |||
| augment "/rt:routing/" | augment "/rt:routing/" | |||
| + "rt:control-plane-protocols/rt:control-plane-protocol" | + "rt:control-plane-protocols/rt:control-plane-protocol" | |||
| + "/isis:isis/isis:interfaces/isis:interface" | + "/isis:isis/isis:interfaces/isis:interface" | |||
| + "/isis:fast-reroute/isis:lfa/isis:remote-lfa" { | + "/isis:fast-reroute/isis:lfa/isis:remote-lfa" { | |||
| when "derived-from-or-self(../../../../../../rt:type," | when "derived-from-or-self(../../../../../../rt:type," | |||
| + "'isis:isis')" { | + "'isis:isis')" { | |||
| description | description | |||
| "This augments the IS-IS routing protocol when used."; | "This augments the IS-IS routing protocol when used."; | |||
| } | } | |||
| description | description | |||
| "This augments the IS-IS Remote LFA configuration with | "This augments the IS-IS RLFA configuration with | |||
| use of the Segment Routing path."; | use of the SR path."; | |||
| leaf use-segment-routing-path { | leaf use-segment-routing-path { | |||
| if-feature "remote-lfa-sr"; | if-feature "remote-lfa-sr"; | |||
| type boolean; | type boolean; | |||
| default "false"; | default "false"; | |||
| description | description | |||
| "Force Remote LFA to use the Segment Routing path instead of | "Force RLFA to use the SR path instead of | |||
| LDP path. The value of this leaf is in effect only when | LDP path. The value of this leaf is in effect only when | |||
| remote-lfa is enabled."; | remote-lfa is enabled."; | |||
| } | } | |||
| } | } | |||
| /* Operational states */ | /* Operational states */ | |||
| augment "/rt:routing/" | augment "/rt:routing/" | |||
| + "rt:control-plane-protocols/rt:control-plane-protocol" | + "rt:control-plane-protocols/rt:control-plane-protocol" | |||
| + "/isis:isis/isis:interfaces/isis:interface" | + "/isis:isis/isis:interfaces/isis:interface" | |||
| + "/isis:adjacencies/isis:adjacency" { | + "/isis:adjacencies/isis:adjacency" { | |||
| when "derived-from-or-self(../../../../../rt:type," | when "derived-from-or-self(../../../../../rt:type," | |||
| + "'isis:isis')" { | + "'isis:isis')" { | |||
| description | description | |||
| "This augments the IS-IS routing protocol when used."; | "This augments the IS-IS routing protocol when used."; | |||
| } | } | |||
| description | description | |||
| "This augments the IS-IS protocol configuration | "This augments the IS-IS protocol configuration | |||
| with Segment Routing."; | with SR."; | |||
| uses adjacency-state; | uses adjacency-state; | |||
| } | } | |||
| augment "/rt:routing/" | augment "/rt:routing/" | |||
| + "rt:control-plane-protocols/rt:control-plane-protocol" | + "rt:control-plane-protocols/rt:control-plane-protocol" | |||
| + "/isis:isis/isis:database/isis:levels/isis:lsp" | + "/isis:isis/isis:database/isis:levels/isis:lsp" | |||
| + "/isis:router-capabilities/isis:router-capability" { | + "/isis:router-capabilities/isis:router-capability" { | |||
| when "derived-from-or-self(../../../../../../rt:type," | when "derived-from-or-self(../../../../../../rt:type," | |||
| + "'isis:isis')" { | + "'isis:isis')" { | |||
| description | description | |||
| skipping to change at line 1107 ¶ | skipping to change at line 1103 ¶ | |||
| sensitivities/vulnerabilities: | sensitivities/vulnerabilities: | |||
| * /isis:isis/segment-routing | * /isis:isis/segment-routing | |||
| * /isis:isis/protocol-srgb | * /isis:isis/protocol-srgb | |||
| * /isis:isis/isis:interfaces/isis:interface/segment-routing | * /isis:isis/isis:interfaces/isis:interface/segment-routing | |||
| * /isis:isis/isis:interfaces/isis:interface/isis:fast-reroute/ti-lfa | * /isis:isis/isis:interfaces/isis:interface/isis:fast-reroute/ti-lfa | |||
| The ability to disable or enable IS-IS Segment Routing support and/or | The ability to disable or enable IS-IS SR support and/or change SR | |||
| change Segment Routing configurations can result in a Denial-of- | configurations can result in a Denial-of-Service (DoS) attack, as | |||
| Service (DoS) attack, as this may cause traffic to be dropped or | this may cause traffic to be dropped or misrouted. Please refer to | |||
| misrouted. Please refer to Section 5 of [RFC8667] for more | Section 5 of [RFC8667] for more information on SR extensions. | |||
| information on Segment Routing extensions. | ||||
| Some of the readable data nodes in this YANG module may be considered | Some of the readable data nodes in this YANG module may be considered | |||
| sensitive or vulnerable in some network environments. It is thus | sensitive or vulnerable in some network environments. It is thus | |||
| important to control read access (e.g., via get, get-config, or | important to control read access (e.g., via get, get-config, or | |||
| notification) to these data nodes. Specifically, the following | notification) to these data nodes. Specifically, the following | |||
| subtrees and data nodes have particular sensitivities/ | subtrees and data nodes have particular sensitivities/ | |||
| vulnerabilities: | vulnerabilities: | |||
| * /isis:router-capabilities/sr-capability | * /isis:router-capabilities/sr-capability | |||
| * /isis:router-capabilities/sr-algorithms | * /isis:router-capabilities/sr-algorithms | |||
| * /isis:router-capabilities/local-blocks | * /isis:router-capabilities/local-blocks | |||
| * /isis:router-capabilities/srms-preference | * /isis:router-capabilities/srms-preference | |||
| * and the augmentations to the IS-IS Link State Database. | * and the augmentations to the IS-IS LSDB. | |||
| Unauthorized access to any data node of these subtrees can disclose | Unauthorized access to any data node of these subtrees can disclose | |||
| the operational state information of the IS-IS protocol on a device. | the operational state information of the IS-IS protocol on a device. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| The IANA has assigned one new URI in the "IETF XML Registry" | The IANA has assigned one new URI in the "IETF XML Registry" | |||
| [RFC3688]: | [RFC3688]: | |||
| URI: urn:ietf:params:xml:ns:yang:ietf-isis-sr-mpls | URI: urn:ietf:params:xml:ns:yang:ietf-isis-sr-mpls | |||
| skipping to change at line 1197 ¶ | skipping to change at line 1192 ¶ | |||
| [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | |||
| and R. Wilton, "Network Management Datastore Architecture | and R. Wilton, "Network Management Datastore Architecture | |||
| (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8342>. | <https://www.rfc-editor.org/info/rfc8342>. | |||
| [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for | [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for | |||
| Routing Management (NMDA Version)", RFC 8349, | Routing Management (NMDA Version)", RFC 8349, | |||
| DOI 10.17487/RFC8349, March 2018, | DOI 10.17487/RFC8349, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8349>. | <https://www.rfc-editor.org/info/rfc8349>. | |||
| [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., | ||||
| Decraene, B., Litkowski, S., and R. Shakir, "Segment | ||||
| Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, | ||||
| July 2018, <https://www.rfc-editor.org/info/rfc8402>. | ||||
| [RFC8667] Previdi, S., Ed., Ginsberg, L., Ed., Filsfils, C., | [RFC8667] Previdi, S., Ed., Ginsberg, L., Ed., Filsfils, C., | |||
| Bashandy, A., Gredler, H., and B. Decraene, "IS-IS | Bashandy, A., Gredler, H., and B. Decraene, "IS-IS | |||
| Extensions for Segment Routing", RFC 8667, | Extensions for Segment Routing", RFC 8667, | |||
| DOI 10.17487/RFC8667, December 2019, | DOI 10.17487/RFC8667, December 2019, | |||
| <https://www.rfc-editor.org/info/rfc8667>. | <https://www.rfc-editor.org/info/rfc8667>. | |||
| [RFC9020] Litkowski, S., Qu, Y., Lindem, A., Sarkar, P., and J. | [RFC9020] Litkowski, S., Qu, Y., Lindem, A., Sarkar, P., and J. | |||
| Tantsura, "YANG Data Model for Segment Routing", RFC 9020, | Tantsura, "YANG Data Model for Segment Routing", RFC 9020, | |||
| DOI 10.17487/RFC9020, May 2021, | DOI 10.17487/RFC9020, May 2021, | |||
| <https://www.rfc-editor.org/info/rfc9020>. | <https://www.rfc-editor.org/info/rfc9020>. | |||
| End of changes. 27 change blocks. | ||||
| 50 lines changed or deleted | 50 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||