rfc9978.original   rfc9978.txt 
Network Working Group A. Mishra Internet Engineering Task Force (IETF) A. Mishra
Internet-Draft Aalyria Technologies Request for Comments: 9978 Aalyria Technologies
Intended status: Experimental M. Jethanandani Category: Experimental M. Jethanandani
Expires: 7 May 2026 Arrcus, Inc. ISSN: 2070-1721 Arrcus, Inc.
A. Saxena A. Saxena
Ciena Corporation Ciena Corporation
S. Pallagatti S. Pallagatti
Zscaler Zscaler
M. Chen M. Chen
Huawei Huawei
3 November 2025 May 2026
BFD Stability Bidirectional Forwarding Detection (BFD) Stability
draft-ietf-bfd-stability-21
Abstract Abstract
This document describes extensions to the Bidirectional Forwarding This document describes extensions to the Bidirectional Forwarding
Detection (BFD) protocol to measure BFD stability. Specifically, it Detection (BFD) protocol to measure BFD stability. Specifically, it
describes a mechanism for the detection of BFD packet loss. describes a mechanism for the detection of BFD packet loss.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for examination, experimental implementation, and
evaluation.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document defines an Experimental Protocol for the Internet
and may be updated, replaced, or obsoleted by other documents at any community. This document is a product of the Internet Engineering
time. It is inappropriate to use Internet-Drafts as reference Task Force (IETF). It represents the consensus of the IETF
material or to cite them other than as "work in progress." community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are candidates for any level of
Internet Standard; see Section 2 of RFC 7841.
This Internet-Draft will expire on 7 May 2026. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9978.
Copyright Notice Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
1.1. Note to the RFC Editor . . . . . . . . . . . . . . . . . 3 2. Terminology
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Use Cases
3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Functionality
4. Functionality . . . . . . . . . . . . . . . . . . . . . . . . 4 5. NULL Auth Type
5. NULL Auth Type . . . . . . . . . . . . . . . . . . . . . . . 4 6. Theory of Operation
6. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 6 6.1. Loss Measurement
6.1. Loss Measurement . . . . . . . . . . . . . . . . . . . . 6 6.2. Out-of-Order Packets
6.2. Out of Order Packets . . . . . . . . . . . . . . . . . . 7 7. Stability YANG Module
7. Stability YANG Module . . . . . . . . . . . . . . . . . . . . 7 7.1. Data Model Overview
7.1. Data Model Overview . . . . . . . . . . . . . . . . . . . 7 7.2. YANG Module
7.2. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 9 8. IANA Considerations
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 8.1. Auth Type
8.1. Auth Type . . . . . . . . . . . . . . . . . . . . . . . . 14 8.2. IETF XML Registry
8.2. IETF XML Registry . . . . . . . . . . . . . . . . . . . . 14 8.3. The "YANG Module Names" Registry
8.3. The "YANG Module Names" Registry . . . . . . . . . . . . 15 9. Security Considerations
9. Security Considerations . . . . . . . . . . . . . . . . . . . 15 9.1. BFD NULL Auth Security Considerations
9.1. BFD NULL Auth Security Considerations . . . . . . . . . . 15 9.2. YANG Security Considerations
9.2. YANG Security Considerations . . . . . . . . . . . . . . 16 10. References
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 16 10.1. Normative References
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 10.2. Informative References
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 Appendix A. Experimental Status
12.1. Normative References . . . . . . . . . . . . . . . . . . 17 Appendix B. Examples
12.2. Informative References . . . . . . . . . . . . . . . . . 18 B.1. Single-Hop BFD Configuration
Appendix A. Experimental Status . . . . . . . . . . . . . . . . 19 B.2. Use of NULL Auth
Appendix B. Examples . . . . . . . . . . . . . . . . . . . . . . 19 Acknowledgements
B.1. Single Hop BFD Configuration . . . . . . . . . . . . . . 19 Contributors
B.2. Use of NULL Auth . . . . . . . . . . . . . . . . . . . . 21 Authors' Addresses
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
The Bidirectional Forwarding Detection (BFD) [RFC5880] protocol The Bidirectional Forwarding Detection (BFD) [RFC5880] protocol
operates by transmitting and receiving BFD control packets, generally operates by transmitting and receiving BFD control packets, generally
at high frequency, over the datapath being monitored. In order to at a high frequency, over the datapath being monitored. In order to
prevent significant data loss due to a datapath failure, BFD session prevent significant data loss due to a datapath failure, BFD session
detection time as defined in BFD [RFC5880] is set to the smallest Detection Time as defined in [RFC5880] is set to the smallest
feasible value. feasible value.
A BFD [RFC5880] session will remain in the Up state as long as it A BFD session will remain in the Up state as long as it receives at
receives at least one BFD packet within the Detection Time interval. least one BFD packet within the Detection Time interval. However,
However, additional packet loss within that time interval is not additional packet loss within that time interval is not noted by the
noted by the BFD state machinery. Noting the other missed packets BFD state machinery. Noting the other missed packets provides a
provides a valuable indicator of systemic issues or a deteriorating valuable indicator of systemic issues or a deteriorating network that
network that may warrant preventive action. may warrant preventive action.
This document proposes an experimental mechanism to detect lost This document proposes an experimental mechanism to detect lost
packets in a BFD session in addition to the datapath fault detection packets in a BFD session in addition to the datapath fault detection
mechanisms of BFD. Such a mechanism, combined with 'received-packet- mechanisms of BFD. Such a mechanism, combined with 'received-packet-
count' defined in the YANG Data Model for Bidrectional Forward count' defined in "YANG Data Model for Bidirectional Forwarding
Detection (BFD) [RFC9314] permits operators to measure the stability Detection (BFD)" [RFC9314] permits operators to measure the stability
of BFD sessions. The details of the motivation for experimental of BFD sessions. The details of the motivation for the Experimental
status can be found in Appendix A. Implementations may also do status of this document can be found in Appendix A. Implementations
additional analysis of the packet loss over a time interval. Such an may also do additional analysis of the packet loss over a time
analysis is outside the scope of this document. interval. Such an analysis is outside the scope of this document.
This document does not propose any BFD extension to measure data This document does not propose any BFD extension to measure data
traffic loss or delay on a link or tunnel, and the scope is limited traffic loss or delay on a link or tunnel, and the scope is limited
to BFD packets. to BFD packets.
1.1. Note to the RFC Editor
This document uses several placeholder values throughout the
document. Please replace them as follows and remove this section
before publication.
RFC XXXX, where XXXX is the number assigned to this document at the
time of publication.
2025-10-30, with the actual date of the publication of this document.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC "OPTIONAL" in this document are to be interpreted as described in
2119 [RFC2119] and RFC 8174 [RFC8174]. BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
The reader is expected to be familiar with the BFD [RFC5880]. In The reader is expected to be familiar with BFD [RFC5880]. In
particular, the term 'meticulous' specified in Meticulous Keyed ISAAC particular, the term "meticulous" as specified in "Meticulous Keyed
for BFD Optimized Authentication ISAAC for BFD Optimized Authentication" [BFD-ISAAC] means that the
[I-D.ietf-bfd-secure-sequence-numbers] means that the Sequence number sequence number is incremented on every new packet that is sent.
is incremented on every new packet that is sent.
3. Use Cases 3. Use Cases
Bidirectional Forwarding Detection, as defined in BFD [RFC5880] Bidirectional Forwarding Detection (BFD), as defined in [RFC5880],
cannot detect any BFD packet loss if the loss does not last for the cannot detect any BFD packet loss if the loss does not last for the
Detection Time. This document proposes a method to detect dropped Detection Time. This document proposes a method to detect dropped
packets on the receiver. For example, if the receiver receives BFD packets on the receiver. For example, if the receiver receives BFD
control packet k at time t but receives packet k+3 at time t+10ms, control packet k at time t, but receives packet k+3 at time t+10 ms,
and never receives packet k+1 and/or k+2, then it has experienced a and never receives packet k+1 and/or k+2, then it has experienced a
packet loss. packet loss.
This proposal enables BFD implementations to generate diagnostic This proposal enables BFD implementations to generate diagnostic
information on the health of each BFD session that could be used to information on the health of each BFD session. This information
preempt probability of a failure on a datapath that BFD was could be used to preempt the probability of a failure on a datapath
monitoring by allowing time for a corrective action to be taken. that BFD was monitoring by allowing time for a corrective action to
be taken.
In a faulty datapath scenario, an operator can use BFD health In a faulty datapath scenario, an operator can use BFD health
information to trigger the delay and loss measurement OAM protocol information to trigger the delay and loss measurement Operations,
Connectivity Fault Management (CFM) [Y-1731] or Packet Loss and Delay Administration, and Maintenance (OAM) protocol Connectivity Fault
Measurement for MPLS Networks [RFC6374] to further isolate the issue. Management (CFM) [Y-1731] or packet loss and delay measurement for
MPLS networks [RFC6374] to further isolate the issue.
4. Functionality 4. Functionality
BFD stability measurement requires that a BFD Meticulous BFD stability measurement requires that a BFD Meticulous
Authentication type is configured. authentication type be configured.
The ietf-bfd-stability YANG model, defined in this document, provides The "ietf-bfd-stability" YANG data model, defined in this document,
the ability to configure BFD stability measurement for BFD sessions provides the ability to configure the BFD stability measurement for
by configuring the 'stability' flag. The 'lost-packet-count' leaf BFD sessions by configuring the 'stability' flag. The
permits monitoring of stability issues as defined in this document 'lost-packet-count' leaf permits monitoring of stability issues as
for BFD sessions that have the stability flag enabled. defined in this document for BFD sessions that have the 'stability'
flag enabled.
The configuration of BFD stability measurement and monitoring using The configuration of the BFD stability measurement and monitoring
other methods than the attached YANG model is out of scope from this using other methods than the attached YANG data model is out of scope
document. of this document.
5. NULL Auth Type 5. NULL Auth Type
The NULL Authentication Type, defined in this document, can be used The NULL authentication type, defined in this document, can be used
to provide a meticulously increasing sequence number BFD [RFC5880] to provide a meticulously increasing sequence number BFD [RFC5880]
for stability measurement. It provides none of the protections for stability measurement. It provides none of the protections
desired for authentication and is used only to provide BFD stability desired for authentication and is used only to provide BFD stability
services to BFD sessions that otherwise have no authentication in services to BFD sessions that otherwise have no authentication in
use. use.
If the Authentication Present (A) bit is set in the header as defined If the Authentication Present (A) bit is set in the header as defined
in Section 4 of BFD [RFC5880], and the Authentication Type field in Section 4 of [RFC5880], and the Authentication Type field contains
contains TBD, the Authentication section has the following format: 6, the Authentication Section has the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Auth Type | Auth Len | Auth Key ID | Reserved | | Auth Type | Auth Len | Auth Key ID | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number | | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: NULL Auth Type Figure 1: NULL Auth Type
where: where:
Auth Type (8 bits): The Authentication Type, which in this case is Auth Type (8 bits): The Authentication Type, which in this case is 6
TBD (NULL, to be assigned by IANA, with a suggested value of 6). (NULL).
Auth Len (8 bits): The length of the NULL Auth Type, in bytes; i.e., Auth Len (8 bits): The length of the NULL Auth Type in bytes (i.e.,
8 bytes 8 bytes).
Auth Key ID (8 bits): The authentication key ID in use for this Auth Key ID (8 bits): The authentication key ID in use for this
packet. MUST be set to zero and MUST be ignored on receipt. packet. It MUST be set to zero and MUST be ignored on receipt.
Reserved (8 bits): This byte MUST be set to zero on transmit and MUST Reserved (8 bits): This byte MUST be set to zero on transmit and
be ignored on receipt. MUST be ignored on receipt.
Sequence Number (32 bits): The sequence number for this packet. This Sequence Number (32 bits): The sequence number for this packet.
value is incremented for each successive packet transmitted for a This value is incremented for each successive packet transmitted
session. Implementations will use sequence numbers (bfd.XmitAuthSeq) for a session. Implementations will use sequence numbers
as defined in BFD [RFC5880]. (bfd.XmitAuthSeq) as defined in [RFC5880].
If bfd.AuthSeqKnown is 1, and the received Sequence Number field is If bfd.AuthSeqKnown is 1, and the received Sequence Number field is
not equal to bfd.RcvAuthSeq + 1 (in a circular number space), then not equal to bfd.RcvAuthSeq + 1 (in a circular number space), then
the loss count is incremented by the difference between the received the loss count is incremented by the difference between the received
Sequence Number and bfd.RcvAuthSeq and bfd.RcvAuthSeq is set to the sequence number and bfd.RcvAuthSeq, and bfd.RcvAuthSeq is set to the
received Sequence Number. received sequence number.
Otherwise (bfd.AuthSeqKnown is 0), bfd.AuthSeqKnown MUST be set to 1, Otherwise (bfd.AuthSeqKnown is 0), bfd.AuthSeqKnown MUST be set to 1,
and bfd.RcvAuthSeq MUST be set to the value of the received Sequence and bfd.RcvAuthSeq MUST be set to the value of the received Sequence
Number field as defined in BFD [RFC5880], Section 6.8.1, and the Number field as defined in [RFC5880], Section 6.8.1, and the packet
packet MUST be accepted. MUST be accepted.
According to BFD [RFC5880], Section 6.7.3 a receiver MUST discard a According to Section 6.7.3 of [RFC5880], a receiver MUST discard a
received packet that lies outside the range of bfd.RcvAuthSeq and received packet that lies outside the range of bfd.RcvAuthSeq and
bfd.RcvAuthSeq + (3 * Detect Multi). If it is within that range, but bfd.RcvAuthSeq + (3 * Detect Multi). If it is within that range, but
is missing a packet, it can be used to detect a loss. In case of is missing a packet, it can be used to detect a loss. In case of
NULL authentication where packets containing sequence numbers are NULL authentication where packets containing sequence numbers are
accepted on receipt, an attacker with unauthenticated sequence number accepted on receipt, an attacker with an unauthenticated sequence
could move the Sequence Number forward. Meanwhile, the actual BFD number could move the sequence number forward. Meanwhile, the actual
neighbor that continues to send packets will find them discarded and BFD neighbor that continues to send packets will find them discarded
the session would drop. To prevent such an attack, the received and the session would drop. To prevent such an attack, the received
Sequence Number MUST NOT be compared with bfd.RcvAuthSeq for purposes sequence number MUST NOT be compared with bfd.RcvAuthSeq for the
of discarding the BFD packets. purpose of discarding the BFD packets.
6. Theory of Operation 6. Theory of Operation
This mechanism allows operators to measure the loss of BFD control This mechanism allows operators to measure the loss of BFD control
packets. A BFD authentication type carrying a meticulously packets. A BFD authentication type carrying a meticulously
increasing sequence number is required to support this loss increasing sequence number is required to support this loss
measurement. Authentication types that provide for meticulously measurement. Authentication types that provide for meticulously
increasing sequence numbers include: increasing sequence numbers include:
* Meticulously Keyed MD5 and SHA1, defined in [RFC5880]. * Meticulously Keyed MD5 and SHA1, defined in [RFC5880].
* Meticulously Keyed ISAAC, defined in * Meticulously Keyed ISAAC, defined in [BFD-ISAAC].
[I-D.ietf-bfd-secure-sequence-numbers].
* The NULL authentication mechanism, which does not provide for * The NULL authentication mechanism, which does not provide for
authentication but carries a meticulously increasing sequence authentication but carries a meticulously increasing sequence
number, defined in this document. number, and is defined in this document.
Other authentication types that provide for meticulously increasing Other authentication types that provide for meticulously increasing
sequence numbers appropriate for this mechanism may be defined in sequence numbers appropriate for this mechanism may be defined in
future specifications. future specifications.
6.1. Loss Measurement 6.1. Loss Measurement
Loss measurement counts the number of BFD control packets missed at Loss measurement counts the number of BFD control packets missed at
the receiver during any Detection Time BFD [RFC5880], Section 6.8.4 the receiver during any Detection Time period [RFC5880],
period. The loss is detected by comparing the Sequence Number field Section 6.8.4. The loss is detected by comparing the Sequence Number
in successive BFD control packets. The Sequence Number in each field in successive BFD control packets. The sequence number in each
successive control packet generated on a BFD session by the successive control packet generated on a BFD session by the
transmitter is incremented by one. This loss count can then be transmitter is incremented by one. This loss count can then be
exposed using the YANG module defined in the subsequent section. See exposed using the YANG module defined in the subsequent section. See
discussion on Out of Order Packets (Section 6.2) later in the discussion on out-of-order packets in Section 6.2 of this document.
document.
The first BFD authentication section with a non-zero sequence number, The first BFD Authentication Section with a non-zero sequence number,
in a valid BFD control packet, processed by the receiver, is used for in a valid BFD control packet, processed by the receiver, is used for
bootstrapping the logic. bootstrapping the logic.
6.2. Out of Order Packets 6.2. Out-of-Order Packets
Some transmission mechanisms - for example, Link Aggregate Groups Some transmission mechanisms, for example, Link Aggregate Groups
(LAG), or Equal Cost Multipath (ECMP) - can result in out of order (LAGs) or Equal Cost Multipath (ECMP), can result in out-of-order
packet delivery. In circumstances where BFD packets are not lost, packet delivery. In circumstances where BFD packets are not lost,
but are delivered out of order, strict comparison of increasing but are delivered out of order, strict comparison of increasing
sequence numbers may result in classifying the out of order packets sequence numbers may result in classifying the out-of-order packets
as packet loss. as packet loss.
Implementations MAY provide mechanisms wherein all expected packets Implementations MAY provide mechanisms wherein all expected packets
received across an expected interval, but delivered out of order are received across an expected interval, but delivered out of order, are
not considered lost packets. not considered lost packets.
7. Stability YANG Module 7. Stability YANG Module
7.1. Data Model Overview 7.1. Data Model Overview
This YANG module augments the base BFD YANG module to add attributes This YANG module augments the base BFD YANG module to add attributes
such as the flag 'stability' related to the experiment of BFD such as the 'stability' flag related to the experiment of BFD
Stability. The feature statement 'stability' needs to be enabled to stability. The feature statement 'stability' needs to be enabled to
indicate that BFD Stability is supported by the implementation. In indicate that BFD stability is supported by the implementation. In
addition, a loss count per-session or lsp for BFD packets that are addition, a loss count per-session or lsp for BFD packets that are
lost has also been added in this model. lost has also been added in this model.
module: ietf-bfd-stability module: ietf-bfd-stability
augment /rt:routing/rt:control-plane-protocols augment /rt:routing/rt:control-plane-protocols
/rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh /rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh
/bfd-ip-sh:sessions/bfd-ip-sh:session: /bfd-ip-sh:sessions/bfd-ip-sh:session:
+--rw stability? boolean {stability}? +--rw stability? boolean {stability}?
augment /rt:routing/rt:control-plane-protocols augment /rt:routing/rt:control-plane-protocols
skipping to change at page 9, line 7 skipping to change at line 337
/bfd-lag:micro-bfd-ipv6/bfd-lag:session-statistics: /bfd-lag:micro-bfd-ipv6/bfd-lag:session-statistics:
+--ro lost-packet-count? yang:counter64 {stability}? +--ro lost-packet-count? yang:counter64 {stability}?
augment /rt:routing/rt:control-plane-protocols augment /rt:routing/rt:control-plane-protocols
/rt:control-plane-protocol/bfd:bfd/bfd-mpls:mpls /rt:control-plane-protocol/bfd:bfd/bfd-mpls:mpls
/bfd-mpls:session-groups/bfd-mpls:session-group /bfd-mpls:session-groups/bfd-mpls:session-group
/bfd-mpls:sessions/bfd-mpls:session-statistics: /bfd-mpls:sessions/bfd-mpls:session-statistics:
+--ro lost-packet-count? yang:counter64 {stability}? +--ro lost-packet-count? yang:counter64 {stability}?
7.2. YANG Module 7.2. YANG Module
This YANG module imports modules defined in Common YANG Types This YANG module imports modules defined in "Common YANG Data Types"
[RFC6991], A YANG Data Model for Routing [RFC8349], and YANG Data [RFC6991], "A YANG Data Model for Routing Management (NMDA Version)"
Model for Bidirectional Forwading Detection (BFD) [RFC9314]. [RFC8349], and "YANG Data Model for Bidirectional Forwarding
Detection (BFD)" [RFC9314].
<CODE BEGINS> file "ietf-bfd-stability@2025-10-30.yang" <CODE BEGINS> file "ietf-bfd-stability@2026-05-05.yang"
module ietf-bfd-stability { module ietf-bfd-stability {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-bfd-stability"; namespace "urn:ietf:params:xml:ns:yang:ietf-bfd-stability";
prefix "bfd-s"; prefix bfd-s;
import ietf-yang-types { import ietf-yang-types {
prefix "yang"; prefix yang;
reference reference
"RFC 6991: Common YANG Data Types"; "RFC 6991: Common YANG Data Types";
} }
import ietf-routing { import ietf-routing {
prefix "rt"; prefix rt;
reference reference
"RFC 8349: A YANG Data Model for Routing Management "RFC 8349: A YANG Data Model for Routing Management
(NMDA version)"; (NMDA Version)";
} }
import ietf-bfd { import ietf-bfd {
prefix bfd; prefix bfd;
reference reference
"RFC 9314: YANG Data Model for Bidirectional "RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection."; Forwarding Detection.";
} }
import ietf-bfd-ip-sh { import ietf-bfd-ip-sh {
prefix bfd-ip-sh; prefix bfd-ip-sh;
reference reference
"RFC 9314: YANG Data Model for Bidirectional "RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection."; Forwarding Detection (BFD)";
} }
import ietf-bfd-ip-mh { import ietf-bfd-ip-mh {
prefix bfd-ip-mh; prefix bfd-ip-mh;
reference reference
"RFC 9314: YANG Data Model for Bidirectional "RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection."; Forwarding Detection (BFD)";
} }
import ietf-bfd-lag { import ietf-bfd-lag {
prefix bfd-lag; prefix bfd-lag;
reference reference
"RFC 9314: YANG Data Model for Bidirectional "RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection."; Forwarding Detection (BFD)";
} }
import ietf-bfd-mpls { import ietf-bfd-mpls {
prefix bfd-mpls; prefix bfd-mpls;
reference reference
"RFC 9314: YANG Data Model for Bidirectional "RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection."; Forwarding Detection (BFD)";
} }
import ietf-key-chain { import ietf-key-chain {
prefix key-chain; prefix key-chain;
reference reference
"RFC 8177: YANG Key Chain."; "RFC 8177: YANG Data Model for Key Chains";
} }
organization organization
"IETF BFD Working Group"; "IETF BFD Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/bfd> "WG Web: <http://tools.ietf.org/wg/bfd>
WG List: <rtg-bfd@ietf.org> WG List: <rtg-bfd@ietf.org>
Authors: Mahesh Jethanandani (mjethanandani@gmail.com) Authors: Mahesh Jethanandani (mjethanandani@gmail.com)
Ashesh Mishra (mishra.ashesh@gmail.com) Ashesh Mishra (mishra.ashesh@gmail.com)
Ankur Saxena (ankurpsaxena@gmail.com) Ankur Saxena (ankurpsaxena@gmail.com)
Santosh Pallagatti (santosh.pallagati@gmail.com) Santosh Pallagatti (santosh.pallagati@gmail.com)
Mach Chen (mach.chen@huawei.com)."; Mach Chen (mach.chen@huawei.com).";
description description
"This YANG module augments the base BFD YANG model to add "This YANG module augments the base BFD YANG data model to add
experimental attributes related to BFD Stability. experimental attributes related to BFD stability.
In particular, it adds a per-session count for BFD packets In particular, it adds a per-session count for BFD packets
that are lost. that are lost.
Copyright (c) 2025 IETF Trust and the persons identified as The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
Copyright (c) 2026 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to without modification, is permitted pursuant to, and subject to
the license terms contained in the Revised BSD License set the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC 9978; see the
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself RFC itself for full legal notices.";
for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.";
revision "2025-10-30" { revision 2026-05-05 {
description description
"Initial Version."; "Initial version.";
reference reference
"RFC XXXX: BFD Stability."; "RFC 9978: Bidirectional Forwarding Detection (BFD) Stability";
} }
feature stability { feature stability {
description description
"This feature enables BFD sessions to be monitored for lost "This feature enables BFD sessions to be monitored for lost
packets."; packets.";
} }
identity null-auth { identity null-auth {
base key-chain:crypto-algorithm; base key-chain:crypto-algorithm;
description description
"BFD Null Auth type defined in this draft."; "BFD NULL Auth type defined in this document.";
reference reference
"RFC XXXX: BFD Stability."; "RFC 9978: Bidirectional Forwarding Detection (BFD) Stability";
} }
grouping lost-packet-count { grouping lost-packet-count {
leaf lost-packet-count { leaf lost-packet-count {
if-feature "stability"; if-feature "stability";
type yang:counter64; type yang:counter64;
description description
"Number of BFD packets that were lost, where loss is "Number of BFD packets that were lost, where loss is
determined by the fact that the sequence number is determined by the fact that the sequence number is
not consecutive. This counter should be present only if not consecutive. This counter should be present only if
stability is configured."; stability is configured.";
} }
description description
"Grouping of statistics related to BFD stability."; "Grouping of statistics related to BFD stability.";
} }
augment "/rt:routing/rt:control-plane-protocols/" + augment "/rt:routing/rt:control-plane-protocols/"
"rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/" + + "rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/"
"bfd-ip-sh:sessions/bfd-ip-sh:session" { + "bfd-ip-sh:sessions/bfd-ip-sh:session" {
leaf stability { leaf stability {
if-feature "stability"; if-feature "stability";
type boolean; type boolean;
must "../bfd-ip-sh:authentication/bfd-ip-sh:meticulous = " + must "../bfd-ip-sh:authentication/bfd-ip-sh:meticulous = "
"'true'"; + "'true'";
default false; default "false";
description description
"If set to true, this enables the BFD session to monitor "If set to true, this enables the BFD session to monitor
for stability, i.e., to watch how many packets are getting for stability, i.e., to watch how many packets are getting
dropped."; dropped.";
} }
description description
"Augment the 'bfd' container to add attributes related to BFD "Augment the 'bfd' container to add attributes related to BFD
stability for IP Single Hop Sessions."; stability for IP Single Hop sessions.";
} }
augment "/rt:routing/rt:control-plane-protocols/" + augment "/rt:routing/rt:control-plane-protocols/"
"rt:control-plane-protocol/bfd:bfd/bfd-ip-mh:ip-mh/" + + "rt:control-plane-protocol/bfd:bfd/bfd-ip-mh:ip-mh/"
"bfd-ip-mh:session-groups/bfd-ip-mh:session-group" { + "bfd-ip-mh:session-groups/bfd-ip-mh:session-group" {
leaf stability { leaf stability {
if-feature "stability"; if-feature "stability";
type boolean; type boolean;
must "../bfd-ip-mh:authentication/bfd-ip-mh:meticulous = " + must "../bfd-ip-mh:authentication/bfd-ip-mh:meticulous = "
"'true'"; + "'true'";
default false; default "false";
description description
"If set to true, this enables the BFD session to monitor "If set to true, this enables the BFD session to monitor
for stability, i.e., to watch how many packets are getting for stability, i.e., to watch how many packets are getting
dropped."; dropped.";
} }
description description
"Augment the 'bfd' container to add attributes related to BFD "Augment the 'bfd' container to add attributes related to BFD
stability for Multi Hop Sessions."; stability for Multi Hop sessions.";
} }
augment "/rt:routing/rt:control-plane-protocols/" + augment "/rt:routing/rt:control-plane-protocols/"
"rt:control-plane-protocol/bfd:bfd/bfd-lag:lag/" + + "rt:control-plane-protocol/bfd:bfd/bfd-lag:lag/"
"bfd-lag:sessions/bfd-lag:session" { + "bfd-lag:sessions/bfd-lag:session" {
leaf stability { leaf stability {
if-feature "stability"; if-feature "stability";
type boolean; type boolean;
must "../bfd-lag:authentication/bfd-lag:meticulous = " + must "../bfd-lag:authentication/bfd-lag:meticulous = "
"'true'"; + "'true'";
default false; default "false";
description description
"If set to true, this enables the BFD session to monitor "If set to true, this enables the BFD session to monitor
for stability, i.e., to watch how many packets are getting for stability, i.e., to watch how many packets are getting
dropped."; dropped.";
} }
description description
"Augment the 'bfd' container to add attributes related to BFD "Augment the 'bfd' container to add attributes related to BFD
stability for LAG session."; stability for LAG session.";
} }
augment "/rt:routing/rt:control-plane-protocols/" + augment "/rt:routing/rt:control-plane-protocols/"
"rt:control-plane-protocol/bfd:bfd/bfd-mpls:mpls/" + + "rt:control-plane-protocol/bfd:bfd/bfd-mpls:mpls/"
"bfd-mpls:session-groups/bfd-mpls:session-group" { + "bfd-mpls:session-groups/bfd-mpls:session-group" {
leaf stability { leaf stability {
if-feature "stability"; if-feature "stability";
type boolean; type boolean;
must "../bfd-mpls:authentication/bfd-mpls:meticulous = " + must "../bfd-mpls:authentication/bfd-mpls:meticulous = "
"'true'"; + "'true'";
default false; default "false";
description description
"If set to true, this enables the BFD session to monitor "If set to true, this enables the BFD session to monitor
for stability, i.e., to watch how many packets are getting for stability, i.e., to watch how many packets are getting
dropped."; dropped.";
} }
description description
"Augment the 'bfd' container to add attributes related to BFD "Augment the 'bfd' container to add attributes related to BFD
stability for MPLS."; stability for MPLS.";
} }
augment "/rt:routing/rt:control-plane-protocols/" + augment "/rt:routing/rt:control-plane-protocols/"
"rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/" + + "rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/"
"bfd-ip-sh:sessions/bfd-ip-sh:session/" + + "bfd-ip-sh:sessions/bfd-ip-sh:session/"
"bfd-ip-sh:session-statistics" { + "bfd-ip-sh:session-statistics" {
uses lost-packet-count; uses lost-packet-count;
description description
"Augment the 'bfd' container to add statistics related to BFD "Augment the 'bfd' container to add statistics related to BFD
stability for IP Single Hop Sessions."; stability for IP Single Hop sessions.";
} }
augment "/rt:routing/rt:control-plane-protocols/" + augment "/rt:routing/rt:control-plane-protocols/"
"rt:control-plane-protocol/bfd:bfd/bfd-ip-mh:ip-mh/" + + "rt:control-plane-protocol/bfd:bfd/bfd-ip-mh:ip-mh/"
"bfd-ip-mh:session-groups/bfd-ip-mh:session-group/" + + "bfd-ip-mh:session-groups/bfd-ip-mh:session-group/"
"bfd-ip-mh:sessions/bfd-ip-mh:session-statistics" { + "bfd-ip-mh:sessions/bfd-ip-mh:session-statistics" {
uses lost-packet-count; uses lost-packet-count;
description description
"Augment the 'bfd' container to add statistics related to BFD "Augment the 'bfd' container to add statistics related to BFD
stability for IP Multi Hop Sessions."; stability for IP Multi Hop sessions.";
} }
augment "/rt:routing/rt:control-plane-protocols/" + augment "/rt:routing/rt:control-plane-protocols/"
"rt:control-plane-protocol/bfd:bfd/bfd-lag:lag/" + + "rt:control-plane-protocol/bfd:bfd/bfd-lag:lag/"
"bfd-lag:sessions/bfd-lag:session/bfd-lag:member-links/" + + "bfd-lag:sessions/bfd-lag:session/bfd-lag:member-links/"
"bfd-lag:micro-bfd-ipv4/bfd-lag:session-statistics" { + "bfd-lag:micro-bfd-ipv4/bfd-lag:session-statistics" {
uses lost-packet-count; uses lost-packet-count;
description description
"Augment the 'bfd' container to add statistics related to BFD "Augment the 'bfd' container to add statistics related to BFD
stability for Micro BFD sessions for IPv4."; stability for Micro BFD sessions for IPv4.";
} }
augment "/rt:routing/rt:control-plane-protocols/" + augment "/rt:routing/rt:control-plane-protocols/"
"rt:control-plane-protocol/bfd:bfd/bfd-lag:lag/" + + "rt:control-plane-protocol/bfd:bfd/bfd-lag:lag/"
"bfd-lag:sessions/bfd-lag:session/bfd-lag:member-links/" + + "bfd-lag:sessions/bfd-lag:session/bfd-lag:member-links/"
"bfd-lag:micro-bfd-ipv6/bfd-lag:session-statistics" { + "bfd-lag:micro-bfd-ipv6/bfd-lag:session-statistics" {
uses lost-packet-count; uses lost-packet-count;
description description
"Augment the 'bfd' container to add statistics related to BFD "Augment the 'bfd' container to add statistics related to BFD
stability for Micro BFD sessions for IPv6."; stability for Micro BFD sessions for IPv6.";
} }
augment "/rt:routing/rt:control-plane-protocols/" + augment "/rt:routing/rt:control-plane-protocols/"
"rt:control-plane-protocol/bfd:bfd/bfd-mpls:mpls/" + + "rt:control-plane-protocol/bfd:bfd/bfd-mpls:mpls/"
"bfd-mpls:session-groups/bfd-mpls:session-group/" + + "bfd-mpls:session-groups/bfd-mpls:session-group/"
"bfd-mpls:sessions/bfd-mpls:session-statistics" { + "bfd-mpls:sessions/bfd-mpls:session-statistics" {
uses lost-packet-count; uses lost-packet-count;
description description
"Augment the 'bfd' container to add statistics related to BFD "Augment the 'bfd' container to add statistics related to BFD
stability for MPLS sessions."; stability for MPLS sessions.";
} }
} }
<CODE ENDS> <CODE ENDS>
8. IANA Considerations 8. IANA Considerations
This document requests one new authentication type and registers one This document registers a new authentication type, a new URI in the
URIs in the "ns" subregistry of the "IETF XML" registry [RFC3688]. "ns" registry within the "IETF XML" registry group [RFC3688], and a
YANG module in the "YANG Module Names" registry.
8.1. Auth Type 8.1. Auth Type
This document requests an update to the registry titled "BFD IANA has registered the following BFD Auth Type in the "BFD
Authentication Types". IANA is requested to assign a new BFD Authentication Types" registry:
AuthType:
* NULL Auth Type, with a suggested value of 6. Address: 6
BFD Authentication Type Name: NULL
Reference RFC 9978
8.2. IETF XML Registry 8.2. IETF XML Registry
Following the format in [RFC3688], the following registrations are IANA has registered the following URI in the "ns" registry [RFC3688]:
requested:
URI: urn:ietf:params:xml:ns:yang:ietf-bfd-stability URI: urn:ietf:params:xml:ns:yang:ietf-bfd-stability
Registrant Contact: The IESG Registrant Contact: The IESG
XML: N/A, the requested URI is an XML namespace. XML: N/A; the requested URI is an XML namespace.
8.3. The "YANG Module Names" Registry 8.3. The "YANG Module Names" Registry
This document registers one YANG module in the "YANG Module Names" IANA has registered the following YANG module in the "YANG Module
registry [RFC6020]. Following the format in [RFC6020], the following Names" registry [RFC6020]:
registrations are requested:
name: ietf-bfd-stability Name: ietf-bfd-stability
namespace: urn:ietf:params:xml:ns:yang:ietf-bfd-stability Namespace: urn:ietf:params:xml:ns:yang:ietf-bfd-stability
prefix: bfd-s Prefix: bfd-s
reference: RFC XXXX Reference: RFC 9978
9. Security Considerations 9. Security Considerations
9.1. BFD NULL Auth Security Considerations 9.1. BFD NULL Auth Security Considerations
The use of a BFD authentication mechanism that protects the BFD The use of a BFD authentication mechanism that protects the BFD
packets is RECOMMENDED. packets is RECOMMENDED.
The Security Considerations of [RFC5880] for unauthenticated BFD all The security considerations of [RFC5880] for unauthenticated BFD all
apply to the new NULL authentication type. The NULL Authentication apply to the new NULL authentication type. The NULL authentication
type, defined in this document, provides none of the properties type, defined in this document, provides none of the properties
desired for authenticating BFD packets. It is intended to provide desired for authenticating BFD packets. It is intended to provide
BFD sessions that otherwise would not use authentication, a sequence BFD sessions that otherwise would not use authentication with a
number that can be used for purposes of detecting lost packets. sequence number that can be used for the purpose of detecting lost
packets.
The lack of a computed AuthKey/Digest over the BFD packet, but the The lack of a computed AuthKey/Digest over the BFD packet, but the
presence of a Sequence Number makes this authentication type presence of a sequence number, makes this authentication type
susceptible to injection attacks. BFD without authentication is susceptible to injection attacks. BFD without authentication is
vulnerable to session resets; the NULL Auth type does not change vulnerable to session resets; the NULL Auth type does not change
this. this.
When the NULL Authentication type is used for BFD Stability purposes, When the NULL authentication type is used for BFD stability purposes,
maliciously injected packets that do not reset the BFD session can maliciously injected packets that do not reset the BFD session can
resemble high packet loss. Sessions such as multi-hop routed paths, resemble high packet loss. Sessions such as multi-hop routed paths,
tunnels without authentication, or MPLS LSP, therefore, have security tunnels without authentication, or MPLS Label Switched Paths (LSPs),
guarantees that are identical to situations where BFD is run without therefore, have security guarantees that are identical to situations
authentication. where BFD is run without authentication.
9.2. YANG Security Considerations 9.2. YANG Security Considerations
The YANG module specified in this document defines a schema for data This section is modeled after the template described in Section 3.7.1
that is designed to be accessed via network management protocols such of [RFC9907].
as NETCONF [RFC6241] or RESTCONF [RFC8040]. These YANG-based
management protocols have to use a secure transport layer (e.g., SSH The "ietf-bfd-stability" YANG module defines a data model that is
[RFC4252], TLS [RFC8446], and QUIC [RFC9000]) and have to use mutual designed to be accessed via YANG-based management protocols, such as
Network Configuration Protocol (NETCONF) [RFC6241] and RESTCONF
[RFC8040]. These YANG-based management protocols (1) have to use a
secure transport layer (e.g., Secure Shell (SSH) [RFC4252], TLS
[RFC8446], and QUIC [RFC9000]) and (2) have to use mutual
authentication. authentication.
The NETCONF Access Control Model (NACM) [RFC8341] provides the means The Network Configuration Access Control Model (NACM) [RFC8341]
to restrict access for particular NETCONF or RESTCONF users to a provides the means to restrict access for particular NETCONF or
preconfigured subset of all available NETCONF or RESTCONF protocol RESTCONF users to a preconfigured subset of all available NETCONF or
operations and content. RESTCONF protocol operations and content.
The YANG module does not define any writeable/creatable/deletable The YANG module does not define any writeable/creatable/deletable
data nodes that can have an adverse impact on a BFD session. data nodes that can have an adverse impact on a BFD session.
The only readable data nodes in YANG module may be considered Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or important to control read access (e.g., via get, get-config, or
notification) to these data nodes. notification) to these data nodes. Specifically, the following
subtrees and data nodes have particular sensitivities/
vulnerabilities:
The model defines a read-only node to indicate the number of packets The model defines a read-only node to indicate the number of packets
that were lost. Access to this information may allow a malicious that were lost. Access to this information may allow a malicious
user information on which links are experiencing issues. In user information on which links are experiencing issues. In
addition, and as stated in Out of Order Packets (Section 6.2), on addition, and as stated in Section 6.2, on links such as LAG or ECMP,
links such as LAG or ECMP, there is a possibility of packets being there is a possibility of packets being delivered out-of-order. A
delivered out-of-order. A strict comparison of increasing sequence strict comparison of increasing sequence numbers may result in
numbers may result in classifying those out of order packets as classifying those out-of-order packets as packet loss.
packet loss.
The YANG module does not define any RPC operations. The YANG module does not define any RPC operations.
10. Contributors 10. References
The authors of this document would like to acknowledge Jeff Haas as a
contributor to this document. His contribution lead to a significant
improvement of the document. In addition, Manav Bhatia contributed
to this document.
11. Acknowledgements
Authors would like to thank Nobo Akiya, Dileep Singh, Basil Saji,
Sagar Soni, Albert Fu, Peng Fang, and Mallik Mudigonda who
contributed to this document. Thanks to Christian Huitema for the
SECDIR and Ebben Aries for the YANG Doctors review.
Thanks to Reshad Rehman for being the shepherd of the document.
12. References
12.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
skipping to change at page 18, line 11 skipping to change at line 743
Routing Management (NMDA Version)", RFC 8349, Routing Management (NMDA Version)", RFC 8349,
DOI 10.17487/RFC8349, March 2018, DOI 10.17487/RFC8349, March 2018,
<https://www.rfc-editor.org/info/rfc8349>. <https://www.rfc-editor.org/info/rfc8349>.
[RFC9314] Jethanandani, M., Ed., Rahman, R., Ed., Zheng, L., Ed., [RFC9314] Jethanandani, M., Ed., Rahman, R., Ed., Zheng, L., Ed.,
Pallagatti, S., and G. Mirsky, "YANG Data Model for Pallagatti, S., and G. Mirsky, "YANG Data Model for
Bidirectional Forwarding Detection (BFD)", RFC 9314, Bidirectional Forwarding Detection (BFD)", RFC 9314,
DOI 10.17487/RFC9314, September 2022, DOI 10.17487/RFC9314, September 2022,
<https://www.rfc-editor.org/info/rfc9314>. <https://www.rfc-editor.org/info/rfc9314>.
12.2. Informative References 10.2. Informative References
[I-D.ietf-bfd-secure-sequence-numbers] [BFD-ISAAC]
DeKok, A., Jethanandani, M., Agarwal, S., Mishra, A., and DeKok, A., Jethanandani, M., Agarwal, S., Mishra, A., and
J. Haas, "Meticulous Keyed ISAAC for BFD Optimized J. Haas, "Meticulous Keyed ISAAC for BFD Optimized
Authentication", Work in Progress, Internet-Draft, draft- Authentication", Work in Progress, Internet-Draft, draft-
ietf-bfd-secure-sequence-numbers-27, 16 October 2025, ietf-bfd-secure-sequence-numbers-27, 16 October 2025,
<https://datatracker.ietf.org/doc/html/draft-ietf-bfd- <https://datatracker.ietf.org/doc/html/draft-ietf-bfd-
secure-sequence-numbers-27>. secure-sequence-numbers-27>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
skipping to change at page 18, line 44 skipping to change at line 776
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000, Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021, DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9000>. <https://www.rfc-editor.org/info/rfc9000>.
[Y-1731] ITU-T, "OAM Functions and Mechanisms for Ethernet-based [RFC9907] Bierman, A., Boucadair, M., Ed., and Q. Wu, "Guidelines
Networks", Recommendation G.8013/Y.1731, November 2013. for Authors and Reviewers of Documents Containing YANG
Data Models", BCP 216, RFC 9907, DOI 10.17487/RFC9907,
March 2026, <https://www.rfc-editor.org/info/rfc9907>.
[Y-1731] ITU-T, "OAM functions and mechanisms for Ethernet based
networks", ITU-T Recommendation G.8013/Y.1731, November
2013, <https://www.itu.int/rec/T-REC-G.8013-201311-S/en>.
Appendix A. Experimental Status Appendix A. Experimental Status
This document describes an experiment that will present a candidate This document describes an experiment that will present a candidate
solution to predict whether a given BFD [RFC5880] session will solution to predict whether a given BFD [RFC5880] session will
continue to be stable. The experiment will use the packet lost count continue to be stable. The experiment will use the packet lost count
and the 'received-packet-count' defined in the YANG Data Model for and the 'received-packet-count' defined in "YANG Data Model for
Bidirectional Forward Detection (BFD) [RFC9314] to determine how Bidirectional Forwarding Detection (BFD)" [RFC9314] to determine how
stable is the session. The reason why this document is on an stable the session is. The reason this document is on the
Experimental track is because there are no known implementations or Experimental track is because there are no known implementations or
proof-of-concept. As a result, the authors are not clear whether a proof of concept. As a result, the authors are not clear whether a
simple lost count is enough to predict the stability or there will be simple lost count is enough to predict the stability or if there will
a need to have a more granular count. be a need to be a more granular count.
This document is classified as Experimental and is not part of the This document is classified as Experimental and is not part of the
IETF Standards Track. IETF Standards Track.
Appendix B. Examples Appendix B. Examples
This section tries to show some examples in how the model can be This section tries to show some examples of how the model can be
configured for stability. configured for stability.
B.1. Single Hop BFD Configuration B.1. Single-Hop BFD Configuration
This example demonstrates how a Single Hop BFD session can be This example demonstrates how a single-hop BFD session can be
configured to enable monitoring of a session for stability. configured to enable monitoring of a session for stability.
=============== NOTE: '\' line wrapping per RFC 8792 =============== =============== NOTE: '\' line wrapping per RFC 8792 ===============
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<key-chains <key-chains
xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain" xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain"
xmlns:kc="urn:ietf:params:xml:ns:yang:ietf-key-chain"> xmlns:kc="urn:ietf:params:xml:ns:yang:ietf-key-chain">
<key-chain> <key-chain>
<name>bfd-stability-config</name> <name>bfd-stability-config</name>
<description>"An example for BFD Stabalized configuration."</de\ <description>"An example for BFD stabilized configuration."</de\
scription> scription>
<key> <key>
<key-id>55</key-id> <key-id>55</key-id>
<lifetime> <lifetime>
<send-lifetime> <send-lifetime>
<start-date-time>2025-01-01T00:00:00Z</start-date-time> <start-date-time>2025-01-01T00:00:00Z</start-date-time>
<end-date-time>2025-02-01T00:00:00Z</end-date-time> <end-date-time>2025-02-01T00:00:00Z</end-date-time>
</send-lifetime> </send-lifetime>
<accept-lifetime> <accept-lifetime>
<start-date-time>2024-12-31T23:59:55Z</start-date-time> <start-date-time>2024-12-31T23:59:55Z</start-date-time>
skipping to change at page 21, line 19 skipping to change at line 892
=============== NOTE: '\' line wrapping per RFC 8792 =============== =============== NOTE: '\' line wrapping per RFC 8792 ===============
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<key-chains <key-chains
xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain" xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain"
xmlns:stability="urn:ietf:params:xml:ns:yang:ietf-bfd-stability\ xmlns:stability="urn:ietf:params:xml:ns:yang:ietf-bfd-stability\
"> ">
<key-chain> <key-chain>
<name>bfd-stability-config</name> <name>bfd-stability-config</name>
<description>"An example for BFD Stability configuration."</des\ <description>"An example for BFD stability configuration."</des\
cription> cription>
<key> <key>
<key-id>55</key-id> <key-id>55</key-id>
<lifetime> <lifetime>
<send-lifetime> <send-lifetime>
<start-date-time>2025-01-01T00:00:00Z</start-date-time> <start-date-time>2025-01-01T00:00:00Z</start-date-time>
<end-date-time>2025-02-01T00:00:00Z</end-date-time> <end-date-time>2025-02-01T00:00:00Z</end-date-time>
</send-lifetime> </send-lifetime>
<accept-lifetime> <accept-lifetime>
<start-date-time>2024-12-31T23:59:55Z</start-date-time> <start-date-time>2024-12-31T23:59:55Z</start-date-time>
skipping to change at page 22, line 29 skipping to change at line 951
<meticulous>true</meticulous> <meticulous>true</meticulous>
</authentication> </authentication>
</session> </session>
</sessions> </sessions>
</ip-sh> </ip-sh>
</bfd> </bfd>
</control-plane-protocol> </control-plane-protocol>
</control-plane-protocols> </control-plane-protocols>
</routing> </routing>
Acknowledgements
The authors would like to thank Nobo Akiya, Dileep Singh, Basil Saji,
Sagar Soni, Albert Fu, Peng Fang, and Mallik Mudigonda for
contributing to this document. Thanks to Christian Huitema for the
SECDIR review and Ebben Aries for the YANG Doctors review.
Thanks to Reshad Rehman for being the shepherd of the document.
Contributors
The authors would like to acknowledge Jeff Haas as a contributor to
this document. His contribution lead to significant improvements of
the document. In addition, Manav Bhatia contributed to this
document.
Authors' Addresses Authors' Addresses
Ashesh Mishra Ashesh Mishra
Aalyria Technologies Aalyria Technologies
Email: ashesh@aalyria.com Email: ashesh@aalyria.com
Mahesh Jethanandani Mahesh Jethanandani
Arrcus, Inc. Arrcus, Inc.
United States of America United States of America
Email: mjethanandani@gmail.com Email: mjethanandani@gmail.com
 End of changes. 124 change blocks. 
323 lines changed or deleted 314 lines changed or added

This html diff was produced by rfcdiff 1.48.