| rfc9826v1.txt | rfc9826.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) D. Dhody, Ed. | Internet Engineering Task Force (IETF) D. Dhody, Ed. | |||
| Request for Comments: 9826 Huawei | Request for Comments: 9826 Huawei | |||
| Category: Standards Track V. Beeram | Category: Standards Track V. Beeram | |||
| ISSN: 2070-1721 Juniper Networks | ISSN: 2070-1721 Juniper Networks | |||
| J. Hardwick | J. Hardwick | |||
| J. Tantsura | J. Tantsura | |||
| Nvidia | Nvidia | |||
| July 2025 | August 2025 | |||
| A YANG Data Model for the Path Computation Element Communication | A YANG Data Model for the Path Computation Element Communication | |||
| Protocol (PCEP) | Protocol (PCEP) | |||
| Abstract | Abstract | |||
| This document defines a YANG data model for the management of the | This document defines a YANG data model for the management of the | |||
| Path Computation Element Communication Protocol (PCEP) for | Path Computation Element Communication Protocol (PCEP) for | |||
| communications between a Path Computation Client (PCC) and a Path | communications between a Path Computation Client (PCC) and a Path | |||
| Computation Element (PCE), or between two PCEs. | Computation Element (PCE), or between two PCEs. | |||
| skipping to change at line 58 ¶ | skipping to change at line 58 ¶ | |||
| Trust Legal Provisions and are provided without warranty as described | Trust Legal Provisions and are provided without warranty as described | |||
| in the Revised BSD License. | in the Revised BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction | 1. Introduction | |||
| 2. Requirements Language | 2. Requirements Language | |||
| 3. Terminology and Notation | 3. Terminology and Notation | |||
| 3.1. Tree Diagrams | 3.1. Tree Diagrams | |||
| 3.2. Prefixes in Data Node Names | 3.2. Prefixes in Data Node Names | |||
| 3.3. References in the Model | 3.3. References in the YANG Data Model | |||
| 4. The Design of PCEP Data Model | 4. The Design of PCEP Data Model | |||
| 4.1. The Entity | 4.1. The Entity | |||
| 4.1.1. The Peer List | 4.1.1. The Peer List | |||
| 4.1.1.1. The Session List | 4.1.1.1. The Session List | |||
| 4.2. Notifications | 4.2. Notifications | |||
| 4.3. RPC | 4.3. RPC | |||
| 5. The Design of PCEP Statistics Data Model | 5. The Design of PCEP Statistics Data Model | |||
| 6. Advanced PCE Features | 6. Advanced PCE Features | |||
| 6.1. Stateful PCE's LSP-DB | 6.1. Stateful PCE's LSP-DB | |||
| 7. Other Considerations | 7. Other Considerations | |||
| skipping to change at line 155 ¶ | skipping to change at line 155 ¶ | |||
| This document uses the following terms defined in [RFC7420]: | This document uses the following terms defined in [RFC7420]: | |||
| PCEP entity: a local PCEP speaker | PCEP entity: a local PCEP speaker | |||
| PCEP peer: a remote PCEP speaker | PCEP peer: a remote PCEP speaker | |||
| PCEP speaker: term used when it is not necessary to distinguish | PCEP speaker: term used when it is not necessary to distinguish | |||
| between local and remote. | between local and remote. | |||
| Further, this document uses the following terms defined in [RFC8231]: | Further, this document uses the following terms defined in [RFC8051]: | |||
| * Stateful PCE, Passive Stateful PCE, Active Stateful PCE | * Stateful PCE | |||
| * Delegation, Revocation, Redelegation | * Passive Stateful PCE | |||
| * Active Stateful PCE | ||||
| * Delegation | ||||
| In addition, this document uses the following terms defined in | ||||
| [RFC8231]: | ||||
| * Revocation | ||||
| * Redelegation | ||||
| * Path Computation LSP State Report (PCRpt) message | * Path Computation LSP State Report (PCRpt) message | |||
| * Path Computation LSP Update Request (PCUpd) message | * Path Computation LSP Update Request (PCUpd) message | |||
| * PLSP-ID (a PCEP-specific identifier for the LSP) | * PLSP-ID (a PCEP-specific identifier for the LSP) | |||
| * Stateful PCE Request Parameter (SRP) | * Stateful PCE Request Parameter (SRP) | |||
| This document also uses the following terms defined in [RFC8281]: | This document also uses the following terms defined in [RFC8281]: | |||
| skipping to change at line 192 ¶ | skipping to change at line 203 ¶ | |||
| * Objective Function (OF) [RFC5541] | * Objective Function (OF) [RFC5541] | |||
| * Association [RFC8697] | * Association [RFC8697] | |||
| * Configuration data [RFC6241] | * Configuration data [RFC6241] | |||
| * State data [RFC6241] | * State data [RFC6241] | |||
| 3.1. Tree Diagrams | 3.1. Tree Diagrams | |||
| A simplified graphical representation of the data model is used in | Simplified graphical representations of the data model are used in | |||
| this document. The meaning of the symbols in these diagrams is | this document. The meaning of the symbols in these diagrams is | |||
| defined in [RFC8340]. | defined in [RFC8340]. | |||
| 3.2. Prefixes in Data Node Names | 3.2. Prefixes in Data Node Names | |||
| In this document, the names of data nodes and other data model | In this document, the names of data nodes and other data model | |||
| objects are often used without a prefix, as long as it is clear from | objects are often used without a prefix, as long as it is clear from | |||
| the context in which YANG module each name is defined. Otherwise, | the context in which YANG module each name is defined. Otherwise, | |||
| names are prefixed using the standard prefix associated with the | names are prefixed using the standard prefix associated with the | |||
| corresponding YANG module, as shown in Table 1. | corresponding YANG module, as shown in Table 1. | |||
| skipping to change at line 229 ¶ | skipping to change at line 240 ¶ | |||
| | tlsc | ietf-tls-client | [RFC9645] | | | tlsc | ietf-tls-client | [RFC9645] | | |||
| +-----------+------------------+-----------+ | +-----------+------------------+-----------+ | |||
| | ospf | ietf-ospf | [RFC9129] | | | ospf | ietf-ospf | [RFC9129] | | |||
| +-----------+------------------+-----------+ | +-----------+------------------+-----------+ | |||
| | isis | ietf-isis | [RFC9130] | | | isis | ietf-isis | [RFC9130] | | |||
| +-----------+------------------+-----------+ | +-----------+------------------+-----------+ | |||
| Table 1: Prefixes and Corresponding YANG | Table 1: Prefixes and Corresponding YANG | |||
| Modules | Modules | |||
| 3.3. References in the Model | 3.3. References in the YANG Data Model | |||
| The following documents are referenced in the model defined in this | The following table lists the documents that are referenced in the | |||
| document. | YANG data model defined in this document. | |||
| +=====================================================+=============+ | +=====================================================+=============+ | |||
| | Documents | Reference | | | Documents | Reference | | |||
| +=====================================================+=============+ | +=====================================================+=============+ | |||
| | OSPF Protocol Extensions for Path Computation | [RFC5088] | | | OSPF Protocol Extensions for Path Computation | [RFC5088] | | |||
| | Element (PCE) Discovery | | | | Element (PCE) Discovery | | | |||
| +-----------------------------------------------------+-------------+ | +-----------------------------------------------------+-------------+ | |||
| | IS-IS Protocol Extensions for Path Computation | [RFC5089] | | | IS-IS Protocol Extensions for Path Computation | [RFC5089] | | |||
| | Element (PCE) Discovery | | | | Element (PCE) Discovery | | | |||
| +-----------------------------------------------------+-------------+ | +-----------------------------------------------------+-------------+ | |||
| skipping to change at line 356 ¶ | skipping to change at line 367 ¶ | |||
| +-----------------------------------------------------+-------------+ | +-----------------------------------------------------+-------------+ | |||
| | Extensions to the Path Computation Element | [RFC8282] | | | Extensions to the Path Computation Element | [RFC8282] | | |||
| | Communication Protocol (PCEP) for Inter-Layer | | | | Communication Protocol (PCEP) for Inter-Layer | | | |||
| | MPLS and GMPLS Traffic Engineering | | | | MPLS and GMPLS Traffic Engineering | | | |||
| +-----------------------------------------------------+-------------+ | +-----------------------------------------------------+-------------+ | |||
| | Path Computation Element Communication Protocol | [RFC9005] | | | Path Computation Element Communication Protocol | [RFC9005] | | |||
| | (PCEP) Extension for Associating Policies and | | | | (PCEP) Extension for Associating Policies and | | | |||
| | Label Switched Paths (LSPs) | | | | Label Switched Paths (LSPs) | | | |||
| +-----------------------------------------------------+-------------+ | +-----------------------------------------------------+-------------+ | |||
| Table 2: References in the YANG Modules | Table 2: References in the YANG Data Model | |||
| 4. The Design of PCEP Data Model | 4. The Design of PCEP Data Model | |||
| The PCEP YANG module defined in this document has all the common | The PCEP YANG module defined in this document has all the common | |||
| building blocks for PCEP, which are listed below and further detailed | building blocks for PCEP, which are listed below and further detailed | |||
| in the subsequent subsections. | in the subsequent subsections. | |||
| * The local PCEP entity | * The local PCEP entity | |||
| * The PCEP peer | * The PCEP peer | |||
| skipping to change at line 650 ¶ | skipping to change at line 661 ¶ | |||
| | +--ro id leafref | | +--ro id leafref | |||
| | +--ro source leafref | | +--ro source leafref | |||
| | +--ro global-source leafref | | +--ro global-source leafref | |||
| | +--ro extended-id leafref | | +--ro extended-id leafref | |||
| +--ro path-keys {path-key}? | +--ro path-keys {path-key}? | |||
| | +--ro path-key* [key] | | +--ro path-key* [key] | |||
| | +--ro key uint16 | | +--ro key uint16 | |||
| | +--ro cps | | +--ro cps | |||
| | | +--ro explicit-route-objects* [index] | | | +--ro explicit-route-objects* [index] | |||
| | | +--ro index uint32 | | | +--ro index uint32 | |||
| | | +--ro (type)? | ||||
| | | +--:(numbered-node-hop) | ||||
| | | | +--ro numbered-node-hop | ||||
| | | | +--ro node-id te-node-id | ||||
| | | | +--ro hop-type? te-hop-type | ||||
| | | +--:(numbered-link-hop) | ||||
| | | | +--ro numbered-link-hop | ||||
| | | | +--ro link-tp-id te-tp-id | ||||
| | | | +--ro hop-type? te-hop-type | ||||
| | | | +--ro direction? te-link-direction | ||||
| | | +--:(unnumbered-link-hop) | ||||
| | | | +--ro unnumbered-link-hop | ||||
| | | | +--ro link-tp-id te-tp-id | ||||
| | | | +--ro node-id te-node-id | ||||
| | | | +--ro hop-type? te-hop-type | ||||
| | | | +--ro direction? te-link-direction | ||||
| | | +--:(as-number) | ||||
| | | | +--ro as-number-hop | ||||
| | | | +--ro as-number inet:as-number | ||||
| | | | +--ro hop-type? te-hop-type | ||||
| | | +--:(label) | ||||
| | | +--ro label-hop | ||||
| | | +--ro te-label | ||||
| | | ... | ||||
| | +--ro pcc-requester? -> /pcep/entity/peers/peer/addr | | +--ro pcc-requester? -> /pcep/entity/peers/peer/addr | |||
| | +--ro req-id? uint32 | | +--ro req-id? uint32 | |||
| | +--ro retrieved? boolean | | +--ro retrieved? boolean | |||
| | +--ro pcc-retrieved? -> /pcep/entity/peers/peer/addr | | +--ro pcc-retrieved? -> /pcep/entity/peers/peer/addr | |||
| | +--ro creation-time? yang:timestamp | | +--ro creation-time? yang:timestamp | |||
| | +--ro discard-time? uint32 | | +--ro discard-time? uint32 | |||
| | +--ro reuse-time? uint32 | | +--ro reuse-time? uint32 | |||
| +--rw peers | +--rw peers | |||
| +--rw peer* [addr] | +--rw peer* [addr] | |||
| +--... | +--... | |||
| skipping to change at line 705 ¶ | skipping to change at line 740 ¶ | |||
| +--rw peer* [addr] | +--rw peer* [addr] | |||
| +--rw addr inet:ip-address-no-zone | +--rw addr inet:ip-address-no-zone | |||
| +--rw role role | +--rw role role | |||
| +--rw description? string | +--rw description? string | |||
| +--rw domains | +--rw domains | |||
| | +--rw domain* [type domain] | | +--rw domain* [type domain] | |||
| | +--rw type identityref | | +--rw type identityref | |||
| | +--rw domain domain | | +--rw domain domain | |||
| +--rw capabilities | +--rw capabilities | |||
| | +--rw capability? bits | | +--rw capability? bits | |||
| | +--rw pce-initiated? boolean {pce-initiated}? | | +--rw pce-initiated? boolean | |||
| | | {pce-initiated}? | ||||
| | +--rw include-db-ver? boolean | | +--rw include-db-ver? boolean | |||
| | | {stateful,sync-opt}? | | | {stateful,sync-opt}? | |||
| | +--rw trigger-resync? boolean | | +--rw trigger-resync? boolean | |||
| | | {stateful,sync-opt}? | | | {stateful,sync-opt}? | |||
| | +--rw trigger-initial-sync? boolean | | +--rw trigger-initial-sync? boolean | |||
| | | {stateful,sync-opt}? | | | {stateful,sync-opt}? | |||
| | +--rw incremental-sync? boolean | | +--rw incremental-sync? boolean | |||
| | | {stateful,sync-opt}? | | | {stateful,sync-opt}? | |||
| | +--rw sr-mpls {sr-mpls}? | | +--rw sr-mpls {sr-mpls}? | |||
| | | +--rw enabled? boolean | | | +--rw enabled? boolean | |||
| skipping to change at line 748 ¶ | skipping to change at line 784 ¶ | |||
| +--rw auth | +--rw auth | |||
| | +--rw (auth-type-selection)? | | +--rw (auth-type-selection)? | |||
| | +--:(auth-key-chain) | | +--:(auth-key-chain) | |||
| | | +--rw key-chain? | | | +--rw key-chain? | |||
| | | key-chain:key-chain-ref | | | key-chain:key-chain-ref | |||
| | +--:(auth-key) | | +--:(auth-key) | |||
| | | +--rw crypto-algorithm identityref | | | +--rw crypto-algorithm identityref | |||
| | | +--rw (key-string-style)? | | | +--rw (key-string-style)? | |||
| | | +--:(keystring) | | | +--:(keystring) | |||
| | | | +--rw keystring? string | | | | +--rw keystring? string | |||
| | | +--:(hexadecimal) {key-chain:hex-key-string}? | | | +--:(hexadecimal) | |||
| | | +--rw hexadecimal-string? yang:hex-string | | | {key-chain:hex-key-string}? | |||
| | | +--rw hexadecimal-string? | ||||
| | | yang:hex-string | ||||
| | +--:(auth-tls) {tls}? | | +--:(auth-tls) {tls}? | |||
| | +--rw (role)? | | +--rw (role)? | |||
| | +--:(server) | | +--:(server) | |||
| | | +--rw tls-server | | | +--rw tls-server | |||
| | | ... | | | ... | |||
| | +--:(client) | | +--:(client) | |||
| | +--rw tls-client | | +--rw tls-client | |||
| | ... | | ... | |||
| +--ro discontinuity-time? yang:timestamp | +--ro discontinuity-time? yang:timestamp | |||
| +--ro initiate-session? boolean | +--ro initiate-session? boolean | |||
| skipping to change at line 799 ¶ | skipping to change at line 837 ¶ | |||
| module: ietf-pcep | module: ietf-pcep | |||
| +--rw pcep! | +--rw pcep! | |||
| +--rw entity | +--rw entity | |||
| +--... | +--... | |||
| +--rw peers | +--rw peers | |||
| +--rw peer* [addr] | +--rw peer* [addr] | |||
| +--... | +--... | |||
| +--ro sessions | +--ro sessions | |||
| +--ro session* [initiator] | +--ro session* [initiator] | |||
| +--ro initiator initiator | +--ro initiator initiator | |||
| +--ro role? -> ../../../role | +--ro role? | |||
| | -> ../../../role | ||||
| +--ro state-last-change? yang:timestamp | +--ro state-last-change? yang:timestamp | |||
| +--ro state? sess-state | +--ro state? sess-state | |||
| +--ro session-creation? yang:timestamp | +--ro session-creation? yang:timestamp | |||
| +--ro connect-retry? yang:counter32 | +--ro connect-retry? yang:counter32 | |||
| +--ro local-id? uint8 | +--ro local-id? uint8 | |||
| +--ro remote-id? uint8 | +--ro remote-id? uint8 | |||
| +--ro keepalive-timer? uint8 | +--ro keepalive-timer? uint8 | |||
| +--ro peer-keepalive-timer? uint8 | +--ro peer-keepalive-timer? uint8 | |||
| +--ro dead-timer? uint8 | +--ro dead-timer? uint8 | |||
| +--ro peer-dead-timer? uint8 | +--ro peer-dead-timer? uint8 | |||
| skipping to change at line 1094 ¶ | skipping to change at line 1133 ¶ | |||
| * Stateful PCE | * Stateful PCE | |||
| * Segment Routing (SR) for the MPLS data plane | * Segment Routing (SR) for the MPLS data plane | |||
| * Authentication including PCEPS (TLS) | * Authentication including PCEPS (TLS) | |||
| * Hierarchical PCE (H-PCE) | * Hierarchical PCE (H-PCE) | |||
| Segment Routing in the IPv6 data plane is out of the scope of this | Segment Routing in the IPv6 data plane is out of the scope of this | |||
| document. Refer to [YANG-PCEP-SR] for the PCEP-SRv6 YANG module. | document. Refer to [YANG-PCEP-SRV6] for the PCEP-SRv6 YANG module. | |||
| 6.1. Stateful PCE's LSP-DB | 6.1. Stateful PCE's LSP-DB | |||
| In the operational datastore of stateful PCE, the list of LSP state | In the operational datastore of stateful PCE, the list of LSP state | |||
| is maintained in the LSP-DB. The key is the PLSP-ID, the PCC's IP | is maintained in the LSP-DB. The key is the PLSP-ID, the PCC's IP | |||
| address, and the LSP-ID. | address, and the LSP-ID. | |||
| The PCEP data model contains the operational state of LSPs | The PCEP data model contains the operational state of LSPs | |||
| (/pcep/entity/lsp-db/lsp/) with PCEP-specific attributes. The | (/pcep/entity/lsp-db/lsp/) with PCEP-specific attributes. The | |||
| generic TE attributes of the LSP are defined in [YANG-TE]. A | generic TE attributes of the LSP are defined in [YANG-TE]. A | |||
| skipping to change at line 1264 ¶ | skipping to change at line 1303 ¶ | |||
| Path Computation Element (PCE)."; | Path Computation Element (PCE)."; | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "The role of a PCEP speaker. | "The role of a PCEP speaker. | |||
| Takes one of the following values: | Takes one of the following values: | |||
| - unknown(0): the role is not known, | - unknown(0): the role is not known, | |||
| - pcc(1): the role is of a Path Computation | - pcc(1): the role is of a Path Computation | |||
| Client (PCC), | Client (PCC), | |||
| - pce(2): the role is of a Path Computation | - pce(2): the role is of a Path Computation | |||
| Server (PCE), | Element (PCE), | |||
| - pcc-and-pce(3): the role is of both a PCC and | - pcc-and-pce(3): the role is of both a PCC and | |||
| a PCE."; | a PCE."; | |||
| reference | reference | |||
| "RFC 5440: Path Computation Element (PCE) Communication | "RFC 5440: Path Computation Element (PCE) Communication | |||
| Protocol (PCEP)"; | Protocol (PCEP)"; | |||
| } | } | |||
| typedef oper-status { | typedef oper-status { | |||
| type enumeration { | type enumeration { | |||
| enum oper-status-up { | enum oper-status-up { | |||
| skipping to change at line 3310 ¶ | skipping to change at line 3349 ¶ | |||
| leaf creation-time { | leaf creation-time { | |||
| type yang:timestamp; | type yang:timestamp; | |||
| description | description | |||
| "The timestamp value at the time this path-key | "The timestamp value at the time this path-key | |||
| was created."; | was created."; | |||
| } | } | |||
| leaf discard-time { | leaf discard-time { | |||
| type uint32; | type uint32; | |||
| units "minutes"; | units "minutes"; | |||
| description | description | |||
| "A time after which this path-keys will be | "A time after which this path-key will be | |||
| discarded."; | discarded."; | |||
| } | } | |||
| leaf reuse-time { | leaf reuse-time { | |||
| type uint32; | type uint32; | |||
| units "minutes"; | units "minutes"; | |||
| description | description | |||
| "A time after which this path-keys could be | "A time after which this path-key could be | |||
| reused."; | reused."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| container peers { | container peers { | |||
| description | description | |||
| "The list of configured peers for the | "The list of configured peers for the | |||
| entity (remote PCE)."; | entity (remote PCE)."; | |||
| list peer { | list peer { | |||
| key "addr"; | key "addr"; | |||
| skipping to change at line 4680 ¶ | skipping to change at line 4719 ¶ | |||
| If this mechanism is not supported, implementations must | If this mechanism is not supported, implementations must | |||
| reset PCEP statistics individually by invoking the action | reset PCEP statistics individually by invoking the action | |||
| for each peer and session."; | for each peer and session."; | |||
| } | } | |||
| } | } | |||
| <CODE ENDS> | <CODE ENDS> | |||
| 9. Security Considerations | 9. Security Considerations | |||
| This section is modeled after the template described in Section 3.7 | This section is modeled after the template described in Section 3.7.1 | |||
| of [YANG-GUIDELINES]. | of [YANG-GUIDELINES]. | |||
| The "ietf-pcep" and "ietf-pcep-stats" YANG modules define data models | The "ietf-pcep" and "ietf-pcep-stats" YANG modules define data models | |||
| that are designed to be accessed via YANG-based management protocols, | that are designed to be accessed via YANG-based management protocols, | |||
| such as NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols | such as NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols | |||
| have to use a secure transport layer (e.g., SSH [RFC4252], TLS | have to use a secure transport layer (e.g., SSH [RFC4252], TLS | |||
| [RFC8446], and QUIC [RFC9000]) and have to use mutual authentication. | [RFC8446], and QUIC [RFC9000]) and have to use mutual authentication. | |||
| The Network Configuration Access Control Model (NACM) [RFC8341] | The Network Configuration Access Control Model (NACM) [RFC8341] | |||
| provides the means to restrict access for particular NETCONF or | provides the means to restrict access for particular NETCONF or | |||
| skipping to change at line 4741 ¶ | skipping to change at line 4780 ¶ | |||
| is thus important to control access to these operations. | is thus important to control access to these operations. | |||
| Specifically, the following operation has particular sensitivities/ | Specifically, the following operation has particular sensitivities/ | |||
| vulnerabilities: | vulnerabilities: | |||
| * trigger-resync: Triggers resynchronization with the PCE. | * trigger-resync: Triggers resynchronization with the PCE. | |||
| Unauthorized access to this could force a PCEP session into | Unauthorized access to this could force a PCEP session into | |||
| continuous state synchronization. | continuous state synchronization. | |||
| This YANG module uses groupings from other YANG modules that define | This YANG module uses groupings from other YANG modules that define | |||
| nodes that may be considered sensitive or vulnerable in network | nodes that may be considered sensitive or vulnerable in network | |||
| environments. Refer to the Security Considerations of respective | environments. Refer to the Security Considerations of [RFC9645] and | |||
| RFCs for information as to which nodes may be considered sensitive or | [RFC8776] for information as to which nodes may be considered | |||
| vulnerable in network environments. | sensitive or vulnerable in network environments. | |||
| The YANG module defines a set of identities, types, and groupings. | ||||
| These nodes are intended to be reused by other YANG modules. The | ||||
| module by itself does not expose any data nodes that are writable, | ||||
| data nodes that contain read-only state, or RPCs. As such, there are | ||||
| no additional security issues related to the YANG module that need to | ||||
| be considered. | ||||
| Modules that use the groupings that are defined in this document | ||||
| should identify the corresponding security considerations. | ||||
| The actual authentication key data (whether locally specified or part | The actual authentication key data (whether locally specified or part | |||
| of a key-chain) is sensitive and needs to be kept secret from | of a key-chain) is sensitive and needs to be kept secret from | |||
| unauthorized parties; compromise of the key data would allow an | unauthorized parties; compromise of the key data would allow an | |||
| attacker to forge PCEP traffic that would be accepted as authentic, | attacker to forge PCEP traffic that would be accepted as authentic, | |||
| potentially compromising the TE domain. | potentially compromising the TE domain. | |||
| The model describes several notifications; implementations must rate- | The model describes several notifications; implementations must rate- | |||
| limit the generation of these notifications to avoid creating a | limit the generation of these notifications to avoid creating a | |||
| significant notification load. Otherwise, this notification load may | significant notification load. Otherwise, this notification load may | |||
| have some side effects on the system stability and may be exploited | have some side effects on the system stability and may be exploited | |||
| as an attack vector. | as an attack vector. | |||
| The "auth" container includes various authentication and security | The "auth" container includes various authentication and security | |||
| options for PCEP. Further, Section 7.1 describes how to configure | options for PCEP. Further, Section 7.1 describes how to configure | |||
| TLS 1.2 and TLS 1.3 for a PCEP session via this YANG module. | TLS 1.2 and TLS 1.3 for a PCEP session via this YANG module. | |||
| *The "ietf-pcep-stats" YANG module:* | *The "ietf-pcep-stats" YANG module:* | |||
| This document also includes another YANG module (called "ietf-pcep- | ||||
| stats") for maintaining the statistics by augmenting the "ietf-pcep" | ||||
| YANG module. | ||||
| There are no particularly sensitive writable data nodes. | There are no particularly sensitive writable data nodes. | |||
| The readable data nodes in this YANG module may be considered | There are no particularly sensitive readable data nodes. | |||
| sensitive or vulnerable in some network environments. It is thus | ||||
| important to control read access (e.g., via get, get-config, or | ||||
| notification) to these data nodes. The statistics could provide | ||||
| information related to the current usage patterns of the network. | ||||
| Some of the RPC or action operations in this YANG module may be | Some of the RPC or action operations in this YANG module may be | |||
| considered sensitive or vulnerable in some network environments. It | considered sensitive or vulnerable in some network environments. It | |||
| is thus important to control access to these operations. | is thus important to control access to these operations. | |||
| Specifically, the following operation has particular sensitivities/ | Specifically, the following operation has particular sensitivities/ | |||
| vulnerabilities: | vulnerabilities: | |||
| * reset-pcep-statistics-all: The RPC is used to reset all PCEP | * reset-pcep-statistics-all: The RPC is used to reset all PCEP | |||
| statistics across all peers and sessions. An unauthorized reset | statistics across all peers and sessions. An unauthorized reset | |||
| could impact monitoring. | could impact monitoring. | |||
| skipping to change at line 5087 ¶ | skipping to change at line 5108 ¶ | |||
| (TLS) Protocol Version 1.2", RFC 5246, | (TLS) Protocol Version 1.2", RFC 5246, | |||
| DOI 10.17487/RFC5246, August 2008, | DOI 10.17487/RFC5246, August 2008, | |||
| <https://www.rfc-editor.org/info/rfc5246>. | <https://www.rfc-editor.org/info/rfc5246>. | |||
| [RFC7420] Koushik, A., Stephan, E., Zhao, Q., King, D., and J. | [RFC7420] Koushik, A., Stephan, E., Zhao, Q., King, D., and J. | |||
| Hardwick, "Path Computation Element Communication Protocol | Hardwick, "Path Computation Element Communication Protocol | |||
| (PCEP) Management Information Base (MIB) Module", | (PCEP) Management Information Base (MIB) Module", | |||
| RFC 7420, DOI 10.17487/RFC7420, December 2014, | RFC 7420, DOI 10.17487/RFC7420, December 2014, | |||
| <https://www.rfc-editor.org/info/rfc7420>. | <https://www.rfc-editor.org/info/rfc7420>. | |||
| [RFC8051] Zhang, X., Ed. and I. Minei, Ed., "Applicability of a | ||||
| Stateful Path Computation Element (PCE)", RFC 8051, | ||||
| DOI 10.17487/RFC8051, January 2017, | ||||
| <https://www.rfc-editor.org/info/rfc8051>. | ||||
| [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | |||
| and R. Wilton, "Network Management Datastore Architecture | and R. Wilton, "Network Management Datastore Architecture | |||
| (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8342>. | <https://www.rfc-editor.org/info/rfc8342>. | |||
| [RFC8751] Dhody, D., Lee, Y., Ceccarelli, D., Shin, J., and D. King, | [RFC8751] Dhody, D., Lee, Y., Ceccarelli, D., Shin, J., and D. King, | |||
| "Hierarchical Stateful Path Computation Element (PCE)", | "Hierarchical Stateful Path Computation Element (PCE)", | |||
| RFC 8751, DOI 10.17487/RFC8751, March 2020, | RFC 8751, DOI 10.17487/RFC8751, March 2020, | |||
| <https://www.rfc-editor.org/info/rfc8751>. | <https://www.rfc-editor.org/info/rfc8751>. | |||
| skipping to change at line 5111 ¶ | skipping to change at line 5137 ¶ | |||
| <https://www.rfc-editor.org/info/rfc9603>. | <https://www.rfc-editor.org/info/rfc9603>. | |||
| [YANG-GUIDELINES] | [YANG-GUIDELINES] | |||
| Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for | Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for | |||
| Authors and Reviewers of Documents Containing YANG Data | Authors and Reviewers of Documents Containing YANG Data | |||
| Models", Work in Progress, Internet-Draft, draft-ietf- | Models", Work in Progress, Internet-Draft, draft-ietf- | |||
| netmod-rfc8407bis-28, 5 June 2025, | netmod-rfc8407bis-28, 5 June 2025, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-netmod- | <https://datatracker.ietf.org/doc/html/draft-ietf-netmod- | |||
| rfc8407bis-28>. | rfc8407bis-28>. | |||
| [YANG-PCEP-SR] | [YANG-PCEP-SRV6] | |||
| Li, C., Sivabalan, S., Peng, S., Koldychev, M., and L. | Li, C., Sivabalan, S., Peng, S., Koldychev, M., and L. | |||
| Ndifor, "A YANG Data Model for Segment Routing (SR) Policy | Ndifor, "A YANG Data Model for Segment Routing (SR) Policy | |||
| and SR in IPv6 (SRv6) support in Path Computation Element | and SR in IPv6 (SRv6) support in Path Computation Element | |||
| Communications Protocol (PCEP)", Work in Progress, | Communications Protocol (PCEP)", Work in Progress, | |||
| Internet-Draft, draft-ietf-pce-pcep-srv6-yang-07, 21 April | Internet-Draft, draft-ietf-pce-pcep-srv6-yang-07, 21 April | |||
| 2025, <https://datatracker.ietf.org/doc/html/draft-ietf- | 2025, <https://datatracker.ietf.org/doc/html/draft-ietf- | |||
| pce-pcep-srv6-yang-07>. | pce-pcep-srv6-yang-07>. | |||
| [YANG-TE] Saad, T., Gandhi, R., Liu, X., Beeram, V. P., and I. | [YANG-TE] Saad, T., Gandhi, R., Liu, X., Beeram, V. P., and I. | |||
| Bryskin, "A YANG Data Model for Traffic Engineering | Bryskin, "A YANG Data Model for Traffic Engineering | |||
| skipping to change at line 5324 ¶ | skipping to change at line 5350 ¶ | |||
| | +--ro id leafref | | +--ro id leafref | |||
| | +--ro source leafref | | +--ro source leafref | |||
| | +--ro global-source leafref | | +--ro global-source leafref | |||
| | +--ro extended-id leafref | | +--ro extended-id leafref | |||
| +--ro path-keys {path-key}? | +--ro path-keys {path-key}? | |||
| | +--ro path-key* [key] | | +--ro path-key* [key] | |||
| | +--ro key uint16 | | +--ro key uint16 | |||
| | +--ro cps | | +--ro cps | |||
| | | +--ro explicit-route-objects* [index] | | | +--ro explicit-route-objects* [index] | |||
| | | +--ro index uint32 | | | +--ro index uint32 | |||
| | | +--ro (type)? | ||||
| | | +--:(numbered-node-hop) | ||||
| | | | +--ro numbered-node-hop | ||||
| | | | +--ro node-id te-node-id | ||||
| | | | +--ro hop-type? te-hop-type | ||||
| | | +--:(numbered-link-hop) | ||||
| | | | +--ro numbered-link-hop | ||||
| | | | +--ro link-tp-id te-tp-id | ||||
| | | | +--ro hop-type? te-hop-type | ||||
| | | | +--ro direction? te-link-direction | ||||
| | | +--:(unnumbered-link-hop) | ||||
| | | | +--ro unnumbered-link-hop | ||||
| | | | +--ro link-tp-id te-tp-id | ||||
| | | | +--ro node-id te-node-id | ||||
| | | | +--ro hop-type? te-hop-type | ||||
| | | | +--ro direction? te-link-direction | ||||
| | | +--:(as-number) | ||||
| | | | +--ro as-number-hop | ||||
| | | | +--ro as-number inet:as-number | ||||
| | | | +--ro hop-type? te-hop-type | ||||
| | | +--:(label) | ||||
| | | +--ro label-hop | ||||
| | | +--ro te-label | ||||
| | | ... | ||||
| | +--ro pcc-requester? -> /pcep/entity/peers/peer/addr | | +--ro pcc-requester? -> /pcep/entity/peers/peer/addr | |||
| | +--ro req-id? uint32 | | +--ro req-id? uint32 | |||
| | +--ro retrieved? boolean | | +--ro retrieved? boolean | |||
| | +--ro pcc-retrieved? -> /pcep/entity/peers/peer/addr | | +--ro pcc-retrieved? -> /pcep/entity/peers/peer/addr | |||
| | +--ro creation-time? yang:timestamp | | +--ro creation-time? yang:timestamp | |||
| | +--ro discard-time? uint32 | | +--ro discard-time? uint32 | |||
| | +--ro reuse-time? uint32 | | +--ro reuse-time? uint32 | |||
| +--rw peers | +--rw peers | |||
| +--rw peer* [addr] | +--rw peer* [addr] | |||
| +--rw addr inet:ip-address-no-zone | +--rw addr inet:ip-address-no-zone | |||
| +--rw role role | +--rw role role | |||
| +--rw description? string | +--rw description? string | |||
| +--rw domains | +--rw domains | |||
| | +--rw domain* [type domain] | | +--rw domain* [type domain] | |||
| | +--rw type identityref | | +--rw type identityref | |||
| | +--rw domain domain | | +--rw domain domain | |||
| +--rw capabilities | +--rw capabilities | |||
| | +--rw capability? bits | | +--rw capability? bits | |||
| | +--rw pce-initiated? boolean {pce-initiated}? | | +--rw pce-initiated? boolean | |||
| | | {pce-initiated}? | ||||
| | +--rw include-db-ver? boolean | | +--rw include-db-ver? boolean | |||
| | | {stateful,sync-opt}? | | | {stateful,sync-opt}? | |||
| | +--rw trigger-resync? boolean | | +--rw trigger-resync? boolean | |||
| | | {stateful,sync-opt}? | | | {stateful,sync-opt}? | |||
| | +--rw trigger-initial-sync? boolean | | +--rw trigger-initial-sync? boolean | |||
| | | {stateful,sync-opt}? | | | {stateful,sync-opt}? | |||
| | +--rw incremental-sync? boolean | | +--rw incremental-sync? boolean | |||
| | | {stateful,sync-opt}? | | | {stateful,sync-opt}? | |||
| | +--rw sr-mpls {sr-mpls}? | | +--rw sr-mpls {sr-mpls}? | |||
| | | +--rw enabled? boolean | | | +--rw enabled? boolean | |||
| skipping to change at line 5385 ¶ | skipping to change at line 5436 ¶ | |||
| +--rw auth | +--rw auth | |||
| | +--rw (auth-type-selection)? | | +--rw (auth-type-selection)? | |||
| | +--:(auth-key-chain) | | +--:(auth-key-chain) | |||
| | | +--rw key-chain? | | | +--rw key-chain? | |||
| | | key-chain:key-chain-ref | | | key-chain:key-chain-ref | |||
| | +--:(auth-key) | | +--:(auth-key) | |||
| | | +--rw crypto-algorithm identityref | | | +--rw crypto-algorithm identityref | |||
| | | +--rw (key-string-style)? | | | +--rw (key-string-style)? | |||
| | | +--:(keystring) | | | +--:(keystring) | |||
| | | | +--rw keystring? string | | | | +--rw keystring? string | |||
| | | +--:(hexadecimal) {key-chain:hex-key-string}? | | | +--:(hexadecimal) | |||
| | | +--rw hexadecimal-string? yang:hex-string | | | {key-chain:hex-key-string}? | |||
| | | +--rw hexadecimal-string? | ||||
| | | yang:hex-string | ||||
| | +--:(auth-tls) {tls}? | | +--:(auth-tls) {tls}? | |||
| | +--rw (role)? | | +--rw (role)? | |||
| | +--:(server) | | +--:(server) | |||
| | | +--rw tls-server | | | +--rw tls-server | |||
| | | ... | | | ... | |||
| | +--:(client) | | +--:(client) | |||
| | +--rw tls-client | | +--rw tls-client | |||
| | ... | | ... | |||
| +--ro discontinuity-time? yang:timestamp | +--ro discontinuity-time? yang:timestamp | |||
| +--ro initiate-session? boolean | +--ro initiate-session? boolean | |||
| +--ro session-exists? boolean | +--ro session-exists? boolean | |||
| +--ro session-up-time? yang:timestamp | +--ro session-up-time? yang:timestamp | |||
| +--ro session-fail-time? yang:timestamp | +--ro session-fail-time? yang:timestamp | |||
| +--ro session-fail-up-time? yang:timestamp | +--ro session-fail-up-time? yang:timestamp | |||
| +--ro sessions | +--ro sessions | |||
| +--ro session* [initiator] | +--ro session* [initiator] | |||
| +--ro initiator initiator | +--ro initiator initiator | |||
| +--ro role? -> ../../../role | +--ro role? | |||
| | -> ../../../role | ||||
| +--ro state-last-change? yang:timestamp | +--ro state-last-change? yang:timestamp | |||
| +--ro state? sess-state | +--ro state? sess-state | |||
| +--ro session-creation? yang:timestamp | +--ro session-creation? yang:timestamp | |||
| +--ro connect-retry? yang:counter32 | +--ro connect-retry? yang:counter32 | |||
| +--ro local-id? uint8 | +--ro local-id? uint8 | |||
| +--ro remote-id? uint8 | +--ro remote-id? uint8 | |||
| +--ro keepalive-timer? uint8 | +--ro keepalive-timer? uint8 | |||
| +--ro peer-keepalive-timer? uint8 | +--ro peer-keepalive-timer? uint8 | |||
| +--ro dead-timer? uint8 | +--ro dead-timer? uint8 | |||
| +--ro peer-dead-timer? uint8 | +--ro peer-dead-timer? uint8 | |||
| skipping to change at line 5481 ¶ | skipping to change at line 5535 ¶ | |||
| | +--ro peer-overload-time? uint32 | | +--ro peer-overload-time? uint32 | |||
| +---n pcep-session-peer-overload-clear | +---n pcep-session-peer-overload-clear | |||
| +--ro peer-addr? | +--ro peer-addr? | |||
| | -> /pcep/entity/peers/peer/addr | | -> /pcep/entity/peers/peer/addr | |||
| +--ro peer-overloaded? boolean | +--ro peer-overloaded? boolean | |||
| +--ro peer-overloaded-clear-timestamp? yang:timestamp | +--ro peer-overloaded-clear-timestamp? yang:timestamp | |||
| Appendix B. Example | Appendix B. Example | |||
| The example below provides an overview of PCEP peer session | The example below provides an overview of PCEP peer session | |||
| information and LSP-DB in the YANG module. | information and LSP-DB in the "ietf-pcep" module. | |||
| +-------+ +-------+ | +-------+ +-------+ | |||
| | | | | | | | | | | |||
| | PCC1 |<---------------->| | | | PCC1 |<---------------->| | | |||
| | | | | | | | | | | |||
| +-------+ | | | +-------+ | | | |||
| IP:192.0.2.1 | | | IP:192.0.2.1 | | | |||
| | PCE | | | PCE | | |||
| | | | | | | |||
| +-------+ | | | +-------+ | | | |||
| skipping to change at line 5964 ¶ | skipping to change at line 6018 ¶ | |||
| +-----------------------------------+-----------------------------+ | +-----------------------------------+-----------------------------+ | |||
| | pcep-session-peer-overload |pcePcepSessPeerOverload | | | pcep-session-peer-overload |pcePcepSessPeerOverload | | |||
| +-----------------------------------+-----------------------------+ | +-----------------------------------+-----------------------------+ | |||
| | pcep-session-peer-overload-clear |pcePcepSessPeerOverloadClear | | | pcep-session-peer-overload-clear |pcePcepSessPeerOverloadClear | | |||
| +-----------------------------------+-----------------------------+ | +-----------------------------------+-----------------------------+ | |||
| Table 7: Relationship with PCEP MIB Notification | Table 7: Relationship with PCEP MIB Notification | |||
| Acknowledgements | Acknowledgements | |||
| The initial document is based on the PCEP MIB [RFC7420]. The authors | The initial draft version of this document was based on the PCEP MIB | |||
| of this document would like to thank the authors of the above | [RFC7420]. The authors of this document would like to thank the | |||
| document. | authors of [RFC7420]. | |||
| Thanks to Martin Bjorklund and Tom Petch for the detailed review. | Thanks to Martin Bjorklund and Tom Petch for the detailed review. | |||
| Thanks to Mahesh Jethanandani and Jan Lindblad for the YANGDOCTOR | Thanks to Mahesh Jethanandani and Jan Lindblad for the YANGDOCTOR | |||
| review. Thanks to Scott Kelly for the SECDIR review. Thanks to Gyan | review. Thanks to Scott Kelly for the SECDIR review. Thanks to Gyan | |||
| Mishra and Matthew Bocci for the RTGDIR review. | Mishra and Matthew Bocci for the RTGDIR review. | |||
| Contributors | Contributors | |||
| Rohit Pobbathi | Rohit Pobbathi | |||
| Nokia Networks | Nokia Networks | |||
| skipping to change at line 6008 ¶ | skipping to change at line 6062 ¶ | |||
| Xian Zhang | Xian Zhang | |||
| Huawei Technologies | Huawei Technologies | |||
| Bantian, Longgang District | Bantian, Longgang District | |||
| Shenzhen | Shenzhen | |||
| 518129 | 518129 | |||
| China | China | |||
| Email: zhang.xian@huawei.com | Email: zhang.xian@huawei.com | |||
| Avantika | Avantika | |||
| ECI Telecom | Ciena | |||
| India | India | |||
| Email: avantika.srm@gmail.com | Email: avantika.srm@gmail.com | |||
| Shashikanth | Shashikanth | |||
| India | India | |||
| Email: shashivh@gmail.com | Email: shashivh@gmail.com | |||
| Authors' Addresses | Authors' Addresses | |||
| Dhruv Dhody (editor) | Dhruv Dhody (editor) | |||
| End of changes. 30 change blocks. | ||||
| 51 lines changed or deleted | 105 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||