idnits 2.17.00 (12 Aug 2021) /tmp/idnits51644/draft-ietf-rtgwg-yang-vrrp-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 210 has weird spacing: '...address ine...' == Line 228 has weird spacing: '...address ine...' == Line 273 has weird spacing: '...address ine...' == Line 314 has weird spacing: '...address ine...' == Line 366 has weird spacing: '...address ine...' == (13 more instances...) -- The document date (January 24, 2018) is 1578 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) == Outdated reference: draft-ietf-netmod-rfc7223bis has been published as RFC 8343 == Outdated reference: draft-ietf-netmod-rfc7277bis has been published as RFC 8344 == Outdated reference: draft-ietf-netmod-revised-datastores has been published as RFC 8342 -- Obsolete informational reference (is this intentional?): RFC 3768 (Obsoleted by RFC 5798) == Outdated reference: draft-ietf-netconf-subscribed-notifications has been published as RFC 8639 == Outdated reference: draft-ietf-netconf-yang-push has been published as RFC 8641 == Outdated reference: draft-ietf-netmod-rfc6087bis has been published as RFC 8407 == Outdated reference: draft-ietf-netmod-yang-tree-diagrams has been published as RFC 8340 Summary: 2 errors (**), 0 flaws (~~), 14 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group X. Liu, Ed. 3 Internet-Draft A. Kyparlis 4 Intended status: Standards Track Jabil 5 Expires: July 28, 2018 R. Parikh 6 VMware 7 A. Lindem 8 Cisco Systems 9 M. Zhang 10 Huawei Technologies 11 January 24, 2018 13 A YANG Data Model for Virtual Router Redundancy Protocol (VRRP) 14 draft-ietf-rtgwg-yang-vrrp-10 16 Abstract 18 This document describes a data model for Virtual Router Redundancy 19 Protocol (VRRP). Both version 2 and version 3 of VRRP are covered. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on July 28, 2018. 38 Copyright Notice 40 Copyright (c) 2018 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 57 1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 58 1.3. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 59 2. Design of the Data Model . . . . . . . . . . . . . . . . . . 3 60 2.1. Scope of the Model . . . . . . . . . . . . . . . . . . . 3 61 2.2. Relations with Interface Model and IP Model . . . . . . . 4 62 2.3. Protocol Configuration . . . . . . . . . . . . . . . . . 5 63 2.4. Protocol States . . . . . . . . . . . . . . . . . . . . . 6 64 2.5. Notifications . . . . . . . . . . . . . . . . . . . . . . 8 65 3. Tree Structure . . . . . . . . . . . . . . . . . . . . . . . 10 66 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 12 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 68 6. Security Considerations . . . . . . . . . . . . . . . . . . . 35 69 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 70 7.1. Normative References . . . . . . . . . . . . . . . . . . 36 71 7.2. Informative References . . . . . . . . . . . . . . . . . 37 72 Appendix A. Data Tree Example . . . . . . . . . . . . . . . . . 39 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42 75 1. Introduction 77 This document introduces a YANG [RFC6020][RFC7950] data model for 78 Virtual Router Redundancy Protocol (VRRP) [RFC3768] [RFC5798]. VRRP 79 provides higher resiliency by specifying an election protocol that 80 dynamically assigns responsibility for a virtual router to one of the 81 VRRP routers on a LAN. 83 This YANG model supports both version 2 and version 3 of VRRP. VRRP 84 version 2 defined in [RFC3768] supports IPv4. VRRP version 3 defined 85 in [RFC5798] supports both IPv4 and IPv6. 87 1.1. Terminology 89 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 90 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 91 document are to be interpreted as described in [RFC2119]. 93 The following terms are defined in [RFC7950] and are not redefined 94 here: 96 o augment 97 o data model 99 o data node 101 1.2. Tree Diagrams 103 A simplified graphical representation of the data model is used in 104 this document. The meaning of the symbols in these diagrams is 105 defined in [I-D.ietf-netmod-yang-tree-diagrams]. 107 1.3. Prefixes in Data Node Names 109 In this document, names of data nodes, actions, and other data model 110 objects are often used without a prefix, as long as it is clear from 111 the context in which YANG module each name is defined. Otherwise, 112 names are prefixed using the standard prefix associated with the 113 corresponding YANG module, as shown in Table 1. 115 +--------+-----------------+------------------------------+ 116 | Prefix | YANG module | Reference | 117 +--------+-----------------+------------------------------+ 118 | yang | ietf-yang-types | [RFC6991] | 119 | inet | ietf-inet-types | [RFC6991] | 120 | if | ietf-interfaces | [I-D.ietf-netmod-rfc7223bis] | 121 | ip | ietf-ip | [I-D.ietf-netmod-rfc7277bis] | 122 +--------+-----------------+------------------------------+ 124 Table 1: Prefixes and Corresponding YANG Modules 126 2. Design of the Data Model 128 2.1. Scope of the Model 130 The model covers VRRP version 2 [RFC3768] and VRRP version 3 131 [RFC5798] protocols. The model is designed to be implemented on a 132 device where VRRP version 2 or version 3 is implemented. With the 133 help of a proper management protocol, the defined model can be used 134 to: 136 o Configure the VRRP version 2 or version 3 protocol. 138 o Manage the protocol operational behavior. 140 o Retrieve the protocol operational status. 142 o Receive the protocol notifications. 144 2.2. Relations with Interface Model and IP Model 146 This model augments the interface data model "ietf-interfaces" 147 [I-D.ietf-netmod-rfc7223bis] and the IP management model "ietf-ip" 148 [I-D.ietf-netmod-rfc7277bis]. The augmentation relations are shown 149 as follows: 151 module: ietf-interfaces 152 +--rw interfaces 153 +--rw interface* [name] 154 ... 155 +--rw ip:ipv4! 156 | +--rw ip:address* [ip] 157 ... 158 | +--rw vrrp:vrrp 159 | +--rw vrrp:vrrp-instance* [vrid] 160 | +--rw vrrp:vrid uint8 161 | +--rw vrrp:virtual-ipv4-addresses 162 ... 163 +--rw ip:ipv6! 164 +--rw ip:address* [ip] 165 ... 166 +--rw vrrp:vrrp 167 +--rw vrrp:vrrp-instance* [vrid] 168 +--rw vrrp:vrid uint8 169 +--rw vrrp:virtual-ipv6-addresses 170 ... 172 In the above figure, a tree node without a prefix is from the model 173 "ietf-interfaces". A tree node with prefix "ip:" is from the model 174 "ietf-ip". A tree node with prefix "vrrp:" is from the VRRP model 175 specified in this document. 177 The "vrrp" container contains a list of vrrp-instance nodes, which 178 are instantiated under an interface for a specified address family 179 (IPv4 or IPv6). 181 Each vrrp-instance node represents a VRRP router state machine 182 described in Section 6.4 of [RFC5798], providing the configuration 183 and state information for the election process of a virtual router. 184 The IP addresses on the augmented interface are the real addresses 185 through which the VRRP router operates. The IPv4 or IPv6 address(es) 186 associated with a virtual router (described in Section 1 of 187 [RFC5798]) are modeled as a list of IPv4 or IPv6 addresses under the 188 vrrp-instance. 190 2.3. Protocol Configuration 192 The model structure for the protocol configuration is as shown below: 194 augment /if:interfaces/if:interface/ip:ipv4: 195 +--rw vrrp 196 +--rw vrrp-instance* [vrid] 197 +--rw vrid uint8 198 | ... 199 +--rw track 200 | +--rw interfaces 201 | | +--rw interface* [interface] 202 | | +--rw interface if:interface-ref 203 | | ... 204 | +--rw networks 205 | +--rw network* [prefix] 206 | +--rw prefix inet:ipv4-prefix 207 | ... 208 +--rw virtual-ipv4-addresses 209 +--rw virtual-ipv4-address* [ipv4-address] 210 +--rw ipv4-address inet:ipv4-address 212 augment /if:interfaces/if:interface/ip:ipv6: 213 +--rw vrrp 214 +--rw vrrp-instance* [vrid] 215 +--rw vrid uint8 216 | ... 217 +--rw track 218 | +--rw interfaces 219 | | +--rw interface* [interface] 220 | | +--rw interface if:interface-ref 221 | | ... 222 | +--rw networks 223 | +--rw network* [prefix] 224 | +--rw prefix inet:ipv6-prefix 225 | ... 226 +--rw virtual-ipv6-addresses 227 +--rw virtual-ipv6-address* [ipv6-address] 228 +--rw ipv6-address inet:ipv6-address 230 The model allows to configure the following protocol entities: 232 o VRRP instance (version 2 or version 3), representing a VRRP 233 router. 235 o Virtual IPv4 or IPv6 address associated with a virtual router. 237 o Tracking interface, to detect interface connectivity failures. 239 o Tracking network, to detect interface connectivity failures. 241 2.4. Protocol States 243 The model structure for the protocol states is as shown below: 245 module: ietf-vrrp 246 +--ro vrrp 247 | // global operational states 248 +--ro virtual-routers? uint32 249 +--ro interfaces? uint32 250 +--ro statistics // global statistics 251 +--ro discontinuity-datetime? yang:date-and-time 252 +--ro checksum-errors? yang:counter64 253 +--ro version-errors? yang:counter64 254 +--ro vrid-errors? yang:counter64 255 +--ro ip-ttl-errors? yang:counter64 257 augment /if:interfaces/if:interface/ip:ipv4: 258 +--rw vrrp 259 +--rw vrrp-instance* [vrid] 260 +--rw vrid uint8 261 | ... 262 +--rw track 263 | +--rw interfaces 264 | | +--rw interface* [interface] 265 | | +--rw interface if:interface-ref 266 | | ... 267 | +--rw networks 268 | +--rw network* [prefix] 269 | +--rw prefix inet:ipv4-prefix 270 | ... 271 +--rw virtual-ipv4-addresses 272 | +--rw virtual-ipv4-address* [ipv4-address] 273 | +--rw ipv4-address inet:ipv4-address 274 | 275 | // per instance operational states 276 +--ro state? identityref 277 +--ro is-owner? boolean 278 +--ro last-adv-source? inet:ip-address 279 +--ro up-datetime? yang:date-and-time 280 +--ro master-down-interval? uint32 281 +--ro skew-time? uint32 282 +--ro last-event? identityref 283 +--ro new-master-reason? new-master-reason-type 284 +--ro statistics // per instance statistics 285 +--ro discontinuity-datetime? yang:date-and-time 286 +--ro master-transitions? yang:counter32 287 +--ro advertisement-recv? yang:counter64 288 +--ro advertisement-sent? yang:counter64 289 +--ro interval-errors? yang:counter64 290 | {validate-interval-errors}? 291 +--ro priority-zero-pkts-rcvd? yang:counter64 292 +--ro priority-zero-pkts-sent? yang:counter64 293 +--ro invalid-type-pkts-rcvd? yang:counter64 294 +--ro address-list-errors? yang:counter64 295 | {validate-address-list-errors}? 296 +--ro packet-length-errors? yang:counter64 298 augment /if:interfaces/if:interface/ip:ipv6: 299 +--rw vrrp 300 +--rw vrrp-instance* [vrid] 301 +--rw vrid uint8 302 + ... 303 +--rw track 304 | +--rw interfaces 305 | | +--rw interface* [interface] 306 | | +--rw interface if:interface-ref 307 | | ... 308 | +--rw networks 309 | +--rw network* [prefix] 310 | +--rw prefix inet:ipv6-prefix 311 | ... 312 +--rw virtual-ipv6-addresses 313 | +--rw virtual-ipv6-address* [ipv6-address] 314 | +--rw ipv6-address inet:ipv6-address 315 | 316 | // per instance operational states 317 +--ro state? identityref 318 +--ro is-owner? boolean 319 +--ro last-adv-source? inet:ip-address 320 +--ro up-datetime? yang:date-and-time 321 +--ro master-down-interval? uint32 322 +--ro skew-time? uint32 323 +--ro last-event? identityref 324 +--ro new-master-reason? new-master-reason-type 325 +--ro statistics // per instance statistics 326 +--ro discontinuity-datetime? yang:date-and-time 327 +--ro master-transitions? yang:counter32 328 +--ro advertisement-recv? yang:counter64 329 +--ro advertisement-sent? yang:counter64 330 +--ro interval-errors? yang:counter64 331 | {validate-interval-errors}? 332 +--ro priority-zero-pkts-rcvd? yang:counter64 333 +--ro priority-zero-pkts-sent? yang:counter64 334 +--ro invalid-type-pkts-rcvd? yang:counter64 335 +--ro address-list-errors? yang:counter64 336 | {validate-address-list-errors}? 337 +--ro packet-length-errors? yang:counter64 339 This model conforms to the Network Management Datastore Architecture 340 (NMDA) [I-D.ietf-netmod-revised-datastores]. The operational state 341 data is combined with the associated configuration data in the same 342 hierarchy [I-D.ietf-netmod-rfc6087bis]. When protocol states are 343 retrieved from the NMDA operational state datastore, the returned 344 states cover all "config true" (rw) and "config false" (ro) nodes 345 defined in the schema. 347 The model allows to retrieve protocol states at the following levels: 349 o VRRP instance (version 2 or version 3), representing a VRRP 350 router. 352 o Virtual IPv4 or IPv6 address associated with a virtual router. 354 o Tracking interface, to detect interface connectivity failures. 356 o Tracking network, to detect interface connectivity failures. 358 o Global states and statistics summarizing all instances. 360 2.5. Notifications 362 This model defines the following VRRP specific notifications: 364 notifications: 365 +---n vrrp-new-master-event 366 | +--ro master-ip-address inet:ip-address 367 | +--ro new-master-reason new-master-reason-type 368 +---n vrrp-protocol-error-event 369 | +--ro protocol-error-reason identityref 370 +---n vrrp-virtual-router-error-event 371 +--ro interface if:interface-ref 372 +--ro (ip-version) 373 | +--:(ipv4) 374 | | +--ro ipv4 375 | | +--ro vrid leafref 376 | +--:(ipv6) 377 | +--ro ipv6 378 | +--ro vrid leafref 379 +--ro virtual-router-error-reason identityref 381 Each notification type is used to indicate a type of VRRP state 382 changes or error occurances: 384 vrrp-new-master-event 385 VRRP new master event, indicating that a new master has been 386 elected. 388 vrrp-protocol-error-event 389 VRRP protocol error event for a message that fails to reach a VRRP 390 instance to be processed. 392 vrrp-virtual-router-error-event 393 VRRP virtual router error event for a message processed on a VRRP 394 instance. 396 In addition to the notifications specified above, the mechanism 397 defined in [I-D.ietf-netconf-subscribed-notifications] and 398 [I-D.ietf-netconf-yang-push] can be used for other general 399 notifications. This mechanism currently allows the user to: 401 o Subscribe notifications on a per client basis. 403 o Specify subtree filters or xpath filters so that only interested 404 contents will be sent. 406 o Specify either periodic or on-demand notifications. 408 3. Tree Structure 410 The VRRP YANG data model defined in this document has the following 411 tree structure: 413 module: ietf-vrrp 414 +--ro vrrp 415 +--ro virtual-routers? uint32 416 +--ro interfaces? uint32 417 +--ro statistics 418 +--ro discontinuity-datetime? yang:date-and-time 419 +--ro checksum-errors? yang:counter64 420 +--ro version-errors? yang:counter64 421 +--ro vrid-errors? yang:counter64 422 +--ro ip-ttl-errors? yang:counter64 423 augment /if:interfaces/if:interface/ip:ipv4: 424 +--rw vrrp 425 +--rw vrrp-instance* [vrid] 426 +--rw vrid uint8 427 +--rw version identityref 428 +--rw log-state-change? boolean 429 +--rw preempt 430 | +--rw enabled? boolean 431 | +--rw hold-time? uint16 432 +--rw priority? uint8 433 +--rw accept-mode? boolean 434 +--rw (advertise-interval-choice)? 435 | +--:(v2) 436 | | +--rw advertise-interval-sec? uint8 437 | +--:(v3) 438 | +--rw advertise-interval-centi-sec? uint16 439 +--rw track 440 | +--rw interfaces 441 | | +--rw interface* [interface] 442 | | +--rw interface if:interface-ref 443 | | +--rw priority-decrement? uint8 444 | +--rw networks 445 | +--rw network* [prefix] 446 | +--rw prefix inet:ipv4-prefix 447 | +--rw priority-decrement? uint8 448 +--rw virtual-ipv4-addresses 449 | +--rw virtual-ipv4-address* [ipv4-address] 450 | +--rw ipv4-address inet:ipv4-address 451 +--ro state? identityref 452 +--ro is-owner? boolean 453 +--ro last-adv-source? inet:ip-address 454 +--ro up-datetime? yang:date-and-time 455 +--ro master-down-interval? uint32 456 +--ro skew-time? uint32 457 +--ro last-event? identityref 458 +--ro new-master-reason? 459 new-master-reason-type 460 +--ro statistics 461 +--ro discontinuity-datetime? yang:date-and-time 462 +--ro master-transitions? yang:counter32 463 +--ro advertisement-recv? yang:counter64 464 +--ro advertisement-sent? yang:counter64 465 +--ro interval-errors? yang:counter64 466 | {validate-interval-errors}? 467 +--ro priority-zero-pkts-rcvd? yang:counter64 468 +--ro priority-zero-pkts-sent? yang:counter64 469 +--ro invalid-type-pkts-rcvd? yang:counter64 470 +--ro address-list-errors? yang:counter64 471 | {validate-address-list-errors}? 472 +--ro packet-length-errors? yang:counter64 473 augment /if:interfaces/if:interface/ip:ipv6: 474 +--rw vrrp 475 +--rw vrrp-instance* [vrid] 476 +--rw vrid uint8 477 +--rw version identityref 478 +--rw log-state-change? boolean 479 +--rw preempt 480 | +--rw enabled? boolean 481 | +--rw hold-time? uint16 482 +--rw priority? uint8 483 +--rw accept-mode? boolean 484 +--rw advertise-interval-centi-sec? uint16 485 +--rw track 486 | +--rw interfaces 487 | | +--rw interface* [interface] 488 | | +--rw interface if:interface-ref 489 | | +--rw priority-decrement? uint8 490 | +--rw networks 491 | +--rw network* [prefix] 492 | +--rw prefix inet:ipv6-prefix 493 | +--rw priority-decrement? uint8 494 +--rw virtual-ipv6-addresses 495 | +--rw virtual-ipv6-address* [ipv6-address] 496 | +--rw ipv6-address inet:ipv6-address 497 +--ro state? identityref 498 +--ro is-owner? boolean 499 +--ro last-adv-source? inet:ip-address 500 +--ro up-datetime? yang:date-and-time 501 +--ro master-down-interval? uint32 502 +--ro skew-time? uint32 503 +--ro last-event? identityref 504 +--ro new-master-reason? 505 new-master-reason-type 506 +--ro statistics 507 +--ro discontinuity-datetime? yang:date-and-time 508 +--ro master-transitions? yang:counter32 509 +--ro advertisement-recv? yang:counter64 510 +--ro advertisement-sent? yang:counter64 511 +--ro interval-errors? yang:counter64 512 | {validate-interval-errors}? 513 +--ro priority-zero-pkts-rcvd? yang:counter64 514 +--ro priority-zero-pkts-sent? yang:counter64 515 +--ro invalid-type-pkts-rcvd? yang:counter64 516 +--ro address-list-errors? yang:counter64 517 | {validate-address-list-errors}? 518 +--ro packet-length-errors? yang:counter64 520 notifications: 521 +---n vrrp-new-master-event 522 | +--ro master-ip-address inet:ip-address 523 | +--ro new-master-reason new-master-reason-type 524 +---n vrrp-protocol-error-event 525 | +--ro protocol-error-reason identityref 526 +---n vrrp-virtual-router-error-event 527 +--ro interface if:interface-ref 528 +--ro (ip-version) 529 | +--:(ipv4) 530 | | +--ro ipv4 531 | | +--ro vrid leafref 532 | +--:(ipv6) 533 | +--ro ipv6 534 | +--ro vrid leafref 535 +--ro virtual-router-error-reason identityref 537 4. YANG Module 539 file "ietf-vrrp@2018-01-09.yang" 540 module ietf-vrrp { 541 yang-version 1.1; 542 namespace "urn:ietf:params:xml:ns:yang:ietf-vrrp"; 543 prefix "vrrp"; 545 import ietf-inet-types { 546 prefix "inet"; 547 } 549 import ietf-yang-types { 550 prefix "yang"; 552 } 554 import ietf-interfaces { 555 prefix "if"; 556 } 558 import ietf-ip { 559 prefix "ip"; 560 } 562 organization 563 "IETF Routing Area Working Group (RTGWG)"; 564 contact 565 "WG Web: 566 WG List: 568 Editor: Xufeng Liu 569 571 Editor: Athanasios Kyparlis 572 574 Editor: Ravi Parikh 575 577 Editor: Acee Lindem 578 580 Editor: Mingui Zhang 581 "; 583 description 584 "This YANG module defines a model for managing Virtual Router 585 Redundancy Protocol (VRRP) version 2 and version 3. 587 Copyright (c) 2018 IETF Trust and the persons identified as 588 authors of the code. All rights reserved. 590 Redistribution and use in source and binary forms, with or 591 without modification, is permitted pursuant to, and subject to 592 the license terms contained in, the Simplified BSD License set 593 forth in Section 4.c of the IETF Trust's Legal Provisions 594 Relating to IETF Documents 595 (http://trustee.ietf.org/license-info). 597 This version of this YANG module is part of RFC XXXX; see the 598 RFC itself for full legal notices."; 600 revision 2018-01-09 { 601 description "Initial revision"; 602 reference 603 "RFC XXXX: A YANG Data Model for Virtual Router Redundancy 604 Protocol (VRRP). 605 RFC 2787: Definitions of Managed Objects for the Virtual 606 Router Redundancy Protocol. 607 RFC 3768: Virtual Router Redundancy Protocol (VRRP). 608 RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3. 609 RFC 6527: Definitions of Managed Objects for the Virtual 610 Router Redundancy Protocol Version 3 (VRRPv3)."; 611 } 613 /* 614 * Features 615 */ 617 feature validate-interval-errors { 618 description 619 "This feature indicates that the system validates that 620 the advertisement interval from advertisement packets 621 received is the same as the one configured for the local 622 VRRP router."; 623 } 625 feature validate-address-list-errors { 626 description 627 "This feature indicates that the system validates that 628 the address list from received packets matches the 629 locally configured list for the VRRP router."; 630 } 632 /* 633 * Typedefs 634 */ 636 typedef new-master-reason-type { 637 type enumeration { 638 enum not-master { 639 description 640 "The virtual router has never transitioned to master 641 state,"; 642 } 643 enum priority { 644 description "Priority was higher."; 645 } 646 enum preempted { 647 description "The master was preempted."; 649 } 650 enum no-response { 651 description "Previous master did not respond."; 652 } 653 } 654 description 655 "The reason for the virtual router to transition to master 656 state."; 657 } // new-master-reason-type 659 /* 660 * Identities 661 */ 663 /* vrrp-event-type identity and its derivatives. */ 664 identity vrrp-event-type { 665 description 666 "The type to indicate the type of a VRRP protocol event."; 667 } 668 identity vrrp-event-none { 669 base vrrp-event-type; 670 description 671 "Indicates a non-meaningful event."; 672 } 673 identity vrrp-event-startup { 674 base vrrp-event-type; 675 description 676 "Indicates that a VRRP router has initiated the protocol."; 677 } 678 identity vrrp-event-shutdown { 679 base vrrp-event-type; 680 description 681 "Indicates that a VRRP router has closed down the protocol."; 682 } 683 identity vrrp-event-higher-priority-backup { 684 base vrrp-event-type; 685 description 686 "Indicates that a backup router has a higher priority than 687 the current master."; 688 } 689 identity vrrp-event-master-timeout { 690 base vrrp-event-type; 691 description 692 "Indicates that the current master has not sent an 693 advertisement within the limit of master-down-interval."; 694 } 695 identity vrrp-event-interface-up { 696 base vrrp-event-type; 697 description 698 "Indicates that the VRRP enabled interface has become 699 operational up."; 700 } 701 identity vrrp-event-interface-down { 702 base vrrp-event-type; 703 description 704 "Indicates that the VRRP enabled interface has become 705 operational down."; 706 } 707 identity vrrp-event-no-primary-ip-address { 708 base vrrp-event-type; 709 description 710 "Indicates that the primary IP address on the VRRP enabled 711 interface has become unavailable."; 712 } 713 identity vrrp-event-primary-ip-address { 714 base vrrp-event-type; 715 description 716 "Indicates that the primary IP address on the VRRP enabled 717 interface has become available."; 718 } 719 identity vrrp-event-no-virtual-ip-addresses { 720 base vrrp-event-type; 721 description 722 "Indicates that there are no virtual IP addresses on the 723 virtual router."; 724 } 725 identity vrrp-event-virtual-ip-addresses { 726 base vrrp-event-type; 727 description 728 "Indicates that there are virtual IP addresses on the 729 virtual router."; 730 } 731 identity vrrp-event-preempt-hold-timeout { 732 base vrrp-event-type; 733 description 734 "Indicates that the configured preemption hold time has 735 passed."; 736 } 737 identity vrrp-event-lower-priority-master { 738 base vrrp-event-type; 739 description 740 "Indicates that there is a lower priority VRRP master."; 741 } 742 identity vrrp-event-owner-preempt { 743 base vrrp-event-type; 744 description 745 "Indicates that the owner has preempted another router to 746 become the master."; 747 } 749 /* vrrp-error-global identity and its derivatives. */ 750 identity vrrp-error-global { 751 description 752 "The type to indicate the type of a VRRP error that occurs 753 for a packet before it reaches a VRRP router."; 754 } 755 identity checksum-error { 756 base vrrp-error-global; 757 description 758 "A packet has been received with an invalid VRRP checksum 759 value."; 760 } 761 identity ip-ttl-error { 762 base vrrp-error-global; 763 description 764 "A packet has been received with IP TTL (Time-To-Live) 765 not equal to 255."; 766 } 767 identity version-error { 768 base vrrp-error-global; 769 description 770 "A packet has been received with an unknown or unsupported 771 version number."; 772 } 773 identity vrid-error { 774 base vrrp-error-global; 775 description 776 "A packet has been received with a VRID that is not valid 777 for any virtual router on this router."; 778 } 780 /* vrrp-error-virtual-router identity and its derivatives. */ 781 identity vrrp-error-virtual-router { 782 description 783 "The type to indicate the type of a VRRP error that occurs 784 after a packet reaches a VRRP router."; 785 } 786 identity address-list-error { 787 base vrrp-error-virtual-router; 788 description 789 "A packet has been received with an address list that 790 does not match the locally configured address list for 791 the virtual router."; 792 } 793 identity interval-error { 794 base vrrp-error-virtual-router; 795 description 796 "A packet has been received with an advertisement 797 interval different than the one configured for the local 798 virtual router"; 799 } 800 identity packet-length-error { 801 base vrrp-error-virtual-router; 802 description 803 "A packet has been received with a packet length less 804 than the length of the VRRP header."; 805 } 807 /* vrrp-state-type identity and its derivatives. */ 808 identity vrrp-state-type { 809 description 810 "The type to indicate the state of a virtual router."; 811 } 812 identity initialize { 813 base vrrp-state-type; 814 description 815 "Indicates that the virtual router is waiting 816 for a startup event."; 817 } 818 identity backup { 819 base vrrp-state-type; 820 description 821 "Indicates that the virtual router is monitoring the 822 availability of the master router."; 823 } 824 identity master { 825 base vrrp-state-type; 826 description 827 "Indicates that the virtual router is forwarding 828 packets for IP addresses that are associated with 829 this virtual router."; 830 } 832 /* vrrp-version identity and its derivatives. */ 833 identity vrrp-version { 834 description 835 "The version of the VRRP protocol."; 836 } 837 identity vrrp-v2 { 838 base vrrp-version; 839 description 840 "Indicates version 2 of the VRRP protocol."; 842 } 843 identity vrrp-v3 { 844 base vrrp-version; 845 description 846 "Indicates version 3 of the VRRP protocol."; 847 } 849 /* 850 * Groupings 851 */ 853 grouping vrrp-common-attributes { 854 description 855 "Group of VRRP attributes common to version 2 and version 3"; 857 leaf vrid { 858 type uint8 { 859 range 1..255; 860 } 861 description "Virtual router ID."; 862 } 864 leaf version { 865 type identityref { 866 base vrrp:vrrp-version; 867 } 868 mandatory true; 869 description "Version 2 or version 3 of VRRP."; 870 } 872 leaf log-state-change { 873 type boolean; 874 default "false"; 875 description 876 "Generates VRRP state change messages each time the VRRP 877 instance changes state (from up to down or down to up)."; 878 } 880 container preempt { 881 description 882 "Enables a higher priority Virtual Router Redundancy 883 Protocol (VRRP) backup router to preempt a lower priority 884 VRRP master."; 885 leaf enabled { 886 type boolean; 887 default "true"; 888 description 889 "'true' if preemption is enabled."; 891 } 892 leaf hold-time { 893 type uint16; 894 units seconds; 895 default 0; 896 description 897 "Hold time, in seconds, for which a higher priority VRRP 898 backup router must wait before preempting a lower priority 899 VRRP master."; 900 } 901 } 903 leaf priority { 904 type uint8 { 905 range 1..254; 906 } 907 default 100; 908 description 909 "Configures the Virtual Router Redundancy Protocol (VRRP) 910 election priority for the backup virtual router."; 911 } 913 leaf accept-mode { 914 when "derived-from-or-self(current()/../version, 'vrrp-v3')" { 915 description "Applicable only to version 3."; 916 } 917 type boolean; 918 default "false"; 919 description 920 "Controls whether a virtual router in Master state will 921 accept packets addressed to the address owner's IPvX address 922 as its own if it is not the IPvX address owner. The default 923 is false. Deployments that rely on, for example, pinging the 924 address owner's IPvX address may wish to configure 925 accept-mode to true. 927 Note: IPv6 Neighbor Solicitations and Neighbor 928 Advertisements MUST NOT be dropped when accept-mode is 929 false."; 930 } 931 } // vrrp-common-attributes 933 grouping vrrp-ipv4-attributes { 934 description 935 "Group of VRRP attributes for IPv4."; 937 uses vrrp-common-attributes; 938 choice advertise-interval-choice { 939 description 940 "The options for the advertisement interval at which VRRPv2 941 or VRRPv3 advertisements are sent from the specified 942 interface."; 944 case v2 { 945 when "derived-from-or-self(version, 'vrrp-v2')" { 946 description "Applicable only to version 2."; 947 } 948 leaf advertise-interval-sec { 949 type uint8 { 950 range 1..254; 951 } 952 units seconds; 953 default 1; 954 description 955 "Configures the interval that Virtual Router 956 Redundancy Protocol Version 2 (VRRPv2) advertisements 957 are sent from the specified interface."; 958 } 959 } 961 case v3 { 962 when "derived-from-or-self(version, 'vrrp-v3')" { 963 description "Applicable only to version 3."; 964 } 965 leaf advertise-interval-centi-sec { 966 type uint16 { 967 range 1..4095; 968 } 969 units centiseconds; 970 default 100; 971 description 972 "Configures the interval that Virtual Router 973 Redundancy Protocol version 3 (VRRPv3) advertisements 974 are sent from the specified interface."; 975 } 976 } 977 } // advertise-interval-choice 979 container track { 980 description 981 "Enables the specified VRRP instance to track interfaces 982 or networks."; 983 container interfaces { 984 description 985 "Enables the specified Virtual Router Redundancy Protocol 986 version 2 (VRRP) or version 3 (VRRPv3) instance to track 987 interfaces. 988 Interface tracking prevents traffic loss by detecting the 989 availability of interfaces. The operational states of 990 other interfaces are associated with the priority of a 991 VRRP router. When a tracked interface becomes unavailable 992 (or operational down), the priority of the backup router 993 decrements. When an unavailable interface becomes 994 available again, the priority of the backup VRRP router is 995 incremented by the same amount."; 997 list interface { 998 key "interface"; 999 description 1000 "Interface to track."; 1002 leaf interface { 1003 type if:interface-ref; 1004 must "/if:interfaces/if:interface[if:name=current()]/" 1005 + "ip:ipv4" { 1006 description "Interface is IPv4."; 1007 } 1008 description 1009 "Interface to track."; 1010 } 1012 leaf priority-decrement { 1013 type uint8 { 1014 range 1..254; 1015 } 1016 default 10; 1017 description 1018 "Specifies how much to decrement the priority of the 1019 VRRP instance if the interface goes down."; 1020 } 1021 } // interface 1022 } // interfaces 1024 container networks { 1025 description 1026 "Enables the backup Virtual Router Redundancy Protocol 1027 version 2 (VRRP) or version 3 (VRRPv3) router to track 1028 specified networks through the IP network prefixes of 1029 these networks. 1030 Network tracking prevents traffic loss by detecting 1031 network connectivity failure. The states of connectivity 1032 to some networks are associated with the priority of a 1033 VRRP router. When connectivity to a tracked network 1034 represented by its prefix is lost, the priority of the 1035 backup VRRP router decrements. When an unavailable network 1036 is again reachable, the priority of the backup VRRP router 1037 is incremented by the same amount."; 1038 list network { 1039 key "prefix"; 1040 description 1041 "Enables the specified Virtual Router Redundancy 1042 Protocol version 2 (VRRP) or version 3 (VRRPv3) 1043 instance to track an IP network, by specifying the 1044 prefix of the IP network."; 1046 leaf prefix { 1047 type inet:ipv4-prefix; 1048 description 1049 "The prefix of the network to track."; 1050 } 1052 leaf priority-decrement { 1053 type uint8 { 1054 range 1..254; 1055 } 1056 default 10; 1057 description 1058 "Specifies how much to decrement the priority of the 1059 backup VRRP router if there is a failure in the IP 1060 network."; 1061 } 1062 } // track-network 1063 } // track-networks 1064 } // track 1066 container virtual-ipv4-addresses { 1067 description 1068 "Configures the virtual IP address for the Virtual Router 1069 Redundancy Protocol (VRRP) interface."; 1071 list virtual-ipv4-address { 1072 key "ipv4-address"; 1073 max-elements 16; 1074 description 1075 "Virtual IP addresses for a single VRRP instance. For a 1076 VRRP owner router, the virtual address must match one 1077 of the IP addresses configured on the interface 1078 corresponding to the virtual router."; 1080 leaf ipv4-address { 1081 type inet:ipv4-address; 1082 description 1083 "An IPv4 address associated with a virtual router."; 1084 reference 1085 "RFC 5798: Virtual Router Redundancy Protocol (VRRP) 1086 Version 3. Section 1.2."; 1087 } 1088 } // virtual-ipv4-address 1089 } // virtual-ipv4-addresses 1090 } // grouping vrrp-ipv4-attributes 1092 grouping vrrp-ipv6-attributes { 1093 description 1094 "Group of VRRP attributes for IPv6."; 1096 uses vrrp-common-attributes; 1098 leaf advertise-interval-centi-sec { 1099 type uint16 { 1100 range 1..4095; 1101 } 1102 units centiseconds; 1103 default 100; 1104 description 1105 "Configures the interval that Virtual Router 1106 Redundancy Protocol version 3 (VRRPv3) advertisements 1107 are sent from the specified interface."; 1108 } 1110 container track { 1111 description 1112 "Enables the specified VRRP instance to track interfaces 1113 or networks."; 1114 container interfaces { 1115 description 1116 "Enables the specified Virtual Router Redundancy Protocol 1117 version 2 (VRRP) or version 3 (VRRPv3) instance to track 1118 interfaces. 1119 Interface tracking prevents traffic loss by detecting the 1120 availability of interfaces. The operational states of 1121 other interfaces are associated with the priority of a 1122 VRRP router. When a tracked interface becomes unavailable 1123 (or operational down), the priority of the backup router 1124 decrements. When an unavailable interface becomes 1125 available again, the priority of the backup VRRP router is 1126 incremented by the same amount."; 1127 list interface { 1128 key "interface"; 1129 description 1130 "Interface to track."; 1132 leaf interface { 1133 type if:interface-ref; 1134 must "/if:interfaces/if:interface[if:name=current()]/" 1135 + "ip:ipv6" { 1136 description "Interface is IPv6."; 1137 } 1138 description 1139 "Interface to track."; 1140 } 1142 leaf priority-decrement { 1143 type uint8 { 1144 range 1..254; 1145 } 1146 default 10; 1147 description 1148 "Specifies how much to decrement the priority of the 1149 VRRP instance if the interface goes down."; 1150 } 1151 } // interface 1152 } // interfaces 1154 container networks { 1155 description 1156 "Enables the backup Virtual Router Redundancy Protocol 1157 version 2 (VRRP) or version 3 (VRRPv3) router to track 1158 specified networks through the IP network prefixes of 1159 these networks. 1160 Network tracking prevents traffic loss by detecting 1161 network connectivity failure. The states of connectivity 1162 to some networks are associated with the priority of a 1163 VRRP router. When connectivity to a tracked network 1164 represented by its prefix is lost, the priority of the 1165 backup VRRP router decrements. When an unavailable network 1166 is again reachable, the priority of the backup VRRP router 1167 is incremented by the same amount."; 1168 list network { 1169 key "prefix"; 1170 description 1171 "Enables the specified Virtual Router Redundancy 1172 Protocol version 2 (VRRP) or version 3 (VRRPv3) 1173 instance to track an IP network, by specifying the 1174 prefix of the IP network."; 1176 leaf prefix { 1177 type inet:ipv6-prefix; 1178 description 1179 "The prefix of the network to track."; 1180 } 1182 leaf priority-decrement { 1183 type uint8 { 1184 range 1..254; 1185 } 1186 default 10; 1187 description 1188 "Specifies how much to decrement the priority of the 1189 backup VRRP router if there is a failure in the IP 1190 network."; 1191 } 1192 } // track-network 1193 } // track-networks 1194 } // track 1196 container virtual-ipv6-addresses { 1197 description 1198 "Configures the virtual IP address for the Virtual Router 1199 Redundancy Protocol (VRRP) interface."; 1200 list virtual-ipv6-address { 1201 key "ipv6-address"; 1202 max-elements 2; 1203 description 1204 "Two IPv6 addresses are allowed. The first one must be 1205 a link-local address and the second one can be a 1206 link-local or global address."; 1208 leaf ipv6-address { 1209 type inet:ipv6-address; 1210 description 1211 "An IPv6 address associated with a virtual router."; 1212 reference 1213 "RFC 5798: Virtual Router Redundancy Protocol (VRRP) 1214 Version 3. Section 1.3."; 1215 } 1216 } // virtual-ipv6-address 1217 } // virtual-ipv6-addresses 1218 } // grouping vrrp-ipv6-attributes 1220 grouping vrrp-state-attributes { 1221 description 1222 "Group of VRRP state attributes."; 1224 leaf state { 1225 type identityref { 1226 base vrrp:vrrp-state-type; 1227 } 1228 config false; 1229 description 1230 "Operational state."; 1231 } 1233 leaf is-owner { 1234 type boolean; 1235 config false; 1236 description 1237 "Set to true if this virtual router is owner."; 1238 } 1240 leaf last-adv-source { 1241 type inet:ip-address; 1242 config false; 1243 description 1244 "Last advertised IPv4/IPv6 source address"; 1245 } 1247 leaf up-datetime { 1248 type yang:date-and-time; 1249 config false; 1250 description 1251 "The date and time when this virtual router 1252 transitioned out of init state."; 1253 } 1255 leaf master-down-interval { 1256 type uint32; 1257 units centiseconds; 1258 config false; 1259 description 1260 "Time interval for backup virtual router to declare 1261 Master down."; 1262 } 1264 leaf skew-time { 1265 type uint32; 1266 units microseconds; 1267 config false; 1268 description 1269 "Calculated based on the priority and advertisement 1270 interval configuration command parameters. See RFC 3768."; 1271 } 1273 leaf last-event { 1274 type identityref { 1275 base vrrp:vrrp-event-type; 1276 } 1277 config false; 1278 description 1279 "Last reported event."; 1280 } 1282 leaf new-master-reason { 1283 type new-master-reason-type; 1284 config false; 1285 description 1286 "Indicates the reason for the virtual router to transition 1287 to master state."; 1288 } 1290 container statistics { 1291 config false; 1292 description 1293 "VRRP statistics."; 1295 leaf discontinuity-datetime { 1296 type yang:date-and-time; 1297 description 1298 "The time on the most recent occasion at which any one or 1299 more of the VRRP statistic counters suffered a 1300 discontinuity. If no such discontinuities have occurred 1301 since the last re-initialization of the local management 1302 subsystem, then this node contains the time that the 1303 local management subsystem re-initialized itself."; 1304 } 1306 leaf master-transitions { 1307 type yang:counter32; 1308 description 1309 "The total number of times that this virtual router's 1310 state has transitioned to master"; 1311 } 1313 leaf advertisement-recv { 1314 type yang:counter64; 1315 description 1316 "The total number of VRRP advertisements received by 1317 this virtual router."; 1318 } 1320 leaf advertisement-sent { 1321 type yang:counter64; 1322 description 1323 "The total number of VRRP advertisements sent by 1324 this virtual router."; 1325 } 1327 leaf interval-errors { 1328 if-feature validate-interval-errors; 1329 type yang:counter64; 1330 description 1331 "The total number of VRRP advertisement packets 1332 received with an advertisement interval 1333 different than the one configured for the local 1334 virtual router"; 1335 } 1337 leaf priority-zero-pkts-rcvd { 1338 type yang:counter64; 1339 description 1340 "The total number of VRRP packets received by the 1341 virtual router with a priority of 0."; 1342 } 1344 leaf priority-zero-pkts-sent { 1345 type yang:counter64; 1346 description 1347 "The total number of VRRP packets sent by the 1348 virtual router with a priority of 0."; 1349 } 1351 leaf invalid-type-pkts-rcvd { 1352 type yang:counter64; 1353 description 1354 "The number of VRRP packets received by the virtual 1355 router with an invalid value in the 'type' field."; 1356 } 1358 leaf address-list-errors { 1359 if-feature validate-address-list-errors; 1360 type yang:counter64; 1361 description 1362 "The total number of packets received with an 1363 address list that does not match the locally 1364 configured address list for the virtual router."; 1365 } 1367 leaf packet-length-errors { 1368 type yang:counter64; 1369 description 1370 "The total number of packets received with a packet 1371 length less than the length of the VRRP header."; 1372 } 1373 } // container statistics 1374 } // grouping vrrp-state-attributes 1376 grouping vrrp-global-state-attributes { 1377 description 1378 "Group of VRRP global state attributes."; 1380 leaf virtual-routers { 1381 type uint32; 1382 description "Number of configured virtual routers."; 1383 } 1385 leaf interfaces { 1386 type uint32; 1387 description "Number of interface with VRRP configured."; 1388 } 1390 container statistics { 1391 description 1392 "VRRP global statistics."; 1394 leaf discontinuity-datetime { 1395 type yang:date-and-time; 1396 description 1397 "The time on the most recent occasion at which one of 1398 checksum-errors, version-errors, vrid-errors, and 1399 ip-ttl-errors suffered a discontinuity. 1401 If no such discontinuities have occurred since the last 1402 re-initialization of the local management subsystem, 1403 then this node contains the time that the local management 1404 subsystem re-initialized itself."; 1405 } 1407 leaf checksum-errors { 1408 type yang:counter64; 1409 description 1410 "The total number of VRRP packets received with an invalid 1411 VRRP checksum value."; 1412 reference "RFC 5798, Section 5.2.8"; 1413 } 1415 leaf version-errors { 1416 type yang:counter64; 1417 description 1418 "The total number of VRRP packets received with an unknown 1419 or unsupported version number."; 1420 reference "RFC 5798, Section 5.2.1"; 1421 } 1423 leaf vrid-errors { 1424 type yang:counter64; 1425 description 1426 "The total number of VRRP packets received with a VRID that 1427 is not valid for any virtual router on this router."; 1428 reference "RFC 5798, Section 5.2.3"; 1429 } 1431 leaf ip-ttl-errors { 1432 type yang:counter64; 1433 description 1434 "The total number of VRRP packets received by the 1435 virtual router with IP TTL (Time-To-Live) not equal 1436 to 255."; 1437 reference "RFC 5798, Sections 5.1.1.3 and 5.1.2.3."; 1438 } 1439 } // statistics 1440 } // vrrp-global-state-attributes 1442 /* 1443 * Configuration data and operational state data nodes 1444 */ 1446 augment "/if:interfaces/if:interface/ip:ipv4" { 1447 description "Augment IPv4 interface."; 1449 container vrrp { 1450 description 1451 "Configures the Virtual Router Redundancy Protocol (VRRP) 1452 version 2 or version 3 for IPv4."; 1454 list vrrp-instance { 1455 key "vrid"; 1456 description 1457 "Defines a virtual router, identified by a virtual router 1458 identifier (VRID), within IPv4 address space."; 1460 uses vrrp-ipv4-attributes; 1461 uses vrrp-state-attributes; 1462 } 1463 } 1464 } // augment ipv4 1465 augment "/if:interfaces/if:interface/ip:ipv6" { 1466 description "Augment IPv6 interface."; 1468 container vrrp { 1469 description 1470 "Configures the Virtual Router Redundancy Protocol (VRRP) 1471 version 3 for IPv6."; 1473 list vrrp-instance { 1474 must "derived-from-or-self(version, 'vrrp-v3')" { 1475 description 1476 "IPv6 is only supported by version 3."; 1477 } 1478 key "vrid"; 1479 description 1480 "Defines a virtual router, identified by a virtual router 1481 identifier (VRID), within IPv6 address space."; 1483 uses vrrp-ipv6-attributes; 1484 uses vrrp-state-attributes; 1485 } // list vrrp-instance 1486 } // container vrrp 1487 } // augment ipv6 1489 container vrrp { 1490 config false; 1491 description "VRRP data at the global level."; 1493 uses vrrp-global-state-attributes; 1494 } 1496 /* 1497 * Notifications 1498 */ 1500 notification vrrp-new-master-event { 1501 description 1502 "Notification event for a change of VRRP new master."; 1503 leaf master-ip-address { 1504 type inet:ip-address; 1505 mandatory true; 1506 description 1507 "IPv4 or IPv6 address of the new master."; 1508 } 1509 leaf new-master-reason { 1510 type new-master-reason-type; 1511 mandatory true; 1512 description 1513 "Indicates the reason for the virtual router to transition 1514 to master state."; 1515 } 1516 } 1518 notification vrrp-protocol-error-event { 1519 description 1520 "Notification event for a VRRP protocol error."; 1521 leaf protocol-error-reason { 1522 type identityref { 1523 base vrrp:vrrp-error-global; 1524 } 1525 mandatory true; 1526 description 1527 "Indicates the reason for the protocol error."; 1528 } 1529 } 1531 notification vrrp-virtual-router-error-event { 1532 description 1533 "Notification event for an error happened on a virtual 1534 router."; 1535 leaf interface { 1536 type if:interface-ref; 1537 mandatory true; 1538 description 1539 "Indicates the interface for which statistics area 1540 to be cleared."; 1541 } 1543 choice ip-version { 1544 mandatory true; 1545 description 1546 "The error may have happened on either an IPv4 virtual 1547 router or an IPv6 virtual router. The information 1548 related to a specific IP version is provided by one of 1549 the following cases."; 1550 case ipv4 { 1551 description "IPv4"; 1552 container ipv4 { 1553 description 1554 "Error information for IPv4."; 1555 leaf vrid { 1556 type leafref { 1557 path "/if:interfaces/if:interface" 1558 + "[if:name = current()/../../vrrp:interface]/" 1559 + "ip:ipv4/vrrp:vrrp/vrrp:vrrp-instance/vrrp:vrid"; 1560 } 1561 mandatory true; 1562 description 1563 "Indicates the virtual router on which the event has 1564 occurred."; 1565 } 1566 } 1567 } 1568 case ipv6 { 1569 description "IPv6"; 1570 container ipv6 { 1571 description 1572 "Error information for IPv6."; 1573 leaf vrid { 1574 type leafref { 1575 path "/if:interfaces/if:interface" 1576 + "[if:name = current()/../../vrrp:interface]/" 1577 + "ip:ipv6/vrrp:vrrp/vrrp:vrrp-instance/vrrp:vrid"; 1578 } 1579 mandatory true; 1580 description 1581 "Indicates the virtual router on which the event has 1582 occurred."; 1583 } 1584 } 1585 } 1586 } 1588 leaf virtual-router-error-reason { 1589 type identityref { 1590 base vrrp:vrrp-error-virtual-router; 1591 } 1592 mandatory true; 1593 description 1594 "Indicates the reason for the virtual router error."; 1595 } 1596 } 1597 } 1598 1600 5. IANA Considerations 1602 RFC Ed.: In this section, replace all occurrences of 'XXXX' with the 1603 actual RFC number (and remove this note). 1605 This document registers the following namespace URIs in the IETF XML 1606 registry [RFC3688]: 1608 -------------------------------------------------------------------- 1609 URI: urn:ietf:params:xml:ns:yang:ietf-vrrp 1610 Registrant Contact: The IESG. 1611 XML: N/A, the requested URI is an XML namespace. 1612 -------------------------------------------------------------------- 1614 This document registers the following YANG modules in the YANG Module 1615 Names registry [RFC7950]: 1617 -------------------------------------------------------------------- 1618 name: ietf-vrrp 1619 namespace: urn:ietf:params:xml:ns:yang:ietf-vrrp 1620 prefix: vrrp 1621 reference: RFC XXXX 1622 -------------------------------------------------------------------- 1624 6. Security Considerations 1626 The YANG module specified in this document defines a schema for data 1627 that is designed to be accessed via network management protocols such 1628 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1629 is the secure transport layer, and the mandatory-to-implement secure 1630 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 1631 is HTTPS, and the mandatory-to-implement secure transport is TLS 1632 [RFC5246]. 1634 The NETCONF access control model [RFC6536] provides the means to 1635 restrict access for particular NETCONF or RESTCONF users to a 1636 preconfigured subset of all available NETCONF or RESTCONF protocol 1637 operations and content. 1639 There are a number of data nodes defined in this YANG module that are 1640 writable/creatable/deletable (i.e., config true, which is the 1641 default). These data nodes may be considered sensitive or vulnerable 1642 in some network environments. Write operations (e.g., edit-config) 1643 to these data nodes without proper protection can have a negative 1644 effect on network operations. These are the subtrees and data nodes 1645 and their sensitivity/vulnerability: 1647 /if:interfaces/if:interface/ip:ipv4/vrrp:vrrp/vrrp:vrrp-instance 1649 /if:interfaces/if:interface/ip:ipv6/vrrp:vrrp/vrrp:vrrp-instance 1651 Unauthorized access to any data node of these subtrees can adversely 1652 affect the routing subsystem of both the local device and the 1653 network. This may lead to network malfunctions, delivery of packets 1654 to inappropriate destinations, and other problems. 1656 Some of the readable data nodes in this YANG module may be considered 1657 sensitive or vulnerable in some network environments. It is thus 1658 important to control read access (e.g., via get, get-config, or 1659 notification) to these data nodes. These are the subtrees and data 1660 nodes and their sensitivity/vulnerability: 1662 /ietf-vrrp:vrrp 1664 /if:interfaces/if:interface/ip:ipv4/vrrp:vrrp/vrrp:vrrp-instance 1666 /if:interfaces/if:interface/ip:ipv6/vrrp:vrrp/vrrp:vrrp-instance 1668 Unauthorized access to any data node of these subtrees can disclose 1669 the operational state information of VRRP on this device. 1671 7. References 1673 7.1. Normative References 1675 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1676 Requirement Levels", BCP 14, RFC 2119, 1677 DOI 10.17487/RFC2119, March 1997, . 1680 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1681 DOI 10.17487/RFC3688, January 2004, . 1684 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1685 (TLS) Protocol Version 1.2", RFC 5246, 1686 DOI 10.17487/RFC5246, August 2008, . 1689 [RFC5798] Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP) 1690 Version 3 for IPv4 and IPv6", RFC 5798, 1691 DOI 10.17487/RFC5798, March 2010, . 1694 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1695 the Network Configuration Protocol (NETCONF)", RFC 6020, 1696 DOI 10.17487/RFC6020, October 2010, . 1699 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1700 and A. Bierman, Ed., "Network Configuration Protocol 1701 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1702 . 1704 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1705 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1706 . 1708 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1709 Protocol (NETCONF) Access Control Model", RFC 6536, 1710 DOI 10.17487/RFC6536, March 2012, . 1713 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1714 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1715 . 1717 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1718 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1719 . 1721 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1722 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1723 . 1725 [I-D.ietf-netmod-rfc7223bis] 1726 Bjorklund, M., "A YANG Data Model for Interface 1727 Management", draft-ietf-netmod-rfc7223bis-03 (work in 1728 progress), January 2018. 1730 [I-D.ietf-netmod-rfc7277bis] 1731 Bjorklund, M., "A YANG Data Model for IP Management", 1732 draft-ietf-netmod-rfc7277bis-03 (work in progress), 1733 January 2018. 1735 [I-D.ietf-netmod-revised-datastores] 1736 Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1737 and R. Wilton, "Network Management Datastore 1738 Architecture", draft-ietf-netmod-revised-datastores-10 1739 (work in progress), January 2018. 1741 7.2. Informative References 1743 [RFC3768] Hinden, R., Ed., "Virtual Router Redundancy Protocol 1744 (VRRP)", RFC 3768, DOI 10.17487/RFC3768, April 2004, 1745 . 1747 [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", 1748 RFC 7951, DOI 10.17487/RFC7951, August 2016, 1749 . 1751 [I-D.ietf-netconf-subscribed-notifications] 1752 Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and 1753 A. Tripathy, "Custom Subscription to Event Streams", 1754 draft-ietf-netconf-subscribed-notifications-08 (work in 1755 progress), December 2017. 1757 [I-D.ietf-netconf-yang-push] 1758 Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen- 1759 Nygaard, E., Bierman, A., and B. Lengyel, "YANG Datastore 1760 Subscription", draft-ietf-netconf-yang-push-12 (work in 1761 progress), December 2017. 1763 [I-D.ietf-netmod-rfc6087bis] 1764 Bierman, A., "Guidelines for Authors and Reviewers of YANG 1765 Data Model Documents", draft-ietf-netmod-rfc6087bis-16 1766 (work in progress), January 2018. 1768 [I-D.ietf-netmod-yang-tree-diagrams] 1769 Bjorklund, M. and L. Berger, "YANG Tree Diagrams", draft- 1770 ietf-netmod-yang-tree-diagrams-05 (work in progress), 1771 January 2018. 1773 Appendix A. Data Tree Example 1775 This section contains an example of an instance data tree in the JSON 1776 encoding [RFC7951], containing both configuration and state data. 1778 Virtual router IP address: fe80::1 1779 +-----------------+ +-----------------+ 1780 | | | | 1781 | Router 1 | | Router 2 | 1782 | | | | 1783 +--------+--------+ +--------+--------+ 1784 |eth1 |eth1 1785 |fe80::11 |fe80::12 1786 -------+--------------------------+------- 1787 | | 1788 |fe80::51 |fe80::52 1789 +--------+--------+ +--------+--------+ 1790 | Host 1 | | Host 2 | 1791 | Default gateway:| | Default gateway:| 1792 | fe80::1 | | fe80::1 | 1793 +-----------------+ +-----------------+ 1795 The configuration instance data for Router 1 in the above figure 1796 could be as follows: 1798 { 1799 "ietf-interfaces:interfaces": { 1800 "interface": [ 1801 { 1802 "name": "eth1", 1803 "description": "An interface with VRRP enabled.", 1804 "type": "iana-if-type:ethernetCsmacd", 1805 "ietf-ip:ipv6": { 1806 "address": [ 1807 { 1808 "ip": "2001:db8:0:1::1", 1809 "prefix-length": 64 1810 }, 1811 { 1812 "ip": "fe80::11", 1813 "prefix-length": 64 1814 } 1815 ], 1816 "forwarding": true, 1817 "ietf-vrrp:vrrp": { 1818 "vrrp-instance": [ 1819 { 1820 "vrid": 1, 1821 "version": "vrrp-v3", 1822 "priority": 200, 1823 "advertise-interval-centi-sec": 50, 1824 "virtual-ipv6-addresses": { 1825 "virtual-ipv6-address": [ 1826 "ipv6-address": "fe80::1" 1827 ] 1828 } 1829 } 1830 ] 1831 } 1832 } 1833 } 1834 ] 1835 } 1836 } 1838 The cooresponding operational state data for Router 1 could be as 1839 follows: 1841 { 1842 "ietf-interfaces:interfaces": { 1843 "interface": [ 1844 { 1845 "name": "eth1", 1846 "description": "An interface with VRRP enabled.", 1847 "type": "iana-if-type:ethernetCsmacd", 1848 "phys-address": "00:00:5e:00:53:01", 1849 "oper-status": "up", 1850 "statistics": { 1851 "discontinuity-time": "2016-10-24T17:11:27+02:00" 1852 }, 1853 "ietf-ip:ipv6": { 1854 "forwarding": true, 1855 "mtu": 1500, 1856 "address": [ 1857 { 1858 "ip": "2001:db8:0:1::1", 1859 "prefix-length": 64, 1860 "origin": "static", 1861 "status": "preferred" 1862 }, 1863 { 1864 "ip": "fe80::11", 1865 "prefix-length": 64, 1866 "origin": "static", 1867 "status": "preferred" 1868 } 1869 ] 1870 "ietf-vrrp:vrrp": { 1871 "vrrp-instance": [ 1872 { 1873 "vrid": 1, 1874 "version": "vrrp-v3", 1875 "log-state-change": false, 1876 "preempt": { 1877 "enabled": true, 1878 "hold-time": 0 1879 } 1880 "priority": 200, 1881 "accept-mode": false, 1882 "advertise-interval-centi-sec": 50, 1883 "virtual-ipv6-addresses": { 1884 "virtual-ipv6-address": [ 1885 "ipv6-address": "fe80::1" 1886 ] 1887 }, 1888 "state": "master", 1889 "is-owner": false, 1890 "last-adv-source": "fe80::11", 1891 "up-datetime": "2016-10-24T17:11:27+02:00", 1892 "master-down-interval": 161, 1893 "skew-time": 11, 1894 "last-event": "vrrp-event-interface-up", 1895 "new-master-reason": "priority", 1896 "statistics": { 1897 "discontinuity-datetime": 1898 "2016-10-24T17:11:27+02:00", 1899 "master-transitions": 2, 1900 "advertisement-recv": 20, 1901 "advertisement-sent": 12, 1902 "interval-errors": 0, 1903 "priority-zero-pkts-rcvd": 0, 1904 "priority-zero-pkts-sent": 0, 1905 "invalid-type-pkts-rcvd": 0, 1906 "address-list-errors": 0, 1907 "packet-length-errors": 1 1908 } 1909 } 1910 ] 1911 } 1912 } 1913 } 1914 ] 1915 } 1916 } 1918 { 1919 "ietf-vrrp:vrrp": { 1920 "virtual-routers": 3, 1921 "interfaces": 2, 1922 "statistics": { 1923 "discontinuity-datetime": "2016-10-24T17:11:27+02:00", 1924 "checksum-errors": 2, 1925 "version-errors": 0, 1926 "vrid-errors": 0, 1927 "ip-ttl-errors": 1 1928 } 1929 } 1930 } 1932 Authors' Addresses 1934 Xufeng Liu (editor) 1935 Jabil 1936 8281 Greensboro Drive, Suite 200 1937 McLean VA 22102 1938 USA 1940 EMail: Xufeng_Liu@jabil.com 1941 Athanasios Kyparlis 1942 Jabil 1943 8281 Greensboro Drive, Suite 200 1944 McLean VA 22102 1945 USA 1947 EMail: Athanasios_Kyparlis@jabil.com 1949 Ravi Parikh 1950 VMware 1951 3425 Hillview Avenue 1952 Palo Alto CA 94304 1953 USA 1955 EMail: parikhr@vmware.com 1957 Acee Lindem 1958 Cisco Systems 1959 301 Midenhall Way 1960 Cary NC 27513 1961 USA 1963 EMail: acee@cisco.com 1965 Mingui Zhang 1966 Huawei Technologies 1967 No. 156 Beiqing Rd. Haidian District 1968 Beijing 100095 1969 P.R. China 1971 EMail: zhangmingui@huawei.com