| rfc9826v2.txt | rfc9826.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) D. Dhody, Ed. | Internet Engineering Task Force (IETF) D. Dhody, Ed. | |||
| Request for Comments: 9826 Huawei | Request for Comments: 9826 Huawei | |||
| Category: Standards Track V. Beeram | Category: Standards Track V. Beeram | |||
| ISSN: 2070-1721 Juniper Networks | ISSN: 2070-1721 Juniper Networks | |||
| J. Hardwick | J. Hardwick | |||
| J. Tantsura | J. Tantsura | |||
| Nvidia | Nvidia | |||
| July 2025 | August 2025 | |||
| A YANG Data Model for the Path Computation Element Communication | A YANG Data Model for the Path Computation Element Communication | |||
| Protocol (PCEP) | Protocol (PCEP) | |||
| Abstract | Abstract | |||
| This document defines a YANG data model for the management of the | This document defines a YANG data model for the management of the | |||
| Path Computation Element Communication Protocol (PCEP) for | Path Computation Element Communication Protocol (PCEP) for | |||
| communications between a Path Computation Client (PCC) and a Path | communications between a Path Computation Client (PCC) and a Path | |||
| Computation Element (PCE), or between two PCEs. | Computation Element (PCE), or between two PCEs. | |||
| skipping to change at line 155 ¶ | skipping to change at line 155 ¶ | |||
| This document uses the following terms defined in [RFC7420]: | This document uses the following terms defined in [RFC7420]: | |||
| PCEP entity: a local PCEP speaker | PCEP entity: a local PCEP speaker | |||
| PCEP peer: a remote PCEP speaker | PCEP peer: a remote PCEP speaker | |||
| PCEP speaker: term used when it is not necessary to distinguish | PCEP speaker: term used when it is not necessary to distinguish | |||
| between local and remote. | between local and remote. | |||
| Further, this document uses the following terms defined in [RFC8231]: | Further, this document uses the following terms defined in [RFC8051]: | |||
| * Stateful PCE | * Stateful PCE | |||
| * Passive Stateful PCE | * Passive Stateful PCE | |||
| * Active Stateful PCE | * Active Stateful PCE | |||
| * Delegation | * Delegation | |||
| In addition, this document uses the following terms defined in | ||||
| [RFC8231]: | ||||
| * Revocation | * Revocation | |||
| * Redelegation | * Redelegation | |||
| * Path Computation LSP State Report (PCRpt) message | * Path Computation LSP State Report (PCRpt) message | |||
| * Path Computation LSP Update Request (PCUpd) message | * Path Computation LSP Update Request (PCUpd) message | |||
| * PLSP-ID (a PCEP-specific identifier for the LSP) | * PLSP-ID (a PCEP-specific identifier for the LSP) | |||
| skipping to change at line 4692 ¶ | skipping to change at line 4695 ¶ | |||
| If this mechanism is not supported, implementations must | If this mechanism is not supported, implementations must | |||
| reset PCEP statistics individually by invoking the action | reset PCEP statistics individually by invoking the action | |||
| for each peer and session."; | for each peer and session."; | |||
| } | } | |||
| } | } | |||
| <CODE ENDS> | <CODE ENDS> | |||
| 9. Security Considerations | 9. Security Considerations | |||
| This section is modeled after the template described in Section 3.7 | This section is modeled after the template described in Section 3.7.1 | |||
| of [YANG-GUIDELINES]. | of [YANG-GUIDELINES]. | |||
| The "ietf-pcep" and "ietf-pcep-stats" YANG modules define data models | The "ietf-pcep" and "ietf-pcep-stats" YANG modules define data models | |||
| that are designed to be accessed via YANG-based management protocols, | that are designed to be accessed via YANG-based management protocols, | |||
| such as NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols | such as NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols | |||
| have to use a secure transport layer (e.g., SSH [RFC4252], TLS | have to use a secure transport layer (e.g., SSH [RFC4252], TLS | |||
| [RFC8446], and QUIC [RFC9000]) and have to use mutual authentication. | [RFC8446], and QUIC [RFC9000]) and have to use mutual authentication. | |||
| The Network Configuration Access Control Model (NACM) [RFC8341] | The Network Configuration Access Control Model (NACM) [RFC8341] | |||
| provides the means to restrict access for particular NETCONF or | provides the means to restrict access for particular NETCONF or | |||
| skipping to change at line 4765 ¶ | skipping to change at line 4768 ¶ | |||
| sensitive or vulnerable in network environments. | sensitive or vulnerable in network environments. | |||
| The YANG module defines a set of identities, types, and groupings. | The YANG module defines a set of identities, types, and groupings. | |||
| These nodes are intended to be reused by other YANG modules. The | These nodes are intended to be reused by other YANG modules. The | |||
| module by itself does not expose any data nodes that are writable, | module by itself does not expose any data nodes that are writable, | |||
| data nodes that contain read-only state, or RPCs. As such, there are | data nodes that contain read-only state, or RPCs. As such, there are | |||
| no additional security issues related to the YANG module that need to | no additional security issues related to the YANG module that need to | |||
| be considered. | be considered. | |||
| Modules that use the groupings that are defined in this document | Modules that use the groupings that are defined in this document | |||
| should identify the corresponding security considerations. | should identify the corresponding security considerations. For | |||
| example, reusing some of these groupings will expose privacy-related | ||||
| information (e.g., 'node-example'). | ||||
| The actual authentication key data (whether locally specified or part | The actual authentication key data (whether locally specified or part | |||
| of a key-chain) is sensitive and needs to be kept secret from | of a key-chain) is sensitive and needs to be kept secret from | |||
| unauthorized parties; compromise of the key data would allow an | unauthorized parties; compromise of the key data would allow an | |||
| attacker to forge PCEP traffic that would be accepted as authentic, | attacker to forge PCEP traffic that would be accepted as authentic, | |||
| potentially compromising the TE domain. | potentially compromising the TE domain. | |||
| The model describes several notifications; implementations must rate- | The model describes several notifications; implementations must rate- | |||
| limit the generation of these notifications to avoid creating a | limit the generation of these notifications to avoid creating a | |||
| significant notification load. Otherwise, this notification load may | significant notification load. Otherwise, this notification load may | |||
| have some side effects on the system stability and may be exploited | have some side effects on the system stability and may be exploited | |||
| as an attack vector. | as an attack vector. | |||
| The "auth" container includes various authentication and security | The "auth" container includes various authentication and security | |||
| options for PCEP. Further, Section 7.1 describes how to configure | options for PCEP. Further, Section 7.1 describes how to configure | |||
| TLS 1.2 and TLS 1.3 for a PCEP session via this YANG module. | TLS 1.2 and TLS 1.3 for a PCEP session via this YANG module. | |||
| *The "ietf-pcep-stats" YANG module:* | *The "ietf-pcep-stats" YANG module:* | |||
| This document also includes another YANG module (called "ietf-pcep- | ||||
| stats") for maintaining the statistics by augmenting the "ietf-pcep" | ||||
| YANG module. | ||||
| There are no particularly sensitive writable data nodes. | There are no particularly sensitive writable data nodes. | |||
| The readable data nodes in this YANG module may be considered | There are no particularly sensitive readable data nodes. | |||
| sensitive or vulnerable in some network environments. It is thus | ||||
| important to control read access (e.g., via get, get-config, or | ||||
| notification) to these data nodes. The statistics could provide | ||||
| information related to the current usage patterns of the network. | ||||
| Some of the RPC or action operations in this YANG module may be | Some of the RPC or action operations in this YANG module may be | |||
| considered sensitive or vulnerable in some network environments. It | considered sensitive or vulnerable in some network environments. It | |||
| is thus important to control access to these operations. | is thus important to control access to these operations. | |||
| Specifically, the following operation has particular sensitivities/ | Specifically, the following operation has particular sensitivities/ | |||
| vulnerabilities: | vulnerabilities: | |||
| * reset-pcep-statistics-all: The RPC is used to reset all PCEP | * reset-pcep-statistics-all: The RPC is used to reset all PCEP | |||
| statistics across all peers and sessions. An unauthorized reset | statistics across all peers and sessions. An unauthorized reset | |||
| could impact monitoring. | could impact monitoring. | |||
| skipping to change at line 5099 ¶ | skipping to change at line 5096 ¶ | |||
| (TLS) Protocol Version 1.2", RFC 5246, | (TLS) Protocol Version 1.2", RFC 5246, | |||
| DOI 10.17487/RFC5246, August 2008, | DOI 10.17487/RFC5246, August 2008, | |||
| <https://www.rfc-editor.org/info/rfc5246>. | <https://www.rfc-editor.org/info/rfc5246>. | |||
| [RFC7420] Koushik, A., Stephan, E., Zhao, Q., King, D., and J. | [RFC7420] Koushik, A., Stephan, E., Zhao, Q., King, D., and J. | |||
| Hardwick, "Path Computation Element Communication Protocol | Hardwick, "Path Computation Element Communication Protocol | |||
| (PCEP) Management Information Base (MIB) Module", | (PCEP) Management Information Base (MIB) Module", | |||
| RFC 7420, DOI 10.17487/RFC7420, December 2014, | RFC 7420, DOI 10.17487/RFC7420, December 2014, | |||
| <https://www.rfc-editor.org/info/rfc7420>. | <https://www.rfc-editor.org/info/rfc7420>. | |||
| [RFC8051] Zhang, X., Ed. and I. Minei, Ed., "Applicability of a | ||||
| Stateful Path Computation Element (PCE)", RFC 8051, | ||||
| DOI 10.17487/RFC8051, January 2017, | ||||
| <https://www.rfc-editor.org/info/rfc8051>. | ||||
| [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | |||
| and R. Wilton, "Network Management Datastore Architecture | and R. Wilton, "Network Management Datastore Architecture | |||
| (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8342>. | <https://www.rfc-editor.org/info/rfc8342>. | |||
| [RFC8751] Dhody, D., Lee, Y., Ceccarelli, D., Shin, J., and D. King, | [RFC8751] Dhody, D., Lee, Y., Ceccarelli, D., Shin, J., and D. King, | |||
| "Hierarchical Stateful Path Computation Element (PCE)", | "Hierarchical Stateful Path Computation Element (PCE)", | |||
| RFC 8751, DOI 10.17487/RFC8751, March 2020, | RFC 8751, DOI 10.17487/RFC8751, March 2020, | |||
| <https://www.rfc-editor.org/info/rfc8751>. | <https://www.rfc-editor.org/info/rfc8751>. | |||
| skipping to change at line 5980 ¶ | skipping to change at line 5982 ¶ | |||
| +-----------------------------------+-----------------------------+ | +-----------------------------------+-----------------------------+ | |||
| | pcep-session-peer-overload |pcePcepSessPeerOverload | | | pcep-session-peer-overload |pcePcepSessPeerOverload | | |||
| +-----------------------------------+-----------------------------+ | +-----------------------------------+-----------------------------+ | |||
| | pcep-session-peer-overload-clear |pcePcepSessPeerOverloadClear | | | pcep-session-peer-overload-clear |pcePcepSessPeerOverloadClear | | |||
| +-----------------------------------+-----------------------------+ | +-----------------------------------+-----------------------------+ | |||
| Table 7: Relationship with PCEP MIB Notification | Table 7: Relationship with PCEP MIB Notification | |||
| Acknowledgements | Acknowledgements | |||
| The initial document is based on the PCEP MIB [RFC7420]. The authors | The initial draft version of this document was based on the PCEP MIB | |||
| of this document would like to thank the authors of the above | [RFC7420]. The authors of this document would like to thank the | |||
| document. | authors of [RFC7420]. | |||
| Thanks to Martin Bjorklund and Tom Petch for the detailed review. | Thanks to Martin Bjorklund and Tom Petch for the detailed review. | |||
| Thanks to Mahesh Jethanandani and Jan Lindblad for the YANGDOCTOR | Thanks to Mahesh Jethanandani and Jan Lindblad for the YANGDOCTOR | |||
| review. Thanks to Scott Kelly for the SECDIR review. Thanks to Gyan | review. Thanks to Scott Kelly for the SECDIR review. Thanks to Gyan | |||
| Mishra and Matthew Bocci for the RTGDIR review. | Mishra and Matthew Bocci for the RTGDIR review. | |||
| Contributors | Contributors | |||
| Rohit Pobbathi | Rohit Pobbathi | |||
| Nokia Networks | Nokia Networks | |||
| End of changes. 9 change blocks. | ||||
| 16 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||