]> Cisco Systems

slitkows.ietf@gmail.com

Futurewei

yingzhen.qu@futurewei.com

Individual

pushpasis.ietf@gmail.com

The MITRE Corporation

ingwherchen@mitre.org

Microsoft

jefftant.ietf@gmail.com

LSR Working Group This document defines a YANG data module that can be used to configure and manage IS-IS Segment Routing for MPLS data plane.

Overview YANG is a data definition language used to define the contents of a conceptual data store that allows networked devices to be managed using NETCONF . YANG is proving relevant beyond its initial confines, as bindings to other interfaces (e.g., ReST) and encodings other than XML (e.g., JSON) are being defined. Furthermore, YANG data models can be used as the basis for implementation of other interfaces, such as CLI and programmatic APIs. This document defines a YANG data module that can be used to configure and manage IS-IS Segment Routing for MPLS data plane and it is an augmentation to the IS-IS YANG data model. The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA) .

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Tree Diagrams This document uses the graphical representation of data models defined in .

IS-IS Segment Routing This document defines a model for IS-IS Segment Routing feature. It is an augmentation of the IS-IS base model. The IS-IS SR YANG module requires support for the base segment routing module , which defines the global segment routing configuration independent of any specific routing protocol configuration, and support of IS-IS base model which defines basic IS-IS configuration and state. The figure below describes the overall structure of the isis-sr YANG module:

IS-IS Segment Routing configuration

Segment Routing activation Activation of segment-routing IS-IS is done by setting the "enable" leaf to true. This triggers advertisement of segment-routing extensions based on the configuration parameters that have been setup using the base segment routing module.

Advertising mapping server policy The base segment routing module defines mapping server policies. By default, IS-IS will not advertise nor receive any mapping server entry. The IS-IS segment-routing module allows to advertise one or multiple mapping server policies through the "bindings/advertise/policies" leaf-list. The "bindings/receive" leaf allows to enable the reception of mapping server entries.

IP Fast reroute IS-IS SR model augments the fast-reroute container under interface. It brings the ability to activate TI-LFA (topology independent LFA) and also enhances remote LFA to use segment-routing tunneling instead of LDP.

IS-IS Segment Routing YANG Module Editor: Stephane Litkowski Author: Acee Lindem Author: Yingzhen Qu Author: Pushpasis Sarkar Author: Ing-Wher Chen Author: Jeff Tantsura "; description "The YANG module defines a generic configuration model for Segment routing ISIS extensions common across all of the vendor implementations. This YANG model conforms to the Network Management Datastore Architecture (NMDA) as described in RFC 8342. Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; reference "RFC XXXX"; revision 2022-08-09 { description "Initial revision."; reference "RFC XXXX"; } /* Identities */ identity sr-capability { description "Base identity for ISIS SR-Capabilities sub-TLV flgs"; } identity mpls-ipv4 { base sr-capability; description "If set, then the router is capable of processing SR MPLS encapsulated IPv4 packets on all interfaces."; } identity mpls-ipv6 { base sr-capability; description "If set, then the router is capable of processing SR MPLS encapsulated IPv6 packets on all interfaces."; } identity prefix-sid-bit { description "Base identity for prefix sid sub-tlv bits."; } identity r-bit { base prefix-sid-bit; description "Re-advertisement Flag."; } identity n-bit { base prefix-sid-bit; description "Node-SID Flag."; } identity p-bit { base prefix-sid-bit; description "No-PHP (No Penultimate Hop-Popping) Flag."; } identity e-bit { base prefix-sid-bit; description "Explicit NULL Flag."; } identity v-bit { base prefix-sid-bit; description "Value Flag."; } identity l-bit { base prefix-sid-bit; description "Local Flag."; } identity adj-sid-bit { description "Base identity for adj sid sub-tlv bits."; } identity f-bit { base adj-sid-bit; description "Address-Family flag."; } identity b-bit { base adj-sid-bit; description "Backup flag."; } identity vi-bit { base adj-sid-bit; description "Value/Index flag."; } identity lo-bit { base adj-sid-bit; description "Local flag."; } identity s-bit { base adj-sid-bit; description "Group flag."; } identity pe-bit { base adj-sid-bit; description "Persistent flag."; } identity sid-binding-bit { description "Base identity for sid binding tlv bits."; } identity af-bit { base sid-binding-bit; description "Address-Family flag."; } identity m-bit { base sid-binding-bit; description "Mirror Context flag."; } identity sf-bit { base sid-binding-bit; description "S flag. If set, the binding label tlv should be flooded across the entire routing domain."; } identity d-bit { base sid-binding-bit; description "Leaking flag."; } identity a-bit { base sid-binding-bit; description "Attached flag."; } /* Features */ feature remote-lfa-sr { description "Enhance rLFA to use SR path."; } feature ti-lfa { description "Enhance IPFRR with ti-lfa support"; } /* Groupings */ grouping sid-sub-tlv { description "SID/Label sub-TLV grouping."; container sid-sub-tlv { description "Used to advertise the SID/Label associated with a prefix or adjacency."; leaf sid { type uint32; description "Segment Identifier (SID) - A 20 bit label or 32 bit SID."; } } } grouping sr-capability { description "SR capability grouping."; container sr-capability { description "Segment Routing capability."; container sr-capability { leaf-list sr-capability-bits { type identityref { base sr-capability; } description "SR Capability sub-tlv flags list."; } description "SR Capability Flags."; } container global-blocks { description "Segment Routing Global Blocks."; list global-block { description "Segment Routing Global Block."; leaf range-size { type uint32; description "The SID range."; } uses sid-sub-tlv; } } } } grouping sr-algorithm { description "SR algorithm grouping."; container sr-algorithms { description "All SR algorithms."; leaf-list sr-algorithm { type uint8; description "The Segment Routing (SR) algorithms that the router is currently using."; } } } grouping srlb { description "SR Local Block grouping."; container local-blocks { description "List of SRLBs."; list local-block { description "Segment Routing Local Block."; leaf range-size { type uint32; description "The SID range."; } uses sid-sub-tlv; } } } grouping srms-preference { description "The SRMS preference TLV is used to advertise a preference associated with the node that acts as an SR Mapping Server."; container srms-preference { description "SRMS Preference TLV."; leaf preference { type uint8 { range "0 .. 255"; } description "SRMS preference TLV, value from 0 to 255."; } } } grouping adjacency-state { description "This group will extend adjacency state."; list adjacency-sid { key value; config false; leaf af { type iana-rt-types:address-family; description "Address-family associated with the segment ID"; } leaf value { type uint32; description "Value of the Adj-SID."; } leaf weight { type uint8; description "Weight associated with the adjacency SID."; } leaf protection-requested { type boolean; description "Describe if the adjacency SID must be protected."; } description "List of adjacency Segment IDs."; } } grouping prefix-segment-id { description "This group defines segment routing extensions for prefixes."; list sid-list { key value; container perfix-sid-flags { leaf-list bits { type identityref { base prefix-sid-bit; } description "Prefix SID Sub-TLV flag bits list."; } description "Describes flags associated with the segment ID."; } leaf algorithm { type uint8; description "Algorithm to be used for path computation."; } leaf value { type uint32; description "Value of the prefix-SID."; } description "List of segments."; } } grouping adjacency-segment-id { description "This group defines segment routing extensions for adjacencies."; list sid-list { key value; container adj-sid-flags { leaf-list bits { type identityref { base adj-sid-bit; } description "Adj sid sub-tlv flags list."; } description "Adj-sid sub-tlv flags."; } leaf weight { type uint8; description "The value represents the weight of the Adj-SID for the purpose of load balancing."; } leaf neighbor-id { type isis:system-id; description "Describes the system ID of the neighbor associated with the SID value. This is only used on LAN adjacencies."; } leaf value { type uint32; description "Value of the Adj-SID."; } description "List of segments."; } } grouping segment-routing-binding-tlv { list segment-routing-bindings { key "fec range"; leaf fec { type string; description "IP (v4 or v6) range to be bound to SIDs."; } leaf range { type uint16; description "Describes number of elements to assign a binding to."; } container sid-binding-flags { leaf-list bits { type identityref { base sid-binding-bit; } description "SID Binding TLV flag bits list."; } description "Binding flags."; } container binding { container prefix-sid { uses prefix-segment-id; description "Binding prefix SID to the range."; } description "Bindings associated with the range."; } description "This container describes list of SID/Label bindings. ISIS reference is TLV 149."; } description "Defines binding TLV for database."; } /* Cfg */ augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol configuration with segment routing."; uses sr-mpls:sr-control-plane; container protocol-srgb { if-feature sr-mpls:protocol-srgb; uses sr-cmn:srgb; description "Per-protocol SRGB."; } } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:interfaces/isis:interface" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol configuration with segment routing."; uses sr-mpls:igp-interface; } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:interfaces/isis:interface"+ "/isis:fast-reroute" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS IP FRR with TILFA."; container ti-lfa { if-feature ti-lfa; leaf enable { type boolean; description "Enables TI-LFA computation."; } description "TILFA configuration."; } } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:interfaces/isis:interface"+ "/isis:fast-reroute/isis:lfa/isis:remote-lfa" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS remoteLFA config with use of segment-routing path."; leaf use-segment-routing-path { if-feature remote-lfa-sr; type boolean; description "force remote LFA to use segment routing path instead of LDP path."; } } /* Operational states */ augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:interfaces/isis:interface" + "/isis:adjacencies/isis:adjacency" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol configuration with segment routing."; uses adjacency-state; } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:database/isis:levels/isis:lsp"+ "/isis:router-capabilities" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol LSDB router capability."; uses sr-capability; uses sr-algorithm; uses srlb; uses srms-preference; } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:database/isis:levels/isis:lsp"+ "/isis:extended-is-neighbor/isis:neighbor" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol LSDB neighbor."; uses adjacency-segment-id; } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:database/isis:levels/isis:lsp"+ "/isis:mt-is-neighbor/isis:neighbor" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol LSDB neighbor."; uses adjacency-segment-id; } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:database/isis:levels/isis:lsp"+ "/isis:extended-ipv4-reachability/isis:prefixes" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol LSDB prefix."; uses prefix-segment-id; } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:database/isis:levels/isis:lsp"+ "/isis:mt-extended-ipv4-reachability/isis:prefixes" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol LSDB prefix."; uses prefix-segment-id; } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:database/isis:levels/isis:lsp"+ "/isis:ipv6-reachability/isis:prefixes" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol LSDB prefix."; uses prefix-segment-id; } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:database/isis:levels/isis:lsp"+ "/isis:mt-ipv6-reachability/isis:prefixes" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol LSDB prefix."; uses prefix-segment-id; } augment "/rt:routing/" + "rt:control-plane-protocols/rt:control-plane-protocol"+ "/isis:isis/isis:database/isis:levels/isis:lsp" { when "/rt:routing/rt:control-plane-protocols/"+ "rt:control-plane-protocol/rt:type = 'isis:isis'" { description "This augment ISIS routing protocol when used"; } description "This augments ISIS protocol LSDB."; uses segment-routing-binding-tlv; } /* Notifications */ } ]]>

Security Considerations The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF or RESTCONF . The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) . The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS . The NETCONF Access Control Model (NACM) provides the means to restrict access for particular NETCONF or RESTCONF users to a pre-configured subset of all available NETCONF or RESTCONF protocol operations and content. There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:

• /isis:isis/segment-routing
• /isis:isis/protocol-srgb
• /isis:isis/isis:interfaces/isis:interface/segment-routing
• /isis:isis/isis:interfaces/isis:interface/isis:fast-reroute/ti-lfa

Some of the readable data nodes in the modules may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes.

• /isis:router-capabilities/sr-capability
• /isis:router-capabilities/sr-algorithms
• /isis:router-capabilities/local-blocks
• /isis:router-capabilities/srms-preference
• /isis:router-capabilities/node-msd-tlv
• And the augmentations to the ISIS link state database.

Unauthorized access to any data node of these subtrees can disclose the operational state information of IS-IS protocol on this device.

Contributors Authors would like to thank Derek Yeung, Acee Lindem, Yi Yang for their major contributions to the draft.

Acknowledgements MITRE has approved this document for Public Release, Distribution Unlimited, with Public Release Case Number 19-3033.

IANA Considerations The IANA is requested to assign one new URI from the IETF XML registry (). Authors are suggesting the following URI: This document also requests one new YANG module name in the YANG Module Names registry () with the following suggestion :

Normative References This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. This document obsoletes RFC 4742. [STANDARDS-TRACK] This document describes an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in the Network Configuration Protocol (NETCONF). RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document captures the current syntax used in YANG module tree diagrams. The purpose of this document is to provide a single location for this definition. This syntax may be updated from time to time based on the evolution of the YANG language. The standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) or the RESTCONF protocol requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF or RESTCONF protocol access for particular users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. This document defines such an access control model. This document obsoletes RFC 6536. Datastores are a fundamental concept binding the data models written in the YANG data modeling language to network management protocols such as the Network Configuration Protocol (NETCONF) and RESTCONF. This document defines an architectural framework for datastores based on the experience gained with the initial simpler model, addressing requirements that were not well supported in the initial model. This document updates RFC 7950. This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations. Segment Routing (SR) allows for a flexible definition of end-to-end paths within IGP topologies by encoding paths as sequences of topological sub-paths, called "segments". These segments are advertised by the link-state routing protocols (IS-IS and OSPF). This document describes the IS-IS extensions that need to be introduced for Segment Routing operating on an MPLS data plane. Cisco Systems Arrcus, Inc Cisco Systems Juniper Networks CZ.NIC This document defines a YANG data model that can be used to configure and manage the IS-IS protocol on network elements. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs). This document obsoletes RFC 4741. [STANDARDS-TRACK] YANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications. [STANDARDS-TRACK] This document describes an IANA maintained registry for IETF standards which use Extensible Markup Language (XML) related items such as Namespaces, Document Type Declarations (DTDs), Schemas, and Resource Description Framework (RDF) Schemas. YANG is a data modeling language used to model configuration data, state data, Remote Procedure Calls, and notifications for network management protocols. This document describes the syntax and semantics of version 1.1 of the YANG language. YANG version 1.1 is a maintenance release of the YANG language, addressing ambiguities and defects in the original specification. There are a small number of backward incompatibilities from YANG version 1. This document also specifies the YANG mappings to the Network Configuration Protocol (NETCONF). This document defines a YANG data model ([RFC6020], [RFC7950]) for segment routing ([I-D.ietf-spring-segment-routing]) configuration and operation. This YANG model is intended to be used on network elements to configure or operate segment routing. This document defines also generic containers that SHOULD be reused by IGP protocol modules to support segment routing.