RTGWG F. Zhang Internet-Draft Y. Zhu Intended status: Standards Track China Telecom Expires: 23 August 2025 B. Wu Huawei J. Hu China Telecom 19 February 2025 YANG Data Model for IPv6 Neighbor Discovery draft-zhang-rtgwg-ipv6-address-resolution-yang-02 Abstract This document defines a YANG data model to configure and manage IPv6 Neighbor Discovery (ND) and related functions, including IPv6 address resolution, redirect function, proxy Neighbor Advertisement, Neighbor Unreachability Detection (NUD), Duplicate Address Detection (DAD), SEcure Neighbor Discovery (SEND), and Secure ND Proxy. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 23 August 2025. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components Zhang, et al. Expires 23 August 2025 [Page 1] Internet-Draft ND YANG model February 2025 extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 4 2. Design of the Data Model . . . . . . . . . . . . . . . . . . 4 2.1. IPv6 Address Resolution and Redirect Function . . . . . . 5 2.2. Proxy Neighbor Advertisement . . . . . . . . . . . . . . 5 2.3. Neighbor Unreachability Detection . . . . . . . . . . . . 6 2.4. Duplicate Address Detection . . . . . . . . . . . . . . . 6 2.5. Secure Neighbor Discovery and Secure ND Proxy . . . . . . 6 2.6. IPv6 Neighbor Discovery Data Model . . . . . . . . . . . 6 3. IPv6 Neighbor Discovery YANG Module . . . . . . . . . . . . . 8 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 5. Security Considerations . . . . . . . . . . . . . . . . . . . 19 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 7.1. Normative References . . . . . . . . . . . . . . . . . . 20 7.2. Informative References . . . . . . . . . . . . . . . . . 22 Appendix A. Data Model Examples . . . . . . . . . . . . . . . . 22 A.1. Configured Static IPv6 Neighbor Cache Entry . . . . . . . 22 A.2. Configuration of Proxy Neighbor Advertisement, NUD, and DAD . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 1. Introduction This document defines a YANG data model "ietf-ipv6-address- resolution" to configure and manage IPv6 Neighbor Discovery (ND) and related functions, including IPv6 address resolution [RFC4861], redirect function [RFC4861], proxy Neighbor Advertisement [RFC4861], Neighbor Unreachability Detection (NUD) [RFC4861], Duplicate Address Detection [RFC4862], SEcure Neighbor Discovery (SEND)[RFC3971], and Secure ND Proxy [RFC6496]. Basic neighbor management functionality is supported by the "ietf-ip" YANG data model [RFC8344], and there has already been a draft [I-D.ietf-rtgwg-arp-yang-model] to extend the basic ARP YANG functionality to cover optional ARP features and related statistics, which is only for IPv4. Thus, an extension for IPv6 address resolution is required to maintain the Neighbor Cache entries for IPv6. Zhang, et al. Expires 23 August 2025 [Page 2] Internet-Draft ND YANG model February 2025 [RFC4861] specifies the Neighbor Discovery protocol for IPv6 and [RFC4862] specifies its related functions. However, the YANG module defined in the document only covers IPv6 address resolution [RFC4861], redirect function [RFC4861], proxy Neighbor Advertisement [RFC4861], NUD [RFC4861], and DAD [RFC4862], along with SEND defined in [RFC3971] and Secure ND Proxy defined in [RFC6496]. Router and prefix discovery [RFC4861] are covered by submodule "ietf-ipv6- router-advertisements" in [RFC8349]. Stateless address autoconfiguration [RFC4862] is covered by module "ietf-ip" in [RFC8344]. The model is based on YANG 1.1 as defined in [RFC7950] and conforms to Network Management Datastore Architecture (NMDA) as defined in [RFC8342]. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. The following terms are defined in [RFC8342]: * configuration * system state * operational state The following terms are defined in [RFC7950]: * augment * container * data model * data node * leaf * list * module * schema tree Zhang, et al. Expires 23 August 2025 [Page 3] Internet-Draft ND YANG model February 2025 The following terms are defined in [RFC4861]: * Neighbor Discovery * Neighbor Advertisement * proxy Neighbor Advertisement * Neighbor Unreachability Detection The following term is defined in [RFC4862]: * Duplicate Address Detection * Stateless Address Autoconfiguration The following term is defined in [RFC3971]: * Secure Neighbor Discovery * Certification Path Advertisement (CPA) * Cryptographically Generated Address (CGA) * Nonce * Trust Anchor The following term is defined in [RFC6496]: * Secure ND Proxy 1.2. Tree Diagrams Tree diagrams used in this document follow the notation defined in [RFC8340]. 2. Design of the Data Model The YANG data model for IPv6 ND defines global configurations and augments the "ietf-ip" [RFC8344] for per-interface configuration, which configures and manages IPv6 address resolution and redirect function based on IPv6 ND protocol and other related functions, including proxy Neighbor Advertisement, NUD, DAD, and SEND. Zhang, et al. Expires 23 August 2025 [Page 4] Internet-Draft ND YANG model February 2025 Note that the features related to ICMP Router and Prefix Discovery are outside the scope of this module since they have already been defined in the submodule "ietf-ipv6-router-advertisements" [RFC8349], while stateless address autoconfiguration [RFC4862] is also out of the scope since it is covered by "ietf-ip"[RFC8344]. 2.1. IPv6 Address Resolution and Redirect Function The data model augments the "/if:interfaces/if:interface/ip:ipv6" path defined in the "ietf-ip" module [RFC8344] for IPv6 address resolution based on ND protocol [RFC4861]. The "dynamic-discovery" leaf enables the dynamic IPv6 address resolution based on ND protocol. The "ns-interval" leaf defines the interval of retransmitting Neighbor Solicitation messages when the node tries to learn the link- layer address of another node. As for the management of Neighbor Cache entries, the "stale-timeout" leaves define the timeout for STALE entries, while the "age" leaf augments the "/if:interfaces/if:interface/ip:ipv6/ip:neighbor" path to indicate the time that has passed since the last time the Neighbor Cache entry is confirmed reachable. The "statistics" container defines a collection of interface-related statistics about IPv6 ND messages. The "redirect" leaf enables the sending and processing of Redirect messages. 2.2. Proxy Neighbor Advertisement The "proxy-na" container augmenting "ietf-ip"[RFC8344] defines the configurations of proxy Neighbor Advertisements [RFC4861], which indicates that a router is willing to accept packets not explicitly addressed to itself. After receiving a Neighbor Solicitation message that the destination address is not its own IPv6 address, a proxy router replies the source with a Neighbor Advertisement message carrying its own link-layer address and the IPv6 address of the original destination. The "inter-vlan-proxy" leaf enables the router to proxy for hosts in the same subnet with different VLANs to enable the communication between them. Zhang, et al. Expires 23 August 2025 [Page 5] Internet-Draft ND YANG model February 2025 The "all-proxy" leaf enables the router to proxy for all hosts, that is, responds unconditionally to Neighbor Solicitation messages no matter whether the sources and destinations are in the same subnet or not with its own Neighbor Advertisement messages,which can attract the traffic to the router itself for centralized control or hidding the topology of the network. 2.3. Neighbor Unreachability Detection The "nud" leaf augmenting "ietf-ip"[RFC8344] enables Neighbor Unreachability Detection (NUD) [RFC4861], which is used for a node to track the reachability of the neighbors to which it is sending packets and update the state of the related Neighbor Cache entry. The "reachable-time" leaf defines the time to confirm a neighbor's reachability for NUD. The neighbor's state changes from REACHABLE to STALE when there is no other reachability confirmation from the neighbor in "reachable-time" milliseconds. The "ns-interval" leaf also indicates the interval of retransmitting Neighbor Solicitation messages for NUD. 2.4. Duplicate Address Detection The "dup-addr-detect-transmits" leaf, which indicates the number of consecutive Neighbor Solicitation messages sent while performing Duplicate Address Detection (DAD) [RFC4862], has already been defined in "ietf-ip" [RFC8344]. The value of the "dup-addr-detect-transmits" leaf can be set to 0 in order to disable DAD. The "ns-interval" leaf also indicates the interval of retransmitting Neighbor Solicitation messages for DAD. 2.5. Secure Neighbor Discovery and Secure ND Proxy The "secure-nd" container enables the SEND and defines its features of CGA, RSA signature, timestamp, and nonce per interface and per node. The "secure-proxy-nd" enables the secure ND proxy. 2.6. IPv6 Neighbor Discovery Data Model This document defines the YANG module "ietf-ipv6-address-resolution", which has the following structure. Zhang, et al. Expires 23 August 2025 [Page 6] Internet-Draft ND YANG model February 2025 module: ietf-ipv6-address-resolution +--rw nd +--rw stale-timeout? uint32 +--rw secure-nd +--rw secure-nd? boolean +--rw cga-flag? boolean +--rw minbits? uint32 +--rw keypair? string +--rw RSA-signature-option-reception | +--rw ns-authorization-method? enumeration | +--rw na-authorization-method? enumeration | +--rw rs-authorization-method? enumeration | +--rw ra-authorization-method? enumeration | +--rw redirect-authorization-method? enumeration +--rw timestamp | +--rw timestamp-delta? uint32 | +--rw timestamp-fuzz? uint32 | +--rw timestamp-drift? uint8 +--rw nonce +--rw nonce-option-length? uint32 augment /if:interfaces/if:interface/ip:ipv6: +--rw nd +--rw dynamic-discovery? boolean +--rw nud? boolean +--rw reachable-time? uint32 +--rw ns-interval? uint32 +--rw stale-timeout? uint32 +--rw redirect? boolean +--rw proxy-na | +--rw inter-vlan-proxy? boolean | +--rw all-proxy? boolean +--rw secure-nd | +--rw cga | | +--rw cga-flag? boolean | | +--rw modifier? inet:ipv6-address | +--rw cpa | +--rw max-cpa-rate? uint32 +--rw secure-proxy-nd? boolean +--ro statistics +--ro in-ns-pkts? yang:counter32 +--ro in-na-pkts? yang:counter32 +--ro in-rs-pkts? yang:counter32 +--ro in-ra-pkts? yang:counter32 +--ro out-ns-pkts? yang:counter32 +--ro out-na-pkts? yang:counter32 +--ro out-rs-pkts? yang:counter32 +--ro out-ra-pkts? yang:counter32 Zhang, et al. Expires 23 August 2025 [Page 7] Internet-Draft ND YANG model February 2025 augment /if:interfaces/if:interface/ip:ipv6/ip:neighbor: +--ro age? uint32 3. IPv6 Neighbor Discovery YANG Module This section presents the YANG module of IPv6 Neighbor Discovery defined in this document. This module imports modules from Common YANG Data Types [RFC6991], A YANG Data Model for Interface Management [RFC8343], and A YANG Data Model for IP Management [RFC8344]. file "ietf-ipv6-address-resolution@2025-02-19.yang" module ietf-ipv6-address-resolution { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-ipv6-address-resolution"; prefix ipv6-addr-res; import ietf-inet-types { prefix inet; } import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-interfaces { prefix if; reference "RFC 8343: A Yang Data Model for Interface Management"; } import ietf-ip { prefix ip; reference "RFC 8344: A Yang Data Model for IP Management"; } organization "IETF Routing Area Working Group (rtgwg)"; contact "WG Web: WG List: Author: Fan Zhang Author: Yongqing Zhu Zhang, et al. Expires 23 August 2025 [Page 8] Internet-Draft ND YANG model February 2025 Author: Bo Wu Author: Jiayuan Hu "; description "This YANG module defines a YANG data model to configure and manage IPv6 Neighbor Discovery (ND) and related functions, including IPv6 address resolution, redirect function, proxy Neighbor Advertisement, Neighbor Unreachability Detection (NUD), Duplicate Address Detection (DAD), SEcure Neighbor Discovery (SEND), and Secure ND Proxy. The model is based on YANG 1.1 as defined in RFC 7950 and conforms to Network Management Datastore Architecture (NMDA) as defined in RFC 8342. Copyright (c) 2025 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here."; reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) RFC4862: IPv6 Stateless Address Autoconfiguration"; revision 2025-02-19 { description "Init revision"; reference "RFC XXXX: YANG Data Model for IPv6 Neighbor Discovery"; } /* Data nodes */ Zhang, et al. Expires 23 August 2025 [Page 9] Internet-Draft ND YANG model February 2025 container nd { description "Global parameters for IPv6 ND."; leaf stale-timeout { type uint32; units "second"; description "The global timeout for Neighbor Cache entry in the STALE state."; reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) Section 5.3"; } container secure-nd { description "Global parameters for SEcure Neighbor Discovery (SEND)."; leaf secure-nd { type boolean; default "false"; description "Controls whether SEND is enabled or disabled."; } leaf cga-flag { type boolean; description "Flag to indicate whether the node is using CGA."; } leaf minbits { type uint32; default "1024"; description "The minimum acceptable key length for public keys used in the generation of CGAs."; } leaf keypair { type string; description "The public-private key pair used for RSA signatures."; } container RSA-signature-option-reception { description "Parameter for the node that support the reception of the RSA Signature options."; leaf ns-authorization-method { type enumeration { enum trust-anchor { description "The sender's authority is verified via trust anchor."; Zhang, et al. Expires 23 August 2025 [Page 10] Internet-Draft ND YANG model February 2025 } enum cga { description "The sender's authority is verified via CGA."; } enum trust-anchor-and-cga { description "Both trust anchor and CGA verification are required."; } enum trust-anchor-or-cga { description "Either trust anchor or CGA verification is required."; } } description "The method to verify the authority of the sender of NS messages."; } leaf na-authorization-method { type enumeration { enum trust-anchor { description "The sender's authority is verified via trust anchor."; } enum cga { description "The sender's authority is verified via CGA."; } enum trust-anchor-and-cga { description "Both trust anchor and CGA verification are required."; } enum trust-anchor-or-cga { description "Either trust anchor or CGA verification is required."; } } description "The method to verify the authority of the sender of NA messages."; } leaf rs-authorization-method { type enumeration { enum trust-anchor { description "The sender's authority is verified via trust anchor."; } enum cga { Zhang, et al. Expires 23 August 2025 [Page 11] Internet-Draft ND YANG model February 2025 description "The sender's authority is verified via CGA."; } enum trust-anchor-and-cga { description "Both trust anchor and CGA verification are required."; } enum trust-anchor-or-cga { description "Either trust anchor or CGA verification is required."; } } description "The method to verify the authority of the sender of RS messages."; } leaf ra-authorization-method { type enumeration { enum trust-anchor { description "The sender's authority is verified via trust anchor."; } enum cga { description "The sender's authority is verified via CGA."; } enum trust-anchor-and-cga { description "Both trust anchor and CGA verification are required."; } enum trust-anchor-or-cga { description "Either trust anchor or CGA verification is required."; } } description "The method to verify the authority of the sender of RA messages."; } leaf redirect-authorization-method { type enumeration { enum trust-anchor { description "The sender's authority is verified via trust anchor."; } enum cga { description "The sender's authority is verified via CGA."; Zhang, et al. Expires 23 August 2025 [Page 12] Internet-Draft ND YANG model February 2025 } enum trust-anchor-and-cga { description "Both trust anchor and CGA verification are required."; } enum trust-anchor-or-cga { description "Either trust anchor or CGA verification is required."; } } description "The method to verify the authority of the sender of Redirect messages."; } } container timestamp { description "Parameters of Timestamp option."; leaf timestamp-delta { type uint32; units "second"; default "300"; description "The allowed timestamp Delta value."; } leaf timestamp-fuzz { type uint32; units "second"; default "1"; description "The 'fuzz factor' for comparisons."; } leaf timestamp-drift { type uint8; units "percent"; default "1"; description "The allowed clock drift parameter."; } } container nonce { description "Parameters of nonce option."; leaf nonce-option-length { type uint32 { range "64..max"; } description Zhang, et al. Expires 23 August 2025 [Page 13] Internet-Draft ND YANG model February 2025 "Length of the nonce option. It MUST be a multiple of 8 octets."; } } reference "RFC3971: SEcure Neighbor Discovery (SEND)"; } } augment "/if:interfaces/if:interface/ip:ipv6" { description "Augments interface configuration and state data with parameters of IPv6 address resolution."; container nd { description "Parameters of IPv6 address resolution."; leaf dynamic-discovery { type boolean; default "true"; description "Controls whether dynamic link-layer address resolution for IPv6 on the interface is enabled or disabled. true - dynamic link-layer address resolution based on IPv6 ND is enabled, false - dynamic link-layer address resolution based on IPv6 ND is disabled."; reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) Section 7.2"; } leaf nud { type boolean; default "true"; description "Controls whether Neighbor Unreachability Detection (NUD) on the interface is enabled or disabled. true - NUD is enabled, false - NUD is disabled."; reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) Section 7.3"; } leaf reachable-time { type uint32 { range "0..3600000"; } units "millisecond"; description Zhang, et al. Expires 23 August 2025 [Page 14] Internet-Draft ND YANG model February 2025 "The time to confirm a neighbor's reachability for NUD."; reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) - ReachableTime"; } leaf ns-interval { type uint32; units "milliseconds"; description "The interval of retransmitting Neighbor Solicitations to a neighbor for address resolution, NUD, or DAD."; reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) Section 7.3.3"; } leaf stale-timeout { type uint32; units "second"; description "The timeout for Neighbor Cache entry in the STALE state on the interface."; reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) Section 5.3"; } leaf redirect { type boolean; default "false"; description "Controls whether sending of ICMP Redirect messages on the interface is enabled or disabled. true - Sending of ICMP Redirect messages is enabled, false - Sending of ICMP Redirect messages is disabled."; reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) Section 8"; } container proxy-na { description "Parameters of proxy Neighbor Advertisements."; leaf inter-vlan-proxy { type boolean; default "false"; description "Controls whether the router proxies for hosts in the same subnet with different VLANs"; } leaf all-proxy { Zhang, et al. Expires 23 August 2025 [Page 15] Internet-Draft ND YANG model February 2025 type boolean; default "false"; description "Controls whether the router proxies for all hosts, that is, responds unconditionally to Neighbor Solicitation with its own Neighbor Advertisement."; } reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) Section 7.2.8"; } container secure-nd { description "Parameters of SEcure Neighbor Discovery (SEND)."; container cga { description "Parameters of Cryptographically Generated Address (CGA)."; leaf cga-flag { type boolean; description "Flag to indicate whether the interface is using CGA."; } leaf modifier { type inet:ipv6-address; description "Modifier for CGA."; } } container cpa { description "Parameters of Certification Path Advertisement (CGA) messages."; leaf max-cpa-rate { type uint32; default "10"; description "The maximum of CPA sent per second."; } } reference "RFC3971: SEcure Neighbor Discovery (SEND)"; } leaf secure-proxy-nd { type boolean; default "false"; description "Controls whether Secure ND Proxy is enabled or disabled."; reference Zhang, et al. Expires 23 August 2025 [Page 16] Internet-Draft ND YANG model February 2025 "RFC6496: Secure Proxy ND Support for SEcure Neighbor Discovery (SEND)"; } container statistics { config false; description "A collection of interface-related statistics about IPv6 ND messages."; leaf in-ns-pkts { type yang:counter32; description "The number of received Neighbor Solicitation packets."; } leaf in-na-pkts { type yang:counter32; description "The number of received Neighbor Advertisement packets."; } leaf in-rs-pkts { type yang:counter32; description "The number of received Router Solicitation packets."; } leaf in-ra-pkts { type yang:counter32; description "The number of received Router Advertisement packets."; } leaf out-ns-pkts { type yang:counter32; description "The number of sent Neighbor Solicitation packets."; } leaf out-na-pkts { type yang:counter32; description "The number of sent Neighbor Advertisement packets."; } leaf out-rs-pkts { type yang:counter32; description "The number of sent Router Solicitation packets."; } leaf out-ra-pkts { type yang:counter32; description "The number of sent Router Advertisement packets."; } Zhang, et al. Expires 23 August 2025 [Page 17] Internet-Draft ND YANG model February 2025 } } } augment "/if:interfaces/if:interface/ip:ipv6/ip:neighbor" { description "Augments IPv6 neighbor list with parameters of IPv6 address resolution based on IPv6 ND."; leaf age { type uint32; units "milliseconds"; config false; description "The time that has passed since receipt of the last reachability confirmation for the neighbor."; reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6) Section 5.1"; } } } 4. IANA Considerations This document registers a URI in the IETF XML registry [RFC3688]. Following the format in [RFC3688], the following registration is requested to be made: URI: urn:ietf:params:xml:ns:yang:ietf-ipv6-address-resolution Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace. This document registers a YANG module in the YANG Module Names registry [RFC6020]. name: ietf-ipv6-address-resolution namespace: urn:ietf:params:xml:ns:yang:ietf-ipv6-address-resolution prefix: ipv6-addr-res reference: RFC XXXX Zhang, et al. Expires 23 August 2025 [Page 18] Internet-Draft ND YANG model February 2025 5. Security Considerations The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040] . The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446]. The NETCONF Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability: * /if:interfaces/if:interface/ip:ipv6/ipv6-addr-res:nd/ipv6-addr- res:dynamic-discovery - This leaf is used to enable IPv6 address resolution, which could allow traffic to be hijacked. * /if:interfaces/if:interface/ip:ipv6/ipv6-addr-res:nd/ipv6-addr- res:proxy-na - This subtree is used to enable proxy Neighbor Advertisement on an interface, which could allow spoofing traffic to be injected. * /if:interfaces/if:interface/ip:ipv6/ipv6-addr-res:nd/ipv6-addr- res:nud - This leaf could be used to disable NUD on an interface, which could lead to delays in Neighbor Cache updates and cause packets forwarding to unreachable nodes. * /if:interfaces/if:interface/ip:ipv6/ipv6-addr-res:nd/ipv6-addr- res:reachable-time - This leaf is used to consider a neighbor reachable since the last confirmation of reachability, which could be set to big values to prolong the effect of spoofing Neighbor Cache entries or small values to cause unnecessary frequent NUDs. * /if:interfaces/if:interface/ip:ipv6/ipv6-addr-res:nd/ipv6-addr- res:ns-interval - This leaf is used to set the interval of retransmitting Neighbor Solicitations, which could allow DoS attacks. Zhang, et al. Expires 23 August 2025 [Page 19] Internet-Draft ND YANG model February 2025 * /ipv6-addr-res:nd/ipv6-addr-res:stale-timeout and /if:interfaces/if:interface/ip:ipv6/ipv6-addr-res:nd/ipv6-addr- res:stale-timeout - These leaves are used to set the timeout for Neighbor Cache entry in the STALE state, which could allow the consumption of cache. Some of the readable data nodes in the ietf-ipv6-nd module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. 6. Acknowledgments The authors would like to thank Bin Han for the helpful comments and everyone who contributed to the draft. 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, . [RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander, "SEcure Neighbor Discovery (SEND)", RFC 3971, DOI 10.17487/RFC3971, March 2005, . [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, DOI 10.17487/RFC4861, September 2007, . [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, DOI 10.17487/RFC4862, September 2007, . [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010, . Zhang, et al. Expires 23 August 2025 [Page 20] Internet-Draft ND YANG model February 2025 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, . [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, . [RFC6496] Krishnan, S., Laganier, J., Bonola, M., and A. Garcia- Martinez, "Secure Proxy ND Support for SEcure Neighbor Discovery (SEND)", RFC 6496, DOI 10.17487/RFC6496, February 2012, . [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, DOI 10.17487/RFC6991, July 2013, . [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, . [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, March 2018, . [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, . [RFC8343] Bjorklund, M., "A YANG Data Model for Interface Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, . [RFC8344] Bjorklund, M., "A YANG Data Model for IP Management", RFC 8344, DOI 10.17487/RFC8344, March 2018, . Zhang, et al. Expires 23 August 2025 [Page 21] Internet-Draft ND YANG model February 2025 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for Routing Management (NMDA Version)", RFC 8349, DOI 10.17487/RFC8349, March 2018, . [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, . [I-D.ietf-rtgwg-arp-yang-model] Zheng, F., Wu, B., Wilton, R., Zhang, F., Zhu, Y., and X. Ding, "YANG Data Model for ARP", Work in Progress, Internet-Draft, draft-ietf-rtgwg-arp-yang-model-05, 1 January 2025, . 7.2. Informative References [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, . [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, "Handling Long Lines in Content of Internet-Drafts and RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, . Appendix A. Data Model Examples A.1. Configured Static IPv6 Neighbor Cache Entry This example illustrates the manual configuration for a Neighbor Cache entry of interface eth0 for peer 2001:db8::2 with link-layer address 00:00:5E:00:53:AB statically. Note: '\' line wrapping per [RFC8792]. Zhang, et al. Expires 23 August 2025 [Page 22] Internet-Draft ND YANG model February 2025 eth0 ianaift:ethernetCsmacd 2001:db8::2 00:00:5E:00:53:AB A.2. Configuration of Proxy Neighbor Advertisement, NUD, and DAD This example illustrates the configuration of enabling proxy Neighbor Advertisement, NUD, and DAD with setting the "dup-addr-detect- transmits" leaf as 1, the "reachable-time" leaf as 30000 milliseconds, and the "ns-interval" leaf as 1000 milliseconds. Note: '\' line wrapping per [RFC8792]. Zhang, et al. Expires 23 August 2025 [Page 23] Internet-Draft ND YANG model February 2025 eth0 ianaift:ethernetCsmacd 1 true true 30000 1000 1200 true Contributors Bin Han Huawei China Email: hanbin3@huawei.com Authors' Addresses Fan Zhang China Telecom Guangzhou China Email: zhangf52@chinatelecom.cn Yongqing Zhu China Telecom Guangzhou China Zhang, et al. Expires 23 August 2025 [Page 24] Internet-Draft ND YANG model February 2025 Email: zhuyq8@chinatelecom.cn Bo Wu Huawei China Email: lana.wubo@huawei.com Jiayuan Hu China Telecom Guangzhou China Email: hujy5@chinatelecom.cn Zhang, et al. Expires 23 August 2025 [Page 25]