| rfc9825v1.txt | rfc9825.txt | |||
|---|---|---|---|---|
| skipping to change at line 121 ¶ | skipping to change at line 121 ¶ | |||
| BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 2. Administrative Tag Sub-TLV | 2. Administrative Tag Sub-TLV | |||
| This document creates a new Administrative Tag sub-TLV for OSPFv2 and | This document creates a new Administrative Tag sub-TLV for OSPFv2 and | |||
| OSPFv3. This sub-TLV specifies one or more 32-bit unsigned integers | OSPFv3. This sub-TLV specifies one or more 32-bit unsigned integers | |||
| that may be associated with an OSPF advertised prefix. The precise | that may be associated with an OSPF advertised prefix. The precise | |||
| usage of these tags is beyond the scope of this document. | usage of these tags is beyond the scope of this document. | |||
| The format of the Administrative Tag TLV is as follows: | The format of the Administrative Tag sub-TLV is as follows: | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Type | Length | | | Type | Length | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | First Administrative Tag | | | First Administrative Tag | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | o | | | o | | |||
| o | o | |||
| skipping to change at line 162 ¶ | skipping to change at line 162 ¶ | |||
| Value: A variable length list of one or more administrative tags. | Value: A variable length list of one or more administrative tags. | |||
| This sub-TLV will carry one or more 32-bit unsigned integer values | This sub-TLV will carry one or more 32-bit unsigned integer values | |||
| that will be used as administrative tags. If the length is 0 or not | that will be used as administrative tags. If the length is 0 or not | |||
| a multiple of 4 octets, the sub-TLV MUST be ignored, and the | a multiple of 4 octets, the sub-TLV MUST be ignored, and the | |||
| reception SHOULD be logged for further analysis (subject to rate- | reception SHOULD be logged for further analysis (subject to rate- | |||
| limiting). | limiting). | |||
| 3. Administrative Tag Applicability | 3. Administrative Tag Applicability | |||
| The administrative tag TLV specified herein will be valid as a sub- | The Administrative Tag sub-TLV specified herein will be valid as a | |||
| TLV of the following TLVs specified in [RFC7684]: | sub-TLV of the following TLVs specified in [RFC7684]: | |||
| * Extended Prefix TLV advertised in the OSPFv2 Extended Prefix | * Extended Prefix TLV advertised in the OSPFv2 Extended Prefix | |||
| Opaque LSA | Opaque LSA | |||
| The administrative tag TLV specified herein will be valid as a sub- | The Administrative Tag sub-TLV specified herein will be valid as a | |||
| TLV of the following TLVs specified in [RFC8362]: | sub-TLV of the following TLVs specified in [RFC8362]: | |||
| * Inter-Area-Prefix TLV advertised in the E-Inter-Area-Prefix-LSA | * Inter-Area-Prefix TLV advertised in the E-Inter-Area-Prefix-LSA | |||
| * Intra-Area-Prefix TLV advertised in the E-Intra-Area-Prefix-LSA | * Intra-Area-Prefix TLV advertised in the E-Intra-Area-Prefix-LSA | |||
| * External-Prefix TLV advertised in the E-AS-External-LSA and the E- | * External-Prefix TLV advertised in the E-AS-External-LSA and the E- | |||
| NSSA-LSA | NSSA-LSA | |||
| The administrative tag TLV specified herein will be valid as a sub- | The Administrative Tag sub-TLV specified herein will be valid as a | |||
| TLV of the following TLVs specified in [RFC9513]: | sub-TLV of the following TLVs specified in [RFC9513]: | |||
| * SRv6 Locator TLV advertised in the SRv6 Locator LSA | * SRv6 Locator TLV advertised in the SRv6 Locator LSA | |||
| 4. Protocol Operation | 4. Protocol Operation | |||
| An OSPF router supporting this specification MUST be able to | An OSPF router supporting this specification MUST be able to | |||
| advertise and interpret at least one tag for all types of prefixes. | advertise and interpret at least one tag for all types of prefixes. | |||
| An OSPF router supporting this specification MAY be able to advertise | An OSPF router supporting this specification MAY be able to advertise | |||
| prefixes with multiple tags and propagate prefixes with multiple tags | prefixes with multiple tags and propagate prefixes with multiple tags | |||
| between areas. The maximum tags that an implementation supports is a | between areas. The maximum tags that an implementation supports is a | |||
| skipping to change at line 251 ¶ | skipping to change at line 251 ¶ | |||
| the support for advertising administrative tags associated with | the support for advertising administrative tags associated with | |||
| prefixes using the BGP-LS IGP Route Tag TLV (TLV 1153). This BGP-LS | prefixes using the BGP-LS IGP Route Tag TLV (TLV 1153). This BGP-LS | |||
| TLV is used to advertise the OSPF Administrative Tags specified in | TLV is used to advertise the OSPF Administrative Tags specified in | |||
| this document. | this document. | |||
| 6. Management Considerations | 6. Management Considerations | |||
| Implementations MAY include configuration of policies to modify the | Implementations MAY include configuration of policies to modify the | |||
| advertisement of tags for redistributed prefixes. Implementations | advertisement of tags for redistributed prefixes. Implementations | |||
| MAY also include configuration of policies to modify the propagation | MAY also include configuration of policies to modify the propagation | |||
| of admin-tags between areas (OSPFv2 Extended Prefix Opaque LSAs, | of administrative tags between areas (OSPFv2 Extended Prefix Opaque | |||
| OSPFv3 E-Inter-Area-Prefix-LSAs, and translated OSPFv3 E-AS-External- | LSAs, OSPFv3 E-Inter-Area-Prefix-LSAs, and translated OSPFv3 E-AS- | |||
| LSAs). However, the default behavior SHOULD be to advertise or | External-LSAs). However, the default behavior SHOULD be to advertise | |||
| propagate the lesser number of all the tags associated with the | or propagate the lesser number of all the tags associated with the | |||
| prefix or the maximum number of tags supported by the implementation. | prefix or the maximum number of tags supported by the implementation. | |||
| Both the support of this specification and the number of tags | Both the support of this specification and the number of tags | |||
| supported by OSPF routers within an OSPF routing domain will limit | supported by OSPF routers within an OSPF routing domain will limit | |||
| the usefulness and deployment of applications utilizing tags. | the usefulness and deployment of applications utilizing tags. | |||
| 7. YANG Data Model | 7. YANG Data Model | |||
| YANG [RFC7950] is a data definition language used to define the | YANG [RFC7950] is a data definition language used to define the | |||
| contents of a conceptual data store that allows networked devices to | contents of a conceptual data store that allows networked devices to | |||
| skipping to change at line 339 ¶ | skipping to change at line 339 ¶ | |||
| /ospf:database/ospf:area-scope-lsa-type/ospf:area-scope-\ | /ospf:database/ospf:area-scope-lsa-type/ospf:area-scope-\ | |||
| lsas | lsas | |||
| /ospf:area-scope-lsa/ospf:version/ospf:ospfv3/ospf:ospfv3 | /ospf:area-scope-lsa/ospf:version/ospf:ospfv3/ospf:ospfv3 | |||
| /ospf:body/ospfv3-e-lsa:e-inter-area-prefix | /ospf:body/ospfv3-e-lsa:e-inter-area-prefix | |||
| /ospfv3-e-lsa:e-inter-prefix-tlvs | /ospfv3-e-lsa:e-inter-prefix-tlvs | |||
| /ospfv3-e-lsa:inter-prefix-tlv: | /ospfv3-e-lsa:inter-prefix-tlv: | |||
| +--ro prefix-admin-tag-sub-tlv | +--ro prefix-admin-tag-sub-tlv | |||
| +--ro admin-tag* uint32 | +--ro admin-tag* uint32 | |||
| augment /rt:routing/rt:control-plane-protocols | augment /rt:routing/rt:control-plane-protocols | |||
| /rt:control-plane-protocol/ospf:ospf/ospf:areas/ospf:area | /rt:control-plane-protocol/ospf:ospf/ospf:areas/ospf:area | |||
| /ospf:database/ospf:area-scope-lsa-type/ospf:area-scope-\ | /ospf:database/ospf:area-scope-lsa-type | |||
| lsas | /ospf:area-scope-lsas/ospf:area-scope-lsa | |||
| /ospf:area-scope-lsa/ospf:version/ospf:ospfv3/ospf:ospfv3 | /ospf:version/ospf:ospfv3/ospf:ospfv3 | |||
| /ospf:body/ospfv3-e-lsa:e-intra-area-prefix | /ospf:body/ospfv3-e-lsa:e-intra-area-prefix | |||
| /ospfv3-e-lsa:e-intra-prefix-tlvs | /ospfv3-e-lsa:e-intra-prefix-tlvs | |||
| /ospfv3-e-lsa:intra-prefix-tlv: | /ospfv3-e-lsa:intra-prefix-tlv: | |||
| +--ro prefix-admin-tag-sub-tlv | +--ro prefix-admin-tag-sub-tlv | |||
| +--ro admin-tag* uint32 | +--ro admin-tag* uint32 | |||
| augment /rt:routing/rt:control-plane-protocols | augment /rt:routing/rt:control-plane-protocols | |||
| /rt:control-plane-protocol/ospf:ospf/ospf:database | /rt:control-plane-protocol/ospf:ospf/ospf:database | |||
| /ospf:as-scope-lsa-type/ospf:as-scope-lsas/ospf:as-scope-\ | /ospf:as-scope-lsa-type/ospf:as-scope-lsas | |||
| lsa | /ospf:as-scope-lsa/ospf:version/ospf:ospfv3/ospf:ospfv3 | |||
| /ospf:version/ospf:ospfv3/ospf:ospfv3/ospf:body | /ospf:body/ospfv3-e-lsa:e-as-external | |||
| /ospfv3-e-lsa:e-as-external/ospfv3-e-lsa:e-external-tlvs | /ospfv3-e-lsa:e-external-tlvs | |||
| /ospfv3-e-lsa:external-prefix-tlv: | /ospfv3-e-lsa:external-prefix-tlv: | |||
| +--ro prefix-admin-tag-sub-tlv | +--ro prefix-admin-tag-sub-tlv | |||
| +--ro admin-tag* uint32 | +--ro admin-tag* uint32 | |||
| augment /rt:routing/rt:control-plane-protocols | augment /rt:routing/rt:control-plane-protocols | |||
| /rt:control-plane-protocol/ospf:ospf/ospf:areas/ospf:area | /rt:control-plane-protocol/ospf:ospf/ospf:areas/ospf:area | |||
| /ospf:database/ospf:area-scope-lsa-type/ospf:area-scope-\ | /ospf:database/ospf:area-scope-lsa-type | |||
| lsas | /ospf:area-scope-lsas/ospf:area-scope-lsa/ospf:version | |||
| /ospf:area-scope-lsa/ospf:version/ospf:ospfv3/ospf:ospfv3 | /ospf:ospfv3/ospf:ospfv3/ospf:body/ospfv3-e-lsa:e-nssa | |||
| /ospf:body/ospfv3-e-lsa:e-nssa/ospfv3-e-lsa:e-external-tlvs | /ospfv3-e-lsa:e-external-tlvs | |||
| /ospfv3-e-lsa:external-prefix-tlv: | /ospfv3-e-lsa:external-prefix-tlv: | |||
| +--ro prefix-admin-tag-sub-tlv | +--ro prefix-admin-tag-sub-tlv | |||
| +--ro admin-tag* uint32 | +--ro admin-tag* uint32 | |||
| 7.2. YANG Data Model for OSPF Prefix Administrative Tags | 7.2. YANG Data Model for OSPF Prefix Administrative Tags | |||
| The following is the YANG module: | The following is the YANG module: | |||
| <CODE BEGINS> file "ietf-ospf-admin-tags@2025-07-17.yang" | <CODE BEGINS> file "ietf-ospf-admin-tags@2025-07-17.yang" | |||
| module ietf-ospf-admin-tags { | module ietf-ospf-admin-tags { | |||
| skipping to change at line 448 ¶ | skipping to change at line 448 ¶ | |||
| "RFC 9825: Extensions to OSPF for Advertising Prefix | "RFC 9825: Extensions to OSPF for Advertising Prefix | |||
| Administrative Tags."; | Administrative Tags."; | |||
| } | } | |||
| grouping prefix-admin-tag-sub-tlv { | grouping prefix-admin-tag-sub-tlv { | |||
| description | description | |||
| "Prefix Administrative Tag sub-TLVs."; | "Prefix Administrative Tag sub-TLVs."; | |||
| container prefix-admin-tag-sub-tlv { | container prefix-admin-tag-sub-tlv { | |||
| config false; | config false; | |||
| description | description | |||
| "Prefix admin tag sub-TLV."; | "Prefix Administrative Tag sub-TLV."; | |||
| leaf-list admin-tag { | leaf-list admin-tag { | |||
| type uint32; | type uint32; | |||
| description | description | |||
| "Administrative tags."; | "Administrative tags."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| /* Configuration */ | /* Configuration */ | |||
| skipping to change at line 503 ¶ | skipping to change at line 503 ¶ | |||
| description | description | |||
| "This augments the OSPF protocol interface configuration | "This augments the OSPF protocol interface configuration | |||
| with Administrative Tags. The configured tags will be | with Administrative Tags. The configured tags will be | |||
| advertised with local prefixes configured for the interface."; | advertised with local prefixes configured for the interface."; | |||
| container local-prefix-admin-tags { | container local-prefix-admin-tags { | |||
| leaf-list default-admin-tag { | leaf-list default-admin-tag { | |||
| type uint32; | type uint32; | |||
| description | description | |||
| "Administrative tags that will be associated with | "Administrative tags that will be associated with | |||
| local prefixes if the prefix is not specified explicitly. | local prefixes if the prefix is not specified explicitly. | |||
| If omitted, no admin tags are associated with local | If omitted, no administrative tags are associated with | |||
| prefixes by default."; | local prefixes by default."; | |||
| } | } | |||
| list specific-prefix-admin-tag { | list specific-prefix-admin-tag { | |||
| key "prefix"; | key "prefix"; | |||
| leaf prefix { | leaf prefix { | |||
| type inet:ip-prefix; | type inet:ip-prefix; | |||
| description | description | |||
| "IPv4 or IPv6 prefix."; | "IPv4 or IPv6 prefix."; | |||
| } | } | |||
| leaf-list admin-tag { | leaf-list admin-tag { | |||
| type uint32; | type uint32; | |||
| description | description | |||
| "Administrative tags that will be associated with | "Administrative tags that will be associated with | |||
| the specified local prefix. If omitted, no admin tags | the specified local prefix. If omitted, no | |||
| are associated with the specified local prefix."; | administrative tags are associated with the specified | |||
| local prefix."; | ||||
| } | } | |||
| description | description | |||
| "Admin tags that are explicitly associated with | "Administrative tags that are explicitly associated with | |||
| the specified prefix."; | the specified prefix."; | |||
| } | } | |||
| description | description | |||
| "List of administrative tags that are to be advertised | "List of administrative tags that are to be advertised | |||
| with interface local prefixes."; | with interface local prefixes."; | |||
| } | } | |||
| } | } | |||
| /* Local-RIB */ | /* Local-RIB */ | |||
| skipping to change at line 618 ¶ | skipping to change at line 619 ¶ | |||
| + "/ospf:ospfv3/ospf:body/ospfv3-e-lsa:e-inter-area-prefix" | + "/ospf:ospfv3/ospf:body/ospfv3-e-lsa:e-inter-area-prefix" | |||
| + "/ospfv3-e-lsa:e-inter-prefix-tlvs" | + "/ospfv3-e-lsa:e-inter-prefix-tlvs" | |||
| + "/ospfv3-e-lsa:inter-prefix-tlv" { | + "/ospfv3-e-lsa:inter-prefix-tlv" { | |||
| when "derived-from-or-self(../../../../../../../../../.." | when "derived-from-or-self(../../../../../../../../../.." | |||
| + "/../../rt:type, 'ospf:ospfv3')" { | + "/../../rt:type, 'ospf:ospfv3')" { | |||
| description | description | |||
| "This augmentation is only valid for OSPFv3."; | "This augmentation is only valid for OSPFv3."; | |||
| } | } | |||
| description | description | |||
| "Augment OSPFv3 Inter-Area-Prefix TLV in the | "Augment OSPFv3 Inter-Area-Prefix TLV in the | |||
| E-Inter-Area-Prefix LSA."; | E-Inter-Area-Prefix-LSA."; | |||
| uses prefix-admin-tag-sub-tlv; | uses prefix-admin-tag-sub-tlv; | |||
| } | } | |||
| augment "/rt:routing" | augment "/rt:routing" | |||
| + "/rt:control-plane-protocols/rt:control-plane-protocol" | + "/rt:control-plane-protocols/rt:control-plane-protocol" | |||
| + "/ospf:ospf/ospf:areas/ospf:area/ospf:database" | + "/ospf:ospf/ospf:areas/ospf:area/ospf:database" | |||
| + "/ospf:area-scope-lsa-type/ospf:area-scope-lsas" | + "/ospf:area-scope-lsa-type/ospf:area-scope-lsas" | |||
| + "/ospf:area-scope-lsa/ospf:version/ospf:ospfv3" | + "/ospf:area-scope-lsa/ospf:version/ospf:ospfv3" | |||
| + "/ospf:ospfv3/ospf:body/ospfv3-e-lsa:e-intra-area-prefix" | + "/ospf:ospfv3/ospf:body/ospfv3-e-lsa:e-intra-area-prefix" | |||
| + "/ospfv3-e-lsa:e-intra-prefix-tlvs" | + "/ospfv3-e-lsa:e-intra-prefix-tlvs" | |||
| + "/ospfv3-e-lsa:intra-prefix-tlv" { | + "/ospfv3-e-lsa:intra-prefix-tlv" { | |||
| when "/rt:routing/rt:control-plane-protocols" | when "/rt:routing/rt:control-plane-protocols" | |||
| + "/rt:control-plane-protocol/rt:type = 'ospf:ospfv3'" { | + "/rt:control-plane-protocol/rt:type = 'ospf:ospfv3'" { | |||
| description | description | |||
| "This augmentation is only valid for OSPFv3."; | "This augmentation is only valid for OSPFv3."; | |||
| } | } | |||
| description | description | |||
| "Augment OSPFv3 Intra-Area-Prefix TLV in the | "Augment OSPFv3 Intra-Area-Prefix TLV in the | |||
| E-Intra-Area-Prefix LSA."; | E-Intra-Area-Prefix-LSA."; | |||
| uses prefix-admin-tag-sub-tlv; | uses prefix-admin-tag-sub-tlv; | |||
| } | } | |||
| augment "/rt:routing" | augment "/rt:routing" | |||
| + "/rt:control-plane-protocols/rt:control-plane-protocol" | + "/rt:control-plane-protocols/rt:control-plane-protocol" | |||
| + "/ospf:ospf/ospf:database" | + "/ospf:ospf/ospf:database" | |||
| + "/ospf:as-scope-lsa-type/ospf:as-scope-lsas" | + "/ospf:as-scope-lsa-type/ospf:as-scope-lsas" | |||
| + "/ospf:as-scope-lsa/ospf:version/ospf:ospfv3" | + "/ospf:as-scope-lsa/ospf:version/ospf:ospfv3" | |||
| + "/ospf:ospfv3/ospf:body/ospfv3-e-lsa:e-as-external" | + "/ospf:ospfv3/ospf:body/ospfv3-e-lsa:e-as-external" | |||
| + "/ospfv3-e-lsa:e-external-tlvs" | + "/ospfv3-e-lsa:e-external-tlvs" | |||
| skipping to change at line 688 ¶ | skipping to change at line 689 ¶ | |||
| 8. Security Considerations | 8. Security Considerations | |||
| This document describes a generic mechanism for advertising | This document describes a generic mechanism for advertising | |||
| administrative tags for OSPF prefixes. The administrative tags are | administrative tags for OSPF prefixes. The administrative tags are | |||
| generally less critical than the topology information currently | generally less critical than the topology information currently | |||
| advertised by the base OSPF protocol. The security considerations | advertised by the base OSPF protocol. The security considerations | |||
| for the generic mechanism are dependent on their application. One | for the generic mechanism are dependent on their application. One | |||
| such application is to control leaking of OSPF routes to other | such application is to control leaking of OSPF routes to other | |||
| protocols (e.g., BGP [RFC4271]). If an attacker were able to modify | protocols (e.g., BGP [RFC4271]). If an attacker were able to modify | |||
| the admin tags associated with OSPF routes, and they were being used | the administrative tags associated with OSPF routes, and they were | |||
| for this application, such routes could be prevented from being | being used for this application, such routes could be prevented from | |||
| advertised in routing domains where they are required (subtle denial | being advertised in routing domains where they are required (subtle | |||
| of service) or they could be advertised into routing domains where | denial of service) or they could be advertised into routing domains | |||
| they shouldn't be advertised (routing vulnerability). Security | where they shouldn't be advertised (routing vulnerability). Security | |||
| considerations for the base OSPF protocol are covered in [RFC2328] | considerations for the base OSPF protocol are covered in [RFC2328] | |||
| and [RFC5340]. | and [RFC5340]. | |||
| The "ietf-ospf-admin-tag" YANG module defines a data model that is | The "ietf-ospf-admin-tag" YANG module defines a data model that is | |||
| designed to be accessed via YANG-based management protocols, such as | designed to be accessed via YANG-based management protocols, such as | |||
| NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols have to | NETCONF [RFC6241] and RESTCONF [RFC8040]. These YANG-based | |||
| use a secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and | management protocols (1) have to use a secure transport layer (e.g., | |||
| QUIC [RFC9000]) and have to use mutual authentication. | SSH [RFC4252], TLS [RFC8446], and QUIC [RFC9000]) and (2) have to use | |||
| mutual authentication. | ||||
| The Network Configuration Access Control Model (NACM) [RFC8341] | The Network Configuration Access Control Model (NACM) [RFC8341] | |||
| provides the means to restrict access for particular NETCONF or | provides the means to restrict access for particular NETCONF or | |||
| RESTCONF users to a preconfigured subset of all available NETCONF or | RESTCONF users to a preconfigured subset of all available NETCONF or | |||
| RESTCONF protocol operations and content. | RESTCONF protocol operations and content. | |||
| There are a number of data nodes defined in this YANG module that are | There are a number of data nodes defined in this YANG module that are | |||
| writable/creatable/deletable (i.e., "config true", which is the | writable/creatable/deletable (i.e., "config true", which is the | |||
| default). Write operations (e.g., edit-config) and delete operations | default). All writable data nodes are likely to be sensitive or | |||
| to these data nodes without proper protection or authentication can | vulnerable in some network environments. Write operations (e.g., | |||
| have a negative effect on network operations. | edit-config) and delete operations to these data nodes without proper | |||
| protection or authentication can have a negative effect on network | ||||
| operations. The following subtrees and data nodes have particular | ||||
| sensitivities/vulnerabilities: | ||||
| * /ospf:ospf/ospf:areas/ospf:area/ospf:interfaces/ospf:interface/ | * /ospf:ospf/ospf:areas/ospf:area/ospf:interfaces/ospf:interface/ | |||
| local-prefix-admin-tags | local-prefix-admin-tags | |||
| * /ospf:ospf/ospf:areas/ospf:area/ospf:ranges/ospf:range/admin-tags | * /ospf:ospf/ospf:areas/ospf:area/ospf:ranges/ospf:range/admin-tags | |||
| Some of the readable data nodes in this YANG module may be considered | Some of the readable data nodes in this YANG module may be considered | |||
| sensitive or vulnerable in some network environments. Exposure of | sensitive or vulnerable in some network environments. Thus, it is | |||
| the OSPF link state database may be useful in mounting a Denial-of- | important to control read access (e.g., via get, get-config, or | |||
| Service (DoS) attack. These are the readable data nodes: | notification) to these data nodes. Exposure ofthe OSPF link state | |||
| database may be useful in mounting a Denial-of-Service (DoS) attack. | ||||
| Specifically, the following subtrees and data nodes have particular | ||||
| sensitivities: | ||||
| * /ospf:ospf/ospf:areas/ospf:area/ospf:interfaces/ospf:interface/ | * /ospf:ospf/ospf:areas/ospf:area/ospf:interfaces/ospf:interface/ | |||
| local-prefix-admin-tags | local-prefix-admin-tags | |||
| * /ospf:ospf/ospf:areas/ospf:area/ospf:ranges/ospf:range/admin-tags | * /ospf:ospf/ospf:areas/ospf:area/ospf:ranges/ospf:range/admin-tags | |||
| * /prefix-admin-tag-sub-tlv | * /prefix-admin-tag-sub-tlv | |||
| 9. IANA Considerations | 9. IANA Considerations | |||
| skipping to change at line 784 ¶ | skipping to change at line 792 ¶ | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, | [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, | |||
| DOI 10.17487/RFC2328, April 1998, | DOI 10.17487/RFC2328, April 1998, | |||
| <https://www.rfc-editor.org/info/rfc2328>. | <https://www.rfc-editor.org/info/rfc2328>. | |||
| [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | |||
| DOI 10.17487/RFC3688, January 2004, | DOI 10.17487/RFC3688, January 2004, | |||
| <https://www.rfc-editor.org/info/rfc3688>. | <https://www.rfc-editor.org/info/rfc3688>. | |||
| [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | ||||
| Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252, | ||||
| January 2006, <https://www.rfc-editor.org/info/rfc4252>. | ||||
| [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF | [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF | |||
| for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, | for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, | |||
| <https://www.rfc-editor.org/info/rfc5340>. | <https://www.rfc-editor.org/info/rfc5340>. | |||
| [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for | [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for | |||
| the Network Configuration Protocol (NETCONF)", RFC 6020, | the Network Configuration Protocol (NETCONF)", RFC 6020, | |||
| DOI 10.17487/RFC6020, October 2010, | DOI 10.17487/RFC6020, October 2010, | |||
| <https://www.rfc-editor.org/info/rfc6020>. | <https://www.rfc-editor.org/info/rfc6020>. | |||
| [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | ||||
| and A. Bierman, Ed., "Network Configuration Protocol | ||||
| (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | ||||
| <https://www.rfc-editor.org/info/rfc6241>. | ||||
| [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", | [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", | |||
| RFC 6991, DOI 10.17487/RFC6991, July 2013, | RFC 6991, DOI 10.17487/RFC6991, July 2013, | |||
| <https://www.rfc-editor.org/info/rfc6991>. | <https://www.rfc-editor.org/info/rfc6991>. | |||
| [RFC7684] Psenak, P., Gredler, H., Shakir, R., Henderickx, W., | [RFC7684] Psenak, P., Gredler, H., Shakir, R., Henderickx, W., | |||
| Tantsura, J., and A. Lindem, "OSPFv2 Prefix/Link Attribute | Tantsura, J., and A. Lindem, "OSPFv2 Prefix/Link Attribute | |||
| Advertisement", RFC 7684, DOI 10.17487/RFC7684, November | Advertisement", RFC 7684, DOI 10.17487/RFC7684, November | |||
| 2015, <https://www.rfc-editor.org/info/rfc7684>. | 2015, <https://www.rfc-editor.org/info/rfc7684>. | |||
| [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", | [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", | |||
| RFC 7950, DOI 10.17487/RFC7950, August 2016, | RFC 7950, DOI 10.17487/RFC7950, August 2016, | |||
| <https://www.rfc-editor.org/info/rfc7950>. | <https://www.rfc-editor.org/info/rfc7950>. | |||
| [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | ||||
| Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | ||||
| <https://www.rfc-editor.org/info/rfc8040>. | ||||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration | [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration | |||
| Access Control Model", STD 91, RFC 8341, | Access Control Model", STD 91, RFC 8341, | |||
| DOI 10.17487/RFC8341, March 2018, | DOI 10.17487/RFC8341, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8341>. | <https://www.rfc-editor.org/info/rfc8341>. | |||
| [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for | [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for | |||
| Routing Management (NMDA Version)", RFC 8349, | Routing Management (NMDA Version)", RFC 8349, | |||
| DOI 10.17487/RFC8349, March 2018, | DOI 10.17487/RFC8349, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8349>. | <https://www.rfc-editor.org/info/rfc8349>. | |||
| [RFC8362] Lindem, A., Roy, A., Goethals, D., Reddy Vallem, V., and | [RFC8362] Lindem, A., Roy, A., Goethals, D., Reddy Vallem, V., and | |||
| F. Baker, "OSPFv3 Link State Advertisement (LSA) | F. Baker, "OSPFv3 Link State Advertisement (LSA) | |||
| Extensibility", RFC 8362, DOI 10.17487/RFC8362, April | Extensibility", RFC 8362, DOI 10.17487/RFC8362, April | |||
| 2018, <https://www.rfc-editor.org/info/rfc8362>. | 2018, <https://www.rfc-editor.org/info/rfc8362>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | ||||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | ||||
| <https://www.rfc-editor.org/info/rfc8446>. | ||||
| [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | ||||
| Multiplexed and Secure Transport", RFC 9000, | ||||
| DOI 10.17487/RFC9000, May 2021, | ||||
| <https://www.rfc-editor.org/info/rfc9000>. | ||||
| [RFC9129] Yeung, D., Qu, Y., Zhang, Z., Chen, I., and A. Lindem, | [RFC9129] Yeung, D., Qu, Y., Zhang, Z., Chen, I., and A. Lindem, | |||
| "YANG Data Model for the OSPF Protocol", RFC 9129, | "YANG Data Model for the OSPF Protocol", RFC 9129, | |||
| DOI 10.17487/RFC9129, October 2022, | DOI 10.17487/RFC9129, October 2022, | |||
| <https://www.rfc-editor.org/info/rfc9129>. | <https://www.rfc-editor.org/info/rfc9129>. | |||
| [RFC9513] Li, Z., Hu, Z., Talaulikar, K., Ed., and P. Psenak, | [RFC9513] Li, Z., Hu, Z., Talaulikar, K., Ed., and P. Psenak, | |||
| "OSPFv3 Extensions for Segment Routing over IPv6 (SRv6)", | "OSPFv3 Extensions for Segment Routing over IPv6 (SRv6)", | |||
| RFC 9513, DOI 10.17487/RFC9513, December 2023, | RFC 9513, DOI 10.17487/RFC9513, December 2023, | |||
| <https://www.rfc-editor.org/info/rfc9513>. | <https://www.rfc-editor.org/info/rfc9513>. | |||
| skipping to change at line 873 ¶ | skipping to change at line 859 ¶ | |||
| OSPFv3 Extended Link State Advertisements (LSAs)", | OSPFv3 Extended Link State Advertisements (LSAs)", | |||
| RFC 9587, DOI 10.17487/RFC9587, June 2024, | RFC 9587, DOI 10.17487/RFC9587, June 2024, | |||
| <https://www.rfc-editor.org/info/rfc9587>. | <https://www.rfc-editor.org/info/rfc9587>. | |||
| 10.2. Informative References | 10.2. Informative References | |||
| [RFC3101] Murphy, P., "The OSPF Not-So-Stubby Area (NSSA) Option", | [RFC3101] Murphy, P., "The OSPF Not-So-Stubby Area (NSSA) Option", | |||
| RFC 3101, DOI 10.17487/RFC3101, January 2003, | RFC 3101, DOI 10.17487/RFC3101, January 2003, | |||
| <https://www.rfc-editor.org/info/rfc3101>. | <https://www.rfc-editor.org/info/rfc3101>. | |||
| [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | ||||
| Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252, | ||||
| January 2006, <https://www.rfc-editor.org/info/rfc4252>. | ||||
| [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A | [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A | |||
| Border Gateway Protocol 4 (BGP-4)", RFC 4271, | Border Gateway Protocol 4 (BGP-4)", RFC 4271, | |||
| DOI 10.17487/RFC4271, January 2006, | DOI 10.17487/RFC4271, January 2006, | |||
| <https://www.rfc-editor.org/info/rfc4271>. | <https://www.rfc-editor.org/info/rfc4271>. | |||
| [RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy | [RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy | |||
| Control Mechanism in IS-IS Using Administrative Tags", | Control Mechanism in IS-IS Using Administrative Tags", | |||
| RFC 5130, DOI 10.17487/RFC5130, February 2008, | RFC 5130, DOI 10.17487/RFC5130, February 2008, | |||
| <https://www.rfc-editor.org/info/rfc5130>. | <https://www.rfc-editor.org/info/rfc5130>. | |||
| [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | ||||
| and A. Bierman, Ed., "Network Configuration Protocol | ||||
| (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | ||||
| <https://www.rfc-editor.org/info/rfc6241>. | ||||
| [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | ||||
| Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | ||||
| <https://www.rfc-editor.org/info/rfc8040>. | ||||
| [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | |||
| BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, | BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8340>. | <https://www.rfc-editor.org/info/rfc8340>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | ||||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | ||||
| <https://www.rfc-editor.org/info/rfc8446>. | ||||
| [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, | [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, | |||
| "Handling Long Lines in Content of Internet-Drafts and | "Handling Long Lines in Content of Internet-Drafts and | |||
| RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, | RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, | |||
| <https://www.rfc-editor.org/info/rfc8792>. | <https://www.rfc-editor.org/info/rfc8792>. | |||
| [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | ||||
| Multiplexed and Secure Transport", RFC 9000, | ||||
| DOI 10.17487/RFC9000, May 2021, | ||||
| <https://www.rfc-editor.org/info/rfc9000>. | ||||
| Acknowledgments | Acknowledgments | |||
| The authors of [RFC5130] are acknowledged, since this document draws | The authors of [RFC5130] are acknowledged, since this document draws | |||
| upon both the IS-IS specification and deployment experience. The | upon both the IS-IS specification and deployment experience. The | |||
| text in Section 4 is adopted from [RFC5130]. | text in Section 4 is adopted from [RFC5130]. | |||
| Thanks to Donnie Savage for his comments and questions. | Thanks to Donnie Savage for his comments and questions. | |||
| Thanks to Ketan Talaulikar for his comments and providing the BGP-LS | Thanks to Ketan Talaulikar for his comments and providing the BGP-LS | |||
| text. | text. | |||
| End of changes. 26 change blocks. | ||||
| 66 lines changed or deleted | 74 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||