IETF Logo Mail Archive

Re: [netmod] IP address zones in YANG

tom petch <ietfc@btconnect.com> Thu, 14 April 2022 16:36 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E2A63A0E7A; Thu, 14 Apr 2022 09:36:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aRWBQWwonoQK; Thu, 14 Apr 2022 09:36:34 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2071f.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::71f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0044A3A0E95; Thu, 14 Apr 2022 09:36:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BOHVonMJ/oGWjTOIkGdzLrG7PL8N4CYg/mqTcdcNG6nMrzIudxJ6jCVSKZ3Gu/230mxm6LHsnxxdYpqxVyXzW4sdz9PUPtTTfAFwgWtkRJMoj1yTpVNGdGSXfSB5RmGrGf6OS4Ls6CXoU3SWJNs84usqh2r4CyukWORp27KCWF7d1KLhpaupiIQEeTk/+C3owj3RSlx+d+2hxHjGpPVtDUV0rq68EofXhbjGdwh2D4JOnxIzvi9RH6cfs5HuLoSrey+oZdg9WN3Orr6F9OE9KEbjATW9N3WMQsHqTp5fsm2zY0GktROOzXIfIfLobW89teINa7b/ZiHavcoRgjinXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mtcWQbndqrRKrTP/dO9zmNwleetQxId42dQMODK7GcM=; b=Q/jBOt4bf6j/gJPIlfyIfMmkmfY5CQCQVjv3zY0BhX7CbyVOeBFpO+toGUXHgDSP9H8uUX7NuR+M8xBl9rfclnll8/lmFjSdqCWXnhqL9BGXaRJ4FKOYrGV2bIZP0YNwW3NHAujwe8qzoUDhLGVP5oFU7DVb8DbQr03Fe9y2ifnr4Um04VuHhaK3CPpAzRz+GTevIj6HyE2I5wRwZZ16HZF7Z0o/XONy3phF+9ce1vVmwUqooZasSxayr/JJ/ZVn3ddHbHgVrozpo0HxOkiAxXOgXdYtLgVRmzk/GiQemaJ/djBZYX56pTXbbj66cAJEQmhA+WME5mZHsdAvoJgcfQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mtcWQbndqrRKrTP/dO9zmNwleetQxId42dQMODK7GcM=; b=subyED2VubysREeux+YteXPWxSmo8aNvi8qYHtNNc0/x0MVW9j8C0hzumw5Te77qFK7IgOlcccTsQecZxhlbQyxrglbIFjRceK2/vu62jvOukBOveZKKHgUq4EXHjIeT62TZDkG+AbZQ5jM+Sj/NKeVAEqk2bWvxCFPtEUcubsQ=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by AM6PR07MB4851.eurprd07.prod.outlook.com (2603:10a6:20b:58::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.17; Thu, 14 Apr 2022 16:36:24 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::b1c5:beb7:ddbf:b358]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::b1c5:beb7:ddbf:b358%9]) with mapi id 15.20.5164.020; Thu, 14 Apr 2022 16:36:24 +0000
From: tom petch <ietfc@btconnect.com>
To: "Rob Wilton (rwilton)" <rwilton=40cisco.com@dmarc.ietf.org>, "netmod@ietf.org" <netmod@ietf.org>
CC: "lsr@ietf.org" <lsr@ietf.org>
Thread-Topic: IP address zones in YANG
Thread-Index: AdhP6h4ce00eyn+tRFmQHRzYbSstMgAMWuLE
Date: Thu, 14 Apr 2022 16:36:24 +0000
Message-ID: <AM7PR07MB62486AFFB202394A2A891E1AA0EF9@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <BY5PR11MB41964229E0D8FD487583F698B5EF9@BY5PR11MB4196.namprd11.prod.outlook.com>
In-Reply-To: <BY5PR11MB41964229E0D8FD487583F698B5EF9@BY5PR11MB4196.namprd11.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9abf0386-8eae-478a-c425-08da1e34ea66
x-ms-traffictypediagnostic: AM6PR07MB4851:EE_
x-microsoft-antispam-prvs: <AM6PR07MB4851F1A600447BF61A1CA203A0EF9@AM6PR07MB4851.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iVGtAUhQbPdOH9z4jeGQRJnQvEk8hU0+8b0VX0zhkG804cfqijcBIkVu/hOspGbfbwzi0aJOi4pSune2pIbJ97HsABItrT8jHezvS8VyVjXawgWjkHerwE39LE63owM97jLpK5o5LEEmtZaS+hf4TqglWpiRY4FbGGPR0joVVaZKD9Kp5MJ0PdpopNhBMNOc1saBOPt22XW6I7Jq2FU2S0v02Ll+lDxMsITI3xNreW/zPgd5e7Uq44ddtkYDiKVeWCZ8/hgocnPHrPKQ9LdM4bszUClOfbr6u7Z/hDywzs4yuSVqCeveTAJVNPgu3EcBE2Wir0JnGvqZr8nJat5G8emBJVtW8JBeEzJrFKQBy6pcnZIkyh2YOe1lYsSIfL6NeOWTpHjAmITngNmg/d/gDDDsRccBlGI73QxcjKks9z8Gt+Lqb8LqFNW4DYRtEmigZc6wr1xICPzQe3FQYnwGXLUvPEpGYOjzgThWthAnebbZCPLGQvT5bTcdkrbh1uUxgJzjvKQOXTsfm4ftQ0iuJks5vFud2vcu78uYoraAs5UxKg+qk4RvizO1n85D9bLY8rL3Mciu6I1cSmzAF1v7FDuN8B1sfp7t8ISnGclYdqvmw+kXnjD+9Vc9gzq4V6YTnmxjK/OtzC1IiUeUlAIS4415sw9r+mW0PrD2Q3JVBLIUpsqwPCVoeyewAPNwwnekH9yOZ8YQRhzfiJk0hV8zg9XO0BYot7rNsDHQcIqws5zuO4gedRvs2iaDHaLHzgwl+6WZiAA5fBUdGTuHUMhg9w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(86362001)(91956017)(26005)(186003)(6506007)(38070700005)(64756008)(9686003)(5660300002)(2906002)(33656002)(71200400001)(316002)(52536014)(8676002)(8936002)(76116006)(66476007)(66946007)(38100700002)(4326008)(53546011)(7696005)(110136005)(82960400001)(55016003)(83380400001)(122000001)(508600001)(66556008)(66446008)(586874003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: QRvh9qj6/u0sheVfPUzs1V4vHO9L/oyrmuF8BB6Mdlxmqf0pQD/bZm61Wxr1dv0fZ8zb5OLy79G41EGyz70/ikWybHTq2h0YlNHkOJOqVPpGaj5cJPDgsetFq7rDOs6MJ7p5L6zwIPXdDEhXRTOtK1SmG3Iqaan8X1qRvNF6/qr5ld/eX/AO03LxYm0qb7f+qZBcSON0b/I8XcmVUctyPF8agZYwbxYNwvbu1KjDh7njLVaBDjlmanCj8cm+YXhbsot+hwSXalxufiE7n04D1oHX51h1Lg6628KK8bW9JaLF9OdQSAP89w4dm0k6A5rZSKFtWkPUKvFwvkBWmq4P4kzTXlB/Je4BY3AD2BY16WOD6yHBY5AYjmbx5wyuiuY1BKbXybjpSwerN8Zsd8hhNDEEJ0ci7PqM9ULvv7oicLMBHlNkiJWEUo9/23D7hcN1UDfckA9/6kcJtHXtuwf8iCAzrqZdIyA+JbQURVlH4fT74vKtKUldqp42KjKtsJp7QKaMDOBaRkZ+1O1Y/8JM9rWUKL1ylWE3Fk+X70i65MER7eMKj+o6BK44YV35YDIpD4/Yi8RYOOt24BnykLnW8mR6Sm5xpF4ljrdcSoKLullRhFVZK7Bux2eH+8R898E9Vc4+8RVDk3iX+w6JGMhwTsgs7x2zmLkIhQ5KlXpjq86NNn5LlHt4d/XdJX6wotC4e/OAEri8M0o61yah3sLWP33jf/Eks2tYk/+xamOVjVXo6c2P+kjBcF02N4qLbHW4HPFZw+Vp1DnX087Gp0awR05B4gIyyL9SRP27ZnPAZJ2Y9UKywABRxrUNdQjxejiVmOGKTnI3c+TdPRlj8BOBcJ5JMBvzfY6g/E68t51bjfammRS8VkViOQ8AZk5yd2WofRxrxljAMckSUvufGDWt0gG+JWzTqaQDC4fnRNgYd2+sYs2klBMsFKazBnQMvoVdVAcYsI/9pQLWBMXX1oBTFUw+bNaOXIbru0EoP6YT+gu0NNogX1iVLlwVI8DCJ5ICJFqtdRqLjH/NSam9L9LZ03Ejeewb5+lUwThTpM5JEf24Bd5OqRG26oTY2CRzU3Inyz7yMznZOocRWJKLzsHn7ec2iss1GckhVr6l/Ur7zsp0xktA0gjsq/nkl7qzPoELzT1Y732R+XAOdMeuVX5bvoJXrs3Pi8vUl6JyfHFSKZ/hUgux1GHzgHAL+aqJhRy54Dak3/P8LoRYwUhJDNbE/egzQGS4jrq0K4Z8yQ4F9tMPjDcRG302u+mVRozSEI3hxAVpRa1c+lwMLFNK2jDF/ho+P4KKkftcteVzpXn645/XI21zjyvBUvyhokwVgxKA35bwk8twcTMJd6Ri++JhtqUpIacLzCQCn6bfTzAut7XTkKthfZxiXzkVvWdP/HLUvs88Ocj06JlllgE8R0agOJylpqwmrKHJ3CVgPaFyfAR6fnQsYk8deXB1fxtBCmNOKDnmFnMyeU8x6/7EIbqR7dzqOWH52Rr7HqG5rx/8GlD1L6CHmo2Kr/DNiRjCtUFLh4Y0y6gr/SL5/wqs2QO/RCVYZQ/3iajiwT5MUs3/9vLP6huiFYGlINjSo9VFOH9wzgpgc21nLERtxfTl9QRsbZJPHZ1h5eVCcMDArVCQJxMO8ybBd7Siz6P1pME8rAd3JdBwaItG0OcWxhJVlnemlym5arx/18LpxRvFOTsCC6MzRs5MJSPn1MXptGjEOy7gE3UKb9DGrB1nimFyMhKy3g==
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9abf0386-8eae-478a-c425-08da1e34ea66
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Apr 2022 16:36:24.5301 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: K8xb3FWQckDXvMneqXevlRd/j9WX1Nrc8EhVaWrSLbc5HdZjURvNdPYzlf8Z/jzlnSFqeVyOtb/4U/8V/W0U4A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4851
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/o6rdaagVQj-vF5lLH0bt-Ni0j8w>
Subject: Re: [netmod] IP address zones in YANG
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2022 16:36:37 -0000


________________________________________
From: Lsr <lsr-bounces@ietf.org> on behalf of Rob Wilton (rwilton) <rwilton=40cisco.com@dmarc.ietf.org>
Sent: 14 April 2022 13:40
To: netmod@ietf.org
Cc: lsr@ietf.org
Subject: [Lsr] IP address zones in YANG

Spinning off part of the discussion into a separate thread, but keeping lsr cc’ed on the discussion.



I'm trying to get a better understand of how and where zoned IP addresses should be used in YANG data models.



RFC 4007 defines zones for IPv6 addresses, but not for IPv4.  Even though RFC 6991 bis has support for a zoned IPv4 address, I'm struggling to see where zoned IPv4 addresses would ever really be used.  Does anyone know of any usage or deployments anywhere?



For IPv6, my understanding is that the use of the zone is to add the extra interface context for IPv6 link-local addresses.  Is there any use of zones outside of this interface context?

<tp>

Yes.

See RFC4007.

My take is that there is always a zone associated with an IPv6 address but that it may be omitted when it is the default, which it usually is for global scope addresses.  For link local, it may not be since some link local addresses appear on all links   - e.g. FE80::1 - so when a node has multiple interfaces - the norm for me in datacentres- and the application needs to send a packet over the correct interface - e.g. so that it has the right link layer address to be acceptable to the recipient - then the application, whatever that is that invokes the sending of a packet, must use the correct zone to identify the correct interface.

With only one interface, then it is unlikely to be a concern.  With global scope addresses, it is unlikely to be a concern.  With link local, I always stop and think about zones - IPv6 101!

In passing, I note that VRRP requires a link local address with IPv6; I am wondering if it requires zones in the YANG.

I was unaware of the existence of zones with IPv4 until I came across them in the YANG types but that is my ignorance - they were always there1!

Tom Petch


The current definition of ipv6-address type and the ip-address nodes in ietf-ip.yang seem to make zoned IP addresses hard to use.  The canonical zone definition in RFC 6991 is for an (presumably unique) numeric zone identifier, but in the YANG management layer it is unclear to me how one maps from this numeric id back to the interface name (e.g., for a client to construct a suitable zoned IP address in configuration).   ietf-ip.yang uses ipv6-address-no-zone for interface IP addresses so it isn't possible to get the zone id associated with the link local address.  This feels underspecified to me to tie these together and make this work robustly.



I also have a general question about what is the best way of modelling this in YANG.  Using a zoned ip address is one choice to link an IP address and interface together.  Another choice is to have a separate leaf to scope an IP address to a specific interface, wherever that is appropriate and required.



E.g., considering the IP RIB YANG model,



     |  |        +--rw v6ur:ipv6

     |  |           +--rw v6ur:route* [destination-prefix]

     |  |              +--rw v6ur:destination-prefix

     |  |              |       inet:ipv6-prefix

     |  |              +--rw v6ur:description?          string

     |  |              +--rw v6ur:next-hop

     |  |                 +--rw (v6ur:next-hop-options)

     |  |                    +--:(v6ur:simple-next-hop)

     |  |                    |  +--rw v6ur:outgoing-interface?

     |  |                    |  |       if:interface-ref

     |  |                    |  +--rw v6ur:next-hop-address?

     |  |                    |          inet:ipv6-address





Given that an outgoing-interface is already provided then it seems that using a zoned IP address as a next hop address here would potentially be confusing, or at least not required because it is effectively already scoped to the outgoing-interface anyway?  It seems like it provides redundant information.



Considering another arbitrary protocol YANG module RFC, this time TWAMP, rfc 8913, it seems that some of the ip-address fields in the model could in theory support link local addresses (e.g., the test-session ones), but it is unclear to me whether that was ever the intent, or whether that even makes sense.  For the other uses of IP addresses that identify a client or server, it feels like using link local addresses is much less compelling.  Modelling these all with the same type seems confusing.



     |     +--rw test-session-request* [name]

     |        +--rw name                  string

     |        +--rw sender-ip?            inet:ip-address

     |        +--rw sender-udp-port?      union

     |        +--rw reflector-ip          inet:ip-address

     |        +--rw reflector-udp-port?   inet:port-number

     |        +--rw timeout?              uint64

     |        +--rw padding-length?       uint32

     |        +--rw test-packet-dscp?     inet:dscp

     |        +--rw start-time?           uint64

     |        +--rw repeat?               uint32

     |        +--rw repeat-interval?      uint32

     |        +--rw pm-reg-list* [pm-index]

     |        |  +--rw pm-index    uint16

     |        +--ro state?                test-session-state

     |        +--ro sid?                  string





E.g., I guess that you could use a zoned IP address for the reflector-ip, but I suspect that most implementations would not anticipate/support this.  It feels to me that a cleaner way of modelling this would be to not use a zoned IP address type at all and have a separate egress-interface if:-interface-ref (perhaps under an if-feature, to enable and indicate support for test sessions over link-local addresses).



My overriding concern here, if we don’t change/fix the ip-address type, is that we will end up with a set of YANG models that:

  1.  Models this behaviour in different ways for different protocols/features.
  2.  Are entirely ambiguous to clients and implementations as to whether it makes sense to support zoned IP addresses and/or whether zoned link-local addresses are supported for each leaf.
  3.  We are creating models for a hypothetical use case rather than how these protocols are actually being deployed/implemented today.  I.e., I am more concerned about getting IETF YANG modules usable for the 99% use case than the 1% use case.



Regards,

Rob

v2.37.1 | Report a Bug | By Email | System Status