rfc9835v1.txt		rfc9835.txt
	skipping to change at line 1442 ¶		skipping to change at line 1442 ¶
	'name': Defines a name for the peer group.		'name': Defines a name for the peer group.
	'local-address': Specifies an address or a reference to an interface		'local-address': Specifies an address or a reference to an interface
	to use when establishing the BGP transport session.		to use when establishing the BGP transport session.
	'description': Includes a description of the peer group.		'description': Includes a description of the peer group.
	'apply-policy': Lists a set of import/export policies [RFC9067] to		'apply-policy': Lists a set of import/export policies [RFC9067] to
	apply for this group.		apply for this group.
	'local-as': Indicates a local AS Number (ASN).		'local-as': Indicates a local Autonomous System Number (ASN).
	'peer-as': Indicates the peer's ASN.		'peer-as': Indicates the peer's ASN.
	'address-family': Indicates the address family of the peer. It can		'address-family': Indicates the address family of the peer. It can
	be set to 'ipv4', 'ipv6', or 'dual-stack'.		be set to 'ipv4', 'ipv6', or 'dual-stack'.
	This address family might be used together with the service type		This address family might be used together with the service type
	that uses an AC (e.g., 'vpn-type' [RFC9182]) to derive the		that uses an AC (e.g., 'vpn-type' [RFC9182]) to derive the
	appropriate Address Family Identifiers (AFIs) / Subsequent Address		appropriate Address Family Identifiers (AFIs) / Subsequent Address
	Family Identifiers (SAFIs) that will be part of the derived device		Family Identifiers (SAFIs) that will be part of the derived device
	skipping to change at line 3091 ¶		skipping to change at line 3091 ¶
	type string;		type string;
	description		description
	"Includes a description of the BGP session. This description		"Includes a description of the BGP session. This description
	is meant to be used for diagnostic purposes. The semantics		is meant to be used for diagnostic purposes. The semantics
	of the description are local to an implementation.";		of the description are local to an implementation.";
	}		}
	uses rt-pol:apply-policy-group;		uses rt-pol:apply-policy-group;
	leaf local-as {		leaf local-as {
	type inet:as-number;		type inet:as-number;
	description		description
	"Indicates a local AS Number (ASN), if an ASN distinct from		"Indicates a local Autonomous System Number (ASN), if an ASN
	the ASN configured at the AC level is needed.";		distinct from the ASN configured at the AC level is
			needed.";
	}		}
	leaf peer-as {		leaf peer-as {
	type inet:as-number;		type inet:as-number;
	mandatory true;		mandatory true;
	description		description
	"Indicates the customer's ASN when the customer requests BGP		"Indicates the customer's ASN when the customer requests BGP
	routing.";		routing.";
	}		}
	leaf address-family {		leaf address-family {
	type identityref {		type identityref {
	skipping to change at line 4273 ¶		skipping to change at line 4274 ¶
	description		description
	"Specifies the ACs that are terminated by the SAP.";		"Specifies the ACs that are terminated by the SAP.";
	uses ac-ntw:attachment-circuit-reference;		uses ac-ntw:attachment-circuit-reference;
	}		}
	}		}
	}		}
	<CODE ENDS>		<CODE ENDS>
	7. Security Considerations		7. Security Considerations
	This section is modeled after the template described in Section 3.7		Several data nodes ('bgp', 'ospf', 'isis', 'rip', and 'customer-key-
	of [YANG-GUIDELINES].		chain') rely upon [RFC8177] for authentication purposes. As such,
			the AC network module inherits the security considerations discussed
			in Section 5 of [RFC8177]. Also, these data nodes support supplying
			explicit keys as strings in ASCII format. The use of keys in
			hexadecimal string format would afford greater key entropy with the
			same number of key-string octets. However, such a format is not
			included in this version of the AC network model, because it is not
			supported by the underlying device modules (e.g., [RFC8695]).
			Section 5.8 specifies the encryption to be applied to traffic for a
			given AC.
			The remainder of this section is modeled after the template described
			in Section 3.7.1 of [YANG-GUIDELINES].
	The "ietf-ac-ntw" YANG module defines a data model that is designed		The "ietf-ac-ntw" YANG module defines a data model that is designed
	to be accessed via YANG-based management protocols, such as NETCONF		to be accessed via YANG-based management protocols, such as NETCONF
	[RFC6241] and RESTCONF [RFC8040]. These protocols have to use a		[RFC6241] and RESTCONF [RFC8040]. These protocols have to use a
	secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and QUIC		secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and QUIC
	[RFC9000]) and have to use mutual authentication.		[RFC9000]) and have to use mutual authentication.
	The Network Configuration Access Control Model (NACM) [RFC8341]		The Network Configuration Access Control Model (NACM) [RFC8341]
	provides the means to restrict access for particular NETCONF or		provides the means to restrict access for particular NETCONF or
	RESTCONF users to a preconfigured subset of all available NETCONF or		RESTCONF users to a preconfigured subset of all available NETCONF or
	skipping to change at line 4332 ¶		skipping to change at line 4346 ¶
	'l2-connection' and 'ip-connection': An attacker can retrieve		'l2-connection' and 'ip-connection': An attacker can retrieve
	privacy-related information, which can be used to track a		privacy-related information, which can be used to track a
	customer. Disclosing such information may be considered a		customer. Disclosing such information may be considered a
	violation of the customer-provider trust relationship.		violation of the customer-provider trust relationship.
	'keying-material' and 'customer-key-chain': An attacker can retrieve		'keying-material' and 'customer-key-chain': An attacker can retrieve
	the cryptographic keys protecting an AC (routing, in particular).		the cryptographic keys protecting an AC (routing, in particular).
	These keys could be used to inject spoofed routing advertisements.		These keys could be used to inject spoofed routing advertisements.
	Several data nodes ('bgp', 'ospf', 'isis', 'rip', and 'customer-key-		There are no particularly sensitive RPC or action operations.
	chain') rely upon [RFC8177] for authentication purposes. As such,
	the AC network module inherits the security considerations discussed
	in Section 5 of [RFC8177]. Also, these data nodes support supplying
	explicit keys as strings in ASCII format. The use of keys in
	hexadecimal string format would afford greater key entropy with the
	same number of key-string octets. However, such a format is not
	included in this version of the AC network model, because it is not
	supported by the underlying device modules (e.g., [RFC8695]).
	Section 5.8 specifies the encryption to be applied to traffic for a
	given AC.
	8. IANA Considerations		8. IANA Considerations
	IANA has registered the following URI in the "ns" subregistry within		IANA has registered the following URI in the "ns" subregistry within
	the "IETF XML Registry" [RFC3688]:		the "IETF XML Registry" [RFC3688]:
	URI: urn:ietf:params:xml:ns:yang:ietf-ac-ntw		URI: urn:ietf:params:xml:ns:yang:ietf-ac-ntw
	Registrant Contact: The IESG.		Registrant Contact: The IESG.
	XML: N/A; the requested URI is an XML namespace.		XML: N/A; the requested URI is an XML namespace.
End of changes. 4 change blocks.
	17 lines changed or deleted		20 lines changed or added
This html diff was produced by rfcdiff 1.48.