Internet DRAFT - draft-li-savnet-sav-yang

draft-li-savnet-sav-yang



SAVNET                                                            D. Li
Internet Draft                                      Tsinghua University
Intended status: Standards Track                                 L. Liu
Expires: September 3, 2024                      Zhongguancun Laboratory
                                                                 C. Lin
                                                   New H3C Technologies
                                                                  J. Wu
                                                    Tsinghua University
                                                                  T. Wu
                                                                 Huawei
                                                               W. Cheng
                                                           China Mobile
                                                          March 3, 2024


             YANG Data Model for Intra-domain and Inter-domain
                     Source Address Validation (SAVNET)
                        draft-li-savnet-sav-yang-04


Abstract

   This document describes a YANG data model for Intra-domain and
   Inter-domain Source Address Validation (SAVNET). The model serves as
   a base framework for configuring and managing an SAV subsystem,
   including SAV rule and SAV Tables, and expected to be augmented by
   other SAV technology models accordingly. Additionally, this document
   also specifies the model for the SAV Static application.



Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF). Note that other groups may also distribute
   working documents as Internet-Drafts. The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 3, 2024.

Li, et al.          Expires September 3, 2024                 [Page 1]

Internet-Draft  YANG Data Model for Source Address Validation         4


Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Table of Contents


   1. Introduction...................................................3
   2. Terminology and Notation.......................................3
      2.1. Tree Diagrams.............................................5
      2.2. Prefixes in Data Node Names...............................5
   3. Model Overview.................................................5
      3.1. SAV Configuration.........................................8
      3.2. SAV State................................................10
      3.3. SAV Notifications........................................10
   4. Basic Building Blocks.........................................11
      4.1. SAV Rules................................................11
      4.2. SAV Table................................................11
   5. Structure of YANG modules.....................................12
      5.1. SAV Management YANG Module...............................12
      5.2. IPv4 SAV Management YANG Module..........................26
      5.3. IPv6 SAV Management YANG Module..........................30
   6. Security Considerations.......................................34
   7. IANA Considerations...........................................34
   8. References....................................................34
      8.1. Normative References.....................................34
      8.2. Informative References...................................35
   Appendix A. The Complete Schema Tree.............................35
   Appendix B. Data Tree Example....................................39
   Authors' Addresses...............................................45








Li, et al.          Expires September 3, 2024                 [Page 2]

Internet-Draft  YANG Data Model for Source Address Validation         4


1. Introduction

   This document defines three YANG [RFC7950] data modules for
   configuring and managing Source Address Validation.

   1) The "ietf-sav" provides generic components of SAV data model.

   2) The "ietf-ipv4-sav-rule" module augments the "ietf-sav" module
   with additional data specific to IPv4 SAV.

   3) The "ietf-ipv6-sav-rule" module augments the "ietf-sav" module
   with additional data specific to IPv6 SAV.

   They form the core SAV data module and together serve as a framework
   for configuring and managing a SAV subsystem. The data modules
   provide common building blocks of Source address validation- SAV
   rules and SAV Tables.

   This model is vendor neutral in order to allow operators to manage
   SAV configuration in a heterogeneous environment with routers
   supplied by multiple vendors.

   The YANG modules in this document conform to the Network Management
   Datastore Architecture (NMDA) [RFC8342].



2. Terminology and Notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   The following terms are defined in [RFC8342]:

   o  client

   o  server

   o  configuration

   o  system state

   o  operational state

   o  intended configuration

Li, et al.          Expires September 3, 2024                 [Page 3]

Internet-Draft  YANG Data Model for Source Address Validation         4


   The following terms are defined in [RFC7950]:

   o  action

   o  augment

   o  container

   o  data model

   o  data node

   o  feature

   o  leaf

   o  leaf-list

   o  list

   o  mandatory node

   o  module

   o  schema tree

   o  RPC (Remote Procedure Call) operation

   The new term is defined as follows:

   core SAV data model: YANG data model comprising "ietf-sav",

      "ietf-ipv4-sav-rule", and "ietf-ipv6-sav-rule" modules.

   SAV Table: An object containing a list of SAV rules, together

      with other information. See Section 4.2 for details.

   system-controlled entry: An entry in a list in the operational

      state("config false") that is created by the system

      independently of what has been explicitly configured. See

      Section 3 for details.

   user-controlled entry: An entry in a list in the operational


Li, et al.          Expires September 3, 2024                 [Page 4]

Internet-Draft  YANG Data Model for Source Address Validation         4


      state("config false") that is created and deleted as a direct

      consequence of certain configuration changes. See Section 3

      for details.

2.1. Tree Diagrams

   Tree diagrams used in this document follow the notation defined in
   [RFC8340].

2.2. Prefixes in Data Node Names

   In this document, names of data nodes, actions, and other data model
   objects are often used without a prefix, as long as it is clear from
   the context in which YANG module each name is defined. Otherwise,
   names are prefixed using the standard prefix associated with the
   corresponding YANG module, as shown in Table 1.

             +--------+-------------------------+-------------+
             | Prefix | YANG module             | Reference   |
             +--------+-------------------------+-------------+
             | if     | ietf-interfaces         | [RFC8343]   |
             | ip     | ietf-ip                 | [RFC8344]   |
             | sav    | ietf-sav                | Section 5.1 |
             | v4sav  | ietf-ipv4-sav-rule      | Section 5.2 |
             | v6sav  | ietf-ipv6-sav-rule      | Section 5.3 |
             | yang   | ietf-yang-types         | [RFC6991]   |
             | inet   | ietf-inet-types         | [RFC6991]   |
             +--------+-------------------------+-------------+

                Table 1: Prefixes and Corresponding YANG Modules

3. Model Overview

   The core SAV data model consists of three YANG modules, namely
   "ietf-sav", "ietf-ipv4-sav-rule" and "ietf-ipv6-sav-rule". The
   "ietf-sav" module defines the generic components of a SAV framework.
   The other two modules -- "ietf-ipv4-sav-rule" and "ietf-ipv6-sav-
   rule" - augment "ietf-sav" module with additional data nodes that
   are needed for IPv4 and IPv6 SAV. Figure1 shows abridged view of the
   yang organization and hierarchy for SAV, and the complete data tree
   is listed in Appendix A.

   As can be seen in Figure 1, the core SAV data model introduces
   several generic components of a SAV framework: rules, SAV tables
   containing lists of rules, and SAV event. Section 4 describes some
   core components in more detail.

Li, et al.          Expires September 3, 2024                 [Page 5]

Internet-Draft  YANG Data Model for Source Address Validation         4


   The core SAV data model defines several lists in the schema tree,
   such as "sav-table", that could be populated with its entries in any
   properly functioning device, and additional entries may be
   configured by a client. In such a list, the server creates the
   required item as a "system-controlled entry" in the operational
   state, i.e., inside read-only lists in the "sav" container.
   Additional entries called "user-controlled entries" may be created
   in the configuration by a client, e.g., via the Network
   Configuration Protocol (NETCONF).







































Li, et al.          Expires September 3, 2024                 [Page 6]

Internet-Draft  YANG Data Model for Source Address Validation         4


   module: ietf-sav
     +--rw sav
     |  +--rw router-id?  yang:dotted-quad
     |  +--ro interfaces
     |  |  +--ro interface* [name]
     |  |  |     ...
     |  +--rw v4sav-entry-limits
     |  |     ...
     |  +--rw v6sav-entry-limits
     |  |     ...
     |  +--rw source-protocol-priorities
     |  |  +--rw source-protocol-priority* [type]
     |  |  |     ...
     |  +--rw sav-controls
     |  |     ...
     |  +--rw static-savs
     |  |  +--rw v4sav:ipv4
     |  |  |     ...
     |  |  +--rw v6sav:ipv6
     |  |        ...
     |  +--rw sav-tables
     |  |  +--rw sav-table* [name]
     |  |     +--ro name              string
     |  |     +--ro address-family?   identityref
     |  |     +--ro description?      string
     |  |     +--ro sav-rules
     |  |     |  +--ro sav-rule*
     |  |     |        ...
     |  |     +---x active-sav-rule
     |  |        +---w input
     |  |        |  +---w v4sav:source-address?  inet:ipv4-address
     |  |        |  +---w v6sav:source-address?  inet:ipv6-address
     |  |        +--ro output
     |  |        |     ...
     |  +--ro sav-block-flow-infos
     |  |  +--ro sav-block-flow-info*
     |  |  |     ...
     +---n sav-event
     |  +--ro router-id?  yang:dotted-quad
     |  |     ...
     augment /if:interfaces/if:interface:
     |  +--rw sav-control
     |  |     ...

               Figure 1: Yang Organization and Hierarchy

   A client may also provide supplemental configuration of system-
   controlled entries.  To do so, the client creates a new entry in the

Li, et al.          Expires September 3, 2024                 [Page 7]

Internet-Draft  YANG Data Model for Source Address Validation         4


   configuration with the desired contents.  In order to bind this
   entry to the corresponding entry in the operational state, the key
   of the configuration entry has to be set to the same value as the
   key of the operational state entry.

   Deleting a user-controlled entry from the intended configuration
   results in the removal of the corresponding entry in the operational
   state list.  In contrast, if a client deletes a system-controlled
   entry from the intended configuration, only the extra configuration
   specified in that entry is removed; the corresponding operational
   state entry is not removed.

3.1. SAV Configuration

   The SAV configuration is defined in sav container of the module
   ietf-sav and augment of the module ietf-interfaces. As can be seen
   from Figure 2, the SAV configuration includes: "v4sav-entry-limits",
   "v6sav-entry-limits", "source-protocol-priorities", "sav-controls",
   "static-savs", and "sav-control" of specified interface.

   module: ietf-sav
     +--rw sav
     |  +--rw v4sav-entry-limits
     |  |     ...
     |  +--rw v6sav-entry-limits
     |  |     ...
     |  +--rw source-protocol-priorities
     |  |  +--rw source-protocol-priority* [type]
     |  |  |     ...
     |  +--rw sav-controls
     |  |     ...
     |  +--rw static-savs
     |  |  +--rw v4sav:ipv4
     |  |  |     ...
     |  |  +--rw v6sav:ipv6
     |  |        ...
     augment /if:interfaces/if:interface:
     |  +--rw sav-control
     |  |     ...

                    Figure 2: SAV Configuration Tree

   V4sav-entry-limits: Specified limits for IPv4 SAV rules can be
   configured.

   V6sav-entry-limits: Specified limits for IPv6 SAV rules can be
   configured.


Li, et al.          Expires September 3, 2024                 [Page 8]

Internet-Draft  YANG Data Model for Source Address Validation         4


   Source-protocol-priorities: The source protocol priority can be
   configured for SAV rule. This attribute allows for selecting the
   preferred SAV-rule among SAV-rules from the different source
   protocol. A smaller value indicates a SAV-rule that is more
   preferred.

   Sav-controls: The SAV function and mode can be controlled globally.
   The packet operation can be configured globally when the SAV entry
   is hit or miss, such as dropping the packet and passing the packet.
   The SAV statistics of all interface can be cleared. It also can be
   controlled globally to report the top few SAV rules with the highest
   number of filtered counterfeit packets, and to view the information
   of data flow blocked by SAVNET.

   Static-savs: The SAV rules of static protocol can be configured
   manually.

   Sav-control of specified interface: Defines some SAV configurations
   under the ingress interface. The SAV enable-switch and mode under
   the interface is controlled. The SAV statistics of the interface can
   be cleared. It can be controlled under specified interface to report
   the top few SAV rules with the highest number of filtered
   counterfeit packets, and to view the information of data flow
   blocked by SAVNET.
























Li, et al.          Expires September 3, 2024                 [Page 9]

Internet-Draft  YANG Data Model for Source Address Validation         4


3.2. SAV State

   module: ietf-sav
     +--rw sav
     |  +--ro interfaces
     |  |  +--ro interface* [name]
     |  |  |     ...
     |  ...
     |  +--rw sav-tables
     |  |  +--rw sav-table* [name]
     |  |     +--ro name              string
     |  |     +--ro address-family?   identityref
     |  |     +--ro description?      string
     |  |     +--ro sav-rules
     |  |     |  +--ro sav-rule*
     |  |     |        ...
     |  |     +---x active-sav-rule
     |  |        +---w input
     |  |        |  +---w v4sav:source-address?  inet:ipv4-address
     |  |        |  +---w v6sav:source-address?  inet:ipv6-address
     |  |        +--ro output
     |  |        |     ...
     |  +--ro sav-block-flow-infos
     |  |  +--ro sav-block-flow-info*
     |  |  |     ...

                        Figure 3: SAV State Tree

   As can be seen from Figure 3, the SAV state includes "interfaces",
   "sav-tables" [SAV Table] and "sav-block-flow-infos" in sav container
   of the module ietf-sav. The "interfaces" contains SAV statistics
   under the interface, such as statistics of dropping packets. The
   "sav-tables" contains the details of SAV rules for the specified
   address family. The "sav-block-flow-infos" includes the information
   of data flow blocked by SAVNET.

3.3. SAV Notifications

   module: ietf-sav
     +---n sav-event
     |  +--ro router-id?  yang:dotted-quad
     |  |     ...

                    Figure 4: SAV Notifications tree

   As can be seen from Figure 4, the SAV notification is defined in
   sav-event model of the module ietf-sav. It includes a series of SAV


Li, et al.          Expires September 3, 2024                [Page 10]

Internet-Draft  YANG Data Model for Source Address Validation         4


   anomalous and warning events, for example, the SAV entry has reached
   the upper limit.

4. Basic Building Blocks

4.1. SAV Rules

   SAV Rules are the filtering rules generated by SAV mechanisms that
   determines valid incoming interfaces for specific source prefixes.
   The SAV data model defines only the following minimal set of
   attributes:

   o "source-prefix": address prefix specifying the set of source
      addresses for which the SAV rules may be used. This attribute is
      mandatory.

   o "incoming-interface": determines the valid incoming interfaces
      for the packets from specific source addresses.

   SAV Rules are primarily system state and appear as entries in SAV
   tables (Section 4.2), but they may also be found in configuration
   data --for example, as manually configured static SAVs. In the
   latter case, configurable SAV rule attributes are generally a subset
   of attributes defined for rules of SAV table.

4.2. SAV Table

   An implementation of the SAV data model manages one or more SAV
   tables. A SAV table is a list of SAV rules complemented with
   administrative data. Each SAV table contains only SAV rules of one
   address family.

   The contents of SAV tables are controlled and manipulated by source
   protocol operations that may result in SAV rule additions, removals,
   and modifications.

   The following action is defined for the "sav-table" list:

   o active-sav-rule: return the active SAV rule for the source
      address that is specified as the action's input parameter.








Li, et al.          Expires September 3, 2024                [Page 11]

Internet-Draft  YANG Data Model for Source Address Validation         4


5. Structure of YANG modules

5.1. SAV Management YANG Module


    <CODE BEGINS> file "ietf-sav@2023-05-20.yang"

    module ietf-sav {
      yang-version "1.1";
      namespace "urn:ietf:params:xml:ns:yang:ietf-sav";
      prefix "sav";

      import ietf-yang-types {
        prefix "yang";
      }

      import ietf-interfaces {
        prefix "if";
      }

      import ietf-inet-types {
        prefix "inet";
      }

      organization
        "IETF SAVNET Working Group";

      contact
        "TBD";

      description
        "This YANG module defines the essential elements for the
         management of Source address validation (SAV). The model
         fully conforms to the Network Management Datastore
         Architecture (NMDA).

         The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
         NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT
         RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be
         interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when,
         and only when, they appear in all capitals, as shown here.

         Copyright (c) 2023 IETF Trust and the persons identified as
         authors of the code. All rights reserved.

         Redistribution and use in source and binary forms, with or
         without modification, is permitted pursuant to, and subject to
         the license terms contained in, the Revised BSD License set

Li, et al.          Expires September 3, 2024                [Page 12]

Internet-Draft  YANG Data Model for Source Address Validation         4


         forth in Section 4.c of the IETF Trust's Legal Provisions
         Relating to IETF Documents
         (https://trustee.ietf.org/license-info).

         This version of this YANG module is part of RFC XXXX
         (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
         for full legal notices.";

      reference
        "RFC XXXX: A YANG Data Model For SAV Management.";

      revision 2023-05-20 {
        description
          "Initial revision.";
        reference
          "RFC XXXX: A YANG Data Model for SAV Management.";
      }

      /* Features */

      feature router-id {
        description
          "This feature indicates that the server supports an explicit
           32-bit router ID that is used by some control-plane
           protocols.

           Servers that do not advertise this feature set a router ID
           algorithmically, usually to one of the configured IPv4
           addresses. However, this algorithm is implementation
           specific.";
      }

      /* Identities */

      identity address-family {
        description
          "Base identity from which identities describing address
           families are derived.";
      }

      identity ipv4 {
        base address-family;
        description
          "This identity represents an IPv4 address family.";
      }

      identity ipv6 {
        base address-family;

Li, et al.          Expires September 3, 2024                [Page 13]

Internet-Draft  YANG Data Model for Source Address Validation         4


        description
          "This identity represents an IPv6 address family.";
      }

      identity source-protocol {
        description
          "Base identity from which source protocol
           identities are derived.";
      }

      identity static {
        base source-protocol;
        description
          "'Static' pseudo-protocol.";
      }

      identity sav-mode {
        description
          "Base identity from which identities describing SAV
           modes of the specified interface are derived.";
      }

      identity sav-im {
        base sav-mode;
        description
          "This identity represents an SAV incomplete mode.";
      }

      identity sav-cm {
        base sav-mode;
        description
          "This identity represents an SAV complete mode.";
      }

      identity sav-check-type {
        description
          "Base identity from which identities describing SAV
           check types of the specified interface are derived.";
      }

      identity sav-allow-list {
        base sav-check-type;
        description
          "This identity represents an SAV allow list type.";
      }

      identity sav-block-list {
        base sav-check-type;

Li, et al.          Expires September 3, 2024                [Page 14]

Internet-Draft  YANG Data Model for Source Address Validation         4


        description
          "This identity represents an SAV block list type.";
      }

      /* Type Definitions */

      typedef rule-preference {
        type uint32;
        description
          "This type is used for SAV-rule preferences.";
      }

      /* Groupings */

      grouping address-family {
        description
          "This grouping provides a leaf identifying an address
           family.";
        leaf address-family {
          type identityref {
            base address-family;
          }
          mandatory true;
          description
            "Address family.";
        }
      }

      grouping router-id {
        description
          "This grouping provides a router ID.";
        leaf router-id {
          type yang:dotted-quad;
          description
            "A 32-bit number in the form of a dotted quad that is used
             by some control-plane protocols identifying a router.";
          reference
            "RFC 2328: OSPF Version 2";
        }
      }

      grouping rule-metadata {
        description
          "Common SAV-rule metadata.";
        leaf source-protocol {
          type identityref {
            base source-protocol;
          }

Li, et al.          Expires September 3, 2024                [Page 15]

Internet-Draft  YANG Data Model for Source Address Validation         4


          mandatory true;
          description
            "Type of the source protocol from which the
             SAV-rule originated.";
        }
        leaf active {
          type empty;
          description
            "The presence of this leaf indicates that the rule is
             preferred among all rules in the same SAV table that
             have the same source prefix.";
        }
        leaf last-updated {
          type yang:date-and-time;
          description
            "Timestamp of the last modification of the rule. If the
             rule was never modified, it is the time when the SAV
             rule was inserted into the SAV table.";
        }
        leaf total-packets {
          type uint64;
          description
            "Number of the total packets checked by a SAV rule.";
        }
        leaf total-bytes {
          type uint64;
          description
            "Number of the total bytes checked by a SAV rule.";
        }
        leaf drop-packets {
          type uint64;
          description
            "Number of the drop packets by a SAV rule.";
        }
        leaf drop-bytes {
          type uint64;
          description
            "Number of the drop bytes by a SAV rule.";
        }
        leaf sav-invalid-packets {
          type uint64;
          description
            "Number of the packets with invalid SAV result.";
        }
        leaf sav-invalid-bytes {
          type uint64;
          description
            "Number of the packet bytes with invalid SAV result.";

Li, et al.          Expires September 3, 2024                [Page 16]

Internet-Draft  YANG Data Model for Source Address Validation         4


        }
        leaf sav-valid-packets {
          type uint64;
          description
            "Number of the packets with valid SAV result.";
        }
        leaf sav-valid-bytes {
          type uint64;
          description
            "Number of the packet bytes with valid SAV result.";
        }
      }

      grouping limit-metadata {
        description
          "Common SAV-rule limit metadata.";
        leaf number {
          type uint32;
          description
            "This attribute allows for controlling number limit.";
        }
        leaf threshold-percent {
          type uint8 {
            range "0..100";
          }
          description
            "This attribute allows for controlling threshold percentage
             limit.";
        }
        leaf threshold-number {
          type uint32;
          description
            "This attribute allows for controlling threshold number
             limit.";
        }
      }

      /* Augments */

      augment "/if:interfaces/if:interface" {
        description
          "SAV configuration of incoming interfaces.";
        container sav-control {
          description
            "Support for SAV interface configuration.";
          leaf sav-enabled {
            type boolean;
            description

Li, et al.          Expires September 3, 2024                [Page 17]

Internet-Draft  YANG Data Model for Source Address Validation         4


              "This attribute allows for controlling the SAV function
               of the incoming interface.";
          }
          leaf sav-mode {
            type identityref {
              base sav-mode;
            }
            description
              "This attribute allows for controlling the SAV mode
               of the incoming interface.";
          }
          action sav-reset {
            description
              "Reset action of a SAV incoming interface";
            input {
              leaf reset-statistics {
                type boolean;
                description
                  "This attribute allows for clearing the SAV
                   statistics of the incoming interface.";
              }
            }
          }
          container sav-spoof-top {
            description
              "Support for reporting the top few SAV rules with the
               highest number of filtered counterfeit packets under
               specified interface.";
            leaf enabled {
              type boolean;
              description
                "This attribute allows for controlling the function of
                 reporting the top few SAV rules with the highest
                 number of filtered counterfeit packets under specified
                 interface.";
            }
            leaf top-number {
              type uint32;
              description
                "This attribute allows for setting the top number of
                 the SAV rules with the highest number of filtered
                 counterfeit packets under specified interface.";
            }
          }
          container sav-block-flow-report {
            description
              "Support for viewing the information of data flow blocked
               by SAVNET under specified interface.";

Li, et al.          Expires September 3, 2024                [Page 18]

Internet-Draft  YANG Data Model for Source Address Validation         4


            leaf enabled {
              type boolean;
              description
                "This attribute allows for controlling the function of
                 viewing the information of data flow blocked by
                 SAVNET under specified interface.";
            }
          }
        }
      }

      /* Data nodes */

      container sav {
        description
          "Configuration parameters for the SAV subsystem.";
        uses router-id {
          if-feature "router-id";
          description
            "Support for the global router ID. Control-plane protocols
             that use a router ID can use this parameter or override it
             with another value.";
        }
        container interfaces {
          config false;
          description
            "Network-layer interfaces used for SAV.";
          list interface {
            key "name";
            description
              "Each entry contains the SAV statistics of a interface";
            leaf name {
              type if:interface-ref;
              description
                "The name of an interface.";
            }
            leaf total-packets {
              type uint64;
              description
                "The number of total packets for specified interface.";
            }
            leaf total-bytes {
              type uint64;
              description
                "The byte number of total packets for specified
                 interface.";
            }
            leaf drop-packets {

Li, et al.          Expires September 3, 2024                [Page 19]

Internet-Draft  YANG Data Model for Source Address Validation         4


              type uint64;
              description
                "The number of drop packets for SAV function.";
            }
            leaf drop-bytes {
              type uint64;
              description
                "The byte number of drop packets for SAV function.";
            }
            leaf sav-invalid-packets {
              type uint64;
              description
                "The number of the packets with invalid SAV result.";
            }
            leaf sav-invalid-bytes {
              type uint64;
              description
                "The byte number of the packets with invalid SAV
                 result.";
            }
            leaf sav-valid-packets {
              type uint64;
              description
                "The number of the packets with valid SAV result";
            }
            leaf sav-valid-bytes {
              type uint64;
              description
                "The byte number of the packets with valid SAV
                 result.";
            }
          }
        }
        container v4sav-entry-limits {
          description
            "Specification limit of ipv4 SAV table.";
          uses limit-metadata;
        }
        container v6sav-entry-limits {
          description
            "Specification limit of ipv6 SAV table.";
          uses limit-metadata;
        }
        container source-protocol-priorities {
          description
            "Support for SAV source protocol priorities.";
          list source-protocol-priority {
            key "type";

Li, et al.          Expires September 3, 2024                [Page 20]

Internet-Draft  YANG Data Model for Source Address Validation         4


            description
              "Each entry contains a SAV source protocol
               priority.";
            leaf type {
              type identityref {
                base source-protocol;
              }
              description
                "Type of the source protocol -- an identity
                 derived from the 'source-protocol' base
                 identity.";
            }
            leaf preference {
              type rule-preference;
              description
                "This attribute allows for selecting the preferred
                 SAV-rule among SAV-rules from the different source
                 protocol. A smaller value indicates a SAV-rule that is
                 more preferred.";
            }
          }
        }
        container sav-controls {
          description
            "Support for SAV global configuration.";
          leaf sav-enabled {
            type boolean;
            description
              "This attribute allows for controlling the SAV
               function.";
          }
          leaf sav-mode {
            type identityref {
              base sav-mode;
            }
            description
              "This attribute allows for controlling the SAV mode.";
          }
          action sav-interface-reset {
            description
              "Global reset action of SAV interface";
            input {
              leaf reset-statistics {
                type boolean;
                description
                  "This attribute allows for clearing the SAV
                   statistics of all interfaces.";
              }

Li, et al.          Expires September 3, 2024                [Page 21]

Internet-Draft  YANG Data Model for Source Address Validation         4


            }
          }
          container sav-spoof-top {
            description
              "Support for reporting the top few SAV rules with the
               highest number of filtered counterfeit packets.";
            leaf enabled {
              type boolean;
              description
                "This attribute allows for globally controlling the
                 function of reporting the top few SAV rules with the
                 highest number of filtered counterfeit packets.";
            }
            leaf top-number {
              type uint32;
              description
                "This attribute allows for globally setting the top
                 number of the SAV rules with the highest number of
                 filtered counterfeit packets.";
            }
          }
          container sav-block-flow-report {
            description
              "Support for viewing the information of data flow blocked
               by SAVNET.";
            leaf enabled {
              type boolean;
              description
                "This attribute allows for globally controlling the
                 function of viewing the information of data flow
                 blocked by SAVNET.";
            }
          }
        }
        container static-savs {
          description
            "Support for the 'static' pseudo-protocol.

             Address-family-specific modules augment this node with
             their lists of SAV rules.";
        }
        container sav-tables {
          description
            "Support for SAV tables.";
          list sav-table {
            key "name";
            description
              "Each entry contains a configuration for a SAV

Li, et al.          Expires September 3, 2024                [Page 22]

Internet-Draft  YANG Data Model for Source Address Validation         4


               table identified by the 'name' key.";
            leaf name {
              type string;
              description
                "The name of the SAV table.";
            }
            uses address-family {
              description
                "The address family of the SAV table.";
            }
            leaf description {
              type string;
              description
                "Textual description of the SAV table.";
            }
            container sav-rules {
              config false;
              description
                "Current contents of the SAV table.";
              list sav-rule {
                description
                  "A SAV table rule entry. This data node
                   MUST be augmented with information specific to
                   SAV-rule of each address family.";
                leaf rule-preference {
                  type rule-preference;
                  description
                    "This attribute allows for selecting the
                     preferred SAV-rule among SAV-rules with the same
                     source prefix. A smaller value indicates a
                     SAV-rule that is more preferred.";
                }
                container incoming-interfaces {
                  description
                    "Network-layer incoming interfaces of a SAV rule.";
                  leaf-list incoming-interface {
                    type if:interface-ref;
                    description
                      "Each entry is the name of a SAV incoming
                       interface";
                  }
                }
                uses rule-metadata;
              }
            }
            action active-sav-rule {
              description
                "Return the active SAV rule that is used for the

Li, et al.          Expires September 3, 2024                [Page 23]

Internet-Draft  YANG Data Model for Source Address Validation         4


                 source address.

                 Address-family-specific modules MUST augment input
                 parameters with a leaf named 'source-address'.";
              output {
                container sav-rule {
                  description
                    "The active SAV rule for the specified source.

                     If no rule exists in the SAV table for the source
                     address, no output is returned.

                     Address-family-specific modules MUST augment this
                     container with appropriate contents.";
                  container incoming-interfaces {
                    description
                      "Network-layer incoming interfaces of a SAV
                       rule.";
                    leaf-list incoming-interface {
                      type if:interface-ref;
                      description
                        "Each entry is the name of a SAV incoming
                         interface";
                    }
                  }
                  uses rule-metadata;
                }
              }
            }
          }
        }
        container sav-block-flow-infos {
          config false;
          description
            "The information of data flow blocked by SAVNET.";
          list sav-block-flow-info {
            description
              "The information of a data stream blocked by SAVNET.";
            leaf source-ip-address {
              type inet:ip-address;
              description
                "Source address of the data stream blocked by SAVNET.";
            }
            leaf source-port {
              type uint16;
              description
                "Source port of the data stream blocked by SAVNET.";
            }

Li, et al.          Expires September 3, 2024                [Page 24]

Internet-Draft  YANG Data Model for Source Address Validation         4


            leaf destination-ip-address {
              type inet:ip-address;
              description
                "Destination address of the data stream blocked by
                 SAVNET.";
            }
            leaf destination-port {
              type uint16;
              description
                "Destination port of the data stream blocked by
                 SAVNET.";
            }
            leaf arrival-time {
              type yang:date-and-time;
              description
                "Arrival time of the data stream blocked by SAVNET.";
            }
          }
        }
      }
      notification sav-event {
        description
          "This notification is sent when there is an abnormality in
           SAV table.";
        uses router-id {
          if-feature "router-id";
          description
            "the router ID of the server corresponding to the SAV
             table.";
        }
        uses address-family {
          description
            "The address family of the SAV table.";
        }
        leaf sav-limit-reached {
          type boolean;
          description
            "Indicates that the number of SAV table entries reached
             the upper limit.";
        }
        container top-spoof-sav-rules {
          description
            "The top few SAV rules with the highest number of filtered
             counterfeit packets.";
          list sav-rule {
            description
              "A SAV rule entry. This data node MUST be augmented with
               information specific to SAV-rule of each address

Li, et al.          Expires September 3, 2024                [Page 25]

Internet-Draft  YANG Data Model for Source Address Validation         4


               family.";
            leaf rule-preference {
              type rule-preference;
              description
                "This attribute allows for selecting the preferred
                 SAV-rule among SAV-rules with the same source prefix.
                 A smaller value indicates a SAV-rule that is more
                 preferred.";
            }
            container incoming-interfaces {
              description
                "Network-layer incoming interfaces of a SAV rule.";
              leaf-list incoming-interface {
                type if:interface-ref;
                description
                  "Each entry is the name of a SAV incoming interface";
              }
            }
            uses rule-metadata;
          }
        }
      }
    }

    <CODE ENDS>

5.2. IPv4 SAV Management YANG Module


    <CODE BEGINS> file "ietf-ipv4-sav-rule@2023-05-20.yang"

    module ietf-ipv4-sav-rule {
      yang-version "1.1";
      namespace "urn:ietf:params:xml:ns:yang:ietf-ipv4-sav-rule";
      prefix "v4sav";

      import ietf-sav {
        prefix "sav";
      }

      import ietf-interfaces {
        prefix "if";
      }

      import ietf-inet-types {
        prefix "inet";
      }


Li, et al.          Expires September 3, 2024                [Page 26]

Internet-Draft  YANG Data Model for Source Address Validation         4


      organization
        "IETF SAVNET Working Group";

      contact
        "TBD";

      description
        "This YANG module defines the essential elements for the
         management of IPv4 SAV rule.

         Copyright (c) 2023 IETF Trust and the persons identified as
         authors of the code. All rights reserved.

         Redistribution and use in source and binary forms, with or
         without modification, is permitted pursuant to, and subject to
         the license terms contained in, the Revised BSD License set
         forth in Section 4.c of the IETF Trust's Legal Provisions
         Relating to IETF Documents
         (https://trustee.ietf.org/license-info).

         This version of this YANG module is part of RFC XXXX
         (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
         for full legal notices.";

      revision 2023-05-20 {
        description
          "Initial revision.";
        reference
          "RFC XXXX: A YANG Data Model for SAV Management";
      }

      /* Identities */

      identity ipv4 {
        base sav:ipv4;
        description
          "This identity represents the IPv4 address family.";
      }

      /* Groupings */
      grouping limit-metadata {
        description
          "Common SAV-rule limit metadata.";
        leaf number {
          type uint32;
          description
            "This attribute allows for controlling number limit.";
        }

Li, et al.          Expires September 3, 2024                [Page 27]

Internet-Draft  YANG Data Model for Source Address Validation         4


        leaf threshold-percent {
          type uint8 {
            range "0..100";
          }
          description
            "This attribute allows for controlling threshold percentage
             limit.";
        }
        leaf threshold-number {
          type uint32;
          description
            "This attribute allows for controlling threshold number
             limit.";
        }
      }

      augment "/sav:sav/sav:sav-tables/sav:sav-table/"
            + "sav:sav-rules/sav:sav-rule" {
        when "derived-from-or-self(../../sav:address-family, "
           + "'v4sav:ipv4')" {
          description
            "This augment is valid only for IPv4.";
        }
        description
          "This leaf augments an IPv4 SAV rule.";
        leaf source-prefix {
          type inet:ipv4-prefix;
          description
            "IPv4 source prefix.";
        }
      }

      augment "/sav:sav/sav:sav-tables/sav:sav-table/"
            + "sav:active-sav-rule/sav:input" {
        when "derived-from-or-self(../sav:address-family, "
           + "'v4sav:ipv4')" {
          description
            "This augment is valid only for IPv4.";
        }
        description
          "This augment adds the input parameter of the
           'active-sav-rule' action.";
        leaf source-address {
          type inet:ipv4-address;
          description
            "IPv4 source address.";
        }
      }

Li, et al.          Expires September 3, 2024                [Page 28]

Internet-Draft  YANG Data Model for Source Address Validation         4



      augment "/sav:sav/sav:sav-tables/sav:sav-table/"
            + "sav:active-sav-rule/sav:output/sav:sav-rule" {
        when "derived-from-or-self(../../sav:address-family, "
           + "'v4sav:ipv4')" {
          description
            "This augment is valid only for IPv4.";
        }
        description
          "This augment adds the source prefix to the reply of the
           'active-sav-rule' action.";
        leaf source-prefix {
          type inet:ipv4-prefix;
          description
            "IPv4 source prefix.";
        }
      }

      augment "/sav:sav/sav:static-savs" {
        description
          "This augment defines the 'static' pseudo-protocol
           with data specific to IPv4.";
        container ipv4 {
          description
            "Support for a 'static' pseudo-protocol instance
             consists of a list of SAV rules.";
          container sav-entry-limits {
            description
              "Specification limit of ipv4 SAV table.";
            uses limit-metadata;
          }
          list sav-rule {
            key "source-prefix";
            description
              "A list of static SAV rules.";
            leaf source-prefix {
              type inet:ipv4-prefix;
              mandatory true;
              description
                "IPv4 source prefix.";
            }
            leaf description {
              type string;
              description
                "Textual description of the SAV rule.";
            }
            container incoming-interfaces {
              description

Li, et al.          Expires September 3, 2024                [Page 29]

Internet-Draft  YANG Data Model for Source Address Validation         4


                "Support for incoming interfaces.";
              list incoming-interface {
                key "name";
                description
                  "Each entry contains the information of a
                   incoming interface";
                leaf name {
                  type if:interface-ref;
                  description
                    "The name of an incoming interface.";
                }
                leaf check-type {
                  type identityref {
                    base sav:sav-check-type;
                  }
                  description
                    "The SAV check type of an incoming interface.";
                }
              }
            }
          }
        }
      }
    }

    <CODE ENDS>

5.3. IPv6 SAV Management YANG Module


    <CODE BEGINS> file "ietf-ipv6-sav-rule@2023-05-20.yang"

    module ietf-ipv6-sav-rule {
      yang-version "1.1";
      namespace "urn:ietf:params:xml:ns:yang:ietf-ipv6-sav-rule";
      prefix "v6sav";

      import ietf-sav {
        prefix "sav";
      }

      import ietf-interfaces {
        prefix "if";
      }

      import ietf-inet-types {
        prefix "inet";
      }

Li, et al.          Expires September 3, 2024                [Page 30]

Internet-Draft  YANG Data Model for Source Address Validation         4



      organization
        "IETF SAVNET Working Group";

      contact
        "TBD";

      description
        "This YANG module defines the essential elements for the
         management of IPv6 SAV rule.

         Copyright (c) 2023 IETF Trust and the persons identified as
         authors of the code. All rights reserved.

         Redistribution and use in source and binary forms, with or
         without modification, is permitted pursuant to, and subject to
         the license terms contained in, the Revised BSD License set
         forth in Section 4.c of the IETF Trust's Legal Provisions
         Relating to IETF Documents
         (https://trustee.ietf.org/license-info).

         This version of this YANG module is part of RFC XXXX
         (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
         for full legal notices.";

      revision 2023-05-20 {
        description
          "Initial revision.";
        reference
          "RFC XXXX: A YANG Data Model for SAV Management";
      }

      /* Identities */

      identity ipv6 {
        base sav:ipv6;
        description
          "This identity represents the IPv6 address family.";
      }

      /* Groupings */
      grouping limit-metadata {
        description
          "Common SAV-rule limit metadata.";
        leaf number {
          type uint32;
          description
            "This attribute allows for controlling number limit.";

Li, et al.          Expires September 3, 2024                [Page 31]

Internet-Draft  YANG Data Model for Source Address Validation         4


        }
        leaf threshold-percent {
          type uint8 {
            range "0..100";
          }
          description
            "This attribute allows for controlling threshold percentage
             limit.";
        }
        leaf threshold-number {
          type uint32;
          description
            "This attribute allows for controlling threshold number
             limit.";
        }
      }

      augment "/sav:sav/sav:sav-tables/sav:sav-table/"
            + "sav:sav-rules/sav:sav-rule" {
        when "derived-from-or-self(../../sav:address-family, "
           + "'v6sav:ipv6')" {
          description
            "This augment is valid only for IPv6.";
        }
        description
          "This leaf augments an IPv6 SAV rule.";
        leaf source-prefix {
          type inet:ipv6-prefix;
          description
            "IPv6 source prefix.";
        }
      }

      augment "/sav:sav/sav:sav-tables/sav:sav-table/"
            + "sav:active-sav-rule/sav:input" {
        when "derived-from-or-self(../sav:address-family, "
           + "'v6sav:ipv6')" {
          description
            "This augment is valid only for IPv6.";
        }
        description
          "This augment adds the input parameter of the
           'active-sav-rule' action.";
        leaf source-address {
          type inet:ipv6-address;
          description
            "IPv6 source address.";
        }

Li, et al.          Expires September 3, 2024                [Page 32]

Internet-Draft  YANG Data Model for Source Address Validation         4


      }

      augment "/sav:sav/sav:sav-tables/sav:sav-table/"
            + "sav:active-sav-rule/sav:output/sav:sav-rule" {
        when "derived-from-or-self(../../sav:address-family, "
           + "'v6sav:ipv6')" {
          description
            "This augment is valid only for IPv6.";
        }
        description
          "This augment adds the source prefix to the reply of the
           'active-sav-rule' action.";
        leaf source-prefix {
          type inet:ipv6-prefix;
          description
            "IPv6 source prefix.";
        }
      }

      augment "/sav:sav/sav:static-savs" {
        description
          "This augment defines the 'static' pseudo-protocol
           with data specific to IPv6.";
        container ipv6 {
          description
            "Support for a 'static' pseudo-protocol instance
             consists of a list of SAV rules.";
          container sav-entry-limits {
            description
              "Specification limit of ipv6 SAV table.";
            uses limit-metadata;
          }
          list sav-rule {
            key "source-prefix";
            description
              "A list of static SAV rules.";
            leaf source-prefix {
              type inet:ipv6-prefix;
              mandatory true;
              description
                "IPv6 source prefix.";
            }
            leaf description {
              type string;
              description
                "Textual description of the SAV rule.";
            }
            container incoming-interfaces {

Li, et al.          Expires September 3, 2024                [Page 33]

Internet-Draft  YANG Data Model for Source Address Validation         4


              description
                "Support for incoming interfaces.";
              list incoming-interface {
                key "name";
                description
                  "Each entry contains the information of a
                   incoming interface";
                leaf name {
                  type if:interface-ref;
                  description
                    "The name of an incoming interface.";
                }
                leaf check-type {
                  type identityref {
                    base sav:sav-check-type;
                  }
                  description
                    "The SAV check type of an incoming interface.";
                }
              }
            }
          }
        }
      }
    }

    <CODE ENDS>

6. Security Considerations

   TBD

7. IANA Considerations

   TBD

8. References

8.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, DOI
             10.17487/RFC2119, March 1997, <https://www.rfc-
             editor.org/info/rfc2119>.

   [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC
             6991, DOI 10.17487/RFC6991, July 2013, <https://www.rfc-
             editor.org/info/rfc6991>.

Li, et al.          Expires September 3, 2024                [Page 34]

Internet-Draft  YANG Data Model for Source Address Validation         4


   [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
             RFC 7950, DOI 10.17487/RFC7950, August 2016,
             <https://www.rfc-editor.org/info/rfc7950>.

   [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
             2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
             May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
             and R. Wilton, "Network Management Datastore Architecture
             (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
             <https://www.rfc-editor.org/info/rfc8342>.

   [RFC8343] Bjorklund, M., "A YANG Data Model for Interface
             Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
             <https://www.rfc-editor.org/info/rfc8343>.

   [RFC8344] Bjorklund, M., "A YANG Data Model for IP Management", RFC
             8344, DOI 10.17487/RFC8344, March 2018, <https://www.rfc-
             editor.org/info/rfc8344>.

8.2. Informative References

   [RFC7895] Bierman, A., Bjorklund, M., and K. Watsen, "YANG Module
             Library", RFC 7895, DOI 10.17487/RFC7895, June 2016,
             <https://www.rfc-editor.org/info/rfc7895>.

   [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", RFC
             7951, DOI 10.17487/RFC7951, August 2016, <https://www.rfc-
             editor.org/info/rfc7951>.

   [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
             BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
             <https://www.rfc-editor.org/info/rfc8340>.

   [SAV Table]

             "Source Address Validation Table Abstraction and
             Application", 2023,
             <https://datatracker.ietf.org/doc/draft-huang-savnet-sav-
             table/>.



Appendix A. The Complete Schema Tree

   This appendix presents the complete tree of the SAV data model. See
   [RFC8340] for an explanation of the symbols used.

Li, et al.          Expires September 3, 2024                [Page 35]

Internet-Draft  YANG Data Model for Source Address Validation         4


   module: ietf-sav
     +--rw sav
     |  +--rw router-id?  yang:dotted-quad
     |  +--ro interfaces
     |  |  +--ro interface* [name]
     |  |     +--ro name          if:interface-ref
     |  |     +--ro total-packets? uint64
     |  |     +--ro total-bytes?   uint64
     |  |     +--ro drop-packets? uint64
     |  |     +--ro drop-bytes?   uint64
     |  |     +--ro sav-invalid-packets? uint64
     |  |     +--ro sav-invalid-bytes?   uint64
     |  |     +--ro sav-valid-packets?   uint64
     |  |     +--ro sav-valid-bytes?     uint64
     |  +--rw v4sav-entry-limits
     |  |  +--rw number?  uint32
     |  |  +--rw threshold-percent? uint8
     |  |  +--rw threshold-number?  uint32
     |  +--rw v6sav-entry-limits
     |  |  +--rw number?  uint32
     |  |  +--rw threshold-percent? uint8
     |  |  +--rw threshold-number?  uint32
     |  +--rw source-protocol-priorities
     |  |  +--rw source-protocol-priority* [type]
     |  |     +--rw type          identityref
     |  |     +--rw preference?   rule-preference
     |  +--rw sav-controls
     |  |  +--rw sav-enabled?   boolean
     |  |  +--rw sav-mode?      identityref
     |  |  +---x sav-interface-reset
     |  |  |  +---w input
     |  |  |     +---w reset-statistics?  boolean
     |  |  +--rw sav-spoof-top
     |  |     +--rw enabled?    boolean
     |  |     +--rw top-number? uint32
     |  |  +--rw sav-block-flow-report
     |  |     +--rw enabled?  boolean
     |  +--rw static-savs
     |  |  +--rw v4sav:ipv4
     |  |  |  +--rw v4sav:sav-entry-limits
     |  |  |     +--rw v4sav:number?  uint32
     |  |  |     +--rw v4sav:threshold-percent? uint8
     |  |  |     +--rw v4sav:threshold-number?  uint32
     |  |  |  +--rw v4sav:sav-rule* [source-prefix]
     |  |  |     +--rw v4sav:source-prefix  inet:ipv4-prefix
     |  |  |     +--rw v4sav:description?   string
     |  |  |     +--rw v4sav:incoming-interfaces
     |  |  |        +--rw v4sav:incoming-interface* [name]

Li, et al.          Expires September 3, 2024                [Page 36]

Internet-Draft  YANG Data Model for Source Address Validation         4


     |  |  |        |  +--rw v4sav:name        if:interface-ref
     |  |  |        |  +--rw v4sav:check-type  identityref
     |  |  +--rw v6sav:ipv6
     |  |  |  +--rw v6sav:sav-entry-limits
     |  |  |     +--rw v6sav:number?  uint32
     |  |  |     +--rw v6sav:threshold-percent? uint8
     |  |  |     +--rw v6sav:threshold-number?  uint32
     |  |  |  +--rw v6sav:sav-rule* [source-prefix]
     |  |  |     +--rw v6sav:source-prefix  inet:ipv6-prefix
     |  |  |     +--rw v6sav:description?   string
     |  |  |     +--rw v6sav:incoming-interfaces
     |  |  |        +--rw v6sav:incoming-interface* [name]
     |  |  |        |  +--rw v6sav:name        if:interface-ref
     |  |  |        |  +--rw v6sav:check-type  identityref
     |  +--rw sav-tables
     |  |  +--rw sav-table* [name]
     |  |     +--ro name              string
     |  |     +--ro address-family?   identityref
     |  |     +--ro description?      string
     |  |     +--ro sav-rules
     |  |     |  +--ro sav-rule*
     |  |     |     +--ro rule-preference?        rule-preference
     |  |     |     +--ro incoming-interfaces
     |  |     |     |  +--ro incoming-interface*  if:interface-ref
     |  |     |     +--ro source-protocol         identityref
     |  |     |     +--ro active?                 empty
     |  |     |     +--ro last-updated?           yang:date-and-time
     |  |     |     +--ro v4sav:source-prefix?    inet:ipv4-prefix
     |  |     |     +--ro v6sav:source-prefix?    inet:ipv6-prefix
     |  |     |     +--ro total-packets?          uint64
     |  |     |     +--ro total-bytes?            uint64
     |  |     |     +--ro drop-packets?           uint64
     |  |     |     +--ro drop-bytes?             uint64
     |  |     |     +--ro sav-invalid-packets?    uint64
     |  |     |     +--ro sav-invalid-bytes?      uint64
     |  |     |     +--ro sav-valid-packets?      uint64
     |  |     |     +--ro sav-valid-bytes?        uint64
     |  |     +---x active-sav-rule
     |  |        +---w input
     |  |        |  +---w v4sav:source-address?    inet:ipv4-address
     |  |        |  +---w v6sav:source-address?    inet:ipv6-address
     |  |        +--ro output
     |  |           +--ro sav-rule
     |  |              +--ro incoming-interfaces
     |  |              |  +--ro incoming-interface* if:interface-ref
     |  |              +--ro source-protocol        identityref
     |  |              +--ro active                 empty
     |  |              +--ro last-updated?          yang:date-and-time

Li, et al.          Expires September 3, 2024                [Page 37]

Internet-Draft  YANG Data Model for Source Address Validation         4


     |  |              +--ro v4sav:source-prefix?   inet:ipv4-prefix
     |  |              +--ro v6sav:source-prefix?   inet:ipv6-prefix
     |  |              +--ro total-packets?         uint64
     |  |              +--ro total-bytes?           uint64
     |  |              +--ro drop-packets?          uint64
     |  |              +--ro drop-bytes?            uint64
     |  |              +--ro sav-invalid-packets?   uint64
     |  |              +--ro sav-invalid-bytes?     uint64
     |  |              +--ro sav-valid-packets?     uint64
     |  |              +--ro sav-valid-bytes?       uint64
     |  +--ro sav-block-flow-infos
     |  |  +--ro sav-block-flow-info*
     |  |     +--ro source-ip-address        inet:ip-address
     |  |     +--ro source-port              uint16
     |  |     +--ro destination-ip-address   inet:ip-address
     |  |     +--ro destination-port         uint16
     |  |     +--ro arrival-time             yang:date-and-time
     +---n sav-event
     |  +--ro router-id?          yang:dotted-quad
     |  +--ro address-family      identityref
     |  +--ro sav-limit-reached?  Boolean
     |  +--ro top-spoof-sav-rules
     |  |  +--ro sav-rule*
     |  |     +--ro rule-preference?        rule-preference
     |  |     +--ro incoming-interfaces
     |  |     |  +--ro incoming-interface*  if:interface-ref
     |  |     +--ro source-protocol         identityref
     |  |     +--ro active?                 empty
     |  |     +--ro last-updated?           yang:date-and-time
     |  |     +--ro v4sav:source-prefix?    inet:ipv4-prefix
     |  |     +--ro v6sav:source-prefix?    inet:ipv6-prefix
     |  |     +--ro total-packets?          uint64
     |  |     +--ro total-bytes?            uint64
     |  |     +--ro drop-packets?           uint64
     |  |     +--ro drop-bytes?             uint64
     |  |     +--ro sav-invalid-packets?    uint64
     |  |     +--ro sav-invalid-bytes?      uint64
     |  |     +--ro sav-valid-packets?      uint64
     |  |     +--ro sav-valid-bytes?        uint64
     augment /if:interfaces/if:interface:
     |  +--rw sav-control
     |  |  +--rw sav-enabled? boolean
     |  |  +--rw sav-mode?    identityref
     |  |  +---x sav-reset
     |  |  |  +---w input
     |  |  |     +---w reset-statistics?  Boolean
     |  |  +--rw sav-spoof-top
     |  |     +--rw enabled?    boolean

Li, et al.          Expires September 3, 2024                [Page 38]

Internet-Draft  YANG Data Model for Source Address Validation         4


     |  |     +--rw top-number? uint32
     |  |  +--rw sav-block-flow-report
     |  |     +--rw enabled?  boolean

Appendix B. Data Tree Example

   This section contains an example of an instance data tree from the
   operational state, in JSON encoding [RFC7951]. The data conforms to
   a data model that is defined by the following YANG library
   specification [RFC7895]:






































Li, et al.          Expires September 3, 2024                [Page 39]

Internet-Draft  YANG Data Model for Source Address Validation         4


    {
      "ietf-yang-library:modules-state": {
        "module-set-id": "c2e1f54169aa7f36e1a6e8d0865d441d3600f9c4",
        "module": [
          {
            "name": "ietf-sav",
            "revision": "2023-05-20",
            "feature": [
              "router-id"
            ],
            "namespace": "urn:ietf:params:xml:ns:yang:ietf-sav",
            "conformance-type": "implement"
          },
          {
            "name": "ietf-ipv4-sav-rule",
            "revision": "2023-05-20",
            "namespace":
              "urn:ietf:params:xml:ns:yang:ietf-ipv4-sav-rule",
            "conformance-type": "implement"
          },
          {
            "name": "ietf-ipv6-sav-rule",
            "revision": "2023-05-20",
            "namespace":
              "urn:ietf:params:xml:ns:yang:ietf-ipv6-sav-rule",
            "conformance-type": "implement",
          },
          {
            "name": "ietf-interfaces",
            "revision": "2018-02-20",
            "namespace": "urn:ietf:params:xml:ns:yang:ietf-interfaces",
            "conformance-type": "implement"
          },
          {
            "name": "ietf-inet-types",
            "namespace": "urn:ietf:params:xml:ns:yang:ietf-inet-types",
            "revision": "2013-07-15",
            "conformance-type": "import"
          },
          {
            "name": "ietf-yang-types",
            "namespace": "urn:ietf:params:xml:ns:yang:ietf-yang-types",
            "revision": "2013-07-15",
            "conformance-type": "import"
          },
          {
            "name": "iana-if-type",
            "namespace": "urn:ietf:params:xml:ns:yang:iana-if-type",

Li, et al.          Expires September 3, 2024                [Page 40]

Internet-Draft  YANG Data Model for Source Address Validation         4


            "revision": "2014-05-08",
            "conformance-type": "implement"
          },
          {
            "name": "ietf-ip",
            "revision": "2018-02-22",
            "namespace": "urn:ietf:params:xml:ns:yang:ietf-ip",
            "conformance-type": "implement"
          }
        ]
      }
    }

   A simple network setup as shown in Figure 2 is assumed: router "A"
   uses static SAV rule on interface "eth0" to verify traffic message
   from the subnet attached to "B" router with source address
   "198.51.100.1" and "2001:db8:0:2::1".

                      +-----------------+
                      |                 |
                      |    Router A     |
                      |                 |
                      +--------+--------+
                          eth0 |2000:db8:0:1::2
                               |193.0.2.2
                               |
                               |
                               |2000:db8:0:1::1
                               |193.0.2.1
                      +--------+--------+
                      |                 |
                      |     Router B    |
                      |                 |
                      +--------+--------+
                               |198.51.100.1
                               |2000:db8:0:2::1
                               |

                   Figure 2: Example of Network Configuration


   The instance data tree could then be as follows:

   {
     "ietf-interfaces:interfaces": {
       "interface": [
         {
           "name": "eth0",

Li, et al.          Expires September 3, 2024                [Page 41]

Internet-Draft  YANG Data Model for Source Address Validation         4


           "type": "iana-if-type:ethernetCsmacd",
           "description": "Downlink to B.",
           "phys-address": "10:0C:43:E5:B3:E9",
           "oper-status": "up",
           "statistics": {
             "discontinuity-time": "2023-05-20T17:11:27+02:00"
           },
           "ietf-ip:ipv4": {
             "forwarding": true,
             "mtu": 1500,
             "address": [
               {
                 "ip": "193.0.2.2",
                 "prefix-length": 24
               }
             ]
           },
           "ietf-ip:ipv6": {
             "forwarding": true,
             "mtu": 1500,
             "address": [
               {
                 "ip": "2000:0db8:0:1::2",
                 "prefix-length": 64
               }
             ],
             "autoconf": {
               "create-global-addresses": false
             },
           },
           "sav-control": {
             "sav-enabled": true,
             "sav-mode": "ietf-sav:sav-cm"
           }
         }
       ]
     },

     "ietf-sav:sav": {
       "router-id": "193.0.2.2",
       "static-savs": {
         "ietf-ipv4-sav-rule:ipv4": {
           "sav-rule": [
             {
               "source-prefix": "198.51.100.0/24",
               "incoming-interfaces": {
                 "incoming-interface": "eth0"
               }

Li, et al.          Expires September 3, 2024                [Page 42]

Internet-Draft  YANG Data Model for Source Address Validation         4


             }
           ]
         },
         "ietf-ipv6-sav-rule:ipv6": {
           "sav-rule": [
             {
               "source-prefix": "2000:db8:0:2::/64",
               "incoming-interfaces": {
                 "incoming-interface": "eth0"
               }
             }
           ]
         }
       },
       "sav-tables": {
         "sav-table": [
           {
             "name": "ipv4-master",
             "address-family":
               "ietf-sav:ipv4",
             "sav-rules": {
               "sav-rule": [
                 {
                   "ietf-ipv4-sav-rule:source-prefix":
                     "198.51.100.0/24",
                   "incoming-interfaces": {
                     "incoming-interface": "eth0"
                   },
                   "rule-preference": 5,
                   "source-protocol": "ietf-sav:static",
                   "last-updated": "2023-5-20T17:11:27+02:00",
                   "total-packets": 10,
                   "total-bytes": 100,
                   "drop-packets": 0,
                   "drop-bytes": 0,
                   "sav-invalid-packets": 0,
                   "sav-invalid-bytes": 0,
                   "sav-valid-packets": 10,
                   "sav-valid-bytes": 100
                 }
               ]
             }
           },
           {
             "name": "ipv6-master",
             "address-family":
               "ietf-sav:ipv6",
             "sav-rules": {

Li, et al.          Expires September 3, 2024                [Page 43]

Internet-Draft  YANG Data Model for Source Address Validation         4


               "sav-rule": [
                 {
                   "ietf-ipv6-sav-rule:source-prefix":
                     "2000:db8:0:2::/64",
                   "incoming-interfaces": {
                     "incoming-interface": "eth0"
                   },
                   "source-protocol": "ietf-routing:static",
                   "route-preference": 5,
                   "last-updated": "2023-5-20T17:11:27+02:00",
                   "total-packets": 10,
                   "total-bytes": 100,
                   "drop-packets": 0,
                   "drop-bytes": 0,
                   "sav-invalid-packets": 0,
                   "sav-invalid-bytes": 0,
                   "sav-valid-packets": 10,
                   "sav-valid-bytes": 100
                 }
               ]
             }
           }
         ]
       }
     }
   }






















Li, et al.          Expires September 3, 2024                [Page 44]

Internet-Draft  YANG Data Model for Source Address Validation         4


Authors' Addresses



   Dan Li
   Tsinghua University
   Beijing
   China

   Email: tolidan@tsinghua.edu.cn

   Libin Liu
   Zhongguancun Laboratory
   Beijing
   China

   Email: gaofang@zgclab.edu.cn

   Changwang Lin
   New H3C Technologies
   Beijing
   China

   Email: linchangwang.04414@h3c.com

   Jianping Wu
   Tsinghua University
   Beijing
   China

   Email: jianping@cernet.edu.cn


   Tianhao Wu
   Huawei Technologies
   Beijing
   China

   Email: wutianhao10@huawei.com







Li, et al.          Expires September 3, 2024                [Page 45]

Internet-Draft  YANG Data Model for Source Address Validation         4


   Weiqiang Cheng
   China Mobile
   Beijing
   China

   Email: chengweiqiang@chinamobile.com










































Li, et al.          Expires September 3, 2024                [Page 46]