YANG Data Model for IPv6 Neighbor Discovery
draft-ietf-6man-ipv6-neighbor-discovery-yang-02
| Document | Type | Active Internet-Draft (6man WG) | |
|---|---|---|---|
| Authors | Fan Zhang , Yongqing Zhu , Bo Wu , Jiayuan Hu | ||
| Last updated | 2025-10-20 | ||
| Replaces | draft-zhang-6man-ipv6-address-resolution-yang | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Yang Validation | 0 errors, 0 warnings | ||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | I-D Exists | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-ietf-6man-ipv6-neighbor-discovery-yang-02
6MAN F. Zhang
Internet-Draft Y. Zhu
Intended status: Standards Track China Telecom
Expires: 23 April 2026 B. Wu
Huawei
J. Hu
China Telecom
20 October 2025
YANG Data Model for IPv6 Neighbor Discovery
draft-ietf-6man-ipv6-neighbor-discovery-yang-02
Abstract
This document defines a YANG data model to configure and manage IPv6
Neighbor Discovery (ND) and related functions, including IPv6 address
resolution, redirect function, proxy Neighbor Advertisement, Neighbor
Unreachability Detection (NUD), Duplicate Address Detection (DAD),
and Enhanced Duplicate Address Detection.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 23 April 2026.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
Zhang, et al. Expires 23 April 2026 [Page 1]
Internet-Draft ND YANG model October 2025
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 4
2. Design of the Data Model . . . . . . . . . . . . . . . . . . 4
2.1. IPv6 Address Resolution and Redirect Function . . . . . . 4
2.2. Proxy Neighbor Advertisement . . . . . . . . . . . . . . 5
2.3. Neighbor Unreachability Detection . . . . . . . . . . . . 5
2.4. Duplicate Address Detection . . . . . . . . . . . . . . . 6
2.5. IPv6 Neighbor Discovery Data Model . . . . . . . . . . . 6
3. IPv6 Neighbor Discovery YANG Module . . . . . . . . . . . . . 7
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
5. Security Considerations . . . . . . . . . . . . . . . . . . . 14
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15
7. Normative References . . . . . . . . . . . . . . . . . . . . 16
8. Informative References . . . . . . . . . . . . . . . . . . . 17
Appendix A. Data Model Examples . . . . . . . . . . . . . . . . 18
A.1. Configured Static IPv6 Neighbor Cache Entry . . . . . . . 18
A.2. Configuration of Proxy Neighbor Advertisement, NUD, and
DAD . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Appendix B. Coverage of IPv6 ND Functions in YANG Modules . . . 19
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction
This document defines a YANG data model "ietf-ipv6-nd" to configure
and manage IPv6 Neighbor Discovery (ND) and related functions,
including IPv6 address resolution [RFC4861], redirect function
[RFC4861], proxy Neighbor Advertisement [RFC4861], Neighbor
Unreachability Detection (NUD) [RFC4861], Duplicate Address Detection
(DAD) [RFC4862], and Enhanced Duplicate Address Detection [RFC7527].
Basic neighbor management functionality is supported by the "ietf-ip"
YANG data model [RFC8344], and there is already a draft
[I-D.ietf-intarea-arp-yang-model] extending the basic ARP YANG
functionality to cover optional ARP features and related statistics,
which applies only to IPv4. Thus, an extension for IPv6 is required
to maintain the Neighbor Cache entries.
[RFC4861] specifies the Neighbor Discovery protocol for IPv6, and
[RFC4862] specifies related functions. This document covers IPv6
address resolution [RFC4861], redirect function [RFC4861], proxy
Zhang, et al. Expires 23 April 2026 [Page 2]
Internet-Draft ND YANG model October 2025
Neighbor Advertisement [RFC4861], NUD [RFC4861], DAD [RFC4862], and
Enhanced DAD [RFC7527]. Other function, such as Router and Prefix
Discovery [RFC4861] are covered by submodule "ietf-ipv6-router-
advertisements" in [RFC8349], and static neighbor cache entries and
Stateless Address Autoconfiguration [RFC4862] are covered by module
"ietf-ip" in [RFC8344].
The model is based on YANG 1.1 as defined in [RFC7950] and conforms
to Network Management Datastore Architecture (NMDA) as defined in
[RFC8342].
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
The following terms are defined in [RFC8342]:
* configuration
* system state
* operational state
The following terms are defined in [RFC7950]:
* augment
* container
* data model
* data node
* leaf
* list
* module
* schema tree
The following terms are defined in [RFC4861]:
* Neighbor Discovery
Zhang, et al. Expires 23 April 2026 [Page 3]
Internet-Draft ND YANG model October 2025
* Neighbor Advertisement
* proxy Neighbor Advertisement
* Neighbor Unreachability Detection
The following term is defined in [RFC4862]:
* Duplicate Address Detection
* Stateless Address Autoconfiguration
The following term is defined in [RFC7527]:
* Enhanced Duplicate Address Detection
1.2. Tree Diagrams
Tree diagrams used in this document follow the notation defined in
[RFC8340].
2. Design of the Data Model
The YANG data model for IPv6 ND defines global configurations and
augments the "ietf-ip" [RFC8344] to provide per-interface
configuration. It configures and manages IPv6 address resolution and
redirect functions based on the IPv6 ND protocol, as well as other
related functions, including proxy Neighbor Advertisement, NUD, DAD,
and Enhanced DAD.
Note that the features related to ICMP Router and Prefix Discovery
are outside the scope of this module, since they have already been
defined in the submodule "ietf-ipv6-router-advertisements" [RFC8349].
Static neighbor cache entries and stateless address autoconfiguration
[RFC4862] are also out of the scope, as they are covered by "ietf-
ip"[RFC8344].
2.1. IPv6 Address Resolution and Redirect Function
The data model augments the "/if:interfaces/if:interface/ip:ipv6"
path defined in the "ietf-ip" module [RFC8344] for IPv6 ND protocol
[RFC4861].
The "dynamic-discovery" leaf enables the dynamic IPv6 address
resolution based on ND protocol.
Zhang, et al. Expires 23 April 2026 [Page 4]
Internet-Draft ND YANG model October 2025
The "ns-interval" leaf defines the interval of retransmitting
Neighbor Solicitation messages when a node tries to learn the link-
layer address of another node.
For the management of Neighbor Cache entries, the "stale-timeout"
leaves define the timeout for STALE entries, while the "age" leaf
augments the "/if:interfaces/if:interface/ip:ipv6/ip:neighbor" path
to indicate the elapsed time since the Neighbor Cache entry was last
confirmed reachable.
The "statistics" container defines a collection of interface-related
statistics on IPv6 ND messages.
The "redirect" leaf enables the sending and processing of Redirect
messages.
2.2. Proxy Neighbor Advertisement
The "proxy-na" container augmenting "ietf-ip" [RFC8344] defines the
configurations of proxy Neighbor Advertisements [RFC4861], which
indicate that a router is willing to accept packets not explicitly
addressed to itself. After receiving a Neighbor Solicitation message
whose destination address is not its own IPv6 address, a proxy router
replies to the source with a Neighbor Advertisement message carrying
its own link-layer address and the IPv6 address of the original
destination.
The "inter-vlan-proxy" leaf enables the router to proxy for hosts in
the same subnet with different VLANs to enable the communication
between them.
The "all-proxy" leaf enables the router to proxy for all hosts, that
is, responds unconditionally to Neighbor Solicitation messages no
matter whether the sources and destinations are in the same subnet or
not with its own Neighbor Advertisement messages, which can attract
the traffic to the router itself for centralized control or hidding
the topology of the network.
2.3. Neighbor Unreachability Detection
The "nud" leaf augmenting "ietf-ip" [RFC8344] enables Neighbor
Unreachability Detection (NUD) [RFC4861], which is used by a node to
track the reachability of the neighbors to which it sends packets and
update the state of the related Neighbor Cache entries.
Zhang, et al. Expires 23 April 2026 [Page 5]
Internet-Draft ND YANG model October 2025
The "reachable-time" leaf defines the time to confirm a neighbor's
reachability for NUD. A neighbor's state changes from REACHABLE to
STALE when there is no other reachability confirmation from the
neighbor within the "reachable-time".
The "ns-interval" leaf also indicates the interval for retransmitting
Neighbor Solicitation messages used by NUD.
2.4. Duplicate Address Detection
The "dup-addr-detect-transmits" leaf, which indicates the number of
consecutive Neighbor Solicitation messages sent while performing
Duplicate Address Detection (DAD) [RFC4862], has already been defined
in "ietf-ip" [RFC8344]. The value of "dup-addr-detect-transmits" can
be set to 0 to disable DAD.
The "ns-interval" leaf also indicates the interval for retransmitting
Neighbor Solicitation messages during DAD.
The "enhanced-dad" container augmenting "ietf-ip" [RFC8344] defines
the configurations for enhanced DAD [RFC7527], which is used to
automatically detect the looped-back IPv6 ND messages used in DAD.
The "enhanced-dad-auto-resolve" leaf enables automated action when a
duplicate is detected. When enabled, a trusted router may log a
system management message, drop the received ND message, and block
the untrusted IPv6 host nodes from which the duplicate NS (DAD) or NA
message was received.
2.5. IPv6 Neighbor Discovery Data Model
This document defines the YANG module "ietf-ipv6-nd", which has the
following structure.
Zhang, et al. Expires 23 April 2026 [Page 6]
Internet-Draft ND YANG model October 2025
module: ietf-ipv6-nd
+--rw nd
+--rw stale-timeout? uint32
augment /if:interfaces/if:interface/ip:ipv6:
+--rw nd
+--rw dynamic-discovery? boolean
+--rw nud? boolean
+--rw reachable-time? uint32
+--rw ns-interval? uint32
+--rw stale-timeout? uint32
+--rw redirect? boolean
+--rw proxy-na
| +--rw inter-vlan-proxy? boolean
| +--rw all-proxy? boolean
+--rw enhanced-dad
| +--rw enable? boolean
| +--rw enhanced-dad-auto-resolve? boolean
+--ro statistics
+--ro in-ns-pkts? yang:counter32
+--ro in-na-pkts? yang:counter32
+--ro in-rs-pkts? yang:counter32
+--ro in-ra-pkts? yang:counter32
+--ro in-redirect-pkts? yang:counter32
+--ro out-ns-pkts? yang:counter32
+--ro out-na-pkts? yang:counter32
+--ro out-rs-pkts? yang:counter32
+--ro out-ra-pkts? yang:counter32
+--ro out-redirect-pkts? yang:counter32
augment /if:interfaces/if:interface/ip:ipv6/ip:neighbor:
+--ro age? uint32
Figure 1
3. IPv6 Neighbor Discovery YANG Module
This section presents the YANG module of IPv6 Neighbor Discovery
defined in this document.
This module imports modules from Common YANG Data Types [RFC6991], A
YANG Data Model for Interface Management [RFC8343], and A YANG Data
Model for IP Management [RFC8344].
Zhang, et al. Expires 23 April 2026 [Page 7]
Internet-Draft ND YANG model October 2025
<CODE BEGINS> file "ietf-ipv6-nd@2025-10-20.yang"
module ietf-ipv6-nd {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-ipv6-nd";
prefix v6nd;
import ietf-yang-types {
prefix yang;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-interfaces {
prefix if;
reference
"RFC 8343: A Yang Data Model for Interface Management";
}
import ietf-ip {
prefix ip;
reference
"RFC 8344: A Yang Data Model for IP Management";
}
organization
"IETF IPv6 Maintenance Working Group (6man)";
contact
"WG Web: <https://datatracker.ietf.org/wg/6man/>
WG List: <mailto: 6man@ietf.org>
Author: Fan Zhang
<zhangf52@chinatelecom.cn>
Author: Yongqing Zhu
<zhuyq8@chinatelecom.cn>
Author: Bo Wu
<lana.wubo@huawei.com>
Author: Jiayuan Hu
<hujy5@chinatelecom.cn>";
description
"This YANG module defines a YANG data model to configure and manage
IPv6 Neighbor Discovery (ND) and related functions, including
IPv6 address resolution, redirect, proxy Neighbor
Advertisement, Neighbor Unreachability Detection (NUD), Duplicate
Address Detection (DAD), and Enhanced DAD.
The model is based on YANG 1.1 as defined in RFC 7950 and
conforms to Network Management Datastore Architecture (NMDA)
as defined in RFC 8342.
Copyright (c) 2025 IETF Trust and the persons identified as
Zhang, et al. Expires 23 April 2026 [Page 8]
Internet-Draft ND YANG model October 2025
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.";
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
RFC4862: IPv6 Stateless Address Autoconfiguration
RFC7527: Enhanced Duplicate Address Detection";
revision 2025-10-20 {
description
"Init revision";
reference
"RFC XXXX: YANG Data Model for IPv6 Neighbor Discovery";
}
/* Data nodes */
container nd {
description
"Global parameters for IPv6 ND.";
leaf stale-timeout {
type uint32;
units "second";
description
"The global timeout for Neighbor Cache entry in the STALE
state.";
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
Section 5.3";
}
}
augment "/if:interfaces/if:interface/ip:ipv6" {
Zhang, et al. Expires 23 April 2026 [Page 9]
Internet-Draft ND YANG model October 2025
description
"Augments interface configuration and state data with
parameters of IPv6 ND.";
container nd {
description
"Parameters of IPv6 ND.";
leaf dynamic-discovery {
type boolean;
default "true";
description
"Controls whether dynamic link-layer address resolution
for IPv6 on the interface is enabled or disabled.
true - dynamic link-layer address resolution based on
IPv6 ND is enabled,
false - dynamic link-layer address resolution based on
IPv6 ND is disabled.";
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
Section 7.2";
}
leaf nud {
type boolean;
default "true";
description
"Controls whether Neighbor Unreachability Detection (NUD)
on the interface is enabled or disabled.
true - NUD is enabled,
false - NUD is disabled.";
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
Section 7.3";
}
leaf reachable-time {
type uint32 {
range "0..3600000";
}
units "millisecond";
description
"The time to confirm a neighbor's reachability for NUD.";
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
- ReachableTime";
}
leaf ns-interval {
type uint32;
units "milliseconds";
description
"The interval of retransmitting Neighbor Solicitations to a
Zhang, et al. Expires 23 April 2026 [Page 10]
Internet-Draft ND YANG model October 2025
neighbor for address resolution, NUD, or DAD.";
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
Section 7.3.3";
}
leaf stale-timeout {
type uint32;
units "second";
description
"The timeout for Neighbor Cache entry in the STALE state on
the interface.";
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
Section 5.3";
}
leaf redirect {
type boolean;
default "false";
description
"Controls whether sending of ICMP Redirect messages
on the interface is enabled or disabled.
true - Sending of ICMP Redirect messages is enabled,
false - Sending of ICMP Redirect messages is disabled.";
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
Section 8";
}
container proxy-na {
description
"Parameters of proxy Neighbor Advertisements.";
leaf inter-vlan-proxy {
type boolean;
default "false";
description
"Controls whether the router proxies for hosts in the
same subnet with different VLANs";
}
leaf all-proxy {
type boolean;
default "false";
description
"Controls whether the router proxies for all hosts,
that is, responds unconditionally to Neighbor
Solicitation with its own Neighbor Advertisement.";
}
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
Section 7.2.8";
Zhang, et al. Expires 23 April 2026 [Page 11]
Internet-Draft ND YANG model October 2025
}
container enhanced-dad {
description
"Parameters of Enhanced DAD algorithm.";
leaf enable {
type boolean;
default "false";
description
"Controls whether Enhanced DAD algorithm is enabled or
disabled.";
}
leaf enhanced-dad-auto-resolve {
type boolean;
default "false";
description
"Controls whether the automated action is taken when
detecting duplicates. A trusted router can log a system
management message, drop the received ND message, and
block the untrusted IPv6 host nodes from which the
duplicate NS(DAD) or NA message was received.";
}
reference
"RFC7527: Enhanced Duplicate Address Detection";
}
container statistics {
config false;
description
"A collection of interface-related statistics about IPv6
ND messages.";
leaf in-ns-pkts {
type yang:counter32;
description
"The number of received Neighbor Solicitation packets.";
}
leaf in-na-pkts {
type yang:counter32;
description
"The number of received Neighbor Advertisement packets.";
}
leaf in-rs-pkts {
type yang:counter32;
description
"The number of received Router Solicitation packets.";
}
leaf in-ra-pkts {
type yang:counter32;
description
"The number of received Router Advertisement packets.";
Zhang, et al. Expires 23 April 2026 [Page 12]
Internet-Draft ND YANG model October 2025
}
leaf in-redirect-pkts {
type yang:counter32;
description
"The number of received Redirect packets.";
}
leaf out-ns-pkts {
type yang:counter32;
description
"The number of sent Neighbor Solicitation packets.";
}
leaf out-na-pkts {
type yang:counter32;
description
"The number of sent Neighbor Advertisement packets.";
}
leaf out-rs-pkts {
type yang:counter32;
description
"The number of sent Router Solicitation packets.";
}
leaf out-ra-pkts {
type yang:counter32;
description
"The number of sent Router Advertisement packets.";
}
leaf out-redirect-pkts {
type yang:counter32;
description
"The number of sent Redirect packets.";
}
}
}
}
augment "/if:interfaces/if:interface/ip:ipv6/ip:neighbor" {
description
"Augments IPv6 neighbor list with parameters of IPv6 address
resolution based on IPv6 ND.";
leaf age {
type uint32;
units "milliseconds";
config false;
description
"The time that has passed since receipt of the last
reachability confirmation for the neighbor.";
reference
"RFC4861: Neighbor Discovery for IP version 6 (IPv6)
Zhang, et al. Expires 23 April 2026 [Page 13]
Internet-Draft ND YANG model October 2025
Section 5.1";
}
}
}
<CODE ENDS>
Figure 2
4. IANA Considerations
This document registers a URI in the IETF XML registry [RFC3688].
Following the format in [RFC3688], the following registration is
requested to be made:
URI: urn:ietf:params:xml:ns:yang:ietf-ipv6-nd
Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace.
Figure 3
This document registers a YANG module in the YANG Module Names
registry [RFC6020].
name: ietf-ipv6-nd
namespace: urn:ietf:params:xml:ns:yang:ietf-ipv6-nd
prefix: v6nd
reference: RFC XXXX
Figure 4
5. Security Considerations
The YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040] . The lowest NETCONF layer
is the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC8446].
The NETCONF Access Control Model (NACM) [RFC8341] provides the means
to restrict access for particular NETCONF or RESTCONF users to a
preconfigured subset of all available NETCONF or RESTCONF protocol
operations and content.
Zhang, et al. Expires 23 April 2026 [Page 14]
Internet-Draft ND YANG model October 2025
There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability:
* /if:interfaces/if:interface/ip:ipv6/ipv6-nd:nd/ipv6-nd:dynamic-
discovery - This leaf is used to enable IPv6 address resolution,
which could allow traffic to be hijacked.
* /if:interfaces/if:interface/ip:ipv6/ipv6-nd:nd/ipv6-nd:proxy-na -
This subtree is used to enable proxy Neighbor Advertisement on an
interface, which could allow spoofing traffic to be injected.
* /if:interfaces/if:interface/ip:ipv6/ipv6-nd:nd/ipv6-nd:nud - This
leaf could be used to disable NUD on an interface, which could
lead to delays in Neighbor Cache updates and cause packets
forwarding to unreachable nodes.
* /if:interfaces/if:interface/ip:ipv6/ipv6-nd:nd/ipv6-nd:reachable-
time - This leaf is used to consider a neighbor reachable since
the last confirmation of reachability, which could be set to big
values to prolong the effect of spoofing Neighbor Cache entries or
small values to cause unnecessary frequent NUDs.
* /if:interfaces/if:interface/ip:ipv6/ipv6-nd:nd/ipv6-nd:ns-interval
- This leaf is used to set the interval of retransmitting Neighbor
Solicitations, which could allow DoS attacks.
* /ipv6-nd:nd/ipv6-nd:stale-timeout and
/if:interfaces/if:interface/ip:ipv6/ipv6-nd:nd/ipv6-nd:stale-
timeout - These leaves are used to set the timeout for Neighbor
Cache entry in the STALE state, which could allow the consumption
of cache.
Some of the readable data nodes in the ietf-ipv6-nd module may be
considered sensitive or vulnerable in some network environments. It
is thus important to control read access (e.g., via get, get-config,
or notification) to these data nodes.
6. Acknowledgments
The authors would like to thank Bin Han, Acee Lindem, Jen Linkova,
Éric Vyncke, and many others for their helpful comments and
suggestions.
Zhang, et al. Expires 23 April 2026 [Page 15]
Internet-Draft ND YANG model October 2025
7. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<https://www.rfc-editor.org/info/rfc4861>.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862,
DOI 10.17487/RFC4862, September 2007,
<https://www.rfc-editor.org/info/rfc4862>.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007,
<https://www.rfc-editor.org/info/rfc4941>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
RFC 6991, DOI 10.17487/RFC6991, July 2013,
<https://www.rfc-editor.org/info/rfc6991>.
[RFC7527] Asati, R., Singh, H., Beebee, W., Pignataro, C., Dart, E.,
and W. George, "Enhanced Duplicate Address Detection",
RFC 7527, DOI 10.17487/RFC7527, April 2015,
<https://www.rfc-editor.org/info/rfc7527>.
Zhang, et al. Expires 23 April 2026 [Page 16]
Internet-Draft ND YANG model October 2025
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>.
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
<https://www.rfc-editor.org/info/rfc8343>.
[RFC8344] Bjorklund, M., "A YANG Data Model for IP Management",
RFC 8344, DOI 10.17487/RFC8344, March 2018,
<https://www.rfc-editor.org/info/rfc8344>.
[RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for
Routing Management (NMDA Version)", RFC 8349,
DOI 10.17487/RFC8349, March 2018,
<https://www.rfc-editor.org/info/rfc8349>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[I-D.ietf-intarea-arp-yang-model]
Zheng, F., Wu, B., Wilton, R., Zhang, F., Zhu, Y., and X.
Ding, "A YANG Data Model for ARP", Work in Progress,
Internet-Draft, draft-ietf-intarea-arp-yang-model-00, 16
October 2025, <https://datatracker.ietf.org/doc/html/
draft-ietf-intarea-arp-yang-model-00>.
8. Informative References
Zhang, et al. Expires 23 April 2026 [Page 17]
Internet-Draft ND YANG model October 2025
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>.
[RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu,
"Handling Long Lines in Content of Internet-Drafts and
RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020,
<https://www.rfc-editor.org/info/rfc8792>.
Appendix A. Data Model Examples
A.1. Configured Static IPv6 Neighbor Cache Entry
This example illustrates the manual configuration for a Neighbor
Cache entry of interface eth0 for peer 2001:db8::2 with link-layer
address 00:00:5E:00:53:AB statically.
Note: '\' line wrapping per [RFC8792].
<?xml version="1.0" encoding="utf-8"?>
<interfaces \
xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces" \
xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">
<interface>
<name>eth0</name>
<type>ianaift:ethernetCsmacd</type>
<!-- other parameters from ietf-interfaces omitted -->
<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
<!-- ipv6 address configuration parameters omitted -->
<neighbor>
<ip>2001:db8::2</ip>
<link-layer-address>00:00:5E:00:53:AB</link-layer-address>
</neighbor>
</ipv6>
</interface>
</interfaces>
Figure 5
A.2. Configuration of Proxy Neighbor Advertisement, NUD, and DAD
This example illustrates the configuration of enabling proxy Neighbor
Advertisement, NUD, and DAD with setting the "dup-addr-detect-
transmits" leaf as 1, the "reachable-time" leaf as 30000
milliseconds, and the "ns-interval" leaf as 1000 milliseconds.
Zhang, et al. Expires 23 April 2026 [Page 18]
Internet-Draft ND YANG model October 2025
Note: '\' line wrapping per [RFC8792].
<?xml version="1.0" encoding="utf-8"?>
<interfaces \
xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces" \
xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">
<interface>
<name>eth0</name>
<type>ianaift:ethernetCsmacd</type>
<!-- other parameters from ietf-interfaces omitted -->
<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
<dup-addr-detect-transmits>1</dup-addr-detect-transmits>
<!-- ipv6 address configuration parameters omitted -->
<nd xmlns="urn:ietf:params:xml:ns:yang:ietf-ipv6-nd">
<dynamic-discovery>true</dynamic-discovery>
<nud>true</nud>
<reachable-time>30000</reachable-time>
<ns-interval>1000</ns-interval>
<stale-timeout>1200</stale-timeout>
<proxy-na>
<inter-vlan-proxy>true</inter-vlan-proxy>
</proxy-na>
</nd>
</ipv6>
</interface>
</interfaces>
Figure 6
Appendix B. Coverage of IPv6 ND Functions in YANG Modules
This appendix analyzes the functional elements related to the IPv6 ND
protocol and identifies whether they are covered by existing IETF
YANG modules or defined in this document.
The table below maps the relevant RFCs, functions or parameters, the
corresponding YANG modules, and their specific data paths. The
functions are defined in [RFC4861] (Neighbor Discovery for IP version
6 (IPv6)), [RFC4862] (IPv6 Stateless Address Autoconfiguration), and
other RFC extending IPv6 ND functions. The parameters are defined in
Section 6.2.1 and 6.3.2 of [RFC4861], Section 5.1 of [RFC4862], and
Section 3.3 of [RFC4941].
Zhang, et al. Expires 23 April 2026 [Page 19]
Internet-Draft ND YANG model October 2025
+======+======================+===============+================================================+
|RFC |Function/Parameter |Covered by |Path |
|(Sec) | | | |
+======+======================+===============+================================================+
|4861 |Neighbor Cache |ietf-ip |/if:interfaces/if:interface/ip:ipv6/ip:neighbor |
|s5.1 | | | |
+------+----------------------+---------------+------------------------------------------------+
|4862 |Prefix List |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:prefix-|
|s5.1 |(AdvPrefixList) |router- |list |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |IsRouter |ietf-ip |/if:interfaces/if:interface/ip:ipv6/ |
|s6.2.1| | |ip:forwarding |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvSendAdvertisements |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:ipv6- |
|s6.2.1| |router- |router-advertisements |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |MaxRtrAdvInterval |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:max- |
|s6.2.1| |router- |rtr-adv-interval |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |MinRtrAdvInterval |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:min- |
|s6.2.1| |router- |rtr-adv-interval |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvManagedFlag |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/ |
|s6.2.1| |router- |v6ur:managed-flag |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvOtherConfigFlag |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:other- |
|s6.2.1| |router- |config-flag |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvLinkMTU |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:link- |
|s6.2.1| |router- |mtu |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvReachableTime (for |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/ |
|s6.2.1|RA) |router- |v6ur:reachable-time |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvRetransTimer |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/ |
|s6.2.1| |router- |v6ur:retrans-timer |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvCurHopLimit |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:cur- |
|s6.2.1| |router- |hop-limit |
Zhang, et al. Expires 23 April 2026 [Page 20]
Internet-Draft ND YANG model October 2025
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvDefaultLifetime |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/ |
|s6.2.1| |router- |v6ur:default-lifetime |
| | |advertisements | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvPrefixList |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:prefix-|
|s6.2.1|/AdvValidLifetime |router- |list/v6ur:prefix/v6ur:control-adv- |
| | |advertisements |prefixes/v6ur:advertise/v6ur:valid-lifetime |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvPrefixList |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:prefix-|
|s6.2.1|/AdvOnLinkFlag |router- |list/v6ur:prefix/v6ur:control-adv- |
| | |advertisements |prefixes/v6ur:advertise/v6ur:on-link-flag |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvPrefixList/ |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:prefix-|
|s6.2.1|AdvPreferredLifetime |router- |list/v6ur:prefix/v6ur:control-adv- |
| | |advertisements |prefixes/v6ur:advertise/v6ur:preferred-lifetime |
+------+----------------------+---------------+------------------------------------------------+
|4861 |AdvPrefixList/ |ietf-ipv6- |/if:interfaces/if:interface/ip:ipv6/v6ur:prefix-|
|s6.2.1|AdvAutonomousFlag |router- |list/v6ur:prefix/v6ur:control-adv- |
| | |advertisements |prefixes/v6ur:advertise/v6ur:autonomous-flag |
+------+----------------------+---------------+------------------------------------------------+
|4861 |ReachableTime(for NUD)|ietf-ipv6-nd |/if:interfaces/if:interface/ip:ipv6/v6nd:nd/ |
|s6.3.2| | |v6nd:reachable-time |
+------+----------------------+---------------+------------------------------------------------+
|4861 |RetransTimer(for NS) |ietf-ipv6-nd |/if:interfaces/if:interface/ip:ipv6/v6nd:nd/ |
|s6.3.2| | |v6nd:ns-interval |
|/4862 | | | |
|s5.1 | | | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |CurHopLimit(for Node) |(reuse | |
|s6.3.2| |AdvCurHopLimit)| |
+------+----------------------+---------------+------------------------------------------------+
|4861 |Timeout for stale |ietf-ipv6-nd |/if:interfaces/if:interface/ip:ipv6/v6nd:nd/ |
|s5.3 |information | |v6nd:stale-timeout |
+------+----------------------+---------------+------------------------------------------------+
|4861 |Address Resolution |ietf-ipv6-nd |/if:interfaces/if:interface/ip:ipv6/v6nd:nd/ |
|s7.2 | | |v6nd:dynamic-discovery |
+------+----------------------+---------------+------------------------------------------------+
|4861 |Neighbor |ietf-ipv6-nd |/if:interfaces/if:interface/ip:ipv6/v6nd:nd/ |
|s7.2 |Unreachability | |v6nd:nud |
| |Detection | | |
+------+----------------------+---------------+------------------------------------------------+
|4861 |Proxy Neighbor |ietf-ipv6-nd |/if:interfaces/if:interface/ip:ipv6/v6nd:nd/ |
|s7.2.8|Advertisements | |v6nd:proxy-na |
+------+----------------------+---------------+------------------------------------------------+
|4861 |Redirect |ietf-ipv6-nd |/if:interfaces/if:interface/ip:ipv6/v6nd:nd/ |
|s8 | | |v6nd:redirect |
Zhang, et al. Expires 23 April 2026 [Page 21]
Internet-Draft ND YANG model October 2025
+------+----------------------+---------------+------------------------------------------------+
|4862 |DupAddrDetectTransmits|ietf-ip |/if:interfaces/if:interface/ip:ipv6/ip:dup-addr-|
|s5.1 | | |detect-transmits |
+------+----------------------+---------------+------------------------------------------------+
|4862 |Creation of Global |ietf-ip |/if:interfaces/if:interface/ip:ipv6/ip:autoconf/|
|s5.5 |Addresses | |ip:create-global-addresses |
+------+----------------------+---------------+------------------------------------------------+
|4941 |Creation of Temporary |ietf-ip |/if:interfaces/if:interface/ip:ipv6/ip:autoconf/|
| |Addresses | |ip:create-temporary-addresses |
+------+----------------------+---------------+------------------------------------------------+
|4941 |TEMP_VALID_LIFETIME |ietf-ip |/if:interfaces/if:interface/ip:ipv6/ip:autoconf/|
| | | |ip:temporary-valid-lifetime |
+------+----------------------+---------------+------------------------------------------------+
|4941 |TEMP_PREFERRED_ |ietf-ip |/if:interfaces/if:interface/ip:ipv6/ip:autoconf/|
| |LIFETIME | |ip:temporary-preferred-lifetime |
+------+----------------------+---------------+------------------------------------------------+
|7527 |Enhanced Duplicate |ietf-ipv6-nd |/if:interfaces/if:interface/ip:ipv6/v6nd:nd/ |
| |Address Detection | |v6nd:enhanced-dad |
+------+----------------------+---------------+------------------------------------------------+
Table 1: Coverage of IPv6 ND Functions in YANG Modules
Contributors
Bin Han
Huawei
China
Email: hanbin3@huawei.com
Authors' Addresses
Fan Zhang
China Telecom
Guangzhou
China
Email: zhangf52@chinatelecom.cn
Yongqing Zhu
China Telecom
Guangzhou
China
Email: zhuyq8@chinatelecom.cn
Zhang, et al. Expires 23 April 2026 [Page 22]
Internet-Draft ND YANG model October 2025
Bo Wu
Huawei
China
Email: lana.wubo@huawei.com
Jiayuan Hu
China Telecom
Guangzhou
China
Email: hujy5@chinatelecom.cn
Zhang, et al. Expires 23 April 2026 [Page 23]