A YANG Data Model for Multi-Vantage Path Snapshots (MVPS)
draft-melegassi-opsawg-mvps-yang-model-00
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Author | Leonardo Melegassi Costa | ||
| Last updated | 2026-05-28 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-melegassi-opsawg-mvps-yang-model-00
OPSAWG L. Melegassi
Internet-Draft Catellix
Intended status: Standards Track 28 May 2026
Expires: 29 November 2026
A YANG Data Model for Multi-Vantage
Path Snapshots (MVPS)
draft-melegassi-opsawg-mvps-yang-model-00
Abstract
This document defines a YANG data model for Multi-Vantage Path
Snapshots (MVPS): vendor-neutral, multi-vantage enriched traceroute
observations whose reporting model is aligned with RFC 9198
(Advanced Unidirectional Route Assessment). The model is the
normative publication of the MVPS bundle as a YANG module and is the
subtree that the MVPS telemetry-export specification subscribes to
over YANG-Push.
The module is CORE-neutral: it carries measurement facts only. It
makes no performance, scoring, or detection claim. All properties
stated in this document are structural and are backed by a
machine-checkable receipt.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current
Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in
progress."
This Internet-Draft will expire on 29 November 2026.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
Melegassi Expires 29 Nov 2026 [Page 1]
Internet-Draft MVPS YANG Model May 2026
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Revised BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Design Principles . . . . . . . . . . . . . . . . . . . . . 3
4. Model Overview (Tree Diagram) . . . . . . . . . . . . . . . 4
5. Structural Properties . . . . . . . . . . . . . . . . . . . 5
6. Relationship to Other MVPS Documents . . . . . . . . . . . 6
7. The YANG Module . . . . . . . . . . . . . . . . . . . . . . 6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 7
9. Security Considerations . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
Multi-Vantage Path Snapshots (MVPS) collect enriched traceroute
observations from several vantages and bind them into a single
canonical bundle. The bundle format, its JSON-Schema sibling, and
the coherence detection mathematics are specified elsewhere in the
MVPS family. A telemetry-export specification additionally maps
MVPS observations onto standard carriers, including YANG-Push
[RFC8641].
That export mapping presumes a published YANG subtree to subscribe
to. This document supplies it: it publishes the MVPS YANG module
normatively, defines its instance-identifier structure, and states
the structural properties on which interoperable configuration,
retrieval (NETCONF/RESTCONF), and subscription (YANG-Push) depend.
This is a data-model document. It deliberately makes NO performance
or detection-latency claim. Every property in Section 5 is
structural: a deterministic fact about the module text or about any
conformant instance, verifiable by the companion receipt and
independent of any measurement.
The module models measurement facts only (CORE neutrality). Any
analytic verdict, score, or machine-learning output is OUT OF SCOPE
for this module and MUST be carried in the namespaced extension slot
defined by the MVPS extension mechanism.
Melegassi Expires 29 Nov 2026 [Page 2]
Internet-Draft MVPS YANG Model May 2026
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119]
[RFC8174] when, and only when, they appear in all capitals.
Vantage: one observation origin (an active server or an edge
network element) that contributes a Member Route or a
consolidated Route Ensemble, per [RFC9198] Section 4.1.
Hop: a single hop singleton h(i,j) along the observed path, per
[RFC9198] Section 3.4.
Bundle: the top-level MVPS container for one snapshot, encoded in
JSON per [RFC7951].
CORE-neutral: carrying measurement facts only, with no analytic
verdict, score, or inference.
3. Design Principles
P1 CORE neutrality. The module carries only measurement facts.
No analytic verdict, score, or AI/ML output is part of this
canonical model.
P2 Externalized vendor signals. Vendor-specific or analytic
signals MUST live outside this module, under reverse-DNS
namespaced keys in an extension slot. Consumers MUST tolerate
unknown keys (the spirit of [RFC6648]).
P3 Reproducible fingerprints. Each vantage carries three path
fingerprints that are deterministic functions of its hop list.
Recomputation reproduces them exactly, so any silent edit is
detectable.
P4 Standards alignment. Per-hop fields materialise the AURA Hop
singleton ([RFC9198] Section 3.4) with optional ICMP interface
identifiers ([RFC5837]) and Round-Trip Delay quartiles computed
via the P^2 algorithm referenced by [RFC9198].
P5 Incremental implementability. The top-level node is a presence
container and carries no mandatory child leaf, per [RFC8407]
Section 4.10.
4. Model Overview (Tree Diagram)
The following tree diagram uses the notation of [RFC8340].
Melegassi Expires 29 Nov 2026 [Page 3]
Internet-Draft MVPS YANG Model May 2026
module: catellix-mvps
+--rw mvps!
+--rw mvps-schema? string
+--rw mvps-version? string
+--rw catellix-platform-release? string
+--rw document-generated-at? yang:date-and-time
+--rw destination? string
+--rw vantage-count? uint32
+--rw vantages* [origin-label]
+--rw vantage-role identityref
+--rw origin-label string
+--rw observed-at? yang:date-and-time
+--rw path-fingerprints
| +--rw path-fp-ip-chain-sha256-trunc128 sha256-hex
| +--rw path-fp-as-path-sha256-trunc64 sha256-hex
| +--rw path-fp-country-path-sha256-trunc64 sha256-hex
+--rw as-path-inferred* union
+--rw country-path-inferred* string
+--rw hop-count? uint8
+--rw hops* [hop-number]
+--rw hop-number uint8
+--rw ip-reported inet:ip-address
+--rw rtt-reported? string
+--rw rpki-origin-validation? rpki-validation-state
+--rw routing-snapshot
+--rw rtd-quartiles
+--rw mpls-labels* [label]
+--rw rtt-samples-ms* decimal64
+--rw geo-hint!
The full set of leaves is defined by the module in Section 7.
5. Structural Properties
The properties below are proven, not asserted. Each maps to a check
in the companion validator (scripts/validate_yang_model.py, 8/8
PASS) whose result is recorded in the receipt
(evidence/yang_model_receipt.json).
T-YANG-WF (Well-formedness): the module is YANG 1.1 with a single
namespace, a rooted presence container "mvps", keyed lists
"vantages" (key origin-label) and "hops" (key hop-number) each
with min-elements 1, ordered-by user collections, and mandatory
list keys.
T-YANG-8407 (RFC 8407 Section 4.10): the top-level node is a
presence container and has no mandatory child leaf, so the module
can be implemented incrementally.
Melegassi Expires 29 Nov 2026 [Page 4]
Internet-Draft MVPS YANG Model May 2026
T-YANG-RT (Round-trip losslessness): for any conformant instance I,
decode(encode(I)) = I under [RFC7951], and the order of every
ordered-by user collection is preserved.
T-YANG-FP (Fingerprint determinism): the three path fingerprints
are deterministic functions of the modeled fields; recomputation
reproduces the stored values exactly, and the canonical JSON
([RFC8785]) of the encoding is stable. This carries the bundle's
tamper-evidence property into the model.
T-YANG-SENT (Sentinel bijection): the AS-path union sentinel
"unknown" maps to the JSON-Schema sibling token "?" by a
bijection on (AS-number) union {sentinel}; no real AS number
collides with the sentinel.
T-YANG-CORE (CORE neutrality): the module contains no analytic
verdict/score/ML leaf; vendor signals are externalized to the
extension slot; and the core detection inputs (hop-number,
ip-reported, rtt-samples) are invariant to the presence or
absence of optional hint containers.
T-YANG-PUSH (Addressability): the module is a single rooted subtree
whose every list is fully keyed, so every node has a unique
instance-identifier and a YANG-Push [RFC8641] subtree or xpath
subscription onto /catellix-mvps:mvps is well-defined.
T-YANG-PARITY (Schema parity): on the load-bearing constraints
(version pattern, vantage cardinality, min-elements), the YANG
module and the JSON-Schema sibling agree.
6. Relationship to Other MVPS Documents
This module publishes the data model that the MVPS bundle format
defines. The fingerprint method (T-YANG-FP) is the bundle's method.
The CORE-neutrality and externalized-extension rule (T-YANG-CORE)
are the model-level form of the MVPS extension mechanism's
core-invariance property. The addressability property
(T-YANG-PUSH) discharges the precondition that the MVPS
telemetry-export specification assumes when it maps events onto
YANG-Push.
7. The YANG Module
The normative module is "catellix-mvps", revision 2026-05-14,
namespace "https://catellix.com/yang/catellix-mvps". For length, the
complete module text is maintained in the source repository file
schema/catellix-mvps.yang and will be inlined verbatim in the next
revision of this document. Implementers MUST use the module exactly
as published there; the tree diagram in Section 4 is informative.
Melegassi Expires 29 Nov 2026 [Page 5]
Internet-Draft MVPS YANG Model May 2026
The module imports ietf-inet-types and ietf-yang-types [RFC6991].
It defines the identities vantage-role (with derived
catellix-aurix-server and edge-network-element), and the typedefs
sha256-hex, latency-class, rpki-validation-state, and holder-kind.
On WG adoption, the module is expected to be renamed to an "ietf-"
prefixed module under an IANA-assigned namespace; the structural
properties of Section 5 are invariant to that rename.
8. IANA Considerations
This document requests that IANA register the following URI in the
"ns" subregistry of the "IETF XML Registry" [RFC3688] on adoption
(placeholder until the module is renamed to an ietf- module):
URI: urn:ietf:params:xml:ns:yang:ietf-mvps
Registrant Contact: The IESG.
XML: N/A; the requested URI is a YANG module namespace.
This document requests that IANA register the following YANG module
in the "YANG Module Names" registry [RFC6020]:
name: ietf-mvps
namespace: urn:ietf:params:xml:ns:yang:ietf-mvps
prefix: mvps
reference: This document
Until adoption, the module ships under the vendor name
"catellix-mvps" and namespace
"https://catellix.com/yang/catellix-mvps".
9. Security Considerations
The model is to be accessed via a secure transport with mutual
authentication, for example NETCONF over SSH or RESTCONF over TLS,
and YANG-Push subscriptions over the same.
The data nodes are operational measurement facts. None carries a
subscriber-precise location or payload; geographic fields are coarse
hints only, and flow identity is republished as an anonymous
fingerprint rather than the underlying values.
Because the path fingerprints are deterministic (T-YANG-FP), a
reader can detect tampering of the hop, AS, or country lists by
recomputation. This model does not, by itself, provide
confidentiality, integrity, or origin authentication of a bundle in
transit; those are provided by the transport and by the MVPS
signing/anchoring documents.
Melegassi Expires 29 Nov 2026 [Page 6]
Internet-Draft MVPS YANG Model May 2026
The module is CORE-neutral (T-YANG-CORE): it cannot, by
construction, carry an analytic verdict that an attacker could spoof
inside the canonical model. Such signals are confined to the
namespaced extension slot and are out of scope here.
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
October 2010.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
RFC 6991, July 2013.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling
Language", RFC 7950, August 2016.
[RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG",
RFC 7951, August 2016.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in
RFC 2119 Key Words", BCP 14, RFC 8174, May 2017.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341, March 2018.
[RFC8641] Clemm, A. and E. Voit, "Subscription to YANG
Notifications for Datastore Updates", RFC 8641,
September 2019.
10.2. Informative References
[RFC5837] Atlas, A., Ed., Bonica, R., Ed., Pignataro, C., Ed.,
Shen, N., and JR. Rivers, "Extending ICMP for Interface
and Next-Hop Identification", RFC 5837, April 2010.
[RFC6648] Saint-Andre, P., Crocker, D., and M. Nottingham,
"Deprecating the 'X-' Prefix and Similar Constructs in
Application Protocols", BCP 178, RFC 6648, June 2012.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, March 2018.
Melegassi Expires 29 Nov 2026 [Page 7]
Internet-Draft MVPS YANG Model May 2026
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, March 2018.
[RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of
Documents Containing YANG Data Models", BCP 216,
RFC 8407, October 2018.
[RFC8785] Rundgren, A., Jordan, B., and S. Erdtman, "JSON
Canonicalization Scheme (JCS)", RFC 8785, June 2020.
[RFC9198] Alvarez-Hamelin, J., Morton, A., Fabini, J., Pignataro,
C., and R. Geib, "Advanced Unidirectional Route
Assessment (AURA)", RFC 9198, May 2022.
Author's Address
Leonardo Melegassi
Catellix
Email: melegassi@catellix.com
Melegassi Expires 29 Nov 2026 [Page 8]