Skip to main content

The Data Model of Network Infrastructure Device Data Plane Security Baseline
draft-xia-sacm-nid-dp-security-baseline-00

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Expired".
Authors Liang Xia , Guangying Zheng
Last updated 2017-09-07
RFC stream (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-xia-sacm-nid-dp-security-baseline-00
Network Working Group                                             L. Xia
Internet-Draft                                                  G. Zheng
Intended status: Standards Track                                  Huawei
Expires: March 11, 2018                               September 07, 2017

  The Data Model of Network Infrastructure Device Data Plane Security
                                Baseline
               draft-xia-sacm-nid-dp-security-baseline-00

Abstract

   The following contents propose part of the security baseline YANG
   output for network infrastructure device: data plane security
   baseline.  The companion documents [I-D.ietf- dong-sacm-nid-cp-
   security-baseline], [I-D.ietf-lin-sacm-nid-mp-security-baseline], [I-
   D.ietf-xia-sacm-nid-app-infr-layers-security-baseline] cover other
   parts of the security baseline YANG output for network infrastructure
   device respectively: control plane security baseline, management
   plane security baseline, application layer and infrastructure layer
   security baseline.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 11, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents

Xia & Zheng              Expires March 11, 2018                 [Page 1]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Objective . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.2.  Security Baseline . . . . . . . . . . . . . . . . . . . .   4
     1.3.  Security Baseline Data Model Design . . . . . . . . . . .   4
     1.4.  Summary . . . . . . . . . . . . . . . . . . . . . . . . .   5
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   5
     2.1.  Key Words . . . . . . . . . . . . . . . . . . . . . . . .   6
     2.2.  Definition of Terms . . . . . . . . . . . . . . . . . . .   6
   3.  Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . . .   6
   4.  Data Model Structure  . . . . . . . . . . . . . . . . . . . .   6
     4.1.  Layer 2 protection  . . . . . . . . . . . . . . . . . . .   6
     4.2.  ARP . . . . . . . . . . . . . . . . . . . . . . . . . . .  10
     4.3.  URPF  . . . . . . . . . . . . . . . . . . . . . . . . . .  12
     4.4.  DHCP Snooping . . . . . . . . . . . . . . . . . . . . . .  15
     4.5.  Control Plane Protection  . . . . . . . . . . . . . . . .  20
     4.6.  Data Plane Protection . . . . . . . . . . . . . . . . . .  24
     4.7.  TCP/IP Attack Defence . . . . . . . . . . . . . . . . . .  35
   5.  Network Infrastructure Device Security Baseline Yang Module .  35
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  57
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  57
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  57
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  57
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .  57
     9.2.  Informative References  . . . . . . . . . . . . . . . . .  57
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  58

1.  Introduction

1.1.  Objective

   Network security is an integral part of the overall network
   deployment and operation.  Due to some basic reasons, network
   infrastructure devices (e.g. switches, routers, firewalls) are always
   the objectives or exploited by the network attackers to bring damages
   to the victim network:

   o  the existence of a lot of unsafe access channels: for the history
      reason, some old and unsafe protocols still run in the routers,
      like: SNMP v1/v2, Telnet, etc, and are not mandatory to be
      replaced by the according safer protocols (SNMP v3, SSH).

Xia & Zheng              Expires March 11, 2018                 [Page 2]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

      Attackers easily exploit them to attack routers (e.g., invalid
      login, message eavesdropping);

   o  The openness of TCP/IP network: despite the benefits of network
      architecutre design and connectivity brought by the network
      openness, a lot of threats exist at the same time.  Spoofing
      address, security weakness for various protocols, traffic
      flooding, and other kinds of threat are originated from the
      network openness;

   o  the security challenge by the network complexity: network are
      becoming more complex, with massive nodes, various protocols and
      flexible topology.  Without care design and strict management, as
      well as automated operation, the policy consistency of network
      security manangment cannot be ensured.  It's common that part of
      the network infrastructure is subject to attack;

   o  the complex functionality of device: the complexity of device
      itself increases the difficulty of carring out the security
      hardening measurements, as well as the skill requirements to the
      network administrator.  As a result, the network administrator may
      not be capable of or willing to realize all the security
      measurements, comparing to the implementation of basic
      functionality;

   o  the mismatching between the data plane and the control plane:
      there are a large mismatching of the traffic processing capability
      between the different planes.  Without effective control, the
      large volumn traffic from the data plane will flooding attack the
      other planes easily.

   Apparently, the importantance of ensuring the security of the network
   infrastructure devices is out of question.  To secure the network
   infrastructure devices, one important task is to identify as far as
   possible the threats and vulnerabilities in the device itself, such
   as: unnecessary services, insecure configurations, abnormal status,
   etc, then enforce the security hardening measurements, such as:
   update patching, modify the security configuration, enhance the
   security mechanism, etc.  We call this task the developing and
   deploying the security baseline for the network infrastructure, which
   provides a solid foundation for the overall network security.  This
   document aims to describe the security baseline for the network
   infrastructure, which is called security baseline in short in this
   document.

Xia & Zheng              Expires March 11, 2018                 [Page 3]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

1.2.  Security Baseline

   Basically, security baseline can be designed and deployed into
   different layers of the devices:

   o  application layer: refers to the application platform security
      solution and the typical application security mechanisms it
      provided like: identity authentication, access control, permission
      management, encryption and decryption, auditing and tracking,
      privacy protection, to ensure secure application data
      transmission/exchange, secure storage, secure processing, ensuring
      the secure operation of the application system.  Specific examples
      may be: web application security, software integrity protection,
      encryption of sensitive data, privacy protection, and lawful
      interception interfaces and secure third-party component;

   o  network layer: refers to a series of security measures, to protect
      the network resources and network services running on the device
      network platform.  Network layer security over network product is
      complicated.  Therefore, it is divided into data plane, control
      plane, management plane to consider:

      *  data plane: focus on the security hardening configuration and
         status to protect the data plane traffic against eavesdropping,
         tampering, forging and flooding attacking the network;

      *  control plane: focus on the control signaling security of the
         network infrastructure device, to protect their normal exchange
         against various attacks (i.e., eavesdropping, tampering,
         forging and flooding attack) and restrict the malicious control
         signaling, for ensuring the correct network topoloy and
         forwarding behavior;

      *  management plane: focus on the management information and
         platform security.  More specific, it includes all the security
         configuration and status involved in the network OAM process;

   o  infrastructure layer: refers to all the security design about the
      device itself and its running OS.  As the foundation of the upper
      layer services, the secure infrastructure layer must be assured.
      The specific mechanisms include: OS security, update management,
      software integrity, web security.

1.3.  Security Baseline Data Model Design

   The security baseline varies according to many factors, like:
   different device types (i.e., router, switch, firewall), the
   supporting security features of device, the specific security

Xia & Zheng              Expires March 11, 2018                 [Page 4]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

   requirements of network operator.  It's impossible to design a
   complete set for it, so this document and the companion ones are
   going to propose the most important and universal points of them.
   More points can be added in future following the data model scheme
   specified in this document.

   [I-D.ietf-birkholz-sacm-yang-content] defines a method of
   constructing the YANG data model scheme for the security posture
   assessment of the network infrastructure device by brokering of YANG
   push telemetry via SACM statements.  The basic steps are:

   o  use YANG push mechanism[I-D.ietf-netconf-yang-push]to collect the
      created streams of notifications (telemetry)
      [I-D.ietf-netconf-subscribed-notifications]providing SACM content
      on SACM data plane, and the filter expressions used in the context
      of YANG subscriptions constitute SACM content that is imperative
      guidance consumed by SACM components on SACM management plane;

   o  then encapsulate the above YANG push output into a SACM Content
      Element envelope, which is again encapsulated in a SACM statement
      envelope;

   o  lastly, publish the SACM statement into a SACM domain via xmpp-
      grid publisher.

   In this document, we follow the same way as [I-D.ietf-birkholz-sacm-
   yang-content] to define the YANG output for network infrastructure
   device security baseline posture based on the SACM information model
   definition [I-D.ietf-sacm-information-model].

1.4.  Summary

   The following contents propose part of the security baseline YANG
   output for network infrastructure device: data plane security
   baseline.  The companion documents [I-D.ietf- dong-sacm-nid-cp-
   security-baseline], [I-D.ietf-lin-sacm-nid-mp-security-baseline], [I-
   D.ietf-xia-sacm-nid-app-infr-layers-security-baseline] cover other
   parts of the security baseline YANG output for network infrastructure
   device respectively: control plane security baseline, management
   plane security baseline, application layer and infrastructure layer
   security baseline.

2.  Terminology

Xia & Zheng              Expires March 11, 2018                 [Page 5]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

2.1.  Key Words

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2.2.  Definition of Terms

   This document uses the terms defined in [I-D.draft-ietf-sacm-
   terminology].

3.  Tree Diagrams

   A simplified graphical representation of the data model is used in
   this document.  The meaning of the symbols in these diagrams is as
   follows:

   o  Brackets "[" and "]" enclose list keys.

   o  Abbreviations before data node names: "rw" means configuration
      (read-write) and "ro" state data (read-only).

   o  Symbols after data node names: "?" means an optional node and "*"
      denotes a "list" and "leaf-list".

   o  Parentheses enclose choice and case nodes, and case nodes are also
      marked with a colon (":").

   o  Ellipsis ("...") stands for contents of subtrees that are not
      shown.

4.  Data Model Structure

   As the network infrastructure device, it makes decision of the
   forwarding path based on the IP/MAC address and sends the packet in
   data plane, and the NP or ASIC are the main components for the data
   plane functions.

   Some overall introduction is to be added!

4.1.  Layer 2 protection

   Mac table is the key resource in terms of layer 2 forwarding, also
   easily attacked by learning massive invalid mac address. the mac
   limit function is to protect the mac table by limiting the maximum
   number of learned mac address in appointed interfaces.  The mac
   address is not learned and the packet is discarded when the up-limit
   is reached, and the alarm is created possibly.

Xia & Zheng              Expires March 11, 2018                 [Page 6]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

   If the broadcast traffic is not suppressed in layer 2 network (i.e.,
   Ethernet), a great amount of network bandwidth is consumed by a great
   deal of broadcast traffic.  The network performance is degraded, even
   interrupting the communication.In such a case, configuring the
   broadcast traffic suppression on the device to ensure some bandwidth
   can be reserved for unicast traffic forwarding when broadcast traffic
   bursts across the network.It's flexible to configure the device to
   suppress broadcast, multicast, and unknown unicast traffic on an
   interface, a specified interface in a VLAN, a sub-interface, and over
   a virtual switch instance (VSI) pseudo wire (PW).

module: ietf-mac-limit
    +--rw mac
       +--rw macLimitRules
       |  +--rw macLimitRule* [ruleName]
       |     +--rw ruleName    string
       |     +--rw maximum     uint32
       |     +--rw rate?       uint16
       |     +--rw action?     macLimitForward
       |     +--rw alarm?      macEnableStatus
       +--rw vlanMacLimits
       |  +--rw vlanMacLimit* [vlanId]
       |     +--rw vlanId     macVlanId
       |     +--rw maximum    uint32
       |     +--rw rate?      uint16
       |     +--rw action?    macLimitForward
       |     +--rw alarm?     macEnableStatus
       +--rw vsiMacLimits
       |  +--rw vsiMacLimit* [vsiName]
       |     +--rw vsiName          string
       |     +--rw maximum          uint32
       |     +--rw rate?            uint16
       |     +--rw action?          macLimitForward
       |     +--rw alarm?           macEnableStatus
       +--rw bdMacLimits
       |  +--rw bdMacLimit* [bdId]
       |     +--rw bdId       uint32
       |     +--rw maximum    uint32
       |     +--rw rate?      uint16
       |     +--rw action?    macLimitForward
       |     +--rw alarm?     macEnableStatus
       +--rw pwMacLimits
       |  +--rw pwMacLimit* [vsiName pwName]
       |     +--rw vsiName    string
       |     +--rw pwName     string
       |     +--rw maximum    uint32
       |     +--rw rate?      uint16
       |     +--rw action?    macLimitForward

Xia & Zheng              Expires March 11, 2018                 [Page 7]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

       |     +--rw alarm?     macEnableStatus
       +--rw ifMacLimits
       |  +--rw ifMacLimit* [ifName limitType]
       |     +--rw ifName       pub-type:ifName
       |     +--rw limitType    limitType
       |     +--rw ruleName?    -> /mac/macLimitRules/macLimitRule/ruleName
       |     +--rw maximum      uint32
       |     +--rw rate?        uint16
       |     +--rw action?      macLimitForward
       |     +--rw alarm?       macEnableStatus
       +--rw ifVlanMacLimits
       |  +--ro ifVlanMacLimit* [ifName vlanBegin limitType]
       |     +--ro ifName       pub-type:ifName
       |     +--ro vlanBegin    macVlanId
       |     +--ro vlanEnd?     macVlanId
       |     +--ro limitType    limitType
       |     +--ro ruleName?    -> /mac/macLimitRules/macLimitRule/ruleName
       |     +--ro maximum      uint32
       |     +--ro rate         uint16
       |     +--ro action?      macLimitForward
       |     +--ro alarm?       macEnableStatus
       +--rw subifMacLimits
       |  +--rw subifMacLimit* [ifName limitType]
       |     +--rw ifName       pub-type:ifName
       |     +--rw limitType    limitType
       |     +--ro vsiName      string
       |     +--rw ruleName     string
       |     +--rw maximum      uint32
       |     +--rw rate?        uint16
       |     +--rw action?      macLimitForward
       |     +--rw alarm?       macEnableStatus
       +--rw vsiStormSupps
       |  +--rw vsiStormSupp* [vsiName suppressType]
       |     +--rw vsiName         string
       |     +--rw suppressType    suppressType
       |     +--rw percent?        uint64
       |     +--rw packets?        uint64
       |     +--rw cir?            uint64
       |     +--rw cbs?            uint64
       +--rw vlanStormSupps
       |  +--rw vlanStormSupp* [vlanId suppressType]
       |     +--rw vlanId          macVlanId
       |     +--rw suppressType    suppressType
       |     +--rw percent?        uint64
       |     +--rw packets?        uint64
       |     +--rw cir?            uint64
       |     +--rw cbs?            uint64
       +--rw pwSuppresss

Xia & Zheng              Expires March 11, 2018                 [Page 8]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

       |  +--rw pwSuppress* [vsiName pwName suppressType]
       |     +--rw vsiName         string
       |     +--rw pwName          string
       |     +--rw suppressType    suppressType
       |     +--rw percent?        uint64
       |     +--rw packets?        uint64
       |     +--rw cir?            uint64
       |     +--rw cbs?            uint64
       +--rw vsiTotalNumbers
       |  +--ro vsiTotalNumber* [vsiName slotId macType]
       |     +--ro vsiName    string
       |     +--ro slotId     string
       |     +--ro macType    macType
       |     +--ro number     uint32
       +--rw ifStormSupps
       |  +--rw ifStormSupp* [ifName suppressType]
       |     +--rw ifName          pub-type:ifName
       |     +--rw suppressType    suppressType
       |     +--rw direction       directionType
       |     +--rw percent?        uint64
       |     +--rw packets?        uint64
       |     +--rw cir?            uint64
       |     +--rw cbs?            uint64
       +--rw ifStormBlocks
       |  +--rw ifStormBlock* [ifName blockType direction]
       |     +--rw ifName       pub-type:ifName
       |     +--rw blockType    suppressType
       |     +--rw direction    directionType
       +--rw ifStormContrls
          +--rw ifStormContrl* [ifName]
             +--rw ifName                      pub-type:ifName
             +--rw action?                     stormCtrlActionType
             +--rw trapEnable?                 enableType
             +--rw logEnable?                  enableType
             +--rw interval?                   uint64
             +--rw ifPacketContrlAttributes
             |  +--rw ifPacketContrlAttribute* [packetType]
             |     +--rw packetType    stormCtrlType
             |     +--rw rateType?     stormCtrlRateType
             |     +--rw minRate       uint32
             |     +--rw maxRate       uint64
             +--rw ifstormContrlInfos
                +--ro ifstormContrlInfo* [packetType]
                   +--ro packetType        stormCtrlType
                   +--ro punishStatus?     stormCtrlActionType
                   +--ro lastPunishTime?   string

Xia & Zheng              Expires March 11, 2018                 [Page 9]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

4.2.  ARP

   ARP security is set of functions to protect the ARP protocol and
   networks against malicious attacks so that the network communication
   keeps stable and important user information is protected, which
   mainly includes:

      ARP anti-spoofing functions: protect devices against spoofing ARP
      attack packets, improving the security and reliability of network
      communication.

      ARP anti-flooding functions: relieve CPU load and prevent the ARP
      table overflow, ensuring normal network operation.

Xia & Zheng              Expires March 11, 2018                [Page 10]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

module: ietf-arp-sec
    +--ro arp-sec
       +--ro arpInterfaces
       |  +--rw arpInterface* [ifName]
       |     +--rw ifName                   -> /ifm:ifm/interfaces/interface/ifName
       |     +--rw arpLearnDisable?         boolean  //arp-learning-control
       |     +--rw arpLearnStrict?          arpStrictLearn  //arp-learning-control
       |     +--rw fakeExpireTime?          uint32   //arp-fake-expire-time?
       |     +--rw dstMacCheck?             boolean  //validate
       |     +--rw srcMacCheck?             boolean  //validate
       +--rw secArpGrats
       |  +--rw secArpGrat* [ifName]
       |     +--rw ifName    -> /ifm:ifm/interfaces/interface/ifName
       +--rw secArpChkIpEns
       |  +--rw secArpChkIpEn* [ifName]
       |     +--rw ifName    -> /ifm:ifm/interfaces/interface/ifName
       +--rw secArpMacIlls
       |  +--rw secArpMacIll* [ifName]
       |     +--rw ifName    -> /ifm:ifm/interfaces/interface/ifName
       +--rw secArpReqNoBlks
       |  +--rw secArpReqNoBlk* [ifName]
       |     +--rw ifName    -> /ifm:ifm/interfaces/interface/ifName
       +--ro secDisArpChks
       |  +--ro secDisArpChk* [secSlotId secChkType]
       |     +--ro secSlotId        -> /devm:devm/lpuBoards/lpuBoard/position
       |     +--ro secChkType       cpudefendArpAttackType
       |     +--ro secTotalPkts?    uint64
       |     +--ro secPassedPkts?   uint64
       |     +--ro secDropedPkts?   uint64
       +--ro arpIfLimits //arp-table-limit
       |  +--rw arpIfLimit* [ifName vlanId]
       |     +--rw ifName        -> /ifm:ifm/interfaces/interface/ifName
       |     +--rw vlanId        uint16
       |     +--rw limitNum      uint32
       |     +--ro learnedNum?   uint32
       +--ro arpSpeedLimits  // arp-speed-limit
       |  +--rw arpSpeedLimit* [slotId suppressType ipType]
       |     +--rw slotId           string
       |     +--rw suppressType     enumeration
       |     +--rw ipType           enumeration
        |     +--rw suppressValue    uint32
       +--ro arpGlobalSpeedLimits  // arp-speed-limit
          +--rw arpGSpeedLimit* [gSuppressType gIpType]
             +--rw gSuppressType     arpSuppType
             +--rw gIpType           arpSuppIpType
             +--rw gPortType?        enumeration
             +--rw gSuppressValue    uint32

Xia & Zheng              Expires March 11, 2018                [Page 11]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

4.3.  URPF

   Unicast Reverse Path Forwarding (URPF) is a technology used to defend
   against network attacks based on source address spoofing.  Generally,
   upon receiving a packet, a router first obtains the destination IP
   address of the packet and then searches the forwarding table for a
   route to the destination address.  If the router finds such a route,
   it forwards the packet; otherwise, it discards the packet.  A URPF-
   enabled router, however, obtains the source IP address of a received
   packet and searches for a route to the source address.  If the router
   fails to find the route, it considers that the source address is a
   forged one and discards the packet.  In this manner, URPF can
   effectively protect against malicious attacks that are launched by
   changing the source addresses of packets.

   URPF can be performed in strict or loose mode.  The strict mode
   checks both the existence of source address in the route table and
   the interface consistency, while loose mode only checks if the source
   address is in the route table.  In some case, the router may have
   only one default route to the router of the ISP.  Therefore, matching
   the default route entry needs to be supported.

   URPF can be performed over interface, defined flow and traffic sent
   to local CPU.

module: ietf-urpf-sec
    +--rw urpf-security
       +--rw interface-urpf* [ifname]
       |  +--rw ifname           if:interface-ref
       |  +--rw mode?            enumeration
       |  +--rw allow-default?   boolean
       +--rw qosClassifiers
       |  +--rw qosClassifier* [classifierName operator]
       |     +--rw classifierName      qosPolicyName
       |     +--rw description?        string
       |     +--rw operator            qosClassOperator
       |     +--rw qosRuleAnys
       |     |  +--rw qosRuleAny* [protoFamily]
       |     |     +--rw protoFamily    qosIPFamily
       |     +--rw qosRuleMacs
       |     |  +--rw qosRuleMac* [macType macAddr]
       |     |     +--rw macType    qosMacType
       |     |     +--rw macAddr    pub-type:macAddress
       |     +--rw qosRuleProto6s
       |     |  +--rw qosRuleProto6* [protoFamily protocol]
       |     |     +--rw protoFamily    qosIPv6Family
       |     |     +--rw protocol       uint8
       |     +--rw qosRuleIPv6Addrs

Xia & Zheng              Expires March 11, 2018                [Page 12]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

       |     |  +--rw qosRuleIPv6Addr* [addressType ipAddress6 prefixLen]
       |     |     +--rw addressType    qosAddressType
       |     |     +--rw ipAddress6     pub-type:ipv6Address
       |     |     +--rw prefixLen      uint8
       |     +--rw qosRuleTcpFlags
       |     |  +--rw qosRuleTcpFlag* [tcpFlag]
       |     |     +--rw tcpFlag    uint8
       |     +--rw qosRuleAcls
       |     |  +--rw qosRuleAcl* [aclFamily aclName]
       |     |     +--rw aclFamily    qosIPFamily
       |     |     +--rw aclName      string
       |     +--rw qosRulePrioritys
       |        +--rw qosRulePriority* [priorityType priorityValue]
       |           +--rw priorityType     qosPriorityType
       |           +--rw priorityValue    uint8
       +--rw qosBehaviors
       |  +--rw qosBehavior* [behaviorName]
       |     +--rw behaviorName         qosPolicyName
       |     +--rw description?         string
       |     +--rw qosActFilters
       |     |  +--rw qosActFilter*
       |     |     +--rw actionType    qosActionFilter
       |     |     +--rw filter        qosFilterFlag
       |     +--rw qosActPortMirrors
       |     |  +--rw qosActPortMirror* [actionType]
       |     |     +--rw actionType    qosActionPortMirror
       |     |     +--rw enable        qosPortMirror
       |     +--rw qosActCars
       |     |  +--rw qosActCar* [actionType]
       |     |     +--rw actionType            qosActionCar
       |     |     +--rw cir                   uint32
       |     |     +--rw pir?                  uint32
       |     |     +--rw cbs?                  uint32
       |     |     +--rw pbs?                  uint32
       |     |     +--rw greenAction?          qosCarRedActionType
       |     |     +--rw greenServiceClass?    qosServiceClass
       |     |     +--rw greenColor?           qosColor
       |     |     +--rw yellowAction?         qosCarRedActionType
       |     |     +--rw yellowServiceClass?   qosServiceClass
       |     |     +--rw yellowColor?          qosColor
       |     |     +--rw redAction?            qosCarRedActionType
       |     |     +--rw redServiceClass?      qosServiceClass
       |     |     +--rw redColor?             qosColor
       |     +--rw qosActRemarks
       |     |  +--rw qosActRemark* [actionType]
       |     |     +--rw actionType     qosActionRemark
       |     |     +--rw remarkValue    uint8
       |     +--rw qosActSrvClss

Xia & Zheng              Expires March 11, 2018                [Page 13]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

       |     |  +--rw qosActSrvCls* [actionType]
       |     |     +--rw actionType      qosActionServiceClass
       |     |     +--rw serviceClass    qosServiceClass
       |     |     +--rw color           qosColor
       |     +--rw qosActUrpfs
       |     |  +--rw qosActUrpf* [actionType]
       |     |     +--rw actionType      qosActionUrpf
       |     |     +--rw checkType       qosUrpfCheckType
       |     |     +--rw allowDefault?   qosSwitchFlag
       |     +--rw qosActLoads
       |     |  +--rw qosActLoad* [actionType]
       |     |     +--rw actionType     qosActionLoadBalance
       |     |     +--rw balanceType    qosLoadBalanceType
       |     +--rw qosActNsSamplers
       |     |  +--rw qosActNsSampler* [flowType]
       |     |     +--rw flowType       qosNsFlowType
       |     |     +--rw sampleType     qosSampleType
       |     |     +--rw sampleValue    uint16
       |     +--rw qosActRdrNhps
       |     |  +--rw qosActRdrNhp* [rdrType]
       |     |     +--rw rdrType    qosRdrType
       |     |     +--rw nextHop    pub-type:ipv4Address
       |     |     +--rw ifName     pub-type:ifName
       |     +--rw qosActRdrMhps
       |     |  +--rw qosActRdrMhp* [rdrType]
       |     |     +--rw rdrType        qosRdrType
       |     |     +--rw loadBalance?   boolean
       |     |     +--rw qosRdrNhps
       |     |        +--rw qosRdrNhp* [nextHop]
       |     |           +--rw nextHop    pub-type:ipv4Address
       |     |           +--rw ifName     pub-type:ifName
       |     +--rw qosActRdrNhp6s
       |     |  +--rw qosActRdrNhp6* [rdrType]
       |     |     +--rw rdrType    qosRdrType
       |     |     +--rw nextHop    pub-type:ipv6Address
       |     |     +--rw ifName     pub-type:ifName
       |     +--rw qosActRdrMhp6s
       |     |  +--rw qosActRdrMhp6* [rdrType]
       |     |     +--rw rdrType        qosRdrType
       |     |     +--rw loadBalance?   boolean
       |     |     +--rw qosRdrNhp6s
       |     |        +--rw qosRdrNhp6* [nextHop]
       |     |           +--rw nextHop    pub-type:ipv6Address
       |     |           +--rw ifName     pub-type:ifName
       |     +--rw qosActRdrVpns
       |     |  +--rw qosActRdrVpn* [actionType]
       |     |     +--rw actionType      qosActionRedirectVpnGroup
       |     |     +--rw vpnGroupName    qosPolicyName

Xia & Zheng              Expires March 11, 2018                [Page 14]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

       |     +--rw qosActRdrLsps
       |        +--rw qosActRdrLsp* [actionType]
       |           +--rw actionType    qosActionRedirectLsp
       |           +--rw configType    qosLspRdrType
       |           +--rw destAddr      pub-type:ipv4Address
       |           +--rw nextHop       pub-type:ipv4Address
       |           +--rw ifName        pub-type:ifName
       |           +--rw secondary     qosEnableFlag+--rw qosPolicys
       +--rw qosPolicy* [policyName]
       |  +--rw policyName               qosPolicyName
       |  +--ro policyID?                uint32
       |  +--rw description?             string
       |  +--rw step?                    uint16
       |  +--rw shareMode?               qosSwitchFlag
       |  +--rw statFlag?                qosSwitchFlag
       |  +--rw v6QosLocalIDEns
       |  |  +--rw v6QosLocalIDEn* [v6QosLocalIDEn]
       |  |     +--rw v6QosLocalIDEn    boolean
       |  +--rw qosPolicyNodes
       |  |  +--rw qosPolicyNode* [classifierName]
       |  |     +--rw classifierName    string
       |  |     +--rw behaviorName      string
       |  |     +--rw priority?         uint16
       |  +--rw qosPolicyNodeNewModes
       |     +--rw qosPolicyNodeNewMode* [classifierName streamDirection groupType groupName]
       |        +--rw classifierName     string
       |        +--rw streamDirection    streamDirectionType
       |        +--rw groupType          groupType
       |        +--rw groupName          string
       |        +--rw behaviorName       string
       |        +--rw precedence?        uint16
       +--rw local-URPF
          +--rw cpu-defend-policy* [name]
             +--rw name          string
             +--description?        string
             +-- urpf-mode         enumeration
             +--allow-default    boolean
             +--slot-id          unit16

4.4.  DHCP Snooping

   DHCP, which is widely used on networks, dynamically assigns IP
   addresses to clients and manages configuration information in a
   centralized manner.  During DHCP packet forwarding, some attacks may
   occur, such as bogus DHCP server attacks, DHCP exhaustion attacks,
   denial of service (DoS) attacks, and DHCP flooding attacks.

Xia & Zheng              Expires March 11, 2018                [Page 15]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

   DHCP snooping is a DHCP security feature that functions in a similar
   way to a firewall between DHCP clients and servers.  A DHCP-snooping-
   capable device intercepts DHCP packets and uses information carried
   in the packets to create a DHCP snooping binding table.  This table
   records hosts' MAC addresses, IP addresses, IP address lease time,
   VLAN, and interface information.  The device uses this table to check
   the validity of received DHCP packets.  If a DHCP packet does not
   match any entry in this table, the device discards the packet.

   Besides the binding table, DHCP snooping has other security features
   such as trusted interface, max dhcp user limit and whitelist to
   defend against the bogus DHCP server, DHCP flooding and other fine-
   grained DHCP attacks.

module: ietf-dhcp-sec
    +--rw dhcp
       +--rw snooping
          +--rw dhcpSnpGlobal
          |  +--rw dhcpSnpEnable?                   boolean
          |  +--rw serverDetectEnable?              boolean
          |  +--rw dhcpSnpUserBindAutoSaveEnable?   boolean
          |  +--rw dhcpSnpUserBindFileName?         string
          |  +--rw globalCheckRateEnable?           boolean
          |  +--rw dhcpSnpGlobalRate?               uint16
          |  +--rw checkRateAlarmEnable?            boolean
          |  +--rw rateThreshold?                   uint16
          |  +--rw alarmThreshold?                  uint16
          |  +--ro rateLimitPacketCount?            uint32
          |  +--rw dhcpSnpUserOfflineRemoveMac?     boolean
          |  +--rw dhcpSnpArpDetectEnable?          boolean
          |  +--rw dhcpSnpGlobalMaxUser?            uint16
          |  +--rw dhcpSnpUserTransferEnable?       boolean
          +--rw dhcpSnpVlans
          |  +--rw dhcpSnpVlan* [vlanId]
          |     +--rw vlanId                     uint16
          |     +--rw dhcpSnpEnable              boolean
          |     +--rw checkRateEnable            boolean
          |     +--rw dhcpSnpVlanRate            uint32
          |     +--rw dhcpSnpVlanTrustEnable     boolean
          |     +--rw checkArpEnable             boolean
          |     +--rw alarmArpEnable             boolean
          |     +--rw alarmArpThreshold          uint16
          |     +--rw checkIpEnable              boolean
          |     +--rw alarmIpEnable              boolean
          |     +--rw alarmIpThreshold           uint16
          |     +--rw alarmReplyEnable           boolean
          |     +--rw alarmReplyThreshold        uint16
          |     +--rw checkMacEnable             boolean

Xia & Zheng              Expires March 11, 2018                [Page 16]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--rw alarmMacEnable             boolean
          |     +--rw alarmMacThreshold          uint16
          |     +--rw checkUserBindEnable        boolean
          |     +--rw alarmUserBindEnable        boolean
          |     +--rw alarmUserBindThreshold     uint16
          |     +--rw dhcpSnpVlanMaxUserNum      uint16
          |     +--rw alarmUserLimitEnable       boolean
          |     +--rw alarmUserLimitThreshold    uint16
          |     +--rw dhcpSnpVlanStatistics
          |        +--ro dropArpPktCnt?              uint32
          |        +--ro dropIpPktCnt?               uint32
          |        +--ro dropDhcpReqCntByBindTbl?    uint32
          |        +--ro dropDhcpReqCntByMacCheck?   uint32
          |        +--ro dropDhcpReplyCnt?           uint32
          +--rw vlanTrustInterfaces
          |  +--rw vlanTrustInterface* [vlanId ifName]
          |     +--rw vlanId    uint16
          |     +--rw ifName    pub-type:ifName
          +--rw dhcpSnpInterfaces
          |  +--rw dhcpSnpInterface* [ifName]
          |     +--rw ifName                          pub-type:ifName
          |     +--rw dhcpSnpEnable                   boolean
          |     +--rw dhcpSnpIfDisable                boolean
          |     +--rw dhcpSnpIfTrustEnable            boolean
          |     +--rw dhcpSnpIfRate                   uint16
          |     +--rw checkRateEnable                 boolean
          |     +--rw alarmRateEnable                 boolean
          |     +--rw alarmRateThreshold              uint16
          |     +--rw checkArpEnable                  boolean
          |     +--rw alarmArpEnable                  boolean
          |     +--rw alarmArpThreshold               uint16
          |     +--rw checkIpEnable                   boolean
          |     +--rw alarmIpEnable                   boolean
          |     +--rw alarmIpThreshold                uint16
          |     +--rw alarmReplyEnable                boolean
          |     +--rw alarmReplyThreshold             uint16
          |     +--rw checkMacEnable                  boolean
          |     +--rw alarmMacEnable                  boolean
          |     +--rw alarmMacThreshold               uint16
          |     +--rw checkUserBindEnable             boolean
          |     +--rw alarmUserBindEnable             boolean
          |     +--rw alarmUserBindThreshold          uint16
          |     +--rw dhcpSnpIntfMaxUserNum           uint32
          |     +--rw alarmUserLimitEnable            boolean
          |     +--rw alarmUserLimitThreshold         uint16
          |     +--rw dhcpSnpInterfStickyMacEnable    boolean
          |     +--rw dhcpSnpIfStatistics
          |        +--ro dropArpPktCnt?              uint32

Xia & Zheng              Expires March 11, 2018                [Page 17]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |        +--ro dropIpPktCnt?               uint32
          |        +--ro pktCntDropByUserBind?       uint32
          |        +--ro pktCntDropByMac?            uint32
          |        +--ro pktCntDropByUntrustReply?   uint32
          |        +--ro pktCntDropByRate?           uint32
          +--rw dhcpSnpDynBindTbls
          |  +--ro dhcpSnpDynBindTbl* [ipAddress outerVlan innerVlan vsiName vpnName bridgeDomain]
          |     +--ro ipAddress       pub-type:ipv4Address
          |     +--ro outerVlan       uint16
          |     +--ro innerVlan       uint16
          |     +--ro vsiName         string
          |     +--ro vpnName         string
          |     +--ro bridgeDomain    uint32
          |     +--ro macAddress?     pub-type:macAddress
          |     +--ro ifName?         pub-type:ifName
          |     +--ro lease?          yang:date-and-time
          +--rw dhcpSnpVlanIfs
          |  +--rw dhcpSnpVlanIf* [vlanId ifName]
          |     +--rw vlanId                     uint16
          |     +--rw ifName                     pub-type:ifName
          |     +--rw dhcpSnpEnable              boolean
          |     +--rw trustFlag                  boolean
          |     +--rw checkArpEnable             boolean
          |     +--rw alarmArpEnable             boolean
          |     +--rw alarmArpThreshold          uint32
          |     +--rw checkIpEnable              boolean
          |     +--rw alarmIpEnable              boolean
          |     +--rw alarmIpThreshold           uint32
          |     +--rw alarmReplyEnable           boolean
          |     +--rw alarmReplyThreshold        uint32
          |     +--rw checkChaddrEnable          boolean
          |     +--rw alarmChaddrEnable          boolean
          |     +--rw alarmChaddrThreshold       uint32
          |     +--rw checkReqEnable             boolean
          |     +--rw alarmReqEnable             boolean
          |     +--rw alarmReqThreshold          uint32
          |     +--rw dhcpSnpVlanIfMaxUserNum    uint32
          |     +--rw alarmUserLimitEnable       boolean
          |     +--rw alarmUserLimitThreshold    uint32
          |     +--rw dhcpSnpVlanIfStatistics
          |        +--ro dropArpPktCnt?              uint32
          |        +--ro dropIpPktCnt?               uint32
          |        +--ro dropDhcpReqCntByBindTbl?    uint32
          |        +--ro dropDhcpReqCntByMacCheck?   uint32
          |        +--ro dropDhcpReplyCnt?           uint32
          +--rw ifStaticBindTbls
          |  +--rw ifStaticBindTbl* [ifName ipAddress vlanId ceVlanId]
          |     +--rw ifName        pub-type:ifName

Xia & Zheng              Expires March 11, 2018                [Page 18]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--rw ipAddress     pub-type:ipAddress
          |     +--rw vlanId        uint16
          |     +--rw ceVlanId      uint16
          |     +--rw macAddress?   pub-type:macAddress
          +--rw vlanStaticBindTbls
          |  +--rw vlanStaticBindTbl* [vlanId ipAddress ceVlanId]
          |     +--rw vlanId        uint16
          |     +--rw ipAddress     pub-type:ipAddress
          |     +--rw ceVlanId      uint16
          |     +--rw macAddress?   pub-type:macAddress
          |     +--rw ifName?       pub-type:ifName
          +--rw dhcpSnpBds
          |  +--rw dhcpSnpBd* [bdId]
          |     +--rw bdId                       uint32
          |     +--rw dhcpSnpEnable?             boolean
          |     +--rw dhcpSnpTrust?              boolean
          |     +--rw checkArpEnable?            boolean
          |     +--rw alarmArpEnable?            boolean
          |     +--rw alarmArpThreshold?         uint32
          |     +--rw checkIpEnable?             boolean
          |     +--rw alarmIpEnable?             boolean
          |     +--rw alarmIpThreshold?          uint32
          |     +--rw alarmReplyEnable?          boolean
          |     +--rw alarmReplyThreshold?       uint32
          |     +--rw checkMacEnable?            boolean
          |     +--rw alarmMacEnable?            boolean
          |     +--rw alarmMacThreshold?         uint32
          |     +--rw checkRequestEnable?        boolean
          |     +--rw alarmRequestEnable?        boolean
          |     +--rw alarmRequestThreshold?     uint32
          |     +--rw maxUserNum?                uint32
          |     +--rw alarmUserLimitEnable?      boolean
          |     +--rw alarmUserLimitThreshold?   uint32
          |     +--rw statistics
          |        +--ro dropArpPktCnt?              uint32
          |        +--ro dropIpPktCnt?               uint32
          |        +--ro dropDhcpReqCntByBindTbl?    uint32
          |        +--ro dropDhcpReqCntByMacCheck?   uint32
          |        +--ro dropDhcpReplyCnt?           uint32
          +--rw BdStaticBindTbls
          |  +--rw globalBdStaticBindTbl* [bdId ipAddress peVlan ceVlan]
          |     +--rw bdId          uint32
          |     +--rw ipAddress     pub-type:ipv4Address
          |     +--rw macAddress?   pub-type:macAddress
          |     +--rw peVlan        uint16
          |     +--rw ceVlan        uint16
           +--rw dhcpSnpWhiteLists
             +--rw dhcpSnpWhiteList* [whtLstName]

Xia & Zheng              Expires March 11, 2018                [Page 19]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

                +--rw whtLstName           string
                +--rw applyFlag            boolean
                +--rw dhcpSnpWhiteRules
                   +--rw dhcpSnpWhiteRule* [ruleId]
                      +--rw ruleId     uint16
                      +--rw srcIP?     inet:ipv4-address-no-zone
                      +--rw srcMask?   inet:ipv4-address-no-zone
                      +--rw dstIP?     inet:ipv4-address-no-zone
                      +--rw dstMask?   inet:ipv4-address-no-zone
                      +--rw srcPort?   dhcpSnpPort
                      +--rw dstPort?   dhcpSnpPort

4.5.  Control Plane Protection

   When a large number of protocols runs on the router, a lot of packets
   need be sent to the control plane for processing.  In such a case,
   the router control plane is prone to be attacked.  To protect it,
   protocol packet control is needed.  This function allows only
   specified protocol packets to be sent to control plane, and reduces
   malicious packet attacks on the control plane to ensure that devices
   work properly.

module: ietf-hostdefend-sec
    +--rw hostdefend
       +--rw secma global
       |  +--rw secMAEnable?       boolean
       |  +--rw secMABgp?          hostdefendMAAction
       |  +--rw secMAFtp?          hostdefendMAAction
       |  +--rw secMALdp?          hostdefendMAAction
       |  +--rw secMAOspf?         hostdefendMAAction
       |  +--rw secMARip?          hostdefendMAAction
       |  +--rw secMARsvp?         hostdefendMAAction
       |  +--rw secMASnmp?         hostdefendMAAction
       |  +--rw secMASsh?          hostdefendMAAction
       |  +--rw secMATlnt?         hostdefendMAAction
       |  +--rw secMATftp?         hostdefendMAAction
       |  +--rw secMAIsis?         hostdefendMAAction
       |  +--rw secMAPimSm?        hostdefendMAAction
       |  +--rw secMABgp4Plus?     hostdefendMAAction
       |  +--rw secMAIPv6Ftp?      hostdefendMAAction
       |  +--rw secMAOspfv3?       hostdefendMAAction
       |  +--rw secMAIPv6PimSm?    hostdefendMAAction
       |  +--rw secMAIPv6Ssh?      hostdefendMAAction
       |  +--rw secMAIPv6Telnet?   hostdefendMAAction
       +--rw secmaslots
       |  +--rw secmaslot* [secMASlotPlcyID]
       |     +--rw secMASlotPlcyID    uint32
       |     +--rw secMABgp?          hostdefendMAAction

Xia & Zheng              Expires March 11, 2018                [Page 20]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

       |     +--rw secMAFtp?          hostdefendMAAction
       |     +--rw secMALdp?          hostdefendMAAction
       |     +--rw secMAOspf?         hostdefendMAAction
       |     +--rw secMARip?          hostdefendMAAction
       |     +--rw secMARsvp?         hostdefendMAAction
       |     +--rw secMASnmp?         hostdefendMAAction
       |     +--rw secMASsh?          hostdefendMAAction
       |     +--rw secMATelnet?       hostdefendMAAction
       |     +--rw secMATftp?         hostdefendMAAction
       |     +--rw secMAIsis?         hostdefendMAAction
       |     +--rw secMAPimSm?        hostdefendMAAction
       |     +--rw secMABgp4Plus?     hostdefendMAAction
       |     +--rw secMAIPv6Ftp?      hostdefendMAAction
       |     +--rw secMAOspfv3?       hostdefendMAAction
       |     +--rw secMAIPv6PimSm?    hostdefendMAAction
       |     +--rw secMAIPv6Ssh?      hostdefendMAAction
       |     +--rw secMAIPv6Telnet?   hostdefendMAAction
       +--rw secmaslotcfgs
       |  +--rw secmaslotcfg* [secMASlotIdStr]
       |     +--rw secMASlotIdStr     hostdefendMaSlotId
       |     +--rw secMASlotPlcyID    uint32
       +--rw secmaintfs
       |  +--rw secmaintf* [secMAIntfPlcyID]
       |     +--rw secMAIntfPlcyID    uint32
       |     +--rw secMABgp?          hostdefendMAAction
       |     +--rw secMAFtp?          hostdefendMAAction
       |     +--rw secMALdp?          hostdefendMAAction
       |     +--rw secMAOspf?         hostdefendMAAction
       |     +--rw secMARip?          hostdefendMAAction
       |     +--rw secMARsvp?         hostdefendMAAction
       |     +--rw secMASnmp?         hostdefendMAAction
       |     +--rw secMASsh?          hostdefendMAAction
       |     +--rw secMATelnet?       hostdefendMAAction
       |     +--rw secMATftp?         hostdefendMAAction
       |     +--rw secMAIsis?         hostdefendMAAction
       |     +--rw secMAPimSm?        hostdefendMAAction
       |     +--rw secMABgp4Plus?     hostdefendMAAction
       |     +--rw secMAIPv6Ftp?      hostdefendMAAction
       |     +--rw secMAOspfv3?       hostdefendMAAction
       |     +--rw secMAIPv6PimSm?    hostdefendMAAction
       |     +--rw secMAIPv6Ssh?      hostdefendMAAction
       |     +--rw secMAIPv6Telnet?   hostdefendMAAction
       +--rw secmaintfcfgs
       |  +--rw secmaintfcfg* [ifName]
       |     +--rw ifName             pub-type:ifName
       |     +--rw secMAIntfPlcyID    uint32
       +--rw secFragCarStats
       |  +--ro secFragCarStat* [secSlotId]

Xia & Zheng              Expires March 11, 2018                [Page 21]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

       |     +--ro secSlotId         string
       |     +--ro secTotalPktNum?   uint64
       |     +--ro secDropPktNum?    uint64
       |     +--ro secPassPktNum?    uint64
       +--rw secMaDefendStats
       |  +--ro secMaDefendStat* [slotId protocolType]
       |     +--ro slotId          string
       |     +--ro protocolType    hostdefendMaDefendPROTOCOL
       |     +--ro totalPktNum?    uint64
       |     +--ro passPktNum?     uint64
       |     +--ro dropPktNum?     uint64
       +--rw secHostCaptPkts
       |  +--rw secHostCaptPkt* [captureIndex]
       |     +--rw captureIndex      uint8
       |     +--rw hostCaptPro       uint32
       |     +--rw hostCaptType      hostdefendCaptPhyType
       |     +--rw ifName?           pub-type:ifName
       |     +--rw captLinkType?     hostdefendCaptLinkType
       |     +--rw peVlan?           uint32
       |     +--rw peEnd?            uint32
       |     +--rw ceVlan?           uint32
       |     +--rw ceEnd?            uint32
       |     +--rw captPktNum?       uint32
       |     +--rw captTimeOut?      uint32
       |     +--rw captPktLenType?   hostdefendPktLenType
       |     +--rw captPktLen?       uint32
       |     +--rw captAclType?      hostdefendAclType
       |     +--rw captAcl?          hostdefendCaptAcl
       |     +--rw captIpv6Acl?      hostdefendCaptIpv6Acl
       |     +--rw terminal?         hostdefendDestType
       |     +--rw fileName?         string
       |     +--rw fileSize?         uint32
       +--rw secMaDefendIfStats
       |  +--ro secMaDefendIfStat* [protocolType]
       |     +--ro ifName?         pub-type:ifName
       |     +--ro protocolType    hostdefendMaDefendPROTOCOL
       |     +--ro totalPktNum?    uint64
       |     +--ro passPktNum?     uint64
       |     +--ro dropPktNum?     uint64
       +--rw secIsolates
       |  +--rw secIsolate* [secStatus]
       |     +--rw secStatus    hostdefendIsolateStatus
       +--rw serviceSecurityV4s
       |  +--rw serviceSecurityV4* [policyName]
       |     +--rw policyName     mpacPolicyName
       |     +--rw step?          uint32
       |     +--rw description?   string
       |     +--rw ruleIPv4s

Xia & Zheng              Expires March 11, 2018                [Page 22]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

       |        +--rw ruleIPv4* [ruleName]
       |           +--rw ruleName           string
       |           +--rw ruleID?            uint32
       |           +--rw action             mpacRuleAction
       |           +--rw protocolType       mpacProtocolType
       |           +--rw protocolName?      mpacProtoName
       |           +--rw ipProtocolNum?     uint8
       |           +--rw sourceIP?          pub-type:ipv4Address
       |           +--rw sourceWild?        pub-type:ipv4Address
       |           +--rw destinationIP?     pub-type:ipv4Address
       |           +--rw destinationWild?   pub-type:ipv4Address
       |           +--rw sourcePort?        uint16
       |           +--rw destinationPort?   uint16
       |           +--rw match4Stats
       |              +--ro match4Stat*
       |                 +--ro matchCount?   uint64
       +--rw serviceSecurityV6s
       |  +--rw serviceSecurityV6* [policyName]
       |     +--rw policyName     mpacPolicyName
       |     +--rw step?          uint32
       |     +--rw description?   string
       |     +--rw ruleIPv6s
       |        +--rw ruleIPv6* [ruleName]
       |           +--rw ruleName             string
       |           +--rw ruleID?              uint32
       |           +--rw action               mpacRuleAction
       |           +--rw protocolType         mpacProtocolType
       |           +--rw protocolName?        mpacProto6Name
       |           +--rw ipProtocolNum?       uint8
       |           +--rw sourceIP?            pub-type:ipv6Address
       |           +--rw sourcePrefix?        uint32
       |           +--rw destinationIP?       pub-type:ipv6Address
       |           +--rw destinationPrefix?   uint32
       |           +--rw sourcePort?          uint16
       |           +--rw destinationPort?     uint16
       |           +--rw match6Stats
       |              +--ro match6Stat*
       |                 +--ro matchCount?   uint64
       +--rw serviceSecurityCfgGlobals
       |  +--rw serviceSecurityCfgGlobal* [family]
       |     +--rw family          enumeration
       |     +--rw policyNameV4?   -> /hostdefend/serviceSecurityV4s/serviceSecurityV4/policyName
       |     +--rw policyNameV6?   -> /hostdefend/serviceSecurityV6s/serviceSecurityV6/policyName
       +--rw serviceSecurityCfgIfs
       |  +--rw serviceSecurityCfgIf* [ifName family]
       |     +--rw ifName          pub-type:ifName
       |     +--rw family          mpacProtocolFamily
       |     +--rw policyNameV4?   -> /hostdefend/serviceSecurityV4s/serviceSecurityV4/policyName

Xia & Zheng              Expires March 11, 2018                [Page 23]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

       |     +--rw policyNameV6?   -> /hostdefend/serviceSecurityV6s/serviceSecurityV6/policyName
       +--rw secHostIfStats
       |  +--ro secHostIfStat* [ifName]
       |     +--ro ifName                string
       |     +--ro recvPacket?           uint64
       |     +--ro secIfProtocolStats
       |        +--ro secIfProtocolStat*
       |           +--ro layer?            hostIfStatsProtocolLayType
       |           +--ro protocol?         hostIfStatsProtocolType
       |           +--ro expectedPkts?     uint32
       |           +--ro unexpectedPkts?   uint32
       +--rw secIfProtocolCfgs
       |  +--rw secIfProtocolCfg* [ifName]
       |     +--rw ifName    string

       +--rw secCaptPktInstances
          +--ro secCaptPktInstance*
             +--ro secInstanceId?   uint8
             +--ro inBoundInst?     uint32
             +--ro outBoundInst?    uint32
             +--ro totalInst?       uint32
             +--ro hostInst?        uint32
             +--ro protocolNum?     uint32
             +--ro ifName?          string
             +--ro captureStatus?   hostdefendStatusType
             +--ro captTimeOut?     uint32
             +--ro setPktNum?       uint32
             +--ro setPktSize?      uint32
             +--ro deletePktNum?    uint32
             +--ro deletePktSize?   uint32
             +--ro getPktNum?       uint32
             +--ro getPktSize?      uint32
             +--ro firPktTime?      string
             +--ro lastPktTime?     string
             +--ro acl?             string
             +--ro remainTime?      uint32
             +--ro pktDevName?      string
             +--ro fileName?        string
             +--ro linkType?        hostdefendCaptLinkType
             +--ro hostCaptType?    hostdefendCaptType

4.6.  Data Plane Protection

   In the data plane of router, before various protocol packets are sent
   to the control plane for further processing.  Necessary control
   policies or functions(i.e., CAR, Alarm control, packet capture, etc)
   and a number of packet statistics are needed in data plane to protect
   the devices, as well as get more visibility of router status.

Xia & Zheng              Expires March 11, 2018                [Page 24]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

module: ietf-cpudefend-sec
       +--rw cpudefend
          +--rw secpolicys
          |  +--rw secpolicy* [secPolicyID]
          |     +--rw secPolicyID           uint32
          |     +--rw secDescription?       string
          |     +--rw secpolicyattcfg
          |     |  +--rw secIsAttackSrc?    boolean
          |     |  +--rw secAttSrcRate?     cpudefendAttSampleRate
          |     |  +--rw secAttSrcAppLnk?   boolean
          |     |  +--rw secAttSrcCpCar?    boolean
          |     |  +--rw secAttSrcMa?       boolean
          |     |  +--rw secAttSrcTcpip?    boolean
          |     +--rw secTMSQConfig
          |     |  +--rw secStatus?   boolean
          |     +--rw secpolicyproseq
          |     |  +--rw secProSeqWL?   cpudefendProcessSeq
          |     |  +--rw secProSeqBL?   cpudefendProcessSeq
          |     |  +--rw secProSeqUF?   cpudefendProcessSeq
          |     +--rw secpolicyapplnk
          |     |  +--rw secDftAction?   cpudefendAppDefAction
          |     +--rw secpolicyallpkt
          |     |  +--rw secRateValue?   uint32
          |     |  +--rw secRateFlag?    cpudefendTotalCar
          |     +--rw secpolicycars
          |     |  +--rw secpolicycar* [secPolicyType secPolicyTypeID subProtoType subTcpIpType]
          |     |     +--rw secPolicyType      cpudefendPolicyCarType
          |     |     +--rw secPolicyTypeID    uint32
          |     |     +--rw subProtoType       cpudefendCPCARProtocol
          |     |     +--rw subTcpIpType       cpudefendTcpipCarType
          |     |     +--rw secPolicyCir?      uint32
          |     |     +--rw secPolicyCbs?      uint32
          |     |     +--rw secPolicyCbs4Sh?   uint32
          |     |     +--rw secMinPktLen?      uint32
          |     +--rw secpolicyswitchs
          |     |  +--rw secpolicyswitch* [secPolicyType secPolicyTypeID subTcpIpType]
          |     |     +--rw secPolicyType      cpudefendPolicySwitchType
          |     |     +--rw secPolicyTypeID    cpudefendAclProtocolTypeID
          |     |     +--rw subTcpIpType       cpudefendTcpipType
          |     |     +--rw secPolicyEnable?   boolean
          |     +--rw secpolicyalarms
          |     |  +--rw secpolicyalarm* [secPolicyType secPolicyTypeID]
          |     |     +--rw secPolicyType      secPolicyAlarmType
          |     |     +--rw secPolicyTypeID    uint32
          |     |     +--rw secAlarmFlag?      boolean
          |     |     +--rw secAlarmThld?      uint32
          |     |     +--rw secAlarmInt?       uint32
          |     |     +--rw secAlarmSpd?       uint32

Xia & Zheng              Expires March 11, 2018                [Page 25]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     |     +--rw secAlarmResume?    uint32
          |     +--rw secpolicyprios
          |     |  +--rw secpolicyprio* [secPolicyType secPolicyTypeID subProtoType]
          |     |     +--rw secPolicyType      cpudefendPolicyPrioType
          |     |     +--rw secPolicyTypeID    uint32
          |     |     +--rw subProtoType       cpudefendCPCARProtocol
          |     |     +--rw secPriority        cpudefendPriority
          |     +--rw secpolicyacls
          |     |  +--rw secpolicyacl* [secPolicyType secPolicyTypeID]
          |     |     +--rw secPolicyType      cpudefendPolicyAclType
          |     |     +--rw secPolicyTypeID    uint32
          |     |     +--rw secAclNum          uint32
          |     |     +--rw secPrior?          boolean
          |     +--rw secDevUrpfs
          |     |  +--rw secDevUrpf* [secUrpfLooseType]
          |     |     +--rw secUrpfLooseType         cpudefendUrpfMode
          |     |     +--rw secEnableDefaultRoute?   boolean
          |     +--rw sECCrssBrdCarNodes
          |        +--rw sECCrssBrdCarNode* [secPolicyCir]
          |           +--rw secPolicyCir    uint32
          |           +--rw secPolicyCbs?   uint32
          +--rw secpolicycfgs
          |  +--rw secpolicycfg* [secSlotIdStr]
          |     +--rw secSlotIdStr    -> /devm:devm/lpuBoards/lpuBoard/position
          |     +--rw secPolicyID     -> /cpudefend/secpolicys/secpolicy/secPolicyID
          +--ro seccarsysids
          |  +--ro seccarsysid* [secSlotId secCarSysId]
          |     +--ro secSlotId         string
          |     +--ro secPolicyID?      uint32
          |     +--ro secCarSysId       uint16
          |     +--ro secCarCir?        uint32
          |     +--ro secCarCbs?        uint32
          |     +--ro secDefaultCir?    uint32
          |     +--ro secDefaultCbs?    uint32
          |     +--ro secDescription?   string
          +--ro secappstats
          |  +--ro secappstat* [secSlotId]
          |     +--ro secSlotId            string
          |     +--ro secAppEnable?        cpudefendAppStatus
          |     +--ro secAppDefAct?        cpudefendAppDefAction
          |     +--ro secFtpServer?        cpudefendAppStatus
          |     +--ro secSshServer?        cpudefendAppStatus
          |     +--ro secSnmp?             cpudefendAppStatus
          |     +--ro secTelnetServer?     cpudefendAppStatus
          |     +--ro secTftp?             cpudefendAppStatus
          |     +--ro secBgp?              cpudefendAppStatus
          |     +--ro secLdp?              cpudefendAppStatus
          |     +--ro secRsvp?             cpudefendAppStatus

Xia & Zheng              Expires March 11, 2018                [Page 26]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--ro secOspf?             cpudefendAppStatus
          |     +--ro secRip?              cpudefendAppStatus
          |     +--ro secMsdp?             cpudefendAppStatus
          |     +--ro secPim?              cpudefendAppStatus
          |     +--ro secIgmp?             cpudefendAppStatus
          |     +--ro secIsis?             cpudefendAppStatus
          |     +--ro secFtpClient?        cpudefendAppStatus
          |     +--ro secTelnetClient?     cpudefendAppStatus
          |     +--ro secSshClient?        cpudefendAppStatus
          |     +--ro secNtp?              cpudefendAppStatus
          |     +--ro secRadius?           cpudefendAppStatus
          |     +--ro secHwtacacs?         cpudefendAppStatus
          |     +--ro secLspping?          cpudefendAppStatus
          |     +--ro secIcmp?             cpudefendAppStatus
          |     +--ro secVrrp?             cpudefendAppStatus
          |     +--ro secDhcp?             cpudefendAppStatus
          |     +--ro secDnsClient?        cpudefendAppStatus
          |     +--ro secSysLog?           cpudefendAppStatus
          |     +--ro secBfd?              cpudefendAppStatus
          |     +--ro sec8021ag?           cpudefendAppStatus
          |     +--ro secLacp?             cpudefendAppStatus
          |     +--ro secBgpV6?            cpudefendAppStatus
          |     +--ro secOspfV3?           cpudefendAppStatus
          |     +--ro secFtpV6Server?      cpudefendAppStatus
          |     +--ro secFtpV6Client?      cpudefendAppStatus
          |     +--ro secIcmpV6?           cpudefendAppStatus
          |     +--ro secPimV6?            cpudefendAppStatus
          |     +--ro secSshV6Server?      cpudefendAppStatus
          |     +--ro secTelnetV6Client?   cpudefendAppStatus
          |     +--ro secTelnetV6Server?   cpudefendAppStatus
          |     +--ro secDnsV6?            cpudefendAppStatus
          |     +--ro secWebAuthServ?      cpudefendAppStatus
          |     +--ro secDiameter?         cpudefendAppStatus
          |     +--ro secOpenflow?         cpudefendAppStatus
          |     +--ro secUnicastVrrp?      cpudefendAppStatus
          |     +--ro secIgpmu?            cpudefendAppStatus
          |     +--ro secIpfpm?            cpudefendAppStatus
          +--ro secnoncarstats
          |  +--ro secnoncarstat* [secSlotId secPolicyType secPolicyTypeID]
          |     +--ro secSlotId          string
          |     +--ro secPolicyType      cpudefendNoCarPolicyType
          |     +--ro secPolicyTypeID    cpudefendSecStatTypeID
          |     +--ro secSubTotalPkts?   uint64
          |     +--ro secSubPassPkts?    uint64
          |     +--ro secSubDropPkts?    uint64
          +--ro seccarstats
          |  +--ro seccarstat* [secSlotId secPolicyType secPolicyTypeID]
          |     +--ro secSlotId          string

Xia & Zheng              Expires March 11, 2018                [Page 27]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--ro secPolicyType      cpudefendPolicyType
          |     +--ro secPolicyTypeID    uint32
          |     +--ro secAppEnable?      boolean
          |     +--ro secAppDefAct?      cpudefendAppDefAction
          |     +--ro secProtoEnable?    boolean
          |     +--ro secPassedPkts?     uint64
          |     +--ro secDropedPkts?     uint64
          |     +--ro secCfgCir?         uint32
          |     +--ro secCfgCbs?         uint32
          |     +--ro secActualCir?      uint32
          |     +--ro secActualCbs?      uint32
          |     +--ro secPriority?       cpudefendPriority
          |     +--ro secMinPktLen?      uint32
          |     +--ro secAclDenyPkts?    uint64
          |     +--ro secHistPps?        uint64
          |     +--ro secHistPpsTime?    yang:date-and-time
          |     +--ro secLastPps?        uint64
          |     +--ro secLastDrpBTime?   yang:date-and-time
          |     +--ro secLastDrpETime?   yang:date-and-time
          |     +--ro secTtlDropPkts?    uint64
          +--ro secattsrcorgs
          |  +--ro secattsrcorg* [secPktNumber secSlotId]
          |     +--ro secBufferSize?     uint32
          |     +--ro secRecordNumber?   uint32
          |     +--ro secCoverFlag?      uint32
          |     +--ro secPktNumber       uint32
          |     +--ro secSlotId          string
          |     +--ro ifName?            pub-type:ifName
          |     +--ro secPVlanId?        uint16
          |     +--ro secCVlanId?        uint16
          |     +--ro secAttType?        cpudefendATTSRCTYPE
          |     +--ro secDateTime?       yang:date-and-time
          |     +--ro secAttSrcData?     string
          +--ro secAttSrcVerboses
          |  +--ro secAttSrcVerbose* [secPktNumber secSlotId]
          |     +--ro secBufferSize?     uint32
          |     +--ro secRecordNumber?   uint32
          |     +--ro secCoverFlag?      uint32
          |     +--ro secPktNumber       uint32
          |     +--ro secSlotId          string
          |     +--ro ifName             pub-type:ifName
          |     +--ro secPeVlanID?       uint16
          |     +--ro secCeVlanID?       uint16
          |     +--ro secAttType?        cpudefendATTSRCTYPE
          |     +--ro secStartTime?      yang:date-and-time
          |     +--ro secL2Type?         cpudefendAttSrcL2Type
          |     +--ro secLinkType?       uint16
          |     +--ro secSrcMac?         pub-type:macAddress

Xia & Zheng              Expires March 11, 2018                [Page 28]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--ro secDestMac?        pub-type:macAddress
          |     +--ro secL25Type?        cpudefendAttSrcL25Type
          |     +--ro secArpType?        cpudefendAttSrcArpType
          |     +--ro secMplsLabelNum?   uint16
          |     +--ro secMplsLabel1?     uint16
          |     +--ro secMplsLabel2?     uint16
          |     +--ro secMplsLabel3?     uint16
          |     +--ro secMplsLabel4?     uint16
          |     +--ro secMplsLabel5?     uint16
          |     +--ro secL3Type?         cpudefendAttSrcL3Type
          |     +--ro secIPVersion?      uint8
          |     +--ro secIPHeaderLen?    uint8
          |     +--ro secIPTos?          uint8
          |     +--ro secIPLen?          uint16
          |     +--ro secIPId?           uint16
          |     +--ro secIPOff?          uint16
          |     +--ro secIPTtl?          uint8
          |     +--ro secIPProtocol?     uint8
          |     +--ro secIPCheckSum?     uint16
          |     +--ro secSrcAddr?        inet:ipv4-address-no-zone
          |     +--ro secDstAddr?        inet:ipv4-address-no-zone
          |     +--ro secL4Type?         cpudefendAttSrcL4Type
          |     +--ro secSrcPort?        uint16
          |     +--ro secDstPort?        uint16
          |     +--ro secTcpSeqNum?      uint32
          |     +--ro secTcpAckNum?      uint32
          |     +--ro secTcpFlag?        uint8
          |     +--ro secTcpWinSize?     uint16
          |     +--ro secCheckSum?       uint16
          |     +--ro secUdpLen?         uint16
          |     +--ro secIcmpIgmpType?   uint8
          |     +--ro secIcmpIgmpCode?   uint8
          |     +--ro secIgmpGroup?      inet:ipv4-address-no-zone
          |     +--ro secAttSrcData?     string
          |     +--ro secATMVPI?         uint16
          |     +--ro secATMVCI?         uint16
          |     +--ro secSysid?          uint32
          +--ro secTotalPktStats
          |  +--ro secTotalPktStat* [secSlotId]
          |     +--ro secSlotId      string
          |     +--ro secTotalPkt?   uint64
          |     +--ro secPassPkt?    uint64
          |     +--ro secDropPkt?    uint64
          +--rw secArpCarValues
          |  +--rw secArpCarValue* [secIfName]
          |     +--rw secIfName       -> /ifm:ifm/interfaces/interface/ifName
          |     +--rw secEnable?      boolean
          |     +--rw secRateLimit?   uint32

Xia & Zheng              Expires March 11, 2018                [Page 29]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          +--ro secSlotArpAtcks
          |  +--ro secSlotArpAtck* [secIfIndex secHistory]
          |     +--ro secIfIndex         -> /ifm:ifm/interfaces/interface/ifName
          |     +--ro secVlanId?         uint32
          |     +--ro secIfSubIndex?     pub-type:ifName
          |     +--ro secPeVlanId?       uint32
          |     +--ro secCeVlanId?       uint32
          |     +--ro secCtrlVlan?       uint32
          |     +--ro secEnableArpCar?   boolean
          |     +--ro secPassBytes?      uint64
          |     +--ro secPassPkts?       uint64
          |     +--ro secDropBytes?      uint64
          |     +--ro secDropPkts?       uint64
          |     +--ro secStartTime?      yang:date-and-time
          |     +--ro secHistory         sec_history_type
          |     +--ro secEndTime?        yang:date-and-time
          |     +--ro secPassedBytes?    uint64
          |     +--ro secPassedPkts?     uint64
          |     +--ro secDroppedBytes?   uint64
          |     +--ro secDroppedPkts?    uint64
          +--rw secArpSafeguards
          |  +--rw secArpSafeguard* [secIfIndex]
          |     +--rw secIfIndex    -> /ifm:ifm/interfaces/interface/ifName
          +--ro secArpSafeGStats
          |  +--ro secArpSafeGStat* [secSlotId]
          |     +--ro secSlotId        string
          |     +--ro secRequestCnt?   uint64
          |     +--ro secReplyCnt?     uint64
          |     +--ro secTocpCnt?      uint64
          |     +--ro secDropCnt?      uint64
          +--rw secEnL2LoDetects
          |  +--rw secEnL2LoDetect* [secSlotId]
          |     +--rw secSlotId        -> /devm:devm/lpuBoards/lpuBoard/position
          |     +--rw secDetectFlag?   boolean
          +--rw secL2LoDteTraps
          |  +--rw secL2LoDteTrap* [secSlotId]
          |     +--rw secSlotId      -> /devm:devm/lpuBoards/lpuBoard/position
          |     +--rw secTrapFlag?   boolean
          +--rw secL2LoDteShuts
          |  +--rw secL2LoDteShut* [secSlotId]
          |     +--rw secSlotId        -> /devm:devm/lpuBoards/lpuBoard/position
          |     +--rw secShutFlag?     boolean
          |     +--rw secUpTimes?      uint16
          |     +--rw secUpInterval?   uint16
          +--ro secL2LoDisStaIns
          |  +--ro secL2LoDisStaIn* [secSlotId]
          |     +--ro secSlotId        string
          |     +--ro secActionFlag?   cpudefendL2LoopAction

Xia & Zheng              Expires March 11, 2018                [Page 30]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--ro secIfName?       pub-type:ifName
          |     +--ro secVlanID?       uint16
          |     +--ro secLoopLevel?    cpudefendL2LoopLevel
          |     +--ro secPortState?    cpudefendL2LoopIntfStatus
          +--ro secL2LoDisPckIns
          |  +--ro secL2LoDisPckIn* [secSlotId]
          |     +--ro secSlotId      string
          |     +--ro secIfName?     pub-type:ifName
          |     +--ro secNumber?     uint16
          |     +--ro secPeVlanId?   uint16
          |     +--ro secCeVlanId?   uint16
          |     +--ro secProtocol?   cpudefendSecStatTypeID
          |     +--ro secPktType?    cpudefendL2LoopPacketType
          |     +--ro secSrcMac?     pub-type:macAddress
          +--rw secTMSQWeights
          |  +--rw secTMSQWeight* [secPolicyID secSQType]
          |     +--rw secPolicyID    uint32
          |     +--rw secSQType      cpudefendTMSQWeightType
          |     +--rw secSQWeight?   uint32
          |     +--rw secSQCir?      uint32
          |     +--rw secSQPir?      uint32
          +--ro secDisSQStats
          |  +--ro secDisSQStat* [secSlotId secSQType]
          |     +--ro secSlotId        string
          |     +--ro secSQType        cpudefendTMSQWeightType
          |     +--ro secPassedPkts?   uint64
          |     +--ro secDropedPkts?   uint64
          |     +--ro secDisFQStats
          |        +--ro secDisFQStat*
          |           +--ro secBEPassPkts?    uint64
          |           +--ro secBEDropPkts?    uint64
          |           +--ro secAF1PassPkts?   uint64
          |           +--ro secAF1DropPkts?   uint64
          |           +--ro secAF2PassPkts?   uint64
          |           +--ro secAF2DropPkts?   uint64
          |           +--ro secAF3PassPkts?   uint64
          |           +--ro secAF3DropPkts?   uint64
          |           +--ro secAF4PassPkts?   uint64
          |           +--ro secAF4DropPkts?   uint64
          |           +--ro secEFPassPkts?    uint64
          |           +--ro secEFDropPkts?    uint64
          |           +--ro secCS6PassPkts?   uint64
          |           +--ro secCS6DropPkts?   uint64
          |           +--ro secCS7PassPkts?   uint64
          |           +--ro secCS7DropPkts?   uint64
          +--ro secDisSQWeights
          |  +--ro secDisSQWeight* [secSlotId secSQType]
          |     +--ro secSlotId          string

Xia & Zheng              Expires March 11, 2018                [Page 31]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--ro secSQType          cpudefendTMSQWeightType
          |     +--ro secConfigSQCir?    uint32
          |     +--ro secDftSQCir?       uint32
          |     +--ro secConfigSQPir?    uint32
          |     +--ro secDftSQPir?       uint32
          |     +--ro secConfigWeight?   uint32
          |     +--ro secDftWeight?      uint32
          +--rw sechostcarNodes
          |  +--rw sechostcarNode* [slotID hostCarType]
          |     +--rw slotID         -> /devm:devm/lpuBoards/lpuBoard/position
          |     +--rw hostCarType    cpudefendhostCarType
          |     +--rw cir?           uint32
          |     +--rw pir?           uint32
          |     +--rw cbs?           uint32
          |     +--rw pbs?           uint32
          +--rw secHstcAdjustNodes
          |  +--rw socHstcAdjustNode* [slotID hostCarType]
          |     +--rw slotID         string
          |     +--rw hostCarType    cpudefendhostCarType
          |     +--rw ifEnable?      socIfEnable
          +--rw secHstcAdjNodes
          |  +--rw socHstcAdjNode* [slotID hostCarType]
          |     +--rw slotID           string
          |     +--rw hostCarType      cpudefendhostCarType
          |     +--rw dropThreshold?   uint32
          |     +--rw interval?        uint32
          +--ro secDisDefaultCars
          |  +--ro secDisDefaultCar* [secSlotId secSysId]
          |     +--ro secSlotId      string
          |     +--ro secSysId       uint16
          |     +--ro secCir?        uint32
          |     +--ro secCbs?        uint32
          |     +--ro secMinPkt?     uint32
          |     +--ro secPriority?   cpudefendSecPriority
          |     +--ro secTypeId?     cpudefendSecTypeId
          +--ro secCurrentCarNodes
          |  +--ro secCurrentCarNode* [secSlotId secPolicyTypeID]
          |     +--ro secSlotId          string
          |     +--ro secPolicyTypeID    uint32
          |     +--ro secPolicyCir?      uint32
          |     +--ro secPolicyCbs?      uint32
          |     +--ro secMinPkt?         uint32
          |     +--ro secPriority?       cpudefendSecPriority
          |     +--ro desc?              cpudefendSecTypeId
          +--ro secAttSrcFiles
          |  +--ro secAttSrcFile* [fileName]
          |     +--ro fileName           string
          |     +--ro secRecordNum?      uint32

Xia & Zheng              Expires March 11, 2018                [Page 32]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--ro secPktNumber?      uint32
          |     +--ro secPeVlanID?       uint16
          |     +--ro secCeVlanID?       uint16
          |     +--ro secStartTime?      yang:date-and-time
          |     +--ro secL2Type?         cpudefendAttSrcL2Type
          |     +--ro secLinkType?       uint16
          |     +--ro secSrcMac?         pub-type:macAddress
          |     +--ro secDestMac?        pub-type:macAddress
          |     +--ro secL25Type?        cpudefendAttSrcL25Type
          |     +--ro secArpType?        cpudefendAttSrcArpType
          |     +--ro secMplsLabelNum?   uint16
          |     +--ro secMplsLabel1?     uint16
          |     +--ro secMplsLabel2?     uint16
          |     +--ro secMplsLabel3?     uint16
          |     +--ro secMplsLabel4?     uint16
          |     +--ro secMplsLabel5?     uint16
          |     +--ro secL3Type?         cpudefendAttSrcL3Type
          |     +--ro secIPVersion?      uint8
          |     +--ro secIPHeaderLen?    uint8
          |     +--ro secIPTos?          uint8
          |     +--ro secIPLen?          uint16
          |     +--ro secIPId?           uint16
          |     +--ro secIPOff?          uint16
          |     +--ro secIPTtl?          uint8
          |     +--ro secIPProtocol?     uint8
          |     +--ro secIPCheckSum?     uint16
          |     +--ro secSrcAddr?        inet:ipv4-address-no-zone
          |     +--ro secDstAddr?        inet:ipv4-address-no-zone
          |     +--ro secL4Type?         cpudefendAttSrcL4Type
          |     +--ro secSrcPort?        uint16
          |     +--ro secDstPort?        uint16
          |     +--ro secTcpSeqNum?      uint32
          |     +--ro secTcpAckNum?      uint32
          |     +--ro secTcpFlag?        uint8
          |     +--ro secTcpWinSize?     uint8
          |     +--ro secCheckSum?       uint16
          |     +--ro secUdpLen?         uint16
          |     +--ro secIcmpIgmpType?   uint8
          |     +--ro secIcmpIgmpCode?   uint8
          |     +--ro secIgmpGroup?      inet:ipv4-address-no-zone
          |     +--ro secAttSrcData?     string
          |     +--ro secVpi?            uint16
          |     +--ro secVci?            uint16
          +--ro secHostCarStats
          |  +--ro secHostCarStat* [slotID hostCarType statType hostCarID httpHostCarID vlanHostCarID]
          |     +--ro slotID           -> /devm:devm/lpuBoards/lpuBoard/position
          |     +--ro hostCarType      cpudefendhostCarType
          |     +--ro statType         cpudefendstatType

Xia & Zheng              Expires March 11, 2018                [Page 33]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--ro hostCarID        uint32
          |     +--ro httpHostCarID    uint32
          |     +--ro vlanHostCarID    uint32
          |     +--ro passedBytes?     uint64
          |     +--ro droppedBytes?    uint64
          +--ro secHostCarCfgs
          |  +--ro secHostCarCfg* [socSlotID]
          |     +--ro secSlotID       string
          |     +--ro hostCarType?    cpudefendhostCarType
          |     +--ro defaultCir?     uint32
          |     +--ro defaultPir?     uint32
          |     +--ro defaultCbs?     uint32
          |     +--ro defaultPbs?     uint32
          |     +--ro actualCir?      uint32
          |     +--ro actualPir?      uint32
          |     +--ro actualCbs?      uint32
          |     +--ro actualPbs?      uint32
          |     +--ro droprateEn?     socIfEnable
          |     +--ro logInterval?    uint32
          |     +--ro logThreshold?   uint32
          +--ro secAccessUsers
          |  +--ro secAccessUser* [secSlotId hostcarCarID]
          |     +--ro secSlotId         -> /devm:devm/lpuBoards/lpuBoard/position
          |     +--ro hostcarCarID      uint32
          |     +--ro passedBytes?      uint64
          |     +--ro droppedBytes?     uint64
          |     +--ro secUserName?      string
          |     +--ro userStatus?       cpudefendUserStatus
          |     +--ro secUsrIPV4Addr?   inet:ipv4-address-no-zone
          |     +--ro secUsrIPV6Addr?   inet:ipv6-address-no-zone
          |     +--ro secUsrMac?        pub-type:macAddress
          |     +--ro outterVlanId?     uint16
          |     +--ro innerVlanId?      uint16
          +--rw secCaptPktActNodes
          |  +--rw secCaptPktActNode* [captureIndex]
          |     +--rw captureIndex      uint8
          |     +--rw secIfName         -> /ifm:ifm/interfaces/interface/ifName
          |     +--rw direction?        cpudefendCaptDirection
          |     +--rw pktNumber?        uint32
          |     +--rw timeOut?          uint32
          |     +--rw pktLen?           uint32
          |     +--rw captAclType?      cpudefendCaptAclType
          |     +--rw secCaptAcl?       cpudefendCaptAcl
          |     +--rw secCaptIpv6Acl?   cpudefendCaptIpv6Acl
          |     +--rw vlanType?         cpudefendvlanType
          |     +--rw peBegin?          uint16
          |     +--rw peEnd?            uint16
          |     +--rw ceBegin?          uint16

Xia & Zheng              Expires March 11, 2018                [Page 34]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          |     +--rw ceEnd?            uint16
          |     +--rw bufferonly?       cpudefendDestType
          |     +--rw fileName?         string
          |     +--rw fileSize?         uint8
          |     +--rw overwrite?        boolean

4.7.  TCP/IP Attack Defence

   Defense against TCP/IP attacks is applied to the router on the edge
   of the network or other routers that are easily to be attacked by
   illegal TCP/IP packets.  Defense against TCP/IP attacks can protect
   the CPU of the router against malformed packets, fragmented packets,
   TCP SYN packets, and UDP packets, ensuring that normal services can
   be processed.

   module: ietf-tcp-ip-attack-defence
   +--rw secAntiAttackEnable
          |  +--rw antiEnable?        antiAttackEnableCfgType
          |  +--rw abnormalEnable?    antiAttackEnableCfgType
          |  +--rw udpFloodEnable?    antiAttackEnableCfgType
          |  +--rw tcpSynEnable?      antiAttackEnableCfgType
          |  +--rw icmpFloodEnable?   antiAttackEnableCfgType
          |  +--rw fragmentEnable?    antiAttackEnableCfgType
          +--rw secAntiAttackCarCfg
          |  +--rw cirFrag?   uint32
          |  +--rw cirIcmp?   uint32
          |  +--rw cirTcp?    uint32
          +--rw secAntiAttackStats
          |  +--ro secAntiAttackStat* [attackType]
          |     +--ro attackType    antiAttackType
          |     +--ro totalCount?   uint64
          |     +--ro dropCount?    uint64
          |     +--ro passCount?    uint64

5.  Network Infrastructure Device Security Baseline Yang Module

module ietf-mac-limit {
  namespace "urn:ietf:params:xml:ns:yang:ietf-mac-limit";
  prefix maclimit;
/*
  import huawei-pub-type {
    prefix pub-type;
  }
  */
  import ietf-yang-types {
    prefix yang;
  }
  /*

Xia & Zheng              Expires March 11, 2018                [Page 35]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

  import huawei-extension {
    prefix ext;
  }

  include huawei-mac-action;
  include huawei-mac-type;
  */
  organization
    "Huawei Technologies.";
  contact
    "Liang Xia: Frank.xialiang@huawei.com";
    "Guangying Zheng: Zhengguangying@huawei.com";
  description
    "MAC address limit.";

  revision 2017-09-01 {
    description
      "Init revision";
    reference "xxx.";
  }

  container mac {
    description
      "MAC address forwarding. ";
    container macLimitRules {
      description
        "Global MAC address learning limit rule.";
      list macLimitRule {
        key "ruleName";
        description
          "Global MAC address learning limit.";
        leaf ruleName {
          type string {
            length "1..31";
          }
          description
            "Global MAC address learning limit rule name.";
        }
        leaf maximum {
          type uint32 {
            range "0..131072";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned.";
        }
        leaf rate {
          type uint16 {

Xia & Zheng              Expires March 11, 2018                [Page 36]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned.";
        }
        leaf action {
          type macLimitForward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number.";
        }
        leaf alarm {
          type macEnableStatus;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number.";
        }
      }
    }
    container vlanMacLimits {
      description
        "VLAN MAC address limit list.";
      list vlanMacLimit {
        key "vlanId";
        description
          "VLAN MAC address limit.";
        leaf vlanId {
          type macVlanId;
          description
            "VLAN ID.";
        }
        leaf maximum {
          type uint32 {
            range "0..130048";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned in a VLAN.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned in a VLAN.";
        }

Xia & Zheng              Expires March 11, 2018                [Page 37]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

        leaf action {
          type macLimitForward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number in a VLAN.";
        }
        leaf alarm {
          type macEnableStatus;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number in a VLAN.";
        }
      }
    }
    container vsiMacLimits {
      description
        "VSI MAC address limit list.";
      list vsiMacLimit {
        key "vsiName";
        description
          "VSI MAC address limit.";
        leaf vsiName {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf maximum {
          type uint32 {
            range "0..524288";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned in a VSI.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned in a VSI.";
        }
        leaf action {
          type macLimitForward;
          default "discard";
          description

Xia & Zheng              Expires March 11, 2018                [Page 38]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

            "Discard or forward after the number of learned MAC addresses reaches the maximum number in a VSI.";
        }
        leaf alarm {
          type macEnableStatus;
          default "disable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number in a VSI.";
        }
        leaf upThreshold {
          type uint8 {
            range "80..100";
          }
          mandatory true;
          description
            "Upper limit for the number of MAC addresses.";
        }
        leaf downThreshold {
          type uint8 {
            range "60..100";
          }
          mandatory true;
          description
            "Upper limit for the number of MAC addresses.";
        }
      }
    }
    container bdMacLimits {
      description
        "BD MAC address limit list.";
      list bdMacLimit {
        key "bdId";
        description
          "BD MAC address limit.";
        leaf bdId {
          type uint32 {
            range "1..16777215";
          }
          description
            "Specifies the ID of a bridge domain.";
        }
        leaf maximum {
          type uint32 {
            range "0..130048";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned in a BD.";
        }

Xia & Zheng              Expires March 11, 2018                [Page 39]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned in a BD.";
        }
        leaf action {
          type macLimitForward;
          default "discard";
          description
            "Forward or discard the packet.";
        }
        leaf alarm {
          type macEnableStatus;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number.";
        }
      }
    }
    container pwMacLimits {
      description
        "PW MAC address limit list.";
      list pwMacLimit {
        key "vsiName pwName";
        description
          "PW MAC address limit.";
        leaf vsiName {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf pwName {
          type string {
            length "1..15";
          }
          description
            "PW name.";
        }
        leaf maximum {
          type uint32 {
            range "0..130048";
          }
          mandatory true;

Xia & Zheng              Expires March 11, 2018                [Page 40]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          description
            "Maximum number of MAC addresses that can be learned in a PW.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval at which MAC addresses are learned in a PW.";
        }
        leaf action {
          type macLimitForward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number in a PW.";
        }
        leaf alarm {
          type macEnableStatus;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number in a PW.";
        }
      }
    }
    container ifMacLimits {
      description
        "Interface MAC address limit list.";
      list ifMacLimit {
        key "ifName limitType";
        description
          "Interface MAC address limit.";
        leaf ifName {
          type pub-type:ifName;
          description
            "Interface name.";
        }
        leaf limitType {
          type limitType;
          description
            "Interface MAC limit type.";
        }
        leaf ruleName {
          type leafref {
            path "/mac/macLimitRules/macLimitRule/ruleName";
          }
          description
            "Rule name.";

Xia & Zheng              Expires March 11, 2018                [Page 41]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

        }
        leaf maximum {
          type uint32 {
            range "0..131072";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned on an interface.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description
            "Interval (ms) at which MAC addresses are learned on an interface.";
        }
        leaf action {
          type macLimitForward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number on an interface";
        }
        leaf alarm {
          type macEnableStatus;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number on an interface.";
        }
      }
    }
    container ifVlanMacLimits {
      description
        "Interface + VLAN MAC address limit list.";
      list ifVlanMacLimit {
        key "ifName vlanBegin limitType";
        config false;
        description
          "Interface + VLAN MAC address limit.";
        leaf ifName {
          type pub-type:ifName;
          description
            "Name of an interface. ";
        }
        leaf vlanBegin {
          type macVlanId;
          description
            "Start VLAN ID.";

Xia & Zheng              Expires March 11, 2018                [Page 42]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

        }
        leaf vlanEnd {
          type macVlanId;
          description
            "End VLAN ID.";
        }
        leaf limitType {
          type limitType;
          description
            "Interface MAC limit type.";
        }
        leaf ruleName {
          type leafref {
            path "/mac/macLimitRules/macLimitRule/ruleName";
          }
          description
            "Rule name.";
        }
        leaf maximum {
          type uint32 {
            range "0..131072";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned on an interface.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          mandatory true;
          description
            "Interval (ms) at which MAC addresses are learned on an interface.";
        }
        leaf action {
          type macLimitForward;
          default "discard";
          description
            "Discard or forward the packet.";
        }
        leaf alarm {
          type macEnableStatus;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number.";
        }
      }
    }

Xia & Zheng              Expires March 11, 2018                [Page 43]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

    container subifMacLimits {
      description
        "Sub-interface MAC address limit list.";
      list subifMacLimit {
        key "ifName limitType";
        description
          "Sub-interface MAC address limit.";
        leaf ifName {
          type pub-type:ifName;
          description
            "Name of a sub-interface. ";
        }
        leaf limitType {
          type limitType;
          description
            "Sub-interface MAC limit type.";
        }
        leaf vsiName {
          type string {
            length "1..36";
          }
          config false;
          mandatory true;
          description
            "VSI name , EVPN name or bridge domain ID.";
        }
        leaf ruleName {
          type string {
            length "1..31";
          }
          mandatory true;
          description
            "Rule name.";
        }
        leaf maximum {
          type uint32 {
            range "0..131072";
          }
          mandatory true;
          description
            "Maximum number of MAC addresses that can be learned on a sub-interface.";
        }
        leaf rate {
          type uint16 {
            range "0..1000";
          }
          default "0";
          description

Xia & Zheng              Expires March 11, 2018                [Page 44]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

            "Interval (ms) at which MAC addresses are learned on a sub-interface.";
        }
        leaf action {
          type macLimitForward;
          default "discard";
          description
            "Discard or forward after the number of learned MAC addresses reaches the maximum number on a sub-interface.";
        }
        leaf alarm {
          type macEnableStatus;
          default "enable";
          description
            "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number on a sub-interface.";
        }
      }
    }
    container vsiStormSupps {
      description
        "VSI Suppression List.";
      list vsiStormSupp {
        key "vsiName suppressType";
        description
          "VSI Suppression.";
        leaf vsiName {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf suppressType {
          type suppressType;
          description
            "Traffic suppression type.";
        }
        leaf cir {
          type uint64 {
            range "0..4294967295";
          }
          default "0";
          description
            "CIR value.";
        }
        leaf cbs {
          type uint64 {
            range "0..4294967295";
          }
          description

Xia & Zheng              Expires March 11, 2018                [Page 45]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

            "CBS value.";
        }
      }
    }
    container vlanStormSupps {
      description
        "VLAN Suppression List.";
      list vlanStormSupp {
        key "vlanId suppressType";
        description
          "VLAN Suppression.";
        leaf vlanId {
          type macVlanId;
          description
            "VLAN ID.";
        }
        leaf suppressType {
          type suppressType;
          description
            "Traffic suppression type.";
        }
        leaf cir {
          type uint64 {
            range "64..4294967295";
          }
          default "64";
          description
            "CIR value.";
        }
        leaf cbs {
          type uint64 {
            range "10000..4294967295";
          }
          description
            "CBS value.";
        }
      }
    }
    container subIfSuppresss {
      description
        "Sub-interface traffic suppression list.";
      list subIfSuppress {
        key "ifName suppressType direction";
        description
          "Sub-Interface traffic suppression.";
        leaf ifName {
          type pub-type:ifName;
          description

Xia & Zheng              Expires March 11, 2018                [Page 46]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

            "Sub-interface name.";
        }
        leaf suppressType {
          type suppressType;
          description
            "Suppression type.";
        }
        leaf direction {
          type directionType;
          description
            "Suppression direction.";
        }
        leaf cir {
          type uint64 {
            range "0..4294967295";
          }
          default "0";
          description
            "CIR value.";
        }
        leaf cbs {
          type uint64 {
            range "0..4294967295";
          }
          description
            "CBS value.";
        }
      }
    }
    container pwSuppresss {
      description
        "PW traffic suppress list.";
      list pwSuppress {
        key "vsiName pwName suppressType";
        description
          "PW traffic suppression.";
        leaf vsiName {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf pwName {
          type string {
            length "1..15";
          }
          description

Xia & Zheng              Expires March 11, 2018                [Page 47]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

            "PW name.";
        }
        leaf suppressType {
          type suppressType;
          description
            "Traffic suppression type.";
        }
        leaf cir {
          type uint64 {
            range "100..4294967295";
          }
          default "100";
          description
            "CIR value.";
        }
        leaf cbs {
          type uint64 {
            range "100..4294967295";
          }
          description
            "CBS value.";
        }
      }
    }
    container pwSuppressPtns {
      description
        "PW traffic suppress list.";
      list pwSuppressPtn {
        key "vsiName peerIp pwId pwEncap";
        description
          "PW traffic suppression.";
        leaf vsiName {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf peerIp {
          type string {
            length "0..255";
            pattern "((([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))";
          }
          description
            "Peer IP address.";
        }
        leaf pwId {
          type uint32 {

Xia & Zheng              Expires March 11, 2018                [Page 48]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

            range "1..4294967295";
          }
          description
            "PW ID.";
        }
        leaf pwEncap {
          type macPwEncapType;
          description
            "PW encapsulation type.";
        }
        leaf isEnable {
          type boolean;
          default "true";
          description
            "Enable status.";
        }
        leaf suppressType {
          type suppressStyle;
          default "absoluteValue";
          description
            "Traffic suppression type.";
        }
        leaf broadcast {
          type uint32 {
            range "0..200000000";
          }
          default "1000";
          description
            "Broadcast suppression (kbit/s)";
        }
        leaf unicast {
          type uint32 {
            range "0..200000000";
          }
          default "1000";
          description
            "Unknown unicast suppression (kbit/s).";
        }
        leaf multicast {
          type uint32 {
            range "0..200000000";
          }
          default "1000";
          description
            "Multicast suppression (kbit/s).";
        }
      }
    }

Xia & Zheng              Expires March 11, 2018                [Page 49]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

    container vsiInSuppressions {
      description
        "VSI inbound traffic suppression list.";
      list vsiInSuppression {
        key "vsiName";
        description
          "VSI inbound traffic suppression.";
        leaf vsiName {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf inboundSupp {
          type macEnableStatus;
          default "enable";
          description
            "Inbound suppression.";
        }
      }
    }
    container vsiOutSuppressions {
      description
        "VSI outbound traffic suppression list.";
      list vsiOutSuppression {
        key "vsiName";
        description
          "VSI outbound traffic suppression.";
        leaf vsiName {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf outboundSupp {
          type macEnableStatus;
          default "enable";
          description
            "Outbound suppression.";
        }
      }
    }
    container vsiSuppresss {
      description
        "VSI traffic suppression list.";
      list vsiSuppress {

Xia & Zheng              Expires March 11, 2018                [Page 50]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

        key "subIfName";
        description
          "VSI traffic suppression.";
        leaf vsiName {
          type string {
            length "1..31";
          }
          mandatory true;
          description
            "VSI name.";
        }
        leaf subIfName {
          type pub-type:ifName;
          description
            "Sub-interface name.";
        }
        leaf isEnable {
          type boolean;
          default "true";
          description
            "Enable status.";
        }
        leaf suppressType {
          type suppressStyle;
          default "percent";
          description
            "Traffic suppression type.";
        }
        leaf broadcast {
          type uint32 {
            range "0..200000000";
          }
          default "64";
          description
            "Broadcast suppression (kbit/s)";
        }
        leaf broadcastPercent {
          type uint32 {
            range "0..100";
          }
          default "1";
          description
            "Broadcast suppression.";
        }
        leaf unicast {
          type uint32 {
            range "0..200000000";
          }

Xia & Zheng              Expires March 11, 2018                [Page 51]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          default "64";
          description
            "Unknown unicast suppression (kbit/s).";
        }
        leaf unicastPercent {
          type uint32 {
            range "0..100";
          }
          default "1";
          description
            "Unknown unicast suppression.";
        }
        leaf multicast {
          type uint32 {
            range "0..200000000";
          }
          default "64";
          description
            "Multicast suppression (kbit/s).";
        }
        leaf multicastPercent {
          type uint32 {
            range "0..100";
          }
          default "1";
          description
            "Multicast suppression.";
        }
      }
    }
    container vsiTotalNumbers {
      description
        "List of MAC address total numbers in a VSI.";
      list vsiTotalNumber {
        key "vsiName slotId macType";
        config false;
        description
          "Total number of MAC addresses in a VSI.";
        leaf vsiName {
          type string {
            length "1..31";
          }
          description
            "VSI name.";
        }
        leaf slotId {
          type string {
            length "1..24";

Xia & Zheng              Expires March 11, 2018                [Page 52]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          }
          description
            "Slot ID.";
        }
        leaf macType {
          type macType;
          description
            "MAC address type.";
        }
        leaf number {
          type uint32;
          mandatory true;
          description
            "Number of MAC addresses.";
        }
      }
    }
    container ifStormSupps {
      description
        "Interface traffic suppression list.";
      list ifStormSupp {
        key "ifName suppressType";
        description
          "Interface traffic suppression.";
        leaf ifName {
          type pub-type:ifName;
          description
            "Name of an interface. ";
        }
        leaf suppressType {
          type suppressType;
          description
            "Suppression type.";
        }
        leaf percent {
          type uint64 {
            range "0..99";
          }
          description
            "Percent.";
        }
        leaf packets {
          type uint64 {
            range "0..148810000";
          }
          description
            "Packets per second.";
        }

Xia & Zheng              Expires March 11, 2018                [Page 53]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

        leaf cir {
          type uint64 {
            range "0..100000000";
          }
          description
            "CIR(Kbit/s).";
        }
        leaf cbs {
          type uint64 {
            range "10000..4294967295";
          }
          description
            "CBS(Bytes).";
        }
      }
    }
    container ifStormBlocks {
      description
        "Interface traffic block list.";
      list ifStormBlock {
        key "ifName blockType direction";
        description
          "Interface traffic suppression.";
        leaf ifName {
          type pub-type:ifName;
          description
            "Name of an interface. ";
        }
        leaf blockType {
          type suppressType;
          description
            "Block type.";
        }
        leaf direction {
          type directionType;
          description
            "Direction.";
        }
      }
    }
    container ifStormContrls {
      description
        "Interface storm control list.";
      list ifStormContrl {
        key "ifName";
        description
          "Interface storm control.";
        leaf ifName {

Xia & Zheng              Expires March 11, 2018                [Page 54]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

          type pub-type:ifName;
          description
            "Name of an interface. ";
        }
        leaf action {
          type stormCtrlActionType;
          default "normal";
          description
            "Action type.";
        }
        leaf trapEnable {
          type enableType;
          default "disable";
          description
            "Trap state.";
        }
        leaf logEnable {
          type enableType;
          default "disable";
          description
            "Log state.";
        }
        leaf interval {
          type uint64 {
            range "1..180";
          }
          default "5";
          description
            "Detect interval.";
        }
        container ifPacketContrlAttributes {
          description
            "Storm control rate list.";
          list ifPacketContrlAttribute {
            key "packetType";
            description
              "Storm control rate.";
            leaf packetType {
              type stormCtrlType;
              description
                "Packet type.";
            }
            leaf rateType {
              type stormCtrlRateType;
              default "pps";
              description
                "Storm control rate type.";
            }

Xia & Zheng              Expires March 11, 2018                [Page 55]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

            leaf minRate {
              type uint32 {
                range "1..148810000";
              }
              mandatory true;
              description
                "Storm control min rate.";
            }
            leaf maxRate {
              type uint64 {
                range "1..148810000";
              }
              mandatory true;
              description
                "Storm control max rate.";
            }
          }
        }
        container ifstormContrlInfos {
          description
            "Storm control info list.";
          list ifstormContrlInfo {
            key "packetType";
            config false;
            description
              "Storm control info";
            leaf packetType {
              type stormCtrlType;
              description
                "Packet type.";
            }
            leaf punishStatus {
              type stormCtrlActionType;
              description
                "Storm control status.";
            }
            leaf lastPunishTime {
              type string {
                length "1..50";
              }
              description
                "Last punish time.";
            }
          }
        }
      }
    }
  }

Xia & Zheng              Expires March 11, 2018                [Page 56]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

}

6.  IANA Considerations

   This document makes no request of IANA.

   Note to RFC Editor: this section may be removed on publication as an
   RFC.

7.  Security Considerations

   To be added.

8.  Acknowledgements

9.  References

9.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

9.2.  Informative References

   [I-D.ietf-netconf-subscribed-notifications]
              Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and
              A. Tripathy, "Custom Subscription to Event Notifications",
              draft-ietf-netconf-subscribed-notifications-03 (work in
              progress), July 2017.

   [I-D.ietf-netconf-yang-push]
              Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen-
              Nygaard, E., Bierman, A., and B. Lengyel, "Subscribing to
              YANG datastore push updates", draft-ietf-netconf-yang-
              push-08 (work in progress), August 2017.

   [I-D.ietf-sacm-information-model]
              Waltermire, D., Watson, K., Kahn, C., Lorenzin, L., Cokus,
              M., Haynes, D., and H. Birkholz, "SACM Information Model",
              draft-ietf-sacm-information-model-10 (work in progress),
              April 2017.

Xia & Zheng              Expires March 11, 2018                [Page 57]
Internet-DraftNetwork Infrastructure Device Data Plane SecSeptember 2017

Authors' Addresses

   Liang Xia
   Huawei

   Email: frank.xialiang@huawei.com

   Guangying Zheng
   Huawei

   Email: zhengguangying@huawei.com

Xia & Zheng              Expires March 11, 2018                [Page 58]