Internet Engineering Task Force (IETF) N. Bahadur, Ed. Request for Comments: 8430 Uber Category: Informational S. Kini, Ed. ISSN: 2070-1721 J. Medved Cisco September 2018 RIB Information Model
AbstractRouting and routing functions in enterprise and carrier networks are typically performed by network devices (routers and switches) using a Routing Information Base (RIB). Protocols and configurations push data into the RIB, and the RIB manager installs state into the hardware for packet forwarding. This document specifies an information model for the RIB to enable defining a standardized data model. The IETF's I2RS WG used this document to design the I2RS RIB data model. This document is being published to record the higher- level information model decisions for RIBs so that other developers of RIBs may benefit from the design concepts. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8430.
Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Conventions Used in This Document . . . . . . . . . . . . 6 2. RIB Data . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1. RIB Definition . . . . . . . . . . . . . . . . . . . . . 7 2.2. Routing Instance . . . . . . . . . . . . . . . . . . . . 7 2.3. Route . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.4. Nexthop . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.4.1. Base Nexthops . . . . . . . . . . . . . . . . . . . . 12 2.4.2. Derived Nexthops . . . . . . . . . . . . . . . . . . 14 2.4.3. Nexthop Indirection . . . . . . . . . . . . . . . . . 15 3. Reading from the RIB . . . . . . . . . . . . . . . . . . . . 16 4. Writing to the RIB . . . . . . . . . . . . . . . . . . . . . 16 5. Notifications . . . . . . . . . . . . . . . . . . . . . . . . 17 6. RIB Grammar . . . . . . . . . . . . . . . . . . . . . . . . . 17 6.1. Nexthop Grammar Explained . . . . . . . . . . . . . . . . 20 7. Using the RIB Grammar . . . . . . . . . . . . . . . . . . . . 20 7.1. Using Route Preference . . . . . . . . . . . . . . . . . 20 7.2. Using Different Nexthop Types . . . . . . . . . . . . . . 20 7.2.1. Tunnel Nexthops . . . . . . . . . . . . . . . . . . . 21 7.2.2. Replication Lists . . . . . . . . . . . . . . . . . . 21 7.2.3. Weighted Lists . . . . . . . . . . . . . . . . . . . 21 7.2.4. Protection . . . . . . . . . . . . . . . . . . . . . 22 7.2.5. Nexthop Chains . . . . . . . . . . . . . . . . . . . 22 7.2.6. Lists of Lists . . . . . . . . . . . . . . . . . . . 23 7.3. Performing Multicast . . . . . . . . . . . . . . . . . . 24 8. RIB Operations at Scale . . . . . . . . . . . . . . . . . . . 25 8.1. RIB Reads . . . . . . . . . . . . . . . . . . . . . . . . 25 8.2. RIB Writes . . . . . . . . . . . . . . . . . . . . . . . 25 8.3. RIB Events and Notifications . . . . . . . . . . . . . . 25 9. Security Considerations . . . . . . . . . . . . . . . . . . . 25 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 11.1. Normative References . . . . . . . . . . . . . . . . . . 26 11.2. Informative References . . . . . . . . . . . . . . . . . 27 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 28 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28
Figure 1. +-------------+ +-------------+ |RIB Client 1 | ...... |RIB Client N | +-------------+ +-------------+ ^ ^ | | +----------------------+ | V +---------------------+ | RIB Manager | | | | +--------+ | | | RIB(s) | | | +--------+ | +---------------------+ ^ | +---------------------------------+ | | V V +----------------+ +----------------+ | FIB Manager 1 | | FIB Manager M | | +--------+ | .......... | +--------+ | | | FIB(s) | | | | FIB(s) | | | +--------+ | | +--------+ | +----------------+ +----------------+ Figure 1: RIB Manager, RIB Clients, and FIB Managers Routing protocols are inherently distributed in nature, and each router makes an independent decision based on the routing data received from its peers. With the advent of newer deployment paradigms and the need for specialized applications, there is an emerging need to guide the router's routing function [RFC7920]. The
traditional network-device RIB population that is protocol based suffices for most use cases where distributed network control is used. However, there are use cases that the network operators currently address by configuring static routes, policies, and RIB import/export rules on the routers. There is also a growing list of use cases in which a network operator might want to program the RIB based on data unrelated to just routing (within that network's domain). Programming the RIB could be based on other information (such as routing data in the adjacent domain or the load on storage and compute) in the given domain. Or, it could simply be a programmatic way of creating on-demand dynamic overlays (e.g., GRE tunnels) between compute hosts (without requiring the hosts to run traditional routing protocols). If there was a standardized, publicly documented programmatic interface to a RIB, it would enable further networking applications that address a variety of use cases [RFC7920]. A programmatic interface to the RIB involves two types of operations: reading from the RIB and writing (adding/modifying/deleting) to the RIB. In order to understand what is in a router's RIB, methods like per- protocol SNMP MIBs and screen scraping are used. These methods are not scalable since they are client pull mechanisms and not proactive push (from the router) mechanisms. Screen scraping is error prone (since the output format can change) and is vendor dependent. Building a RIB from per-protocol MIBs is error prone since the MIB data represents protocol data and not the exact information that went into the RIB. Thus, just getting read-only RIB information from a router is a hard task. Adding content to the RIB from a RIB client can be done today using static configuration mechanisms provided by router vendors. However, the mix of what can be modified in the RIB varies from vendor to vendor, and the method of configuring it is also vendor dependent. This makes it hard for a RIB client to program a multi-vendor network in a consistent and vendor-independent way. The purpose of this document is to specify an information model for the RIB. Using the information model, one can build a detailed data model for the RIB. That data model could then be used by a RIB client to program a network device. One data model that has been based on this document is the I2RS RIB data model [RFC8431]. The rest of this document is organized as follows. Section 2 goes into the details of what constitutes and can be programmed in a RIB. Guidelines for reading and writing the RIB are provided in Sections 3 and 4, respectively. Section 5 provides a high-level view of the
events and notifications going from a network device to a RIB client to update the RIB client on asynchronous events. The RIB grammar is specified in Section 6. Examples of using the RIB grammar are shown in Section 7. Section 8 covers considerations for performing RIB operations at scale. RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Section 6). A high- level description of the RIB contents is as shown in Figure 2. Please note that for ease of representation in ASCII art, this drawing shows a single routing instance, a single RIB, and a single route. Subsections of this section describe the logical data nodes that should be contained within a RIB. Sections 3 and 4 describe the high-level read and write operations. network-device | | 0..N | routing instance(s) | | | | 0..N | | 0..N | | interface(s) RIB(s) | | | 0..N | route(s) Figure 2: RIB Information Model
Section 2.2). A network device MAY contain routing instances, and each routing instance MAY contain RIBs. The name MUST be unique within a routing instance. All routes in a given RIB MUST be of the same address family (e.g., IPv4). Each RIB MUST belong to a routing instance. A routing instance may contain two or more RIBs of the same address family (e.g., IPv6). A typical case where this can be used is for multi-topology routing [RFC4915] [RFC5120]. Each RIB MAY be associated with an ENABLE_IP_RPF_CHECK attribute that enables Reverse Path Forwarding (RPF) checks on all IP routes in that RIB. The RPF check is used to prevent spoofing and limit malicious traffic. For IP packets, the IP source address is looked up and the RPF interface(s) associated with the route for that IP source address is found. If the incoming IP packet's interface matches one of the RPF interfaces, then the IP packet is forwarded based on its IP destination address; otherwise, the IP packet is discarded.
A routing instance MUST contain the following mandatory fields: o INSTANCE_NAME: A routing instance is identified by its name, INSTANCE_NAME. This MUST be unique across all routing instances in a given network device. o rib-list: This is the list of RIBs associated with this routing instance. Each routing instance can have multiple RIBs to represent routes of different types. For example, one would put IPv4 routes in one RIB and MPLS routes in another RIB. The list of RIBs can be an empty list. A routing instance MAY contain the following fields: o interface-list: This represents the list of interfaces associated with this routing instance. The interface list helps constrain the boundaries of packet forwarding. Packets coming in on these interfaces are directly associated with the given routing instance. The interface list contains a list of identifiers, with each identifier uniquely identifying an interface. o ROUTER_ID: This field identifies the network device in control plane interactions with other network devices. This field is to be used if one wants to virtualize a physical router into multiple virtual routers. Each virtual router MUST have a unique ROUTER_ID. A ROUTER_ID MUST be unique across all network devices in a given domain. A routing instance may be created purely for the purposes of packet processing and may not have any interfaces associated with it. For example, an incoming packet in routing instance A might have a nexthop of routing instance B, and after packet processing in B, the nexthop might be routing instance C. Thus, routing instance B is not associated with any interface. And, given that this routing instance does not do any control-plane interaction with other network devices, a ROUTER_ID is also not needed. Figure 3 represents the overall contents of a route. Please note that for ease of depiction in ASCII art, only a single instance of the route-attribute, match flags, and nexthop is depicted.
route | | | +---------+ | +----------+ | | | 0..N | | | route-attribute match nexthop | | +-------+-------+-------+--------+ | | | | | | | | | | IPv4 IPv6 MPLS MAC Interface Figure 3: Route Model This document specifies the following match types: o IPv4: Match on destination and/or source IP address in the IPv4 header o IPv6: Match on destination and/or source IP address in the IPv6 header o MPLS: Match on an MPLS label at the top of the MPLS label stack o MAC: Match on Media Access Control (MAC) destination addresses in the Ethernet header o Interface: Match on the incoming interface of the packet A route MAY be matched on one or more of these match types by policy as either an "AND" (to restrict the number of routes) or an "OR" (to combine two filters). Each route MUST have the following mandatory route-attributes associated with it: o ROUTE_PREFERENCE: This is a numerical value that allows for comparing routes from different protocols. Static configuration is also considered a protocol for the purpose of this field. It is also known as "administrative distance". The lower the value, the higher the preference. For example, there can be an OSPF route for 192.0.2.1/32 (or IPv6 2001:DB8::1/128) with a preference of 5. If a controller programs a route for 192.0.2.1/32 (or IPv6 2001:DB8::1/128) with a preference of 2, then the controller's route will be preferred by the RIB manager. Preference should be
used to dictate behavior. For more examples of preference, see Section 7.1. Each route can have one or more optional route-attributes associated with it. o route-vendor-attributes: Vendors can specify vendor-specific attributes using this. The details of this attribute are outside the scope of this document. Each route has a nexthop associated with it. Nexthops are described in Section 2.4. Additional features to match multicast packets were considered (e.g., TTL of the packet to limit the range of a multicast group), but these were not added to this information model. Future RIB information models should investigate these multicast features.
is henceforth referred to as a FIB-ineligible route. The RIB information model allows a RIB client to program routes whose nexthops may be unresolved initially. Whenever an unresolved nexthop gets resolved, the RIB manager will send a notification of the same (see Section 5). The overall structure and usage of a nexthop is as shown in the figure below. For ease of description using ASCII art, only a single instance of any component of the nexthop is shown in Figure 4. route | | 0..N | nexthop <-------------------------------+ | | +-------+----------------------------+-------------+ | | | | | | | | | | | | | base load-balance protection replicate chain | | | | | | | | |2..N |2..N |2..N |1..N | | | | | | | | | V | | | | +------------->+<------------+-------------+ | | | | | +-------------------------------------+ | +-------------------+ | | | | +---------------+--------+--------+--------------+----------+ | | | | | | | | | | nexthop-id egress-interface ip-address logical-tunnel | | | +--------------------------------------+ | +----------------------+------------------+-------------+ | | | | | | | | tunnel-encapsulation tunnel-decapsulation rib-name special-nexthop Figure 4: Nexthop Model
This document specifies a very generic, extensible, and recursive grammar for nexthops. A nexthop can be a base nexthop or a derived nexthop. Section 2.4.1 details base nexthops, and Section 2.4.2 explains various kinds of derived nexthops. There are certain special nexthops, and those are described in Section 184.108.40.206. Lastly, Section 2.4.3 delves into nexthop indirection and its use. Examples of when and how to use tunnel nexthops and derived nexthops are shown in Section 7.2.
o Tunnel nexthops: These are nexthops that are pointing to a tunnel. The types of tunnel nexthops are: * tunnel-encapsulation: This can be an encapsulation representing an IP tunnel, MPLS tunnel, or others as defined in this document. An optional egress-interface can be chained to the tunnel-encapsulation to indicate which interface to send the packet out on. The egress-interface is useful when the network device contains Ethernet interfaces and one needs to perform address resolution for the IP packet. * tunnel-decapsulation: This is to specify decapsulating a tunnel header. After decapsulation, further lookup on the packet can be done via chaining it with another nexthop. The packet can also be sent out via an egress-interface directly. * logical-tunnel: This can be an MPLS Label Switched Path (LSP) or a GRE tunnel (or others as defined in this document) that is represented by a unique identifier (e.g., name). o rib-name: A nexthop pointing to a RIB. This indicates that the route lookup needs to continue in the specified RIB. This is a way to perform chained lookups. Tunnel nexthops allow a RIB client to program static tunnel headers. There can be cases where the remote tunnel endpoint does not support dynamic signaling (e.g., no LDP support on a host); in those cases, the RIB client might want to program the tunnel header on both ends of the tunnel. The tunnel nexthop is kept generic with specifications provided for some commonly used tunnels. It is expected that the data model will model these tunnel types with complete accuracy.
o RECEIVE: This indicates that the traffic is destined for the network device, for example, protocol packets or Operations, Administration, and Maintenance (OAM) packets. All locally destined traffic SHOULD be throttled to avoid a denial-of-service attack on the router's control plane. An optional rate limiter can be specified to indicate how to throttle traffic destined for the control plane. The description of the rate limiter is outside the scope of this document. Section 7.2.5 for usage) are a way to perform multiple operations on a packet by logically combining them. For example, one can chain together "decapsulate MPLS header" and "send it out a specific egress-interface". Chains can be used to specify multiple headers over a packet before a packet is forwarded. One simple example is that of MPLS over GRE, wherein the packet has an inner MPLS header followed by a GRE header followed by an IP header. The outermost IP header is decided by the network device, whereas the MPLS header or GRE header is specified by the controller. Not every network device will be able to support all kinds of nexthop chains and an arbitrary number of headers chained together. The RIB data model SHOULD provide a way to expose a nexthop chaining capability supported by a given network device. It is expected that all network devices will have a limit on how many levels of lookup can be performed, and not all hardware will be able to support all kinds of nexthops. RIB capability negotiation becomes very important for this reason, and a RIB data model MUST specify a way for a RIB client to learn about the network device's capabilities.
Section 6). o NEXTHOP_LB_WEIGHT: This is used for load-balancing. Each list member MUST be assigned a weight between 1 and 99. The weight determines the proportion of traffic to be sent over a nexthop used for forwarding as a ratio of the weight of this nexthop divided by the weights of all the nexthops of this route that are used for forwarding. To perform equal load-balancing, one MAY specify a weight of "0" for all the member nexthops. The value "0" is reserved for equal load-balancing and, if applied, MUST be applied to all member nexthops. Note that a weight of 0 is special because of historical reasons. Section 2.4.2 for examples.
Section 4) o Nexthop resolution status (resolved/unresolved) notification RFC5511]. This grammar is intended to help the reader better understand Section 2 in order to derive a data model. <routing-instance> ::= <INSTANCE_NAME> [<interface-list>] <rib-list> [<ROUTER_ID>] <interface-list> ::= (<INTERFACE_IDENTIFIER> ...) <rib-list> ::= (<rib> ...) <rib> ::= <rib-name> <address-family> [<route> ... ] [ENABLE_IP_RPF_CHECK] <address-family> ::= <IPV4_ADDRESS_FAMILY> | <IPV6_ADDRESS_FAMILY> | <MPLS_ADDRESS_FAMILY> | <IEEE_MAC_ADDRESS_FAMILY> <route> ::= <match> <nexthop> [<route-attributes>] [<route-vendor-attributes>] <match> ::= <IPV4> <ipv4-route> | <IPV6> <ipv6-route> | <MPLS> <MPLS_LABEL> | <IEEE_MAC> <MAC_ADDRESS> | <INTERFACE> <INTERFACE_IDENTIFIER> <route-type> ::= <IPV4> | <IPV6> | <MPLS> | <IEEE_MAC> | <INTERFACE>
<ipv4-route> ::= <ip-route-type> (<destination-ipv4-address> | <source-ipv4-address> | (<destination-ipv4-address> <source-ipv4-address>)) <destination-ipv4-address> ::= <ipv4-prefix> <source-ipv4-address> ::= <ipv4-prefix> <ipv4-prefix> ::= <IPV4_ADDRESS> <IPV4_PREFIX_LENGTH> <ipv6-route> ::= <ip-route-type> (<destination-ipv6-address> | <source-ipv6-address> | (<destination-ipv6-address> <source-ipv6-address>)) <destination-ipv6-address> ::= <ipv6-prefix> <source-ipv6-address> ::= <ipv6-prefix> <ipv6-prefix> ::= <IPV6_ADDRESS> <IPV6_PREFIX_LENGTH> <ip-route-type> ::= <SRC> | <DEST> | <DEST_SRC> <route-attributes> ::= <ROUTE_PREFERENCE> [<LOCAL_ONLY>] [<address-family-route-attributes>] <address-family-route-attributes> ::= <ip-route-attributes> | <mpls-route-attributes> | <ethernet-route-attributes> <ip-route-attributes> ::= <> <mpls-route-attributes> ::= <> <ethernet-route-attributes> ::= <> <route-vendor-attributes> ::= <> <nexthop> ::= <nexthop-base> | (<NEXTHOP_LOAD_BALANCE> <nexthop-lb>) | (<NEXTHOP_PROTECTION> <nexthop-protection>) | (<NEXTHOP_REPLICATE> <nexthop-replicate>) | <nexthop-chain> <nexthop-base> ::= <NEXTHOP_ID> | <nexthop-special> | <egress-interface> | <ipv4-address> | <ipv6-address> | (<egress-interface> (<ipv4-address> | <ipv6-address>)) | (<egress-interface> <IEEE_MAC_ADDRESS>) | <tunnel-encapsulation> | <tunnel-decapsulation> | <logical-tunnel> | <rib-name> <egress-interface> ::= <INTERFACE_IDENTIFIER>
<nexthop-special> ::= <DISCARD> | <DISCARD_WITH_ERROR> | (<RECEIVE> [<COS_VALUE>]) <nexthop-lb> ::= <NEXTHOP_LB_WEIGHT> <nexthop> (<NEXTHOP_LB_WEIGHT> <nexthop) ... <nexthop-protection> = <NEXTHOP_PREFERENCE> <nexthop> (<NEXTHOP_PREFERENCE> <nexthop>)... <nexthop-replicate> ::= <nexthop> <nexthop> ... <nexthop-chain> ::= <nexthop> ... <logical-tunnel> ::= <tunnel-type> <TUNNEL_NAME> <tunnel-type> ::= <IPV4> | <IPV6> | <MPLS> | <GRE> | <VxLAN> | <NVGRE> <tunnel-encapsulation> ::= (<IPV4> <ipv4-header>) | (<IPV6> <ipv6-header>) | (<MPLS> <mpls-header>) | (<GRE> <gre-header>) | (<VXLAN> <vxlan-header>) | (<NVGRE> <nvgre-header>) <ipv4-header> ::= <SOURCE_IPv4_ADDRESS> <DESTINATION_IPv4_ADDRESS> <PROTOCOL> [<TTL>] [<DSCP>] <ipv6-header> ::= <SOURCE_IPV6_ADDRESS> <DESTINATION_IPV6_ADDRESS> <NEXT_HEADER> [<TRAFFIC_CLASS>] [<FLOW_LABEL>] [<HOP_LIMIT>] <mpls-header> ::= (<mpls-label-operation> ...) <mpls-label-operation> ::= (<MPLS_PUSH> <MPLS_LABEL> [<S_BIT>] [<TOS_VALUE>] [<TTL_VALUE>]) | (<MPLS_SWAP> <IN_LABEL> <OUT_LABEL> [<TTL_ACTION>]) <gre-header> ::= <GRE_IP_DESTINATION> <GRE_PROTOCOL_TYPE> [<GRE_KEY>] <vxlan-header> ::= (<ipv4-header> | <ipv6-header>) [<VXLAN_IDENTIFIER>] <nvgre-header> ::= (<ipv4-header> | <ipv6-header>) <VIRTUAL_SUBNET_ID> [<FLOW_ID>]
<tunnel-decapsulation> ::= ((<IPV4> <IPV4_DECAP> [<TTL_ACTION>]) | (<IPV6> <IPV6_DECAP> [<HOP_LIMIT_ACTION>]) | (<MPLS> <MPLS_POP> [<TTL_ACTION>])) Figure 5: RIB rBNF Grammar Section 7.2.6.
The above example can be derived from the grammar as follows: <nexthop-chain> ::= <nexthop> <nexthop> <nexthop-chain> ::= <nexthop-base> <nexthop-base> <nexthop-chain> ::= <tunnel-decapsulation> <egress-interface> <nexthop-chain> ::= (<MPLS> <MPLS_POP>) <interface-outgoing> Elements in a nexthop chain are evaluated left to right. A nexthop chain can also be used to put one or more headers on an outgoing packet. One example is a pseudowire, which is MPLS over some transport (MPLS or GRE, for instance). Another example is Virtual eXtensible Local Area Network (VXLAN) over IP. A nexthop chain thus allows a RIB client to break up the programming of the nexthop into independent pieces (one per encapsulation). A simple example of MPLS over GRE can be represented as follows: <nexthop-chain> ::= (<MPLS> <mpls-header>) (<GRE> <gre-header>) <interface-outgoing> The above can be derived from the grammar as follows: <nexthop-chain> ::= <nexthop> <nexthop> <nexthop> <nexthop-chain> ::= <nexthop-base> <nexthop-base> <nexthop-base> <nexthop-chain> ::= <tunnel-encapsulation> <tunnel-encapsulation> <egress-interface> <nexthop-chain> ::= (<MPLS> <mpls-header>) (<GRE> <gre-header>) <interface-outgoing>
This can be derived from the grammar as follows: <nexthop> ::= <nexthop-replicate> <nexthop> ::= <NEXTHOP_REPLICATE> (<nexthop> <nexthop>...) <nexthop> ::= <NEXTHOP_REPLICATE> (<nexthop> <nexthop>) <nexthop> ::= <NEXTHOP_REPLICATE> ((<NEXTHOP_LOAD_BALANCE> <nexthop-lb>) (<NEXTHOP_LOAD_BALANCE> <nexthop-lb>)) <nexthop> ::= <NEXTHOP_REPLICATE> ((<NEXTHOP_LOAD_BALANCE> (<NEXTHOP_LB_WEIGHT> <nexthop> (<NEXTHOP_LB_WEIGHT> <nexthop>) ...)) ((<NEXTHOP_LOAD_BALANCE> (<NEXTHOP_LB_WEIGHT> <nexthop> (<NEXTHOP_LB_WEIGHT> <nexthop>) ...)) <nexthop> ::= <NEXTHOP_REPLICATE> ((<NEXTHOP_LOAD_BALANCE> (<NEXTHOP_LB_WEIGHT> <nexthop> (<NEXTHOP_LB_WEIGHT> <nexthop>))) ((<NEXTHOP_LOAD_BALANCE> (<NEXTHOP_LB_WEIGHT> <nexthop> (<NEXTHOP_LB_WEIGHT> <nexthop>) (<NEXTHOP_LB_WEIGHT> <nexthop>))) <nexthop> ::= <NEXTHOP_REPLICATE> ((<NEXTHOP_LOAD_BALANCE> (<NEXTHOP_LB_WEIGHT> <nexthop>) (<NEXTHOP_LB_WEIGHT> <nexthop>))) ((<NEXTHOP_LOAD_BALANCE> (<NEXTHOP_LB_WEIGHT> <nexthop>) (<NEXTHOP_LB_WEIGHT> <nexthop>) (<NEXTHOP_LB_WEIGHT> <nexthop>))) <nexthop> ::= <NEXTHOP_REPLICATE> ((<NEXTHOP_LOAD_BALANCE> (50 <outgoing-1-1>) (50 <outgoing-1-2>))) ((<NEXTHOP_LOAD_BALANCE> (20 <outgoing-2-1>) (20 <outgoing-2-2>) (60 <outgoing-2-3>))) Section 7.2.2).
In MPLS-based multicast, the packets are forwarded on a Point-to- Multipoint (P2MP) LSP. The nexthop for a P2MP LSP can be represented in the nexthop grammar as a <logical-tunnel> (P2MP LSP identifier) or a replication list (see Section 7.2.2) of <tunnel-encapsulation>, with each tunnel-encapsulation representing a single MPLS downstream nexthop. RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to- implement secure transport is TLS [RFC8446].
The NETCONF access control model [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. The RIB information model specifies read and write operations to network devices. These network devices might be considered sensitive or vulnerable in some network environments. Write operations to these network devices without proper protection can have a negative effect on network operations. Due to this factor, it is recommended that data models also consider the following in their design: o Require utilization of the authentication and authorization features of the NETCONF or RESTCONF suite of protocols. o Augment the limits on how much data can be written or updated by a remote entity built to include enough protection for a RIB data model. o Expose the specific RIB data model implemented via NETCONF/ RESTCONF data models. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, <https://www.rfc-editor.org/info/rfc6241>. [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, <https://www.rfc-editor.org/info/rfc6242>. [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, <https://www.rfc-editor.org/info/rfc8040>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, March 2018, <https://www.rfc-editor.org/info/rfc8341>. [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, <https://www.rfc-editor.org/info/rfc8446>. [RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P. Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", RFC 4915, DOI 10.17487/RFC4915, June 2007, <https://www.rfc-editor.org/info/rfc4915>. [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems (IS-ISs)", RFC 5120, DOI 10.17487/RFC5120, February 2008, <https://www.rfc-editor.org/info/rfc5120>. [RFC5511] Farrel, A., "Routing Backus-Naur Form (RBNF): A Syntax Used to Form Encoding Rules in Various Routing Protocol Specifications", RFC 5511, DOI 10.17487/RFC5511, April 2009, <https://www.rfc-editor.org/info/rfc5511>. [RFC7920] Atlas, A., Ed., Nadeau, T., Ed., and D. Ward, "Problem Statement for the Interface to the Routing System", RFC 7920, DOI 10.17487/RFC7920, June 2016, <https://www.rfc-editor.org/info/rfc7920>. [RFC8431] Wang, L., Chen, M., Dass, A., Ananthakrishnan, H., Kini, S., and N. Bahadur, "A YANG Data Model for the Routing Information Base (RIB)", RFC 8431, DOI 10.17487/RFC8431, September 2018, <http://www.rfc-editor.org/info/rfc8431>.