search

openconfig / public

Repository for publishing OpenConfig models, documentation, and other material for the community.
Apache License 2.0
891 stars 645 forks source link

authentication-type parameter for ospf protocol seems incomplete #922

Open shashu89 opened 1 year ago

shashu89 commented 1 year ago

Hi Team,

Looks like authentication-type parameter doesn't seem to not have corresponding authentication-key attribute for ospf protocol public/release/models/ospf/openconfig-ospfv2-area-interface.yang

leaf authentication-type {
  type string;
  description
    "The type of authentication that should be used on this
    interface";
}

So, Is there something I have missed here?

dplore commented 1 year ago

Agreed, this does look like this is ambiguous. Seems like OSPF should have a crypto-type just like we have for ISIS: /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/authentication/state/crypto-type

and then a separate leaf for the authentication-key, like we have in ISIS: /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/authentication/state/ authentication-key

Is this the problem you're looking to resolve?

shashu89 commented 1 year ago

Yes, exactly, we need a crypto-type and authentication-key and even existing authentication-type parameter is not clear about the standard values it can hold.

shashu89 commented 1 year ago

I am proposing as below if we can add a new authentication section under interfaces:

          |  +--rw areas
          |     +--rw area* [identifier]
          |        +--rw identifier       -> ../config/identifier
          |        +--rw config
          |        |  +--rw identifier?   oc-ospf-types:ospf-area-identifier
          |        +--rw interfaces
          |        |  +--rw interface* [id]
          |        |     +--rw id               -> ../config/id
          |        |     +--rw authentication
          |        |           +--rw config
          |        |           |  +--rw authentication-mode?   identityref
          |        |           |  +--rw simple-password?       string
          |        |           |  +--rw message-digest* [message-digest-keyid]
          |        |           |     +--rw message-digest-keyid         uint8
          |        |           |     +--rw message-digest-encryption?   MESSAGE_DIGEST_ENCRYPTION
          |        |           |     +--rw message-digest-password?     string
          |        |           +--ro state
          |        |           |  +--ro authentication-mode?   identityref
          |        |           |  +--ro simple-password?       string
          |        |           |  +--ro message-digest* [message-digest-keyid]
          |        |           |      +--ro message-digest-keyid         uint8
          |        |           |      +--ro message-digest-encryption?   MESSAGE_DIGEST_ENCRYPTION
          |        |           |      +--ro message-digest-password?     string
missaesasaya commented 7 months ago

Was there any progress on this issue? We are also having the same problem on our project. Also, this seems related to issue #116.

dplore commented 3 months ago

@shashu89 please do send a pull request for your change.

dplore commented 3 months ago

This is also reported via #868 and #116

Shashank-arista commented 3 months ago

(Posting from official account) @dplore, I had actually implemented the above as an internal augmentation. I am in the process of raising a PR for the same. Will share it in a couple of days.

Shashank-arista commented 2 months ago

@dplore please find the pull request raised here: https://github.com/openconfig/public/pull/1127