6.2. YANG Security Considerations
Cette page resume la section correspondante du RFC 9983 et conserve les points essentiels sur OSPFv2, AC-Flag, IANA et YANG.
The ietf-ospf-anycast-flag YANG module is designed for YANG-based management protocols such as NETCONF [RFC6241] and RESTCONF [RFC8040]. Those protocols need secure transport, for example SSH [RFC4252], TLS [RFC8446], or QUIC [RFC9000], and mutual authentication.
The Network Configuration Access Control Model (NACM) [RFC8341] can restrict NETCONF or RESTCONF access. The writable and readable sensitive node is:
/ospf:ospf/ospf:areas/ospf:area/ospf:interfaces/ospf:interface/
ospf-anycast-flag:anycast-flag
The YANG module enforces the rule that AC-Flag and N-flag MUST NOT both be set to 1 with a must constraint. Unauthorized changes could prevent correct interpretation of an IPv4 prefix as anycast or node-specific. Unauthorized read access can disclose anycast property information for OSPF prefixes. There are no particularly sensitive RPC or action operations.