< draft-ietf-rtgwg-policy-model-00.txt   draft-ietf-rtgwg-policy-model-01.txt >
Network Working Group A. Shaikh Network Working Group A. Shaikh
Internet-Draft Google Internet-Draft Google
Intended status: Informational R. Shakir Intended status: Informational R. Shakir
Expires: March 30, 2016 Individual Expires: October 8, 2016 Jive Communications
K. D'Souza K. D'Souza
C. Chase C. Chase
AT&T AT&T
September 27, 2015 April 6, 2016
Routing Policy Configuration Model for Service Provider Networks Routing Policy Configuration Model for Service Provider Networks
draft-ietf-rtgwg-policy-model-00 draft-ietf-rtgwg-policy-model-01
Abstract Abstract
This document defines a YANG data model for configuring and managing This document defines a YANG data model for configuring and managing
routing policies in a vendor-neutral way and based on actual routing policies in a vendor-neutral way and based on actual
operational practice. The model provides a generic policy framework operational practice. The model provides a generic policy framework
which can be augmented with protocol-specific policy configuration. which can be augmented with protocol-specific policy configuration.
Status of This Memo Status of This Memo
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 30, 2016. This Internet-Draft will expire on October 8, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 25 skipping to change at page 2, line 25
3.2. Policy conditions . . . . . . . . . . . . . . . . . . . . 5 3.2. Policy conditions . . . . . . . . . . . . . . . . . . . . 5
3.3. Policy actions . . . . . . . . . . . . . . . . . . . . . 6 3.3. Policy actions . . . . . . . . . . . . . . . . . . . . . 6
3.4. Policy subroutines . . . . . . . . . . . . . . . . . . . 7 3.4. Policy subroutines . . . . . . . . . . . . . . . . . . . 7
4. Policy evaluation . . . . . . . . . . . . . . . . . . . . . . 7 4. Policy evaluation . . . . . . . . . . . . . . . . . . . . . . 7
5. Applying routing policy . . . . . . . . . . . . . . . . . . . 8 5. Applying routing policy . . . . . . . . . . . . . . . . . . . 8
6. Routing protocol-specific policies . . . . . . . . . . . . . 9 6. Routing protocol-specific policies . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
9. YANG modules . . . . . . . . . . . . . . . . . . . . . . . . 11 9. YANG modules . . . . . . . . . . . . . . . . . . . . . . . . 11
9.1. Routing policy model . . . . . . . . . . . . . . . . . . 11 9.1. Routing policy model . . . . . . . . . . . . . . . . . . 11
9.2. Routing policy types . . . . . . . . . . . . . . . . . . 23 9.2. Routing policy types . . . . . . . . . . . . . . . . . . 34
10. Policy examples . . . . . . . . . . . . . . . . . . . . . . . 27 10. Policy examples . . . . . . . . . . . . . . . . . . . . . . . 38
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 39
11.1. Normative references . . . . . . . . . . . . . . . . . . 31 11.1. Normative references . . . . . . . . . . . . . . . . . . 39
11.2. Informative references . . . . . . . . . . . . . . . . . 31 11.2. Informative references . . . . . . . . . . . . . . . . . 40
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 31 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 40
Appendix B. Change summary . . . . . . . . . . . . . . . . . . . 31 Appendix B. Change summary . . . . . . . . . . . . . . . . . . . 40
B.1. Changes between revisions draft-shaikh-rtgwg-policy-model B.1. Changes between revisions -00 and -01 . . . . . . . . . . 40
and -00 . . . . . . . . . . . . . . . . . . . . . . . . . 31 B.2. Changes between revisions draft-shaikh-rtgwg-policy-model
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 and -00 . . . . . . . . . . . . . . . . . . . . . . . . . 40
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40
1. Introduction 1. Introduction
This document describes a YANG [RFC6020] data model for routing This document describes a YANG [RFC6020] data model for routing
policy configuration based on operational usage and best practices in policy configuration based on operational usage and best practices in
a variety of service provider networks. The model is intended to be a variety of service provider networks. The model is intended to be
vendor-neutral, in order to allow operators to manage policy vendor-neutral, in order to allow operators to manage policy
configuration in a consistent, intuitive way in heterogeneous configuration in a consistent, intuitive way in heterogeneous
environments with routers supplied by multiple vendors. environments with routers supplied by multiple vendors.
skipping to change at page 6, line 18 skipping to change at page 6, line 18
protocol or mechanism installed a route (e.g., BGP, IGP, static, protocol or mechanism installed a route (e.g., BGP, IGP, static,
etc.). The conditions included in the model are shown below. etc.). The conditions included in the model are shown below.
+--rw routing-policy +--rw routing-policy
+--rw policy-definitions +--rw policy-definitions
+--rw policy-definition* [name] +--rw policy-definition* [name]
+--rw statements +--rw statements
+--rw statement* [name] +--rw statement* [name]
+--rw conditions +--rw conditions
+--rw call-policy? +--rw call-policy?
+--rw match-interface?
+--rw match-prefix-set! +--rw match-prefix-set!
| +--rw prefix-set? | +--rw prefix-set?
| +--rw match-set-options? | +--rw match-set-options?
+--rw match-neighbor-set! +--rw match-neighbor-set!
| +--rw neighbor-set? | +--rw neighbor-set?
| +--rw match-set-options? | +--rw match-set-options?
+--rw match-tag-set! +--rw match-tag-set!
| +--rw tag-set? | +--rw tag-set?
| +--rw match-set-options? | +--rw match-set-options?
+--rw install-protocol-eq? +--rw install-protocol-eq?
skipping to change at page 11, line 27 skipping to change at page 11, line 27
YANG modules will be registered in the "YANG Module Names" registry YANG modules will be registered in the "YANG Module Names" registry
[RFC6020]. [RFC6020].
9. YANG modules 9. YANG modules
The routing policy model is described by the YANG modules in the The routing policy model is described by the YANG modules in the
sections below. sections below.
9.1. Routing policy model 9.1. Routing policy model
<CODE BEGINS> file routing-policy.yang <CODE BEGINS> file "openconfig-routing-policy.yang"
module routing-policy { module openconfig-routing-policy {
yang-version "1"; yang-version "1";
// namespace // namespace
namespace "http://openconfig.net/yang/routing-policy"; namespace "urn:ietf:params:xml:ns:yang:ietf-routing-policy";
prefix "rpol"; prefix "oc-rpol";
// import some basic types // import some basic types
import ietf-inet-types { prefix inet; } import ietf-inet-types { prefix inet; }
import policy-types {prefix pt; } import openconfig-interfaces { prefix oc-if; }
import openconfig-policy-types { prefix oc-pol-types; }
import openconfig-extensions { prefix oc-ext; }
// meta // meta
organization organization
"OpenConfig working group"; "OpenConfig working group";
contact contact
"OpenConfig working group "OpenConfig working group
netopenconfig@googlegroups.com"; netopenconfig@googlegroups.com";
description description
skipping to change at page 13, line 10 skipping to change at page 13, line 11
definition which applies conditions and actions from the definition which applies conditions and actions from the
referenced policy before returning to the calling policy referenced policy before returning to the calling policy
statement and resuming evaluation. If the called policy statement and resuming evaluation. If the called policy
results in an accept-route (either explicit or by default), then results in an accept-route (either explicit or by default), then
the subroutine returns an effective true value to the calling the subroutine returns an effective true value to the calling
policy. Similarly, a reject-route action returns false. If the policy. Similarly, a reject-route action returns false. If the
subroutine returns true, the calling policy continues to evaluate subroutine returns true, the calling policy continues to evaluate
the remaining conditions (using a modified route if the the remaining conditions (using a modified route if the
subroutine performed any changes to the route)."; subroutine performed any changes to the route).";
revision "2015-05-15" { oc-ext:openconfig-version "2.0.0";
revision "2016-03-28" {
description description
"Initial revision"; "OpenConfig public release";
reference "TBD"; reference "2.0.0";
} }
// typedef statements // typedef statements
typedef default-policy-type { typedef default-policy-type {
type enumeration { type enumeration {
enum ACCEPT-ROUTE { enum ACCEPT_ROUTE {
description "default policy to accept the route"; description "default policy to accept the route";
} }
enum REJECT-ROUTE { enum REJECT_ROUTE {
description "default policy to reject the route"; description "default policy to reject the route";
} }
} }
description "type used to specify default route disposition in description "type used to specify default route disposition in
a policy chain"; a policy chain";
} }
// grouping statements // grouping statements
grouping generic-defined-sets { grouping prefix-set-config {
description description
"Data definitions for pre-defined sets of attributes used in "Configuration data for prefix sets used in policy
policy match conditions. These sets are generic and can definitions.";
be used in matching conditions in different routing
protocols."; leaf prefix-set-name {
type string;
description
"name / label of the prefix set -- this is used to
reference the set in match conditions";
}
}
grouping prefix-set-state {
description
"Operational state data for prefix sets";
}
grouping prefix-set-top {
description
"Top-level data definitions for a list of IPv4 or IPv6
prefixes which are matched as part of a policy";
container prefix-sets { container prefix-sets {
description description
"Enclosing container for defined prefix sets for matching"; "Enclosing container ";
list prefix-set { list prefix-set {
key prefix-set-name; key prefix-set-name;
description description
"List of the defined prefix sets"; "List of the defined prefix sets";
leaf prefix-set-name { leaf prefix-set-name {
type string; type leafref {
path "../config/prefix-set-name";
}
description description
"name / label of the prefix set -- this is used to "Reference to prefix name list key";
reference the set in match conditions";
} }
list prefix { container config {
key "ip-prefix masklength-range";
description description
"List of prefix expressions that are part of the set"; "Configuration data for prefix sets";
leaf ip-prefix { uses prefix-set-config;
type inet:ip-prefix; }
mandatory true;
description
"The prefix member in CIDR notation -- while the
prefix may be either IPv4 or IPv6, most
implementations require all members of the prefix set
to be the same address family. Mixing address types in
the same prefix set is likely to cause an error.";
}
leaf masklength-range { container state {
type string {
pattern '^([0-9]+\.\.[0-9]+)|exact$';
}
description
"Defines a range for the masklength, or 'exact' if
the prefix has an exact length.
Example: 10.3.192.0/21 through 10.3.192.0/24 would be config false;
expressed as prefix: 10.3.192.0/21,
masklength-range: 21..24.
Example: 10.3.192.0/21 would be expressed as description
prefix: 10.3.192.0/21, "Operational state data ";
masklength-range: exact";
uses prefix-set-config;
uses prefix-set-state;
}
uses prefix-top;
}
}
}
grouping prefix-config {
description
"Configuration data for a prefix definition";
leaf ip-prefix {
type inet:ip-prefix;
mandatory true;
description
"The prefix member in CIDR notation -- while the
prefix may be either IPv4 or IPv6, most
implementations require all members of the prefix set
to be the same address family. Mixing address types in
the same prefix set is likely to cause an error.";
}
leaf masklength-range {
type string {
pattern '^([0-9]+\.\.[0-9]+)|exact$';
}
description
"Defines a range for the masklength, or 'exact' if
the prefix has an exact length.
Example: 10.3.192.0/21 through 10.3.192.0/24 would be
expressed as prefix: 10.3.192.0/21,
masklength-range: 21..24.
Example: 10.3.192.0/21 would be expressed as
prefix: 10.3.192.0/21,
masklength-range: exact";
}
}
grouping prefix-state {
description
"Operational state data for prefix definitions";
}
grouping prefix-top {
description
"Top-level grouping for prefixes in a prefix list";
container prefixes {
description
"Enclosing container for the list of prefixes in a policy
prefix list";
list prefix {
key "ip-prefix masklength-range";
description
"List of prefixes in the prefix set";
leaf ip-prefix {
type leafref {
path "../config/ip-prefix";
}
description
"Reference to the ip-prefix list key.";
}
leaf masklength-range {
type leafref {
path "../config/masklength-range";
} }
description
"Reference to the masklength-range list key";
}
container config {
description
"Configuration data for prefix definition";
uses prefix-config;
}
container state {
config false;
description
"Operational state data for prefix definition";
uses prefix-config;
uses prefix-state;
} }
} }
} }
}
grouping neighbor-set-config {
description
"Configuration data for neighbor set definitions";
leaf neighbor-set-name {
type string;
description
"name / label of the neighbor set -- this is used to
reference the set in match conditions";
}
leaf-list address {
type inet:ip-address;
description
"List of IP addresses in the neighbor set";
}
}
grouping neighbor-set-state {
description
"Operational state data for neighbor set definitions";
}
grouping neighbor-set-top {
description
"Top-level data definition for a list of IPv4 or IPv6
neighbors which can be matched in a routing policy";
container neighbor-sets { container neighbor-sets {
description description
"Enclosing container for defined neighbor sets for matching"; "Enclosing container for the list of neighbor set
definitions";
list neighbor-set { list neighbor-set {
key neighbor-set-name; key neighbor-set-name;
description description
"Definitions for neighbor sets"; "List of defined neighbor sets for use in policies.";
leaf neighbor-set-name { leaf neighbor-set-name {
type string; type leafref {
path "../config/neighbor-set-name";
}
description description
"name / label of the neighbor set -- this is used to "Reference to the neighbor set name list key.";
reference the set in match conditions";
} }
list neighbor { container config {
key "address";
description description
"list of addresses that are part of the neighbor set"; "Configuration data for neighbor sets.";
leaf address { uses neighbor-set-config;
type inet:ip-address; }
description
"IP address of the neighbor set member"; container state {
} config false;
description
"Operational state data for neighbor sets.";
uses neighbor-set-config;
uses neighbor-set-state;
} }
} }
} }
}
grouping tag-set-config {
description
"Configuration data for tag set definitions.";
leaf tag-set-name {
type string;
description
"name / label of the tag set -- this is used to reference
the set in match conditions";
}
leaf-list tag-value {
type oc-pol-types:tag-type;
description
"Value of the tag set member";
}
}
grouping tag-set-state {
description
"Operational state data for tag set definitions.";
}
grouping tag-set-top {
description
"Top-level data definitions for a list of tags which can
be matched in policies";
container tag-sets { container tag-sets {
description description
"Enclosing container for defined tag sets for matching"; "Enclosing container for the list of tag sets.";
list tag-set { list tag-set {
key tag-set-name; key tag-set-name;
description description
"Definitions for tag sets"; "List of tag set definitions.";
leaf tag-set-name { leaf tag-set-name {
type string; type leafref {
path "../config/tag-set-name";
}
description description
"name / label of the tag set -- this is used to reference "Reference to the tag set name list key";
the set in match conditions";
} }
list tag { container config {
key "value";
description description
"list of tags that are part of the tag set"; "Configuration data for tag sets";
leaf value { uses tag-set-config;
type pt:tag-type; }
description
"Value of the tag set member"; container state {
}
config false;
description
"Operational state data for tag sets";
uses tag-set-config;
uses tag-set-state;
} }
} }
} }
} }
grouping local-generic-conditions { grouping generic-defined-sets {
description description
"Condition statement definitions for consideration of a local "Data definitions for pre-defined sets of attributes used in
characteristic of a route"; policy match conditions. These sets are generic and can
be used in matching conditions in different routing
protocols.";
leaf install-protocol-eq { uses prefix-set-top;
type identityref { uses neighbor-set-top;
base pt:install-protocol-type; uses tag-set-top;
}
description
"Condition to check the protocol / method used to install
which installed the route into the local routing table";
}
} }
grouping match-set-options-group { grouping match-set-options-group {
description description
"Grouping containing options relating to how a particular set "Grouping containing options relating to how a particular set
should be matched"; should be matched";
leaf match-set-options { leaf match-set-options {
type pt:match-set-options-type; type oc-pol-types:match-set-options-type;
description description
"Optional parameter that governs the behaviour of the "Optional parameter that governs the behaviour of the
match operation"; match operation";
} }
} }
grouping match-set-options-restricted-group { grouping match-set-options-restricted-group {
description description
"Grouping for a restricted set of match operation modifiers"; "Grouping for a restricted set of match operation modifiers";
leaf match-set-options { leaf match-set-options {
type pt:match-set-options-restricted-type; type oc-pol-types:match-set-options-restricted-type;
description description
"Optional parameter that governs the behaviour of the "Optional parameter that governs the behaviour of the
match operation. This leaf only supports matching on ANY match operation. This leaf only supports matching on ANY
member of the set or inverting the match. Matching on ALL is member of the set or inverting the match. Matching on ALL is
not supported)"; not supported)";
} }
} }
grouping generic-conditions {
description "Condition statement definitions for checking
membership in a generic defined set";
container match-prefix-set { grouping match-interface-condition-config {
presence description
"The presence of this container indicates that the routes "Configuration data for interface match condition";
should match the prefix-set referenced.";
uses oc-if:interface-ref-common;
}
grouping match-interface-condition-state {
description
"Operational state data for interface match condition";
}
grouping match-interface-condition-top {
description
"Top-level grouping for the interface match condition";
container match-interface {
description description
"Match a referenced prefix-set according to the logic "Top-level container for interface match conditions";
defined in the match-set-options leaf";
leaf prefix-set { container config {
description
"Configuration data for interface match conditions";
uses match-interface-condition-config;
}
container state {
config false;
description
"Operational state data for interface match conditions";
uses match-interface-condition-config;
uses match-interface-condition-state;
}
}
}
grouping prefix-set-condition-config {
description
"Configuration data for prefix-set conditions";
leaf prefix-set {
type leafref { type leafref {
path "/routing-policy/defined-sets/prefix-sets/" + path "/routing-policy/defined-sets/prefix-sets/" +
"prefix-set/prefix-set-name"; "prefix-set/prefix-set-name";
//TODO: require-instance should be added when it's //TODO: require-instance should be added when it's
//supported in YANG 1.1 //supported in YANG 1.1
//require-instance true; //require-instance true;
} }
description "References a defined prefix set"; description "References a defined prefix set";
} }
uses match-set-options-restricted-group; uses match-set-options-restricted-group;
}
grouping prefix-set-condition-state {
description
"Operational state data for prefix-set conditions";
}
grouping prefix-set-condition-top {
description
"Top-level grouping for prefix-set conditions";
container match-prefix-set {
description
"Match a referenced prefix-set according to the logic
defined in the match-set-options leaf";
container config {
description
"Configuration data for a prefix-set condition";
uses prefix-set-condition-config;
}
container state {
config false;
description
"Operational state data for a prefix-set condition";
uses prefix-set-condition-config;
uses prefix-set-condition-state;
}
} }
}
container match-neighbor-set { grouping neighbor-set-condition-config {
presence description
"The presence of this container indicates that the routes "Configuration data for neighbor-set conditions";
should match the neighbour set referenced";
leaf neighbor-set {
type leafref {
path "/routing-policy/defined-sets/neighbor-sets/" +
"neighbor-set/neighbor-set-name";
//TODO: require-instance should be added when it's
//supported in YANG 1.1
//require-instance true;
}
description "References a defined neighbor set";
}
uses match-set-options-restricted-group;
}
grouping neighbor-set-condition-state {
description
"Operational state data for neighbor-set conditions";
}
grouping neighbor-set-condition-top {
description
"Top-level grouping for neighbor-set conditions";
container match-neighbor-set {
description description
"Match a referenced neighbor set according to the logic "Match a referenced neighbor set according to the logic
defined in the match-set-options-leaf"; defined in the match-set-options-leaf";
leaf neighbor-set { container config {
type leafref { description
path "/routing-policy/defined-sets/neighbor-sets/" + "Configuration data ";
"neighbor-set/neighbor-set-name";
//TODO: require-instance should be added when it's uses neighbor-set-condition-config;
//supported in YANG 1.1 }
//require-instance true;
} container state {
description "References a defined neighbor set";
config false;
description
"Operational state data ";
uses neighbor-set-condition-config;
uses neighbor-set-condition-state;
} }
uses match-set-options-restricted-group;
} }
container match-tag-set { }
presence
"The presence of this container indicates that the routes grouping tag-set-condition-config {
should match the tag-set referenced"; description
"Configuration data for tag-set condition statements";
leaf tag-set {
type leafref {
path "/routing-policy/defined-sets/tag-sets/tag-set" +
"/tag-set-name";
//TODO: require-instance should be added when it's
//supported in YANG 1.1
//require-instance true;
}
description "References a defined tag set";
}
uses match-set-options-restricted-group;
}
grouping tag-set-condition-state {
description
"Operational state data for tag-set condition statements";
}
grouping tag-set-condition-top {
description
"Top-level grouping for tag-set conditions";
container match-tag-set {
description description
"Match a referenced tag set according to the logic defined "Match a referenced tag set according to the logic defined
in the match-options-set leaf"; in the match-options-set leaf";
leaf tag-set { container config {
type leafref { description
path "/routing-policy/defined-sets/tag-sets/tag-set" + "Configuration data for tag-set conditions";
"/tag-set-name";
//TODO: require-instance should be added when it's uses tag-set-condition-config;
//supported in YANG 1.1 }
//require-instance true;
} container state {
description "References a defined tag set";
config false;
description
"Operational state data tag-set conditions";
uses tag-set-condition-config;
uses tag-set-condition-state;
} }
uses match-set-options-restricted-group;
} }
}
grouping generic-conditions {
description "Condition statement definitions for checking
membership in a generic defined set";
uses match-interface-condition-top;
uses prefix-set-condition-top;
uses neighbor-set-condition-top;
uses tag-set-condition-top;
uses local-generic-conditions;
} }
grouping igp-generic-conditions { grouping igp-generic-conditions {
description "grouping for IGP policy conditions"; description "grouping for IGP policy conditions";
} }
grouping igp-conditions { grouping igp-conditions {
description "grouping for IGP-specific policy conditions"; description "grouping for IGP-specific policy conditions";
skipping to change at page 19, line 19 skipping to change at page 25, line 28
description "accepts the route into the routing table"; description "accepts the route into the routing table";
} }
leaf reject-route { leaf reject-route {
type empty; type empty;
description "rejects the route"; description "rejects the route";
} }
} }
} }
grouping igp-actions { grouping igp-actions-config {
description "grouping for IGP-specific policy actions"; description
"Configuration data for IGP policy actions";
leaf set-tag {
type oc-pol-types:tag-type;
description
"Set the tag value for OSPF or IS-IS routes.";
}
}
grouping igp-actions-state {
description
"Operational state data for IGP policy actions ";
}
grouping igp-actions-top {
description
"Top-level grouping ";
container igp-actions { container igp-actions {
description "Actions to set IGP route attributes; these actions description
apply to multiple IGPs"; "Actions to set IGP route attributes; these actions
apply to multiple IGPs";
leaf set-tag { container config {
type pt:tag-type;
description description
"Set the tag value for OSPF or IS-IS routes."; "Configuration data ";
uses igp-actions-config;
}
container state {
config false;
description
"Operational state data ";
uses igp-actions-config;
uses igp-actions-state;
} }
} }
} }
container routing-policy { grouping policy-conditions-config {
description description
"top-level container for all routing policy configuration"; "Configuration data for general policy conditions, i.e., those
not related to match-sets";
leaf call-policy {
type leafref {
path "/oc-rpol:routing-policy/" +
"oc-rpol:policy-definitions/" +
"oc-rpol:policy-definition/oc-rpol:name";
//TODO: require-instance should be added when
//it is supported in YANG 1.1
//require-instance true;
}
description
"Applies the statements from the specified policy
definition and then returns control the current
policy statement. Note that the called policy may
itself call other policies (subject to
implementation limitations). This is intended to
provide a policy 'subroutine' capability. The
called policy should contain an explicit or a
default route disposition that returns an
effective true (accept-route) or false
(reject-route), otherwise the behavior may be
ambiguous and implementation dependent";
}
leaf install-protocol-eq {
type identityref {
base oc-pol-types:INSTALL_PROTOCOL_TYPE;
}
description
"Condition to check the protocol / method used to install
the route into the local routing table";
}
}
grouping policy-conditions-state {
description
"Operational state data for policy conditions";
}
grouping policy-conditions-top {
description
"Top-level grouping for policy conditions";
container conditions {
description
"Condition statements for the current policy statement";
container config {
description
"Configuration data for policy conditions";
uses policy-conditions-config;
}
container state {
config false;
description
"Operational state data for policy conditions";
uses policy-conditions-config;
uses policy-conditions-state;
}
uses generic-conditions;
uses igp-conditions;
}
}
grouping policy-statements-config {
description
"Configuration data for policy statements";
leaf name {
type string;
description
"name of the policy statement";
}
}
grouping policy-statements-state {
description
"Operational state data for policy statements";
}
grouping policy-actions-config {
description
"Configuration data for policy actions";
uses generic-actions;
}
grouping policy-actions-state {
description
"Operational state data for policy actions";
}
grouping policy-actions-top {
description
"Top-level grouping for policy actions";
container actions {
description
"Top-level container for policy action statements";
container config {
description
"Configuration data for policy actions";
uses policy-actions-config;
}
container state {
config false;
description
"Operational state data for policy actions";
uses policy-actions-config;
uses policy-actions-state;
}
uses igp-actions-top;
}
}
grouping policy-statements-top {
description
"Top-level grouping for the policy statements list";
container statements {
description
"Enclosing container for policy statements";
list statement {
key name;
// TODO: names of policy statements within a policy
// definition should be optional, however, YANG
// requires a unique id for lists; not sure that a
// compound key works either -- need to investigate
// further.
ordered-by user;
description
"Policy statements group conditions and actions
within a policy definition. They are evaluated in
the order specified (see the description of policy
evaluation at the top of this module.";
leaf name {
type leafref {
path "../config/name";
}
description
"Reference to list key";
}
container config {
description
"Configuration data for policy statements";
uses policy-statements-config;
}
container state {
config false;
description
"Operational state data for policy statements";
uses policy-statements-config;
uses policy-statements-state;
}
uses policy-conditions-top;
uses policy-actions-top;
}
}
}
grouping defined-sets-top {
description
"Top-level grouping for defined set definitions";
container defined-sets { container defined-sets {
description description
"Predefined sets of attributes used in policy match "Predefined sets of attributes used in policy match
statements"; statements";
uses generic-defined-sets; uses generic-defined-sets;
// uses bgp-defined-sets;
// don't see a need for IGP-specific defined sets at this point
// e.g., for OSPF, IS-IS, etc.
} }
}
grouping policy-definitions-config {
description
"Configuration data for policy definitions";
leaf name {
type string;
description
"Name of the top-level policy definition -- this name
is used in references to the current policy";
}
}
grouping policy-definitions-state {
description
"Operational state data for policy definitions";
}
grouping policy-definitions-top {
description
"Top-level grouping for the policy definition list";
container policy-definitions { container policy-definitions {
description description
"Enclosing container for the list of top-level policy "Enclosing container for the list of top-level policy
definitions"; definitions";
list policy-definition { list policy-definition {
key name; key name;
description description
"List of top-level policy definitions, keyed by unique "List of top-level policy definitions, keyed by unique
name. These policy definitions are expected to be name. These policy definitions are expected to be
referenced (by name) in policy chains specified in import/ referenced (by name) in policy chains specified in import
export configuration statements."; or export configuration statements.";
leaf name { leaf name {
type string; type leafref {
path "../config/name";
}
description description
"Name of the top-level policy definition -- this name "Reference to the list key";
is used in references to the current policy";
} }
container statements { container config {
description description
"Enclosing container for policy statements"; "Configuration data for policy defintions";
list statement { uses policy-definitions-config;
key name; }
// TODO: names of policy statements within a policy defn
// should be optional, however, YANG requires a unique id
// for lists; not sure that a compound key works either;
// need to investigate further.
ordered-by user;
description
"Policy statements group conditions and actions within
a policy definition. They are evaluated in the order
specified (see the description of policy evaluation
at the top of this module.";
leaf name { container state {
type string;
description "name of the policy statement";
}
container conditions { config false;
description "Condition statements for this description
policy statement"; "Operational state data for policy definitions";
leaf call-policy { uses policy-definitions-config;
type leafref { uses policy-definitions-state;
path "/rpol:routing-policy/" + }
"rpol:policy-definitions/" +
"rpol:policy-definition/rpol:name";
//TODO: require-instance should be added when it's
//supported in YANG 1.1
//require-instance true;
}
description
"Applies the statements from the specified policy
definition and then returns control the current
policy statement. Note that the called policy may
itself call other policies (subject to
implementation limitations). This is intended to
provide a policy 'subroutine' capability. The
called policy should contain an explicit or a
default route disposition that returns an effective
true (accept-route) or false (reject-route),
otherwise the behavior may be ambiguous and
implementation dependent";
}
uses generic-conditions;
uses igp-conditions;
}
container actions { uses policy-statements-top;
}
}
}
description "Action statements for this policy grouping routing-policy-top {
statement"; description
"Top level container for OpenConfig routing policy";
uses generic-actions; container routing-policy {
uses igp-actions; description
} "Top-level container for all routing policy configuration";
}
} uses defined-sets-top;
}
uses policy-definitions-top;
} }
} }
grouping apply-policy-config { grouping apply-policy-import-config {
description description
"Configuration data for routing policies"; "Configuration data for applying import policies";
leaf-list import-policy { leaf-list import-policy {
type leafref { type leafref {
path "/rpol:routing-policy/rpol:policy-definitions/" + path "/oc-rpol:routing-policy/oc-rpol:policy-definitions/" +
"rpol:policy-definition/rpol:name"; "oc-rpol:policy-definition/oc-rpol:name";
//TODO: require-instance should be added when it's //TODO: require-instance should be added when it's
//supported in YANG 1.1 //supported in YANG 1.1
//require-instance true; //require-instance true;
} }
ordered-by user; ordered-by user;
description description
"list of policy names in sequence to be applied on "list of policy names in sequence to be applied on
receiving a routing update in the current context, e.g., receiving a routing update in the current context, e.g.,
for the current peer group, neighbor, address family, for the current peer group, neighbor, address family,
etc."; etc.";
} }
leaf default-import-policy { leaf default-import-policy {
type default-policy-type; type default-policy-type;
default REJECT-ROUTE; default REJECT_ROUTE;
description description
"explicitly set a default policy if no policy definition "explicitly set a default policy if no policy definition
in the import policy chain is satisfied."; in the import policy chain is satisfied.";
} }
}
grouping apply-policy-export-config {
description
"Configuration data for applying export policies";
leaf-list export-policy { leaf-list export-policy {
type leafref { type leafref {
path "/rpol:routing-policy/rpol:policy-definitions/" + path "/oc-rpol:routing-policy/oc-rpol:policy-definitions/" +
"rpol:policy-definition/rpol:name"; "oc-rpol:policy-definition/oc-rpol:name";
//TODO: require-instance should be added when it's //TODO: require-instance should be added when it's
//supported in YANG 1.1 //supported in YANG 1.1
//require-instance true; //require-instance true;
} }
ordered-by user; ordered-by user;
description description
"list of policy names in sequence to be applied on "list of policy names in sequence to be applied on
sending a routing update in the current context, e.g., sending a routing update in the current context, e.g.,
for the current peer group, neighbor, address family, for the current peer group, neighbor, address family,
etc."; etc.";
} }
leaf default-export-policy { leaf default-export-policy {
type default-policy-type; type default-policy-type;
default REJECT-ROUTE; default REJECT_ROUTE;
description description
"explicitly set a default policy if no policy definition "explicitly set a default policy if no policy definition
in the export policy chain is satisfied."; in the export policy chain is satisfied.";
} }
} }
grouping apply-policy-config {
description
"Configuration data for routing policies";
uses apply-policy-import-config;
uses apply-policy-export-config;
}
grouping apply-policy-state { grouping apply-policy-state {
description description
"Operational state associated with routing policy"; "Operational state associated with routing policy";
//TODO: identify additional state data beyond the intended //TODO: identify additional state data beyond the intended
//policy configuration. //policy configuration.
} }
grouping apply-policy-group { grouping apply-policy-group {
description description
skipping to change at page 23, line 40 skipping to change at page 34, line 28
config false; config false;
description description
"Operational state for routing policy"; "Operational state for routing policy";
uses apply-policy-config; uses apply-policy-config;
uses apply-policy-state; uses apply-policy-state;
} }
} }
} }
uses routing-policy-top;
} }
<CODE ENDS> <CODE ENDS>
9.2. Routing policy types 9.2. Routing policy types
<CODE BEGINS> file policy-types.yang <CODE BEGINS> file "openconfig-policy-types.yang"
module policy-types { module openconfig-policy-types {
yang-version "1"; yang-version "1";
// namespace // namespace
namespace "http://openconfig.net/yang/policy-types"; namespace "urn:ietf:params:xml:ns:yang:ietf-policy-types";
prefix "ptypes";
prefix "oc-pol-types";
// import some basic types // import some basic types
import ietf-yang-types { prefix yang; } import ietf-yang-types { prefix yang; }
import openconfig-extensions { prefix oc-ext; }
// meta // meta
organization organization
"OpenConfig working group"; "OpenConfig working group";
contact contact
"OpenConfig working group "OpenConfig working group
netopenconfig@googlegroups.com"; netopenconfig@googlegroups.com";
description description
"This module contains general data definitions for use in routing "This module contains general data definitions for use in routing
policy. It can be imported by modules that contain protocol- policy. It can be imported by modules that contain protocol-
specific policy conditions and actions."; specific policy conditions and actions.";
revision "2015-05-15" { oc-ext:openconfig-version "2.0.0";
revision "2016-03-28" {
description description
"Initial revision"; "OpenConfig public release";
reference "TBD"; reference "2.0.0";
} }
// identity statements // identity statements
identity attribute-comparison { identity ATTRIBUTE_COMPARISON {
description description
"base type for supported comparison operators on route "base type for supported comparison operators on route
attributes"; attributes";
} }
identity attribute-eq { identity ATTRIBUTE_EQ {
base attribute-comparison; base ATTRIBUTE_COMPARISON;
description "== comparison"; description "== comparison";
} }
identity attribute-ge { identity ATTRIBUTE_GE {
base attribute-comparison; base ATTRIBUTE_COMPARISON;
description ">= comparison"; description ">= comparison";
} }
identity attribute-le { identity ATTRIBUTE_LE {
base attribute-comparison; base ATTRIBUTE_COMPARISON;
description "<= comparison"; description "<= comparison";
} }
typedef match-set-options-type { typedef match-set-options-type {
type enumeration { type enumeration {
enum ANY { enum ANY {
description "match is true if given value matches any member description "match is true if given value matches any member
of the defined set"; of the defined set";
} }
enum ALL { enum ALL {
description "match is true if given value matches all description "match is true if given value matches all
members of the defined set"; members of the defined set";
} }
enum INVERT { enum INVERT {
description "match is true if given value does not match any description "match is true if given value does not match any
member of the defined set"; member of the defined set";
} }
} }
skipping to change at page 26, line 5 skipping to change at page 36, line 49
//TODO: restriction on enumerated types is only allowed in //TODO: restriction on enumerated types is only allowed in
//YANG 1.1. Until then, we will require this additional type //YANG 1.1. Until then, we will require this additional type
} }
grouping attribute-compare-operators { grouping attribute-compare-operators {
description "common definitions for comparison operations in description "common definitions for comparison operations in
condition statements"; condition statements";
leaf operator { leaf operator {
type identityref { type identityref {
base attribute-comparison; base ATTRIBUTE_COMPARISON;
} }
description description
"type of comparison to be performed"; "type of comparison to be performed";
} }
leaf value { leaf value {
type uint32; type uint32;
description description
"value to compare with the community count"; "value to compare with the community count";
} }
} }
typedef tag-type { typedef tag-type {
skipping to change at page 26, line 32 skipping to change at page 37, line 28
} }
description "type for expressing route tags on a local system, description "type for expressing route tags on a local system,
including IS-IS and OSPF; may be expressed as either decimal or including IS-IS and OSPF; may be expressed as either decimal or
hexidecimal integer"; hexidecimal integer";
reference reference
"RFC 2178 OSPF Version 2 "RFC 2178 OSPF Version 2
RFC 5130 A Policy Control Mechanism in IS-IS Using RFC 5130 A Policy Control Mechanism in IS-IS Using
Administrative Tags"; Administrative Tags";
} }
identity install-protocol-type { identity INSTALL_PROTOCOL_TYPE {
description description
"Base type for protocols which can install prefixes into the "Base type for protocols which can install prefixes into the
RIB"; RIB";
} }
identity BGP { identity BGP {
base install-protocol-type; base INSTALL_PROTOCOL_TYPE;
description "BGP"; description "BGP";
reference "RFC 4271"; reference "RFC 4271";
} }
identity ISIS { identity ISIS {
base install-protocol-type; base INSTALL_PROTOCOL_TYPE;
description "IS-IS"; description "IS-IS";
reference "ISO/IEC 10589"; reference "ISO/IEC 10589";
} }
identity OSPF { identity OSPF {
base install-protocol-type; base INSTALL_PROTOCOL_TYPE;
description "OSPFv2"; description "OSPFv2";
reference "RFC 2328"; reference "RFC 2328";
} }
identity OSPF3 { identity OSPF3 {
base install-protocol-type; base INSTALL_PROTOCOL_TYPE;
description "OSPFv3"; description "OSPFv3";
reference "RFC 5340"; reference "RFC 5340";
} }
identity STATIC { identity STATIC {
base install-protocol-type; base INSTALL_PROTOCOL_TYPE;
description "Locally-installed static route"; description "Locally-installed static route";
} }
identity DIRECTLY-CONNECTED { identity DIRECTLY_CONNECTED {
base install-protocol-type; base INSTALL_PROTOCOL_TYPE;
description "A directly connected route"; description "A directly connected route";
} }
identity LOCAL-AGGREGATE { identity LOCAL_AGGREGATE {
base install-protocol-type; base INSTALL_PROTOCOL_TYPE;
description "Locally defined aggregate route"; description "Locally defined aggregate route";
} }
} }
<CODE ENDS> <CODE ENDS>
10. Policy examples 10. Policy examples
Below we show an example of XML-encoded configuration data using the Below we show an example of XML-encoded configuration data using the
routing policy and BGP models to illustrate both how policies are routing policy and BGP models to illustrate both how policies are
defined, and also how they can be applied. Note that the XML has defined, and also how they can be applied. Note that the XML has
been simplified for readability. been simplified for readability.
<routing-policy> <config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<routing-policy xmlns="urn:ietf:params:xml:ns:yang:ietf-routing-policy">
<defined-sets>
<prefix-set name="prefix-set-A">
<prefix>
<address>A1</address>
<masklength>M1</masklength>
</prefix>
<prefix>
<address>A2</address>
<masklength>M2</masklength>
</prefix>
<prefix>
<address>A3</address>
<masklength>M3</masklength>
</prefix>
</prefix-set>
<tag-set>
<tag-set-name>cust-tag1</tag-set-name>
<tag value="10" />
</tag-set>
<community-set name="community-set-A">
<community-member>C1</community-member>
<community-member>C2</community-member>
<community-member>C3</community-member>
</community-set>
<community-set name="community-set-B">
<community-member>C5</community-member>
<community-member>C6</community-member>
<community-member>C7</community-member>
</community-set>
<as-path-set name="as-path-set-A">
<as-path-set-member>AS1</as-path-set-member>
<as-path-set-member>AS2</as-path-set-member>
<as-path-set-member>ASx</as-path-set-member>
</as-path-set>
</defined-sets>
<!-- policy 1:
if community in community-set-A then local-pref = 10
if origin = IGP then accept route
-->
<policy-defintion name="policy 1">
<policy-statements>
<statement name="depref-community-A">
<conditions>
<match-community-set>
<community-set>community-set-A</community-set>
</match-community-set>
</conditions>
<actions>
<set-local-pref>10</set-local-pref>
</actions>
</statement>
<statement name="accept-igp">
<conditions>
<origin-eq>IGP</origin-eq>
</conditions>
<actions>
<accept-route />
</actions>
</statement>
</policy-statements>
</policy-defintion>
<!-- policy 2:
if community matches-exactly community-set-B and AS
path in as-path-set-A then reject
-->
<policy-defintion name="policy 2">
<statement name="drop-community-B-aspath-A">
<conditions>
<match-community-set>
<community-set>community-set-B</community-set>
<match-set-options>ALL</match-set-options>
</match-community-set>
<match-as-set>
<as-set>as-path-set-A</as-set>
</match-as-set>
</conditions>
<actions>
<reject-route />
</actions>
</statement>
</policy-defintion>
<!-- policy 3:
if community matches-exactly community-set-A
then accept
-->
<policy-definition name="policy 3">
<statement name="accept-community-A">
<conditions>
<match-community-set>
<community-set>community-set-A</community-set>
<match-set-options>ALL</match-set-options>
</match-prefix-set>
</conditions>
<actions>
<accept-route />
</actions>
</statement>
</policy-definition>
<!-- policy export-tagged-BGP: <defined-sets>
if route from OSPFv3 and tag=cust-tag1 <prefix-sets>
then accept <prefix-set>
--> <prefix-set-name>prefix-set-A</prefix-set-name>
<prefix>
<ip-prefix>192.0.2.0/24</ip-prefix>
<masklength-range>24..32</masklength-range>
</prefix>
<prefix>
<ip-prefix>10.0.0.0/16</ip-prefix>
<masklength-range>16..32</masklength-range>
</prefix>
<prefix>
<ip-prefix>192.168.0.0/19</ip-prefix>
<masklength-range>19..24</masklength-range>
<policy-definition name="export-tagged-BGP"> </prefix>
<statement> </prefix-set>
<conditions> </prefix-sets>
<install-protocol-eq>OSPFV3</install-protocol-eq> <tag-sets>
<match-tag-set>cust-tag1</match-tag-set> <tag-set>
</conditions> <tag-set-name>cust-tag1</tag-set-name>
<actions> <tag>
<accept-route /> <value>10</value>
</actions> </tag>
</statement> </tag-set>
</policy-definition> </tag-sets>
</defined-sets>
</routing-policy> <policy-definitions>
<policy-definition>
<name>export-tagged-BGP</name>
<statements>
<statement>
<name>term-0</name>
<conditions>
<install-protocol-eq xmlns:ns="urn:ietf:params:xml:ns:yang:ietf-routing-policy">ns:OSPF3</install-protocol-eq>
<match-tag-set>
<tag-set>cust-tag1</tag-set>
</match-tag-set>
</conditions>
<actions>
<accept-route />
</actions>
</statement>
</statements>
</policy-definition>
</policy-definitions>
<!-- import policy chain for BGP neighbor --> </routing-policy>
<bgp> </config>
<neighbor>
<neighbor-address>172.95.25.2</neighbor-address>
<peer-AS>ASY</peer-AS>
<description>regional peer ASY</description>
<peer-type>EXTERNAL</peer-type>
<advertise-inactive-routes>true</advertise-inactive-routes>
<use-multiple-paths>
<ebgp>
<maximum-paths>4</maximum-paths>
</ebgp>
</use-multiple-paths>
<import-policies>
<policyref>policy 2</policyref>
<policyref>policy 3</policyref>
<default-policy>REJECT-ROUTE</default-policy>
</import-policies>
</neighbor>
</bgp>
11. References 11. References
11.1. Normative references 11.1. Normative references
[RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the
Network Configuration Protocol (NETCONF)", RFC 6020, Network Configuration Protocol (NETCONF)", RFC 6020,
October 2014. October 2014.
[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway
skipping to change at page 31, line 28 skipping to change at page 40, line 17
[RFC3688] Mealling, M., "The IETF XML Registry", RFC 3688, January [RFC3688] Mealling, M., "The IETF XML Registry", RFC 3688, January
2004. 2004.
11.2. Informative references 11.2. Informative references
[I-D.ietf-idr-bgp-model] [I-D.ietf-idr-bgp-model]
Shaikh, A., Shakir, R., Patel, K., Hares, S., D'Souza, K., Shaikh, A., Shakir, R., Patel, K., Hares, S., D'Souza, K.,
Bansal, D., Clemm, A., Alex, A., Jethanandani, M., and X. Bansal, D., Clemm, A., Alex, A., Jethanandani, M., and X.
Liu, "BGP Model for Service Provider Networks", draft- Liu, "BGP Model for Service Provider Networks", draft-
ietf-idr-bgp-model-00 (work in progress), July 2015. ietf-idr-bgp-model-01 (work in progress), January 2016.
[I-D.openconfig-netmod-opstate] [I-D.openconfig-netmod-opstate]
Shakir, R., Shaikh, A., and M. Hines, "Consistent Modeling Shakir, R., Shaikh, A., and M. Hines, "Consistent Modeling
of Operational State Data in YANG", draft-openconfig- of Operational State Data in YANG", draft-openconfig-
netmod-opstate-00 (work in progress), March 2015. netmod-opstate-01 (work in progress), July 2015.
Appendix A. Acknowledgements Appendix A. Acknowledgements
The authors are grateful for valuable contributions to this document The authors are grateful for valuable contributions to this document
and the associated models from: Ebben Aires, Luyuan Fang, Josh and the associated models from: Ebben Aires, Luyuan Fang, Josh
George, Acee Lindem, Stephane Litkowski, Ina Minei, Carl Moberg, Eric George, Acee Lindem, Stephane Litkowski, Ina Minei, Carl Moberg, Eric
Osborne, Steve Padgett, Juergen Schoenwaelder, Jim Uttaro, and Russ Osborne, Steve Padgett, Juergen Schoenwaelder, Jim Uttaro, and Russ
White. White.
Appendix B. Change summary Appendix B. Change summary
B.1. Changes between revisions draft-shaikh-rtgwg-policy-model and -00 B.1. Changes between revisions -00 and -01
Updated policy model with additional condition for matching
interfaces.
B.2. Changes between revisions draft-shaikh-rtgwg-policy-model and -00
This revision updates the draft name to reflect adoption as a working This revision updates the draft name to reflect adoption as a working
document in the RTGWG. Minor changes include updates to references document in the RTGWG. Minor changes include updates to references
and updated author contact information. and updated author contact information.
Authors' Addresses Authors' Addresses
Anees Shaikh Anees Shaikh
Google Google
1600 Amphitheatre Pkwy 1600 Amphitheatre Pkwy
Mountain View, CA 94043 Mountain View, CA 94043
US US
Email: aashaikh@google.com Email: aashaikh@google.com
Rob Shakir Rob Shakir
Individual Jive Communications, Inc.
1275 West 1600 North, Suite 100
Orem, UT 84057
Email: rjs@rob.sh Email: rjs@rob.sh
Kevin D'Souza Kevin D'Souza
AT&T AT&T
200 S. Laurel Ave 200 S. Laurel Ave
Middletown, NJ Middletown, NJ
US US
Email: kd6913@att.com Email: kd6913@att.com
 End of changes. 129 change blocks. 
398 lines changed or deleted 839 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/