| < draft-wu-l3sm-rfc8049bis-01.txt | draft-wu-l3sm-rfc8049bis-02.txt > | |||
|---|---|---|---|---|
| Network Working Group Q. Wu, Ed. | Network Working Group Q. Wu, Ed. | |||
| Internet-Draft Huawei Technologies | Internet-Draft Huawei | |||
| Obsoletes: 8049 (if approved) S. Litkowski | Obsoletes: 8049 (if approved) S. Litkowski | |||
| Intended status: Standards Track Orange Business Services | Intended status: Standards Track Orange | |||
| Expires: January 4, 2018 L. Tomotaki | Expires: February 10, 2018 L. Tomotaki | |||
| Verizon | Verizon | |||
| K. Ogaki | K. Ogaki | |||
| KDDI Corporation | KDDI Corporation | |||
| July 3, 2017 | August 9, 2017 | |||
| YANG Data Model for L3VPN Service Delivery | YANG Data Model for L3VPN Service Delivery | |||
| draft-wu-l3sm-rfc8049bis-01 | draft-wu-l3sm-rfc8049bis-02 | |||
| Abstract | Abstract | |||
| This document defines a YANG data model that can be used for | This document defines a YANG data model that can be used for | |||
| communication between customers and network operators and to deliver | communication between customers and network operators and to deliver | |||
| a Layer 3 provider-provisioned VPN service. This document is limited | a Layer 3 provider-provisioned VPN service. This document is limited | |||
| to BGP PE-based VPNs as described in RFCs 4026, 4110, and 4364. This | to BGP PE-based VPNs as described in RFCs 4026, 4110, and 4364. This | |||
| model is intended to be instantiated at the management system to | model is intended to be instantiated at the management system to | |||
| deliver the overall service. It is not a configuration model to be | deliver the overall service. It is not a configuration model to be | |||
| used directly on network elements. This model provides an abstracted | used directly on network elements. This model provides an abstracted | |||
| skipping to change at page 2, line 4 ¶ | skipping to change at page 2, line 4 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 4, 2018. | This Internet-Draft will expire on February 10, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 34 ¶ | skipping to change at page 3, line 34 ¶ | |||
| 6.13. Enhanced VPN Features . . . . . . . . . . . . . . . . . . 100 | 6.13. Enhanced VPN Features . . . . . . . . . . . . . . . . . . 100 | |||
| 6.13.1. Carriers' Carriers . . . . . . . . . . . . . . . . . 100 | 6.13.1. Carriers' Carriers . . . . . . . . . . . . . . . . . 100 | |||
| 6.14. External ID References . . . . . . . . . . . . . . . . . 102 | 6.14. External ID References . . . . . . . . . . . . . . . . . 102 | |||
| 6.15. Defining NNIs . . . . . . . . . . . . . . . . . . . . . . 102 | 6.15. Defining NNIs . . . . . . . . . . . . . . . . . . . . . . 102 | |||
| 6.15.1. Defining an NNI with the Option A Flavor . . . . . . 104 | 6.15.1. Defining an NNI with the Option A Flavor . . . . . . 104 | |||
| 6.15.2. Defining an NNI with the Option B Flavor . . . . . . 107 | 6.15.2. Defining an NNI with the Option B Flavor . . . . . . 107 | |||
| 6.15.3. Defining an NNI with the Option C Flavor . . . . . . 110 | 6.15.3. Defining an NNI with the Option C Flavor . . . . . . 110 | |||
| 7. Service Model Usage Example . . . . . . . . . . . . . . . . . 111 | 7. Service Model Usage Example . . . . . . . . . . . . . . . . . 111 | |||
| 8. Interaction with Other YANG Modules . . . . . . . . . . . . . 117 | 8. Interaction with Other YANG Modules . . . . . . . . . . . . . 117 | |||
| 9. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 122 | 9. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 122 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 175 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 177 | |||
| 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 176 | 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 178 | |||
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 176 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 178 | |||
| 12.1. Normative References . . . . . . . . . . . . . . . . . . 176 | 12.1. Normative References . . . . . . . . . . . . . . . . . . 178 | |||
| 12.2. Informative References . . . . . . . . . . . . . . . . . 178 | 12.2. Informative References . . . . . . . . . . . . . . . . . 179 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 178 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 180 | |||
| Appendix B. Contributors . . . . . . . . . . . . . . . . . . . . 178 | Appendix B. Contributors . . . . . . . . . . . . . . . . . . . . 180 | |||
| Appendix C. Open Issues . . . . . . . . . . . . . . . . . . . . 178 | Appendix C. Open Issues . . . . . . . . . . . . . . . . . . . . 180 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 179 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 180 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines a Layer 3 VPN service data model written in | This document defines a Layer 3 VPN service data model written in | |||
| YANG. The model defines service configuration elements that can be | YANG. The model defines service configuration elements that can be | |||
| used in communication protocols between customers and network | used in communication protocols between customers and network | |||
| operators. Those elements can also be used as input to automated | operators. Those elements can also be used as input to automated | |||
| control and configuration applications. | control and configuration applications. | |||
| If approved, this document obsoletes [RFC8049]. The changes are a | If approved, this document obsoletes [RFC8049]. The changes are a | |||
| skipping to change at page 6, line 33 ¶ | skipping to change at page 6, line 33 ¶ | |||
| o Add in the XPATH string representation of identityrefs and remove | o Add in the XPATH string representation of identityrefs and remove | |||
| unqualified name. Change from YANG 1.0 Support to YANG 1.1 | unqualified name. Change from YANG 1.0 Support to YANG 1.1 | |||
| Support. | Support. | |||
| o Remove "when" statement from leaf nat44-customer-address. | o Remove "when" statement from leaf nat44-customer-address. | |||
| o Fixed broken example and Add mandatory element in the examples. | o Fixed broken example and Add mandatory element in the examples. | |||
| o Remove redundant parameters in the cloud access. | o Remove redundant parameters in the cloud access. | |||
| o Specify what type of IPv6 address in the model for IPv6 | ||||
| connection. | ||||
| o Specify provider address and a list of start-end addresses from | o Specify provider address and a list of start-end addresses from | |||
| provider address for DHCP case. | provider address for DHCP case. | |||
| o Add a few text to clarify what the site is in section 6.3. | o Add a few text to clarify what the site is in section 6.3. | |||
| o Add multi-filter and multi-VPN per entry support for VPN policy. | ||||
| o Modify description for svc-input-bandwidth leaf and svc-output- | ||||
| bandwidth leaf to make it consistent with the text in section | ||||
| 6.12.1. | ||||
| o Clarify the rational of the model in the section 5. | ||||
| o Add text to clarify the way to achieve Per-VPN QoS policy. | ||||
| 2. Acronyms | 2. Acronyms | |||
| AAA: Authentication, Authorization, and Accounting. | AAA: Authentication, Authorization, and Accounting. | |||
| ACL: Access Control List. | ACL: Access Control List. | |||
| ADSL: Asymmetric DSL. | ADSL: Asymmetric DSL. | |||
| AH: Authentication Header. | AH: Authentication Header. | |||
| skipping to change at page 10, line 32 ¶ | skipping to change at page 10, line 32 ¶ | |||
| +++++++ | +++++++ | |||
| ++++++++ Bearer ++++++++ ++++++++ ++++++++ | ++++++++ Bearer ++++++++ ++++++++ ++++++++ | |||
| + CE A + ----------- + PE A + + PE B + ---- + CE B + | + CE A + ----------- + PE A + + PE B + ---- + CE B + | |||
| ++++++++ Connection ++++++++ ++++++++ ++++++++ | ++++++++ Connection ++++++++ ++++++++ ++++++++ | |||
| Site A Site B | Site A Site B | |||
| The idea of the L3 IP VPN service model is to propose an abstracted | The idea of the L3 IP VPN service model is to propose an abstracted | |||
| interface between customers and network operators to manage | interface between customers and network operators to manage | |||
| configuration of components of an L3VPN service. A typical scenario | configuration of components of an L3VPN service. The model is | |||
| would be to use this model as an input for an orchestration layer | intended to be used in the way that the network operator's system is | |||
| that will be responsible for translating it to an orchestrated | the server and the customer's system is the client. A typical | |||
| scenario would be to use this model as an input for an orchestration | ||||
| layer that will be responsible for translating it to an orchestrated | ||||
| configuration of network elements that will be part of the service. | configuration of network elements that will be part of the service. | |||
| The network elements can be routers but can also be servers (like | The network elements can be routers but can also be servers (like | |||
| AAA); the network's configuration is not limited to these examples. | AAA); the network's configuration is not limited to these examples. | |||
| The configuration of network elements can be done via the CLI, | The configuration of network elements can be done via the CLI, | |||
| NETCONF/RESTCONF [RFC6241] [RFC8040] coupled with YANG data models of | NETCONF/RESTCONF [RFC6241] [RFC8040] coupled with YANG data models of | |||
| a specific configuration (BGP, VRF, BFD, etc.), or some other | a specific configuration (BGP, VRF, BFD, etc.), or some other | |||
| technique, as preferred by the operator. | technique, as preferred by the operator. | |||
| The usage of this service model is not limited to this example; it | The usage of this service model is not limited to this example; it | |||
| can be used by any component of the management system but not | can be used by any component of the management system but not | |||
| skipping to change at page 11, line 51 ¶ | skipping to change at page 11, line 51 ¶ | |||
| +--rw vpn-services | +--rw vpn-services | |||
| | +--rw vpn-service* [vpn-id] | | +--rw vpn-service* [vpn-id] | |||
| | +--rw vpn-id svc-id | | +--rw vpn-id svc-id | |||
| | +--rw customer-name? string | | +--rw customer-name? string | |||
| | +--rw vpn-service-topology? identityref | | +--rw vpn-service-topology? identityref | |||
| | +--rw cloud-accesses {cloud-access}? | | +--rw cloud-accesses {cloud-access}? | |||
| | | +--rw cloud-access* [cloud-identifier] | | | +--rw cloud-access* [cloud-identifier] | |||
| | | +--rw cloud-identifier -> /l3vpn-svc/vpn-profiles/valid-provider-identifiers/cloud-identifier/id | | | +--rw cloud-identifier -> /l3vpn-svc/vpn-profiles/valid-provider-identifiers/cloud-identifier/id | |||
| | | +--rw (list-flavor)? | | | +--rw (list-flavor)? | |||
| | | | +--:(permit-any) | | | | +--:(permit-any) | |||
| | | | +--rw permit-any? empty | | | | | +--rw permit-any? empty | |||
| | | +--rw authorized-sites | | | | +--:(deny-any-except) | |||
| | | | +--rw authorized-site* [site-id] | | | | | +--rw permit-site* -> /l3vpn-svc/sites/site/site-id | |||
| | | | +--rw site-id -> /l3vpn-svc/sites/site/site-id | | | | +--:(permit-any-except) | |||
| | | +--rw denied-sites | | | | +--rw deny-site* -> /l3vpn-svc/sites/site/site-id | |||
| | | | +--rw denied-site* [site-id] | ||||
| | | | +--rw site-id -> /l3vpn-svc/sites/site/site-id | ||||
| | | +--rw address-translation | | | +--rw address-translation | |||
| | | +--rw nat44 | | | +--rw nat44 | |||
| | | +--rw enabled? boolean | | | +--rw enabled? boolean | |||
| | | +--rw nat44-customer-address? inet:ipv4-address | | | +--rw nat44-customer-address? inet:ipv4-address | |||
| | +--rw multicast {multicast}? | | +--rw multicast {multicast}? | |||
| | | +--rw enabled? boolean | | | +--rw enabled? boolean | |||
| | | +--rw customer-tree-flavors | | | +--rw customer-tree-flavors | |||
| | | | +--rw tree-flavor* identityref | | | | +--rw tree-flavor* identityref | |||
| | | +--rw rp | | | +--rw rp | |||
| | | +--rw rp-group-mappings | | | +--rw rp-group-mappings | |||
| skipping to change at page 13, line 26 ¶ | skipping to change at page 13, line 24 ¶ | |||
| +--rw site-diversity {site-diversity}? | +--rw site-diversity {site-diversity}? | |||
| | +--rw groups | | +--rw groups | |||
| | +--rw group* [group-id] | | +--rw group* [group-id] | |||
| | +--rw group-id string | | +--rw group-id string | |||
| +--rw management | +--rw management | |||
| | +--rw type identityref | | +--rw type identityref | |||
| +--rw vpn-policies | +--rw vpn-policies | |||
| | +--rw vpn-policy* [vpn-policy-id] | | +--rw vpn-policy* [vpn-policy-id] | |||
| | +--rw vpn-policy-id svc-id | | +--rw vpn-policy-id svc-id | |||
| | +--rw entries* [id] | | +--rw entries* [id] | |||
| | +--rw id svc-id | | +--rw id svc-id | |||
| | +--rw filter | | +--rw filters | |||
| | | +--rw (lan)? | | | +--rw filter* [type] | |||
| | | +--:(lan-tag) | | | +--rw type identityref | |||
| | | | +--rw lan-tag* string | | | +--rw ipv4-lan-prefix* inet:ipv4-prefix {ipv4}? | |||
| | | +--:(prefixes) | | | +--rw lan-tag* string | |||
| | | +--rw ipv4-lan-prefix* inet:ipv4-prefix {ipv4}? | | | +--rw ipv6-lan-prefix* inet:ipv6-prefix {ipv6}? | |||
| | | +--rw ipv6-lan-prefix* inet:ipv6-prefix {ipv6}? | | +--rw vpn* [vpn-id] | |||
| | +--rw vpn | ||||
| | +--rw vpn-id -> /l3vpn-svc/vpn-services/vpn-service/vpn-id | | +--rw vpn-id -> /l3vpn-svc/vpn-services/vpn-service/vpn-id | |||
| | +--rw site-role? identityref | | +--rw site-role? identityref | |||
| +--rw site-vpn-flavor? identityref | +--rw site-vpn-flavor? identityref | |||
| +--rw maximum-routes | +--rw maximum-routes | |||
| | +--rw address-family* [af] | | +--rw address-family* [af] | |||
| | +--rw af address-family | | +--rw af address-family | |||
| | +--rw maximum-routes? uint32 | | +--rw maximum-routes? uint32 | |||
| +--rw security | +--rw security | |||
| | +--rw authentication | | +--rw authentication | |||
| | +--rw encryption {encryption}? | | +--rw encryption {encryption}? | |||
| skipping to change at page 14, line 43 ¶ | skipping to change at page 14, line 40 ¶ | |||
| | | | | +--rw match-application? identityref | | | | | +--rw match-application? identityref | |||
| | | | +--rw target-class-id? string | | | | +--rw target-class-id? string | |||
| | | +--rw qos-profile | | | +--rw qos-profile | |||
| | | +--rw (qos-profile) | | | +--rw (qos-profile) | |||
| | | +--:(standard) | | | +--:(standard) | |||
| | | | +--rw profile? -> /l3vpn-svc/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id | | | | +--rw profile? -> /l3vpn-svc/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id | |||
| | | +--:(custom) | | | +--:(custom) | |||
| | | +--rw classes {qos-custom}? | | | +--rw classes {qos-custom}? | |||
| | | +--rw class* [class-id] | | | +--rw class* [class-id] | |||
| | | +--rw class-id string | | | +--rw class-id string | |||
| | | +--rw direction? identityref | ||||
| | | +--rw rate-limit? uint8 | | | +--rw rate-limit? uint8 | |||
| | | +--rw latency | | | +--rw latency | |||
| | | | +--rw (flavor)? | | | | +--rw (flavor)? | |||
| | | | +--:(lowest) | | | | +--:(lowest) | |||
| | | | | +--rw use-lowest-latency? empty | | | | | +--rw use-lowest-latency? empty | |||
| | | | +--:(boundary) | | | | +--:(boundary) | |||
| | | | +--rw latency-boundary? uint16 | | | | +--rw latency-boundary? uint16 | |||
| | | +--rw jitter | | | +--rw jitter | |||
| | | | +--rw (flavor)? | | | | +--rw (flavor)? | |||
| | | | +--:(lowest) | | | | +--:(lowest) | |||
| skipping to change at page 16, line 51 ¶ | skipping to change at page 16, line 49 ¶ | |||
| | | | +--:(number) | | | | +--:(number) | |||
| | | | | +--rw number-of-dynamic-address? uint8 | | | | | +--rw number-of-dynamic-address? uint8 | |||
| | | | +--:(explicit) | | | | +--:(explicit) | |||
| | | | +--rw customer-addresses | | | | +--rw customer-addresses | |||
| | | | +--rw address-group* [group-id] | | | | +--rw address-group* [group-id] | |||
| | | | +--rw group-id string | | | | +--rw group-id string | |||
| | | | +--rw start-address? inet:ipv4-address | | | | +--rw start-address? inet:ipv4-address | |||
| | | | +--rw end-address? inet:ipv4-address | | | | +--rw end-address? inet:ipv4-address | |||
| | | +--rw dhcp-relay | | | +--rw dhcp-relay | |||
| | | | +--rw provider-address inet:ipv4-address | | | | +--rw provider-address inet:ipv4-address | |||
| | | | +--rw mask? uint8 | | | | +--rw mask uint8 | |||
| | | | +--rw customer-dhcp-servers | | | | +--rw customer-dhcp-servers | |||
| | | | +--rw server-ip-address* inet:ipv4-address | | | | +--rw server-ip-address* inet:ipv4-address | |||
| | | +--rw addresses | | | +--rw addresses | |||
| | | +--rw provider-address inet:ipv4-address | | | +--rw provider-address inet:ipv4-address | |||
| | | +--rw customer-address inet:ipv4-address | | | +--rw customer-address inet:ipv4-address | |||
| | | +--rw mask uint8 | | | +--rw mask uint8 | |||
| | +--rw ipv6 {ipv6}? | | +--rw ipv6 {ipv6}? | |||
| | | +--rw address-allocation-type? identityref | | | +--rw address-allocation-type? identityref | |||
| | | +--rw address-scope-type? identityref | ||||
| | | +--rw provider-dhcp | | | +--rw provider-dhcp | |||
| | | | +--rw provider-address inet:ipv6-address | | | | +--rw provider-address inet:ipv6-address | |||
| | | | +--rw mask uint8 | | | | +--rw mask uint8 | |||
| | | | +--rw (address-assign)? | | | | +--rw (address-assign)? | |||
| | | | +--:(number) | | | | +--:(number) | |||
| | | | | +--rw number-of-dynamic-address? uint8 | | | | | +--rw number-of-dynamic-address? uint8 | |||
| | | | +--:(explicit) | | | | +--:(explicit) | |||
| | | | +--rw customer-addresses | | | | +--rw customer-addresses | |||
| | | | +--rw address-group* [group-id] | | | | +--rw address-group* [group-id] | |||
| | | | +--rw group-id string | | | | +--rw group-id string | |||
| skipping to change at page 18, line 46 ¶ | skipping to change at page 18, line 43 ¶ | |||
| | | | | +--rw match-application? identityref | | | | | +--rw match-application? identityref | |||
| | | | +--rw target-class-id? string | | | | +--rw target-class-id? string | |||
| | | +--rw qos-profile | | | +--rw qos-profile | |||
| | | +--rw (qos-profile) | | | +--rw (qos-profile) | |||
| | | +--:(standard) | | | +--:(standard) | |||
| | | | +--rw profile? -> /l3vpn-svc/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id | | | | +--rw profile? -> /l3vpn-svc/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id | |||
| | | +--:(custom) | | | +--:(custom) | |||
| | | +--rw classes {qos-custom}? | | | +--rw classes {qos-custom}? | |||
| | | +--rw class* [class-id] | | | +--rw class* [class-id] | |||
| | | +--rw class-id string | | | +--rw class-id string | |||
| | | +--rw direction? identityref | ||||
| | | +--rw rate-limit? uint8 | | | +--rw rate-limit? uint8 | |||
| | | +--rw latency | | | +--rw latency | |||
| | | | +--rw (flavor)? | | | | +--rw (flavor)? | |||
| | | | +--:(lowest) | | | | +--:(lowest) | |||
| | | | | +--rw use-lowest-latency? empty | | | | | +--rw use-lowest-latency? empty | |||
| | | | +--:(boundary) | | | | +--:(boundary) | |||
| | | | +--rw latency-boundary? uint16 | | | | +--rw latency-boundary? uint16 | |||
| | | +--rw jitter | | | +--rw jitter | |||
| | | | +--rw (flavor)? | | | | +--rw (flavor)? | |||
| | | | +--:(lowest) | | | | +--:(lowest) | |||
| skipping to change at page 91, line 43 ¶ | skipping to change at page 91, line 43 ¶ | |||
| ordered list of rules that match a flow or application and set the | ordered list of rules that match a flow or application and set the | |||
| appropriate target class of service (target-class-id). The user can | appropriate target class of service (target-class-id). The user can | |||
| define the match using an application reference or a flow definition | define the match using an application reference or a flow definition | |||
| that is more specific (e.g., based on Layer 3 source and destination | that is more specific (e.g., based on Layer 3 source and destination | |||
| addresses, Layer 4 ports, and Layer 4 protocol). When a flow | addresses, Layer 4 ports, and Layer 4 protocol). When a flow | |||
| definition is used, the user can employ a "target-sites" leaf-list to | definition is used, the user can employ a "target-sites" leaf-list to | |||
| identify the destination of a flow rather than using destination IP | identify the destination of a flow rather than using destination IP | |||
| addresses. In such a case, an association between the site | addresses. In such a case, an association between the site | |||
| abstraction and the IP addresses used by this site must be done | abstraction and the IP addresses used by this site must be done | |||
| dynamically. How this association is done is out of scope for this | dynamically. How this association is done is out of scope for this | |||
| document. A rule that does not have a match statement is considered | document. The association of a site to an IP VPN is done through the | |||
| a match-all rule. An SP may implement a default terminal | "vpn-attachment" container. Therefore the user can also employ | |||
| classification rule if the customer does not provide it. It will be | "target-sites" leaf-list and "vpn-attachment" to identify the | |||
| up to the SP to determine its default target class. The current | destination of a flow targeted to specific vpn service. A rule that | |||
| model defines some applications, but new application identities may | does not have a match statement is considered a match-all rule. An | |||
| be added through augmentation. The exact meaning of each application | SP may implement a default terminal classification rule if the | |||
| identity is up to the SP, so it will be necessary for the SP to | customer does not provide it. It will be up to the SP to determine | |||
| advise the customer on the usage of application matching. | its default target class. The current model defines some | |||
| applications, but new application identities may be added through | ||||
| augmentation. The exact meaning of each application identity is up | ||||
| to the SP, so it will be necessary for the SP to advise the customer | ||||
| on the usage of application matching. | ||||
| Where the classification is done depends on the SP's implementation | Where the classification is done depends on the SP's implementation | |||
| of the service, but classification concerns the flow coming from the | of the service, but classification concerns the flow coming from the | |||
| customer site and entering the network. | customer site and entering the network. | |||
| Provider network | Provider network | |||
| +-----------------------+ | +-----------------------+ | |||
| 192.0.2.0/24 | 192.0.2.0/24 | |||
| 198.51.100.0/24 ---- CE --------- PE | 198.51.100.0/24 ---- CE --------- PE | |||
| skipping to change at page 94, line 31 ¶ | skipping to change at page 94, line 31 ¶ | |||
| an example, a device-scheduling policy may be implemented on both the | an example, a device-scheduling policy may be implemented on both the | |||
| PE side and the CE side of the WAN link. In the case of a customer- | PE side and the CE side of the WAN link. In the case of a customer- | |||
| managed connection, the provider is only responsible for ensuring | managed connection, the provider is only responsible for ensuring | |||
| scheduling from the SP network to the customer site. As an example, | scheduling from the SP network to the customer site. As an example, | |||
| a device-scheduling policy may be implemented only on the PE side of | a device-scheduling policy may be implemented only on the PE side of | |||
| the WAN link towards the customer. | the WAN link towards the customer. | |||
| A custom QoS profile is defined as a list of classes of services and | A custom QoS profile is defined as a list of classes of services and | |||
| associated properties. The properties are: | associated properties. The properties are: | |||
| o direction: used to specify the direction which qos profile is | ||||
| applied to. Our proposed model supports "Site-to-WAN" direction, | ||||
| "WAN-to-Site"direction and "both" direction. By default, "both" | ||||
| direction is used. | ||||
| o rate-limit: used to rate-limit the class of service. The value is | o rate-limit: used to rate-limit the class of service. The value is | |||
| expressed as a percentage of the global service bandwidth. When | expressed as a percentage of the global service bandwidth. When | |||
| the qos-profile container is implemented on the CE side, svc- | the qos-profile container is implemented on the CE side, svc- | |||
| output-bandwidth is taken into account as a reference. When it is | output-bandwidth is taken into account as a reference. When it is | |||
| implemented on the PE side, svc-input-bandwidth is used. | implemented on the PE side, svc-input-bandwidth is used. | |||
| o latency: used to define the latency constraint of the class. The | o latency: used to define the latency constraint of the class. The | |||
| latency constraint can be expressed as the lowest possible latency | latency constraint can be expressed as the lowest possible latency | |||
| or a latency boundary expressed in milliseconds. How this latency | or a latency boundary expressed in milliseconds. How this latency | |||
| constraint will be fulfilled is up to the SP's implementation of | constraint will be fulfilled is up to the SP's implementation of | |||
| skipping to change at page 122, line 32 ¶ | skipping to change at page 122, line 32 ¶ | |||
| </v4ur:route> | </v4ur:route> | |||
| </v4ur:ipv4> | </v4ur:ipv4> | |||
| </rt:static-routes> | </rt:static-routes> | |||
| </rt:routing-protocol> | </rt:routing-protocol> | |||
| </rt:routing-protocols> | </rt:routing-protocols> | |||
| </rt:routing-instance> | </rt:routing-instance> | |||
| </rt:routing> | </rt:routing> | |||
| 9. YANG Module | 9. YANG Module | |||
| <CODE BEGINS>file "ietf-l3vpn-svc@2017-06-29.yang" | <CODE BEGINS>file "ietf-l3vpn-svc@2017-08-08.yang" | |||
| module ietf-l3vpn-svc { | module ietf-l3vpn-svc { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"; | namespace "urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"; | |||
| prefix l3vpn-svc; | prefix l3vpn-svc; | |||
| import ietf-inet-types { | import ietf-inet-types { | |||
| prefix inet; | prefix inet; | |||
| } | } | |||
| import ietf-yang-types { | import ietf-yang-types { | |||
| prefix yang; | prefix yang; | |||
| } | } | |||
| skipping to change at page 123, line 9 ¶ | skipping to change at page 123, line 9 ¶ | |||
| Editor: | Editor: | |||
| L3SM WG | L3SM WG | |||
| Chairs: | Chairs: | |||
| Adrian Farrel, Qin Wu | Adrian Farrel, Qin Wu | |||
| "; | "; | |||
| description | description | |||
| "This YANG module defines a generic service configuration | "This YANG module defines a generic service configuration | |||
| model for Layer 3 VPNs. This model is common across all | model for Layer 3 VPNs. This model is common across all | |||
| vendor implementations."; | vendor implementations."; | |||
| revision 2017-06-29 { | revision 2017-08-08 { | |||
| description | description | |||
| "First revision of RFC8049."; | "First revision of RFC8049."; | |||
| reference | reference | |||
| "RFC xxxx: YANG Data Model for L3VPN Service Delivery"; | "RFC xxxx: YANG Data Model for L3VPN Service Delivery"; | |||
| } | } | |||
| /* Features */ | /* Features */ | |||
| feature cloud-access { | feature cloud-access { | |||
| description | description | |||
| "Allows the VPN to connect to a CSP."; | "Allows the VPN to connect to a CSP."; | |||
| } | } | |||
| skipping to change at page 123, line 32 ¶ | skipping to change at page 123, line 32 ¶ | |||
| "Enables multicast capabilities in a VPN."; | "Enables multicast capabilities in a VPN."; | |||
| } | } | |||
| feature ipv4 { | feature ipv4 { | |||
| description | description | |||
| "Enables IPv4 support in a VPN."; | "Enables IPv4 support in a VPN."; | |||
| } | } | |||
| feature ipv6 { | feature ipv6 { | |||
| description | description | |||
| "Enables IPv6 support in a VPN."; | "Enables IPv6 support in a VPN."; | |||
| } | } | |||
| feature lan-tag { | ||||
| description | ||||
| "Enables LAN Tag support in a VPN."; | ||||
| } | ||||
| feature carrierscarrier { | feature carrierscarrier { | |||
| description | description | |||
| "Enables support of CsC."; | "Enables support of CsC."; | |||
| } | } | |||
| feature extranet-vpn { | feature extranet-vpn { | |||
| description | description | |||
| "Enables support of extranet VPNs."; | "Enables support of extranet VPNs."; | |||
| } | } | |||
| feature site-diversity { | feature site-diversity { | |||
| description | description | |||
| skipping to change at page 132, line 44 ¶ | skipping to change at page 133, line 9 ¶ | |||
| identity esp { | identity esp { | |||
| base protocol-type; | base protocol-type; | |||
| description | description | |||
| "ESP header type."; | "ESP header type."; | |||
| } | } | |||
| identity ah { | identity ah { | |||
| base protocol-type; | base protocol-type; | |||
| description | description | |||
| "AH header type."; | "AH header type."; | |||
| } | } | |||
| identity address-scope-type { | identity vpn-policy-filter-type { | |||
| description | description | |||
| "Base identity for address scope."; | "Base identity for filter type."; | |||
| } | } | |||
| identity global-address { | identity ipv4 { | |||
| base address-scope-type; | base vpn-policy-filter-type; | |||
| description | description | |||
| "Use global address."; | "Identity for ipv4 prefix filter type."; | |||
| } | } | |||
| identity link-local-address { | identity ipv6 { | |||
| base address-scope-type; | base vpn-policy-filter-type; | |||
| description | ||||
| "Identity for ipv6 prefix filter type."; | ||||
| } | ||||
| identity lan { | ||||
| base vpn-policy-filter-type; | ||||
| description | ||||
| "Identity for lan tag filter type."; | ||||
| } | ||||
| identity qos-profile-direction { | ||||
| description | description | |||
| "Use link local address."; | "Base identity for qos profile direction."; | |||
| } | ||||
| identity site-to-wan { | ||||
| base qos-profile-direction; | ||||
| description | ||||
| "Identity for Site to WAN direction."; | ||||
| } | ||||
| identity wan-to-site { | ||||
| base qos-profile-direction; | ||||
| description | ||||
| "Identity for WAN to Site direction."; | ||||
| } | ||||
| identity both { | ||||
| base qos-profile-direction; | ||||
| description | ||||
| "Identity for both WAN to Site direction and Site to WAN direction."; | ||||
| } | } | |||
| /* Groupings */ | /* Groupings */ | |||
| grouping vpn-service-cloud-access { | grouping vpn-service-cloud-access { | |||
| container cloud-accesses { | container cloud-accesses { | |||
| if-feature cloud-access; | if-feature cloud-access; | |||
| list cloud-access { | list cloud-access { | |||
| key cloud-identifier; | key cloud-identifier; | |||
| leaf cloud-identifier { | leaf cloud-identifier { | |||
| type leafref { | type leafref { | |||
| path "/l3vpn-svc/vpn-profiles/valid-provider-identifiers/"+ | path "/l3vpn-svc/vpn-profiles/valid-provider-identifiers/"+ | |||
| skipping to change at page 133, line 34 ¶ | skipping to change at page 134, line 27 ¶ | |||
| Local administration meaning."; | Local administration meaning."; | |||
| } | } | |||
| choice list-flavor { | choice list-flavor { | |||
| case permit-any { | case permit-any { | |||
| leaf permit-any { | leaf permit-any { | |||
| type empty; | type empty; | |||
| description | description | |||
| "Allows all sites."; | "Allows all sites."; | |||
| } | } | |||
| } | } | |||
| description | case deny-any-except { | |||
| "Choice for cloud access policy."; | leaf-list permit-site { | |||
| } | ||||
| container authorized-sites { | ||||
| list authorized-site { | ||||
| key site-id; | ||||
| leaf site-id { | ||||
| type leafref { | type leafref { | |||
| path "/l3vpn-svc/sites/site/site-id"; | path "/l3vpn-svc/sites/site/site-id"; | |||
| } | ||||
| description | ||||
| "Site ID for each authorized site."; | ||||
| } | } | |||
| description | description | |||
| "List of authorized sites."; | "Site ID to be authorized."; | |||
| } | ||||
| } | ||||
| case permit-any-except { | ||||
| leaf-list deny-site { | ||||
| type leafref { | ||||
| path "/l3vpn-svc/sites/site/site-id"; | ||||
| } | } | |||
| description | description | |||
| "Configuration of authorized sites."; | "Site ID to be denied."; | |||
| } | ||||
| container denied-sites { | ||||
| list denied-site { | ||||
| key site-id; | ||||
| leaf site-id { | ||||
| type leafref { | ||||
| path "/l3vpn-svc/sites/site/site-id"; | ||||
| } | ||||
| description | ||||
| "Site ID for each denied site."; | ||||
| } | } | |||
| description | ||||
| "List of denied sites."; | ||||
| } | } | |||
| description | description | |||
| "Configuration of denied sites."; | "Choice for cloud access policy."; | |||
| } | } | |||
| container address-translation { | container address-translation { | |||
| container nat44 { | container nat44 { | |||
| leaf enabled { | leaf enabled { | |||
| type boolean; | type boolean; | |||
| default false; | default false; | |||
| description | description | |||
| "Controls whether or not Network address | "Controls whether or not Network address | |||
| translation from IPv4 to IPv4 (NAT44) | translation from IPv4 to IPv4 (NAT44) | |||
| [RFC3022]is required."; | [RFC3022]is required."; | |||
| skipping to change at page 144, line 13 ¶ | skipping to change at page 145, line 4 ¶ | |||
| } | } | |||
| description | description | |||
| "Match on Layer 4 dst port range."; | "Match on Layer 4 dst port range."; | |||
| } | } | |||
| leaf protocol-field { | leaf protocol-field { | |||
| type union { | type union { | |||
| type uint8; | type uint8; | |||
| type identityref { | type identityref { | |||
| base protocol-type; | base protocol-type; | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "Match on IPv4 protocol or IPv6 Next Header field."; | "Match on IPv4 protocol or IPv6 Next Header field."; | |||
| } | } | |||
| description | description | |||
| "Describes flow-matching criteria."; | "Describes flow-matching criteria."; | |||
| } | } | |||
| description | description | |||
| "Flow definition based on criteria."; | "Flow definition based on criteria."; | |||
| } | } | |||
| grouping site-service-basic { | grouping site-service-basic { | |||
| leaf svc-input-bandwidth { | leaf svc-input-bandwidth { | |||
| type uint64; | type uint64; | |||
| units bps; | units bps; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "From the PE's perspective, the service input | "From the customer site's perspective, the service | |||
| bandwidth of the connection."; | input bandwidth of the connection or download | |||
| bandwidth from the SP to the site."; | ||||
| } | } | |||
| leaf svc-output-bandwidth { | leaf svc-output-bandwidth { | |||
| type uint64; | type uint64; | |||
| units bps; | units bps; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "From the PE's perspective, the service output | "From the customer site's perspective, the service | |||
| bandwidth of the connection. "; | output bandwidth of the connection or upload | |||
| bandwidth from the site to the SP."; | ||||
| } | } | |||
| leaf svc-mtu { | leaf svc-mtu { | |||
| type uint16; | type uint16; | |||
| units bytes; | units bytes; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "MTU at service level. If the service is IP, | "MTU at service level. If the service is IP, | |||
| it refers to the IP MTU. If CsC is enabled, | it refers to the IP MTU. If CsC is enabled, | |||
| the requested 'svc-mtu' leaf will refer to the | the requested 'svc-mtu' leaf will refer to the | |||
| MPLS MTU and not to the IP MTU. "; | MPLS MTU and not to the IP MTU. "; | |||
| skipping to change at page 147, line 27 ¶ | skipping to change at page 148, line 19 ¶ | |||
| container classes { | container classes { | |||
| if-feature qos-custom; | if-feature qos-custom; | |||
| list class { | list class { | |||
| key class-id; | key class-id; | |||
| leaf class-id { | leaf class-id { | |||
| type string; | type string; | |||
| description | description | |||
| "Identification of the class of service. | "Identification of the class of service. | |||
| This identifier is internal to the administration."; | This identifier is internal to the administration."; | |||
| } | } | |||
| leaf direction { | ||||
| type identityref { | ||||
| base qos-profile-direction; | ||||
| } | ||||
| default both; | ||||
| description | ||||
| "The direction which QoS profile is applied to"; | ||||
| } | ||||
| leaf rate-limit { | leaf rate-limit { | |||
| type uint8; | type uint8; | |||
| units percent; | units percent; | |||
| description | description | |||
| "To be used if the class must be rate-limited. | "To be used if the class must be rate-limited. | |||
| Expressed as percentage of the service bandwidth."; | Expressed as percentage of the service bandwidth."; | |||
| } | } | |||
| container latency { | container latency { | |||
| choice flavor { | choice flavor { | |||
| case lowest { | case lowest { | |||
| skipping to change at page 148, line 42 ¶ | skipping to change at page 149, line 44 ¶ | |||
| description | description | |||
| "Jitter constraint on the traffic class."; | "Jitter constraint on the traffic class."; | |||
| } | } | |||
| description | description | |||
| "Jitter constraint on the traffic class."; | "Jitter constraint on the traffic class."; | |||
| } | } | |||
| container bandwidth { | container bandwidth { | |||
| leaf guaranteed-bw-percent { | leaf guaranteed-bw-percent { | |||
| type uint8; | type uint8; | |||
| units percent; | units percent; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "To be used to define the guaranteed bandwidth | "To be used to define the guaranteed bandwidth | |||
| as a percentage of the available service bandwidth."; | as a percentage of the available service bandwidth."; | |||
| } | } | |||
| leaf end-to-end { | leaf end-to-end { | |||
| type empty; | type empty; | |||
| description | description | |||
| "Used if the bandwidth reservation | "Used if the bandwidth reservation | |||
| must be done on the MPLS network too."; | must be done on the MPLS network too."; | |||
| } | } | |||
| skipping to change at page 153, line 11 ¶ | skipping to change at page 154, line 18 ¶ | |||
| leaf metric { | leaf metric { | |||
| type uint16; | type uint16; | |||
| default 1; | default 1; | |||
| description | description | |||
| "Metric of the sham link. It is used in | "Metric of the sham link. It is used in | |||
| the routing state calculation and path | the routing state calculation and path | |||
| selection. The default value is set | selection. The default value is set | |||
| to 1."; | to 1."; | |||
| } | } | |||
| description | description | |||
| "Creates a sham link with another site."; | "Creates a sham link with another site."; | |||
| } | } | |||
| description | description | |||
| "List of sham links."; | "List of sham links."; | |||
| } | } | |||
| description | description | |||
| "OSPF-specific configuration."; | "OSPF-specific configuration."; | |||
| } | } | |||
| container bgp { | container bgp { | |||
| when "derived-from-or-self(../type, 'l3vpn-svc:bgp')" { | when "derived-from-or-self(../type, 'l3vpn-svc:bgp')" { | |||
| description | description | |||
| "Only applies when protocol is BGP."; | "Only applies when protocol is BGP."; | |||
| } | } | |||
| if-feature rtg-bgp; | if-feature rtg-bgp; | |||
| leaf autonomous-system { | leaf autonomous-system { | |||
| type uint32; | type uint32; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "AS number."; | "Customer AS number in case the customer | |||
| requests BGP routing."; | ||||
| } | } | |||
| leaf-list address-family { | leaf-list address-family { | |||
| type address-family; | type address-family; | |||
| min-elements "1"; | min-elements "1"; | |||
| description | description | |||
| "If BGP is used on this site, this node | "If BGP is used on this site, this node | |||
| contains configured value. This node | contains configured value. This node | |||
| contains at least one address family | contains at least one address family | |||
| to be activated."; | to be activated."; | |||
| } | } | |||
| skipping to change at page 156, line 33 ¶ | skipping to change at page 157, line 46 ¶ | |||
| leaf provider-address { | leaf provider-address { | |||
| type inet:ipv4-address; | type inet:ipv4-address; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "Address of provider side"; | "Address of provider side"; | |||
| } | } | |||
| leaf mask { | leaf mask { | |||
| type uint8 { | type uint8 { | |||
| range "0..31"; | range "0..31"; | |||
| } | } | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "Subnet mask expressed in bits. The value zero | "Subnet mask expressed in bits. The value zero | |||
| means unspecified (by the customer)"; | means unspecified (by the customer)"; | |||
| } | } | |||
| choice address-assign { | choice address-assign { | |||
| default number; | default number; | |||
| case number { | case number { | |||
| leaf number-of-dynamic-address { | leaf number-of-dynamic-address { | |||
| type uint8; | type uint8; | |||
| default 1; | default 1; | |||
| skipping to change at page 157, line 49 ¶ | skipping to change at page 159, line 14 ¶ | |||
| leaf provider-address { | leaf provider-address { | |||
| type inet:ipv4-address; | type inet:ipv4-address; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "Address of provider side"; | "Address of provider side"; | |||
| } | } | |||
| leaf mask { | leaf mask { | |||
| type uint8 { | type uint8 { | |||
| range "0..31"; | range "0..31"; | |||
| } | } | |||
| mandatory true; | ||||
| description | description | |||
| "Subnet mask expressed in bits. The value zero | "Subnet mask expressed in bits. The value zero | |||
| means unspecified (by the customer)"; | means unspecified (by the customer)"; | |||
| } | } | |||
| container customer-dhcp-servers { | container customer-dhcp-servers { | |||
| leaf-list server-ip-address { | leaf-list server-ip-address { | |||
| type inet:ipv4-address; | type inet:ipv4-address; | |||
| description | description | |||
| "IP address of customer DHCP server."; | "IP address of customer DHCP server."; | |||
| } | } | |||
| description | description | |||
| "Container for list of customer DHCP servers."; | "Container for list of customer DHCP servers."; | |||
| } | } | |||
| description | description | |||
| "DHCP relay provided by operator."; | "DHCP relay provided by operator."; | |||
| } | } | |||
| container addresses { | container addresses { | |||
| when "derived-from-or-self(../address-allocation-type, 'l3vpn-svc:static-address')" { | when "derived-from-or-self(../address-allocation-type, 'l3vpn-svc:static-address')" { | |||
| skipping to change at page 158, line 33 ¶ | skipping to change at page 159, line 47 ¶ | |||
| } | } | |||
| leaf provider-address { | leaf provider-address { | |||
| type inet:ipv4-address; | type inet:ipv4-address; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "IPv4 Address List of provider side. When protocol | "IPv4 Address List of provider side. When protocol | |||
| allocation type is static, provider address must be configured"; | allocation type is static, provider address must be configured"; | |||
| } | } | |||
| leaf customer-address { | leaf customer-address { | |||
| type inet:ipv4-address; | type inet:ipv4-address; | |||
| mandatory true; | ||||
| description | description | |||
| "IPv4 Address of customer side."; | "IPv4 Address of customer side."; | |||
| } | } | |||
| leaf mask { | leaf mask { | |||
| type uint8 { | type uint8 { | |||
| range "0..31"; | range "0..31"; | |||
| } | } | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "Subnet mask expressed in bits. "; | "Subnet mask expressed in bits. "; | |||
| skipping to change at page 159, line 10 ¶ | skipping to change at page 160, line 24 ¶ | |||
| "IPv4-specific parameters."; | "IPv4-specific parameters."; | |||
| } | } | |||
| container ipv6 { | container ipv6 { | |||
| if-feature ipv6; | if-feature ipv6; | |||
| leaf address-allocation-type { | leaf address-allocation-type { | |||
| type identityref { | type identityref { | |||
| base address-allocation-type; | base address-allocation-type; | |||
| } | } | |||
| default static-address; | default static-address; | |||
| description | description | |||
| "Defines how addresses are allocated."; | "Defines how addresses are allocated."; | |||
| } | } | |||
| leaf address-scope-type { | ||||
| type identityref { | ||||
| base address-scope-type; | ||||
| } | ||||
| default "global-address"; | ||||
| description | ||||
| "Define address scope."; | ||||
| } | ||||
| container provider-dhcp { | container provider-dhcp { | |||
| when "../address-allocation-type = 'l3vpn-svc:provider-dhcp' "+ | when "../address-allocation-type = 'l3vpn-svc:provider-dhcp' "+ | |||
| "or ../address-allocation-type "+"= 'l3vpn-svc:provider-dhcp-slaac'" { | "or ../address-allocation-type "+"= 'l3vpn-svc:provider-dhcp-slaac'" { | |||
| description | description | |||
| "Only applies when addresses are allocated by DHCP."; | "Only applies when addresses are allocated by DHCP."; | |||
| } | } | |||
| leaf provider-address { | leaf provider-address { | |||
| type inet:ipv6-address; | type inet:ipv6-address; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| skipping to change at page 161, line 39 ¶ | skipping to change at page 162, line 49 ¶ | |||
| } | } | |||
| leaf provider-address { | leaf provider-address { | |||
| type inet:ipv6-address; | type inet:ipv6-address; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "IPv6 Address of provider side.When protocol | "IPv6 Address of provider side.When protocol | |||
| allocation type is static, provider address must be configured"; | allocation type is static, provider address must be configured"; | |||
| } | } | |||
| leaf customer-address { | leaf customer-address { | |||
| type inet:ipv6-address; | type inet:ipv6-address; | |||
| mandatory true; | ||||
| description | description | |||
| "IPv6 Address of customer side."; | "IPv6 Address of customer side."; | |||
| } | } | |||
| leaf mask { | leaf mask { | |||
| type uint8 { | type uint8 { | |||
| range "0..127"; | range "0..127"; | |||
| } | } | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "Subnet mask expressed in bits."; | "Subnet mask expressed in bits."; | |||
| skipping to change at page 166, line 38 ¶ | skipping to change at page 168, line 4 ¶ | |||
| description | description | |||
| "Unique identifier for the VPN policy."; | "Unique identifier for the VPN policy."; | |||
| } | } | |||
| list entries { | list entries { | |||
| key id; | key id; | |||
| leaf id { | leaf id { | |||
| type svc-id; | type svc-id; | |||
| description | description | |||
| "Unique identifier for the policy entry."; | "Unique identifier for the policy entry."; | |||
| } | } | |||
| container filter { | container filters { | |||
| choice lan { | list filter { | |||
| default lan-tag; | key type; | |||
| case lan-tag { | ordered-by user; | |||
| leaf-list lan-tag { | leaf type { | |||
| type string; | type identityref { | |||
| description | base vpn-policy-filter-type; | |||
| "List of 'lan-tag' items to be matched.Lan-tag | } | |||
| is Internal tag to be used in VPN policies "; | description | |||
| "Type of VPN Policy filter."; | ||||
| } | } | |||
| } | ||||
| case prefixes { | ||||
| leaf-list ipv4-lan-prefix { | leaf-list ipv4-lan-prefix { | |||
| if-feature ipv4; | if-feature ipv4; | |||
| type inet:ipv4-prefix; | type inet:ipv4-prefix; | |||
| description | description | |||
| "List of IPv4 prefixes as LAN Prefixes to be matched."; | "List of IPv4 prefixes as LAN Prefixes to be matched."; | |||
| } | } | |||
| leaf-list lan-tag { | ||||
| if-feature lan-tag; | ||||
| type string; | ||||
| description | ||||
| "List of 'lan-tag' items to be matched. Lan-tag | ||||
| is Internal tag to be used in VPN policies "; | ||||
| } | ||||
| leaf-list ipv6-lan-prefix { | leaf-list ipv6-lan-prefix { | |||
| if-feature ipv6; | if-feature ipv6; | |||
| type inet:ipv6-prefix; | type inet:ipv6-prefix; | |||
| description | description | |||
| "List of IPv6 prefixes as LAN prefixes to be matched."; | "List of IPv6 prefixes as LAN prefixes to be matched."; | |||
| } | } | |||
| } | description | |||
| description | "List of filters used on the site. This list can | |||
| "Choice of ways to do LAN matching."; | be augmented."; | |||
| } | } | |||
| description | description | |||
| "If a more-granular VPN attachment is necessary, filtering can | "If a more-granular VPN attachment is necessary, filtering can | |||
| be used. If used, it permits the splitting of site LANs among | be used. If used, it permits the splitting of site LANs among | |||
| multiple VPNs.The Site LAN can be split based on either LAN-tag | multiple VPNs.The Site LAN can be split based on either LAN-tag | |||
| or LAN prefix. If no filter is used, all the LANs will be | or LAN prefix. If no filter is used, all the LANs will be | |||
| part of the same VPNs with the same role."; | part of the same VPNs with the same role."; | |||
| } | } | |||
| container vpn { | list vpn { | |||
| key vpn-id; | ||||
| leaf vpn-id { | leaf vpn-id { | |||
| type leafref { | type leafref { | |||
| path "/l3vpn-svc/vpn-services/"+ | path "/l3vpn-svc/vpn-services/"+ | |||
| "vpn-service/vpn-id"; | "vpn-service/vpn-id"; | |||
| } | } | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "Reference to an IP VPN."; | "Reference to an IP VPN."; | |||
| } | } | |||
| leaf site-role { | leaf site-role { | |||
| End of changes. 53 change blocks. | ||||
| 118 lines changed or deleted | 169 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||