idnits 2.17.1 draft-aguado-opsawg-l3sm-l3nm-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 70 instances of too long lines in the document, the longest one being 75 characters in excess of 72. ** The abstract seems to contain references ([RFC8309], [RFC8299]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 380 has weird spacing: '...--rw id str...' == Line 382 has weird spacing: '...--rw id str...' == Line 384 has weird spacing: '...--rw id str...' == Line 386 has weird spacing: '...--rw id str...' == Line 388 has weird spacing: '...--rw id str...' == (25 more instances...) -- The document date (July 8, 2019) is 1725 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'I-D.evenwu-opsawg-yang-composed-vpn' is mentioned on line 123, but not defined == Missing Reference: 'RFC8453' is mentioned on line 203, but not defined == Missing Reference: 'RFC8340' is mentioned on line 131, but not defined == Missing Reference: 'RFC8466' is mentioned on line 286, but not defined Summary: 2 errors (**), 0 flaws (~~), 11 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force A. Aguado 3 Internet-Draft O. Gonzalez de Dios, Ed. 4 Intended status: Standards Track V. Lopez 5 Expires: January 9, 2020 Telefonica 6 D. Voyer 7 Bell Canada 8 L. Munoz 9 Vodafone 10 July 8, 2019 12 Layer 3 VPN Network Model 13 draft-aguado-opsawg-l3sm-l3nm-01 15 Abstract 17 RFC 8299 [RFC8299] defines a L3VPN Service Model (L3SM) YANG data 18 model that can be used for communication between customers and 19 network operators. It assumes that there is a monolithic management 20 system with full control of transport resources. This approach (that 21 is valid for the customer to network operator conversation) limits 22 the usage of the model to the role of a Customer Service Model, 23 according to the terminology defined in RFC 8309 [RFC8309]. 25 There is a need for a YANG model for use between the entity that 26 interacts directly with the customer (service orchestrator) and the 27 entity in charge of network orchestration and control which, 28 according to RFC 8309 [RFC8309], can be referred as Service Delivery 29 Model. In some cases, the control of the network is further expanded 30 into per- domain control. 32 This document uses the L3SM model defined in RFC 8299 [RFC8299], and 33 extends it to facilitate communication between the service 34 orchestrator and transport orchestrator (MSDC), and an MDSC and 35 domain controllers. The resulting model is called the L3VPN Network 36 Model (L3NM). 38 Status of This Memo 40 This Internet-Draft is submitted in full conformance with the 41 provisions of BCP 78 and BCP 79. 43 Internet-Drafts are working documents of the Internet Engineering 44 Task Force (IETF). Note that other groups may also distribute 45 working documents as Internet-Drafts. The list of current Internet- 46 Drafts is at https://datatracker.ietf.org/drafts/current/. 48 Internet-Drafts are draft documents valid for a maximum of six months 49 and may be updated, replaced, or obsoleted by other documents at any 50 time. It is inappropriate to use Internet-Drafts as reference 51 material or to cite them other than as "work in progress." 53 This Internet-Draft will expire on January 9, 2020. 55 Copyright Notice 57 Copyright (c) 2019 IETF Trust and the persons identified as the 58 document authors. All rights reserved. 60 This document is subject to BCP 78 and the IETF Trust's Legal 61 Provisions Relating to IETF Documents 62 (https://trustee.ietf.org/license-info) in effect on the date of 63 publication of this document. Please review these documents 64 carefully, as they describe your rights and restrictions with respect 65 to this document. Code Components extracted from this document must 66 include Simplified BSD License text as described in Section 4.e of 67 the Trust Legal Provisions and are provided without warranty as 68 described in the Simplified BSD License. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 73 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 74 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 75 2. Reference architecture . . . . . . . . . . . . . . . . . . . 4 76 3. Yang model explanation . . . . . . . . . . . . . . . . . . . 7 77 3.1. Structure of the model . . . . . . . . . . . . . . . . . 8 78 3.2. sites and bearers . . . . . . . . . . . . . . . . . . . . 8 79 3.3. Bearer ethernet Encapsulation . . . . . . . . . . . . . . 8 80 3.4. Multi-Domain Resource Management . . . . . . . . . . . . 8 81 3.5. Remote Far-End Configuration . . . . . . . . . . . . . . 9 82 3.6. Provide Edge Identification Point . . . . . . . . . . . . 9 83 4. Design of the data model . . . . . . . . . . . . . . . . . . 10 84 5. Yang module . . . . . . . . . . . . . . . . . . . . . . . . . 20 85 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 96 86 7. Security Considerations . . . . . . . . . . . . . . . . . . . 96 87 8. Implementation Status . . . . . . . . . . . . . . . . . . . . 96 88 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 97 89 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 97 90 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 97 91 11.1. Normative References . . . . . . . . . . . . . . . . . . 97 92 11.2. Informative References . . . . . . . . . . . . . . . . . 97 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 98 95 1. Introduction 97 RFC 8299 [RFC8299] defines a L3VPN Service Model (L3SM) YANG data 98 model that can be used for communication between customers and 99 network operators. Although the intention to provide an abstracted 100 view of the customer's requested services is clear, the assumption is 101 that the model is applied at the top of a monolithic management 102 system with full control of transport resources. That assumption 103 substantially limits the usage of the L3SM to the role of a Customer 104 Service Model, according to the terminology defined in RFC 8309 105 [RFC8309]. 107 The yang data model defined in this document is called the L3VPN 108 Network Model (L3NM). It enables further capabilities, such as 109 resource management or to serve as a multi-domain orchestration 110 interface, where transport resources must be synchronized. The 111 proposed yang module has been built with a Prune and extend approach, 112 taking as a starting points the YANG model described in RFC 8299 113 [RFC8299]. 115 This document does not obsolete, but complements, the definitions in 116 RFC 8299 [RFC8299]. It aims to provide a different scope for the 117 L3SM, but does not attempt to address all deployment cases especially 118 those where the L3VPN connectivity is supported through the 119 coordination of different VPNs in different underlying networks. 120 More complex deployment scenarios involving the coordination of 121 different VPN instances and different technologies to provide end-to- 122 end VPN connectivity is out of scope of this document, but is 123 discussed in [I-D.evenwu-opsawg-yang-composed-vpn]. 125 1.1. Terminology 127 This document assumes that the reader is familiar with the contents 128 of RFC 6241 [RFC6241], RFC 7950 [RFC7950], RFC 8299 [RFC8299], 129 RFC 8309 [RFC8309], and [RFC8453] and uses terminology from those 130 documents. Tree diagrams used in this document follow the notation 131 defined in [RFC8340]. 133 1.2. Requirements Language 135 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 136 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 137 document are to be interpreted as described in RFC 2119 [RFC2119]. 139 2. Reference architecture 141 Figure 1 shows where the L3NM is used in a management stack. The 142 figure is an expansion of the architecture presented in Section 5 of 143 RFC 8299 [RFC8299] and decomposes the box marked "orchestration" in 144 that figure into three separate functional components called "Service 145 Orchestration", "Network Orchestration", and "Domain Orchestration". 147 At the same time, terminology from RFC 8309 [RFC8309] is introduced 148 to show the distinction between the "Customer Service Model", the 149 "Service Delivery Model", the "Network Configuration Model", and the 150 "Device Configuration Model". In that context, the "Domain 151 Orchestration" and "Config Manager" roles may be performed by 152 "Controllers". 154 +---------------+ 155 | Customer | 156 +---------------+ 157 Customer Service Model | 158 l3vpn-svc | 159 +---------------+ 160 | Service | 161 | Orchestration | 162 +---------------+ 163 Service Delivery Model | 164 l3nm-svc | 165 (l3vpn-svc + extensions) | 166 +---------------+ 167 | Network | 168 | Orchestration | 169 +---------------+ 170 Network Configuration Model | 171 __________|____________ 172 | | 173 +---------------+ +---------------+ 174 | Domain | | Domain | 175 | Orchestration | | Orchestration | 176 +---------------+ +---------------+ 177 Device | | | 178 Configuration | | | 179 Model | | | 180 +---------+ | | 181 | Config | | | 182 | Manager | | | 183 +---------+ | | 184 | | | 185 | NETCONF/CLI.................. 186 | | | 187 +------------------------------------------------+ 188 Network 190 +++++++ 191 + AAA + 192 +++++++ 194 ++++++++ Bearer ++++++++ ++++++++ ++++++++ 195 + CE A + ----------- + PE A + + PE B + ---- + CE B + 196 ++++++++ Connection ++++++++ ++++++++ ++++++++ 198 Site A Site B 200 Figure 1: L3SM and L3NM 202 The L3SM and L3NM may also be set in the context of the ACTN 203 architecture [RFC8453]. Figure 2 shows the Customer Network 204 Controller (CNC), the Multi-Domain Service Coordinator (MDSC), and 205 the Provisioning Network Controller (PNC). It also shows the 206 interfaces between these functional units: the CNC-MDSC Interface 207 (CMI), the MDSC-PNC Interface (MPI), and the Southbound Interface 208 (SBI). 210 ---------------------------------- 211 | Customer | 212 | ----------------------------- | 213 | | CNC | | 214 | ----------------------------- | 215 ----:-----------------------:----- 216 : : 217 : L3SM : L3SM 218 : : 219 ---------:--------- ------------------- 220 | MDSC : | | MDSC | 221 | --------------- | | (parent) | 222 | | Service | | ------------------- 223 | | Orchestration | | : 224 | --------------- | : L3NM 225 | : | : 226 | : L3NM | ------------------- 227 | : | | MDSC | 228 | --------------- | | (child) | 229 | | Network | | ------------------- 230 | | Orchestration | | : 231 | --------------- | : 232 ---------:--------- : 233 : : 234 : Network Configuration : 235 : : 236 ------------:------- ---------:------------ 237 | Domain : | | : Domain | 238 | Controller : | | : Controller | 239 | --------- | | --------- | 240 | | PNC | | | | PNC | | 241 | --------- | | --------- | 242 ------------:------- ---------:------------ 243 : : 244 : Device Configuration : 245 : : 246 -------- -------- 247 | Device | | Device | 248 -------- -------- 250 Figure 2: L3SM and L3NM in the Context of ACTN 252 3. Yang model explanation 254 The scenarios covered include: the integration of ethernet and 255 encapsulation parameters, the extension for transport resources (e.g. 256 RTs and RDs) to be orchestrated from the management system, far-end 257 configuration of PEs not managed by the management system and the 258 definition for PE identification. 260 3.1. Structure of the model 262 The YANG module is divided into three main containers: "vpn- 263 services","sites" and "vpn-profiles". 265 3.2. sites and bearers 267 A site, as per RFC 8299 [RFC8299], represents a connection of a 268 customer office to one or more VPN services. As this Yang module is 269 the network view, each site is associated with a list of bearers. A 270 bearer is the layer two connection with the site. In the module it 271 is asumened that the bearer has been allocated by the Service 272 Provider (e.g. by the service orchestrator). The bearer is 273 associated to a network element and a port. Hence, a bearer is not 274 just a bearer-reference, but also a true reference to given port in 275 the service provider network. 277 3.3. Bearer ethernet Encapsulation 279 The definition of a L3 VPN is commonly defined not only at the IP 280 layer, but also requires to identify parameters at the Ethernet 281 layer, such as encapsulation (e.g. VLAN, QinQ, QinAny, VxLAN, etc). 282 This specification is not supported in [RFC8299], whilst it suggests 283 that any extension on this direction shall be implemented via 284 augmentation of the bearer container. The extension defined to cope 285 with these parameters uses the connection container inside the site- 286 network-access defined by the the [RFC8466]. This container defines 287 protocol parameters to enable connectivity at Layer 2. In the 288 context of L3SM, the augmentation includes only mandatory parameters 289 for the service configuration, which are mainly related to the 290 interface encapsulation. Other definitions from L2SM connection 291 container are left aside. For example, LAG information is not 292 required and it shall be configured prior to the service 293 configuration, being the aggregated interface identified in the model 294 as the bearer-reference, as discussed later in Section 4.4. 296 3.4. Multi-Domain Resource Management 298 The implementation of L3 VPN services which spans across 299 administratively separated domains (i.e. that under the 300 administration of different management systems or controllers) 301 requires some network resources to be synchronised between systems. 302 Particularly, there are two resources that must be orchestrated and 303 synchronised to avoid asymmetric (non-functional) configuration, or 304 the usage of unavailable resources. For example, RTs shall be 305 synchronised between PEs. When every PE is controlled by the same 306 management system, RT allocation can be performed by the system. In 307 cases where the service spans across multiple management systems, 308 this task shall be synchronised and, therefore, the service model 309 must allow this specification. In addition, RDs must be also 310 synchronised to avoid collisions in RD allocation between separated 311 systems. A incorrect allocation might lead into same RD and IP 312 prefixes being exported by different PE routers. 314 3.5. Remote Far-End Configuration 316 Depending on the control plane implementation, different network 317 scenarios might require additional information for the L3 VPN service 318 to be configured and active. For example, an L3 VPN Option C 319 service, if no reflection of IPv4 VPN routes is configured via ASBR 320 or route reflector, may require additional configuration (e.g. a new 321 BGP neighbour) to be coordinated between both management systems. 322 This definition requires for every management system participant on 323 the VPN to receive not just their own sites and site-network- 324 accesses, but also to receive information about external ones, 325 identified as an external site-network-access-type. In addition, 326 this particular site-network-access is augmented to include the 327 loopback address of the far-end (remote/external) PE router. 329 3.6. Provide Edge Identification Point 331 RFC8299 states that The "bearer-reference" parameter is used in cases 332 where the customer has already ordered a network connection to the SP 333 apart from the IP VPN site and wants to reuse this connection. The 334 string used is an internal reference from the SP and describe the 335 already-available connection. Oftenly, a client interface (either a 336 customer one or an interface used by the SP) is already in place and 337 connected, although it has not being used previously. In some other 338 cases (e.g. for stitching purposes), the termination of a VPN service 339 is done over logical terminations within a PE router. 341 The bearer-reference must serve as a strict unequivocal parameters to 342 identify the connection between a PE and a client (CE). This means 343 that, despite the type is maintained as a string and there is no 344 restriction in the way this data is formed, the bearer-reference must 345 serve as the unique way to identify the PE router and the client 346 interface. This, together with the encapsulation augments proposed 347 in 4.1, serves as the way to identify the client interface and 348 configure L2 specific parameters. 350 4. Design of the data model 352 The augments defined in this document are organised per scenario, as 353 per defined in Section 4. The case described 4.4 does not need any 354 further extension of the data model and only requires a more 355 restricted definition on how the data model is used for PE router and 356 client port identification, so no augment is implemented for this 357 scenario. 359 The augments implemented are distributed as follows. The first 360 augment implements the extensions for RT and RD definition for the L3 361 VPN, following the YANG definitions from BESS-L3VPN. The second 362 augment copes with the information from a remote PE not directly 363 under the management system supervision. This augment does not 364 follow any previously defined model and includes the loopback IP 365 address of the external router. The last augment includes 366 information below layer 3 that is required for the service. In 367 particular, we include information related to clients interface 368 encapsulation and aggregation. 370 The high-level model structure proposed by this document is as shown 371 below: 373 |-------------------- EXAMPLE --------------------| 375 module: ietf-l3vpn-ntw 376 +--rw l3vpn-ntw 377 +--rw vpn-profiles 378 | +--rw valid-provider-identifiers 379 | +--rw cloud-identifier* [id] {cloud-access}? 380 | | +--rw id string 381 | +--rw encryption-profile-identifier* [id] 382 | | +--rw id string 383 | +--rw qos-profile-identifier* [id] 384 | | +--rw id string 385 | +--rw bfd-profile-identifier* [id] 386 | | +--rw id string 387 | +--rw routing-profile-identifier* [id] 388 | +--rw id string 389 +--rw vpn-services 390 | +--rw vpn-service* [vpn-id] 391 | +--rw vpn-id svc-id 392 | +--rw customer-name? string 393 | +--rw vpn-service-topology? identityref 394 | +--rw description? string 395 | +--rw ie-profiles 396 | | +--rw ie-profile* [ie-profile-id] 397 | | +--rw ie-profile-id string 398 | | +--rw rd? rt-types:route-distinguisher 399 | | +--rw vpn-targets 400 | | +--rw vpn-target* [route-target] 401 | | +--rw route-target rt-types:route-target 402 | | +--rw route-target-type rt-types:route-target-type 403 | +--rw vpn-nodes 404 | | +--rw vpn-node* [vpn-node-id ne-id] 405 | | +--rw vpn-node-id string 406 | | +--rw description? string 407 | | +--rw ne-id string 408 | | +--rw router-id? inet:ipv4-address 409 | | +--rw autonomous-system? uint32 410 | | +--rw node-role? identityref 411 | | +--rw status 412 | | | +--rw admin-enabled? boolean 413 | | | +--ro oper-status? operational-type 414 | | +--rw maximum-routes 415 | | | +--rw address-family* [af] 416 | | | +--rw af address-family 417 | | | +--rw maximum-routes? uint32 418 | | +--rw node-ie-profile? -> /l3vpn-ntw/vpn-services/vpn-service/ie-profiles/ie-profile/ie-profile-id 419 | | +--rw site-attachments 420 | | +--rw site-attachment* [site-id] 421 | | +--rw site-id -> /l3vpn-ntw/sites/site/site-id 422 | | +--rw site-network-access-id* -> /l3vpn-ntw/sites/site/site-network-accesses/site-network-access/site-network-access-id 423 | +--rw cloud-accesses {cloud-access}? 424 | | +--rw cloud-access* [cloud-identifier] 425 | | +--rw cloud-identifier -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/cloud-identifier/id 426 | | +--rw (list-flavor)? 427 | | | +--:(permit-any) 428 | | | | +--rw permit-any? empty 429 | | | +--:(deny-any-except) 430 | | | | +--rw permit-site* -> /l3vpn-ntw/sites/site/site-id 431 | | | +--:(permit-any-except) 432 | | | +--rw deny-site* -> /l3vpn-ntw/sites/site/site-id 433 | | +--rw address-translation 434 | | +--rw nat44 435 | | +--rw enabled? boolean 436 | | +--rw nat44-customer-address? inet:ipv4-address 437 | +--rw multicast {multicast}? 438 | | +--rw enabled? boolean 439 | | +--rw customer-tree-flavors 440 | | | +--rw tree-flavor* identityref 441 | | +--rw rp 442 | | +--rw rp-group-mappings 443 | | | +--rw rp-group-mapping* [id] 444 | | | +--rw id uint16 445 | | | +--rw provider-managed 446 | | | | +--rw enabled? boolean 447 | | | | +--rw rp-redundancy? boolean 448 | | | | +--rw optimal-traffic-delivery? boolean 449 | | | +--rw rp-address inet:ip-address 450 | | | +--rw groups 451 | | | +--rw group* [id] 452 | | | +--rw id uint16 453 | | | +--rw (group-format) 454 | | | +--:(singleaddress) 455 | | | | +--rw group-address? inet:ip-address 456 | | | +--:(startend) 457 | | | +--rw group-start? inet:ip-address 458 | | | +--rw group-end? inet:ip-address 459 | | +--rw rp-discovery 460 | | +--rw rp-discovery-type? identityref 461 | | +--rw bsr-candidates 462 | | +--rw bsr-candidate-address* inet:ip-address 463 | +--rw carrierscarrier? boolean {carrierscarrier}? 464 | +--rw extranet-vpns {extranet-vpn}? 465 | +--rw extranet-vpn* [vpn-id] 466 | +--rw vpn-id svc-id 467 | +--rw local-sites-role? identityref 468 +--rw sites 469 +--rw site* [site-id] 470 +--rw site-id svc-id 471 +--rw description? string 472 +--rw requested-site-start? yang:date-and-time 473 +--rw requested-site-stop? yang:date-and-time 474 +--rw locations 475 | +--rw location* [location-id] 476 | +--rw location-id svc-id 477 | +--rw address? string 478 | +--rw postal-code? string 479 | +--rw state? string 480 | +--rw city? string 481 | +--rw country-code? string 482 +--rw devices 483 | +--rw device* [device-id] 484 | +--rw device-id svc-id 485 | +--rw location -> ../../../locations/location/location-id 486 | +--rw management 487 | +--rw address-family? address-family 488 | +--rw address inet:ip-address 489 +--rw site-diversity {site-diversity}? 490 | +--rw groups 491 | +--rw group* [group-id] 492 | +--rw group-id string 493 +--rw management 494 | +--rw type identityref 495 +--rw vpn-policies 496 | +--rw vpn-policy* [vpn-policy-id] 497 | +--rw vpn-policy-id svc-id 498 | +--rw entries* [id] 499 | +--rw id svc-id 500 | +--rw filters 501 | | +--rw filter* [type] 502 | | +--rw type identityref 503 | | +--rw lan-tag* string {lan-tag}? 504 | | +--rw ipv4-lan-prefix* inet:ipv4-prefix {ipv4}? 505 | | +--rw ipv6-lan-prefix* inet:ipv6-prefix {ipv6}? 506 | +--rw vpn* [vpn-id] 507 | +--rw vpn-id -> /l3vpn-ntw/vpn-services/vpn-service/vpn-id 508 | +--rw site-role? identityref 509 +--rw site-vpn-flavor? identityref 510 +--rw maximum-routes 511 | +--rw address-family* [af] 512 | +--rw af address-family 513 | +--rw maximum-routes? uint32 514 +--rw security 515 | +--rw authentication 516 | +--rw encryption {encryption}? 517 | +--rw enabled? boolean 518 | +--rw layer? enumeration 519 | +--rw encryption-profile 520 | +--rw (profile)? 521 | +--:(provider-profile) 522 | | +--rw profile-name? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/encryption-profile-identifier/id 523 | +--:(customer-profile) 524 | +--rw algorithm? string 525 | +--rw (key-type)? 526 | +--:(psk) 527 | +--rw preshared-key? string 528 +--rw service 529 | +--rw qos {qos}? 530 | | +--rw qos-classification-policy 531 | | | +--rw rule* [id] 532 | | | +--rw id string 533 | | | +--rw (match-type)? 534 | | | | +--:(match-flow) 535 | | | | | +--rw match-flow 536 | | | | | +--rw dscp? inet:dscp 537 | | | | | +--rw dot1p? uint8 538 | | | | | +--rw ipv4-src-prefix? inet:ipv4-prefix 539 | | | | | +--rw ipv6-src-prefix? inet:ipv6-prefix 540 | | | | | +--rw ipv4-dst-prefix? inet:ipv4-prefix 541 | | | | | +--rw ipv6-dst-prefix? inet:ipv6-prefix 542 | | | | | +--rw l4-src-port? inet:port-number 543 | | | | | +--rw target-sites* svc-id {target-sites}? 544 | | | | | +--rw l4-src-port-range 545 | | | | | | +--rw lower-port? inet:port-number 546 | | | | | | +--rw upper-port? inet:port-number 547 | | | | | +--rw l4-dst-port? inet:port-number 548 | | | | | +--rw l4-dst-port-range 549 | | | | | | +--rw lower-port? inet:port-number 550 | | | | | | +--rw upper-port? inet:port-number 551 | | | | | +--rw protocol-field? union 552 | | | | +--:(match-application) 553 | | | | +--rw match-application? identityref 554 | | | +--rw target-class-id? string 555 | | +--rw qos-profile 556 | | +--rw (qos-profile)? 557 | | +--:(standard) 558 | | | +--rw profile? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id 559 | | +--:(custom) 560 | | +--rw classes {qos-custom}? 561 | | +--rw class* [class-id] 562 | | +--rw class-id string 563 | | +--rw direction? identityref 564 | | +--rw rate-limit? decimal64 565 | | +--rw latency 566 | | | +--rw (flavor)? 567 | | | +--:(lowest) 568 | | | | +--rw use-lowest-latency? empty 569 | | | +--:(boundary) 570 | | | +--rw latency-boundary? uint16 571 | | +--rw jitter 572 | | | +--rw (flavor)? 573 | | | +--:(lowest) 574 | | | | +--rw use-lowest-jitter? empty 575 | | | +--:(boundary) 576 | | | +--rw latency-boundary? uint32 577 | | +--rw bandwidth 578 | | +--rw guaranteed-bw-percent decimal64 579 | | +--rw end-to-end? empty 580 | +--rw carrierscarrier {carrierscarrier}? 581 | | +--rw signalling-type? enumeration 582 | +--rw multicast {multicast}? 583 | +--rw multicast-site-type? enumeration 584 | +--rw multicast-address-family 585 | | +--rw ipv4? boolean {ipv4}? 586 | | +--rw ipv6? boolean {ipv6}? 587 | +--rw protocol-type? enumeration 588 +--rw traffic-protection {fast-reroute}? 589 | +--rw enabled? boolean 590 +--rw routing-protocols 591 | +--rw routing-protocol* [type] 592 | +--rw type identityref 593 | +--rw routing-profiles* [id] 594 | | +--rw id -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/routing-profile-identifier/id 595 | | +--rw type? ie-type 596 | +--rw ospf {rtg-ospf}? 597 | | +--rw address-family* address-family 598 | | +--rw area-address yang:dotted-quad 599 | | +--rw metric? uint16 600 | | +--rw mtu? uint16 601 | | +--rw security 602 | | | +--rw auth-key? string 603 | | +--rw sham-links {rtg-ospf-sham-link}? 604 | | +--rw sham-link* [target-site] 605 | | +--rw target-site svc-id 606 | | +--rw metric? uint16 607 | +--rw bgp {rtg-bgp}? 608 | | +--rw autonomous-system uint32 609 | | +--rw address-family* address-family 610 | | +--rw neighbor? inet:ip-address 611 | | +--rw multihop? uint8 612 | | +--rw security 613 | | +--rw auth-key? string 614 | +--rw static 615 | | +--rw cascaded-lan-prefixes 616 | | +--rw ipv4-lan-prefixes* [lan next-hop] {ipv4}? 617 | | | +--rw lan inet:ipv4-prefix 618 | | | +--rw lan-tag? string 619 | | | +--rw next-hop inet:ipv4-address 620 | | +--rw ipv6-lan-prefixes* [lan next-hop] {ipv6}? 621 | | +--rw lan inet:ipv6-prefix 622 | | +--rw lan-tag? string 623 | | +--rw next-hop inet:ipv6-address 624 | +--rw rip {rtg-rip}? 625 | | +--rw address-family* address-family 626 | +--rw vrrp {rtg-vrrp}? 627 | +--rw address-family* address-family 628 +--ro actual-site-start? yang:date-and-time 629 +--ro actual-site-stop? yang:date-and-time 630 +--rw site-bearers 631 | +--rw bearer* [bearer-id] 632 | +--rw bearer-id string 633 | +--rw ne-id? string 634 | +--rw port-id? string 635 +--rw site-network-accesses 636 +--rw site-network-access* [site-network-access-id] 637 +--rw site-network-access-id svc-id 638 +--rw description? string 639 +--rw status 640 | +--rw admin-enabled? boolean 641 | +--ro oper-status? operational-type 642 +--rw site-network-access-type? identityref 643 +--rw (location-flavor) 644 | +--:(location) 645 | | +--rw location-reference? -> ../../../locations/location/location-id 646 | +--:(device) 647 | +--rw device-reference? -> ../../../devices/device/device-id 648 +--rw access-diversity {site-diversity}? 649 | +--rw groups 650 | | +--rw group* [group-id] 651 | | +--rw group-id string 652 | +--rw constraints 653 | +--rw constraint* [constraint-type] 654 | +--rw constraint-type identityref 655 | +--rw target 656 | +--rw (target-flavor)? 657 | +--:(id) 658 | | +--rw group* [group-id] 659 | | +--rw group-id string 660 | +--:(all-accesses) 661 | | +--rw all-other-accesses? empty 662 | +--:(all-groups) 663 | +--rw all-other-groups? empty 664 +--rw bearer 665 | +--rw requested-type {requested-type}? 666 | | +--rw requested-type? string 667 | | +--rw strict? boolean 668 | +--rw always-on? boolean {always-on}? 669 | +--rw bearer-reference? string {bearer-reference}? 670 | +--rw connection 671 | | +--rw encapsulation-type? identityref 672 | | +--rw eth-inf-type? identityref 673 | | +--rw tagged-interface 674 | | +--rw type? identityref 675 | | +--rw dot1q-vlan-tagged {dot1q}? 676 | | | +--rw tg-type? identityref 677 | | | +--rw cvlan-id uint16 678 | | +--rw priority-tagged 679 | | | +--rw tag-type? identityref 680 | | +--rw qinq {qinq}? 681 | | | +--rw tag-type? identityref 682 | | | +--rw svlan-id uint16 683 | | | +--rw cvlan-id uint16 684 | | +--rw qinany {qinany}? 685 | | | +--rw tag-type? identityref 686 | | | +--rw svlan-id uint16 687 | | +--rw vxlan {vxlan}? 688 | | +--rw vni-id uint32 689 | | +--rw peer-mode? identityref 690 | | +--rw peer-list* [peer-ip] 691 | | +--rw peer-ip inet:ip-address 692 | +--rw pseudowire 693 | +--rw vcid? uint32 694 +--rw ip-connection 695 | +--rw ipv4 {ipv4}? 696 | | +--rw address-allocation-type? identityref 697 | | +--rw provider-dhcp 698 | | | +--rw provider-address? inet:ipv4-address 699 | | | +--rw prefix-length? uint8 700 | | | +--rw (address-assign)? 701 | | | +--:(number) 702 | | | | +--rw number-of-dynamic-address? uint16 703 | | | +--:(explicit) 704 | | | +--rw customer-addresses 705 | | | +--rw address-group* [group-id] 706 | | | +--rw group-id string 707 | | | +--rw start-address? inet:ipv4-address 708 | | | +--rw end-address? inet:ipv4-address 709 | | +--rw dhcp-relay 710 | | | +--rw provider-address? inet:ipv4-address 711 | | | +--rw prefix-length? uint8 712 | | | +--rw customer-dhcp-servers 713 | | | +--rw server-ip-address* inet:ipv4-address 714 | | +--rw addresses 715 | | +--rw provider-address? inet:ipv4-address 716 | | +--rw customer-address? inet:ipv4-address 717 | | +--rw prefix-length? uint8 718 | +--rw ipv6 {ipv6}? 719 | | +--rw address-allocation-type? identityref 720 | | +--rw provider-dhcp 721 | | | +--rw provider-address? inet:ipv6-address 722 | | | +--rw prefix-length? uint8 723 | | | +--rw (address-assign)? 724 | | | +--:(number) 725 | | | | +--rw number-of-dynamic-address? uint16 726 | | | +--:(explicit) 727 | | | +--rw customer-addresses 728 | | | +--rw address-group* [group-id] 729 | | | +--rw group-id string 730 | | | +--rw start-address? inet:ipv6-address 731 | | | +--rw end-address? inet:ipv6-address 732 | | +--rw dhcp-relay 733 | | | +--rw provider-address? inet:ipv6-address 734 | | | +--rw prefix-length? uint8 735 | | | +--rw customer-dhcp-servers 736 | | | +--rw server-ip-address* inet:ipv6-address 737 | | +--rw addresses 738 | | +--rw provider-address? inet:ipv6-address 739 | | +--rw customer-address? inet:ipv6-address 740 | | +--rw prefix-length? uint8 741 | +--rw oam 742 | +--rw bfd {bfd}? 743 | +--rw enabled? boolean 744 | +--rw (holdtime)? 745 | +--:(fixed) 746 | | +--rw fixed-value? uint32 747 | +--:(profile) 748 | +--rw profile-name? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/bfd-profile-identifier/id 749 +--rw security 750 | +--rw authentication 751 | +--rw encryption {encryption}? 752 | +--rw enabled? boolean 753 | +--rw layer? enumeration 754 | +--rw encryption-profile 755 | +--rw (profile)? 756 | +--:(provider-profile) 757 | | +--rw profile-name? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/encryption-profile-identifier/id 758 | +--:(customer-profile) 759 | +--rw algorithm? string 760 | +--rw (key-type)? 761 | +--:(psk) 762 | +--rw preshared-key? string 763 +--rw service 764 | +--rw svc-input-bandwidth uint64 765 | +--rw svc-output-bandwidth uint64 766 | +--rw svc-mtu uint16 767 | +--rw qos {qos}? 768 | | +--rw qos-classification-policy 769 | | | +--rw rule* [id] 770 | | | +--rw id string 771 | | | +--rw (match-type)? 772 | | | | +--:(match-flow) 773 | | | | | +--rw match-flow 774 | | | | | +--rw dscp? inet:dscp 775 | | | | | +--rw dot1p? uint8 776 | | | | | +--rw ipv4-src-prefix? inet:ipv4-prefix 777 | | | | | +--rw ipv6-src-prefix? inet:ipv6-prefix 778 | | | | | +--rw ipv4-dst-prefix? inet:ipv4-prefix 779 | | | | | +--rw ipv6-dst-prefix? inet:ipv6-prefix 780 | | | | | +--rw l4-src-port? inet:port-number 781 | | | | | +--rw target-sites* svc-id {target-sites}? 782 | | | | | +--rw l4-src-port-range 783 | | | | | | +--rw lower-port? inet:port-number 784 | | | | | | +--rw upper-port? inet:port-number 785 | | | | | +--rw l4-dst-port? inet:port-number 786 | | | | | +--rw l4-dst-port-range 787 | | | | | | +--rw lower-port? inet:port-number 788 | | | | | | +--rw upper-port? inet:port-number 789 | | | | | +--rw protocol-field? union 790 | | | | +--:(match-application) 791 | | | | +--rw match-application? identityref 792 | | | +--rw target-class-id? string 793 | | +--rw qos-profile 794 | | +--rw (qos-profile)? 795 | | +--:(standard) 796 | | | +--rw profile? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id 797 | | +--:(custom) 798 | | +--rw classes {qos-custom}? 799 | | +--rw class* [class-id] 800 | | +--rw class-id string 801 | | +--rw direction? identityref 802 | | +--rw rate-limit? decimal64 803 | | +--rw latency 804 | | | +--rw (flavor)? 805 | | | +--:(lowest) 806 | | | | +--rw use-lowest-latency? empty 807 | | | +--:(boundary) 808 | | | +--rw latency-boundary? uint16 809 | | +--rw jitter 810 | | | +--rw (flavor)? 811 | | | +--:(lowest) 812 | | | | +--rw use-lowest-jitter? empty 813 | | | +--:(boundary) 814 | | | +--rw latency-boundary? uint32 815 | | +--rw bandwidth 816 | | +--rw guaranteed-bw-percent decimal64 817 | | +--rw end-to-end? empty 818 | +--rw carrierscarrier {carrierscarrier}? 819 | | +--rw signalling-type? enumeration 820 | +--rw multicast {multicast}? 821 | +--rw multicast-site-type? enumeration 822 | +--rw multicast-address-family 823 | | +--rw ipv4? boolean {ipv4}? 824 | | +--rw ipv6? boolean {ipv6}? 825 | +--rw protocol-type? enumeration 826 +--rw routing-protocols 827 | +--rw routing-protocol* [type] 828 | +--rw type identityref 829 | +--rw routing-profiles* [id] 830 | | +--rw id -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/routing-profile-identifier/id 831 | | +--rw type? ie-type 832 | +--rw ospf {rtg-ospf}? 833 | | +--rw address-family* address-family 834 | | +--rw area-address yang:dotted-quad 835 | | +--rw metric? uint16 836 | | +--rw mtu? uint16 837 | | +--rw security 838 | | | +--rw auth-key? string 839 | | +--rw sham-links {rtg-ospf-sham-link}? 840 | | +--rw sham-link* [target-site] 841 | | +--rw target-site svc-id 842 | | +--rw metric? uint16 843 | +--rw bgp {rtg-bgp}? 844 | | +--rw autonomous-system uint32 845 | | +--rw address-family* address-family 846 | | +--rw neighbor? inet:ip-address 847 | | +--rw multihop? uint8 848 | | +--rw security 849 | | +--rw auth-key? string 850 | +--rw static 851 | | +--rw cascaded-lan-prefixes 852 | | +--rw ipv4-lan-prefixes* [lan next-hop] {ipv4}? 853 | | | +--rw lan inet:ipv4-prefix 854 | | | +--rw lan-tag? string 855 | | | +--rw next-hop inet:ipv4-address 856 | | +--rw ipv6-lan-prefixes* [lan next-hop] {ipv6}? 857 | | +--rw lan inet:ipv6-prefix 858 | | +--rw lan-tag? string 859 | | +--rw next-hop inet:ipv6-address 860 | +--rw rip {rtg-rip}? 861 | | +--rw address-family* address-family 862 | +--rw vrrp {rtg-vrrp}? 863 | +--rw address-family* address-family 864 +--rw availability 865 +--rw access-priority? uint32 867 Figure 3 869 5. Yang module 871 |-------------------- EXAMPLE --------------------| 873 file "ietf-l3vpn-ntw@2019-07-04.yang" 874 module ietf-l3vpn-ntw { 875 yang-version 1.1; 876 namespace "urn:ietf:params:xml:ns:yang:ietf-l3vpn-ntw"; 877 prefix l3vpn-ntw; 878 import ietf-inet-types { 879 prefix inet; 880 } 881 import ietf-yang-types { 882 prefix yang; 883 } 884 import ietf-netconf-acm { 885 prefix nacm; 886 } 887 import ietf-routing-types { 888 prefix rt-types; 889 } 890 organization 891 "DRAFT Proposal"; 892 contact 893 "WG List: draft proposal 894 Editor: 895 draft proposal 896 Chairs: 898 "; 899 description 900 "This YANG module defines a generic network-oriented model 901 for the configuration of Layer 3 VPNs. This model is common 902 across all vendor implementations. 904 Copyright (c) 2018 IETF Trust and the persons 905 identified as authors of the code. All rights reserved. 907 Redistribution and use in source and binary forms, with or 908 without modification, is permitted pursuant to, and subject 909 to the license terms contained in, the Simplified BSD License 910 set forth in Section 4.c of the IETF Trust's Legal Provisions 911 Relating to IETF Documents 912 (https://trustee.ietf.org/license-info). 914 This version of this YANG module is based on RFC 8299; see 915 the RFC itself for full legal notices."; 917 revision 2019-07-04 { 918 description 919 "Initial document. The document as a whole is based on L3SM 920 module, defined in RFC 8299, modified to fit the requirements 921 of the platforms at the network layer."; 922 reference 923 "RFC 8049."; 925 } 926 /* Features */ 927 feature cloud-access { 928 description 929 "Allows the VPN to connect to a CSP."; 930 } 931 feature multicast { 932 description 933 "Enables multicast capabilities in a VPN."; 934 } 935 feature ipv4 { 936 description 937 "Enables IPv4 support in a VPN."; 938 } 939 feature ipv6 { 940 description 941 "Enables IPv6 support in a VPN."; 942 } 943 feature lan-tag { 944 description 945 "Enables LAN Tag support in a VPN Policy filter."; 946 } 947 feature carrierscarrier { 948 description 949 "Enables support of CsC."; 950 } 951 feature extranet-vpn { 952 description 953 "Enables support of extranet VPNs."; 954 } 955 feature site-diversity { 956 description 957 "Enables support of site diversity constraints."; 958 } 959 feature encryption { 960 description 961 "Enables support of encryption."; 962 } 963 feature qos { 964 description 965 "Enables support of classes of services."; 966 } 967 feature qos-custom { 968 description 969 "Enables support of the custom QoS profile."; 970 } 971 feature rtg-bgp { 972 description 973 "Enables support of the BGP routing protocol."; 974 } 975 feature rtg-rip { 976 description 977 "Enables support of the RIP routing protocol."; 978 } 979 feature rtg-ospf { 980 description 981 "Enables support of the OSPF routing protocol."; 982 } 983 feature rtg-ospf-sham-link { 984 description 985 "Enables support of OSPF sham links."; 986 } 987 feature rtg-vrrp { 988 description 989 "Enables support of the VRRP routing protocol."; 990 } 991 feature fast-reroute { 992 description 993 "Enables support of Fast Reroute."; 994 } 995 feature bfd { 996 description 997 "Enables support of BFD."; 998 } 999 feature always-on { 1000 description 1001 "Enables support of the 'always-on' access constraint."; 1002 } 1003 feature requested-type { 1004 description 1005 "Enables support of the 'requested-type' access constraint."; 1006 } 1007 feature bearer-reference { 1008 description 1009 "Enables support of the 'bearer-reference' access constraint."; 1010 } 1011 feature target-sites { 1012 description 1013 "Enables support of the 'target-sites' match flow parameter."; 1014 } 1015 /* Typedefs */ 1016 typedef svc-id { 1017 type string; 1018 description 1019 "Defines a type of service component identifier."; 1020 } 1021 typedef template-id { 1022 type string; 1023 description 1024 "Defines a type of service template identifier."; 1025 } 1026 typedef address-family { 1027 type enumeration { 1028 enum ipv4 { 1029 description 1030 "IPv4 address family."; 1031 } 1032 enum ipv6 { 1033 description 1034 "IPv6 address family."; 1035 } 1036 } 1037 description 1038 "Defines a type for the address family."; 1039 } 1041 typedef ie-type { 1042 type enumeration { 1043 enum "import" { 1044 value 0; 1045 description "Import routing profile."; 1046 } 1047 enum "export" { 1048 value 1; 1049 description "Export routing profile"; 1050 } 1051 enum "both" { 1052 value 2; 1053 description "Import/Export routing profile"; 1054 } 1055 } 1056 } 1058 typedef operational-type { 1059 type enumeration { 1060 enum "up" { 1061 value 0; 1062 description "Operational status UP."; 1063 } 1064 enum "down" { 1065 value 1; 1066 description "Operational status DOWN"; 1067 } 1068 enum "unknown" { 1069 value 2; 1070 description "Operational status UNKNOWN"; 1071 } 1072 } 1073 } 1075 /* Identities */ 1076 identity site-network-access-type { 1077 description 1078 "Base identity for site-network-access type."; 1079 } 1080 identity point-to-point { 1081 base site-network-access-type; 1082 description 1083 "Identity for point-to-point connection."; 1084 } 1085 /* Extension */ 1086 identity pseudowire { 1087 base site-network-access-type; 1088 description 1089 "Identity for pseudowire connection."; 1090 } 1091 identity loopback { 1092 base site-network-access-type; 1093 description 1094 "Identity for an internal loobpack interface."; 1095 } 1096 /* End of Extension */ 1097 identity multipoint { 1098 base site-network-access-type; 1099 description 1100 "Identity for multipoint connection. 1101 Example: Ethernet broadcast segment."; 1102 } 1103 identity placement-diversity { 1104 description 1105 "Base identity for site placement constraints."; 1106 } 1107 identity bearer-diverse { 1108 base placement-diversity; 1109 description 1110 "Identity for bearer diversity. 1111 The bearers should not use common elements."; 1112 } 1113 identity pe-diverse { 1114 base placement-diversity; 1115 description 1116 "Identity for PE diversity."; 1118 } 1119 identity pop-diverse { 1120 base placement-diversity; 1121 description 1122 "Identity for POP diversity."; 1123 } 1124 identity linecard-diverse { 1125 base placement-diversity; 1126 description 1127 "Identity for linecard diversity."; 1128 } 1129 identity same-pe { 1130 base placement-diversity; 1131 description 1132 "Identity for having sites connected on the same PE."; 1133 } 1134 identity same-bearer { 1135 base placement-diversity; 1136 description 1137 "Identity for having sites connected using the same bearer."; 1138 } 1139 identity customer-application { 1140 description 1141 "Base identity for customer application."; 1142 } 1143 identity web { 1144 base customer-application; 1145 description 1146 "Identity for Web application (e.g., HTTP, HTTPS)."; 1147 } 1148 identity mail { 1149 base customer-application; 1150 description 1151 "Identity for mail application."; 1152 } 1153 identity file-transfer { 1154 base customer-application; 1155 description 1156 "Identity for file transfer application (e.g., FTP, SFTP)."; 1157 } 1158 identity database { 1159 base customer-application; 1160 description 1161 "Identity for database application."; 1162 } 1163 identity social { 1164 base customer-application; 1165 description 1166 "Identity for social-network application."; 1167 } 1168 identity games { 1169 base customer-application; 1170 description 1171 "Identity for gaming application."; 1172 } 1173 identity p2p { 1174 base customer-application; 1175 description 1176 "Identity for peer-to-peer application."; 1177 } 1178 identity network-management { 1179 base customer-application; 1180 description 1181 "Identity for management application 1182 (e.g., Telnet, syslog, SNMP)."; 1183 } 1184 identity voice { 1185 base customer-application; 1186 description 1187 "Identity for voice application."; 1188 } 1189 identity video { 1190 base customer-application; 1191 description 1192 "Identity for video conference application."; 1193 } 1194 identity embb { 1195 base customer-application; 1196 description 1197 "Identity for an enhanced Mobile Broadband (eMBB) 1198 application. Note that an eMBB application demands 1199 network performance with a wide variety of 1200 characteristics, such as data rate, latency, 1201 loss rate, reliability, and many other parameters."; 1202 } 1203 identity urllc { 1204 base customer-application; 1205 description 1206 "Identity for an Ultra-Reliable and Low Latency 1207 Communications (URLLC) application. Note that a 1208 URLLC application demands network performance 1209 with a wide variety of characteristics, such as latency, 1210 reliability, and many other parameters."; 1211 } 1212 identity mmtc { 1213 base customer-application; 1214 description 1215 "Identity for a massive Machine Type 1216 Communications (mMTC) application. Note that an 1217 mMTC application demands network performance 1218 with a wide variety of characteristics, such as data 1219 rate, latency, loss rate, reliability, and many 1220 other parameters."; 1221 } 1222 identity site-vpn-flavor { 1223 description 1224 "Base identity for the site VPN service flavor."; 1225 } 1226 identity site-vpn-flavor-single { 1227 base site-vpn-flavor; 1228 description 1229 "Base identity for the site VPN service flavor. 1230 Used when the site belongs to only one VPN."; 1231 } 1232 identity site-vpn-flavor-multi { 1233 base site-vpn-flavor; 1234 description 1235 "Base identity for the site VPN service flavor. 1236 Used when a logical connection of a site 1237 belongs to multiple VPNs."; 1238 } 1239 identity site-vpn-flavor-sub { 1240 base site-vpn-flavor; 1241 description 1242 "Base identity for the site VPN service flavor. 1243 Used when a site has multiple logical connections. 1244 Each connection may belong to different multiple VPNs."; 1245 } 1246 identity site-vpn-flavor-nni { 1247 base site-vpn-flavor; 1248 description 1249 "Base identity for the site VPN service flavor. 1250 Used to describe an NNI option A connection."; 1251 } 1252 identity management { 1253 description 1254 "Base identity for site management scheme."; 1255 } 1256 identity co-managed { 1257 base management; 1258 description 1259 "Base identity for co-managed site."; 1260 } 1261 identity customer-managed { 1262 base management; 1263 description 1264 "Base identity for customer-managed site."; 1265 } 1266 identity provider-managed { 1267 base management; 1268 description 1269 "Base identity for provider-managed site."; 1270 } 1271 identity address-allocation-type { 1272 description 1273 "Base identity for address-allocation-type for PE-CE link."; 1274 } 1275 identity provider-dhcp { 1276 base address-allocation-type; 1277 description 1278 "Provider network provides DHCP service to customer."; 1279 } 1280 identity provider-dhcp-relay { 1281 base address-allocation-type; 1282 description 1283 "Provider network provides DHCP relay service to customer."; 1284 } 1285 identity provider-dhcp-slaac { 1286 base address-allocation-type; 1287 description 1288 "Provider network provides DHCP service to customer, 1289 as well as SLAAC."; 1290 } 1291 identity static-address { 1292 base address-allocation-type; 1293 description 1294 "Provider-to-customer addressing is static."; 1295 } 1296 identity slaac { 1297 base address-allocation-type; 1298 description 1299 "Use IPv6 SLAAC."; 1300 } 1301 identity site-role { 1302 description 1303 "Base identity for site type."; 1304 } 1305 identity any-to-any-role { 1306 base site-role; 1307 description 1308 "Site in an any-to-any IP VPN."; 1309 } 1310 identity spoke-role { 1311 base site-role; 1312 description 1313 "Spoke site in a Hub-and-Spoke IP VPN."; 1314 } 1315 identity hub-role { 1316 base site-role; 1317 description 1318 "Hub site in a Hub-and-Spoke IP VPN."; 1319 } 1320 identity vpn-topology { 1321 description 1322 "Base identity for VPN topology."; 1323 } 1324 identity any-to-any { 1325 base vpn-topology; 1326 description 1327 "Identity for any-to-any VPN topology."; 1328 } 1329 identity hub-spoke { 1330 base vpn-topology; 1331 description 1332 "Identity for Hub-and-Spoke VPN topology."; 1333 } 1334 identity hub-spoke-disjoint { 1335 base vpn-topology; 1336 description 1337 "Identity for Hub-and-Spoke VPN topology 1338 where Hubs cannot communicate with each other."; 1339 } 1340 identity multicast-tree-type { 1341 description 1342 "Base identity for multicast tree type."; 1343 } 1344 identity ssm-tree-type { 1345 base multicast-tree-type; 1346 description 1347 "Identity for SSM tree type."; 1348 } 1349 identity asm-tree-type { 1350 base multicast-tree-type; 1351 description 1352 "Identity for ASM tree type."; 1353 } 1354 identity bidir-tree-type { 1355 base multicast-tree-type; 1356 description 1357 "Identity for bidirectional tree type."; 1359 } 1360 identity multicast-rp-discovery-type { 1361 description 1362 "Base identity for RP discovery type."; 1363 } 1364 identity auto-rp { 1365 base multicast-rp-discovery-type; 1366 description 1367 "Base identity for Auto-RP discovery type."; 1368 } 1369 identity static-rp { 1370 base multicast-rp-discovery-type; 1371 description 1372 "Base identity for static type."; 1373 } 1374 identity bsr-rp { 1375 base multicast-rp-discovery-type; 1376 description 1377 "Base identity for BSR discovery type."; 1378 } 1379 identity routing-protocol-type { 1380 description 1381 "Base identity for routing protocol type."; 1382 } 1383 identity ospf { 1384 base routing-protocol-type; 1385 description 1386 "Identity for OSPF protocol type."; 1387 } 1388 identity bgp { 1389 base routing-protocol-type; 1390 description 1391 "Identity for BGP protocol type."; 1392 } 1393 identity static { 1394 base routing-protocol-type; 1395 description 1396 "Identity for static routing protocol type."; 1397 } 1398 identity rip { 1399 base routing-protocol-type; 1400 description 1401 "Identity for RIP protocol type."; 1402 } 1403 identity vrrp { 1404 base routing-protocol-type; 1405 description 1406 "Identity for VRRP protocol type. 1408 This is to be used when LANs are directly connected 1409 to PE routers."; 1410 } 1411 identity direct { 1412 base routing-protocol-type; 1413 description 1414 "Identity for direct protocol type."; 1415 } 1416 identity protocol-type { 1417 description 1418 "Base identity for protocol field type."; 1419 } 1420 identity tcp { 1421 base protocol-type; 1422 description 1423 "TCP protocol type."; 1424 } 1425 identity udp { 1426 base protocol-type; 1427 description 1428 "UDP protocol type."; 1429 } 1431 identity icmp { 1432 base protocol-type; 1433 description 1434 "ICMP protocol type."; 1435 } 1436 identity icmp6 { 1437 base protocol-type; 1438 description 1439 "ICMPv6 protocol type."; 1440 } 1441 identity gre { 1442 base protocol-type; 1443 description 1444 "GRE protocol type."; 1445 } 1446 identity ipip { 1447 base protocol-type; 1448 description 1449 "IP-in-IP protocol type."; 1450 } 1451 identity hop-by-hop { 1452 base protocol-type; 1453 description 1454 "Hop-by-Hop IPv6 header type."; 1455 } 1456 identity routing { 1457 base protocol-type; 1458 description 1459 "Routing IPv6 header type."; 1460 } 1461 identity esp { 1462 base protocol-type; 1463 description 1464 "ESP header type."; 1465 } 1466 identity ah { 1467 base protocol-type; 1468 description 1469 "AH header type."; 1470 } 1471 identity vpn-policy-filter-type { 1472 description 1473 "Base identity for VPN Policy filter type."; 1474 } 1475 identity ipv4 { 1476 base vpn-policy-filter-type; 1477 description 1478 "Identity for IPv4 Prefix filter type."; 1479 } 1480 identity ipv6 { 1481 base vpn-policy-filter-type; 1482 description 1483 "Identity for IPv6 Prefix filter type."; 1484 } 1485 identity lan { 1486 base vpn-policy-filter-type; 1487 description 1488 "Identity for LAN Tag filter type."; 1489 } 1491 identity qos-profile-direction { 1492 description 1493 "Base identity for QoS profile direction."; 1494 } 1496 identity site-to-wan { 1497 base qos-profile-direction; 1498 description 1499 "Identity for Site-to-WAN direction."; 1500 } 1501 identity wan-to-site { 1502 base qos-profile-direction; 1503 description 1504 "Identity for WAN-to-Site direction."; 1505 } 1506 identity both { 1507 base qos-profile-direction; 1508 description 1509 "Identity for both WAN-to-Site direction 1510 and Site-to-WAN direction."; 1511 } 1513 /* Extended Identities */ 1515 identity encapsulation-type { 1516 description 1517 "Identity for the encapsulation type."; 1518 } 1520 identity ethernet { 1521 base encapsulation-type; 1522 description 1523 "Identity for Ethernet type."; 1524 } 1526 identity vlan { 1527 base encapsulation-type; 1528 description 1529 "Identity for the VLAN type."; 1530 } 1532 identity eth-inf-type { 1533 description 1534 "Identity of the Ethernet interface type."; 1535 } 1537 identity tagged { 1538 base eth-inf-type; 1539 description 1540 "Identity of the tagged interface type."; 1541 } 1543 identity untagged { 1544 base eth-inf-type; 1545 description 1546 "Identity of the untagged interface type."; 1547 } 1549 identity lag { 1550 base eth-inf-type; 1551 description 1552 "Identity of the LAG interface type."; 1553 } 1555 identity tagged-inf-type { 1556 description 1557 "Identity for the tagged interface type."; 1558 } 1560 identity priority-tagged { 1561 base tagged-inf-type; 1562 description 1563 "Identity for the priority-tagged interface."; 1564 } 1566 identity qinq { 1567 base tagged-inf-type; 1568 description 1569 "Identity for the QinQ tagged interface."; 1570 } 1572 identity dot1q { 1573 base tagged-inf-type; 1574 description 1575 "Identity for the dot1Q VLAN tagged interface."; 1576 } 1578 identity qinany { 1579 base tagged-inf-type; 1580 description 1581 "Identity for the QinAny tagged interface."; 1582 } 1584 identity vxlan { 1585 base tagged-inf-type; 1586 description 1587 "Identity for the VXLAN tagged interface."; 1588 } 1590 identity tag-type { 1591 description 1592 "Base identity from which all tag types are derived."; 1593 } 1595 identity c-vlan { 1596 base tag-type; 1597 description 1598 "A CVLAN tag, normally using the 0x8100 Ethertype."; 1599 } 1600 identity s-vlan { 1601 base tag-type; 1602 description 1603 "An SVLAN tag."; 1604 } 1606 identity c-s-vlan { 1607 base tag-type; 1608 description 1609 "Using both a CVLAN tag and an SVLAN tag."; 1610 } 1612 identity vxlan-peer-mode { 1613 description 1614 "Base identity for the VXLAN peer mode."; 1615 } 1617 identity static-mode { 1618 base vxlan-peer-mode; 1619 description 1620 "Identity for VXLAN access in the static mode."; 1621 } 1623 identity bgp-mode { 1624 base vxlan-peer-mode; 1625 description 1626 "Identity for VXLAN access by BGP EVPN learning."; 1627 } 1629 identity bw-direction { 1630 description 1631 "Identity for the bandwidth direction."; 1632 } 1634 identity input-bw { 1635 base bw-direction; 1636 description 1637 "Identity for the input bandwidth."; 1638 } 1640 identity output-bw { 1641 base bw-direction; 1642 description 1643 "Identity for the output bandwidth."; 1644 } 1646 identity bw-type { 1647 description 1648 "Identity of the bandwidth type."; 1649 } 1651 identity bw-per-cos { 1652 base bw-type; 1653 description 1654 "Bandwidth is per CoS."; 1655 } 1657 identity bw-per-port { 1658 base bw-type; 1659 description 1660 "Bandwidth is per site network access."; 1661 } 1663 identity bw-per-site { 1664 base bw-type; 1665 description 1666 "Bandwidth is per site. It is applicable to 1667 all the site network accesses within the site."; 1668 } 1670 identity bw-per-svc { 1671 base bw-type; 1672 description 1673 "Bandwidth is per VPN service."; 1674 } 1676 /* Groupings */ 1677 grouping vpn-service-cloud-access { 1678 container cloud-accesses { 1679 if-feature cloud-access; 1680 list cloud-access { 1681 key cloud-identifier; 1682 leaf cloud-identifier { 1683 type leafref { 1684 path "/l3vpn-ntw/vpn-profiles/"+ 1685 "valid-provider-identifiers/cloud-identifier/id"; 1686 } 1687 description 1688 "Identification of cloud service. 1689 Local administration meaning."; 1690 } 1691 choice list-flavor { 1692 case permit-any { 1693 leaf permit-any { 1694 type empty; 1695 description 1696 "Allows all sites."; 1697 } 1698 } 1699 case deny-any-except { 1700 leaf-list permit-site { 1701 type leafref { 1702 path "/l3vpn-ntw/sites/site/site-id"; 1703 } 1704 description 1705 "Site ID to be authorized."; 1706 } 1707 } 1708 case permit-any-except { 1709 leaf-list deny-site { 1710 type leafref { 1711 path "/l3vpn-ntw/sites/site/site-id"; 1712 } 1713 description 1714 "Site ID to be denied."; 1715 } 1716 } 1717 description 1718 "Choice for cloud access policy. By 1719 default, all sites in the IP VPN MUST 1720 be authorized to access the cloud."; 1721 } 1722 container address-translation { 1723 container nat44 { 1724 leaf enabled { 1725 type boolean; 1726 default false; 1727 description 1728 "Controls whether or not Network address 1729 translation from IPv4 to IPv4 (NAT44) 1730 [RFC3022] is required."; 1731 } 1732 leaf nat44-customer-address { 1733 type inet:ipv4-address; 1734 description 1735 "Address to be used for network address 1736 translation from IPv4 to IPv4. This is 1737 to be used if the customer is providing 1738 the IPv4 address. If the customer address 1739 is not set, the model assumes that the 1740 provider will allocate the address."; 1741 } 1742 description 1743 "IPv4-to-IPv4 translation."; 1745 } 1746 description 1747 "Container for NAT."; 1748 } 1749 description 1750 "Cloud access configuration."; 1751 } 1752 description 1753 "Container for cloud access configurations."; 1754 } 1755 description 1756 "Grouping for VPN cloud definition."; 1757 } 1758 grouping multicast-rp-group-cfg { 1759 choice group-format { 1760 mandatory true; 1761 case singleaddress { 1762 leaf group-address { 1763 type inet:ip-address; 1764 description 1765 "A single multicast group address."; 1766 } 1767 } 1768 case startend { 1769 leaf group-start { 1770 type inet:ip-address; 1771 description 1772 "The first multicast group address in 1773 the multicast group address range."; 1774 } 1775 leaf group-end { 1776 type inet:ip-address; 1777 description 1778 "The last multicast group address in 1779 the multicast group address range."; 1780 } 1781 } 1782 description 1783 "Choice for multicast group format."; 1784 } 1785 description 1786 "This grouping defines multicast group or 1787 multicast groups for RP-to-group mapping."; 1788 } 1789 grouping vpn-service-multicast { 1790 container multicast { 1791 if-feature multicast; 1792 leaf enabled { 1793 type boolean; 1794 default false; 1795 description 1796 "Enables multicast."; 1797 } 1798 container customer-tree-flavors { 1799 leaf-list tree-flavor { 1800 type identityref { 1801 base multicast-tree-type; 1802 } 1803 description 1804 "Type of tree to be used."; 1805 } 1806 description 1807 "Type of trees used by customer."; 1808 } 1809 container rp { 1810 container rp-group-mappings { 1811 list rp-group-mapping { 1812 key id; 1813 leaf id { 1814 type uint16; 1815 description 1816 "Unique identifier for the mapping."; 1817 } 1818 container provider-managed { 1819 leaf enabled { 1820 type boolean; 1821 default false; 1822 description 1823 "Set to true if the Rendezvous Point (RP) 1824 must be a provider-managed node. Set to false 1825 if it is a customer-managed node."; 1826 } 1827 leaf rp-redundancy { 1828 type boolean; 1829 default false; 1830 description 1831 "If true, a redundancy mechanism for the RP 1832 is required."; 1833 } 1834 leaf optimal-traffic-delivery { 1835 type boolean; 1836 default false; 1837 description 1838 "If true, the SP must ensure that 1839 traffic uses an optimal path. An SP may use 1840 Anycast RP or RP-tree-to-SPT switchover 1841 architectures."; 1842 } 1843 description 1844 "Parameters for a provider-managed RP."; 1845 } 1846 leaf rp-address { 1847 when "../provider-managed/enabled = 'false'" { 1848 description 1849 "Relevant when the RP is not provider-managed."; 1850 } 1851 type inet:ip-address; 1852 mandatory true; 1853 description 1854 "Defines the address of the RP. 1855 Used if the RP is customer-managed."; 1856 } 1857 container groups { 1858 list group { 1859 key id; 1860 leaf id { 1861 type uint16; 1862 description 1863 "Identifier for the group."; 1864 } 1865 uses multicast-rp-group-cfg; 1866 description 1867 "List of multicast groups."; 1868 } 1869 description 1870 "Multicast groups associated with the RP."; 1871 } 1872 description 1873 "List of RP-to-group mappings."; 1874 } 1875 description 1876 "RP-to-group mappings parameters."; 1877 } 1878 container rp-discovery { 1879 leaf rp-discovery-type { 1880 type identityref { 1881 base multicast-rp-discovery-type; 1882 } 1883 default static-rp; 1884 description 1885 "Type of RP discovery used."; 1886 } 1887 container bsr-candidates { 1888 when "derived-from-or-self(../rp-discovery-type, "+ 1889 "'l3vpn-ntw:bsr-rp')" { 1890 description 1891 "Only applicable if discovery type 1892 is BSR-RP."; 1893 } 1894 leaf-list bsr-candidate-address { 1895 type inet:ip-address; 1896 description 1897 "Address of BSR candidate."; 1898 } 1899 description 1900 "Container for List of Customer 1901 BSR candidate's addresses."; 1902 } 1903 description 1904 "RP discovery parameters."; 1905 } 1906 description 1907 "RP parameters."; 1908 } 1909 description 1910 "Multicast global parameters for the VPN service."; 1911 } 1912 description 1913 "Grouping for multicast VPN definition."; 1914 } 1915 grouping vpn-service-mpls { 1916 leaf carrierscarrier { 1917 if-feature carrierscarrier; 1918 type boolean; 1919 default false; 1920 description 1921 "The VPN is using CsC, and so MPLS is required."; 1922 } 1923 description 1924 "Grouping for MPLS CsC definition."; 1925 } 1926 grouping customer-location-info { 1927 container locations { 1928 list location { 1929 key location-id; 1930 leaf location-id { 1931 type svc-id; 1932 description 1933 "Identifier for a particular location."; 1934 } 1935 leaf address { 1936 type string; 1937 description 1938 "Address (number and street) of the site."; 1939 } 1940 leaf postal-code { 1941 type string; 1942 description 1943 "Postal code of the site."; 1944 } 1945 leaf state { 1946 type string; 1947 description 1948 "State of the site. This leaf can also be 1949 used to describe a region for a country that 1950 does not have states."; 1951 } 1952 leaf city { 1953 type string; 1954 description 1955 "City of the site."; 1956 } 1957 leaf country-code { 1958 type string { 1959 pattern '[A-Z]{2}'; 1960 } 1961 description 1962 "Country of the site. 1963 Expressed as ISO ALPHA-2 code."; 1964 } 1965 description 1966 "Location of the site."; 1967 } 1968 description 1969 "List of locations for the site."; 1970 } 1971 description 1972 "This grouping defines customer location parameters."; 1973 } 1974 grouping site-group { 1975 container groups { 1976 list group { 1977 key group-id; 1978 leaf group-id { 1979 type string; 1980 description 1981 "Group-id the site belongs to."; 1982 } 1983 description 1984 "List of group-ids."; 1986 } 1987 description 1988 "Groups the site or site-network-access belongs to."; 1989 } 1990 description 1991 "Grouping definition to assign 1992 group-ids to site or site-network-access."; 1993 } 1994 grouping site-diversity { 1995 container site-diversity { 1996 if-feature site-diversity; 1997 uses site-group; 1998 description 1999 "Diversity constraint type. All 2000 site-network-accesses will inherit 2001 the group values defined here."; 2002 } 2003 description 2004 "This grouping defines site 2005 diversity parameters."; 2006 } 2007 grouping access-diversity { 2008 container access-diversity { 2009 if-feature site-diversity; 2010 uses site-group; 2011 container constraints { 2012 list constraint { 2013 key constraint-type; 2014 leaf constraint-type { 2015 type identityref { 2016 base placement-diversity; 2017 } 2018 description 2019 "Diversity constraint type."; 2020 } 2021 container target { 2022 choice target-flavor { 2023 default id; 2024 case id { 2025 list group { 2026 key group-id; 2027 leaf group-id { 2028 type string; 2029 description 2030 "The constraint will be applied against 2031 this particular group-id for this site 2032 network access level."; 2033 } 2034 description 2035 "List of group-ids associated with one specific 2036 constraint for this site network access level."; 2037 } 2038 } 2039 case all-accesses { 2040 leaf all-other-accesses { 2041 type empty; 2042 description 2043 "The constraint will be applied against 2044 all other site network accesses of this site."; 2045 } 2046 } 2047 case all-groups { 2048 leaf all-other-groups { 2049 type empty; 2050 description 2051 "The constraint will be applied against 2052 all other groups managed by the customer."; 2053 } 2054 } 2055 description 2056 "Choice for the target flavor definition."; 2057 } 2058 description 2059 "The constraint will be applied against a 2060 Specific target, and the target can be a list 2061 of group-ids,all other site network accesses of 2062 this site, or all other groups managed by the 2063 customer."; 2064 } 2065 description 2066 "List of constraints."; 2067 } 2068 description 2069 "Placement constraints for this site network access."; 2070 } 2071 description 2072 "Diversity parameters."; 2073 } 2074 description 2075 "This grouping defines access diversity parameters."; 2076 } 2077 grouping operational-requirements { 2078 leaf requested-site-start { 2079 type yang:date-and-time; 2080 description 2081 "Optional leaf indicating requested date and 2082 time when the service at a particular site is 2083 expected to start."; 2084 } 2086 leaf requested-site-stop { 2087 type yang:date-and-time; 2088 description 2089 "Optional leaf indicating requested date and 2090 time when the service at a particular site is 2091 expected to stop."; 2092 } 2093 description 2094 "This grouping defines some operational 2095 parameters."; 2096 } 2097 grouping operational-requirements-ops { 2098 leaf actual-site-start { 2099 type yang:date-and-time; 2100 config false; 2101 description 2102 "Optional leaf indicating actual date and 2103 time when the service at a particular site 2104 actually started."; 2105 } 2106 leaf actual-site-stop { 2107 type yang:date-and-time; 2108 config false; 2109 description 2110 "Optional leaf indicating actual date and 2111 time when the service at a particular site 2112 actually stopped."; 2113 } 2114 description 2115 "This grouping defines some operational 2116 parameters."; 2117 } 2118 grouping flow-definition { 2119 container match-flow { 2120 leaf dscp { 2121 type inet:dscp; 2122 description 2123 "DSCP value."; 2124 } 2125 leaf dot1p { 2126 type uint8 { 2127 range "0..7"; 2128 } 2129 description 2130 "802.1p matching."; 2131 } 2132 leaf ipv4-src-prefix { 2133 type inet:ipv4-prefix; 2134 description 2135 "Match on IPv4 src address."; 2136 } 2137 leaf ipv6-src-prefix { 2138 type inet:ipv6-prefix; 2139 description 2140 "Match on IPv6 src address."; 2141 } 2142 leaf ipv4-dst-prefix { 2143 type inet:ipv4-prefix; 2144 description 2145 "Match on IPv4 dst address."; 2146 } 2147 leaf ipv6-dst-prefix { 2148 type inet:ipv6-prefix; 2149 description 2150 "Match on IPv6 dst address."; 2151 } 2152 leaf l4-src-port { 2153 type inet:port-number; 2154 must "current() < ../l4-src-port-range/lower-port or "+ 2155 "current() > ../l4-src-port-range/upper-port" { 2156 description 2157 "If l4-src-port and l4-src-port-range/lower-port and 2158 upper-port are set at the same time, l4-src-port 2159 should not overlap with l4-src-port-range."; 2160 } 2161 description 2162 "Match on Layer 4 src port."; 2163 } 2164 leaf-list target-sites { 2165 if-feature target-sites; 2166 type svc-id; 2167 description 2168 "Identify a site as traffic destination."; 2169 } 2170 container l4-src-port-range { 2171 leaf lower-port { 2172 type inet:port-number; 2173 description 2174 "Lower boundary for port."; 2175 } 2176 leaf upper-port { 2177 type inet:port-number; 2178 must ". >= ../lower-port" { 2179 description 2180 "Upper boundary for port. If it 2181 exists, the upper boundary must be 2182 higher than the lower boundary."; 2183 } 2184 description 2185 "Upper boundary for port."; 2186 } 2187 description 2188 "Match on Layer 4 src port range. When 2189 only the lower-port is present, it represents 2190 a single port. When both the lower-port and 2191 upper-port are specified, it implies 2192 a range inclusive of both values."; 2193 } 2194 leaf l4-dst-port { 2195 type inet:port-number; 2196 must "current() < ../l4-dst-port-range/lower-port or "+ 2197 "current() > ../l4-dst-port-range/upper-port" { 2198 description 2199 "If l4-dst-port and l4-dst-port-range/lower-port 2200 and upper-port are set at the same time, 2201 l4-dst-port should not overlap with 2202 l4-src-port-range."; 2203 } 2204 description 2205 "Match on Layer 4 dst port."; 2206 } 2207 container l4-dst-port-range { 2208 leaf lower-port { 2209 type inet:port-number; 2210 description 2211 "Lower boundary for port."; 2212 } 2213 leaf upper-port { 2214 type inet:port-number; 2215 must ". >= ../lower-port" { 2216 description 2217 "Upper boundary must be 2218 higher than lower boundary."; 2219 } 2220 description 2221 "Upper boundary for port. If it exists, 2222 upper boundary must be higher than lower 2223 boundary."; 2224 } 2225 description 2226 "Match on Layer 4 dst port range. When only 2227 lower-port is present, it represents a single 2228 port. When both lower-port and upper-port are 2229 specified, it implies a range inclusive of both 2230 values."; 2231 } 2232 leaf protocol-field { 2233 type union { 2234 type uint8; 2235 type identityref { 2236 base protocol-type; 2237 } 2238 } 2239 description 2240 "Match on IPv4 protocol or IPv6 Next Header field."; 2241 } 2242 description 2243 "Describes flow-matching criteria."; 2244 } 2245 description 2246 "Flow definition based on criteria."; 2247 } 2248 grouping site-service-basic { 2249 leaf svc-input-bandwidth { 2250 type uint64; 2251 units bps; 2252 mandatory true; 2253 description 2254 "From the customer site's perspective, the service 2255 input bandwidth of the connection or download 2256 bandwidth from the SP to the site."; 2257 } 2258 leaf svc-output-bandwidth { 2259 type uint64; 2260 units bps; 2261 mandatory true; 2262 description 2263 "From the customer site's perspective, the service 2264 output bandwidth of the connection or upload 2265 bandwidth from the site to the SP."; 2266 } 2267 leaf svc-mtu { 2268 type uint16; 2269 units bytes; 2270 mandatory true; 2271 description 2272 "MTU at service level. If the service is IP, 2273 it refers to the IP MTU. If CsC is enabled, 2274 the requested 'svc-mtu' leaf will refer to the 2275 MPLS MTU and not to the IP MTU."; 2276 } 2277 description 2278 "Defines basic service parameters for a site."; 2279 } 2280 grouping site-protection { 2281 container traffic-protection { 2282 if-feature fast-reroute; 2283 leaf enabled { 2284 type boolean; 2285 default false; 2286 description 2287 "Enables traffic protection of access link."; 2288 } 2289 description 2290 "Fast Reroute service parameters for the site."; 2291 } 2292 description 2293 "Defines protection service parameters for a site."; 2294 } 2295 grouping site-service-mpls { 2296 container carrierscarrier { 2297 if-feature carrierscarrier; 2298 leaf signalling-type { 2299 type enumeration { 2300 enum ldp { 2301 description 2302 "Use LDP as the signalling protocol 2303 between the PE and the CE. In this case, 2304 an IGP routing protocol must also be activated."; 2305 } 2306 enum bgp { 2307 description 2308 "Use BGP (as per RFC 8277) as the signalling protocol 2309 between the PE and the CE. 2310 In this case, BGP must also be configured as 2311 the routing protocol."; 2312 } 2313 } 2314 default bgp; 2315 description 2316 "MPLS signalling type."; 2317 } 2318 description 2319 "This container is used when the customer provides 2320 MPLS-based services. This is only used in the case 2321 of CsC (i.e., a customer builds an MPLS service using 2322 an IP VPN to carry its traffic)."; 2323 } 2324 description 2325 "Defines MPLS service parameters for a site."; 2326 } 2327 grouping site-service-qos-profile { 2328 container qos { 2329 if-feature qos; 2330 container qos-classification-policy { 2331 list rule { 2332 key id; 2333 ordered-by user; 2334 leaf id { 2335 type string; 2336 description 2337 "A description identifying the 2338 qos-classification-policy rule."; 2339 } 2340 choice match-type { 2341 default match-flow; 2342 case match-flow { 2343 uses flow-definition; 2344 } 2345 case match-application { 2346 leaf match-application { 2347 type identityref { 2348 base customer-application; 2349 } 2350 description 2351 "Defines the application to match."; 2352 } 2353 } 2354 description 2355 "Choice for classification."; 2356 } 2357 leaf target-class-id { 2358 type string; 2359 description 2360 "Identification of the class of service. 2361 This identifier is internal to the administration."; 2362 } 2363 description 2364 "List of marking rules."; 2365 } 2366 description 2367 "Configuration of the traffic classification policy."; 2368 } 2369 container qos-profile { 2370 choice qos-profile { 2371 description 2372 "Choice for QoS profile. 2373 Can be standard profile or customized profile."; 2374 case standard { 2375 description 2376 "Standard QoS profile."; 2377 leaf profile { 2378 type leafref { 2379 path "/l3vpn-ntw/vpn-profiles/valid-provider-identifiers"+ 2380 "/qos-profile-identifier/id"; 2381 } 2382 description 2383 "QoS profile to be used."; 2384 } 2385 } 2386 case custom { 2387 description 2388 "Customized QoS profile."; 2389 container classes { 2390 if-feature qos-custom; 2391 list class { 2392 key class-id; 2393 leaf class-id { 2394 type string; 2395 description 2396 "Identification of the class of service. 2397 This identifier is internal to the 2398 administration."; 2399 } 2400 leaf direction { 2401 type identityref { 2402 base qos-profile-direction; 2403 } 2404 default both; 2405 description 2406 "The direction to which the QoS profile 2407 is applied."; 2408 } 2409 leaf rate-limit { 2410 type decimal64 { 2411 fraction-digits 5; 2412 range "0..100"; 2413 } 2414 units percent; 2415 description 2416 "To be used if the class must be rate-limited. 2417 Expressed as percentage of the service 2418 bandwidth."; 2419 } 2421 container latency { 2422 choice flavor { 2423 case lowest { 2424 leaf use-lowest-latency { 2425 type empty; 2426 description 2427 "The traffic class should use the path with the 2428 lowest latency."; 2429 } 2430 } 2431 case boundary { 2432 leaf latency-boundary { 2433 type uint16; 2434 units msec; 2435 default 400; 2436 description 2437 "The traffic class should use a path with a 2438 defined maximum latency."; 2439 } 2440 } 2441 description 2442 "Latency constraint on the traffic class."; 2443 } 2444 description 2445 "Latency constraint on the traffic class."; 2446 } 2447 container jitter { 2448 choice flavor { 2449 case lowest { 2450 leaf use-lowest-jitter { 2451 type empty; 2452 description 2453 "The traffic class should use the path with the 2454 lowest jitter."; 2455 } 2456 } 2457 case boundary { 2458 leaf latency-boundary { 2459 type uint32; 2460 units usec; 2461 default 40000; 2462 description 2463 "The traffic class should use a path with a 2464 defined maximum jitter."; 2465 } 2467 } 2468 description 2469 "Jitter constraint on the traffic class."; 2470 } 2471 description 2472 "Jitter constraint on the traffic class."; 2473 } 2474 container bandwidth { 2475 leaf guaranteed-bw-percent { 2476 type decimal64 { 2477 fraction-digits 5; 2478 range "0..100"; 2479 } 2480 units percent; 2481 mandatory true; 2482 description 2483 "To be used to define the guaranteed bandwidth 2484 as a percentage of the available service bandwidth."; 2485 } 2486 leaf end-to-end { 2487 type empty; 2488 description 2489 "Used if the bandwidth reservation 2490 must be done on the MPLS network too."; 2491 } 2492 description 2493 "Bandwidth constraint on the traffic class."; 2494 } 2495 description 2496 "List of classes of services."; 2497 } 2498 description 2499 "Container for list of classes of services."; 2500 } 2501 } 2502 } 2503 description 2504 "QoS profile configuration."; 2505 } 2506 description 2507 "QoS configuration."; 2508 } 2509 description 2510 "This grouping defines QoS parameters for a site."; 2511 } 2512 grouping site-security-authentication { 2513 container authentication { 2514 description 2515 "Authentication parameters."; 2516 } 2517 description 2518 "This grouping defines authentication parameters for a site."; 2519 } 2520 grouping site-security-encryption { 2521 container encryption { 2522 if-feature encryption; 2523 leaf enabled { 2524 type boolean; 2525 default false; 2526 description 2527 "If true, traffic encryption on the connection is required."; 2528 } 2529 leaf layer { 2530 when "../enabled = 'true'" { 2531 description 2532 "Require a value for layer when enabled is true."; 2533 } 2534 type enumeration { 2535 enum layer2 { 2536 description 2537 "Encryption will occur at Layer 2."; 2538 } 2539 enum layer3 { 2540 description 2541 "Encryption will occur at Layer 3. 2542 For example, IPsec may be used when 2543 a customer requests Layer 3 encryption."; 2544 } 2545 } 2546 description 2547 "Layer on which encryption is applied."; 2548 } 2549 container encryption-profile { 2550 choice profile { 2551 case provider-profile { 2552 leaf profile-name { 2553 type leafref { 2554 path "/l3vpn-ntw/vpn-profiles/valid-provider-identifiers"+ 2555 "/encryption-profile-identifier/id"; 2556 } 2557 description 2558 "Name of the SP profile to be applied."; 2559 } 2560 } 2561 case customer-profile { 2562 leaf algorithm { 2563 type string; 2564 description 2565 "Encryption algorithm to be used."; 2566 } 2567 choice key-type { 2568 default psk; 2569 case psk { 2570 leaf preshared-key { 2571 type string; 2572 description 2573 "Pre-Shared Key (PSK) coming from the customer."; 2574 } 2575 } 2576 description 2577 "Type of keys to be used."; 2578 } 2579 } 2580 description 2581 "Choice of encryption profile. The encryption 2582 profile can be the provider profile or customer profile."; 2583 } 2584 description 2585 "Profile of encryption to be applied."; 2586 } 2587 description 2588 "Encryption parameters."; 2589 } 2590 description 2591 "This grouping defines encryption parameters for a site."; 2592 } 2593 grouping site-attachment-bearer { 2594 container bearer { 2595 container requested-type { 2596 if-feature requested-type; 2597 leaf requested-type { 2598 type string; 2599 description 2600 "Type of requested bearer: Ethernet, DSL, 2601 Wireless, etc. Operator specific."; 2602 } 2603 leaf strict { 2604 type boolean; 2605 default false; 2606 description 2607 "Defines whether requested-type is a preference 2608 or a strict requirement."; 2609 } 2610 description 2611 "Container for requested-type."; 2612 } 2613 leaf always-on { 2614 if-feature always-on; 2615 type boolean; 2616 default true; 2617 description 2618 "Request for an always-on access type. 2619 For example, this could mean no dial access type."; 2620 } 2622 /* TODO: to be modified */ 2623 leaf bearer-reference { 2624 if-feature bearer-reference; 2625 type string; 2626 description 2627 "This is an internal reference for the SP."; 2628 } 2629 description 2630 "Bearer-specific parameters. 2631 To be augmented."; 2633 uses ethernet-params; 2635 /* TODO: Verify the path ../site-network-access-type */ 2636 uses pseudowire-params { 2637 when "../site-network-access-type='pseudowire'" { 2638 description "Parameters associated to a pseudowire 2639 site-network-access"; 2640 } 2641 } 2643 } 2644 description 2645 "Defines physical properties of a site attachment."; 2646 } 2647 grouping site-routing { 2648 container routing-protocols { 2649 list routing-protocol { 2650 key type; 2651 leaf type { 2652 type identityref { 2653 base routing-protocol-type; 2654 } 2655 description 2656 "Type of routing protocol."; 2657 } 2658 list routing-profiles { 2659 key "id"; 2661 leaf id { 2662 type leafref { 2663 path "/l3vpn-ntw/vpn-profiles/valid-provider-identifiers"+ 2664 "/routing-profile-identifier/id"; 2665 } 2666 description 2667 "Routing profile to be used."; 2668 } 2670 leaf type { 2671 type ie-type; 2672 description 2673 "Import, export or both."; 2674 } 2676 } 2678 container ospf { 2679 when "derived-from-or-self(../type, 'l3vpn-ntw:ospf')" { 2680 description 2681 "Only applies when protocol is OSPF."; 2682 } 2683 if-feature rtg-ospf; 2684 leaf-list address-family { 2685 type address-family; 2686 min-elements "1"; 2687 description 2688 "If OSPF is used on this site, this node 2689 contains a configured value. This node 2690 contains at least one address family 2691 to be activated."; 2692 } 2693 leaf area-address { 2694 type yang:dotted-quad; 2695 mandatory true; 2696 description 2697 "Area address."; 2698 } 2699 leaf metric { 2700 type uint16; 2701 default 1; 2702 description 2703 "Metric of the PE-CE link. It is used 2704 in the routing state calculation and 2705 path selection."; 2706 } 2708 /* Extension */ 2710 leaf mtu { 2711 type uint16; 2712 description "Maximum transmission unit for a given 2713 OSPF link."; 2714 } 2716 uses security-params; 2718 /* End of Extension */ 2720 container sham-links { 2721 if-feature rtg-ospf-sham-link; 2722 list sham-link { 2723 key target-site; 2724 leaf target-site { 2725 type svc-id; 2726 description 2727 "Target site for the sham link connection. 2728 The site is referred to by its ID."; 2729 } 2730 leaf metric { 2731 type uint16; 2732 default 1; 2733 description 2734 "Metric of the sham link. It is used in 2735 the routing state calculation and path 2736 selection. The default value is set 2737 to 1."; 2738 } 2739 description 2740 "Creates a sham link with another site."; 2741 } 2742 description 2743 "List of sham links."; 2744 } 2745 description 2746 "OSPF-specific configuration."; 2747 } 2748 container bgp { 2749 when "derived-from-or-self(../type, 'l3vpn-ntw:bgp')" { 2750 description 2751 "Only applies when protocol is BGP."; 2753 } 2754 if-feature rtg-bgp; 2755 leaf autonomous-system { 2756 type uint32; 2757 mandatory true; 2758 description 2759 "Customer AS number in case the customer 2760 requests BGP routing."; 2761 } 2762 leaf-list address-family { 2763 type address-family; 2764 min-elements "1"; 2765 description 2766 "If BGP is used on this site, this node 2767 contains a configured value. This node 2768 contains at least one address family 2769 to be activated."; 2770 } 2771 /* Extension */ 2772 leaf neighbor { 2773 type inet:ip-address; 2774 description 2775 "IP address of the BGP neighbor."; 2776 } 2778 leaf multihop { 2779 type uint8; 2780 mandatory false; 2781 description 2782 "Describes the number of hops allowed between the 2783 given BGP neighbor and the PE router."; 2784 } 2786 uses security-params; 2788 description 2789 "BGP-specific configuration."; 2790 } 2791 container static { 2792 when "derived-from-or-self(../type, 'l3vpn-ntw:static')" { 2793 description 2794 "Only applies when protocol is static. 2795 BGP activation requires the SP to know 2796 the address of the customer peer. When 2797 BGP is enabled, the 'static-address' 2798 allocation type for the IP connection 2799 MUST be used."; 2800 } 2801 container cascaded-lan-prefixes { 2802 list ipv4-lan-prefixes { 2803 if-feature ipv4; 2804 key "lan next-hop"; 2805 leaf lan { 2806 type inet:ipv4-prefix; 2807 description 2808 "LAN prefixes."; 2809 } 2810 leaf lan-tag { 2811 type string; 2812 description 2813 "Internal tag to be used in VPN policies."; 2814 } 2815 leaf next-hop { 2816 type inet:ipv4-address; 2817 description 2818 "Next-hop address to use on the customer side."; 2819 } 2820 description 2821 "List of LAN prefixes for the site."; 2822 } 2823 list ipv6-lan-prefixes { 2824 if-feature ipv6; 2825 key "lan next-hop"; 2826 leaf lan { 2827 type inet:ipv6-prefix; 2828 description 2829 "LAN prefixes."; 2830 } 2831 leaf lan-tag { 2832 type string; 2833 description 2834 "Internal tag to be used in VPN policies."; 2835 } 2836 leaf next-hop { 2837 type inet:ipv6-address; 2838 description 2839 "Next-hop address to use on the customer side."; 2840 } 2841 description 2842 "List of LAN prefixes for the site."; 2843 } 2844 description 2845 "LAN prefixes from the customer."; 2846 } 2847 description 2848 "Configuration specific to static routing."; 2850 } 2851 container rip { 2852 when "derived-from-or-self(../type, 'l3vpn-ntw:rip')" { 2853 description 2854 "Only applies when the protocol is RIP. For IPv4, 2855 the model assumes that RIP version 2 is used."; 2856 } 2857 if-feature rtg-rip; 2858 leaf-list address-family { 2859 type address-family; 2860 min-elements "1"; 2861 description 2862 "If RIP is used on this site, this node 2863 contains a configured value. This node 2864 contains at least one address family 2865 to be activated."; 2866 } 2867 description 2868 "Configuration specific to RIP routing."; 2869 } 2870 container vrrp { 2871 when "derived-from-or-self(../type, 'l3vpn-ntw:vrrp')" { 2872 description 2873 "Only applies when protocol is VRRP."; 2874 } 2875 if-feature rtg-vrrp; 2876 leaf-list address-family { 2877 type address-family; 2878 min-elements "1"; 2879 description 2880 "If VRRP is used on this site, this node 2881 contains a configured value. This node contains 2882 at least one address family to be activated."; 2883 } 2884 description 2885 "Configuration specific to VRRP routing."; 2886 } 2887 description 2888 "List of routing protocols used on 2889 the site. This list can be augmented."; 2890 } 2891 description 2892 "Defines routing protocols."; 2893 } 2894 description 2895 "Grouping for routing protocols."; 2896 } 2897 grouping site-attachment-ip-connection { 2898 container ip-connection { 2899 container ipv4 { 2900 if-feature ipv4; 2901 leaf address-allocation-type { 2902 type identityref { 2903 base address-allocation-type; 2904 } 2905 must "not(derived-from-or-self(current(), 'l3vpn-ntw:slaac') or "+ 2906 "derived-from-or-self(current(), "+ 2907 "'l3vpn-ntw:provider-dhcp-slaac'))" { 2908 error-message "SLAAC is only applicable to IPv6"; 2909 } 2910 description 2911 "Defines how addresses are allocated. 2912 If there is no value for the address 2913 allocation type, then IPv4 is not enabled."; 2914 } 2915 container provider-dhcp { 2916 when "derived-from-or-self(../address-allocation-type, "+ 2917 "'l3vpn-ntw:provider-dhcp')" { 2918 description 2919 "Only applies when addresses are allocated by DHCP."; 2920 } 2921 leaf provider-address { 2922 type inet:ipv4-address; 2923 description 2924 "Address of provider side. If provider-address is not 2925 specified, then prefix length should not be specified 2926 either. It also implies provider-dhcp allocation is 2927 not enabled. If provider-address is specified, then 2928 the prefix length may or may not be specified."; 2929 } 2930 leaf prefix-length { 2931 type uint8 { 2932 range "0..32"; 2933 } 2934 must "(../provider-address)" { 2935 error-message 2936 "If the prefix length is specified, provider-address 2937 must also be specified."; 2938 description 2939 "If the prefix length is specified, provider-address 2940 must also be specified."; 2941 } 2942 description 2943 "Subnet prefix length expressed in bits. 2944 If not specified, or specified as zero, 2945 this means the customer leaves the actual 2946 prefix length value to the provider."; 2947 } 2948 choice address-assign { 2949 default number; 2950 case number { 2951 leaf number-of-dynamic-address { 2952 type uint16; 2953 default 1; 2954 description 2955 "Describes the number of IP addresses 2956 the customer requires."; 2957 } 2958 } 2959 case explicit { 2960 container customer-addresses { 2961 list address-group { 2962 key "group-id"; 2963 leaf group-id { 2964 type string; 2965 description 2966 "Group-id for the address range from 2967 start-address to end-address."; 2968 } 2969 leaf start-address { 2970 type inet:ipv4-address; 2971 description 2972 "First address."; 2973 } 2974 leaf end-address { 2975 type inet:ipv4-address; 2976 description 2977 "Last address."; 2978 } 2979 description 2980 "Describes IP addresses allocated by DHCP. 2981 When only start-address or only end-address 2982 is present, it represents a single address. 2983 When both start-address and end-address are 2984 specified, it implies a range inclusive of both 2985 addresses. If no address is specified, it implies 2986 customer addresses group is not supported."; 2987 } 2988 description 2989 "Container for customer addresses is allocated by DHCP."; 2990 } 2991 } 2992 description 2993 "Choice for the way to assign addresses."; 2995 } 2996 description 2997 "DHCP allocated addresses related parameters."; 2998 } 2999 container dhcp-relay { 3000 when "derived-from-or-self(../address-allocation-type, "+ 3001 "'l3vpn-ntw:provider-dhcp-relay')" { 3002 description 3003 "Only applies when provider is required to implement 3004 DHCP relay function."; 3005 } 3006 leaf provider-address { 3007 type inet:ipv4-address; 3008 description 3009 "Address of provider side. If provider-address is not 3010 specified, then prefix length should not be specified 3011 either. It also implies provider-dhcp allocation is 3012 not enabled. If provider-address is specified, then 3013 prefix length may or may not be specified."; 3014 } 3015 leaf prefix-length { 3016 type uint8 { 3017 range "0..32"; 3018 } 3019 must "(../provider-address)" { 3020 error-message 3021 "If prefix length is specified, provider-address 3022 must also be specified."; 3023 description 3024 "If prefix length is specified, provider-address 3025 must also be specified."; 3026 } 3027 description 3028 "Subnet prefix length expressed in bits. If not 3029 specified, or specified as zero, this means the 3030 customer leaves the actual prefix length value 3031 to the provider."; 3032 } 3033 container customer-dhcp-servers { 3034 leaf-list server-ip-address { 3035 type inet:ipv4-address; 3036 description 3037 "IP address of customer DHCP server."; 3038 } 3039 description 3040 "Container for list of customer DHCP servers."; 3041 } 3042 description 3043 "DHCP relay provided by operator."; 3044 } 3045 container addresses { 3046 when "derived-from-or-self(../address-allocation-type, "+ 3047 "'l3vpn-ntw:static-address')" { 3048 description 3049 "Only applies when protocol allocation type is static."; 3050 } 3051 leaf provider-address { 3052 type inet:ipv4-address; 3053 description 3054 "IPv4 Address List of the provider side. 3055 When the protocol allocation type is static, 3056 the provider address must be configured."; 3057 } 3058 leaf customer-address { 3059 type inet:ipv4-address; 3060 description 3061 "IPv4 Address of customer side."; 3062 } 3063 leaf prefix-length { 3064 type uint8 { 3065 range "0..32"; 3066 } 3067 description 3068 "Subnet prefix length expressed in bits. 3069 It is applied to both provider-address 3070 and customer-address."; 3071 } 3072 description 3073 "Describes IPv4 addresses used."; 3074 } 3075 description 3076 "IPv4-specific parameters."; 3077 } 3078 container ipv6 { 3079 if-feature ipv6; 3080 leaf address-allocation-type { 3081 type identityref { 3082 base address-allocation-type; 3083 } 3084 description 3085 "Defines how addresses are allocated. 3086 If there is no value for the address 3087 allocation type, then IPv6 is 3088 not enabled."; 3089 } 3091 container provider-dhcp { 3092 when "derived-from-or-self(../address-allocation-type, "+ 3093 "'l3vpn-ntw:provider-dhcp') "+ 3094 "or derived-from-or-self(../address-allocation-type, "+ 3095 "'l3vpn-ntw:provider-dhcp-slaac')" { 3096 description 3097 "Only applies when addresses are allocated by DHCP."; 3098 } 3099 leaf provider-address { 3100 type inet:ipv6-address; 3101 description 3102 "Address of the provider side. If provider-address 3103 is not specified, then prefix length should not be 3104 specified either. It also implies provider-dhcp 3105 allocation is not enabled. If provider-address is 3106 specified, then prefix length may or may 3107 not be specified."; 3108 } 3109 leaf prefix-length { 3110 type uint8 { 3111 range "0..128"; 3112 } 3113 must "(../provider-address)" { 3114 error-message 3115 "If prefix length is specified, provider-address 3116 must also be specified."; 3117 description 3118 "If prefix length is specified, provider-address 3119 must also be specified."; 3120 } 3121 description 3122 "Subnet prefix length expressed in bits. If not 3123 specified, or specified as zero, this means the 3124 customer leaves the actual prefix length value 3125 to the provider."; 3126 } 3127 choice address-assign { 3128 default number; 3129 case number { 3130 leaf number-of-dynamic-address { 3131 type uint16; 3132 default 1; 3133 description 3134 "Describes the number of IP addresses the customer 3135 requires."; 3136 } 3137 } 3138 case explicit { 3139 container customer-addresses { 3140 list address-group { 3141 key "group-id"; 3142 leaf group-id { 3143 type string; 3144 description 3145 "Group-id for the address range from 3146 start-address to end-address."; 3147 } 3148 leaf start-address { 3149 type inet:ipv6-address; 3150 description 3151 "First address."; 3152 } 3153 leaf end-address { 3154 type inet:ipv6-address; 3155 description 3156 "Last address."; 3157 } 3158 description 3159 "Describes IP addresses allocated by DHCP. When only 3160 start-address or only end-address is present, it 3161 represents a single address. When both start-address 3162 and end-address are specified, it implies a range 3163 inclusive of both addresses. If no address is 3164 specified, it implies customer addresses group is 3165 not supported."; 3166 } 3167 description 3168 "Container for customer addresses allocated by DHCP."; 3169 } 3170 } 3171 description 3172 "Choice for the way to assign addresses."; 3173 } 3174 description 3175 "DHCP allocated addresses related parameters."; 3176 } 3177 container dhcp-relay { 3178 when "derived-from-or-self(../address-allocation-type, "+ 3179 "'l3vpn-ntw:provider-dhcp-relay')" { 3180 description 3181 "Only applies when the provider is required 3182 to implement DHCP relay function."; 3183 } 3184 leaf provider-address { 3185 type inet:ipv6-address; 3186 description 3187 "Address of the provider side. If provider-address is 3188 not specified, then prefix length should not be 3189 specified either. It also implies provider-dhcp 3190 allocation is not enabled. If provider address 3191 is specified, then prefix length may or may 3192 not be specified."; 3193 } 3194 leaf prefix-length { 3195 type uint8 { 3196 range "0..128"; 3197 } 3198 must "(../provider-address)" { 3199 error-message 3200 "If prefix length is specified, provider-address 3201 must also be specified."; 3202 description 3203 "If prefix length is specified, provider-address 3204 must also be specified."; 3205 } 3206 description 3207 "Subnet prefix length expressed in bits. If not 3208 specified, or specified as zero, this means the 3209 customer leaves the actual prefix length value 3210 to the provider."; 3211 } 3212 container customer-dhcp-servers { 3213 leaf-list server-ip-address { 3214 type inet:ipv6-address; 3215 description 3216 "This node contains the IP address of 3217 the customer DHCP server. If the DHCP relay 3218 function is implemented by the 3219 provider, this node contains the 3220 configured value."; 3221 } 3222 description 3223 "Container for list of customer DHCP servers."; 3224 } 3225 description 3226 "DHCP relay provided by operator."; 3227 } 3228 container addresses { 3229 when "derived-from-or-self(../address-allocation-type, "+ 3230 "'l3vpn-ntw:static-address')" { 3231 description 3232 "Only applies when protocol allocation type is static."; 3233 } 3234 leaf provider-address { 3235 type inet:ipv6-address; 3236 description 3237 "IPv6 Address of the provider side. When the protocol 3238 allocation type is static, the provider address 3239 must be configured."; 3240 } 3241 leaf customer-address { 3242 type inet:ipv6-address; 3243 description 3244 "The IPv6 Address of the customer side."; 3245 } 3246 leaf prefix-length { 3247 type uint8 { 3248 range "0..128"; 3249 } 3250 description 3251 "Subnet prefix length expressed in bits. 3252 It is applied to both provider-address and 3253 customer-address."; 3254 } 3255 description 3256 "Describes IPv6 addresses used."; 3257 } 3258 description 3259 "IPv6-specific parameters."; 3260 } 3261 container oam { 3262 container bfd { 3263 if-feature bfd; 3264 leaf enabled { 3265 type boolean; 3266 default false; 3267 description 3268 "If true, BFD activation is required."; 3269 } 3270 choice holdtime { 3271 default fixed; 3272 case fixed { 3273 leaf fixed-value { 3274 type uint32; 3275 units msec; 3276 description 3277 "Expected BFD holdtime expressed in msec. The customer 3278 may impose some fixed values for the holdtime period 3279 if the provider allows the customer use this function. 3280 If the provider doesn't allow the customer to use this 3281 function, the fixed-value will not be set."; 3282 } 3284 } 3285 case profile { 3286 leaf profile-name { 3287 type leafref { 3288 path "/l3vpn-ntw/vpn-profiles/valid-provider-identifiers/"+ 3289 "bfd-profile-identifier/id"; 3290 } 3291 description 3292 "Well-known SP profile name. The provider can propose 3293 some profiles to the customer, depending on the service 3294 level the customer wants to achieve. Profile names 3295 must be communicated to the customer."; 3296 } 3297 description 3298 "Well-known SP profile."; 3299 } 3300 description 3301 "Choice for holdtime flavor."; 3302 } 3303 description 3304 "Container for BFD."; 3305 } 3306 description 3307 "Defines the Operations, Administration, and Maintenance (OAM) 3308 mechanisms used on the connection. BFD is set as a fault 3309 detection mechanism, but the 'oam' container can easily 3310 be augmented by other mechanisms"; 3311 } 3312 description 3313 "Defines connection parameters."; 3314 } 3315 description 3316 "This grouping defines IP connection parameters."; 3317 } 3318 grouping site-service-multicast { 3319 container multicast { 3320 if-feature multicast; 3321 leaf multicast-site-type { 3322 type enumeration { 3323 enum receiver-only { 3324 description 3325 "The site only has receivers."; 3326 } 3327 enum source-only { 3328 description 3329 "The site only has sources."; 3330 } 3331 enum source-receiver { 3332 description 3333 "The site has both sources and receivers."; 3334 } 3335 } 3336 default source-receiver; 3337 description 3338 "Type of multicast site."; 3339 } 3340 container multicast-address-family { 3341 leaf ipv4 { 3342 if-feature ipv4; 3343 type boolean; 3344 default false; 3345 description 3346 "Enables IPv4 multicast."; 3347 } 3348 leaf ipv6 { 3349 if-feature ipv6; 3350 type boolean; 3351 default false; 3352 description 3353 "Enables IPv6 multicast."; 3354 } 3355 description 3356 "Defines protocol to carry multicast."; 3357 } 3358 leaf protocol-type { 3359 type enumeration { 3360 enum host { 3361 description 3362 "Hosts are directly connected to the provider network. 3363 Host protocols such as IGMP or MLD are required."; 3364 } 3365 enum router { 3366 description 3367 "Hosts are behind a customer router. 3368 PIM will be implemented."; 3369 } 3370 enum both { 3371 description 3372 "Some hosts are behind a customer router, and 3373 some others are directly connected to the 3374 provider network. Both host and routing protocols 3375 must be used. Typically, IGMP and PIM will be 3376 implemented."; 3377 } 3378 } 3379 default "both"; 3380 description 3381 "Multicast protocol type to be used with the customer site."; 3382 } 3383 description 3384 "Multicast parameters for the site."; 3385 } 3386 description 3387 "Multicast parameters for the site."; 3388 } 3389 grouping site-management { 3390 container management { 3391 leaf type { 3392 type identityref { 3393 base management; 3394 } 3395 mandatory true; 3396 description 3397 "Management type of the connection."; 3398 } 3399 description 3400 "Management configuration."; 3401 } 3402 description 3403 "Management parameters for the site."; 3404 } 3405 grouping site-devices { 3406 container devices { 3407 when "derived-from-or-self(../management/type, "+ 3408 "'l3vpn-ntw:provider-managed') or "+ 3409 "derived-from-or-self(../management/type, 'l3vpn-ntw:co-managed')" { 3410 description 3411 "Applicable only for provider-managed or 3412 co-managed device."; 3413 } 3414 list device { 3415 key device-id; 3416 leaf device-id { 3417 type svc-id; 3418 description 3419 "Identifier for the device."; 3420 } 3421 leaf location { 3422 type leafref { 3423 path "../../../locations/"+ 3424 "location/location-id"; 3425 } 3426 mandatory true; 3427 description 3428 "Location of the device."; 3429 } 3430 container management { 3431 when "derived-from-or-self(../../../management/type,"+ 3432 "'l3vpn-ntw:co-managed')" { 3433 description 3434 "Applicable only for co-managed device."; 3435 } 3436 leaf address-family { 3437 type address-family; 3438 description 3439 "Address family used for management."; 3440 } 3441 leaf address { 3442 when "(../address-family)" { 3443 description 3444 "If address-family is specified, then address should 3445 also be specified. If address-family is not specified, 3446 then address should also not be specified."; 3447 } 3448 type inet:ip-address; 3449 mandatory true; 3450 description 3451 "Management address."; 3452 } 3453 description 3454 "Management configuration. Applicable only for 3455 co-managed device."; 3456 } 3457 description 3458 "List of devices requested by customer."; 3459 } 3460 description 3461 "Device configuration."; 3462 } 3463 description 3464 "Grouping for device allocation."; 3465 } 3466 grouping site-vpn-flavor { 3467 leaf site-vpn-flavor { 3468 type identityref { 3469 base site-vpn-flavor; 3470 } 3471 default site-vpn-flavor-single; 3472 description 3473 "Defines the way the VPN multiplexing is done, e.g., whether 3474 the site belongs to a single VPN site or a multiVPN; or, in the case 3475 of a multiVPN, whether the logical accesses of the sites belong 3476 to the same set of VPNs or each logical access maps to 3477 different VPNs."; 3478 } 3479 description 3480 "Grouping for site VPN flavor."; 3481 } 3482 grouping site-vpn-policy { 3483 container vpn-policies { 3484 list vpn-policy { 3485 key vpn-policy-id; 3486 leaf vpn-policy-id { 3487 type svc-id; 3488 description 3489 "Unique identifier for the VPN policy."; 3490 } 3491 list entries { 3492 key id; 3493 leaf id { 3494 type svc-id; 3495 description 3496 "Unique identifier for the policy entry."; 3497 } 3498 container filters { 3499 list filter { 3500 key type; 3501 ordered-by user; 3502 leaf type { 3503 type identityref { 3504 base vpn-policy-filter-type; 3505 } 3506 description 3507 "Type of VPN Policy filter."; 3508 } 3509 leaf-list lan-tag { 3510 when "derived-from-or-self(../type, 'l3vpn-ntw:lan')" { 3511 description 3512 "Only applies when the VPN Policy filter is a 3513 LAN Tag filter."; 3514 } 3515 if-feature lan-tag; 3516 type string; 3517 description 3518 "List of 'lan-tag' items to be matched. LAN Tag 3519 is an Internal tag to be used in VPN policies "; 3520 } 3521 leaf-list ipv4-lan-prefix { 3522 when "derived-from-or-self(../type, 'l3vpn-ntw:ipv4')" { 3523 description 3524 "Only applies when VPN Policy filter is IPv4 Prefix filter."; 3525 } 3526 if-feature ipv4; 3527 type inet:ipv4-prefix; 3528 description 3529 "List of IPv4 prefixes as LAN Prefixes to be matched."; 3530 } 3531 leaf-list ipv6-lan-prefix { 3532 when "derived-from-or-self(../type, 'l3vpn-ntw:ipv6')" { 3533 description 3534 "Only applies when VPN Policy filter is IPv6 Prefix filter."; 3535 } 3536 if-feature ipv6; 3537 type inet:ipv6-prefix; 3538 description 3539 "List of IPv6 prefixes as LAN prefixes to be matched."; 3540 } 3541 description 3542 "List of filters used on the site. This list can 3543 be augmented."; 3544 } 3545 description 3546 "If a more-granular VPN attachment is necessary, filtering can 3547 be used. If used, it permits the splitting of site LANs among 3548 multiple VPNs. The Site LAN can be split based on either LAN 3549 Tag or LAN prefix. If no filter is used, all the LANs will be 3550 part of the same VPNs with the same role."; 3551 } 3552 list vpn { 3553 key vpn-id; 3554 leaf vpn-id { 3555 type leafref { 3556 path "/l3vpn-ntw/vpn-services/"+ 3557 "vpn-service/vpn-id"; 3558 } 3559 mandatory true; 3560 description 3561 "Reference to an IP VPN."; 3562 } 3563 leaf site-role { 3564 type identityref { 3565 base site-role; 3566 } 3567 default any-to-any-role; 3568 description 3569 "Role of the site in the IP VPN."; 3570 } 3571 description 3572 "List of VPNs the LAN is associated with."; 3573 } 3574 description 3575 "List of entries for export policy."; 3576 } 3577 description 3578 "List of VPN policies."; 3579 } 3580 description 3581 "VPN policy."; 3582 } 3583 description 3584 "VPN policy parameters for the site."; 3585 } 3586 grouping site-maximum-routes { 3587 container maximum-routes { 3588 list address-family { 3589 key af; 3590 leaf af { 3591 type address-family; 3592 description 3593 "Address family."; 3594 } 3595 leaf maximum-routes { 3596 type uint32; 3597 description 3598 "Maximum prefixes the VRF can accept 3599 for this address family."; 3600 } 3601 description 3602 "List of address families."; 3603 } 3604 description 3605 "Defines 'maximum-routes' for the VRF."; 3606 } 3607 description 3608 "Defines 'maximum-routes' for the site."; 3609 } 3610 grouping site-security { 3611 container security { 3612 uses site-security-authentication; 3613 uses site-security-encryption; 3614 description 3615 "Site-specific security parameters."; 3616 } 3617 description 3618 "Grouping for security parameters."; 3619 } 3620 grouping site-service { 3621 container service { 3622 uses site-service-qos-profile; 3623 uses site-service-mpls; 3624 uses site-service-multicast; 3625 description 3626 "Service parameters on the attachment."; 3627 } 3628 description 3629 "Grouping for service parameters."; 3630 } 3631 grouping site-network-access-service { 3632 container service { 3633 uses site-service-basic; 3634 /* Extension */ 3635 /* uses svc-bandwidth-params; */ 3636 /* EoExt */ 3637 uses site-service-qos-profile; 3638 uses site-service-mpls; 3639 uses site-service-multicast; 3640 description 3641 "Service parameters on the attachment."; 3642 } 3643 description 3644 "Grouping for service parameters."; 3645 } 3646 grouping vpn-extranet { 3647 container extranet-vpns { 3648 if-feature extranet-vpn; 3649 list extranet-vpn { 3650 key vpn-id; 3651 leaf vpn-id { 3652 type svc-id; 3653 description 3654 "Identifies the target VPN the local VPN want to access."; 3655 } 3656 leaf local-sites-role { 3657 type identityref { 3658 base site-role; 3659 } 3660 default any-to-any-role; 3661 description 3662 "This describes the role of the 3663 local sites in the target VPN topology. In the any-to-any VPN 3664 service topology, the local sites must have the same role, which 3665 will be 'any-to-any-role'. In the Hub-and-Spoke VPN service 3666 topology or the Hub-and-Spoke disjoint VPN service topology, 3667 the local sites must have a Hub role or a Spoke role."; 3669 } 3670 description 3671 "List of extranet VPNs or target VPNs the local VPN is 3672 attached to."; 3673 } 3674 description 3675 "Container for extranet VPN configuration."; 3676 } 3677 description 3678 "Grouping for extranet VPN configuration. 3679 This provides an easy way to interconnect 3680 all sites from two VPNs."; 3681 } 3682 grouping site-attachment-availability { 3683 container availability { 3684 leaf access-priority { 3685 type uint32; 3686 default 100; 3687 description 3688 "Defines the priority for the access. 3689 The higher the access-priority value, 3690 the higher the preference of the 3691 access will be."; 3692 } 3693 description 3694 "Availability parameters (used for multihoming)."; 3695 } 3696 description 3697 "Defines availability parameters for a site."; 3698 } 3699 grouping access-vpn-policy { 3700 container vpn-attachment { 3701 choice attachment-flavor { 3702 case vpn-policy-id { 3703 leaf vpn-policy-id { 3704 type leafref { 3705 path "../../../../"+ 3706 "vpn-policies/vpn-policy/"+ 3707 "vpn-policy-id"; 3708 } 3709 description 3710 "Reference to a VPN policy. When referencing VPN 3711 policy for attachment, the vpn-policy-id must be 3712 configured."; 3713 } 3714 } 3715 case vpn-id { 3716 leaf vpn-id { 3717 type leafref { 3718 path "/l3vpn-ntw/vpn-services"+ 3719 "/vpn-service/vpn-id"; 3720 } 3721 description 3722 "Reference to an IP VPN. Referencing a vpn-id provides 3723 an easy way to attach a particular logical access to 3724 a VPN. In this case, vpn-id must be configured."; 3725 } 3726 leaf site-role { 3727 type identityref { 3728 base site-role; 3729 } 3730 default any-to-any-role; 3731 description 3732 "Role of the site in the IP VPN. When referencing a vpn-id, 3733 the site-role setting must be added to express the role of 3734 the site in the target VPN service topology."; 3735 } 3736 } 3737 mandatory true; 3738 description 3739 "Choice for VPN attachment flavor. A choice is implemented 3740 to allow the user to choose the flavor that provides the 3741 best fit."; 3742 } 3743 description 3744 "Defines VPN attachment of a site."; 3745 } 3746 description 3747 "Defines the VPN attachment rules for 3748 a site's logical access."; 3749 } 3750 grouping vpn-profile-cfg { 3751 container valid-provider-identifiers { 3752 list cloud-identifier { 3753 if-feature cloud-access; 3754 key id; 3755 leaf id { 3756 type string; 3757 description 3758 "Identification of cloud service. 3759 Local administration meaning."; 3760 } 3761 description 3762 "List for Cloud Identifiers."; 3763 } 3764 list encryption-profile-identifier { 3765 key id; 3766 leaf id { 3767 type string; 3768 description 3769 "Identification of the SP encryption profile 3770 to be used. Local administration meaning."; 3771 } 3772 description 3773 "List for encryption profile identifiers."; 3774 } 3775 list qos-profile-identifier { 3776 key id; 3777 leaf id { 3778 type string; 3779 description 3780 "Identification of the QoS Profile to be used. 3781 Local administration meaning."; 3782 } 3783 description 3784 "List for QoS Profile Identifiers."; 3785 } 3786 list bfd-profile-identifier { 3787 key id; 3788 leaf id { 3789 type string; 3790 description 3791 "Identification of the SP BFD Profile to be used. 3792 Local administration meaning."; 3793 } 3794 description 3795 "List for BFD Profile identifiers."; 3796 } 3798 list routing-profile-identifier { 3799 key id; 3800 leaf id { 3801 type string; 3802 description 3803 "Identification of the routing Profile to be used 3804 by the routing-protocols within sites and site- 3805 network-accesses. Local administration meaning."; 3806 } 3807 description 3808 "List for Routing Profile Identifiers."; 3809 } 3811 nacm:default-deny-write; 3812 description 3813 "Container for Valid Provider Identifies."; 3814 } 3816 description 3817 "Grouping for VPN Profile configuration."; 3818 } 3819 grouping vpn-svc-cfg { 3820 leaf vpn-id { 3821 type svc-id; 3822 description 3823 "VPN identifier. Local administration meaning."; 3824 } 3825 leaf customer-name { 3826 type string; 3827 description 3828 "Name of the customer that actually uses the VPN service. 3829 In the case that any intermediary (e.g., Tier-2 provider 3830 or partner) sells the VPN service to their end user 3831 on behalf of the original service provider (e.g., Tier-1 3832 provider), the original service provider may require the 3833 customer name to provide smooth activation/commissioning 3834 and operation for the service."; 3835 } 3836 leaf vpn-service-topology { 3837 type identityref { 3838 base vpn-topology; 3839 } 3840 default any-to-any; 3841 description 3842 "VPN service topology."; 3843 } 3845 leaf description { 3846 type string; 3847 description 3848 "Textual description of a VPN service."; 3849 } 3851 uses ie-profiles-params; 3852 uses vpn-nodes-params; 3853 uses vpn-service-cloud-access; 3854 uses vpn-service-multicast; 3855 uses vpn-service-mpls; 3856 uses vpn-extranet; 3857 description 3858 "Grouping for VPN service configuration."; 3859 } 3860 grouping site-top-level-cfg { 3861 uses operational-requirements; 3862 uses customer-location-info; 3863 uses site-devices; 3864 uses site-diversity; 3865 uses site-management; 3866 uses site-vpn-policy; 3867 uses site-vpn-flavor; 3868 uses site-maximum-routes; 3869 uses site-security; 3870 uses site-service; 3871 uses site-protection; 3872 uses site-routing; 3873 description 3874 "Grouping for site top-level configuration."; 3875 } 3876 grouping site-network-access-top-level-cfg { 3878 /* Extension */ 3880 uses status-params; 3882 /* End of Extension */ 3884 leaf site-network-access-type { 3885 type identityref { 3886 base site-network-access-type; 3887 } 3888 default point-to-point; 3889 description 3890 "Describes the type of connection, e.g., 3891 point-to-point or multipoint."; 3892 } 3893 choice location-flavor { 3894 case location { 3895 when "derived-from-or-self(../../management/type, "+ 3896 "'l3vpn-ntw:customer-managed')" { 3897 description 3898 "Applicable only for customer-managed device."; 3899 } 3900 leaf location-reference { 3901 type leafref { 3902 path "../../../locations/location/location-id"; 3903 } 3904 description 3905 "Location of the site-network-access."; 3906 } 3907 } 3908 case device { 3909 when "derived-from-or-self(../../management/type, "+ 3910 "'l3vpn-ntw:provider-managed') or "+ 3911 "derived-from-or-self(../../management/type, "+ 3912 "'l3vpn-ntw:co-managed')" { 3913 description 3914 "Applicable only for provider-managed or co-managed device."; 3915 } 3916 leaf device-reference { 3917 type leafref { 3918 path "../../../devices/device/device-id"; 3919 } 3920 description 3921 "Identifier of CE to use."; 3922 } 3923 } 3924 mandatory true; 3925 description 3926 "Choice of how to describe the site's location."; 3927 } 3928 uses access-diversity; 3929 uses site-attachment-bearer; 3930 uses site-attachment-ip-connection; 3931 uses site-security; 3932 uses site-network-access-service; 3933 uses site-routing; 3934 uses site-attachment-availability; 3935 /*uses access-vpn-policy;*/ 3936 description 3937 "Grouping for site network access top-level configuration."; 3938 } 3940 /* Extensions */ 3942 /* Bearers in a site */ 3943 grouping site-bearer-params { 3945 description "Container that encloses all the bearers 3946 connected to a site. A bearer is mapped one to one 3947 to a port on the PE router."; 3949 container site-bearers { 3950 list bearer { 3951 key "bearer-id"; 3953 leaf bearer-id { 3954 description "Unique identifier for a bearer. This 3955 identifies shall be mapped to the bearer-reference 3956 on a site-network-access."; 3957 type string; 3958 } 3960 leaf ne-id { 3961 description "Unique identifier for a network 3962 element. This identifier may be a string, a UUID, 3963 an IP address, etc."; 3964 type string; 3965 } 3967 leaf port-id { 3968 description "Port of the PE router for the given 3969 bearer."; 3970 type string; 3971 } 3972 } 3973 } 3974 } 3976 /* UNUSED */ 3977 grouping svc-bandwidth-params { 3978 container svc-bandwidth { 3979 if-feature "input-bw"; 3980 list bandwidth { 3981 key "direction type"; 3982 leaf direction { 3983 type identityref { 3984 base bw-direction; 3985 } 3986 description 3987 "Indicates the bandwidth direction. It can be 3988 the bandwidth download direction from the SP to 3989 the site or the bandwidth upload direction from 3990 the site to the SP."; 3991 } 3992 leaf type { 3993 type identityref { 3994 base bw-type; 3995 } 3996 description 3997 "Bandwidth type. By default, the bandwidth type 3998 is set to 'bw-per-cos'."; 3999 } 4000 leaf cos-id { 4001 when "derived-from-or-self(../type, " 4002 + "'l3vpn-ntw:bw-per-cos')" { 4003 description 4004 "Relevant when the bandwidth type is set to 4005 'bw-per-cos'."; 4006 } 4007 type uint8; 4008 description 4009 "Identifier of the CoS, indicated by DSCP or a 4010 CE-VLAN CoS (802.1p) value in the service frame. 4011 If the bandwidth type is set to 'bw-per-cos', 4012 the CoS ID MUST also be specified."; 4013 } 4014 leaf vpn-id { 4015 when "derived-from-or-self(../type, " 4016 + "'l3vpn-ntw:bw-per-svc')" { 4017 description 4018 "Relevant when the bandwidth type is 4019 set as bandwidth per VPN service."; 4020 } 4021 type svc-id; 4022 description 4023 "Identifies the target VPN. If the bandwidth 4024 type is set as bandwidth per VPN service, the 4025 vpn-id MUST be specified."; 4026 } 4027 leaf cir { 4028 type uint64; 4029 units "bps"; 4030 mandatory true; 4031 description 4032 "Committed Information Rate. The maximum number 4033 of bits that a port can receive or send over 4034 an interface in one second."; 4035 } 4036 leaf cbs { 4037 type uint64; 4038 units "bps"; 4039 mandatory true; 4040 description 4041 "Committed Burst Size (CBS). Controls the bursty 4042 nature of the traffic. Traffic that does not 4043 use the configured Committed Information Rate 4044 (CIR) accumulates credits until the credits 4045 reach the configured CBS."; 4046 } 4047 leaf eir { 4048 type uint64; 4049 units "bps"; 4050 description 4051 "Excess Information Rate (EIR), i.e., excess frame 4052 delivery allowed that is not subject to an SLA. 4053 The traffic rate can be limited by the EIR."; 4054 } 4055 leaf ebs { 4056 type uint64; 4057 units "bps"; 4058 description 4059 "Excess Burst Size (EBS). The bandwidth available 4060 for burst traffic from the EBS is subject to the 4061 amount of bandwidth that is accumulated during 4062 periods when traffic allocated by the EIR 4063 policy is not used."; 4064 } 4065 leaf pir { 4066 type uint64; 4067 units "bps"; 4068 description 4069 "Peak Information Rate, i.e., maximum frame 4070 delivery allowed. It is equal to or less 4071 than the sum of the CIR and the EIR."; 4072 } 4073 leaf pbs { 4074 type uint64; 4075 units "bps"; 4076 description 4077 "Peak Burst Size. It is measured in bytes per 4078 second."; 4079 } 4080 description 4081 "List of bandwidth values (e.g., per CoS, 4082 per vpn-id)."; 4083 } 4084 description 4085 "From the customer site's perspective, the service 4086 input/output bandwidth of the connection or 4087 download/upload bandwidth from the SP/site 4088 to the site/SP."; 4089 } 4090 } 4092 grouping status-params { 4093 container status { 4094 description "Operational and administrative status for 4095 different elements in the model."; 4096 leaf admin-enabled { 4097 description "True is the entity is administratively 4098 enabled."; 4100 type boolean; 4101 } 4102 leaf oper-status { 4103 config false; 4104 description "Operational status of the given entity 4105 (UP, DOWN, UNKNOWN)."; 4106 type operational-type; 4107 } 4108 } 4109 } 4111 /* Parameters related to vpn-nodes (VRF config.) */ 4112 grouping vpn-nodes-params { 4113 description "Grouping to define VRF-specific configuration."; 4115 container vpn-nodes { 4116 description "Container that defines VRF-specific configuration."; 4118 list vpn-node { 4119 key "vpn-node-id ne-id"; 4121 leaf vpn-node-id { 4122 description "Identifier of the VPN node. It can be 4123 identified or mapped as the VRF name. As it may not 4124 be globally unique, the ne-id is also needed."; 4125 type string; 4126 } 4128 leaf description { 4129 type string; 4130 description 4131 "Textual description of a VPN node."; 4132 } 4134 leaf ne-id { 4135 description "Unique identifier for a network element where 4136 to instantiate the VRF. This identifier may be a string, 4137 a UUID, an IP address, etc."; 4138 type string; 4139 } 4141 leaf router-id { 4142 description "In case of being necessary, it defines the IP 4143 address to identify the VRF. If not specified, the IP of 4144 the loopback interface within the base routing instance 4145 will be used."; 4146 type inet:ipv4-address; 4148 } 4150 leaf autonomous-system { 4151 type uint32; 4152 description 4153 "AS number of the VRF."; 4154 } 4156 leaf node-role { 4157 type identityref { 4158 base site-role; 4159 } 4160 default any-to-any-role; 4161 description 4162 "Role of the vpn-node in the IP VPN."; 4163 } 4165 uses status-params; 4167 /* Here we use the name given to the existing structure in sites */ 4168 uses site-maximum-routes; 4170 leaf node-ie-profile { 4171 description "Reference to an import export profile 4172 defined within a VPN service."; 4173 type leafref { 4174 path "/l3vpn-ntw/vpn-services/"+ 4175 "vpn-service/ie-profiles/ie-profile/ie-profile-id"; 4176 } 4177 } 4179 container site-attachments { 4180 list site-attachment { 4181 key "site-id"; 4183 description "List of attachments (site-network-accesses) 4184 that are connected to the VPN-node (VRF instance)."; 4186 leaf site-id { 4187 description "Identifier of the site where the site-network- 4188 access is located."; 4189 type leafref{ 4190 path "/l3vpn-ntw/sites/site/site-id"; 4191 } 4192 } 4193 leaf-list site-network-access-id { 4194 type leafref { 4195 description "Identifier of the site-network-access to be 4196 attached to the VPN node."; 4197 path "/l3vpn-ntw/sites/site/site-network-accesses/"+ 4198 "site-network-access/site-network-access-id"; 4199 } 4200 } 4201 } 4202 } 4203 } 4204 } 4205 } 4207 /* Parameters related to import and export profiles (RTs RDs.) */ 4208 grouping ie-profiles-params { 4209 description "Grouping to specify rules for route import and export"; 4211 container ie-profiles { 4213 list ie-profile { 4215 key "ie-profile-id"; 4217 leaf ie-profile-id { 4218 type string; 4219 description 4220 "Unique identifier for an import/export profile defined 4221 within a VPN node."; 4222 } 4224 leaf rd { 4226 type rt-types:route-distinguisher; 4227 description 4228 "Route distinguisher."; 4229 } 4231 container vpn-targets { 4232 description 4233 "Set of route-targets to match for import and export routes 4234 to/from VRF"; 4235 uses rt-types:vpn-route-targets; 4236 } 4237 } 4238 } 4239 } 4241 grouping pseudowire-params { 4243 container pseudowire { 4244 /*leaf far-end {*/ 4245 /* description "IP of the remote peer of the pseudowire.";*/ 4246 /* type inet:ip-address;*/ 4247 /*}*/ 4249 leaf vcid { 4250 description "PW or virtual circuit identifier."; 4251 type uint32; 4252 } 4253 } 4254 } 4256 grouping security-params { 4258 container security { 4259 description 4260 "Container for aggregating any security parameter for routing 4261 sessions between a PE and a CE."; 4263 leaf auth-key { 4264 type string; 4265 description 4266 "MD5 authentication password for the connection towards the 4267 customer edge."; 4268 } 4270 } 4271 } 4273 grouping ethernet-params { 4274 container connection { 4275 leaf encapsulation-type { 4276 type identityref { 4277 base encapsulation-type; 4278 } 4279 default "ethernet"; 4280 description 4281 "Encapsulation type. By default, the 4282 encapsulation type is set to 'ethernet'."; 4283 } 4284 leaf eth-inf-type { 4285 type identityref { 4286 base eth-inf-type; 4287 } 4288 default "untagged"; 4289 description 4290 "Ethernet interface type. By default, the 4291 Ethernet interface type is set to 'untagged'."; 4293 } 4294 container tagged-interface { 4295 leaf type { 4296 type identityref { 4297 base tagged-inf-type; 4298 } 4299 default "priority-tagged"; 4300 description 4301 "Tagged interface type. By default, 4302 the type of the tagged interface is 4303 'priority-tagged'."; 4304 } 4305 container dot1q-vlan-tagged { 4306 when "derived-from-or-self(../type, " 4307 + "'l3vpn-ntw:dot1q')" { 4308 description 4309 "Only applies when the type of the tagged 4310 interface is 'dot1q'."; 4311 } 4312 if-feature "dot1q"; 4313 leaf tg-type { 4314 type identityref { 4315 base tag-type; 4316 } 4317 default "c-vlan"; 4318 description 4319 "Tag type. By default, the tag type is 4320 'c-vlan'."; 4321 } 4322 leaf cvlan-id { 4323 type uint16; 4324 mandatory true; 4325 description 4326 "VLAN identifier."; 4327 } 4328 description 4329 "Tagged interface."; 4330 } 4331 container priority-tagged { 4332 when "derived-from-or-self(../type, " 4333 + "'l3vpn-ntw:priority-tagged')" { 4334 description 4335 "Only applies when the type of the tagged 4336 interface is 'priority-tagged'."; 4337 } 4338 leaf tag-type { 4339 type identityref { 4340 base tag-type; 4342 } 4343 default "c-vlan"; 4344 description 4345 "Tag type. By default, the tag type is 4346 'c-vlan'."; 4347 } 4348 description 4349 "Priority tagged."; 4350 } 4351 container qinq { 4352 when "derived-from-or-self(../type, " 4353 + "'l3vpn-ntw:qinq')" { 4354 description 4355 "Only applies when the type of the tagged 4356 interface is 'qinq'."; 4357 } 4358 if-feature "qinq"; 4359 leaf tag-type { 4360 type identityref { 4361 base tag-type; 4362 } 4363 default "c-s-vlan"; 4364 description 4365 "Tag type. By default, the tag type is 4366 'c-s-vlan'."; 4367 } 4368 leaf svlan-id { 4369 type uint16; 4370 mandatory true; 4371 description 4372 "SVLAN identifier."; 4373 } 4374 leaf cvlan-id { 4375 type uint16; 4376 mandatory true; 4377 description 4378 "CVLAN identifier."; 4379 } 4380 description 4381 "QinQ."; 4382 } 4383 container qinany { 4384 when "derived-from-or-self(../type, " 4385 + "'l3vpn-ntw:qinany')" { 4386 description 4387 "Only applies when the type of the tagged 4388 interface is 'qinany'."; 4389 } 4390 if-feature "qinany"; 4391 leaf tag-type { 4392 type identityref { 4393 base tag-type; 4394 } 4395 default "s-vlan"; 4396 description 4397 "Tag type. By default, the tag type is 4398 's-vlan'."; 4399 } 4400 leaf svlan-id { 4401 type uint16; 4402 mandatory true; 4403 description 4404 "SVLAN ID."; 4405 } 4406 description 4407 "Container for QinAny."; 4408 } 4409 container vxlan { 4410 when "derived-from-or-self(../type, " 4411 + "'l3vpn-ntw:vxlan')" { 4412 description 4413 "Only applies when the type of the tagged 4414 interface is 'vxlan'."; 4415 } 4416 if-feature "vxlan"; 4417 leaf vni-id { 4418 type uint32; 4419 mandatory true; 4420 description 4421 "VXLAN Network Identifier (VNI)."; 4422 } 4423 leaf peer-mode { 4424 type identityref { 4425 base vxlan-peer-mode; 4426 } 4427 default "static-mode"; 4428 description 4429 "Specifies the VXLAN access mode. By default, 4430 the peer mode is set to 'static-mode'."; 4431 } 4432 list peer-list { 4433 key "peer-ip"; 4434 leaf peer-ip { 4435 type inet:ip-address; 4436 description 4437 "Peer IP."; 4439 } 4440 description 4441 "List of peer IP addresses."; 4442 } 4443 description 4444 "QinQ."; 4445 } 4446 description 4447 "Container for tagged interfaces."; 4448 } 4449 } 4450 } 4452 /* Main blocks */ 4453 container l3vpn-ntw { 4454 container vpn-profiles { 4455 uses vpn-profile-cfg; 4456 description 4457 "Container for VPN Profiles."; 4458 } 4459 container vpn-services { 4460 list vpn-service { 4461 key vpn-id; 4462 uses vpn-svc-cfg; 4463 description 4464 "List of VPN services."; 4465 } 4466 description 4467 "Top-level container for the VPN services."; 4468 } 4469 container sites { 4470 list site { 4471 key site-id; 4472 leaf site-id { 4473 type svc-id; 4474 description 4475 "Identifier of the site."; 4476 } 4477 leaf description { 4478 type string; 4479 description 4480 "Textual description of a site."; 4481 } 4482 uses site-top-level-cfg; 4483 uses operational-requirements-ops; 4484 uses site-bearer-params; 4485 container site-network-accesses { 4486 list site-network-access { 4487 key site-network-access-id; 4488 leaf site-network-access-id { 4489 type svc-id; 4490 description 4491 "Identifier for the access."; 4492 } 4493 leaf description { 4494 type string; 4495 description 4496 "Textual description of a VPN service."; 4497 } 4498 uses site-network-access-top-level-cfg; 4499 description 4500 "List of accesses for a site."; 4501 } 4502 description 4503 "List of accesses for a site."; 4504 } 4505 description 4506 "List of sites."; 4507 } 4508 description 4509 "Container for sites."; 4510 } 4511 description 4512 "Main container for L3VPN service configuration."; 4513 } 4514 } 4516 Figure 4 4518 6. IANA Considerations 4520 This memo includes no request to IANA. 4522 7. Security Considerations 4524 All the security considerations of RFC 8299 [RFC8299] apply to this 4525 document. Subsequent versions will provide additional security 4526 considerations. 4528 8. Implementation Status 4530 This section will be used to track the status of the implementations 4531 of the model. It is aimed at being removed if the document becomes 4532 RFC. 4534 9. Acknowledgements 4536 Thanks to Adrian Farrel and Miguel Cros for the suggestions on the 4537 document. Lots of thanks for the discussions on opsawg mailing list. 4538 Some of the comments will be addressed in next versions 4540 10. Contributors 4542 Daniel King 4543 Old Dog Consulting 4544 Email: daniel@olddog.co.uk 4546 Samier Barguil 4547 Telefonica 4548 Email: samier.barguilgiraldo.ext@telefonica.com 4550 Luay Jalil 4551 Verizon 4552 Email: luay.jalil@verizon.com 4554 Qin Wu 4555 Huawei 4556 Email: bill.wu@huawei.com> 4558 11. References 4560 11.1. Normative References 4562 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 4563 Requirement Levels", BCP 14, RFC 2119, 4564 DOI 10.17487/RFC2119, March 1997, 4565 . 4567 11.2. Informative References 4569 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 4570 and A. Bierman, Ed., "Network Configuration Protocol 4571 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 4572 . 4574 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 4575 RFC 7950, DOI 10.17487/RFC7950, August 2016, 4576 . 4578 [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, 4579 "YANG Data Model for L3VPN Service Delivery", RFC 8299, 4580 DOI 10.17487/RFC8299, January 2018, 4581 . 4583 [RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models 4584 Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018, 4585 . 4587 Authors' Addresses 4589 Alejandro Aguado 4590 Telefonica 4591 Madrid 4592 ES 4594 Email: alejandro.aguadomartin.ext@telefonica.com 4596 Oscar Gonzalez de Dios (editor) 4597 Telefonica 4598 Madrid 4599 ES 4601 Email: oscar.gonzalezdedios@telefonica.com 4603 Victor Lopez 4604 Telefonica 4605 Madrid 4606 ES 4608 Email: victor.lopezalvarez@telefonica.com 4610 Daniel Voyer 4611 Bell Canada 4612 CA 4614 Email: daniel.voyer@bell.ca 4616 Luis Angel Munoz 4617 Vodafone 4618 ES 4620 Email: luis-angel.munoz@vodafone.com