idnits 2.17.1 draft-bestbar-teas-yang-nrp-policy-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (March 7, 2022) is 778 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-10) exists of draft-bestbar-teas-ns-packet-08 ** Downref: Normative reference to an Informational draft: draft-bestbar-teas-ns-packet (ref. 'I-D.bestbar-teas-ns-packet') == Outdated reference: A later version (-05) exists of draft-bestbar-teas-yang-topology-filter-02 == Outdated reference: A later version (-25) exists of draft-ietf-teas-ietf-network-slices-07 ** Downref: Normative reference to an Informational draft: draft-ietf-teas-ietf-network-slices (ref. 'I-D.ietf-teas-ietf-network-slices') Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TEAS Working Group T. Saad 3 Internet-Draft V. Beeram 4 Intended status: Standards Track Juniper Networks 5 Expires: September 8, 2022 B. Wen 6 Comcast 7 D. Ceccarelli 8 Ericsson 9 S. Peng 10 R. Chen 11 ZTE Corporation 12 LM. Contreras 13 Telefonica 14 X. Liu 15 IBM Corporation 16 March 7, 2022 18 YANG Data Model for Network Resource Partition Policy 19 draft-bestbar-teas-yang-nrp-policy-00 21 Abstract 23 A Network Resource Partition (NRP) is a collection of resources 24 identified in the underlay network to support services (like IETF 25 Network Slices) that need logical network structures with required 26 characteristics to be created. An NRP policy is a policy construct 27 that enables instantiation of mechanisms in support of service 28 specific control and data plane behaviors on select topological 29 elements associated with the NRP. This document defines a YANG data 30 model for the management of NRP policies on NRP capable nodes and 31 controllers in IP/MPLS networks. 33 Requirements Language 35 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 36 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 37 "OPTIONAL" in this document are to be interpreted as described in BCP 38 14 [RFC2119] [RFC8174] when, and only when, they appear in all 39 capitals, as shown here. 41 Status of This Memo 43 This Internet-Draft is submitted in full conformance with the 44 provisions of BCP 78 and BCP 79. 46 Internet-Drafts are working documents of the Internet Engineering 47 Task Force (IETF). Note that other groups may also distribute 48 working documents as Internet-Drafts. The list of current Internet- 49 Drafts is at https://datatracker.ietf.org/drafts/current/. 51 Internet-Drafts are draft documents valid for a maximum of six months 52 and may be updated, replaced, or obsoleted by other documents at any 53 time. It is inappropriate to use Internet-Drafts as reference 54 material or to cite them other than as "work in progress." 56 This Internet-Draft will expire on September 8, 2022. 58 Copyright Notice 60 Copyright (c) 2022 IETF Trust and the persons identified as the 61 document authors. All rights reserved. 63 This document is subject to BCP 78 and the IETF Trust's Legal 64 Provisions Relating to IETF Documents 65 (https://trustee.ietf.org/license-info) in effect on the date of 66 publication of this document. Please review these documents 67 carefully, as they describe your rights and restrictions with respect 68 to this document. Code Components extracted from this document must 69 include Simplified BSD License text as described in Section 4.e of 70 the Trust Legal Provisions and are provided without warranty as 71 described in the Simplified BSD License. 73 Table of Contents 75 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 76 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 77 1.2. Tree Structure . . . . . . . . . . . . . . . . . . . . . 4 78 2. NRP Policy Data Model . . . . . . . . . . . . . . . . . . . . 4 79 2.1. Model Usage . . . . . . . . . . . . . . . . . . . . . . . 4 80 2.2. Model Structure . . . . . . . . . . . . . . . . . . . . . 4 81 2.3. NRP Policies . . . . . . . . . . . . . . . . . . . . . . 5 82 2.3.1. Resource Reservation . . . . . . . . . . . . . . . . 5 83 2.3.2. Flow Aggregate Selector . . . . . . . . . . . . . . . 6 84 2.3.3. Per-Hop-Behavior . . . . . . . . . . . . . . . . . . 7 85 2.3.4. Topology . . . . . . . . . . . . . . . . . . . . . . 7 86 2.4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 9 87 3. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 88 4. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 19 89 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 90 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20 91 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 92 7.1. Normative References . . . . . . . . . . . . . . . . . . 20 93 7.2. Informative References . . . . . . . . . . . . . . . . . 22 94 Appendix A. Complete Model Tree Structure . . . . . . . . . . . 22 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 97 1. Introduction 99 An IETF Network Slice [I-D.ietf-teas-ietf-network-slices] is a 100 service that provides connectivity coupled with a set of specific 101 commitments of network resources between a number of endpoints over a 102 shared underlay network. The IETF Network Slice service is expressed 103 in terms of one or more connectivity constructs. One or more 104 connectivity constructs from one or more IETF Network Slices are 105 mapped to a set of network resources called a Network Resource 106 Partition (NRP). An NRP is a collection of resources identified in 107 the underlay network to support the IETF Network Slice service (or 108 any other service that needs logical network structures with required 109 characteristics to be created). An NRP Policy 110 [I-D.bestbar-teas-ns-packet] is a policy construct that enables 111 instantiation of mechanisms in support of service specific control 112 and data plane behaviors on select topological elements associated 113 with the NRP. 115 An NRP policy specifies the rules for determining the topology 116 associated with the NRP and dictates how an NRP can be realized in 117 IP/MPLS networks using one of three modes. The NRP policy dictates 118 if the partitioning of the shared network resources can be achieved 119 in (a) just the data plane or in (b) just the control plane or in (c) 120 both the control and data planes. 122 The NRP policy modes (a) and (c) require the forwarding engine on 123 each NRP capable node to identify the traffic belonging to a specific 124 flow aggregate and to apply the corresponding Per-Hop Behavior (PHB) 125 that determines the forwarding treatment of the packets belonging to 126 the flow aggregate. The identification of the flow aggregate that 127 the packet belongs to and the corresponding forwarding treatment that 128 needs to be applied to the packet is dictated by the NRP policy. 129 When catering to IETF Network Slices, this flow aggregate is referred 130 to as the Slice-Flow Aggregate [I-D.bestbar-teas-ns-packet] and 131 comprises of traffic streams from one or more connectivity constructs 132 (belonging to one or more IETF network slices) mapped to a specific 133 NRP. 135 The NRP policy modes (b) and (c) require the distributed/centralized 136 resource reservation manager in the control plane to manage NRP 137 resource reservation. The provisions for enabling NRP state aware 138 traffic engineering (NRP-TE) [I-D.bestbar-teas-ns-packet] are 139 dictated by the NRP policy. 141 This document defines a YANG data model for the management of NRP 142 policies on NRP capable nodes and controllers in IP/MPLS networks. 144 1.1. Terminology 146 The terminology for describing YANG data models is found in 147 [RFC7950]. 149 The reader is expected to be familiar with the terminology specified 150 in [I-D.ietf-teas-ietf-network-slices] and 151 [I-D.bestbar-teas-ns-packet]. 153 1.2. Tree Structure 155 A simplified graphical representation of the data model is presented 156 in Appendix A of this document. The tree format defined in [RFC8340] 157 is used for the YANG data model tree representation. 159 2. NRP Policy Data Model 161 2.1. Model Usage 163 A controller that consumes the IETF Network Slice service requests 164 determines which specific connectivity constructs from one or more 165 slices can be grouped together. This could be based on a specific 166 set of SLOs and SLEs, or on any administrative or operational reason. 167 A controller function that has visibility of the underlay network and 168 its resources maps these connectivity constructs onto the NRP. It 169 also constructs and distributes the network wide consistent NRP 170 policy (using the data model defined in this document) to the 171 relevant NRP capable nodes and controllers. 173 2.2. Model Structure 175 The high-level model structure defined by this document is as shown 176 below: 178 module: ietf-nrp-policy 179 augment /nw:networks: 180 +--rw nrp-policies 181 +--rw nrp-policy* [name] 182 +--rw name string 183 +--rw nrp-id? uint32 184 +--rw resource-reservation 185 | + ............ 186 +--rw flow-agg-selector 187 | + ............ 188 +--rw phb? string 189 +--rw topology 190 +--rw filters 191 +--rw filter* [filter-ref] 192 + ............ 193 +--rw resource-reservation 194 | + ............ 195 +--rw flow-agg-selector 196 | + ............ 197 +--rw phb? string 199 The 'networks' container from the 'ietf-network' module [RFC8345] 200 provides a placeholder for an inventory of nodes in the network. 201 This container is augmented to carry a set of NRP policies. 203 2.3. NRP Policies 205 The 'nrp-policies' container carries a list of NRP policies. Each 206 'nrp-policy' entry is identified by a name and holds the set of 207 attributes needed to instantiate the NRP. Each entry also carries an 208 'nrp-id' leaf which uniquely identifies the NRP created by the 209 enforcement of this policy. The key elements of each nrp-policy 210 entry are discussed in the following sub-sections. 212 2.3.1. Resource Reservation 214 The 'resource-reservation' container carries data nodes that are used 215 to support NRP state aware bandwidth engineering. The data nodes in 216 this container facilitate preference-based preemption of NRP state 217 aware TE paths, sharing of resources amongst a group of NRPs and 218 backup path bandwidth protection. 220 +--rw resource-reservation 221 | +--rw preference? uint16 222 | +--rw (max-bw-type)? 223 | | +--:(bw-value) 224 | | | +--rw maximum-bandwidth? uint64 225 | | +--:(bw-percentage) 226 | | +--rw maximum-bandwidth-percent? 227 | | rt-types:percentage 228 | +--rw shared-resource-groups* uint32 229 | +--rw protection 230 | +--rw backup-nrp-id? uint32 231 | +--rw (backup-bw-type)? 232 | +--:(backup-bw-value) 233 | | +--rw backup-bandwidth? uint64 234 | +--:(backup-bw-percentage) 235 | +--rw backup-bandwidth-percent? 236 | rt-types:percentage 238 2.3.2. Flow Aggregate Selector 240 The 'flow-agg-selector' container carries data nodes that specify the 241 rules for identifying which packets belong to the flow aggregate that 242 this NRP caters to. 244 +--rw flow-agg-selector 245 | +--rw mpls 246 | | +--rw (fas-type)? 247 | | +--:(label) 248 | | | +--rw (specification-type)? 249 | | | +--:(derived) 250 | | | | +--rw forwarding-label? empty 251 | | | +--:(explicit) 252 | | | +--rw label? 253 | | | | rt-types:mpls-label 254 | | | +--rw label-position? 255 | | | | identityref 256 | | | +--rw label-position-offset? uint8 257 | | +--:(label-ranges) 258 | | +--rw label-range* [index] 259 | | +--rw index string 260 | | +--rw start-label? 261 | | | rt-types:mpls-label 262 | | +--rw end-label? 263 | | | rt-types:mpls-label 264 | | +--rw label-position? identityref 265 | | +--rw label-position-offset? uint8 266 | +--rw ipv4 267 | | +--rw destination-prefix* inet:ipv4-prefix 268 | +--rw ipv6 269 | | +--rw (fas-type)? 270 | | +--:(ipv6-destination) 271 | | | +--rw destination-prefix* inet:ipv6-prefix 272 | | +--:(ipv6-hbh-eh) 273 | | +--rw fas-hbh-eh* uint32 274 | +--rw acl-ref* nrp-policy-acl-ref 276 2.3.3. Per-Hop-Behavior 278 The 'phb' leaf carries a name of a PHB profile available on the 279 topological element where the policy is being enforced. 281 +--rw phb? string 283 2.3.4. Topology 285 The 'topology' container consists of a list of filters where each 286 entry references a topology filter 287 [I-D.bestbar-teas-yang-topology-filter]. The resultant topology from 288 the union of these filters is referred to as the NRP topology. The 289 topological elements that satisfy the membership criteria can 290 optionally override the default resource-reservation, flow-agg- 291 selector and phb specific leafs. 293 +--rw topology 294 +--rw filters 295 +--rw filter* [filter-ref] 296 +--rw filter-ref 297 | nrp-policy-topo-filter-ref 298 +--rw resource-reservation 299 | +--rw preference? uint16 300 | +--rw (max-bw-type)? 301 | | +--:(bw-value) 302 | | | +--rw maximum-bandwidth? uint64 303 | | +--:(bw-percentage) 304 | | +--rw maximum-bandwidth-percent? 305 | | rt-types:percentage 306 | +--rw shared-resource-groups* uint32 307 | +--rw protection 308 | +--rw backup-nrp-id? 309 | | uint32 310 | +--rw (backup-bw-type)? 311 | +--:(backup-bw-value) 312 | | +--rw backup-bandwidth? 313 | | uint64 314 | +--:(backup-bw-percentage) 315 | +--rw backup-bandwidth-percent? 316 | rt-types:percentage 317 +--rw flow-agg-selector 318 | +--rw mpls 319 | | +--rw (fas-type)? 320 | | +--:(label) 321 | | | +--rw (specification-type)? 322 | | | +--:(derived) 323 | | | | +--rw forwarding-label? 324 | | | | empty 325 | | | +--:(explicit) 326 | | | +--rw label? 327 | | | | rt-types:mpls-label 328 | | | +--rw label-position? 329 | | | | identityref 330 | | | +--rw label-position-offset? 331 | | | uint8 332 | | +--:(label-ranges) 333 | | +--rw label-range* [index] 334 | | +--rw index 335 | | | string 336 | | +--rw start-label? 337 | | | rt-types:mpls-label 338 | | +--rw end-label? 339 | | | rt-types:mpls-label 340 | | +--rw label-position? 341 | | | identityref 342 | | +--rw label-position-offset? 343 | | uint8 344 | +--rw ipv4 345 | | +--rw destination-prefix* inet:ipv4-prefix 346 | +--rw ipv6 347 | | +--rw (fas-type)? 348 | | +--:(ipv6-destination) 349 | | | +--rw destination-prefix* 350 | | | inet:ipv6-prefix 351 | | +--:(ipv6-hbh-eh) 352 | | +--rw fas-hbh-eh* uint32 353 | +--rw acl-ref* nrp-policy-acl-ref 354 +--rw phb? string 356 2.4. YANG Module 358 file "ietf-nrp-policy@2022-03-07.yang" 359 module ietf-nrp-policy { 360 yang-version 1.1; 361 namespace "urn:ietf:params:xml:ns:yang:ietf-nrp-policy"; 362 prefix nrp-pol; 364 import ietf-inet-types { 365 prefix inet; 366 reference 367 "RFC 6991: Common YANG Data Types"; 368 } 369 import ietf-routing-types { 370 prefix rt-types; 371 reference 372 "RFC 8294: Common YANG Data Types for the Routing Area"; 373 } 374 import ietf-network { 375 prefix nw; 376 reference 377 "RFC 8345: A YANG Data Model for Network Topologies"; 378 } 379 import ietf-access-control-list { 380 prefix acl; 381 reference 382 "RFC 8519: YANG Data Model for Network Access Control Lists 383 (ACLs)"; 384 } 385 import ietf-topology-filter { 386 prefix topo-filt; 387 reference 388 "draft-bestbar-teas-yang-topology-filter: YANG Data Model 389 for Topology Filter"; 390 } 392 organization 393 "IETF Traffic Engineering Architecture and Signaling (TEAS) 394 Working Group."; 395 contact 396 "WG Web: 397 WG List: 399 Editor: Vishnu Pavan Beeram 400 402 Editor: Tarek Saad 403 405 Editor: Bin Wen 406 408 Editor: Daniele Ceccarelli 409 411 Editor: Shaofu Peng 412 414 Editor: Ran Chen 415 417 Editor: Luis M. Contreras 418 420 Editor: Xufeng Liu 421 "; 422 description 423 "This YANG module defines a data model for managing Network 424 Resource Partition Policies on Network Resource Partition 425 capable nodes and controllers. 427 Copyright (c) 2022 IETF Trust and the persons identified as 428 authors of the code. All rights reserved. 430 Redistribution and use in source and binary forms, with or 431 without modification, is permitted pursuant to, and subject to 432 the license terms contained in, the Simplified BSD License set 433 forth in Section 4.c of the IETF Trust's Legal Provisions 434 Relating to IETF Documents 435 (https://trustee.ietf.org/license-info). 437 This version of this YANG module is part of RFC XXXX; see the 438 RFC itself for full legal notices."; 440 revision 2022-03-07 { 441 description 442 "Initial revision."; 443 reference 444 "RFC XXXX: YANG Data Model for Network Resource Partition 445 Policies."; 446 } 448 /* 449 * I D E N T I T I E S 450 */ 452 /* 453 * Identity: 454 * MPLS Flow Aggregate Selector (FAS) Label Position Type. 455 */ 457 identity fas-mpls-label-position-type { 458 description 459 "Base identity for the position of the MPLS FAS label."; 460 } 462 identity fas-mpls-label-position-top { 463 base fas-mpls-label-position-type; 464 description 465 "MPLS FAS label is at the top of the label stack."; 466 } 468 identity fas-mpls-label-position-bottom { 469 base fas-mpls-label-position-type; 470 description 471 "MPLS FAS label is either at the bottom or at a specific 472 offset from the bottom of the label stack."; 473 } 475 identity fas-mpls-label-position-indicator { 476 base fas-mpls-label-position-type; 477 description 478 "MPLS FAS is preceded by a special purpose 479 indicator label in the label stack."; 480 } 482 /* 483 * T Y P E D E F S 484 */ 486 typedef nrp-policy-acl-ref { 487 type leafref { 488 path "/acl:acls/acl:acl/acl:name"; 489 } 490 description 491 "This type is used to reference an ACL."; 492 } 494 typedef nrp-policy-topo-filter-ref { 495 type leafref { 496 path "/nw:networks/topo-filt:topology-filters/" 497 + "topo-filt:topology-filter/topo-filt:name"; 498 } 499 description 500 "This type is used to reference a Topology Filter."; 501 } 503 /* 504 * G R O U P I N G S 505 */ 507 /* 508 * Grouping - MPLS FAS label location specific fields 509 */ 511 grouping nrp-pol-fas-mpls-label-location { 512 description 513 "Grouping for MPLS FAS label location specific fields."; 514 leaf label-position { 515 type identityref { 516 base fas-mpls-label-position-type; 517 } 518 description 519 "MPLS FAS label position."; 520 } 521 leaf label-position-offset { 522 when "derived-from-or-self(../label-position," 523 + "'nrp-pol:fas-mpls-label-position-bottom')" { 524 description 525 "MPLS label position offset is relevant only when the 526 label-position is set to 'bottom'."; 527 } 528 type uint8; 529 description 530 "MPLS label position offset."; 531 } 533 } 535 /* 536 * Grouping - Flow-Aggregate Selector (FAS) 537 */ 539 grouping nrp-pol-flow-agg-selector { 540 description 541 "Grouping for Flow-Aggregate Selector (FAS)."; 542 container flow-agg-selector { 543 description 544 "Container for FAS."; 545 container mpls { 546 description 547 "Container for MPLS FAS."; 548 choice fas-type { 549 description 550 "Choices for MPLS FAS."; 551 case label { 552 choice specification-type { 553 description 554 "Choices for MPLS label specification."; 555 case derived { 556 leaf forwarding-label { 557 type empty; 558 description 559 "MPLS FAS Label is derived from 560 forwarding label."; 561 } 562 } 563 case explicit { 564 leaf label { 565 type rt-types:mpls-label; 566 description 567 "MPLS FAS Label is explicitly 568 specified."; 569 } 570 uses nrp-pol-fas-mpls-label-location; 571 } 572 } 573 } 574 case label-ranges { 575 list label-range { 576 key "index"; 577 unique "start-label end-label"; 578 description 579 "Any label from the specified set of MPLS label 580 ranges can be used as the FAS."; 582 leaf index { 583 type string; 584 description 585 "A string that uniquely identifies a label 586 range."; 587 } 588 leaf start-label { 589 type rt-types:mpls-label; 590 must '. <= ../end-label' { 591 error-message 592 "The start-label must be less than or equal " 593 + "to end-label"; 594 } 595 description 596 "Label-range start."; 597 } 598 leaf end-label { 599 type rt-types:mpls-label; 600 must '. >= ../start-label' { 601 error-message 602 "The end-label must be greater than or equal " 603 + "to start-label"; 604 } 605 description 606 "Label-range end."; 607 } 608 uses nrp-pol-fas-mpls-label-location; 609 } 610 } 611 } 612 } 613 container ipv4 { 614 description 615 "Container for IPv4 FAS."; 616 leaf-list destination-prefix { 617 type inet:ipv4-prefix; 618 description 619 "Any prefix from the specified set of IPv4 620 destination prefixes can be the FAS."; 621 } 622 } 623 container ipv6 { 624 description 625 "Container for IPv6 FAS."; 626 choice fas-type { 627 description 628 "Choices for IPv6 FAS."; 629 case ipv6-destination { 630 leaf-list destination-prefix { 631 type inet:ipv6-prefix; 632 description 633 "Any prefix from the specified set of IPv6 634 destination prefixes can be the FAS."; 635 } 636 } 637 case ipv6-hbh-eh { 638 leaf-list fas-hbh-eh { 639 type uint32; 640 description 641 "Set of FAS values carried in Hop-by-Hop 642 Option of IPv6 extension header."; 643 } 644 } 645 } 646 } 647 leaf-list acl-ref { 648 type nrp-policy-acl-ref; 649 description 650 "Flow Aggregate selection is done based on the 651 specified list of ACLs."; 652 } 653 } 654 } 656 /* 657 * Grouping - NRP Policy Resource Reservation 658 */ 660 grouping nrp-pol-resource-reservation { 661 description 662 "Grouping for NRP policy resource reservation."; 663 container resource-reservation { 664 description 665 "Container for NRP policy resource reservation."; 666 leaf preference { 667 type uint16; 668 description 669 "Control plane preference for the corresponding 670 Network Resource Partition (NRP). A higher 671 preference indicates a more favorable resource 672 reservation than a lower preference."; 673 } 674 choice max-bw-type { 675 description 676 "Choice of maximum bandwidth specification."; 677 case bw-value { 678 leaf maximum-bandwidth { 679 type uint64; 680 description 681 "The maximum bandwidth allocated to an NRP 682 - specified as absolute value."; 683 } 684 } 685 case bw-percentage { 686 leaf maximum-bandwidth-percent { 687 type rt-types:percentage; 688 description 689 "The maximum bandwidth allocated to an NRP 690 - specified as percentage of link 691 capacity."; 692 } 693 } 694 } 695 leaf-list shared-resource-groups { 696 type uint32; 697 description 698 "List of shared resource groups that an NRP 699 shares its allocated resources with."; 700 } 701 container protection { 702 description 703 "Container for NRP protection reservation."; 704 leaf backup-nrp-id { 705 type uint32; 706 description 707 "The ID that identifies the NRP used for 708 backup paths that protect primary paths 709 setup over a specific NRP."; 710 } 711 choice backup-bw-type { 712 description 713 "Choice of backup bandwidth specification."; 714 case backup-bw-value { 715 leaf backup-bandwidth { 716 type uint64; 717 description 718 "The maximum bandwidth on a network resource that 719 is allocated for backup traffic - specified as 720 absolute value."; 721 } 722 } 723 case backup-bw-percentage { 724 leaf backup-bandwidth-percent { 725 type rt-types:percentage; 726 description 727 "The maximum bandwidth on a network resource that 728 is allocated for backup traffic - specified as 729 percentage of the link capacity."; 730 } 731 } 732 } 733 } 734 } 735 } 737 /* 738 * Grouping - NRP policy - PHB (NRP-PHB) 739 */ 741 grouping nrp-pol-phb { 742 description 743 "Grouping for NRP-PHB."; 744 leaf phb { 745 type string; 746 description 747 "PHB profile identifier."; 748 } 749 } 751 /* 752 * Grouping - NRP Policy - Topology 753 */ 755 grouping nrp-pol-topology { 756 description 757 "Grouping for NRP topology."; 758 container topology { 759 description 760 "Container for NRP topology."; 761 container filters { 762 description 763 "Container for filters."; 764 list filter { 765 key "filter-ref"; 766 description 767 "List of filters."; 768 leaf filter-ref { 769 type nrp-policy-topo-filter-ref; 770 description 771 "Reference to a specific topology filter from the 772 list of global topology filters."; 773 } 774 uses nrp-pol-resource-reservation; 775 uses nrp-pol-flow-agg-selector; 776 uses nrp-pol-phb; 777 } 778 } 779 } 780 } 782 /* 783 * Grouping - Network Resource Partition Policies 784 */ 786 grouping nrp-pol { 787 description 788 "Grouping for NRP policies."; 789 container nrp-policies { 790 description 791 "Container for nrp policies."; 792 list nrp-policy { 793 key "name"; 794 unique "nrp-id"; 795 description 796 "List of NRP policies."; 797 leaf name { 798 type string; 799 description 800 "A string that uniquely identifies the NRP policy."; 801 } 802 leaf nrp-id { 803 type uint32; 804 description 805 "A 32-bit ID that uniquely identifies the NRP 806 created by the enforcement of this NRP policy."; 807 } 808 uses nrp-pol-resource-reservation; 809 uses nrp-pol-flow-agg-selector; 810 uses nrp-pol-phb; 811 uses nrp-pol-topology; 812 } 813 } 814 } 816 /* 817 * Augment - Network Resource Partition Policies. 818 */ 819 augment "/nw:networks" { 820 description 821 "Augment networks with network resource partition 822 policies."; 823 uses nrp-pol; 824 } 825 } 826 828 3. Acknowledgements 830 The authors would like to thank Krzysztof Szarkowicz for his input 831 from discussions. 833 4. Contributors 835 The following individuals contributed to this document: 837 Colby Barth 838 Juniper Networks 839 Email: cbarth@juniper.net 841 Srihari R. Sangli 842 Juniper Networks 843 Email: ssangli@juniper.net 845 Chandra Ramachandran 846 Juniper Networks 847 Email: csekar@juniper.net 849 5. IANA Considerations 851 This document registers the following URI in the IETF XML registry 852 [RFC3688]. Following the format in [RFC3688], the following 853 registration is requested to be made. 855 URI: urn:ietf:params:xml:ns:yang:ietf-nrp-policy 856 Registrant Contact: The TEAS WG of the IETF. 857 XML: N/A, the requested URI is an XML namespace. 859 This document registers a YANG module in the YANG Module Names 860 registry [RFC6020]. 862 name: ietf-nrp-policy 863 namespace: urn:ietf:params:xml:ns:yang:ietf-nrp-policy 864 prefix: sl-pol 865 reference: RFCXXXX 867 6. Security Considerations 869 The YANG module specified in this document defines a schema for data 870 that is designed to be accessed via network management protocols such 871 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 872 is the secure transport layer, and the mandatory-to-implement secure 873 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 874 is HTTPS, and the mandatory-to-implement secure transport is TLS 875 [RFC8446]. 877 The Network Configuration Access Control Model (NACM) [RFC8341] 878 provides the means to restrict access for particular NETCONF or 879 RESTCONF users to a preconfigured subset of all available NETCONF or 880 RESTCONF protocol operations and content. 882 The data nodes defined in this YANG module that are 883 writable/creatable/deletable (i.e., config true, which is the 884 default) may be considered sensitive or vulnerable in some network 885 environments. Write operations (e.g., edit-config) to these data 886 nodes without proper protection can have a negative effect on network 887 operations. These are the subtrees and data nodes and their 888 sensitivity/vulnerability: 890 * "/networks/nrp-policies": This subtree specifies the 891 configurations for NRP policies on a given network element. By 892 manipulating these data nodes, a malicious attacker may cause 893 unauthorized and improper behavior to be provided for the flow 894 aggregate traffic on the network element. 896 The readable data nodes in this YANG module may be considered 897 sensitive or vulnerable in some network environments. It is thus 898 important to control read access (e.g., via get, get-config, or 899 notification) to these data nodes. These are the subtrees and data 900 nodes and their sensitivity/vulnerability: 902 * "/networks/nrp-policies": Unauthorized access to this subtree can 903 disclose the NRP policy definitions on the network element. 905 7. References 907 7.1. Normative References 909 [I-D.bestbar-teas-ns-packet] 910 Saad, T., Beeram, V. P., Dong, J., Wen, B., Ceccarelli, 911 D., Halpern, J., Peng, S., Chen, R., Liu, X., Contreras, 912 L. M., Rokui, R., and L. Jalil, "Realizing Network Slices 913 in IP/MPLS Networks", draft-bestbar-teas-ns-packet-08 914 (work in progress), February 2022. 916 [I-D.bestbar-teas-yang-topology-filter] 917 Beeram, V. P., Saad, T., Gandhi, R., and X. Liu, "YANG 918 Data Model for Topology Filter", draft-bestbar-teas-yang- 919 topology-filter-02 (work in progress), October 2021. 921 [I-D.ietf-teas-ietf-network-slices] 922 Farrel, A., Drake, J., Rokui, R., Homma, S., Makhijani, 923 K., Contreras, L. M., and J. Tantsura, "Framework for IETF 924 Network Slices", draft-ietf-teas-ietf-network-slices-07 925 (work in progress), March 2022. 927 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 928 Requirement Levels", BCP 14, RFC 2119, 929 DOI 10.17487/RFC2119, March 1997, 930 . 932 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 933 DOI 10.17487/RFC3688, January 2004, 934 . 936 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 937 the Network Configuration Protocol (NETCONF)", RFC 6020, 938 DOI 10.17487/RFC6020, October 2010, 939 . 941 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 942 and A. Bierman, Ed., "Network Configuration Protocol 943 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 944 . 946 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 947 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 948 . 950 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 951 RFC 7950, DOI 10.17487/RFC7950, August 2016, 952 . 954 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 955 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 956 . 958 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 959 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 960 May 2017, . 962 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 963 Access Control Model", STD 91, RFC 8341, 964 DOI 10.17487/RFC8341, March 2018, 965 . 967 [RFC8345] Clemm, A., Medved, J., Varga, R., Bahadur, N., 968 Ananthakrishnan, H., and X. Liu, "A YANG Data Model for 969 Network Topologies", RFC 8345, DOI 10.17487/RFC8345, March 970 2018, . 972 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 973 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 974 . 976 7.2. Informative References 978 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 979 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 980 . 982 Appendix A. Complete Model Tree Structure 984 module: ietf-nrp-policy 985 augment /nw:networks: 986 +--rw nrp-policies 987 +--rw nrp-policy* [name] 988 +--rw name string 989 +--rw nrp-id? uint32 990 +--rw resource-reservation 991 | +--rw preference? uint16 992 | +--rw (max-bw-type)? 993 | | +--:(bw-value) 994 | | | +--rw maximum-bandwidth? uint64 995 | | +--:(bw-percentage) 996 | | +--rw maximum-bandwidth-percent? 997 | | rt-types:percentage 998 | +--rw shared-resource-groups* uint32 999 | +--rw protection 1000 | +--rw backup-nrp-id? uint32 1001 | +--rw (backup-bw-type)? 1002 | +--:(backup-bw-value) 1003 | | +--rw backup-bandwidth? uint64 1004 | +--:(backup-bw-percentage) 1005 | +--rw backup-bandwidth-percent? 1006 | rt-types:percentage 1007 +--rw flow-agg-selector 1008 | +--rw mpls 1009 | | +--rw (fas-type)? 1010 | | +--:(label) 1011 | | | +--rw (specification-type)? 1012 | | | +--:(derived) 1013 | | | | +--rw forwarding-label? empty 1014 | | | +--:(explicit) 1015 | | | +--rw label? 1016 | | | | rt-types:mpls-label 1017 | | | +--rw label-position? 1018 | | | | identityref 1019 | | | +--rw label-position-offset? uint8 1020 | | +--:(label-ranges) 1021 | | +--rw label-range* [index] 1022 | | +--rw index string 1023 | | +--rw start-label? 1024 | | | rt-types:mpls-label 1025 | | +--rw end-label? 1026 | | | rt-types:mpls-label 1027 | | +--rw label-position? identityref 1028 | | +--rw label-position-offset? uint8 1029 | +--rw ipv4 1030 | | +--rw destination-prefix* inet:ipv4-prefix 1031 | +--rw ipv6 1032 | | +--rw (fas-type)? 1033 | | +--:(ipv6-destination) 1034 | | | +--rw destination-prefix* inet:ipv6-prefix 1035 | | +--:(ipv6-hbh-eh) 1036 | | +--rw fas-hbh-eh* uint32 1037 | +--rw acl-ref* nrp-policy-acl-ref 1038 +--rw phb? string 1039 +--rw topology 1040 +--rw filters 1041 +--rw filter* [filter-ref] 1042 +--rw filter-ref 1043 | nrp-policy-topo-filter-ref 1044 +--rw resource-reservation 1045 | +--rw preference? uint16 1046 | +--rw (max-bw-type)? 1047 | | +--:(bw-value) 1048 | | | +--rw maximum-bandwidth? uint64 1049 | | +--:(bw-percentage) 1050 | | +--rw maximum-bandwidth-percent? 1051 | | rt-types:percentage 1052 | +--rw shared-resource-groups* uint32 1053 | +--rw protection 1054 | +--rw backup-nrp-id? 1055 | | uint32 1056 | +--rw (backup-bw-type)? 1057 | +--:(backup-bw-value) 1058 | | +--rw backup-bandwidth? 1059 | | uint64 1060 | +--:(backup-bw-percentage) 1061 | +--rw backup-bandwidth-percent? 1062 | rt-types:percentage 1063 +--rw flow-agg-selector 1064 | +--rw mpls 1065 | | +--rw (fas-type)? 1066 | | +--:(label) 1067 | | | +--rw (specification-type)? 1068 | | | +--:(derived) 1069 | | | | +--rw forwarding-label? 1070 | | | | empty 1071 | | | +--:(explicit) 1072 | | | +--rw label? 1073 | | | | rt-types:mpls-label 1074 | | | +--rw label-position? 1075 | | | | identityref 1076 | | | +--rw label-position-offset? 1077 | | | uint8 1078 | | +--:(label-ranges) 1079 | | +--rw label-range* [index] 1080 | | +--rw index 1081 | | | string 1082 | | +--rw start-label? 1083 | | | rt-types:mpls-label 1084 | | +--rw end-label? 1085 | | | rt-types:mpls-label 1086 | | +--rw label-position? 1087 | | | identityref 1088 | | +--rw label-position-offset? 1089 | | uint8 1090 | +--rw ipv4 1091 | | +--rw destination-prefix* inet:ipv4-prefix 1092 | +--rw ipv6 1093 | | +--rw (fas-type)? 1094 | | +--:(ipv6-destination) 1095 | | | +--rw destination-prefix* 1096 | | | inet:ipv6-prefix 1097 | | +--:(ipv6-hbh-eh) 1098 | | +--rw fas-hbh-eh* uint32 1099 | +--rw acl-ref* nrp-policy-acl-ref 1100 +--rw phb? string 1102 Authors' Addresses 1104 Tarek Saad 1105 Juniper Networks 1107 Email: tsaad@juniper.net 1109 Vishnu Pavan Beeram 1110 Juniper Networks 1112 Email: vbeeram@juniper.net 1114 Bin Wen 1115 Comcast 1117 Email: Bin_Wen@cable.comcast.com 1119 Daniele Ceccarelli 1120 Ericsson 1122 Email: daniele.ceccarelli@ericsson.com 1124 Shaofu Peng 1125 ZTE Corporation 1127 Email: peng.shaofu@zte.com.cn 1129 Ran Chen 1130 ZTE Corporation 1132 Email: chen.ran@zte.com.cn 1134 Luis M. Contreras 1135 Telefonica 1137 Email: luismiguel.contrerasmurillo@telefonica.com 1139 Xufeng Liu 1140 IBM Corporation 1142 Email: xufeng.liu.ietf@gmail.com