idnits 2.17.1 draft-bgbw-opsawg-vpn-common-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC8782, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 319 has weird spacing: '...et-type rt-...' == Line 328 has weird spacing: '...et-type rt-...' -- The document date (July 13, 2020) is 1383 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-19) exists of draft-ietf-opsawg-l2nm-00 == Outdated reference: A later version (-18) exists of draft-ietf-opsawg-l3sm-l3nm-03 Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 opsawg S. Barguil 3 Internet-Draft O. Gonzalez de Dios, Ed. 4 Updates: 8782 (if approved) Telefonica 5 Intended status: Standards Track M. Boucadair, Ed. 6 Expires: January 14, 2021 Orange 7 Q. Wu 8 Huawei 9 July 13, 2020 11 A Layer 2/3 VPN Common YANG Model 12 draft-bgbw-opsawg-vpn-common-00 14 Abstract 16 This document defines a common YANG module that is meant to be reused 17 by various VPN-related modules such as Layer 3 VPN Service Model, 18 Layer 2 VPN Service Model, Layer 3 VPN Network Model, and Layer 2 VPN 19 Network Model. 21 Editorial Note (To be removed by RFC Editor) 23 Please update these statements within the document with the RFC 24 number to be assigned to this document: 26 o "This version of this YANG module is part of RFC XXXX;" 28 o "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 30 o reference: RFC XXXX 32 Also, please update the "revision" date of the YANG module. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on January 14, 2021. 50 Copyright Notice 52 Copyright (c) 2020 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 69 3. Description of the VPN Common YANG Module . . . . . . . . . . 5 70 4. Layer 2/3 VPN Common Module . . . . . . . . . . . . . . . . . 8 71 5. Security Considerations . . . . . . . . . . . . . . . . . . . 31 72 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 73 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 32 74 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 75 8.1. Normative References . . . . . . . . . . . . . . . . . . 32 76 8.2. Informative References . . . . . . . . . . . . . . . . . 33 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34 79 1. Introduction 81 Various VPN-related YANG data modules were specified by the IETF 82 (e.g., Layer 3 VPN Service Model (L3SM) [RFC8299] or Layer 2 VPN 83 Service Model (L2SM) [RFC8466]). Others are also being specified 84 (e.g., Layer 3 VPN Network Model (L3NM) [I-D.ietf-opsawg-l3sm-l3nm] 85 or Layer 2 VPN Network Model (L2NM) [I-D.ietf-opsawg-l2nm]). These 86 modules have data nodes and structures that are present in almost all 87 these models or a subset of them. An example of such data nodes is 88 depicted in Figure 1. 90 module: ietf-l2vpn-ntw 91 +--rw vpn-services 92 +--rw vpn-service* [vpn-id] 93 +--rw vpn-id svc-id 94 +--rw vpn-svc-type? identityref 95 +--rw customer-name? string 96 +--rw svc-topo? identityref 97 +-rw service-status 98 | +-rw admin 99 | | +-rw status? operational-type 100 | | +-rw timestamp? yang:date-and-time 101 | +-ro ops 102 | +-ro status? operational-type 103 | +-ro timestamp? yang:date-and-time 104 | ... 106 module: ietf-l3vpn-ntw 107 +--rw vpn-services 108 +--rw vpn-service* [vpn-id] 109 +-rw service-status 110 | +-rw admin 111 | | +-rw status? operational-type 112 | | +-rw timestamp? yang:date-and-time 113 | +-ro ops 114 | +-ro status? operational-type 115 | +-ro timestamp? yang:date-and-time 116 +--rw vpn-id l3vpn-svc:svc-id 117 +--rw l3sm-vpn-id? l3vpn-svc:svc-id 118 +--rw customer-name? string 119 +--rw vpn-service-topology? identityref 120 +--rw description? string 121 | ... 123 Figure 1: Example of Common Data Nodes in Both L2NM/L3NM 125 In order to avoid data nodes duplication and to ease passing data 126 among layers (service layer to network layer and vice versa), early 127 versions of the L3NM reused many of the data nodes that are defined 128 in the L3SM [RFC8299]. Nevertheless, that approach was abandoned 129 because that design was interpreted as if the deployment of L3NM 130 depends on L3SM, while this is not required. For example, a Service 131 Provider may decide to use the L3NM to build its L3VPN services 132 without exposing the L3SM. 134 Likewise, early versions of the L2NM reused many of the data nodes 135 that are defined in both L2SM and L3NM. An example of L3NM groupings 136 reused in L3NM is shown in Figure 2. This data nodes reuse was 137 interpreted as if the deployment of L2NM requires both L3NM; which is 138 not required. 140 ietf-l2vpn-ntw { 141 ... 142 import ietf-l3vpn-ntw { 143 prefix l3vpn-ntw; 144 reference 145 "RFC NNNN: A Layer 3 VPN Network YANG Model"; 146 } 147 ... 148 container l2vpn-ntw { 149 ... 150 container vpn-services { 151 list vpn-service { 152 ... 153 uses l3vpn-ntw:service-status; 154 uses l3vpn-ntw:svc-transport-encapsulation; 155 ... 156 } 157 } 158 ... 159 } 160 } 162 Figure 2: Excerpt from the L2NM YANG Module 164 To avoid the issues discussed above, this document defines a common 165 YANG module that is meant to be reused by various VPN-related modules 166 such as Layer 3 VPN Service Model (L3SM) [RFC8299], Layer 2 VPN 167 Service Model (L2SM) [RFC8466], Layer 3 VPN Network Model (L3NM) 168 [I-D.ietf-opsawg-l3sm-l3nm], and Layer 2 VPN Network Model (L2NM) 169 [I-D.ietf-opsawg-l2nm]: "ietf-vpn-common" (Section 4). 171 The "ietf-vpn-common" module includes a set of identities, types, and 172 groupings that are meant to be reused by other VPN-related YANG 173 modules independently of their layer (e.g., Layer 2, Layer 3) and the 174 type of the module (e.g., network model, service model) including 175 future revisions of existing models (e.g., L3SM [RFC8299] or L3SM 176 [RFC8466]). 178 The approach that is followed for building the common module 179 (Section 4) is to first extract data nodes that are common for both 180 L3NM and L3SM; these data nodes are then filtered out against Layer 2 181 modules. All the common groupings are called, for example, in the 182 L3NM module defined in [I-D.ietf-opsawg-l3sm-l3nm]. 184 2. Terminology 186 The terminology for describing YANG modules is defined in [RFC7950]. 188 The meaning of the symbols in tree diagrams is defined in [RFC8340]. 190 3. Description of the VPN Common YANG Module 192 The ietf-vpn-common contains the following reusable groupings and 193 identities: 195 Groupings: 197 o vpn-description: 199 A YANG grouping that provides common administrative VPN 200 information such as name, a textual description and the 201 customer name. 203 o vpn-profile-cfg: 205 A YANG grouping that definest the of profiles (encryption, 206 routing, forwarding) valid for any L2/L3 VPN. 208 o status-timestamp: 210 A YANG grouping that defines operational and administrative 211 updates of a component. 213 o service-status: 215 A YANG grouping that defines the administrative and operational 216 status of a component. The grouping can be applied to the 217 whole service of e.g. and end point. 219 o svc-transport-encapsulation: 221 A YANG grouping that defines the type of underlay transport for 222 a VPN service. 224 o rt-rd: 226 A YANG grouping that defines the set of route-targets to match 227 for import and export routes to/from VRF. 229 o vpn-node-group: 231 A YANG grouping that is used to group vpn-network- access. 233 Identities 235 o bw-direction:Identity for the bandwidth direction. 237 o qos-profile-direction:Base identity for QoS profile direction. 239 o customer-application:Base identity for customer application. 241 o ie-type:Defines Import-Export routing profiles. 243 o site-network-access-type:Base identity for site-network-access 244 type. 246 o operational-status:Base identity for the operational status. 248 o administrative-status:Base identity for administrative status. 250 o encapsulation-type:Base identity for encapsulation type. 252 o tag-type:Base identity from which all tag types are derived. 254 o protocol-type:Base identity for Protocol Type. 256 o vpn-topology:Base identity for VPN topology. 258 o role:Base identity for site or node type. 260 o vpn-signaling-type:Identity of VPN signaling types 262 o service-type:Identity of service type. 264 o vxlan-peer-mode:Base identity for the VXLAN peer mode. 266 o multicast-gp-address-mapping:Identity for multicast group mapping 267 type. 269 o multicast-tree-type:Base identity for multicast tree type. 271 o multicast-rp-discovery-type:Base identity for RP discovery type. 273 The tree diagram of the "ietf-vpn-common" module that depicts the 274 common groupings is provided in Figure 3. The descriptions of these 275 groupings are provided in the description statements in Section 4. 277 module: ietf-vpn-common 279 grouping vpn-description 280 +-- vpn-id? vpn-common:vpn-id 281 +-- vpn-name? string 282 +-- vpn-description? string 283 +-- customer-name? string 284 grouping vpn-profile-cfg 285 +-- valid-provider-identifiers 286 +-- cloud-identifier* [id] {cloud-access}? 287 | +-- id? string 288 +-- encryption-profile-identifier* [id] 289 | +-- id? string 290 +-- qos-profile-identifier* [id] 291 | +-- id? string 292 +-- bfd-profile-identifier* [id] 293 | +-- id? string 294 +-- forwarding-profile-identifier* [id] 295 | +-- id? string 296 +-- routing-profile-identifier* [id] 297 +-- id? string 298 grouping status-timestamp 299 +-- status? identityref 300 +-- last-updated? yang:date-and-time 301 grouping service-status 302 +-- status 303 +-- admin-status 304 | +-- status? identityref 305 | +-- last-updated? yang:date-and-time 306 +--ro oper-status 307 +--ro status? identityref 308 +--ro last-updated? yang:date-and-time 309 grouping svc-transport-encapsulation 310 +-- underlay-transport 311 +-- type* identityref 312 grouping rt-rd 313 +-- rd? union 314 +-- vpn-targets 315 +-- vpn-target* [id] 316 | +-- id? int8 317 | +-- route-targets* [route-target] 318 | | +-- route-target? rt-types:route-target 319 | +-- route-target-type rt-types:route-target-type 320 +-- vpn-policies 321 +-- import-policy? string 322 +-- export-policy? string 323 grouping vpn-route-targets 324 +-- vpn-target* [id] 325 | +-- id? int8 326 | +-- route-targets* [route-target] 327 | | +-- route-target? rt-types:route-target 328 | +-- route-target-type rt-types:route-target-type 329 +-- vpn-policies 330 +-- import-policy? string 331 +-- export-policy? string 332 grouping vpn-node-group 333 +-- groups 334 +-- group* [group-id] 335 +-- group-id? string 337 Figure 3: VPN Common Tree 339 4. Layer 2/3 VPN Common Module 341 This module uses types defined in [RFC6991] and [RFC8294]. 343 Editor's Note: RFCs cited in the reference statements will be 344 added to the References Section in future versions. 346 file "ietf-vpn-common@2020-07-13.yang" 347 module ietf-vpn-common { 348 yang-version 1.1; 349 namespace "urn:ietf:params:xml:ns:yang:ietf-vpn-common"; 350 prefix vpn-common; 352 import ietf-netconf-acm { 353 prefix nacm; 354 reference 355 "RFC 8341: Network Configuration Access Control Model"; 356 } 357 import ietf-routing-types { 358 prefix rt-types; 359 reference 360 "RFC 8294: Common YANG Data Types for the Routing Area"; 361 } 362 import ietf-yang-types { 363 prefix yang; 364 reference 365 "Section 3 of RFC 6991"; 366 } 368 organization 369 "IETF OPSA (Operations and Management Area) Working Group"; 370 contact 371 "WG Web: 373 Editor: Samier Barguil 374 375 Editor: Oscar Gonzalez de Dios 376 378 Editor: Mohamed Boucadair 379 380 Author: Qin Wu 381 382 "; 383 description 384 "This YANG module defines a common module that is meant 385 to be reused by various VPN-related modules (e.g., 386 Layer 3 VPN Service Model (L3SM), Layer 2 VPN Service 387 Model (L2SM), Layer 3 VPN Network Model (L3NM), Layer 2 388 VPN Network Model (L2NM)). 390 Copyright (c) 2020 IETF Trust and the persons identified as 391 authors of the code. All rights reserved. 393 Redistribution and use in source and binary forms, with or 394 without modification, is permitted pursuant to, and subject to 395 the license terms contained in, the Simplified BSD License set 396 forth in Section 4.c of the IETF Trust's Legal Provisions 397 Relating to IETF Documents 398 (https://trustee.ietf.org/license-info). 400 This version of this YANG module is part of RFC XXXX 401 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 402 for full legal notices."; 404 revision 2020-07-13 { 405 description 406 "Initial revision."; 407 reference 408 "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 409 } 411 /* Features */ 413 feature cloud-access { 414 description 415 "Indicates support of the VPN to connect to a Cloud 416 Service Provider (CSP)."; 417 } 419 feature lag-interface { 420 description 421 "Indicates the support of Link aggregation between 422 Site Network Accesses. "; 423 } 425 feature site-diversity { 426 description 427 "Indicates the site diversity in the customer premises."; 428 } 430 feature dot1q { 431 description 432 "This feature indicates the support of 433 the 'dot1q' encapsulation."; 434 } 436 feature qinq { 437 description 438 "This feature indicates the support of 439 the 'qinq' encapsulation."; 440 } 442 feature vxlan { 443 description 444 "This feature indicates the support of 445 the 'vxlan' encapsulation."; 446 } 448 feature qinany { 449 description 450 "This feature indicates the support of 451 the 'qinany' encapsulation."; 452 } 454 feature multicast { 455 description 456 "Indicates multicast capabilities support in a VPN."; 457 } 459 feature ipv4 { 460 description 461 "Indicates IPv4 support in a VPN."; 462 } 464 feature ipv6 { 465 description 466 "Indicates IPv6 support in a VPN."; 467 } 469 feature carrierscarrier { 470 description 471 "Indicates support of Carrier-of-Carrier VPNs."; 472 } 473 feature extranet-vpn { 474 description 475 "Indicates support of extranet VPNs."; 476 } 478 feature fast-reroute { 479 description 480 "Indicates support of Fast Reroute (FRR)."; 481 } 483 feature qos { 484 description 485 "Indicates support of classes of services (CoSes)."; 486 } 488 feature encryption { 489 description 490 "Indicates support of encryption."; 491 } 493 feature bfd { 494 description 495 "Indicates support of BFD."; 496 } 498 feature bearer-reference { 499 description 500 "Indicates support of the 'bearer-reference' access 501 constraint."; 502 } 504 feature input-bw { 505 description 506 "This feature indicates the support of 507 the 'input-bw' limit."; 508 } 510 /* Typedef */ 512 typedef vpn-id { 513 type string; 514 description 515 "Defines an identifier that is used as 516 a service identifier, for example."; 517 } 519 typedef address-family { 520 type enumeration { 521 enum ipv4 { 522 description 523 "IPv4 address family."; 524 } 525 enum ipv6 { 526 description 527 "IPv6 address family."; 528 } 529 } 530 description 531 "Defines a type for the address family."; 532 } 534 /* Identities */ 536 identity bw-direction { 537 description 538 "Identity for the bandwidth direction."; 539 } 541 identity input-bw { 542 base bw-direction; 543 description 544 "Identity for the input bandwidth."; 545 } 547 identity output-bw { 548 base bw-direction; 549 description 550 "Identity for the output bandwidth."; 551 } 553 identity qos-profile-direction { 554 description 555 "Base identity for QoS profile direction."; 556 } 558 identity site-to-wan { 559 base qos-profile-direction; 560 description 561 "Identity for Site-to-WAN direction."; 562 } 564 identity wan-to-site { 565 base qos-profile-direction; 566 description 567 "Identity for WAN-to-Site direction."; 568 } 569 identity both { 570 base qos-profile-direction; 571 description 572 "Identity for both WAN-to-Site direction 573 and Site-to-WAN direction."; 574 } 576 identity customer-application { 577 description 578 "Base identity for customer application."; 579 } 581 identity web { 582 base customer-application; 583 description 584 "Identity for Web application (e.g., HTTP, HTTPS)."; 585 } 587 identity mail { 588 base customer-application; 589 description 590 "Identity for mail application."; 591 } 593 identity file-transfer { 594 base customer-application; 595 description 596 "Identity for file transfer application (e.g., FTP, SFTP)."; 597 } 599 identity database { 600 base customer-application; 601 description 602 "Identity for database application."; 603 } 605 identity social { 606 base customer-application; 607 description 608 "Identity for social-network application."; 609 } 611 identity games { 612 base customer-application; 613 description 614 "Identity for gaming application."; 615 } 616 identity p2p { 617 base customer-application; 618 description 619 "Identity for peer-to-peer application."; 620 } 622 identity network-management { 623 base customer-application; 624 description 625 "Identity for management application 626 (e.g., Telnet, syslog, SNMP)."; 627 } 629 identity voice { 630 base customer-application; 631 description 632 "Identity for voice application."; 633 } 635 identity video { 636 base customer-application; 637 description 638 "Identity for video conference application."; 639 } 641 identity embb { 642 base customer-application; 643 description 644 "Identity for an enhanced Mobile Broadband (eMBB) 645 application. Note that an eMBB application demands 646 network performance with a wide variety of 647 characteristics, such as data rate, latency, 648 loss rate, reliability, and many other parameters."; 649 } 651 identity urllc { 652 base customer-application; 653 description 654 "Identity for an Ultra-Reliable and Low Latency 655 Communications (URLLC) application. Note that a 656 URLLC application demands network performance 657 with a wide variety of characteristics, such as latency, 658 reliability, and many other parameters."; 659 } 661 identity mmtc { 662 base customer-application; 663 description 664 "Identity for a massive Machine Type 665 Communications (mMTC) application. Note that an 666 mMTC application demands network performance 667 with a wide variety of characteristics, such as data 668 rate, latency, loss rate, reliability, and many 669 other parameters."; 670 } 672 identity ie-type { 673 description 674 "Defines Import-Export routing profiles. 675 Those profiles can be reused between VPN nodes."; 676 } 678 identity import { 679 base ie-type; 680 description 681 "Import a routing profile."; 682 } 684 identity export { 685 base ie-type; 686 description 687 "Export a routing profile."; 688 } 690 identity import-export { 691 base ie-type; 692 description 693 "Import/Export a routing profile."; 694 } 696 identity site-network-access-type { 697 description 698 "Base identity for site-network-access type."; 699 } 701 identity point-to-point { 702 base site-network-access-type; 703 description 704 "Identity for point-to-point connection."; 705 } 707 identity multipoint { 708 base site-network-access-type; 709 description 710 "Identity for multipoint connection. 711 Example: Ethernet broadcast segment."; 713 } 715 identity pseudowire { 716 base site-network-access-type; 717 description 718 "Identity for pseudowire connections."; 719 } 721 identity loopback { 722 base site-network-access-type; 723 description 724 "Identity for loopback connections."; 725 } 727 identity operational-status { 728 description 729 "Base identity for the operational status."; 730 } 732 identity operational-state-up { 733 base operational-status; 734 description 735 "Operational status is UP/Enabled."; 736 } 738 identity operational-state-down { 739 base operational-status; 740 description 741 "Operational status is DOWN/Disabled."; 742 } 744 identity operational-state-unknown { 745 base operational-status; 746 description 747 "Operational status is UNKNOWN."; 748 } 750 identity administrative-status { 751 description 752 "Base identity for administrative status."; 753 } 755 identity administrative-state-up { 756 base administrative-status; 757 description 758 "Administrative status is UP/Enabled."; 759 } 760 identity administrative-state-down { 761 base administrative-status; 762 description 763 "Administrative status is DOWN/Disabled."; 764 } 766 identity administrative-state-testing { 767 base administrative-status; 768 description 769 "Administrative status is up for testing purposes."; 770 } 772 identity administrative-state-pre-deployment { 773 base administrative-status; 774 description 775 "Administrative status is pre-deployment phase."; 776 } 778 identity encapsulation-type { 779 description 780 "Base identity for encapsulation type."; 781 } 783 identity priority-tagged { 784 base encapsulation-type; 785 description 786 "Identity for the priority-tagged interface."; 787 } 789 identity dot1q { 790 base encapsulation-type; 791 description 792 "This identity indicates the support of 793 the 'dot1q' encapsulation."; 794 } 796 identity qinq { 797 base encapsulation-type; 798 description 799 "This identity indicates the support of 800 the 'qinq' encapsulation."; 801 } 803 identity qinany { 804 base encapsulation-type; 805 description 806 "This identity indicates the support of 807 the 'qinany' encapsulation."; 809 } 811 identity vxlan { 812 base encapsulation-type; 813 description 814 "This identity indicates the support of 815 the 'vxlan' encapsulation."; 816 } 818 identity ethernet-type { 819 base encapsulation-type; 820 description 821 "Identity for encapsulation type."; 822 } 824 identity vlan-type { 825 base encapsulation-type; 826 description 827 "Identity for VLAN encapsulation."; 828 } 830 identity untagged-int { 831 base encapsulation-type; 832 description 833 "Identity for Ethernet type."; 834 } 836 identity tagged-int { 837 base encapsulation-type; 838 description 839 "Identity for the VLAN type."; 840 } 842 identity lag-int { 843 base encapsulation-type; 844 description 845 "Identity for the VLAN type."; 846 } 848 identity tag-type { 849 description 850 "Base identity from which all tag types are derived."; 851 } 853 identity c-vlan { 854 base tag-type; 855 description 856 "A CVLAN tag, normally using the 0x8100 Ethertype."; 858 } 860 identity s-vlan { 861 base tag-type; 862 description 863 "An SVLAN tag."; 864 } 866 identity c-s-vlan { 867 base tag-type; 868 description 869 "Using both a CVLAN tag and an SVLAN tag."; 870 } 872 identity protocol-type { 873 description 874 "Base identity for Protocol Type."; 875 } 877 identity gre { 878 base protocol-type; 879 description 880 "GRE encapsulation."; 881 reference 882 "RFC 1701: Generic Routing Encapsulation (GRE) 883 RFC 1702: Generic Routing Encapsulation over IPv4 networks 884 RFC 7676: IPv6 Support for Generic Routing Encapsulation 885 (GRE)"; 886 } 888 identity ldp { 889 base protocol-type; 890 description 891 "Transport based on LDP."; 892 reference 893 "RFC 3086: LDP Specification"; 894 } 896 identity sr { 897 base protocol-type; 898 description 899 "Transport based on SR."; 900 reference 901 "RFC 8660: Segment Routing with the MPLS Data Plane 902 RFC 8663: MPLS Segment Routing over IP 903 RFC 8754: IPv6 Segment Routing Header (SRH)"; 904 } 905 identity sr-te { 906 base protocol-type; 907 description 908 "Transport based on SR-TE."; 909 reference 910 "RFC 8426: Recommendations for RSVP-TE and Segment Routing (SR) 911 Label Switched Path (LSP) Coexistence"; 912 } 914 identity rsvp-te { 915 base protocol-type; 916 description 917 "Transport based on RSVP-TE."; 918 reference 919 "RFC 2205: Resource ReSerVation Protocol (RSVP) -- 920 Version 1 Functional Specification"; 921 } 923 identity bgp-lu { 924 base protocol-type; 925 description 926 "Transport based on BGP-LU."; 927 } 929 identity unknown { 930 base protocol-type; 931 description 932 "Not known at this stage."; 933 } 935 identity vpn-topology { 936 description 937 "Base identity for VPN topology."; 938 } 940 identity any-to-any { 941 base vpn-topology; 942 description 943 "Identity for any-to-any VPN topology."; 944 } 946 identity hub-spoke { 947 base vpn-topology; 948 description 949 "Identity for Hub-and-Spoke VPN topology."; 950 } 952 identity hub-spoke-disjoint { 953 base vpn-topology; 954 description 955 "Identity for Hub-and-Spoke VPN topology 956 where Hubs cannot communicate with each other."; 957 } 959 identity custom { 960 base vpn-topology; 961 description 962 "Identity for CUSTOM VPN topology 963 where Hubs can act as Spoke for certain part of 964 the network or Spokes as Hubs."; 965 } 967 identity role { 968 description 969 "Base identity for site or node type."; 970 } 972 identity any-to-any-role { 973 base role; 974 description 975 "VPN-Node in an any-to-any IP VPN."; 976 } 978 identity spoke-role { 979 base role; 980 description 981 "VPN-Node acting as a Spoke IP VPN."; 982 } 984 identity hub-role { 985 base role; 986 description 987 "VPN-Node acting as a Hub IP VPN."; 988 } 990 identity custom-role { 991 base role; 992 description 993 "VPN-Node with custom or complex role in the VPN."; 994 } 996 identity vpn-signaling-type { 997 description 998 "Identity of VPN signaling types"; 999 } 1000 identity l2vpn-bgp { 1001 base vpn-signaling-type; 1002 description 1003 "Identity of l2vpn-bgp"; 1004 } 1006 identity evpn-bgp { 1007 base vpn-signaling-type; 1008 description 1009 "Identity of evpn-bgp"; 1010 } 1012 identity t-ldp { 1013 base vpn-signaling-type; 1014 description 1015 "Identity of t-ldp."; 1016 } 1018 identity h-vpls { 1019 base vpn-signaling-type; 1020 description 1021 "Identity for h-vpls"; 1022 } 1024 identity l2tp { 1025 base vpn-signaling-type; 1026 description 1027 "Identity of l2tp."; 1028 } 1030 identity service-type { 1031 description 1032 "Identity of service type."; 1033 } 1035 identity l3vpn { 1036 base service-type; 1037 description 1038 "Identity of L3VPN service."; 1039 } 1041 identity vpws { 1042 base service-type; 1043 description 1044 "Point-to-point Virtual Private Wire Service (VPWS) 1045 service type."; 1046 } 1047 identity pwe3 { 1048 base service-type; 1049 description 1050 "Pseudowire Emulation Edge to Edge (PWE3) service type."; 1051 } 1053 identity ldp-l2tp-vpls { 1054 base service-type; 1055 description 1056 "LDP-based or L2TP-based multipoint Virtual Private LAN 1057 Service (VPLS) service type. This VPLS uses LDP-signaled 1058 Pseudowires or L2TP-signaled Pseudowires."; 1059 } 1061 identity bgp-vpls { 1062 base service-type; 1063 description 1064 "BGP-based multipoint VPLS service type. This VPLS uses a 1065 BGP control plane."; 1066 reference 1067 "RFC4761: Virtual Private LAN Service (VPLS) Using 1068 BGP for Auto-Discovery and Signaling 1069 RFC 6624: Layer 2 Virtual Private Networks Using BGP for 1070 Auto-Discovery and Signaling"; 1071 } 1073 identity vpws-evpn { 1074 base service-type; 1075 description 1076 "VPWS service type using Ethernet VPNs (EVPNs)."; 1077 reference 1078 "RFC 7432: BGP MPLS-Based Ethernet VPN"; 1079 } 1081 identity pbb-evpn { 1082 base service-type; 1083 description 1084 "PBB EVPN."; 1085 } 1087 identity vxlan-peer-mode { 1088 description 1089 "Base identity for the VXLAN peer mode."; 1090 } 1092 identity static-mode { 1093 base vxlan-peer-mode; 1094 description 1095 "Identity for VXLAN access in the static mode."; 1096 } 1098 identity bgp-mode { 1099 base vxlan-peer-mode; 1100 description 1101 "Identity for VXLAN access by BGP EVPN learning."; 1102 } 1104 identity multicast-gp-address-mapping { 1105 description 1106 "Identity for multicast group mapping type."; 1107 } 1109 identity static-mapping { 1110 base multicast-gp-address-mapping; 1111 description 1112 "Identity for static mapping, i.e., attach the interface 1113 to the multicast group as a static member."; 1114 } 1116 identity dynamic-mapping { 1117 base multicast-gp-address-mapping; 1118 description 1119 "Identity for dynamic mapping, i.e., an interface was added 1120 to the multicast group as a result of snooping."; 1121 } 1123 identity multicast-tree-type { 1124 description 1125 "Base identity for multicast tree type."; 1126 } 1128 identity ssm-tree-type { 1129 base multicast-tree-type; 1130 description 1131 "Identity for SSM tree type."; 1132 } 1134 identity asm-tree-type { 1135 base multicast-tree-type; 1136 description 1137 "Identity for ASM tree type."; 1138 } 1140 identity bidir-tree-type { 1141 base multicast-tree-type; 1142 description 1143 "Identity for bidirectional tree type."; 1144 } 1146 identity multicast-rp-discovery-type { 1147 description 1148 "Base identity for RP discovery type."; 1149 } 1151 identity auto-rp { 1152 base multicast-rp-discovery-type; 1153 description 1154 "Base identity for Auto-RP discovery type."; 1155 } 1157 identity static-rp { 1158 base multicast-rp-discovery-type; 1159 description 1160 "Base identity for static type."; 1161 } 1163 identity bsr-rp { 1164 base multicast-rp-discovery-type; 1165 description 1166 "Base identity for BSR discovery type."; 1167 } 1169 /* Grouping */ 1171 grouping vpn-description { 1172 leaf vpn-id { 1173 type vpn-common:vpn-id; 1174 description 1175 "VPN identifier. 1176 This identifier has a local meaning."; 1177 } 1178 leaf vpn-name { 1179 type string; 1180 description 1181 "A name used to refer to the VPN."; 1182 } 1183 leaf vpn-description { 1184 type string; 1185 description 1186 "Textual description of a VPN service."; 1187 } 1188 leaf customer-name { 1189 type string; 1190 description 1191 "Name of the customer that actually uses the VPN service."; 1192 } 1193 description 1194 "Provides common VPN information."; 1195 } 1197 grouping vpn-profile-cfg { 1198 container valid-provider-identifiers { 1199 list cloud-identifier { 1200 if-feature "cloud-access"; 1201 key "id"; 1202 leaf id { 1203 type string; 1204 description 1205 "Identification of cloud service. 1206 Local administration meaning."; 1207 } 1208 description 1209 "List for Cloud Identifiers."; 1210 } 1211 list encryption-profile-identifier { 1212 key "id"; 1213 leaf id { 1214 type string; 1215 description 1216 "Identification of the SP encryption profile 1217 to be used. Local administration meaning."; 1218 } 1219 description 1220 "List for encryption profile identifiers."; 1221 } 1222 list qos-profile-identifier { 1223 key "id"; 1224 leaf id { 1225 type string; 1226 description 1227 "Identification of the QoS Profile to be used. 1228 Local administration meaning."; 1229 } 1230 description 1231 "List for QoS Profile Identifiers."; 1232 } 1233 list bfd-profile-identifier { 1234 key "id"; 1235 leaf id { 1236 type string; 1237 description 1238 "Identification of the SP BFD Profile to be used. 1240 Local administration meaning."; 1241 } 1242 description 1243 "List for BFD Profile identifiers."; 1244 } 1245 list forwarding-profile-identifier { 1246 key "id"; 1247 leaf id { 1248 type string; 1249 description 1250 "Identification of the Forwrding Profile Filter to be used. 1251 Local administration meaning."; 1252 } 1253 description 1254 "List for Forwrding Profile identifiers."; 1255 } 1256 list routing-profile-identifier { 1257 key "id"; 1258 leaf id { 1259 type string; 1260 description 1261 "Identification of the routing Profile to be used 1262 by the routing-protocols within sites, vpn- 1263 network-accesses or vpn-nodes for refering 1264 vrf-import/export policies. 1265 This identifier has a local meaning."; 1266 } 1267 description 1268 "List for Routing Profile Identifiers."; 1269 } 1270 nacm:default-deny-write; 1271 description 1272 "Container for Valid Provider Identifies."; 1273 } 1274 description 1275 "Grouping for VPN Profile configuration."; 1276 } 1278 grouping status-timestamp { 1279 leaf status { 1280 type identityref { 1281 base operational-status; 1282 } 1283 description 1284 "Operations status"; 1285 } 1286 leaf last-updated { 1287 type yang:date-and-time; 1288 description 1289 "Indicates the actual date and time of the service 1290 status change."; 1291 } 1292 description 1293 "This grouping defines some operational 1294 parameters for the service."; 1295 } 1297 grouping service-status { 1298 container status { 1299 container admin-status { 1300 leaf status { 1301 type identityref { 1302 base administrative-status; 1303 } 1304 description 1305 "Administrative service status."; 1306 } 1307 leaf last-updated { 1308 type yang:date-and-time; 1309 description 1310 "Indicates the actual date and time of the service 1311 status change."; 1312 } 1313 description 1314 "Administrative service status."; 1315 } 1316 container oper-status { 1317 config false; 1318 uses status-timestamp; 1319 description 1320 "Operational service status."; 1321 } 1322 description 1323 "Service status."; 1324 } 1325 description 1326 "Service status grouping."; 1327 } 1329 grouping svc-transport-encapsulation { 1330 container underlay-transport { 1331 leaf-list type { 1332 type identityref { 1333 base protocol-type; 1334 } 1335 ordered-by user; 1336 description 1337 "Protocols used to deliver a VPN service."; 1338 } 1339 description 1340 "Container for the Transport underlay."; 1341 } 1342 description 1343 "This grouping defines the type of underlay transport 1344 for VPN service."; 1345 } 1347 grouping rt-rd { 1348 leaf rd { 1349 type union { 1350 type rt-types:route-distinguisher; 1351 type empty; 1352 } 1353 description 1354 "Route distinguisher value. If this leaf has not been 1355 configured, the server will auto-assign a route 1356 distinguisher value and use that value operationally. 1357 This calculated value is available in the operational 1358 state. 1360 Use the empty type to indicate RD has no value and 1361 is not to be aouto-assigned."; 1362 } 1363 container vpn-targets { 1364 description 1365 "Set of route-targets to match for import and export routes 1366 to/from VRF"; 1367 uses vpn-route-targets; 1368 } 1369 description 1370 "Grouping for RT and RD."; 1371 } 1373 grouping vpn-route-targets { 1374 description 1375 "A grouping that specifies Route Target import-export rules 1376 used in a BGP-enabled VPN."; 1377 list vpn-target { 1378 key "id"; 1379 leaf id { 1380 type int8; 1381 description 1382 "Identifies each VPN Target"; 1383 } 1384 list route-targets { 1385 key "route-target"; 1386 leaf route-target { 1387 type rt-types:route-target; 1388 description 1389 "Route Target value"; 1390 } 1391 description 1392 "List of Route Targets."; 1393 } 1394 leaf route-target-type { 1395 type rt-types:route-target-type; 1396 mandatory true; 1397 description 1398 "Import/export type of the Route Target."; 1399 } 1400 description 1401 "L3VPN route targets. AND/OR Operations are available 1402 based on the RTs assigment."; 1403 } 1404 reference 1405 "RFC4364: BGP/MPLS IP Virtual Private Networks (VPNs) 1406 RFC4664: Framework for Layer 2 Virtual Private Networks 1407 (L2VPNs)"; 1408 container vpn-policies { 1409 description 1410 "VPN policies"; 1411 leaf import-policy { 1412 type string; 1413 description 1414 "Defines the import policy."; 1415 } 1416 leaf export-policy { 1417 type string; 1418 description 1419 "Defines the export policy."; 1420 } 1421 } 1422 } 1424 grouping vpn-node-group { 1425 container groups { 1426 list group { 1427 key "group-id"; 1428 leaf group-id { 1429 type string; 1430 description 1431 "Group-id the vpn-node belongs to."; 1433 } 1434 description 1435 "List of group-ids."; 1436 } 1437 description 1438 "Groups the vpn node and network access belongs to."; 1439 } 1440 description 1441 "Grouping definition to assign 1442 group-ids to group or network access."; 1443 } 1444 } 1445 1447 5. Security Considerations 1449 The YANG modules specified in this document define schemas for data 1450 that is designed to be accessed via network management protocols such 1451 as NETCONF [RFC6241] or RESTCONF [RFC8040] . The lowest NETCONF 1452 layer is the secure transport layer, and the mandatory-to-implement 1453 secure transport is Secure Shell (SSH) [RFC6242]. The lowest 1454 RESTCONF layer is HTTPS, and the mandatory-to-implement secure 1455 transport is TLS [RFC8446]. 1457 The Network Configuration Access Control Model (NACM) [RFC8341] 1458 provides the means to restrict access for particular NETCONF or 1459 RESTCONF users to a preconfigured subset of all available NETCONF or 1460 RESTCONF protocol operations and content. 1462 The "ietf-vpn-common" module defines a set of identities, types, and 1463 groupings. These nodes are intended to be reused by other YANG 1464 modules. As such, the module does not expose by itself any data 1465 nodes which are writable, contain read-only state, or RPCs. As such, 1466 there are no additional security issues to be considered relating to 1467 the "ietf-vpn-common" module. 1469 6. IANA Considerations 1471 This document requests IANA to register the following URI in the "ns" 1472 subregistry within the "IETF XML Registry" [RFC3688]: 1474 URI: urn:ietf:params:xml:ns:yang:ietf-vpn-common 1475 Registrant Contact: The IESG. 1476 XML: N/A; the requested URI is an XML namespace. 1478 This document requests IANA to register the following YANG module in 1479 the "YANG Module Names" subregistry [RFC6020] within the "YANG 1480 Parameters" registry. 1482 name: ietf-vpn-common 1483 namespace: urn:ietf:params:xml:ns:yang:ietf-vpn-common 1484 maintained by IANA: N 1485 prefix: vpn-common 1486 reference: RFC XXXX 1488 7. Contributors 1490 Italo Busi 1491 Huawei Technologies 1492 Email: Italo.Busi@huawei.com 1494 Luis Angel Munoz 1495 Vodafone 1496 Email: luis-angel.munoz@vodafone.com 1498 Victor Lopez Alvarez 1499 Telefonica 1500 Email: victor.lopezalvarez@telefonica.com 1502 8. References 1504 8.1. Normative References 1506 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1507 DOI 10.17487/RFC3688, January 2004, 1508 . 1510 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1511 the Network Configuration Protocol (NETCONF)", RFC 6020, 1512 DOI 10.17487/RFC6020, October 2010, 1513 . 1515 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1516 and A. Bierman, Ed., "Network Configuration Protocol 1517 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1518 . 1520 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1521 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1522 . 1524 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1525 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1526 . 1528 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1529 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1530 . 1532 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1533 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1534 . 1536 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 1537 "Common YANG Data Types for the Routing Area", RFC 8294, 1538 DOI 10.17487/RFC8294, December 2017, 1539 . 1541 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1542 Access Control Model", STD 91, RFC 8341, 1543 DOI 10.17487/RFC8341, March 2018, 1544 . 1546 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1547 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1548 . 1550 8.2. Informative References 1552 [I-D.ietf-opsawg-l2nm] 1553 Barguil, S., Dios, O., Boucadair, M., Munoz, L., Jalil, 1554 L., and J. Ma, "A Layer 2 VPN Network YANG Model", draft- 1555 ietf-opsawg-l2nm-00 (work in progress), July 2020. 1557 [I-D.ietf-opsawg-l3sm-l3nm] 1558 Barguil, S., Dios, O., Boucadair, M., Munoz, L., and A. 1559 Aguado, "A Layer 3 VPN Network YANG Model", draft-ietf- 1560 opsawg-l3sm-l3nm-03 (work in progress), April 2020. 1562 [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, 1563 "YANG Data Model for L3VPN Service Delivery", RFC 8299, 1564 DOI 10.17487/RFC8299, January 2018, 1565 . 1567 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1568 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1569 . 1571 [RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG 1572 Data Model for Layer 2 Virtual Private Network (L2VPN) 1573 Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October 1574 2018, . 1576 Authors' Addresses 1578 Samier Barguil 1579 Telefonica 1580 Madrid 1581 ES 1583 Email: samier.barguilgiraldo.ext@telefonica.com 1585 Oscar Gonzalez de Dios (editor) 1586 Telefonica 1587 Madrid 1588 ES 1590 Email: oscar.gonzalezdedios@telefonica.com 1592 Mohamed Boucadair (editor) 1593 Orange 1594 France 1596 Email: "mohamed.boucadair@orange.com 1598 Qin Wu 1599 Huawei 1600 101 Software Avenue, Yuhua District 1601 Nanjing, Jiangsu 210012 1602 China 1604 Email: bill.wu@huawei.com