idnits 2.17.1 draft-chen-nvo3-vxlan-yang-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 10 instances of too long lines in the document, the longest one being 24 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 144 has weird spacing: '...vlan-id vla...' == Line 155 has weird spacing: '...ce-name if:...' == Line 164 has weird spacing: '...xlan-id vxl...' == Line 173 has weird spacing: '...xlan-id vxl...' == Line 177 has weird spacing: '...y-group uin...' == (4 more instances...) == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (August 28, 2018) is 2069 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC6991' is defined on line 899, but no explicit reference was found in the text == Unused Reference: 'RFC7223' is defined on line 903, but no explicit reference was found in the text ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) ** Downref: Normative reference to an Informational RFC: RFC 7348 Summary: 5 errors (**), 0 flaws (~~), 10 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NVO3 WG Fangwei Hu 3 Internet-Draft Ran Chen 4 Intended status: Standards Track ZTE Corporation 5 Expires: March 1, 2019 Mallik Mahalingam 6 Springpath 7 Qiang Zu 8 Ericsson 9 S. Davari 10 yahoo 11 Xufeng Liu 12 Volta Networks 13 August 28, 2018 15 YANG Data Model for VxLAN Protocol 16 draft-chen-nvo3-vxlan-yang-07.txt 18 Abstract 20 This document defines a YANG data model for VxLAN protocol. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on March 1, 2019. 39 Copyright Notice 41 Copyright (c) 2018 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 58 3. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 59 4. YANG Data Model for VxLAN Configuration . . . . . . . . . . . 2 60 4.1. VxLAN Multicast IP Address . . . . . . . . . . . . . . . 2 61 4.2. VxLAN Access Type . . . . . . . . . . . . . . . . . . . . 3 62 4.3. Inner VLAN Tag Handling Mode . . . . . . . . . . . . . . 3 63 5. Design Tree of VxLAN YANG Data Model . . . . . . . . . . . . 3 64 6. VxLAN YANG Model . . . . . . . . . . . . . . . . . . . . . . 5 65 7. Security Considerations . . . . . . . . . . . . . . . . . . . 17 66 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 67 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 68 10. Normative References . . . . . . . . . . . . . . . . . . . . 19 69 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 71 1. Introduction 73 YANG[RFC6020]is a data definition language that was introduced to 74 define the contents of a conceptual data store that allows networked 75 devices to be managed using NETCONF [RFC6241]. This document defines 76 a YANG data model for the configuration of VxLAN protocol [RFC7348]. 78 2. Terminology 80 3. Requirements Language 82 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 83 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 84 "OPTIONAL" in this document are to be interpreted as described in BCP 85 14 [RFC2119] [RFC8174] when, and only when, they appear in all 86 capitals, as shown here. 88 4. YANG Data Model for VxLAN Configuration 90 4.1. VxLAN Multicast IP Address 92 The vxlan-multicast-ip is used to configure the IP multicast group, 93 which the VxLAN VNI of the VTEP is mapping to. Both the IPv4 and 94 IPv6 address family are supported in this document. 96 4.2. VxLAN Access Type 98 There are several access types supported for VxLAN: 100 o vlan-1:1: the vxlan access type is VLAN, and each VxLAN is only 101 mapping to one VLAN. 103 o vlan- n:1: the vxlan access type is VLAN, and each VxLAN is mapped 104 to several VLANs. 106 o L3-interface: the VxLAN access type is layer 3 interface. 108 o mac: the VxLAN access type is MAC address. 110 o vlan-l2-interface: the VxLAN access type is VLAN plus Layer 2 111 interface. 113 4.3. Inner VLAN Tag Handling Mode 115 There are two handling modes for the inner VLAN tag: discard-inner- 116 vlan mode and no-discard-inner-vlan mode. If the VTEP interface 117 works in the discard-inner-vlan mode, the VxLAN is only mapped to one 118 VLAN. The inner VLAN tag will be stripped when encapsulating the 119 VxLAN frame. On the decapsulation side, if VTEP receives the VxLAN 120 frame with inner VLAN tag, it will discard the frame in this work 121 mode. If the VTEP receives the VxLAN frame without VLAN tag, it will 122 fill in the VLAN tag based on the VxLAN and VLAN mapping entry. 124 If the VTEP interface works in the no-discard-inner-vlan mode, the 125 VxLAN could be mapped to several VLANs. The inner VLAN tag will not 126 stripped when encapsulating the VxLAN frame in the VxLAN 127 encapsulation side. On the decapsulation side, if VTEP receives the 128 VxLAN frame, it will strip the VxLAN header, and keep the VLAN frame. 130 5. Design Tree of VxLAN YANG Data Model 132 module: ietf-vxlan 133 +--rw vxlan 134 | +--rw global-enable? empty 135 | +--rw vxlan-instance* [vxlan-id] 136 | +--rw vxlan-id vxlan-id 137 | +--rw description? string 138 | +--rw unknow-unicast-drop? enumeration 139 | +--rw filter-vrrp? enumeration 140 | +--rw (vxlan-access-types)? {vxlan-access-types}? 141 | | +--:(access-type-vlan) 142 | | | +--rw access-type-vlan? access-type-vlan 143 | | | +--rw access-vlan-list* [vlan-id] 144 | | | +--rw vlan-id vlan 145 | | +--:(access-type-mac) 146 | | | +--rw access-type-mac? empty 147 | | | +--rw mac yang:mac-address 148 | | +--:(access-type-l2interface) 149 | | | +--rw access-type-l2interface? empty 150 | | | +--rw vlan-id vlan 151 | | | +--rw interface-name if:interface-ref 152 | | +--:(access-type-l3interface) 153 | | +--rw access-type-l3interface? empty 154 | | +--rw map-l3interface* [interface-name] 155 | | +--rw interface-name if:interface-ref 156 | +--rw vtep-instances* [vtep-id] 157 | | +--rw vtep-id uint32 158 | | +--rw vtep-name? string 159 | | +--rw source-interface? if:interface-ref 160 | | +--rw multicast-ip inet:ip-address 161 | | +--rw mtu? uint32 {mtu}? 162 | | +--rw inner-vlan-handling-mode? inner-vlan-handling-mode 163 | | +--rw bind-vxlan-id* [vxlan-id] 164 | | +--rw vxlan-id vxlan-id 165 | +--rw static-vxlan-tunnel* [vxlan-tunnel-id] 166 | | +--rw vxlan-tunnel-id uint32 167 | | +--rw vxlan-tunnel-name? string 168 | | +--rw address-family* [af] 169 | | +--rw af address-family-type 170 | | +--rw tunnel-source-ip? inet:ip-address 171 | | +--rw tunnel-destination-ip? inet:ip-address 172 | | +--rw bind-vxlan-id* [vxlan-id] 173 | | +--rw vxlan-id vxlan-id 174 | +--rw redundancy-group-binds 175 | +--rw redundancy-group-bind* [vxlan-id redundancy-group] 176 | +--rw vxlan-id uint32 177 | +--rw redundancy-group uint32 178 +--ro vxlan-state 179 +--ro vxlan 180 +--ro vxlan-tunnels 181 +--ro vxlan-tunnel* [local-ip remote-ip] 182 +--ro local-ip inet:ip-address 183 +--ro remote-ip inet:ip-address 184 +--ro static-tunnel-id? uint32 185 +--ro evpn-tunnel-id? uint32 186 +--ro statistics 187 +--ro tunnel-statistics 188 | +--ro in-bytes? string 189 | +--ro out-bytes? string 190 | +--ro in-packets? string 191 | +--ro out-packets? string 192 +--ro tunnel-vni-statistics 193 +--ro tunnel-vni-statistic* [vxlan-id] 194 +--ro vxlan-id uint32 195 +--ro in-bytes? string 196 +--ro out-bytes? string 197 +--ro in-packets? string 198 +--ro out-packets? string 200 augment /evpn:evpn/evpn:evpn-instances/evpn:evpn-instance/evpn:bgp-parameters/evpn:common: 201 +--rw bgp-parameters 202 +--rw common 203 +--rw rd-rt* [route-distinguisher] 204 +--rw route-distinguisher string 205 +--rw vpn-target* [rt-value] 206 +--rw rt-value string 207 +--rw rt-type bgp-rt-type 209 6. VxLAN YANG Model 211 file "ietf-vxlan@2018-08-29.yang" 212 module ietf-vxlan { 213 namespace "urn:ietf:params:xml:ns:yang:ietf-vxlan"; 214 prefix "vxlan"; 216 import ietf-evpn { 217 prefix "evpn"; 218 } 220 import ietf-interfaces { 221 prefix "if"; 222 } 224 import ietf-inet-types { 225 prefix "inet"; 226 } 228 import ietf-yang-types { 229 prefix yang; 230 } 232 organization 233 "IETF NVO3(Network Virtualization Overlays) Working Group"; 235 contact 236 " 237 WG List: 239 WG Chair: Matthew Bocci 240 242 WG Chair: Benson Schliesser 243 245 Editor: Fangwei Hu 246 248 Editor: Ran Chen 249 251 Editor: Mallik Mahalingam 252 254 Editor: Zu Qiang 255 256 "; 258 description 259 "The YANG module defines a generic configuration 260 model for VxLAN protocol"; 262 revision 2018-08-29 { 263 description "Fixs some type error."; 264 reference 265 "draft-chen-nvo3-vxlan-yang-07"; 266 } 268 revision 2018-01-03 { 269 description "Changes the yang data model according to the NMDA style."; 270 reference 271 "draft-chen-nvo3-vxlan-yang-06"; 272 } 274 revision 2017-06-29 { 275 description "no changes."; 276 reference 277 "draft-chen-nvo3-vxlan-yang-05"; 278 } 280 revision 2016-12-08 { 281 description "updated the vxlan yang model based on the comments from IETF 97th meeting," 282 +"augmenting EVPN data model, adding access type configuration and MTU configuration."; 283 reference 284 "draft-chen-nvo3-vxlan-yang-04"; 286 } 288 revision 2016-06-02 { 289 description 290 "03 revision. Update the YANG data model based on thec comments of IETF 95th meeting."; 291 reference 292 "draft-chen-nvo3-vxlan-yang-03"; 293 } 295 revision 2015-12-01 { 296 description 297 "02 revision."; 298 reference 299 "draft-chen-nvo3-vxlan-yang-02"; 300 } 302 revision 2015-10-12 { 303 description 304 "01 revision."; 305 reference 306 "draft-chen-nvo3-vxlan-yang-01"; 307 } 309 revision 2015-05-05 { 310 description "Initial revision"; 311 reference 312 "draft-chen-nvo3-vxlan-yang-00"; 313 } 315 /* Feature */ 317 feature vxlan-access-types { 318 description 319 "Support configuration vxlan access types."; 320 } 322 feature mtu { 323 description 324 "Support configuration vxlan MTU value."; 325 } 327 feature evpn-bgp-params { 328 description "Support EVPN BGP parameter."; 329 } 331 /* Typedefs */ 333 typedef vlan { 334 type uint16 { 335 range 1..4094; 336 } 337 description 338 "Typedef for VLAN"; 339 } 341 typedef vxlan-id { 342 type uint32; 343 description 344 "Typedef for VxLAN ID."; 345 } 346 typedef access-type-vlan { 347 type enumeration { 348 enum access-type-vlan1to1 { 349 description 350 "Access type is VLAN 1:1."; 351 } 352 enum access-type-vlan1ton { 353 description 354 "Access type is VLAN 1:n."; 355 } 357 } 358 default access-type-vlan1to1 ; 359 description 360 "VxLAN access type is VLAN."; 361 } 363 typedef access-type-mac { 364 type empty ; 365 description 366 "VxLAN access type is MAC."; 367 } 369 typedef inner-vlan-handling-mode { 370 type enumeration { 371 enum discard-inner-vlan { 372 description 373 "Discard inner-VLAN."; 374 } 375 enum no-discard-inner-vlan { 376 description 377 "No discard inner-VLAN."; 378 } 379 } 380 default discard-inner-vlan ; 381 description 382 "Typedef for inner-vlan-handling-mode"; 383 } 385 typedef address-family-type { 386 type enumeration { 387 enum ipv4 { 388 description 389 "IPv4"; 390 } 391 enum ipv6 { 392 description 393 "IPv6"; 394 } 395 } 396 description 397 "Typedef for address family type."; 398 } 400 /* Configuration Data */ 402 container vxlan{ 403 leaf global-enable { 404 type empty ; 405 description 'VXLAN global enble.'; 406 } 408 list vxlan-instance { 409 key vxlan-id ; 410 leaf vxlan-id { 411 type vxlan-id; 412 description "VxLAN ID."; 413 } 415 leaf description { 416 type string { 417 length 0..64 { 418 description 'VXLAN instance description information.'; 419 } 420 } 421 description 'The description information of VXLAN instance.'; 422 } 424 leaf unknow-unicast-drop { 425 type enumeration { 426 enum enable { 427 value 1 ; 428 description 'Unknown unicast drop enable.'; 430 } 431 enum disable { 432 value 2 ; 433 description 'Unknown unicast drop disable.'; 434 } 435 } 436 default enable ; 437 description 'Unknow unicast drop configuration of VXLAN instance.'; 438 } 440 leaf filter-vrrp { 441 type enumeration { 442 enum enable { 443 value 1 ; 444 description 'VRRP packets filter.'; 445 } 446 enum disable { 447 value 2 ; 448 description 'VRRP packets not filter.'; 449 } 450 } 451 default enable ; 452 description 'VRRP packets filter configuration of VXLAN instance.'; 453 } 455 choice vxlan-access-types { 456 if-feature vxlan-access-types; 457 case access-type-vlan { 459 leaf access-type-vlan { 460 type access-type-vlan; 462 description 463 "Access type is VLAN."; 464 } 466 list access-vlan-list { 467 key vlan-id ; 468 leaf vlan-id { 469 type vlan; 470 description 471 "VLAN ID."; 472 } 473 description 474 "VLAN ID list." ; 475 } 476 description 477 "VxLAN access type choice is VLAN."; 479 } 481 case access-type-mac { 482 leaf access-type-mac { 483 type empty ; 484 description 485 "Access type is MAC."; 486 } 488 leaf mac { 489 type yang:mac-address ; 490 mandatory true ; 491 description 492 "MAC Address."; 493 } 494 description 495 "VxLAN access type choice is MAC Address."; 496 } 498 case access-type-l2interface { 499 leaf access-type-l2interface { 500 type empty ; 501 description 502 "VXLAN map layer two interface."; 503 } 505 leaf vlan-id { 506 type vlan; 507 mandatory true ; 508 description 509 "VLAN ID."; 510 } 512 leaf interface-name { 513 type if:interface-ref; 514 mandatory true ; 515 description 516 "Layer two interface name."; 517 } 518 description 519 "VxLAN access type choice is layer two interface."; 520 } 522 case access-type-l3interface { 523 leaf access-type-l3interface { 524 type empty ; 525 description 526 "Access type of VxLAN is layer three interface."; 528 } 530 list map-l3interface { 531 key interface-name ; 532 leaf interface-name { 533 type if:interface-ref; 534 description 535 "Layer three interface name."; 536 } 537 description 538 "Layer three interface list."; 539 } 540 description 541 "VxLAN access type choice is layer three interface."; 542 } 543 description 544 "VxLAN access type choice."; 545 } 547 list vtep-instances { 548 key vtep-id ; 549 leaf vtep-id { 550 type uint32; 551 description 552 "VTEP ID."; 553 } 555 leaf vtep-name{ 556 type string; 557 description 558 "VTEP instance name."; 559 } 561 leaf source-interface { 562 type if:interface-ref; 563 description 564 "Source interface name."; 565 } 567 leaf multicast-ip { 568 type inet:ip-address; 569 mandatory true ; 570 description 571 "VxLAN multicast IP address."; 572 } 574 leaf mtu { 575 if-feature mtu; 576 type uint32; 577 description "vxlan mtu"; 578 } 580 leaf inner-vlan-handling-mode { 581 type inner-vlan-handling-mode; 582 description 583 "The inner vlan tag handling mode."; 584 } 586 list bind-vxlan-id { 587 key vxlan-id; 588 leaf vxlan-id { 589 type vxlan-id; 590 description 591 "VxLAN ID."; 592 } 593 description 594 "VxLAN ID list for the VTEP."; 595 } 596 description 597 "VTEP instance."; 598 } 600 list static-vxlan-tunnel{ 601 key vxlan-tunnel-id; 602 leaf vxlan-tunnel-id { 603 type uint32; 604 description 605 "Static VxLAN tunnel ID."; 606 } 608 leaf vxlan-tunnel-name { 609 type string; 610 description 611 "Name of the static VxLAN tunnel."; 612 } 614 list address-family { 615 key "af"; 616 leaf af { 617 type address-family-type; 618 description 619 "Address family type value."; 620 } 622 leaf tunnel-source-ip { 623 type inet:ip-address; 624 description 625 "Source IP address for the static VxLAN tunnel"; 626 } 628 leaf tunnel-destination-ip { 629 type inet:ip-address; 630 description 631 "Destination IP address for the static VxLAN tunnel"; 632 } 634 list bind-vxlan-id { 635 key vxlan-id; 636 leaf vxlan-id { 637 type vxlan-id; 638 description 639 "VxLAN ID."; 640 } 641 description 642 "VxLAN ID list for the VTEP."; 643 } 645 description 646 "Per-af params."; 647 } 648 description 649 "Configure the static VxLAN tunnel"; 650 } 652 container redundancy-group-binds { 653 list redundancy-group-bind { 654 key 'vxlan-id redundancy-group'; 655 leaf vxlan-id { 656 type uint32 { 657 range 1..16777215 { 658 description 'The value of VXLAN,it must between 1 to 16777215.'; 659 } 660 } 661 description 'VXLAN ID binding by redundancy group.'; 662 } 664 leaf redundancy-group { 665 type uint32 { 666 range 1..4294967293 { 667 description 'The value of redundancy group,it must between 1 to' 668 + ' 4294967293.'; 669 } 670 } 671 description 'Redundancy group ID.'; 673 } 674 description 'Redundancy group bind table.'; 675 } 676 description 'Redundancy group bind table.'; 677 } 678 description "vxlan instance list"; 679 } 680 description 681 "VxLAN configure model."; 682 } 684 augment "/evpn:evpn/evpn:evpn-instances/evpn:evpn-instance" 685 +"/evpn:bgp-parameters/evpn:common" { 687 uses evpn:bgp-parameters-grp { 688 if-feature evpn-bgp-params; 689 } 690 description "EVPN configuration"; 691 } 693 /* Operational data */ 694 container vxlan-state{ 695 config false; 696 container vxlan { 697 container vxlan-tunnels { 698 list vxlan-tunnel { 699 key 'local-ip remote-ip'; 700 leaf local-ip { 701 type inet:ip-address; 702 description 'Local IP of tunnel.'; 703 } 705 leaf remote-ip { 706 type inet:ip-address; 707 description 'Remote IP of tunnel.'; 708 } 710 leaf static-tunnel-id { 711 type uint32 ; 712 description 'Static tunnel ID.'; 713 } 715 leaf evpn-tunnel-id { 716 type uint32 ; 717 description 'EVPN tunnel ID.'; 718 } 720 container statistics { 721 container tunnel-statistics { 722 leaf in-bytes { 723 type string { 724 length 0..24 ; 725 } 726 description 'Total bytes received.'; 727 } 729 leaf out-bytes { 730 type string { 731 length 0..24 ; 732 } 733 description 'Total bytes sent.'; 734 } 736 leaf in-packets { 737 type string { 738 length 0..24; 739 } 740 description 'Total packets received.'; 741 } 743 leaf out-packets { 744 type string { 745 length 0..24 ; 746 } 747 description 'Total packets sent.'; 748 } 749 description 'Total tunnel statistics.'; 750 } 752 container tunnel-vni-statistics { 753 list tunnel-vni-statistic { 754 key vxlan-id ; 755 leaf vxlan-id { 756 type uint32 ; 757 description 'The VXLAN in tunnel.'; 758 } 760 leaf in-bytes { 761 type string { 762 length 1..24 ; 763 } 764 description 'Total bytes received.'; 765 } 767 leaf out-bytes { 768 type string { 769 length 1..24 ; 770 } 771 description 'Total bytes sent.'; 772 } 774 leaf in-packets { 775 type string { 776 length 1..24 ; 777 } 778 description 'Total packets received.'; 779 } 781 leaf out-packets { 783 type string { 784 length 1..24 ; 785 } 786 description 'Total packets sent.'; 787 } 788 description 'Statistics in VXLAN tunnel.'; 789 } 790 description 'Statistics in VXLAN tunnel.'; 791 } 792 description 'Tunnel statistics.' ; 793 } 794 description 'VXLAN tunnel info.'; 795 } 796 description 'VXLAN tunnel Info.'; 797 } 798 description 'Information of VXLAN state.'; 799 } 800 description 'Information of VXLAN state.'; 801 } 802 } 803 805 7. Security Considerations 807 The YANG module specified in this document defines a schema for data 808 that is designed to be accessed via network management protocols such 809 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 810 is the secure transport layer, and the mandatory-to-implement secure 811 transport is Secure Shell (SSH)[RFC6242]. The lowest RESTCONF layer 812 is HTTPS, and the mandatory-to-implement secure transport is TLS 813 [RFC5246]. 815 The NETCONF access control model [RFC6536] provides the means to 816 restrict access for particular NETCONF or RESTCONF users to a 817 preconfigured subset of all available NETCONF or RESTCONF protocol 818 operations and content. 820 There are a number of data nodes defined in this YANG module that are 821 writable/creatable/deletable (i.e., config true, which is the 822 default). These data nodes may be considered sensitive or vulnerable 823 in some network environments. Write operations (e.g., edit-config) 824 to these data nodes without proper protection can have a negative 825 effect on network operations. 827 The vulnerable "config true" parameters and subtree are the 828 following: 830 ietf-vxlan/global-enable: this subtree specifies VxLAN enable 831 switch. Modify the configuration can cause the VxLAN disable. 833 ietf-vxlan/vxlan-instance/static-vxlan-tunnel: this subtree 834 specifies static VxLAN tunnel configuration. Modify the 835 configuration can cause static VxLAN tunnel disconnection. 837 Unauthorized access to any of these lists can adversely affect the 838 security of both the local device and the network. This may lead to 839 network malfunctions, delivery of packets to inappropriate 840 destinations, and other problems. 842 8. Acknowledgements 844 9. IANA Considerations 846 This document registers three URI in the IETF XML registry [RFC3688]. 847 Following the format in [RFC3688], the following registrations are 848 requested to be made. 850 urn:ietf:params:xml:ns:yang:ietf-vxlan. 852 Registrant Contact: The IESG. 854 XML: N/A, the requested URI is an XML namespace. 856 This document registers three YANG modules in the YANG Module Names 857 registry [RFC6020]. 859 name: ietf-vxlan 860 namespace: urn:ietf:params:xml:ns:yang:ietf-vxlan 861 prefix: vxlan 862 reference: RFC XXXX 864 10. Normative References 866 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 867 Requirement Levels", BCP 14, RFC 2119, 868 DOI 10.17487/RFC2119, March 1997, 869 . 871 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 872 DOI 10.17487/RFC3688, January 2004, 873 . 875 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 876 (TLS) Protocol Version 1.2", RFC 5246, 877 DOI 10.17487/RFC5246, August 2008, 878 . 880 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 881 the Network Configuration Protocol (NETCONF)", RFC 6020, 882 DOI 10.17487/RFC6020, October 2010, 883 . 885 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 886 and A. Bierman, Ed., "Network Configuration Protocol 887 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 888 . 890 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 891 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 892 . 894 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 895 Protocol (NETCONF) Access Control Model", RFC 6536, 896 DOI 10.17487/RFC6536, March 2012, 897 . 899 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 900 RFC 6991, DOI 10.17487/RFC6991, July 2013, 901 . 903 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 904 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 905 . 907 [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, 908 L., Sridhar, T., Bursell, M., and C. Wright, "Virtual 909 eXtensible Local Area Network (VXLAN): A Framework for 910 Overlaying Virtualized Layer 2 Networks over Layer 3 911 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, 912 . 914 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 915 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 916 . 918 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 919 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 920 May 2017, . 922 Authors' Addresses 924 Fangwei Hu 925 ZTE Corporation 926 No.889 Bibo Rd 927 Shanghai 201203 928 China 930 Phone: +86 21 68896273 931 Email: hu.fangwei@zte.com.cn 933 Ran Chen 934 ZTE Corporation 935 No.50 Software Avenue,Yuhuatai District 936 Nanjing, Jiangsu Province 210012 937 China 939 Phone: +86 025 88014636 940 Email: chen.ran@zte.com.cn 942 Mallik Mahalingam 943 Springpath 944 640 W. California Ave, Suite #110 945 Sunnyvale, CA 94086 946 USA 948 Email: mallik_mahalingam@yahoo.com 949 Zu Qiang 950 Ericsson 951 8400, boul. Decarie 952 Ville Mont-Royal, QC 953 Canada 955 Email: Zu.Qiang@Ericsson.com 957 Davari Shahram 958 yahoo 960 Email: davarish@yahoo.com 962 Xufeng Liu 963 Volta Networks 964 USA 966 Email: xufeng.liu.ietf@gmail.com