idnits 2.17.1 draft-dhjain-bess-bgp-l3vpn-yang-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 33 instances of too long lines in the document, the longest one being 18 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 238 has weird spacing: '...--rw rt str...' == Line 243 has weird spacing: '...--ro rt str...' == Line 249 has weird spacing: '...--rw rt str...' == Line 254 has weird spacing: '...--ro rt str...' == Line 260 has weird spacing: '...--rw rt str...' == (4 more instances...) == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 20, 2016) is 2987 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC2547' is defined on line 1214, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1218, but no explicit reference was found in the text == Unused Reference: 'RFC3552' is defined on line 1222, but no explicit reference was found in the text == Unused Reference: 'RFC4271' is defined on line 1227, but no explicit reference was found in the text == Unused Reference: 'RFC4760' is defined on line 1236, but no explicit reference was found in the text == Unused Reference: 'RFC5492' is defined on line 1253, but no explicit reference was found in the text == Outdated reference: A later version (-25) exists of draft-ietf-netmod-routing-cfg-15 ** Obsolete normative reference: RFC 2547 (Obsoleted by RFC 4364) ** Obsolete normative reference: RFC 2629 (Obsoleted by RFC 7749) Summary: 3 errors (**), 0 flaws (~~), 15 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Working Group D. Jain 3 Internet-Draft K. Patel 4 Intended status: Informational P. Brissette 5 Expires: August 23, 2016 Cisco 6 Z. Li 7 S. Zhuang 8 Huawei Technologies 9 X. Liu 10 Ericsson 11 J. Haas 12 S. Esale 13 Juniper Networks 14 B. Wen 15 Comcast 16 February 20, 2016 18 Yang Data Model for BGP/MPLS L3 VPNs 19 draft-dhjain-bess-bgp-l3vpn-yang-00.txt 21 Abstract 23 This document defines a YANG data model that can be used to configure 24 and manage BGP Layer 3 VPNs. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on August 23, 2016. 43 Copyright Notice 45 Copyright (c) 2016 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 This document may contain material from IETF Documents or IETF 59 Contributions published or made publicly available before November 60 10, 2008. The person(s) controlling the copyright in some of this 61 material may not have granted the IETF Trust the right to allow 62 modifications of such material outside the IETF Standards Process. 63 Without obtaining an adequate license from the person(s) controlling 64 the copyright in such materials, this document may not be modified 65 outside the IETF Standards Process, and derivative works of it may 66 not be created outside the IETF Standards Process, except to format 67 it for publication as an RFC or to translate it into languages other 68 than English. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 73 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 74 2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 3 75 3. Design of BGP L3VPN Data Model . . . . . . . . . . . . . . . 4 76 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 77 3.2. VRF Specific Configuration . . . . . . . . . . . . . . . 4 78 3.2.1. VRF interface . . . . . . . . . . . . . . . . . . . . 4 79 3.2.2. Route distinguisher . . . . . . . . . . . . . . . . . 4 80 3.2.3. Import and export route target . . . . . . . . . . . 5 81 3.2.4. Forwarding mode . . . . . . . . . . . . . . . . . . . 5 82 3.2.5. Label security . . . . . . . . . . . . . . . . . . . 5 83 3.2.6. Yang tree . . . . . . . . . . . . . . . . . . . . . . 5 84 3.3. BGP Specific Configuration . . . . . . . . . . . . . . . 7 85 3.3.1. VPN peering . . . . . . . . . . . . . . . . . . . . . 8 86 3.3.2. VPN prefix limits . . . . . . . . . . . . . . . . . . 8 87 3.3.3. Label Mode . . . . . . . . . . . . . . . . . . . . . 8 88 3.3.4. ASBR options . . . . . . . . . . . . . . . . . . . . 8 89 3.3.5. Yang tree . . . . . . . . . . . . . . . . . . . . . . 8 90 4. BGP Yang Module . . . . . . . . . . . . . . . . . . . . . . . 10 91 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 92 6. Security Considerations . . . . . . . . . . . . . . . . . . . 26 93 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26 94 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 95 8.1. Normative References . . . . . . . . . . . . . . . . . . 26 96 8.2. Informative References . . . . . . . . . . . . . . . . . 27 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 99 1. Introduction 101 YANG [RFC6020] is a data definition language that was introduced to 102 define the contents of a conceptual data store that allows networked 103 devices to be managed using NETCONF [RFC6241]. YANG is proving 104 relevant beyond its initial confines, as bindings to other interfaces 105 (e.g. ReST) and encodings other than XML (e.g. JSON) are being 106 defined. Furthermore, YANG data models can be used as the basis of 107 implementation for other interfaces, such as CLI and programmatic 108 APIs. 110 This document defines a YANG model that can be used to configure and 111 manage BGP L3VPNs [RFC4364]. It contains VRF sepcific parameters as 112 well as BGP specific parameters applicable for L3VPNs. The 113 individual containers defined in this model contain control knobs for 114 configuration for that purpose, as well as a few data nodes that can 115 be used to monitor health and gather statistics. 117 1.1. Requirements Language 119 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 120 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 121 document are to be interpreted as described in RFC 2119 [RFC2119]. 123 2. Definitions and Acronyms 125 AF: Address Family 127 AS: Autonomous System 129 ASBR: Autonomous System Border Router 131 BGP: Border Gateway Protocol 133 CE: Customer Edge 135 PE: Provider Edge 137 L3VPN: Layer 3 VPN 139 NETCONF: Network Configuration Protocol 141 RD: Route Distinguisher 142 ReST: Representational State Transfer, a style of stateless interface 143 and protocol that is generally carried over HTTP 145 RTFilter: Route Filter 147 VPN: Virtual Private Network 149 VRF: Virtual Routing and Forwarding 151 YANG: Data definition language for NETCONF 153 3. Design of BGP L3VPN Data Model 155 3.1. Overview 157 There are two parts of the BGP L3VPN yang data model. The first part 158 of the model defines VRF specific parameters for L3VPN by augmenting 159 the routing-instance container defined in the routing model [I- 160 D.ietf-netmod-routing-cfg] and the second part of the model defines 161 BGP specific parameters for the L3VPN by augmenting the base BGP data 162 model defined in [I-D.shaikh-idr-bgp-model]. 164 3.2. VRF Specific Configuration 166 Routing-instance defined in the IETF routing model defines a default 167 instance when routing-instance type is default-routing-instance and 168 named vrf instance when type is vrf-routing-instance. For L3VPN, the 169 VRF specific parameters are defined by augmenting the routing- 170 instance container corresponding to named vrf instance. A new 171 container l3vpn is added for VPN parameters. 173 3.2.1. VRF interface 175 To associate a VRF instance with an interface, the interface should 176 be defined in the context of routing-instance representing a VRF. 177 This is covered in base routing model [I-D.ietf-netmod-routing-cfg]. 179 3.2.2. Route distinguisher 181 Route distinguisher (RD) is an unique identifier used in VPN routes 182 to distinguish prefixes across different VPNs. RD is 8 byte field as 183 defined in the [RFC4364]. Where the first two bytes refer to type 184 followed by 6 bytes of value. The format of the value is dependent 185 on type. In the yang model, RDs are defined l3vpn container under 186 routing-instance. 188 3.2.3. Import and export route target 190 Route-target (RT) is an extended community used to specify the rules 191 for importing and exporting the routes for each VRF as defined in 192 [RFC4364]. This is applicable in the context of an address-family 193 under the VRF. Under the l3vpn container, statements for import and 194 export route-targets are added for ipv4 and ipv6 address family. 195 Both import and export sets are modeled as a list of rout-targets. 196 An import rule is modeled as list of RTs or a policy leafref 197 specifying the list of RTs to be matched for importing routes into 198 the VRF. Similarly an export rule is set or RTs or a policy leafref 199 specifying the list of RTs which should be attached to routes 200 exported from this VRF. In the case where policy is used to specify 201 the RTs, a reference to the policy via leafref is used in this model, 202 but actual definition of policy is outside the scope of this 203 document. In addition, this section also defines parameters for the 204 import from global routing table and export to global routing table, 205 as well as route limit per VPN instance for ipv4 and ipv6 address 206 family. 208 3.2.4. Forwarding mode 210 This configuration augments interface list under interface container 211 under a routing-instance as defined in IETF routing model 212 [I-D.ietf-netmod-routing-cfg]. Forwarding mode configuration is 213 required under the ASBR facing interface to enable mpls forwarding 214 for directly connected BGP peers for inter-as option B peering. 216 3.2.5. Label security 218 For inter-as option-B peering across ASs, under the ASBR facing 219 interface, mpls label security enables the checks for RPF label on 220 incoming packets. Ietf-interface container is augmented to add this 221 config. 223 3.2.6. Yang tree 225 augment /rt:routing/rt:routing-instance: 226 +--rw l3vpn 227 +--rw route-distinguisher 228 | +--rw config 229 | | +--rw rd? string 230 | +--ro state 231 | +--ro rd? string 232 +--rw ipv4 233 | +--rw unicast 234 | +--rw import-routes 235 | | +--rw config 236 | | | +--rw route-targets 237 | | | | +--rw rts* [rt] 238 | | | | +--rw rt string 239 | | | +--rw route-policy? string 240 | | +--ro state 241 | | +--ro route-targets 242 | | | +--ro rts* [rt] 243 | | | +--ro rt string 244 | | +--ro route-policy? string 245 | +--rw export-routes 246 | | +--rw config 247 | | | +--rw route-targets 248 | | | | +--rw rts* [rt] 249 | | | | +--rw rt string 250 | | | +--rw route-policy? string 251 | | +--ro state 252 | | +--ro route-targets 253 | | | +--ro rts* [rt] 254 | | | +--ro rt string 255 | | +--ro route-policy? string 256 | +--rw import-export-routes 257 | | +--rw config 258 | | | +--rw route-targets 259 | | | | +--rw rts* [rt] 260 | | | | +--rw rt string 261 | | | +--rw route-policy? string 262 | | +--ro state 263 | | +--ro route-targets 264 | | | +--ro rts* [rt] 265 | | | +--ro rt string 266 | | +--ro route-policy? string 267 | +--rw import-from-global 268 | | +--rw config 269 | | | +--rw enable? boolean 270 | | | +--rw advertise-as-vpn? boolean 271 | | | +--rw route-policy? string 272 | | | +--rw bgp-valid-route? boolean 273 | | | +--rw protocol? enumeration 274 | | | +--rw instance? string 275 | | +--ro state 276 | | +--ro enable? boolean 277 | | +--ro advertise-as-vpn? boolean 278 | | +--ro route-policy? string 279 | | +--ro bgp-valid-route? boolean 280 | | +--ro protocol? enumeration 281 | | +--ro instance? string 282 | +--rw export-to-global 283 | | +--rw config 284 | | | +--rw enable? boolean 285 | | +--ro state 286 | | +--ro enable? boolean 287 | +--rw routing-table-limit 288 | | +--rw config 289 | | | +--rw routing-table-limit-number? uint32 290 | | | +--rw (routing-table-limit-action)? 291 | | | +--:(enable-alert-percent) 292 | | | | +--rw alert-percent-value? uint8 293 | | | +--:(enable-simple-alert) 294 | | | +--rw simple-alert? boolean 295 | | +--ro state 296 | | +--ro routing-table-limit-number? uint32 297 | | +--ro (routing-table-limit-action)? 298 | | +--:(enable-alert-percent) 299 | | | +--ro alert-percent-value? uint8 300 | | +--:(enable-simple-alert) 301 | | +--ro simple-alert? boolean 302 | +--rw tunnel-params 303 | +--rw config 304 | | +--rw tunnel-policy? string 305 | +--ro state 306 | +--ro tunnel-policy? string 308 augment /if:interfaces/if:interface: 309 +--rw forwarding-mode 310 | +--rw config 311 | | +--rw forwarding-mode? fwd-mode-type 312 | +--ro state 313 | +--ro forwarding-mode? fwd-mode-type 314 +--rw mpls-label-security 315 +--rw config 316 | +--rw rpf? boolean 317 +--ro state 318 +--ro rpf? boolean 320 3.3. BGP Specific Configuration 322 The BGP specific configuration for L3VPNs is defined by augmenting 323 base BGP model [I-D.shaikh-idr-bgp-model]. In particular, specific 324 knobs are added under neighbor and address family containers to 325 handle VPN routes and ASBR peering. 327 3.3.1. VPN peering 329 For Peering between PE routers, specific VPN address family needs to 330 be enabled under BGP container in the default routing-instance. Base 331 BGP draft [I-D.shaikh-idr-bgp-model] has l3vpn address family in the 332 list of identity refs for AFs under global and neighbor modes. The 333 same is augmented here for additional knobs. For peering with CE 334 routers the VRF specific BGP configurations such as neighbors and 335 address-family are covered in base BGP config, except that such 336 configuration will be in the context of a VRF. The instance of BGP 337 in this case would be a separate instance in the context of routing 338 instance realizing a VRF. 340 3.3.2. VPN prefix limits 342 Limits for max number of VPN prefixes for a PE router is defined in 343 the context of VPN address family under BGP. This would be the total 344 number of prefixes in VPN table per AF in the context of BGP 345 protocol. Route table limit for ipv4 and ipv6 address family for 346 each VPN instance is also defined under BGP. The total prefix limit 347 per VPN, including all the protocols is defined in the context of VRF 348 address family under routing instance. 350 3.3.3. Label Mode 352 Label mode knobs control the label allocation behavior for VRF 353 routes. Such as to specify Per-site, Per-vpn and Per-route label 354 allocation. These knobs augment BGP global AF containers in the 355 context of default routing instance. 357 3.3.4. ASBR options 359 This includes few specific knobs for ASBR peering methods illustrated 360 in [RFC4364]. Such as route target retention on ASBRs and rewrite 361 next hop to self, for inter-as VPN peering across ASBRs with option-B 362 method. Similarly next hop unchanged on ASBRs for option-C peering. 363 Appropriate containers under BGP AF and NBR modes are augmented for 364 these parameters. As a note, when a knob is applicable for neighbor, 365 it is also defined under corresponding peer-group container. 367 3.3.5. Yang tree 369 module: ietf-bgp-l3vpn 370 augment /bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv4-unicast: 371 +--rw retain-rts 372 +--rw config 373 | +--rw all? empty 374 | +--rw route-policy? string 375 +--ro state 376 +--ro all? empty 377 +--ro route-policy? string 378 +--rw prefix-limit 379 +--rw config 380 | +--rw prefix-limit-number? uint32 381 | +--rw (prefix-limit-action)? 382 | +--:(enable-alert-percent) 383 | | +--rw alert-percent-value? uint8 384 | | +--rw route-unchanged? boolean 385 | +--:(enable-simple-alert) 386 | +--rw simple-alert? boolean 387 +--ro state 388 +--ro prefix-limit-number? uint32 389 +--ro (prefix-limit-action)? 390 +--:(enable-alert-percent) 391 | +--ro alert-percent-value? uint8 392 | +--ro route-unchanged? boolean 393 +--:(enable-simple-alert) 394 +--ro simple-alert? boolean ... 396 augment /bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:ipv4-unicast: 397 +--rw config 398 | +--rw label-mode? bgp-label-mode 399 +--ro state 400 +--ro label-mode? bgp-label-mode 401 +--rw routing-table-limit 402 +--rw config 403 | +--rw routing-table-limit-number? uint32 404 | +--rw (routing-table-limit-action)? 405 | +--:(enable-alert-percent) 406 | | +--rw alert-percent-value? uint8 407 | +--:(enable-simple-alert) 408 | +--rw simple-alert? boolean 409 +--ro state 410 +--ro routing-table-limit-number? uint32 411 +--ro (routing-table-limit-action)? 412 +--:(enable-alert-percent) 413 | +--ro alert-percent-value? uint8 414 +--:(enable-simple-alert) 415 +--ro simple-alert? boolean 416 ... 418 augment /bgp:bgp/bgp:neighbors/bgp:neighbor: 419 +--rw nexthop-options 420 +--rw config 421 | +--rw next-hop-self? boolean 422 | +--rw next-hop-unchanged? boolean 423 +--rw state 424 +--rw next-hop-self? boolean 425 +--rw next-hop-unchanged? boolean 427 augment /bgp:bgp/bgp:peer-groups/bgp:peer-group: 428 +--rw nexthop-options 429 +--rw config 430 | +--rw next-hop-self? boolean 431 | +--rw next-hop-unchanged? boolean 432 +--rw state 433 +--rw next-hop-self? boolean 434 +--rw next-hop-unchanged? boolean 436 augment /bgp:bgp/bgp:neighbors/bgp:neighbor/bgp:afi-safis/bgp:afi-safi: 437 +--rw nexthop-options 438 +--rw config 439 | +--rw next-hop-self? boolean 440 | +--rw next-hop-unchanged? boolean 441 +--rw state 442 +--rw next-hop-self? boolean 443 +--rw next-hop-unchanged? boolean 445 augment /bgp:bgp/bgp:peer-groups/bgp:peer-group/bgp:afi-safis/bgp:afi-safi: 446 +--rw nexthop-options 447 +--rw config 448 | +--rw next-hop-self? boolean 449 | +--rw next-hop-unchanged? boolean 450 +--rw state 451 +--rw next-hop-self? boolean 452 +--rw next-hop-unchanged? boolean 454 4. BGP Yang Module 456 file "ietf-bgp-l3vpn@2016-02-20.yang" 458 module ietf-bgp-l3vpn { 459 namespace "urn:ietf:params:xml:ns:yang:ietf-bgp-l3vpn"; 460 // replace with IANA namespace when assigned 461 prefix l3vpn ; 463 import ietf-routing { 464 prefix rt; 465 revision-date 2015-10-16; 466 } 468 import ietf-interfaces { 469 prefix if; 470 } 472 import bgp { 473 prefix bgp; 474 } 476 organization 477 "IETF BGP Enabled Services WG"; 479 contact 480 "draft-dhjain-bess-l3vpn-yang@tools.ietf.org"; 482 description 483 "This YANG module defines a YANG data model to configure and manage BGP Layer3 VPNs. 484 It augments the IETF bgp yang model and IETF routing model to add L3VPN specific 485 configuration and operational knobs. 487 Terms and Acronyms 489 AF : Address Family 491 AS : Autonomous System 493 ASBR : Autonomous Systems Border Router 495 BGP (bgp) : Border Gateway Protocol 497 CE : Customer Edge 499 IP (ip) : Internet Protocol 501 IPv4 (ipv4):Internet Protocol Version 4 503 IPv6 (ipv6): Internet Protocol Version 6 505 L3VPN: Layer 3 VPN 507 PE : Provider Edge 509 RT : Route Target 511 RD : Route Distinguisher 512 VPN : Virtual Private Network 514 VRF : Virtual Routing and Forwarding 516 "; 518 revision 2016-02-20 { 519 description 520 "Initial revision."; 521 reference 522 "RFC XXXX: A YANG Data Model for BGP L3VPN config management"; 523 } 525 grouping bgp-rd-spec { 526 description "Route distinguisher specification as per RFC4364"; 527 leaf rd { 528 type string; 529 description "Route distinguisher value as per RFC4364"; 530 } 531 } 532 grouping bgp-rd { 533 description "BGP route distinguisher"; 534 container route-distinguisher { 535 description "Route distinguisher"; 536 container config { 537 description "Configuration parameters for route distinguisher"; 538 uses bgp-rd-spec ; 539 } 540 container state { 541 config "false" ; 542 description "State information for route distinguisher"; 543 uses bgp-rd-spec ; 544 } 545 } 546 } 548 typedef bgp-label-mode { 549 type enumeration { 550 enum per-ce { 551 description "Allocate labels per CE"; 552 } 553 enum per-route { 554 description "Allocate labels per prefix"; 555 } 556 enum per-vpn { 557 description "Allocate labels per VRF"; 559 } 560 } 561 description "BGP label allocation mode"; 562 } 564 typedef fwd-mode-type { 565 type enumeration { 566 enum mpls { 567 description "Forwarding mode mpls"; 568 } 569 } 570 description "Enable forwarding mode under ASBR facing interface"; 571 } 573 grouping forwarding-mode { 574 description "Forwarding mode of interface for ASBR scenario"; 575 container forwarding-mode { 576 description "Forwarding mode of interface for ASBR scenario"; 577 container config { 578 description "Configuration of Forwarding mode"; 579 leaf forwarding-mode { 580 type fwd-mode-type; 581 description "Forwarding mode for this interface"; 582 } 583 } 584 container state { 585 config "false"; 586 description "State information of Forwarding mode"; 587 leaf forwarding-mode { 588 type fwd-mode-type; 589 description "Forwarding mode for this interface"; 590 } 591 } 592 } 593 } 595 grouping label-security { 596 description "Mpls label security for ASBR option B scenario"; 597 container mpls-label-security { 598 description "MPLS label secruity"; 599 container config { 600 description "Configuration parameters"; 601 leaf rpf { 602 type boolean; 603 description "Enable MPLS label security rpf on interface"; 604 } 605 } 606 container state { 607 config "false"; 608 description "State information"; 609 leaf rpf { 610 type boolean; 611 description "MPLS label security rpf on interface"; 612 } 613 } 614 } 615 } 617 //per VPN instance table limit under BGP 618 grouping prefix-limit { 619 description 620 "The prefix limit command sets a limit on the maximum 621 number of prefixes supported in the existing VPN 622 instance, preventing the PE from importing excessive 623 VPN route prefixes. 624 "; 626 leaf prefix-limit-number { 627 type uint32 { 628 range "1..4294967295"; 629 } 630 description 631 "Specifies the maximum number of prefixes supported in the 632 VPN instance IPv4 or IPv6 address family."; 633 } 635 choice prefix-limit-action { 636 description "."; 637 case enable-alert-percent { 638 leaf alert-percent-value { 639 type uint8 { 640 range "1..100"; 641 } 642 description 643 "Specifies the proportion of the alarm threshold to the 644 maximum number of prefixes."; 645 } 646 leaf route-unchanged { 647 type boolean; 648 default "false"; 649 description 650 "Indicates that the routing table remains unchanged. 651 By default, route-unchanged is not configured. When 652 the number of prefixes in the routing table is 653 greater than the value of the parameter number, 654 routes are processed as follows: 655 (1)If route-unchanged is configured, routes in the 656 routing table remain unchanged. 657 (2)If route-unchanged is not configured, all routes 658 in the routing table are deleted and then 659 re-added."; 660 } 661 } 662 case enable-simple-alert { 663 leaf simple-alert { 664 type boolean; 665 default "false"; 666 description 667 "Indicates that when the number of VPN route prefixes 668 exceeds number, prefixes can still join the VPN 669 routing table and alarms are displayed."; 670 } 671 } 672 } 673 } 675 grouping vpn-pfx-limit { 676 description "Per VPN instance table limit under BGP"; 677 container vpn-prefix-limit { 678 description "Prefix limit for this table"; 679 container config { 680 description "Config parameters"; 681 uses prefix-limit; 682 } 683 container state { 684 config "false"; 685 description "State parameters"; 686 uses prefix-limit; 687 } 688 } 689 } 691 grouping route-target-set { 692 description 693 "Extended community route-target set "; 694 container route-targets { 695 description 696 "Route-target" ; 697 list rts { 698 key "rt" ; 699 description 700 "List of route-targets" ; 701 leaf rt { 702 type string { 703 pattern '([0-9]+:[0-9]+)'; 704 } 705 description "Route target extended community as per RFC4360"; 706 } 707 } 708 } 709 leaf route-policy { 710 type string; 711 description 712 "Reference to the policy containing set of routes. 713 TBD: leafref to policy entry in IETF policy model"; 714 } 715 } 717 grouping import-from-gbl { 718 description "Import from global routing table"; 719 leaf enable { 720 type boolean; 721 description "Enable"; 722 } 723 leaf advertise-as-vpn { 724 when "../from-default-vrf == TRUE" { 725 description "This option is valid only when importing from global routing table"; 726 } 727 type boolean; 728 description "Advertise routes imported from global table as VPN routes"; 729 } 730 leaf route-policy { 731 type string; 732 description "Policy name or import routes"; 733 } 735 leaf bgp-valid-route { 736 type boolean; 737 description "Enable all valid routes (including non-best paths) to be candidate 738 for import"; 739 } 741 leaf protocol { 742 type enumeration { 743 enum ALL { 744 value "0"; 745 description "ALL:"; 746 } 747 enum Direct { 748 value "1"; 749 description "Direct:"; 751 } 752 enum OSPF { 753 value "2"; 754 description "OSPF:"; 755 } 756 enum ISIS { 757 value "3"; 758 description "ISIS:"; 759 } 760 enum Static { 761 value "4"; 762 description "Static:"; 763 } 764 enum RIP { 765 value "5"; 766 description "RIP:"; 767 } 768 enum BGP { 769 value "6"; 770 description "BGP:"; 771 } 772 enum OSPFV3 { 773 value "7"; 774 description "OSPFV3:"; 775 } 776 enum RIPNG { 777 value "8"; 778 description "RIPNG:"; 779 } 780 enum INVALID { 781 value "9"; 782 description "INVALID:"; 783 } 784 } 785 description 786 "Specifies the protocol from which routes are imported. 787 At present, In the IPv4 unicast address family view, 788 the protocol can be IS-IS,static, direct and BGP."; 789 } 791 leaf instance { 792 type string; 793 description 794 "Specifies the instance id of the protocol"; 795 } 796 } 798 grouping global-imports { 799 description "Grouping for imports from global routing table"; 800 container import-from-global { 801 description "Import from global global routing table"; 802 container config { 803 description "Configuration"; 804 uses import-from-gbl; 805 } 806 container state { 807 config "false"; 808 description "State"; 809 uses import-from-gbl; 810 } 811 } 812 } 814 grouping export-to-gbl { 815 description "Export routes to default VRF"; 816 leaf enable { 817 type boolean; 818 description "Enable"; 819 } 820 } 822 grouping global-exports { 823 description "Grouping for exports routes to global table"; 824 container export-to-global { 825 description "Export to global routing table"; 826 container config { 827 description "Configuration"; 828 uses export-to-gbl; 829 } 830 container state { 831 config "false"; 832 description "State"; 833 uses export-to-gbl; 834 } 835 } 836 } 838 grouping route-import-set { 839 description "Grouping to specify rules for route import"; 840 container import-routes { 841 description "Set of route-targets to match to import routes into VRF"; 842 container config { 843 description 844 "Configuration parameters for import routes"; 845 uses route-target-set ; 847 } 848 container state { 849 config "false" ; 850 description 851 "State information for the import routes"; 852 uses route-target-set ; 853 } 854 } 855 } 856 grouping route-export-set { 857 description "Grouping to specify rules for route export"; 858 container export-routes { 859 description "Set of route-targets to attach with exported routes from VRF"; 860 container config { 861 description 862 "Configuration parameters for export routes"; 863 uses route-target-set ; 864 } 865 container state { 866 config "false" ; 867 description 868 "State information for export routes"; 869 uses route-target-set ; 870 } 871 } 872 } 874 grouping route-import-export-set { 875 description "Grouping to specify rules for route import/export both"; 876 container import-export-routes { 877 description "Set of route-targets for import/export both"; 878 container config { 879 description "Both import/export routes"; 880 uses route-target-set; 881 } 882 container state { 883 config "false" ; 884 description "Both import/export routes"; 885 uses route-target-set; 886 } 887 } 888 } 890 grouping route-tbl-limit-params { 891 description "Grouping for VPN table prefix limit config"; 892 leaf routing-table-limit-number { 893 type uint32 { 894 range "1..4294967295"; 896 } 897 description 898 "Specifies the maximum number of routes supported by a 899 VPN instance. "; 900 } 902 choice routing-table-limit-action { 903 description "."; 904 case enable-alert-percent { 905 leaf alert-percent-value { 906 type uint8 { 907 range "1..100"; 908 } 909 description 910 "Specifies the percentage of the maximum number of 911 routes. When the maximum number of routes that join 912 the VPN instance is up to the value 913 (number*alert-percent)/100, the system prompts 914 alarms. The VPN routes can be still added to the 915 routing table, but after the number of routes 916 reaches number, the subsequent routes are 917 dropped."; 918 } 919 } 920 case enable-simple-alert { 921 leaf simple-alert { 922 type boolean; 923 description 924 "Indicates that when VPN routes exceed number, routes 925 can still be added into the routing table, but the 926 system prompts alarms. 927 However, after the total number of VPN routes and 928 network public routes reaches the unicast route limit 929 specified in the License, the subsequent VPN routes 930 are dropped."; 931 } 932 } 933 } 934 } 936 grouping routing-tbl-limit { 937 description "."; 938 container routing-table-limit { 939 description 940 "The routing-table limit command sets a limit on the maximum 941 number of routes that the IPv4 or IPv6 address family of a 942 VPN instance can support. 943 By default, there is no limit on the maximum number of 944 routes that the IPv4 or IPv6 address family of a VPN 945 instance can support, but the total number of private 946 network and public network routes on a device cannot 947 exceed the allowed maximum number of unicast routes."; 948 container config { 949 description "Config parameters"; 950 uses route-tbl-limit-params; 951 } 952 container state { 953 config "false"; 954 description "State parameters"; 955 uses route-tbl-limit-params; 956 } 957 } 958 } 960 // Tunnel policy parameters 961 grouping tunnel-params { 962 description "Tunnel parameters"; 963 container tunnel-params { 964 description "Tunnel config parameters"; 965 container config { 966 description "configuration parameters"; 967 leaf tunnel-policy { 968 type string; 969 description 970 "Tunnel policy name."; 971 } 972 } 973 container state { 974 config "false"; 975 description "state parameters"; 976 leaf tunnel-policy { 977 type string; 978 description 979 "Tunnel policy name."; 980 } 981 } 982 } 983 } 985 // Grouping for the L3vpn specific parameters under VRF (aka routing-instance) 986 grouping l3vpn-vrf-params { 987 description "Specify route filtering rules for import/export"; 988 container ipv4 { 989 description "Specify route filtering rules for import/export"; 990 container unicast { 991 description "Specify route filtering rules for import/export"; 992 uses route-import-set; 993 uses route-export-set; 994 uses route-import-export-set; 995 uses global-imports; 996 uses global-exports; 997 uses routing-tbl-limit; 998 uses tunnel-params; 999 } 1000 } 1001 container ipv6 { 1002 description "Ipv6 address family specific rules for import/export"; 1003 container unicast { 1004 description "Ipv6 unicast address family"; 1005 uses route-import-set; 1006 uses route-export-set; 1007 uses route-import-export-set; 1008 uses global-imports; 1009 uses global-exports; 1010 uses routing-tbl-limit; 1011 uses tunnel-params; 1012 } 1013 } 1014 } 1016 grouping bgp-label-mode { 1017 description "MPLS/VPN label allocation mode"; 1018 container config { 1019 description "Configuration parameters for label allocation mode"; 1020 leaf label-mode { 1021 type bgp-label-mode; 1022 description "Label allocation mode"; 1023 } 1024 } 1025 container state { 1026 config "false" ; 1027 description "State information for label allocation mode"; 1028 leaf label-mode { 1029 type bgp-label-mode; 1030 description "Label allocation mode"; 1031 } 1032 } 1033 } 1035 grouping retain-route-targets { 1036 description "Grouping for route target accept"; 1037 container retain-route-targets { 1038 description "Control route target acceptance behavior for ASBRs"; 1039 container config { 1040 description "Configuration parameters for retaining route targets"; 1041 leaf all { 1042 type empty; 1043 description "Disable filtering of all route-targets"; 1044 } 1045 leaf route-policy { 1046 type string; 1047 description "Filter routes as per filter policy name 1048 TBD: leafref to IETF routing policy model"; 1049 } 1050 } 1051 container state { 1052 config "false" ; 1053 description "State information for retaining route targets"; 1054 leaf all { 1055 type empty; 1056 description "Disable filtering of all route-targets"; 1057 } 1058 leaf route-policy { 1059 type string; 1060 description "Filter routes as per filter policy name"; 1061 } 1062 } 1063 } 1064 } 1066 grouping nexthop-opts { 1067 description "Next hop control options for inter-as route exchange"; 1068 leaf next-hop-self { 1069 type boolean; 1070 description "Set nexthop of the route to self when advertising routes"; 1071 } 1072 leaf next-hop-unchanged { 1073 type boolean; 1074 description "Enforce no nexthop change when advertising routes"; 1075 } 1076 } 1078 grouping asbr-nexthop-options { 1079 description "Nexthop parameters for inter-as VPN options "; 1080 container nexthop-options { 1081 description "Nexthop related options for inter-as options"; 1082 container config { 1083 description "Configuration parameters for nexthop options"; 1084 uses nexthop-opts; 1085 } 1086 container state { 1087 config "false"; 1088 description "State information for nexthop options" ; 1089 uses nexthop-opts; 1090 } 1091 } 1092 } 1094 // 1095 // VRF specific parameters. 1096 // RD and RTs are added in VRF routing-intance, therefore per per VRF scoped. 1097 // 1099 // route import-export rules in VRF context 1100 // (routing instance container in ietf-routing model). 1101 augment "/rt:routing/rt:routing-instance" { 1102 description "Augment routing instance container for per VRF import/export config"; 1103 container l3vpn { 1104 when "../type='rt:vrf-routing-instance'" { 1105 description "This container is only valid for vrf routing instance."; 1106 } 1107 description "Configuration of L3VPN specific parameters"; 1109 uses bgp-rd; 1110 uses l3vpn-vrf-params ; 1111 } 1112 } 1114 // bgp mpls forwarding enable required for inter-as option AB. 1115 augment "/if:interfaces/if:interface" { 1116 description "BGP mpls forwarding mode configuration on interface for ASBR scenario"; 1117 uses forwarding-mode ; 1118 uses label-security; 1119 } 1121 // 1122 // BGP Specific Paramters 1123 // 1125 // 1126 // Retain route-target for inter-as option ASBR knob. 1127 // vpn prefix limits 1128 // vpnv4/vpnv6 address-family only. 1129 augment "/bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv4-unicast" { 1130 description "Retain route targets for ASBR scenario"; 1131 uses retain-route-targets; 1132 uses vpn-pfx-limit; 1133 } 1135 augment "/bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv6-unicast" { 1136 description "Retain route targets for ASBR scenario"; 1137 uses retain-route-targets; 1138 uses vpn-pfx-limit; 1139 } 1141 // Label allocation mode configuration. Certain AFs only. 1142 augment "/bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:ipv4-unicast" { 1143 description "Augment BGP global AF mode for label allocation mode configuration"; 1144 uses bgp-label-mode ; 1145 uses routing-tbl-limit; 1146 } 1148 augment "/bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:ipv6-unicast" { 1149 description "Augment BGP global AF mode for label allocation mode configuration"; 1150 uses bgp-label-mode ; 1151 uses routing-tbl-limit; 1152 } 1154 // Nexthop options for the inter-as ASBR peering. 1155 augment "/bgp:bgp/bgp:neighbors/bgp:neighbor" { 1156 description "Augment BGP NBR mode with nexthop options for inter-as ASBRs"; 1157 uses asbr-nexthop-options; 1158 } 1160 augment "/bgp:bgp/bgp:peer-groups/bgp:peer-group" { 1161 description "Augment BGP peer-group mode with nexthop options for inter-as ASBRs"; 1162 uses asbr-nexthop-options; 1163 } 1165 augment "/bgp:bgp/bgp:neighbors/bgp:neighbor/bgp:afi-safis/bgp:afi-safi" { 1166 description "Augment BGP NBR AF mode with nexthop options for inter-as ASBRs"; 1167 uses asbr-nexthop-options; 1168 } 1170 augment "/bgp:bgp/bgp:peer-groups/bgp:peer-group/bgp:afi-safis/bgp:afi-safi" { 1171 description "Augment BGP peer-group AF mode with nexthop options for inter-as ASBRs"; 1172 uses asbr-nexthop-options; 1173 } 1175 } 1177 1178 5. IANA Considerations 1180 6. Security Considerations 1182 The transport protocol used for sending the BGP L3VPN data MUST 1183 support authentication and SHOULD support encryption. The data-model 1184 by itself does not create any security implications. 1186 This draft does not change any underlying security issues inherent in 1187 [I-D.ietf-netmod-routing-cfg] and [I-D.shaikh-idr-bgp-model]. 1189 7. Acknowledgements 1191 The authors would like to thank TBD for their detail reviews and 1192 comments. 1194 8. References 1196 8.1. Normative References 1198 [I-D.ietf-netmod-routing-cfg] 1199 Lhotka, L., "A YANG Data Model for Routing Management", 1200 draft-ietf-netmod-routing-cfg-15 (work in progress), May 1201 2014. 1203 [I-D.shaikh-idr-bgp-model] 1204 Shaikh, A., Shakir, R., Patel, K., Hares, S., D'Souza, K., 1205 Bansal, D., Clemm, A., Alex, A., Jethanandani, M., and X. 1206 Liu, "BGP Model for Service Provider Networks", draft- 1207 shaikh-idr-bgp-model-02 (work in progress), June 2015. 1209 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1210 Requirement Levels", BCP 14, RFC 2119, 1211 DOI 10.17487/RFC2119, March 1997, 1212 . 1214 [RFC2547] Rosen, E. and Y. Rekhter, "BGP/MPLS VPNs", RFC 2547, 1215 DOI 10.17487/RFC2547, March 1999, 1216 . 1218 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1219 DOI 10.17487/RFC2629, June 1999, 1220 . 1222 [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC 1223 Text on Security Considerations", BCP 72, RFC 3552, 1224 DOI 10.17487/RFC3552, July 2003, 1225 . 1227 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 1228 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 1229 DOI 10.17487/RFC4271, January 2006, 1230 . 1232 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 1233 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 1234 2006, . 1236 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 1237 "Multiprotocol Extensions for BGP-4", RFC 4760, 1238 DOI 10.17487/RFC4760, January 2007, 1239 . 1241 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1242 the Network Configuration Protocol (NETCONF)", RFC 6020, 1243 DOI 10.17487/RFC6020, October 2010, 1244 . 1246 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1247 and A. Bierman, Ed., "Network Configuration Protocol 1248 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1249 . 1251 8.2. Informative References 1253 [RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement 1254 with BGP-4", RFC 5492, DOI 10.17487/RFC5492, February 1255 2009, . 1257 Authors' Addresses 1259 Dhanendra Jain 1260 Cisco 1261 170 W. Tasman Drive 1262 San Jose, CA 95134 1263 USA 1265 Email: dhjain@cisco.com 1267 Keyur Patel 1268 Cisco 1269 170 W. Tasman Drive 1270 San Jose, CA 95134 1271 USA 1273 Email: keyupate@cisco.com 1274 Patrice Brissette 1275 Cisco 1276 170 W. Tasman Drive 1277 San Jose, CA 95134 1278 USA 1280 Email: pbrisset@cisco.com 1282 Zhenbin Li 1283 Huawei Technologies 1284 Huawei Bld., No.156 Beiqing Rd. 1285 Beijing 100095 1286 China 1288 Email: lizhenbin@huawei.com 1290 Shunwan Zhuang 1291 Huawei Technologies 1292 Huawei Bld., No.156 Beiqing Rd. 1293 Beijing 100095 1294 China 1296 Email: zhuangshunwan@huawei.com 1298 Xufeng Liu 1299 Ericsson 1300 1595 Spring Hill Road, Suite 500 1301 Vienna, VA 22182 1302 USA 1304 Email: xliu@kuatrotech.com 1306 Jeffrey Haas 1307 Juniper Networks 1309 Email: jhaas@juniper.net 1310 Santosh Esale 1311 Juniper Networks 1312 1194 N. Mathilda Ave. 1313 Sunnyvale, CA 94089 1314 US 1316 Email: sesale@juniper.net 1318 Bin Wen 1319 Comcast 1321 Email: Bin_Wen@cable.comcast.com