idnits 2.17.1 draft-dhjain-bess-bgp-l3vpn-yang-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 33 instances of too long lines in the document, the longest one being 18 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 238 has weird spacing: '...--rw rt str...' == Line 243 has weird spacing: '...--ro rt str...' == Line 249 has weird spacing: '...--rw rt str...' == Line 254 has weird spacing: '...--ro rt str...' == Line 260 has weird spacing: '...--rw rt str...' == (4 more instances...) == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 20, 2016) is 2988 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC2547' is defined on line 1212, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1216, but no explicit reference was found in the text == Unused Reference: 'RFC3552' is defined on line 1220, but no explicit reference was found in the text == Unused Reference: 'RFC4271' is defined on line 1225, but no explicit reference was found in the text == Unused Reference: 'RFC4760' is defined on line 1234, but no explicit reference was found in the text == Unused Reference: 'RFC5492' is defined on line 1251, but no explicit reference was found in the text == Outdated reference: A later version (-25) exists of draft-ietf-netmod-routing-cfg-15 ** Obsolete normative reference: RFC 2547 (Obsoleted by RFC 4364) ** Obsolete normative reference: RFC 2629 (Obsoleted by RFC 7749) Summary: 3 errors (**), 0 flaws (~~), 15 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Working Group D. Jain 3 Internet-Draft K. Patel 4 Intended status: Informational P. Brissette 5 Expires: August 23, 2016 Cisco 6 Z. Li 7 S. Zhuang 8 Huawei Technologies 9 X. Liu 10 Ericsson 11 J. Haas 12 S. Esale 13 Juniper Networks 14 B. Wen 15 Comcast 16 February 20, 2016 18 Yang Data Model for BGP/MPLS L3 VPNs 19 draft-dhjain-bess-bgp-l3vpn-yang-01.txt 21 Abstract 23 This document defines a YANG data model that can be used to configure 24 and manage BGP Layer 3 VPNs. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on August 23, 2016. 43 Copyright Notice 45 Copyright (c) 2016 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 This document may contain material from IETF Documents or IETF 59 Contributions published or made publicly available before November 60 10, 2008. The person(s) controlling the copyright in some of this 61 material may not have granted the IETF Trust the right to allow 62 modifications of such material outside the IETF Standards Process. 63 Without obtaining an adequate license from the person(s) controlling 64 the copyright in such materials, this document may not be modified 65 outside the IETF Standards Process, and derivative works of it may 66 not be created outside the IETF Standards Process, except to format 67 it for publication as an RFC or to translate it into languages other 68 than English. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 73 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 74 2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 3 75 3. Design of BGP L3VPN Data Model . . . . . . . . . . . . . . . 4 76 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 77 3.2. VRF Specific Configuration . . . . . . . . . . . . . . . 4 78 3.2.1. VRF interface . . . . . . . . . . . . . . . . . . . . 4 79 3.2.2. Route distinguisher . . . . . . . . . . . . . . . . . 4 80 3.2.3. Import and export route target . . . . . . . . . . . 5 81 3.2.4. Forwarding mode . . . . . . . . . . . . . . . . . . . 5 82 3.2.5. Label security . . . . . . . . . . . . . . . . . . . 5 83 3.2.6. Yang tree . . . . . . . . . . . . . . . . . . . . . . 5 84 3.3. BGP Specific Configuration . . . . . . . . . . . . . . . 7 85 3.3.1. VPN peering . . . . . . . . . . . . . . . . . . . . . 8 86 3.3.2. VPN prefix limits . . . . . . . . . . . . . . . . . . 8 87 3.3.3. Label Mode . . . . . . . . . . . . . . . . . . . . . 8 88 3.3.4. ASBR options . . . . . . . . . . . . . . . . . . . . 8 89 3.3.5. Yang tree . . . . . . . . . . . . . . . . . . . . . . 8 90 4. BGP Yang Module . . . . . . . . . . . . . . . . . . . . . . . 10 91 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 92 6. Security Considerations . . . . . . . . . . . . . . . . . . . 26 93 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26 94 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 95 8.1. Normative References . . . . . . . . . . . . . . . . . . 26 96 8.2. Informative References . . . . . . . . . . . . . . . . . 27 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 99 1. Introduction 101 YANG [RFC6020] is a data definition language that was introduced to 102 define the contents of a conceptual data store that allows networked 103 devices to be managed using NETCONF [RFC6241]. YANG is proving 104 relevant beyond its initial confines, as bindings to other interfaces 105 (e.g. ReST) and encodings other than XML (e.g. JSON) are being 106 defined. Furthermore, YANG data models can be used as the basis of 107 implementation for other interfaces, such as CLI and programmatic 108 APIs. 110 This document defines a YANG model that can be used to configure and 111 manage BGP L3VPNs [RFC4364]. It contains VRF sepcific parameters as 112 well as BGP specific parameters applicable for L3VPNs. The 113 individual containers defined in this model contain control knobs for 114 configuration for that purpose, as well as a few data nodes that can 115 be used to monitor health and gather statistics. 117 1.1. Requirements Language 119 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 120 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 121 document are to be interpreted as described in RFC 2119 [RFC2119]. 123 2. Definitions and Acronyms 125 AF: Address Family 127 AS: Autonomous System 129 ASBR: Autonomous System Border Router 131 BGP: Border Gateway Protocol 133 CE: Customer Edge 135 PE: Provider Edge 137 L3VPN: Layer 3 VPN 139 NETCONF: Network Configuration Protocol 141 RD: Route Distinguisher 142 ReST: Representational State Transfer, a style of stateless interface 143 and protocol that is generally carried over HTTP 145 RTFilter: Route Filter 147 VPN: Virtual Private Network 149 VRF: Virtual Routing and Forwarding 151 YANG: Data definition language for NETCONF 153 3. Design of BGP L3VPN Data Model 155 3.1. Overview 157 There are two parts of the BGP L3VPN yang data model. The first part 158 of the model defines VRF specific parameters for L3VPN by augmenting 159 the routing-instance container defined in the routing model [I- 160 D.ietf-netmod-routing-cfg] and the second part of the model defines 161 BGP specific parameters for the L3VPN by augmenting the base BGP data 162 model defined in [I-D.shaikh-idr-bgp-model]. 164 3.2. VRF Specific Configuration 166 Routing-instance defined in the IETF routing model defines a default 167 instance when routing-instance type is default-routing-instance and 168 named vrf instance when type is vrf-routing-instance. For L3VPN, the 169 VRF specific parameters are defined by augmenting the routing- 170 instance container corresponding to named vrf instance. A new 171 container l3vpn is added for VPN parameters. 173 3.2.1. VRF interface 175 To associate a VRF instance with an interface, the interface should 176 be defined in the context of routing-instance representing a VRF. 177 This is covered in base routing model [I-D.ietf-netmod-routing-cfg]. 179 3.2.2. Route distinguisher 181 Route distinguisher (RD) is an unique identifier used in VPN routes 182 to distinguish prefixes across different VPNs. RD is 8 byte field as 183 defined in the [RFC4364]. Where the first two bytes refer to type 184 followed by 6 bytes of value. The format of the value is dependent 185 on type. In the yang model, RDs are defined l3vpn container under 186 routing-instance. 188 3.2.3. Import and export route target 190 Route-target (RT) is an extended community used to specify the rules 191 for importing and exporting the routes for each VRF as defined in 192 [RFC4364]. This is applicable in the context of an address-family 193 under the VRF. Under the l3vpn container, statements for import and 194 export route-targets are added for ipv4 and ipv6 address family. 195 Both import and export sets are modeled as a list of rout-targets. 196 An import rule is modeled as list of RTs or a policy leafref 197 specifying the list of RTs to be matched for importing routes into 198 the VRF. Similarly an export rule is set or RTs or a policy leafref 199 specifying the list of RTs which should be attached to routes 200 exported from this VRF. In the case where policy is used to specify 201 the RTs, a reference to the policy via leafref is used in this model, 202 but actual definition of policy is outside the scope of this 203 document. In addition, this section also defines parameters for the 204 import from global routing table and export to global routing table, 205 as well as route limit per VPN instance for ipv4 and ipv6 address 206 family. 208 3.2.4. Forwarding mode 210 This configuration augments interface list under interface container 211 under a routing-instance as defined in IETF routing model 212 [I-D.ietf-netmod-routing-cfg]. Forwarding mode configuration is 213 required under the ASBR facing interface to enable mpls forwarding 214 for directly connected BGP peers for inter-as option B peering. 216 3.2.5. Label security 218 For inter-as option-B peering across ASs, under the ASBR facing 219 interface, mpls label security enables the checks for RPF label on 220 incoming packets. Ietf-interface container is augmented to add this 221 config. 223 3.2.6. Yang tree 225 augment /rt:routing/rt:routing-instance: 226 +--rw l3vpn 227 +--rw route-distinguisher 228 | +--rw config 229 | | +--rw rd? string 230 | +--ro state 231 | +--ro rd? string 232 +--rw ipv4 233 | +--rw unicast 234 | +--rw import-routes 235 | | +--rw config 236 | | | +--rw route-targets 237 | | | | +--rw rts* [rt] 238 | | | | +--rw rt string 239 | | | +--rw route-policy? string 240 | | +--ro state 241 | | +--ro route-targets 242 | | | +--ro rts* [rt] 243 | | | +--ro rt string 244 | | +--ro route-policy? string 245 | +--rw export-routes 246 | | +--rw config 247 | | | +--rw route-targets 248 | | | | +--rw rts* [rt] 249 | | | | +--rw rt string 250 | | | +--rw route-policy? string 251 | | +--ro state 252 | | +--ro route-targets 253 | | | +--ro rts* [rt] 254 | | | +--ro rt string 255 | | +--ro route-policy? string 256 | +--rw import-export-routes 257 | | +--rw config 258 | | | +--rw route-targets 259 | | | | +--rw rts* [rt] 260 | | | | +--rw rt string 261 | | | +--rw route-policy? string 262 | | +--ro state 263 | | +--ro route-targets 264 | | | +--ro rts* [rt] 265 | | | +--ro rt string 266 | | +--ro route-policy? string 267 | +--rw import-from-global 268 | | +--rw config 269 | | | +--rw enable? boolean 270 | | | +--rw advertise-as-vpn? boolean 271 | | | +--rw route-policy? string 272 | | | +--rw bgp-valid-route? boolean 273 | | | +--rw protocol? enumeration 274 | | | +--rw instance? string 275 | | +--ro state 276 | | +--ro enable? boolean 277 | | +--ro advertise-as-vpn? boolean 278 | | +--ro route-policy? string 279 | | +--ro bgp-valid-route? boolean 280 | | +--ro protocol? enumeration 281 | | +--ro instance? string 282 | +--rw export-to-global 283 | | +--rw config 284 | | | +--rw enable? boolean 285 | | +--ro state 286 | | +--ro enable? boolean 287 | +--rw routing-table-limit 288 | | +--rw config 289 | | | +--rw routing-table-limit-number? uint32 290 | | | +--rw (routing-table-limit-action)? 291 | | | +--:(enable-alert-percent) 292 | | | | +--rw alert-percent-value? uint8 293 | | | +--:(enable-simple-alert) 294 | | | +--rw simple-alert? boolean 295 | | +--ro state 296 | | +--ro routing-table-limit-number? uint32 297 | | +--ro (routing-table-limit-action)? 298 | | +--:(enable-alert-percent) 299 | | | +--ro alert-percent-value? uint8 300 | | +--:(enable-simple-alert) 301 | | +--ro simple-alert? boolean 302 | +--rw tunnel-params 303 | +--rw config 304 | | +--rw tunnel-policy? string 305 | +--ro state 306 | +--ro tunnel-policy? string 308 augment /if:interfaces/if:interface: 309 +--rw forwarding-mode 310 | +--rw config 311 | | +--rw forwarding-mode? fwd-mode-type 312 | +--ro state 313 | +--ro forwarding-mode? fwd-mode-type 314 +--rw mpls-label-security 315 +--rw config 316 | +--rw rpf? boolean 317 +--ro state 318 +--ro rpf? boolean 320 3.3. BGP Specific Configuration 322 The BGP specific configuration for L3VPNs is defined by augmenting 323 base BGP model [I-D.shaikh-idr-bgp-model]. In particular, specific 324 knobs are added under neighbor and address family containers to 325 handle VPN routes and ASBR peering. 327 3.3.1. VPN peering 329 For Peering between PE routers, specific VPN address family needs to 330 be enabled under BGP container in the default routing-instance. Base 331 BGP draft [I-D.shaikh-idr-bgp-model] has l3vpn address family in the 332 list of identity refs for AFs under global and neighbor modes. The 333 same is augmented here for additional knobs. For peering with CE 334 routers the VRF specific BGP configurations such as neighbors and 335 address-family are covered in base BGP config, except that such 336 configuration will be in the context of a VRF. The instance of BGP 337 in this case would be a separate instance in the context of routing 338 instance realizing a VRF. 340 3.3.2. VPN prefix limits 342 Limits for max number of VPN prefixes for a PE router is defined in 343 the context of VPN address family under BGP. This would be the total 344 number of prefixes in VPN table per AF in the context of BGP 345 protocol. Route table limit for ipv4 and ipv6 address family for 346 each VPN instance is also defined under BGP. The total prefix limit 347 per VPN, including all the protocols is defined in the context of VRF 348 address family under routing instance. 350 3.3.3. Label Mode 352 Label mode knobs control the label allocation behavior for VRF 353 routes. Such as to specify Per-site, Per-vpn and Per-route label 354 allocation. These knobs augment BGP global AF containers in the 355 context of default routing instance. 357 3.3.4. ASBR options 359 This includes few specific knobs for ASBR peering methods illustrated 360 in [RFC4364]. Such as route target retention on ASBRs and rewrite 361 next hop to self, for inter-as VPN peering across ASBRs with option-B 362 method. Similarly next hop unchanged on ASBRs for option-C peering. 363 Appropriate containers under BGP AF and NBR modes are augmented for 364 these parameters. As a note, when a knob is applicable for neighbor, 365 it is also defined under corresponding peer-group container. 367 3.3.5. Yang tree 369 module: ietf-bgp-l3vpn 370 augment /bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv4-unicast: 371 +--rw retain-rts 372 +--rw config 373 | +--rw all? empty 374 | +--rw route-policy? string 375 +--ro state 376 +--ro all? empty 377 +--ro route-policy? string 378 +--rw prefix-limit 379 +--rw config 380 | +--rw prefix-limit-number? uint32 381 | +--rw (prefix-limit-action)? 382 | +--:(enable-alert-percent) 383 | | +--rw alert-percent-value? uint8 384 | | +--rw route-unchanged? boolean 385 | +--:(enable-simple-alert) 386 | +--rw simple-alert? boolean 387 +--ro state 388 +--ro prefix-limit-number? uint32 389 +--ro (prefix-limit-action)? 390 +--:(enable-alert-percent) 391 | +--ro alert-percent-value? uint8 392 | +--ro route-unchanged? boolean 393 +--:(enable-simple-alert) 394 +--ro simple-alert? boolean ... 396 augment /bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:ipv4-unicast: 397 +--rw config 398 | +--rw label-mode? bgp-label-mode 399 +--ro state 400 +--ro label-mode? bgp-label-mode 401 +--rw routing-table-limit 402 +--rw config 403 | +--rw routing-table-limit-number? uint32 404 | +--rw (routing-table-limit-action)? 405 | +--:(enable-alert-percent) 406 | | +--rw alert-percent-value? uint8 407 | +--:(enable-simple-alert) 408 | +--rw simple-alert? boolean 409 +--ro state 410 +--ro routing-table-limit-number? uint32 411 +--ro (routing-table-limit-action)? 412 +--:(enable-alert-percent) 413 | +--ro alert-percent-value? uint8 414 +--:(enable-simple-alert) 415 +--ro simple-alert? boolean 416 ... 418 augment /bgp:bgp/bgp:neighbors/bgp:neighbor: 419 +--rw nexthop-options 420 +--rw config 421 | +--rw next-hop-self? boolean 422 | +--rw next-hop-unchanged? boolean 423 +--rw state 424 +--rw next-hop-self? boolean 425 +--rw next-hop-unchanged? boolean 427 augment /bgp:bgp/bgp:peer-groups/bgp:peer-group: 428 +--rw nexthop-options 429 +--rw config 430 | +--rw next-hop-self? boolean 431 | +--rw next-hop-unchanged? boolean 432 +--rw state 433 +--rw next-hop-self? boolean 434 +--rw next-hop-unchanged? boolean 436 augment /bgp:bgp/bgp:neighbors/bgp:neighbor/bgp:afi-safis/bgp:afi-safi: 437 +--rw nexthop-options 438 +--rw config 439 | +--rw next-hop-self? boolean 440 | +--rw next-hop-unchanged? boolean 441 +--rw state 442 +--rw next-hop-self? boolean 443 +--rw next-hop-unchanged? boolean 445 augment /bgp:bgp/bgp:peer-groups/bgp:peer-group/bgp:afi-safis/bgp:afi-safi: 446 +--rw nexthop-options 447 +--rw config 448 | +--rw next-hop-self? boolean 449 | +--rw next-hop-unchanged? boolean 450 +--rw state 451 +--rw next-hop-self? boolean 452 +--rw next-hop-unchanged? boolean 454 4. BGP Yang Module 456 file "ietf-bgp-l3vpn@2016-02-22.yang" 458 module ietf-bgp-l3vpn { 459 namespace "urn:ietf:params:xml:ns:yang:ietf-bgp-l3vpn"; 460 // replace with IANA namespace when assigned 461 prefix l3vpn ; 463 import ietf-routing { 464 prefix rt; 465 revision-date 2015-10-16; 466 } 468 import ietf-interfaces { 469 prefix if; 470 } 472 import ietf-bgp { 473 prefix bgp; 474 revision-date 2016-01-06; 475 } 477 organization 478 "IETF BGP Enabled Services WG"; 480 contact 481 "draft-dhjain-bess-l3vpn-yang@tools.ietf.org"; 483 description 484 "This YANG module defines a YANG data model to configure and manage BGP Layer3 VPNs. 485 It augments the IETF bgp yang model and IETF routing model to add L3VPN specific 486 configuration and operational knobs. 488 Terms and Acronyms 490 AF : Address Family 492 AS : Autonomous System 494 ASBR : Autonomous Systems Border Router 496 BGP (bgp) : Border Gateway Protocol 498 CE : Customer Edge 500 IP (ip) : Internet Protocol 502 IPv4 (ipv4):Internet Protocol Version 4 504 IPv6 (ipv6): Internet Protocol Version 6 506 L3VPN: Layer 3 VPN 508 PE : Provider Edge 510 RT : Route Target 511 RD : Route Distinguisher 513 VPN : Virtual Private Network 515 VRF : Virtual Routing and Forwarding 517 "; 519 revision 2016-02-22 { 520 description 521 "Initial revision."; 522 reference 523 "RFC XXXX: A YANG Data Model for BGP L3VPN config management"; 524 } 526 grouping bgp-rd-spec { 527 description "Route distinguisher specification as per RFC4364"; 528 leaf rd { 529 type string; 530 description "Route distinguisher value as per RFC4364"; 531 } 532 } 533 grouping bgp-rd { 534 description "BGP route distinguisher"; 535 container route-distinguisher { 536 description "Route distinguisher"; 537 container config { 538 description "Configuration parameters for route distinguisher"; 539 uses bgp-rd-spec ; 540 } 541 container state { 542 config "false" ; 543 description "State information for route distinguisher"; 544 uses bgp-rd-spec ; 545 } 546 } 547 } 549 typedef bgp-label-mode { 550 type enumeration { 551 enum per-ce { 552 description "Allocate labels per CE"; 553 } 554 enum per-route { 555 description "Allocate labels per prefix"; 556 } 557 enum per-vpn { 558 description "Allocate labels per VRF"; 559 } 560 } 561 description "BGP label allocation mode"; 562 } 564 typedef fwd-mode-type { 565 type enumeration { 566 enum mpls { 567 description "Forwarding mode mpls"; 568 } 569 } 570 description "Enable forwarding mode under ASBR facing interface"; 571 } 573 grouping forwarding-mode { 574 description "Forwarding mode of interface for ASBR scenario"; 575 container forwarding-mode { 576 description "Forwarding mode of interface for ASBR scenario"; 577 container config { 578 description "Configuration of Forwarding mode"; 579 leaf forwarding-mode { 580 type fwd-mode-type; 581 description "Forwarding mode for this interface"; 582 } 583 } 584 container state { 585 config "false"; 586 description "State information of Forwarding mode"; 587 leaf forwarding-mode { 588 type fwd-mode-type; 589 description "Forwarding mode for this interface"; 590 } 591 } 592 } 593 } 595 grouping label-security { 596 description "Mpls label security for ASBR option B scenario"; 597 container mpls-label-security { 598 description "MPLS label secruity"; 599 container config { 600 description "Configuration parameters"; 601 leaf rpf { 602 type boolean; 603 description "Enable MPLS label security rpf on interface"; 604 } 606 } 607 container state { 608 config "false"; 609 description "State information"; 610 leaf rpf { 611 type boolean; 612 description "MPLS label security rpf on interface"; 613 } 614 } 615 } 616 } 618 //per VPN instance table limit under BGP 619 grouping prefix-limit { 620 description 621 "The prefix limit command sets a limit on the maximum 622 number of prefixes supported in the existing VPN 623 instance, preventing the PE from importing excessive 624 VPN route prefixes. 625 "; 627 leaf prefix-limit-number { 628 type uint32 { 629 range "1..4294967295"; 630 } 631 description 632 "Specifies the maximum number of prefixes supported in the 633 VPN instance IPv4 or IPv6 address family."; 634 } 636 choice prefix-limit-action { 637 description "."; 638 case enable-alert-percent { 639 leaf alert-percent-value { 640 type uint8 { 641 range "1..100"; 642 } 643 description 644 "Specifies the proportion of the alarm threshold to the 645 maximum number of prefixes."; 646 } 647 leaf route-unchanged { 648 type boolean; 649 default "false"; 650 description 651 "Indicates that the routing table remains unchanged. 652 By default, route-unchanged is not configured. When 653 the number of prefixes in the routing table is 654 greater than the value of the parameter number, 655 routes are processed as follows: 656 (1)If route-unchanged is configured, routes in the 657 routing table remain unchanged. 658 (2)If route-unchanged is not configured, all routes 659 in the routing table are deleted and then 660 re-added."; 661 } 662 } 663 case enable-simple-alert { 664 leaf simple-alert { 665 type boolean; 666 default "false"; 667 description 668 "Indicates that when the number of VPN route prefixes 669 exceeds number, prefixes can still join the VPN 670 routing table and alarms are displayed."; 671 } 672 } 673 } 674 } 676 grouping vpn-pfx-limit { 677 description "Per VPN instance table limit under BGP"; 678 container vpn-prefix-limit { 679 description "Prefix limit for this table"; 680 container config { 681 description "Config parameters"; 682 uses prefix-limit; 683 } 684 container state { 685 config "false"; 686 description "State parameters"; 687 uses prefix-limit; 688 } 689 } 690 } 692 grouping route-target-set { 693 description 694 "Extended community route-target set "; 695 container route-targets { 696 description 697 "Route-target" ; 698 list rts { 699 key "rt" ; 700 description 701 "List of route-targets" ; 702 leaf rt { 703 type string { 704 pattern '([0-9]+:[0-9]+)'; 705 } 706 description "Route target extended community as per RFC4360"; 707 } 708 } 709 } 710 leaf route-policy { 711 type string; 712 description 713 "Reference to the policy containing set of routes. 714 TBD: leafref to policy entry in IETF policy model"; 715 } 716 } 718 grouping import-from-gbl { 719 description "Import from global routing table"; 720 leaf enable { 721 type boolean; 722 description "Enable"; 723 } 724 leaf advertise-as-vpn { 725 when "../from-default-vrf == TRUE" { 726 description "This option is valid only when importing from global routing table"; 727 } 728 type boolean; 729 description "Advertise routes imported from global table as VPN routes"; 730 } 731 leaf route-policy { 732 type string; 733 description "Policy name or import routes"; 734 } 736 leaf bgp-valid-route { 737 type boolean; 738 description "Enable all valid routes (including non-best paths) to be candidate 739 for import"; 740 } 742 leaf protocol { 743 type enumeration { 744 enum ALL { 745 value "0"; 746 description "ALL:"; 747 } 748 enum Direct { 749 value "1"; 750 description "Direct:"; 751 } 752 enum OSPF { 753 value "2"; 754 description "OSPF:"; 755 } 756 enum ISIS { 757 value "3"; 758 description "ISIS:"; 759 } 760 enum Static { 761 value "4"; 762 description "Static:"; 763 } 764 enum RIP { 765 value "5"; 766 description "RIP:"; 767 } 768 enum BGP { 769 value "6"; 770 description "BGP:"; 771 } 772 enum OSPFV3 { 773 value "7"; 774 description "OSPFV3:"; 775 } 776 enum RIPNG { 777 value "8"; 778 description "RIPNG:"; 779 } 780 enum INVALID { 781 value "9"; 782 description "INVALID:"; 783 } 784 } 785 description 786 "Specifies the protocol from which routes are imported. 787 At present, In the IPv4 unicast address family view, 788 the protocol can be IS-IS,static, direct and BGP."; 789 } 791 leaf instance { 792 type string; 793 description 794 "Specifies the instance id of the protocol"; 795 } 796 } 797 grouping global-imports { 798 description "Grouping for imports from global routing table"; 799 container import-from-global { 800 description "Import from global global routing table"; 801 container config { 802 description "Configuration"; 803 uses import-from-gbl; 804 } 805 container state { 806 config "false"; 807 description "State"; 808 uses import-from-gbl; 809 } 810 } 811 } 813 grouping export-to-gbl { 814 description "Export routes to default VRF"; 815 leaf enable { 816 type boolean; 817 description "Enable"; 818 } 819 } 821 grouping global-exports { 822 description "Grouping for exports routes to global table"; 823 container export-to-global { 824 description "Export to global routing table"; 825 container config { 826 description "Configuration"; 827 uses export-to-gbl; 828 } 829 container state { 830 config "false"; 831 description "State"; 832 uses export-to-gbl; 833 } 834 } 835 } 837 grouping route-import-set { 838 description "Grouping to specify rules for route import"; 839 container import-routes { 840 description "Set of route-targets to match to import routes into VRF"; 841 container config { 842 description 843 "Configuration parameters for import routes"; 845 uses route-target-set ; 846 } 847 container state { 848 config "false" ; 849 description 850 "State information for the import routes"; 851 uses route-target-set ; 852 } 853 } 854 } 855 grouping route-export-set { 856 description "Grouping to specify rules for route export"; 857 container export-routes { 858 description "Set of route-targets to attach with exported routes from VRF"; 859 container config { 860 description 861 "Configuration parameters for export routes"; 862 uses route-target-set ; 863 } 864 container state { 865 config "false" ; 866 description 867 "State information for export routes"; 868 uses route-target-set ; 869 } 870 } 871 } 873 grouping route-import-export-set { 874 description "Grouping to specify rules for route import/export both"; 875 container import-export-routes { 876 description "Set of route-targets for import/export both"; 877 container config { 878 description "Both import/export routes"; 879 uses route-target-set; 880 } 881 container state { 882 config "false" ; 883 description "Both import/export routes"; 884 uses route-target-set; 885 } 886 } 887 } 889 grouping route-tbl-limit-params { 890 description "Grouping for VPN table prefix limit config"; 891 leaf routing-table-limit-number { 892 type uint32 { 893 range "1..4294967295"; 894 } 895 description 896 "Specifies the maximum number of routes supported by a 897 VPN instance. "; 898 } 900 choice routing-table-limit-action { 901 description "."; 902 case enable-alert-percent { 903 leaf alert-percent-value { 904 type uint8 { 905 range "1..100"; 906 } 907 description 908 "Specifies the percentage of the maximum number of 909 routes. When the maximum number of routes that join 910 the VPN instance is up to the value 911 (number*alert-percent)/100, the system prompts 912 alarms. The VPN routes can be still added to the 913 routing table, but after the number of routes 914 reaches number, the subsequent routes are 915 dropped."; 916 } 917 } 918 case enable-simple-alert { 919 leaf simple-alert { 920 type boolean; 921 description 922 "Indicates that when VPN routes exceed number, routes 923 can still be added into the routing table, but the 924 system prompts alarms. 925 However, after the total number of VPN routes and 926 network public routes reaches the unicast route limit 927 specified in the License, the subsequent VPN routes 928 are dropped."; 929 } 930 } 931 } 932 } 934 grouping routing-tbl-limit { 935 description "."; 936 container routing-table-limit { 937 description 938 "The routing-table limit command sets a limit on the maximum 939 number of routes that the IPv4 or IPv6 address family of a 940 VPN instance can support. 942 By default, there is no limit on the maximum number of 943 routes that the IPv4 or IPv6 address family of a VPN 944 instance can support, but the total number of private 945 network and public network routes on a device cannot 946 exceed the allowed maximum number of unicast routes."; 947 container config { 948 description "Config parameters"; 949 uses route-tbl-limit-params; 950 } 951 container state { 952 config "false"; 953 description "State parameters"; 954 uses route-tbl-limit-params; 955 } 956 } 957 } 959 // Tunnel policy parameters 960 grouping tunnel-params { 961 description "Tunnel parameters"; 962 container tunnel-params { 963 description "Tunnel config parameters"; 964 container config { 965 description "configuration parameters"; 966 leaf tunnel-policy { 967 type string; 968 description 969 "Tunnel policy name."; 970 } 971 } 972 container state { 973 config "false"; 974 description "state parameters"; 975 leaf tunnel-policy { 976 type string; 977 description 978 "Tunnel policy name."; 979 } 980 } 981 } 982 } 984 // Grouping for the L3vpn specific parameters under VRF (aka routing-instance) 985 grouping l3vpn-vrf-params { 986 description "Specify route filtering rules for import/export"; 987 container ipv4 { 988 description "Specify route filtering rules for import/export"; 989 container unicast { 990 description "Specify route filtering rules for import/export"; 991 uses route-import-set; 992 uses route-export-set; 993 uses route-import-export-set; 994 uses global-imports; 995 uses global-exports; 996 uses routing-tbl-limit; 997 uses tunnel-params; 998 } 999 } 1000 container ipv6 { 1001 description "Ipv6 address family specific rules for import/export"; 1002 container unicast { 1003 description "Ipv6 unicast address family"; 1004 uses route-import-set; 1005 uses route-export-set; 1006 uses route-import-export-set; 1007 uses global-imports; 1008 uses global-exports; 1009 uses routing-tbl-limit; 1010 uses tunnel-params; 1011 } 1012 } 1013 } 1015 grouping bgp-label-mode { 1016 description "MPLS/VPN label allocation mode"; 1017 container config { 1018 description "Configuration parameters for label allocation mode"; 1019 leaf label-mode { 1020 type bgp-label-mode; 1021 description "Label allocation mode"; 1022 } 1023 } 1024 container state { 1025 config "false" ; 1026 description "State information for label allocation mode"; 1027 leaf label-mode { 1028 type bgp-label-mode; 1029 description "Label allocation mode"; 1030 } 1031 } 1032 } 1034 grouping retain-route-targets { 1035 description "Grouping for route target accept"; 1036 container retain-route-targets { 1037 description "Control route target acceptance behavior for ASBRs"; 1038 container config { 1039 description "Configuration parameters for retaining route targets"; 1040 leaf all { 1041 type empty; 1042 description "Disable filtering of all route-targets"; 1043 } 1044 leaf route-policy { 1045 type string; 1046 description "Filter routes as per filter policy name 1047 TBD: leafref to IETF routing policy model"; 1048 } 1049 } 1050 container state { 1051 config "false" ; 1052 description "State information for retaining route targets"; 1053 leaf all { 1054 type empty; 1055 description "Disable filtering of all route-targets"; 1056 } 1057 leaf route-policy { 1058 type string; 1059 description "Filter routes as per filter policy name"; 1060 } 1061 } 1062 } 1063 } 1065 grouping nexthop-opts { 1066 description "Next hop control options for inter-as route exchange"; 1067 leaf next-hop-self { 1068 type boolean; 1069 description "Set nexthop of the route to self when advertising routes"; 1070 } 1071 leaf next-hop-unchanged { 1072 type boolean; 1073 description "Enforce no nexthop change when advertising routes"; 1074 } 1075 } 1077 grouping asbr-nexthop-options { 1078 description "Nexthop parameters for inter-as VPN options "; 1079 container nexthop-options { 1080 description "Nexthop related options for inter-as options"; 1081 container config { 1082 description "Configuration parameters for nexthop options"; 1083 uses nexthop-opts; 1084 } 1085 container state { 1086 config "false"; 1087 description "State information for nexthop options" ; 1088 uses nexthop-opts; 1089 } 1090 } 1091 } 1093 // 1094 // VRF specific parameters. 1095 // RD and RTs are added in VRF routing-intance, therefore per per VRF scoped. 1096 // 1098 // route import-export rules in VRF context 1099 // (routing instance container in ietf-routing model). 1100 augment "/rt:routing/rt:routing-instance" { 1101 description "Augment routing instance container for per VRF import/export config"; 1102 container l3vpn { 1103 when "../type='rt:vrf-routing-instance'" { 1104 description "This container is only valid for vrf routing instance."; 1105 } 1106 description "Configuration of L3VPN specific parameters"; 1108 uses bgp-rd; 1109 uses l3vpn-vrf-params ; 1110 } 1111 } 1113 // bgp mpls forwarding enable required for inter-as option AB. 1114 augment "/if:interfaces/if:interface" { 1115 description "BGP mpls forwarding mode configuration on interface for ASBR scenario"; 1116 uses forwarding-mode ; 1117 uses label-security; 1118 } 1120 // 1121 // BGP Specific Paramters 1122 // 1124 // 1125 // Retain route-target for inter-as option ASBR knob. 1126 // vpn prefix limits 1127 // vpnv4/vpnv6 address-family only. 1128 augment "/bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv4-unicast" { 1129 description "Retain route targets for ASBR scenario"; 1130 uses retain-route-targets; 1131 uses vpn-pfx-limit; 1132 } 1133 augment "/bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv6-unicast" { 1134 description "Retain route targets for ASBR scenario"; 1135 uses retain-route-targets; 1136 uses vpn-pfx-limit; 1137 } 1139 // Label allocation mode configuration. Certain AFs only. 1140 augment "/bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:ipv4-unicast" { 1141 description "Augment BGP global AF mode for label allocation mode configuration"; 1142 uses bgp-label-mode ; 1143 uses routing-tbl-limit; 1144 } 1146 augment "/bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:ipv6-unicast" { 1147 description "Augment BGP global AF mode for label allocation mode configuration"; 1148 uses bgp-label-mode ; 1149 uses routing-tbl-limit; 1150 } 1152 // Nexthop options for the inter-as ASBR peering. 1153 augment "/bgp:bgp/bgp:neighbors/bgp:neighbor" { 1154 description "Augment BGP NBR mode with nexthop options for inter-as ASBRs"; 1155 uses asbr-nexthop-options; 1156 } 1158 augment "/bgp:bgp/bgp:peer-groups/bgp:peer-group" { 1159 description "Augment BGP peer-group mode with nexthop options for inter-as ASBRs"; 1160 uses asbr-nexthop-options; 1161 } 1163 augment "/bgp:bgp/bgp:neighbors/bgp:neighbor/bgp:afi-safis/bgp:afi-safi" { 1164 description "Augment BGP NBR AF mode with nexthop options for inter-as ASBRs"; 1165 uses asbr-nexthop-options; 1166 } 1168 augment "/bgp:bgp/bgp:peer-groups/bgp:peer-group/bgp:afi-safis/bgp:afi-safi" { 1169 description "Augment BGP peer-group AF mode with nexthop options for inter-as ASBRs"; 1170 uses asbr-nexthop-options; 1171 } 1173 } 1175 1176 5. IANA Considerations 1178 6. Security Considerations 1180 The transport protocol used for sending the BGP L3VPN data MUST 1181 support authentication and SHOULD support encryption. The data-model 1182 by itself does not create any security implications. 1184 This draft does not change any underlying security issues inherent in 1185 [I-D.ietf-netmod-routing-cfg] and [I-D.shaikh-idr-bgp-model]. 1187 7. Acknowledgements 1189 The authors would like to thank TBD for their detail reviews and 1190 comments. 1192 8. References 1194 8.1. Normative References 1196 [I-D.ietf-netmod-routing-cfg] 1197 Lhotka, L., "A YANG Data Model for Routing Management", 1198 draft-ietf-netmod-routing-cfg-15 (work in progress), May 1199 2014. 1201 [I-D.shaikh-idr-bgp-model] 1202 Shaikh, A., Shakir, R., Patel, K., Hares, S., D'Souza, K., 1203 Bansal, D., Clemm, A., Alex, A., Jethanandani, M., and X. 1204 Liu, "BGP Model for Service Provider Networks", draft- 1205 shaikh-idr-bgp-model-02 (work in progress), June 2015. 1207 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1208 Requirement Levels", BCP 14, RFC 2119, 1209 DOI 10.17487/RFC2119, March 1997, 1210 . 1212 [RFC2547] Rosen, E. and Y. Rekhter, "BGP/MPLS VPNs", RFC 2547, 1213 DOI 10.17487/RFC2547, March 1999, 1214 . 1216 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1217 DOI 10.17487/RFC2629, June 1999, 1218 . 1220 [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC 1221 Text on Security Considerations", BCP 72, RFC 3552, 1222 DOI 10.17487/RFC3552, July 2003, 1223 . 1225 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 1226 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 1227 DOI 10.17487/RFC4271, January 2006, 1228 . 1230 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 1231 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 1232 2006, . 1234 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 1235 "Multiprotocol Extensions for BGP-4", RFC 4760, 1236 DOI 10.17487/RFC4760, January 2007, 1237 . 1239 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1240 the Network Configuration Protocol (NETCONF)", RFC 6020, 1241 DOI 10.17487/RFC6020, October 2010, 1242 . 1244 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1245 and A. Bierman, Ed., "Network Configuration Protocol 1246 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1247 . 1249 8.2. Informative References 1251 [RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement 1252 with BGP-4", RFC 5492, DOI 10.17487/RFC5492, February 1253 2009, . 1255 Authors' Addresses 1257 Dhanendra Jain 1258 Cisco 1259 170 W. Tasman Drive 1260 San Jose, CA 95134 1261 USA 1263 Email: dhjain@cisco.com 1265 Keyur Patel 1266 Cisco 1267 170 W. Tasman Drive 1268 San Jose, CA 95134 1269 USA 1271 Email: keyupate@cisco.com 1272 Patrice Brissette 1273 Cisco 1274 170 W. Tasman Drive 1275 San Jose, CA 95134 1276 USA 1278 Email: pbrisset@cisco.com 1280 Zhenbin Li 1281 Huawei Technologies 1282 Huawei Bld., No.156 Beiqing Rd. 1283 Beijing 100095 1284 China 1286 Email: lizhenbin@huawei.com 1288 Shunwan Zhuang 1289 Huawei Technologies 1290 Huawei Bld., No.156 Beiqing Rd. 1291 Beijing 100095 1292 China 1294 Email: zhuangshunwan@huawei.com 1296 Xufeng Liu 1297 Ericsson 1298 1595 Spring Hill Road, Suite 500 1299 Vienna, VA 22182 1300 USA 1302 Email: xliu@kuatrotech.com 1304 Jeffrey Haas 1305 Juniper Networks 1307 Email: jhaas@juniper.net 1308 Santosh Esale 1309 Juniper Networks 1310 1194 N. Mathilda Ave. 1311 Sunnyvale, CA 94089 1312 US 1314 Email: sesale@juniper.net 1316 Bin Wen 1317 Comcast 1319 Email: Bin_Wen@cable.comcast.com