idnits 2.17.1 draft-ietf-bess-evpn-yang-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 282 has weird spacing: '...-target rt-...' == Line 348 has weird spacing: '...-target rt-...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (October 22, 2018) is 2013 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC8317' is mentioned on line 167, but not defined == Missing Reference: 'RFC8365' is mentioned on line 168, but not defined == Unused Reference: 'RFC7209' is defined on line 1248, but no explicit reference was found in the text -- Obsolete informational reference (is this intentional?): RFC 6536 (Obsoleted by RFC 8341) Summary: 0 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Working Group P. Brissette Ed. 3 Internet Draft Cisco System 4 Intended Status: Proposed Standard H. Shah Ed. 5 Expires: April 25, 2019 Ciena Corporation 6 I. Chen Ed. 7 Jabil 8 I. Hussain Ed. 9 Infinera Corporation 10 K. Tiruveedhula Ed. 11 Juniper Networks 12 J. Rabadan Ed. 13 Nokia 15 October 22, 2018 17 Yang Data Model for EVPN 18 draft-ietf-bess-evpn-yang-06 20 Abstract 22 This document describes a YANG data model for Ethernet VPN services. 23 The model is agnostic of the underlay. It apply to MPLS as well as to 24 VxLAN encapsulation. The model is also agnostic of the services 25 including E-LAN, E-LINE and E-TREE services. This document mainly 26 focuses on EVPN and Ethernet-Segment instance framework. 28 Status of this Memo 30 This Internet-Draft is submitted to IETF in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF), its areas, and its working groups. Note that 35 other groups may also distribute working documents as 36 Internet-Drafts. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 The list of current Internet-Drafts can be accessed at 44 http://www.ietf.org/1id-abstracts.html 46 The list of Internet-Draft Shadow Directories can be accessed at 47 http://www.ietf.org/shadow.html 49 Copyright and License Notice 51 Copyright (c) 2018 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Convention 66 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 67 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 68 document are to be interpreted as described in [RFC2119]. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 73 2. Specification of Requirements . . . . . . . . . . . . . . . . . 3 74 3. EVPN YANG Model . . . . . . . . . . . . . . . . . . . . . . . . 4 75 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4 76 3.2 Ethernet-Segment Model . . . . . . . . . . . . . . . . . . . 4 77 3.3 EVPN Model . . . . . . . . . . . . . . . . . . . . . . . . . 5 78 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . . 9 79 4.1 Ethernet Segment Yang Module . . . . . . . . . . . . . . . . 9 80 4.2 EVPN Yang Module . . . . . . . . . . . . . . . . . . . . . . 14 81 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 25 82 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 26 83 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 84 7.1. Normative Reference . . . . . . . . . . . . . . . . . . . . 26 85 7.2. Informative References . . . . . . . . . . . . . . . . . . 26 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 88 1. Introduction 90 The Network Configuration Protocol (NETCONF) [RFC6241] is a network 91 management protocol that defines mechanisms to manage network 92 devices. YANG [RFC6020] is a modular language that represents data 93 structures in an XML or JSON tree format, and is used as a data 94 modeling language for the NETCONF. 96 This document introduces a YANG data model for Ethernet VPN services 97 (EVPN) [RFC7432], Provider Backbone Bridging Combined with Ethernet 98 VPN (PBB-EVPN) [RFC7623] as well as other WG draft such as EVPN-VPWS, 99 etc. The EVPN services runs over MPLS and VxLAN underlay. 101 The Yang data model in this document defines Ethernet VPN based 102 services. The model leverages the definitions used in other IETF 103 Yang draft such as L2VPN Yang. 105 The goal is to propose a data object model consisting of building 106 blocks that can be assembled in different order to realize different 107 EVPN-based services. The definition work is undertaken initially by a 108 smaller working group with members representing various vendors and 109 service providers. The EVPN basic framework consist of two modules: 110 EVPN and Ethernet-Segment. These models are completely orthogonal. 111 They usually work in pair but user can definitely use one or the 112 other for its own need. 114 The data model is defined for following constructs that are used for 115 managing the services: 117 o Configuration 119 o Operational State 121 o Notifications 123 The document is organized to first define the data model for the 124 configuration, operational state and notifications of EVPN and 125 Ethernet-Segment. 127 The EVPN data object model defined in this document uses the instance 128 centric approach whereby EVPN service attributes are specified for a 129 given EVPN instance. 131 The Ethernet-Segment data object model defined in this document refer 132 to a specific interface. That interface can be a physical interface, 133 a bundle interface or virtual interface. The latter includes 134 attachment-circuit and pseudowire. The purpose of creating a separate 135 module is due to the fact that it can be used without having the need 136 to have EVPN configured as layer 2/3 service. For example, an access 137 node can be dual-homed to two service nodes servicing a VPLS or an 138 IPVPN core. The access connectivity can be represented by an 139 Ethernet-Segment where EVPN BGP DF election is performed over both 140 service nodes. 141 2. Specification of Requirements 143 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL 145 NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" 146 in this document are to be interpreted as described in [RFC2119]. 148 3. EVPN YANG Model 150 3.1. Overview 152 Two top level module, Ethernet-Segment and EVPN, are defined. The 153 Ethernet-Segment contains a list of interface to which any Ethernet- 154 Segment attributes are configured/applied. 156 The EVPN module has two main containers: common and instance. The 157 first one has common attributes to all VPNs where as the latter has 158 attributes specific to an EVI (EVPN instance). This document state 159 the scope of the EVPN object models definition. The following 160 documents are within the scope. This is not an exhaustive list but a 161 representation of documents that are covered for this work: 163 o Reqs for EVPN:[RFC7209] 164 o EVPN: [RFC7432] 165 o PBB-EVPN: [RFC7623] 166 o EVPN-VPWS: [RFC8214] 167 o EVPN-ETREE: [RFC8317] 168 o EVPN Overlay [RFC8365] 170 The integration with L2VPN instance Yang model is being done as part 171 of the L2VPN Yang model. 172 Following documents will be covered at that time: 173 o (PBB-)EVPN Seamless Integration with (PBB-)VPLS: 174 draft-ietf-bess-evpn-vpls-seamless-integ 175 o EVPN Virtual Ethernet Segment: 176 draft-sajassi-bess-evpn-virtual-eth-segment 177 o IP Prefix Advertisement in EVPN: 178 draft-ietf-bess-evpn-prefix-advertisement 179 o VXLAN DCI Using EVPN: 180 draft-boutros-l2vpn-vxlan-evpn 181 o Interconnect Solution for EVPN Overlay networks: 182 draft-ietf-bess-dci-evpn-overlay 183 o Integrated Routing and Bridging in EVPN: 184 draft-ietf-bess-evpn-inter-subnet-forwarding 186 3.2 Ethernet-Segment Model 188 The Ethernet-Segment data model has a list of ES where each refer to 189 an interface. All attributes are optional due to auto-sensing default 190 mode where all values are auto-derive from the network connectivity. 192 module: ietf-ethernet-segment 193 +--rw ethernet-segments 194 +--rw ethernet-segment* [name] 195 +--rw name string 196 +--ro service-type? string 197 +--ro status? status-type 198 +--rw (ac-or-pw)? 199 | +--:(ac) 200 | | +--rw ac* if:interface-ref 201 | +--:(pw) 202 | +--rw pw* pw:pseudowire-ref 203 +--ro interface-status? status-type 204 +--rw ethernet-segment-identifier? uint32 205 +--rw (active-mode) 206 | +--:(single-active) 207 | | +--rw single-active-mode? empty 208 | +--:(all-active) 209 | +--rw all-active-mode? empty 210 +--rw pbb-parameters {ethernet-segment-pbb-params}? 211 | +--rw backbone-src-mac? yang:mac-address 212 +--rw bgp-parameters 213 | +--rw common 214 | +--rw rd-rt* [route-distinguisher] 215 | {ethernet-segment-bgp-params}? 216 | +--rw route-distinguisher 217 | rt-types:route-distinguisher 218 | +--rw vpn-target* [route-target] 219 | +--rw route-target 220 | rt-types:route-target 221 | +--rw route-target-type 222 | rt-types:route-target-type 223 +--rw df-election 224 | +--rw df-election-method? df-election-method-type 225 | +--rw preference? uint16 226 | +--rw revertive? boolean 227 | +--rw election-wait-time? uint32 228 +--rw ead-evi-route? boolean 229 +--ro esi-label? string 230 +--ro member* 231 | +--ro ip-address? inet:ip-address 232 +--ro df* 233 +--ro service-identifier? uint32 234 +--ro vlan? uint32 235 +--ro ip-address? inet:ip-address 237 3.3 EVPN Model 239 The evpn-instances container contains a list of evpn-instance. Each 240 entry of the evpn-instance represents a different Ethernet VPN and it 241 is represented by a EVI. Again, mainly all attributes are optional 242 for the same reason as for the Ethernet-Segment module. 244 module: ietf-evpn 245 +--rw evpn 246 +--rw common 247 | +--rw (replication-type)? 248 | +--:(ingress-replication) 249 | | +--rw ingress-replication? boolean 250 | +--:(p2mp-replication) 251 | +--rw p2mp-replication? boolean 252 +--rw evpn-instances 253 +--rw evpn-instance* [name] 254 +--rw name string 255 +--rw evi? uint32 256 +--rw pbb-parameters {evpn-pbb-params}? 257 | +--rw source-bmac? yang:hex-string 258 +--rw bgp-parameters 259 | +--rw common 260 | +--rw rd-rt* [route-distinguisher] 261 | {evpn-bgp-params}? 262 | +--rw route-distinguisher 263 | | rt-types:route-distinguisher 264 | +--rw vpn-target* [route-target] 265 | +--rw route-target 266 | rt-types:route-target 267 | +--rw route-target-type 268 rt-types:route-target-type 269 +--rw arp-proxy? boolean 270 +--rw arp-suppression? boolean 271 +--rw nd-proxy? boolean 272 +--rw nd-suppression? boolean 273 +--rw underlay-multicast? boolean 274 +--rw flood-unknown-unicast-supression? boolean 275 +--rw vpws-vlan-aware? boolean 276 +--ro routes 277 | +--ro ethernet-auto-discovery-route* 278 | | +--ro rd-rt* [route-distinguisher] 279 | | | +--ro route-distinguisher 280 | | | rt-types:route-distinguisher 281 | | | +--ro vpn-target* [route-target] 282 | | | +--ro route-target rt-types:route-target 283 | | +--ro ethernet-segment-identifier? uint32 284 | | +--ro ethernet-tag? uint32 285 | | +--ro path* 286 | | +--ro next-hop? inet:ip-address 287 | | +--ro label? rt-types:mpls-label 288 | | +--ro detail 289 | | +--ro attributes 290 | | | +--ro extended-community* string 291 | | +--ro bestpath? empty 292 | +--ro mac-ip-advertisement-route* 293 | | +--ro rd-rt* [route-distinguisher] 294 | | | +--ro route-distinguisher 295 | | | rt-types:route-distinguisher 296 | | | +--ro vpn-target* [route-target] 297 | | | +--ro route-target 298 | | | rt-types:route-target 299 | | +--ro ethernet-segment-identifier? uint32 300 | | +--ro ethernet-tag? uint32 301 | | +--ro mac-address? yang:hex-string 302 | | +--ro mac-address-length? uint8 303 | | +--ro ip-prefix? inet:ip-prefix 304 | | +--ro path* 305 | | +--ro next-hop? inet:ip-address 306 | | +--ro label? rt-types:mpls-label 307 | | +--ro label2? rt-types:mpls-label 308 | | +--ro detail 309 | | +--ro attributes 310 | | | +--ro extended-community* string 311 | | +--ro bestpath? empty 312 | +--ro inclusive-multicast-ethernet-tag-route* 313 | | +--ro rd-rt* [route-distinguisher] 314 | | | +--ro route-distinguisher 315 | | | rt-types:route-distinguisher 316 | | | +--ro vpn-target* [route-target] 317 | | | +--ro route-target 318 | | | rt-types:route-target 319 | | +--ro ethernet-segment-identifier? uint32 320 | | +--ro originator-ip-prefix? inet:ip-prefix 321 | | +--ro path* 322 | | +--ro next-hop? inet:ip-address 323 | | +--ro label? rt-types:mpls-label 324 | | +--ro detail 325 | | +--ro attributes 326 | | | +--ro extended-community* string 327 | | +--ro bestpath? empty 328 | +--ro ethernet-segment-route* 329 | | +--ro rd-rt* [route-distinguisher] 330 | | | +--ro route-distinguisher 331 | | | rt-types:route-distinguisher 332 | | | +--ro vpn-target* [route-target] 333 | | | +--ro route-target 334 | | | rt-types:route-target 335 | | +--ro ethernet-segment-identifier? uint32 336 | | +--ro originator-ip-prefix? inet:ip-prefix 337 | | +--ro path* 338 | | +--ro next-hop? inet:ip-address 339 | | +--ro detail 340 | | +--ro attributes 341 | | | +--ro extended-community* string 342 | | +--ro bestpath? empty 343 | +--ro ip-prefix-route* 344 | +--ro rd-rt* [route-distinguisher] 345 | | +--ro route-distinguisher 346 | | rt-types:route-distinguisher 347 | | +--ro vpn-target* [route-target] 348 | | +--ro route-target rt-types:route-target 349 | +--ro ethernet-segment-identifier? uint32 350 | +--ro ip-prefix? inet:ip-prefix 351 | +--ro path* 352 | +--ro next-hop? inet:ip-address 353 | +--ro label? rt-types:mpls-label 354 | +--ro detail 355 | +--ro attributes 356 | | +--ro extended-community* string 357 | +--ro bestpath? empty 358 +--ro statistics 359 +--ro tx-count? uint32 360 +--ro rx-count? uint32 361 +--ro detail 362 +--ro broadcast-tx-count? uint32 363 +--ro broadcast-rx-count? uint32 364 +--ro multicast-tx-count? uint32 365 +--ro multicast-rx-count? uint32 366 +--ro unknown-unicast-tx-count? uint32 367 +--ro unknown-unicast-rx-count? uint32 368 augment /pw:pseudowires/pw:pseudowire/pw:pw-type: 369 +--:(evpn-pw) 370 +--rw evpn-pw 371 +--rw remote-id? uint32 372 +--rw local-id? uint32 373 augment 374 /ni:network-instances/ni:network-instance/ni:ni-type/l2vpn:l2vpn: 375 +--rw evpn-instance? evpn-instance-ref 376 augment 377 /ni:network-instances/ni:network-instance/ni:ni-type/l2vpn:l2vpn: 378 +--rw vpls-contstraints 380 notifications: 381 +---n evpn-state-change-notification 382 +--ro evpn-instance? evpn-instance-ref 383 +--ro state? identityref 385 4. YANG Module 387 The EVPN configuration container is logically divided into 388 following high level configuration areas: 390 4.1 Ethernet Segment Yang Module 392 file "ietf-ethernet-segment@2018-02-20.yang" 393 module ietf-ethernet-segment { 394 namespace "urn:ietf:params:xml:ns:yang:ietf-ethernet-segment"; 395 prefix "es"; 397 import ietf-yang-types { 398 prefix "yang"; 399 } 401 import ietf-inet-types { 402 prefix "inet"; 403 } 405 import ietf-routing-types { 406 prefix "rt-types"; 407 } 409 import ietf-interfaces { 410 prefix "if"; 411 } 413 import ietf-pseudowires { 414 prefix "pw"; 415 } 417 organization "ietf"; 418 contact "ietf"; 419 description "ethernet segment"; 421 revision "2018-02-20" { 422 description " - Change the type of attachment circuit to " + 423 " if:interface-ref " + 424 ""; 425 reference ""; 426 } 428 revision "2017-10-21" { 429 description " - Updated ethernet segment's AC/PW members to " + 430 " accommodate more than one AC or more than one " + 431 " PW " + 432 " - Added the new preference based DF election " + 433 " method " + 434 " - Referenced pseudowires in the new " + 435 " ietf-pseudowires.yang model " + 436 " - Moved model to NMDA style specified in " + 437 " draft-dsdt-nmda-guidelines-01.txt " + 438 ""; 439 reference ""; 440 } 442 revision "2017-03-08" { 443 description " - Updated to use BGP parameters from " + 444 " ietf-routing-types.yang instead of from " + 445 " ietf-evpn.yang " + 446 " - Updated ethernet segment's AC/PW members to " + 447 " accommodate more than one AC or more than one " + 448 " PW " + 449 " - Added the new preference based DF election " + 450 " method " + 451 ""; 452 reference ""; 453 } 455 revision "2016-07-08" { 456 description " - Added the configuration option to enable or " + 457 " disable per-EVI/EAD route " + 458 " - Added PBB parameter backbone-src-mac " + 459 " - Added operational state branch, initially " + 460 " to match the configuration branch" + 461 ""; 462 reference ""; 463 } 465 revision "2016-06-23" { 466 description "WG document adoption"; 467 reference ""; 468 } 470 revision "2015-10-15" { 471 description "Initial revision"; 472 reference ""; 473 } 475 /* Features */ 477 feature ethernet-segment-bgp-params { 478 description "Ethernet segment's BGP parameters"; 479 } 480 feature ethernet-segment-pbb-params { 481 description "Ethernet segment's PBB parameters"; 482 } 484 /* Typedefs */ 485 typedef status-type { 486 type enumeration { 487 enum up { 488 description "Status is up"; 489 } 490 enum down { 491 description "Status is down"; 492 } 493 } 494 description "status type"; 495 } 497 typedef df-election-method-type { 498 type enumeration { 499 enum default { 500 value 0; 501 description "The default DF election method"; 502 } 503 enum highest-random-weight { 504 value 1; 505 description "The highest random weight (HRW) method"; 506 reference "draft-mohanty-bess-evpn-df-election"; 507 } 508 enum preference { 509 value 2; 510 description "The preference based method"; 511 reference "draft-rabadan-bess-evpn-pref-df"; 512 } 513 } 514 description "The DF election method type"; 515 } 517 /* EVPN Ethernet Segment YANG Model */ 519 container ethernet-segments { 520 description "ethernet-segment"; 521 list ethernet-segment { 522 key "name"; 523 leaf name { 524 type string; 525 description "Name of the ethernet segment"; 526 } 527 leaf service-type { 528 type string; 529 config false; 530 description "service-type"; 531 } 532 leaf status { 533 type status-type; 534 config false; 535 description "Ethernet segment status"; 536 } 537 choice ac-or-pw { 538 description "ac-or-pw"; 539 case ac { 540 leaf-list ac { 541 type if:interface-ref; 542 description "Name of attachment circuit"; 543 } 544 } 545 case pw { 546 leaf-list pw { 547 type pw:pseudowire-ref; 548 description "Reference to a pseudowire"; 549 } 550 } 551 } 552 leaf interface-status { 553 type status-type; 554 config false; 555 description "interface status"; 556 } 557 leaf ethernet-segment-identifier { 558 type uint32; 559 description "Ethernet segment identifier (esi)"; 560 } 561 choice active-mode { 562 mandatory true; 563 description "Choice of active mode"; 564 case single-active { 565 leaf single-active-mode { 566 type empty; 567 description "single-active-mode"; 568 } 569 } 570 case all-active { 571 leaf all-active-mode { 572 type empty; 573 description "all-active-mode"; 574 } 575 } 577 } 578 container pbb-parameters { 579 if-feature ethernet-segment-pbb-params; 580 description "PBB configuration"; 581 leaf backbone-src-mac { 582 type yang:mac-address; 583 description "backbone-src-mac, only if this is a PBB"; 584 } 585 } 586 container bgp-parameters { 587 description "BGP parameters"; 588 container common { 589 description "BGP parameters common to all pseudowires"; 590 list rd-rt { 591 if-feature ethernet-segment-bgp-params; 592 key "route-distinguisher"; 593 leaf route-distinguisher { 594 type rt-types:route-distinguisher; 595 description "Route distinguisher"; 596 } 597 uses rt-types:vpn-route-targets; 598 description "A list of route distinguishers and " + 599 "corresponding VPN route targets"; 600 } 601 } 602 } 603 container df-election { 604 description "df-election"; 605 leaf df-election-method { 606 type df-election-method-type; 607 description "The DF election method"; 608 } 609 leaf preference { 610 when "../df-election-method = 'preference'" { 611 description "The preference value is only applicable " + 612 "to the preference based method"; 613 } 614 type uint16; 615 description "The DF preference"; 616 } 617 leaf revertive { 618 when "../df-election-method = 'preference'" { 619 description "The revertive value is only applicable " + 620 "to the preference method"; 621 } 622 type boolean; 623 default true; 624 description "The 'preempt' or 'revertive' behavior"; 626 } 627 leaf election-wait-time { 628 type uint32; 629 description "election-wait-time"; 630 } 631 } 632 leaf ead-evi-route { 633 type boolean; 634 default false; 635 description "Enable (true) or disable (false) ead-evi-route"; 636 } 637 leaf esi-label { 638 type string; 639 config false; 640 description "esi-label"; 641 } 642 list member { 643 config false; 644 leaf ip-address { 645 type inet:ip-address; 646 description "ip-address"; 647 } 648 description "member of the ethernet segment"; 649 } 650 list df { 651 config false; 652 leaf service-identifier { 653 type uint32; 654 description "service-identifier"; 655 } 656 leaf vlan { 657 type uint32; 658 description "vlan"; 659 } 660 leaf ip-address { 661 type inet:ip-address; 662 description "ip-address"; 663 } 664 description "df of an evpn instance's vlan"; 665 } 666 description "An ethernet segment"; 667 } 668 } 669 } 670 672 4.2 EVPN Yang Module 673 file "ietf-evpn@2018-02-20.yang" 674 module ietf-evpn { 675 namespace "urn:ietf:params:xml:ns:yang:ietf-evpn"; 676 prefix "evpn"; 678 import ietf-inet-types { 679 prefix "inet"; 680 } 682 import ietf-yang-types { 683 prefix "yang"; 684 } 686 import ietf-routing-types { 687 prefix "rt-types"; 688 } 690 import ietf-network-instance { 691 prefix "ni"; 692 } 694 import ietf-l2vpn { 695 prefix "l2vpn"; 696 } 698 import ietf-pseudowires { 699 prefix "pw"; 700 } 702 organization "ietf"; 703 contact "ietf"; 704 description "evpn"; 706 revision "2018-02-20" { 707 description " - Incorporated ietf-network-instance model" + 708 " on which ietf-l2vpn is now based " + 709 ""; 710 reference ""; 711 } 713 revision "2017-10-21" { 714 description " - Modified the operational state augment " + 715 " - Renamed evpn-instances-state to evpn-instances" + 716 " - Added vpws-vlan-aware to an EVPN instance " + 717 " - Added a new augment to L2VPN to add EPVN " + 718 " - pseudowire for the case of EVPN VPWS " + 719 " - Added state change notification " + 720 ""; 722 reference ""; 723 } 725 revision "2017-03-13" { 726 description " - Added an augment to base L2VPN model to " + 727 " reference an EVPN instance " + 728 " - Reused ietf-routing-types.yang " + 729 " vpn-route-targets grouping instead of " + 730 " defining it in this module " + 731 ""; 732 reference ""; 733 } 735 revision "2016-07-08" { 736 description " - Added operational state" + 737 " - Added a configuration knob to enable/disable " + 738 " underlay-multicast " + 739 " - Added a configuration knob to enable/disable " + 740 " flooding of unknonw unicast " + 741 " - Added several configuration knobs " + 742 " to manage ARP and ND" + 743 ""; 744 reference ""; 745 } 747 revision "2016-06-23" { 748 description "WG document adoption"; 749 reference ""; 750 } 752 revision "2015-10-15" { 753 description "Initial revision"; 754 reference ""; 755 } 757 feature evpn-bgp-params { 758 description "EVPN's BGP parameters"; 759 } 761 feature evpn-pbb-params { 762 description "EVPN's PBB parameters"; 763 } 765 /* Identities */ 767 identity evpn-notification-state { 768 description "The base identity on which EVPN notification " + 769 "states are based"; 771 } 773 identity MAC-duplication-detected { 774 base "evpn-notification-state"; 775 description "MAC duplication is detected"; 776 } 778 identity mass-withdraw-received { 779 base "evpn-notification-state"; 780 description "Mass withdraw received"; 781 } 783 identity static-MAC-move-detected { 784 base "evpn-notification-state"; 785 description "Static MAC move is detected"; 786 } 788 /* Typedefs */ 790 typedef evpn-instance-ref { 791 type leafref { 792 path "/evpn/evpn-instances/evpn-instance/name"; 793 } 794 description "A leafref type to an EVPN instance"; 795 } 797 /* Groupings */ 799 grouping route-rd-rt-grp { 800 description "A grouping for a route's route distinguishers " + 801 "and route targets"; 802 list rd-rt { 803 key "route-distinguisher"; 804 leaf route-distinguisher { 805 type rt-types:route-distinguisher; 806 description "Route distinguisher"; 807 } 808 list vpn-target { 809 key "route-target"; 810 leaf route-target { 811 type rt-types:route-target; 812 description "BGP route target"; 813 } 814 description "A list of route targets"; 815 } 816 description "A list of route distinguishers and " + 817 "corresponding VPN route targets"; 818 } 820 } 822 grouping next-hop-label-grp { 823 description "next-hop-label-grp"; 824 leaf next-hop { 825 type inet:ip-address; 826 description "next-hop"; 827 } 828 leaf label { 829 type rt-types:mpls-label; 830 description "label"; 831 } 832 } 834 grouping next-hop-label2-grp { 835 description "next-hop-label2-grp"; 836 leaf label2 { 837 type rt-types:mpls-label; 838 description "label2"; 839 } 840 } 842 grouping path-detail-grp { 843 description "path-detail-grp"; 844 container detail { 845 config false; 846 description "path details"; 847 container attributes { 848 leaf-list extended-community { 849 type string; 850 description "extended-community"; 851 } 852 description "attributes"; 853 } 854 leaf bestpath { 855 type empty; 856 description "Indicate this path is the best path"; 857 } 858 } 859 } 861 /* EVPN YANG Model */ 863 container evpn { 864 description "evpn"; 865 container common { 866 description "common epn attributes"; 867 choice replication-type { 868 description "A choice of replication type"; 869 case ingress-replication { 870 leaf ingress-replication { 871 type boolean; 872 description "ingress-replication"; 873 } 874 } 875 case p2mp-replication { 876 leaf p2mp-replication { 877 type boolean; 878 description "p2mp-replication"; 879 } 880 } 881 } 882 } 883 container evpn-instances { 884 description "evpn-instances"; 885 list evpn-instance { 886 key "name"; 887 description "An EVPN instance"; 888 leaf name { 889 type string; 890 description "Name of EVPN instance"; 891 } 892 leaf evi { 893 type uint32; 894 description "evi"; 895 } 896 container pbb-parameters { 897 if-feature "evpn-pbb-params"; 898 description "PBB parameters"; 899 leaf source-bmac { 900 type yang:hex-string; 901 description "source-bmac"; 902 } 903 } 904 container bgp-parameters { 905 description "BGP parameters"; 906 container common { 907 description "BGP parameters common to all pseudowires"; 908 list rd-rt { 909 if-feature evpn-bgp-params; 910 key "route-distinguisher"; 911 leaf route-distinguisher { 912 type rt-types:route-distinguisher; 913 description "Route distinguisher"; 914 } 915 uses rt-types:vpn-route-targets; 916 description "A list of route distinguishers and " + 917 "corresponding VPN route targets"; 918 } 919 } 920 } 921 leaf arp-proxy { 922 type boolean; 923 default false; 924 description "Enable (TRUE) or disable (FALSE) ARP proxy"; 925 } 926 leaf arp-suppression { 927 type boolean; 928 default false; 929 description "Enable (TRUE) or disable (FALSE) " + 930 "ARP suppression"; 931 } 932 leaf nd-proxy { 933 type boolean; 934 default false; 935 description "Enable (TRUE) or disable (FALSE) ND proxy"; 936 } 937 leaf nd-suppression { 938 type boolean; 939 default false; 940 description "Enable (TRUE) or disable (FALSE) " + 941 "ND suppression"; 942 } 943 leaf underlay-multicast { 944 type boolean; 945 default false; 946 description "Enable (TRUE) or disable (FALSE) " + 947 "underlay multicast"; 948 } 949 leaf flood-unknown-unicast-supression { 950 type boolean; 951 default false; 952 description "Enable (TRUE) or disable (FALSE) " + 953 "flood unknown unicast suppression"; 954 } 955 leaf vpws-vlan-aware { 956 type boolean; 957 default false; 958 description "Enable (TRUE) or disable (FALSE) " + 959 "VPWS VLAN aware"; 960 } 961 container routes { 962 config false; 963 description "routes"; 964 list ethernet-auto-discovery-route { 965 uses route-rd-rt-grp; 966 leaf ethernet-segment-identifier { 967 type uint32; 968 description "Ethernet segment identifier (esi)"; 969 } 970 leaf ethernet-tag { 971 type uint32; 972 description "An ethernet tag (etag) indentifying a " + 973 "broadcast domain"; 974 } 975 list path { 976 uses next-hop-label-grp; 977 uses path-detail-grp; 978 description "path"; 979 } 980 description "ethernet-auto-discovery-route"; 981 } 982 list mac-ip-advertisement-route { 983 uses route-rd-rt-grp; 984 leaf ethernet-segment-identifier { 985 type uint32; 986 description "Ethernet segment identifier (esi)"; 987 } 988 leaf ethernet-tag { 989 type uint32; 990 description "An ethernet tag (etag) indentifying a " + 991 "broadcast domain"; 992 } 993 leaf mac-address { 994 type yang:hex-string; 995 description "Route mac address"; 996 } 997 leaf mac-address-length { 998 type uint8 { 999 range "0..48"; 1000 } 1001 description "mac address length"; 1002 } 1003 leaf ip-prefix { 1004 type inet:ip-prefix; 1005 description "ip-prefix"; 1006 } 1007 list path { 1008 uses next-hop-label-grp; 1009 uses next-hop-label2-grp; 1010 uses path-detail-grp; 1011 description "path"; 1013 } 1014 description "mac-ip-advertisement-route"; 1015 } 1016 list inclusive-multicast-ethernet-tag-route { 1017 uses route-rd-rt-grp; 1018 leaf ethernet-segment-identifier { 1019 type uint32; 1020 description "Ethernet segment identifier (esi)"; 1021 } 1022 leaf originator-ip-prefix { 1023 type inet:ip-prefix; 1024 description "originator-ip-prefix"; 1025 } 1026 list path { 1027 uses next-hop-label-grp; 1028 uses path-detail-grp; 1029 description "path"; 1030 } 1031 description "inclusive-multicast-ethernet-tag-route"; 1032 } 1033 list ethernet-segment-route { 1034 uses route-rd-rt-grp; 1035 leaf ethernet-segment-identifier { 1036 type uint32; 1037 description "Ethernet segment identifier (esi)"; 1038 } 1039 leaf originator-ip-prefix { 1040 type inet:ip-prefix; 1041 description "originator ip-prefix"; 1042 } 1043 list path { 1044 leaf next-hop { 1045 type inet:ip-address; 1046 description "next-hop"; 1047 } 1048 uses path-detail-grp; 1049 description "path"; 1050 } 1051 description "ethernet-segment-route"; 1052 } 1053 list ip-prefix-route { 1054 uses route-rd-rt-grp; 1055 leaf ethernet-segment-identifier { 1056 type uint32; 1057 description "Ethernet segment identifier (esi)"; 1058 } 1059 leaf ip-prefix { 1060 type inet:ip-prefix; 1061 description "ip-prefix"; 1062 } 1063 list path { 1064 uses next-hop-label-grp; 1065 uses path-detail-grp; 1066 description "path"; 1067 } 1068 description "ip-prefix route"; 1069 } 1070 } 1071 container statistics { 1072 config false; 1073 description "Statistics"; 1074 leaf tx-count { 1075 type uint32; 1076 description "transmission count"; 1077 } 1078 leaf rx-count { 1079 type uint32; 1080 description "receive count"; 1081 } 1082 container detail { 1083 description "Detailed statistics"; 1084 leaf broadcast-tx-count { 1085 type uint32; 1086 description "broadcast transmission count"; 1087 } 1088 leaf broadcast-rx-count { 1089 type uint32; 1090 description "broadcast receive count"; 1091 } 1092 leaf multicast-tx-count { 1093 type uint32; 1094 description "multicast transmission count"; 1095 } 1096 leaf multicast-rx-count { 1097 type uint32; 1098 description "multicast receive count"; 1099 } 1100 leaf unknown-unicast-tx-count { 1101 type uint32; 1102 description "unknown unicast transmission count"; 1103 } 1104 leaf unknown-unicast-rx-count { 1105 type uint32; 1106 description "unknown-unicast receive count"; 1107 } 1108 } 1110 } 1111 } 1112 } 1113 } 1115 /* augments */ 1117 augment "/pw:pseudowires/pw:pseudowire/pw:pw-type" { 1118 description "Augment for an L2VPN instance to add EVPN VPWS " + 1119 "pseudowire"; 1120 case evpn-pw { 1121 container evpn-pw { 1122 description "EVPN pseudowire"; 1123 leaf remote-id { 1124 type uint32; 1125 description "Remote pseudowire ID"; 1126 } 1127 leaf local-id { 1128 type uint32; 1129 description "Local pseudowire ID"; 1130 } 1131 } 1132 } 1133 } 1135 augment "/ni:network-instances/ni:network-instance/ni:ni-type" + 1136 "/l2vpn:l2vpn" { 1137 description "Augment for an L2VPN instance and EVPN association"; 1138 leaf evpn-instance { 1139 type evpn-instance-ref; 1140 description "Reference to an EVPN instance"; 1141 } 1142 } 1144 augment "/ni:network-instances/ni:network-instance/ni:ni-type" + 1145 "/l2vpn:l2vpn" { 1146 when "l2vpn:type = 'l2vpn:vpls-instance-type'" { 1147 description "Constraints only for VPLS pseudowires"; 1148 } 1149 description "Augment for VPLS instance"; 1150 container vpls-contstraints { 1151 must "not(boolean(/pw:pseudowires/pw:pseudowire" + 1152 " [pw:name = current()/../l2vpn:endpoint" + 1153 " /l2vpn:pw/l2vpn:name]" + 1154 " /evpn-pw/remote-id)) and " + 1155 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1156 " [pw:name = current()/../l2vpn:endpoint" + 1157 " /l2vpn:pw/l2vpn:name]" + 1158 " /evpn-pw/local-id)) and " + 1159 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1160 " [pw:name = current()/../l2vpn:endpoint" + 1161 " /l2vpn:primary-pw/l2vpn:name]" + 1162 " /evpn-pw/remote-id)) and " + 1163 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1164 " [pw:name = current()/../l2vpn:endpoint" + 1165 " /l2vpn:primary-pw/l2vpn:name]" + 1166 " /evpn-pw/local-id)) and " + 1167 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1168 " [pw:name = current()/../l2vpn:endpoint" + 1169 " /l2vpn:backup-pw/l2vpn:name]" + 1170 " /evpn-pw/remote-id)) and " + 1171 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1172 " [pw:name = current()/../l2vpn:endpoint" + 1173 " /l2vpn:backup-pw/l2vpn:name]" + 1174 " /evpn-pw/local-id))" { 1175 description "A VPLS pseudowire must not be EVPN PW"; 1176 } 1177 description "VPLS constraints"; 1178 } 1179 } 1181 /* Notifications */ 1183 notification evpn-state-change-notification { 1184 description "EVPN state change notification"; 1185 leaf evpn-instance { 1186 type evpn-instance-ref; 1187 description "Related EVPN instance"; 1188 } 1189 leaf state { 1190 type identityref { 1191 base evpn-notification-state; 1192 } 1193 description "State change notification"; 1194 } 1195 } 1196 } 1197 1199 5. Security Considerations 1201 The configuration, state, action and notification data defined in 1202 this document are designed to be accessed via the NETCONF protocol 1203 [RFC6241]. The lowest NETCONF layer is the secure transport layer 1204 and the mandatory-to-implement secure transport is SSH [RFC6242]. The 1205 NETCONF access control model [RFC6536] provides means to restrict 1206 access for particular NETCONF users to a pre-configured subset of all 1207 available NETCONF protocol operations and content. 1209 The security concerns listed above are, however, no different than 1210 faced by other routing protocols. Hence, this draft does not change 1211 any underlying security issues inherent in [I-D.ietf-netmod-routing- 1212 cfg] 1214 6. IANA Considerations 1216 None. 1218 7. References 1220 7.1. Normative Reference 1222 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1223 Requirement Levels", BCP 14, RFC 2119, DOI 1224 10.17487/RFC2119, March 1997, . 1227 7.2. Informative References 1229 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1230 and A. Bierman, Ed., "Network Configuration Protocol 1231 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1232 . 1234 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1235 the Network Configuration Protocol (NETCONF)", RFC 6020, 1236 DOI 10.17487/RFC6020, October 2010, . 1239 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1240 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1241 . 1243 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1244 Protocol (NETCONF) Access Control Model", RFC 6536, DOI 1245 10.17487/RFC6536, March 2012, . 1248 [RFC7209] Sajassi, A., Aggarwal, R., Uttaro, J., Bitar, N., 1249 Henderickx, W., and A. Isaac, "Requirements for Ethernet 1250 VPN (EVPN)", RFC 7209, DOI 10.17487/RFC7209, May 2014, 1251 . 1253 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 1254 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 1255 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 1256 2015, . 1258 [RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W. 1259 Henderickx, "Provider Backbone Bridging Combined with 1260 Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623, 1261 September 2015, . 1263 [RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J. 1264 Rabadan, "Virtual Private Wire Service Support in Ethernet 1265 VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017, 1266 . 1268 Authors' Addresses 1270 Patrice Brissette 1271 Cisco Systems, Inc. 1272 EMail: pbrisset@cisco.com 1274 Himanshu Shah 1275 Ciena Corporation 1276 EMail: hshah@ciena.com 1278 Helen Chen 1279 Jabil 1280 EMail: Ing-Wher_Chen@jabil.com 1282 Iftekar Hussain 1283 Infinera Corporation 1284 EMail: ihussain@infinera.com 1286 Kishore Tiruveedhula 1287 Juniper Networks 1288 EMail: kishoret@juniper.net 1290 Jorge Rabadan 1291 Nokia 1292 EMail: jorge.rabadan@nokia.com 1294 Ali Sajassi 1295 Cisco Systems, Inc. 1296 EMail: sajassi@cisco.com 1298 Zhenbin Li 1299 Huawei Technologies 1300 EMail: lizhenbin@huawei.com