idnits 2.17.1 draft-ietf-bess-evpn-yang-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 11 instances of too long lines in the document, the longest one being 22 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (March 11, 2019) is 1863 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC8317' is mentioned on line 167, but not defined == Missing Reference: 'RFC8365' is mentioned on line 168, but not defined == Unused Reference: 'RFC6991' is defined on line 1246, but no explicit reference was found in the text == Unused Reference: 'RFC8294' is defined on line 1250, but no explicit reference was found in the text == Unused Reference: 'RFC7209' is defined on line 1276, but no explicit reference was found in the text -- Obsolete informational reference (is this intentional?): RFC 6536 (Obsoleted by RFC 8341) Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Working Group P. Brissette Ed. 3 Internet Draft Cisco System 4 Intended Status: Proposed Standard H. Shah Ed. 5 Expires: September 12, 2019 Ciena Corporation 6 I. Chen Ed. 7 Jabil 8 I. Hussain Ed. 9 Infinera Corporation 10 K. Tiruveedhula Ed. 11 Juniper Networks 12 J. Rabadan Ed. 13 Nokia 15 March 11, 2019 17 Yang Data Model for EVPN 18 draft-ietf-bess-evpn-yang-07 20 Abstract 22 This document describes a YANG data model for Ethernet VPN services. 23 The model is agnostic of the underlay. It apply to MPLS as well as to 24 VxLAN encapsulation. The model is also agnostic of the services 25 including E-LAN, E-LINE and E-TREE services. This document mainly 26 focuses on EVPN and Ethernet-Segment instance framework. 28 Status of this Memo 30 This Internet-Draft is submitted to IETF in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF), its areas, and its working groups. Note that 35 other groups may also distribute working documents as 36 Internet-Drafts. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 The list of current Internet-Drafts can be accessed at 44 http://www.ietf.org/1id-abstracts.html 46 The list of Internet-Draft Shadow Directories can be accessed at 47 http://www.ietf.org/shadow.html 49 Copyright and License Notice 51 Copyright (c) 2019 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Convention 66 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 67 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 68 document are to be interpreted as described in [RFC2119]. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 73 2. Specification of Requirements . . . . . . . . . . . . . . . . . 3 74 3. EVPN YANG Model . . . . . . . . . . . . . . . . . . . . . . . . 4 75 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4 76 3.2 Ethernet-Segment Model . . . . . . . . . . . . . . . . . . . 4 77 3.3 EVPN Model . . . . . . . . . . . . . . . . . . . . . . . . . 5 78 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . . 8 79 4.1 Ethernet Segment Yang Module . . . . . . . . . . . . . . . . 9 80 4.2 EVPN Yang Module . . . . . . . . . . . . . . . . . . . . . . 15 81 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 26 82 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 26 83 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 84 7.1. Normative References . . . . . . . . . . . . . . . . . . . 26 85 7.2. Informative References . . . . . . . . . . . . . . . . . . 27 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 88 1. Introduction 90 The Network Configuration Protocol (NETCONF) [RFC6241] is a network 91 management protocol that defines mechanisms to manage network 92 devices. YANG [RFC6020] is a modular language that represents data 93 structures in an XML or JSON tree format, and is used as a data 94 modeling language for the NETCONF. 96 This document introduces a YANG data model for Ethernet VPN services 97 (EVPN) [RFC7432], Provider Backbone Bridging Combined with Ethernet 98 VPN (PBB-EVPN) [RFC7623] as well as other WG draft such as EVPN-VPWS, 99 etc. The EVPN services runs over MPLS and VxLAN underlay. 101 The Yang data model in this document defines Ethernet VPN based 102 services. The model leverages the definitions used in other IETF 103 Yang draft such as L2VPN Yang. 105 The goal is to propose a data object model consisting of building 106 blocks that can be assembled in different order to realize different 107 EVPN-based services. The definition work is undertaken initially by a 108 smaller working group with members representing various vendors and 109 service providers. The EVPN basic framework consist of two modules: 110 EVPN and Ethernet-Segment. These models are completely orthogonal. 111 They usually work in pair but user can definitely use one or the 112 other for its own need. 114 The data model is defined for following constructs that are used for 115 managing the services: 117 o Configuration 119 o Operational State 121 o Notifications 123 The document is organized to first define the data model for the 124 configuration, operational state and notifications of EVPN and 125 Ethernet-Segment. 127 The EVPN data object model defined in this document uses the instance 128 centric approach whereby EVPN service attributes are specified for a 129 given EVPN instance. 131 The Ethernet-Segment data object model defined in this document refer 132 to a specific interface. That interface can be a physical interface, 133 a bundle interface or virtual interface. The latter includes 134 attachment-circuit and pseudowire. The purpose of creating a separate 135 module is due to the fact that it can be used without having the need 136 to have EVPN configured as layer 2/3 service. For example, an access 137 node can be dual-homed to two service nodes servicing a VPLS or an 138 IPVPN core. The access connectivity can be represented by an 139 Ethernet-Segment where EVPN BGP DF election is performed over both 140 service nodes. 141 2. Specification of Requirements 143 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL 145 NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" 146 in this document are to be interpreted as described in [RFC2119]. 148 3. EVPN YANG Model 150 3.1. Overview 152 Two top level module, Ethernet-Segment and EVPN, are defined. The 153 Ethernet-Segment contains a list of interface to which any Ethernet- 154 Segment attributes are configured/applied. 156 The EVPN module has two main containers: common and instance. The 157 first one has common attributes to all VPNs where as the latter has 158 attributes specific to an EVI (EVPN instance). This document state 159 the scope of the EVPN object models definition. The following 160 documents are within the scope. This is not an exhaustive list but a 161 representation of documents that are covered for this work: 163 o Reqs for EVPN:[RFC7209] 164 o EVPN: [RFC7432] 165 o PBB-EVPN: [RFC7623] 166 o EVPN-VPWS: [RFC8214] 167 o EVPN-ETREE: [RFC8317] 168 o EVPN Overlay [RFC8365] 170 The integration with L2VPN instance Yang model is being done as part 171 of the L2VPN Yang model. 172 Following documents will be covered at that time: 173 o (PBB-)EVPN Seamless Integration with (PBB-)VPLS: 174 draft-ietf-bess-evpn-vpls-seamless-integ 175 o EVPN Virtual Ethernet Segment: 176 draft-sajassi-bess-evpn-virtual-eth-segment 177 o IP Prefix Advertisement in EVPN: 178 draft-ietf-bess-evpn-prefix-advertisement 179 o VXLAN DCI Using EVPN: 180 draft-boutros-l2vpn-vxlan-evpn 181 o Interconnect Solution for EVPN Overlay networks: 182 draft-ietf-bess-dci-evpn-overlay 183 o Integrated Routing and Bridging in EVPN: 184 draft-ietf-bess-evpn-inter-subnet-forwarding 186 3.2 Ethernet-Segment Model 188 The Ethernet-Segment data model has a list of ES where each refer to 189 an interface. All attributes are optional due to auto-sensing default 190 mode where all values are auto-derive from the network connectivity. 192 module: ietf-ethernet-segment 193 +--rw ethernet-segments 194 +--rw ethernet-segment* [name] 195 +--rw name string 196 +--ro service-type? string 197 +--ro status? status-type 198 +--rw (ac-or-pw)? 199 | +--:(ac) 200 | | +--rw ac* if:interface-ref 201 | +--:(pw) 202 | +--rw pw* pw:pseudowire-ref 203 +--ro interface-status? status-type 204 +--rw ethernet-segment-identifier? ethernet-segment-identifier-type 205 +--rw (active-mode) 206 | +--:(single-active) 207 | | +--rw single-active-mode? empty 208 | +--:(all-active) 209 | +--rw all-active-mode? empty 210 +--rw pbb-parameters {ethernet-segment-pbb-params}? 211 | +--rw backbone-src-mac? yang:mac-address 212 +--rw bgp-parameters 213 | +--rw common 214 | +--rw rd-rt* [route-distinguisher] 215 | {ethernet-segment-bgp-params}? 216 | +--rw route-distinguisher 217 | rt-types:route-distinguisher 218 | +--rw vpn-targets 219 | rt-types:vpn-route-targets 220 +--rw df-election 221 | +--rw df-election-method? df-election-method-type 222 | +--rw preference? uint16 223 | +--rw revertive? boolean 224 | +--rw election-wait-time? uint32 225 +--rw ead-evi-route? boolean 226 +--ro esi-label? string 227 +--ro member* 228 | +--ro ip-address? inet:ip-address 229 +--ro df* 230 +--ro service-identifier? uint32 231 +--ro vlan? uint32 232 +--ro ip-address? inet:ip-address 234 3.3 EVPN Model 236 The evpn-instances container contains a list of evpn-instance. Each 237 entry of the evpn-instance represents a different Ethernet VPN and it 238 is represented by a EVI. Again, mainly all attributes are optional 239 for the same reason as for the Ethernet-Segment module. 241 module: ietf-evpn 242 +--rw evpn 243 +--rw common 244 | +--rw (replication-type)? 245 | +--:(ingress-replication) 246 | | +--rw ingress-replication? boolean 247 | +--:(p2mp-replication) 248 | +--rw p2mp-replication? boolean 249 +--rw evpn-instances 250 +--rw evpn-instance* [name] 251 +--rw name string 252 +--rw evi? uint32 253 +--rw pbb-parameters {evpn-pbb-params}? 254 | +--rw source-bmac? yang:mac-address 255 +--rw bgp-parameters 256 | +--rw common 257 | +--rw rd-rt* [route-distinguisher] 258 | {evpn-bgp-params}? 259 | +--rw route-distinguisher 260 | | rt-types:route-distinguisher 261 | +--rw vpn-targets 262 | rt-types:vpn-route-targets 263 +--rw arp-proxy? boolean 264 +--rw arp-suppression? boolean 265 +--rw nd-proxy? boolean 266 +--rw nd-suppression? boolean 267 +--rw underlay-multicast? boolean 268 +--rw flood-unknown-unicast-supression? boolean 269 +--rw vpws-vlan-aware? boolean 270 +--ro routes 271 | +--ro ethernet-auto-discovery-route* 272 | | +--ro rd-rt* [route-distinguisher] 273 | | | +--ro route-distinguisher 274 | | | rt-types:route-distinguisher 275 | | | +--ro vpn-targets 276 | | | rt-types:vpn-route-targets 277 | | +--ro ethernet-segment-identifier? es:ethernet-segment-identifier-type 278 | | +--ro ethernet-tag? uint32 279 | | +--ro path* 280 | | +--ro next-hop? inet:ip-address 281 | | +--ro label? rt-types:mpls-label 282 | | +--ro detail 283 | | +--ro attributes 284 | | | +--ro extended-community* string 285 | | +--ro bestpath? empty 286 | +--ro mac-ip-advertisement-route* 287 | | +--ro rd-rt* [route-distinguisher] 288 | | | +--ro route-distinguisher 289 | | | rt-types:route-distinguisher 290 | | | +--ro vpn-targets 291 | | | rt-types:vpn-route-targets 292 | | +--ro ethernet-segment-identifier? es:ethernet-segment-identifier-type 293 | | +--ro ethernet-tag? uint32 294 | | +--ro mac-address? yang:mac-address 295 | | +--ro mac-address-length? uint8 296 | | +--ro ip-prefix? inet:ip-prefix 297 | | +--ro path* 298 | | +--ro next-hop? inet:ip-address 299 | | +--ro label? rt-types:mpls-label 300 | | +--ro label2? rt-types:mpls-label 301 | | +--ro detail 302 | | +--ro attributes 303 | | | +--ro extended-community* string 304 | | +--ro bestpath? empty 305 | +--ro inclusive-multicast-ethernet-tag-route* 306 | | +--ro rd-rt* [route-distinguisher] 307 | | | +--ro route-distinguisher 308 | | | rt-types:route-distinguisher 309 | | | +--ro vpn-targets 310 | | | rt-types:vpn-route-targets 311 | | +--ro originator-ip-prefix? inet:ip-prefix 312 | | +--ro path* 313 | | +--ro next-hop? inet:ip-address 314 | | +--ro label? rt-types:mpls-label 315 | | +--ro detail 316 | | +--ro attributes 317 | | | +--ro extended-community* string 318 | | +--ro bestpath? empty 319 | +--ro ethernet-segment-route* 320 | | +--ro rd-rt* [route-distinguisher] 321 | | | +--ro route-distinguisher 322 | | | rt-types:route-distinguisher 323 | | | +--ro vpn-targets 324 | | | rt-types:vpn-route-targets 325 | | +--ro ethernet-segment-identifier? es:ethernet-segment-identifier-type 326 | | +--ro originator-ip-prefix? inet:ip-prefix 327 | | +--ro path* 328 | | +--ro next-hop? inet:ip-address 329 | | +--ro detail 330 | | +--ro attributes 331 | | | +--ro extended-community* string 332 | | +--ro bestpath? empty 333 | +--ro ip-prefix-route* 334 | +--ro rd-rt* [route-distinguisher] 335 | | +--ro route-distinguisher 336 | | rt-types:route-distinguisher 337 | | +--ro vpn-targets 338 | | rt-types:vpn-route-targets 339 | +--ro ethernet-segment-identifier? 340 | | es:ethernet-segment-identifier-type 341 | +--ro ip-prefix? inet:ip-prefix 342 | +--ro path* 343 | +--ro next-hop? inet:ip-address 344 | +--ro label? rt-types:mpls-label 345 | +--ro detail 346 | +--ro attributes 347 | | +--ro extended-community* string 348 | +--ro bestpath? empty 349 +--ro statistics 350 +--ro tx-count? yang:zero-based-counter32 351 +--ro rx-count? yang:zero-based-counter32 352 +--ro detail 353 +--ro broadcast-tx-count? 354 yang:zero-based-counter32 355 +--ro broadcast-rx-count? 356 yang:zero-based-counter32 357 +--ro multicast-tx-count? 358 yang:zero-based-counter32 359 +--ro multicast-rx-count? 360 yang:zero-based-counter32 361 +--ro unknown-unicast-tx-count? 362 yang:zero-based-counter32 363 +--ro unknown-unicast-rx-count? 364 yang:zero-based-counter32 365 augment /pw:pseudowires/pw:pseudowire/pw:pw-type: 366 +--:(evpn-pw) 367 +--rw evpn-pw 368 +--rw remote-id? uint32 369 +--rw local-id? uint32 370 augment 371 /ni:network-instances/ni:network-instance/ni:ni-type/l2vpn:l2vpn: 372 +--rw evpn-instance? evpn-instance-ref 373 augment 374 /ni:network-instances/ni:network-instance/ni:ni-type/l2vpn:l2vpn: 375 +--rw vpls-contstraints 377 notifications: 378 +---n evpn-state-change-notification 379 +--ro evpn-instance? evpn-instance-ref 380 +--ro state? identityref 382 4. YANG Module 384 The EVPN configuration container is logically divided into 386 following high level configuration areas: 388 4.1 Ethernet Segment Yang Module 390 file "ietf-ethernet-segment@2019-03-09.yang" 391 module ietf-ethernet-segment { 392 namespace "urn:ietf:params:xml:ns:yang:ietf-ethernet-segment"; 393 prefix "es"; 395 import ietf-yang-types { 396 prefix "yang"; 397 } 399 import ietf-inet-types { 400 prefix "inet"; 401 } 403 import ietf-routing-types { 404 prefix "rt-types"; 405 } 407 import ietf-interfaces { 408 prefix "if"; 409 } 411 import ietf-pseudowires { 412 prefix "pw"; 413 } 415 organization "ietf"; 416 contact "ietf"; 417 description "ethernet segment"; 419 revision "2019-03-09" { 420 description " - Create an ethernet-segment type and change references " + 421 " to ethernet-segment-identifier " + 422 " - Updated Route-target lists to rt-types:vpn-route-targets " + 423 ""; 424 reference ""; 425 } 426 revision "2018-02-20" { 427 description " - Change the type of attachment circuit to " + 428 " if:interface-ref " + 429 ""; 430 reference ""; 431 } 433 revision "2017-10-21" { 434 description " - Updated ethernet segment's AC/PW members to " + 435 " accommodate more than one AC or more than one " + 436 " PW " + 437 " - Added the new preference based DF election " + 438 " method " + 439 " - Referenced pseudowires in the new " + 440 " ietf-pseudowires.yang model " + 441 " - Moved model to NMDA style specified in " + 442 " draft-dsdt-nmda-guidelines-01.txt " + 443 ""; 444 reference ""; 445 } 447 revision "2017-03-08" { 448 description " - Updated to use BGP parameters from " + 449 " ietf-routing-types.yang instead of from " + 450 " ietf-evpn.yang " + 451 " - Updated ethernet segment's AC/PW members to " + 452 " accommodate more than one AC or more than one " + 453 " PW " + 454 " - Added the new preference based DF election " + 455 " method " + 456 ""; 457 reference ""; 458 } 460 revision "2016-07-08" { 461 description " - Added the configuration option to enable or " + 462 " disable per-EVI/EAD route " + 463 " - Added PBB parameter backbone-src-mac " + 464 " - Added operational state branch, initially " + 465 " to match the configuration branch" + 466 ""; 467 reference ""; 468 } 470 revision "2016-06-23" { 471 description "WG document adoption"; 472 reference ""; 473 } 475 revision "2015-10-15" { 476 description "Initial revision"; 477 reference ""; 478 } 480 /* Features */ 481 feature ethernet-segment-bgp-params { 482 description "Ethernet segment's BGP parameters"; 483 } 485 feature ethernet-segment-pbb-params { 486 description "Ethernet segment's PBB parameters"; 487 } 489 /* Typedefs */ 490 typedef status-type { 491 type enumeration { 492 enum up { 493 description "Status is up"; 494 } 495 enum down { 496 description "Status is down"; 497 } 498 } 499 description "status type"; 500 } 502 typedef df-election-method-type { 503 type enumeration { 504 enum default { 505 value 0; 506 description "The default DF election method"; 507 } 508 enum highest-random-weight { 509 value 1; 510 description "The highest random weight (HRW) method"; 511 reference "draft-mohanty-bess-evpn-df-election"; 512 } 513 enum preference { 514 value 2; 515 description "The preference based method"; 516 reference "draft-rabadan-bess-evpn-pref-df"; 517 } 518 } 519 description "The DF election method type"; 520 } 522 typedef ethernet-segment-identifier-type { 523 type yang:hex-string { 524 length "29"; 525 } 526 description "10-octet Ethernet segment identifier (esi), 527 ex: 00:5a:5a:5a:5a:5a:5a:5a:5a:5a"; 528 } 529 /* EVPN Ethernet Segment YANG Model */ 531 container ethernet-segments { 532 description "ethernet-segment"; 533 list ethernet-segment { 534 key "name"; 535 leaf name { 536 type string; 537 description "Name of the ethernet segment"; 538 } 539 leaf service-type { 540 type string; 541 config false; 542 description "service-type"; 543 } 544 leaf status { 545 type status-type; 546 config false; 547 description "Ethernet segment status"; 548 } 549 choice ac-or-pw { 550 description "ac-or-pw"; 551 case ac { 552 leaf-list ac { 553 type if:interface-ref; 554 description "Name of attachment circuit"; 555 } 556 } 557 case pw { 558 leaf-list pw { 559 type pw:pseudowire-ref; 560 description "Reference to a pseudowire"; 561 } 562 } 563 } 564 leaf interface-status { 565 type status-type; 566 config false; 567 description "interface status"; 568 } 569 leaf ethernet-segment-identifier { 570 type ethernet-segment-identifier-type; 571 description "Ethernet segment identifier (esi)"; 572 } 573 choice active-mode { 574 mandatory true; 575 description "Choice of active mode"; 576 case single-active { 577 leaf single-active-mode { 578 type empty; 579 description "single-active-mode"; 580 } 581 } 582 case all-active { 583 leaf all-active-mode { 584 type empty; 585 description "all-active-mode"; 586 } 587 } 588 } 589 container pbb-parameters { 590 if-feature ethernet-segment-pbb-params; 591 description "PBB configuration"; 592 leaf backbone-src-mac { 593 type yang:mac-address; 594 description "backbone-src-mac, only if this is a PBB"; 595 } 596 } 597 container bgp-parameters { 598 description "BGP parameters"; 599 container common { 600 description "BGP parameters common to all pseudowires"; 601 list rd-rt { 602 if-feature ethernet-segment-bgp-params; 603 key "route-distinguisher"; 604 leaf route-distinguisher { 605 type rt-types:route-distinguisher; 606 description "Route distinguisher"; 607 } 608 uses rt-types:vpn-route-targets; 609 description "A list of route distinguishers and " + 610 "corresponding VPN route targets"; 611 } 612 } 613 } 614 container df-election { 615 description "df-election"; 616 leaf df-election-method { 617 type df-election-method-type; 618 description "The DF election method"; 619 } 620 leaf preference { 621 when "../df-election-method = 'preference'" { 622 description "The preference value is only applicable " + 623 "to the preference based method"; 624 } 625 type uint16; 626 description "The DF preference"; 627 } 628 leaf revertive { 629 when "../df-election-method = 'preference'" { 630 description "The revertive value is only applicable " + 631 "to the preference method"; 632 } 633 type boolean; 634 default true; 635 description "The 'preempt' or 'revertive' behavior"; 636 } 637 leaf election-wait-time { 638 type uint32; 639 description "election-wait-time"; 640 } 641 } 642 leaf ead-evi-route { 643 type boolean; 644 default false; 645 description "Enable (true) or disable (false) ead-evi-route"; 646 } 647 leaf esi-label { 648 type rt-types:mpls-label; 649 config false; 650 description "esi-label"; 651 } 652 list member { 653 config false; 654 leaf ip-address { 655 type inet:ip-address; 656 description "ip-address"; 657 } 658 description "member of the ethernet segment"; 659 } 660 list df { 661 config false; 662 leaf service-identifier { 663 type uint32; 664 description "service-identifier"; 665 } 666 leaf vlan { 667 type uint32; 668 description "vlan"; 669 } 670 leaf ip-address { 671 type inet:ip-address; 672 description "ip-address"; 674 } 675 description "df of an evpn instance's vlan"; 676 } 677 description "An ethernet segment"; 678 } 679 } 680 } 681 683 4.2 EVPN Yang Module 685 file "ietf-evpn@2019-03-09.yang" 686 module ietf-evpn { 687 namespace "urn:ietf:params:xml:ns:yang:ietf-evpn"; 688 prefix "evpn"; 690 import ietf-inet-types { 691 prefix "inet"; 692 } 694 import ietf-yang-types { 695 prefix "yang"; 696 } 698 import ietf-routing-types { 699 prefix "rt-types"; 700 } 702 import ietf-network-instance { 703 prefix "ni"; 704 } 706 import ietf-l2vpn { 707 prefix "l2vpn"; 708 } 710 import ietf-pseudowires { 711 prefix "pw"; 712 } 714 import ietf-ethernet-segment { 715 prefix "es"; 716 } 718 organization "ietf"; 719 contact "ietf"; 720 description "evpn"; 722 revision "2019-03-09" { 723 description " - Incorporated ietf-ethernet-segment model and" + 724 " normalised ethernet-segment entries on routes " + 725 " - Updated Route-target lists to rt-types:vpn-route-targets " + 726 ""; 727 reference ""; 728 } 730 revision "2018-02-20" { 731 description " - Incorporated ietf-network-instance model" + 732 " on which ietf-l2vpn is now based " + 733 ""; 734 reference ""; 735 } 737 revision "2017-10-21" { 738 description " - Modified the operational state augment " + 739 " - Renamed evpn-instances-state to evpn-instances" + 740 " - Added vpws-vlan-aware to an EVPN instance " + 741 " - Added a new augment to L2VPN to add EPVN " + 742 " - pseudowire for the case of EVPN VPWS " + 743 " - Added state change notification " + 744 ""; 745 reference ""; 746 } 748 revision "2017-03-13" { 749 description " - Added an augment to base L2VPN model to " + 750 " reference an EVPN instance " + 751 " - Reused ietf-routing-types.yang " + 752 " vpn-route-targets grouping instead of " + 753 " defining it in this module " + 754 ""; 755 reference ""; 756 } 758 revision "2016-07-08" { 759 description " - Added operational state" + 760 " - Added a configuration knob to enable/disable " + 761 " underlay-multicast " + 762 " - Added a configuration knob to enable/disable " + 763 " flooding of unknonw unicast " + 764 " - Added several configuration knobs " + 765 " to manage ARP and ND" + 766 ""; 767 reference ""; 769 } 771 revision "2016-06-23" { 772 description "WG document adoption"; 773 reference ""; 774 } 776 revision "2015-10-15" { 777 description "Initial revision"; 778 reference ""; 779 } 781 feature evpn-bgp-params { 782 description "EVPN's BGP parameters"; 783 } 785 feature evpn-pbb-params { 786 description "EVPN's PBB parameters"; 787 } 789 /* Identities */ 791 identity evpn-notification-state { 792 description "The base identity on which EVPN notification " + 793 "states are based"; 794 } 796 identity MAC-duplication-detected { 797 base "evpn-notification-state"; 798 description "MAC duplication is detected"; 799 } 801 identity mass-withdraw-received { 802 base "evpn-notification-state"; 803 description "Mass withdraw received"; 804 } 806 identity static-MAC-move-detected { 807 base "evpn-notification-state"; 808 description "Static MAC move is detected"; 809 } 811 /* Typedefs */ 813 typedef evpn-instance-ref { 814 type leafref { 815 path "/evpn/evpn-instances/evpn-instance/name"; 816 } 817 description "A leafref type to an EVPN instance"; 818 } 820 /* Groupings */ 822 grouping route-rd-rt-grp { 823 description "A grouping for a route's route distinguishers " + 824 "and route targets"; 825 list rd-rt { 826 key "route-distinguisher"; 827 leaf route-distinguisher { 828 type rt-types:route-distinguisher; 829 description "Route distinguisher"; 830 } 831 list vpn-target { 832 key "route-target"; 833 leaf route-target { 834 type rt-types:route-target; 835 description "BGP route target"; 836 } 837 description "A list of route targets"; 838 } 839 description "A list of route distinguishers and " + 840 "corresponding VPN route targets"; 841 } 842 } 844 grouping next-hop-label-grp { 845 description "next-hop-label-grp"; 846 leaf next-hop { 847 type inet:ip-address; 848 description "next-hop"; 849 } 850 leaf label { 851 type rt-types:mpls-label; 852 description "label"; 853 } 854 } 856 grouping next-hop-label2-grp { 857 description "next-hop-label2-grp"; 858 leaf label2 { 859 type rt-types:mpls-label; 860 description "label2"; 861 } 862 } 864 grouping path-detail-grp { 865 description "path-detail-grp"; 866 container detail { 867 config false; 868 description "path details"; 869 container attributes { 870 leaf-list extended-community { 871 type string; 872 description "extended-community"; 873 } 874 description "attributes"; 875 } 876 leaf bestpath { 877 type empty; 878 description "Indicate this path is the best path"; 879 } 880 } 881 } 883 /* EVPN YANG Model */ 885 container evpn { 886 description "evpn"; 887 container common { 888 description "common epn attributes"; 889 choice replication-type { 890 description "A choice of replication type"; 891 case ingress-replication { 892 leaf ingress-replication { 893 type boolean; 894 description "ingress-replication"; 895 } 896 } 897 case p2mp-replication { 898 leaf p2mp-replication { 899 type boolean; 900 description "p2mp-replication"; 901 } 902 } 903 } 904 } 905 container evpn-instances { 906 description "evpn-instances"; 907 list evpn-instance { 908 key "name"; 909 description "An EVPN instance"; 910 leaf name { 911 type string; 912 description "Name of EVPN instance"; 914 } 915 leaf evi { 916 type uint32; 917 description "evi"; 918 } 919 container pbb-parameters { 920 if-feature "evpn-pbb-params"; 921 description "PBB parameters"; 922 leaf source-bmac { 923 type yang:hex-string; 924 description "source-bmac"; 925 } 926 } 927 container bgp-parameters { 928 description "BGP parameters"; 929 container common { 930 description "BGP parameters common to all pseudowires"; 931 list rd-rt { 932 if-feature evpn-bgp-params; 933 key "route-distinguisher"; 934 leaf route-distinguisher { 935 type rt-types:route-distinguisher; 936 description "Route distinguisher"; 937 } 938 uses rt-types:vpn-route-targets; 939 description "A list of route distinguishers and " + 940 "corresponding VPN route targets"; 941 } 942 } 943 } 944 leaf arp-proxy { 945 type boolean; 946 default false; 947 description "Enable (TRUE) or disable (FALSE) ARP proxy"; 948 } 949 leaf arp-suppression { 950 type boolean; 951 default false; 952 description "Enable (TRUE) or disable (FALSE) " + 953 "ARP suppression"; 954 } 955 leaf nd-proxy { 956 type boolean; 957 default false; 958 description "Enable (TRUE) or disable (FALSE) ND proxy"; 959 } 960 leaf nd-suppression { 961 type boolean; 962 default false; 963 description "Enable (TRUE) or disable (FALSE) " + 964 "ND suppression"; 965 } 966 leaf underlay-multicast { 967 type boolean; 968 default false; 969 description "Enable (TRUE) or disable (FALSE) " + 970 "underlay multicast"; 971 } 972 leaf flood-unknown-unicast-supression { 973 type boolean; 974 default false; 975 description "Enable (TRUE) or disable (FALSE) " + 976 "flood unknown unicast suppression"; 977 } 978 leaf vpws-vlan-aware { 979 type boolean; 980 default false; 981 description "Enable (TRUE) or disable (FALSE) " + 982 "VPWS VLAN aware"; 983 } 984 container routes { 985 config false; 986 description "routes"; 987 list ethernet-auto-discovery-route { 988 uses route-rd-rt-grp; 989 leaf ethernet-segment-identifier { 990 type es:ethernet-segment-identifier-type; 991 description "Ethernet segment identifier (esi)"; 992 } 993 leaf ethernet-tag { 994 type uint32; 995 description "An ethernet tag (etag) indentifying a " + 996 "broadcast domain"; 997 } 998 list path { 999 uses next-hop-label-grp; 1000 uses path-detail-grp; 1001 description "path"; 1002 } 1003 description "ethernet-auto-discovery-route"; 1004 } 1005 list mac-ip-advertisement-route { 1006 uses route-rd-rt-grp; 1007 leaf ethernet-segment-identifier { 1008 type es:ethernet-segment-identifier-type; 1009 description "Ethernet segment identifier (esi)"; 1011 } 1012 leaf ethernet-tag { 1013 type uint32; 1014 description "An ethernet tag (etag) indentifying a " + 1015 "broadcast domain"; 1016 } 1017 leaf mac-address { 1018 type yang:mac-address; 1019 description "Route mac address"; 1020 } 1021 leaf mac-address-length { 1022 type uint8 { 1023 range "0..48"; 1024 } 1025 description "mac address length"; 1026 } 1027 leaf ip-prefix { 1028 type inet:ip-prefix; 1029 description "ip-prefix"; 1030 } 1031 list path { 1032 uses next-hop-label-grp; 1033 uses next-hop-label2-grp; 1034 uses path-detail-grp; 1035 description "path"; 1036 } 1037 description "mac-ip-advertisement-route"; 1038 } 1039 list inclusive-multicast-ethernet-tag-route { 1040 uses route-rd-rt-grp; 1041 leaf originator-ip-prefix { 1042 type inet:ip-prefix; 1043 description "originator-ip-prefix"; 1044 } 1045 list path { 1046 uses next-hop-label-grp; 1047 uses path-detail-grp; 1048 description "path"; 1049 } 1050 description "inclusive-multicast-ethernet-tag-route"; 1051 } 1052 list ethernet-segment-route { 1053 uses route-rd-rt-grp; 1054 leaf ethernet-segment-identifier { 1055 type es:ethernet-segment-identifier-type; 1056 description "Ethernet segment identifier (esi)"; 1057 } 1058 leaf originator-ip-prefix { 1059 type inet:ip-prefix; 1060 description "originator ip-prefix"; 1061 } 1062 list path { 1063 leaf next-hop { 1064 type inet:ip-address; 1065 description "next-hop"; 1066 } 1067 uses path-detail-grp; 1068 description "path"; 1069 } 1070 description "ethernet-segment-route"; 1071 } 1072 list ip-prefix-route { 1073 uses route-rd-rt-grp; 1074 leaf ethernet-segment-identifier { 1075 type es:ethernet-segment-identifier-type; 1076 description "Ethernet segment identifier (esi)"; 1077 } 1078 leaf ip-prefix { 1079 type inet:ip-prefix; 1080 description "ip-prefix"; 1081 } 1082 list path { 1083 uses next-hop-label-grp; 1084 uses path-detail-grp; 1085 description "path"; 1086 } 1087 description "ip-prefix route"; 1088 } 1089 } 1090 container statistics { 1091 config false; 1092 description "Statistics"; 1093 leaf tx-count { 1094 type yang:zero-based-counter32; 1095 description "transmission count"; 1096 } 1097 leaf rx-count { 1098 type yang:zero-based-counter32; 1099 description "receive count"; 1100 } 1101 container detail { 1102 description "Detailed statistics"; 1103 leaf broadcast-tx-count { 1104 type yang:zero-based-counter32; 1105 description "broadcast transmission count"; 1106 } 1107 leaf broadcast-rx-count { 1108 type yang:zero-based-counter32; 1109 description "broadcast receive count"; 1110 } 1111 leaf multicast-tx-count { 1112 type yang:zero-based-counter32; 1113 description "multicast transmission count"; 1114 } 1115 leaf multicast-rx-count { 1116 type yang:zero-based-counter32; 1117 description "multicast receive count"; 1118 } 1119 leaf unknown-unicast-tx-count { 1120 type yang:zero-based-counter32; 1121 description "unknown unicast transmission count"; 1122 } 1123 leaf unknown-unicast-rx-count { 1124 type yang:zero-based-counter32; 1125 description "unknown-unicast receive count"; 1126 } 1127 } 1128 } 1129 } 1130 } 1131 } 1133 /* augments */ 1135 augment "/pw:pseudowires/pw:pseudowire/pw:pw-type" { 1136 description "Augment for an L2VPN instance to add EVPN VPWS " + 1137 "pseudowire"; 1138 case evpn-pw { 1139 container evpn-pw { 1140 description "EVPN pseudowire"; 1141 leaf remote-id { 1142 type uint32; 1143 description "Remote pseudowire ID"; 1144 } 1145 leaf local-id { 1146 type uint32; 1147 description "Local pseudowire ID"; 1148 } 1149 } 1150 } 1151 } 1153 augment "/ni:network-instances/ni:network-instance/ni:ni-type" + 1154 "/l2vpn:l2vpn" { 1156 description "Augment for an L2VPN instance and EVPN association"; 1157 leaf evpn-instance { 1158 type evpn-instance-ref; 1159 description "Reference to an EVPN instance"; 1160 } 1161 } 1163 augment "/ni:network-instances/ni:network-instance/ni:ni-type" + 1164 "/l2vpn:l2vpn" { 1165 when "l2vpn:type = 'l2vpn:vpls-instance-type'" { 1166 description "Constraints only for VPLS pseudowires"; 1167 } 1168 description "Augment for VPLS instance"; 1169 container vpls-contstraints { 1170 must "not(boolean(/pw:pseudowires/pw:pseudowire" + 1171 " [pw:name = current()/../l2vpn:endpoint" + 1172 " /l2vpn:pw/l2vpn:name]" + 1173 " /evpn-pw/remote-id)) and " + 1174 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1175 " [pw:name = current()/../l2vpn:endpoint" + 1176 " /l2vpn:pw/l2vpn:name]" + 1177 " /evpn-pw/local-id)) and " + 1178 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1179 " [pw:name = current()/../l2vpn:endpoint" + 1180 " /l2vpn:primary-pw/l2vpn:name]" + 1181 " /evpn-pw/remote-id)) and " + 1182 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1183 " [pw:name = current()/../l2vpn:endpoint" + 1184 " /l2vpn:primary-pw/l2vpn:name]" + 1185 " /evpn-pw/local-id)) and " + 1186 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1187 " [pw:name = current()/../l2vpn:endpoint" + 1188 " /l2vpn:backup-pw/l2vpn:name]" + 1189 " /evpn-pw/remote-id)) and " + 1190 "not(boolean(/pw:pseudowires/pw:pseudowire" + 1191 " [pw:name = current()/../l2vpn:endpoint" + 1192 " /l2vpn:backup-pw/l2vpn:name]" + 1193 " /evpn-pw/local-id))" { 1194 description "A VPLS pseudowire must not be EVPN PW"; 1195 } 1196 description "VPLS constraints"; 1197 } 1198 } 1200 /* Notifications */ 1202 notification evpn-state-change-notification { 1203 description "EVPN state change notification"; 1204 leaf evpn-instance { 1205 type evpn-instance-ref; 1206 description "Related EVPN instance"; 1207 } 1208 leaf state { 1209 type identityref { 1210 base evpn-notification-state; 1211 } 1212 description "State change notification"; 1213 } 1214 } 1215 } 1216 1218 5. Security Considerations 1220 The configuration, state, action and notification data defined in 1221 this document are designed to be accessed via the NETCONF protocol 1222 [RFC6241]. The lowest NETCONF layer is the secure transport layer 1223 and the mandatory-to-implement secure transport is SSH [RFC6242]. The 1224 NETCONF access control model [RFC6536] provides means to restrict 1225 access for particular NETCONF users to a pre-configured subset of all 1226 available NETCONF protocol operations and content. 1228 The security concerns listed above are, however, no different than 1229 faced by other routing protocols. Hence, this draft does not change 1230 any underlying security issues inherent in [I-D.ietf-netmod-routing- 1231 cfg] 1233 6. IANA Considerations 1235 None. 1237 7. References 1239 7.1. Normative References 1241 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1242 Requirement Levels", BCP 14, RFC 2119, DOI 1243 10.17487/RFC2119, March 1997, . 1246 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1247 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1248 . 1250 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 1251 "Common YANG Data Types for the Routing Area", RFC 8294, 1252 DOI 10.17487/RFC8294, December 2017, . 1255 7.2. Informative References 1257 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1258 and A. Bierman, Ed., "Network Configuration Protocol 1259 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1260 . 1262 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1263 the Network Configuration Protocol (NETCONF)", RFC 6020, 1264 DOI 10.17487/RFC6020, October 2010, . 1267 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1268 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1269 . 1271 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1272 Protocol (NETCONF) Access Control Model", RFC 6536, DOI 1273 10.17487/RFC6536, March 2012, . 1276 [RFC7209] Sajassi, A., Aggarwal, R., Uttaro, J., Bitar, N., 1277 Henderickx, W., and A. Isaac, "Requirements for Ethernet 1278 VPN (EVPN)", RFC 7209, DOI 10.17487/RFC7209, May 2014, 1279 . 1281 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 1282 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 1283 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 1284 2015, . 1286 [RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W. 1287 Henderickx, "Provider Backbone Bridging Combined with 1288 Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623, 1289 September 2015, . 1291 [RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J. 1292 Rabadan, "Virtual Private Wire Service Support in Ethernet 1293 VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017, 1294 . 1296 Authors' Addresses 1297 Patrice Brissette 1298 Cisco Systems, Inc. 1299 EMail: pbrisset@cisco.com 1301 Himanshu Shah 1302 Ciena Corporation 1303 EMail: hshah@ciena.com 1305 Helen Chen 1306 Jabil 1307 EMail: Ing-Wher_Chen@jabil.com 1309 Iftekar Hussain 1310 Infinera Corporation 1311 EMail: ihussain@infinera.com 1313 Kishore Tiruveedhula 1314 Juniper Networks 1315 EMail: kishoret@juniper.net 1317 Jorge Rabadan 1318 Nokia 1319 EMail: jorge.rabadan@nokia.com 1321 Ali Sajassi 1322 Cisco Systems, Inc. 1323 EMail: sajassi@cisco.com 1325 Zhenbin Li 1326 Huawei Technologies 1327 EMail: lizhenbin@huawei.com