idnits 2.17.1 draft-ietf-bess-l3vpn-yang-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 570 has weird spacing: '... type fwd-m...' == Line 578 has weird spacing: '... type fwd-m...' == Line 665 has weird spacing: '...rouping vpn-p...' == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 13, 2016) is 2782 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2547' is defined on line 1221, but no explicit reference was found in the text == Unused Reference: 'RFC4271' is defined on line 1225, but no explicit reference was found in the text == Unused Reference: 'RFC4760' is defined on line 1230, but no explicit reference was found in the text == Outdated reference: A later version (-17) exists of draft-ietf-idr-bgp-model-02 == Outdated reference: A later version (-12) exists of draft-ietf-rtgwg-ni-model-00 -- Obsolete informational reference (is this intentional?): RFC 2547 (Obsoleted by RFC 4364) Summary: 0 errors (**), 0 flaws (~~), 10 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Working Group D. Jain 3 Internet-Draft K. Patel 4 Intended status: Standards Track P. Brissette 5 Expires: March 17, 2017 Cisco 6 Z. Li 7 S. Zhuang 8 Huawei Technologies 9 X. Liu 10 Ericsson 11 J. Haas 12 S. Esale 13 Juniper Networks 14 B. Wen 15 Comcast 16 September 13, 2016 18 Yang Data Model for BGP/MPLS L3 VPNs 19 draft-ietf-bess-l3vpn-yang-00.txt 21 Abstract 23 This document defines a YANG data model that can be used to configure 24 and manage BGP Layer 3 VPNs. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on March 17, 2017. 43 Copyright Notice 45 Copyright (c) 2016 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 This document may contain material from IETF Documents or IETF 59 Contributions published or made publicly available before November 60 10, 2008. The person(s) controlling the copyright in some of this 61 material may not have granted the IETF Trust the right to allow 62 modifications of such material outside the IETF Standards Process. 63 Without obtaining an adequate license from the person(s) controlling 64 the copyright in such materials, this document may not be modified 65 outside the IETF Standards Process, and derivative works of it may 66 not be created outside the IETF Standards Process, except to format 67 it for publication as an RFC or to translate it into languages other 68 than English. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 73 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 74 2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 3 75 3. Design of BGP L3VPN Data Model . . . . . . . . . . . . . . . 4 76 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 77 3.2. VRF Specific Configuration . . . . . . . . . . . . . . . 4 78 3.2.1. VRF interface . . . . . . . . . . . . . . . . . . . . 4 79 3.2.2. Route distinguisher . . . . . . . . . . . . . . . . . 4 80 3.2.3. Import and export route targets . . . . . . . . . . . 5 81 3.2.4. Forwarding mode . . . . . . . . . . . . . . . . . . . 5 82 3.2.5. Label security . . . . . . . . . . . . . . . . . . . 5 83 3.2.6. Yang tree . . . . . . . . . . . . . . . . . . . . . . 5 84 3.3. BGP Specific Configuration . . . . . . . . . . . . . . . 7 85 3.3.1. VPN peering . . . . . . . . . . . . . . . . . . . . . 7 86 3.3.2. VPN prefix limits . . . . . . . . . . . . . . . . . . 7 87 3.3.3. Label Mode . . . . . . . . . . . . . . . . . . . . . 8 88 3.3.4. ASBR options . . . . . . . . . . . . . . . . . . . . 8 89 3.3.5. Yang tree . . . . . . . . . . . . . . . . . . . . . . 8 90 4. BGP Yang Module . . . . . . . . . . . . . . . . . . . . . . . 10 91 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 92 6. Security Considerations . . . . . . . . . . . . . . . . . . . 25 93 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 25 94 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 95 8.1. Normative References . . . . . . . . . . . . . . . . . . 26 96 8.2. Informative References . . . . . . . . . . . . . . . . . 26 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 99 1. Introduction 101 YANG [RFC6020] is a data definition language that was introduced to 102 define the contents of a conceptual data store that allows networked 103 devices to be managed using NETCONF [RFC6241]. YANG is proving 104 relevant beyond its initial confines, as bindings to other interfaces 105 (e.g. ReST) and encodings other than XML (e.g. JSON) are being 106 defined. Furthermore, YANG data models can be used as the basis of 107 implementation for other interfaces, such as CLI and programmatic 108 APIs. 110 This document defines a YANG model that can be used to configure and 111 manage BGP L3VPNs [RFC4364]. It contains VRF sepcific parameters as 112 well as BGP specific parameters applicable for L3VPNs. The 113 individual containers defined in this model contain control knobs for 114 configuration for that purpose, as well as a few data nodes that can 115 be used to monitor health and gather statistics. 117 1.1. Requirements Language 119 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 120 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 121 document are to be interpreted as described in RFC 2119 [RFC2119]. 123 2. Definitions and Acronyms 125 AF: Address Family 127 AS: Autonomous System 129 ASBR: Autonomous System Border Router 131 BGP: Border Gateway Protocol 133 CE: Customer Edge 135 PE: Provider Edge 137 L3VPN: Layer 3 VPN 139 NETCONF: Network Configuration Protocol 141 RD: Route Distinguisher 142 ReST: Representational State Transfer, a style of stateless interface 143 and protocol that is generally carried over HTTP 145 RTFilter: Route Filter 147 VPN: Virtual Private Network 149 VRF: Virtual Routing and Forwarding 151 YANG: Data definition language for NETCONF 153 3. Design of BGP L3VPN Data Model 155 3.1. Overview 157 There are two parts of the BGP L3VPN yang data model. The first part 158 of the model defines VRF specific parameters for L3VPN by augmenting 159 the network-instance container defined in the network instance model 160 [I-D.ietf-rtgwg-ni-model] and the second part of the model defines 161 BGP specific parameters for the L3VPN by augmenting the base BGP data 162 model defined in [I-D.ietf-idr-bgp-model]. 164 3.2. VRF Specific Configuration 166 IETF network instance model defines a base identity for network 167 instance type as L3-VRF. For L3VPN, the VRF specific parameters are 168 defined by augmenting the network-instance container corresponding to 169 L3-VRF instance. A new container l3vpn is added for VPN parameters. 171 3.2.1. VRF interface 173 To associate a VRF instance with an interface, the interface should 174 be defined in the context of network instance representing a L3-VRF. 175 This is covered in base network instance model 176 [I-D.ietf-rtgwg-ni-model]. 178 3.2.2. Route distinguisher 180 Route distinguisher (RD) is an unique identifier used in VPN routes 181 to distinguish prefixes across different VPNs. RD is 8 byte field as 182 defined in the [RFC4364]. Where the first two bytes refer to type 183 followed by 6 bytes of value. The format of the value is dependent 184 on type. In the yang model, RDs are defined l3vpn container under 185 network-instance. 187 3.2.3. Import and export route targets 189 Route-target (RT) is an extended community used to specify the rules 190 for importing and exporting the routes for each VRF as defined in 191 [RFC4364]. This is applicable in the context of an address-family 192 under the VRF. Under the l3vpn container, statements for import and 193 export route-targets are added for ipv4 and ipv6 address family. 194 Both import and export sets are modeled as a list of rout-targets. 195 An import rule is modeled as list of RTs or a policy leafref 196 specifying the list of RTs to be matched for importing routes into 197 the VRF. Similarly an export rule is set or RTs or a policy leafref 198 specifying the list of RTs which should be attached to routes 199 exported from this VRF. In the case where policy is used to specify 200 the RTs, a reference to the policy via leafref is used in this model, 201 but actual definition of policy is outside the scope of this 202 document. In addition, this section also defines parameters for the 203 import from global routing table and export to global routing table, 204 as well as route limit per VPN instance for ipv4 and ipv6 address 205 family. 207 3.2.4. Forwarding mode 209 This configuration augments interface list under interface container 210 under a network instance as defined in IETF network instance model 211 [I-D.ietf-rtgwg-ni-model]. Forwarding mode configuration is required 212 under the ASBR facing interface to enable mpls forwarding for 213 directly connected BGP peers for inter-as option B peering. 215 3.2.5. Label security 217 For inter-as option-B peering across ASs, under the ASBR facing 218 interface, mpls label security enables the checks for RPF label on 219 incoming packets. Ietf-interface container is augmented to add this 220 config. 222 3.2.6. Yang tree 224 module: ietf-bgp-l3vpn 225 augment /ni:network-instances/ni:network-instance: 226 +--rw l3vpn 227 +--rw route-distinguisher 228 | +--rw config 229 | | +--rw rd? string 230 | +--ro state 231 | +--ro rd? string 232 +--rw ipv4 233 | +--rw unicast 234 | +--rw route-targets 235 | | +--rw config 236 | | | +--rw rts* [rt] 237 | | | | +--rw rt string 238 | | | | +--rw rt-type? enumeration 239 | | | +--rw route-policy? string 240 | | +--ro state 241 | | +--ro rts* [rt] 242 | | | +--ro rt string 243 | | | +--ro rt-type? enumeration 244 | | +--ro route-policy? string 245 | +--rw import-from-global 246 | | +--rw config 247 | | | +--rw enable? boolean 248 | | | +--rw advertise-as-vpn? boolean 249 | | | +--rw route-policy? string 250 | | | +--rw bgp-valid-route? boolean 251 | | | +--rw protocol? enumeration 252 | | | +--rw instance? string 253 | | +--ro state 254 | | +--ro enable? boolean 255 | | +--ro advertise-as-vpn? boolean 256 | | +--ro route-policy? string 257 | | +--ro bgp-valid-route? boolean 258 | | +--ro protocol? enumeration 259 | | +--ro instance? string 260 | +--rw export-to-global 261 | | +--rw config 262 | | | +--rw enable? boolean 263 | | +--ro state 264 | | +--ro enable? boolean 265 | +--rw routing-table-limit 266 | | +--rw config 267 | | | +--rw routing-table-limit-number? uint32 268 | | | +--rw (routing-table-limit-action)? 269 | | | +--:(enable-alert-percent) 270 | | | | +--rw alert-percent-value? uint8 271 | | | +--:(enable-simple-alert) 272 | | | +--rw simple-alert? boolean 273 | | +--ro state 274 | | +--ro routing-table-limit-number? uint32 275 | | +--ro (routing-table-limit-action)? 276 | | +--:(enable-alert-percent) 277 | | | +--ro alert-percent-value? uint8 278 | | +--:(enable-simple-alert) 279 | | +--ro simple-alert? boolean 280 | +--rw tunnel-params 281 | +--rw config 282 | | +--rw tunnel-policy? string 283 | +--ro state 284 | +--ro tunnel-policy? string 286 augment /if:interfaces/if:interface: 287 +--rw forwarding-mode 288 | +--rw config 289 | | +--rw forwarding-mode? fwd-mode-type 290 | +--ro state 291 | +--ro forwarding-mode? fwd-mode-type 292 +--rw mpls-label-security 293 +--rw config 294 | +--rw rpf? boolean 295 +--ro state 296 +--ro rpf? boolean 298 3.3. BGP Specific Configuration 300 The BGP specific configuration for L3VPNs is defined by augmenting 301 base BGP model [I-D.ietf-idr-bgp-model]. In particular, specific 302 knobs are added under neighbor and address family containers to 303 handle VPN routes and ASBR peering. 305 3.3.1. VPN peering 307 For Peering between PE routers, specific VPN address family needs to 308 be enabled under BGP container in the default routing-instance. Base 309 BGP draft [I-D.ietf-idr-bgp-model] has l3vpn address family in the 310 list of identity refs for AFs under global and neighbor modes. The 311 same is augmented here for additional knobs. For peering with CE 312 routers the VRF specific BGP configurations such as neighbors and 313 address-family are covered in base BGP config, except that such 314 configuration will be in the context of a VRF. The instance of BGP 315 in this case would be a separate instance in the context of routing 316 instance realizing a VRF. 318 3.3.2. VPN prefix limits 320 Limits for max number of VPN prefixes for a PE router is defined in 321 the context of VPN address family under BGP. This would be the total 322 number of prefixes in VPN table per AF in the context of BGP 323 protocol. Route table limit for ipv4 and ipv6 address family for 324 each VPN instance is also defined under BGP. The total prefix limit 325 per VPN, including all the protocols is defined in the context of VRF 326 address family under routing instance. 328 3.3.3. Label Mode 330 Label mode knobs control the label allocation behavior for VRF 331 routes. Such as to specify Per-site, Per-vpn and Per-route label 332 allocation. These knobs augment BGP global AF containers in the 333 context of default routing instance. 335 3.3.4. ASBR options 337 This includes few specific knobs for ASBR peering methods illustrated 338 in [RFC4364]. Such as route target retention on ASBRs and rewrite 339 next hop to self, for inter-as VPN peering across ASBRs with option-B 340 method. Similarly next hop unchanged on ASBRs for option-C peering. 341 Appropriate containers under BGP AF and NBR modes are augmented for 342 these parameters. As a note, when a knob is applicable for neighbor, 343 it is also defined under corresponding peer-group container. 345 3.3.5. Yang tree 347 module: ietf-bgp-l3vpn 348 augment /bgp:bgp/bgp:global/bgp:afi-safis 349 /bgp:afi-safi/bgp:l3vpn-ipv4-unicast: 350 +--rw retain-rts 351 +--rw config 352 | +--rw all? empty 353 | +--rw route-policy? string 354 +--ro state 355 +--ro all? empty 356 +--ro route-policy? string 357 +--rw prefix-limit 358 +--rw config 359 | +--rw prefix-limit-number? uint32 360 | +--rw (prefix-limit-action)? 361 | +--:(enable-alert-percent) 362 | | +--rw alert-percent-value? uint8 363 | | +--rw route-unchanged? boolean 364 | +--:(enable-simple-alert) 365 | +--rw simple-alert? boolean 366 +--ro state 367 +--ro prefix-limit-number? uint32 368 +--ro (prefix-limit-action)? 369 +--:(enable-alert-percent) 370 | +--ro alert-percent-value? uint8 371 | +--ro route-unchanged? boolean 372 +--:(enable-simple-alert) 373 +--ro simple-alert? boolean ... 375 augment /bgp:bgp/bgp:global/bgp:afi-safis 376 /bgp:afi-safi/bgp:ipv4-unicast: 377 +--rw config 378 | +--rw label-mode? bgp-label-mode 379 +--ro state 380 +--ro label-mode? bgp-label-mode 381 +--rw routing-table-limit 382 +--rw config 383 | +--rw routing-table-limit-number? uint32 384 | +--rw (routing-table-limit-action)? 385 | +--:(enable-alert-percent) 386 | | +--rw alert-percent-value? uint8 387 | +--:(enable-simple-alert) 388 | +--rw simple-alert? boolean 389 +--ro state 390 +--ro routing-table-limit-number? uint32 391 +--ro (routing-table-limit-action)? 392 +--:(enable-alert-percent) 393 | +--ro alert-percent-value? uint8 394 +--:(enable-simple-alert) 395 +--ro simple-alert? boolean 396 ... 398 augment /bgp:bgp/bgp:neighbors/bgp:neighbor: 399 +--rw nexthop-options 400 +--rw config 401 | +--rw next-hop-self? boolean 402 | +--rw next-hop-unchanged? boolean 403 +--rw state 404 +--rw next-hop-self? boolean 405 +--rw next-hop-unchanged? boolean 407 augment /bgp:bgp/bgp:peer-groups/bgp:peer-group: 408 +--rw nexthop-options 409 +--rw config 410 | +--rw next-hop-self? boolean 411 | +--rw next-hop-unchanged? boolean 412 +--rw state 413 +--rw next-hop-self? boolean 414 +--rw next-hop-unchanged? boolean 416 augment /bgp:bgp/bgp:neighbors/bgp:neighbor 417 /bgp:afi-safis/bgp:afi-safi: 418 +--rw nexthop-options 419 +--rw config 420 | +--rw next-hop-self? boolean 421 | +--rw next-hop-unchanged? boolean 422 +--rw state 423 +--rw next-hop-self? boolean 424 +--rw next-hop-unchanged? boolean 426 augment /bgp:bgp/bgp:peer-groups/bgp:peer-group 427 /bgp:afi-safis/bgp:afi-safi: 428 +--rw nexthop-options 429 +--rw config 430 | +--rw next-hop-self? boolean 431 | +--rw next-hop-unchanged? boolean 432 +--rw state 433 +--rw next-hop-self? boolean 434 +--rw next-hop-unchanged? boolean 436 4. BGP Yang Module 438 file "ietf-bgp-l3vpn@2016-09-09.yang" 440 module ietf-bgp-l3vpn { 441 namespace "urn:ietf:params:xml:ns:yang:ietf-bgp-l3vpn"; 442 // replace with IANA namespace when assigned 443 prefix l3vpn ; 445 import ietf-network-instance { 446 prefix ni; 447 revision-date 2016-06-23; 448 } 450 import ietf-interfaces { 451 prefix if; 452 } 454 import ietf-bgp { 455 prefix bgp; 456 revision-date 2016-06-21; 457 } 459 organization 460 "IETF BGP Enabled Services WG"; 462 contact 463 "BESS working group - bess@ietf.org"; 465 description 466 "This YANG module defines a YANG data model to configure and 467 manage BGP Layer3 VPNs. It augments the IETF bgp yang model 468 and IETF network instance model to add L3VPN specific 469 configuration and operational knobs. 471 Terms and Acronyms 473 AF : Address Family 475 AS : Autonomous System 477 ASBR : Autonomous Systems Border Router 479 BGP (bgp) : Border Gateway Protocol 481 CE : Customer Edge 483 IP (ip) : Internet Protocol 485 IPv4 (ipv4):Internet Protocol Version 4 487 IPv6 (ipv6): Internet Protocol Version 6 489 L3VPN: Layer 3 VPN 491 PE : Provider Edge 493 RT : Route Target 495 RD : Route Distinguisher 497 VPN : Virtual Private Network 499 VRF : Virtual Routing and Forwarding 501 "; 503 revision 2016-09-09 { 504 description 505 "Initial revision."; 506 reference 507 "RFC XXXX: A YANG Data Model for BGP L3VPN config management"; 508 } 510 //RD 511 grouping route-distinguisher-params { 512 description "BGP route distinguisher"; 513 container route-distinguisher { 514 description "Route distinguisher value as per RFC4364"; 515 container config { 516 description 517 "Configuration parameters for route distinguisher"; 518 leaf rd { 519 type string; 520 description "Route distinguisher value as per RFC4364"; 521 } 522 } 523 container state { 524 config "false" ; 525 description 526 "State information for route distinguisher"; 527 leaf rd { 528 type string; 529 description "Route distinguisher value"; 530 } 531 } 532 } 533 } 535 //Label mode 536 typedef bgp-label-mode { 537 type enumeration { 538 enum per-ce { 539 description "Allocate labels per CE"; 540 } 541 enum per-route { 542 description "Allocate labels per prefix"; 543 } 544 enum per-vpn { 545 description "Allocate labels per VRF"; 546 } 547 } 548 description "BGP label allocation mode"; 549 } 551 //Fwding mode 552 typedef fwd-mode-type { 553 type enumeration { 554 enum mpls { 555 description "Forwarding mode mpls"; 556 } 557 } 558 description 559 "Enable forwarding mode under ASBR facing interface"; 561 } 563 grouping forwarding-mode { 564 description "Forwarding mode of interface for ASBR scenario"; 565 container forwarding-mode { 566 description "Forwarding mode of interface for ASBR scenario"; 567 container config { 568 description "Configuration of Forwarding mode"; 569 leaf forwarding-mode { 570 type fwd-mode-type; 571 description "Forwarding mode for this interface"; 572 } 573 } 574 container state { 575 config "false"; 576 description "State information of Forwarding mode"; 577 leaf forwarding-mode { 578 type fwd-mode-type; 579 description "Forwarding mode for this interface"; 580 } 581 } 582 } 583 } 585 grouping label-security { 586 description "Mpls label security for ASBR option B scenario"; 587 container mpls-label-security { 588 description "MPLS label secruity"; 589 container config { 590 description "Configuration parameters"; 591 leaf rpf { 592 type boolean; 593 description "Enable MPLS label security rpf on interface"; 594 } 595 } 596 container state { 597 config "false"; 598 description "State information"; 599 leaf rpf { 600 type boolean; 601 description "MPLS label security rpf on interface"; 602 } 603 } 604 } 605 } 607 //per VPN instance table limit under BGP 608 grouping prefix-limit { 609 description 610 "The prefix limit command sets a limit on the maximum 611 number of prefixes supported in the existing VPN 612 instance, preventing the PE from importing excessive 613 VPN route prefixes. 614 "; 616 leaf prefix-limit-number { 617 type uint32 { 618 range "1..4294967295"; 619 } 620 description 621 "Specifies the maximum number of prefixes supported in the 622 VPN instance IPv4 or IPv6 address family."; 623 } 625 choice prefix-limit-action { 626 description "."; 627 case enable-alert-percent { 628 leaf alert-percent-value { 629 type uint8 { 630 range "1..100"; 631 } 632 description 633 "Specifies the proportion of the alarm threshold to the 634 maximum number of prefixes."; 635 } 636 leaf route-unchanged { 637 type boolean; 638 default "false"; 639 description 640 "Indicates that the routing table remains unchanged. 641 By default, route-unchanged is not configured. When 642 the number of prefixes in the routing table is 643 greater than the value of the parameter number, 644 routes are processed as follows: 645 (1)If route-unchanged is configured, routes in the 646 routing table remain unchanged. 647 (2)If route-unchanged is not configured, all routes 648 in the routing table are deleted and then 649 re-added."; 650 } 651 } 652 case enable-simple-alert { 653 leaf simple-alert { 654 type boolean; 655 default "false"; 656 description 657 "Indicates that when the number of VPN route prefixes 658 exceeds number, prefixes can still join the VPN 659 routing table and alarms are displayed."; 660 } 661 } 662 } 663 } 665 grouping vpn-pfx-limit { 666 description "Per VPN instance table limit under BGP"; 667 container vpn-prefix-limit { 668 description "Prefix limit for this table"; 669 container config { 670 description "Config parameters"; 671 uses prefix-limit; 672 } 673 container state { 674 config "false"; 675 description "State parameters"; 676 uses prefix-limit; 677 } 678 } 679 } 681 grouping route-target-set { 682 description 683 "Extended community route-target set "; 684 list rts { 685 key "rt" ; 686 description 687 "List of route-targets" ; 688 leaf rt { 689 type string { 690 pattern '([0-9]+:[0-9]+)'; 691 } 692 description "Route target extended community as per RFC4360"; 693 } 694 leaf rt-type { 695 type enumeration { 696 enum import { 697 description "Route target is for import routes"; 698 } 699 enum export { 700 description "Route target is for export routes"; 701 } 702 enum both { 703 description 704 "Route target is for both import and export routes"; 705 } 706 } 707 description "Route target type"; 708 } 709 } 710 leaf route-policy { 711 type string; 712 description 713 "Reference to the policy containing set of routes. 714 TBD: leafref to policy entry in IETF policy model"; 715 } 716 } 718 grouping import-from-gbl { 719 description "Import from global routing table"; 720 leaf enable { 721 type boolean; 722 description "Enable"; 723 } 724 leaf advertise-as-vpn { 725 type boolean; 726 description 727 "Advertise routes imported from global table as VPN routes"; 728 } 729 leaf route-policy { 730 type string; 731 description "Route policy as filter for importing routes"; 732 } 734 leaf bgp-valid-route { 735 type boolean; 736 description 737 "Enable all valid routes (including non-best paths) to be 738 candidate for import"; 739 } 741 leaf protocol { 742 type enumeration { 743 enum ALL { 744 value "0"; 745 description "ALL:"; 746 } 747 enum Direct { 748 value "1"; 749 description "Direct:"; 750 } 751 enum OSPF { 752 value "2"; 753 description "OSPF:"; 754 } 755 enum ISIS { 756 value "3"; 757 description "ISIS:"; 758 } 759 enum Static { 760 value "4"; 761 description "Static:"; 762 } 763 enum RIP { 764 value "5"; 765 description "RIP:"; 766 } 767 enum BGP { 768 value "6"; 769 description "BGP:"; 770 } 771 enum OSPFV3 { 772 value "7"; 773 description "OSPFV3:"; 774 } 775 enum RIPNG { 776 value "8"; 777 description "RIPNG:"; 778 } 779 } 780 description 781 "Specifies the protocol from which routes are imported. 782 At present, In the IPv4 unicast address family view, 783 the protocol can be IS-IS,static, direct and BGP."; 784 } 786 leaf instance { 787 type string; 788 description 789 "Specifies the instance id of the protocol"; 790 } 791 } 792 grouping global-imports { 793 description "Grouping for imports from global routing table"; 794 container import-from-global { 795 description "Import from global routing table"; 796 container config { 797 description "Configuration"; 798 uses import-from-gbl; 799 } 800 container state { 801 config "false"; 802 description "State"; 803 uses import-from-gbl; 804 } 805 } 806 } 808 grouping export-to-gbl { 809 description "Export routes to default VRF"; 810 leaf enable { 811 type boolean; 812 description "Enable"; 813 } 814 } 816 grouping global-exports { 817 description "Grouping for exports routes to global table"; 818 container export-to-global { 819 description "Export to global routing table"; 820 container config { 821 description "Configuration"; 822 uses export-to-gbl; 823 } 824 container state { 825 config "false"; 826 description "State"; 827 uses export-to-gbl; 828 } 829 } 830 } 832 grouping route-target-params { 833 description "Grouping to specify rules for route import and export"; 834 container route-targets { 835 description 836 "Set of route-targets to match for import and export routes 837 to/from VRF"; 838 container config { 839 description 840 "Configuration of route targets"; 841 uses route-target-set ; 842 } 843 container state { 844 config "false" ; 845 description 846 "State information for route targets"; 848 uses route-target-set ; 849 } 850 } 851 } 853 grouping route-tbl-limit-params { 854 description "Grouping for VPN table prefix limit config"; 855 leaf routing-table-limit-number { 856 type uint32 { 857 range "1..4294967295"; 858 } 859 description 860 "Specifies the maximum number of routes supported by a 861 VPN instance. "; 862 } 864 choice routing-table-limit-action { 865 description "."; 866 case enable-alert-percent { 867 leaf alert-percent-value { 868 type uint8 { 869 range "1..100"; 870 } 871 description 872 "Specifies the percentage of the maximum number of 873 routes. When the maximum number of routes that join 874 the VPN instance is up to the value 875 (number*alert-percent)/100, the system prompts 876 alarms. The VPN routes can be still added to the 877 routing table, but after the number of routes 878 reaches number, the subsequent routes are 879 dropped."; 880 } 881 } 882 case enable-simple-alert { 883 leaf simple-alert { 884 type boolean; 885 description 886 "Indicates that when VPN routes exceed number, routes 887 can still be added into the routing table, but the 888 system prompts alarms. 889 However, after the total number of VPN routes and 890 network public routes reaches the unicast route limit 891 specified in the License, the subsequent VPN routes 892 are dropped."; 893 } 894 } 895 } 897 } 899 grouping routing-tbl-limit { 900 description "."; 901 container routing-table-limit { 902 description 903 "The routing-table limit command sets a limit on the maximum 904 number of routes that the IPv4 or IPv6 address family of a 905 VPN instance can support. 906 By default, there is no limit on the maximum number of 907 routes that the IPv4 or IPv6 address family of a VPN 908 instance can support, but the total number of private 909 network and public network routes on a device cannot 910 exceed the allowed maximum number of unicast routes."; 911 container config { 912 description "Config parameters"; 913 uses route-tbl-limit-params; 914 } 915 container state { 916 config "false"; 917 description "State parameters"; 918 uses route-tbl-limit-params; 919 } 920 } 921 } 923 // Tunnel policy parameters 924 grouping tunnel-params { 925 description "Tunnel parameters"; 926 container tunnel-params { 927 description "Tunnel config parameters"; 928 container config { 929 description "configuration parameters"; 930 leaf tunnel-policy { 931 type string; 932 description 933 "Tunnel policy name."; 934 } 935 } 936 container state { 937 config "false"; 938 description "state parameters"; 939 leaf tunnel-policy { 940 type string; 941 description 942 "Tunnel policy name."; 943 } 944 } 946 } 947 } 949 // Grouping for the L3vpn specific parameters under VRF 950 // (network-instance) 951 grouping l3vpn-vrf-params { 952 description "Specify route filtering rules for import/export"; 953 container ipv4 { 954 description 955 "Specify route filtering rules for import/export"; 956 container unicast { 957 description 958 "Specify route filtering rules for import/export"; 959 uses route-target-params; 960 uses global-imports; 961 uses global-exports; 962 uses routing-tbl-limit; 963 uses tunnel-params; 964 } 965 } 966 container ipv6 { 967 description 968 "Ipv6 address family specific rules for import/export"; 969 container unicast { 970 description "Ipv6 unicast address family"; 971 uses route-target-params; 972 uses global-imports; 973 uses global-exports; 974 uses routing-tbl-limit; 975 uses tunnel-params; 976 } 977 } 978 } 980 grouping bgp-label-mode { 981 description "MPLS/VPN label allocation mode"; 982 container config { 983 description 984 "Configuration parameters for label allocation mode"; 985 leaf label-mode { 986 type bgp-label-mode; 987 description "Label allocation mode"; 988 } 989 } 990 container state { 991 config "false" ; 992 description "State information for label allocation mode"; 993 leaf label-mode { 994 type bgp-label-mode; 995 description "Label allocation mode"; 996 } 997 } 998 } 1000 grouping retain-route-targets { 1001 description "Grouping for route target accept"; 1002 container retain-route-targets { 1003 description "Control route target acceptance behavior for ASBRs"; 1004 container config { 1005 description 1006 "Configuration parameters for retaining route targets"; 1007 leaf all { 1008 type empty; 1009 description "Disable filtering of all route-targets"; 1010 } 1011 leaf route-policy { 1012 type string; 1013 description "Filter routes as per filter policy name 1014 TBD: leafref to IETF routing policy model"; 1015 } 1016 } 1017 container state { 1018 config "false" ; 1019 description "State information for retaining route targets"; 1020 leaf all { 1021 type empty; 1022 description "Disable filtering of all route-targets"; 1023 } 1024 leaf route-policy { 1025 type string; 1026 description "Filter routes as per filter policy name"; 1027 } 1028 } 1029 } 1030 } 1032 grouping nexthop-opts { 1033 description "Next hop control options for inter-as route exchange"; 1034 leaf next-hop-self { 1035 type boolean; 1036 description 1037 "Set nexthop of the route to self when advertising routes"; 1038 } 1039 leaf next-hop-unchanged { 1040 type boolean; 1041 description "Enforce no nexthop change when advertising routes"; 1043 } 1044 } 1046 grouping asbr-nexthop-options { 1047 description "Nexthop parameters for inter-as VPN options "; 1048 container nexthop-options { 1049 description "Nexthop related options for inter-as options"; 1050 container config { 1051 description "Configuration parameters for nexthop options"; 1052 uses nexthop-opts; 1053 } 1054 container state { 1055 config "false"; 1056 description "State information for nexthop options" ; 1057 uses nexthop-opts; 1058 } 1059 } 1060 } 1062 // 1063 // VRF specific parameters. 1064 // RD and RTs and route import-export rules are added under 1065 // network instance container in network instance model, hence 1066 // per VRF scoped 1067 augment "/ni:network-instances/ni:network-instance" { 1068 description 1069 "Augment network instance for per VRF L3vpn parameters"; 1070 container l3vpn { 1071 //Enable this check once network instance model has 1072 //identify defined for VRF type 1073 //when "../type='rt:vrf-network-instance'" { 1074 // description 1075 // "This container is only valid for vrf routing instance."; 1076 //} 1077 description "Configuration of L3VPN specific parameters"; 1079 uses route-distinguisher-params; 1080 uses l3vpn-vrf-params ; 1081 } 1082 } 1084 // bgp mpls forwarding enable required for inter-as option AB. 1085 augment "/if:interfaces/if:interface" { 1086 description 1087 "BGP mpls forwarding mode configuration on interface for 1088 ASBR scenario"; 1089 uses forwarding-mode ; 1090 uses label-security; 1092 } 1094 // 1095 // BGP Specific Paramters 1096 // 1098 // 1099 // Retain route-target for inter-as option ASBR knob. 1100 // vpn prefix limits 1101 // vpnv4/vpnv6 address-family only. 1102 augment "/bgp:bgp/bgp:global/bgp:afi-safis/" + 1103 "bgp:afi-safi/bgp:l3vpn-ipv4-unicast" { 1104 description "Retain route targets for ASBR scenario"; 1105 uses retain-route-targets; 1106 uses vpn-pfx-limit; 1107 } 1109 augment "/bgp:bgp/bgp:global/bgp:afi-safis/" + 1110 "bgp:afi-safi/bgp:l3vpn-ipv6-unicast" { 1111 description "Retain route targets for ASBR scenario"; 1112 uses retain-route-targets; 1113 uses vpn-pfx-limit; 1114 } 1116 // Label allocation mode configuration. Certain AFs only. 1117 augment "/bgp:bgp/bgp:global/bgp:afi-safis/" + 1118 "bgp:afi-safi/bgp:ipv4-unicast" { 1119 description 1120 "Augment BGP global AF mode for label allocation mode 1121 configuration"; 1122 uses bgp-label-mode ; 1123 uses routing-tbl-limit; 1124 } 1126 augment "/bgp:bgp/bgp:global/bgp:afi-safis/" + 1127 "bgp:afi-safi/bgp:ipv6-unicast" { 1128 description 1129 "Augment BGP global AF mode for label allocation mode 1130 configuration"; 1131 uses bgp-label-mode ; 1132 uses routing-tbl-limit; 1133 } 1135 // Nexthop options for the inter-as ASBR peering. 1136 augment "/bgp:bgp/bgp:neighbors/bgp:neighbor" { 1137 description 1138 "Augment BGP NBR mode with nexthop options for inter-as ASBRs"; 1140 uses asbr-nexthop-options; 1141 } 1143 augment "/bgp:bgp/bgp:peer-groups/bgp:peer-group" { 1144 description 1145 "Augment BGP peer-group mode with nexthop options for inter-as 1146 ASBRs"; 1147 uses asbr-nexthop-options; 1148 } 1150 augment "/bgp:bgp/bgp:neighbors/bgp:neighbor/" + 1151 "bgp:afi-safis/bgp:afi-safi" { 1152 description 1153 "Augment BGP NBR AF mode with nexthop options for inter-as 1154 ASBRs"; 1155 uses asbr-nexthop-options; 1156 } 1158 augment "/bgp:bgp/bgp:peer-groups/bgp:peer-group/" + 1159 "bgp:afi-safis/bgp:afi-safi" { 1160 description 1161 "Augment BGP peer-group AF mode with nexthop options for inter-as 1162 ASBRs"; 1163 uses asbr-nexthop-options; 1164 } 1165 } 1167 1169 5. IANA Considerations 1171 6. Security Considerations 1173 The transport protocol used for sending the BGP L3VPN data MUST 1174 support authentication and SHOULD support encryption. The data-model 1175 by itself does not create any security implications. 1177 This draft does not change any underlying security issues inherent in 1178 [I-D.ietf-rtgwg-ni-model] and [I-D.ietf-idr-bgp-model]. 1180 7. Acknowledgements 1182 The authors would like to thank TBD for their detail reviews and 1183 comments. 1185 8. References 1187 8.1. Normative References 1189 [I-D.ietf-idr-bgp-model] 1190 Shaikh, A., Shakir, R., Patel, K., Hares, S., D'Souza, K., 1191 Bansal, D., Clemm, A., Zhdankin, A., Jethanandani, M., and 1192 X. Liu, "BGP Model for Service Provider Networks", draft- 1193 ietf-idr-bgp-model-02 (work in progress), July 2016. 1195 [I-D.ietf-rtgwg-ni-model] 1196 Berger, L., Hopps, C., Lindem, A., and D. Bogdanovic, 1197 "Network Instance Model", draft-ietf-rtgwg-ni-model-00 1198 (work in progress), June 2016. 1200 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1201 Requirement Levels", BCP 14, RFC 2119, 1202 DOI 10.17487/RFC2119, March 1997, 1203 . 1205 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 1206 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 1207 2006, . 1209 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1210 the Network Configuration Protocol (NETCONF)", RFC 6020, 1211 DOI 10.17487/RFC6020, October 2010, 1212 . 1214 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1215 and A. Bierman, Ed., "Network Configuration Protocol 1216 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1217 . 1219 8.2. Informative References 1221 [RFC2547] Rosen, E. and Y. Rekhter, "BGP/MPLS VPNs", RFC 2547, 1222 DOI 10.17487/RFC2547, March 1999, 1223 . 1225 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 1226 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 1227 DOI 10.17487/RFC4271, January 2006, 1228 . 1230 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 1231 "Multiprotocol Extensions for BGP-4", RFC 4760, 1232 DOI 10.17487/RFC4760, January 2007, 1233 . 1235 Authors' Addresses 1237 Dhanendra Jain 1238 Cisco 1239 170 W. Tasman Drive 1240 San Jose, CA 95134 1241 USA 1243 Email: dhjain@cisco.com 1245 Keyur Patel 1246 Cisco 1247 170 W. Tasman Drive 1248 San Jose, CA 95134 1249 USA 1251 Email: keyur@arrcus.com 1253 Patrice Brissette 1254 Cisco 1255 170 W. Tasman Drive 1256 San Jose, CA 95134 1257 USA 1259 Email: pbrisset@cisco.com 1261 Zhenbin Li 1262 Huawei Technologies 1263 Huawei Bld., No.156 Beiqing Rd. 1264 Beijing 100095 1265 China 1267 Email: lizhenbin@huawei.com 1268 Shunwan Zhuang 1269 Huawei Technologies 1270 Huawei Bld., No.156 Beiqing Rd. 1271 Beijing 100095 1272 China 1274 Email: zhuangshunwan@huawei.com 1276 Xufeng Liu 1277 Ericsson 1278 1595 Spring Hill Road, Suite 500 1279 Vienna, VA 22182 1280 USA 1282 Email: xliu@kuatrotech.com 1284 Jeffrey Haas 1285 Juniper Networks 1287 Email: jhaas@juniper.net 1289 Santosh Esale 1290 Juniper Networks 1291 1194 N. Mathilda Ave. 1292 Sunnyvale, CA 94089 1293 US 1295 Email: sesale@juniper.net 1297 Bin Wen 1298 Comcast 1300 Email: Bin_Wen@cable.comcast.com