idnits 2.17.1 draft-ietf-ippm-ioam-yang-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 268 has weird spacing: '...e-index pro...' == Line 271 has weird spacing: '...ynomial uin...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (July 12, 2021) is 1019 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-12 == Outdated reference: A later version (-11) exists of draft-ietf-ippm-ioam-direct-export-03 ** Downref: Normative reference to an Experimental draft: draft-ietf-sfc-proof-of-transit (ref. 'I-D.ietf-sfc-proof-of-transit') ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) == Outdated reference: A later version (-12) exists of draft-ietf-ippm-ioam-ipv6-options-05 == Outdated reference: A later version (-13) exists of draft-ietf-sfc-ioam-nsh-05 Summary: 3 errors (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPPM T. Zhou, Ed. 3 Internet-Draft Huawei 4 Intended status: Standards Track J. Guichard 5 Expires: January 13, 2022 Futurewei 6 F. Brockners 7 S. Raghavan 8 Cisco Systems 9 July 12, 2021 11 A YANG Data Model for In-Situ OAM 12 draft-ietf-ippm-ioam-yang-01 14 Abstract 16 In-situ Operations, Administration, and Maintenance (IOAM) records 17 operational and telemetry information in user packets while the 18 packets traverse a path between two points in the network. This 19 document defines a YANG module for the IOAM function. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on January 13, 2022. 38 Copyright Notice 40 Copyright (c) 2021 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. Conventions used in this document . . . . . . . . . . . . . . 2 57 2.1. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 58 3. Design of the IOAM YANG Data Model . . . . . . . . . . . . . 3 59 3.1. Profiles . . . . . . . . . . . . . . . . . . . . . . . . 3 60 3.2. Preallocated Tracing Profile . . . . . . . . . . . . . . 5 61 3.3. Incremental Tracing Profile . . . . . . . . . . . . . . . 5 62 3.4. Direct Export Profile . . . . . . . . . . . . . . . . . . 6 63 3.5. Proof of Transit Profile . . . . . . . . . . . . . . . . 6 64 3.6. Edge to Edge Profile . . . . . . . . . . . . . . . . . . 7 65 4. IOAM YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 66 5. Security Considerations . . . . . . . . . . . . . . . . . . . 21 67 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 68 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 69 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 70 8.1. Normative References . . . . . . . . . . . . . . . . . . 23 71 8.2. Informative References . . . . . . . . . . . . . . . . . 24 72 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 24 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 75 1. Introduction 77 In-situ Operations, Administration, and Maintenance (IOAM) 78 [I-D.ietf-ippm-ioam-data] records OAM information within user packets 79 while the packets traverse a network. The data types and data 80 formats for IOAM data records have been defined in 81 [I-D.ietf-ippm-ioam-data]. The IOAM data can be embedded in many 82 protocol encapsulations such as Network Services Header (NSH) and 83 IPv6. 85 This document defines a data model for IOAM capabilities using the 86 YANG data modeling language [RFC7950]. This YANG model supports all 87 the five IOAM options, which are Incremental Tracing Option, Pre- 88 allocated Tracing Option, Direct Export 89 Option[I-D.ietf-ippm-ioam-direct-export], Proof of Transit(PoT) 90 Option, and Edge-to-Edge Option. 92 2. Conventions used in this document 94 The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 95 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 96 "OPTIONAL" in this document are to be interpreted as described in 97 BCP14, [RFC2119], [RFC8174] when, and only when, they appear in all 98 capitals, as shown here. 100 The following terms are defined in [RFC7950] and are used in this 101 specification: 103 o augment 105 o data model 107 o data node 109 The terminology for describing YANG data models is found in 110 [RFC7950]. 112 2.1. Tree Diagrams 114 Tree diagrams used in this document follow the notation defined in 115 [RFC8340]. 117 3. Design of the IOAM YANG Data Model 119 3.1. Profiles 121 The IOAM model is organized as list of profiles as shown in the 122 following figure. Each profile associates with one flow and the 123 corresponding IOAM information. 125 The "ioam-info" is a container for all the read only assistant 126 information such as units or timestamp format. So that monitoring 127 systems can interpret the IOAM data. 129 module: ietf-ioam 130 +--rw ioam 131 +--ro ioam-info 132 +--rw ioam-profiles 133 +--rw admin-config 134 | +--rw enabled? boolean 135 +--rw ioam-profile* [profile-name] 136 +--rw profile-name string 137 +--rw filter 138 | +--rw filter-type? ioam-filter-type 139 | +--rw ace-name? -> /acl:acls/acl/aces/ace/name 140 +--rw protocol-type? ioam-protocol-type 141 +--rw incremental-tracing-profile {incremental-trace}? 142 | ... 143 +--rw preallocated-tracing-profile {preallocated-trace}? 144 | ... 145 +--rw direct-export-profile {direct-export}? 146 | ... 147 +--rw pot-profile {proof-of-transit}? 148 | ... 149 +--rw e2e-profile {edge-to-edge}? 150 ... 152 The "enabled" is an administrative configuration. When it is set to 153 true, IOAM configuration is enabled for the system. Meanwhile, the 154 IOAM data-plane functionality is enabled. 156 The "filter" is used to identify a flow, where the IOAM profile can 157 apply. There may be multiple filter types. ACL [RFC8519] is a 158 common way to specify a flow. Each IOAM profile can associate with 159 an ACE(Access Control Entry). IOAM actions MUST be driven by the 160 accepted packets, when the matched ACE "forwarding" action is 161 "accept". 163 The IOAM data can be encapsulated into multiple protocols, e.g., IPv6 164 [I-D.ietf-ippm-ioam-ipv6-options] and NSH [I-D.ietf-sfc-ioam-nsh]. 165 The "protocol-type" is used to indicate where the IOAM is applied. 166 For example, if the "protocol-type" is IPv6, the IOAM ingress node 167 will encapsulate the associated flow with the IPv6-IOAM 168 [I-D.ietf-ippm-ioam-ipv6-options] format. 170 IOAM data includes five encapsulation types, i.e., incremental 171 tracing data, preallocated tracing data, direct export data, prove of 172 transit data and end to end data. In practice, multiple IOAM data 173 types can be encapsulated into the same IOAM header. The "ioam- 174 profile" contains a set of sub-profiles, each of which relates to one 175 encapsulation type. The configured object may not support all the 176 sub-profiles. The supported sub-profiles are indicated by 5 defined 177 features, i.e., "incremental-trace", "preallocated-trace", "direct 178 export", "proof-of-transit", "edge-to-edge". 180 3.2. Preallocated Tracing Profile 182 The IOAM tracing data is expected to be collected at every node that 183 a packet traverses to ensure visibility into the entire path a packet 184 takes within an IOAM domain. The preallocated tracing option will 185 create pre-allocated space for each node to populate its information 186 . The "preallocated-tracing-profile" contains the detailed 187 information for the preallocated tracing data. The information 188 includes: 190 o enabled: indicates whether the preallocated tracing profile is 191 enabled. 193 o node-action: indicates the operation (e.g., encapsulate IOAM 194 header, transit the IOAM data, or decapsulate IOAM header) applied 195 to the dedicated flow. 197 o use-namespace: indicate the namespace used for the trace types. 199 o trace-type: indicates the per-hop data to be captured by the IOAM 200 enabled nodes and included in the node data list. 202 o Loopback mode is used to send a copy of a packet back towards the 203 source. 205 o Active mode indicates that a packet is used for active 206 measurement. 208 +--rw preallocated-tracing-profile {preallocated-trace}? 209 +--rw enabled? boolean 210 +--rw node-action? ioam-node-action 211 +--rw trace-types 212 | +--rw use-namespace? ioam-namespace 213 | +--rw trace-type* ioam-trace-type 214 +--rw enable-loopback-mode? boolean 215 +--rw enable-active-mode? boolean 217 3.3. Incremental Tracing Profile 219 The incremental tracing option contains a variable node data fields 220 where each node allocates and pushes its node data immediately 221 following the option header. The "incremental-tracing-profile" 222 contains the detailed information for the incremental tracing data. 223 The detailed information is the same as the Preallocated Tracing 224 Profile, but with one more variable, "max-length", which restricts 225 the length of the IOAM header. 227 +--rw incremental-tracing-profile {incremental-trace}? 228 +--rw enabled? boolean 229 +--rw node-action? ioam-node-action 230 +--rw trace-types 231 | +--rw use-namespace? ioam-namespace 232 | +--rw trace-type* ioam-trace-type 233 +--rw enable-loopback-mode? boolean 234 +--rw enable-active-mode? boolean 235 +--rw max-length? uint32 237 3.4. Direct Export Profile 239 The direct export option is used as a trigger for IOAM nodes to 240 export IOAM data to a receiving entity (or entities). The "direct- 241 export-profile" contains the detailed information for the direct 242 export data. The detailed information is the same as the 243 Preallocated Tracing Profile, but with one more optional variable, 244 "flow-id", which is used to correlate the exported data of the same 245 flow from multiple nodes and from multiple packets. 247 +--rw direct-export-profile {direct-export}? 248 +--rw enabled? boolean 249 +--rw node-action? ioam-node-action 250 +--rw trace-types 251 | +--rw use-namespace? ioam-namespace 252 | +--rw trace-type* ioam-trace-type 253 +--rw enable-loopback-mode? boolean 254 +--rw enable-active-mode? boolean 255 +--rw flow-id? uint32 257 3.5. Proof of Transit Profile 259 The IOAM Proof of Transit data is to support the path or service 260 function chain verification use cases. The "pot-profile" contains 261 the detailed information for the prove of transit data. The detailed 262 information are described in [I-D.ietf-sfc-proof-of-transit]. 264 +--rw pot-profile {proof-of-transit}? 265 +--rw enabled? boolean 266 +--rw active-profile-index? pot:profile-index-range 267 +--rw pot-profile-list* [pot-profile-index] 268 +--rw pot-profile-index profile-index-range 269 +--rw prime-number uint64 270 +--rw secret-share uint64 271 +--rw public-polynomial uint64 272 +--rw lpc uint64 273 +--rw validator? boolean 274 +--rw validator-key? uint64 275 +--rw bitmask? uint64 276 +--rw opot-masks 277 +--rw downstream-mask* uint64 278 +--rw upstream-mask* uint64 280 3.6. Edge to Edge Profile 282 The IOAM edge to edge option is to carry data that is added by the 283 IOAM encapsulating node and interpreted by IOAM decapsulating node. 284 The "e2e-profile" contains the detailed information for the edge to 285 edge data. The detailed information includes: 287 o enabled: indicates whether the edge to edge profile is enabled. 289 o node-action is the same semantic as in Section 2.2. 291 o use-namespace: indicate the namespace used for the edge to edge 292 types. 294 o e2e-type indicates data to be carried from the ingress IOAM node 295 to the egress IOAM node. 297 +--rw e2e-profile {edge-to-edge}? 298 +--rw enabled? boolean 299 +--rw node-action? ioam-node-action 300 +--rw e2e-types 301 +--rw use-namespace? ioam-namespace 302 +--rw e2e-type* ioam-e2e-type 304 4. IOAM YANG Module 306 file "ietf-ioam@2021-01-12.yang" 307 module ietf-ioam { 308 yang-version 1.1; 309 namespace "urn:ietf:params:xml:ns:yang:ietf-ioam"; 310 prefix "ioam"; 311 import ietf-pot-profile { 312 prefix "pot"; 313 reference "draft-ietf-sfc-proof-of-transit"; 314 } 316 import ietf-access-control-list { 317 prefix "acl"; 318 reference 319 "RFC 8519: YANG Data Model for Network Access Control 320 Lists (ACLs)"; 321 } 323 organization 324 "IETF IPPM (IP Performance Metrics) Working Group"; 326 contact 327 "WG Web: 328 WG List: 329 Editor: zhoutianran@huawei.com 330 Editor: james.n.guichard@futurewei.com 331 Editor: fbrockne@cisco.com 332 Editor: srihari@cisco.com"; 334 description 335 "This YANG module specifies a vendor-independent data 336 model for the In Situ OAM (IOAM). 338 Copyright (c) 2020 IETF Trust and the persons identified as 339 authors of the code. All rights reserved. 341 Redistribution and use in source and binary forms, with or 342 without modification, is permitted pursuant to, and subject 343 to the license terms contained in, the Simplified BSD License 344 set forth in Section 4.c of the IETF Trust's Legal Provisions 345 Relating to IETF Documents 346 (http://trustee.ietf.org/license-info). 348 This version of this YANG module is part of RFC XXXX; see the 349 RFC itself for full legal notices."; 351 revision 2021-01-12 { 352 description "Initial revision."; 353 reference "draft-ietf-ippm-ioam-yang"; 354 } 356 /* 357 * FEATURES 358 */ 359 feature incremental-trace 360 { 361 description 362 "This feature indicated that the incremental tracing option is 363 supported"; 364 reference "draft-ietf-ippm-ioam-data"; 365 } 367 feature preallocated-trace 368 { 369 description 370 "This feature indicated that the preallocated tracing option is 371 supported"; 372 reference "draft-ietf-ippm-ioam-data"; 373 } 375 feature direct-export 376 { 377 description 378 "This feature indicated that the direct export option is 379 supported"; 380 reference "ietf-ippm-ioam-direct-export"; 381 } 383 feature proof-of-transit 384 { 385 description 386 "This feature indicated that the proof of transit option is 387 supported"; 388 reference "draft-ietf-ippm-ioam-data"; 389 } 391 feature edge-to-edge 392 { 393 description 394 "This feature indicated that the edge to edge option is 395 supported"; 396 reference "draft-ietf-ippm-ioam-data"; 397 } 399 /* 400 * IDENTITIES 401 */ 402 identity base-filter { 403 description 404 "Base identity to represent a filter. A filter is used to 405 specify the flow to apply the IOAM profile. "; 406 } 407 identity acl-filter { 408 base base-filter; 409 description 410 "Apply ACL rules to specify the flow."; 411 } 413 identity base-protocol { 414 description 415 "Base identity to represent the carrier protocol. It's used to 416 indicate what layer and protocol the IOAM data is embedded."; 417 } 419 identity ipv6-protocol { 420 base base-protocol; 421 description 422 "The described IOAM data is embedded in IPv6 protocol."; 423 reference "ietf-ippm-ioam-ipv6-options"; 424 } 426 identity nsh-protocol { 427 base base-protocol; 428 description 429 "The described IOAM data is embedded in NSH."; 430 reference "ietf-sfc-ioam-nsh"; 431 } 433 identity base-node-action { 434 description 435 "Base identity to represent the node actions. It's used to 436 indicate what action the node will take."; 437 } 439 identity action-encapsulate { 440 base base-node-action; 441 description 442 "indicate the node is to encapsulate the IOAM packet"; 443 } 445 identity action-decapsulate { 446 base base-node-action; 447 description 448 "indicate the node is to decapsulate the IOAM packet"; 449 } 451 identity base-trace-type { 452 description 453 "Base identity to represent trace types"; 454 } 455 identity trace-hop-lim-node-id { 456 base base-trace-type; 457 description 458 "indicates presence of Hop_Lim and node_id in the 459 node data."; 460 } 462 identity trace-if-id { 463 base base-trace-type; 464 description 465 "indicates presence of ingress_if_id and egress_if_id in the 466 node data."; 467 } 469 identity trace-timestamp-seconds { 470 base base-trace-type; 471 description 472 "indicates presence of time stamp seconds in the node data."; 473 } 475 identity trace-timestamp-nanoseconds { 476 base base-trace-type; 477 description 478 "indicates presence of time stamp nanoseconds in the node data."; 479 } 481 identity trace-transit-delay { 482 base base-trace-type; 483 description 484 "indicates presence of transit delay in the node data."; 485 } 487 identity trace-namespace-data { 488 base base-trace-type; 489 description 490 "indicates presence of namespace specific data (short format) 491 in the node data."; 492 } 494 identity trace-queue-depth { 495 base base-trace-type; 496 description 497 "indicates presence of queue depth in the node data."; 498 } 500 identity trace-opaque-state-snapshot { 501 base base-trace-type; 502 description 503 "indicates presence of variable length Opaque State Snapshot 504 field."; 505 } 507 identity trace-hop-lim-node-id-wide { 508 base base-trace-type; 509 description 510 "indicates presence of Hop_Lim and node_id wide in the 511 node data."; 512 } 514 identity trace-if-id-wide { 515 base base-trace-type; 516 description 517 "indicates presence of ingress_if_id and egress_if_id wide in 518 the node data."; 519 } 521 identity trace-namespace-data-wide { 522 base base-trace-type; 523 description 524 "indicates presence of namespace specific data in wide format 525 in the node data."; 526 } 528 identity trace-buffer-occupancy { 529 base base-trace-type; 530 description 531 "indicates presence of buffer occupancy in the node data."; 532 } 534 identity trace-checksum-complement { 535 base base-trace-type; 536 description 537 "indicates presence of the Checksum Complement node data."; 538 } 540 identity base-pot-type { 541 description 542 "Base identity to represent Proof of Transit(PoT) types"; 543 } 545 identity pot-bytes-16 { 546 base base-pot-type; 547 description 548 "POT data is a 16 Octet field."; 549 } 550 identity base-e2e-type { 551 description 552 "Base identity to represent e2e types"; 553 } 555 identity e2e-seq-num-64 { 556 base base-e2e-type; 557 description 558 "indicates presence of a 64-bit sequence number"; 559 } 561 identity e2e-seq-num-32 { 562 base base-e2e-type; 563 description 564 "indicates presence of a 32-bit sequence number"; 565 } 567 identity e2e-timestamp-seconds { 568 base base-e2e-type; 569 description 570 "indicates presence of timestamp seconds for the 571 transmission of the frame"; 572 } 574 identity e2e-timestamp-subseconds { 575 base base-e2e-type; 576 description 577 "indicates presence of timestamp subseconds for the 578 transmission of the frame"; 579 } 581 identity base-namespace { 582 description 583 "Base identity to represent the namespace"; 584 } 586 identity namespace-ietf { 587 base base-namespace; 588 description 589 "namespace that specified in IETF."; 590 } 592 /* 593 * TYPE DEFINITIONS 594 */ 596 typedef ioam-filter-type { 597 type identityref { 598 base base-filter; 599 } 600 description 601 "Specifies a known type of filter."; 602 } 604 typedef ioam-protocol-type { 605 type identityref { 606 base base-protocol; 607 } 608 description 609 "Specifies a known type of carrier protocol for the IOAM data."; 610 } 612 typedef ioam-node-action { 613 type identityref { 614 base base-node-action; 615 } 616 description 617 "Specifies a known type of node action."; 618 } 620 typedef ioam-trace-type { 621 type identityref { 622 base base-trace-type; 623 } 624 description 625 "Specifies a known trace type."; 626 } 628 typedef ioam-pot-type { 629 type identityref { 630 base base-pot-type; 631 } 632 description 633 "Specifies a known pot type."; 634 } 636 typedef ioam-e2e-type { 637 type identityref { 638 base base-e2e-type; 639 } 640 description 641 "Specifies a known e2e type."; 642 } 644 typedef ioam-namespace { 645 type identityref { 646 base base-namespace; 647 } 648 description 649 "Specifies the supported namespace."; 650 } 652 /* 653 * GROUP DEFINITIONS 654 */ 656 grouping ioam-filter { 657 description "A grouping for IOAM filter definition"; 659 leaf filter-type { 660 type ioam-filter-type; 661 description "filter type"; 662 } 664 leaf ace-name { 665 when "../filter-type = 'ioam:acl-filter'"; 666 type leafref { 667 path "/acl:acls/acl:acl/acl:aces/acl:ace/acl:name"; 668 } 669 description "Access Control Entry name."; 670 } 671 } 673 grouping encap-tracing { 674 description 675 "A grouping for the generic configuration for 676 tracing profile."; 678 container trace-types { 679 description 680 "the list of trace types for encapsulate"; 682 leaf use-namespace { 683 type ioam-namespace; 684 description 685 "the namespace used for the encapsulation"; 686 } 688 leaf-list trace-type { 689 type ioam-trace-type; 690 description 691 "The trace type is only defined at the encapsulation node."; 692 } 693 } 694 leaf enable-loopback-mode { 695 type boolean; 696 default false; 697 description 698 "Loopback mode is used to send a copy of a packet back towards 699 the source. The loopback mode is only defined at the 700 encapsulation node."; 701 } 703 leaf enable-active-mode { 704 type boolean; 705 default false; 706 description 707 "Active mode indicates that a packet is used for active 708 measurement. An IOAM decapsulating node that receives a 709 packet with the Active flag set in one of its Trace options 710 must terminate the packet."; 711 } 712 } 714 grouping ioam-incremental-tracing-profile { 715 description 716 "A grouping for incremental tracing profile."; 718 leaf node-action { 719 type ioam-node-action; 720 description "node action"; 721 } 723 uses encap-tracing { 724 when "node-action = 'ioam:action-encapsulate'"; 725 } 727 leaf max-length { 728 when "../node-action = 'ioam:action-encapsulate'"; 729 type uint32; 730 units bytes; 731 description 732 "This field specifies the maximum length of the node data list 733 in octets. The max-length is only defined at the 734 encapsulation node. And it's only used for the incremental 735 tracing mode."; 736 } 737 } 739 grouping ioam-preallocated-tracing-profile { 740 description 741 "A grouping for incremental tracing profile."; 743 leaf node-action { 744 type ioam-node-action; 745 description "node action"; 746 } 748 uses encap-tracing { 749 when "node-action = 'ioam:action-encapsulate'"; 750 } 751 } 753 grouping ioam-direct-export-profile { 754 description 755 "A grouping for direct export profile."; 757 leaf node-action { 758 type ioam-node-action; 759 description "node action"; 760 } 762 uses encap-tracing { 763 when "node-action = 'ioam:action-encapsulate'"; 764 } 766 leaf flow-id { 767 when "../node-action = 'ioam:action-encapsulate'"; 768 type uint32; 769 description 770 "A 32-bit flow identifier. The field is set at the 771 encapsulating node. The Flow ID can be uniformly assigned 772 by a central controller or algorithmically generated by the 773 encapsulating node. The latter approach cannot guarantee 774 the uniqueness of Flow ID, yet the conflict probability is 775 small due to the large Flow ID space.flow-id is used to 776 correlate the exported data of the same flow from multiple 777 nodes and from multiple packets."; 778 } 779 } 781 grouping ioam-e2e-profile { 782 description 783 "A grouping for end to end profile."; 785 leaf node-action { 786 type ioam-node-action; 787 description 788 "indicate how the node act for this profile"; 789 } 790 container e2e-types { 791 when "../node-action = 'ioam:action-encapsulate'"; 792 description 793 "the list of e2e types for encapsulate"; 795 leaf use-namespace { 796 type ioam-namespace; 797 description 798 "the namespace used for the encapsulation"; 799 } 801 leaf-list e2e-type { 802 type ioam-e2e-type; 803 description 804 "The e2e type is only defined at the encapsulation node."; 805 } 806 } 807 } 809 grouping ioam-admin-config { 810 description 811 "IOAM top-level administrative configuration."; 813 leaf enabled { 814 type boolean; 815 default false; 816 description 817 "When true, IOAM configuration is enabled for the system. 818 Meanwhile, the IOAM data-plane functionality is enabled."; 819 } 820 } 822 /* 823 * DATA NODES 824 */ 826 container ioam { 827 description "IOAM top level container"; 829 container ioam-info { 830 config false; 831 description 832 "Describes assistant information such as units or timestamp 833 format. So that monitoring systems can interpret the IOAM 834 data."; 836 } 837 container ioam-profiles { 838 description 839 "Contains a list of IOAM profiles."; 841 container admin-config { 842 description 843 "Contains all the administrative configurations related to 844 the IOAM functionalities and all the IOAM profiles."; 846 uses ioam-admin-config; 847 } 849 list ioam-profile { 850 key "profile-name"; 851 ordered-by user; 852 description 853 "A list of IOAM profiles that configured on the node."; 855 leaf profile-name { 856 type string; 857 mandatory true; 858 description 859 "Unique identifier for each IOAM profile"; 860 } 862 container filter { 863 uses ioam-filter; 864 description 865 "The filter which is used to indicate the flow to apply 866 IOAM."; 867 } 869 leaf protocol-type { 870 type ioam-protocol-type; 871 description 872 "This item is used to indicate the carrier protocol where 873 the IOAM is applied."; 874 } 876 container incremental-tracing-profile { 877 if-feature incremental-trace; 878 description 879 "describe the profile for incremental tracing option"; 881 leaf enabled { 882 type boolean; 883 default false; 884 description 885 "When true, apply incremental tracing option to the 886 specified flow identified by the filter."; 887 } 889 uses ioam-incremental-tracing-profile; 890 } 892 container preallocated-tracing-profile { 893 if-feature preallocated-trace; 894 description 895 "describe the profile for preallocated tracing option"; 897 leaf enabled { 898 type boolean; 899 default false; 900 description 901 "When true, apply preallocated tracing option to the 902 specified flow identified by the following filter."; 903 } 905 uses ioam-preallocated-tracing-profile; 906 } 908 container direct-export-profile { 909 if-feature direct-export; 910 description 911 "describe the profile for direct-export option"; 913 leaf enabled { 914 type boolean; 915 default false; 916 description 917 "When true, apply direct-export option to the 918 specified flow identified by the following filter."; 919 } 921 uses ioam-direct-export-profile; 922 } 924 container pot-profile { 925 if-feature proof-of-transit; 926 description 927 "describe the profile for PoT option"; 929 leaf enabled { 930 type boolean; 931 default false; 932 description 933 "When true, apply Proof of Transit option to the 934 specified flow identified by the following filter."; 935 } 937 leaf active-profile-index { 938 type pot:profile-index-range; 939 description 940 "Proof of transit profile index that is currently 941 active. Will be set in the first hop of the path 942 or chain. Other nodes will not use this field."; 943 } 945 uses pot:pot-profile; 946 } 948 container e2e-profile { 949 if-feature edge-to-edge; 950 description 951 "describe the profile for e2e option"; 953 leaf enabled { 954 type boolean; 955 default false; 956 description 957 "When true, apply End to end option to the 958 specified flow identified by the following filter."; 959 } 961 uses ioam-e2e-profile; 962 } 963 } 964 } 965 } 966 } 967 969 5. Security Considerations 971 The YANG module specified in this document defines a schema for data 972 that is designed to be accessed via network management protocols such 973 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 974 is the secure transport layer, and the mandatory-to-implement secure 975 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 976 is HTTPS, and the mandatory-to-implement secure transport is TLS 977 [RFC5246]. 979 The NETCONF access control model [RFC6536] provides the means to 980 restrict access for particular NETCONF or RESTCONF users to a 981 preconfigured subset of all available NETCONF or RESTCONF protocol 982 operations and content. 984 There are a number of data nodes defined in this YANG module that are 985 writable/creatable/deletable (i.e., config true, which is the 986 default). These data nodes may be considered sensitive or vulnerable 987 in some network environments. Write operations (e.g., edit-config) 988 to these data nodes without proper protection can have a negative 989 effect on network operations. These are the subtrees and data nodes 990 and their sensitivity/vulnerability: 992 o /ioam/ioam-profiles/admin-config 994 The items in the container above include the top level administrative 995 configurations related to the IOAM functionalities and all the IOAM 996 profiles. Unexpected changes to these items could lead to the IOAM 997 function disruption and/ or misbehavior of all the IOAM profiles. 999 o /ioam/ioam-profiles/ioam-profile 1001 The entries in the list above include the whole IOAM profile 1002 configurations which indirectly create or modify the device 1003 configurations. Unexpected changes to these entries could lead to 1004 the mistake of the IOAM behavior for the corresponding flows. 1006 6. IANA Considerations 1008 RFC Ed.: In this section, replace all occurrences of 'XXXX' with the 1009 actual RFC number (and remove this note). 1011 IANA is requested to assign a new URI from the IETF XML Registry 1012 [RFC3688]. The following URI is suggested: 1014 URI: urn:ietf:params:xml:ns:yang:ietf-ioam 1015 Registrant Contact: The IESG. 1016 XML: N/A; the requested URI is an XML namespace. 1018 This document also requests a new YANG module name in the YANG Module 1019 Names registry [RFC7950] with the following suggestion: 1021 name: ietf-ioam 1022 namespace: urn:ietf:params:xml:ns:yang:ietf-ioam 1023 prefix: ioam 1024 reference: RFC XXXX 1026 7. Acknowledgements 1028 For their valuable comments, discussions, and feedback, we wish to 1029 acknowledge Greg Mirsky, Reshad Rahman and Tom Petch. 1031 8. References 1033 8.1. Normative References 1035 [I-D.ietf-ippm-ioam-data] 1036 Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields 1037 for In-situ OAM", draft-ietf-ippm-ioam-data-12 (work in 1038 progress), February 2021. 1040 [I-D.ietf-ippm-ioam-direct-export] 1041 Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F., 1042 Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ 1043 OAM Direct Exporting", draft-ietf-ippm-ioam-direct- 1044 export-03 (work in progress), February 2021. 1046 [I-D.ietf-sfc-proof-of-transit] 1047 Brockners, F., Bhandari, S., Mizrahi, T., Dara, S., and S. 1048 Youell, "Proof of Transit", draft-ietf-sfc-proof-of- 1049 transit-08 (work in progress), November 2020. 1051 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1052 Requirement Levels", BCP 14, RFC 2119, 1053 DOI 10.17487/RFC2119, March 1997, 1054 . 1056 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1057 DOI 10.17487/RFC3688, January 2004, 1058 . 1060 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1061 (TLS) Protocol Version 1.2", RFC 5246, 1062 DOI 10.17487/RFC5246, August 2008, 1063 . 1065 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1066 and A. Bierman, Ed., "Network Configuration Protocol 1067 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1068 . 1070 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1071 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1072 . 1074 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1075 Protocol (NETCONF) Access Control Model", RFC 6536, 1076 DOI 10.17487/RFC6536, March 2012, 1077 . 1079 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1080 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1081 . 1083 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1084 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1085 . 1087 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1088 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1089 May 2017, . 1091 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1092 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1093 . 1095 [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 1096 "YANG Data Model for Network Access Control Lists (ACLs)", 1097 RFC 8519, DOI 10.17487/RFC8519, March 2019, 1098 . 1100 8.2. Informative References 1102 [I-D.ietf-ippm-ioam-ipv6-options] 1103 Bhandari, S., Brockners, F., Pignataro, C., Gredler, H., 1104 Leddy, J., Youell, S., Mizrahi, T., Kfir, A., Gafni, B., 1105 Lapukhov, P., Spiegel, M., Krishnan, S., Asati, R., and M. 1106 Smith, "In-situ OAM IPv6 Options", draft-ietf-ippm-ioam- 1107 ipv6-options-05 (work in progress), February 2021. 1109 [I-D.ietf-sfc-ioam-nsh] 1110 Brockners, F. and S. Bhandari, "Network Service Header 1111 (NSH) Encapsulation for In-situ OAM (IOAM) Data", draft- 1112 ietf-sfc-ioam-nsh-05 (work in progress), December 2020. 1114 Appendix A. Examples 1116 This appendix is non-normative. 1118 tbd 1120 Authors' Addresses 1122 Tianran Zhou 1123 Huawei 1124 156 Beiqing Rd. 1125 Beijing 100095 1126 China 1128 Email: zhoutianran@huawei.com 1130 Jim Guichard 1131 Futurewei 1132 United States of America 1134 Email: james.n.guichard@futurewei.com 1136 Frank Brockners 1137 Cisco Systems 1138 Hansaallee 249, 3rd Floor 1139 Duesseldorf, Nordrhein-Westfalen 40549 1140 Germany 1142 Email: fbrockne@cisco.com 1144 Srihari Raghavan 1145 Cisco Systems 1146 Tril Infopark Sez, Ramanujan IT City 1147 Neville Block, 2nd floor, Old Mahabalipuram Road 1148 Chennai, Tamil Nadu 600113 1149 India 1151 Email: srihari@cisco.com