idnits 2.17.1 draft-ietf-opsawg-l2nm-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 59 instances of too long lines in the document, the longest one being 15 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 461 has weird spacing: '...--rw id str...' == Line 463 has weird spacing: '...--rw id str...' == Line 465 has weird spacing: '...--rw id str...' == Line 467 has weird spacing: '...--rw id str...' == Line 469 has weird spacing: '...--rw id str...' == (10 more instances...) -- The document date (April 30, 2021) is 1085 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-12) exists of draft-ietf-opsawg-vpn-common-03 ** Downref: Normative reference to an Informational RFC: RFC 6624 ** Downref: Normative reference to an Informational RFC: RFC 7209 == Outdated reference: A later version (-17) exists of draft-ietf-teas-enhanced-vpn-07 == Outdated reference: A later version (-25) exists of draft-ietf-teas-ietf-network-slices-00 Summary: 3 errors (**), 0 flaws (~~), 10 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 OPSAWG S. Barguil, Ed. 3 Internet-Draft O. Gonzalez de Dios, Ed. 4 Intended status: Standards Track Telefonica 5 Expires: November 1, 2021 M. Boucadair , Ed. 6 Orange 7 L. Munoz 8 Vodafone 9 April 30, 2021 11 A Layer 2 VPN Network YANG Model 12 draft-ietf-opsawg-l2nm-02 14 Abstract 16 This document defines a YANG data model (called, L2NM) that can be 17 used to manage the provisioning of Layer 2 VPN services within a 18 service provider Network. The L2NM provides representation of the 19 Layer 2 VPN services from a network standpoint. The L2NM is meant to 20 be used by a network controller to derive the configuration 21 information that will be sent to relevant network devices. 23 The L2NM complements the Layer 2 Service Model by providing a 24 network-centric view of the service that is internal to a service 25 providers. 27 Editorial Note (To be removed by RFC Editor) 29 Please update these statements within the document with the RFC 30 number to be assigned to this document: 32 o "This version of this YANG module is part of RFC XXXX;" 34 o "RFC XXXX: Layer 2 VPN Network Model"; 36 o reference: RFC XXXX 38 Please update "RFC CCCC" to the RFC number to be assigned to I- 39 D.ietf-opsawg-vpn-common. 41 Also, please update the "revision" date of the YANG module. 43 Status of This Memo 45 This Internet-Draft is submitted in full conformance with the 46 provisions of BCP 78 and BCP 79. 48 Internet-Drafts are working documents of the Internet Engineering 49 Task Force (IETF). Note that other groups may also distribute 50 working documents as Internet-Drafts. The list of current Internet- 51 Drafts is at https://datatracker.ietf.org/drafts/current/. 53 Internet-Drafts are draft documents valid for a maximum of six months 54 and may be updated, replaced, or obsoleted by other documents at any 55 time. It is inappropriate to use Internet-Drafts as reference 56 material or to cite them other than as "work in progress." 58 This Internet-Draft will expire on November 1, 2021. 60 Copyright Notice 62 Copyright (c) 2021 IETF Trust and the persons identified as the 63 document authors. All rights reserved. 65 This document is subject to BCP 78 and the IETF Trust's Legal 66 Provisions Relating to IETF Documents 67 (https://trustee.ietf.org/license-info) in effect on the date of 68 publication of this document. Please review these documents 69 carefully, as they describe your rights and restrictions with respect 70 to this document. Code Components extracted from this document must 71 include Simplified BSD License text as described in Section 4.e of 72 the Trust Legal Provisions and are provided without warranty as 73 described in the Simplified BSD License. 75 Table of Contents 77 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 78 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 79 3. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . 5 80 4. Reference Architecture . . . . . . . . . . . . . . . . . . . 5 81 5. Relation with other YANG Models . . . . . . . . . . . . . . . 8 82 6. Description of the L2NM YANG Module . . . . . . . . . . . . . 10 83 6.1. Structure of the Module . . . . . . . . . . . . . . . . . 10 84 6.2. VPN Profiles . . . . . . . . . . . . . . . . . . . . . . 10 85 6.3. L2VPN Service . . . . . . . . . . . . . . . . . . . . . . 12 86 6.3.1. Global Parameters Profiles . . . . . . . . . . . . . 15 87 6.3.2. VPN Node . . . . . . . . . . . . . . . . . . . . . . 16 88 6.3.2.1. Signaling Options . . . . . . . . . . . . . . . . 18 89 6.3.2.2. VPN Network Access . . . . . . . . . . . . . . . 21 90 6.3.2.2.1. Connection . . . . . . . . . . . . . . . . . 23 91 6.3.2.2.2. Services . . . . . . . . . . . . . . . . . . 25 92 7. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 26 93 8. Security Considerations . . . . . . . . . . . . . . . . . . . 69 94 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 70 95 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 71 96 10.1. Normative References . . . . . . . . . . . . . . . . . . 71 97 10.2. Informative References . . . . . . . . . . . . . . . . . 73 98 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 74 99 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 74 100 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 75 101 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 75 103 1. Introduction 105 [RFC8466] defines an L2VPN Service Model (L2SM) YANG data model that 106 can be used for L2VPN service ordering matters between customers and 107 service providers (SPs). This document complements the L2SM by 108 creating a network-centric view of the service which can be exposed 109 by a network to a service controller within the service providers 110 network. In particular, the model can be used in the communication 111 between the entity that interacts directly with the customer, the 112 service orchestrator, (either fully automated or a human operator) 113 and the entity in charge of network orchestration and control 114 (a.k.a., network controller/orchestrator). 116 The data model defined in this document is called the L2VPN Network 117 Model (L2NM), playing the role of Service Delivery Model (Figure 3 of 118 [RFC8466]). The module supports additional capabilities, such as 119 exposing operational parameters, transport protocols selection and 120 precedence. It also serves as a multi-domain orchestration 121 interface, because this model can transport resources (i.e., VCID) 122 between domains. The data model keeps minimum customer-related 123 information. 125 This document uses the common VPN YANG module defined in 126 [I-D.ietf-opsawg-vpn-common]. 128 The YANG data model in this document conforms to the Network 129 Management Datastore Architecture (NMDA) defined in [RFC8342]. 131 2. Terminology 133 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 134 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 135 "OPTIONAL" in this document are to be interpreted as described in BCP 136 14 [RFC2119] [RFC8174] when, and only when, they appear in all 137 capitals, as shown here. 139 This document assumes that the reader is familiar with the contents 140 of [RFC6241], [RFC7950], [RFC8466], [RFC8309], and uses terminology 141 from those documents. 143 This document uses the term "network model" defined in Section 2.1 of 144 [RFC8969]. 146 The meaning of the symbols in YANG tree diagrams is [RFC8340]. 148 This document uses the term "network model" defined in Section 2.1 of 149 [RFC8969]. 151 This document makes use of the following terms: 153 L2 VPN Customer Service Model (L2SM): Describes the service 154 characterization of an L2VPN that interconnects a set of sites 155 from the perspective of the customer. The customer service model 156 does not provide details on the service provider network. The 157 L2VPN customer service model is defined in [RFC8466]. 159 L2 VPN Service Network Model (L2NM): Refers to the YANG module that 160 describes an L2VPN service with a network-centric view. It 161 contains information of the service providers network and might 162 include allocated resources. It can be used by network 163 controllers to manage the Layer 2 VPN service configuration in the 164 service providers network. The YANG module can be consumed by a 165 service orchestrator to request a VPN service to a network 166 controller or to expose the list of active L2VPN services. 168 Service orchestrator: Refers to a functional entity that interacts 169 with the customer of an L2VPN relying upon, e.g., L2SM. The 170 service orchestrator is responsible of the CE-PE attachment 171 circuits, the PE selection, and requesting the activation of the 172 L2VPN service to a network controller. 174 Network controller: Denotes a functional entity responsible for the 175 management of the service providers network. 177 VPN node: Is an abstraction that represents a set of policies 178 applied on a PE and that belong to a single VPN service. A VPN 179 service involves one or more VPN nodes. The VPN node will 180 identify the service providers node on which the VPN is deployed. 182 VPN network access: Is an abstraction that represents the network 183 interfaces that are associated to a given VPN node. Traffic 184 coming from the VPN network access belongs to the VPN. The 185 attachment circuits (bearers) between CEs and PEs are terminated 186 in the VPN network access. 188 VPN Service Provider (SP): Is a service providers that offers L2VPN- 189 related services. 191 Service Provider Network (SP Network): Is a network able to provide 192 L2VPN-related services. 194 3. Acronyms 196 The following acronyms are used in the document: 198 ACL Access Control List 199 BGP Border Gateway Protocol 200 CE Customer Edge 201 L2VPN Layer 2 Virtual Private Network 202 L2SM L2VPN Service Model 203 L2NM L2VPN Network Model 204 PE Provider Edge 205 QoS Quality of Service 206 RD Route Distinguisher 207 RT Route Target 208 VPN Virtual Private Network 209 VRF Virtual Routing and Forwarding 211 4. Reference Architecture 213 Figure 1 illustrates how L2NM is used. As a reminder, this figure is 214 an expansion of the architecture presented in Section 3 of [RFC8466] 215 and decomposes the box marked "orchestration" in that figure into 216 three separate functional components called "Service Orchestration", 217 "Network Orchestration", and "Domain Orchestration". 219 The reader may refer to [RFC8309] for the distinction between the 220 "Customer Service Model", the "Service Delivery Model", the "Network 221 Configuration Model", and the "Device Configuration Model". The 222 "Domain Orchestration" and "Config Manager" roles may be performed by 223 "SDN Controllers". 225 +---------------+ 226 | Customer | 227 +-------+-------+ 228 Customer Service Model | 229 l2vpn-svc | 230 +-------+-------+ 231 | Service | 232 | Orchestration | 233 +-------+-------+ 234 Network Model | 235 l2vpn-ntw | 236 +-------+-------+ 237 | Network | 238 | Orchestration | 239 +-------+-------+ 240 Network Configuration Model | 241 ___________|___________ 242 | | 243 +--------+------+ +--------+------+ 244 | Domain | | Domain | 245 | Orchestration | | Orchestration | 246 +---+-----------+ +--------+------+ 247 Device | | | 248 Configuration | | | 249 Model | | | 250 +----+----+ | | 251 | Config | | | 252 | Manager | | | 253 +----+----+ | | 254 | | | 255 | NETCONF/CLI.................. 256 | | | 257 +------------------------------------------------+ 258 Network 260 +++++++ 261 + AAA + 262 +++++++ 264 ++++++++ Bearer ++++++++ ++++++++ ++++++++ 265 + CE A + ----------- + PE A + + PE B + ---- + CE B + 266 ++++++++ Connection ++++++++ ++++++++ ++++++++ 268 Site A Site B 270 Figure 1: L2SM and L2NM Interaction 272 The customer may use a variety of means to request a service that may 273 trigger the instantiation of a L2NM. The customer may use the L2SM 274 or may rely upon more abstract models to request a service that 275 relies upon an L3VPN service. For example, the customer may supply 276 an IP Connectivity Provisioning Profile (CPP) [RFC7297], an enhanced 277 VPN (VPN+) service [I-D.ietf-teas-enhanced-vpn], or an IETF network 278 slice [I-D.ietf-teas-ietf-network-slices]. 280 Note also that both the L2SM and the L2NM may be used in the context 281 of the Abstraction and Control of TE Networks (ACTN) architecture 282 [RFC8453]. Figure 2 shows the Customer Network Controller (CNC), the 283 Multi-Domain Service Coordinator (MDSC), and the Provisioning Network 284 Controller (PNC). 286 +----------------------------------+ 287 | Customer | 288 | +-----------------------------+ | 289 | | CNC | | 290 | +-----------------------------+ | 291 +----+-----------------------+-----+ 292 | | 293 | L2SM | L2SM 294 | | 295 +---------+---------+ +---------+---------+ 296 | MDSC | | MDSC | 297 | +---------------+ | | (parent) | 298 | | Service | | +---------+---------+ 299 | | Orchestration | | | 300 | +-------+-------+ | | L2NM 301 | | | | 302 | | L2NM | +---------+---------+ 303 | | | | MDSC | 304 | +-------+-------+ | | (child) | 305 | | Network | | +---------+---------+ 306 | | Orchestration | | | 307 | +---------------+ | | 308 +---------+---------+ | 309 | | 310 | Network Configuration | 311 | | 312 +------------+-------+ +---------+------------+ 313 | Domain | | Domain | 314 | Controller | | Controller | 315 | +---------+ | | +---------+ | 316 | | PNC | | | | PNC | | 317 | +---------+ | | +---------+ | 318 +------------+-------+ +---------+------------+ 319 | | 320 | Device Configuration | 321 | | 322 +----+---+ +----+---+ 323 | Device | | Device | 324 +--------+ +--------+ 326 Figure 2: L2SM and L2NM in the Context of ACTN 328 5. Relation with other YANG Models 330 The "ietf-vpn-common" module [I-D.ietf-opsawg-vpn-common] includes a 331 set of identities, types, and groupings that are meant to be reused 332 by VPN-related YANG modules independently of the layer (e.g., Layer 333 2, Layer 3) and the type of the module (e.g., network model, service 334 model) including future revisions of existing models (e.g., 335 [RFC8466]). The L2NM reuses these common types and groupings. 337 As discussed in Section 4, the L2NM is meant to manage L2VPN services 338 within a service provider network. The module provides a network 339 view of the service. Such a view is only visible within the service 340 provider and is not exposed outside (to customers, for example). The 341 following discusses how L2NM interfaces with other YANG modules: 343 L2SM: L2NM is not a customer service model. 345 The internal view of the service (i.e., L2NM) may be mapped to an 346 external view which is visible to customers: L2VPN Service YANG 347 data Model (L2SM) [RFC8466]. 349 The L2NM can be fed with inputs that are requested by customers, 350 typically, relying upon an L2SM template. Concretely, some parts 351 of the L2SM module can be directly mapped into L2NM while other 352 parts are generated as a function of the requested service and 353 local guidelines. Some other parts are local to the service 354 provider and do not map directly to L2SM. 356 Note that the use of L2NM within a service provider does not 357 assume nor preclude exposing the VPN service via the L2SM. This 358 is deployment-specific. Nevertheless, the design of L2NM tries to 359 align as much as possible with the features supported by the L2SM 360 to ease grafting both L2NM and L2SM for the sake of highly 361 automated VPN service provisioning and delivery. 363 Network Topology Modules: An L2VPN involves nodes that are part of a 364 topology managed by the service provider network. Such topology 365 can be represented using the network topology module in [RFC8345]. 367 Device Modules: L2NM is not a device model. 369 Once a global VPN service is captured by means of the L2NM, the 370 actual activation and provisioning of the VPN service will involve 371 a variety of device modules to tweak the required functions for 372 the delivery of the service. These functions are supported by the 373 VPN nodes and can be managed using device YANG modules. 375 How the L2NM is used to derive device-specific actions is 376 implementation-specific. 378 6. Description of the L2NM YANG Module 380 The L2NM module ('ietf-l2vpn-ntw') is meant to manage L2VPNs within a 381 service provider network. In particular, the 'ietf-l2vpn-ntw' module 382 can be used to create, modify, and retrieve L2VPN services in a 383 network controller. The module is not aimed at maintaining customer- 384 related information. 386 Editor's note: Next version of the document will include the full 387 description of the parameters. When the parameters match with L2SM, 388 the exact reference will be done 390 6.1. Structure of the Module 392 The 'ietf-l2vpn-ntw' module uses two main containers: 'vpn-services' 393 and 'vpn-profiles'. The 'vpn-services' container maintains a set of 394 L2VPN services managed in the service providers network. The module 395 allows to create a new L2VPN service by adding a new instance of 396 'vpn-service'. The 'vpn-service' is the data structure that 397 abstracts the VPN Service. 399 module: ietf-l3vpn-ntw 400 +--rw l3vpn-ntw 401 +--rw vpn-profiles 402 | ... 403 +--rw vpn-services 404 +--rw vpn-service* [vpn-id] 405 ... 406 +--rw vpn-nodes 407 +--rw vpn-node* [vpn-node-id] 408 ... 409 +--rw vpn-network-accesses 410 +--rw vpn-network-access* [id] 411 ... 413 Figure 3: Simplified L2NM Tree Structure 415 6.2. VPN Profiles 417 The 'vpn-profiles' container (Figure 4) allows the VPN service 418 provider to define and maintain a set of VPN profiles 419 [I-D.ietf-opsawg-vpn-common] that apply to one or several VPN 420 services. 422 This document does not make any assumption about the exact definition 423 of these profiles. The exact definition of the profiles is local to 424 each VPN service provider. The model only includes an identifier to 425 these profiles in order to ease identifying and binding local 426 policies when building a VPN service. As shown in Figure 4, the 427 following identifiers can be included: 429 'external-connectivity-identifier': This identifier refers to a 430 profile that defines the external connectivity provided to a VPN 431 service (or a subset of VPN sites). An external connectivity may 432 be an access to the Internet or a restricted connectivity such as 433 access to a public/private cloud. 435 'encryption-profile-identifier': An encryption profile refers to a 436 set of policies related to the encryption schemes and setup that 437 can be applied when building and offering a VPN service. 439 'qos-profile-identifier': A Quality of Service (QoS) profile refers 440 to as set of policies such as classification, marking, and actions 441 (e.g., [RFC3644]). 443 'bfd-profile-identifier': A Bidirectional Forwarding Detection (BFD) 444 profile refers to a set of BFD [RFC5880] policies that can be 445 invoked when building a VPN service. 447 'forwarding-profile-identifier': A forwarding profile refers to the 448 policies that apply to the forwarding of packets conveyed within a 449 VPN. Such policies may consist, for example, at applying Access 450 Control Lists (ACLs). 452 'routing-profile-identifier': A routing profile refers to a set of 453 routing policies that will be invoked (e.g., BGP policies) when 454 delivering the VPN service. 456 +--rw l2vpn-ntw 457 +--rw vpn-profiles 458 | +--rw valid-provider-identifiers 459 | +--rw external-connectivity-identifier* [id] 460 | | {external-connectivity}? 461 | | +--rw id string 462 | +--rw encryption-profile-identifier* [id] 463 | | +--rw id string 464 | +--rw qos-profile-identifier* [id] 465 | | +--rw id string 466 | +--rw bfd-profile-identifier* [id] 467 | | +--rw id string 468 | +--rw forwarding-profile-identifier* [id] 469 | | +--rw id string 470 | +--rw routing-profile-identifier* [id] 471 | +--rw id string 472 +--rw vpn-services 473 ... 475 Figure 4: VPN Profiles Subtree Structure 477 6.3. L2VPN Service 479 The 'vpn-service' is the data structure that abstracts a VPN service 480 in the service provider network. Each 'vpn-service' is uniquely 481 identified by an identifier: 'vpn-id'. Such 'vpn-id' is only 482 meaningful locally within the network controller. The subtree of the 483 'vpn-services' is shown in Figure 5. 485 +--rw vpn-services 486 +--rw vpn-service* [vpn-id] 487 +--rw vpn-id vpn-common:vpn-id 488 +--rw vpn-name? string 489 +--rw vpn-description? string 490 +--rw customer-name? string 491 +--rw parent-service-id? vpn-common:vpn-id 492 +--rw vpn-type? identityref 493 +--rw vpn-service-topology? identityref 494 +--rw global-parameters-profiles 495 | +--rw global-parameters-profile* [profile-id] 496 | +--rw profile-id string 497 | +--rw svc-mtu? uint32 498 | +--rw ce-vlan-preservation? boolean 499 | +--rw ce-vlan-cos-perservation? boolean 500 | +--rw control-word-negotiation? boolean 501 | +--rw mac-policies 502 | | +--rw mac-addr-limit 503 | | | +--rw mac-num-limit? uint16 504 | | | +--rw time-interval? uint32 505 | | | +--rw action? identityref 506 | | +--rw mac-loop-prevention 507 | | +--rw frequency? uint32 508 | | +--rw protection-type? identityref 509 | | +--rw number-retries? uint32 510 | +--rw multicast-like {vpn-common:multicast}? 511 | +--rw enabled? boolean 512 | +--rw customer-tree-flavors 513 | +--rw tree-flavor* identityref 514 +--rw underlay-transport 515 | +--rw (type)? 516 | +--:(abstract) 517 | | +--rw transport-instance-id? string 518 | | +--rw instance-type? identityref 519 | +--:(protocol) 520 | +--rw protocol* identityref 521 +--rw status 522 | +--rw admin-status 523 | | +--rw status? identityref 524 | | +--rw last-updated? yang:date-and-time 525 | +--ro oper-status 526 | +--ro status? identityref 527 | +--ro last-updated? yang:date-and-time 528 +--rw vpn-nodes 529 ... 531 Figure 5 533 The description of the VPN service data nodes that are depicted in 534 Figure 5 are as follows: 536 'vpn-id': Is an identifier that is used to uniquely identify the 537 L2VPN service within L2NM scope. 539 'vpn-name': Associates a name with the service in order to 540 facilitate the identification of the service. 542 'vpn-description': Includes a textual description of the service. 544 The internal structure of a VPN description is local to each VPN 545 service provider. 547 'customer-name': Indicates the name of the customer who ordered the 548 service. 550 'parent-service-id': Refers to an identifier of the parent service 551 (e.g, L2SM, IETF network slice, VPN+) that triggered the creation 552 of the VPN service. This identifier is used to easily correlate 553 the (network) service as built in the network with a service 554 order. A controller can use that correlation to enrich or 555 populate some fields (e.g., description fields) as a function of 556 local deployments. 558 'vpn-type': Indicates the VPN type. Typically, the following types 559 can be used for the L2NM [I-D.ietf-opsawg-vpn-common]: 561 'vpls': Virtual Private LAN Service (VPLS) as defined in 562 [RFC4761] or [RFC4762]. 564 'vpws-evpn': Point-to-point Virtual Private Wire Service (VPWS) 565 as defined in [RFC8214]. 567 'pbb-evpn': Provider Backbone Bridging (PBB) EVPNs as defined in 568 [RFC7623]. 570 'mpls-evpn': MPLS-based EVPNs [RFC7432]. 572 'vxlan-evpn': VXLAN based EVPNs [RFC8365]. 574 'vpn-service-topology': Indicates the network topology for the 575 service: hub-spoke, any-to-any, or custom. 577 'global-parameters-profiles': Defines reusable parameters for the 578 same 'vpn-service'. 580 More details are provided in Section 6.3.1. 582 'underlay-transport': Describes the preference for the transport 583 technology to carry the traffic of the VPN service. This 584 preference is especially useful in networks with multiple domains 585 and Network-to-Network Interface (NNI) types. The underlay 586 transport can be expressed as an abstract transport instance 587 (e.g., an identifier of a VPN+ instance, a virtual network 588 identifier, or a network slice name) or as an ordered list of the 589 actual protocols to be enabled in the network. 591 A rich set of protocol identifiers that can be used to refer to an 592 underlay transport are defined in [I-D.ietf-opsawg-vpn-common]. 594 'status': Is used to track the service status of a given VPN 595 service. Both operational and administrative status are 596 maintained together with a timestamp. For example, a service can 597 be created, but not put into effect. 599 Administrative and operational status can be used as a trigger to 600 detect service anomalies. For example, a service that is declared 601 at the service layer as being active but still inactive at the 602 network layer is an indication that network provision actions are 603 needed to align the observed service status with the expected 604 service status. 606 'vpn-node': Is an abstraction that represents a set of policies 607 applied to a network node and that belong to a single 'vpn- 608 service'. A VPN service is typically built by adding instances of 609 'vpn-node' to the 'vpn-nodes' container. 611 A 'vpn-node' contains 'vpn-network-accesses', which are the 612 interfaces attached to the VPN by which the customer traffic is 613 received. Therefore, the customer sites are connected to the 614 'vpn-network-accesses'. 616 Note that, as this is a network data model, the information about 617 customers sites is not required in the model. Such information is 618 rather relevant in the L2SM. Whether that information is included 619 in the L2NM, e.g., to populate the various 'description' data node 620 is implementation specific. 622 More details are provided in Section 6.3.2. 624 6.3.1. Global Parameters Profiles 626 TBC 628 6.3.2. VPN Node 630 The 'vpn-node' is an abstraction that represents a set of policies/ 631 configurations applied to a network node and that belong to a single 632 'vpn-service'. A 'vpn-node' contains 'vpn-network-accesses', which 633 are the interfaces involved in the creation of the VPN. The customer 634 sites are connected to the 'vpn_network_accesses'. 636 +--rw l2vpn-ntw 637 +--rw vpn-profiles 638 | ... 639 +--rw vpn-services 640 +--rw vpn-service* [vpn-id] 641 ... 642 +--rw vpn-nodes 643 +--rw vpn-node* [vpn-node-id] 644 +--rw vpn-node-id vpn-common:vpn-id 645 +--rw description? string 646 +--rw role? identityref 647 +--rw ne-id string 648 +--rw active-global-parameters-profiles 649 | +--rw global-parameters-profile* [profile-id] 650 | +--rw profile-id leafref 651 | +--rw svc-mtu? uint32 652 | +--rw ce-vlan-preservation? boolean 653 | +--rw ce-vlan-cos-perservation? boolean 654 | +--rw control-word-negotiation? boolean 655 | +--rw mac-policies 656 | | +--rw mac-addr-limit 657 | | | +--rw mac-num-limit? uint16 658 | | | +--rw time-interval? uint32 659 | | | +--rw action? identityref 660 | | +--rw mac-loop-prevention 661 | | +--rw frequency? uint32 662 | | +--rw protection-type? identityref 663 | | +--rw number-retries? uint32 664 | +--rw multicast-like {vpn-common:multicast}? 665 | +--rw enabled? boolean 666 | +--rw customer-tree-flavors 667 | +--rw tree-flavor* identityref 668 +--rw status 669 | +--rw admin-status 670 | | +--rw status? identityref 671 | | +--rw last-updated? yang:date-and-time 672 | +--ro oper-status 673 | +--ro status? identityref 674 | +--ro last-updated? yang:date-and-time 675 +--rw signaling-options* [type] 676 | ... 677 +--rw vpn-network-accesses 678 ... 680 Figure 6 682 In reference to the subtree shown in Figure 6, the description of VPN 683 node data nodes is as follows: 685 'vpn-node-id': Is an identifier that uniquely identifies a node that 686 enables a VPN network access. 688 'description': Provides a textual description of the VPN node. 690 'ne-id': Includes a unique identifier of the network element where 691 the VPN node is deployed. 693 'active-global-parameters-profiles': Lists the set of active global 694 VPN parameters profiles for this VPN node. Concretely, one or 695 more global profiles that are defined at the VPN service level can 696 be activated at the VPN node level; each of these profiles is 697 uniquely identified by means of 'profile-id'. The structure of 698 'active-global-parameters-profiles' is the same as the one 699 discussed in Section 6.3.1. 701 Values defined in 'active-global-parameters-profiles' overrides 702 the ones defined in the VPN service level. 704 'signaling-options': See Section 6.3.2.1. 706 'status': Tracks the status of a node involved in a VPN service. 707 Both operational and administrative status are maintained. A 708 mismatch between the administrative status vs. the operational 709 status can be used as a trigger to detect anomalies. 711 'vpn-network-accesses': Represents the point to which sites are 712 connected. 714 Note that, unlike in L2SM, the L2NM does not need to model the 715 customer site, only the points where the traffic from the site are 716 received (i.e., the PE side of PE-CE connections). Hence, the VPN 717 network access contains the connectivity information between the 718 provider's network and the customer premises. The VPN profiles 719 ('vpn-profiles') have a set of routing policies that can be 720 applied during the service creation. 722 See Section 6.3.2.2 for more details. 724 6.3.2.1. Signaling Options 726 This sub-tree defines the L2VPN service type, according to the 727 several signalling options to exchange membership information between 728 PEs of an L2VPN. The following signaling options are supported: 730 'l2vpn-bgp': Refers to the BGP control plane as described in 731 [RFC4761] and [RFC6624]. 733 'evpn-bgp': Refers to the BGP control plane as described in 734 [RFC7432] and [RFC7209]. 736 't-ldp-pwe': Refers to LDP-signaled Pseudowires [RFC6074]. 738 'l2tp-pwe': Refers to L2TP-signaled Pseudowires [RFC6074]. 740 +--------------+---------------------+ 741 | Service Type | Signaling Options | 742 +--------------+---------------------+ 743 | vpls | t-ldp-pwe, l2tp-pwe | 744 | vpws-evpn | evpn-bgp | 745 | pbb-evpn | evpn-bgp | 746 | mpls-evpn | l2vpn-bgp, evpn-bgp | 747 | vxlan-evpn | evpn-bgp | 748 +--------------+---------------------+ 750 Table 1: Valid Signaling Options per Service Type (To be completed) 752 ... 753 +--rw signaling-options* [type] 754 | +--rw type identityref 755 | +--rw (signaling-option)? 756 | +--:(bgp) 757 | | +--rw (rd-choice)? 758 | | | +--:(directly-assigned) 759 | | | | +--rw rd? 760 | | | | rt-types:route-distinguisher 761 | | | +--:(directly-assigned-suffix) 762 | | | | +--rw rd-suffix? uint16 763 | | | +--:(auto-assigned) 764 | | | | +--rw rd-auto 765 | | | | +--rw (auto-mode)? 766 | | | | | +--:(from-pool) 767 | | | | | | +--rw rd-pool-name? string 768 | | | | | +--:(full-auto) 769 | | | | | +--rw auto? empty 770 | | | | +--ro auto-assigned-rd? 771 | | | | rt-types:route-distinguisher 772 | | | +--:(auto-assigned-suffix) 773 | | | | +--rw rd-auto-suffix 774 | | | | +--rw (auto-mode)? 775 | | | | | +--:(from-pool) 776 | | | | | | +--rw rd-pool-name? string 777 | | | | | +--:(full-auto) 778 | | | | | +--rw auto? empty 779 | | | | +--ro auto-assigned-rd-suffix? uint16 780 | | | +--:(no-rd) 781 | | | +--rw no-rd? empty 782 | | +--rw vpn-target* [id] 783 | | | +--rw id int8 784 | | | +--rw route-targets* [route-target] 785 | | | | +--rw route-target rt-types:route-target 786 | | | +--rw route-target-type rt-types:route-target-type 787 | | +--rw vpn-policies 788 | | | +--rw import-policy? string 789 | | | +--rw export-policy? string 790 | | +--rw address-family? identityref 791 | | +--rw (l2vpn-bgp)? 792 | | | +--:(pwe-encapsulation-type) 793 | | | | +--rw pwe-encapsulation-type? identityref 794 | | | +--:(pwe-mtu) 795 | | | +--rw pwe-mtu 796 | | | +--rw allow-mtu-mismatch? boolean 797 | | +--rw (evpn-bgp)? 798 | | +--:(vpn-id) 799 | | | +--rw vpn-id? leafref 800 | | +--:(evpn-type) 801 | | | +--rw evpn-type? identityref 802 | | +--:(service-interface-type) 803 | | | +--rw service-interface-type? identityref 804 | | +--:(common) 805 | | +--rw common 806 | | +--rw mac-learning-mode? identityref 807 | | +--rw ingress-replication? boolean 808 | | +--rw p2mp-replication? boolean 809 | | +--rw arp-proxy? boolean 810 | | +--rw arp-suppression? boolean 811 | | +--rw nd-proxy? boolean 812 | | +--rw nd-suppression? boolean 813 | | +--rw underlay-multicast? boolean 814 | | +--rw flood-unknown-unicast-supression? boolean 815 | | +--rw vpws-vlan-aware? boolean 816 | | +--rw bum-management 817 | | | +--rw discard-broadcast? boolean 818 | | | +--rw discard-unknown-multicast? boolean 819 | | | +--rw discard-unknown-unicast? boolean 820 | | +--rw pbb 821 | | +--rw backbone-src-mac? yang:mac-address 822 | +--:(ldp) 823 | | +--rw t-ldp-pwe-type? identityref 824 | | +--rw encapsulation-type? identityref 825 | | +--rw mtu-pwe? uint16 826 | | +--rw ac-pw-list* [peer-addr vc-id] 827 | | | +--rw peer-addr inet:ip-address 828 | | | +--rw vc-id vpn-common:vpn-id 829 | | | +--rw pw-type? identityref 830 | | | +--rw pw-priority? uint32 831 | | +--rw qinq 832 | | +--rw s-tag? uint32 833 | | +--rw c-tag? uint32 834 | +--:(l2tp-pwe) 835 | +--rw TBD-type? identityref 836 | +--rw XXXencapsulation-type? identityref 837 | +--rw XXXXac-pw-list* [peer-addr vc-id] 838 | +--rw peer-addr inet:ip-address 839 | +--rw vc-id string 840 | +--rw pw-priority? uint32 841 ... 843 Figure 7 845 6.3.2.2. VPN Network Access 847 A 'vpn-network-access' represents an entry point to a VPN service . 848 In other words, this container encloses the parameters that describe 849 the access information for the traffic that belongs to a particular 850 L2VPN. As such, every 'vpn-network-access' MUST belong to one and 851 only one 'vpn-node'. 853 A 'vpn-network-access' includes information such as the connection on 854 which the access is defined , the specific layer 2 service 855 requirements, etc. 857 The VPN network access is comprised of: 859 'id': Identifier of the VPN network access. 861 'description': Text describing the VPN network access. 863 'status': Administrative and operational status of the service. 865 'ethernet-service-oam': Carries information about the service OAM. 867 +--rw vpn-network-accesses 868 +--rw vpn-network-access* [id] 869 +--rw id vpn-common:vpn-id 870 +--rw description? string 871 +--rw port-id? vpn-common:vpn-id 872 +--rw global-parameters-profile? leafref 873 +--rw status 874 | +--rw admin-status 875 | | +--rw status? identityref 876 | | +--rw last-updated? yang:date-and-time 877 | +--ro oper-status 878 | +--ro status? identityref 879 | +--ro last-updated? yang:date-and-time 880 +--rw connection 881 | ... 882 +--rw TO-SIMPLFY-diversity-redundancy-TO-SIMPLFY 883 | +--rw access-diversity {vpn-common:placement-diversity}? 884 | | +--rw groups 885 | | +--rw group* [group-id] 886 | | +--rw group-id string 887 | | +--rw fate-sharing-group-size? uint16 888 | | +--rw group-color? string 889 | | +--rw ethernet-segment-identifier? yang:hex-string 890 | | +--rw esi-redundancy-mode? identityref 891 | +--rw constraints 892 | | +--rw constraint* [constraint-type] 893 | | +--rw constraint-type identityref 894 | | +--rw target 895 | | +--rw (target-flavor)? 896 | | +--:(id) 897 | | | +--rw group* [group-id] 898 | | | +--rw group-id string 899 | | +--:(all-accesses) 900 | | | +--rw all-other-accesses? empty 901 | | +--:(all-groups) 902 | | +--rw all-other-groups? empty 903 | +--rw availability 904 | | +--rw access-priority? uint32 905 | | +--rw (redundancy-mode)? 906 | | +--:(single-active) 907 | | | +--rw single-active? boolean 908 | | +--:(all-active) 909 | | +--rw all-active? boolean 910 | +--rw precedence 911 | +--rw precedence? identityref 912 +--rw ethernet-service-oam 913 | +--rw md-name? string 914 | +--rw md-level? uint8 915 | +--rw cfm-802.1-ag 916 | | +--rw n2-uni-c* [maid] 917 | | | +--rw maid string 918 | | | +--rw mep-id? uint32 919 | | | +--rw mep-level? uint32 920 | | | +--rw mep-up-down? enumeration 921 | | | +--rw remote-mep-id? uint32 922 | | | +--rw cos-for-cfm-pdus? uint32 923 | | | +--rw ccm-interval? uint32 924 | | | +--rw ccm-holdtime? uint32 925 | | | +--rw ccm-p-bits-pri? 926 | | | vpn-common:ccm-priority-type 927 | | +--rw n2-uni-n* [maid] 928 | | +--rw maid string 929 | | +--rw mep-id? uint32 930 | | +--rw mep-level? uint32 931 | | +--rw mep-up-down? enumeration 932 | | +--rw remote-mep-id? uint32 933 | | +--rw cos-for-cfm-pdus? uint32 934 | | +--rw ccm-interval? uint32 935 | | +--rw ccm-holdtime? uint32 936 | | +--rw ccm-p-bits-pri? 937 | | vpn-common:ccm-priority-type 938 | +--rw y-1731* [maid] 939 | +--rw maid string 940 | +--rw mep-id? uint32 941 | +--rw type? identityref 942 | +--rw remote-mep-id? uint32 943 | +--rw message-period? uint32 944 | +--rw measurement-interval? 945 | | uint32 946 | +--rw cos? uint32 947 | +--rw loss-measurement? 948 | | boolean 949 | +--rw synthethic-loss-measurement? 950 | | boolean 951 | +--rw delay-measurement 952 | | +--rw enable-dm? boolean 953 | | +--rw two-way? boolean 954 | +--rw frame-size? uint32 955 | +--rw session-type? enumeration 956 ... 958 Figure 8 960 6.3.2.2.1. Connection 962 The connection container is used to configure the relevant properties 963 of the interface that is attached to the VPN, for example the 964 encapsulation type, the physical interface or creating a lag. 966 +--rw connection 967 +--rw encapsulation-type? identityref 968 +--rw eth-inf-type* identityref 969 +--rw dot1q-interface 970 | +--rw l2-access-type? identityref 971 | +--rw dot1q {vpn-common:dot1q}? 972 | | +--rw physical-inf? string 973 | | +--rw c-vlan-id? uint32 974 | +--rw qinq {vpn-common:qinq}? 975 | | +--rw s-vlan-id? uint32 976 | | +--rw c-vlan-id? uint32 977 | +--rw qinany {vpn-common:qinany}? 978 | | +--rw s-vlan-id? uint32 979 | +--rw vxlan {vxlan}? 980 | +--rw vni-id? uint32 981 | +--rw peer-mode? identityref 982 | +--rw peer-list* [peer-ip] 983 | +--rw peer-ip inet:ip-address 984 +--rw phy-interface 985 | +--rw port-number? uint32 986 | +--rw port-speed? uint32 987 | +--rw mode? 988 | | vpn-common:neg-mode 989 | +--rw phy-mtu? uint32 990 | +--rw flow-control? string 991 | +--rw oam-802.3ah-link {oam-3ah}? 992 | | +--rw enable? boolean 993 | +--rw uni-loop-prevention? boolean 994 +--rw lag-interface 995 | {vpn-common:lag-interface}? 996 | +--rw lag-interface* 997 | [lag-interface-number] 998 | +--rw lag-interface-number uint32 999 | +--rw lacp 1000 | +--rw lacp-state? boolean 1001 | +--rw lacp-mode? boolean 1002 | +--rw lacp-speed? boolean 1003 | +--rw mini-link? uint32 1004 | +--rw system-priority? uint16 1005 | +--rw member-link-list 1006 | | +--rw member-link* [name] 1007 | | +--rw name string 1008 | | +--rw port-speed? 1009 | | | uint32 1010 | | +--rw mode? 1011 | | | vpn-common:neg-mode 1012 | | +--rw link-mtu? uint32 1013 | | +--rw oam-802.3ah-link 1014 | | {oam-3ah}? 1015 | | +--rw enable? boolean 1016 | +--rw flow-control? string 1017 | +--rw lldp? boolean 1018 +--rw cvlan-id-to-svc-map* [svc-id] 1019 | +--rw svc-id leafref 1020 | +--rw cvlan-id* [vid] 1021 | +--rw vid uint32 1022 +--rw split-horizon 1023 +--rw group-name? string 1025 Figure 9 1027 6.3.2.2.2. Services 1029 This container is used to indicate the details of the ethernet 1030 service such as bandwidth or qos. 1032 +--rw service 1033 +--rw mtu? uint32 1034 +--rw svc-input-bandwidth {vpn-common:input-bw}? 1035 | +--rw input-bandwidth* [type] 1036 | +--rw type identityref 1037 | +--rw cos-id? uint8 1038 | +--rw cir? uint64 1039 | +--rw cbs? uint64 1040 | +--rw eir? uint64 1041 | +--rw ebs? uint64 1042 | +--rw pir? uint64 1043 | +--rw pbs? uint64 1044 +--rw svc-output-bandwidth {output-bw}? 1045 | +--rw output-bandwidth* [type] 1046 | +--rw type identityref 1047 | +--rw cos-id? uint8 1048 | +--rw cir? uint64 1049 | +--rw cbs? uint64 1050 | +--rw eir? uint64 1051 | +--rw ebs? uint64 1052 | +--rw pir? uint64 1053 | +--rw pbs? uint64 1054 +--rw qos {vpn-common:qos}? 1055 | +--rw qos-classification-policy 1056 | | +--rw rule* [id] 1057 | | +--rw id string 1058 | | +--rw (match-type)? 1059 | | | +--:(match-flow) 1060 | | | | +--rw match-flow 1061 | | | | +--rw dscp? inet:dscp 1062 | | | | +--rw dot1q? uint16 1063 | | | | +--rw pcp? uint8 1064 | | | | +--rw src-mac? yang:mac-address 1065 | | | | +--rw dst-mac? yang:mac-address 1066 | | | | +--rw color-type? identityref 1067 | | | | +--rw any? empty 1068 | | | +--:(match-application) 1069 | | | +--rw match-application? identityref 1070 | | +--rw target-class-id? string 1071 | +--rw qos-profile 1072 | +--rw qos-profile* [profile] 1073 | +--rw profile leafref 1074 | +--rw direction? identityref 1075 +--rw mac-policies 1076 | +--rw access-control-list 1077 | | +--rw mac* [mac-address] 1078 | | +--rw mac-address yang:mac-address 1079 | +--rw mac-loop-prevention 1080 | | +--rw frequency? uint32 1081 | | +--rw protection-type? identityref 1082 | | +--rw number-retries? uint32 1083 | +--rw mac-addr-limit 1084 | +--rw mac-num-limit? uint16 1085 | +--rw time-interval? uint32 1086 | +--rw action? identityref 1087 +--rw broadcast-unknown-unicast-multicast 1088 +--rw multicast-site-type? enumeration 1089 +--rw multicast-gp-address-mapping* [id] 1090 | +--rw id uint16 1091 | +--rw vlan-id? uint32 1092 | +--rw mac-gp-address? yang:mac-address 1093 | +--rw port-lag-number? uint32 1094 +--rw bum-overall-rate? uint32 1096 Figure 10 1098 7. YANG Module 1100 file "ietf-l2vpn-ntw@2021-04-29.yang" 1101 module ietf-l2vpn-ntw { 1102 yang-version 1.1; 1103 namespace "urn:ietf:params:xml:ns:yang:ietf-l2vpn-ntw"; 1104 prefix l2vpn-ntw; 1106 import ietf-inet-types { 1107 prefix inet; 1108 reference 1109 "Section 4 of RFC 6991"; 1110 } 1111 import ietf-yang-types { 1112 prefix yang; 1113 reference 1114 "Section 3 of RFC 6991"; 1115 } 1116 import ietf-vpn-common { 1117 prefix vpn-common; 1118 reference 1119 "RFC CCCC: A Layer 2/3 VPN Common YANG Model"; 1120 } 1122 organization 1123 "IETF OPSA (Operations and Management Area) Working Group"; 1124 contact 1125 "WG Web: 1126 WG List: 1128 Editor: Samier Barguil 1129 1130 Editor: Oscar Gonzalez de Dios 1131 1132 Editor: Mohamed Boucadair 1133 "; 1134 description 1135 "This YANG module defines a generic network model 1136 for Layer 2 VPN services. 1138 Copyright (c) 2021 IETF Trust and the persons identified as 1139 authors of the code. All rights reserved. 1141 Redistribution and use in source and binary forms, with or 1142 without modification, is permitted pursuant to, and subject 1143 to the license terms contained in, the Simplified BSD License 1144 set forth in Section 4.c of the IETF Trust's Legal Provisions 1145 Relating to IETF Documents 1146 (http://trustee.ietf.org/license-info). 1148 This version of this YANG module is part of RFC XXXX; see 1149 the RFC itself for full legal notices."; 1151 revision 2021-04-29 { 1152 description 1153 "Initial version."; 1154 reference 1155 "RFC XXXX: A Layer 2 VPN Network YANG Model."; 1156 } 1158 /* Features */ 1160 feature multicast-like { 1161 description 1162 "Indicates the support of multicast-like capabilities 1163 in a L2VPN."; 1164 } 1165 feature target-sites { 1166 description 1167 "Indicates the support of 'target-sites' match flow 1168 parameter."; 1169 } 1171 feature l2cp-control { 1172 description 1173 "Indicates the support of L2CP control."; 1174 } 1176 feature output-bw { 1177 description 1178 "Indicates the support of Output Bandwidth in 1179 a VPN"; 1180 } 1182 feature uni-list { 1183 description 1184 "Indicates thesupport of UNI list in a VPN."; 1185 } 1187 feature oam-3ah { 1188 description 1189 "Indicates the support of OAM 802.3ah."; 1190 } 1192 feature micro-bfd { 1193 description 1194 "Indicates the support of Micro-BFD."; 1195 } 1197 feature signaling-options { 1198 description 1199 "Indicates the support of signalling option."; 1200 } 1202 feature always-on { 1203 description 1204 "Indicates the support for always-on access 1205 constraint."; 1206 } 1208 feature requested-type { 1209 description 1210 "Indicates the support for requested-type access 1211 constraint."; 1212 } 1213 feature vlan { 1214 description 1215 "Indicates the support of VLAN."; 1216 } 1218 feature sub-inf { 1219 description 1220 "Indicates the support of Sub Interface."; 1221 } 1223 feature atm { 1224 description 1225 "Indicates the support of ATM."; 1226 } 1228 feature vxlan { 1229 description 1230 "Indicates the support of VxLAN."; 1231 } 1233 feature lan-tag { 1234 description 1235 "Indicates the LAN Tag support in a VPN."; 1236 } 1238 /* Typedefs */ 1239 /* Identities */ 1241 identity evpn-redundancy-mode { 1242 description 1243 "Base identity for EVPN redundancy modes."; 1244 } 1246 identity single-active { 1247 base evpn-redundancy-mode; 1248 description 1249 "Indicates Single-Active redundancy mode for 1250 a given Ethernet Segment (ES)."; 1251 reference 1252 "RFC 7432: BGP MPLS-Based Ethernet VPN, Section 14.1.1"; 1253 } 1255 identity all-active { 1256 base evpn-redundancy-mode; 1257 description 1258 "Indicates All-Active redundancy mode for 1259 a given Ethernet Segment (ES)."; 1260 reference 1261 "RFC 7432: BGP MPLS-Based Ethernet VPN, Section 14.1.2"; 1262 } 1264 identity evpn-service-type { 1265 description 1266 "Base identity for EVPN service type."; 1267 } 1269 identity vlan-based-service-interface { 1270 base evpn-redundancy-mode; 1271 description 1272 "VLAN-Based Service Interface."; 1273 reference 1274 "RFC 7432: BGP MPLS-Based Ethernet VPN, Section 6.1"; 1275 } 1277 identity vlan-bundle-service-interface { 1278 base evpn-redundancy-mode; 1279 description 1280 "VLAN Bundle Service Interface."; 1281 reference 1282 "RFC 7432: BGP MPLS-Based Ethernet VPN, Section 6.2"; 1283 } 1285 identity vlan-aware-bundle-service-interface { 1286 base evpn-redundancy-mode; 1287 description 1288 "VLAN-Aware Bundle Service Interface."; 1289 reference 1290 "RFC 7432: BGP MPLS-Based Ethernet VPN, Section 6.3"; 1291 } 1293 identity mapping-type { 1294 base vpn-common:multicast-gp-address-mapping; 1295 description 1296 "Identity for mapping type."; 1297 } 1299 identity protection-mode { 1300 description 1301 "Identity of protection mode"; 1302 } 1304 identity oneplusone { 1305 base protection-mode; 1306 description 1307 "In this scheme, the primary circuit will be 1308 protected by a backup circuit, typically meeting certain 1309 diverse path/fiber/site/node criteria. Both primary and 1310 protection circuits are provisioned to be in the active 1311 forward ing state. The subscriber may choose to send the 1312 same service frames across both circuits simultaneously."; 1313 } 1315 identity one-to-one { 1316 base protection-mode; 1317 description 1318 "In this scheme, a backup circuit to the primary 1319 circuit is provisioned. Depending on the implementation 1320 agreement, the protection circuits may either always be 1321 in active forwarding state, or may only become active when 1322 a faulty state is detected on the primary circuit."; 1323 } 1325 identity bundling-type { 1326 description 1327 "The base identity for the bundling type. It supports 1328 multiple CE-VLANs associated with an L2VPN service or 1329 all CE-VLANs associated with an L2VPN service."; 1330 } 1332 identity multi-svc-bundling { 1333 base bundling-type; 1334 description 1335 "Identity for multi-service bundling, i.e., 1336 multiple CE-VLAN IDs can be associated with an 1337 L2VPN service at a site."; 1338 } 1340 identity one2one-bundling { 1341 base bundling-type; 1342 description 1343 "Identity for one-to-one service bundling, i.e., 1344 each L2VPN can be associated with only one CE-VLAN ID 1345 at a site."; 1346 } 1348 identity all2one-bundling { 1349 base bundling-type; 1350 description 1351 "Identity for all-to-one bundling, i.e., all CE-VLAN IDs 1352 are mapped to one L2VPN service."; 1353 } 1355 identity color-id { 1356 description 1357 "Base identity of the color ID."; 1358 } 1360 identity color-id-cvlan { 1361 base color-id; 1362 description 1363 "Identity of the color ID based on a CVLAN."; 1364 } 1366 identity color-type { 1367 description 1368 "Identity of color types."; 1369 } 1371 identity green { 1372 base color-type; 1373 description 1374 "Identity of the 'green' color type."; 1375 } 1377 identity yellow { 1378 base color-type; 1379 description 1380 "Identity of the 'yellow' color type."; 1381 } 1383 identity red { 1384 base color-type; 1385 description 1386 "Identity of the 'red' color type."; 1387 } 1389 identity perf-tier-opt { 1390 description 1391 "Identity of performance tier option."; 1392 } 1394 identity metro { 1395 base perf-tier-opt; 1396 description 1397 "Identity of metro"; 1398 } 1400 identity regional { 1401 base perf-tier-opt; 1402 description 1403 "Identity of regional"; 1404 } 1405 identity continental { 1406 base perf-tier-opt; 1407 description 1408 "Identity of continental"; 1409 } 1411 identity global { 1412 base perf-tier-opt; 1413 description 1414 "Identity of global"; 1415 } 1417 identity policing { 1418 description 1419 "Identity of policing type"; 1420 } 1422 identity one-rate-two-color { 1423 base policing; 1424 description 1425 "Identity of one-rate, two-color (1R2C)"; 1426 } 1428 identity two-rate-three-color { 1429 base policing; 1430 description 1431 "Identity of two-rate, three-color (2R3C)"; 1432 } 1434 identity loop-prevention-type { 1435 description 1436 "Identity of loop prevention."; 1437 } 1439 identity shut { 1440 base loop-prevention-type; 1441 description 1442 "Identity of shut protection."; 1443 } 1445 identity trap { 1446 base loop-prevention-type; 1447 description 1448 "Identity of trap protection."; 1449 } 1451 identity t-ldp-pwe-type { 1452 description 1453 "Identity for t-ldp-pwe-type."; 1454 } 1456 identity vpws-type { 1457 base t-ldp-pwe-type; 1458 description 1459 "Identity for VPWS"; 1460 } 1462 identity vpls-type { 1463 base t-ldp-pwe-type; 1464 description 1465 "Identity for vpls"; 1466 } 1468 identity hvpls { 1469 base t-ldp-pwe-type; 1470 description 1471 "Identity for h-vpls"; 1472 } 1474 identity l2vpn-type { 1475 description 1476 "Layer 2 VPN types"; 1477 } 1479 identity l2vpn-vpws { 1480 base l2vpn-type; 1481 description 1482 "VPWS L2VPN type."; 1483 } 1485 identity l2vpn-vpls { 1486 base l2vpn-type; 1487 description 1488 "VPLS L2VPN type."; 1489 } 1491 identity distribute-vpls { 1492 base l2vpn-type; 1493 description 1494 "distribute VPLS L2VPN type."; 1495 } 1497 identity evpn-type { 1498 description 1499 "Ethernet VPN types"; 1500 } 1501 identity evpn-vpws { 1502 base evpn-type; 1503 description 1504 "VPWS support in EVPN."; 1505 } 1507 identity evpn-pbb { 1508 base evpn-type; 1509 description 1510 " Provider Backbone Bridging Support in EVPN."; 1511 } 1513 identity pm-type { 1514 description 1515 "Performance-monitoring type."; 1516 } 1518 identity loss { 1519 base pm-type; 1520 description 1521 "Loss measurement."; 1522 } 1524 identity delay { 1525 base pm-type; 1526 description 1527 "Delay measurement."; 1528 } 1530 identity mac-learning-mode { 1531 description 1532 "MAC learning mode."; 1533 } 1535 identity data-plane { 1536 base mac-learning-mode; 1537 description 1538 "User MAC addresses are learned through ARP broadcast."; 1539 } 1541 identity control-plane { 1542 base mac-learning-mode; 1543 description 1544 "User MAC addresses are advertised through EVPN-BGP."; 1545 } 1547 identity mac-action { 1548 description 1549 "Base identity for a MAC action."; 1550 } 1552 identity drop { 1553 base mac-action; 1554 description 1555 "Identity for dropping a packet."; 1556 } 1558 identity flood { 1559 base mac-action; 1560 description 1561 "Identity for packet flooding."; 1562 } 1564 identity warning { 1565 base mac-action; 1566 description 1567 "Identity for sending a warning log message."; 1568 } 1570 identity load-balance-method { 1571 description 1572 "Base identity for load balance method."; 1573 } 1575 identity fat-pw { 1576 base load-balance-method; 1577 description 1578 "Identity for Fat PW. Fat label is 1579 applied to Pseudowires across MPLS 1580 network."; 1581 } 1583 identity entropy-label { 1584 base load-balance-method; 1585 description 1586 "Identity for entropy label.Entropy label 1587 is applied to IP forwarding, 1588 L2VPN or L3VPN across MPLS network"; 1589 } 1591 identity vxlan-source-port { 1592 base load-balance-method; 1593 description 1594 "Identity for vxlan source port.VxLAN 1595 Source Port is one load balancing method."; 1596 } 1597 identity precedence-type { 1598 description 1599 "Redundancy type. The service can be created 1600 with active and bakcup signalization."; 1601 } 1603 identity primary { 1604 base precedence-type; 1605 description 1606 "Identifies the Main L2VPN."; 1607 } 1609 identity backup { 1610 base precedence-type; 1611 description 1612 "Identifies the Backup L2VPN."; 1613 } 1615 /* Groupings */ 1617 grouping cfm-802-grouping { 1618 description 1619 "Grouping for 802.1ag CFM attribute"; 1620 leaf maid { 1621 type string; 1622 description 1623 "MA ID"; 1624 } 1625 leaf mep-id { 1626 type uint32; 1627 description 1628 "Local MEP ID"; 1629 } 1630 leaf mep-level { 1631 type uint32; 1632 description 1633 "MEP level"; 1634 } 1635 leaf mep-up-down { 1636 type enumeration { 1637 enum up { 1638 description 1639 "MEP up"; 1640 } 1641 enum down { 1642 description 1643 "MEP down"; 1644 } 1646 } 1647 description 1648 "MEP up/down"; 1649 } 1650 leaf remote-mep-id { 1651 type uint32; 1652 description 1653 "Remote MEP ID"; 1654 } 1655 leaf cos-for-cfm-pdus { 1656 type uint32; 1657 description 1658 "COS for CFM PDUs"; 1659 } 1660 leaf ccm-interval { 1661 type uint32; 1662 description 1663 "CCM interval"; 1664 } 1665 leaf ccm-holdtime { 1666 type uint32; 1667 description 1668 "CCM hold time"; 1669 } 1670 leaf ccm-p-bits-pri { 1671 type vpn-common:ccm-priority-type; 1672 description 1673 "The priority parameter for CCMs transmitted by the MEP"; 1674 } 1675 } 1677 grouping y-1731 { 1678 description 1679 "Grouping for y.1731"; 1680 list y-1731 { 1681 key "maid"; 1682 description 1683 "List for y-1731."; 1684 leaf maid { 1685 type string; 1686 description 1687 "MA ID "; 1688 } 1689 leaf mep-id { 1690 type uint32; 1691 description 1692 "Local MEP ID"; 1693 } 1694 leaf type { 1695 type identityref { 1696 base pm-type; 1697 } 1698 description 1699 "Performance monitor types"; 1700 } 1701 leaf remote-mep-id { 1702 type uint32; 1703 description 1704 "Remote MEP ID"; 1705 } 1706 leaf message-period { 1707 type uint32; 1708 description 1709 "Defines the interval between OAM messages. The message 1710 period is expressed in milliseconds"; 1711 } 1712 leaf measurement-interval { 1713 type uint32; 1714 description 1715 "Specifies the measurement interval for statistics. The 1716 measurement interval is expressed in seconds"; 1717 } 1718 leaf cos { 1719 type uint32; 1720 description 1721 "Class of service"; 1722 } 1723 leaf loss-measurement { 1724 type boolean; 1725 description 1726 "Whether enable loss measurement"; 1727 } 1728 leaf synthethic-loss-measurement { 1729 type boolean; 1730 description 1731 "Indicate whether enable synthetic loss measurement"; 1732 } 1733 container delay-measurement { 1734 description 1735 "Container for delay measurement"; 1736 leaf enable-dm { 1737 type boolean; 1738 description 1739 "Whether to enable delay measurement"; 1740 } 1741 leaf two-way { 1742 type boolean; 1743 description 1744 "Whether delay measurement is two-way (true) of one- 1745 way (false)"; 1746 } 1747 } 1748 leaf frame-size { 1749 type uint32; 1750 description 1751 "Frame size"; 1752 } 1753 leaf session-type { 1754 type enumeration { 1755 enum proactive { 1756 description 1757 "Proactive mode"; 1758 } 1759 enum on-demand { 1760 description 1761 "On demand mode"; 1762 } 1763 } 1764 description 1765 "Session type"; 1766 } 1767 } 1768 } 1770 /// 1772 grouping global-parameters-profile { 1773 description 1774 "Container for per-service paramters."; 1775 leaf svc-mtu { 1776 type uint32; 1777 description 1778 "SVC MTU, it is also known as the maximum transmission unit 1779 or maximum frame size,When a frame is larger than the MTU, 1780 it is broken down, or fragmented, into smaller pieces by the 1781 network protocol to accommodate the MTU of the network"; 1782 } 1783 leaf ce-vlan-preservation { 1784 type boolean; 1785 description 1786 "Preserve the CE-VLAN ID from ingress to egress,i.e., 1787 CE-VLAN tag of the egress frame are identical to 1788 those of the ingress frame that yielded this egress 1789 service frame. If All-to-One bundling within a site 1790 is Enabled, then preservation applies to all Ingress 1791 service frames. If All-to-One bundling is Disabled, 1792 then preservation applies to tagged Ingress service 1793 frames having CE-VLAN ID 1 through 4094."; 1794 } 1795 leaf ce-vlan-cos-perservation { 1796 type boolean; 1797 description 1798 "CE vlan CoS preservation. PCP bits in the CE-VLAN tag 1799 of the egress frame are identical to those of the ingress 1800 frame that yielded this egress service frame."; 1801 } 1802 leaf control-word-negotiation { 1803 type boolean; 1804 description 1805 "Controls whether Control-word negotiation is enabled 1806 (if set to true) or not (if set to false)."; 1807 reference 1808 "Section 7 of RFC8077"; 1809 } 1810 container mac-policies { 1811 description 1812 "Container of MAC policies."; 1813 container mac-addr-limit { 1814 description 1815 "Container of MAC-Addr limit configuration."; 1816 leaf mac-num-limit { 1817 type uint16; 1818 description 1819 "Maximum number of MAC addresses learned from 1820 the customer for a single service instance."; 1821 } 1822 leaf time-interval { 1823 type uint32; 1824 units "milliseconds"; 1825 description 1826 "The aging time of the mac address."; 1827 } 1828 leaf action { 1829 type identityref { 1830 base mac-action; 1831 } 1832 description 1833 "Specifies the action when the upper limit is 1834 exceeded: drop the packet, flood the 1835 packet, or simply send a warning log message."; 1836 } 1837 } 1838 container mac-loop-prevention { 1839 description 1840 "Container of MAC loop prevention."; 1841 leaf frequency { 1842 type uint32; 1843 description 1844 "Frequency"; 1845 } 1846 leaf protection-type { 1847 type identityref { 1848 base loop-prevention-type; 1849 } 1850 description 1851 "Protection type"; 1852 } 1853 leaf number-retries { 1854 type uint32; 1855 description 1856 "Number of retries"; 1857 } 1858 } 1859 } 1860 container multicast-like { 1861 if-feature "vpn-common:multicast"; 1862 description 1863 "Multicast like container"; 1864 leaf enabled { 1865 type boolean; 1866 default "false"; 1867 description 1868 "Enables multicast."; 1869 } 1870 container customer-tree-flavors { 1871 description 1872 "Type of trees used by customer."; 1873 leaf-list tree-flavor { 1874 type identityref { 1875 base vpn-common:multicast-tree-type; 1876 } 1877 description 1878 "Type of tree to be used."; 1879 } 1880 } 1881 } 1882 } 1884 /* Main L2NM Container */ 1885 container l2vpn-ntw { 1886 description 1887 "Container for L2NM."; 1888 container vpn-profiles { 1889 description 1890 "Container for VPN profiles."; 1891 uses vpn-common:vpn-profile-cfg; 1892 } 1893 container vpn-services { 1894 description 1895 "Container for L2VPN service"; 1896 list vpn-service { 1897 key "vpn-id"; 1898 description 1899 "Container of port configurations"; 1900 uses vpn-common:vpn-description; 1901 leaf parent-service-id { 1902 type vpn-common:vpn-id; 1903 description 1904 "Pointer to the parent service that 1905 triggered the L2NM."; 1906 } 1907 leaf vpn-svc-type { 1908 type identityref { 1909 base vpn-common:service-type; 1910 } 1911 description 1912 "Service type"; 1913 } 1914 leaf svc-topo { 1915 type identityref { 1916 base vpn-common:vpn-topology; 1917 } 1918 description 1919 "Defining service topology, such as 1920 any-to-any, hub-spoke, etc."; 1921 } 1922 container global-parameters-profiles { 1923 description 1924 "Container for a list of VPN instance profiles."; 1925 list global-parameters-profile { 1926 key "profile-id"; 1927 description 1928 "List of XXX."; 1929 leaf profile-id { 1930 type string; 1931 description 1932 "profile identifier."; 1934 } 1935 uses global-parameters-profile; 1936 } 1937 } 1938 container underlay-transport { 1939 description 1940 "Container for underlay transport."; 1941 uses vpn-common:underlay-transport; 1942 } 1943 uses vpn-common:service-status; 1944 container vpn-nodes { 1945 description 1946 "Set fo VPN nodes that are involved in the L2NM."; 1947 list vpn-node { 1948 key "vpn-node-id"; 1949 description 1950 "Container of VPN Nodes."; 1951 leaf vpn-node-id { 1952 type vpn-common:vpn-id; 1953 description 1954 "VPN Node indentifier"; 1955 } 1956 leaf description { 1957 type string; 1958 description 1959 "Textual description of a VPN node."; 1960 } 1961 leaf ne-id { 1962 type string; 1963 description 1964 "NE IP address"; 1965 } 1966 leaf role { 1967 type identityref { 1968 base vpn-common:role; 1969 } 1970 default "vpn-common:any-to-any-role"; 1971 description 1972 "Role of the VPN node in the VPN."; 1973 } 1974 container active-global-parameters-profiles { 1975 description 1976 "Container for a list of VPN instance profiles."; 1977 list global-parameters-profile { 1978 key "profile-id"; 1979 description 1980 "List of XXX."; 1981 leaf profile-id { 1982 type leafref { 1983 path "/l2vpn-ntw/vpn-services/vpn-service" 1984 + "/global-parameters-profiles" 1985 + "/global-parameters-profile/profile-id"; 1986 } 1987 description 1988 "XXXX."; 1989 } 1990 uses global-parameters-profile; 1991 } 1992 } 1993 uses vpn-common:service-status; 1994 list signaling-options { 1995 key "type"; 1996 description 1997 "List of VPN signaling options."; 1998 leaf type { 1999 type identityref { 2000 base vpn-common:vpn-signaling-type; 2001 } 2002 description 2003 "VPN signaling types."; 2004 } 2005 choice signaling-option { 2006 description 2007 "Choice for the signaling-option."; 2008 case bgp { 2009 when "./type = 'vpn-common:bgp-signaling'" { 2010 description 2011 "Only applies when VPN signaling type is 2012 BGP."; 2013 } 2014 description 2015 "xxx."; 2016 uses vpn-common:route-distinguisher; 2017 uses vpn-common:vpn-route-targets; 2018 choice l2vpn-bgp { 2019 description 2020 "Container for MP BGP L2VPN."; 2021 leaf pwe-encapsulation-type { 2022 type identityref { 2023 base vpn-common:encapsulation-type; 2024 } 2025 description 2026 "PWE encapsulation type."; 2027 } 2028 container pwe-mtu { 2029 description 2030 "Container of PWE MTU configurations."; 2031 leaf allow-mtu-mismatch { 2032 type boolean; 2033 description 2034 "When set to true, it allows MTU mismatch."; 2035 } 2036 } 2037 } 2038 choice evpn-bgp { 2039 description 2040 "Container for MP BGP L2VPN."; 2041 leaf evpn-type { 2042 type identityref { 2043 base evpn-type; 2044 } 2045 description 2046 "EVPN type."; 2047 } 2048 leaf service-interface-type { 2049 type identityref { 2050 base evpn-service-type; 2051 } 2052 description 2053 "EVPN service interface type."; 2054 } 2055 container common { 2056 description 2057 "MAC address managment attributes in the 2058 EVPN configuration"; 2059 leaf mac-learning-mode { 2060 type identityref { 2061 base mac-learning-mode; 2062 } 2063 description 2064 "Indicates through which plane MAC addresses are 2065 advertised."; 2066 } 2067 leaf ingress-replication { 2068 type boolean; 2069 description 2070 "ingress-replication"; 2071 } 2072 leaf p2mp-replication { 2073 type boolean; 2074 description 2075 "p2mp-replication"; 2076 } 2077 leaf arp-proxy { 2078 type boolean; 2079 default "false"; 2080 description 2081 "Enable (TRUE) or disable (FALSE) ARP proxy"; 2082 } 2083 leaf arp-suppression { 2084 type boolean; 2085 default "false"; 2086 description 2087 "Enable (TRUE) or disable (FALSE) ARP suppression"; 2088 } 2089 leaf nd-proxy { 2090 type boolean; 2091 default "false"; 2092 description 2093 "Enable (TRUE) or disable (FALSE) ND proxy"; 2094 } 2095 leaf nd-suppression { 2096 type boolean; 2097 default "false"; 2098 description 2099 "Enable (TRUE) or disable (FALSE) ND suppression"; 2100 } 2101 leaf underlay-multicast { 2102 type boolean; 2103 default "false"; 2104 description 2105 "Enable (TRUE) or disable (FALSE) underlay multicast"; 2106 } 2107 leaf flood-unknown-unicast-supression { 2108 type boolean; 2109 default "false"; 2110 description 2111 "Enable (TRUE) or disable (FALSE) flood unknown 2112 unicast suppression"; 2113 } 2114 leaf vpws-vlan-aware { 2115 type boolean; 2116 default "false"; 2117 description 2118 "Enable (True) or disable (False) VPWS VLAN aware"; 2119 } 2120 container bum-management { 2121 description 2122 "broadcast-unknown-unicast-multicast management"; 2123 leaf discard-broadcast { 2124 type boolean; 2125 description 2126 "Broadcast management."; 2127 } 2128 leaf discard-unknown-multicast { 2129 type boolean; 2130 description 2131 "Broadcast management."; 2132 } 2133 leaf discard-unknown-unicast { 2134 type boolean; 2135 description 2136 "Unicast management."; 2137 } 2138 } 2139 container pbb { 2140 description 2141 "PBB parameters container"; 2142 reference 2143 "IEEE 802.1ah Provider Backbone Bridge"; 2144 leaf backbone-src-mac { 2145 type yang:mac-address; 2146 description 2147 "backbone-src-mac"; 2148 } 2149 } 2150 } 2151 } 2152 } 2153 case ldp { 2154 when "./type = 'ldp-signaling'" { 2155 description 2156 "Only applies when vpn signaling type is Target LDP."; 2157 } 2158 description 2159 "Container of T-LDP PWE configurations"; 2160 leaf t-ldp-pwe-type { 2161 type identityref { 2162 base t-ldp-pwe-type; 2163 } 2164 description 2165 "T-LDP PWE type"; 2166 } 2167 leaf encapsulation-type { 2168 type identityref { 2169 base vpn-common:encapsulation-type; 2170 } 2171 description 2172 "PWE encapsulation type."; 2173 } 2174 leaf mtu-pwe { 2175 type uint16; 2176 description 2177 "Allow MTU mismatch: TO BE CHECKED"; 2178 } 2179 list ac-pw-list { 2180 key "peer-addr vc-id"; 2181 description 2182 "List of AC and PW bindings."; 2183 leaf peer-addr { 2184 type inet:ip-address; 2185 description 2186 "Indicates the peer's IP address."; 2187 } 2188 leaf vc-id { 2189 type vpn-common:vpn-id; 2190 description 2191 "VC lable used to identify PW."; 2192 } 2193 leaf pw-type { 2194 type identityref { 2195 base vpn-common:vpn-topology; 2196 } 2197 description 2198 "PW topology type."; 2199 } 2200 leaf pw-priority { 2201 type uint32; 2202 description 2203 "Defines the priority for the PW. 2204 The higher the pw-priority value, 2205 the higher the preference of the PW will be."; 2206 } 2207 } 2208 container qinq { 2209 when "../type = 'vpn-common:h-vpls'" { 2210 description 2211 "Only applies when t-ldp pwe type is h-vpls."; 2212 } 2213 description 2214 "Container for QinQ"; 2215 leaf s-tag { 2216 type uint32; 2217 description 2218 "S-TAG"; 2219 } 2220 leaf c-tag { 2221 type uint32; 2222 description 2223 "C-TAG"; 2224 } 2225 } 2226 } 2227 case l2tp-pwe { 2228 when "./type = 'l2tp-signaling'" { 2229 description 2230 "Applies when VPN signaling type is L2TP protocol."; 2231 } 2232 description 2233 "Container for l2tp pw"; 2234 leaf TBD-type { 2235 type identityref { 2236 base t-ldp-pwe-type; 2237 } 2238 description 2239 "T-LDP PWE type."; 2240 } 2241 leaf XXXencapsulation-type { 2242 type identityref { 2243 base vpn-common:encapsulation-type; 2244 } 2245 description 2246 "Encapsulation type."; 2247 } 2248 list XXXXac-pw-list { 2249 key "peer-addr vc-id"; 2250 description 2251 "List of AC and PW bindings."; 2252 leaf peer-addr { 2253 type inet:ip-address; 2254 description 2255 "Indicates the peer's IP address."; 2256 } 2257 leaf vc-id { 2258 type string; 2259 description 2260 "VC lable used to identify PW."; 2261 } 2262 leaf pw-priority { 2263 type uint32; 2264 description 2265 "PW priority."; 2266 } 2267 } 2268 } 2269 } 2271 } 2272 container vpn-network-accesses { 2273 description 2274 "List of VPN Nodes."; 2275 list vpn-network-access { 2276 key "id"; 2277 description 2278 "List of VPN Network Accesses."; 2279 leaf id { 2280 type vpn-common:vpn-id; 2281 description 2282 "Identifier of network access"; 2283 } 2284 leaf description { 2285 type string; 2286 description 2287 "String to describe the element."; 2288 } 2289 leaf port-id { 2290 type vpn-common:vpn-id; 2291 description 2292 "NE Port-id"; 2293 } 2294 leaf global-parameters-profile { 2295 type leafref { 2296 path "/l2vpn-ntw/vpn-services/vpn-service/vpn-nodes" 2297 + "/vpn-node/active-global-parameters-profiles" 2298 + "/global-parameters-profile/profile-id"; 2299 } 2300 description 2301 "An identifier of an active VPN instance profile."; 2302 } 2303 uses vpn-common:service-status; 2304 container connection { 2305 description 2306 "Container for bearer"; 2307 leaf encapsulation-type { 2308 type identityref { 2309 base vpn-common:encapsulation-type; 2310 } 2311 description 2312 "Encapsulation Type"; 2313 } 2314 leaf-list eth-inf-type { 2315 type identityref { 2316 base vpn-common:encapsulation-type; 2317 } 2318 description 2319 "Ethernet interface type."; 2320 } 2321 container encapsulation { 2322 description 2323 "Container for dot1Q Interface"; 2324 leaf l2-access-type { 2325 type identityref { 2326 base vpn-common:encapsulation-type; 2327 } 2328 description 2329 "L2 Access encapsulation type."; 2330 } 2331 container dot1q { 2332 when "../l2-access-type='vpn-common:dot1q'"; 2333 if-feature "vpn-common:dot1q"; 2334 description 2335 "Qot1q"; 2336 leaf physical-inf { 2337 type string; 2338 description 2339 "Physical Interface"; 2340 } 2341 leaf c-vlan-id { 2342 type uint32; 2343 description 2344 "VLAN identifier"; 2345 } 2346 } 2347 container qinq { 2348 when "../l2-access-type='vpn-common:qinq'"; 2349 if-feature "vpn-common:qinq"; 2350 description 2351 "QinQ"; 2352 leaf s-vlan-id { 2353 type uint32; 2354 description 2355 "S-VLAN Identifier"; 2356 } 2357 leaf c-vlan-id { 2358 type uint32; 2359 description 2360 "C-VLAN Identifier"; 2361 } 2362 } 2363 container qinany { 2364 if-feature "vpn-common:qinany"; 2365 description 2366 "Container for Q in Any"; 2368 leaf s-vlan-id { 2369 type uint32; 2370 description 2371 "S-Vlan ID"; 2372 } 2373 } 2374 container vxlan { 2375 when "../l2-access-type='vpn-common:vxlan'"; 2376 if-feature "vxlan"; 2377 description 2378 "QinQ"; 2379 leaf vni-id { 2380 type uint32; 2381 description 2382 "VNI Identifier"; 2383 } 2384 leaf peer-mode { 2385 type identityref { 2386 base vpn-common:vxlan-peer-mode; 2387 } 2388 description 2389 "specify the vxlan access mode"; 2390 } 2391 leaf-list peer-list { 2392 type inet:ip-address; 2393 description 2394 "Peer IP address."; 2395 } 2396 } 2397 } 2398 container phy-interface { 2399 description 2400 "Container of PHY Interface Attributes configurations"; 2401 leaf port-number { 2402 type uint32; 2403 description 2404 "Port number"; 2405 } 2406 leaf port-speed { 2407 type uint32; 2408 description 2409 "Port speed"; 2410 } 2411 leaf mode { 2412 type identityref { 2413 base vpn-common:neg-mode; 2414 } 2415 description 2416 "Negotiation mode"; 2417 } 2418 leaf phy-mtu { 2419 type uint32; 2420 description 2421 "PHY MTU"; 2422 } 2423 leaf flow-control { 2424 type string; 2425 description 2426 "Flow control"; 2427 } 2428 container oam-802.3ah-link { 2429 if-feature "oam-3ah"; 2430 description 2431 "Container for oam 802.3 ah link."; 2432 leaf enable { 2433 type boolean; 2434 description 2435 "Indicate whether support oam 802.3 ah link"; 2436 } 2437 } 2438 leaf uni-loop-prevention { 2439 type boolean; 2440 description 2441 "If this leaf set to truth that the port automatically 2442 goes down when a physical loopback is detect."; 2443 } 2444 } 2445 container lag-interface { 2446 if-feature "vpn-common:lag-interface"; 2447 description 2448 "Container of LAG interface attributes configuration"; 2449 list lag-interface { 2450 key "lag-interface-number"; 2451 description 2452 "List of LAG interfaces"; 2453 leaf lag-interface-number { 2454 type uint32; 2455 description 2456 "LAG interface number"; 2457 } 2458 container lacp { 2459 description 2460 "LACP"; 2461 leaf lacp-state { 2462 type boolean; 2463 description 2464 "LACP on/off"; 2465 } 2466 leaf lacp-mode { 2467 type boolean; 2468 description 2469 "LACP mode"; 2470 } 2471 leaf lacp-speed { 2472 type boolean; 2473 description 2474 "LACP speed"; 2475 } 2476 leaf mini-link { 2477 type uint32; 2478 description 2479 "The minimum aggregate bandwidth for a LAG"; 2480 } 2481 leaf system-id { 2482 type yang:mac-address; 2483 description 2484 "Indicates the System ID used by LACP."; 2485 } 2486 leaf admin-key { 2487 type uint16; 2488 description 2489 "Indicates the value of the key used for the aggregate 2490 interface."; 2491 } 2492 leaf system-priority { 2493 type uint16 { 2494 range "0..65535"; 2495 } 2496 default "32768"; 2497 description 2498 "Indicates the LACP priority for the system."; 2499 } 2500 container member-link-list { 2501 description 2502 "Container of Member link list"; 2503 list member-link { 2504 key "name"; 2505 description 2506 "Member link"; 2507 leaf name { 2508 type string; 2509 description 2510 "Member link name"; 2511 } 2512 leaf port-speed { 2513 type uint32; 2514 description 2515 "Port speed"; 2516 } 2517 leaf mode { 2518 type identityref { 2519 base vpn-common:neg-mode; 2520 } 2521 description 2522 "Negotiation mode"; 2523 } 2524 leaf link-mtu { 2525 type uint32; 2526 description 2527 "Link MTU size."; 2528 } 2529 container oam-802.3ah-link { 2530 if-feature "oam-3ah"; 2531 description 2532 "Container for oam 802.3 ah link."; 2533 leaf enable { 2534 type boolean; 2535 description 2536 "Indicate whether support oam 802.3 ah link"; 2537 } 2538 } 2539 } 2540 } 2541 leaf flow-control { 2542 type string; 2543 description 2544 "Flow control"; 2545 } 2546 leaf lldp { 2547 type boolean; 2548 description 2549 "LLDP"; 2550 } 2551 } 2552 } 2553 } 2554 list cvlan-id-to-svc-map { 2555 key "svc-id"; 2556 description 2557 "List for cvlan-id to L2VPn Service map configurations"; 2558 leaf svc-id { 2559 type leafref { 2560 path "/l2vpn-ntw/vpn-services/vpn-service/vpn-id"; 2561 } 2562 description 2563 "VPN Service identifier"; 2564 } 2565 list cvlan-id { 2566 key "vid"; 2567 description 2568 "List of CVLAN-ID to SVC Map configurations"; 2569 leaf vid { 2570 type uint32; 2571 description 2572 "CVLAN ID"; 2573 } 2574 } 2575 } 2576 container split-horizon { 2577 description 2578 "Configuration with split horizon enabled"; 2579 leaf group-name { 2580 type string; 2581 description 2582 "group-name of the Split Horizon"; 2583 } 2584 } 2585 } 2586 container TO-SIMPLFY-diversity-redundancy-TO-SIMPLFY { 2587 description 2588 "placeholder. TO BE FURTHER WORKED OUT."; 2589 container access-diversity { 2590 if-feature "vpn-common:placement-diversity"; 2591 description 2592 "Diversity parameters."; 2593 container groups { 2594 description 2595 "Groups the fate sharing group member 2596 is belonging to"; 2597 list group { 2598 key "group-id"; 2599 description 2600 "List of group-ids."; 2601 leaf group-id { 2602 type string; 2603 description 2604 "Indicates the Group-id to which the network access 2605 belongs to."; 2606 } 2607 leaf fate-sharing-group-size { 2608 type uint16; 2609 description 2610 "Fate sharing group size."; 2611 } 2612 leaf group-color { 2613 type string; 2614 description 2615 "Group color associated with a particular VPN."; 2616 } 2617 leaf ethernet-segment-identifier { 2618 type yang:hex-string { 2619 length "29"; 2620 } 2621 description 2622 "10-octet Ethernet Segment Identifier (ESI)."; 2623 } 2624 leaf esi-redundancy-mode { 2625 type identityref { 2626 base evpn-redundancy-mode; 2627 } 2628 description 2629 "Indicates the EVPN redundancy mode for 2630 a multihomed CE."; 2631 } 2632 } 2633 } 2634 } 2635 container constraints { 2636 description 2637 "Constraints for placing this site 2638 network access."; 2639 list constraint { 2640 key "constraint-type"; 2641 description 2642 "List of constraints."; 2643 leaf constraint-type { 2644 type identityref { 2645 base vpn-common:placement-diversity; 2646 } 2647 description 2648 "Diversity constraint type."; 2649 } 2650 container target { 2651 description 2652 "The constraint will apply against 2653 this list of groups."; 2654 choice target-flavor { 2655 description 2656 "Choice for the group definition."; 2657 case id { 2658 list group { 2659 key "group-id"; 2660 description 2661 "List of groups"; 2662 leaf group-id { 2663 type string; 2664 description 2665 "The constraint will apply 2666 against this particular 2667 group-id."; 2668 } 2669 } 2670 } 2671 case all-accesses { 2672 leaf all-other-accesses { 2673 type empty; 2674 description 2675 "The constraint will apply 2676 against all other site network 2677 access of this site."; 2678 } 2679 } 2680 case all-groups { 2681 leaf all-other-groups { 2682 type empty; 2683 description 2684 "The constraint will apply 2685 against all other groups the 2686 customer is managing."; 2687 } 2688 } 2689 } 2690 } 2691 } 2692 } 2693 container availability { 2694 description 2695 "Container of availability optional configurations"; 2696 leaf access-priority { 2697 type uint32; 2698 description 2699 "Access priority"; 2700 } 2701 choice redundancy-mode { 2702 description 2703 "Redundancy mode choice"; 2705 case single-active { 2706 description 2707 "Single active case"; 2708 leaf single-active { 2709 type boolean; 2710 description 2711 "Single active"; 2712 } 2713 } 2714 case all-active { 2715 description 2716 "All active case"; 2717 leaf all-active { 2718 type boolean; 2719 description 2720 "All active"; 2721 } 2722 } 2723 } 2724 } 2725 container precedence { 2726 description 2727 "Transport netowrk precedence selector 2728 Primary or Secondary tunnel."; 2729 leaf precedence { 2730 type identityref { 2731 base precedence-type; 2732 } 2733 description 2734 "Defining service redundancy in transport 2735 network."; 2736 } 2737 } 2738 } 2739 container ethernet-service-oam { 2740 description 2741 "Container for Ethernet service OAM."; 2742 leaf md-name { 2743 type string; 2744 description 2745 "Maintenance domain name"; 2746 } 2747 leaf md-level { 2748 type uint8; 2749 description 2750 "Maintenance domain level"; 2751 } 2752 container cfm-802.1-ag { 2753 description 2754 "Container of 802.1ag CFM configurations."; 2755 list n2-uni-c { 2756 key "maid"; 2757 description 2758 "List of UNI-N to UNI-C"; 2759 uses cfm-802-grouping; 2760 } 2761 list n2-uni-n { 2762 key "maid"; 2763 description 2764 "List of UNI-N to UNI-N"; 2765 uses cfm-802-grouping; 2766 } 2767 } 2768 uses y-1731; 2769 } 2770 container service { 2771 description 2772 "Container for service"; 2773 leaf mtu { 2774 type uint32; 2775 description 2776 "MTU, it is also known as the maximum 2777 transmission unit or maximum frame size. When a 2778 frame is larger than the MTU, it is broken down, 2779 or fragmented, into smaller pieces by the 2780 network protocol to accommodate the MTU of the 2781 network"; 2782 } 2783 container svc-input-bandwidth { 2784 if-feature "vpn-common:input-bw"; 2785 description 2786 "From the PE perspective, the service input 2787 bandwidth of the connection."; 2788 list input-bandwidth { 2789 key "type"; 2790 description 2791 "List for input bandwidth"; 2792 leaf type { 2793 type identityref { 2794 base vpn-common:bw-type; 2795 } 2796 description 2797 "Bandwidth Type"; 2798 } 2799 leaf cos-id { 2800 type uint8; 2801 description 2802 "Identifier of Class of Service 2803 , indicated by DSCP or a CE-CLAN 2804 CoS(802.1p)value in the service frame."; 2805 } 2806 leaf cir { 2807 type uint64; 2808 description 2809 "Committed Information Rate. The maximum number of 2810 bits that a port can receive or send during 2811 one-second over an interface."; 2812 } 2813 leaf cbs { 2814 type uint64; 2815 description 2816 "Committed Burst Size.CBS controls the bursty nature 2817 of the traffic. Traffic that does not use the 2818 configured CIR accumulates credits until the credits 2819 reach the configured CBS."; 2820 } 2821 leaf eir { 2822 type uint64; 2823 description 2824 "Excess Information Rate,i.e.,Excess frame delivery 2825 allowed not subject to SLA.The traffic rate can be 2826 limited by eir."; 2827 } 2828 leaf ebs { 2829 type uint64; 2830 description 2831 "Excess Burst Size. The bandwidth available for burst 2832 traffic from the EBS is subject to the amount of 2833 bandwidth that is accumulated during periods when 2834 traffic allocated by the EIR policy is not used."; 2835 } 2836 leaf pir { 2837 type uint64; 2838 description 2839 "Peak Information Rate, i.e., maixmum frame delivery 2840 allowed. It is equal to or less than sum of cir and 2841 eir."; 2842 } 2843 leaf pbs { 2844 type uint64; 2845 description 2846 "Peak Burst Size. It is measured in bytes per second."; 2847 } 2848 } 2850 } 2851 container svc-output-bandwidth { 2852 if-feature "output-bw"; 2853 description 2854 "From the PE perspective, the service output 2855 bandwidth of the connection."; 2856 list output-bandwidth { 2857 key "type"; 2858 description 2859 "List for output bandwidth"; 2860 leaf type { 2861 type identityref { 2862 base vpn-common:bw-type; 2863 } 2864 description 2865 "Bandwidth Type"; 2866 } 2867 leaf cos-id { 2868 type uint8; 2869 description 2870 "Identifier of Class of Service 2871 , indicated by DSCP or a CE-CLAN 2872 CoS(802.1p)value in the service frame."; 2873 } 2874 leaf cir { 2875 type uint64; 2876 description 2877 "Committed Information Rate. The maximum number of 2878 bits that a port can receive or send during 2879 one-second over an interface."; 2880 } 2881 leaf cbs { 2882 type uint64; 2883 description 2884 "Committed Burst Size.CBS controls the bursty nature 2885 of the traffic. Traffic that does not use the 2886 configured CIR accumulates credits until the credits 2887 reach the configured CBS."; 2888 } 2889 leaf eir { 2890 type uint64; 2891 description 2892 "Excess Information Rate,i.e.,Excess frame delivery 2893 allowed not subject to SLA.The traffic rate can be 2894 limited by eir."; 2895 } 2896 leaf ebs { 2897 type uint64; 2898 description 2899 "Excess Burst Size. The bandwidth available for burst 2900 traffic from the EBS is subject to the amount of 2901 bandwidth that is accumulated during periods when 2902 traffic allocated by the EIR policy is not used."; 2903 } 2904 leaf pir { 2905 type uint64; 2906 description 2907 "Peak Information Rate, i.e., maixmum frame delivery 2908 allowed. It is equal to or less than sum of cir and 2909 eir."; 2910 } 2911 leaf pbs { 2912 type uint64; 2913 description 2914 "Peak Burst Size. It is measured in bytes per second."; 2915 } 2916 } 2917 } 2918 container qos { 2919 if-feature "vpn-common:qos"; 2920 description 2921 "QoS configuration."; 2922 container qos-classification-policy { 2923 description 2924 "Configuration of the traffic classification 2925 policy."; 2926 list rule { 2927 key "id"; 2928 ordered-by user; 2929 description 2930 "List of classification rules."; 2931 leaf id { 2932 type string; 2933 description 2934 "A description identifying the QoS classification 2935 policy rule."; 2936 } 2937 choice match-type { 2938 default "match-flow"; 2939 description 2940 "Choice for classification."; 2941 case match-flow { 2942 container match-flow { 2943 description 2944 "Describes flow-matching criteria."; 2945 leaf dscp { 2946 type inet:dscp; 2947 description 2948 "DSCP value."; 2949 } 2950 leaf dot1q { 2951 type uint16; 2952 description 2953 "802.1Q matching. It is a VLAN tag added into 2954 a frame."; 2955 } 2956 leaf pcp { 2957 type uint8 { 2958 range "0..7"; 2959 } 2960 description 2961 "PCP value."; 2962 } 2963 leaf src-mac { 2964 type yang:mac-address; 2965 description 2966 "Source MAC address."; 2967 } 2968 leaf dst-mac { 2969 type yang:mac-address; 2970 description 2971 "Destination MAC address."; 2972 } 2973 leaf color-type { 2974 type identityref { 2975 base color-type; 2976 } 2977 description 2978 "Color types."; 2979 } 2980 leaf any { 2981 type empty; 2982 description 2983 "Allow all."; 2984 } 2985 } 2986 } 2987 case match-application { 2988 leaf match-application { 2989 type identityref { 2990 base vpn-common:customer-application; 2991 } 2992 description 2993 "Defines the application to match."; 2995 } 2996 } 2997 } 2998 leaf target-class-id { 2999 type string; 3000 description 3001 "Identification of the CoS. 3002 This identifier is internal to the 3003 administration."; 3004 } 3005 } 3006 } 3007 container qos-profile { 3008 description 3009 "QoS profile configuration."; 3010 list qos-profile { 3011 key "profile"; 3012 description 3013 "QoS profile. 3014 Can be standard profile or customized 3015 profile."; 3016 leaf profile { 3017 type leafref { 3018 path "/l2vpn-ntw/vpn-profiles" 3019 + "/valid-provider-identifiers" 3020 + "/qos-profile-identifier/id"; 3021 } 3022 description 3023 "QoS profile to be used."; 3024 } 3025 leaf direction { 3026 type identityref { 3027 base vpn-common:qos-profile-direction; 3028 } 3029 default "vpn-common:both"; 3030 description 3031 "The direction to which the QoS profile 3032 is applied."; 3033 } 3034 } 3035 } 3036 } 3037 container mac-policies { 3038 description 3039 "Container for MAC-related policies."; 3040 container access-control-list { 3041 description 3042 "Container for access control List."; 3044 list mac { 3045 key "mac-address"; 3046 description 3047 "List for MAC addresses."; 3048 leaf mac-address { 3049 type yang:mac-address; 3050 description 3051 "Specifies a MAC address."; 3052 } 3053 } 3054 } 3055 container mac-loop-prevention { 3056 description 3057 "Container of MAC loop prevention."; 3058 leaf frequency { 3059 type uint32; 3060 description 3061 "Frequency"; 3062 } 3063 leaf protection-type { 3064 type identityref { 3065 base loop-prevention-type; 3066 } 3067 description 3068 "Protection type"; 3069 } 3070 leaf number-retries { 3071 type uint32; 3072 description 3073 "Number of retries"; 3074 } 3075 } 3076 container mac-addr-limit { 3077 description 3078 "Container of MAC-Addr limit configurations"; 3079 leaf mac-num-limit { 3080 type uint16; 3081 description 3082 "maximum number of MAC addresses learned from 3083 the subscriber for a single service instance."; 3084 } 3085 leaf time-interval { 3086 type uint32; 3087 units "milliseconds"; 3088 description 3089 "The aging time of the mac address."; 3090 } 3091 leaf action { 3092 type identityref { 3093 base mac-action; 3094 } 3095 description 3096 "specify the action when the upper limit is 3097 exceeded: drop the packet, flood the 3098 packet, or simply send a warning log message."; 3099 } 3100 } 3101 } 3102 container broadcast-unknown-unicast-multicast { 3103 description 3104 "Container of broadcast, unknown unicast, and multicast 3105 configurations"; 3106 leaf multicast-site-type { 3107 type enumeration { 3108 enum receiver-only { 3109 description 3110 "The site only has receivers."; 3111 } 3112 enum source-only { 3113 description 3114 "The site only has sources."; 3115 } 3116 enum source-receiver { 3117 description 3118 "The site has both sources and receivers."; 3119 } 3120 } 3121 default "source-receiver"; 3122 description 3123 "Type of multicast site."; 3124 } 3125 list multicast-gp-address-mapping { 3126 key "id"; 3127 description 3128 "List of Port to group mappings."; 3129 leaf id { 3130 type uint16; 3131 description 3132 "Unique identifier for the mapping."; 3133 } 3134 leaf vlan-id { 3135 type uint32; 3136 description 3137 "The VLAN ID of the Multicast group."; 3138 } 3139 leaf mac-gp-address { 3140 type yang:mac-address; 3141 description 3142 "The MAC address of the Multicast group."; 3143 } 3144 leaf port-lag-number { 3145 type uint32; 3146 description 3147 "The ports/LAGs belonging to the Multicast group."; 3148 } 3149 } 3150 leaf bum-overall-rate { 3151 type uint32; 3152 description 3153 "overall rate for BUM"; 3154 } 3155 } 3156 } 3157 } 3158 } 3159 } 3160 } 3161 } 3162 } 3163 } 3164 } 3165 3167 Figure 11 3169 8. Security Considerations 3171 The YANG module specified in this document defines schema for data 3172 that is designed to be accessed via network management protocols such 3173 as NETCONF [RFC6241] or RESTCONF [RFC8040] . The lowest NETCONF layer 3174 is the secure transport layer, and the mandatory-to-implement secure 3175 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 3176 is HTTPS, and the mandatory-to-implement secure transport is TLS 3177 [RFC8446]. 3179 The Network Configuration Access Control Model (NACM) [RFC8341] 3180 provides the means to restrict access for particular NETCONF or 3181 RESTCONF users to a preconfigured subset of all available NETCONF or 3182 RESTCONF protocol operations and content. 3184 There are a number of data nodes defined in this YANG module that are 3185 writable/creatable/deletable (i.e., config true, which is the 3186 default). These data nodes may be considered sensitive or vulnerable 3187 in some network environments. Write operations (e.g., edit-config) 3188 and delete operations to these data nodes without proper protection 3189 or authentication can have a negative effect on network operations. 3190 These are the subtrees and data nodes and their sensitivity/ 3191 vulnerability in the "ietf-l2vpn-ntw" module: 3193 o 'vpn-service': An attacker who is able to access network nodes can 3194 undertake various attacks, such as deleting a running L2VPN 3195 service, interrupting all the traffic of a client. In addition, 3196 an attacker may modify the attributes of a running service (e.g., 3197 QoS, bandwidth), leading to malfunctioning of the service and 3198 therefore to SLA violations. In addition, an attacker could 3199 attempt to create an L2VPN service or adding a new network access. 3200 Such activity can be detected by adequately monitoring and 3201 tracking network configuration changes. 3203 Some of the readable data nodes in this YANG module may be considered 3204 sensitive or vulnerable in some network environments. It is thus 3205 important to control read access (e.g., via get, get-config, or 3206 notification) to these data nodes. These are the subtrees and data 3207 nodes and their sensitivity/vulnerability: 3209 o 'customer-name' and 'ip-connection': An attacker can retrieve 3210 privacy-related information which can be used to track a customer. 3211 Disclosing such information may be considered as a violation of 3212 the customer-provider trust relationship. 3214 The following summarizes the foreseen risks of using the "ietf-l2vpn- 3215 ntw" module can be classified into: 3217 o Malicious clients attempting to delete or modify VPN services. 3219 o Unauthorized clients attempting to create/modify/delete a VPN 3220 service. 3222 o Unauthorized clients attempting to read VPN service related 3223 information. 3225 9. IANA Considerations 3227 This document requests IANA to register the following URI in the "ns" 3228 subregistry within the "IETF XML Registry" [RFC3688]: 3230 URI: urn:ietf:params:xml:ns:yang:ietf-l2vpn-ntw 3231 Registrant Contact: The IESG. 3232 XML: N/A; the requested URI is an XML namespace. 3234 This document requests IANA to register the following YANG module in 3235 the "YANG Module Names" subregistry [RFC6020] within the "YANG 3236 Parameters" registry: 3238 name: ietf-l2vpn-ntw 3239 namespace: urn:ietf:params:xml:ns:yang:ietf-l2vpn-ntw 3240 maintained by IANA: N 3241 prefix: l2vpn-ntw 3242 reference: RFC XXXX 3244 10. References 3246 10.1. Normative References 3248 [I-D.ietf-opsawg-vpn-common] 3249 barguil, s., Dios, O., Boucadair, M., and Q. WU, "A Layer 3250 2/3 VPN Common YANG Model", draft-ietf-opsawg-vpn- 3251 common-03 (work in progress), January 2021. 3253 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 3254 Requirement Levels", BCP 14, RFC 2119, 3255 DOI 10.17487/RFC2119, March 1997, 3256 . 3258 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 3259 DOI 10.17487/RFC3688, January 2004, 3260 . 3262 [RFC4761] Kompella, K., Ed. and Y. Rekhter, Ed., "Virtual Private 3263 LAN Service (VPLS) Using BGP for Auto-Discovery and 3264 Signaling", RFC 4761, DOI 10.17487/RFC4761, January 2007, 3265 . 3267 [RFC4762] Lasserre, M., Ed. and V. Kompella, Ed., "Virtual Private 3268 LAN Service (VPLS) Using Label Distribution Protocol (LDP) 3269 Signaling", RFC 4762, DOI 10.17487/RFC4762, January 2007, 3270 . 3272 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 3273 the Network Configuration Protocol (NETCONF)", RFC 6020, 3274 DOI 10.17487/RFC6020, October 2010, 3275 . 3277 [RFC6074] Rosen, E., Davie, B., Radoaca, V., and W. Luo, 3278 "Provisioning, Auto-Discovery, and Signaling in Layer 2 3279 Virtual Private Networks (L2VPNs)", RFC 6074, 3280 DOI 10.17487/RFC6074, January 2011, 3281 . 3283 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 3284 and A. Bierman, Ed., "Network Configuration Protocol 3285 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 3286 . 3288 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 3289 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 3290 . 3292 [RFC6624] Kompella, K., Kothari, B., and R. Cherukuri, "Layer 2 3293 Virtual Private Networks Using BGP for Auto-Discovery and 3294 Signaling", RFC 6624, DOI 10.17487/RFC6624, May 2012, 3295 . 3297 [RFC7209] Sajassi, A., Aggarwal, R., Uttaro, J., Bitar, N., 3298 Henderickx, W., and A. Isaac, "Requirements for Ethernet 3299 VPN (EVPN)", RFC 7209, DOI 10.17487/RFC7209, May 2014, 3300 . 3302 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 3303 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 3304 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 3305 2015, . 3307 [RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W. 3308 Henderickx, "Provider Backbone Bridging Combined with 3309 Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623, 3310 September 2015, . 3312 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 3313 RFC 7950, DOI 10.17487/RFC7950, August 2016, 3314 . 3316 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 3317 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 3318 . 3320 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 3321 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 3322 May 2017, . 3324 [RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J. 3325 Rabadan, "Virtual Private Wire Service Support in Ethernet 3326 VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017, 3327 . 3329 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 3330 Access Control Model", STD 91, RFC 8341, 3331 DOI 10.17487/RFC8341, March 2018, 3332 . 3334 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 3335 and R. Wilton, "Network Management Datastore Architecture 3336 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 3337 . 3339 [RFC8365] Sajassi, A., Ed., Drake, J., Ed., Bitar, N., Shekhar, R., 3340 Uttaro, J., and W. Henderickx, "A Network Virtualization 3341 Overlay Solution Using Ethernet VPN (EVPN)", RFC 8365, 3342 DOI 10.17487/RFC8365, March 2018, 3343 . 3345 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 3346 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 3347 . 3349 [RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG 3350 Data Model for Layer 2 Virtual Private Network (L2VPN) 3351 Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October 3352 2018, . 3354 10.2. Informative References 3356 [I-D.ietf-teas-enhanced-vpn] 3357 Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A 3358 Framework for Enhanced Virtual Private Network (VPN+) 3359 Services", draft-ietf-teas-enhanced-vpn-07 (work in 3360 progress), February 2021. 3362 [I-D.ietf-teas-ietf-network-slices] 3363 Farrel, A., Gray, E., Drake, J., Rokui, R., Homma, S., 3364 Makhijani, K., Contreras, L. M., and J. Tantsura, 3365 "Framework for IETF Network Slices", draft-ietf-teas-ietf- 3366 network-slices-00 (work in progress), April 2021. 3368 [RFC3644] Snir, Y., Ramberg, Y., Strassner, J., Cohen, R., and B. 3369 Moore, "Policy Quality of Service (QoS) Information 3370 Model", RFC 3644, DOI 10.17487/RFC3644, November 2003, 3371 . 3373 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 3374 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 3375 . 3377 [RFC7297] Boucadair, M., Jacquenet, C., and N. Wang, "IP 3378 Connectivity Provisioning Profile (CPP)", RFC 7297, 3379 DOI 10.17487/RFC7297, July 2014, 3380 . 3382 [RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models 3383 Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018, 3384 . 3386 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 3387 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 3388 . 3390 [RFC8345] Clemm, A., Medved, J., Varga, R., Bahadur, N., 3391 Ananthakrishnan, H., and X. Liu, "A YANG Data Model for 3392 Network Topologies", RFC 8345, DOI 10.17487/RFC8345, March 3393 2018, . 3395 [RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for 3396 Abstraction and Control of TE Networks (ACTN)", RFC 8453, 3397 DOI 10.17487/RFC8453, August 2018, 3398 . 3400 [RFC8969] Wu, Q., Ed., Boucadair, M., Ed., Lopez, D., Xie, C., and 3401 L. Geng, "A Framework for Automating Service and Network 3402 Management with YANG", RFC 8969, DOI 10.17487/RFC8969, 3403 January 2021, . 3405 Appendix A. Examples 3407 To be completed 3409 Acknowledgements 3411 During the discussions of this work, helpful comments, suggestions, 3412 and reviews were received from: Sergio Belotti, Italo Busi, Miguel 3413 Cros Cecilia, Joe Clarke, Dhruv Dhody, Adrian Farrel, Roque Gagliano, 3414 Christian Jacquenet, Kireeti Kompella, Julian Lucek, Erez Segev and 3415 Tom Petch. Many thanks to them. 3417 Luay Jalil, Jichun Ma, Daniel King, and Zhang Guiyu contributed to an 3418 early version of this document. 3420 Thanks to Yingzhen Qu for the rtgdir review. 3422 Contributors 3424 Victor Lopez 3425 Telefonica 3426 Email: victor.lopezalvarez@telefonica.com 3428 Qin Wu 3429 Huawei 3430 Email: bill.wu@huawei.com 3432 Raul Arco 3433 Nokia 3434 Email: raul.arco@nokia.com 3436 Authors' Addresses 3438 Samier Barguil (editor) 3439 Telefonica 3440 Madrid 3441 ES 3443 Email: samier.barguilgiraldo.ext@telefonica.com 3445 Oscar Gonzalez de Dios (editor) 3446 Telefonica 3447 Madrid 3448 ES 3450 Email: oscar.gonzalezdedios@telefonica.com 3452 Mohamed Boucadair (editor) 3453 Orange 3454 France 3456 Email: mohamed.boucadair@orange.com 3458 Luis Angel Munoz 3459 Vodafone 3460 ES 3462 Email: luis-angel.munoz@vodafone.com