idnits 2.17.1 draft-ietf-opsawg-l3sm-l3nm-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 132 instances of too long lines in the document, the longest one being 76 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 397 has weird spacing: '...--rw id str...' == Line 399 has weird spacing: '...--rw id str...' == Line 401 has weird spacing: '...--rw id str...' == Line 403 has weird spacing: '...--rw id str...' == Line 405 has weird spacing: '...--rw id str...' == (23 more instances...) -- The document date (October 18, 2019) is 1651 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'I-D.evenwu-opsawg-yang-composed-vpn' is mentioned on line 122, but not defined Summary: 1 error (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force A. Aguado 3 Internet-Draft Nokia 4 Intended status: Standards Track O. Gonzalez de Dios, Ed. 5 Expires: April 20, 2020 V. Lopez 6 Telefonica 7 D. Voyer 8 Bell Canada 9 L. Munoz 10 Vodafone 11 October 18, 2019 13 Layer 3 VPN Network Model 14 draft-ietf-opsawg-l3sm-l3nm-00 16 Abstract 18 RFC8299 defines a L3VPN Service YANG data Model (L3SM) that can be 19 used for communication between customers and network operators. Such 20 model is adequate for the customer to network operator conversation 21 and plays the role of a Customer Service Model, according to the 22 terminology defined in RFC8309. 24 There is a need for a YANG model to be used in the communication 25 between the entity that interacts directly with the customer, the 26 service orchestrator, (either fully automated or a human operator) 27 and the entity in charge of network orchestration and control (aka 28 network controller / orchestrator). 30 This document proposes a L3VPN Network Yang Model (L3NM) to 31 facilitate communication between a service orchestrator and a network 32 controller / orchestrator. The resulting model is called the L3VPN 33 Network Model (L3NM) and provides a network-centric view of the L3VPN 34 services. 36 Status of This Memo 38 This Internet-Draft is submitted in full conformance with the 39 provisions of BCP 78 and BCP 79. 41 Internet-Drafts are working documents of the Internet Engineering 42 Task Force (IETF). Note that other groups may also distribute 43 working documents as Internet-Drafts. The list of current Internet- 44 Drafts is at https://datatracker.ietf.org/drafts/current/. 46 Internet-Drafts are draft documents valid for a maximum of six months 47 and may be updated, replaced, or obsoleted by other documents at any 48 time. It is inappropriate to use Internet-Drafts as reference 49 material or to cite them other than as "work in progress." 51 This Internet-Draft will expire on April 20, 2020. 53 Copyright Notice 55 Copyright (c) 2019 IETF Trust and the persons identified as the 56 document authors. All rights reserved. 58 This document is subject to BCP 78 and the IETF Trust's Legal 59 Provisions Relating to IETF Documents 60 (https://trustee.ietf.org/license-info) in effect on the date of 61 publication of this document. Please review these documents 62 carefully, as they describe your rights and restrictions with respect 63 to this document. Code Components extracted from this document must 64 include Simplified BSD License text as described in Section 4.e of 65 the Trust Legal Provisions and are provided without warranty as 66 described in the Simplified BSD License. 68 Table of Contents 70 1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . 3 71 1.1. TERMINOLOGY . . . . . . . . . . . . . . . . . . . . . . . 3 72 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 73 2. REFERENCE ARCHITECTURE . . . . . . . . . . . . . . . . . . . 4 74 3. YANG MODEL EXPLANATION . . . . . . . . . . . . . . . . . . . 6 75 3.1. STRUCTURE OF THE MODEL . . . . . . . . . . . . . . . . . 7 76 3.2. SITE AND BEARERS . . . . . . . . . . . . . . . . . . . . 7 77 3.3. BEARER AND ETHERNET ENCAPSULATION . . . . . . . . . . . . 7 78 3.4. MULTI-DOMAIN RESOURCE MANAGEMENT . . . . . . . . . . . . 7 79 3.5. REMOTE FAR-END CONFIGURATION . . . . . . . . . . . . . . 8 80 3.6. PROVIDE EDGE IDENTIFICATION POINT . . . . . . . . . . . . 8 81 4. DESING OF THE DATA MODEL . . . . . . . . . . . . . . . . . . 9 82 5. YANG MODULE . . . . . . . . . . . . . . . . . . . . . . . . . 20 83 6. IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . 93 84 7. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . 93 85 8. IMPLEMENTATION STATUS . . . . . . . . . . . . . . . . . . . . 93 86 9. ACKNOWLEDGEMENTS . . . . . . . . . . . . . . . . . . . . . . 94 87 10. CONTRIBUTORS . . . . . . . . . . . . . . . . . . . . . . . . 94 88 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 94 89 11.1. NORMATIVE REFERENCES . . . . . . . . . . . . . . . . . . 94 90 11.2. INFORMATIVE REFERENCES . . . . . . . . . . . . . . . . . 94 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 95 93 1. INTRODUCTION 95 [RFC8299] defines a L3VPN Service YANG data Model (L3SM) model that 96 can be used for communication between customers and network 97 operators. Such model is focused on describing the customer view of 98 the services, and provides an abstracted view of the customer's 99 requested services. That aproach limits the usage of the L3SM to the 100 role of a Customer Service Model, according to the terminology 101 defined in [RFC8309]. 103 The YANG data model proposed in this document is called the L3VPN 104 Network Model (L3NM). The L3NM model is aimed at providing a 105 network-centric view of L3 VPN Services. The model can be used to 106 facilitate communication between the service orchestrator, and the 107 network controller / orchestrator. It enables further capabilities, 108 such as resource management or to serve as a multi-domain 109 orchestration interface, where transport resources must be 110 synchronized. The YANG module has been built with a prune and extend 111 approach, taking as a starting points the YANG model described in 112 [RFC8299]. 114 Hence, this document does not obsolete, but complements, the 115 definitions in [RFC8299]. It aims to provide a different scope for 116 the L3SM, but does not attempt to address all deployment cases 117 especially those where the L3VPN connectivity is supported through 118 the coordination of different VPNs in different underlying networks. 119 More complex deployment scenarios involving the coordination of 120 different VPN instances and different technologies to provide end-to- 121 end VPN connectivity are addressed by a complementary YANG model 122 defined in [I-D.evenwu-opsawg-yang-composed-vpn]. 124 1.1. TERMINOLOGY 126 This document assumes that the reader is familiar with the contents 127 of [RFC6241], [RFC7950], [RFC8299], [RFC8309], and [RFC8453] and uses 128 terminology from those documents. Tree diagrams used in this 129 document follow the notation defined in [RFC8340]. 131 1.2. Requirements Language 133 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 134 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 135 "OPTIONAL" in this document are to be interpreted as described in BCP 136 14 [RFC2119] [RFC8174] when, and only when, they appear in all 137 capitals, as shown here. 139 2. REFERENCE ARCHITECTURE 141 Figure 1 shows where the L3NM is used in a management stack. The 142 figure is an expansion of the architecture presented in Section 5 of 143 [RFC8299] and decomposes the box marked "orchestration" in that 144 figure into three separate functional components called "Service 145 Orchestration", "Network Orchestration", and "Domain Orchestration". 147 Note that some implementations may choose to construct a monolithic 148 orchestration component, but this document assumes that there are 149 many benefits for flexiblity of implementation and deployment to 150 separate the functional components, and that separation demands the 151 existence of sepearate YANG models to be used between the components. 153 At the same time, terminology from [RFC8309] is introduced to show 154 the distinction between the "Customer Service Model", the "Service 155 Delivery Model", the "Network Configuration Model", and the "Device 156 Configuration Model". In that context, the "Domain Orchestration" 157 and "Config Manager" roles may be performed by "Controllers". 159 +---------------+ 160 | Customer | 161 +---------------+ 162 Customer Service Model | 163 l3vpn-svc | 164 +---------------+ 165 | Service | 166 | Orchestration | 167 +---------------+ 168 Service Delivery Model | 169 l3nm-svc | 170 (l3vpn-svc + extensions) | 171 +---------------+ 172 | Network | 173 | Orchestration | 174 +---------------+ 175 Network Configuration Model | 176 __________|____________ 177 | | 178 +---------------+ +---------------+ 179 | Domain | | Domain | 180 | Orchestration | | Orchestration | 181 +---------------+ +---------------+ 182 Device | | | 183 Configuration | | | 184 Model | | | 185 +---------+ | | 186 | Config | | | 187 | Manager | | | 188 +---------+ | | 189 | | | 190 | NETCONF/CLI.................. 191 | | | 192 +------------------------------------------------+ 193 Network 195 Figure 1: L3SM and L3NM 197 The L3SM and L3NM may also be set in the context of the ACTN 198 architecture [RFC8453]. Figure 2 shows the Customer Network 199 Controller (CNC), the Multi-Domain Service Coordinator (MDSC), and 200 the Provisioning Network Controller (PNC). It also shows the 201 interfaces between these functional units: the CNC-MDSC Interface 202 (CMI), the MDSC-PNC Interface (MPI), and the Southbound Interface 203 (SBI). 205 ---------------------------------- 206 | Customer | 207 | ----------------------------- | 208 | | CNC | | 209 | ----------------------------- | 210 ----:-----------------------:----- 211 : : 212 : L3SM : L3SM 213 : : 214 ---------:--------- ------------------- 215 | MDSC : | | MDSC | 216 | --------------- | | (parent) | 217 | | Service | | ------------------- 218 | | Orchestration | | : 219 | --------------- | : L3NM 220 | : | : 221 | : L3NM | ------------------- 222 | : | | MDSC | 223 | --------------- | | (child) | 224 | | Network | | ------------------- 225 | | Orchestration | | : 226 | --------------- | : 227 ---------:--------- : 228 : : 229 : Network Configuration : 230 : : 231 ------------:------- ---------:------------ 232 | Domain : | | : Domain | 233 | Controller : | | : Controller | 234 | --------- | | --------- | 235 | | PNC | | | | PNC | | 236 | --------- | | --------- | 237 ------------:------- ---------:------------ 238 : : 239 : Device Configuration : 240 : : 241 -------- -------- 242 | Device | | Device | 243 -------- -------- 245 Figure 2: L3SM and L3NM in the Context of ACTN 247 3. YANG MODEL EXPLANATION 249 The scenarios covered in the L3NM model includes: the integration of 250 Ethernet and encapsulation parameters, the extension for transport 251 resources (e.g., Route targets and Route distinguishers) to be 252 orchestrated from the management system, far-end configuration of PEs 253 not managed by the management system and the definition for PE 254 identification. 256 3.1. STRUCTURE OF THE MODEL 258 The YANG module is divided into three main containers: "vpn- 259 services","sites" and "vpn-profiles". 261 3.2. SITE AND BEARERS 263 A site, as per [RFC8299], represents a connection of a customer 264 office to one or more VPN services. As this YANG module, is the 265 network view, each site is associated with a list of bearers. A 266 bearer is the layer two connections with the site. In the module it 267 is assumed that the bearer has been allocated by the Service Provider 268 (e.g., by the service orchestrator). The bearer is associated to a 269 network element and a port. Hence, a bearer is not just a bearer- 270 reference, but also a true reference to a given port in the service 271 provider network. 273 3.3. BEARER AND ETHERNET ENCAPSULATION 275 The definition of a L3VPN is commonly specified not only at the IP 276 layer, but also requires to identify parameters at the Ethernet 277 layer, such as encapsulation type (e.g., VLAN, QinQ, QinAny, VxLAN, 278 etc.). This specification is not supported in [RFC8299], whilst it 279 suggests that any extension on this direction shall be implemented 280 via augmentation of the bearer container. The extension defined to 281 cope with these parameters uses the connection container inside the 282 site-network-access defined by the [RFC8466]. This container defines 283 protocol parameters to enable connectivity at Layer 2. In the 284 context of L3SM, the augmentation includes only mandatory parameters 285 for the service configuration, which are mainly related to the 286 interface encapsulation. Other definitions from L2SM connection 287 container are left aside. For example, Link Aggregation (LAG) 288 information is not required and it shall be configured prior to the 289 service configuration, being the aggregated interface identified in 290 the model as the bearer-reference, as discussed later in Section 3.4. 292 3.4. MULTI-DOMAIN RESOURCE MANAGEMENT 294 The implementation of L3VPN services which span across 295 administratively separated domains (i.e., that are under the 296 administration of different management systems or controllers) 297 requires some network resources to be synchronized between systems. 298 Particularly, there are two resources that must be orchestrated and 299 manage to avoid asymmetric (non-functional) configuration, or the 300 usage of unavailable resources. For example, RTs shall be 301 synchronized between PEs. When every PE is controlled by the same 302 management system, RT allocation can be performed by the system. In 303 cases where the service spans across multiple management systems, 304 this task of allocating RTs has to be aligned across the domains, 305 therefore, the service model must provide a way to specify RTs. In 306 addition, RDs must also be synchronized to avoid collisions in RD 307 allocation between separate systems. An incorrect allocation might 308 lead to the same RD and IP prefixes being exported by different PE 309 routers. 311 3.5. REMOTE FAR-END CONFIGURATION 313 Depending on the control plane implementation, different network 314 scenarios might require additional information for the L3VPN service 315 to be configured and active. For example, an L3VPN Option C service, 316 if no reflection of IPv4 VPN routes is configured via ASBR or route 317 reflector, may require additional configuration (e.g. a new BGP 318 neighbor) to be coordinated between both management systems. This 319 definition requires for every management system participant in the 320 VPN to receive not just their own sites and site-network-accesses, 321 but also to receive information about external ones, identified as an 322 external site-network-access-type. In addition, this particular 323 site-network-access is augmented to include the loopback address of 324 the far-end (remote/external) PE router. 326 3.6. PROVIDE EDGE IDENTIFICATION POINT 328 [RFC8299] states that the "bearer-reference" parameter is used in 329 cases where the customer has already ordered a network connection to 330 the service provider (SP) apart from the IP VPN site and wants to 331 reuse this connection. The string used is an internal reference from 332 the SP and describes the already-available connection. Usually, a 333 client interface (either a customer one or an interface used by the 334 SP) is already in place and connected, although it has not being use 335 previously. In some other cases (e.g., for stitching purposes), the 336 termination of a VPN service is done over logical terminations within 337 a PE router. 339 The bearer-reference must serve as a strict unequivocal parameters to 340 identify the connection between a PE and a client (CE). This means 341 that, despite the type is maintained as a string and there is no 342 restriction in the way this data is formed, the bearer-reference must 343 serve as the unique way to identify the PE router and the client 344 interface. This, together with the encapsulation augments proposed 345 in Section 3.2, serves as the way to identify the client interface 346 and configure L2 specific parameters. 348 4. DESING OF THE DATA MODEL 350 The augmentations defined in this document are organised per 351 scenario, as defined in Section 3. The case described Section 3.4 352 does not need any further extension of the data model and only 353 requires a more restricted definition on how the data model is used 354 for PE router and client port identification, so no augmentation is 355 implemented for this scenario. 357 The augmentations implemented are distributed as follows: 359 o An extension including RT and RD definition for the L3VPN, 360 following the YANG definitions from BESS-L3VPN. This extension 361 was developed creating a container "ie-profiles" under the VPN 362 Service. All the import-export information can be created and 363 reused for several VPN-Nodes. 365 * If the "ie-profile" is empty the domain controller should 366 automatically assing RD and RTs. This is not valid for a 367 multi-domain scenario 369 o The second augmentation copes with the information from a remote 370 PE not directly under management system supervision. This 371 augmentation does not follow any previously defined model and 372 includes the loopback IP address of the external router. 374 o The third augmentation copes with a pseudowire termination under a 375 VPN service. This termination requires the management of the 376 Virtual Circuit Identifier under the VPN service. 378 o Access-group-id has been added within the site network access in 379 order to allow associations between interfaces that have similar 380 behaviors. For example, identify two interfaces in dual homing 381 distribution. 383 o The last augmentation includes information below layer 3 that is 384 required for the service. In particular, we include information 385 related to clients interface encapsulation and aggregation. 387 The high-level model structure defined by this document is as shown 388 below: 390 |-------------------- EXAMPLE --------------------| 392 module: ietf-l3vpn-ntw 393 +--rw l3vpn-ntw 394 +--rw vpn-profiles 395 | +--rw valid-provider-identifiers 396 | +--rw cloud-identifier* [id] {cloud-access}? 397 | | +--rw id string 398 | +--rw encryption-profile-identifier* [id] 399 | | +--rw id string 400 | +--rw qos-profile-identifier* [id] 401 | | +--rw id string 402 | +--rw bfd-profile-identifier* [id] 403 | | +--rw id string 404 | +--rw routing-profile-identifier* [id] 405 | +--rw id string 406 +--rw vpn-services 407 | +--rw vpn-service* [vpn-id] 408 | +--rw vpn-id svc-id 409 | +--rw customer-name? string 410 | +--rw vpn-service-topology? identityref 411 | +--rw description? string 412 | +--rw ie-profiles 413 | | +--rw ie-profile* [ie-profile-id] 414 | | +--rw ie-profile-id string 415 | | +--rw rd? rt-types:route-distinguisher 416 | | +--rw vpn-targets 417 | | +--rw vpn-target* [route-target] 418 | | +--rw route-target rt-types:route-target 419 | | +--rw route-target-type rt-types:route-target-type 420 | +--rw vpn-nodes 421 | | +--rw vpn-node* [vpn-node-id ne-id] 422 | | +--rw vpn-node-id string 423 | | +--rw description? string 424 | | +--rw ne-id string 425 | | +--rw router-id? inet:ip-address 426 | | +--rw address-family? address-family 427 | | +--rw node-role? identityref 428 | | +--rw rd? rt-types:route-distinguisher 429 | | +--rw vpn-targets 430 | | | +--rw vpn-target* [route-target] 431 | | | +--rw route-target rt-types:route-target 432 | | | +--rw route-target-type rt-types:route-target-type 433 | | +--rw status 434 | | | +--rw admin-enabled? boolean 435 | | | +--ro oper-status? operational-type 436 | | +--rw maximum-routes 437 | | | +--rw address-family* [af] 438 | | | +--rw af address-family 439 | | | +--rw maximum-routes? uint32 440 | | +--rw node-ie-profile? -> /l3vpn-ntw/vpn-services/vpn-service/ie-profiles/ie-profile/ie-profile-id 441 | +--rw cloud-accesses {cloud-access}? 442 | | +--rw cloud-access* [cloud-identifier] 443 | | +--rw cloud-identifier -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/cloud-identifier/id 444 | | +--rw (list-flavor)? 445 | | | +--:(permit-any) 446 | | | | +--rw permit-any? empty 447 | | | +--:(deny-any-except) 448 | | | | +--rw permit-site* -> /l3vpn-ntw/sites/site/site-id 449 | | | +--:(permit-any-except) 450 | | | +--rw deny-site* -> /l3vpn-ntw/sites/site/site-id 451 | | +--rw address-translation 452 | | +--rw nat44 453 | | +--rw enabled? boolean 454 | | +--rw nat44-customer-address? inet:ipv4-address 455 | +--rw multicast {multicast}? 456 | | +--rw enabled? boolean 457 | | +--rw customer-tree-flavors 458 | | | +--rw tree-flavor* identityref 459 | | +--rw rp 460 | | +--rw rp-group-mappings 461 | | | +--rw rp-group-mapping* [id] 462 | | | +--rw id uint16 463 | | | +--rw provider-managed 464 | | | | +--rw enabled? boolean 465 | | | | +--rw rp-redundancy? boolean 466 | | | | +--rw optimal-traffic-delivery? boolean 467 | | | +--rw rp-address inet:ip-address 468 | | | +--rw groups 469 | | | +--rw group* [id] 470 | | | +--rw id uint16 471 | | | +--rw (group-format) 472 | | | +--:(singleaddress) 473 | | | | +--rw group-address? inet:ip-address 474 | | | +--:(startend) 475 | | | +--rw group-start? inet:ip-address 476 | | | +--rw group-end? inet:ip-address 477 | | +--rw rp-discovery 478 | | +--rw rp-discovery-type? identityref 479 | | +--rw bsr-candidates 480 | | +--rw bsr-candidate-address* inet:ip-address 481 | +--rw carrierscarrier? boolean {carrierscarrier}? 482 | +--rw extranet-vpns {extranet-vpn}? 483 | +--rw extranet-vpn* [vpn-id] 484 | +--rw vpn-id svc-id 485 | +--rw local-sites-role? identityref 486 +--rw sites 487 +--rw site* [site-id] 488 +--rw site-id svc-id 489 +--rw description? string 490 +--rw requested-site-start? yang:date-and-time 491 +--rw requested-site-stop? yang:date-and-time 492 +--rw locations 493 | +--rw location* [location-id] 494 | +--rw location-id svc-id 495 | +--rw address? string 496 | +--rw postal-code? string 497 | +--rw state? string 498 | +--rw city? string 499 | +--rw country-code? string 500 +--rw devices 501 | +--rw device* [device-id] 502 | +--rw device-id svc-id 503 | +--rw location -> ../../../locations/location/location-id 504 | +--rw management 505 | +--rw address-family? address-family 506 | +--rw address inet:ip-address 507 +--rw site-diversity {site-diversity}? 508 | +--rw groups 509 | +--rw group* [group-id] 510 | +--rw group-id string 511 +--rw management 512 | +--rw type identityref 513 +--rw site-vpn-flavor? identityref 514 +--rw maximum-routes 515 | +--rw address-family* [af] 516 | +--rw af address-family 517 | +--rw maximum-routes? uint32 518 +--rw security 519 | +--rw authentication 520 | +--rw encryption {encryption}? 521 | | +--rw enabled? boolean 522 | | +--rw layer? enumeration 523 | +--rw encryption-profile 524 | +--rw (profile)? 525 | | +--:(provider-profile) 526 | | | +--rw profile-name? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/encryption-profile-identifier/id 527 | | +--:(customer-profile) 528 | | +--rw algorithm? string 529 | +--rw (key-type)? 530 | +--:(psk) 531 | +--rw preshared-key? string 532 +--rw service 533 | +--rw qos {qos}? 534 | | +--rw qos-classification-policy 535 | | | +--rw rule* [id] 536 | | | +--rw id string 537 | | | +--rw (match-type)? 538 | | | | +--:(match-flow) 539 | | | | | +--rw match-flow 540 | | | | | +--rw dscp? inet:dscp 541 | | | | | +--rw dot1p? uint8 542 | | | | | +--rw ipv4-src-prefix? inet:ipv4-prefix 543 | | | | | +--rw ipv6-src-prefix? inet:ipv6-prefix 544 | | | | | +--rw ipv4-dst-prefix? inet:ipv4-prefix 545 | | | | | +--rw ipv6-dst-prefix? inet:ipv6-prefix 546 | | | | | +--rw l4-src-port? inet:port-number 547 | | | | | +--rw target-sites* svc-id {target-sites}? 548 | | | | | +--rw l4-src-port-range 549 | | | | | | +--rw lower-port? inet:port-number 550 | | | | | | +--rw upper-port? inet:port-number 551 | | | | | +--rw l4-dst-port? inet:port-number 552 | | | | | +--rw l4-dst-port-range 553 | | | | | | +--rw lower-port? inet:port-number 554 | | | | | | +--rw upper-port? inet:port-number 555 | | | | | +--rw protocol-field? union 556 | | | | +--:(match-application) 557 | | | | +--rw match-application? identityref 558 | | | +--rw target-class-id? string 559 | | +--rw qos-profile 560 | | +--rw (qos-profile)? 561 | | +--:(standard) 562 | | | +--rw profile? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id 563 | | | +--rw direction? identityref 564 | | +--:(custom) 565 | | +--rw classes {qos-custom}? 566 | | +--rw class* [class-id] 567 | | +--rw class-id string 568 | | +--rw direction? identityref 569 | | +--rw rate-limit? decimal64 570 | | +--rw latency 571 | | | +--rw (flavor)? 572 | | | +--:(lowest) 573 | | | | +--rw use-lowest-latency? empty 574 | | | +--:(boundary) 575 | | | +--rw latency-boundary? uint16 576 | | +--rw jitter 577 | | | +--rw (flavor)? 578 | | | +--:(lowest) 579 | | | | +--rw use-lowest-jitter? empty 580 | | | +--:(boundary) 581 | | | +--rw latency-boundary? uint32 582 | | +--rw bandwidth 583 | | +--rw guaranteed-bw-percent decimal64 584 | | +--rw end-to-end? empty 585 | +--rw carrierscarrier {carrierscarrier}? 586 | | +--rw signalling-type? enumeration 587 | +--rw multicast {multicast}? 588 | +--rw multicast-site-type? enumeration 589 | +--rw multicast-address-family 590 | | +--rw ipv4? boolean {ipv4}? 591 | | +--rw ipv6? boolean {ipv6}? 592 | +--rw protocol-type? enumeration 593 +--rw traffic-protection {fast-reroute}? 594 | +--rw enabled? boolean 595 +--rw routing-protocols 596 | +--rw routing-protocol* [type] 597 | +--rw type identityref 598 | +--rw routing-profiles* [id] 599 | | +--rw id -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/routing-profile-identifier/id 600 | | +--rw type? ie-type 601 | +--rw ospf {rtg-ospf}? 602 | | +--rw address-family* address-family 603 | | +--rw area-address yang:dotted-quad 604 | | +--rw metric? uint16 605 | | +--rw mtu? uint16 606 | | +--rw security 607 | | | +--rw auth-key? string 608 | | +--rw sham-links {rtg-ospf-sham-link}? 609 | | +--rw sham-link* [target-site] 610 | | +--rw target-site svc-id 611 | | +--rw metric? uint16 612 | +--rw bgp {rtg-bgp}? 613 | | +--rw autonomous-system uint32 614 | | +--rw address-family* address-family 615 | | +--rw neighbor? inet:ip-address 616 | | +--rw multihop? uint8 617 | | +--rw security 618 | | +--rw auth-key? string 619 | +--rw static 620 | | +--rw cascaded-lan-prefixes 621 | | +--rw ipv4-lan-prefixes* [lan next-hop] {ipv4}? 622 | | | +--rw lan inet:ipv4-prefix 623 | | | +--rw lan-tag? string 624 | | | +--rw next-hop inet:ipv4-address 625 | | +--rw ipv6-lan-prefixes* [lan next-hop] {ipv6}? 626 | | +--rw lan inet:ipv6-prefix 627 | | +--rw lan-tag? string 628 | | +--rw next-hop inet:ipv6-address 629 | +--rw rip {rtg-rip}? 630 | | +--rw address-family* address-family 631 | +--rw vrrp {rtg-vrrp}? 632 | +--rw address-family* address-family 633 +--ro actual-site-start? yang:date-and-time 634 +--ro actual-site-stop? yang:date-and-time 635 +--rw site-bearers 636 | +--rw bearer* [bearer-id] 637 | +--rw bearer-id string 638 | +--rw BearerType? identityref 639 | +--rw ne-id? string 640 | +--rw port-id? string 641 | +--rw lag-id? string 642 +--rw site-network-accesses 643 +--rw site-network-access* [site-network-access-id] 644 +--rw site-network-access-id svc-id 645 +--rw description? string 646 +--rw status 647 | +--rw admin-enabled? boolean 648 | +--ro oper-status? operational-type 649 +--rw site-network-access-type? identityref 650 +--rw (location-flavor) 651 | +--:(location) 652 | | +--rw location-reference? -> ../../../locations/location/location-id 653 | +--:(device) 654 | +--rw device-reference? -> ../../../devices/device/device-id 655 +--rw access-diversity {site-diversity}? 656 | +--rw groups 657 | | +--rw group* [group-id] 658 | | +--rw group-id string 659 | +--rw constraints 660 | +--rw constraint* [constraint-type] 661 | +--rw constraint-type identityref 662 | +--rw target 663 | +--rw (target-flavor)? 664 | +--:(id) 665 | | +--rw group* [group-id] 666 | | +--rw group-id string 667 | +--:(all-accesses) 668 | | +--rw all-other-accesses? empty 669 | +--:(all-groups) 670 | +--rw all-other-groups? empty 671 +--rw bearer 672 | +--rw requested-type {requested-type}? 673 | | +--rw requested-type? string 674 | | +--rw strict? boolean 675 | +--rw always-on? boolean {always-on}? 676 | +--rw bearer-reference? string {bearer-reference}? 677 | +--rw connection 678 | | +--rw encapsulation-type? identityref 679 | | +--rw tagged-interface 680 | | +--rw type? identityref 681 | | +--rw dot1q-vlan-tagged {dot1q}? 682 | | | +--rw tag-type? identityref 683 | | | +--rw cvlan-id? uint16 684 | | +--rw priority-tagged 685 | | | +--rw tag-type? identityref 686 | | +--rw qinq {qinq}? 687 | | | +--rw tag-type? identityref 688 | | | +--rw svlan-id uint16 689 | | | +--rw cvlan-id uint16 690 | | +--rw qinany {qinany}? 691 | | | +--rw tag-type? identityref 692 | | | +--rw svlan-id uint16 693 | | +--rw vxlan {vxlan}? 694 | | +--rw vni-id uint32 695 | | +--rw peer-mode? identityref 696 | | +--rw peer-list* [peer-ip] 697 | | +--rw peer-ip inet:ip-address 698 | +--rw pseudowire 699 | +--rw vcid? uint32 700 +--rw ip-connection 701 | +--rw ipv4 {ipv4}? 702 | | +--rw address-allocation-type? identityref 703 | | +--rw provider-dhcp 704 | | | +--rw provider-address? inet:ipv4-address 705 | | | +--rw prefix-length? uint8 706 | | | +--rw (address-assign)? 707 | | | +--:(number) 708 | | | | +--rw number-of-dynamic-address? uint16 709 | | | +--:(explicit) 710 | | | +--rw customer-addresses 711 | | | +--rw address-group* [group-id] 712 | | | +--rw group-id string 713 | | | +--rw start-address? inet:ipv4-address 714 | | | +--rw end-address? inet:ipv4-address 715 | | +--rw dhcp-relay 716 | | | +--rw provider-address? inet:ipv4-address 717 | | | +--rw prefix-length? uint8 718 | | | +--rw customer-dhcp-servers 719 | | | +--rw server-ip-address* inet:ipv4-address 720 | | +--rw addresses 721 | | +--rw provider-address? inet:ipv4-address 722 | | +--rw customer-address? inet:ipv4-address 723 | | +--rw prefix-length? uint8 724 | +--rw ipv6 {ipv6}? 725 | | +--rw address-allocation-type? identityref 726 | | +--rw provider-dhcp 727 | | | +--rw provider-address? inet:ipv6-address 728 | | | +--rw prefix-length? uint8 729 | | | +--rw (address-assign)? 730 | | | +--:(number) 731 | | | | +--rw number-of-dynamic-address? uint16 732 | | | +--:(explicit) 733 | | | +--rw customer-addresses 734 | | | +--rw address-group* [group-id] 735 | | | +--rw group-id string 736 | | | +--rw start-address? inet:ipv6-address 737 | | | +--rw end-address? inet:ipv6-address 738 | | +--rw dhcp-relay 739 | | | +--rw provider-address? inet:ipv6-address 740 | | | +--rw prefix-length? uint8 741 | | | +--rw customer-dhcp-servers 742 | | | +--rw server-ip-address* inet:ipv6-address 743 | | +--rw addresses 744 | | +--rw provider-address? inet:ipv6-address 745 | | +--rw customer-address? inet:ipv6-address 746 | | +--rw prefix-length? uint8 747 | +--rw oam 748 | +--rw bfd {bfd}? 749 | +--rw enabled? boolean 750 | +--rw (holdtime)? 751 | +--:(fixed) 752 | | +--rw fixed-value? uint32 753 | +--:(profile) 754 | +--rw profile-name? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/bfd-profile-identifier/id 755 +--rw security 756 | +--rw authentication 757 | +--rw encryption {encryption}? 758 | | +--rw enabled? boolean 759 | | +--rw layer? enumeration 760 | +--rw encryption-profile 761 | +--rw (profile)? 762 | | +--:(provider-profile) 763 | | | +--rw profile-name? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/encryption-profile-identifier/id 764 | | +--:(customer-profile) 765 | | +--rw algorithm? string 766 | +--rw (key-type)? 767 | +--:(psk) 768 | +--rw preshared-key? string 769 +--rw service 770 | +--rw svc-input-bandwidth uint64 771 | +--rw svc-output-bandwidth uint64 772 | +--rw svc-mtu uint16 773 | +--rw qos {qos}? 774 | | +--rw qos-classification-policy 775 | | | +--rw rule* [id] 776 | | | +--rw id string 777 | | | +--rw (match-type)? 778 | | | | +--:(match-flow) 779 | | | | | +--rw match-flow 780 | | | | | +--rw dscp? inet:dscp 781 | | | | | +--rw dot1p? uint8 782 | | | | | +--rw ipv4-src-prefix? inet:ipv4-prefix 783 | | | | | +--rw ipv6-src-prefix? inet:ipv6-prefix 784 | | | | | +--rw ipv4-dst-prefix? inet:ipv4-prefix 785 | | | | | +--rw ipv6-dst-prefix? inet:ipv6-prefix 786 | | | | | +--rw l4-src-port? inet:port-number 787 | | | | | +--rw target-sites* svc-id {target-sites}? 788 | | | | | +--rw l4-src-port-range 789 | | | | | | +--rw lower-port? inet:port-number 790 | | | | | | +--rw upper-port? inet:port-number 791 | | | | | +--rw l4-dst-port? inet:port-number 792 | | | | | +--rw l4-dst-port-range 793 | | | | | | +--rw lower-port? inet:port-number 794 | | | | | | +--rw upper-port? inet:port-number 795 | | | | | +--rw protocol-field? union 796 | | | | +--:(match-application) 797 | | | | +--rw match-application? identityref 798 | | | +--rw target-class-id? string 799 | | +--rw qos-profile 800 | | +--rw (qos-profile)? 801 | | +--:(standard) 802 | | | +--rw profile? -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id 803 | | | +--rw direction? identityref 804 | | +--:(custom) 805 | | +--rw classes {qos-custom}? 806 | | +--rw class* [class-id] 807 | | +--rw class-id string 808 | | +--rw direction? identityref 809 | | +--rw rate-limit? decimal64 810 | | +--rw latency 811 | | | +--rw (flavor)? 812 | | | +--:(lowest) 813 | | | | +--rw use-lowest-latency? empty 814 | | | +--:(boundary) 815 | | | +--rw latency-boundary? uint16 816 | | +--rw jitter 817 | | | +--rw (flavor)? 818 | | | +--:(lowest) 819 | | | | +--rw use-lowest-jitter? empty 820 | | | +--:(boundary) 821 | | | +--rw latency-boundary? uint32 822 | | +--rw bandwidth 823 | | +--rw guaranteed-bw-percent decimal64 824 | | +--rw end-to-end? empty 825 | +--rw carrierscarrier {carrierscarrier}? 826 | | +--rw signalling-type? enumeration 827 | +--rw multicast {multicast}? 828 | +--rw multicast-site-type? enumeration 829 | +--rw multicast-address-family 830 | | +--rw ipv4? boolean {ipv4}? 831 | | +--rw ipv6? boolean {ipv6}? 832 | +--rw protocol-type? enumeration 833 +--rw routing-protocols 834 | +--rw routing-protocol* [type] 835 | +--rw type identityref 836 | +--rw routing-profiles* [id] 837 | | +--rw id -> /l3vpn-ntw/vpn-profiles/valid-provider-identifiers/routing-profile-identifier/id 838 | | +--rw type? ie-type 839 | +--rw ospf {rtg-ospf}? 840 | | +--rw address-family* address-family 841 | | +--rw area-address yang:dotted-quad 842 | | +--rw metric? uint16 843 | | +--rw mtu? uint16 844 | | +--rw security 845 | | | +--rw auth-key? string 846 | | +--rw sham-links {rtg-ospf-sham-link}? 847 | | +--rw sham-link* [target-site] 848 | | +--rw target-site svc-id 849 | | +--rw metric? uint16 850 | +--rw bgp {rtg-bgp}? 851 | | +--rw autonomous-system uint32 852 | | +--rw address-family* address-family 853 | | +--rw neighbor? inet:ip-address 854 | | +--rw multihop? uint8 855 | | +--rw security 856 | | +--rw auth-key? string 857 | +--rw static 858 | | +--rw cascaded-lan-prefixes 859 | | +--rw ipv4-lan-prefixes* [lan next-hop] {ipv4}? 860 | | | +--rw lan inet:ipv4-prefix 861 | | | +--rw lan-tag? string 862 | | | +--rw next-hop inet:ipv4-address 863 | | +--rw ipv6-lan-prefixes* [lan next-hop] {ipv6}? 864 | | +--rw lan inet:ipv6-prefix 865 | | +--rw lan-tag? string 866 | | +--rw next-hop inet:ipv6-address 867 | +--rw rip {rtg-rip}? 868 | | +--rw address-family* address-family 869 | +--rw vrrp {rtg-vrrp}? 870 | +--rw address-family* address-family 871 +--rw availability 872 | +--rw access-priority? uint32 873 +--rw node-id? -> /l3vpn-ntw/vpn-services/vpn-service/vpn-nodes/vpn-node/vpn-node-id 874 +--rw service-id? -> /l3vpn-ntw/vpn-services/vpn-service/vpn-id 875 +--rw access-group-id? yang:uuid 876 Figure 3 878 5. YANG MODULE 880 |-------------------- EXAMPLE --------------------| 882 file "ietf-l3vpn-ntw@2019-09-13.YANG" 883 module ietf-l3vpn-ntw { 884 yang-version 1.1; 885 namespace "urn:ietf:params:xml:ns:yang:ietf-l3vpn-ntw"; 886 prefix l3vpn-ntw; 887 import ietf-inet-types { 888 prefix inet; 889 } 890 import ietf-yang-types { 891 prefix yang; 892 } 893 import ietf-netconf-acm { 894 prefix nacm; 895 } 896 import ietf-routing-types { 897 prefix rt-types; 898 } 899 organization 900 "Individual draft"; 901 contact 902 "Currently discussed in WG List: 903 Editor: Oscar Gonzalez de Dios 904 "; 906 description 907 "This YANG module defines a generic network-oriented model 908 for the configuration of Layer 3 VPNs. 909 Copyright (c) 2019 IETF Trust and the persons identified as 910 authors of the code. All rights reserved. 912 Redistribution and use in source and binary forms, with or 913 without modification, is permitted pursuant to, and subject to 914 the license terms contained in, the Simplified BSD License set 915 forth in Section 4.c of the IETF Trust's Legal Provisions 916 Relating to IETF Documents 917 (https://trustee.ietf.org/license-info). 919 This version of this YANG module is part of RFC XXXX 920 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 921 for full legal notices. 923 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 924 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 925 'MAY', and 'OPTIONAL' in this document are to be interpreted as 926 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 927 they appear in all capitals, as shown here."; 929 revision 2019-09-24 { 930 description 931 "Initial document. The document as a whole is based on L3SM 932 module, defined in RFC 8299, modified to fit the requirements 933 of the platforms at the network layer."; 934 reference 935 "RFC 8049."; 936 } 937 /* Features */ 938 feature cloud-access { 939 description 940 "Allows the VPN to connect to a CSP."; 941 } 942 feature multicast { 943 description 944 "Enables multicast capabilities in a VPN."; 945 } 946 feature ipv4 { 947 description 948 "Enables IPv4 support in a VPN."; 949 } 950 feature ipv6 { 951 description 952 "Enables IPv6 support in a VPN."; 953 } 954 feature lan-tag { 955 description 956 "Enables LAN Tag support in a VPN Policy filter."; 957 } 958 feature carrierscarrier { 959 description 960 "Enables support of CsC."; 961 } 962 feature extranet-vpn { 963 description 964 "Enables support of extranet VPNs."; 965 } 966 feature site-diversity { 967 description 968 "Enables support of site diversity constraints."; 969 } 970 feature encryption { 971 description 972 "Enables support of encryption."; 973 } 974 feature qos { 975 description 976 "Enables support of classes of services."; 977 } 978 feature qos-custom { 979 description 980 "Enables support of the custom QoS profile."; 981 } 982 feature rtg-bgp { 983 description 984 "Enables support of the BGP routing protocol."; 985 } 986 feature rtg-rip { 987 description 988 "Enables support of the RIP routing protocol."; 989 } 990 feature rtg-ospf { 991 description 992 "Enables support of the OSPF routing protocol."; 993 } 994 feature rtg-ospf-sham-link { 995 description 996 "Enables support of OSPF sham links."; 997 } 998 feature rtg-vrrp { 999 description 1000 "Enables support of the VRRP routing protocol."; 1001 } 1002 feature fast-reroute { 1003 description 1004 "Enables support of Fast Reroute."; 1005 } 1006 feature bfd { 1007 description 1008 "Enables support of BFD."; 1009 } 1010 feature always-on { 1011 description 1012 "Enables support of the 'always-on' access constraint."; 1013 } 1014 feature requested-type { 1015 description 1016 "Enables support of the 'requested-type' access constraint."; 1017 } 1018 feature bearer-reference { 1019 description 1020 "Enables support of the 'bearer-reference' access constraint."; 1021 } 1022 feature target-sites { 1023 description 1024 "Enables support of the 'target-sites' match flow parameter."; 1025 } 1026 feature input-bw { 1027 description 1028 "Enables support of the 'input-bw' limit."; 1029 } 1030 feature dot1q { 1031 description 1032 "Enables support of the 'dot1q' encapsulation."; 1033 } 1034 feature qinq { 1035 description 1036 "Enables support of the 'qinq' encapsulation."; 1037 } 1038 feature qinany { 1039 description 1040 "Enables support of the 'qinany' encapsulation."; 1041 } 1042 feature vxlan { 1043 description 1044 "Enables support of the 'vxlan' encapsulation."; 1045 } 1046 /* Typedefs */ 1047 typedef svc-id { 1048 type string; 1049 description 1050 "Defines a type of service component identifier."; 1051 } 1052 typedef template-id { 1053 type string; 1054 description 1055 "Defines a type of service template identifier."; 1056 } 1057 typedef address-family { 1058 type enumeration { 1059 enum ipv4 { 1060 description 1061 "IPv4 address family."; 1062 } 1063 enum ipv6 { 1064 description 1065 "IPv6 address family."; 1066 } 1067 } 1068 description 1069 "Defines a type for the address family."; 1070 } 1072 typedef ie-type { 1073 type enumeration { 1074 enum "import" { 1075 value 0; 1076 description "Import routing profile."; 1077 } 1078 enum "export" { 1079 value 1; 1080 description "Export routing profile"; 1081 } 1082 enum "both" { 1083 value 2; 1084 description "Import/Export routing profile"; 1085 } 1086 } 1087 description 1088 "Defines Import-Export routing profiles. 1089 Those are able to be reused between vpn-nodes"; 1090 } 1092 typedef operational-type { 1093 type enumeration { 1094 enum "up" { 1095 value 0; 1096 description "Operational status UP."; 1097 } 1098 enum "down" { 1099 value 1; 1100 description "Operational status DOWN"; 1101 } 1102 enum "unknown" { 1103 value 2; 1104 description "Operational status UNKNOWN"; 1105 } 1106 } 1107 description 1108 "This is a read-only attribute used to determine the 1109 status of a particular element"; 1110 } 1112 /* Identities */ 1113 identity site-network-access-type { 1114 description 1115 "Base identity for site-network-access type."; 1117 } 1118 identity point-to-point { 1119 base site-network-access-type; 1120 description 1121 "Identity for point-to-point connection."; 1122 } 1123 /* Extension */ 1124 identity pseudowire { 1125 base site-network-access-type; 1126 description 1127 "Identity for pseudowire connection."; 1128 } 1129 /* End of Extension */ 1130 identity multipoint { 1131 base site-network-access-type; 1132 description 1133 "Identity for multipoint connection. 1134 Example: Ethernet broadcast segment."; 1135 } 1136 identity placement-diversity { 1137 description 1138 "Base identity for site placement constraints."; 1139 } 1140 identity bearer-diverse { 1141 base placement-diversity; 1142 description 1143 "Identity for bearer diversity. 1144 The bearers should not use common elements."; 1145 } 1146 identity pe-diverse { 1147 base placement-diversity; 1148 description 1149 "Identity for PE diversity."; 1150 } 1151 identity pop-diverse { 1152 base placement-diversity; 1153 description 1154 "Identity for POP diversity."; 1155 } 1156 identity linecard-diverse { 1157 base placement-diversity; 1158 description 1159 "Identity for linecard diversity."; 1160 } 1161 identity same-pe { 1162 base placement-diversity; 1163 description 1164 "Identity for having sites connected on the same PE."; 1166 } 1167 identity same-bearer { 1168 base placement-diversity; 1169 description 1170 "Identity for having sites connected using the same bearer."; 1171 } 1172 identity customer-application { 1173 description 1174 "Base identity for customer application."; 1175 } 1176 identity web { 1177 base customer-application; 1178 description 1179 "Identity for Web application (e.g., HTTP, HTTPS)."; 1180 } 1181 identity mail { 1182 base customer-application; 1183 description 1184 "Identity for mail application."; 1185 } 1186 identity file-transfer { 1187 base customer-application; 1188 description 1189 "Identity for file transfer application (e.g., FTP, SFTP)."; 1190 } 1191 identity database { 1192 base customer-application; 1193 description 1194 "Identity for database application."; 1195 } 1196 identity social { 1197 base customer-application; 1198 description 1199 "Identity for social-network application."; 1200 } 1201 identity games { 1202 base customer-application; 1203 description 1204 "Identity for gaming application."; 1205 } 1206 identity p2p { 1207 base customer-application; 1208 description 1209 "Identity for peer-to-peer application."; 1210 } 1211 identity network-management { 1212 base customer-application; 1213 description 1214 "Identity for management application 1215 (e.g., Telnet, syslog, SNMP)."; 1216 } 1217 identity voice { 1218 base customer-application; 1219 description 1220 "Identity for voice application."; 1221 } 1222 identity video { 1223 base customer-application; 1224 description 1225 "Identity for video conference application."; 1226 } 1227 identity embb { 1228 base customer-application; 1229 description 1230 "Identity for an enhanced Mobile Broadband (eMBB) 1231 application. Note that an eMBB application demands 1232 network performance with a wide variety of 1233 characteristics, such as data rate, latency, 1234 loss rate, reliability, and many other parameters."; 1235 } 1236 identity urllc { 1237 base customer-application; 1238 description 1239 "Identity for an Ultra-Reliable and Low Latency 1240 Communications (URLLC) application. Note that a 1241 URLLC application demands network performance 1242 with a wide variety of characteristics, such as latency, 1243 reliability, and many other parameters."; 1244 } 1245 identity mmtc { 1246 base customer-application; 1247 description 1248 "Identity for a massive Machine Type 1249 Communications (mMTC) application. Note that an 1250 mMTC application demands network performance 1251 with a wide variety of characteristics, such as data 1252 rate, latency, loss rate, reliability, and many 1253 other parameters."; 1254 } 1255 identity site-vpn-flavor { 1256 description 1257 "Base identity for the site VPN service flavor."; 1258 } 1259 identity site-vpn-flavor-single { 1260 base site-vpn-flavor; 1261 description 1262 "Base identity for the site VPN service flavor. 1263 Used when the site belongs to only one VPN."; 1264 } 1265 identity site-vpn-flavor-multi { 1266 base site-vpn-flavor; 1267 description 1268 "Base identity for the site VPN service flavor. 1269 Used when a logical connection of a site 1270 belongs to multiple VPNs."; 1271 } 1272 identity site-vpn-flavor-sub { 1273 base site-vpn-flavor; 1274 description 1275 "Base identity for the site VPN service flavor. 1276 Used when a site has multiple logical connections. 1277 Each connection may belong to different multiple VPNs."; 1278 } 1279 identity site-vpn-flavor-nni { 1280 base site-vpn-flavor; 1281 description 1282 "Base identity for the site VPN service flavor. 1283 Used to describe an NNI option A connection."; 1284 } 1285 identity management { 1286 description 1287 "Base identity for site management scheme."; 1288 } 1289 identity co-managed { 1290 base management; 1291 description 1292 "Base identity for co-managed site."; 1293 } 1294 identity customer-managed { 1295 base management; 1296 description 1297 "Base identity for customer-managed site."; 1298 } 1299 identity provider-managed { 1300 base management; 1301 description 1302 "Base identity for provider-managed site."; 1303 } 1304 identity address-allocation-type { 1305 description 1306 "Base identity for address-allocation-type for PE-CE link."; 1307 } 1308 identity provider-dhcp { 1309 base address-allocation-type; 1310 description 1311 "Provider network provides DHCP service to customer."; 1312 } 1313 identity provider-dhcp-relay { 1314 base address-allocation-type; 1315 description 1316 "Provider network provides DHCP relay service to customer."; 1317 } 1318 identity provider-dhcp-slaac { 1319 base address-allocation-type; 1320 description 1321 "Provider network provides DHCP service to customer, 1322 as well as SLAAC."; 1323 } 1324 identity static-address { 1325 base address-allocation-type; 1326 description 1327 "Provider-to-customer addressing is static."; 1328 } 1329 identity slaac { 1330 base address-allocation-type; 1331 description 1332 "Use IPv6 SLAAC."; 1333 } 1334 identity site-role { 1335 description 1336 "Base identity for site type."; 1337 } 1338 identity any-to-any-role { 1339 base site-role; 1340 description 1341 "Site in an any-to-any IP VPN."; 1342 } 1343 identity spoke-role { 1344 base site-role; 1345 description 1346 "Spoke site in a Hub-and-Spoke IP VPN."; 1347 } 1348 identity hub-role { 1349 base site-role; 1350 description 1351 "Hub site in a Hub-and-Spoke IP VPN."; 1352 } 1353 identity vpn-topology { 1354 description 1355 "Base identity for VPN topology."; 1356 } 1357 identity any-to-any { 1358 base vpn-topology; 1359 description 1360 "Identity for any-to-any VPN topology."; 1361 } 1362 identity hub-spoke { 1363 base vpn-topology; 1364 description 1365 "Identity for Hub-and-Spoke VPN topology."; 1366 } 1367 identity hub-spoke-disjoint { 1368 base vpn-topology; 1369 description 1370 "Identity for Hub-and-Spoke VPN topology 1371 where Hubs cannot communicate with each other."; 1372 } 1373 identity multicast-tree-type { 1374 description 1375 "Base identity for multicast tree type."; 1376 } 1377 identity ssm-tree-type { 1378 base multicast-tree-type; 1379 description 1380 "Identity for SSM tree type."; 1381 } 1382 identity asm-tree-type { 1383 base multicast-tree-type; 1384 description 1385 "Identity for ASM tree type."; 1386 } 1387 identity bidir-tree-type { 1388 base multicast-tree-type; 1389 description 1390 "Identity for bidirectional tree type."; 1391 } 1392 identity multicast-rp-discovery-type { 1393 description 1394 "Base identity for RP discovery type."; 1395 } 1396 identity auto-rp { 1397 base multicast-rp-discovery-type; 1398 description 1399 "Base identity for Auto-RP discovery type."; 1400 } 1401 identity static-rp { 1402 base multicast-rp-discovery-type; 1403 description 1404 "Base identity for static type."; 1405 } 1406 identity bsr-rp { 1407 base multicast-rp-discovery-type; 1408 description 1409 "Base identity for BSR discovery type."; 1410 } 1411 identity routing-protocol-type { 1412 description 1413 "Base identity for routing protocol type."; 1414 } 1415 identity ospf { 1416 base routing-protocol-type; 1417 description 1418 "Identity for OSPF protocol type."; 1419 } 1420 identity bgp { 1421 base routing-protocol-type; 1422 description 1423 "Identity for BGP protocol type."; 1424 } 1425 identity static { 1426 base routing-protocol-type; 1427 description 1428 "Identity for static routing protocol type."; 1429 } 1430 identity rip { 1431 base routing-protocol-type; 1432 description 1433 "Identity for RIP protocol type."; 1434 } 1435 identity vrrp { 1436 base routing-protocol-type; 1437 description 1438 "Identity for VRRP protocol type. 1439 This is to be used when LANs are directly connected 1440 to PE routers."; 1441 } 1442 identity direct { 1443 base routing-protocol-type; 1444 description 1445 "Identity for direct protocol type."; 1446 } 1447 identity protocol-type { 1448 description 1449 "Base identity for protocol field type."; 1450 } 1451 identity tcp { 1452 base protocol-type; 1453 description 1454 "TCP protocol type."; 1455 } 1456 identity udp { 1457 base protocol-type; 1458 description 1459 "UDP protocol type."; 1460 } 1462 identity icmp { 1463 base protocol-type; 1464 description 1465 "ICMP protocol type."; 1466 } 1467 identity icmp6 { 1468 base protocol-type; 1469 description 1470 "ICMPv6 protocol type."; 1471 } 1472 identity gre { 1473 base protocol-type; 1474 description 1475 "GRE protocol type."; 1476 } 1477 identity ipip { 1478 base protocol-type; 1479 description 1480 "IP-in-IP protocol type."; 1481 } 1482 identity hop-by-hop { 1483 base protocol-type; 1484 description 1485 "Hop-by-Hop IPv6 header type."; 1486 } 1487 identity routing { 1488 base protocol-type; 1489 description 1490 "Routing IPv6 header type."; 1491 } 1492 identity esp { 1493 base protocol-type; 1494 description 1495 "ESP header type."; 1496 } 1497 identity ah { 1498 base protocol-type; 1499 description 1500 "AH header type."; 1501 } 1502 identity vpn-policy-filter-type { 1503 description 1504 "Base identity for VPN Policy filter type."; 1505 } 1506 identity ipv4 { 1507 base vpn-policy-filter-type; 1508 description 1509 "Identity for IPv4 Prefix filter type."; 1510 } 1511 identity ipv6 { 1512 base vpn-policy-filter-type; 1513 description 1514 "Identity for IPv6 Prefix filter type."; 1515 } 1516 identity lan { 1517 base vpn-policy-filter-type; 1518 description 1519 "Identity for LAN Tag filter type."; 1520 } 1522 identity qos-profile-direction { 1523 description 1524 "Base identity for QoS profile direction."; 1525 } 1527 identity site-to-wan { 1528 base qos-profile-direction; 1529 description 1530 "Identity for Site-to-WAN direction."; 1531 } 1532 identity wan-to-site { 1533 base qos-profile-direction; 1534 description 1535 "Identity for WAN-to-Site direction."; 1536 } 1537 identity both { 1538 base qos-profile-direction; 1539 description 1540 "Identity for both WAN-to-Site direction 1541 and Site-to-WAN direction."; 1542 } 1544 /* Extended Identities */ 1546 identity encapsulation-type { 1547 description 1548 "Identity for the encapsulation type."; 1549 } 1550 identity untagged-int { 1551 base encapsulation-type; 1552 description 1553 "Identity for Ethernet type."; 1554 } 1556 identity tagged-int { 1557 base encapsulation-type; 1558 description 1559 "Identity for the VLAN type."; 1560 } 1562 identity eth-inf-type { 1563 description 1564 "Identity of the Ethernet interface type."; 1565 } 1567 identity tagged { 1568 base eth-inf-type; 1569 description 1570 "Identity of the tagged interface type."; 1571 } 1573 identity untagged { 1574 base eth-inf-type; 1575 description 1576 "Identity of the untagged interface type."; 1577 } 1579 identity lag { 1580 base eth-inf-type; 1581 description 1582 "Identity of the LAG interface type."; 1583 } 1584 identity bearer-inf-type { 1585 description 1586 "Identity for the bearer interface type."; 1587 } 1589 identity port-id { 1590 base bearer-inf-type; 1591 description 1592 "Identity for the priority-tagged interface."; 1593 } 1595 identity lag-id { 1596 base bearer-inf-type; 1597 description 1598 "Identity for the priority-tagged interface."; 1599 } 1601 identity tagged-inf-type { 1602 description 1603 "Identity for the tagged interface type."; 1604 } 1606 identity priority-tagged { 1607 base tagged-inf-type; 1608 description 1609 "Identity for the priority-tagged interface."; 1610 } 1612 identity qinq { 1613 base tagged-inf-type; 1614 description 1615 "Identity for the QinQ tagged interface."; 1616 } 1618 identity dot1q { 1619 base tagged-inf-type; 1620 description 1621 "Identity for the dot1Q VLAN tagged interface."; 1622 } 1624 identity qinany { 1625 base tagged-inf-type; 1626 description 1627 "Identity for the QinAny tagged interface."; 1628 } 1630 identity vxlan { 1631 base tagged-inf-type; 1632 description 1633 "Identity for the VXLAN tagged interface."; 1634 } 1636 identity tag-type { 1637 description 1638 "Base identity from which all tag types are derived."; 1639 } 1641 identity c-vlan { 1642 base tag-type; 1643 description 1644 "A CVLAN tag, normally using the 0x8100 Ethertype."; 1645 } 1646 identity s-vlan { 1647 base tag-type; 1648 description 1649 "An SVLAN tag."; 1650 } 1652 identity c-s-vlan { 1653 base tag-type; 1654 description 1655 "Using both a CVLAN tag and an SVLAN tag."; 1656 } 1658 identity vxlan-peer-mode { 1659 description 1660 "Base identity for the VXLAN peer mode."; 1661 } 1663 identity static-mode { 1664 base vxlan-peer-mode; 1665 description 1666 "Identity for VXLAN access in the static mode."; 1667 } 1669 identity bgp-mode { 1670 base vxlan-peer-mode; 1671 description 1672 "Identity for VXLAN access by BGP EVPN learning."; 1673 } 1675 identity bw-direction { 1676 description 1677 "Identity for the bandwidth direction."; 1678 } 1680 identity input-bw { 1681 base bw-direction; 1682 description 1683 "Identity for the input bandwidth."; 1684 } 1686 identity output-bw { 1687 base bw-direction; 1688 description 1689 "Identity for the output bandwidth."; 1690 } 1692 identity bw-type { 1693 description 1694 "Identity of the bandwidth type."; 1695 } 1697 identity bw-per-cos { 1698 base bw-type; 1699 description 1700 "Bandwidth is per CoS."; 1701 } 1703 identity bw-per-port { 1704 base bw-type; 1705 description 1706 "Bandwidth is per site network access."; 1707 } 1709 identity bw-per-site { 1710 base bw-type; 1711 description 1712 "Bandwidth is per site. It is applicable to 1713 all the site network accesses within the site."; 1714 } 1716 identity bw-per-svc { 1717 base bw-type; 1718 description 1719 "Bandwidth is per VPN service."; 1720 } 1722 /* Groupings */ 1723 grouping vpn-service-cloud-access { 1724 container cloud-accesses { 1725 if-feature cloud-access; 1726 list cloud-access { 1727 key cloud-identifier; 1728 leaf cloud-identifier { 1729 type leafref { 1730 path "/l3vpn-ntw/vpn-profiles/"+ 1731 "valid-provider-identifiers/cloud-identifier/id"; 1732 } 1733 description 1734 "Identification of cloud service. 1735 Local administration meaning."; 1736 } 1737 choice list-flavor { 1738 case permit-any { 1739 leaf permit-any { 1740 type empty; 1741 description 1742 "Allows all sites."; 1743 } 1744 } 1745 case deny-any-except { 1746 leaf-list permit-site { 1747 type leafref { 1748 path "/l3vpn-ntw/sites/site/site-id"; 1749 } 1750 description 1751 "Site ID to be authorized."; 1752 } 1753 } 1754 case permit-any-except { 1755 leaf-list deny-site { 1756 type leafref { 1757 path "/l3vpn-ntw/sites/site/site-id"; 1758 } 1759 description 1760 "Site ID to be denied."; 1761 } 1762 } 1763 description 1764 "Choice for cloud access policy. By 1765 default, all sites in the IP VPN MUST 1766 be authorized to access the cloud."; 1767 } 1768 container address-translation { 1769 container nat44 { 1770 leaf enabled { 1771 type boolean; 1772 default false; 1773 description 1774 "Controls whether or not Network address 1775 translation from IPv4 to IPv4 (NAT44) 1776 [RFC3022] is required."; 1777 } 1778 leaf nat44-customer-address { 1779 type inet:ipv4-address; 1780 description 1781 "Address to be used for network address 1782 translation from IPv4 to IPv4. This is 1783 to be used if the customer is providing 1784 the IPv4 address. If the customer address 1785 is not set, the model assumes that the 1786 provider will allocate the address."; 1787 } 1788 description 1789 "IPv4-to-IPv4 translation."; 1791 } 1792 description 1793 "Container for NAT."; 1794 } 1795 description 1796 "Cloud access configuration."; 1797 } 1798 description 1799 "Container for cloud access configurations."; 1800 } 1801 description 1802 "Grouping for VPN cloud definition."; 1803 } 1804 grouping multicast-rp-group-cfg { 1805 choice group-format { 1806 mandatory true; 1807 case singleaddress { 1808 leaf group-address { 1809 type inet:ip-address; 1810 description 1811 "A single multicast group address."; 1812 } 1813 } 1814 case startend { 1815 leaf group-start { 1816 type inet:ip-address; 1817 description 1818 "The first multicast group address in 1819 the multicast group address range."; 1820 } 1821 leaf group-end { 1822 type inet:ip-address; 1823 description 1824 "The last multicast group address in 1825 the multicast group address range."; 1826 } 1827 } 1828 description 1829 "Choice for multicast group format."; 1830 } 1831 description 1832 "This grouping defines multicast group or 1833 multicast groups for RP-to-group mapping."; 1834 } 1835 grouping vpn-service-multicast { 1836 container multicast { 1837 if-feature multicast; 1838 leaf enabled { 1839 type boolean; 1840 default false; 1841 description 1842 "Enables multicast."; 1843 } 1844 container customer-tree-flavors { 1845 leaf-list tree-flavor { 1846 type identityref { 1847 base multicast-tree-type; 1848 } 1849 description 1850 "Type of tree to be used."; 1851 } 1852 description 1853 "Type of trees used by customer."; 1854 } 1855 container rp { 1856 container rp-group-mappings { 1857 list rp-group-mapping { 1858 key id; 1859 leaf id { 1860 type uint16; 1861 description 1862 "Unique identifier for the mapping."; 1863 } 1864 container provider-managed { 1865 leaf enabled { 1866 type boolean; 1867 default false; 1868 description 1869 "Set to true if the Rendezvous Point (RP) 1870 must be a provider-managed node. Set to false 1871 if it is a customer-managed node."; 1872 } 1873 leaf rp-redundancy { 1874 type boolean; 1875 default false; 1876 description 1877 "If true, a redundancy mechanism for the RP 1878 is required."; 1879 } 1880 leaf optimal-traffic-delivery { 1881 type boolean; 1882 default false; 1883 description 1884 "If true, the SP must ensure that 1885 traffic uses an optimal path. An SP may use 1886 Anycast RP or RP-tree-to-SPT switchover 1887 architectures."; 1888 } 1889 description 1890 "Parameters for a provider-managed RP."; 1891 } 1892 leaf rp-address { 1893 when "../provider-managed/enabled = 'false'" { 1894 description 1895 "Relevant when the RP is not provider-managed."; 1896 } 1897 type inet:ip-address; 1898 mandatory true; 1899 description 1900 "Defines the address of the RP. 1901 Used if the RP is customer-managed."; 1902 } 1903 container groups { 1904 list group { 1905 key id; 1906 leaf id { 1907 type uint16; 1908 description 1909 "Identifier for the group."; 1910 } 1911 uses multicast-rp-group-cfg; 1912 description 1913 "List of multicast groups."; 1914 } 1915 description 1916 "Multicast groups associated with the RP."; 1917 } 1918 description 1919 "List of RP-to-group mappings."; 1920 } 1921 description 1922 "RP-to-group mappings parameters."; 1923 } 1924 container rp-discovery { 1925 leaf rp-discovery-type { 1926 type identityref { 1927 base multicast-rp-discovery-type; 1928 } 1929 default static-rp; 1930 description 1931 "Type of RP discovery used."; 1932 } 1933 container bsr-candidates { 1934 when "derived-from-or-self(../rp-discovery-type, "+ 1935 "'l3vpn-ntw:bsr-rp')" { 1936 description 1937 "Only applicable if discovery type 1938 is BSR-RP."; 1939 } 1940 leaf-list bsr-candidate-address { 1941 type inet:ip-address; 1942 description 1943 "Address of BSR candidate."; 1944 } 1945 description 1946 "Container for List of Customer 1947 BSR candidate's addresses."; 1948 } 1949 description 1950 "RP discovery parameters."; 1951 } 1952 description 1953 "RP parameters."; 1954 } 1955 description 1956 "Multicast global parameters for the VPN service."; 1957 } 1958 description 1959 "Grouping for multicast VPN definition."; 1960 } 1961 grouping vpn-service-mpls { 1962 leaf carrierscarrier { 1963 if-feature carrierscarrier; 1964 type boolean; 1965 default false; 1966 description 1967 "The VPN is using CsC, and so MPLS is required."; 1968 } 1969 description 1970 "Grouping for MPLS CsC definition."; 1971 } 1972 grouping customer-location-info { 1973 container locations { 1974 list location { 1975 key location-id; 1976 leaf location-id { 1977 type svc-id; 1978 description 1979 "Identifier for a particular location."; 1980 } 1981 leaf address { 1982 type string; 1983 description 1984 "Address (number and street) of the site."; 1985 } 1986 leaf postal-code { 1987 type string; 1988 description 1989 "Postal code of the site."; 1990 } 1991 leaf state { 1992 type string; 1993 description 1994 "State of the site. This leaf can also be 1995 used to describe a region for a country that 1996 does not have states."; 1997 } 1998 leaf city { 1999 type string; 2000 description 2001 "City of the site."; 2002 } 2003 leaf country-code { 2004 type string { 2005 pattern '[A-Z]{2}'; 2006 } 2007 description 2008 "Country of the site. 2009 Expressed as ISO ALPHA-2 code."; 2010 } 2011 description 2012 "Location of the site."; 2013 } 2014 description 2015 "List of locations for the site."; 2016 } 2017 description 2018 "This grouping defines customer location parameters."; 2019 } 2020 grouping site-group { 2021 container groups { 2022 list group { 2023 key group-id; 2024 leaf group-id { 2025 type string; 2026 description 2027 "Group-id the site belongs to."; 2028 } 2029 description 2030 "List of group-ids."; 2032 } 2033 description 2034 "Groups the site or site-network-access belongs to."; 2035 } 2036 description 2037 "Grouping definition to assign 2038 group-ids to site or site-network-access."; 2039 } 2040 grouping site-diversity { 2041 container site-diversity { 2042 if-feature site-diversity; 2043 uses site-group; 2044 description 2045 "Diversity constraint type. All 2046 site-network-accesses will inherit 2047 the group values defined here."; 2048 } 2049 description 2050 "This grouping defines site 2051 diversity parameters."; 2052 } 2053 grouping access-diversity { 2054 container access-diversity { 2055 if-feature site-diversity; 2056 uses site-group; 2057 container constraints { 2058 list constraint { 2059 key constraint-type; 2060 leaf constraint-type { 2061 type identityref { 2062 base placement-diversity; 2063 } 2064 description 2065 "Diversity constraint type."; 2066 } 2067 container target { 2068 choice target-flavor { 2069 default id; 2070 case id { 2071 list group { 2072 key group-id; 2073 leaf group-id { 2074 type string; 2075 description 2076 "The constraint will be applied against 2077 this particular group-id for this site 2078 network access level."; 2079 } 2080 description 2081 "List of group-ids associated with one specific 2082 constraint for this site network access level."; 2083 } 2084 } 2085 case all-accesses { 2086 leaf all-other-accesses { 2087 type empty; 2088 description 2089 "The constraint will be applied against 2090 all other site network accesses of this site."; 2091 } 2092 } 2093 case all-groups { 2094 leaf all-other-groups { 2095 type empty; 2096 description 2097 "The constraint will be applied against 2098 all other groups managed by the customer."; 2099 } 2100 } 2101 description 2102 "Choice for the target flavor definition."; 2103 } 2104 description 2105 "The constraint will be applied against a 2106 Specific target, and the target can be a list 2107 of group-ids,all other site network accesses of 2108 this site, or all other groups managed by the 2109 customer."; 2110 } 2111 description 2112 "List of constraints."; 2113 } 2114 description 2115 "Placement constraints for this site network access."; 2116 } 2117 description 2118 "Diversity parameters."; 2119 } 2120 description 2121 "This grouping defines access diversity parameters."; 2122 } 2123 grouping operational-requirements { 2124 leaf requested-site-start { 2125 type yang:date-and-time; 2126 description 2127 "Optional leaf indicating requested date and 2128 time when the service at a particular site is 2129 expected to start."; 2130 } 2132 leaf requested-site-stop { 2133 type yang:date-and-time; 2134 description 2135 "Optional leaf indicating requested date and 2136 time when the service at a particular site is 2137 expected to stop."; 2138 } 2139 description 2140 "This grouping defines some operational 2141 parameters."; 2142 } 2143 grouping operational-requirements-ops { 2144 leaf actual-site-start { 2145 type yang:date-and-time; 2146 config false; 2147 description 2148 "Optional leaf indicating actual date and 2149 time when the service at a particular site 2150 actually started."; 2151 } 2152 leaf actual-site-stop { 2153 type yang:date-and-time; 2154 config false; 2155 description 2156 "Optional leaf indicating actual date and 2157 time when the service at a particular site 2158 actually stopped."; 2159 } 2160 description 2161 "This grouping defines some operational 2162 parameters."; 2163 } 2164 grouping flow-definition { 2165 container match-flow { 2166 leaf dscp { 2167 type inet:dscp; 2168 description 2169 "DSCP value."; 2170 } 2171 leaf dot1p { 2172 type uint8 { 2173 range "0..7"; 2174 } 2175 description 2176 "802.1p matching."; 2177 } 2178 leaf ipv4-src-prefix { 2179 type inet:ipv4-prefix; 2180 description 2181 "Match on IPv4 src address."; 2182 } 2183 leaf ipv6-src-prefix { 2184 type inet:ipv6-prefix; 2185 description 2186 "Match on IPv6 src address."; 2187 } 2188 leaf ipv4-dst-prefix { 2189 type inet:ipv4-prefix; 2190 description 2191 "Match on IPv4 dst address."; 2192 } 2193 leaf ipv6-dst-prefix { 2194 type inet:ipv6-prefix; 2195 description 2196 "Match on IPv6 dst address."; 2197 } 2198 leaf l4-src-port { 2199 type inet:port-number; 2200 must "current() < ../l4-src-port-range/lower-port or "+ 2201 "current() > ../l4-src-port-range/upper-port" { 2202 description 2203 "If l4-src-port and l4-src-port-range/lower-port and 2204 upper-port are set at the same time, l4-src-port 2205 should not overlap with l4-src-port-range."; 2206 } 2207 description 2208 "Match on Layer 4 src port."; 2209 } 2210 leaf-list target-sites { 2211 if-feature target-sites; 2212 type svc-id; 2213 description 2214 "Identify a site as traffic destination."; 2215 } 2216 container l4-src-port-range { 2217 leaf lower-port { 2218 type inet:port-number; 2219 description 2220 "Lower boundary for port."; 2221 } 2222 leaf upper-port { 2223 type inet:port-number; 2224 must ". >= ../lower-port" { 2225 description 2226 "Upper boundary for port. If it 2227 exists, the upper boundary must be 2228 higher than the lower boundary."; 2229 } 2230 description 2231 "Upper boundary for port."; 2232 } 2233 description 2234 "Match on Layer 4 src port range. When 2235 only the lower-port is present, it represents 2236 a single port. When both the lower-port and 2237 upper-port are specified, it implies 2238 a range inclusive of both values."; 2239 } 2240 leaf l4-dst-port { 2241 type inet:port-number; 2242 must "current() < ../l4-dst-port-range/lower-port or "+ 2243 "current() > ../l4-dst-port-range/upper-port" { 2244 description 2245 "If l4-dst-port and l4-dst-port-range/lower-port 2246 and upper-port are set at the same time, 2247 l4-dst-port should not overlap with 2248 l4-src-port-range."; 2249 } 2250 description 2251 "Match on Layer 4 dst port."; 2252 } 2253 container l4-dst-port-range { 2254 leaf lower-port { 2255 type inet:port-number; 2256 description 2257 "Lower boundary for port."; 2258 } 2259 leaf upper-port { 2260 type inet:port-number; 2261 must ". >= ../lower-port" { 2262 description 2263 "Upper boundary must be 2264 higher than lower boundary."; 2265 } 2266 description 2267 "Upper boundary for port. If it exists, 2268 upper boundary must be higher than lower 2269 boundary."; 2270 } 2271 description 2272 "Match on Layer 4 dst port range. When only 2273 lower-port is present, it represents a single 2274 port. When both lower-port and upper-port are 2275 specified, it implies a range inclusive of both 2276 values."; 2277 } 2278 leaf protocol-field { 2279 type union { 2280 type uint8; 2281 type identityref { 2282 base protocol-type; 2283 } 2284 } 2285 description 2286 "Match on IPv4 protocol or IPv6 Next Header field."; 2287 } 2288 description 2289 "Describes flow-matching criteria."; 2290 } 2291 description 2292 "Flow definition based on criteria."; 2293 } 2294 grouping site-service-basic { 2295 leaf svc-input-bandwidth { 2296 type uint64; 2297 units bps; 2298 mandatory true; 2299 description 2300 "From the customer site's perspective, the service 2301 input bandwidth of the connection or download 2302 bandwidth from the SP to the site."; 2303 } 2304 leaf svc-output-bandwidth { 2305 type uint64; 2306 units bps; 2307 mandatory true; 2308 description 2309 "From the customer site's perspective, the service 2310 output bandwidth of the connection or upload 2311 bandwidth from the site to the SP."; 2312 } 2313 leaf svc-mtu { 2314 type uint16; 2315 units bytes; 2316 mandatory true; 2317 description 2318 "MTU at service level. If the service is IP, 2319 it refers to the IP MTU. If CsC is enabled, 2320 the requested 'svc-mtu' leaf will refer to the 2321 MPLS MTU and not to the IP MTU."; 2322 } 2323 description 2324 "Defines basic service parameters for a site."; 2325 } 2326 grouping site-protection { 2327 container traffic-protection { 2328 if-feature fast-reroute; 2329 leaf enabled { 2330 type boolean; 2331 default false; 2332 description 2333 "Enables traffic protection of access link."; 2334 } 2335 description 2336 "Fast Reroute service parameters for the site."; 2337 } 2338 description 2339 "Defines protection service parameters for a site."; 2340 } 2341 grouping site-service-mpls { 2342 container carrierscarrier { 2343 if-feature carrierscarrier; 2344 leaf signalling-type { 2345 type enumeration { 2346 enum ldp { 2347 description 2348 "Use LDP as the signalling protocol 2349 between the PE and the CE. In this case, 2350 an IGP routing protocol must also be activated."; 2351 } 2352 enum bgp { 2353 description 2354 "Use BGP (as per RFC 8277) as the signalling protocol 2355 between the PE and the CE. 2356 In this case, BGP must also be configured as 2357 the routing protocol."; 2358 } 2359 } 2360 default bgp; 2361 description 2362 "MPLS signalling type."; 2363 } 2364 description 2365 "This container is used when the customer provides 2366 MPLS-based services. This is only used in the case 2367 of CsC (i.e., a customer builds an MPLS service using 2368 an IP VPN to carry its traffic)."; 2369 } 2370 description 2371 "Defines MPLS service parameters for a site."; 2372 } 2373 grouping site-service-qos-profile { 2374 container qos { 2375 if-feature qos; 2376 container qos-classification-policy { 2377 list rule { 2378 key id; 2379 ordered-by user; 2380 leaf id { 2381 type string; 2382 description 2383 "A description identifying the 2384 qos-classification-policy rule."; 2385 } 2386 choice match-type { 2387 default match-flow; 2388 case match-flow { 2389 uses flow-definition; 2390 } 2391 case match-application { 2392 leaf match-application { 2393 type identityref { 2394 base customer-application; 2395 } 2396 description 2397 "Defines the application to match."; 2398 } 2399 } 2400 description 2401 "Choice for classification."; 2402 } 2403 leaf target-class-id { 2404 type string; 2405 description 2406 "Identification of the class of service. 2407 This identifier is internal to the administration."; 2408 } 2409 description 2410 "List of marking rules."; 2411 } 2412 description 2413 "Configuration of the traffic classification policy."; 2414 } 2415 container qos-profile { 2416 choice qos-profile { 2417 description 2418 "Choice for QoS profile. 2419 Can be standard profile or customized profile."; 2420 case standard { 2421 description 2422 "Standard QoS profile."; 2423 leaf profile { 2424 type leafref { 2425 path "/l3vpn-ntw/vpn-profiles/valid-provider-identifiers"+ 2426 "/qos-profile-identifier/id"; 2427 } 2428 description 2429 "QoS profile to be used."; 2430 } 2431 leaf direction { 2432 type identityref { 2433 base qos-profile-direction;} 2434 default both; 2435 description 2436 "The direction to which the QoS profile 2437 is applied."; 2438 } 2439 } 2440 case custom { 2441 description 2442 "Customized QoS profile."; 2443 container classes { 2444 if-feature qos-custom; 2445 list class { 2446 key class-id; 2447 leaf class-id { 2448 type string; 2449 description 2450 "Identification of the class of service. 2451 This identifier is internal to the 2452 administration."; 2453 } 2454 leaf direction { 2455 type identityref { 2456 base qos-profile-direction; 2457 } 2458 default both; 2459 description 2460 "The direction to which the QoS profile 2461 is applied."; 2462 } 2463 leaf rate-limit { 2464 type decimal64 { 2465 fraction-digits 5; 2466 range "0..100"; 2467 } 2468 units percent; 2469 description 2470 "To be used if the class must be rate-limited. 2471 Expressed as percentage of the service 2472 bandwidth."; 2473 } 2475 container latency { 2476 choice flavor { 2477 case lowest { 2478 leaf use-lowest-latency { 2479 type empty; 2480 description 2481 "The traffic class should use the path with the 2482 lowest latency."; 2483 } 2484 } 2485 case boundary { 2486 leaf latency-boundary { 2487 type uint16; 2488 units msec; 2489 default 400; 2490 description 2491 "The traffic class should use a path with a 2492 defined maximum latency."; 2493 } 2494 } 2495 description 2496 "Latency constraint on the traffic class."; 2497 } 2498 description 2499 "Latency constraint on the traffic class."; 2500 } 2501 container jitter { 2502 choice flavor { 2503 case lowest { 2504 leaf use-lowest-jitter { 2505 type empty; 2506 description 2507 "The traffic class should use the path with the 2508 lowest jitter."; 2509 } 2510 } 2511 case boundary { 2512 leaf latency-boundary { 2513 type uint32; 2514 units usec; 2515 default 40000; 2516 description 2517 "The traffic class should use a path with a 2518 defined maximum jitter."; 2519 } 2520 } 2521 description 2522 "Jitter constraint on the traffic class."; 2523 } 2524 description 2525 "Jitter constraint on the traffic class."; 2526 } 2527 container bandwidth { 2528 leaf guaranteed-bw-percent { 2529 type decimal64 { 2530 fraction-digits 5; 2531 range "0..100"; 2532 } 2533 units percent; 2534 mandatory true; 2535 description 2536 "To be used to define the guaranteed bandwidth 2537 as a percentage of the available service bandwidth."; 2538 } 2539 leaf end-to-end { 2540 type empty; 2541 description 2542 "Used if the bandwidth reservation 2543 must be done on the MPLS network too."; 2544 } 2545 description 2546 "Bandwidth constraint on the traffic class."; 2547 } 2548 description 2549 "List of classes of services."; 2550 } 2551 description 2552 "Container for list of classes of services."; 2553 } 2554 } 2555 } 2556 description 2557 "QoS profile configuration."; 2558 } 2559 description 2560 "QoS configuration."; 2561 } 2562 description 2563 "This grouping defines QoS parameters for a site."; 2564 } 2565 grouping site-security-authentication { 2566 container authentication { 2567 description 2568 "Authentication parameters."; 2569 } 2570 description 2571 "This grouping defines authentication parameters for a site."; 2572 } 2573 grouping site-security-encryption { 2574 container encryption { 2575 if-feature encryption; 2576 leaf enabled { 2577 type boolean; 2578 default false; 2579 description 2580 "If true, traffic encryption on the connection is required."; 2581 } 2582 leaf layer { 2583 when "../enabled = 'true'" { 2584 description 2585 "Require a value for layer when enabled is true."; 2586 } 2587 type enumeration { 2588 enum layer2 { 2589 description 2590 "Encryption will occur at Layer 2."; 2591 } 2592 enum layer3 { 2593 description 2594 "Encryption will occur at Layer 3. 2595 For example, IPsec may be used when 2596 a customer requests Layer 3 encryption."; 2597 } 2598 } 2599 description 2600 "Layer on which encryption is applied."; 2601 } 2602 description 2603 ""; 2604 } 2605 container encryption-profile { 2606 choice profile { 2607 case provider-profile { 2608 leaf profile-name { 2609 type leafref { 2610 path "/l3vpn-ntw/vpn-profiles/valid-provider-identifiers"+ 2611 "/encryption-profile-identifier/id"; 2612 } 2613 description 2614 "Name of the SP profile to be applied."; 2615 } 2616 } 2617 case customer-profile { 2618 leaf algorithm { 2619 type string; 2620 description 2621 "Encryption algorithm to be used."; 2622 } 2623 } 2624 description 2625 ""; 2626 } 2627 choice key-type { 2628 default psk; 2629 case psk { 2630 leaf preshared-key { 2631 type string; 2632 description 2633 "Pre-Shared Key (PSK) coming from the customer."; 2634 } 2635 } 2636 description 2637 "Choice of encryption profile. 2638 The encryption profile can be the provider profile 2639 or customer profile."; 2640 } 2641 description 2642 "This grouping defines encryption parameters for a site."; 2643 } 2644 description 2645 ""; 2646 } 2647 grouping site-attachment-bearer { 2648 container bearer { 2649 container requested-type { 2650 if-feature requested-type; 2651 leaf requested-type { 2652 type string; 2653 description 2654 "Type of requested bearer: Ethernet, DSL, 2655 Wireless, etc. Operator specific."; 2657 } 2658 leaf strict { 2659 type boolean; 2660 default false; 2661 description 2662 "Defines whether requested-type is a preference 2663 or a strict requirement."; 2664 } 2665 description 2666 "Container for requested-type."; 2667 } 2668 leaf always-on { 2669 if-feature always-on; 2670 type boolean; 2671 default true; 2672 description 2673 "Request for an always-on access type. 2674 For example, this could mean no dial access type."; 2675 } 2677 leaf bearer-reference { 2678 if-feature bearer-reference; 2679 type string; 2680 description 2681 "This is an internal reference for the SP."; 2682 } 2683 description 2684 "Bearer-specific parameters. 2685 To be augmented."; 2687 uses ethernet-params; 2689 uses pseudowire-params { 2690 when "/l3vpn-ntw/sites/site/site-network-accesses" + 2691 "/site-network-access/site-network-access-type ='pseudowire'" 2692 { 2693 description "pseudowire specific parameters"; 2694 } 2695 } 2697 } 2698 description 2699 "Defines physical properties of a site attachment."; 2700 } 2701 grouping site-routing { 2702 container routing-protocols { 2703 list routing-protocol { 2704 key type; 2705 leaf type { 2706 type identityref { 2707 base routing-protocol-type; 2708 } 2709 description 2710 "Type of routing protocol."; 2711 } 2713 list routing-profiles { 2714 key "id"; 2716 leaf id { 2717 type leafref { 2718 path "/l3vpn-ntw/vpn-profiles/valid-provider-identifiers"+ 2719 "/routing-profile-identifier/id"; 2720 } 2721 description 2722 "Routing profile to be used."; 2723 } 2725 leaf type { 2726 type ie-type; 2727 description 2728 "Import, export or both."; 2729 } 2731 description 2732 "Import or Export profile reference"; 2733 } 2735 container ospf { 2736 when "derived-from-or-self(../type, 'l3vpn-ntw:ospf')" { 2737 description 2738 "Only applies when protocol is OSPF."; 2739 } 2740 if-feature rtg-ospf; 2741 leaf-list address-family { 2742 type address-family; 2743 min-elements "1"; 2744 description 2745 "If OSPF is used on this site, this node 2746 contains a configured value. This node 2747 contains at least one address family 2748 to be activated."; 2749 } 2750 leaf area-address { 2751 type yang:dotted-quad; 2752 mandatory true; 2753 description 2754 "Area address."; 2755 } 2756 leaf metric { 2757 type uint16; 2758 default 1; 2759 description 2760 "Metric of the PE-CE link. It is used 2761 in the routing state calculation and 2762 path selection."; 2763 } 2765 /* Extension */ 2767 leaf mtu { 2768 type uint16; 2769 description "Maximum transmission unit for a given 2770 OSPF link."; 2771 } 2773 uses security-params; 2775 /* End of Extension */ 2777 container sham-links { 2778 if-feature rtg-ospf-sham-link; 2779 list sham-link { 2780 key target-site; 2781 leaf target-site { 2782 type svc-id; 2783 description 2784 "Target site for the sham link connection. 2785 The site is referred to by its ID."; 2786 } 2787 leaf metric { 2788 type uint16; 2789 default 1; 2790 description 2791 "Metric of the sham link. It is used in 2792 the routing state calculation and path 2793 selection. The default value is set 2794 to 1."; 2795 } 2796 description 2797 "Creates a sham link with another site."; 2798 } 2799 description 2800 "List of sham links."; 2801 } 2802 description 2803 "OSPF-specific configuration."; 2804 } 2805 container bgp { 2806 when "derived-from-or-self(../type, 'l3vpn-ntw:bgp')" { 2807 description 2808 "Only applies when protocol is BGP."; 2809 } 2810 if-feature rtg-bgp; 2811 leaf autonomous-system { 2812 type uint32; 2813 mandatory true; 2814 description 2815 "Customer AS number in case the customer 2816 requests BGP routing."; 2817 } 2818 leaf-list address-family { 2819 type address-family; 2820 min-elements "1"; 2821 description 2822 "If BGP is used on this site, this node 2823 contains a configured value. This node 2824 contains at least one address family 2825 to be activated."; 2826 } 2827 /* Extension */ 2828 leaf neighbor { 2829 type inet:ip-address; 2830 description 2831 "IP address of the BGP neighbor."; 2832 } 2834 leaf multihop { 2835 type uint8; 2836 description 2837 "Describes the number of hops allowed between the 2838 given BGP neighbor and the PE router."; 2839 } 2841 uses security-params; 2843 description 2844 "BGP-specific configuration."; 2845 } 2846 container static { 2847 when "derived-from-or-self(../type, 'l3vpn-ntw:static')" { 2848 description 2849 "Only applies when protocol is static. 2850 BGP activation requires the SP to know 2851 the address of the customer peer. When 2852 BGP is enabled, the 'static-address' 2853 allocation type for the IP connection 2854 MUST be used."; 2855 } 2856 container cascaded-lan-prefixes { 2857 list ipv4-lan-prefixes { 2858 if-feature ipv4; 2859 key "lan next-hop"; 2860 leaf lan { 2861 type inet:ipv4-prefix; 2862 description 2863 "LAN prefixes."; 2864 } 2865 leaf lan-tag { 2866 type string; 2867 description 2868 "Internal tag to be used in VPN policies."; 2869 } 2870 leaf next-hop { 2871 type inet:ipv4-address; 2872 description 2873 "Next-hop address to use on the customer side."; 2874 } 2875 description 2876 "List of LAN prefixes for the site."; 2877 } 2878 list ipv6-lan-prefixes { 2879 if-feature ipv6; 2880 key "lan next-hop"; 2881 leaf lan { 2882 type inet:ipv6-prefix; 2883 description 2884 "LAN prefixes."; 2885 } 2886 leaf lan-tag { 2887 type string; 2888 description 2889 "Internal tag to be used in VPN policies."; 2890 } 2891 leaf next-hop { 2892 type inet:ipv6-address; 2893 description 2894 "Next-hop address to use on the customer side."; 2895 } 2896 description 2897 "List of LAN prefixes for the site."; 2898 } 2899 description 2900 "LAN prefixes from the customer."; 2901 } 2902 description 2903 "Configuration specific to static routing."; 2904 } 2905 container rip { 2906 when "derived-from-or-self(../type, 'l3vpn-ntw:rip')" { 2907 description 2908 "Only applies when the protocol is RIP. For IPv4, 2909 the model assumes that RIP version 2 is used."; 2910 } 2911 if-feature rtg-rip; 2912 leaf-list address-family { 2913 type address-family; 2914 min-elements "1"; 2915 description 2916 "If RIP is used on this site, this node 2917 contains a configured value. This node 2918 contains at least one address family 2919 to be activated."; 2920 } 2921 description 2922 "Configuration specific to RIP routing."; 2923 } 2924 container vrrp { 2925 when "derived-from-or-self(../type, 'l3vpn-ntw:vrrp')" { 2926 description 2927 "Only applies when protocol is VRRP."; 2928 } 2929 if-feature rtg-vrrp; 2930 leaf-list address-family { 2931 type address-family; 2932 min-elements "1"; 2933 description 2934 "If VRRP is used on this site, this node 2935 contains a configured value. This node contains 2936 at least one address family to be activated."; 2937 } 2938 description 2939 "Configuration specific to VRRP routing."; 2940 } 2941 description 2942 "List of routing protocols used on 2943 the site. This list can be augmented."; 2945 } 2946 description 2947 "Defines routing protocols."; 2948 } 2949 description 2950 "Grouping for routing protocols."; 2951 } 2952 grouping site-attachment-ip-connection { 2954 container ip-connection { 2955 container ipv4 { 2956 if-feature ipv4; 2957 leaf address-allocation-type { 2958 type identityref { 2959 base address-allocation-type; 2960 } 2961 must "not(derived-from-or-self(current(), 'l3vpn-ntw:slaac') or "+ 2962 "derived-from-or-self(current(), "+ 2963 "'l3vpn-ntw:provider-dhcp-slaac'))" { 2964 error-message "SLAAC is only applicable to IPv6"; 2965 } 2966 description 2967 "Defines how addresses are allocated. 2968 If there is no value for the address 2969 allocation type, then IPv4 is not enabled."; 2970 } 2971 container provider-dhcp { 2972 when "derived-from-or-self(../address-allocation-type, "+ 2973 "'l3vpn-ntw:provider-dhcp')" { 2974 description 2975 "Only applies when addresses are allocated by DHCP."; 2976 } 2977 leaf provider-address { 2978 type inet:ipv4-address; 2979 description 2980 "Address of provider side. If provider-address is not 2981 specified, then prefix length should not be specified 2982 either. It also implies provider-dhcp allocation is 2983 not enabled. If provider-address is specified, then 2984 the prefix length may or may not be specified."; 2985 } 2986 leaf prefix-length { 2987 type uint8 { 2988 range "0..32"; 2989 } 2990 must "(../provider-address)" { 2991 error-message 2992 "If the prefix length is specified, provider-address 2993 must also be specified."; 2994 description 2995 "If the prefix length is specified, provider-address 2996 must also be specified."; 2997 } 2998 description 2999 "Subnet prefix length expressed in bits. 3000 If not specified, or specified as zero, 3001 this means the customer leaves the actual 3002 prefix length value to the provider."; 3003 } 3004 choice address-assign { 3005 default number; 3006 case number { 3007 leaf number-of-dynamic-address { 3008 type uint16; 3009 default 1; 3010 description 3011 "Describes the number of IP addresses 3012 the customer requires."; 3013 } 3014 } 3015 case explicit { 3016 container customer-addresses { 3017 list address-group { 3018 key "group-id"; 3019 leaf group-id { 3020 type string; 3021 description 3022 "Group-id for the address range from 3023 start-address to end-address."; 3024 } 3025 leaf start-address { 3026 type inet:ipv4-address; 3027 description 3028 "First address."; 3029 } 3030 leaf end-address { 3031 type inet:ipv4-address; 3032 description 3033 "Last address."; 3034 } 3035 description 3036 "Describes IP addresses allocated by DHCP. 3037 When only start-address or only end-address 3038 is present, it represents a single address. 3039 When both start-address and end-address are 3040 specified, it implies a range inclusive of both 3041 addresses. If no address is specified, it implies 3042 customer addresses group is not supported."; 3043 } 3044 description 3045 "Container for customer addresses is allocated by DHCP."; 3046 } 3047 } 3048 description 3049 "Choice for the way to assign addresses."; 3050 } 3051 description 3052 "DHCP allocated addresses related parameters."; 3053 } 3054 container dhcp-relay { 3055 when "derived-from-or-self(../address-allocation-type, "+ 3056 "'l3vpn-ntw:provider-dhcp-relay')" { 3057 description 3058 "Only applies when provider is required to implement 3059 DHCP relay function."; 3060 } 3061 leaf provider-address { 3062 type inet:ipv4-address; 3063 description 3064 "Address of provider side. If provider-address is not 3065 specified, then prefix length should not be specified 3066 either. It also implies provider-dhcp allocation is 3067 not enabled. If provider-address is specified, then 3068 prefix length may or may not be specified."; 3069 } 3070 leaf prefix-length { 3071 type uint8 { 3072 range "0..32"; 3073 } 3074 must "(../provider-address)" { 3075 error-message 3076 "If prefix length is specified, provider-address 3077 must also be specified."; 3078 description 3079 "If prefix length is specified, provider-address 3080 must also be specified."; 3081 } 3082 description 3083 "Subnet prefix length expressed in bits. If not 3084 specified, or specified as zero, this means the 3085 customer leaves the actual prefix length value 3086 to the provider."; 3087 } 3088 container customer-dhcp-servers { 3089 leaf-list server-ip-address { 3090 type inet:ipv4-address; 3091 description 3092 "IP address of customer DHCP server."; 3093 } 3094 description 3095 "Container for list of customer DHCP servers."; 3096 } 3097 description 3098 "DHCP relay provided by operator."; 3099 } 3100 container addresses { 3101 when "derived-from-or-self(../address-allocation-type, "+ 3102 "'l3vpn-ntw:static-address')" { 3103 description 3104 "Only applies when protocol allocation type is static."; 3105 } 3106 leaf provider-address { 3107 type inet:ipv4-address; 3108 description 3109 "IPv4 Address List of the provider side. 3110 When the protocol allocation type is static, 3111 the provider address must be configured."; 3112 } 3113 leaf customer-address { 3114 type inet:ipv4-address; 3115 description 3116 "IPv4 Address of customer side."; 3117 } 3118 leaf prefix-length { 3119 type uint8 { 3120 range "0..32"; 3121 } 3122 description 3123 "Subnet prefix length expressed in bits. 3124 It is applied to both provider-address 3125 and customer-address."; 3126 } 3127 description 3128 "Describes IPv4 addresses used."; 3129 } 3130 description 3131 "IPv4-specific parameters."; 3132 } 3133 container ipv6 { 3134 if-feature ipv6; 3135 leaf address-allocation-type { 3136 type identityref { 3137 base address-allocation-type; 3138 } 3139 description 3140 "Defines how addresses are allocated. 3141 If there is no value for the address 3142 allocation type, then IPv6 is 3143 not enabled."; 3144 } 3146 container provider-dhcp { 3147 when "derived-from-or-self(../address-allocation-type, "+ 3148 "'l3vpn-ntw:provider-dhcp') "+ 3149 "or derived-from-or-self(../address-allocation-type, "+ 3150 "'l3vpn-ntw:provider-dhcp-slaac')" { 3151 description 3152 "Only applies when addresses are allocated by DHCP."; 3153 } 3154 leaf provider-address { 3155 type inet:ipv6-address; 3156 description 3157 "Address of the provider side. If provider-address 3158 is not specified, then prefix length should not be 3159 specified either. It also implies provider-dhcp 3160 allocation is not enabled. If provider-address is 3161 specified, then prefix length may or may 3162 not be specified."; 3163 } 3164 leaf prefix-length { 3165 type uint8 { 3166 range "0..128"; 3167 } 3168 must "(../provider-address)" { 3169 error-message 3170 "If prefix length is specified, provider-address 3171 must also be specified."; 3172 description 3173 "If prefix length is specified, provider-address 3174 must also be specified."; 3175 } 3176 description 3177 "Subnet prefix length expressed in bits. If not 3178 specified, or specified as zero, this means the 3179 customer leaves the actual prefix length value 3180 to the provider."; 3181 } 3182 choice address-assign { 3183 default number; 3184 case number { 3185 leaf number-of-dynamic-address { 3186 type uint16; 3187 default 1; 3188 description 3189 "Describes the number of IP addresses the customer 3190 requires."; 3191 } 3192 } 3193 case explicit { 3194 container customer-addresses { 3195 list address-group { 3196 key "group-id"; 3197 leaf group-id { 3198 type string; 3199 description 3200 "Group-id for the address range from 3201 start-address to end-address."; 3202 } 3203 leaf start-address { 3204 type inet:ipv6-address; 3205 description 3206 "First address."; 3207 } 3208 leaf end-address { 3209 type inet:ipv6-address; 3210 description 3211 "Last address."; 3212 } 3213 description 3214 "Describes IP addresses allocated by DHCP. When only 3215 start-address or only end-address is present, it 3216 represents a single address. When both start-address 3217 and end-address are specified, it implies a range 3218 inclusive of both addresses. If no address is 3219 specified, it implies customer addresses group is 3220 not supported."; 3221 } 3222 description 3223 "Container for customer addresses allocated by DHCP."; 3224 } 3225 } 3226 description 3227 "Choice for the way to assign addresses."; 3228 } 3229 description 3230 "DHCP allocated addresses related parameters."; 3231 } 3232 container dhcp-relay { 3233 when "derived-from-or-self(../address-allocation-type, "+ 3234 "'l3vpn-ntw:provider-dhcp-relay')" { 3235 description 3236 "Only applies when the provider is required 3237 to implement DHCP relay function."; 3238 } 3239 leaf provider-address { 3240 type inet:ipv6-address; 3241 description 3242 "Address of the provider side. If provider-address is 3243 not specified, then prefix length should not be 3244 specified either. It also implies provider-dhcp 3245 allocation is not enabled. If provider address 3246 is specified, then prefix length may or may 3247 not be specified."; 3248 } 3249 leaf prefix-length { 3250 type uint8 { 3251 range "0..128"; 3252 } 3253 must "(../provider-address)" { 3254 error-message 3255 "If prefix length is specified, provider-address 3256 must also be specified."; 3257 description 3258 "If prefix length is specified, provider-address 3259 must also be specified."; 3260 } 3261 description 3262 "Subnet prefix length expressed in bits. If not 3263 specified, or specified as zero, this means the 3264 customer leaves the actual prefix length value 3265 to the provider."; 3266 } 3267 container customer-dhcp-servers { 3268 leaf-list server-ip-address { 3269 type inet:ipv6-address; 3270 description 3271 "This node contains the IP address of 3272 the customer DHCP server. If the DHCP relay 3273 function is implemented by the 3274 provider, this node contains the 3275 configured value."; 3276 } 3277 description 3278 "Container for list of customer DHCP servers."; 3279 } 3280 description 3281 "DHCP relay provided by operator."; 3282 } 3283 container addresses { 3284 when "derived-from-or-self(../address-allocation-type, "+ 3285 "'l3vpn-ntw:static-address')" { 3286 description 3287 "Only applies when protocol allocation type is static."; 3288 } 3289 leaf provider-address { 3290 type inet:ipv6-address; 3291 description 3292 "IPv6 Address of the provider side. When the protocol 3293 allocation type is static, the provider address 3294 must be configured."; 3295 } 3296 leaf customer-address { 3297 type inet:ipv6-address; 3298 description 3299 "The IPv6 Address of the customer side."; 3300 } 3301 leaf prefix-length { 3302 type uint8 { 3303 range "0..128"; 3304 } 3305 description 3306 "Subnet prefix length expressed in bits. 3307 It is applied to both provider-address and 3308 customer-address."; 3309 } 3310 description 3311 "Describes IPv6 addresses used."; 3312 } 3313 description 3314 "IPv6-specific parameters."; 3315 } 3316 container oam { 3317 container bfd { 3318 if-feature bfd; 3319 leaf enabled { 3320 type boolean; 3321 default false; 3322 description 3323 "If true, BFD activation is required."; 3324 } 3325 choice holdtime { 3326 default fixed; 3327 case fixed { 3328 leaf fixed-value { 3329 type uint32; 3330 units msec; 3331 description 3332 "Expected BFD holdtime expressed in msec. The customer 3333 may impose some fixed values for the holdtime period 3334 if the provider allows the customer use this function. 3335 If the provider doesn't allow the customer to use this 3336 function, the fixed-value will not be set."; 3337 } 3338 } 3339 case profile { 3340 leaf profile-name { 3341 type leafref { 3342 path "/l3vpn-ntw/vpn-profiles/valid-provider-identifiers/"+ 3343 "bfd-profile-identifier/id"; 3344 } 3345 description 3346 "Well-known SP profile name. The provider can propose 3347 some profiles to the customer, depending on the service 3348 level the customer wants to achieve. Profile names 3349 must be communicated to the customer."; 3350 } 3351 description 3352 "Well-known SP profile."; 3353 } 3354 description 3355 "Choice for holdtime flavor."; 3356 } 3357 description 3358 "Container for BFD."; 3359 } 3360 description 3361 "Defines the Operations, Administration, and Maintenance (OAM) 3362 mechanisms used on the connection. BFD is set as a fault 3363 detection mechanism, but the 'oam' container can easily 3364 be augmented by other mechanisms"; 3365 } 3366 description 3367 "Defines connection parameters."; 3368 } 3369 description 3370 "This grouping defines IP connection parameters."; 3371 } 3372 grouping site-service-multicast { 3373 container multicast { 3374 if-feature multicast; 3375 leaf multicast-site-type { 3376 type enumeration { 3377 enum receiver-only { 3378 description 3379 "The site only has receivers."; 3380 } 3381 enum source-only { 3382 description 3383 "The site only has sources."; 3384 } 3385 enum source-receiver { 3386 description 3387 "The site has both sources and receivers."; 3388 } 3389 } 3390 default source-receiver; 3391 description 3392 "Type of multicast site."; 3393 } 3394 container multicast-address-family { 3395 leaf ipv4 { 3396 if-feature ipv4; 3397 type boolean; 3398 default false; 3399 description 3400 "Enables IPv4 multicast."; 3401 } 3402 leaf ipv6 { 3403 if-feature ipv6; 3404 type boolean; 3405 default false; 3406 description 3407 "Enables IPv6 multicast."; 3408 } 3409 description 3410 "Defines protocol to carry multicast."; 3411 } 3412 leaf protocol-type { 3413 type enumeration { 3414 enum host { 3415 description 3416 "Hosts are directly connected to the provider network. 3417 Host protocols such as IGMP or MLD are required."; 3418 } 3419 enum router { 3420 description 3421 "Hosts are behind a customer router. 3422 PIM will be implemented."; 3423 } 3424 enum both { 3425 description 3426 "Some hosts are behind a customer router, and 3427 some others are directly connected to the 3428 provider network. Both host and routing protocols 3429 must be used. Typically, IGMP and PIM will be 3430 implemented."; 3431 } 3432 } 3433 default "both"; 3434 description 3435 "Multicast protocol type to be used with the customer site."; 3436 } 3437 description 3438 "Multicast parameters for the site."; 3439 } 3440 description 3441 "Multicast parameters for the site."; 3442 } 3443 grouping site-management { 3444 container management { 3445 leaf type { 3446 type identityref { 3447 base management; 3448 } 3449 mandatory true; 3450 description 3451 "Management type of the connection."; 3452 } 3453 description 3454 "Management configuration."; 3455 } 3456 description 3457 "Management parameters for the site."; 3458 } 3459 grouping site-devices { 3460 container devices { 3461 when "derived-from-or-self(../management/type, "+ 3462 "'l3vpn-ntw:provider-managed') or "+ 3463 "derived-from-or-self(../management/type, 'l3vpn-ntw:co-managed')" { 3464 description 3465 "Applicable only for provider-managed or 3466 co-managed device."; 3467 } 3468 list device { 3469 key device-id; 3470 leaf device-id { 3471 type svc-id; 3472 description 3473 "Identifier for the device."; 3474 } 3475 leaf location { 3476 type leafref { 3477 path "../../../locations/"+ 3478 "location/location-id"; 3479 } 3480 mandatory true; 3481 description 3482 "Location of the device."; 3483 } 3484 container management { 3485 when "derived-from-or-self(../../../management/type,"+ 3486 "'l3vpn-ntw:co-managed')" { 3487 description 3488 "Applicable only for co-managed device."; 3489 } 3490 leaf address-family { 3491 type address-family; 3492 description 3493 "Address family used for management."; 3494 } 3495 leaf address { 3496 when "(../address-family)" { 3497 description 3498 "If address-family is specified, then address should 3499 also be specified. If address-family is not specified, 3500 then address should also not be specified."; 3501 } 3502 type inet:ip-address; 3503 mandatory true; 3504 description 3505 "Management address."; 3506 } 3507 description 3508 "Management configuration. Applicable only for 3509 co-managed device."; 3510 } 3511 description 3512 "List of devices requested by customer."; 3513 } 3514 description 3515 "Device configuration."; 3516 } 3517 description 3518 "Grouping for device allocation."; 3519 } 3520 grouping site-vpn-flavor { 3521 leaf site-vpn-flavor { 3522 type identityref { 3523 base site-vpn-flavor; 3524 } 3525 default site-vpn-flavor-single; 3526 description 3527 "Defines the way the VPN multiplexing is done, e.g., whether 3528 the site belongs to a single VPN site or a multiVPN; or, in the case 3529 of a multiVPN, whether the logical accesses of the sites belong 3530 to the same set of VPNs or each logical access maps to 3531 different VPNs."; 3532 } 3533 description 3534 "Grouping for site VPN flavor."; 3535 } 3536 grouping site-maximum-routes { 3537 container maximum-routes { 3538 list address-family { 3539 key af; 3540 leaf af { 3541 type address-family; 3542 description 3543 "Address family."; 3544 } 3545 leaf maximum-routes { 3546 type uint32; 3547 description 3548 "Maximum prefixes the VRF can accept 3549 for this address family."; 3550 } 3551 description 3552 "List of address families."; 3553 } 3554 description 3555 "Defines 'maximum-routes' for the VRF."; 3556 } 3557 description 3558 "Defines 'maximum-routes' for the site."; 3559 } 3560 grouping site-security { 3561 container security { 3562 uses site-security-authentication; 3563 uses site-security-encryption; 3564 description 3565 "Site-specific security parameters."; 3566 } 3567 description 3568 "Grouping for security parameters."; 3570 } 3571 grouping site-service { 3572 container service { 3573 uses site-service-qos-profile; 3574 uses site-service-mpls; 3575 uses site-service-multicast; 3576 description 3577 "Service parameters on the attachment."; 3578 } 3579 description 3580 "Grouping for service parameters."; 3581 } 3582 grouping site-network-access-service { 3583 container service { 3584 uses site-service-basic; 3585 /* Extension */ 3586 /* uses svc-bandwidth-params; */ 3587 /* EoExt */ 3588 uses site-service-qos-profile; 3589 uses site-service-mpls; 3590 uses site-service-multicast; 3591 description 3592 "Service parameters on the attachment."; 3593 } 3594 description 3595 "Grouping for service parameters."; 3596 } 3597 grouping vpn-extranet { 3598 container extranet-vpns { 3599 if-feature extranet-vpn; 3600 list extranet-vpn { 3601 key vpn-id; 3602 leaf vpn-id { 3603 type svc-id; 3604 description 3605 "Identifies the target VPN the local VPN want to access."; 3606 } 3607 leaf local-sites-role { 3608 type identityref { 3609 base site-role; 3610 } 3611 default any-to-any-role; 3612 description 3613 "This describes the role of the 3614 local sites in the target VPN topology. In the any-to-any VPN 3615 service topology, the local sites must have the same role, which 3616 will be 'any-to-any-role'. In the Hub-and-Spoke VPN service 3617 topology or the Hub-and-Spoke disjoint VPN service topology, 3618 the local sites must have a Hub role or a Spoke role."; 3619 } 3620 description 3621 "List of extranet VPNs or target VPNs the local VPN is 3622 attached to."; 3623 } 3624 description 3625 "Container for extranet VPN configuration."; 3626 } 3627 description 3628 "Grouping for extranet VPN configuration. 3629 This provides an easy way to interconnect 3630 all sites from two VPNs."; 3631 } 3632 grouping site-attachment-availability { 3633 container availability { 3634 leaf access-priority { 3635 type uint32; 3636 default 100; 3637 description 3638 "Defines the priority for the access. 3639 The higher the access-priority value, 3640 the higher the preference of the 3641 access will be."; 3642 } 3643 description 3644 "Availability parameters (used for multihoming)."; 3645 } 3646 description 3647 "Defines availability parameters for a site."; 3648 } 3649 grouping vpn-profile-cfg { 3650 container valid-provider-identifiers { 3651 list cloud-identifier { 3652 if-feature cloud-access; 3653 key id; 3654 leaf id { 3655 type string; 3656 description 3657 "Identification of cloud service. 3658 Local administration meaning."; 3659 } 3660 description 3661 "List for Cloud Identifiers."; 3662 } 3663 list encryption-profile-identifier { 3664 key id; 3665 leaf id { 3666 type string; 3667 description 3668 "Identification of the SP encryption profile 3669 to be used. Local administration meaning."; 3670 } 3671 description 3672 "List for encryption profile identifiers."; 3673 } 3674 list qos-profile-identifier { 3675 key id; 3676 leaf id { 3677 type string; 3678 description 3679 "Identification of the QoS Profile to be used. 3680 Local administration meaning."; 3681 } 3682 description 3683 "List for QoS Profile Identifiers."; 3684 } 3685 list bfd-profile-identifier { 3686 key id; 3687 leaf id { 3688 type string; 3689 description 3690 "Identification of the SP BFD Profile to be used. 3691 Local administration meaning."; 3692 } 3693 description 3694 "List for BFD Profile identifiers."; 3695 } 3697 list routing-profile-identifier { 3698 key id; 3699 leaf id { 3700 type string; 3701 description 3702 "Identification of the routing Profile to be used 3703 by the routing-protocols within sites and site- 3704 network-accesses. Local administration meaning."; 3705 } 3706 description 3707 "List for Routing Profile Identifiers."; 3708 } 3710 nacm:default-deny-write; 3711 description 3712 "Container for Valid Provider Identifies."; 3713 } 3714 description 3715 "Grouping for VPN Profile configuration."; 3716 } 3717 grouping vpn-svc-cfg { 3718 leaf vpn-id { 3719 type svc-id; 3720 description 3721 "VPN identifier. Local administration meaning."; 3722 } 3723 leaf customer-name { 3724 type string; 3725 description 3726 "Name of the customer that actually uses the VPN service. 3727 In the case that any intermediary (e.g., Tier-2 provider 3728 or partner) sells the VPN service to their end user 3729 on behalf of the original service provider (e.g., Tier-1 3730 provider), the original service provider may require the 3731 customer name to provide smooth activation/commissioning 3732 and operation for the service."; 3733 } 3734 leaf vpn-service-topology { 3735 type identityref { 3736 base vpn-topology; 3737 } 3738 default any-to-any; 3739 description 3740 "VPN service topology."; 3741 } 3743 leaf description { 3744 type string; 3745 description 3746 "Textual description of a VPN service."; 3747 } 3749 uses ie-profiles-params; 3750 uses vpn-nodes-params; 3751 uses vpn-service-cloud-access; 3752 uses vpn-service-multicast; 3753 uses vpn-service-mpls; 3754 uses vpn-extranet; 3755 description 3756 "Grouping for VPN service configuration."; 3757 } 3758 grouping site-top-level-cfg { 3759 uses operational-requirements; 3760 uses customer-location-info; 3761 uses site-devices; 3762 uses site-diversity; 3763 uses site-management; 3764 uses site-vpn-flavor; 3765 uses site-maximum-routes; 3766 uses site-security; 3767 uses site-service; 3768 uses site-protection; 3769 uses site-routing; 3770 description 3771 "Grouping for site top-level configuration."; 3772 } 3773 grouping site-network-access-top-level-cfg { 3775 /* Extension */ 3777 uses status-params; 3779 /* End of Extension */ 3781 leaf site-network-access-type { 3782 type identityref { 3783 base site-network-access-type; 3784 } 3785 default point-to-point; 3786 description 3787 "Describes the type of connection, e.g., 3788 point-to-point or multipoint."; 3789 } 3790 choice location-flavor { 3791 case location { 3792 when "derived-from-or-self(../../management/type, "+ 3793 "'l3vpn-ntw:customer-managed')" { 3794 description 3795 "Applicable only for customer-managed device."; 3796 } 3797 leaf location-reference { 3798 type leafref { 3799 path "../../../locations/location/location-id"; 3800 } 3801 description 3802 "Location of the site-network-access."; 3803 } 3804 } 3805 case device { 3806 when "derived-from-or-self(../../management/type, "+ 3807 "'l3vpn-ntw:provider-managed') or "+ 3808 "derived-from-or-self(../../management/type, "+ 3809 "'l3vpn-ntw:co-managed')" { 3810 description 3811 "Applicable only for provider-managed or co-managed device."; 3812 } 3813 leaf device-reference { 3814 type leafref { 3815 path "../../../devices/device/device-id"; 3816 } 3817 description 3818 "Identifier of CE to use."; 3819 } 3820 } 3821 mandatory true; 3822 description 3823 "Choice of how to describe the site's location."; 3824 } 3825 uses access-diversity; 3826 uses site-attachment-bearer; 3827 uses site-attachment-ip-connection; 3828 uses site-security; 3829 uses site-network-access-service; 3830 uses site-routing; 3831 uses site-attachment-availability; 3832 description 3833 "Grouping for site network access top-level configuration."; 3834 } 3836 /* Extensions */ 3838 /* Bearers in a site */ 3839 grouping site-bearer-params { 3841 container site-bearers { 3842 list bearer { 3843 key "bearer-id"; 3845 leaf bearer-id { 3846 type string; 3847 description ""; 3848 } 3850 leaf BearerType { 3851 type identityref { 3852 base bearer-inf-type; 3853 } 3854 description 3855 "Request for an Bearer access type. 3857 Choose between port or lag connection type."; 3858 } 3860 leaf ne-id { 3861 type string; 3862 description 3863 "NE-id reference."; 3864 } 3866 leaf port-id { 3867 type string; 3868 description 3869 "Port-id in format slot/ card /port."; 3870 } 3872 leaf lag-id { 3873 type string; 3874 description 3875 "lag-id in format id."; 3876 } 3877 description 3878 "Parameters used to identify each bearer"; 3879 } 3880 description 3881 "Grouping to reuse the site bearer assigment"; 3882 } 3883 description 3884 "Grouping to reuse the site bearer assigment"; 3885 } 3887 /* UNUSED */ 3888 grouping svc-bandwidth-params { 3889 container svc-bandwidth { 3890 if-feature "input-bw"; 3891 list bandwidth { 3892 key "direction type"; 3893 leaf direction { 3894 type identityref { 3895 base bw-direction; 3896 } 3897 description 3898 "Indicates the bandwidth direction. It can be 3899 the bandwidth download direction from the SP to 3900 the site or the bandwidth upload direction from 3901 the site to the SP."; 3902 } 3903 leaf type { 3904 type identityref { 3905 base bw-type; 3906 } 3907 description 3908 "Bandwidth type. By default, the bandwidth type 3909 is set to 'bw-per-cos'."; 3910 } 3911 leaf cos-id { 3912 when "derived-from-or-self(../type, " 3913 + "'l3vpn-ntw:bw-per-cos')" { 3914 description 3915 "Relevant when the bandwidth type is set to 3916 'bw-per-cos'."; 3917 } 3918 type uint8; 3919 description 3920 "Identifier of the CoS, indicated by DSCP or a 3921 CE-VLAN CoS (802.1p) value in the service frame. 3922 If the bandwidth type is set to 'bw-per-cos', 3923 the CoS ID MUST also be specified."; 3924 } 3925 leaf vpn-id { 3926 when "derived-from-or-self(../type, " 3927 + "'l3vpn-ntw:bw-per-svc')" { 3928 description 3929 "Relevant when the bandwidth type is 3930 set as bandwidth per VPN service."; 3931 } 3932 type svc-id; 3933 description 3934 "Identifies the target VPN. If the bandwidth 3935 type is set as bandwidth per VPN service, the 3936 vpn-id MUST be specified."; 3937 } 3938 leaf cir { 3939 type uint64; 3940 units "bps"; 3941 mandatory true; 3942 description 3943 "Committed Information Rate. The maximum number 3944 of bits that a port can receive or send over 3945 an interface in one second."; 3946 } 3947 leaf cbs { 3948 type uint64; 3949 units "bps"; 3950 mandatory true; 3951 description 3952 "Committed Burst Size (CBS). Controls the bursty 3953 nature of the traffic. Traffic that does not 3954 use the configured Committed Information Rate 3955 (CIR) accumulates credits until the credits 3956 reach the configured CBS."; 3957 } 3958 leaf eir { 3959 type uint64; 3960 units "bps"; 3961 description 3962 "Excess Information Rate (EIR), i.e., excess frame 3963 delivery allowed that is not subject to an SLA. 3964 The traffic rate can be limited by the EIR."; 3965 } 3966 leaf ebs { 3967 type uint64; 3968 units "bps"; 3969 description 3970 "Excess Burst Size (EBS). The bandwidth available 3971 for burst traffic from the EBS is subject to the 3972 amount of bandwidth that is accumulated during 3973 periods when traffic allocated by the EIR 3974 policy is not used."; 3975 } 3976 leaf pir { 3977 type uint64; 3978 units "bps"; 3979 description 3980 "Peak Information Rate, i.e., maximum frame 3981 delivery allowed. It is equal to or less 3982 than the sum of the CIR and the EIR."; 3983 } 3984 leaf pbs { 3985 type uint64; 3986 units "bps"; 3987 description 3988 "Peak Burst Size. It is measured in bytes per 3989 second."; 3990 } 3991 description 3992 "List of bandwidth values (e.g., per CoS, 3993 per vpn-id)."; 3994 } 3995 description 3996 "From the customer site's perspective, the service 3997 input/output bandwidth of the connection or 3998 download/upload bandwidth from the SP/site 3999 to the site/SP."; 4000 } 4001 description 4002 " "; 4003 } 4005 grouping status-params { 4006 container status { 4007 leaf admin-enabled { 4008 type boolean; 4009 description 4010 "Administrative Status UP/DOWN"; 4011 } 4012 leaf oper-status { 4013 type operational-type; 4014 config false; 4015 description 4016 "Operations status"; 4017 } 4018 description ""; 4019 } 4020 description 4021 "Grouping used to join operational and administrative status 4022 is re used in the Site Network Acess and in the VPN-Node"; 4023 } 4025 /* Parameters related to vpn-nodes (VRF config.) */ 4026 grouping vpn-nodes-params { 4027 container vpn-nodes { 4028 description ""; 4030 list vpn-node { 4031 key "vpn-node-id ne-id"; 4033 leaf vpn-node-id { 4034 type string; 4035 description ""; 4036 } 4038 leaf description { 4039 type string; 4040 description 4041 "Textual description of a VPN node."; 4042 } 4044 leaf ne-id { 4045 type string; 4046 description ""; 4048 } 4050 leaf router-id { 4051 type inet:ip-address; 4052 description 4053 "router-id information can be ipv4/6 addresses"; 4054 } 4056 leaf address-family { 4057 type address-family; 4058 description 4059 "Address family used for router-id information."; 4060 } 4062 leaf node-role { 4063 type identityref { 4064 base site-role; 4065 } 4066 default any-to-any-role; 4067 description 4068 "Role of the vpn-node in the IP VPN."; 4069 } 4070 uses rt-rd; 4071 uses status-params; 4073 /* Here we use the name given to the existing structure in sites */ 4074 uses site-maximum-routes; 4076 leaf node-ie-profile { 4077 type leafref { 4078 path "/l3vpn-ntw/vpn-services/"+ 4079 "vpn-service/ie-profiles/ie-profile/ie-profile-id"; 4080 } 4081 description ""; 4082 } 4083 description ""; 4084 } 4085 } 4086 description "Grouping to define VRF-specific configuration."; 4087 } 4089 /* Parameters related to import and export profiles (RTs RDs.) */ 4090 grouping ie-profiles-params { 4091 container ie-profiles { 4092 list ie-profile { 4093 key "ie-profile-id"; 4094 leaf ie-profile-id { 4095 type string; 4097 description 4098 ""; 4099 } 4100 uses rt-rd; 4101 description 4102 ""; 4103 } 4104 description 4105 ""; 4106 } 4107 description 4108 "Grouping to specify rules for route import and export"; 4109 } 4111 grouping pseudowire-params { 4112 container pseudowire { 4113 /*leaf far-end {*/ 4114 /* description "IP of the remote peer of the pseudowire.";*/ 4115 /* type inet:ip-address;*/ 4116 /*}*/ 4117 leaf vcid { 4118 type uint32; 4119 description 4120 "PW or VC identifier."; 4121 } 4122 description 4123 "Pseudowire termination parameters"; 4124 } 4125 description 4126 "Grouping pseudowire termination parameters"; 4127 } 4129 grouping security-params { 4130 container security { 4131 leaf auth-key { 4132 type string; 4133 description 4134 "MD5 authentication password for the connection towards the 4135 customer edge."; 4136 } 4137 description 4138 "Container for aggregating any security parameter for routing 4139 sessions between a PE and a CE."; 4140 } 4141 description 4142 "Grouping to define security parameters"; 4143 } 4145 grouping ethernet-params { 4146 container connection { 4147 leaf encapsulation-type { 4148 type identityref { 4149 base encapsulation-type; 4150 } 4151 default "untagged-int"; 4152 description 4153 "Encapsulation type. By default, the 4154 encapsulation type is set to 'untagged'."; 4155 } 4156 container tagged-interface { 4157 leaf type { 4158 type identityref { 4159 base tagged-inf-type; 4160 } 4161 default "priority-tagged"; 4162 description 4163 "Tagged interface type. By default, 4164 the type of the tagged interface is 4165 'priority-tagged'."; 4166 } 4167 container dot1q-vlan-tagged { 4168 when "derived-from-or-self(../type, " 4169 + "'l3vpn-ntw:dot1q')" { 4170 description 4171 "Only applies when the type of the tagged 4172 interface is 'dot1q'."; 4173 } 4174 if-feature "dot1q"; 4175 leaf tag-type { 4176 type identityref { 4177 base tag-type; 4178 } 4179 default "c-vlan"; 4180 description 4181 "Tag type. By default, the tag type is 4182 'c-vlan'."; 4183 } 4184 leaf cvlan-id { 4185 type uint16; 4186 description 4187 "VLAN identifier."; 4188 } 4189 description 4190 "Tagged interface."; 4191 } 4192 container priority-tagged { 4193 when "derived-from-or-self(../type, " 4194 + "'l3vpn-ntw:priority-tagged')" { 4195 description 4196 "Only applies when the type of the tagged 4197 interface is 'priority-tagged'."; 4198 } 4199 leaf tag-type { 4200 type identityref { 4201 base tag-type; 4202 } 4203 default "c-vlan"; 4204 description 4205 "Tag type. By default, the tag type is 4206 'c-vlan'."; 4207 } 4208 description 4209 "Priority tagged."; 4210 } 4211 container qinq { 4212 when "derived-from-or-self(../type, " 4213 + "'l3vpn-ntw:qinq')" { 4214 description 4215 "Only applies when the type of the tagged 4216 interface is 'qinq'."; 4217 } 4218 if-feature "qinq"; 4219 leaf tag-type { 4220 type identityref { 4221 base tag-type; 4222 } 4223 default "c-s-vlan"; 4224 description 4225 "Tag type. By default, the tag type is 4226 'c-s-vlan'."; 4227 } 4228 leaf svlan-id { 4229 type uint16; 4230 mandatory true; 4231 description 4232 "SVLAN identifier."; 4233 } 4234 leaf cvlan-id { 4235 type uint16; 4236 mandatory true; 4237 description 4238 "CVLAN identifier."; 4239 } 4240 description 4241 "QinQ."; 4242 } 4243 container qinany { 4244 when "derived-from-or-self(../type, " 4245 + "'l3vpn-ntw:qinany')" { 4246 description 4247 "Only applies when the type of the tagged 4248 interface is 'qinany'."; 4249 } 4250 if-feature "qinany"; 4251 leaf tag-type { 4252 type identityref { 4253 base tag-type; 4254 } 4255 default "s-vlan"; 4256 description 4257 "Tag type. By default, the tag type is 4258 's-vlan'."; 4259 } 4260 leaf svlan-id { 4261 type uint16; 4262 mandatory true; 4263 description 4264 "Service VLAN ID."; 4265 } 4266 description 4267 "Container for QinAny."; 4268 } 4269 container vxlan { 4270 when "derived-from-or-self(../type, " 4271 + "'l3vpn-ntw:vxlan')" { 4272 description 4273 "Only applies when the type of the tagged 4274 interface is 'vxlan'."; 4275 } 4276 if-feature "vxlan"; 4277 leaf vni-id { 4278 type uint32; 4279 mandatory true; 4280 description 4281 "VXLAN Network Identifier (VNI)."; 4282 } 4283 leaf peer-mode { 4284 type identityref { 4285 base vxlan-peer-mode; 4286 } 4287 default "static-mode"; 4288 description 4289 "Specifies the VXLAN access mode. By default, 4290 the peer mode is set to 'static-mode'."; 4291 } 4292 list peer-list { 4293 key "peer-ip"; 4294 leaf peer-ip { 4295 type inet:ip-address; 4296 description 4297 "Peer IP."; 4298 } 4299 description 4300 "List of peer IP addresses."; 4301 } 4302 description 4303 "QinQ."; 4304 } 4305 description 4306 "Container for tagged interfaces."; 4307 } 4308 description 4309 "Encapsulation types"; 4310 } 4311 description 4312 "Grouping to define encapsulation types"; 4313 } 4315 grouping rt-rd { 4316 leaf rd { 4317 type rt-types:route-distinguisher; 4318 description 4319 ""; 4320 } 4321 container vpn-targets { 4322 description 4323 "Set of route-targets to match for import and export routes 4324 to/from VRF"; 4325 uses rt-types:vpn-route-targets; 4326 } 4327 description 4328 ""; 4329 } 4331 /* Main blocks */ 4332 container l3vpn-ntw { 4333 container vpn-profiles { 4334 uses vpn-profile-cfg; 4335 description 4336 "Container for VPN Profiles."; 4338 } 4339 container vpn-services { 4340 list vpn-service { 4341 key vpn-id; 4342 uses vpn-svc-cfg; 4343 description 4344 "List of VPN services."; 4345 } 4346 description 4347 "Top-level container for the VPN services."; 4348 } 4349 container sites { 4350 list site { 4351 key site-id; 4352 leaf site-id { 4353 type svc-id; 4354 description 4355 "Identifier of the site."; 4356 } 4357 leaf description { 4358 type string; 4359 description 4360 "Textual description of a site."; 4361 } 4362 uses site-top-level-cfg; 4363 uses operational-requirements-ops; 4364 uses site-bearer-params; 4365 container site-network-accesses { 4366 list site-network-access { 4367 key site-network-access-id; 4368 leaf site-network-access-id { 4369 type svc-id; 4370 description 4371 "Identifier for the access."; 4372 } 4373 leaf description { 4374 type string; 4375 description 4376 "Textual description of a VPN service."; 4377 } 4378 uses site-network-access-top-level-cfg; 4379 leaf node-id { 4380 type leafref{ 4381 path "/l3vpn-ntw/vpn-services/vpn-service/vpn-nodes/vpn-node/vpn-node-id"; 4382 } 4383 description 4384 "Reference the VPN node id"; 4385 } 4387 leaf service-id { 4388 type leafref{ 4389 path "/l3vpn-ntw/vpn-services/vpn-service/vpn-id"; 4390 } 4391 description 4392 "Reference the VPN node id"; 4393 } 4394 leaf access-group-id { 4395 type yang:uuid; 4396 description 4397 "Reference the Access Goup ID. 4398 It is used to group and identify SNA with common behavior 4399 such as dual-homming"; 4400 } 4401 description 4402 "List of accesses for a site."; 4403 } 4404 description 4405 "List of accesses for a site."; 4406 } 4407 description 4408 "List of sites."; 4409 } 4410 description 4411 "Container for sites."; 4412 } 4413 description 4414 "Main container for L3VPN service configuration."; 4415 } 4416 } 4418 Figure 4 4420 6. IANA CONSIDERATIONS 4422 This memo includes no request to IANA. 4424 7. SECURITY CONSIDERATIONS 4426 All the security considerations of [RFC8299] apply to this document. 4427 Subsequent versions will provide additional security considerations. 4429 8. IMPLEMENTATION STATUS 4431 This section will be used to track the status of the implementations 4432 of the model. It is aimed at being removed if the document becomes 4433 RFC. 4435 9. ACKNOWLEDGEMENTS 4437 Thanks to Adrian Farrel and Miguel Cros for the suggestions on the 4438 document. Thanks to Stephane Litowski and Philip Eardlay for the 4439 review. Lots of thanks for the discussions on opsawg mailing list 4440 and at IETF meeting. Some of the comments have already been 4441 incorported and the other part of the comments will be addressed in 4442 the next versions. 4444 This work was supported in part by the European Commission funded 4445 H2020-ICT-2016-2 METRO-HAUL project (G.A. 761727). 4447 10. CONTRIBUTORS 4449 Daniel King 4450 Old Dog Consulting 4451 Email: daniel@olddog.co.uk 4453 Samier Barguil 4454 Telefonica 4455 Email: samier.barguilgiraldo.ext@telefonica.com 4457 Luay Jalil 4458 Verizon 4459 Email: luay.jalil@verizon.com 4461 Qin Wu 4462 Huawei 4463 Email: bill.wu@huawei.com> 4465 11. References 4467 11.1. NORMATIVE REFERENCES 4469 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 4470 Requirement Levels", BCP 14, RFC 2119, 4471 DOI 10.17487/RFC2119, March 1997, 4472 . 4474 11.2. INFORMATIVE REFERENCES 4476 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 4477 and A. Bierman, Ed., "Network Configuration Protocol 4478 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 4479 . 4481 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 4482 RFC 7950, DOI 10.17487/RFC7950, August 2016, 4483 . 4485 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 4486 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 4487 May 2017, . 4489 [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, 4490 "YANG Data Model for L3VPN Service Delivery", RFC 8299, 4491 DOI 10.17487/RFC8299, January 2018, 4492 . 4494 [RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models 4495 Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018, 4496 . 4498 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 4499 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 4500 . 4502 [RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for 4503 Abstraction and Control of TE Networks (ACTN)", RFC 8453, 4504 DOI 10.17487/RFC8453, August 2018, 4505 . 4507 [RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG 4508 Data Model for Layer 2 Virtual Private Network (L2VPN) 4509 Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October 4510 2018, . 4512 Authors' Addresses 4514 Alejandro Aguado 4515 Nokia 4516 Madrid 4517 ES 4519 Email: alejandro.aguado_martin@nokia.com 4521 Oscar Gonzalez de Dios (editor) 4522 Telefonica 4523 Madrid 4524 ES 4526 Email: oscar.gonzalezdedios@telefonica.com 4527 Victor Lopez 4528 Telefonica 4529 Madrid 4530 ES 4532 Email: victor.lopezalvarez@telefonica.com 4534 Daniel Voyer 4535 Bell Canada 4536 CA 4538 Email: daniel.voyer@bell.ca 4540 Luis Angel Munoz 4541 Vodafone 4542 ES 4544 Email: luis-angel.munoz@vodafone.com