idnits 2.17.1 draft-ietf-opsawg-vpn-common-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 254 has weird spacing: '...er-port ine...' == Line 255 has weird spacing: '...er-port ine...' == Line 264 has weird spacing: '...er-port ine...' == Line 265 has weird spacing: '...er-port ine...' == Line 439 has weird spacing: '...et-type rt-...' == (1 more instance...) -- The document date (October 29, 2020) is 1275 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC1701' is defined on line 2233, but no explicit reference was found in the text == Unused Reference: 'RFC1702' is defined on line 2238, but no explicit reference was found in the text == Unused Reference: 'RFC2205' is defined on line 2243, but no explicit reference was found in the text == Unused Reference: 'RFC3086' is defined on line 2248, but no explicit reference was found in the text == Unused Reference: 'RFC4364' is defined on line 2253, but no explicit reference was found in the text == Unused Reference: 'RFC4577' is defined on line 2257, but no explicit reference was found in the text == Unused Reference: 'RFC4664' is defined on line 2262, but no explicit reference was found in the text == Unused Reference: 'RFC4761' is defined on line 2267, but no explicit reference was found in the text == Unused Reference: 'RFC4762' is defined on line 2272, but no explicit reference was found in the text == Unused Reference: 'RFC5036' is defined on line 2277, but no explicit reference was found in the text == Unused Reference: 'RFC5880' is defined on line 2281, but no explicit reference was found in the text == Unused Reference: 'RFC6513' is defined on line 2285, but no explicit reference was found in the text == Unused Reference: 'RFC6624' is defined on line 2289, but no explicit reference was found in the text == Unused Reference: 'RFC7348' is defined on line 2294, but no explicit reference was found in the text == Unused Reference: 'RFC7432' is defined on line 2301, but no explicit reference was found in the text == Unused Reference: 'RFC7623' is defined on line 2306, but no explicit reference was found in the text == Unused Reference: 'RFC7676' is defined on line 2311, but no explicit reference was found in the text == Unused Reference: 'RFC8214' is defined on line 2316, but no explicit reference was found in the text == Unused Reference: 'RFC8277' is defined on line 2321, but no explicit reference was found in the text == Unused Reference: 'RFC8426' is defined on line 2334, but no explicit reference was found in the text == Unused Reference: 'RFC8660' is defined on line 2345, but no explicit reference was found in the text == Unused Reference: 'RFC8663' is defined on line 2351, but no explicit reference was found in the text == Unused Reference: 'RFC8754' is defined on line 2356, but no explicit reference was found in the text == Outdated reference: A later version (-19) exists of draft-ietf-opsawg-l2nm-00 == Outdated reference: A later version (-18) exists of draft-ietf-opsawg-l3sm-l3nm-05 Summary: 0 errors (**), 0 flaws (~~), 32 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 opsawg S. Barguil 3 Internet-Draft O. Gonzalez de Dios, Ed. 4 Intended status: Standards Track Telefonica 5 Expires: May 2, 2021 M. Boucadair, Ed. 6 Orange 7 Q. Wu 8 Huawei 9 October 29, 2020 11 A Layer 2/3 VPN Common YANG Model 12 draft-ietf-opsawg-vpn-common-02 14 Abstract 16 This document defines a common YANG module that is meant to be reused 17 by various VPN-related modules such as Layer 3 VPN and Layer 2 VPN 18 Network Models. 20 Editorial Note (To be removed by RFC Editor) 22 Please update these statements within the document with the RFC 23 number to be assigned to this document: 25 o "This version of this YANG module is part of RFC XXXX;" 27 o "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 29 o reference: RFC XXXX 31 Also, please update the "revision" date of the YANG module. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on May 2, 2021. 50 Copyright Notice 52 Copyright (c) 2020 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 69 3. Description of the VPN Common YANG Module . . . . . . . . . . 5 70 4. Layer 2/3 VPN Common Module . . . . . . . . . . . . . . . . . 11 71 5. Security Considerations . . . . . . . . . . . . . . . . . . . 45 72 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 45 73 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 46 74 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 46 75 8.1. Normative References . . . . . . . . . . . . . . . . . . 46 76 8.2. Informative References . . . . . . . . . . . . . . . . . 47 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 50 79 1. Introduction 81 Various VPN-related YANG data modules were specified by the IETF 82 (e.g., Layer 3 VPN Service Model (L3SM) [RFC8299] or Layer 2 VPN 83 Service Model (L2SM) [RFC8466]). Others are also being specified 84 (e.g., Layer 3 VPN Network Model (L3NM) [I-D.ietf-opsawg-l3sm-l3nm] 85 or Layer 2 VPN Network Model (L2NM) [I-D.ietf-opsawg-l2nm]). These 86 modules have data nodes and structures that are present in almost all 87 these models or a subset of them. An example of such data nodes is 88 depicted in Figure 1. 90 module: ietf-l2vpn-ntw 91 +--rw vpn-services 92 +--rw vpn-service* [vpn-id] 93 +--rw vpn-id svc-id 94 +--rw vpn-svc-type? identityref 95 +--rw customer-name? string 96 +--rw svc-topo? identityref 97 +-rw service-status 98 | +-rw admin 99 | | +-rw status? operational-type 100 | | +-rw timestamp? yang:date-and-time 101 | +-ro ops 102 | +-ro status? operational-type 103 | +-ro timestamp? yang:date-and-time 104 | ... 106 module: ietf-l3vpn-ntw 107 +--rw vpn-services 108 +--rw vpn-service* [vpn-id] 109 +-rw service-status 110 | +-rw admin 111 | | +-rw status? operational-type 112 | | +-rw timestamp? yang:date-and-time 113 | +-ro ops 114 | +-ro status? operational-type 115 | +-ro timestamp? yang:date-and-time 116 +--rw vpn-id l3vpn-svc:svc-id 117 +--rw l3sm-vpn-id? l3vpn-svc:svc-id 118 +--rw customer-name? string 119 +--rw vpn-service-topology? identityref 120 +--rw description? string 121 | ... 123 Figure 1: Example of Common Data Nodes in Both L2NM/L3NM 125 In order to avoid data nodes duplication and to ease passing data 126 among layers (service layer to network layer and vice versa), early 127 versions of the L3NM reused many of the data nodes that are defined 128 in the L3SM [RFC8299]. Nevertheless, that approach was abandoned 129 because that design was interpreted as if the deployment of L3NM 130 depends on L3SM, while this is not required. For example, a Service 131 Provider may decide to use the L3NM to build its L3VPN services 132 without exposing the L3SM. 134 Likewise, early versions of the L2NM reused many of the data nodes 135 that are defined in both L2SM and L3NM. An example of L3NM groupings 136 reused in L3NM is shown in Figure 2. This data nodes reuse was 137 interpreted as if the deployment of L2NM requires both L3NM; which is 138 not required. 140 module ietf-l2vpn-ntw { 141 ... 142 import ietf-l3vpn-ntw { 143 prefix l3vpn-ntw; 144 reference 145 "RFC NNNN: A Layer 3 VPN Network YANG Model"; 146 } 147 ... 148 container l2vpn-ntw { 149 ... 150 container vpn-services { 151 list vpn-service { 152 ... 153 uses l3vpn-ntw:service-status; 154 uses l3vpn-ntw:svc-transport-encapsulation; 155 ... 156 } 157 } 158 ... 159 } 160 } 162 Figure 2: Excerpt from the L2NM YANG Module 164 To avoid the issues discussed above, this document defines a common 165 YANG module that is meant to be reused by various VPN-related modules 166 such as Layer 3 VPN Network Model (L3NM) [I-D.ietf-opsawg-l3sm-l3nm] 167 and Layer 2 VPN Network Model (L2NM) [I-D.ietf-opsawg-l2nm]: "ietf- 168 vpn-common" (Section 4). 170 The "ietf-vpn-common" module includes a set of identities, types, and 171 groupings that are meant to be reused by other VPN-related YANG 172 modules independently of their layer (e.g., Layer 2, Layer 3) and the 173 type of the module (e.g., network model, service model) including 174 future revisions (if any) of existing models (e.g., Layer 3 VPN 175 Service Model (L3SM) [RFC8299] or Layer 2 VPN Service Model (L2SM) 176 [RFC8466]). 178 2. Terminology 180 The terminology for describing YANG modules is defined in [RFC7950]. 182 The meaning of the symbols in tree diagrams is defined in [RFC8340]. 184 3. Description of the VPN Common YANG Module 186 The "ietf-vpn-common" module defines a set of common identities. It 187 also contains the following reusable groupings: 189 o 'ports': 191 A YANG grouping that defines ranges of source and destination 192 port numbers and operators. 194 o 'qos-classification-policy': 196 A YANG grouping that defines a set of QoS classification 197 policies based on various match Layer 3/4 criteria. 199 o 'vpn-description': 201 A YANG grouping that provides common administrative VPN 202 information such as a name, a textual description, and a 203 customer name. 205 o 'vpn-profile-cfg': 207 A YANG grouping that defines a set of profiles (encryption, 208 routing, forwarding) valid for any Layer 2/3 VPN. 210 o 'status-timestamp': 212 A YANG grouping that defines the operational status updates of 213 a VPN service component. 215 o 'service-status': 217 A YANG grouping that defines the administrative and operational 218 status of a component. The grouping can be applied to the 219 whole service or an endpoint. 221 o 'svc-transport-encapsulation': 223 A YANG grouping that defines the type of the underlay transport 224 for a VPN service. 226 o 'rt-rd': 228 A YANG grouping that defines the set of route targets, defined 229 as Route targets (RTs) and Route Distinguishers (RDs), to match 230 for import and export routes to/from a Virtual Routing and 231 Forwarding (VRF). 233 o 'group': 235 A YANG grouping that is used to group VPN nodes, VPN network 236 accesses, or sites. 238 o 'placement-constraints': 240 A YANG grouping that is used to define the placement 241 constraints of a VPN node, VPN network access, or site. 243 The tree diagram of the "ietf-vpn-common" module that depicts the 244 common groupings is provided in Figure 3. 246 module: ietf-vpn-common 248 grouping ports 249 +-- (source-port)? 250 | +--:(source-port-range-or-operator) 251 | +-- source-port-range-or-operator 252 | +-- (port-range-or-operator)? 253 | +--:(range) 254 | | +-- lower-port inet:port-number 255 | | +-- upper-port inet:port-number 256 | +--:(operator) 257 | +-- operator? operator 258 | +-- port inet:port-number 259 +-- (destination-port)? 260 +--:(destination-port-range-or-operator) 261 +-- destination-port-range-or-operator 262 +-- (port-range-or-operator)? 263 +--:(range) 264 | +-- lower-port inet:port-number 265 | +-- upper-port inet:port-number 266 +--:(operator) 267 +-- operator? operator 268 +-- port inet:port-number 269 grouping qos-classification-policy 270 +-- rule* [id] 271 +-- id? string 272 +-- (match-type)? 273 | +--:(match-flow) 274 | | +-- (l3)? 275 | | | +--:(ipv4) 276 | | | | +-- ipv4 277 | | | | +-- dscp? inet:dscp 278 | | | | +-- ecn? uint8 279 | | | | +-- length? uint16 280 | | | | +-- ttl? uint8 281 | | | | +-- protocol? uint8 282 | | | | +-- ihl? uint8 283 | | | | +-- flags? bits 284 | | | | +-- offset? uint16 285 | | | | +-- identification? uint16 286 | | | | +-- (destination-network)? 287 | | | | | +--:(destination-ipv4-network) 288 | | | | | +-- destination-ipv4-network? 289 | | | | | inet:ipv4-prefix 290 | | | | +-- (source-network)? 291 | | | | +--:(source-ipv4-network) 292 | | | | +-- source-ipv4-network? 293 | | | | inet:ipv4-prefix 294 | | | +--:(ipv6) 295 | | | +-- ipv6 296 | | | +-- dscp? inet:dscp 297 | | | +-- ecn? uint8 298 | | | +-- length? uint16 299 | | | +-- ttl? uint8 300 | | | +-- protocol? uint8 301 | | | +-- (destination-network)? 302 | | | | +--:(destination-ipv6-network) 303 | | | | +-- destination-ipv6-network? 304 | | | | inet:ipv6-prefix 305 | | | +-- (source-network)? 306 | | | | +--:(source-ipv6-network) 307 | | | | +-- source-ipv6-network? 308 | | | | inet:ipv6-prefix 309 | | | +-- flow-label? 310 | | | inet:ipv6-flow-label 311 | | +-- (l4)? 312 | | +--:(tcp) 313 | | | +-- tcp 314 | | | +-- sequence-number? 315 | | | | uint32 316 | | | +-- acknowledgement-number? 317 | | | | uint32 318 | | | +-- data-offset? 319 | | | | uint8 320 | | | +-- reserved? 321 | | | | uint8 322 | | | +-- flags? 323 | | | | bits 324 | | | +-- window-size? 325 | | | | uint16 326 | | | +-- urgent-pointer? 327 | | | | uint16 328 | | | +-- options? 329 | | | | binary 330 | | | +-- (source-port)? 331 | | | | +--:(source-port-range-or-operator) 332 | | | | +-- source-port-range-or-operator 333 | | | | +-- (port-range-or-operator)? 334 | | | | +--:(range) 335 | | | | | +-- lower-port 336 | | | | | | inet:port-number 337 | | | | | +-- upper-port 338 | | | | | inet:port-number 339 | | | | +--:(operator) 340 | | | | +-- operator? operator 341 | | | | +-- port 342 | | | | inet:port-number 343 | | | +-- (destination-port)? 344 | | | +--:(destination-port-range-or-operator) 345 | | | +-- destination-port-range-or-operator 346 | | | +-- (port-range-or-operator)? 347 | | | +--:(range) 348 | | | | +-- lower-port 349 | | | | | inet:port-number 350 | | | | +-- upper-port 351 | | | | inet:port-number 352 | | | +--:(operator) 353 | | | +-- operator? operator 354 | | | +-- port 355 | | | inet:port-number 356 | | +--:(udp) 357 | | +-- udp 358 | | +-- length? 359 | | | uint16 360 | | +-- (source-port)? 361 | | | +--:(source-port-range-or-operator) 362 | | | +-- source-port-range-or-operator 363 | | | +-- (port-range-or-operator)? 364 | | | +--:(range) 365 | | | | +-- lower-port 366 | | | | | inet:port-number 367 | | | | +-- upper-port 368 | | | | inet:port-number 369 | | | +--:(operator) 370 | | | +-- operator? operator 371 | | | +-- port 372 | | | inet:port-number 373 | | +-- (destination-port)? 374 | | +--:(destination-port-range-or-operator) 375 | | +-- destination-port-range-or-operator 376 | | +-- (port-range-or-operator)? 377 | | +--:(range) 378 | | | +-- lower-port 379 | | | | inet:port-number 380 | | | +-- upper-port 381 | | | inet:port-number 382 | | +--:(operator) 383 | | +-- operator? operator 384 | | +-- port 385 | | inet:port-number 386 | +--:(match-application) 387 | +-- match-application? identityref 388 +-- target-class-id? string 389 grouping vpn-description 390 +-- vpn-id? vpn-common:vpn-id 391 +-- vpn-name? string 392 +-- vpn-description? string 393 +-- customer-name? string 394 grouping vpn-profile-cfg 395 +-- valid-provider-identifiers 396 +-- cloud-identifier* [id] {cloud-access}? 397 | +-- id? string 398 +-- encryption-profile-identifier* [id] 399 | +-- id? string 400 +-- qos-profile-identifier* [id] 401 | +-- id? string 402 +-- bfd-profile-identifier* [id] 403 | +-- id? string 404 +-- forwarding-profile-identifier* [id] 405 | +-- id? string 406 +-- routing-profile-identifier* [id] 407 +-- id? string 408 grouping status-timestamp 409 +-- status? identityref 410 +-- last-updated? yang:date-and-time 411 grouping service-status 412 +-- status 413 +-- admin-status 414 | +-- status? identityref 415 | +-- last-updated? yang:date-and-time 416 +--ro oper-status 417 +--ro status? identityref 418 +--ro last-updated? yang:date-and-time 419 grouping svc-transport-encapsulation 420 +-- underlay-transport 421 +-- type* identityref 422 grouping rt-rd 423 +-- (rd-choice)? 424 | +--:(directly-assigned) 425 | | +-- rd? rt-types:route-distinguisher 426 | +--:(pool-assigned) 427 | | +-- rd-pool-name? string 428 | | +--ro rd-assign? rt-types:route-distinguisher 429 | +--:(full-autoasigned) 430 | | +-- auto? empty 431 | | +--ro rd-assigned? rt-types:route-distinguisher 432 | +--:(no-rd) 433 | +-- no-rd? empty 434 +-- vpn-targets 435 +-- vpn-target* [id] 436 | +-- id? int8 437 | +-- route-targets* [route-target] 438 | | +-- route-target? rt-types:route-target 439 | +-- route-target-type rt-types:route-target-type 440 +-- vpn-policies 441 +-- import-policy? string 442 +-- export-policy? string 443 grouping vpn-route-targets 444 +-- vpn-target* [id] 445 | +-- id? int8 446 | +-- route-targets* [route-target] 447 | | +-- route-target? rt-types:route-target 448 | +-- route-target-type rt-types:route-target-type 449 +-- vpn-policies 450 +-- import-policy? string 451 +-- export-policy? string 452 grouping group 453 +-- groups 454 +-- group* [group-id] 455 +-- group-id? string 456 grouping placement-constraints 457 +-- constraint* [constraint-type] 458 +-- constraint-type? identityref 459 +-- target 460 +-- (target-flavor)? 461 +--:(id) 462 | +-- group* [group-id] 463 | +-- group-id? string 464 +--:(all-accesses) 465 | +-- all-other-accesses? empty 466 +--:(all-groups) 467 +-- all-other-groups? empty 469 Figure 3: VPN Common Tree 471 4. Layer 2/3 VPN Common Module 473 This module uses types defined in [RFC6991], [RFC8294], and 474 [RFC8519]. 476 Editor's Note: Check that RFCs cited in the reference statements 477 are included in the References Section and called out in the core 478 text. 480 file "ietf-vpn-common@2020-10-26.yang" 481 module ietf-vpn-common { 482 yang-version 1.1; 483 namespace "urn:ietf:params:xml:ns:yang:ietf-vpn-common"; 484 prefix vpn-common; 486 import ietf-netconf-acm { 487 prefix nacm; 488 reference 489 "RFC 8341: Network Configuration Access Control Model"; 490 } 491 import ietf-routing-types { 492 prefix rt-types; 493 reference 494 "RFC 8294: Common YANG Data Types for the Routing Area"; 495 } 496 import ietf-yang-types { 497 prefix yang; 498 reference 499 "Section 3 of RFC 6991"; 500 } 501 import ietf-packet-fields { 502 prefix packet-fields; 503 reference 504 "RFC 8519: YANG Data Model for Network Access 505 Control Lists (ACLs)"; 506 } 508 organization 509 "IETF OPSA (Operations and Management Area) Working Group"; 510 contact 511 "WG Web: 512 WG List: 514 Editor: Samier Barguil 515 517 Editor: Oscar Gonzalez de Dios 518 520 Editor: Mohamed Boucadair 521 523 Author: Qin Wu 524 "; 525 description 526 "This YANG module defines a common module that is meant 527 to be reused by various VPN-related modules (e.g., 528 Layer 3 VPN Service Model (L3SM), Layer 2 VPN Service 529 Model (L2SM), Layer 3 VPN Network Model (L3NM), Layer 2 530 VPN Network Model (L2NM)). 532 Copyright (c) 2020 IETF Trust and the persons identified as 533 authors of the code. All rights reserved. 535 Redistribution and use in source and binary forms, with or 536 without modification, is permitted pursuant to, and subject to 537 the license terms contained in, the Simplified BSD License set 538 forth in Section 4.c of the IETF Trust's Legal Provisions 539 Relating to IETF Documents 540 (https://trustee.ietf.org/license-info). 542 This version of this YANG module is part of RFC XXXX 543 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 544 for full legal notices."; 546 revision 2020-10-26 { 547 description 548 "Initial revision."; 549 reference 550 "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 551 } 553 /* Features */ 555 feature cloud-access { 556 description 557 "Indicates support of the VPN to connect to a Cloud 558 Service Provider (CSP)."; 559 } 561 feature lag-interface { 562 description 563 "Indicates the support of link aggregation between 564 VPN site network accesses."; 565 } 567 feature placement-diversity { 568 description 569 "Indicates the support of placement diversity 570 constraints in the customer premises. An example 571 of these constraints may be to avoid connecting 572 a site network access to the same Provider 573 Edge as a target site network access."; 574 } 576 feature dot1q { 577 description 578 "Indicates the support of the 'dot1q' 579 encapsulation."; 580 reference 581 "IEEE Std 802.1Q: Bridges and Bridged Networks"; 582 } 584 feature qinq { 585 description 586 "Indicates the support of the 'qinq' 587 encapsulation."; 588 reference 589 "IEEE Std 802.1ad: Provider Bridges"; 590 } 592 feature vxlan { 593 description 594 "Indicates the support of the 'vxlan' 595 encapsulation."; 596 reference 597 "RFC 7348: Virtual eXtensible Local Area Network (VXLAN): 598 A Framework for Overlaying Virtualized Layer 2 599 Networks over Layer 3 Networks"; 600 } 602 feature qinany { 603 description 604 "Indicates the support of the 'qinany' 605 encapsulation."; 606 } 608 feature multicast { 609 description 610 "Indicates multicast capabilities support in a VPN."; 611 reference 612 "RFC 6513: Multicast in MPLS/BGP IP VPNs"; 613 } 615 feature ipv4 { 616 description 617 "Indicates IPv4 support in a VPN."; 618 } 620 feature ipv6 { 621 description 622 "Indicates IPv6 support in a VPN."; 623 } 625 feature carrierscarrier { 626 description 627 "Indicates support of Carrier-of-Carrier VPNs."; 628 reference 629 "Section 9 of RFC 4364"; 630 } 632 feature extranet-vpn { 633 description 634 "Indicates support of extranet VPNs. That is, 635 the capability of a VPN to access a list of 636 other VPNs."; 637 } 639 feature fast-reroute { 640 description 641 "Indicates support of Fast Reroute (FRR)."; 642 } 644 feature qos { 645 description 646 "Indicates support of Classes of Services (CoSes)."; 647 } 649 feature encryption { 650 description 651 "Indicates support of encryption."; 652 } 654 feature rtg-ospf { 655 description 656 "Indicates support of the OSPF routing protocol."; 657 reference 658 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 659 for BGP/MPLS IP Virtual Private Networks 660 (VPNs)"; 661 } 663 feature rtg-ospf-sham-link { 664 description 665 "This feature indicates the support of OSPF sham links."; 666 reference 667 "Section 4.2.7 of RFC 4577"; 668 } 670 feature rtg-bgp { 671 description 672 "Indicates support of BGP as the Provider/Customer 673 Edge protocol."; 674 } 676 feature rtg-rip { 677 description 678 "Indicates support of RIP as the Provider/Customer 679 Edge protocol."; 680 } 682 feature rtg-vrrp { 683 description 684 "Indicates support of the Virtual Router Redundancy 685 Protocol (VRRP) between a cutsomer LAN and the PE."; 686 } 688 feature rtg-isis { 689 description 690 "Indicates the support of IS-IS as the Provider/Customer 691 Edge protocol."; 692 } 694 feature bfd { 695 description 696 "Indicates support of Bidirectional Forwarding Detection 697 (BFD) between the CE and the PE."; 698 reference 699 "RFC 5880: Bidirectional Forwarding Detection (BFD)"; 700 } 702 feature bearer-reference { 703 description 704 "Indicates support of the bearer reference access 705 constraint. That is, the reuse of a network connection 706 that was already ordered to the SP apart from the IP VPN 707 site."; 708 } 710 feature input-bw { 711 description 712 "Indicates the support of the input bandwidth in a VPN."; 713 } 715 /* Typedef */ 717 typedef vpn-id { 718 type string; 719 description 720 "Defines an identifier that is used as 721 a service identifier, for example."; 722 } 724 typedef address-family { 725 type enumeration { 726 enum ipv4 { 727 description 728 "IPv4 address family."; 729 } 730 enum ipv6 { 731 description 732 "IPv6 address family."; 733 } 734 } 735 description 736 "Defines a type for the address family."; 737 } 739 //L2xMs 741 typedef ccm-priority-type { 742 type uint8 { 743 range "0..7"; 744 } 745 description 746 "A 3-bit priority value to be used in the VLAN tag, 747 if present in the transmitted frame."; 748 } 750 typedef control-mode { 751 type enumeration { 752 enum peer { 753 description 754 "'peer' mode, i.e., participate in the protocol towards 755 the CE. Peering is common for LACP and the Ethernet 756 Local Management Interface (E-LMI) and, occasionally, 757 for LLDP. For VPLSs and VPWSs, the subscriber can also 758 request that the SP peer enable spanning tree."; 759 } 760 enum tunnel { 761 description 762 "'tunnel' mode, i.e., pass to the egress or destination 763 site. For EPLs, the expectation is that L2CP frames are 764 tunneled."; 765 } 766 enum discard { 767 description 768 "'discard' mode, i.e., discard the frame."; 769 } 770 } 771 description 772 "Defines the type of control mode on L2CP protocols."; 773 } 775 typedef neg-mode { 776 type enumeration { 777 enum full-duplex { 778 description 779 "Defines full-duplex mode."; 780 } 781 enum auto-neg { 782 description 783 "Defines auto-negotiation mode."; 784 } 785 } 786 description 787 "Defines the type of negotiation mode."; 788 } 790 /* Identities */ 792 identity routing-protocol-type { 793 description 794 "Base identity for routing protocol type."; 795 } 797 identity ospf { 798 base routing-protocol-type; 799 description 800 "Identity for OSPF protocol type."; 801 } 803 identity bgp { 804 base routing-protocol-type; 805 description 806 "Identity for BGP protocol type."; 807 } 808 identity static { 809 base routing-protocol-type; 810 description 811 "Identity for static routing protocol type."; 812 } 814 identity rip { 815 base routing-protocol-type; 816 description 817 "Identity for RIP protocol type."; 818 } 820 identity isis { 821 base routing-protocol-type; 822 description 823 "Identity for IS-IS protocol type."; 824 } 826 identity vrrp { 827 base routing-protocol-type; 828 description 829 "Identity for VRRP protocol type. 831 This is to be used when LANs are directly connected 832 to PE routers."; 833 } 835 identity direct { 836 base routing-protocol-type; 837 description 838 "Identity for direct protocol type. 840 This is to be used when LANs are directly connected 841 to PE routers and and must be advertised in the VPN."; 842 } 844 identity bw-direction { 845 description 846 "Identity for the bandwidth direction."; 847 } 849 identity input-bw { 850 base bw-direction; 851 description 852 "Identity for the input bandwidth."; 853 } 855 identity output-bw { 856 base bw-direction; 857 description 858 "Identity for the output bandwidth."; 859 } 861 identity bw-type { 862 description 863 "Identity of the bandwidth type."; 864 } 866 identity bw-per-cos { 867 base bw-type; 868 description 869 "Bandwidth is per CoS."; 870 } 872 identity bw-per-port { 873 base bw-type; 874 description 875 "Bandwidth is per site network access."; 876 } 878 identity bw-per-site { 879 base bw-type; 880 description 881 "Bandwidth is per site. It is applicable to 882 all the site network accesses within a site."; 883 } 885 identity bw-per-svc { 886 base bw-type; 887 description 888 "Bandwidth is per VPN service."; 889 } 891 identity qos-profile-direction { 892 description 893 "Base identity for the QoS profile direction."; 894 } 896 identity site-to-wan { 897 base qos-profile-direction; 898 description 899 "Identity for Site-to-WAN direction."; 900 } 902 identity wan-to-site { 903 base qos-profile-direction; 904 description 905 "Identity for WAN-to-Site direction."; 906 } 908 identity both { 909 base qos-profile-direction; 910 description 911 "Identity for both WAN-to-Site and Site-to-WAN 912 directions."; 913 } 915 identity customer-application { 916 description 917 "Base identity for customer applications."; 918 } 920 identity web { 921 base customer-application; 922 description 923 "Identity for a aWeb application (e.g., HTTP, HTTPS)."; 924 } 926 identity mail { 927 base customer-application; 928 description 929 "Identity for a mail application."; 930 } 932 identity file-transfer { 933 base customer-application; 934 description 935 "Identity for a file transfer application 936 (e.g., FTP, SFTP)."; 937 } 939 identity database { 940 base customer-application; 941 description 942 "Identity for a database application."; 943 } 945 identity social { 946 base customer-application; 947 description 948 "Identity for a social-network application."; 949 } 951 identity games { 952 base customer-application; 953 description 954 "Identity for a gaming application."; 955 } 957 identity p2p { 958 base customer-application; 959 description 960 "Identity for a peer-to-peer application."; 961 } 963 identity network-management { 964 base customer-application; 965 description 966 "Identity for a management application 967 (e.g., Telnet, syslog, SNMP)."; 968 } 970 identity voice { 971 base customer-application; 972 description 973 "Identity for a voice application."; 974 } 976 identity video { 977 base customer-application; 978 description 979 "Identity for a video conference application."; 980 } 982 identity embb { 983 base customer-application; 984 description 985 "Identity for an enhanced Mobile Broadband (eMBB) 986 application. Note that an eMBB application demands 987 network performance with a wide variety of 988 characteristics, such as data rate, latency, 989 loss rate, reliability, and many other parameters."; 990 } 992 identity urllc { 993 base customer-application; 994 description 995 "Identity for an Ultra-Reliable and Low Latency 996 Communications (URLLC) application. Note that a 997 URLLC application demands network performance 998 with a wide variety of characteristics, such as latency, 999 reliability, and many other parameters."; 1001 } 1003 identity mmtc { 1004 base customer-application; 1005 description 1006 "Identity for a massive Machine Type 1007 Communications (mMTC) application. Note that an 1008 mMTC application demands network performance 1009 with a wide variety of characteristics, such as data 1010 rate, latency, loss rate, reliability, and many 1011 other parameters."; 1012 } 1014 identity ie-type { 1015 description 1016 "Defines Import-Export routing profiles. 1017 Those profiles can be reused between VPN nodes."; 1018 } 1020 identity import { 1021 base ie-type; 1022 description 1023 "Import a routing profile."; 1024 } 1026 identity export { 1027 base ie-type; 1028 description 1029 "Export a routing profile."; 1030 } 1032 identity import-export { 1033 base ie-type; 1034 description 1035 "Import/Export a routing profile."; 1036 } 1038 identity site-network-access-type { 1039 description 1040 "Base identity for site-network-access type."; 1041 } 1043 identity point-to-point { 1044 base site-network-access-type; 1045 description 1046 "Identity for point-to-point connections."; 1047 } 1048 identity multipoint { 1049 base site-network-access-type; 1050 description 1051 "Identity for multipoint connections. 1052 Example: Ethernet broadcast segment."; 1053 } 1055 identity irb { 1056 base site-network-access-type; 1057 description 1058 "Integrated Routing Bridge (IRB). 1059 Identity for pseudowire connections."; 1060 } 1062 identity loopback { 1063 base site-network-access-type; 1064 description 1065 "Identity for loopback connections."; 1066 } 1068 identity operational-status { 1069 description 1070 "Base identity for the operational status."; 1071 } 1073 identity operational-state-up { 1074 base operational-status; 1075 description 1076 "Operational status is UP/Enabled."; 1077 } 1079 identity operational-state-down { 1080 base operational-status; 1081 description 1082 "Operational status is DOWN/Disabled."; 1083 } 1085 identity operational-state-unknown { 1086 base operational-status; 1087 description 1088 "Operational status is UNKNOWN."; 1089 } 1091 identity administrative-status { 1092 description 1093 "Base identity for administrative status."; 1094 } 1095 identity administrative-state-up { 1096 base administrative-status; 1097 description 1098 "Administrative status is UP/Enabled."; 1099 } 1101 identity administrative-state-down { 1102 base administrative-status; 1103 description 1104 "Administrative status is DOWN/Disabled."; 1105 } 1107 identity administrative-state-testing { 1108 base administrative-status; 1109 description 1110 "Administrative status is up for testing purposes."; 1111 } 1113 identity administrative-state-pre-deployment { 1114 base administrative-status; 1115 description 1116 "Administrative status is pre-deployment phase. 1117 That is prior to the actual deployment of a service."; 1118 } 1120 identity encapsulation-type { 1121 description 1122 "Base identity for the encapsulation type."; 1123 } 1125 identity priority-tagged { 1126 base encapsulation-type; 1127 description 1128 "Identity for the priority-tagged interface."; 1129 } 1131 identity dot1q { 1132 base encapsulation-type; 1133 description 1134 "Identity for the support of the 'dot1q' 1135 encapsulation."; 1136 } 1138 identity qinq { 1139 base encapsulation-type; 1140 description 1141 "Identity for the support of the 'qinq' 1142 encapsulation."; 1144 } 1146 identity qinany { 1147 base encapsulation-type; 1148 description 1149 "Identity for the support of the 'qinany' 1150 encapsulation."; 1151 } 1153 identity vxlan { 1154 base encapsulation-type; 1155 description 1156 "Identity for the support of the 'vxlan' 1157 encapsulation."; 1158 } 1160 identity ethernet-type { 1161 base encapsulation-type; 1162 description 1163 "Identity of the Ethernet encapsulation type."; 1164 } 1166 identity vlan-type { 1167 base encapsulation-type; 1168 description 1169 "Identity of the VLAN encapsulation."; 1170 } 1172 identity untagged-int { 1173 base encapsulation-type; 1174 description 1175 "Identity of the untagged interface type."; 1176 } 1178 identity tagged-int { 1179 base encapsulation-type; 1180 description 1181 "Identity of the tagged interface type."; 1182 } 1184 identity lag-int { 1185 base encapsulation-type; 1186 description 1187 "Identity of the Link Aggregation Group (LAG) 1188 interface type."; 1189 reference 1190 "IEEE Std. 802.1AX: Link Aggregation"; 1191 } 1192 identity tag-type { 1193 description 1194 "Base identity of the tag types."; 1195 } 1197 identity c-vlan { 1198 base tag-type; 1199 description 1200 "A CVLAN tag, normally using the 0x8100 Ethertype."; 1201 } 1203 identity s-vlan { 1204 base tag-type; 1205 description 1206 "An SVLAN tag."; 1207 } 1209 identity c-s-vlan { 1210 base tag-type; 1211 description 1212 "Uses both a CVLAN tag and an SVLAN tag."; 1213 } 1215 identity protocol-type { 1216 description 1217 "Base identity for Protocol Type."; 1218 } 1220 identity gre { 1221 base protocol-type; 1222 description 1223 "GRE encapsulation."; 1224 reference 1225 "RFC 1701: Generic Routing Encapsulation (GRE) 1226 RFC 1702: Generic Routing Encapsulation over IPv4 networks 1227 RFC 7676: IPv6 Support for Generic Routing Encapsulation 1228 (GRE)"; 1229 } 1231 identity ldp { 1232 base protocol-type; 1233 description 1234 "Transport based on LDP."; 1235 reference 1236 "RFC 3086: LDP Specification"; 1237 } 1239 identity sr { 1240 base protocol-type; 1241 description 1242 "Transport based on SR."; 1243 reference 1244 "RFC 8660: Segment Routing with the MPLS Data Plane 1245 RFC 8663: MPLS Segment Routing over IP 1246 RFC 8754: IPv6 Segment Routing Header (SRH)"; 1247 } 1249 identity sr-te { 1250 base protocol-type; 1251 description 1252 "Transport based on SR-TE."; 1253 reference 1254 "RFC 8426: Recommendations for RSVP-TE and Segment Routing (SR) 1255 Label Switched Path (LSP) Coexistence"; 1256 } 1258 identity rsvp-te { 1259 base protocol-type; 1260 description 1261 "Transport based on RSVP-TE."; 1262 reference 1263 "RFC 2205: Resource ReSerVation Protocol (RSVP) -- 1264 Version 1 Functional Specification"; 1265 } 1267 identity bgp-lu { 1268 base protocol-type; 1269 description 1270 "Transport based on BGP-LU."; 1271 reference 1272 "RFC 8277: Using BGP to Bind MPLS Labels to Address 1273 Prefixes"; 1274 } 1276 identity unknown { 1277 base protocol-type; 1278 description 1279 "Not known protocol type."; 1280 } 1282 identity vpn-topology { 1283 description 1284 "Base identity of the VPN topology."; 1285 } 1287 identity any-to-any { 1288 base vpn-topology; 1289 description 1290 "Identity for any-to-any VPN topology."; 1291 } 1293 identity hub-spoke { 1294 base vpn-topology; 1295 description 1296 "Identity for Hub-and-Spoke VPN topology."; 1297 } 1299 identity hub-spoke-disjoint { 1300 base vpn-topology; 1301 description 1302 "Identity for Hub-and-Spoke VPN topology 1303 where Hubs cannot communicate with each other."; 1304 } 1306 identity custom { 1307 base vpn-topology; 1308 description 1309 "Identity for custom VPN topologies where the 1310 role of the nodes is not strictly hub or spoke. 1311 VPN topology controlled by the import/export 1312 policies. The custom topology reflects more complex 1313 VPN nodes such as VPN node that acts as Hub for 1314 certain nodes and Spoke to others."; 1315 } 1317 identity role { 1318 description 1319 "Base identity of a site or a node role."; 1320 } 1322 identity any-to-any-role { 1323 base role; 1324 description 1325 "Identity of any-to-any IP VPN."; 1326 } 1328 identity spoke-role { 1329 base role; 1330 description 1331 "A node or a site is acting as a Spoke IP VPN."; 1332 } 1334 identity hub-role { 1335 base role; 1336 description 1337 "A node or a site isacting as a Hub IP VPN."; 1338 } 1340 identity custom-role { 1341 base role; 1342 description 1343 "VPN-Node with custom or complex role in the VPN. 1344 For certain sources/destinations, it can behave 1345 as a hub but for others it can act as a spoke 1346 depending on the configured policy."; 1347 } 1349 identity vpn-signaling-type { 1350 description 1351 "Identity of VPN signaling types"; 1352 } 1354 identity l2vpn-bgp { 1355 base vpn-signaling-type; 1356 description 1357 "Identity of Layer 2 VPNs using BGP"; 1358 reference 1359 "RFC 6624: Layer 2 Virtual Private Networks Using BGP for 1360 Auto-Discovery and Signaling"; 1361 } 1363 identity evpn-bgp { 1364 base vpn-signaling-type; 1365 description 1366 "Identity of BGP Ethernet VPNs."; 1367 reference 1368 "RFC 7432: BGP MPLS-Based Ethernet VPN"; 1369 } 1371 identity t-ldp { 1372 base vpn-signaling-type; 1373 description 1374 "Identity of Targeted Label Distribution Protocol."; 1375 reference 1376 "RFC 5036: LDP Specification"; 1377 } 1379 identity h-vpls { 1380 base vpn-signaling-type; 1381 description 1382 "Identity of hierarchical VPLS."; 1383 reference 1384 "RFC 4762: Virtual Private LAN Service (VPLS) Using 1385 Label Distribution Protocol (LDP) 1386 Signaling"; 1387 } 1389 identity l2tp { 1390 base vpn-signaling-type; 1391 description 1392 "Identity of l2tp."; 1393 } 1395 identity service-type { 1396 description 1397 "Identity of service type."; 1398 } 1400 identity l3vpn { 1401 base service-type; 1402 description 1403 "Identity of L3VPN service."; 1404 } 1406 identity vpws { 1407 base service-type; 1408 description 1409 "Identity of the Point-to-point Virtual Private 1410 Wire Service (VPWS) service type."; 1411 } 1413 identity pwe3 { 1414 base service-type; 1415 description 1416 "Identity of the Pseudowire Emulation Edge to Edge 1417 (PWE3) service type."; 1418 } 1420 identity ldp-l2tp-vpls { 1421 base service-type; 1422 description 1423 "Identity of the LDP-based or L2TP-based multipoint 1424 Virtual Private LAN Service (VPLS) service type. 1425 This VPLS uses LDP-signaled Pseudowires 1426 or L2TP-signaled Pseudowires."; 1427 } 1429 identity bgp-vpls { 1430 base service-type; 1431 description 1432 "Identity of the BGP-based multipoint VPLS service type. 1433 This VPLS uses a BGP control plane."; 1434 reference 1435 "RFC 4761: Virtual Private LAN Service (VPLS) Using 1436 BGP for Auto-Discovery and Signaling 1437 RFC 6624: Layer 2 Virtual Private Networks Using BGP for 1438 Auto-Discovery and Signaling"; 1439 } 1441 identity vpws-evpn { 1442 base service-type; 1443 description 1444 "Identity of the VPWS service type using EVPNs."; 1445 reference 1446 "RFC 8214: Virtual Private Wire Service Support 1447 in Ethernet VPN"; 1448 } 1450 identity pbb-evpn { 1451 base service-type; 1452 description 1453 "Identity of Provider Backbone Bridging (PBB) EVPNs."; 1454 reference 1455 "RFC 7623: Provider Backbone Bridging Combined 1456 with Ethernet VPN (PBB-EVPN)"; 1457 } 1459 identity vxlan-peer-mode { 1460 description 1461 "Base identity for the VXLAN peer mode."; 1462 } 1464 identity static-mode { 1465 base vxlan-peer-mode; 1466 description 1467 "Identity for VXLAN access in the static mode."; 1468 } 1470 identity bgp-mode { 1471 base vxlan-peer-mode; 1472 description 1473 "Identity for VXLAN access by BGP EVPN learning."; 1474 } 1476 identity multicast-gp-address-mapping { 1477 description 1478 "Identity for multicast group mapping type."; 1479 } 1480 identity static-mapping { 1481 base multicast-gp-address-mapping; 1482 description 1483 "Identity for static mapping, i.e., attach the interface 1484 to the multicast group as a static member."; 1485 } 1487 identity dynamic-mapping { 1488 base multicast-gp-address-mapping; 1489 description 1490 "Identity for dynamic mapping, i.e., an interface was added 1491 to the multicast group as a result of snooping."; 1492 } 1494 identity multicast-tree-type { 1495 description 1496 "Base identity for multicast tree type."; 1497 } 1499 identity ssm-tree-type { 1500 base multicast-tree-type; 1501 description 1502 "Identity for SSM tree type."; 1503 } 1505 identity asm-tree-type { 1506 base multicast-tree-type; 1507 description 1508 "Identity for ASM tree type."; 1509 } 1511 identity bidir-tree-type { 1512 base multicast-tree-type; 1513 description 1514 "Identity for bidirectional tree type."; 1515 } 1517 identity multicast-rp-discovery-type { 1518 description 1519 "Base identity for RP discovery type."; 1520 } 1522 identity auto-rp { 1523 base multicast-rp-discovery-type; 1524 description 1525 "Base identity for Auto-RP discovery type."; 1526 } 1527 identity static-rp { 1528 base multicast-rp-discovery-type; 1529 description 1530 "Base identity for static type."; 1531 } 1533 identity bsr-rp { 1534 base multicast-rp-discovery-type; 1535 description 1536 "Base identity for BSR discovery type."; 1537 } 1539 identity tf-type { 1540 description 1541 "Identity for the traffic type."; 1542 } 1544 identity multicast-traffic { 1545 base tf-type; 1546 description 1547 "Identity for multicast traffic."; 1548 } 1550 identity broadcast-traffic { 1551 base tf-type; 1552 description 1553 "Identity for broadcast traffic."; 1554 } 1556 identity unknown-unicast-traffic { 1557 base tf-type; 1558 description 1559 "Identity for unknown unicast traffic."; 1560 } 1562 identity bundling-type { 1563 description 1564 "The base identity for the bundling type. It supports 1565 multiple CE-VLANs associated with an L2VPN service or 1566 all CE-VLANs associated with an L2VPN service."; 1567 } 1569 identity multi-svc-bundling { 1570 base bundling-type; 1571 description 1572 "Identity for multi-service bundling, i.e., 1573 multiple CE-VLAN IDs can be associated with an 1574 L2VPN service at a site."; 1576 } 1578 identity one2one-bundling { 1579 base bundling-type; 1580 description 1581 "Identity for one-to-one service bundling, i.e., 1582 each L2VPN can be associated with only one CE-VLAN ID 1583 at a site."; 1584 } 1586 identity all2one-bundling { 1587 base bundling-type; 1588 description 1589 "Identity for all-to-one bundling, i.e., all CE-VLAN IDs 1590 are mapped to one L2VPN service."; 1591 } 1593 identity placement-diversity { 1594 description 1595 "Base identity for access placement constraints."; 1596 } 1598 identity bearer-diverse { 1599 base placement-diversity; 1600 description 1601 "Identity for bearer diversity. 1603 The bearers should not use common elements."; 1604 } 1606 identity pe-diverse { 1607 base placement-diversity; 1608 description 1609 "Identity for PE diversity."; 1610 } 1612 identity pop-diverse { 1613 base placement-diversity; 1614 description 1615 "Identity for POP diversity."; 1616 } 1618 identity linecard-diverse { 1619 base placement-diversity; 1620 description 1621 "Identity for linecard diversity."; 1622 } 1623 identity same-pe { 1624 base placement-diversity; 1625 description 1626 "Identity for having sites connected on the same PE."; 1627 } 1629 identity same-bearer { 1630 base placement-diversity; 1631 description 1632 "Identity for having sites connected using the same bearer."; 1633 } 1635 /* Grouping */ 1637 grouping ports { 1638 choice source-port { 1639 container source-port-range-or-operator { 1640 uses packet-fields:port-range-or-operator; 1641 description 1642 "Source port definition."; 1643 } 1644 description 1645 "Choice of specifying the source port or referring to 1646 a group of source port numbers."; 1647 } 1648 choice destination-port { 1649 container destination-port-range-or-operator { 1650 uses packet-fields:port-range-or-operator; 1651 description 1652 "Destination port definition."; 1653 } 1654 description 1655 "Choice of specifying a destination port or referring 1656 to a group of destination port numbers."; 1657 } 1658 description 1659 "Choice of specifying a source or destination port numbers."; 1660 } 1662 grouping qos-classification-policy { 1663 list rule { 1664 key "id"; 1665 ordered-by user; 1666 leaf id { 1667 type string; 1668 description 1669 "A description identifying the 1670 qos-classification-policy rule."; 1672 } 1673 choice match-type { 1674 default "match-flow"; 1675 case match-flow { 1676 choice l3 { 1677 container ipv4 { 1678 uses packet-fields:acl-ip-header-fields; 1679 uses packet-fields:acl-ipv4-header-fields; 1680 description 1681 "Rule set that matches IPv4 header."; 1682 } 1683 container ipv6 { 1684 uses packet-fields:acl-ip-header-fields; 1685 uses packet-fields:acl-ipv6-header-fields; 1686 description 1687 "Rule set that matches IPv6 header."; 1688 } 1689 description 1690 "Either IPv4 or IPv6."; 1691 } 1692 choice l4 { 1693 container tcp { 1694 uses packet-fields:acl-tcp-header-fields; 1695 uses ports; 1696 description 1697 "Rule set that matches TCP header."; 1698 } 1699 container udp { 1700 uses packet-fields:acl-udp-header-fields; 1701 uses ports; 1702 description 1703 "Rule set that matches UDP header."; 1704 } 1705 description 1706 "Can be TCP or UDP"; 1707 } 1708 } 1709 case match-application { 1710 leaf match-application { 1711 type identityref { 1712 base customer-application; 1713 } 1714 description 1715 "Defines the application to match."; 1716 } 1717 } 1718 description 1719 "Choice for classification."; 1721 } 1722 leaf target-class-id { 1723 type string; 1724 description 1725 "Identification of the class of service. 1726 This identifier is internal to the 1727 administration."; 1728 } 1729 description 1730 "List of marking rules."; 1731 } 1732 description 1733 "Configuration of the traffic classification 1734 policy."; 1735 } 1737 grouping vpn-description { 1738 leaf vpn-id { 1739 type vpn-id; 1740 description 1741 "VPN identifier. 1742 This identifier has a local meaning."; 1743 } 1744 leaf vpn-name { 1745 type string; 1746 description 1747 "A name used to refer to the VPN."; 1748 } 1749 leaf vpn-description { 1750 type string; 1751 description 1752 "Textual description of a VPN service."; 1753 } 1754 leaf customer-name { 1755 type string; 1756 description 1757 "Name of the customer that actually uses the VPN service."; 1758 } 1759 description 1760 "Provides common VPN information."; 1761 } 1763 grouping vpn-profile-cfg { 1764 container valid-provider-identifiers { 1765 list cloud-identifier { 1766 if-feature "cloud-access"; 1767 key "id"; 1768 leaf id { 1769 type string; 1770 description 1771 "Identification of cloud service. 1772 Local administration meaning."; 1773 } 1774 description 1775 "List for Cloud Identifiers."; 1776 } 1777 list encryption-profile-identifier { 1778 key "id"; 1779 leaf id { 1780 type string; 1781 description 1782 "Identification of the SP encryption profile 1783 to be used. Local administration meaning."; 1784 } 1785 description 1786 "List for encryption profile identifiers."; 1787 } 1788 list qos-profile-identifier { 1789 key "id"; 1790 leaf id { 1791 type string; 1792 description 1793 "Identification of the QoS Profile to be used. 1794 Local administration meaning."; 1795 } 1796 description 1797 "List for QoS Profile Identifiers."; 1798 } 1799 list bfd-profile-identifier { 1800 key "id"; 1801 leaf id { 1802 type string; 1803 description 1804 "Identification of the SP BFD Profile to be used. 1805 Local administration meaning."; 1806 } 1807 description 1808 "List for BFD Profile identifiers."; 1809 } 1810 list forwarding-profile-identifier { 1811 key "id"; 1812 leaf id { 1813 type string; 1814 description 1815 "Identification of the Forwrding Profile Filter to be used. 1816 Local administration meaning."; 1818 } 1819 description 1820 "List for Forwrding Profile identifiers."; 1821 } 1822 list routing-profile-identifier { 1823 key "id"; 1824 leaf id { 1825 type string; 1826 description 1827 "Identification of the routing Profile to be used 1828 by the routing-protocols within sites, vpn- 1829 network-accesses or vpn-nodes for refering 1830 vrf-import/export policies. 1832 This identifier has a local meaning."; 1833 } 1834 description 1835 "List for Routing Profile Identifiers."; 1836 } 1837 nacm:default-deny-write; 1838 description 1839 "Container for Valid Provider Identifies."; 1840 } 1841 description 1842 "Grouping for VPN Profile configuration."; 1843 } 1845 grouping status-timestamp { 1846 leaf status { 1847 type identityref { 1848 base operational-status; 1849 } 1850 description 1851 "Operations status"; 1852 } 1853 leaf last-updated { 1854 type yang:date-and-time; 1855 description 1856 "Indicates the actual date and time of the service 1857 status change."; 1858 } 1859 description 1860 "This grouping defines some operational 1861 parameters for the service."; 1862 } 1864 grouping service-status { 1865 container status { 1866 container admin-status { 1867 leaf status { 1868 type identityref { 1869 base administrative-status; 1870 } 1871 description 1872 "Administrative service status."; 1873 } 1874 leaf last-updated { 1875 type yang:date-and-time; 1876 description 1877 "Indicates the actual date and time of the service 1878 status change."; 1879 } 1880 description 1881 "Administrative service status."; 1882 } 1883 container oper-status { 1884 config false; 1885 uses status-timestamp; 1886 description 1887 "Operational service status."; 1888 } 1889 description 1890 "Service status."; 1891 } 1892 description 1893 "Service status grouping."; 1894 } 1896 grouping svc-transport-encapsulation { 1897 container underlay-transport { 1898 leaf-list type { 1899 type identityref { 1900 base protocol-type; 1901 } 1902 ordered-by user; 1903 description 1904 "Protocols used to deliver a VPN service."; 1905 } 1906 description 1907 "Container for the Transport underlay."; 1908 } 1909 description 1910 "This grouping defines the type of underlay transport 1911 for VPN service."; 1912 } 1913 grouping rt-rd { 1914 choice rd-choice { 1915 case directly-assigned { 1916 leaf rd { 1917 type rt-types:route-distinguisher; 1918 description 1919 "Explicitly assign a route distinguisher (RD) value."; 1920 } 1921 description 1922 "Explicitly assign a RD value"; 1923 } 1924 case pool-assigned { 1925 leaf rd-pool-name { 1926 type string; 1927 description 1928 "The server will auto-assign a route 1929 distinguisher value and use that value operationally. 1930 The assignment will be selected from the pool 1931 identified by the rd-pool-name."; 1932 } 1933 leaf rd-assign { 1934 type rt-types:route-distinguisher; 1935 config false; 1936 description 1937 "Route distinguisher is assigned."; 1938 } 1939 } 1940 case full-autoasigned { 1941 leaf auto { 1942 type empty; 1943 description 1944 "Indicates an RD is fully auto assigned."; 1945 } 1946 leaf rd-assigned { 1947 type rt-types:route-distinguisher; 1948 config false; 1949 description 1950 "Route distinguisher is assigned."; 1951 } 1952 } 1953 case no-rd { 1954 leaf no-rd { 1955 type empty; 1956 description 1957 "No RD is assigned."; 1958 } 1959 description 1960 "Use the empty type to indicate RD has no value and 1961 is not to be auto-assigned."; 1962 } 1963 description 1964 "Route distinguisher choice between several options 1965 on providing the route distiniguisher value."; 1966 } 1967 container vpn-targets { 1968 description 1969 "Set of route-targets to match for import and export routes 1970 to/from VRF"; 1971 uses vpn-route-targets; 1972 } 1973 description 1974 "Grouping for RT and RD."; 1975 } 1977 grouping vpn-route-targets { 1978 description 1979 "A grouping that specifies Route Target import-export rules 1980 used in a BGP-enabled VPN."; 1981 list vpn-target { 1982 key "id"; 1983 leaf id { 1984 type int8; 1985 description 1986 "Identifies each VPN Target"; 1987 } 1988 list route-targets { 1989 key "route-target"; 1990 leaf route-target { 1991 type rt-types:route-target; 1992 description 1993 "Route Target value"; 1994 } 1995 description 1996 "List of Route Targets."; 1997 } 1998 leaf route-target-type { 1999 type rt-types:route-target-type; 2000 mandatory true; 2001 description 2002 "Import/export type of the Route Target."; 2003 } 2004 description 2005 "L3VPN route targets. AND/OR Operations are available 2006 based on the RTs assigment."; 2007 } 2008 reference 2009 "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs) 2010 RFC 4664: Framework for Layer 2 Virtual Private Networks 2011 (L2VPNs)"; 2012 container vpn-policies { 2013 description 2014 "VPN policies"; 2015 leaf import-policy { 2016 type string; 2017 description 2018 "Defines the import policy."; 2019 } 2020 leaf export-policy { 2021 type string; 2022 description 2023 "Defines the export policy."; 2024 } 2025 } 2026 } 2028 grouping group { 2029 container groups { 2030 list group { 2031 key "group-id"; 2032 leaf group-id { 2033 type string; 2034 description 2035 "Is the group-id to which a VPN node, 2036 a site, or a network access belongs to."; 2037 } 2038 description 2039 "List of group-ids."; 2040 } 2041 description 2042 "Lists the groups to which a VPN node, 2043 a site, or a network access belongs to."; 2044 } 2045 description 2046 "Grouping definition to assign 2047 group-ids to associate VPN nodes, sites, 2048 or network accesses."; 2049 } 2051 grouping placement-constraints { 2052 list constraint { 2053 key "constraint-type"; 2054 leaf constraint-type { 2055 type identityref { 2056 base placement-diversity; 2058 } 2059 description 2060 "Diversity constraint type."; 2061 } 2062 container target { 2063 choice target-flavor { 2064 case id { 2065 list group { 2066 key "group-id"; 2067 leaf group-id { 2068 type string; 2069 description 2070 "The constraint will apply 2071 against this particular 2072 group-id."; 2073 } 2074 description 2075 "List of groups"; 2076 } 2077 } 2078 case all-accesses { 2079 leaf all-other-accesses { 2080 type empty; 2081 description 2082 "The constraint will apply 2083 against all other network 2084 accesses of a site."; 2085 } 2086 } 2087 case all-groups { 2088 leaf all-other-groups { 2089 type empty; 2090 description 2091 "The constraint will apply 2092 against all other groups the 2093 customer is managing."; 2094 } 2095 } 2096 description 2097 "Choice for the group definition"; 2098 } 2099 description 2100 "The constraint will apply against 2101 this list of groups."; 2102 } 2103 description 2104 "List of constraints."; 2105 } 2106 description 2107 "Constraints for placing a network 2108 access."; 2109 } 2110 } 2111 2113 5. Security Considerations 2115 The YANG modules specified in this document define schemas for data 2116 that is designed to be accessed via network management protocols such 2117 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 2118 is the secure transport layer, and the mandatory-to-implement secure 2119 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 2120 is HTTPS, and the mandatory-to-implement secure transport is TLS 2121 [RFC8446]. 2123 The Network Configuration Access Control Model (NACM) [RFC8341] 2124 provides the means to restrict access for particular NETCONF or 2125 RESTCONF users to a preconfigured subset of all available NETCONF or 2126 RESTCONF protocol operations and content. 2128 The "ietf-vpn-common" module defines a set of identities, types, and 2129 groupings. These nodes are intended to be reused by other YANG 2130 modules. As such, the module does not expose by itself any data 2131 nodes which are writable, contain read-only state, or RPCs. As such, 2132 there are no additional security issues to be considered relating to 2133 the "ietf-vpn-common" module. 2135 6. IANA Considerations 2137 This document requests IANA to register the following URI in the "ns" 2138 subregistry within the "IETF XML Registry" [RFC3688]: 2140 URI: urn:ietf:params:xml:ns:yang:ietf-vpn-common 2141 Registrant Contact: The IESG. 2142 XML: N/A; the requested URI is an XML namespace. 2144 This document requests IANA to register the following YANG module in 2145 the "YANG Module Names" subregistry [RFC6020] within the "YANG 2146 Parameters" registry. 2148 name: ietf-vpn-common 2149 namespace: urn:ietf:params:xml:ns:yang:ietf-vpn-common 2150 maintained by IANA: N 2151 prefix: vpn-common 2152 reference: RFC XXXX 2154 7. Contributors 2156 Italo Busi 2157 Huawei Technologies 2158 Email: Italo.Busi@huawei.com 2160 Luis Angel Munoz 2161 Vodafone 2162 Email: luis-angel.munoz@vodafone.com 2164 Victor Lopez Alvarez 2165 Telefonica 2166 Email: victor.lopezalvarez@telefonica.com 2168 8. References 2170 8.1. Normative References 2172 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2173 DOI 10.17487/RFC3688, January 2004, 2174 . 2176 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2177 the Network Configuration Protocol (NETCONF)", RFC 6020, 2178 DOI 10.17487/RFC6020, October 2010, 2179 . 2181 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2182 and A. Bierman, Ed., "Network Configuration Protocol 2183 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2184 . 2186 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2187 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2188 . 2190 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2191 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2192 . 2194 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2195 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2196 . 2198 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2199 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2200 . 2202 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 2203 "Common YANG Data Types for the Routing Area", RFC 8294, 2204 DOI 10.17487/RFC8294, December 2017, 2205 . 2207 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2208 Access Control Model", STD 91, RFC 8341, 2209 DOI 10.17487/RFC8341, March 2018, 2210 . 2212 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2213 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2214 . 2216 [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 2217 "YANG Data Model for Network Access Control Lists (ACLs)", 2218 RFC 8519, DOI 10.17487/RFC8519, March 2019, 2219 . 2221 8.2. Informative References 2223 [I-D.ietf-opsawg-l2nm] 2224 barguil, s., Dios, O., Boucadair, M., Munoz, L., Jalil, 2225 L., and J. Ma, "A Layer 2 VPN Network YANG Model", draft- 2226 ietf-opsawg-l2nm-00 (work in progress), July 2020. 2228 [I-D.ietf-opsawg-l3sm-l3nm] 2229 barguil, s., Dios, O., Boucadair, M., Munoz, L., and A. 2230 Aguado, "A Layer 3 VPN Network YANG Model", draft-ietf- 2231 opsawg-l3sm-l3nm-05 (work in progress), October 2020. 2233 [RFC1701] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic 2234 Routing Encapsulation (GRE)", RFC 1701, 2235 DOI 10.17487/RFC1701, October 1994, 2236 . 2238 [RFC1702] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic 2239 Routing Encapsulation over IPv4 networks", RFC 1702, 2240 DOI 10.17487/RFC1702, October 1994, 2241 . 2243 [RFC2205] Braden, R., Ed., Zhang, L., Berson, S., Herzog, S., and S. 2244 Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1 2245 Functional Specification", RFC 2205, DOI 10.17487/RFC2205, 2246 September 1997, . 2248 [RFC3086] Nichols, K. and B. Carpenter, "Definition of 2249 Differentiated Services Per Domain Behaviors and Rules for 2250 their Specification", RFC 3086, DOI 10.17487/RFC3086, 2251 April 2001, . 2253 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 2254 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 2255 2006, . 2257 [RFC4577] Rosen, E., Psenak, P., and P. Pillay-Esnault, "OSPF as the 2258 Provider/Customer Edge Protocol for BGP/MPLS IP Virtual 2259 Private Networks (VPNs)", RFC 4577, DOI 10.17487/RFC4577, 2260 June 2006, . 2262 [RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer 2263 2 Virtual Private Networks (L2VPNs)", RFC 4664, 2264 DOI 10.17487/RFC4664, September 2006, 2265 . 2267 [RFC4761] Kompella, K., Ed. and Y. Rekhter, Ed., "Virtual Private 2268 LAN Service (VPLS) Using BGP for Auto-Discovery and 2269 Signaling", RFC 4761, DOI 10.17487/RFC4761, January 2007, 2270 . 2272 [RFC4762] Lasserre, M., Ed. and V. Kompella, Ed., "Virtual Private 2273 LAN Service (VPLS) Using Label Distribution Protocol (LDP) 2274 Signaling", RFC 4762, DOI 10.17487/RFC4762, January 2007, 2275 . 2277 [RFC5036] Andersson, L., Ed., Minei, I., Ed., and B. Thomas, Ed., 2278 "LDP Specification", RFC 5036, DOI 10.17487/RFC5036, 2279 October 2007, . 2281 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 2282 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 2283 . 2285 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 2286 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 2287 2012, . 2289 [RFC6624] Kompella, K., Kothari, B., and R. Cherukuri, "Layer 2 2290 Virtual Private Networks Using BGP for Auto-Discovery and 2291 Signaling", RFC 6624, DOI 10.17487/RFC6624, May 2012, 2292 . 2294 [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, 2295 L., Sridhar, T., Bursell, M., and C. Wright, "Virtual 2296 eXtensible Local Area Network (VXLAN): A Framework for 2297 Overlaying Virtualized Layer 2 Networks over Layer 3 2298 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, 2299 . 2301 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 2302 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 2303 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 2304 2015, . 2306 [RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W. 2307 Henderickx, "Provider Backbone Bridging Combined with 2308 Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623, 2309 September 2015, . 2311 [RFC7676] Pignataro, C., Bonica, R., and S. Krishnan, "IPv6 Support 2312 for Generic Routing Encapsulation (GRE)", RFC 7676, 2313 DOI 10.17487/RFC7676, October 2015, 2314 . 2316 [RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J. 2317 Rabadan, "Virtual Private Wire Service Support in Ethernet 2318 VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017, 2319 . 2321 [RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address 2322 Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017, 2323 . 2325 [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, 2326 "YANG Data Model for L3VPN Service Delivery", RFC 8299, 2327 DOI 10.17487/RFC8299, January 2018, 2328 . 2330 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2331 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2332 . 2334 [RFC8426] Sitaraman, H., Ed., Beeram, V., Minei, I., and S. 2335 Sivabalan, "Recommendations for RSVP-TE and Segment 2336 Routing (SR) Label Switched Path (LSP) Coexistence", 2337 RFC 8426, DOI 10.17487/RFC8426, July 2018, 2338 . 2340 [RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG 2341 Data Model for Layer 2 Virtual Private Network (L2VPN) 2342 Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October 2343 2018, . 2345 [RFC8660] Bashandy, A., Ed., Filsfils, C., Ed., Previdi, S., 2346 Decraene, B., Litkowski, S., and R. Shakir, "Segment 2347 Routing with the MPLS Data Plane", RFC 8660, 2348 DOI 10.17487/RFC8660, December 2019, 2349 . 2351 [RFC8663] Xu, X., Bryant, S., Farrel, A., Hassan, S., Henderickx, 2352 W., and Z. Li, "MPLS Segment Routing over IP", RFC 8663, 2353 DOI 10.17487/RFC8663, December 2019, 2354 . 2356 [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., 2357 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 2358 (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, 2359 . 2361 Authors' Addresses 2363 Samier Barguil 2364 Telefonica 2365 Madrid 2366 Spain 2368 Email: samier.barguilgiraldo.ext@telefonica.com 2370 Oscar Gonzalez de Dios (editor) 2371 Telefonica 2372 Madrid 2373 Spain 2375 Email: oscar.gonzalezdedios@telefonica.com 2377 Mohamed Boucadair (editor) 2378 Orange 2379 France 2381 Email: mohamed.boucadair@orange.com 2382 Qin Wu 2383 Huawei 2384 101 Software Avenue, Yuhua District 2385 Nanjing, Jiangsu 210012 2386 China 2388 Email: bill.wu@huawei.com