idnits 2.17.1 draft-ietf-opsawg-vpn-common-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 118 has weird spacing: '...eatures such ...' == Line 124 has weird spacing: '...eatures such ...' == Line 203 has weird spacing: '...et-type rt-...' == Line 366 has weird spacing: '...er-port ine...' == Line 367 has weird spacing: '...er-port ine...' == (2 more instances...) -- The document date (April 8, 2021) is 1114 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-19) exists of draft-ietf-opsawg-l2nm-01 == Outdated reference: A later version (-18) exists of draft-ietf-opsawg-l3sm-l3nm-05 == Outdated reference: A later version (-24) exists of draft-ietf-teas-actn-vn-yang-10 == Outdated reference: A later version (-17) exists of draft-ietf-teas-enhanced-vpn-06 -- Obsolete informational reference (is this intentional?): RFC 4960 (Obsoleted by RFC 9260) Summary: 0 errors (**), 0 flaws (~~), 11 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 opsawg S. Barguil 3 Internet-Draft O. Gonzalez de Dios, Ed. 4 Intended status: Standards Track Telefonica 5 Expires: October 10, 2021 M. Boucadair, Ed. 6 Orange 7 Q. Wu 8 Huawei 9 April 8, 2021 11 A Layer 2/3 VPN Common YANG Model 12 draft-ietf-opsawg-vpn-common-07 14 Abstract 16 This document defines a common YANG module that is meant to be reused 17 by various VPN-related modules such as Layer 3 VPN and Layer 2 VPN 18 network models. 20 Editorial Note (To be removed by RFC Editor) 22 Please update these statements within the document with the RFC 23 number to be assigned to this document: 25 o "This version of this YANG module is part of RFC XXXX;" 27 o "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 29 o reference: RFC XXXX 31 Also, please update the "revision" date of the YANG module. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on October 10, 2021. 50 Copyright Notice 52 Copyright (c) 2021 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. Description of the VPN Common YANG Module . . . . . . . . . . 3 70 4. Layer 2/3 VPN Common Module . . . . . . . . . . . . . . . . . 12 71 5. Security Considerations . . . . . . . . . . . . . . . . . . . 56 72 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 56 73 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 56 74 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 57 75 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 57 76 9.1. Normative References . . . . . . . . . . . . . . . . . . 57 77 9.2. Informative References . . . . . . . . . . . . . . . . . 58 78 Appendix A. Example of Common Data Nodes in Early L2NM/L3NM 79 Designs . . . . . . . . . . . . . . . . . . . . . . 63 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 65 82 1. Introduction 84 The IETF has specified YANG data modules for VPN services, e.g., 85 Layer 3 VPN Service Model (L3SM) [RFC8299] or Layer 2 VPN Service 86 Model (L2SM) [RFC8466]. Other relevant YANG models are the Layer 3 87 VPN Network Model (L3NM) [I-D.ietf-opsawg-l3sm-l3nm] and the Layer 2 88 VPN Network Model (L2NM) [I-D.ietf-opsawg-l2nm]. There are common 89 data nodes and structures that are present in all of these models or 90 at least a subset of them. 92 This document defines a common YANG module that is meant to be reused 93 by various VPN-related modules such as L3NM 94 [I-D.ietf-opsawg-l3sm-l3nm] and L2NM [I-D.ietf-opsawg-l2nm]: "ietf- 95 vpn-common" (Section 4). 97 The "ietf-vpn-common" module includes a set of identities, types, and 98 groupings that are meant to be reused by other VPN-related YANG 99 modules independently of their layer (e.g., Layer 2, Layer 3) and the 100 type of the module (e.g., network model, service model) including 101 possible future revisions of existing models (e.g., L3SM [RFC8299] or 102 L2SM [RFC8466]). 104 2. Terminology 106 The terminology for describing YANG modules is defined in [RFC7950]. 108 The meaning of the symbols in tree diagrams is defined in [RFC8340]. 110 The reader may refer to [RFC4026] and [RFC4176] for VPN-related 111 terms. 113 3. Description of the VPN Common YANG Module 115 The "ietf-vpn-common" module defines a set of common VPN-related 116 features, including: 118 Encapsulation features such as Dot1q [IEEE802.1Q], QinQ 119 [IEEE802.1ad], link aggregation [IEEE802.1AX], and Virtual 120 eXtensible Local Area Network (VXLAN) [RFC7348]. 122 Multicast [RFC6513]. 124 Routing features such as OSPF [RFC4577], Bidirectional Forwarding 125 Detection (BFD) [RFC5880], and Virtual Router Redundancy Protocol 126 (VRRP) [RFC5798]. 128 Also, the module defines a set of identities, including: 130 'service-type': Used to identify the VPN service type. Examples of 131 supported service types are L3VPN, Virtual Private LAN Service 132 (VPLS) using BGP [RFC4761], VPLS using Label Distribution Protocol 133 (LDP) [RFC4762], Virtual Private Wire Service (VPWS) [RFC8214], 134 BGP MPLS-Based Ethernet VPN [RFC7432], Ethernet VPN (EVPN) 135 [RFC8365], and Provider Backbone Bridging Combined with Ethernet 136 VPN (PBB-EVPN) [RFC7623]. 138 'vpn-signaling-type': Used to identify the signalling mode used for 139 a given service type. Examples of supported VPN signaling types 140 are L2VPNs using BGP [RFC6624], LDP signalling [RFC5036], and 141 Layer Two Tunneling Protocol (L2TP) [RFC3931]. 143 The module covers both IPv4 and IPv6 identities. It also includes 144 multicast related identities such as Internet Group Management 145 Protocol version 1 (IGMPv1) [RFC1112], IGMPv2 [RFC2236], IGMPv3 146 [RFC3376], Multicast Listener Discovery version 1 (MLDv1) [RFC2710], 147 MLDv2 [RFC3810], and Protocol Independent Multicast (PIM) [RFC7761]. 149 The reader should refer to Section 4 for the full list of supported 150 identities (identities related to address families, VPN topologies, 151 network access types, operational and administrative status, site or 152 node roles, VPN service constraints, routing protocols, routes 153 imports and exports, bandwidth and Quality of Service (QoS), etc.). 155 The "ietf-vpn-common" module also contains a set of reusable VPN- 156 related groupings. The tree diagram of the "ietf-vpn-common" module 157 that depicts the common groupings is provided in Figure 1. 159 module: ietf-vpn-common 161 grouping vpn-description 162 +-- vpn-id? vpn-id 163 +-- vpn-name? string 164 +-- vpn-description? string 165 +-- customer-name? string 166 grouping vpn-profile-cfg 167 +-- valid-provider-identifiers 168 +-- external-connectivity-identifier* [id] 169 | {external-connectivity}? 170 | +-- id? string 171 +-- encryption-profile-identifier* [id] 172 | +-- id? string 173 +-- qos-profile-identifier* [id] 174 | +-- id? string 175 +-- bfd-profile-identifier* [id] 176 | +-- id? string 177 +-- forwarding-profile-identifier* [id] 178 | +-- id? string 179 +-- routing-profile-identifier* [id] 180 +-- id? string 181 grouping status-timestamp 182 +--ro status? identityref 183 +--ro last-updated? yang:date-and-time 184 grouping service-status 185 +-- status 186 +-- admin-status 187 | +-- status? identityref 188 | +-- last-updated? yang:date-and-time 189 +-- oper-status 190 +--ro status? identityref 191 +--ro last-updated? yang:date-and-time 192 grouping underlay-transport 193 +-- (type)? 194 +--:(abstract) 195 | +-- transport-instance-id? string 196 +--:(protocol) 197 +-- protocol* identityref 198 grouping vpn-route-targets 199 +-- vpn-target* [id] 200 | +-- id? int8 201 | +-- route-targets* [route-target] 202 | | +-- route-target? rt-types:route-target 203 | +-- route-target-type rt-types:route-target-type 204 +-- vpn-policies 205 +-- import-policy? string 206 +-- export-policy? string 207 grouping route-distinguisher 208 ... 209 grouping vpn-components-group 210 +-- groups 211 +-- group* [group-id] 212 +-- group-id? string 213 grouping placement-constraints 214 +-- constraint* [constraint-type] 215 +-- constraint-type? identityref 216 +-- target 217 +-- (target-flavor)? 218 +--:(id) 219 | +-- group* [group-id] 220 | +-- group-id? string 221 +--:(all-accesses) 222 | +-- all-other-accesses? empty 223 +--:(all-groups) 224 +-- all-other-groups? empty 225 grouping ports 226 ... 227 grouping qos-classification-policy 228 ... 230 Figure 1: VPN Common Tree 232 The description of the common groupings is provided below: 234 'vpn-description': 236 A YANG grouping that provides common administrative VPN 237 information such as an identifier, a name, a textual 238 description, and a customer name. 240 'vpn-profile-cfg': 242 A YANG grouping that defines a set of valid profiles 243 (encryption, routing, forwarding, etc.) that can be bound to a 244 Layer 2/3 VPN. This document does not make any assumption 245 about the structure of such profiles, but allows "gluing" a VPN 246 service with other parameters that can be required locally to 247 provide added value features to requesting customers. 249 For example, a service provider may provide an external 250 connectivity to a VPN customer (e.g., to a private or public 251 cloud, Internet). Such service may involve tweaking both 252 filtering and NAT rules (e.g., bind a Virtual Routing and 253 Forwarding (VRF) interface with a NAT instance as discussed in 254 Section 2.10 of [RFC8512]). These added value features may be 255 bound to all or a subset of network accesses. Some of these 256 added value features may be implemented in nodes other than PEs 257 (e.g., a P node or even a dedicated node that hosts the NAT 258 function). 260 It is out of the scope of this document to elaborate the 261 structure of these profiles. 263 'status-timestamp': 265 A YANG grouping that defines the operational status updates of 266 a VPN service or component. 268 'service-status': 270 A YANG grouping that defines the administrative and operational 271 status of a component. The grouping can be applied to the 272 whole service or an endpoint. 274 'underlay-transport': 276 A YANG grouping that defines the type of the underlay transport 277 for a VPN service. 279 The underlay transport can be expressed as an abstract 280 transport instance (e.g., an identifier of a VPN+ instance 281 [I-D.ietf-teas-enhanced-vpn], a virtual network identifier 282 [I-D.ietf-teas-actn-vn-yang][RFC8453], or a network slice name 283 [I-D.ietf-teas-ietf-network-slice-framework]) or as an ordered 284 list of the actual protocols to be enabled in the network. 286 The module supports a rich set of protocol identifiers that can 287 be used, e.g., to refer to an underlay transport. Examples of 288 supported protocols are IP-in-IP [RFC2003][RFC2473], GRE 289 [RFC1701][RFC1702][RFC7676], MPLS-in-UDP [RFC7510], Generic 290 Network Virtualization Encapsulation (GENEVE) [RFC8926], 291 Segment Routing (SR) [RFC8660][RFC8663][RFC8754], Resource 292 ReSerVation Protocol (RSVP) with traffic engineering extensions 293 [RFC3209], and BGP with labeled prefixes [RFC8277]. 295 'vpn-route-targets': 297 A YANG grouping that defines Route Target (RT) import/export 298 rules used in a BGP-enabled VPN (e.g., [RFC4364][RFC4664]). 300 'route-distinguisher': 302 A YANG grouping that defines Route Distinguishers (RDs). 304 As depicted in Figure 2, the module supports these RD 305 assignment modes: direct assignment, automatic assignment from 306 a given pool, automatic assignment, and no assignment. 308 Also, the module accommodates deployments where only the 309 Assigned Number subfield of RDs (Section 4.2 of [RFC4364]) is 310 assigned from a pool while the Administrator subfield is set 311 to, e.g., the router-id that is assigned to a VPN node. The 312 module supports these modes for managing the Assigned Number 313 subfield: explicit assignment, auto-assignment from a pool, and 314 full auto-assignment. 316 grouping route-distinguisher 317 +-- (rd-choice)? 318 +--:(directly-assigned) 319 | +-- rd? rt-types:route-distinguisher 320 +--:(directly-assigned-suffix) 321 | +-- rd-suffix? uint16 322 +--:(auto-assigned) 323 | +-- rd-auto 324 | +-- (auto-mode)? 325 | | +--:(from-pool) 326 | | | +-- rd-pool-name? string 327 | | +--:(full-auto) 328 | | +-- auto? empty 329 | +--ro auto-assigned-rd? rt-types:route-distinguisher 330 +--:(auto-assigned-suffix) 331 | +-- rd-auto-suffix 332 | +-- (auto-mode)? 333 | | +--:(from-pool) 334 | | | +-- rd-pool-name? string 335 | | +--:(full-auto) 336 | | +-- auto? empty 337 | +--ro auto-assigned-rd-suffix? uint16 338 +--:(no-rd) 339 +-- no-rd? empty 341 Figure 2: Route Distinguisher Grouping Subtree 343 'vpn-components-group': 345 A YANG grouping that is used to group VPN nodes, VPN network 346 accesses, or sites. For example, diversity or redundancy 347 constraints can be applied on a per group basis. 349 'placement-constraints': 351 A YANG grouping that is used to define the placement 352 constraints of a VPN node, VPN network access, or site. 354 'ports': 356 A YANG grouping that defines ranges of source and destination 357 port numbers and operators. The subtree of this grouping is 358 depicted in Figure 3. 360 grouping ports 361 +-- (source-port)? 362 | +--:(source-port-range-or-operator) 363 | +-- source-port-range-or-operator 364 | +-- (port-range-or-operator)? 365 | +--:(range) 366 | | +-- lower-port inet:port-number 367 | | +-- upper-port inet:port-number 368 | +--:(operator) 369 | +-- operator? operator 370 | +-- port inet:port-number 371 +-- (destination-port)? 372 +--:(destination-port-range-or-operator) 373 +-- destination-port-range-or-operator 374 +-- (port-range-or-operator)? 375 +--:(range) 376 | +-- lower-port inet:port-number 377 | +-- upper-port inet:port-number 378 +--:(operator) 379 +-- operator? operator 380 +-- port inet:port-number 382 Figure 3: Port Numbers Grouping Subtree 384 'qos-classification-policy': 386 A YANG grouping that defines a set of QoS classification 387 policies based on various match Layer 3/4 and application 388 criteria. The subtree of this grouping is depicted in 389 Figure 4. 391 Any layer 4 protocol can be indicated in the 'protocol' data 392 node under 'l3', but only TCP and UDP specific match criteria 393 are elaborated in this version as these protocols are widely 394 used in the context of VPN services. Augmentations can be 395 considered in the future to add other Layer 4 specific data 396 nodes (e.g., Stream Control Transmission Protocol [RFC4960]), 397 if needed. 399 grouping qos-classification-policy 400 +-- rule* [id] 401 +-- id? string 402 +-- (match-type)? 403 | +--:(match-flow) 404 | | +-- (l3)? 405 | | | +--:(ipv4) 406 | | | | +-- ipv4 407 | | | | +-- dscp? inet:dscp 408 | | | | +-- ecn? uint8 409 | | | | +-- length? uint16 410 | | | | +-- ttl? uint8 411 | | | | +-- protocol? uint8 412 | | | | +-- ihl? uint8 413 | | | | +-- flags? bits 414 | | | | +-- offset? uint16 415 | | | | +-- identification? uint16 416 | | | | +-- (destination-network)? 417 | | | | | +--:(destination-ipv4-network) 418 | | | | | +-- destination-ipv4-network? 419 | | | | | inet:ipv4-prefix 420 | | | | +-- (source-network)? 421 | | | | +--:(source-ipv4-network) 422 | | | | +-- source-ipv4-network? 423 | | | | inet:ipv4-prefix 424 | | | +--:(ipv6) 425 | | | +-- ipv6 426 | | | +-- dscp? inet:dscp 427 | | | +-- ecn? uint8 428 | | | +-- length? uint16 429 | | | +-- ttl? uint8 430 | | | +-- protocol? uint8 431 | | | +-- (destination-network)? 432 | | | | +--:(destination-ipv6-network) 433 | | | | +-- destination-ipv6-network? 434 | | | | inet:ipv6-prefix 435 | | | +-- (source-network)? 436 | | | | +--:(source-ipv6-network) 437 | | | | +-- source-ipv6-network? 438 | | | | inet:ipv6-prefix 439 | | | +-- flow-label? 440 | | | inet:ipv6-flow-label 441 | | +-- (l4)? 442 | | +--:(tcp) 443 | | | +-- tcp 444 | | | +-- sequence-number? uint32 445 | | | +-- acknowledgement-number? uint32 446 | | | +-- data-offset? uint8 447 | | | +-- reserved? uint8 448 | | | +-- flags? bits 449 | | | +-- window-size? uint16 450 | | | +-- urgent-pointer? uint16 451 | | | +-- options? binary 452 | | | +-- (source-port)? 453 | | | | +--:(source-port-range-or-operator) 454 | | | | +-- source-port-range-or-operator 455 | | | | +-- (port-range-or-operator)? 456 | | | | +--:(range) 457 | | | | | +-- lower-port 458 | | | | | | inet:port-number 459 | | | | | +-- upper-port 460 | | | | | inet:port-number 461 | | | | +--:(operator) 462 | | | | +-- operator? operator 463 | | | | +-- port 464 | | | | inet:port-number 465 | | | +-- (destination-port)? 466 | | | +--:(destination-port-range-or-operator) 467 | | | +-- destination-port-range-or-operator 468 | | | +-- (port-range-or-operator)? 469 | | | +--:(range) 470 | | | | +-- lower-port 471 | | | | | inet:port-number 472 | | | | +-- upper-port 473 | | | | inet:port-number 474 | | | +--:(operator) 475 | | | +-- operator? operator 476 | | | +-- port 477 | | | inet:port-number 478 | | +--:(udp) 479 | | +-- udp 480 | | +-- length? uint16 481 | | +-- (source-port)? 482 | | | +--:(source-port-range-or-operator) 483 | | | +-- source-port-range-or-operator 484 | | | +-- (port-range-or-operator)? 485 | | | +--:(range) 486 | | | | +-- lower-port 487 | | | | | inet:port-number 488 | | | | +-- upper-port 489 | | | | inet:port-number 490 | | | +--:(operator) 491 | | | +-- operator? operator 492 | | | +-- port 493 | | | inet:port-number 494 | | +-- (destination-port)? 495 | | +--:(destination-port-range-or-operator) 496 | | +-- destination-port-range-or-operator 497 | | +-- (port-range-or-operator)? 498 | | +--:(range) 499 | | | +-- lower-port 500 | | | | inet:port-number 501 | | | +-- upper-port 502 | | | inet:port-number 503 | | +--:(operator) 504 | | +-- operator? operator 505 | | +-- port 506 | | inet:port-number 507 | +--:(match-application) 508 | +-- match-application? identityref 509 +-- target-class-id? string {qos}? 511 Figure 4: QoS Classification Subtree 513 4. Layer 2/3 VPN Common Module 515 This module uses types defined in [RFC6991], [RFC8294], and 516 [RFC8519]. It also uses the extension defined in [RFC8341]. 518 file "ietf-vpn-common@2021-04-08.yang" 519 module ietf-vpn-common { 520 yang-version 1.1; 521 namespace "urn:ietf:params:xml:ns:yang:ietf-vpn-common"; 522 prefix vpn-common; 524 import ietf-netconf-acm { 525 prefix nacm; 526 reference 527 "RFC 8341: Network Configuration Access Control Model"; 528 } 529 import ietf-routing-types { 530 prefix rt-types; 531 reference 532 "RFC 8294: Common YANG Data Types for the Routing Area"; 533 } 534 import ietf-yang-types { 535 prefix yang; 536 reference 537 "RFC 6991: Common YANG Data Types, Section 3"; 538 } 539 import ietf-packet-fields { 540 prefix packet-fields; 541 reference 542 "RFC 8519: YANG Data Model for Network Access 543 Control Lists (ACLs)"; 544 } 546 organization 547 "IETF OPSA (Operations and Management Area) Working Group"; 548 contact 549 "WG Web: 550 WG List: 551 Author: Samier Barguil 552 553 Author: Oscar Gonzalez de Dios 554 555 Editor: Mohamed Boucadair 556 557 Author: Qin Wu 558 "; 559 description 560 "This YANG module defines a common module that is meant 561 to be reused by various VPN-related modules (e.g., 562 Layer 3 VPN Service Model (L3SM), Layer 2 VPN Service 563 Model (L2SM), Layer 3 VPN Network Model (L3NM), Layer 2 564 VPN Network Model (L2NM)). 566 Copyright (c) 2021 IETF Trust and the persons identified as 567 authors of the code. All rights reserved. 569 Redistribution and use in source and binary forms, with or 570 without modification, is permitted pursuant to, and subject 571 to the license terms contained in, the Simplified BSD License 572 set forth in Section 4.c of the IETF Trust's Legal Provisions 573 Relating to IETF Documents 574 (http://trustee.ietf.org/license-info). 576 This version of this YANG module is part of RFC XXXX; see 577 the RFC itself for full legal notices."; 579 revision 2021-04-08 { 580 description 581 "Initial revision."; 582 reference 583 "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 584 } 586 /******** Collection of VPN-related Features ********/ 587 /* 588 * Features related to encapsulation schemes 589 */ 591 feature dot1q { 592 description 593 "Indicates the support of the Dot1q encapsulation."; 594 reference 595 "IEEE Std 802.1Q: Bridges and Bridged Networks"; 596 } 598 feature qinq { 599 description 600 "Indicates the support of the QinQ encapsulation."; 601 reference 602 "IEEE Std 802.1ad: Provider Bridges"; 603 } 605 feature vxlan { 606 description 607 "Indicates the support of the Virtual eXtensible 608 Local Area Network (VXLAN) encapsulation."; 609 reference 610 "RFC 7348: Virtual eXtensible Local Area Network (VXLAN): 611 A Framework for Overlaying Virtualized Layer 2 612 Networks over Layer 3 Networks"; 613 } 615 feature qinany { 616 description 617 "Indicates the support of the QinAny encapsulation."; 618 } 620 feature lag-interface { 621 description 622 "Indicates the support of Link Aggregation Group (LAG) 623 between VPN network accesses."; 624 } 626 /* 627 * Features related to multicast 628 */ 630 feature multicast { 631 description 632 "Indicates multicast capabilities support in a VPN."; 633 reference 634 "RFC 6513: Multicast in MPLS/BGP IP VPNs"; 635 } 637 feature igmp { 638 description 639 "Indicates support of Internet Group Management Protocol 640 (IGMP)."; 641 reference 642 "RFC 1112: Host Extensions for IP Multicasting 643 RFC 2236: Internet Group Management Protocol, Version 2 644 RFC 3376: Internet Group Management Protocol, Version 3"; 645 } 646 feature mld { 647 description 648 "Indicates support of Multicast Listener Discovery (MLD)."; 649 reference 650 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6 651 RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) 652 for IPv6"; 653 } 655 feature pim { 656 description 657 "Indicates support of Protocol Independent Multicast (PIM)."; 658 reference 659 "RFC 7761: Protocol Independent Multicast - Sparse Mode 660 (PIM-SM): Protocol Specification (Revised)"; 661 } 663 /* 664 * Features related to address family types 665 */ 667 feature ipv4 { 668 description 669 "Indicates IPv4 support in a VPN."; 670 } 672 feature ipv6 { 673 description 674 "Indicates IPv6 support in a VPN."; 675 } 677 /* 678 * Features related to routing protocols 679 */ 681 feature rtg-ospf { 682 description 683 "Indicates support of the OSPF as the Provider Edge (PE)/ 684 Customer Edge (CE) routing protocol."; 685 reference 686 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 687 for BGP/MPLS IP Virtual Private Networks (VPNs)"; 688 } 690 feature rtg-ospf-sham-link { 691 description 692 "Indicates support of OSPF sham links."; 693 reference 694 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 695 for BGP/MPLS IP Virtual Private Networks (VPNs), 696 Section 4.2.7"; 697 } 699 feature rtg-bgp { 700 description 701 "Indicates support of BGP as the PE/CE routing protocol."; 702 } 704 feature rtg-rip { 705 description 706 "Indicates support of RIP as the PE/CE routing protocol."; 707 } 709 feature rtg-isis { 710 description 711 "Indicates support of IS-IS as the PE/CE routing protocol."; 712 } 714 feature rtg-vrrp { 715 description 716 "Indicates support of the Virtual Router Redundancy 717 Protocol (VRRP) between a cutsomer LAN and the PE."; 718 reference 719 "RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3 720 for IPv4 and IPv6"; 721 } 723 feature bfd { 724 description 725 "Indicates support of Bidirectional Forwarding Detection (BFD) 726 between the CE and the PE."; 727 reference 728 "RFC 5880: Bidirectional Forwarding Detection (BFD)"; 729 } 731 /* 732 * Features related to VPN service constraints 733 */ 735 feature bearer-reference { 736 description 737 "Indicates support of the bearer reference access constraint. 738 That is, the reuse of a network connection that was already 739 ordered to the service provider apart from the IP VPN site."; 740 } 741 feature placement-diversity { 742 description 743 "Indicates support of placement diversity constraints in the 744 customer premises. An example of these constraints may be to 745 avoid connecting a site network access to the same Provider 746 Edge as a target site network access."; 747 } 749 /* 750 * Features related to bandwidth and Quality of Service (QoS) 751 */ 753 feature qos { 754 description 755 "Indicates support of Classes of Services (CoSes)."; 756 } 758 feature input-bw { 759 description 760 "Indicates support of the input bandwidth in a VPN."; 761 } 763 feature output-bw { 764 description 765 "Indicates support of the output bandwidth in a VPN."; 766 } 768 /* 769 * Features related to security and resilience 770 */ 772 feature encryption { 773 description 774 "Indicates support of encryption."; 775 } 777 feature fast-reroute { 778 description 779 "Indicates support of Fast Reroute (FRR)."; 780 } 782 /* 783 * Features related to advanced VPN options 784 */ 786 feature external-connectivity { 787 description 788 "Indicates support of the VPN to provide external 789 connectivity (e.g., Internet, private or public cloud)."; 790 } 792 feature extranet-vpn { 793 description 794 "Indicates support of extranet VPNs. That is, the capability of 795 a VPN to access a list of other VPNs."; 796 } 798 feature carrierscarrier { 799 description 800 "Indicates support of Carrier-of-Carrier VPNs."; 801 reference 802 "RFC 4364: BGP/MPLS IP Virtual Private Networks 803 (VPNs), Section 9"; 804 } 806 /* 807 * Address family related identities 808 */ 810 identity address-family { 811 description 812 "Defines a type for the address family."; 813 } 815 identity ipv4 { 816 base address-family; 817 description 818 "Identity for IPv4 address family."; 819 } 821 identity ipv6 { 822 base address-family; 823 description 824 "Identity for IPv6 address family."; 825 } 827 identity dual-stack { 828 base address-family; 829 description 830 "Identity for IPv4 and IPv6 address family."; 831 } 833 /* 834 * Identities related to VPN topology 835 */ 837 identity vpn-topology { 838 description 839 "Base identity of the VPN topology."; 840 } 842 identity any-to-any { 843 base vpn-topology; 844 description 845 "Identity for any-to-any VPN topology."; 846 } 848 identity hub-spoke { 849 base vpn-topology; 850 description 851 "Identity for Hub-and-Spoke VPN topology."; 852 } 854 identity hub-spoke-disjoint { 855 base vpn-topology; 856 description 857 "Identity for Hub-and-Spoke VPN topology where Hubs cannot 858 communicate with each other."; 859 } 861 identity custom { 862 base vpn-topology; 863 description 864 "Identity for custom VPN topologies where the role of the nodes 865 is not strictly hub or spoke. The VPN topology is controlled by 866 the import/export policies. The custom topology reflects more 867 complex VPN nodes such as VPN node that acts as Hub for certain 868 nodes and Spoke to others."; 869 } 871 /* 872 * Identities related to network access types 873 */ 875 identity site-network-access-type { 876 description 877 "Base identity for site network access type."; 878 } 880 identity point-to-point { 881 base site-network-access-type; 882 description 883 "Identity for point-to-point connections."; 884 } 885 identity multipoint { 886 base site-network-access-type; 887 description 888 "Identity for multipoint connections, e.g., Ethernet broadcast 889 segment."; 890 } 892 identity irb { 893 base site-network-access-type; 894 description 895 "Integrated Routing Bridge (IRB). 896 Identity for pseudowire connections."; 897 } 899 identity loopback { 900 base site-network-access-type; 901 description 902 "Identity for loopback connections."; 903 } 905 /* 906 * Identities related to operational and administrative status 907 */ 909 identity operational-status { 910 description 911 "Base identity for the operational status."; 912 } 914 identity operational-state-up { 915 base operational-status; 916 description 917 "Operational status is UP/Enabled."; 918 } 920 identity operational-state-down { 921 base operational-status; 922 description 923 "Operational status is DOWN/Disabled."; 924 } 926 identity operational-state-unknown { 927 base operational-status; 928 description 929 "Operational status is UNKNOWN."; 930 } 932 identity administrative-status { 933 description 934 "Base identity for administrative status."; 935 } 937 identity administrative-state-up { 938 base administrative-status; 939 description 940 "Administrative status is UP/Enabled."; 941 } 943 identity administrative-state-down { 944 base administrative-status; 945 description 946 "Administrative status is DOWN/Disabled."; 947 } 949 identity administrative-state-testing { 950 base administrative-status; 951 description 952 "Administrative status is up for testing purposes."; 953 } 955 identity administrative-state-pre-deployment { 956 base administrative-status; 957 description 958 "Administrative status is pre-deployment phase. That is prior to 959 the actual deployment of a service."; 960 } 962 /* 963 * Identities related to site or node role 964 */ 966 identity role { 967 description 968 "Base identity of a site or a node role."; 969 } 971 identity any-to-any-role { 972 base role; 973 description 974 "Identity of any-to-any IP VPN."; 975 } 977 identity spoke-role { 978 base role; 979 description 980 "A node or a site is acting as a Spoke IP VPN."; 982 } 984 identity hub-role { 985 base role; 986 description 987 "A node or a site isacting as a Hub IP VPN."; 988 } 990 identity custom-role { 991 base role; 992 description 993 "VPN-Node with custom or complex role in the VPN. For some 994 sources/destinations, it can behave as a hub but for others it 995 can act as a spoke depending on the configured policy."; 996 } 998 /* 999 * Identities related to VPN service constraints 1000 */ 1002 identity placement-diversity { 1003 description 1004 "Base identity for access placement constraints."; 1005 } 1007 identity bearer-diverse { 1008 base placement-diversity; 1009 description 1010 "Identity for bearer diversity. 1012 The bearers should not use common elements."; 1013 } 1015 identity pe-diverse { 1016 base placement-diversity; 1017 description 1018 "Identity for PE diversity."; 1019 } 1021 identity pop-diverse { 1022 base placement-diversity; 1023 description 1024 "Identity for Point Of Presence (POP) diversity."; 1025 } 1027 identity linecard-diverse { 1028 base placement-diversity; 1029 description 1030 "Identity for linecard diversity."; 1031 } 1033 identity same-pe { 1034 base placement-diversity; 1035 description 1036 "Identity for having sites connected on the same PE."; 1037 } 1039 identity same-bearer { 1040 base placement-diversity; 1041 description 1042 "Identity for having sites connected using the same bearer."; 1043 } 1045 /* 1046 * Identities related to service types 1047 */ 1049 identity service-type { 1050 description 1051 "Identity of service type."; 1052 } 1054 identity l3vpn { 1055 base service-type; 1056 description 1057 "Identity for L3VPN service."; 1058 reference 1059 "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)"; 1060 } 1062 identity vpls { 1063 base service-type; 1064 description 1065 "Identity for the VPLS service type."; 1066 reference 1067 "RFC 4761: Virtual Private LAN Service (VPLS) Using BGP for 1068 Auto-Discovery and Signaling 1069 RFC 4762: Virtual Private LAN Service (VPLS) Using Label 1070 Distribution Protocol (LDP) Signaling"; 1071 } 1073 identity vpws-evpn { 1074 base service-type; 1075 description 1076 "Identity for the Point-to-point Virtual Private Wire Service 1077 (VPWS) service type."; 1079 reference 1080 "RFC 8214: Virtual Private Wire Service Support in Ethernet VPN"; 1081 } 1083 identity pbb-evpn { 1084 base service-type; 1085 description 1086 "Identity for Provider Backbone Bridging (PBB) EVPNs."; 1087 reference 1088 "RFC 7623: Provider Backbone Bridging Combined with Ethernet VPN 1089 (PBB-EVPN)"; 1090 } 1092 identity mpls-evpn { 1093 base service-type; 1094 description 1095 "Identity for MPLS based EVPNs."; 1096 reference 1097 "RFC 7432: BGP MPLS-Based Ethernet VPN"; 1098 } 1100 identity vxlan-evpn { 1101 base service-type; 1102 description 1103 "Identity for VXLAN based EVPNs."; 1104 reference 1105 "RFC 8365: A Network Virtualization Overlay Solution Using 1106 Ethernet VPN (EVPN)"; 1107 } 1109 /* 1110 * Identities related to VPN signaling type 1111 */ 1113 identity vpn-signaling-type { 1114 description 1115 "Identity for VPN signaling types"; 1116 } 1118 identity bgp-signaling { 1119 base vpn-signaling-type; 1120 description 1121 "Identity for Layer 2 VPNs using BGP"; 1122 reference 1123 "RFC 6624: Layer 2 Virtual Private Networks Using BGP for 1124 Auto-Discovery and Signaling 1125 RFC 7432: BGP MPLS-Based Ethernet VPN"; 1126 } 1127 identity ldp-signaling { 1128 base vpn-signaling-type; 1129 description 1130 "Identity for Targeted Label Distribution Protocol."; 1131 reference 1132 "RFC 5036: LDP Specification"; 1133 } 1135 identity l2tp-signaling { 1136 base vpn-signaling-type; 1137 description 1138 "Identity for Layer Two Tunneling Protocol (L2TP)."; 1139 reference 1140 "RFC 3931: Layer Two Tunneling Protocol - Version 3 (L2TPv3)"; 1141 } 1143 /* 1144 * Identities related to routing protocols 1145 */ 1147 identity routing-protocol-type { 1148 description 1149 "Base identity for routing protocol type."; 1150 } 1152 identity static { 1153 base routing-protocol-type; 1154 description 1155 "Identity for static routing protocol type."; 1156 } 1158 identity bgp { 1159 if-feature "rtg-bgp"; 1160 base routing-protocol-type; 1161 description 1162 "Identity for BGP routing protocol type."; 1163 } 1165 identity ospf { 1166 if-feature "rtg-ospf"; 1167 base routing-protocol-type; 1168 description 1169 "Identity for OSPF routing protocol type."; 1170 reference 1171 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 1172 for BGP/MPLS IP Virtual Private Networks(VPNs)"; 1173 } 1174 identity rip { 1175 if-feature "rtg-rip"; 1176 base routing-protocol-type; 1177 description 1178 "Identity for RIP routing protocol type."; 1179 } 1181 identity isis { 1182 if-feature "rtg-isis"; 1183 base routing-protocol-type; 1184 description 1185 "Identity for IS-IS routing protocol type."; 1186 } 1188 identity vrrp { 1189 if-feature "rtg-vrrp"; 1190 base routing-protocol-type; 1191 description 1192 "Identity for VRRP protocol type. 1194 This is to be used when LANs are directly connected to PEs."; 1195 } 1197 identity direct { 1198 base routing-protocol-type; 1199 description 1200 "Identity for direct routing protocol type. 1202 This is to be used when LANs are directly connected to PEs 1203 and must be advertised in the VPN."; 1204 } 1206 identity any { 1207 base routing-protocol-type; 1208 description 1209 "Identity for any routing protocol type. 1211 This can be, e.g., used to set policies that apply to any 1212 routing protocol in place."; 1213 } 1215 identity isis-level { 1216 if-feature "rtg-isis"; 1217 description 1218 "Identity for the IS-IS level."; 1219 } 1221 identity level1 { 1222 base isis-level; 1223 description 1224 "Identity for IS-IS level 1."; 1225 } 1227 identity level2 { 1228 base isis-level; 1229 description 1230 "Identity for IS-IS level 2."; 1231 } 1233 identity level1-2 { 1234 base isis-level; 1235 description 1236 "Identity for IS-IS levels 1 and 2."; 1237 } 1239 /* 1240 * Identities related to Routes Import and Export 1241 */ 1243 identity ie-type { 1244 description 1245 "Identity for 'import/export' routing profiles. These profiles 1246 can be reused between VPN nodes."; 1247 } 1249 identity import { 1250 base ie-type; 1251 description 1252 "Identity for 'import' routing profile."; 1253 reference 1254 "RFC 4364: BGP/MPLS IP Virtual Private Networks 1255 (VPNs), Section 4.3.1"; 1256 } 1258 identity export { 1259 base ie-type; 1260 description 1261 "Identity for 'export' routing profile."; 1262 reference 1263 "RFC 4364: BGP/MPLS IP Virtual Private Networks 1264 (VPNs), Section 4.3.1"; 1265 } 1267 identity import-export { 1268 base ie-type; 1269 description 1270 "Identity for 'import/export' routing profile."; 1271 } 1273 /* 1274 * Identities related to bandwidth and QoS 1275 */ 1277 identity bw-direction { 1278 description 1279 "Identity for the bandwidth direction."; 1280 } 1282 identity input-bw { 1283 if-feature "input-bw"; 1284 base bw-direction; 1285 description 1286 "Identity for the input bandwidth."; 1287 } 1289 identity output-bw { 1290 if-feature "output-bw"; 1291 base bw-direction; 1292 description 1293 "Identity for the output bandwidth."; 1294 } 1296 identity bw-type { 1297 description 1298 "Identity of the bandwidth type."; 1299 } 1301 identity bw-per-cos { 1302 if-feature "qos"; 1303 base bw-type; 1304 description 1305 "The bandwidth is per CoS."; 1306 } 1308 identity bw-per-port { 1309 base bw-type; 1310 description 1311 "The bandwidth is per site network access."; 1312 } 1314 identity bw-per-site { 1315 base bw-type; 1316 description 1317 "The bandwidth is per site. It is applicable to all the site 1318 network accesses within a site."; 1319 } 1321 identity bw-per-service { 1322 base bw-type; 1323 description 1324 "The bandwidth is per VPN service."; 1325 } 1327 identity qos-profile-direction { 1328 if-feature "qos"; 1329 description 1330 "Base identity for the QoS profile direction."; 1331 } 1333 identity site-to-wan { 1334 base qos-profile-direction; 1335 description 1336 "Identity for Site-to-WAN direction."; 1337 } 1339 identity wan-to-site { 1340 base qos-profile-direction; 1341 description 1342 "Identity for WAN-to-Site direction."; 1343 } 1345 identity both { 1346 base qos-profile-direction; 1347 description 1348 "Identity for both WAN-to-Site and Site-to-WAN directions."; 1349 } 1351 /* 1352 * Identities related to underlay transport instances 1353 */ 1355 identity transport-instance-type { 1356 description 1357 "Base identity for underlay transport instance type."; 1358 } 1360 identity virtual-network { 1361 base transport-instance-type; 1362 description 1363 "Identity for the virtual network."; 1364 reference 1365 "RFC 8453: Framework for Abstraction and Control of TE 1366 Networks (ACTN)"; 1367 } 1369 identity enhanced-vpn { 1370 base transport-instance-type; 1371 description 1372 "Identity for the Enhanced VPN (VPN+). VPN+ is an 1373 approach that is based on existing VPN and Traffic 1374 Engineering (TE) technologies but adds characteristics 1375 that specific services require over and above traditional 1376 VPNs."; 1377 } 1379 identity ietf-network-slice { 1380 base transport-instance-type; 1381 description 1382 "Identity for the IETF network slice. An IETF network slice 1383 is a logical network topology connecting a number of 1384 endpoints using a set of shared or dedicated network 1385 resources that are used to satisfy specific service 1386 objectives."; 1387 } 1389 /* 1390 * Identities related to protocol types. These types are typically 1391 * used to identify the underlay transport. 1392 */ 1394 identity protocol-type { 1395 description 1396 "Base identity for Protocol Type."; 1397 } 1399 identity ip-in-ip { 1400 base protocol-type; 1401 description 1402 "Transport is based on IP-in-IP."; 1403 reference 1404 "RFC 2003: IP Encapsulation within IP 1405 RFC 2473: Generic Packet Tunneling in IPv6 Specification"; 1406 } 1408 identity ip-in-ipv4 { 1409 base ip-in-ip; 1410 description 1411 "Transport is based on IP over IPv4."; 1412 reference 1413 "RFC 2003: IP Encapsulation within IP"; 1415 } 1417 identity ip-in-ipv6 { 1418 base ip-in-ip; 1419 description 1420 "Transport is based on IP over IPv6."; 1421 reference 1422 "RFC 2473: Generic Packet Tunneling in IPv6 Specification"; 1423 } 1425 identity gre { 1426 base protocol-type; 1427 description 1428 "Transport is based on Generic Routing Encapsulation (GRE)."; 1429 reference 1430 "RFC 1701: Generic Routing Encapsulation (GRE) 1431 RFC 1702: Generic Routing Encapsulation over IPv4 networks 1432 RFC 7676: IPv6 Support for Generic Routing Encapsulation (GRE)"; 1433 } 1435 identity gre-v4 { 1436 base gre; 1437 description 1438 "Transport is based on GRE over IPv4."; 1439 reference 1440 "RFC 1702: Generic Routing Encapsulation over IPv4 networks"; 1441 } 1443 identity gre-v6 { 1444 base gre; 1445 description 1446 "Transport is based on GRE over IPv6."; 1447 reference 1448 "RFC 7676: IPv6 Support for Generic Routing Encapsulation (GRE)"; 1449 } 1451 identity vxlan-trans { 1452 base protocol-type; 1453 description 1454 "Transport is based on VXLAN."; 1455 reference 1456 "RFC 7348: Virtual eXtensible Local Area Network (VXLAN): 1457 A Framework for Overlaying Virtualized Layer 2 1458 Networks over Layer 3 Networks"; 1459 } 1461 identity geneve { 1462 base protocol-type; 1463 description 1464 "Transport is based on Generic Network Virtualization 1465 Encapsulation (GENEVE)."; 1466 reference 1467 "RFC 8926: Geneve: Generic Network Virtualization Encapsulation"; 1468 } 1470 identity ldp { 1471 base protocol-type; 1472 description 1473 "Transport is based on LDP."; 1474 reference 1475 "RFC 5036: LDP Specification"; 1476 } 1478 identity mpls-in-udp { 1479 base protocol-type; 1480 description 1481 "Transport is MPLS in UDP."; 1482 reference 1483 "RFC 7510: Encapsulating MPLS in UDP"; 1484 } 1486 identity sr { 1487 base protocol-type; 1488 description 1489 "Transport is based on Segment Routing (SR)."; 1490 reference 1491 "RFC 8660: Segment Routing with the MPLS Data Plane 1492 RFC 8663: MPLS Segment Routing over IP 1493 RFC 8754: IPv6 Segment Routing Header (SRH)"; 1494 } 1496 identity sr-mpls { 1497 base sr; 1498 description 1499 "Transport is based on SR with MPLS."; 1500 reference 1501 "RFC 8660: Segment Routing with the MPLS Data Plane"; 1502 } 1504 identity srv6 { 1505 base sr; 1506 description 1507 "Transport is based on SR over IPv6."; 1508 reference 1509 "RFC 8663: MPLS Segment Routing over IP 1510 RFC 8754: IPv6 Segment Routing Header (SRH)"; 1512 } 1514 identity rsvp-te { 1515 base protocol-type; 1516 description 1517 "Transport is based on RSVP-TE."; 1518 reference 1519 "RFC 3209: RSVP-TE: Extensions to RSVP for LSP Tunnels"; 1520 } 1522 identity bgp-lu { 1523 base protocol-type; 1524 description 1525 "Transport is based on BGP-LU."; 1526 reference 1527 "RFC 8277: Using BGP to Bind MPLS Labels to Address Prefixes"; 1528 } 1530 identity unknown { 1531 base protocol-type; 1532 description 1533 "Not known protocol type."; 1534 } 1536 /* 1537 * Identities related to encapsulations 1538 */ 1540 identity encapsulation-type { 1541 description 1542 "Base identity for the encapsulation type."; 1543 } 1545 identity priority-tagged { 1546 base encapsulation-type; 1547 description 1548 "Identity for the priority-tagged interface."; 1549 } 1551 identity dot1q { 1552 if-feature "dot1q"; 1553 base encapsulation-type; 1554 description 1555 "Identity for the support of the Dot1q encapsulation."; 1556 } 1558 identity qinq { 1559 if-feature "qinq"; 1560 base encapsulation-type; 1561 description 1562 "Identity for the support of the QinQ encapsulation."; 1563 } 1565 identity qinany { 1566 if-feature "qinany"; 1567 base encapsulation-type; 1568 description 1569 "Identity for the support of the QinAny encapsulation."; 1570 } 1572 identity vxlan { 1573 if-feature "vxlan"; 1574 base encapsulation-type; 1575 description 1576 "Identity for the support of the VxLAN encapsulation."; 1577 } 1579 identity ethernet-type { 1580 base encapsulation-type; 1581 description 1582 "Identity of the Ethernet encapsulation type."; 1583 } 1585 identity vlan-type { 1586 base encapsulation-type; 1587 description 1588 "Identity of the VLAN encapsulation."; 1589 } 1591 identity untagged-int { 1592 base encapsulation-type; 1593 description 1594 "Identity of the untagged interface type."; 1595 } 1597 identity tagged-int { 1598 base encapsulation-type; 1599 description 1600 "Identity of the tagged interface type."; 1601 } 1603 identity lag-int { 1604 if-feature "lag-interface"; 1605 base encapsulation-type; 1606 description 1607 "Identity of the LAG interface type."; 1609 reference 1610 "IEEE Std. 802.1AX: Link Aggregation"; 1611 } 1613 /* 1614 * Identities related to VLAN Tag 1615 */ 1617 identity tag-type { 1618 description 1619 "Base identity of the tag types."; 1620 } 1622 identity c-vlan { 1623 base tag-type; 1624 description 1625 "Indicates Customer VLAN (C-VLAN) tag, normally using 1626 the 0x8100 Ethertype."; 1627 } 1629 identity s-vlan { 1630 base tag-type; 1631 description 1632 "Indicates Service VLAN (S-VLAN) tag."; 1633 } 1635 identity c-s-vlan { 1636 base tag-type; 1637 description 1638 "Uses both a C-VLAN tag and a S-VLAN tag."; 1639 } 1641 /* 1642 * Identities related to VXLAN 1643 */ 1645 identity vxlan-peer-mode { 1646 if-feature "vxlan"; 1647 description 1648 "Base identity for the VXLAN peer mode."; 1649 } 1651 identity static-mode { 1652 base vxlan-peer-mode; 1653 description 1654 "Identity for VXLAN access in the static mode."; 1655 } 1656 identity bgp-mode { 1657 base vxlan-peer-mode; 1658 description 1659 "Identity for VXLAN access by BGP EVPN learning."; 1660 } 1662 /* 1663 * Identities related to multicast 1664 */ 1666 identity multicast-gp-address-mapping { 1667 if-feature "multicast"; 1668 description 1669 "Identity for multicast group mapping type."; 1670 } 1672 identity static-mapping { 1673 base multicast-gp-address-mapping; 1674 description 1675 "Identity for static mapping, i.e., attach the interface to the 1676 multicast group as a static member."; 1677 } 1679 identity dynamic-mapping { 1680 base multicast-gp-address-mapping; 1681 description 1682 "Identity for dynamic mapping, i.e., an interface is added to the 1683 multicast group as a result of snooping."; 1684 } 1686 identity multicast-tree-type { 1687 if-feature "multicast"; 1688 description 1689 "Base identity for multicast tree type."; 1690 } 1692 identity ssm-tree-type { 1693 base multicast-tree-type; 1694 description 1695 "Identity for Source-Specific Multicast (SSM) tree type."; 1696 } 1698 identity asm-tree-type { 1699 base multicast-tree-type; 1700 description 1701 "Identity for Any-Source Multicast (ASM) tree type."; 1702 } 1703 identity bidir-tree-type { 1704 base multicast-tree-type; 1705 description 1706 "Identity for bidirectional tree type."; 1707 } 1709 identity multicast-rp-discovery-type { 1710 if-feature "multicast"; 1711 description 1712 "Base identity for Rendezvous Point (RP) discovery type."; 1713 } 1715 identity auto-rp { 1716 base multicast-rp-discovery-type; 1717 description 1718 "Base identity for Auto-RP discovery type."; 1719 } 1721 identity static-rp { 1722 base multicast-rp-discovery-type; 1723 description 1724 "Base identity for static type."; 1725 } 1727 identity bsr-rp { 1728 base multicast-rp-discovery-type; 1729 description 1730 "Base identity for Bootstrap Router (BSR) discovery type."; 1731 } 1733 identity group-management-protocol { 1734 if-feature "multicast"; 1735 description 1736 "Identity for multicast group management protocol."; 1737 } 1739 identity igmp-proto { 1740 base group-management-protocol; 1741 description 1742 "Identity for IGMP."; 1743 reference 1744 "RFC 1112: Host Extensions for IP Multicasting 1745 RFC 2236: Internet Group Management Protocol, Version 2 1746 RFC 3376: Internet Group Management Protocol, Version 3"; 1747 } 1749 identity mld-proto { 1750 base group-management-protocol; 1751 description 1752 "Identity for MLD."; 1753 reference 1754 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6 1755 RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) 1756 for IPv6"; 1757 } 1759 identity pim-proto { 1760 if-feature "pim"; 1761 base routing-protocol-type; 1762 description 1763 "Identity for PIM."; 1764 reference 1765 "RFC 7761: Protocol Independent Multicast - Sparse Mode 1766 (PIM-SM): Protocol Specification (Revised)"; 1767 } 1769 identity igmp-version { 1770 if-feature "igmp"; 1771 description 1772 "Base identity for IGMP version."; 1773 } 1775 identity igmpv1 { 1776 base igmp-version; 1777 description 1778 "Identity for IGMPv1."; 1779 reference 1780 "RFC 1112: Host Extensions for IP Multicasting"; 1781 } 1783 identity igmpv2 { 1784 base igmp-version; 1785 description 1786 "Identity for IGMPv2."; 1787 reference 1788 "RFC 2236: Internet Group Management Protocol, Version 2"; 1789 } 1791 identity igmpv3 { 1792 base igmp-version; 1793 description 1794 "Identity for IGMPv2."; 1795 reference 1796 "RFC 3376: Internet Group Management Protocol, Version 3"; 1797 } 1798 identity mld-version { 1799 if-feature "mld"; 1800 description 1801 "Base identity for MLD version."; 1802 } 1804 identity mldv1 { 1805 base mld-version; 1806 description 1807 "Identity for MLDv1."; 1808 reference 1809 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6"; 1810 } 1812 identity mldv2 { 1813 base mld-version; 1814 description 1815 "Identity for MLDv2."; 1816 reference 1817 "RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) 1818 for IPv6"; 1819 } 1821 /* 1822 * Identities related to traffic types 1823 */ 1825 identity tf-type { 1826 description 1827 "Identity for the traffic type."; 1828 } 1830 identity multicast-traffic { 1831 base tf-type; 1832 description 1833 "Identity for multicast traffic."; 1834 } 1836 identity broadcast-traffic { 1837 base tf-type; 1838 description 1839 "Identity for broadcast traffic."; 1840 } 1842 identity unknown-unicast-traffic { 1843 base tf-type; 1844 description 1845 "Identity for unknown unicast traffic."; 1847 } 1849 /* 1850 * Identities related to customer applications 1851 */ 1853 identity customer-application { 1854 description 1855 "Base identity for customer applications."; 1856 } 1858 identity web { 1859 base customer-application; 1860 description 1861 "Identity for a Web application (e.g., HTTP, HTTPS)."; 1862 } 1864 identity mail { 1865 base customer-application; 1866 description 1867 "Identity for a mail application."; 1868 } 1870 identity file-transfer { 1871 base customer-application; 1872 description 1873 "Identity for a file transfer application (e.g., FTP, SFTP)."; 1874 } 1876 identity database { 1877 base customer-application; 1878 description 1879 "Identity for a database application."; 1880 } 1882 identity social { 1883 base customer-application; 1884 description 1885 "Identity for a social-network application."; 1886 } 1888 identity games { 1889 base customer-application; 1890 description 1891 "Identity for a gaming application."; 1892 } 1894 identity p2p { 1895 base customer-application; 1896 description 1897 "Identity for a peer-to-peer application."; 1898 } 1900 identity network-management { 1901 base customer-application; 1902 description 1903 "Identity for a management application (e.g., Telnet, syslog, 1904 SNMP)."; 1905 } 1907 identity voice { 1908 base customer-application; 1909 description 1910 "Identity for a voice application."; 1911 } 1913 identity video { 1914 base customer-application; 1915 description 1916 "Identity for a video conference application."; 1917 } 1919 identity embb { 1920 base customer-application; 1921 description 1922 "Identity for an enhanced Mobile Broadband (eMBB) application. 1923 Note that an eMBB application demands network performance with a 1924 wide variety of characteristics, such as data rate, latency, 1925 loss rate, reliability, and many other parameters."; 1926 } 1928 identity urllc { 1929 base customer-application; 1930 description 1931 "Identity for an Ultra-Reliable and Low Latency Communications 1932 (URLLC) application. Note that an URLLC application demands 1933 network performance with a wide variety of characteristics, such 1934 as latency, reliability, and many other parameters."; 1935 } 1937 identity mmtc { 1938 base customer-application; 1939 description 1940 "Identity for a massive Machine Type Communications (mMTC) 1941 application. Note that an mMTC application demands network 1942 performance with a wide variety of characteristics, such as data 1943 rate, latency, loss rate, reliability, and many other 1944 parameters."; 1945 } 1947 /* 1948 * Identities related to service bundling 1949 */ 1951 identity bundling-type { 1952 description 1953 "The base identity for the bundling type. It supports a subset or 1954 all CE-VLANs associated with an L2VPN service."; 1955 } 1957 identity multi-svc-bundling { 1958 base bundling-type; 1959 description 1960 "Identity for multi-service bundling, i.e., multiple C-VLAN IDs 1961 can be associated with an L2VPN service at a site."; 1962 } 1964 identity one2one-bundling { 1965 base bundling-type; 1966 description 1967 "Identity for one-to-one service bundling, i.e., each L2VPN can 1968 be associated with only one C-VLAN ID at a site."; 1969 } 1971 identity all2one-bundling { 1972 base bundling-type; 1973 description 1974 "Identity for all-to-one bundling, i.e., all C-VLAN IDs are mapped 1975 to one L2VPN service."; 1976 } 1978 /* 1979 * Identities related to Ethernet Services 1980 */ 1982 identity control-mode { 1983 description 1984 "Defines the type of control mode on Layer 2 Control Protocol 1985 (L2CP)."; 1986 } 1988 identity peer { 1989 base control-mode; 1990 description 1991 "'peer' mode, i.e., participate in the protocol towards the CE. 1992 Peering is common for Link Aggregation Control Protocol (LACP) 1993 and the Ethernet Local Management Interface (E-LMI) and, 1994 occasionally, for Link Layer Discovery Protocol (LLDP). 1995 For VPLSs and VPWSs, the subscriber can also request that the 1996 peer service provider enables spanning tree."; 1997 } 1999 identity tunnel { 2000 base control-mode; 2001 description 2002 "'tunnel' mode, i.e., pass to the egress or destination site. For 2003 Ethernet Private Lines (EPLs), the expectation is that L2CP 2004 frames are tunnelled."; 2005 } 2007 identity discard { 2008 base control-mode; 2009 description 2010 "Identity for 'discard' mode, i.e., discard the frame."; 2011 } 2013 identity neg-mode { 2014 description 2015 "Identity for the negotiation mode."; 2016 } 2018 identity full-duplex { 2019 base neg-mode; 2020 description 2021 "Identity for the full-duplex mode."; 2022 } 2024 identity auto-neg { 2025 base neg-mode; 2026 description 2027 "Identity for auto-negotiation mode."; 2028 } 2030 /******** Collection of VPN-related Types & Identities ********/ 2032 typedef vpn-id { 2033 type string; 2034 description 2035 "Defines an identifier that is used as a service identifier, 2036 for example."; 2037 } 2038 /* 2039 * Types related to Ethernet Services 2040 */ 2042 typedef ccm-priority-type { 2043 type uint8 { 2044 range "0..7"; 2045 } 2046 description 2047 "A 3-bit priority value to be used in the VLAN tag, 2048 if present in the transmitted frame."; 2049 } 2051 /******* VPN-related reusable groupings *******/ 2053 grouping vpn-description { 2054 description 2055 "Provides common VPN information."; 2056 leaf vpn-id { 2057 type vpn-id; 2058 description 2059 "VPN identifier. 2060 This identifier has a local meaning."; 2061 } 2062 leaf vpn-name { 2063 type string; 2064 description 2065 "A name used to refer to the VPN."; 2066 } 2067 leaf vpn-description { 2068 type string; 2069 description 2070 "Textual description of a VPN."; 2071 } 2072 leaf customer-name { 2073 type string; 2074 description 2075 "Name of the customer that actually uses the VPN."; 2076 } 2077 } 2079 grouping vpn-profile-cfg { 2080 description 2081 "Grouping for VPN Profile configuration."; 2082 container valid-provider-identifiers { 2083 description 2084 "Container for valid provider profile identifiers."; 2085 list external-connectivity-identifier { 2086 if-feature "external-connectivity"; 2087 key "id"; 2088 description 2089 "List for profile identifiers that uniquely identify profiles 2090 governing how external connectivity is provided to a VPN. 2091 A profile indicates the type of external connectivity 2092 (Internet, cloud, etc.), the sites/nodes that are associated 2093 with a connectivity profile, etc. A profile can also indicate 2094 filtering rules and/or address translation rules. Such 2095 features may involve PE, P, or dedicated nodes as a function 2096 of the deployment."; 2097 leaf id { 2098 type string; 2099 description 2100 "Identification of an external connectivity profile. It has 2101 a local administration meaning."; 2102 } 2103 } 2104 list encryption-profile-identifier { 2105 key "id"; 2106 description 2107 "List for encryption profile identifiers."; 2108 leaf id { 2109 type string; 2110 description 2111 "Identification of the encryption profile to be used. It 2112 has a local administration meaning."; 2113 } 2114 } 2115 list qos-profile-identifier { 2116 key "id"; 2117 description 2118 "List for QoS Profile Identifiers."; 2119 leaf id { 2120 type string; 2121 description 2122 "Identification of the QoS profile to be used. It has 2123 a local administration meaning."; 2124 } 2125 } 2126 list bfd-profile-identifier { 2127 key "id"; 2128 description 2129 "List for BFD profile identifiers."; 2130 leaf id { 2131 type string; 2132 description 2133 "Identification of the BFD profile to be used. 2135 This identifier has a local administration meaning."; 2136 } 2137 } 2138 list forwarding-profile-identifier { 2139 key "id"; 2140 description 2141 "List for forwarding profile identifiers."; 2142 leaf id { 2143 type string; 2144 description 2145 "Identification of the Forwrding Profile Filter to be used. 2146 Local administration meaning."; 2147 } 2148 } 2149 list routing-profile-identifier { 2150 key "id"; 2151 description 2152 "List for Routing Profile Identifiers."; 2153 leaf id { 2154 type string; 2155 description 2156 "Identification of the routing profile to be used by the 2157 routing protocols within sites, vpn-network-accesses, or 2158 vpn-nodes for refering VRF's import/export policies. 2160 This identifier has a local meaning."; 2161 } 2162 } 2163 nacm:default-deny-write; 2164 } 2165 } 2167 grouping status-timestamp { 2168 description 2169 "This grouping defines some operational parameters for the 2170 service."; 2171 leaf status { 2172 type identityref { 2173 base operational-status; 2174 } 2175 config false; 2176 description 2177 "Operations status."; 2178 } 2179 leaf last-updated { 2180 type yang:date-and-time; 2181 config false; 2182 description 2183 "Indicates the actual date and time of the service status 2184 change."; 2185 } 2186 } 2188 grouping service-status { 2189 description 2190 "Service status grouping."; 2191 container status { 2192 description 2193 "Service status."; 2194 container admin-status { 2195 description 2196 "Administrative service status."; 2197 leaf status { 2198 type identityref { 2199 base administrative-status; 2200 } 2201 description 2202 "Administrative service status."; 2203 } 2204 leaf last-updated { 2205 type yang:date-and-time; 2206 description 2207 "Indicates the actual date and time of the service status 2208 change."; 2209 } 2210 } 2211 container oper-status { 2212 description 2213 "Operational service status."; 2214 uses status-timestamp; 2215 } 2216 } 2217 } 2219 grouping underlay-transport { 2220 description 2221 "This grouping defines the type of underlay transport for the 2222 VPN service. It can include an identifier to an abstract 2223 transport instance to which the VPN is grafted or indicate a 2224 technical implementation that is expressed as an ordered list 2225 of protocols."; 2226 choice type { 2227 description 2228 "A choice based on the type of underlay transport 2229 constraints."; 2230 case abstract { 2231 description 2232 "Indicates that the transport constraint is an abstract 2233 concept."; 2234 leaf transport-instance-id { 2235 type string; 2236 description 2237 "Includes an identifier of an abstract transport instance."; 2238 } 2239 leaf instance-type { 2240 type identityref { 2241 base transport-instance-type; 2242 } 2243 description 2244 "Indicates a transport instance type. For example, it can 2245 be a VPN+, an IETF network slice, a virtual network, etc."; 2246 } 2247 } 2248 case protocol { 2249 description 2250 "Indicates a list of protocols."; 2251 leaf-list protocol { 2252 type identityref { 2253 base protocol-type; 2254 } 2255 ordered-by user; 2256 description 2257 "Indicates an ordered-by user list of transport protocols."; 2258 } 2259 } 2260 } 2261 } 2263 grouping vpn-route-targets { 2264 description 2265 "A grouping that specifies Route Target (RT) import-export rules 2266 used in a BGP-enabled VPN."; 2267 reference 2268 "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs) 2269 RFC 4664: Framework for Layer 2 Virtual Private Networks 2270 (L2VPNs)"; 2271 list vpn-target { 2272 key "id"; 2273 description 2274 "Route targets. AND/OR operations are available 2275 based on the RTs assigment."; 2276 leaf id { 2277 type int8; 2278 description 2279 "Identifies each VPN Target."; 2280 } 2281 list route-targets { 2282 key "route-target"; 2283 description 2284 "List of RTs."; 2285 leaf route-target { 2286 type rt-types:route-target; 2287 description 2288 "Conveys an RT value."; 2289 } 2290 } 2291 leaf route-target-type { 2292 type rt-types:route-target-type; 2293 mandatory true; 2294 description 2295 "Import/export type of the RT."; 2296 } 2297 } 2298 container vpn-policies { 2299 description 2300 "VPN policies."; 2301 leaf import-policy { 2302 type string; 2303 description 2304 "Defines the 'import' policy."; 2305 } 2306 leaf export-policy { 2307 type string; 2308 description 2309 "Defines the 'export' policy."; 2310 } 2311 } 2312 } 2314 grouping route-distinguisher { 2315 description 2316 "Grouping for route distinguisher (RD)."; 2317 choice rd-choice { 2318 description 2319 "Route distinguisher choice between several options 2320 on providing the route distinguisher value."; 2321 case directly-assigned { 2322 description 2323 "Explicitly assign an RD value."; 2324 leaf rd { 2325 type rt-types:route-distinguisher; 2326 description 2327 "Indicates an RD value that is explicitly 2328 assigned."; 2329 } 2330 } 2331 case directly-assigned-suffix { 2332 description 2333 "Explicitly the value of the Assigned Number subfield 2334 of the RD. The Administrator subfield of the RD will 2335 be based on other configuration information such as 2336 router-id or ASN."; 2337 leaf rd-suffix { 2338 type uint16; 2339 description 2340 "Indicates the value of the Assigned Number 2341 subfield that is explicitly assigned."; 2342 } 2343 } 2344 case auto-assigned { 2345 description 2346 "The RD is auto-assigned."; 2347 container rd-auto { 2348 description 2349 "The RD is auto-assigned."; 2350 choice auto-mode { 2351 description 2352 "Indicates the auto-assignment mode. RD can be 2353 automatically assigned either with or without 2354 indicating a pool from which the RD should be 2355 taken. 2357 For both cases, the server will auto-assign an RD 2358 value 'auto-assigned-rd' and use that value 2359 operationally."; 2360 case from-pool { 2361 leaf rd-pool-name { 2362 type string; 2363 description 2364 "The auto-assignment will be made from the pool 2365 identified by the rd-pool-name."; 2366 } 2367 } 2368 case full-auto { 2369 leaf auto { 2370 type empty; 2371 description 2372 "Indicates an RD is fully auto-assigned."; 2373 } 2374 } 2376 } 2377 leaf auto-assigned-rd { 2378 type rt-types:route-distinguisher; 2379 config false; 2380 description 2381 "The value of the auto-assigned RD."; 2382 } 2383 } 2384 } 2385 case auto-assigned-suffix { 2386 description 2387 "The value of the Assigned Number subfield will 2388 be auto-assigned. The Administrator subfield 2389 will be based on other configuration information such as 2390 router-id or ASN."; 2391 container rd-auto-suffix { 2392 description 2393 "The Assigned Number subfield is auto-assigned."; 2394 choice auto-mode { 2395 description 2396 "Indicates the auto-assignment mode of the Assigned Number 2397 subfield. This number can be automatically assigned 2398 either with or without indicating a pool from which 2399 the value should be taken. 2401 For both cases, the server will auto-assign 2402 'auto-assigned-rd-suffix' and use that value to build 2403 the RD that will be used operationally."; 2404 case from-pool { 2405 leaf rd-pool-name { 2406 type string; 2407 description 2408 "The assignment will be made from the pool identified 2409 by the rd-pool-name."; 2410 } 2411 } 2412 case full-auto { 2413 leaf auto { 2414 type empty; 2415 description 2416 "Indicates that the Assigned Number is fully auto 2417 assigned."; 2418 } 2419 } 2420 } 2421 leaf auto-assigned-rd-suffix { 2422 type uint16; 2423 config false; 2424 description 2425 "Includes the value of the Assigned Number subfield that 2426 is auto-assigned ."; 2427 } 2428 } 2429 } 2430 case no-rd { 2431 description 2432 "Use the empty type to indicate RD has no value and is not to 2433 be auto-assigned."; 2434 leaf no-rd { 2435 type empty; 2436 description 2437 "No RD is assigned."; 2438 } 2439 } 2440 } 2441 } 2443 grouping vpn-components-group { 2444 description 2445 "Grouping definition to assign group-ids to associate VPN nodes, 2446 sites, or network accesses."; 2447 container groups { 2448 description 2449 "Lists the groups to which a VPN node,a site, or a network 2450 access belongs to."; 2451 list group { 2452 key "group-id"; 2453 description 2454 "List of group-ids."; 2455 leaf group-id { 2456 type string; 2457 description 2458 "Is the group-id to which a VPN node, a site, or a network 2459 access belongs to."; 2460 } 2461 } 2462 } 2463 } 2465 grouping placement-constraints { 2466 description 2467 "Constraints for placing a network access."; 2468 list constraint { 2469 key "constraint-type"; 2470 description 2471 "List of constraints."; 2473 leaf constraint-type { 2474 type identityref { 2475 base placement-diversity; 2476 } 2477 description 2478 "Diversity constraint type."; 2479 } 2480 container target { 2481 description 2482 "The constraint will apply against this list of groups."; 2483 choice target-flavor { 2484 description 2485 "Choice for the group definition."; 2486 case id { 2487 list group { 2488 key "group-id"; 2489 description 2490 "List of groups."; 2491 leaf group-id { 2492 type string; 2493 description 2494 "The constraint will apply against this particular 2495 group-id."; 2496 } 2497 } 2498 } 2499 case all-accesses { 2500 leaf all-other-accesses { 2501 type empty; 2502 description 2503 "The constraint will apply against all other network 2504 accesses of a site."; 2505 } 2506 } 2507 case all-groups { 2508 leaf all-other-groups { 2509 type empty; 2510 description 2511 "The constraint will apply against all other groups that 2512 the customer is managing."; 2513 } 2514 } 2515 } 2516 } 2517 } 2518 } 2520 grouping ports { 2521 description 2522 "Choice of specifying a source or destination port numbers."; 2523 choice source-port { 2524 description 2525 "Choice of specifying the source port or referring to a group 2526 of source port numbers."; 2527 container source-port-range-or-operator { 2528 description 2529 "Source port definition."; 2530 uses packet-fields:port-range-or-operator; 2531 } 2532 } 2533 choice destination-port { 2534 description 2535 "Choice of specifying a destination port or referring to a group 2536 of destination port numbers."; 2537 container destination-port-range-or-operator { 2538 description 2539 "Destination port definition."; 2540 uses packet-fields:port-range-or-operator; 2541 } 2542 } 2543 } 2545 grouping qos-classification-policy { 2546 description 2547 "Configuration of the traffic classification policy."; 2548 list rule { 2549 key "id"; 2550 ordered-by user; 2551 description 2552 "List of marking rules."; 2553 leaf id { 2554 type string; 2555 description 2556 "An identifier of the QoS classification policy rule."; 2557 } 2558 choice match-type { 2559 default "match-flow"; 2560 description 2561 "Choice for classification."; 2562 case match-flow { 2563 choice l3 { 2564 description 2565 "Either IPv4 or IPv6."; 2566 container ipv4 { 2567 description 2568 "Rule set that matches IPv4 header."; 2570 uses packet-fields:acl-ip-header-fields; 2571 uses packet-fields:acl-ipv4-header-fields; 2572 } 2573 container ipv6 { 2574 description 2575 "Rule set that matches IPv6 header."; 2576 uses packet-fields:acl-ip-header-fields; 2577 uses packet-fields:acl-ipv6-header-fields; 2578 } 2579 } 2580 choice l4 { 2581 description 2582 "Includes Layer 4 specific information. 2583 This version focuses on TCP and UDP."; 2584 container tcp { 2585 description 2586 "Rule set that matches TCP header."; 2587 uses packet-fields:acl-tcp-header-fields; 2588 uses ports; 2589 } 2590 container udp { 2591 description 2592 "Rule set that matches UDP header."; 2593 uses packet-fields:acl-udp-header-fields; 2594 uses ports; 2595 } 2596 } 2597 } 2598 case match-application { 2599 leaf match-application { 2600 type identityref { 2601 base customer-application; 2602 } 2603 description 2604 "Defines the application to match."; 2605 } 2606 } 2607 } 2608 leaf target-class-id { 2609 if-feature "qos"; 2610 type string; 2611 description 2612 "Identification of the class of service. This identifier is 2613 internal to the administration."; 2614 } 2615 } 2616 } 2617 } 2618 2620 5. Security Considerations 2622 The YANG modules specified in this document define schemas for data 2623 that is designed to be accessed via network management protocols such 2624 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 2625 is the secure transport layer, and the mandatory-to-implement secure 2626 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 2627 is HTTPS, and the mandatory-to-implement secure transport is TLS 2628 [RFC8446]. 2630 The Network Configuration Access Control Model (NACM) [RFC8341] 2631 provides the means to restrict access for particular NETCONF or 2632 RESTCONF users to a preconfigured subset of all available NETCONF or 2633 RESTCONF protocol operations and content. 2635 The "ietf-vpn-common" module defines a set of identities, types, and 2636 groupings. These nodes are intended to be reused by other YANG 2637 modules. The module does not expose by itself any data nodes which 2638 are writable, contain read-only state, or RPCs. As such, there are 2639 no additional security issues to be considered relating to the "ietf- 2640 vpn-common" module. 2642 6. IANA Considerations 2644 This document requests IANA to register the following URI in the "ns" 2645 subregistry within the "IETF XML Registry" [RFC3688]: 2647 URI: urn:ietf:params:xml:ns:yang:ietf-vpn-common 2648 Registrant Contact: The IESG. 2649 XML: N/A; the requested URI is an XML namespace. 2651 This document requests IANA to register the following YANG module in 2652 the "YANG Module Names" subregistry [RFC6020] within the "YANG 2653 Parameters" registry. 2655 name: ietf-vpn-common 2656 namespace: urn:ietf:params:xml:ns:yang:ietf-vpn-common 2657 maintained by IANA: N 2658 prefix: vpn-common 2659 reference: RFC XXXX 2661 7. Acknowledgements 2663 During the discussions of this work, helpful comments and reviews 2664 were received from (listed alphabetically): Alejandro Aguado, Raul 2665 Arco, Miguel Cros Cecilia, Joe Clarke, Dhruv Dhody, Adrian Farrel, 2666 Roque Gagliano, Christian Jacquenet, Kireeti Kompella, Julian Lucek, 2667 Erez Segev, and Paul Sherratt. Many thanks to them. 2669 This work is partially supported by the European Commission under 2670 Horizon 2020 grant agreement number 101015857 Secured autonomic 2671 traffic management for a Tera of SDN flows (Teraflow). 2673 Many thanks to Radek Krejci for the yangdoctors review, Wesley Eddy 2674 for the tsvart review, and Ron Bonica for the Rtgdir review. 2676 8. Contributors 2678 Italo Busi 2679 Huawei Technologies 2680 Email: Italo.Busi@huawei.com 2682 Luis Angel Munoz 2683 Vodafone 2684 Email: luis-angel.munoz@vodafone.com 2686 Victor Lopez Alvarez 2687 Telefonica 2688 Email: victor.lopezalvarez@telefonica.com 2690 9. References 2692 9.1. Normative References 2694 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2695 DOI 10.17487/RFC3688, January 2004, 2696 . 2698 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2699 the Network Configuration Protocol (NETCONF)", RFC 6020, 2700 DOI 10.17487/RFC6020, October 2010, 2701 . 2703 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2704 and A. Bierman, Ed., "Network Configuration Protocol 2705 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2706 . 2708 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2709 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2710 . 2712 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2713 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2714 . 2716 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2717 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2718 . 2720 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2721 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2722 . 2724 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 2725 "Common YANG Data Types for the Routing Area", RFC 8294, 2726 DOI 10.17487/RFC8294, December 2017, 2727 . 2729 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2730 Access Control Model", STD 91, RFC 8341, 2731 DOI 10.17487/RFC8341, March 2018, 2732 . 2734 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2735 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2736 . 2738 [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 2739 "YANG Data Model for Network Access Control Lists (ACLs)", 2740 RFC 8519, DOI 10.17487/RFC8519, March 2019, 2741 . 2743 9.2. Informative References 2745 [I-D.ietf-opsawg-l2nm] 2746 barguil, s., Dios, O., Boucadair, M., Munoz, L., Jalil, 2747 L., and J. Ma, "A Layer 2 VPN Network YANG Model", draft- 2748 ietf-opsawg-l2nm-01 (work in progress), November 2020. 2750 [I-D.ietf-opsawg-l3sm-l3nm] 2751 barguil, s., Dios, O., Boucadair, M., Munoz, L., and A. 2752 Aguado, "A Layer 3 VPN Network YANG Model", draft-ietf- 2753 opsawg-l3sm-l3nm-05 (work in progress), October 2020. 2755 [I-D.ietf-teas-actn-vn-yang] 2756 Lee, Y., Dhody, D., Ceccarelli, D., Bryskin, I., and B. 2757 Yoon, "A YANG Data Model for VN Operation", draft-ietf- 2758 teas-actn-vn-yang-10 (work in progress), November 2020. 2760 [I-D.ietf-teas-enhanced-vpn] 2761 Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A 2762 Framework for Enhanced Virtual Private Networks (VPN+) 2763 Service", draft-ietf-teas-enhanced-vpn-06 (work in 2764 progress), July 2020. 2766 [I-D.ietf-teas-ietf-network-slice-framework] 2767 Gray, E. and J. Drake, "Framework for IETF Network 2768 Slices", March 2021, . 2771 [IEEE802.1ad] 2772 "Virtual Bridged Local Area Networks Amendment 4: Provider 2773 Bridges", IEEE Std 802.1ad-2005, 2006. 2775 [IEEE802.1AX] 2776 "Link Aggregation", IEEE Std 802.1AX-2020, 2020. 2778 [IEEE802.1Q] 2779 "Bridges and Bridged Networks", IEEE Std 802.1Q-2018, July 2780 2018. 2782 [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, 2783 RFC 1112, DOI 10.17487/RFC1112, August 1989, 2784 . 2786 [RFC1701] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic 2787 Routing Encapsulation (GRE)", RFC 1701, 2788 DOI 10.17487/RFC1701, October 1994, 2789 . 2791 [RFC1702] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic 2792 Routing Encapsulation over IPv4 networks", RFC 1702, 2793 DOI 10.17487/RFC1702, October 1994, 2794 . 2796 [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, 2797 DOI 10.17487/RFC2003, October 1996, 2798 . 2800 [RFC2236] Fenner, W., "Internet Group Management Protocol, Version 2801 2", RFC 2236, DOI 10.17487/RFC2236, November 1997, 2802 . 2804 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 2805 IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, 2806 December 1998, . 2808 [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast 2809 Listener Discovery (MLD) for IPv6", RFC 2710, 2810 DOI 10.17487/RFC2710, October 1999, 2811 . 2813 [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., 2814 and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP 2815 Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001, 2816 . 2818 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 2819 Thyagarajan, "Internet Group Management Protocol, Version 2820 3", RFC 3376, DOI 10.17487/RFC3376, October 2002, 2821 . 2823 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 2824 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 2825 DOI 10.17487/RFC3810, June 2004, 2826 . 2828 [RFC3931] Lau, J., Ed., Townsley, M., Ed., and I. Goyret, Ed., 2829 "Layer Two Tunneling Protocol - Version 3 (L2TPv3)", 2830 RFC 3931, DOI 10.17487/RFC3931, March 2005, 2831 . 2833 [RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned Virtual 2834 Private Network (VPN) Terminology", RFC 4026, 2835 DOI 10.17487/RFC4026, March 2005, 2836 . 2838 [RFC4176] El Mghazli, Y., Ed., Nadeau, T., Boucadair, M., Chan, K., 2839 and A. Gonguet, "Framework for Layer 3 Virtual Private 2840 Networks (L3VPN) Operations and Management", RFC 4176, 2841 DOI 10.17487/RFC4176, October 2005, 2842 . 2844 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 2845 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 2846 2006, . 2848 [RFC4577] Rosen, E., Psenak, P., and P. Pillay-Esnault, "OSPF as the 2849 Provider/Customer Edge Protocol for BGP/MPLS IP Virtual 2850 Private Networks (VPNs)", RFC 4577, DOI 10.17487/RFC4577, 2851 June 2006, . 2853 [RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer 2854 2 Virtual Private Networks (L2VPNs)", RFC 4664, 2855 DOI 10.17487/RFC4664, September 2006, 2856 . 2858 [RFC4761] Kompella, K., Ed. and Y. Rekhter, Ed., "Virtual Private 2859 LAN Service (VPLS) Using BGP for Auto-Discovery and 2860 Signaling", RFC 4761, DOI 10.17487/RFC4761, January 2007, 2861 . 2863 [RFC4762] Lasserre, M., Ed. and V. Kompella, Ed., "Virtual Private 2864 LAN Service (VPLS) Using Label Distribution Protocol (LDP) 2865 Signaling", RFC 4762, DOI 10.17487/RFC4762, January 2007, 2866 . 2868 [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", 2869 RFC 4960, DOI 10.17487/RFC4960, September 2007, 2870 . 2872 [RFC5036] Andersson, L., Ed., Minei, I., Ed., and B. Thomas, Ed., 2873 "LDP Specification", RFC 5036, DOI 10.17487/RFC5036, 2874 October 2007, . 2876 [RFC5798] Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP) 2877 Version 3 for IPv4 and IPv6", RFC 5798, 2878 DOI 10.17487/RFC5798, March 2010, 2879 . 2881 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 2882 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 2883 . 2885 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 2886 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 2887 2012, . 2889 [RFC6624] Kompella, K., Kothari, B., and R. Cherukuri, "Layer 2 2890 Virtual Private Networks Using BGP for Auto-Discovery and 2891 Signaling", RFC 6624, DOI 10.17487/RFC6624, May 2012, 2892 . 2894 [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, 2895 L., Sridhar, T., Bursell, M., and C. Wright, "Virtual 2896 eXtensible Local Area Network (VXLAN): A Framework for 2897 Overlaying Virtualized Layer 2 Networks over Layer 3 2898 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, 2899 . 2901 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 2902 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 2903 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 2904 2015, . 2906 [RFC7510] Xu, X., Sheth, N., Yong, L., Callon, R., and D. Black, 2907 "Encapsulating MPLS in UDP", RFC 7510, 2908 DOI 10.17487/RFC7510, April 2015, 2909 . 2911 [RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W. 2912 Henderickx, "Provider Backbone Bridging Combined with 2913 Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623, 2914 September 2015, . 2916 [RFC7676] Pignataro, C., Bonica, R., and S. Krishnan, "IPv6 Support 2917 for Generic Routing Encapsulation (GRE)", RFC 7676, 2918 DOI 10.17487/RFC7676, October 2015, 2919 . 2921 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 2922 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 2923 Multicast - Sparse Mode (PIM-SM): Protocol Specification 2924 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 2925 2016, . 2927 [RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J. 2928 Rabadan, "Virtual Private Wire Service Support in Ethernet 2929 VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017, 2930 . 2932 [RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address 2933 Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017, 2934 . 2936 [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, 2937 "YANG Data Model for L3VPN Service Delivery", RFC 8299, 2938 DOI 10.17487/RFC8299, January 2018, 2939 . 2941 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2942 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2943 . 2945 [RFC8365] Sajassi, A., Ed., Drake, J., Ed., Bitar, N., Shekhar, R., 2946 Uttaro, J., and W. Henderickx, "A Network Virtualization 2947 Overlay Solution Using Ethernet VPN (EVPN)", RFC 8365, 2948 DOI 10.17487/RFC8365, March 2018, 2949 . 2951 [RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for 2952 Abstraction and Control of TE Networks (ACTN)", RFC 8453, 2953 DOI 10.17487/RFC8453, August 2018, 2954 . 2956 [RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG 2957 Data Model for Layer 2 Virtual Private Network (L2VPN) 2958 Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October 2959 2018, . 2961 [RFC8512] Boucadair, M., Ed., Sivakumar, S., Jacquenet, C., 2962 Vinapamula, S., and Q. Wu, "A YANG Module for Network 2963 Address Translation (NAT) and Network Prefix Translation 2964 (NPT)", RFC 8512, DOI 10.17487/RFC8512, January 2019, 2965 . 2967 [RFC8660] Bashandy, A., Ed., Filsfils, C., Ed., Previdi, S., 2968 Decraene, B., Litkowski, S., and R. Shakir, "Segment 2969 Routing with the MPLS Data Plane", RFC 8660, 2970 DOI 10.17487/RFC8660, December 2019, 2971 . 2973 [RFC8663] Xu, X., Bryant, S., Farrel, A., Hassan, S., Henderickx, 2974 W., and Z. Li, "MPLS Segment Routing over IP", RFC 8663, 2975 DOI 10.17487/RFC8663, December 2019, 2976 . 2978 [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., 2979 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 2980 (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, 2981 . 2983 [RFC8926] Gross, J., Ed., Ganga, I., Ed., and T. Sridhar, Ed., 2984 "Geneve: Generic Network Virtualization Encapsulation", 2985 RFC 8926, DOI 10.17487/RFC8926, November 2020, 2986 . 2988 Appendix A. Example of Common Data Nodes in Early L2NM/L3NM Designs 2990 Subtrees of early versions of the L3NM and L2NM are shown in 2991 Figure 5. 2993 module: ietf-l2vpn-ntw 2994 +--rw vpn-services 2995 +--rw vpn-service* [vpn-id] 2996 +--rw vpn-id svc-id 2997 +--rw vpn-svc-type? identityref 2998 +--rw customer-name? string 2999 +--rw svc-topo? identityref 3000 +-rw service-status 3001 | +-rw admin 3002 | | +-rw status? operational-type 3003 | | +-rw timestamp? yang:date-and-time 3004 | +-ro ops 3005 | +-ro status? operational-type 3006 | +-ro timestamp? yang:date-and-time 3007 | ... 3009 module: ietf-l3vpn-ntw 3010 +--rw vpn-services 3011 +--rw vpn-service* [vpn-id] 3012 +-rw service-status 3013 | +-rw admin 3014 | | +-rw status? operational-type 3015 | | +-rw timestamp? yang:date-and-time 3016 | +-ro ops 3017 | +-ro status? operational-type 3018 | +-ro timestamp? yang:date-and-time 3019 +--rw vpn-id l3vpn-svc:svc-id 3020 +--rw l3sm-vpn-id? l3vpn-svc:svc-id 3021 +--rw customer-name? string 3022 +--rw vpn-service-topology? identityref 3023 +--rw description? string 3024 | ... 3026 Figure 5: Example of Common Data Nodes in Both L2NM/L3NM 3028 In order to avoid data nodes duplication and to ease passing data 3029 among layers (i.e., from the service layer to the network layer and 3030 vice versa), early versions of the L3NM reused many of the data nodes 3031 that are defined in the L3SM. Nevertheless, that approach was 3032 abandoned because that design was interpreted as if the deployment of 3033 L3NM depends on L3SM, while this is not required. For example, a 3034 service provider may decide to use the L3NM to build its L3VPN 3035 services without exposing the L3SM to customers. 3037 Likewise, early versions of the L2NM reused many of the data nodes 3038 that are defined in both L2SM and L3NM. An example of L3NM groupings 3039 reused in L2NM is shown in Figure 6. Such data nodes reuse was 3040 interpreted as if the deployment of the L2NM requires the support of 3041 the L3NM; which is not required. 3043 module ietf-l2vpn-ntw { 3044 ... 3045 import ietf-l3vpn-ntw { 3046 prefix l3vpn-ntw; 3047 reference 3048 "RFC NNNN: A Layer 3 VPN Network YANG Model"; 3049 } 3050 ... 3051 container l2vpn-ntw { 3052 ... 3053 container vpn-services { 3054 list vpn-service { 3055 ... 3056 uses l3vpn-ntw:service-status; 3057 uses l3vpn-ntw:svc-transport-encapsulation; 3058 ... 3059 } 3060 } 3061 ... 3062 } 3063 } 3065 Figure 6: Excerpt from the L2NM YANG Module 3067 Authors' Addresses 3069 Samier Barguil 3070 Telefonica 3071 Madrid 3072 Spain 3074 Email: samier.barguilgiraldo.ext@telefonica.com 3076 Oscar Gonzalez de Dios (editor) 3077 Telefonica 3078 Madrid 3079 Spain 3081 Email: oscar.gonzalezdedios@telefonica.com 3082 Mohamed Boucadair (editor) 3083 Orange 3084 France 3086 Email: mohamed.boucadair@orange.com 3088 Qin Wu 3089 Huawei 3090 101 Software Avenue, Yuhua District 3091 Nanjing, Jiangsu 210012 3092 China 3094 Email: bill.wu@huawei.com