idnits 2.17.1 draft-ietf-opsawg-vpn-common-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 1 character in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 235 has weird spacing: '...et-type rt-...' == Line 412 has weird spacing: '...er-port ine...' == Line 413 has weird spacing: '...er-port ine...' == Line 422 has weird spacing: '...er-port ine...' == Line 423 has weird spacing: '...er-port ine...' -- The document date (July 15, 2021) is 1016 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-19) exists of draft-ietf-opsawg-l2nm-02 == Outdated reference: A later version (-18) exists of draft-ietf-opsawg-l3sm-l3nm-08 == Outdated reference: A later version (-24) exists of draft-ietf-teas-actn-vn-yang-11 == Outdated reference: A later version (-17) exists of draft-ietf-teas-enhanced-vpn-07 -- Obsolete informational reference (is this intentional?): RFC 4960 (Obsoleted by RFC 9260) Summary: 1 error (**), 0 flaws (~~), 10 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 opsawg S. Barguil 3 Internet-Draft O. Gonzalez de Dios, Ed. 4 Intended status: Standards Track Telefonica 5 Expires: January 16, 2022 M. Boucadair, Ed. 6 Orange 7 Q. Wu 8 Huawei 9 July 15, 2021 11 A Layer 2/3 VPN Common YANG Model 12 draft-ietf-opsawg-vpn-common-09 14 Abstract 16 This document defines a common YANG module that is meant to be reused 17 by various VPN-related modules such as Layer 3 VPN and Layer 2 VPN 18 network models. 20 Editorial Note (To be removed by RFC Editor) 22 Please update these statements within the document with the RFC 23 number to be assigned to this document: 25 o "This version of this YANG module is part of RFC XXXX;" 27 o "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 29 o reference: RFC XXXX 31 Also, please update the "revision" date of the YANG module. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on January 16, 2022. 50 Copyright Notice 52 Copyright (c) 2021 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. Description of the VPN Common YANG Module . . . . . . . . . . 3 70 4. Layer 2/3 VPN Common Module . . . . . . . . . . . . . . . . . 13 71 5. Security Considerations . . . . . . . . . . . . . . . . . . . 58 72 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 59 73 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 59 74 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 59 75 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 60 76 9.1. Normative References . . . . . . . . . . . . . . . . . . 60 77 9.2. Informative References . . . . . . . . . . . . . . . . . 61 78 Appendix A. Example of Common Data Nodes in Early L2NM/L3NM 79 Designs . . . . . . . . . . . . . . . . . . . . . . 67 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 68 82 1. Introduction 84 The IETF has specified YANG data modules for VPN services, e.g., 85 Layer 3 VPN Service Model (L3SM) [RFC8299] or Layer 2 VPN Service 86 Model (L2SM) [RFC8466]. Other relevant YANG models are the Layer 3 87 VPN Network Model (L3NM) [I-D.ietf-opsawg-l3sm-l3nm] and the Layer 2 88 VPN Network Model (L2NM) [I-D.ietf-opsawg-l2nm]. There are common 89 data nodes and structures that are present in all of these models or 90 at least a subset of them. 92 This document defines a common YANG module that is meant to be reused 93 by various VPN-related modules such as L3NM 94 [I-D.ietf-opsawg-l3sm-l3nm] and L2NM [I-D.ietf-opsawg-l2nm]: "ietf- 95 vpn-common" (Section 4). 97 The "ietf-vpn-common" module includes a set of identities, types, and 98 groupings that are meant to be reused by other VPN-related YANG 99 modules independently of their layer (e.g., Layer 2, Layer 3) and the 100 type of the module (e.g., network model, service model) including 101 possible future revisions of existing models (e.g., L3SM [RFC8299] or 102 L2SM [RFC8466]). 104 2. Terminology 106 The terminology for describing YANG modules is defined in [RFC7950]. 108 The meaning of the symbols in tree diagrams is defined in [RFC8340]. 110 The reader may refer to [RFC4026] and [RFC4176] for VPN-related 111 terms. 113 3. Description of the VPN Common YANG Module 115 The "ietf-vpn-common" module defines a set of common VPN-related 116 features, including: 118 Encapsulation features such as: 120 * Dot1q [IEEE802.1Q], 122 * QinQ [IEEE802.1ad], 124 * link aggregation [IEEE802.1AX], and 126 * Virtual eXtensible Local Area Network (VXLAN) [RFC7348]. 128 Multicast [RFC6513]. 130 Routing features such as: 132 * BGP [RFC4271], 134 * OSPF [RFC4577][RFC6565], 136 * IS-IS [ISO10589], 138 * RIP [RFC2080][RFC2453], 140 * Bidirectional Forwarding Detection (BFD) [RFC5880], and 142 * Virtual Router Redundancy Protocol (VRRP) [RFC5798]. 144 Also, the module defines a set of identities, including: 146 'service-type': Used to identify the VPN service type. Examples of 147 supported service types are: 149 * L3VPN, 151 * Virtual Private LAN Service (VPLS) using BGP [RFC4761], 153 * VPLS using Label Distribution Protocol (LDP) [RFC4762], 155 * Virtual Private Wire Service (VPWS) [RFC8214], 157 * BGP MPLS-Based Ethernet VPN [RFC7432], 159 * Ethernet VPN (EVPN) [RFC8365], and 161 * Provider Backbone Bridging Combined with Ethernet VPN (PBB- 162 EVPN) [RFC7623]. 164 'vpn-signaling-type': Used to identify the signaling mode used for a 165 given service type. Examples of supported VPN signaling types 166 are: 168 * L2VPNs using BGP [RFC6624]. 170 * LDP [RFC5036], and 172 * Layer Two Tunneling Protocol (L2TP) [RFC3931]. 174 The module covers both IPv4 [RFC0791] and IPv6 [RFC8200] identities. 175 It also includes multicast related identities such as Internet Group 176 Management Protocol version 1 (IGMPv1) [RFC1112], IGMPv2 [RFC2236], 177 IGMPv3 [RFC3376], Multicast Listener Discovery version 1 (MLDv1) 178 [RFC2710], MLDv2 [RFC3810], and Protocol Independent Multicast (PIM) 179 [RFC7761]. 181 The reader should refer to Section 4 for the full list of supported 182 identities (identities related to address families, VPN topologies, 183 network access types, operational and administrative status, site or 184 node roles, VPN service constraints, routing protocols, routes 185 imports and exports, bandwidth and Quality of Service (QoS), etc.). 187 The "ietf-vpn-common" module also contains a set of reusable VPN- 188 related groupings. The tree diagram of the "ietf-vpn-common" module 189 that depicts the common groupings is provided in Figure 1. 191 module: ietf-vpn-common 193 grouping vpn-description 194 +-- vpn-id? vpn-id 195 +-- vpn-name? string 196 +-- vpn-description? string 197 +-- customer-name? string 198 grouping vpn-profile-cfg 199 +-- valid-provider-identifiers 200 +-- external-connectivity-identifier* [id] 201 | {external-connectivity}? 202 | +-- id? string 203 +-- encryption-profile-identifier* [id] 204 | +-- id? string 205 +-- qos-profile-identifier* [id] 206 | +-- id? string 207 +-- bfd-profile-identifier* [id] 208 | +-- id? string 209 +-- forwarding-profile-identifier* [id] 210 | +-- id? string 211 +-- routing-profile-identifier* [id] 212 +-- id? string 213 grouping oper-status-timestamp 214 +--ro status? identityref 215 +--ro last-change? yang:date-and-time 216 grouping service-status 217 +-- status 218 +-- admin-status 219 | +-- status? identityref 220 | +-- last-change? yang:date-and-time 221 +-- oper-status 222 +--ro status? identityref 223 +--ro last-change? yang:date-and-time 224 grouping underlay-transport 225 +-- (type)? 226 +--:(abstract) 227 | +-- transport-instance-id? string 228 +--:(protocol) 229 +-- protocol* identityref 230 grouping vpn-route-targets 231 +-- vpn-target* [id] 232 | +-- id? int8 233 | +-- route-targets* [route-target] 234 | | +-- route-target? rt-types:route-target 235 | +-- route-target-type rt-types:route-target-type 236 +-- vpn-policies 237 +-- import-policy? string 238 +-- export-policy? string 239 grouping route-distinguisher 240 ... 241 grouping vpn-components-group 242 +-- groups 243 +-- group* [group-id] 244 +-- group-id? string 245 grouping placement-constraints 246 +-- constraint* [constraint-type] 247 +-- constraint-type? identityref 248 +-- target 249 +-- (target-flavor)? 250 +--:(id) 251 | +-- group* [group-id] 252 | +-- group-id? string 253 +--:(all-accesses) 254 | +-- all-other-accesses? empty 255 +--:(all-groups) 256 +-- all-other-groups? empty 257 grouping ports 258 ... 259 grouping qos-classification-policy 260 ... 262 Figure 1: VPN Common Tree 264 The description of the common groupings is provided below: 266 'vpn-description': 268 A YANG grouping that provides common administrative VPN 269 information such as an identifier, a name, a textual 270 description, and a customer name. 272 'vpn-profile-cfg': 274 A YANG grouping that defines a set of valid profiles 275 (encryption, routing, forwarding, etc.) that can be bound to a 276 Layer 2/3 VPN. This document does not make any assumption 277 about the structure of such profiles, but allows "gluing" a VPN 278 service with other parameters that can be required locally to 279 provide added value features to requesting customers. 281 For example, a service provider may provide an external 282 connectivity to a VPN customer (e.g., to a private or public 283 cloud, Internet). Such service may involve tweaking both 284 filtering and NAT rules (e.g., bind a Virtual Routing and 285 Forwarding (VRF) interface with a NAT instance as discussed in 286 Section 2.10 of [RFC8512]). These added value features may be 287 bound to all or a subset of network accesses. Some of these 288 added value features may be implemented in nodes other than PEs 289 (e.g., a P node or even a dedicated node that hosts the NAT 290 function). 292 It is out of the scope of this document to elaborate the 293 structure of these profiles. 295 'oper-status-timestamp': 297 A YANG grouping that defines the operational status updates of 298 a VPN service or component. 300 'service-status': 302 A YANG grouping that defines the administrative and operational 303 status of a component. The grouping can be applied to the 304 whole service or an endpoint. 306 'underlay-transport': 308 A YANG grouping that defines the type of the underlay transport 309 for a VPN service. 311 The underlay transport can be expressed as an abstract 312 transport instance (e.g., an identifier of a VPN+ instance 313 [I-D.ietf-teas-enhanced-vpn], a virtual network identifier 314 [I-D.ietf-teas-actn-vn-yang][RFC8453], or a network slice name 315 [I-D.ietf-teas-ietf-network-slice-framework]) or as an ordered 316 list of the actual protocols to be enabled in the network. 318 The module supports a rich set of protocol identifiers that can 319 be used, e.g., to refer to an underlay transport. Examples of 320 supported protocols are: 322 + IP-in-IP [RFC2003][RFC2473], 324 + GRE [RFC1701][RFC1702][RFC7676], 326 + MPLS-in-UDP [RFC7510], 328 + Generic Network Virtualization Encapsulation (GENEVE) 329 [RFC8926], 331 + Segment Routing (SR) [RFC8660][RFC8663][RFC8754], 333 + Resource ReSerVation Protocol (RSVP) with traffic 334 engineering extensions [RFC3209], and 336 + BGP with labeled prefixes [RFC8277]. 338 'vpn-route-targets': 340 A YANG grouping that defines Route Target (RT) import/export 341 rules used in a BGP-enabled VPN (e.g., [RFC4364][RFC4664]). 342 Note that this is modelled as a list to ease the reuse of this 343 grouping in modules where a pointer is needed (e.g., associate 344 an operator with RTs). 346 'route-distinguisher': 348 A YANG grouping that defines Route Distinguishers (RDs). 350 As depicted in Figure 2, the module supports these RD 351 assignment modes: direct assignment, automatic assignment from 352 a given pool, automatic assignment, and no assignment. 354 Also, the module accommodates deployments where only the 355 Assigned Number subfield of RDs (Section 4.2 of [RFC4364]) is 356 assigned from a pool while the Administrator subfield is set 357 to, e.g., the router-id that is assigned to a VPN node. The 358 module supports these modes for managing the Assigned Number 359 subfield: explicit assignment, auto-assignment from a pool, and 360 full auto-assignment. 362 grouping route-distinguisher 363 +-- (rd-choice)? 364 +--:(directly-assigned) 365 | +-- rd? rt-types:route-distinguisher 366 +--:(directly-assigned-suffix) 367 | +-- rd-suffix? uint16 368 +--:(auto-assigned) 369 | +-- rd-auto 370 | +-- (auto-mode)? 371 | | +--:(from-pool) 372 | | | +-- rd-pool-name? string 373 | | +--:(full-auto) 374 | | +-- auto? empty 375 | +--ro auto-assigned-rd? rt-types:route-distinguisher 376 +--:(auto-assigned-suffix) 377 | +-- rd-auto-suffix 378 | +-- (auto-mode)? 379 | | +--:(from-pool) 380 | | | +-- rd-pool-name? string 381 | | +--:(full-auto) 382 | | +-- auto? empty 383 | +--ro auto-assigned-rd-suffix? uint16 384 +--:(no-rd) 385 +-- no-rd? empty 387 Figure 2: Route Distinguisher Grouping Subtree 389 'vpn-components-group': 391 A YANG grouping that is used to group VPN nodes, VPN network 392 accesses, or sites. For example, diversity or redundancy 393 constraints can be applied on a per-group basis. 395 'placement-constraints': 397 A YANG grouping that is used to define the placement 398 constraints of a VPN node, VPN network access, or site. 400 'ports': 402 A YANG grouping that defines ranges of source and destination 403 port numbers and operators. The subtree of this grouping is 404 depicted in Figure 3. 406 grouping ports 407 +-- (source-port)? 408 | +--:(source-port-range-or-operator) 409 | +-- source-port-range-or-operator 410 | +-- (port-range-or-operator)? 411 | +--:(range) 412 | | +-- lower-port inet:port-number 413 | | +-- upper-port inet:port-number 414 | +--:(operator) 415 | +-- operator? operator 416 | +-- port inet:port-number 417 +-- (destination-port)? 418 +--:(destination-port-range-or-operator) 419 +-- destination-port-range-or-operator 420 +-- (port-range-or-operator)? 421 +--:(range) 422 | +-- lower-port inet:port-number 423 | +-- upper-port inet:port-number 424 +--:(operator) 425 +-- operator? operator 426 +-- port inet:port-number 428 Figure 3: Port Numbers Grouping Subtree 430 'qos-classification-policy': 432 A YANG grouping that defines a set of QoS classification 433 policies based on various match Layer 3/4 and application 434 criteria. The subtree of this grouping is depicted in 435 Figure 4. 437 Any layer 4 protocol can be indicated in the 'protocol' data 438 node under 'l3', but only TCP and UDP specific match criteria 439 are elaborated in this version as these protocols are widely 440 used in the context of VPN services. Augmentations can be 441 considered in the future to add other Layer 4 specific data 442 nodes (e.g., Stream Control Transmission Protocol [RFC4960]), 443 if needed. 445 grouping qos-classification-policy 446 +-- rule* [id] 447 +-- id? string 448 +-- (match-type)? 449 | +--:(match-flow) 450 | | +-- (l3)? 451 | | | +--:(ipv4) 452 | | | | +-- ipv4 453 | | | | +-- dscp? inet:dscp 454 | | | | +-- ecn? uint8 455 | | | | +-- length? uint16 456 | | | | +-- ttl? uint8 457 | | | | +-- protocol? uint8 458 | | | | +-- ihl? uint8 459 | | | | +-- flags? bits 460 | | | | +-- offset? uint16 461 | | | | +-- identification? uint16 462 | | | | +-- (destination-network)? 463 | | | | | +--:(destination-ipv4-network) 464 | | | | | +-- destination-ipv4-network? 465 | | | | | inet:ipv4-prefix 466 | | | | +-- (source-network)? 467 | | | | +--:(source-ipv4-network) 468 | | | | +-- source-ipv4-network? 469 | | | | inet:ipv4-prefix 470 | | | +--:(ipv6) 471 | | | +-- ipv6 472 | | | +-- dscp? inet:dscp 473 | | | +-- ecn? uint8 474 | | | +-- length? uint16 475 | | | +-- ttl? uint8 476 | | | +-- protocol? uint8 477 | | | +-- (destination-network)? 478 | | | | +--:(destination-ipv6-network) 479 | | | | +-- destination-ipv6-network? 480 | | | | inet:ipv6-prefix 481 | | | +-- (source-network)? 482 | | | | +--:(source-ipv6-network) 483 | | | | +-- source-ipv6-network? 484 | | | | inet:ipv6-prefix 485 | | | +-- flow-label? 486 | | | inet:ipv6-flow-label 487 | | +-- (l4)? 488 | | +--:(tcp) 489 | | | +-- tcp 490 | | | +-- sequence-number? uint32 491 | | | +-- acknowledgement-number? uint32 492 | | | +-- data-offset? uint8 493 | | | +-- reserved? uint8 494 | | | +-- flags? bits 495 | | | +-- window-size? uint16 496 | | | +-- urgent-pointer? uint16 497 | | | +-- options? binary 498 | | | +-- (source-port)? 499 | | | | +--:(source-port-range-or-operator) 500 | | | | +-- source-port-range-or-operator 501 | | | | +-- (port-range-or-operator)? 502 | | | | +--:(range) 503 | | | | | +-- lower-port 504 | | | | | | inet:port-number 505 | | | | | +-- upper-port 506 | | | | | inet:port-number 507 | | | | +--:(operator) 508 | | | | +-- operator? operator 509 | | | | +-- port 510 | | | | inet:port-number 511 | | | +-- (destination-port)? 512 | | | +--:(destination-port-range-or-operator) 513 | | | +-- destination-port-range-or-operator 514 | | | +-- (port-range-or-operator)? 515 | | | +--:(range) 516 | | | | +-- lower-port 517 | | | | | inet:port-number 518 | | | | +-- upper-port 519 | | | | inet:port-number 520 | | | +--:(operator) 521 | | | +-- operator? operator 522 | | | +-- port 523 | | | inet:port-number 524 | | +--:(udp) 525 | | +-- udp 526 | | +-- length? uint16 527 | | +-- (source-port)? 528 | | | +--:(source-port-range-or-operator) 529 | | | +-- source-port-range-or-operator 530 | | | +-- (port-range-or-operator)? 531 | | | +--:(range) 532 | | | | +-- lower-port 533 | | | | | inet:port-number 534 | | | | +-- upper-port 535 | | | | inet:port-number 536 | | | +--:(operator) 537 | | | +-- operator? operator 538 | | | +-- port 539 | | | inet:port-number 540 | | +-- (destination-port)? 541 | | +--:(destination-port-range-or-operator) 542 | | +-- destination-port-range-or-operator 543 | | +-- (port-range-or-operator)? 544 | | +--:(range) 545 | | | +-- lower-port 546 | | | | inet:port-number 547 | | | +-- upper-port 548 | | | inet:port-number 549 | | +--:(operator) 550 | | +-- operator? operator 551 | | +-- port 552 | | inet:port-number 553 | +--:(match-application) 554 | +-- match-application? identityref 555 +-- target-class-id? string {qos}? 557 Figure 4: QoS Classification Subtree 559 4. Layer 2/3 VPN Common Module 561 This module uses types defined in [RFC6991], [RFC8294], and 562 [RFC8519]. It also uses the extension defined in [RFC8341]. 564 file "ietf-vpn-common@2021-07-12.yang" 565 module ietf-vpn-common { 566 yang-version 1.1; 567 namespace "urn:ietf:params:xml:ns:yang:ietf-vpn-common"; 568 prefix vpn-common; 570 import ietf-netconf-acm { 571 prefix nacm; 572 reference 573 "RFC 8341: Network Configuration Access Control Model"; 574 } 575 import ietf-routing-types { 576 prefix rt-types; 577 reference 578 "RFC 8294: Common YANG Data Types for the Routing Area"; 579 } 580 import ietf-yang-types { 581 prefix yang; 582 reference 583 "RFC 6991: Common YANG Data Types, Section 3"; 584 } 585 import ietf-packet-fields { 586 prefix packet-fields; 587 reference 588 "RFC 8519: YANG Data Model for Network Access 589 Control Lists (ACLs)"; 590 } 592 organization 593 "IETF OPSAWG (Operations and Management Area Working Group)"; 594 contact 595 "WG Web: 596 WG List: 597 Editor: Mohamed Boucadair 598 599 Author: Samier Barguil 600 601 Author: Oscar Gonzalez de Dios 602 603 Author: Qin Wu 604 "; 605 description 606 "This YANG module defines a common module that is meant 607 to be reused by various VPN-related modules (e.g., 608 Layer 3 VPN Service Model (L3SM), Layer 2 VPN Service 609 Model (L2SM), Layer 3 VPN Network Model (L3NM), Layer 2 610 VPN Network Model (L2NM)). 612 Copyright (c) 2021 IETF Trust and the persons identified as 613 authors of the code. All rights reserved. 615 Redistribution and use in source and binary forms, with or 616 without modification, is permitted pursuant to, and subject 617 to the license terms contained in, the Simplified BSD License 618 set forth in Section 4.c of the IETF Trust's Legal Provisions 619 Relating to IETF Documents 620 (http://trustee.ietf.org/license-info). 622 This version of this YANG module is part of RFC XXXX; see 623 the RFC itself for full legal notices."; 625 revision 2021-07-12 { 626 description 627 "Initial revision."; 628 reference 629 "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 630 } 632 /******** Collection of VPN-related Features ********/ 633 /* 634 * Features related to encapsulation schemes 635 */ 637 feature dot1q { 638 description 639 "Indicates the support for the Dot1q encapsulation."; 640 reference 641 "IEEE Std 802.1Q: Bridges and Bridged Networks"; 642 } 644 feature qinq { 645 description 646 "Indicates the support for the QinQ encapsulation."; 647 reference 648 "IEEE Std 802.1ad: Provider Bridges"; 649 } 651 feature vxlan { 652 description 653 "Indicates the support for the Virtual eXtensible 654 Local Area Network (VXLAN) encapsulation."; 655 reference 656 "RFC 7348: Virtual eXtensible Local Area Network (VXLAN): 657 A Framework for Overlaying Virtualized Layer 2 658 Networks over Layer 3 Networks"; 659 } 661 feature qinany { 662 description 663 "Indicates the support for the QinAny encapsulation. 664 The outer outer VLAN tag is set to a specific value but 665 the inner VLAN tag is set to any."; 666 } 668 feature lag-interface { 669 description 670 "Indicates the support for Link Aggregation Group (LAG) 671 between VPN network accesses."; 672 reference 673 "IEEE Std. 802.1AX: Link Aggregation"; 674 } 676 /* 677 * Features related to multicast 678 */ 680 feature multicast { 681 description 682 "Indicates multicast capabilities support in a VPN."; 683 reference 684 "RFC 6513: Multicast in MPLS/BGP IP VPNs"; 685 } 687 feature igmp { 688 description 689 "Indicates support for Internet Group Management Protocol 690 (IGMP)."; 691 reference 692 "RFC 1112: Host Extensions for IP Multicasting 693 RFC 2236: Internet Group Management Protocol, Version 2 694 RFC 3376: Internet Group Management Protocol, Version 3"; 695 } 697 feature mld { 698 description 699 "Indicates support for Multicast Listener Discovery (MLD)."; 700 reference 701 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6 702 RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) 703 for IPv6"; 704 } 706 feature pim { 707 description 708 "Indicates support for Protocol Independent Multicast (PIM)."; 709 reference 710 "RFC 7761: Protocol Independent Multicast - Sparse Mode 711 (PIM-SM): Protocol Specification (Revised)"; 712 } 714 /* 715 * Features related to address family types 716 */ 718 feature ipv4 { 719 description 720 "Indicates IPv4 support in a VPN. That is, IPv4 traffic 721 can be carried in the VPN, IPv4 addresses/prefixes can 722 be assigned to a VPN network access, IPv4 routes can be 723 installed for the CE/PE link, etc."; 724 reference 725 "RFC 791: Internet Protocol"; 726 } 728 feature ipv6 { 729 description 730 "Indicates IPv6 support in a VPN. That is, IPv6 traffic 731 can be carried in the VPN, IPv6 addresses/prefixes can 732 be assigned to a VPN network access, IPv6 routes can be 733 installed for the CE/PE link, etc."; 734 reference 735 "RFC 8200: Internet Protocol, Version 6 (IPv6)"; 736 } 738 /* 739 * Features related to routing protocols 740 */ 742 feature rtg-ospf { 743 description 744 "Indicates support for the OSPF as the Provider Edge (PE)/ 745 Customer Edge (CE) routing protocol."; 746 reference 747 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 748 for BGP/MPLS IP Virtual Private Networks (VPNs) 749 RFC 6565: OSPFv3 as a Provider Edge to Customer Edge 750 (PE-CE) Routing Protocol"; 751 } 753 feature rtg-ospf-sham-link { 754 description 755 "Indicates support for OSPF sham links."; 756 reference 757 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 758 for BGP/MPLS IP Virtual Private Networks (VPNs), 759 Section 4.2.7 760 RFC 6565: OSPFv3 as a Provider Edge to Customer Edge 761 (PE-CE) Routing Protocol, Section 5"; 762 } 764 feature rtg-bgp { 765 description 766 "Indicates support for BGP as the PE/CE routing protocol."; 767 reference 768 "RFC 4271: A Border Gateway Protocol 4 (BGP-4)"; 769 } 771 feature rtg-rip { 772 description 773 "Indicates support for RIP as the PE/CE routing protocol."; 774 reference 775 "RFC 2453: RIP Version 2 776 RFC 2080: RIPng for IPv6"; 777 } 779 feature rtg-isis { 780 description 781 "Indicates support for IS-IS as the PE/CE routing protocol."; 782 reference 783 "ISO10589: Intermediate System to Intermediate System intra- 784 domain routeing information exchange protocol for 785 use in conjunction with the protocol for providing 786 the connectionless-mode network service 787 (ISO 8473)"; 788 } 789 feature rtg-vrrp { 790 description 791 "Indicates support for the Virtual Router Redundancy 792 Protocol (VRRP) in CE/PE link."; 793 reference 794 "RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3 795 for IPv4 and IPv6"; 796 } 798 feature bfd { 799 description 800 "Indicates support for Bidirectional Forwarding Detection (BFD) 801 between the CE and the PE."; 802 reference 803 "RFC 5880: Bidirectional Forwarding Detection (BFD)"; 804 } 806 /* 807 * Features related to VPN service constraints 808 */ 810 feature bearer-reference { 811 description 812 "Indicates support for the bearer reference access constraint. 813 That is, the reuse of a network connection that was already 814 ordered to the service provider apart from the IP VPN site."; 815 } 817 feature placement-diversity { 818 description 819 "Indicates support for placement diversity constraints in the 820 customer premises. An example of these constraints may be to 821 avoid connecting a site network access to the same Provider 822 Edge as a target site network access."; 823 } 825 /* 826 * Features related to bandwidth and Quality of Service (QoS) 827 */ 829 feature qos { 830 description 831 "Indicates support for Classes of Service (CoSes) in the VPN."; 832 } 834 feature inbound-bw { 835 description 836 "Indicates support for the inbound bandwidth in a VPN. That is, 837 support for specifying the download bandwidth from the service 838 provider network to the VPN site. Note that the L3SM uses 839 'input' to identify the same feature. That terminology should 840 be deprecated in favor of the one defines in this module."; 841 } 843 feature outbound-bw { 844 description 845 "Indicates support for the outbound bandwidth in a VPN. That is, 846 support for specifying the upload bandwidth from the VPN site 847 to the service provider network. Note that the L3SM uses 848 'output' to identify the same feature. That terminology should 849 be deprecated in favor of the one defines in this module."; 850 } 852 /* 853 * Features related to security and resilience 854 */ 856 feature encryption { 857 description 858 "Indicates support for encryption in the VPN."; 859 } 861 feature fast-reroute { 862 description 863 "Indicates support for Fast Reroute (FRR) capabilities for 864 a VPN site."; 865 } 867 /* 868 * Features related to advanced VPN options 869 */ 871 feature external-connectivity { 872 description 873 "Indicates support for the VPN to provide external 874 connectivity (e.g., Internet, private or public cloud)."; 875 reference 876 "RFC 4364: BGP/MPLS IP Virtual Private Networks 877 (VPNs), Section 11"; 878 } 880 feature extranet-vpn { 881 description 882 "Indicates support for extranet VPNs. That is, the capability of 883 a VPN to access a list of other VPNs."; 884 reference 885 "RFC 4364: BGP/MPLS IP Virtual Private Networks 886 (VPNs), Section 1.1"; 887 } 889 feature carriers-carrier { 890 description 891 "Indicates support for Carrier-of-Carrier VPNs."; 892 reference 893 "RFC 4364: BGP/MPLS IP Virtual Private Networks 894 (VPNs), Section 9"; 895 } 897 /* 898 * Address family related identities 899 */ 901 identity address-family { 902 description 903 "Defines a type for the address family."; 904 } 906 identity ipv4 { 907 base address-family; 908 description 909 "Identity for IPv4 address family."; 910 } 912 identity ipv6 { 913 base address-family; 914 description 915 "Identity for IPv6 address family."; 916 } 918 identity dual-stack { 919 base address-family; 920 description 921 "Identity for IPv4 and IPv6 address family."; 922 } 924 /* 925 * Identities related to VPN topology 926 */ 928 identity vpn-topology { 929 description 930 "Base identity of the VPN topology."; 931 } 932 identity any-to-any { 933 base vpn-topology; 934 description 935 "Identity for any-to-any VPN topology. All VPN sites 936 can communicate with each other without any restrictions."; 937 } 939 identity hub-spoke { 940 base vpn-topology; 941 description 942 "Identity for Hub-and-Spoke VPN topology. All Spokes can 943 communicate only with Hubs but not with each other. Hubs 944 can communicate with each other."; 945 } 947 identity hub-spoke-disjoint { 948 base vpn-topology; 949 description 950 "Identity for Hub-and-Spoke VPN topology where Hubs cannot 951 communicate with each other."; 952 } 954 identity custom { 955 base vpn-topology; 956 description 957 "Identity for custom VPN topologies where the role of the nodes 958 is not strictly Hub or Spoke. The VPN topology is controlled by 959 the import/export policies. The custom topology reflects more 960 complex VPN nodes such as VPN node that acts as Hub for certain 961 nodes and Spoke to others."; 962 } 964 /* 965 * Identities related to network access types 966 */ 968 identity site-network-access-type { 969 description 970 "Base identity for site network access type."; 971 } 973 identity point-to-point { 974 base site-network-access-type; 975 description 976 "Point-to-point access type."; 977 } 979 identity multipoint { 980 base site-network-access-type; 981 description 982 "Multipoint access type."; 983 } 985 identity irb { 986 base site-network-access-type; 987 description 988 "Integrated Routing Bridge (IRB). 989 Identity for pseudowire connections."; 990 } 992 identity loopback { 993 base site-network-access-type; 994 description 995 "Loopback access type."; 996 } 998 /* 999 * Identities related to operational and administrative status 1000 */ 1002 identity operational-status { 1003 description 1004 "Base identity for the operational status."; 1005 } 1007 identity op-up { 1008 base operational-status; 1009 description 1010 "Operational status is Up/Enabled."; 1011 } 1013 identity op-down { 1014 base operational-status; 1015 description 1016 "Operational status is Down/Disabled."; 1017 } 1019 identity op-unknown { 1020 base operational-status; 1021 description 1022 "Operational status is Unknown."; 1023 } 1025 identity administrative-status { 1026 description 1027 "Base identity for administrative status."; 1029 } 1031 identity admin-up { 1032 base administrative-status; 1033 description 1034 "Administrative status is Up/Enabled."; 1035 } 1037 identity admin-down { 1038 base administrative-status; 1039 description 1040 "Administrative status is Down/Disabled."; 1041 } 1043 identity admin-testing { 1044 base administrative-status; 1045 description 1046 "Administrative status is up for testing purposes."; 1047 } 1049 identity admin-pre-deployment { 1050 base administrative-status; 1051 description 1052 "Administrative status is pre-deployment phase. That is, 1053 prior to the actual deployment of a service."; 1054 } 1056 /* 1057 * Identities related to site or node role 1058 */ 1060 identity role { 1061 description 1062 "Base identity of a site or a node role."; 1063 } 1065 identity any-to-any-role { 1066 base role; 1067 description 1068 "Any-to-any role."; 1069 } 1071 identity spoke-role { 1072 base role; 1073 description 1074 "A node or a site is acting as a Spoke."; 1075 } 1076 identity hub-role { 1077 base role; 1078 description 1079 "A node or a site is acting as a Hub."; 1080 } 1082 identity custom-role { 1083 base role; 1084 description 1085 "VPN node with custom or complex role in the VPN. For some 1086 sources/destinations it can behave as a Hub, but for others it 1087 can act as a Spoke depending on the configured policy."; 1088 } 1090 /* 1091 * Identities related to VPN service constraints 1092 */ 1094 identity placement-diversity { 1095 description 1096 "Base identity for access placement constraints."; 1097 } 1099 identity bearer-diverse { 1100 base placement-diversity; 1101 description 1102 "Bearer diversity. 1104 The bearers should not use common elements."; 1105 } 1107 identity pe-diverse { 1108 base placement-diversity; 1109 description 1110 "PE diversity."; 1111 } 1113 identity pop-diverse { 1114 base placement-diversity; 1115 description 1116 "Point Of Presence (POP) diversity."; 1117 } 1119 identity linecard-diverse { 1120 base placement-diversity; 1121 description 1122 "Linecard diversity."; 1123 } 1124 identity same-pe { 1125 base placement-diversity; 1126 description 1127 "Having sites connected on the same PE."; 1128 } 1130 identity same-bearer { 1131 base placement-diversity; 1132 description 1133 "Having sites connected using the same bearer."; 1134 } 1136 /* 1137 * Identities related to service types 1138 */ 1140 identity service-type { 1141 description 1142 "Base identity for service type."; 1143 } 1145 identity l3vpn { 1146 base service-type; 1147 description 1148 "L3VPN service."; 1149 reference 1150 "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)"; 1151 } 1153 identity vpls { 1154 base service-type; 1155 description 1156 "VPLS service."; 1157 reference 1158 "RFC 4761: Virtual Private LAN Service (VPLS) Using BGP for 1159 Auto-Discovery and Signaling 1160 RFC 4762: Virtual Private LAN Service (VPLS) Using Label 1161 Distribution Protocol (LDP) Signaling"; 1162 } 1164 identity vpws { 1165 base service-type; 1166 description 1167 "Virtual Private Wire Service (VPWS) service."; 1168 reference 1169 "RFC 4664: Framework for Layer 2 Virtual Private Networks 1170 (L2VPNs), Section 3.1.1"; 1171 } 1172 identity vpws-evpn { 1173 base service-type; 1174 description 1175 "EVPN used to support VPWS service."; 1176 reference 1177 "RFC 8214: Virtual Private Wire Service Support in Ethernet VPN"; 1178 } 1180 identity pbb-evpn { 1181 base service-type; 1182 description 1183 "Provider Backbone Bridging (PBB) EVPNs service."; 1184 reference 1185 "RFC 7623: Provider Backbone Bridging Combined with Ethernet VPN 1186 (PBB-EVPN)"; 1187 } 1189 identity mpls-evpn { 1190 base service-type; 1191 description 1192 "MPLS-based EVPN service."; 1193 reference 1194 "RFC 7432: BGP MPLS-Based Ethernet VPN"; 1195 } 1197 identity vxlan-evpn { 1198 base service-type; 1199 description 1200 "VXLAN-based EVPN service."; 1201 reference 1202 "RFC 8365: A Network Virtualization Overlay Solution Using 1203 Ethernet VPN (EVPN)"; 1204 } 1206 /* 1207 * Identities related to VPN signaling type 1208 */ 1210 identity vpn-signaling-type { 1211 description 1212 "Base identity for VPN signaling types"; 1213 } 1215 identity bgp-signaling { 1216 base vpn-signaling-type; 1217 description 1218 "Layer 2 VPNs using BGP signaling."; 1219 reference 1220 "RFC 6624: Layer 2 Virtual Private Networks Using BGP for 1221 Auto-Discovery and Signaling 1222 RFC 7432: BGP MPLS-Based Ethernet VPN"; 1223 } 1225 identity ldp-signaling { 1226 base vpn-signaling-type; 1227 description 1228 "Targeted Label Distribution Protocol (LDP) signaling."; 1229 reference 1230 "RFC 5036: LDP Specification"; 1231 } 1233 identity l2tp-signaling { 1234 base vpn-signaling-type; 1235 description 1236 "Layer Two Tunneling Protocol (L2TP) signaling."; 1237 reference 1238 "RFC 3931: Layer Two Tunneling Protocol - Version 3 (L2TPv3)"; 1239 } 1241 /* 1242 * Identities related to routing protocols 1243 */ 1245 identity routing-protocol-type { 1246 description 1247 "Base identity for routing protocol type."; 1248 } 1250 identity static-routing { 1251 base routing-protocol-type; 1252 description 1253 "Static routing protocol."; 1254 } 1256 identity bgp-routing { 1257 if-feature "rtg-bgp"; 1258 base routing-protocol-type; 1259 description 1260 "BGP routing protocol."; 1261 reference 1262 "RFC 4271: A Border Gateway Protocol 4 (BGP-4)"; 1263 } 1265 identity ospf-routing { 1266 if-feature "rtg-ospf"; 1267 base routing-protocol-type; 1268 description 1269 "OSPF routing protocol."; 1270 reference 1271 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 1272 for BGP/MPLS IP Virtual Private Networks(VPNs) 1273 RFC 6565: OSPFv3 as a Provider Edge to Customer Edge 1274 (PE-CE) Routing Protocol"; 1275 } 1277 identity rip-routing { 1278 if-feature "rtg-rip"; 1279 base routing-protocol-type; 1280 description 1281 "RIP routing protocol."; 1282 reference 1283 "RFC 2453: RIP Version 2 1284 RFC 2080: RIPng for IPv6"; 1285 } 1287 identity isis-routing { 1288 if-feature "rtg-isis"; 1289 base routing-protocol-type; 1290 description 1291 "IS-IS routing protocol."; 1292 reference 1293 "ISO10589: Intermediate System to Intermediate System intra- 1294 domain routeing information exchange protocol for 1295 use in conjunction with the protocol for providing 1296 the connectionless-mode network service 1297 (ISO 8473)"; 1298 } 1300 identity vrrp-routing { 1301 if-feature "rtg-vrrp"; 1302 base routing-protocol-type; 1303 description 1304 "VRRP protocol. 1306 This is to be used when LANs are directly connected to PEs."; 1307 reference 1308 "RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3 1309 for IPv4 and IPv6"; 1310 } 1312 identity direct-routing { 1313 base routing-protocol-type; 1314 description 1315 "Direct routing. 1317 This is to be used when LANs are directly connected to PEs 1318 and must be advertised in the VPN."; 1319 } 1321 identity any-routing { 1322 base routing-protocol-type; 1323 description 1324 "Any routing protocol. 1326 This can be, e.g., used to set policies that apply to any 1327 routing protocol in place."; 1328 } 1330 identity isis-level { 1331 if-feature "rtg-isis"; 1332 description 1333 "Base identity for the IS-IS level."; 1334 reference 1335 "ISO10589: Intermediate System to Intermediate System intra- 1336 domain routeing information exchange protocol for 1337 use in conjunction with the protocol for providing 1338 the connectionless-mode network service 1339 (ISO 8473)"; 1340 } 1342 identity level-1 { 1343 base isis-level; 1344 description 1345 "IS-IS level 1."; 1346 } 1348 identity level-2 { 1349 base isis-level; 1350 description 1351 "IS-IS level 2."; 1352 } 1354 identity level-1-2 { 1355 base isis-level; 1356 description 1357 "IS-IS levels 1 and 2."; 1358 } 1360 /* 1361 * Identities related to Routes Import and Export 1362 */ 1364 identity ie-type { 1365 description 1366 "Base identity for 'import/export' routing profiles. 1367 These profiles can be reused between VPN nodes."; 1368 } 1370 identity import { 1371 base ie-type; 1372 description 1373 "'Import' routing profile."; 1374 reference 1375 "RFC 4364: BGP/MPLS IP Virtual Private Networks 1376 (VPNs), Section 4.3.1"; 1377 } 1379 identity export { 1380 base ie-type; 1381 description 1382 "'Export' routing profile."; 1383 reference 1384 "RFC 4364: BGP/MPLS IP Virtual Private Networks 1385 (VPNs), Section 4.3.1"; 1386 } 1388 identity import-export { 1389 base ie-type; 1390 description 1391 "'Import/export' routing profile."; 1392 } 1394 /* 1395 * Identities related to bandwidth and QoS 1396 */ 1398 identity bw-direction { 1399 description 1400 "Base identity for the bandwidth direction."; 1401 } 1403 identity inbound-bw { 1404 if-feature "inbound-bw"; 1405 base bw-direction; 1406 description 1407 "Inbound bandwidth."; 1408 } 1410 identity outbound-bw { 1411 if-feature "outbound-bw"; 1412 base bw-direction; 1413 description 1414 "Outbound bandwidth."; 1415 } 1417 identity bw-type { 1418 description 1419 "Base identity for the bandwidth type."; 1420 } 1422 identity bw-per-cos { 1423 if-feature "qos"; 1424 base bw-type; 1425 description 1426 "The bandwidth is per-CoS."; 1427 } 1429 identity bw-per-port { 1430 base bw-type; 1431 description 1432 "The bandwidth is per-site network access."; 1433 } 1435 identity bw-per-site { 1436 base bw-type; 1437 description 1438 "The bandwidth is per-site. It is applicable to all the site 1439 network accesses within a site."; 1440 } 1442 identity bw-per-service { 1443 base bw-type; 1444 description 1445 "The bandwidth is per-VPN service."; 1446 } 1448 identity qos-profile-direction { 1449 if-feature "qos"; 1450 description 1451 "Base identity for the QoS profile direction."; 1452 } 1454 identity site-to-wan { 1455 base qos-profile-direction; 1456 description 1457 "Customer site to provider's network direction. 1458 This is typically the CE-to-PE direction."; 1459 } 1460 identity wan-to-site { 1461 base qos-profile-direction; 1462 description 1463 "Provider's network to customer site direction. 1464 This is typically the PE-to-CE direction."; 1465 } 1467 identity both { 1468 base qos-profile-direction; 1469 description 1470 "Both WAN-to-Site and Site-to-WAN directions."; 1471 } 1473 /* 1474 * Identities related to underlay transport instances 1475 */ 1477 identity transport-instance-type { 1478 description 1479 "Base identity for underlay transport instance type."; 1480 } 1482 identity virtual-network { 1483 base transport-instance-type; 1484 description 1485 "Virtual network."; 1486 reference 1487 "RFC 8453: Framework for Abstraction and Control of TE 1488 Networks (ACTN)"; 1489 } 1491 identity enhanced-vpn { 1492 base transport-instance-type; 1493 description 1494 "Enhanced VPN (VPN+). VPN+ is an approach that is 1495 based on existing VPN and Traffic Engineering (TE) 1496 technologies but adds characteristics that specific 1497 services require over and above traditional VPNs."; 1498 reference 1499 "I-D.ietf-teas-enhanced-vpn: 1500 A Framework for Enhanced Virtual Private Network 1501 (VPN+) Services"; 1502 } 1504 identity ietf-network-slice { 1505 base transport-instance-type; 1506 description 1507 "IETF network slice. An IETF network slice 1508 is a logical network topology connecting a number of 1509 endpoints using a set of shared or dedicated network 1510 resources that are used to satisfy specific service 1511 objectives."; 1512 reference 1513 "I-D.ietf-teas-ietf-network-slice-framework: 1514 Framework for IETF Network Slices"; 1515 } 1517 /* 1518 * Identities related to protocol types. These types are typically 1519 * used to identify the underlay transport. 1520 */ 1522 identity protocol-type { 1523 description 1524 "Base identity for Protocol Type."; 1525 } 1527 identity ip-in-ip { 1528 base protocol-type; 1529 description 1530 "Transport is based on IP-in-IP."; 1531 reference 1532 "RFC 2003: IP Encapsulation within IP 1533 RFC 2473: Generic Packet Tunneling in IPv6 Specification"; 1534 } 1536 identity ip-in-ipv4 { 1537 base ip-in-ip; 1538 description 1539 "Transport is based on IP over IPv4."; 1540 reference 1541 "RFC 2003: IP Encapsulation within IP"; 1542 } 1544 identity ip-in-ipv6 { 1545 base ip-in-ip; 1546 description 1547 "Transport is based on IP over IPv6."; 1548 reference 1549 "RFC 2473: Generic Packet Tunneling in IPv6 Specification"; 1550 } 1552 identity gre { 1553 base protocol-type; 1554 description 1555 "Transport is based on Generic Routing Encapsulation (GRE)."; 1557 reference 1558 "RFC 1701: Generic Routing Encapsulation (GRE) 1559 RFC 1702: Generic Routing Encapsulation over IPv4 networks 1560 RFC 7676: IPv6 Support for Generic Routing Encapsulation (GRE)"; 1561 } 1563 identity gre-v4 { 1564 base gre; 1565 description 1566 "Transport is based on GRE over IPv4."; 1567 reference 1568 "RFC 1702: Generic Routing Encapsulation over IPv4 networks"; 1569 } 1571 identity gre-v6 { 1572 base gre; 1573 description 1574 "Transport is based on GRE over IPv6."; 1575 reference 1576 "RFC 7676: IPv6 Support for Generic Routing Encapsulation (GRE)"; 1577 } 1579 identity vxlan-trans { 1580 base protocol-type; 1581 description 1582 "Transport is based on VXLAN."; 1583 reference 1584 "RFC 7348: Virtual eXtensible Local Area Network (VXLAN): 1585 A Framework for Overlaying Virtualized Layer 2 1586 Networks over Layer 3 Networks"; 1587 } 1589 identity geneve { 1590 base protocol-type; 1591 description 1592 "Transport is based on Generic Network Virtualization 1593 Encapsulation (GENEVE)."; 1594 reference 1595 "RFC 8926: Geneve: Generic Network Virtualization Encapsulation"; 1596 } 1598 identity ldp { 1599 base protocol-type; 1600 description 1601 "Transport is based on LDP."; 1602 reference 1603 "RFC 5036: LDP Specification"; 1604 } 1605 identity mpls-in-udp { 1606 base protocol-type; 1607 description 1608 "Transport is MPLS in UDP."; 1609 reference 1610 "RFC 7510: Encapsulating MPLS in UDP"; 1611 } 1613 identity sr { 1614 base protocol-type; 1615 description 1616 "Transport is based on Segment Routing (SR)."; 1617 reference 1618 "RFC 8660: Segment Routing with the MPLS Data Plane 1619 RFC 8663: MPLS Segment Routing over IP 1620 RFC 8754: IPv6 Segment Routing Header (SRH)"; 1621 } 1623 identity sr-mpls { 1624 base sr; 1625 description 1626 "Transport is based on SR with MPLS."; 1627 reference 1628 "RFC 8660: Segment Routing with the MPLS Data Plane"; 1629 } 1631 identity srv6 { 1632 base sr; 1633 description 1634 "Transport is based on SR over IPv6."; 1635 reference 1636 "RFC 8663: MPLS Segment Routing over IP 1637 RFC 8754: IPv6 Segment Routing Header (SRH)"; 1638 } 1640 identity rsvp-te { 1641 base protocol-type; 1642 description 1643 "Transport is based on RSVP-TE."; 1644 reference 1645 "RFC 3209: RSVP-TE: Extensions to RSVP for LSP Tunnels"; 1646 } 1648 identity bgp-lu { 1649 base protocol-type; 1650 description 1651 "Transport is based on BGP-LU."; 1652 reference 1653 "RFC 8277: Using BGP to Bind MPLS Labels to Address Prefixes"; 1654 } 1656 identity unknown { 1657 base protocol-type; 1658 description 1659 "Not known protocol type."; 1660 } 1662 /* 1663 * Identities related to encapsulations 1664 */ 1666 identity encapsulation-type { 1667 description 1668 "Base identity for the encapsulation type."; 1669 } 1671 identity priority-tagged { 1672 base encapsulation-type; 1673 description 1674 "Priority-tagged interface."; 1675 } 1677 identity dot1q { 1678 if-feature "dot1q"; 1679 base encapsulation-type; 1680 description 1681 "Dot1q encapsulation."; 1682 } 1684 identity qinq { 1685 if-feature "qinq"; 1686 base encapsulation-type; 1687 description 1688 "QinQ encapsulation."; 1689 } 1691 identity qinany { 1692 if-feature "qinany"; 1693 base encapsulation-type; 1694 description 1695 "QinAny encapsulation."; 1696 } 1698 identity vxlan { 1699 if-feature "vxlan"; 1700 base encapsulation-type; 1701 description 1702 "VxLAN encapsulation."; 1703 } 1705 identity ethernet-type { 1706 base encapsulation-type; 1707 description 1708 "Ethernet encapsulation type."; 1709 } 1711 identity vlan-type { 1712 base encapsulation-type; 1713 description 1714 "VLAN encapsulation."; 1715 } 1717 identity untagged-int { 1718 base encapsulation-type; 1719 description 1720 "Untagged interface type."; 1721 } 1723 identity tagged-int { 1724 base encapsulation-type; 1725 description 1726 "Tagged interface type."; 1727 } 1729 identity lag-int { 1730 if-feature "lag-interface"; 1731 base encapsulation-type; 1732 description 1733 "LAG interface type."; 1734 reference 1735 "IEEE Std. 802.1AX: Link Aggregation"; 1736 } 1738 /* 1739 * Identities related to VLAN Tag 1740 */ 1742 identity tag-type { 1743 description 1744 "Base identity for the tag types."; 1745 } 1747 identity c-vlan { 1748 base tag-type; 1749 description 1750 "Indicates Customer VLAN (C-VLAN) tag, normally using 1751 the 0x8100 Ethertype."; 1752 } 1754 identity s-vlan { 1755 base tag-type; 1756 description 1757 "Indicates Service VLAN (S-VLAN) tag."; 1758 } 1760 identity s-c-vlan { 1761 base tag-type; 1762 description 1763 "Uses both an S-VLAN tag and a C-VLAN tag."; 1764 } 1766 /* 1767 * Identities related to VXLAN 1768 */ 1770 identity vxlan-peer-mode { 1771 if-feature "vxlan"; 1772 description 1773 "Base identity for the VXLAN peer mode."; 1774 } 1776 identity static-mode { 1777 base vxlan-peer-mode; 1778 description 1779 "VXLAN access in the static mode."; 1780 } 1782 identity bgp-mode { 1783 base vxlan-peer-mode; 1784 description 1785 "VXLAN access by BGP EVPN learning."; 1786 } 1788 /* 1789 * Identities related to multicast 1790 */ 1792 identity multicast-gp-address-mapping { 1793 if-feature "multicast"; 1794 description 1795 "Base identity for multicast group mapping type."; 1796 } 1797 identity static-mapping { 1798 base multicast-gp-address-mapping; 1799 description 1800 "Static mapping, i.e., attach the interface to the 1801 multicast group as a static member."; 1802 } 1804 identity dynamic-mapping { 1805 base multicast-gp-address-mapping; 1806 description 1807 "Dynamic mapping, i.e., an interface is added to the 1808 multicast group as a result of snooping."; 1809 } 1811 identity multicast-tree-type { 1812 if-feature "multicast"; 1813 description 1814 "Base identity for multicast tree type."; 1815 } 1817 identity ssm-tree-type { 1818 base multicast-tree-type; 1819 description 1820 "Source-Specific Multicast (SSM) tree type."; 1821 } 1823 identity asm-tree-type { 1824 base multicast-tree-type; 1825 description 1826 "Any-Source Multicast (ASM) tree type."; 1827 } 1829 identity bidir-tree-type { 1830 base multicast-tree-type; 1831 description 1832 "Bidirectional tree type."; 1833 } 1835 identity multicast-rp-discovery-type { 1836 if-feature "multicast"; 1837 description 1838 "Base identity for Rendezvous Point (RP) discovery type."; 1839 } 1841 identity auto-rp { 1842 base multicast-rp-discovery-type; 1843 description 1844 "Auto-RP discovery type."; 1846 } 1848 identity static-rp { 1849 base multicast-rp-discovery-type; 1850 description 1851 "Static type."; 1852 } 1854 identity bsr-rp { 1855 base multicast-rp-discovery-type; 1856 description 1857 "Bootstrap Router (BSR) discovery type."; 1858 } 1860 identity group-management-protocol { 1861 if-feature "multicast"; 1862 description 1863 "Base identity for multicast group management protocol."; 1864 } 1866 identity igmp-proto { 1867 base group-management-protocol; 1868 description 1869 "IGMP."; 1870 reference 1871 "RFC 1112: Host Extensions for IP Multicasting 1872 RFC 2236: Internet Group Management Protocol, Version 2 1873 RFC 3376: Internet Group Management Protocol, Version 3"; 1874 } 1876 identity mld-proto { 1877 base group-management-protocol; 1878 description 1879 "MLD."; 1880 reference 1881 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6 1882 RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) 1883 for IPv6"; 1884 } 1886 identity pim-proto { 1887 if-feature "pim"; 1888 base routing-protocol-type; 1889 description 1890 "PIM."; 1891 reference 1892 "RFC 7761: Protocol Independent Multicast - Sparse Mode 1893 (PIM-SM): Protocol Specification (Revised)"; 1895 } 1897 identity igmp-version { 1898 if-feature "igmp"; 1899 description 1900 "Base identity for IGMP version."; 1901 } 1903 identity igmpv1 { 1904 base igmp-version; 1905 description 1906 "IGMPv1."; 1907 reference 1908 "RFC 1112: Host Extensions for IP Multicasting"; 1909 } 1911 identity igmpv2 { 1912 base igmp-version; 1913 description 1914 "IGMPv2."; 1915 reference 1916 "RFC 2236: Internet Group Management Protocol, Version 2"; 1917 } 1919 identity igmpv3 { 1920 base igmp-version; 1921 description 1922 "IGMPv2."; 1923 reference 1924 "RFC 3376: Internet Group Management Protocol, Version 3"; 1925 } 1927 identity mld-version { 1928 if-feature "mld"; 1929 description 1930 "Base identity for MLD version."; 1931 } 1933 identity mldv1 { 1934 base mld-version; 1935 description 1936 "MLDv1."; 1937 reference 1938 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6"; 1939 } 1941 identity mldv2 { 1942 base mld-version; 1943 description 1944 "MLDv2."; 1945 reference 1946 "RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) 1947 for IPv6"; 1948 } 1950 /* 1951 * Identities related to traffic types 1952 */ 1954 identity tf-type { 1955 description 1956 "Base identity for the traffic type."; 1957 } 1959 identity multicast-traffic { 1960 base tf-type; 1961 description 1962 "Multicast traffic."; 1963 } 1965 identity broadcast-traffic { 1966 base tf-type; 1967 description 1968 "Broadcast traffic."; 1969 } 1971 identity unknown-unicast-traffic { 1972 base tf-type; 1973 description 1974 "Unknown unicast traffic."; 1975 } 1977 /* 1978 * Identities related to customer applications 1979 */ 1981 identity customer-application { 1982 description 1983 "Base identity for customer applications."; 1984 } 1986 identity web { 1987 base customer-application; 1988 description 1989 "Web applications (e.g., HTTP, HTTPS)."; 1990 } 1991 identity mail { 1992 base customer-application; 1993 description 1994 "Mail application."; 1995 } 1997 identity file-transfer { 1998 base customer-application; 1999 description 2000 "File transfer application (e.g., FTP, SFTP)."; 2001 } 2003 identity database { 2004 base customer-application; 2005 description 2006 "Database application."; 2007 } 2009 identity social { 2010 base customer-application; 2011 description 2012 "Social-network application."; 2013 } 2015 identity games { 2016 base customer-application; 2017 description 2018 "Gaming application."; 2019 } 2021 identity p2p { 2022 base customer-application; 2023 description 2024 "Peer-to-peer application."; 2025 } 2027 identity network-management { 2028 base customer-application; 2029 description 2030 "Management application (e.g., Telnet, syslog, 2031 SNMP)."; 2032 } 2034 identity voice { 2035 base customer-application; 2036 description 2037 "Voice application."; 2038 } 2039 identity video { 2040 base customer-application; 2041 description 2042 "Video conference application."; 2043 } 2045 identity embb { 2046 base customer-application; 2047 description 2048 "Enhanced Mobile Broadband (eMBB) application. 2049 Note that an eMBB application demands network performance with a 2050 wide variety of characteristics, such as data rate, latency, 2051 loss rate, reliability, and many other parameters."; 2052 } 2054 identity urllc { 2055 base customer-application; 2056 description 2057 "Ultra-Reliable and Low Latency Communications 2058 (URLLC) application. Note that an URLLC application demands 2059 network performance with a wide variety of characteristics, such 2060 as latency, reliability, and many other parameters."; 2061 } 2063 identity mmtc { 2064 base customer-application; 2065 description 2066 "Massive Machine Type Communications (mMTC) application. 2067 Note that an mMTC application demands network performance with 2068 a wide variety of characteristics, such as data rate, latency, 2069 loss rate, reliability, and many other parameters."; 2070 } 2072 /* 2073 * Identities related to service bundling 2074 */ 2076 identity bundling-type { 2077 description 2078 "The base identity for the bundling type. It supports a subset or 2079 all CE-VLANs associated with an L2VPN service."; 2080 } 2082 identity multi-svc-bundling { 2083 base bundling-type; 2084 description 2085 "Multi-service bundling, i.e., multiple C-VLAN IDs 2086 can be associated with an L2VPN service at a site."; 2088 } 2090 identity one2one-bundling { 2091 base bundling-type; 2092 description 2093 "One-to-one service bundling, i.e., each L2VPN can 2094 be associated with only one C-VLAN ID at a site."; 2095 } 2097 identity all2one-bundling { 2098 base bundling-type; 2099 description 2100 "All-to-one bundling, i.e., all C-VLAN IDs are mapped 2101 to one L2VPN service."; 2102 } 2104 /* 2105 * Identities related to Ethernet Services 2106 */ 2108 identity control-mode { 2109 description 2110 "Base Identity for the type of control mode on Layer 2 2111 Control Protocol (L2CP)."; 2112 } 2114 identity peer { 2115 base control-mode; 2116 description 2117 "'peer' mode, i.e., participate in the protocol towards the CE. 2118 Peering is common for Link Aggregation Control Protocol (LACP) 2119 and the Ethernet Local Management Interface (E-LMI) and, 2120 occasionally, for Link Layer Discovery Protocol (LLDP). 2121 For VPLSs and VPWSs, the subscriber can also request that the 2122 peer service provider enables spanning tree."; 2123 } 2125 identity tunnel { 2126 base control-mode; 2127 description 2128 "'tunnel' mode, i.e., pass to the egress or destination site. For 2129 Ethernet Private Lines (EPLs), the expectation is that L2CP 2130 frames are tunnelled."; 2131 } 2133 identity discard { 2134 base control-mode; 2135 description 2136 "'Discard' mode, i.e., discard the frame."; 2137 } 2139 identity neg-mode { 2140 description 2141 "Base identity for the negotiation mode."; 2142 } 2144 identity full-duplex { 2145 base neg-mode; 2146 description 2147 "Full-duplex negotiation mode."; 2148 } 2150 identity auto-neg { 2151 base neg-mode; 2152 description 2153 "Auto-negotiation mode."; 2154 } 2156 /******** Collection of VPN-related Types ********/ 2158 typedef vpn-id { 2159 type string; 2160 description 2161 "Defines an identifier that is used with a VPN module. 2162 This can be, for example, a service identifier, a node 2163 identifier, etc."; 2164 } 2166 /******* VPN-related reusable groupings *******/ 2168 grouping vpn-description { 2169 description 2170 "Provides common VPN information."; 2171 leaf vpn-id { 2172 type vpn-common:vpn-id; 2173 description 2174 "A VPN identifier that uniquely identifies a VPN. 2175 This identifier has a local meaning, e.g., within 2176 a service provider network."; 2177 } 2178 leaf vpn-name { 2179 type string; 2180 description 2181 "A name used to refer to the VPN."; 2182 } 2183 leaf vpn-description { 2184 type string; 2185 description 2186 "Textual description of a VPN."; 2187 } 2188 leaf customer-name { 2189 type string; 2190 description 2191 "Name of the customer that actually uses the VPN."; 2192 } 2193 } 2195 grouping vpn-profile-cfg { 2196 description 2197 "Grouping for VPN Profile configuration."; 2198 container valid-provider-identifiers { 2199 description 2200 "Container for valid provider profile identifiers."; 2201 list external-connectivity-identifier { 2202 if-feature "external-connectivity"; 2203 key "id"; 2204 description 2205 "List for profile identifiers that uniquely identify profiles 2206 governing how external connectivity is provided to a VPN. 2207 A profile indicates the type of external connectivity 2208 (Internet, cloud, etc.), the sites/nodes that are associated 2209 with a connectivity profile, etc. A profile can also indicate 2210 filtering rules and/or address translation rules. Such 2211 features may involve PE, P, or dedicated nodes as a function 2212 of the deployment."; 2213 leaf id { 2214 type string; 2215 description 2216 "Identification of an external connectivity profile. The 2217 profile only has significance within the service provider's 2218 adminisitrative domain."; 2219 } 2220 } 2221 list encryption-profile-identifier { 2222 key "id"; 2223 description 2224 "List for encryption profile identifiers."; 2225 leaf id { 2226 type string; 2227 description 2228 "Identification of the encryption profile to be used. The 2229 profile only has significance within the service provider's 2230 adminisitrative domain."; 2231 } 2233 } 2234 list qos-profile-identifier { 2235 key "id"; 2236 description 2237 "List for QoS Profile Identifiers."; 2238 leaf id { 2239 type string; 2240 description 2241 "Identification of the QoS profile to be used. The 2242 profile only has significance within the service provider's 2243 adminisitrative domain."; 2244 } 2245 } 2246 list bfd-profile-identifier { 2247 key "id"; 2248 description 2249 "List for BFD profile identifiers."; 2250 leaf id { 2251 type string; 2252 description 2253 "Identification of the BFD profile to be used. The 2254 profile only has significance within the service provider's 2255 adminisitrative domain."; 2256 } 2257 } 2258 list forwarding-profile-identifier { 2259 key "id"; 2260 description 2261 "List for forwarding profile identifiers."; 2262 leaf id { 2263 type string; 2264 description 2265 "Identification of the Forwrding Profile Filter to be used. 2266 The profile only has significance within the service 2267 provider's adminisitrative domain."; 2268 } 2269 } 2270 list routing-profile-identifier { 2271 key "id"; 2272 description 2273 "List for Routing Profile Identifiers."; 2274 leaf id { 2275 type string; 2276 description 2277 "Identification of the routing profile to be used by the 2278 routing protocols within sites, vpn-network-accesses, or 2279 vpn-nodes for refering VRF's import/export policies. 2281 The profile only has significance within the service 2282 provider's adminisitrative domain."; 2283 } 2284 } 2285 nacm:default-deny-write; 2286 } 2287 } 2289 grouping oper-status-timestamp { 2290 description 2291 "This grouping defines some operational parameters for the 2292 service."; 2293 leaf status { 2294 type identityref { 2295 base operational-status; 2296 } 2297 config false; 2298 description 2299 "Operations status."; 2300 } 2301 leaf last-change { 2302 type yang:date-and-time; 2303 config false; 2304 description 2305 "Indicates the actual date and time of the service status 2306 change."; 2307 } 2308 } 2310 grouping service-status { 2311 description 2312 "Service status grouping."; 2313 container status { 2314 description 2315 "Service status."; 2316 container admin-status { 2317 description 2318 "Administrative service status."; 2319 leaf status { 2320 type identityref { 2321 base administrative-status; 2322 } 2323 description 2324 "Administrative service status."; 2325 } 2326 leaf last-change { 2327 type yang:date-and-time; 2328 description 2329 "Indicates the actual date and time of the service status 2330 change."; 2331 } 2332 } 2333 container oper-status { 2334 description 2335 "Operational service status."; 2336 uses oper-status-timestamp; 2337 } 2338 } 2339 } 2341 grouping underlay-transport { 2342 description 2343 "This grouping defines the type of underlay transport for the 2344 VPN service. It can include an identifier to an abstract 2345 transport instance to which the VPN is grafted or indicate a 2346 technical implementation that is expressed as an ordered list 2347 of protocols."; 2348 choice type { 2349 description 2350 "A choice based on the type of underlay transport 2351 constraints."; 2352 case abstract { 2353 description 2354 "Indicates that the transport constraint is an abstract 2355 concept."; 2356 leaf transport-instance-id { 2357 type string; 2358 description 2359 "An optional identifier of the abstract transport instance."; 2360 } 2361 leaf instance-type { 2362 type identityref { 2363 base transport-instance-type; 2364 } 2365 description 2366 "Indicates a transport instance type. For example, it can 2367 be a VPN+, an IETF network slice, a virtual network, etc."; 2368 } 2369 } 2370 case protocol { 2371 description 2372 "Indicates a list of protocols."; 2373 leaf-list protocol { 2374 type identityref { 2375 base protocol-type; 2376 } 2377 ordered-by user; 2378 description 2379 "A client ordered list of transport protocols."; 2380 } 2381 } 2382 } 2383 } 2385 grouping vpn-route-targets { 2386 description 2387 "A grouping that specifies Route Target (RT) import-export rules 2388 used in a BGP-enabled VPN."; 2389 reference 2390 "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs) 2391 RFC 4664: Framework for Layer 2 Virtual Private Networks 2392 (L2VPNs)"; 2393 list vpn-target { 2394 key "id"; 2395 description 2396 "Route targets. AND/OR operations are available 2397 based on the RTs assigment."; 2398 leaf id { 2399 type int8; 2400 description 2401 "Identifies each VPN Target."; 2402 } 2403 list route-targets { 2404 key "route-target"; 2405 description 2406 "List of RTs."; 2407 leaf route-target { 2408 type rt-types:route-target; 2409 description 2410 "Conveys an RT value."; 2411 } 2412 } 2413 leaf route-target-type { 2414 type rt-types:route-target-type; 2415 mandatory true; 2416 description 2417 "Import/export type of the RT."; 2418 } 2419 } 2420 container vpn-policies { 2421 description 2422 "VPN service policies. It contains references to the 2423 import and export policies to be associated with the 2424 VPN service."; 2426 leaf import-policy { 2427 type string; 2428 description 2429 "Defines the 'import' policy."; 2430 } 2431 leaf export-policy { 2432 type string; 2433 description 2434 "Defines the 'export' policy."; 2435 } 2436 } 2437 } 2439 grouping route-distinguisher { 2440 description 2441 "Grouping for route distinguisher (RD)."; 2442 choice rd-choice { 2443 description 2444 "Route distinguisher choice between several options 2445 on providing the route distinguisher value."; 2446 case directly-assigned { 2447 description 2448 "Explicitly assign an RD value."; 2449 leaf rd { 2450 type rt-types:route-distinguisher; 2451 description 2452 "Indicates an RD value that is explicitly 2453 assigned."; 2454 } 2455 } 2456 case directly-assigned-suffix { 2457 description 2458 "The value of the Assigned Number subfield of the RD. 2459 The Administrator subfield of the RD will be 2460 based on other configuration information such as 2461 router-id or ASN."; 2462 leaf rd-suffix { 2463 type uint16; 2464 description 2465 "Indicates the value of the Assigned Number 2466 subfield that is explicitly assigned."; 2467 } 2468 } 2469 case auto-assigned { 2470 description 2471 "The RD is auto-assigned."; 2472 container rd-auto { 2473 description 2474 "The RD is auto-assigned."; 2475 choice auto-mode { 2476 description 2477 "Indicates the auto-assignment mode. RD can be 2478 automatically assigned with or without 2479 indicating a pool from which the RD should be 2480 taken. 2482 For both cases, the server will auto-assign an RD 2483 value 'auto-assigned-rd' and use that value 2484 operationally."; 2485 case from-pool { 2486 leaf rd-pool-name { 2487 type string; 2488 description 2489 "The auto-assignment will be made from the pool 2490 identified by the rd-pool-name."; 2491 } 2492 } 2493 case full-auto { 2494 leaf auto { 2495 type empty; 2496 description 2497 "Indicates an RD is fully auto-assigned."; 2498 } 2499 } 2500 } 2501 leaf auto-assigned-rd { 2502 type rt-types:route-distinguisher; 2503 config false; 2504 description 2505 "The value of the auto-assigned RD."; 2506 } 2507 } 2508 } 2509 case auto-assigned-suffix { 2510 description 2511 "The value of the Assigned Number subfield will 2512 be auto-assigned. The Administrator subfield 2513 will be based on other configuration information such as 2514 router-id or ASN."; 2515 container rd-auto-suffix { 2516 description 2517 "The Assigned Number subfield is auto-assigned."; 2518 choice auto-mode { 2519 description 2520 "Indicates the auto-assignment mode of the Assigned Number 2521 subfield. This number can be automatically assigned 2522 with or without indicating a pool from which the value 2523 should be taken. 2525 For both cases, the server will auto-assign 2526 'auto-assigned-rd-suffix' and use that value to build 2527 the RD that will be used operationally."; 2528 case from-pool { 2529 leaf rd-pool-name { 2530 type string; 2531 description 2532 "The assignment will be made from the pool identified 2533 by the rd-pool-name."; 2534 } 2535 } 2536 case full-auto { 2537 leaf auto { 2538 type empty; 2539 description 2540 "Indicates that the Assigned Number is fully auto 2541 assigned."; 2542 } 2543 } 2544 } 2545 leaf auto-assigned-rd-suffix { 2546 type uint16; 2547 config false; 2548 description 2549 "Includes the value of the Assigned Number subfield that 2550 is auto-assigned ."; 2551 } 2552 } 2553 } 2554 case no-rd { 2555 description 2556 "Use the empty type to indicate RD has no value and is not to 2557 be auto-assigned."; 2558 leaf no-rd { 2559 type empty; 2560 description 2561 "No RD is assigned."; 2562 } 2563 } 2564 } 2565 } 2567 grouping vpn-components-group { 2568 description 2569 "Grouping definition to assign group-ids to associate VPN nodes, 2570 sites, or network accesses."; 2571 container groups { 2572 description 2573 "Lists the groups to which a VPN node,a site, or a network 2574 access belongs to."; 2575 list group { 2576 key "group-id"; 2577 description 2578 "List of group-ids."; 2579 leaf group-id { 2580 type string; 2581 description 2582 "Is the group-id to which a VPN node, a site, or a network 2583 access belongs to."; 2584 } 2585 } 2586 } 2587 } 2589 grouping placement-constraints { 2590 description 2591 "Constraints for placing a network access."; 2592 list constraint { 2593 key "constraint-type"; 2594 description 2595 "List of constraints."; 2596 leaf constraint-type { 2597 type identityref { 2598 base placement-diversity; 2599 } 2600 description 2601 "Diversity constraint type."; 2602 } 2603 container target { 2604 description 2605 "The constraint will apply against this list of groups."; 2606 choice target-flavor { 2607 description 2608 "Choice for the group definition."; 2609 case id { 2610 list group { 2611 key "group-id"; 2612 description 2613 "List of groups."; 2614 leaf group-id { 2615 type string; 2616 description 2617 "The constraint will apply against this particular 2618 group-id."; 2619 } 2620 } 2621 } 2622 case all-accesses { 2623 leaf all-other-accesses { 2624 type empty; 2625 description 2626 "The constraint will apply against all other network 2627 accesses of a site."; 2628 } 2629 } 2630 case all-groups { 2631 leaf all-other-groups { 2632 type empty; 2633 description 2634 "The constraint will apply against all other groups that 2635 the customer is managing."; 2636 } 2637 } 2638 } 2639 } 2640 } 2641 } 2643 grouping ports { 2644 description 2645 "Choice of specifying a source or destination port numbers."; 2646 choice source-port { 2647 description 2648 "Choice of specifying the source port or referring to a group 2649 of source port numbers."; 2650 container source-port-range-or-operator { 2651 description 2652 "Source port definition."; 2653 uses packet-fields:port-range-or-operator; 2654 } 2655 } 2656 choice destination-port { 2657 description 2658 "Choice of specifying a destination port or referring to a group 2659 of destination port numbers."; 2660 container destination-port-range-or-operator { 2661 description 2662 "Destination port definition."; 2663 uses packet-fields:port-range-or-operator; 2664 } 2665 } 2667 } 2669 grouping qos-classification-policy { 2670 description 2671 "Configuration of the traffic classification policy."; 2672 list rule { 2673 key "id"; 2674 ordered-by user; 2675 description 2676 "List of marking rules."; 2677 leaf id { 2678 type string; 2679 description 2680 "An identifier of the QoS classification policy rule."; 2681 } 2682 choice match-type { 2683 default "match-flow"; 2684 description 2685 "Choice for classification."; 2686 case match-flow { 2687 choice l3 { 2688 description 2689 "Either IPv4 or IPv6."; 2690 container ipv4 { 2691 description 2692 "Rule set that matches IPv4 header."; 2693 uses packet-fields:acl-ip-header-fields; 2694 uses packet-fields:acl-ipv4-header-fields; 2695 } 2696 container ipv6 { 2697 description 2698 "Rule set that matches IPv6 header."; 2699 uses packet-fields:acl-ip-header-fields; 2700 uses packet-fields:acl-ipv6-header-fields; 2701 } 2702 } 2703 choice l4 { 2704 description 2705 "Includes Layer 4 specific information. 2706 This version focuses on TCP and UDP."; 2707 container tcp { 2708 description 2709 "Rule set that matches TCP header."; 2710 uses packet-fields:acl-tcp-header-fields; 2711 uses ports; 2712 } 2713 container udp { 2714 description 2715 "Rule set that matches UDP header."; 2716 uses packet-fields:acl-udp-header-fields; 2717 uses ports; 2718 } 2719 } 2720 } 2721 case match-application { 2722 leaf match-application { 2723 type identityref { 2724 base customer-application; 2725 } 2726 description 2727 "Defines the application to match."; 2728 } 2729 } 2730 } 2731 leaf target-class-id { 2732 if-feature "qos"; 2733 type string; 2734 description 2735 "Identification of the class of service. This identifier is 2736 internal to the administration."; 2737 } 2738 } 2739 } 2740 } 2741 2743 5. Security Considerations 2745 The YANG modules specified in this document define schemas for data 2746 that is designed to be accessed via network management protocols such 2747 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 2748 is the secure transport layer, and the mandatory-to-implement secure 2749 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 2750 is HTTPS, and the mandatory-to-implement secure transport is TLS 2751 [RFC8446]. 2753 The Network Configuration Access Control Model (NACM) [RFC8341] 2754 provides the means to restrict access for particular NETCONF or 2755 RESTCONF users to a preconfigured subset of all available NETCONF or 2756 RESTCONF protocol operations and content. 2758 The "ietf-vpn-common" module defines a set of identities, types, and 2759 groupings. These nodes are intended to be reused by other YANG 2760 modules. The module does not expose by itself any data nodes which 2761 are writable, contain read-only state, or RPCs. As such, there are 2762 no additional security issues to be considered relating to the "ietf- 2763 vpn-common" module. 2765 6. IANA Considerations 2767 This document requests IANA to register the following URI in the "ns" 2768 subregistry within the "IETF XML Registry" [RFC3688]: 2770 URI: urn:ietf:params:xml:ns:yang:ietf-vpn-common 2771 Registrant Contact: The IESG. 2772 XML: N/A; the requested URI is an XML namespace. 2774 This document requests IANA to register the following YANG module in 2775 the "YANG Module Names" subregistry [RFC6020] within the "YANG 2776 Parameters" registry. 2778 name: ietf-vpn-common 2779 namespace: urn:ietf:params:xml:ns:yang:ietf-vpn-common 2780 maintained by IANA: N 2781 prefix: vpn-common 2782 reference: RFC XXXX 2784 7. Acknowledgements 2786 During the discussions of this work, helpful comments and reviews 2787 were received from (listed alphabetically): Alejandro Aguado, Raul 2788 Arco, Miguel Cros Cecilia, Joe Clarke, Dhruv Dhody, Adrian Farrel, 2789 Roque Gagliano, Christian Jacquenet, Kireeti Kompella, Julian Lucek, 2790 Tom Petch, Erez Segev, and Paul Sherratt. Many thanks to them. 2792 This work is partially supported by the European Commission under 2793 Horizon 2020 grant agreement number 101015857 Secured autonomic 2794 traffic management for a Tera of SDN flows (Teraflow). 2796 Many thanks to Radek Krejci for the yangdoctors review, Wesley Eddy 2797 for the tsvart review, and Ron Bonica for the Rtgdir review. 2799 Special thanks to Robert Wilton for the AD review. 2801 8. Contributors 2802 Italo Busi 2803 Huawei Technologies 2804 Email: Italo.Busi@huawei.com 2806 Luis Angel Munoz 2807 Vodafone 2808 Email: luis-angel.munoz@vodafone.com 2810 Victor Lopez Alvarez 2811 Telefonica 2812 Email: victor.lopezalvarez@telefonica.com 2814 9. References 2816 9.1. Normative References 2818 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2819 DOI 10.17487/RFC3688, January 2004, 2820 . 2822 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 2823 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 2824 2006, . 2826 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2827 the Network Configuration Protocol (NETCONF)", RFC 6020, 2828 DOI 10.17487/RFC6020, October 2010, 2829 . 2831 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2832 and A. Bierman, Ed., "Network Configuration Protocol 2833 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2834 . 2836 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2837 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2838 . 2840 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2841 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2842 . 2844 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2845 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2846 . 2848 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2849 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2850 . 2852 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 2853 "Common YANG Data Types for the Routing Area", RFC 8294, 2854 DOI 10.17487/RFC8294, December 2017, 2855 . 2857 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2858 Access Control Model", STD 91, RFC 8341, 2859 DOI 10.17487/RFC8341, March 2018, 2860 . 2862 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2863 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2864 . 2866 [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 2867 "YANG Data Model for Network Access Control Lists (ACLs)", 2868 RFC 8519, DOI 10.17487/RFC8519, March 2019, 2869 . 2871 9.2. Informative References 2873 [I-D.ietf-opsawg-l2nm] 2874 Barguil, S., Dios, O. G. D., Boucadair, M., and L. A. 2875 Munoz, "A Layer 2 VPN Network YANG Model", draft-ietf- 2876 opsawg-l2nm-02 (work in progress), April 2021. 2878 [I-D.ietf-opsawg-l3sm-l3nm] 2879 Barguil, S., Dios, O. G. D., Boucadair, M., Munoz, L. A., 2880 and A. Aguado, "A Layer 3 VPN Network YANG Model", draft- 2881 ietf-opsawg-l3sm-l3nm-08 (work in progress), April 2021. 2883 [I-D.ietf-teas-actn-vn-yang] 2884 Lee, Y., Dhody, D., Ceccarelli, D., Bryskin, I., and B. Y. 2885 Yoon, "A YANG Data Model for VN Operation", draft-ietf- 2886 teas-actn-vn-yang-11 (work in progress), February 2021. 2888 [I-D.ietf-teas-enhanced-vpn] 2889 Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A 2890 Framework for Enhanced Virtual Private Network (VPN+) 2891 Services", draft-ietf-teas-enhanced-vpn-07 (work in 2892 progress), February 2021. 2894 [I-D.ietf-teas-ietf-network-slice-framework] 2895 Gray, E. and J. Drake, "Framework for IETF Network 2896 Slices", draft-ietf-teas-ietf-network-slice-framework-00 2897 (work in progress), March 2021. 2899 [IEEE802.1ad] 2900 "Virtual Bridged Local Area Networks Amendment 4: Provider 2901 Bridges", IEEE Std 802.1ad-2005, 2006. 2903 [IEEE802.1AX] 2904 "Link Aggregation", IEEE Std 802.1AX-2020, 2020. 2906 [IEEE802.1Q] 2907 "Bridges and Bridged Networks", IEEE Std 802.1Q-2018, July 2908 2018. 2910 [ISO10589] 2911 ISO, "Intermediate System to Intermediate System intra- 2912 domain routeing information exchange protocol for use in 2913 conjunction with the protocol for providing the 2914 connectionless-mode network service (ISO 8473)", 2002, 2915 . 2917 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 2918 DOI 10.17487/RFC0791, September 1981, 2919 . 2921 [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, 2922 RFC 1112, DOI 10.17487/RFC1112, August 1989, 2923 . 2925 [RFC1701] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic 2926 Routing Encapsulation (GRE)", RFC 1701, 2927 DOI 10.17487/RFC1701, October 1994, 2928 . 2930 [RFC1702] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic 2931 Routing Encapsulation over IPv4 networks", RFC 1702, 2932 DOI 10.17487/RFC1702, October 1994, 2933 . 2935 [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, 2936 DOI 10.17487/RFC2003, October 1996, 2937 . 2939 [RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080, 2940 DOI 10.17487/RFC2080, January 1997, 2941 . 2943 [RFC2236] Fenner, W., "Internet Group Management Protocol, Version 2944 2", RFC 2236, DOI 10.17487/RFC2236, November 1997, 2945 . 2947 [RFC2453] Malkin, G., "RIP Version 2", STD 56, RFC 2453, 2948 DOI 10.17487/RFC2453, November 1998, 2949 . 2951 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 2952 IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, 2953 December 1998, . 2955 [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast 2956 Listener Discovery (MLD) for IPv6", RFC 2710, 2957 DOI 10.17487/RFC2710, October 1999, 2958 . 2960 [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., 2961 and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP 2962 Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001, 2963 . 2965 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 2966 Thyagarajan, "Internet Group Management Protocol, Version 2967 3", RFC 3376, DOI 10.17487/RFC3376, October 2002, 2968 . 2970 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 2971 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 2972 DOI 10.17487/RFC3810, June 2004, 2973 . 2975 [RFC3931] Lau, J., Ed., Townsley, M., Ed., and I. Goyret, Ed., 2976 "Layer Two Tunneling Protocol - Version 3 (L2TPv3)", 2977 RFC 3931, DOI 10.17487/RFC3931, March 2005, 2978 . 2980 [RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned Virtual 2981 Private Network (VPN) Terminology", RFC 4026, 2982 DOI 10.17487/RFC4026, March 2005, 2983 . 2985 [RFC4176] El Mghazli, Y., Ed., Nadeau, T., Boucadair, M., Chan, K., 2986 and A. Gonguet, "Framework for Layer 3 Virtual Private 2987 Networks (L3VPN) Operations and Management", RFC 4176, 2988 DOI 10.17487/RFC4176, October 2005, 2989 . 2991 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 2992 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 2993 DOI 10.17487/RFC4271, January 2006, 2994 . 2996 [RFC4577] Rosen, E., Psenak, P., and P. Pillay-Esnault, "OSPF as the 2997 Provider/Customer Edge Protocol for BGP/MPLS IP Virtual 2998 Private Networks (VPNs)", RFC 4577, DOI 10.17487/RFC4577, 2999 June 2006, . 3001 [RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer 3002 2 Virtual Private Networks (L2VPNs)", RFC 4664, 3003 DOI 10.17487/RFC4664, September 2006, 3004 . 3006 [RFC4761] Kompella, K., Ed. and Y. Rekhter, Ed., "Virtual Private 3007 LAN Service (VPLS) Using BGP for Auto-Discovery and 3008 Signaling", RFC 4761, DOI 10.17487/RFC4761, January 2007, 3009 . 3011 [RFC4762] Lasserre, M., Ed. and V. Kompella, Ed., "Virtual Private 3012 LAN Service (VPLS) Using Label Distribution Protocol (LDP) 3013 Signaling", RFC 4762, DOI 10.17487/RFC4762, January 2007, 3014 . 3016 [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", 3017 RFC 4960, DOI 10.17487/RFC4960, September 2007, 3018 . 3020 [RFC5036] Andersson, L., Ed., Minei, I., Ed., and B. Thomas, Ed., 3021 "LDP Specification", RFC 5036, DOI 10.17487/RFC5036, 3022 October 2007, . 3024 [RFC5798] Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP) 3025 Version 3 for IPv4 and IPv6", RFC 5798, 3026 DOI 10.17487/RFC5798, March 2010, 3027 . 3029 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 3030 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 3031 . 3033 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 3034 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 3035 2012, . 3037 [RFC6565] Pillay-Esnault, P., Moyer, P., Doyle, J., Ertekin, E., and 3038 M. Lundberg, "OSPFv3 as a Provider Edge to Customer Edge 3039 (PE-CE) Routing Protocol", RFC 6565, DOI 10.17487/RFC6565, 3040 June 2012, . 3042 [RFC6624] Kompella, K., Kothari, B., and R. Cherukuri, "Layer 2 3043 Virtual Private Networks Using BGP for Auto-Discovery and 3044 Signaling", RFC 6624, DOI 10.17487/RFC6624, May 2012, 3045 . 3047 [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, 3048 L., Sridhar, T., Bursell, M., and C. Wright, "Virtual 3049 eXtensible Local Area Network (VXLAN): A Framework for 3050 Overlaying Virtualized Layer 2 Networks over Layer 3 3051 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, 3052 . 3054 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 3055 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 3056 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 3057 2015, . 3059 [RFC7510] Xu, X., Sheth, N., Yong, L., Callon, R., and D. Black, 3060 "Encapsulating MPLS in UDP", RFC 7510, 3061 DOI 10.17487/RFC7510, April 2015, 3062 . 3064 [RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W. 3065 Henderickx, "Provider Backbone Bridging Combined with 3066 Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623, 3067 September 2015, . 3069 [RFC7676] Pignataro, C., Bonica, R., and S. Krishnan, "IPv6 Support 3070 for Generic Routing Encapsulation (GRE)", RFC 7676, 3071 DOI 10.17487/RFC7676, October 2015, 3072 . 3074 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 3075 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 3076 Multicast - Sparse Mode (PIM-SM): Protocol Specification 3077 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 3078 2016, . 3080 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 3081 (IPv6) Specification", STD 86, RFC 8200, 3082 DOI 10.17487/RFC8200, July 2017, 3083 . 3085 [RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J. 3086 Rabadan, "Virtual Private Wire Service Support in Ethernet 3087 VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017, 3088 . 3090 [RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address 3091 Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017, 3092 . 3094 [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, 3095 "YANG Data Model for L3VPN Service Delivery", RFC 8299, 3096 DOI 10.17487/RFC8299, January 2018, 3097 . 3099 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 3100 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 3101 . 3103 [RFC8365] Sajassi, A., Ed., Drake, J., Ed., Bitar, N., Shekhar, R., 3104 Uttaro, J., and W. Henderickx, "A Network Virtualization 3105 Overlay Solution Using Ethernet VPN (EVPN)", RFC 8365, 3106 DOI 10.17487/RFC8365, March 2018, 3107 . 3109 [RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for 3110 Abstraction and Control of TE Networks (ACTN)", RFC 8453, 3111 DOI 10.17487/RFC8453, August 2018, 3112 . 3114 [RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG 3115 Data Model for Layer 2 Virtual Private Network (L2VPN) 3116 Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October 3117 2018, . 3119 [RFC8512] Boucadair, M., Ed., Sivakumar, S., Jacquenet, C., 3120 Vinapamula, S., and Q. Wu, "A YANG Module for Network 3121 Address Translation (NAT) and Network Prefix Translation 3122 (NPT)", RFC 8512, DOI 10.17487/RFC8512, January 2019, 3123 . 3125 [RFC8660] Bashandy, A., Ed., Filsfils, C., Ed., Previdi, S., 3126 Decraene, B., Litkowski, S., and R. Shakir, "Segment 3127 Routing with the MPLS Data Plane", RFC 8660, 3128 DOI 10.17487/RFC8660, December 2019, 3129 . 3131 [RFC8663] Xu, X., Bryant, S., Farrel, A., Hassan, S., Henderickx, 3132 W., and Z. Li, "MPLS Segment Routing over IP", RFC 8663, 3133 DOI 10.17487/RFC8663, December 2019, 3134 . 3136 [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., 3137 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 3138 (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, 3139 . 3141 [RFC8926] Gross, J., Ed., Ganga, I., Ed., and T. Sridhar, Ed., 3142 "Geneve: Generic Network Virtualization Encapsulation", 3143 RFC 8926, DOI 10.17487/RFC8926, November 2020, 3144 . 3146 Appendix A. Example of Common Data Nodes in Early L2NM/L3NM Designs 3148 In order to avoid data nodes duplication and to ease passing data 3149 among layers (i.e., from the service layer to the network layer and 3150 vice versa), early versions of the L3NM reused many of the data nodes 3151 that are defined in the L3SM. Nevertheless, that approach was 3152 abandoned because that design was interpreted as if the deployment of 3153 L3NM depends on L3SM, while this is not required. For example, a 3154 service provider may decide to use the L3NM to build its L3VPN 3155 services without exposing the L3SM to customers. 3157 Likewise, early versions of the L2NM reused many of the data nodes 3158 that are defined in both L2SM and L3NM. An example of L3NM groupings 3159 reused in L2NM is shown in Figure 5. Such data nodes reuse was 3160 interpreted as if the deployment of the L2NM requires the support of 3161 the L3NM; which is not required. 3163 module ietf-l2vpn-ntw { 3164 ... 3165 import ietf-l3vpn-ntw { 3166 prefix l3vpn-ntw; 3167 reference 3168 "RFC NNNN: A Layer 3 VPN Network YANG Model"; 3169 } 3170 ... 3171 container l2vpn-ntw { 3172 ... 3173 container vpn-services { 3174 list vpn-service { 3175 ... 3176 uses l3vpn-ntw:service-status; 3177 uses l3vpn-ntw:svc-transport-encapsulation; 3178 ... 3179 } 3180 } 3181 ... 3182 } 3183 } 3185 Figure 5: Excerpt from the L2NM YANG Module 3187 Authors' Addresses 3189 Samier Barguil 3190 Telefonica 3191 Madrid 3192 Spain 3194 Email: samier.barguilgiraldo.ext@telefonica.com 3196 Oscar Gonzalez de Dios (editor) 3197 Telefonica 3198 Madrid 3199 Spain 3201 Email: oscar.gonzalezdedios@telefonica.com 3203 Mohamed Boucadair (editor) 3204 Orange 3205 France 3207 Email: mohamed.boucadair@orange.com 3208 Qin Wu 3209 Huawei 3210 101 Software Avenue, Yuhua District 3211 Nanjing, Jiangsu 210012 3212 China 3214 Email: bill.wu@huawei.com