idnits 2.17.1 draft-ietf-opsawg-vpn-common-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 34 instances of too long lines in the document, the longest one being 4 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 204 has weird spacing: '... +-- id stri...' == Line 206 has weird spacing: '... +-- id stri...' == Line 208 has weird spacing: '... +-- id stri...' == Line 210 has weird spacing: '... +-- id stri...' == Line 212 has weird spacing: '... +-- id stri...' == (8 more instances...) -- The document date (29 September 2021) is 939 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-19) exists of draft-ietf-opsawg-l2nm-06 == Outdated reference: A later version (-18) exists of draft-ietf-opsawg-l3sm-l3nm-15 == Outdated reference: A later version (-24) exists of draft-ietf-teas-actn-vn-yang-12 == Outdated reference: A later version (-17) exists of draft-ietf-teas-enhanced-vpn-08 == Outdated reference: A later version (-25) exists of draft-ietf-teas-ietf-network-slices-04 -- Obsolete informational reference (is this intentional?): RFC 4960 (Obsoleted by RFC 9260) Summary: 1 error (**), 0 flaws (~~), 12 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 opsawg S. Barguil 3 Internet-Draft O. Gonzalez de Dios, Ed. 4 Intended status: Standards Track Telefonica 5 Expires: 2 April 2022 M. Boucadair, Ed. 6 Orange 7 Q. Wu 8 Huawei 9 29 September 2021 11 A Layer 2/3 VPN Common YANG Model 12 draft-ietf-opsawg-vpn-common-12 14 Abstract 16 This document defines a common YANG module that is meant to be reused 17 by various VPN-related modules such as Layer 3 VPN and Layer 2 VPN 18 network models. 20 Editorial Note (To be removed by RFC Editor) 22 Please update these statements within the document with the RFC 23 number to be assigned to this document: 25 * "This version of this YANG module is part of RFC XXXX;" 27 * "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 29 * reference: RFC XXXX 31 Also, please update the "revision" date of the YANG module. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on 2 April 2022. 50 Copyright Notice 52 Copyright (c) 2021 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 57 license-info) in effect on the date of publication of this document. 58 Please review these documents carefully, as they describe your rights 59 and restrictions with respect to this document. Code Components 60 extracted from this document must include Simplified BSD License text 61 as described in Section 4.e of the Trust Legal Provisions and are 62 provided without warranty as described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 3. Description of the VPN Common YANG Module . . . . . . . . . . 3 69 4. Layer 2/3 VPN Common Module . . . . . . . . . . . . . . . . . 13 70 5. Security Considerations . . . . . . . . . . . . . . . . . . . 59 71 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60 72 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 60 73 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 61 74 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 61 75 9.1. Normative References . . . . . . . . . . . . . . . . . . 61 76 9.2. Informative References . . . . . . . . . . . . . . . . . 62 77 Appendix A. Example of Common Data Nodes in Early L2NM/L3NM 78 Designs . . . . . . . . . . . . . . . . . . . . . . . . . 69 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 69 81 1. Introduction 83 The IETF has specified YANG data modules for VPN services, e.g., 84 Layer 3 VPN Service Model (L3SM) [RFC8299] or Layer 2 VPN Service 85 Model (L2SM) [RFC8466]. Other relevant YANG models are the Layer 3 86 VPN Network Model (L3NM) [I-D.ietf-opsawg-l3sm-l3nm] and the Layer 2 87 VPN Network Model (L2NM) [I-D.ietf-opsawg-l2nm]. There are common 88 data nodes and structures that are present in all of these models or 89 at least a subset of them. 91 This document defines a common YANG module that is meant to be reused 92 by various VPN-related modules such as L3NM 93 [I-D.ietf-opsawg-l3sm-l3nm] and L2NM [I-D.ietf-opsawg-l2nm]: "ietf- 94 vpn-common" (Section 4). 96 The "ietf-vpn-common" module includes a set of identities, types, and 97 groupings that are meant to be reused by other VPN-related YANG 98 modules independently of their layer (e.g., Layer 2, Layer 3) and the 99 type of the module (e.g., network model, service model) including 100 possible future revisions of existing models (e.g., L3SM [RFC8299] or 101 L2SM [RFC8466]). 103 2. Terminology 105 The terminology for describing YANG modules is defined in [RFC7950]. 107 The meaning of the symbols in tree diagrams is defined in [RFC8340]. 109 The reader may refer to [RFC4026] and [RFC4176] for VPN-related 110 terms. 112 The document inherits many terms from [RFC8299] and [RFC8466] (e.g., 113 Enhanced Mobile Broadband (eMBB), Ultra-Reliable and Low Latency 114 Communications (URLLC), Massive Machine Type Communications (mMTC)). 116 3. Description of the VPN Common YANG Module 118 The "ietf-vpn-common" module defines a set of common VPN-related 119 features, including: 121 Encapsulation features such as: 122 * Dot1q [IEEE802.1Q], 124 * QinQ [IEEE802.1ad], 126 * link aggregation [IEEE802.1AX], and 128 * Virtual eXtensible Local Area Network (VXLAN) [RFC7348]. 130 Multicast [RFC6513]. 132 Routing features such as: 133 * BGP [RFC4271], 135 * OSPF [RFC4577][RFC6565], 137 * IS-IS [ISO10589], 139 * RIP [RFC2080][RFC2453], 141 * Bidirectional Forwarding Detection (BFD) [RFC5880][RFC7880], 142 and 144 * Virtual Router Redundancy Protocol (VRRP) [RFC5798]. 146 Also, the module defines a set of identities, including: 148 'service-type': Used to identify the VPN service type. Examples of 149 supported service types are: 151 * L3VPN, 153 * Virtual Private LAN Service (VPLS) using BGP [RFC4761], 155 * VPLS using Label Distribution Protocol (LDP) [RFC4762], 157 * Virtual Private Wire Service (VPWS) [RFC8214], 159 * BGP MPLS-Based Ethernet VPN [RFC7432], 161 * Ethernet VPN (EVPN) [RFC8365], and 163 * Provider Backbone Bridging Combined with Ethernet VPN 164 (PBB-EVPN) [RFC7623]. 166 'vpn-signaling-type': Used to identify the signaling mode used for a 167 given service type. Examples of supported VPN signaling types 168 are: 170 * L2VPNs using BGP [RFC6624]. 172 * LDP [RFC5036], and 174 * Layer Two Tunneling Protocol (L2TP) [RFC3931]. 176 The module covers both IPv4 [RFC0791] and IPv6 [RFC8200] identities. 177 It also includes multicast related identities such as Internet Group 178 Management Protocol version 1 (IGMPv1) [RFC1112], IGMPv2 [RFC2236], 179 IGMPv3 [RFC3376], Multicast Listener Discovery version 1 (MLDv1) 180 [RFC2710], MLDv2 [RFC3810], and Protocol Independent Multicast (PIM) 181 [RFC7761]. 183 The reader should refer to Section 4 for the full list of supported 184 identities (identities related to address families, VPN topologies, 185 network access types, operational and administrative status, site or 186 node roles, VPN service constraints, routing protocols, routes 187 imports and exports, bandwidth and Quality of Service (QoS), etc.). 189 The "ietf-vpn-common" module also contains a set of reusable VPN- 190 related groupings. The tree diagram of the "ietf-vpn-common" module 191 that depicts the common groupings is provided in Figure 1. 193 module: ietf-vpn-common 195 grouping vpn-description 196 +-- vpn-id? vpn-id 197 +-- vpn-name? string 198 +-- vpn-description? string 199 +-- customer-name? string 200 grouping vpn-profile-cfg 201 +-- valid-provider-identifiers 202 +-- external-connectivity-identifier* [id] 203 | {external-connectivity}? 204 | +-- id string 205 +-- encryption-profile-identifier* [id] 206 | +-- id string 207 +-- qos-profile-identifier* [id] 208 | +-- id string 209 +-- bfd-profile-identifier* [id] 210 | +-- id string 211 +-- forwarding-profile-identifier* [id] 212 | +-- id string 213 +-- routing-profile-identifier* [id] 214 +-- id string 215 grouping oper-status-timestamp 216 +--ro status? identityref 217 +--ro last-change? yang:date-and-time 218 grouping service-status 219 +-- status 220 +-- admin-status 221 | +-- status? identityref 222 | +-- last-change? yang:date-and-time 223 +-- oper-status 224 +--ro status? identityref 225 +--ro last-change? yang:date-and-time 226 grouping underlay-transport 227 +-- (type)? 228 +--:(abstract) 229 | +-- transport-instance-id? string 230 +--:(protocol) 231 +-- protocol* identityref 232 grouping vpn-route-targets 233 +-- vpn-target* [id] 234 | +-- id uint8 235 | +-- route-targets* [route-target] 236 | | +-- route-target rt-types:route-target 237 | +-- route-target-type rt-types:route-target-type 238 +-- vpn-policies 239 +-- import-policy? string 240 +-- export-policy? string 242 grouping route-distinguisher 243 ... 244 grouping vpn-components-group 245 +-- groups 246 +-- group* [group-id] 247 +-- group-id string 248 grouping placement-constraints 249 +-- constraint* [constraint-type] 250 +-- constraint-type? identityref 251 +-- target 252 +-- (target-flavor)? 253 +--:(id) 254 | +-- group* [group-id] 255 | +-- group-id string 256 +--:(all-accesses) 257 | +-- all-other-accesses? empty 258 +--:(all-groups) 259 +-- all-other-groups? empty 260 grouping ports 261 ... 262 grouping qos-classification-policy 263 ... 265 Figure 1: VPN Common Tree 267 The description of the common groupings is provided below: 269 'vpn-description': 270 A YANG grouping that provides common administrative VPN 271 information such as an identifier, a name, a textual 272 description, and a customer name. 274 'vpn-profile-cfg': 275 A YANG grouping that defines a set of valid profiles 276 (encryption, routing, forwarding, etc.) that can be bound to a 277 Layer 2/3 VPN. This document does not make any assumption 278 about the structure of such profiles, but allows "gluing" a VPN 279 service with other parameters that can be required locally to 280 provide added value features to requesting customers. 282 For example, a service provider may provide an external 283 connectivity to a VPN customer (e.g., to a private or public 284 cloud, Internet). Such service may involve tweaking both 285 filtering and NAT rules (e.g., bind a Virtual Routing and 286 Forwarding (VRF) interface with a NAT instance as discussed in 287 Section 2.10 of [RFC8512]). These added value features may be 288 bound to all or a subset of network accesses. Some of these 289 added value features may be implemented in nodes other than PEs 290 (e.g., a P node or even a dedicated node that hosts the NAT 291 function). 293 It is out of the scope of this document to elaborate the 294 structure of these profiles. 296 'oper-status-timestamp': 297 A YANG grouping that defines the operational status updates of 298 a VPN service or component. 300 'service-status': 301 A YANG grouping that defines the administrative and operational 302 status of a component. The grouping can be applied to the 303 whole service or an endpoint. 305 'underlay-transport': 306 A YANG grouping that defines the type of the underlay transport 307 for a VPN service or how that underlay is set. 309 The underlay transport can be expressed as an abstract 310 transport instance (e.g., an identifier of a VPN+ instance 311 [I-D.ietf-teas-enhanced-vpn], a virtual network identifier 312 [I-D.ietf-teas-actn-vn-yang][RFC8453], or a network slice name 313 [I-D.ietf-teas-ietf-network-slices]) or as an ordered list of 314 the actual protocols to be enabled in the network. 316 The module supports a rich set of protocol identifiers that can 317 be used, e.g., to refer to an underlay transport. Examples of 318 supported protocols are: 320 - IP-in-IP [RFC2003][RFC2473], 322 - GRE [RFC1701][RFC1702][RFC7676], 324 - MPLS-in-UDP [RFC7510], 326 - Generic Network Virtualization Encapsulation (GENEVE) 327 [RFC8926], 329 - Segment Routing (SR) [RFC8660][RFC8663][RFC8754], 330 - Resource ReSerVation Protocol (RSVP) with traffic 331 engineering extensions [RFC3209], and 333 - BGP with labeled prefixes [RFC8277]. 335 'vpn-route-targets': 336 A YANG grouping that defines Route Target (RT) import/export 337 rules used in a BGP-enabled VPN. This grouping can be used for 338 both L3VPNs [RFC4364] and L2VPNs[RFC4664]. Note that this is 339 modelled as a list to ease the reuse of this grouping in 340 modules where an RT identifier is needed (e.g., associate an 341 operator with RTs). 343 'route-distinguisher': 344 A YANG grouping that defines Route Distinguishers (RDs). 346 As depicted in Figure 2, the module supports these RD 347 assignment modes: direct assignment, automatic assignment from 348 a given pool, automatic assignment, and no assignment. 350 Also, the module accommodates deployments where only the 351 Assigned Number subfield of RDs (Section 4.2 of [RFC4364]) is 352 assigned from a pool while the Administrator subfield is set 353 to, e.g., the router-id that is assigned to a VPN node. The 354 module supports these modes for managing the Assigned Number 355 subfield: explicit assignment, auto-assignment from a pool, and 356 full auto-assignment. 358 grouping route-distinguisher 359 +-- (rd-choice)? 360 +--:(directly-assigned) 361 | +-- rd? rt-types:route-distinguisher 362 +--:(directly-assigned-suffix) 363 | +-- rd-suffix? uint16 364 +--:(auto-assigned) 365 | +-- rd-auto 366 | +-- (auto-mode)? 367 | | +--:(from-pool) 368 | | | +-- rd-pool-name? string 369 | | +--:(full-auto) 370 | | +-- auto? empty 371 | +--ro auto-assigned-rd? rt-types:route-distinguisher 372 +--:(auto-assigned-suffix) 373 | +-- rd-auto-suffix 374 | +-- (auto-mode)? 375 | | +--:(from-pool) 376 | | | +-- rd-pool-name? string 377 | | +--:(full-auto) 378 | | +-- auto? empty 379 | +--ro auto-assigned-rd-suffix? uint16 380 +--:(no-rd) 381 +-- no-rd? empty 383 Figure 2: Route Distinguisher Grouping Subtree 385 'vpn-components-group': 386 A YANG grouping that is used to group VPN nodes, VPN network 387 accesses, or sites. For example, diversity or redundancy 388 constraints can be applied on a per-group basis. 390 'placement-constraints': 391 A YANG grouping that is used to define the placement 392 constraints of a VPN node, VPN network access, or site. 394 'ports': 395 A YANG grouping that defines ranges of source and destination 396 port numbers and operators. The subtree of this grouping is 397 depicted in Figure 3. 399 grouping ports 400 +-- (source-port)? 401 | +--:(source-port-range-or-operator) 402 | +-- source-port-range-or-operator 403 | +-- (port-range-or-operator)? 404 | +--:(range) 405 | | +-- lower-port inet:port-number 406 | | +-- upper-port inet:port-number 407 | +--:(operator) 408 | +-- operator? operator 409 | +-- port inet:port-number 410 +-- (destination-port)? 411 +--:(destination-port-range-or-operator) 412 +-- destination-port-range-or-operator 413 +-- (port-range-or-operator)? 414 +--:(range) 415 | +-- lower-port inet:port-number 416 | +-- upper-port inet:port-number 417 +--:(operator) 418 +-- operator? operator 419 +-- port inet:port-number 421 Figure 3: Port Numbers Grouping Subtree 423 'qos-classification-policy': 424 A YANG grouping that defines a set of QoS classification 425 policies based on various match Layer 3/4 and application 426 criteria. The subtree of this grouping is depicted in 427 Figure 4. 429 The QoS match criteria reuse groupings that are defined in the 430 packet fields module "ietf-packet-fields" (Section 4.2 of 431 [RFC8519]). 433 Any layer 4 protocol can be indicated in the 'protocol' data 434 node under 'l3', but only TCP and UDP specific match criteria 435 are elaborated in this version as these protocols are widely 436 used in the context of VPN services. Future revisions can be 437 considered to add other Layer 4 specific parameters (e.g., 438 Stream Control Transmission Protocol [RFC4960]), if needed. 440 Some transport protocols use existing protocols (e.g., TCP or 441 UDP) as substrate. The match criteria for such protocols may 442 rely upon the 'protocol' under 'l3', TCP/UDP match criteria 443 shown in Figure 4, part of the TCP/UDP payload, or a 444 combination thereof. This version of the module does not 445 support such advanced match criteria. Future revisions of the 446 module may consider adding match criteria based on the 447 transport protocol payload (e.g., by means of a bitmask match). 449 grouping qos-classification-policy 450 +-- rule* [id] 451 +-- id string 452 +-- (match-type)? 453 | +--:(match-flow) 454 | | +-- (l3)? 455 | | | +--:(ipv4) 456 | | | | +-- ipv4 457 | | | | +-- dscp? inet:dscp 458 | | | | +-- ecn? uint8 459 | | | | +-- length? uint16 460 | | | | +-- ttl? uint8 461 | | | | +-- protocol? uint8 462 | | | | +-- ihl? uint8 463 | | | | +-- flags? bits 464 | | | | +-- offset? uint16 465 | | | | +-- identification? uint16 466 | | | | +-- (destination-network)? 467 | | | | | +--:(destination-ipv4-network) 468 | | | | | +-- destination-ipv4-network? 469 | | | | | inet:ipv4-prefix 470 | | | | +-- (source-network)? 471 | | | | +--:(source-ipv4-network) 472 | | | | +-- source-ipv4-network? 473 | | | | inet:ipv4-prefix 474 | | | +--:(ipv6) 475 | | | +-- ipv6 476 | | | +-- dscp? inet:dscp 477 | | | +-- ecn? uint8 478 | | | +-- length? uint16 479 | | | +-- ttl? uint8 480 | | | +-- protocol? uint8 481 | | | +-- (destination-network)? 482 | | | | +--:(destination-ipv6-network) 483 | | | | +-- destination-ipv6-network? 484 | | | | inet:ipv6-prefix 485 | | | +-- (source-network)? 486 | | | | +--:(source-ipv6-network) 487 | | | | +-- source-ipv6-network? 488 | | | | inet:ipv6-prefix 489 | | | +-- flow-label? 490 | | | inet:ipv6-flow-label 491 | | +-- (l4)? 492 | | +--:(tcp) 493 | | | +-- tcp 494 | | | +-- sequence-number? uint32 495 | | | +-- acknowledgement-number? uint32 496 | | | +-- data-offset? uint8 497 | | | +-- reserved? uint8 498 | | | +-- flags? bits 499 | | | +-- window-size? uint16 500 | | | +-- urgent-pointer? uint16 501 | | | +-- options? binary 502 | | | +-- (source-port)? 503 | | | | +--:(source-port-range-or-operator) 504 | | | | +-- source-port-range-or-operator 505 | | | | +-- (port-range-or-operator)? 506 | | | | +--:(range) 507 | | | | | +-- lower-port 508 | | | | | | inet:port-number 509 | | | | | +-- upper-port 510 | | | | | inet:port-number 511 | | | | +--:(operator) 512 | | | | +-- operator? operator 513 | | | | +-- port 514 | | | | inet:port-number 515 | | | +-- (destination-port)? 516 | | | +--:(destination-port-range-or-operator) 517 | | | +-- destination-port-range-or-operator 518 | | | +-- (port-range-or-operator)? 519 | | | +--:(range) 520 | | | | +-- lower-port 521 | | | | | inet:port-number 522 | | | | +-- upper-port 523 | | | | inet:port-number 524 | | | +--:(operator) 525 | | | +-- operator? operator 526 | | | +-- port 527 | | | inet:port-number 528 | | +--:(udp) 529 | | +-- udp 530 | | +-- length? uint16 531 | | +-- (source-port)? 532 | | | +--:(source-port-range-or-operator) 533 | | | +-- source-port-range-or-operator 534 | | | +-- (port-range-or-operator)? 535 | | | +--:(range) 536 | | | | +-- lower-port 537 | | | | | inet:port-number 538 | | | | +-- upper-port 539 | | | | inet:port-number 540 | | | +--:(operator) 541 | | | +-- operator? operator 542 | | | +-- port 543 | | | inet:port-number 544 | | +-- (destination-port)? 545 | | +--:(destination-port-range-or-operator) 546 | | +-- destination-port-range-or-operator 547 | | +-- (port-range-or-operator)? 548 | | +--:(range) 549 | | | +-- lower-port 550 | | | | inet:port-number 551 | | | +-- upper-port 552 | | | inet:port-number 553 | | +--:(operator) 554 | | +-- operator? operator 555 | | +-- port 556 | | inet:port-number 557 | +--:(match-application) 558 | +-- match-application? identityref 559 +-- target-class-id? string {qos}? 561 Figure 4: QoS Classification Subtree 563 4. Layer 2/3 VPN Common Module 565 This module uses types defined in [RFC6991], [RFC8294], and 566 [RFC8519]. It also uses the extension defined in [RFC8341]. 568 file "ietf-vpn-common@2021-09-10.yang" 569 module ietf-vpn-common { 570 yang-version 1.1; 571 namespace "urn:ietf:params:xml:ns:yang:ietf-vpn-common"; 572 prefix vpn-common; 574 import ietf-netconf-acm { 575 prefix nacm; 576 reference 577 "RFC 8341: Network Configuration Access Control Model"; 578 } 579 import ietf-routing-types { 580 prefix rt-types; 581 reference 582 "RFC 8294: Common YANG Data Types for the Routing Area"; 584 } 585 import ietf-yang-types { 586 prefix yang; 587 reference 588 "RFC 6991: Common YANG Data Types, Section 3"; 589 } 590 import ietf-packet-fields { 591 prefix packet-fields; 592 reference 593 "RFC 8519: YANG Data Model for Network Access 594 Control Lists (ACLs)"; 595 } 597 organization 598 "IETF OPSAWG (Operations and Management Area Working Group)"; 599 contact 600 "WG Web: 601 WG List: 603 Editor: Mohamed Boucadair 604 605 Author: Samier Barguil 606 607 Author: Oscar Gonzalez de Dios 608 609 Author: Qin Wu 610 "; 611 description 612 "This YANG module defines a common module that is meant 613 to be reused by various VPN-related modules (e.g., 614 Layer 3 VPN Service Model (L3SM), Layer 2 VPN Service 615 Model (L2SM), Layer 3 VPN Network Model (L3NM), Layer 2 616 VPN Network Model (L2NM)). 618 Copyright (c) 2021 IETF Trust and the persons identified as 619 authors of the code. All rights reserved. 621 Redistribution and use in source and binary forms, with or 622 without modification, is permitted pursuant to, and subject 623 to the license terms contained in, the Simplified BSD License 624 set forth in Section 4.c of the IETF Trust's Legal Provisions 625 Relating to IETF Documents 626 (http://trustee.ietf.org/license-info). 628 This version of this YANG module is part of RFC XXXX; see 629 the RFC itself for full legal notices."; 631 revision 2021-09-10 { 632 description 633 "Initial revision."; 634 reference 635 "RFC XXXX: A Layer 2/3 VPN Common YANG Model"; 636 } 638 /******** Collection of VPN-related Features ********/ 639 /* 640 * Features related to encapsulation schemes 641 */ 643 feature dot1q { 644 description 645 "Indicates the support for the Dot1q encapsulation."; 646 reference 647 "IEEE Std 802.1Q: Bridges and Bridged Networks"; 648 } 650 feature qinq { 651 description 652 "Indicates the support for the QinQ encapsulation."; 653 reference 654 "IEEE Std 802.1ad: Provider Bridges"; 655 } 657 feature vxlan { 658 description 659 "Indicates the support for the Virtual eXtensible 660 Local Area Network (VXLAN) encapsulation."; 661 reference 662 "RFC 7348: Virtual eXtensible Local Area Network (VXLAN): 663 A Framework for Overlaying Virtualized Layer 2 664 Networks over Layer 3 Networks"; 665 } 667 feature qinany { 668 description 669 "Indicates the support for the QinAny encapsulation. 670 The outer VLAN tag is set to a specific value but 671 the inner VLAN tag is set to any."; 672 } 674 feature lag-interface { 675 description 676 "Indicates the support for Link Aggregation Group (LAG) 677 between VPN network accesses."; 678 reference 679 "IEEE Std. 802.1AX: Link Aggregation"; 681 } 683 /* 684 * Features related to multicast 685 */ 687 feature multicast { 688 description 689 "Indicates multicast capabilities support in a VPN."; 690 reference 691 "RFC 6513: Multicast in MPLS/BGP IP VPNs"; 692 } 694 feature igmp { 695 description 696 "Indicates support for Internet Group Management Protocol 697 (IGMP)."; 698 reference 699 "RFC 1112: Host Extensions for IP Multicasting 700 RFC 2236: Internet Group Management Protocol, Version 2 701 RFC 3376: Internet Group Management Protocol, Version 3"; 702 } 704 feature mld { 705 description 706 "Indicates support for Multicast Listener Discovery (MLD)."; 707 reference 708 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6 709 RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) 710 for IPv6"; 711 } 713 feature pim { 714 description 715 "Indicates support for Protocol Independent Multicast (PIM)."; 716 reference 717 "RFC 7761: Protocol Independent Multicast - Sparse Mode 718 (PIM-SM): Protocol Specification (Revised)"; 719 } 721 /* 722 * Features related to address family types 723 */ 725 feature ipv4 { 726 description 727 "Indicates IPv4 support in a VPN. That is, IPv4 traffic 728 can be carried in the VPN, IPv4 addresses/prefixes can 729 be assigned to a VPN network access, IPv4 routes can be 730 installed for the CE/PE link, etc."; 731 reference 732 "RFC 791: Internet Protocol"; 733 } 735 feature ipv6 { 736 description 737 "Indicates IPv6 support in a VPN. That is, IPv6 traffic 738 can be carried in the VPN, IPv6 addresses/prefixes can 739 be assigned to a VPN network access, IPv6 routes can be 740 installed for the CE/PE link, etc."; 741 reference 742 "RFC 8200: Internet Protocol, Version 6 (IPv6)"; 743 } 745 /* 746 * Features related to routing protocols 747 */ 749 feature rtg-ospf { 750 description 751 "Indicates support for the OSPF as the Provider Edge (PE)/ 752 Customer Edge (CE) routing protocol."; 753 reference 754 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 755 for BGP/MPLS IP Virtual Private Networks (VPNs) 756 RFC 6565: OSPFv3 as a Provider Edge to Customer Edge 757 (PE-CE) Routing Protocol"; 758 } 760 feature rtg-ospf-sham-link { 761 description 762 "Indicates support for OSPF sham links."; 763 reference 764 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 765 for BGP/MPLS IP Virtual Private Networks (VPNs), 766 Section 4.2.7 767 RFC 6565: OSPFv3 as a Provider Edge to Customer Edge 768 (PE-CE) Routing Protocol, Section 5"; 769 } 771 feature rtg-bgp { 772 description 773 "Indicates support for BGP as the PE/CE routing protocol."; 774 reference 775 "RFC 4271: A Border Gateway Protocol 4 (BGP-4)"; 776 } 777 feature rtg-rip { 778 description 779 "Indicates support for RIP as the PE/CE routing protocol."; 780 reference 781 "RFC 2453: RIP Version 2 782 RFC 2080: RIPng for IPv6"; 783 } 785 feature rtg-isis { 786 description 787 "Indicates support for IS-IS as the PE/CE routing protocol."; 788 reference 789 "ISO10589: Intermediate System to Intermediate System intra- 790 domain routeing information exchange protocol for 791 use in conjunction with the protocol for providing 792 the connectionless-mode network service 793 (ISO 8473)"; 794 } 796 feature rtg-vrrp { 797 description 798 "Indicates support for the Virtual Router Redundancy 799 Protocol (VRRP) in CE/PE link."; 800 reference 801 "RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3 802 for IPv4 and IPv6"; 803 } 805 feature bfd { 806 description 807 "Indicates support for Bidirectional Forwarding Detection (BFD) 808 between the CE and the PE."; 809 reference 810 "RFC 5880: Bidirectional Forwarding Detection (BFD)"; 811 } 813 /* 814 * Features related to VPN service constraints 815 */ 817 feature bearer-reference { 818 description 819 "A bearer refers to properties of the CE-PE attachment that 820 are below Layer 3. 821 This feature indicates support for the bearer reference access 822 constraint. That is, the reuse of a network connection that was 823 already ordered to the service provider apart from the IP VPN 824 site."; 826 } 828 feature placement-diversity { 829 description 830 "Indicates support for placement diversity constraints in the 831 customer premises. An example of these constraints may be to 832 avoid connecting a site network access to the same Provider 833 Edge as a target site network access."; 834 } 836 /* 837 * Features related to bandwidth and Quality of Service (QoS) 838 */ 840 feature qos { 841 description 842 "Indicates support for Classes of Service (CoSes) in the VPN."; 843 } 845 feature inbound-bw { 846 description 847 "Indicates support for the inbound bandwidth in a VPN. That is, 848 support for specifying the download bandwidth from the service 849 provider network to the VPN site. Note that the L3SM uses 850 'input' to identify the same feature. That terminology should 851 be deprecated in favor of the one defined in this module."; 852 } 854 feature outbound-bw { 855 description 856 "Indicates support for the outbound bandwidth in a VPN. That is, 857 support for specifying the upload bandwidth from the VPN site 858 to the service provider network. Note that the L3SM uses 859 'output' to identify the same feature. That terminology should 860 be deprecated in favor of the one defined in this module."; 861 } 863 /* 864 * Features related to security and resilience 865 */ 867 feature encryption { 868 description 869 "Indicates support for encryption in the VPN."; 870 } 872 feature fast-reroute { 873 description 874 "Indicates support for Fast Reroute (FRR) capabilities for 875 a VPN site."; 876 } 878 /* 879 * Features related to advanced VPN options 880 */ 882 feature external-connectivity { 883 description 884 "Indicates support for the VPN to provide external 885 connectivity (e.g., Internet, private or public cloud)."; 886 reference 887 "RFC 4364: BGP/MPLS IP Virtual Private Networks 888 (VPNs), Section 11"; 889 } 891 feature extranet-vpn { 892 description 893 "Indicates support for extranet VPNs. That is, the capability of 894 a VPN to access a list of other VPNs."; 895 reference 896 "RFC 4364: BGP/MPLS IP Virtual Private Networks 897 (VPNs), Section 1.1"; 898 } 900 feature carriers-carrier { 901 description 902 "Indicates support for Carrier-of-Carrier VPNs."; 903 reference 904 "RFC 4364: BGP/MPLS IP Virtual Private Networks 905 (VPNs), Section 9"; 906 } 908 /* 909 * Address family related identities 910 */ 912 identity address-family { 913 description 914 "Defines a type for the address family."; 915 } 917 identity ipv4 { 918 base address-family; 919 description 920 "Identity for IPv4 address family."; 921 } 922 identity ipv6 { 923 base address-family; 924 description 925 "Identity for IPv6 address family."; 926 } 928 identity dual-stack { 929 base address-family; 930 description 931 "Identity for IPv4 and IPv6 address family."; 932 } 934 /* 935 * Identities related to VPN topology 936 */ 938 identity vpn-topology { 939 description 940 "Base identity of the VPN topology."; 941 } 943 identity any-to-any { 944 base vpn-topology; 945 description 946 "Identity for any-to-any VPN topology. All VPN sites 947 can communicate with each other without any restrictions."; 948 } 950 identity hub-spoke { 951 base vpn-topology; 952 description 953 "Identity for Hub-and-Spoke VPN topology. All Spokes can 954 communicate only with Hubs but not with each other. Hubs 955 can communicate with each other."; 956 } 958 identity hub-spoke-disjoint { 959 base vpn-topology; 960 description 961 "Identity for Hub-and-Spoke VPN topology where Hubs cannot 962 communicate with each other."; 963 } 965 identity custom { 966 base vpn-topology; 967 description 968 "Identity for custom VPN topologies where the role of the nodes 969 is not strictly Hub or Spoke. The VPN topology is controlled by 970 the import/export policies. The custom topology reflects more 971 complex VPN nodes such as VPN node that acts as Hub for certain 972 nodes and Spoke to others."; 973 } 975 /* 976 * Identities related to network access types 977 */ 979 identity site-network-access-type { 980 description 981 "Base identity for site network access type."; 982 } 984 identity point-to-point { 985 base site-network-access-type; 986 description 987 "Point-to-point access type."; 988 } 990 identity multipoint { 991 base site-network-access-type; 992 description 993 "Multipoint access type."; 994 } 996 identity irb { 997 base site-network-access-type; 998 description 999 "Integrated Routing Bridge (IRB). 1000 Identity for pseudowire connections."; 1001 } 1003 identity loopback { 1004 base site-network-access-type; 1005 description 1006 "Loopback access type."; 1007 } 1009 /* 1010 * Identities related to operational and administrative status 1011 */ 1013 identity operational-status { 1014 description 1015 "Base identity for the operational status."; 1016 } 1017 identity op-up { 1018 base operational-status; 1019 description 1020 "Operational status is Up/Enabled."; 1021 } 1023 identity op-down { 1024 base operational-status; 1025 description 1026 "Operational status is Down/Disabled."; 1027 } 1029 identity op-unknown { 1030 base operational-status; 1031 description 1032 "Operational status is Unknown."; 1033 } 1035 identity administrative-status { 1036 description 1037 "Base identity for administrative status."; 1038 } 1040 identity admin-up { 1041 base administrative-status; 1042 description 1043 "Administrative status is Up/Enabled."; 1044 } 1046 identity admin-down { 1047 base administrative-status; 1048 description 1049 "Administrative status is Down/Disabled."; 1050 } 1052 identity admin-testing { 1053 base administrative-status; 1054 description 1055 "Administrative status is up for testing purposes."; 1056 } 1058 identity admin-pre-deployment { 1059 base administrative-status; 1060 description 1061 "Administrative status is pre-deployment phase. That is, 1062 prior to the actual deployment of a service."; 1063 } 1064 /* 1065 * Identities related to site or node role 1066 */ 1068 identity role { 1069 description 1070 "Base identity of a site or a node role."; 1071 } 1073 identity any-to-any-role { 1074 base role; 1075 description 1076 "Any-to-any role."; 1077 } 1079 identity spoke-role { 1080 base role; 1081 description 1082 "A node or a site is acting as a Spoke."; 1083 } 1085 identity hub-role { 1086 base role; 1087 description 1088 "A node or a site is acting as a Hub."; 1089 } 1091 identity custom-role { 1092 base role; 1093 description 1094 "VPN node with custom or complex role in the VPN. For some 1095 sources/destinations it can behave as a Hub, but for others it 1096 can act as a Spoke depending on the configured policy."; 1097 } 1099 /* 1100 * Identities related to VPN service constraints 1101 */ 1103 identity placement-diversity { 1104 description 1105 "Base identity for access placement constraints."; 1106 } 1108 identity bearer-diverse { 1109 base placement-diversity; 1110 description 1111 "Bearer diversity. 1113 The bearers should not use common elements."; 1114 } 1116 identity pe-diverse { 1117 base placement-diversity; 1118 description 1119 "PE diversity."; 1120 } 1122 identity pop-diverse { 1123 base placement-diversity; 1124 description 1125 "Point Of Presence (POP) diversity."; 1126 } 1128 identity linecard-diverse { 1129 base placement-diversity; 1130 description 1131 "Linecard diversity."; 1132 } 1134 identity same-pe { 1135 base placement-diversity; 1136 description 1137 "Having sites connected on the same PE."; 1138 } 1140 identity same-bearer { 1141 base placement-diversity; 1142 description 1143 "Having sites connected using the same bearer."; 1144 } 1146 /* 1147 * Identities related to service types 1148 */ 1150 identity service-type { 1151 description 1152 "Base identity for service type."; 1153 } 1155 identity l3vpn { 1156 base service-type; 1157 description 1158 "L3VPN service."; 1159 reference 1160 "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)"; 1162 } 1164 identity vpls { 1165 base service-type; 1166 description 1167 "VPLS service."; 1168 reference 1169 "RFC 4761: Virtual Private LAN Service (VPLS) Using BGP for 1170 Auto-Discovery and Signaling 1171 RFC 4762: Virtual Private LAN Service (VPLS) Using Label 1172 Distribution Protocol (LDP) Signaling"; 1173 } 1175 identity vpws { 1176 base service-type; 1177 description 1178 "Virtual Private Wire Service (VPWS) service."; 1179 reference 1180 "RFC 4664: Framework for Layer 2 Virtual Private Networks 1181 (L2VPNs), Section 3.1.1"; 1182 } 1184 identity vpws-evpn { 1185 base service-type; 1186 description 1187 "EVPN used to support VPWS service."; 1188 reference 1189 "RFC 8214: Virtual Private Wire Service Support in Ethernet VPN"; 1190 } 1192 identity pbb-evpn { 1193 base service-type; 1194 description 1195 "Provider Backbone Bridging (PBB) EVPNs service."; 1196 reference 1197 "RFC 7623: Provider Backbone Bridging Combined with Ethernet VPN 1198 (PBB-EVPN)"; 1199 } 1201 identity mpls-evpn { 1202 base service-type; 1203 description 1204 "MPLS-based EVPN service."; 1205 reference 1206 "RFC 7432: BGP MPLS-Based Ethernet VPN"; 1207 } 1209 identity vxlan-evpn { 1210 base service-type; 1211 description 1212 "VXLAN-based EVPN service."; 1213 reference 1214 "RFC 8365: A Network Virtualization Overlay Solution Using 1215 Ethernet VPN (EVPN)"; 1216 } 1218 /* 1219 * Identities related to VPN signaling type 1220 */ 1222 identity vpn-signaling-type { 1223 description 1224 "Base identity for VPN signaling types"; 1225 } 1227 identity bgp-signaling { 1228 base vpn-signaling-type; 1229 description 1230 "Layer 2 VPNs using BGP signaling."; 1231 reference 1232 "RFC 6624: Layer 2 Virtual Private Networks Using BGP for 1233 Auto-Discovery and Signaling 1234 RFC 7432: BGP MPLS-Based Ethernet VPN"; 1235 } 1237 identity ldp-signaling { 1238 base vpn-signaling-type; 1239 description 1240 "Targeted Label Distribution Protocol (LDP) signaling."; 1241 reference 1242 "RFC 5036: LDP Specification"; 1243 } 1245 identity l2tp-signaling { 1246 base vpn-signaling-type; 1247 description 1248 "Layer Two Tunneling Protocol (L2TP) signaling."; 1249 reference 1250 "RFC 3931: Layer Two Tunneling Protocol - Version 3 (L2TPv3)"; 1251 } 1253 /* 1254 * Identities related to routing protocols 1255 */ 1257 identity routing-protocol-type { 1258 description 1259 "Base identity for routing protocol type."; 1260 } 1262 identity static-routing { 1263 base routing-protocol-type; 1264 description 1265 "Static routing protocol."; 1266 } 1268 identity bgp-routing { 1269 if-feature "rtg-bgp"; 1270 base routing-protocol-type; 1271 description 1272 "BGP routing protocol."; 1273 reference 1274 "RFC 4271: A Border Gateway Protocol 4 (BGP-4)"; 1275 } 1277 identity ospf-routing { 1278 if-feature "rtg-ospf"; 1279 base routing-protocol-type; 1280 description 1281 "OSPF routing protocol."; 1282 reference 1283 "RFC 4577: OSPF as the Provider/Customer Edge Protocol 1284 for BGP/MPLS IP Virtual Private Networks(VPNs) 1285 RFC 6565: OSPFv3 as a Provider Edge to Customer Edge 1286 (PE-CE) Routing Protocol"; 1287 } 1289 identity rip-routing { 1290 if-feature "rtg-rip"; 1291 base routing-protocol-type; 1292 description 1293 "RIP routing protocol."; 1294 reference 1295 "RFC 2453: RIP Version 2 1296 RFC 2080: RIPng for IPv6"; 1297 } 1299 identity isis-routing { 1300 if-feature "rtg-isis"; 1301 base routing-protocol-type; 1302 description 1303 "IS-IS routing protocol."; 1304 reference 1305 "ISO10589: Intermediate System to Intermediate System intra- 1306 domain routeing information exchange protocol for 1307 use in conjunction with the protocol for providing 1308 the connectionless-mode network service 1309 (ISO 8473)"; 1310 } 1312 identity vrrp-routing { 1313 if-feature "rtg-vrrp"; 1314 base routing-protocol-type; 1315 description 1316 "VRRP protocol. 1318 This is to be used when LANs are directly connected to PEs."; 1319 reference 1320 "RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3 1321 for IPv4 and IPv6"; 1322 } 1324 identity direct-routing { 1325 base routing-protocol-type; 1326 description 1327 "Direct routing. 1329 This is to be used when LANs are directly connected to PEs 1330 and must be advertised in the VPN."; 1331 } 1333 identity any-routing { 1334 base routing-protocol-type; 1335 description 1336 "Any routing protocol. 1338 This can be, e.g., used to set policies that apply to any 1339 routing protocol in place."; 1340 } 1342 identity isis-level { 1343 if-feature "rtg-isis"; 1344 description 1345 "Base identity for the IS-IS level."; 1346 reference 1347 "ISO10589: Intermediate System to Intermediate System intra- 1348 domain routeing information exchange protocol for 1349 use in conjunction with the protocol for providing 1350 the connectionless-mode network service 1351 (ISO 8473)"; 1352 } 1353 identity level-1 { 1354 base isis-level; 1355 description 1356 "IS-IS level 1."; 1357 } 1359 identity level-2 { 1360 base isis-level; 1361 description 1362 "IS-IS level 2."; 1363 } 1365 identity level-1-2 { 1366 base isis-level; 1367 description 1368 "IS-IS levels 1 and 2."; 1369 } 1371 identity bfd-session-type { 1372 if-feature "bfd"; 1373 description 1374 "Base identity for the BFD session type."; 1375 } 1377 identity classic-bfd { 1378 base bfd-session-type; 1379 description 1380 "Classic BFD."; 1381 reference 1382 "RFC 5880: Bidirectional Forwarding Detection (BFD)"; 1383 } 1385 identity s-bfd { 1386 base bfd-session-type; 1387 description 1388 "Seamless BFD."; 1389 reference 1390 "RFC 7880: Seamless Bidirectional Forwarding Detection (S-BFD)"; 1391 } 1393 /* 1394 * Identities related to Routes Import and Export 1395 */ 1397 identity ie-type { 1398 description 1399 "Base identity for 'import/export' routing profiles. 1400 These profiles can be reused between VPN nodes."; 1402 } 1404 identity import { 1405 base ie-type; 1406 description 1407 "'Import' routing profile."; 1408 reference 1409 "RFC 4364: BGP/MPLS IP Virtual Private Networks 1410 (VPNs), Section 4.3.1"; 1411 } 1413 identity export { 1414 base ie-type; 1415 description 1416 "'Export' routing profile."; 1417 reference 1418 "RFC 4364: BGP/MPLS IP Virtual Private Networks 1419 (VPNs), Section 4.3.1"; 1420 } 1422 identity import-export { 1423 base ie-type; 1424 description 1425 "'Import/export' routing profile."; 1426 } 1428 /* 1429 * Identities related to bandwidth and QoS 1430 */ 1432 identity bw-direction { 1433 description 1434 "Base identity for the bandwidth direction."; 1435 } 1437 identity inbound-bw { 1438 if-feature "inbound-bw"; 1439 base bw-direction; 1440 description 1441 "Inbound bandwidth."; 1442 } 1444 identity outbound-bw { 1445 if-feature "outbound-bw"; 1446 base bw-direction; 1447 description 1448 "Outbound bandwidth."; 1449 } 1450 identity bw-type { 1451 description 1452 "Base identity for the bandwidth type."; 1453 } 1455 identity bw-per-cos { 1456 if-feature "qos"; 1457 base bw-type; 1458 description 1459 "The bandwidth is per-CoS."; 1460 } 1462 identity bw-per-port { 1463 base bw-type; 1464 description 1465 "The bandwidth is per-site network access."; 1466 } 1468 identity bw-per-site { 1469 base bw-type; 1470 description 1471 "The bandwidth is per-site. It is applicable to all the site 1472 network accesses within a site."; 1473 } 1475 identity bw-per-service { 1476 base bw-type; 1477 description 1478 "The bandwidth is per-VPN service."; 1479 } 1481 identity qos-profile-direction { 1482 if-feature "qos"; 1483 description 1484 "Base identity for the QoS profile direction."; 1485 } 1487 identity site-to-wan { 1488 base qos-profile-direction; 1489 description 1490 "Customer site to provider's network direction. 1491 This is typically the CE-to-PE direction."; 1492 } 1494 identity wan-to-site { 1495 base qos-profile-direction; 1496 description 1497 "Provider's network to customer site direction. 1499 This is typically the PE-to-CE direction."; 1500 } 1502 identity both { 1503 base qos-profile-direction; 1504 description 1505 "Both WAN-to-Site and Site-to-WAN directions."; 1506 } 1508 /* 1509 * Identities related to underlay transport instances 1510 */ 1512 identity transport-instance-type { 1513 description 1514 "Base identity for underlay transport instance type."; 1515 } 1517 identity virtual-network { 1518 base transport-instance-type; 1519 description 1520 "Virtual network."; 1521 reference 1522 "RFC 8453: Framework for Abstraction and Control of TE 1523 Networks (ACTN)"; 1524 } 1526 identity enhanced-vpn { 1527 base transport-instance-type; 1528 description 1529 "Enhanced VPN (VPN+). VPN+ is an approach that is 1530 based on existing VPN and Traffic Engineering (TE) 1531 technologies but adds characteristics that specific 1532 services require over and above classical VPNs."; 1533 reference 1534 "I-D.ietf-teas-enhanced-vpn: 1535 A Framework for Enhanced Virtual Private Network 1536 (VPN+) Services"; 1537 } 1539 identity ietf-network-slice { 1540 base transport-instance-type; 1541 description 1542 "IETF network slice. An IETF network slice 1543 is a logical network topology connecting a number of 1544 endpoints using a set of shared or dedicated network 1545 resources that are used to satisfy specific service 1546 objectives."; 1548 reference 1549 "I-D.ietf-teas-ietf-network-slices: 1550 Framework for IETF Network Slices"; 1551 } 1553 /* 1554 * Identities related to protocol types. These types are typically 1555 * used to identify the underlay transport. 1556 */ 1558 identity protocol-type { 1559 description 1560 "Base identity for Protocol Type."; 1561 } 1563 identity ip-in-ip { 1564 base protocol-type; 1565 description 1566 "Transport is based on IP-in-IP."; 1567 reference 1568 "RFC 2003: IP Encapsulation within IP 1569 RFC 2473: Generic Packet Tunneling in IPv6 Specification"; 1570 } 1572 identity ip-in-ipv4 { 1573 base ip-in-ip; 1574 description 1575 "Transport is based on IP over IPv4."; 1576 reference 1577 "RFC 2003: IP Encapsulation within IP"; 1578 } 1580 identity ip-in-ipv6 { 1581 base ip-in-ip; 1582 description 1583 "Transport is based on IP over IPv6."; 1584 reference 1585 "RFC 2473: Generic Packet Tunneling in IPv6 Specification"; 1586 } 1588 identity gre { 1589 base protocol-type; 1590 description 1591 "Transport is based on Generic Routing Encapsulation (GRE)."; 1592 reference 1593 "RFC 1701: Generic Routing Encapsulation (GRE) 1594 RFC 1702: Generic Routing Encapsulation over IPv4 networks 1595 RFC 7676: IPv6 Support for Generic Routing Encapsulation (GRE)"; 1597 } 1599 identity gre-v4 { 1600 base gre; 1601 description 1602 "Transport is based on GRE over IPv4."; 1603 reference 1604 "RFC 1702: Generic Routing Encapsulation over IPv4 networks"; 1605 } 1607 identity gre-v6 { 1608 base gre; 1609 description 1610 "Transport is based on GRE over IPv6."; 1611 reference 1612 "RFC 7676: IPv6 Support for Generic Routing Encapsulation (GRE)"; 1613 } 1615 identity vxlan-trans { 1616 base protocol-type; 1617 description 1618 "Transport is based on VXLAN."; 1619 reference 1620 "RFC 7348: Virtual eXtensible Local Area Network (VXLAN): 1621 A Framework for Overlaying Virtualized Layer 2 1622 Networks over Layer 3 Networks"; 1623 } 1625 identity geneve { 1626 base protocol-type; 1627 description 1628 "Transport is based on Generic Network Virtualization 1629 Encapsulation (GENEVE)."; 1630 reference 1631 "RFC 8926: Geneve: Generic Network Virtualization Encapsulation"; 1632 } 1634 identity ldp { 1635 base protocol-type; 1636 description 1637 "Transport is based on LDP."; 1638 reference 1639 "RFC 5036: LDP Specification"; 1640 } 1642 identity mpls-in-udp { 1643 base protocol-type; 1644 description 1645 "Transport is MPLS in UDP."; 1646 reference 1647 "RFC 7510: Encapsulating MPLS in UDP"; 1648 } 1650 identity sr { 1651 base protocol-type; 1652 description 1653 "Transport is based on Segment Routing (SR)."; 1654 reference 1655 "RFC 8660: Segment Routing with the MPLS Data Plane 1656 RFC 8663: MPLS Segment Routing over IP 1657 RFC 8754: IPv6 Segment Routing Header (SRH)"; 1658 } 1660 identity sr-mpls { 1661 base sr; 1662 description 1663 "Transport is based on SR with MPLS."; 1664 reference 1665 "RFC 8660: Segment Routing with the MPLS Data Plane"; 1666 } 1668 identity srv6 { 1669 base sr; 1670 description 1671 "Transport is based on SR over IPv6."; 1672 reference 1673 "RFC 8754: IPv6 Segment Routing Header (SRH)"; 1674 } 1676 identity sr-mpls-over-ip { 1677 base sr; 1678 description 1679 "Transport is based on SR over MPLS over IP."; 1680 reference 1681 "RFC 8663: MPLS Segment Routing over IP"; 1682 } 1684 identity rsvp-te { 1685 base protocol-type; 1686 description 1687 "Transport setup relies upon RSVP-TE."; 1688 reference 1689 "RFC 3209: RSVP-TE: Extensions to RSVP for LSP Tunnels"; 1690 } 1692 identity bgp-lu { 1693 base protocol-type; 1694 description 1695 "Transport setup relies upon BGP-LU."; 1696 reference 1697 "RFC 8277: Using BGP to Bind MPLS Labels to Address Prefixes"; 1698 } 1700 identity unknown { 1701 base protocol-type; 1702 description 1703 "Not known protocol type."; 1704 } 1706 /* 1707 * Identities related to encapsulations 1708 */ 1710 identity encapsulation-type { 1711 description 1712 "Base identity for the encapsulation type."; 1713 } 1715 identity priority-tagged { 1716 base encapsulation-type; 1717 description 1718 "Priority-tagged interface."; 1719 } 1721 identity dot1q { 1722 if-feature "dot1q"; 1723 base encapsulation-type; 1724 description 1725 "Dot1q encapsulation."; 1726 } 1728 identity qinq { 1729 if-feature "qinq"; 1730 base encapsulation-type; 1731 description 1732 "QinQ encapsulation."; 1733 } 1735 identity qinany { 1736 if-feature "qinany"; 1737 base encapsulation-type; 1738 description 1739 "QinAny encapsulation."; 1740 } 1741 identity vxlan { 1742 if-feature "vxlan"; 1743 base encapsulation-type; 1744 description 1745 "VxLAN encapsulation."; 1746 } 1748 identity ethernet-type { 1749 base encapsulation-type; 1750 description 1751 "Ethernet encapsulation type."; 1752 } 1754 identity vlan-type { 1755 base encapsulation-type; 1756 description 1757 "VLAN encapsulation type."; 1758 } 1760 identity untagged-int { 1761 base encapsulation-type; 1762 description 1763 "Untagged interface type."; 1764 } 1766 identity tagged-int { 1767 base encapsulation-type; 1768 description 1769 "Tagged interface type."; 1770 } 1772 identity lag-int { 1773 if-feature "lag-interface"; 1774 base encapsulation-type; 1775 description 1776 "LAG interface type."; 1777 } 1779 /* 1780 * Identities related to VLAN Tag 1781 */ 1783 identity tag-type { 1784 description 1785 "Base identity for the tag types."; 1786 } 1788 identity c-vlan { 1789 base tag-type; 1790 description 1791 "Indicates Customer VLAN (C-VLAN) tag, normally using 1792 the 0x8100 Ethertype."; 1793 } 1795 identity s-vlan { 1796 base tag-type; 1797 description 1798 "Indicates Service VLAN (S-VLAN) tag."; 1799 } 1801 identity s-c-vlan { 1802 base tag-type; 1803 description 1804 "Uses both an S-VLAN tag and a C-VLAN tag."; 1805 } 1807 /* 1808 * Identities related to VXLAN 1809 */ 1811 identity vxlan-peer-mode { 1812 if-feature "vxlan"; 1813 description 1814 "Base identity for the VXLAN peer mode."; 1815 } 1817 identity static-mode { 1818 base vxlan-peer-mode; 1819 description 1820 "VXLAN access in the static mode."; 1821 } 1823 identity bgp-mode { 1824 base vxlan-peer-mode; 1825 description 1826 "VXLAN access by BGP EVPN learning."; 1827 } 1829 /* 1830 * Identities related to multicast 1831 */ 1833 identity multicast-gp-address-mapping { 1834 if-feature "multicast"; 1835 description 1836 "Base identity for multicast group mapping type."; 1838 } 1840 identity static-mapping { 1841 base multicast-gp-address-mapping; 1842 description 1843 "Static mapping, i.e., attach the interface to the 1844 multicast group as a static member."; 1845 } 1847 identity dynamic-mapping { 1848 base multicast-gp-address-mapping; 1849 description 1850 "Dynamic mapping, i.e., an interface is added to the 1851 multicast group as a result of snooping."; 1852 } 1854 identity multicast-tree-type { 1855 if-feature "multicast"; 1856 description 1857 "Base identity for multicast tree type."; 1858 } 1860 identity ssm-tree-type { 1861 base multicast-tree-type; 1862 description 1863 "Source-Specific Multicast (SSM) tree type."; 1864 } 1866 identity asm-tree-type { 1867 base multicast-tree-type; 1868 description 1869 "Any-Source Multicast (ASM) tree type."; 1870 } 1872 identity bidir-tree-type { 1873 base multicast-tree-type; 1874 description 1875 "Bidirectional tree type."; 1876 } 1878 identity multicast-rp-discovery-type { 1879 if-feature "multicast"; 1880 description 1881 "Base identity for Rendezvous Point (RP) discovery type."; 1882 } 1884 identity auto-rp { 1885 base multicast-rp-discovery-type; 1886 description 1887 "Auto-RP discovery type."; 1888 } 1890 identity static-rp { 1891 base multicast-rp-discovery-type; 1892 description 1893 "Static type."; 1894 } 1896 identity bsr-rp { 1897 base multicast-rp-discovery-type; 1898 description 1899 "Bootstrap Router (BSR) discovery type."; 1900 } 1902 identity group-management-protocol { 1903 if-feature "multicast"; 1904 description 1905 "Base identity for multicast group management protocol."; 1906 } 1908 identity igmp-proto { 1909 base group-management-protocol; 1910 description 1911 "IGMP."; 1912 reference 1913 "RFC 1112: Host Extensions for IP Multicasting 1914 RFC 2236: Internet Group Management Protocol, Version 2 1915 RFC 3376: Internet Group Management Protocol, Version 3"; 1916 } 1918 identity mld-proto { 1919 base group-management-protocol; 1920 description 1921 "MLD."; 1922 reference 1923 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6 1924 RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) 1925 for IPv6"; 1926 } 1928 identity pim-proto { 1929 if-feature "pim"; 1930 base routing-protocol-type; 1931 description 1932 "PIM."; 1933 reference 1934 "RFC 7761: Protocol Independent Multicast - Sparse Mode 1935 (PIM-SM): Protocol Specification (Revised)"; 1936 } 1938 identity igmp-version { 1939 if-feature "igmp"; 1940 description 1941 "Base identity for IGMP version."; 1942 } 1944 identity igmpv1 { 1945 base igmp-version; 1946 description 1947 "IGMPv1."; 1948 reference 1949 "RFC 1112: Host Extensions for IP Multicasting"; 1950 } 1952 identity igmpv2 { 1953 base igmp-version; 1954 description 1955 "IGMPv2."; 1956 reference 1957 "RFC 2236: Internet Group Management Protocol, Version 2"; 1958 } 1960 identity igmpv3 { 1961 base igmp-version; 1962 description 1963 "IGMPv3."; 1964 reference 1965 "RFC 3376: Internet Group Management Protocol, Version 3"; 1966 } 1968 identity mld-version { 1969 if-feature "mld"; 1970 description 1971 "Base identity for MLD version."; 1972 } 1974 identity mldv1 { 1975 base mld-version; 1976 description 1977 "MLDv1."; 1978 reference 1979 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6"; 1980 } 1981 identity mldv2 { 1982 base mld-version; 1983 description 1984 "MLDv2."; 1985 reference 1986 "RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) 1987 for IPv6"; 1988 } 1990 /* 1991 * Identities related to traffic types 1992 */ 1994 identity tf-type { 1995 description 1996 "Base identity for the traffic type."; 1997 } 1999 identity multicast-traffic { 2000 base tf-type; 2001 description 2002 "Multicast traffic."; 2003 } 2005 identity broadcast-traffic { 2006 base tf-type; 2007 description 2008 "Broadcast traffic."; 2009 } 2011 identity unknown-unicast-traffic { 2012 base tf-type; 2013 description 2014 "Unknown unicast traffic."; 2015 } 2017 /* 2018 * Identities related to customer applications 2019 */ 2021 identity customer-application { 2022 description 2023 "Base identity for customer applications."; 2024 } 2026 identity web { 2027 base customer-application; 2028 description 2029 "Web applications (e.g., HTTP, HTTPS)."; 2030 } 2032 identity mail { 2033 base customer-application; 2034 description 2035 "Mail application."; 2036 } 2038 identity file-transfer { 2039 base customer-application; 2040 description 2041 "File transfer application (e.g., FTP, SFTP)."; 2042 } 2044 identity database { 2045 base customer-application; 2046 description 2047 "Database application."; 2048 } 2050 identity social { 2051 base customer-application; 2052 description 2053 "Social-network application."; 2054 } 2056 identity games { 2057 base customer-application; 2058 description 2059 "Gaming application."; 2060 } 2062 identity p2p { 2063 base customer-application; 2064 description 2065 "Peer-to-peer application."; 2066 } 2068 identity network-management { 2069 base customer-application; 2070 description 2071 "Management application (e.g., Telnet, syslog, 2072 SNMP)."; 2073 } 2075 identity voice { 2076 base customer-application; 2077 description 2078 "Voice application."; 2079 } 2081 identity video { 2082 base customer-application; 2083 description 2084 "Video conference application."; 2085 } 2087 identity embb { 2088 base customer-application; 2089 description 2090 "Enhanced Mobile Broadband (eMBB) application. 2091 Note that an eMBB application demands network performance with a 2092 wide variety of characteristics, such as data rate, latency, 2093 loss rate, reliability, and many other parameters."; 2094 } 2096 identity urllc { 2097 base customer-application; 2098 description 2099 "Ultra-Reliable and Low Latency Communications 2100 (URLLC) application. Note that an URLLC application demands 2101 network performance with a wide variety of characteristics, such 2102 as latency, reliability, and many other parameters."; 2103 } 2105 identity mmtc { 2106 base customer-application; 2107 description 2108 "Massive Machine Type Communications (mMTC) application. 2109 Note that an mMTC application demands network performance with 2110 a wide variety of characteristics, such as data rate, latency, 2111 loss rate, reliability, and many other parameters."; 2112 } 2114 /* 2115 * Identities related to service bundling 2116 */ 2118 identity bundling-type { 2119 description 2120 "The base identity for the bundling type. It supports a subset or 2121 all CE-VLANs associated with an L2VPN service."; 2122 } 2124 identity multi-svc-bundling { 2125 base bundling-type; 2126 description 2127 "Multi-service bundling, i.e., multiple C-VLAN IDs 2128 can be associated with an L2VPN service at a site."; 2129 } 2131 identity one2one-bundling { 2132 base bundling-type; 2133 description 2134 "One-to-one service bundling, i.e., each L2VPN can 2135 be associated with only one C-VLAN ID at a site."; 2136 } 2138 identity all2one-bundling { 2139 base bundling-type; 2140 description 2141 "All-to-one bundling, i.e., all C-VLAN IDs are mapped 2142 to one L2VPN service."; 2143 } 2145 /* 2146 * Identities related to Ethernet Services 2147 */ 2149 identity control-mode { 2150 description 2151 "Base Identity for the type of control mode on Layer 2 2152 Control Protocol (L2CP)."; 2153 } 2155 identity peer { 2156 base control-mode; 2157 description 2158 "'peer' mode, i.e., participate in the protocol towards the CE. 2159 Peering is common for Link Aggregation Control Protocol (LACP) 2160 and the Ethernet Local Management Interface (E-LMI) and, 2161 occasionally, for Link Layer Discovery Protocol (LLDP). 2162 For VPLSs and VPWSs, the subscriber can also request that the 2163 peer service provider enables spanning tree."; 2164 } 2166 identity tunnel { 2167 base control-mode; 2168 description 2169 "'tunnel' mode, i.e., pass to the egress or destination site. For 2170 Ethernet Private Lines (EPLs), the expectation is that L2CP 2171 frames are tunnelled."; 2172 } 2173 identity discard { 2174 base control-mode; 2175 description 2176 "'Discard' mode, i.e., discard the frame."; 2177 } 2179 identity neg-mode { 2180 description 2181 "Base identity for the negotiation mode."; 2182 } 2184 identity full-duplex { 2185 base neg-mode; 2186 description 2187 "Full-duplex negotiation mode."; 2188 } 2190 identity auto-neg { 2191 base neg-mode; 2192 description 2193 "Auto-negotiation mode."; 2194 } 2196 /******** Collection of VPN-related Types ********/ 2198 typedef vpn-id { 2199 type string; 2200 description 2201 "Defines an identifier that is used with a VPN module. 2202 This can be, for example, a service identifier, a node 2203 identifier, etc."; 2204 } 2206 /******* VPN-related reusable groupings *******/ 2208 grouping vpn-description { 2209 description 2210 "Provides common VPN information."; 2211 leaf vpn-id { 2212 type vpn-common:vpn-id; 2213 description 2214 "A VPN identifier that uniquely identifies a VPN. 2215 This identifier has a local meaning, e.g., within 2216 a service provider network."; 2217 } 2218 leaf vpn-name { 2219 type string; 2220 description 2221 "Used to associate a name with the service 2222 in order to facilitate the identification of 2223 the service."; 2224 } 2225 leaf vpn-description { 2226 type string; 2227 description 2228 "Textual description of a VPN."; 2229 } 2230 leaf customer-name { 2231 type string; 2232 description 2233 "Name of the customer that actually uses the VPN."; 2234 } 2235 } 2237 grouping vpn-profile-cfg { 2238 description 2239 "Grouping for VPN Profile configuration."; 2240 container valid-provider-identifiers { 2241 description 2242 "Container for valid provider profile identifiers."; 2243 list external-connectivity-identifier { 2244 if-feature "external-connectivity"; 2245 key "id"; 2246 description 2247 "List for profile identifiers that uniquely identify profiles 2248 governing how external connectivity is provided to a VPN. 2249 A profile indicates the type of external connectivity 2250 (Internet, cloud, etc.), the sites/nodes that are associated 2251 with a connectivity profile, etc. A profile can also indicate 2252 filtering rules and/or address translation rules. Such 2253 features may involve PE, P, or dedicated nodes as a function 2254 of the deployment."; 2255 leaf id { 2256 type string; 2257 description 2258 "Identification of an external connectivity profile. The 2259 profile only has significance within the service provider's 2260 administrative domain."; 2261 } 2262 } 2263 list encryption-profile-identifier { 2264 key "id"; 2265 description 2266 "List for encryption profile identifiers."; 2267 leaf id { 2268 type string; 2269 description 2270 "Identification of the encryption profile to be used. The 2271 profile only has significance within the service provider's 2272 administrative domain."; 2273 } 2274 } 2275 list qos-profile-identifier { 2276 key "id"; 2277 description 2278 "List for QoS Profile Identifiers."; 2279 leaf id { 2280 type string; 2281 description 2282 "Identification of the QoS profile to be used. The 2283 profile only has significance within the service provider's 2284 administrative domain."; 2285 } 2286 } 2287 list bfd-profile-identifier { 2288 key "id"; 2289 description 2290 "List for BFD profile identifiers."; 2291 leaf id { 2292 type string; 2293 description 2294 "Identification of the BFD profile to be used. The 2295 profile only has significance within the service provider's 2296 administrative domain."; 2297 } 2298 } 2299 list forwarding-profile-identifier { 2300 key "id"; 2301 description 2302 "List for forwarding profile identifiers."; 2303 leaf id { 2304 type string; 2305 description 2306 "Identification of the forwarding profile to be used. 2307 The profile only has significance within the service 2308 provider's administrative domain."; 2309 } 2310 } 2311 list routing-profile-identifier { 2312 key "id"; 2313 description 2314 "List for Routing Profile Identifiers."; 2315 leaf id { 2316 type string; 2317 description 2318 "Identification of the routing profile to be used by the 2319 routing protocols within sites, vpn-network-accesses, or 2320 vpn-nodes for refering VRF's import/export policies. 2322 The profile only has significance within the service 2323 provider's administrative domain."; 2324 } 2325 } 2326 nacm:default-deny-write; 2327 } 2328 } 2330 grouping oper-status-timestamp { 2331 description 2332 "This grouping defines some operational parameters for the 2333 service."; 2334 leaf status { 2335 type identityref { 2336 base operational-status; 2337 } 2338 config false; 2339 description 2340 "Operations status."; 2341 } 2342 leaf last-change { 2343 type yang:date-and-time; 2344 config false; 2345 description 2346 "Indicates the actual date and time of the service status 2347 change."; 2348 } 2349 } 2351 grouping service-status { 2352 description 2353 "Service status grouping."; 2354 container status { 2355 description 2356 "Service status."; 2357 container admin-status { 2358 description 2359 "Administrative service status."; 2360 leaf status { 2361 type identityref { 2362 base administrative-status; 2363 } 2364 description 2365 "Administrative service status."; 2366 } 2367 leaf last-change { 2368 type yang:date-and-time; 2369 description 2370 "Indicates the actual date and time of the service status 2371 change."; 2372 } 2373 } 2374 container oper-status { 2375 description 2376 "Operational service status."; 2377 uses oper-status-timestamp; 2378 } 2379 } 2380 } 2382 grouping underlay-transport { 2383 description 2384 "This grouping defines the type of underlay transport for the 2385 VPN service or how that underlay is set. It can include an 2386 identifier to an abstract transport instance to which the VPN 2387 is grafted or indicate a technical implementation that is 2388 expressed as an ordered list of protocols."; 2389 choice type { 2390 description 2391 "A choice based on the type of underlay transport 2392 constraints."; 2393 case abstract { 2394 description 2395 "Indicates that the transport constraint is an abstract 2396 concept."; 2397 leaf transport-instance-id { 2398 type string; 2399 description 2400 "An optional identifier of the abstract transport instance."; 2401 } 2402 leaf instance-type { 2403 type identityref { 2404 base transport-instance-type; 2405 } 2406 description 2407 "Indicates a transport instance type. For example, it can 2408 be a VPN+, an IETF network slice, a virtual network, etc."; 2409 } 2410 } 2411 case protocol { 2412 description 2413 "Indicates a list of protocols."; 2414 leaf-list protocol { 2415 type identityref { 2416 base protocol-type; 2417 } 2418 ordered-by user; 2419 description 2420 "A client ordered list of transport protocols."; 2421 } 2422 } 2423 } 2424 } 2426 grouping vpn-route-targets { 2427 description 2428 "A grouping that specifies Route Target (RT) import-export rules 2429 used in a BGP-enabled VPN."; 2430 reference 2431 "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs) 2432 RFC 4664: Framework for Layer 2 Virtual Private Networks 2433 (L2VPNs)"; 2434 list vpn-target { 2435 key "id"; 2436 description 2437 "Route targets. AND/OR operations may be defined 2438 based on the RTs assigment."; 2439 leaf id { 2440 type uint8; 2441 description 2442 "Identifies each VPN Target."; 2443 } 2444 list route-targets { 2445 key "route-target"; 2446 description 2447 "List of RTs."; 2448 leaf route-target { 2449 type rt-types:route-target; 2450 description 2451 "Conveys an RT value."; 2452 } 2453 } 2454 leaf route-target-type { 2455 type rt-types:route-target-type; 2456 mandatory true; 2457 description 2458 "Import/export type of the RT."; 2459 } 2460 } 2461 container vpn-policies { 2462 description 2463 "VPN service policies. It contains references to the 2464 import and export policies to be associated with the 2465 VPN service."; 2466 leaf import-policy { 2467 type string; 2468 description 2469 "Identifies the 'import' policy."; 2470 } 2471 leaf export-policy { 2472 type string; 2473 description 2474 "Identifies the 'export' policy."; 2475 } 2476 } 2477 } 2479 grouping route-distinguisher { 2480 description 2481 "Grouping for route distinguisher (RD)."; 2482 choice rd-choice { 2483 description 2484 "Route distinguisher choice between several options 2485 on providing the route distinguisher value."; 2486 case directly-assigned { 2487 description 2488 "Explicitly assign an RD value."; 2489 leaf rd { 2490 type rt-types:route-distinguisher; 2491 description 2492 "Indicates an RD value that is explicitly 2493 assigned."; 2494 } 2495 } 2496 case directly-assigned-suffix { 2497 description 2498 "The value of the Assigned Number subfield of the RD. 2499 The Administrator subfield of the RD will be 2500 based on other configuration information such as 2501 router-id or ASN."; 2502 leaf rd-suffix { 2503 type uint16; 2504 description 2505 "Indicates the value of the Assigned Number 2506 subfield that is explicitly assigned."; 2507 } 2508 } 2509 case auto-assigned { 2510 description 2511 "The RD is auto-assigned."; 2512 container rd-auto { 2513 description 2514 "The RD is auto-assigned."; 2515 choice auto-mode { 2516 description 2517 "Indicates the auto-assignment mode. RD can be 2518 automatically assigned with or without 2519 indicating a pool from which the RD should be 2520 taken. 2522 For both cases, the server will auto-assign an RD 2523 value 'auto-assigned-rd' and use that value 2524 operationally."; 2525 case from-pool { 2526 leaf rd-pool-name { 2527 type string; 2528 description 2529 "The auto-assignment will be made from the pool 2530 identified by the rd-pool-name."; 2531 } 2532 } 2533 case full-auto { 2534 leaf auto { 2535 type empty; 2536 description 2537 "Indicates an RD is fully auto-assigned."; 2538 } 2539 } 2540 } 2541 leaf auto-assigned-rd { 2542 type rt-types:route-distinguisher; 2543 config false; 2544 description 2545 "The value of the auto-assigned RD."; 2546 } 2547 } 2548 } 2549 case auto-assigned-suffix { 2550 description 2551 "The value of the Assigned Number subfield will 2552 be auto-assigned. The Administrator subfield 2553 will be based on other configuration information such as 2554 router-id or ASN."; 2555 container rd-auto-suffix { 2556 description 2557 "The Assigned Number subfield is auto-assigned."; 2558 choice auto-mode { 2559 description 2560 "Indicates the auto-assignment mode of the Assigned Number 2561 subfield. This number can be automatically assigned 2562 with or without indicating a pool from which the value 2563 should be taken. 2565 For both cases, the server will auto-assign 2566 'auto-assigned-rd-suffix' and use that value to build 2567 the RD that will be used operationally."; 2568 case from-pool { 2569 leaf rd-pool-name { 2570 type string; 2571 description 2572 "The assignment will be made from the pool identified 2573 by the rd-pool-name."; 2574 } 2575 } 2576 case full-auto { 2577 leaf auto { 2578 type empty; 2579 description 2580 "Indicates that the Assigned Number is fully auto 2581 assigned."; 2582 } 2583 } 2584 } 2585 leaf auto-assigned-rd-suffix { 2586 type uint16; 2587 config false; 2588 description 2589 "Includes the value of the Assigned Number subfield that 2590 is auto-assigned ."; 2591 } 2592 } 2593 } 2594 case no-rd { 2595 description 2596 "Use the empty type to indicate RD has no value and is not to 2597 be auto-assigned."; 2598 leaf no-rd { 2599 type empty; 2600 description 2601 "No RD is assigned."; 2602 } 2603 } 2604 } 2606 } 2608 grouping vpn-components-group { 2609 description 2610 "Grouping definition to assign group-ids to associate VPN nodes, 2611 sites, or network accesses."; 2612 container groups { 2613 description 2614 "Lists the groups to which a VPN node, a site, or a network 2615 access belongs to."; 2616 list group { 2617 key "group-id"; 2618 description 2619 "List of group-ids."; 2620 leaf group-id { 2621 type string; 2622 description 2623 "Is the group-id to which a VPN node, a site, or a network 2624 access belongs to."; 2625 } 2626 } 2627 } 2628 } 2630 grouping placement-constraints { 2631 description 2632 "Constraints for placing a network access."; 2633 list constraint { 2634 key "constraint-type"; 2635 description 2636 "List of constraints."; 2637 leaf constraint-type { 2638 type identityref { 2639 base placement-diversity; 2640 } 2641 description 2642 "Diversity constraint type."; 2643 } 2644 container target { 2645 description 2646 "The constraint will apply against this list of groups."; 2647 choice target-flavor { 2648 description 2649 "Choice for the group definition."; 2650 case id { 2651 list group { 2652 key "group-id"; 2653 description 2654 "List of groups."; 2655 leaf group-id { 2656 type string; 2657 description 2658 "The constraint will apply against this particular 2659 group-id."; 2660 } 2661 } 2662 } 2663 case all-accesses { 2664 leaf all-other-accesses { 2665 type empty; 2666 description 2667 "The constraint will apply against all other network 2668 accesses of a site."; 2669 } 2670 } 2671 case all-groups { 2672 leaf all-other-groups { 2673 type empty; 2674 description 2675 "The constraint will apply against all other groups that 2676 the customer is managing."; 2677 } 2678 } 2679 } 2680 } 2681 } 2682 } 2684 grouping ports { 2685 description 2686 "Choice of specifying a source or destination port numbers."; 2687 choice source-port { 2688 description 2689 "Choice of specifying the source port or referring to a group 2690 of source port numbers."; 2691 container source-port-range-or-operator { 2692 description 2693 "Source port definition."; 2694 uses packet-fields:port-range-or-operator; 2695 } 2696 } 2697 choice destination-port { 2698 description 2699 "Choice of specifying a destination port or referring to a group 2700 of destination port numbers."; 2701 container destination-port-range-or-operator { 2702 description 2703 "Destination port definition."; 2704 uses packet-fields:port-range-or-operator; 2705 } 2706 } 2707 } 2709 grouping qos-classification-policy { 2710 description 2711 "Configuration of the traffic classification policy."; 2712 list rule { 2713 key "id"; 2714 ordered-by user; 2715 description 2716 "List of marking rules."; 2717 leaf id { 2718 type string; 2719 description 2720 "An identifier of the QoS classification policy rule."; 2721 } 2722 choice match-type { 2723 default "match-flow"; 2724 description 2725 "Choice for classification."; 2726 case match-flow { 2727 choice l3 { 2728 description 2729 "Either IPv4 or IPv6."; 2730 container ipv4 { 2731 description 2732 "Rule set that matches IPv4 header."; 2733 uses packet-fields:acl-ip-header-fields; 2734 uses packet-fields:acl-ipv4-header-fields; 2735 } 2736 container ipv6 { 2737 description 2738 "Rule set that matches IPv6 header."; 2739 uses packet-fields:acl-ip-header-fields; 2740 uses packet-fields:acl-ipv6-header-fields; 2741 } 2742 } 2743 choice l4 { 2744 description 2745 "Includes Layer 4 specific information. 2746 This version focuses on TCP and UDP."; 2747 container tcp { 2748 description 2749 "Rule set that matches TCP header."; 2751 uses packet-fields:acl-tcp-header-fields; 2752 uses ports; 2753 } 2754 container udp { 2755 description 2756 "Rule set that matches UDP header."; 2757 uses packet-fields:acl-udp-header-fields; 2758 uses ports; 2759 } 2760 } 2761 } 2762 case match-application { 2763 leaf match-application { 2764 type identityref { 2765 base customer-application; 2766 } 2767 description 2768 "Defines the application to match."; 2769 } 2770 } 2771 } 2772 leaf target-class-id { 2773 if-feature "qos"; 2774 type string; 2775 description 2776 "Identification of the class of service. This identifier is 2777 internal to the administration."; 2778 } 2779 } 2780 } 2781 } 2782 2784 5. Security Considerations 2786 The YANG modules specified in this document define schemas for data 2787 that is designed to be accessed via network management protocols such 2788 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 2789 is the secure transport layer, and the mandatory-to-implement secure 2790 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 2791 is HTTPS, and the mandatory-to-implement secure transport is TLS 2792 [RFC8446]. 2794 The Network Configuration Access Control Model (NACM) [RFC8341] 2795 provides the means to restrict access for particular NETCONF or 2796 RESTCONF users to a preconfigured subset of all available NETCONF or 2797 RESTCONF protocol operations and content. 2799 The "ietf-vpn-common" module defines a set of identities, types, and 2800 groupings. These nodes are intended to be reused by other YANG 2801 modules. The module does not expose by itself any data nodes which 2802 are writable, contain read-only state, or RPCs. As such, there are 2803 no additional security issues to be considered relating to the "ietf- 2804 vpn-common" module. 2806 Modules that use the groupings that are defined in this document 2807 should identify the corresponding security considerations. For 2808 example, reusing some of these groupings will expose privacy-related 2809 information (e.g., customer-name). Disclosing such information may 2810 be considered as a violation of the customer-provider trust 2811 relationship. 2813 6. IANA Considerations 2815 This document requests IANA to register the following URI in the "ns" 2816 subregistry within the "IETF XML Registry" [RFC3688]: 2818 URI: urn:ietf:params:xml:ns:yang:ietf-vpn-common 2819 Registrant Contact: The IESG. 2820 XML: N/A; the requested URI is an XML namespace. 2822 This document requests IANA to register the following YANG module in 2823 the "YANG Module Names" subregistry [RFC6020] within the "YANG 2824 Parameters" registry. 2826 name: ietf-vpn-common 2827 namespace: urn:ietf:params:xml:ns:yang:ietf-vpn-common 2828 maintained by IANA: N 2829 prefix: vpn-common 2830 reference: RFC XXXX 2832 7. Acknowledgements 2834 During the discussions of this work, helpful comments and reviews 2835 were received from (listed alphabetically): Alejandro Aguado, Raul 2836 Arco, Miguel Cros Cecilia, Joe Clarke, Dhruv Dhody, Adrian Farrel, 2837 Roque Gagliano, Christian Jacquenet, Kireeti Kompella, Julian Lucek, 2838 Tom Petch, Erez Segev, and Paul Sherratt. Many thanks to them. 2840 This work is partially supported by the European Commission under 2841 Horizon 2020 grant agreement number 101015857 Secured autonomic 2842 traffic management for a Tera of SDN flows (Teraflow). 2844 Many thanks to Radek Krejci for the yangdoctors review, Wesley Eddy 2845 for the tsvart review, Ron Bonica and Victoria Pritchard for the 2846 Rtgdir review, Joel Halpern for the genart review, Tim Wicinski for 2847 the opsdir review, and Suresh Krishnan for the intdir review. 2849 Special thanks to Robert Wilton for the AD review. 2851 Thanks to Roman Danyliw, Lars Eagert, Warren Kumari, Erik Kline, 2852 Zaheduzzaman Sarker, Benjamin Kaduk, and Eric Vyncke for the IESG 2853 review. 2855 8. Contributors 2857 Italo Busi 2858 Huawei Technologies 2859 Email: Italo.Busi@huawei.com 2861 Luis Angel Munoz 2862 Vodafone 2863 Email: luis-angel.munoz@vodafone.com 2865 Victor Lopez Alvarez 2866 Telefonica 2867 Email: victor.lopezalvarez@telefonica.com 2869 9. References 2871 9.1. Normative References 2873 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2874 DOI 10.17487/RFC3688, January 2004, 2875 . 2877 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 2878 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 2879 2006, . 2881 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2882 the Network Configuration Protocol (NETCONF)", RFC 6020, 2883 DOI 10.17487/RFC6020, October 2010, 2884 . 2886 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2887 and A. Bierman, Ed., "Network Configuration Protocol 2888 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2889 . 2891 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2892 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2893 . 2895 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2896 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2897 . 2899 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2900 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2901 . 2903 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2904 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2905 . 2907 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 2908 "Common YANG Data Types for the Routing Area", RFC 8294, 2909 DOI 10.17487/RFC8294, December 2017, 2910 . 2912 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2913 Access Control Model", STD 91, RFC 8341, 2914 DOI 10.17487/RFC8341, March 2018, 2915 . 2917 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2918 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2919 . 2921 [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 2922 "YANG Data Model for Network Access Control Lists (ACLs)", 2923 RFC 8519, DOI 10.17487/RFC8519, March 2019, 2924 . 2926 9.2. Informative References 2928 [I-D.ietf-opsawg-l2nm] 2929 Barguil, S., Dios, O. G. D., Boucadair, M., and L. A. 2930 Munoz, "A Layer 2 VPN Network YANG Model", Work in 2931 Progress, Internet-Draft, draft-ietf-opsawg-l2nm-06, 12 2932 September 2021, . 2935 [I-D.ietf-opsawg-l3sm-l3nm] 2936 Barguil, S., Dios, O. G. D., Boucadair, M., Munoz, L. A., 2937 and A. Aguado, "A Layer 3 VPN Network YANG Model", Work in 2938 Progress, Internet-Draft, draft-ietf-opsawg-l3sm-l3nm-15, 2939 28 September 2021, . 2942 [I-D.ietf-teas-actn-vn-yang] 2943 Lee, Y., Dhody, D., Ceccarelli, D., Bryskin, I., and B. Y. 2944 Yoon, "A YANG Data Model for VN Operation", Work in 2945 Progress, Internet-Draft, draft-ietf-teas-actn-vn-yang-12, 2946 25 August 2021, . 2949 [I-D.ietf-teas-enhanced-vpn] 2950 Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A 2951 Framework for Enhanced Virtual Private Network (VPN+) 2952 Services", Work in Progress, Internet-Draft, draft-ietf- 2953 teas-enhanced-vpn-08, 12 July 2021, 2954 . 2957 [I-D.ietf-teas-ietf-network-slices] 2958 Farrel, A., Gray, E., Drake, J., Rokui, R., Homma, S., 2959 Makhijani, K., Contreras, L. M., and J. Tantsura, 2960 "Framework for IETF Network Slices", Work in Progress, 2961 Internet-Draft, draft-ietf-teas-ietf-network-slices-04, 23 2962 August 2021, . 2965 [IEEE802.1ad] 2966 "Virtual Bridged Local Area Networks Amendment 4: Provider 2967 Bridges", IEEE Std 802.1ad-2005, 2006. 2969 [IEEE802.1AX] 2970 "Link Aggregation", IEEE Std 802.1AX-2020, 2020. 2972 [IEEE802.1Q] 2973 "Bridges and Bridged Networks", IEEE Std 802.1Q-2018, 6 2974 July 2018. 2976 [ISO10589] ISO, "Intermediate System to Intermediate System intra- 2977 domain routeing information exchange protocol for use in 2978 conjunction with the protocol for providing the 2979 connectionless-mode network service (ISO 8473)", 2002, 2980 . 2982 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 2983 DOI 10.17487/RFC0791, September 1981, 2984 . 2986 [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, 2987 RFC 1112, DOI 10.17487/RFC1112, August 1989, 2988 . 2990 [RFC1701] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic 2991 Routing Encapsulation (GRE)", RFC 1701, 2992 DOI 10.17487/RFC1701, October 1994, 2993 . 2995 [RFC1702] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic 2996 Routing Encapsulation over IPv4 networks", RFC 1702, 2997 DOI 10.17487/RFC1702, October 1994, 2998 . 3000 [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, 3001 DOI 10.17487/RFC2003, October 1996, 3002 . 3004 [RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080, 3005 DOI 10.17487/RFC2080, January 1997, 3006 . 3008 [RFC2236] Fenner, W., "Internet Group Management Protocol, Version 3009 2", RFC 2236, DOI 10.17487/RFC2236, November 1997, 3010 . 3012 [RFC2453] Malkin, G., "RIP Version 2", STD 56, RFC 2453, 3013 DOI 10.17487/RFC2453, November 1998, 3014 . 3016 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 3017 IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, 3018 December 1998, . 3020 [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast 3021 Listener Discovery (MLD) for IPv6", RFC 2710, 3022 DOI 10.17487/RFC2710, October 1999, 3023 . 3025 [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., 3026 and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP 3027 Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001, 3028 . 3030 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 3031 Thyagarajan, "Internet Group Management Protocol, Version 3032 3", RFC 3376, DOI 10.17487/RFC3376, October 2002, 3033 . 3035 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 3036 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 3037 DOI 10.17487/RFC3810, June 2004, 3038 . 3040 [RFC3931] Lau, J., Ed., Townsley, M., Ed., and I. Goyret, Ed., 3041 "Layer Two Tunneling Protocol - Version 3 (L2TPv3)", 3042 RFC 3931, DOI 10.17487/RFC3931, March 2005, 3043 . 3045 [RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned Virtual 3046 Private Network (VPN) Terminology", RFC 4026, 3047 DOI 10.17487/RFC4026, March 2005, 3048 . 3050 [RFC4176] El Mghazli, Y., Ed., Nadeau, T., Boucadair, M., Chan, K., 3051 and A. Gonguet, "Framework for Layer 3 Virtual Private 3052 Networks (L3VPN) Operations and Management", RFC 4176, 3053 DOI 10.17487/RFC4176, October 2005, 3054 . 3056 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 3057 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 3058 DOI 10.17487/RFC4271, January 2006, 3059 . 3061 [RFC4577] Rosen, E., Psenak, P., and P. Pillay-Esnault, "OSPF as the 3062 Provider/Customer Edge Protocol for BGP/MPLS IP Virtual 3063 Private Networks (VPNs)", RFC 4577, DOI 10.17487/RFC4577, 3064 June 2006, . 3066 [RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer 3067 2 Virtual Private Networks (L2VPNs)", RFC 4664, 3068 DOI 10.17487/RFC4664, September 2006, 3069 . 3071 [RFC4761] Kompella, K., Ed. and Y. Rekhter, Ed., "Virtual Private 3072 LAN Service (VPLS) Using BGP for Auto-Discovery and 3073 Signaling", RFC 4761, DOI 10.17487/RFC4761, January 2007, 3074 . 3076 [RFC4762] Lasserre, M., Ed. and V. Kompella, Ed., "Virtual Private 3077 LAN Service (VPLS) Using Label Distribution Protocol (LDP) 3078 Signaling", RFC 4762, DOI 10.17487/RFC4762, January 2007, 3079 . 3081 [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", 3082 RFC 4960, DOI 10.17487/RFC4960, September 2007, 3083 . 3085 [RFC5036] Andersson, L., Ed., Minei, I., Ed., and B. Thomas, Ed., 3086 "LDP Specification", RFC 5036, DOI 10.17487/RFC5036, 3087 October 2007, . 3089 [RFC5798] Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP) 3090 Version 3 for IPv4 and IPv6", RFC 5798, 3091 DOI 10.17487/RFC5798, March 2010, 3092 . 3094 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 3095 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 3096 . 3098 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 3099 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 3100 2012, . 3102 [RFC6565] Pillay-Esnault, P., Moyer, P., Doyle, J., Ertekin, E., and 3103 M. Lundberg, "OSPFv3 as a Provider Edge to Customer Edge 3104 (PE-CE) Routing Protocol", RFC 6565, DOI 10.17487/RFC6565, 3105 June 2012, . 3107 [RFC6624] Kompella, K., Kothari, B., and R. Cherukuri, "Layer 2 3108 Virtual Private Networks Using BGP for Auto-Discovery and 3109 Signaling", RFC 6624, DOI 10.17487/RFC6624, May 2012, 3110 . 3112 [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, 3113 L., Sridhar, T., Bursell, M., and C. Wright, "Virtual 3114 eXtensible Local Area Network (VXLAN): A Framework for 3115 Overlaying Virtualized Layer 2 Networks over Layer 3 3116 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, 3117 . 3119 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 3120 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 3121 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 3122 2015, . 3124 [RFC7510] Xu, X., Sheth, N., Yong, L., Callon, R., and D. Black, 3125 "Encapsulating MPLS in UDP", RFC 7510, 3126 DOI 10.17487/RFC7510, April 2015, 3127 . 3129 [RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W. 3130 Henderickx, "Provider Backbone Bridging Combined with 3131 Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623, 3132 September 2015, . 3134 [RFC7676] Pignataro, C., Bonica, R., and S. Krishnan, "IPv6 Support 3135 for Generic Routing Encapsulation (GRE)", RFC 7676, 3136 DOI 10.17487/RFC7676, October 2015, 3137 . 3139 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 3140 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 3141 Multicast - Sparse Mode (PIM-SM): Protocol Specification 3142 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 3143 2016, . 3145 [RFC7880] Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S. 3146 Pallagatti, "Seamless Bidirectional Forwarding Detection 3147 (S-BFD)", RFC 7880, DOI 10.17487/RFC7880, July 2016, 3148 . 3150 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 3151 (IPv6) Specification", STD 86, RFC 8200, 3152 DOI 10.17487/RFC8200, July 2017, 3153 . 3155 [RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J. 3156 Rabadan, "Virtual Private Wire Service Support in Ethernet 3157 VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017, 3158 . 3160 [RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address 3161 Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017, 3162 . 3164 [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, 3165 "YANG Data Model for L3VPN Service Delivery", RFC 8299, 3166 DOI 10.17487/RFC8299, January 2018, 3167 . 3169 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 3170 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 3171 . 3173 [RFC8365] Sajassi, A., Ed., Drake, J., Ed., Bitar, N., Shekhar, R., 3174 Uttaro, J., and W. Henderickx, "A Network Virtualization 3175 Overlay Solution Using Ethernet VPN (EVPN)", RFC 8365, 3176 DOI 10.17487/RFC8365, March 2018, 3177 . 3179 [RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for 3180 Abstraction and Control of TE Networks (ACTN)", RFC 8453, 3181 DOI 10.17487/RFC8453, August 2018, 3182 . 3184 [RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG 3185 Data Model for Layer 2 Virtual Private Network (L2VPN) 3186 Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October 3187 2018, . 3189 [RFC8512] Boucadair, M., Ed., Sivakumar, S., Jacquenet, C., 3190 Vinapamula, S., and Q. Wu, "A YANG Module for Network 3191 Address Translation (NAT) and Network Prefix Translation 3192 (NPT)", RFC 8512, DOI 10.17487/RFC8512, January 2019, 3193 . 3195 [RFC8660] Bashandy, A., Ed., Filsfils, C., Ed., Previdi, S., 3196 Decraene, B., Litkowski, S., and R. Shakir, "Segment 3197 Routing with the MPLS Data Plane", RFC 8660, 3198 DOI 10.17487/RFC8660, December 2019, 3199 . 3201 [RFC8663] Xu, X., Bryant, S., Farrel, A., Hassan, S., Henderickx, 3202 W., and Z. Li, "MPLS Segment Routing over IP", RFC 8663, 3203 DOI 10.17487/RFC8663, December 2019, 3204 . 3206 [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., 3207 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 3208 (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, 3209 . 3211 [RFC8926] Gross, J., Ed., Ganga, I., Ed., and T. Sridhar, Ed., 3212 "Geneve: Generic Network Virtualization Encapsulation", 3213 RFC 8926, DOI 10.17487/RFC8926, November 2020, 3214 . 3216 Appendix A. Example of Common Data Nodes in Early L2NM/L3NM Designs 3218 In order to avoid data nodes duplication and to ease passing data 3219 among layers (i.e., from the service layer to the network layer and 3220 vice versa), early versions of the L3NM reused many of the data nodes 3221 that are defined in the L3SM. Nevertheless, that approach was 3222 abandoned because that design was interpreted as if the deployment of 3223 L3NM depends on L3SM, while this is not required. For example, a 3224 service provider may decide to use the L3NM to build its L3VPN 3225 services without exposing the L3SM to customers. 3227 Likewise, early versions of the L2NM reused many of the data nodes 3228 that are defined in both L2SM and L3NM. An example of L3NM groupings 3229 reused in L2NM is shown in Figure 5. Such data nodes reuse was 3230 interpreted as if the deployment of the L2NM requires the support of 3231 the L3NM; which is not required. 3233 module ietf-l2vpn-ntw { 3234 ... 3235 import ietf-l3vpn-ntw { 3236 prefix l3vpn-ntw; 3237 reference 3238 "RFC NNNN: A Layer 3 VPN Network YANG Model"; 3239 } 3240 ... 3241 container l2vpn-ntw { 3242 ... 3243 container vpn-services { 3244 list vpn-service { 3245 ... 3246 uses l3vpn-ntw:service-status; 3247 uses l3vpn-ntw:svc-transport-encapsulation; 3248 ... 3249 } 3250 } 3251 ... 3252 } 3253 } 3255 Figure 5: Excerpt from the L2NM YANG Module 3257 Authors' Addresses 3258 Samier Barguil 3259 Telefonica 3260 Madrid 3261 Spain 3263 Email: samier.barguilgiraldo.ext@telefonica.com 3265 Oscar Gonzalez de Dios (editor) 3266 Telefonica 3267 Madrid 3268 Spain 3270 Email: oscar.gonzalezdedios@telefonica.com 3272 Mohamed Boucadair (editor) 3273 Orange 3274 France 3276 Email: mohamed.boucadair@orange.com 3278 Qin Wu 3279 Huawei 3280 101 Software Avenue, Yuhua District 3281 Nanjing 3282 Jiangsu, 210012 3283 China 3285 Email: bill.wu@huawei.com