idnits 2.17.1 draft-ietf-softwire-dslite-yang-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 13 characters in excess of 72. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 11, 2017) is 2326 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-17) exists of draft-ietf-opsawg-nat-yang-09 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) == Outdated reference: A later version (-21) exists of draft-ietf-netmod-acl-model-14 == Outdated reference: A later version (-06) exists of draft-ietf-netmod-yang-tree-diagrams-02 -- Obsolete informational reference (is this intentional?): RFC 6087 (Obsoleted by RFC 8407) Summary: 4 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Boucadair 3 Internet-Draft C. Jacquenet 4 Intended status: Standards Track Orange 5 Expires: June 14, 2018 S. Sivakumar 6 Cisco Systems 7 December 11, 2017 9 A YANG Data Module for Dual-Stack Lite (DS-Lite) 10 draft-ietf-softwire-dslite-yang-12 12 Abstract 14 This document defines a YANG module for the DS-Lite Address Family 15 Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements. 17 Editorial Note (To be removed by RFC Editor) 19 Please update these statements with the RFC number to be assigned to 20 this document: 22 o "This version of this YANG module is part of RFC XXXX;" 24 o "RFC XXXX: A YANG Data Module for Dual-Stack Lite (DS-Lite)"; 26 o "reference: RFC XXXX" 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on June 14, 2018. 45 Copyright Notice 47 Copyright (c) 2017 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 64 2. DS-Lite YANG Module: An Overview . . . . . . . . . . . . . . 4 65 3. DS-Lite YANG Module . . . . . . . . . . . . . . . . . . . . . 6 66 4. Security Considerations . . . . . . . . . . . . . . . . . . . 14 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 68 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 69 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 70 7.1. Normative references . . . . . . . . . . . . . . . . . . 15 71 7.2. Informative references . . . . . . . . . . . . . . . . . 17 72 Appendix A. B4 Example . . . . . . . . . . . . . . . . . . . . . 18 73 Appendix B. AFTR Examples . . . . . . . . . . . . . . . . . . . 18 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 76 1. Introduction 78 This document defines a data model for DS-Lite [RFC6333], using the 79 YANG data modeling language [RFC7950]. Both the Address Family 80 Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements 81 are covered by this specification. 83 As a reminder, Figure 1 illustrates an overview of the DS-Lite 84 architecture that involves AFTR and B4 elements. 86 +-----------+ 87 | Host | 88 +-----+-----+ 89 |192.0.2.1 90 | 91 | 92 |192.0.2.2 93 +---------|---------+ 94 | | | 95 | Home router | 96 |+--------+--------+| 97 || B4 || 98 |+--------+--------+| 99 +--------|||--------+ 100 |||2001:db8:0:1::1 101 ||| 102 |||<-IPv4-in-IPv6 softwire 103 ||| 104 -------|||------- 105 / ||| \ 106 | ISP core network | 107 \ ||| / 108 -------|||------- 109 ||| 110 |||2001:db8:0:2::1 111 +--------|||--------+ 112 | AFTR | 113 |+--------+--------+| 114 || Concentrator || 115 |+--------+--------+| 116 | |NAT| | 117 | +-+-+ | 118 +---------|---------+ 119 |198.51.100.1 120 | 121 --------|-------- 122 / | \ 123 | Internet | 124 \ | / 125 --------|-------- 126 | 127 |203.0.113.1 128 +-----+-----+ 129 | IPv4 Host | 130 +-----------+ 132 Figure 1: DS-Lite Base Architecture 134 DS-Lite deployment considerations are discussed in [RFC6908]. 136 This document follows the guidelines of [RFC6087], uses the common 137 YANG types defined in [RFC6991], and adopts the Network Management 138 Datastore Architecture (NMDA). 140 1.1. Terminology 142 This document makes use of the terms defined in Section 3 of 143 [RFC6333]. 145 The terminology for describing YANG data modules is defined in 146 [RFC7950]. 148 The meaning of the symbols in tree diagrams is defined in 149 [I-D.ietf-netmod-yang-tree-diagrams]. 151 2. DS-Lite YANG Module: An Overview 153 As shown in Figure 1: 155 o The AFTR element is a combination of an IPv4-in-IPv6 tunnel and a 156 NAPT function (Section 2.2 of [RFC3022]). 158 o The B4 element is an IPv4-in-IPv6 tunnel. 160 Therefore, the DS-Lite YANG module is designed to augment both the 161 Interfaces YANG module [RFC7223] and the NAT YANG module 162 [I-D.ietf-opsawg-nat-yang] with DS-Lite specific features. 164 The YANG "feature" statement is used to distinguish which of the DS- 165 Lite elements ('aftr' or 'b4') is relevant for a specific data node. 167 Concretely, the DS-Lite YANG module (Figure 2) augments the 168 Interfaces YANG module with the following: 170 o An IPv6 address used by the tunnel endpoint (AFTR or B4) for 171 sending and receiving IPv4-in-IPv6 packets (ipv6-address). 173 o An IPv4 address that is used by the tunnel endpoint (AFTR or B4) 174 for troubleshooting purposes (ipv4-address). 176 o An IPv6 address used by a B4 element to reach its AFTR (aftr- 177 ipv6-addr). 179 o The tunnel MTU used to avoid fragmentation (tunnel-mtu). 181 o A policy to instruct the tunnel endpoint (AFTR or B4) whether it 182 must preserve DSCP marking when encapsulating/decapsulating 183 packets (v6-v4-dscp-preservation). 185 In addition, the DS-Lite YANG module augments the NAT YANG module 186 (policy, in particular) with the following: 188 o A policy to limit the number of DS-Lite softwires per subscriber 189 (max-softwire-per-subscriber). 191 o A policy to instruct the AFTR whether a state can be automatically 192 migrated (state-migrate). 194 o Further, in order to prevent a denial-of-service by frequently 195 changing the source IPv6 address, 'b4-address-change-limit' is 196 used to rate-lmite such changes. 198 o An instruction to rewrite the TCP Maximum Segment Size (MSS) 199 option (mss-clamping) to avoid TCP fragmentation. 201 Given that the NAPT table of the AFTR element is extended to include 202 the source IPv6 address of incoming packets, the DS-Lite YANG module 203 augments the NAPT44 mapping-entry with the following: 205 o b4-ipv6-address which is used to record the source IPv6 address of 206 a packet received from a B4 element. This IPv6 address is 207 required to disambiguate between the overlapping IPv4 address 208 space of subscribers. 210 o The value of the Traffic Class field in the IPv6 header as 211 received from a B4 element (v6-dscp): This information is used to 212 preserve DSCP marking when encapsulating/decapsulationg at the 213 AFTR. 215 o The IPv4 DSCP marking of the IPv4 packet received from a B4 216 element (internal-v4-dscp): This information can be used by the 217 AFTR for setting the DSCP of packets relayed to a B4 element. 219 o The IPv4 DSCP marking as set by the AFTR in its external interface 220 (external-v4-dscp): An AFTR can be instructed to preserve the same 221 marking or to set it to another value when forwarding an IPv4 222 packet upstream. 224 Access Control List (ACL) and Quality of Service (QoS) policies 225 discussed in Section 2.5 of [RFC6908] are out of scope. A YANG 226 module for ACLs is documented in [I-D.ietf-netmod-acl-model]. 228 Likewise, PCP-related considerations discussed in Section 8.5 of 229 [RFC6333] are out of scope. A YANG module for PCP is documented in 230 [I-D.boucadair-pcp-yang]. 232 module: ietf-dslite 233 augment /if:interfaces/if:interface: 234 +--rw ipv6-address? inet:ipv6-address 235 +--rw ipv4-address? inet:ipv4-address 236 +--rw aftr-ipv6-addr? inet:ipv6-address {b4}? 237 +--rw tunnel-mtu? uint16 238 +--rw v6-v4-dscp-preservation? boolean 239 augment /nat:nat/nat:instances/nat:instance/nat:policy: 240 +--rw max-softwires-per-subscriber? uint8 {aftr}? 241 +--rw state-migrate? boolean {aftr}? 242 +--rw b4-address-change-limit? uint32 {aftr}? 243 +--rw mss-clamping {aftr}? 244 +--rw enable? boolean 245 +--rw mss-value? uint16 246 augment /nat:nat/nat:instances/nat:instance/nat:mapping-table/nat:mapping-entry: 247 +--rw b4-ipv6-address {aftr}? 248 | +--rw address? inet:ipv6-address 249 | +--rw last-address-change? yang:date-and-time 250 +--rw v6-dscp? uint8 {aftr}? 251 +--rw internal-v4-dscp? uint8 {aftr}? 252 +--rw external-v4-dscp? uint8 {aftr}? 253 augment /nat:nat/nat:instances/nat:instance/nat:statistics/nat:mappings-statistics: 254 +--ro active-softwires? yang:gauge32 {aftr}? 256 notifications: 257 +---n b4-address-change-limit-policy-violation {aftr}? 258 +--ro id -> /nat:nat/instances/instance/id 259 +--ro policy-id -> /nat:nat/instances/instance/policy/id 260 +--ro address inet:ipv6-address 262 Figure 2: YANG Module for DS-Lite 264 Examples to illustrate the use of this module are provided in 265 Appendix A and Appendix B. 267 3. DS-Lite YANG Module 269 file "ietf-dslite@2017-12-12.yang" 271 module ietf-dslite { 272 yang-version 1.1; 274 namespace "urn:ietf:params:xml:ns:yang:ietf-dslite"; 275 prefix dslite; 276 import ietf-inet-types { prefix inet; } 277 import ietf-interfaces { prefix if; } 278 import iana-if-type { prefix ianaift; } 279 import ietf-nat {prefix nat;} 280 import ietf-yang-types { prefix yang; } 282 organization "IETF Softwire Working Group"; 284 contact 286 "WG Web: 287 WG List: 289 Editor: Mohamed Boucadair 290 292 Editor: Christian Jacquenet 293 295 Editor: Senthil Sivakumar 296 "; 298 description 299 "This module is a YANG module for DS-Lite AFTR and B4 300 implementations. 302 Copyright (c) 2017 IETF Trust and the persons identified as 303 authors of the code. All rights reserved. 305 Redistribution and use in source and binary forms, with or 306 without modification, is permitted pursuant to, and subject 307 to the license terms contained in, the Simplified BSD License 308 set forth in Section 4.c of the IETF Trust's Legal Provisions 309 Relating to IETF Documents 310 (http://trustee.ietf.org/license-info). 312 This version of this YANG module is part of RFC XXXX; see 313 the RFC itself for full legal notices."; 315 revision 2017-12-12 { 316 description 317 "Initial revision."; 318 reference 319 "RFC XXXX: A YANG Data Module for Dual-Stack Lite (DS-Lite)"; 320 } 322 /* 323 * Features 324 */ 326 feature b4 { 327 description 328 "The B4 element is a function implemented on a dual-stack-capable 329 node, either a directly connected device or a CPE, that creates 330 a tunnel to an AFTR."; 331 reference 332 "Section 5 of RFC 6333."; 333 } 335 feature aftr { 336 description 337 "An AFTR element is the combination of an IPv4-in-IPv6 tunnel 338 endpoint and an IPv4-IPv4 NAT implemented on the same node."; 339 reference 340 "Section 6 of RFC 6333."; 341 } 343 /* 344 * Augments 345 */ 347 augment "/if:interfaces/if:interface" { 348 when "if:type = 'ianaift:tunnel'"; 349 description 350 "Augments Interface module with DS-Lite parameters. 352 IANA interface types are maintained at this registry: 353 https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib. 355 tunnel (131), -- Encapsulation interface"; 357 leaf ipv6-address { 358 type inet:ipv6-address; 359 description 360 "IPv6 address of the local DS-Lite endpoint (AFTR or B4)."; 361 reference 362 "RFC 6333: Dual-Stack Lite Broadband Deployments Following 363 IPv4 Exhaustion"; 364 } 366 leaf ipv4-address { 367 type inet:ipv4-address; 368 description 369 "IPv4 address of the local DS-Lite AFTR or B4. 371 192.0.0.1 is reserved for the AFTR element, while 372 192.0.0.0/29 is reserved for the B4 element. 374 This address can be used to report ICMP problems and will 375 appear in traceroute outputs."; 376 reference 377 "RFC 6333: Dual-Stack Lite Broadband Deployments Following 378 IPv4 Exhaustion"; 379 } 381 leaf aftr-ipv6-addr { 382 if-feature b4; 383 type inet:ipv6-address; 384 description 385 "Indicates the AFTR's IPv6 address to be used by a B4 element."; 386 reference 387 "RFC 6333: Dual-Stack Lite Broadband Deployments Following 388 IPv4 Exhaustion"; 389 } 391 leaf tunnel-mtu { 392 type uint16; 393 description 394 "Configures a tunnel MTU. 396 [RFC6908] specifies that since fragmentation and reassembly 397 is not optimal, the operator should do everything possible 398 to eliminate the need for it. If the operator uses simple 399 IPv4-in-IPv6 softwire, it is recommended that the MTU size 400 of the IPv6 network between the B4 and the AFTR accounts for 401 the additional overhead (40 bytes)."; 402 reference 403 "RFC 6908: Deployment Considerations for Dual-Stack Lite"; 404 } 406 leaf v6-v4-dscp-preservation { 407 type boolean; 408 description 409 "Copies the DSCP value from the IPv6 header and vice versa. 411 According to Section 2.10 of [RFC6908], operators should 412 use this model by provisioning the network such that the 413 AFTR/B4 copies the DSCP value in the IPv4 header to 414 the Traffic Class field in the IPv6 header, after the 415 encapsulation for the downstream traffic."; 416 reference 417 "Section 2.10 of RFC 6908."; 418 } 419 } 420 augment "/nat:nat/nat:instances/nat:instance/nat:policy" { 421 when "/nat:nat/nat:instances/nat:instance/nat:type='nat:napt44'" + 422 " and /nat:nat/nat:instances/nat:instance/" + 423 "nat:per-interface-binding='dslite'"; 424 if-feature aftr; 425 description 426 "Augments the NAPT44 module with AFTR parameters."; 428 leaf max-softwires-per-subscriber { 429 type uint8; 430 default 1; 431 description 432 "Configures the maximum softwires per subscriber feature. 434 A subscriber is uniquely identified by means 435 of a subscriber mask (subscriber-mask-v6). 437 This policy aims to prevent a misbehaving subscriber from 438 mounting several DS-Lite softwires that would consume 439 additional AFTR resources (e.g., get more external ports 440 if the quota were enforced on a per-softwire basis, 441 consume extra processing due to a large number of active 442 softwires)."; 444 reference 445 "Section 4 of RFC 7785."; 446 } 448 leaf state-migrate { 449 type boolean; 450 default true; 451 description 452 "State migration is enabled by default. 454 In the event a new IPv6 address is assigned to the B4 element, 455 the AFTR should migrate existing state to be bound to the new 456 IPv6 address. This operation ensures that traffic destined to 457 the previous B4's IPv6 address will be redirected to the newer 458 B4's IPv6 address. The destination IPv6 address for tunneling 459 return traffic from the AFTR should be the last seen as the 460 B4's IPv6 source address from the user device (e.g., CPE). 462 The AFTR uses the subscriber-mask-v6 to determine whether two 463 IPv6 addresses belong to the same CPE (e.g., if the 464 subscriber-mask-v6 is set to 56, the AFTR concludes that 465 2001:db8:100:100::1 and 2001:db8:100:100::2 belong to the same 466 CPE assigned with 2001:db8:100:100::/56)."; 468 reference 469 "RFC 7785: Recommendations for Prefix Binding in the Context 470 of Softwire Dual-Stack Lite"; 471 } 473 leaf b4-address-change-limit { 474 type uint32; 475 units "seconds"; 476 default '1800'; 477 description 478 "Minimum number of seconds between successive B4's IPv6 address 479 change from the same prefix. 481 Changing the source B4's IPv6 address may be used as an attack 482 vector. Packets with a new B4's IPv6 address from the same 483 prefix should be rate-limited. 485 It is recommended to set this rate limit to 30 minutes; other 486 values can be set on a per-deployment basis."; 488 reference 489 "RFC 7785: Recommendations for Prefix Binding in the Context 490 of Softwire Dual-Stack Lite"; 491 } 493 container mss-clamping { 494 description 495 "MSS rewriting configuration to avoid IPv6 fragmentation."; 497 leaf enable { 498 type boolean; 499 description 500 "Enable/disable MSS rewriting feature."; 501 } 503 leaf mss-value { 504 type uint16; 505 units "octets"; 506 description 507 "Sets the MSS value to be used for MSS rewriting."; 508 } 509 } 510 } 512 augment "/nat:nat/nat:instances/nat:instance/"+ 513 "nat:mapping-table/nat:mapping-entry" { 514 when "/nat:nat/nat:instances/nat:instance/nat:type='nat:napt44'" + 515 " and /nat:nat/nat:instances/nat:instance/" + 516 "nat:per-interface-binding='dslite'"; 517 if-feature aftr; 518 description 519 "Augments the NAPT44 mapping table with DS-Lite specifics."; 521 container b4-ipv6-address { 522 description 523 "Records the IPv6 address used by a B4 element and the last 524 time that address changed."; 526 leaf address { 527 type inet:ipv6-address; 528 description 529 "Corresponds to the IPv6 address used by a B4 element."; 530 reference 531 "RFC 6333: Dual-Stack Lite Broadband Deployments Following 532 IPv4 Exhaustion"; 533 } 535 leaf last-address-change { 536 type yang:date-and-time; 537 description 538 "Records the last time when the address changed."; 539 } 540 } 542 leaf v6-dscp { 543 when "/if:interfaces/if:interface/" + 544 "dslite:v6-v4-dscp-preservation='true'"; 545 type uint8; 546 description 547 "DSCP value used at the softwire level (i.e., IPv6 header)."; 548 } 550 leaf internal-v4-dscp { 551 when "/if:interfaces/if:interface/" + 552 "dslite:v6-v4-dscp-preservation='true'"; 553 type uint8; 554 description 555 "DSCP value of the encapsulated IPv4 packet."; 556 } 558 leaf external-v4-dscp { 559 when "/if:interfaces/if:interface/" + 560 "dslite:v6-v4-dscp-preservation='true'"; 561 type uint8; 562 description 563 "DSCP value of the translated IPv4 packet as marked by 564 the AFTR."; 565 } 566 } 568 augment "/nat:nat/nat:instances/nat:instance/nat:statistics/" + 569 "nat:mappings-statistics" { 570 if-feature aftr; 571 description 572 "Indicates the number of active softwires."; 574 leaf active-softwires{ 575 type yang:gauge32; 576 description 577 "The number of currently active softwires on the AFTR 578 instance."; 579 } 580 } 582 /* 583 * Notifications 584 */ 586 notification b4-address-change-limit-policy-violation { 587 if-feature aftr; 588 description 589 "Generates notifications when a B4 unsuccessfully attempts 590 to change IPv6 address in a time shorter than the value of 591 b4-address-change-limit. 593 Notifications are rate-limited (notify-interval)."; 595 leaf id { 596 type leafref { 597 path "/nat:nat/nat:instances/nat:instance/nat:id"; 598 } 599 mandatory true; 600 description 601 "NAT instance identifier."; 602 } 604 leaf policy-id { 605 type leafref { 606 path "/nat:nat/nat:instances/nat:instance/nat:policy/nat:id"; 607 } 608 mandatory true; 609 description 610 "Policy Identifier."; 611 } 612 leaf address { 613 type inet:ipv6-address; 614 mandatory true; 615 description 616 "B4's IPv6 address."; 617 } 618 } 619 } 620 622 4. Security Considerations 624 The YANG module defined in this document is designed to be accessed 625 via network management protocols such as NETCONF [RFC6241] or 626 RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport 627 layer, and the mandatory-to-implement secure transport is Secure 628 Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the 629 mandatory-to-implement secure transport is TLS [RFC5246]. 631 The NETCONF access control model [RFC6536] provides the means to 632 restrict access for particular NETCONF or RESTCONF users to a 633 preconfigured subset of all available NETCONF or RESTCONF protocol 634 operations and content. 636 All data nodes defined in the YANG module which can be created, 637 modified and deleted (i.e., config true, which is the default) are 638 considered sensitive. Write operations (e.g., edit-config) applied 639 to these data nodes without proper protection can negatively affect 640 network operations. An attacker who is able to access to the B4/AFTR 641 can undertake various attacks, such as: 643 o Set the value of 'aftr-ipv6-addr' on the B4 to point to an 644 illegitimate AFTR so that it can intercept all the traffic sent by 645 a B4. Illegitimately intercepting users' traffic is a attack with 646 severe implications on privacy. 648 o Set the MTU to a low value which may increase the number of 649 fragments ('tunnel-mtu' for both B4 and AFTR). 651 o Set 'max-softwire-per-subscriber' to an arbitrary high value, 652 which will be exploited by a misbehaving user to grab more 653 resources (by mounting as many softwires as required to get more 654 external IP addresses/ports) or to perform a Denial-of-Service on 655 the AFTR by mounting a massive number of softwires. 657 o Set 'state-migrate' to 'false' on the AFTR. This action may lead 658 to a service degradation for the users. 660 o Set 'b4-address-change-limit" to an arbitrary low value can ease 661 DoS attacks based on frequent change of B4 IPv6 address. 663 o Set 'v6-v4-dscp-preservation' to 'false" may lead to a service 664 degradation if some policies are applied on the network based on 665 the DSCP value. 667 Additional security considerations are discussed in 668 [I-D.ietf-opsawg-nat-yang]. 670 Security considerations related to DS-Lite are discussed in 671 [RFC6333]. 673 5. IANA Considerations 675 This document requests IANA to register the following URI in the 676 "IETF XML Registry" [RFC3688]: 678 URI: urn:ietf:params:xml:ns:yang:ietf-dslite 679 Registrant Contact: The IESG. 680 XML: N/A; the requested URI is an XML namespace. 682 This document requests IANA to register the following YANG module in 683 the "YANG Module Names" registry [RFC7950]. 685 name: ietf-dslite 686 namespace: urn:ietf:params:xml:ns:yang:ietf-dslite 687 prefix: dslite 688 reference: RFC XXXX 690 6. Acknowledgements 692 Thanks to Qin Wu, Benoit Claise, and Andy Bierman who helped for 693 identifying compiling errors. Mahesh Jethanandani provided an early 694 yangdoctors review; many thanks to him. 696 Many thanks to Ian Farrer for the review and comments. 698 7. References 700 7.1. Normative references 702 [I-D.ietf-opsawg-nat-yang] 703 Boucadair, M., Sivakumar, S., Jacquenet, C., Vinapamula, 704 S., and Q. Wu, "A YANG Data Model for Network Address 705 Translation (NAT) and Network Prefix Translation (NPT)", 706 draft-ietf-opsawg-nat-yang-09 (work in progress), November 707 2017. 709 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 710 DOI 10.17487/RFC3688, January 2004, 711 . 713 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 714 (TLS) Protocol Version 1.2", RFC 5246, 715 DOI 10.17487/RFC5246, August 2008, 716 . 718 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 719 and A. Bierman, Ed., "Network Configuration Protocol 720 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 721 . 723 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 724 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 725 . 727 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 728 Stack Lite Broadband Deployments Following IPv4 729 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 730 . 732 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 733 Protocol (NETCONF) Access Control Model", RFC 6536, 734 DOI 10.17487/RFC6536, March 2012, 735 . 737 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 738 RFC 6991, DOI 10.17487/RFC6991, July 2013, 739 . 741 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 742 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 743 . 745 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 746 RFC 7950, DOI 10.17487/RFC7950, August 2016, 747 . 749 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 750 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 751 . 753 7.2. Informative references 755 [I-D.boucadair-pcp-yang] 756 Boucadair, M., Jacquenet, C., Sivakumar, S., and S. 757 Vinapamula, "YANG Modules for the Port Control Protocol 758 (PCP)", draft-boucadair-pcp-yang-05 (work in progress), 759 October 2017. 761 [I-D.ietf-netmod-acl-model] 762 Jethanandani, M., Huang, L., Agarwal, S., and D. Blair, 763 "Network Access Control List (ACL) YANG Data Model", 764 draft-ietf-netmod-acl-model-14 (work in progress), October 765 2017. 767 [I-D.ietf-netmod-yang-tree-diagrams] 768 Bjorklund, M. and L. Berger, "YANG Tree Diagrams", draft- 769 ietf-netmod-yang-tree-diagrams-02 (work in progress), 770 October 2017. 772 [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network 773 Address Translator (Traditional NAT)", RFC 3022, 774 DOI 10.17487/RFC3022, January 2001, 775 . 777 [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG 778 Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, 779 January 2011, . 781 [RFC6908] Lee, Y., Maglione, R., Williams, C., Jacquenet, C., and M. 782 Boucadair, "Deployment Considerations for Dual-Stack 783 Lite", RFC 6908, DOI 10.17487/RFC6908, March 2013, 784 . 786 [RFC7785] Vinapamula, S. and M. Boucadair, "Recommendations for 787 Prefix Binding in the Context of Softwire Dual-Stack 788 Lite", RFC 7785, DOI 10.17487/RFC7785, February 2016, 789 . 791 Appendix A. B4 Example 793 The following example shows a B4 element (2001:db8:0:1::1) that is 794 configured with an AFTR element (2001:db8:0:2::1). The B4 element is 795 also instructed to preserve the DSCP marking. 797 798 799 myB4 800 ianaift:tunnel 801 true 802 2001:db8:0:1::1 803 2001:db8:0:2::1 804 true 805 806 808 Appendix B. AFTR Examples 810 The following example shows an AFTR that is reachable at 811 2001:db8:0:2::1. Also, this XML snippet indicates that the AFTR is 812 provided with an IPv4 address (192.0.0.1) to be used for 813 troubleshooting purposes such as reporting problems to B4s. 815 Note that a subscriber is identified by a subscriber mask ([RFC7785]) 816 that can be configured by means of [I-D.ietf-opsawg-nat-yang]. 818 819 820 myAFTR 821 ianaift:tunnel 822 true 823 2001:db8:0:2::1 824 192.0.0.1 825 826 828 The following shows an XML excerpt depicting a dynamic UDP mapping 829 entry maintained by a DS-Lite AFTR for a packet received from the B4 830 element introduced in Appendix A. Concretely, this UDP packet 831 received with a source IPv6 address (2001:db8:0:1::1), a source IPv4 832 address (192.0.2.1), and source port number (1568) is translated into 833 a UDP packet having a source IPv4 address (198.51.100.1) and source 834 port number (15000). The remaining lifetime of this mapping is 300 835 seconds. 837 838 15 839 840 dynamic-explicit 841 842 843 17 844 845 846 847 2001:db8:0:1::1 848 849 850 851 192.0.2.1 852 853 854 855 1568 856 857 858 859 198.51.100.1 860 861 862 863 15000 864 865 866 867 300 868 869 871 Authors' Addresses 873 Mohamed Boucadair 874 Orange 875 Rennes 35000 876 France 878 EMail: mohamed.boucadair@orange.com 879 Christian Jacquenet 880 Orange 881 Rennes 35000 882 France 884 EMail: christian.jacquenet@orange.com 886 Senthil Sivakumar 887 Cisco Systems 888 7100-8 Kit Creek Road 889 Research Triangle Park, North Carolina 27709 890 USA 892 Phone: +1 919 392 5158 893 EMail: ssenthil@cisco.com