idnits 2.17.1 draft-ietf-softwire-dslite-yang-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 9, 2018) is 2298 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-17) exists of draft-ietf-opsawg-nat-yang-09 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) == Outdated reference: A later version (-21) exists of draft-ietf-netmod-acl-model-14 == Outdated reference: A later version (-06) exists of draft-ietf-netmod-yang-tree-diagrams-04 -- Obsolete informational reference (is this intentional?): RFC 6087 (Obsoleted by RFC 8407) Summary: 3 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Boucadair 3 Internet-Draft C. Jacquenet 4 Intended status: Standards Track Orange 5 Expires: July 13, 2018 S. Sivakumar 6 Cisco Systems 7 January 9, 2018 9 A YANG Data Module for Dual-Stack Lite (DS-Lite) 10 draft-ietf-softwire-dslite-yang-14 12 Abstract 14 This document defines a YANG module for the DS-Lite Address Family 15 Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements. 17 Editorial Note (To be removed by RFC Editor) 19 Please update these statements with the RFC number to be assigned to 20 this document: 22 o "This version of this YANG module is part of RFC XXXX;" 24 o "RFC XXXX: A YANG Data Module for Dual-Stack Lite (DS-Lite)"; 26 o "reference: RFC XXXX" 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on July 13, 2018. 45 Copyright Notice 47 Copyright (c) 2018 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 64 2. DS-Lite YANG Module: An Overview . . . . . . . . . . . . . . 4 65 3. DS-Lite YANG Module . . . . . . . . . . . . . . . . . . . . . 6 66 4. Security Considerations . . . . . . . . . . . . . . . . . . . 14 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 68 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 69 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 70 7.1. Normative references . . . . . . . . . . . . . . . . . . 16 71 7.2. Informative references . . . . . . . . . . . . . . . . . 17 72 Appendix A. B4 Example . . . . . . . . . . . . . . . . . . . . . 18 73 Appendix B. AFTR Examples . . . . . . . . . . . . . . . . . . . 18 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 76 1. Introduction 78 This document defines a data model for DS-Lite [RFC6333], using the 79 YANG data modeling language [RFC7950]. Both the Address Family 80 Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements 81 are covered by this specification. 83 As a reminder, Figure 1 illustrates an overview of the DS-Lite 84 architecture that involves AFTR and B4 elements. 86 +-----------+ 87 | Host | 88 +-----+-----+ 89 |192.0.2.1 90 | 91 | 92 |192.0.2.2 93 +---------|---------+ 94 | | | 95 | Home router | 96 |+--------+--------+| 97 || B4 || 98 |+--------+--------+| 99 +--------|||--------+ 100 |||2001:db8:0:1::1 101 ||| 102 |||<-IPv4-in-IPv6 softwire 103 ||| 104 -------|||------- 105 / ||| \ 106 | ISP core network | 107 \ ||| / 108 -------|||------- 109 ||| 110 |||2001:db8:0:2::1 111 +--------|||--------+ 112 | AFTR | 113 |+--------+--------+| 114 || Concentrator || 115 |+--------+--------+| 116 | |NAT| | 117 | +-+-+ | 118 +---------|---------+ 119 |198.51.100.1 120 | 121 --------|-------- 122 / | \ 123 | Internet | 124 \ | / 125 --------|-------- 126 | 127 |203.0.113.1 128 +-----+-----+ 129 | IPv4 Host | 130 +-----------+ 132 Figure 1: DS-Lite Base Architecture 134 DS-Lite deployment considerations are discussed in [RFC6908]. 136 This document follows the guidelines of [RFC6087], uses the common 137 YANG types defined in [RFC6991], and adopts the Network Management 138 Datastore Architecture (NMDA). 140 1.1. Terminology 142 This document makes use of the terms defined in Section 3 of 143 [RFC6333]. 145 The terminology for describing YANG data modules is defined in 146 [RFC7950]. 148 The meaning of the symbols in tree diagrams is defined in 149 [I-D.ietf-netmod-yang-tree-diagrams]. 151 2. DS-Lite YANG Module: An Overview 153 As shown in Figure 1: 155 o The AFTR element is a combination of an IPv4-in-IPv6 tunnel and a 156 NAPT function (Section 2.2 of [RFC3022]). 158 o The B4 element is an IPv4-in-IPv6 tunnel. 160 Therefore, the DS-Lite YANG module is designed to augment both the 161 Interfaces YANG module [RFC7223] and the NAT YANG module 162 [I-D.ietf-opsawg-nat-yang] with DS-Lite specific features. 164 The YANG "feature" statement is used to distinguish which of the DS- 165 Lite elements ('aftr' or 'b4') is relevant for a specific data node. 167 Concretely, the DS-Lite YANG module (Figure 2) augments the 168 Interfaces YANG module with the following: 170 o An IPv6 address used by the tunnel endpoint (AFTR or B4) for 171 sending and receiving IPv4-in-IPv6 packets (ipv6-address). 173 o An IPv4 address that is used by the tunnel endpoint (AFTR or B4) 174 for troubleshooting purposes (ipv4-address). 176 o An IPv6 address used by a B4 element to reach its AFTR (aftr- 177 ipv6-addr). 179 o The tunnel MTU used to avoid fragmentation (tunnel-mtu). 181 o A policy to instruct the tunnel endpoint (AFTR or B4) whether it 182 must preserve DSCP marking when encapsulating/decapsulating 183 packets (v6-v4-dscp-preservation). 185 In addition, the DS-Lite YANG module augments the NAT YANG module 186 (policy, in particular) with the following: 188 o A policy to limit the number of DS-Lite softwires per subscriber 189 (max-softwire-per-subscriber). 191 o A policy to instruct the AFTR whether a state can be automatically 192 migrated (state-migrate). 194 o Further, in order to prevent a denial-of-service by frequently 195 changing the source IPv6 address, 'b4-address-change-limit' is 196 used to rate-lmite such changes. 198 o An instruction to rewrite the TCP Maximum Segment Size (MSS) 199 option (mss-clamping) to avoid TCP fragmentation. 201 Given that the NAPT table of the AFTR element is extended to include 202 the source IPv6 address of incoming packets, the DS-Lite YANG module 203 augments the NAPT44 mapping-entry with the following: 205 o b4-ipv6-address which is used to record the source IPv6 address of 206 a packet received from a B4 element. This IPv6 address is 207 required to disambiguate between the overlapping IPv4 address 208 space of subscribers. 210 o The value of the Traffic Class field in the IPv6 header as 211 received from a B4 element (v6-dscp): This information is used to 212 preserve DSCP marking when encapsulating/decapsulationg at the 213 AFTR. 215 o The IPv4 DSCP marking of the IPv4 packet received from a B4 216 element (internal-v4-dscp): This information can be used by the 217 AFTR for setting the DSCP of packets relayed to a B4 element. 219 o The IPv4 DSCP marking as set by the AFTR in its external interface 220 (external-v4-dscp): An AFTR can be instructed to preserve the same 221 marking or to set it to another value when forwarding an IPv4 222 packet upstream. 224 Access Control List (ACL) and Quality of Service (QoS) policies 225 discussed in Section 2.5 of [RFC6908] are out of scope. A YANG 226 module for ACLs is documented in [I-D.ietf-netmod-acl-model]. 228 Likewise, PCP-related considerations discussed in Section 8.5 of 229 [RFC6333] are out of scope. A YANG module for PCP is documented in 230 [I-D.boucadair-pcp-yang]. 232 module: ietf-dslite 233 augment /if:interfaces/if:interface: 234 +--rw ipv6-address? inet:ipv6-address 235 +--rw ipv4-address? inet:ipv4-address 236 +--rw aftr-ipv6-addr? inet:ipv6-address {b4}? 237 +--rw tunnel-mtu? uint16 238 +--rw v6-v4-dscp-preservation? boolean 239 augment /nat:nat/nat:instances/nat:instance/nat:policy: 240 +--rw max-softwires-per-subscriber? uint8 {aftr}? 241 +--rw state-migrate? boolean {aftr}? 242 +--rw b4-address-change-limit? uint32 {aftr}? 243 +--rw mss-clamping {aftr}? 244 +--rw enable? boolean 245 +--rw mss-value? uint16 246 augment /nat:nat/nat:instances/nat:instance 247 /nat:mapping-table/nat:mapping-entry: 248 +--rw b4-ipv6-address {aftr}? 249 | +--rw address? inet:ipv6-address 250 | +--rw last-address-change? yang:date-and-time 251 +--rw v6-dscp? uint8 {aftr}? 252 +--rw internal-v4-dscp? uint8 {aftr}? 253 +--rw external-v4-dscp? uint8 {aftr}? 254 augment /nat:nat/nat:instances/nat:instance 255 /nat:statistics/nat:mappings-statistics: 256 +--ro active-softwires? yang:gauge32 {aftr}? 258 notifications: 259 +---n b4-address-change-limit-policy-violation {aftr}? 260 +--ro id -> /nat:nat/instances/instance/id 261 +--ro policy-id -> /nat:nat/instances/instance/policy/id 262 +--ro address inet:ipv6-address 264 Figure 2: YANG Module for DS-Lite 266 Examples to illustrate the use of this module are provided in 267 Appendix A and Appendix B. 269 3. DS-Lite YANG Module 271 file "ietf-dslite@2018-01-10.yang" 273 module ietf-dslite { 274 yang-version 1.1; 275 namespace "urn:ietf:params:xml:ns:yang:ietf-dslite"; 276 prefix dslite; 278 import ietf-inet-types { prefix inet; } 279 import ietf-interfaces { prefix if; } 280 import iana-if-type { prefix ianaift; } 281 import ietf-nat {prefix nat;} 282 import ietf-yang-types { prefix yang; } 284 organization "IETF Softwire Working Group"; 286 contact 288 "WG Web: 289 WG List: 291 Editor: Mohamed Boucadair 292 294 Editor: Christian Jacquenet 295 297 Editor: Senthil Sivakumar 298 "; 300 description 301 "This module is a YANG module for DS-Lite AFTR and B4 302 implementations. 304 Copyright (c) 2017 IETF Trust and the persons identified as 305 authors of the code. All rights reserved. 307 Redistribution and use in source and binary forms, with or 308 without modification, is permitted pursuant to, and subject 309 to the license terms contained in, the Simplified BSD License 310 set forth in Section 4.c of the IETF Trust's Legal Provisions 311 Relating to IETF Documents 312 (http://trustee.ietf.org/license-info). 314 This version of this YANG module is part of RFC XXXX; see 315 the RFC itself for full legal notices."; 317 revision 2018-01-10 { 318 description 319 "Initial revision."; 320 reference 321 "RFC XXXX: A YANG Data Module for Dual-Stack Lite (DS-Lite)"; 322 } 324 /* 325 * Features 326 */ 328 feature b4 { 329 description 330 "The B4 element is a function implemented on a dual-stack-capable 331 node, either a directly connected device or a CPE, that creates 332 a tunnel to an AFTR."; 333 reference 334 "Section 5 of RFC 6333."; 335 } 337 feature aftr { 338 description 339 "An AFTR element is the combination of an IPv4-in-IPv6 tunnel 340 endpoint and an IPv4-IPv4 NAT implemented on the same node."; 341 reference 342 "Section 6 of RFC 6333."; 343 } 345 /* 346 * Augments 347 */ 349 augment "/if:interfaces/if:interface" { 350 when 'derived-from(if:type, "ianaift:tunnel")'; 351 description 352 "Augments Interface module with DS-Lite parameters. 354 IANA interface types are maintained at this registry: 355 https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib. 357 tunnel (131), -- Encapsulation interface"; 359 leaf ipv6-address { 360 type inet:ipv6-address; 361 description 362 "IPv6 address of the local DS-Lite endpoint (AFTR or B4)."; 363 reference 364 "RFC 6333: Dual-Stack Lite Broadband Deployments Following 365 IPv4 Exhaustion"; 366 } 368 leaf ipv4-address { 369 type inet:ipv4-address; 370 description 371 "IPv4 address of the local DS-Lite AFTR or B4. 373 192.0.0.1 is reserved for the AFTR element, while 374 192.0.0.0/29 is reserved for the B4 element. 376 This address can be used to report ICMP problems and will 377 appear in traceroute outputs."; 378 reference 379 "RFC 6333: Dual-Stack Lite Broadband Deployments Following 380 IPv4 Exhaustion"; 381 } 383 leaf aftr-ipv6-addr { 384 if-feature b4; 385 type inet:ipv6-address; 386 description 387 "Indicates the AFTR's IPv6 address to be used by a B4 element."; 388 reference 389 "RFC 6333: Dual-Stack Lite Broadband Deployments Following 390 IPv4 Exhaustion"; 391 } 393 leaf tunnel-mtu { 394 type uint16; 395 description 396 "Configures a tunnel MTU. 398 [RFC6908] specifies that since fragmentation and reassembly 399 is not optimal, the operator should do everything possible 400 to eliminate the need for it. If the operator uses simple 401 IPv4-in-IPv6 softwire, it is recommended that the MTU size 402 of the IPv6 network between the B4 and the AFTR accounts for 403 the additional overhead (40 bytes)."; 404 reference 405 "RFC 6908: Deployment Considerations for Dual-Stack Lite"; 406 } 408 leaf v6-v4-dscp-preservation { 409 type boolean; 410 description 411 "Copies the DSCP value from the IPv6 header and vice versa. 413 According to Section 2.10 of [RFC6908], operators should 414 use this model by provisioning the network such that the 415 AFTR/B4 copies the DSCP value in the IPv4 header to 416 the Traffic Class field in the IPv6 header, after the 417 encapsulation for the downstream traffic."; 418 reference 419 "Section 2.10 of RFC 6908."; 420 } 422 } 424 augment "/nat:nat/nat:instances/nat:instance/nat:policy" { 425 when "derived-from-or-self(/nat:nat/nat:instances/nat:instance/" + 426 "nat:type, 'nat:napt44')" + 427 " and /nat:nat/nat:instances/nat:instance/" + 428 "nat:per-interface-binding='dslite'"; 429 if-feature aftr; 430 description 431 "Augments the NAPT44 module with AFTR parameters."; 433 leaf max-softwires-per-subscriber { 434 type uint8; 435 default 1; 436 description 437 "Configures the maximum softwires per subscriber feature. 439 A subscriber is uniquely identified by means 440 of a subscriber mask (subscriber-mask-v6). 442 This policy aims to prevent a misbehaving subscriber from 443 mounting several DS-Lite softwires that would consume 444 additional AFTR resources (e.g., get more external ports 445 if the quota were enforced on a per-softwire basis, 446 consume extra processing due to a large number of active 447 softwires)."; 449 reference 450 "Section 4 of RFC 7785."; 451 } 453 leaf state-migrate { 454 type boolean; 455 default true; 456 description 457 "State migration is enabled by default. 459 In the event a new IPv6 address is assigned to the B4 element, 460 the AFTR should migrate existing state to be bound to the new 461 IPv6 address. This operation ensures that traffic destined to 462 the previous B4's IPv6 address will be redirected to the newer 463 B4's IPv6 address. The destination IPv6 address for tunneling 464 return traffic from the AFTR should be the last seen as the 465 B4's IPv6 source address from the user device (e.g., CPE). 467 The AFTR uses the subscriber-mask-v6 to determine whether two 468 IPv6 addresses belong to the same CPE (e.g., if the 469 subscriber-mask-v6 is set to 56, the AFTR concludes that 470 2001:db8:100:100::1 and 2001:db8:100:100::2 belong to the same 471 CPE assigned with 2001:db8:100:100::/56)."; 473 reference 474 "RFC 7785: Recommendations for Prefix Binding in the Context 475 of Softwire Dual-Stack Lite"; 476 } 478 leaf b4-address-change-limit { 479 type uint32; 480 units "seconds"; 481 default '1800'; 482 description 483 "Minimum number of seconds between successive B4's IPv6 address 484 change from the same prefix. 486 Changing the source B4's IPv6 address may be used as an attack 487 vector. Packets with a new B4's IPv6 address from the same 488 prefix should be rate-limited. 490 It is recommended to set this rate limit to 30 minutes; other 491 values can be set on a per-deployment basis."; 493 reference 494 "RFC 7785: Recommendations for Prefix Binding in the Context 495 of Softwire Dual-Stack Lite"; 496 } 498 container mss-clamping { 499 description 500 "MSS rewriting configuration to avoid IPv6 fragmentation."; 502 leaf enable { 503 type boolean; 504 description 505 "Enable/disable MSS rewriting feature."; 506 } 508 leaf mss-value { 509 type uint16; 510 units "octets"; 511 description 512 "Sets the MSS value to be used for MSS rewriting."; 513 } 514 } 515 } 517 augment "/nat:nat/nat:instances/nat:instance/"+ 518 "nat:mapping-table/nat:mapping-entry" { 519 when "derived-from-or-self(/nat:nat/nat:instances/nat:instance/" + 520 "nat:type, 'nat:napt44')" + 521 " and /nat:nat/nat:instances/nat:instance/" + 522 "nat:per-interface-binding='dslite'"; 523 if-feature aftr; 524 description 525 "Augments the NAPT44 mapping table with DS-Lite specifics."; 527 container b4-ipv6-address { 528 description 529 "Records the IPv6 address used by a B4 element and the last 530 time that address changed."; 532 leaf address { 533 type inet:ipv6-address; 534 description 535 "Corresponds to the IPv6 address used by a B4 element."; 536 reference 537 "RFC 6333: Dual-Stack Lite Broadband Deployments Following 538 IPv4 Exhaustion"; 539 } 541 leaf last-address-change { 542 type yang:date-and-time; 543 description 544 "Records the last time when the address changed."; 545 } 546 } 548 leaf v6-dscp { 549 when "/if:interfaces/if:interface/" + 550 "dslite:v6-v4-dscp-preservation='true'"; 551 type uint8; 552 description 553 "DSCP value used at the softwire level (i.e., IPv6 header)."; 554 } 556 leaf internal-v4-dscp { 557 when "/if:interfaces/if:interface/" + 558 "dslite:v6-v4-dscp-preservation='true'"; 559 type uint8; 560 description 561 "DSCP value of the encapsulated IPv4 packet."; 562 } 564 leaf external-v4-dscp { 565 when "/if:interfaces/if:interface/" + 566 "dslite:v6-v4-dscp-preservation='true'"; 567 type uint8; 568 description 569 "DSCP value of the translated IPv4 packet as marked by 570 the AFTR."; 571 } 572 } 574 augment "/nat:nat/nat:instances/nat:instance/nat:statistics/" + 575 "nat:mappings-statistics" { 576 if-feature aftr; 577 description 578 "Indicates the number of active softwires."; 580 leaf active-softwires{ 581 type yang:gauge32; 582 description 583 "The number of currently active softwires on the AFTR 584 instance."; 585 } 586 } 588 /* 589 * Notifications 590 */ 592 notification b4-address-change-limit-policy-violation { 593 if-feature aftr; 594 description 595 "Generates notifications when a B4 unsuccessfully attempts 596 to change IPv6 address in a time shorter than the value of 597 b4-address-change-limit. 599 Notifications are rate-limited (notify-interval)."; 601 leaf id { 602 type leafref { 603 path "/nat:nat/nat:instances/nat:instance/nat:id"; 604 } 605 mandatory true; 606 description 607 "NAT instance identifier."; 608 } 610 leaf policy-id { 611 type leafref { 612 path "/nat:nat/nat:instances/nat:instance/nat:policy/nat:id"; 613 } 614 mandatory true; 615 description 616 "Policy Identifier."; 617 } 619 leaf address { 620 type inet:ipv6-address; 621 mandatory true; 622 description 623 "B4's IPv6 address."; 624 } 625 } 626 } 627 629 4. Security Considerations 631 The YANG module defined in this document is designed to be accessed 632 via network management protocols such as NETCONF [RFC6241] or 633 RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport 634 layer, and the mandatory-to-implement secure transport is Secure 635 Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the 636 mandatory-to-implement secure transport is TLS [RFC5246]. 638 The NETCONF access control model [RFC6536] provides the means to 639 restrict access for particular NETCONF or RESTCONF users to a 640 preconfigured subset of all available NETCONF or RESTCONF protocol 641 operations and content. 643 All data nodes defined in the YANG module which can be created, 644 modified and deleted (i.e., config true, which is the default) are 645 considered sensitive. Write operations (e.g., edit-config) applied 646 to these data nodes without proper protection can negatively affect 647 network operations. An attacker who is able to access to the B4/AFTR 648 can undertake various attacks, such as: 650 o Set the value of 'aftr-ipv6-addr' on the B4 to point to an 651 illegitimate AFTR so that it can intercept all the traffic sent by 652 a B4. Illegitimately intercepting users' traffic is a attack with 653 severe implications on privacy. 655 o Set the MTU to a low value which may increase the number of 656 fragments ('tunnel-mtu' for both B4 and AFTR). 658 o Set 'max-softwire-per-subscriber' to an arbitrary high value, 659 which will be exploited by a misbehaving user to grab more 660 resources (by mounting as many softwires as required to get more 661 external IP addresses/ports) or to perform a Denial-of-Service on 662 the AFTR by mounting a massive number of softwires. 664 o Set 'state-migrate' to 'false' on the AFTR. This action may lead 665 to a service degradation for the users. 667 o Set 'b4-address-change-limit" to an arbitrary low value can ease 668 DoS attacks based on frequent change of B4 IPv6 address. 670 o Set 'v6-v4-dscp-preservation' to 'false" may lead to a service 671 degradation if some policies are applied on the network based on 672 the DSCP value. 674 Additional security considerations are discussed in 675 [I-D.ietf-opsawg-nat-yang]. 677 Security considerations related to DS-Lite are discussed in 678 [RFC6333]. 680 5. IANA Considerations 682 This document requests IANA to register the following URI in the 683 "IETF XML Registry" [RFC3688]: 685 URI: urn:ietf:params:xml:ns:yang:ietf-dslite 686 Registrant Contact: The IESG. 687 XML: N/A; the requested URI is an XML namespace. 689 This document requests IANA to register the following YANG module in 690 the "YANG Module Names" registry [RFC7950]. 692 name: ietf-dslite 693 namespace: urn:ietf:params:xml:ns:yang:ietf-dslite 694 prefix: dslite 695 reference: RFC XXXX 697 6. Acknowledgements 699 Thanks to Qin Wu, Benoit Claise, and Andy Bierman who helped for 700 identifying compiling errors. Mahesh Jethanandani provided an early 701 yangdoctors review; many thanks to him. 703 Many thanks to Ian Farrer for the review and comments. 705 7. References 707 7.1. Normative references 709 [I-D.ietf-opsawg-nat-yang] 710 Boucadair, M., Sivakumar, S., Jacquenet, C., Vinapamula, 711 S., and Q. Wu, "A YANG Data Model for Network Address 712 Translation (NAT) and Network Prefix Translation (NPT)", 713 draft-ietf-opsawg-nat-yang-09 (work in progress), November 714 2017. 716 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 717 DOI 10.17487/RFC3688, January 2004, 718 . 720 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 721 (TLS) Protocol Version 1.2", RFC 5246, 722 DOI 10.17487/RFC5246, August 2008, 723 . 725 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 726 and A. Bierman, Ed., "Network Configuration Protocol 727 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 728 . 730 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 731 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 732 . 734 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 735 Stack Lite Broadband Deployments Following IPv4 736 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 737 . 739 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 740 Protocol (NETCONF) Access Control Model", RFC 6536, 741 DOI 10.17487/RFC6536, March 2012, 742 . 744 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 745 RFC 6991, DOI 10.17487/RFC6991, July 2013, 746 . 748 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 749 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 750 . 752 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 753 RFC 7950, DOI 10.17487/RFC7950, August 2016, 754 . 756 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 757 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 758 . 760 7.2. Informative references 762 [I-D.boucadair-pcp-yang] 763 Boucadair, M., Jacquenet, C., Sivakumar, S., and S. 764 Vinapamula, "YANG Modules for the Port Control Protocol 765 (PCP)", draft-boucadair-pcp-yang-05 (work in progress), 766 October 2017. 768 [I-D.ietf-netmod-acl-model] 769 Jethanandani, M., Huang, L., Agarwal, S., and D. Blair, 770 "Network Access Control List (ACL) YANG Data Model", 771 draft-ietf-netmod-acl-model-14 (work in progress), October 772 2017. 774 [I-D.ietf-netmod-yang-tree-diagrams] 775 Bjorklund, M. and L. Berger, "YANG Tree Diagrams", draft- 776 ietf-netmod-yang-tree-diagrams-04 (work in progress), 777 December 2017. 779 [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network 780 Address Translator (Traditional NAT)", RFC 3022, 781 DOI 10.17487/RFC3022, January 2001, 782 . 784 [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG 785 Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, 786 January 2011, . 788 [RFC6908] Lee, Y., Maglione, R., Williams, C., Jacquenet, C., and M. 789 Boucadair, "Deployment Considerations for Dual-Stack 790 Lite", RFC 6908, DOI 10.17487/RFC6908, March 2013, 791 . 793 [RFC7785] Vinapamula, S. and M. Boucadair, "Recommendations for 794 Prefix Binding in the Context of Softwire Dual-Stack 795 Lite", RFC 7785, DOI 10.17487/RFC7785, February 2016, 796 . 798 Appendix A. B4 Example 800 The following example shows a B4 element (2001:db8:0:1::1) that is 801 configured with an AFTR element (2001:db8:0:2::1). The B4 element is 802 also instructed to preserve the DSCP marking. 804 805 806 myB4 807 ianaift:tunnel 808 true 809 810 2001:db8:0:1::1 811 812 813 2001:db8:0:2::1 814 815 816 true 817 818 819 821 Appendix B. AFTR Examples 823 The following example shows an AFTR that is reachable at 824 2001:db8:0:2::1. Also, this XML snippet indicates that the AFTR is 825 provided with an IPv4 address (192.0.0.1) to be used for 826 troubleshooting purposes such as reporting problems to B4s. 828 Note that a subscriber is identified by a subscriber mask ([RFC7785]) 829 that can be configured by means of [I-D.ietf-opsawg-nat-yang]. 831 832 833 myAFTR 834 ianaift:tunnel 835 true 836 2001:db8:0:2::1 837 192.0.0.1 838 839 841 The following shows an XML excerpt depicting a dynamic UDP mapping 842 entry maintained by a DS-Lite AFTR for a packet received from the B4 843 element introduced in Appendix A. Concretely, this UDP packet 844 received with a source IPv6 address (2001:db8:0:1::1), a source IPv4 845 address (192.0.2.1), and source port number (1568) is translated into 846 a UDP packet having a source IPv4 address (198.51.100.1) and source 847 port number (15000). The remaining lifetime of this mapping is 300 848 seconds. 850 851 15 852 853 dynamic-explicit 854 855 856 17 857 858 859 860 2001:db8:0:1::1 861 862 863 864 192.0.2.1 865 866 867 868 1568 869 870 871 872 198.51.100.1 873 874 875 876 15000 877 878 879 880 300 881 882 884 Authors' Addresses 886 Mohamed Boucadair 887 Orange 888 Rennes 35000 889 France 891 EMail: mohamed.boucadair@orange.com 892 Christian Jacquenet 893 Orange 894 Rennes 35000 895 France 897 EMail: christian.jacquenet@orange.com 899 Senthil Sivakumar 900 Cisco Systems 901 7100-8 Kit Creek Road 902 Research Triangle Park, North Carolina 27709 903 USA 905 Phone: +1 919 392 5158 906 EMail: ssenthil@cisco.com