idnits 2.17.1 draft-ietf-softwire-yang-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 270 has weird spacing: '...-prefix ine...' == Line 271 has weird spacing: '...-prefix ine...' == Line 317 has weird spacing: '...-change ine...' == Line 490 has weird spacing: '...-prefix ine...' == Line 491 has weird spacing: '...-prefix ine...' -- The document date (January 15, 2019) is 1928 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC6020' is defined on line 2030, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'TUNNELTYPE-IANA-REGISTRY' Summary: 0 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire Working Group I. Farrer, Ed. 3 Internet-Draft Deutsche Telekom AG 4 Intended status: Standards Track M. Boucadair, Ed. 5 Expires: July 19, 2019 Orange 6 January 15, 2019 8 YANG Modules for IPv4-in-IPv6 Address plus Port (A+P) Softwires 9 draft-ietf-softwire-yang-15 11 Abstract 13 This document defines YANG modules for the configuration and 14 operation of IPv4-in-IPv6 softwire Border Relays and Customer 15 Premises Equipment for the Lightweight 4over6, Mapping of Address and 16 Port with Encapsulation (MAP-E), and Mapping of Address and Port 17 using Translation (MAP-T) softwire mechanisms. 19 Editorial Note (To be removed by RFC Editor) 21 Please update these statements within this document with the RFC 22 number to be assigned to this document: 24 o "This version of this YANG module is part of RFC XXXX;" 26 o "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 27 Softwires"; 29 o "reference: RFC XXXX" 31 Please update the "revision" date of the YANG modules. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on July 19, 2019. 50 Copyright Notice 52 Copyright (c) 2019 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. Overview of the Modules . . . . . . . . . . . . . . . . . . . 4 70 3.1. Overall Structure . . . . . . . . . . . . . . . . . . . . 4 71 3.2. Additional Components Configuration . . . . . . . . . . . 5 72 4. Softwire CE YANG Tree Diagram . . . . . . . . . . . . . . . . 5 73 4.1. CE Tree Diagram . . . . . . . . . . . . . . . . . . . . . 6 74 4.2. Softwire CE Tree Diagram Description . . . . . . . . . . 7 75 5. Softwire BR YANG Tree Diagram . . . . . . . . . . . . . . . . 9 76 5.1. BR Tree Diagram . . . . . . . . . . . . . . . . . . . . . 9 77 5.2. Softwire BR Tree Diagram Description . . . . . . . . . . 12 78 6. Softwire CE YANG Module . . . . . . . . . . . . . . . . . . . 13 79 7. BR Softwire YANG Module . . . . . . . . . . . . . . . . . . . 18 80 8. Common Softwire Element Groups YANG Module . . . . . . . . . 31 81 9. Security Considerations . . . . . . . . . . . . . . . . . . . 39 82 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 83 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 41 84 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 42 85 13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 42 86 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 43 87 14.1. Normative References . . . . . . . . . . . . . . . . . . 43 88 14.2. Informative References . . . . . . . . . . . . . . . . . 44 89 Appendix A. Configuration Examples . . . . . . . . . . . . . . . 46 90 A.1. Configuration Example for a lw4o6 BR Binding-Table . . . 46 91 A.2. Configuration Example for a MAP-E BR . . . . . . . . . . 47 92 A.3. lw4o6 CE Configuration Example . . . . . . . . . . . . . 48 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 52 95 1. Introduction 97 The IETF Softwire working group has developed several IPv4-in-IPv6 98 softwire mechanisms to address various deployment contexts and 99 constraints. As a companion to the architectural specification 100 documents, this document focuses on the provisioning of address plus 101 port (A+P) softwire functional elements: Border Routers (BRs) and 102 Customer Premises Equipment (CEs, a.k.a., CPE). The softwire 103 mechanisms covered in this document are Lightweight 4 over 6 (lw4o6) 104 [RFC7596], Mapping of Address and Port with Encapsulation (MAP-E) 105 [RFC7597], and Mapping of Address and Port using Translation (MAP-T) 106 [RFC7599]. 108 This document focuses on A+P mechanisms [RFC6346]; the reader can 109 refer to [I-D.ietf-softwire-dslite-yang] for a YANG module for DS- 110 Lite [RFC6333]. 112 This document defines YANG modules [RFC7950] that can be used to 113 configure and manage A+P softwire elements using the NETCONF 114 [RFC6241], or RESTCONF [RFC8040] protocols for: 116 o Configuration 118 o Operational State 120 o Notifications 122 2. Terminology 124 The reader should be familiar with the concepts and terms defined in 125 [RFC7596], [RFC7597], [RFC7599], and the YANG data modelling language 126 defined in [RFC7950]. 128 The YANG modules in this document adopt the Network Management 129 Datastore Architecture (NMDA) [RFC8342]. The meanings of the symbols 130 used in tree diagrams are defined in [RFC8340]. 132 The document uses the abbrieviation 'BR' as a general term for 133 softwire tunnel concentrators, including both MAP Border Routers 134 [RFC7597] and Lightweight 4over6 lWAFTRs [RFC7596]. 136 For brevity, "algorithm" is used to refer to the "mapping algorithm" 137 defined in [RFC7597]. 139 A network element may support one or multiple instances of a softwire 140 mechanism; each of these instances (i.e., binding instances, MAP-E 141 instances, or MAP-T instances) may have its own configuration and 142 parameters. The term 'algo-instance' is used to denote both MAP-E 143 and MAP-T instances. 145 3. Overview of the Modules 147 3.1. Overall Structure 149 The document defines the following two YANG modules for the 150 configuration and monitoring of softwire functional elements: 152 ietf-softwire-ce Provides configuration and monitoring for 153 softwire CE element. This module is defined as 154 augments to the interface YANG module 155 [RFC8343]. 157 ietf-softwire-br Provides configuration and monitoring for 158 softwire BR element. 160 In addition, the following module is defined: 162 ietf-softwire-common Contains groups of common functions that are 163 imported into the CE and BR modules. 165 This approach has been taken so that the various modules can be 166 easily extended to support additional softwire mechanisms, if 167 required. 169 Within the BR and CE modules, the YANG "feature" statement is used to 170 distinguish which of the different softwire mechanism(s) is relevant 171 for a specific element's configuration. For each module, a choice 172 statement 'ce-type' is included for either 'binding' or 'algorithm'. 173 'Binding' is used for configuring Lightweight 4over6, whereas 174 'algorithm' is used for configuring MAP-T or MAP-E. 176 In the 'algo-instances' container, a choice statement 'data-plane' is 177 included to specify MAP-E (encapsulation) or MAP-T (translation). 178 Table 1 shows how these choices are used to indicate the desired 179 softwire mechanism: 181 +--------------------+-----------+---------------+ 182 | S46 Mechanism | ce-type? | data-plane? | 183 +--------------------+-----------+---------------+ 184 | Lightweight 4over6 | binding | n/a | 185 | MAP-E | algorithm | encapsulation | 186 | MAP-T | algorithm | translation | 187 +--------------------+-----------+---------------+ 189 Table 1: Softwire Mechanism Choice Statement Enumeration 191 NETCONF notifications are also included. 193 Note: Earlier versions of this specification combined the softwire 194 mechanisms by their associated technologies rather than their 195 function in the architecture. As the document was revised, it 196 became apparent that dividing the modules by their role in the 197 architecture (CE or BR) was a better approach as this follows the 198 intended function and existing implementation approaches more 199 closely. 201 3.2. Additional Components Configuration 203 The softwire modules only aim to provide configuration relevant for 204 softwires. In order to fully provision a CE element, the following 205 may also be necessary: 207 o IPv6 forwarding and routing configuration, enabling the CE to 208 obtain one or more IPv6 prefixes for softwire usage. A YANG 209 module for routing management is described in [RFC8349]. 211 o IPv4 routing configuration, to add one or more IPv4 destination 212 prefix(es) reachable via the configured softwire. A YANG module 213 for routing management is described in [RFC8349]. 215 o Stateful NAT44/NAPT management, to optionally specify a port set 216 (Port Set Identifier (PSID)) along with its length. A YANG module 217 for NAT management is described in [I-D.ietf-opsawg-nat-yang]. 219 o Stateless NAT46 management, required by softwire translation based 220 mechanisms (i.e., the assignment of a Network-Specific Prefix to 221 use for IPv4/IPv6 translation). A YANG module for NAT management 222 is described in [I-D.ietf-opsawg-nat-yang]. 224 As YANG modules for the above functions are already defined in other 225 documents, their functionality is not duplicated here and they should 226 be referred to, as needed. Appendix A.3 provides XML examples of how 227 these modules can be used together. 229 The CE must already have minimal IPv6 configuration in place so it is 230 reachable by the NETCONF client to obtain softwire configuration. If 231 additional IPv6 specific configuration is necessary, the YANG modules 232 defined in [RFC8344] and [RFC8349] may be used. 234 4. Softwire CE YANG Tree Diagram 235 4.1. CE Tree Diagram 237 The CE module provides configuration and monitoring for all of the 238 softwire mechanisms covered in this document (i.e., Lightweight 239 4over6, MAP-E, and MAP-T). 241 This module augments "ietf-interfaces", defined in [RFC8343] with an 242 entry for the softwire. This entry can be referenced to configure 243 IPv4 forwarding features for the element. This entry is added only 244 if tunnel type (Section 10) is set to 'aplusp'. 246 Figure 1 shows the tree structure of the softwire CE YANG module: 248 module: ietf-softwire-ce 249 augment /if:interfaces/if:interface: 250 +--rw softwire-payload-mtu? uint16 251 +--rw softwire-path-mru? uint16 252 +--rw (ce-type)? 253 +--:(binding) {binding-mode}? 254 | +--rw binding-ipv6info? union 255 | +--rw br-ipv6-addr inet:ipv6-address 256 +--:(algo) {map-e or map-t}? 257 +--rw algo-instances 258 +--rw algo-instance* [name] 259 +--rw name string 260 +--rw enable? boolean 261 +--rw algo-versioning 262 | +--rw version? uint64 263 | +--rw date? yang:date-and-time 264 +--rw (data-plane)? 265 | +--:(encapsulation) {map-e}? 266 | | +--rw br-ipv6-addr inet:ipv6-address 267 | +--:(translation) {map-t}? 268 | +--rw dmr-ipv6-prefix? inet:ipv6-prefix 269 +--rw ea-len uint8 270 +--rw rule-ipv6-prefix inet:ipv6-prefix 271 +--rw rule-ipv4-prefix inet:ipv4-prefix 272 +--rw forwarding boolean 273 augment /if:interfaces/if:interface/if:statistics: 274 +--ro sent-ipv4-packets? 275 | yang:zero-based-counter64 276 +--ro sent-ipv4-bytes? 277 | yang:zero-based-counter64 278 +--ro sent-ipv6-packets? 279 | yang:zero-based-counter64 280 +--ro sent-ipv6-bytes? 281 | yang:zero-based-counter64 282 +--ro rcvd-ipv4-packets? 283 | yang:zero-based-counter64 284 +--ro rcvd-ipv4-bytes? 285 | yang:zero-based-counter64 286 +--ro rcvd-ipv6-packets? 287 | yang:zero-based-counter64 288 +--ro rcvd-ipv6-bytes? 289 | yang:zero-based-counter64 290 +--ro dropped-ipv4-packets? 291 | yang:zero-based-counter64 292 +--ro dropped-ipv4-bytes? 293 | yang:zero-based-counter64 294 +--ro dropped-ipv6-packets? 295 | yang:zero-based-counter64 296 +--ro dropped-ipv6-bytes? 297 | yang:zero-based-counter64 298 +--ro dropped-ipv4-fragments? 299 | yang:zero-based-counter64 300 +--ro dropped-ipv4-fragment-bytes? 301 | yang:zero-based-counter64 302 +--ro ipv6-fragments-reassembled? 303 | yang:zero-based-counter64 304 +--ro ipv6-fragments-bytes-reassembled? 305 | yang:zero-based-counter64 306 +--ro out-icmpv4-error-packets? 307 | yang:zero-based-counter64 308 +--ro out-icmpv4-error-bytes? 309 | yang:zero-based-counter64 310 +--ro out-icmpv6-error-packets? 311 | yang:zero-based-counter64 312 +--ro out-icmpv6-error-bytes? 313 yang:zero-based-counter64 315 notifications: 316 +---n softwire-ce-event {binding-mode}? 317 +--ro ce-binding-ipv6-addr-change inet:ipv6-address 319 Figure 1: Softwire CE YANG Tree Diagram 321 4.2. Softwire CE Tree Diagram Description 323 Additional information related to the operation of a CE element is 324 provided below: 326 o softwire-payload-mtu: optionally used to set the IPv4 MTU for the 327 softwire. Needed if the softwire implementation is unable to 328 correctly calculate the correct IPv4 Maximum Transit Unit (MTU) 329 size automatically. 331 o softwire-path-mru: optionally used to set the maximum IPv6 332 softwire packet size that can be received, including the 333 encapsulation/translation overhead. Needed if the softwire 334 implementation is unable to correctly calculate the correct IPv4 335 payload Maximum Receive Unit (MRU) size automatically (see 336 Section 3.2 of [RFC4213]). 338 o ce-type: provides a choice statement allowing the binding or 339 algorithmic softwire mechanisms to be selected. 341 Further details relevant to binding softwire elements are: 343 o binding-ipv6info: used to set the IPv6 binding prefix type to 344 identify which IPv6 address to use as the tunnel source. It can 345 be 'ipv6-prefix' or 'ipv6-address'. 347 o br-ipv6-addr: sets the IPv6 address of the remote BR. 349 Additional details relevant to some of the important algorithmic 350 elements are provided below: 352 o algo-versioning: optionally used to associate a version number 353 and/or timestamp to the algorithm. This can be used for logging/ 354 data retention purposes [RFC7422]. The version number is selected 355 to uniquely identify the algorithm configuration and a new value 356 written whenever a change is made to the algorithm or a new algo- 357 instance is created. 359 o forwarding: specifies whether the rule can be used as a Forward 360 Mapping Rule (FMR). If not set, this rule is a Basic Mapping Rule 361 (BMR) only and must not be used for forwarding. Refer to 362 Section 4.1 of [RFC7598]. 364 o ea-len: used to set the length of the Embedded-Address (EA), which 365 is defined in the mapping rule for a MAP domain. 367 o data-plane: provides a choice statement for either encapsulation 368 (MAP-E) or translation (MAP-T). 370 o br-ipv6-addr: defines the IPv6 address of the BR. This 371 information is valid for MAP-E. 373 o dmr-ipv6-prefix: defines the Default Mapping Rule (DMR) IPv6 374 prefix of the BR. This information is valid for MAP-T. 376 Additional information on the notification node is listed below: 378 o ce-binding-ipv6-addr-change: if the CE's binding IPv6 address 379 changes for any reason, the NETCONF client will be notified. 381 5. Softwire BR YANG Tree Diagram 383 5.1. BR Tree Diagram 385 The BR YANG module provides configuration and monitoring for all of 386 the softwire mechanisms covered in this document (i.e., Lightweight 387 4over6, MAP-E, and MAP-T). 389 Figure 2 provides the tree structure of this module: 391 module: ietf-softwire-br 392 +--rw br-instances 393 +--rw (br-type)? 394 +--:(binding) {binding-mode}? 395 | +--rw binding 396 | +--rw bind-instance* [name] 397 | +--rw name string 398 | +--rw binding-table-versioning 399 | | +--rw version? uint64 400 | | +--rw date? yang:date-and-time 401 | +--rw softwire-num-max uint32 402 | +--rw softwire-payload-mtu uint16 403 | +--rw softwire-path-mru uint16 404 | +--rw enable-hairpinning? boolean 405 | +--rw binding-table 406 | | +--rw binding-entry* [binding-ipv6info] 407 | | +--rw binding-ipv6info union 408 | | +--rw binding-ipv4-addr? 409 | | | inet:ipv4-address 410 | | +--rw port-set 411 | | | +--rw psid-offset? uint8 412 | | | +--rw psid-len uint8 413 | | | +--rw psid uint16 414 | | +--rw br-ipv6-addr? 415 | | inet:ipv6-address 416 | +--rw icmp-policy 417 | | +--rw icmpv4-errors 418 | | | +--rw allow-incoming-icmpv4? boolean 419 | | | +--rw icmpv4-rate? uint32 420 | | | +--rw generate-icmpv4-errors? boolean 421 | | +--rw icmpv6-errors 422 | | +--rw generate-icmpv6-errors? boolean 423 | | +--rw icmpv6-rate? uint32 424 | +--ro traffic-stat 425 | +--ro discontinuity-time yang:date-and-time 426 | +--ro sent-ipv4-packets? 427 | | yang:zero-based-counter64 428 | +--ro sent-ipv4-bytes? 429 | | yang:zero-based-counter64 430 | +--ro sent-ipv6-packets? 431 | | yang:zero-based-counter64 432 | +--ro sent-ipv6-bytes? 433 | | yang:zero-based-counter64 434 | +--ro rcvd-ipv4-packets? 435 | | yang:zero-based-counter64 436 | +--ro rcvd-ipv4-bytes? 437 | | yang:zero-based-counter64 438 | +--ro rcvd-ipv6-packets? 439 | | yang:zero-based-counter64 440 | +--ro rcvd-ipv6-bytes? 441 | | yang:zero-based-counter64 442 | +--ro dropped-ipv4-packets? 443 | | yang:zero-based-counter64 444 | +--ro dropped-ipv4-bytes? 445 | | yang:zero-based-counter64 446 | +--ro dropped-ipv6-packets? 447 | | yang:zero-based-counter64 448 | +--ro dropped-ipv6-bytes? 449 | | yang:zero-based-counter64 450 | +--ro dropped-ipv4-fragments? 451 | | yang:zero-based-counter64 452 | +--ro dropped-ipv4-fragment-bytes? 453 | | yang:zero-based-counter64 454 | +--ro ipv6-fragments-reassembled? 455 | | yang:zero-based-counter64 456 | +--ro ipv6-fragments-bytes-reassembled? 457 | | yang:zero-based-counter64 458 | +--ro out-icmpv4-error-packets? 459 | | yang:zero-based-counter64 460 | +--ro out-icmpv4-error-bytes? 461 | | yang:zero-based-counter64 462 | +--ro out-icmpv6-error-packets? 463 | | yang:zero-based-counter64 464 | +--ro out-icmpv6-error-bytes? 465 | | yang:zero-based-counter64 466 | +--ro dropped-icmpv4-packets? 467 | | yang:zero-based-counter64 468 | +--ro dropped-icmpv4-bytes? 469 | | yang:zero-based-counter64 470 | +--ro hairpin-ipv4-packets? 471 | | yang:zero-based-counter64 472 | +--ro hairpin-ipv4-bytes? 473 | | yang:zero-based-counter64 474 | +--ro active-softwire-num? 475 | uint32 476 +--:(algo) {map-e or map-t}? 477 +--rw algorithm 478 +--rw algo-instance* [name] 479 +--rw name string 480 +--rw enable? boolean 481 +--rw algo-versioning 482 | +--rw version? uint64 483 | +--rw date? yang:date-and-time 484 +--rw (data-plane)? 485 | +--:(encapsulation) {map-e}? 486 | | +--rw br-ipv6-addr inet:ipv6-address 487 | +--:(translation) {map-t}? 488 | +--rw dmr-ipv6-prefix? inet:ipv6-prefix 489 +--rw ea-len uint8 490 +--rw rule-ipv6-prefix inet:ipv6-prefix 491 +--rw rule-ipv4-prefix inet:ipv4-prefix 492 +--rw forwarding boolean 493 +--rw port-set 494 | +--rw psid-offset? uint8 495 | +--rw psid-len uint8 496 | +--rw psid uint16 497 +--ro traffic-stat 498 +--ro discontinuity-time yang:date-and-time 499 +--ro sent-ipv4-packets? 500 | yang:zero-based-counter64 501 +--ro sent-ipv4-bytes? 502 | yang:zero-based-counter64 503 +--ro sent-ipv6-packets? 504 | yang:zero-based-counter64 505 +--ro sent-ipv6-bytes? 506 | yang:zero-based-counter64 507 +--ro rcvd-ipv4-packets? 508 | yang:zero-based-counter64 509 +--ro rcvd-ipv4-bytes? 510 | yang:zero-based-counter64 511 +--ro rcvd-ipv6-packets? 512 | yang:zero-based-counter64 513 +--ro rcvd-ipv6-bytes? 514 | yang:zero-based-counter64 515 +--ro dropped-ipv4-packets? 516 | yang:zero-based-counter64 517 +--ro dropped-ipv4-bytes? 518 | yang:zero-based-counter64 519 +--ro dropped-ipv6-packets? 520 | yang:zero-based-counter64 521 +--ro dropped-ipv6-bytes? 522 | yang:zero-based-counter64 523 +--ro dropped-ipv4-fragments? 524 | yang:zero-based-counter64 525 +--ro dropped-ipv4-fragment-bytes? 526 | yang:zero-based-counter64 527 +--ro ipv6-fragments-reassembled? 528 | yang:zero-based-counter64 529 +--ro ipv6-fragments-bytes-reassembled? 530 | yang:zero-based-counter64 531 +--ro out-icmpv4-error-packets? 532 | yang:zero-based-counter64 533 +--ro out-icmpv4-error-bytes? 534 | yang:zero-based-counter64 535 +--ro out-icmpv6-error-packets? 536 | yang:zero-based-counter64 537 +--ro out-icmpv6-error-bytes? 538 yang:zero-based-counter64 540 notifications: 541 +---n softwire-binding-instance-event {binding-mode}? 542 | +--ro bind-name? 543 | | -> /br-instances/binding/bind-instance/name 544 | +--ro invalid-entry* leafref 545 | +--ro added-entry* inet:ipv6-address 546 | +--ro modified-entry* leafref 547 +---n softwire-algorithm-instance-event {map-e, map-t}? 548 +--ro algo-name 549 | -> /br-instances/algorithm/algo-instance/name 550 +--ro invalid-entry-id* 551 | -> /br-instances/algorithm/algo-instance/name 552 +--ro added-entry* 553 | -> /br-instances/algorithm/algo-instance/name 554 +--ro modified-entry* 555 -> /br-instances/algorithm/algo-instance/name 557 Figure 2: Softwire BR YANG Tree 559 5.2. Softwire BR Tree Diagram Description 561 The descriptions for leaves which are common with the CE module are 562 provided in Section 4.2. Descriptions for additional elements are 563 provided below: 565 o binding-table-versioning: optionally used to associate a version 566 number and/or timestamp to the binding table. This can be used 567 for logging or data retention purposes [RFC7422]. The version 568 number is selected to uniquely identify the binding table 569 configuration and a new timestamp value written whenever a change 570 is made to the contents of the binding table or a new binding 571 table list is created. 573 o binding-entry: used to define the binding relationship between 574 3-tuples {lwB4's IPv6 address/prefix, the allocated IPv4 address, 575 restricted port-set}. For detail information, please refer to 576 [RFC7596]. 578 o softwire-num-max: used to set the maximum number of softwire 579 binding rules that can be created on the lw4o6 element 580 simultaneously. This paramter must not be set to zero because 581 this is equivalent to disabling the BR instance. 583 o active-softwire-num: holds the number of softwires currently 584 provisioned on the BR element. 586 Additional information on some of the important notification nodes is 587 listed below: 589 o invalid-entry, added-entry, modified-entry: used to notify the 590 NETCONF client that a specific binding entry or MAP rule has 591 expired, been invalidated, added, or modified. 593 6. Softwire CE YANG Module 595 This module imports the modules defined in [RFC6991], [RFC8343], and 596 [RFC7224]. It also imports the 'ietf-softwire-common' and 'iana- 597 tunnel-type' modules [I-D.ietf-softwire-iftunnel]. 599 file "ietf-softwire-ce@2019-01-11.yang" 601 module ietf-softwire-ce { 602 yang-version 1.1; 603 namespace "urn:ietf:params:xml:ns:yang:ietf-softwire-ce"; 604 prefix softwire-ce; 606 import ietf-inet-types { 607 prefix inet; 608 reference "Section 4 of RFC 6991"; 609 } 610 import ietf-interfaces { 611 prefix if; 612 reference "RFC 8343: A YANG Data Model for Interface Management"; 613 } 614 import ietf-softwire-common { 615 prefix softwire-common; 616 reference 617 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 618 Softwires"; 619 } 620 import iana-tunnel-type { 621 prefix iana-tunnel-type; 622 reference 623 "RFC YYYY: Tunnel Interface Types YANG Module"; 624 } 626 organization 627 "IETF Softwire Working Group"; 628 contact 629 "WG Web: 630 WG List: 632 Author: Qi Sun 633 635 Author: Linhui Sun 636 638 Author: Yong Cui 639 641 Editor: Ian Farrer 642 644 Author: Sladjana Zoric 645 647 Editor: Mohamed Boucadair 648 650 Author: Rajiv Asati 651 "; 652 description 653 "This document defines a YANG module for the configuration and 654 management of A+P Softwire Customer Premises Equipment (CEs). It 655 covers Lightweight 4over6, MAP-E, and MAP-T mechanisms. 657 Copyright (c) 2019 IETF Trust and the persons identified as 658 authors of the code. All rights reserved. 660 Redistribution and use in source and binary forms, with or 661 without modification, is permitted pursuant to, and subject 662 to the license terms contained in, the Simplified BSD License 663 set forth in Section 4.c of the IETF Trust's Legal Provisions 664 Relating to IETF Documents 665 (http://trustee.ietf.org/license-info). 666 This version of this YANG module is part of RFC XXXX; see 667 the RFC itself for full legal notices."; 669 revision 2019-01-11 { 670 description 671 "Initial revision."; 672 reference 673 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 674 Softwires"; 675 } 677 /* 678 * Features 679 */ 681 feature binding-mode { 682 description 683 "Binding is used for configuring the Lightweight 4over6 mechanism. 685 Binding based softwire mechanisms are IPv4-over-IPv6 tunnelling 686 transition mechanisms specifically intended for complete 687 independence between the IPv6 subnet prefix (and IPv6 address) 688 and IPv4 address, with or without IPv4 address sharing. 690 This is accomplished by maintaining state for each softwire 691 (per-subscriber state) in the central Border Relay (BR) and using 692 a hub-and-spoke forwarding architecture. In order to delegate the 693 NAPT function and achieve IPv4 address sharing, port-restricted 694 IPv4 addresses needs to be allocated to CEs. 696 This feature indicates that the network element can function as 697 one or more binding based softwire instances."; 698 reference 699 "RFC7596: Lightweight 4over6: An Extension to the Dual-Stack Lite 700 Architecture 701 RFC7597: Mapping of Address and Port with Encapsulation (MAP-E) 702 RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 703 } 705 feature map-e { 706 description 707 "MAP-E is an IPv6 transition mechanism for transporting IPv4 708 packets across an IPv6 network using IP encapsulation. MAP-E 709 allows for a reduction of the amount of centralized state using 710 rules to express IPv4/IPv6 address mappings. This introduces an 711 algorithmic relationship between the IPv6 subnet and IPv4 712 address. 714 This feature indicates that the network element can function as 715 one or more MAP-E softwire instances."; 716 reference 717 "RFC7597: Mapping of Address and Port with Encapsulation (MAP-E)"; 718 } 720 feature map-t { 721 description 722 "MAP-T is an IPv6 transition mechanism for transporting IPv4 723 packets across an IPv6 network using IP translation. It leverages 724 a double stateless NAT64 based solution as well as the stateless 725 algorithmic address & transport layer port mapping algorithm 726 defined for MAP-E. 728 This feature indicates that the network element can function as 729 one or more MAP-T softwire instances."; 730 reference 731 "RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 732 } 734 // Binding Entry 736 grouping binding-entry { 737 description 738 "The binding BR (Border Relay) maintains an address binding table 739 that contains the binding between the CE's IPv6 address, 740 the allocated IPv4 address and restricted port-set."; 741 leaf binding-ipv6info { 742 type union { 743 type inet:ipv6-address; 744 type inet:ipv6-prefix; 745 } 746 description 747 "The IPv6 information for a binding entry. 749 When the IPv6 prefix type is used, 750 the IPv6 source address of the CE is constructed 751 according to the description in RFC7596. 753 If the IPv6 address type is used, the CE can use 754 any valid /128 address from a prefix assigned to 755 the CE."; 756 reference "Section 5.1 of RFC7596."; 757 } 758 leaf br-ipv6-addr { 759 type inet:ipv6-address; 760 mandatory true; 761 description 762 "The IPv6 address of the binding BR."; 763 } 764 } 766 // configuration and stateful parameters for softwire CE interface 768 augment "/if:interfaces/if:interface" { 769 when "derived-from(if:type, 'iana-tunnel-type:aplusp')"; 770 description 771 "Softwire CE interface configuration"; 772 leaf softwire-payload-mtu { 773 type uint16; 774 units "bytes"; 775 description 776 "The payload IPv4 MTU for the softwire tunnel."; 777 } 778 leaf softwire-path-mru { 779 type uint16; 780 units "bytes"; 781 description 782 "The path MRU for the softwire (payload + encapsulation 783 overhead)."; 784 reference 785 "RFC 4213: Basic Transition Mechanisms for IPv6 Hosts and 786 Routers"; 787 } 788 choice ce-type { 789 description 790 "Sets the softwire CE mechanism"; 791 case binding { 792 if-feature "binding-mode"; 793 description 794 "CE binding configuration"; 795 uses binding-entry; 796 } 797 case algo { 798 if-feature "map-e or map-t"; 799 description 800 "CE algorithm configuration"; 801 container algo-instances { 802 description 803 "Collection of MAP-E/MAP-T parameters"; 804 list algo-instance { 805 key "name"; 806 description 807 "MAP forwarding rule instance for 808 MAP-E/MAP-T"; 809 leaf name { 810 type string; 811 mandatory true; 812 description 813 "The name is used to uniquely identify an algorithm 814 instance. 816 This name can be automatically assigned 817 or explicitly configured."; 818 } 819 uses softwire-common:algorithm-instance; 820 } 821 } 822 } 823 } 824 } 825 augment "/if:interfaces/if:interface/if:statistics" { 826 when "derived-from(../if:type, 'iana-tunnel-type:aplusp')"; 827 description 828 "Softwire CE interface statistics."; 829 uses softwire-common:traffic-stat; 830 } 832 /* 833 * Notifications 834 */ 836 notification softwire-ce-event { 837 if-feature "binding-mode"; 838 description 839 "CE notification"; 840 leaf ce-binding-ipv6-addr-change { 841 type inet:ipv6-address; 842 mandatory true; 843 description 844 "This notification is generated whenever the CE's binding IPv6 845 address changes for any reason."; 846 } 847 } 848 } 849 851 7. BR Softwire YANG Module 853 This module imports typedefs from [RFC6991]. It also imports the 854 'ietf-softwire-common' module. 856 file "ietf-softwire-br@2019-01-11.yang" 857 module ietf-softwire-br { 858 yang-version 1.1; 859 namespace "urn:ietf:params:xml:ns:yang:ietf-softwire-br"; 860 prefix softwire-br; 862 import ietf-inet-types { 863 prefix inet; 864 reference "Section 4 of RFC 6991"; 865 } 866 import ietf-yang-types { 867 prefix yang; 868 reference "Section 3 of RFC 6991"; 869 } 870 import ietf-softwire-common { 871 prefix softwire-common; 872 reference 873 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 874 Softwires"; 875 } 877 organization 878 "IETF Softwire Working Group"; 879 contact 880 "WG Web: 881 WG List: 883 Author: Qi Sun 884 886 Author: Linhui Sun 887 889 Author: Yong Cui 890 892 Editor: Ian Farrer 893 895 Author: Sladjana Zoric 896 898 Editor: Mohamed Boucadair 899 901 Author: Rajiv Asati 902 "; 904 description 905 "This document defines a YANG module for the configuration and 906 management of A+P Softwire Border Routers. It covers Lightweight 907 4over6, MAP-E, and MAP-T mechanisms. 909 Copyright (c) 2019 IETF Trust and the persons identified as 910 authors of the code. All rights reserved. 912 Redistribution and use in source and binary forms, with or 913 without modification, is permitted pursuant to, and subject 914 to the license terms contained in, the Simplified BSD License 915 set forth in Section 4.c of the IETF Trust's Legal Provisions 916 Relating to IETF Documents 917 (http://trustee.ietf.org/license-info). 919 This version of this YANG module is part of RFC XXXX; see 920 the RFC itself for full legal notices."; 922 revision 2019-01-11 { 923 description 924 "Initial revision."; 925 reference 926 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 927 Softwires"; 928 } 930 /* 931 * Groupings 932 */ 934 grouping port-set { 935 description 936 "Describes a set of layer 4 port numbers. 938 This may be a simple port range, or use the Port Set 939 Identifier (PSID) algorithm to represent a range of transport 940 layer ports which will be used by a NAPT."; 941 leaf psid-offset { 942 type uint8 { 943 range "0..16"; 944 } 945 description 946 "The number of offset bits. In Lightweight 4over6, 947 the default value is 0 for assigning one contiguous 948 port range. In MAP-E/T, the default value is 6, 949 which means the system ports (0-1023) are excluded by 950 default and the assigned port ranges are distributed across 951 the entire port space, depending on either psid-len or the 952 number of contiguous ports."; 954 } 955 leaf psid-len { 956 type uint8 { 957 range "0..15"; 958 } 959 mandatory true; 960 description 961 "The length of PSID, representing the sharing 962 ratio for an IPv4 address. This, along with ea-len, can 963 be used to calculate the number of contiguous ports per 964 port range"; 965 } 966 leaf psid { 967 type uint16; 968 mandatory true; 969 description 970 "Port Set Identifier (PSID) value, which 971 identifies a set of ports algorithmically."; 972 } 973 } 975 grouping binding-entry { 976 description 977 "The binding BR maintains an address binding table that 978 contains the binding between the CE's IPv6 address, 979 the allocated IPv4 address and restricted port-set."; 980 leaf binding-ipv6info { 981 type union { 982 type inet:ipv6-address; 983 type inet:ipv6-prefix; 984 } 985 description 986 "The IPv6 information for a CE binding entry. 987 When the IPv6 prefix type is used, 988 the IPv6 source address of the CE is constructed 989 according to the description in RFC7596; 990 if the IPv6 address type is used, the CE can use 991 any valid /128 address from a prefix assigned to 992 the CE."; 993 reference 994 "RFC7596: Lightweight 4over6: An Extension to the Dual-Stack 995 Lite Architecture"; 996 } 997 leaf binding-ipv4-addr { 998 type inet:ipv4-address; 999 description 1000 "The IPv4 address assigned to the binding CE, 1001 which is used as the IPv4 external address 1002 for binding CE local NAPT44."; 1003 } 1004 container port-set { 1005 description 1006 "For Lightweight 4over6, the default value 1007 for offset should be 0, to configure one contiguous 1008 port range."; 1009 uses port-set { 1010 refine "psid-offset" { 1011 default "0"; 1012 } 1013 } 1014 } 1015 leaf br-ipv6-addr { 1016 type inet:ipv6-address; 1017 description 1018 "The IPv6 address for binding BR."; 1019 } 1020 } 1022 /* 1023 * Features 1024 */ 1026 feature binding-mode { 1027 description 1028 "Binding is used for configuring the Lightweight 4over6 mechanism. 1030 Binding based softwire mechanisms are IPv4-over-IPv6 tunnelling 1031 transition mechanisms specifically intended for complete 1032 independence between the IPv6 subnet prefix (and IPv6 address) 1033 and IPv4 address, with or without IPv4 address sharing. 1035 This is accomplished by maintaining state for each softwire 1036 (per-subscriber state) in the central Border Relay (BR) and using 1037 a hub-and-spoke forwarding architecture. In order to delegate the 1038 NAPT function and achieve IPv4 address sharing, port-restricted 1039 IPv4 addresses needs to be allocated to CEs. 1041 This feature indicates that the network element can function as 1042 one or more binding based softwire instances."; 1043 reference 1044 "RFC7596: Lightweight 4over6: An Extension to the Dual-Stack Lite 1045 Architecture 1046 RFC7597: Mapping of Address and Port with Encapsulation (MAP-E) 1047 RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 1048 } 1049 feature map-e { 1050 description 1051 "MAP-E is an IPv6 transition mechanism for transporting IPv4 1052 packets across an IPv6 network using IP encapsulation. MAP-E 1053 allows for a reduction of the amount of centralized state using 1054 rules to express IPv4/IPv6 address mappings. This introduces an 1055 algorithmic relationship between the IPv6 subnet and IPv4 1056 address. 1058 This feature indicates that the network element can function as 1059 one or more MAP-E softwire instances."; 1060 reference 1061 "RFC7597: Mapping of Address and Port with Encapsulation (MAP-E)"; 1062 } 1064 feature map-t { 1065 description 1066 "MAP-T is an IPv6 transition mechanism for transporting IPv4 1067 packets across an IPv6 network using IP translation. It leverages 1068 a double stateless NAT64 based solution as well as the stateless 1069 algorithmic address & transport layer port mapping algorithm 1070 defined for MAP-E. 1072 This feature indicates that the network element can function as 1073 one or more MAP-T softwire instances."; 1074 reference 1075 "RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 1076 } 1078 container br-instances { 1079 description 1080 "BR instances enabled in a network element."; 1081 choice br-type { 1082 description 1083 "Select binding or algorithmic BR functionality."; 1084 case binding { 1085 if-feature "binding-mode"; 1086 container binding { 1087 description 1088 "binding mechanism (binding table) configuration."; 1089 list bind-instance { 1090 key "name"; 1091 description 1092 "A set of binding instances to be configured."; 1093 leaf name { 1094 type string; 1095 mandatory true; 1096 description 1097 "The name for the binding BR. It is used to uniquely 1098 distinguish a binding instance by its name."; 1099 } 1100 container binding-table-versioning { 1101 description 1102 "binding table's version"; 1103 leaf version { 1104 type uint64; 1105 description 1106 "Version number for this binding table."; 1107 } 1108 leaf date { 1109 type yang:date-and-time; 1110 description 1111 "Timestamp when the binding table was activated. 1113 A binding instance may be provided with binding 1114 entries that may change in time (e.g., increase 1115 the size of the port set). When a party who is the 1116 victim of abuse presents an external IP address/port, 1117 the version of the binding table is important 1118 because depending on the version, a distinct customer 1119 may be identified. 1121 The timestamp is used as a key to find the 1122 appropriate binding table that was put into effect 1123 when an abuse occurred."; 1124 reference 1125 "RFC7422: Deterministic Address Mapping to Reduce 1126 Logging in Carrier-Grade NAT Deployments"; 1127 } 1128 } 1129 leaf softwire-num-max { 1130 type uint32 { 1131 range "1..max"; 1132 } 1133 mandatory true; 1134 description 1135 "The maximum number of softwires that can be created 1136 on the binding BR."; 1137 } 1138 leaf softwire-payload-mtu { 1139 type uint16; 1140 units "bytes"; 1141 mandatory true; 1142 description 1143 "The payload IPv4 MTU for binding softwire."; 1144 } 1145 leaf softwire-path-mru { 1146 type uint16; 1147 units "bytes"; 1148 mandatory true; 1149 description 1150 "The path MRU for binding softwire."; 1151 reference 1152 "RFC4213: Basic Transition Mechanisms for IPv6 Hosts 1153 and Routers"; 1154 } 1155 leaf enable-hairpinning { 1156 type boolean; 1157 default "true"; 1158 description 1159 "Enables/disables support for locally forwarding 1160 (hairpinning) traffic between two CEs."; 1161 reference "Section 6.2 of RFC7596"; 1162 } 1163 container binding-table { 1164 description 1165 "binding table"; 1166 list binding-entry { 1167 key "binding-ipv6info"; 1168 description 1169 "binding entry"; 1170 uses binding-entry; 1171 } 1172 } 1173 container icmp-policy { 1174 description 1175 "The binding BR can be configured to process or drop 1176 incoming ICMP messages, and to generate outgoing ICMP 1177 error messages."; 1178 container icmpv4-errors { 1179 description 1180 "ICMPv4 error processing configuration"; 1181 leaf allow-incoming-icmpv4 { 1182 type boolean; 1183 default "true"; 1184 description 1185 "Enables the processing of incoming ICMPv4 1186 packets."; 1187 reference 1188 "RFC7596: Lightweight 4over6: An Extension to 1189 the Dual-Stack Lite Architecture"; 1190 } 1191 leaf icmpv4-rate { 1192 type uint32; 1193 description 1194 "Rate limit threshold in messages per-second 1195 for processing incoming ICMPv4 errors messages"; 1196 } 1197 leaf generate-icmpv4-errors { 1198 type boolean; 1199 default "true"; 1200 description 1201 "Enables the generation of outgoing ICMPv4 error 1202 messages on receipt of an inbound IPv4 packet 1203 with no matching binding table entry."; 1204 reference "Seciton 5.2 of RFC7596."; 1205 } 1206 } 1207 container icmpv6-errors { 1208 description 1209 "ICMPv6 error processing configuration"; 1210 leaf generate-icmpv6-errors { 1211 type boolean; 1212 default "true"; 1213 description 1214 "Enables the generation of ICMPv6 error messages if 1215 no matching binding table entry is found for a 1216 received packet."; 1217 reference "Section 6.2 of RFC7596."; 1218 } 1219 leaf icmpv6-rate { 1220 type uint32; 1221 description 1222 "Rate limit threshold in messages per-second 1223 for sending ICMPv6 errors messages"; 1224 reference "Section 9 of RFC7596."; 1225 } 1226 } 1227 } 1228 container traffic-stat { 1229 config false; 1230 description 1231 "Traffic statistics information for the BR."; 1232 leaf discontinuity-time { 1233 type yang:date-and-time; 1234 mandatory true; 1235 description 1236 "The time of the most recent occasion on which the BR 1237 instance suffered a discontinuity. This must be 1238 initialized when the BR instance is configured 1239 or rebooted."; 1240 } 1241 uses softwire-common:traffic-stat; 1242 leaf dropped-icmpv4-packets { 1243 type yang:zero-based-counter64; 1244 description 1245 "ICMPv4 packets that are dropped as a result 1246 of the ICMP policy. Typically, this can be any 1247 incoming ICMPv4 packets if ICMPv4 processing is 1248 disabled or incoming ICMPv4 packets that exceed 1249 the ICMPv4 rate-limit threshold. 1251 Discontinuities in the value of this counter can 1252 occur at re-initialization of the management 1253 system, and at other times as indicated by 1254 the value of 'discontinuity-time'."; 1255 } 1256 leaf dropped-icmpv4-bytes { 1257 type yang:zero-based-counter64; 1258 description 1259 "ICMPv4 messages, in bytes, that are dropped as 1260 a result of the ICMP policy. Typically, it 1261 can be any incoming ICMPv4 packets if ICMPv4 1262 processing is disabled or incoming ICMPv4 1263 packets that exceed the ICMPv4 rate-limit 1264 threshold. 1266 Discontinuities in the value of this counter can 1267 occur at re-initialization of the management 1268 system, and at other times as indicated by 1269 the value of 'discontinuity-time'."; 1270 } 1271 leaf hairpin-ipv4-packets { 1272 type yang:zero-based-counter64; 1273 description 1274 "IPv4 packets locally routed between two CEs 1275 (hairpinned). 1277 Discontinuities in the value of this counter can 1278 occur at re-initialization of the management 1279 system, and at other times as indicated by 1280 the value of 'discontinuity-time'."; 1281 } 1282 leaf hairpin-ipv4-bytes { 1283 type yang:zero-based-counter64; 1284 description 1285 "IPv4 bytes locally routed between two CEs 1286 (hairpinned). 1288 Discontinuities in the value of this counter can 1289 occur at re-initialization of the management 1290 system, and at other times as indicated by 1291 the value of 'discontinuity-time'."; 1292 } 1293 leaf active-softwire-num { 1294 type uint32; 1295 config false; 1296 description 1297 "The number of currently active softwires on the 1298 binding instance. 1300 Discontinuities in the value of this counter can 1301 occur at re-initialization of the management 1302 system, and at other times as indicated by 1303 the value of 'discontinuity-time'."; 1304 } 1305 } 1306 } 1307 } 1308 } 1309 case algo { 1310 if-feature "map-e or map-t"; 1311 container algorithm { 1312 description 1313 " A set of parameters used for MAP-E/MAP-T."; 1314 list algo-instance { 1315 key "name"; 1316 description 1317 "Instances of algorithm"; 1318 leaf name { 1319 type string; 1320 mandatory true; 1321 description 1322 "The name is used to uniquely identify an algorithm 1323 instance. 1325 This name can be automatically assigned 1326 or explicitly configured."; 1327 } 1328 uses softwire-common:algorithm-instance; 1329 container port-set { 1330 description 1331 "Indicates a set of ports."; 1332 uses port-set; 1333 } 1334 container traffic-stat { 1335 config false; 1336 description 1337 "Traffic statistics information for the BR."; 1338 leaf discontinuity-time { 1339 type yang:date-and-time; 1340 mandatory true; 1341 description 1342 "The time of the most recent occasion on which the BR 1343 instance suffered a discontinuity. This must be 1344 reset to the current date-and-time when the BR 1345 instance is configured or rebooted."; 1346 } 1347 uses softwire-common:traffic-stat; 1348 } 1349 } 1350 } 1351 } 1352 } 1353 } 1355 /* 1356 * Notifications 1357 */ 1359 notification softwire-binding-instance-event { 1360 if-feature "binding-mode"; 1361 description 1362 "Notifications for binding instance when an entry is 1363 added, modified, or is not valid anymore."; 1364 leaf bind-name { 1365 type leafref { 1366 path "/br-instances/binding/bind-instance/name"; 1367 } 1368 description 1369 "The name of the binding-instance that 1370 generated the notification."; 1371 } 1372 leaf-list invalid-entry { 1373 type leafref { 1374 path 1375 "/br-instances/binding/" 1376 + "bind-instance[name=current()/../bind-name]/" 1377 + "binding-table/binding-entry/binding-ipv6info"; 1378 } 1379 description 1380 "Notify the client that a specific binding entry has 1381 expired or is invalid. The binding-ipv6info identifies 1382 an entry."; 1383 } 1384 leaf-list added-entry { 1385 type inet:ipv6-address; 1386 description 1387 "Notify the client that a binding entry has been added. 1388 The ipv6 address of that entry is the index. The client 1389 gets other information from the binding BR about the entry 1390 indexed by that ipv6 address."; 1391 } 1392 leaf-list modified-entry { 1393 type leafref { 1394 path 1395 "/br-instances/binding/" 1396 + "bind-instance[name=current()/../bind-name]/" 1397 + "binding-table/binding-entry/binding-ipv6info"; 1398 } 1399 description 1400 "The binding-table entry that has been modified."; 1401 } 1402 } 1403 notification softwire-algorithm-instance-event { 1404 if-feature "map-e or map-t"; 1405 description 1406 "Notifications for algorithm instance when an entry is 1407 added, modified, or is not valid anymore."; 1408 leaf algo-name { 1409 type leafref { 1410 path "/br-instances/algorithm/algo-instance/name"; 1411 } 1412 mandatory true; 1413 description 1414 "algorithmic instance event."; 1415 } 1416 leaf-list invalid-entry { 1417 type leafref { 1418 path "/br-instances/algorithm/algo-instance/name"; 1419 } 1420 description 1421 "Invalid entry event."; 1422 } 1423 leaf-list added-entry { 1424 type leafref { 1425 path "/br-instances/algorithm/algo-instance/name"; 1426 } 1427 description 1428 "Added entry."; 1429 } 1430 leaf-list modified-entry { 1431 type leafref { 1432 path "/br-instances/algorithm/algo-instance/name"; 1434 } 1435 description 1436 "Modified entry."; 1437 } 1438 } 1439 } 1440 1442 8. Common Softwire Element Groups YANG Module 1444 This module imports typedefs from [RFC6991]. 1446 The following YANG module contains definitions that are used by both 1447 the softwire CE and softwire BR YANG modules. 1449 file "ietf-softwire-common@2019-01-11.yang" 1451 module ietf-softwire-common { 1452 yang-version 1.1; 1453 namespace "urn:ietf:params:xml:ns:yang:ietf-softwire-common"; 1454 prefix softwire-common; 1456 import ietf-inet-types { 1457 prefix inet; 1458 reference "Section 4 of RFC 6991"; 1459 } 1460 import ietf-yang-types { 1461 prefix yang; 1462 reference "Section 3 of RFC 6991"; 1463 } 1465 organization 1466 "IETF Softwire Working Group"; 1467 contact 1468 "WG Web: 1469 WG List: 1471 Author: Qi Sun 1472 1474 Author: Linhui Sun 1475 1477 Author: Yong Cui 1478 1480 Editor: Ian Farrer 1481 1483 Author: Sladjana Zoric 1484 1486 Editor: Mohamed Boucadair 1487 1489 Author: Rajiv Asati 1490 "; 1491 description 1492 "This document defines a YANG module defining types 1493 common to all A+P modules. 1495 Copyright (c) 2019 IETF Trust and the persons identified as 1496 authors of the code. All rights reserved. 1498 Redistribution and use in source and binary forms, with or 1499 without modification, is permitted pursuant to, and subject 1500 to the license terms contained in, the Simplified BSD License 1501 set forth in Section 4.c of the IETF Trust's Legal Provisions 1502 Relating to IETF Documents 1503 (http://trustee.ietf.org/license-info). 1505 This version of this YANG module is part of RFC XXXX; see 1506 the RFC itself for full legal notices."; 1508 revision 2019-01-11 { 1509 description 1510 "Initial revision."; 1511 reference 1512 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 1513 Softwires"; 1514 } 1516 feature map-e { 1517 description 1518 "MAP-E is an IPv6 transition mechanism for transporting IPv4 1519 packets across an IPv6 network using IP encapsulation. MAP-E 1520 allows for a reduction of the amount of centralized state using 1521 rules to express IPv4/IPv6 address mappings. This introduces an 1522 algorithmic relationship between the IPv6 subnet and IPv4 1523 address. 1525 This feature indicates that the network element can function as 1526 one or more MAP-E softwire instances."; 1527 reference 1528 "RFC7597: Mapping of Address and Port with Encapsulation (MAP-E)"; 1529 } 1530 feature map-t { 1531 description 1532 "MAP-T is an IPv6 transition mechanism for transporting IPv4 1533 packets across an IPv6 network using IP translation. It leverages 1534 a double stateless NAT64 based solution as well as the stateless 1535 algorithmic address & transport layer port mapping algorithm 1536 defined for MAP-E. 1538 This feature indicates that the network element can function as 1539 one or more MAP-T softwire instances."; 1540 reference 1541 "RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 1542 } 1544 /* 1545 * Groupings 1546 */ 1548 grouping algorithm-instance { 1549 description 1550 "A collection of parameters that is used fro MAP-E/MAP-T."; 1551 leaf enable { 1552 type boolean; 1553 description 1554 "Enable/disable an individual MAP-E or MAP-T rule."; 1555 } 1556 container algo-versioning { 1557 description 1558 "Version number for this algorithm instance"; 1559 leaf version { 1560 type uint64; 1561 description 1562 "A version number for the mapping algorithm 1563 rules provided to the algorithm instance"; 1564 } 1565 leaf date { 1566 type yang:date-and-time; 1567 description 1568 "Timestamp when the algorithm instance was activated. 1570 An algorithm instance may be provided with mapping 1571 rules that may change in time (for example, increase 1572 the size of the port set). When a party who is the victim 1573 of abuse presents an external IP address/port, the version 1574 of the algorithm is important because depending on 1575 the version, a distinct customer may be identified. 1577 The timestamp is used as a key to find the appropriate 1578 algorithm that was put into effect when an abuse 1579 occurred. "; 1580 reference 1581 "RFC7422: Deterministic Address Mapping to Reduce 1582 Logging in Carrier-Grade NAT Deployments"; 1583 } 1584 } 1585 choice data-plane { 1586 description 1587 "Selects MAP-E (encapsulation) or MAP-T 1588 (translation)"; 1589 case encapsulation { 1590 if-feature "map-e"; 1591 description 1592 "encapsulation for MAP-E"; 1593 leaf br-ipv6-addr { 1594 type inet:ipv6-address; 1595 mandatory true; 1596 description 1597 "The IPv6 address of the MAP-E BR."; 1598 } 1599 } 1600 case translation { 1601 if-feature "map-t"; 1602 description 1603 "translation for MAP-T"; 1604 leaf dmr-ipv6-prefix { 1605 type inet:ipv6-prefix; 1606 description 1607 "The IPv6 prefix of the MAP-T BR."; 1608 } 1609 } 1610 } 1611 leaf ea-len { 1612 type uint8; 1613 mandatory true; 1614 description 1615 "Embedded Address (EA) bits are the IPv4 EA-bits in the IPv6 1616 address identifying an IPv4 prefix/address (or part thereof) 1617 or a shared IPv4 address (or part thereof) and a port-set 1618 identifier. The length of the EA-bits is defined as part of 1619 a MAP rule for a MAP domain."; 1620 } 1621 leaf rule-ipv6-prefix { 1622 type inet:ipv6-prefix; 1623 mandatory true; 1624 description 1625 "The Rule IPv6 prefix defined in the mapping rule."; 1627 } 1628 leaf rule-ipv4-prefix { 1629 type inet:ipv4-prefix; 1630 mandatory true; 1631 description 1632 "The Rule IPv4 prefix defined in the mapping rule."; 1633 } 1634 leaf forwarding { 1635 type boolean; 1636 mandatory true; 1637 description 1638 "This parameter specifies whether the rule may be used for 1639 forwarding (FMR). If set, this rule is used as an FMR; 1640 if not set, this rule is a Basic Mapping Rule (BMR) only 1641 and must not be used for forwarding."; 1642 } 1643 } 1645 grouping traffic-stat { 1646 description 1647 "Traffic statistics"; 1648 leaf sent-ipv4-packets { 1649 type yang:zero-based-counter64; 1650 description 1651 "Number of decapsulated and forwarded IPv4 packets. 1653 Discontinuities in the value of this counter can occur 1654 at re-initialization of the management system, and at 1655 other times as indicated by the value of 1656 'discontinuity-time'."; 1657 } 1658 leaf sent-ipv4-bytes { 1659 type yang:zero-based-counter64; 1660 description 1661 "Decapsulated/translated IPv4 traffic sent, in bytes 1663 Discontinuities in the value of this counter can occur 1664 at re-initialization of the management system, and at 1665 other times as indicated by the value of 1666 'discontinuity-time'."; 1667 } 1668 leaf sent-ipv6-packets { 1669 type yang:zero-based-counter64; 1670 description 1671 "Number of encapsulated IPv6 packets sent. 1673 Discontinuities in the value of this counter can occur 1674 at re-initialization of the management system, and at 1675 other times as indicated by the value of 1676 'discontinuity-time'."; 1677 } 1678 leaf sent-ipv6-bytes { 1679 type yang:zero-based-counter64; 1680 description 1681 "Encapsulated IPv6 traffic sent, in bytes 1683 Discontinuities in the value of this counter can occur 1684 at re-initialization of the management system, and at 1685 other times as indicated by the value of 1686 'discontinuity-time'."; 1687 } 1688 leaf rcvd-ipv4-packets { 1689 type yang:zero-based-counter64; 1690 description 1691 "Number of IPv4 packets received. 1693 Discontinuities in the value of this counter can occur 1694 at re-initialization of the management system, and at 1695 other times as indicated by the value of 1696 'discontinuity-time'."; 1697 } 1698 leaf rcvd-ipv4-bytes { 1699 type yang:zero-based-counter64; 1700 description 1701 "IPv4 traffic received, in bytes. 1703 Discontinuities in the value of this counter can occur 1704 at re-initialization of the management system, and at 1705 other times as indicated by the value of 1706 'discontinuity-time'."; 1707 } 1708 leaf rcvd-ipv6-packets { 1709 type yang:zero-based-counter64; 1710 description 1711 "Number of IPv4-in-IPv6 packets received. 1713 Discontinuities in the value of this counter can occur 1714 at re-initialization of the management system, and at 1715 other times as indicated by the value of 1716 'discontinuity-time'."; 1717 } 1718 leaf rcvd-ipv6-bytes { 1719 type yang:zero-based-counter64; 1720 description 1721 "IPv4-in-IPv6 traffic received, in bytes. 1723 Discontinuities in the value of this counter can occur 1724 at re-initialization of the management system, and at 1725 other times as indicated by the value of 1726 'discontinuity-time'."; 1727 } 1728 leaf dropped-ipv4-packets { 1729 type yang:zero-based-counter64; 1730 description 1731 "Number of IPv4 packets dropped at the 1732 Internet-facing interface. 1734 Discontinuities in the value of this counter can occur 1735 at re-initialization of the management system, and at 1736 other times as indicated by the value of 1737 'discontinuity-time'."; 1738 } 1739 leaf dropped-ipv4-bytes { 1740 type yang:zero-based-counter64; 1741 description 1742 "IPv4 traffic dropped at the Internet-facing 1743 interface, in bytes. 1745 Discontinuities in the value of this counter can occur 1746 at re-initialization of the management system, and at 1747 other times as indicated by the value of 1748 'discontinuity-time'."; 1749 } 1750 leaf dropped-ipv6-packets { 1751 type yang:zero-based-counter64; 1752 description 1753 "Number of IPv4-in-IPv6 packets dropped. 1755 Discontinuities in the value of this counter can occur 1756 at re-initialization of the management system, and at 1757 other times as indicated by the value of 1758 'discontinuity-time'."; 1759 } 1760 leaf dropped-ipv6-bytes { 1761 type yang:zero-based-counter64; 1762 description 1763 "IPv4-in-IPv6 traffic dropped, in bytes. 1765 Discontinuities in the value of this counter can occur 1766 at re-initialization of the management system, and at 1767 other times as indicated by the value of 1768 'discontinuity-time'."; 1769 } 1770 leaf dropped-ipv4-fragments { 1771 type yang:zero-based-counter64; 1772 description 1773 "Number of fragmented IPv4 packets dropped. 1775 Discontinuities in the value of this counter can occur 1776 at re-initialization of the management system, and at 1777 other times as indicated by the value of 1778 'discontinuity-time'."; 1779 } 1780 leaf dropped-ipv4-fragment-bytes { 1781 type yang:zero-based-counter64; 1782 description 1783 "Fragmented IPv4 traffic dropped, in bytes. 1785 Discontinuities in the value of this counter can occur 1786 at re-initialization of the management system, and at 1787 other times as indicated by the value of 1788 'discontinuity-time'."; 1789 } 1790 leaf ipv6-fragments-reassembled { 1791 type yang:zero-based-counter64; 1792 description 1793 "Number of IPv6 fragments successfully reassembled. 1795 Discontinuities in the value of this counter can occur 1796 at re-initialization of the management system, and at 1797 other times as indicated by the value of 1798 'discontinuity-time'."; 1799 } 1800 leaf ipv6-fragments-bytes-reassembled { 1801 type yang:zero-based-counter64; 1802 description 1803 "IPv6 fragments successfully reassembled, in bytes. 1805 Discontinuities in the value of this counter can occur 1806 at re-initialization of the management system, and at 1807 other times as indicated by the value of 1808 'discontinuity-time'."; 1809 } 1810 leaf out-icmpv4-error-packets { 1811 type yang:zero-based-counter64; 1812 description 1813 "Internally generated ICMPv4 error packets. 1815 Discontinuities in the value of this counter can occur 1816 at re-initialization of the management system, and at 1817 other times as indicated by the value of 1818 'discontinuity-time'."; 1820 } 1821 leaf out-icmpv4-error-bytes { 1822 type yang:zero-based-counter64; 1823 description 1824 "Internally generated ICMPv4 error messages, in bytes. 1826 Discontinuities in the value of this counter can occur 1827 at re-initialization of the management system, and at 1828 other times as indicated by the value of 1829 'discontinuity-time'."; 1830 } 1831 leaf out-icmpv6-error-packets { 1832 type yang:zero-based-counter64; 1833 description 1834 "Internally generated ICMPv6 error packets. 1836 Discontinuities in the value of this counter can occur 1837 at re-initialization of the management system, and at 1838 other times as indicated by the value of 1839 'discontinuity-time'."; 1840 } 1841 leaf out-icmpv6-error-bytes { 1842 type yang:zero-based-counter64; 1843 description 1844 "Internally generated ICMPv6 error messages, in bytes. 1846 Discontinuities in the value of this counter can occur 1847 at re-initialization of the management system, and at 1848 other times as indicated by the value of 1849 'discontinuity-time'."; 1850 } 1851 } 1852 } 1853 1855 9. Security Considerations 1857 The YANG modules defined in this document is designed to be accessed 1858 via network management protocols such as NETCONF [RFC6241] or 1859 RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport 1860 layer, and the mandatory-to-implement secure transport is Secure 1861 Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the 1862 mandatory-to-implement secure transport is TLS [RFC8446]. 1864 The NETCONF access control model [RFC8341] provides the means to 1865 restrict access for particular NETCONF or RESTCONF users to a 1866 preconfigured subset of all available NETCONF or RESTCONF protocol 1867 operations and content. 1869 All data nodes defined in the YANG modules which can be created, 1870 modified, and deleted (i.e., config true, which is the default) are 1871 considered sensitive. Write operations (e.g., edit-config) applied 1872 to these data nodes without proper protection can negatively affect 1873 network operations. An attacker who is able to access the BR can 1874 undertake various attacks, such as: 1876 o Setting the value of 'br-ipv6-addr' on the CE to point to an 1877 illegitimate BR so that it can intercept all the traffic sent by a 1878 CE. Illegitimately intercepting users' traffic is an attack with 1879 severe implications on privacy. 1881 o Setting the MTU to a low value, which may increase the number of 1882 fragments ('softwire-payload-mtu'). 1884 o Disabling hairpinning (i.e., setting 'enable-hairpinning' to 1885 'false') to prevent communications between CEs. 1887 o Setting 'softwire-num-max' to an arbitrary high value, which may 1888 be exploited by a misbehaving user to perform a DoS on the binding 1889 BR by mounting a massive number of softwires. 1891 o Setting 'icmpv4-rate' or 'icmpv6-rate' to a low value, which may 1892 lead to the deactivation of ICMP messages handling. 1894 o Accessing to privacy data maintained by the BR (e.g., the binding 1895 table or the algorithm configuration). Such data can be misused 1896 to track the activity of a host. 1898 o Instructing the BR to install entries which in turn will induce a 1899 DDoS attack by means of the notifications generated by the BR. 1900 This DDoS can be softened by defining a notification interval, but 1901 given that this interval parameter can be disabled or set to a low 1902 value by the misbehaving entity, the same problem will be 1903 observed. 1905 Security considerations related to lw4o6, MAP-T, and MAP-E are 1906 discussed in [RFC7596], [RFC7597], and [RFC7599] respectively. 1908 Security considerations given in [RFC7950] are also applicable here. 1910 10. IANA Considerations 1912 This document requests IANA to assign a new tunnel type under the 1913 "tunnelType" sub-registry of the "ifType definitions" registry 1914 maintained at [TUNNELTYPE-IANA-REGISTRY] and use the following data 1915 for the new entry: 1917 Decimal: TDB1 1918 Name: aplusp 1919 Description: A+P encapsulation 1920 Reference: [RFC6346] 1922 This document requests IANA to register the following in the "ns" 1923 subregistry within the "IETF XML Registry" [RFC3688]: 1925 URI: urn:ietf:params:xml:ns:yang:ietf-softwire-ce 1926 Registrant Contact: The IESG. 1927 XML: N/A; the requested URI is an XML namespace. 1929 URI: urn:ietf:params:xml:ns:yang:ietf-softwire-br 1930 Registrant Contact: The IESG. 1931 XML: N/A; the requested URI is an XML namespace. 1933 URI: urn:ietf:params:xml:ns:yang:ietf-softwire-common 1934 Registrant Contact: The IESG. 1935 XML: N/A; the requested URI is an XML namespace. 1937 This document requests that IANA registers the following YANG modules 1938 in the "YANG Module Names" subregistry [RFC7950] within the "YANG 1939 Parameters" registry. 1941 name: ietf-softwire-ce 1942 namespace: urn:ietf:params:xml:ns:yang:ietf-softwire-ce 1943 prefix: softwire-ce 1944 reference: RFC XXXX 1946 name: ietf-softwire-br 1947 namespace: urn:ietf:params:xml:ns:yang:ietf-softwire-br 1948 prefix: softwire-br 1949 reference: RFC XXXX 1951 name: ietf-softwire-common 1952 namespace: urn:ietf:params:xml:ns:yang:ietf-softwire-common 1953 prefix: softwire-common 1954 reference: RFC XXXX 1956 11. Acknowledgements 1958 The authors would like to thank Lishan Li, Bert Wijnen, Giles Heron, 1959 Ole Troan, Andy Wingo and Leo Tietz for their contributions to this 1960 work. 1962 Thanks to Sheng Jiang for the review. 1964 Special thanks to Tom Petch and Martin Bjorklund for the detailed 1965 review and suggestions. 1967 12. Contributors 1969 The following individuals are co-authors: 1971 Yong Cui 1972 Tsinghua University 1973 Beijing 100084 1974 P.R. China 1975 Phone: +86-10-6260-3059 1976 Email: cuiyong@tsinghua.edu.cn 1978 Qi Sun 1979 Tsinghua University 1980 Beijing 100084 1981 P.R. China 1982 Phone: +86-10-6278-5822 1983 Email: sunqi.ietf@gmail.com 1985 Linhui Sun 1986 Tsinghua University 1987 Beijing 100084 1988 P.R. China 1989 Phone: +86-10-6278-5822 1990 Email: lh.sunlinh@gmail.com 1992 Sladjana Zechlin 1993 Deutsche Telekom AG 1994 Landgrabenweg 151 1995 Bonn, NRW 53227 1996 Germany 1997 Email: sladjana.zechlin@telekom.de 1999 Rajiv Asati 2000 Cisco Systems, Inc. 2001 7025 Kit Creek Rd. 2002 RTP, NC 27709 2003 USA 2004 Email: Rajiva@cisco.com 2006 13. Contributors 2008 The following individual contributed to this document: 2010 Hao Wang 2011 Tsinghua University 2012 Beijing 100084 2013 P.R.China 2014 Phone: +86-10-6278-5822 2015 Email: wangh13@mails.tsinghua.edu.cn 2017 14. References 2019 14.1. Normative References 2021 [I-D.ietf-softwire-iftunnel] 2022 Boucadair, M., Ed. and I. Farrer, "Tunnel Interface Types 2023 YANG Module", . 2026 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2027 DOI 10.17487/RFC3688, January 2004, 2028 . 2030 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2031 the Network Configuration Protocol (NETCONF)", RFC 6020, 2032 DOI 10.17487/RFC6020, October 2010, 2033 . 2035 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2036 and A. Bierman, Ed., "Network Configuration Protocol 2037 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2038 . 2040 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2041 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2042 . 2044 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2045 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2046 . 2048 [RFC7224] Bjorklund, M., "IANA Interface Type YANG Module", 2049 RFC 7224, DOI 10.17487/RFC7224, May 2014, 2050 . 2052 [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. 2053 Farrer, "Lightweight 4over6: An Extension to the Dual- 2054 Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, 2055 July 2015, . 2057 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 2058 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 2059 Port with Encapsulation (MAP-E)", RFC 7597, 2060 DOI 10.17487/RFC7597, July 2015, 2061 . 2063 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 2064 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 2065 Configuration of Softwire Address and Port-Mapped 2066 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 2067 . 2069 [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., 2070 and T. Murakami, "Mapping of Address and Port using 2071 Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 2072 2015, . 2074 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2075 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2076 . 2078 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2079 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2080 . 2082 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2083 Access Control Model", STD 91, RFC 8341, 2084 DOI 10.17487/RFC8341, March 2018, 2085 . 2087 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 2088 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 2089 . 2091 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2092 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2093 . 2095 [TUNNELTYPE-IANA-REGISTRY] 2096 Internet Assigned Numbers Authority, "tunnelType 2097 Definitions", . 2100 14.2. Informative References 2102 [I-D.ietf-opsawg-nat-yang] 2103 Boucadair, M., Sivakumar, S., Jacquenet, C., Vinapamula, 2104 S., and Q. Wu, "A YANG Module for Network Address 2105 Translation (NAT) and Network Prefix Translation (NPT)", 2106 draft-ietf-opsawg-nat-yang-17 (work in progress), 2107 September 2018. 2109 [I-D.ietf-softwire-dslite-yang] 2110 Boucadair, M., Jacquenet, C., and S. Sivakumar, "A YANG 2111 Data Model for Dual-Stack Lite (DS-Lite)", draft-ietf- 2112 softwire-dslite-yang-17 (work in progress), May 2018. 2114 [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms 2115 for IPv6 Hosts and Routers", RFC 4213, 2116 DOI 10.17487/RFC4213, October 2005, 2117 . 2119 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 2120 Stack Lite Broadband Deployments Following IPv4 2121 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 2122 . 2124 [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to 2125 the IPv4 Address Shortage", RFC 6346, 2126 DOI 10.17487/RFC6346, August 2011, 2127 . 2129 [RFC7422] Donley, C., Grundemann, C., Sarawat, V., Sundaresan, K., 2130 and O. Vautrin, "Deterministic Address Mapping to Reduce 2131 Logging in Carrier-Grade NAT Deployments", RFC 7422, 2132 DOI 10.17487/RFC7422, December 2014, 2133 . 2135 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2136 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2137 . 2139 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 2140 and R. Wilton, "Network Management Datastore Architecture 2141 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 2142 . 2144 [RFC8344] Bjorklund, M., "A YANG Data Model for IP Management", 2145 RFC 8344, DOI 10.17487/RFC8344, March 2018, 2146 . 2148 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 2149 Routing Management (NMDA Version)", RFC 8349, 2150 DOI 10.17487/RFC8349, March 2018, 2151 . 2153 Appendix A. Configuration Examples 2155 The following sections provide examples of how the softwire YANG 2156 modules can be used for configuring softwire elements. 2158 A.1. Configuration Example for a lw4o6 BR Binding-Table 2160 The lwAFTR maintains an address binding table which contains the 2161 following 3-tuples: 2163 o IPv6 Address for a single lwB4 2165 o Public IPv4 Address 2167 o Restricted port-set 2169 The entry has two functions: the IPv6 encapsulation of inbound IPv4 2170 packets destined to the lwB4 and the validation of outbound IPv4-in- 2171 IPv6 packets received from the lwB4 for de-capsulation. 2173 Consider an example for the following lw4o6 binding table entry: 2175 lwB4 Binding IPv6 Address: 2001:db8::1 2177 lwB4 Binding IPv4 Address: 192.0.2.1 2179 lwB4 PSID: 0x34 2181 lwB4 PSID Length 8 2183 BR IPv6 Address: 2001:db8:1::2 2184 2185 2186 2187 mybinding-instance 2188 2189 2190 2001:db8::1 2191 192.0.2.1 2192 2193 52 2194 8 2195 2196 2001:db8:1::2 2197 2198 2199 1024 2200 1540 2201 1500 2202 2203 2204 2206 Figure 3: lw4o6 Binding-Table Configuration XML 2208 A.2. Configuration Example for a MAP-E BR 2210 A MAP-E BR is configured with forward mapping rules for the CEs it is 2211 serving. In this example (taken from [RFC7597], Appendix A, Example 2212 2), the following parameters are required: 2214 o Rule IPv6 Prefix 2216 o Rule IPv4 Prefix 2218 o Rule EA-bit bit length 2220 o IPv6 Address of MAP-BR 2222 The mapping rule has two functions: identifying the destination CE 2223 IPv6 address for encapsulating inbound IPv4 packets and the 2224 validation of outbound IPv4-in-IPv6 packets received from the CE for 2225 de-capsulation. 2227 The transport type for the data plane also needs to be configured for 2228 encapsulation to enable MAP-E and forwarding needs to be enabled. 2230 Consider an example for the following MAP-E Forwarding Mapping Rule: 2232 Data plane: encapsulation 2234 Rule IPv6 Prefix: 2001:db8::/40 2236 Rule IPv4 Prefix: 192.0.2.0/24 2238 Rule EA-bit Length: 16 2240 BR IPv6 Address: 2001:db8:ffff::1 2242 Figure 4 provides the example MAP-E BR configuration xml. 2244 2245 2246 2247 myalgo-instance 2248 2249 2001:db8:ffff::1 2250 2251 16 2252 192.0.2.0/24 2253 2001:db8::/40 2254 true 2255 2256 6 2257 8 2258 2259 2260 2261 2263 Figure 4: MAP-E FMR Configuration XML 2265 A.3. lw4o6 CE Configuration Example 2267 This section provides XML examples for configuring a lw4o6 CE. 2268 Examples for routing and NAT44 are also provided for convienience. 2270 Consider an example for the following lw4o6 CE configuration: 2272 lwB4 Binding IPv6 Address: 2001:db8::1 2274 lwB4 Binding IPv4 Address: 192.0.2.1 2276 lwB4 PSID: 0x34 2278 lwB4 PSID Length 8 2279 BR IPv6 Address: 2001:db8:1::2 2281 2282 2283 2284 lw4o6-wan 2285 iana-tunnel-type:aplusp 2286 2288 2001:db8:1::2 2289 2290 2292 2001:db8::1 2293 2294 2295 2296 2298 Figure 5: lw4o6 CE Configuration XML 2300 In the example depicted in Figure 5, the interface name is defined 2301 for the softwire tunnel. This name is then referenced by the routing 2302 configuration for the IPv4 route. Figure 6 provides an example 2303 configuration for the CE's IPv4 routing, using the YANG module 2304 described in [RFC8349]. 2306 2307 2308 2309 2310 static 2311 v4 2312 2313 2315 2316 0.0.0.0/0 2317 2318 lw4o6-wan 2319 2320 2321 2322 2323 2324 2325 2326 2328 Figure 6: lw4o6 CE Routing Configuration XML 2330 Figure 7 provides an example configuration for the CE's NAPT44 2331 function, using the YANG module described in 2332 [I-D.ietf-opsawg-nat-yang]. 2334 2335 2336 2337 2338 1 2339 2340 1 2341 2342 1 2343 192.0.2.1 2344 2345 2346 2347 6 2348 8 2349 52 2350 2351 2352 2353 1 2354 80 2355 2356 2357 2358 2359 1 2360 8 2361 2362 2363 6 2364 32 2365 2366 2367 17 2368 16 2369 2370 2371 2372 2373 1 2374 192.0.2.1/32 2375 192.168.1.0/24 2376 6 2377 2378 2379 2 2380 192.0.2.1/32 2381 192.168.1.0/24 2382 17 2383 2384 2385 3 2386 192.0.2.1/32 2387 192.168.1.0/24 2388 1 2389 2390 2391 2392 2393 2394 2396 Figure 7: lw4o6 NAT Configuration XML 2398 Authors' Addresses 2400 Ian Farrer (editor) 2401 Deutsche Telekom AG 2402 CTO-ATI, Landgrabenweg 151 2403 Bonn, NRW 53227 2404 Germany 2406 Email: ian.farrer@telekom.de 2408 Mohamed Boucadair (editor) 2409 Orange 2410 Rennes 35000 2411 France 2413 Email: mohamed.boucadair@orange.com