idnits 2.17.1 draft-ietf-softwire-yang-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 270 has weird spacing: '...-prefix ine...' == Line 271 has weird spacing: '...-prefix ine...' == Line 317 has weird spacing: '...-change ine...' == Line 489 has weird spacing: '...-prefix ine...' == Line 490 has weird spacing: '...-prefix ine...' -- The document date (January 29, 2019) is 1914 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC6020' is defined on line 2029, but no explicit reference was found in the text == Outdated reference: A later version (-07) exists of draft-ietf-softwire-iftunnel-03 -- Possible downref: Non-RFC (?) normative reference: ref. 'TUNNELTYPE-IANA-REGISTRY' Summary: 0 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire Working Group I. Farrer, Ed. 3 Internet-Draft Deutsche Telekom AG 4 Intended status: Standards Track M. Boucadair, Ed. 5 Expires: August 2, 2019 Orange 6 January 29, 2019 8 YANG Modules for IPv4-in-IPv6 Address plus Port (A+P) Softwires 9 draft-ietf-softwire-yang-16 11 Abstract 13 This document defines YANG modules for the configuration and 14 operation of IPv4-in-IPv6 softwire Border Relays and Customer 15 Premises Equipment for the Lightweight 4over6, Mapping of Address and 16 Port with Encapsulation (MAP-E), and Mapping of Address and Port 17 using Translation (MAP-T) softwire mechanisms. 19 Editorial Note (To be removed by RFC Editor) 21 Please update these statements within this document with the RFC 22 number to be assigned to this document: 24 o "This version of this YANG module is part of RFC XXXX;" 26 o "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 27 Softwires"; 29 o "reference: RFC XXXX" 31 Please update the "revision" date of the YANG modules. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on August 2, 2019. 50 Copyright Notice 52 Copyright (c) 2019 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. Overview of the Modules . . . . . . . . . . . . . . . . . . . 4 70 3.1. Overall Structure . . . . . . . . . . . . . . . . . . . . 4 71 3.2. Additional Components Configuration . . . . . . . . . . . 5 72 4. Softwire CE YANG Tree Diagram . . . . . . . . . . . . . . . . 5 73 4.1. CE Tree Diagram . . . . . . . . . . . . . . . . . . . . . 5 74 4.2. Softwire CE Tree Diagram Description . . . . . . . . . . 7 75 5. Softwire BR YANG Tree Diagram . . . . . . . . . . . . . . . . 8 76 5.1. BR Tree Diagram . . . . . . . . . . . . . . . . . . . . . 9 77 5.2. Softwire BR Tree Diagram Description . . . . . . . . . . 12 78 6. Softwire CE YANG Module . . . . . . . . . . . . . . . . . . . 13 79 7. BR Softwire YANG Module . . . . . . . . . . . . . . . . . . . 18 80 8. Common Softwire Element Groups YANG Module . . . . . . . . . 31 81 9. Security Considerations . . . . . . . . . . . . . . . . . . . 39 82 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 83 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 41 84 12. Contributing Authors . . . . . . . . . . . . . . . . . . . . 42 85 13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 42 86 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 43 87 14.1. Normative References . . . . . . . . . . . . . . . . . . 43 88 14.2. Informative References . . . . . . . . . . . . . . . . . 44 89 Appendix A. Configuration Examples . . . . . . . . . . . . . . . 46 90 A.1. Configuration Example for a lw4o6 BR Binding-Table . . . 46 91 A.2. Configuration Example for a MAP-E BR . . . . . . . . . . 47 92 A.3. lw4o6 CE Configuration Example . . . . . . . . . . . . . 48 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 51 95 1. Introduction 97 The IETF Softwire working group has developed several IPv4-in-IPv6 98 softwire mechanisms to address various deployment contexts and 99 constraints. As a companion to the architectural specification 100 documents, this document focuses on the provisioning of address plus 101 port (A+P) softwire functional elements: Border Routers (BRs) and 102 Customer Premises Equipment (CEs, a.k.a., CPE). The softwire 103 mechanisms covered in this document are Lightweight 4 over 6 (lw4o6) 104 [RFC7596], Mapping of Address and Port with Encapsulation (MAP-E) 105 [RFC7597], and Mapping of Address and Port using Translation (MAP-T) 106 [RFC7599]. 108 This document focuses on A+P mechanisms [RFC6346]; the reader can 109 refer to [RFC8513] for a YANG module for DS-Lite [RFC6333]. 111 This document defines YANG modules [RFC7950] that can be used to 112 configure and manage A+P softwire elements using the NETCONF 113 [RFC6241], or RESTCONF [RFC8040] protocols for: 115 o Configuration 117 o Operational State 119 o Notifications 121 2. Terminology 123 The reader should be familiar with the concepts and terms defined in 124 [RFC7596], [RFC7597], [RFC7599], and the YANG data modelling language 125 defined in [RFC7950]. 127 The YANG modules in this document adopt the Network Management 128 Datastore Architecture (NMDA) [RFC8342]. The meanings of the symbols 129 used in tree diagrams are defined in [RFC8340]. 131 The document uses the abbrieviation 'BR' as a general term for 132 softwire tunnel concentrators, including both MAP Border Routers 133 [RFC7597] and Lightweight 4over6 lWAFTRs [RFC7596]. 135 For brevity, "algorithm" is used to refer to the "mapping algorithm" 136 defined in [RFC7597]. 138 A network element may support one or multiple instances of a softwire 139 mechanism; each of these instances (i.e., binding instances, MAP-E 140 instances, or MAP-T instances) may have its own configuration and 141 parameters. The term 'algo-instance' is used to denote both MAP-E 142 and MAP-T instances. 144 3. Overview of the Modules 146 3.1. Overall Structure 148 The document defines the following two YANG modules for the 149 configuration and monitoring of softwire functional elements: 151 ietf-softwire-ce Provides configuration and monitoring for 152 softwire CE element. This module is defined as 153 augments to the interface YANG module 154 [RFC8343]. 156 ietf-softwire-br Provides configuration and monitoring for 157 softwire BR element. 159 In addition, the following module is defined: 161 ietf-softwire-common Contains groups of common functions that are 162 imported into the CE and BR modules. 164 This approach has been taken so that the various modules can be 165 easily extended to support additional softwire mechanisms, if 166 required. 168 Within the BR and CE modules, the YANG "feature" statement is used to 169 distinguish which of the different softwire mechanism(s) is relevant 170 for a specific element's configuration. For each module, a choice 171 statement 'ce-type' is included for either 'binding' or 'algorithm'. 172 'Binding' is used for configuring Lightweight 4over6, whereas 173 'algorithm' is used for configuring MAP-T or MAP-E. 175 In the 'algo-instances' container, a choice statement 'data-plane' is 176 included to specify MAP-E (encapsulation) or MAP-T (translation). 177 Table 1 shows how these choices are used to indicate the desired 178 softwire mechanism: 180 +--------------------+-----------+---------------+ 181 | S46 Mechanism | ce-type? | data-plane? | 182 +--------------------+-----------+---------------+ 183 | Lightweight 4over6 | binding | n/a | 184 | MAP-E | algorithm | encapsulation | 185 | MAP-T | algorithm | translation | 186 +--------------------+-----------+---------------+ 188 Table 1: Softwire Mechanism Choice Statement Enumeration 190 NETCONF notifications are also included. 192 Note: Earlier versions of this specification combined the softwire 193 mechanisms by their associated technologies rather than their 194 function in the architecture. As the document was revised, it 195 became apparent that dividing the modules by their role in the 196 architecture (CE or BR) was a better approach as this follows the 197 intended function and existing implementation approaches more 198 closely. 200 3.2. Additional Components Configuration 202 The softwire modules only aim to provide configuration relevant for 203 softwires. In order to fully provision a CE element, the following 204 may also be necessary: 206 o IPv6 forwarding and routing configuration, enabling the CE to 207 obtain one or more IPv6 prefixes for softwire usage. A YANG 208 module for routing management is described in [RFC8349]. 210 o IPv4 routing configuration, to add one or more IPv4 destination 211 prefix(es) reachable via the configured softwire. A YANG module 212 for routing management is described in [RFC8349]. 214 o Stateful NAT44/NAPT management, to optionally specify a port set 215 (Port Set Identifier (PSID)) along with its length. A YANG module 216 for NAT management is described in [RFC8512]. 218 o Stateless NAT46 management, required by softwire translation based 219 mechanisms (i.e., the assignment of a Network-Specific Prefix to 220 use for IPv4/IPv6 translation). A YANG module for NAT management 221 is described in [RFC8512]. 223 As YANG modules for the above functions are already defined in other 224 documents, their functionality is not duplicated here and they should 225 be referred to, as needed. Appendix A.3 provides XML examples of how 226 these modules can be used together. 228 The CE must already have minimal IPv6 configuration in place so it is 229 reachable by the NETCONF client to obtain softwire configuration. If 230 additional IPv6 specific configuration is necessary, the YANG modules 231 defined in [RFC8344] and [RFC8349] may be used. 233 4. Softwire CE YANG Tree Diagram 235 4.1. CE Tree Diagram 237 The CE module provides configuration and monitoring for all of the 238 softwire mechanisms covered in this document (i.e., Lightweight 239 4over6, MAP-E, and MAP-T). 241 This module augments "ietf-interfaces", defined in [RFC8343] with an 242 entry for the softwire. This entry can be referenced to configure 243 IPv4 forwarding features for the element. This entry is added only 244 if tunnel type (Section 10) is set to 'aplusp'. 246 Figure 1 shows the tree structure of the softwire CE YANG module: 248 module: ietf-softwire-ce 249 augment /if:interfaces/if:interface: 250 +--rw softwire-payload-mtu? uint16 251 +--rw softwire-path-mru? uint16 252 +--rw (ce-type)? 253 +--:(binding) {binding-mode}? 254 | +--rw binding-ipv6info? union 255 | +--rw br-ipv6-addr inet:ipv6-address 256 +--:(algo) {map-e or map-t}? 257 +--rw algo-instances 258 +--rw algo-instance* [name] 259 +--rw name string 260 +--rw enable? boolean 261 +--rw algo-versioning 262 | +--rw version? uint64 263 | +--rw date? yang:date-and-time 264 +--rw (data-plane)? 265 | +--:(encapsulation) {map-e}? 266 | | +--rw br-ipv6-addr inet:ipv6-address 267 | +--:(translation) {map-t}? 268 | +--rw dmr-ipv6-prefix? inet:ipv6-prefix 269 +--rw ea-len uint8 270 +--rw rule-ipv6-prefix inet:ipv6-prefix 271 +--rw rule-ipv4-prefix inet:ipv4-prefix 272 +--rw forwarding boolean 273 augment /if:interfaces/if:interface/if:statistics: 274 +--ro sent-ipv4-packets? 275 | yang:zero-based-counter64 276 +--ro sent-ipv4-bytes? 277 | yang:zero-based-counter64 278 +--ro sent-ipv6-packets? 279 | yang:zero-based-counter64 280 +--ro sent-ipv6-bytes? 281 | yang:zero-based-counter64 282 +--ro rcvd-ipv4-packets? 283 | yang:zero-based-counter64 284 +--ro rcvd-ipv4-bytes? 285 | yang:zero-based-counter64 286 +--ro rcvd-ipv6-packets? 287 | yang:zero-based-counter64 288 +--ro rcvd-ipv6-bytes? 289 | yang:zero-based-counter64 290 +--ro dropped-ipv4-packets? 291 | yang:zero-based-counter64 292 +--ro dropped-ipv4-bytes? 293 | yang:zero-based-counter64 294 +--ro dropped-ipv6-packets? 295 | yang:zero-based-counter64 296 +--ro dropped-ipv6-bytes? 297 | yang:zero-based-counter64 298 +--ro dropped-ipv4-fragments? 299 | yang:zero-based-counter64 300 +--ro dropped-ipv4-fragment-bytes? 301 | yang:zero-based-counter64 302 +--ro ipv6-fragments-reassembled? 303 | yang:zero-based-counter64 304 +--ro ipv6-fragments-bytes-reassembled? 305 | yang:zero-based-counter64 306 +--ro out-icmpv4-error-packets? 307 | yang:zero-based-counter64 308 +--ro out-icmpv4-error-bytes? 309 | yang:zero-based-counter64 310 +--ro out-icmpv6-error-packets? 311 | yang:zero-based-counter64 312 +--ro out-icmpv6-error-bytes? 313 yang:zero-based-counter64 315 notifications: 316 +---n softwire-ce-event {binding-mode}? 317 +--ro ce-binding-ipv6-addr-change inet:ipv6-address 319 Figure 1: Softwire CE YANG Tree Diagram 321 4.2. Softwire CE Tree Diagram Description 323 Additional information related to the operation of a CE element is 324 provided below: 326 o softwire-payload-mtu: optionally used to set the IPv4 MTU for the 327 softwire. Needed if the softwire implementation is unable to 328 correctly calculate the correct IPv4 Maximum Transit Unit (MTU) 329 size automatically. 331 o softwire-path-mru: optionally used to set the maximum IPv6 332 softwire packet size that can be received, including the 333 encapsulation/translation overhead. Needed if the softwire 334 implementation is unable to correctly calculate the correct IPv4 335 payload Maximum Receive Unit (MRU) size automatically (see 336 Section 3.2 of [RFC4213]). 338 o ce-type: provides a choice statement allowing the binding or 339 algorithmic softwire mechanisms to be selected. 341 Further details relevant to binding softwire elements are: 343 o binding-ipv6info: used to set the IPv6 binding prefix type to 344 identify which IPv6 address to use as the tunnel source. It can 345 be 'ipv6-prefix' or 'ipv6-address'. 347 o br-ipv6-addr: sets the IPv6 address of the remote BR. 349 Additional details relevant to some of the important algorithmic 350 elements are provided below: 352 o algo-versioning: optionally used to associate a version number 353 and/or timestamp to the algorithm. This can be used for logging/ 354 data retention purposes [RFC7422]. The version number is selected 355 to uniquely identify the algorithm configuration and a new value 356 written whenever a change is made to the algorithm or a new algo- 357 instance is created. 359 o forwarding: specifies whether the rule can be used as a Forward 360 Mapping Rule (FMR). If not set, this rule is a Basic Mapping Rule 361 (BMR) only and must not be used for forwarding. Refer to 362 Section 4.1 of [RFC7598]. 364 o ea-len: used to set the length of the Embedded-Address (EA), which 365 is defined in the mapping rule for a MAP domain. 367 o data-plane: provides a choice statement for either encapsulation 368 (MAP-E) or translation (MAP-T). 370 o br-ipv6-addr: defines the IPv6 address of the BR. This 371 information is valid for MAP-E. 373 o dmr-ipv6-prefix: defines the Default Mapping Rule (DMR) IPv6 374 prefix of the BR. This information is valid for MAP-T. 376 Additional information on the notification node is listed below: 378 o ce-binding-ipv6-addr-change: if the CE's binding IPv6 address 379 changes for any reason, the NETCONF client will be notified. 381 5. Softwire BR YANG Tree Diagram 382 5.1. BR Tree Diagram 384 The BR YANG module provides configuration and monitoring for all of 385 the softwire mechanisms covered in this document (i.e., Lightweight 386 4over6, MAP-E, and MAP-T). 388 Figure 2 provides the tree structure of this module: 390 module: ietf-softwire-br 391 +--rw br-instances 392 +--rw (br-type)? 393 +--:(binding) {binding-mode}? 394 | +--rw binding 395 | +--rw bind-instance* [name] 396 | +--rw name string 397 | +--rw binding-table-versioning 398 | | +--rw version? uint64 399 | | +--rw date? yang:date-and-time 400 | +--rw softwire-num-max uint32 401 | +--rw softwire-payload-mtu uint16 402 | +--rw softwire-path-mru uint16 403 | +--rw enable-hairpinning? boolean 404 | +--rw binding-table 405 | | +--rw binding-entry* [binding-ipv6info] 406 | | +--rw binding-ipv6info union 407 | | +--rw binding-ipv4-addr? 408 | | | inet:ipv4-address 409 | | +--rw port-set 410 | | | +--rw psid-offset? uint8 411 | | | +--rw psid-len uint8 412 | | | +--rw psid uint16 413 | | +--rw br-ipv6-addr? 414 | | inet:ipv6-address 415 | +--rw icmp-policy 416 | | +--rw icmpv4-errors 417 | | | +--rw allow-incoming-icmpv4? boolean 418 | | | +--rw icmpv4-rate? uint32 419 | | | +--rw generate-icmpv4-errors? boolean 420 | | +--rw icmpv6-errors 421 | | +--rw generate-icmpv6-errors? boolean 422 | | +--rw icmpv6-rate? uint32 423 | +--ro traffic-stat 424 | +--ro discontinuity-time yang:date-and-time 425 | +--ro sent-ipv4-packets? 426 | | yang:zero-based-counter64 427 | +--ro sent-ipv4-bytes? 428 | | yang:zero-based-counter64 429 | +--ro sent-ipv6-packets? 430 | | yang:zero-based-counter64 431 | +--ro sent-ipv6-bytes? 432 | | yang:zero-based-counter64 433 | +--ro rcvd-ipv4-packets? 434 | | yang:zero-based-counter64 435 | +--ro rcvd-ipv4-bytes? 436 | | yang:zero-based-counter64 437 | +--ro rcvd-ipv6-packets? 438 | | yang:zero-based-counter64 439 | +--ro rcvd-ipv6-bytes? 440 | | yang:zero-based-counter64 441 | +--ro dropped-ipv4-packets? 442 | | yang:zero-based-counter64 443 | +--ro dropped-ipv4-bytes? 444 | | yang:zero-based-counter64 445 | +--ro dropped-ipv6-packets? 446 | | yang:zero-based-counter64 447 | +--ro dropped-ipv6-bytes? 448 | | yang:zero-based-counter64 449 | +--ro dropped-ipv4-fragments? 450 | | yang:zero-based-counter64 451 | +--ro dropped-ipv4-fragment-bytes? 452 | | yang:zero-based-counter64 453 | +--ro ipv6-fragments-reassembled? 454 | | yang:zero-based-counter64 455 | +--ro ipv6-fragments-bytes-reassembled? 456 | | yang:zero-based-counter64 457 | +--ro out-icmpv4-error-packets? 458 | | yang:zero-based-counter64 459 | +--ro out-icmpv4-error-bytes? 460 | | yang:zero-based-counter64 461 | +--ro out-icmpv6-error-packets? 462 | | yang:zero-based-counter64 463 | +--ro out-icmpv6-error-bytes? 464 | | yang:zero-based-counter64 465 | +--ro dropped-icmpv4-packets? 466 | | yang:zero-based-counter64 467 | +--ro dropped-icmpv4-bytes? 468 | | yang:zero-based-counter64 469 | +--ro hairpin-ipv4-packets? 470 | | yang:zero-based-counter64 471 | +--ro hairpin-ipv4-bytes? 472 | | yang:zero-based-counter64 473 | +--ro active-softwire-num? 474 | uint32 475 +--:(algo) {map-e or map-t}? 476 +--rw algorithm 477 +--rw algo-instance* [name] 478 +--rw name string 479 +--rw enable? boolean 480 +--rw algo-versioning 481 | +--rw version? uint64 482 | +--rw date? yang:date-and-time 483 +--rw (data-plane)? 484 | +--:(encapsulation) {map-e}? 485 | | +--rw br-ipv6-addr inet:ipv6-address 486 | +--:(translation) {map-t}? 487 | +--rw dmr-ipv6-prefix? inet:ipv6-prefix 488 +--rw ea-len uint8 489 +--rw rule-ipv6-prefix inet:ipv6-prefix 490 +--rw rule-ipv4-prefix inet:ipv4-prefix 491 +--rw forwarding boolean 492 +--rw port-set 493 | +--rw psid-offset? uint8 494 | +--rw psid-len uint8 495 | +--rw psid uint16 496 +--ro traffic-stat 497 +--ro discontinuity-time yang:date-and-time 498 +--ro sent-ipv4-packets? 499 | yang:zero-based-counter64 500 +--ro sent-ipv4-bytes? 501 | yang:zero-based-counter64 502 +--ro sent-ipv6-packets? 503 | yang:zero-based-counter64 504 +--ro sent-ipv6-bytes? 505 | yang:zero-based-counter64 506 +--ro rcvd-ipv4-packets? 507 | yang:zero-based-counter64 508 +--ro rcvd-ipv4-bytes? 509 | yang:zero-based-counter64 510 +--ro rcvd-ipv6-packets? 511 | yang:zero-based-counter64 512 +--ro rcvd-ipv6-bytes? 513 | yang:zero-based-counter64 514 +--ro dropped-ipv4-packets? 515 | yang:zero-based-counter64 516 +--ro dropped-ipv4-bytes? 517 | yang:zero-based-counter64 518 +--ro dropped-ipv6-packets? 519 | yang:zero-based-counter64 520 +--ro dropped-ipv6-bytes? 521 | yang:zero-based-counter64 522 +--ro dropped-ipv4-fragments? 523 | yang:zero-based-counter64 524 +--ro dropped-ipv4-fragment-bytes? 525 | yang:zero-based-counter64 526 +--ro ipv6-fragments-reassembled? 527 | yang:zero-based-counter64 528 +--ro ipv6-fragments-bytes-reassembled? 529 | yang:zero-based-counter64 530 +--ro out-icmpv4-error-packets? 531 | yang:zero-based-counter64 532 +--ro out-icmpv4-error-bytes? 533 | yang:zero-based-counter64 534 +--ro out-icmpv6-error-packets? 535 | yang:zero-based-counter64 536 +--ro out-icmpv6-error-bytes? 537 yang:zero-based-counter64 539 notifications: 540 +---n softwire-binding-instance-event {binding-mode}? 541 | +--ro bind-name? 542 | | -> /br-instances/binding/bind-instance/name 543 | +--ro invalid-entry* leafref 544 | +--ro added-entry* inet:ipv6-address 545 | +--ro modified-entry* leafref 546 +---n softwire-algorithm-instance-event {map-e, map-t}? 547 +--ro algo-name 548 | -> /br-instances/algorithm/algo-instance/name 549 +--ro invalid-entry-id* 550 | -> /br-instances/algorithm/algo-instance/name 551 +--ro added-entry* 552 | -> /br-instances/algorithm/algo-instance/name 553 +--ro modified-entry* 554 -> /br-instances/algorithm/algo-instance/name 556 Figure 2: Softwire BR YANG Tree 558 5.2. Softwire BR Tree Diagram Description 560 The descriptions for leaves which are common with the CE module are 561 provided in Section 4.2. Descriptions for additional elements are 562 provided below: 564 o binding-table-versioning: optionally used to associate a version 565 number and/or timestamp to the binding table. This can be used 566 for logging or data retention purposes [RFC7422]. The version 567 number is selected to uniquely identify the binding table 568 configuration and a new timestamp value written whenever a change 569 is made to the contents of the binding table or a new binding 570 table list is created. 572 o binding-entry: used to define the binding relationship between 573 3-tuples {lwB4's IPv6 address/prefix, the allocated IPv4 address, 574 restricted port-set}. For detail information, please refer to 575 [RFC7596]. 577 o softwire-num-max: used to set the maximum number of softwire 578 binding rules that can be created on the lw4o6 element 579 simultaneously. This paramter must not be set to zero because 580 this is equivalent to disabling the BR instance. 582 o active-softwire-num: holds the number of softwires currently 583 provisioned on the BR element. 585 Additional information on some of the important notification nodes is 586 listed below: 588 o invalid-entry, added-entry, modified-entry: used to notify the 589 NETCONF client that a specific binding entry or MAP rule has 590 expired, been invalidated, added, or modified. 592 6. Softwire CE YANG Module 594 This module imports the modules defined in [RFC6991], [RFC8343], and 595 [RFC7224]. It also imports the 'ietf-softwire-common' and 'iana- 596 tunnel-type' modules [I-D.ietf-softwire-iftunnel]. 598 file "ietf-softwire-ce@2019-01-11.yang" 600 module ietf-softwire-ce { 601 yang-version 1.1; 602 namespace "urn:ietf:params:xml:ns:yang:ietf-softwire-ce"; 603 prefix softwire-ce; 605 import ietf-inet-types { 606 prefix inet; 607 reference "Section 4 of RFC 6991"; 608 } 609 import ietf-interfaces { 610 prefix if; 611 reference "RFC 8343: A YANG Data Model for Interface Management"; 612 } 613 import ietf-softwire-common { 614 prefix softwire-common; 615 reference 616 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 617 Softwires"; 618 } 619 import iana-tunnel-type { 620 prefix iana-tunnel-type; 621 reference 622 "RFC YYYY: Tunnel Interface Types YANG Module"; 623 } 625 organization 626 "IETF Softwire Working Group"; 627 contact 628 "WG Web: 629 WG List: 631 Author: Qi Sun 632 634 Author: Linhui Sun 635 637 Author: Yong Cui 638 640 Editor: Ian Farrer 641 643 Author: Sladjana Zoric 644 646 Editor: Mohamed Boucadair 647 649 Author: Rajiv Asati 650 "; 651 description 652 "This document defines a YANG module for the configuration and 653 management of A+P Softwire Customer Premises Equipment (CEs). It 654 covers Lightweight 4over6, MAP-E, and MAP-T mechanisms. 656 Copyright (c) 2019 IETF Trust and the persons identified as 657 authors of the code. All rights reserved. 659 Redistribution and use in source and binary forms, with or 660 without modification, is permitted pursuant to, and subject 661 to the license terms contained in, the Simplified BSD License 662 set forth in Section 4.c of the IETF Trust's Legal Provisions 663 Relating to IETF Documents 664 (http://trustee.ietf.org/license-info). 666 This version of this YANG module is part of RFC XXXX; see 667 the RFC itself for full legal notices."; 669 revision 2019-01-11 { 670 description 671 "Initial revision."; 672 reference 673 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 674 Softwires"; 675 } 677 /* 678 * Features 679 */ 681 feature binding-mode { 682 description 683 "Binding is used for configuring the Lightweight 4over6 mechanism. 685 Binding based softwire mechanisms are IPv4-over-IPv6 tunnelling 686 transition mechanisms specifically intended for complete 687 independence between the IPv6 subnet prefix (and IPv6 address) 688 and IPv4 address, with or without IPv4 address sharing. 690 This is accomplished by maintaining state for each softwire 691 (per-subscriber state) in the central Border Relay (BR) and using 692 a hub-and-spoke forwarding architecture. In order to delegate the 693 NAPT function and achieve IPv4 address sharing, port-restricted 694 IPv4 addresses needs to be allocated to CEs. 696 This feature indicates that the network element can function as 697 one or more binding based softwire instances."; 698 reference 699 "RFC7596: Lightweight 4over6: An Extension to the Dual-Stack Lite 700 Architecture 701 RFC7597: Mapping of Address and Port with Encapsulation (MAP-E) 702 RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 703 } 705 feature map-e { 706 description 707 "MAP-E is an IPv6 transition mechanism for transporting IPv4 708 packets across an IPv6 network using IP encapsulation. MAP-E 709 allows for a reduction of the amount of centralized state using 710 rules to express IPv4/IPv6 address mappings. This introduces an 711 algorithmic relationship between the IPv6 subnet and IPv4 712 address. 714 This feature indicates that the network element can function as 715 one or more MAP-E softwire instances."; 716 reference 717 "RFC7597: Mapping of Address and Port with Encapsulation (MAP-E)"; 718 } 720 feature map-t { 721 description 722 "MAP-T is an IPv6 transition mechanism for transporting IPv4 723 packets across an IPv6 network using IP translation. It leverages 724 a double stateless NAT64 based solution as well as the stateless 725 algorithmic address & transport layer port mapping algorithm 726 defined for MAP-E. 728 This feature indicates that the network element can function as 729 one or more MAP-T softwire instances."; 730 reference 731 "RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 732 } 734 // Binding Entry 736 grouping binding-entry { 737 description 738 "The binding BR (Border Relay) maintains an address binding table 739 that contains the binding between the CE's IPv6 address, 740 the allocated IPv4 address and restricted port-set."; 741 leaf binding-ipv6info { 742 type union { 743 type inet:ipv6-address; 744 type inet:ipv6-prefix; 745 } 746 description 747 "The IPv6 information for a binding entry. 749 When the IPv6 prefix type is used, 750 the IPv6 source address of the CE is constructed 751 according to the description in RFC7596. 753 If the IPv6 address type is used, the CE can use 754 any valid /128 address from a prefix assigned to 755 the CE."; 756 reference "Section 5.1 of RFC7596."; 757 } 758 leaf br-ipv6-addr { 759 type inet:ipv6-address; 760 mandatory true; 761 description 762 "The IPv6 address of the binding BR."; 763 } 764 } 765 // configuration and stateful parameters for softwire CE interface 767 augment "/if:interfaces/if:interface" { 768 when "derived-from(if:type, 'iana-tunnel-type:aplusp')"; 769 description 770 "Softwire CE interface configuration"; 771 leaf softwire-payload-mtu { 772 type uint16; 773 units "bytes"; 774 description 775 "The payload IPv4 MTU for the softwire tunnel."; 776 } 777 leaf softwire-path-mru { 778 type uint16; 779 units "bytes"; 780 description 781 "The path MRU for the softwire (payload + encapsulation 782 overhead)."; 783 reference 784 "RFC 4213: Basic Transition Mechanisms for IPv6 Hosts and 785 Routers"; 786 } 787 choice ce-type { 788 description 789 "Sets the softwire CE mechanism"; 790 case binding { 791 if-feature "binding-mode"; 792 description 793 "CE binding configuration"; 794 uses binding-entry; 795 } 796 case algo { 797 if-feature "map-e or map-t"; 798 description 799 "CE algorithm configuration"; 800 container algo-instances { 801 description 802 "Collection of MAP-E/MAP-T parameters"; 803 list algo-instance { 804 key "name"; 805 description 806 "MAP forwarding rule instance for 807 MAP-E/MAP-T"; 808 leaf name { 809 type string; 810 mandatory true; 811 description 812 "The name is used to uniquely identify an algorithm 813 instance. 815 This name can be automatically assigned 816 or explicitly configured."; 817 } 818 uses softwire-common:algorithm-instance; 819 } 820 } 821 } 822 } 823 } 824 augment "/if:interfaces/if:interface/if:statistics" { 825 when "derived-from(../if:type, 'iana-tunnel-type:aplusp')"; 826 description 827 "Softwire CE interface statistics."; 828 uses softwire-common:traffic-stat; 829 } 831 /* 832 * Notifications 833 */ 835 notification softwire-ce-event { 836 if-feature "binding-mode"; 837 description 838 "CE notification"; 839 leaf ce-binding-ipv6-addr-change { 840 type inet:ipv6-address; 841 mandatory true; 842 description 843 "This notification is generated whenever the CE's binding IPv6 844 address changes for any reason."; 845 } 846 } 847 } 848 850 7. BR Softwire YANG Module 852 This module imports typedefs from [RFC6991]. It also imports the 853 'ietf-softwire-common' module. 855 file "ietf-softwire-br@2019-01-11.yang" 857 module ietf-softwire-br { 858 yang-version 1.1; 859 namespace "urn:ietf:params:xml:ns:yang:ietf-softwire-br"; 860 prefix softwire-br; 861 import ietf-inet-types { 862 prefix inet; 863 reference "Section 4 of RFC 6991"; 864 } 865 import ietf-yang-types { 866 prefix yang; 867 reference "Section 3 of RFC 6991"; 868 } 869 import ietf-softwire-common { 870 prefix softwire-common; 871 reference 872 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 873 Softwires"; 874 } 876 organization 877 "IETF Softwire Working Group"; 878 contact 879 "WG Web: 880 WG List: 882 Author: Qi Sun 883 885 Author: Linhui Sun 886 888 Author: Yong Cui 889 891 Editor: Ian Farrer 892 894 Author: Sladjana Zoric 895 897 Editor: Mohamed Boucadair 898 900 Author: Rajiv Asati 901 "; 903 description 904 "This document defines a YANG module for the configuration and 905 management of A+P Softwire Border Routers. It covers Lightweight 906 4over6, MAP-E, and MAP-T mechanisms. 908 Copyright (c) 2019 IETF Trust and the persons identified as 909 authors of the code. All rights reserved. 911 Redistribution and use in source and binary forms, with or 912 without modification, is permitted pursuant to, and subject 913 to the license terms contained in, the Simplified BSD License 914 set forth in Section 4.c of the IETF Trust's Legal Provisions 915 Relating to IETF Documents 916 (http://trustee.ietf.org/license-info). 918 This version of this YANG module is part of RFC XXXX; see 919 the RFC itself for full legal notices."; 921 revision 2019-01-11 { 922 description 923 "Initial revision."; 924 reference 925 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 926 Softwires"; 927 } 929 /* 930 * Groupings 931 */ 933 grouping port-set { 934 description 935 "Describes a set of layer 4 port numbers. 937 This may be a simple port range, or use the Port Set 938 Identifier (PSID) algorithm to represent a range of transport 939 layer ports which will be used by a NAPT."; 940 leaf psid-offset { 941 type uint8 { 942 range "0..16"; 943 } 944 description 945 "The number of offset bits. In Lightweight 4over6, 946 the default value is 0 for assigning one contiguous 947 port range. In MAP-E/T, the default value is 6, 948 which means the system ports (0-1023) are excluded by 949 default and the assigned port ranges are distributed across 950 the entire port space, depending on either psid-len or the 951 number of contiguous ports."; 952 } 953 leaf psid-len { 954 type uint8 { 955 range "0..15"; 956 } 957 mandatory true; 958 description 959 "The length of PSID, representing the sharing 960 ratio for an IPv4 address. This, along with ea-len, can 961 be used to calculate the number of contiguous ports per 962 port range"; 963 } 964 leaf psid { 965 type uint16; 966 mandatory true; 967 description 968 "Port Set Identifier (PSID) value, which 969 identifies a set of ports algorithmically."; 970 } 971 } 973 grouping binding-entry { 974 description 975 "The binding BR maintains an address binding table that 976 contains the binding between the CE's IPv6 address, 977 the allocated IPv4 address and restricted port-set."; 978 leaf binding-ipv6info { 979 type union { 980 type inet:ipv6-address; 981 type inet:ipv6-prefix; 982 } 983 description 984 "The IPv6 information for a CE binding entry. 985 When the IPv6 prefix type is used, 986 the IPv6 source address of the CE is constructed 987 according to the description in RFC7596; 988 if the IPv6 address type is used, the CE can use 989 any valid /128 address from a prefix assigned to 990 the CE."; 991 reference 992 "RFC7596: Lightweight 4over6: An Extension to the Dual-Stack 993 Lite Architecture"; 994 } 995 leaf binding-ipv4-addr { 996 type inet:ipv4-address; 997 description 998 "The IPv4 address assigned to the binding CE, 999 which is used as the IPv4 external address 1000 for binding CE local NAPT44."; 1001 } 1002 container port-set { 1003 description 1004 "For Lightweight 4over6, the default value 1005 for offset should be 0, to configure one contiguous 1006 port range."; 1007 uses port-set { 1008 refine "psid-offset" { 1009 default "0"; 1010 } 1011 } 1012 } 1013 leaf br-ipv6-addr { 1014 type inet:ipv6-address; 1015 description 1016 "The IPv6 address for binding BR."; 1017 } 1018 } 1020 /* 1021 * Features 1022 */ 1024 feature binding-mode { 1025 description 1026 "Binding is used for configuring the Lightweight 4over6 mechanism. 1028 Binding based softwire mechanisms are IPv4-over-IPv6 tunnelling 1029 transition mechanisms specifically intended for complete 1030 independence between the IPv6 subnet prefix (and IPv6 address) 1031 and IPv4 address, with or without IPv4 address sharing. 1033 This is accomplished by maintaining state for each softwire 1034 (per-subscriber state) in the central Border Relay (BR) and using 1035 a hub-and-spoke forwarding architecture. In order to delegate the 1036 NAPT function and achieve IPv4 address sharing, port-restricted 1037 IPv4 addresses needs to be allocated to CEs. 1039 This feature indicates that the network element can function as 1040 one or more binding based softwire instances."; 1041 reference 1042 "RFC7596: Lightweight 4over6: An Extension to the Dual-Stack Lite 1043 Architecture 1044 RFC7597: Mapping of Address and Port with Encapsulation (MAP-E) 1045 RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 1046 } 1048 feature map-e { 1049 description 1050 "MAP-E is an IPv6 transition mechanism for transporting IPv4 1051 packets across an IPv6 network using IP encapsulation. MAP-E 1052 allows for a reduction of the amount of centralized state using 1053 rules to express IPv4/IPv6 address mappings. This introduces an 1054 algorithmic relationship between the IPv6 subnet and IPv4 1055 address. 1057 This feature indicates that the network element can function as 1058 one or more MAP-E softwire instances."; 1059 reference 1060 "RFC7597: Mapping of Address and Port with Encapsulation (MAP-E)"; 1061 } 1063 feature map-t { 1064 description 1065 "MAP-T is an IPv6 transition mechanism for transporting IPv4 1066 packets across an IPv6 network using IP translation. It leverages 1067 a double stateless NAT64 based solution as well as the stateless 1068 algorithmic address & transport layer port mapping algorithm 1069 defined for MAP-E. 1071 This feature indicates that the network element can function as 1072 one or more MAP-T softwire instances."; 1073 reference 1074 "RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 1075 } 1077 container br-instances { 1078 description 1079 "BR instances enabled in a network element."; 1080 choice br-type { 1081 description 1082 "Select binding or algorithmic BR functionality."; 1083 case binding { 1084 if-feature "binding-mode"; 1085 container binding { 1086 description 1087 "binding mechanism (binding table) configuration."; 1088 list bind-instance { 1089 key "name"; 1090 description 1091 "A set of binding instances to be configured."; 1092 leaf name { 1093 type string; 1094 mandatory true; 1095 description 1096 "The name for the binding BR. It is used to uniquely 1097 distinguish a binding instance by its name."; 1098 } 1099 container binding-table-versioning { 1100 description 1101 "binding table's version"; 1102 leaf version { 1103 type uint64; 1104 description 1105 "Version number for this binding table."; 1106 } 1107 leaf date { 1108 type yang:date-and-time; 1109 description 1110 "Timestamp when the binding table was activated. 1112 A binding instance may be provided with binding 1113 entries that may change in time (e.g., increase 1114 the size of the port set). When a party who is the 1115 victim of abuse presents an external IP address/port, 1116 the version of the binding table is important 1117 because depending on the version, a distinct customer 1118 may be identified. 1120 The timestamp is used as a key to find the 1121 appropriate binding table that was put into effect 1122 when an abuse occurred."; 1123 reference 1124 "RFC7422: Deterministic Address Mapping to Reduce 1125 Logging in Carrier-Grade NAT Deployments"; 1126 } 1127 } 1128 leaf softwire-num-max { 1129 type uint32 { 1130 range "1..max"; 1131 } 1132 mandatory true; 1133 description 1134 "The maximum number of softwires that can be created 1135 on the binding BR."; 1136 } 1137 leaf softwire-payload-mtu { 1138 type uint16; 1139 units "bytes"; 1140 mandatory true; 1141 description 1142 "The payload IPv4 MTU for binding softwire."; 1143 } 1144 leaf softwire-path-mru { 1145 type uint16; 1146 units "bytes"; 1147 mandatory true; 1148 description 1149 "The path MRU for binding softwire."; 1150 reference 1151 "RFC4213: Basic Transition Mechanisms for IPv6 Hosts 1152 and Routers"; 1153 } 1154 leaf enable-hairpinning { 1155 type boolean; 1156 default "true"; 1157 description 1158 "Enables/disables support for locally forwarding 1159 (hairpinning) traffic between two CEs."; 1160 reference "Section 6.2 of RFC7596"; 1161 } 1162 container binding-table { 1163 description 1164 "binding table"; 1165 list binding-entry { 1166 key "binding-ipv6info"; 1167 description 1168 "binding entry"; 1169 uses binding-entry; 1170 } 1171 } 1172 container icmp-policy { 1173 description 1174 "The binding BR can be configured to process or drop 1175 incoming ICMP messages, and to generate outgoing ICMP 1176 error messages."; 1177 container icmpv4-errors { 1178 description 1179 "ICMPv4 error processing configuration"; 1180 leaf allow-incoming-icmpv4 { 1181 type boolean; 1182 default "true"; 1183 description 1184 "Enables the processing of incoming ICMPv4 1185 packets."; 1186 reference 1187 "RFC7596: Lightweight 4over6: An Extension to 1188 the Dual-Stack Lite Architecture"; 1189 } 1190 leaf icmpv4-rate { 1191 type uint32; 1192 description 1193 "Rate limit threshold in messages per-second 1194 for processing incoming ICMPv4 errors messages"; 1195 } 1196 leaf generate-icmpv4-errors { 1197 type boolean; 1198 default "true"; 1199 description 1200 "Enables the generation of outgoing ICMPv4 error 1201 messages on receipt of an inbound IPv4 packet 1202 with no matching binding table entry."; 1203 reference "Seciton 5.2 of RFC7596."; 1204 } 1205 } 1206 container icmpv6-errors { 1207 description 1208 "ICMPv6 error processing configuration"; 1209 leaf generate-icmpv6-errors { 1210 type boolean; 1211 default "true"; 1212 description 1213 "Enables the generation of ICMPv6 error messages if 1214 no matching binding table entry is found for a 1215 received packet."; 1216 reference "Section 6.2 of RFC7596."; 1217 } 1218 leaf icmpv6-rate { 1219 type uint32; 1220 description 1221 "Rate limit threshold in messages per-second 1222 for sending ICMPv6 errors messages"; 1223 reference "Section 9 of RFC7596."; 1224 } 1225 } 1226 } 1227 container traffic-stat { 1228 config false; 1229 description 1230 "Traffic statistics information for the BR."; 1231 leaf discontinuity-time { 1232 type yang:date-and-time; 1233 mandatory true; 1234 description 1235 "The time of the most recent occasion on which the BR 1236 instance suffered a discontinuity. This must be 1237 initialized when the BR instance is configured 1238 or rebooted."; 1239 } 1240 uses softwire-common:traffic-stat; 1241 leaf dropped-icmpv4-packets { 1242 type yang:zero-based-counter64; 1243 description 1244 "ICMPv4 packets that are dropped as a result 1245 of the ICMP policy. Typically, this can be any 1246 incoming ICMPv4 packets if ICMPv4 processing is 1247 disabled or incoming ICMPv4 packets that exceed 1248 the ICMPv4 rate-limit threshold. 1250 Discontinuities in the value of this counter can 1251 occur at re-initialization of the management 1252 system, and at other times as indicated by 1253 the value of 'discontinuity-time'."; 1254 } 1255 leaf dropped-icmpv4-bytes { 1256 type yang:zero-based-counter64; 1257 description 1258 "ICMPv4 messages, in bytes, that are dropped as 1259 a result of the ICMP policy. Typically, it 1260 can be any incoming ICMPv4 packets if ICMPv4 1261 processing is disabled or incoming ICMPv4 1262 packets that exceed the ICMPv4 rate-limit 1263 threshold. 1265 Discontinuities in the value of this counter can 1266 occur at re-initialization of the management 1267 system, and at other times as indicated by 1268 the value of 'discontinuity-time'."; 1269 } 1270 leaf hairpin-ipv4-packets { 1271 type yang:zero-based-counter64; 1272 description 1273 "IPv4 packets locally routed between two CEs 1274 (hairpinned). 1276 Discontinuities in the value of this counter can 1277 occur at re-initialization of the management 1278 system, and at other times as indicated by 1279 the value of 'discontinuity-time'."; 1280 } 1281 leaf hairpin-ipv4-bytes { 1282 type yang:zero-based-counter64; 1283 description 1284 "IPv4 bytes locally routed between two CEs 1285 (hairpinned). 1287 Discontinuities in the value of this counter can 1288 occur at re-initialization of the management 1289 system, and at other times as indicated by 1290 the value of 'discontinuity-time'."; 1291 } 1292 leaf active-softwire-num { 1293 type uint32; 1294 config false; 1295 description 1296 "The number of currently active softwires on the 1297 binding instance. 1299 Discontinuities in the value of this counter can 1300 occur at re-initialization of the management 1301 system, and at other times as indicated by 1302 the value of 'discontinuity-time'."; 1303 } 1304 } 1305 } 1306 } 1307 } 1308 case algo { 1309 if-feature "map-e or map-t"; 1310 container algorithm { 1311 description 1312 " A set of parameters used for MAP-E/MAP-T."; 1313 list algo-instance { 1314 key "name"; 1315 description 1316 "Instances of algorithm"; 1317 leaf name { 1318 type string; 1319 mandatory true; 1320 description 1321 "The name is used to uniquely identify an algorithm 1322 instance. 1324 This name can be automatically assigned 1325 or explicitly configured."; 1326 } 1327 uses softwire-common:algorithm-instance; 1328 container port-set { 1329 description 1330 "Indicates a set of ports."; 1331 uses port-set; 1332 } 1333 container traffic-stat { 1334 config false; 1335 description 1336 "Traffic statistics information for the BR."; 1337 leaf discontinuity-time { 1338 type yang:date-and-time; 1339 mandatory true; 1340 description 1341 "The time of the most recent occasion on which the BR 1342 instance suffered a discontinuity. This must be 1343 reset to the current date-and-time when the BR 1344 instance is configured or rebooted."; 1345 } 1346 uses softwire-common:traffic-stat; 1347 } 1348 } 1349 } 1350 } 1351 } 1352 } 1354 /* 1355 * Notifications 1356 */ 1358 notification softwire-binding-instance-event { 1359 if-feature "binding-mode"; 1360 description 1361 "Notifications for binding instance when an entry is 1362 added, modified, or is not valid anymore."; 1363 leaf bind-name { 1364 type leafref { 1365 path "/br-instances/binding/bind-instance/name"; 1366 } 1367 description 1368 "The name of the binding-instance that 1369 generated the notification."; 1370 } 1371 leaf-list invalid-entry { 1372 type leafref { 1373 path 1374 "/br-instances/binding/" 1375 + "bind-instance[name=current()/../bind-name]/" 1376 + "binding-table/binding-entry/binding-ipv6info"; 1377 } 1378 description 1379 "Notify the client that a specific binding entry has 1380 expired or is invalid. The binding-ipv6info identifies 1381 an entry."; 1382 } 1383 leaf-list added-entry { 1384 type inet:ipv6-address; 1385 description 1386 "Notify the client that a binding entry has been added. 1387 The ipv6 address of that entry is the index. The client 1388 gets other information from the binding BR about the entry 1389 indexed by that ipv6 address."; 1390 } 1391 leaf-list modified-entry { 1392 type leafref { 1393 path 1394 "/br-instances/binding/" 1395 + "bind-instance[name=current()/../bind-name]/" 1396 + "binding-table/binding-entry/binding-ipv6info"; 1397 } 1398 description 1399 "The binding-table entry that has been modified."; 1400 } 1401 } 1402 notification softwire-algorithm-instance-event { 1403 if-feature "map-e or map-t"; 1404 description 1405 "Notifications for algorithm instance when an entry is 1406 added, modified, or is not valid anymore."; 1407 leaf algo-name { 1408 type leafref { 1409 path "/br-instances/algorithm/algo-instance/name"; 1410 } 1411 mandatory true; 1412 description 1413 "algorithmic instance event."; 1414 } 1415 leaf-list invalid-entry { 1416 type leafref { 1417 path "/br-instances/algorithm/algo-instance/name"; 1418 } 1419 description 1420 "Invalid entry event."; 1421 } 1422 leaf-list added-entry { 1423 type leafref { 1424 path "/br-instances/algorithm/algo-instance/name"; 1425 } 1426 description 1427 "Added entry."; 1428 } 1429 leaf-list modified-entry { 1430 type leafref { 1431 path "/br-instances/algorithm/algo-instance/name"; 1432 } 1433 description 1434 "Modified entry."; 1435 } 1436 } 1438 } 1439 1441 8. Common Softwire Element Groups YANG Module 1443 This module imports typedefs from [RFC6991]. 1445 The following YANG module contains definitions that are used by both 1446 the softwire CE and softwire BR YANG modules. 1448 file "ietf-softwire-common@2019-01-11.yang" 1450 module ietf-softwire-common { 1451 yang-version 1.1; 1452 namespace "urn:ietf:params:xml:ns:yang:ietf-softwire-common"; 1453 prefix softwire-common; 1455 import ietf-inet-types { 1456 prefix inet; 1457 reference "Section 4 of RFC 6991"; 1458 } 1459 import ietf-yang-types { 1460 prefix yang; 1461 reference "Section 3 of RFC 6991"; 1462 } 1464 organization 1465 "IETF Softwire Working Group"; 1466 contact 1467 "WG Web: 1468 WG List: 1470 Author: Qi Sun 1471 1473 Author: Linhui Sun 1474 1476 Author: Yong Cui 1477 1479 Editor: Ian Farrer 1480 1482 Author: Sladjana Zoric 1483 1485 Editor: Mohamed Boucadair 1486 1488 Author: Rajiv Asati 1489 "; 1490 description 1491 "This document defines a YANG module defining types 1492 common to all A+P modules. 1494 Copyright (c) 2019 IETF Trust and the persons identified as 1495 authors of the code. All rights reserved. 1497 Redistribution and use in source and binary forms, with or 1498 without modification, is permitted pursuant to, and subject 1499 to the license terms contained in, the Simplified BSD License 1500 set forth in Section 4.c of the IETF Trust's Legal Provisions 1501 Relating to IETF Documents 1502 (http://trustee.ietf.org/license-info). 1504 This version of this YANG module is part of RFC XXXX; see 1505 the RFC itself for full legal notices."; 1507 revision 2019-01-11 { 1508 description 1509 "Initial revision."; 1510 reference 1511 "RFC XXXX: YANG Modules for IPv4-in-IPv6 Address plus Port 1512 Softwires"; 1513 } 1515 feature map-e { 1516 description 1517 "MAP-E is an IPv6 transition mechanism for transporting IPv4 1518 packets across an IPv6 network using IP encapsulation. MAP-E 1519 allows for a reduction of the amount of centralized state using 1520 rules to express IPv4/IPv6 address mappings. This introduces an 1521 algorithmic relationship between the IPv6 subnet and IPv4 1522 address. 1524 This feature indicates that the network element can function as 1525 one or more MAP-E softwire instances."; 1526 reference 1527 "RFC7597: Mapping of Address and Port with Encapsulation (MAP-E)"; 1528 } 1530 feature map-t { 1531 description 1532 "MAP-T is an IPv6 transition mechanism for transporting IPv4 1533 packets across an IPv6 network using IP translation. It leverages 1534 a double stateless NAT64 based solution as well as the stateless 1535 algorithmic address & transport layer port mapping algorithm 1536 defined for MAP-E. 1538 This feature indicates that the network element can function as 1539 one or more MAP-T softwire instances."; 1540 reference 1541 "RFC7599: Mapping of Address and Port using Translation (MAP-T)"; 1542 } 1544 /* 1545 * Groupings 1546 */ 1548 grouping algorithm-instance { 1549 description 1550 "A collection of parameters that is used fro MAP-E/MAP-T."; 1551 leaf enable { 1552 type boolean; 1553 description 1554 "Enable/disable an individual MAP-E or MAP-T rule."; 1555 } 1556 container algo-versioning { 1557 description 1558 "Version number for this algorithm instance"; 1559 leaf version { 1560 type uint64; 1561 description 1562 "A version number for the mapping algorithm 1563 rules provided to the algorithm instance"; 1564 } 1565 leaf date { 1566 type yang:date-and-time; 1567 description 1568 "Timestamp when the algorithm instance was activated. 1570 An algorithm instance may be provided with mapping 1571 rules that may change in time (for example, increase 1572 the size of the port set). When a party who is the victim 1573 of abuse presents an external IP address/port, the version 1574 of the algorithm is important because depending on 1575 the version, a distinct customer may be identified. 1577 The timestamp is used as a key to find the appropriate 1578 algorithm that was put into effect when an abuse 1579 occurred. "; 1580 reference 1581 "RFC7422: Deterministic Address Mapping to Reduce 1582 Logging in Carrier-Grade NAT Deployments"; 1583 } 1584 } 1585 choice data-plane { 1586 description 1587 "Selects MAP-E (encapsulation) or MAP-T 1588 (translation)"; 1589 case encapsulation { 1590 if-feature "map-e"; 1591 description 1592 "encapsulation for MAP-E"; 1593 leaf br-ipv6-addr { 1594 type inet:ipv6-address; 1595 mandatory true; 1596 description 1597 "The IPv6 address of the MAP-E BR."; 1598 } 1599 } 1600 case translation { 1601 if-feature "map-t"; 1602 description 1603 "translation for MAP-T"; 1604 leaf dmr-ipv6-prefix { 1605 type inet:ipv6-prefix; 1606 description 1607 "The IPv6 prefix of the MAP-T BR."; 1608 } 1609 } 1610 } 1611 leaf ea-len { 1612 type uint8; 1613 mandatory true; 1614 description 1615 "Embedded Address (EA) bits are the IPv4 EA-bits in the IPv6 1616 address identifying an IPv4 prefix/address (or part thereof) 1617 or a shared IPv4 address (or part thereof) and a port-set 1618 identifier. The length of the EA-bits is defined as part of 1619 a MAP rule for a MAP domain."; 1620 } 1621 leaf rule-ipv6-prefix { 1622 type inet:ipv6-prefix; 1623 mandatory true; 1624 description 1625 "The Rule IPv6 prefix defined in the mapping rule."; 1626 } 1627 leaf rule-ipv4-prefix { 1628 type inet:ipv4-prefix; 1629 mandatory true; 1630 description 1631 "The Rule IPv4 prefix defined in the mapping rule."; 1632 } 1633 leaf forwarding { 1634 type boolean; 1635 mandatory true; 1636 description 1637 "This parameter specifies whether the rule may be used for 1638 forwarding (FMR). If set, this rule is used as an FMR; 1639 if not set, this rule is a Basic Mapping Rule (BMR) only 1640 and must not be used for forwarding."; 1641 } 1642 } 1644 grouping traffic-stat { 1645 description 1646 "Traffic statistics"; 1647 leaf sent-ipv4-packets { 1648 type yang:zero-based-counter64; 1649 description 1650 "Number of decapsulated and forwarded IPv4 packets. 1652 Discontinuities in the value of this counter can occur 1653 at re-initialization of the management system, and at 1654 other times as indicated by the value of 1655 'discontinuity-time'."; 1656 } 1657 leaf sent-ipv4-bytes { 1658 type yang:zero-based-counter64; 1659 description 1660 "Decapsulated/translated IPv4 traffic sent, in bytes 1662 Discontinuities in the value of this counter can occur 1663 at re-initialization of the management system, and at 1664 other times as indicated by the value of 1665 'discontinuity-time'."; 1666 } 1667 leaf sent-ipv6-packets { 1668 type yang:zero-based-counter64; 1669 description 1670 "Number of encapsulated IPv6 packets sent. 1672 Discontinuities in the value of this counter can occur 1673 at re-initialization of the management system, and at 1674 other times as indicated by the value of 1675 'discontinuity-time'."; 1676 } 1677 leaf sent-ipv6-bytes { 1678 type yang:zero-based-counter64; 1679 description 1680 "Encapsulated IPv6 traffic sent, in bytes 1682 Discontinuities in the value of this counter can occur 1683 at re-initialization of the management system, and at 1684 other times as indicated by the value of 1685 'discontinuity-time'."; 1686 } 1687 leaf rcvd-ipv4-packets { 1688 type yang:zero-based-counter64; 1689 description 1690 "Number of IPv4 packets received. 1692 Discontinuities in the value of this counter can occur 1693 at re-initialization of the management system, and at 1694 other times as indicated by the value of 1695 'discontinuity-time'."; 1696 } 1697 leaf rcvd-ipv4-bytes { 1698 type yang:zero-based-counter64; 1699 description 1700 "IPv4 traffic received, in bytes. 1702 Discontinuities in the value of this counter can occur 1703 at re-initialization of the management system, and at 1704 other times as indicated by the value of 1705 'discontinuity-time'."; 1706 } 1707 leaf rcvd-ipv6-packets { 1708 type yang:zero-based-counter64; 1709 description 1710 "Number of IPv4-in-IPv6 packets received. 1712 Discontinuities in the value of this counter can occur 1713 at re-initialization of the management system, and at 1714 other times as indicated by the value of 1715 'discontinuity-time'."; 1716 } 1717 leaf rcvd-ipv6-bytes { 1718 type yang:zero-based-counter64; 1719 description 1720 "IPv4-in-IPv6 traffic received, in bytes. 1722 Discontinuities in the value of this counter can occur 1723 at re-initialization of the management system, and at 1724 other times as indicated by the value of 1725 'discontinuity-time'."; 1727 } 1728 leaf dropped-ipv4-packets { 1729 type yang:zero-based-counter64; 1730 description 1731 "Number of IPv4 packets dropped at the 1732 Internet-facing interface. 1734 Discontinuities in the value of this counter can occur 1735 at re-initialization of the management system, and at 1736 other times as indicated by the value of 1737 'discontinuity-time'."; 1738 } 1739 leaf dropped-ipv4-bytes { 1740 type yang:zero-based-counter64; 1741 description 1742 "IPv4 traffic dropped at the Internet-facing 1743 interface, in bytes. 1745 Discontinuities in the value of this counter can occur 1746 at re-initialization of the management system, and at 1747 other times as indicated by the value of 1748 'discontinuity-time'."; 1749 } 1750 leaf dropped-ipv6-packets { 1751 type yang:zero-based-counter64; 1752 description 1753 "Number of IPv4-in-IPv6 packets dropped. 1755 Discontinuities in the value of this counter can occur 1756 at re-initialization of the management system, and at 1757 other times as indicated by the value of 1758 'discontinuity-time'."; 1759 } 1760 leaf dropped-ipv6-bytes { 1761 type yang:zero-based-counter64; 1762 description 1763 "IPv4-in-IPv6 traffic dropped, in bytes. 1765 Discontinuities in the value of this counter can occur 1766 at re-initialization of the management system, and at 1767 other times as indicated by the value of 1768 'discontinuity-time'."; 1769 } 1770 leaf dropped-ipv4-fragments { 1771 type yang:zero-based-counter64; 1772 description 1773 "Number of fragmented IPv4 packets dropped. 1775 Discontinuities in the value of this counter can occur 1776 at re-initialization of the management system, and at 1777 other times as indicated by the value of 1778 'discontinuity-time'."; 1779 } 1780 leaf dropped-ipv4-fragment-bytes { 1781 type yang:zero-based-counter64; 1782 description 1783 "Fragmented IPv4 traffic dropped, in bytes. 1785 Discontinuities in the value of this counter can occur 1786 at re-initialization of the management system, and at 1787 other times as indicated by the value of 1788 'discontinuity-time'."; 1789 } 1790 leaf ipv6-fragments-reassembled { 1791 type yang:zero-based-counter64; 1792 description 1793 "Number of IPv6 fragments successfully reassembled. 1795 Discontinuities in the value of this counter can occur 1796 at re-initialization of the management system, and at 1797 other times as indicated by the value of 1798 'discontinuity-time'."; 1799 } 1800 leaf ipv6-fragments-bytes-reassembled { 1801 type yang:zero-based-counter64; 1802 description 1803 "IPv6 fragments successfully reassembled, in bytes. 1805 Discontinuities in the value of this counter can occur 1806 at re-initialization of the management system, and at 1807 other times as indicated by the value of 1808 'discontinuity-time'."; 1809 } 1810 leaf out-icmpv4-error-packets { 1811 type yang:zero-based-counter64; 1812 description 1813 "Internally generated ICMPv4 error packets. 1815 Discontinuities in the value of this counter can occur 1816 at re-initialization of the management system, and at 1817 other times as indicated by the value of 1818 'discontinuity-time'."; 1819 } 1820 leaf out-icmpv4-error-bytes { 1821 type yang:zero-based-counter64; 1822 description 1823 "Internally generated ICMPv4 error messages, in bytes. 1825 Discontinuities in the value of this counter can occur 1826 at re-initialization of the management system, and at 1827 other times as indicated by the value of 1828 'discontinuity-time'."; 1829 } 1830 leaf out-icmpv6-error-packets { 1831 type yang:zero-based-counter64; 1832 description 1833 "Internally generated ICMPv6 error packets. 1835 Discontinuities in the value of this counter can occur 1836 at re-initialization of the management system, and at 1837 other times as indicated by the value of 1838 'discontinuity-time'."; 1839 } 1840 leaf out-icmpv6-error-bytes { 1841 type yang:zero-based-counter64; 1842 description 1843 "Internally generated ICMPv6 error messages, in bytes. 1845 Discontinuities in the value of this counter can occur 1846 at re-initialization of the management system, and at 1847 other times as indicated by the value of 1848 'discontinuity-time'."; 1849 } 1850 } 1851 } 1852 1854 9. Security Considerations 1856 The YANG modules defined in this document is designed to be accessed 1857 via network management protocols such as NETCONF [RFC6241] or 1858 RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport 1859 layer, and the mandatory-to-implement secure transport is Secure 1860 Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the 1861 mandatory-to-implement secure transport is TLS [RFC8446]. 1863 The NETCONF access control model [RFC8341] provides the means to 1864 restrict access for particular NETCONF or RESTCONF users to a 1865 preconfigured subset of all available NETCONF or RESTCONF protocol 1866 operations and content. 1868 All data nodes defined in the YANG modules which can be created, 1869 modified, and deleted (i.e., config true, which is the default) are 1870 considered sensitive. Write operations (e.g., edit-config) applied 1871 to these data nodes without proper protection can negatively affect 1872 network operations. An attacker who is able to access the BR can 1873 undertake various attacks, such as: 1875 o Setting the value of 'br-ipv6-addr' on the CE to point to an 1876 illegitimate BR so that it can intercept all the traffic sent by a 1877 CE. Illegitimately intercepting users' traffic is an attack with 1878 severe implications on privacy. 1880 o Setting the MTU to a low value, which may increase the number of 1881 fragments ('softwire-payload-mtu'). 1883 o Disabling hairpinning (i.e., setting 'enable-hairpinning' to 1884 'false') to prevent communications between CEs. 1886 o Setting 'softwire-num-max' to an arbitrary high value, which may 1887 be exploited by a misbehaving user to perform a DoS on the binding 1888 BR by mounting a massive number of softwires. 1890 o Setting 'icmpv4-rate' or 'icmpv6-rate' to a low value, which may 1891 lead to the deactivation of ICMP messages handling. 1893 o Accessing to private data maintained by the BR (e.g., the binding 1894 table or the algorithm configuration). Such data can be misused 1895 to track the activity of a host. 1897 o Instructing the BR to install entries which in turn will induce a 1898 DDoS attack by means of the notifications generated by the BR. 1899 This DDoS can be softened by defining a notification interval, but 1900 given that this interval parameter can be disabled or set to a low 1901 value by the misbehaving entity, the same problem will be 1902 observed. 1904 Security considerations related to lw4o6, MAP-T, and MAP-E are 1905 discussed in [RFC7596], [RFC7597], and [RFC7599] respectively. 1907 Security considerations given in [RFC7950] are also applicable here. 1909 10. IANA Considerations 1911 This document requests IANA to assign a new tunnel type under the 1912 "tunnelType" sub-registry of the "ifType definitions" registry 1913 maintained at [TUNNELTYPE-IANA-REGISTRY] and use the following data 1914 for the new entry: 1916 Decimal: TDB1 1917 Name: aplusp 1918 Description: A+P encapsulation 1919 Reference: [RFC6346] 1921 This document requests IANA to register the following in the "ns" 1922 subregistry within the "IETF XML Registry" [RFC3688]: 1924 URI: urn:ietf:params:xml:ns:yang:ietf-softwire-ce 1925 Registrant Contact: The IESG. 1926 XML: N/A; the requested URI is an XML namespace. 1928 URI: urn:ietf:params:xml:ns:yang:ietf-softwire-br 1929 Registrant Contact: The IESG. 1930 XML: N/A; the requested URI is an XML namespace. 1932 URI: urn:ietf:params:xml:ns:yang:ietf-softwire-common 1933 Registrant Contact: The IESG. 1934 XML: N/A; the requested URI is an XML namespace. 1936 This document requests that IANA registers the following YANG modules 1937 in the "YANG Module Names" subregistry [RFC7950] within the "YANG 1938 Parameters" registry. 1940 name: ietf-softwire-ce 1941 namespace: urn:ietf:params:xml:ns:yang:ietf-softwire-ce 1942 prefix: softwire-ce 1943 reference: RFC XXXX 1945 name: ietf-softwire-br 1946 namespace: urn:ietf:params:xml:ns:yang:ietf-softwire-br 1947 prefix: softwire-br 1948 reference: RFC XXXX 1950 name: ietf-softwire-common 1951 namespace: urn:ietf:params:xml:ns:yang:ietf-softwire-common 1952 prefix: softwire-common 1953 reference: RFC XXXX 1955 11. Acknowledgements 1957 The authors would like to thank Lishan Li, Bert Wijnen, Giles Heron, 1958 Ole Troan, Andy Wingo and Leo Tietz for their contributions to this 1959 work. 1961 Thanks to Sheng Jiang for the review. 1963 Special thanks to Tom Petch and Martin Bjorklund for the detailed 1964 review and suggestions. 1966 12. Contributing Authors 1968 The following individuals are co-authors: 1970 Yong Cui 1971 Tsinghua University 1972 Beijing 100084 1973 P.R. China 1974 Phone: +86-10-6260-3059 1975 Email: cuiyong@tsinghua.edu.cn 1977 Qi Sun 1978 Tsinghua University 1979 Beijing 100084 1980 P.R. China 1981 Phone: +86-10-6278-5822 1982 Email: sunqi.ietf@gmail.com 1984 Linhui Sun 1985 Tsinghua University 1986 Beijing 100084 1987 P.R. China 1988 Phone: +86-10-6278-5822 1989 Email: lh.sunlinh@gmail.com 1991 Sladjana Zechlin 1992 Deutsche Telekom AG 1993 Landgrabenweg 151 1994 Bonn, NRW 53227 1995 Germany 1996 Email: sladjana.zechlin@telekom.de 1998 Rajiv Asati 1999 Cisco Systems, Inc. 2000 7025 Kit Creek Rd. 2001 RTP, NC 27709 2002 USA 2003 Email: Rajiva@cisco.com 2005 13. Contributors 2007 The following individual contributed to this document: 2009 Hao Wang 2010 Tsinghua University 2011 Beijing 100084 2012 P.R.China 2013 Phone: +86-10-6278-5822 2014 Email: wangh13@mails.tsinghua.edu.cn 2016 14. References 2018 14.1. Normative References 2020 [I-D.ietf-softwire-iftunnel] 2021 Boucadair, M., Farrer, I., and R. Asati, "Tunnel Interface 2022 Types YANG Module", draft-ietf-softwire-iftunnel-03 (work 2023 in progress), January 2019. 2025 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2026 DOI 10.17487/RFC3688, January 2004, 2027 . 2029 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2030 the Network Configuration Protocol (NETCONF)", RFC 6020, 2031 DOI 10.17487/RFC6020, October 2010, 2032 . 2034 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2035 and A. Bierman, Ed., "Network Configuration Protocol 2036 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2037 . 2039 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2040 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2041 . 2043 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2044 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2045 . 2047 [RFC7224] Bjorklund, M., "IANA Interface Type YANG Module", 2048 RFC 7224, DOI 10.17487/RFC7224, May 2014, 2049 . 2051 [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. 2052 Farrer, "Lightweight 4over6: An Extension to the Dual- 2053 Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, 2054 July 2015, . 2056 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 2057 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 2058 Port with Encapsulation (MAP-E)", RFC 7597, 2059 DOI 10.17487/RFC7597, July 2015, 2060 . 2062 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 2063 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 2064 Configuration of Softwire Address and Port-Mapped 2065 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 2066 . 2068 [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., 2069 and T. Murakami, "Mapping of Address and Port using 2070 Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 2071 2015, . 2073 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2074 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2075 . 2077 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2078 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2079 . 2081 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2082 Access Control Model", STD 91, RFC 8341, 2083 DOI 10.17487/RFC8341, March 2018, 2084 . 2086 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 2087 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 2088 . 2090 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2091 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2092 . 2094 [TUNNELTYPE-IANA-REGISTRY] 2095 Internet Assigned Numbers Authority, "tunnelType 2096 Definitions", . 2099 14.2. Informative References 2101 [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms 2102 for IPv6 Hosts and Routers", RFC 4213, 2103 DOI 10.17487/RFC4213, October 2005, 2104 . 2106 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 2107 Stack Lite Broadband Deployments Following IPv4 2108 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 2109 . 2111 [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to 2112 the IPv4 Address Shortage", RFC 6346, 2113 DOI 10.17487/RFC6346, August 2011, 2114 . 2116 [RFC7422] Donley, C., Grundemann, C., Sarawat, V., Sundaresan, K., 2117 and O. Vautrin, "Deterministic Address Mapping to Reduce 2118 Logging in Carrier-Grade NAT Deployments", RFC 7422, 2119 DOI 10.17487/RFC7422, December 2014, 2120 . 2122 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2123 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2124 . 2126 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 2127 and R. Wilton, "Network Management Datastore Architecture 2128 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 2129 . 2131 [RFC8344] Bjorklund, M., "A YANG Data Model for IP Management", 2132 RFC 8344, DOI 10.17487/RFC8344, March 2018, 2133 . 2135 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 2136 Routing Management (NMDA Version)", RFC 8349, 2137 DOI 10.17487/RFC8349, March 2018, 2138 . 2140 [RFC8512] Boucadair, M., Ed., Sivakumar, S., Jacquenet, C., 2141 Vinapamula, S., and Q. Wu, "A YANG Module for Network 2142 Address Translation (NAT) and Network Prefix Translation 2143 (NPT)", RFC 8512, DOI 10.17487/RFC8512, January 2019, 2144 . 2146 [RFC8513] Boucadair, M., Jacquenet, C., and S. Sivakumar, "A YANG 2147 Data Model for Dual-Stack Lite (DS-Lite)", RFC 8513, 2148 DOI 10.17487/RFC8513, January 2019, 2149 . 2151 Appendix A. Configuration Examples 2153 The following sections provide examples of how the softwire YANG 2154 modules can be used for configuring softwire elements. 2156 A.1. Configuration Example for a lw4o6 BR Binding-Table 2158 The lwAFTR maintains an address binding table which contains the 2159 following 3-tuples: 2161 o IPv6 Address for a single lwB4 2163 o Public IPv4 Address 2165 o Restricted port-set 2167 The entry has two functions: the IPv6 encapsulation of inbound IPv4 2168 packets destined to the lwB4 and the validation of outbound IPv4-in- 2169 IPv6 packets received from the lwB4 for de-capsulation. 2171 Consider an example for the following lw4o6 binding table entry: 2173 lwB4 Binding IPv6 Address: 2001:db8::1 2175 lwB4 Binding IPv4 Address: 192.0.2.1 2177 lwB4 PSID: 0x34 2179 lwB4 PSID Length 8 2181 BR IPv6 Address: 2001:db8:1::2 2182 2183 2184 2185 mybinding-instance 2186 2187 2188 2001:db8::1 2189 192.0.2.1 2190 2191 52 2192 8 2193 2194 2001:db8:1::2 2195 2196 2197 1024 2198 1540 2199 1500 2200 2201 2202 2204 Figure 3: lw4o6 Binding-Table Configuration XML 2206 A.2. Configuration Example for a MAP-E BR 2208 A MAP-E BR is configured with forward mapping rules for the CEs it is 2209 serving. In this example (taken from [RFC7597], Appendix A, Example 2210 2), the following parameters are required: 2212 o Rule IPv6 Prefix 2214 o Rule IPv4 Prefix 2216 o Rule EA-bit bit length 2218 o IPv6 Address of MAP-BR 2220 The mapping rule has two functions: identifying the destination CE 2221 IPv6 address for encapsulating inbound IPv4 packets and the 2222 validation of outbound IPv4-in-IPv6 packets received from the CE for 2223 de-capsulation. 2225 The transport type for the data plane also needs to be configured for 2226 encapsulation to enable MAP-E and forwarding needs to be enabled. 2228 Consider an example for the following MAP-E Forwarding Mapping Rule: 2230 Data plane: encapsulation 2232 Rule IPv6 Prefix: 2001:db8::/40 2234 Rule IPv4 Prefix: 192.0.2.0/24 2236 Rule EA-bit Length: 16 2238 BR IPv6 Address: 2001:db8:ffff::1 2240 Figure 4 provides the example MAP-E BR configuration xml. 2242 2243 2244 2245 myalgo-instance 2246 2247 2001:db8:ffff::1 2248 2249 16 2250 192.0.2.0/24 2251 2001:db8::/40 2252 true 2253 2254 6 2255 8 2256 2257 2258 2259 2261 Figure 4: MAP-E FMR Configuration XML 2263 A.3. lw4o6 CE Configuration Example 2265 This section provides XML examples for configuring a lw4o6 CE. 2266 Examples for routing and NAT44 are also provided for convienience. 2268 Consider an example for the following lw4o6 CE configuration: 2270 lwB4 Binding IPv6 Address: 2001:db8::1 2272 lwB4 Binding IPv4 Address: 192.0.2.1 2274 lwB4 PSID: 0x34 2276 lwB4 PSID Length 8 2277 BR IPv6 Address: 2001:db8:1::2 2279 2280 2281 2282 lw4o6-wan 2283 iana-tunnel-type:aplusp 2284 2286 2001:db8:1::2 2287 2288 2290 2001:db8::1 2291 2292 2293 2294 2296 Figure 5: lw4o6 CE Configuration XML 2298 In the example depicted in Figure 5, the interface name is defined 2299 for the softwire tunnel. This name is then referenced by the routing 2300 configuration for the IPv4 route. Figure 6 provides an example 2301 configuration for the CE's IPv4 routing, using the YANG module 2302 described in [RFC8349]. 2304 2305 2306 2307 2308 static 2309 v4 2310 2311 2313 2314 0.0.0.0/0 2315 2316 lw4o6-wan 2317 2318 2319 2320 2321 2322 2323 2324 2326 Figure 6: lw4o6 CE Routing Configuration XML 2328 Figure 7 provides an example configuration for the CE's NAPT44 2329 function, using the YANG module described in [RFC8512]. 2331 2332 2333 2334 2335 1 2336 2337 1 2338 2339 1 2340 192.0.2.1 2341 2342 2343 2344 6 2345 8 2346 52 2347 2348 2349 2350 1 2351 80 2353 2354 2355 2356 2357 1 2358 8 2359 2360 2361 6 2362 32 2363 2364 2365 17 2366 16 2367 2368 2369 2370 2371 1 2372 192.0.2.1/32 2373 192.168.1.0/24 2374 6 2375 2376 2377 2 2378 192.0.2.1/32 2379 192.168.1.0/24 2380 17 2381 2382 2383 3 2384 192.0.2.1/32 2385 192.168.1.0/24 2386 1 2387 2388 2389 2390 2391 2392 2394 Figure 7: lw4o6 NAT Configuration XML 2396 Authors' Addresses 2397 Ian Farrer (editor) 2398 Deutsche Telekom AG 2399 CTO-ATI, Landgrabenweg 151 2400 Bonn, NRW 53227 2401 Germany 2403 Email: ian.farrer@telekom.de 2405 Mohamed Boucadair (editor) 2406 Orange 2407 Rennes 35000 2408 France 2410 Email: mohamed.boucadair@orange.com