idnits 2.17.1 draft-jags-spring-sr-service-programming-yang-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 28 instances of too long lines in the document, the longest one being 9 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 294 has weird spacing: '...nstance uin...' == Line 325 has weird spacing: '...nstance uin...' == Line 486 has weird spacing: '...ce-name str...' == Line 493 has weird spacing: '...s-label rt-...' == Line 498 has weird spacing: '...rv6-sid srv...' == (6 more instances...) == The document doesn't use any RFC 2119 keywords, yet has text resembling RFC 2119 boilerplate text. -- The document date (July 12, 2021) is 1012 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-policy-11 == Outdated reference: A later version (-09) exists of draft-ietf-spring-sr-service-programming-04 Summary: 1 error (**), 0 flaws (~~), 10 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SPRING Working Group J. Rajamanickam 3 Internet-Draft K. Raza 4 Intended status: Standards Track Cisco Systems 5 Expires: January 13, 2022 D. Bernier 6 Bell Canada 7 G. Dawra 8 LinkedIn 9 C. Li 10 Huawei 11 July 12, 2021 13 YANG Data Model for SR Service Programming 14 draft-jags-spring-sr-service-programming-yang-02 16 Abstract 18 This document describes a YANG data model for Segment Routing (SR) 19 Service Programming. The model serves as a base framework for 20 configuring and managing an SR based service programming. 21 Additionally, this document specifies the model for a Service Proxy 22 for SR-unaware services. 24 The YANG modules in this document conform to the Network Management 25 Datastore Architecture (NMDA). 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on January 13, 2022. 44 Copyright Notice 46 Copyright (c) 2021 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (https://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 2. Specification of Requirements . . . . . . . . . . . . . . . . 3 63 3. YANG Model . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 65 3.2. Service Function Types . . . . . . . . . . . . . . . . . 4 66 3.3. SR Service Programming Types . . . . . . . . . . . . . . 5 67 3.4. SR Service Programming Base . . . . . . . . . . . . . . . 5 68 3.4.1. Configuration . . . . . . . . . . . . . . . . . . . . 6 69 3.4.2. Operational State . . . . . . . . . . . . . . . . . . 8 70 3.4.3. Notification . . . . . . . . . . . . . . . . . . . . 10 71 3.5. SR Service Proxy . . . . . . . . . . . . . . . . . . . . 10 72 3.5.1. Static Proxy . . . . . . . . . . . . . . . . . . . . 11 73 3.5.2. Dynamic Proxy . . . . . . . . . . . . . . . . . . . . 13 74 3.5.3. Masquerading Proxy . . . . . . . . . . . . . . . . . 14 75 4. YANG Specification . . . . . . . . . . . . . . . . . . . . . 15 76 4.1. Service Types . . . . . . . . . . . . . . . . . . . . . . 16 77 4.2. SR Service Programming Types . . . . . . . . . . . . . . 17 78 4.3. SR Service Programming Base . . . . . . . . . . . . . . . 22 79 4.4. SR Service Proxy . . . . . . . . . . . . . . . . . . . . 33 80 5. Security Considerations . . . . . . . . . . . . . . . . . . . 39 81 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 82 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 41 83 8. Normative References . . . . . . . . . . . . . . . . . . . . 41 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 43 86 1. Introduction 88 The Network Configuration Protocol (NETCONF) [RFC6241] is one of the 89 network management protocols that defines mechanisms to manage 90 network devices. YANG [RFC6020] is a modular language that 91 represents data structures in an XML tree format, and is used as a 92 data modeling language for the NETCONF. 94 Segment Routing is an architecture based on the source routing 95 paradigm that seeks the right balance between distributed 96 intelligence and centralized programmability. SR can be used with an 97 MPLS or an IPv6 data plane to steer packets through an ordered list 98 of instructions, called segments. These segments may encode simple 99 routing instructions for forwarding packets along a specific network 100 path, but also steer them through Virtual Network Function (VNF) or 101 physical service appliances available in the network. 103 In an SR network, each of these services, running either on a 104 physical appliance or in a virtual environment, are associated with a 105 segment identifier (SID). These service SIDs are then leveraged as 106 part of a SID-list to steer packets through the desired services in 107 the service chain. Service SIDs may be combined together in a SID- 108 list to achieve the service programming, but also with other types of 109 segments as defined in [RFC8402]. SR thus provides a fully 110 integrated solution for overlay, underlay and service programming. 111 Furthermore, the IPv6 instantiation of SR (SRv6) supports metadata 112 transportation in the Segment Routing header [RFC8754], either 113 natively in the tag field or with extensions such as TLVs. 115 This document describes how a service can be associated with a SID, 116 including legacy services with no SR capabilities, and how these 117 service SIDs are integrated within an SR policy. The definition of 118 an SR Policy and the traffic steering mechanisms are covered in 119 [I-D.ietf-spring-segment-routing-policy] and hence outside the scope 120 of this document. 122 This document introduces a YANG data model for the SR based service 123 programming configuration and management. Furthermore, this document 124 also covers the basic SR unaware behaviours as defined in 125 [I-D.ietf-spring-sr-service-programming]. 127 This document does not cover the following: 129 o SR-aware service specific management parameters 131 The model currently defines the following constructs that are used 132 for managing SR based service programming: 134 o Configuration 136 o Operational State 138 o Notifications 140 2. Specification of Requirements 142 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 143 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 144 document are to be interpreted as described in BCP 14 [RFC2119] 146 [RFC8174] when, and only when, they appear in all capitals, as shown 147 here. 149 3. YANG Model 151 3.1. Overview 153 This document defines the following four new YANG modules: 155 o ietf-service-function-types: Defines common service function types 157 o ietf-sr-service-programming-types: Defines common type definitions 158 used for SR based service programming YANG model 160 o ietf-sr-service-programming: Defines management model for SR based 161 service programming framework. This is a base and common 162 framework for both SR-aware and SR-unaware services. 164 o ietf-sr-service-programming-proxy: Defines management model for SR 165 service proxy for SR unaware services 167 The modelling in this document complies with the Network Management 168 Datastore Architecture (NMDA) defined in [RFC8342]. The operational 169 state data is combined with the associated configuration data in the 170 same hierarchy [RFC8407]. When protocol states are retrieved from 171 the NMDA operational state datastore, the returned states cover all 172 "config true" (rw) and "config false" (ro) nodes defined in the 173 schema. 175 In this document, when a simplified graphical representation of YANG 176 model is presented in a tree diagram, the meaning of the symbols in 177 these tree diagrams is defined in [RFC8340]. 179 In this document, the SR service programming YANG model is split 180 based on dynamic SID allocation and static SID allocation. In the 181 case of dynamic SID allocation, new SR service programming tree would 182 be used. In the case of static MPLS SID allocation for the SR 183 service programming, the existing SR MPLS YANG model [RFC9020] would 184 be augmented with the SR MPLS service programming specific 185 parameters. Similarly the static SRv6 base YANG model (TBD) would be 186 augmented with the SRv6 service programming specific parameters. 188 3.2. Service Function Types 190 A service is identified by (type, variant, instance). The type 191 represents the type of service functions (such as Firewall, DPI IPS 192 etc.), The variant value is a unique identifier which could identify 193 the vendor and its product informations, The instance is used to 194 refer to a specific instance of the same (service, variant). 196 We define a new YANG module ietf-service-function-types to specify 197 common definitions and types for service and service function. The 198 types and definitions are generic and hence can be used in any (SR 199 based or non-SR) YANG models. 201 The main definitions and types defined in ietf-service-function-types 202 module include: 204 o service-function-type: A new identity type to specify service 205 function types, such as firewall, dpi etc. Other identities can 206 be define by other modules in future. 208 3.3. SR Service Programming Types 210 The types required to model SR based service programming are defined 211 in a new module ietf-sr-service-programming-types. 213 The main types defined in this module includes: 215 o service-program-behaviour-type: Defines SR service program 216 behaviours like sr-aware, static-proxy etc... 218 o service-program-oper-status-type: Defines SR service programming 219 operational status. This includes the reason for down status as 220 well 222 o service-proxy-inner-pkt-type: Defines SR service proxy inner 223 packet types 225 3.4. SR Service Programming Base 227 The base model and framework for SR based service programming using 228 dynamic SID allocation is defined in a new module ietf-sr-service- 229 programming. 231 In the case of static MPLS SID allocation for the SR service 232 programming, the existing SR MPLS YANG model [RFC9020] would be 233 augmented with the SR MPLS service programming specific parameters. 235 In the case of static SRv6 based YANG model (TBD) would be augmented 236 with the SRv6 service programming specific parameters. 238 This module provides a common base for both the SR-aware and SR- 239 unaware service programming in terms of configuration, operation 240 state and notifications. 242 The ietf-sr-service-programming module hangs off main SR parent by 243 augmenting "/rt:routing/sr:segment-routing". 245 3.4.1. Configuration 247 This module defines some fundamental items required to configure SR 248 based service programming. In particular, it defines service program 249 provisioning as follows: 251 o service program behaviour: Defining a service program behaviour 253 o service offered: Defining a specific service (type, variant, 254 instance) offered this service programming 256 o Assigning a SR service SID: Defining SID data plane, method to 257 allocate the SID etc.. 259 o service program enablement: Administratively Enable/Disable a 260 service program 262 o SR services: Defining a base container which could be augmented to 263 define SR-aware or SR-unaware (via service-proxy) service specific 264 parameters 266 Following is a simplified graphical tree representation of the data 267 model for SR service programming (Dynamic SID allocation) base 268 configuration only 270 module: ietf-sr-service-programming 271 augment /rt:routing/sr:segment-routing: 272 +--rw service-programming 273 +--rw service-program* [name] 274 +--rw name -> /rt:routing/ 275 sr:segment-routing/ 276 sr-svc-pgm:service-programming/ 277 service-program/ 278 service-programming-info/ 279 service-name 280 +--rw sid-binding 281 | +--ro alloc-mode? sr-svc-pgm-types:sid-alloc-mode-type 282 | +--rw mpls 283 | | +--ro sid? rt-types:mpls-label 284 | +--rw srv6 285 | +--ro sid? srv6-types:srv6-sid 286 | +--rw locator? -> /rt:routing/sr:segment-routing/ 287 | srv6:srv6/locators/locator/name 288 +--rw service-programming-info 289 +--rw behaviour identityref 290 +--rw dataplane sr-svc-pgm-types:dataplane-type 291 +--rw service-name string 292 +--rw service-type identityref 293 +--rw service-variant string 294 +--rw service-instance uint32 295 +--rw admin-status? sr-svc-pgm-types:admin-status-type 296 +--rw sr-services 298 Figure 1: SR Service Programming Config Tree - Dynamic SID allocation 300 Following is a simplified graphical tree representation of the data 301 model for SR service programming (Static SR MPLS SID allocation) base 302 configuration only. In this case SR MPLS base YANG model has been 303 augmented to support SR service programming using static SR MPLS SID 304 allocation. This has been done for the user convince to program all 305 the SR service programming parameters from the based SR MPLS YANG 306 itself 308 module: ietf-sr-service-programming 309 augment /rt:routing/sr:segment-routing/sr-mpls:sr-mpls/sr-mpls:bindings: 310 +--rw mpls-static-service-programming 311 +--rw service-program* [name] 312 +--rw name -> /rt:routing/ 313 sr:segment-routing/ 314 sr-svc-pgm:service-programming/ 315 service-program/ 316 service-programming-info/ 317 service-name 318 +--rw sid rt-types:mpls-label 319 +--rw service-programming-info 320 +--rw behaviour identityref 321 +--ro dataplane? sr-svc-pgm-types:dataplane-type 322 +--rw service-name string 323 +--rw service-type identityref 324 +--rw service-variant string 325 +--rw service-instance uint32 326 +--rw admin-status? sr-svc-pgm-types:admin-status-type 327 +--rw sr-services 329 Figure 2: SR Service Programming Config Tree - Static SR MPLS SID 330 allocation 332 Following is a simplified graphical tree representation of the data 333 model for SR service programming (Static SRv6 SID allocation) base 334 configuration only. TBD (Once the based SRv6 static model is 335 available, this section will be filled) 337 3.4.2. Operational State 339 As per NMDA model, the state related to configuration items specified 340 in above section Section 3.4.1 can be retrieved from the same tree. 341 This section defines other operational state items related to SR 342 based service programming. 344 The operational state corresponding to an SR based service program 345 includes: 347 o Operational status: Provides detail information on the operational 348 state of the SR service program. 350 o statistics: Provides the statistics details such as number of 351 packets/bytes received, processed and dropped corresponding to a 352 SR service program. 354 Following is a simplified graphical tree representation of the data 355 model for the SR service programming base operational state (for 356 read-only items): 358 Dynamic SID allocation case: 360 module: ietf-sr-service-programming 361 augment /rt:routing/sr:segment-routing: 362 +--rw service-programming 363 +--rw service-program* [name] 364 +--rw service-programming-info 365 +--ro oper-status? identityref 366 +--ro statistics 367 +--ro in-packet-count? yang:counter64 368 +--ro in-bytes-count? yang:counter64 369 +--ro out-packet-count? yang:counter64 370 +--ro out-bytes-count? yang:counter64 371 +--ro in-drop-packet-count? yang:counter64 372 +--ro out-drop-packet-count? yang:counter64 374 Static SR MPLS SID allocation case: 376 module: ietf-sr-service-programming 377 augment /rt:routing/sr:segment-routing/sr-mpls:sr-mpls/sr-mpls:bindings: 378 +--rw mpls-static-service-programming 379 +--rw service-program* [name] 380 +--rw service-programming-info 381 +--ro oper-status? identityref 382 +--ro statistics 383 +--ro in-packet-count? yang:counter64 384 +--ro in-bytes-count? yang:counter64 385 +--ro out-packet-count? yang:counter64 386 +--ro out-bytes-count? yang:counter64 387 +--ro in-drop-packet-count? yang:counter64 388 +--ro out-drop-packet-count? yang:counter64 390 Static SRv6 SID allocation case: 392 TBD 394 Figure 3: SR Service Programming Operational State Tree 396 3.4.3. Notification 398 This model defines a list of notifications to inform an operator of 399 important events detected during the SR service programming 400 operation. These events are: 402 o SR service program operational state changes: This would also give 403 the reason for the state change when it is down 405 Following is a simplified graphical tree representation of the data 406 model for the SR service programming notification: 408 module: ietf-sr-service-programming 409 notifications: 410 +---n service-program-oper-status 411 +--ro name -> /rt:routing/sr:segment-routing/ 412 sr-svc-pgm:service-programming/ 413 service-program/name 414 +--ro oper-status -> /rt:routing/sr:segment-routing/ 415 sr-svc-pgm:service-programming/ 416 service-program/oper-status 418 Figure 4: SR Service Programming Notification Tree 420 3.5. SR Service Proxy 422 This document also defines a separate and new YANG data model for 423 Service Proxy for SR unaware services. The model defines the 424 configuration and operational state related to different proxy 425 behaviours defined earlier in ietf-sr-service-programming-types. The 426 model is defined in a new module ietf-sr-service-programming proxy. 428 To support SR service programming proxy for dynamic SID 429 allocation,this module augments the SR service program tree 430 (/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming/ sr- 431 svc-pgm:service-program/sr-svc-pgm:sr-services) as defined earlier in 432 ietf-sr-service-programming module. 434 To support SR service programming proxy for static SR MPLS SID 435 allocation, this module augments the base SR MPLS YANG mode defined 436 in the RFC [RFC9020] (/rt:routing/sr:segment-routing/sr-mpls:sr-mpls/ 437 sr-mpls:bindings/ sr-svc-pgm:mpls-static-service-programming/ sr-svc- 438 pgm:service-program/sr-svc-pgm:service-programming-info/ sr-svc- 439 pgm:sr-services:) 440 To support SR service programming proxy for static SRv6 SID 441 allocation, this module augments the base static SRv6 model - TBD 443 The following sections describe different types of proxy behaviours 444 and associated YANG modelling constructs. 446 3.5.1. Static Proxy 448 The static proxy is an SR endpoint behaviour for processing SR-MPLS 449 or SRv6 encapsulated traffic on behalf of an SR-unaware services. 451 The following parameters are required to provision the SR static 452 proxy: 454 o inner-packet-type: Inner packet type 456 o next-hop: Next hop Ethernet address (only for the inner type is 457 IPv4 or IPv6) 459 o out-interface-name: Local interface for sending traffic towards 460 the service Endpoint 462 o in-interface-name: Local interface receiving traffic coming back 463 from the service Endpoint 465 o packet-cache-info: SR information to be attached on the traffic 466 coming back from the service. This could be list of MPLS Label 467 stack or SRv6 SIDs 469 Following is a simplified graphical tree representation of the data 470 model for the SR static proxy: 472 Dynamic SID allocation case: 474 module: ietf-sr-service-programming-proxy 475 augment /rt:routing/sr:segment-routing/ 476 sr-svc-pgm:service-programming/ 477 sr-svc-pgm:service-program/ 478 sr-svc-pgm:service-programming-info/ 479 sr-svc-pgm:sr-services: 480 +--rw service-proxy 481 +--rw (proxy-type) 482 +--:(static) 483 +--rw static-proxy 484 +--rw inner-packet-type identityref 485 +--rw next-hop? yang:mac-address 486 +--rw out-interface-name string 487 +--rw in-interface-name string 488 +--rw packet-cache-info 489 +--rw (cache-type) 490 +--:(mpls) 491 | +--rw mpls-sids* [index] 492 | +--rw index uint8 493 | +--rw mpls-label rt-types:mpls-label 494 +--:(srv6) 495 +--rw ipv6-source-address? inet:ipv6-address 496 +--rw srv6-sids* [index] 497 +--rw index uint8 498 +--rw srv6-sid srv6-types:srv6-sid 500 Static SR MPLS SID allocation case: 502 module: ietf-sr-service-programming-proxy 503 augment /rt:routing/sr:segment-routing/ 504 sr-mpls:sr-mpls/sr-mpls:bindings/ 505 sr-svc-pgm:mpls-static-service-programming/ 506 sr-svc-pgm:service-program/ 507 sr-svc-pgm:service-programming-info/ 508 sr-svc-pgm:sr-services: 509 +--rw static-mpls-service-proxy 510 +--rw (proxy-type) 511 +--:(static) 512 +--rw static-proxy 513 +--rw inner-packet-type identityref 514 +--rw next-hop? yang:mac-address 515 +--rw out-interface-name string 516 +--rw in-interface-name string 517 +--rw packet-cache-info 518 +--rw (cache-type) 519 +--:(mpls) 520 | +--rw mpls-sids* [index] 521 | +--rw index uint8 522 | +--rw mpls-label rt-types:mpls-label 523 +--:(srv6) 524 +--rw ipv6-source-address? inet:ipv6-address 525 +--rw srv6-sids* [index] 526 +--rw index uint8 527 +--rw srv6-sid srv6-types:srv6-sid 529 Static SRv6 SID allocation case: 530 TDB 531 Figure 5: SR Static Proxy Tree 533 3.5.2. Dynamic Proxy 535 The dynamic proxy is an improvement over the static proxy that 536 dynamically learns the SR information before removing it from the 537 incoming traffic. The same information can be re-attached to the 538 traffic returning from the service Endpoints. The dynamic proxy 539 relies on the local caching. 541 The following parameters are required to provision the SR dynamic 542 proxy: 544 o out-interface-name: Local interface for sending traffic towards 545 the service Endpoint 547 o in-interface-name: Local interface receiving traffic coming back 548 from the service Endpoint 550 Following is a simplified graphical tree representation of the data 551 model for the SR static proxy: 553 Dynamic SID allocation case: 555 module: ietf-sr-service-programming-proxy 556 augment /rt:routing/sr:segment-routing/ 557 sr-svc-pgm:service-programming/ 558 sr-svc-pgm:service-program/ 559 sr-svc-pgm:service-programming-info/ 560 sr-svc-pgm:sr-services: 561 +--rw service-proxy 562 +--rw (proxy-type) 563 +--:(dynamic) 564 +--rw dynamic-proxy 565 +--rw out-interface-name string 566 +--rw in-interface-name string 568 Static SR MPLS SID allocation case: 570 module: ietf-sr-service-programming-proxy 571 augment /rt:routing/sr:segment-routing/ 572 sr-mpls:sr-mpls/sr-mpls:bindings/ 573 sr-svc-pgm:mpls-static-service-programming/ 574 sr-svc-pgm:service-program/ 575 sr-svc-pgm:service-programming-info/ 576 sr-svc-pgm:sr-services: 577 +--rw static-mpls-service-proxy 578 +--rw (proxy-type) 579 +--:(dynamic) 580 +--rw dynamic-proxy 581 +--rw out-interface-name string 582 +--rw in-interface-name string 584 Static SRv6 SID allocation case: 585 TBD 587 Figure 6: SR Dynamic Proxy Tree 589 3.5.3. Masquerading Proxy 591 The masquerading proxy is an SR endpoint behaviour for processing 592 SRv6 traffic on behalf of an SR-unaware service. This masquerading 593 behaviour is independent from the inner payload type. 595 The following parameters are required to provision the SR 596 masquerading proxy 598 o next-hop: Next hop Ethernet address 600 o out-interface-name: Local interface for sending traffic towards 601 the service Endpoint 603 o in-interface-name: Local interface receiving traffic coming back 604 from the service Endpoint 606 Following is a simplified graphical tree representation of the data 607 model for the SR masquerading proxy: 609 Dynamic SID allocation case: 611 module: ietf-sr-service-programming-proxy 612 augment /rt:routing/sr:segment-routing/ 613 sr-svc-pgm:service-programming/ 614 sr-svc-pgm:service-program/ 615 sr-svc-pgm:service-programming-info/ 616 sr-svc-pgm:sr-services: 617 +--rw service-proxy 618 +--rw (proxy-type) 619 +--:(masquerading) 620 +--rw masquerading-proxy 621 +--rw next-hop? yang:mac-address 622 +--rw out-interface-name string 623 +--rw in-interface-name string 625 Static SRv6 SID allocation case: 627 TBD 629 Figure 7: SR masquerading Proxy Tree 631 4. YANG Specification 633 Following are actual YANG definition for SR service programming 634 modules defined earlier in the document. 636 4.1. Service Types 638 Following are the Service Types definitions. 640 file "ietf-service-function-types.yang" --> 642 module ietf-service-function-types { 643 yang-version 1.1; 645 namespace "urn:ietf:params:xml:ns:yang:ietf-service-function-types"; 646 prefix "service-types"; 648 organization "IETF SPRING Working Group"; 650 contact 651 "WG Web: 652 WG List: 654 Editor: Jaganbabu Rajamanickam 655 657 Editor: Kamran Raza 658 660 Editor: Daniel Bernier 661 663 Editor: Gaurav Dawra 664 666 Editor: Cheng Li 667 "; 669 /* 670 * Below are the definition for the service types 671 * Any new service type could added by extending 672 * this identity 673 */ 674 identity service-function-type { 675 description 676 "Base identity from which specific service function 677 types are derived."; 678 } 680 identity firewall { 681 base service-function-type; 682 description 683 "Firewall Service type"; 684 } 686 identity dpi { 687 base service-function-type; 688 description 689 "Deep Packet Inspection Service type"; 690 } 692 identity napt44 { 693 base service-function-type; 694 description 695 "Network Address and Port Translation 44 696 Service type"; 697 } 699 identity classifier { 700 base service-function-type; 701 description 702 "classifier Service type"; 703 } 705 identity load-balancer { 706 base service-function-type; 707 description 708 "load-balancer Service type"; 709 } 711 identity ips { 712 base service-function-type; 713 description 714 "Intrusion Prevention System Service type (Ex: Snort)"; 715 } 717 } 719 721 Figure 8: ietf-service-function-types.yang 723 4.2. SR Service Programming Types 725 Following are the SR service programming specific types definitions. 727 file "ietf-sr-service-programming-types.yang" --> 729 module ietf-sr-service-programming-types { 730 yang-version 1.1; 732 namespace "urn:ietf:params:xml:ns:yang:ietf-sr-service-programming-types"; 733 prefix "sr-service-types"; 735 organization "IETF SPRING Working Group"; 737 contact 738 "WG Web: 739 WG List: 741 Editor: Jaganbabu Rajamanickam 742 744 Editor: Kamran Raza 745 747 Editor: Daniel Bernier 748 750 Editor: Gaurav Dawra 751 753 Editor: Cheng Li 754 "; 756 /* 757 * SR Service programming behaviour 758 */ 759 identity service-program-behaviour-type { 760 description 761 "Base identity for SR service programming behaviour"; 762 } 764 identity sr-aware { 765 base service-program-behaviour-type; 766 description 767 "SR aware native applications."; 768 } 770 identity static-proxy { 771 base service-program-behaviour-type; 772 description 773 "Static Proxy"; 774 } 776 identity dynamic-proxy { 777 base service-program-behaviour-type; 778 description 779 "Dynamic Proxy"; 780 } 782 identity Masquerading-proxy { 783 base service-program-behaviour-type; 784 description 785 "Masquerading Proxy"; 786 } 788 identity Masquerading-NAT-proxy { 789 base service-program-behaviour-type; 790 description 791 "Masquerading Proxy with NAT flavor"; 792 } 794 identity Masquerading-caching-proxy { 795 base service-program-behaviour-type; 796 description 797 "Masquerading Proxy with caching flavor"; 798 } 800 identity Masquerading-NAT-caching-proxy { 801 base service-program-behaviour-type; 802 description 803 "Masquerading Proxy with caching flavor"; 804 } 806 /* 807 * Below are the definition for the service proxy inner packet types 808 * Any new service proxy inner packet type could added by extending 809 * this identity 810 */ 811 identity service-proxy-inner-pkt-type { 812 description 813 "Base identity from which SR service proxy types are derived."; 814 } 816 identity Ethernet { 817 base service-proxy-inner-pkt-type; 818 description 819 "Expected inner packet type as Ethernet - derived from 820 service-proxy-inner-pkt-type"; 821 } 823 identity IPv4 { 824 base service-proxy-inner-pkt-type; 825 description 826 "Expected inner packet type as IPv4 - derived from 827 service-proxy-inner-pkt-type"; 828 } 830 identity IPv6 { 831 base service-proxy-inner-pkt-type; 832 description 833 "Expected inner packet type as IPv6 - derived from 834 service-proxy-inner-pkt-type"; 835 } 837 /* 838 * SR Service SID operational status 839 */ 840 identity service-program-oper-status-type { 841 description 842 "Base identity from which SR service program operational 843 status types are derived."; 844 } 846 identity up { 847 base service-program-oper-status-type; 848 description 849 "Service program status is operational"; 850 } 852 identity down-unknown { 853 base service-program-oper-status-type; 854 description 855 "Service program status is down because of unknown reason"; 856 } 858 identity sid-allocation-pending { 859 base service-program-oper-status-type; 860 description 861 "Service program status is down because of SID allocation is pending"; 862 } 864 identity sid-allocation-conflict { 865 base service-program-oper-status-type; 866 description 867 "Service program status is down because of SID conflict"; 868 } 870 identity sid-out-of-bound { 871 base service-program-oper-status-type; 872 description 873 "Service program status is down because of SID is out of bound"; 874 } 876 identity interface-down { 877 base service-program-oper-status-type; 878 description 879 "Service program status is down because of out/in interface is down"; 880 } 882 identity admin-forced-down { 883 base service-program-oper-status-type; 884 description 885 "Service program status is administratively forced down"; 886 } 888 /* 889 * Typedefs 890 */ 891 typedef admin-status-type { 892 type enumeration { 893 enum up { 894 description "Admin Up"; 895 } 896 enum down { 897 description "Admin Down"; 898 } 899 } 900 } 902 typedef dataplane-type { 903 type enumeration { 904 enum mpls { 905 description "MPLS dataplane"; 906 } 907 enum srv6 { 908 description "SRv6 dataplane"; 909 } 910 } 911 } 913 typedef sid-alloc-mode-type { 914 type enumeration { 915 enum static { 916 description "Static SID allocation"; 917 } 918 enum dynamic { 919 description "Dynamic SID allocation"; 920 } 921 } 922 } 923 } 925 927 Figure 9: ietf-sr-service-programming-types.yang 929 4.3. SR Service Programming Base 931 Following are the SR service programming base model definition. 933 file "ietf-sr-service-programming.yang" --> 935 module ietf-sr-service-programming { 936 yang-version 1.1; 938 namespace "urn:ietf:params:xml:ns:yang:ietf-sr-service-programming"; 939 prefix "sr-svc-pgm"; 941 import ietf-yang-types { 942 prefix "yang"; 943 } 945 import ietf-srv6-base { 946 prefix "srv6"; 947 } 949 import ietf-routing { 950 prefix rt; 951 reference "RFC 8349: A YANG Data Model for Routing 952 Management (NMDA Version)"; 953 } 955 import ietf-service-function-types { 956 prefix "service-types"; 957 } 959 import ietf-segment-routing { 960 prefix sr; 961 } 963 import ietf-segment-routing-mpls { 964 prefix srmpls; 966 } 968 import ietf-sr-service-programming-types { 969 prefix "sr-svc-pgm-types"; 970 } 972 import ietf-routing-types { 973 prefix "rt-types"; 974 } 976 import ietf-srv6-types { 977 prefix "srv6-types"; 978 } 980 organization "IETF SPRING Working Group"; 982 contact 983 "WG Web: 984 WG List: 986 Editor: Jaganbabu Rajamanickam 987 989 Editor: Kamran Raza 990 992 Editor: Daniel Bernier 993 995 Editor: Gaurav Dawra 996 998 Editor: Cheng Li 999 "; 1001 grouping service-statistics { 1003 container statistics { 1005 config false; 1006 description "Service statistics"; 1008 leaf in-packet-count { 1009 type yang:counter64; 1010 description 1011 "Total number of packets processed by this service"; 1012 } 1013 leaf in-bytes-count { 1014 type yang:counter64; 1015 description 1016 "Total number of bytes processed by this service"; 1017 } 1019 leaf out-packet-count { 1020 type yang:counter64; 1021 description 1022 "Total number of packets end out after processing by this service"; 1023 } 1025 leaf out-bytes-count { 1026 type yang:counter64; 1027 description 1028 "Total number of bytes end out after processing by this service"; 1029 } 1031 leaf in-drop-packet-count { 1032 type yang:counter64; 1033 description 1034 "Total number of packets dropped while processing by this service"; 1035 } 1037 leaf out-drop-packet-count { 1038 type yang:counter64; 1039 description 1040 "Total number of packets dropped while this service try to 1041 forward to its destination"; 1042 } 1043 } 1044 } 1046 grouping service-mpls-sid-binding { 1047 container mpls { 1048 description 1049 "MPLS Service SID binding Container"; 1051 when "../../service-programming-info/dataplane = 'mpls'"; 1053 leaf sid { 1054 config false; 1055 type rt-types:mpls-label; 1056 description 1057 "MPLS SID value."; 1058 } 1059 } 1060 } 1061 grouping service-srv6-sid-binding { 1062 container srv6 { 1063 description 1064 "SRv6 Service SID binding Container"; 1066 when "../../service-programming-info/dataplane = 'srv6'"; 1068 leaf sid { 1069 config false; 1070 type srv6-types:srv6-sid; 1071 description 1072 "SRv6 SID value."; 1073 } 1075 leaf locator { 1076 type leafref { 1077 path "/rt:routing/sr:segment-routing" 1078 + "/srv6:srv6/srv6:locators/srv6:locator/srv6:name"; 1079 } 1080 description 1081 "Reference to a SRv6 locator. This is valid only when 1082 the SID allocation mode is dynamic"; 1083 } 1084 } 1085 } 1087 grouping service-sid-binding { 1088 container sid-binding { 1089 description 1090 "Service SID binding Container"; 1092 leaf alloc-mode { 1093 config false; 1094 default dynamic; 1095 type sr-svc-pgm-types:sid-alloc-mode-type; 1096 description 1097 "Service SID allocation mode"; 1098 } 1100 uses service-mpls-sid-binding; 1101 uses service-srv6-sid-binding; 1102 } 1103 } 1105 grouping service-programming-infos { 1106 container service-programming-info { 1108 leaf behaviour { 1109 mandatory true; 1110 type identityref { 1111 base sr-svc-pgm-types:service-program-behaviour-type; 1112 } 1113 description 1114 "SR program behaviour"; 1115 } 1117 leaf dataplane { 1118 mandatory true; 1119 type sr-svc-pgm-types:dataplane-type; 1120 description 1121 "Service SID dataplane."; 1122 } 1124 leaf service-name { 1125 mandatory true; 1126 type string; 1127 description 1128 "Service program name to identify a specific program."; 1129 } 1131 leaf service-type { 1132 mandatory true; 1133 type identityref { 1134 base service-types:service-function-type; 1135 } 1136 description 1137 "Service-Type defined by IANA Service Type Table (STT). Like 1138 Firewall, DPI etc..."; 1139 } 1141 leaf service-variant { 1142 mandatory true; 1143 type string; 1144 description 1145 "This identifies the variant of the service. This value should 1146 be unique in the given network. Example Format: 1147 --."; 1148 } 1150 leaf service-instance { 1151 mandatory true; 1152 type uint32; 1153 description 1154 "Service instance which differentiates the same service -- e.g. 1155 same vendors Firewall service could have several instances 1156 available. This could be used to differentiate the VPN 1157 customers or for load sharing purposes."; 1158 } 1160 leaf admin-status { 1161 type sr-svc-pgm-types:admin-status-type; 1162 default down; 1163 description 1164 "Admin Status"; 1165 } 1167 leaf oper-status { 1168 config false; 1169 type identityref { 1170 base sr-svc-pgm-types:service-program-oper-status-type; 1171 } 1172 description 1173 "Service SID operational mode."; 1174 } 1176 uses service-statistics; 1178 container sr-services { 1180 description 1181 "Any SR-aware or AR-unaware services could augment this container"; 1182 reference "Segment Routing Service Programming Architecture."; 1183 } 1184 } 1185 } 1187 grouping service-programmings { 1188 container service-programming { 1189 description 1190 "service programming container. 1191 Any new services programming added could augment 1192 this container to support that specific services. 1193 Currently in this model, only service proxy 1194 is defined. (i.e) For example if 1195 a Firewall services needs to be added then 1196 they could augment this container and 1197 extend this model"; 1199 list service-program { 1200 key "name"; 1201 description 1202 "Service program is keyed by the service program name"; 1204 leaf name { 1205 mandatory true; 1206 type leafref { 1207 path "/rt:routing/sr:segment-routing/" 1208 + "sr-svc-pgm:service-programming/" 1209 + "sr-svc-pgm:service-program/" 1210 + "sr-svc-pgm:service-programming-info/" 1211 + "sr-svc-pgm:service-name"; 1212 } 1213 } 1215 uses service-sid-binding; 1216 uses service-programming-infos; 1217 } 1218 } 1219 } 1221 /* 1222 * MPLS/SRv6 SR service programming using dynamic SID allocation 1223 */ 1224 augment "/rt:routing/sr:segment-routing" { 1225 description 1226 "Augmenting the segment-routing to add SR service programming"; 1228 uses service-programmings; 1229 } 1231 /* 1232 * MPLS SR service programming using static MPLS binding SID 1233 */ 1234 augment "/rt:routing/sr:segment-routing/srmpls:sr-mpls/srmpls:bindings" { 1235 description 1236 "Augmenting the segment-routing MPLS static binding to add static 1237 MPLS SR service programming"; 1239 container mpls-static-service-programming { 1240 description 1241 "Augmenting the MPLS segment-routing bindings with the SR service 1242 programming"; 1243 list service-program { 1244 key "name"; 1245 description 1246 "Service program is keyed by the service program name"; 1248 leaf name { 1249 mandatory true; 1250 type leafref { 1251 path "/rt:routing/sr:segment-routing/" 1252 + "sr-svc-pgm:service-programming/" 1253 + "sr-svc-pgm:service-program/" 1254 + "sr-svc-pgm:service-programming-info/" 1255 + "sr-svc-pgm:service-name"; 1256 } 1257 } 1259 leaf sid { 1260 mandatory true; 1261 type rt-types:mpls-label; 1262 description 1263 "MPLS SID value."; 1264 } 1266 uses service-programming-infos { 1267 /* 1268 * In the case of MPLs static binding configuration 1269 * the dataplane is set to mpls and not allowed to 1270 * configure 1271 */ 1272 refine service-programming-info/dataplane { 1273 mandatory false; 1274 default mpls; 1275 config false; 1276 } 1277 } 1278 } 1279 } 1281 } 1283 /* 1284 * SRv6 SR service programming using static SRv6 binding SID 1285 */ 1286 augment "/rt:routing/sr:segment-routing/srv6:srv6/srv6:locators/srv6:locator" { 1287 description 1288 "Augmenting the segment-routing SRv6 static to add static binding to 1289 SRv6 SR service programming"; 1291 container end-AS { 1292 description 1293 "End.AS - Static Proxy SID behaviour"; 1294 list service-program { 1295 key "name"; 1296 description 1297 "Service program is keyed by the service program name"; 1299 leaf name { 1300 mandatory true; 1301 type leafref { 1302 path "/rt:routing/sr:segment-routing/" 1303 + "sr-svc-pgm:service-programming/" 1304 + "sr-svc-pgm:service-program/" 1305 + "sr-svc-pgm:service-programming-info/" 1306 + "sr-svc-pgm:service-name"; 1307 } 1308 } 1310 uses service-programming-infos { 1311 /* 1312 * In the case of SRv6 static binding configuration 1313 * the dataplane is set to mpls and not allowed to 1314 * configure 1315 */ 1316 refine service-programming-info/dataplane { 1317 config false; 1318 mandatory false; 1319 default srv6; 1320 } 1321 refine service-programming-info/behaviour { 1322 config false; 1323 //when "service-programming-info/dataplane = 'srv6'"; 1324 mandatory false; 1325 default sr-svc-pgm-types:static-proxy; 1326 } 1328 } 1329 } 1330 } 1332 container end-AD { 1333 description 1334 "End.AD - Dynamic Proxy SID behaviour"; 1335 list service-program { 1336 key "name"; 1337 description 1338 "Service program is keyed by the service program name"; 1340 leaf name { 1341 mandatory true; 1342 type leafref { 1343 path "/rt:routing/sr:segment-routing/" 1344 + "sr-svc-pgm:service-programming/" 1345 + "sr-svc-pgm:service-program/" 1346 + "sr-svc-pgm:service-programming-info/" 1347 + "sr-svc-pgm:service-name"; 1349 } 1350 } 1352 uses service-programming-infos { 1354 refine service-programming-info/dataplane { 1355 config false; 1356 mandatory false; 1357 default srv6; 1358 } 1359 refine service-programming-info/behaviour { 1360 //when "service-programming-info/dataplane = 'srv6'"; 1361 config false; 1362 mandatory false; 1363 default sr-svc-pgm-types:dynamic-proxy; 1364 } 1366 } 1367 } 1368 } 1370 container end-AM { 1371 description 1372 "End.AD - Masquerading Proxy SID behaviour"; 1373 list service-program { 1374 key "name"; 1375 description 1376 "Service program is keyed by the service program name"; 1378 leaf name { 1379 mandatory true; 1380 type leafref { 1381 path "/rt:routing/sr:segment-routing/" 1382 + "sr-svc-pgm:service-programming/" 1383 + "sr-svc-pgm:service-program/" 1384 + "sr-svc-pgm:service-programming-info/" 1385 + "sr-svc-pgm:service-name"; 1386 } 1387 } 1389 uses service-programming-infos { 1391 refine service-programming-info/dataplane { 1392 config false; 1393 mandatory false; 1394 default srv6; 1395 } 1396 refine service-programming-info/behaviour { 1397 //when "service-programming-info/dataplane = 'srv6'"; 1398 mandatory false; 1399 default sr-svc-pgm-types:Masquerading-proxy; 1400 } 1402 } 1403 } 1404 } 1406 } 1408 notification service-program-oper-status { 1409 description 1410 "This notification is sent when there is a change in the service 1411 program oper status."; 1412 leaf name { 1413 mandatory true; 1414 type leafref { 1415 path "/rt:routing/sr:segment-routing/" 1416 + "sr-svc-pgm:service-programming/" 1417 + "sr-svc-pgm:service-program/" 1418 + "sr-svc-pgm:name"; 1419 } 1420 description 1421 "Service program name to identify a specific programming."; 1422 } 1424 leaf oper-status { 1425 mandatory true; 1426 type leafref { 1427 path "/rt:routing/sr:segment-routing/" 1428 + "sr-svc-pgm:service-programming/" 1429 + "sr-svc-pgm:service-program/" 1430 + "sr-svc-pgm:service-programming-info/" 1431 + "sr-svc-pgm:oper-status"; 1432 } 1433 description 1434 "Service program operational status."; 1435 } 1437 } 1438 } 1440 1442 Figure 10: ietf-sr-service-programming.yang 1444 4.4. SR Service Proxy 1446 Following are the SR service programming service proxy model 1447 definition. 1449 file "ietf-sr-service-programming-proxy.yang" --> 1450 module ietf-sr-service-programming-proxy { 1451 yang-version 1.1; 1453 namespace "urn:ietf:params:xml:ns:yang:ietf-sr-service-programming-proxy"; 1454 prefix "sr-svc-proxy"; 1456 import ietf-yang-types { 1457 prefix yang; 1458 } 1460 import ietf-routing { 1461 prefix rt; 1462 reference "RFC 8349: A YANG Data Model for Routing 1463 Management (NMDA Version)"; 1464 } 1466 import ietf-inet-types { 1467 prefix "inet"; 1468 } 1470 import ietf-segment-routing { 1471 prefix sr; 1472 } 1474 import ietf-sr-service-programming { 1475 prefix "sr-svc-pgm"; 1476 } 1478 import ietf-sr-service-programming-types { 1479 prefix "sr-svc-pgm-types"; 1480 } 1482 import ietf-routing-types { 1483 prefix "rt-types"; 1484 } 1486 import ietf-srv6-types { 1487 prefix "srv6-types"; 1488 } 1490 import ietf-segment-routing-mpls { 1491 prefix sr-mpls; 1492 } 1494 organization "IETF SPRING Working Group"; 1496 contact 1497 "WG Web: 1498 WG List: 1500 Editor: Jaganbabu Rajamanickam 1501 1503 Editor: Kamran Raza 1504 1506 Editor: Daniel Bernier 1507 1509 Editor: Gaurav Dawra 1510 1512 Editor: Cheng Li 1513 "; 1515 grouping service-proxy-parameters { 1517 leaf out-interface-name { 1518 mandatory true; 1519 type string; 1520 description 1521 "Interface name on which the packet sent to the service endpoint"; 1522 } 1524 leaf in-interface-name { 1525 mandatory true; 1526 type string; 1527 description 1528 "Interface name on which the packet received from the service endpoint"; 1529 } 1530 } 1532 grouping mpls-packet-cache-info { 1533 description 1534 "MPLS Label stack"; 1536 list mpls-sids { 1537 key "index"; 1538 leaf index { 1539 type uint8 { 1540 range "1..16"; 1541 } 1542 description 1543 "cache index - MPLS Label stack index"; 1544 } 1546 leaf mpls-label { 1547 mandatory true; 1548 type rt-types:mpls-label; 1549 description 1550 "MPLS Label value."; 1551 } 1552 } 1553 } 1555 grouping srv6-packet-cache-info { 1556 description 1557 "SRv6 SID stack"; 1559 leaf ipv6-source-address { 1560 type inet:ipv6-address; 1561 description 1562 "IPv6 source address that needs in the case if SRv6."; 1563 } 1564 list srv6-sids { 1565 key "index"; 1567 leaf index { 1568 type uint8 { 1569 range "1..16"; 1570 } 1571 description 1572 "cache index - SRv6 SID index"; 1573 } 1575 leaf srv6-sid { 1576 mandatory true; 1577 type srv6-types:srv6-sid; 1578 description 1579 "SRv6 SID."; 1580 } 1581 } 1582 } 1584 grouping service-proxy-packet-cache-info { 1585 description 1586 "SRv6 Proxy header cache"; 1588 container packet-cache-info { 1590 choice cache-type { 1591 mandatory true; 1592 case mpls { 1594 when "/rt:routing/sr:segment-routing 1595 /sr-svc-pgm:service-programming 1596 /sr-svc-pgm:service-program 1597 /sr-svc-pgm:service-programming-info 1598 /sr-svc-pgm:dataplane = 'mpls'"; 1600 uses mpls-packet-cache-info; 1601 } 1602 case srv6 { 1604 when "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming 1605 /sr-svc-pgm:service-program 1606 /sr-svc-pgm:service-programming-info 1607 /sr-svc-pgm:dataplane = 'srv6'"; 1609 uses srv6-packet-cache-info; 1610 } 1611 } 1612 } 1613 } 1615 grouping static-service-proxy { 1616 container static-proxy { 1617 when "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming 1618 /sr-svc-pgm:service-program 1619 /sr-svc-pgm:service-programming-info 1620 /sr-svc-pgm:behaviour = 'static-proxy'"; 1621 description 1622 "Parameters related to static service proxy"; 1624 leaf inner-packet-type { 1625 mandatory true; 1626 type identityref { 1627 base sr-svc-pgm-types:service-proxy-inner-pkt-type; 1628 } 1629 description 1630 "Defines the expected inner packet type"; 1631 } 1633 leaf next-hop { 1634 when "(../inner-packet-type = 'IPv4' or ../inner-packet-type = 'IPv6')"; 1635 type yang:mac-address; 1636 description 1637 "Nexthop Ethernet address for inner packet type IPv4/IPv6"; 1638 } 1639 uses service-proxy-parameters; 1640 uses service-proxy-packet-cache-info; 1641 } 1642 } 1644 grouping dynamic-service-proxy { 1645 container dynamic-proxy { 1646 when "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming 1647 /sr-svc-pgm:service-program 1648 /sr-svc-pgm:service-programming-info 1649 /sr-svc-pgm:behaviour = 'dynamic-proxy'"; 1650 description 1651 "Parameters related to dynamic service proxy"; 1652 uses service-proxy-parameters; 1653 } 1654 } 1656 grouping masquerading-service-parameters { 1658 leaf next-hop { 1659 type yang:mac-address; 1660 description 1661 "Nexthop Ethernet address"; 1662 } 1663 uses service-proxy-parameters; 1664 } 1666 grouping masquerading-service-proxy { 1667 container masquerading-proxy { 1668 description 1669 "Parameters related to masquerading service proxy"; 1671 when "/rt:routing/sr:segment-routing 1672 /sr-svc-pgm:service-programming 1673 /sr-svc-pgm:service-program 1674 /sr-svc-pgm:service-programming-info 1675 /sr-svc-pgm:dataplane = 'srv6' and /rt:routing 1676 /sr:segment-routing/sr-svc-pgm:service-programming 1677 /sr-svc-pgm:service-program 1678 /sr-svc-pgm:service-programming-info 1679 /sr-svc-pgm:behaviour = 'Masquerading-proxy'"; 1681 uses masquerading-service-parameters; 1683 } 1684 } 1686 grouping service-proxy-programming { 1687 container service-proxy { 1689 choice proxy-type { 1690 mandatory true; 1691 case static { 1692 uses static-service-proxy; 1693 } 1694 case dynamic { 1695 uses dynamic-service-proxy; 1696 } 1697 case masquerading { 1698 uses masquerading-service-proxy; 1699 } 1700 } 1701 } 1703 } 1705 augment "/rt:routing/sr:segment-routing/ 1706 sr-svc-pgm:service-programming/ 1707 sr-svc-pgm:service-program/ 1708 sr-svc-pgm:service-programming-info/ 1709 sr-svc-pgm:sr-services" { 1710 description 1711 "Augmenting the segment-routing bindings to add SR-unaware 1712 service programming"; 1714 uses service-proxy-programming; 1715 } 1717 grouping static-mpls-service-proxy-programming { 1718 container static-mpls-service-proxy { 1720 choice proxy-type { 1721 mandatory true; 1722 case static { 1723 uses static-service-proxy; 1724 } 1725 case dynamic { 1726 uses dynamic-service-proxy; 1727 } 1728 } 1729 } 1731 } 1733 augment "/rt:routing/sr:segment-routing/ 1734 sr-mpls:sr-mpls/sr-mpls:bindings/ 1735 sr-svc-pgm:mpls-static-service-programming/ 1736 sr-svc-pgm:service-program/ 1737 sr-svc-pgm:service-programming-info/ 1738 sr-svc-pgm:sr-services" { 1739 uses static-mpls-service-proxy-programming; 1740 } 1742 } 1744 1746 Figure 11: ietf-sr-service-programming-proxy.yang 1748 5. Security Considerations 1750 The YANG module specified in this document defines a schema for data 1751 that is designed to be accessed via network management protocols such 1752 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1753 is the secure transport layer, and the mandatory-to-implement secure 1754 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 1755 is HTTPS, and the mandatory-to-implement secure transport is TLS 1756 [RFC8446]. 1758 The Network Configuration Access Control Model (NACM) [RFC8341] 1759 provides the means to restrict access for particular NETCONF or 1760 RESTCONF users to a preconfigured subset of all available NETCONF or 1761 RESTCONF protocol operations and content. 1763 There are a number of data nodes defined in this YANG module that are 1764 writable/creatable/ deletable (i.e., config true, which is the 1765 default). These data nodes may be considered sensitive or vulnerable 1766 in some network environments. Write operations (e.g., edit-config) 1767 to these data nodes without proper protection can have a negative 1768 effect on network operations. 1770 Some of the readable data nodes in this YANG module may be considered 1771 sensitive or vulnerable in some network environments. It is thus 1772 important to control read access (e.g., via get, get-config, or 1773 notification) to these data nodes. 1775 It goes without saying that this specification also inherits the 1776 security considerations captured in the SRv6 specification document 1777 [I-D.ietf-spring-sr-service-programming]. 1779 6. IANA Considerations 1781 This document requests the registration of the following URIs in the 1782 IETF "XML registry" [RFC3688]: 1784 +--------------------------------------------------+----------+-----+ 1785 | URI | Registra | XML | 1786 | | nt | | 1787 +--------------------------------------------------+----------+-----+ 1788 | urn:ietf:params:xml:ns:yang:ietf-service- | The IESG | N/A | 1789 | function-types | | | 1790 | urn:ietf:params:xml:ns:yang:ietf-sr-service- | The IESG | N/A | 1791 | programming-types | | | 1792 | | | | 1793 | urn:ietf:params:xml:ns:yang:ietf-sr-service- | The IESG | N/A | 1794 | programming | | | 1795 | urn:ietf:params:xml:ns:yang:ietf-sr-service- | The IESG | N/A | 1796 | programming-proxy | | | 1797 +--------------------------------------------------+----------+-----+ 1799 This document requests the registration of the following YANG modules 1800 in the "YANG Module Names" registry [RFC6020]: 1802 +---------------+--------------------------+----------------+-------+ 1803 | Name | Namespace | Prefix | Refer | 1804 | | | | ence | 1805 +---------------+--------------------------+----------------+-------+ 1806 | ietf-service- | urn:ietf:params:xml:ns:y | service- | This | 1807 | function- | ang:ietf-service- | function-types | docum | 1808 | types | function-types | | ent | 1809 | | | | | 1810 | ietf-sr- | urn:ietf:params:xml:ns:y | ietf-sr- | This | 1811 | service- | ang:ietf-sr-service- | service- | docum | 1812 | programming- | programming-types | programming- | ent | 1813 | types | | types | | 1814 | | | | | 1815 | ietf-sr- | urn:ietf:params:xml:ns:y | ietf-sr- | This | 1816 | service- | ang:ietf-sr-service- | service- | docum | 1817 | programming | programming | programming | ent | 1818 | | | | | 1819 | ietf-sr- | urn:ietf:params:xml:ns:y | ietf-sr- | This | 1820 | service- | ang:ietf-sr-service- | service- | docum | 1821 | programming- | programming-proxy | programming- | ent | 1822 | proxy | | proxy | | 1823 +---------------+--------------------------+----------------+-------+ 1825 -- RFC Editor: Replace "This document" with the document RFC number 1826 at time of publication, and remove this note. 1828 7. Acknowledgments 1830 The authors would like to acknowledge Francois Clad, Ketan 1831 Talaulikar, and Darren Dukes for their review of some of the contents 1832 in this document. 1834 8. Normative References 1836 [I-D.ietf-spring-segment-routing-policy] 1837 Filsfils, C., Talaulikar, K., Voyer, D., Bogdanov, A., and 1838 P. Mattes, "Segment Routing Policy Architecture", draft- 1839 ietf-spring-segment-routing-policy-11 (work in progress), 1840 April 2021. 1842 [I-D.ietf-spring-sr-service-programming] 1843 Clad, F., Xu, X., Filsfils, C., Bernier, D., Li, C., 1844 Decraene, B., Ma, S., Yadlapalli, C., Henderickx, W., and 1845 S. Salsano, "Service Programming with Segment Routing", 1846 draft-ietf-spring-sr-service-programming-04 (work in 1847 progress), March 2021. 1849 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1850 Requirement Levels", BCP 14, RFC 2119, 1851 DOI 10.17487/RFC2119, March 1997, 1852 . 1854 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1855 DOI 10.17487/RFC3688, January 2004, 1856 . 1858 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1859 the Network Configuration Protocol (NETCONF)", RFC 6020, 1860 DOI 10.17487/RFC6020, October 2010, 1861 . 1863 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1864 and A. Bierman, Ed., "Network Configuration Protocol 1865 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1866 . 1868 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1869 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1870 . 1872 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1873 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1874 . 1876 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1877 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1878 May 2017, . 1880 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1881 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1882 . 1884 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1885 Access Control Model", STD 91, RFC 8341, 1886 DOI 10.17487/RFC8341, March 2018, 1887 . 1889 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1890 and R. Wilton, "Network Management Datastore Architecture 1891 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1892 . 1894 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 1895 Decraene, B., Litkowski, S., and R. Shakir, "Segment 1896 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 1897 July 2018, . 1899 [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of 1900 Documents Containing YANG Data Models", BCP 216, RFC 8407, 1901 DOI 10.17487/RFC8407, October 2018, 1902 . 1904 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1905 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1906 . 1908 [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., 1909 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 1910 (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, 1911 . 1913 [RFC9020] Litkowski, S., Qu, Y., Lindem, A., Sarkar, P., and J. 1914 Tantsura, "YANG Data Model for Segment Routing", RFC 9020, 1915 DOI 10.17487/RFC9020, May 2021, 1916 . 1918 Authors' Addresses 1920 Jaganbabu Rajamanickam 1921 Cisco Systems 1923 Email: jrajaman@cisco.com 1925 Kamran Raza 1926 Cisco Systems 1928 Email: skraza@cisco.com 1930 Daniel Bernier 1931 Bell Canada 1933 Email: daniel.bernier@bell.ca 1935 Gaurav Dawra 1936 LinkedIn 1938 Email: gdawra.ietf@gmail.com 1939 Cheng Li 1940 Huawei 1942 Email: c.l@huawei.com