idnits 2.17.1 draft-wilton-intf-vlan-yang-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC7223]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 208 has weird spacing: '...ag-type dot...' == Line 269 has weird spacing: '...ag-type dot...' == Line 281 has weird spacing: '...ag-type dot...' == Line 290 has weird spacing: '...ag-type dot...' == Line 298 has weird spacing: '...ag-type dot...' == (1 more instance...) == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (March 9, 2015) is 3329 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC7224' is defined on line 1499, but no explicit reference was found in the text ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) -- Obsolete informational reference (is this intentional?): RFC 6536 (Obsoleted by RFC 8341) Summary: 2 errors (**), 0 flaws (~~), 9 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force R. Wilton, Ed. 3 Internet-Draft D. Ball 4 Intended status: Standards Track G. Heron 5 Expires: September 10, 2015 Cisco Systems 6 March 9, 2015 8 Interface VLAN YANG Data Models 9 draft-wilton-intf-vlan-yang-00 11 Abstract 13 This document defines a YANG configuration data model for the 14 management of VLAN sub-interfaces that augments the generic 15 interfaces data model defined in RFC 7223 [RFC7223]. It provides 16 support for basic tag matching to allow termination of an L2 VLAN 17 segement into L3 services. It also provides support for flexible 18 matching and rewriting of L2 header fields for L2 services. 20 The model differs from an IEEE 802.1Q VLAN derived model in that the 21 configuration is interface/sub-interface based as opposed to being 22 VLAN based. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on September 10, 2015. 41 Copyright Notice 43 Copyright (c) 2015 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 60 1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 61 2. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. 802.1Q Types . . . . . . . . . . . . . . . . . . . . . . . . 4 63 4. Interfaces Common Model . . . . . . . . . . . . . . . . . . . 4 64 5. L3 Interface VLAN Model . . . . . . . . . . . . . . . . . . . 5 65 6. Flexible Encapsulation Model . . . . . . . . . . . . . . . . 5 66 7. L2 BPDU Filtering . . . . . . . . . . . . . . . . . . . . . . 7 67 8. 802.1Q Types YANG Module . . . . . . . . . . . . . . . . . . 7 68 9. Interfaces Common YANG Module . . . . . . . . . . . . . . . . 13 69 10. L3 Interface VLAN YANG Module . . . . . . . . . . . . . . . . 16 70 11. Flexible Encapsulation YANG Module . . . . . . . . . . . . . 19 71 12. L2 BPDU filtering YANG Module . . . . . . . . . . . . . . . . 26 72 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 73 14. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 74 15. Security Considerations . . . . . . . . . . . . . . . . . . . 29 75 15.1. interfaces-common.yang . . . . . . . . . . . . . . . . . 29 76 15.2. if-l3-vlan.yang . . . . . . . . . . . . . . . . . . . . 29 77 15.3. flexible-encapsulation.yang . . . . . . . . . . . . . . 30 78 15.4. l2-bpdu-filtering.yang . . . . . . . . . . . . . . . . . 31 79 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 80 16.1. Normative References . . . . . . . . . . . . . . . . . . 32 81 16.2. Informative References . . . . . . . . . . . . . . . . . 32 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 84 1. Introduction 86 This document defines a YANG RFC 6020 [RFC6020] data model for the 87 management of network interfaces. It defines interface-type specific 88 extensions that augment the generic interfaces data model defined in 89 RFC 7223 [RFC7223] to support configuration for VLAN sub-interfaces 90 terminated to transport services at either layer 2 or layer 3. 92 It is defined as five separate YANG modules that each focus on a 93 particular area of functionality. The YANG modules defined in this 94 internet draft are: 96 dot1q-types.yang - Defines common types for identifying frames 97 using fields from the 802.1Q VLAN tag 99 interface-common.yang - Defines common extensions to the IETF 100 interface data model to support sub-interfaces 102 if-l3-vlan.yang - Defines the model for classifying L2 VLAN 103 traffic to L3 transport services 105 flexible-encapsulation.yang - Defines the model for flexible 106 classification of L2 traffic to L2 transport services 108 l2-bpdu-filtering.yang - Defines the model for implementing L2 109 BPDU filtering for VLAN services 111 1.1. Terminology 113 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 114 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 115 document are to be interpreted as described in RFC 2119 [RFC2119]. 117 1.2. Tree Diagrams 119 A simplified graphical representation of the data model is used in 120 this document. The meaning of the symbols in these diagrams is as 121 follows: 123 o Brackets "[" and "]" enclose list keys. 125 o Abbreviations before data node names: "rw" means configuration 126 (read-write), and "ro" means state data (read-only). 128 o Symbols after data node names: "?" means an optional node, "!" 129 means a presence container, and "*" denotes a list and leaf-list. 131 o Parentheses enclose choice and case nodes, and case nodes are also 132 marked with a colon (":"). 134 o Ellipsis ("...") stands for contents of subtrees that are not 135 shown. 137 2. Objectives 139 The aim of of the YANG models contained in this draft is to provide 140 the core model that is required to implement VLAN transport services 141 on router based devices. 143 The secondary aim is to make the model cleanly extensible, both to 144 handle greater depths of VLAN tag stacks if required, and also to 145 allow vendors to extend the model to include additional forms of tag 146 matching and rewriting if desired. 148 However, the intention is that it should not be necessary to have any 149 vendor specific extentions to any of the YANG models defined in this 150 document to implement standard Ethernet and VLAN services. 152 3. 802.1Q Types 154 The 802.1Q types YANG module contains type definitions for the basic 155 fields defined in an 802.1Q VLAN tag. It also provides YANG 156 groupings for identifying VLAN tags in various ways that can be used 157 by other YANG modules where required. 159 4. Interfaces Common Model 161 The Interfaces Common model provides some basic extentions to the 162 IETF interfaces YANG module for Ethernet and VLAN sub-interfaces. 164 The model provides: 166 o An encapsulation container and extensible choice statement for use 167 by any interface types that allow for configurable L2 168 encapsulations. 170 o A configurable L2 MTU leaf applicable to all packet/frame based 171 interfaces. 173 o A transport layer leaf to indicate whether the interface processes 174 the traffic at L2 or L3. 176 o A parent interface leaf useable for all types of sub-interfaces 177 that are bound to a particular parent interface. 179 The "interface-common" YANG module, has the following structure: 181 augment /if:interfaces/if:interface: 182 +--rw encapsulation 183 +--rw (encaps-type)? 184 augment /if:interfaces/if:interface: 185 +--rw l2-mtu? uint16 186 augment /if:interfaces/if:interface: 187 +--rw transport-layer? enumeration 188 augment /if:interfaces/if:interface: 189 +--rw parent-interface? if:interface-ref 191 5. L3 Interface VLAN Model 193 The L3 Interface VLAN model provides appropriate leaves for 194 terminating an 802.1Q VLAN tagged segment to a sub-interface based L3 195 service. It allows for terminating of traffic with up to two 802.1Q 196 VLAN tags. 198 The "if-l3-vlan" YANG module has the following structure: 200 augment /if:interfaces/if:interface/if-cmn:encapsulation/ 201 if-cmn:encaps-type: 202 +--:(vlan) 203 +--rw vlan 204 +--rw tags 205 +--rw tag* [index] 206 +--rw index uint8 207 +--rw dot1q-tag 208 +--rw tag-type dot1q-tag-type 209 +--rw vlan-id dot1q-vlan-id 211 6. Flexible Encapsulation Model 213 The Flexible Encapsulation model is designed to allow for the 214 flexible provisioning of layer 2 services. It provides the 215 capability to classify Ethernet/VLAN frames received on an Ethernet 216 trunk interface to sub-interfaces based on the fields available in 217 the layer 2 headers. Once classified to sub-interfaces, it provides 218 the capability to selectively modify fields within the layer 2 219 headers before the frame is handed off to the appropriate forwarding 220 code for further handling. 222 The model supports a common core set of layer 2 header matches based 223 on the 802.1Q tag type and VLAN Ids contained within the header up to 224 a tag stack depth of two tags. 226 The model supports flexible rewrites of the layer 2 frame header for 227 data frames as they are processed on the interface. It defines a set 228 of standard tag manipulations that allow for the insertion, removal, 229 or rewrite of one or two 802.1Q VLAN tags. The expectation is that 230 manipulations are generally implemented in a symmetrical fashion, 231 i.e. if a manipulation is performed on traffic ingressing an 232 interface then the reverse manipulation is always performed on 233 traffic egressing out of the same interface. However, the model also 234 allows for asymmetrical rewrites, which may be required to implement 235 some forwarding models (such as E-Tree). 237 The structure of the model is currently limited to matching or 238 rewriting a maximum of two 802.1Q tags in the frame header but has 239 been designed to be easily extensible to matching/rewriting three or 240 more VLAN tags in future, if required. 242 The final aim for the model design is for it to be cleanly extensible 243 to add in additional match and rewrite criteria of the layer 2 244 header, such as matching on the source or destination MAC address, 245 PCP or DEI fields in the 802.1Q tags, or the EtherType of the frame 246 payload. Rewrites can also be extended to allow for modification of 247 other fields within the layer 2 frame header. 249 The "flexible-encapsulation" YANG module has the following structure: 251 augment /if:interfaces/if:interface/if-cmn:encapsulation/ 252 if-cmn:encaps-type: 253 +--:(flexible) {flexible-encapsulation-rewrites}? 254 +--rw flexible 255 +--rw match 256 | +--rw (match-type) 257 | +--:(default) 258 | | +--rw default? empty 259 | +--:(untagged) 260 | | +--rw untagged? empty 261 | +--:(priority-tagged) 262 | | +--rw priority-tagged 263 | | +--rw tag-type? dot1q:dot1q-tag-type 264 | +--:(vlan-tagged) 265 | +--rw vlan-tagged 266 | +--rw tag* [index] 267 | | +--rw index uint8 268 | | +--rw dot1q-tag 269 | | +--rw tag-type dot1q-tag-type 270 | | +--rw vlan-id union 271 | +--rw match-exact-tags? empty 272 +--rw rewrite {flexible-rewrites}? 273 +--rw (direction)? 274 +--:(symmetrical) 275 | +--rw symmetrical 276 | +--rw tag-rewrite {tag-rewrites}? 277 | +--rw pop-tags? uint8 278 | +--rw push-tags* [index] 279 | +--rw index uint8 280 | +--rw dot1q-tag 281 | +--rw tag-type dot1q-tag-type 282 | +--rw vlan-id dot1q-vlan-id 283 +--:(asymmetrical) {asymmetric-rewrites}? 284 +--rw ingress 285 | +--rw tag-rewrite {tag-rewrites}? 286 | +--rw pop-tags? uint8 287 | +--rw push-tags* [index] 288 | +--rw index uint8 289 | +--rw dot1q-tag 290 | +--rw tag-type dot1q-tag-type 291 | +--rw vlan-id dot1q-vlan-id 292 +--rw egress 293 +--rw tag-rewrite {tag-rewrites}? 294 +--rw pop-tags? uint8 295 +--rw push-tags* [index] 296 +--rw index uint8 297 +--rw dot1q-tag 298 +--rw tag-type dot1q-tag-type 299 +--rw vlan-id dot1q-vlan-id 300 augment /if:interfaces/if:interface: 301 +--rw flexible-encapsulation 302 +--rw local-traffic-default-encaps 303 +--rw tag* [index] 304 +--rw index uint8 305 +--rw dot1q-tag 306 +--rw tag-type dot1q-tag-type 307 +--rw vlan-id dot1q-vlan-id 309 7. L2 BPDU Filtering 311 The L2 BPDU Filtering model adds a single configurable leaf to 312 specify that BPDU filtering is in operation on a trunk interface. 314 The "l2-bpdu-filtering" YANG module has the following structure: 316 augment /if:interfaces/if:interface: 317 +--rw bpdu 318 +--rw filtering? enumeration {bpdu-filtering}? 320 8. 802.1Q Types YANG Module 322 This YANG module has no external imports. 324 The expectation is that the raw 802.1Q VLAN tag fields types may end 325 up being standardized in IEEE rather than IETF. They are included 326 here to make the model complete. 328 However, the groupings that can be used to generally identify frames 329 based on the fields in the 802.1Q tag would seem to fit with wherever 330 the model resides. 332 file "dot1q-types@2015-02-26.yang" 333 module dot1q-types { 334 namespace "urn:ietf:params:xml:ns:yang:dot1q-types"; 335 prefix dot1q; 337 organization 338 "Cisco Systems, Inc. 339 Customer Service 341 Postal: 170 W Tasman Drive 342 San Jose, CA 95134 344 Tel: +1 1800 553-NETS 346 E-mail: cs-yang@cisco.com"; 348 contact 349 "Robert Wilton - rwilton@cisco.com"; 351 description 352 "This module contains a collection of generally useful YANG types 353 that are specific to 802.1Q VLANs that can be usefully shared 354 between multiple models. 356 Terms and Acronyms 358 802.1Q: IEEE 802.1Q VLANs 360 VLAN (vlan): Virtual Local Area Network 361 "; 363 revision 2015-02-26 { 364 description "Latest revision"; 366 reference "Internet-Draft draft-ietf-rwilton-vlan-yang-00.txt"; 367 } 369 typedef PCP { 370 type uint8 { 371 range "0..7"; 372 } 373 description 374 "Priority Code Point. PCP is a 3-bit field that refers to the 375 class of service applied to an 802.1Q VLAN tagged frame. The 376 field specifies a priority value between 0 and 7, these values 377 can be used by quality of service (QoS) to prioritize 378 different classes of traffic."; 379 reference "IEEE 802.1Q (2014)"; 380 } 382 /* 383 * Defines what it means to be an 802.1Q VLAN Id, where values 0 384 * and 4095 are reserved. 385 */ 386 typedef dot1q-vlan-id { 387 type uint16 { 388 range "1..4094"; 389 } 390 description "An 802.1Q VLAN Identifier"; 391 reference "IEEE 802.1Q (2014)"; 392 } 394 /* 395 * Defines the supported IEEE 802.1Q types that can be used for 396 * VLAN tag matching. 397 */ 398 identity dot1q-tag-vlan-type { 399 description "Base identity from which all 802.1Q VLAN tag types 400 are derived from"; 401 } 403 identity c-vlan { 404 base dot1q-tag-vlan-type; 405 description 406 "An 802.1Q Customer-VLAN tag, normally using the 0x8100 407 Ethertype"; 408 } 410 identity s-vlan { 411 base dot1q-tag-vlan-type; 412 description 413 "An 802.1Q Service-VLAN tag, using the 0x88a8 Ethertype 414 originally introduced in 802.1ad, and incorporated into 415 802.1Q (2011)"; 416 } 418 typedef dot1q-tag-type { 419 type identityref { 420 base "dot1q-tag-vlan-type"; 421 } 422 description "Identifies a specific 802.1Q tag type"; 423 reference "IEEE 802.1Q (2014)"; 424 } 426 /* 427 * Defines the type used to represent ranges of VLAN Ids. 428 * 429 * Ideally we would model that as a list of VLAN Ids in YANG, but 430 * the model is easier to use if this is just represented as a 431 * string. 432 * 433 * This type is used to match an ordered list of VLAN Ids, or 434 * contiguous ranges of VLAN Ids. Valid VLAN Ids must be in the 435 * range 1 to 4094, and included in the list in non overlapping 436 * ascending order. 437 * 438 * E.g. "1, 10-100, 50, 500-1000" 439 */ 440 typedef dot1q-vlan-id-ranges { 441 type string { 442 pattern "([0-9]{1,4}(-[0-9]{1,4})?(,[0-9]{1,4}" + 443 "(-[0-9]{1,4})?)*)"; 444 } 445 description "A list of VLAN Ids, or non overlapping VLAN ranges, 446 in ascending order, between 1 and 4094"; 447 } 449 /* 450 * A grouping which represents an 802.1Q VLAN tag, matching both 451 * the tag Ethertype and a single VLAN Id. The PCP and DEI fields 452 * in the 802.1Q tag are ignored for tag matching purposes. 453 */ 454 grouping dot1q-tag { 455 description "Grouping to allow configuration to identify a single 456 802.1Q VLAN tag"; 457 container dot1q-tag { 458 description "Identifies an 802.1Q VLAN tag with an explicit 459 tag-type and a single VLAN Id"; 460 leaf tag-type { 461 type dot1q-tag-type; 462 mandatory true; 463 description "VLAN tag type"; 464 } 465 leaf vlan-id { 466 type dot1q-vlan-id; 467 mandatory true; 468 description "VLAN Id"; 469 } 470 } 471 } 473 /* 474 * A grouping which represents an 802.1Q VLAN tag, matching both 475 * the tag Ethertype and a single VLAN Id or "any" to match on any 476 * VLAN Id. The PCP and DEI fields in the 802.1Q tag are ignored 477 * for tag matching purposes. 478 */ 480 grouping dot1q-tag-or-any { 481 description "Grouping to allow configuration to identify a single 482 802.1Q VLAN tag or the 'any' value to match any VLAN 483 Id not matched by a more specific VLAN Id match"; 484 container dot1q-tag { 485 description "Identifies an 802.1Q VLAN tag with an explicit 486 tag-type and a single VLAN Id, or 'any' VLAN Id"; 487 leaf tag-type { 488 type dot1q-tag-type; 489 mandatory true; 490 description "VLAN tag type"; 491 } 492 leaf vlan-id { 493 type union { 494 type dot1q-vlan-id; 495 type enumeration { 496 enum "any" { 497 value 4096; 498 description 499 "Matches 'any' VLAN tag in the range 1 to 4094 that 500 is not matched by a more specific VLAN Id match"; 501 } 502 } 503 } 504 mandatory true; 505 description "VLAN Id or any"; 506 } 507 } 508 } 510 /* 511 * A grouping which represents an 802.1Q tag that matches a range 512 * of VLAN Ids. The PCP and DEI fields in the 802.1Q tag are 513 * ignored for tag matching purposes. 514 */ 515 grouping dot1q-tag-ranges { 516 description "Grouping to allow configuration to identify an 517 802.1Q VLAN tag that matches any VLAN Id within a 518 set of non overlapping VLAN Id ranges"; 519 container dot1q-tag { 520 description "Identifies an 802.1Q VLAN tag with an explicit 521 tag-type and and a range of VLAN Ids"; 522 leaf tag-type { 523 type dot1q-tag-type; 524 mandatory true; 525 description "VLAN tag type"; 526 } 527 leaf vlan-ids { 528 type dot1q-vlan-id-ranges; 529 mandatory true; 530 description "VLAN Ids"; 531 } 532 } 533 } 535 /* 536 * A grouping which represents an 802.1Q VLAN tag, matching both 537 * the tag Ethertype and a single VLAN Id, ordered list of ranges, 538 * or "any" to match on any VLAN Id. The PCP and DEI fields in the 539 * 802.1Q tag are ignored for tag matching purposes. 540 */ 541 grouping dot1q-tag-ranges-or-any { 542 description "Grouping to allow configuration to identify an 543 802.1Q VLAN tag that matches any specific VLAN Id 544 within a set of non overlapping VLAN Id ranges, or 545 the 'any' value to match any VLAN Id"; 546 container dot1q-tag { 547 description "Identifies an 802.1Q VLAN tag with an explicit 548 tag-type, an ordered list of VLAN Id ranges, or 549 'any' VLAN Id"; 550 leaf tag-type { 551 type dot1q-tag-type; 552 mandatory true; 553 description "VLAN tag type"; 554 } 555 leaf vlan-id { 556 type union { 557 type dot1q-vlan-id-ranges; 558 type enumeration { 559 enum "any" { 560 description "Matches 'any' VLAN tag in the range 1 to 561 4094"; 562 } 563 } 564 } 565 mandatory true; 566 description "VLAN Ids or any"; 567 } 568 } 569 } 570 } 571 573 9. Interfaces Common YANG Module 575 This YANG module augments the interface container defined in RFC 7223 576 [RFC7223] 578 file "interfaces-common@2015-02-26.yang" 579 module interfaces-common { 580 namespace "urn:ietf:params:xml:ns:yang:interfaces-common"; 581 prefix if-cmn; 583 import ietf-interfaces { 584 prefix if; 585 } 587 import iana-if-type { 588 prefix ianaift; 589 } 591 organization 592 "Cisco Systems, Inc. 593 Customer Service 595 Postal: 170 W Tasman Drive 596 San Jose, CA 95134 598 Tel: +1 1800 553-NETS 600 E-mail: cs-yang@cisco.com"; 602 contact 603 "Robert Wilton - rwilton@cisco.com"; 605 description 606 "This module contains common definitions for extending the IETF 607 interface YANG model (RFC 7223) with common configurable layer 2 608 properties"; 610 revision 2015-02-26 { 611 description "Latest revision"; 613 reference "Internet-Draft draft-ietf-rwilton-vlan-yang-00.txt"; 614 } 616 /* 617 * Various types of interfaces support a configurable layer 2 618 * encapsulation, any that are supported by YANG should be 619 * listed here. 620 * 621 * Different encapsulations can hook into the common encaps-type 622 * choice statement. 623 */ 624 augment "/if:interfaces/if:interface" { 625 when "if:type = 'ianaift:ethernetCsmacd' or 626 if:type = 'ianaift:ieee8023adLag' or 627 if:type = 'ianaift:l2vlan'" { 628 description "All interface types that can have a configurable 629 L2 encapsulation"; 630 } 631 description "Add encapsulation top level node to interface types 632 that support a configurable L2 encapsulation"; 634 container encapsulation { 635 description 636 "Holds the L2 encapsulation associated with an interfaces"; 637 choice encaps-type { 638 description "Extensible choice of L2 encapsulations"; 639 } 640 } 641 } 643 /* 644 * Various types of interfaces support a configurable layer 2 645 * MTU, all of them that are supported by YANG should be 646 * listed here. 647 */ 648 augment "/if:interfaces/if:interface" { 649 when "if:type = 'ianaift:ethernetCsmacd' or 650 if:type = 'ianaift:ieee8023adLag' or 651 if:type = 'ianaift:l2vlan'" { 652 description "All interface types that can have a configurable 653 layer 2 MTU"; 654 } 655 description "Add configurable layer-2 MTU to all appropriate 656 interface types"; 658 leaf l2-mtu { 659 type uint16 { 660 range "64 .. 65535"; 661 } 662 description 663 "The maximum size of layer 2 frame that may be transmitted 664 or received on the interface (excluding any FCS overhead). 665 In the case of Ethernet interfaces it also excludes the 666 4-8 byte overhead of any known (i.e. explicitly matched by 667 a child sub-interface) 801.1Q VLAN tags."; 668 } 670 } 672 /* 673 * Augments the IETF interfaces model with a leaf that indicates 674 * whether traffic is to be transported as layer 2 or layer 3. 675 * 676 * All interface types that explicitly support forwarding frames 677 * at layer 2 and that are supported by YANG should be listed here. 678 * 679 * Different encapsulation can hook into the common encaps-type 680 * choice statement. 681 */ 682 augment "/if:interfaces/if:interface" { 683 when "if:type = 'ianaift:ethernetCsmacd' or 684 if:type = 'ianaift:ieee8023adLag' or 685 if:type = 'ianaift:l2vlan'" { 686 description "Any interface types that support layer 2 transport 687 services"; 688 } 689 description "Add a top level node to appropriate interfaces to 690 indicate which tranport layer an interface is 691 operating at"; 693 leaf transport-layer { 694 type enumeration { 695 enum layer-2 { 696 value 2; 697 description "Layer 2 transport"; 698 } 699 enum layer-3 { 700 value 3; 701 description "Layer 3 transport"; 702 } 703 } 704 default layer-3; 705 description 706 "The transport layer at which the interface is operating at"; 707 } 708 } 710 /* 711 * Add generic support for sub-interfaces. 712 * 713 * This should be extended to cover all interface types that are 714 * child interfaces of other interfaces. 715 */ 716 augment "/if:interfaces/if:interface" { 717 when "if:type = 'ianaift:l2vlan'" { 718 description "Any sub-interfaces"; 719 } 720 description "Add a parent interface field to interfaces to model 721 sub-interfaces"; 722 leaf parent-interface { 723 type if:interface-ref; 724 /* 725 * TODO - How to make this mandatory without using the 726 * mandatory keyword. 727 * - Current options appear to be: 728 * - Possibly define a feature "parented-sub-interfaces". 729 * - Create a sub-interface container with presence. 730 * - Enforce the constraint with a must statement. 731 */ 732 //mandatory true; 733 description 734 "This is the mandatory reference to the parent interface of 735 this sub-interface."; 736 } 737 } 738 } 739 741 10. L3 Interface VLAN YANG Module 743 This YANG module augments the encapsultion container defined in the 744 Interfaces Common YANG Module (Section 9) 746 file "if-l3-vlan@2015-02-26.yang" 747 module if-l3-vlan { 748 namespace "urn:ietf:params:xml:ns:yang:if-l3-vlan"; 749 prefix if-l3-vlan; 751 import ietf-interfaces { 752 prefix if; 753 } 755 import iana-if-type { 756 prefix ianaift; 757 } 759 import dot1q-types { 760 prefix dot1q; 761 } 763 import interfaces-common { 764 prefix if-cmn; 765 } 766 organization 767 "Cisco Systems, Inc. 768 Customer Service 770 Postal: 170 W Tasman Drive 771 San Jose, CA 95134 773 Tel: +1 1800 553-NETS 775 E-mail: cs-yang@cisco.com"; 777 contact 778 "Robert Wilton - rwilton@cisco.com"; 780 description 781 "This YANG module models L3 VLAN sub-interfaces 782 "; 784 revision 2015-02-26 { 785 description "Latest revision"; 787 reference "Internet-Draft draft-ietf-rwilton-vlan-yang-00.txt"; 788 } 790 feature l3-vlan-sub-interfaces { 791 description 792 "This feature indicates that the device supports L3 VLAN 793 sub-interfaces"; 794 } 796 /* 797 * Add support for the 802.1Q VLAN encapsulation syntax on layer 3 798 * terminated VLAN sub-interfaces. 799 */ 800 augment "/if:interfaces/if:interface/if-cmn:encapsulation/" + 801 "if-cmn:encaps-type" { 802 when "../../if:type = 'ianaift:l2vlan' and 803 ../../if-cmn:transport-layer = 'layer-3'" { 804 description "Applies only to VLAN sub-interfaces that are 805 operating at layer 3"; 806 } 807 if-feature l3-vlan-sub-interfaces; 808 description "Augment the generic interface encapsulation with an 809 encapsulation for layer 3 VLAN sub-interfaces"; 811 /* 812 * Matches a VLAN, or pair of VLAN Ids to classify traffic 813 * into an L3 service. 815 */ 816 case vlan { 817 container vlan { 818 description 819 "Match VLAN tagged frames with specific VLAN Ids"; 820 container tags { 821 description "Matches frames tagged with specific VLAN Ids"; 822 list tag { 823 key "index"; 824 min-elements 1; 825 max-elements 2; 826 description "The tags to match, with the outermost tag to 827 match with index 0"; 828 leaf index { 829 type uint8 { 830 range "0..1"; 831 } 833 /* 834 * Only allow matching on an inner tag (at index 1), if 835 * also matching on the outer tag at the same time. 836 */ 837 must "index = 0 or 838 count(../../tag[index = 0]/index) > 0" { 839 error-message 840 "An inner tag can only be matched on when also 841 matching on an outer tag"; 842 description 843 "Only allow matching on an inner tag, if also 844 matching on the outer tag at the same time"; 845 } 846 description 847 "The index into the tag stack, outermost tag first"; 848 } 850 uses dot1q:dot1q-tag; 851 } 852 } 853 } 854 } 855 } 856 } 857 859 11. Flexible Encapsulation YANG Module 861 This YANG module augments the encapsultion container defined in the 862 Interfaces Common YANG Module (Section 9). 864 This YANG module also augments the interface container defined in 865 RFC 7223 [RFC7223]. 867 file "flexible-encapsulation@2015-02-26.yang" 868 module flexible-encapsulation { 869 namespace "urn:ietf:params:xml:ns:yang:flexible-encapsulation"; 870 prefix flex; 872 import ietf-interfaces { 873 prefix if; 874 } 876 import iana-if-type { 877 prefix ianaift; 878 } 880 import interfaces-common { 881 prefix if-cmn; 882 } 884 import dot1q-types { 885 prefix dot1q; 886 } 888 organization 889 "Cisco Systems, Inc. 890 Customer Service 892 Postal: 170 W Tasman Drive 893 San Jose, CA 95134 895 Tel: +1 1800 553-NETS 897 E-mail: cs-yang@cisco.com"; 899 contact 900 "Robert Wilton - rwilton@cisco.com"; 902 description 903 "This YANG module describes interface configuration for flexible 904 VLAN matches and rewrites."; 906 revision 2015-02-26 { 907 description "Latest revision"; 909 reference "Internet-Draft draft-ietf-rwilton-vlan-yang-00.txt"; 910 } 912 feature flexible-encapsulation-rewrites { 913 description 914 "This feature indicates whether the network element supports 915 flexible Ethernet encapsulation that allows for matching VLAN 916 ranges and performing independent tag manipulations"; 917 } 919 feature flexible-rewrites { 920 description 921 "This feature indicates whether the network element supports 922 specifying flexible rewrite operations"; 923 } 925 feature asymmetric-rewrites { 926 description 927 "This feature indicates whether the network element supports 928 specifying different rewrite operations for the ingress 929 rewrite operation and egress rewrite operation."; 930 } 932 feature tag-rewrites { 933 description 934 "This feature indicates whether the network element supports 935 the flexible rewrite functionality specifying flexible tag 936 rewrites"; 937 } 939 /* 940 * flexible-match grouping. 941 * 942 * This grouping represents a flexible match. 943 * 944 * The rules for a flexible match are: 945 * 1. default, untagged, priority tag, or a stack of tags. 946 * - Each tag in the stack of tags matches: 947 * 1. tag type (802.1Q or 802.1ad) + 948 * 2. tag value: 949 * i. single tag 950 * ii. set of tag ranges/values. 951 * iii. "any" keyword 952 */ 953 grouping flexible-match { 954 description "Flexible match"; 955 choice match-type { 956 mandatory true; 957 description "Provides a choice of how the frames may be 958 matched"; 960 case default { 961 description "Default match"; 962 leaf default { 963 type empty; 964 description 965 "Default match. Matches all traffic not matched to any 966 other peer sub-interface by a more specific 967 encapsulation."; 968 } // leaf default 969 } // case default 971 case untagged { 972 description "Match untagged Ethernet frames only"; 973 leaf untagged { 974 type empty; 975 description 976 "Untagged match. Matches all untagged traffic."; 977 } // leaf untagged 978 } // case untagged 980 case priority-tagged { 981 description "Match priority tagged Ethernet frames only"; 983 container priority-tagged { 984 description "Priority tag match"; 985 leaf tag-type { 986 type dot1q:dot1q-tag-type; 987 description "The 802.1Q tag type of matched priority 988 tagged packets"; 989 } 990 } 991 } 993 case vlan-tagged { 994 container vlan-tagged { 995 description "Matches VLAN tagged frames"; 996 list tag { 997 key "index"; 998 min-elements 1; 999 max-elements 2; 1000 description "The tags to match, with the outermost tag to 1001 match assigned index 0"; 1002 leaf index { 1003 type uint8 { 1004 range "0..1"; 1005 } 1007 must "index = 0 or 1008 count(../../tag[index = 0]/index) > 0" { 1009 error-message "An inner tag can only be matched on 1010 when also matching on an outer tag"; 1011 description "Only allow matching on an inner tag, if 1012 also matching on the outer tags at the 1013 same time"; 1014 } 1015 description 1016 "The index into the tag stack, outermost tag first"; 1017 } 1019 uses dot1q:dot1q-tag-ranges-or-any; 1020 } 1022 leaf match-exact-tags { 1023 type empty; 1024 description 1025 "If set, indicates that all 802.1Q VLAN tags in the 1026 Ethernet frame header must be explicitly matched, i.e. 1027 the EtherType following the matched tags must not be a 1028 802.1Q tag EtherType. If unset then extra 802.1Q VLAN 1029 tags are allowed."; 1030 } 1031 } 1032 } 1033 } // encaps-type 1034 } 1036 /* 1037 * Grouping for tag-rewrite that can be expressed either 1038 * symmetrically, or in the ingress and/or egress directions 1039 * independently. 1040 */ 1041 grouping tag-rewrite { 1042 description "Flexible rewrite"; 1043 leaf pop-tags { 1044 type uint8 { 1045 range 1..2; 1046 } 1047 description "The number of tags to pop (or translate if used in 1048 conjunction with push-tags)"; 1049 } 1050 list push-tags { 1051 key "index"; 1052 max-elements 2; 1053 description "The number of tags to push (or translate if used 1054 in conjunction with pop-tags)"; 1055 /* 1056 * Server should order by increasing index. 1057 */ 1058 leaf index { 1059 type uint8 { 1060 range 0..1; 1061 } 1063 /* 1064 * Only allow a push of an inner tag if an outer tag is also 1065 * being pushed. 1066 */ 1067 must "index != 0 or 1068 count(../../push-tags[index = 0]/index) > 0" { 1069 error-message "An inner tag can only be pushed if an outer 1070 tag is also specified"; 1071 description "Only allow a push of an inner tag if an outer 1072 tag is also being pushed"; 1073 } 1074 description "The index into the tag stack"; 1075 } 1077 uses dot1q:dot1q-tag; 1078 } 1079 } 1081 /* 1082 * Grouping for all flexible rewrites of fields in the L2 header. 1083 * 1084 * This currently only includes flexible tag rewrites, but is 1085 * designed to be extensible to cover rewrites of other fields in 1086 * the L2 header if required. 1087 */ 1088 grouping flexible-rewrite { 1089 description "Flexible rewrite"; 1091 /* 1092 * Tag rewrite. 1093 * 1094 * All tag rewrites are formed using a combination of pop-tags 1095 * and push-tags operations. 1096 */ 1097 container tag-rewrite { 1098 if-feature tag-rewrites; 1099 description "Tag rewrite. Translate operations are expressed 1100 as a combination of tag push and pop operations."; 1101 uses tag-rewrite; 1102 } 1103 } 1105 augment "/if:interfaces/if:interface/if-cmn:encapsulation/" + 1106 "if-cmn:encaps-type" { 1107 when "../../if:type = 'ianaift:l2vlan' and 1108 ../../if-cmn:transport-layer = 'layer-2'" { 1109 description "Applies only to VLAN sub-interfaces that are 1110 operating at transport layer 2"; 1111 } 1112 description 1113 "Add flexible match and rewrite for VLAN sub-interfaces"; 1115 /* 1116 * A flexible encapsulation allows for the matching of ranges and 1117 * sets of VLAN Ids. The structure is also designed to be 1118 * extended to allow for matching/rewriting other fields within 1119 * the L2 frame header if required. 1120 */ 1121 case flexible { 1122 if-feature flexible-encapsulation-rewrites; 1123 description "Flexible encapsulation and rewrite"; 1124 container flexible { 1125 description "Flexible encapsulation and rewrite"; 1127 container match { 1128 description 1129 "The match used to classify frames to this interface"; 1130 uses flexible-match; 1131 } 1133 container rewrite { 1134 if-feature flexible-rewrites; 1135 description "L2 frame rewrite operations"; 1136 choice direction { 1137 description "Whether the rewrite policy is symmetrical or 1138 asymmetrical"; 1139 case symmetrical { 1140 container symmetrical { 1141 uses flexible-rewrite; 1142 description 1143 "Symmetrical rewrite. Expressed in the ingress 1144 direction, but the reverse operation is applied 1145 to egress traffic"; 1147 } 1148 } 1150 /* 1151 * Allow asymmetrical rewrites to be specified. 1152 */ 1153 case asymmetrical { 1154 if-feature asymmetric-rewrites; 1155 description "Asymmetrical rewrite"; 1156 container ingress { 1157 uses flexible-rewrite; 1158 description "Ingress rewrite"; 1159 } 1160 container egress { 1161 uses flexible-rewrite; 1162 description "Egress rewrite"; 1163 } 1164 } 1165 } 1166 } 1167 } 1168 } 1169 } 1171 augment "/if:interfaces/if:interface" { 1172 when "if:type = 'ianaift:l2vlan' and 1173 if-cmn:transport-layer = 'layer-2'" { 1174 description "Any L2 VLAN sub-interfaces"; 1175 } 1176 description "Add flexible encapsulation configuration for VLAN 1177 sub-interfaces"; 1179 /* 1180 * All flexible encapsulation specific interface configuration 1181 * (except for the actual encapsulation and rewrite) is contained 1182 * by a flexible-encapsulation container on the interface. 1183 */ 1184 container flexible-encapsulation { 1185 description 1186 "All per interface flexible encapsulation related fields"; 1188 /* 1189 * For encapsulations that match a range of VLANs (or Any), 1190 * allow configuration to specify the default VLAN tag values 1191 * to use for any traffic that is locally sourced from an 1192 * interface on the device. 1193 */ 1194 container local-traffic-default-encaps { 1195 description "The VLAN tags to use by default for locally 1196 sourced traffic"; 1197 list tag { 1198 key "index"; 1199 max-elements 2; 1201 description 1202 "The VLAN tags to use by locally sourced traffic"; 1204 leaf index { 1205 type uint8 { 1206 range "0..1"; 1207 } 1209 /* 1210 * Only allow an inner tag to be specified if an outer 1211 * tag has also been specified. 1212 */ 1213 must "index = 0 or 1214 count(../../tag[index = 0]/index) > 0" { 1215 error-message "An inner tag can only be specified if an 1216 outer tag has also been specified"; 1217 description "Ensure that an inner tag cannot be 1218 specified without an outer tag'"; 1219 } 1221 description "The index into the tag stack, outermost tag 1222 assigned index 0"; 1223 } 1225 uses dot1q:dot1q-tag; 1226 } 1227 } 1228 } 1229 } 1230 } 1231 1233 12. L2 BPDU filtering YANG Module 1235 This YANG module augments the interface container defined in RFC 7223 1236 [RFC7223] for Etherlike (Ethernet and 802.3 LAG (802.1AX) interfaces) 1237 trunk interfaces. 1239 file "l2-bpdu-filtering@2015-02-26.yang" 1240 module l2-bpdu-filtering { 1241 namespace "urn:ietf:params:xml:ns:yang:l2-bpdu-filtering"; 1242 prefix bpdu; 1243 import ietf-interfaces { 1244 prefix if; 1245 } 1247 import iana-if-type { 1248 prefix ianaift; 1249 } 1251 organization 1252 "Cisco Systems, Inc. 1253 Customer Service 1255 Postal: 170 W Tasman Drive 1256 San Jose, CA 95134 1258 Tel: +1 1800 553-NETS 1260 E-mail: cs-yang@cisco.com"; 1262 contact 1263 "Robert Wilton - rwilton@cisco.com"; 1265 description 1266 "This YANG module describes the extentions for 802.1Q defined 1267 filtering of BPDUs via the destination MAC address."; 1269 revision 2015-02-26 { 1270 description "Latest revision"; 1272 reference "Internet-Draft draft-ietf-rwilton-vlan-yang-00.txt"; 1273 } 1275 feature bpdu-filtering { 1276 description 1277 "This feature indicates that the device supports standards 1278 compliant BPDU filtering"; 1279 } 1281 /* 1282 * BPDU processing applies to all Etherlike interfaces. 1283 */ 1284 augment "/if:interfaces/if:interface" { 1285 when "if:type = 'ianaift:ethernetCsmacd' or 1286 if:type = 'ianaift:ieee8023adLag'" { 1287 description "Applies to all Etherlike interfaces"; 1288 } 1289 description "Add BPDU related configuration to Etherlike 1290 interfaces"; 1292 container bpdu { 1293 description "BPDU related configuration"; 1295 /* 1296 * The filtering leaf defines the filtering of L2 BPDUs based 1297 * on their destination MAC address. If no value has been 1298 * specified then the default behaviour is that there is no 1299 * filtering. 1300 */ 1301 leaf filtering { 1302 if-feature bpdu-filtering; 1303 type enumeration { 1304 enum c-vlan { 1305 description "C-VLAN ingress frame filtering"; 1306 reference 1307 "Table 8-1 C-VLAN and MAC Bridge component reserved 1308 addresses of IEEE 802.1Q (2014)"; 1309 } 1310 enum s-vlan { 1311 description "S-VLAN ingress frame filtering"; 1312 reference 1313 "Table 8-2 S-VLAN component reserved addresses of 1314 IEEE 802.1Q (2014)"; 1315 } 1316 enum mac-relay { 1317 description "2-port MAC relay ingress frame filtering"; 1318 reference 1319 "Table 8-3 TPMR component Reserved addresses of IEEE 1320 802.1Q (2014)"; 1321 } 1322 } 1323 description "The type of filtering to apply to all ingress 1324 BPDU frames on this interface. If no filtering 1325 behavior is specified then frames are forwarded 1326 by default unless they have been explicitly 1327 peered by protocol specific configuration"; 1328 } 1329 } 1330 } 1331 } 1332 1334 13. Acknowledgements 1336 The authors wish to thank Neil Ketley for his helpful comments 1337 contributing to this draft. 1339 14. IANA Considerations 1341 This document defines several new YANG module and the authors 1342 politely request that IANA assigns unique names to the YANG module 1343 files contained within this draft, and also appropriate URIs in the 1344 "IETF XML Registry". 1346 15. Security Considerations 1348 The YANG module defined in this memo is designed to be accessed via 1349 the NETCONF protocol RFC 6241 [RFC6241]. The lowest NETCONF layer is 1350 the secure transport layer and the mandatory to implement secure 1351 transport is SSH RFC 6242 [RFC6242]. The NETCONF access control 1352 model RFC 6536 [RFC6536] provides the means to restrict access for 1353 particular NETCONF users to a pre-configured subset of all available 1354 NETCONF protocol operations and content. 1356 There are a number of data nodes defined in this YANG module which 1357 are writable/creatable/deletable (i.e. config true, which is the 1358 default). These data nodes may be considered sensitive or vulnerable 1359 in some network environments. Write operations (e.g. edit-config) to 1360 these data nodes without proper protection can have a negative effect 1361 on network operations. These are the subtrees and data nodes and 1362 their sensitivity/vulnerability: 1364 15.1. interfaces-common.yang 1366 The interfaces-common YANG module contains a leaf to control the L2 1367 MTU of an interface or sub-interface which if changed or deleted 1368 could cause traffic loss on the affected interface or sub-interfaces, 1369 or it could cause layer 2 tunnels to go down due to a mismatch in 1370 negotiated MTU. The following leaf is affected: 1372 o interfaces/interface/l2-mtu 1374 15.2. if-l3-vlan.yang 1376 The nodes in the if-l3-vlan YANG module are concerned with matching 1377 particular frames received on the network device to connect them to a 1378 layer 3 forwarding instance, and as such adding/modifying/deleting 1379 these nodes has a high risk of causing traffic to be lost because it 1380 is not being classified correctly, or is being classified to a 1381 separate sub-interface. The nodes, all under the subtree 1382 /interfaces/interface/encapsulation/vlan, that are sensitive to this 1383 are: 1385 o tags 1386 o tags/index 1388 o tags/index/tag-type 1390 o tags/index/vlan-id 1392 15.3. flexible-encapsulation.yang 1394 There are many nodes in the flexible-encapsulation YANG module that 1395 are concerned with matching particular frames received on the network 1396 device, and as such adding/modifying/deleting these nodes has a high 1397 risk of causing traffic to be lost because it is not being classified 1398 correctly, or is being classified to a separate sub-interface. The 1399 nodes, all under the subtree 1400 /interfaces/interface/encapsulation/flexible/match, that are 1401 sensitive to this are: 1403 o default 1405 o untagged 1407 o priority-tagged 1409 o priority-tagged/tag-type 1411 o vlan-tagged 1413 o vlan-tagged/index 1415 o vlan-tagged/index/dot1q-tag/vlan-type 1417 o vlan-tagged/index/dot1q-tag/vlan-id 1419 o vlan-tagged/match-exact-tags 1421 There are also many modes in the flexible-encapsulation YANG module 1422 that are concerned with rewriting the fields in the L2 header for 1423 particular frames received on the network device, and as such 1424 adding/modifying/deleting these nodes has a high risk of causing 1425 traffic to be dropped or incorrectly processed on peer network 1426 devices, or it could cause layer 2 tunnels to go down due to a 1427 mismatch in negotiated MTU. The nodes, all under the subtree 1428 /interfaces/interface/encapsulation/flexible/rewrite, that are 1429 sensitive to this are: 1431 o symmetrical/tag-rewrite/pop-tags 1433 o symmetrical/tag-rewrite/push-tags 1434 o symmetrical/tag-rewrite/push-tags/index 1436 o symmetrical/tag-rewrite/push-tags/dot1q-tag/tag-type 1438 o symmetrical/tag-rewrite/push-tags/dot1q-tag/vlan-id 1440 o asymmetrical/ingress/tag-rewrite/pop-tags 1442 o asymmetrical/ingress/tag-rewrite/push-tags 1444 o asymmetrical/ingress/tag-rewrite/push-tags/index 1446 o asymmetrical/ingress/tag-rewrite/push-tags/dot1q-tag/tag-type 1448 o asymmetrical/ingress/tag-rewrite/push-tags/dot1q-tag/vlan-id 1450 o asymmetrical/egress/tag-rewrite/pop-tags 1452 o asymmetrical/egress/tag-rewrite/push-tags 1454 o asymmetrical/egress/tag-rewrite/push-tags/index 1456 o asymmetrical/egress/tag-rewrite/push-tags/dot1q-tag/tag-type 1458 o asymmetrical/egress/tag-rewrite/push-tags/dot1q-tag/vlan-id 1460 Nodes in the flexible-encapsulation YANG module that are concerned 1461 with the VLAN tags to use for traffic sourced from the network 1462 element could cause protocol sessions (such as CFM) to fail if they 1463 are added, modified or deleted. The nodes, all under the subtree 1464 /interfaces/interface/flexible-encapsulation/local-traffic-default- 1465 encaps that are sensitive to this are: 1467 o tag 1469 o tag/index 1471 o tag/dot1q-tag/tag-type 1473 o tag/dot1q-tag/vlan-id 1475 15.4. l2-bpdu-filtering.yang 1477 The l2-bpdu-filtering YANG module specifies a single leaf that 1478 defines what type of L2 BPDU filtering is in effect. 1479 Adding/modifying/deleting the following node could cause 1480 instabilities in L2 control protocols which could indirectly cause 1481 frame loss of network outages. Affected node: 1483 o interfaces/interface/bpdu/filtering 1485 16. References 1487 16.1. Normative References 1489 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1490 Requirement Levels", BCP 14, RFC 2119, March 1997. 1492 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the 1493 Network Configuration Protocol (NETCONF)", RFC 6020, 1494 October 2010. 1496 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1497 Management", RFC 7223, May 2014. 1499 [RFC7224] Bjorklund, M., "IANA Interface Type YANG Module", RFC 1500 7224, May 2014. 1502 16.2. Informative References 1504 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. 1505 Bierman, "Network Configuration Protocol (NETCONF)", RFC 1506 6241, June 2011. 1508 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1509 Shell (SSH)", RFC 6242, June 2011. 1511 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1512 Protocol (NETCONF) Access Control Model", RFC 6536, March 1513 2012. 1515 Authors' Addresses 1517 Robert Wilton (editor) 1518 Cisco Systems 1520 Email: rwilton@cisco.com 1522 David Ball 1523 Cisco Systems 1525 Email: daviball@cisco.com 1526 Giles Heron 1527 Cisco Systems 1529 Email: giheron@cisco.com