idnits 2.17.1 draft-wu-opsawg-network-overlay-resource-model-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 63 instances of too long lines in the document, the longest one being 94 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 260 has weird spacing: '...cess-id svc-...' == Line 283 has weird spacing: '...cess-id leaf...' == Line 284 has weird spacing: '...vice-id leaf...' == Line 288 has weird spacing: '...roup-id strin...' == Line 291 has weird spacing: '...nt-type ident...' == (8 more instances...) -- The document date (March 2, 2018) is 2247 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC8299' is mentioned on line 81, but not defined == Missing Reference: 'RFC8309' is mentioned on line 83, but not defined == Missing Reference: 'CE1' is mentioned on line 403, but not defined == Missing Reference: 'CE3' is mentioned on line 403, but not defined == Missing Reference: 'CE2' is mentioned on line 407, but not defined == Missing Reference: 'PE1' is mentioned on line 407, but not defined == Missing Reference: 'CE4' is mentioned on line 407, but not defined == Missing Reference: 'X5' is mentioned on line 416, but not defined == Missing Reference: 'RFC8040' is mentioned on line 1452, but not defined == Missing Reference: 'RFC5246' is mentioned on line 1456, but not defined ** Obsolete undefined reference: RFC 5246 (Obsoleted by RFC 8446) == Unused Reference: 'RFC6370' is defined on line 1542, but no explicit reference was found in the text == Unused Reference: 'RFC7952' is defined on line 1556, but no explicit reference was found in the text ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) Summary: 3 errors (**), 0 flaws (~~), 19 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 OPSAWG Working Group Q. Wu 3 Internet-Draft M. Wang 4 Intended status: Standards Track Huawei 5 Expires: September 3, 2018 M. Boucadair 6 Orange 7 March 2, 2018 9 A YANG Data Module for Network Virtualization Overlay Resource 10 Management 11 draft-wu-opsawg-network-overlay-resource-model-00 13 Abstract 15 This document defines a YANG data module for Network Virtualization 16 Overlay Resource Management. It is a resource facing model 17 independent of control plane protocols and captures topological and 18 resource related information pertaining to Network Virtualization 19 Overlay. 21 This module enables clients, which interact with a network 22 orchestrator or controller via a REST interface, for Network 23 Virtualization Overlay topology related operations such as obtaining 24 and allocating the relevant topology resource information. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on September 3, 2018. 43 Copyright Notice 45 Copyright (c) 2018 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Conventions used in this document . . . . . . . . . . . . . . 3 62 3. Overview of Network Virtualization Overlay Resource 63 Management Model . . . . . . . . . . . . . . . . . . . . . . 4 64 3.1. VN Service Configuration . . . . . . . . . . . . . . . . 6 65 3.1.1. VN and Network Access Association Configuration . . . 6 66 3.1.2. Traffic Performance Requirements Configuration . . . 7 67 3.2. VN Service Topology Resource Distribution configuration . 10 68 4. RPC Definitions for Computation of TE Path Element List and 69 Network Access Connectivity List . . . . . . . . . . . . . . 11 70 5. Data Hierarchy . . . . . . . . . . . . . . . . . . . . . . . 13 71 6. Network Virtualization Overlay Management YANG Module . . . . 17 72 7. Security Considerations . . . . . . . . . . . . . . . . . . . 33 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 74 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 75 9.1. Normative References . . . . . . . . . . . . . . . . . . 34 76 9.2. Informative References . . . . . . . . . . . . . . . . . 35 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 79 1. Introduction 81 [RFC8299] defines customer service model for L3VPN service that can 82 be used to describe a service as offered or delivered to a customer 83 by a network operator. As described in [RFC8309], a customer service 84 model is not resource facing model and does not describes how a 85 network operator realizes and delivers the service described by the 86 module since it is not used to directly configure network devices, 87 protocols, or functions or something sent to network devices (i.e., 88 routers or switches) for processing. 90 This document defines a YANG module for Network Virtualization 91 Overlay Management. It is a resource facing model independent of 92 control plane protocols and captures topological and resource related 93 information pertaining to Network Virtualization Overlay. 95 This module enables clients to interact with a network orchestrator 96 or controller via a RESTful interface, for providing connectivity 97 services over a Network Virtualization Overlay topology. In 98 particular, this module supports operations such as exposing abstract 99 service topology, retrieving, and allocating the relevant topology 100 resource information. 102 As a reminder, and as defined in [RFC7297], the IP connectivity 103 service is the IP transfer capability characterized by a (Source 104 Nets, Destination Nets, Guarantees, Scope) tuple where "Source Nets" 105 is a group of unicast IP addresses, "Destination Nets" is a group of 106 IP unicast and/or multicast addresses, and "Guarantees" reflects the 107 guarantees (expressed in terms of Quality Of Service (QoS), 108 performance, and availability, for example) to properly forward 109 traffic to the said "Destination". Finally, the "Scope" denotes the 110 (network) perimeter (e.g., between Provider Edge (PE) routers or 111 Customer Nodes) where the said guarantees need to be provided. These 112 requirements include: reachability scope (e.g., limited scope, 113 Internet-wide), direction (in/ou), bandwidth requirements, QoS 114 parameters (e.g., one-way delay [RFC7679], loss [RFC7680], or one-way 115 delay variation (jitter) [RFC3393]), protection, and high- 116 availability guidelines (e.g., restoration in less than 50 ms, 100 117 ms, or 1 second). 119 The module includes flow identification and classification rules that 120 are required for traffic conformance purposes. 122 How the data captured using this YANG module is tranlated into 123 network-spefic clauses is out of scope. 125 2. Conventions used in this document 127 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 128 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 129 document are to be interpreted as described in [RFC2119]. In this 130 document, these words will appear with that interpretation only when 131 in ALL CAPS. Lower case uses of these words are not to be 132 interpreted as carrying [RFC2119] significance. 134 The following notations are used within the data tree and carry the 135 meaning as below. 137 Each node is printed as: 139 141 is one of: 142 + for current 144 is one of: 146 rw for configuration data 147 ro for non-configuration data 148 -x for rpcs 149 -n for notifications 150 -w for writable 152 is the name of the node 154 If the node is augmented into the tree from another module, its name 155 is printed as :. 157 is one of: 159 ? for an optional leaf or choice 160 ! for a presence container 161 * for a leaf-list or list 162 [] for a list's keys 163 (choice)/:(case) Parentheses enclose choice and case nodes, 164 and case nodes are also marked with a colon (":") 165 is the name of the type for leafs and leaf-lists 167 3. Overview of Network Virtualization Overlay Resource Management Model 168 ----------- l3vpn-svc 169 Model | 170 Customer l2vpn-svc | 171 Facing Model Model | 172 +----------------------+ 173 ---------------| Service component | 174 +-----------+----------+ 175 | 176 VN Overlay | 177 Resource | 178 Resource Model | 179 Facing Model | 180 | 181 | 182 +----------+-----------+ 183 ------------ +----| Config component |-------+ 184 / +----------------------+ \ Network 185 / / \ \ Configuration 186 / / \ \ models 187 / / \ \ 188 +------+ Bearer +------+ +------+ +------+ 189 | CE A + ----------- + PE A | | PE B + ---- + CE B | 190 +------+ Connection +------+ +------+ +------+ 192 Site A Site B 194 L3VPN and L2VPN service models provide an abstracted view of the 195 Layer 3 and Layer 2 VPN service configuration components. Services 196 are built from a combination of network elements and protocols 197 configuration, but are specified for service users in more abstract 198 terms, e.g., these models will specify where to create site and 199 establish site-network-access of a particular site to the provider 200 network (e.g., PE, aggregation switch) and what service requirements 201 of each site-network-access are. 203 Site location can be determined based on proposed location parameters 204 and constraints in these service models and service requirements of 205 each site-network-access can be determined based on traffic 206 performance metrics (e.g., one-way delay, one-way delay variation, 207 bandwidth) of each PE-CE link connectivity and traffic performance 208 metrics of each service flow or application. The management system 209 will use service models as an input to select appropriate PEs and 210 CEs, allocate interface on the node, generate PE and CE configuration 211 associated with each PE-CE link. 213 Based on selected PE and CE configuration on each site-network-access 214 of a particular site, the management system can use L3VPN service 215 model and L2VPN service model as inputs and translate it into 216 resource facing model, i.e., the network virtualization overlay 217 resource model. 219 This resource facing model can be seen as the projection model of 220 L3VPN service and L2VPN service model and is used to compute path 221 elements and the network access connectivity list when two sites 222 belonging to one VPN spanning across several domains. It also can be 223 combined with other performance measurement or warning models to 224 expose abstract service topology and resource distribution in the 225 network re-optimization cases. 227 3.1. VN Service Configuration 229 The YANG module is divided into two main containers: "vn-services" 230 and "sites". 232 The "vn-service" list under the vn-services container defines global 233 parameters for the VN service for a specific customer. The "vn-id" 234 provided in the vn-service list refers to an internal reference for 235 this VN service, while the customer name refers to a more-explicit 236 reference to the customer. The "vn-type" in the vn-service list 237 refers to a set of basic VPN type. In addition, each "vn-service" 238 also include a list of "site-network-access". 240 The service requirements on each "site-network-access" or site to 241 site service requirements is specified in details in the service 242 container under "sites/site" or "sites/site/site-network-access". 244 3.1.1. VN and Network Access Association Configuration 246 Within a given VN service there can be one or more VN and Network 247 Access Associations(VNAAs). VNAAs are represented as a list and 248 indexed by the vn-id and vn-type. 250 module: ietf-vn-rsc 251 +--rw vn-rsc 252 +--rw vn-services 253 | +--rw vn-service* [vn-id] 254 | +--rw vn-id svc-id 255 | +--rw vn-type identityref 256 . 257 . 258 | +--rw site-network-accesses 259 | +--rw site-network-access* [site-network-access-id] 260 | +--rw site-network-access-id svc-id 262 Snippet of data hierarchy related to VN and Network Access 263 Associations (VNAA) 265 3.1.2. Traffic Performance Requirements Configuration 267 3.1.2.1. Per-Site Network Access Requirements 269 Per-Site network access traffic performance requirements are 270 represented as a list within the data hierarchy and indexed by the 271 key site-network-access-id. 273 Traffic Performance requirements include latency, jitter, and 274 bandwidth utilization. Upload bandwidth and download bandwidth are 275 performance parameters associated each domain-network-access. 277 Latency, jitter, and bandwidth utilization are performance 278 requirements associated with each service flow or application. 280 module: ietf-vn-rsc 281 +--rw site-network-accesses 282 +--rw site-network-access* [site-network-access-id] 283 +--rw site-network-access-id leafref 284 +--rw device-id leafref 285 +--rw access-diversity {site-diversity}? 286 | +--rw groups 287 | | +--rw group* [group-id] 288 | | +--rw group-id string 289 | +--rw constraints 290 | +--rw constraint* [constraint-type] 291 | +--rw constraint-type identityref 292 | +--rw target 293 | +--rw (target-flavor)? 294 | +--:(id) 295 | | +--rw group* [group-id] 296 | | ... 297 | +--:(all-accesses) 298 | | +--rw all-other-accesses? empty 299 | +--:(all-groups) 300 | +--rw all-other-groups? empty 301 +--rw service 302 | +--rw svc-input-bandwidth? uint32 303 | +--rw svc-output-bandwidth? uint32 304 | +--rw svc-mtu? uint16 305 | +--rw qos {qos}? 306 | | +--rw qos-classification-policy 307 | | | +--rw rule* [id] 308 | | | +--rw id uint16 309 | | | +--rw (match-type)? 310 | | | | +--:(match-flow) 311 | | | | | +--rw match-flow 312 | | | | | ... 313 | | | | +--:(match-application) 314 | | | | +--rw match-application? identityref 315 | | | +--rw target-class-id? string 316 | | +--rw qos-profile 317 | | +--rw (qos-profile)? 318 | | +--:(standard) 319 | | | +--rw profile? string 320 | | +--:(custom) 321 | | +--rw classes {qos-custom}? 322 | | +--rw class* [class-id] 324 Snippet of data hierarchy related to Per Site network access QoS 325 requirements 327 3.1.2.2. Site-to-Site Traffic Performance Requirements 329 QoS guarantees denote a set of transfer performance metrics that 330 characterize the quality of the transfer treatment to be experienced 331 (when crossing a transport infrastructure) by a flow issued from or 332 forwarded to a (set of) sites. 334 Suppose one VPN has multiple sites and any two sites span across 335 multiple domains, site-to-site network access QoS requirements can be 336 used to describe QoS requirements across sites. 338 Site-to-site network access traffic performance requirements are 339 represented as a list within the data hierarchy and indexed by the 340 key 'site-id'. The source site is specified as 'site-id' under site 341 list, the 'target-site' is specified under match-flow case. 343 Traffic performance requirements include latency, jitter, and 344 bandwidth utilization. 346 Shaping/policing filters may be applied so as to assess whether 347 traffic is within the capacity profile or out of profile. Out-of- 348 profile traffic may be discarded or assigned another class. 350 module: ietf-vn-rsc 351 +--rw sites 352 +--rw site* [site-id] 353 +--rw site-id svc-id 354 +--rw service 355 | +--rw qos {qos}? 356 | | +--rw qos-classification-policy 357 | | | +--rw rule* [id] 358 | | | +--rw id uint16 359 | | | +--rw (match-type)? 360 | | | | +--:(match-flow) 361 | | | | | +--rw match-flow 362 | | | | | +--rw target-sites* svc-id 363 | | | +--rw target-class-id? string 364 | | +--rw qos-profile 365 | | +--rw (qos-profile)? 366 | | +--:(standard) 367 | | | +--rw profile? string 368 | | +--:(custom) 369 | | +--rw classes {qos-custom}? 370 | | +--rw class* [class-id] 371 | | +--rw class-id string 372 | | +--rw rate-limit? uint8 373 | | +--rw latency 374 | | | +--rw (flavor)? 375 | | | ... 376 | | +--rw jitter 377 | | | +--rw (flavor)? 378 | | | ... 379 | | +--rw bandwidth 380 | | +--rw guaranteed-bw-percent? uint8 381 | | +--rw end-to-end? empty 383 Snippet of data hierarchy related to Site to Site QoS requirements 385 3.2. VN Service Topology Resource Distribution configuration 387 A 'site' is composed of at least one "site-network-access" and, in 388 the case of multihoming, may have multiple site-network-access 389 points. 391 For each "site-network-access", the ingress device/customer device 392 and/or egress device has been selected to connect to the provider 393 network, ingress device list is specified under site and egress 394 device is specified under vn-attachment container. 396 With selected ingress device and egress device and VN membership, VN 397 service topology can be constructed. Resource allocation for Site to 398 Site connectivity or connectivity within site can be further 399 calculated based on this VN service topology. 401 VPN1-Site1 VPN1-Site2 402 +------------------------------------------------------------+ 403 / [CE1].. [PE2______[CE3] / 404 / / \ : : \_ / : / 405 / / \ : : \_ / : / 406 / / \ : : \ / : / 407 / [CE2]___[PE1]: : [CE4] : / 408 +------:-------:---:---------------------------------:-----:-+ 409 : : : : : : 410 : : : : : : 411 : +-------:---:-----:------------:-----:-----+ 412 : / [X1]__:___:___________[X2] : / 413 :/ / \_ : : _____/ / : / 414 : / \_ : _____/ / : / 415 /: / \: / / : / 416 / : / [X5] / : / 417 / : / __/ \__ / : / 418 / : / ___/ \__ / : / 419 / : / ___/ \ / : / 420 / [X4]__________________[X3]..: / 421 +------------------------------------------+ 422 L3 Topology 424 4. RPC Definitions for Computation of TE Path Element List and Network 425 Access Connectivity List 427 The RPC model facilitates issuing commands to a NETCONF server (in 428 this case to the device that need to execute the path computation API 429 command or path computation algorithm) and obtain a response. RPC 430 model defined here abstracts path computation specific commands in a 431 technology independent manner. 433 There are two RPC commands defined for the purpose of computation of 434 path element list and network access connectivity list respectively. 435 In this section we present a snippet of the path element list 436 computation command and network access connectivity list computation 437 for illustration purposes. Please refer to Section 3.4 for the 438 complete data hierarchy and Section 4 for the YANG model. 440 rpcs: 441 +---x vn-path-element-compute 442 | +---w input 443 | | +---w vn-member-list* [vn-member-id] 444 | | +---w vn-member-id -> /vn-svc/vn-services/vn-service/vn-id 445 | | +---w constraint 446 | | | +---w path-element* [path-element-id] 447 | | | +---w path-element-id 448 | | | +---w address? 449 | | +---w objective-function? identityref 450 | | +---w metric* [metric-type] 451 | | +---w metric-type identityref 452 | | +---w metric-value? uint32 453 | +--ro output 454 | +--ro vn-member-list* [vn-member-id] 455 | +--ro vn-member-id -> /vn-svc/vn-services/vn-service/vn-id 456 | +--ro metric* [metric-type] 457 | | +--ro metric-type identityref 458 | | +--ro metric-value? uint32 459 | +--ro path 460 | +--ro path-element* [path-element-id] 461 | +--ro path-element-id 462 +---x vn-network-connectivity-stitch 463 +---w input 464 | +---w vn-member-list* [vn-id] 465 | +---w vn-id -> /vn-svc/vn-services/vn-service/vn-id 466 | +---w source-access* [access-id] 467 | | +---w access-id 468 | | +---w destination-access* [access-id] 469 | +---w objective-function? identityref 470 | +---w metric* [metric-type] 471 | +---w metric-type identityref 472 | +---w metric-value? uint32 473 +--ro output 474 +--ro vn-access-list* [index] 475 +--ro index uint32 476 +--ro source-access -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 477 +--ro destination-access-> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 478 +--ro multi-domain-network-access-list * [domain-id] 479 +--ro domain-id svc-id 480 +--ro network-access-id svc-id 482 With these two RPC commands, we can calculate 484 Path element list that is applied to network access connectivity 485 within the site, or Site to Site connectivity or end to end 486 connectivity. 488 Network access connectivity list that is applied to site to site 489 connectivity and end to end connectivity spanning across multiple 490 domains. 492 5. Data Hierarchy 494 The figure below describes the overall structure of the YANG module: 496 module: ietf-vn-rsc 497 +--rw vn-rsc 498 +--rw vn-services 499 | +--rw vn-service* [vn-id] 500 | +--rw vn-id svc-id 501 | +--rw customer-name? string 502 | +--rw service-topology? identityref 503 | +--rw site-network-accesses 504 | +--rw site-network-access* [site-network-access-id] 505 | +--rw site-network-access-id svc-id 506 +--rw sites 507 +--rw site* [site-id] 508 +--rw site-id svc-id 509 +--rw cpe-devices 510 | +--rw cpe-device* [device-id] 511 | +--rw device-id svc-id 512 | +--rw address-family? address-family 513 | +--rw address? inet:ip-address 514 | +--rw interfaces 515 | +--rw interface? if:interface-ref 516 | +--rw sub-interfaces* if:interface-ref 517 +--rw service 518 | +--rw qos {qos}? 519 | +--rw qos-classification-policy 520 | | +--rw rule* [id] 521 | | +--rw id string 522 | | +--rw (match-type)? 523 | | | +--:(match-flow) 524 | | | | +--rw match-flow 525 | | | | +--rw dscp? inet:dscp 526 | | | | +--rw dot1p? uint8 527 | | | | +--rw ipv4-src-prefix? inet:ipv4-prefix 528 | | | | +--rw ipv6-src-prefix? inet:ipv6-prefix 529 | | | | +--rw ipv4-dst-prefix? inet:ipv4-prefix 530 | | | | +--rw ipv6-dst-prefix? inet:ipv6-prefix 531 | | | | +--rw l4-src-port? inet:port-number 532 | | | | +--rw target-sites* svc-id {target-sites}? 533 | | | | +--rw l4-src-port-range 534 | | | | | +--rw lower-port? inet:port-number 535 | | | | | +--rw upper-port? inet:port-number 536 | | | | +--rw l4-dst-port? inet:port-number 537 | | | | +--rw l4-dst-port-range 538 | | | | | +--rw lower-port? inet:port-number 539 | | | | | +--rw upper-port? inet:port-number 540 | | | | +--rw protocol-field? union 541 | | | +--:(match-application) 542 | | | +--rw match-application? identityref 543 | | +--rw target-class-id? string 544 | +--rw qos-profile 545 | +--rw (qos-profile)? 546 | +--:(standard) 547 | | +--rw profile? 548 -> /vn-svc/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id 549 | +--:(custom) 550 | +--rw classes {qos-custom}? 551 | +--rw class* [class-id] 552 | +--rw class-id string 553 | +--rw direction? identityref 554 | +--rw rate-limit? uint8 555 | +--rw latency 556 | | +--rw (flavor)? 557 | | +--:(lowest) 558 | | | +--rw use-lowest-latency? empty 559 | | +--:(boundary) 560 | | +--rw latency-boundary? uint16 561 | +--rw jitter 562 | | +--rw (flavor)? 563 | | +--:(lowest) 564 | | | +--rw use-lowest-jitter? empty 565 | | +--:(boundary) 566 | | +--rw latency-boundary? uint32 567 | +--rw bandwidth 568 | +--rw guaranteed-bw-percent uint8 569 | +--rw end-to-end? empty 570 +--rw site-network-accesses 571 +--rw site-network-access* [site-network-access-id] 572 +--rw site-network-access-id 573 -> /vn-svc/vn-services/vn-service/site-network-accesses/site-network-access/site-network-access-id 574 +--rw ingress-device-id? -> /vn-svc/sites/site/cpe-devices/cpe-device/device-id 575 +--rw access-diversity {site-diversity}? 576 | +--rw groups 577 | | +--rw group* [group-id] 578 | | +--rw group-id string 579 | +--rw constraints 580 | +--rw constraint* [constraint-type] 581 | +--rw constraint-type identityref 582 | +--rw target 583 | +--rw (target-flavor)? 584 | +--:(id) 585 | | +--rw group* [group-id] 586 | | +--rw group-id string 587 | +--:(all-accesses) 588 | | +--rw all-other-accesses? empty 589 | +--:(all-groups) 590 | +--rw all-other-groups? empty 591 +--rw service 592 | +--rw svc-input-bandwidth? uint32 593 | +--rw svc-output-bandwidth? uint32 594 | +--rw svc-mtu? uint16 595 | +--rw qos {qos}? 596 | +--rw qos-classification-policy 597 | | +--rw rule* [id] 598 | | +--rw id string 599 | | +--rw (match-type)? 600 | | | +--:(match-flow) 601 | | | | +--rw match-flow 602 | | | | +--rw dscp? inet:dscp 603 | | | | +--rw dot1p? uint8 604 | | | | +--rw ipv4-src-prefix? inet:ipv4-prefix 605 | | | | +--rw ipv6-src-prefix? inet:ipv6-prefix 606 | | | | +--rw ipv4-dst-prefix? inet:ipv4-prefix 607 | | | | +--rw ipv6-dst-prefix? inet:ipv6-prefix 608 | | | | +--rw l4-src-port? inet:port-number 609 | | | | +--rw target-sites* svc-id {target-sites}? 610 | | | | +--rw l4-src-port-range 611 | | | | | +--rw lower-port? inet:port-number 612 | | | | | +--rw upper-port? inet:port-number 613 | | | | +--rw l4-dst-port? inet:port-number 614 | | | | +--rw l4-dst-port-range 615 | | | | | +--rw lower-port? inet:port-number 616 | | | | | +--rw upper-port? inet:port-number 617 | | | | +--rw protocol-field? union 618 | | | +--:(match-application) 619 | | | +--rw match-application? identityref 620 | | +--rw target-class-id? string 621 | +--rw qos-profile 622 | +--rw (qos-profile)? 623 | +--:(standard) 624 | | +--rw profile? 625 -> /vn-svc/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id 626 | +--:(custom) 627 | +--rw classes {qos-custom}? 628 | +--rw class* [class-id] 629 | +--rw class-id string 630 | +--rw direction? identityref 631 | +--rw rate-limit? uint8 632 | +--rw latency 633 | | +--rw (flavor)? 634 | | +--:(lowest) 635 | | | +--rw use-lowest-latency? empty 636 | | +--:(boundary) 637 | | +--rw latency-boundary? uint16 638 | +--rw jitter 639 | | +--rw (flavor)? 640 | | +--:(lowest) 641 | | | +--rw use-lowest-jitter? empty 642 | | +--:(boundary) 643 | | +--rw latency-boundary? uint32 644 | +--rw bandwidth 645 | +--rw guaranteed-bw-percent uint8 646 | +--rw end-to-end? empty 647 +--rw vn-attachments 648 +--rw vn-attachment* [vn-id] 649 +--rw vn-id svc-id 650 +--rw vn-type? identityref 651 +--rw attachment-point 652 +--rw egress-device-id? svc-id 653 +--rw address-family? address-family 654 +--rw address? inet:ip-address 655 +--rw interfaces 656 +--rw interface? if:interface-ref 657 +--rw sub-interfaces* if:interface-ref 659 rpcs: 660 +---x vn-path-element-compute 661 | +---w input 662 | | +---w vn-member-list* [vn-member-id] 663 | | +---w vn-member-id -> /vn-svc/vn-services/vn-service/vn-id 664 | | +---w src 665 | | | +---w src-address? -> /vn-svc/sites/site/site-id 666 | | | +---w site-network-access-id? 667 -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 668 | | +---w dst 669 | | | +---w dst-address? -> /vn-svc/sites/site/site-id 670 | | | +---w site-network-access-id? 671 -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 672 | | +---w constraint 673 | | | +---w path-element* [path-element-id] 674 | | | +---w path-element-id -> /vn-svc/sites/site/site-network-accesses/site-network-access/vn-attachments/vn-attachment/attachment-point/pe-device-id 675 | | | +---w address? -> /vn-svc/sites/site/site-network-accesses/site-network-access/vn-attachments/vn-attachment/attachment-point/address 676 | | +---w objective-function? identityref 677 | | +---w metric* [metric-type] 678 | | +---w metric-type identityref 679 | | +---w metric-value? uint32 680 | +--ro output 681 | +--ro vn-member-list* [vn-member-id] 682 | +--ro vn-member-id uint32 683 | +--ro src 684 | | +--ro src-address? -> /vn-svc/sites/site/site-id 685 | | +--ro site-network-access-id? -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 686 | +--ro dst 687 | | +--ro dst-address? -> /vn-svc/sites/site/site-id 688 | | +--ro site-network-access-id? -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 689 | +--ro metric* [metric-type] 690 | | +--ro metric-type identityref 691 | | +--ro metric-value? uint32 692 | +--ro path 693 | +--ro path-element* [path-element-id] 694 | +--ro path-element-id -> /vn-svc/sites/site/site-network-accesses/site-network-access/vn-attachments/vn-attachment/attachment-point/pe-device-id 695 | +--ro index? uint32 696 | +--ro address? -> /vn-svc/sites/site/site-network-accesses/site-network-access/vn-attachments/vn-attachment/attachment-point/address 697 | +--ro hop-type? identityref 698 +---x vn-network-connectivity-stitch 699 +---w input 700 | +---w vn-list* [vn-id] 701 | +---w vn-id -> /vn-svc/vn-services/vn-service/vn-id 702 | +---w source-access* [access-id] 703 | | +---w access-id -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 704 | | +---w destination-access* [access-id] 705 | | +---w access-id -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 706 | +---w objective-function? identityref 707 | +---w metric* [metric-type] 708 | +---w metric-type identityref 709 | +---w metric-value? uint32 710 +--ro output 711 +--ro vn-access-list* [index] 712 +--ro index uint32 713 +--ro source-access -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 714 +--ro destination-access-> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id 715 +--ro multi-domain-network-access-list * 716 +--ro domain-id svc-id 717 +--ro network-access-id svc-id 719 6. Network Virtualization Overlay Management YANG Module 721 file "ietf-vn-rsc@2018-02-03.yang" 722 module ietf-vn-rsc { 723 yang-version 1.1; 724 namespace "urn:ietf:params:xml:ns:yang:ietf-vn-rsc"; 725 prefix vnrsc; 727 import ietf-inet-types { 728 prefix inet; 729 } 730 import ietf-l3vpn-svc { 731 prefix l3vpn-svc; 732 } 733 import ietf-interfaces{ 734 prefix if; 735 } 737 organization 738 "IETF OPSAWG Working Group."; 739 contact 740 "WG List: foo@ietf.org 741 Editor: Qin Wu 742 Editor: Zitao Wang "; 744 description 745 "The YANG module defines a generic service configuration 746 model for Layer VN services common across all of the 747 vendor implementations."; 749 revision 2018-02-03{ 750 description 751 "Initial revision"; 752 reference 753 "A YANG Data Model for VN Service Delivery."; 754 } 755 /* Features */ 757 /* Typedefs */ 758 typedef svc-id { 759 type string; 760 description 761 "Type definition for servicer identifier"; 762 } 763 typedef address-family { 764 type enumeration { 765 enum ipv4 { 766 description 767 "IPv4 address family."; 768 } 769 enum ipv6 { 770 description 771 "IPv6 address family."; 772 } 773 } 774 description 775 "Defines a type for the address family."; 776 } 777 /* 779 /* Identities */ 780 identity vn-type { 781 description 782 "Base identity for VN type"; 783 } 784 identity l2vpn { 785 base vn-type; 786 description 787 "Identity for Layer 2 vpn"; 788 } 789 identity l3vpn { 790 base vn-type; 791 description 792 "Identity for Layer 3 vpn"; 793 } 794 identity evpn { 795 base l2vpn; 796 description 797 "Identity for evpn"; 798 } 799 identity vpls { 800 base l2vpn; 801 description 802 "Identity for vpls"; 803 } 804 identity vpw { 805 base l2vpn; 806 description 807 "Identity for vpw"; 808 } 809 identity vpn-topology { 810 description 811 "Base identity for VPN topology."; 812 } 813 identity any-to-any { 814 base vpn-topology; 815 description 816 "Identity for any-to-any VPN topology."; 817 } 818 identity hub-spoke { 819 base vpn-topology; 820 description 822 "Identity for Hub-and-Spoke VPN topology."; 824 } 825 identity hub-spoke-disjoint { 826 base vpn-topology; 827 description 828 "Identity for Hub-and-Spoke VPN topology 829 where Hubs cannot communicate with each other."; 830 } 832 identity objective-function{ 833 description 834 "Identity for objective function"; 835 } 837 identity metric-type{ 838 description 839 "Identity for metric type"; 840 } 842 identity hop-type{ 843 description 844 "Identity for hop-type"; 845 } 846 identity loose{ 847 base hop-type; 848 description 849 "loose hop in an explicit path"; 850 } 851 identity strict{ 852 base hop-type; 853 description 854 "strict hop in an explicit path"; 855 } 856 /* Grouping */ 857 grouping vn-service-list { 858 list vn-service { 859 key "vn-id"; 860 leaf vn-id { 861 type svc-id; 862 description 863 "VN id"; 864 } 865 leaf customer-name { 866 type string; 867 description 868 "Customer name"; 869 } 870 leaf service-topology { 871 type identityref { 872 base vpn-topology; 873 } 874 default any-to-any; 875 description 876 "VPN service topology."; 877 } 878 container site-network-accesses{ 879 list site-network-access{ 880 key "site-network-access-id"; 881 leaf site-network-access-id{ 882 type svc-id; 883 description 884 "Site network access identifier"; 885 } 886 description 887 "List for site-network access"; 888 } 889 description 890 "Container for site network accesses"; 891 } 893 description 894 "List for vn service"; 895 } 896 description 897 "Grouping for vn service list"; 898 } 899 grouping vn-services-grouping{ 900 container vn-services{ 901 uses vn-service-list; 902 description 903 "Container for virtual network service"; 904 } 905 description 906 "Grouping for vn services"; 907 } 909 grouping interfaces-grouping{ 910 container interfaces{ 911 leaf interface{ 912 type if:interface-ref; 913 description 914 "Base interface"; 915 } 916 leaf-list sub-interfaces{ 917 type if:interface-ref; 918 description 919 "Sub interfaces"; 921 } 922 description 923 "Container for interfaces"; 924 } 925 description 926 "Grouping for interfaces"; 927 } 929 grouping cpe-device-list{ 930 list cpe-device{ 931 key "device-id"; 932 leaf device-id { 933 type svc-id; 934 description 935 "Device identifier"; 936 } 937 leaf address-family{ 938 type address-family; 939 description 940 "Address family used for management. If address-family 941 is specified, the address may or may not be specified 942 (by the customer)."; 943 } 944 leaf address{ 945 type inet:ip-address; 946 description 947 "IP address"; 948 } 949 uses interfaces-grouping; 950 description 951 "List for devices"; 952 } 953 description 954 "Grouping for cpe device list"; 956 } 957 grouping cpe-devices-grouping{ 958 container cpe-devices{ 959 uses cpe-device-list; 960 description 961 "Container for cpe devices"; 962 } 963 description 964 "grouping for cpe-devices-grouping"; 965 } 967 grouping bandwidth-grouping { 968 leaf svc-input-bandwidth{ 969 type uint32; 970 description 971 "Service input bandwidth"; 972 } 973 leaf svc-output-bandwidth{ 974 type uint32; 975 description 976 "Service output bandwidth"; 977 } 978 description 979 "Grouping for bandwidth"; 980 } 982 grouping attachment-point-grouping{ 983 container attachment-point{ 984 leaf pe-device-id { 985 type svc-id; 986 description 987 "PE Device identifier"; 988 } 989 leaf address-family{ 990 type address-family; 991 description 992 "Address family used for management. If address-family 993 is specified, the address may or may not be specified 994 (by the customer)."; 995 } 996 leaf address{ 997 type inet:ip-address; 998 description 999 "IP address"; 1000 } 1001 uses interfaces-grouping; 1002 description 1003 "Container for attachment point"; 1004 } 1005 description 1006 "Grouping for attachment points"; 1007 } 1009 grouping vn-attachment-list{ 1010 list vn-attachment{ 1011 key "vn-id"; 1012 leaf vn-id{ 1013 type svc-id; 1014 description 1015 "Virtual network identifier"; 1016 } 1017 leaf vn-type{ 1018 type identityref{ 1019 base vn-type; 1020 } 1021 description 1022 "VN type"; 1023 } 1024 uses attachment-point-grouping; 1025 description 1026 "List for VN attachments"; 1027 } 1028 description 1029 "Grouping for VN attachment list"; 1030 } 1032 grouping vn-attachments-grouping{ 1033 container vn-attachments{ 1034 uses vn-attachment-list; 1035 description 1036 "Container for VN attachments"; 1037 } 1038 description 1039 "Grouping for VN attachments"; 1040 } 1042 grouping site-network-access-list{ 1043 list site-network-access{ 1044 key "site-network-access-id"; 1045 leaf site-network-access-id{ 1046 type leafref{ 1047 path "/vn-svc/vn-services/vn-service" 1048 +"/site-network-accesses/site-network-access" 1049 +"/site-network-access-id"; 1050 } 1051 description 1052 "Site network access identifier"; 1053 } 1054 leaf device-id { 1055 type leafref{ 1056 path "/vn-svc/sites/site/cpe-devices" 1057 +"/cpe-device/device-id"; 1058 } 1059 description 1060 "Device id"; 1061 } 1062 uses l3vpn-svc:access-diversity; 1063 container service { 1064 uses bandwidth-grouping; 1065 leaf svc-mtu { 1066 type uint16; 1067 description 1068 "Service-mtu"; 1069 } 1070 uses l3vpn-svc:site-service-qos-profile; 1071 description 1072 "Container for service"; 1073 } 1074 uses vn-attachments-grouping; 1075 description 1076 "List for site-network access"; 1078 } 1079 description 1080 "Grouping for site-network access list"; 1081 } 1083 grouping site-network-accesses-grouping{ 1084 container site-network-accesses{ 1085 uses site-network-access-list; 1086 description 1087 "Container for site network accesses"; 1088 } 1089 description 1090 "Grouping for site network accesses"; 1091 } 1093 grouping site-list-grouping{ 1094 list site { 1095 key "site-id"; 1096 leaf site-id { 1097 type svc-id; 1098 description 1099 "Site identifier"; 1100 } 1101 uses cpe-devices-grouping; 1102 container service { 1103 uses l3vpn-svc:site-service-qos-profile; 1104 description 1105 "Site service"; 1106 } 1107 uses site-network-accesses-grouping; 1108 description 1109 "List for sites"; 1110 } 1111 description 1112 "Grouping for site list"; 1113 } 1115 grouping sites-grouping { 1116 container sites{ 1117 uses site-list-grouping; 1118 description 1119 "Container for sites"; 1120 } 1121 description 1122 "Grouping for sites"; 1123 } 1125 grouping src-grouping{ 1126 container src{ 1127 leaf src-address{ 1128 type leafref { 1129 path "/vn-svc/sites/site/site-id"; 1130 } 1131 description 1132 "Leaf list for source address"; 1133 } 1134 leaf site-network-access-id{ 1135 type leafref { 1136 path "/vn-svc/sites/site/site-network-accesses"+ 1137 "/site-network-access/site-network-access-id"; 1138 } 1139 description 1140 "Leaf list for site-network-access id"; 1141 } 1142 description 1143 "Container for source id"; 1144 } 1145 description 1146 "Grouping for source site"; 1147 } 1149 grouping dst-grouping{ 1150 container dst{ 1151 leaf dst-address{ 1152 type leafref { 1153 path "/vn-svc/sites/site/site-id"; 1154 } 1155 description 1156 "Leaf list for source address"; 1157 } 1158 leaf site-network-access-id{ 1159 type leafref { 1160 path "/vn-svc/sites/site/site-network-accesses"+ 1161 "/site-network-access/site-network-access-id"; 1162 } 1163 description 1164 "Leaf list for site-network-access id"; 1165 } 1166 description 1167 "Container for destination id"; 1168 } 1169 description 1170 "Grouping for source site"; 1171 } 1173 grouping objective-function-group{ 1174 leaf objective-function { 1175 type identityref{ 1176 base objective-function; 1177 } 1178 description 1179 "operational state of the objective function"; 1180 } 1181 description 1182 "Grouping for objective functions"; 1183 } 1185 grouping path-element-list{ 1186 list path-element{ 1187 key "path-element-id"; 1188 leaf path-element-id{ 1189 type leafref{ 1190 path "/vn-svc/sites/site/site-network-accesses"+ 1191 "/site-network-access/vn-attachments/vn-attachment"+ 1192 "/attachment-point/pe-device-id"; 1193 } 1194 description 1195 "Path element identifier"; 1196 } 1197 leaf address{ 1198 type leafref{ 1199 path "/vn-svc/sites/site/site-network-accesses"+ 1200 "/site-network-access/vn-attachments/vn-attachment"+ 1201 "/attachment-point/address"; 1202 } 1203 description 1204 "Path element address"; 1205 } 1206 description 1207 "List for path elements"; 1208 } 1209 description 1210 "Grouping for path elements"; 1211 } 1213 grouping constraint-grouping{ 1214 container constraint{ 1215 config false; 1216 uses path-element-list; 1217 description 1218 "Container for constraint"; 1219 } 1220 description 1221 "Grouping for constraint"; 1222 } 1224 grouping metric-grouping{ 1225 list metric { 1226 key metric-type; 1227 leaf metric-type { 1228 type identityref{ 1229 base metric-type; 1230 } 1231 description 1232 "Metric type"; 1233 } 1234 leaf metric-value { 1235 type uint32; 1236 description 1237 "Metric value"; 1238 } 1239 description 1240 "List for metric"; 1241 } 1242 description 1243 "Grouping for metric"; 1244 } 1246 grouping path-list{ 1247 list path-element{ 1248 key "path-element-id"; 1249 leaf path-element-id{ 1250 type leafref{ 1251 path "/vn-svc/sites/site/site-network-accesses"+ 1252 "/site-network-access/vn-attachments/vn-attachment"+ 1253 "/attachment-point/pe-device-id"; 1254 } 1255 description 1256 "Path element identifier"; 1257 } 1258 leaf index{ 1259 type uint32; 1260 description 1261 "Index"; 1262 } 1263 leaf address{ 1264 type leafref{ 1265 path "/vn-svc/sites/site/site-network-accesses"+ 1266 "/site-network-access/vn-attachments/vn-attachment"+ 1267 "/attachment-point/address"; 1268 } 1269 description 1270 "Path element address"; 1271 } 1272 leaf hop-type{ 1273 type identityref { 1274 base hop-type; 1275 } 1276 description 1277 "Hop type"; 1278 } 1279 description 1280 "List for path elements"; 1281 } 1282 description 1283 "Grouping for path list"; 1284 } 1286 grouping path-grouping{ 1287 container path{ 1288 uses path-list; 1289 description 1290 "Container for path"; 1291 } 1292 description 1293 "Grouping for path"; 1294 } 1295 grouping access-grouping{ 1296 list source-access{ 1297 key "access-id"; 1298 leaf access-id { 1299 type leafref{ 1300 path "/vn-svc/sites/site/site-network-accesses" 1301 +"/site-network-access/site-network-access-id"; 1302 } 1303 description 1304 "Access id"; 1305 } 1306 list destination-access{ 1307 key "access-id"; 1308 leaf access-id { 1309 type leafref{ 1310 path "/vn-svc/sites/site/site-network-accesses" 1311 +"/site-network-access/site-network-access-id"; 1312 } 1313 description 1314 "Access id"; 1315 } 1316 description 1317 "List for destination access id"; 1318 } 1319 description 1320 "List for source access id"; 1321 } 1322 description 1323 "Grouping for access"; 1324 } 1325 /* .....................................*/ 1327 container vn-svc{ 1328 uses vn-services-grouping; 1329 uses sites-grouping; 1330 description 1331 "Container for vn service"; 1332 } 1334 rpc vn-compute{ 1335 description 1336 "RPC for VN compute"; 1337 input { 1338 list vn-member-list { 1339 key "vn-member-id"; 1340 leaf vn-member-id{ 1341 type leafref{ 1342 path "/vn-svc/vn-services/vn-service/vn-id"; 1343 } 1344 description 1345 "VN member identifier"; 1346 } 1347 uses src-grouping; 1348 uses dst-grouping; 1349 uses constraint-grouping; 1350 uses objective-function-group; 1351 uses metric-grouping; 1352 description 1353 "List for vn member"; 1354 } 1356 } 1357 output{ 1358 list vn-member-list { 1359 key "vn-member-id"; 1360 leaf vn-member-id{ 1361 type uint32; 1362 description 1363 "VN member identifier"; 1364 } 1365 uses src-grouping; 1366 uses dst-grouping; 1367 uses metric-grouping; 1368 uses path-grouping; 1369 description 1370 "List for vn member"; 1371 } 1372 } 1373 } 1375 rpc vn-stitch{ 1376 description 1377 "RPC for VN compute"; 1378 input { 1379 list vn-list { 1380 key "vn-id"; 1381 leaf vn-id{ 1382 type leafref{ 1383 path "/vn-svc/vn-services/vn-service/vn-id"; 1384 } 1385 description 1386 "VN identifier"; 1387 } 1388 uses access-grouping; 1389 uses objective-function-group; 1390 uses metric-grouping; 1391 description 1392 "List for vn"; 1393 } 1395 } 1396 output{ 1397 list vn-access-list { 1398 key "index"; 1399 leaf index{ 1400 type uint32; 1401 description 1402 "Index for VN access"; 1403 } 1404 leaf source-access { 1405 type leafref{ 1406 path "/vn-svc/sites/site/site-network-accesses" 1407 +"/site-network-access/site-network-access-id"; 1408 } 1409 description 1410 "Source Access ID"; 1411 } 1412 leaf destination-access { 1413 type leafref{ 1414 path "/vn-svc/sites/site/site-network-accesses" 1415 +"/site-network-access/site-network-access-id"; 1416 } 1417 description 1418 "Destination Access ID"; 1419 } 1420 list multi-domain-network-access-list { 1421 key "domain-id network-access-id"; 1422 leaf domain-id { 1423 type string; 1424 description 1425 "Domain ID"; 1426 } 1427 leaf network-access-id { 1428 type leafref{ 1429 path "/vn-svc/sites/site/site-network-accesses" 1430 +"/site-network-access/site-network-access-id"; 1431 } 1432 description 1433 "Network access ID"; 1434 } 1435 description 1436 "List for multiple domain network access"; 1437 } 1438 description 1439 "List for vn access"; 1440 } 1441 } 1442 } 1443 } 1444 1446 7. Security Considerations 1448 The YANG modules defined in this document MAY be accessed via the 1449 RESTCONF protocol [RFC8040] or NETCONF protocol ([RFC6241]). The 1450 lowest RESTCONF or NETCONF layer requires that the transport-layer 1451 protocol provides both data integrity and confidentiality, see 1452 Section 2 in [RFC8040] and [RFC6241]. The lowest NETCONF layer is 1453 the secure transport layer, and the mandatory-to-implement secure 1454 transport is Secure Shell (SSH)[RFC6242] . The lowest RESTCONF layer 1455 is HTTPS, and the mandatory-to-implement secure transport is TLS 1456 [RFC5246]. 1458 The NETCONF access control model [RFC6536] provides the means to 1459 restrict access for particular NETCONF or RESTCONF users to a 1460 preconfigured subset of all available NETCONF or RESTCONF protocol 1461 operations and content. 1463 There are a number of data nodes defined in this YANG module that are 1464 writable/creatable/deletable (i.e., config true, which is the 1465 default). These data nodes may be considered sensitive or vulnerable 1466 in some network environments. Write operations (e.g., edit-config) 1467 to these data nodes without proper protection can have a negative 1468 effect on network operations. These are the subtrees and data nodes 1469 and their sensitivity/vulnerability: 1471 o /vn-svc/vn-services/vn-service 1473 The entries in this list include the whole vn service 1474 configurations to which the customer subscribed, and indirectly 1475 create or modify the egress and ingress device configurations. 1476 Unexpected changes to these entries could lead to the service 1477 disruption and/or network misbehavior. 1479 o /vn-svc/sites/site 1481 The entries in this list include the customer site configurations. 1482 Unexpected changes to these entries could lead to the service 1483 disruption and/or network misbehavior. 1485 Some of the readable data nodes in this YANG module may be considered 1486 sensitive or vulnerable in some network environments. It is thus 1487 important to control read access (e.g., via get, get-config, or 1488 notification) to these data nodes. These are the subtrees and data 1489 nodes and their sensitivity/vulnerability: 1491 o /vn-svc/vn-services/vn-service 1493 o /vn-svc/sites/site 1494 The entries in these lists include customer-proprietary or 1495 confidential information, e.g., customer-name, site location, what 1496 service the customer subscribes. 1498 8. IANA Considerations 1500 This document registers a URI in the IETF XML registry [RFC3688]. 1501 Following the format in [RFC3688], the following registration is 1502 requested to be made: 1504 --------------------------------------------------------------------- 1505 URI: urn:ietf:params:xml:ns:yang:ietf-vn-rsc 1507 Registrant Contact: The IESG. 1509 XML: N/A, the requested URI is an XML namespace. 1510 --------------------------------------------------------------------- 1512 This document registers a YANG module in the YANG Module Names 1513 registry [RFC7950]. 1515 --------------------------------------------------------------------- 1516 Name: ietf-vn-rsc 1517 Namespace: urn:ietf:params:xml:ns:yang:ietf-vn-rsc 1518 Prefix: vnrsc 1519 Reference: RFC xxxx 1520 --------------------------------------------------------------------- 1522 9. References 1524 9.1. Normative References 1526 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1527 Requirement Levels", March 1997. 1529 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1530 DOI 10.17487/RFC3688, January 2004, 1531 . 1533 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1534 and A. Bierman, Ed., "Network Configuration Protocol 1535 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1536 . 1538 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1539 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1540 . 1542 [RFC6370] Bocci, M., Swallow, G., and E. Gray, "MPLS Transport 1543 Profile (MPLS-TP) Identifiers", RFC 6370, 1544 DOI 10.17487/RFC6370, September 2011, 1545 . 1547 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1548 Protocol (NETCONF) Access Control Model", RFC 6536, 1549 DOI 10.17487/RFC6536, March 2012, 1550 . 1552 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1553 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1554 . 1556 [RFC7952] Lhotka, L., "Defining and Using Metadata with YANG", 1557 RFC 7952, DOI 10.17487/RFC7952, August 2016, 1558 . 1560 9.2. Informative References 1562 [RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation 1563 Metric for IP Performance Metrics (IPPM)", RFC 3393, 1564 DOI 10.17487/RFC3393, November 2002, 1565 . 1567 [RFC7297] Boucadair, M., Jacquenet, C., and N. Wang, "IP 1568 Connectivity Provisioning Profile (CPP)", RFC 7297, 1569 DOI 10.17487/RFC7297, July 2014, 1570 . 1572 [RFC7679] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton, 1573 Ed., "A One-Way Delay Metric for IP Performance Metrics 1574 (IPPM)", STD 81, RFC 7679, DOI 10.17487/RFC7679, January 1575 2016, . 1577 [RFC7680] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton, 1578 Ed., "A One-Way Loss Metric for IP Performance Metrics 1579 (IPPM)", STD 82, RFC 7680, DOI 10.17487/RFC7680, January 1580 2016, . 1582 Authors' Addresses 1583 Qin Wu 1584 Huawei 1585 101 Software Avenue, Yuhua District 1586 Nanjing, Jiangsu 210012 1587 China 1589 Email: bill.wu@huawei.com 1591 Michael Wang 1592 Huawei Technologies,Co.,Ltd 1593 101 Software Avenue, Yuhua District 1594 Nanjing 210012 1595 China 1597 Email: wangzitao@huawei.com 1599 Mohamed Boucadair 1600 Orange 1601 Rennes 35000 1602 France 1604 Email: mohamed.boucadair@orange.com