idnits 2.17.1 draft-zhou-ippm-ioam-yang-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 259 has weird spacing: '...e-index pro...' == Line 262 has weird spacing: '...ynomial uin...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (March 03, 2020) is 1487 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-08 == Outdated reference: A later version (-11) exists of draft-ietf-ippm-ioam-direct-export-00 == Outdated reference: A later version (-12) exists of draft-ietf-ippm-ioam-ipv6-options-00 == Outdated reference: A later version (-16) exists of draft-ietf-nvo3-geneve-15 == Outdated reference: A later version (-13) exists of draft-ietf-nvo3-vxlan-gpe-09 Summary: 2 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPPM T. Zhou, Ed. 3 Internet-Draft Huawei 4 Intended status: Standards Track J. Guichard 5 Expires: September 4, 2020 Futurewei 6 F. Brockners 7 S. Raghavan 8 Cisco Systems 9 March 03, 2020 11 A YANG Data Model for In-Situ OAM 12 draft-zhou-ippm-ioam-yang-06 14 Abstract 16 In-situ Operations, Administration, and Maintenance (IOAM) records 17 operational and telemetry information in user packets while the 18 packets traverse a path between two points in the network. This 19 document defines a YANG module for the IOAM function. 21 Requirements Language 23 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 24 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 25 document are to be interpreted as described in RFC 2119 [RFC2119]. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on September 4, 2020. 44 Copyright Notice 46 Copyright (c) 2020 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (https://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 1.1. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Design of the IOAM YANG Data Model . . . . . . . . . . . . . 3 64 2.1. Profiles . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2.2. Preallocated Tracing Profile . . . . . . . . . . . . . . 5 66 2.3. Incremental Tracing Profile . . . . . . . . . . . . . . . 5 67 2.4. Direct Export Profile . . . . . . . . . . . . . . . . . . 6 68 2.5. Proof of Transit Profile . . . . . . . . . . . . . . . . 6 69 2.6. Edge to Edge Profile . . . . . . . . . . . . . . . . . . 7 70 3. IOAM YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 71 4. Security Considerations . . . . . . . . . . . . . . . . . . . 20 72 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 73 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 74 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 75 7.1. Normative References . . . . . . . . . . . . . . . . . . 22 76 7.2. Informative References . . . . . . . . . . . . . . . . . 23 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 79 1. Introduction 81 In-situ Operations, Administration, and Maintenance (IOAM) 82 [I-D.ietf-ippm-ioam-data] records OAM information within user packets 83 while the packets traverse a network. The data types and data 84 formats for IOAM data records have been defined in 85 [I-D.ietf-ippm-ioam-data]. The IOAM data can be embedded in many 86 protocol encapsulations such as Network Services Header, Segment 87 Routing, and IPv6. 89 This document defines a data model for IOAM capabilities using the 90 YANG data modeling language [RFC7950]. This YANG model supports all 91 the five IOAM options, which are Incremental Tracing Option, Pre- 92 allocated Tracing Option, Direct Export 93 Option[I-D.ietf-ippm-ioam-direct-export], Proof of Transit Option, 94 and Edge-to-Edge Option. 96 1.1. Tree Diagrams 98 The meaning of the symbols in these diagrams is as follows: 100 o Brackets "[" and "]" enclose list keys. 102 o Curly braces "{" and "}" contain names of optional features that 103 make the corresponding node conditional. 105 o Abbreviations before data node names: "rw" means configuration 106 (read-write), "ro" state data (read-only). 108 o Symbols after data node names: "?" means an optional node, "!" a 109 container with presence, and "*" denotes a "list" or "leaf-list". 111 o Parentheses enclose choice and case nodes, and case nodes are also 112 marked with a colon (":"). 114 o Ellipsis ("...") stands for contents of subtrees that are not 115 shown. 117 2. Design of the IOAM YANG Data Model 119 2.1. Profiles 121 The IOAM model is organized as list of profiles as shown in the 122 following figure. Each profile associates with one flow and the 123 corresponding IOAM information. 125 module: ietf-ioam 126 +--rw ioam 127 +--rw ioam-profiles 128 +--rw admin-config 129 | +--rw enabled? boolean 130 +--rw ioam-profile* [profile-name] 131 +--rw profile-name string 132 +--rw filter 133 | +--rw filter-type? ioam-filter-type 134 | +--rw acl-name? -> /acl:acls/acl/name 135 +--rw protocol-type? ioam-protocol-type 136 +--rw incremental-tracing-profile {incremental-trace}? 137 | ... 138 +--rw preallocated-tracing-profile {preallocated-trace}? 139 | ... 140 +--rw direct-export-profile {direct-export}? 141 | ... 142 +--rw pot-profile {proof-of-transit}? 143 | ... 144 +--rw e2e-profile {edge-to-edge}? 145 ... 147 The "enabled" is an administrative configuration. When it is set to 148 true, IOAM configuration is enabled for the system. Meanwhile, the 149 IOAM data-plane functionality is enabled. 151 The "filter" is used to identify a flow, where the IOAM profile can 152 apply. There may be multiple filter types. ACL is the default one. 154 The IOAM data can be encapsulated into multiple protocols, e.g., IPv6 155 [RFC8200], Geneve [I-D.ietf-nvo3-geneve],VxLAN-GPE 156 [I-D.ietf-nvo3-vxlan-gpe]. The "protocol-type" is used to indicate 157 where the IOAM is applied. For example, if the "protocol-type" is 158 IPv6, the IOAM ingress node will encapsulate the associated flow with 159 the IPv6-IOAM [I-D.ietf-ippm-ioam-ipv6-options] format. 161 IOAM data includes five encapsulation types, i.e., incremental 162 tracing data, preallocated tracing data, derect export data, prove of 163 transit data and end to end data. In practice, multiple IOAM data 164 types can be encapsulated into the same IOAM header. The "ioam- 165 profile" contains a set of sub-profiles, each of which relates to one 166 encapsulation type. The configured object may not support all the 167 sub-profiles. The supported sub-profiles are indicated by 5 defined 168 features, i.e., "incremental-trace", "preallocated-trace", "direct 169 export", "proof-of-transit", "edge-to-edge". 171 2.2. Preallocated Tracing Profile 173 The IOAM tracing data is expected to be collected at every node that 174 a packet traverses to ensure visibility into the entire path a packet 175 takes within an IOAM domain. The preallocated tracing option will 176 create pre-allocated space for each node to populate its information 177 . The "preallocated-tracing-profile" contains the detailed 178 information for the preallocated tracing data. The information 179 includes: 181 o enabled: indicates whether the preallocated tracing profile is 182 enabled. 184 o node-action: indicates the operation (e.g., encapsulate IOAM 185 header, transit the IOAM data, or decapsulate IOAM header) applied 186 to the dedicated flow. 188 o use-namespace: indicate the namespace used for the trace types. 190 o trace-type: indicates the per-hop data to be captured by the IOAM 191 enabled nodes and included in the node data list. 193 o Loopback mode is used to send a copy of a packet back towards the 194 source. 196 o Active mode indicates that a packet is used for active 197 measurement. 199 +--rw preallocated-tracing-profile {preallocated-trace}? 200 +--rw enabled? boolean 201 +--rw node-action? ioam-node-action 202 +--rw trace-types 203 | +--rw use-namespace? ioam-namespace 204 | +--rw trace-type* ioam-trace-type 205 +--rw enable-loopback-mode? boolean 206 +--rw enable-active-mode? boolean 208 2.3. Incremental Tracing Profile 210 The incremental tracing option contains a variable node data fields 211 where each node allocates and pushes its node data immediately 212 following the option header. The "incremental-tracing-profile" 213 contains the detailed information for the incremental tracing data. 214 The detailed information is the same as the Preallocated Tracing 215 Profile, but with one more variable, "max-length", which restricts 216 the length of the IOAM header. 218 +--rw incremental-tracing-profile {incremental-trace}? 219 +--rw enabled? boolean 220 +--rw node-action? ioam-node-action 221 +--rw trace-types 222 | +--rw use-namespace? ioam-namespace 223 | +--rw trace-type* ioam-trace-type 224 +--rw enable-loopback-mode? boolean 225 +--rw enable-active-mode? boolean 226 +--rw max-length? uint32 228 2.4. Direct Export Profile 230 The direct export option is used as a trigger for IOAM nodes to 231 export IOAM data to a receiving entity (or entities). The "direct- 232 export-profile" contains the detailed information for the direct 233 export data. The detailed information is the same as the 234 Preallocated Tracing Profile, but with one more optional variable, 235 "flow-id", which is used to correlate the exported data of the same 236 flow from multiple nodes and from multiple packets. 238 +--rw direct-export-profile {direct-export}? 239 +--rw enabled? boolean 240 +--rw node-action? ioam-node-action 241 +--rw trace-types 242 | +--rw use-namespace? ioam-namespace 243 | +--rw trace-type* ioam-trace-type 244 +--rw enable-loopback-mode? boolean 245 +--rw enable-active-mode? boolean 246 +--rw flow-id? uint32 248 2.5. Proof of Transit Profile 250 The IOAM Proof of Transit data is to support the path or service 251 function chain verification use cases. The "pot-profile" contains 252 the detailed information for the prove of transit data. The detailed 253 information are described in [I-D.brockners-proof-of-transit]. 255 +--rw pot-profile {proof-of-transit}? 256 +--rw enabled? boolean 257 +--rw active-profile-index? pot:profile-index-range 258 +--rw pot-profile-list* [pot-profile-index] 259 +--rw pot-profile-index profile-index-range 260 +--rw prime-number uint64 261 +--rw secret-share uint64 262 +--rw public-polynomial uint64 263 +--rw lpc uint64 264 +--rw validator? boolean 265 +--rw validator-key? uint64 266 +--rw bitmask? uint64 268 2.6. Edge to Edge Profile 270 The IOAM edge to edge option is to carry data that is added by the 271 IOAM encapsulating node and interpreted by IOAM decapsulating node. 272 The "e2e-profile" contains the detailed information for the edge to 273 edge data. The detailed information includes: 275 o enabled: indicates whether the edge to edge profile is enabled. 277 o node-action is the same semantic as in Section 2.2. 279 o use-namespace: indicate the namespace used for the edge to edge 280 types. 282 o e2e-type indicates data to be carried from the ingress IOAM node 283 to the egress IOAM node. 285 +--rw e2e-profile {edge-to-edge}? 286 +--rw enabled? boolean 287 +--rw node-action? ioam-node-action 288 +--rw e2e-types 289 +--rw use-namespace? ioam-namespace 290 +--rw e2e-type* ioam-e2e-type 292 3. IOAM YANG Module 294 file "ietf-ioam@2020-03-03.yang" 295 module ietf-ioam { 296 yang-version 1.1; 297 namespace "urn:ietf:params:xml:ns:yang:ietf-ioam"; 298 prefix "ioam"; 299 import ietf-pot-profile { 300 prefix "pot"; 301 } 302 import ietf-access-control-list { 303 prefix "acl"; 304 } 306 organization 307 "IETF IPPM (IP Performance Metrics) Working Group"; 309 contact 310 "WG Web: 311 WG List: 312 Editor: zhoutianran@huawei.com"; 314 description 315 "This YANG module specifies a vendor-independent data 316 model for the In Situ OAM (IOAM)."; 318 revision 2020-03-03 { 319 description "Initial revision."; 320 reference "draft-zhou-ippm-ioam-yang"; 321 } 323 /* 324 * FEATURES 325 */ 327 feature incremental-trace 328 { 329 description 330 "This feature indicated that the incremental tracing option is 331 supported"; 332 } 334 feature preallocated-trace 335 { 336 description 337 "This feature indicated that the preallocated tracing option is 338 supported"; 339 } 341 feature direct-export 342 { 343 description 344 "This feature indicated that the direct export option is 345 supported"; 346 } 348 feature proof-of-transit 349 { 350 description 351 "This feature indicated that the proof of transit option is 352 supported"; 353 } 355 feature edge-to-edge 356 { 357 description 358 "This feature indicated that the edge to edge option is 359 supported"; 360 } 362 /* 363 * IDENTITIES 364 */ 365 identity base-filter { 366 description 367 "Base identity to represent a filter. A filter is used to 368 specify the flow to apply the IOAM profile. "; 369 } 371 identity acl-filter { 372 base base-filter; 373 description 374 "Apply ACL rule to specify the flow."; 375 } 377 identity base-protocol { 378 description 379 "Base identity to represent the carrier protocol. It's used to 380 indicate what layer and protocol the IOAM data is embedded."; 381 } 383 identity ipv6-protocol { 384 base base-protocol; 385 description 386 "The described IOAM data is embedded in ipv6 protocol."; 387 } 389 identity base-node-action { 390 description 391 "Base identity to represent the node actions. It's used to 392 indicate what action the node will take."; 393 } 395 identity encapsulate { 396 base base-node-action; 397 description 398 "indicate the node is to encapsulate the IOAM packet"; 399 } 401 identity transit { 402 base base-node-action; 403 description 404 "indicate the node is to transit the IOAM packet"; 405 } 407 identity decapsulate { 408 base base-node-action; 409 description 410 "indicate the node is to decapsulate the IOAM packet"; 411 } 413 identity base-trace-type { 414 description 415 "Base identity to represent trace types"; 416 } 418 identity trace-hop-lim-node-id { 419 base base-trace-type; 420 description 421 "indicates presence of Hop_Lim and node_id in the 422 node data."; 423 } 425 identity trace-if-id { 426 base base-trace-type; 427 description 428 "indicates presence of ingress_if_id and egress_if_id in the 429 node data."; 430 } 432 identity trace-timestamp-seconds { 433 base base-trace-type; 434 description 435 "indicates presence of time stamp seconds in the node data."; 436 } 438 identity trace-timestamp-nanoseconds { 439 base base-trace-type; 440 description 441 "indicates presence of time stamp nanoseconds in the node data."; 442 } 444 identity trace-transit-delay { 445 base base-trace-type; 446 description 447 "indicates presence of transit delay in the node data."; 448 } 450 identity trace-namespace-data { 451 base base-trace-type; 452 description 453 "indicates presence of namespace specific data (short format) 454 in the node data."; 455 } 457 identity trace-queue-depth { 458 base base-trace-type; 459 description 460 "indicates presence of queue depth in the node data."; 461 } 463 identity trace-opaque-state-snapshot { 464 base base-trace-type; 465 description 466 "indicates presence of variable length Opaque State Snapshot 467 field."; 468 } 470 identity trace-hop-lim-node-id-wide { 471 base base-trace-type; 472 description 473 "indicates presence of Hop_Lim and node_id wide in the 474 node data."; 475 } 477 identity trace-if-id-wide { 478 base base-trace-type; 479 description 480 "indicates presence of ingress_if_id and egress_if_id wide in 481 the node data."; 482 } 484 identity trace-namespace-data-wide { 485 base base-trace-type; 486 description 487 "indicates presence of namespace specific data in wide format 488 in the node data."; 489 } 491 identity trace-buffer-occupancy { 492 base base-trace-type; 493 description 494 "indicates presence of buffer occupancy in the node data."; 495 } 497 identity trace-checksum-complement { 498 base base-trace-type; 499 description 500 "indicates presence of the Checksum Complement node data."; 501 } 503 identity base-pot-type { 504 description 505 "Base identity to represent pot types"; 506 } 508 identity pot-bytes-16 { 509 base base-pot-type; 510 description 511 "POT data is a 16 Octet field."; 512 } 514 identity base-e2e-type { 515 description 516 "Base identity to represent e2e types"; 517 } 519 identity e2e-seq-num-64 { 520 base base-e2e-type; 521 description 522 "indicates presence of a 64-bit sequence number"; 523 } 525 identity e2e-seq-num-32 { 526 base base-e2e-type; 527 description 528 "indicates presence of a 32-bit sequence number"; 529 } 531 identity e2e-timestamp-seconds { 532 base base-e2e-type; 533 description 534 "indicates presence of timestamp seconds for the 535 transmission of the frame"; 536 } 538 identity e2e-timestamp-subseconds { 539 base base-e2e-type; 540 description 541 "indicates presence of timestamp subseconds for the 542 transmission of the frame"; 543 } 545 identity base-namespace { 546 description 547 "Base identity to represent the namespace"; 548 } 550 identity namespace-ietf { 551 base base-namespace; 552 description 553 "namespace that specified in IETF."; 554 } 556 /* 557 * TYPE DEFINITIONS 558 */ 560 typedef ioam-filter-type { 561 type identityref { 562 base base-filter; 563 } 564 description 565 "Specifies a known type of filter."; 566 } 568 typedef ioam-protocol-type { 569 type identityref { 570 base base-protocol; 571 } 572 description 573 "Specifies a known type of carrier protocol for the IOAM data."; 574 } 576 typedef ioam-node-action { 577 type identityref { 578 base base-node-action; 579 } 580 description 581 "Specifies a known type of node action."; 582 } 584 typedef ioam-trace-type { 585 type identityref { 586 base base-trace-type; 587 } 588 description 589 "Specifies a known trace type."; 591 } 593 typedef ioam-pot-type { 594 type identityref { 595 base base-pot-type; 596 } 597 description 598 "Specifies a known pot type."; 599 } 601 typedef ioam-e2e-type { 602 type identityref { 603 base base-e2e-type; 604 } 605 description 606 "Specifies a known e2e type."; 607 } 609 typedef ioam-namespace { 610 type identityref { 611 base base-namespace; 612 } 613 description 614 "Specifies the supported namespace."; 615 } 617 /* 618 * GROUP DEFINITIONS 619 */ 621 grouping ioam-filter { 622 description "A grouping for IOAM filter definition"; 624 leaf filter-type { 625 type ioam-filter-type; 626 description "filter type"; 627 } 629 leaf acl-name { 630 when "../filter-type = 'acl:acl-filter'"; 631 type leafref { 632 path "/acl:acls/acl:acl/acl:name"; 633 } 634 description "Access Control List name."; 635 } 636 } 638 grouping encap-tracing { 639 description 640 "A grouping for the generic configuration for 641 tracing profile."; 643 container trace-types { 644 description 645 "the list of trace types for encapsulate"; 647 leaf use-namespace { 648 type ioam-namespace; 649 description 650 "the namespace used for the encapsulation"; 651 } 653 leaf-list trace-type { 654 type ioam-trace-type; 655 description 656 "The trace type is only defined at the encapsulation node."; 657 } 658 } 660 leaf enable-loopback-mode { 661 type boolean; 662 default false; 663 description 664 "Loopback mode is used to send a copy of a packet back towards 665 the source. The loopback mode is only defined at the 666 encapsulation node."; 667 } 669 leaf enable-active-mode { 670 type boolean; 671 default false; 672 description 673 "Active mode indicates that a packet is used for active 674 measurement. An IOAM decapsulating node that receives a 675 packet with the Active flag set in one of its Trace options 676 must terminate the packet."; 677 } 678 } 680 grouping ioam-incremental-tracing-profile { 681 description 682 "A grouping for incremental tracing profile."; 684 leaf node-action { 685 type ioam-node-action; 686 description "node action"; 688 } 690 uses encap-tracing { 691 when "../node-action = 'ioam:encapsulate'"; 692 } 694 leaf max-length { 695 when "../node-action = 'ioam:encapsulate'"; 696 type uint32; 697 description 698 "This field specifies the maximum length of the node data list 699 in octets. The max-length is only defined at the 700 encapsulation node. And it's only used for the incremental 701 tracing mode."; 702 } 703 } 705 grouping ioam-preallocated-tracing-profile { 706 description 707 "A grouping for incremental tracing profile."; 709 leaf node-action { 710 type ioam-node-action; 711 description "node action"; 712 } 714 uses encap-tracing { 715 when "../node-action = 'ioam:encapsulate'"; 716 } 717 } 719 grouping ioam-direct-export-profile { 720 description 721 "A grouping for direct export profile."; 723 leaf node-action { 724 type ioam-node-action; 725 description "node action"; 726 } 728 uses encap-tracing { 729 when "../node-action = 'ioam:encapsulate'"; 730 } 732 leaf flow-id { 733 when "../node-action = 'ioam:encapsulate'"; 734 type uint32; 735 description 736 "flow-id is used to correlate the exported data of the same 737 flow from multiple nodes and from multiple packets."; 738 } 739 } 741 grouping ioam-e2e-profile { 742 description 743 "A grouping for tracing profile."; 745 leaf node-action { 746 type ioam-node-action; 747 description 748 "indicate how the node act for this profile"; 749 } 751 container e2e-types { 752 when "../node-action = 'ioam:encapsulate'"; 753 description 754 "the list of e2e types for encapsulate"; 756 leaf use-namespace { 757 type ioam-namespace; 758 description 759 "the namespace used for the encapsulation"; 760 } 762 leaf-list e2e-type { 763 type ioam-e2e-type; 764 description 765 "The e2e type is only defined at the encapsulation node."; 766 } 767 } 768 } 770 grouping ioam-admin-config { 771 description 772 "IOAM top-level administrative configuration."; 774 leaf enabled { 775 type boolean; 776 default false; 777 description 778 "When true, IOAM configuration is enabled for the system. 779 Meanwhile, the IOAM data-plane functionality is enabled."; 780 } 781 } 783 /* 784 * DATA NODES 785 */ 787 container ioam { 788 description "IOAM top level container"; 790 container ioam-profiles { 791 description 792 "Contains a list of IOAM profiles."; 794 container admin-config { 795 description 796 "Contains all the administrative configurations related to 797 the IOAM functionalities and all the IOAM profiles."; 799 uses ioam-admin-config; 800 } 802 list ioam-profile { 803 key "profile-name"; 804 ordered-by user; 805 description 806 "A list of IOAM profiles that configured on the node."; 808 leaf profile-name { 809 type string; 810 mandatory true; 811 description 812 "Unique identifier for each IOAM profile"; 813 } 815 container filter { 816 uses ioam-filter; 817 description 818 "The filter which is used to indicate the flow to apply 819 IOAM."; 820 } 822 leaf protocol-type { 823 type ioam-protocol-type; 824 description 825 "This item is used to indicate the carrier protocol where 826 the IOAM is applied."; 827 } 829 container incremental-tracing-profile { 830 if-feature incremental-trace; 831 description 832 "describe the profile for incremental tracing option"; 834 leaf enabled { 835 type boolean; 836 default false; 837 description 838 "When true, apply incremental tracing option to the 839 specified flow identified by the filter."; 840 } 842 uses ioam-incremental-tracing-profile; 843 } 845 container preallocated-tracing-profile { 846 if-feature preallocated-trace; 847 description 848 "describe the profile for preallocated tracing option"; 850 leaf enabled { 851 type boolean; 852 default false; 853 description 854 "When true, apply preallocated tracing option to the 855 specified flow identified by the following filter."; 856 } 858 uses ioam-preallocated-tracing-profile; 859 } 861 container direct-export-profile { 862 if-feature direct-export; 863 description 864 "describe the profile for direct-export option"; 866 leaf enabled { 867 type boolean; 868 default false; 869 description 870 "When true, apply direct-export option to the 871 specified flow identified by the following filter."; 872 } 874 uses ioam-direct-export-profile; 875 } 877 container pot-profile { 878 if-feature proof-of-transit; 879 description 880 "describe the profile for pot option"; 882 leaf enabled { 883 type boolean; 884 default false; 885 description 886 "When true, apply Proof of Transit option to the 887 specified flow identified by the following filter."; 888 } 890 leaf active-profile-index { 891 type pot:profile-index-range; 892 description 893 "Proof of transit profile index that is currently 894 active. Will be set in the first hop of the path 895 or chain. Other nodes will not use this field."; 896 } 898 uses pot:pot-profile; 899 } 901 container e2e-profile { 902 if-feature edge-to-edge; 903 description 904 "describe the profile for e2e option"; 906 leaf enabled { 907 type boolean; 908 default false; 909 description 910 "When true, apply End to end option to the 911 specified flow identified by the following filter."; 912 } 914 uses ioam-e2e-profile; 915 } 916 } 917 } 918 } 919 } 920 922 4. Security Considerations 924 The YANG module specified in this document defines a schema for data 925 that is designed to be accessed via network management protocols such 926 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 927 is the secure transport layer, and the mandatory-to-implement secure 928 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 929 is HTTPS, and the mandatory-to-implement secure transport is TLS 930 [RFC5246]. 932 The NETCONF access control model [RFC6536] provides the means to 933 restrict access for particular NETCONF or RESTCONF users to a 934 preconfigured subset of all available NETCONF or RESTCONF protocol 935 operations and content. 937 There are a number of data nodes defined in this YANG module that are 938 writable/creatable/deletable (i.e., config true, which is the 939 default). These data nodes may be considered sensitive or vulnerable 940 in some network environments. Write operations (e.g., edit-config) 941 to these data nodes without proper protection can have a negative 942 effect on network operations. These are the subtrees and data nodes 943 and their sensitivity/vulnerability: 945 o /ioam/ioam-profiles/admin-config 947 The items in the container above include the top level administrative 948 configurations related to the IOAM functionalities and all the IOAM 949 profiles. Unexpected changes to these items could lead to the IOAM 950 function disruption and/ or misbehavior of all the IOAM profiles. 952 o /ioam/ioam-profiles/ioam-profile 954 The entries in the list above include the whole IOAM profile 955 configurations which indirectly create or modify the device 956 configurations. Unexpected changes to these entries could lead to 957 the mistake of the IOAM behavior for the corresponding flows. 959 5. IANA Considerations 961 RFC Ed.: In this section, replace all occurrences of 'XXXX' with the 962 actual RFC number (and remove this note). 964 IANA is requested to assign a new URI from the IETF XML Registry 965 [RFC3688]. The following URI is suggested: 967 URI: urn:ietf:params:xml:ns:yang:ietf-ioam 968 Registrant Contact: The IESG. 969 XML: N/A; the requested URI is an XML namespace. 971 This document also requests a new YANG module name in the YANG Module 972 Names registry [RFC7950] with the following suggestion: 974 name: ietf-ioam 975 namespace: urn:ietf:params:xml:ns:yang:ietf-ioam 976 prefix: ioam 977 reference: RFC XXXX 979 6. Acknowledgements 981 For their valuable comments, discussions, and feedback, we wish to 982 acknowledge Greg Mirsky and Reshad Rahman. 984 7. References 986 7.1. Normative References 988 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 989 Requirement Levels", BCP 14, RFC 2119, 990 DOI 10.17487/RFC2119, March 1997, 991 . 993 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 994 DOI 10.17487/RFC3688, January 2004, 995 . 997 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 998 (TLS) Protocol Version 1.2", RFC 5246, 999 DOI 10.17487/RFC5246, August 2008, 1000 . 1002 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1003 and A. Bierman, Ed., "Network Configuration Protocol 1004 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1005 . 1007 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1008 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1009 . 1011 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1012 Protocol (NETCONF) Access Control Model", RFC 6536, 1013 DOI 10.17487/RFC6536, March 2012, 1014 . 1016 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1017 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1018 . 1020 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1021 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1022 . 1024 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1025 (IPv6) Specification", STD 86, RFC 8200, 1026 DOI 10.17487/RFC8200, July 2017, 1027 . 1029 7.2. Informative References 1031 [I-D.brockners-proof-of-transit] 1032 Brockners, F., Bhandari, S., Dara, S., Pignataro, C., 1033 Leddy, J., Youell, S., Mozes, D., and T. Mizrahi, "Proof 1034 of Transit", draft-brockners-proof-of-transit-05 (work in 1035 progress), May 2018. 1037 [I-D.ietf-ippm-ioam-data] 1038 Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., 1039 Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, 1040 P., remy@barefootnetworks.com, r., daniel.bernier@bell.ca, 1041 d., and J. Lemon, "Data Fields for In-situ OAM", draft- 1042 ietf-ippm-ioam-data-08 (work in progress), October 2019. 1044 [I-D.ietf-ippm-ioam-direct-export] 1045 Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F., 1046 Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ 1047 OAM Direct Exporting", draft-ietf-ippm-ioam-direct- 1048 export-00 (work in progress), February 2020. 1050 [I-D.ietf-ippm-ioam-ipv6-options] 1051 Bhandari, S., Brockners, F., Pignataro, C., Gredler, H., 1052 Leddy, J., Youell, S., Mizrahi, T., Kfir, A., Gafni, B., 1053 Lapukhov, P., Spiegel, M., Krishnan, S., and R. Asati, 1054 "In-situ OAM IPv6 Options", draft-ietf-ippm-ioam- 1055 ipv6-options-00 (work in progress), September 2019. 1057 [I-D.ietf-nvo3-geneve] 1058 Gross, J., Ganga, I., and T. Sridhar, "Geneve: Generic 1059 Network Virtualization Encapsulation", draft-ietf- 1060 nvo3-geneve-15 (work in progress), February 2020. 1062 [I-D.ietf-nvo3-vxlan-gpe] 1063 Maino, F., Kreeger, L., and U. Elzur, "Generic Protocol 1064 Extension for VXLAN", draft-ietf-nvo3-vxlan-gpe-09 (work 1065 in progress), December 2019. 1067 Authors' Addresses 1069 Tianran Zhou 1070 Huawei 1071 156 Beiqing Rd. 1072 Beijing 100095 1073 China 1075 Email: zhoutianran@huawei.com 1077 Jim Guichard 1078 Futurewei 1079 United States of America 1081 Email: james.n.guichard@futurewei.com 1083 Frank Brockners 1084 Cisco Systems 1085 Hansaallee 249, 3rd Floor 1086 Duesseldorf, Nordrhein-Westfalen 40549 1087 Germany 1089 Email: fbrockne@cisco.com 1091 Srihari Raghavan 1092 Cisco Systems 1093 Tril Infopark Sez, Ramanujan IT City 1094 Neville Block, 2nd floor, Old Mahabalipuram Road 1095 Chennai, Tamil Nadu 600113 1096 India 1098 Email: srihari@cisco.com