idnits 2.17.1 draft-zhou-ippm-ioam-yang-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 259 has weird spacing: '...e-index pro...' == Line 262 has weird spacing: '...ynomial uin...' -- The document date (July 30, 2020) is 1365 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-10 == Outdated reference: A later version (-11) exists of draft-ietf-ippm-ioam-direct-export-00 == Outdated reference: A later version (-08) exists of draft-ietf-sfc-proof-of-transit-06 ** Downref: Normative reference to an Experimental draft: draft-ietf-sfc-proof-of-transit (ref. 'I-D.ietf-sfc-proof-of-transit') ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) == Outdated reference: A later version (-12) exists of draft-ietf-ippm-ioam-ipv6-options-02 == Outdated reference: A later version (-13) exists of draft-ietf-sfc-ioam-nsh-04 Summary: 3 errors (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPPM T. Zhou, Ed. 3 Internet-Draft Huawei 4 Intended status: Standards Track J. Guichard 5 Expires: January 31, 2021 Futurewei 6 F. Brockners 7 S. Raghavan 8 Cisco Systems 9 July 30, 2020 11 A YANG Data Model for In-Situ OAM 12 draft-zhou-ippm-ioam-yang-08 14 Abstract 16 In-situ Operations, Administration, and Maintenance (IOAM) records 17 operational and telemetry information in user packets while the 18 packets traverse a path between two points in the network. This 19 document defines a YANG module for the IOAM function. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on January 31, 2021. 38 Copyright Notice 40 Copyright (c) 2020 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. Conventions used in this document . . . . . . . . . . . . . . 2 57 2.1. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 58 3. Design of the IOAM YANG Data Model . . . . . . . . . . . . . 3 59 3.1. Profiles . . . . . . . . . . . . . . . . . . . . . . . . 3 60 3.2. Preallocated Tracing Profile . . . . . . . . . . . . . . 5 61 3.3. Incremental Tracing Profile . . . . . . . . . . . . . . . 5 62 3.4. Direct Export Profile . . . . . . . . . . . . . . . . . . 6 63 3.5. Proof of Transit Profile . . . . . . . . . . . . . . . . 6 64 3.6. Edge to Edge Profile . . . . . . . . . . . . . . . . . . 7 65 4. IOAM YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 66 5. Security Considerations . . . . . . . . . . . . . . . . . . . 21 67 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 68 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 69 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 70 8.1. Normative References . . . . . . . . . . . . . . . . . . 23 71 8.2. Informative References . . . . . . . . . . . . . . . . . 24 72 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 74 1. Introduction 76 In-situ Operations, Administration, and Maintenance (IOAM) 77 [I-D.ietf-ippm-ioam-data] records OAM information within user packets 78 while the packets traverse a network. The data types and data 79 formats for IOAM data records have been defined in 80 [I-D.ietf-ippm-ioam-data]. The IOAM data can be embedded in many 81 protocol encapsulations such as Network Services Header (NSH) and 82 IPv6. 84 This document defines a data model for IOAM capabilities using the 85 YANG data modeling language [RFC7950]. This YANG model supports all 86 the five IOAM options, which are Incremental Tracing Option, Pre- 87 allocated Tracing Option, Direct Export 88 Option[I-D.ietf-ippm-ioam-direct-export], Proof of Transit(PoT) 89 Option, and Edge-to-Edge Option. 91 2. Conventions used in this document 93 The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 94 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 95 "OPTIONAL" in this document are to be interpreted as described in 96 BCP14, [RFC2119], [RFC8174] when, and only when, they appear in all 97 capitals, as shown here. 99 The following terms are defined in [RFC7950] and are used in this 100 specification: 102 o augment 104 o data model 106 o data node 108 The terminology for describing YANG data models is found in 109 [RFC7950]. 111 2.1. Tree Diagrams 113 Tree diagrams used in this document follow the notation defined in 114 [RFC8340]. 116 3. Design of the IOAM YANG Data Model 118 3.1. Profiles 120 The IOAM model is organized as list of profiles as shown in the 121 following figure. Each profile associates with one flow and the 122 corresponding IOAM information. 124 module: ietf-ioam 125 +--rw ioam 126 +--rw ioam-profiles 127 +--rw admin-config 128 | +--rw enabled? boolean 129 +--rw ioam-profile* [profile-name] 130 +--rw profile-name string 131 +--rw filter 132 | +--rw filter-type? ioam-filter-type 133 | +--rw acl-name? -> /acl:acls/acl/name 134 +--rw protocol-type? ioam-protocol-type 135 +--rw incremental-tracing-profile {incremental-trace}? 136 | ... 137 +--rw preallocated-tracing-profile {preallocated-trace}? 138 | ... 139 +--rw direct-export-profile {direct-export}? 140 | ... 141 +--rw pot-profile {proof-of-transit}? 142 | ... 143 +--rw e2e-profile {edge-to-edge}? 144 ... 146 The "enabled" is an administrative configuration. When it is set to 147 true, IOAM configuration is enabled for the system. Meanwhile, the 148 IOAM data-plane functionality is enabled. 150 The "filter" is used to identify a flow, where the IOAM profile can 151 apply. There may be multiple filter types. ACL [RFC8519] is the 152 default one. 154 The IOAM data can be encapsulated into multiple protocols, e.g., IPv6 155 [I-D.ietf-ippm-ioam-ipv6-options] and NSH [I-D.ietf-sfc-ioam-nsh]. 156 The "protocol-type" is used to indicate where the IOAM is applied. 157 For example, if the "protocol-type" is IPv6, the IOAM ingress node 158 will encapsulate the associated flow with the IPv6-IOAM 159 [I-D.ietf-ippm-ioam-ipv6-options] format. 161 IOAM data includes five encapsulation types, i.e., incremental 162 tracing data, preallocated tracing data, direct export data, prove of 163 transit data and end to end data. In practice, multiple IOAM data 164 types can be encapsulated into the same IOAM header. The "ioam- 165 profile" contains a set of sub-profiles, each of which relates to one 166 encapsulation type. The configured object may not support all the 167 sub-profiles. The supported sub-profiles are indicated by 5 defined 168 features, i.e., "incremental-trace", "preallocated-trace", "direct 169 export", "proof-of-transit", "edge-to-edge". 171 3.2. Preallocated Tracing Profile 173 The IOAM tracing data is expected to be collected at every node that 174 a packet traverses to ensure visibility into the entire path a packet 175 takes within an IOAM domain. The preallocated tracing option will 176 create pre-allocated space for each node to populate its information 177 . The "preallocated-tracing-profile" contains the detailed 178 information for the preallocated tracing data. The information 179 includes: 181 o enabled: indicates whether the preallocated tracing profile is 182 enabled. 184 o node-action: indicates the operation (e.g., encapsulate IOAM 185 header, transit the IOAM data, or decapsulate IOAM header) applied 186 to the dedicated flow. 188 o use-namespace: indicate the namespace used for the trace types. 190 o trace-type: indicates the per-hop data to be captured by the IOAM 191 enabled nodes and included in the node data list. 193 o Loopback mode is used to send a copy of a packet back towards the 194 source. 196 o Active mode indicates that a packet is used for active 197 measurement. 199 +--rw preallocated-tracing-profile {preallocated-trace}? 200 +--rw enabled? boolean 201 +--rw node-action? ioam-node-action 202 +--rw trace-types 203 | +--rw use-namespace? ioam-namespace 204 | +--rw trace-type* ioam-trace-type 205 +--rw enable-loopback-mode? boolean 206 +--rw enable-active-mode? boolean 208 3.3. Incremental Tracing Profile 210 The incremental tracing option contains a variable node data fields 211 where each node allocates and pushes its node data immediately 212 following the option header. The "incremental-tracing-profile" 213 contains the detailed information for the incremental tracing data. 214 The detailed information is the same as the Preallocated Tracing 215 Profile, but with one more variable, "max-length", which restricts 216 the length of the IOAM header. 218 +--rw incremental-tracing-profile {incremental-trace}? 219 +--rw enabled? boolean 220 +--rw node-action? ioam-node-action 221 +--rw trace-types 222 | +--rw use-namespace? ioam-namespace 223 | +--rw trace-type* ioam-trace-type 224 +--rw enable-loopback-mode? boolean 225 +--rw enable-active-mode? boolean 226 +--rw max-length? uint32 228 3.4. Direct Export Profile 230 The direct export option is used as a trigger for IOAM nodes to 231 export IOAM data to a receiving entity (or entities). The "direct- 232 export-profile" contains the detailed information for the direct 233 export data. The detailed information is the same as the 234 Preallocated Tracing Profile, but with one more optional variable, 235 "flow-id", which is used to correlate the exported data of the same 236 flow from multiple nodes and from multiple packets. 238 +--rw direct-export-profile {direct-export}? 239 +--rw enabled? boolean 240 +--rw node-action? ioam-node-action 241 +--rw trace-types 242 | +--rw use-namespace? ioam-namespace 243 | +--rw trace-type* ioam-trace-type 244 +--rw enable-loopback-mode? boolean 245 +--rw enable-active-mode? boolean 246 +--rw flow-id? uint32 248 3.5. Proof of Transit Profile 250 The IOAM Proof of Transit data is to support the path or service 251 function chain verification use cases. The "pot-profile" contains 252 the detailed information for the prove of transit data. The detailed 253 information are described in [I-D.ietf-sfc-proof-of-transit]. 255 +--rw pot-profile {proof-of-transit}? 256 +--rw enabled? boolean 257 +--rw active-profile-index? pot:profile-index-range 258 +--rw pot-profile-list* [pot-profile-index] 259 +--rw pot-profile-index profile-index-range 260 +--rw prime-number uint64 261 +--rw secret-share uint64 262 +--rw public-polynomial uint64 263 +--rw lpc uint64 264 +--rw validator? boolean 265 +--rw validator-key? uint64 266 +--rw bitmask? uint64 267 +--rw opot-masks 268 +--rw downstream-mask* uint64 269 +--rw upstream-mask* uint64 271 3.6. Edge to Edge Profile 273 The IOAM edge to edge option is to carry data that is added by the 274 IOAM encapsulating node and interpreted by IOAM decapsulating node. 275 The "e2e-profile" contains the detailed information for the edge to 276 edge data. The detailed information includes: 278 o enabled: indicates whether the edge to edge profile is enabled. 280 o node-action is the same semantic as in Section 2.2. 282 o use-namespace: indicate the namespace used for the edge to edge 283 types. 285 o e2e-type indicates data to be carried from the ingress IOAM node 286 to the egress IOAM node. 288 +--rw e2e-profile {edge-to-edge}? 289 +--rw enabled? boolean 290 +--rw node-action? ioam-node-action 291 +--rw e2e-types 292 +--rw use-namespace? ioam-namespace 293 +--rw e2e-type* ioam-e2e-type 295 4. IOAM YANG Module 297 file "ietf-ioam@2020-07-13.yang" 298 module ietf-ioam { 299 yang-version 1.1; 300 namespace "urn:ietf:params:xml:ns:yang:ietf-ioam"; 301 prefix "ioam"; 302 import ietf-pot-profile { 303 prefix "pot"; 304 reference "draft-ietf-sfc-proof-of-transit"; 305 } 307 import ietf-access-control-list { 308 prefix "acl"; 309 reference 310 "RFC 8519: YANG Data Model for Network Access Control 311 Lists (ACLs)"; 312 } 314 organization 315 "IETF IPPM (IP Performance Metrics) Working Group"; 317 contact 318 "WG Web: 319 WG List: 320 Editor: zhoutianran@huawei.com 321 Editor: james.n.guichard@futurewei.com 322 Editor: fbrockne@cisco.com 323 Editor: srihari@cisco.com"; 325 description 326 "This YANG module specifies a vendor-independent data 327 model for the In Situ OAM (IOAM). 329 Copyright (c) 2020 IETF Trust and the persons identified as 330 authors of the code. All rights reserved. 332 Redistribution and use in source and binary forms, with or 333 without modification, is permitted pursuant to, and subject 334 to the license terms contained in, the Simplified BSD License 335 set forth in Section 4.c of the IETF Trust's Legal Provisions 336 Relating to IETF Documents 337 (http://trustee.ietf.org/license-info). 339 This version of this YANG module is part of RFC XXXX; see the 340 RFC itself for full legal notices."; 342 revision 2020-07-13 { 343 description "Initial revision."; 344 reference "draft-zhou-ippm-ioam-yang"; 345 } 347 /* 348 * FEATURES 349 */ 350 feature incremental-trace 351 { 352 description 353 "This feature indicated that the incremental tracing option is 354 supported"; 355 reference "draft-ietf-ippm-ioam-data"; 356 } 358 feature preallocated-trace 359 { 360 description 361 "This feature indicated that the preallocated tracing option is 362 supported"; 363 reference "draft-ietf-ippm-ioam-data"; 364 } 366 feature direct-export 367 { 368 description 369 "This feature indicated that the direct export option is 370 supported"; 371 reference "ietf-ippm-ioam-direct-export"; 372 } 374 feature proof-of-transit 375 { 376 description 377 "This feature indicated that the proof of transit option is 378 supported"; 379 reference "draft-ietf-ippm-ioam-data"; 380 } 382 feature edge-to-edge 383 { 384 description 385 "This feature indicated that the edge to edge option is 386 supported"; 387 reference "draft-ietf-ippm-ioam-data"; 388 } 390 /* 391 * IDENTITIES 392 */ 393 identity base-filter { 394 description 395 "Base identity to represent a filter. A filter is used to 396 specify the flow to apply the IOAM profile. "; 397 } 398 identity acl-filter { 399 base base-filter; 400 description 401 "Apply ACL rules to specify the flow."; 402 } 404 identity base-protocol { 405 description 406 "Base identity to represent the carrier protocol. It's used to 407 indicate what layer and protocol the IOAM data is embedded."; 408 } 410 identity ipv6-protocol { 411 base base-protocol; 412 description 413 "The described IOAM data is embedded in IPv6 protocol."; 414 reference "ietf-ippm-ioam-ipv6-options"; 415 } 417 identity nsh-protocol { 418 base base-protocol; 419 description 420 "The described IOAM data is embedded in NSH."; 421 reference "ietf-sfc-ioam-nsh"; 422 } 424 identity base-node-action { 425 description 426 "Base identity to represent the node actions. It's used to 427 indicate what action the node will take."; 428 } 430 identity action-encapsulate { 431 base base-node-action; 432 description 433 "indicate the node is to encapsulate the IOAM packet"; 434 } 436 identity action-transit { 437 base base-node-action; 438 description 439 "indicate the node is to transit the IOAM packet"; 440 } 442 identity action-decapsulate { 443 base base-node-action; 444 description 445 "indicate the node is to decapsulate the IOAM packet"; 447 } 449 identity base-trace-type { 450 description 451 "Base identity to represent trace types"; 452 } 454 identity trace-hop-lim-node-id { 455 base base-trace-type; 456 description 457 "indicates presence of Hop_Lim and node_id in the 458 node data."; 459 } 461 identity trace-if-id { 462 base base-trace-type; 463 description 464 "indicates presence of ingress_if_id and egress_if_id in the 465 node data."; 466 } 468 identity trace-timestamp-seconds { 469 base base-trace-type; 470 description 471 "indicates presence of time stamp seconds in the node data."; 472 } 474 identity trace-timestamp-nanoseconds { 475 base base-trace-type; 476 description 477 "indicates presence of time stamp nanoseconds in the node data."; 478 } 480 identity trace-transit-delay { 481 base base-trace-type; 482 description 483 "indicates presence of transit delay in the node data."; 484 } 486 identity trace-namespace-data { 487 base base-trace-type; 488 description 489 "indicates presence of namespace specific data (short format) 490 in the node data."; 491 } 493 identity trace-queue-depth { 494 base base-trace-type; 495 description 496 "indicates presence of queue depth in the node data."; 497 } 499 identity trace-opaque-state-snapshot { 500 base base-trace-type; 501 description 502 "indicates presence of variable length Opaque State Snapshot 503 field."; 504 } 506 identity trace-hop-lim-node-id-wide { 507 base base-trace-type; 508 description 509 "indicates presence of Hop_Lim and node_id wide in the 510 node data."; 511 } 513 identity trace-if-id-wide { 514 base base-trace-type; 515 description 516 "indicates presence of ingress_if_id and egress_if_id wide in 517 the node data."; 518 } 520 identity trace-namespace-data-wide { 521 base base-trace-type; 522 description 523 "indicates presence of namespace specific data in wide format 524 in the node data."; 525 } 527 identity trace-buffer-occupancy { 528 base base-trace-type; 529 description 530 "indicates presence of buffer occupancy in the node data."; 531 } 533 identity trace-checksum-complement { 534 base base-trace-type; 535 description 536 "indicates presence of the Checksum Complement node data."; 537 } 539 identity base-pot-type { 540 description 541 "Base identity to represent Proof of Transit(PoT) types"; 542 } 543 identity pot-bytes-16 { 544 base base-pot-type; 545 description 546 "POT data is a 16 Octet field."; 547 } 549 identity base-e2e-type { 550 description 551 "Base identity to represent e2e types"; 552 } 554 identity e2e-seq-num-64 { 555 base base-e2e-type; 556 description 557 "indicates presence of a 64-bit sequence number"; 558 } 560 identity e2e-seq-num-32 { 561 base base-e2e-type; 562 description 563 "indicates presence of a 32-bit sequence number"; 564 } 566 identity e2e-timestamp-seconds { 567 base base-e2e-type; 568 description 569 "indicates presence of timestamp seconds for the 570 transmission of the frame"; 571 } 573 identity e2e-timestamp-subseconds { 574 base base-e2e-type; 575 description 576 "indicates presence of timestamp subseconds for the 577 transmission of the frame"; 578 } 580 identity base-namespace { 581 description 582 "Base identity to represent the namespace"; 583 } 585 identity namespace-ietf { 586 base base-namespace; 587 description 588 "namespace that specified in IETF."; 589 } 591 /* 592 * TYPE DEFINITIONS 593 */ 595 typedef ioam-filter-type { 596 type identityref { 597 base base-filter; 598 } 599 description 600 "Specifies a known type of filter."; 601 } 603 typedef ioam-protocol-type { 604 type identityref { 605 base base-protocol; 606 } 607 description 608 "Specifies a known type of carrier protocol for the IOAM data."; 609 } 611 typedef ioam-node-action { 612 type identityref { 613 base base-node-action; 614 } 615 description 616 "Specifies a known type of node action."; 617 } 619 typedef ioam-trace-type { 620 type identityref { 621 base base-trace-type; 622 } 623 description 624 "Specifies a known trace type."; 625 } 627 typedef ioam-pot-type { 628 type identityref { 629 base base-pot-type; 630 } 631 description 632 "Specifies a known pot type."; 633 } 635 typedef ioam-e2e-type { 636 type identityref { 637 base base-e2e-type; 638 } 639 description 640 "Specifies a known e2e type."; 641 } 643 typedef ioam-namespace { 644 type identityref { 645 base base-namespace; 646 } 647 description 648 "Specifies the supported namespace."; 649 } 651 /* 652 * GROUP DEFINITIONS 653 */ 655 grouping ioam-filter { 656 description "A grouping for IOAM filter definition"; 658 leaf filter-type { 659 type ioam-filter-type; 660 description "filter type"; 661 } 663 leaf acl-name { 664 when "../filter-type = 'ioam:acl-filter'"; 665 type leafref { 666 path "/acl:acls/acl:acl/acl:name"; 667 } 668 description "Access Control List name."; 669 } 670 } 672 grouping encap-tracing { 673 description 674 "A grouping for the generic configuration for 675 tracing profile."; 677 container trace-types { 678 description 679 "the list of trace types for encapsulate"; 681 leaf use-namespace { 682 type ioam-namespace; 683 description 684 "the namespace used for the encapsulation"; 685 } 686 leaf-list trace-type { 687 type ioam-trace-type; 688 description 689 "The trace type is only defined at the encapsulation node."; 690 } 691 } 693 leaf enable-loopback-mode { 694 type boolean; 695 default false; 696 description 697 "Loopback mode is used to send a copy of a packet back towards 698 the source. The loopback mode is only defined at the 699 encapsulation node."; 700 } 702 leaf enable-active-mode { 703 type boolean; 704 default false; 705 description 706 "Active mode indicates that a packet is used for active 707 measurement. An IOAM decapsulating node that receives a 708 packet with the Active flag set in one of its Trace options 709 must terminate the packet."; 710 } 711 } 713 grouping ioam-incremental-tracing-profile { 714 description 715 "A grouping for incremental tracing profile."; 717 leaf node-action { 718 type ioam-node-action; 719 description "node action"; 720 } 722 uses encap-tracing { 723 when "node-action = 'ioam:action-encapsulate'"; 724 } 726 leaf max-length { 727 when "../node-action = 'ioam:action-encapsulate'"; 728 type uint32; 729 description 730 "This field specifies the maximum length of the node data list 731 in octets. The max-length is only defined at the 732 encapsulation node. And it's only used for the incremental 733 tracing mode."; 735 } 736 } 738 grouping ioam-preallocated-tracing-profile { 739 description 740 "A grouping for incremental tracing profile."; 742 leaf node-action { 743 type ioam-node-action; 744 description "node action"; 745 } 747 uses encap-tracing { 748 when "node-action = 'ioam:action-encapsulate'"; 749 } 750 } 752 grouping ioam-direct-export-profile { 753 description 754 "A grouping for direct export profile."; 756 leaf node-action { 757 type ioam-node-action; 758 description "node action"; 759 } 761 uses encap-tracing { 762 when "node-action = 'ioam:action-encapsulate'"; 763 } 765 leaf flow-id { 766 when "../node-action = 'ioam:action-encapsulate'"; 767 type uint32; 768 description 769 "flow-id is used to correlate the exported data of the same 770 flow from multiple nodes and from multiple packets."; 771 } 772 } 774 grouping ioam-e2e-profile { 775 description 776 "A grouping for end to end profile."; 778 leaf node-action { 779 type ioam-node-action; 780 description 781 "indicate how the node act for this profile"; 783 } 785 container e2e-types { 786 when "../node-action = 'ioam:action-encapsulate'"; 787 description 788 "the list of e2e types for encapsulate"; 790 leaf use-namespace { 791 type ioam-namespace; 792 description 793 "the namespace used for the encapsulation"; 794 } 796 leaf-list e2e-type { 797 type ioam-e2e-type; 798 description 799 "The e2e type is only defined at the encapsulation node."; 800 } 801 } 802 } 804 grouping ioam-admin-config { 805 description 806 "IOAM top-level administrative configuration."; 808 leaf enabled { 809 type boolean; 810 default false; 811 description 812 "When true, IOAM configuration is enabled for the system. 813 Meanwhile, the IOAM data-plane functionality is enabled."; 814 } 815 } 817 /* 818 * DATA NODES 819 */ 821 container ioam { 822 description "IOAM top level container"; 824 container ioam-profiles { 825 description 826 "Contains a list of IOAM profiles."; 828 container admin-config { 829 description 830 "Contains all the administrative configurations related to 831 the IOAM functionalities and all the IOAM profiles."; 833 uses ioam-admin-config; 834 } 836 list ioam-profile { 837 key "profile-name"; 838 ordered-by user; 839 description 840 "A list of IOAM profiles that configured on the node."; 842 leaf profile-name { 843 type string; 844 mandatory true; 845 description 846 "Unique identifier for each IOAM profile"; 847 } 849 container filter { 850 uses ioam-filter; 851 description 852 "The filter which is used to indicate the flow to apply 853 IOAM."; 854 } 856 leaf protocol-type { 857 type ioam-protocol-type; 858 description 859 "This item is used to indicate the carrier protocol where 860 the IOAM is applied."; 861 } 863 container incremental-tracing-profile { 864 if-feature incremental-trace; 865 description 866 "describe the profile for incremental tracing option"; 868 leaf enabled { 869 type boolean; 870 default false; 871 description 872 "When true, apply incremental tracing option to the 873 specified flow identified by the filter."; 874 } 876 uses ioam-incremental-tracing-profile; 877 } 878 container preallocated-tracing-profile { 879 if-feature preallocated-trace; 880 description 881 "describe the profile for preallocated tracing option"; 883 leaf enabled { 884 type boolean; 885 default false; 886 description 887 "When true, apply preallocated tracing option to the 888 specified flow identified by the following filter."; 889 } 891 uses ioam-preallocated-tracing-profile; 892 } 894 container direct-export-profile { 895 if-feature direct-export; 896 description 897 "describe the profile for direct-export option"; 899 leaf enabled { 900 type boolean; 901 default false; 902 description 903 "When true, apply direct-export option to the 904 specified flow identified by the following filter."; 905 } 907 uses ioam-direct-export-profile; 908 } 910 container pot-profile { 911 if-feature proof-of-transit; 912 description 913 "describe the profile for PoT option"; 915 leaf enabled { 916 type boolean; 917 default false; 918 description 919 "When true, apply Proof of Transit option to the 920 specified flow identified by the following filter."; 921 } 923 leaf active-profile-index { 924 type pot:profile-index-range; 925 description 926 "Proof of transit profile index that is currently 927 active. Will be set in the first hop of the path 928 or chain. Other nodes will not use this field."; 929 } 931 uses pot:pot-profile; 932 } 934 container e2e-profile { 935 if-feature edge-to-edge; 936 description 937 "describe the profile for e2e option"; 939 leaf enabled { 940 type boolean; 941 default false; 942 description 943 "When true, apply End to end option to the 944 specified flow identified by the following filter."; 945 } 947 uses ioam-e2e-profile; 948 } 949 } 950 } 951 } 952 } 953 955 5. Security Considerations 957 The YANG module specified in this document defines a schema for data 958 that is designed to be accessed via network management protocols such 959 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 960 is the secure transport layer, and the mandatory-to-implement secure 961 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 962 is HTTPS, and the mandatory-to-implement secure transport is TLS 963 [RFC5246]. 965 The NETCONF access control model [RFC6536] provides the means to 966 restrict access for particular NETCONF or RESTCONF users to a 967 preconfigured subset of all available NETCONF or RESTCONF protocol 968 operations and content. 970 There are a number of data nodes defined in this YANG module that are 971 writable/creatable/deletable (i.e., config true, which is the 972 default). These data nodes may be considered sensitive or vulnerable 973 in some network environments. Write operations (e.g., edit-config) 974 to these data nodes without proper protection can have a negative 975 effect on network operations. These are the subtrees and data nodes 976 and their sensitivity/vulnerability: 978 o /ioam/ioam-profiles/admin-config 980 The items in the container above include the top level administrative 981 configurations related to the IOAM functionalities and all the IOAM 982 profiles. Unexpected changes to these items could lead to the IOAM 983 function disruption and/ or misbehavior of all the IOAM profiles. 985 o /ioam/ioam-profiles/ioam-profile 987 The entries in the list above include the whole IOAM profile 988 configurations which indirectly create or modify the device 989 configurations. Unexpected changes to these entries could lead to 990 the mistake of the IOAM behavior for the corresponding flows. 992 6. IANA Considerations 994 RFC Ed.: In this section, replace all occurrences of 'XXXX' with the 995 actual RFC number (and remove this note). 997 IANA is requested to assign a new URI from the IETF XML Registry 998 [RFC3688]. The following URI is suggested: 1000 URI: urn:ietf:params:xml:ns:yang:ietf-ioam 1001 Registrant Contact: The IESG. 1002 XML: N/A; the requested URI is an XML namespace. 1004 This document also requests a new YANG module name in the YANG Module 1005 Names registry [RFC7950] with the following suggestion: 1007 name: ietf-ioam 1008 namespace: urn:ietf:params:xml:ns:yang:ietf-ioam 1009 prefix: ioam 1010 reference: RFC XXXX 1012 7. Acknowledgements 1014 For their valuable comments, discussions, and feedback, we wish to 1015 acknowledge Greg Mirsky, Reshad Rahman and Tom Petch. 1017 8. References 1018 8.1. Normative References 1020 [I-D.ietf-ippm-ioam-data] 1021 Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields 1022 for In-situ OAM", draft-ietf-ippm-ioam-data-10 (work in 1023 progress), July 2020. 1025 [I-D.ietf-ippm-ioam-direct-export] 1026 Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F., 1027 Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ 1028 OAM Direct Exporting", draft-ietf-ippm-ioam-direct- 1029 export-00 (work in progress), February 2020. 1031 [I-D.ietf-sfc-proof-of-transit] 1032 Brockners, F., Bhandari, S., Mizrahi, T., Dara, S., and S. 1033 Youell, "Proof of Transit", draft-ietf-sfc-proof-of- 1034 transit-06 (work in progress), June 2020. 1036 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1037 Requirement Levels", BCP 14, RFC 2119, 1038 DOI 10.17487/RFC2119, March 1997, 1039 . 1041 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1042 DOI 10.17487/RFC3688, January 2004, 1043 . 1045 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1046 (TLS) Protocol Version 1.2", RFC 5246, 1047 DOI 10.17487/RFC5246, August 2008, 1048 . 1050 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1051 and A. Bierman, Ed., "Network Configuration Protocol 1052 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1053 . 1055 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1056 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1057 . 1059 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1060 Protocol (NETCONF) Access Control Model", RFC 6536, 1061 DOI 10.17487/RFC6536, March 2012, 1062 . 1064 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1065 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1066 . 1068 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1069 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1070 . 1072 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1073 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1074 May 2017, . 1076 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1077 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1078 . 1080 [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 1081 "YANG Data Model for Network Access Control Lists (ACLs)", 1082 RFC 8519, DOI 10.17487/RFC8519, March 2019, 1083 . 1085 8.2. Informative References 1087 [I-D.ietf-ippm-ioam-ipv6-options] 1088 Bhandari, S., Brockners, F., Pignataro, C., Gredler, H., 1089 Leddy, J., Youell, S., Mizrahi, T., Kfir, A., Gafni, B., 1090 Lapukhov, P., Spiegel, M., Krishnan, S., and R. Asati, 1091 "In-situ OAM IPv6 Options", draft-ietf-ippm-ioam- 1092 ipv6-options-02 (work in progress), July 2020. 1094 [I-D.ietf-sfc-ioam-nsh] 1095 Brockners, F. and S. Bhandari, "Network Service Header 1096 (NSH) Encapsulation for In-situ OAM (IOAM) Data", draft- 1097 ietf-sfc-ioam-nsh-04 (work in progress), June 2020. 1099 Authors' Addresses 1101 Tianran Zhou 1102 Huawei 1103 156 Beiqing Rd. 1104 Beijing 100095 1105 China 1107 Email: zhoutianran@huawei.com 1108 Jim Guichard 1109 Futurewei 1110 United States of America 1112 Email: james.n.guichard@futurewei.com 1114 Frank Brockners 1115 Cisco Systems 1116 Hansaallee 249, 3rd Floor 1117 Duesseldorf, Nordrhein-Westfalen 40549 1118 Germany 1120 Email: fbrockne@cisco.com 1122 Srihari Raghavan 1123 Cisco Systems 1124 Tril Infopark Sez, Ramanujan IT City 1125 Neville Block, 2nd floor, Old Mahabalipuram Road 1126 Chennai, Tamil Nadu 600113 1127 India 1129 Email: srihari@cisco.com