rfc9375.original   rfc9375.txt 
OPSAWG Working Group B. Wu, Ed. Internet Engineering Task Force (IETF) B. Wu, Ed.
Internet-Draft Q. Wu, Ed. Request for Comments: 9375 Q. Wu, Ed.
Intended status: Standards Track Huawei Category: Standards Track Huawei
Expires: 15 May 2023 M. Boucadair, Ed. ISSN: 2070-1721 M. Boucadair, Ed.
Orange Orange
O. Gonzalez de Dios O. Gonzalez de Dios
Telefonica Telefonica
B. Wen B. Wen
Comcast Comcast
11 November 2022 April 2023
A YANG Model for Network and VPN Service Performance Monitoring A YANG Data Model for Network and VPN Service Performance Monitoring
draft-ietf-opsawg-yang-vpn-service-pm-15
Abstract Abstract
The data model for network topologies defined in RFC 8345 introduces The data model for network topologies defined in RFC 8345 introduces
vertical layering relationships between networks that can be vertical layering relationships between networks that can be
augmented to cover network and service topologies. This document augmented to cover network and service topologies. This document
defines a YANG module for performance monitoring (PM) of both defines a YANG module for performance monitoring (PM) of both
underlay networks and overlay VPN services that can be used to underlay networks and overlay VPN services that can be used to
monitor and manage network performance on the topology of both monitor and manage network performance on the topology of both
layers. layers.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 15 May 2023. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9375.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology
2.1. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Acronyms
3. Network and VPN Service Performance Monitoring Model Usage . 4 3. Network and VPN Service Performance Monitoring Model Usage
3.1. Collecting Data via Pub/Sub Mechanism . . . . . . . . . . 6 3.1. Collecting Data via the Pub/Sub Mechanism
3.2. Collecting Data On Demand . . . . . . . . . . . . . . . . 6 3.2. Collecting Data On Demand
4. Description of The Data Model . . . . . . . . . . . . . . . . 6 4. Description of the YANG Data Model
4.1. Layering Relationship between Multiple Layers of 4.1. Layering Relationship between Multiple Layers of Topology
Topology . . . . . . . . . . . . . . . . . . . . . . . . 7 4.2. Network-Level Performance Monitoring Augmentation
4.2. Network Level Performance Monitoring Augmentation . . . . 9 4.3. Node-Level Performance Monitoring Augmentation
4.3. Node Level Performance Monitoring Augmentation . . . . . 10 4.4. Performance Monitoring Augmentation at Link and Termination
4.4. Link and Termination Point Level Performance Monitoring Point Level
Augmentation . . . . . . . . . . . . . . . . . . . . . . 11 5. Network and VPN Service Performance Monitoring YANG Module
5. Network and VPN Service Performance Monitoring YANG Module . 16 6. Security Considerations
6. Security Considerations . . . . . . . . . . . . . . . . . . . 32 7. IANA Considerations
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 8. References
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 8.1. Normative References
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 34 8.2. Informative References
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 Appendix A. Illustrative Examples
10.1. Normative References . . . . . . . . . . . . . . . . . . 35 A.1. Example of VPN Performance Subscription
10.2. Informative References . . . . . . . . . . . . . . . . . 37 A.2. Example of VPN Performance Snapshot
Appendix A. Illustrative Examples . . . . . . . . . . . . . . . 39 A.3. Example of Percentile Monitoring
A.1. VPN Performance Subscription Example . . . . . . . . . . 39 Acknowledgements
A.2. Example of VPN Performance Snapshot . . . . . . . . . . . 40 Contributors
A.3. Example of Percentile Monitoring . . . . . . . . . . . . 42 Authors' Addresses
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 43
1. Introduction 1. Introduction
[RFC8969] describes a framework for automating service and network [RFC8969] describes a framework for automating service and network
management with YANG [RFC7950] models. It defines that the management with YANG [RFC7950] data models. It states that the
performance measurement telemetry model should be tied to the performance measurement telemetry model should be tied to the
services (such as a Layer 3 VPN or Layer 2 VPN) or to the network services (such as a Layer 3 VPN or Layer 2 VPN) or to the network
models to monitor the overall network performance and the Service models to monitor the overall network performance and the Service
Level Agreements (SLAs). Level Agreements (SLAs).
The performance of VPN services is associated with the performance The performance of VPN services is associated with the performance
changes of the underlay networks that carries VPN services. For changes of the underlay networks that carry VPN services. For
example, link delay between Provider Edge (PE) and Provider (P) example, link delay between Provider Edge (PE) and Provider (P)
devices and packet loss status on Layer 2 and Layer 3 interfaces devices and packet loss status on Layer 2 and Layer 3 interfaces
connecting PEs and Customer Edge (CE) devices directly impact VPN connecting PEs and Customer Edge (CE) devices directly impact VPN
service performance. Additionally, the integration of Layer 2/Layer service performance. Additionally, the integration of Layer 2 /
3 VPN performance and network performance data enables the Layer 3 VPN performance and network performance data enables the
orchestrator to monitor consistently. Therefore, this document orchestrator to monitor consistently. Therefore, this document
defines a YANG module for both network and VPN service performance defines a YANG module for both network and VPN service performance
monitoring (PM). The module can be used to monitor and manage monitoring (PM). The module can be used to monitor and manage
network performance on the topology level or the service topology network performance on the topology level or the service topology
between VPN sites. between VPN sites.
The base model presented here can be extended to include technology- The base model specified in Section 5 can be extended to include
specific details, e.g., adding Explicit Congestion Notification (ECN) technology-specific details, e.g., adding Explicit Congestion
statistics for Layer 3 networks or VPN services to support Notification (ECN) statistics for Layer 3 networks or VPN services to
performance-sensitive applications. support performance-sensitive applications.
This document does not introduce new metrics for network performance This document does not introduce new metrics for network performance
or mechanisms for measuring network performance, but uses the or mechanisms for measuring network performance, but it uses the
existing mechanisms and statistics to monitor the performance of the existing mechanisms and statistics to monitor the performance of the
network and the services. network and the services.
The YANG module defined in this document is designed as an The YANG module defined in this document is designed as an
augmentation to the network topology YANG model defined in [RFC8345] augmentation to the network topology YANG data model defined in
and draws on relevant YANG types defined in [RFC6991], [RFC8345], [RFC8345] and draws on relevant YANG types defined in [RFC6991],
[RFC8532], and [RFC9181]. [RFC8345], [RFC8532], and [RFC9181].
Appendix A provides a set of examples to illustrate the use of the Appendix A provides a set of examples to illustrate the use of the
module. module.
2. Terminology 2. Terminology
The following terms are defined in [RFC7950] and are used in this The following terms are defined in [RFC7950] and are used in this
specification: specification:
* augment * augment
skipping to change at page 4, line 9 skipping to change at line 143
The terminology for describing YANG data models is found in The terminology for describing YANG data models is found in
[RFC7950]. [RFC7950].
The tree diagrams used in this document follow the notation defined The tree diagrams used in this document follow the notation defined
in [RFC8340]. in [RFC8340].
2.1. Acronyms 2.1. Acronyms
The following acronyms are used in the document: The following acronyms are used in the document:
CE Customer Edge, as defined in [RFC4026] CE Customer Edge, as defined in [RFC4026]
L2VPN Layer 2 Virtual Private Network, as defined in [RFC4026]
L3VPN Layer 3 Virtual Private Network, as defined in [RFC4026] L2VPN Layer 2 Virtual Private Network, as defined in [RFC4026]
L2NM L2VPN Network Model
L3NM L3VPN Network Model L3VPN Layer 3 Virtual Private Network, as defined in [RFC4026]
MPLS Multiprotocol Label Switching
OAM Operations, Administration, and Maintenance L2NM L2VPN Network Model
OSPF Open Shortest Path First
OWAMP One-Way Active Measurement Protocol, as defined in [RFC4656] L3NM L3VPN Network Model
P Provider Router, as defined in [RFC4026]
PE Provider Edge, as defined in [RFC4026] MPLS Multiprotocol Label Switching
PM Performance Monitoring
SLA Service Level Agreement OAM Operations, Administration, and Maintenance
TP Termination Point, as defined in [RFC8345] section 4.2
TWAMP Two-Way Active Measurement Protocol, as defined in [RFC5357] OSPF Open Shortest Path First
VPLS Virtual Private LAN Service, as defined in [RFC4026]
VPN Virtual Private Network OWAMP One-Way Active Measurement Protocol, as defined in
[RFC4656]
P Provider router, as defined in [RFC4026]
PE Provider Edge, as defined in [RFC4026]
PM Performance Monitoring
SLA Service Level Agreement
TP Termination Point, as defined in [RFC8345], Section 4.2
TWAMP Two-Way Active Measurement Protocol, as defined in
[RFC5357]
VPLS Virtual Private LAN Service, as defined in [RFC4026]
VPN Virtual Private Network
3. Network and VPN Service Performance Monitoring Model Usage 3. Network and VPN Service Performance Monitoring Model Usage
Models are key for automating network management operations Models are key for automating network management operations
(Section 3 of [RFC8969]). Particularly, together with service and (Section 3 of [RFC8969]). Particularly, together with service and
network models, performance measurement telemetry models are needed network models, performance measurement telemetry models are needed
to monitor network performance to meet specific service requirements to monitor network performance to meet specific service requirements
(typically captured in an SLA). (typically captured in an SLA).
+---------------+ +---------------+
| Customer | | Customer |
+-------+-------+ +-------+-------+
| |
Customer Service Models | Customer Service Models |
| |
+-------+---------+ +-------+---------+
| Service | | Service |
| Orchestration | | Orchestrator |
+------+-+--------+ +------+-+--------+
| | | |
Network Service Models | | Network and VPN Service PM Models Network Service Models | | Network and VPN Service PM Models
| | | |
+------+-+--------+ +------+-+--------+
| Network | | Network |
| Controller | | Controller |
+-------+---------+ +-------+---------+
| |
+-----------------------+------------------------+ +-----------------------+------------------------+
Network Network
Figure 1: An Example Architecture with a Service Orchestrator Figure 1: An Example Architecture with a Service Orchestrator
The network and VPN service performance monitoring (PM) model can be The network and VPN service PM model can be used to expose
used to expose operational performance information to the layer operational performance information to the layer above, e.g., to an
above, e.g., to an orchestrator or other BSS/OSS client application, orchestrator or other Business Support System (BSS) / Operational
via standard network management APIs. Figure 1 shows an example Support System (OSS) client application, via standard network
usage in a layered model architecture described in [RFC8309]. management APIs. Figure 1 shows an example usage in a layered model
architecture as described in [RFC8309].
Before using the model, the controller needs to establish topology Before using the model, the controller needs to establish topology
visibility of the network and VPN. For example, the controller can visibility of the network and VPN. For example, the controller can
use network information from [RFC8345], [I-D.ietf-opsawg-sap] or VPN use network information from [RFC8345] and [YANG-SAP] or VPN
information from the L3VPN Network Model (L3NM) [RFC9182] and the information from the L3VPN Network Model (L3NM) [RFC9182] and the
L2VPN Network Model (L2NM) [RFC9291]. Then the controller derives L2VPN Network Model (L2NM) [RFC9291]. Then the controller derives
network or VPN level performance data by aggregating (and filtering) network or VPN performance data by aggregating (and filtering) lower-
lower-level data collected via monitoring counters of the devices level data collected via monitoring counters of the devices involved.
involved.
The network or VPN performance data can be based on different The network or VPN performance data can be based on different
sources. For example, the performance monitoring data per link in sources. For example, the performance monitoring data per link in
the underlying networks can be collected using a network performance the underlying networks can be collected using a network performance
measurement method such as One-Way Active Measurement Protocol measurement method such as the One-Way Active Measurement Protocol
(OWAMP) [RFC4656], Two-Way Active Measurement Protocol (TWAMP) (OWAMP) [RFC4656], Two-Way Active Measurement Protocol (TWAMP)
[RFC5357], Simple Two-way Active Measurement Protocol (STAMP) [RFC5357], Simple Two-way Active Measurement Protocol (STAMP)
[RFC8762], Multiprotocol Label Switching (MPLS) Loss and Delay [RFC8762], Multiprotocol Label Switching (MPLS) Loss and Delay
Measurement [RFC6374] or In Situ OAM (IOAM) [RFC9197]. The Measurement [RFC6374], or In situ OAM (IOAM) [RFC9197]. The
performance monitoring information reflecting the quality of the performance monitoring information reflecting the quality of the
network or VPN service (e.g., network performance data between source network or VPN service (e.g., network performance data between source
node and destination node in the networks or between VPN sites) can node and destination node in the networks or between VPN sites) can
be computed and aggregated, for example, using the information from be computed and aggregated, for example, using the information from
the Traffic Engineering Database (TED), [RFC7471] [RFC8570] the Traffic Engineering Database (TED) [RFC7471] [RFC8570] [RFC8571]
[RFC8571], or LMAP (Large-Scale Measurement Platform) [RFC8194]. or Large-Scale Measurement Platform (LMAP) [RFC8194].
The measurement and report intervals that are associated with these The measurement and report intervals that are associated with these
performance data usually depend on the configuration of the specific performance data usually depend on the configuration of the specific
measurement method or collection method or various combinations. measurement method or collection method or various combinations.
This document defines network-wide measurement intervals to align This document defines network-wide measurement intervals to align
measurement requirements for networks or VPN services. measurement requirements for networks or VPN services.
3.1. Collecting Data via Pub/Sub Mechanism 3.1. Collecting Data via the Pub/Sub Mechanism
Some applications, such as service-assurance applications, which must Some applications, such as service-assurance applications, which must
maintain a continuous view of operational data and state, can use the maintain a continuous view of operational data and state, can use the
subscription model specified in [RFC8641] to subscribe to the subscription model specified in [RFC8641] to subscribe to the
specific network performance data or VPN service performance data specific network performance data or VPN service performance data
they are interested in, at the data source. For example, networks or they are interested in, at the data source. For example, network or
VPN topologies updates may be obtained through on-change VPN topology updates may be obtained through on-change notifications
notifications [RFC8641]. For dynamic PM data, e.g. VRF routes or [RFC8641]. For dynamic PM data (e.g., VPN Routing and Forwarding
MAC entries, link metrics, and interface metrics, various (VRF) routes or Media Access Control (MAC) entries, link metrics, and
notifications can be specified to obtain more complete data. A interface metrics), various notifications can be specified to obtain
periodic notification [RFC8641] can be specified to obtain real-time more complete data. A periodic notification [RFC8641] can be
performance data. For devices/controllers that maintain historical specified to obtain real-time performance data. For devices/
performance data for a period of time, a replay notification controllers that maintain historical performance data for a period of
[RFC5277] or [RFC8639] can be used to obtain the historical data. time, a replay notification (see [RFC5277] or [RFC8639]) can be used
And alarm notifications [RFC8632] can be specified to get alarms for to obtain the historical data. And alarm notifications [RFC8632] can
the metrics which exceed or fall below the performance threshold. be specified to get alarms for the metrics that exceed or fall below
the performance threshold.
The data source can, then, use the network and VPN service The data source can then use the network and VPN service performance
performance monitoring model defined in this document and the YANG monitoring model defined in this document and the YANG-Push data
Push model [RFC8641] to distribute specific telemetry data to target model [RFC8641] to distribute specific telemetry data to target
recipients. recipients.
3.2. Collecting Data On Demand 3.2. Collecting Data On Demand
To obtain a snapshot of performance data from a network topology or a To obtain a snapshot of performance data from a network topology or a
VPN service topology, service-assurance applications may retrieve VPN service topology, service-assurance applications may retrieve
information using the network and VPN service PM model through a information using the network and VPN service PM model through a
NETCONF [RFC6241] or a RESTCONF [RFC8040] interface. For example, a Network Configuration Protocol (NETCONF) [RFC6241] or a RESTCONF
specified "link-id" of a VPN can be used as a filter in a RESTCONF [RFC8040] interface. For example, a specified "link-id" of a VPN can
GET request to retrieve per-link VPN PM data. be used as a filter in a RESTCONF GET request to retrieve per-link
VPN PM data.
4. Description of The Data Model 4. Description of the YANG Data Model
This document defines the YANG module, "ietf-network-vpn-pm", which This document defines the "ietf-network-vpn-pm" YANG module, which is
is an augmentation to the "ietf-network" and "ietf-network-topology" an augmentation to the "ietf-network" and "ietf-network-topology"
modules. YANG modules.
4.1. Layering Relationship between Multiple Layers of Topology 4.1. Layering Relationship between Multiple Layers of Topology
[RFC8345] defines a YANG data model for network/service topologies [RFC8345] defines a YANG data model for network/service topologies
and inventories. The service topology described in [RFC8345] and inventories. The service topology described in [RFC8345]
includes the abstract topology for a service layer above Layer 1 includes the abstract topology for a service layer above Layer 1
(L1), Layer 2 (L2), and Layer 3 (L3) underlay topologies. This (L1), Layer 2 (L2), and Layer 3 (L3) underlay topologies. This
service topology has the generic topology elements of node, link, and service topology has the generic topology elements of node, link, and
terminating point. One typical example of a service topology is termination point. One typical example of a service topology is
described in Figure 3 of [RFC8345]: two VPN service topologies described in Figure 3 of [RFC8345]: two VPN service topologies
instantiated over a common L3 topology. Each VPN service topology is instantiated over a common L3 topology. Each VPN service topology is
mapped onto a subset of nodes from the L3 topology. mapped onto a subset of nodes from the L3 topology.
Figure 2 illustrates an example of a topology hierarchy that maps Figure 2 illustrates an example of a topology hierarchy that maps
between the VPN service topology and an underlying Layer 3 network between the VPN service topology and an underlying Layer 3 network
topology: topology.
VPN 1 VPN 2 VPN 1 VPN 2
+------------------------+ +------------------------+ +------------------------+ +------------------------+
/ / / / / / / /
/ S1C_[VN3].......... / / / / S1C_[VN3].......... / / /
/ \ : / / S2A_[VN1]____[VN3]_S2B / / \ : / / S2A_[VN1]____[VN3]_S2B /
/ \ : / / * * / / \ : / / * * /
/ \ :............ * .... * / / \ :............ * .... * /
/ S1B_[VN2]____[VN1]_S1A / / * : * / / S1B_[VN2]____[VN1]_S1A / / * : * /
+---------:-------:------+ +-------*------:-----*---+ +---------:-------:------+ +-------*------:-----*---+
skipping to change at page 7, line 46 skipping to change at line 327
Site-2A /: / \ / / * / Site-2A /: / \ / / * /
/ : [N5] / * / / : [N5] / * /
/ : / __/ \__ / * / / : / __/ \__ / * /
/ : / ___/ \__ / * / / : / ___/ \__ / * /
Site-1B / : / ___/ \ /* / Site-2B Site-1B / : / ___/ \ /* / Site-2B
[CE2]__/________[N4]__________________[N3]________/____[CE4] [CE2]__/________[N4]__________________[N3]________/____[CE4]
/ / / /
+------------------------------------------+ +------------------------------------------+
L3 Topology L3 Topology
Legend: Legend:
N:Node VN:VPN-Node S:Site CE:Customer Edge N: Node
__ Link within a network layer VN: VPN Node
: Mapping between VPN 1 service topology and L3 topology S: Site
* Mapping between VPN 2 service topology and L3 topology CE: Customer Edge
Figure 2: Example of Topology Mapping Between VPN Service __ Link within a network layer
Topology and Underlying Network : Mapping between VPN 1 service topology and L3 topology
* Mapping between VPN 2 service topology and L3 topology
Figure 2: Example of Topology Mapping between VPN Service
Topology and an Underlying Network
As shown in Figure 2, two VPN services topologies are built on top of As shown in Figure 2, two VPN services topologies are built on top of
one underlying Layer 3 network: one underlying Layer 3 network:
VPN 1: This service topology supports hub-spoke communications for VPN 1: This service topology supports Hub-and-Spoke communications
'customer 1' connecting the customer's access at three sites: for "customer 1", connecting the customer's access at three sites:
'Site-1A', 'Site-1B', and 'Site-1C'. These sites are connected to Site-1A, Site-1B, and Site-1C. These sites are connected to nodes
nodes that are mapped to node 1 (N1), node 2 (N2), and node 4 (N4) that are mapped to node 1 (N1), node 2 (N2), and node 4 (N4) in
in the underlying Layer 3 network. 'Site-1A' plays the role of the underlying Layer 3 network. Site-1A plays the role of Hub
hub while 'Site-1B' and 'Site-1C' are configured as spoke. while Site-1B and Site-1C are configured as Spokes.
VPN 2: This service topology supports any-to-any communications for VPN 2: This service topology supports any-to-any communications for
'customer 2' connecting the customer's access at two sites: 'Site- "customer 2", connecting the customer's access at two sites: Site-
2A' and 'Site-2B'. These sites are connected to nodes that are 2A and Site-2B. These sites are connected to nodes that are
mapped to nodes 1 (N1) and node 3 (N3) in the underlying Layer 3 mapped to node 1 (N1) and node 3 (N3) in the underlying Layer 3
network. 'Site-2A' and 'Site-2B' have 'any-to-any' role. network. Site-2A and Site-2B have an "any-to-any" role.
Based on the association between the VPN service topologies and the Based on the association between VPN service topologies and
underlying network topologies, the VPN Network PM YANG module extends underlying network topologies, the Network and VPN Service PM YANG
the performance status of the underlay networks and VPN services. module extends the performance status of the underlay networks and
For example, the module can provide link PM statistics and port VPN services. For example, the module can provide link PM statistics
statistics of an underlay network, e.g. Layer 1, Layer 2, Layer 3, and port statistics of an underlay network, e.g., Layer 1, Layer 2,
OSPF networks. And it can also provide VPN PM statistics, which can Layer 3, and OSPF networks. It can also provide VPN PM statistics,
be further split into PM for the VPN tunnel and PM at the VPN PE which can be further split into PM for the VPN tunnel and PM at the
access node, as illustrated in the following diagram. VPN PE access node, as illustrated in the following diagram.
+-----------------------------------------------------+ +-----------------------------------------------------+
| | | |
| VPN2 Link | | VPN2 Link |
| |<-------------------->| | | |<-------------------->| |
| | | | | | | |
| VPN2+---+---+ +---+---+VPN2 | | VPN2+---+---+ +---+---+VPN2 |
| TP1| VN1 | Tunnel PM | VN3 |TP2 | | TP1| VN1 | Tunnel PM | VN3 |TP2 |
| ---+ PE A |==============| PE B +---- | | ---+ PE A |==============| PE B +---- |
|vpn-access+-------+ +-------+ vpn-access| |vpn-access+-------+ +-------+ vpn-access|
skipping to change at page 9, line 27 skipping to change at line 386
| | | |
+-----------------------------------------------------+ +-----------------------------------------------------+
| | | |
| | | |
+----+ | TP+-----+ Link +---+ Link +-----+TP | +----+ +----+ | TP+-----+ Link +---+ Link +-----+TP | +----+
| CE4+-+----------+ N1 +-------+-N2+-------+ N3 +----------+-+CE5 | | CE4+-+----------+ N1 +-------+-N2+-------+ N3 +----------+-+CE5 |
+----+ | 1-1+-----+1-2 2-1+---+2-2 3-1+-----+3-2 | +----+ +----+ | 1-1+-----+1-2 2-1+---+2-2 3-1+-----+3-2 | +----+
| | | |
| | | |
+-----------------------------------------------------+ +-----------------------------------------------------+
Legend: Legend:
N:node VN:VPN-Node TP:Termination Point N: node
-:Link VN: VPN Node
TP: Termination Point
-: Link
Figure 3: An Example of VPN PM Figure 3: An Example of VPN PM
Figure 3 illustrates an example of VPN PM and two VPN PM measurement Figure 3 illustrates an example of VPN PM and two VPN PM measurement
methods including the VPN tunnel PM and the inter-VPN-access methods including the VPN tunnel PM and the inter-VPN-access
interface PM. VPN PM can also provide statistics on VPN access interface PM. VPN PM can also provide statistics on VPN access
interfaces, the number of current VRF routes or L2VPN MAC entry of interfaces, the number of current VRF routes, or L2VPN MAC entry of a
VPN node. VPN node.
4.2. Network Level Performance Monitoring Augmentation 4.2. Network-Level Performance Monitoring Augmentation
The model can be used for performance monitoring both for the The module described below can be used for performance monitoring for
underlay networks and the VPN services, which would be separate both the underlay networks and the VPN services, which would be
entries in the network list [RFC8345]. The differences are as separate entries in the network list [RFC8345]. The differences are
follows: as follows:
* When the "service" presence container is absent, then it indicates * When the "service" presence container is absent, then it indicates
performance monitoring of the network itself. performance monitoring of the network itself.
* When the "service" presence container is present, then it * When the "service" presence container is present, then it
indicates performance monitoring of the VPN service specified by indicates performance monitoring of the VPN service specified by
the "service-type" leaf, e.g. , L3VPN or Virtual Private LAN the "service-type" leaf, e.g., L3VPN or Virtual Private LAN
Service (VPLS). The values are taken from [RFC9181]. When a Service (VPLS). The values are taken from [RFC9181]. When a
network topology instance contains the L3VPN or other L2VPN network topology instance contains the L3VPN or other L2VPN
network type, it represents a VPN instance that can perform network types, it represents a VPN instance that can perform
performance monitoring performance monitoring.
The tree in Figure 4 is a part of "ietf-network-vpn-pm" tree. It The YANG tree in Figure 4 is a part of the "ietf-network-vpn-pm"
also defines the following set of network level attributes: tree. It defines the following set of network-level attributes:
"vpn-id": Refers to an identifier of VPN service defined in "vpn-id": Refers to an identifier of VPN service defined in
[RFC9181]. This identifier is used to correlate the performance [RFC9181]. This identifier is used to correlate the performance
status with the network service configuration. status with the network service configuration.
"vpn-service-topology": Indicates the type of the VPN service "vpn-service-topology": Indicates the type of VPN service topology.
topology. This model supports "any-to-any", "Hub and Spoke" This model supports "any-to-any", "hub-spoke" (where Hubs can
(where Hubs can exchange traffic), and "Hub and Spoke disjoint" exchange traffic), and "hub-spoke-disjoint" (where Hubs cannot
(where Hubs cannot exchange traffic) that are taken from exchange traffic), which are taken from [RFC9181]. These VPN
[RFC9181]. These VPN service topology types can be used to service topology types can be used to describe how VPN sites
describe how VPN sites communicate with each other. communicate with each other.
module: ietf-network-vpn-pm module: ietf-network-vpn-pm
augment /nw:networks/nw:network/nw:network-types: augment /nw:networks/nw:network/nw:network-types:
+--rw service! +--rw service!
+--rw service-type identityref +--rw service-type identityref
+--rw vpn-id? vpn-common:vpn-id +--rw vpn-id? vpn-common:vpn-id
+--rw vpn-service-topology? identityref +--rw vpn-service-topology? identityref
Figure 4: Network Level YANG Tree of the Hierarchies Figure 4: Network-Level YANG Tree
4.3. Node Level Performance Monitoring Augmentation 4.3. Node-Level Performance Monitoring Augmentation
The tree in Figure 5 is the node part of "ietf-network-vpn-pm" tree. The YANG tree in Figure 5 is the node part of the "ietf-network-vpn-
pm" tree.
For network performance monitoring, the module defines the following For network performance monitoring, the module defines the following
attributes: attributes:
"node-type": Indicates the device type of Provider Edge (PE), "node-type": Indicates the device type of the PE, P device, or
Provider (P) device, or Autonomous System Border Router (ASBR) as Autonomous System Border Router (ASBR) as defined in [RFC4026] and
defined in [RFC4026] and [RFC4364], so that the performance metric [RFC4364] so that the performance metric between any two nodes
between any two nodes each with specific node type can be that each have a specific node type can be reported.
reported.
"entry-summary": Lists a set of IPv4 statistics, IPv6 statistics, "entry-summary": Lists a set of IPv4 statistics, IPv6 statistics,
and MAC statistics. The detailed statistics are specified and MAC statistics. The detailed statistics are specified
separately. separately.
For VPN service topology, the module defines one attribute: For VPN service topology, the module defines one attribute:
"role": Defines the role in a particular VPN service topology. The "role": Defines the role in a particular VPN service topology. The
roles are taken from [RFC9181] (e.g., any-to-any-role, spoke-role, roles are taken from [RFC9181] (e.g., "any-to-any-role", "spoke-
hub-role). role", and "hub-role").
augment /nw:networks/nw:network/nw:node: augment /nw:networks/nw:network/nw:node:
+--rw node-type? identityref +--rw node-type? identityref
+--ro entry-summary +--ro entry-summary
+--ro ipv4-num +--ro ipv4-num
| +--ro maximum-routes? uint32 | +--ro maximum-routes? uint32
| +--ro total-active-routes? uint32 | +--ro total-active-routes? uint32
+--ro ipv6-num +--ro ipv6-num
| +--ro maximum-routes? uint32 | +--ro maximum-routes? uint32
| +--ro total-active-routes? uint32 | +--ro total-active-routes? uint32
+--ro mac-num +--ro mac-num
+--ro maximum-mac-entries? uint32 +--ro maximum-mac-entries? uint32
+--ro total-active-mac-entries? uint32 +--ro total-active-mac-entries? uint32
augment /nw:networks/nw:network/nw:node: augment /nw:networks/nw:network/nw:node:
+--rw role? identityref +--rw role? identityref
Figure 5: Node Level YANG Tree of the Hierarchies Figure 5: Node-Level YANG Tree
4.4. Link and Termination Point Level Performance Monitoring 4.4. Performance Monitoring Augmentation at Link and Termination Point
Augmentation Level
The tree in Figure 6 is the link and termination point (TP) part of The YANG tree in Figure 6 is the link and termination point (TP) part
ietf-network-vpn-pm tree. of the "ietf-network-vpn-pm" tree.
The 'links' are classified into two types: topology link defined in The "links" are classified into two types: topology link (defined in
[RFC8345] and abstract link of a VPN between PEs defined in this [RFC8345]) and abstract link of a VPN between PEs (defined in this
module. module).
The performance data of a link is a collection of counters and gauges The performance data of a link is a collection of counters and gauges
that report the performance status. All these metrics are defined as that report the performance status. All these metrics are defined as
unidirectional metrics. unidirectional metrics.
augment /nw:networks/nw:network/nt:link: augment /nw:networks/nw:network/nt:link:
+--rw perf-mon +--rw perf-mon
+--rw low-percentile? percentile +--rw low-percentile? percentile
+--rw intermediate-percentile? percentile +--rw intermediate-percentile? percentile
+--rw high-percentile? percentile +--rw high-percentile? percentile
+--rw measurement-interval? uint32 +--rw measurement-interval? uint32
+--ro pm* [pm-type] +--ro pm* [pm-type]
| +--ro pm-type identityref | +--ro pm-type identityref
| +--ro pm-attributes | +--ro pm-attributes
| +--ro start-time? yang:date-and-time | +--ro start-time? yang:date-and-time
| +--ro end-time? yang:date-and-time | +--ro end-time? yang:date-and-time
| +--ro pm-source? identityref | +--ro pm-source? identityref
| +--ro one-way-pm-statistics | +--ro one-way-pm-statistics
| | +--ro loss-statistics | | +--ro loss-statistics
| | | +--ro packet-loss-count? yang:counter64 | | | +--ro packet-loss-count? yang:counter64
| | | +--ro loss-ratio? percentage | | | +--ro loss-ratio? percentage
| | +--ro delay-statistics | | +--ro delay-statistics
| | | +--ro unit-value? identityref | | | +--ro unit-value? identityref
| | | +--ro min-delay-value? yang:gauge64 | | | +--ro min-delay-value? yang:gauge64
| | | +--ro max-delay-value? yang:gauge64 | | | +--ro max-delay-value? yang:gauge64
| | | +--ro low-delay-percentile? yang:gauge64 | | | +--ro low-delay-percentile? yang:gauge64
| | | +--ro intermediate-delay-percentile? yang:gauge64 | | | +--ro intermediate-delay-percentile? yang:gauge64
| | | +--ro high-delay-percentile? yang:gauge64 | | | +--ro high-delay-percentile? yang:gauge64
| | +--ro jitter-statistics | | +--ro jitter-statistics
| | +--ro unit-value? identityref | | +--ro unit-value? identityref
| | +--ro min-jitter-value? yang:gauge64 | | +--ro min-jitter-value? yang:gauge64
| | +--ro max-jitter-value? yang:gauge64 | | +--ro max-jitter-value? yang:gauge64
| | +--ro low-jitter-percentile? yang:gauge64 | | +--ro low-jitter-percentile? yang:gauge64
| | +--ro intermediate-jitter-percentile? yang:gauge64 | | +--ro intermediate-jitter-percentile? yang:gauge64
| | +--ro high-jitter-percentile? yang:gauge64 | | +--ro high-jitter-percentile? yang:gauge64
| +--ro one-way-pm-statistics-per-class* [class-id] | +--ro one-way-pm-statistics-per-class* [class-id]
| +--ro class-id string | +--ro class-id string
| +--ro loss-statistics | +--ro loss-statistics
| | +--ro packet-loss-count? yang:counter64 | | +--ro packet-loss-count? yang:counter64
| | +--ro loss-ratio? percentage | | +--ro loss-ratio? percentage
| +--ro delay-statistics | +--ro delay-statistics
| | +--ro unit-value? identityref | | +--ro unit-value? identityref
| | +--ro min-delay-value? yang:gauge64 | | +--ro min-delay-value? yang:gauge64
| | +--ro max-delay-value? yang:gauge64 | | +--ro max-delay-value? yang:gauge64
| | +--ro low-delay-percentile? yang:gauge64 | | +--ro low-delay-percentile? yang:gauge64
| | +--ro intermediate-delay-percentile? yang:gauge64 | | +--ro intermediate-delay-percentile? yang:gauge64
| | +--ro high-delay-percentile? yang:gauge64 | | +--ro high-delay-percentile? yang:gauge64
| +--ro jitter-statistics | +--ro jitter-statistics
| +--ro unit-value? identityref | +--ro unit-value? identityref
| +--ro min-jitter-value? yang:gauge64 | +--ro min-jitter-value? yang:gauge64
| +--ro max-jitter-value? yang:gauge64 | +--ro max-jitter-value? yang:gauge64
| +--ro low-jitter-percentile? yang:gauge64 | +--ro low-jitter-percentile? yang:gauge64
| +--ro intermediate-jitter-percentile? yang:gauge64 | +--ro intermediate-jitter-percentile? yang:gauge64
| +--ro high-jitter-percentile? yang:gauge64 | +--ro high-jitter-percentile? yang:gauge64
+--rw vpn-pm-type +--rw vpn-pm-type
+--rw inter-vpn-access-interface +--rw inter-vpn-access-interface
| +--rw inter-vpn-access-interface? empty | +--rw inter-vpn-access-interface? empty
+--rw vpn-tunnel! +--rw vpn-tunnel!
+--ro vpn-tunnel-type? identityref +--ro vpn-tunnel-type? identityref
augment /nw:networks/nw:network/nw:node/nt:termination-point: augment /nw:networks/nw:network/nw:node/nt:termination-point:
+--ro pm-statistics +--ro pm-statistics
+--ro last-updated? yang:date-and-time
+--ro inbound-octets? yang:counter64
+--ro inbound-unicast? yang:counter64
+--ro inbound-broadcast? yang:counter64
+--ro inbound-multicast? yang:counter64
+--ro inbound-discards? yang:counter64
+--ro inbound-errors? yang:counter64
+--ro inbound-unknown-protocol? yang:counter64
+--ro outbound-octets? yang:counter64
+--ro outbound-unicast? yang:counter64
+--ro outbound-broadcast? yang:counter64
+--ro outbound-multicast? yang:counter64
+--ro outbound-discards? yang:counter64
+--ro outbound-errors? yang:counter64
+--ro vpn-network-access* [network-access-id]
+--ro network-access-id vpn-common:vpn-id
+--ro last-updated? yang:date-and-time +--ro last-updated? yang:date-and-time
+--ro inbound-octets? yang:counter64 +--ro inbound-octets? yang:counter64
+--ro inbound-unicast? yang:counter64 +--ro inbound-unicast? yang:counter64
+--ro inbound-broadcast? yang:counter64 +--ro inbound-broadcast? yang:counter64
+--ro inbound-multicast? yang:counter64 +--ro inbound-multicast? yang:counter64
+--ro inbound-discards? yang:counter64 +--ro inbound-discards? yang:counter64
+--ro inbound-errors? yang:counter64 +--ro inbound-errors? yang:counter64
+--ro inbound-unknown-protocol? yang:counter64 +--ro inbound-unknown-protocol? yang:counter64
+--ro outbound-octets? yang:counter64 +--ro outbound-octets? yang:counter64
+--ro outbound-unicast? yang:counter64 +--ro outbound-unicast? yang:counter64
+--ro outbound-broadcast? yang:counter64 +--ro outbound-broadcast? yang:counter64
+--ro outbound-multicast? yang:counter64 +--ro outbound-multicast? yang:counter64
+--ro outbound-discards? yang:counter64 +--ro outbound-discards? yang:counter64
+--ro outbound-errors? yang:counter64 +--ro outbound-errors? yang:counter64
+--ro vpn-network-access* [network-access-id]
+--ro network-access-id vpn-common:vpn-id
+--ro last-updated? yang:date-and-time
+--ro inbound-octets? yang:counter64
+--ro inbound-unicast? yang:counter64
+--ro inbound-broadcast? yang:counter64
+--ro inbound-multicast? yang:counter64
+--ro inbound-discards? yang:counter64
+--ro inbound-errors? yang:counter64
+--ro inbound-unknown-protocol? yang:counter64
+--ro outbound-octets? yang:counter64
+--ro outbound-unicast? yang:counter64
+--ro outbound-broadcast? yang:counter64
+--ro outbound-multicast? yang:counter64
+--ro outbound-discards? yang:counter64
+--ro outbound-errors? yang:counter64
Figure 6: Link and Termination point Level YANG Tree of the Figure 6: Link and Termination Point YANG Subtree
hierarchies
For the data nodes of 'link' depicted in Figure 6, the YANG module For the data nodes of "link" depicted in Figure 6, the YANG module
defines the following minimal set of link-level performance defines the following minimal set of link-level performance
attributes: attributes:
Percentile parameters: The module supports reporting delay and Percentile parameters: The module supports reporting delay and
jitter metric by percentile values. There are three percentile jitter metrics with percentile values. There are three percentile
values for configuring various percentile reporting levels. By values for configuring various percentile reporting levels. By
default, low percentile (10th percentile), intermediate percentile default, low percentile (10th percentile), intermediate percentile
(50th percentile), high percentile (90th percentile) are used. (50th percentile), and high percentile (90th percentile) are used.
Configuring a percentile to 0.000 indicates the client is not Configuring a percentile to 0.000 indicates the client is not
interested in receiving particular percentile. If all percentile interested in receiving a particular percentile. If all
nodes are configured to 0.000, this represents that no percentile percentile nodes are configured to 0.000, it represents that no
related nodes will be reported for a given performance metric percentile-related nodes will be reported for a given performance
(e.g., one-way delay, one-way delay variation) and only peak/min metric (e.g., one-way delay and one-way delay variation) and only
values will be reported. For example, a client can inform the peak/min values will be reported. For example, a client can
server that it is interested in receiving only high percentiles. inform the server that it is interested in receiving only high
Then for a given link, at a given "start-time", "end-time" and percentiles. Then for a given link at a given "start-time", "end-
"measurement-interval", the 'high-delay-percentile' and 'high- time", and "measurement-interval", the "high-delay-percentile" and
jitter-percentile' will be reported. An example to illustrate the "high-jitter-percentile" will be reported. An example to
use of percentiles is provided in Appendix A.3. illustrate the use of percentiles is provided in Appendix A.3.
Measurement interval ("measurement-interval"): Specifies the Measurement interval ("measurement-interval"): Specifies the
performance measurement interval, in seconds. performance measurement interval, in seconds.
Start time ("start-time"): Indicates the start time of the Start time ("start-time"): Indicates the start time of the
performance measurement for link statistics. performance measurement for link statistics.
End time ("end-time"): Indicates the end time of the performance End time ("end-time"): Indicates the end time of the performance
measurement for link statistics. measurement for link statistics.
PM source ("pm-source"): Indicates the performance monitoring PM source ("pm-source"): Indicates the performance monitoring
source. The data for the topology link can be based, e.g., on source. The data for the topology link can be based, e.g., on BGP
BGP-LS [RFC8571]. The statistics of the VPN abstract links can be - Link State (BGP-LS) [RFC8571]. The statistics of the VPN
collected based upon VPN OAM mechanisms, e.g., OAM mechanisms abstract links can be collected based upon VPN OAM mechanisms,
referenced in [RFC9182], or Ethernet service OAM [ITU-T-Y-1731] e.g., OAM mechanisms referenced in [RFC9182] or Ethernet service
referenced in [RFC9291]. Alternatively, the data can be based OAM [ITU-T-Y-1731] referenced in [RFC9291]. Alternatively, the
upon the underlay technology OAM mechanisms, for example, Generic data can be based upon the underlay technology OAM mechanisms,
Routing Encapsulation (GRE) tunnel OAM. e.g., Generic Routing Encapsulation (GRE) tunnel OAM.
Loss statistics: A set of one-way loss statistics attributes that Loss statistics: A set of one-way loss statistics attributes that
are used to measure end to end loss between VPN sites or between are used to measure end-to-end loss between VPN sites or between
any two network nodes. The exact loss value or the loss any two network nodes. The exact loss value or the loss
percentage can be reported. percentage can be reported.
Delay statistics: A set of one-way delay statistics attributes that Delay statistics: A set of one-way delay statistics attributes that
are used to measure end to end latency between VPN sites or are used to measure end-to-end latency between VPN sites or
between any two network nodes. The peak/min values or percentile between any two network nodes. The peak/min values or percentile
values can be reported. values can be reported.
Jitter statistics: A set of one-way IP Packet Delay Variation Jitter statistics: A set of one-way IP Packet Delay Variation
[RFC3393] statistics attributes that are used to measure end to [RFC3393] statistics attributes that are used to measure end-to-
end jitter between VPN sites or between any two network nodes. end jitter between VPN sites or between any two network nodes.
The peak/min values or percentile values can be reported. The peak/min values or percentile values can be reported.
PM statistics per class: "one-way-pm-statistics-per-class" lists PM statistics per class: "one-way-pm-statistics-per-class" lists
performance measurement statistics for the topology link or the performance measurement statistics for the topology link or the
abstract link between VPN PEs with given "class-id" names. The abstract link between VPN PEs with given "class-id" names. The
list is defined separately from "one-way-pm-statistics", which is list is defined separately from "one-way-pm-statistics", which is
used to collect generic metrics for unspecified "class-id" names. used to collect generic metrics for unspecified "class-id" names.
VPN PM type ("vpn-pm-type"): Indicates the VPN performance type, VPN PM type ("vpn-pm-type"): Indicates the VPN performance type,
which can be "inter-vpn-access-interface" PM or "vpn-tunnel" PM. which can be "inter-vpn-access-interface" PM or "vpn-tunnel" PM.
These two methods are common VPN measurement methods. The "inter- These two methods are common VPN measurement methods. The "inter-
VPN-access-interface" PM is to monitor the performance of logical VPN-access-interface" PM is used to monitor the performance of
point-to-point VPN connections between a source and a destination logical point-to-point VPN connections between source and
VPN access interfaces. And the "vpn-tunnel" PM is to monitor the destination VPN access interfaces. And the "vpn-tunnel" PM is
performance of VPN tunnels. The "inter-VPN-access-interface" PM used to monitor the performance of VPN tunnels. The "inter-VPN-
includes PE-PE monitoring. Therefore, usually only one of the two access-interface" PM includes PE-PE monitoring. Therefore,
methods is used. The "inter-VPN-access-interface" PM is defined usually only one of the two methods is used. The "inter-VPN-
as an empty leaf, which is not bound to a specific VPN access access-interface" PM is defined as an empty leaf, which is not
interface. The source or destination VPN access interface of the bound to a specific VPN access interface. The source or
measurement can be augmented as needed. destination VPN access interface of the measurement can be
augmented as needed.
VPN tunnel type ("vpn-tunnel-type"): Indicates the abstract link VPN tunnel type ("vpn-tunnel-type"): Indicates the abstract link
protocol-type of a VPN, such as GRE or IP-in-IP. The leaf refers protocol-type of a VPN, such as GRE or IP-in-IP. The leaf refers
to an identifier of the "underlay-transport" defined in [RFC9181], to an identifier of the "underlay-transport" defined in [RFC9181],
which describes the transport technology to carry the traffic of which describes the transport technology that carries the traffic
the VPN service. In the case of multiple types of tunnels between of the VPN service. In the case of multiple types of tunnels
a single pair of VPN nodes, a separate link for each type of between a single pair of VPN nodes, a separate link for each type
tunnel can be created. of tunnel can be created.
For the data nodes of 'termination-point' depicted in Figure 6, the For the data nodes of "termination-point" depicted in Figure 6, the
module defines the following minimal set of statistics: module defines the following minimal set of statistics:
Last updated time ("last-updated"): Indicates the date and time when Last updated time ("last-updated"): Indicates the date and time when
the counters were last updated. the counters were last updated.
Inbound statistics: A set of inbound statistics attributes that are Inbound statistics: A set of inbound statistics attributes that are
used to measure the inbound statistics of the termination point, used to measure the inbound statistics of the termination point,
such as received packets, received packets with errors, etc. such as received packets, received packets with errors, etc.
Outbound statistics: A set of outbound statistics attributes that Outbound statistics: A set of outbound statistics attributes that
skipping to change at page 16, line 7 skipping to change at line 691
VPN network access ("vpn-network-access"): Lists counters of the VPN VPN network access ("vpn-network-access"): Lists counters of the VPN
network access defined in the L3NM [RFC9182] or the L2NM network access defined in the L3NM [RFC9182] or the L2NM
[RFC9291]. When multiple VPN network accesses are created using [RFC9291]. When multiple VPN network accesses are created using
the same physical port, finer-grained metrics can be monitored. the same physical port, finer-grained metrics can be monitored.
If a TP is associated with only a single VPN, this list is not If a TP is associated with only a single VPN, this list is not
required. required.
5. Network and VPN Service Performance Monitoring YANG Module 5. Network and VPN Service Performance Monitoring YANG Module
The "ietf-network-vpn-pm" module uses types defined in [RFC8345], The "ietf-network-vpn-pm" YANG module uses types defined in
[RFC6991], [RFC8532], and [RFC9181]. [RFC6991], [RFC8345], [RFC8532], and [RFC9181].
<CODE BEGINS> file "ietf-network-vpn-pm@2022-11-11.yang" <CODE BEGINS> file "ietf-network-vpn-pm@2023-03-20.yang"
module ietf-network-vpn-pm { module ietf-network-vpn-pm {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-network-vpn-pm"; namespace "urn:ietf:params:xml:ns:yang:ietf-network-vpn-pm";
prefix nvp; prefix nvp;
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
reference reference
"RFC 6991: Common YANG Types"; "RFC 6991: Common YANG Data Types";
} }
import ietf-vpn-common { import ietf-vpn-common {
prefix vpn-common; prefix vpn-common;
reference reference
"RFC 9181: A Common YANG Data Model for Layer 2 and "RFC 9181: A Common YANG Data Model for Layer 2 and
Layer 3 VPNs."; Layer 3 VPNs";
} }
import ietf-network { import ietf-network {
prefix nw; prefix nw;
reference reference
"RFC 8345: A YANG Data Model for Network "RFC 8345: A YANG Data Model for Network
Topologies, Section 6.1"; Topologies, Section 6.1";
} }
import ietf-network-topology { import ietf-network-topology {
prefix nt; prefix nt;
reference reference
"RFC 8345: A YANG Data Model for Network "RFC 8345: A YANG Data Model for Network
Topologies, Section 6.2"; Topologies, Section 6.2";
} }
import ietf-lime-time-types { import ietf-lime-time-types {
prefix lime; prefix lime;
reference reference
"RFC 8532: Generic YANG Data Model for the Management of "RFC 8532: Generic YANG Data Model for the Management of
Operations, Administration, and Maintenance (OAM) Protocols Operations, Administration, and Maintenance (OAM)
That Use Connectionless Communications"; Protocols That Use Connectionless Communications";
} }
organization organization
"IETF OPSAWG (Operations and Management Area Working Group)"; "IETF OPSAWG (Operations and Management Area Working Group)";
contact contact
"WG Web: <https://datatracker.ietf.org/wg/opsawg/> "WG Web: <https://datatracker.ietf.org/wg/opsawg/>
WG List: <mailto:opsawg@ietf.org> WG List: <mailto:opsawg@ietf.org>
Editor: Bo Wu Editor: Bo Wu
<lana.wubo@huawei.com> <lana.wubo@huawei.com>
Editor: Mohamed Boucadair Editor: Mohamed Boucadair
<mohamed.boucadair@orange.com> <mohamed.boucadair@orange.com>
Editor: Qin Wu Editor: Qin Wu
<bill.wu@huawei.com> <bill.wu@huawei.com>
Author: Oscar Gonzalez de Dios Author: Oscar Gonzalez de Dios
<oscar.gonzalezdedios@telefonica.com> <oscar.gonzalezdedios@telefonica.com>
Author: Bin Wen Author: Bin Wen
<bin_wen@comcast.com>"; <bin_wen@comcast.com>";
description description
"This module defines a model for Network and VPN Service "This YANG module defines a model for network and VPN service
Performance monitoring. performance monitoring (PM).
Copyright (c) 2022 IETF Trust and the persons identified as Copyright (c) 2023 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC 9375
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself (https://www.rfc-editor.org/info/rfc9375); see the RFC itself
for full legal notices."; for full legal notices.";
// RFC Ed.: update the date below with the date of RFC revision 2023-03-20 {
// publication and remove this note.
// RFC Ed.: replace XXXX with actual RFC number and remove
// this note.
revision 2022-11-11 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Model for Network and VPN Service "RFC 9375: A YANG Data Model for Network and VPN Service
Performance Monitoring"; Performance Monitoring";
} }
identity node-type { identity node-type {
description description
"Base identity for node type"; "Base identity for node type";
} }
identity pe { identity pe {
base node-type; base node-type;
description description
"Provider Edge (PE) node type. A PE is the device "Provider Edge (PE) node type. A PE is the device or set
or set of devices at the edge of the provider network with the of devices at the edge of the provider network with the
functionality that is needed to interface with the customer."; functionality that is needed to interface with the
customer.";
} }
identity p { identity p {
base node-type; base node-type;
description description
"Provider router node type. That is, a router "Provider router node type. That is, a router
in the core network that does not have interfaces in the core network that does not have interfaces
directly toward a customer."; directly toward a customer.";
} }
identity asbr { identity asbr {
base node-type; base node-type;
description description
"Autonomous System Border Router (ASBR) node type."; "Autonomous System Border Router (ASBR) node type.";
reference reference
"RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)"; "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)";
skipping to change at page 18, line 35 skipping to change at line 816
identity pm-source-type { identity pm-source-type {
description description
"Base identity from which specific performance monitoring "Base identity from which specific performance monitoring
mechanism types are derived."; mechanism types are derived.";
} }
identity pm-source-bgpls { identity pm-source-bgpls {
base pm-source-type; base pm-source-type;
description description
"Indicates BGP-LS as the performance monitoring metric source"; "Indicates BGP-LS as the performance monitoring metric
source.";
reference reference
"RFC 8571: BGP - Link State (BGP-LS) Advertisement of "RFC 8571: BGP - Link State (BGP-LS) Advertisement of
IGP Traffic Engineering Performance Metric Extensions"; IGP Traffic Engineering Performance Metric
Extensions";
} }
identity pm-source-owamp { identity pm-source-owamp {
base pm-source-type; base pm-source-type;
description description
"Indicates One-Way Active Measurement Protocol(OWAMP) "Indicates the One-Way Active Measurement Protocol (OWAMP)
as the performance monitoring metric source."; as the performance monitoring metric source.";
reference reference
"RFC 4656: A One-Way Active Measurement Protocol (OWAMP)"; "RFC 4656: A One-way Active Measurement Protocol (OWAMP)";
} }
identity pm-source-twamp { identity pm-source-twamp {
base pm-source-type; base pm-source-type;
description description
"Indicates Two-Way Active Measurement Protocol(TWAMP) "Indicates the Two-Way Active Measurement Protocol (TWAMP)
as the performance monitoring metric source."; as the performance monitoring metric source.";
reference reference
"RFC 5357: A Two-Way Active Measurement Protocol (TWAMP)"; "RFC 5357: A Two-Way Active Measurement Protocol (TWAMP)";
} }
identity pm-source-stamp { identity pm-source-stamp {
base pm-source-type; base pm-source-type;
description description
"Indicates Simple Two-way Active Measurement Protocol(STAMP) "Indicates the Simple Two-way Active Measurement Protocol
as the performance monitoring metric source."; (STAMP) as the performance monitoring metric source.";
reference reference
"RFC 8762: Simple Two-Way Active Measurement Protocol"; "RFC 8762: Simple Two-Way Active Measurement Protocol";
} }
identity pm-source-y-1731 { identity pm-source-y-1731 {
base pm-source-type; base pm-source-type;
description description
"Indicates Ethernet OAM Y.1731 as the performance monitoring "Indicates Ethernet OAM Y.1731 as the performance monitoring
metric source."; metric source.";
reference reference
"ITU-T Y.1731: Operations, administration and "ITU-T Y.1731: Operations, administration and
maintenance (OAM) functions and mechanisms maintenance (OAM) functions and mechanisms
for Ethernet-based networks"; for Ethernet-based networks";
} }
identity pm-source-ioam { identity pm-source-ioam {
base pm-source-type; base pm-source-type;
description description
"Indicates In Situ Operations, Administration, and Maintenance "Indicates In Situ Operations, Administration, and Maintenance
(IOAM) as the performance monitoring metric source."; (IOAM) as the performance monitoring metric source.";
reference reference
"RFC 9197: Data Fields for In Situ Operations, Administration, "RFC 9197: Data Fields for In Situ Operations, Administration,
and Maintenance (IOAM)"; and Maintenance (IOAM)";
} }
identity pm-type { identity pm-type {
description description
"Base identity for PM type."; "Base identity for the PM type.";
} }
identity pm-type-network-link { identity pm-type-network-link {
base pm-type; base pm-type;
description description
"Indicates that the PM type is for the link in "Indicates that the PM type is for the link in
the network topology."; the network topology.";
} }
identity pm-type-vpn-inter-access { identity pm-type-vpn-inter-access {
base pm-type; base pm-type;
description description
"Indicates that the PM type is for logical point-to-point VPN "Indicates that the PM type is for logical point-to-point VPN
connections between a source and a destination VPN access connections between source and destination VPN access
interfaces."; interfaces.";
} }
identity pm-type-vpn-tunnel { identity pm-type-vpn-tunnel {
base pm-type; base pm-type;
description description
"Indicates that the PM type is for VPN tunnels."; "Indicates that the PM type is for VPN tunnels.";
} }
typedef percentage { typedef percentage {
skipping to change at page 20, line 33 skipping to change at line 913
description description
"Percentage to 5 decimal places."; "Percentage to 5 decimal places.";
} }
typedef percentile { typedef percentile {
type decimal64 { type decimal64 {
fraction-digits 3; fraction-digits 3;
range "0..100"; range "0..100";
} }
description description
"The percentile is a value between 0 and 100 "The percentile is a value between 0 and 100 to 3
to 3 decimal places, e.g. 10.000, 99.900 ,99.990, etc. decimal places, e.g., 10.000, 99.900, and 99.990.
For example, for a given one-way delay measurement, For example, for a given one-way delay measurement,
if the percentile is set to 95.000 and the 95th percentile if the percentile is set to 95.000 and the 95th percentile
one-way delay is 2 milliseconds, then the 95 percent of one-way delay is 2 milliseconds, then the 95 percent of
the sample value is less than or equal to 2 milliseconds."; the sample value is less than or equal to 2 milliseconds.";
} }
grouping entry-summary { grouping entry-summary {
description description
"Entry summary grouping used for network topology "Entry summary grouping used for network topology
augmentation."; augmentation.";
skipping to change at page 22, line 4 skipping to change at line 979
type uint32; type uint32;
description description
"Indicates the total active MAC entries "Indicates the total active MAC entries
for the VPN or network."; for the VPN or network.";
} }
description description
"MAC statistics."; "MAC statistics.";
} }
} }
} }
grouping link-loss-statistics { grouping link-loss-statistics {
description description
"Grouping for per link error statistics."; "Grouping for per-link error statistics.";
container loss-statistics { container loss-statistics {
description description
"One-way link loss summarized information."; "One-way link loss summarized information.";
reference reference
"RFC 4656: A One-way Active Measurement Protocol (OWAMP) "RFC 4656: A One-way Active Measurement Protocol (OWAMP)
ITU-T Y.1731: Operations, administration and ITU-T Y.1731: Operations, administration and
maintenance (OAM) functions and mechanisms maintenance (OAM) functions and mechanisms
for Ethernet-based networks"; for Ethernet-based networks";
leaf packet-loss-count { leaf packet-loss-count {
type yang:counter64; type yang:counter64;
description description
"Total number of lost packets."; "Total number of lost packets.";
} }
leaf loss-ratio { leaf loss-ratio {
type percentage; type percentage;
description description
"Loss ratio of the packets. Express as percentage "Loss ratio of the packets. Expressed as percentage
of packets lost with respect to packets sent."; of packets lost with respect to packets sent.";
} }
} }
} }
grouping link-delay-statistics { grouping link-delay-statistics {
description description
"Grouping for per link delay statistics."; "Grouping for per-link delay statistics.";
container delay-statistics { container delay-statistics {
description description
"One-way link delay summarized information."; "One-way link delay summarized information.";
reference reference
"RFC 4656: A One-way Active Measurement Protocol (OWAMP) "RFC 4656: A One-way Active Measurement Protocol (OWAMP)
ITU-T Y.1731: Operations, administration and ITU-T Y.1731: Operations, administration and
maintenance (OAM) functions and mechanisms maintenance (OAM) functions and mechanisms
for Ethernet-based networks"; for Ethernet-based networks";
leaf unit-value { leaf unit-value {
type identityref { type identityref {
base lime:time-unit-type; base lime:time-unit-type;
} }
default "lime:milliseconds"; default "lime:milliseconds";
description description
"Time units, where the options are hours, minutes, seconds, "Time units, where the options are hours, minutes, seconds,
milliseconds, microseconds, and nanoseconds."; milliseconds, microseconds, and nanoseconds.";
} }
leaf min-delay-value { leaf min-delay-value {
skipping to change at page 23, line 34 skipping to change at line 1058
type yang:gauge64; type yang:gauge64;
description description
"High percentile of observed one-way delay with "High percentile of observed one-way delay with
specific measurement method."; specific measurement method.";
} }
} }
} }
grouping link-jitter-statistics { grouping link-jitter-statistics {
description description
"Grouping for per link jitter statistics."; "Grouping for per-link jitter statistics.";
container jitter-statistics { container jitter-statistics {
description description
"One-way link jitter summarized information."; "One-way link jitter summarized information.";
reference reference
"RFC 3393: IP Packet Delay Variation Metric "RFC 3393: IP Packet Delay Variation Metric
for IP Performance Metrics (IPPM) for IP Performance Metrics (IPPM)
RFC 4656: A One-way Active Measurement Protocol (OWAMP) RFC 4656: A One-way Active Measurement Protocol (OWAMP)
ITU-T Y.1731: Operations, administration and ITU-T Y.1731: Operations, administration and
maintenance (OAM) functions and mechanisms maintenance (OAM) functions and mechanisms
for Ethernet-based networks"; for Ethernet-based networks";
leaf unit-value { leaf unit-value {
type identityref { type identityref {
base lime:time-unit-type; base lime:time-unit-type;
} }
default "lime:milliseconds"; default "lime:milliseconds";
description description
"Time units, where the options are hours, minutes, seconds, "Time units, where the options are hours, minutes, seconds,
milliseconds, microseconds, and nanoseconds."; milliseconds, microseconds, and nanoseconds.";
} }
leaf min-jitter-value { leaf min-jitter-value {
skipping to change at page 25, line 4 skipping to change at line 1124
leaf inbound-octets { leaf inbound-octets {
type yang:counter64; type yang:counter64;
description description
"The total number of octets received on the "The total number of octets received on the
interface, including framing characters."; interface, including framing characters.";
} }
leaf inbound-unicast { leaf inbound-unicast {
type yang:counter64; type yang:counter64;
description description
"The total number of inbound unicast packets."; "The total number of inbound unicast packets.";
} }
leaf inbound-broadcast { leaf inbound-broadcast {
type yang:counter64; type yang:counter64;
description description
"The total number of inbound broadcast packets."; "The total number of inbound broadcast packets.";
} }
leaf inbound-multicast { leaf inbound-multicast {
type yang:counter64; type yang:counter64;
description description
"The total number of inbound multicast packets."; "The total number of inbound multicast packets.";
} }
leaf inbound-discards { leaf inbound-discards {
type yang:counter64; type yang:counter64;
description description
"The number of inbound packets that were chosen to be "The number of inbound packets that were discarded
discarded even though no errors had been detected. even though no errors had been detected. Possible
Possible reasons for discarding such a packet could reasons for discarding such a packet could be to
be to free up buffer space, not enough buffer for free up buffer space, not enough buffer for too
too much data, etc."; much data, etc.";
} }
leaf inbound-errors { leaf inbound-errors {
type yang:counter64; type yang:counter64;
description description
"The number of inbound packets that contained errors."; "The number of inbound packets that contained errors.";
} }
leaf inbound-unknown-protocol { leaf inbound-unknown-protocol {
type yang:counter64; type yang:counter64;
description description
"The number of packets received via the interface "The number of packets received via the interface
which were discarded because of an unknown or that were discarded because of an unknown or
unsupported protocol."; unsupported protocol.";
} }
leaf outbound-octets { leaf outbound-octets {
type yang:counter64; type yang:counter64;
description description
"The total number of octets transmitted out of the "The total number of octets transmitted out of the
interface, including framing characters."; interface, including framing characters.";
} }
leaf outbound-unicast { leaf outbound-unicast {
type yang:counter64; type yang:counter64;
skipping to change at page 26, line 12 skipping to change at line 1180
"The total number of outbound broadcast packets."; "The total number of outbound broadcast packets.";
} }
leaf outbound-multicast { leaf outbound-multicast {
type yang:counter64; type yang:counter64;
description description
"The total number of outbound multicast packets."; "The total number of outbound multicast packets.";
} }
leaf outbound-discards { leaf outbound-discards {
type yang:counter64; type yang:counter64;
description description
"The number of outbound packets which were chosen "The number of outbound packets that were discarded
to be discarded even though no errors had been even though no errors had been detected to
detected to prevent their being transmitted. prevent their transmission. Possible reasons
Possible reasons for discarding such a packet could for discarding such a packet could be to free
be to free up buffer space, not enough buffer for up buffer space, not enough buffer for too
too much data, etc."; much data, etc.";
} }
leaf outbound-errors { leaf outbound-errors {
type yang:counter64; type yang:counter64;
description description
"The number of outbound packets that contained "The number of outbound packets that contained errors.";
errors.";
} }
description description
"Grouping for interface service telemetry."; "Grouping for interface service telemetry.";
} }
augment "/nw:networks/nw:network/nw:network-types" { augment "/nw:networks/nw:network/nw:network-types" {
description description
"Defines the service topologies types."; "Defines the service topologies types.";
container service { container service {
presence presence "Presence of the container indicates performance
"Presence of the container indicates performance monitoring monitoring of the VPN service, and absence of
of the VPN service, and absence of the container indicates the container indicates performance monitoring
performance monitoring of the network itself."; of the network itself.";
description description
"Container for VPN service."; "Container for VPN service.";
leaf service-type { leaf service-type {
type identityref { type identityref {
base vpn-common:service-type; base vpn-common:service-type;
} }
mandatory true; mandatory true;
description description
"This indicates the network service type, "This indicates the network service type,
e.g., L3VPN, VPLS, etc."; e.g., L3VPN and VPLS.";
} }
leaf vpn-id { leaf vpn-id {
type vpn-common:vpn-id; type vpn-common:vpn-id;
description description
"VPN identifier."; "VPN identifier.";
} }
leaf vpn-service-topology { leaf vpn-service-topology {
type identityref { type identityref {
base vpn-common:vpn-topology; base vpn-common:vpn-topology;
} }
description description
"VPN service topology, e.g., hub-spoke, any-to-any, "VPN service topology, e.g., hub-spoke, any-to-any,
hub-spoke-disjoint."; and hub-spoke-disjoint.";
} }
} }
} }
augment "/nw:networks/nw:network/nw:node" { augment "/nw:networks/nw:network/nw:node" {
description description
"Augments the network node with other general attributes."; "Augments the network node with other general attributes.";
leaf node-type { leaf node-type {
type identityref { type identityref {
base node-type; base node-type;
} }
description description
"Node type, e.g., PE, P, ASBR."; "Node type, e.g., PE, P, and ASBR.";
} }
uses entry-summary; uses entry-summary;
} }
augment "/nw:networks/nw:network/nw:node" { augment "/nw:networks/nw:network/nw:node" {
when '../nw:network-types/nvp:service' { when '../nw:network-types/nvp:service' {
description description
"Augments for VPN service PM."; "Augments for VPN service PM.";
} }
description description
skipping to change at page 28, line 9 skipping to change at line 1272
description description
"Augments the network topology link with performance "Augments the network topology link with performance
monitoring attributes."; monitoring attributes.";
container perf-mon { container perf-mon {
description description
"Container for PM attributes."; "Container for PM attributes.";
leaf low-percentile { leaf low-percentile {
type percentile; type percentile;
default "10.000"; default "10.000";
description description
"Low percentile to report. Setting low-percentile "Low percentile to report. Setting low-percentile
to 0.000 indicates the client is not interested to 0.000 indicates the client is not interested
in receiving low percentile."; in receiving low percentile.";
} }
leaf intermediate-percentile { leaf intermediate-percentile {
type percentile; type percentile;
default "50.000"; default "50.000";
description description
"Intermediate percentile to report. Setting "Intermediate percentile to report. Setting
intermediate-percentile to 0.000 indicates the client intermediate-percentile to 0.000 indicates the client
is not interested in receiving intermediate percentile."; is not interested in receiving intermediate percentile.";
} }
leaf high-percentile { leaf high-percentile {
type percentile; type percentile;
default "95.000"; default "95.000";
description description
"High percentile to report. Setting high-percentile "High percentile to report. Setting high-percentile
to 0.000 indicates the client is not interested in to 0.000 indicates the client is not interested in
receiving high percentile."; receiving high percentile.";
} }
leaf measurement-interval { leaf measurement-interval {
type uint32 { type uint32 {
range "1..max"; range "1..max";
} }
units "seconds"; units "seconds";
default "60"; default "60";
description description
"Indicates the time interval to perform PM "Indicates the time interval to perform PM
measurement over."; measurement over.";
} }
list pm { list pm {
key "pm-type"; key "pm-type";
config false; config false;
description description
"The list of PM based on PM type"; "The list of PM based on PM type.";
leaf pm-type { leaf pm-type {
type identityref { type identityref {
base pm-type; base pm-type;
} }
config false; config false;
description description
"The PM type of the measured PM attributes"; "The PM type of the measured PM attributes.";
} }
container pm-attributes { container pm-attributes {
description description
"Container for PM attributes."; "Container for PM attributes.";
leaf start-time { leaf start-time {
type yang:date-and-time; type yang:date-and-time;
config false; config false;
description description
"The date and time the measurement last started."; "The date and time the measurement last started.";
} }
skipping to change at page 29, line 43 skipping to change at line 1354
uses link-jitter-statistics; uses link-jitter-statistics;
} }
list one-way-pm-statistics-per-class { list one-way-pm-statistics-per-class {
key "class-id"; key "class-id";
config false; config false;
description description
"The list of PM data based on class of service."; "The list of PM data based on class of service.";
leaf class-id { leaf class-id {
type string; type string;
description description
"The class-id is used to identify the "The class-id is used to identify the class
class of service. This identifier is internal of service. This identifier is internal
to the administration."; to the administration.";
} }
uses link-loss-statistics; uses link-loss-statistics;
uses link-delay-statistics; uses link-delay-statistics;
uses link-jitter-statistics; uses link-jitter-statistics;
} }
} }
} }
} }
} }
augment "/nw:networks/nw:network/nt:link/perf-mon" { augment "/nw:networks/nw:network/nt:link/perf-mon" {
when '../../nw:network-types/nvp:service' { when '../../nw:network-types/nvp:service' {
description description
"Augments for VPN service PM."; "Augments for VPN service PM.";
} }
description description
"Augments the network topology link with VPN service "Augments the network topology link with VPN service
performance monitoring attributes."; performance monitoring attributes.";
container vpn-pm-type { container vpn-pm-type {
description description
"The VPN PM type of this logical point-to-point "The VPN PM type of this logical point-to-point
unidirectional VPN link."; unidirectional VPN link.";
container inter-vpn-access-interface { container inter-vpn-access-interface {
description description
"Indicates inter-vpn-access-interface PM, which is to "Indicates inter-vpn-access-interface PM, which is used
monitor the performance of logical point-to-point VPN to monitor the performance of logical point-to-point
connections between a source and a destination VPN connections between source and destination VPN
VPN access interfaces."; access interfaces.";
leaf inter-vpn-access-interface { leaf inter-vpn-access-interface {
type empty; type empty;
description description
"This is a placeholder for inter-vpn-access-interface PM, "This is a placeholder for inter-vpn-access-interface PM,
which is not bound to a specific VPN access interface. which is not bound to a specific VPN access interface.
The source or destination VPN access interface The source or destination VPN access interface
of the measurement can be augmented as needed."; of the measurement can be augmented as needed.";
} }
} }
container vpn-tunnel { container vpn-tunnel {
presence "Enables VPN tunnel PM"; presence "Enables VPN tunnel PM";
description description
"Indicates VPN tunnel PM, which is to monitor "Indicates VPN tunnel PM, which is used to monitor
the performance of VPN tunnels."; the performance of VPN tunnels.";
leaf vpn-tunnel-type { leaf vpn-tunnel-type {
type identityref { type identityref {
base vpn-common:protocol-type; base vpn-common:protocol-type;
} }
config false; config false;
description description
"The leaf indicates the VPN tunnel type, e.g., "The leaf indicates the VPN tunnel type, e.g.,
Generic Routing Encapsulation (GRE), Generic Routing Encapsulation (GRE) and Generic
Generic Network Virtualization Encapsulation (Geneve), Network Virtualization Encapsulation (Geneve).";
etc.";
} }
} }
} }
} }
augment augment "/nw:networks/nw:network/nw:node/nt:termination-point" {
"/nw:networks/nw:network/nw:node/nt:termination-point" { description
"Augments the network topology termination point with
performance monitoring attributes.";
container pm-statistics {
config false;
description description
"Augments the network topology termination point with "Container for termination point PM attributes.";
performance monitoring attributes."; uses tp-svc-telemetry;
container pm-statistics { }
config false;
description
"Container for termination point PM attributes.";
uses tp-svc-telemetry;
}
} }
augment "/nw:networks/nw:network/nw:node" augment "/nw:networks/nw:network/nw:node"
+ "/nt:termination-point/pm-statistics" { + "/nt:termination-point/pm-statistics" {
when '../../../nw:network-types/nvp:service' { when '../../../nw:network-types/nvp:service' {
description description
"Augments for VPN service PM."; "Augments for VPN service PM.";
} }
description description
"Augments the network topology termination-point with "Augments the network topology termination-point with
VPN service performance monitoring attributes"; VPN service performance monitoring attributes.";
list vpn-network-access { list vpn-network-access {
key "network-access-id"; key "network-access-id";
description description
"The list of PM based on VPN network accesses."; "The list of PM based on VPN network accesses.";
leaf network-access-id { leaf network-access-id {
type vpn-common:vpn-id; type vpn-common:vpn-id;
description description
"The reference to an identifier for the VPN network "The reference to an identifier for the VPN network
access."; access.";
} }
skipping to change at page 32, line 25 skipping to change at line 1470
The Network Configuration Access Control Model (NACM) [RFC8341] The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF or provides the means to restrict access for particular NETCONF or
RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content. RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config) in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative to these data nodes without proper protection can have a negative
effect on network operations. These write operates can lead to effect on network operations. These write operations can lead to
inaccurate or incomplete network measurements which can impact the inaccurate or incomplete network measurements that can impact the
visibility and decisions this data would be used to inform. visibility and decisions this data would be used to inform.
Unauthorized write access to the following subtrees could have the Unauthorized write access to the following subtrees could have the
following impacts: following impacts:
+--------+----------------------+------------------------------+ +============+======================+============================+
| Access | Node | Potential Impact |
| Access | Node | Potential impact | +============+======================+============================+
| /nw:networks/nw:network/nw:network-types |
+--------+----------------------+------------------------------+ +============+======================+============================+
| write | service type | disable VPN PM |
| /nw:networks/nw:network/nw:network-types | +------------+----------------------+----------------------------+
| write | VPN identifier | disable VPN PM |
| write | service type | disable VPN PM | +------------+----------------------+----------------------------+
| write | VPN service topology | render data unusable |
| write | VPN identifier | disable VPN PM | +============+======================+============================+
| /nw:networks/nw:network/nw:node |
| write | VPN service topology | render data unusable | +============+======================+============================+
| write | node type | render data unusable |
+--------+----------------------+------------------------------+ +------------+----------------------+----------------------------+
| /nw:networks/nw:network/nw:node | | write | VPN topology role | render data unusable |
+============+======================+============================+
| write | node type | render data unusable | | /nw:networks/nw:network/nw:link/nvp:perf-mon |
+============+======================+============================+
| write | VPN topology role | render data unusable | | write | percentile | impact reporting cadence |
+------------+----------------------+----------------------------+
+--------+----------------------+------------------------------+ | write | measurement interval | impact monitoring fidelity |
| /nw:networks/nw:network/nw:link/nvp:perf-mon | +------------+----------------------+----------------------------+
| write | vpn-pm-type | impact monitoring fidelity |
| write | percentile | impact reporting cadence | +------------+----------------------+----------------------------+
| write | measurement interval | impact monitoring fidelity |
| write | vpn-pm-type | impact monitoring fidelity |
+--------+----------------------+------------------------------+ Table 1: Write Operation Sensitivity Impact
Some readable data nodes in this YANG module may be considered Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It thus might sensitive or vulnerable in some network environments. It is thus
be important to control read access (e.g., via get, get-config, or important to control read access (e.g., via get, get-config, or
notification) to these data nodes. When using, the trade-off between notification) to these data nodes. When using, the trade-off between
confidentiality and proper monitoring of performance needs to be confidentiality and proper monitoring of performance needs to be
considered. Unauthorized access to the following subtrees could have considered. Unauthorized access to the following subtrees could have
the following impacts: the following impacts:
* "/nw:networks/nw:network/nw:node": Unauthorized read access to "/nw:networks/nw:network/nw:node": Unauthorized read access to this
this subtree can disclose the operational state information of subtree can disclose the operational state information of underlay
underlay network instances or VPN instances. network instances or VPN instances.
* "/nw:networks/nw:network/nt:link/nvp:perf-mon/nvp:one-way-pm- "/nw:networks/nw:network/nt:link/nvp:perf-mon/nvp:one-way-pm-
statistics": Unauthorized read access to this subtree can disclose statistics": Unauthorized read access to this subtree can disclose
the operational state information of underlay network links or VPN the operational state information of underlay network links or VPN
abstract links. abstract links.
* "/nw:networks/nw:network/nw:node/nt:termination-point/nvp:pm- "/nw:networks/nw:network/nw:node/nt:termination-point/nvp:pm-
statistics": Unauthorized read access to this subtree can disclose statistics": Unauthorized read access to this subtree can disclose
the operational state information of underlay network termination the operational state information of underlay network termination
points or VPN network accesses. points or VPN network accesses.
This YANG module does not define any RPC (Remote Procedure Call) This YANG module does not define any Remote Procedure Call (RPC)
operations and Actions. operations and actions.
7. IANA Considerations 7. IANA Considerations
This document requests IANA to register the following URI in the "ns" IANA has registered the following URI in the "ns" subregistry within
subregistry within the "IETF XML Registry" [RFC3688]: the "IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:ietf-network-vpn-pm
Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace.
This document requests IANA to register the following YANG module in
the "YANG Module Names" subregistry [RFC6020] within the "YANG
Parameters" registry.
Name: ietf-network-vpn-pm
Namespace: urn:ietf:params:xml:ns:yang:ietf-network-vpn-pm
Maintained by IANA: N
Prefix: nvp
Reference: RFC XXXX (RFC Ed.: replace XXXX with actual
RFC number and remove this note.)
8. Acknowledgements
Thanks to Joe Clarke, Adrian Farrel, Tom Petch, Greg Mirsky, Roque
Gagliano, Erez Segev, and Dhruv Dhody for reviewing and providing
important input to this document.
This work was partially supported by the European Commission under
Horizon 2020 grant agreement number 101015857 Secured autonomic
traffic management for a Tera of SDN flows (Teraflow).
9. Contributors
The following authors contributed significantly to this document:
Michale Wang
Huawei
Email:wangzitao@huawei.com
Roni Even URI: urn:ietf:params:xml:ns:yang:ietf-network-vpn-pm
Huawei Registrant Contact: The IESG.
Email: ron.even.tlv@gmail.com XML: N/A; the requested URI is an XML namespace.
Change Liu IANA has registered the following YANG module in the "YANG Module
China Unicom Names" subregistry [RFC6020] within the "YANG Parameters" registry.
Email: liuc131@chinaunicom.cn
Honglei Xu Name: ietf-network-vpn-pm
China Telecom Namespace: urn:ietf:params:xml:ns:yang:ietf-network-vpn-pm
Email: xuhl6@chinatelecom.cn Maintained by IANA: N
Prefix: nvp
Reference: RFC 9375
10. References 8. References
10.1. Normative References 8.1. Normative References
[RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation [RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation
Metric for IP Performance Metrics (IPPM)", RFC 3393, Metric for IP Performance Metrics (IPPM)", RFC 3393,
DOI 10.17487/RFC3393, November 2002, DOI 10.17487/RFC3393, November 2002,
<https://www.rfc-editor.org/info/rfc3393>. <https://www.rfc-editor.org/info/rfc3393>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
skipping to change at page 37, line 32 skipping to change at line 1650
[RFC8762] Mirsky, G., Jun, G., Nydell, H., and R. Foote, "Simple [RFC8762] Mirsky, G., Jun, G., Nydell, H., and R. Foote, "Simple
Two-Way Active Measurement Protocol", RFC 8762, Two-Way Active Measurement Protocol", RFC 8762,
DOI 10.17487/RFC8762, March 2020, DOI 10.17487/RFC8762, March 2020,
<https://www.rfc-editor.org/info/rfc8762>. <https://www.rfc-editor.org/info/rfc8762>.
[RFC9181] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M., [RFC9181] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M.,
Ed., and Q. Wu, "A Common YANG Data Model for Layer 2 and Ed., and Q. Wu, "A Common YANG Data Model for Layer 2 and
Layer 3 VPNs", RFC 9181, DOI 10.17487/RFC9181, February Layer 3 VPNs", RFC 9181, DOI 10.17487/RFC9181, February
2022, <https://www.rfc-editor.org/info/rfc9181>. 2022, <https://www.rfc-editor.org/info/rfc9181>.
10.2. Informative References 8.2. Informative References
[I-D.ietf-opsawg-sap]
Boucadair, M., de Dios, O. G., Barguil, S., Wu, Q., and V.
Lopez, "A YANG Network Model for Service Attachment Points
(SAPs)", Work in Progress, Internet-Draft, draft-ietf-
opsawg-sap-10, 4 October 2022,
<https://www.ietf.org/archive/id/draft-ietf-opsawg-sap-
10.txt>.
[ITU-T-Y-1731] [ITU-T-Y-1731]
ITU-T, "Operator Ethernet Service Definition", August ITU-T, "Operations, administration and maintenance (OAM)
2015, <https://www.itu.int/rec/T-REC-Y.1731/en>. functions and mechanisms for Ethernet-based networks",
ITU-T Recommendation G.8013/Y.1731, August 2015,
<https://www.itu.int/rec/T-REC-Y.1731/en>.
[RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned Virtual [RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned Virtual
Private Network (VPN) Terminology", RFC 4026, Private Network (VPN) Terminology", RFC 4026,
DOI 10.17487/RFC4026, March 2005, DOI 10.17487/RFC4026, March 2005,
<https://www.rfc-editor.org/info/rfc4026>. <https://www.rfc-editor.org/info/rfc4026>.
[RFC5277] Chisholm, S. and H. Trevino, "NETCONF Event [RFC5277] Chisholm, S. and H. Trevino, "NETCONF Event
Notifications", RFC 5277, DOI 10.17487/RFC5277, July 2008, Notifications", RFC 5277, DOI 10.17487/RFC5277, July 2008,
<https://www.rfc-editor.org/info/rfc5277>. <https://www.rfc-editor.org/info/rfc5277>.
skipping to change at page 39, line 10 skipping to change at line 1714
[RFC9197] Brockners, F., Ed., Bhandari, S., Ed., and T. Mizrahi, [RFC9197] Brockners, F., Ed., Bhandari, S., Ed., and T. Mizrahi,
Ed., "Data Fields for In Situ Operations, Administration, Ed., "Data Fields for In Situ Operations, Administration,
and Maintenance (IOAM)", RFC 9197, DOI 10.17487/RFC9197, and Maintenance (IOAM)", RFC 9197, DOI 10.17487/RFC9197,
May 2022, <https://www.rfc-editor.org/info/rfc9197>. May 2022, <https://www.rfc-editor.org/info/rfc9197>.
[RFC9291] Boucadair, M., Ed., Gonzalez de Dios, O., Ed., Barguil, [RFC9291] Boucadair, M., Ed., Gonzalez de Dios, O., Ed., Barguil,
S., and L. Munoz, "A YANG Network Data Model for Layer 2 S., and L. Munoz, "A YANG Network Data Model for Layer 2
VPNs", RFC 9291, DOI 10.17487/RFC9291, September 2022, VPNs", RFC 9291, DOI 10.17487/RFC9291, September 2022,
<https://www.rfc-editor.org/info/rfc9291>. <https://www.rfc-editor.org/info/rfc9291>.
[YANG-SAP] Boucadair, M., Ed., Gonzalez de Dios, O., Barguil, S., Wu,
Q., and V. Lopez, "A YANG Network Model for Service
Attachment Points (SAPs)", Work in Progress, Internet-
Draft, draft-ietf-opsawg-sap-15, 18 January 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-
sap-15>.
Appendix A. Illustrative Examples Appendix A. Illustrative Examples
A.1. VPN Performance Subscription Example A.1. Example of VPN Performance Subscription
The example shown in Figure 7 illustrates how a client subscribes to The example shown in Figure 7 illustrates how a client subscribes to
the performance monitoring information between nodes ('node-id') A the performance monitoring information between nodes ("node-id") A
and B in the L3 network topology. The performance monitoring and B in the L3 network topology. The performance monitoring
parameter that the client is interested in is end-to-end loss. parameter that the client is interested in is end-to-end loss.
POST /restconf/operations ============== NOTE: '\' line wrapping per RFC 8792 ===============
/ietf-subscribed-notifications:establish-subscription
POST /restconf/operations/ietf-subscribed-notifications:establish-\
subscription
Host: example.com
Content-Type: application/yang-data+json
{ {
"ietf-subscribed-notifications:input": { "ietf-subscribed-notifications:input": {
"stream-subtree-filter": { "stream-subtree-filter": {
"ietf-network:networks": { "ietf-network:networks": {
"network": { "network": {
"network-id": "foo:vpn1", "network-id": "example:VPN1",
"ietf-network-vpn-pm:service": { "ietf-network-vpn-pm:service": {
"service-type": "ietf-vpn-common:l3vpn" "service-type": "ietf-vpn-common:l3vpn"
}, },
"node": [ "node": [
{ {
"node-id": "A", "node-id": "example:A",
"ietf-network-vpn-pm:node-type": "PE", "ietf-network-vpn-pm:node-type": "pe",
"termination-point": [ "termination-point": [
{ {
"tp-id": "1-0-1" "tp-id": "example:1-0-1"
} }
] ]
}, },
{ {
"node-id": "B", "node-id": "example:B",
"ietf-network-vpn-pm:node-type": "PE", "ietf-network-vpn-pm:node-type": "pe",
"termination-point": [ "termination-point": [
{ {
"tp-id": "2-0-1" "tp-id": "example:2-0-1"
} }
] ]
} }
], ],
"ietf-network-topology:link": [ "ietf-network-topology:link": [
{ {
"link-id": "A-B", "link-id": "example:A-B",
"source": { "source": {
"source-node": "A" "source-node": "example:A"
}, },
"destination": { "destination": {
"dest-node": "B" "dest-node": "example:B"
}, },
"ietf-network-vpn-pm:perf-mon": { "ietf-network-vpn-pm:perf-mon": {
"pm": [ "pm": [
{ {
"pm-type": "pm-type-vpn-tunnel", "pm-type": "pm-type-vpn-tunnel",
"pm-attributes": { "pm-attributes": {
"one-way-pm-statistics": { "one-way-pm-statistics": {
"loss-statistics": { "loss-statistics": {
"packet-loss-count": {} "packet-loss-count": {}
} }
skipping to change at page 40, line 36 skipping to change at line 1799
"vpn-tunnel": { "vpn-tunnel": {
"vpn-tunnel-type": "ietf-vpn-common:gre" "vpn-tunnel-type": "ietf-vpn-common:gre"
} }
} }
} }
} }
] ]
} }
}, },
"ietf-yang-push:periodic": { "ietf-yang-push:periodic": {
"ietf-yang-push:period": "500" "period": "500"
} }
} }
} }
} }
Figure 7: Pub/Sub Retrieval Figure 7: Example of Pub/Sub Retrieval
A.2. Example of VPN Performance Snapshot A.2. Example of VPN Performance Snapshot
This example, depicted in Figure 8, illustrates an VPN PM instance The example depicted in Figure 8 illustrates a VPN PM instance
example in which a client uses RESTCONF [RFC8040] to fetch the message body of a RESTCONF request to fetch the performance data of
performance data of the link and TP belonged to "VPN1". the link and TP that belongs to "VPN1".
{ {
"ietf-network:networks": { "ietf-network:networks": {
"network": { "network": {
"network-id": "foo:vpn1", "network-id": "example:VPN1",
"node": [ "node": [
{ {
"node-id": "A", "node-id": "example:A",
"ietf-network-vpn-pm:node-type": "PE", "ietf-network-vpn-pm:node-type": "pe",
"termination-point": [ "termination-point": [
{ {
"tp-id": "1-0-1", "tp-id": "example:1-0-1",
"ietf-network-vpn-pm:pm-statistics": { "ietf-network-vpn-pm:pm-statistics": {
"inbound-octets": "100", "inbound-octets": "100",
"outbound-octets": "150" "outbound-octets": "150"
} }
} }
] ]
}, },
{ {
"node-id": "B", "node-id": "example:B",
"ietf-network-vpn-pm:node-type": "PE", "ietf-network-vpn-pm:node-type": "pe",
"termination-point": [ "termination-point": [
{ {
"tp-id": "2-0-1", "tp-id": "example:2-0-1",
"ietf-network-vpn-pm:pm-statistics": { "ietf-network-vpn-pm:pm-statistics": {
"inbound-octets": "150", "inbound-octets": "150",
"outbound-octets": "100" "outbound-octets": "100"
} }
} }
] ]
} }
], ],
"ietf-network-topology:link": [ "ietf-network-topology:link": [
{ {
"link-id": "A-B", "link-id": "example:A-B",
"source": { "source": {
"source-node": "A" "source-node": "example:A"
}, },
"destination": { "destination": {
"dest-node": "B" "dest-node": "example:B"
}, },
"ietf-network-pm:perf-mon": { "ietf-network-pm:perf-mon": {
"pm": [ "pm": [
{ {
"pm-type": "pm-type-vpn-tunnel", "pm-type": "pm-type-vpn-tunnel",
"pm-attributes": { "pm-attributes": {
"one-way-pm-statistics": { "one-way-pm-statistics": {
"loss-statistics": { "loss-statistics": {
"packet-loss-count": "120" "packet-loss-count": "120"
} }
skipping to change at page 42, line 22 skipping to change at line 1879
"vpn-tunnel-type": "ietf-vpn-common:gre" "vpn-tunnel-type": "ietf-vpn-common:gre"
} }
} }
} }
} }
] ]
} }
} }
} }
Figure 8 Figure 8: Example of VPN PM
A.3. Example of Percentile Monitoring A.3. Example of Percentile Monitoring
This is an example of percentile measurement data that could be This is an example of percentile measurement data that could be
returned for a link foo:vpn1-link1 between vpn-node1 and vpn-node3. returned for link "example:A-B" between "example:A" and "example:B".
{ {
"ietf-network-topology:link": [ "ietf-network-topology:link": [
{ {
"link-id": "foo:vpn1-link1", "link-id": "example:A-B",
"source": { "source": {
"source-node": "vpn-node1" "source-node": "example:A"
}, },
"destination": { "destination": {
"dest-node": "vpn-node3" "dest-node": "example:B"
}, },
"ietf-network-vpn-pm:perf-mon": { "ietf-network-vpn-pm:perf-mon": {
"low-percentile": "20.000", "low-percentile": "20.000",
"intermediate-percentile": "50.000", "intermediate-percentile": "50.000",
"high-percentile": "90.000", "high-percentile": "90.000",
"pm": [ "pm": [
{ {
"pm-type": "pm-type-vpn-inter-access", "pm-type": "pm-type-vpn-inter-access",
"pm-attributes": { "pm-attributes": {
"one-way-pm-statistics": { "one-way-pm-statistics": {
"delay-statistics": { "delay-statistics": {
"unit-value": "lime:milliseconds", "unit-value": "ietf-lime-time-types:milliseconds",
"min-delay-value": "43", "min-delay-value": "43",
"max-delay-value": "99", "max-delay-value": "99",
"low-delay-percentile": "64", "low-delay-percentile": "64",
"intermediate-delay-percentile": "77", "intermediate-delay-percentile": "77",
"high-delay-percentile": "98" "high-delay-percentile": "98"
} }
} }
} }
} }
], ],
"vpn-pm-type": { "vpn-pm-type": {
"inter-vpn-access-interface": { "inter-vpn-access-interface": {
"inter-vpn-access-interface": [null] "inter-vpn-access-interface": [null]
} }
} }
} }
} }
] ]
} }
Figure 9: Example of VPN PM with Percentile Value
Acknowledgements
Thanks to Joe Clarke, Adrian Farrel, Tom Petch, Greg Mirsky, Roque
Gagliano, Erez Segev, and Dhruv Dhody for reviewing and providing
important input to this document.
This work is partially supported by the European Commission under
Horizon 2020 Secured autonomic traffic management for a Tera of SDN
flows (Teraflow) project (grant agreement number 101015857).
Contributors
The following authors contributed significantly to this document:
Michale Wang
Huawei
Email: wangzitao@huawei.com
Roni Even
Huawei
Email: ron.even.tlv@gmail.com
Change Liu
China Unicom
Email: liuc131@chinaunicom.cn
Honglei Xu
China Telecom
Email: xuhl6@chinatelecom.cn
Authors' Addresses Authors' Addresses
Bo Wu (editor) Bo Wu (editor)
Huawei Huawei
101 Software Avenue, Yuhua District Yuhua District
101 Software Avenue
Nanjing Nanjing
Jiangsu, 210012 Jiangsu, 210012
China China
Email: lana.wubo@huawei.com Email: lana.wubo@huawei.com
Qin Wu (editor) Qin Wu (editor)
Huawei Huawei
101 Software Avenue, Yuhua District Yuhua District
101 Software Avenue
Nanjing Nanjing
Jiangsu, 210012 Jiangsu, 210012
China China
Email: bill.wu@huawei.com Email: bill.wu@huawei.com
Mohamed Boucadair (editor) Mohamed Boucadair (editor)
Orange Orange
Rennes 35000 Rennes 35000
France France
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
 End of changes. 182 change blocks. 
535 lines changed or deleted 560 lines changed or added

This html diff was produced by rfcdiff 1.48.