rfc9408.original   rfc9408.txt 
OPSAWG M. Boucadair, Ed. Internet Engineering Task Force (IETF) M. Boucadair, Ed.
Internet-Draft Orange Request for Comments: 9408 Orange
Intended status: Standards Track O. Gonzalez de Dios Category: Standards Track O. Gonzalez de Dios
Expires: 22 July 2023 Telefonica ISSN: 2070-1721 Telefonica
S. Barguil S. Barguil
Nokia Nokia
Q. Wu Q. Wu
Huawei Huawei
V. Lopez V. Lopez
Nokia Nokia
18 January 2023 June 2023
A YANG Network Model for Service Attachment Points (SAPs) A YANG Network Data Model for Service Attachment Points (SAPs)
draft-ietf-opsawg-sap-15
Abstract Abstract
This document defines a YANG data model for representing an abstract This document defines a YANG data model for representing an abstract
view of the provider network topology that contains the points from view of the provider network topology that contains the points from
which its services can be attached (e.g., basic connectivity, VPN, which its services can be attached (e.g., basic connectivity, VPN,
network slices). Also, the model can be used to retrieve the points network slices). Also, the model can be used to retrieve the points
where the services are actually being delivered to customers where the services are actually being delivered to customers
(including peer networks). (including peer networks).
This document augments the 'ietf-network' data model by adding the This document augments the 'ietf-network' data model defined in RFC
concept of Service Attachment Points (SAPs). The SAPs are the 8345 by adding the concept of Service Attachment Points (SAPs). The
network reference points to which network services, such as Layer 3 SAPs are the network reference points to which network services, such
Virtual Private Network (L3VPN) or Layer 2 Virtual Private Network as Layer 3 Virtual Private Network (L3VPN) or Layer 2 Virtual Private
(L2VPN), can be attached. One or multiple services can be bound to Network (L2VPN), can be attached. One or multiple services can be
the same SAP. Both User-Network Interface (UNI) and Network-to- bound to the same SAP. Both User-to-Network Interface (UNI) and
Network Interface (NNI) are supported in the SAP data model. Network-to-Network Interface (NNI) are supported in the SAP data
model.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This document is a product of the Internet Engineering Task Force
Task Force (IETF). Note that other groups may also distribute (IETF). It represents the consensus of the IETF community. It has
working documents as Internet-Drafts. The list of current Internet- received public review and has been approved for publication by the
Drafts is at https://datatracker.ietf.org/drafts/current/. Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Internet-Drafts are draft documents valid for a maximum of six months Information about the current status of this document, any errata,
and may be updated, replaced, or obsoleted by other documents at any and how to provide feedback on it may be obtained at
time. It is inappropriate to use Internet-Drafts as reference https://www.rfc-editor.org/info/rfc9408.
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 22 July 2023.
Copyright Notice Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology
3. Sample SAP Network Model Usage . . . . . . . . . . . . . . . 5 3. Sample SAP Network Model Usage
4. Relationship to Other YANG Data Models . . . . . . . . . . . 8 4. Relationship to Other YANG Data Models
5. SAP Module Tree Structure . . . . . . . . . . . . . . . . . . 9 5. SAP Module Tree Structure
6. SAP YANG Module . . . . . . . . . . . . . . . . . . . . . . . 14 6. SAP YANG Module
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 7. IANA Considerations
8. Security Considerations . . . . . . . . . . . . . . . . . . . 22 8. Security Considerations
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 9. References
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 9.1. Normative References
10.1. Normative References . . . . . . . . . . . . . . . . . . 23 9.2. Informative References
10.2. Informative References . . . . . . . . . . . . . . . . . 25 Appendix A. A Simplified SAP Network Example
Appendix A. A Simplified SAP Network Example . . . . . . . . . . 28 Appendix B. A Simple Example of the SAP Network Model: Node Filter
Appendix B. A Simple Example of SAP Network Model: Node Appendix C. An Example of an NNI SAP: Inter-AS VPN Option A
Filter . . . . . . . . . . . . . . . . . . . . . . . . . 33
Appendix C. An Example of NNI SAP: Inter-AS VPN Option A . . . . 38
Appendix D. Examples of Using the SAP Network Model in Service Appendix D. Examples of Using the SAP Network Model in Service
Creation . . . . . . . . . . . . . . . . . . . . . . . . 42 Creation
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 43 Acknowledgements
Authors' Addresses
1. Introduction 1. Introduction
Service providers offer a variety of network services to their Service providers offer a variety of network services to their
customers. Such services include, but are not limited to, Virtual customers. Such services include, but are not limited to, Virtual
Private Networks (VPNs), Software-Defined Wide Area Network (SDWAN) Private Networks (VPNs), Software-Defined Wide-Area Network (SD-WAN)
[I-D.ietf-bess-bgp-sdwan-usage], and network slices overlay networks [BGP-SDWAN-USAGE], and network slices
[I-D.ietf-teas-ietf-network-slices]. In order to rationalize the [IETF-NETWORK-SLICES]. In order to rationalize the overall service
overall service operations and allow for more automated service operations and allow for more automated service provisioning
provisioning procedures, service providers need to maintain a view on procedures, service providers need to maintain a view on where
where services can be delivered to customers. Such a view can be services can be delivered to customers. For example, such a view can
used, e.g., to feed an intelligence that is responsible for service be used to feed an intelligence entity that is responsible for
order handling, service feasibility checks, tracking per-service service order handling, service feasibility checks, tracking per-
coverage, etc. (e.g., Section 3.2 of [RFC8969]). To that aim, this service coverage, etc. (e.g., Section 3.2 of [RFC8969]). To that
document introduces the concept of Service Attachment Points (SAPs). aim, this document introduces the concept of Service Attachment
Points (SAPs).
The SAPs represent the network reference points where network The SAPs represent the network reference points where network
services can be delivered to customers. For example, this concept is services can be delivered to customers. For example, this concept is
used to decide where to attach and, thus, deliver the service in the used to decide where to attach and thus deliver the service in the
Layer 3 VPN Service Model (L3SM) [RFC8299] and the Layer 2 VPN Layer 3 VPN Service Model (L3SM) [RFC8299] and the Layer 2 VPN
Service Model (L2SM) [RFC8466]. It can also be used to retrieve Service Model (L2SM) [RFC8466]. It can also be used to retrieve
where such services are delivered to customers through the network where such services are delivered to customers through the network
configuration described in the Layer 3 VPN Network Model (L3NM) configuration described in the Layer 3 VPN Network Model (L3NM)
[RFC9182] and the Layer 2 VPN Network Model (L2NM) [RFC9291]. [RFC9182] and the Layer 2 VPN Network Model (L2NM) [RFC9291].
This document defines a YANG network model (Section 6) for This document defines a YANG network model (Section 6) for
representing, managing, and controlling the SAPs. The data model representing, managing, and controlling the SAPs. The data model
augments the 'ietf-network' module [RFC8345] by adding the concept of augments the 'ietf-network' module [RFC8345] by adding the concept of
SAPs. Section 3 provides a sample usage of the model. This document SAPs. Section 3 provides a sample usage of the model. This document
explains the scope and purpose of a SAP network model and its explains the scope and purpose of a SAP network model and its
relation with other models (Section 4). relationship to other models (Section 4).
A network may support multiple services, potentially of different A network may support multiple services, potentially of different
types. Whether a SAP topology is dedicated to services of a specific types. Whether a SAP topology is dedicated to services of a specific
service type, an individual service, or shared among many services of service type or an individual service, or is shared among many
different types is deployment specific. This document supports all services of different types, is deployment specific. This document
of these deployment schemes. supports all of these deployment schemes.
This document does not make any assumption about the services This document does not make any assumptions about the services
provided by a network to its users. VPN services (e.g., Layer 3 provided by a network to its users. VPN services (e.g., Layer 3
Virtual Private Network (L3VPN) or Layer 2 Virtual Private Network Virtual Private Network (L3VPN) or Layer 2 Virtual Private Network
(L2VPN)) [RFC4026] are used for illustration purposes (Appendices A (L2VPN)) [RFC4026] are used for illustration purposes (Appendices A
and B). and B).
Given that User-Network Interface (UNI) and Network-to-Network Given that User-to-Network Interface (UNI) and Network-to-Network
Interface (NNI) are reference points that are widely used by Interface (NNI) are reference points that are widely used by
operators to indicate the demarcation points when delivering operators to indicate the demarcation points when delivering
services, both UNI and NNI SAPs are supported in the document. The services, both UNI and NNI SAPs are supported in this document. The
reader may refer, e.g., to [MEF6], [MEF17], [RFC6004], or [RFC6215] reader may refer to [MEF6], [MEF17], [RFC6004], or [RFC6215] for
for a discussion on the use of UNI and NNI reference points. An examples of discussions regarding the use of UNI and NNI reference
example of NNI usage in a VPN context is provided in Appendix C. points. An example of NNI usage in a VPN context is provided in
Appendix C.
The YANG data model in Section 6 conforms to the Network Management The YANG data model in Section 6 conforms to the Network Management
Datastore Architecture (NMDA) [RFC8342]. Datastore Architecture (NMDA) [RFC8342].
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
This document assumes that the reader is familiar with the contents This document assumes that the reader is familiar with the contents
of [RFC6241], [RFC7950], [RFC8345], and [RFC8309]. The document uses of [RFC6241], [RFC7950], [RFC8345], and [RFC8309], as it uses terms
terms from those documents. from those RFCs.
The meanings of the symbols in tree diagrams are defined in The meanings of the symbols in tree diagrams are defined in
[RFC8340]. [RFC8340].
This document uses the term "network model" defined in Section 2.1 of This document uses the term "network model" as defined in Section 2.1
[RFC8969]. of [RFC8969].
This document uses the following terms: This document uses the following terms:
Service provider: The organization responsible for operating the Service provider: The organization responsible for operating the
network that offers a service (e.g., a VPN) to customers. network that offers a service (e.g., a VPN) to customers.
Attachment Circuit (AC): A channel that connects a Customer Edge Attachment Circuit (AC): A channel that connects a Customer Edge
(CE) to a Provider Edge (PE). The AC may be a physical or logical (CE) to a Provider Edge (PE).
link (Section 6.1 of [RFC4026]).
Customer Edge (CE): Equipment that is dedicated to a particular Customer Edge (CE): Equipment that is dedicated to a particular
customer and is directly connected to one or more PEs via ACs. A customer and is directly connected to one or more PEs via ACs. A
CE is usually located at the customer premises. A CE may be CE is usually located at the customer premises. A CE may be
dedicated to a single service (e.g., L3VPN), although it may dedicated to a single service (e.g., an L3VPN), although it may
support multiple VPNs if each one has separate attachment support multiple VPNs if each one has separate ACs. A CE can be a
circuits. A CE can be a router, a bridge, a switch, etc. router, a bridge, a switch, etc.
Provider Edge (PE): Equipment owned and managed by the service Provider Edge (PE): Equipment owned and managed by the service
provider that can support multiple services (e.g., VPNs) for provider that can support multiple services (e.g., VPNs) for
different customers. A PE is directly connected to one or more different customers. A PE is directly connected to one or more
CEs via ACs. CEs via ACs.
Service Attachment Points (SAPs): An abstraction of the network Service Attachment Points (SAPs): An abstraction of the network
reference points (e.g., PE side of an AC, CE side of an AC for a reference points (e.g., the PE side of an AC, or the CE side of an
provider-managed CE) where network services can be delivered and/ AC for a provider-managed CE) where network services can be
or are delivered to customers. A SAP can be bound to one or delivered and/or are delivered to customers. A SAP can be bound
multiple ACs. to one or multiple ACs.
3. Sample SAP Network Model Usage 3. Sample SAP Network Model Usage
Management operations of a service provider network can be automated A service provider network's management operations can be automated
using a variety of means such as interfaces based on YANG modules using a variety of means such as interfaces based on YANG modules
[RFC8969][RFC6241][RFC8040]. From that standpoint, and considering [RFC8969] [RFC6241] [RFC8040]. From that standpoint, and considering
the architecture depicted in Figure 1, a goal of this document is to the architecture depicted in Figure 1, a goal of this document is to
provide a mechanism to show via a YANG-based interface an abstracted provide a mechanism to show, via a YANG-based interface, an
network view from the network controller to the service orchestration abstracted network view from the network controller to the service
layer with a focus on where a service can be delivered to customers. orchestration layer with a focus on where a service can be delivered
The model is also used to retrieve the network reference points where to customers. The model is also used to retrieve the network
a service is being delivered to customers. For services that require reference points where a service is being delivered to customers.
resources from peer networks, the module can also be used to expose For services that require resources from peer networks, the model can
NNIs. also be used to expose NNIs.
+-----------------+ +-----------------+
| Customer | | Customer |
+--------+--------+ +--------+--------+
Customer Service Models | Customer Service Models |
(e.g., L3SM, L2SM) | (e.g., L3SM, L2SM) |
+--------+--------+ +--------+--------+
| Service | | Service |
| Orchestration | | Orchestration |
+------+---+------+ +------+---+------+
skipping to change at page 5, line 46 skipping to change at line 225
| Network | | Network |
+-------------------------------------------+ +-------------------------------------------+
Figure 1: SAP Network Model Usage Figure 1: SAP Network Model Usage
The reader may refer to Section 5 of [RFC4026] for an overview of the The reader may refer to Section 5 of [RFC4026] for an overview of the
building blocks that are usually invoked when characterizing a building blocks that are usually invoked when characterizing a
service provider network. service provider network.
The service orchestration layer does not need to know about all the The service orchestration layer does not need to know about all the
internals of the underlying network (e.g., P nodes). Figure 2 shows internals of the underlying network (e.g., P nodes (Section 5.3.1 of
the abstract network view as seen by a service orchestrator. [RFC4026])). Figure 2 shows the abstract network view as seen by a
However, this view is not enough to provide to the service service orchestrator. However, this view is not enough to provide to
orchestration layer the information to create services in the the service orchestration layer the information to create services in
network. The service topology need is to be able to expose the set the network. The service topology needs to be able to expose the set
of nodes and the attachment points associated with the nodes from of nodes and the attachment points associated with the nodes from
which network services can be grafted (delivered). which network services can be grafted (delivered).
.---------. .---------. .---------. .---------.
| PE1 | | PE2 | | PE1 | | PE2 |
'---------' '---------' '---------' '---------'
\ / \ /
\------/ \------/
( ) ( )
( ) ( )
skipping to change at page 7, line 6 skipping to change at line 280
| | | .---. | | | .---.
| PE3 | | PE4 |sap| | PE3 | | PE4 |sap|
| | | '---' | | | '---'
| .---. .---. .---. | | .---. .---. .---. | | .---. .---. .---. | | .---. .---. .---. |
'-|sap|-|sap|-|sap|-' '-|sap|-|sap|-|sap|-' '-|sap|-|sap|-|sap|-' '-|sap|-|sap|-|sap|-'
'-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-'
Figure 3: A SAP Network Topology Figure 3: A SAP Network Topology
A single SAP network topology can be used for one or multiple service A single SAP network topology can be used for one or multiple service
types (e.g., L3VPN, Ethernet VPN (EVPN)). The network controller types (e.g., L3VPN, Ethernet VPN (EVPN)). The network controller can
can, then, expose the service types and associated interfaces via the then expose the service types and associated interfaces via the SAPs.
SAPs.
As shown in Figure 4, the service orchestration layer will have also As shown in Figure 4, the service orchestration layer will also have
access to a set of customer service model (e.g., the L3SM or the access to a set of customer service models (e.g., the L3SM or the
L2SM) in the customer-facing interface and a set of network models L2SM) in the customer-facing interface and a set of network models
(e.g., the L3NM and network topology data models) in the resource- (e.g., the L3NM and network topology data models) in the resource-
facing interface. In this use case, it is assumed that the network facing interface. In this use case, it is assumed that the network
controller is unaware of what happens beyond the PEs towards the CEs; controller is unaware of what happens beyond the PEs towards the CEs;
it is only responsible for the management and control of the SAPs and it is only responsible for the management and control of the SAPs and
the network between PEs. In order to correlate between delivery the network between PEs. In order to correlate between delivery
points expressed in service requests and SAPs, the SAP model may points expressed in service requests and SAPs, the SAP model may
include a peer customer point identifier. That identifier can be a include a peer customer point identifier. That identifier can be a
CE identifier, a site identifier, etc. CE identifier, a site identifier, etc.
.---. .---.
|CE2| |CE2|
'-+-' '-+-'
| |
.-+-. .-+-. .-+-. .-+-. .-+-. .-+-. .-+-. .-+-. .-+-. .-+-.
.-|sap|-|sap|-|sap|-. .-|sap|-------|sap|-. .-|sap|-|sap|-|sap|-. .-|sap|-------|sap|-.
| '---' '---' '---' | | '---' '---' | | '---' '---' '---' | | '---' '---' |
.---. .---. | | | .---. .---. | | |
|CE1+--+sap| PE1 | | PE2 | |CE1+--+sap| PE1 | | PE2 |
'---' '---' | | | '---' '---' | | |
| | | | | | | |
'-------------------' '-------------------' '-------------------' '-------------------'
.-------------------. .-------------------. .-------------------. .-------------------.
| | | | | | | |
| | | .---. .---. | | | .---. .---.
| PE3 | | PE4 |sap+--+CE5| | PE3 | | PE4 |sap+--+CE5|
| | | '---' '---' | | | '---' '---'
| .---. .---. .---. | | .---. .---. .---. | | .---. .---. .---. | | .---. .---. .---. |
'-|sap|-|sap|-|sap|-' '-|sap|-|sap|-|sap|-' '-|sap|-|sap|-|sap|-' '-|sap|-|sap|-|sap|-'
'-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-' '-+-'
| | | | | |
.-+-. | .-+-. .-+-. | .-+-.
|CE3+----------------' |CE4| |CE3+---------------' |CE4|
'---' '---' '---' '---'
Figure 4: Network Topology with CEs and ACs Figure 4: Network Topology with CEs and ACs
Refer to Appendix A for an example echoing the topology depicted in Refer to Appendix A for an example echoing the topology depicted in
Figure 4. Figure 4.
4. Relationship to Other YANG Data Models 4. Relationship to Other YANG Data Models
The SAP network model can be seen as inventory data associated with The SAP network model can be seen as inventory data associated with
SAPs. The model maintains an inventory of customer-facing nodes SAPs. The model maintains an inventory of customer-facing nodes
contained in a network relying upon [RFC8345]. contained in a network relying upon [RFC8345].
Figure 5 depicts the relationship of the SAP network model to other
models. The SAP network model augments the network model defined in
[RFC8345] and imports the network topology model defined in
[RFC8345], while other technology-specific topology models (e.g., the
model for Traffic Engineering (TE) topologies [RFC8795] or the model
for Layer 3 topologies [RFC8346]) augment the network topology model
defined in [RFC8345].
+-------------------------+ +-------------------------+
| | | |
| Abstract Network Model | | Abstract Network Model |
| | | |
+------------+------------+ +------------+------------+
| |
+---------+---------+ +---------+---------+
| | | |
+------V------+ +------V------+ +------V------+ +------V------+
| Abstract | | Inventory | | Abstract | | Inventory |
| Network | | Models | | Network | | Models |
| Topology | | e.g., SAP | | Topology | | (e.g., SAP |
| Model | | Network | | Model | | Network |
| | | Model | | | | Model) |
+-----+-------+ +-------------+ +-----+-------+ +-------------+
| |
+-----------+-----------+ +-----------+-----------+
| | | | | |
+----V----+ +----V----+ +----V----+ +----V----+ +----V----+ +----V----+
|TE Topo | |L3 Topo | |L2 Topo | |TE Topo | |L3 Topo | |L2 Topo |
| Model | | Model | | Model | ... | Model | | Model | | Model | ...
+---------+ +---------+ +---------+ +---------+ +---------+ +---------+
Figure 5: Relation of SAP Network Model to Other Models Figure 5: Relationship of SAP Network Model to Other Models
Figure 5 depicts the relationship of the SAP network model to other
models. The SAP network model augments the Network model [RFC8345]
and imports the Network Topology model, while other technology-
specific topology models (e.g., Traffic Engineering (TE) Topologies
model [RFC8795] or Layer 3 Topologies model [RFC8346]) augment the
Network Topology model.
SAPs can be seen as customer-facing termination points (TPs) with SAPs can be seen as customer-facing termination points (TPs) with
specific service provisions. However, a difference between SAPs and specific service provisions. However, one difference between SAPs
TPs is that links are terminated by a single TP (Section 4.4.6 of and TPs is that links are terminated by a single TP (Section 4.4.6 of
[RFC8345]) while an AC can be terminated by multiple SAPs. Also, a [RFC8345]) while an AC can be terminated by multiple SAPs. Also, a
SAP is not a tunnel termination point (TTP) (Section 3.6 of SAP is neither a tunnel termination point (TTP) (Section 3.6 of
[RFC8795]) nor a link. [RFC8795]) nor a link.
In the context of Software-Defined Networking (SDN) In the context of Software-Defined Networking (SDN) [RFC7149]
[RFC7149][RFC7426], the SAP YANG data model can be used to exchange [RFC7426], the SAP YANG data model can be used to exchange
information between control elements, so as to support VPN service information between control elements, so as to support VPN service
provision and resource management discussed in [RFC9182][RFC9291]. provision and resource management as discussed in [RFC9182] and
Through this data model, the service orchestration layer can learn [RFC9291]. Through this data model, the service orchestration layer
the available endpoints (i.e., SAPs) of interconnection resources of can learn the available endpoints (i.e., SAPs) of interconnection
the underlying network. The service orchestration layer can resources of the underlying network. The service orchestration layer
determine which interconnection endpoints to add to an L2VPN or L3VPN can determine which interconnection endpoints to add to an L2VPN or
service. With the help of other data models (e.g., L3SM [RFC8299] or L3VPN service. With the help of other data models (e.g., the L3SM
L2SM [RFC8466]), hierarchical control elements can also assess the [RFC8299] or the L2SM [RFC8466]), hierarchical control elements can
feasibility of an end-to-end IP connectivity or L2VPN connectivity also assess the feasibility of end-to-end IP connectivity or L2VPN
and, therefore, derive the sequence of domains and the points of connectivity and therefore can derive the sequence of domains and the
interconnection to use. points of interconnection to use.
Advanced interface-specific data nodes are not included in the SAP Advanced interface-specific data nodes are not included in the SAP
model. The interface identifiers listed in the SAP model can be used model. The interface identifiers listed in the SAP model can be used
as filters to set or get such data using device models (e.g., as filters to set or get such data using device models (e.g.,
[RFC7224]). [RFC7224]).
5. SAP Module Tree Structure 5. SAP Module Tree Structure
The SAP network model 'ietf-sap-ntw' builds on the 'ietf-network' The SAP network model 'ietf-sap-ntw' builds on the 'ietf-network'
module [RFC8345] by augmenting the nodes with SAPs. module [RFC8345] by augmenting the nodes with SAPs.
The structure of the 'ietf-sap-ntw' module is shown in Figure 6. The structure of the 'ietf-sap-ntw' module is shown in Figure 6.
module: ietf-sap-ntw module: ietf-sap-ntw
augment /nw:networks/nw:network/nw:network-types: augment /nw:networks/nw:network/nw:network-types:
+--rw sap-network! +--rw sap-network!
+--rw service-type* identityref +--rw service-type* identityref
augment /nw:networks/nw:network/nw:node: augment /nw:networks/nw:network/nw:node:
+--rw service* [service-type] +--rw service* [service-type]
+--rw service-type identityref +--rw service-type identityref
+--rw sap* [sap-id] +--rw sap* [sap-id]
+--rw sap-id string +--rw sap-id string
+--rw description? string +--rw description? string
+--rw parent-termination-point? nt:tp-id +--rw parent-termination-point? nt:tp-id
+--rw attachment-interface? string +--rw attachment-interface? string
+--rw interface-type? identityref +--rw interface-type? identityref
+--rw encapsulation-type? identityref +--rw encapsulation-type? identityref
+--rw role? identityref +--rw role? identityref
+--rw allows-child-saps? boolean +--rw allows-child-saps? boolean
+--rw peer-sap-id* string +--rw peer-sap-id* string
+--ro sap-status +--ro sap-status
| +--ro status? identityref | +--ro status? identityref
| +--ro last-change? yang:date-and-time | +--ro last-change? yang:date-and-time
+--rw service-status +--rw service-status
+--rw admin-status +--rw admin-status
| +--rw status? identityref | +--rw status? identityref
| +--rw last-change? yang:date-and-time | +--rw last-change? yang:date-and-time
+--ro oper-status +--ro oper-status
+--ro status? identityref +--ro status? identityref
+--ro last-change? yang:date-and-time +--ro last-change? yang:date-and-time
Figure 6: SAP YANG Module Tree Structure Figure 6: SAP YANG Module Tree Structure
A SAP network topology can be used for one or multiple service types A SAP network topology can be used for one or multiple service types
('service-type'). Examples of supported service types are as ('service-type'). Examples of supported service types are as
follows: follows:
* L3VPN [RFC4364], * L3VPN [RFC4364]
* Virtual Private LAN Service (VPLS) [RFC4761][RFC4762], * Virtual Private LAN Service (VPLS) [RFC4761] [RFC4762]
* Virtual Private Wire Service (VPWS) [RFC8214], * Virtual Private Wire Service (VPWS) [RFC8214]
* BGP MPLS-Based Ethernet VPN [RFC7432], * BGP MPLS-based Ethernet VPN [RFC7432]
* VPWS in Ethernet VPN [RFC8214], * VPWS in Ethernet VPN [RFC8214]
* Provider Backbone Bridging Combined with Ethernet VPN (PBB-EVPN) * Provider Backbone Bridging combined with Ethernet VPN (PBB-EVPN)
[RFC7623], [RFC7623]
* VXLAN-based EVPN [RFC8365], * VXLAN-based EVPN [RFC8365] ("VXLAN" stands for "Virtual eXtensible
Local Area Network")
* Virtual Networks [RFC8453], * Virtual Network [RFC8453]
* Enhanced VPN (VPN+) [I-D.ietf-teas-enhanced-vpn], * Enhanced VPN (VPN+) [ENHANCED-VPN]
* Network slice [I-D.ietf-teas-ietf-network-slices], * Network slice service [IETF-NETWORK-SLICES]
* SDWAN [I-D.ietf-bess-bgp-sdwan-usage], and * SD-WAN [BGP-SDWAN-USAGE]
* Basic IP connectivity. * Basic IP connectivity
These service types build on the types that are already defined in These service types build on the types that are already defined in
[RFC9181] and additional types that are defined in this document. [RFC9181] and additional types that are defined in this document.
Other service types can be defined in future YANG modules (including Other service types can be defined in future YANG modules (including
future revisions of the YANG module defined in this document), if future revisions of the YANG module defined in this document), if
needed. needed.
| Leveraging the service types defined in [RFC9181] is meant to | Leveraging the service types defined in [RFC9181] is meant to
| ease the correlation between the SAP topology and the | ease the correlation between the SAP topology and the
| corresponding network modules that are used to provision a | corresponding network models that are used to provision a
| specific service over a provider's network. | specific service over a provider's network.
Filters based on the service type can be used to access per-service Filters based on the service type can be used to access per-service
SAP topology. An example is depicted in Figure 10. SAP topology. An example is depicted in Figure 10 in Appendix B.
A node in the topology can support one or multiple service types A node in the topology can support one or multiple service types
('service-type') among those listed under the 'sap-network' ('service-type') among those listed under the 'sap-network'
container. A list of SAPs are then bound to each service type that container. A list of SAPs is then bound to each service type that is
is supported by a given node. Each SAP is characterized as follows: supported by a given node. Each SAP is characterized as follows:
'sap-id': Includes an identifier that uniquely identifies a SAP 'sap-id': Includes an identifier that uniquely identifies a SAP
within a node. within a node.
The same SAP may appear under distinct service types. In such a The same SAP may appear under distinct service types. In such a
case, the same identifier is used for these service types in case, the same identifier is used for a shared SAP for each of
association. these service types.
SAPs that are associated with the interfaces that are directly SAPs that are associated with the interfaces that are directly
hosting services, interfaces that are ready to host per-service hosting services, interfaces that are ready to host per-service
sub-interfaces (but not yet activated), or services that are sub-interfaces (but are not yet activated), or services that are
already instantiated on sub-interfaces are listed as SAPs. For already instantiated on sub-interfaces are listed as SAPs. For
illustration purposes, Figure 9 depicts how to indicate interfaces illustration purposes, Figure 9 in Appendix B depicts how to
that are capable for hosting per-service sub-interfaces. indicate interfaces that are capable of hosting per-service sub-
interfaces.
For example, 'sap-id' may be the VPN network access identifier in For example, 'sap-id' may be the VPN network access identifier
Section 7.6 of [RFC9182]. An example to illustrate the use of defined in Section 7.6 of [RFC9182]. An example that illustrates
this attribute during service creation is provided in Appendix D. the use of this attribute during service creation is provided in
Appendix D.
'description': Includes a textual description of the SAP. 'description': Includes a textual description of the SAP.
'parent-termination-point': Includes a reference to the parent 'parent-termination-point': Includes a reference to the parent
termination point to which the SAP is bound. As per Section 4.2 termination point to which the SAP is bound. As per Section 4.2
of [RFC8345], a termination point terminates a link in a node. A of [RFC8345], a termination point terminates a link in a node. A
termination point can be a physical port, an interface, etc. termination point can be a physical port, an interface, etc.
The referenced parent termination point is expected to be a The referenced parent termination point is expected to be a
customer-facing termination point, not a core-facing termination customer-facing termination point, not a core-facing termination
point. point.
This attribute is used, e.g., to associate an interface with its For example, this attribute is used to associate an interface with
sub-interfaces as all these interfaces may be listed under the its sub-interfaces, as all these interfaces may be listed under
SAPs of a node. It is also used to link a SAP with the physical the SAPs of a node. It is also used to link a SAP with the
topology. physical topology.
For example, this data node can be used to map the IETF Network For example, this data node can be used to map the IETF Network
Slice endpoints ([I-D.ietf-teas-ietf-network-slices]) to the Slice endpoints [IETF-NETWORK-SLICES] to the service/tunnel/path
service/tunnel/path endpoints in the underlay network. endpoints in the underlay network.
'attachment-interface': Indicates a reference to the interface to 'attachment-interface': Indicates a reference to the interface to
which the SAP is bound. The same interface may host multiple which the SAP is bound. The same interface may host multiple
services. services.
Whether the attachment identifier echoes the content of the Whether the attachment identifier echoes the content of the
attachment interface is deployment specific. attachment interface is deployment specific.
For example, this reference may be any of the identifiers ('l2- For example, this reference may be any of the identifiers ('l2-
termination-point', 'local-bridge-reference', 'bearer-reference', termination-point', 'local-bridge-reference', 'bearer-reference',
or 'lag-interface-id') defined in Section 7.6.1 of [RFC9182] or or 'lag-interface-id') defined in Section 7.6.1 of [RFC9182] or
'l3-termination-point' defined in Section 7.6.2 of [RFC9182]. It 'l3-termination-point' as defined in Section 7.6.2 of [RFC9182].
is the responsibility of the controller to ensure that consistent The controller is responsible for ensuring that consistent
references are used in the SAP and underlying device modes or any references are used in the SAP and underlying device models or any
other device inventory mechanism. other device inventory mechanism.
'interface-type': Indicates whether a SAP is bound to a physical 'interface-type': Indicates whether a SAP is bound to a physical
port, a loopback interface, a Link Aggregation Group (LAG) port, a loopback interface, a Link Aggregation Group (LAG)
interface [IEEE802.1AX], an Integrated Routing Bridge (IRB) (e.g., interface [IEEE802.1AX], an Integrated Routing and Bridging (IRB)
[RFC9135]), a local bridge reference, etc. interface (e.g., [RFC9135]), a local bridge reference, etc.
The mapping to the detailed interface types as per [RFC7224] is The mapping to the detailed interface types as per [RFC7224] is
maintained by the controller. That mapping is used, for example, maintained by the controller. That mapping is used, for example,
when the controller translates this SAP network module into device when the controller translates this SAP network model into device
modules (Section 4.4 of [RFC8969]). models (Section 4.4 of [RFC8969]).
'encapsulation-type': Indicates the encapsulation type for the 'encapsulation-type': Indicates the encapsulation type for the
interface indicated in the 'attachment-interface' attribute. The interface indicated in the 'attachment-interface' attribute. The
types are taken from [RFC9181]. types are taken from [RFC9181].
This data node can be used, for example, to decide whether an This data node can be used, for example, to decide whether an
existing SAP can be (re)used to host a service or if a new sub- existing SAP can be (re)used to host a service or if a new sub-
interface has to be instantiated. interface has to be instantiated.
'role': Specifies the role of a SAP (e.g., a UNI or NNI). 'role': Specifies the role of a SAP (e.g., a UNI or NNI).
A SAP inherits the role of its parent interface ('parent- A SAP inherits the role of its parent interface ('parent-
termination-point'). termination-point').
'allows-child-saps': When set to 'true', this data node indicates 'allows-child-saps': When set to 'true', indicates that the
that the attachment interface for this SAP is capable of hosting attachment interface for this SAP is capable of hosting per-
per-service sub-interfaces. service sub-interfaces.
Whether a service can be directly attached to the parent SAP in Whether a service can be directly attached to the parent SAP in
addition to child SAPs depends on the service. addition to child SAPs depends on the service.
'peer-sap-id': Includes references to the remote endpoints of an 'peer-sap-id': Includes references to the remote endpoints of an AC.
attachment circuit. This identifier may or may not be the same as This identifier may or may not be the same as the SAP identifier
the SAP identifier used in the peer's configuration. Note that used in the peer's configuration. Note that the use of identical
the use of identical identifiers eases correlating between a identifiers eases the correlation between a peer's service request
peer's service request with a local SAP. and a local SAP.
Examples of such a reference are: a site identifier (Section 6.3 Examples of such a reference are a site identifier (Section 6.3 of
of [RFC8299]), a Service Demarcation Point (SDP) identifier [RFC8299]), a Service Demarcation Point (SDP) identifier
(Section 2.1 of [I-D.ietf-teas-ietf-network-slices]), and the IP (Section 3.2 ("Core Terminology") of [IETF-NETWORK-SLICES]), and
address of a peer Autonomous System Border Router (ASBR). the IP address of a peer Autonomous System Border Router (ASBR).
'sap-status': Indicates the operational status of a SAP. Values are 'sap-status': Indicates the operational status of a SAP. Values are
taken from the values defined in [RFC9181]. taken from the values defined in [RFC9181].
When both a sub-interface and its parent interface are present, When both a sub-interface and its parent interface are present but
but the parent interface is disabled, the status of the parent the parent interface is disabled, the status of the parent
interface takes precedence over the status indicated for the sub- interface takes precedence over the status indicated for the sub-
interface. interface.
'service-status': Indicates the administrative and operational 'service-status': Indicates the administrative and operational
status of the service for a given SAP. This information is status of the service for a given SAP. This information is
particularly useful when many services are provisioned for the particularly useful when many services are provisioned for the
same SAP, but only a subset of these services are activated. As same SAP but only a subset of these services is activated. As
such, the administrative 'service-status' MUST NOT be influenced such, the administrative 'service-status' MUST NOT be influenced
by the value of the operational 'sap-status'. by the value of the operational 'sap-status'.
The service 'oper-status' reflects the operational status of the The service 'oper-status' reflects the operational status of the
service only as observed at a specific SAP, not the overall service only as observed at a specific SAP, not the overall
network level status of the service connecting many SAPs. The network-level status of the service connecting many SAPs. The
network level service status can be retrieved using specific network-level service status can be retrieved using specific
network models, e.g., Section 7.3 of [RFC9182] or Section 7.3 of network models, e.g., those listed in Section 7.3 of [RFC9182] or
[RFC9291]. Section 7.3 of [RFC9291].
In order to assess the service delivery status for a given SAP, it In order to assess the service delivery status for a given SAP, it
is recommended to check both the administrative and operational is recommended to check both the administrative and operational
service status ('service-status') in addition to the 'sap-status'. service status ('service-status') in addition to the 'sap-status'.
In doing so, a network controller (or operator) can detect In doing so, a network controller (or operator) can detect
anomalies. For example, if a service is administratively enabled anomalies. For example, if a service is administratively enabled
for a SAP and the 'sap-status' of that SAP is reported as being for a SAP and the 'sap-status' of that SAP is reported as being
down, the service 'oper-status' is also expected to be down. down, the service 'oper-status' is also expected to be down.
Retrieving a distinct service operational status under these Retrieving a distinct service operational status under these
conditions can be used as a trigger to detect an anomaly. conditions can be used as a trigger to detect an anomaly.
Likewise, administrative status and operational status can be Likewise, administrative status and operational status can be
compared to detect service-specific SAP activation anomalies. For compared to detect service-specific SAP activation anomalies. For
example, a service that is administratively declared as inactive example, a service that is administratively declared as inactive
for a SAP but reported as operationally active for that SAP is an for a SAP but reported as operationally active for that SAP is an
indication that some service provision actions are needed to align indication that some service provision actions are needed to align
the observed service status with the expected service status. the observed service status with the expected service status.
6. SAP YANG Module 6. SAP YANG Module
This module imports types from [RFC6991], [RFC8343], [RFC8345], and This module imports types from [RFC6991], [RFC8345], and [RFC9181].
[RFC9181].
The 'sap-entry' and 'sap-list' are defined as groupings for the reuse The 'sap-entry' and 'sap-list' are defined as groupings for the reuse
of these nodes in service-specific YANG modules. of these nodes in service-specific YANG modules.
<CODE BEGINS> file "ietf-sap-ntw@2023-01-09.yang" <CODE BEGINS> file "ietf-sap-ntw@2023-05-22.yang"
module ietf-sap-ntw { module ietf-sap-ntw {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-sap-ntw"; namespace "urn:ietf:params:xml:ns:yang:ietf-sap-ntw";
prefix sap; prefix sap;
import ietf-network-topology { import ietf-network-topology {
prefix nt; prefix nt;
reference reference
"RFC 8345: A YANG Data Model for Network "RFC 8345: A YANG Data Model for Network
Topologies, Section 6.2"; Topologies, Section 6.2";
skipping to change at page 15, line 31 skipping to change at line 667
Author: Oscar Gonzalez de Dios Author: Oscar Gonzalez de Dios
<mailto:oscar.gonzalezdedios@telefonica.com> <mailto:oscar.gonzalezdedios@telefonica.com>
Author: Samier Barguil Author: Samier Barguil
<mailto:samier.barguil_giraldo@nokia.com> <mailto:samier.barguil_giraldo@nokia.com>
Author: Qin Wu Author: Qin Wu
<mailto:bill.wu@huawei.com> <mailto:bill.wu@huawei.com>
Author: Victor Lopez Author: Victor Lopez
<victor.lopez@nokia.com>"; <mailto:victor.lopez@nokia.com>";
description description
"This YANG module defines a model for representing, managing, "This YANG module defines a model for representing, managing,
and controlling the Service Attachment Points (SAPs) in the and controlling the Service Attachment Points (SAPs) in the
network topology. network topology.
Copyright (c) 2023 IETF Trust and the persons identified as Copyright (c) 2023 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC 9408; see the
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself RFC itself for full legal notices.";
for full legal notices.";
revision 2023-01-09 { revision 2023-05-22 {
description description
"Initial version"; "Initial version.";
reference reference
"RFC XXXX: A YANG Network Model for Service Attachment "RFC 9408: A YANG Network Data Model for Service Attachment
Points (SAPs)"; Points (SAPs)";
} }
identity virtual-network { identity virtual-network {
base vpn-common:service-type; base vpn-common:service-type;
description description
"Virtual network. Refers to a logical network instance "Virtual network. Refers to a logical network instance
that is built over a physical network."; that is built over a physical network.";
reference reference
"RFC 8453: Framework for Abstraction and Control of TE "RFC 8453: Framework for Abstraction and Control of TE
Networks (ACTN)"; Networks (ACTN)";
} }
identity enhanced-vpn { identity enhanced-vpn {
base vpn-common:service-type; base vpn-common:service-type;
description description
"Enhanced VPN (VPN+). VPN+ is an approach that is "Enhanced VPN (VPN+). VPN+ is an approach that is
based on existing VPN and Traffic Engineering (TE) based on existing VPN and Traffic Engineering (TE)
technologies but adds characteristics that specific technologies but adds characteristics that specific
services require over and above conventional VPNs."; services require over and above conventional VPNs.";
reference reference
"draft-ietf-teas-enhanced-vpn: "draft-ietf-teas-enhanced-vpn:
A Framework for Enhanced Virtual Private Network A Framework for Enhanced Virtual Private Network
(VPN+) Services"; (VPN+)";
} }
identity network-slice { identity network-slice {
base vpn-common:service-type; base vpn-common:service-type;
description description
"IETF network slice. An IETF network slice "IETF Network Slice. An IETF Network Slice
is a logical network topology connecting a number of is a logical network topology connecting a number of
endpoints using a set of shared or dedicated network endpoints using a set of shared or dedicated network
resources that are used to satisfy specific service resources that are used to satisfy specific service
objectives."; objectives.";
reference reference
"draft-ietf-teas-ietf-network-slices: "draft-ietf-teas-ietf-network-slices:
A Framework for IETF Network Slices"; A Framework for IETF Network Slices";
} }
identity sdwan { identity sdwan {
base vpn-common:service-type; base vpn-common:service-type;
description description
"PE-based Software-Defined Wide Area Network (SDWAN)."; "PE-based Software-Defined Wide-Area Network (SD-WAN).";
reference reference
"draft-ietf-bess-bgp-sdwan-usage: BGP Usage for SDWAN "draft-ietf-bess-bgp-sdwan-usage:
Overlay Network"; BGP Usage for SD-WAN Overlay Networks";
} }
identity basic-connectivity { identity basic-connectivity {
base vpn-common:service-type; base vpn-common:service-type;
description description
"Basic IP connectivity. This is, for example, a plain "Basic IP connectivity. This is, for example, a plain
connectivity offered to Enterprises over a dedicated form of connectivity offered to enterprises over a
or shared MPLS infrastructure."; dedicated or shared MPLS infrastructure.";
} }
identity interface-role { identity interface-role {
description description
"Base identity for the network role of an interface."; "Base identity for the network role of an interface.";
} }
identity uni { identity uni {
base interface-role; base interface-role;
description description
"User-Network Interface (UNI)."; "User-to-Network Interface (UNI).";
} }
identity nni { identity nni {
base interface-role; base interface-role;
description description
"Network-to-Network Interface (NNI)."; "Network-to-Network Interface (NNI).";
} }
identity interface-type { identity interface-type {
description description
skipping to change at page 18, line 10 skipping to change at line 790
identity lag { identity lag {
base interface-type; base interface-type;
description description
"Link Aggregation Group (LAG) interface."; "Link Aggregation Group (LAG) interface.";
} }
identity irb { identity irb {
base interface-type; base interface-type;
description description
"Integrated Routing Bridge (IRB). An IRB typically "Integrated Routing and Bridging (IRB) interface. An IRB
connects an IP-VRF to a bridge domain."; interface typically connects an IP Virtual Routing and
Forwarding (IP-VRF) entity to a bridge domain.";
} }
identity local-bridge { identity local-bridge {
base interface-type; base interface-type;
description description
"A local bridge reference to accommodate, e.g., "A local bridge reference to accommodate (for example)
implementations that require internal bridging. implementations that require internal bridging.
When such a type is used, a reference to a local When such a type is used, a reference to a local
bridge domain is used to identify the interface."; bridge domain is used to identify the interface.";
} }
identity logical { identity logical {
base interface-type; base interface-type;
description description
"Refers to a logical sub-interface that is typically "Refers to a logical sub-interface that is typically
used to bind a service. This type is used only used to bind a service. This type is used only
if none of the other more specific types (i.e., if none of the other more specific types (i.e.,
loopback, lag, irb, or local-bridge) can be used."; 'loopback', 'lag', 'irb', or 'local-bridge') can be used.";
} }
grouping sap-entry { grouping sap-entry {
description description
"Service Attachment Point (SAP) entry information."; "Service Attachment Point (SAP) entry information.";
leaf sap-id { leaf sap-id {
type string; type string;
description description
"Indicates an identifier that uniquely identifies "Indicates an identifier that uniquely identifies
a SAP."; a SAP.";
} }
leaf description { leaf description {
type string; type string;
description description
"A textual description of the SAP."; "A textual description of the SAP.";
} }
leaf parent-termination-point { leaf parent-termination-point {
type nt:tp-id; type nt:tp-id;
description description
"Indicates the parent termination point to "Indicates the parent termination point to
which the SAP is attached to. A termination which the SAP is attached. A termination
point can be a physical port, an interface, etc."; point can be a physical port, an interface, etc.";
} }
leaf attachment-interface { leaf attachment-interface {
type string; type string;
description description
"Indicates the interface to which the SAP is bound."; "Indicates the interface to which the SAP is bound.";
} }
leaf interface-type { leaf interface-type {
type identityref { type identityref {
base interface-type; base interface-type;
} }
skipping to change at page 19, line 43 skipping to change at line 871
leaf allows-child-saps { leaf allows-child-saps {
type boolean; type boolean;
description description
"Indicates whether the attachment interface of this "Indicates whether the attachment interface of this
SAP is capable of hosting per-service sub-interfaces."; SAP is capable of hosting per-service sub-interfaces.";
} }
leaf-list peer-sap-id { leaf-list peer-sap-id {
type string; type string;
description description
"Indicates an identifier of the peer's termination "Indicates an identifier of the peer's termination
identifier (e.g., Customer Edge (CE)). This identifier (e.g., a Customer Edge (CE)). This
information can be used for correlation purposes, information can be used for correlation purposes,
such as identifying the SAP that is attached to such as identifying the SAP that is attached to
an endpoint that is provided in a service request."; an endpoint that is provided in a service request.";
} }
} }
grouping sap-list { grouping sap-list {
description description
"Service Attachment Point (SAP) information."; "SAP information.";
list sap { list sap {
key "sap-id"; key "sap-id";
description description
"The Service Attachment Points are abstraction of "The SAPs are an abstraction of the points to which
the points where network services such as L3VPNs, network services such as L3VPNs, L2VPNs, or network
L2VPNs, or network slices can be attached to."; slices can be attached.";
uses sap-entry; uses sap-entry;
container sap-status { container sap-status {
config false; config false;
description description
"Indicates the operational status of the SAP, "Indicates the operational status of the SAP,
independent of any service provisioned over it."; independent of any service provisioned over it.";
uses vpn-common:oper-status-timestamp; uses vpn-common:oper-status-timestamp;
} }
container service-status { container service-status {
skipping to change at page 21, line 5 skipping to change at line 930
"Operational status of the service provisioned "Operational status of the service provisioned
at the SAP."; at the SAP.";
uses vpn-common:oper-status-timestamp; uses vpn-common:oper-status-timestamp;
} }
} }
} }
} }
augment "/nw:networks/nw:network/nw:network-types" { augment "/nw:networks/nw:network/nw:network-types" {
description description
"Introduces a new network type for SAP network."; "Introduces a new network type for a SAP network.";
container sap-network { container sap-network {
presence "Indicates SAP network type."; presence "Indicates the SAP network type.";
description description
"The presence of the container node indicates the "The presence of the container node indicates the
SAP network type."; SAP network type.";
leaf-list service-type { leaf-list service-type {
type identityref { type identityref {
base vpn-common:service-type; base vpn-common:service-type;
} }
description description
"Indicates the set of supported service types."; "Indicates the set of supported service types.";
} }
skipping to change at page 22, line 5 skipping to change at line 976
} }
} }
} }
<CODE ENDS> <CODE ENDS>
7. IANA Considerations 7. IANA Considerations
This document registers the following namespace URI in the "ns" This document registers the following namespace URI in the "ns"
subregistry within the "IETF XML Registry" [RFC3688]: subregistry within the "IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:ietf-sap-ntw URI: urn:ietf:params:xml:ns:yang:ietf-sap-ntw
Registrant Contact: The IESG. Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace. XML: N/A; the requested URI is an XML namespace.
This document registers the following YANG module in the YANG Module This document registers the following YANG module in the "YANG Module
Names registry [RFC6020] within the "YANG Parameters" registry: Names" subregistry [RFC6020] within the "YANG Parameters" registry:
name: ietf-sap-ntw Name: ietf-sap-ntw
namespace: urn:ietf:params:xml:ns:yang:ietf-sap-ntw Namespace: urn:ietf:params:xml:ns:yang:ietf-sap-ntw
maintained by IANA? N Maintained by IANA? N
prefix: sap Prefix: sap
reference: RFC XXXX Reference: RFC 9408
8. Security Considerations 8. Security Considerations
The YANG module specified in this document defines schema for data The YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
is the secure transport layer, and the mandatory-to-implement secure is the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC8446]. [RFC8446].
The Network Configuration Access Control Model (NACM) [RFC8341] The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF or provides the means to restrict access for particular NETCONF or
RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content. RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config) in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability: and their sensitivity/vulnerability:
* /nw:networks/nw:network/nw:node/sap:service/sap:sap /nw:networks/nw:network/nw:node/sap:service/sap:sap
This subtree specifies the configurations of the nodes in a SAP This subtree specifies the configurations of the nodes in a SAP
network model. Unexpected changes to this subtree (e.g., network model. Unexpected changes to this subtree (e.g.,
associating a SAP with another parent termination point) could associating a SAP with another parent termination point) could
lead to service disruption and/or network misbehavior. Such lead to service disruption and/or network misbehavior. Such
network misbehavior results mainly from a network configuration network misbehavior results mainly from a network configuration
that is inconsistent with the intended behavior as defined by the that is inconsistent with the intended behavior as defined by the
operator (e.g., Section 4.2.1 of [RFC8969]). operator (e.g., Section 4.2.1 of [RFC8969]).
Some of the readable data nodes in this YANG module may be considered Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability: nodes and their sensitivity/vulnerability:
* /nw:networks/nw:network/nw:node/sap:service/sap:sap /nw:networks/nw:network/nw:node/sap:service/sap:sap
Unauthorized access to this subtree can disclose the operational Unauthorized access to this subtree can disclose the operational
state information of the nodes in a SAP network model (e.g., state information of the nodes in a SAP network model (e.g., can
disclose the identity of a customer 'peer-sap-id'). disclose the identity of a customer 'peer-sap-id').
9. Acknowledgements 9. References
Thanks to Adrian Farrell, Daniel King, Dhruv Dhody, Benoit Claise, Bo
Wu, Erez Segev, Raul Arco, Joe Clarke, Riyas Valiyapalathingal, Tom
Petch, Olga Havel, and Richard Roberts for the comments.
Thanks to Martin Bjoerklund for the YANG Doctors review, Menachem
Dodge for the opsdir review, Mach Chen for the rtgdir review, Linda
Dunbar for the genart review, and Ivaylo Petrov for the secdir
review.
Special thanks to Adrian Farrel for the Shepherd review and Rob
Wilton for the careful AD review.
Thanks to Lars Eggert, Roman Danyliw, and Zaheduzzaman Sarker for the
comments during the IESG review.
10. References
10.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
skipping to change at page 25, line 16 skipping to change at line 1105
O. Gonzalez de Dios, "YANG Data Model for Traffic O. Gonzalez de Dios, "YANG Data Model for Traffic
Engineering (TE) Topologies", RFC 8795, Engineering (TE) Topologies", RFC 8795,
DOI 10.17487/RFC8795, August 2020, DOI 10.17487/RFC8795, August 2020,
<https://www.rfc-editor.org/info/rfc8795>. <https://www.rfc-editor.org/info/rfc8795>.
[RFC9181] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M., [RFC9181] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M.,
Ed., and Q. Wu, "A Common YANG Data Model for Layer 2 and Ed., and Q. Wu, "A Common YANG Data Model for Layer 2 and
Layer 3 VPNs", RFC 9181, DOI 10.17487/RFC9181, February Layer 3 VPNs", RFC 9181, DOI 10.17487/RFC9181, February
2022, <https://www.rfc-editor.org/info/rfc9181>. 2022, <https://www.rfc-editor.org/info/rfc9181>.
10.2. Informative References 9.2. Informative References
[I-D.ietf-bess-bgp-sdwan-usage] [BGP-SDWAN-USAGE]
Dunbar, L., Guichard, J., Sajassi, A., Drake, J., Najem, Dunbar, L., Guichard, J., Sajassi, A., Drake, J., Najem,
B., and D. Carrel, "BGP Usage for SDWAN Overlay Networks", B., Banerjee, A., and D. Carrel, "BGP Usage for SD-WAN
Work in Progress, Internet-Draft, draft-ietf-bess-bgp- Overlay Networks", Work in Progress, Internet-Draft,
sdwan-usage-06, 10 October 2022, draft-ietf-bess-bgp-sdwan-usage-09, 7 April 2023,
<https://www.ietf.org/archive/id/draft-ietf-bess-bgp- <https://datatracker.ietf.org/doc/html/draft-ietf-bess-
sdwan-usage-06.txt>. bgp-sdwan-usage-09>.
[I-D.ietf-teas-enhanced-vpn] [ENHANCED-VPN]
Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A
Framework for Enhanced Virtual Private Network (VPN+)", Framework for Enhanced Virtual Private Network (VPN+)",
Work in Progress, Internet-Draft, draft-ietf-teas- Work in Progress, Internet-Draft, draft-ietf-teas-
enhanced-vpn-11, 19 September 2022, enhanced-vpn-12, 23 January 2023,
<https://www.ietf.org/archive/id/draft-ietf-teas-enhanced- <https://datatracker.ietf.org/doc/html/draft-ietf-teas-
vpn-11.txt>. enhanced-vpn-12>.
[I-D.ietf-teas-ietf-network-slices]
Farrel, A., Drake, J., Rokui, R., Homma, S., Makhijani,
K., Contreras, L. M., and J. Tantsura, "A Framework for
IETF Network Slices", Work in Progress, Internet-Draft,
draft-ietf-teas-ietf-network-slices-18, 9 January 2023,
<https://www.ietf.org/archive/id/draft-ietf-teas-ietf-
network-slices-18.txt>.
[IEEE802.1AX] [IEEE802.1AX]
"Link Aggregation", IEEE Std 802.1AX-2020, 2020. IEEE, "IEEE Standard for Local and Metropolitan Area
Networks--Link Aggregation", IEEE Std 802.1AX-2020,
DOI 10.1109/IEEESTD.2020.9105034, 2020,
<https://doi.org/10.1109/IEEESTD.2020.9105034>.
[IETF-NETWORK-SLICES]
Farrel, A., Ed., Drake, J., Ed., Rokui, R., Homma, S.,
Makhijani, K., Contreras, L.M., and J. Tantsura, "A
Framework for IETF Network Slices", Work in Progress,
Internet-Draft, draft-ietf-teas-ietf-network-slices-19, 21
January 2023, <https://datatracker.ietf.org/doc/html/
draft-ietf-teas-ietf-network-slices-19>.
[MEF17] The Metro Ethernet Forum, "Technical Specification MEF 17, [MEF17] The Metro Ethernet Forum, "Technical Specification MEF 17,
Service OAM Requirements & Framework - Phase 1", April Service OAM Requirements & Framework - Phase 1", April
2007, <https://www.mef.net/wp-content/uploads/2015/04/MEF- 2007, <https://www.mef.net/wp-content/uploads/2015/04/MEF-
17.pdf>. 17.pdf>.
[MEF6] The Metro Ethernet Forum, "Technical Specification MEF 6, [MEF6] The Metro Ethernet Forum, "Technical Specification MEF 6,
Ethernet Services Definitions - Phase I", June 2004, Ethernet Services Definitions - Phase I", June 2004,
<https://www.mef.net/Assets/Technical_Specifications/PDF/ <https://www.mef.net/Assets/Technical_Specifications/PDF/
MEF_6.pdf>. MEF_6.pdf>.
skipping to change at page 27, line 15 skipping to change at line 1201
[RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A.,
Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based
Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February
2015, <https://www.rfc-editor.org/info/rfc7432>. 2015, <https://www.rfc-editor.org/info/rfc7432>.
[RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W. [RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W.
Henderickx, "Provider Backbone Bridging Combined with Henderickx, "Provider Backbone Bridging Combined with
Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623, Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623,
September 2015, <https://www.rfc-editor.org/info/rfc7623>. September 2015, <https://www.rfc-editor.org/info/rfc7623>.
[RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG",
RFC 7951, DOI 10.17487/RFC7951, August 2016,
<https://www.rfc-editor.org/info/rfc7951>.
[RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J. [RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J.
Rabadan, "Virtual Private Wire Service Support in Ethernet Rabadan, "Virtual Private Wire Service Support in Ethernet
VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017, VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017,
<https://www.rfc-editor.org/info/rfc8214>. <https://www.rfc-editor.org/info/rfc8214>.
[RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki,
"YANG Data Model for L3VPN Service Delivery", RFC 8299, "YANG Data Model for L3VPN Service Delivery", RFC 8299,
DOI 10.17487/RFC8299, January 2018, DOI 10.17487/RFC8299, January 2018,
<https://www.rfc-editor.org/info/rfc8299>. <https://www.rfc-editor.org/info/rfc8299>.
skipping to change at page 27, line 38 skipping to change at line 1228
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>. <https://www.rfc-editor.org/info/rfc8340>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>. <https://www.rfc-editor.org/info/rfc8342>.
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
<https://www.rfc-editor.org/info/rfc8343>.
[RFC8365] Sajassi, A., Ed., Drake, J., Ed., Bitar, N., Shekhar, R., [RFC8365] Sajassi, A., Ed., Drake, J., Ed., Bitar, N., Shekhar, R.,
Uttaro, J., and W. Henderickx, "A Network Virtualization Uttaro, J., and W. Henderickx, "A Network Virtualization
Overlay Solution Using Ethernet VPN (EVPN)", RFC 8365, Overlay Solution Using Ethernet VPN (EVPN)", RFC 8365,
DOI 10.17487/RFC8365, March 2018, DOI 10.17487/RFC8365, March 2018,
<https://www.rfc-editor.org/info/rfc8365>. <https://www.rfc-editor.org/info/rfc8365>.
[RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for [RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for
Abstraction and Control of TE Networks (ACTN)", RFC 8453, Abstraction and Control of TE Networks (ACTN)", RFC 8453,
DOI 10.17487/RFC8453, August 2018, DOI 10.17487/RFC8453, August 2018,
<https://www.rfc-editor.org/info/rfc8453>. <https://www.rfc-editor.org/info/rfc8453>.
skipping to change at page 28, line 34 skipping to change at line 1268
[RFC9291] Boucadair, M., Ed., Gonzalez de Dios, O., Ed., Barguil, [RFC9291] Boucadair, M., Ed., Gonzalez de Dios, O., Ed., Barguil,
S., and L. Munoz, "A YANG Network Data Model for Layer 2 S., and L. Munoz, "A YANG Network Data Model for Layer 2
VPNs", RFC 9291, DOI 10.17487/RFC9291, September 2022, VPNs", RFC 9291, DOI 10.17487/RFC9291, September 2022,
<https://www.rfc-editor.org/info/rfc9291>. <https://www.rfc-editor.org/info/rfc9291>.
Appendix A. A Simplified SAP Network Example Appendix A. A Simplified SAP Network Example
An example of a SAP topology that is reported by a network controller An example of a SAP topology that is reported by a network controller
is depicted in Figure 7. This example echoes the topology shown in is depicted in Figure 7. This example echoes the topology shown in
Figure 4. Only a minimum set of information is provided for each Figure 4. Only a minimum information set is provided for each SAP.
SAP. Particularly, 'parent-termination-point', 'attachment- Particularly, 'parent-termination-point', 'attachment-interface',
interface', 'interface-type', 'encapsulation-type', and 'role' are 'interface-type', 'encapsulation-type', and 'role' are not shown in
not shown in the example. SAPs that are capable of hosting a the example. SAPs that are capable of hosting a service but are not
service, but not yet activated, are identified by the 'sap-status/ yet activated are identified by 'sap-status/status' set to 'ietf-vpn-
status' set to 'ietf-vpn-common:op-down' and 'service-status/admin- common:op-down' and 'service-status/admin-status/status' set to
status/status' set to 'ietf-vpn-common:admin-down'. SAPs that are 'ietf-vpn-common:admin-down'. SAPs that are enabled to deliver a
enabled to deliver a service are identified by 'service-status/admin- service are identified by 'service-status/admin-status/status' set to
status/status' set to 'ietf-vpn-common:admin-up' and 'service-status/ 'ietf-vpn-common:admin-up' and 'service-status/oper-status/status'
oper-status/status' set to 'ietf-vpn-common:op-up'. Note that none set to 'ietf-vpn-common:op-up'. Note that none of the anomalies
of the anomalies discussed in Section 5 are detected for these SAPs. discussed in Section 5 are detected for these SAPs. The message body
depicted in the figures below is encoded following the JSON encoding
of YANG-modeled data as per [RFC7951].
{ {
"ietf-network:networks": { "ietf-network:networks": {
"network": [ "network": [
{ {
"network-types": { "network-types": {
"ietf-sap-ntw:sap-network": { "ietf-sap-ntw:sap-network": {
"service-type": [ "service-type": [
"ietf-vpn-common:l3vpn", "ietf-vpn-common:l3vpn",
"ietf-vpn-common:vpls" "ietf-vpn-common:vpls"
skipping to change at page 33, line 35 skipping to change at line 1511
] ]
} }
] ]
} }
] ]
} }
} }
Figure 7: A Simplified SAP Network Example Figure 7: A Simplified SAP Network Example
Appendix B. A Simple Example of SAP Network Model: Node Filter Appendix B. A Simple Example of the SAP Network Model: Node Filter
In the example shown in Figure 8, PE1 (with a "node-id" set to In the example shown in Figure 8, PE1 (with a "node-id" set to
"example:pe1") has two physical interfaces "GE0/6/1" and "GE0/6/4". "example:pe1", as shown in Figure 7) has two physical interfaces
Two sub-interfaces "GE0/6/4.1" and "GE0/6/4.2" are associated with "GE0/6/1" and "GE0/6/4". Two sub-interfaces "GE0/6/4.1" and
the physical interface "GE0/6/4". Let us consider that four SAPs are "GE0/6/4.2" are associated with the physical interface "GE0/6/4".
exposed to the service orchestrator and mapped to these physical Let us consider that four SAPs are exposed to the service
interfaces and sub-interfaces. orchestrator and mapped to these physical interfaces and sub-
interfaces.
.-------------------------. .-------------------------.
| GE0/6/4 | | GE0/6/4 |
| PE1 .----+----. | PE1 .----+----.
| |sap#2 |GE0/6/4.1 | |sap#2 |GE0/6/4.1
| | .--+--. | | .--+--.
| | |sap#3| | | |sap#3|
| | '--+--' | | '--+--'
| | |GE0/6/4.2 | | |GE0/6/4.2
| | .--+--. | | .--+--.
skipping to change at page 34, line 26 skipping to change at line 1542
| | | | | |
| +----+----+ | +----+----+
| | | |
| GE0/6/1| | GE0/6/1|
| .----+----. | .----+----.
| |sap#1 | | |sap#1 |
| '----+----' | '----+----'
| | | |
'-------------------------' '-------------------------'
Figure 8: An Example of a PE and its Physical/Logical Interfaces Figure 8: An Example of a PE and Its Physical/Logical Interfaces
Let us assume that no service is enabled yet for the SAP associated Let us assume that no service is enabled yet for the SAP associated
with the physical interface "GE0/6/1". Also, let us assume that, for with the physical interface "GE0/6/1". Also, let us assume that, for
the SAPs that are associated with the physical interface "GE0/6/4", the SAPs that are associated with the physical interface "GE0/6/4",
VPLS and L3VPN services are activated on the two sub-interfaces VPLS and L3VPN services are activated on the two sub-interfaces
"GE0/6/4.1" and "GE0/6/4.2", respectively. Both "sap#1" and "sap#2" "GE0/6/4.1" and "GE0/6/4.2", respectively. Both "sap#1" and "sap#2"
are tagged as being capable of hosting per-service sub-interfaces are tagged as being capable of hosting per-service sub-interfaces
('allows-child-saps' is set to 'true'). ('allows-child-saps' is set to 'true').
A service orchestrator can query what services are provided on which For example, a service orchestrator can query what services are
SAPs of PE1 from the network controller by sending, e.g., a GET provided on which SAPs of PE1 from the network controller by sending
RESTCONF request. Figure 9 shows an example of the body of the a RESTCONF GET request. Figure 9 shows an example of the body of the
RESTCONF response that is received from the network controller. RESTCONF response that is received from the network controller.
{ {
"ietf-sap-ntw:service": [ "ietf-sap-ntw:service": [
{ {
"service-type": "ietf-vpn-common:l3vpn", "service-type": "ietf-vpn-common:l3vpn",
"sap": [ "sap": [
{ {
"sap-id": "sap#1", "sap-id": "sap#1",
"description": "Ready to host SAPs", "description": "Ready to host SAPs",
skipping to change at page 38, line 4 skipping to change at line 1709
"admin-status": { "admin-status": {
"status": "ietf-vpn-common:admin-up" "status": "ietf-vpn-common:admin-up"
}, },
"oper-status": { "oper-status": {
"status": "ietf-vpn-common:op-up" "status": "ietf-vpn-common:op-up"
} }
} }
} }
] ]
} }
] ]
} }
Figure 10: An Example of a Response Body to a Request with a Figure 10: An Example of a Response Body to a Request with a
Service Filter Service Filter
Appendix C. An Example of NNI SAP: Inter-AS VPN Option A Appendix C. An Example of an NNI SAP: Inter-AS VPN Option A
Section 10 of [RFC4364] discuses several options to extend a VPN Section 10 of [RFC4364] discusses several options to extend a VPN
service beyond the scope of a single Autonomous System (AS). For service beyond the scope of a single Autonomous System (AS). For
illustration purposes, this section focuses on the so-called "Option illustration purposes, this section focuses on the so-called "Option
A" but similar examples can be considered for other options. A", but similar examples can be considered for other options.
In this option, an ASBR of an AS is directly connected to an ASBR of In this option, an AS Border Router (ASBR) of an AS is directly
a neighboring AS. These two ASBRs are connected by multiple physical connected to an ASBR of a neighboring AS. These two ASBRs are
or logical interfaces. Also, at least one sub-interface is connected by multiple physical or logical interfaces. Also, at least
maintained by these ASBRs for each of the VPNs that require their one sub-interface is maintained by these ASBRs for each of the VPNs
routes to be passed from one AS to the other AS. Each ASBR behaves that require their routes to be passed from one AS to the other AS.
as a PE and treats the other as if it were a CE. Each ASBR behaves as a PE and treats the other as if it were a CE.
Figure 11 shows a simplified (excerpt) topology of two ASes A and B Figure 11 shows a simplified (excerpt) topology of two ASes A and B
with a focus on the interconnection links between these two ASes. with a focus on the interconnection links between these two ASes.
.--------------------. .--------------------. .--------------------. .--------------------.
| | | | | | | |
| A .--+--. .--+--. A | | A .--+--. .--+--. A |
| S | +================+ | S | | S | +================+ | S |
| B | (VRF1)----(VPN1)----(VRF1) | B | | B | (VRF1)----(VPN1)----(VRF1) | B |
| R | | | | R | | R | | | | R |
skipping to change at page 38, line 48 skipping to change at line 1752
| A .--+--. .--+--. A | | A .--+--. .--+--. A |
| S | +================+ | S | | S | +================+ | S |
| B | (VRF1)----(VPN1)----(VRF1) | B | | B | (VRF1)----(VPN1)----(VRF1) | B |
| R | | | | R | | R | | | | R |
| | (VRF2)----(VPN2)----(VRF2) | | | | (VRF2)----(VPN2)----(VRF2) | |
| a | +================+ | b | | a | +================+ | b |
| 2 '--+--' '--+--' 2 | | 2 '--+--' '--+--' 2 |
| | | | | | | |
'--------------------' '--------------------' '--------------------' '--------------------'
Figure 11: An Example of Inter-AS VPN (Option A) Figure 11: An Example of an Inter-AS VPN (Option A)
Figure 12 shows an example of a message body that is received from Figure 12 shows an example of a message body that is received from
the network controller of AS A (with a focus on the NNIs shown in the network controller of AS A (with a focus on the NNIs shown in
Figure 11). Figure 11).
{ {
"ietf-network:networks": { "ietf-network:networks": {
"network": [ "network": [
{ {
"network-types": { "network-types": {
skipping to change at page 42, line 4 skipping to change at line 1898
"status": "ietf-vpn-common:admin-up" "status": "ietf-vpn-common:admin-up"
}, },
"oper-status": { "oper-status": {
"status": "ietf-vpn-common:op-up" "status": "ietf-vpn-common:op-up"
} }
} }
} }
] ]
} }
] ]
} }
] ]
} }
] ]
} }
} }
Figure 12: An Example of SAP Usage for NNI Figure 12: An Example of SAP Usage for an NNI
Appendix D. Examples of Using the SAP Network Model in Service Creation Appendix D. Examples of Using the SAP Network Model in Service Creation
This section describes an example to illustrate the use of the SAP This section describes examples that illustrate the use of the SAP
model for service creation purposes. model for service creation purposes.
An example of a SAP topology is presented in Figure 7. This example An example of a SAP topology is presented in Figure 7. This example
includes four PEs with their SAPs, as well as the customer includes four PEs with their SAPs, as well as the customer
information. information.
Let us assume that an operator wants to create an L3VPN service Let us assume that an operator wants to create an L3VPN service
between two PEs (PE3 and PE4) that are servicing two CEs (CE6 and between two PEs (PE3 and PE4) that are servicing two CEs (CE6 and
CE7). To that aim, the operator would query the SAP topology and CE7). To that aim, the operator would query the SAP topology and
would obtain a response similar to what is depicted in Figure 7. would obtain a response similar to what is depicted in Figure 7.
That response indicates that the SAPs having "sap#31" and "sap#43" as That response indicates that the SAPs having "sap#31" and "sap#43" as
attachment identifiers do not have any installed services. This is attachment identifiers do not have any installed services. This is
particularly inferred from the administrative 'service-status' which particularly inferred from (1) the administrative 'service-status'
is set to 'ietf-vpn-common:admin-down' for all the services that are that is set to 'ietf-vpn-common:admin-down' for all the services that
supported by these two SAPs and that none of the anomalies discussed are supported by these two SAPs and (2) the absence of the anomalies
in Section 5 are detected. Once the "free" SAPs are identified, the discussed in Section 5. Note that none of the anomalies discussed in
Section 5 are detected. Once the "free" SAPs are identified, the
'interface-type' and 'encapsulation-type' are checked to see if the 'interface-type' and 'encapsulation-type' are checked to see if the
requested L3VPN service is compatible with the SAP characteristics. requested L3VPN service is compatible with the SAP characteristics.
If they are compatible, the 'attachment-id' value can be used as the If they are compatible, the 'attachment-id' value can be used as the
VPN network access identifier in an L3NM create query. VPN network access identifier in an L3NM "create" query.
A similar process can be followed for creating the so-called "Inter- A similar process can be followed for creating the so-called "Inter-
AS VPN Option A" services. Unlike the previous example, let us AS VPN Option A" services. Unlike the previous example, let us
assume that an operator wants to create an L3VPN service between two assume that an operator wants to create an L3VPN service between two
PEs (PE3 and PE4) but these PEs are not in the same AS: PE3 belongs PEs (PE3 and PE4) but these PEs are not in the same AS: PE3 belongs
to AS A while PE4 belongs to AS B. The NNIs between these ASes are to AS A while PE4 belongs to AS B. The NNIs between these ASes are
represented in Figure 11. The operator of AS A would query, via the represented in Figure 11. The operator of AS A would query, via the
controller of its AS, the SAP topology and would obtain not only the controller of its AS, the SAP topology and would obtain not only the
information that is depicted in Figure 7, but also the information information that is depicted in Figure 7 but also the information
shown in Figure 12 representing the NNIs. The operator would create shown in Figure 12 representing the NNIs. The operator would create
the service in the AS A between PE3 and a free, compatible SAP in the the service in the AS A between PE3 and a free, compatible SAP in the
ASBR A1. The same procedure is followed by the operator of AS B to ASBR A1. The same procedure is followed by the operator of AS B to
create the service in the AS B between a free, compatible SAP in the create the service in the AS B between a free, compatible SAP in the
ASBR B1 and PE4. The services can be provisioned in each of these ASBR B1 and PE4. The services can be provisioned in each of these
ASes using the L3NM. ASes using the L3NM.
Let us now assume that, instead of the L3VPN service, the operator Let us now assume that, instead of the L3VPN service, the operator
wants to set up an L2VPN service. If the 'interface-type' is a wants to set up an L2VPN service. If the 'interface-type' is a
physical port, a new logical SAP can be created using the SAP model physical port, a new logical SAP can be created using the SAP model
to cope with the service needs (e.g., the 'encapsulation-type' to cope with the service's needs (e.g., the 'encapsulation-type'
attribute can be set to 'ietf-vpn-common:vlan-type'). Once the attribute can be set to 'ietf-vpn-common:vlan-type'). Once the
logical SAP is created, the 'attachment-id' of the new SAP is used to logical SAP is created, the 'attachment-id' of the new SAP is used to
create an L2NM instance (Section 7.6 of [RFC9291]). create an L2NM instance (Section 7.6 of [RFC9291]).
Acknowledgements
Thanks to Adrian Farrel, Daniel King, Dhruv Dhody, Benoit Claise, Bo
Wu, Erez Segev, Raul Arco, Joe Clarke, Riyas Valiyapalathingal, Tom
Petch, Olga Havel, and Richard Roberts for their comments.
Thanks to Martin Björklund for the YANG Doctors review, Menachem
Dodge for the opsdir review, Mach Chen for the rtgdir review, Linda
Dunbar for the genart review, and Ivaylo Petrov for the secdir
review.
Special thanks to Adrian Farrel for the Shepherd review and Rob
Wilton for the careful AD review.
Thanks to Lars Eggert, Roman Danyliw, and Zaheduzzaman Sarker for
their comments during the IESG review.
Authors' Addresses Authors' Addresses
Mohamed Boucadair (editor) Mohamed Boucadair (editor)
Orange Orange
France France
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
Oscar Gonzalez de Dios Oscar Gonzalez de Dios
Telefonica Telefonica
Madrid Madrid
skipping to change at page 43, line 34 skipping to change at line 1993
Email: oscar.gonzalezdedios@telefonica.com Email: oscar.gonzalezdedios@telefonica.com
Samier Barguil Samier Barguil
Nokia Nokia
Madrid Madrid
Spain Spain
Email: samier.barguil_giraldo@nokia.com Email: samier.barguil_giraldo@nokia.com
Qin Wu Qin Wu
Huawei Huawei
101 Software Avenue, Yuhua District Yuhua District
101 Software Avenue
Nanjing Nanjing
Jiangsu, 210012 Jiangsu, 210012
China China
Email: bill.wu@huawei.com Email: bill.wu@huawei.com
Victor Lopez Victor Lopez
Nokia Nokia
Spain Spain
Email: victor.lopez@nokia.com Email: victor.lopez@nokia.com
 End of changes. 134 change blocks. 
373 lines changed or deleted 376 lines changed or added

This html diff was produced by rfcdiff 1.48.