<?xml version="1.0" encoding="US-ASCII"?>
<!-- This template is for creating an Internet Draft using xml2rfc,
     which is available here: http://xml.resource.org. --> encoding="UTF-8"?>

<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!-- One method to get references from the online citation libraries.
     There has to be one entity for each item to be referenced.
     An alternate method (rfc include) is described in the references. -->
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC6241 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6241.xml">
<!ENTITY RFC7950 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7950.xml">
<!ENTITY RFC7149 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7149.xml">
<!ENTITY RFC7426 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7426.xml">
<!ENTITY RFC8299 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8299.xml">
<!ENTITY RFC8309 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8309.xml">
  <!ENTITY RFC8340 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8340.xml"> nbsp    "&#160;">
  <!ENTITY RFC8453 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8453.xml"> zwsp   "&#8203;">
  <!ENTITY RFC8174 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml"> nbhy   "&#8209;">
  <!ENTITY RFC8345 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8345.xml"> wj     "&#8288;">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!-- used by XSLT processors -->
<!-- For a complete list and description of processing instructions (PIs),
     please see http://xml.resource.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use.
     (Here they are set differently than their defaults in xml2rfc v1.32) -->
<?rfc strict="yes" ?>
<!-- give errors regarding ID-nits and DTD validation -->
<!-- control the table of contents (ToC) -->
<?rfc toc="yes"?>
<!-- generate a ToC -->
<?rfc tocdepth="4"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<!-- control references -->
<?rfc symrefs="yes"?>
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- sort the reference entries alphabetically -->
<!-- control vertical white space
     (using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="yes" ?>
<!-- do not start each main section on a new page -->
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->

<rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="std" consensus="true" docName="draft-ietf-opsawg-sap-15" ipr="trust200902"> number="9408" ipr="trust200902" obsoletes="" updates="" xml:lang="en" tocInclude="true" tocDepth="4" symRefs="true" sortRefs="true" version="3">

  <!-- xml2rfc v2v3 conversion 3.16.0 -->
  <front>
    <title abbrev="A YANG Network Data Model for SAPs">A YANG Network Data Model for Service
    Attachment Points (SAPs)</title>
    <seriesInfo name="RFC" value="9408"/>
    <author fullname="Mohamed Boucadair" initials="M." role="editor" surname="Boucadair">
      <organization>Orange</organization>
      <address>
        <postal>
          <street></street>

          <city></city>

          <region></region>

          <code></code>
          <street/>
          <city/>
          <region/>
          <code/>
          <country>France</country>
        </postal>

        <phone></phone>
        <email>mohamed.boucadair@orange.com</email>
      </address>
    </author>
    <author fullname="Oscar Gonzalez de Dios" initials="O" surname="Gonzalez de Dios">
      <organization>Telefonica</organization>
      <address>
        <postal>
          <street></street>
          <street/>
          <city>Madrid</city>

          <region></region>

          <code></code>
          <region/>
          <code/>
          <country>Spain</country>
        </postal>

        <phone></phone>
        <email>oscar.gonzalezdedios@telefonica.com</email>
      </address>
    </author>
    <author fullname="Samier Barguil" initials="S." surname="Barguil">
      <organization>Nokia</organization>
      <address>
        <postal>
          <street></street>
          <street/>
          <city>Madrid</city>

          <region></region>

          <code></code>
          <region/>
          <code/>
          <country>Spain</country>
        </postal>

        <phone></phone>

        <facsimile></facsimile>
        <email>samier.barguil_giraldo@nokia.com</email>

        <uri></uri>
      </address>
    </author>
    <author fullname="Qin Wu" initials="Q." surname="Wu">
      <organization>Huawei</organization>
      <address>
        <postal>
          <extaddr>Yuhua District</extaddr>
          <street>101 Software Avenue, Yuhua District</street> Avenue</street>
          <city>Nanjing</city>
          <region>Jiangsu</region>
          <code>210012</code>
          <country>China</country>
        </postal>
        <email>bill.wu@huawei.com</email>
      </address>
    </author>
    <author fullname="Victor Lopez" initials="V." surname="Lopez">
      <organization>Nokia</organization>
      <address>
        <postal>
          <street></street>

          <city></city>

          <region></region>

          <code></code>
          <street/>
          <city/>
          <region/>
          <code/>
          <country>Spain</country>
        </postal>

        <phone></phone>

        <facsimile></facsimile>
        <email>victor.lopez@nokia.com</email>

        <uri></uri>
      </address>
    </author>
    <date year="" year="2023" month="June" />
    <area>ops</area>

    <workgroup>OPSAWG</workgroup>
    <workgroup>opsawg</workgroup>
    <keyword>Service Infrastructure</keyword>
    <keyword>User Network Interface</keyword>
    <keyword>UNI</keyword>
    <keyword>NNI</keyword>
    <keyword>Network-to-Network Interface</keyword>
    <keyword>Inter-AS VPN</keyword>
    <keyword>CE</keyword>
    <keyword>PE</keyword>
    <keyword>Attachment Circuit</keyword>
    <keyword>Service Delivery Point</keyword>
    <keyword>Automation</keyword>
    <keyword>Service Delivery</keyword>
    <abstract>
      <t>This document defines a YANG data model for representing an abstract
      view of the provider network topology that contains the points from
      which its services can be attached (e.g., basic connectivity, VPN,
      network slices). Also, the model can be used to retrieve the points
      where the services are actually being delivered to customers (including
      peer networks).</t>
      <t>This document augments the 'ietf-network' data model defined in RFC 8345
      by adding the concept of Service Attachment Points (SAPs). The SAPs are the
      network reference points to which network services, such as Layer 3 Virtual
      Private Network (L3VPN) or Layer 2 Virtual Private Network (L2VPN), can
      be attached. One or multiple services can be bound to the same SAP. Both
      User-Network
      User-to-Network Interface (UNI) and Network-to-Network Interface (NNI) are
      supported in the SAP data model.</t>
    </abstract>
  </front>
  <middle>
    <section anchor="Introduction" title="Introduction"> numbered="true" toc="default">
      <name>Introduction</name>
      <t>Service providers offer a variety of network services to their
      customers. Such services include, but are not limited to, Virtual
      Private Networks (VPNs), Software-Defined Wide Area Wide-Area Network (SDWAN) (SD-WAN) overlay networks
      <xref target="I-D.ietf-bess-bgp-sdwan-usage"></xref>, target="BGP-SDWAN-USAGE" format="default"/>, and network slices
      <xref target="I-D.ietf-teas-ietf-network-slices"></xref>. target="IETF-NETWORK-SLICES" format="default"/>. In order to
      rationalize the overall service operations and allow for more automated
      service provisioning procedures, service providers need to maintain a
      view on where services can be delivered to customers. Such For example, such a view can be
      used, e.g.,
      used to feed an intelligence entity that is responsible for service
      order handling, service feasibility checks, tracking per-service
      coverage, etc. (e.g., Section 3.2 of <xref target="RFC8969"></xref>). target="RFC8969" sectionFormat="of" section="3.2"/>). To
      that aim, this document introduces the concept of Service Attachment
      Points (SAPs).</t>
      <t>The SAPs represent the network reference points where network
      services can be delivered to customers. For example, this concept is
      used to decide where to attach and, thus, and thus deliver the service in the
      Layer 3 VPN Service Model (L3SM) <xref target="RFC8299"></xref> target="RFC8299" format="default"/> and the
      Layer 2 VPN Service Model (L2SM) <xref target="RFC8466"></xref>. target="RFC8466" format="default"/>. It can
      also be used to retrieve where such services are delivered to customers
      through the network configuration described in the Layer 3 VPN Network
      Model (L3NM) <xref target="RFC9182"></xref> target="RFC9182" format="default"/> and the Layer 2 VPN Network
      Model (L2NM) <xref target="RFC9291"></xref>.</t> target="RFC9291" format="default"/>.</t>
      <t>This document defines a YANG network model (<xref
      target="mod"></xref>) target="mod" format="default"/>) for representing, managing, and controlling the
      SAPs. The data model augments the 'ietf-network' module <xref
      target="RFC8345"></xref> target="RFC8345" format="default"/> by adding the concept of SAPs. <xref
      target="usage"></xref> target="usage" format="default"/> provides a sample usage of the model. This
      document explains the scope and purpose of a SAP network model and its
      relation with
      relationship to other models (<xref target="rel"></xref>).</t> target="rel" format="default"/>).</t>
      <t>A network may support multiple services, potentially of different
      types. Whether a SAP topology is dedicated to services of a specific
      service type, type or an individual service, or is shared among many services of
      different types types, is deployment specific. This document supports all of
      these deployment schemes.</t>
      <t>This document does not make any assumption assumptions about the services
      provided by a network to its users. VPN services (e.g., Layer 3 Virtual
      Private Network (L3VPN) or Layer 2 Virtual Private Network (L2VPN))
      <xref target="RFC4026"></xref> target="RFC4026" format="default"/> are used for illustration purposes
      (Appendices <xref
      (Appendices&nbsp;<xref format="counter" target="app1"></xref> target="app1"/> and <xref format="counter" target="sample"></xref>).</t> target="sample"/>).</t>
      <t>Given that User-Network User-to-Network Interface (UNI) and Network-to-Network
      Interface (NNI) are reference points that are widely used by operators
      to indicate the demarcation points when delivering services, both UNI
      and NNI SAPs are supported in the this document. The reader may refer, e.g., refer
      to <xref target="MEF6"></xref>, target="MEF6" format="default"/>, <xref target="MEF17"></xref>, target="MEF17" format="default"/>, <xref
      target="RFC6004"></xref>, target="RFC6004" format="default"/>, or <xref target="RFC6215"></xref> target="RFC6215" format="default"/> for a
      discussion on examples of
      discussions regarding the use of UNI and NNI reference points. An example of NNI
      usage in a VPN context is provided in <xref target="nniapp"></xref>.</t> target="nniapp" format="default"/>.</t>
      <t>The YANG data model in <xref target="mod"></xref> target="mod" format="default"/> conforms to the
      Network Management Datastore Architecture (NMDA) <xref
      target="RFC8342"></xref>.</t> target="RFC8342" format="default"/>.</t>
    </section>
    <section anchor="terminology" title="Terminology"> numbered="true" toc="default">
      <name>Terminology</name>
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
      "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
      "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>",
      "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>",
      "<bcp14>SHOULD NOT</bcp14>",
      "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
      "<bcp14>MAY</bcp14>", and
      "OPTIONAL" "<bcp14>OPTIONAL</bcp14>" in this document
      are to be interpreted as described in BCP 14 BCP&nbsp;14
      <xref target="RFC2119"></xref> target="RFC2119"/> <xref target="RFC8174"></xref> target="RFC8174"/> when, and only
      when, they appear in all capitals, as shown here.</t>
      <t>This document assumes that the reader is familiar with the contents
      of <xref target="RFC6241"></xref>, target="RFC6241" format="default"/>, <xref target="RFC7950"></xref>, target="RFC7950" format="default"/>, <xref
      target="RFC8345"></xref>, target="RFC8345" format="default"/>, and <xref target="RFC8309"></xref>. The
      document target="RFC8309" format="default"/>, as it uses terms from those documents.</t> RFCs.</t>
      <t>The meanings of the symbols in tree diagrams are defined in <xref
      target="RFC8340"></xref>.</t> target="RFC8340" format="default"/>.</t>
      <t>This document uses the term "network model" as defined in Section 2.1 of
      <xref target="RFC8969"></xref>.</t> target="RFC8969" sectionFormat="of" section="2.1"/>.</t>
      <t>This document uses the following terms:<list style="hanging">
          <t hangText="Service terms:</t>
      <dl newline="false" spacing="normal">
        <dt>Service provider: ">The </dt>
        <dd>The organization responsible for
          operating the network that offers a service (e.g., a VPN) to
          customers.</t>

          <t hangText="Attachment
          customers.</dd>
        <dt>Attachment Circuit (AC):">A (AC):</dt>
        <dd>A channel that connects a
          Customer Edge (CE) to a Provider Edge (PE). The AC may be a physical
          or logical link (Section 6.1 of <xref target="RFC4026"></xref>).</t>

          <t hangText="Customer (PE).</dd>
        <dt>Customer Edge (CE): ">Equipment </dt>
        <dd>Equipment that is dedicated to a
          particular customer and is directly connected to one or more PEs via
          ACs. A CE is usually located at the customer premises. A CE may be
          dedicated to a single service (e.g., an L3VPN), although it may support
          multiple VPNs if each one has separate attachment circuits. ACs. A CE can
          be a router, a bridge, a switch, etc.</t>

          <t hangText="Provider etc.</dd>
        <dt>Provider Edge (PE): ">Equipment </dt>
        <dd>Equipment owned and managed by
          the service provider that can support multiple services (e.g., VPNs)
          for different customers. A PE is directly connected to one or more
          CEs via ACs.</t>

          <t hangText="Service ACs.</dd>
        <dt>Service Attachment Points (SAPs):">An (SAPs):</dt>
        <dd>An abstraction of
          the network reference points (e.g., the PE side of an AC, or the CE side of an
          AC for a provider-managed CE) where network services can be
          delivered and/or are delivered to customers. A SAP can be bound to
          one or multiple ACs.</t>
        </list></t> ACs.</dd>
      </dl>
    </section>
    <section anchor="usage" title="Sample numbered="true" toc="default">
      <name>Sample SAP Network Model Usage">
      <t>Management operations of a Usage</name>
      <t>A service provider network network's management operations can be automated
      using a variety of means such as interfaces based on YANG modules <xref
      target="RFC8969"></xref><xref target="RFC6241"></xref><xref
      target="RFC8040"></xref>. target="RFC8969" format="default"/> <xref target="RFC6241" format="default"/> <xref target="RFC8040" format="default"/>. From that standpoint, and considering the
      architecture depicted in <xref target="fi1"></xref>, target="fi1" format="default"/>, a goal of this
      document is to provide a mechanism to show show, via a YANG-based interface interface, an
      abstracted network view from the network controller to the service
      orchestration layer with a focus on where a service can be delivered to
      customers. The model is also used to retrieve the network reference
      points where a service is being delivered to customers. For services
      that require resources from peer networks, the module model can also be used
      to expose NNIs.</t>
      <figure align="center" anchor="fi1" title="SAP anchor="fi1">
        <name>SAP Network Model Usage"> Usage</name>
        <artwork align="left"><![CDATA[ align="left" name="" type="" alt=""><![CDATA[                            +-----------------+
                            |     Customer    |
                            +--------+--------+
            Customer Service Models  |
               (e.g., L3SM, L2SM)    |
                            +--------+--------+
                            |    Service      |
                            |  Orchestration  |
                            +------+---+------+
                Network Models     |   | SAP Network Model
              (e.g., L3NM, L2NM)   |   |
                            +------+---+------+
                            |     Network     |
                            |   Controller    |
                            +--------+--------+
                                     |
               +---------------------+---------------------+
               |                  Network                  |
               +-------------------------------------------+
]]></artwork>
      </figure>
]]></artwork></figure>
      <t>The reader may refer to Section 5 of <xref target="RFC4026"></xref> target="RFC4026" sectionFormat="of" section="5"/> for an overview of the building blocks that are usually invoked when
      characterizing a service provider network.</t>
      <t>The service orchestration layer does not need to know about all the
      internals of the underlying network (e.g., P nodes). nodes (<xref target="RFC4026" sectionFormat="of" section="5.3.1"/>)). <xref
      target="fi2a"></xref> target="fi2a" format="default"/> shows the abstract network view as seen by a
      service orchestrator. However, this view is not enough to provide to the
      service orchestration layer the information to create services in the
      network. The service topology need is needs to be able to expose the set of
      nodes and the attachment points associated with the nodes from which
      network services can be grafted (delivered).</t>

      <t><figure align="center" anchor="fi2a"
          title="Abstract
      <figure anchor="fi2a">
        <name>Abstract Network Topology"> Topology</name>
        <artwork align="center"><![CDATA[.---------. align="center" name="" type="" alt=""><![CDATA[.---------.          .---------.
|   PE1   |          |   PE2   |
'---------'          '---------'
           \        /
            \------/
            (      )
           (        )
            (      )
            /------\
          /         \
.---------.          .---------.
|   PE3   |          |   PE4   |
'---------'          '---------']]></artwork>
        </figure></t>          '---------'
]]></artwork></figure>
      <t>Typically, and focusing on the UNIs, the service orchestration layer
      would see a set of PEs and a set of client-facing interfaces (physical
      or logical) to which CEs can be connected (or are actually connected).
      Such interfaces are also referred to as UNI-N (User-to-Network
      Interface, Network side) <xref target="RFC6215"></xref>. target="RFC6215" format="default"/>. The service
      orchestration layer can use these interfaces to set up the requested
      services or to commit the delivery of a service. <xref
      target="fi3"></xref> target="fi3" format="default"/> depicts a sample SAP network topology that is
      maintained by the network controller and exposed to the service
      orchestration.</t>
      <figure align="center" anchor="fi3" title="A anchor="fi3">
        <name>A SAP Network Topology"> Topology</name>
        <artwork align="center"><![CDATA[ align="center" name="" type="" alt=""><![CDATA[           .-+-. .-+-. .-+-.              .-+-.       .-+-.
         .-|sap|-|sap|-|sap|-.          .-|sap|-------|sap|-.
         | '---' '---' '---' |          | '---'       '---' |
       .---.                 |          |                   |
       |sap|      PE1        |          |         PE2       |
       '---'                 |          |                   |
         |                   |          |                   |
         '-------------------'          '-------------------'

         .-------------------.          .-------------------.
         |                   |          |                   |
         |                   |          |                 .---.
         |         PE3       |          |        PE4      |sap|
         |                   |          |                 '---'
         | .---. .---. .---. |          | .---. .---. .---. |
         '-|sap|-|sap|-|sap|-'          '-|sap|-|sap|-|sap|-'
           '-+-' '-+-' '-+-'              '-+-' '-+-' '-+-'
]]></artwork>
      </figure>
]]></artwork></figure>
      <t>A single SAP network topology can be used for one or multiple service
      types (e.g., L3VPN, Ethernet VPN (EVPN)). The network controller can,
      then, can
      then expose the service types and associated interfaces via the
      SAPs.</t>
      <t>As shown in <xref target="fi3a"></xref>, target="fi3a" format="default"/>, the service orchestration
      layer will have also have access to a set of customer service model models (e.g.,
      the L3SM or the L2SM) in the customer-facing interface and a set of
      network models (e.g., the L3NM and network topology data models) in the
      resource-facing interface. In this use case, it is assumed that the
      network controller is unaware of what happens beyond the PEs towards the
      CEs; it is only responsible for the management and control of the SAPs
      and the network between PEs. In order to correlate between delivery
      points expressed in service requests and SAPs, the SAP model may include
      a peer customer point identifier. That identifier can be a CE
      identifier, a site identifier, etc.</t>

      <t><figure align="center" anchor="fi3a"
          title="Network
      <figure anchor="fi3a">
        <name>Network Topology with CEs and ACs"> ACs</name>
        <artwork align="center"><![CDATA[ align="center" name="" type="" alt=""><![CDATA[                                                     .---.
                                                     |CE2|
                                                     '-+-'
                                                       |
           .-+-. .-+-. .-+-.             .-+-.       .-+-.
         .-|sap|-|sap|-|sap|-.         .-|sap|-------|sap|-.
         | '---' '---' '---' |         | '---'       '---' |
.---.  .---.                 |         |                   |
|CE1+--+sap|      PE1        |         |         PE2       |
'---'  '---'                 |         |                   |
         |                   |         |                   |
         '-------------------'         '-------------------'

         .-------------------.         .-------------------.
         |                   |         |                   |
         |                   |         |                 .---.  .---.
         |         PE3       |         |        PE4      |sap+--+CE5|
         |                   |         |                 '---'  '---'
         | .---. .---. .---. |         | .---. .---. .---. |
         '-|sap|-|sap|-|sap|-'         '-|sap|-|sap|-|sap|-'
           '-+-' '-+-' '-+-'             '-+-' '-+-' '-+-'
                         |                 |     |
                       .-+-.               |   .-+-.
                       |CE3+----------------'
                       |CE3+---------------'   |CE4|
                       '---'                   '---'
]]></artwork>
        </figure></t>
]]></artwork></figure>
      <t>Refer to <xref target="app1"></xref> target="app1" format="default"/> for an example echoing the
      topology depicted in <xref target="fi3a"></xref>.</t> target="fi3a" format="default"/>.</t>
    </section>
    <section anchor="rel" title="Relationship numbered="true" toc="default">
      <name>Relationship to Other YANG Data Models"> Models</name>
      <t>The SAP network model can be seen as inventory data associated with
      SAPs. The model maintains an inventory of customer-facing nodes
      contained in a network relying upon <xref target="RFC8345"></xref>.</t> target="RFC8345" format="default"/>.</t>
      <t><xref target="fig5" format="default"/> depicts the relationship of the SAP
      network model to other models. The SAP network model augments the
      network model defined in <xref target="RFC8345" format="default"/> and imports the network
      topology model defined in <xref target="RFC8345" format="default"/>, while other technology-specific topology models (e.g., the
      model for Traffic Engineering (TE) topologies <xref target="RFC8795" format="default"/>
      or the model for Layer 3 topologies <xref target="RFC8346" format="default"/>) augment the
      network topology model defined in <xref target="RFC8345" format="default"/>.
</t>
      <figure align="center" anchor="fig5"
              title="Relation anchor="fig5">
        <name>Relationship of SAP Network Model to Other Models"> Models</name>
        <artwork align="center"><![CDATA[ align="center" name="" type="" alt=""><![CDATA[                +-------------------------+
                |                         |
                |  Abstract Network Model |
                |                         |
                +------------+------------+
                             |
                   +---------+---------+
                   |                   |
            +------V------+     +------V------+
            |  Abstract   |     |  Inventory  |
            |  Network    |     |    Models   |
            |  Topology   |     |   e.g.,  (e.g., SAP |
            |   Model     |     |   Network   |
            |             |     |    Model    Model)   |
            +-----+-------+     +-------------+
                  |
      +-----------+-----------+
      |           |           |
 +----V----+ +----V----+ +----V----+
 |TE Topo  | |L3 Topo  | |L2 Topo  |
 |  Model  | |  Model  | |  Model  | ...
 +---------+ +---------+ +---------+]]></artwork>
      </figure>

      <t><xref target="fig5"></xref> depicts the relationship of the SAP
      network model to other models. The SAP network model augments the
      Network model <xref target="RFC8345"></xref> and imports the Network
      Topology model, while other technology-specific topology models (e.g.,
      Traffic Engineering (TE) Topologies model <xref target="RFC8795"></xref>
      or Layer 3 Topologies model <xref target="RFC8346"></xref>) augment the
      Network Topology model.</t> +---------+
]]></artwork></figure>
      <t>SAPs can be seen as customer-facing termination points (TPs) with
      specific service provisions. However, a one difference between SAPs and TPs
      is that links are terminated by a single TP (Section 4.4.6 of <xref
      target="RFC8345"></xref>) (<xref target="RFC8345" sectionFormat="of" section="4.4.6"/>) while an AC can be terminated by multiple
      SAPs. Also, a SAP is not neither a tunnel termination point (TTP) (Section 3.6
      of <xref target="RFC8795"></xref>) (<xref target="RFC8795" sectionFormat="of" section="3.6"/>) nor a link.</t>
      <t>In the context of Software-Defined Networking (SDN) <xref
      target="RFC7149"></xref><xref target="RFC7426"></xref>, target="RFC7149" format="default"/> <xref target="RFC7426" format="default"/>, the SAP YANG
      data model can be used to exchange information between control elements,
      so as to support VPN service provision and resource management as discussed
      in <xref target="RFC9182"></xref><xref target="RFC9291"></xref>. target="RFC9182" format="default"/> and <xref target="RFC9291" format="default"/>. Through
      this data model, the service orchestration layer can learn the available
      endpoints (i.e., SAPs) of interconnection resources of the underlying
      network. The service orchestration layer can determine which
      interconnection endpoints to add to an L2VPN or L3VPN service. With the
      help of other data models (e.g., the L3SM <xref target="RFC8299"></xref> target="RFC8299" format="default"/> or the
      L2SM <xref target="RFC8466"></xref>), target="RFC8466" format="default"/>), hierarchical control elements can
      also assess the feasibility of an end-to-end IP connectivity or L2VPN
      connectivity and, therefore, and therefore can derive the sequence of domains and the
      points of interconnection to use.</t>
      <t>Advanced interface-specific data nodes are not included in the SAP
      model. The interface identifiers listed in the SAP model can be used as
      filters to set or get such data using device models (e.g., <xref
      target="RFC7224"></xref>).</t> target="RFC7224" format="default"/>).</t>
    </section>
    <section anchor="tree" title="SAP numbered="true" toc="default">
      <name>SAP Module Tree Structure"> Structure</name>
      <t>The SAP network model 'ietf-sap-ntw' builds on the 'ietf-network'
      module <xref target="RFC8345" /> format="default"/> by augmenting the nodes with SAPs.</t>
      <t>The structure of the 'ietf-sap-ntw' module is shown in <xref target="fi4" />.</t> format="default"/>.</t>
      <figure align="center" anchor="fi4"
              title="SAP anchor="fi4">
        <name>SAP YANG Module Tree Structure">
        <artwork align="center"><![CDATA[module: Structure</name>
<sourcecode name="" type="yangtree"><![CDATA[module: ietf-sap-ntw
  augment /nw:networks/nw:network/nw:network-types:
    +--rw sap-network!
       +--rw service-type*   identityref
  augment /nw:networks/nw:network/nw:node:
    +--rw service* [service-type]
       +--rw service-type                   identityref
       +--rw sap* [sap-id]
          +--rw sap-id                      string
          +--rw description?                string
          +--rw parent-termination-point?   nt:tp-id
          +--rw attachment-interface?       string
          +--rw interface-type?             identityref
          +--rw encapsulation-type?         identityref
          +--rw role?                       identityref
          +--rw allows-child-saps?          boolean
          +--rw peer-sap-id*                string
          +--ro sap-status
          |  +--ro status?        identityref
          |  +--ro last-change?   yang:date-and-time
          +--rw service-status
             +--rw admin-status
             |  +--rw status?        identityref
             |  +--rw last-change?   yang:date-and-time
             +--ro oper-status
                +--ro status?        identityref
                +--ro last-change?   yang:date-and-time

]]></artwork>
      </figure>

      <t />
]]></sourcecode></figure>
      <t>A SAP network topology can be used for one or multiple service types
      ('service-type'). Examples of supported service types are as
      follows:<list style="symbols">
          <t>L3VPN
      follows:</t>
      <ul spacing="normal">
        <li>L3VPN <xref target="RFC4364" />,</t>

          <t>Virtual format="default"/></li>
        <li>Virtual Private LAN Service (VPLS) <xref target="RFC4761" /><xref format="default"/> <xref target="RFC4762" />,</t>

          <t><xref target="RFC8214">Virtual format="default"/></li>
        <li>
          <xref target="RFC8214" format="default">Virtual Private Wire Service
          (VPWS)</xref>,</t>

          <t><xref target="RFC7432">BGP MPLS-Based
          (VPWS)</xref></li>
        <li>
          <xref target="RFC7432" format="default">BGP MPLS-based Ethernet VPN</xref>,</t>

          <t><xref target="RFC8214">VPWS VPN</xref></li>
        <li>
          <xref target="RFC8214" format="default">VPWS in Ethernet VPN</xref>,</t>

          <t><xref target="RFC7623">Provider VPN</xref></li>
        <li>
          <xref target="RFC7623" format="default">Provider Backbone Bridging Combined combined with
          Ethernet VPN (PBB-EVPN)</xref>,</t>

          <t>VXLAN-based (PBB-EVPN)</xref></li>
        <li>VXLAN-based EVPN <xref target="RFC8365" />,</t>

          <t>Virtual Networks format="default"/> ("VXLAN" stands for "Virtual eXtensible Local Area Network")</li>
        <li>Virtual Network <xref target="RFC8453" />,</t>

          <t>Enhanced format="default"/></li>
        <li>Enhanced VPN (VPN+) <xref target="I-D.ietf-teas-enhanced-vpn" />,</t>

          <t>Network format="default"/></li>
        <li>Network slice service <xref
          target="I-D.ietf-teas-ietf-network-slices" />,</t>

          <t>SDWAN <xref target="I-D.ietf-bess-bgp-sdwan-usage" />, and</t>

          <t>Basic target="IETF-NETWORK-SLICES" format="default"/></li>
        <li>SD-WAN <xref target="BGP-SDWAN-USAGE" format="default"/></li>
        <li>Basic IP connectivity.</t>
        </list></t> connectivity</li>
      </ul>
      <t>These service types build on the types that are already defined in
      <xref target="RFC9181" /> format="default"/> and additional types that are defined in this
      document. Other service types can be defined in future YANG modules
      (including future revisions of the YANG module defined in this
      document), if needed.</t>

      <aside pn="section-5">
        <t indent="0" pn="section-5.1">Leveraging
      <aside>
        <t>Leveraging the service types defined in
        <xref target="RFC9181" /> format="default"/> is meant to ease the correlation between the
        SAP topology and the corresponding network modules models that are used to
        provision a specific service over a provider's network.</t>
      </aside>
      <t>Filters based on the service type can be used to access per-service
      SAP topology. An example is depicted in <xref target="app-ex-res-body-filter" />.</t> format="default"/> in <xref target="sample"/>.</t>
      <t>A node in the topology can support one or multiple service types
      ('service-type') among those listed under the 'sap-network' container. A
      list of SAPs are is then bound to each service type that is supported by a
      given node. Each SAP is characterized as follows:<list style="hanging">
          <t hangText="'sap-id':">Includes follows:</t>
      <dl newline="false" spacing="normal">
        <dt>'sap-id':</dt>
        <dd>
          <t>Includes an identifier that uniquely
          identifies a SAP within a node. <vspace blankLines="1" />The </t>
          <t>The same
          SAP may appear under distinct service types. In such a case, the
          same identifier is used for a shared SAP for each of these service types in
          association.<vspace blankLines="1" />SAPs types.</t>
          <t>SAPs that are associated with
          the interfaces that are directly hosting services, interfaces that
          are ready to host per-service sub-interfaces (but are not yet
          activated), or services that are already instantiated on
          sub-interfaces are listed as SAPs. For illustration purposes, <xref target="app-ex-res-body" /> format="default"/> in <xref target="sample"/> depicts how to indicate interfaces that
          are capable for of hosting per-service sub-interfaces.<vspace
          blankLines="1" />For sub-interfaces.</t>
          <t>For example, 'sap-id' may be the VPN network access
          identifier defined in Section 7.6 of <xref target="RFC9182" />. sectionFormat="of" section="7.6"/>. An example
          to illustrate
          that illustrates the use of this attribute during service creation is
          provided in <xref target="servicesap" />.</t>

          <t hangText="'description':">Includes format="default"/>.</t>
        </dd>
        <dt>'description':</dt>
        <dd>Includes a textual description of the
          SAP.</t>

          <t hangText="'parent-termination-point':">Includes
          SAP.</dd>
        <dt>'parent-termination-point':</dt>
        <dd>
          <t>Includes a reference to
          the parent termination point to which the SAP is bound. As per
          Section 4.2 of
          <xref target="RFC8345" />, sectionFormat="of" section="4.2"/>, a termination point
          terminates a link in a node. A termination point can be a physical
          port, an interface, etc. <vspace blankLines="1" />The </t>
          <t>The referenced
          parent termination point is expected to be a customer-facing
          termination point, not a core-facing termination point.<vspace
          blankLines="1" />This point.</t>
          <t>For example, this attribute is used, e.g., used to associate an
          interface with its sub-interfaces sub-interfaces, as all these interfaces may be
          listed under the SAPs of a node. It is also used to link a SAP with
          the physical topology. <vspace blankLines="1" />For </t>
          <t>For example, this
          data node can be used to map the IETF Network Slice endpoints (<xref
          target="I-D.ietf-teas-ietf-network-slices" />) <xref target="IETF-NETWORK-SLICES" format="default"/> to the
          service/tunnel/path endpoints in the underlay network.</t>

          <t hangText="'attachment-interface':">Indicates
        </dd>
        <dt>'attachment-interface':</dt>
        <dd>
          <t>Indicates a reference to the
          interface to which the SAP is bound. The same interface may host
          multiple services. <vspace blankLines="1" />Whether </t>
          <t>Whether the attachment
          identifier echoes the content of the attachment interface is
          deployment specific. <vspace blankLines="1" />For </t>
          <t>For example, this
          reference may be any of the identifiers ('l2-termination-point',
          'local-bridge-reference', 'bearer-reference', or 'lag-interface-id')
          defined in Section 7.6.1 of <xref target="RFC9182" /> sectionFormat="of" section="7.6.1"/> or
          'l3-termination-point' as defined in Section 7.6.2 of <xref target="RFC9182" />. It is the responsibility of the sectionFormat="of" section="7.6.2"/>. The controller to
          ensure is responsible for
          ensuring that consistent references are used in the SAP and underlying
          device modes models or any other device inventory mechanism.</t>

          <t hangText="'interface-type':">Indicates
        </dd>
        <dt>'interface-type':</dt>
        <dd>
          <t>Indicates whether a SAP is bound to
          a physical port, a loopback interface, a Link Aggregation Group
          (LAG) interface <xref target="IEEE802.1AX" />, format="default"/>, an Integrated Routing
          Bridge and Bridging (IRB) interface (e.g., <xref target="RFC9135" />), format="default"/>), a local bridge
          reference, etc. <vspace blankLines="1" />The etc.</t>
          <t>The mapping to the detailed
          interface types as per <xref target="RFC7224" /> format="default"/> is maintained by
          the controller. That mapping is used, for example, when the
          controller translates this SAP network module model into device modules
          (Section 4.4 of <xref models
          (<xref target="RFC8969" />).</t>

          <t hangText="'encapsulation-type':">Indicates sectionFormat="of" section="4.4"/>).</t>
        </dd>
        <dt>'encapsulation-type':</dt>
        <dd>
          <t>Indicates the encapsulation type
          for the interface indicated in the 'attachment-interface' attribute.
          The types are taken from <xref target="RFC9181" />. <vspace
          blankLines="1" />This format="default"/>. </t>
          <t>This data node can be used, for example, to decide
          whether an existing SAP can be (re)used to host a service or if a
          new sub-interface has to be instantiated.</t>

          <t hangText="'role':">Specifies
        </dd>
        <dt>'role':</dt>
        <dd>
          <t>Specifies the role of a SAP (e.g., a UNI or
          NNI). <vspace blankLines="1" />A </t>
          <t>A SAP inherits the role of its parent
          interface ('parent-termination-point').</t>

          <t hangText="'allows-child-saps':">When
        </dd>
        <dt>'allows-child-saps':</dt>
        <dd>
          <t>When set to 'true', this data
          node indicates that the attachment interface for
          this SAP is capable of hosting per-service sub-interfaces. <vspace
          blankLines="1" />Whether </t>
          <t>Whether a service can be directly attached to the
          parent SAP in addition to child SAPs depends on the service.</t>

          <t hangText="'peer-sap-id':">Includes
        </dd>
        <dt>'peer-sap-id':</dt>
        <dd>
          <t>Includes references to the remote
          endpoints of an attachment circuit. AC. This identifier may or may not
          be the same as the SAP identifier used in the peer's configuration.
          Note that the use of identical identifiers eases correlating the correlation between
          a peer's service request with and a local SAP. <vspace
          blankLines="1" />Examples </t>
          <t>Examples of such a reference are: are a site identifier
          (Section 6.3 of <xref
          (<xref target="RFC8299" />), sectionFormat="of" section="6.3"/>), a Service Demarcation
          Point (SDP) identifier (Section 2.1 (Section&nbsp;<xref target="IETF-NETWORK-SLICES" section="3.2" sectionFormat="bare">"Core Terminology"</xref> of <xref
          target="I-D.ietf-teas-ietf-network-slices" />), target="IETF-NETWORK-SLICES"/>), and the IP address
          of a peer Autonomous System Border Router (ASBR).</t>

          <t hangText="'sap-status':">Indicates
        </dd>
        <dt>'sap-status':</dt>
        <dd>
          <t>Indicates the operational status of a
          SAP. Values are taken from the values defined in <xref target="RFC9181" />.<vspace blankLines="1" />When format="default"/>.</t>
          <t>When both a
          sub-interface and its parent interface are present, present but the parent
          interface is disabled, the status of the parent interface takes
          precedence over the status indicated for the sub-interface.</t>

          <t hangText="'service-status':">Indicates
        </dd>
        <dt>'service-status':</dt>
        <dd>
          <t>Indicates the administrative and
          operational status of the service for a given SAP. This information
          is particularly useful when many services are provisioned for the
          same SAP, SAP but only a subset of these services are is activated. As
          such, the administrative 'service-status' MUST NOT <bcp14>MUST NOT</bcp14> be influenced by
          the value of the operational 'sap-status'. <vspace
          blankLines="1" />The </t>
          <t>The service 'oper-status' reflects the operational
          status of the service only as observed at a specific SAP, not the
          overall network level network-level status of the service connecting many SAPs.
          The network level network-level service status can be retrieved using specific
          network models, e.g., Section 7.3 of those listed in <xref target="RFC9182" /> sectionFormat="of" section="7.3"/> or
          Section 7.3 of
          <xref target="RFC9291" />. <vspace
          blankLines="1" />In sectionFormat="of" section="7.3"/>. </t>
          <t>In order to assess the service delivery status for
          a given SAP, it is recommended to check both the administrative and
          operational service status ('service-status') in addition to the
          'sap-status'. In doing so, a network controller (or operator) can
          detect anomalies. For example, if a service is administratively
          enabled for a SAP and the 'sap-status' of that SAP is reported as
          being down, the service 'oper-status' is also expected to be down.
          Retrieving a distinct service operational status under these
          conditions can be used as a trigger to detect an anomaly. Likewise,
          administrative status and operational status can be compared to
          detect service-specific SAP activation anomalies. For example, a
          service that is administratively declared as inactive for a SAP but
          reported as operationally active for that SAP is an indication that
          some service provision actions are needed to align the observed
          service status with the expected service status.</t>
        </list></t>

      <t />
        </dd>
      </dl>
    </section>
    <section anchor="mod" title="SAP numbered="true" toc="default">
      <name>SAP YANG Module"> Module</name>
      <t>This module imports types from <xref target="RFC6991"></xref>, <xref
      target="RFC8343"></xref>, target="RFC6991" format="default"/>, <xref target="RFC8345"></xref>, target="RFC8345" format="default"/>, and <xref
      target="RFC9181"></xref>.</t> target="RFC9181" format="default"/>.</t>
      <t>The 'sap-entry' and 'sap-list' are defined as groupings for the reuse
      of these nodes in service-specific YANG modules.</t>

      <figure>
        <artwork><![CDATA[<CODE BEGINS>  file "ietf-sap-ntw@2023-01-09.yang"
      <sourcecode name="ietf-sap-ntw@2023-05-22.yang" type="yang" markers="true"><![CDATA[
module ietf-sap-ntw {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-sap-ntw";
  prefix sap;

  import ietf-network-topology {
    prefix nt;
    reference
      "RFC 8345: A YANG Data Model for Network
                 Topologies, Section 6.2";
  }
  import ietf-network {
    prefix nw;
    reference
      "RFC 8345: A YANG Data Model for Network
                 Topologies, Section 6.1";
  }
  import ietf-vpn-common {
    prefix vpn-common;
    reference
      "RFC 9181: A Common YANG Data Model for Layer 2 and Layer 3
                 VPNs";
  }
  import ietf-yang-types {
    prefix yang;
    reference
      "RFC 6991: Common YANG Data Types, Section 3";
  }

  organization
    "IETF OPSA (Operations and Management Area) Working Group";
  contact
    "WG Web:   <https://datatracker.ietf.org/wg/opsawg/>
     WG List:  <mailto:opsawg@ietf.org>

     Editor:   Mohamed Boucadair
               <mailto:mohamed.boucadair@orange.com>

     Author:   Oscar Gonzalez de Dios
               <mailto:oscar.gonzalezdedios@telefonica.com>

     Author:   Samier Barguil
               <mailto:samier.barguil_giraldo@nokia.com>

     Author:   Qin Wu
               <mailto:bill.wu@huawei.com>

     Author:   Victor Lopez
               <victor.lopez@nokia.com>";
               <mailto:victor.lopez@nokia.com>";
  description
    "This YANG module defines a model for representing, managing,
     and controlling the Service Attachment Points (SAPs) in the
     network topology.

     Copyright (c) 2023 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Revised BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX
     (https://www.rfc-editor.org/info/rfcXXXX); 9408; see the
     RFC itself for full legal notices.";

  revision 2023-01-09 2023-05-22 {
    description
      "Initial version"; version.";
    reference
      "RFC XXXX: 9408: A YANG Network Data Model for Service Attachment
                 Points (SAPs)";
  }

  identity virtual-network {
    base vpn-common:service-type;
    description
      "Virtual network.  Refers to a logical network instance
       that is built over a physical network.";
    reference
      "RFC 8453: Framework for Abstraction and Control of TE
                 Networks (ACTN)";
  }

  identity enhanced-vpn {
    base vpn-common:service-type;
    description
      "Enhanced VPN (VPN+).  VPN+ is an approach that is
       based on existing VPN and Traffic Engineering (TE)
       technologies but adds characteristics that specific
       services require over and above conventional VPNs.";
    reference
      "draft-ietf-teas-enhanced-vpn:
         A Framework for Enhanced Virtual Private Network
         (VPN+) Services";
         (VPN+)";
  }

  identity network-slice {
    base vpn-common:service-type;
    description
      "IETF network slice. Network Slice.  An IETF network slice Network Slice
       is a logical network topology connecting a number of
       endpoints using a set of shared or dedicated network
       resources that are used to satisfy specific service
       objectives.";
    reference
      "draft-ietf-teas-ietf-network-slices:
         A Framework for IETF Network Slices";
  }

  identity sdwan {
    base vpn-common:service-type;
    description
      "PE-based Software-Defined Wide Area Wide-Area Network (SDWAN)."; (SD-WAN).";
    reference
      "draft-ietf-bess-bgp-sdwan-usage:
         BGP Usage for SDWAN SD-WAN Overlay Network"; Networks";
  }

  identity basic-connectivity {
    base vpn-common:service-type;
    description
      "Basic IP connectivity.  This is, for example, a plain
       form of connectivity offered to Enterprises enterprises over a
       dedicated or shared MPLS infrastructure.";
  }

  identity interface-role {
    description
      "Base identity for the network role of an interface.";
  }

  identity uni {
    base interface-role;
    description
      "User-Network
      "User-to-Network Interface (UNI).";
  }

  identity nni {
    base interface-role;
    description
      "Network-to-Network Interface (NNI).";
  }

  identity interface-type {
    description
      "Base identity for the interface type.";
  }

  identity phy {
    base interface-type;
    description
      "Physical port.";
  }

  identity loopback {
    base interface-type;
    description
      "Loopback interface.";
  }

  identity lag {
    base interface-type;
    description
      "Link Aggregation Group (LAG) interface.";
  }

  identity irb {
    base interface-type;
    description
      "Integrated Routing Bridge (IRB). and Bridging (IRB) interface.  An IRB
       interface typically connects an IP-VRF IP Virtual Routing and
       Forwarding (IP-VRF) entity to a bridge domain.";
  }

  identity local-bridge {
    base interface-type;
    description
      "A local bridge reference to accommodate, e.g., accommodate (for example)
       implementations that require internal bridging.
       When such a type is used, a reference to a local
       bridge domain is used to identify the interface.";
  }

  identity logical {
    base interface-type;
    description
      "Refers to a logical sub-interface that is typically
       used to bind a service.  This type is used only
       if none of the other more specific types (i.e.,
       loopback, lag, irb,
       'loopback', 'lag', 'irb', or local-bridge) 'local-bridge') can be used.";
  }

  grouping sap-entry {
    description
      "Service Attachment Point (SAP) entry information.";
    leaf sap-id {
      type string;
      description
        "Indicates an identifier that uniquely identifies
         a SAP.";
    }
    leaf description {
      type string;
      description
        "A textual description of the SAP.";
    }
    leaf parent-termination-point {
      type nt:tp-id;
      description
        "Indicates the parent termination point to
         which the SAP is attached to. attached.  A termination
         point can be a physical port, an interface, etc.";
    }
    leaf attachment-interface {
      type string;
      description
        "Indicates the interface to which the SAP is bound.";
    }
    leaf interface-type {
      type identityref {
        base interface-type;
      }
      description
        "The type of the interface to which the SAP is bound.";
    }
    leaf encapsulation-type {
      type identityref {
        base vpn-common:encapsulation-type;
      }
      description
        "Encapsulation type of the interface to which the
         SAP is bound.";
    }
    leaf role {
      type identityref {
        base interface-role;
      }
      description
        "Indicates the role of a SAP.";
    }
    leaf allows-child-saps {
      type boolean;
      description
        "Indicates whether the attachment interface of this
         SAP is capable of hosting per-service sub-interfaces.";
    }
    leaf-list peer-sap-id {
      type string;
      description
        "Indicates an identifier of the peer's termination
         identifier (e.g., a Customer Edge (CE)).  This
         information can be used for correlation purposes,
         such as identifying the SAP that is attached to
         an endpoint that is provided in a service request.";
    }
  }

  grouping sap-list {
    description
      "Service Attachment Point (SAP)
      "SAP information.";
    list sap {
      key "sap-id";
      description
        "The Service Attachment Points SAPs are an abstraction of the points where to which
         network services such as L3VPNs, L2VPNs, or network
         slices can be attached to."; attached.";
      uses sap-entry;
      container sap-status {
        config false;
        description
          "Indicates the operational status of the SAP,
           independent of any service provisioned over it.";

        uses vpn-common:oper-status-timestamp;
      }
      container service-status {
        description
          "Indicates the service status.";
        container admin-status {
          description
            "Administrative service status.";
          leaf status {
            type identityref {
              base vpn-common:administrative-status;
            }
            description
              "Administrative status of the service provisioned
               at the SAP.";
          }
          leaf last-change {
            type yang:date-and-time;
            description
              "Indicates the actual date and time of the service
               status change.";
          }
        }
        container oper-status {
          config false;
          description
            "Operational status of the service provisioned
             at the SAP.";
          uses vpn-common:oper-status-timestamp;
        }
      }
    }
  }

  augment "/nw:networks/nw:network/nw:network-types" {
    description
      "Introduces a new network type for a SAP network.";
    container sap-network {
      presence "Indicates the SAP network type.";
      description
        "The presence of the container node indicates the
         SAP network type.";
      leaf-list service-type {
        type identityref {
          base vpn-common:service-type;
        }
        description
          "Indicates the set of supported service types.";
      }
    }
  }

  augment "/nw:networks/nw:network/nw:node" {
    when '../nw:network-types/sap:sap-network' {
      description
        "Augmentation parameters apply only for SAP
         networks.";
    }
    description
      "SAP parameters for the node level.";
    list service {
      key "service-type";
      description
        "A list of supported service types for the node.";
      leaf service-type {
        type identityref {
          base vpn-common:service-type;
        }
        description
          "Indicates a service type.";
      }
      uses sap-list;
    }
  }
}
<CODE ENDS>]]></artwork>
      </figure>
]]></sourcecode>
    </section>
    <section anchor="IANA" title="IANA Considerations"> numbered="true" toc="default">
      <name>IANA Considerations</name>
      <t>This document registers the following namespace URI in the "ns"
      subregistry within the "IETF XML Registry" <xref
      target="RFC3688"></xref>: <figure>
          <artwork><![CDATA[    URI: urn:ietf:params:xml:ns:yang:ietf-sap-ntw
    Registrant Contact: The IESG.
    XML: N/A, target="RFC3688" format="default"/>: </t>

  <dl newline="false" spacing="compact">
    <dt>URI:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-sap-ntw</dd>
    <dt>Registrant Contact:</dt><dd>The IESG.</dd>
    <dt>XML:</dt><dd>N/A; the requested URI is an XML namespace.
]]></artwork>
        </figure></t> namespace.</dd>
  </dl>

      <t>This document registers the following YANG module in the YANG "YANG Module
      Names registry
      Names" subregistry <xref target="RFC6020"></xref> target="RFC6020" format="default"/> within the "YANG
      Parameters" registry: <figure>
          <artwork><![CDATA[    name: ietf-sap-ntw
    namespace: urn:ietf:params:xml:ns:yang:ietf-sap-ntw
    maintained </t>
   <dl newline="false" spacing="compact">
    <dt>Name:</dt><dd>ietf-sap-ntw</dd>
    <dt>Namespace:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-sap-ntw</dd>
    <dt>Maintained by IANA? N
    prefix: sap
    reference: RFC XXXX
]]></artwork>
        </figure></t> IANA?</dt><dd>N</dd>
    <dt>Prefix:</dt><dd>sap</dd>
    <dt>Reference:</dt><dd>RFC 9408</dd>
   </dl>
    </section>
    <section anchor="scecurity" title="Security Considerations"> numbered="true" toc="default">
      <name>Security Considerations</name>
      <t>The YANG module specified in this document defines a schema for data
      that is designed to be accessed via network management protocols such
      as NETCONF <xref target="RFC6241"></xref> target="RFC6241"/> or RESTCONF <xref
      target="RFC8040"></xref>. target="RFC8040"/>.
      The lowest NETCONF layer is the secure transport layer, and the
      mandatory-to-implement secure transport is Secure Shell (SSH)
      <xref target="RFC6242"></xref>. target="RFC6242"/>. The lowest RESTCONF layer is HTTPS, and the
      mandatory-to-implement secure transport is TLS <xref target="RFC8446"></xref>.</t> target="RFC8446"/>.</t>
      <t>The Network Configuration Access Control Model (NACM)
      <xref
      target="RFC8341"></xref> target="RFC8341"/> provides the means to restrict access for
      particular NETCONF or RESTCONF users to a preconfigured subset of all
      available NETCONF or RESTCONF protocol operations and content.</t>
      <t>There are a number of data nodes defined in this YANG module that are
      writable/creatable/deletable (i.e., config true, which is the default). These
      data nodes may be considered sensitive or vulnerable in some network
      environments. Write operations (e.g., edit-config) to these data nodes
      without proper protection can have a negative effect on network operations.
      These are the subtrees and data nodes and their
      sensitivity/vulnerability: <list style="symbols">
          <t>/nw:networks/nw:network/nw:node/sap:service/sap:sap<vspace
          blankLines="1" />This
      sensitivity/vulnerability:</t>
      <dl newline="true" spacing="normal">
        <dt>/nw:networks/nw:network/nw:node/sap:service/sap:sap</dt>
          <dd>This subtree specifies the configurations of the
          nodes in a SAP network model. Unexpected changes to this subtree
          (e.g., associating a SAP with another parent termination point)
          could lead to service disruption and/or network misbehavior. Such
          network misbehavior results mainly from a network configuration that
          is inconsistent with the intended behavior as defined by the
          operator (e.g., Section 4.2.1 of <xref
          target="RFC8969"></xref>).</t>
        </list></t> target="RFC8969" sectionFormat="of" section="4.2.1"/>).</dd>
      </dl>
      <t>Some of the readable data nodes in this YANG module may be considered
      sensitive or vulnerable in some network environments. It is thus important to
      control read access (e.g., via get, get-config, or notification) to these
      data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:<list style="symbols">
          <t>/nw:networks/nw:network/nw:node/sap:service/sap:sap<vspace
          blankLines="1" />Unauthorized
      sensitivity/vulnerability:</t>
      <dl newline="true" spacing="normal">
        <dt>/nw:networks/nw:network/nw:node/sap:service/sap:sap</dt>
          <dd>Unauthorized access to this subtree can disclose
          the operational state information of the nodes in a SAP network
          model (e.g., can disclose the identity of a customer 'peer-sap-id').</t>
        </list></t>

      <t></t>
    </section>

    <section anchor="Acknowledgements" title="Acknowledgements">
      <t>Thanks to Adrian Farrell, Daniel King, Dhruv Dhody, Benoit Claise, Bo
      Wu, Erez Segev, Raul Arco, Joe Clarke, Riyas Valiyapalathingal, Tom
      Petch, Olga Havel, and Richard Roberts for the comments.</t>

      <t>Thanks to Martin Bj&ouml;rklund for the YANG Doctors review, Menachem
      Dodge for the opsdir review, Mach Chen for the rtgdir review, Linda
      Dunbar for the genart review, and Ivaylo Petrov for the secdir
      review.</t>

      <t>Special thanks to Adrian Farrel for the Shepherd review and Rob
      Wilton for the careful AD review.</t>

      <t>Thanks to Lars Eggert, Roman Danyliw, and Zaheduzzaman Sarker for the
      comments during the IESG review.</t> 'peer-sap-id').</dd>
      </dl>
    </section>
  </middle>
  <back>
    <references title="Normative References">
      <?rfc include="reference.RFC.3688"?>

      <?rfc include="reference.RFC.6020"?>

      <?rfc include="reference.RFC.6241"?>

      <?rfc include="reference.RFC.6242"?>

      <?rfc include="reference.RFC.7950"?>

      <?rfc include="reference.RFC.8040"?>

      <?rfc include="reference.RFC.8341"?>

      <?rfc include="reference.RFC.8345"?>

      <?rfc include="reference.RFC.8346"?>

      <?rfc include="reference.RFC.8446"?>

      <?rfc include="reference.RFC.8795"?>

      <?rfc include='reference.RFC.9181'?>

      <?rfc include='reference.RFC.6991'?>

      <?rfc include='reference.RFC.2119'?>

      <?rfc include='reference.RFC.8174'?>

<displayreference target="I-D.ietf-teas-enhanced-vpn" to="ENHANCED-VPN"/>

    <references>
      <name>References</name>
      <references>
        <name>Normative References</name>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3688.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6020.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6241.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6242.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7950.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8040.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8341.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8345.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8346.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8795.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9181.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6991.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/>
      </references>

    <references title="Informative References">
      <?rfc include="reference.RFC.7149"?>

      <?rfc include="reference.RFC.7426"?>

      <?rfc include="reference.RFC.8299"?>

      <?rfc include='reference.RFC.8466'?>

      <?rfc include="reference.RFC.8309"?>

      <?rfc include="reference.RFC.8340"?>

      <?rfc include="reference.RFC.8342"?>

      <?rfc include="reference.RFC.8343"?>

      <?rfc include='reference.RFC.9182'?>

      <?rfc include='reference.RFC.9291'?>

      <?rfc include='reference.RFC.8969'?>

      <?rfc include='reference.I-D.ietf-teas-ietf-network-slices'?>

      <?rfc include='reference.I-D.ietf-teas-enhanced-vpn'?>

      <?rfc include='reference.I-D.ietf-bess-bgp-sdwan-usage'?>

      <?rfc include='reference.RFC.4364'?>

      <?rfc include='reference.RFC.4761'?>

      <?rfc include='reference.RFC.4762'?>

      <?rfc include='reference.RFC.8214'?>

      <?rfc include='reference.RFC.7623'?>

      <?rfc include='reference.RFC.7432'?>

      <?rfc include='reference.RFC.8365'?>

      <?rfc include='reference.RFC.8453'?>

      <?rfc include='reference.RFC.7224'?>

      <?rfc include='reference.RFC.4026'?>

      <?rfc include='reference.RFC.9135'?>

      <?rfc include='reference.RFC.6004'?>

      <?rfc include='reference.RFC.6215'?>
      <references>
        <name>Informative References</name>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7149.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7426.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7951.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8299.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8466.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8309.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8340.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8342.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9182.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9291.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8969.xml"/>

<!-- draft-ietf-teas-ietf-network-slices (AD Evaluation::Revised I-D Needed)
   ("long way"/"Ed." designations were missing) -->
<reference anchor="IETF-NETWORK-SLICES">
   <front>
      <title>A Framework for IETF Network Slices</title>
      <author initials="A." surname="Farrel" fullname="Adrian Farrel" role="editor">
      </author>
      <author initials="J." surname="Drake" fullname="John Drake" role="editor">
      </author>
      <author initials="R." surname="Rokui" fullname="Reza Rokui">
      </author>
      <author initials="S." surname="Homma" fullname="Shunsuke Homma">
      </author>
      <author initials="K." surname="Makhijani" fullname="Kiran Makhijani">
      </author>
      <author initials="L.M." surname="Contreras" fullname="Luis M. Contreras">
      </author>
      <author initials="J." surname="Tantsura" fullname="Jeff Tantsura">
      </author>
      <date month="January" day="21" year="2023" />
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-teas-ietf-network-slices-19" />
</reference>

<!-- draft-ietf-teas-enhanced-vpn (I-D Exists) -->
        <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-teas-enhanced-vpn.xml"/>

<!-- draft-ietf-bess-bgp-sdwan-usage (I-D Exists)
   ("long way"/A. Banerjee was missing) -->
<reference anchor="BGP-SDWAN-USAGE">
   <front>
      <title>BGP Usage for SD-WAN Overlay Networks</title>
      <author initials="L." surname="Dunbar" fullname="Linda Dunbar">
      </author>
      <author initials="J." surname="Guichard" fullname="Jim Guichard">
      </author>
      <author initials="A." surname="Sajassi" fullname="Ali Sajassi">
      </author>
      <author initials="J." surname="Drake" fullname="John Drake">
      </author>
      <author initials="B." surname="Najem" fullname="Basil Najem">
      </author>
      <author initials="A." surname="Banerjee" fullname="Ayan Banerjee">
      </author>
      <author initials="D." surname="Carrel" fullname="David Carrel">
      </author>
      <date month="April" day="7" year="2023" />
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-bess-bgp-sdwan-usage-09" />
</reference>

        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4364.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4761.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4762.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8214.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7623.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7432.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8365.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8453.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7224.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4026.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9135.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6004.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6215.xml"/>

        <reference anchor="IEEE802.1AX">
          <front>
          <title>Link
          <title>IEEE Standard for Local and Metropolitan Area Networks--Link Aggregation</title>
            <author>
            <organization></organization>
              <organization>IEEE</organization>
            </author>
            <date month="" year="2020" /> year="2020"/>
          </front>
          <seriesInfo name="IEEE" value="Std 802.1AX-2020" name='IEEE Std' value='802.1AX-2020' />
	  <seriesInfo name='DOI' value='10.1109/IEEESTD.2020.9105034' />
        </reference>

        <reference anchor="MEF6" target="https://www.mef.net/Assets/Technical_Specifications/PDF/MEF_6.pdf">
          <front>
            <title>Technical Specification MEF 6, Ethernet Services Definitions
          - Phase I</title>

          <author fullname="">
            <author>
              <organization>The Metro Ethernet Forum</organization>
            </author>
            <date month="June" year="2004" /> year="2004"/>
          </front>
        </reference>

        <reference anchor="MEF17" target="https://www.mef.net/wp-content/uploads/2015/04/MEF-17.pdf">
          <front>
            <title>Technical Specification MEF 17, Service OAM Requirements
          &amp; Framework - Phase 1</title>

          <author fullname="">
            <author>
              <organization>The Metro Ethernet Forum</organization>
            </author>
            <date month="April" year="2007" /> year="2007"/>
          </front>
        </reference>
      </references>
    </references>
    <section anchor="app1" title="A numbered="true" toc="default">
      <name>A Simplified SAP Network Example"> Example</name>
      <t>An example of a SAP topology that is reported by a network controller
      is depicted in <xref target="ex1"></xref>. target="ex1" format="default"/>. This example echoes the
      topology shown in <xref target="fi3a"></xref>. target="fi3a" format="default"/>. Only a minimum set of
      information set is provided for each SAP. Particularly,
      'parent-termination-point', 'attachment-interface', 'interface-type',
      'encapsulation-type', and 'role' are not shown in the example. SAPs that
      are capable of hosting a service, service but are not yet activated, activated are identified
      by the 'sap-status/status' set to 'ietf-vpn-common:op-down' and
      'service-status/admin-status/status' set to
      'ietf-vpn-common:admin-down'. SAPs that are enabled to deliver a service
      are identified by 'service-status/admin-status/status' set to
      'ietf-vpn-common:admin-up' and 'service-status/oper-status/status' set
      to 'ietf-vpn-common:op-up'. Note that none of the anomalies discussed in
      <xref target="tree"></xref> target="tree" format="default"/> are detected for these SAPs.</t>

      <t><figure anchor="ex1" title="A SAPs.
      The message body depicted in the figures below is encoded following the
      JSON encoding of YANG-modeled data as per <xref target="RFC7951"/>.</t>
      <figure anchor="ex1">
        <name>A Simplified SAP Network Example">
          <artwork><![CDATA[{ Example</name>
        <sourcecode type="json"><![CDATA[{
  "ietf-network:networks": {
    "network": [
      {
        "network-types": {
          "ietf-sap-ntw:sap-network": {
            "service-type": [
              "ietf-vpn-common:l3vpn",
              "ietf-vpn-common:vpls"
            ]
          }
        },
        "network-id": "example:an-id",
        "node": [
          {
            "node-id": "example:pe1",
            "ietf-sap-ntw:service": [
              {
                "service-type": "ietf-vpn-common:l3vpn",
                "sap": [
                  {
                    "sap-id": "sap#11",
                    "peer-sap-id": ["ce-1"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#12",
                    "sap-status": {
                      "status": "ietf-vpn-common:op-down"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-down"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#13",
                    "sap-status": {
                      "status": "ietf-vpn-common:op-down"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-down"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#14",
                    "sap-status": {
                      "status": "ietf-vpn-common:op-down"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-down"
                      }
                    }
                  }
                ]
              }
            ]
          },
          {
            "node-id": "example:pe2",
            "ietf-sap-ntw:service": [
              {
                "service-type": "ietf-vpn-common:l3vpn",
                "sap": [
                  {
                    "sap-id": "sap#21",
                    "sap-status": {
                      "status": "ietf-vpn-common:op-down"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-down"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#22",
                    "peer-sap-id": ["ce-2"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  }
                ]
              }
            ]
          },
          {
            "node-id": "example:pe3",
            "ietf-sap-ntw:service": [
              {
                "service-type": "ietf-vpn-common:l3vpn",
                "sap": [
                  {
                    "sap-id": "sap#31",
                    "sap-status": {
                      "status": "ietf-vpn-common:op-down"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-down"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#32",
                    "sap-status": {
                      "status": "ietf-vpn-common:op-down"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-down"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#33",
                    "peer-sap-id": ["ce-3"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  }
                ]
              }
            ]
          },
          {
            "node-id": "example:pe4",
            "ietf-sap-ntw:service": [
              {
                "service-type": "ietf-vpn-common:l3vpn",
                "sap": [
                  {
                    "sap-id": "sap#41",
                    "peer-sap-id": ["ce-3"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#42",
                    "peer-sap-id": ["ce-4"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#43",
                    "sap-status": {
                      "status": "ietf-vpn-common:op-down"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-down"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#44",
                    "peer-sap-id": ["ce-5"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  }
                ]
              }
            ]
          }
        ]
      }
    ]
  }
}]]></artwork>
        </figure></t>

      <t></t>
}
]]></sourcecode></figure>
    </section>
    <section anchor="sample"
             title="A numbered="true" toc="default">
      <name>A Simple Example of the SAP Network Model: Node Filter"> Filter</name>
      <t>In the example shown in <xref target="app-ex"></xref>, target="app-ex" format="default"/>, PE1 (with a
      "node-id" set to "example:pe1") "example:pe1", as shown in <xref target="ex1"/>) has two physical interfaces "GE0/6/1"
      and "GE0/6/4". Two sub-interfaces "GE0/6/4.1" and "GE0/6/4.2" are
      associated with the physical interface "GE0/6/4". Let us consider that
      four SAPs are exposed to the service orchestrator and mapped to these
      physical interfaces and sub-interfaces.</t>

      <t><figure align="center" anchor="app-ex"
          title="An
      <figure anchor="app-ex">
        <name>An Example of a PE and its Its Physical/Logical Interfaces"> Interfaces</name>
        <artwork align="center"><![CDATA[ align="center" name="" type="" alt=""><![CDATA[   .-------------------------.
   |                 GE0/6/4 |
   | PE1                .----+----.
   |                    |sap#2    |GE0/6/4.1
   |                    |      .--+--.
   |                    |      |sap#3|
   |                    |      '--+--'
   |                    |         |GE0/6/4.2
   |                    |      .--+--.
   |                    |      |sap#4|
   |                    |      '--+--'
   |                    |         |
   |                    +----+----+
   |                         |
   |                  GE0/6/1|
   |                    .----+----.
   |                    |sap#1    |
   |                    '----+----'
   |                         |
   '-------------------------'
]]></artwork>
        </figure></t>
]]></artwork></figure>
      <t>Let us assume that no service is enabled yet for the SAP associated
      with the physical interface "GE0/6/1". Also, let us assume that, for the
      SAPs that are associated with the physical interface "GE0/6/4", VPLS and
      L3VPN services are activated on the two sub-interfaces "GE0/6/4.1" and
      "GE0/6/4.2", respectively. Both "sap#1" and "sap#2" are tagged as being
      capable of hosting per-service sub-interfaces ('allows-child-saps' is
      set to 'true').</t>

      <t>A
      <t>For example, a service orchestrator can query what services are provided on which
      SAPs of PE1 from the network controller by sending, e.g., sending a GET RESTCONF GET
      request. <xref target="app-ex-res-body"></xref> target="app-ex-res-body" format="default"/> shows an example of the
      body of the RESTCONF response that is received from the network
      controller.</t>

      <t><figure anchor="app-ex-res-body"
          title="An
      <figure anchor="app-ex-res-body">
        <name>An Example of a Response Body to a Request with a Node Filter">
          <artwork><![CDATA[{ Filter</name>
        <sourcecode type="json"><![CDATA[{
  "ietf-sap-ntw:service": [
    {
      "service-type": "ietf-vpn-common:l3vpn",
      "sap": [
        {
          "sap-id": "sap#1",
          "description": "Ready to host SAPs",
          "attachment-interface": "GE0/6/1",
          "interface-type": "ietf-sap-ntw:phy",
          "role": "ietf-sap-ntw:uni",
          "allows-child-saps": true,
          "sap-status": {
            "status": "ietf-vpn-common:op-up"
          }
        },
        {
          "sap-id": "sap#2",
          "description": "Ready to host SAPs",
          "attachment-interface": "GE0/6/4",
          "interface-type": "ietf-sap-ntw:phy",
          "role": "ietf-sap-ntw:uni",
          "allows-child-saps": true,
          "sap-status": {
            "status": "ietf-vpn-common:op-up"
          }
        },
        {
          "sap-id": "sap#3",
          "description": "A first SAP description",
          "parent-termination-point": "GE0/6/4",
          "attachment-interface": "GE0/6/4.1",
          "interface-type": "ietf-sap-ntw:logical",
          "encapsulation-type": "ietf-vpn-common:vlan-type",
          "sap-status": {
            "status": "ietf-vpn-common:op-up"
          },
          "service-status": {
            "admin-status": {
              "status": "ietf-vpn-common:admin-up"
            },
            "oper-status": {
              "status": "ietf-vpn-common:op-up"
            }
          }
        }
      ]
    },
    {
      "service-type": "ietf-vpn-common:vpls",
      "sap": [
        {
          "sap-id": "sap#1",
          "description": "Ready to host SAPs",
          "attachment-interface": "GE0/6/1",
          "interface-type": "ietf-sap-ntw:phy",
          "role": "ietf-sap-ntw:uni",
          "allows-child-saps": true,
          "sap-status": {
            "status": "ietf-vpn-common:op-up"
          }
        },
        {
          "sap-id": "sap#2",
          "description": "Ready to host SAPs",
          "attachment-interface": "GE0/6/4",
          "interface-type": "ietf-sap-ntw:phy",
          "role": "ietf-sap-ntw:uni",
          "allows-child-saps": true,
          "sap-status": {
            "status": "ietf-vpn-common:op-up"
          }
        },
        {
          "sap-id": "sap#4",
          "description": "Another description",
          "parent-termination-point": "GE0/6/4",
          "attachment-interface": "GE0/6/4.2",
          "interface-type": "ietf-sap-ntw:logical",
          "encapsulation-type": "ietf-vpn-common:vlan-type",
          "sap-status": {
            "status": "ietf-vpn-common:op-up"
          },
          "service-status": {
            "admin-status": {
              "status": "ietf-vpn-common:admin-up"
            },
            "oper-status": {
              "status": "ietf-vpn-common:op-up"
            }
          }
        }
      ]
    }
  ]
}
]]></artwork>
        </figure></t>
]]></sourcecode></figure>
      <t><xref target="app-ex-res-body-filter"></xref> target="app-ex-res-body-filter" format="default"/> shows an example of the
      response message body that is received from the network controller if
      the request includes a filter on the service type for a particular
      node:</t>

      <t><figure anchor="app-ex-res-body-filter"
          title="An
      <figure anchor="app-ex-res-body-filter">
        <name>An Example of a Response Body to a Request with a Service Filter">
          <artwork><![CDATA[{ Filter</name>
        <sourcecode type="json"><![CDATA[{
  "ietf-sap-ntw:service": [
    {
      "service-type": "ietf-vpn-common:l3vpn",
      "sap": [
        {
          "sap-id": "sap#1",
          "description": "Ready to host SAPs",
          "attachment-interface": "GE0/6/1",
          "interface-type": "ietf-sap-ntw:phy",
          "role": "ietf-sap-ntw:uni",
          "allows-child-saps": true,
          "sap-status": {
            "status": "ietf-vpn-common:op-up"
          }
        },
        {
          "sap-id": "sap#2",
          "description": "Ready to host SAPs",
          "attachment-interface": "GE0/6/4",
          "interface-type": "ietf-sap-ntw:phy",
          "role": "ietf-sap-ntw:uni",
          "allows-child-saps": true,
          "sap-status": {
            "status": "ietf-vpn-common:op-up"
          }
        },
        {
          "sap-id": "sap#3",
          "description": "A first SAP description",
          "parent-termination-point": "GE0/6/4",
          "attachment-interface": "GE0/6/4.1",
          "interface-type": "ietf-sap-ntw:logical",
          "encapsulation-type": "ietf-vpn-common:vlan-type",
          "sap-status": {
            "status": "ietf-vpn-common:op-up"
          },
          "service-status": {
            "admin-status": {
              "status": "ietf-vpn-common:admin-up"
            },
            "oper-status": {
              "status": "ietf-vpn-common:op-up"
            }
          }
        }
      ]
    }
  ]
}
]]></artwork>
        </figure></t>

      <t></t>
]]></sourcecode></figure>
    </section>
    <section anchor="nniapp"
             title="An numbered="true" toc="default">
      <name>An Example of an NNI SAP: Inter-AS VPN Option A">
      <t>Section 10 of <xref target="RFC4364"></xref> discuses A</name>
      <t><xref target="RFC4364" sectionFormat="of" section="10"/>
      discusses several options
      to extend a VPN service beyond the scope of a single Autonomous System
      (AS). For illustration purposes, this section focuses on the so-called
      "Option A" A", but similar examples can be considered for other options.</t>
      <t>In this option, an ASBR AS Border Router (ASBR) of an AS is directly connected to an ASBR of
      a neighboring AS. These two ASBRs are connected by multiple physical or
      logical interfaces. Also, at least one sub-interface is maintained by
      these ASBRs for each of the VPNs that require their routes to be passed
      from one AS to the other AS. Each ASBR behaves as a PE and treats the
      other as if it were a CE.</t>
      <t><xref target="optiona"></xref> target="optiona" format="default"/> shows a simplified (excerpt) topology
      of two ASes A and B with a focus on the interconnection links between
      these two ASes.</t>

      <t><figure align="center" anchor="optiona"
          title="An
      <figure anchor="optiona">
        <name>An Example of an Inter-AS VPN (Option A)"> A)</name>
        <artwork align="center"><![CDATA[.--------------------. align="center" name="" type="" alt=""><![CDATA[.--------------------.                      .--------------------.
|                    |                      |                    |
|              A  .--+--.                .--+--.  A              |
|              S  |     +================+     |  S              |
|              B  | (VRF1)----(VPN1)----(VRF1) |  B              |
|              R  |     |                |     |  R              |
|                 | (VRF2)----(VPN2)----(VRF2) |                 |
|              a  |     +================+     |  b              |
|              1  '--+--'                '--+--'  1              |
|     AS A           |                      |         AS B       |
|              A  .--+--.                .--+--.  A              |
|              S  |     +================+     |  S              |
|              B  | (VRF1)----(VPN1)----(VRF1) |  B              |
|              R  |     |                |     |  R              |
|                 | (VRF2)----(VPN2)----(VRF2) |                 |
|              a  |     +================+     |  b              |
|              2  '--+--'                '--+--'  2              |
|                    |                      |                    |
'--------------------'                      '--------------------']]></artwork>
        </figure></t>                      '--------------------'
]]></artwork> </figure>
      <t><xref target="nniex1"></xref> target="nniex1" format="default"/> shows an example of a message body that
      is received from the network controller of AS A (with a focus on the
      NNIs shown in <xref target="optiona"></xref>).</t>

      <t><figure anchor="nniex1" title="An target="optiona" format="default"/>).</t>
      <figure anchor="nniex1">
        <name>An Example of SAP Usage for NNI">
          <artwork><![CDATA[{ an NNI</name>
        <sourcecode type="json"><![CDATA[{
  "ietf-network:networks": {
    "network": [
      {
        "network-types": {
          "ietf-sap-ntw:sap-network": {
            "service-type": [
              "ietf-vpn-common:l3vpn"
            ]
          }
        },
        "network-id": "example:an-id",
        "node": [
          {
            "node-id": "example:asbr-a1",
            "ietf-sap-ntw:service": [
              {
                "service-type": "ietf-vpn-common:l3vpn",
                "sap": [
                  {
                    "sap-id": "sap#11",
                    "description": "parent inter-as link#1",
                    "role": "ietf-sap-ntw:nni",
                    "allows-child-saps": true,
                    "peer-sap-id": ["asbr-b1"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    }
                  },
                  {
                    "sap-id": "sap#12",
                    "description": "parent inter-as link#2",
                    "role": "ietf-sap-ntw:nni",
                    "allows-child-saps": true,
                    "peer-sap-id": ["asbr-b1"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    }
                  },
                  {
                    "sap-id": "sap#13",
                    "description": "vpn1",
                    "role": "ietf-sap-ntw:nni",
                    "peer-sap-id": ["asbr-b1"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#14",
                    "description": "vpn2",
                    "role": "ietf-sap-ntw:nni",
                    "peer-sap-id": ["asbr-b1"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  }
                ]
              }
            ]
          },
          {
            "node-id": "example:asbr-a2",
            "ietf-sap-ntw:service": [
              {
                "service-type": "ietf-vpn-common:l3vpn",
                "sap": [
                  {
                    "sap-id": "sap#11",
                    "description": "parent inter-as link#1",
                    "role": "ietf-sap-ntw:nni",
                    "allows-child-saps": true,
                    "peer-sap-id": ["asbr-b2"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    }
                  },
                  {
                    "sap-id": "sap#12",
                    "description": "parent inter-as link#2",
                    "role": "ietf-sap-ntw:nni",
                    "allows-child-saps": true,
                    "peer-sap-id": ["asbr-b2"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    }
                  },
                  {
                    "sap-id": "sap#21",
                    "description": "vpn1",
                    "role": "ietf-sap-ntw:nni",
                    "peer-sap-id": ["asbr-b2"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  },
                  {
                    "sap-id": "sap#22",
                    "description": "vpn2",
                    "role": "ietf-sap-ntw:nni",
                    "peer-sap-id": ["asbr-b2"],
                    "sap-status": {
                      "status": "ietf-vpn-common:op-up"
                    },
                    "service-status": {
                      "admin-status": {
                        "status": "ietf-vpn-common:admin-up"
                      },
                      "oper-status": {
                        "status": "ietf-vpn-common:op-up"
                      }
                    }
                  }
                ]
              }
            ]
          }
        ]
      }
    ]
  }
}]]></artwork>
        </figure></t>

      <t></t>
}
]]></sourcecode></figure>
    </section>
    <section anchor="servicesap"
             title="Examples numbered="true" toc="default">
      <name>Examples of Using the SAP Network Model in Service Creation"> Creation</name>
      <t>This section describes an example to examples that illustrate the use of the SAP
      model for service creation purposes.</t>
      <t>An example of a SAP topology is presented in <xref
      target="ex1"></xref>. target="ex1" format="default"/>. This example includes four PEs with their SAPs, as
      well as the customer information.</t>
      <t>Let us assume that an operator wants to create an L3VPN service
      between two PEs (PE3 and PE4) that are servicing two CEs (CE6 and CE7).
      To that aim, the operator would query the SAP topology and would obtain
      a response similar to what is depicted in <xref target="ex1"></xref>. target="ex1" format="default"/>.
      That response indicates that the SAPs having "sap#31" and "sap#43" as
      attachment identifiers do not have any installed services. This is
      particularly inferred from (1) the administrative 'service-status' which that is
      set to 'ietf-vpn-common:admin-down' for all the services that are
      supported by these two SAPs and (2) the absence of the anomalies discussed
  in <xref target="tree"/>. Note that none of the anomalies discussed in
      <xref target="tree"></xref> target="tree" format="default"/> are detected. Once the "free" SAPs are
      identified, the 'interface-type' and 'encapsulation-type' are checked to
      see if the requested L3VPN service is compatible with the SAP
      characteristics. If they are compatible, the 'attachment-id' value can
      be used as the VPN network access identifier in an L3NM create "create"
      query.</t>
      <t>A similar process can be followed for creating the so-called
      "Inter-AS VPN Option A" services. Unlike the previous example, let us
      assume that an operator wants to create an L3VPN service between two PEs
      (PE3 and PE4) but these PEs are not in the same AS: PE3 belongs to AS A
      while PE4 belongs to AS B. The NNIs between these ASes are represented
      in <xref target="optiona"></xref>. target="optiona" format="default"/>. The operator of AS A would query, via
      the controller of its AS, the SAP topology and would obtain not only the
      information that is depicted in <xref target="ex1"></xref>, target="ex1" format="default"/> but also the
      information shown in <xref target="nniex1"></xref> target="nniex1" format="default"/> representing the
      NNIs. The operator would create the service in the AS A between PE3 and
      a free, compatible SAP in the ASBR A1. The same procedure is followed by
      the operator of AS B to create the service in the AS B between a free,
      compatible SAP in the ASBR B1 and PE4. The services can be provisioned
      in each of these ASes using the L3NM.</t>
      <t>Let us now assume that, instead of the L3VPN service, the operator
      wants to set up an L2VPN service. If the 'interface-type' is a physical
      port, a new logical SAP can be created using the SAP model to cope with
      the service service's needs (e.g., the 'encapsulation-type' attribute can be set
      to 'ietf-vpn-common:vlan-type'). Once the logical SAP is created, the
      'attachment-id' of the new SAP is used to create an L2NM instance
      (Section 7.6 of <xref target="RFC9291"></xref>).</t>
      (<xref target="RFC9291" sectionFormat="of" section="7.6"/>).</t>
    </section>
    <section anchor="Acknowledgements" numbered="false" toc="default">
      <name>Acknowledgements</name>
      <t>Thanks to <contact fullname="Adrian Farrel"/>,
      <contact fullname="Daniel King"/>, <contact fullname="Dhruv Dhody"/>,
      <contact fullname="Benoit Claise"/>, <contact fullname="Bo Wu"/>,
      <contact fullname="Erez Segev"/>, <contact fullname="Raul Arco"/>,
      <contact fullname="Joe Clarke"/>,
      <contact fullname="Riyas Valiyapalathingal"/>,
      <contact fullname="Tom Petch"/>, <contact fullname="Olga Havel"/>, and
      <contact fullname="Richard Roberts"/> for their comments.</t>
      <t>Thanks to <contact fullname="Martin Björklund"/> for the YANG Doctors
      review, <contact fullname="Menachem Dodge"/> for the opsdir review,
      <contact fullname="Mach Chen"/> for the rtgdir review,
      <contact fullname="Linda Dunbar"/> for the genart review, and
      <contact fullname="Ivaylo Petrov"/> for the secdir
      review.</t>
      <t>Special thanks to <contact fullname="Adrian Farrel"/> for the Shepherd
      review and <contact fullname="Rob Wilton"/> for the careful AD review.</t>
      <t>Thanks to <contact fullname="Lars Eggert"/>,
      <contact fullname="Roman Danyliw"/>, and
      <contact fullname="Zaheduzzaman Sarker"/> for their
      comments during the IESG review.</t>
    </section>
  </back>
</rfc>