rfc9617.original   rfc9617.txt 
IPPM T. Zhou, Ed. Internet Engineering Task Force (IETF) T. Zhou, Ed.
Internet-Draft Huawei Request for Comments: 9617 Huawei
Intended status: Standards Track J. Guichard Category: Standards Track J. Guichard
Expires: 2 September 2024 Futurewei ISSN: 2070-1721 Futurewei
F. Brockners F. Brockners
S. Raghavan S. Raghavan
Cisco Systems Cisco Systems
1 March 2024 August 2024
A YANG Data Model for In-Situ OAM A YANG Data Model for In Situ Operations, Administration, and
draft-ietf-ippm-ioam-yang-13 Maintenance (IOAM)
Abstract Abstract
In-situ Operations, Administration, and Maintenance (IOAM) is an In situ Operations, Administration, and Maintenance (IOAM) is an
example of an on-path hybrid measurement method. IOAM defines a example of an on-path hybrid measurement method. IOAM defines a
method to produce operational and telemetry information that may be method for producing operational and telemetry information that may
exported using the in-band or out-of-band method. RFC9197 and be exported using the in-band or out-of-band method. RFCs 9197 and
RFC9326 discuss the data fields and associated data types for IOAM. 9326 discuss the data fields and associated data types for IOAM.
This document defines a YANG module for the configuration of IOAM This document defines a YANG module for the configuration of IOAM
functions. functions.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 2 September 2024. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9617.
Copyright Notice Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Please review these documents carefully, as they describe your rights carefully, as they describe your rights and restrictions with respect
and restrictions with respect to this document. Code Components to this document. Code Components extracted from this document must
extracted from this document must include Revised BSD License text as include Revised BSD License text as described in Section 4.e of the
described in Section 4.e of the Trust Legal Provisions and are Trust Legal Provisions and are provided without warranty as described
provided without warranty as described in the Revised BSD License. in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Conventions used in this document . . . . . . . . . . . . . . 3 2. Conventions Used in This Document
2.1. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Tree Diagrams
3. Design of the IOAM YANG Data Model . . . . . . . . . . . . . 3 3. Design of the IOAM YANG Data Model
3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Overview
3.2. Preallocated Tracing Profile . . . . . . . . . . . . . . 5 3.2. Pre-allocated Tracing Profile
3.3. Incremental Tracing Profile . . . . . . . . . . . . . . . 6 3.3. Incremental Tracing Profile
3.4. Direct Export Profile . . . . . . . . . . . . . . . . . . 6 3.4. Direct Export Profile
3.5. Proof of Transit Profile . . . . . . . . . . . . . . . . 6 3.5. Proof of Transit Profile
3.6. Edge-to-Edge Profile . . . . . . . . . . . . . . . . . . 7 3.6. Edge-to-Edge Profile
4. IOAM YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 4. IOAM YANG Module
5. Security Considerations . . . . . . . . . . . . . . . . . . . 22 5. Security Considerations
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 6. IANA Considerations
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 7. Normative References
8. Normative References . . . . . . . . . . . . . . . . . . . . 24 Appendix A. An Example of the Incremental Tracing Profile
Appendix A. An Example of Incremental Tracing Profile . . . . . 26 Appendix B. An Example of the Pre-allocated Tracing Profile
Appendix B. An Example of Pre-allocated Tracing Profile . . . . 26 Appendix C. An Example of the Direct Export Profile
Appendix C. An Example of Direct Export Profile . . . . . . . . 27 Appendix D. An Example of the Proof of Transit Profile
Appendix D. An Example of Proof of Transit Profile . . . . . . . 28 Appendix E. An Example of the Edge-to-Edge Profile
Appendix E. An Example of Edge-to-Edge Profile . . . . . . . . . 29 Acknowledgements
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30 Authors' Addresses
1. Introduction 1. Introduction
In-situ Operations, Administration, and Maintenance (IOAM) is an In situ Operations, Administration, and Maintenance (IOAM) is an
example of an on-path hybrid measurement method. IOAM defines a example of an on-path hybrid measurement method. IOAM defines a
method to produce operational and telemetry information that may be method for producing operational and telemetry information that may
exported using the in-band or out-of-band method. The data types and be exported using the in-band or out-of-band method. The data types
data formats for IOAM data records have been defined in [RFC9197] and and data formats for IOAM data records have been defined in [RFC9197]
[RFC9326]. The IOAM data can be embedded in many protocol and [RFC9326]. The IOAM data can be embedded in many protocol
encapsulations such as Network Services Header (NSH) and IPv6. encapsulations, such as the Network Service Header (NSH) [RFC9452]
and IPv6.
This document defines a data model for the configuration of IOAM This document defines a data model for the configuration of IOAM
capabilities using the YANG data modeling language [RFC7950]. This capabilities using the YANG data modeling language [RFC7950]. This
YANG model supports five IOAM options, which are: YANG data model supports five IOAM options, which are as follows:
* Incremental Tracing Option [RFC9197] * Incremental Trace-Option [RFC9197]
* Pre-allocated Trace-Option [RFC9197]
* Pre-allocated Tracing Option [RFC9197]
* Direct Export Option [RFC9326] * Direct Export Option [RFC9326]
* Proof of Transit (PoT) Option [RFC9197] * Proof of Transit (POT) Option [RFC9197]
* Edge-to-Edge Option [RFC9197] * Edge-to-Edge Option [RFC9197]
2. Conventions used in this document 2. Conventions Used in This Document
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
BCP14, [RFC2119], [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
The following terms are defined in [RFC7950] and are used in this The following terms are defined in [RFC7950] and are used in this
specification: specification:
* augment * augment
* data model * data model
* data node * data node
skipping to change at page 3, line 39 skipping to change at line 131
2.1. Tree Diagrams 2.1. Tree Diagrams
Tree diagrams used in this document follow the notation defined in Tree diagrams used in this document follow the notation defined in
[RFC8340]. [RFC8340].
3. Design of the IOAM YANG Data Model 3. Design of the IOAM YANG Data Model
3.1. Overview 3.1. Overview
The IOAM model is organized as list of profiles as shown in the The IOAM model is organized as a list of profiles, as shown in the
following figure. Each profile associates with one flow and the following figure. Each profile associates with one flow and the
corresponding IOAM information. corresponding IOAM information.
module: ietf-ioam module: ietf-ioam
+--rw ioam +--rw ioam
+--ro info +--ro info
| +--ro timestamp-type? identityref | +--ro timestamp-type? identityref
| +--ro available-interface* [if-name] | +--ro available-interface* [if-name]
| +--ro if-name if:interface-ref | +--ro if-name if:interface-ref
+--rw admin-config +--rw admin-config
| +--rw enabled? boolean | +--rw enabled? boolean
+--rw profiles +--rw profiles
+--rw profile* [profile-name] +--rw profile* [profile-name]
+--rw profile-name string +--rw profile-name string
+--rw filter +--rw filter
| +--rw filter-type? ioam-filter-type | +--rw filter-type? ioam-filter-type
| +--rw ace-name? -> /acl:acls/acl/aces/ace/name | +--rw ace-name? -> /acl:acls/acl/aces/ace/name
+--rw protocol-type? ioam-protocol-type +--rw protocol-type? ioam-protocol-type
+--rw incremental-tracing-profile {incremental-trace}? +--rw incremental-tracing-profile {incremental-trace}?
| ... | ...
+--rw preallocated-tracing-profile {preallocated-trace}? +--rw preallocated-tracing-profile {preallocated-trace}?
| ... | ...
+--rw direct-export-profile {direct-export}? +--rw direct-export-profile {direct-export}?
| ... | ...
+--rw pot-profile {proof-of-transit}? +--rw pot-profile {proof-of-transit}?
| ... | ...
+--rw e2e-profile {edge-to-edge}? +--rw e2e-profile {edge-to-edge}?
...
The "info" is a container for all the read-only information that The "info" parameter is a container for all the read-only information
assists monitoring systems in the interpretation of the IOAM data. that assists monitoring systems in the interpretation of the IOAM
data.
The "enabled" is an administrative configuration. When it is set to The "enabled" parameter is an administrative configuration. When it
true, IOAM configuration is enabled for the system. Meanwhile, the is set to "true", IOAM configuration is enabled for the system.
IOAM data-plane functionality is enabled. Meanwhile, the IOAM data plane functionality is enabled.
The "filter" is used to identify a flow, where the IOAM profile can The "filter" parameter is used to identify a flow, where the IOAM
apply. There may be multiple filter types. ACL [RFC8519] is a profile can apply. There may be multiple filter types. Access
common way to specify a flow. Each IOAM profile can associate with Control Lists (ACLs) [RFC8519] provide a common way to specify a
an ACE(Access Control Entry). IOAM actions MUST be driven by the flow. Each IOAM profile can associate with an ACE (Access Control
accepted packets, when the matched ACE "forwarding" action is Entry). When the matched ACE "forwarding" action is "accept", IOAM
"accept". actions MUST be driven by the accepted packets.
The IOAM data can be encapsulated into multiple protocols, e.g., IPv6 The IOAM data can be encapsulated into multiple protocols, e.g., IPv6
[RFC9486] and NSH [RFC9452]. The "protocol-type" is used to indicate [RFC9486] and the NSH [RFC9452]. The "protocol-type" parameter is
where the IOAM is applied. For example, if the "protocol-type" is used to indicate where IOAM is applied. For example, if "protocol-
IPv6, the IOAM ingress node will encapsulate the associated flow with type" is set to "ipv6", the IOAM ingress node will encapsulate the
the IPv6-IOAM [RFC9486] format. associated flow according to [RFC9486].
In this document, IOAM data includes five encapsulation types, i.e., In this document, IOAM data includes five encapsulation types, i.e.,
incremental tracing data, preallocated tracing data, direct export incremental tracing data, pre-allocated tracing data, direct export
data, proof of transit data and end to end data. In practice, data, proof of transit data, and end-to-end data. In practice,
multiple IOAM data types can be encapsulated into the same IOAM multiple IOAM data types can be encapsulated into the same IOAM
header. The "profile" contains a set of sub-profiles, each of which header. The "profile" parameter contains a set of sub-profiles, each
relates to one encapsulation type. The configured object may not of which relates to one encapsulation type. The configured object
support all the sub-profiles. The supported sub-profiles are may not support all the sub-profiles. The supported sub-profiles are
indicated by 5 defined features, i.e., "incremental-trace", indicated by five defined features, i.e., "incremental-trace",
"preallocated-trace", "direct-export", "proof-of-transit" and "edge- "preallocated-trace", "direct-export", "proof-of-transit", and "edge-
to-edge". to-edge".
This document uses the Access Control List YANG module [RFC8519], the This document uses the "ietf-access-control-list" YANG module
Interfaces YANG module [RFC8343] and the LIME Time Types YANG module [RFC8519], the "ietf-interfaces" YANG module [RFC8343], and the
[RFC8532]. "ietf-lime-time-types" YANG module [RFC8532].
The YANG data model in this document conform to the Network The YANG data model in this document conforms to the Network
Management Datastore Architecture (NMDA) defined in [RFC8342]. Management Datastore Architecture (NMDA) defined in [RFC8342].
3.2. Preallocated Tracing Profile 3.2. Pre-allocated Tracing Profile
The IOAM tracing data is expected to be collected at every node that To ensure visibility into the entire path that a packet takes within
a packet traverses to ensure visibility into the entire path a packet an IOAM domain, the IOAM tracing data is expected to be collected at
takes within an IOAM domain. The preallocated tracing option will every node that a packet traverses. The Pre-allocated Trace-Option
create pre-allocated space for each node to populate its information will create pre-allocated space for each node to populate its
. The "preallocated-tracing-profile" contains the detailed information. The "preallocated-tracing-profile" parameter contains
information for the preallocated tracing data. The information the detailed information for the pre-allocated tracing data. This
includes: information includes:
* node-action: indicates the operation (e.g., encapsulate IOAM node-action: indicates the operation (e.g., encapsulate the IOAM
header, transit the IOAM data, or decapsulate IOAM header) applied header, transit the IOAM data, or decapsulate the IOAM header)
to the dedicated flow. applied to the dedicated flow.
* use-namespace: indicates the namespace used for the trace types. use-namespace: indicates the namespace used for the trace types.
* trace-type: indicates the per-hop data to be captured by the IOAM trace-type: indicates the per-hop data to be captured by IOAM-
enabled nodes and included in the node data list. enabled nodes and included in the node data list.
* max-length: specifies the maximum length of the node data list in max-length: specifies the maximum length of the node data list in
octets. The max-length is only defined at the encapsulation node. octets. "max-length" is only defined at the encapsulation node.
+--rw preallocated-tracing-profile {preallocated-trace}? +--rw preallocated-tracing-profile {preallocated-trace}?
+--rw node-action? ioam-node-action +--rw node-action? ioam-node-action
+--rw trace-types +--rw trace-types
| +--rw use-namespace? ioam-namespace | +--rw use-namespace? ioam-namespace
| +--rw trace-type* ioam-trace-type | +--rw trace-type* ioam-trace-type
+--rw max-length? uint32 +--rw max-length? uint32
3.3. Incremental Tracing Profile 3.3. Incremental Tracing Profile
The incremental tracing option contains a variable node data fields The Incremental Trace-Option contains a variable-length list of node
where each node allocates and pushes its node data immediately data fields, where each node allocates and pushes its node data
following the option header. The "incremental-tracing-profile" immediately following the option header. The "incremental-tracing-
contains the detailed information for the incremental tracing data. profile" parameter contains the detailed information for the
The detailed information is the same as the Preallocated Tracing incremental tracing data. This information is the same as that for
Profile. the Pre-allocated Tracing Profile; see Section 3.2.
+--rw incremental-tracing-profile {incremental-trace}? +--rw incremental-tracing-profile {incremental-trace}?
+--rw node-action? ioam-node-action +--rw node-action? ioam-node-action
+--rw trace-types +--rw trace-types
| +--rw use-namespace? ioam-namespace | +--rw use-namespace? ioam-namespace
| +--rw trace-type* ioam-trace-type | +--rw trace-type* ioam-trace-type
+--rw max-length? uint32 +--rw max-length? uint32
3.4. Direct Export Profile 3.4. Direct Export Profile
The direct export option is used as a trigger for IOAM data to be The Direct Export Option is used as a trigger for IOAM data to be
directly exported or locally aggregated without being pushed into in- directly exported or locally aggregated without being pushed into in-
flight data packets. The "direct-export-profile" contains the flight data packets. The "direct-export-profile" parameter contains
detailed information for the direct export data. The detailed the detailed information for the direct export data. This
information is the same as the Preallocated Tracing Profile, but with information is the same as that for the Pre-allocated Tracing Profile
two more optional variables: (Section 3.2), but with two more optional variables:
* flow-id: is used to correlate the exported data of the same flow flow-id: used to correlate the exported data of the same flow from
from multiple nodes and from multiple packets. multiple nodes and from multiple packets.
* enable-sequence-number: indicates whether the sequence number is enable-sequence-number: indicates whether the sequence number is
used in the direct export option. used in the Direct Export Option.
+--rw direct-export-profile {direct-export}? +--rw direct-export-profile {direct-export}?
+--rw node-action? ioam-node-action +--rw node-action? ioam-node-action
+--rw trace-types +--rw trace-types
| +--rw use-namespace? ioam-namespace | +--rw use-namespace? ioam-namespace
| +--rw trace-type* ioam-trace-type | +--rw trace-type* ioam-trace-type
+--rw flow-id? uint32 +--rw flow-id? uint32
+--rw enable-sequence-number? boolean +--rw enable-sequence-number? boolean
3.5. Proof of Transit Profile 3.5. Proof of Transit Profile
The IOAM Proof of Transit data is to support the path or service The IOAM proof of transit data is used to support the path or service
function chain verification use cases. The "pot-profile" is intended function chain verification use cases. The "pot-profile" parameter
to contain the detailed information for the proof of transit data. is intended to contain the detailed information for the proof of
"use-namespace" indicates the namespace used for the POT types. transit data. The "use-namespace" parameter indicates the namespace
"pot-type" indicates a particular POT variant that specifies the POT used for the POT types. The "pot-type" parameter indicates a
data that is included. There may be several POT types, which have particular POT variant that specifies the POT data that is included.
different configuration data. To align with [RFC9197], this document There may be several POT types, each having different configuration
only defines IOAM POT type 0. User need to augment this module for data. To align with [RFC9197], this document only defines IOAM POT
the configuration of a specifc POT type. type 0. Users need to augment this module for the configuration of a
specific POT type.
+--rw pot-profile {proof-of-transit}? +--rw pot-profile {proof-of-transit}?
+--rw use-namespace? ioam-namespace +--rw use-namespace? ioam-namespace
+--rw pot-type? ioam-pot-type +--rw pot-type? ioam-pot-type
3.6. Edge-to-Edge Profile 3.6. Edge-to-Edge Profile
The IOAM edge-to-edge option is to carry data that is added by the The IOAM Edge-to-Edge Option is used to carry data that is added by
IOAM encapsulating node and interpreted by IOAM decapsulating node. the IOAM encapsulating node and interpreted by the IOAM decapsulating
The "e2e-profile" contains the detailed information for the edge-to- node. The "e2e-profile" parameter contains the detailed information
edge data. The detailed information includes: for the edge-to-edge data. This information includes:
* node-action is the same semantic as in Section 3.2. node-action: the same semantic as that provided in Section 3.2.
* use-namespace: indicate the namespace used for the edge-to-edge use-namespace: indicates the namespace used for the edge-to-edge
types. types.
* e2e-type: indicates data to be carried from the ingress IOAM node e2e-type: indicates data to be carried from the ingress IOAM node to
to the egress IOAM node. the egress IOAM node.
+--rw e2e-profile {edge-to-edge}? +--rw e2e-profile {edge-to-edge}?
+--rw node-action? ioam-node-action +--rw node-action? ioam-node-action
+--rw e2e-types +--rw e2e-types
+--rw use-namespace? ioam-namespace +--rw use-namespace? ioam-namespace
+--rw e2e-type* ioam-e2e-type +--rw e2e-type* ioam-e2e-type
4. IOAM YANG Module 4. IOAM YANG Module
<CODE BEGINS> file "ietf-ioam@2024-03-01.yang" The "ietf-ioam" module defined in this document imports typedefs from
[RFC8519], [RFC8343], and [RFC8532]. This document also references
[RFC9197], [RFC9326], [RFC9486], and [RFC9452].
<CODE BEGINS> file "ietf-ioam@2024-07-12.yang"
module ietf-ioam { module ietf-ioam {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-ioam"; namespace "urn:ietf:params:xml:ns:yang:ietf-ioam";
prefix "ioam"; prefix ioam;
import ietf-access-control-list { import ietf-access-control-list {
prefix "acl"; prefix acl;
reference reference
"RFC 8519: YANG Data Model for Network Access Control "RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)"; Lists (ACLs)";
} }
import ietf-interfaces { import ietf-interfaces {
prefix "if"; prefix if;
reference reference
"RFC 8343: A YANG Data Model for Interface Management"; "RFC 8343: A YANG Data Model for Interface Management";
} }
import ietf-lime-time-types { import ietf-lime-time-types {
prefix "lime"; prefix lime;
reference reference
"RFC 8532: Generic YANG Data Model for the Management of "RFC 8532: Generic YANG Data Model for the Management of
Operations, Administration, and Maintenance (OAM) Protocols Operations, Administration, and Maintenance (OAM) Protocols
That Use Connectionless Communications"; That Use Connectionless Communications";
} }
organization organization
"IETF IPPM (IP Performance Metrics) Working Group"; "IETF IPPM (IP Performance Measurement) Working Group";
contact contact
"WG Web: <https://datatracker.ietf.org/wg/ippm> "WG Web: <https://datatracker.ietf.org/wg/ippm>
WG List: <ippm@ietf.org> WG List: <mailto:ippm@ietf.org>
Editor: zhoutianran@huawei.com Editor: Tianran Zhou
Editor: james.n.guichard@futurewei.com <mailto:zhoutianran@huawei.com>
Editor: fbrockne@cisco.com Author: Jim Guichard
Editor: srihari@cisco.com"; <mailto:james.n.guichard@futurewei.com>
Author: Frank Brockners
<mailto:fbrockne@cisco.com>
Author: Srihari Raghavan
<mailto:srihari@cisco.com>";
description description
"This YANG module specifies a vendor-independent data "This YANG module specifies a vendor-independent data model
model for the In Situ OAM (IOAM). for In Situ Operations, Administration, and Maintenance
(IOAM).
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as 'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here. they appear in all capitals, as shown here.
Copyright (c) 2024 IETF Trust and the persons identified as Copyright (c) 2024 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC 9617; see the
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself RFC itself for full legal notices.";
for full legal notices.";
revision 2024-03-01 {
description "Initial revision.";
reference "RFC XXXX: A YANG Data Model for In-Situ OAM";
revision 2024-07-12 {
description
"Initial revision.";
reference
"RFC 9617: A YANG Data Model for In Situ Operations,
Administration, and Maintenance (IOAM)";
} }
/* /*
* FEATURES * FEATURES
*/ */
feature incremental-trace feature incremental-trace {
{
description description
"This feature indicated that the incremental tracing option is "This feature indicates that the Incremental Trace-Option is
supported."; supported.";
reference "RFC 9197: Data Fields for In-situ OAM"; reference
"RFC 9197: Data Fields for In Situ Operations,
Administration, and Maintenance (IOAM)";
} }
feature preallocated-trace feature preallocated-trace {
{
description description
"This feature indicated that the preallocated tracing option is "This feature indicates that the Pre-allocated Trace-Option
supported."; is supported.";
reference "RFC 9197: Data Fields for In-situ OAM"; reference
"RFC 9197: Data Fields for In Situ Operations,
Administration, and Maintenance (IOAM)";
} }
feature direct-export feature direct-export {
{
description description
"This feature indicated that the direct export option is "This feature indicates that the Direct Export Option is
supported."; supported.";
reference "RFC 9326: In-situ OAM Direct Exporting"; reference
"RFC 9326: In Situ Operations, Administration, and
Maintenance (IOAM) Direct Exporting";
} }
feature proof-of-transit feature proof-of-transit {
{
description description
"This feature indicated that the proof of transit option is "This feature indicates that the Proof of Transit Option is
supported"; supported.";
reference "RFC 9197: Data Fields for In-situ OAM"; reference
"RFC 9197: Data Fields for In Situ Operations,
Administration, and Maintenance (IOAM)";
} }
feature edge-to-edge feature edge-to-edge {
{
description description
"This feature indicated that the edge-to-edge option is "This feature indicates that the Edge-to-Edge Option is
supported."; supported.";
reference "RFC 9197: Data Fields for In-situ OAM"; reference
"RFC 9197: Data Fields for In Situ Operations,
Administration, and Maintenance (IOAM)";
} }
/* /*
* IDENTITIES * IDENTITIES
*/ */
identity filter { identity filter {
description description
"Base identity to represent a filter. A filter is used to "Base identity to represent a filter. A filter is used to
specify the flow to apply the IOAM profile. "; specify the flow to apply the IOAM profile.";
} }
identity acl-filter { identity acl-filter {
base filter; base filter;
description description
"Apply ACL rules to specify the flow."; "Apply Access Control List (ACL) rules to specify the
flow.";
} }
identity protocol { identity protocol {
description description
"Base identity to represent the carrier protocol. It's used to "Base identity to represent the carrier protocol. It is
indicate what layer and protocol the IOAM data is embedded."; used to indicate in what layer and protocol the IOAM data
is embedded.";
} }
identity ipv6 { identity ipv6 {
base protocol; base protocol;
description description
"The described IOAM data is embedded in IPv6 protocol."; "The described IOAM data is embedded in IPv6.";
reference reference
"RFC 9486: In-situ OAM IPv6 Options"; "RFC 9486: IPv6 Options for In Situ Operations,
Administration, and Maintenance (IOAM)";
} }
identity nsh { identity nsh {
base protocol; base protocol;
description description
"The described IOAM data is embedded in NSH."; "The described IOAM data is embedded in the Network Service
Header (NSH).";
reference reference
"RFC 9452: Network Service Header (NSH) "RFC 9452: Network Service Header (NSH) Encapsulation for
Encapsulation for In-situ OAM (IOAM) Data"; In Situ OAM (IOAM) Data";
} }
identity node-action { identity node-action {
description description
"Base identity to represent the node actions. It's used to "Base identity to represent the node actions. It is used to
indicate what action the node will take."; indicate what action the node will take.";
} }
identity action-encapsulate { identity action-encapsulate {
base node-action; base node-action;
description description
"It indicates the node is to encapsulate the IOAM packet"; "This identity indicates that the node is used to
encapsulate the IOAM packet.";
} }
identity action-decapsulate { identity action-decapsulate {
base node-action; base node-action;
description description
"It indicates the node is to decapsulate the IOAM packet"; "This identity indicates that the node is used to
decapsulate the IOAM packet.";
} }
identity action-transit { identity action-transit {
base node-action; base node-action;
description description
"It indicates the node is to transit the IOAM packet"; "This identity indicates that the node is used to transit
the IOAM packet.";
} }
identity trace-type { identity trace-type {
description description
"Base identity to represent trace types."; "Base identity to represent trace types.";
} }
identity trace-hop-lim-node-id { identity trace-hop-lim-node-id {
base trace-type; base trace-type;
description description
"It indicates the presence of Hop_Lim and node_id in the "This identity indicates the presence of 'Hop_Lim' and
node data."; 'node_id' in the node data.";
reference
"RFC 9197: Data Fields for In Situ Operations,
Administration, and Maintenance (IOAM)";
} }
identity trace-if-id { identity trace-if-id {
base trace-type; base trace-type;
description description
"It indicates presence of ingress_if_id and egress_if_id "This identity indicates the presence of 'ingress_if_id' and
(short format) in the node data."; 'egress_if_id' (short format) in the node data.";
reference
"RFC 9197: Data Fields for In Situ Operations,
Administration, and Maintenance (IOAM)";
} }
identity trace-timestamp-seconds { identity trace-timestamp-seconds {
base trace-type; base trace-type;
description description
"It indicates presence of timestamp seconds in the node data."; "This identity indicates the presence of timestamp seconds
in the node data.";
} }
identity trace-timestamp-fraction { identity trace-timestamp-fraction {
base trace-type; base trace-type;
description description
"It indicates presence of timestamp fraction in the node "This identity indicates the presence of a timestamp
data."; fraction in the node data.";
} }
identity trace-transit-delay { identity trace-transit-delay {
base trace-type; base trace-type;
description description
"It indicates presence of transit delay in the node data."; "This identity indicates the presence of transit delay in
the node data.";
} }
identity trace-namespace-data { identity trace-namespace-data {
base trace-type; base trace-type;
description description
"It indicates presence of name space specific data (short "This identity indicates the presence of namespace-specific
format) in the node data."; data (short format) in the node data.";
} }
identity trace-queue-depth { identity trace-queue-depth {
base trace-type; base trace-type;
description description
"It indicates presence of queue depth in the node data."; "This identity indicates the presence of queue depth in the
node data.";
} }
identity trace-checksum-complement { identity trace-checksum-complement {
base trace-type; base trace-type;
description description
"It indicates presence of the Checksum Complement node data."; "This identity indicates the presence of the Checksum
Complement in the node data.";
reference
"RFC 9197: Data Fields for In Situ Operations,
Administration, and Maintenance (IOAM)";
} }
identity trace-hop-lim-node-id-wide { identity trace-hop-lim-node-id-wide {
base trace-type; base trace-type;
description description
"It indicates presence of Hop_Lim and node_id in wide format "This identity indicates the presence of 'Hop_Lim' and
in the node data."; 'node_id' (wide format) in the node data.";
} }
identity trace-if-id-wide { identity trace-if-id-wide {
base trace-type; base trace-type;
description description
"It indicates presence of ingress_if_id and egress_if_id in "This identity indicates the presence of 'ingress_if_id' and
wide format in the node data."; 'egress_if_id' (wide format) in the node data.";
} }
identity trace-namespace-data-wide { identity trace-namespace-data-wide {
base trace-type; base trace-type;
description description
"It indicates presence of IOAM-Namespace specific data in wide "This identity indicates the presence of
format in the node data."; IOAM-namespace-specific data (wide format) in the
node data.";
} }
identity trace-buffer-occupancy { identity trace-buffer-occupancy {
base trace-type; base trace-type;
description description
"It indicates presence of buffer occupancy in the node data."; "This identity indicates the presence of buffer occupancy
in the node data.";
} }
identity trace-opaque-state-snapshot { identity trace-opaque-state-snapshot {
base trace-type; base trace-type;
description description
"It indicates presence of variable length Opaque State Snapshot "This identity indicates the presence of the variable-length
field."; Opaque State Snapshot field.";
} }
identity pot-type { identity pot-type {
description description
"Base identity to represent Proof of Transit (PoT) types."; "Base identity to represent Proof of Transit (POT) types.";
} }
identity pot-type-0 { identity pot-type-0 {
base pot-type; base pot-type;
description description
"The IOAM POT Type field value is 0, and POT data is a 16 "The IOAM field value for the POT type is 0, and POT data is
Octet field to carry data associated to POT procedures."; a 16-octet field to carry data associated with POT
procedures.";
} }
identity e2e-type { identity e2e-type {
description description
"Base identity to represent edge-to-edge types."; "Base identity to represent edge-to-edge types.";
} }
identity e2e-seq-num-64 { identity e2e-seq-num-64 {
base e2e-type; base e2e-type;
description description
"It indicates presence of a 64-bit sequence number."; "This identity indicates the presence of a 64-bit
sequence number.";
} }
identity e2e-seq-num-32 { identity e2e-seq-num-32 {
base e2e-type; base e2e-type;
description description
"It indicates the presence of a 32-bit sequence number."; "This identity indicates the presence of a 32-bit
sequence number.";
} }
identity e2e-timestamp-seconds { identity e2e-timestamp-seconds {
base e2e-type; base e2e-type;
description description
"It indicates the presence of timestamp seconds representing "This identity indicates the presence of timestamp seconds
the time at which the packet entered the IOAM-domain."; representing the time at which the packet entered the
IOAM domain.";
} }
identity e2e-timestamp-fraction { identity e2e-timestamp-fraction {
base e2e-type; base e2e-type;
description description
"It indicates the presence of timestamp fraction representing "This identity indicates the presence of a timestamp
the time at which the packet entered the IOAM-domain."; fraction representing the time at which the packet entered
the IOAM domain.";
} }
identity namespace { identity namespace {
description description
"Base identity to represent the Namespace-ID."; "Base identity to represent the Namespace-ID.";
} }
identity default-namespace { identity default-namespace {
base namespace; base namespace;
description description
"The Namespace-ID value of 0x0000 is defined as the "The Namespace-ID value of 0x0000 is defined as the
Default-Namespace-ID and MUST be known to all the nodes Default-Namespace-ID and MUST be known to all the nodes
implementing IOAM."; implementing IOAM.";
} }
/* /*
* TYPE DEFINITIONS * TYPE DEFINITIONS
*/ */
typedef ioam-filter-type { typedef ioam-filter-type {
type identityref { type identityref {
base filter; base filter;
} }
description description
"It specifies a known type of filter."; "This type specifies a known type of filter.";
} }
typedef ioam-protocol-type { typedef ioam-protocol-type {
type identityref { type identityref {
base protocol; base protocol;
} }
description description
"It specifies a known type of carrier protocol for the IOAM "This type specifies a known type of carrier protocol for
data."; the IOAM data.";
} }
typedef ioam-node-action { typedef ioam-node-action {
type identityref { type identityref {
base node-action; base node-action;
} }
description description
"It specifies a known type of node action."; "This type specifies a known type of node action.";
} }
typedef ioam-trace-type { typedef ioam-trace-type {
type identityref { type identityref {
base trace-type; base trace-type;
} }
description description
"It specifies a known trace type."; "This type specifies a known trace type.";
} }
typedef ioam-pot-type { typedef ioam-pot-type {
type identityref { type identityref {
base pot-type; base pot-type;
} }
description description
"It specifies a known pot type."; "This type specifies a known POT type.";
} }
typedef ioam-e2e-type { typedef ioam-e2e-type {
type identityref { type identityref {
base e2e-type; base e2e-type;
} }
description description
"It specifies a known edge-to-edge type."; "This type specifies a known edge-to-edge type.";
} }
typedef ioam-namespace { typedef ioam-namespace {
type identityref { type identityref {
base namespace; base namespace;
} }
description description
"It specifies the supported namespace."; "This type specifies the supported namespace.";
} }
/* /*
* GROUP DEFINITIONS * GROUP DEFINITIONS
*/ */
grouping ioam-filter { grouping ioam-filter {
description "A grouping for IOAM filter definition"; description
"A grouping for IOAM filter definitions.";
leaf filter-type { leaf filter-type {
type ioam-filter-type; type ioam-filter-type;
description "filter type"; description
"Filter type.";
} }
leaf ace-name { leaf ace-name {
when "derived-from-or-self(../filter-type, 'ioam:acl-filter')"; when "derived-from-or-self(../filter-type, 'ioam:acl-filter')";
type leafref { type leafref {
path "/acl:acls/acl:acl/acl:aces/acl:ace/acl:name"; path "/acl:acls/acl:acl/acl:aces/acl:ace/acl:name";
} }
description "The Access Control Entry name is used to description
refer to an ACL specification."; "The Access Control Entry name is used to refer to an ACL
specification.";
} }
} }
grouping encap-tracing { grouping encap-tracing {
description description
"A grouping for the generic configuration for "A grouping for the generic configuration for the
tracing profile."; tracing profile.";
container trace-types { container trace-types {
description description
"It indicates the list of trace types for encapsulation."; "This container provides the list of trace types for
encapsulation.";
leaf use-namespace { leaf use-namespace {
type ioam-namespace; type ioam-namespace;
default default-namespace; default "default-namespace";
description description
"It indicates the name space used for encapsulation."; "This object indicates the namespace used for
encapsulation.";
} }
leaf-list trace-type { leaf-list trace-type {
type ioam-trace-type; type ioam-trace-type;
description description
"The trace type is only defined at the encapsulation "The trace type is only defined at the encapsulation
node."; node.";
} }
} }
leaf max-length { leaf max-length {
when "derived-from-or-self(../node-action, when "derived-from-or-self(../node-action,
'ioam:action-encapsulate')"; 'ioam:action-encapsulate')";
type uint32; type uint32;
units bytes; units "bytes";
description description
"This field specifies the maximum length of the node data "This field specifies the maximum length of the node data
list in octets. The max-length is only defined at the list in octets. 'max-length' is only defined at the
encapsulation node."; encapsulation node.";
} }
} }
grouping ioam-incremental-tracing-profile { grouping ioam-incremental-tracing-profile {
description description
"A grouping for incremental tracing profile."; "A grouping for the Incremental Tracing Profile.";
leaf node-action { leaf node-action {
type ioam-node-action; type ioam-node-action;
default action-transit; default "action-transit";
description description
"This object indicates the action the node need to "This object indicates the action the node needs to
take, e.g. encapsulation."; take, e.g., encapsulation.";
} }
uses encap-tracing { uses encap-tracing {
when "derived-from-or-self(node-action, when "derived-from-or-self(node-action,
'ioam:action-encapsulate')"; 'ioam:action-encapsulate')";
} }
} }
grouping ioam-preallocated-tracing-profile { grouping ioam-preallocated-tracing-profile {
description description
"A grouping for pre-allocated tracing profile."; "A grouping for the Pre-allocated Tracing Profile.";
leaf node-action { leaf node-action {
type ioam-node-action; type ioam-node-action;
default action-transit; default "action-transit";
description description
"This object indicates the action the node need to "This object indicates the action the node needs to
take, e.g. encapsulation."; take, e.g., encapsulation.";
} }
uses encap-tracing { uses encap-tracing {
when "derived-from-or-self(node-action, when "derived-from-or-self(node-action,
'ioam:action-encapsulate')"; 'ioam:action-encapsulate')";
} }
} }
grouping ioam-direct-export-profile { grouping ioam-direct-export-profile {
description description
"A grouping for direct export profile."; "A grouping for the Direct Export Profile.";
leaf node-action { leaf node-action {
type ioam-node-action; type ioam-node-action;
default action-transit; default "action-transit";
description description
"This object indicates the action the node need to "This object indicates the action the node needs to
take, e.g. encapsulation."; take, e.g., encapsulation.";
} }
uses encap-tracing { uses encap-tracing {
when "derived-from-or-self(node-action, when "derived-from-or-self(node-action,
'ioam:action-encapsulate')"; 'ioam:action-encapsulate')";
} }
leaf flow-id { leaf flow-id {
when "derived-from-or-self(../node-action, when "derived-from-or-self(../node-action,
'ioam:action-encapsulate')"; 'ioam:action-encapsulate')";
type uint32; type uint32;
description description
"A 32-bit flow identifier. The field is set at the "A 32-bit flow identifier. The field is set at the
encapsulating node. The Flow ID can be uniformly assigned encapsulating node. The Flow ID can be uniformly
by a central controller or algorithmically generated by the assigned by a central controller or algorithmically
encapsulating node. The latter approach cannot guarantee generated by the encapsulating node. The latter approach
the uniqueness of Flow ID, yet the conflict probability is cannot guarantee the uniqueness of the Flow ID, yet the
small due to the large Flow ID space. flow-id is used to probability of conflict is small due to the large Flow ID
correlate the exported data of the same flow from multiple space. 'flow-id' is used to correlate the exported data
nodes and from multiple packets."; of the same flow from multiple nodes and from multiple
packets.";
} }
leaf enable-sequence-number { leaf enable-sequence-number {
when "derived-from-or-self(../node-action, when "derived-from-or-self(../node-action,
'ioam:action-encapsulate')"; 'ioam:action-encapsulate')";
type boolean; type boolean;
default false; default "false";
description description
"This boolean value indicates whether the sequence number is "This boolean value indicates whether the sequence number
used in the direct export option 32-bit flow identifier. If is used in the Direct Export Option's 32-bit flow
this value is true, the sequence number is used. By default, identifier. If this value is set to 'true', the sequence
it's turned off."; number is used. It is turned off by default.";
} }
} }
grouping ioam-e2e-profile { grouping ioam-e2e-profile {
description description
"A grouping for edge-to-edge profile."; "A grouping for the Edge-to-Edge Profile.";
leaf node-action { leaf node-action {
type ioam-node-action; type ioam-node-action;
default action-transit; default "action-transit";
description description
"This object indicates the action the node need to "This object indicates the action the node needs to
take, e.g. encapsulation."; take, e.g., encapsulation.";
} }
container e2e-types { container e2e-types {
when "derived-from-or-self(../node-action, when "derived-from-or-self(../node-action,
'ioam:action-encapsulate')"; 'ioam:action-encapsulate')";
description description
"It indicates the list of edge-to-edge types for "This container provides the list of edge-to-edge types
encapsulation."; for encapsulation.";
leaf use-namespace { leaf use-namespace {
type ioam-namespace; type ioam-namespace;
default default-namespace; default "default-namespace";
description description
"It indicates the name space used for encapsulation."; "This object indicates the namespace used for
encapsulation.";
} }
leaf-list e2e-type { leaf-list e2e-type {
type ioam-e2e-type; type ioam-e2e-type;
description description
"The edge-to-edge type is only defined at the encapsulation "The edge-to-edge type is only defined at the
node."; encapsulation node.";
} }
} }
} }
grouping ioam-admin-config { grouping ioam-admin-config {
description description
"IOAM top-level administrative configuration."; "IOAM top-level administrative configuration.";
leaf enabled { leaf enabled {
type boolean; type boolean;
default false; default "false";
description description
"This object is to control the availability of configuration. "This object is used to control the availability of
It MUST be true before anything in the configuration. It MUST be set to 'true' before anything
/ioam/profiles/profile subtree can be edited. in the /ioam/profiles/profile subtree can be edited.
If false, any configuration in place is not used."; If 'false', any configuration in place is not used.";
} }
} }
/* /*
* DATA NODES * DATA NODES
*/ */
container ioam { container ioam {
description "IOAM top level container"; description
"IOAM top-level container.";
container info { container info {
config false; config false;
description description
"Describes information such as units or timestamp format that "Describes information, such as units or timestamp format,
assists monitoring systems in the interpretation of the IOAM that assists monitoring systems in the interpretation of
data."; the IOAM data.";
leaf timestamp-type { leaf timestamp-type {
type identityref { type identityref {
base lime:timestamp-type; base lime:timestamp-type;
} }
description description
"Type of timestamp, such as Truncated PTP or NTP."; "Type of timestamp, such as Truncated PTP (Precision
Time Protocol) or NTP.";
} }
list available-interface { list available-interface {
key "if-name"; key "if-name";
description description
"A list of available interfaces that support IOAM."; "A list of available interfaces that support IOAM.";
leaf if-name { leaf if-name {
type if:interface-ref; type if:interface-ref;
description "This is a reference to the Interface name."; description
"This is a reference to the interface name.";
} }
} }
} }
container admin-config { container admin-config {
description description
"Contains all the administrative configurations related to "Contains all the administrative configurations related to
the IOAM functionalities and all the IOAM profiles."; the IOAM functionalities and all the IOAM profiles.";
uses ioam-admin-config; uses ioam-admin-config;
} }
container profiles { container profiles {
description description
"Contains a list of IOAM profiles."; "Contains a list of IOAM profiles.";
list profile { list profile {
key "profile-name"; key "profile-name";
description description
"A list of IOAM profiles that configured on the node. "A list of IOAM profiles that are configured on the
There is no mandatory type of profile (e.g., node. There is no mandatory type of profile (e.g.,
incremental-trace, preallocated-trace.) in the list. 'incremental-trace', 'preallocated-trace') in the list.
But at least one profile should be added."; But at least one profile should be added.";
leaf profile-name { leaf profile-name {
type string{ type string {
length "1..300"; length "1..300";
} }
description description
"Unique identifier for each IOAM profile."; "Unique identifier for each IOAM profile.";
} }
container filter { container filter {
uses ioam-filter; uses ioam-filter;
description description
"The filter which is used to indicate the flow to apply "The filter that is used to indicate the flow to apply
IOAM."; IOAM.";
} }
leaf protocol-type { leaf protocol-type {
type ioam-protocol-type; type ioam-protocol-type;
description description
"This item is used to indicate the carrier protocol where "This object is used to indicate the carrier protocol
the IOAM is applied."; where IOAM is applied.";
} }
container incremental-tracing-profile { container incremental-tracing-profile {
if-feature incremental-trace; if-feature "incremental-trace";
presence "Enables incremental tracing option."; presence "Enables the Incremental Trace-Option.";
description description
"It describes the profile for incremental tracing "This container describes the profile for the
option."; Incremental Trace-Option.";
uses ioam-incremental-tracing-profile; uses ioam-incremental-tracing-profile;
} }
container preallocated-tracing-profile { container preallocated-tracing-profile {
if-feature preallocated-trace; if-feature "preallocated-trace";
presence "Enables preallocated tracing option."; presence "Enables the Pre-allocated Trace-Option.";
description description
"It describes the profile for preallocated tracing "This container describes the profile for the
option."; Pre-allocated Trace-Option.";
uses ioam-preallocated-tracing-profile; uses ioam-preallocated-tracing-profile;
} }
container direct-export-profile { container direct-export-profile {
if-feature direct-export; if-feature "direct-export";
presence "Enables direct-export option."; presence "Enables the Direct Export Option.";
description description
"It describes the profile for direct-export option"; "This container describes the profile for the
Direct Export Option.";
uses ioam-direct-export-profile; uses ioam-direct-export-profile;
} }
container pot-profile { container pot-profile {
if-feature proof-of-transit; if-feature "proof-of-transit";
presence "Enables Proof of Transit option."; presence "Enables the Proof of Transit Option.";
description description
"It describes the profile for PoT option."; "This container describes the profile for the
Proof of Transit Option.";
leaf use-namespace { leaf use-namespace {
type ioam-namespace; type ioam-namespace;
default default-namespace; default "default-namespace";
description description
"It indicates the namespace used for the POT types."; "This object indicates the namespace used for the
POT types.";
} }
leaf pot-type { leaf pot-type {
type ioam-pot-type; type ioam-pot-type;
description description
"The type of a particular POT variant that specifies "The type of a particular POT variant that specifies
the POT data that is included."; the POT data that is included.";
} }
} }
container e2e-profile { container e2e-profile {
if-feature edge-to-edge; if-feature "edge-to-edge";
presence "Enables edge-to-edge option."; presence "Enables the Edge-to-Edge Option.";
description description
"It describes the profile for edge-to-edge option."; "This container describes the profile for the
Edge-to-Edge Option.";
uses ioam-e2e-profile; uses ioam-e2e-profile;
} }
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
5. Security Considerations 5. Security Considerations
skipping to change at page 22, line 46 skipping to change at line 1053
RESTCONF protocol operations and content. RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config) in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability: and their sensitivity/vulnerability:
* /ioam/admin-config: The items in the container above include the /ioam/admin-config: The items in the "admin-config" container above
top level administrative configurations related to the IOAM include the top-level administrative configurations related to the
functionalities and all the IOAM profiles. Unexpected changes to IOAM functionalities and all the IOAM profiles. Unexpected
these items could lead to the IOAM function disruption and/or changes to these items could lead to disruption of IOAM functions
misbehavior of all the IOAM profiles. and/or misbehaving IOAM profiles.
* /ioam/profiles/profile: The entries in the list above include the /ioam/profiles/profile: The entries in the "profile" list above
whole IOAM profile configurations. Unexpected changes to these include the whole IOAM profile configurations. Unexpected changes
entries could lead to the mistake of the IOAM behavior for the to these entries could lead to incorrect IOAM behavior for the
corresponding flows. Consequently, it will impact the performance corresponding flows. Consequently, such changes would impact
monitoring, data analytics, and the associated reaction to network performance monitoring, data analytics, and associated
services. interactions with network services.
Some readable data nodes in these YANG modules may be considered Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability: nodes and their sensitivity/vulnerability:
* /ioam/profiles/profile: The information contained in this subtree /ioam/profiles/profile: The information contained in this subtree
might give information about the services deployed for the might reveal information about the services deployed for
customers.For instance, a customer might be given access to customers. For instance, a customer might be given access to
monitor their services status. In that example, the customer monitor the status of their services. In this scenario, the
access should be restricted to nodes representing their services customer's access should be restricted to nodes representing their
so as not to divulge information about the underlying network services so as not to divulge information about the underlying
structure or services. network structure or services.
6. IANA Considerations 6. IANA Considerations
RFC Ed.: In this section, replace all occurrences of 'XXXX' with the IANA has registered the following URI in the "IETF XML Registry"
actual RFC number (and remove this note). [RFC3688]:
IANA is requested to assign a new URI from the IETF XML Registry
[RFC3688]. The following URI is suggested:
URI: urn:ietf:params:xml:ns:yang:ietf-ioam
Registrant Contact: The IESG.
XML: N/A; the requested URI is an XML namespace.
This document also requests a new YANG module name in the YANG Module
Names registry [RFC7950] with the following suggestion:
name: ietf-ioam URI: urn:ietf:params:xml:ns:yang:ietf-ioam
namespace: urn:ietf:params:xml:ns:yang:ietf-ioam Registrant Contact: The IESG.
prefix: ioam XML: N/A; the requested URI is an XML namespace.
reference: RFC XXXX
7. Acknowledgements IANA has registered the following YANG module in the "YANG Module
Names" registry [RFC6020]:
For their valuable comments, discussions, and feedback, we wish to Name: ietf-ioam
acknowledge Greg Mirsky, Reshad Rahman, Tom Petch, Mickey Spiegel, Namespace: urn:ietf:params:xml:ns:yang:ietf-ioam
Thomas Graf, Alex Huang Feng and Justin Iurman. Prefix: ioam
Reference: RFC 9617
8. Normative References 7. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>. <https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>. <https://www.rfc-editor.org/info/rfc6242>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
skipping to change at page 26, line 5 skipping to change at line 1189
[RFC9452] Brockners, F., Ed. and S. Bhandari, Ed., "Network Service [RFC9452] Brockners, F., Ed. and S. Bhandari, Ed., "Network Service
Header (NSH) Encapsulation for In Situ OAM (IOAM) Data", Header (NSH) Encapsulation for In Situ OAM (IOAM) Data",
RFC 9452, DOI 10.17487/RFC9452, August 2023, RFC 9452, DOI 10.17487/RFC9452, August 2023,
<https://www.rfc-editor.org/info/rfc9452>. <https://www.rfc-editor.org/info/rfc9452>.
[RFC9486] Bhandari, S., Ed. and F. Brockners, Ed., "IPv6 Options for [RFC9486] Bhandari, S., Ed. and F. Brockners, Ed., "IPv6 Options for
In Situ Operations, Administration, and Maintenance In Situ Operations, Administration, and Maintenance
(IOAM)", RFC 9486, DOI 10.17487/RFC9486, September 2023, (IOAM)", RFC 9486, DOI 10.17487/RFC9486, September 2023,
<https://www.rfc-editor.org/info/rfc9486>. <https://www.rfc-editor.org/info/rfc9486>.
Appendix A. An Example of Incremental Tracing Profile [W3C.REC-xml11-20060816]
Bray, T., Paoli, J., Sperberg-McQueen, C. M., Maler, E.,
Yergeau, F., and J. Cowan, "Extensible Markup Language
(XML) 1.1 (Second Edition)", W3C Consortium Recommendation
REC-xml11-20060816, August 2006,
<https://www.w3.org/TR/2006/REC-xml11-20060816>.
An example of incremental tracing profile is depicted in the Appendix A. An Example of the Incremental Tracing Profile
following figure. This configuration is received by an IOAM ingress
node. This node encapsulates the IOAM data in IPv6 Hop-by-Hop option An XML example (per [W3C.REC-xml11-20060816]) of the Incremental
header. The trace type indicates that each on path node need to Tracing Profile is depicted in the following figure. This
capture the transit delay, and add to the IOAM node data list. The configuration is received by an IOAM ingress node. This node
incremental tracing data space is variable, however, the node data encapsulates the IOAM data in the IPv6 Hop-by-Hop option header. The
trace type indicates that each on-path node needs to capture the
transit delay and add the data to the IOAM node data list. The
incremental tracing data space is variable; however, the node data
list must not exceed 512 bytes. list must not exceed 512 bytes.
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
<edit-config> message-id="101">
<target> <edit-config>
<candidate/> <target>
</target> <candidate/>
<config> </target>
<ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam"> <config>
<admin-config> <ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam">
<enabled>true</enabled> <admin-config>
</admin-config> <enabled>true</enabled>
<profiles> </admin-config>
<profile> <profiles>
<profile-name>ietf-test-profile</profile-name> <profile>
<protocol-type>ipv6</protocol-type> <profile-name>ietf-test-profile</profile-name>
<incremental-tracing-profile> <protocol-type>ipv6</protocol-type>
<node-action>action-encapsulate</node-action> <incremental-tracing-profile>
<trace-types> <node-action>action-encapsulate</node-action>
<use-namespace>default-namespace</use-namespace> <trace-types>
<trace-type>trace-transit-delay</trace-type> <use-namespace>default-namespace</use-namespace>
</trace-types> <trace-type>trace-transit-delay</trace-type>
<max-length>512</max-length> </trace-types>
</incremental-tracing-profile> <max-length>512</max-length>
</profile> </incremental-tracing-profile>
</profiles> </profile>
</ioam> </profiles>
</config> </ioam>
</edit-config> </config>
</rpc> </edit-config>
</rpc>
Appendix B. An Example of Pre-allocated Tracing Profile Appendix B. An Example of the Pre-allocated Tracing Profile
An example of pre-allocated tracing profile is depicted in the An example of the Pre-allocated Tracing Profile is depicted in the
following figure. This configuration is received by an IOAM ingress following figure. This configuration is received by an IOAM ingress
node. This node firstly identifies the target flow by using ACL node. This node first identifies the target flow by using the ACL
"test-acl", and then encapsulates the IOAM data in the NSH header. parameter "test-acl" and then encapsulates the IOAM data in the NSH.
The trace type indicates that each on path node need to capture the The trace type indicates that each on-path node needs to capture the
name space specific data in the short format, and add to the IOAM namespace-specific data in short format and add the data to the IOAM
node data list. This node preallocates the node data list in the node data list. This node pre-allocates the node data list in the
packect with 512 bytes. packet with 512 bytes.
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
<edit-config> message-id="101">
<target> <edit-config>
<candidate/> <target>
</target> <candidate/>
<config> </target>
<ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam"> <config>
<admin-config> <ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam">
<enabled>true</enabled> <admin-config>
</admin-config> <enabled>true</enabled>
<profiles> </admin-config>
<profile> <profiles>
<profile-name>ietf-test-profile</profile-name> <profile>
<filter> <profile-name>ietf-test-profile</profile-name>
<filter-type>acl-filter</filter-type> <filter>
<ace-name>test-acl</ace-name> <filter-type>acl-filter</filter-type>
</filter> <ace-name>test-acl</ace-name>
<protocol-type>nsh</protocol-type> </filter>
<preallocated-tracing-profile> <protocol-type>nsh</protocol-type>
<node-action>action-encapsulate</node-action> <preallocated-tracing-profile>
<trace-types> <node-action>action-encapsulate</node-action>
<use-namespace>default-namespace</use-namespace> <trace-types>
<trace-type>trace-namespace-data</trace-type> <use-namespace>default-namespace</use-namespace>
</trace-types> <trace-type>trace-namespace-data</trace-type>
<max-length>512</max-length> </trace-types>
</preallocated-tracing-profile> <max-length>512</max-length>
</profile> </preallocated-tracing-profile>
</profiles> </profile>
</ioam> </profiles>
</config> </ioam>
</edit-config> </config>
</rpc> </edit-config>
</rpc>
Appendix C. An Example of Direct Export Profile Appendix C. An Example of the Direct Export Profile
An example of direct export profile is depicted in the following An example of the Direct Export Profile is depicted in the following
figure. This configuration is received by an IOAM egress node. This figure. This configuration is received by an IOAM egress node. This
node detects the IOAM direct export option in the IPv6 extension node detects the IOAM Direct Export Option in the IPv6 extension
header, and removes the option to clean all the IOAM data. header and removes the option to clean all the IOAM data.
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
<edit-config> message-id="101">
<target> <edit-config>
<candidate/> <target>
</target> <candidate/>
<config> </target>
<ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam"> <config>
<admin-config> <ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam">
<enabled>true</enabled> <admin-config>
</admin-config> <enabled>true</enabled>
<profiles> </admin-config>
<profile> <profiles>
<profile-name>ietf-test-profile</profile-name> <profile>
<protocol-type>ipv6</protocol-type> <profile-name>ietf-test-profile</profile-name>
<direct-export-profile> <protocol-type>ipv6</protocol-type>
<node-action>action-decapsulate</node-action> <direct-export-profile>
</direct-export-profile> <node-action>action-decapsulate</node-action>
</profile> </direct-export-profile>
</profiles> </profile>
</ioam> </profiles>
</config> </ioam>
</edit-config> </config>
</rpc> </edit-config>
</rpc>
Appendix D. An Example of Proof of Transit Profile Appendix D. An Example of the Proof of Transit Profile
The following figure is a simple example of POT option. This A simple example of the Proof of Transit Profile is depicted in the
configuration indicates the node to apply POT type 0 with IPv6 following figure. This configuration indicates the node to apply POT
encapsulation. type 0 with IPv6 encapsulation.
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
<edit-config> message-id="101">
<target> <edit-config>
<candidate/> <target>
</target> <candidate/>
<config> </target>
<ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam"> <config>
<admin-config> <ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam">
<enabled>true</enabled> <admin-config>
</admin-config> <enabled>true</enabled>
<profiles> </admin-config>
<profile> <profiles>
<profile-name>ietf-test-profile</profile-name> <profile>
<protocol-type>ipv6</protocol-type> <profile-name>ietf-test-profile</profile-name>
<pot-profile> <protocol-type>ipv6</protocol-type>
<pot-type>pot-type-0</pot-type> <pot-profile>
</pot-profile> <pot-type>pot-type-0</pot-type>
</profile> </pot-profile>
</profiles> </profile>
</ioam> </profiles>
</config> </ioam>
</edit-config> </config>
</rpc> </edit-config>
</rpc>
Appendix E. An Example of Edge-to-Edge Profile Appendix E. An Example of the Edge-to-Edge Profile
The following figure shows an example of edge-to-edge option. This An example of the Edge-to-Edge Profile is depicted in the following
configuration is received by an IOAM egress node. This node detects figure. This configuration is received by an IOAM egress node. This
the IOAM edge-to-edge option in the IPv6 extension header, and node detects the IOAM Edge-to-Edge Option in the IPv6 extension
removes the option to clean all the IOAM data. As the IOAM egress header and removes the option to clean all the IOAM data. As the
node, it may collect the edge-to-edge data and deliver to the data IOAM egress node, it may collect the edge-to-edge data and deliver it
exporting process. to the data-exporting process.
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101"> <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
<edit-config> message-id="101">
<target> <edit-config>
<candidate/> <target>
</target> <candidate/>
<config> </target>
<ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam"> <config>
<admin-config> <ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam">
<enabled>true</enabled> <admin-config>
</admin-config> <enabled>true</enabled>
<profiles> </admin-config>
<profile> <profiles>
<profile-name>ietf-test-profile</profile-name> <profile>
<protocol-type>ipv6</protocol-type> <profile-name>ietf-test-profile</profile-name>
<e2e-profile> <protocol-type>ipv6</protocol-type>
<node-action>action-decapsulate</node-action> <e2e-profile>
</e2e-profile> <node-action>action-decapsulate</node-action>
</profile> </e2e-profile>
</profiles> </profile>
</ioam> </profiles>
</config> </ioam>
</edit-config> </config>
</rpc> </edit-config>
</rpc>
Acknowledgements
For their valuable comments, discussions, and feedback, we wish to
acknowledge Greg Mirsky, Reshad Rahman, Tom Petch, Mickey Spiegel,
Thomas Graf, Alex Huang Feng, and Justin Iurman.
Authors' Addresses Authors' Addresses
Tianran Zhou Tianran Zhou (editor)
Huawei Huawei
156 Beiqing Rd. 156 Beiqing Rd.
Beijing Beijing
100095 100095
China China
Email: zhoutianran@huawei.com Email: zhoutianran@huawei.com
Jim Guichard Jim Guichard
Futurewei Futurewei
United States of America United States of America
Email: james.n.guichard@futurewei.com Email: james.n.guichard@futurewei.com
Frank Brockners Frank Brockners
Cisco Systems Cisco Systems
Hansaallee 249, 3rd Floor Hansaallee 249, 3rd Floor
40549 Duesseldorf 40549 Düsseldorf, Nordrhein-Westfalen
Germany Germany
Email: fbrockne@cisco.com Email: fbrockne@cisco.com
Srihari Raghavan Srihari Raghavan
Cisco Systems Cisco Systems
Tril Infopark Sez, Ramanujan IT City Tril Infopark Sez, Ramanujan IT City
Neville Block, 2nd floor, Old Mahabalipuram Road Neville Block, 2nd floor, Old Mahabalipuram Road
Chennai 600113 Chennai 600113
Tamil Nadu Tamil Nadu
India India
Email: srihari@cisco.com Email: srihari@cisco.com
 End of changes. 228 change blocks. 
611 lines changed or deleted 642 lines changed or added

This html diff was produced by rfcdiff 1.48.