rfc9181.original   rfc9181.txt 
opsawg S. Barguil Internet Engineering Task Force (IETF) S. Barguil
Internet-Draft O. Gonzalez de Dios, Ed. Request for Comments: 9181 O. Gonzalez de Dios, Ed.
Intended status: Standards Track Telefonica Category: Standards Track Telefonica
Expires: 2 April 2022 M. Boucadair, Ed. ISSN: 2070-1721 M. Boucadair, Ed.
Orange Orange
Q. Wu Q. Wu
Huawei Huawei
29 September 2021 February 2022
A Layer 2/3 VPN Common YANG Model A Common YANG Data Model for Layer 2 and Layer 3 VPNs
draft-ietf-opsawg-vpn-common-12
Abstract Abstract
This document defines a common YANG module that is meant to be reused This document defines a common YANG module that is meant to be reused
by various VPN-related modules such as Layer 3 VPN and Layer 2 VPN by various VPN-related modules such as Layer 3 VPN and Layer 2 VPN
network models. network models.
Editorial Note (To be removed by RFC Editor)
Please update these statements within the document with the RFC
number to be assigned to this document:
* "This version of this YANG module is part of RFC XXXX;"
* "RFC XXXX: A Layer 2/3 VPN Common YANG Model";
* reference: RFC XXXX
Also, please update the "revision" date of the YANG module.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 2 April 2022. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9181.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Simplified BSD License text to this document. Code Components extracted from this document must
as described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Simplified BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology
3. Description of the VPN Common YANG Module . . . . . . . . . . 3 3. Description of the VPN Common YANG Module
4. Layer 2/3 VPN Common Module . . . . . . . . . . . . . . . . . 13 4. Layer 2/3 VPN Common Module
5. Security Considerations . . . . . . . . . . . . . . . . . . . 59 5. Security Considerations
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60 6. IANA Considerations
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 60 7. References
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 61 7.1. Normative References
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 61 7.2. Informative References
9.1. Normative References . . . . . . . . . . . . . . . . . . 61
9.2. Informative References . . . . . . . . . . . . . . . . . 62
Appendix A. Example of Common Data Nodes in Early L2NM/L3NM Appendix A. Example of Common Data Nodes in Early L2NM/L3NM
Designs . . . . . . . . . . . . . . . . . . . . . . . . . 69 Designs
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 69 Acknowledgements
Contributors
Authors' Addresses
1. Introduction 1. Introduction
The IETF has specified YANG data modules for VPN services, e.g., The IETF has specified YANG modules for VPN services, e.g., the Layer
Layer 3 VPN Service Model (L3SM) [RFC8299] or Layer 2 VPN Service 3 VPN Service Model (L3SM) [RFC8299] or the Layer 2 VPN Service Model
Model (L2SM) [RFC8466]. Other relevant YANG models are the Layer 3 (L2SM) [RFC8466]. Other relevant YANG data models are the Layer 3
VPN Network Model (L3NM) [I-D.ietf-opsawg-l3sm-l3nm] and the Layer 2 VPN Network Model (L3NM) [RFC9182] and the Layer 2 VPN Network Model
VPN Network Model (L2NM) [I-D.ietf-opsawg-l2nm]. There are common (L2NM) [L2NM-YANG]. There are common data nodes and structures that
data nodes and structures that are present in all of these models or are present in all of these models or at least a subset of them.
at least a subset of them.
This document defines a common YANG module that is meant to be reused This document defines a common YANG module that is meant to be reused
by various VPN-related modules such as L3NM by various VPN-related modules such as the L3NM [RFC9182] and the
[I-D.ietf-opsawg-l3sm-l3nm] and L2NM [I-D.ietf-opsawg-l2nm]: "ietf- L2NM [L2NM-YANG]: "ietf-vpn-common" (Section 4).
vpn-common" (Section 4).
The "ietf-vpn-common" module includes a set of identities, types, and The "ietf-vpn-common" module includes a set of identities, types, and
groupings that are meant to be reused by other VPN-related YANG groupings that are meant to be reused by other VPN-related YANG
modules independently of their layer (e.g., Layer 2, Layer 3) and the modules independently of their layer (e.g., Layer 2, Layer 3) and the
type of the module (e.g., network model, service model) including type of the module (e.g., network model, service model), including
possible future revisions of existing models (e.g., L3SM [RFC8299] or possible future revisions of existing models (e.g., the L3SM
L2SM [RFC8466]). [RFC8299] or the L2SM [RFC8466]).
2. Terminology 2. Terminology
The terminology for describing YANG modules is defined in [RFC7950]. The terminology for describing YANG modules is defined in [RFC7950].
The meaning of the symbols in tree diagrams is defined in [RFC8340]. The meanings of the symbols in tree diagrams are defined in
[RFC8340].
The reader may refer to [RFC4026] and [RFC4176] for VPN-related The reader may refer to [RFC4026] and [RFC4176] for VPN-related
terms. terms.
The document inherits many terms from [RFC8299] and [RFC8466] (e.g., This document inherits many terms from [RFC8299] and [RFC8466] (e.g.,
Enhanced Mobile Broadband (eMBB), Ultra-Reliable and Low Latency Enhanced Mobile Broadband (eMBB), Ultra-Reliable and Low Latency
Communications (URLLC), Massive Machine Type Communications (mMTC)). Communications (URLLC), Massive Machine Type Communications (mMTC)).
3. Description of the VPN Common YANG Module 3. Description of the VPN Common YANG Module
The "ietf-vpn-common" module defines a set of common VPN-related The "ietf-vpn-common" module defines a set of common VPN-related
features, including: features, including the following:
Encapsulation features such as: Encapsulation features, such as the following:
* Dot1q [IEEE802.1Q], * dot1Q [IEEE802.1Q],
* QinQ [IEEE802.1ad], * QinQ [IEEE802.1ad],
* link aggregation [IEEE802.1AX], and * link aggregation [IEEE802.1AX], and
* Virtual eXtensible Local Area Network (VXLAN) [RFC7348]. * Virtual eXtensible Local Area Networks (VXLANs) [RFC7348].
Multicast [RFC6513]. Multicast [RFC6513].
Routing features such as: Routing features, such as the following:
* BGP [RFC4271], * BGP [RFC4271],
* OSPF [RFC4577][RFC6565], * OSPF [RFC4577] [RFC6565],
* IS-IS [ISO10589], * IS-IS [ISO10589],
* RIP [RFC2080][RFC2453], * RIP [RFC2080] [RFC2453],
* Bidirectional Forwarding Detection (BFD) [RFC5880][RFC7880], * Bidirectional Forwarding Detection (BFD) [RFC5880] [RFC7880],
and and
* Virtual Router Redundancy Protocol (VRRP) [RFC5798]. * Virtual Router Redundancy Protocol (VRRP) [RFC5798].
Also, the module defines a set of identities, including: Also, the module defines a set of identities, including the
following:
'service-type': Used to identify the VPN service type. Examples of 'service-type': Used to identify the VPN service type. Examples of
supported service types are: supported service types are as follows:
* L3VPN, * L3VPN,
* Virtual Private LAN Service (VPLS) using BGP [RFC4761], * Virtual Private LAN Service (VPLS) using BGP [RFC4761],
* VPLS using Label Distribution Protocol (LDP) [RFC4762], * VPLS using the Label Distribution Protocol (LDP) [RFC4762],
* Virtual Private Wire Service (VPWS) [RFC8214], * Virtual Private Wire Service (VPWS) [RFC8214],
* BGP MPLS-Based Ethernet VPN [RFC7432], * BGP MPLS-Based Ethernet VPN [RFC7432],
* Ethernet VPN (EVPN) [RFC8365], and * Ethernet VPN (EVPN) [RFC8365], and
* Provider Backbone Bridging Combined with Ethernet VPN * Provider Backbone Bridging Combined with Ethernet VPN
(PBB-EVPN) [RFC7623]. (PBB-EVPN) [RFC7623].
'vpn-signaling-type': Used to identify the signaling mode used for a 'vpn-signaling-type': Used to identify the signaling mode used for a
given service type. Examples of supported VPN signaling types given service type. Examples of supported VPN signaling types are
are: as follows:
* L2VPNs using BGP [RFC6624]. * L2VPNs using BGP [RFC6624],
* LDP [RFC5036], and * LDP [RFC5036], and
* Layer Two Tunneling Protocol (L2TP) [RFC3931]. * Layer Two Tunneling Protocol (L2TP) [RFC3931].
The module covers both IPv4 [RFC0791] and IPv6 [RFC8200] identities. The module covers both IPv4 [RFC0791] and IPv6 [RFC8200] identities.
It also includes multicast related identities such as Internet Group It also includes multicast-related identities such as Internet Group
Management Protocol version 1 (IGMPv1) [RFC1112], IGMPv2 [RFC2236], Management Protocol version 1 (IGMPv1) [RFC1112], IGMPv2 [RFC2236],
IGMPv3 [RFC3376], Multicast Listener Discovery version 1 (MLDv1) IGMPv3 [RFC3376], Multicast Listener Discovery version 1 (MLDv1)
[RFC2710], MLDv2 [RFC3810], and Protocol Independent Multicast (PIM) [RFC2710], MLDv2 [RFC3810], and Protocol Independent Multicast (PIM)
[RFC7761]. [RFC7761].
The reader should refer to Section 4 for the full list of supported The reader should refer to Section 4 for the full list of supported
identities (identities related to address families, VPN topologies, identities (identities related to address families, VPN topologies,
network access types, operational and administrative status, site or network access types, operational and administrative status, site or
node roles, VPN service constraints, routing protocols, routes node role, VPN service constraints, routing protocols, route import
imports and exports, bandwidth and Quality of Service (QoS), etc.). and export policies, bandwidth, Quality of Service (QoS), etc.).
The "ietf-vpn-common" module also contains a set of reusable VPN- The "ietf-vpn-common" module also contains a set of reusable VPN-
related groupings. The tree diagram of the "ietf-vpn-common" module related groupings. Figure 1 provides the tree diagram that depicts
that depicts the common groupings is provided in Figure 1. the common groupings for the "ietf-vpn-common" module.
module: ietf-vpn-common
grouping vpn-description
+-- vpn-id? vpn-id
+-- vpn-name? string
+-- vpn-description? string
+-- customer-name? string
grouping vpn-profile-cfg
+-- valid-provider-identifiers
+-- external-connectivity-identifier* [id]
| {external-connectivity}?
| +-- id string
+-- encryption-profile-identifier* [id]
| +-- id string
+-- qos-profile-identifier* [id]
| +-- id string
+-- bfd-profile-identifier* [id]
| +-- id string
+-- forwarding-profile-identifier* [id]
| +-- id string
+-- routing-profile-identifier* [id]
+-- id string
grouping oper-status-timestamp
+--ro status? identityref
+--ro last-change? yang:date-and-time
grouping service-status
+-- status
+-- admin-status
| +-- status? identityref
| +-- last-change? yang:date-and-time
+-- oper-status
+--ro status? identityref
+--ro last-change? yang:date-and-time
grouping underlay-transport
+-- (type)?
+--:(abstract)
| +-- transport-instance-id? string
+--:(protocol)
+-- protocol* identityref
grouping vpn-route-targets
+-- vpn-target* [id]
| +-- id uint8
| +-- route-targets* [route-target]
| | +-- route-target rt-types:route-target
| +-- route-target-type rt-types:route-target-type
+-- vpn-policies
+-- import-policy? string
+-- export-policy? string
grouping route-distinguisher module: ietf-vpn-common
... grouping vpn-description:
grouping vpn-components-group +-- vpn-id? vpn-id
+-- groups +-- vpn-name? string
+-- group* [group-id] +-- vpn-description? string
+-- group-id string +-- customer-name? string
grouping placement-constraints grouping vpn-profile-cfg:
+-- constraint* [constraint-type] +-- valid-provider-identifiers
+-- constraint-type? identityref +-- external-connectivity-identifier* [id]
+-- target | {external-connectivity}?
+-- (target-flavor)? | +-- id string
+--:(id) +-- encryption-profile-identifier* [id]
| +-- group* [group-id] | +-- id string
| +-- group-id string +-- qos-profile-identifier* [id]
+--:(all-accesses) | +-- id string
| +-- all-other-accesses? empty +-- bfd-profile-identifier* [id]
+--:(all-groups) | +-- id string
+-- all-other-groups? empty +-- forwarding-profile-identifier* [id]
grouping ports | +-- id string
... +-- routing-profile-identifier* [id]
grouping qos-classification-policy +-- id string
... grouping oper-status-timestamp:
+--ro status? identityref
+--ro last-change? yang:date-and-time
grouping service-status:
+-- status
+-- admin-status
| +-- status? identityref
| +-- last-change? yang:date-and-time
+--ro oper-status
+--ro status? identityref
+--ro last-change? yang:date-and-time
grouping underlay-transport:
+-- (type)?
+--:(abstract)
| +-- transport-instance-id? string
| +-- instance-type? identityref
+--:(protocol)
+-- protocol* identityref
grouping vpn-route-targets:
+-- vpn-target* [id]
| +-- id uint8
| +-- route-targets* [route-target]
| | +-- route-target rt-types:route-target
| +-- route-target-type rt-types:route-target-type
+-- vpn-policies
+-- import-policy? string
+-- export-policy? string
grouping route-distinguisher:
...
grouping vpn-components-group:
+-- groups
+-- group* [group-id]
+-- group-id string
grouping placement-constraints:
+-- constraint* [constraint-type]
+-- constraint-type? identityref
+-- target
+-- (target-flavor)?
+--:(id)
| +-- group* [group-id]
| +-- group-id string
+--:(all-accesses)
| +-- all-other-accesses? empty
+--:(all-groups)
+-- all-other-groups? empty
grouping ports:
...
grouping qos-classification-policy:
...
Figure 1: VPN Common Tree Figure 1: VPN Common Tree
The description of the common groupings is provided below: The descriptions of the common groupings are provided below:
'vpn-description': 'vpn-description':
A YANG grouping that provides common administrative VPN A YANG grouping that provides common administrative VPN
information such as an identifier, a name, a textual information such as an identifier, a name, a textual description,
description, and a customer name. and a customer name.
'vpn-profile-cfg': 'vpn-profile-cfg':
A YANG grouping that defines a set of valid profiles A YANG grouping that defines a set of valid profiles (encryption,
(encryption, routing, forwarding, etc.) that can be bound to a routing, forwarding, etc.) that can be bound to a Layer 2/3 VPN.
Layer 2/3 VPN. This document does not make any assumption This document does not make any assumptions about the structure of
about the structure of such profiles, but allows "gluing" a VPN such profiles but allows "gluing" a VPN service with other
service with other parameters that can be required locally to parameters that can be required locally to provide value-added
provide added value features to requesting customers. features to requesting customers.
For example, a service provider may provide an external For example, a service provider may provide external connectivity
connectivity to a VPN customer (e.g., to a private or public to a VPN customer (e.g., to a private or public cloud, Internet).
cloud, Internet). Such service may involve tweaking both Such a service may involve tweaking both filtering and NAT rules
filtering and NAT rules (e.g., bind a Virtual Routing and (e.g., binding a Virtual Routing and Forwarding (VRF) interface
Forwarding (VRF) interface with a NAT instance as discussed in with a NAT instance as discussed in Section 2.10 of [RFC8512]).
Section 2.10 of [RFC8512]). These added value features may be These value-added features may be bound to all, or a subset of,
bound to all or a subset of network accesses. Some of these network accesses. Some of these value-added features may be
added value features may be implemented in nodes other than PEs implemented in nodes other than Provider Edges (PEs) (e.g., a P
(e.g., a P node or even a dedicated node that hosts the NAT node or even a dedicated node that hosts the NAT function).
function).
It is out of the scope of this document to elaborate the Elaborating on the structure of these profiles is beyond the scope
structure of these profiles. of this document.
'oper-status-timestamp': 'oper-status-timestamp':
A YANG grouping that defines the operational status updates of A YANG grouping that defines the operational status updates of a
a VPN service or component. VPN service or component.
'service-status': 'service-status':
A YANG grouping that defines the administrative and operational A YANG grouping that defines the administrative and operational
status of a component. The grouping can be applied to the status of a component. The grouping can be applied to the whole
whole service or an endpoint. service or an endpoint.
'underlay-transport': 'underlay-transport':
A YANG grouping that defines the type of the underlay transport A YANG grouping that defines the type of the underlay transport
for a VPN service or how that underlay is set. for a VPN service or how that underlay is set.
The underlay transport can be expressed as an abstract The underlay transport can be expressed as an abstract transport
transport instance (e.g., an identifier of a VPN+ instance instance (e.g., an identifier of a VPN+ instance
[I-D.ietf-teas-enhanced-vpn], a virtual network identifier [Enhanced-VPN-Framework], a virtual network identifier
[I-D.ietf-teas-actn-vn-yang][RFC8453], or a network slice name [ACTN-VN-YANG] [RFC8453], or a network slice name
[I-D.ietf-teas-ietf-network-slices]) or as an ordered list of [Network-Slices-Framework]) or as an ordered list of the actual
the actual protocols to be enabled in the network. protocols to be enabled in the network.
The module supports a rich set of protocol identifiers that can The module supports a rich set of protocol identifiers that can be
be used, e.g., to refer to an underlay transport. Examples of used, for example, to refer to an underlay transport. Examples of
supported protocols are: supported protocols are as follows:
- IP-in-IP [RFC2003][RFC2473], * IP in IP [RFC2003] [RFC2473],
- GRE [RFC1701][RFC1702][RFC7676], * Generic Routing Encapsulation (GRE) [RFC1701] [RFC1702]
[RFC7676],
- MPLS-in-UDP [RFC7510], * MPLS in UDP [RFC7510],
- Generic Network Virtualization Encapsulation (GENEVE) * Generic Network Virtualization Encapsulation (Geneve)
[RFC8926], [RFC8926],
- Segment Routing (SR) [RFC8660][RFC8663][RFC8754], * Segment Routing (SR) [RFC8660] [RFC8663] [RFC8754],
- Resource ReSerVation Protocol (RSVP) with traffic
engineering extensions [RFC3209], and
- BGP with labeled prefixes [RFC8277]. * Resource ReSerVation Protocol (RSVP) with traffic engineering
extensions [RFC3209], and
* BGP with labeled prefixes [RFC8277].
'vpn-route-targets': 'vpn-route-targets':
A YANG grouping that defines Route Target (RT) import/export A YANG grouping that defines Route Target (RT) import/export rules
rules used in a BGP-enabled VPN. This grouping can be used for used in a BGP-enabled VPN. This grouping can be used for both
both L3VPNs [RFC4364] and L2VPNs[RFC4664]. Note that this is L3VPNs [RFC4364] and L2VPNs [RFC4664]. Note that this is modeled
modelled as a list to ease the reuse of this grouping in as a list to ease the reuse of this grouping in modules where an
modules where an RT identifier is needed (e.g., associate an RT identifier is needed (e.g., associating an operator with RTs).
operator with RTs).
'route-distinguisher': 'route-distinguisher':
A YANG grouping that defines Route Distinguishers (RDs). A YANG grouping that defines Route Distinguishers (RDs).
As depicted in Figure 2, the module supports these RD As depicted in Figure 2, the module supports the following RD
assignment modes: direct assignment, automatic assignment from assignment modes: direct assignment, full automatic assignment,
a given pool, automatic assignment, and no assignment. automatic assignment from a given pool, and no assignment.
Also, the module accommodates deployments where only the Also, the module accommodates deployments where only the Assigned
Assigned Number subfield of RDs (Section 4.2 of [RFC4364]) is Number subfield of RDs (Section 4.2 of [RFC4364]) is assigned from
assigned from a pool while the Administrator subfield is set a pool while the Administrator subfield is set to, for example,
to, e.g., the router-id that is assigned to a VPN node. The the Router ID that is assigned to a VPN node. The module supports
module supports these modes for managing the Assigned Number three modes for managing the Assigned Number subfield: explicit
subfield: explicit assignment, auto-assignment from a pool, and assignment, automatic assignment from a given pool, and full
full auto-assignment. automatic assignment.
grouping route-distinguisher grouping route-distinguisher:
+-- (rd-choice)? +-- (rd-choice)?
+--:(directly-assigned) +--:(directly-assigned)
| +-- rd? rt-types:route-distinguisher | +-- rd? rt-types:route-distinguisher
+--:(directly-assigned-suffix) +--:(directly-assigned-suffix)
| +-- rd-suffix? uint16 | +-- rd-suffix? uint16
+--:(auto-assigned) +--:(auto-assigned)
| +-- rd-auto | +-- rd-auto
| +-- (auto-mode)? | +-- (auto-mode)?
| | +--:(from-pool) | | +--:(from-pool)
| | | +-- rd-pool-name? string | | | +-- rd-pool-name? string
| | +--:(full-auto) | | +--:(full-auto)
| | +-- auto? empty | | +-- auto? empty
| +--ro auto-assigned-rd? rt-types:route-distinguisher | +--ro auto-assigned-rd?
+--:(auto-assigned-suffix) | | rt-types:route-distinguisher
| +-- rd-auto-suffix +--:(auto-assigned-suffix)
| +-- (auto-mode)? | +-- rd-auto-suffix
| | +--:(from-pool) | +-- (auto-mode)?
| | | +-- rd-pool-name? string | | +--:(from-pool)
| | +--:(full-auto) | | | +-- rd-pool-name? string
| | +-- auto? empty | | +--:(full-auto)
| +--ro auto-assigned-rd-suffix? uint16 | | +-- auto? empty
+--:(no-rd) | +--ro auto-assigned-rd-suffix? uint16
+-- no-rd? empty +--:(no-rd)
+-- no-rd? empty
Figure 2: Route Distinguisher Grouping Subtree Figure 2: Route Distinguisher Grouping Subtree
'vpn-components-group': 'vpn-components-group':
A YANG grouping that is used to group VPN nodes, VPN network A YANG grouping that is used to group VPN nodes, VPN network
accesses, or sites. For example, diversity or redundancy accesses, or sites. For example, diversity or redundancy
constraints can be applied on a per-group basis. constraints can be applied on a per-group basis.
'placement-constraints': 'placement-constraints':
A YANG grouping that is used to define the placement A YANG grouping that is used to define the placement constraints
constraints of a VPN node, VPN network access, or site. of a VPN node, VPN network access, or site.
'ports': 'ports':
A YANG grouping that defines ranges of source and destination A YANG grouping that defines ranges of source and destination port
port numbers and operators. The subtree of this grouping is numbers and operators. The subtree of this grouping is depicted
depicted in Figure 3. in Figure 3.
grouping ports grouping ports:
+-- (source-port)? +-- (source-port)?
| +--:(source-port-range-or-operator) | +--:(source-port-range-or-operator)
| +-- source-port-range-or-operator | +-- source-port-range-or-operator
| +-- (port-range-or-operator)? | +-- (port-range-or-operator)?
| +--:(range) | +--:(range)
| | +-- lower-port inet:port-number | | +-- lower-port inet:port-number
| | +-- upper-port inet:port-number | | +-- upper-port inet:port-number
| +--:(operator) | +--:(operator)
| +-- operator? operator | +-- operator? operator
| +-- port inet:port-number | +-- port inet:port-number
+-- (destination-port)? +-- (destination-port)?
+--:(destination-port-range-or-operator) +--:(destination-port-range-or-operator)
+-- destination-port-range-or-operator +-- destination-port-range-or-operator
+-- (port-range-or-operator)? +-- (port-range-or-operator)?
+--:(range) +--:(range)
| +-- lower-port inet:port-number | +-- lower-port inet:port-number
| +-- upper-port inet:port-number | +-- upper-port inet:port-number
+--:(operator) +--:(operator)
+-- operator? operator +-- operator? operator
+-- port inet:port-number +-- port inet:port-number
Figure 3: Port Numbers Grouping Subtree Figure 3: Port Numbers Grouping Subtree
'qos-classification-policy': 'qos-classification-policy':
A YANG grouping that defines a set of QoS classification A YANG grouping that defines a set of QoS classification policies
policies based on various match Layer 3/4 and application based on various Layer 3/4 and application match criteria. The
criteria. The subtree of this grouping is depicted in subtree of this grouping is depicted in Figure 4.
Figure 4.
The QoS match criteria reuse groupings that are defined in the The QoS match criteria reuse groupings that are defined in the
packet fields module "ietf-packet-fields" (Section 4.2 of packet fields module "ietf-packet-fields" (Section 4.2 of
[RFC8519]). [RFC8519]).
Any layer 4 protocol can be indicated in the 'protocol' data Any Layer 4 protocol can be indicated in the 'protocol' data node
node under 'l3', but only TCP and UDP specific match criteria under 'l3', but only TCP- and UDP-specific match criteria are
are elaborated in this version as these protocols are widely elaborated on in this version, as these protocols are widely used
used in the context of VPN services. Future revisions can be in the context of VPN services. Future revisions can be
considered to add other Layer 4 specific parameters (e.g., considered to add other Layer-4-specific parameters (e.g., the
Stream Control Transmission Protocol [RFC4960]), if needed. Stream Control Transmission Protocol [RFC4960]), if needed.
Some transport protocols use existing protocols (e.g., TCP or Some transport protocols use existing protocols (e.g., TCP or UDP)
UDP) as substrate. The match criteria for such protocols may as the substrate. The match criteria for such protocols may rely
rely upon the 'protocol' under 'l3', TCP/UDP match criteria upon the 'protocol' under 'l3', TCP/UDP match criteria as shown in
shown in Figure 4, part of the TCP/UDP payload, or a Figure 4, part of the TCP/UDP payload, or a combination thereof.
combination thereof. This version of the module does not This version of the module does not support such advanced match
support such advanced match criteria. Future revisions of the criteria. Future revisions of the module may consider adding
module may consider adding match criteria based on the match criteria based on the transport protocol payload (e.g., by
transport protocol payload (e.g., by means of a bitmask match). means of a bitmask match).
grouping qos-classification-policy grouping qos-classification-policy:
+-- rule* [id] +-- rule* [id]
+-- id string +-- id string
+-- (match-type)? +-- (match-type)?
| +--:(match-flow) | +--:(match-flow)
| | +-- (l3)? | | +-- (l3)?
| | | +--:(ipv4) | | | +--:(ipv4)
| | | | +-- ipv4 | | | | +-- ipv4
| | | | +-- dscp? inet:dscp | | | | +-- dscp? inet:dscp
| | | | +-- ecn? uint8 | | | | +-- ecn? uint8
| | | | +-- length? uint16 | | | | +-- length? uint16
| | | | +-- ttl? uint8 | | | | +-- ttl? uint8
| | | | +-- protocol? uint8 | | | | +-- protocol? uint8
| | | | +-- ihl? uint8 | | | | +-- ihl? uint8
| | | | +-- flags? bits | | | | +-- flags? bits
| | | | +-- offset? uint16 | | | | +-- offset? uint16
| | | | +-- identification? uint16 | | | | +-- identification? uint16
| | | | +-- (destination-network)? | | | | +-- (destination-network)?
| | | | | +--:(destination-ipv4-network) | | | | | +--:(destination-ipv4-network)
| | | | | +-- destination-ipv4-network? | | | | | +-- destination-ipv4-network?
| | | | | inet:ipv4-prefix | | | | | inet:ipv4-prefix
| | | | +-- (source-network)? | | | | +-- (source-network)?
| | | | +--:(source-ipv4-network) | | | | +--:(source-ipv4-network)
| | | | +-- source-ipv4-network? | | | | +-- source-ipv4-network?
| | | | inet:ipv4-prefix | | | | inet:ipv4-prefix
| | | +--:(ipv6) | | | +--:(ipv6)
| | | +-- ipv6 | | | +-- ipv6
| | | +-- dscp? inet:dscp | | | +-- dscp? inet:dscp
| | | +-- ecn? uint8 | | | +-- ecn? uint8
| | | +-- length? uint16 | | | +-- length? uint16
| | | +-- ttl? uint8 | | | +-- ttl? uint8
| | | +-- protocol? uint8 | | | +-- protocol? uint8
| | | +-- (destination-network)? | | | +-- (destination-network)?
| | | | +--:(destination-ipv6-network) | | | | +--:(destination-ipv6-network)
| | | | +-- destination-ipv6-network? | | | | +-- destination-ipv6-network?
| | | | inet:ipv6-prefix | | | | inet:ipv6-prefix
| | | +-- (source-network)? | | | +-- (source-network)?
| | | | +--:(source-ipv6-network) | | | | +--:(source-ipv6-network)
| | | | +-- source-ipv6-network? | | | | +-- source-ipv6-network?
| | | | inet:ipv6-prefix | | | | inet:ipv6-prefix
| | | +-- flow-label? | | | +-- flow-label?
| | | inet:ipv6-flow-label | | | inet:ipv6-flow-label
| | +-- (l4)? | | +-- (l4)?
| | +--:(tcp) | | +--:(tcp)
| | | +-- tcp | | | +-- tcp
| | | +-- sequence-number? uint32 | | | +-- sequence-number? uint32
| | | +-- acknowledgement-number? uint32 | | | +-- acknowledgement-number? uint32
| | | +-- data-offset? uint8 | | | +-- data-offset? uint8
| | | +-- reserved? uint8 | | | +-- reserved? uint8
| | | +-- flags? bits | | | +-- flags? bits
| | | +-- window-size? uint16 | | | +-- window-size? uint16
| | | +-- urgent-pointer? uint16 | | | +-- urgent-pointer? uint16
| | | +-- options? binary | | | +-- options? binary
| | | +-- (source-port)? | | | +-- (source-port)?
| | | | +--:(source-port-range-or-operator) | | | | +--:(source-port-range-or-operator)
| | | | +-- source-port-range-or-operator | | | | +-- source-port-range-or-operator
| | | | +-- (port-range-or-operator)? | | | | +-- (port-range-or-operator)?
| | | | +--:(range) | | | | +--:(range)
| | | | | +-- lower-port | | | | | +-- lower-port
| | | | | | inet:port-number | | | | | | inet:port-number
| | | | | +-- upper-port | | | | | +-- upper-port
| | | | | inet:port-number | | | | | inet:port-number
| | | | +--:(operator) | | | | +--:(operator)
| | | | +-- operator? operator | | | | +-- operator? operator
| | | | +-- port | | | | +-- port
| | | | inet:port-number | | | | inet:port-number
| | | +-- (destination-port)? | | | +-- (destination-port)?
| | | +--:(destination-port-range-or-operator) | | | +--:(destination-port-range-or-operator)
| | | +-- destination-port-range-or-operator | | | +-- destination-port-range-or-operator
| | | +-- (port-range-or-operator)? | | | +-- (port-range-or-operator)?
| | | +--:(range) | | | +--:(range)
| | | | +-- lower-port | | | | +-- lower-port
| | | | | inet:port-number | | | | | inet:port-number
| | | | +-- upper-port | | | | +-- upper-port
| | | | inet:port-number | | | | inet:port-number
| | | +--:(operator) | | | +--:(operator)
| | | +-- operator? operator | | | +-- operator? operator
| | | +-- port | | | +-- port
| | | inet:port-number | | | inet:port-number
| | +--:(udp) | | +--:(udp)
| | +-- udp | | +-- udp
| | +-- length? uint16 | | +-- length? uint16
| | +-- (source-port)? | | +-- (source-port)?
| | | +--:(source-port-range-or-operator) | | | +--:(source-port-range-or-operator)
| | | +-- source-port-range-or-operator | | | +-- source-port-range-or-operator
| | | +-- (port-range-or-operator)? | | | +-- (port-range-or-operator)?
| | | +--:(range) | | | +--:(range)
| | | | +-- lower-port | | | | +-- lower-port
| | | | | inet:port-number | | | | | inet:port-number
| | | | +-- upper-port | | | | +-- upper-port
| | | | inet:port-number | | | | inet:port-number
| | | +--:(operator) | | | +--:(operator)
| | | +-- operator? operator | | | +-- operator? operator
| | | +-- port | | | +-- port
| | | inet:port-number | | | inet:port-number
| | +-- (destination-port)? | | +-- (destination-port)?
| | +--:(destination-port-range-or-operator) | | +--:(destination-port-range-or-operator)
| | +-- destination-port-range-or-operator | | +-- destination-port-range-or-operator
| | +-- (port-range-or-operator)? | | +-- (port-range-or-operator)?
| | +--:(range) | | +--:(range)
| | | +-- lower-port | | | +-- lower-port
| | | | inet:port-number | | | | inet:port-number
| | | +-- upper-port | | | +-- upper-port
| | | inet:port-number | | | inet:port-number
| | +--:(operator) | | +--:(operator)
| | +-- operator? operator | | +-- operator? operator
| | +-- port | | +-- port
| | inet:port-number | | inet:port-number
| +--:(match-application) | +--:(match-application)
| +-- match-application? identityref | +-- match-application? identityref
+-- target-class-id? string {qos}? +-- target-class-id? string
Figure 4: QoS Classification Subtree Figure 4: QoS Classification Subtree
4. Layer 2/3 VPN Common Module 4. Layer 2/3 VPN Common Module
This module uses types defined in [RFC6991], [RFC8294], and This module uses types defined in [RFC6991], [RFC8294], and
[RFC8519]. It also uses the extension defined in [RFC8341]. [RFC8519]. It also uses the extension defined in [RFC8341].
<CODE BEGINS> file "ietf-vpn-common@2021-09-10.yang" <CODE BEGINS> file "ietf-vpn-common@2022-02-11.yang"
module ietf-vpn-common { module ietf-vpn-common {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-vpn-common"; namespace "urn:ietf:params:xml:ns:yang:ietf-vpn-common";
prefix vpn-common; prefix vpn-common;
import ietf-netconf-acm { import ietf-netconf-acm {
prefix nacm; prefix nacm;
reference reference
"RFC 8341: Network Configuration Access Control Model"; "RFC 8341: Network Configuration Access Control Model";
} }
skipping to change at page 14, line 4 skipping to change at line 566
import ietf-netconf-acm { import ietf-netconf-acm {
prefix nacm; prefix nacm;
reference reference
"RFC 8341: Network Configuration Access Control Model"; "RFC 8341: Network Configuration Access Control Model";
} }
import ietf-routing-types { import ietf-routing-types {
prefix rt-types; prefix rt-types;
reference reference
"RFC 8294: Common YANG Data Types for the Routing Area"; "RFC 8294: Common YANG Data Types for the Routing Area";
} }
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
reference reference
"RFC 6991: Common YANG Data Types, Section 3"; "RFC 6991: Common YANG Data Types, Section 3";
} }
import ietf-packet-fields { import ietf-packet-fields {
prefix packet-fields; prefix packet-fields;
reference reference
"RFC 8519: YANG Data Model for Network Access "RFC 8519: YANG Data Model for Network Access
Control Lists (ACLs)"; Control Lists (ACLs)";
} }
organization organization
"IETF OPSAWG (Operations and Management Area Working Group)"; "IETF OPSAWG (Operations and Management Area Working Group)";
contact contact
"WG Web: <https://datatracker.ietf.org/wg/opsawg/> "WG Web: <https://datatracker.ietf.org/wg/opsawg/>
WG List: <mailto:opsawg@ietf.org> WG List: <mailto:opsawg@ietf.org>
Editor: Mohamed Boucadair Editor: Mohamed Boucadair
<mailto:mohamed.boucadair@orange.com> <mailto:mohamed.boucadair@orange.com>
Author: Samier Barguil Author: Samier Barguil
<mailto:samier.barguilgiraldo.ext@telefonica.com> <mailto:samier.barguilgiraldo.ext@telefonica.com>
Author: Oscar Gonzalez de Dios Editor: Oscar Gonzalez de Dios
<mailto:oscar.gonzalezdedios@telefonica.com> <mailto:oscar.gonzalezdedios@telefonica.com>
Author: Qin Wu Author: Qin Wu
<mailto:bill.wu@huawei.com>"; <mailto:bill.wu@huawei.com>";
description description
"This YANG module defines a common module that is meant "This YANG module defines a common module that is meant
to be reused by various VPN-related modules (e.g., to be reused by various VPN-related modules (e.g., the
Layer 3 VPN Service Model (L3SM), Layer 2 VPN Service Layer 3 VPN Service Model (L3SM), the Layer 2 VPN Service
Model (L2SM), Layer 3 VPN Network Model (L3NM), Layer 2 Model (L2SM), the Layer 3 VPN Network Model (L3NM), and
VPN Network Model (L2NM)). the Layer 2 VPN Network Model (L2NM)).
Copyright (c) 2021 IETF Trust and the persons identified as Copyright (c) 2022 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject to
to the license terms contained in, the Simplified BSD License the license terms contained in, the Revised BSD License set
set forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC 9181; see the
the RFC itself for full legal notices."; RFC itself for full legal notices.";
revision 2021-09-10 { revision 2022-02-11 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A Layer 2/3 VPN Common YANG Model"; "RFC 9181: A Common YANG Data Model for Layer 2 and Layer 3
VPNs";
} }
/******** Collection of VPN-related Features ********/ /******** Collection of VPN-related features ********/
/* /*
* Features related to encapsulation schemes * Features related to encapsulation schemes
*/ */
feature dot1q { feature dot1q {
description description
"Indicates the support for the Dot1q encapsulation."; "Indicates support for dot1Q encapsulation.";
reference reference
"IEEE Std 802.1Q: Bridges and Bridged Networks"; "IEEE Std 802.1Q: IEEE Standard for Local and Metropolitan
Area Networks--Bridges and Bridged
Networks";
} }
feature qinq { feature qinq {
description description
"Indicates the support for the QinQ encapsulation."; "Indicates support for QinQ encapsulation.";
reference reference
"IEEE Std 802.1ad: Provider Bridges"; "IEEE Std 802.1ad: IEEE Standard for Local and Metropolitan
Area Networks---Virtual Bridged Local
Area Networks---Amendment 4: Provider
Bridges";
} }
feature vxlan { feature vxlan {
description description
"Indicates the support for the Virtual eXtensible "Indicates support for Virtual eXtensible Local Area
Local Area Network (VXLAN) encapsulation."; Network (VXLAN) encapsulation.";
reference reference
"RFC 7348: Virtual eXtensible Local Area Network (VXLAN): "RFC 7348: Virtual eXtensible Local Area Network (VXLAN):
A Framework for Overlaying Virtualized Layer 2 A Framework for Overlaying Virtualized Layer 2
Networks over Layer 3 Networks"; Networks over Layer 3 Networks";
} }
feature qinany { feature qinany {
description description
"Indicates the support for the QinAny encapsulation. "Indicates support for QinAny encapsulation.
The outer VLAN tag is set to a specific value but The outer VLAN tag is set to a specific value, but
the inner VLAN tag is set to any."; the inner VLAN tag is set to any.";
} }
feature lag-interface { feature lag-interface {
description description
"Indicates the support for Link Aggregation Group (LAG) "Indicates support for Link Aggregation Groups (LAGs)
between VPN network accesses."; between VPN network accesses.";
reference reference
"IEEE Std. 802.1AX: Link Aggregation"; "IEEE Std 802.1AX: IEEE Standard for Local and Metropolitan
Area Networks--Link Aggregation";
} }
/* /*
* Features related to multicast * Features related to multicast
*/ */
feature multicast { feature multicast {
description description
"Indicates multicast capabilities support in a VPN."; "Indicates support for multicast capabilities in a VPN.";
reference reference
"RFC 6513: Multicast in MPLS/BGP IP VPNs"; "RFC 6513: Multicast in MPLS/BGP IP VPNs";
} }
feature igmp { feature igmp {
description description
"Indicates support for Internet Group Management Protocol "Indicates support for the Internet Group Management
(IGMP)."; Protocol (IGMP).";
reference reference
"RFC 1112: Host Extensions for IP Multicasting "RFC 1112: Host Extensions for IP Multicasting
RFC 2236: Internet Group Management Protocol, Version 2 RFC 2236: Internet Group Management Protocol, Version 2
RFC 3376: Internet Group Management Protocol, Version 3"; RFC 3376: Internet Group Management Protocol, Version 3";
} }
feature mld { feature mld {
description description
"Indicates support for Multicast Listener Discovery (MLD)."; "Indicates support for Multicast Listener Discovery (MLD).";
reference reference
"RFC 2710: Multicast Listener Discovery (MLD) for IPv6 "RFC 2710: Multicast Listener Discovery (MLD) for IPv6
RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) RFC 3810: Multicast Listener Discovery Version 2 (MLDv2)
for IPv6"; for IPv6";
} }
feature pim { feature pim {
description description
"Indicates support for Protocol Independent Multicast (PIM)."; "Indicates support for Protocol Independent Multicast
(PIM).";
reference reference
"RFC 7761: Protocol Independent Multicast - Sparse Mode "RFC 7761: Protocol Independent Multicast - Sparse Mode
(PIM-SM): Protocol Specification (Revised)"; (PIM-SM): Protocol Specification (Revised)";
} }
/* /*
* Features related to address family types * Features related to address family types
*/ */
feature ipv4 { feature ipv4 {
description description
"Indicates IPv4 support in a VPN. That is, IPv4 traffic "Indicates IPv4 support in a VPN. That is, IPv4 traffic
can be carried in the VPN, IPv4 addresses/prefixes can can be carried in the VPN, IPv4 addresses/prefixes can
be assigned to a VPN network access, IPv4 routes can be be assigned to a VPN network access, IPv4 routes can be
installed for the CE/PE link, etc."; installed for the Customer Edge to Provider Edge (CE-PE)
link, etc.";
reference reference
"RFC 791: Internet Protocol"; "RFC 791: Internet Protocol";
} }
feature ipv6 { feature ipv6 {
description description
"Indicates IPv6 support in a VPN. That is, IPv6 traffic "Indicates IPv6 support in a VPN. That is, IPv6 traffic
can be carried in the VPN, IPv6 addresses/prefixes can can be carried in the VPN, IPv6 addresses/prefixes can
be assigned to a VPN network access, IPv6 routes can be be assigned to a VPN network access, IPv6 routes can be
installed for the CE/PE link, etc."; installed for the CE-PE link, etc.";
reference reference
"RFC 8200: Internet Protocol, Version 6 (IPv6)"; "RFC 8200: Internet Protocol, Version 6 (IPv6)
Specification";
} }
/* /*
* Features related to routing protocols * Features related to routing protocols
*/ */
feature rtg-ospf { feature rtg-ospf {
description description
"Indicates support for the OSPF as the Provider Edge (PE)/ "Indicates support for OSPF as the Provider Edge to
Customer Edge (CE) routing protocol."; Customer Edge (PE-CE) routing protocol.";
reference reference
"RFC 4577: OSPF as the Provider/Customer Edge Protocol "RFC 4577: OSPF as the Provider/Customer Edge Protocol
for BGP/MPLS IP Virtual Private Networks (VPNs) for BGP/MPLS IP Virtual Private Networks (VPNs)
RFC 6565: OSPFv3 as a Provider Edge to Customer Edge RFC 6565: OSPFv3 as a Provider Edge to Customer Edge
(PE-CE) Routing Protocol"; (PE-CE) Routing Protocol";
} }
feature rtg-ospf-sham-link { feature rtg-ospf-sham-link {
description description
"Indicates support for OSPF sham links."; "Indicates support for OSPF sham links.";
reference reference
"RFC 4577: OSPF as the Provider/Customer Edge Protocol "RFC 4577: OSPF as the Provider/Customer Edge Protocol
for BGP/MPLS IP Virtual Private Networks (VPNs), for BGP/MPLS IP Virtual Private Networks (VPNs),
Section 4.2.7 Section 4.2.7
RFC 6565: OSPFv3 as a Provider Edge to Customer Edge RFC 6565: OSPFv3 as a Provider Edge to Customer Edge
(PE-CE) Routing Protocol, Section 5"; (PE-CE) Routing Protocol, Section 5";
} }
feature rtg-bgp { feature rtg-bgp {
description description
"Indicates support for BGP as the PE/CE routing protocol."; "Indicates support for BGP as the PE-CE routing protocol.";
reference reference
"RFC 4271: A Border Gateway Protocol 4 (BGP-4)"; "RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
} }
feature rtg-rip { feature rtg-rip {
description description
"Indicates support for RIP as the PE/CE routing protocol."; "Indicates support for RIP as the PE-CE routing protocol.";
reference reference
"RFC 2453: RIP Version 2 "RFC 2453: RIP Version 2
RFC 2080: RIPng for IPv6"; RFC 2080: RIPng for IPv6";
} }
feature rtg-isis { feature rtg-isis {
description description
"Indicates support for IS-IS as the PE/CE routing protocol."; "Indicates support for IS-IS as the PE-CE routing
protocol.";
reference reference
"ISO10589: Intermediate System to Intermediate System intra- "ISO10589: Information technology - Telecommunications and
domain routeing information exchange protocol for information exchange between systems -
use in conjunction with the protocol for providing Intermediate System to Intermediate System
the connectionless-mode network service intra-domain routeing information exchange
(ISO 8473)"; protocol for use in conjunction with the protocol
for providing the connectionless-mode network
service (ISO 8473)";
} }
feature rtg-vrrp { feature rtg-vrrp {
description description
"Indicates support for the Virtual Router Redundancy "Indicates support for the Virtual Router Redundancy
Protocol (VRRP) in CE/PE link."; Protocol (VRRP) in the CE-PE link.";
reference reference
"RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3 "RFC 5798: Virtual Router Redundancy Protocol (VRRP)
for IPv4 and IPv6"; Version 3 for IPv4 and IPv6";
} }
feature bfd { feature bfd {
description description
"Indicates support for Bidirectional Forwarding Detection (BFD) "Indicates support for Bidirectional Forwarding Detection
between the CE and the PE."; (BFD) between the CE and the PE.";
reference reference
"RFC 5880: Bidirectional Forwarding Detection (BFD)"; "RFC 5880: Bidirectional Forwarding Detection (BFD)";
} }
/* /*
* Features related to VPN service constraints * Features related to VPN service constraints
*/ */
feature bearer-reference { feature bearer-reference {
description description
"A bearer refers to properties of the CE-PE attachment that "A bearer refers to properties of the CE-PE attachment that
are below Layer 3. are below Layer 3.
This feature indicates support for the bearer reference access This feature indicates support for the bearer reference
constraint. That is, the reuse of a network connection that was access constraint, i.e., the reuse of a network connection
already ordered to the service provider apart from the IP VPN that was already ordered to the service provider apart from
site."; the IP VPN site.";
} }
feature placement-diversity { feature placement-diversity {
description description
"Indicates support for placement diversity constraints in the "Indicates support for placement diversity constraints in
customer premises. An example of these constraints may be to the customer premises. An example of these constraints
avoid connecting a site network access to the same Provider may be to avoid connecting a site network access to the
Edge as a target site network access."; same PE as a target site network access.";
} }
/* /*
* Features related to bandwidth and Quality of Service (QoS) * Features related to bandwidth and Quality of Service (QoS)
*/ */
feature qos { feature qos {
description description
"Indicates support for Classes of Service (CoSes) in the VPN."; "Indicates support for Classes of Service (CoSes) in
the VPN.";
} }
feature inbound-bw { feature inbound-bw {
description description
"Indicates support for the inbound bandwidth in a VPN. That is, "Indicates support for the inbound bandwidth in a VPN,
support for specifying the download bandwidth from the service i.e., support for specifying the download bandwidth from
provider network to the VPN site. Note that the L3SM uses the service provider network to the VPN site. Note that
'input' to identify the same feature. That terminology should the L3SM uses 'input' to identify the same feature.
be deprecated in favor of the one defined in this module."; That terminology should be deprecated in favor of
the terminology defined in this module.";
} }
feature outbound-bw { feature outbound-bw {
description description
"Indicates support for the outbound bandwidth in a VPN. That is, "Indicates support for the outbound bandwidth in a VPN,
support for specifying the upload bandwidth from the VPN site i.e., support for specifying the upload bandwidth from
to the service provider network. Note that the L3SM uses the VPN site to the service provider network. Note that
'output' to identify the same feature. That terminology should the L3SM uses 'output' to identify the same feature.
be deprecated in favor of the one defined in this module."; That terminology should be deprecated in favor of the
terminology defined in this module.";
} }
/* /*
* Features related to security and resilience * Features related to security and resilience
*/ */
feature encryption { feature encryption {
description description
"Indicates support for encryption in the VPN."; "Indicates support for encryption in the VPN.";
} }
skipping to change at page 20, line 23 skipping to change at line 890
description description
"Indicates support for the VPN to provide external "Indicates support for the VPN to provide external
connectivity (e.g., Internet, private or public cloud)."; connectivity (e.g., Internet, private or public cloud).";
reference reference
"RFC 4364: BGP/MPLS IP Virtual Private Networks "RFC 4364: BGP/MPLS IP Virtual Private Networks
(VPNs), Section 11"; (VPNs), Section 11";
} }
feature extranet-vpn { feature extranet-vpn {
description description
"Indicates support for extranet VPNs. That is, the capability of "Indicates support for extranet VPNs, i.e., the capability
a VPN to access a list of other VPNs."; of a VPN to access a list of other VPNs.";
reference reference
"RFC 4364: BGP/MPLS IP Virtual Private Networks "RFC 4364: BGP/MPLS IP Virtual Private Networks
(VPNs), Section 1.1"; (VPNs), Section 1.1";
} }
feature carriers-carrier { feature carriers-carrier {
description description
"Indicates support for Carrier-of-Carrier VPNs."; "Indicates support for Carriers' Carriers in VPNs.";
reference reference
"RFC 4364: BGP/MPLS IP Virtual Private Networks "RFC 4364: BGP/MPLS IP Virtual Private Networks
(VPNs), Section 9"; (VPNs), Section 9";
} }
/* /*
* Address family related identities * Identities related to address families
*/ */
identity address-family { identity address-family {
description description
"Defines a type for the address family."; "Defines a type for the address family.";
} }
identity ipv4 { identity ipv4 {
base address-family; base address-family;
description description
"Identity for IPv4 address family."; "Identity for an IPv4 address family.";
} }
identity ipv6 { identity ipv6 {
base address-family; base address-family;
description description
"Identity for IPv6 address family."; "Identity for an IPv6 address family.";
} }
identity dual-stack { identity dual-stack {
base address-family; base address-family;
description description
"Identity for IPv4 and IPv6 address family."; "Identity for IPv4 and IPv6 address families.";
} }
/* /*
* Identities related to VPN topology * Identities related to VPN topology
*/ */
identity vpn-topology { identity vpn-topology {
description description
"Base identity of the VPN topology."; "Base identity of the VPN topology.";
} }
identity any-to-any { identity any-to-any {
base vpn-topology; base vpn-topology;
description description
"Identity for any-to-any VPN topology. All VPN sites "Identity for any-to-any VPN topology. All VPN sites
can communicate with each other without any restrictions."; can communicate with each other without any restrictions.";
} }
identity hub-spoke { identity hub-spoke {
base vpn-topology; base vpn-topology;
description description
"Identity for Hub-and-Spoke VPN topology. All Spokes can "Identity for Hub-and-Spoke VPN topology. All Spokes can
communicate only with Hubs but not with each other. Hubs communicate with Hubs only and not with each other. Hubs
can communicate with each other."; can communicate with each other.";
} }
identity hub-spoke-disjoint { identity hub-spoke-disjoint {
base vpn-topology; base vpn-topology;
description description
"Identity for Hub-and-Spoke VPN topology where Hubs cannot "Identity for Hub-and-Spoke VPN topology where Hubs cannot
communicate with each other."; communicate with each other.";
} }
identity custom { identity custom {
base vpn-topology; base vpn-topology;
description description
"Identity for custom VPN topologies where the role of the nodes "Identity for custom VPN topologies where the role of the
is not strictly Hub or Spoke. The VPN topology is controlled by nodes is not strictly Hub or Spoke. The VPN topology is
the import/export policies. The custom topology reflects more controlled by the import/export policies. The custom
complex VPN nodes such as VPN node that acts as Hub for certain topology reflects more complex VPN nodes, such as a
nodes and Spoke to others."; VPN node that acts as a Hub for certain nodes and a Spoke
for others.";
} }
/* /*
* Identities related to network access types * Identities related to network access types
*/ */
identity site-network-access-type { identity site-network-access-type {
description description
"Base identity for site network access type."; "Base identity for site network access types.";
} }
identity point-to-point { identity point-to-point {
base site-network-access-type; base site-network-access-type;
description description
"Point-to-point access type."; "Point-to-point access type.";
} }
identity multipoint { identity multipoint {
base site-network-access-type; base site-network-access-type;
description description
"Multipoint access type."; "Multipoint access type.";
} }
identity irb { identity irb {
base site-network-access-type; base site-network-access-type;
description description
"Integrated Routing Bridge (IRB). "Integrated Routing and Bridging (IRB).
Identity for pseudowire connections."; Identity for pseudowire connections.";
} }
identity loopback { identity loopback {
base site-network-access-type; base site-network-access-type;
description description
"Loopback access type."; "Loopback access type.";
} }
/* /*
* Identities related to operational and administrative status * Identities related to operational and administrative status
*/ */
identity operational-status { identity operational-status {
description description
"Base identity for the operational status."; "Base identity for operational status.";
} }
identity op-up { identity op-up {
base operational-status; base operational-status;
description description
"Operational status is Up/Enabled."; "Operational status is Up/Enabled.";
} }
identity op-down { identity op-down {
base operational-status; base operational-status;
description description
"Operational status is Down/Disabled."; "Operational status is Down/Disabled.";
skipping to change at page 23, line 42 skipping to change at line 1055
identity admin-down { identity admin-down {
base administrative-status; base administrative-status;
description description
"Administrative status is Down/Disabled."; "Administrative status is Down/Disabled.";
} }
identity admin-testing { identity admin-testing {
base administrative-status; base administrative-status;
description description
"Administrative status is up for testing purposes."; "Administrative status is Up for testing purposes.";
} }
identity admin-pre-deployment { identity admin-pre-deployment {
base administrative-status; base administrative-status;
description description
"Administrative status is pre-deployment phase. That is, "Administrative status reflects a pre-deployment phase,
prior to the actual deployment of a service."; i.e., prior to the actual deployment of a service.";
} }
/* /*
* Identities related to site or node role * Identities related to site or node roles
*/ */
identity role { identity role {
description description
"Base identity of a site or a node role."; "Base identity of a site or node role.";
} }
identity any-to-any-role { identity any-to-any-role {
base role; base role;
description description
"Any-to-any role."; "Any-to-any role.";
} }
identity spoke-role { identity spoke-role {
base role; base role;
skipping to change at page 24, line 34 skipping to change at line 1095
identity hub-role { identity hub-role {
base role; base role;
description description
"A node or a site is acting as a Hub."; "A node or a site is acting as a Hub.";
} }
identity custom-role { identity custom-role {
base role; base role;
description description
"VPN node with custom or complex role in the VPN. For some "VPN node with a custom or complex role in the VPN. For
sources/destinations it can behave as a Hub, but for others it some sources/destinations, it can behave as a Hub, but for
can act as a Spoke depending on the configured policy."; others, it can act as a Spoke, depending on the configured
policy.";
} }
/* /*
* Identities related to VPN service constraints * Identities related to VPN service constraints
*/ */
identity placement-diversity { identity placement-diversity {
description description
"Base identity for access placement constraints."; "Base identity for access placement constraints.";
} }
skipping to change at page 25, line 17 skipping to change at line 1127
identity pe-diverse { identity pe-diverse {
base placement-diversity; base placement-diversity;
description description
"PE diversity."; "PE diversity.";
} }
identity pop-diverse { identity pop-diverse {
base placement-diversity; base placement-diversity;
description description
"Point Of Presence (POP) diversity."; "Point of Presence (POP) diversity.";
} }
identity linecard-diverse { identity linecard-diverse {
base placement-diversity; base placement-diversity;
description description
"Linecard diversity."; "Linecard diversity.";
} }
identity same-pe { identity same-pe {
base placement-diversity; base placement-diversity;
skipping to change at page 25, line 44 skipping to change at line 1154
description description
"Having sites connected using the same bearer."; "Having sites connected using the same bearer.";
} }
/* /*
* Identities related to service types * Identities related to service types
*/ */
identity service-type { identity service-type {
description description
"Base identity for service type."; "Base identity for service types.";
} }
identity l3vpn { identity l3vpn {
base service-type; base service-type;
description description
"L3VPN service."; "L3VPN service.";
reference reference
"RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)"; "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)";
} }
identity vpls { identity vpls {
base service-type; base service-type;
description description
"VPLS service."; "Virtual Private LAN Service (VPLS).";
reference reference
"RFC 4761: Virtual Private LAN Service (VPLS) Using BGP for "RFC 4761: Virtual Private LAN Service (VPLS) Using BGP for
Auto-Discovery and Signaling Auto-Discovery and Signaling
RFC 4762: Virtual Private LAN Service (VPLS) Using Label RFC 4762: Virtual Private LAN Service (VPLS) Using Label
Distribution Protocol (LDP) Signaling"; Distribution Protocol (LDP) Signaling";
} }
identity vpws { identity vpws {
base service-type; base service-type;
description description
"Virtual Private Wire Service (VPWS) service."; "Virtual Private Wire Service (VPWS).";
reference reference
"RFC 4664: Framework for Layer 2 Virtual Private Networks "RFC 4664: Framework for Layer 2 Virtual Private Networks
(L2VPNs), Section 3.1.1"; (L2VPNs), Section 3.1.1";
} }
identity vpws-evpn { identity vpws-evpn {
base service-type; base service-type;
description description
"EVPN used to support VPWS service."; "Ethernet VPN (EVPN) used to support VPWS.";
reference reference
"RFC 8214: Virtual Private Wire Service Support in Ethernet VPN"; "RFC 8214: Virtual Private Wire Service Support in
Ethernet VPN";
} }
identity pbb-evpn { identity pbb-evpn {
base service-type; base service-type;
description description
"Provider Backbone Bridging (PBB) EVPNs service."; "Provider Backbone Bridging (PBB) EVPN service.";
reference reference
"RFC 7623: Provider Backbone Bridging Combined with Ethernet VPN "RFC 7623: Provider Backbone Bridging Combined with
(PBB-EVPN)"; Ethernet VPN (PBB-EVPN)";
} }
identity mpls-evpn { identity mpls-evpn {
base service-type; base service-type;
description description
"MPLS-based EVPN service."; "MPLS-based EVPN service.";
reference reference
"RFC 7432: BGP MPLS-Based Ethernet VPN"; "RFC 7432: BGP MPLS-Based Ethernet VPN";
} }
identity vxlan-evpn { identity vxlan-evpn {
base service-type; base service-type;
description description
"VXLAN-based EVPN service."; "VXLAN-based EVPN service.";
reference reference
"RFC 8365: A Network Virtualization Overlay Solution Using "RFC 8365: A Network Virtualization Overlay Solution Using
Ethernet VPN (EVPN)"; Ethernet VPN (EVPN)";
} }
/* /*
* Identities related to VPN signaling type * Identities related to VPN signaling types
*/ */
identity vpn-signaling-type { identity vpn-signaling-type {
description description
"Base identity for VPN signaling types"; "Base identity for VPN signaling types.";
} }
identity bgp-signaling { identity bgp-signaling {
base vpn-signaling-type; base vpn-signaling-type;
description description
"Layer 2 VPNs using BGP signaling."; "Layer 2 VPNs using BGP signaling.";
reference reference
"RFC 6624: Layer 2 Virtual Private Networks Using BGP for "RFC 6624: Layer 2 Virtual Private Networks Using BGP for
Auto-Discovery and Signaling Auto-Discovery and Signaling
RFC 7432: BGP MPLS-Based Ethernet VPN"; RFC 7432: BGP MPLS-Based Ethernet VPN";
skipping to change at page 28, line 5 skipping to change at line 1261
reference reference
"RFC 3931: Layer Two Tunneling Protocol - Version 3 (L2TPv3)"; "RFC 3931: Layer Two Tunneling Protocol - Version 3 (L2TPv3)";
} }
/* /*
* Identities related to routing protocols * Identities related to routing protocols
*/ */
identity routing-protocol-type { identity routing-protocol-type {
description description
"Base identity for routing protocol type."; "Base identity for routing protocol types.";
} }
identity static-routing { identity static-routing {
base routing-protocol-type; base routing-protocol-type;
description description
"Static routing protocol."; "Static routing protocol.";
} }
identity bgp-routing { identity bgp-routing {
if-feature "rtg-bgp"; if-feature "rtg-bgp";
skipping to change at page 28, line 30 skipping to change at line 1286
"RFC 4271: A Border Gateway Protocol 4 (BGP-4)"; "RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
} }
identity ospf-routing { identity ospf-routing {
if-feature "rtg-ospf"; if-feature "rtg-ospf";
base routing-protocol-type; base routing-protocol-type;
description description
"OSPF routing protocol."; "OSPF routing protocol.";
reference reference
"RFC 4577: OSPF as the Provider/Customer Edge Protocol "RFC 4577: OSPF as the Provider/Customer Edge Protocol
for BGP/MPLS IP Virtual Private Networks(VPNs) for BGP/MPLS IP Virtual Private Networks (VPNs)
RFC 6565: OSPFv3 as a Provider Edge to Customer Edge RFC 6565: OSPFv3 as a Provider Edge to Customer Edge
(PE-CE) Routing Protocol"; (PE-CE) Routing Protocol";
} }
identity rip-routing { identity rip-routing {
if-feature "rtg-rip"; if-feature "rtg-rip";
base routing-protocol-type; base routing-protocol-type;
description description
"RIP routing protocol."; "RIP routing protocol.";
reference reference
"RFC 2453: RIP Version 2 "RFC 2453: RIP Version 2
RFC 2080: RIPng for IPv6"; RFC 2080: RIPng for IPv6";
} }
identity isis-routing { identity isis-routing {
if-feature "rtg-isis"; if-feature "rtg-isis";
base routing-protocol-type; base routing-protocol-type;
description description
"IS-IS routing protocol."; "IS-IS routing protocol.";
reference reference
"ISO10589: Intermediate System to Intermediate System intra- "ISO10589: Information technology - Telecommunications and
domain routeing information exchange protocol for information exchange between systems -
use in conjunction with the protocol for providing Intermediate System to Intermediate System
the connectionless-mode network service intra-domain routeing information exchange
(ISO 8473)"; protocol for use in conjunction with the protocol
for providing the connectionless-mode network
service (ISO 8473)";
} }
identity vrrp-routing { identity vrrp-routing {
if-feature "rtg-vrrp"; if-feature "rtg-vrrp";
base routing-protocol-type; base routing-protocol-type;
description description
"VRRP protocol. "VRRP protocol.
This is to be used when LANs are directly connected to PEs."; This is to be used when LANs are directly connected to
PEs.";
reference reference
"RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3 "RFC 5798: Virtual Router Redundancy Protocol (VRRP)
for IPv4 and IPv6"; Version 3 for IPv4 and IPv6";
} }
identity direct-routing { identity direct-routing {
base routing-protocol-type; base routing-protocol-type;
description description
"Direct routing. "Direct routing.
This is to be used when LANs are directly connected to PEs This is to be used when LANs are directly connected to PEs
and must be advertised in the VPN."; and must be advertised in the VPN.";
} }
identity any-routing { identity any-routing {
base routing-protocol-type; base routing-protocol-type;
description description
"Any routing protocol. "Any routing protocol.
This can be, e.g., used to set policies that apply to any For example, this can be used to set policies that apply
routing protocol in place."; to any routing protocol in place.";
} }
identity isis-level { identity isis-level {
if-feature "rtg-isis"; if-feature "rtg-isis";
description description
"Base identity for the IS-IS level."; "Base identity for the IS-IS level.";
reference reference
"ISO10589: Intermediate System to Intermediate System intra- "ISO10589: Information technology - Telecommunications and
domain routeing information exchange protocol for information exchange between systems -
use in conjunction with the protocol for providing Intermediate System to Intermediate System
the connectionless-mode network service intra-domain routeing information exchange
(ISO 8473)"; protocol for use in conjunction with the protocol
for providing the connectionless-mode network
service (ISO 8473)";
} }
identity level-1 { identity level-1 {
base isis-level; base isis-level;
description description
"IS-IS level 1."; "IS-IS Level 1.";
} }
identity level-2 { identity level-2 {
base isis-level; base isis-level;
description description
"IS-IS level 2."; "IS-IS Level 2.";
} }
identity level-1-2 { identity level-1-2 {
base isis-level; base isis-level;
description description
"IS-IS levels 1 and 2."; "IS-IS Levels 1 and 2.";
} }
identity bfd-session-type { identity bfd-session-type {
if-feature "bfd"; if-feature "bfd";
description description
"Base identity for the BFD session type."; "Base identity for the BFD session type.";
} }
identity classic-bfd { identity classic-bfd {
base bfd-session-type; base bfd-session-type;
skipping to change at page 30, line 41 skipping to change at line 1398
"Classic BFD."; "Classic BFD.";
reference reference
"RFC 5880: Bidirectional Forwarding Detection (BFD)"; "RFC 5880: Bidirectional Forwarding Detection (BFD)";
} }
identity s-bfd { identity s-bfd {
base bfd-session-type; base bfd-session-type;
description description
"Seamless BFD."; "Seamless BFD.";
reference reference
"RFC 7880: Seamless Bidirectional Forwarding Detection (S-BFD)"; "RFC 7880: Seamless Bidirectional Forwarding Detection
(S-BFD)";
} }
/* /*
* Identities related to Routes Import and Export * Identities related to route import and export policies
*/ */
identity ie-type { identity ie-type {
description description
"Base identity for 'import/export' routing profiles. "Base identity for import/export routing profiles.
These profiles can be reused between VPN nodes."; These profiles can be reused between VPN nodes.";
} }
identity import { identity import {
base ie-type; base ie-type;
description description
"'Import' routing profile."; "Import routing profile.";
reference reference
"RFC 4364: BGP/MPLS IP Virtual Private Networks "RFC 4364: BGP/MPLS IP Virtual Private Networks
(VPNs), Section 4.3.1"; (VPNs), Section 4.3.1";
} }
identity export { identity export {
base ie-type; base ie-type;
description description
"'Export' routing profile."; "Export routing profile.";
reference reference
"RFC 4364: BGP/MPLS IP Virtual Private Networks "RFC 4364: BGP/MPLS IP Virtual Private Networks
(VPNs), Section 4.3.1"; (VPNs), Section 4.3.1";
} }
identity import-export { identity import-export {
base ie-type; base ie-type;
description description
"'Import/export' routing profile."; "Import/export routing profile.";
} }
/* /*
* Identities related to bandwidth and QoS * Identities related to bandwidth and QoS
*/ */
identity bw-direction { identity bw-direction {
description description
"Base identity for the bandwidth direction."; "Base identity for the bandwidth direction.";
} }
skipping to change at page 32, line 4 skipping to change at line 1458
description description
"Inbound bandwidth."; "Inbound bandwidth.";
} }
identity outbound-bw { identity outbound-bw {
if-feature "outbound-bw"; if-feature "outbound-bw";
base bw-direction; base bw-direction;
description description
"Outbound bandwidth."; "Outbound bandwidth.";
} }
identity bw-type { identity bw-type {
description description
"Base identity for the bandwidth type."; "Base identity for the bandwidth type.";
} }
identity bw-per-cos { identity bw-per-cos {
if-feature "qos"; if-feature "qos";
base bw-type; base bw-type;
description description
"The bandwidth is per-CoS."; "The bandwidth is per CoS.";
} }
identity bw-per-port { identity bw-per-port {
base bw-type; base bw-type;
description description
"The bandwidth is per-site network access."; "The bandwidth is per a given site network access.";
} }
identity bw-per-site { identity bw-per-site {
base bw-type; base bw-type;
description description
"The bandwidth is per-site. It is applicable to all the site "The bandwidth is per site. It is applicable to all the
network accesses within a site."; site network accesses within a site.";
} }
identity bw-per-service { identity bw-per-service {
base bw-type; base bw-type;
description description
"The bandwidth is per-VPN service."; "The bandwidth is per VPN service.";
} }
identity qos-profile-direction { identity qos-profile-direction {
if-feature "qos"; if-feature "qos";
description description
"Base identity for the QoS profile direction."; "Base identity for the QoS profile direction.";
} }
identity site-to-wan { identity site-to-wan {
base qos-profile-direction; base qos-profile-direction;
description description
"Customer site to provider's network direction. "From the customer site to the provider's network.
This is typically the CE-to-PE direction."; This is typically the CE-to-PE direction.";
} }
identity wan-to-site { identity wan-to-site {
base qos-profile-direction; base qos-profile-direction;
description description
"Provider's network to customer site direction. "From the provider's network to the customer site.
This is typically the PE-to-CE direction."; This is typically the PE-to-CE direction.";
} }
identity both { identity both {
base qos-profile-direction; base qos-profile-direction;
description description
"Both WAN-to-Site and Site-to-WAN directions."; "Both the WAN-to-site direction and the site-to-WAN
direction.";
} }
/* /*
* Identities related to underlay transport instances * Identities related to underlay transport instances
*/ */
identity transport-instance-type { identity transport-instance-type {
description description
"Base identity for underlay transport instance type."; "Base identity for underlay transport instance types.";
} }
identity virtual-network { identity virtual-network {
base transport-instance-type; base transport-instance-type;
description description
"Virtual network."; "Virtual network.";
reference reference
"RFC 8453: Framework for Abstraction and Control of TE "RFC 8453: Framework for Abstraction and Control of TE
Networks (ACTN)"; Networks (ACTN)";
} }
identity enhanced-vpn { identity enhanced-vpn {
base transport-instance-type; base transport-instance-type;
description description
"Enhanced VPN (VPN+). VPN+ is an approach that is "Enhanced VPN (VPN+). VPN+ is an approach that is
based on existing VPN and Traffic Engineering (TE) based on existing VPN and Traffic Engineering (TE)
technologies but adds characteristics that specific technologies but adds characteristics that specific
services require over and above classical VPNs."; services require over and above classical VPNs.";
reference reference
"I-D.ietf-teas-enhanced-vpn: "draft-ietf-teas-enhanced-vpn-09:
A Framework for Enhanced Virtual Private Network A Framework for Enhanced Virtual Private Network
(VPN+) Services"; (VPN+) Services";
} }
identity ietf-network-slice { identity ietf-network-slice {
base transport-instance-type; base transport-instance-type;
description description
"IETF network slice. An IETF network slice "IETF network slice. An IETF network slice
is a logical network topology connecting a number of is a logical network topology connecting a number of
endpoints using a set of shared or dedicated network endpoints using a set of shared or dedicated network
resources that are used to satisfy specific service resources that are used to satisfy specific service
objectives."; objectives.";
reference reference
"I-D.ietf-teas-ietf-network-slices: "draft-ietf-teas-ietf-network-slices-05:
Framework for IETF Network Slices"; Framework for IETF Network Slices";
} }
/* /*
* Identities related to protocol types. These types are typically * Identities related to protocol types. These types are
* used to identify the underlay transport. * typically used to identify the underlay transport.
*/ */
identity protocol-type { identity protocol-type {
description description
"Base identity for Protocol Type."; "Base identity for protocol types.";
} }
identity ip-in-ip { identity ip-in-ip {
base protocol-type; base protocol-type;
description description
"Transport is based on IP-in-IP."; "Transport is based on IP in IP.";
reference reference
"RFC 2003: IP Encapsulation within IP "RFC 2003: IP Encapsulation within IP
RFC 2473: Generic Packet Tunneling in IPv6 Specification"; RFC 2473: Generic Packet Tunneling in IPv6 Specification";
} }
identity ip-in-ipv4 { identity ip-in-ipv4 {
base ip-in-ip; base ip-in-ip;
description description
"Transport is based on IP over IPv4."; "Transport is based on IP over IPv4.";
reference reference
skipping to change at page 34, line 48 skipping to change at line 1599
base ip-in-ip; base ip-in-ip;
description description
"Transport is based on IP over IPv6."; "Transport is based on IP over IPv6.";
reference reference
"RFC 2473: Generic Packet Tunneling in IPv6 Specification"; "RFC 2473: Generic Packet Tunneling in IPv6 Specification";
} }
identity gre { identity gre {
base protocol-type; base protocol-type;
description description
"Transport is based on Generic Routing Encapsulation (GRE)."; "Transport is based on Generic Routing Encapsulation
(GRE).";
reference reference
"RFC 1701: Generic Routing Encapsulation (GRE) "RFC 1701: Generic Routing Encapsulation (GRE)
RFC 1702: Generic Routing Encapsulation over IPv4 networks RFC 1702: Generic Routing Encapsulation over IPv4 networks
RFC 7676: IPv6 Support for Generic Routing Encapsulation (GRE)"; RFC 7676: IPv6 Support for Generic Routing Encapsulation
(GRE)";
} }
identity gre-v4 { identity gre-v4 {
base gre; base gre;
description description
"Transport is based on GRE over IPv4."; "Transport is based on GRE over IPv4.";
reference reference
"RFC 1702: Generic Routing Encapsulation over IPv4 networks"; "RFC 1702: Generic Routing Encapsulation over IPv4
networks";
} }
identity gre-v6 { identity gre-v6 {
base gre; base gre;
description description
"Transport is based on GRE over IPv6."; "Transport is based on GRE over IPv6.";
reference reference
"RFC 7676: IPv6 Support for Generic Routing Encapsulation (GRE)"; "RFC 7676: IPv6 Support for Generic Routing Encapsulation
(GRE)";
} }
identity vxlan-trans { identity vxlan-trans {
base protocol-type; base protocol-type;
description description
"Transport is based on VXLAN."; "Transport is based on VXLANs.";
reference reference
"RFC 7348: Virtual eXtensible Local Area Network (VXLAN): "RFC 7348: Virtual eXtensible Local Area Network (VXLAN):
A Framework for Overlaying Virtualized Layer 2 A Framework for Overlaying Virtualized Layer 2
Networks over Layer 3 Networks"; Networks over Layer 3 Networks";
} }
identity geneve { identity geneve {
base protocol-type; base protocol-type;
description description
"Transport is based on Generic Network Virtualization "Transport is based on Generic Network Virtualization
Encapsulation (GENEVE)."; Encapsulation (Geneve).";
reference reference
"RFC 8926: Geneve: Generic Network Virtualization Encapsulation"; "RFC 8926: Geneve: Generic Network Virtualization
Encapsulation";
} }
identity ldp { identity ldp {
base protocol-type; base protocol-type;
description description
"Transport is based on LDP."; "Transport is based on LDP.";
reference reference
"RFC 5036: LDP Specification"; "RFC 5036: LDP Specification";
} }
identity mpls-in-udp { identity mpls-in-udp {
base protocol-type; base protocol-type;
description description
"Transport is MPLS in UDP."; "Transport is based on MPLS in UDP.";
reference reference
"RFC 7510: Encapsulating MPLS in UDP"; "RFC 7510: Encapsulating MPLS in UDP";
} }
identity sr { identity sr {
base protocol-type; base protocol-type;
description description
"Transport is based on Segment Routing (SR)."; "Transport is based on Segment Routing (SR).";
reference reference
"RFC 8660: Segment Routing with the MPLS Data Plane "RFC 8660: Segment Routing with the MPLS Data Plane
RFC 8663: MPLS Segment Routing over IP RFC 8663: MPLS Segment Routing over IP
RFC 8754: IPv6 Segment Routing Header (SRH)"; RFC 8754: IPv6 Segment Routing Header (SRH)";
} }
identity sr-mpls { identity sr-mpls {
base sr; base sr;
description description
"Transport is based on SR with MPLS."; "Transport is based on SR with the MPLS data plane.";
reference reference
"RFC 8660: Segment Routing with the MPLS Data Plane"; "RFC 8660: Segment Routing with the MPLS Data Plane";
} }
identity srv6 { identity srv6 {
base sr; base sr;
description description
"Transport is based on SR over IPv6."; "Transport is based on SR over IPv6.";
reference reference
"RFC 8754: IPv6 Segment Routing Header (SRH)"; "RFC 8754: IPv6 Segment Routing Header (SRH)";
skipping to change at page 37, line 6 skipping to change at line 1707
base protocol-type; base protocol-type;
description description
"Transport setup relies upon RSVP-TE."; "Transport setup relies upon RSVP-TE.";
reference reference
"RFC 3209: RSVP-TE: Extensions to RSVP for LSP Tunnels"; "RFC 3209: RSVP-TE: Extensions to RSVP for LSP Tunnels";
} }
identity bgp-lu { identity bgp-lu {
base protocol-type; base protocol-type;
description description
"Transport setup relies upon BGP-LU."; "Transport setup relies upon BGP-based labeled prefixes.";
reference reference
"RFC 8277: Using BGP to Bind MPLS Labels to Address Prefixes"; "RFC 8277: Using BGP to Bind MPLS Labels to Address Prefixes";
} }
identity unknown { identity unknown {
base protocol-type; base protocol-type;
description description
"Not known protocol type."; "Unknown protocol type.";
} }
/* /*
* Identities related to encapsulations * Identities related to encapsulation types
*/ */
identity encapsulation-type { identity encapsulation-type {
description description
"Base identity for the encapsulation type."; "Base identity for encapsulation types.";
} }
identity priority-tagged { identity priority-tagged {
base encapsulation-type; base encapsulation-type;
description description
"Priority-tagged interface."; "Priority-tagged interface.";
} }
identity dot1q { identity dot1q {
if-feature "dot1q"; if-feature "dot1q";
base encapsulation-type; base encapsulation-type;
description description
"Dot1q encapsulation."; "dot1Q encapsulation.";
} }
identity qinq { identity qinq {
if-feature "qinq"; if-feature "qinq";
base encapsulation-type; base encapsulation-type;
description description
"QinQ encapsulation."; "QinQ encapsulation.";
} }
identity qinany { identity qinany {
skipping to change at page 38, line 4 skipping to change at line 1753
description description
"QinQ encapsulation."; "QinQ encapsulation.";
} }
identity qinany { identity qinany {
if-feature "qinany"; if-feature "qinany";
base encapsulation-type; base encapsulation-type;
description description
"QinAny encapsulation."; "QinAny encapsulation.";
} }
identity vxlan { identity vxlan {
if-feature "vxlan"; if-feature "vxlan";
base encapsulation-type; base encapsulation-type;
description description
"VxLAN encapsulation."; "VXLAN encapsulation.";
} }
identity ethernet-type { identity ethernet-type {
base encapsulation-type; base encapsulation-type;
description description
"Ethernet encapsulation type."; "Ethernet encapsulation type.";
} }
identity vlan-type { identity vlan-type {
base encapsulation-type; base encapsulation-type;
skipping to change at page 38, line 43 skipping to change at line 1793
} }
identity lag-int { identity lag-int {
if-feature "lag-interface"; if-feature "lag-interface";
base encapsulation-type; base encapsulation-type;
description description
"LAG interface type."; "LAG interface type.";
} }
/* /*
* Identities related to VLAN Tag * Identities related to VLAN tags
*/ */
identity tag-type { identity tag-type {
description description
"Base identity for the tag types."; "Base identity for VLAN tag types.";
} }
identity c-vlan { identity c-vlan {
base tag-type; base tag-type;
description description
"Indicates Customer VLAN (C-VLAN) tag, normally using "Indicates a Customer VLAN (C-VLAN) tag, normally using
the 0x8100 Ethertype."; the 0x8100 Ethertype.";
} }
identity s-vlan { identity s-vlan {
base tag-type; base tag-type;
description description
"Indicates Service VLAN (S-VLAN) tag."; "Indicates a Service VLAN (S-VLAN) tag.";
} }
identity s-c-vlan { identity s-c-vlan {
base tag-type; base tag-type;
description description
"Uses both an S-VLAN tag and a C-VLAN tag."; "Uses both an S-VLAN tag and a C-VLAN tag.";
} }
/* /*
* Identities related to VXLAN * Identities related to VXLANs
*/ */
identity vxlan-peer-mode { identity vxlan-peer-mode {
if-feature "vxlan"; if-feature "vxlan";
description description
"Base identity for the VXLAN peer mode."; "Base identity for VXLAN peer modes.";
} }
identity static-mode { identity static-mode {
base vxlan-peer-mode; base vxlan-peer-mode;
description description
"VXLAN access in the static mode."; "VXLAN access in the static mode.";
} }
identity bgp-mode { identity bgp-mode {
base vxlan-peer-mode; base vxlan-peer-mode;
skipping to change at page 39, line 51 skipping to change at line 1849
"VXLAN access by BGP EVPN learning."; "VXLAN access by BGP EVPN learning.";
} }
/* /*
* Identities related to multicast * Identities related to multicast
*/ */
identity multicast-gp-address-mapping { identity multicast-gp-address-mapping {
if-feature "multicast"; if-feature "multicast";
description description
"Base identity for multicast group mapping type."; "Base identity for multicast group mapping types.";
} }
identity static-mapping { identity static-mapping {
base multicast-gp-address-mapping; base multicast-gp-address-mapping;
description description
"Static mapping, i.e., attach the interface to the "Static mapping, i.e., an interface is attached to the
multicast group as a static member."; multicast group as a static member.";
} }
identity dynamic-mapping { identity dynamic-mapping {
base multicast-gp-address-mapping; base multicast-gp-address-mapping;
description description
"Dynamic mapping, i.e., an interface is added to the "Dynamic mapping, i.e., an interface is added to the
multicast group as a result of snooping."; multicast group as a result of snooping.";
} }
identity multicast-tree-type { identity multicast-tree-type {
if-feature "multicast"; if-feature "multicast";
description description
"Base identity for multicast tree type."; "Base identity for multicast tree types.";
} }
identity ssm-tree-type { identity ssm-tree-type {
base multicast-tree-type; base multicast-tree-type;
description description
"Source-Specific Multicast (SSM) tree type."; "Source-Specific Multicast (SSM) tree type.";
} }
identity asm-tree-type { identity asm-tree-type {
base multicast-tree-type; base multicast-tree-type;
skipping to change at page 40, line 48 skipping to change at line 1893
identity bidir-tree-type { identity bidir-tree-type {
base multicast-tree-type; base multicast-tree-type;
description description
"Bidirectional tree type."; "Bidirectional tree type.";
} }
identity multicast-rp-discovery-type { identity multicast-rp-discovery-type {
if-feature "multicast"; if-feature "multicast";
description description
"Base identity for Rendezvous Point (RP) discovery type."; "Base identity for Rendezvous Point (RP) discovery types.";
} }
identity auto-rp { identity auto-rp {
base multicast-rp-discovery-type; base multicast-rp-discovery-type;
description description
"Auto-RP discovery type."; "Auto-RP discovery type.";
} }
identity static-rp { identity static-rp {
base multicast-rp-discovery-type; base multicast-rp-discovery-type;
skipping to change at page 41, line 23 skipping to change at line 1917
identity bsr-rp { identity bsr-rp {
base multicast-rp-discovery-type; base multicast-rp-discovery-type;
description description
"Bootstrap Router (BSR) discovery type."; "Bootstrap Router (BSR) discovery type.";
} }
identity group-management-protocol { identity group-management-protocol {
if-feature "multicast"; if-feature "multicast";
description description
"Base identity for multicast group management protocol."; "Base identity for multicast group management protocols.";
} }
identity igmp-proto { identity igmp-proto {
base group-management-protocol; base group-management-protocol;
description description
"IGMP."; "IGMP.";
reference reference
"RFC 1112: Host Extensions for IP Multicasting "RFC 1112: Host Extensions for IP Multicasting
RFC 2236: Internet Group Management Protocol, Version 2 RFC 2236: Internet Group Management Protocol, Version 2
RFC 3376: Internet Group Management Protocol, Version 3"; RFC 3376: Internet Group Management Protocol, Version 3";
skipping to change at page 42, line 5 skipping to change at line 1947
for IPv6"; for IPv6";
} }
identity pim-proto { identity pim-proto {
if-feature "pim"; if-feature "pim";
base routing-protocol-type; base routing-protocol-type;
description description
"PIM."; "PIM.";
reference reference
"RFC 7761: Protocol Independent Multicast - Sparse Mode "RFC 7761: Protocol Independent Multicast - Sparse Mode
(PIM-SM): Protocol Specification (Revised)"; (PIM-SM): Protocol Specification (Revised)";
} }
identity igmp-version { identity igmp-version {
if-feature "igmp"; if-feature "igmp";
description description
"Base identity for IGMP version."; "Base identity for indicating the IGMP version.";
} }
identity igmpv1 { identity igmpv1 {
base igmp-version; base igmp-version;
description description
"IGMPv1."; "IGMPv1.";
reference reference
"RFC 1112: Host Extensions for IP Multicasting"; "RFC 1112: Host Extensions for IP Multicasting";
} }
skipping to change at page 42, line 41 skipping to change at line 1983
base igmp-version; base igmp-version;
description description
"IGMPv3."; "IGMPv3.";
reference reference
"RFC 3376: Internet Group Management Protocol, Version 3"; "RFC 3376: Internet Group Management Protocol, Version 3";
} }
identity mld-version { identity mld-version {
if-feature "mld"; if-feature "mld";
description description
"Base identity for MLD version."; "Base identity for indicating the MLD version.";
} }
identity mldv1 { identity mldv1 {
base mld-version; base mld-version;
description description
"MLDv1."; "MLDv1.";
reference reference
"RFC 2710: Multicast Listener Discovery (MLD) for IPv6"; "RFC 2710: Multicast Listener Discovery (MLD) for IPv6";
} }
identity mldv2 { identity mldv2 {
base mld-version; base mld-version;
description description
"MLDv2."; "MLDv2.";
reference reference
"RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) "RFC 3810: Multicast Listener Discovery Version 2 (MLDv2)
for IPv6"; for IPv6";
} }
/* /*
* Identities related to traffic types * Identities related to traffic types
*/ */
identity tf-type { identity tf-type {
description description
"Base identity for the traffic type."; "Base identity for traffic types.";
} }
identity multicast-traffic { identity multicast-traffic {
base tf-type; base tf-type;
description description
"Multicast traffic."; "Multicast traffic.";
} }
identity broadcast-traffic { identity broadcast-traffic {
base tf-type; base tf-type;
skipping to change at page 44, line 16 skipping to change at line 2054
identity mail { identity mail {
base customer-application; base customer-application;
description description
"Mail application."; "Mail application.";
} }
identity file-transfer { identity file-transfer {
base customer-application; base customer-application;
description description
"File transfer application (e.g., FTP, SFTP)."; "File transfer application (e.g., FTP, Secure FTP (SFTP)).";
} }
identity database { identity database {
base customer-application; base customer-application;
description description
"Database application."; "Database application.";
} }
identity social { identity social {
base customer-application; base customer-application;
skipping to change at page 44, line 46 skipping to change at line 2084
identity p2p { identity p2p {
base customer-application; base customer-application;
description description
"Peer-to-peer application."; "Peer-to-peer application.";
} }
identity network-management { identity network-management {
base customer-application; base customer-application;
description description
"Management application (e.g., Telnet, syslog, "Management application (e.g., Telnet, syslog, SNMP).";
SNMP).";
} }
identity voice { identity voice {
base customer-application; base customer-application;
description description
"Voice application."; "Voice application.";
} }
identity video { identity video {
base customer-application; base customer-application;
description description
"Video conference application."; "Video-conference application.";
} }
identity embb { identity embb {
base customer-application; base customer-application;
description description
"Enhanced Mobile Broadband (eMBB) application. "Enhanced Mobile Broadband (eMBB) application.
Note that an eMBB application demands network performance with a Note that eMBB applications demand network performance
wide variety of characteristics, such as data rate, latency, with a wide variety of such characteristics as data rate,
loss rate, reliability, and many other parameters."; latency, loss rate, reliability, and many other
parameters.";
} }
identity urllc { identity urllc {
base customer-application; base customer-application;
description description
"Ultra-Reliable and Low Latency Communications "Ultra-Reliable and Low Latency Communications (URLLC)
(URLLC) application. Note that an URLLC application demands application. Note that URLLC applications demand
network performance with a wide variety of characteristics, such network performance with a wide variety of such
as latency, reliability, and many other parameters."; characteristics as latency, reliability, and many other
parameters.";
} }
identity mmtc { identity mmtc {
base customer-application; base customer-application;
description description
"Massive Machine Type Communications (mMTC) application. "Massive Machine Type Communications (mMTC) application.
Note that an mMTC application demands network performance with Note that mMTC applications demand network performance
a wide variety of characteristics, such as data rate, latency, with a wide variety of such characteristics as data rate,
loss rate, reliability, and many other parameters."; latency, loss rate, reliability, and many other
parameters.";
} }
/* /*
* Identities related to service bundling * Identities related to service bundling
*/ */
identity bundling-type { identity bundling-type {
description description
"The base identity for the bundling type. It supports a subset or "The base identity for the bundling type. It supports a
all CE-VLANs associated with an L2VPN service."; subset or all Customer Edge VLAN IDs (CE-VLAN IDs)
associated with an L2VPN service.";
} }
identity multi-svc-bundling { identity multi-svc-bundling {
base bundling-type; base bundling-type;
description description
"Multi-service bundling, i.e., multiple C-VLAN IDs "Multi-service bundling, i.e., multiple CE-VLAN IDs
can be associated with an L2VPN service at a site."; can be associated with an L2VPN service at a site.";
} }
identity one2one-bundling { identity one2one-bundling {
base bundling-type; base bundling-type;
description description
"One-to-one service bundling, i.e., each L2VPN can "One-to-one service bundling, i.e., each L2VPN can
be associated with only one C-VLAN ID at a site."; be associated with only one CE-VLAN ID at a site.";
} }
identity all2one-bundling { identity all2one-bundling {
base bundling-type; base bundling-type;
description description
"All-to-one bundling, i.e., all C-VLAN IDs are mapped "All-to-one bundling, i.e., all CE-VLAN IDs are mapped
to one L2VPN service."; to one L2VPN service.";
} }
/* /*
* Identities related to Ethernet Services * Identities related to Ethernet services
*/ */
identity control-mode { identity control-mode {
description description
"Base Identity for the type of control mode on Layer 2 "Base identity for the type of control mode used with the
Control Protocol (L2CP)."; Layer 2 Control Protocol (L2CP).";
} }
identity peer { identity peer {
base control-mode; base control-mode;
description description
"'peer' mode, i.e., participate in the protocol towards the CE. "'peer' mode, i.e., participate in the protocol towards
Peering is common for Link Aggregation Control Protocol (LACP) the CE. Peering is common for the Link Aggregation Control
and the Ethernet Local Management Interface (E-LMI) and, Protocol (LACP) and the Ethernet Local Management Interface
occasionally, for Link Layer Discovery Protocol (LLDP). (E-LMI) and, occasionally, for the Link Layer Discovery
For VPLSs and VPWSs, the subscriber can also request that the Protocol (LLDP). For VPLSs and VPWSs, the subscriber can
peer service provider enables spanning tree."; also request that the peer service provider enable
spanning tree.";
} }
identity tunnel { identity tunnel {
base control-mode; base control-mode;
description description
"'tunnel' mode, i.e., pass to the egress or destination site. For "'tunnel' mode, i.e., pass to the egress or destination
Ethernet Private Lines (EPLs), the expectation is that L2CP site. For Ethernet Private Lines (EPLs), the expectation
frames are tunnelled."; is that L2CP frames are tunneled.";
} }
identity discard { identity discard {
base control-mode; base control-mode;
description description
"'Discard' mode, i.e., discard the frame."; "'Discard' mode, i.e., discard the frame.";
} }
identity neg-mode { identity neg-mode {
description description
"Base identity for the negotiation mode."; "Base identity for the type of negotiation mode.";
} }
identity full-duplex { identity full-duplex {
base neg-mode; base neg-mode;
description description
"Full-duplex negotiation mode."; "Full-duplex negotiation mode.";
} }
identity auto-neg { identity auto-neg {
base neg-mode; base neg-mode;
description description
"Auto-negotiation mode."; "Auto-negotiation mode.";
} }
/******** Collection of VPN-related Types ********/ /******** VPN-related type ********/
typedef vpn-id { typedef vpn-id {
type string; type string;
description description
"Defines an identifier that is used with a VPN module. "Defines an identifier that is used with a VPN module.
This can be, for example, a service identifier, a node For example, this can be a service identifier, a node
identifier, etc."; identifier, etc.";
} }
/******* VPN-related reusable groupings *******/ /******* VPN-related reusable groupings *******/
grouping vpn-description { grouping vpn-description {
description description
"Provides common VPN information."; "Provides common VPN information.";
leaf vpn-id { leaf vpn-id {
type vpn-common:vpn-id; type vpn-common:vpn-id;
skipping to change at page 48, line 22 skipping to change at line 2257
} }
leaf customer-name { leaf customer-name {
type string; type string;
description description
"Name of the customer that actually uses the VPN."; "Name of the customer that actually uses the VPN.";
} }
} }
grouping vpn-profile-cfg { grouping vpn-profile-cfg {
description description
"Grouping for VPN Profile configuration."; "Grouping for VPN profile configuration.";
container valid-provider-identifiers { container valid-provider-identifiers {
description description
"Container for valid provider profile identifiers."; "Container for valid provider profile identifiers.";
list external-connectivity-identifier { list external-connectivity-identifier {
if-feature "external-connectivity"; if-feature "external-connectivity";
key "id"; key "id";
description description
"List for profile identifiers that uniquely identify profiles "List of profile identifiers that uniquely identify
governing how external connectivity is provided to a VPN. profiles governing how external connectivity is
A profile indicates the type of external connectivity provided to a VPN. A profile indicates the type of
(Internet, cloud, etc.), the sites/nodes that are associated external connectivity (Internet, cloud, etc.), the
with a connectivity profile, etc. A profile can also indicate sites/nodes that are associated with a connectivity
filtering rules and/or address translation rules. Such profile, etc. A profile can also indicate filtering
features may involve PE, P, or dedicated nodes as a function rules and/or address translation rules. Such features
may involve PE, P, or dedicated nodes as a function
of the deployment."; of the deployment.";
leaf id { leaf id {
type string; type string;
description description
"Identification of an external connectivity profile. The "Identification of an external connectivity profile.
profile only has significance within the service provider's The profile only has significance within the service
administrative domain."; provider's administrative domain.";
} }
} }
list encryption-profile-identifier { list encryption-profile-identifier {
key "id"; key "id";
description description
"List for encryption profile identifiers."; "List of encryption profile identifiers.";
leaf id { leaf id {
type string; type string;
description description
"Identification of the encryption profile to be used. The "Identification of the encryption profile to be used.
profile only has significance within the service provider's The profile only has significance within the service
administrative domain."; provider's administrative domain.";
} }
} }
list qos-profile-identifier { list qos-profile-identifier {
key "id"; key "id";
description description
"List for QoS Profile Identifiers."; "List of QoS profile identifiers.";
leaf id { leaf id {
type string; type string;
description description
"Identification of the QoS profile to be used. The "Identification of the QoS profile to be used. The
profile only has significance within the service provider's profile only has significance within the service
administrative domain."; provider's administrative domain.";
} }
} }
list bfd-profile-identifier { list bfd-profile-identifier {
key "id"; key "id";
description description
"List for BFD profile identifiers."; "List of BFD profile identifiers.";
leaf id { leaf id {
type string; type string;
description description
"Identification of the BFD profile to be used. The "Identification of the BFD profile to be used. The
profile only has significance within the service provider's profile only has significance within the service
administrative domain."; provider's administrative domain.";
} }
} }
list forwarding-profile-identifier { list forwarding-profile-identifier {
key "id"; key "id";
description description
"List for forwarding profile identifiers."; "List of forwarding profile identifiers.";
leaf id { leaf id {
type string; type string;
description description
"Identification of the forwarding profile to be used. "Identification of the forwarding profile to be used.
The profile only has significance within the service The profile only has significance within the service
provider's administrative domain."; provider's administrative domain.";
} }
} }
list routing-profile-identifier { list routing-profile-identifier {
key "id"; key "id";
description description
"List for Routing Profile Identifiers."; "List of routing profile identifiers.";
leaf id { leaf id {
type string; type string;
description description
"Identification of the routing profile to be used by the "Identification of the routing profile to be used by
routing protocols within sites, vpn-network-accesses, or the routing protocols within sites, VPN network
vpn-nodes for refering VRF's import/export policies. accesses, or VPN nodes for referring to VRF's
import/export policies.
The profile only has significance within the service The profile only has significance within the service
provider's administrative domain."; provider's administrative domain.";
} }
} }
nacm:default-deny-write; nacm:default-deny-write;
} }
} }
grouping oper-status-timestamp { grouping oper-status-timestamp {
description description
"This grouping defines some operational parameters for the "This grouping defines some operational parameters for the
service."; service.";
leaf status { leaf status {
type identityref { type identityref {
base operational-status; base operational-status;
} }
config false; config false;
description description
"Operations status."; "Operational status.";
} }
leaf last-change { leaf last-change {
type yang:date-and-time; type yang:date-and-time;
config false; config false;
description description
"Indicates the actual date and time of the service status "Indicates the actual date and time of the service status
change."; change.";
} }
} }
skipping to change at page 51, line 9 skipping to change at line 2390
leaf status { leaf status {
type identityref { type identityref {
base administrative-status; base administrative-status;
} }
description description
"Administrative service status."; "Administrative service status.";
} }
leaf last-change { leaf last-change {
type yang:date-and-time; type yang:date-and-time;
description description
"Indicates the actual date and time of the service status "Indicates the actual date and time of the service
change."; status change.";
} }
} }
container oper-status { container oper-status {
config false;
description description
"Operational service status."; "Operational service status.";
uses oper-status-timestamp; uses oper-status-timestamp;
} }
} }
} }
grouping underlay-transport { grouping underlay-transport {
description description
"This grouping defines the type of underlay transport for the "This grouping defines the type of underlay transport for
VPN service or how that underlay is set. It can include an the VPN service or how that underlay is set. It can
identifier to an abstract transport instance to which the VPN include an identifier for an abstract transport instance to
is grafted or indicate a technical implementation that is which the VPN is grafted or indicate a technical
expressed as an ordered list of protocols."; implementation that is expressed as an ordered list of
protocols.";
choice type { choice type {
description description
"A choice based on the type of underlay transport "A choice based on the type of underlay transport
constraints."; constraints.";
case abstract { case abstract {
description description
"Indicates that the transport constraint is an abstract "Indicates that the transport constraint is an abstract
concept."; concept.";
leaf transport-instance-id { leaf transport-instance-id {
type string; type string;
description description
"An optional identifier of the abstract transport instance."; "An optional identifier of the abstract transport
instance.";
} }
leaf instance-type { leaf instance-type {
type identityref { type identityref {
base transport-instance-type; base transport-instance-type;
} }
description description
"Indicates a transport instance type. For example, it can "Indicates a transport instance type. For example,
be a VPN+, an IETF network slice, a virtual network, etc."; it can be a VPN+, an IETF network slice, a virtual
network, etc.";
} }
} }
case protocol { case protocol {
description description
"Indicates a list of protocols."; "Indicates a list of protocols.";
leaf-list protocol { leaf-list protocol {
type identityref { type identityref {
base protocol-type; base protocol-type;
} }
ordered-by user; ordered-by user;
description description
"A client ordered list of transport protocols."; "A client-ordered list of transport protocols.";
} }
} }
} }
} }
grouping vpn-route-targets { grouping vpn-route-targets {
description description
"A grouping that specifies Route Target (RT) import-export rules "A grouping that specifies Route Target (RT) import/export
used in a BGP-enabled VPN."; rules used in a BGP-enabled VPN.";
reference reference
"RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs) "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)
RFC 4664: Framework for Layer 2 Virtual Private Networks RFC 4664: Framework for Layer 2 Virtual Private Networks
(L2VPNs)"; (L2VPNs)";
list vpn-target { list vpn-target {
key "id"; key "id";
description description
"Route targets. AND/OR operations may be defined "RTs. AND/OR operations may be defined based on the
based on the RTs assigment."; assigned RTs.";
leaf id { leaf id {
type uint8; type uint8;
description description
"Identifies each VPN Target."; "Identifies each VPN target.";
} }
list route-targets { list route-targets {
key "route-target"; key "route-target";
description description
"List of RTs."; "List of RTs.";
leaf route-target { leaf route-target {
type rt-types:route-target; type rt-types:route-target;
description description
"Conveys an RT value."; "Conveys an RT value.";
} }
} }
leaf route-target-type { leaf route-target-type {
type rt-types:route-target-type; type rt-types:route-target-type;
mandatory true; mandatory true;
description description
"Import/export type of the RT."; "Import/export type of the RT.";
} }
} }
container vpn-policies { container vpn-policies {
description description
"VPN service policies. It contains references to the "VPN service policies. 'vpn-policies' contains references
import and export policies to be associated with the to the import and export policies to be associated with
VPN service."; the VPN service.";
leaf import-policy { leaf import-policy {
type string; type string;
description description
"Identifies the 'import' policy."; "Identifies the import policy.";
} }
leaf export-policy { leaf export-policy {
type string; type string;
description description
"Identifies the 'export' policy."; "Identifies the export policy.";
} }
} }
} }
grouping route-distinguisher { grouping route-distinguisher {
description description
"Grouping for route distinguisher (RD)."; "Grouping for Route Distinguishers (RDs).";
choice rd-choice { choice rd-choice {
description description
"Route distinguisher choice between several options "RD choice between several options for providing the RD
on providing the route distinguisher value."; value.";
case directly-assigned { case directly-assigned {
description description
"Explicitly assign an RD value."; "Explicitly assigns an RD value.";
leaf rd { leaf rd {
type rt-types:route-distinguisher; type rt-types:route-distinguisher;
description description
"Indicates an RD value that is explicitly "Indicates an RD value that is explicitly assigned.";
assigned.";
} }
} }
case directly-assigned-suffix { case directly-assigned-suffix {
description description
"The value of the Assigned Number subfield of the RD. "The value of the Assigned Number subfield of the RD.
The Administrator subfield of the RD will be The Administrator subfield of the RD will be
based on other configuration information such as based on other configuration information such as the
router-id or ASN."; Router ID or Autonomous System Number (ASN).";
leaf rd-suffix { leaf rd-suffix {
type uint16; type uint16;
description description
"Indicates the value of the Assigned Number "Indicates the value of the Assigned Number
subfield that is explicitly assigned."; subfield that is explicitly assigned.";
} }
} }
case auto-assigned { case auto-assigned {
description description
"The RD is auto-assigned."; "The RD is auto-assigned.";
container rd-auto { container rd-auto {
description description
"The RD is auto-assigned."; "The RD is auto-assigned.";
choice auto-mode { choice auto-mode {
description description
"Indicates the auto-assignment mode. RD can be "Indicates the auto-assignment mode. The RD can be
automatically assigned with or without automatically assigned with or without
indicating a pool from which the RD should be indicating a pool from which the RD should be
taken. taken.
For both cases, the server will auto-assign an RD For both cases, the server will auto-assign an RD
value 'auto-assigned-rd' and use that value value 'auto-assigned-rd' and use that value
operationally."; operationally.";
case from-pool { case from-pool {
leaf rd-pool-name { leaf rd-pool-name {
type string; type string;
description description
"The auto-assignment will be made from the pool "The auto-assignment will be made from the pool
identified by the rd-pool-name."; identified by 'rd-pool-name'.";
} }
} }
case full-auto { case full-auto {
leaf auto { leaf auto {
type empty; type empty;
description description
"Indicates an RD is fully auto-assigned."; "Indicates that an RD is fully auto-assigned.";
} }
} }
} }
leaf auto-assigned-rd { leaf auto-assigned-rd {
type rt-types:route-distinguisher; type rt-types:route-distinguisher;
config false; config false;
description description
"The value of the auto-assigned RD."; "The value of the auto-assigned RD.";
} }
} }
} }
case auto-assigned-suffix { case auto-assigned-suffix {
description description
"The value of the Assigned Number subfield will "The value of the Assigned Number subfield will be
be auto-assigned. The Administrator subfield auto-assigned. The Administrator subfield will be
will be based on other configuration information such as based on other configuration information such as the
router-id or ASN."; Router ID or ASN.";
container rd-auto-suffix { container rd-auto-suffix {
description description
"The Assigned Number subfield is auto-assigned."; "The Assigned Number subfield is auto-assigned.";
choice auto-mode { choice auto-mode {
description description
"Indicates the auto-assignment mode of the Assigned Number "Indicates the auto-assignment mode of the
subfield. This number can be automatically assigned Assigned Number subfield. This number can be
with or without indicating a pool from which the value automatically assigned with or without indicating a
should be taken. pool from which the value should be taken.
For both cases, the server will auto-assign For both cases, the server will auto-assign
'auto-assigned-rd-suffix' and use that value to build 'auto-assigned-rd-suffix' and use that value to
the RD that will be used operationally."; build the RD that will be used operationally.";
case from-pool { case from-pool {
leaf rd-pool-name { leaf rd-pool-name {
type string; type string;
description description
"The assignment will be made from the pool identified "The assignment will be made from the pool
by the rd-pool-name."; identified by 'rd-pool-name'.";
} }
} }
case full-auto { case full-auto {
leaf auto { leaf auto {
type empty; type empty;
description description
"Indicates that the Assigned Number is fully auto "Indicates that the Assigned Number subfield is
assigned."; fully auto-assigned.";
} }
} }
} }
leaf auto-assigned-rd-suffix { leaf auto-assigned-rd-suffix {
type uint16; type uint16;
config false; config false;
description description
"Includes the value of the Assigned Number subfield that "Includes the value of the Assigned Number subfield
is auto-assigned ."; that is auto-assigned.";
} }
} }
} }
case no-rd { case no-rd {
description description
"Use the empty type to indicate RD has no value and is not to "Uses the 'empty' type to indicate that the RD has no
be auto-assigned."; value and is not to be auto-assigned.";
leaf no-rd { leaf no-rd {
type empty; type empty;
description description
"No RD is assigned."; "No RD is assigned.";
} }
} }
} }
} }
grouping vpn-components-group { grouping vpn-components-group {
description description
"Grouping definition to assign group-ids to associate VPN nodes, "Grouping definition to assign group IDs to associate
sites, or network accesses."; VPN nodes, sites, or network accesses.";
container groups { container groups {
description description
"Lists the groups to which a VPN node, a site, or a network "Lists the groups to which a VPN node, a site, or a
access belongs to."; network access belongs.";
list group { list group {
key "group-id"; key "group-id";
description description
"List of group-ids."; "List of group IDs.";
leaf group-id { leaf group-id {
type string; type string;
description description
"Is the group-id to which a VPN node, a site, or a network "The group ID to which a VPN node, a site, or a
access belongs to."; network access belongs.";
} }
} }
} }
} }
grouping placement-constraints { grouping placement-constraints {
description description
"Constraints for placing a network access."; "Constraints related to placement of a network access.";
list constraint { list constraint {
key "constraint-type"; key "constraint-type";
description description
"List of constraints."; "List of constraints.";
leaf constraint-type { leaf constraint-type {
type identityref { type identityref {
base placement-diversity; base placement-diversity;
} }
description description
"Diversity constraint type."; "Diversity constraint type.";
} }
container target { container target {
description description
"The constraint will apply against this list of groups."; "The constraint will apply against this list of
groups.";
choice target-flavor { choice target-flavor {
description description
"Choice for the group definition."; "Choice for the group definition.";
case id { case id {
list group { list group {
key "group-id"; key "group-id";
description description
"List of groups."; "List of groups.";
leaf group-id { leaf group-id {
type string; type string;
description description
"The constraint will apply against this particular "The constraint will apply against this
group-id."; particular group ID.";
} }
} }
} }
case all-accesses { case all-accesses {
leaf all-other-accesses { leaf all-other-accesses {
type empty; type empty;
description description
"The constraint will apply against all other network "The constraint will apply against all other
accesses of a site."; network accesses of a site.";
} }
} }
case all-groups { case all-groups {
leaf all-other-groups { leaf all-other-groups {
type empty; type empty;
description description
"The constraint will apply against all other groups that "The constraint will apply against all other
the customer is managing."; groups managed by the customer.";
} }
} }
} }
} }
} }
} }
grouping ports { grouping ports {
description description
"Choice of specifying a source or destination port numbers."; "Choice of specifying source or destination port numbers.";
choice source-port { choice source-port {
description description
"Choice of specifying the source port or referring to a group "Choice of specifying the source port or referring to a
of source port numbers."; group of source port numbers.";
container source-port-range-or-operator { container source-port-range-or-operator {
description description
"Source port definition."; "Source port definition.";
uses packet-fields:port-range-or-operator; uses packet-fields:port-range-or-operator;
} }
} }
choice destination-port { choice destination-port {
description description
"Choice of specifying a destination port or referring to a group "Choice of specifying a destination port or referring to a
of destination port numbers."; group of destination port numbers.";
container destination-port-range-or-operator { container destination-port-range-or-operator {
description description
"Destination port definition."; "Destination port definition.";
uses packet-fields:port-range-or-operator; uses packet-fields:port-range-or-operator;
} }
} }
} }
grouping qos-classification-policy { grouping qos-classification-policy {
description description
skipping to change at page 58, line 34 skipping to change at line 2755
choice match-type { choice match-type {
default "match-flow"; default "match-flow";
description description
"Choice for classification."; "Choice for classification.";
case match-flow { case match-flow {
choice l3 { choice l3 {
description description
"Either IPv4 or IPv6."; "Either IPv4 or IPv6.";
container ipv4 { container ipv4 {
description description
"Rule set that matches IPv4 header."; "Rule set that matches the IPv4 header.";
uses packet-fields:acl-ip-header-fields; uses packet-fields:acl-ip-header-fields;
uses packet-fields:acl-ipv4-header-fields; uses packet-fields:acl-ipv4-header-fields;
} }
container ipv6 { container ipv6 {
description description
"Rule set that matches IPv6 header."; "Rule set that matches the IPv6 header.";
uses packet-fields:acl-ip-header-fields; uses packet-fields:acl-ip-header-fields;
uses packet-fields:acl-ipv6-header-fields; uses packet-fields:acl-ipv6-header-fields;
} }
} }
choice l4 { choice l4 {
description description
"Includes Layer 4 specific information. "Includes Layer-4-specific information.
This version focuses on TCP and UDP."; This version focuses on TCP and UDP.";
container tcp { container tcp {
description description
"Rule set that matches TCP header."; "Rule set that matches the TCP header.";
uses packet-fields:acl-tcp-header-fields; uses packet-fields:acl-tcp-header-fields;
uses ports; uses ports;
} }
container udp { container udp {
description description
"Rule set that matches UDP header."; "Rule set that matches the UDP header.";
uses packet-fields:acl-udp-header-fields; uses packet-fields:acl-udp-header-fields;
uses ports; uses ports;
} }
} }
} }
case match-application { case match-application {
leaf match-application { leaf match-application {
type identityref { type identityref {
base customer-application; base customer-application;
} }
description description
"Defines the application to match."; "Defines the application to match.";
} }
} }
} }
leaf target-class-id { leaf target-class-id {
if-feature "qos";
type string; type string;
description description
"Identification of the class of service. This identifier is "Identification of the class of service. This
internal to the administration."; identifier is internal to the administration.";
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
5. Security Considerations 5. Security Considerations
The YANG modules specified in this document define schemas for data The YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
is the secure transport layer, and the mandatory-to-implement secure is the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC8446]. [RFC8446].
The Network Configuration Access Control Model (NACM) [RFC8341] The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF or provides the means to restrict access for particular NETCONF or
RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content. RESTCONF protocol operations and content.
The "ietf-vpn-common" module defines a set of identities, types, and The "ietf-vpn-common" module defines a set of identities, types, and
groupings. These nodes are intended to be reused by other YANG groupings. These nodes are intended to be reused by other YANG
modules. The module does not expose by itself any data nodes which modules. The module by itself does not expose any data nodes that
are writable, contain read-only state, or RPCs. As such, there are are writable, data nodes that contain read-only state, or RPCs. As
no additional security issues to be considered relating to the "ietf- such, there are no additional security issues related to the "ietf-
vpn-common" module. vpn-common" module that need to be considered.
Modules that use the groupings that are defined in this document Modules that use the groupings that are defined in this document
should identify the corresponding security considerations. For should identify the corresponding security considerations. For
example, reusing some of these groupings will expose privacy-related example, reusing some of these groupings will expose privacy-related
information (e.g., customer-name). Disclosing such information may information (e.g., 'customer-name'). Disclosing such information may
be considered as a violation of the customer-provider trust be considered a violation of the customer-provider trust
relationship. relationship.
6. IANA Considerations 6. IANA Considerations
This document requests IANA to register the following URI in the "ns" IANA has registered the following URI in the "ns" subregistry within
subregistry within the "IETF XML Registry" [RFC3688]: the "IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:ietf-vpn-common
Registrant Contact: The IESG.
XML: N/A; the requested URI is an XML namespace.
This document requests IANA to register the following YANG module in
the "YANG Module Names" subregistry [RFC6020] within the "YANG
Parameters" registry.
name: ietf-vpn-common
namespace: urn:ietf:params:xml:ns:yang:ietf-vpn-common
maintained by IANA: N
prefix: vpn-common
reference: RFC XXXX
7. Acknowledgements
During the discussions of this work, helpful comments and reviews
were received from (listed alphabetically): Alejandro Aguado, Raul
Arco, Miguel Cros Cecilia, Joe Clarke, Dhruv Dhody, Adrian Farrel,
Roque Gagliano, Christian Jacquenet, Kireeti Kompella, Julian Lucek,
Tom Petch, Erez Segev, and Paul Sherratt. Many thanks to them.
This work is partially supported by the European Commission under
Horizon 2020 grant agreement number 101015857 Secured autonomic
traffic management for a Tera of SDN flows (Teraflow).
Many thanks to Radek Krejci for the yangdoctors review, Wesley Eddy
for the tsvart review, Ron Bonica and Victoria Pritchard for the
Rtgdir review, Joel Halpern for the genart review, Tim Wicinski for
the opsdir review, and Suresh Krishnan for the intdir review.
Special thanks to Robert Wilton for the AD review.
Thanks to Roman Danyliw, Lars Eagert, Warren Kumari, Erik Kline,
Zaheduzzaman Sarker, Benjamin Kaduk, and Eric Vyncke for the IESG
review.
8. Contributors
Italo Busi URI: urn:ietf:params:xml:ns:yang:ietf-vpn-common
Huawei Technologies Registrant Contact: The IESG.
Email: Italo.Busi@huawei.com XML: N/A; the requested URI is an XML namespace.
Luis Angel Munoz IANA has registered the following YANG module in the "YANG Module
Vodafone Names" subregistry [RFC6020] within the "YANG Parameters" registry.
Email: luis-angel.munoz@vodafone.com
Victor Lopez Alvarez Name: ietf-vpn-common
Telefonica Namespace: urn:ietf:params:xml:ns:yang:ietf-vpn-common
Email: victor.lopezalvarez@telefonica.com Maintained by IANA? N
Prefix: vpn-common
Reference: RFC 9181
9. References 7. References
9.1. Normative References 7.1. Normative References
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <https://www.rfc-editor.org/info/rfc4364>. 2006, <https://www.rfc-editor.org/info/rfc4364>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
skipping to change at page 62, line 40 skipping to change at line 2909
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair,
"YANG Data Model for Network Access Control Lists (ACLs)", "YANG Data Model for Network Access Control Lists (ACLs)",
RFC 8519, DOI 10.17487/RFC8519, March 2019, RFC 8519, DOI 10.17487/RFC8519, March 2019,
<https://www.rfc-editor.org/info/rfc8519>. <https://www.rfc-editor.org/info/rfc8519>.
9.2. Informative References 7.2. Informative References
[I-D.ietf-opsawg-l2nm]
Barguil, S., Dios, O. G. D., Boucadair, M., and L. A.
Munoz, "A Layer 2 VPN Network YANG Model", Work in
Progress, Internet-Draft, draft-ietf-opsawg-l2nm-06, 12
September 2021, <https://www.ietf.org/archive/id/draft-
ietf-opsawg-l2nm-06.txt>.
[I-D.ietf-opsawg-l3sm-l3nm]
Barguil, S., Dios, O. G. D., Boucadair, M., Munoz, L. A.,
and A. Aguado, "A Layer 3 VPN Network YANG Model", Work in
Progress, Internet-Draft, draft-ietf-opsawg-l3sm-l3nm-15,
28 September 2021, <https://www.ietf.org/archive/id/draft-
ietf-opsawg-l3sm-l3nm-15.txt>.
[I-D.ietf-teas-actn-vn-yang] [ACTN-VN-YANG]
Lee, Y., Dhody, D., Ceccarelli, D., Bryskin, I., and B. Y. Lee, Y., Ed., Dhody, D., Ed., Ceccarelli, D., Bryskin, I.,
Yoon, "A YANG Data Model for VN Operation", Work in and B. Yoon, "A YANG Data Model for VN Operation", Work in
Progress, Internet-Draft, draft-ietf-teas-actn-vn-yang-12, Progress, Internet-Draft, draft-ietf-teas-actn-vn-yang-13,
25 August 2021, <https://www.ietf.org/archive/id/draft- 23 October 2021, <https://datatracker.ietf.org/doc/html/
ietf-teas-actn-vn-yang-12.txt>. draft-ietf-teas-actn-vn-yang-13>.
[I-D.ietf-teas-enhanced-vpn] [Enhanced-VPN-Framework]
Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A
Framework for Enhanced Virtual Private Network (VPN+) Framework for Enhanced Virtual Private Network (VPN+)
Services", Work in Progress, Internet-Draft, draft-ietf- Services", Work in Progress, Internet-Draft, draft-ietf-
teas-enhanced-vpn-08, 12 July 2021, teas-enhanced-vpn-09, 25 October 2021,
<https://www.ietf.org/archive/id/draft-ietf-teas-enhanced- <https://datatracker.ietf.org/doc/html/draft-ietf-teas-
vpn-08.txt>. enhanced-vpn-09>.
[I-D.ietf-teas-ietf-network-slices]
Farrel, A., Gray, E., Drake, J., Rokui, R., Homma, S.,
Makhijani, K., Contreras, L. M., and J. Tantsura,
"Framework for IETF Network Slices", Work in Progress,
Internet-Draft, draft-ietf-teas-ietf-network-slices-04, 23
August 2021, <https://www.ietf.org/archive/id/draft-ietf-
teas-ietf-network-slices-04.txt>.
[IEEE802.1ad] [IEEE802.1ad]
"Virtual Bridged Local Area Networks Amendment 4: Provider IEEE, "IEEE Standard for Local and Metropolitan Area
Bridges", IEEE Std 802.1ad-2005, 2006. Networks---Virtual Bridged Local Area Networks---Amendment
4: Provider Bridges",
<https://standards.ieee.org/standard/802_1ad-2005.html>.
[IEEE802.1AX] [IEEE802.1AX]
"Link Aggregation", IEEE Std 802.1AX-2020, 2020. IEEE, "IEEE Standard for Local and Metropolitan Area
Networks--Link Aggregation",
<https://standards.ieee.org/standard/802_1AX-2020.html>.
[IEEE802.1Q] [IEEE802.1Q]
"Bridges and Bridged Networks", IEEE Std 802.1Q-2018, 6 IEEE, "IEEE Standard for Local and Metropolitan Area
July 2018. Networks--Bridges and Bridged Networks",
<https://standards.ieee.org/standard/802_1Q-2018.html>.
[ISO10589] ISO, "Intermediate System to Intermediate System intra- [ISO10589] ISO, "Information technology - Telecommunications and
domain routeing information exchange protocol for use in information exchange between systems - Intermediate System
conjunction with the protocol for providing the to Intermediate System intra-domain routeing information
connectionless-mode network service (ISO 8473)", 2002, exchange protocol for use in conjunction with the protocol
<International Standard 10589:2002, Second Edition>. for providing the connectionless-mode network service (ISO
8473)", International Standard 10589:2002, Second Edition,
November 2002, <https://www.iso.org/standard/30932.html>.
[L2NM-YANG]
Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M.,
Ed., and L. Munoz, "A Layer 2 VPN Network YANG Model",
Work in Progress, Internet-Draft, draft-ietf-opsawg-l2nm-
12, 22 November 2021,
<https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-
l2nm-12>.
[Network-Slices-Framework]
Farrel, A., Ed., Gray, E., Drake, J., Rokui, R., Homma,
S., Makhijani, K., Contreras, LM., and J. Tantsura,
"Framework for IETF Network Slices", Work in Progress,
Internet-Draft, draft-ietf-teas-ietf-network-slices-05, 25
October 2021, <https://datatracker.ietf.org/doc/html/
draft-ietf-teas-ietf-network-slices-05>.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981, DOI 10.17487/RFC0791, September 1981,
<https://www.rfc-editor.org/info/rfc791>. <https://www.rfc-editor.org/info/rfc791>.
[RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5,
RFC 1112, DOI 10.17487/RFC1112, August 1989, RFC 1112, DOI 10.17487/RFC1112, August 1989,
<https://www.rfc-editor.org/info/rfc1112>. <https://www.rfc-editor.org/info/rfc1112>.
[RFC1701] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic [RFC1701] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic
skipping to change at page 69, line 5 skipping to change at line 3200
[RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
<https://www.rfc-editor.org/info/rfc8754>. <https://www.rfc-editor.org/info/rfc8754>.
[RFC8926] Gross, J., Ed., Ganga, I., Ed., and T. Sridhar, Ed., [RFC8926] Gross, J., Ed., Ganga, I., Ed., and T. Sridhar, Ed.,
"Geneve: Generic Network Virtualization Encapsulation", "Geneve: Generic Network Virtualization Encapsulation",
RFC 8926, DOI 10.17487/RFC8926, November 2020, RFC 8926, DOI 10.17487/RFC8926, November 2020,
<https://www.rfc-editor.org/info/rfc8926>. <https://www.rfc-editor.org/info/rfc8926>.
[RFC9182] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M.,
Ed., Munoz, L., and A. Aguado, "A YANG Network Data Model
for Layer 3 VPNs", RFC 9182, DOI 10.17487/RFC9182,
February 2022, <https://www.rfc-editor.org/info/rfc9182>.
Appendix A. Example of Common Data Nodes in Early L2NM/L3NM Designs Appendix A. Example of Common Data Nodes in Early L2NM/L3NM Designs
In order to avoid data nodes duplication and to ease passing data In order to avoid duplication of data nodes and to ease passing data
among layers (i.e., from the service layer to the network layer and among layers (i.e., from the service layer to the network layer and
vice versa), early versions of the L3NM reused many of the data nodes vice versa), early versions of the L3NM reused many of the data nodes
that are defined in the L3SM. Nevertheless, that approach was that are defined in the L3SM. Nevertheless, that approach was
abandoned because that design was interpreted as if the deployment of abandoned because that design was interpreted as if the deployment of
L3NM depends on L3SM, while this is not required. For example, a the L3NM depends on the L3SM, while this is not required. For
service provider may decide to use the L3NM to build its L3VPN example, a service provider may decide to use the L3NM to build its
services without exposing the L3SM to customers. L3VPN services without exposing the L3SM to customers.
Likewise, early versions of the L2NM reused many of the data nodes Likewise, early versions of the L2NM reused many of the data nodes
that are defined in both L2SM and L3NM. An example of L3NM groupings that are defined in both the L2SM and the L3NM. An example of L3NM
reused in L2NM is shown in Figure 5. Such data nodes reuse was groupings reused in the L2NM is shown in Figure 5. Such reuse of
interpreted as if the deployment of the L2NM requires the support of data nodes was interpreted as if the deployment of the L2NM requires
the L3NM; which is not required. support for the L3NM, which is not required.
module ietf-l2vpn-ntw { module ietf-l2vpn-ntw {
... ...
import ietf-l3vpn-ntw { import ietf-l3vpn-ntw {
prefix l3vpn-ntw; prefix l3vpn-ntw;
reference reference
"RFC NNNN: A Layer 3 VPN Network YANG Model"; "RFC 9182: A YANG Network Data Model for Layer 3 VPNs";
} }
... ...
container l2vpn-ntw { container l2vpn-ntw {
... ...
container vpn-services { container vpn-services {
list vpn-service { list vpn-service {
... ...
uses l3vpn-ntw:service-status; uses l3vpn-ntw:service-status;
uses l3vpn-ntw:svc-transport-encapsulation; uses l3vpn-ntw:svc-transport-encapsulation;
... ...
} }
} }
... ...
} }
} }
Figure 5: Excerpt from the L2NM YANG Module Figure 5: Excerpt from the L2NM YANG Module
Acknowledgements
During the discussions of this work, helpful comments and reviews
were received from (listed alphabetically) Alejandro Aguado, Raul
Arco, Miguel Cros Cecilia, Joe Clarke, Dhruv Dhody, Adrian Farrel,
Roque Gagliano, Christian Jacquenet, Kireeti Kompella, Julian Lucek,
Tom Petch, Erez Segev, and Paul Sherratt. Many thanks to them.
This work is partially supported by the European Commission under
Horizon 2020 Secured autonomic traffic management for a Tera of SDN
flows (Teraflow) project (grant agreement number 101015857).
Many thanks to Radek Krejci for the YANG Doctors review, Wesley Eddy
for the tsvart review, Ron Bonica and Victoria Pritchard for the
RtgDir review, Joel Halpern for the genart review, Tim Wicinski for
the opsdir review, and Suresh Krishnan for the intdir review.
Special thanks to Robert Wilton for the AD review.
Thanks to Roman Danyliw, Lars Eggert, Warren Kumari, Erik Kline,
Zaheduzzaman Sarker, Benjamin Kaduk, and Éric Vyncke for the IESG
review.
Contributors
Italo Busi
Huawei Technologies
Email: Italo.Busi@huawei.com
Luis Angel Munoz
Vodafone
Email: luis-angel.munoz@vodafone.com
Victor Lopez
Nokia
Madrid
Spain
Email: victor.lopez@nokia.com
Authors' Addresses Authors' Addresses
Samier Barguil Samier Barguil
Telefonica Telefonica
Madrid Madrid
Spain Spain
Email: samier.barguilgiraldo.ext@telefonica.com Email: samier.barguilgiraldo.ext@telefonica.com
Oscar Gonzalez de Dios (editor) Oscar Gonzalez de Dios (editor)
Telefonica Telefonica
Madrid Madrid
skipping to change at page 70, line 26 skipping to change at line 3312
Email: oscar.gonzalezdedios@telefonica.com Email: oscar.gonzalezdedios@telefonica.com
Mohamed Boucadair (editor) Mohamed Boucadair (editor)
Orange Orange
France France
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
Qin Wu Qin Wu
Huawei Huawei
101 Software Avenue, Yuhua District 101 Software Avenue
Yuhua District
Nanjing Nanjing
Jiangsu, 210012 Jiangsu, 210012
China China
Email: bill.wu@huawei.com Email: bill.wu@huawei.com
 End of changes. 310 change blocks. 
860 lines changed or deleted 893 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/