Updates to the IPv6 Multicast Addressing Architecture
draft-ietf-6man-multicast-addr-arch-update-02
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 7371.
|
|
---|---|---|---|
Authors | Mohamed Boucadair , Stig Venaas | ||
Last updated | 2013-10-18 | ||
Replaces | draft-boucadair-6man-multicast-addr-arch-update | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Reviews |
GENART Last Call review
(of
-05)
by Ben Campbell
Almost ready
|
||
Additional resources | Mailing list discussion | ||
Stream | WG state | In WG Last Call | |
Document shepherd | (None) | ||
IESG | IESG state | Became RFC 7371 (Proposed Standard) | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
draft-ietf-6man-multicast-addr-arch-update-02
OPSAWG Q. Wu, Ed. Internet-Draft Huawei Intended status: Informational M. Boucadair, Ed. Expires: March 12, 2021 Orange D. Lopez Telefonica I+D C. Xie China Telecom L. Geng China Mobile September 8, 2020 A Framework for Automating Service and Network Management with YANG draft-ietf-opsawg-model-automation-framework-05 Abstract Data models provide a programmatic approach to represent services and networks. Concretely, they can be used to derive configuration information for network and service components, and state information that will be monitored and tracked. Data models can be used during the service and network management life cycle, such as service instantiation, provisioning, optimization, monitoring, diagnostic, and assurance. Data models are also instrumental in the automation of network management, and they can provide closed-loop control for adaptive and deterministic service creation, delivery, and maintenance. This document describes an architecture for service and network management automation that takes advantage of YANG modeling technologies. This architecture is drawn from a Network Operator perspective irrespective of the origin of a data module; it can thus accommodate modules that are developed outside the IETF. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any Wu, et al. Expires March 12, 2021 [Page 1] Internet-Draft Service and Network Management Automation September 2020 time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 12, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology and Acronyms . . . . . . . . . . . . . . . . . . 5 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 2.2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Architectural Concepts and Goals . . . . . . . . . . . . . . 6 3.1. Data Models: Layering and Representation . . . . . . . . 6 3.2. Automation of Service Delivery Procedures . . . . . . . . 10 3.3. Service Fullfillment Automation . . . . . . . . . . . . . 10 3.4. YANG Modules Integration . . . . . . . . . . . . . . . . 11 4. Functional Blocks and Interactions . . . . . . . . . . . . . 11 4.1. Service Lifecycle Management Procedure . . . . . . . . . 12 4.1.1. Service Exposure . . . . . . . . . . . . . . . . . . 13 4.1.2. Service Creation/Modification . . . . . . . . . . . . 13 4.1.3. Service Optimization . . . . . . . . . . . . . . . . 13 4.1.4. Service Diagnosis . . . . . . . . . . . . . . . . . . 14 4.1.5. Service Decommission . . . . . . . . . . . . . . . . 14 4.2. Service Fullfillment Management Procedure . . . . . . . . 14 4.2.1. Intended Configuration Provision . . . . . . . . . . 15 4.2.2. Configuration Validation . . . . . . . . . . . . . . 15 4.2.3. Performance Monitoring/Model-driven Telemetry . . . . 16 4.2.4. Fault Diagnostic . . . . . . . . . . . . . . . . . . 16 4.3. Multi-Layer/Multi-Domain Service Mapping . . . . . . . . 16 4.4. Service Decomposing . . . . . . . . . . . . . . . . . . . 17 5. YANG Data Model Integration Examples . . . . . . . . . . . . 17 5.1. L2VPN/L3VPN Service Delivery . . . . . . . . . . . . . . 17 5.2. VN Lifecycle Management . . . . . . . . . . . . . . . . . 19 Wu, et al. Expires March 12, 2021 [Page 2] Internet-Draft Service and Network Management Automation September 2020 5.3. Event-based Telemetry in the Device Self Management . . . 20 6. Security Considerations . . . . . . . . . . . . . . . . . . . 21 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 22 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 10.1. Normative References . . . . . . . . . . . . . . . . . . 23 10.2. Informative References . . . . . . . . . . . . . . . . . 24 Appendix A. Layered YANG Modules Examples Overview . . . . . . . 32 A.1. Service Models: Definition and Samples . . . . . . . . . 32 A.2. Network Models: Samples . . . . . . . . . . . . . . . . . 33 A.3. Device Models: Samples . . . . . . . . . . . . . . . . . 35 A.3.1. Model Composition . . . . . . . . . . . . . . . . . . 37 A.3.2. Device Models: Samples . . . . . . . . . . . . . . . 37 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40 1. Introduction Service management systems usually comprise service activation/ provision and service operation. Current service delivery procedures, from the processing of customer's requirements and orders to service delivery and operation, typically assume the manipulation of data sequentially into multiple OSS/BSS applications that may be managed by different departments within the service provider's organization (e.g., billing factory, design factory, network operation center). In addition, many of these applications have been developed in-house over the years and operate in a silo mode: o The lack of standard data input/output (i.e., data model) raises many challenges in system integration and often results in manual configuration tasks. o Service fulfillment systems might have a limited visibility on the network state and therefore have slow response to network changes. Software Defined Networking (SDN) becomes crucial to address these challenges. SDN techniques are meant to automate the overall service delivery procedures and typically rely upon standard data models. These models are used to not only reflect service providers' savoir- faire, but also to dynamically instantiate and enforce a set of service-inferred policies that best accommodate what has been defined and possibly negotiated with the customer. [RFC7149] provides a first tentative attempt to rationalize that service provider's view on the SDN space by identifying concrete technical domains that need to be considered and for which solutions can be provided: o Techniques for the dynamic discovery of topology, devices, and capabilities, along with relevant information and data models that Wu, et al. Expires March 12, 2021 [Page 3] Internet-Draft Service and Network Management Automation September 2020 are meant to precisely document such topology, devices, and their capabilities. o Techniques for exposing network services [RFC8309] and their characteristics. o Techniques used by service-derived dynamic resource allocation and policy enforcement schemes, so that networks can be programmed accordingly. o Dynamic feedback mechanisms that are meant to assess how efficiently a given policy (or a set thereof) is enforced from a service fulfillment and assurance perspectives. Models are key for each of the aforementioned four technical items. Service and network management automation is an important step to improve the agility of network operations. Models are also important to ease integrating multi-vendor solutions. YANG [RFC7950] module developers have taken both top-down and bottom- up approaches to develop modules [RFC8199] and to establish a mapping between a network technology and customer requirements at the top or abstracting common constructs from various network technologies at the bottom. At the time of writing this document (2020), there are many YANG data models including configuration and service models that have been specified or are being specified by the IETF. They cover many of the networking protocols and techniques. However, how these models work together to configure a device, manage a set of devices involved in a service, or provide a service is something that is not currently documented either within the IETF or other Standards Development Organizations (SDOs). This document describes an architectural framework for service and network management automation (Section 3) that takes advantage of YANG modeling technologies and investigates how different layer YANG data models interact with each other (e.g., service mapping, model composing) in the context of service delivery and fulfillment (Section 4). This framework is drawn from a Network Operator perspective irrespective of the origin of a data module; it can accommodate modules that are developed outside the IETF. The document identifies a list of use cases to exemplify the proposed approach (Section 5), but it does not claim nor aim to be exhaustive. Wu, et al. Expires March 12, 2021 [Page 4] Internet-Draft Service and Network Management Automation September 2020 2. Terminology and Acronyms 2.1. Terminology The following terms are defined in [RFC8309][RFC8199] and are not redefined here: o Network Operator o Customer o Service o Data Model o Service Model o Network Element Module In addition, the document makes use of the following terms: Network Model: Describes a network level abstraction (or a subset of aspects of a network infrastructure), including devices and their subsystems, and relevant protocols operating at the link and network layers across multiple devices. This model corresponds to the Network Configuration Model discussed in [RFC8309]. It can be used by a Network Operator to allocate resources (e.g., tunnel resource, topology resource) for the service or schedule resources to meet the service requirements defined in a Service Model. Device Model: Refers to the Network Element YANG data model described in [RFC8199] or the Device Configuration Model discussed in [RFC8309]. Device Models are also used to refer to model a function embedded in a device (e.g., Network Address Translation (NAT) [RFC8512], Access Control Lists (ACLs) [RFC8519]). Pipe: Refers to a communication scope where only one-to-one (1:1) communications are allowed. The scope can be identified between ingress and egress nodes, two service sites, etc. Hose: Refers to a communication scope where one-to-many (1:N) communications are allowed (e.g., one site to multiple sites). Wu, et al. Expires March 12, 2021 [Page 5] Internet-Draft Service and Network Management Automation September 2020 Funnel: Refers to a communication scope where many-to-one (N:1) communications are allowed. 2.2. Acronyms The following acronyms are used in the document: ACL Access Control List CE Customer Edge ECA Event Condition Action L2VPN Layer 2 Virtual Private Network L3VPN Layer 3 Virtual Private Network NAT Network Address Translation OAM Operations, Administration, and Maintenance OWD One-Way Delay PE Provider Edge QoS Quality of Service RD Route Distinguisher RT Route Target SDN Software Defined Networking TE Traffic Engineering VN Virtual Network VPN Virtual Private Network VRF Virtual Routing and Forwarding 3. Architectural Concepts and Goals 3.1. Data Models: Layering and Representation As described in Section 2 of [RFC8199], layering of modules allows for better reusability of lower-layer modules by higher-level modules while limiting duplication of features across layers. Data models can be classified into Service, Network, and Device Models. Different Service Models may rely on the same set of Network and/or Device Models. Service Models traditionally follow top-down approach and are mostly customer-facing YANG modules providing a common model construct for higher level network services (e.g., Layer 3 Virtual Private Network (L3VPN)). Such modules can be mapped to network technology-specific modules at lower layers (e.g., tunnel, routing, Quality of Service (QoS), security). For example, the service level can be used to characterise the network service(s) to be ensured between service nodes (ingress/egress) such as: o the communication scope (pipe, hose, funnel, ...), o the directionality (inbound/outbound), Wu, et al. Expires March 12, 2021 [Page 6] Internet-Draft Service and Network Management Automation September 2020 o the traffic performance guarantees (One-Way Delay (OWD) [RFC7679], One-Way Loss [RFC7680], ...), o link capacity [RFC5136][I-D.ietf-ippm-capacity-metric-method], o etc. Figure 1 depicts the example of a VoIP service that relies upon connectivity services offered by a Network Operator. In this example, the VoIP service is offered to the Network Operator's customers by Service Provider (SP1). In order to provide global VoIP reachability, SP1 service site interconnects with other Service Providers service sites typically by interconnecting Session Border Elements (SBEs) and Data Border Elements (DBEs) [RFC5486][RFC6406]. For other VoIP destinations, sessions are forwarded over the Internet. These connectivity services can be captured in a YANG Service Module that reflects the service attributes that are shown in Figure 2. This example follows the IP Connectivity Provisioning Profile template defined in [RFC7297]. ,--,--,--. ,--,--,--. ,-' SP1 `-. ,-' SP2 `-. ( Service Site ) ( Service Site ) `-. ,-' `-. ,-' `--'--'--' `--'--'--' x | o * * | (2)x | o * * | ,x-,--o-*-. (1) ,--,*-,--. ,-' x o * * * * * * * * * `-. ( x o +----( Internet ) User---(x x x o o o o o o o o o o o o o o o o o o `-. ,-' `-. ,-' (3) `--'--'--' `--'--'--' Network Operator **** (1) Inter-SP connectivity xxxx (2) Customer to SP connectivity oooo (3) SP to any destination connectivity Figure 1: An Example of Service Connectivty Components Wu, et al. Expires March 12, 2021 [Page 7] Internet-Draft Service and Network Management Automation September 2020 Connectivity: Scope and Guarantees (1) Inter-SP connectivity - Pipe scope from the local to the remote SBE/DBE - Full guarantees class (2) Customer to SP connectivity - Hose/Funnel scope connecting the local SBE/DBE to the customer access points - Full guarantees class (3) SP to any destination connectivity - Hose/Funnel scope from the local SBE/DBE to the Internet gateway - Delay guarantees class Flow Identification * Destination IP address (SBE, DBE) * DSCP marking Traffic Isolation * VPN Routing & Forwarding * Routing rule to exclude some ASes from the inter-domain paths Notifications (including feedback) * Statistics on aggregate traffic to adjust capacity * Failures * Planned maintenance operations * Triggered by thresholds Figure 2: Sample Attributes Captured in a Service Model Network Models are mainly network resource-facing modules; they describe various aspects of a network infrastructure, including devices and their subsystems, and relevant protocols operating at the link and network layers across multiple devices (e.g., network topology and traffic-engineering tunnel modules). Device (and function) Models usually follow a bottom-up approach and are mostly technology-specific modules used to realize a service (e.g., BGP, NAT). Each level maintains a view of the supported YANG modules provided by low-levels (see for example, Appendix A). Figure 3 illustrates the overall layering model. The reader may refer to Section 4 of [RFC8309] for an overview of "Orchestrator" and "Controller" elements. Wu, et al. Expires March 12, 2021 [Page 8] Internet-Draft Service and Network Management Automation September 2020 +-----------------------------------------------------------------+ | +-----------------------+ | | | Orchestrator | Hierarchy Abstraction | | |+---------------------+| | | || Service Modeling || Service Model | | |+---------------------+| (Customer Oriented) | | | | Scope: "1:1" Pipe model | | | | Bidirectional | | |+---------------------+| +-+ Capacity,OWD +-+ | | ||Service Orchestration|| | +----------------+ | | | |+---------------------+| +-+ +-+ | | +-----------------------+ 1. Ingress 2. Egress | | | | | | | | +-----------------------+ Network Model | | | Controller | (Operator Oriented) | | |+---------------------+| +-+ +--+ +---+ +-+ | | || Network Modeling || | | | | | | | | | | |+---------------------+| | o----o--o----o---o---o | | | |+---------------------+| +-+ +--+ +---+ +-+ | | ||Network Orchestration|| src dst | | |+---------------------+| L3VPN over TE | | | | Instance Name/Access Interface | | +-----------------------+ Protocol Type/Capacity/RD/RT/... | | mapping for hop | | | | | | +-----------------------+ | | | Device | Device Model | | |+--------------------+ | | | || Device Modeling | | Interface add, BGP Peer, | | |+--------------------+ | Tunnel ID, QoS/TE, ... | | +-----------------------+ | +-----------------------------------------------------------------+ Figure 3: Layering and Representation The layering model depicted in Figure 3 does not make any assumption about the location of the various entities (e.g., controller, orchestrator) within the network. As such, the architecture does not preclude deployments where, for example, the controller is embedded on a device that hosts other functions that are controlled via YANG modules. In order to ease the mapping between layers and data reuse, this document focuses on service models that are modelled using YANG. Nevertheless, fully compliant with Section 3 of [RFC8309], Figure 3 Wu, et al. Expires March 12, 2021 [Page 9] Internet-Draft Service and Network Management Automation September 2020 does not preclude service models to be modelled using other data modelling languages than YANG. 3.2. Automation of Service Delivery Procedures Service Models can be used by a Network Operator to expose its services to its customers. Exposing such models allows to automate the activation of service orders and thus the service delivery. One or more monolithic Service Models can be used in the context of a composite service activation request (e.g., delivery of a caching infrastructure over a VPN). Such models are used to feed a decision- making intelligence to adequately accommodate customer's needs. Also, such models may be used jointly with services that require dynamic invocation. An example is provided by the service modules defined by the DOTS WG to dynamically trigger requests to handle Distributed Denial-of-Service (DDoS) attacks [RFC8783]. The service filtering request modelled using [RFC8783] will be translated into device-specific filtering (e.g., ACLs defined in [RFC8519]) that to fulfil the service request. Network Models can be derived from Service Models and used to provision, monitor, instantiate the service, and provide lifecycle management of network resources. Doing so is meant to: o expose network resources to customers (including other Network Operators) to provide service fulfillment and assurance. o allow customers (or Network Operators) to dynamically adjust the network resources based on service requirements as described in Service Models (e.g., Figure 2) and the current network performance information described in the telemetry modules. 3.3. Service Fullfillment Automation To operate a service, the settings of the parameters in the Device Models are derived from Service Models and/or Network Models and are used to: o Provision each involved network function/device with the proper configuration information. o Operate the network based on service requirements as described in the Service Model(s) and local operational guidelines. In addition, the operational state including configuration that is in effect together with statistics should be exposed to upper layers to Wu, et al. Expires March 12, 2021 [Page 10] Internet-Draft Service and Network Management Automation September 2020 provide better network visibility and assess to what extent the derived low level modules are consistent with the upper level inputs. Filters are enforced on the notifications that are communicated to Service layers. The type and frequency of notifications may be agreed in the Service Model. Note that it is important to correlate telemetry data with configuration data to be used for closed loops at the different stages of service delivery, from resource allocation to service operation, in particular. 3.4. YANG Modules Integration To support top-down service delivery, YANG modules at different levels or at the same level need to be integrated together for proper service delivery (including, proper network setup). For example, the service parameters captured in Service Models need to be decomposed into a set of configuration/notification parameters that may be specific to one or more technologies; these technology-specific parameters are grouped together to define technology-specific device level models or network level models. In addition, these technology-specific Device or Network Models can be further integrated with each other using the schema mount mechanism [RFC8528] to provision each involved network function/ device or each involved administrative domain to support newly added module or features. A collection of Device Models integrated together can be loaded and validated during the implementation time. High-level policies can be defined at Service or Network Models (e.g., "Autonomous System Number (ASN) Exclude" in the example depicted in Figure 2). Device Models will be tweaked accordingly to provide policy-based management. Policies can also be used for telemetry automation, e.g., policies that contain conditions can trigger the generation and pushing of new telemetry data. Performance measurement telemetry can be used to provide service assurance at Service and/or Network levels. Performance measurement telemetry model can tie with Service or Network Models to monitor network performance or Service Level Agreement. 4. Functional Blocks and Interactions The architectural considerations described in Section 3 lead to the architecture described in this section and illustrated in Figure 4. Wu, et al. Expires March 12, 2021 [Page 11] Internet-Draft Service and Network Management Automation September 2020 +------------------+ ................. | | Service level | | V | E2E E2E E2E E2E Service --> Service ---------> Service -----> Service -----+ Exposure Creation ^ Optimization ^ Diagnosis | /Modification | | | | |Diff | V Multi-layer | | E2E | E2E Multi-domain | | Service | Service Service Mapping| +------ Assurance --+ Decommission | ^ ................. |<-----------------+ | Network level | | +-------+ V | | Specific Specific | Service --------> Service <--+ | Creation ^ Optimization | | /Modification | | | | |Diff | | | | Specific --+ | Service | | Service | Decomposing | +----- Assurance ----+ | ^ ................. | | Aggregation Device level | +------------+ V | Service Intent | Fulfillment Config ----> Config ----> Performance ----> Fault Provision Validate Monitoring Diagnostic Figure 4: Service and Network Lifecycle Management 4.1. Service Lifecycle Management Procedure Service lifecycle management includes end-to-end service lifecycle management at the service level and technology specific network lifecycle management at the network level. The end-to-end service lifecycle management is technology-independent service management and spans across multiple administrative domain or multiple layers while technology specific service lifecycle management is technology domain specific or layer specific service lifecycle management. Wu, et al. Expires March 12, 2021 [Page 12] Internet-Draft Service and Network Management Automation September 2020 4.1.1. Service Exposure A service in the context of this document (sometimes called, Network Service) is some form of connectivity between customer sites and the Internet or between customer sites across the operator's network and across the Internet. Service exposure is used to capture services offered to customers (ordering and order handling). One typical example is that a customer can use a L3VPN Service Model (L3SM) to request L3VPN service by providing the abstract technical characterization of the intended service between customer sites. Service Model catalogs can be created along to expose the various services and the information needed to invoke/order a given service. 4.1.2. Service Creation/Modification A customer is usually unaware of the technology that the Network Operator has available to deliver the service, so the customer does not make requests specific to the underlying technology but is limited to making requests specific to the service that is to be delivered. This service request can be issued using a Service Model. Upon receiving a service request, and assuming that appropriate authentication and authorization checks have been made, the service orchestrator/management system should verify whether the service requirements in the service request can be met (i.e., whether there is sufficient resources that can be allocated with the requested guarantees). If the request is accepted, the service orchestrator/management system maps such service request to its view. This view can be described as a technology specific network model or a set of technology specific Device Models and this mapping may include a choice of which networks and technologies to use depending on which service features have been requested. In addition, a customer may require to change the underlying network infrastructure to adapt to new customer's needs and service requirements. This service modification can be issued following the same Service Model used by the service request. 4.1.3. Service Optimization Service optimization is a technique that gets the configuration of the network updated due to network changes, incidents mitigation, or new service requirements. One typical example is once a tunnel or a Wu, et al. Expires March 12, 2021 [Page 13] Internet-Draft Service and Network Management Automation September 2020 VPN is setup, Performance monitoring information or telemetry information per tunnel (or per VPN) can be collected and fed into the management system. If the network performance doesn't meet the service requirements, the management system can create new VPN policies capturing network service requirements and populate them into the network. Both network performance information and policies can be modelled using YANG. With Policy-based management, self-configuration and self-optimization behavior can be specified and implemented. 4.1.4. Service Diagnosis Operations, Administration, and Maintenance (OAM) are important networking functions for service diagnosis that allow Network Operators to: o monitor network communications (i.e., reachability verification and Continuity Check) o troubleshoot failures (i.e., fault verification and localization) o monitor service-level agreements and performance (i.e., performance management) When the network is down, service diagnosis should be in place to pinpoint the problem and provide recommendations (or instructions) for the network recovery. The service diagnosis information can be modelled as technology- independent Remote Procedure Call (RPC) operations for OAM protocols and technology-independent abstraction of key OAM constructs for OAM protocols [RFC8531][RFC8533]. These models can be used to provide consistent configuration, reporting, and presentation for the OAM mechanisms used to manage the network. 4.1.5. Service Decommission Service decommission allows a customer to stop the service by removing the service from active status and thus releasing the network resources that were allocated to the service. Customers can also use the Service Model to withdraw the registration to a service. 4.2. Service Fullfillment Management Procedure Wu, et al. Expires March 12, 2021 [Page 14] Internet-Draft Service and Network Management Automation September 2020 4.2.1. Intended Configuration Provision Intended configuration at the device level is derived from Network Models at the network level or Service Model at the service level and represents the configuration that the system attempts to apply. Take L3SM as a Service Model example to deliver a L3VPN service, we need to map the L3VPN service view defined in the Service Model into detailed intended configuration view defined by specific configuration models for network elements, configuration information includes: o Virtual Routing and Forwarding (VRF) definition, including VPN policy expression o Physical Interface(s) o IP layer (IPv4, IPv6) o QoS features such as classification, profiles, etc. o Routing protocols: support of configuration of all protocols listed in a service request, as well as routing policies associated with those protocols. o Multicast support o Address sharing (e.g., NAT) o Security These specific configuration models can be used to configure Provider Edge (PE) and Customer Edge (CE) devices within a site, e.g., a BGP policy model can be used to establish VPN membership between sites and VPN Service Topology. 4.2.2. Configuration Validation Configuration validation is used to validate intended configuration and ensure the configuration take effect. For example, a customer creates an interface "eth-0/0/0" but the interface does not physically exist at this point, then configuration data appears in the <intended> status but does not appear in <operational> datastore. Wu, et al. Expires March 12, 2021 [Page 15] Internet-Draft Service and Network Management Automation September 2020 4.2.3. Performance Monitoring/Model-driven Telemetry When configuration is in effect in the device, <operational> datastore holds the complete operational state of the device including learned, system, default configuration, and system state. However, the configurations and state of a particular device does not have the visibility to the whole network or information of the flow packets are going to take through the entire network. Therefore it becomes more difficult to operate the network without understanding the current status of the network. The management system should subscribe to updates of a YANG datastore in all the network devices for performance monitoring purpose and build a full topological visibility of the network by aggregating (and filtering) these operational state from different sources. 4.2.4. Fault Diagnostic When configuration is in effect in the device, some devices may be mis-configured (e.g.,device links are not consistent in both sides of the network connection), network resources be mis-allocated and services may be negatively affected without knowing what is going on in the network. Technology-dependent nodes and RPC commands are defined in technology-specific YANG data models which can use and extend the base model described in Section 4.1.4 to deal with these issues. These RPC commands received in the technology-dependent node can be used to trigger technology-specific OAM message exchanges for fault verification and fault isolation For example, TRILL Multicast Tree Verification (MTV) RPC command [I-D.ietf-trill-yang-oam] can be used to trigger Multi-Destination Tree Verification Message defined in [RFC7455] to verify TRILL distribution tree integrity. 4.3. Multi-Layer/Multi-Domain Service Mapping Multi-layer/Multi-domain Service Mapping allows to map an end-to-end abstract view of the service segmented at different layers or different administrative domains into domain-specific view. One example is to map service parameters in L3VPN service model into configuration parameters such as Route Distinguisher (RD), Route Target (RT), and VRF in L3VPN network model. Another example is to map service parameters in L3VPN service model into Traffic Engineered (TE) tunnel parameter (e.g., Tunnel ID) in TE model and Virtual Network (VN) parameters (e.g., Access Point (AP) Wu, et al. Expires March 12, 2021 [Page 16] Internet-Draft Service and Network Management Automation September 2020 list, VN members) in the YANG data model for VN operation [I-D.ietf-teas-actn-vn-yang]. 4.4. Service Decomposing Service Decomposing allows to decompose service model at the service level or network model at the network level into a set of device/ function models at the device level. These Device Models may be tied to specific device types or classified into a collection of related YANG modules based on service types and features offered, and load at the implementation time before configuration is loaded and validated. 5. YANG Data Model Integration Examples The following subsections provides some YANG data models integration examples. 5.1. L2VPN/L3VPN Service Delivery In reference to Figure 5, the following steps are performed to deliver the L3VPN service within the network management automation architecture defined in this document: 1. The Customer requests to create two sites (as per service creation operation in Section 4.2.1) relying upon a L3SM Service model with each having one network access connectivity, for example: * Site A: Network-Access A, Link Capacity = 20 Mbps, for class "foo", guaranteed-capacity-percent = 10, average-One-Way-Delay = 70 ms. * Site B: Network-Access B, Link Capacity = 30 Mbps, for class "foo1", guaranteed-capacity-percent = 15, average-One-Way- Delay = 60 ms. 2. The Orchestrator extracts the service parameters from the L3SM model. Then, it uses them as input to translate ("service mapping operation" in Section 4.4) them into an orchestrated configuration of network elements (e.g., RD, RT, VRF) that are part of the L3VPN Network YANG Model specified in [I-D.ietf-opsawg-l3sm-l3nm]. 3. The Controller takes orchestrated configuration parameters in the L3NM network model and translates them into orchestrated ("service decomposing operation" in ) configuration of network elements that are part of, e.g., BGP, QoS, Network Instance model, IP management, and interface models. Wu, et al. Expires March 12, 2021 [Page 17] Internet-Draft Service and Network Management Automation September 2020 [I-D.ogondio-opsawg-uni-topology] can be used for representing, managing, and controlling the User Network Interface (UNI) topology. L3SM | Service | Model | +----------------------+--------------------------+ | +--------V--------+ | | | Service Mapping | | | +--------+--------+ | | Orchestrator | | +----------------------+--------------------------+ L3NM | ^ UNI Topology Model Network| | Model | | +----------------------+--------------------------+ | +----------V-----------+ | | | Service Decomposing | | | +---++--------------++-+ | | || || | | Controller || || | +---------------++--------------++----------------+ || || || BGP, || || QoS, || || Interface, || +------------+| NI, |+--------------+ | | IP | | +--+--+ +--+--+ +--+--+ +--+--+ | CE1 +-------+ PE1 | | PE2 +---------+ CE2 | +-----+ +-----+ +-----+ +-----+ Figure 5: L3VPN Service Delivery Example (Current) L3NM inherits some of data elements from the L3SM. Nevertheless, the L3NM does not expose some information to the above layer such as the capabilities of an underlying network (which can be used to drive service order handling) or notifications (to notify subscribers about specific events or degradations as per agreed SLAs). Some of this information can be provided using, e.g., [I-D.www-bess-yang-vpn-service-pm]. A target overall model is depicted in Figure 6. Wu, et al. Expires March 12, 2021 [Page 18] Internet-Draft Service and Network Management Automation September 2020 L3SM | ^ Service | | Notifications Model | | +----------------------+--------------------------+ | +--------V--------+ | | | Service Mapping | | | +--------+--------+ | | Orchestrator | | +----------------------+--------------------------+ L3NM | ^ UNI Topology Model Network| | L3NM Notifications Model | | L3NM Capabilities +----------------------+--------------------------+ | +----------V-----------+ | | | Service Decomposing | | | +---++--------------++-+ | | || || | | Controller || || | +---------------++--------------++----------------+ || || || BGP, || || QoS, || || Interface, || +------------+| NI, |+--------------+ | | IP | | +--+--+ +--+--+ +--+--+ +--+--+ | CE1 +-------+ PE1 | | PE2 +---------+ CE2 | +-----+ +-----+ +-----+ +-----+ Figure 6: L3VPN Service Delivery Example (Target) Note that a similar analysis can be performed for Layer 2 VPNs (L2VPNs). A L2VPN Service Model (L2SM) is defined in [RFC8466], while the L2VPN Network YANG Model (L2NM) is specified in [I-D.ietf-opsawg-l2nm]. 5.2. VN Lifecycle Management In reference to Figure 7, the following steps are performed to deliver the VN service within the network management automation architecture defined in this document: 1. Customer requests (service exposure operation in Section 4.1.1) to create 'VN' based on Access point, association between VN and Access point, VN member defined in the VN YANG module. 2. The orchestrator creates the single abstract node topology based on the information captured in an VN YANG module. Wu, et al. Expires March 12, 2021 [Page 19] Internet-Draft Service and Network Management Automation September 2020 3. The Customer exchanges connectivity-matrix on abstract node and explicit path using TE topology model with the orchestrator. This information can be used to instantiate VN and setup tunnels between source and destination endpoints (service creation operation in Section 4.1.2). 4. The telemetry model which augments the VN model and corresponding TE tunnel model can be used to subscribe to performance measurement data and notify all the parameter changes and network performance change related to VN topology or Tunnel [I-D.ietf-teas-actn-pm-telemetry-autonomics] and provide service assurance (service optimization operation in Section 4.1.3). | VN | Service | Model | +----------------------|--------------------------+ | Orchestrator | | | +--------V--------+ | | | Service Mapping | | | +-----------------+ | +----------------------+--------------------^-----+ TE | Telemetry Tunnel | Model Model | | +----------------------V--------------------+-----+ | Controller | | | +-------------------------------------------------+ +-----+ +-----+ +-----+ +-----+ | CE1 +------+ PE1 | | PE2 +------+ CE2 | +-----+ +-----+ +-----+ +-----+ Figure 7: A VN Service Delivery Example 5.3. Event-based Telemetry in the Device Self Management In reference to Figure 8, the following steps are performed to monitor state changes of managed objects or resources in a network device and provide device self-management within the network management automation architecture defined in this document: 1. To control which state a network device should be in or is allowed to be in at any given time, a set of conditions and actions are defined and correlated with network events (e.g., allow the NETCONF server to send updates only when the value Wu, et al. Expires March 12, 2021 [Page 20] Internet-Draft Service and Network Management Automation September 2020 exceeds a certain threshold for the first time, but not again until the threshold is cleared), which constitute ECA policy or an event-driven policy control logic that can be executed on the device (e.g., [I-D.wwx-netmod-event-yang]). 2. To provide rapid autonomic response that can exhibit self- management properties, the controller pushes the ECA policy to the network device and delegates network control logic to the network device. 3. The network device uses the ECA model to subscribe to the event source, e.g., an event stream or datastore state data conveyed to the server via YANG Push subscription, monitors state parameters, and takes simple and instant actions when associated event condition on state parameters is met. ECA notifications can be generated as the result of actions based on event stream subscription or datastore subscription (model-driven telemetry operation discussed in Section 4.2.3). +----------------+ | <----+ | Controller | | +-------+--------+ | | | | | ECA | | ECA Model | | Notification | | | | +------------V-------------+-----+ |Device | | | +-------+ +---------+ +--+---+ | | | Event +-> Event +->Event | | | | Source| |Condition| |Action| | | +-------+ +---------+ +------+ | +--------------------------------+ Figure 8: Event-based Telemetry 6. Security Considerations The YANG modules cited in this document define schema for data that are designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446]. Wu, et al. Expires March 12, 2021 [Page 21] Internet-Draft Service and Network Management Automation September 2020 The NETCONF access control model [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. Security considerations specific to each of the technologies and protocols listed in the document are discussed in the specification documents of each of these protocols. Security considerations specific to this document are listed below: o Create forwarding loops by mis-configuring the underlying network. o Leak sensitive information: special care should be considered when translating between the various layers in Section 4 or when aggregating data retrieved from various sources. The Network Operator must enforce means to protect privacy-related information included in cutsomer-facing models. o Some Service Models may include a traffic isolation clause, appropriate technology-specific actions must be enforced to avoid that traffic is accessible to non-authorized parties. 7. IANA Considerations There are no IANA requests or assignments included in this document. 8. Acknowledgements Thanks to Joe Clark, Greg Mirsky, Shunsuke Homma, Brian Carpenter, and Adrian Farrel for the review. Many thanks to Robert Wilton for the detailed AD review. 9. Contributors Wu, et al. Expires March 12, 2021 [Page 22] Internet-Draft Service and Network Management Automation September 2020 Christian Jacquenet Orange Rennes, 35000 France Email: Christian.jacquenet@orange.com Luis Miguel Contreras Murillo Telifonica Email: luismiguel.contrerasmurillo@telefonica.com Oscar Gonzalez de Dios Telefonica Madrid ES Email: oscar.gonzalezdedios@telefonica.com Weiqiang Cheng China Mobile Email: chengweiqiang@chinamobile.com Young Lee Sung Kyun Kwan University Email: younglee.tx@gmail.com 10. References 10.1. Normative References [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, <https://www.rfc-editor.org/info/rfc6241>. [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, <https://www.rfc-editor.org/info/rfc6242>. [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, <https://www.rfc-editor.org/info/rfc7950>. [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, <https://www.rfc-editor.org/info/rfc8040>. Wu, et al. Expires March 12, 2021 [Page 23] Internet-Draft Service and Network Management Automation September 2020 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, March 2018, <https://www.rfc-editor.org/info/rfc8341>. [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, <https://www.rfc-editor.org/info/rfc8446>. 10.2. Informative References [I-D.clacla-netmod-model-catalog] Clarke, J. and B. Claise, "YANG module for yangcatalog.org", draft-clacla-netmod-model-catalog-03 (work in progress), April 2018. [I-D.ietf-bess-evpn-yang] Brissette, P., Shah, H., Hussain, I., Tiruveedhula, K., and J. Rabadan, "Yang Data Model for EVPN", draft-ietf- bess-evpn-yang-07 (work in progress), March 2019. [I-D.ietf-bess-l2vpn-yang] Shah, H., Brissette, P., Chen, I., Hussain, I., Wen, B., and K. Tiruveedhula, "YANG Data Model for MPLS-based L2VPN", draft-ietf-bess-l2vpn-yang-10 (work in progress), July 2019. [I-D.ietf-bess-l3vpn-yang] Jain, D., Patel, K., Brissette, P., Li, Z., Zhuang, S., Liu, X., Haas, J., Esale, S., and B. Wen, "Yang Data Model for BGP/MPLS L3 VPNs", draft-ietf-bess-l3vpn-yang-04 (work in progress), October 2018. [I-D.ietf-bess-mvpn-yang] Liu, Y., Guo, F., Litkowski, S., Liu, X., Kebler, R., and M. Sivakumar, "Yang Data Model for Multicast in MPLS/BGP IP VPNs", draft-ietf-bess-mvpn-yang-04 (work in progress), June 2020. [I-D.ietf-bfd-yang] Rahman, R., Zheng, L., Jethanandani, M., Pallagatti, S., and G. Mirsky, "YANG Data Model for Bidirectional Forwarding Detection (BFD)", draft-ietf-bfd-yang-17 (work in progress), August 2018. Wu, et al. Expires March 12, 2021 [Page 24] Internet-Draft Service and Network Management Automation September 2020 [I-D.ietf-i2rs-yang-l2-network-topology] Dong, J., Wei, X., WU, Q., Boucadair, M., and A. Liu, "A YANG Data Model for Layer 2 Network Topologies", draft- ietf-i2rs-yang-l2-network-topology-17 (work in progress), August 2020. [I-D.ietf-idr-bgp-model] Jethanandani, M., Patel, K., Hares, S., and J. Haas, "BGP YANG Model for Service Provider Networks", draft-ietf-idr- bgp-model-09 (work in progress), June 2020. [I-D.ietf-ippm-capacity-metric-method] Morton, A., Geib, R., and L. Ciavattone, "Metrics and Methods for IP Capacity", draft-ietf-ippm-capacity-metric- method-03 (work in progress), August 2020. [I-D.ietf-ippm-stamp-yang] Mirsky, G., Xiao, M., and W. Luo, "Simple Two-way Active Measurement Protocol (STAMP) Data Model", draft-ietf-ippm- stamp-yang-05 (work in progress), October 2019. [I-D.ietf-ippm-twamp-yang] Civil, R., Morton, A., Rahman, R., Jethanandani, M., and K. Pentikousis, "Two-Way Active Measurement Protocol (TWAMP) Data Model", draft-ietf-ippm-twamp-yang-13 (work in progress), July 2018. [I-D.ietf-mpls-base-yang] Saad, T., Raza, K., Gandhi, R., Liu, X., and V. Beeram, "A YANG Data Model for MPLS Base", draft-ietf-mpls-base- yang-15 (work in progress), August 2020. [I-D.ietf-netmod-module-tags] Hopps, C., Berger, L., and D. Bogdanovic, "YANG Module Tags", draft-ietf-netmod-module-tags-10 (work in progress), February 2020. [I-D.ietf-opsawg-l2nm] barguil, s., Dios, O., Boucadair, M., Munoz, L., Jalil, L., and J. Ma, "A Layer 2 VPN Network YANG Model", draft- ietf-opsawg-l2nm-00 (work in progress), July 2020. [I-D.ietf-opsawg-l3sm-l3nm] barguil, s., Dios, O., Boucadair, M., Munoz, L., and A. Aguado, "A Layer 3 VPN Network YANG Model", draft-ietf- opsawg-l3sm-l3nm-03 (work in progress), April 2020. Wu, et al. Expires March 12, 2021 [Page 25] Internet-Draft Service and Network Management Automation September 2020 [I-D.ietf-pim-igmp-mld-snooping-yang] Zhao, H., Liu, X., Liu, Y., Sivakumar, M., and A. Peter, "A Yang Data Model for IGMP and MLD Snooping", draft-ietf- pim-igmp-mld-snooping-yang-18 (work in progress), August 2020. [I-D.ietf-pim-yang] Liu, X., McAllister, P., Peter, A., Sivakumar, M., Liu, Y., and f. hu, "A YANG Data Model for Protocol Independent Multicast (PIM)", draft-ietf-pim-yang-17 (work in progress), May 2018. [I-D.ietf-rtgwg-policy-model] Qu, Y., Tantsura, J., Lindem, A., and X. Liu, "A YANG Data Model for Routing Policy Management&o P = 0 indicates a multicast address that is not assigned based on the network prefix. This indicates a multicast address as defined in [ADDRARCH]. o P = 1 indicates a multicast address that is assigned based on the network prefix. o If P = 1, T MUST be set to 1, otherwise the setting of the T bit is defined in Section 2.7 of [ADDRARCH]. This document changes Section 6 of [RFC3306] as follows: OLD: These settings create an SSM range of FF3x::/32 (where 'x' is any valid scope value). The source address field in the IPv6 header identifies the owner of the multicast address. NEW: If the flag bits are set to 0011, these settings create an SSM range of ff3x::/32 (where 'x' is any valid scope value). The source address field in the IPv6 header identifies the owner of the multicast address. ff3x::/32 is not the only allowed SSM prefix range. For example if the most significant flag bit is set, then we would get the SSM range ffbx::/32. 4.2. RFC 3956 This document changes Section 2 of [RFC3956] as follows: OLD: As described in [RFC3306], the multicast address format is as follows: | 8 | 4 | 4 | 8 | 8 | 64 | 32 | +--------+----+----+--------+----+----------------+----------+ |11111111|flgs|scop|reserved|plen| network prefix | group ID | +--------+----+----+--------+----+----------------+----------+ Where flgs are "0011". (The first two bits are as yet undefined, sent as zero and ignored on receipt.) NEW: Boucadair & Venaas Expires April 21, 2014 [Page 5] Internet-Draft Multicast Flag bits October 2013 The multicast address format is as follows: | 8 | 4 | 4 | 4 | 4 | 8 | 64 | 32 | +--------+----+----+---------+----+----------------+----------+ |11111111|flgs|scop|flgs|rsvd|plen| network prefix | group ID | +--------+----+----+---------+----+----------------+----------+ +-+-+-+-+ flgs is a set of four flags: |X|R|P|T| +-+-+-+-+ X may be set to 0 or 1. This document changes Section 3 of [RFC3956] as follows: OLD: | 8 | 4 | 4 | 4 | 4 | 8 | 64 | 32 | +--------+----+----+----+----+----+----------------+----------+ |11111111|flgs|scop|rsvd|RIID|plen| network prefix | group ID | +--------+----+----+----+----+----+----------------+----------+ +-+-+-+-+ flgs is a set of four flags: |0|R|P|T| +-+-+-+-+ When the highest-order bit is 0, R = 1 indicates a multicast address that embeds the address on the RP. Then P MUST be set to 1, and consequently T MUST be set to 1, as specified in [RFC3306]. In effect, this implies the prefix FF70::/12. In this case, the last 4 bits of the previously reserved field are interpreted as embedding the RP interface ID, as specified in this memo. The behavior is unspecified if P or T is not set to 1, as then the prefix would not be FF70::/12. Likewise, the encoding and the protocol mode used when the two high-order bits in "flgs" are set to 11 ("FFF0::/12") is intentionally unspecified until such time that the highest-order bit is defined. Without further IETF specification, implementations SHOULD NOT treat the FFF0::/12 range as Embedded-RP. NEW: | 8 | 4 | 4 | 4 | 4 | 8 | 64 | 32 | +--------+----+----+----+----+----+----------------+----------+ |11111111|flgs|scop|flgs|RIID|plen| network prefix | group ID | Boucadair & Venaas Expires April 21, 2014 [Page 6] Internet-Draft Multicast Flag bits October 2013 +--------+----+----+----+----+----+----------------+----------+ +-+-+-+-+ flgs is a set of four flags: |X|R|P|T| +-+-+-+-+ X may be set to 0 or 1. R = 1 indicates a multicast address that embeds the address of the RP. P MUST be set to 1, and consequently T MUST be set to 1, according to [RFC3306], as this is a special case of unicast-prefix based addresses. This implies that for instance prefixes ff70::/12 and fff0::/12 are embedded RP prefixes, but all multicast addresses with the R-bit set to 1 MUST be treated as Embedded RP addresses. The behavior is unspecified if P or T is not set to 1. When the R-bit is set, the last 4 bits of the previously reserved field are interpreted as embedding the RP interface ID, as specified in this memo. This document changes Section 4 of [RFC3956] as follows: OLD: It MUST be a multicast address with "flgs" set to 0111, that is, to be of the prefix FF70::/12, NEW: It MUST be a multicast address with R-bit set to 1. It MUST have P-bit and T-bit both set to 1 when using the embedding in this document as it is a prefix-based address. This document changes Section 7.1 of [RFC3956] as follows: OLD: To avoid loops and inconsistencies, for addresses in the range FF70::/12, the Embedded-RP mapping MUST be considered the longest possible match and higher priority than any other mechanism. NEW: To avoid loops and inconsistencies, for addresses with R-bit set to 1, the Embedded-RP mapping MUST be considered the longest possible match and higher priority than any other mechanism. 5. IANA Considerations Boucadair & Venaas Expires April 21, 2014 [Page 7] Internet-Draft Multicast Flag bits October 2013 This document may require IANA updates. However, at this point it is not clear exactly what these updates may be. 6. Security Considerations Security considerations discussed in [RFC3956], [RFC3306] and [RFC4291] MUST be taken into account. 7. Acknowledgements Many thanks to B. Haberman for the discussions prior to the publication of this document. 8. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3306] Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6 Multicast Addresses", RFC 3306, August 2002. [RFC3956] Savola, P. and B. Haberman, "Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address", RFC 3956, November 2004. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. Authors' Addresses Mohamed Boucadair France Telecom Rennes 35000 France Email: mohamed.boucadair@orange.com Stig Venaas Cisco USA Email: stig@cisco.com Boucadair & Venaas Expires April 21, 2014 [Page 8]