YANG Data Model for Composed VPN Service Delivery
draft-evenwu-opsawg-yang-composed-vpn-00
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
|
|
|---|---|---|---|
| Authors | Roni Even , Qin Wu , Ying Cheng | ||
| Last updated | 2018-09-27 | ||
| RFC stream | (None) | ||
| Formats | |||
| Additional resources | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-evenwu-opsawg-yang-composed-vpn-00
Internet-Draft Composed VPN YANG Model September 2018 type string{length "0..100";} description "specify the action value."; } } grouping PwSpec { description "PwSpec Grouping."; leaf control-word { type boolean; default false; description "control Word."; } leaf vlan-action { type PWTagMode; description "pw Vlan Action."; } } grouping IpSpec { description "IpSpec Grouping."; leaf ip-address { type inet:ip-address; description "master IP address"; } leaf mtu { type uint64; description "mtu for ip layer,scope:46~9600"; } } grouping VxlanSpec { description "VxlanSpec Grouping."; leaf vni { type uint32; description "vni"; } leaf vtep-ip { type inet:ip-address; description "vtep ip"; } } grouping FlowAndBehavior { description "FlowAndBehavior Grouping."; leaf class-id { type yang:uuid; description "flowClassifierId"; } list flow-behavior { key index; uses FlowBehavior; description "flowBehaviors"; Even, et al. Expires March 31, 2019 [Page 30] Internet-Draft Composed VPN YANG Model September 2018 } } grouping FlowBehavior { description "FlowAndBehavior Grouping."; leaf index { type uint32; description "index"; } leaf color-type { type color-type; description "Color Type."; } leaf action-type { type action-type; description "action Type"; } leaf action { type string; description "action"; } } grouping VPNBasicInfo { description "VPNBasicInfo Grouping."; leaf topo { type topology; description "current support for full-mesh and hub-spoke, others is reserved for future extensions." ; } leaf service-type { type service-type; description "current support for mpls l3vpn/vxlan/L2VPN overlay, others is reserved for future extensions." ; } leaf technology { type tunnel-type; description "mpls|vxlan overlay l3vpn|eth over sdh|nop"; } leaf admin-state { type admin-state; description "administrative status." ; } leaf oper-state { type oper-state; config false; description "Operational status." ; } leaf sync-state { Even, et al. Expires March 31, 2019 [Page 31] Internet-Draft Composed VPN YANG Model September 2018 type sync-state; config false; description "Sync status." ; } } grouping VPN { description "VPN Grouping."; leaf vpn-id { type yang:uuid ; description "VPN Identifier." ; } leaf vpn-name { type string {length "0..200";} description "Human-readable name for the VPN service." ; } uses VPNBasicInfo; list access-point { key "tp-id"; description "TP list of the access links which associated with CE and PE"; uses termination-point; } } grouping termination-point { description "grouping for termination points."; leaf tp-id { type yang:uuid; description "An identifier for termination point on a node."; } container peer-ce-node { description "CE TP Information."; uses CeTp; } container tp-basic { description "Termination point basic info."; uses TPBasicInfo; } list route-protocol { key "type"; description "route protocol spec."; uses RouteProtocolSpec; } leaf admin-state { type admin-state; description "administrative status."; } leaf oper-state { type oper-state; Even, et al. Expires March 31, 2019 [Page 32] Internet-Draft Composed VPN YANG Model September 2018 config false; description "Operational status." ; } } grouping segment-vpn { description "SegmentVPN Grouping."; leaf index { type uint32; description "index of segment VPN in a composed VPN."; } leaf protect-role { type protection-role; description "The protection role of segment VPN, by default it is set as nop role."; } container vpn-info { description "vpn information"; choice vpn-type { description "vpn type."; case wan-vpn { container vpn { description "vpn."; uses VPN; } } } } } container segment-vpns { list segment-vpn { key "index"; description "Segment Vpn list."; uses segment-vpn; } description "Container for Segment VPN."; } } <CODE ENDS> 9. Service Model Usage Example This section provides an example of how a management system can use this model to configure an IP VPN service on network elements. Even, et al. Expires March 31, 2019 [Page 33] Internet-Draft Composed VPN YANG Model September 2018 +-----------------------------------------------------------------------+ | ------- PE2----- Spoke_Site1 | | | | | Hub_Site -----PE1------ASBR1-------- ASBR2 | | | | | --------PE3 ---- Spoke_Site2 | +----------------|----------|--------------|--------|-------------------+ | | | | |<SegVPN1> | <SegVPN2> |<SegVPN3> | | | | | | | | | Intra-AS | Inter-AS |Intra-AS| | | |<--------Composed VPN ----------->| In this example, we want to achieve the provisioning of a end to end VPN service for three sites using a Hub-and-Spoke VPN service topology. The end to end VPN service is stitched by three segmented VPN, two are within intra-AS domain, one is within inter AS domain. The following XML snippet describes the overall simplified service configuration of this composed VPN. <?xml version="1.0"?> <composed-vpns xmlns="urn:ietf:params:xml:ns:yang:ietf-composed-vpn-svc"> <composed-vpn> <vpn-id>12456487</vpn-id> <topo>hub-spoke</topo> <service-type>hybrid-vpn</service-type> <seg-vpns> <index>1</index> <vpn-info> <vpn-id>111<vpn-id> <topo>hub-spoke</topo> <service-type>l2vpn</service-type> <access-point> <node-id>ASBR1</node-id> <peer-ce-node> <ce-node-id>PE1</ce-node-id> </peer-ce-node> <tp-basic> <topo-role>hub</topo-role> <flow-serices> <in-template-id>TEMPLATE-A</in-template-id> <out-template-id>TEMPLATE-B</out-template-id> </flow-services> </tp-basic> <routing-protocol> Even, et al. Expires March 31, 2019 [Page 34] Internet-Draft Composed VPN YANG Model September 2018 <bgp> <as-no>AS1</as-no> </bgp> <routing-protocol> </access-point> </vpn-info <seg-vpns> <seg-vpns> <index>2</index> <vpn-info> <vpn-id>222<vpn-id> <topo>hub-spoke</topo> <service-type>l3vpn</service-type> <access-point> <node-id>ASBR2</node-id> <peer-ce-node> <ce-node-id>ASBR1</ce-node-id> </peer-ce-node> <tp-basic> <topo-role>hub</topo-role> <flow-serices> <in-template-id>TEMPLATE-B</in-template-id> <out-template-id>TEMPLATE-C</out-template-id> </flow-services> </tp-basic> <routing-protocol> <bgp> <as-no>interAS-1</as-no> </bgp> <routing-protocol> </access-point> </vpn-info <seg-vpns> <seg-vpns> <index>3</index> <vpn-info> <vpn-id>333<vpn-id> <topo>hub-spoke</topo> <service-type>l2vpn</service-type> <access-point> <node-id>PE2</node-id> <peer-ce-node> <ce-node-id>ASBR2</ce-node-id> </peer-ce-node> <tp-basic> <topo-role>spoke</topo-role> <flow-serices> <in-template-id>TEMPLATE-B</in-template-id> Even, et al. Expires March 31, 2019 [Page 35] Internet-Draft Composed VPN YANG Model September 2018 <out-template-id>TEMPLATE-D</out-template-id> </flow-services> </tp-basic> <routing-protocol> <bgp> <as-no>AS2</as-no> </bgp> <routing-protocol> </access-point> </vpn-info <seg-vpns> </composed-vpn> </composed-vpns> 10. Interaction with other YANG models As expressed in Section 4, this composed VPN service model is intended to be instantiated in a management system and not directly on network elements. The management system's role will be to configure the network elements. The management system may be modular and distinguish the component instantiating the service model (let's call it "service component") from the component responsible for network element configuration (let's call it "configuration component"). The service is built from a combination of networkelements and protocols configuration which also include various aspects of the underlying network infrastructure, including functions/devices and their subsystems, and relevant protocols operating at the link and network layers across multiple device. Therfore there will be a strong relationship between the abstracted view provided by this service model and the detailed configuration view that will be provided by specific configuration models for network elements. The service component will take input from customer service model such as L3SM service model or composed VPN service model and translate it into segment VPN in each domain and then further break down the segment VPN into detailed configuration view that will be provided by specific configuration models for network elements. 11. Security Considerations The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer Even, et al. Expires March 31, 2019 [Page 36] Internet-Draft Composed VPN YANG Model September 2018 is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC5246]. The NETCONF access control model [RFC6536] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability: o /composed-vpns/composed-vpn The entries in the list above include the whole composed vpn service configurations which the customer subscribes, and indirectly create or modify the PE,CE and ASBR device configurations. Unexpected changes to these entries could lead to service disruption and/or network misbehavior. o /composed-vpns/composed-vpn/seg-vpns The entries in the list above include the access points configurations. As above, unexpected changes to these entries could lead to service disruption and/or network misbehavior. o /composed-vpns/composed-vpn/access-points The entries in the list above include the access points configurations. As above, unexpected changes to these entries could lead to service disruption and/or network misbehavior. 12. IANA Considerations This document registers a URI in the IETF XML registry [RFC3688]. Following the format in [RFC3688], the following registrations are requested to be made: Even, et al. Expires March 31, 2019 [Page 37] Internet-Draft Composed VPN YANG Model September 2018 --------------------------------------------------------------------- URI: urn:ietf:params:xml:ns:yang:ietf-composed-vpn-svc Registrant Contact: The IESG XML: N/A; the requested URI is an XML namespace. URI: urn:ietf:params:xml:ns:yang:ietf-segmented-vpn Registrant Contact: The IESG XML: N/A; the requested URI is an XML namespace. --------------------------------------------------------------------- This document registers two YANG modules in the YANG Module Names registry [RFC6020]. --------------------------------------------------------------------- Name: ietf-composite-vpn-svc Namespace: urn:ietf:params:xml:ns:yang:ietf-composed-vpn-svc Prefix: composite-svc Reference: RFC xxxx Name: ietf-segmented-vpn Namespace: urn:ietf:params:xml:ns:yang:ietf-segmented-vpn Prefix: segment-vpn Reference: RFC xxxx --------------------------------------------------------------------- 13. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", March 1997. [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, <https://www.rfc-editor.org/info/rfc3688>. [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 2006, <https://www.rfc-editor.org/info/rfc4364>. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/RFC5246, August 2008, <https://www.rfc-editor.org/info/rfc5246>. [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010, <https://www.rfc-editor.org/info/rfc6020>. Even, et al. Expires March 31, 2019 [Page 38] Internet-Draft Composed VPN YANG Model September 2018 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, <https://www.rfc-editor.org/info/rfc6241>. [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, <https://www.rfc-editor.org/info/rfc6242>. [RFC6370] Bocci, M., Swallow, G., and E. Gray, "MPLS Transport Profile (MPLS-TP) Identifiers", RFC 6370, DOI 10.17487/RFC6370, September 2011, <https://www.rfc-editor.org/info/rfc6370>. [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration Protocol (NETCONF) Access Control Model", RFC 6536, DOI 10.17487/RFC6536, March 2012, <https://www.rfc-editor.org/info/rfc6536>. [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, <https://www.rfc-editor.org/info/rfc7950>. [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, <https://www.rfc-editor.org/info/rfc8040>. [RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018, <https://www.rfc-editor.org/info/rfc8309>. Appendix A. Acknowledges Geng Liang,Congfeng Xie, Chen Rui, LiYa Zhang,Hui Deng contributed to an earlier version of [I-D.chen-opsawg-composite-vpn-dm]. We would like to thank the authors of that document on the operators' view for the PE-based VPN service configuration for material that assisted in thinking about this document. Authors' Addresses Roni Even Huawei Technologies,Co.,Ltd Tel Aviv Israel Email: roni.even@huawei.com Even, et al. Expires March 31, 2019 [Page 39] Internet-Draft Composed VPN YANG Model September 2018 Qin Wu Huawei 101 Software Avenue, Yuhua District Nanjing, Jiangsu 210012 China Email: bill.wu@huawei.com YingCheng China Unicom No.21 Financial Street, XiCheng District Beijing 100033 China Email: chengying10@chinaunicom.cn Even, et al. Expires March 31, 2019 [Page 40]