BESS Working Group D. Jain
Internet-Draft K. Patel
Intended status: Standards Track P. Brissette
Expires: March 17, 2017 Cisco
Z. Li
S. Zhuang
Huawei Technologies
X. Liu
Ericsson
J. Haas
S. Esale
Juniper Networks
B. Wen
Comcast
September 13, 2016
Yang Data Model for BGP/MPLS L3 VPNs
draft-ietf-bess-l3vpn-yang-00.txt
Abstract
This document defines a YANG data model that can be used to configure
and manage BGP Layer 3 VPNs.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 17, 2017.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
Jain, et al. Expires March 17, 2017 [Page 1]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 3
3. Design of BGP L3VPN Data Model . . . . . . . . . . . . . . . 4
3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. VRF Specific Configuration . . . . . . . . . . . . . . . 4
3.2.1. VRF interface . . . . . . . . . . . . . . . . . . . . 4
3.2.2. Route distinguisher . . . . . . . . . . . . . . . . . 4
3.2.3. Import and export route targets . . . . . . . . . . . 5
3.2.4. Forwarding mode . . . . . . . . . . . . . . . . . . . 5
3.2.5. Label security . . . . . . . . . . . . . . . . . . . 5
3.2.6. Yang tree . . . . . . . . . . . . . . . . . . . . . . 5
3.3. BGP Specific Configuration . . . . . . . . . . . . . . . 7
3.3.1. VPN peering . . . . . . . . . . . . . . . . . . . . . 7
3.3.2. VPN prefix limits . . . . . . . . . . . . . . . . . . 7
3.3.3. Label Mode . . . . . . . . . . . . . . . . . . . . . 8
3.3.4. ASBR options . . . . . . . . . . . . . . . . . . . . 8
3.3.5. Yang tree . . . . . . . . . . . . . . . . . . . . . . 8
4. BGP Yang Module . . . . . . . . . . . . . . . . . . . . . . . 10
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
6. Security Considerations . . . . . . . . . . . . . . . . . . . 25
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 25
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 26
8.1. Normative References . . . . . . . . . . . . . . . . . . 26
Jain, et al. Expires March 17, 2017 [Page 2]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
8.2. Informative References . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction
YANG [RFC6020] is a data definition language that was introduced to
define the contents of a conceptual data store that allows networked
devices to be managed using NETCONF [RFC6241]. YANG is proving
relevant beyond its initial confines, as bindings to other interfaces
(e.g. ReST) and encodings other than XML (e.g. JSON) are being
defined. Furthermore, YANG data models can be used as the basis of
implementation for other interfaces, such as CLI and programmatic
APIs.
This document defines a YANG model that can be used to configure and
manage BGP L3VPNs [RFC4364]. It contains VRF sepcific parameters as
well as BGP specific parameters applicable for L3VPNs. The
individual containers defined in this model contain control knobs for
configuration for that purpose, as well as a few data nodes that can
be used to monitor health and gather statistics.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Definitions and Acronyms
AF: Address Family
AS: Autonomous System
ASBR: Autonomous System Border Router
BGP: Border Gateway Protocol
CE: Customer Edge
PE: Provider Edge
L3VPN: Layer 3 VPN
NETCONF: Network Configuration Protocol
RD: Route Distinguisher
Jain, et al. Expires March 17, 2017 [Page 3]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
ReST: Representational State Transfer, a style of stateless interface
and protocol that is generally carried over HTTP
RTFilter: Route Filter
VPN: Virtual Private Network
VRF: Virtual Routing and Forwarding
YANG: Data definition language for NETCONF
3. Design of BGP L3VPN Data Model
3.1. Overview
There are two parts of the BGP L3VPN yang data model. The first part
of the model defines VRF specific parameters for L3VPN by augmenting
the network-instance container defined in the network instance model
[I-D.ietf-rtgwg-ni-model] and the second part of the model defines
BGP specific parameters for the L3VPN by augmenting the base BGP data
model defined in [I-D.ietf-idr-bgp-model].
3.2. VRF Specific Configuration
IETF network instance model defines a base identity for network
instance type as L3-VRF. For L3VPN, the VRF specific parameters are
defined by augmenting the network-instance container corresponding to
L3-VRF instance. A new container l3vpn is added for VPN parameters.
3.2.1. VRF interface
To associate a VRF instance with an interface, the interface should
be defined in the context of network instance representing a L3-VRF.
This is covered in base network instance model
[I-D.ietf-rtgwg-ni-model].
3.2.2. Route distinguisher
Route distinguisher (RD) is an unique identifier used in VPN routes
to distinguish prefixes across different VPNs. RD is 8 byte field as
defined in the [RFC4364]. Where the first two bytes refer to type
followed by 6 bytes of value. The format of the value is dependent
on type. In the yang model, RDs are defined l3vpn container under
network-instance.
Jain, et al. Expires March 17, 2017 [Page 4]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
3.2.3. Import and export route targets
Route-target (RT) is an extended community used to specify the rules
for importing and exporting the routes for each VRF as defined in
[RFC4364]. This is applicable in the context of an address-family
under the VRF. Under the l3vpn container, statements for import and
export route-targets are added for ipv4 and ipv6 address family.
Both import and export sets are modeled as a list of rout-targets.
An import rule is modeled as list of RTs or a policy leafref
specifying the list of RTs to be matched for importing routes into
the VRF. Similarly an export rule is set or RTs or a policy leafref
specifying the list of RTs which should be attached to routes
exported from this VRF. In the case where policy is used to specify
the RTs, a reference to the policy via leafref is used in this model,
but actual definition of policy is outside the scope of this
document. In addition, this section also defines parameters for the
import from global routing table and export to global routing table,
as well as route limit per VPN instance for ipv4 and ipv6 address
family.
3.2.4. Forwarding mode
This configuration augments interface list under interface container
under a network instance as defined in IETF network instance model
[I-D.ietf-rtgwg-ni-model]. Forwarding mode configuration is required
under the ASBR facing interface to enable mpls forwarding for
directly connected BGP peers for inter-as option B peering.
3.2.5. Label security
For inter-as option-B peering across ASs, under the ASBR facing
interface, mpls label security enables the checks for RPF label on
incoming packets. Ietf-interface container is augmented to add this
config.
3.2.6. Yang tree
module: ietf-bgp-l3vpn
augment /ni:network-instances/ni:network-instance:
+--rw l3vpn
+--rw route-distinguisher
| +--rw config
| | +--rw rd? string
| +--ro state
| +--ro rd? string
+--rw ipv4
Jain, et al. Expires March 17, 2017 [Page 5]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
| +--rw unicast
| +--rw route-targets
| | +--rw config
| | | +--rw rts* [rt]
| | | | +--rw rt string
| | | | +--rw rt-type? enumeration
| | | +--rw route-policy? string
| | +--ro state
| | +--ro rts* [rt]
| | | +--ro rt string
| | | +--ro rt-type? enumeration
| | +--ro route-policy? string
| +--rw import-from-global
| | +--rw config
| | | +--rw enable? boolean
| | | +--rw advertise-as-vpn? boolean
| | | +--rw route-policy? string
| | | +--rw bgp-valid-route? boolean
| | | +--rw protocol? enumeration
| | | +--rw instance? string
| | +--ro state
| | +--ro enable? boolean
| | +--ro advertise-as-vpn? boolean
| | +--ro route-policy? string
| | +--ro bgp-valid-route? boolean
| | +--ro protocol? enumeration
| | +--ro instance? string
| +--rw export-to-global
| | +--rw config
| | | +--rw enable? boolean
| | +--ro state
| | +--ro enable? boolean
| +--rw routing-table-limit
| | +--rw config
| | | +--rw routing-table-limit-number? uint32
| | | +--rw (routing-table-limit-action)?
| | | +--:(enable-alert-percent)
| | | | +--rw alert-percent-value? uint8
| | | +--:(enable-simple-alert)
| | | +--rw simple-alert? boolean
| | +--ro state
| | +--ro routing-table-limit-number? uint32
| | +--ro (routing-table-limit-action)?
| | +--:(enable-alert-percent)
| | | +--ro alert-percent-value? uint8
| | +--:(enable-simple-alert)
| | +--ro simple-alert? boolean
| +--rw tunnel-params
Jain, et al. Expires March 17, 2017 [Page 6]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
| +--rw config
| | +--rw tunnel-policy? string
| +--ro state
| +--ro tunnel-policy? string
augment /if:interfaces/if:interface:
+--rw forwarding-mode
| +--rw config
| | +--rw forwarding-mode? fwd-mode-type
| +--ro state
| +--ro forwarding-mode? fwd-mode-type
+--rw mpls-label-security
+--rw config
| +--rw rpf? boolean
+--ro state
+--ro rpf? boolean
3.3. BGP Specific Configuration
The BGP specific configuration for L3VPNs is defined by augmenting
base BGP model [I-D.ietf-idr-bgp-model]. In particular, specific
knobs are added under neighbor and address family containers to
handle VPN routes and ASBR peering.
3.3.1. VPN peering
For Peering between PE routers, specific VPN address family needs to
be enabled under BGP container in the default routing-instance. Base
BGP draft [I-D.ietf-idr-bgp-model] has l3vpn address family in the
list of identity refs for AFs under global and neighbor modes. The
same is augmented here for additional knobs. For peering with CE
routers the VRF specific BGP configurations such as neighbors and
address-family are covered in base BGP config, except that such
configuration will be in the context of a VRF. The instance of BGP
in this case would be a separate instance in the context of routing
instance realizing a VRF.
3.3.2. VPN prefix limits
Limits for max number of VPN prefixes for a PE router is defined in
the context of VPN address family under BGP. This would be the total
number of prefixes in VPN table per AF in the context of BGP
protocol. Route table limit for ipv4 and ipv6 address family for
each VPN instance is also defined under BGP. The total prefix limit
Jain, et al. Expires March 17, 2017 [Page 7]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
per VPN, including all the protocols is defined in the context of VRF
address family under routing instance.
3.3.3. Label Mode
Label mode knobs control the label allocation behavior for VRF
routes. Such as to specify Per-site, Per-vpn and Per-route label
allocation. These knobs augment BGP global AF containers in the
context of default routing instance.
3.3.4. ASBR options
This includes few specific knobs for ASBR peering methods illustrated
in [RFC4364]. Such as route target retention on ASBRs and rewrite
next hop to self, for inter-as VPN peering across ASBRs with option-B
method. Similarly next hop unchanged on ASBRs for option-C peering.
Appropriate containers under BGP AF and NBR modes are augmented for
these parameters. As a note, when a knob is applicable for neighbor,
it is also defined under corresponding peer-group container.
3.3.5. Yang tree
module: ietf-bgp-l3vpn
augment /bgp:bgp/bgp:global/bgp:afi-safis
/bgp:afi-safi/bgp:l3vpn-ipv4-unicast:
+--rw retain-rts
+--rw config
| +--rw all? empty
| +--rw route-policy? string
+--ro state
+--ro all? empty
+--ro route-policy? string
+--rw prefix-limit
+--rw config
| +--rw prefix-limit-number? uint32
| +--rw (prefix-limit-action)?
| +--:(enable-alert-percent)
| | +--rw alert-percent-value? uint8
| | +--rw route-unchanged? boolean
| +--:(enable-simple-alert)
| +--rw simple-alert? boolean
+--ro state
+--ro prefix-limit-number? uint32
+--ro (prefix-limit-action)?
+--:(enable-alert-percent)
| +--ro alert-percent-value? uint8
| +--ro route-unchanged? boolean
Jain, et al. Expires March 17, 2017 [Page 8]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
+--:(enable-simple-alert)
+--ro simple-alert? boolean ...
augment /bgp:bgp/bgp:global/bgp:afi-safis
/bgp:afi-safi/bgp:ipv4-unicast:
+--rw config
| +--rw label-mode? bgp-label-mode
+--ro state
+--ro label-mode? bgp-label-mode
+--rw routing-table-limit
+--rw config
| +--rw routing-table-limit-number? uint32
| +--rw (routing-table-limit-action)?
| +--:(enable-alert-percent)
| | +--rw alert-percent-value? uint8
| +--:(enable-simple-alert)
| +--rw simple-alert? boolean
+--ro state
+--ro routing-table-limit-number? uint32
+--ro (routing-table-limit-action)?
+--:(enable-alert-percent)
| +--ro alert-percent-value? uint8
+--:(enable-simple-alert)
+--ro simple-alert? boolean
...
augment /bgp:bgp/bgp:neighbors/bgp:neighbor:
+--rw nexthop-options
+--rw config
| +--rw next-hop-self? boolean
| +--rw next-hop-unchanged? boolean
+--rw state
+--rw next-hop-self? boolean
+--rw next-hop-unchanged? boolean
augment /bgp:bgp/bgp:peer-groups/bgp:peer-group:
+--rw nexthop-options
+--rw config
| +--rw next-hop-self? boolean
| +--rw next-hop-unchanged? boolean
+--rw state
+--rw next-hop-self? boolean
+--rw next-hop-unchanged? boolean
augment /bgp:bgp/bgp:neighbors/bgp:neighbor
/bgp:afi-safis/bgp:afi-safi:
+--rw nexthop-options
+--rw config
Jain, et al. Expires March 17, 2017 [Page 9]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
| +--rw next-hop-self? boolean
| +--rw next-hop-unchanged? boolean
+--rw state
+--rw next-hop-self? boolean
+--rw next-hop-unchanged? boolean
augment /bgp:bgp/bgp:peer-groups/bgp:peer-group
/bgp:afi-safis/bgp:afi-safi:
+--rw nexthop-options
+--rw config
| +--rw next-hop-self? boolean
| +--rw next-hop-unchanged? boolean
+--rw state
+--rw next-hop-self? boolean
+--rw next-hop-unchanged? boolean
4. BGP Yang Module
<CODE BEGINS> file "ietf-bgp-l3vpn@2016-09-09.yang"
module ietf-bgp-l3vpn {
namespace "urn:ietf:params:xml:ns:yang:ietf-bgp-l3vpn";
// replace with IANA namespace when assigned
prefix l3vpn ;
import ietf-network-instance {
prefix ni;
revision-date 2016-06-23;
}
import ietf-interfaces {
prefix if;
}
import ietf-bgp {
prefix bgp;
revision-date 2016-06-21;
}
organization
"IETF BGP Enabled Services WG";
contact
"BESS working group - bess@ietf.org";
Jain, et al. Expires March 17, 2017 [Page 10]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
description
"This YANG module defines a YANG data model to configure and
manage BGP Layer3 VPNs. It augments the IETF bgp yang model
and IETF network instance model to add L3VPN specific
configuration and operational knobs.
Terms and Acronyms
AF : Address Family
AS : Autonomous System
ASBR : Autonomous Systems Border Router
BGP (bgp) : Border Gateway Protocol
CE : Customer Edge
IP (ip) : Internet Protocol
IPv4 (ipv4):Internet Protocol Version 4
IPv6 (ipv6): Internet Protocol Version 6
L3VPN: Layer 3 VPN
PE : Provider Edge
RT : Route Target
RD : Route Distinguisher
VPN : Virtual Private Network
VRF : Virtual Routing and Forwarding
";
revision 2016-09-09 {
description
"Initial revision.";
reference
"RFC XXXX: A YANG Data Model for BGP L3VPN config management";
}
//RD
grouping route-distinguisher-params {
Jain, et al. Expires March 17, 2017 [Page 11]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
description "BGP route distinguisher";
container route-distinguisher {
description "Route distinguisher value as per RFC4364";
container config {
description
"Configuration parameters for route distinguisher";
leaf rd {
type string;
description "Route distinguisher value as per RFC4364";
}
}
container state {
config "false" ;
description
"State information for route distinguisher";
leaf rd {
type string;
description "Route distinguisher value";
}
}
}
}
//Label mode
typedef bgp-label-mode {
type enumeration {
enum per-ce {
description "Allocate labels per CE";
}
enum per-route {
description "Allocate labels per prefix";
}
enum per-vpn {
description "Allocate labels per VRF";
}
}
description "BGP label allocation mode";
}
//Fwding mode
typedef fwd-mode-type {
type enumeration {
enum mpls {
description "Forwarding mode mpls";
}
}
description
"Enable forwarding mode under ASBR facing interface";
Jain, et al. Expires March 17, 2017 [Page 12]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
}
grouping forwarding-mode {
description "Forwarding mode of interface for ASBR scenario";
container forwarding-mode {
description "Forwarding mode of interface for ASBR scenario";
container config {
description "Configuration of Forwarding mode";
leaf forwarding-mode {
type fwd-mode-type;
description "Forwarding mode for this interface";
}
}
container state {
config "false";
description "State information of Forwarding mode";
leaf forwarding-mode {
type fwd-mode-type;
description "Forwarding mode for this interface";
}
}
}
}
grouping label-security {
description "Mpls label security for ASBR option B scenario";
container mpls-label-security {
description "MPLS label secruity";
container config {
description "Configuration parameters";
leaf rpf {
type boolean;
description "Enable MPLS label security rpf on interface";
}
}
container state {
config "false";
description "State information";
leaf rpf {
type boolean;
description "MPLS label security rpf on interface";
}
}
}
}
//per VPN instance table limit under BGP
Jain, et al. Expires March 17, 2017 [Page 13]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
grouping prefix-limit {
description
"The prefix limit command sets a limit on the maximum
number of prefixes supported in the existing VPN
instance, preventing the PE from importing excessive
VPN route prefixes.
";
leaf prefix-limit-number {
type uint32 {
range "1..4294967295";
}
description
"Specifies the maximum number of prefixes supported in the
VPN instance IPv4 or IPv6 address family.";
}
choice prefix-limit-action {
description ".";
case enable-alert-percent {
leaf alert-percent-value {
type uint8 {
range "1..100";
}
description
"Specifies the proportion of the alarm threshold to the
maximum number of prefixes.";
}
leaf route-unchanged {
type boolean;
default "false";
description
"Indicates that the routing table remains unchanged.
By default, route-unchanged is not configured. When
the number of prefixes in the routing table is
greater than the value of the parameter number,
routes are processed as follows:
(1)If route-unchanged is configured, routes in the
routing table remain unchanged.
(2)If route-unchanged is not configured, all routes
in the routing table are deleted and then
re-added.";
}
}
case enable-simple-alert {
leaf simple-alert {
type boolean;
default "false";
Jain, et al. Expires March 17, 2017 [Page 14]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
description
"Indicates that when the number of VPN route prefixes
exceeds number, prefixes can still join the VPN
routing table and alarms are displayed.";
}
}
}
}
grouping vpn-pfx-limit {
description "Per VPN instance table limit under BGP";
container vpn-prefix-limit {
description "Prefix limit for this table";
container config {
description "Config parameters";
uses prefix-limit;
}
container state {
config "false";
description "State parameters";
uses prefix-limit;
}
}
}
grouping route-target-set {
description
"Extended community route-target set ";
list rts {
key "rt" ;
description
"List of route-targets" ;
leaf rt {
type string {
pattern '([0-9]+:[0-9]+)';
}
description "Route target extended community as per RFC4360";
}
leaf rt-type {
type enumeration {
enum import {
description "Route target is for import routes";
}
enum export {
description "Route target is for export routes";
}
enum both {
description
Jain, et al. Expires March 17, 2017 [Page 15]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
"Route target is for both import and export routes";
}
}
description "Route target type";
}
}
leaf route-policy {
type string;
description
"Reference to the policy containing set of routes.
TBD: leafref to policy entry in IETF policy model";
}
}
grouping import-from-gbl {
description "Import from global routing table";
leaf enable {
type boolean;
description "Enable";
}
leaf advertise-as-vpn {
type boolean;
description
"Advertise routes imported from global table as VPN routes";
}
leaf route-policy {
type string;
description "Route policy as filter for importing routes";
}
leaf bgp-valid-route {
type boolean;
description
"Enable all valid routes (including non-best paths) to be
candidate for import";
}
leaf protocol {
type enumeration {
enum ALL {
value "0";
description "ALL:";
}
enum Direct {
value "1";
description "Direct:";
}
enum OSPF {
Jain, et al. Expires March 17, 2017 [Page 16]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
value "2";
description "OSPF:";
}
enum ISIS {
value "3";
description "ISIS:";
}
enum Static {
value "4";
description "Static:";
}
enum RIP {
value "5";
description "RIP:";
}
enum BGP {
value "6";
description "BGP:";
}
enum OSPFV3 {
value "7";
description "OSPFV3:";
}
enum RIPNG {
value "8";
description "RIPNG:";
}
}
description
"Specifies the protocol from which routes are imported.
At present, In the IPv4 unicast address family view,
the protocol can be IS-IS,static, direct and BGP.";
}
leaf instance {
type string;
description
"Specifies the instance id of the protocol";
}
}
grouping global-imports {
description "Grouping for imports from global routing table";
container import-from-global {
description "Import from global routing table";
container config {
description "Configuration";
uses import-from-gbl;
}
Jain, et al. Expires March 17, 2017 [Page 17]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
container state {
config "false";
description "State";
uses import-from-gbl;
}
}
}
grouping export-to-gbl {
description "Export routes to default VRF";
leaf enable {
type boolean;
description "Enable";
}
}
grouping global-exports {
description "Grouping for exports routes to global table";
container export-to-global {
description "Export to global routing table";
container config {
description "Configuration";
uses export-to-gbl;
}
container state {
config "false";
description "State";
uses export-to-gbl;
}
}
}
grouping route-target-params {
description "Grouping to specify rules for route import and export";
container route-targets {
description
"Set of route-targets to match for import and export routes
to/from VRF";
container config {
description
"Configuration of route targets";
uses route-target-set ;
}
container state {
config "false" ;
description
"State information for route targets";
Jain, et al. Expires March 17, 2017 [Page 18]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
uses route-target-set ;
}
}
}
grouping route-tbl-limit-params {
description "Grouping for VPN table prefix limit config";
leaf routing-table-limit-number {
type uint32 {
range "1..4294967295";
}
description
"Specifies the maximum number of routes supported by a
VPN instance. ";
}
choice routing-table-limit-action {
description ".";
case enable-alert-percent {
leaf alert-percent-value {
type uint8 {
range "1..100";
}
description
"Specifies the percentage of the maximum number of
routes. When the maximum number of routes that join
the VPN instance is up to the value
(number*alert-percent)/100, the system prompts
alarms. The VPN routes can be still added to the
routing table, but after the number of routes
reaches number, the subsequent routes are
dropped.";
}
}
case enable-simple-alert {
leaf simple-alert {
type boolean;
description
"Indicates that when VPN routes exceed number, routes
can still be added into the routing table, but the
system prompts alarms.
However, after the total number of VPN routes and
network public routes reaches the unicast route limit
specified in the License, the subsequent VPN routes
are dropped.";
}
}
}
Jain, et al. Expires March 17, 2017 [Page 19]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
}
grouping routing-tbl-limit {
description ".";
container routing-table-limit {
description
"The routing-table limit command sets a limit on the maximum
number of routes that the IPv4 or IPv6 address family of a
VPN instance can support.
By default, there is no limit on the maximum number of
routes that the IPv4 or IPv6 address family of a VPN
instance can support, but the total number of private
network and public network routes on a device cannot
exceed the allowed maximum number of unicast routes.";
container config {
description "Config parameters";
uses route-tbl-limit-params;
}
container state {
config "false";
description "State parameters";
uses route-tbl-limit-params;
}
}
}
// Tunnel policy parameters
grouping tunnel-params {
description "Tunnel parameters";
container tunnel-params {
description "Tunnel config parameters";
container config {
description "configuration parameters";
leaf tunnel-policy {
type string;
description
"Tunnel policy name.";
}
}
container state {
config "false";
description "state parameters";
leaf tunnel-policy {
type string;
description
"Tunnel policy name.";
}
}
Jain, et al. Expires March 17, 2017 [Page 20]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
}
}
// Grouping for the L3vpn specific parameters under VRF
// (network-instance)
grouping l3vpn-vrf-params {
description "Specify route filtering rules for import/export";
container ipv4 {
description
"Specify route filtering rules for import/export";
container unicast {
description
"Specify route filtering rules for import/export";
uses route-target-params;
uses global-imports;
uses global-exports;
uses routing-tbl-limit;
uses tunnel-params;
}
}
container ipv6 {
description
"Ipv6 address family specific rules for import/export";
container unicast {
description "Ipv6 unicast address family";
uses route-target-params;
uses global-imports;
uses global-exports;
uses routing-tbl-limit;
uses tunnel-params;
}
}
}
grouping bgp-label-mode {
description "MPLS/VPN label allocation mode";
container config {
description
"Configuration parameters for label allocation mode";
leaf label-mode {
type bgp-label-mode;
description "Label allocation mode";
}
}
container state {
config "false" ;
description "State information for label allocation mode";
leaf label-mode {
Jain, et al. Expires March 17, 2017 [Page 21]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
type bgp-label-mode;
description "Label allocation mode";
}
}
}
grouping retain-route-targets {
description "Grouping for route target accept";
container retain-route-targets {
description "Control route target acceptance behavior for ASBRs";
container config {
description
"Configuration parameters for retaining route targets";
leaf all {
type empty;
description "Disable filtering of all route-targets";
}
leaf route-policy {
type string;
description "Filter routes as per filter policy name
TBD: leafref to IETF routing policy model";
}
}
container state {
config "false" ;
description "State information for retaining route targets";
leaf all {
type empty;
description "Disable filtering of all route-targets";
}
leaf route-policy {
type string;
description "Filter routes as per filter policy name";
}
}
}
}
grouping nexthop-opts {
description "Next hop control options for inter-as route exchange";
leaf next-hop-self {
type boolean;
description
"Set nexthop of the route to self when advertising routes";
}
leaf next-hop-unchanged {
type boolean;
description "Enforce no nexthop change when advertising routes";
Jain, et al. Expires March 17, 2017 [Page 22]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
}
}
grouping asbr-nexthop-options {
description "Nexthop parameters for inter-as VPN options ";
container nexthop-options {
description "Nexthop related options for inter-as options";
container config {
description "Configuration parameters for nexthop options";
uses nexthop-opts;
}
container state {
config "false";
description "State information for nexthop options" ;
uses nexthop-opts;
}
}
}
//
// VRF specific parameters.
// RD and RTs and route import-export rules are added under
// network instance container in network instance model, hence
// per VRF scoped
augment "/ni:network-instances/ni:network-instance" {
description
"Augment network instance for per VRF L3vpn parameters";
container l3vpn {
//Enable this check once network instance model has
//identify defined for VRF type
//when "../type='rt:vrf-network-instance'" {
// description
// "This container is only valid for vrf routing instance.";
//}
description "Configuration of L3VPN specific parameters";
uses route-distinguisher-params;
uses l3vpn-vrf-params ;
}
}
// bgp mpls forwarding enable required for inter-as option AB.
augment "/if:interfaces/if:interface" {
description
"BGP mpls forwarding mode configuration on interface for
ASBR scenario";
uses forwarding-mode ;
uses label-security;
Jain, et al. Expires March 17, 2017 [Page 23]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
}
//
// BGP Specific Paramters
//
//
// Retain route-target for inter-as option ASBR knob.
// vpn prefix limits
// vpnv4/vpnv6 address-family only.
augment "/bgp:bgp/bgp:global/bgp:afi-safis/" +
"bgp:afi-safi/bgp:l3vpn-ipv4-unicast" {
description "Retain route targets for ASBR scenario";
uses retain-route-targets;
uses vpn-pfx-limit;
}
augment "/bgp:bgp/bgp:global/bgp:afi-safis/" +
"bgp:afi-safi/bgp:l3vpn-ipv6-unicast" {
description "Retain route targets for ASBR scenario";
uses retain-route-targets;
uses vpn-pfx-limit;
}
// Label allocation mode configuration. Certain AFs only.
augment "/bgp:bgp/bgp:global/bgp:afi-safis/" +
"bgp:afi-safi/bgp:ipv4-unicast" {
description
"Augment BGP global AF mode for label allocation mode
configuration";
uses bgp-label-mode ;
uses routing-tbl-limit;
}
augment "/bgp:bgp/bgp:global/bgp:afi-safis/" +
"bgp:afi-safi/bgp:ipv6-unicast" {
description
"Augment BGP global AF mode for label allocation mode
configuration";
uses bgp-label-mode ;
uses routing-tbl-limit;
}
// Nexthop options for the inter-as ASBR peering.
augment "/bgp:bgp/bgp:neighbors/bgp:neighbor" {
description
"Augment BGP NBR mode with nexthop options for inter-as ASBRs";
Jain, et al. Expires March 17, 2017 [Page 24]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
uses asbr-nexthop-options;
}
augment "/bgp:bgp/bgp:peer-groups/bgp:peer-group" {
description
"Augment BGP peer-group mode with nexthop options for inter-as
ASBRs";
uses asbr-nexthop-options;
}
augment "/bgp:bgp/bgp:neighbors/bgp:neighbor/" +
"bgp:afi-safis/bgp:afi-safi" {
description
"Augment BGP NBR AF mode with nexthop options for inter-as
ASBRs";
uses asbr-nexthop-options;
}
augment "/bgp:bgp/bgp:peer-groups/bgp:peer-group/" +
"bgp:afi-safis/bgp:afi-safi" {
description
"Augment BGP peer-group AF mode with nexthop options for inter-as
ASBRs";
uses asbr-nexthop-options;
}
}
<CODE ENDS>
5. IANA Considerations
6. Security Considerations
The transport protocol used for sending the BGP L3VPN data MUST
support authentication and SHOULD support encryption. The data-model
by itself does not create any security implications.
This draft does not change any underlying security issues inherent in
[I-D.ietf-rtgwg-ni-model] and [I-D.ietf-idr-bgp-model].
7. Acknowledgements
The authors would like to thank TBD for their detail reviews and
comments.
Jain, et al. Expires March 17, 2017 [Page 25]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
8. References
8.1. Normative References
[I-D.ietf-idr-bgp-model]
Shaikh, A., Shakir, R., Patel, K., Hares, S., D'Souza, K.,
Bansal, D., Clemm, A., Zhdankin, A., Jethanandani, M., and
X. Liu, "BGP Model for Service Provider Networks", draft-
ietf-idr-bgp-model-02 (work in progress), July 2016.
[I-D.ietf-rtgwg-ni-model]
Berger, L., Hopps, C., Lindem, A., and D. Bogdanovic,
"Network Instance Model", draft-ietf-rtgwg-ni-model-00
(work in progress), June 2016.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <http://www.rfc-editor.org/info/rfc4364>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010,
<http://www.rfc-editor.org/info/rfc6020>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<http://www.rfc-editor.org/info/rfc6241>.
8.2. Informative References
[RFC2547] Rosen, E. and Y. Rekhter, "BGP/MPLS VPNs", RFC 2547,
DOI 10.17487/RFC2547, March 1999,
<http://www.rfc-editor.org/info/rfc2547>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006,
<http://www.rfc-editor.org/info/rfc4271>.
Jain, et al. Expires March 17, 2017 [Page 26]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
[RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter,
"Multiprotocol Extensions for BGP-4", RFC 4760,
DOI 10.17487/RFC4760, January 2007,
<http://www.rfc-editor.org/info/rfc4760>.
Authors' Addresses
Dhanendra Jain
Cisco
170 W. Tasman Drive
San Jose, CA 95134
USA
Email: dhjain@cisco.com
Keyur Patel
Cisco
170 W. Tasman Drive
San Jose, CA 95134
USA
Email: keyur@arrcus.com
Patrice Brissette
Cisco
170 W. Tasman Drive
San Jose, CA 95134
USA
Email: pbrisset@cisco.com
Zhenbin Li
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing 100095
China
Email: lizhenbin@huawei.com
Jain, et al. Expires March 17, 2017 [Page 27]
Internet-Draft Yang Data Model for BGP/MPLS L3 VPNs September 2016
Shunwan Zhuang
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing 100095
China
Email: zhuangshunwan@huawei.com
Xufeng Liu
Ericsson
1595 Spring Hill Road, Suite 500
Vienna, VA 22182
USA
Email: xliu@kuatrotech.com
Jeffrey Haas
Juniper Networks
Email: jhaas@juniper.net
Santosh Esale
Juniper Networks
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
US
Email: sesale@juniper.net
Bin Wen
Comcast
Email: Bin_Wen@cable.comcast.com
Jain, et al. Expires March 17, 2017 [Page 28]