draft-ietf-bess-l3vpn-yang-02.txt   draft-ietf-bess-l3vpn-yang-03.txt 
BESS Working Group D. Jain BESS Working Group D. Jain
Internet-Draft K. Patel Internet-Draft Cisco
Intended status: Standards Track P. Brissette Intended status: Standards Track K. Patel
Expires: April 21, 2018 Cisco Expires: October 19, 2018 Arrcus, Inc
P. Brissette
Cisco
Z. Li Z. Li
S. Zhuang S. Zhuang
Huawei Technologies Huawei Technologies
X. Liu X. Liu
Jabil Jabil
J. Haas J. Haas
S. Esale S. Esale
Juniper Networks Juniper Networks
B. Wen B. Wen
Comcast Comcast
October 18, 2017 Apr 17, 2018
Yang Data Model for BGP/MPLS L3 VPNs Yang Data Model for BGP/MPLS L3 VPNs
draft-ietf-bess-l3vpn-yang-02.txt draft-ietf-bess-l3vpn-yang-03.txt
Abstract Abstract
This document defines a YANG data model that can be used to configure This document defines a YANG data model that can be used to configure
and manage BGP Layer 3 VPNs. and manage BGP Layer 3 VPNs.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 42 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2018. This Internet-Draft will expire on October 19, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 48 skipping to change at page 3, line 4
3.2.4. Forwarding mode . . . . . . . . . . . . . . . . . . . 5 3.2.4. Forwarding mode . . . . . . . . . . . . . . . . . . . 5
3.2.5. Label security . . . . . . . . . . . . . . . . . . . 5 3.2.5. Label security . . . . . . . . . . . . . . . . . . . 5
3.2.6. Yang tree . . . . . . . . . . . . . . . . . . . . . . 5 3.2.6. Yang tree . . . . . . . . . . . . . . . . . . . . . . 5
3.3. BGP Specific Configuration . . . . . . . . . . . . . . . 6 3.3. BGP Specific Configuration . . . . . . . . . . . . . . . 6
3.3.1. VPN peering . . . . . . . . . . . . . . . . . . . . . 7 3.3.1. VPN peering . . . . . . . . . . . . . . . . . . . . . 7
3.3.2. VPN prefix limits . . . . . . . . . . . . . . . . . . 7 3.3.2. VPN prefix limits . . . . . . . . . . . . . . . . . . 7
3.3.3. Label Mode . . . . . . . . . . . . . . . . . . . . . 7 3.3.3. Label Mode . . . . . . . . . . . . . . . . . . . . . 7
3.3.4. ASBR options . . . . . . . . . . . . . . . . . . . . 7 3.3.4. ASBR options . . . . . . . . . . . . . . . . . . . . 7
3.3.5. Yang tree . . . . . . . . . . . . . . . . . . . . . . 7 3.3.5. Yang tree . . . . . . . . . . . . . . . . . . . . . . 7
4. BGP Yang Module . . . . . . . . . . . . . . . . . . . . . . . 8 4. BGP Yang Module . . . . . . . . . . . . . . . . . . . . . . . 8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
6. Security Considerations . . . . . . . . . . . . . . . . . . . 19 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
8.1. Normative References . . . . . . . . . . . . . . . . . . 19 8.1. Normative References . . . . . . . . . . . . . . . . . . 20
8.2. Informative References . . . . . . . . . . . . . . . . . 20 8.2. Informative References . . . . . . . . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21
1. Introduction 1. Introduction
YANG [RFC6020] is a data definition language that was introduced to YANG [RFC6020] is a data definition language that was introduced to
define the contents of a conceptual data store that allows networked define the contents of a conceptual data store that allows networked
devices to be managed using NETCONF [RFC6241]. YANG is proving devices to be managed using NETCONF [RFC6241]. YANG is proving
relevant beyond its initial confines, as bindings to other interfaces relevant beyond its initial confines, as bindings to other interfaces
(e.g. ReST) and encodings other than XML (e.g. JSON) are being (e.g. ReST) and encodings other than XML (e.g. JSON) are being
defined. Furthermore, YANG data models can be used as the basis of defined. Furthermore, YANG data models can be used as the basis of
skipping to change at page 4, line 45 skipping to change at page 4, line 49
To associate a VRF instance with an interface, bind-network-instance To associate a VRF instance with an interface, bind-network-instance
config should be used. This is covered in the base network instance config should be used. This is covered in the base network instance
model [I-D.ietf-rtgwg-ni-model]. model [I-D.ietf-rtgwg-ni-model].
3.2.2. Route distinguisher 3.2.2. Route distinguisher
Route distinguisher (RD) is an unique identifier used in VPN routes Route distinguisher (RD) is an unique identifier used in VPN routes
to distinguish prefixes across different VPNs. RD is 8 byte field as to distinguish prefixes across different VPNs. RD is 8 byte field as
defined in the [RFC4364]. Where the first two bytes refer to type defined in the [RFC4364]. Where the first two bytes refer to type
followed by 6 bytes of value. The format of the value is dependent followed by 6 bytes of value. The format of the value is dependent
on type. In the yang model, RDs are defined l3vpn container under on type. In the yang model, RD is defined under l3vpn container
network-instance. under a network-instance. Yang datatype for RD is imported from
[RFC8294].
3.2.3. Import and export route targets 3.2.3. Import and export route targets
Route-target (RT) is an extended community used to specify the rules Route-target (RT) is an extended community used to specify the rules
for importing and exporting the routes for each VRF as defined in for importing and exporting the routes for each VRF as defined in
[RFC4364]. This is applicable in the context of an address-family [RFC4364]. This is applicable in the context of an address-family
under the VRF. Under the l3vpn container, statements for import and under the VRF. Under the l3vpn container, statements for import and
export route-targets are added for ipv4 and ipv6 address family. export route-targets are added for ipv4 and ipv6 address family.
Both import and export sets are modeled as a list of rout-targets. Both import and export sets are modeled as a list of rout-targets,
An import rule is modeled as list of RTs or a policy leafref yang datatype for which is imported from [RFC8294]. An import rule
specifying the list of RTs to be matched for importing routes into is modeled as list of RTs or a leafref to the route policy
the VRF. Similarly an export rule is set or RTs or a policy leafref [I-D.ietf-rtgwg-policy-model] specifying the list of RTs to be
specifying the list of RTs which should be attached to routes matched for importing the routes into the VRF. Similarly, an export
exported from this VRF. In the case where policy is used to specify rule is modeled as a list of RTs or a leafref the route policy
the RTs, a reference to the policy via leafref is used in this model, [I-D.ietf-rtgwg-policy-model] specifying the list of RTs which should
but actual definition of policy is outside the scope of this be attached to routes exported from the VRF. In the case where
document. In addition, this section also defines parameters for the policy is used to specify the RTs, a reference to the policy via
import from global routing table and export to global routing table, leafref is used in this model, but actual definition of policy is
as well as route limit per VPN instance for ipv4 and ipv6 address outside the scope of this document. In addition, this section also
family. defines parameters for the import from global routing table and
export to global routing table, as well as route limit per VPN
instance for ipv4 and ipv6 address family.
3.2.4. Forwarding mode 3.2.4. Forwarding mode
This configuration augments interface list under interface container This configuration augments interface list under interface container
under a network instance as defined in IETF network instance model under a network instance as defined in IETF network instance model
[I-D.ietf-rtgwg-ni-model]. Forwarding mode configuration is required [I-D.ietf-rtgwg-ni-model]. Forwarding mode configuration is required
under the ASBR facing interface to enable mpls forwarding for under the ASBR facing interface to enable mpls forwarding for
directly connected BGP peers for inter-as option B peering. directly connected BGP peers for inter-as option B peering.
3.2.5. Label security 3.2.5. Label security
For inter-as option-B peering across ASs, under the ASBR facing For inter-as option-B peering across ASs, under the ASBR facing
interface, mpls label security enables the checks for RPF label on interface, mpls label security enables the checks for RPF label on
incoming packets. Ietf-interface container is augmented to add this incoming packets. Ietf-interface container is augmented to add this
config. config.
3.2.6. Yang tree 3.2.6. Yang tree
module: ietf-bgp-l3vpn module: ietf-bgp-l3vpn
module: ietf-bgp-l3vpn
augment /ni:network-instances/ni:network-instance/ni:ni-type: augment /ni:network-instances/ni:network-instance/ni:ni-type:
+--:(l3vpn) +--:(l3vpn)
+--rw l3vpn +--rw l3vpn
+--rw rd? union +--rw rd? bgp-rd-type
+--ro auto-rd? rt-types:route-distinguisher +--ro auto-rd? rt-types:route-distinguisher
+--rw ipv4 +--rw ipv4
| +--rw unicast | +--rw unicast
| +--rw vpn-targets | +--rw vpn-targets
| | +--rw vpn-target* [route-target] | | +--rw vpn-target* [route-target]
| | | +--rw route-target rt-types:route-target | | | +--rw route-target rt-types:route-target
| | | +--rw route-target-type rt-types:route-target-type | | | +--rw route-target-type rt-types:route-target-type
| | +--rw route-policy? string | | +--rw route-policy? -> /rt-pol:routing-policy/policy-definitions/policy-definition/name
| +--rw import-from-global | +--rw import-from-global
| | +--rw enable? boolean | | +--rw enable? boolean
| | +--rw advertise-as-vpn? boolean | | +--rw advertise-as-vpn? boolean
| | +--rw route-policy? string | | +--rw route-policy? -> /rt-pol:routing-policy/policy-definitions/policy-definition/name
| | +--rw bgp-valid-route? boolean | | +--rw bgp-valid-route? boolean
| | +--rw protocol? enumeration | | +--rw protocol? enumeration
| | +--rw instance? string | | +--rw instance? string
| +--rw export-to-global | +--rw export-to-global
| | +--rw enable? boolean | | +--rw enable? boolean
| +--rw routing-table-limit | +--rw routing-table-limit
| | +--rw routing-table-limit-number? uint32 | | +--rw routing-table-limit-number? uint32
| | +--rw (routing-table-limit-action)? | | +--rw (routing-table-limit-action)?
| | +--:(enable-alert-percent) | | +--:(enable-alert-percent)
| | | +--rw alert-percent-value? rt-types:percentage | | | +--rw alert-percent-value? rt-types:percentage
| | +--:(enable-simple-alert) | | +--:(enable-simple-alert)
| | +--rw simple-alert? boolean | | +--rw simple-alert? boolean
| +--rw tunnel-params | +--rw tunnel-params
| +--rw tunnel-policy? string | +--rw tunnel-policy? string
+--rw ipv6
...
augment /if:interfaces/if:interface: augment /if:interfaces/if:interface:
+--rw forwarding-mode? enumeration +--rw forwarding-mode? enumeration
+--rw mpls-label-security +--rw mpls-label-security
+--rw rpf? boolean +--rw rpf? boolean
3.3. BGP Specific Configuration 3.3. BGP Specific Configuration
The BGP specific configuration for L3VPNs is defined by augmenting The BGP specific configuration for L3VPNs is defined by augmenting
base BGP model [I-D.ietf-idr-bgp-model]. In particular, specific base BGP model [I-D.ietf-idr-bgp-model]. In particular, specific
knobs are added under neighbor and address family containers to knobs are added under neighbor and address family containers to
handle VPN routes and ASBR peering. handle VPN routes and ASBR peering.
3.3.1. VPN peering 3.3.1. VPN peering
For Peering between PE routers, specific VPN address family needs to For peering between PE routers, specific VPN address family needs to
be enabled under BGP container in the context of core instance. Base be enabled under BGP container in the context of core instance. Base
BGP draft [I-D.ietf-idr-bgp-model] has l3vpn address family in the BGP draft [I-D.ietf-idr-bgp-model] has l3vpn address family in the
list of identity refs for AFs under global and neighbor modes. The list of identity refs for AFs under global and neighbor modes. The
same is augmented here for additional knobs. For peering with CE same is augmented here for additional knobs. For peering with CE
routers the VRF specific BGP configurations such as neighbors and routers the VRF specific BGP configurations such as neighbors and
address-family are covered in base BGP config, except that such address-family are covered in base BGP config, except that such
configuration will be in the context of a VRF. The instance of BGP configuration will be in the context of a VRF. The instance of BGP
in this case would be a separate instance in the context of vrf-root in this case would be a separate instance in the context of vrf-root
as defined in [I-D.ietf-rtgwg-ni-model]. as defined in [I-D.ietf-rtgwg-ni-model].
skipping to change at page 7, line 39 skipping to change at page 7, line 39
Label mode knobs control the label allocation behavior for VRF Label mode knobs control the label allocation behavior for VRF
routes. Such as to specify Per-site, Per-vpn and Per-route label routes. Such as to specify Per-site, Per-vpn and Per-route label
allocation. These knobs augment BGP global AF containers in the allocation. These knobs augment BGP global AF containers in the
context of default routing instance. context of default routing instance.
3.3.4. ASBR options 3.3.4. ASBR options
This includes few specific knobs for ASBR peering methods illustrated This includes few specific knobs for ASBR peering methods illustrated
in [RFC4364]. Such as route target retention on ASBRs for inter-as in [RFC4364]. Such as route target retention on ASBRs for inter-as
VPN peering across ASBRs with option-B method. Appropriate address- VPN peering across ASBRs with option-B method. Appropriate
family containers under BGP base model are augmented for this. containers under BGP AF are augmented.
3.3.5. Yang tree 3.3.5. Yang tree
module: ietf-bgp-l3vpn module: ietf-bgp-l3vpn
augment /bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv4-unicast:
augment /bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv4-unicast:
+--rw retain-route-targets +--rw retain-route-targets
| +--rw all? empty | +--rw all? empty
| +--rw route-policy? string | +--rw route-policy? -> /rt-pol:routing-policy/policy-definitions/policy-definition/name
+--rw vpn-prefix-limit +--rw vpn-prefix-limit
+--rw prefix-limit-number? uint32 +--rw prefix-limit-number? uint32
+--rw (prefix-limit-action)? +--rw (prefix-limit-action)?
+--:(enable-alert-percent) +--:(enable-alert-percent)
| +--rw alert-percent-value? rt-types:percentage | +--rw alert-percent-value? rt-types:percentage
| +--rw route-unchanged? boolean | +--rw route-unchanged? boolean
+--:(enable-simple-alert) +--:(enable-simple-alert)
+--rw simple-alert? boolean +--rw simple-alert? boolean
...
augment /bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:ipv4-unicast: augment /bgp:bgp/bgp:global/bgp:afi-safis/bgp:afi-safi/bgp:ipv4-unicast:
+--rw label-mode? bgp-label-mode +--rw label-mode? bgp-label-mode
+--rw routing-table-limit +--rw routing-table-limit
+--rw routing-table-limit-number? uint32 +--rw routing-table-limit-number? uint32
+--rw (routing-table-limit-action)? +--rw (routing-table-limit-action)?
+--:(enable-alert-percent) +--:(enable-alert-percent)
| +--rw alert-percent-value? rt-types:percentage | +--rw alert-percent-value? rt-types:percentage
+--:(enable-simple-alert) +--:(enable-simple-alert)
+--rw simple-alert? boolean +--rw simple-alert? boolean
...
4. BGP Yang Module 4. BGP Yang Module
<CODE BEGINS> file "ietf-bgp-l3vpn@2017-10-18.yang" <CODE BEGINS> file "ietf-bgp-l3vpn@2018-04-17.yang"
module ietf-bgp-l3vpn { module ietf-bgp-l3vpn {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-bgp-l3vpn"; namespace "urn:ietf:params:xml:ns:yang:ietf-bgp-l3vpn";
// replace with IANA namespace when assigned // replace with IANA namespace when assigned
prefix l3vpn ; prefix l3vpn ;
import ietf-network-instance { import ietf-network-instance {
prefix ni; prefix ni;
revision-date 2017-09-27;
} }
import ietf-routing-types { import ietf-routing-types {
prefix rt-types; prefix rt-types;
revision-date 2017-10-13;
} }
import ietf-interfaces { import ietf-interfaces {
prefix if; prefix if;
} }
import ietf-bgp { import ietf-bgp {
prefix bgp; prefix bgp;
revision-date 2016-06-21; }
import ietf-routing-policy {
prefix rt-pol;
} }
organization organization
"IETF BGP Enabled Services WG"; "IETF BGP Enabled Services WG";
contact contact
"BESS working group - bess@ietf.org"; "BESS working group - bess@ietf.org";
description description
"This YANG module defines a YANG data model to configure and "This YANG module defines a YANG data model to configure and
skipping to change at page 10, line 8 skipping to change at page 10, line 8
RT : Route Target RT : Route Target
RD : Route Distinguisher RD : Route Distinguisher
VPN : Virtual Private Network VPN : Virtual Private Network
VRF : Virtual Routing and Forwarding VRF : Virtual Routing and Forwarding
"; ";
revision 2017-10-18 { revision 2018-04-17 {
description
"Import latest revisions of ietf-network-instance" +
"Added leafrefs to named policy defs from routing-policy model" +
"Minor other text corrections";
reference "";
}
revision 2017-10-15 {
description description
"Removed state containers per NMDA aligntment" + "Removed state containers per NMDA aligntment" +
"Changes for network instance ni-type alignment" + "Changes for network instance ni-type alignment" +
"Other cleanups"; "Other cleanups";
reference ""; reference "";
} }
revision 2017-04-25 { revision 2017-04-25 {
description description
"Reused ietf-roting-types.yang for vpn route-targets" + "Reused ietf-roting-types.yang for vpn route-targets" +
" and route distinguisher types"; " and route distinguisher types";
reference ""; reference "";
} }
revision 2016-09-09 { revision 2016-09-09 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for BGP L3VPN config management"; "RFC XXXX: A YANG Data Model for BGP L3VPN config management";
} }
// Local typedef for RD
typedef bgp-rd-type {
type union {
// Either RD value as per IETF routing types or AUTO assigned value
type rt-types:route-distinguisher;
type enumeration {
enum auto-assigned {
description "Assigned by system";
}
}
}
description "BGP RD type augmentation for configured and Auto RD value";
}
//Label mode //Label mode
typedef bgp-label-mode { typedef bgp-label-mode {
type enumeration { type enumeration {
enum per-ce { enum per-ce {
description "Allocate labels per CE"; description "Allocate labels per CE";
} }
enum per-route { enum per-route {
description "Allocate labels per prefix"; description "Allocate labels per prefix";
} }
enum per-vpn { enum per-vpn {
description "Allocate labels per VRF"; description "Allocate labels per VRF";
} }
} }
description "BGP label allocation mode"; description "BGP label allocation mode";
} }
//RD //RD
grouping route-distinguisher-params { grouping route-distinguisher-params {
description "Route distinguisher value as per RFC4364"; description "Route distinguisher value as per RFC4364";
leaf rd { leaf rd {
type union { type bgp-rd-type;
// Either RD value as per IETF routing types or AUTO assigned value
type rt-types:route-distinguisher;
type enumeration {
enum auto-assigned {
description "Assigned by system";
}
}
}
description "Route distinguisher value as per RFC4364"; description "Route distinguisher value as per RFC4364";
} }
leaf auto-rd { leaf auto-rd {
type rt-types:route-distinguisher; type rt-types:route-distinguisher;
config false; config false;
description description
"Automatically assigned RD value when rd AUTO is configured"; "Automatically assigned RD value when rd AUTO is configured";
} }
} }
skipping to change at page 13, line 22 skipping to change at page 13, line 35
leaf enable { leaf enable {
type boolean; type boolean;
description "Enable"; description "Enable";
} }
leaf advertise-as-vpn { leaf advertise-as-vpn {
type boolean; type boolean;
description description
"Advertise routes imported from global table as VPN routes"; "Advertise routes imported from global table as VPN routes";
} }
leaf route-policy { leaf route-policy {
type string; type leafref {
description "Route policy as filter for importing routes"; path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
description "Route policy as a filter for importing routes.";
} }
leaf bgp-valid-route { leaf bgp-valid-route {
type boolean; type boolean;
description description
"Enable all valid routes (including non-best paths) to be "Enable all valid routes (including non-best paths) to be
candidate for import"; candidate for import";
} }
leaf protocol { leaf protocol {
skipping to change at page 15, line 8 skipping to change at page 15, line 27
} }
grouping route-target-params { grouping route-target-params {
description "Grouping to specify rules for route import and export"; description "Grouping to specify rules for route import and export";
container vpn-targets { container vpn-targets {
description description
"Set of route-targets to match for import and export routes "Set of route-targets to match for import and export routes
to/from VRF"; to/from VRF";
uses rt-types:vpn-route-targets; uses rt-types:vpn-route-targets;
leaf route-policy { leaf route-policy {
type string; type leafref {
path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
description description
"Reference to the route policy containing set of route-targets. "Reference to the route policy containing set of route-targets.";
TBD: leafref to policy xpath in IETF route policy model";
} }
} }
} }
grouping route-tbl-limit-params { grouping route-tbl-limit-params {
description "Grouping for VPN table prefix limit config"; description "Grouping for VPN table prefix limit config";
leaf routing-table-limit-number { leaf routing-table-limit-number {
type uint32 { type uint32 {
range "1..4294967295"; range "1..4294967295";
}
description
"Specifies the maximum number of routes supported by a
VPN instance. ";
}
choice routing-table-limit-action {
description ".";
case enable-alert-percent {
leaf alert-percent-value {
type rt-types:percentage;
description
"Specifies the percentage of the maximum number of
routes. When the maximum number of routes that join
the VPN instance is up to the value
(number*alert-percent)/100, the system prompts
alarms. The VPN routes can be still added to the
routing table, but after the number of routes
reaches number, the subsequent routes are
dropped.";
} }
} description
case enable-simple-alert { "Specifies the maximum number of routes supported by a
leaf simple-alert { VPN instance. ";
type boolean;
description
"Indicates that when VPN routes exceed number, routes
can still be added into the routing table, but the
system prompts alarms.
However, after the total number of VPN routes and
network public routes reaches the unicast route limit
specified in the License, the subsequent VPN routes
are dropped.";
} }
}
}
}
grouping routing-tbl-limit { choice routing-table-limit-action {
description "."; description ".";
container routing-table-limit { case enable-alert-percent {
description leaf alert-percent-value {
"The routing-table limit command sets a limit on the maximum type rt-types:percentage;
number of routes that the IPv4 or IPv6 address family of a description
VPN instance can support. "Specifies the percentage of the maximum number of
By default, there is no limit on the maximum number of routes. When the maximum number of routes that join
routes that the IPv4 or IPv6 address family of a VPN the VPN instance is up to the value
instance can support, but the total number of private (number*alert-percent)/100, the system prompts
network and public network routes on a device cannot alarms. The VPN routes can be still added to the
exceed the allowed maximum number of unicast routes."; routing table, but after the number of routes
reaches number, the subsequent routes are
dropped.";
}
}
case enable-simple-alert {
leaf simple-alert {
type boolean;
description
"Indicates that when VPN routes exceed number, routes
can still be added into the routing table, but the
system prompts alarms.
However, after the total number of VPN routes and
network public routes reaches the unicast route limit
specified in the License, the subsequent VPN routes
are dropped.";
}
}
}
}
uses route-tbl-limit-params; grouping routing-tbl-limit {
} description ".";
} container routing-table-limit {
description
"The routing-table limit command sets a limit on the maximum
number of routes that the IPv4 or IPv6 address family of a
VPN instance can support.
By default, there is no limit on the maximum number of
routes that the IPv4 or IPv6 address family of a VPN
instance can support, but the total number of private
network and public network routes on a device cannot
exceed the allowed maximum number of unicast routes.";
uses route-tbl-limit-params;
}
}
// Tunnel policy parameters // Tunnel policy parameters
grouping tunnel-params { grouping tunnel-params {
description "Tunnel parameters"; description "Tunnel parameters";
container tunnel-params { container tunnel-params {
description "Tunnel config parameters"; description "Tunnel config parameters";
leaf tunnel-policy { leaf tunnel-policy {
type string; type string;
description description
"Tunnel policy to steer the VPN traffic into specific tunnel"; "Tunnel policy to steer the VPN traffic into specific tunnel";
} }
} }
} }
// Grouping for the L3vpn specific parameters under VRF // Grouping for the L3vpn specific parameters under VRF
// (network-instance) // (network-instance)
grouping l3vpn-vrf-params { grouping l3vpn-vrf-params {
description "Specify route filtering rules for import/export"; description "Specify route filtering rules for import/export";
container ipv4 { container ipv4 {
description description
"Specify route filtering rules for import/export"; "Specify route filtering rules for import/export";
container unicast { container unicast {
description description
"Specify route filtering rules for import/export"; "Specify route filtering rules for import/export";
uses route-target-params; uses route-target-params;
uses global-imports; uses global-imports;
uses global-exports; uses global-exports;
uses routing-tbl-limit; uses routing-tbl-limit;
uses tunnel-params; uses tunnel-params;
} }
}
container ipv6 {
description
"Ipv6 address family specific rules for import/export";
container unicast {
description "Ipv6 unicast address family";
uses route-target-params;
uses global-imports;
uses global-exports;
uses routing-tbl-limit;
uses tunnel-params;
} }
} container ipv6 {
description
"Ipv6 address family specific rules for import/export";
container unicast {
description "Ipv6 unicast address family";
uses route-target-params;
uses global-imports;
uses global-exports;
uses routing-tbl-limit;
uses tunnel-params;
}
}
} }
grouping bgp-label-mode { grouping bgp-label-mode {
description "MPLS/VPN label allocation mode"; description "MPLS/VPN label allocation mode";
leaf label-mode { leaf label-mode {
type bgp-label-mode; type bgp-label-mode;
description "Label allocation mode"; description "Label allocation mode";
} }
} }
grouping retain-route-targets { grouping retain-route-targets {
description "Grouping for route target accept"; description "Grouping for route target accept";
container retain-route-targets { container retain-route-targets {
description "Control route target acceptance behavior for ASBRs"; description "Control route target acceptance behavior for ASBRs";
leaf all { leaf all {
type empty; type empty;
description "Disable filtering of all route-targets"; description "Accept all route targets.";
} }
leaf route-policy { leaf route-policy {
type string; type leafref {
description "Filter routes as per filter policy name path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
TBD: leafref to IETF routing policy model"; "rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
description "Reference to route policy containing set of route-targets to accept.";
} }
} }
} }
// //
// VRF specific parameters. // VRF specific parameters.
// RD and RTs and route import-export rules are added under // RD and RTs and route import-export rules are added under
// network instance container in network instance model, hence // network instance container in network instance model, hence
// per VRF scoped // per VRF scoped
augment "/ni:network-instances/ni:network-instance/ni:ni-type" { augment "/ni:network-instances/ni:network-instance/ni:ni-type" {
description description
"Augment network instance for per VRF L3vpn parameters"; "Augment network instance for per VRF L3vpn parameters";
case l3vpn { case l3vpn {
container l3vpn { container l3vpn {
description "Configuration of L3VPN specific parameters"; description "Configuration of L3VPN specific parameters";
uses route-distinguisher-params; uses route-distinguisher-params;
uses l3vpn-vrf-params ; uses l3vpn-vrf-params ;
} }
} }
} }
skipping to change at page 19, line 4 skipping to change at page 19, line 27
augment "/bgp:bgp/bgp:global/bgp:afi-safis/" + augment "/bgp:bgp/bgp:global/bgp:afi-safis/" +
"bgp:afi-safi/bgp:l3vpn-ipv6-unicast" { "bgp:afi-safi/bgp:l3vpn-ipv6-unicast" {
description "Retain route targets for ASBR scenario"; description "Retain route targets for ASBR scenario";
uses retain-route-targets; uses retain-route-targets;
uses vpn-pfx-limit; uses vpn-pfx-limit;
} }
// Label allocation mode configuration. Certain AFs only. // Label allocation mode configuration. Certain AFs only.
augment "/bgp:bgp/bgp:global/bgp:afi-safis/" + augment "/bgp:bgp/bgp:global/bgp:afi-safis/" +
"bgp:afi-safi/bgp:ipv4-unicast" { "bgp:afi-safi/bgp:ipv4-unicast" {
description
description "Augment BGP global AF mode for label allocation mode
"Augment BGP global AF mode for label allocation mode configuration";
configuration";
uses bgp-label-mode ; uses bgp-label-mode ;
uses routing-tbl-limit; uses routing-tbl-limit;
} }
augment "/bgp:bgp/bgp:global/bgp:afi-safis/" + augment "/bgp:bgp/bgp:global/bgp:afi-safis/" +
"bgp:afi-safi/bgp:ipv6-unicast" { "bgp:afi-safi/bgp:ipv6-unicast" {
description description
"Augment BGP global AF mode for label allocation mode "Augment BGP global AF mode for label allocation mode
configuration"; configuration";
uses bgp-label-mode ; uses bgp-label-mode ;
uses routing-tbl-limit; uses routing-tbl-limit;
} }
// TBD Additional oper state leafs
// TBD RPCs
} }
<CODE ENDS> <CODE ENDS>
5. IANA Considerations 5. IANA Considerations
6. Security Considerations 6. Security Considerations
The transport protocol used for sending the BGP L3VPN data MUST The transport protocol used for sending the BGP L3VPN data MUST
support authentication and SHOULD support encryption. The data-model support authentication and SHOULD support encryption. The data-model
by itself does not create any security implications. by itself does not create any security implications.
This draft does not change any underlying security issues inherent in This draft does not change any underlying security issues inherent in
[I-D.ietf-rtgwg-ni-model] and [I-D.ietf-idr-bgp-model]. [I-D.ietf-rtgwg-ni-model] and [I-D.ietf-idr-bgp-model].
skipping to change at page 20, line 7 skipping to change at page 20, line 32
8.1. Normative References 8.1. Normative References
[I-D.ietf-idr-bgp-model] [I-D.ietf-idr-bgp-model]
Shaikh, A., Shakir, R., Patel, K., Hares, S., D'Souza, K., Shaikh, A., Shakir, R., Patel, K., Hares, S., D'Souza, K.,
Bansal, D., Clemm, A., Zhdankin, A., Jethanandani, M., and Bansal, D., Clemm, A., Zhdankin, A., Jethanandani, M., and
X. Liu, "BGP Model for Service Provider Networks", draft- X. Liu, "BGP Model for Service Provider Networks", draft-
ietf-idr-bgp-model-02 (work in progress), July 2016. ietf-idr-bgp-model-02 (work in progress), July 2016.
[I-D.ietf-rtgwg-ni-model] [I-D.ietf-rtgwg-ni-model]
Berger, L., Hopps, C., Lindem, A., Bogdanovic, D., and X. Berger, L., Hopps, C., Lindem, A., Bogdanovic, D., and X.
Liu, "YANG Network Instances", draft-ietf-rtgwg-ni- Liu, "YANG Model for Network Instances", draft-ietf-rtgwg-
model-04 (work in progress), September 2017. ni-model-12 (work in progress), March 2018.
[I-D.ietf-rtgwg-routing-types] [I-D.ietf-rtgwg-policy-model]
Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, Qu, Y., Tantsura, J., Lindem, A., Liu, X., and A. Shaikh,
"Routing Area Common YANG Data Types", draft-ietf-rtgwg- "A YANG Data Model for Routing Policy Management", draft-
routing-types-17 (work in progress), October 2017. ietf-rtgwg-policy-model-02 (work in progress), March 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <https://www.rfc-editor.org/info/rfc4364>. 2006, <https://www.rfc-editor.org/info/rfc4364>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020, the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>. <https://www.rfc-editor.org/info/rfc6020>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>. <https://www.rfc-editor.org/info/rfc6241>.
8.2. Informative References [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger,
"Common YANG Data Types for the Routing Area", RFC 8294,
DOI 10.17487/RFC8294, December 2017,
<https://www.rfc-editor.org/info/rfc8294>.
[RFC2547] Rosen, E. and Y. Rekhter, "BGP/MPLS VPNs", RFC 2547, 8.2. Informative References
DOI 10.17487/RFC2547, March 1999,
<https://www.rfc-editor.org/info/rfc2547>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271, Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006, DOI 10.17487/RFC4271, January 2006,
<https://www.rfc-editor.org/info/rfc4271>. <https://www.rfc-editor.org/info/rfc4271>.
[RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter,
"Multiprotocol Extensions for BGP-4", RFC 4760, "Multiprotocol Extensions for BGP-4", RFC 4760,
DOI 10.17487/RFC4760, January 2007, DOI 10.17487/RFC4760, January 2007,
<https://www.rfc-editor.org/info/rfc4760>. <https://www.rfc-editor.org/info/rfc4760>.
[RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG",
RFC 7951, DOI 10.17487/RFC7951, August 2016,
<https://www.rfc-editor.org/info/rfc7951>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
Authors' Addresses Authors' Addresses
Dhanendra Jain Dhanendra Jain
Cisco Cisco
170 W. Tasman Drive 170 W. Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
USA USA
Email: dhjain@cisco.com Email: dhjain@cisco.com
Keyur Patel Keyur Patel
Cisco Arrcus, Inc
170 W. Tasman Drive
San Jose, CA 95134
USA
Email: keyur@arrcus.com Email: keyur@arrcus.com
Patrice Brissette Patrice Brissette
Cisco Cisco
170 W. Tasman Drive 170 W. Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
USA USA
Email: pbrisset@cisco.com Email: pbrisset@cisco.com
 End of changes. 56 change blocks. 
183 lines changed or deleted 223 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/