OPSAWG Working Group Q. Wu Internet-Draft M. Wang Intended status: Standards Track Huawei Expires: September 3, 2018 M. Boucadair Orange March 2, 2018 A YANG Data Module for Network Virtualization Overlay Resource Management draft-wu-opsawg-network-overlay-resource-model-00 Abstract This document defines a YANG data module for Network Virtualization Overlay Resource Management. It is a resource facing model independent of control plane protocols and captures topological and resource related information pertaining to Network Virtualization Overlay. This module enables clients, which interact with a network orchestrator or controller via a REST interface, for Network Virtualization Overlay topology related operations such as obtaining and allocating the relevant topology resource information. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 3, 2018. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. Wu, et al. Expires September 3, 2018 [Page 1] Internet-Draft Network Overlay Resource Model March 2018 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions used in this document . . . . . . . . . . . . . . 3 3. Overview of Network Virtualization Overlay Resource Management Model . . . . . . . . . . . . . . . . . . . . . . 4 3.1. VN Service Configuration . . . . . . . . . . . . . . . . 6 3.1.1. VN and Network Access Association Configuration . . . 6 3.1.2. Traffic Performance Requirements Configuration . . . 7 3.2. VN Service Topology Resource Distribution configuration . 10 4. RPC Definitions for Computation of TE Path Element List and Network Access Connectivity List . . . . . . . . . . . . . . 11 5. Data Hierarchy . . . . . . . . . . . . . . . . . . . . . . . 13 6. Network Virtualization Overlay Management YANG Module . . . . 17 7. Security Considerations . . . . . . . . . . . . . . . . . . . 33 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 9.1. Normative References . . . . . . . . . . . . . . . . . . 34 9.2. Informative References . . . . . . . . . . . . . . . . . 35 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 1. Introduction [RFC8299] defines customer service model for L3VPN service that can be used to describe a service as offered or delivered to a customer by a network operator. As described in [RFC8309], a customer service model is not resource facing model and does not describes how a network operator realizes and delivers the service described by the module since it is not used to directly configure network devices, protocols, or functions or something sent to network devices (i.e., routers or switches) for processing. This document defines a YANG module for Network Virtualization Overlay Management. It is a resource facing model independent of control plane protocols and captures topological and resource related information pertaining to Network Virtualization Overlay. Wu, et al. Expires September 3, 2018 [Page 2] Internet-Draft Network Overlay Resource Model March 2018 This module enables clients to interact with a network orchestrator or controller via a RESTful interface, for providing connectivity services over a Network Virtualization Overlay topology. In particular, this module supports operations such as exposing abstract service topology, retrieving, and allocating the relevant topology resource information. As a reminder, and as defined in [RFC7297], the IP connectivity service is the IP transfer capability characterized by a (Source Nets, Destination Nets, Guarantees, Scope) tuple where "Source Nets" is a group of unicast IP addresses, "Destination Nets" is a group of IP unicast and/or multicast addresses, and "Guarantees" reflects the guarantees (expressed in terms of Quality Of Service (QoS), performance, and availability, for example) to properly forward traffic to the said "Destination". Finally, the "Scope" denotes the (network) perimeter (e.g., between Provider Edge (PE) routers or Customer Nodes) where the said guarantees need to be provided. These requirements include: reachability scope (e.g., limited scope, Internet-wide), direction (in/ou), bandwidth requirements, QoS parameters (e.g., one-way delay [RFC7679], loss [RFC7680], or one-way delay variation (jitter) [RFC3393]), protection, and high- availability guidelines (e.g., restoration in less than 50 ms, 100 ms, or 1 second). The module includes flow identification and classification rules that are required for traffic conformance purposes. How the data captured using this YANG module is tranlated into network-spefic clauses is out of scope. 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. In this document, these words will appear with that interpretation only when in ALL CAPS. Lower case uses of these words are not to be interpreted as carrying [RFC2119] significance. The following notations are used within the data tree and carry the meaning as below. Each node is printed as: Wu, et al. Expires September 3, 2018 [Page 3] Internet-Draft Network Overlay Resource Model March 2018 is one of: + for current is one of: rw for configuration data ro for non-configuration data -x for rpcs -n for notifications -w for writable is the name of the node If the node is augmented into the tree from another module, its name is printed as :. is one of: ? for an optional leaf or choice ! for a presence container * for a leaf-list or list [] for a list's keys (choice)/:(case) Parentheses enclose choice and case nodes, and case nodes are also marked with a colon (":") is the name of the type for leafs and leaf-lists 3. Overview of Network Virtualization Overlay Resource Management Model Wu, et al. Expires September 3, 2018 [Page 4] Internet-Draft Network Overlay Resource Model March 2018 ----------- l3vpn-svc Model | Customer l2vpn-svc | Facing Model Model | +----------------------+ ---------------| Service component | +-----------+----------+ | VN Overlay | Resource | Resource Model | Facing Model | | | +----------+-----------+ ------------ +----| Config component |-------+ / +----------------------+ \ Network / / \ \ Configuration / / \ \ models / / \ \ +------+ Bearer +------+ +------+ +------+ | CE A + ----------- + PE A | | PE B + ---- + CE B | +------+ Connection +------+ +------+ +------+ Site A Site B L3VPN and L2VPN service models provide an abstracted view of the Layer 3 and Layer 2 VPN service configuration components. Services are built from a combination of network elements and protocols configuration, but are specified for service users in more abstract terms, e.g., these models will specify where to create site and establish site-network-access of a particular site to the provider network (e.g., PE, aggregation switch) and what service requirements of each site-network-access are. Site location can be determined based on proposed location parameters and constraints in these service models and service requirements of each site-network-access can be determined based on traffic performance metrics (e.g., one-way delay, one-way delay variation, bandwidth) of each PE-CE link connectivity and traffic performance metrics of each service flow or application. The management system will use service models as an input to select appropriate PEs and CEs, allocate interface on the node, generate PE and CE configuration associated with each PE-CE link. Based on selected PE and CE configuration on each site-network-access of a particular site, the management system can use L3VPN service model and L2VPN service model as inputs and translate it into Wu, et al. Expires September 3, 2018 [Page 5] Internet-Draft Network Overlay Resource Model March 2018 resource facing model, i.e., the network virtualization overlay resource model. This resource facing model can be seen as the projection model of L3VPN service and L2VPN service model and is used to compute path elements and the network access connectivity list when two sites belonging to one VPN spanning across several domains. It also can be combined with other performance measurement or warning models to expose abstract service topology and resource distribution in the network re-optimization cases. 3.1. VN Service Configuration The YANG module is divided into two main containers: "vn-services" and "sites". The "vn-service" list under the vn-services container defines global parameters for the VN service for a specific customer. The "vn-id" provided in the vn-service list refers to an internal reference for this VN service, while the customer name refers to a more-explicit reference to the customer. The "vn-type" in the vn-service list refers to a set of basic VPN type. In addition, each "vn-service" also include a list of "site-network-access". The service requirements on each "site-network-access" or site to site service requirements is specified in details in the service container under "sites/site" or "sites/site/site-network-access". 3.1.1. VN and Network Access Association Configuration Within a given VN service there can be one or more VN and Network Access Associations(VNAAs). VNAAs are represented as a list and indexed by the vn-id and vn-type. module: ietf-vn-rsc +--rw vn-rsc +--rw vn-services | +--rw vn-service* [vn-id] | +--rw vn-id svc-id | +--rw vn-type identityref . . | +--rw site-network-accesses | +--rw site-network-access* [site-network-access-id] | +--rw site-network-access-id svc-id Snippet of data hierarchy related to VN and Network Access Associations (VNAA) Wu, et al. Expires September 3, 2018 [Page 6] Internet-Draft Network Overlay Resource Model March 2018 3.1.2. Traffic Performance Requirements Configuration 3.1.2.1. Per-Site Network Access Requirements Per-Site network access traffic performance requirements are represented as a list within the data hierarchy and indexed by the key site-network-access-id. Traffic Performance requirements include latency, jitter, and bandwidth utilization. Upload bandwidth and download bandwidth are performance parameters associated each domain-network-access. Latency, jitter, and bandwidth utilization are performance requirements associated with each service flow or application. Wu, et al. Expires September 3, 2018 [Page 7] Internet-Draft Network Overlay Resource Model March 2018 module: ietf-vn-rsc +--rw site-network-accesses +--rw site-network-access* [site-network-access-id] +--rw site-network-access-id leafref +--rw device-id leafref +--rw access-diversity {site-diversity}? | +--rw groups | | +--rw group* [group-id] | | +--rw group-id string | +--rw constraints | +--rw constraint* [constraint-type] | +--rw constraint-type identityref | +--rw target | +--rw (target-flavor)? | +--:(id) | | +--rw group* [group-id] | | ... | +--:(all-accesses) | | +--rw all-other-accesses? empty | +--:(all-groups) | +--rw all-other-groups? empty +--rw service | +--rw svc-input-bandwidth? uint32 | +--rw svc-output-bandwidth? uint32 | +--rw svc-mtu? uint16 | +--rw qos {qos}? | | +--rw qos-classification-policy | | | +--rw rule* [id] | | | +--rw id uint16 | | | +--rw (match-type)? | | | | +--:(match-flow) | | | | | +--rw match-flow | | | | | ... | | | | +--:(match-application) | | | | +--rw match-application? identityref | | | +--rw target-class-id? string | | +--rw qos-profile | | +--rw (qos-profile)? | | +--:(standard) | | | +--rw profile? string | | +--:(custom) | | +--rw classes {qos-custom}? | | +--rw class* [class-id] Snippet of data hierarchy related to Per Site network access QoS requirements Wu, et al. Expires September 3, 2018 [Page 8] Internet-Draft Network Overlay Resource Model March 2018 3.1.2.2. Site-to-Site Traffic Performance Requirements QoS guarantees denote a set of transfer performance metrics that characterize the quality of the transfer treatment to be experienced (when crossing a transport infrastructure) by a flow issued from or forwarded to a (set of) sites. Suppose one VPN has multiple sites and any two sites span across multiple domains, site-to-site network access QoS requirements can be used to describe QoS requirements across sites. Site-to-site network access traffic performance requirements are represented as a list within the data hierarchy and indexed by the key 'site-id'. The source site is specified as 'site-id' under site list, the 'target-site' is specified under match-flow case. Traffic performance requirements include latency, jitter, and bandwidth utilization. Shaping/policing filters may be applied so as to assess whether traffic is within the capacity profile or out of profile. Out-of- profile traffic may be discarded or assigned another class. Wu, et al. Expires September 3, 2018 [Page 9] Internet-Draft Network Overlay Resource Model March 2018 module: ietf-vn-rsc +--rw sites +--rw site* [site-id] +--rw site-id svc-id +--rw service | +--rw qos {qos}? | | +--rw qos-classification-policy | | | +--rw rule* [id] | | | +--rw id uint16 | | | +--rw (match-type)? | | | | +--:(match-flow) | | | | | +--rw match-flow | | | | | +--rw target-sites* svc-id | | | +--rw target-class-id? string | | +--rw qos-profile | | +--rw (qos-profile)? | | +--:(standard) | | | +--rw profile? string | | +--:(custom) | | +--rw classes {qos-custom}? | | +--rw class* [class-id] | | +--rw class-id string | | +--rw rate-limit? uint8 | | +--rw latency | | | +--rw (flavor)? | | | ... | | +--rw jitter | | | +--rw (flavor)? | | | ... | | +--rw bandwidth | | +--rw guaranteed-bw-percent? uint8 | | +--rw end-to-end? empty Snippet of data hierarchy related to Site to Site QoS requirements 3.2. VN Service Topology Resource Distribution configuration A 'site' is composed of at least one "site-network-access" and, in the case of multihoming, may have multiple site-network-access points. For each "site-network-access", the ingress device/customer device and/or egress device has been selected to connect to the provider network, ingress device list is specified under site and egress device is specified under vn-attachment container. With selected ingress device and egress device and VN membership, VN service topology can be constructed. Resource allocation for Site to Wu, et al. Expires September 3, 2018 [Page 10] Internet-Draft Network Overlay Resource Model March 2018 Site connectivity or connectivity within site can be further calculated based on this VN service topology. VPN1-Site1 VPN1-Site2 +------------------------------------------------------------+ / [CE1].. [PE2______[CE3] / / / \ : : \_ / : / / / \ : : \_ / : / / / \ : : \ / : / / [CE2]___[PE1]: : [CE4] : / +------:-------:---:---------------------------------:-----:-+ : : : : : : : : : : : : : +-------:---:-----:------------:-----:-----+ : / [X1]__:___:___________[X2] : / :/ / \_ : : _____/ / : / : / \_ : _____/ / : / /: / \: / / : / / : / [X5] / : / / : / __/ \__ / : / / : / ___/ \__ / : / / : / ___/ \ / : / / [X4]__________________[X3]..: / +------------------------------------------+ L3 Topology 4. RPC Definitions for Computation of TE Path Element List and Network Access Connectivity List The RPC model facilitates issuing commands to a NETCONF server (in this case to the device that need to execute the path computation API command or path computation algorithm) and obtain a response. RPC model defined here abstracts path computation specific commands in a technology independent manner. There are two RPC commands defined for the purpose of computation of path element list and network access connectivity list respectively. In this section we present a snippet of the path element list computation command and network access connectivity list computation for illustration purposes. Please refer to Section 3.4 for the complete data hierarchy and Section 4 for the YANG model. Wu, et al. Expires September 3, 2018 [Page 11] Internet-Draft Network Overlay Resource Model March 2018 rpcs: +---x vn-path-element-compute | +---w input | | +---w vn-member-list* [vn-member-id] | | +---w vn-member-id -> /vn-svc/vn-services/vn-service/vn-id | | +---w constraint | | | +---w path-element* [path-element-id] | | | +---w path-element-id | | | +---w address? | | +---w objective-function? identityref | | +---w metric* [metric-type] | | +---w metric-type identityref | | +---w metric-value? uint32 | +--ro output | +--ro vn-member-list* [vn-member-id] | +--ro vn-member-id -> /vn-svc/vn-services/vn-service/vn-id | +--ro metric* [metric-type] | | +--ro metric-type identityref | | +--ro metric-value? uint32 | +--ro path | +--ro path-element* [path-element-id] | +--ro path-element-id +---x vn-network-connectivity-stitch +---w input | +---w vn-member-list* [vn-id] | +---w vn-id -> /vn-svc/vn-services/vn-service/vn-id | +---w source-access* [access-id] | | +---w access-id | | +---w destination-access* [access-id] | +---w objective-function? identityref | +---w metric* [metric-type] | +---w metric-type identityref | +---w metric-value? uint32 +--ro output +--ro vn-access-list* [index] +--ro index uint32 +--ro source-access -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id +--ro destination-access-> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id +--ro multi-domain-network-access-list * [domain-id] +--ro domain-id svc-id +--ro network-access-id svc-id With these two RPC commands, we can calculate Path element list that is applied to network access connectivity within the site, or Site to Site connectivity or end to end connectivity. Wu, et al. Expires September 3, 2018 [Page 12] Internet-Draft Network Overlay Resource Model March 2018 Network access connectivity list that is applied to site to site connectivity and end to end connectivity spanning across multiple domains. 5. Data Hierarchy The figure below describes the overall structure of the YANG module: module: ietf-vn-rsc +--rw vn-rsc +--rw vn-services | +--rw vn-service* [vn-id] | +--rw vn-id svc-id | +--rw customer-name? string | +--rw service-topology? identityref | +--rw site-network-accesses | +--rw site-network-access* [site-network-access-id] | +--rw site-network-access-id svc-id +--rw sites +--rw site* [site-id] +--rw site-id svc-id +--rw cpe-devices | +--rw cpe-device* [device-id] | +--rw device-id svc-id | +--rw address-family? address-family | +--rw address? inet:ip-address | +--rw interfaces | +--rw interface? if:interface-ref | +--rw sub-interfaces* if:interface-ref +--rw service | +--rw qos {qos}? | +--rw qos-classification-policy | | +--rw rule* [id] | | +--rw id string | | +--rw (match-type)? | | | +--:(match-flow) | | | | +--rw match-flow | | | | +--rw dscp? inet:dscp | | | | +--rw dot1p? uint8 | | | | +--rw ipv4-src-prefix? inet:ipv4-prefix | | | | +--rw ipv6-src-prefix? inet:ipv6-prefix | | | | +--rw ipv4-dst-prefix? inet:ipv4-prefix | | | | +--rw ipv6-dst-prefix? inet:ipv6-prefix | | | | +--rw l4-src-port? inet:port-number | | | | +--rw target-sites* svc-id {target-sites}? | | | | +--rw l4-src-port-range | | | | | +--rw lower-port? inet:port-number | | | | | +--rw upper-port? inet:port-number Wu, et al. Expires September 3, 2018 [Page 13] Internet-Draft Network Overlay Resource Model March 2018 | | | | +--rw l4-dst-port? inet:port-number | | | | +--rw l4-dst-port-range | | | | | +--rw lower-port? inet:port-number | | | | | +--rw upper-port? inet:port-number | | | | +--rw protocol-field? union | | | +--:(match-application) | | | +--rw match-application? identityref | | +--rw target-class-id? string | +--rw qos-profile | +--rw (qos-profile)? | +--:(standard) | | +--rw profile? -> /vn-svc/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id | +--:(custom) | +--rw classes {qos-custom}? | +--rw class* [class-id] | +--rw class-id string | +--rw direction? identityref | +--rw rate-limit? uint8 | +--rw latency | | +--rw (flavor)? | | +--:(lowest) | | | +--rw use-lowest-latency? empty | | +--:(boundary) | | +--rw latency-boundary? uint16 | +--rw jitter | | +--rw (flavor)? | | +--:(lowest) | | | +--rw use-lowest-jitter? empty | | +--:(boundary) | | +--rw latency-boundary? uint32 | +--rw bandwidth | +--rw guaranteed-bw-percent uint8 | +--rw end-to-end? empty +--rw site-network-accesses +--rw site-network-access* [site-network-access-id] +--rw site-network-access-id -> /vn-svc/vn-services/vn-service/site-network-accesses/site-network-access/site-network-access-id +--rw ingress-device-id? -> /vn-svc/sites/site/cpe-devices/cpe-device/device-id +--rw access-diversity {site-diversity}? | +--rw groups | | +--rw group* [group-id] | | +--rw group-id string | +--rw constraints | +--rw constraint* [constraint-type] | +--rw constraint-type identityref | +--rw target | +--rw (target-flavor)? Wu, et al. Expires September 3, 2018 [Page 14] Internet-Draft Network Overlay Resource Model March 2018 | +--:(id) | | +--rw group* [group-id] | | +--rw group-id string | +--:(all-accesses) | | +--rw all-other-accesses? empty | +--:(all-groups) | +--rw all-other-groups? empty +--rw service | +--rw svc-input-bandwidth? uint32 | +--rw svc-output-bandwidth? uint32 | +--rw svc-mtu? uint16 | +--rw qos {qos}? | +--rw qos-classification-policy | | +--rw rule* [id] | | +--rw id string | | +--rw (match-type)? | | | +--:(match-flow) | | | | +--rw match-flow | | | | +--rw dscp? inet:dscp | | | | +--rw dot1p? uint8 | | | | +--rw ipv4-src-prefix? inet:ipv4-prefix | | | | +--rw ipv6-src-prefix? inet:ipv6-prefix | | | | +--rw ipv4-dst-prefix? inet:ipv4-prefix | | | | +--rw ipv6-dst-prefix? inet:ipv6-prefix | | | | +--rw l4-src-port? inet:port-number | | | | +--rw target-sites* svc-id {target-sites}? | | | | +--rw l4-src-port-range | | | | | +--rw lower-port? inet:port-number | | | | | +--rw upper-port? inet:port-number | | | | +--rw l4-dst-port? inet:port-number | | | | +--rw l4-dst-port-range | | | | | +--rw lower-port? inet:port-number | | | | | +--rw upper-port? inet:port-number | | | | +--rw protocol-field? union | | | +--:(match-application) | | | +--rw match-application? identityref | | +--rw target-class-id? string | +--rw qos-profile | +--rw (qos-profile)? | +--:(standard) | | +--rw profile? -> /vn-svc/vpn-profiles/valid-provider-identifiers/qos-profile-identifier/id | +--:(custom) | +--rw classes {qos-custom}? | +--rw class* [class-id] | +--rw class-id string | +--rw direction? identityref | +--rw rate-limit? uint8 Wu, et al. Expires September 3, 2018 [Page 15] Internet-Draft Network Overlay Resource Model March 2018 | +--rw latency | | +--rw (flavor)? | | +--:(lowest) | | | +--rw use-lowest-latency? empty | | +--:(boundary) | | +--rw latency-boundary? uint16 | +--rw jitter | | +--rw (flavor)? | | +--:(lowest) | | | +--rw use-lowest-jitter? empty | | +--:(boundary) | | +--rw latency-boundary? uint32 | +--rw bandwidth | +--rw guaranteed-bw-percent uint8 | +--rw end-to-end? empty +--rw vn-attachments +--rw vn-attachment* [vn-id] +--rw vn-id svc-id +--rw vn-type? identityref +--rw attachment-point +--rw egress-device-id? svc-id +--rw address-family? address-family +--rw address? inet:ip-address +--rw interfaces +--rw interface? if:interface-ref +--rw sub-interfaces* if:interface-ref rpcs: +---x vn-path-element-compute | +---w input | | +---w vn-member-list* [vn-member-id] | | +---w vn-member-id -> /vn-svc/vn-services/vn-service/vn-id | | +---w src | | | +---w src-address? -> /vn-svc/sites/site/site-id | | | +---w site-network-access-id? -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id | | +---w dst | | | +---w dst-address? -> /vn-svc/sites/site/site-id | | | +---w site-network-access-id? -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id | | +---w constraint | | | +---w path-element* [path-element-id] | | | +---w path-element-id -> /vn-svc/sites/site/site-network-accesses/site-network-access/vn-attachments/vn-attachment/attachment-point/pe-device-id | | | +---w address? -> /vn-svc/sites/site/site-network-accesses/site-network-access/vn-attachments/vn-attachment/attachment-point/address | | +---w objective-function? identityref | | +---w metric* [metric-type] | | +---w metric-type identityref | | +---w metric-value? uint32 Wu, et al. Expires September 3, 2018 [Page 16] Internet-Draft Network Overlay Resource Model March 2018 | +--ro output | +--ro vn-member-list* [vn-member-id] | +--ro vn-member-id uint32 | +--ro src | | +--ro src-address? -> /vn-svc/sites/site/site-id | | +--ro site-network-access-id? -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id | +--ro dst | | +--ro dst-address? -> /vn-svc/sites/site/site-id | | +--ro site-network-access-id? -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id | +--ro metric* [metric-type] | | +--ro metric-type identityref | | +--ro metric-value? uint32 | +--ro path | +--ro path-element* [path-element-id] | +--ro path-element-id -> /vn-svc/sites/site/site-network-accesses/site-network-access/vn-attachments/vn-attachment/attachment-point/pe-device-id | +--ro index? uint32 | +--ro address? -> /vn-svc/sites/site/site-network-accesses/site-network-access/vn-attachments/vn-attachment/attachment-point/address | +--ro hop-type? identityref +---x vn-network-connectivity-stitch +---w input | +---w vn-list* [vn-id] | +---w vn-id -> /vn-svc/vn-services/vn-service/vn-id | +---w source-access* [access-id] | | +---w access-id -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id | | +---w destination-access* [access-id] | | +---w access-id -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id | +---w objective-function? identityref | +---w metric* [metric-type] | +---w metric-type identityref | +---w metric-value? uint32 +--ro output +--ro vn-access-list* [index] +--ro index uint32 +--ro source-access -> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id +--ro destination-access-> /vn-svc/sites/site/site-network-accesses/site-network-access/site-network-access-id +--ro multi-domain-network-access-list * +--ro domain-id svc-id +--ro network-access-id svc-id 6. Network Virtualization Overlay Management YANG Module file "ietf-vn-rsc@2018-02-03.yang" module ietf-vn-rsc { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-vn-rsc"; prefix vnrsc; import ietf-inet-types { Wu, et al. Expires September 3, 2018 [Page 17] Internet-Draft Network Overlay Resource Model March 2018 prefix inet; } import ietf-l3vpn-svc { prefix l3vpn-svc; } import ietf-interfaces{ prefix if; } organization "IETF OPSAWG Working Group."; contact "WG List: foo@ietf.org Editor: Qin Wu Editor: Zitao Wang "; description "The YANG module defines a generic service configuration model for Layer VN services common across all of the vendor implementations."; revision 2018-02-03{ description "Initial revision"; reference "A YANG Data Model for VN Service Delivery."; } /* Features */ /* Typedefs */ typedef svc-id { type string; description "Type definition for servicer identifier"; } typedef address-family { type enumeration { enum ipv4 { description "IPv4 address family."; } enum ipv6 { description "IPv6 address family."; } } description Wu, et al. Expires September 3, 2018 [Page 18] Internet-Draft Network Overlay Resource Model March 2018 "Defines a type for the address family."; } /* /* Identities */ identity vn-type { description "Base identity for VN type"; } identity l2vpn { base vn-type; description "Identity for Layer 2 vpn"; } identity l3vpn { base vn-type; description "Identity for Layer 3 vpn"; } identity evpn { base l2vpn; description "Identity for evpn"; } identity vpls { base l2vpn; description "Identity for vpls"; } identity vpw { base l2vpn; description "Identity for vpw"; } identity vpn-topology { description "Base identity for VPN topology."; } identity any-to-any { base vpn-topology; description "Identity for any-to-any VPN topology."; } identity hub-spoke { base vpn-topology; description "Identity for Hub-and-Spoke VPN topology."; Wu, et al. Expires September 3, 2018 [Page 19] Internet-Draft Network Overlay Resource Model March 2018 } identity hub-spoke-disjoint { base vpn-topology; description "Identity for Hub-and-Spoke VPN topology where Hubs cannot communicate with each other."; } identity objective-function{ description "Identity for objective function"; } identity metric-type{ description "Identity for metric type"; } identity hop-type{ description "Identity for hop-type"; } identity loose{ base hop-type; description "loose hop in an explicit path"; } identity strict{ base hop-type; description "strict hop in an explicit path"; } /* Grouping */ grouping vn-service-list { list vn-service { key "vn-id"; leaf vn-id { type svc-id; description "VN id"; } leaf customer-name { type string; description "Customer name"; } leaf service-topology { type identityref { Wu, et al. Expires September 3, 2018 [Page 20] Internet-Draft Network Overlay Resource Model March 2018 base vpn-topology; } default any-to-any; description "VPN service topology."; } container site-network-accesses{ list site-network-access{ key "site-network-access-id"; leaf site-network-access-id{ type svc-id; description "Site network access identifier"; } description "List for site-network access"; } description "Container for site network accesses"; } description "List for vn service"; } description "Grouping for vn service list"; } grouping vn-services-grouping{ container vn-services{ uses vn-service-list; description "Container for virtual network service"; } description "Grouping for vn services"; } grouping interfaces-grouping{ container interfaces{ leaf interface{ type if:interface-ref; description "Base interface"; } leaf-list sub-interfaces{ type if:interface-ref; description "Sub interfaces"; Wu, et al. Expires September 3, 2018 [Page 21] Internet-Draft Network Overlay Resource Model March 2018 } description "Container for interfaces"; } description "Grouping for interfaces"; } grouping cpe-device-list{ list cpe-device{ key "device-id"; leaf device-id { type svc-id; description "Device identifier"; } leaf address-family{ type address-family; description "Address family used for management. If address-family is specified, the address may or may not be specified (by the customer)."; } leaf address{ type inet:ip-address; description "IP address"; } uses interfaces-grouping; description "List for devices"; } description "Grouping for cpe device list"; } grouping cpe-devices-grouping{ container cpe-devices{ uses cpe-device-list; description "Container for cpe devices"; } description "grouping for cpe-devices-grouping"; } grouping bandwidth-grouping { leaf svc-input-bandwidth{ Wu, et al. Expires September 3, 2018 [Page 22] Internet-Draft Network Overlay Resource Model March 2018 type uint32; description "Service input bandwidth"; } leaf svc-output-bandwidth{ type uint32; description "Service output bandwidth"; } description "Grouping for bandwidth"; } grouping attachment-point-grouping{ container attachment-point{ leaf pe-device-id { type svc-id; description "PE Device identifier"; } leaf address-family{ type address-family; description "Address family used for management. If address-family is specified, the address may or may not be specified (by the customer)."; } leaf address{ type inet:ip-address; description "IP address"; } uses interfaces-grouping; description "Container for attachment point"; } description "Grouping for attachment points"; } grouping vn-attachment-list{ list vn-attachment{ key "vn-id"; leaf vn-id{ type svc-id; description "Virtual network identifier"; } Wu, et al. Expires September 3, 2018 [Page 23] Internet-Draft Network Overlay Resource Model March 2018 leaf vn-type{ type identityref{ base vn-type; } description "VN type"; } uses attachment-point-grouping; description "List for VN attachments"; } description "Grouping for VN attachment list"; } grouping vn-attachments-grouping{ container vn-attachments{ uses vn-attachment-list; description "Container for VN attachments"; } description "Grouping for VN attachments"; } grouping site-network-access-list{ list site-network-access{ key "site-network-access-id"; leaf site-network-access-id{ type leafref{ path "/vn-svc/vn-services/vn-service" +"/site-network-accesses/site-network-access" +"/site-network-access-id"; } description "Site network access identifier"; } leaf device-id { type leafref{ path "/vn-svc/sites/site/cpe-devices" +"/cpe-device/device-id"; } description "Device id"; } uses l3vpn-svc:access-diversity; container service { uses bandwidth-grouping; Wu, et al. Expires September 3, 2018 [Page 24] Internet-Draft Network Overlay Resource Model March 2018 leaf svc-mtu { type uint16; description "Service-mtu"; } uses l3vpn-svc:site-service-qos-profile; description "Container for service"; } uses vn-attachments-grouping; description "List for site-network access"; } description "Grouping for site-network access list"; } grouping site-network-accesses-grouping{ container site-network-accesses{ uses site-network-access-list; description "Container for site network accesses"; } description "Grouping for site network accesses"; } grouping site-list-grouping{ list site { key "site-id"; leaf site-id { type svc-id; description "Site identifier"; } uses cpe-devices-grouping; container service { uses l3vpn-svc:site-service-qos-profile; description "Site service"; } uses site-network-accesses-grouping; description "List for sites"; } description Wu, et al. Expires September 3, 2018 [Page 25] Internet-Draft Network Overlay Resource Model March 2018 "Grouping for site list"; } grouping sites-grouping { container sites{ uses site-list-grouping; description "Container for sites"; } description "Grouping for sites"; } grouping src-grouping{ container src{ leaf src-address{ type leafref { path "/vn-svc/sites/site/site-id"; } description "Leaf list for source address"; } leaf site-network-access-id{ type leafref { path "/vn-svc/sites/site/site-network-accesses"+ "/site-network-access/site-network-access-id"; } description "Leaf list for site-network-access id"; } description "Container for source id"; } description "Grouping for source site"; } grouping dst-grouping{ container dst{ leaf dst-address{ type leafref { path "/vn-svc/sites/site/site-id"; } description "Leaf list for source address"; } leaf site-network-access-id{ type leafref { Wu, et al. Expires September 3, 2018 [Page 26] Internet-Draft Network Overlay Resource Model March 2018 path "/vn-svc/sites/site/site-network-accesses"+ "/site-network-access/site-network-access-id"; } description "Leaf list for site-network-access id"; } description "Container for destination id"; } description "Grouping for source site"; } grouping objective-function-group{ leaf objective-function { type identityref{ base objective-function; } description "operational state of the objective function"; } description "Grouping for objective functions"; } grouping path-element-list{ list path-element{ key "path-element-id"; leaf path-element-id{ type leafref{ path "/vn-svc/sites/site/site-network-accesses"+ "/site-network-access/vn-attachments/vn-attachment"+ "/attachment-point/pe-device-id"; } description "Path element identifier"; } leaf address{ type leafref{ path "/vn-svc/sites/site/site-network-accesses"+ "/site-network-access/vn-attachments/vn-attachment"+ "/attachment-point/address"; } description "Path element address"; } description Wu, et al. Expires September 3, 2018 [Page 27] Internet-Draft Network Overlay Resource Model March 2018 "List for path elements"; } description "Grouping for path elements"; } grouping constraint-grouping{ container constraint{ config false; uses path-element-list; description "Container for constraint"; } description "Grouping for constraint"; } grouping metric-grouping{ list metric { key metric-type; leaf metric-type { type identityref{ base metric-type; } description "Metric type"; } leaf metric-value { type uint32; description "Metric value"; } description "List for metric"; } description "Grouping for metric"; } grouping path-list{ list path-element{ key "path-element-id"; leaf path-element-id{ type leafref{ path "/vn-svc/sites/site/site-network-accesses"+ "/site-network-access/vn-attachments/vn-attachment"+ "/attachment-point/pe-device-id"; } Wu, et al. Expires September 3, 2018 [Page 28] Internet-Draft Network Overlay Resource Model March 2018 description "Path element identifier"; } leaf index{ type uint32; description "Index"; } leaf address{ type leafref{ path "/vn-svc/sites/site/site-network-accesses"+ "/site-network-access/vn-attachments/vn-attachment"+ "/attachment-point/address"; } description "Path element address"; } leaf hop-type{ type identityref { base hop-type; } description "Hop type"; } description "List for path elements"; } description "Grouping for path list"; } grouping path-grouping{ container path{ uses path-list; description "Container for path"; } description "Grouping for path"; } grouping access-grouping{ list source-access{ key "access-id"; leaf access-id { type leafref{ path "/vn-svc/sites/site/site-network-accesses" +"/site-network-access/site-network-access-id"; } Wu, et al. Expires September 3, 2018 [Page 29] Internet-Draft Network Overlay Resource Model March 2018 description "Access id"; } list destination-access{ key "access-id"; leaf access-id { type leafref{ path "/vn-svc/sites/site/site-network-accesses" +"/site-network-access/site-network-access-id"; } description "Access id"; } description "List for destination access id"; } description "List for source access id"; } description "Grouping for access"; } /* .....................................*/ container vn-svc{ uses vn-services-grouping; uses sites-grouping; description "Container for vn service"; } rpc vn-compute{ description "RPC for VN compute"; input { list vn-member-list { key "vn-member-id"; leaf vn-member-id{ type leafref{ path "/vn-svc/vn-services/vn-service/vn-id"; } description "VN member identifier"; } uses src-grouping; uses dst-grouping; uses constraint-grouping; uses objective-function-group; Wu, et al. Expires September 3, 2018 [Page 30] Internet-Draft Network Overlay Resource Model March 2018 uses metric-grouping; description "List for vn member"; } } output{ list vn-member-list { key "vn-member-id"; leaf vn-member-id{ type uint32; description "VN member identifier"; } uses src-grouping; uses dst-grouping; uses metric-grouping; uses path-grouping; description "List for vn member"; } } } rpc vn-stitch{ description "RPC for VN compute"; input { list vn-list { key "vn-id"; leaf vn-id{ type leafref{ path "/vn-svc/vn-services/vn-service/vn-id"; } description "VN identifier"; } uses access-grouping; uses objective-function-group; uses metric-grouping; description "List for vn"; } } output{ list vn-access-list { key "index"; Wu, et al. Expires September 3, 2018 [Page 31] Internet-Draft Network Overlay Resource Model March 2018 leaf index{ type uint32; description "Index for VN access"; } leaf source-access { type leafref{ path "/vn-svc/sites/site/site-network-accesses" +"/site-network-access/site-network-access-id"; } description "Source Access ID"; } leaf destination-access { type leafref{ path "/vn-svc/sites/site/site-network-accesses" +"/site-network-access/site-network-access-id"; } description "Destination Access ID"; } list multi-domain-network-access-list { key "domain-id network-access-id"; leaf domain-id { type string; description "Domain ID"; } leaf network-access-id { type leafref{ path "/vn-svc/sites/site/site-network-accesses" +"/site-network-access/site-network-access-id"; } description "Network access ID"; } description "List for multiple domain network access"; } description "List for vn access"; } } } } Wu, et al. Expires September 3, 2018 [Page 32] Internet-Draft Network Overlay Resource Model March 2018 7. Security Considerations The YANG modules defined in this document MAY be accessed via the RESTCONF protocol [RFC8040] or NETCONF protocol ([RFC6241]). The lowest RESTCONF or NETCONF layer requires that the transport-layer protocol provides both data integrity and confidentiality, see Section 2 in [RFC8040] and [RFC6241]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH)[RFC6242] . The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC5246]. The NETCONF access control model [RFC6536] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability: o /vn-svc/vn-services/vn-service The entries in this list include the whole vn service configurations to which the customer subscribed, and indirectly create or modify the egress and ingress device configurations. Unexpected changes to these entries could lead to the service disruption and/or network misbehavior. o /vn-svc/sites/site The entries in this list include the customer site configurations. Unexpected changes to these entries could lead to the service disruption and/or network misbehavior. Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability: o /vn-svc/vn-services/vn-service o /vn-svc/sites/site Wu, et al. Expires September 3, 2018 [Page 33] Internet-Draft Network Overlay Resource Model March 2018 The entries in these lists include customer-proprietary or confidential information, e.g., customer-name, site location, what service the customer subscribes. 8. IANA Considerations This document registers a URI in the IETF XML registry [RFC3688]. Following the format in [RFC3688], the following registration is requested to be made: --------------------------------------------------------------------- URI: urn:ietf:params:xml:ns:yang:ietf-vn-rsc Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace. --------------------------------------------------------------------- This document registers a YANG module in the YANG Module Names registry [RFC7950]. --------------------------------------------------------------------- Name: ietf-vn-rsc Namespace: urn:ietf:params:xml:ns:yang:ietf-vn-rsc Prefix: vnrsc Reference: RFC xxxx --------------------------------------------------------------------- 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", March 1997. [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, . [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, . [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, . Wu, et al. Expires September 3, 2018 [Page 34] Internet-Draft Network Overlay Resource Model March 2018 [RFC6370] Bocci, M., Swallow, G., and E. Gray, "MPLS Transport Profile (MPLS-TP) Identifiers", RFC 6370, DOI 10.17487/RFC6370, September 2011, . [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration Protocol (NETCONF) Access Control Model", RFC 6536, DOI 10.17487/RFC6536, March 2012, . [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, . [RFC7952] Lhotka, L., "Defining and Using Metadata with YANG", RFC 7952, DOI 10.17487/RFC7952, August 2016, . 9.2. Informative References [RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation Metric for IP Performance Metrics (IPPM)", RFC 3393, DOI 10.17487/RFC3393, November 2002, . [RFC7297] Boucadair, M., Jacquenet, C., and N. Wang, "IP Connectivity Provisioning Profile (CPP)", RFC 7297, DOI 10.17487/RFC7297, July 2014, . [RFC7679] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton, Ed., "A One-Way Delay Metric for IP Performance Metrics (IPPM)", STD 81, RFC 7679, DOI 10.17487/RFC7679, January 2016, . [RFC7680] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton, Ed., "A One-Way Loss Metric for IP Performance Metrics (IPPM)", STD 82, RFC 7680, DOI 10.17487/RFC7680, January 2016, . Authors' Addresses Wu, et al. Expires September 3, 2018 [Page 35] Internet-Draft Network Overlay Resource Model March 2018 Qin Wu Huawei 101 Software Avenue, Yuhua District Nanjing, Jiangsu 210012 China Email: bill.wu@huawei.com Michael Wang Huawei Technologies,Co.,Ltd 101 Software Avenue, Yuhua District Nanjing 210012 China Email: wangzitao@huawei.com Mohamed Boucadair Orange Rennes 35000 France Email: mohamed.boucadair@orange.com Wu, et al. Expires September 3, 2018 [Page 36]