| rfc9836.original | rfc9836.txt | |||
|---|---|---|---|---|
| OPSAWG M. Boucadair, Ed. | Internet Engineering Task Force (IETF) M. Boucadair, Ed. | |||
| Internet-Draft Orange | Request for Comments: 9836 Orange | |||
| Intended status: Standards Track R. Roberts | Category: Standards Track R. Roberts | |||
| Expires: 27 July 2025 Juniper | ISSN: 2070-1721 Juniper | |||
| S. B. Giraldo | S. Barguil | |||
| Nokia | Nokia | |||
| O. G. D. Dios | O. Gonzalez de Dios | |||
| Telefonica | Telefonica | |||
| 23 January 2025 | September 2025 | |||
| A YANG Data Model for Augmenting VPN Service and Network Models with | A YANG Data Model for Augmenting VPN Service and Network Models with | |||
| Attachment Circuits | Attachment Circuits | |||
| draft-ietf-opsawg-ac-lxsm-lxnm-glue-14 | ||||
| Abstract | Abstract | |||
| This document defines a YANG data model, referred to as the "AC Glue" | This document defines a YANG data model, referred to as the "AC Glue" | |||
| model, to augment the Layer 2/3 Service Model (LxSM) and Layer 2/3 | model, to augment the LxVPN Service Model (LxSM) and LxVPN Network | |||
| Network Model (LxNM) with references to attachment circuits (ACs). | Model (LxNM) with references to attachment circuits (ACs). The AC | |||
| The AC Glue model enables a provider to associate Layer 2/3 VPN | Glue model enables a provider to associate Layer 2/3 VPN (LxVPN) | |||
| services (LxVPNs) with the underlying AC infrastructure, thereby | services with the underlying AC infrastructure, thereby facilitating | |||
| facilitating consistent provisioning and management of new or | consistent provisioning and management of new or existing ACs in | |||
| existing ACs in conjunction with LxVPN services. Specifically, by | conjunction with LxVPN services. Specifically, by introducing an | |||
| introducing an integrated approach to AC and LxVPN management, this | integrated approach to AC and LxVPN management, this model supports | |||
| model supports Attachment Circuit-as-a-Service (ACaaS) and provides a | Attachment Circuit as a Service (ACaaS) and provides a standardized | |||
| standardized mechanism for aligning AC/VPN requests with the network | mechanism for aligning AC/VPN requests with the network | |||
| configurations required to deliver them. | configurations required to deliver them. | |||
| Discussion Venues | ||||
| This note is to be removed before publishing as an RFC. | ||||
| Discussion of this document takes place on the Operations and | ||||
| Management Area Working Group Working Group mailing list | ||||
| (opsawg@ietf.org), which is archived at | ||||
| https://mailarchive.ietf.org/arch/browse/opsawg/. | ||||
| Source for this draft and an issue tracker can be found at | ||||
| https://github.com/boucadair/attachment-circuit-model. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This is an Internet Standards Track document. | |||
| provisions of BCP 78 and BCP 79. | ||||
| Internet-Drafts are working documents of the Internet Engineering | ||||
| Task Force (IETF). Note that other groups may also distribute | ||||
| working documents as Internet-Drafts. The list of current Internet- | ||||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | This document is a product of the Internet Engineering Task Force | |||
| and may be updated, replaced, or obsoleted by other documents at any | (IETF). It represents the consensus of the IETF community. It has | |||
| time. It is inappropriate to use Internet-Drafts as reference | received public review and has been approved for publication by the | |||
| material or to cite them other than as "work in progress." | Internet Engineering Steering Group (IESG). Further information on | |||
| Internet Standards is available in Section 2 of RFC 7841. | ||||
| This Internet-Draft will expire on 27 July 2025. | Information about the current status of this document, any errata, | |||
| and how to provide feedback on it may be obtained at | ||||
| https://www.rfc-editor.org/info/rfc9836. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2025 IETF Trust and the persons identified as the | Copyright (c) 2025 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
| license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
| and restrictions with respect to this document. Code Components | carefully, as they describe your rights and restrictions with respect | |||
| extracted from this document must include Revised BSD License text as | to this document. Code Components extracted from this document must | |||
| described in Section 4.e of the Trust Legal Provisions and are | include Revised BSD License text as described in Section 4.e of the | |||
| provided without warranty as described in the Revised BSD License. | Trust Legal Provisions and are provided without warranty as described | |||
| in the Revised BSD License. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction | |||
| 1.1. Editorial Note (To be removed by RFC Editor) . . . . . . 3 | 2. Conventions and Definitions | |||
| 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 4 | 3. Relationship to Other AC Data Models | |||
| 3. Relationship to Other AC Data Models . . . . . . . . . . . . 5 | 4. Sample Uses of the Data Models | |||
| 4. Sample Uses of the Data Models . . . . . . . . . . . . . . . 6 | 4.1. ACs Terminated by One or Multiple Customer Edges (CEs) | |||
| 4.1. ACs Terminated by One or Multiple Customer Edges (CEs) . 6 | 4.2. Separate AC Provisioning from Actual VPN Service | |||
| 4.2. Separate AC Provisioning From Actual VPN Service | Provisioning | |||
| Provisioning . . . . . . . . . . . . . . . . . . . . . . 8 | 5. Module Tree Structure | |||
| 5. Module Tree Structure . . . . . . . . . . . . . . . . . . . . 10 | 6. The AC Glue ("ietf-ac-glue") YANG Module | |||
| 6. The AC Glue ("ietf-ac-glue") YANG Module . . . . . . . . . . 12 | 7. Security Considerations | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | 8. IANA Considerations | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 | 9. References | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 9.1. Normative References | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 19 | 9.2. Informative References | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 20 | Appendix A. Examples | |||
| Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 22 | A.1. A Service AC Reference Within the VPN Network Access | |||
| A.1. A Service AC Reference within The VPN Network Access . . 22 | A.2. Network and Service AC References | |||
| A.2. Network and Service AC References . . . . . . . . . . . . 26 | Acknowledgments | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 34 | Authors' Addresses | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34 | ||||
| 1. Introduction | 1. Introduction | |||
| To facilitate data transfer within the provider network, it is | To facilitate data transfer within the provider network, it is | |||
| assumed that the appropriate setup is provisioned over the links that | assumed that the appropriate setup is provisioned over the links that | |||
| connect customer termination points and a provider network (usually | connect customer termination points and a provider network (usually | |||
| via a Provider Edge (PE)), allowing successfully data exchanged over | via a Provider Edge (PE)), allowing data to be successfully exchanged | |||
| these links. The required setup is referred to in this document as | over these links. The required setup is referred to in this document | |||
| an attachment circuit (AC), while the underlying link is referred to | as an attachment circuit (AC), while the underlying link is referred | |||
| as "bearer". | to as "bearer". | |||
| The document specifies a YANG module ("ietf-ac-glue", Section 6) that | The document specifies a YANG module ("ietf-ac-glue", Section 6) that | |||
| updates existing service and network Virtual Private Network (VPN) | updates existing service and network Virtual Private Network (VPN) | |||
| modules with the required information to bind specific services to | modules with the required information to bind specific services to | |||
| ACs that are created using the AC service model | ACs that are created using the AC service model [RFC9834]. | |||
| [I-D.ietf-opsawg-teas-attachment-circuit]. Specifically, the | Specifically, the following modules are augmented: | |||
| following modules are augmented: | ||||
| * The Layer 2 Service Model (L2SM) [RFC8466] | * The L2VPN Service Model (L2SM) [RFC8466] | |||
| * The Layer 3 Service Model (L3SM) [RFC8299] | * The L3VPN Service Model (L3SM) [RFC8299] | |||
| * The Layer 2 Network Model (L2NM) [RFC9291] | * The L2VPN Network Model (L2NM) [RFC9291] | |||
| * The Layer 3 Network Model (L3NM) [RFC9182] | * The L3VPN Network Model (L3NM) [RFC9182] | |||
| Likewise, the document augments the L2NM and L3NM with references to | Likewise, the document augments the L2NM and L3NM with references to | |||
| the ACs that are managed using the AC network model | the ACs that are managed using the AC network model [RFC9835]. | |||
| [I-D.ietf-opsawg-ntw-attachment-circuit]. | ||||
| This approach allows operators to separate AC provisioning from | This approach allows operators to separate AC provisioning from | |||
| actual VPN service provisioning. Refer to Section 4.2 for more | actual VPN service provisioning. Refer to Section 4.2 for more | |||
| discussion. | discussion. | |||
| The YANG data model in this document conforms to the Network | The YANG data model in this document conforms to the Network | |||
| Management Datastore Architecture (NMDA) defined in [RFC8342]. | Management Datastore Architecture (NMDA) defined in [RFC8342]. | |||
| Examples to illustrate the use of the "ietf-ac-glue" model are | Examples to illustrate the use of the "ietf-ac-glue" module are | |||
| provided in Appendix A. | provided in Appendix A. | |||
| 1.1. Editorial Note (To be removed by RFC Editor) | ||||
| Note to the RFC Editor: This section is to be removed prior to | ||||
| publication. | ||||
| This document contains placeholder values that need to be replaced | ||||
| with finalized values at the time of publication. This note | ||||
| summarizes all of the substitutions that are needed. | ||||
| Please apply the following replacements: | ||||
| * XXXX --> the assigned RFC number for this I-D | ||||
| * SSSS --> the assigned RFC number for | ||||
| [I-D.ietf-opsawg-teas-attachment-circuit] | ||||
| * NNNN --> the assigned RFC number for | ||||
| [I-D.ietf-opsawg-ntw-attachment-circuit] | ||||
| * 2025-01-07 --> the actual date of the publication of this document | ||||
| 2. Conventions and Definitions | 2. Conventions and Definitions | |||
| The meanings of the symbols in the YANG tree diagrams are defined in | The meanings of the symbols in the YANG tree diagrams are defined in | |||
| [RFC8340]. | [RFC8340]. | |||
| This document uses terms defined in | This document uses terms defined in [RFC9834]. | |||
| [I-D.ietf-opsawg-teas-attachment-circuit]. | ||||
| LxSM refers to both the L2SM and the L3SM. | LxSM refers to both the L2SM and the L3SM. | |||
| LxNM refers to both the L2NM and the L3NM. | LxNM refers to both the L2NM and the L3NM. | |||
| The following terms are used in the modules prefixes: | The following terms are used in the module's prefixes: | |||
| ac: Attachment circuit | ac: Attachment circuit | |||
| ntw: Network | ntw: Network | |||
| ref: Reference | ref: Reference | |||
| svc: Service | svc: Service | |||
| The names of data nodes are prefixed using the prefix associated with | The names of data nodes are prefixed using the prefix associated with | |||
| the corresponding imported YANG module as shown in Table 1: | the corresponding imported YANG module as shown in Table 1: | |||
| +===========+================+=========================+ | +===========+================+==========================+ | |||
| | Prefix | Module | Reference | | | Prefix | Module | Reference | | |||
| +===========+================+=========================+ | +===========+================+==========================+ | |||
| | ac-svc | ietf-ac-svc | Section 5.2 of RFC SSSS | | | ac-svc | ietf-ac-svc | Section 6.2 of [RFC9834] | | |||
| +-----------+----------------+-------------------------+ | +-----------+----------------+--------------------------+ | |||
| | ac-ntw | ietf-ac-ntw | RFC NNNN | | | ac-ntw | ietf-ac-ntw | [RFC9835] | | |||
| +-----------+----------------+-------------------------+ | +-----------+----------------+--------------------------+ | |||
| | l2nm | ietf-l3vpn-ntw | [RFC9291] | | | l2nm | ietf-l2vpn-ntw | [RFC9291] | | |||
| +-----------+----------------+-------------------------+ | +-----------+----------------+--------------------------+ | |||
| | l2vpn-svc | ietf-l2vpn-svc | [RFC8466] | | | l2vpn-svc | ietf-l2vpn-svc | [RFC8466] | | |||
| +-----------+----------------+-------------------------+ | +-----------+----------------+--------------------------+ | |||
| | l3nm | ietf-l3vpn-ntw | [RFC9182] | | | l3nm | ietf-l3vpn-ntw | [RFC9182] | | |||
| +-----------+----------------+-------------------------+ | +-----------+----------------+--------------------------+ | |||
| | l3vpn-svc | ietf-l3vpn-svc | [RFC8299] | | | l3vpn-svc | ietf-l3vpn-svc | [RFC8299] | | |||
| +-----------+----------------+-------------------------+ | +-----------+----------------+--------------------------+ | |||
| Table 1: Modules and Their Associated Prefixes | Table 1: Modules and Their Associated Prefixes | |||
| 3. Relationship to Other AC Data Models | 3. Relationship to Other AC Data Models | |||
| Figure 1 depicts the relationship between the various AC data models: | Figure 1 depicts the relationship between the various AC data models: | |||
| * "ietf-ac-common" ([I-D.ietf-opsawg-teas-common-ac]) | * "ietf-ac-common" [RFC9833] | |||
| * "ietf-bearer-svc" (Section 5.1 of | * "ietf-bearer-svc" (Section 6.1 of [RFC9834]) | |||
| [I-D.ietf-opsawg-teas-attachment-circuit]) | ||||
| * "ietf-ac-svc" (Section 5.2 of | * "ietf-ac-svc" (Section 6.2 of [RFC9834]) | |||
| [I-D.ietf-opsawg-teas-attachment-circuit]) | ||||
| * "ietf-ac-ntw" ([I-D.ietf-opsawg-ntw-attachment-circuit]) | * "ietf-ac-ntw" [RFC9835] | |||
| * "ietf-ac-glue" (Section 6) | * "ietf-ac-glue" (Section 6) | |||
| ietf-ac-common | ietf-ac-common | |||
| ^ ^ ^ | ^ ^ ^ | |||
| | | | | | | | | |||
| .----------' | '----------. | .----------' | '----------. | |||
| | | | | | | | | |||
| | | | | | | | | |||
| ietf-ac-svc <--- ietf-bearer-svc | | ietf-ac-svc <--- ietf-bearer-svc | | |||
| ^ ^ | | ^ ^ | | |||
| | | | | | | | | |||
| | '------------------------ ietf-ac-ntw | | '------------------------ ietf-ac-ntw | |||
| skipping to change at page 6, line 31 ¶ | skipping to change at line 200 ¶ | |||
| Figure 1: AC Data Models | Figure 1: AC Data Models | |||
| The "ietf-ac-common" module is imported by the "ietf-bearer-svc", | The "ietf-ac-common" module is imported by the "ietf-bearer-svc", | |||
| "ietf-ac-svc", and "ietf-ac-ntw" modules. Bearers managed using the | "ietf-ac-svc", and "ietf-ac-ntw" modules. Bearers managed using the | |||
| "ietf-bearer-svc" module may be referenced by service ACs managed | "ietf-bearer-svc" module may be referenced by service ACs managed | |||
| using the "ietf-ac-svc" module. Similarly, a bearer managed using | using the "ietf-ac-svc" module. Similarly, a bearer managed using | |||
| the "ietf-bearer-svc" module may list the set of ACs that use that | the "ietf-bearer-svc" module may list the set of ACs that use that | |||
| bearer. To facilitate correlation between an AC service request and | bearer. To facilitate correlation between an AC service request and | |||
| the actual AC provisioned in the network, "ietf-ac-ntw" leverages the | the actual AC provisioned in the network, "ietf-ac-ntw" leverages the | |||
| AC references exposed by the "ietf-ac-svc" module. Furthermore, to | AC references exposed by the "ietf-ac-svc" module. Furthermore, to | |||
| bind Layer 2 VPN or Layer 3 VPN services with ACs, the "ietf-ac-glue" | bind Layer 2 VPN (L2VPN) or Layer 3 VPN (L3VPN) services with ACs, | |||
| module augments the LxSM and LxNM with AC service references exposed | the "ietf-ac-glue" module augments the LxSM and LxNM with AC service | |||
| by the "ietf-ac-svc" module and AC network references exposed by the | references exposed by the "ietf-ac-svc" module and AC network | |||
| "ietf-ac-ntw" module. | references exposed by the "ietf-ac-ntw" module. | |||
| 4. Sample Uses of the Data Models | 4. Sample Uses of the Data Models | |||
| 4.1. ACs Terminated by One or Multiple Customer Edges (CEs) | 4.1. ACs Terminated by One or Multiple Customer Edges (CEs) | |||
| Figure 2 depicts two target topology flavors that involve ACs. These | Figure 2 depicts two target topology flavors that involve ACs. These | |||
| topologies have the following characteristics: | topologies have the following characteristics: | |||
| * A Customer Edge (CE) can be either a physical device or a logical | * A Customer Edge (CE) can be either a physical device or a logical | |||
| entity. Such logical entity is typically a software component | entity. Such logical entity is typically a software component | |||
| skipping to change at page 7, line 8 ¶ | skipping to change at line 225 ¶ | |||
| provider's network or a third-party infrastructure). A CE is seen | provider's network or a third-party infrastructure). A CE is seen | |||
| by the network as a peer Service Attachment Point (SAP) [RFC9408]. | by the network as a peer Service Attachment Point (SAP) [RFC9408]. | |||
| * CEs may be either dedicated to one single connectivity service or | * CEs may be either dedicated to one single connectivity service or | |||
| host multiple connectivity services (e.g., CEs with roles of | host multiple connectivity services (e.g., CEs with roles of | |||
| service functions [RFC7665]). | service functions [RFC7665]). | |||
| * A network provider may bind a single AC to one or multiple peer | * A network provider may bind a single AC to one or multiple peer | |||
| SAPs (e.g., CE1 and CE2 are tagged as peer SAPs for the same AC). | SAPs (e.g., CE1 and CE2 are tagged as peer SAPs for the same AC). | |||
| For example, and as discussed in [RFC4364], multiple CEs can be | For example, and as discussed in [RFC4364], multiple CEs can be | |||
| attached to a PE over the same attachment circuit. This scenario | attached to a PE over the same AC. This scenario is typically | |||
| is typically implemented when the Layer 2 infrastructure between | implemented when the Layer 2 infrastructure between the CE and the | |||
| the CE and the network is a multipoint service. | network is a multipoint service. | |||
| * A single CE may terminate multiple ACs, which can be associated | * A single CE may terminate multiple ACs, which can be associated | |||
| with the same bearer or distinct bearers (e.g., CE4). | with the same bearer or distinct bearers (e.g., CE4). | |||
| * Customers may request protection schemes in which the ACs | * Customers may request protection schemes in which the ACs | |||
| associated with their endpoints are terminated by the same PE | associated with their endpoints are terminated by the same PE | |||
| (e.g., CE3), distinct PEs (e.g., CE4), etc. The network provider | (e.g., CE3), distinct PEs (e.g., CE4), etc. The network provider | |||
| uses this request to decide where to terminate the AC in the | uses this request to decide where to terminate the AC in the | |||
| service provider network and also whether to enable specific | service provider network and also whether to enable specific | |||
| capabilities (e.g., Virtual Router Redundancy Protocol (VRRP)). | capabilities (e.g., Virtual Router Redundancy Protocol (VRRP)). | |||
| skipping to change at page 8, line 5 ¶ | skipping to change at line 263 ¶ | |||
| | | | | | | |||
| '-----------AC----------' | '-----------AC----------' | |||
| (bx) = bearer Id x | (bx) = bearer Id x | |||
| Figure 2: Examples of ACs | Figure 2: Examples of ACs | |||
| These ACs can be referenced when creating VPN services. Refer to the | These ACs can be referenced when creating VPN services. Refer to the | |||
| examples provided in Appendix A to illustrate how VPN services can be | examples provided in Appendix A to illustrate how VPN services can be | |||
| bound to ACs. | bound to ACs. | |||
| 4.2. Separate AC Provisioning From Actual VPN Service Provisioning | 4.2. Separate AC Provisioning from Actual VPN Service Provisioning | |||
| The procedure to provision a service in a service provider network | The procedure to provision a service in a service provider network | |||
| may depend on the practices adopted by a service provider. This | may depend on the practices adopted by a service provider. This | |||
| includes the flow put in place for the provisioning of advanced | includes the flow put in place for the provisioning of advanced | |||
| network services and how they are bound to an attachment circuit. | network services and how they are bound to an AC. For example, a | |||
| For example, a single attachment circuit may be used to host multiple | single AC may be used to host multiple connectivity services (e.g., | |||
| connectivity services (e.g., Layer 2 VPN ("ietf-l2vpn-svc"), Layer 3 | L2VPN ("ietf-l2vpn-svc"), L3VPN ("ietf-l3vpn-svc"), Network Slice | |||
| VPN ("ietf-l3vpn-svc"), Network Slice Service ("ietf-network-slice- | Service ("ietf-network-slice-service")). In order to avoid service | |||
| service")). In order to avoid service interference and redundant | interference and redundant information in various locations, a | |||
| information in various locations, a service provider may expose an | service provider may expose an interface to manage ACs network-wide | |||
| interface to manage ACs network-wide using | using the modules in [RFC9834]. Customers can request for an AC | |||
| [I-D.ietf-opsawg-teas-attachment-circuit]. Customers can request an | ("ietf-ac-svc") to be put in place and then refer to that AC when | |||
| attachment circuit ("ietf-ac-svc") to be put in place, and then refer | requesting VPN services that are bound to the AC ("ietf-ac-glue"). | |||
| to that AC when requesting VPN services that are bound to the AC | ||||
| ("ietf-ac-glue"). | ||||
| Also, internal references ("ietf-ac-ntw") used within a service | Also, internal references ("ietf-ac-ntw") used within a service | |||
| provider network to implement ACs can be used by network controllers | provider network to implement ACs can be used by network controllers | |||
| to glue the L2NM ("ietf-l2vpn-ntw") or the L3NM ("ietf-l3vpn-ntw") | to glue the L2NM ("ietf-l2vpn-ntw") or the L3NM ("ietf-l3vpn-ntw") | |||
| services with relevant ACs. | services with relevant ACs. | |||
| Figure 3 shows the positioning of the AC models in the overall | Figure 3 shows the positioning of the AC models in the overall | |||
| service delivery process. | service delivery process. | |||
| .-------------. | .-------------. | |||
| skipping to change at page 9, line 41 ¶ | skipping to change at line 322 ¶ | |||
| Models | | | | Models | | | | |||
| .---+---. | | | .---+---. | | | |||
| | Config | | | | | Config | | | | |||
| | Manager | | | | | Manager | | | | |||
| '---+---' | | | '---+---' | | | |||
| | | | | | | | | |||
| NETCONF/CLI....................... | NETCONF/CLI....................... | |||
| | | | | | | | | |||
| .--------------------------------. | .--------------------------------. | |||
| .---. Bearer | | Bearer .---. | .---. Bearer | | Bearer .---. | |||
| |CE#1+--------+ Network +--------+CE#2| | |CE1 +--------+ Network +--------+ CE2| | |||
| '---' | | '---' | '---' | | '---' | |||
| '--------------------------------' | '--------------------------------' | |||
| Site A Site B | Site A Site B | |||
| Figure 3: An Example of AC Models Usage | Figure 3: An Example of AC Models Usage | |||
| 5. Module Tree Structure | 5. Module Tree Structure | |||
| [RFC8299] specifies that a 'site-network-access' attachment is | [RFC8299] specifies that a 'site-network-access' attachment is | |||
| achieved through a 'bearer' with an 'ip-connection' on top. From | achieved through a 'bearer' with an 'ip-connection' on top. From | |||
| that standpoint, a 'site-network-access' is mapped to an attachment | that standpoint, a 'site-network-access' is mapped to an AC with both | |||
| circuit with both Layers 2 and 3 properties per | Layer 2 and Layer 3 properties per [RFC9834]. [RFC8466] specifies | |||
| [I-D.ietf-opsawg-teas-attachment-circuit]. [RFC8466] specifies that | that a 'site-network-access' represents a logical Layer 2 connection | |||
| a 'site-network-access' represents a logical Layer 2 connection to a | to a site. A 'site-network-access' can thus be mapped to an AC with | |||
| site. A 'site-network-access' can thus be mapped to an attachment | Layer 2 properties [RFC9834]. Similarly, 'vpn-network-access' | |||
| circuit with Layer 2 properties | defined in both [RFC9182] and [RFC9291] is mapped to an AC per | |||
| [I-D.ietf-opsawg-teas-attachment-circuit]. Similarly, 'vpn-network- | [RFC9834] or [RFC9835]. | |||
| access' defined in both [RFC9182] and [RFC9291] is mapped to an | ||||
| attachment circuit per [I-D.ietf-opsawg-teas-attachment-circuit] or | ||||
| [I-D.ietf-opsawg-ntw-attachment-circuit]. | ||||
| As such, ACs created using the "ietf-ac-svc" module | As such, ACs created using the "ietf-ac-svc" module [RFC9834] can be | |||
| [I-D.ietf-opsawg-teas-attachment-circuit] can be referenced in other | referenced in other VPN-related modules (e.g., LxSM and LxNM). Also, | |||
| VPN-related modules (e.g., LxSM and LxNM). Also, ACs managed using | ACs managed using the "ietf-ac-ntw" module [RFC9835] can be | |||
| the "ietf-ac-ntw" module [I-D.ietf-opsawg-ntw-attachment-circuit] can | referenced in VPN-related network modules (mainly, the LxNM). The | |||
| be referenced in VPN-related network modules (mainly, the LxNM). The | ||||
| required augmentations to that aim are shown in Figure 4. | required augmentations to that aim are shown in Figure 4. | |||
| module: ietf-ac-glue | module: ietf-ac-glue | |||
| augment /l2vpn-svc:l2vpn-svc/l2vpn-svc:sites/l2vpn-svc:site | augment /l2vpn-svc:l2vpn-svc/l2vpn-svc:sites/l2vpn-svc:site | |||
| /l2vpn-svc:site-network-accesses: | /l2vpn-svc:site-network-accesses: | |||
| +--rw ac-svc-ref* ac-svc:attachment-circuit-reference | +--rw ac-svc-ref* ac-svc:attachment-circuit-reference | |||
| augment /l2vpn-svc:l2vpn-svc/l2vpn-svc:sites/l2vpn-svc:site | augment /l2vpn-svc:l2vpn-svc/l2vpn-svc:sites/l2vpn-svc:site | |||
| /l2vpn-svc:site-network-accesses | /l2vpn-svc:site-network-accesses | |||
| /l2vpn-svc:site-network-access: | /l2vpn-svc:site-network-access: | |||
| +--rw ac-svc-ref? ac-svc:attachment-circuit-reference {ac-glue}? | +--rw ac-svc-ref? ac-svc:attachment-circuit-reference {ac-glue}? | |||
| augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site | augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site | |||
| /l3vpn-svc:site-network-accesses: | /l3vpn-svc:site-network-accesses: | |||
| +--rw ac-svc-ref* ac-svc:attachment-circuit-reference | +--rw ac-svc-ref* ac-svc:attachment-circuit-reference | |||
| augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site | augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site | |||
| /l3vpn-svc:site-network-accesses | /l3vpn-svc:site-network-accesses | |||
| /l3vpn-svc:site-network-access: | /l3vpn-svc:site-network-access: | |||
| +--rw ac-svc-ref? ac-svc:attachment-circuit-reference {ac-glue}? | +--rw ac-svc-ref? ac-svc:attachment-circuit-reference {ac-glue}? | |||
| augment /l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service | augment /l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service | |||
| /l2nm:vpn-nodes/l2nm:vpn-node/l2nm:vpn-network-accesses: | /l2nm:vpn-nodes/l2nm:vpn-node/l2nm:vpn-network-accesses: | |||
| +--rw ac-svc-ref* ac-svc:attachment-circuit-reference | +--rw ac-svc-ref* ac-svc:attachment-circuit-reference | |||
| +--rw ac-ntw-ref* [ac-ref] | +--rw ac-ntw-ref* [ac-ref] | |||
| +--rw ac-ref leafref | +--rw ac-ref leafref | |||
| +--rw node-ref? leafref | +--rw node-ref? leafref | |||
| +--rw network-ref? -> /nw:networks/network/network-id | +--rw network-ref? -> /nw:networks/network/network-id | |||
| augment /l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service | augment /l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service | |||
| /l2nm:vpn-nodes/l2nm:vpn-node/l2nm:vpn-network-accesses | /l2nm:vpn-nodes/l2nm:vpn-node/l2nm:vpn-network-accesses | |||
| /l2nm:vpn-network-access: | /l2nm:vpn-network-access: | |||
| +--rw ac-svc-ref? ac-svc:attachment-circuit-reference {ac-glue}? | +--rw ac-svc-ref? ac-svc:attachment-circuit-reference {ac-glue}? | |||
| +--rw ac-ntw-ref {ac-glue}? | +--rw ac-ntw-ref {ac-glue}? | |||
| +--rw ac-ref? leafref | +--rw ac-ref? leafref | |||
| +--rw node-ref? leafref | +--rw node-ref? leafref | |||
| +--rw network-ref? -> /nw:networks/network/network-id | +--rw network-ref? -> /nw:networks/network/network-id | |||
| augment /l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service | augment /l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service | |||
| /l3nm:vpn-nodes/l3nm:vpn-node/l3nm:vpn-network-accesses: | /l3nm:vpn-nodes/l3nm:vpn-node/l3nm:vpn-network-accesses: | |||
| +--rw ac-svc-ref* ac-svc:attachment-circuit-reference | +--rw ac-svc-ref* ac-svc:attachment-circuit-reference | |||
| +--rw ac-ntw-ref* [ac-ref] | +--rw ac-ntw-ref* [ac-ref] | |||
| +--rw ac-ref leafref | +--rw ac-ref leafref | |||
| +--rw node-ref? leafref | +--rw node-ref? leafref | |||
| +--rw network-ref? -> /nw:networks/network/network-id | +--rw network-ref? -> /nw:networks/network/network-id | |||
| augment /l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service | augment /l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service | |||
| /l3nm:vpn-nodes/l3nm:vpn-node/l3nm:vpn-network-accesses | /l3nm:vpn-nodes/l3nm:vpn-node/l3nm:vpn-network-accesses | |||
| /l3nm:vpn-network-access: | /l3nm:vpn-network-access: | |||
| +--rw ac-svc-ref? ac-svc:attachment-circuit-reference {ac-glue}? | +--rw ac-svc-ref? ac-svc:attachment-circuit-reference {ac-glue}? | |||
| +--rw ac-ntw-ref {ac-glue}? | +--rw ac-ntw-ref {ac-glue}? | |||
| +--rw ac-ref? leafref | +--rw ac-ref? leafref | |||
| +--rw node-ref? leafref | +--rw node-ref? leafref | |||
| +--rw network-ref? -> /nw:networks/network/network-id | +--rw network-ref? -> /nw:networks/network/network-id | |||
| Figure 4: AC Glue Tree Structure | Figure 4: AC Glue Tree Structure | |||
| When an AC is referenced within a specific network access, then that | When an AC is referenced within a specific network access, that AC | |||
| AC information takes precedence over any overlapping information that | information takes precedence over any overlapping information that is | |||
| is also enclosed for this network access. | also enclosed for this network access. | |||
| This approach is consistent with the design in | | This approach is consistent with the design in [YANG-NSS] where | |||
| [I-D.ietf-teas-ietf-network-slice-nbi-yang] where an AC service | | an AC service reference, called 'ac-svc-ref', is used to | |||
| reference, called 'ac-svc-name', is used to indicate the names of | | indicate the names of AC services. As per [YANG-NSS], when | |||
| AC services. As per [I-D.ietf-teas-ietf-network-slice-nbi-yang], | | both 'ac-svc-ref' and the attributes of 'attachment-circuits' | |||
| when both 'ac-svc-name' and the attributes of 'attachment- | | are defined, the 'ac-svc-ref' takes precedence. | |||
| circuits' are defined, the 'ac-svc-name' takes precedence. | ||||
| The "ietf-ac-glue" module includes provisions to reference ACs within | The "ietf-ac-glue" module includes provisions to reference ACs within | |||
| or outside a VPN network access to accommodate deployment contexts | or outside a VPN network access to accommodate deployment contexts | |||
| where an AC reference may be created before or after a VPN instance | where an AC reference may be created before or after a VPN instance | |||
| is created. Appendix A.1 illustrates how an AC reference can be | is created. Appendix A.1 illustrates how an AC reference can be | |||
| included as part of a specific VPN network access, while Appendix A.2 | included as part of a specific VPN network access, while Appendix A.2 | |||
| shows how AC references can be indicated outside individual VPN | shows how AC references can be indicated outside individual VPN | |||
| network access entries. | network access entries. | |||
| 6. The AC Glue ("ietf-ac-glue") YANG Module | 6. The AC Glue ("ietf-ac-glue") YANG Module | |||
| This modules augments the L2SM [RFC8466], the L3SM [RFC8299], the | This modules augments the L2SM [RFC8466], the L3SM [RFC8299], the | |||
| L2NM [RFC9291], and the L3NM [RFC9182]. | L2NM [RFC9291], and the L3NM [RFC9182]. | |||
| This module uses references defined in | This module uses references defined in [RFC9834] and [RFC9835]. | |||
| [I-D.ietf-opsawg-teas-attachment-circuit] and | ||||
| [I-D.ietf-opsawg-ntw-attachment-circuit]. | ||||
| <CODE BEGINS> file "ietf-ac-glue@2025-01-07.yang" | <CODE BEGINS> file "ietf-ac-glue@2025-08-11.yang" | |||
| module ietf-ac-glue { | module ietf-ac-glue { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-ac-glue"; | namespace "urn:ietf:params:xml:ns:yang:ietf-ac-glue"; | |||
| prefix ac-glue; | prefix ac-glue; | |||
| import ietf-l3vpn-svc { | import ietf-l3vpn-svc { | |||
| prefix l3vpn-svc; | prefix l3vpn-svc; | |||
| reference | reference | |||
| "RFC 8299: YANG Data Model for L3VPN Service Delivery"; | "RFC 8299: YANG Data Model for L3VPN Service Delivery"; | |||
| } | } | |||
| skipping to change at page 13, line 14 ¶ | skipping to change at line 451 ¶ | |||
| "RFC 9182: A YANG Network Data Model for Layer 3 VPNs"; | "RFC 9182: A YANG Network Data Model for Layer 3 VPNs"; | |||
| } | } | |||
| import ietf-l2vpn-ntw { | import ietf-l2vpn-ntw { | |||
| prefix l2nm; | prefix l2nm; | |||
| reference | reference | |||
| "RFC 9291: A YANG Network Data Model for Layer 2 VPNs"; | "RFC 9291: A YANG Network Data Model for Layer 2 VPNs"; | |||
| } | } | |||
| import ietf-ac-svc { | import ietf-ac-svc { | |||
| prefix ac-svc; | prefix ac-svc; | |||
| reference | reference | |||
| "RFC SSSS: YANG Data Models for Bearers and 'Attachment | "RFC 9834: YANG Data Models for Bearers and Attachment | |||
| Circuits'-as-a-Service (ACaaS)"; | Circuits as a Service (ACaaS)"; | |||
| } | } | |||
| import ietf-ac-ntw { | import ietf-ac-ntw { | |||
| prefix ac-ntw; | prefix ac-ntw; | |||
| reference | reference | |||
| "RFC NNNN: A Network YANG Data Model for Attachment Circuits"; | "RFC 9835: A Network YANG Data Model for Attachment Circuits"; | |||
| } | } | |||
| organization | organization | |||
| "IETF OPSAWG (Operations and Management Area Working Group)"; | "IETF OPSAWG (Operations and Management Area Working Group)"; | |||
| contact | contact | |||
| "WG Web: <https://datatracker.ietf.org/wg/opsawg/> | "WG Web: <https://datatracker.ietf.org/wg/opsawg/> | |||
| WG List: <mailto:opsawg@ietf.org> | WG List: <mailto:opsawg@ietf.org> | |||
| Editor: Mohamed Boucadair | Editor: Mohamed Boucadair | |||
| <mailto:mohamed.boucadair@orange.com> | <mailto:mohamed.boucadair@orange.com> | |||
| Author: Richard Roberts | Author: Richard Roberts | |||
| <mailto:rroberts@juniper.net> | <mailto:rroberts@juniper.net> | |||
| Author: Samier Barguil | Author: Samier Barguil | |||
| <mailto:ssamier.barguil_giraldo@nokia.com> | <mailto:ssamier.barguil_giraldo@nokia.com> | |||
| Author: Oscar Gonzalez de Dios | Author: Oscar Gonzalez de Dios | |||
| <mailto:oscar.gonzalezdedios@telefonica.com>"; | <mailto:oscar.gonzalezdedios@telefonica.com>"; | |||
| description | description | |||
| "This YANG module defines a YANG model for augmenting the LxSM | "This YANG module defines a YANG data model for augmenting the | |||
| and the LxNM with attachment circuit references. | LxSM and the LxNM with AC references. | |||
| Copyright (c) 2025 IETF Trust and the persons identified as | Copyright (c) 2025 IETF Trust and the persons identified as | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject | |||
| to the license terms contained in, the Revised BSD License | to the license terms contained in, the Revised BSD License | |||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | set forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info). | (https://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX; see the | This version of this YANG module is part of RFC 9836; see the | |||
| RFC itself for full legal notices."; | RFC itself for full legal notices."; | |||
| revision 2025-01-07 { | revision 2025-08-11 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for Augmenting VPN Service | "RFC 9836: A YANG Data Model for Augmenting VPN Service | |||
| and Network Models with Attachment Circuits"; | and Network Models with Attachment Circuits"; | |||
| } | } | |||
| feature ac-glue { | feature ac-glue { | |||
| description | description | |||
| "The VPN implementation supports binding a specific VPN | "The VPN implementation supports binding a specific VPN | |||
| network access or site access to an attachment circuit."; | network access or site access to an AC."; | |||
| } | } | |||
| grouping single-ac-svc-ref { | grouping single-ac-svc-ref { | |||
| description | description | |||
| "A grouping with single reference to a service AC."; | "A grouping with a single reference to a service AC."; | |||
| leaf ac-svc-ref { | leaf ac-svc-ref { | |||
| type ac-svc:attachment-circuit-reference; | type ac-svc:attachment-circuit-reference; | |||
| description | description | |||
| "A reference to the AC as exposed at the service that was | "A reference to the AC as exposed at the service that was | |||
| provisioned using the ACaaS module."; | provisioned using the ACaaS module."; | |||
| } | } | |||
| } | } | |||
| grouping single-ac-svc-ntw-ref { | grouping single-ac-svc-ntw-ref { | |||
| description | description | |||
| skipping to change at page 15, line 34 ¶ | skipping to change at line 567 ¶ | |||
| network module."; | network module."; | |||
| uses ac-ntw:attachment-circuit-reference; | uses ac-ntw:attachment-circuit-reference; | |||
| } | } | |||
| } | } | |||
| augment "/l2vpn-svc:l2vpn-svc" | augment "/l2vpn-svc:l2vpn-svc" | |||
| + "/l2vpn-svc:sites/l2vpn-svc:site" | + "/l2vpn-svc:sites/l2vpn-svc:site" | |||
| + "/l2vpn-svc:site-network-accesses" { | + "/l2vpn-svc:site-network-accesses" { | |||
| description | description | |||
| "Augments VPN site network accesses with AC provisioning | "Augments VPN site network accesses with AC provisioning | |||
| details. Concretely, it binds a site to a set of | details. Concretely, it binds a site to a set of ACs with | |||
| attachment circuits with Layer 2 properties that were | Layer 2 properties that were created using the ACaaS module."; | |||
| created using the ACaaS module."; | ||||
| uses ac-svc-ref; | uses ac-svc-ref; | |||
| } | } | |||
| augment "/l2vpn-svc:l2vpn-svc" | augment "/l2vpn-svc:l2vpn-svc" | |||
| + "/l2vpn-svc:sites/l2vpn-svc:site" | + "/l2vpn-svc:sites/l2vpn-svc:site" | |||
| + "/l2vpn-svc:site-network-accesses" | + "/l2vpn-svc:site-network-accesses" | |||
| + "/l2vpn-svc:site-network-access" { | + "/l2vpn-svc:site-network-access" { | |||
| if-feature "ac-glue"; | if-feature "ac-glue"; | |||
| description | description | |||
| "Augments VPN site network access with AC provisioning | "Augments VPN site network access with AC provisioning | |||
| details. Concretely, it glues a 'site-network-access' | details. Concretely, it glues a 'site-network-access' | |||
| to an attachment circuit with Layer 2 properties that was | to an AC with Layer 2 properties that was created using the | |||
| created using the ACaaS module. | ACaaS module. | |||
| The ACaaS information takes precedence over any overlapping | The ACaaS information takes precedence over any overlapping | |||
| information that is also provided for a site network access."; | information that is also provided for a site network access."; | |||
| uses single-ac-svc-ref; | uses single-ac-svc-ref; | |||
| } | } | |||
| augment "/l3vpn-svc:l3vpn-svc" | augment "/l3vpn-svc:l3vpn-svc" | |||
| + "/l3vpn-svc:sites/l3vpn-svc:site" | + "/l3vpn-svc:sites/l3vpn-svc:site" | |||
| + "/l3vpn-svc:site-network-accesses" { | + "/l3vpn-svc:site-network-accesses" { | |||
| description | description | |||
| "Augments VPN site network accesses with AC provisioning | "Augments VPN site network accesses with AC provisioning | |||
| details. Concretely, it binds a site to a set of attachment | details. Concretely, it binds a site to a set of ACs with | |||
| circuits with both Layers 2 and 3 properties that were | both Layer 2 and Layer 3 properties that were created using | |||
| created using the ACaaS module."; | the ACaaS module."; | |||
| uses ac-svc-ref; | uses ac-svc-ref; | |||
| } | } | |||
| augment "/l3vpn-svc:l3vpn-svc" | augment "/l3vpn-svc:l3vpn-svc" | |||
| + "/l3vpn-svc:sites/l3vpn-svc:site" | + "/l3vpn-svc:sites/l3vpn-svc:site" | |||
| + "/l3vpn-svc:site-network-accesses" | + "/l3vpn-svc:site-network-accesses" | |||
| + "/l3vpn-svc:site-network-access" { | + "/l3vpn-svc:site-network-access" { | |||
| if-feature "ac-glue"; | if-feature "ac-glue"; | |||
| description | description | |||
| "Augments VPN site network access with AC provisioning | "Augments VPN site network access with AC provisioning | |||
| details. Concretely, it glues a 'site-network-access' to an | details. Concretely, it glues a 'site-network-access' to an | |||
| attachment circuit with both Layer 2 and Layer 3 properties | AC with both Layer 2 and Layer 3 properties that was created | |||
| that was created using the ACaaS module. | using the ACaaS module. | |||
| The ACaaS information takes precedence over any overlapping | The ACaaS information takes precedence over any overlapping | |||
| information that is also provided for a site network access."; | information that is also provided for a site network access."; | |||
| uses single-ac-svc-ref; | uses single-ac-svc-ref; | |||
| } | } | |||
| augment "/l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service" | augment "/l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service" | |||
| + "/l2nm:vpn-nodes/l2nm:vpn-node" | + "/l2nm:vpn-nodes/l2nm:vpn-node" | |||
| + "/l2nm:vpn-network-accesses" { | + "/l2nm:vpn-network-accesses" { | |||
| description | description | |||
| "Augments VPN network accesses with both service and network | "Augments VPN network accesses with both service and network | |||
| AC provisioning details. Concretely, it binds a site to (1) | AC provisioning details. Concretely, it binds a site to (1) | |||
| a set of attachment circuits with Layer 2 properties that were | a set of ACs with Layer 2 properties that were created using | |||
| created using the ACaaS module and (2) a set of attachment | the ACaaS module and (2) a set of ACs with Layer 2 properties | |||
| circuits with Layer 2 properties that were provisioned using | that were provisioned using the AC network model."; | |||
| the AC network model."; | ||||
| uses ac-svc-ntw-ref; | uses ac-svc-ntw-ref; | |||
| } | } | |||
| augment "/l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service" | augment "/l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service" | |||
| + "/l2nm:vpn-nodes/l2nm:vpn-node" | + "/l2nm:vpn-nodes/l2nm:vpn-node" | |||
| + "/l2nm:vpn-network-accesses" | + "/l2nm:vpn-network-accesses" | |||
| + "/l2nm:vpn-network-access" { | + "/l2nm:vpn-network-access" { | |||
| if-feature "ac-glue"; | if-feature "ac-glue"; | |||
| description | description | |||
| "Augments VPN network access with service and network | "Augments VPN network access with service and network | |||
| references to an AC. Concretely, it glues a VPN network | references to an AC. Concretely, it glues a VPN network | |||
| access to (1) an attachment circuit with Layer 2 properties | access to (1) an AC with Layer 2 properties | |||
| that was created using the ACaaS module and (2) an attachment | that was created using the ACaaS module and (2) an AC with | |||
| circuit with Layer 2 properties that was created using the AC | Layer 2 properties that was created using the AC network | |||
| network module. | module. | |||
| The AC service and network information takes precedence over | The AC service and network information takes precedence over | |||
| any overlapping information that is also provided for a VPN | any overlapping information that is also provided for a VPN | |||
| network access."; | network access."; | |||
| uses single-ac-svc-ntw-ref; | uses single-ac-svc-ntw-ref; | |||
| } | } | |||
| augment "/l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service" | augment "/l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service" | |||
| + "/l3nm:vpn-nodes/l3nm:vpn-node" | + "/l3nm:vpn-nodes/l3nm:vpn-node" | |||
| + "/l3nm:vpn-network-accesses" { | + "/l3nm:vpn-network-accesses" { | |||
| description | description | |||
| "Augments VPN network accesses with both service and network | "Augments VPN network accesses with both service and network | |||
| AC provisioning details. Concretely, it binds a site to (1) | AC provisioning details. Concretely, it binds a site to (1) | |||
| a set of attachment circuits with both Layer 2 and Layer 3 | a set of ACs with both Layer 2 and Layer 3 properties that | |||
| properties that were created using the ACaaS module and (2) | were created using the ACaaS module and (2) a set of ACs with | |||
| a set of attachment circuits with both Layer 2 and Layer 3 | both Layer 2 and Layer 3 properties that were provisioned | |||
| properties that were provisioned using the AC network model."; | using the AC network model."; | |||
| uses ac-svc-ntw-ref; | uses ac-svc-ntw-ref; | |||
| } | } | |||
| augment "/l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service" | augment "/l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service" | |||
| + "/l3nm:vpn-nodes/l3nm:vpn-node" | + "/l3nm:vpn-nodes/l3nm:vpn-node" | |||
| + "/l3nm:vpn-network-accesses" | + "/l3nm:vpn-network-accesses" | |||
| + "/l3nm:vpn-network-access" { | + "/l3nm:vpn-network-access" { | |||
| if-feature "ac-glue"; | if-feature "ac-glue"; | |||
| description | description | |||
| "Augments VPN network access with service and network | "Augments VPN network access with service and network | |||
| references to an AC. Concretely, it glues a VPN network | references to an AC. Concretely, it glues a VPN network | |||
| access to (1) an attachment circuit with both Layer 2 and | access to (1) an AC with both Layer 2 and Layer 3 properties | |||
| Layer 3 properties that was created using the ACaaS module | that was created using the ACaaS module and (2) an AC with | |||
| and (2) an attachment circuit with both Layer 2 and Layer 3 | both Layer 2 and Layer 3 properties that was created using the | |||
| properties that was created using the AC network module. | AC network module. | |||
| The AC service and network information takes precedence over | The AC service and network information takes precedence over | |||
| any overlapping information that is also provided for a VPN | any overlapping information that is also provided for a VPN | |||
| network access."; | network access."; | |||
| uses single-ac-svc-ntw-ref; | uses single-ac-svc-ntw-ref; | |||
| } | } | |||
| } | } | |||
| <CODE ENDS> | <CODE ENDS> | |||
| 7. Security Considerations | 7. Security Considerations | |||
| This section is modeled after the template described in Section 3.7 | This section is modeled after the template described in Section 3.7 | |||
| of [I-D.ietf-netmod-rfc8407bis]. | of [YANG-GUIDELINES]. | |||
| The "ietf-ac-common" YANG module defines a data model that is | The "ietf-ac-common" YANG module defines a data model that is | |||
| designed to be accessed via YANG-based management protocols, such as | designed to be accessed via YANG-based management protocols, such as | |||
| NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols have to | NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols have to | |||
| use a secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and | use a secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and | |||
| QUIC [RFC9000]) and have to use mutual authentication. | QUIC [RFC9000]) and have to use mutual authentication. | |||
| The Network Configuration Access Control Model (NACM) [RFC8341] | The Network Configuration Access Control Model (NACM) [RFC8341] | |||
| provides the means to restrict access for particular NETCONF or | provides the means to restrict access for particular NETCONF or | |||
| RESTCONF users to a preconfigured subset of all available NETCONF or | RESTCONF users to a preconfigured subset of all available NETCONF or | |||
| RESTCONF protocol operations and content. | RESTCONF protocol operations and content. | |||
| There are a number of data nodes defined in this YANG module that are | There are a number of data nodes defined in this YANG module that are | |||
| writable/creatable/deletable (i.e., config true, which is the | writable/creatable/deletable (i.e., "config true", which is the | |||
| default). These data nodes may be considered sensitive or vulnerable | default). All writable data nodes are likely to be reasonably | |||
| in some network environments. Write operations (e.g., edit-config) | sensitive or vulnerable in some network environments. Write | |||
| and delete operations to these data nodes without proper protection | operations (e.g., edit-config) and delete operations to these data | |||
| or authentication can have a negative effect on network operations. | nodes without proper protection or authentication can have a negative | |||
| Specifically, the following subtrees and data nodes have particular | effect on network operations. The following subtrees and data nodes | |||
| sensitivities/vulnerabilities: | have particular sensitivities/vulnerabilities: | |||
| 'ac-svc-ref' and 'ac-ntw-ref': An attacker who is able to access | 'ac-svc-ref' and 'ac-ntw-ref': An attacker who is able to access | |||
| network nodes can undertake various attacks, such as deleting a | network nodes can undertake various attacks, such as deleting a | |||
| running VPN service, interrupting all the traffic of a client. | running VPN service, interrupting all the traffic of a client. | |||
| Specifically, an attacker may modify (including delete) the ACs | Specifically, an attacker may modify (including delete) the ACs | |||
| that are bound to a running service, leading to malfunctioning of | that are bound to a running service, leading to malfunctioning of | |||
| the service and therefore to Service Level Agreement (SLA) | the service and therefore to Service Level Agreement (SLA) | |||
| violations. : Such activity can be detected by adequately | violations. Such activity can be detected by adequately | |||
| monitoring and tracking network configuration changes. | monitoring and tracking network configuration changes. | |||
| Some of the readable data nodes in this YANG module may be considered | Some of the readable data nodes in this YANG module may be considered | |||
| sensitive or vulnerable in some network environments. It is thus | sensitive or vulnerable in some network environments. It is thus | |||
| important to control read access (e.g., via get, get-config, or | important to control read access (e.g., via get, get-config, or | |||
| notification) to these data nodes. Specifically, the following | notification) to these data nodes. Specifically, the following | |||
| subtrees and data nodes have particular sensitivities/ | subtrees and data nodes have particular sensitivities/ | |||
| vulnerabilities: | vulnerabilities: | |||
| 'ac-svc-ref' and 'ac-ntw-ref': These references do not expose per se | 'ac-svc-ref' and 'ac-ntw-ref': These references do not expose | |||
| privacy-related information, however 'ac-svc-ref' may be used to | privacy-related information per se; however, 'ac-svc-ref' may be | |||
| track the set of VPN instances in which a given customer is | used to track the set of VPN instances in which a given customer | |||
| involved. | is involved. | |||
| Note that, unlike 'ac-svc-ref', 'ac-ntw-ref' is unique within the | Note that, unlike 'ac-svc-ref', 'ac-ntw-ref' is unique within the | |||
| scope of a node and may multiplex many peer CEs. | scope of a node and may multiplex many peer CEs. | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| IANA is requested to register the following URI in the "ns" | IANA has registered the following URI in the "ns" subregistry within | |||
| subregistry within the "IETF XML Registry" [RFC3688]: | the "IETF XML Registry" [RFC3688]: | |||
| URI: urn:ietf:params:xml:ns:yang:ietf-ac-glue | URI: urn:ietf:params:xml:ns:yang:ietf-ac-glue | |||
| Registrant Contact: The IESG. | Registrant Contact: The IESG. | |||
| XML: N/A; the requested URI is an XML namespace. | XML: N/A; the requested URI is an XML namespace. | |||
| IANA is requested to register the following YANG module in the "YANG | IANA has registered the following YANG module in the "YANG Module | |||
| Module Names" registry [RFC6020] within the "YANG Parameters" | Names" registry [RFC6020] within the "YANG Parameters" registry | |||
| registry group: | group: | |||
| Name: ietf-ac-glue | Name: ietf-ac-glue | |||
| Namespace: urn:ietf:params:xml:ns:yang:ietf-ac-glue | Maintained by IANA? N | |||
| Prefix: ac-glue | Namespace: urn:ietf:params:xml:ns:yang:ietf-ac-glue | |||
| Maintained by IANA? N | Prefix: ac-glue | |||
| Reference: RFC XXXX | Reference: RFC 9836 | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [I-D.ietf-opsawg-ntw-attachment-circuit] | ||||
| Boucadair, M., Roberts, R., de Dios, O. G., Barguil, S., | ||||
| and B. Wu, "A Network YANG Data Model for Attachment | ||||
| Circuits", Work in Progress, Internet-Draft, draft-ietf- | ||||
| opsawg-ntw-attachment-circuit-15, 9 January 2025, | ||||
| <https://datatracker.ietf.org/doc/html/draft-ietf-opsawg- | ||||
| ntw-attachment-circuit-15>. | ||||
| [I-D.ietf-opsawg-teas-attachment-circuit] | ||||
| Boucadair, M., Roberts, R., de Dios, O. G., Barguil, S., | ||||
| and B. Wu, "YANG Data Models for Bearers and 'Attachment | ||||
| Circuits'-as-a-Service (ACaaS)", Work in Progress, | ||||
| Internet-Draft, draft-ietf-opsawg-teas-attachment-circuit- | ||||
| 19, 9 January 2025, | ||||
| <https://datatracker.ietf.org/doc/html/draft-ietf-opsawg- | ||||
| teas-attachment-circuit-19>. | ||||
| [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | |||
| DOI 10.17487/RFC3688, January 2004, | DOI 10.17487/RFC3688, January 2004, | |||
| <https://www.rfc-editor.org/rfc/rfc3688>. | <https://www.rfc-editor.org/info/rfc3688>. | |||
| [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for | [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for | |||
| the Network Configuration Protocol (NETCONF)", RFC 6020, | the Network Configuration Protocol (NETCONF)", RFC 6020, | |||
| DOI 10.17487/RFC6020, October 2010, | DOI 10.17487/RFC6020, October 2010, | |||
| <https://www.rfc-editor.org/rfc/rfc6020>. | <https://www.rfc-editor.org/info/rfc6020>. | |||
| [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, | [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, | |||
| "YANG Data Model for L3VPN Service Delivery", RFC 8299, | "YANG Data Model for L3VPN Service Delivery", RFC 8299, | |||
| DOI 10.17487/RFC8299, January 2018, | DOI 10.17487/RFC8299, January 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8299>. | <https://www.rfc-editor.org/info/rfc8299>. | |||
| [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration | [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration | |||
| Access Control Model", STD 91, RFC 8341, | Access Control Model", STD 91, RFC 8341, | |||
| DOI 10.17487/RFC8341, March 2018, | DOI 10.17487/RFC8341, March 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8341>. | <https://www.rfc-editor.org/info/rfc8341>. | |||
| [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | |||
| and R. Wilton, "Network Management Datastore Architecture | and R. Wilton, "Network Management Datastore Architecture | |||
| (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8342>. | <https://www.rfc-editor.org/info/rfc8342>. | |||
| [RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG | [RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG | |||
| Data Model for Layer 2 Virtual Private Network (L2VPN) | Data Model for Layer 2 Virtual Private Network (L2VPN) | |||
| Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October | Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October | |||
| 2018, <https://www.rfc-editor.org/rfc/rfc8466>. | 2018, <https://www.rfc-editor.org/info/rfc8466>. | |||
| [RFC9182] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M., | [RFC9182] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M., | |||
| Ed., Munoz, L., and A. Aguado, "A YANG Network Data Model | Ed., Munoz, L., and A. Aguado, "A YANG Network Data Model | |||
| for Layer 3 VPNs", RFC 9182, DOI 10.17487/RFC9182, | for Layer 3 VPNs", RFC 9182, DOI 10.17487/RFC9182, | |||
| February 2022, <https://www.rfc-editor.org/rfc/rfc9182>. | February 2022, <https://www.rfc-editor.org/info/rfc9182>. | |||
| [RFC9291] Boucadair, M., Ed., Gonzalez de Dios, O., Ed., Barguil, | [RFC9291] Boucadair, M., Ed., Gonzalez de Dios, O., Ed., Barguil, | |||
| S., and L. Munoz, "A YANG Network Data Model for Layer 2 | S., and L. Munoz, "A YANG Network Data Model for Layer 2 | |||
| VPNs", RFC 9291, DOI 10.17487/RFC9291, September 2022, | VPNs", RFC 9291, DOI 10.17487/RFC9291, September 2022, | |||
| <https://www.rfc-editor.org/rfc/rfc9291>. | <https://www.rfc-editor.org/info/rfc9291>. | |||
| 9.2. Informative References | ||||
| [I-D.ietf-netmod-rfc8407bis] | [RFC9834] Boucadair, M., Ed., Roberts, R., Ed., Gonzalez de Dios, | |||
| Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for | O., Barguil, S., and B. Wu, "YANG Data Models for Bearers | |||
| Authors and Reviewers of Documents Containing YANG Data | and Attachment Circuits as a Service (ACaaS)", RFC 9834, | |||
| Models", Work in Progress, Internet-Draft, draft-ietf- | DOI 10.17487/RFC9834, September 2025, | |||
| netmod-rfc8407bis-22, 14 January 2025, | <https://www.rfc-editor.org/info/rfc9834>. | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-netmod- | ||||
| rfc8407bis-22>. | ||||
| [I-D.ietf-opsawg-teas-common-ac] | [RFC9835] Boucadair, M., Ed., Roberts, R., Gonzalez de Dios, O., | |||
| Boucadair, M., Roberts, R., de Dios, O. G., Barguil, S., | Barguil, S., and B. Wu, "A Network YANG Data Model for | |||
| and B. Wu, "A Common YANG Data Model for Attachment | Attachment Circuits", RFC 9835, DOI 10.17487/RFC9835, | |||
| Circuits", Work in Progress, Internet-Draft, draft-ietf- | September 2025, <https://www.rfc-editor.org/info/rfc9835>. | |||
| opsawg-teas-common-ac-15, 23 January 2025, | ||||
| <https://datatracker.ietf.org/doc/html/draft-ietf-opsawg- | ||||
| teas-common-ac-15>. | ||||
| [I-D.ietf-teas-ietf-network-slice-nbi-yang] | 9.2. Informative References | |||
| Wu, B., Dhody, D., Rokui, R., Saad, T., and J. Mullooly, | ||||
| "A YANG Data Model for the RFC 9543 Network Slice | ||||
| Service", Work in Progress, Internet-Draft, draft-ietf- | ||||
| teas-ietf-network-slice-nbi-yang-18, 21 January 2025, | ||||
| <https://datatracker.ietf.org/doc/html/draft-ietf-teas- | ||||
| ietf-network-slice-nbi-yang-18>. | ||||
| [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252, | Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252, | |||
| January 2006, <https://www.rfc-editor.org/rfc/rfc4252>. | January 2006, <https://www.rfc-editor.org/info/rfc4252>. | |||
| [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private | [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private | |||
| Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February | Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February | |||
| 2006, <https://www.rfc-editor.org/rfc/rfc4364>. | 2006, <https://www.rfc-editor.org/info/rfc4364>. | |||
| [RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer | [RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer | |||
| 2 Virtual Private Networks (L2VPNs)", RFC 4664, | 2 Virtual Private Networks (L2VPNs)", RFC 4664, | |||
| DOI 10.17487/RFC4664, September 2006, | DOI 10.17487/RFC4664, September 2006, | |||
| <https://www.rfc-editor.org/rfc/rfc4664>. | <https://www.rfc-editor.org/info/rfc4664>. | |||
| [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | |||
| and A. Bierman, Ed., "Network Configuration Protocol | and A. Bierman, Ed., "Network Configuration Protocol | |||
| (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | |||
| <https://www.rfc-editor.org/rfc/rfc6241>. | <https://www.rfc-editor.org/info/rfc6241>. | |||
| [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function | [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function | |||
| Chaining (SFC) Architecture", RFC 7665, | Chaining (SFC) Architecture", RFC 7665, | |||
| DOI 10.17487/RFC7665, October 2015, | DOI 10.17487/RFC7665, October 2015, | |||
| <https://www.rfc-editor.org/rfc/rfc7665>. | <https://www.rfc-editor.org/info/rfc7665>. | |||
| [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | |||
| Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | |||
| <https://www.rfc-editor.org/rfc/rfc8040>. | <https://www.rfc-editor.org/info/rfc8040>. | |||
| [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | |||
| BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, | BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8340>. | <https://www.rfc-editor.org/info/rfc8340>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | |||
| Multiplexed and Secure Transport", RFC 9000, | Multiplexed and Secure Transport", RFC 9000, | |||
| DOI 10.17487/RFC9000, May 2021, | DOI 10.17487/RFC9000, May 2021, | |||
| <https://www.rfc-editor.org/rfc/rfc9000>. | <https://www.rfc-editor.org/info/rfc9000>. | |||
| [RFC9408] Boucadair, M., Ed., Gonzalez de Dios, O., Barguil, S., Wu, | [RFC9408] Boucadair, M., Ed., Gonzalez de Dios, O., Barguil, S., Wu, | |||
| Q., and V. Lopez, "A YANG Network Data Model for Service | Q., and V. Lopez, "A YANG Network Data Model for Service | |||
| Attachment Points (SAPs)", RFC 9408, DOI 10.17487/RFC9408, | Attachment Points (SAPs)", RFC 9408, DOI 10.17487/RFC9408, | |||
| June 2023, <https://www.rfc-editor.org/rfc/rfc9408>. | June 2023, <https://www.rfc-editor.org/info/rfc9408>. | |||
| [RFC9833] Boucadair, M., Ed., Roberts, R., Ed., Gonzalez de Dios, | ||||
| O., Barguil, S., and B. Wu, "A Common YANG Data Model for | ||||
| Attachment Circuits", RFC 9833, DOI 10.17487/RFC9833, | ||||
| September 2025, <https://www.rfc-editor.org/info/rfc9833>. | ||||
| [YANG-GUIDELINES] | ||||
| Bierman, A., Boucadair, M., Ed., and Q. Wu, "Guidelines | ||||
| for Authors and Reviewers of Documents Containing YANG | ||||
| Data Models", Work in Progress, Internet-Draft, draft- | ||||
| ietf-netmod-rfc8407bis-22, 14 January 2025, | ||||
| <https://datatracker.ietf.org/doc/html/draft-ietf-netmod- | ||||
| rfc8407bis-22>. | ||||
| [YANG-NSS] Wu, B., Dhody, D., Rokui, R., Saad, T., and J. Mullooly, | ||||
| "A YANG Data Model for the RFC 9543 Network Slice | ||||
| Service", Work in Progress, Internet-Draft, draft-ietf- | ||||
| teas-ietf-network-slice-nbi-yang-25, 9 May 2025, | ||||
| <https://datatracker.ietf.org/doc/html/draft-ietf-teas- | ||||
| ietf-network-slice-nbi-yang-25>. | ||||
| Appendix A. Examples | Appendix A. Examples | |||
| A.1. A Service AC Reference within The VPN Network Access | A.1. A Service AC Reference Within the VPN Network Access | |||
| Let us consider the example depicted in Figure 5 which is inspired | Let us consider the example depicted in Figure 5, which is inspired | |||
| from Section 2.1 of [RFC4664]. Each PE is servicing two CEs. Let us | from Section 2.1 of [RFC4664]. Each PE is servicing two CEs. Let us | |||
| also assume that the service references to identify attachment | also assume that the service references to identify ACs with these | |||
| circuits with these CEs are shown in the figure. | CEs are shown in Figure 5. | |||
| .----. .----. | .----. .----. | |||
| | | AC1 AC2 | | | | | AC1 AC2 | | | |||
| | CE1 |--+ 2001:db8:100::1 2001:db8:200::1 +--| CE2 | | | CE1 |--+ 2001:db8:100::1 2001:db8:200::1 +--| CE2 | | |||
| | | | .-----. .-----. .-----. | | | | | | | .-----. .-----. .-----. | | | | |||
| '----' +----|---- | | P | | ----+----+ '----' | '----' +----|---- | | P | | ----+----+ '----' | |||
| |VPWS\----|-----|-----|/VPWS| | |VPWS\----|-----|-----|/VPWS| | |||
| | PE1 |===|=====|=====| PE2 | | | PE1 |===|=====|=====| PE2 | | |||
| | /|---|-----|-----|\\ | | | /|---|-----|-----|\\ | | |||
| .----. +----|---- | | | | ----|----+ .----. | .----. +----|---- | | | | ----|----+ .----. | |||
| skipping to change at page 26, line 4 ¶ | skipping to change at line 1056 ¶ | |||
| admin-up" | admin-up" | |||
| }, | }, | |||
| "ietf-ac-glue:ac-svc-ref":"AC4" | "ietf-ac-glue:ac-svc-ref":"AC4" | |||
| } | } | |||
| } | } | |||
| ] | ] | |||
| } | } | |||
| } | } | |||
| ] | ] | |||
| } | } | |||
| } | } | |||
| ] | ] | |||
| } | } | |||
| } | } | |||
| } | } | |||
| Figure 6: Example of VPWS Creation with AC Service References | Figure 6: Example of VPWS Creation with AC Service References | |||
| A.2. Network and Service AC References | A.2. Network and Service AC References | |||
| Let us consider the example depicted in Figure 7 with two customer | Let us consider the example depicted in Figure 7 with two customer | |||
| termination points (CE1 and CE2). Let us also assume that the | termination points (CE1 and CE2). Let us also assume that the | |||
| bearers to attach these CEs to the service provider network are | bearers to attach these CEs to the service provider network are | |||
| already in place. References to identify these bearers are shown in | already in place. References to identify these bearers are shown in | |||
| the figure. | Figure 7. | |||
| .-----. .--------------. .-----. | .-----. .--------------. .-----. | |||
| .---. | PE1 +===+ +===+ PE2 | .---. | .---. | PE1 +===+ +===+ PE2 | .---. | |||
| | CE1+------+"450"| | MPLS | |"451"+------+ CE2| | | CE1+------+"450"| | MPLS | |"451"+------+ CE2| | |||
| '---' ^ '-----' | | '-----' ^ '---' | '---' ^ '-----' | | '-----' ^ '---' | |||
| | | Core | | | | | Core | | | |||
| Bearer:1234 '--------------' Bearer:5678 | Bearer:1234 '--------------' Bearer:5678 | |||
| Figure 7: Topology Example | Figure 7: Topology Example | |||
| The AC service model [I-D.ietf-opsawg-teas-attachment-circuit] can be | The AC service model [RFC9834] can be used by the provider to manage | |||
| used by the provider to manage and expose the ACs over existing | and expose the ACs over existing bearers as shown in Figure 8. | |||
| bearers as shown in Figure 8. | ||||
| { | { | |||
| "ietf-ac-svc:attachment-circuits": { | "ietf-ac-svc:attachment-circuits": { | |||
| "ac-group-profile": [ | "ac-group-profile": [ | |||
| { | { | |||
| "name": "an-ac-profile", | "name": "an-ac-profile", | |||
| "l2-connection": { | "l2-connection": { | |||
| "encapsulation": { | "encapsulation": { | |||
| "type": "ietf-vpn-common:dot1q", | "type": "ietf-vpn-common:dot1q", | |||
| "dot1q": { | "dot1q": { | |||
| skipping to change at page 28, line 4 ¶ | skipping to change at line 1151 ¶ | |||
| "name": "ac-2", | "name": "ac-2", | |||
| "description": "Second attachment", | "description": "Second attachment", | |||
| "ac-group-profile": [ | "ac-group-profile": [ | |||
| "an-ac-profile" | "an-ac-profile" | |||
| ], | ], | |||
| "l2-connection": { | "l2-connection": { | |||
| "bearer-reference": "5678" | "bearer-reference": "5678" | |||
| } | } | |||
| } | } | |||
| ] | ] | |||
| } | } | |||
| } | } | |||
| Figure 8: ACs Created Using ACaaS | Figure 8: ACs Created Using ACaaS | |||
| Let us now consider that the customer wants to request a VPLS | Let us now consider that the customer wants to request a Virtual | |||
| instance between the sites as shown in Figure 9. | Private LAN Service (VPLS) instance between the sites as shown in | |||
| Figure 9. | ||||
| |---------- VPLS "1543" ----------| | |---------- VPLS "1543" ----------| | |||
| .-----. .--------------. .-----. | .-----. .--------------. .-----. | |||
| .---. AC1 | PE1 +===+ +===+ PE2 | AC2 .---. | .---. AC1 | PE1 +===+ +===+ PE2 | AC2 .---. | |||
| | CE1+------+"450"| | MPLS | |"451"+------+ CE2| | | CE1+------+"450"| | MPLS | |"451"+------+ CE2| | |||
| '---' ^ '-----' | | '-----' ^ '---' | '---' ^ '-----' | | '-----' ^ '---' | |||
| | | Core | | | | | Core | | | |||
| Bearer:1234 '--------------' Bearer:5678 | Bearer:1234 '--------------' Bearer:5678 | |||
| Figure 9: Example of VPLS | Figure 9: Example of VPLS | |||
| To that aim, existing ACs are referenced during the creation of the | To that aim, existing ACs are referenced during the creation of the | |||
| VPLS instance using the L2NM [RFC9291] and the "ietf-ac-glue" as | VPLS instance using the L2NM [RFC9291] and the "ietf-ac-glue" module | |||
| shown in Figure 10. | as shown in Figure 10. | |||
| { | { | |||
| "ietf-l2vpn-ntw:l2vpn-ntw": { | "ietf-l2vpn-ntw:l2vpn-ntw": { | |||
| "vpn-services": { | "vpn-services": { | |||
| "vpn-service": [ | "vpn-service": [ | |||
| { | { | |||
| "vpn-id": "1543", | "vpn-id": "1543", | |||
| "vpn-name": "CORPO-EXAMPLE", | "vpn-name": "CORPO-EXAMPLE", | |||
| "customer-name": "EXAMPLE", | "customer-name": "EXAMPLE", | |||
| "vpn-type": "ietf-vpn-common:vpls", | "vpn-type": "ietf-vpn-common:vpls", | |||
| skipping to change at page 31, line 32 ¶ | skipping to change at line 1305 ¶ | |||
| } | } | |||
| } | } | |||
| ] | ] | |||
| } | } | |||
| ] | ] | |||
| } | } | |||
| Figure 11: Example of SAP Response (Message Body) | Figure 11: Example of SAP Response (Message Body) | |||
| The response in Figure 11 indicates that the VPLS service can be | The response in Figure 11 indicates that the VPLS service can be | |||
| delivered to CE1. [I-D.ietf-opsawg-ntw-attachment-circuit] can be | delivered to CE1. The "ietf-ac-ntw" module [RFC9835] can be also | |||
| also used to access AC-related details that are bound to the target | used to access AC-related details that are bound to the target SAP | |||
| SAP (Figure 12). | (Figure 12). | |||
| { | { | |||
| "ietf-sap-ntw:service":[ | "ietf-sap-ntw:service":[ | |||
| { | { | |||
| "service-type":"ietf-vpn-common:vpls", | "service-type":"ietf-vpn-common:vpls", | |||
| "sap":[ | "sap":[ | |||
| { | { | |||
| "sap-id":"sap#1", | "sap-id":"sap#1", | |||
| "peer-sap-id":[ | "peer-sap-id":[ | |||
| "ce-1" | "ce-1" | |||
| skipping to change at page 32, line 50 ¶ | skipping to change at line 1354 ¶ | |||
| ] | ] | |||
| } | } | |||
| ] | ] | |||
| } | } | |||
| ] | ] | |||
| } | } | |||
| Figure 12: Example of AC Network Response with SAP (Message Body) | Figure 12: Example of AC Network Response with SAP (Message Body) | |||
| The provisioned AC at PE1 can be retrieved using the AC network model | The provisioned AC at PE1 can be retrieved using the AC network model | |||
| [I-D.ietf-opsawg-ntw-attachment-circuit] as depicted in Figure 13. | [RFC9835] as depicted in Figure 13. | |||
| { | { | |||
| "ietf-ac-ntw:ac":[ | "ietf-ac-ntw:ac":[ | |||
| { | { | |||
| "name":"ac-11", | "name":"ac-11", | |||
| "svc-ref":"ac-1", | "svc-ref":"ac-1", | |||
| "peer-sap-id":[ | "peer-sap-id":[ | |||
| "ce-1" | "ce-1" | |||
| ], | ], | |||
| "status":{ | "status":{ | |||
| skipping to change at page 34, line 22 ¶ | skipping to change at line 1422 ¶ | |||
| } | } | |||
| ] | ] | |||
| } | } | |||
| Figure 13: Example of AC Network Response (Message Body) | Figure 13: Example of AC Network Response (Message Body) | |||
| Acknowledgments | Acknowledgments | |||
| Thanks to Bo Wu and Qin Wu for the review and comments. | Thanks to Bo Wu and Qin Wu for the review and comments. | |||
| Thanks to Martin Björklund for the yangdoctors review, Gyan Mishra | Thanks to Martin Björklund for the YANG Doctors review, Gyan Mishra | |||
| for the rtg-dir review, Ron Bonica for the opsdir review, Reese | for the RTGDIR review, Ron Bonica for the OPSDIR review, Reese | |||
| Enghardt for the genart review, and Prachi Jain for the sec-dir | Enghardt for the GENART review, and Prachi Jain for the SECDIR | |||
| review. | review. | |||
| Thanks to Mahesh Jethanandani for the AD review. | Thanks to Mahesh Jethanandani for the AD review. | |||
| Thanks to Gunter Van de Velde for the IESG review. | Thanks to Gunter Van de Velde for the IESG review. | |||
| Authors' Addresses | Authors' Addresses | |||
| Mohamed Boucadair (editor) | Mohamed Boucadair (editor) | |||
| Orange | Orange | |||
| Email: mohamed.boucadair@orange.com | Email: mohamed.boucadair@orange.com | |||
| Richard Roberts | Richard Roberts | |||
| Juniper | Juniper | |||
| Email: rroberts@juniper.net | Email: rroberts@juniper.net | |||
| Samier Barguil Giraldo | Samier Barguil | |||
| Nokia | Nokia | |||
| Email: samier.barguil_giraldo@nokia.com | Email: samier.barguil_giraldo@nokia.com | |||
| Oscar Gonzalez de Dios | Oscar Gonzalez de Dios | |||
| Telefonica | Telefonica | |||
| Email: oscar.gonzalezdedios@telefonica.com | Email: oscar.gonzalezdedios@telefonica.com | |||
| End of changes. 103 change blocks. | ||||
| 371 lines changed or deleted | 306 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||