blob: dbd60dc36bcfe446e741ae253c77d4e9a9e4d709 [file] [log] [blame]
module ietf-l3vpn-svc {
namespace "urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc";
prefix l3vpn-svc;
import ietf-inet-types {
prefix inet;
}
import ietf-yang-types {
prefix yang;
}
organization
"IETF L3SM Working Group";
contact
"WG List: <mailto:l3sm@ietf.org>
Editor:
";
description
"The YANG module defines a generic service configuration
model for Layer 3 VPN common across all of the vendor
implementations.";
revision 2016-07-30 {
description
"Eliminated warnings";
reference
"draft-ietf-l3sm-l3vpn-service-yang-11";
}
revision 2016-07-05 {
description
"Draft text update";
reference
"draft-ietf-l3sm-l3vpn-service-yang-11";
}
revision 2016-06-27 {
description
"
* Removed templates
* Add site-network-access-type
* Add a leaf number-of-dynamic-address in case
of pe-dhcp addressing;
";
reference "draft-ietf-l3sm-l3vpn-service-yang-10";
}
revision 2016-06-10 {
description
"Add site-vpn-flavor NNI";
reference "draft-ietf-l3sm-l3vpn-service-yang-09";
}
revision 2016-06-09 {
description
"Traffic protection moved to site level.
Decouple operational-requirements in two containers.
";
reference "draft-ietf-l3sm-l3vpn-service-yang-08";
}
revision 2016-06-06 {
description
"Set config false to actual-site-start and stop
Add a container before cloud-access list
Add a container before authorized-sites list
Add a container before denied-sites list
Modified access-diversity modeling
Replacing type placement diversity by an identity";
reference "draft-ietf-l3sm-l3vpn-service-yang-07";
}
revision 2016-04-19 {
description
"* remove reference to core routing model :
created new address family identities
* added features
* Modified bearer parameters
* Modified union for ipv4/ipv6 addresses to ip-address
type
* Add BSR parameters for multicast
* Add applications matching for QoS classification
";
reference "draft-ietf-l3sm-l3vpn-service-yang-06";
}
revision 2016-04-05 {
description
"
* Added linecard diverse for site diversity
* Added a new diversity enum in placement-diversity : none
* Added state to site location
";
reference "";
}
revision 2016-03-11 {
description
"
* Modify VPN policy and creating a vpn-policy-list
* Add VPN policy reference and VPN ID reference
under site-network-access
";
reference "draft-ietf-l3sm-l3vpn-service-yang-05";
}
revision 2016-01-04 {
description
"
* Add extranet-vpn container in vpn-svc
* Creating top level containers
* Refine groupings
* Added site-vpn-flavor
";
reference "draft-ietf-l3sm-l3vpn-service-yang-03";
}
revision 2016-01-04 {
description
"
* qos-profile moved to choice
* vpn leaf moved to vpn-id in vpn-policy
* added ordered-by user to qos classification list
* moved traffic protection to access availability
* creating a choice in matching filter for VPN policy
* added dot1p matching field in flow-definition
";
reference "";
}
revision 2015-12-07 {
description
"
* A site is now a collection of site-accesses.
This was introduced to support M to N availability.
* Site-availability has been removed, replaced by
availability parameters under site-accesses
* Added transport-constraints within vpn-svc
";
reference "draft-ietf-l3sm-l3vpn-service-yang-02";
}
revision 2015-11-03 {
description "
* Add ToS support in match-flow
* nexthop in cascaded lan as mandatory
* customer-specific-info deleted and moved to routing
protocols
* customer-lan-connection modified : need prefix and CE address
* add choice in managing PE-CE addressing
* Simplifying traffic protection
";
reference "";
}
revision 2015-09-10 {
description "
* Refine groupings for vpn-svc
* Removed name in vpn-svc
* id in vpn-svc moved to string
* Rename id in vpn-svc to vpn-id
* Changed key of vpn-svc list to vpn-id
* Add DSCP support in flow definition
";
reference "";
}
revision 2015-08-07 {
description
"
Multicast :
* Removed ACL from security
* Add FW for site and cloud access
";
reference "";
}
revision 2015-08-05 {
description
"
Multicast :
* Removed anycast-rp identity as discovery mechanism
* Added rp-group mappings for multicast
* Added flag for provider managed RP.
";
reference "";
}
revision 2015-08-03 {
description
" * Creating multiple reusable groupings
* Added mpls leaf in vpn-svc for carrier's carrier case
* Modify identity single to single-site
* Modify site-type to site-role and also child identities.
* Creating OAM container under site and moved BFD in.
* Creating flow-definition grouping to be reused
in ACL, QoS ...
* Simplified VPN policy.
* Adding multicast static group to RP mappings.
* Removed native-vpn and site-role from global site
cfg, now managed within the VPN policy.
* Creating a separate list for site templates.
";
reference "draft-ietf-l3sm-l3vpn-service-yang-01";
}
revision 2015-07-02 {
reference "draft-ietf-l3sm-l3vpn-service-yang-00";
}
revision 2015-04-24 {
description "
* Add encryption parameters
* Adding holdtime for BFD.
* Add postal address in location
";
reference "draft-lstd-l3sm-l3vpn-service-yang-00";
}
revision 2015-02-05 {
description "Initial revision.";
reference "draft-l3vpn-service-yang-00";
}
/* Features */
feature cloud-access {
description
"Allow VPN to connect to a Cloud Service
provider.";
}
feature multicast {
description
"Enables multicast capabilities in a VPN";
}
feature ipv4 {
description
"Enables IPv4 support in a VPN";
}
feature ipv6 {
description
"Enables IPv6 support in a VPN";
}
feature carrierscarrier {
description
"Enables support of carrier's carrier";
}
feature traffic-engineering {
description
"Enables support of transport constraint.";
}
feature traffic-engineering-multicast {
description
"Enables support of transport constraint
for multicast.";
}
feature extranet-vpn {
description
"Enables support of extranet VPNs";
}
feature site-diversity {
description
"Enables support of site diversity constraints";
}
feature encryption {
description
"Enables support of encryption";
}
feature qos {
description
"Enables support of Class of Services";
}
feature qos-custom {
description
"Enables support of custom qos profile";
}
feature rtg-bgp {
description
"Enables support of BGP routing protocol.";
}
feature rtg-rip {
description
"Enables support of RIP routing protocol.";
}
feature rtg-ospf {
description
"Enables support of OSPF routing protocol.";
}
feature rtg-ospf-sham-link {
description
"Enables support of OSPF sham-links.";
}
feature rtg-vrrp {
description
"Enables support of VRRP routing protocol.";
}
feature fast-reroute {
description
"Enables support of Fast Reroute.";
}
feature bfd {
description
"Enables support of BFD.";
}
feature always-on {
description
"Enables support for always-on access
constraint.";
}
feature requested-type {
description
"Enables support for requested-type access
constraint.";
}
feature bearer-reference {
description
"Enables support for bearer-reference access
constraint.";
}
/* Typedefs */
typedef svc-id {
type string;
description
"Defining a type of service component
identificators.";
}
typedef template-id {
type string;
description
"Defining a type of service template
identificators.";
}
/* Identities */
identity site-network-access-type {
description
"Base identity for site-network-access type";
}
identity point-to-point {
base site-network-access-type;
description
"Identity for point-to-point connection";
}
identity multipoint {
base site-network-access-type;
description
"Identity for multipoint connection
Example : ethernet broadcast segment";
}
identity placement-diversity {
description
"Base identity for site placement
constraints";
}
identity pe-diverse {
base placement-diversity;
description
"Identity for PE diversity";
}
identity pop-diverse {
base placement-diversity;
description
"Identity for POP diversity";
}
identity linecard-diverse {
base placement-diversity;
description
"Identity for linecard diversity";
}
identity same-pe {
base placement-diversity;
description
"Identity for having sites connected
on the same PE";
}
identity same-bearer {
base placement-diversity;
description
"Identity for having sites connected
using the same bearer";
}
identity customer-application {
description
"Base identity for customer application";
}
identity web {
base customer-application;
description
"Identity for web application (e.g. HTTP,HTTPS)";
}
identity mail {
base customer-application;
description
"Identity for mail applications";
}
identity file-transfer {
base customer-application;
description
"Identity for file transfer applications (
e.g. FTP, SFTP, ...)";
}
identity database {
base customer-application;
description
"Identity for database applications";
}
identity social {
base customer-application;
description
"Identity for social network applications";
}
identity games {
base customer-application;
description
"Identity for gaming applications";
}
identity p2p {
base customer-application;
description
"Identity for peer to peer applications";
}
identity network-management {
base customer-application;
description
"Identity for management applications (e.g. telnet
syslog, snmp ...)";
}
identity voice {
base customer-application;
description
"Identity for voice applications";
}
identity video {
base customer-application;
description
"Identity for video conference applications";
}
identity address-family {
description
"Base identity for an address family.";
}
identity ipv4 {
base address-family;
description
"Identity for IPv4 address family.";
}
identity ipv6 {
base address-family;
description
"Identity for IPv6 address family.";
}
identity site-vpn-flavor {
description
"Base identity for the site VPN service flavor.";
}
identity site-vpn-flavor-single {
base site-vpn-flavor;
description
"Base identity for the site VPN service flavor.
Used when the site belongs to only one VPN.";
}
identity site-vpn-flavor-multi {
base site-vpn-flavor;
description
"Base identity for the site VPN service flavor.
Used when a logical connection of a site
belongs to multiple VPNs.";
}
identity site-vpn-flavor-sub {
base site-vpn-flavor;
description
"Base identity for the site VPN service flavor.
Used when a site has multiple logical connections.
Each of the connection may belong to different
multiple VPNs.";
}
identity site-vpn-flavor-nni {
base site-vpn-flavor;
description
"Base identity for the site VPN service flavor.
Used to describe a NNI option A connection.";
}
identity transport-constraint {
description
"Base identity for transport constraint.";
}
identity tc-latency {
base transport-constraint;
description
"Base identity for transport constraint
based on latency.";
}
identity tc-jitter {
base transport-constraint;
description
"Base identity for transport constraint
based on jitter.";
}
identity tc-bandwidth {
base transport-constraint;
description
"Base identity for transport constraint
based on bandwidth.";
}
identity tc-path-diversity {
base transport-constraint;
description
"Base identity for transport constraint
based on path diversity.";
}
identity tc-site-diversity {
base transport-constraint;
description
"Base identity for transport constraint
based on site diversity.";
}
identity management {
description
"Base identity for site management scheme.";
}
identity co-managed {
base management;
description
"Base identity for comanaged site.";
}
identity customer-managed {
base management;
description
"Base identity for customer managed site.";
}
identity provider-managed {
base management;
description
"Base identity for provider managed site.";
}
identity address-allocation-type {
description
"Base identity for address-allocation-type
for PE-CE link.";
}
identity pe-dhcp {
base address-allocation-type;
description
"PE router provides DHCP service to CE.";
}
identity static-address {
base address-allocation-type;
description
"PE-CE addressing is static.";
}
identity slaac {
base address-allocation-type;
description
"Use IPv6 SLAAC.";
}
identity site-role {
description
"Base identity for site type.";
}
identity any-to-any-role {
base site-role;
description
"Site in a any to any IPVPN.";
}
identity spoke-role {
base site-role;
description
"Spoke Site in a Hub & Spoke IPVPN.";
}
identity hub-role {
base site-role;
description
"Hub Site in a Hub & Spoke IPVPN.";
}
identity vpn-topology {
description
"Base identity for VPN topology.";
}
identity any-to-any {
base vpn-topology;
description
"Identity for any to any VPN topology.";
}
identity hub-spoke {
base vpn-topology;
description
"Identity for Hub'n'Spoke VPN topology.";
}
identity hub-spoke-disjoint {
base vpn-topology;
description
"Identity for Hub'n'Spoke VPN topology
where Hubs cannot talk between each other.";
}
identity multicast-tree-type {
description
"Base identity for multicast tree type.";
}
identity ssm-tree-type {
base multicast-tree-type;
description
"Identity for SSM tree type.";
}
identity asm-tree-type {
base multicast-tree-type;
description
"Identity for ASM tree type.";
}
identity bidir-tree-type {
base multicast-tree-type;
description
"Identity for BiDir tree type.";
}
identity multicast-rp-discovery-type {
description
"Base identity for rp discovery type.";
}
identity auto-rp {
base multicast-rp-discovery-type;
description
"Base identity for auto-rp discovery type.";
}
identity static-rp {
base multicast-rp-discovery-type;
description
"Base identity for static type.";
}
identity bsr-rp {
base multicast-rp-discovery-type;
description
"Base identity for BDR discovery type.";
}
identity routing-protocol-type {
description
"Base identity for routing-protocol type.";
}
identity ospf {
base routing-protocol-type;
description
"Identity for OSPF protocol type.";
}
identity bgp {
base routing-protocol-type;
description
"Identity for BGP protocol type.";
}
identity static {
base routing-protocol-type;
description
"Identity for static routing protocol type.";
}
identity rip {
base routing-protocol-type;
description
"Identity for RIP protocol type.";
}
identity rip-ng {
base routing-protocol-type;
description
"Identity for RIPng protocol type.";
}
identity vrrp {
base routing-protocol-type;
description
"Identity for VRRP protocol type.
This is to be used when LAn are directly connected
to provider Edge routers.";
}
identity direct {
base routing-protocol-type;
description
"Identity for direct protocol type.
.";
}
identity protocol-type {
description
"Base identity for protocol field type.";
}
identity tcp {
base protocol-type;
description
"TCP protocol type.";
}
identity udp {
base protocol-type;
description
"UDP protocol type.";
}
identity icmp {
base protocol-type;
description
"icmp protocol type.";
}
identity icmp6 {
base protocol-type;
description
"icmp v6 protocol type.";
}
identity gre {
base protocol-type;
description
"GRE protocol type.";
}
identity ipip {
base protocol-type;
description
"IPinIP protocol type.";
}
identity hop-by-hop {
base protocol-type;
description
"Hop by Hop IPv6 header type.";
}
identity routing {
base protocol-type;
description
"Routing IPv6 header type.";
}
identity esp {
base protocol-type;
description
"ESP header type.";
}
identity ah {
base protocol-type;
description
"AH header type.";
}
/* Groupings */
grouping vpn-service-cloud-access {
container cloud-accesses {
list cloud-access {
if-feature cloud-access;
key cloud-identifier;
leaf cloud-identifier {
type string;
description
"Identification of cloud service. Local
admin meaning.";
}
container authorized-sites {
list authorized-site {
key site-id;
leaf site-id {
type leafref {
path "/l3vpn-svc/sites/site/site-id";
}
description
"Site ID.";
}
description
"List of authorized sites.";
}
description
"Configuration of authorized sites";
}
container denied-sites {
list denied-site {
key site-id;
leaf site-id {
type leafref {
path "/l3vpn-svc/sites/site/site-id";
}
description
"Site ID.";
}
description
"List of denied sites.";
}
description
"Configuration of denied sites";
}
leaf nat-enabled {
type boolean;
description
"Control if NAT is required or not.";
}
leaf customer-nat-address {
type inet:ipv4-address;
description
"NAT address to be used in case of public
or shared cloud.
This is to be used in case customer is providing
the public address.";
}
description
"Cloud access configuration.";
}
description
"Container for cloud access configurations";
}
description
"grouping for vpn cloud definition";
}
grouping multicast-rp-group-cfg {
choice group-format {
case startend {
leaf group-start {
type inet:ip-address;
description
"First group address.";
}
leaf group-end {
type inet:ip-address;
description
"Last group address.";
}
}
case singleaddress {
leaf group-address {
type inet:ip-address;
description
"Group address";
}
}
description
"Choice for group format.";
}
description
"Definition of groups for
RP to group mapping.";
}
grouping vpn-service-multicast {
container multicast {
if-feature multicast;
leaf enabled {
type boolean;
default false;
description
"Enable multicast.";
}
container customer-tree-flavors {
list tree-flavor {
key type;
leaf type {
type identityref {
base multicast-tree-type;
}
description
"Type of tree to be used.";
}
description
"List of tree flavors.";
}
description
"Type of trees used by customer.";
}
container rp {
container rp-group-mappings {
list rp-group-mapping {
key "id";
leaf id {
type uint16;
description
"Unique identifier for the mapping.";
}
container provider-managed {
leaf enabled {
type boolean;
default false;
description
"Set to true, if the RP must be a
provider
managed node.
Set to false, if it is a customer
managed node.";
}
leaf rp-redundancy {
when "../enabled = 'true'" {
description
"Relevant when RP
is provider managed.";
}
type boolean;
default false;
description
"If true, redundancy
mechanism for RP is required.";
}
leaf optimal-traffic-delivery {
when "../enabled = 'true'" {
description
"Relevant when RP
is provider managed.";
}
type boolean;
default false;
description
"If true, SP must ensure
that traffic uses an optimal path.";
}
description
"Parameters for provider managed RP.";
}
leaf rp-address {
when "../provider-managed/enabled='false'" {
description
"Relevant when RP
is provider managed.";
}
type inet:ip-address;
description
"Defines the address of the
RendezvousPoint.
Used if RP is customer managed.";
}
container groups {
list group {
key id;
leaf id {
type uint16;
description
"Identifier for the group.";
}
uses multicast-rp-group-cfg;
description
"List of groups.";
}
description
"Multicast groups associated with RP.";
}
description
"List of RP to group mappings.";
}
description
"RP to group mappings.";
}
container rp-discovery {
leaf rp-discovery-type {
type identityref {
base multicast-rp-discovery-type;
}
default static-rp;
description
"Type of RP discovery used.";
}
container bsr-candidates {
when "../rp-discovery-type='bsr-rp'" {
description
"Only applicable if discovery type
is BSR-RP";
}
list bsr-candidate {
key address;
leaf address {
type inet:ip-address;
description
"Address of BSR candidate";
}
description
"List of customer BSR candidates";
}
description
"Customer BSR candidates address";
}
description
"RP discovery parameters";
}
description
"RendezvousPoint parameters.";
}
description
"Multicast global parameters for the VPN service.";
}
description
"grouping for multicast vpn definition";
}
grouping vpn-service-mpls {
leaf carrierscarrier {
if-feature carrierscarrier;
type boolean;
default false;
description
"The VPN is using Carrier's Carrier,
and so MPLS is required.";
}
description
"grouping for mpls CsC definition";
}
grouping customer-location-info {
container location {
leaf address {
type string;
description
"Address (number and street)
of the site.";
}
leaf zip-code {
type string;
description
"ZIP code of the site.";
}
leaf state {
type string;
description
"State of the site.
This leaf can also be used
to describe a region
for country who does not have
states.
";
}
leaf city {
type string;
description
"City of the site.";
}
leaf country-code {
type string;
description
"Country of the site.";
}
description
"Location of the site.";
}
description
"This grouping defines customer location
parameters";
}
grouping site-diversity {
container site-diversity {
if-feature site-diversity;
container groups {
list group {
key group-id;
leaf group-id {
type string;
description
"Group-id the site
is belonging to";
}
description
"List of group-id";
}
description
"Groups the site
is belonging to.
All site network accesses will
inherit those group values.";
}
description
"Diversity constraint type.";
}
description
"This grouping defines site diversity
parameters";
}
grouping access-diversity {
container access-diversity {
if-feature site-diversity;
container groups {
list group {
key group-id;
leaf group-id {
type string;
description
"Group-id the site network access
is belonging to";
}
description
"List of group-id";
}
description
"Groups the site network access
is belonging to";
}
container constraints {
list constraint {
key constraint-type;
leaf constraint-type {
type identityref {
base placement-diversity;
}
description
"Diversity constraint type.";
}
container target {
choice target-flavor {
case id {
list group {
key group-id;
leaf group-id {
type string;
description
"The constraint will apply
against this particular
group-id";
}
description
"List of groups";
}
}
case all-accesses {
leaf all-other-accesses {
type empty;
description
"The constraint will apply
against all other site network
access
of this site";
}
}
case all-groups {
leaf all-other-groups {
type empty;
description
"The constraint will apply
against all other groups the
customer
is managing";
}
}
description
"Choice for the group definition";
}
description
"The constraint will apply against
this list of groups";
}
description
"List of constraints";
}
description
"Constraints for placing this site
network access";
}
description
"Diversity parameters.";
}
description
"This grouping defines access diversity
parameters";
}
grouping operational-requirements {
leaf requested-site-start {
type yang:date-and-time;
description
"Optional leaf indicating requested date
and time
when the service at a particular site is
expected
to start";
}
leaf requested-site-stop {
type yang:date-and-time;
description
"Optional leaf indicating requested date
and time
when the service at a particular site is
expected
to stop";
}
description
"This grouping defines some operational parameters
parameters";
}
grouping operational-requirements-ops {
leaf actual-site-start {
type yang:date-and-time;
config false;
description
"Optional leaf indicating actual date
and time
when the service at a particular site
actually
started";
}
leaf actual-site-stop {
type yang:date-and-time;
config false;
description
"Optional leaf indicating actual date
and time
when the service at a particular site
actually
stopped";
}
description
"This grouping defines some operational parameters
parameters";
}
grouping flow-definition {
container match-flow {
leaf dscp {
type uint8 {
range "0 .. 63";
}
description
"DSCP value.";
}
leaf tos {
type uint8 {
range "0 .. 254";
}
description
"TOS value.";
}
leaf dot1p {
type uint8 {
range "0 .. 7";
}
description
"802.1p matching.";
}
leaf ipv4-src-prefix {
type inet:ipv4-prefix;
description
"Match on IPv4 src address.";
}
leaf ipv6-src-prefix {
type inet:ipv6-prefix;
description
"Match on IPv6 src address.";
}
leaf ipv4-dst-prefix {
type inet:ipv4-prefix;
description
"Match on IPv4 dst address.";
}
leaf ipv6-dst-prefix {
type inet:ipv6-prefix;
description
"Match on IPv6 dst address.";
}
leaf l4-src-port {
type uint16;
description
"Match on layer 4 src port.";
}
leaf l4-dst-port {
type uint16;
description
"Match on layer 4 dst port.";
}
leaf protocol-field {
type union {
type uint8;
type identityref {
base protocol-type;
}
}
description
"Match on IPv4 protocol or
Ipv6 Next Header
field.";
}
description
"Describe flow matching
criterions.";
}
description
"Flow definition based on criteria.";
}
grouping site-service-basic {
leaf svc-input-bandwidth {
type uint32;
units bps;
description
"From the PE perspective, the service input
bandwidth of the connection.";
}
leaf svc-output-bandwidth {
type uint32;
units bps;
description
"From the PE perspective, the service output
bandwidth of the connection.";
}
leaf svc-mtu {
type uint16;
units bytes;
description
"MTU at service level.
If the service is IP,
it refers to the IP MTU.";
}
description
"Defines basic service parameters for a site.";
}
grouping site-protection {
container traffic-protection {
if-feature fast-reroute;
leaf enabled {
type boolean;
description
"Enables
traffic protection of access link.";
}
description
"Fast reroute service parameters
for the site.";
}
description
"Defines protection service parameters for a site.";
}
grouping site-service-mpls {
container carrierscarrier {
if-feature carrierscarrier;
leaf signalling-type {
type enumeration {
enum "ldp" {
description
"Use LDP as signalling
protocol between PE and CE.";
}
enum "bgp" {
description
"Use BGP 3107 as signalling
protocol between PE and CE.
In this case, bgp must be also
configured
as routing-protocol.
";
}
}
description
"MPLS signalling type.";
}
description
"This container is used when customer provides
MPLS based services.
This is used in case of Carrier's
Carrier.";
}
description
"Defines MPLS service parameters for a site.";
}
grouping site-service-qos-profile {
container qos {
if-feature qos;
container qos-classification-policy {
list rule {
key id;
ordered-by user;
leaf id {
type uint16;
description
"ID of the rule.";
}
choice match-type {
case match-flow {
uses flow-definition;
}
case match-application {
leaf match-application {
type identityref {
base customer-application;
}
description
"Defines the application
to match.";
}
}
description
"Choice for classification";
}
leaf target-class-id {
type string;
description
"Identification of the
class of service.
This identifier is internal to
the administration.";
}
description
"List of marking rules.";
}
description
"Need to express marking rules ...";
}
container qos-profile {
choice qos-profile {
description
"Choice for QoS profile.
Can be standard profile or custom.";
case standard {
leaf profile {
type string;
description
"QoS profile to be used";
}
}
case custom {
container classes {
if-feature qos-custom;
list class {
key class-id;
leaf class-id {
type string;
description
"Identification of the
class of service.
This identifier is internal to
the administration.";
}
leaf rate-limit {
type uint8;
units percent;
description
"To be used if class must
be rate
limited. Expressed as
percentage of the svc-bw.";
}
leaf priority-level {
type uint8;
description
"Defines the level of the
class in
term of priority queueing.
The higher the level is the
higher
is the priority.";
}
leaf guaranteed-bw-percent {
type uint8;
units percent;
description
"To be used to define the
guaranteed
BW in percent of the svc-bw
available at the priority-level.";
}
description
"List of class of services.";
}
description
"Container for
list of class of services.";
}
}
}
description
"Qos profile configuration.";
}
description
"QoS configuration.";
}
description
"This grouping defines QoS parameters
for a site";
}
grouping site-security-authentication {
container authentication {
description
"Authentication parameters";
}
description
"This grouping defines authentication
parameters
for a site";
}
grouping site-security-encryption {
container encryption {
if-feature encryption;
leaf enabled {
type boolean;
description
"If true, access encryption is required.";
}
leaf layer {
type enumeration {
enum layer2 {
description
"Encryption will occur at layer2.";
}
enum layer3 {
description
"IPSec is requested.";
}
}
description
"Layer on which encryption is applied.";
}
container encryption-profile {
choice profile {
case provider-profile {
leaf profile-name {
type string;
description
"Name of the SP profile
to be applied.";
}
}
case customer-profile {
leaf algorithm {
type string;
description
"Encryption algorithm to
be used.";
}
choice key-type {
case psk {
leaf preshared-key {
type string;
description
"Key coming from
customer.";
}
}
case pki {
}
description
"Type of keys to be used.";
}
}
description
"Choice of profile.";
}
description
"Profile of encryption to be applied.";
}
description
"Encryption parameters.";
}
description
"This grouping defines encryption parameters
for a site";
}
grouping site-attachment-bearer {
container bearer {
container requested-type {
if-feature requested-type;
leaf requested-type {
type string;
description
"Type of requested bearer Ethernet, DSL,
Wireless ...
Operator specific.";
}
leaf strict {
type boolean;
default false;
description
"define if the requested-type is a preference
or a strict requirement.";
}
description
"Container for requested type.";
}
leaf always-on {
if-feature always-on;
type boolean;
default true;
description
"Request for an always on access type.
This means no Dial access type for
example.";
}
leaf bearer-reference {
if-feature bearer-reference;
type string;
description
"This is an internal reference for the
service provider.
Used ";
}
description
"Bearer specific parameters.
To be augmented.";
}
description
"Defines physical properties of
a site attachment.";
}
grouping site-routing {
container routing-protocols {
list routing-protocol {
key type;
leaf type {
type identityref {
base routing-protocol-type;
}
description
"Type of routing protocol.";
}
container ospf {
when "../type = 'ospf'" {
description
"Only applies
when protocol is OSPF.";
}
if-feature rtg-ospf;
leaf-list address-family {
type identityref {
base address-family;
}
description
"Address family to be activated.";
}
leaf area-address {
type yang:dotted-quad;
description
"Area address.";
}
leaf metric {
type uint16;
description
"Metric of PE-CE link.";
}
container sham-links {
if-feature rtg-ospf-sham-link;
list sham-link {
key target-site;
leaf target-site {
type svc-id;
description
"Target site for the sham link
connection.
The site is referred through it's ID.";
}
leaf metric {
type uint16;
description
"Metric of the sham link.";
}
description
"Creates a shamlink with another
site";
}
description
"List of Sham links";
}
description
"OSPF specific configuration.";
}
container bgp {
when "../type = 'bgp'" {
description
"Only applies when
protocol is BGP.";
}
if-feature rtg-bgp;
leaf autonomous-system {
type uint32;
description
"AS number.";
}
leaf-list address-family {
type identityref {
base address-family;
}
description
"Address family to be activated.";
}
description
"BGP specific configuration.";
}
container static {
when "../type = 'static'" {
description
"Only applies when protocol
is static.";
}
container cascaded-lan-prefixes {
list ipv4-lan-prefixes {
if-feature ipv4;
key "lan next-hop";
leaf lan {
type inet:ipv4-prefix;
description
"Lan prefixes.";
}
leaf lan-tag {
type string;
description
"Internal tag to be used in vpn
policies.";
}
leaf next-hop {
type inet:ipv4-address;
description
"Nexthop address to use at customer
side.";
}
description "
List of LAN prefixes for
the site.
";
}
list ipv6-lan-prefixes {
if-feature ipv6;
key "lan next-hop";
leaf lan {
type inet:ipv6-prefix;
description
"Lan prefixes.";
}
leaf lan-tag {
type string;
description
"Internal tag to be used
in vpn policies.";
}
leaf next-hop {
type inet:ipv6-address;
description
"Nexthop address to use at
customer side.";
}
description "
List of LAN prefixes for the site.
";
}
description
"LAN prefixes from the customer.";
}
description
"Static routing
specific configuration.";
}
container rip {
when "../type = 'rip'" {
description
"Only applies when
protocol is RIP.";
}
if-feature rtg-rip;
leaf-list address-family {
type identityref {
base address-family;
}
description
"Address family to be
activated.";
}
description
"RIP routing specific
configuration.";
}
container vrrp {
when "../type = 'vrrp'" {
description
"Only applies when
protocol is VRRP.";
}
if-feature rtg-vrrp;
leaf-list address-family {
type identityref {
base address-family;
}
description
"Address family to be activated.";
}
description
"VRRP routing specific configuration.";
}
description
"List of routing protocols used
on the site.
Need to be augmented.";
}
description
"Defines routing protocols.";
}
description
"Grouping for routing protocols.";
}
grouping site-attachment-ip-connection {
container ip-connection {
container ipv4 {
if-feature ipv4;
leaf address-allocation-type {
type identityref {
base address-allocation-type;
}
default "static-address";
description
"Defines how addresses are allocated.
";
}
leaf number-of-dynamic-address {
when
"../address-allocation-type = 'pe-dhcp'"
{
description
"Only applies when
protocol allocation type is static";
}
type uint8;
default 1;
description
"Describes the number of IP addresses the
customer requires";
}
container addresses {
when
"../address-allocation-type = 'static-address'" {
description
"Only applies when
protocol allocation type is static";
}
leaf provider-address {
type inet:ipv4-address;
description
"Provider side address.";
}
leaf customer-address {
type inet:ipv4-address;
description
"Customer side address.";
}
leaf mask {
type uint8 {
range "0..32";
}
description
"Subnet mask expressed
in bits";
}
description
"Describes IP addresses used";
}
description
"IPv4 specific parameters";
}
container ipv6 {
if-feature ipv6;
leaf address-allocation-type {
type identityref {
base address-allocation-type;
}
default "static-address";
description
"Defines how addresses are allocated.
";
}
leaf number-of-dynamic-address {
when
"../address-allocation-type = 'pe-dhcp'" {
description
"Only applies when
protocol allocation type is static";
}
type uint8;
default 1;
description
"Describes the number of IP addresses the
customer requires";
}
container addresses {
when
"../address-allocation-type = 'static-address'" {
description
"Only applies when
protocol allocation type is static";
}
leaf provider-address {
type inet:ipv6-address;
description
"Provider side address.";
}
leaf customer-address {
type inet:ipv6-address;
description
"Customer side address.";
}
leaf mask {
type uint8 {
range "0..128";
}
description
"Subnet mask expressed
in bits";
}
description
"Describes IP addresses used";
}
description
"IPv6 specific parameters";
}
container oam {
container bfd {
if-feature bfd;
leaf bfd-enabled {
type boolean;
description
"BFD activation";
}
choice holdtime {
case profile {
leaf profile-name {
type string;
description
"Service provider well
known profile.";
}
description
"Service provider well
known profile.";
}
case fixed {
leaf fixed-value {
type uint32;
units msec;
description
"Expected holdtime
expressed
in msec.";
}
}
description
"Choice for holdtime flavor.";
}
description
"Container for BFD.";
}
description
"Define the OAM used on the connection.";
}
description
"Defines connection parameters.";
}
description
"This grouping defines IP connection parameters.";
}
grouping site-service-multicast {
container multicast {
if-feature multicast;
leaf multicast-site-type {
type enumeration {
enum receiver-only {
description
"The site has only receivers.";
}
enum source-only {
description
"The site has only sources.";
}
enum source-receiver {
description
"The site has both
sources & receivers.";
}
}
default "source-receiver";
description
"Type of multicast site.";
}
container multicast-transport-protocol {
leaf ipv4 {
if-feature ipv4;
type boolean;
default true;
description
"Enables ipv4 multicast transport";
}
leaf ipv6 {
if-feature ipv6;
type boolean;
default false;
description
"Enables ipv6 multicast transport";
}
description
"Defines protocol to transport multicast.";
}
leaf protocol-type {
type enumeration {
enum host {
description
"
Hosts are directly connected
to the provider network.
Host protocols like IGMP, MLD
are required.
";
}
enum router {
description
"
Hosts are behind a customer router.
PIM will be implemented.
";
}
enum both {
description
"Some Hosts are behind a customer
router and some others are directly
connected to the provider network.
Both host and routing protocols must be
used. Typically IGMP and PIM will be
implemented.
";
}
}
default "both";
description
"Multicast protocol type to be used
with the customer site.";
}
description
"Multicast parameters for the site.";
}
description
"Multicast parameters for the site.";
}
grouping site-management {
container management {
leaf type {
type identityref {
base management;
}
description
"Management type of the connection.";
}
leaf management-transport {
type identityref {
base address-family;
}
description
"Transport protocol used for management.";
}
leaf address {
type inet:ip-address;
description
"Management address";
}
description
"Management configuration";
}
description
"Management parameters for the site.";
}
grouping site-vpn-flavor-profile {
leaf site-vpn-flavor {
type identityref {
base site-vpn-flavor;
}
default site-vpn-flavor-single;
description
"Defines if the site
is a single VPN site, or multiVPN or ...";
}
description
"Grouping for site-vpn-flavor.";
}
grouping site-vpn-policy {
container vpn-policy-list {
list vpn-policy {
key vpn-policy-id;
leaf vpn-policy-id {
type svc-id;
description
"Unique identifier for
the VPN policy.";
}
list entries {
key id;
leaf id {
type svc-id;
description
"Unique identifier for
the policy entry.";
}
container filter {
choice lan {
case lan-prefix {
container lan-prefixes {
list ipv4-lan-prefixes {
if-feature ipv4;
key lan;
leaf lan {
type inet:ipv4-prefix;
description
"Lan prefixes.";
}
description "
List of LAN prefixes
for the site.
";
}
list ipv6-lan-prefixes {
if-feature ipv6;
key lan;
leaf lan {
type inet:ipv6-prefix;
description
"Lan prefixes.";
}
description "
List of LAN prefixes
for the site.
";
}
description
"LAN prefixes from the customer.";
}
}
case lan-tag {
leaf-list lan-tag {
type string;
description
"List of lan-tags to be matched.";
}
}
description
"Choice for LAN matching type";
}
description
"If used, it permit to split site LANs
among multiple VPNs.
If no filter used, all the LANs will be
part of the same VPNs with the same
role.";
}
container vpn {
leaf vpn-id {
type leafref {
path "/l3vpn-svc/vpn-services/vpn-svc/vpn-id";
}
mandatory true;
description
"Reference to an IPVPN.";
}
leaf site-role {
type identityref {
base site-role;
}
mandatory true;
description
"Role of the site in the IPVPN.";
}
description
"List of VPNs the LAN is associated to.";
}
description
"List of entries for export policy.";
}
description
"List of VPN policies.";
}
description
"VPN policy.";
}
description
"VPN policy parameters for the site.";
}
grouping site-maximum-routes {
container maximum-routes {
list address-family {
key af;
leaf af {
type identityref {
base address-family;
}
description
"Address-family.";
}
leaf maximum-routes {
type uint32;
description
"Maximum prefixes the VRF can
accept for this
address-family.";
}
description
"List of address families.";
}
description
"Define maximum-routes for the VRF.";
}
description
"Define maximum-routes for the site.";
}
grouping site-security {
container security {
uses site-security-authentication;
uses site-security-encryption;
description
"Site specific security parameters.";
}
description
"Grouping for security parameters.";
}
grouping site-service {
container service {
uses site-service-basic;
uses site-service-qos-profile;
uses site-service-mpls;
uses site-service-multicast;
description
"Service parameters on the attachement.";
}
description
"Grouping for service parameters.";
}
grouping transport-constraint-profile {
list constraint-list {
key constraint-type;
leaf constraint-type {
type identityref {
base transport-constraint;
}
description
"Constraint type to be applied.";
}
leaf constraint-opaque-value {
type string;
description
"Opaque value that can be used to
specify constraint parameters.";
}
description
"List of constraints";
}
description
"Grouping for transport constraint.";
}
grouping transport-constraints {
container transport-constraints {
if-feature traffic-engineering;
container unicast-transport-constraints {
list constraint {
key constraint-id;
leaf constraint-id {
type svc-id;
description
"Defines an ID for the constraint
rule.";
}
leaf site1 {
type svc-id;
description
"The ID refers to one site end.";
}
leaf site2 {
type svc-id;
description
"The ID refers to the other
site end.";
}
uses transport-constraint-profile;
description
"List of constraints.
Constraints are bidirectional.";
}
description
"Unicast transport constraints.";
}
container multicast-transport-constraints {
if-feature traffic-engineering-multicast;
list constraint {
key constraint-id;
leaf constraint-id {
type svc-id;
description
"Defines an ID for the constraint
rule.";
}
leaf src-site {
type svc-id;
description
"The ID refers to source site.";
}
leaf dst-site {
type svc-id;
description
"The ID refers to the receiver
site.";
}
uses transport-constraint-profile;
description
"List of constraints.
Constraints are unidirectional.";
}
description
"Multicast transport constraints.";
}
description
"transport constraints.";
}
description
"Grouping for transport constraints
description.";
}
grouping vpn-extranet {
container extranet-vpns {
if-feature extranet-vpn;
list extranet-vpn {
key vpn-id;
leaf vpn-id {
type svc-id;
description
"Identifies the target VPN";
}
leaf local-sites-role {
type identityref {
base site-role;
}
description
"This describes the role of the
local sites in the target VPN topology.";
}
description
"List of extranet VPNs the local
VPN is attached to.";
}
description
"Container for extranet vpn cfg.";
}
description
"grouping for extranet VPN configuration.
Extranet provides a way to interconnect all sites
from two VPNs in a easy way.";
}
grouping site-attachment-availability {
container availability {
leaf access-priority {
type uint32;
default 1;
description
"Defines the priority for the access.
The highest the priority value is,
the highest the
preference of the access is.";
}
description
"Availability parameters
(used for multihoming)";
}
description
"Defines site availability parameters.";
}
grouping access-vpn-policy {
container vpn-attachment {
choice attachment-flavor {
case vpn-policy-id {
leaf vpn-policy-id {
type leafref {
path "/l3vpn-svc/sites/site/"+
"vpn-policy-list/vpn-policy/"+
"vpn-policy-id";
}
description
"Reference to a VPN policy.";
}
}
case vpn-id {
leaf vpn-id {
type leafref {
path "/l3vpn-svc/vpn-services"+
"/vpn-svc/vpn-id";
}
description
"Reference to a VPN.";
}
leaf site-role {
type identityref {
base site-role;
}
mandatory true;
description
"Role of the site in the IPVPN.";
}
}
mandatory true;
description
"Choice for VPN attachment flavor.";
}
description
"Defines VPN attachment of a site.";
}
description
"Defines the VPN attachment rules
for a site logical access.";
}
grouping vpn-svc-cfg {
leaf vpn-id {
type svc-id;
description
"VPN identifier. Local administration meaning.";
}
leaf customer-name {
type string;
description
"Name of the customer.";
}
leaf topology {
type identityref {
base vpn-topology;
}
default "any-to-any";
description
"VPN topology.";
}
uses vpn-service-cloud-access;
uses vpn-service-multicast;
uses vpn-service-mpls;
uses transport-constraints;
uses vpn-extranet;
description
"grouping for vpn-svc configuration.";
}
grouping site-top-level-cfg {
uses operational-requirements;
uses customer-location-info;
uses site-diversity;
uses site-management;
uses site-vpn-policy;
uses site-vpn-flavor-profile;
uses site-maximum-routes;
uses site-security;
uses site-service;
uses site-protection;
uses site-routing;
description
"Grouping for site top level cfg.";
}
grouping site-network-access-top-level-cfg {
leaf site-network-access-type {
type identityref {
base site-network-access-type;
}
default "point-to-point";
description
"Describes the type of connection, e.g. :
point-to-point or multipoint";
}
uses access-diversity;
uses site-attachment-bearer;
uses site-attachment-ip-connection;
uses site-security;
uses site-service;
uses site-routing;
uses site-attachment-availability;
uses access-vpn-policy;
description
"Grouping for site network access
top level cfg.";
}
/* Main blocks */
container l3vpn-svc {
container vpn-services {
list vpn-svc {
key vpn-id;
uses vpn-svc-cfg;
description "
List of VPN services.
";
}
description
"top level container
for the VPN services.";
}
container sites {
list site {
key site-id;
leaf site-id {
type svc-id;
description
"Identifier of the site.";
}
uses site-top-level-cfg;
uses operational-requirements-ops;
container site-network-accesses {
list site-network-access {
key site-network-access-id;
leaf site-network-access-id {
type svc-id;
description
"Identifier for the access";
}
uses site-network-access-top-level-cfg;
description
"List of accesses for a site.";
}
description
"List of accesses for a site.";
}
description "List of sites.";
}
description
"Container for sites";
}
description
"Main container for L3VPN service configuration.";
}
}