A Framework for Automating Service and Network Management with YANGHuawei101 Software AvenueYuhua DistrictNanjingJiangsu210012Chinabill.wu@huawei.comOrangeRennes 35000Francemohamed.boucadair@orange.comTelefonica I+DSpaindiego.r.lopez@telefonica.comChina TelecomBeijingChinaxiechf@chinatelecom.cnChina Mobilegengliang@chinamobile.com
OPS Area
OPSAWGModel DrivenYANG Data Modelautomationservice deliverynotificationSDNData models provide a programmatic approach to represent services and
networks. Concretely, they can be used to derive configuration
information for network and service components, and state information
that will be monitored and tracked.
Data models can be used during the service and network management life cycle
(e.g., service instantiation, service provisioning, service optimization,
service monitoring, service diagnosing, and service assurance).
Data models are also instrumental in the automation of network management, and
they can provide closed-loop control for adaptive and deterministic service
creation, delivery, and maintenance.This document describes a framework for service and network
management automation that takes advantage of YANG modeling
technologies. This framework is drawn from a network operator
perspective irrespective of the origin of a data model; thus, it can
accommodate YANG modules that are developed outside the IETF.Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
. Introduction
. Terminology and Abbreviations
. Terminology
. Abbreviations
. Architectural Concepts and Goals
. Data Models: Layering and Representation
. Automation of Service Delivery Procedures
. Service Fulfillment Automation
. YANG Module Integration
. Functional Blocks and Interactions
. Service Life-Cycle Management Procedure
. Service Exposure
. Service Creation/Modification
. Service Assurance
. Service Optimization
. Service Diagnosis
. Service Decommission
. Service Fulfillment Management Procedure
. Intended Configuration Provision
. Configuration Validation
. Performance Monitoring
. Fault Diagnostic
. Multi-layer/Multi-domain Service Mapping
. Service Decomposition
. YANG Data Model Integration Examples
. L2VPN/L3VPN Service Delivery
. VN Life-Cycle Management
. Event-Based Telemetry in the Device Self Management
. Security Considerations
. Service Level
. Network Level
. Device Level
. IANA Considerations
. References
. Normative References
. Informative References
. Layered YANG Module Examples Overview
. Service Models: Definition and Samples
. Schema Mount
. Network Models: Samples
. Device Models: Samples
. Model Composition
. Device Management
. Interface Management
. Some Device Model Examples
Acknowledgements
Contributors
Authors' Addresses
IntroductionService management systems usually comprise service
activation/provision and service operation. Current service delivery
procedures, from the processing of customer requirements and orders to
service delivery and operation, typically assume the manipulation of
data sequentially into multiple Operations Support System (OSS) or
Business Support System (BSS) applications that may be managed by
different departments within the service provider's organization (e.g.,
billing factory, design factory, network operation center). Many of
these applications have been developed in house over the years and
operate in a silo mode. As a result:
The lack of standard data input/output (i.e., data model) raises
many challenges in system integration and often results in manual
configuration tasks.
Service fulfillment systems might have a limited visibility on
the network state and may therefore have a slow response to network
changes.
Software-Defined Networking (SDN) becomes crucial to address these
challenges. SDN techniques are meant to automate the overall service
delivery procedures and typically rely upon standard data models. These
models are used not only to reflect service providers' savoir faire, but
also to dynamically instantiate and enforce a set of service-inferred
policies that best accommodate what has been defined and possibly
negotiated with the customer.
provides a first tentative attempt to rationalize that service
provider's view on the SDN space by identifying concrete technical
domains that need to be considered and for which solutions can be
provided. These include:
Techniques for the dynamic discovery of topology, devices, and
capabilities, along with relevant information and data models that
are meant to precisely document such topology, devices, and their
capabilities.
Techniques for exposing network services and their characteristics.
Techniques used by service-derived dynamic resource allocation
and policy enforcement schemes, so that networks can be programmed
accordingly.
Dynamic feedback mechanisms that are meant to assess how
efficiently a given policy (or a set thereof) is enforced from a
service fulfillment and assurance perspective.
Models are key for each of the four technical items above.
Service and network management automation is an important step to
improve the agility of network operations. Models are also important to
ease integrating multi-vendor solutions.YANG module developers have
taken both top-down and bottom-up approaches to develop modules and to establish a mapping between a
network technology and customer requirements at the top or abstracting
common constructs from various network technologies at the bottom.
At the time of writing this document (2020), there are many YANG data models,
including configuration and service models, that have been specified or are
being specified by the IETF. They cover many of the networking protocols and
techniques. However, how these models work together to configure a function,
manage a set of devices involved in a service, or provide a service is
something that is not currently documented either within the IETF or other
Standards Development Organizations (SDOs).Many of the YANG modules listed in this document are used to exchange
data between NETCONF/RESTCONF clients and servers . Nevertheless, YANG is a transport-independent data
modeling language. It can thus be used independently of
NETCONF/RESTCONF. For example, YANG can be used to define abstract data
structures that can be
manipulated by other protocols (e.g., ).This document describes an architectural framework for service and
network management automation () that takes advantage of YANG modeling technologies
and investigates how YANG data models at different layers interact with
each other (e.g., Service Mapping, model composition) in the context of
service delivery and fulfillment (). Concretely, the following benefits can be provided:
Vendor-agnostic interfaces managing a service and the
underlying network are allowed.
Movement from deployment schemes where vendor-specific network
managers are required to a scheme where the entities that are
responsible for orchestrating and controlling services and network
resources provided by multi-vendor devices are unified is allowed.
Data inheritance and reusability among the various
architecture layers thus promoting a network-wise provisioning
instead of device-specific configuration is eased.
Dynamically feeding a decision-making process (e.g., Controllers,
Orchestrators) with notifications that will trigger appropriate
actions, allowing that decision-making process to continuously
adjust a network (and thus the involved resources) to deliver the
service that conforms to the intended parameters (service
objectives) is allowed.
This framework is drawn from a network operator perspective
irrespective of the origin of a data model; it can also accommodate YANG
modules that are developed outside the IETF. The document covers service
models that are used by an operator to expose its services and capture
service requirements from the customers (including other operators).
Nevertheless, the document does not elaborate on the communication
protocol(s) that makes use of these service models in order to request
and deliver a service. Such considerations are out of scope.The document identifies a list of use cases to exemplify the proposed
approach (), but it does not claim nor
aim to be exhaustive. lists some examples to
illustrate the layered YANG modules view.Terminology and AbbreviationsTerminologyThe following terms are defined in and and are
not redefined here:
Network Operator
Customer
Service
Data Model
Service Model
Network Element Model
In addition, the document makes use of the following terms:
Network Model:
Describes a network-level abstraction
(or a subset of aspects of a network infrastructure), including
devices and their subsystems, and relevant protocols operating at
the link and network layers across multiple devices. This model
corresponds to the network configuration model discussed in .It can be used
by a network operator to allocate resources (e.g., tunnel
resource, topology resource) for the service or schedule resources
to meet the service requirements defined in a service model.
Network Domain:
Refers to a network partitioning
that is usually followed by network operators to delimit parts of
their network. "access network" and "core network" are examples of
network domains.
Device Model:
Refers to the Network Element YANG
data model described in or the
device configuration model discussed in .Device models
are also used to refer to model a function embedded in a device
(e.g., Network Address Translation (NAT) , Access Control Lists (ACLs) ).
Pipe:
Refers to a communication scope where only
one-to-one (1:1) communications are allowed. The scope can be
identified between ingress and egress nodes, two service sites,
etc.
Hose:
Refers to a communication scope where
one-to-many (1:N) communications are allowed (e.g., one site to
multiple sites).
Funnel:
Refers to a communication scope where
many-to-one (N:1) communications are allowed.
AbbreviationsThe following abbreviations are used in the document:
ACL
Access Control List
AS
Autonomous System
AP
Access Point
CE
Customer Edge
DBE
Data Border Element
E2E
End-to-End
ECA
Event Condition Action
L2VPN
Layer 2 Virtual Private Network
L3VPN
Layer 3 Virtual Private Network
L3SM
L3VPN Service Model
L3NM
L3VPN Network Model
NAT
Network Address Translation
OAM
Operations, Administration, and Maintenance
OWD
One-Way Delay
PE
Provider Edge
PM
Performance Monitoring
QoS
Quality of Service
RD
Route Distinguisher
RT
Route Target
SBE
Session Border Element
SDN
Software-Defined Networking
SP
Service Provider
TE
Traffic Engineering
VN
Virtual Network
VPN
Virtual Private Network
VRF
Virtual Routing and Forwarding
Architectural Concepts and GoalsData Models: Layering and RepresentationAs described in ,
layering of modules allows for better reusability of lower-layer
modules by higher-level modules while limiting duplication of features
across layers.Data models in the context of network management can be classified
into service, network, and device models. Different service models may
rely on the same set of network and/or device models.Service models traditionally follow a top-down approach and are
mostly customer-facing YANG modules providing a common model construct
for higher-level network services (e.g., Layer 3 Virtual Private
Network (L3VPN)). Such modules can be mapped to network
technology-specific modules at lower layers (e.g., tunnel, routing,
Quality of Service (QoS), security). For example, service models can
be used to characterize the network service(s) to be ensured between
service nodes (ingress/egress) such as:
the communication scope (pipe, hose, funnel, etc.),
the directionality (inbound/outbound),
the traffic performance guarantees expressed using metrics such
as One-Way Delay (OWD) or One-Way
Loss ; a summary of performance
metrics maintained by IANA can be found in ,
link capacity ,
etc.
depicts the example of
a Voice over IP (VoIP) service that relies upon connectivity services
offered by a network operator. In this example, the VoIP service is
offered to the network operator's customers by Service Provider 1
(SP1). In order to provide global VoIP reachability, SP1 Service Site
interconnects with other Service Providers service sites typically by
interconnecting Session Border Elements (SBEs) and Data Border
Elements (DBEs) . For other VoIP destinations,
sessions are forwarded over the Internet. These connectivity services
can be captured in a YANG service model that reflects the service
attributes that are shown in . This example follows
the IP Connectivity Provisioning Profile template defined in .In reference to , "Full traffic
performance guarantees class" refers to a service class where all
traffic performance metrics included in the service model (OWD, loss,
delay variation) are guaranteed, while "Delay traffic performance
guarantees class" refers to a service class where only OWD is
guaranteed.Network models are mainly network-resource-facing modules; they
describe various aspects of a network infrastructure, including
devices and their subsystems, and relevant protocols operating at the
link and network layers across multiple devices (e.g., network
topology and traffic-engineering tunnel modules).Device (and function) models usually follow a bottom-up approach
and are mostly technology-specific modules used to realize a service
(e.g., BGP, ACL).Each level maintains a view of the supported YANG modules provided
by lower levels (see for example, ). Mechanisms such as the YANG library can be used to expose which YANG
modules are supported by nodes in lower levels. illustrates the overall
layering model. The reader may refer to for an overview of "Orchestrator" and
"Controller" elements. All these elements (i.e., Orchestrator(s),
Controller(s), device(s)) are under the responsibility of the same
operator.A composite service offered by a network operator may rely on
services from other operators. In such a case, the network operator acts
as a customer to request services from other networks. The operators
providing these services will then follow the layering depicted in
. The mapping between a
composite service and a third-party service is maintained at the
orchestration level. From a data-plane perspective, appropriate
traffic steering policies (e.g., Service Function Chaining ) are managed by the network
controllers to guide how/when a third-party service is invoked for
flows bound to a composite service.The layering model depicted in does
not make any assumption about the location of the various entities
(e.g., Controller, Orchestrator) within the network. As such, the
architecture does not preclude deployments where, for example, the
Controller is embedded on a device that hosts other functions that are
controlled via YANG modules.In order to ease the mapping between layers and data reuse, this
document focuses on service models that are modeled using YANG.
Nevertheless, fully compliant with , does not preclude service models to be modeled
using data modeling languages other than YANG.Automation of Service Delivery ProceduresService models can be used by a network operator to expose its
services to its customers. Exposing such models allows automation of the
activation of service orders and thus the service delivery. One or
more monolithic service models can be used in the context of a
composite service activation request (e.g., delivery of a caching
infrastructure over a VPN). Such models are used to feed a
decision-making intelligence to adequately accommodate customer needs.Also, such models may be used jointly with services that require
dynamic invocation. An example is provided by the service modules
defined by the DOTS WG to dynamically trigger requests to handle
Distributed Denial-of-Service (DDoS) attacks . The service filtering request modeled using will be translated into
device-specific filtering (e.g., ACLs defined in ) that fulfills the service
request.
Network models can be derived from service models and used to provision,
monitor, and instantiate the service. Also, they are used to provide
life-cycle management of network resources. Doing so is meant to:
expose network resources to customers (including other network
operators) to provide service fulfillment and assurance.
allow customers (or network operators) to dynamically adjust the
network resources based on service requirements as described in
service models (e.g., ) and the
current network performance information described in the telemetry
modules.
Note that it is out of the scope of this document to elaborate on
the communication protocols that are used to implement the interface
between the service ordering (customer) and service order handling
(provider).Service Fulfillment AutomationTo operate a service, the settings of the parameters in the device
models are derived from service models and/or network models and are
used to:
Provision each involved network function/device with the proper
configuration information.
Operate the network based on service requirements as described
in the service model(s) and local operational guidelines.
In addition, the operational state including configuration that is
in effect together with statistics should be exposed to upper layers
to provide better network visibility and assess to what extent the
derived low-level modules are consistent with the upper-level
inputs.Filters are enforced on the notifications that are communicated to
Service layers. The type and frequency of notifications may be agreed
upon in the service model.Note that it is important to correlate telemetry data with
configuration data to be used for closed loops at the different stages
of service delivery, from resource allocation to service operation, in
particular.YANG Module IntegrationTo support top-down service delivery, YANG modules at different
levels or at the same level need to be integrated for proper
service delivery (including proper network setup). For example, the
service parameters captured in service models need to be decomposed
into a set of configuration/notification parameters that may be
specific to one or more technologies; these technology-specific
parameters are grouped together to define technology-specific
device-level models or network-level models.In addition, these technology-specific device or network models can
be further integrated with each other using the schema mount mechanism
to provision each involved network
function/device or each involved network domain to support newly added
modules or features. A collection of integrated device models
can be loaded and validated during implementation.High-level policies can be defined at service or network models
(e.g., "Autonomous System Number (ASN) Exclude" in the example
depicted in ). Device models will be tweaked accordingly
to provide policy-based management. Policies can also be used for
telemetry automation, e.g., policies that contain conditions to
trigger the generation and pushing of new telemetry data.Functional Blocks and InteractionsThe architectural considerations described in lead to the life-cycle management architecture
illustrated in and described in the following
subsections.Service Life-Cycle Management ProcedureService life-cycle management includes end-to-end service life-cycle
management at the service level and technology-specific network
life-cycle management at the network level.The end-to-end service life-cycle management is
technology-independent service management and spans across multiple
network domains and/or multiple layers while technology-specific
service life-cycle management is technology domain-specific or
layer-specific service life-cycle management.Service ExposureA service in the context of this document (sometimes called
"Network Service") is some form of connectivity between customer sites
and the Internet or between customer sites across the operator's
network and across the Internet.Service exposure is used to capture services offered to customers
(ordering and order handling). One example is that a customer can
use an L3VPN Service Model (L3SM) to request L3VPN service by
providing the abstract technical characterization of the intended
service between customer sites.Service model catalogs can be created to expose the various
services and the information needed to invoke/order a given
service.Service Creation/ModificationA customer is usually unaware of the technology that the network
operator has available to deliver the service, so the customer does
not make requests specific to the underlying technology but is
limited to making requests specific to the service that is to be
delivered. This service request can be filled using a service
model.Upon receiving a service request, and assuming that appropriate
authentication and authorization checks have been made with success,
the service Orchestrator/management system should verify whether the
service requirements in the service request can be met (i.e.,
whether there are sufficient resources that can be allocated with
the requested guarantees).If the request is accepted, the service Orchestrator/management
system maps such a service request to its view. This view can be
described as a technology-specific network model or a set of
technology-specific device models, and this mapping may include a
choice of which networks and technologies to use depending on which
service features have been requested.In addition, a customer may require a change in the underlying
network infrastructure to adapt to new customers' needs and service
requirements (e.g., service a new customer site, add a new access
link, or provide disjoint paths). This service modification can be
issued following the same service model used by the service
request.Withdrawing a service is discussed in .Service AssuranceThe performance measurement telemetry () can be used to provide service assurance at
service and/or network levels. The performance measurement telemetry
model can tie with service or network models to monitor network
performance or Service Level Agreements.Service OptimizationService optimization is a technique that gets the configuration
of the network updated due to network changes, incident mitigation,
or new service requirements. One example is once a tunnel or a VPN
is set up, performance monitoring information or telemetry
information per tunnel (or per VPN) can be collected and fed into
the management system. If the network performance doesn't meet the
service requirements, the management system can create new VPN
policies capturing network service requirements and populate them
into the network.Both network performance information and policies can be modeled
using YANG. With Policy-based management, self-configuration and
self-optimization behavior can be specified and implemented.The overall service optimization is managed at the service level,
while the network level is responsible for the optimization of the
specific network services it provides.Service DiagnosisOperations, Administration, and Maintenance (OAM) are important
networking functions for service diagnosis that allow network
operators to:
monitor network communications (i.e., reachability
verification and Continuity Check)
troubleshoot failures (i.e., fault verification and
localization)
monitor service level agreements and performance (i.e.,
performance management)
When the network is down, service diagnosis should be in place to
pinpoint the problem and provide recommendations (or instructions)
for network recovery.The service diagnosis information can be modeled as
technology-independent Remote Procedure Call (RPC) operations for
OAM protocols and technology-independent abstraction of key OAM
constructs for OAM protocols . These models can be used to provide
consistent configuration, reporting, and presentation for the OAM
mechanisms used to manage the network.Refer to for the device-specific
side.Service DecommissionService decommission allows a customer to stop the service by
removing the service from active status, thus releasing the
network resources that were allocated to the service. Customers can
also use the service model to withdraw the subscription to a
service.Service Fulfillment Management ProcedureIntended Configuration ProvisionIntended configuration at the device level is derived from
network models at the network level or service models at the service
level and represents the configuration that the system attempts to
apply. Take L3SM as a service model example to deliver an L3VPN
service; there is a need to map the L3VPN service view defined in
the service model into a detailed intended configuration view
defined by specific configuration models for network elements. The
configuration information includes:
Virtual Routing and Forwarding (VRF) definition, including
VPN policy expression
Physical Interface(s)
IP layer (IPv4, IPv6)
QoS features such as classification, profiles, etc.
Routing protocols: support of configuration of all protocols
listed in a service request, as well as routing policies
associated with those protocols
These specific configuration models can be used to configure
Provider Edge (PE) and Customer Edge (CE) devices within a site,
e.g., a BGP policy model can be used to establish VPN membership
between sites and VPN service topology.Note that in networks with legacy devices (that support
proprietary modules or do not support YANG at all), an adaptation
layer is likely to be required at the network level so that these
devices can be involved in the delivery of the network services.This interface is also used to handle service withdrawal ().Configuration ValidationConfiguration validation is used to validate intended
configuration and ensure the configuration takes effect.For example, if a customer creates an interface "eth-0/0/0" but
the interface does not physically exist at this point, then
configuration data appears in the <intended> status but does
not appear in the <operational> datastore. More details about
<intended> and <operational> datastores can be found in
.Performance MonitoringWhen a configuration is in
effect in a device, the <operational> datastore holds the
complete operational state of the device, including learned, system,
default configuration, and system state. However, the configurations
and state of a particular device do not have visibility on the
whole network, nor can they show how packets are going to be
forwarded through the entire network. Therefore, it becomes more
difficult to operate the entire network without understanding the
current status of the network.The management system should subscribe to updates of a YANG
datastore in all the network devices for performance monitoring
purposes and build a full topological visibility of the network by
aggregating (and filtering) these operational states from different
sources.Fault DiagnosticWhen configuration is in effect in a device, some devices may be
misconfigured (e.g., device links are not consistent in both sides
of the network connection) or network resources might be
misallocated. Therefore, services may be negatively affected
without knowing the root cause in the network.Technology-dependent nodes and RPC commands are defined in
technology-specific YANG data models, which can use and extend the
base model described in to deal with
these issues.These RPC commands received in the technology-dependent node can
be used to trigger technology-specific OAM message exchanges for
fault verification and fault isolation.
For example, Transparent Interconnection of Lots of Links (TRILL)
Multi-destination Tree Verification (MTV) RPC command can be used to trigger
Multi-Destination Tree Verification Messages (MTVMs) defined in to verify TRILL distribution tree
integrity.Multi-layer/Multi-domain Service MappingMulti-layer/Multi-domain Service Mapping allows the mapping of an
end-to-end abstract view of the service segmented at different layers
and/or different network domains into domain-specific views.One example is to map service parameters in the L3SM into
configuration parameters such as Route Distinguisher (RD), Route
Target (RT), and VRF in the L3VPN Network Model (L3NM).Another example is to map service parameters in the L3SM into
Traffic Engineered (TE) tunnel parameters (e.g., Tunnel ID) in TE
model and Virtual Network (VN) parameters (e.g., Access Point (AP)
list and VN members) in the YANG data model for VN operation .Service DecompositionService Decomposition allows to decompose service models at the
service level or network models at the network level into a set of
device models at the device level. These device models may be tied to
specific device types or classified into a collection of related YANG
modules based on service types and features offered, and they may load at the
implementation time before configuration is loaded and validated.YANG Data Model Integration ExamplesThe following subsections provide some YANG data model integration
examples.L2VPN/L3VPN Service DeliveryIn reference to , the following steps are
performed to deliver the L3VPN service within the network management
automation architecture defined in :
The Customer requests to create two sites (as per Service
Creation in ) relying upon L3SM
with each site having one network access connectivity, for
example:
Site A: network-access A, link-capacity = 20 Mbps, class
"foo", guaranteed-capacity-percent = 10, average-one-way-delay
= 70 ms.
Site B: network-access B, link-capacity = 30 Mbps, class
"foo1", guaranteed-capacity-percent = 15,
average-one-way-delay = 60 ms.
The Orchestrator extracts the service parameters from the L3SM.
Then, it uses them as input to the Service Mapping in to translate them into
orchestrated configuration parameters (e.g., RD, RT, and VRF) that are
part of the L3NM specified in .
The Controller takes the orchestrated configuration parameters
in the L3NM and translates them into an orchestrated (Service
Decomposition in ) configuration of
network elements that are part of, e.g., BGP, QoS, Network
Instance, IP management, and interface models.
can be used
for representing, managing, and controlling the User Network Interface
(UNI) topology.L3NM inherits some of the data elements from the L3SM. Nevertheless,
the L3NM as designed in does not expose some
information to the above layer such as the capabilities of an
underlying network (which can be used to drive service order handling)
or notifications (to notify subscribers about specific events or
degradations as per agreed SLAs). Some of this information can be
provided using, e.g., . A target overall
model is depicted in .Note that a similar analysis can be performed for Layer 2 VPNs
(L2VPNs). An L2VPN Service Model (L2SM) is defined in , while the YANG L2VPN Network
Model (L2NM) is specified in .VN Life-Cycle ManagementIn reference to , the following steps are
performed to deliver the VN service within the network management
automation architecture defined in :
A customer makes a request (Service
Exposure in ) to create a
VN. The association between the VN, APs, and VN members is defined in
the VN YANG model .
The Orchestrator creates the single abstract node topology based
on the information captured in the request.
The customer exchanges with the Orchestrator the connectivity
matrix on the abstract node topology and explicit paths using the TE
topology model . This
information can be used to instantiate the VN and set up tunnels
between source and destination endpoints (Service Creation in ).
In order to provide service assurance (Service Optimization in
), the telemetry model that
augments the VN model and corresponding TE tunnel model can be used
by the Orchestrator to subscribe to performance measurement
data. The Controller will then notify the Orchestrator with all the
parameter changes and network performance changes related to the VN
topology and the tunnels .
Event-Based Telemetry in the Device Self ManagementIn reference to , the
following steps are performed to monitor state changes of managed
resources in a network device and provide device self management
within the network management automation architecture defined in :
To control which state a network
device should be in or is allowed to be in at any given time, a set of
conditions and actions are defined and correlated with network events
(e.g., allow the NETCONF server to send updates only when the value
exceeds a certain threshold for the first time, but not again until
the threshold is cleared), which constitute an Event Condition Action
(ECA) policy or an event-driven policy control logic that can be
executed on the device (e.g., ).
To provide a rapid autonomic response that can exhibit
self-management properties, the Controller pushes the ECA policy
to the network device and delegates the network control logic to
the network device.
The network device uses the ECA model to subscribe to the event
source, e.g., an event stream or datastore state data conveyed to
the server via YANG-Push subscription , monitors state parameters, and takes simple and
instant actions when an associated event condition on state
parameters is met. ECA notifications can be generated as the result
of actions based on event stream subscription or datastore
subscription (model-driven telemetry operation discussed in ).
Security ConsiderationsMany of the YANG modules cited in this document define schema for
data that is designed to be accessed via network management protocols
such as NETCONF or RESTCONF . The lowest NETCONF layer is the secure
transport layer, and the mandatory-to-implement secure transport is
Secure Shell (SSH) . The lowest RESTCONF
layer is HTTPS, and the mandatory-to-implement secure transport is TLS
.The NETCONF access control model
provides the means to restrict access for particular NETCONF or RESTCONF
users to a preconfigured subset of all available NETCONF or RESTCONF
protocol operations and content.Security considerations specific to each of the technologies and
protocols listed in the document are discussed in the specification
documents of each of these protocols.In order to prevent leaking sensitive information and the "confused
deputy" problem in general, special care
should be considered when translating between the various layers in
or when aggregating data retrieved from
various sources. Authorization and authentication checks should be
performed to ensure that data is available to an authorized entity.
The network operator must enforce means to protect privacy-related
information included in customer-facing models.To detect misalignment between layers that might be induced by
misbehaving nodes, upper layers should continuously monitor the
perceived service () and should proceed with
checks to assess that the provided service complies with the expected
service and that the data reported by an underlying layer is matching
the perceived service by the above layer. Such checks are the
responsibility of the service diagnosis ().When a YANG module includes security-related parameters, it is
recommended to include the relevant information as part of the service
assurance to track the correct functioning of the security
mechanisms.Additional considerations are discussed in the following
subsections.Service LevelA provider may rely on services offered by other providers to build
composite services. Appropriate mechanisms should be enabled by the
provider to monitor and detect a service disruption from these
providers. The characterization of a service disruption (including
mean time between failures and mean time to repair), the escalation
procedure, and penalties are usually documented in contractual
agreements (e.g., as described in ). Misbehaving peer providers will
thus be identified and appropriate countermeasures will be
applied.The communication protocols that make use of a service model
between a customer and an operator are out of scope. Relevant security
considerations should be discussed in the specification documents of
these protocols.Network LevelSecurity considerations specific to the network level are listed
below:
A controller may create forwarding loops by misconfiguring the
underlying network nodes. It is recommended to proceed with tests
to check the status of forwarding paths regularly or whenever
changes are made to routing or forwarding processes. Such checks
may be triggered from the service level owing to the means
discussed in .
Some service models may include a traffic isolation clause that
is passed down to the network level so that appropriate
technology-specific actions must be enforced at the underlying
network (and thus involved network devices) to avoid that such
traffic is accessible to non-authorized parties. In particular,
network models may indicate whether encryption is enabled and, if so,
expose a list of supported encryption schemes and parameters. Refer,
for example, to the encryption feature defined in and its use
in .
Device LevelNetwork operators should monitor and audit their networks to detect
misbehaving nodes and abnormal behaviors. For example, OAM, as
discussed in , can be used for
that purpose.Access to some data requires specific access privilege levels.
Devices must check that a required access privilege is provided before
granting access to specific data or performing specific actions.IANA ConsiderationsThis document has no IANA actions.ReferencesNormative ReferencesNetwork Configuration Protocol (NETCONF)The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs). This document obsoletes RFC 4741. [STANDARDS-TRACK]Using the NETCONF Protocol over Secure Shell (SSH)This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. This document obsoletes RFC 4742. [STANDARDS-TRACK]The YANG 1.1 Data Modeling LanguageYANG is a data modeling language used to model configuration data, state data, Remote Procedure Calls, and notifications for network management protocols. This document describes the syntax and semantics of version 1.1 of the YANG language. YANG version 1.1 is a maintenance release of the YANG language, addressing ambiguities and defects in the original specification. There are a small number of backward incompatibilities from YANG version 1. This document also specifies the YANG mappings to the Network Configuration Protocol (NETCONF).RESTCONF ProtocolThis document describes an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in the Network Configuration Protocol (NETCONF).Network Configuration Access Control ModelThe standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) or the RESTCONF protocol requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF or RESTCONF protocol access for particular users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. This document defines such an access control model.This document obsoletes RFC 6536.The Transport Layer Security (TLS) Protocol Version 1.3This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.Informative ReferencesA YANG Data Model for VN OperationSamsung ElectronicsHuawei TechnologiesEricssonIndividualETRI This document provides a YANG data model generally applicable to any
mode of Virtual Network (VN) operation.
Work in ProgressYANG Data Model for Bidirectional Forwarding Detection (BFD)Cisco SystemsHuawei TechnologiesXoriant CorporationRtbrickZTE Corporation This document defines a YANG data model that can be used to configure
and manage Bidirectional Forwarding Detection (BFD).
The YANG modules in this document conform to the Network Management
Datastore Architecture (NMDA).
Work in ProgressDistributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel SpecificationOrangeMcAfee, Inc. This document specifies the Distributed Denial-of-Service Open Threat
Signaling (DOTS) signal channel, a protocol for signaling the need
for protection against Distributed Denial-of-Service (DDoS) attacks
to a server capable of enabling network traffic mitigation on behalf
of the requesting client.
A companion document defines the DOTS data channel, a separate
reliable communication layer for DOTS management and configuration
purposes.
This document obsoletes RFC 8782.
Work in ProgressA YANG Data model for ECA Policy ManagementHuaweiIndividualFraunhofer SITVolta NetworksCisco This document defines a YANG data model for Event Condition Action
(ECA) policy management. The ECA policy YANG module provides the
ability to delegate some network management functions to the server
which can take simple and instant action when a trigger condition on
the system state is met.
Work in ProgressYang Data Model for EVPNCisco SystemCiena CorporationInfinera CorporationJuniper NetworksNokia This document describes a YANG data model for Ethernet VPN services.
The model is agnostic of the underlay. It apply to MPLS as well as to
VxLAN encapsulation. The model is also agnostic of the services
including E-LAN, E-LINE and E-TREE services. This document mainly
focuses on EVPN and Ethernet-Segment instance framework.
Work in ProgressThe Confused Deputy: (or why capabilities might have been invented)BGP YANG Model for Service Provider NetworksKloud ServicesArrcusHuaweiJuniper Networks This document defines a YANG data model for configuring and managing
BGP, including protocol, policy, and operational aspects, such as
RIB, based on data center, carrier, and content provider operational
requirements.
Work in ProgressPerformance MetricsIANAYANG Data Model for MPLS-based L2VPNCiena CorporationCisco SystemsThe MITRE CorporationInfinera CorporationComcastJuniper Networks This document describes a YANG data model for Layer 2 VPN (L2VPN)
services over MPLS networks. These services include point-to-point
Virtual Private Wire Service (VPWS) and multipoint Virtual Private
LAN service (VPLS) that uses LDP and BGP signaled Pseudowires. It is
expected that this model will be used by the management tools run by
the network operators in order to manage and monitor the network
resources that they use to deliver L2VPN services.
This document also describes the YANG data model for the Pseudowires.
The independent definition of the Pseudowires facilitates its use in
Ethernet Segment and EVPN data models defined in separate document.
Work in ProgressYang Data Model for BGP/MPLS L3 VPNsCiscoArrcus, IncCiscoHuawei TechnologiesHuawei TechnologiesJabilJuniper NetworksJuniper NetworksComcast This document defines a YANG data model that can be used to configure
and manage BGP Layer 3 VPNs.
Work in ProgressMetrics and Methods for One-way IP CapacityAT&T LabsDeutsche TelekomAT&T Labs This memo revisits the problem of Network Capacity metrics first
examined in RFC 5136. The memo specifies a more practical Maximum
IP-layer Capacity metric definition catering for measurement
purposes, and outlines the corresponding methods of measurement.
Work in ProgressYang Data Model for Multicast in MPLS/BGP IP VPNsChina MobileHuaweiCiscoVolta NetworksJuniperJuniper This document defines a YANG data model that can be used to
configure and manage multicast in MPLS/BGP IP VPNs.
Work in ProgressYANG module for yangcatalog.orgCisco Systems, Inc.Cisco Systems, Inc. This document specifies a YANG module that contains metadata related
to YANG modules and vendor implementations of those YANG modules.
Work in ProgressA Layer 2 VPN Network YANG ModelTelefonicaTelefonicaOrangeVodafoneVerizonChina Unicom This document defines a YANG Data model (called, L2NM) that can be
used to manage the provisioning of Layer 2 VPN services within a
Service Provider Network. This YANG module provides representation
of the Layer 2 VPN Service from a network standpoint. The module is
meant to be used by a Network Controller to derive the configuration
information that will be sent to relevant network devices.
The L2NM YANG Data model complements the Layer 2 Service Model
(RFC8466) by providing a network-centric view of the service that is
internal to a Service Provider.
Work in ProgressA Layer 3 VPN Network YANG ModelTelefonicaTelefonicaOrangeVodafoneNokia This document defines a L3VPN Network YANG Model (L3NM) that can be
used to manage the provisioning of Layer 3 Virtual Private Network
(VPN) services within a Service Provider's network. The model
provides a network-centric view of L3VPN services.
L3NM is meant to be used by a Network Controller to derive the
configuration information that will be sent to relevant network
devices. The model can also facilitate the communication between a
service orchestrator and a network controller/orchestrator.
Work in ProgressA Layer 2/3 VPN Common YANG ModelTelefonicaTelefonicaOrangeHuawei This document defines a common YANG module that is meant to be reused
by various VPN-related modules such as Layer 3 VPN and Layer 2 VPN
network models.
Editorial Note (To be removed by RFC Editor)
Please update these statements within the document with the RFC
number to be assigned to this document:
o "This version of this YANG module is part of RFC XXXX;"
o "RFC XXXX: A Layer 2/3 VPN Common YANG Model";
o reference: RFC XXXX
Also, please update the "revision" date of the YANG module.
Work in ProgressA YANG Model for Network and VPN Service Performance MonitoringHuaweiHuaweiOrangeTelefonicaComcastChina UnicomChina Telecom The data model defined in RFC8345 introduces vertical layering
relationships between networks that can be augmented to cover
network/service topologies. This document defines a YANG model for
both Network Performance Monitoring and VPN Service Performance
Monitoring that can be used to monitor and manage network performance
on the topology at higher layer or the service topology between VPN
sites.
This document does not define metrics for network performance or
mechanisms for measuring network performance. The YANG model defined
in this document is designed as an augmentation to the network
topology YANG model defined in RFC 8345 and draws on relevant YANG
types defined in RFC 6991, RFC 8299, RFC 8345, and RFC 8532.
Work in ProgressA YANG Data Model for Protocol Independent Multicast (PIM)Volta NetworksMetaswitch NetworksIndividualJuniper NetworksHuawei TechnologiesZTE Corporation This document defines a YANG data model that can be used to configure
and manage devices supporting Protocol Independent Multicast (PIM).
The model covers the PIM protocol configuration, operational state,
and event notifications data.
Work in ProgressYANG Model for QoSCisco SystemsVMwareJuniper NetworksJuniper NetworksThe MITRE Corporation This document describes a YANG model for Quality of Service (QoS)
configuration and operational parameters.
Work in ProgressFramework for Layer 3 Virtual Private Networks (L3VPN) Operations and ManagementThis document provides a framework for the operation and management of Layer 3 Virtual Private Networks (L3VPNs). This framework intends to produce a coherent description of the significant technical issues that are important in the design of L3VPN management solutions. The selection of specific approaches, and making choices among information models and protocols are outside the scope of this document. This memo provides information for the Internet community.BGP/MPLS IP Virtual Private Networks (VPNs)This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers' edge routers (CE routers) send their routes to the Service Provider's edge routers (PE routers); there is no "overlay" visible to the customer's routing algorithm, and CE routers at different sites do not peer with each other. Data packets are tunneled through the backbone, so that the core routers do not need to know the VPN routes. [STANDARDS-TRACK]Framework for Layer 2 Virtual Private Networks (L2VPNs)This document provides a framework for Layer 2 Provider Provisioned Virtual Private Networks (L2VPNs). This framework is intended to aid in standardizing protocols and mechanisms to support interoperable L2VPNs. This memo provides information for the Internet community.Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and SignalingVirtual Private LAN Service (VPLS), also known as Transparent LAN Service and Virtual Private Switched Network service, is a useful Service Provider offering. The service offers a Layer 2 Virtual Private Network (VPN); however, in the case of VPLS, the customers in the VPN are connected by a multipoint Ethernet LAN, in contrast to the usual Layer 2 VPNs, which are point-to-point in nature.This document describes the functions required to offer VPLS, a mechanism for signaling a VPLS, and rules for forwarding VPLS frames across a packet switched network. [STANDARDS-TRACK]Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) SignalingThis document describes a Virtual Private LAN Service (VPLS) solution using pseudowires, a service previously implemented over other tunneling technologies and known as Transparent LAN Services (TLS). A VPLS creates an emulated LAN segment for a given set of users; i.e., it creates a Layer 2 broadcast domain that is fully capable of learning and forwarding on Ethernet MAC addresses and that is closed to a given set of users. Multiple VPLS services can be supported from a single Provider Edge (PE) node.This document describes the control plane functions of signaling pseudowire labels using Label Distribution Protocol (LDP), extending RFC 4447. It is agnostic to discovery protocols. The data plane functions of forwarding are also described, focusing in particular on the learning of MAC addresses. The encapsulation of VPLS packets is described by RFC 4448. [STANDARDS-TRACK]Defining Network CapacityMeasuring capacity is a task that sounds simple, but in reality can be quite complex. In addition, the lack of a unified nomenclature on this subject makes it increasingly difficult to properly build, test, and use techniques and tools built around these constructs. This document provides definitions for the terms 'Capacity' and 'Available Capacity' related to IP traffic traveling between a source and destination in an IP network. By doing so, we hope to provide a common framework for the discussion and analysis of a diverse set of current and future estimation techniques. This memo provides information for the Internet community.Session Peering for Multimedia Interconnect (SPEERMINT) TerminologyThis document defines the terminology that is to be used in describing Session PEERing for Multimedia INTerconnect (SPEERMINT). This memo provides information for the Internet community.Bidirectional Forwarding Detection (BFD)This document describes a protocol intended to detect faults in the bidirectional path between two forwarding engines, including interfaces, data link(s), and to the extent possible the forwarding engines themselves, with potentially very low latency. It operates independently of media, data protocols, and routing protocols. [STANDARDS-TRACK]Session PEERing for Multimedia INTerconnect (SPEERMINT) ArchitectureThis document defines a peering architecture for the Session Initiation Protocol (SIP) and its functional components and interfaces. It also describes the components and the steps necessary to establish a session between two SIP Service Provider (SSP) peering domains. This document is not an Internet Standards Track specification; it is published for informational purposes.Software-Defined Networking: A Perspective from within a Service Provider EnvironmentSoftware-Defined Networking (SDN) has been one of the major buzz words of the networking industry for the past couple of years. And yet, no clear definition of what SDN actually covers has been broadly admitted so far. This document aims to clarify the SDN landscape by providing a perspective on requirements, issues, and other considerations about SDN, as seen from within a service provider environment.It is not meant to endlessly discuss what SDN truly means but rather to suggest a functional taxonomy of the techniques that can be used under an SDN umbrella and to elaborate on the various pending issues the combined activation of such techniques inevitably raises. As such, a definition of SDN is only mentioned for the sake of clarification.IANA Interface Type YANG ModuleThis document defines the initial version of the iana-if-type YANG module.An Overview of Operations, Administration, and Maintenance (OAM) ToolsOperations, Administration, and Maintenance (OAM) is a general term that refers to a toolset for fault detection and isolation, and for performance measurement. Over the years, various OAM tools have been defined for various layers in the protocol stack.This document summarizes some of the OAM tools defined in the IETF in the context of IP unicast, MPLS, MPLS Transport Profile (MPLS-TP), pseudowires, and Transparent Interconnection of Lots of Links (TRILL). This document focuses on tools for detecting and isolating failures in networks and for performance monitoring. Control and management aspects of OAM are outside the scope of this document. Network repair functions such as Fast Reroute (FRR) and protection switching, which are often triggered by OAM protocols, are also out of the scope of this document.The target audience of this document includes network equipment vendors, network operators, and standards development organizations. This document can be used as an index to some of the main OAM tools defined in the IETF. At the end of the document, a list of the OAM toolsets and a list of the OAM functions are presented as a summary.IP Connectivity Provisioning Profile (CPP)This document describes the Connectivity Provisioning Profile (CPP) and proposes a CPP template to capture IP/MPLS connectivity requirements to be met within a service delivery context (e.g., Voice over IP or IP TV). The CPP defines the set of IP transfer parameters to be supported by the underlying transport network together with a reachability scope and bandwidth/capacity needs. Appropriate performance metrics, such as one-way delay or one-way delay variation, are used to characterize an IP transfer service. Both global and restricted reachability scopes can be captured in the CPP.Such a generic CPP template is meant to (1) facilitate the automation of the service negotiation and activation procedures, thus accelerating service provisioning, (2) set (traffic) objectives of Traffic Engineering functions and service management functions, and (3) improve service and network management systems with 'decision- making' capabilities based upon negotiated/offered CPPs.A YANG Data Model for System ManagementThis document defines a YANG data model for the configuration and identification of some common system properties within a device containing a Network Configuration Protocol (NETCONF) server. This document also includes data node definitions for system identification, time-of-day management, user management, DNS resolver configuration, and some protocol operations for system management.Transparent Interconnection of Lots of Links (TRILL): Fault ManagementThis document specifies Transparent Interconnection of Lots of Links (TRILL) Operations, Administration, and Maintenance (OAM) fault management. Methods in this document follow the CFM (Connectivity Fault Management) framework defined in IEEE 802.1 and reuse OAM tools where possible. Additional messages and TLVs are defined for TRILL-specific applications or for cases where a different set of information is required other than CFM as defined in IEEE 802.1. This document updates RFC 6325.Service Function Chaining (SFC) ArchitectureThis document describes an architecture for the specification, creation, and ongoing maintenance of Service Function Chains (SFCs) in a network. It includes architectural concepts, principles, and components used in the construction of composite services through deployment of SFCs, with a focus on those to be standardized in the IETF. This document does not propose solutions, protocols, or extensions to existing protocols.A One-Way Delay Metric for IP Performance Metrics (IPPM)This memo defines a metric for one-way delay of packets across Internet paths. It builds on notions introduced and discussed in the IP Performance Metrics (IPPM) Framework document, RFC 2330; the reader is assumed to be familiar with that document. This memo makes RFC 2679 obsolete.A One-Way Loss Metric for IP Performance Metrics (IPPM)This memo defines a metric for one-way loss of packets across Internet paths. It builds on notions introduced and discussed in the IP Performance Metrics (IPPM) Framework document, RFC 2330; the reader is assumed to be familiar with that document. This memo makes RFC 2680 obsolete.Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)Layer 2 services (such as Frame Relay, Asynchronous Transfer Mode, and Ethernet) can be emulated over an MPLS backbone by encapsulating the Layer 2 Protocol Data Units (PDUs) and then transmitting them over pseudowires (PWs). It is also possible to use pseudowires to provide low-rate Time-Division Multiplexed and Synchronous Optical NETworking circuit emulation over an MPLS-enabled network. This document specifies a protocol for establishing and maintaining the pseudowires, using extensions to the Label Distribution Protocol (LDP). Procedures for encapsulating Layer 2 PDUs are specified in other documents.This document is a rewrite of RFC 4447 for publication as an Internet Standard.A YANG Data Model for LMAP Measurement AgentsThis document defines a data model for Large-Scale Measurement Platforms (LMAPs). The data model is defined using the YANG data modeling language.YANG Module ClassificationThe YANG data modeling language is currently being considered for a wide variety of applications throughout the networking industry at large. Many standards development organizations (SDOs), open-source software projects, vendors, and users are using YANG to develop and publish YANG modules for a wide variety of applications. At the same time, there is currently no well-known terminology to categorize various types of YANG modules.A consistent terminology would help with the categorization of YANG modules, assist in the analysis of the YANG data modeling efforts in the IETF and other organizations, and bring clarity to the YANG- related discussions between the different groups.This document describes a set of concepts and associated terms to support consistent classification of YANG modules.YANG Data Model for L3VPN Service DeliveryThis document defines a YANG data model that can be used for communication between customers and network operators and to deliver a Layer 3 provider-provisioned VPN service. This document is limited to BGP PE-based VPNs as described in RFCs 4026, 4110, and 4364. This model is intended to be instantiated at the management system to deliver the overall service. It is not a configuration model to be used directly on network elements. This model provides an abstracted view of the Layer 3 IP VPN service configuration components. It will be up to the management system to take this model as input and use specific configuration models to configure the different network elements to deliver the service. How the configuration of network elements is done is out of scope for this document.This document obsoletes RFC 8049; it replaces the unimplementable module in that RFC with a new module with the same name that is not backward compatible. The changes are a series of small fixes to the YANG module and some clarifications to the text.Service Models ExplainedThe IETF has produced many modules in the YANG modeling language. The majority of these modules are used to construct data models to model devices or monolithic functions.A small number of YANG modules have been defined to model services (for example, the Layer 3 Virtual Private Network Service Model (L3SM) produced by the L3SM working group and documented in RFC 8049).This document describes service models as used within the IETF and also shows where a service model might fit into a software-defined networking architecture. Note that service models do not make any assumption of how a service is actually engineered and delivered for a customer; details of how network protocols and devices are engineered to deliver a service are captured in other modules that are not exposed through the interface between the customer and the provider.Network Management Datastore Architecture (NMDA)Datastores are a fundamental concept binding the data models written in the YANG data modeling language to network management protocols such as the Network Configuration Protocol (NETCONF) and RESTCONF. This document defines an architectural framework for datastores based on the experience gained with the initial simpler model, addressing requirements that were not well supported in the initial model. This document updates RFC 7950.A YANG Data Model for Interface ManagementThis document defines a YANG data model for the management of network interfaces. It is expected that interface-type-specific data models augment the generic interfaces data model defined in this document. The data model includes definitions for configuration and system state (status information and counters for the collection of statistics).The YANG data model in this document conforms to the Network Management Datastore Architecture (NMDA) defined in RFC 8342.This document obsoletes RFC 7223.A YANG Data Model for Network TopologiesThis document defines an abstract (generic, or base) YANG data model for network/service topologies and inventories. The data model serves as a base model that is augmented with technology-specific details in other, more specific topology and inventory data models.A YANG Data Model for Layer 3 TopologiesThis document defines a YANG data model for Layer 3 network topologies.A YANG Data Model for Hardware ManagementThis document defines a YANG data model for the management of hardware on a single server.A YANG Data Model for Routing Management (NMDA Version)This document specifies three YANG modules and one submodule. Together, they form the core routing data model that serves as a framework for configuring and managing a routing subsystem. It is expected that these modules will be augmented by additional YANG modules defining data models for control-plane protocols, route filters, and other functions. The core routing data model provides common building blocks for such extensions -- routes, Routing Information Bases (RIBs), and control-plane protocols.The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA). This document obsoletes RFC 8022.A YANG Data Model for Layer 2 Virtual Private Network (L2VPN) Service DeliveryThis document defines a YANG data model that can be used to configure a Layer 2 provider-provisioned VPN service. It is up to a management system to take this as an input and generate specific configuration models to configure the different network elements to deliver the service. How this configuration of network elements is done is out of scope for this document.The YANG data model defined in this document includes support for point-to-point Virtual Private Wire Services (VPWSs) and multipoint Virtual Private LAN Services (VPLSs) that use Pseudowires signaled using the Label Distribution Protocol (LDP) and the Border Gateway Protocol (BGP) as described in RFCs 4761 and 6624.The YANG data model defined in this document conforms to the Network Management Datastore Architecture defined in RFC 8342.A YANG Module for Network Address Translation (NAT) and Network Prefix Translation (NPT)This document defines a YANG module for the Network Address Translation (NAT) function.Network Address Translation from IPv4 to IPv4 (NAT44), Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers (NAT64), customer-side translator (CLAT), Stateless IP/ICMP Translation (SIIT), Explicit Address Mappings (EAM) for SIIT, IPv6-to-IPv6 Network Prefix Translation (NPTv6), and Destination NAT are covered in this document.A YANG Data Model for Dual-Stack Lite (DS-Lite)This document defines a YANG module for the Dual-Stack Lite (DS-Lite) Address Family Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements.YANG Data Model for Network Access Control Lists (ACLs)This document defines a data model for Access Control Lists (ACLs). An ACL is a user-ordered set of rules used to configure the forwarding behavior in a device. Each rule is used to find a match on a packet and define actions that will be performed on the packet.YANG LibraryThis document describes a YANG library that provides information about the YANG modules, datastores, and datastore schemas used by a network management server. Simple caching mechanisms are provided to allow clients to minimize retrieval of this information. This version of the YANG library supports the Network Management Datastore Architecture (NMDA) by listing all datastores supported by a network management server and the schema that is used by each of these datastores.YANG Schema MountThis document defines a mechanism that adds the schema trees defined by a set of YANG modules onto a mount point defined in the schema tree in another YANG module.YANG Data Model for Network InstancesThis document defines a network instance module. This module can be used to manage the virtual resource partitioning that may be present on a network device. Examples of common industry terms for virtual resource partitioning are VPN Routing and Forwarding (VRF) instances and Virtual Switch Instances (VSIs).The YANG data model in this document conforms to the Network Management Datastore Architecture (NMDA) defined in RFC 8342.YANG Model for Logical Network ElementsThis document defines a logical network element (LNE) YANG module that is compliant with the Network Management Datastore Architecture (NMDA). This module can be used to manage the logical resource partitioning that may be present on a network device. Examples of common industry terms for logical resource partitioning are logical systems or logical routers. The YANG model in this document conforms with NMDA as defined in RFC 8342.Generic YANG Data Model for Connection-Oriented Operations, Administration, and Maintenance (OAM) ProtocolsThis document presents a base YANG data model for connection-oriented Operations, Administration, and Maintenance (OAM) protocols. It provides a technology-independent abstraction of key OAM constructs for such protocols. The model presented here can be extended to include technology-specific details. This guarantees uniformity in the management of OAM protocols and provides support for nested OAM workflows (i.e., performing OAM functions at different levels through a unified interface).The YANG data model in this document conforms to the Network Management Datastore Architecture.Generic YANG Data Model for the Management of Operations, Administration, and Maintenance (OAM) Protocols That Use Connectionless CommunicationsThis document presents a base YANG Data model for the management of Operations, Administration, and Maintenance (OAM) protocols that use connectionless communications. The data model is defined using the YANG data modeling language, as specified in RFC 7950. It provides a technology-independent abstraction of key OAM constructs for OAM protocols that use connectionless communication. The base model presented here can be extended to include technology-specific details.There are two key benefits of this approach: First, it leads to uniformity between OAM protocols. Second, it supports both nested OAM workflows (i.e., performing OAM functions at the same level or different levels through a unified interface) as well as interactive OAM workflows (i.e., performing OAM functions at the same level through a unified interface).A YANG Data Model for Retrieval Methods for the Management of Operations, Administration, and Maintenance (OAM) Protocols That Use Connectionless CommunicationsThis document presents a retrieval method YANG data model for connectionless Operations, Administration, and Maintenance (OAM) protocols. It provides technology-independent RPC operations for OAM protocols that use connectionless communication. The retrieval methods model herein presented can be extended to include technology- specific details. There are two key benefits of this approach: First, it leads to uniformity between OAM protocols. Second, it supports both nested OAM workflows (i.e., performing OAM functions at different or the same levels through a unified interface) as well as interactive OAM workflows (i.e., performing OAM functions at the same levels through a unified interface).A YANG Data Model for Alarm ManagementThis document defines a YANG module for alarm management. It includes functions for alarm-list management, alarm shelving, and notifications to inform management systems. There are also operations to manage the operator state of an alarm and administrative alarm procedures. The module carefully maps to relevant alarm standards.Subscription to YANG Notifications for Datastore UpdatesThis document describes a mechanism that allows subscriber applications to request a continuous and customized stream of updates from a YANG datastore. Providing such visibility into updates enables new capabilities based on the remote mirroring and monitoring of configuration and operational state.A YANG Data Model for the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD)This document defines a YANG data model that can be used to configure and manage Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) devices.A YANG Data Model for Tunnel Interface TypesThis document specifies the initial version of a YANG module "iana-tunnel-type", which contains a collection of IANA-maintained YANG identities used as interface types for tunnel interfaces. The module reflects the "tunnelType" registry maintained by IANA. The latest revision of this YANG module can be obtained from the IANA website.Tunnel type values are not directly added to the Tunnel Interface Types YANG module; they must instead be added to the "tunnelType" IANA registry. Once a new tunnel type registration is made by IANA for a new tunneling scheme or even an existing one that is not already listed in the current registry (e.g., LISP, NSH), IANA will update the Tunnel Interface Types YANG module accordingly.Some of the IETF-defined tunneling techniques are not listed in the current IANA registry. It is not the intent of this document to update the existing IANA registry with a comprehensive list of tunnel technologies. Registrants must follow the IETF registration procedure for interface types whenever a new tunnel type is needed.YANG Modules for IPv4-in-IPv6 Address plus Port (A+P) SoftwiresThis document defines YANG modules for the configuration and operation of IPv4-in-IPv6 softwire Border Relays and Customer Premises Equipment for the Lightweight 4over6, Mapping of Address and Port with Encapsulation (MAP-E), and Mapping of Address and Port using Translation (MAP-T) softwire mechanisms.Distributed Denial-of-Service Open Threat Signaling (DOTS) Data Channel SpecificationThe document specifies a Distributed Denial-of-Service Open Threat Signaling (DOTS) data channel used for bulk exchange of data that cannot easily or appropriately communicated through the DOTS signal channel under attack conditions.This is a companion document to "Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification" (RFC 8782).YANG Data Structure ExtensionsThis document describes YANG mechanisms for defining abstract data structures with YANG.YANG Data Model for Traffic Engineering (TE) TopologiesThis document defines a YANG data model for representing, retrieving, and manipulating Traffic Engineering (TE) Topologies. The model serves as a base model that other technology-specific TE topology models can augment.YANG Module TagsThis document provides for the association of tags with YANG modules. The expectation is for such tags to be used to help classify and organize modules. A method for defining, reading, and writing modules tags is provided. Tags may be registered and assigned during module definition, assigned by implementations, or dynamically defined and set by users. This document also provides guidance to future model writers; as such, this document updates RFC 8407.A YANG Data Model for Layer 2 Network TopologiesThis document defines a YANG data model for Layer 2 network topologies. In particular, this data model augments the generic network and network topology data models with topology attributes that are specific to Layer 2.A YANG Data Model for MPLS BaseThis document contains a specification of the MPLS base YANG data model. The MPLS base YANG data model serves as a base framework for configuring and managing an MPLS switching subsystem on an MPLS-enabled router. It is expected that other MPLS YANG data models (e.g., MPLS Label Switched Path (LSP) static, LDP, or RSVP-TE YANG data models) will augment the MPLS base YANG data model.A YANG Data Model for Routing PolicyFutureweiApstraCiscoVolta Networks This document defines a YANG data model for configuring and managing
routing policies in a vendor-neutral way. The model provides a
generic routing policy framework which can be extended for specific
routing protocols using the YANG 'augment' mechanism.
Work in ProgressA Yang Data Model for IGMP and MLD SnoopingEricssonVolta NetworksChina MobileJuniperIndividualThis document defines a YANG data model that can be used to configure
and manage Internet Group Management Protocol (IGMP) and Multicast
Listener Discovery (MLD) Snooping devices. The YANG module in this
document conforms to Network Management Datastore Architecture (NMDA).
Work in ProgressYANG Data Model for Segment RoutingCisco SystemsFutureweiCisco SystemsArrcus NetworksApstra This document defines a YANG data model for segment routing
configuration and operation, which is to be augmented by different
segment routing data planes. The document also defines a YANG model
that is intended to be used on network elements to configure or
operate segment routing MPLS data plane, as well as some generic
containers to be reused by IGP protocol modules to support segment
routing.
Work in ProgressSimple Two-way Active Measurement Protocol (STAMP) Data ModelZTE Corp.ZTE Corp.Ericsson This document specifies the data model for implementations of
Session-Sender and Session-Reflector for Simple Two-way Active
Measurement Protocol (STAMP) mode using YANG.
Work in ProgressYANG models for VN/TE Performance Monitoring Telemetry and Scaling Intent AutonomicsSamsung ElectronicsHuawei TechnologiesHuawei TechnologiesCTTCLancaster UniversityEricsson This document provides YANG data models that describe performance
monitoring telemetry and scaling intent mechanism for TE-tunnels and
Virtual Networks (VN).
The models presented in this draft allow customers to subscribe to
and monitor their key performance data of their interest on the level
of TE-tunnel or VN. The models also provide customers with the
ability to program autonomic scaling intent mechanism on the level of
TE-tunnel as well as VN.
Work in ProgressYang model for requesting Path ComputationHuaweiNokiaTelefonicaGoogleChina Unicom There are scenarios, typically in a hierarchical SDN context, where
the topology information provided by a TE network provider may not
be sufficient for its client to perform end-to-end path computation.
In these cases the client would need to request the provider to
calculate some (partial) feasible paths.
This document defines a YANG data model for an RPC to request path
computation. This model complements the solution, defined in
RFCXXXX, to configure a TE Tunnel path in "compute-only" mode.
[RFC EDITOR NOTE: Please replace RFC XXXX with the RFC number of
draft-ietf-teas-yang-te once it has been published.
Moreover this document describes some use cases where a path
computation request, via YANG-based protocols (e.g., NETCONF or
RESTCONF), can be needed.
Work in ProgressA YANG Data Model for RSVP-TE ProtocolJuniper NetworksJuniper NetworksCisco SystemsVolta NetworksHuawei TechnologiesCiena This document defines a YANG data model for the configuration and
management of RSVP (Resource Reservation Protocol) to establish
Traffic-Engineered (TE) Label-Switched Paths (LSPs) for MPLS (Multi-
Protocol Label Switching) and other technologies.
The model defines a generic RSVP-TE module for signaling LSPs that
are technology agnostic. The generic RSVP-TE module is to be
augmented by technology specific RSVP-TE modules that define
technology specific data. This document also defines the
augmentation for RSVP-TE MPLS LSPs model.
This model covers data for the configuration, operational state,
remote procedural calls, and event notifications.
Work in ProgressA YANG Data Model for Traffic Engineering Tunnels, Label Switched Paths and InterfacesJuniper NetworksCisco Systems IncVolta NetworksJuniper NetworksIndividual This document defines a YANG data model for the configuration and
management of Traffic Engineering (TE) tunnels, Label Switched Paths
(LSPs). and interfaces. The model is divided into YANG modules that
classify data into generic, device-specific, technology agnostic, and
technology-specific elements.
This model covers data for configuration, operational state, remote
procedural calls, and event notifications.
Work in ProgressYANG Data Model for TRILL Operations, Administration, and Maintenance (OAM) This document presents YANG Data model for TRILL OAM. It extends the
Generic YANG model for OAM defined in with TRILL technology
specifics. Table of Contents.
Work in ProgressTwo-Way Active Measurement Protocol (TWAMP) Data ModelCiena CorporationAT&T LabsCisco SystemsXoriant CorporationTravelping This document specifies a data model for client and server
implementations of the Two-Way Active Measurement Protocol (TWAMP).
The document defines the TWAMP data model through Unified Modeling
Language (UML) class diagrams and formally specifies it using a NDMA-
compliant YANG model.
Work in ProgressA YANG Model for User-Network Interface (UNI) TopologiesTelefonicaTelefonicaHuaweiOrange This document defines a YANG data model for representing an abstract
view of the Service Provider network topology containing the points
from which its services can be attached (e.g., basic connectivity,
VPN, SDWAN). The data model augments the 'ietf-network' data model
by adding the concept of service-attachment-points. The service-
attachment-points are an abstraction of the points to which network
services (such as L3 VPN or L2 VPN) can be attached.
Work in ProgressLayered YANG Module Examples OverviewThis appendix lists a set of YANG data models that can be used for
the delivery of connectivity services. These models can be classified as
service, network, or device models.It is not the intent of this appendix to provide an inventory of
tools and mechanisms used in specific network and service management
domains; such inventory can be found in documents such as .The reader may refer to the YANG Catalog (<>) or the public Github YANG
repository (<>) to
query existing YANG models. The YANG Catalog includes some metadata to
indicate the module type ('module-classification') . Note that
the mechanism defined in
allows to associate tags with YANG modules in order to help classifying
the modules.Service Models: Definition and SamplesAs described in , the
service is "some form of connectivity between customer sites and the
Internet or between customer sites across the network operator's
network and across the Internet". More concretely, an IP connectivity
service can be defined as the IP transfer capability characterized by
a (Source Nets, Destination Nets, Guarantees, Scope) tuple where
"Source Nets" is a group of unicast IP addresses, "Destination Nets"
is a group of IP unicast and/or multicast addresses, and "Guarantees"
reflects the guarantees (expressed, for example, in terms of QoS,
performance, and availability) to properly forward traffic to the said
"Destination" . The "Scope"
denotes the network perimeter (e.g., between Provider Edge (PE)
routers or Customer Nodes) where the said guarantees need to be
provided.For example:
The L3SM defines the L3VPN
service ordered by a customer from a network operator.
The L2SM defines the L2VPN
service ordered by a customer from a network operator.
The Virtual Network (VN) model provides a
YANG data model applicable to any mode of VN operation.
L2SM and L3SM are customer service models as per .Schema MountModularity and extensibility were among the leading design
principles of the YANG data modeling language. As a result, the same
YANG module can be combined with various sets of other modules and
thus form a data model that is tailored to meet the requirements of a
specific use case. defines a mechanism,
denoted "schema mount", that allows for mounting one data model
consisting of any number of YANG modules at a specified location of
another (parent) schema.Network Models: SamplesL2NM and L3NM are examples of YANG
network models. depicts a set of additional network
models such as topology and tunnel models:Examples of topology YANG modules are listed below:
Network Topologies Model:
defines a base model for network
topology and inventories. Network topology data includes link, node, and
terminate-point resources.
TE Topology Model:
defines a YANG data model for
representing and manipulating TE topologies.
This module is extended from the network topology model defined in and includes content related to TE
topologies. This model contains technology-agnostic TE topology building
blocks that can be augmented and used by other technology-specific TE
topology models.
Layer 3 Topology Model:
defines a YANG data model
for representing and manipulating Layer 3 topologies. This model is extended
from the network topology model defined in and includes content related to Layer 3 topology specifics.
Layer 2 Topology Model:
defines a YANG data model
for representing and manipulating Layer 2 topologies. This model is extended
from the network topology model defined in and includes content related to Layer 2 topology specifics.
Examples of tunnel YANG modules are provided below:
Tunnel Identities:
defines a collection of YANG
identities used as interface types for tunnel interfaces.
TE Tunnel Model:
defines a YANG
module for the configuration and management of TE interfaces, tunnels, and
LSPs.
augments the TE
generic and MPLS-TE model(s) and defines a YANG module for SR-TE-specific
data.
MPLS-TE Model:
augments the TE
generic and MPLS-TE model(s) and defines a YANG module for MPLS-TE
configurations, state, RPC, and notifications.
RSVP-TE MPLS Model:
augments the
RSVP-TE generic module with parameters to configure and manage signaling of
MPLS RSVP-TE LSPs.
Other sample network models are listed hereafter:
Path Computation API Model:
defines a YANG module for a stateless RPC that complements the stateful
solution defined in .
OAM Models (including Fault Management (FM) and Performance Monitoring):
defines a base YANG module for
the management of OAM protocols that use Connectionless Communications. defines a retrieval method YANG module
for connectionless OAM protocols.
defines a base YANG module for connection-oriented OAM protocols. These three
models are intended to provide consistent reporting, configuration, and
representation for connectionless OAM and connection-oriented OAM
separately.Alarm monitoring is a fundamental part of monitoring the
network. Raw alarms from devices do not always tell the status of
the network services or necessarily point to the root cause. defines a YANG module for
alarm management.
Device Models: SamplesNetwork Element models (listed in )
are used to describe how a service can be implemented by activating
and tweaking a set of functions (enabled in one or multiple devices,
or hosted in cloud infrastructures) that are involved in the service
delivery. For example, the L3VPN service will involve many PEs and
require manipulating the following modules:
Routing management
BGP
PIM
NAT management
QoS management
ACLs
uses IETF-defined data models
as an example.Model Composition
Logical Network Element Model:
defines a logical network
element model that can be used to manage the logical resource partitioning
that may be present on a network device. Examples of common industry terms for
logical resource partitioning are Logical Systems or Logical Routers.
Network Instance Model:
defines a network instance
module. This module can be used to manage the virtual resource partitioning
that may be present on a network device. Examples of common industry terms for
virtual resource partitioning are VRF instances and Virtual Switch Instances
(VSIs).
Device ManagementThe following list enumerates some YANG modules that can be used
for device management:
defines a YANG module for the
management of hardware.
defines the "ietf-system"
YANG module that provides many features such as the
configuration and the monitoring of system or system control
operations (e.g., shutdown, restart, and setting time)
identification.
defines a network
configuration access control YANG module.
Interface ManagementThe following provides some YANG modules that can be used for
interface management:
defines a YANG module for
interface type definitions.
defines a YANG module for the
management of network interfaces.
Some Device Model ExamplesThe following provides an overview of some device models that can
be used within a network. This list is not comprehensive.
L2VPN:
defines a YANG module for MPLS-based Layer 2 VPN services
(L2VPN) and includes
switching between the local attachment circuits. The L2VPN model
covers point-to-point Virtual Private Wire Service (VPWS) and
Multipoint Virtual Private LAN Service (VPLS). These
services use signaling of Pseudowires across MPLS networks using
LDP or BGP .
EVPN:
defines a YANG module for Ethernet VPN services. The model is
agnostic of the underlay. It applies to MPLS as well as to
Virtual eXtensible Local Area Network (VxLAN) encapsulation.
The module is also agnostic to the services, including E-LAN,
E-LINE, and E-TREE services.
L3VPN:
defines a YANG module that can be used to configure and manage
BGP L3VPNs . It
contains VRF-specific parameters as well as BGP-specific
parameters applicable for L3VPNs.
Core Routing:
defines the core routing YANG data model, which is intended as a
basis for future data model development covering
more-sophisticated routing systems. It is expected that other
Routing technology YANG modules (e.g., VRRP, RIP, ISIS, or OSPF
models) will augment the Core Routing base YANG module.
MPLS:
defines a base model
for MPLS that serves as a base framework for configuring and
managing an MPLS switching subsystem. It is expected that other
MPLS technology YANG modules (e.g., MPLS LSP Static, LDP, or
RSVP-TE models) will augment the MPLS base YANG module.
BGP:
defines a YANG module for configuring and managing BGP,
including protocol, policy, and operational aspects based on
data center, carrier, and content provider operational
requirements.
Routing Policy:
defines a YANG
module for configuring and managing routing policies based on
operational practice. The module provides a generic policy
framework that can be augmented with protocol-specific policy
configuration.
SR/SRv6:
defines a YANG module for segment routing configuration and
operation.
BFD:
Bidirectional Forwarding Detection (BFD)
is a network protocol that is
used for liveness detection of arbitrary paths between systems.
defines a YANG module
that can be used to configure and manage BFD.
Multicast:
defines a YANG module that
can be used to configure and manage Protocol Independent
Multicast (PIM) devices. defines a YANG module that can be used
to configure and manage Internet Group Management Protocol
(IGMP) and Multicast Listener Discovery (MLD) devices. defines a
YANG module that can be used to configure and manage Internet
Group Management Protocol (IGMP) and Multicast Listener
Discovery (MLD) snooping devices. defines a YANG data
model to configure and manage Multicast in MPLS/BGP IP VPNs
(MVPNs).
PM:
defines a YANG data
model for client and server implementations of the Two-Way
Active Measurement Protocol (TWAMP).
defines the data model for implementations of Session-Sender and
Session-Reflector for Simple Two-way Active Measurement Protocol
(STAMP) mode using YANG. defines a YANG data model for
Large-Scale Measurement Platforms (LMAPs).
ACL:
An Access Control List (ACL) is one of the basic
elements used to configure device-forwarding behavior. It is
used in many networking technologies such as Policy-Based
Routing, firewalls, etc.
describes a YANG data model of ACL basic building blocks.
QoS:
describes a YANG
module of Differentiated Services for configuration and
operations.
NAT:
For the sake of network automation and the need for
programming the Network Address Translation (NAT) function in
particular, a YANG data model for configuring and managing the
NAT is essential. defines a YANG module for the NAT
function covering a variety of NAT flavors such as Network
Address Translation from IPv4 to IPv4 (NAT44), Network Address
and Protocol Translation from IPv6 Clients to IPv4 Servers
(NAT64), customer-side translator (CLAT), Stateless IP/ICMP
Translation (SIIT), Explicit Address Mappings (EAMs) for SIIT,
IPv6-to-IPv6 Network Prefix Translation (NPTv6), and Destination
NAT.
specifies a Dual-Stack Lite (DS-Lite) YANG module.
Stateless Address Sharing:
specifies a YANG
module for Address plus Port (A+P) address sharing, including
Lightweight 4over6, Mapping of Address and Port with
Encapsulation (MAP-E), and Mapping of Address and Port using
Translation (MAP-T) softwire mechanisms.
AcknowledgementsThanks to , , , ,
, , , , and for the review.Many thanks to for the detailed AD review.Thanks to , , , and for the IESG review.ContributorsOrangeRennes, 35000FranceChristian.jacquenet@orange.comTelefonicaluismiguel.contrerasmurillo@telefonica.comTelefonicaMadridSpainoscar.gonzalezdedios@telefonica.comChina Mobilechengweiqiang@chinamobile.comSung Kyun Kwan Universityyounglee.tx@gmail.comAuthors' AddressesHuawei101 Software AvenueYuhua DistrictNanjingJiangsu210012Chinabill.wu@huawei.comOrangeRennes 35000Francemohamed.boucadair@orange.comTelefonica I+DSpaindiego.r.lopez@telefonica.comChina TelecomBeijingChinaxiechf@chinatelecom.cnChina Mobilegengliang@chinamobile.com