rfc8299v3.txt   rfc8299.txt 
skipping to change at page 2, line 48 skipping to change at page 2, line 48
6.2.3. Multicast Service . . . . . . . . . . . . . . . . . . 29 6.2.3. Multicast Service . . . . . . . . . . . . . . . . . . 29
6.2.4. Extranet VPNs . . . . . . . . . . . . . . . . . . . . 30 6.2.4. Extranet VPNs . . . . . . . . . . . . . . . . . . . . 30
6.3. Site Overview . . . . . . . . . . . . . . . . . . . . . . 32 6.3. Site Overview . . . . . . . . . . . . . . . . . . . . . . 32
6.3.1. Devices and Locations . . . . . . . . . . . . . . . . 33 6.3.1. Devices and Locations . . . . . . . . . . . . . . . . 33
6.3.2. Site Network Accesses . . . . . . . . . . . . . . . . 34 6.3.2. Site Network Accesses . . . . . . . . . . . . . . . . 34
6.4. Site Role . . . . . . . . . . . . . . . . . . . . . . . . 36 6.4. Site Role . . . . . . . . . . . . . . . . . . . . . . . . 36
6.5. Site Belonging to Multiple VPNs . . . . . . . . . . . . . 37 6.5. Site Belonging to Multiple VPNs . . . . . . . . . . . . . 37
6.5.1. Site VPN Flavor . . . . . . . . . . . . . . . . . . . 37 6.5.1. Site VPN Flavor . . . . . . . . . . . . . . . . . . . 37
6.5.2. Attaching a Site to a VPN . . . . . . . . . . . . . . 41 6.5.2. Attaching a Site to a VPN . . . . . . . . . . . . . . 41
6.6. Deciding Where to Connect the Site . . . . . . . . . . . 47 6.6. Deciding Where to Connect the Site . . . . . . . . . . . 47
6.6.1. Constraint: Device . . . . . . . . . . . . . . . . . 47 6.6.1. Constraint: Device . . . . . . . . . . . . . . . . . 48
6.6.2. Constraint/Parameter: Site Location . . . . . . . . . 48 6.6.2. Constraint/Parameter: Site Location . . . . . . . . . 48
6.6.3. Constraint/Parameter: Access Type . . . . . . . . . . 49 6.6.3. Constraint/Parameter: Access Type . . . . . . . . . . 49
6.6.4. Constraint: Access Diversity . . . . . . . . . . . . 50 6.6.4. Constraint: Access Diversity . . . . . . . . . . . . 50
6.6.5. Infeasible Access Placement . . . . . . . . . . . . . 59 6.6.5. Infeasible Access Placement . . . . . . . . . . . . . 60
6.6.6. Examples of Access Placement . . . . . . . . . . . . 59 6.6.6. Examples of Access Placement . . . . . . . . . . . . 60
6.6.7. Route Distinguisher and VRF Allocation . . . . . . . 80 6.6.7. Route Distinguisher and VRF Allocation . . . . . . . 82
6.7. Site Network Access Availability . . . . . . . . . . . . 81 6.7. Site Network Access Availability . . . . . . . . . . . . 83
6.8. Traffic Protection . . . . . . . . . . . . . . . . . . . 82 6.8. Traffic Protection . . . . . . . . . . . . . . . . . . . 84
6.9. Security . . . . . . . . . . . . . . . . . . . . . . . . 83 6.9. Security . . . . . . . . . . . . . . . . . . . . . . . . 85
6.9.1. Authentication . . . . . . . . . . . . . . . . . . . 83 6.9.1. Authentication . . . . . . . . . . . . . . . . . . . 85
6.9.2. Encryption . . . . . . . . . . . . . . . . . . . . . 83 6.9.2. Encryption . . . . . . . . . . . . . . . . . . . . . 85
6.10. Management . . . . . . . . . . . . . . . . . . . . . . . 84 6.10. Management . . . . . . . . . . . . . . . . . . . . . . . 86
6.11. Routing Protocols . . . . . . . . . . . . . . . . . . . . 85 6.11. Routing Protocols . . . . . . . . . . . . . . . . . . . . 87
6.11.1. Handling of Dual Stack . . . . . . . . . . . . . . . 86 6.11.1. Handling of Dual Stack . . . . . . . . . . . . . . . 88
6.11.2. LAN Directly Connected to SP Network . . . . . . . . 87 6.11.2. LAN Directly Connected to SP Network . . . . . . . . 89
6.11.3. LAN Directly Connected to SP Network with Redundancy 87 6.11.3. LAN Directly Connected to SP Network with Redundancy 89
6.11.4. Static Routing . . . . . . . . . . . . . . . . . . . 88 6.11.4. Static Routing . . . . . . . . . . . . . . . . . . . 90
6.11.5. RIP Routing . . . . . . . . . . . . . . . . . . . . 88 6.11.5. RIP Routing . . . . . . . . . . . . . . . . . . . . 90
6.11.6. OSPF Routing . . . . . . . . . . . . . . . . . . . . 89 6.11.6. OSPF Routing . . . . . . . . . . . . . . . . . . . . 91
6.11.7. BGP Routing . . . . . . . . . . . . . . . . . . . . 90 6.11.7. BGP Routing . . . . . . . . . . . . . . . . . . . . 92
6.12. Service . . . . . . . . . . . . . . . . . . . . . . . . . 92 6.12. Service . . . . . . . . . . . . . . . . . . . . . . . . . 94
6.12.1. Bandwidth . . . . . . . . . . . . . . . . . . . . . 93 6.12.1. Bandwidth . . . . . . . . . . . . . . . . . . . . . 95
6.12.2. MTU . . . . . . . . . . . . . . . . . . . . . . . . 93 6.12.2. MTU . . . . . . . . . . . . . . . . . . . . . . . . 95
6.12.3. QoS . . . . . . . . . . . . . . . . . . . . . . . . 93 6.12.3. QoS . . . . . . . . . . . . . . . . . . . . . . . . 95
6.12.4. Multicast . . . . . . . . . . . . . . . . . . . . . 102 6.12.4. Multicast . . . . . . . . . . . . . . . . . . . . . 104
6.13. Enhanced VPN Features . . . . . . . . . . . . . . . . . . 102 6.13. Enhanced VPN Features . . . . . . . . . . . . . . . . . . 104
6.13.1. Carriers' Carriers . . . . . . . . . . . . . . . . . 102 6.13.1. Carriers' Carriers . . . . . . . . . . . . . . . . . 104
6.14. External ID References . . . . . . . . . . . . . . . . . 104 6.14. External ID References . . . . . . . . . . . . . . . . . 106
6.15. Defining NNIs . . . . . . . . . . . . . . . . . . . . . . 104 6.15. Defining NNIs . . . . . . . . . . . . . . . . . . . . . . 106
6.15.1. Defining an NNI with the Option A Flavor . . . . . . 106 6.15.1. Defining an NNI with the Option A Flavor . . . . . . 108
6.15.2. Defining an NNI with the Option B Flavor . . . . . . 109 6.15.2. Defining an NNI with the Option B Flavor . . . . . . 112
6.15.3. Defining an NNI with the Option C Flavor . . . . . . 112 6.15.3. Defining an NNI with the Option C Flavor . . . . . . 114
7. Service Model Usage Example . . . . . . . . . . . . . . . . . 113 7. Service Model Usage Example . . . . . . . . . . . . . . . . . 116
8. Interaction with Other YANG Models . . . . . . . . . . . . . 119 8. Interaction with Other YANG Models . . . . . . . . . . . . . 122
9. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 124 9. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 127
10. Security Considerations . . . . . . . . . . . . . . . . . . . 183 10. Security Considerations . . . . . . . . . . . . . . . . . . . 186
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 183 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 187
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 184 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 187
12.1. Normative References . . . . . . . . . . . . . . . . . . 184 12.1. Normative References . . . . . . . . . . . . . . . . . . 187
12.2. Informative References . . . . . . . . . . . . . . . . . 185 12.2. Informative References . . . . . . . . . . . . . . . . . 189
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 186 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 189
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 186 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 190
1. Introduction 1. Introduction
This document defines a Layer 3 VPN service data model written in This document defines a Layer 3 VPN service data model written in
YANG. The model defines service configuration elements that can be YANG. The model defines service configuration elements that can be
used in communication protocols between customers and network used in communication protocols between customers and network
operators. Those elements can also be used as input to automated operators. Those elements can also be used as input to automated
control and configuration applications. control and configuration applications.
This document obsoletes [RFC8049]; it creates a new module with the This document obsoletes [RFC8049]; it creates a new module with the
skipping to change at page 7, line 7 skipping to change at page 7, line 7
o Modify description for svc-input-bandwidth leaf and svc-output- o Modify description for svc-input-bandwidth leaf and svc-output-
bandwidth leaf to make it consistent with the text in bandwidth leaf to make it consistent with the text in
Section 6.12.1. Section 6.12.1.
o Clarify the rational of the model in the Section 5. o Clarify the rational of the model in the Section 5.
o Add text to clarify the way to achieve Per-VPN QoS policy. o Add text to clarify the way to achieve Per-VPN QoS policy.
1.4.1. Implementation Issues with RFC 8049 1.4.1. Implementation Issues with RFC 8049
[RFC8049] made an initial attempt to define a YANG model for L3VPN [RFC8049] made an initial attempt to define a YANG data model
services. After it was published it was discovered that, while the forL3VPN services. After it was published it was discovered that,
YANG compiled it was broken from an implementation perspective. That while the YANG compiled it was broken from an implementation
is, it was impossible to build a functional implementation of the perspective. That is, it was impossible to build a functional
module. implementation of the module.
Section 1.4 provides a full list of the changes since [RFC8049]. Section 1.4 provides a full list of the changes since [RFC8049].
Some of these changes remove ambiguities from the documented YANG, Some of these changes remove ambiguities from the documented YANG,
while other changes fix the implementation issues. while other changes fix the implementation issues.
1. Several uses of 'must' expressions in the module were broken 1. Several uses of 'must' expressions in the module were broken
badly enough that the module was not usable in the form it was badly enough that the module was not usable in the form it was
published. While some compilers and YANG checkers found no published. While some compilers and YANG checkers found no
issues (most YANG tools do not attempt to parse these issues (most YANG tools do not attempt to parse these
expressions), other tools that really understand the XPATH in the expressions), other tools that really understand the XPATH in the
skipping to change at page 15, line 38 skipping to change at page 15, line 38
| | | | | | inet:ipv6-prefix | | | | | | inet:ipv6-prefix
| | | | | +--rw ipv4-dst-prefix? | | | | | +--rw ipv4-dst-prefix?
| | | | | | inet:ipv4-prefix | | | | | | inet:ipv4-prefix
| | | | | +--rw ipv6-dst-prefix? | | | | | +--rw ipv6-dst-prefix?
| | | | | | inet:ipv6-prefix | | | | | | inet:ipv6-prefix
| | | | | +--rw l4-src-port? | | | | | +--rw l4-src-port?
| | | | | | inet:port-number | | | | | | inet:port-number
| | | | | +--rw target-sites* svc-id | | | | | +--rw target-sites* svc-id
| | | | | | {target-sites}? | | | | | | {target-sites}?
| | | | | +--rw l4-src-port-range | | | | | +--rw l4-src-port-range
| | | | | | +--rw lower-port? inet:port-number | | | | | | +--rw lower-port? inet:port-number
| | | | | | +--rw upper-port? inet:port-number | | | | | | +--rw upper-port? inet:port-number
| | | | | +--rw l4-dst-port? | | | | | +--rw l4-dst-port?
| | | | | | inet:port-number | | | | | | inet:port-number
| | | | | +--rw l4-dst-port-range | | | | | +--rw l4-dst-port-range
| | | | | | +--rw lower-port? inet:port-number | | | | | | +--rw lower-port? inet:port-number
| | | | | | +--rw upper-port? inet:port-number | | | | | | +--rw upper-port? inet:port-number
| | | | | +--rw protocol-field? union | | | | | +--rw protocol-field? union
| | | | +--:(match-application) | | | | +--:(match-application)
| | | | +--rw match-application? identityref | | | | +--rw match-application? identityref
| | | +--rw target-class-id? string | | | +--rw target-class-id? string
| | +--rw qos-profile | | +--rw qos-profile
| | +--rw (qos-profile)? | | +--rw (qos-profile)?
| | +--:(standard) | | +--:(standard)
| | | +--rw profile? leafref | | | +--rw profile? leafref
| | +--:(custom) | | +--:(custom)
| | +--rw classes {qos-custom}? | | +--rw classes {qos-custom}?
skipping to change at page 16, line 30 skipping to change at page 16, line 30
| | | +--rw (flavor)? | | | +--rw (flavor)?
| | | +--:(lowest) | | | +--:(lowest)
| | | | +--rw use-lowest-jitter? | | | | +--rw use-lowest-jitter?
| | | | empty | | | | empty
| | | +--:(boundary) | | | +--:(boundary)
| | | +--rw latency-boundary? | | | +--rw latency-boundary?
| | | uint32 | | | uint32
| | +--rw bandwidth | | +--rw bandwidth
| | +--rw guaranteed-bw-percent | | +--rw guaranteed-bw-percent
| | | decimal64 | | | decimal64
| | +--rw end-to-end? empty | | +--rw end-to-end? empty
| +--rw carrierscarrier {carrierscarrier}? | +--rw carrierscarrier {carrierscarrier}?
| | +--rw signalling-type? enumeration | | +--rw signalling-type? enumeration
| +--rw multicast {multicast}? | +--rw multicast {multicast}?
| +--rw multicast-site-type? enumeration | +--rw multicast-site-type? enumeration
| +--rw multicast-address-family | +--rw multicast-address-family
| | +--rw ipv4? boolean {ipv4}? | | +--rw ipv4? boolean {ipv4}?
| | +--rw ipv6? boolean {ipv6}? | | +--rw ipv6? boolean {ipv6}?
| +--rw protocol-type? enumeration | +--rw protocol-type? enumeration
+--rw traffic-protection {fast-reroute}? +--rw traffic-protection {fast-reroute}?
| +--rw enabled? boolean | +--rw enabled? boolean
skipping to change at page 20, line 8 skipping to change at page 20, line 8
| +--rw svc-mtu uint16 | +--rw svc-mtu uint16
| +--rw qos {qos}? | +--rw qos {qos}?
| | +--rw qos-classification-policy | | +--rw qos-classification-policy
| | | +--rw rule* [id] | | | +--rw rule* [id]
| | | +--rw id string | | | +--rw id string
| | | +--rw (match-type)? | | | +--rw (match-type)?
| | | | +--:(match-flow) | | | | +--:(match-flow)
| | | | | +--rw match-flow | | | | | +--rw match-flow
| | | | | +--rw dscp? | | | | | +--rw dscp?
| | | | | | inet:dscp | | | | | | inet:dscp
| | | | | +--rw dot1p? uint8 | | | | | +--rw dot1p? uint8
| | | | | +--rw ipv4-src-prefix? | | | | | +--rw ipv4-src-prefix?
| | | | | | inet:ipv4-prefix | | | | | | inet:ipv4-prefix
| | | | | +--rw ipv6-src-prefix? | | | | | +--rw ipv6-src-prefix?
| | | | | | inet:ipv6-prefix | | | | | | inet:ipv6-prefix
| | | | | +--rw ipv4-dst-prefix? | | | | | +--rw ipv4-dst-prefix?
| | | | | | inet:ipv4-prefix | | | | | | inet:ipv4-prefix
| | | | | +--rw ipv6-dst-prefix? | | | | | +--rw ipv6-dst-prefix?
| | | | | | inet:ipv6-prefix | | | | | | inet:ipv6-prefix
| | | | | +--rw l4-src-port? | | | | | +--rw l4-src-port?
| | | | | | inet:port-number | | | | | | inet:port-number
| | | | | +--rw target-sites* svc-id | | | | | +--rw target-sites* svc-id
| | | | | | {target-sites}? | | | | | | {target-sites}?
| | | | | +--rw l4-src-port-range | | | | | +--rw l4-src-port-range
| | | | | | +--rw lower-port? | | | | | | +--rw lower-port?
| | | | | | | inet:port-number | | | | | | | inet:port-number
| | | | | | +--rw upper-port? | | | | | | +--rw upper-port?
| | | | | | inet:port-number | | | | | | inet:port-number
| | | | | +--rw l4-dst-port? | | | | | +--rw l4-dst-port?
| | | | | | inet:port-number | | | | | | inet:port-number
| | | | | +--rw l4-dst-port-range | | | | | +--rw l4-dst-port-range
| | | | | | +--rw lower-port? | | | | | | +--rw lower-port?
| | | | | | | inet:port-number | | | | | | | inet:port-number
| | | | | | +--rw upper-port? | | | | | | +--rw upper-port?
| | | | | | inet:port-number | | | | | | inet:port-number
| | | | | +--rw protocol-field? union | | | | | +--rw protocol-field? union
| | | | +--:(match-application) | | | | +--:(match-application)
| | | | +--rw match-application? | | | | +--rw match-application?
| | | | identityref | | | | identityref
| | | +--rw target-class-id? string | | | +--rw target-class-id? string
| | +--rw qos-profile | | +--rw qos-profile
| | +--rw (qos-profile)? | | +--rw (qos-profile)?
| | +--:(standard) | | +--:(standard)
| | | +--rw profile? leafref | | | +--rw profile? leafref
| | +--:(custom) | | +--:(custom)
| | +--rw classes {qos-custom}? | | +--rw classes {qos-custom}?
| | +--rw class* [class-id] | | +--rw class* [class-id]
| | +--rw class-id string | | +--rw class-id string
| | +--rw direction? identityref | | +--rw direction? identityref
| | +--rw rate-limit? decimal64 | | +--rw rate-limit? decimal64
| | +--rw latency | | +--rw latency
| | | +--rw (flavor)? | | | +-rw (flavor)?
| | | +--:(lowest) | | | +--:(lowest)
| | | | +--rw use-lowest-latency? | | | | +--rw use-lowest-latency?
| | | | empty | | | | empty
| | | +--:(boundary) | | | +--:(boundary)
| | | +--rw latency-boundary? | | | +--rw latency-boundary?
| | | uint16 | | | uint16
| | +--rw jitter | | +--rw jitter
| | | +--rw (flavor)? | | | +-rw (flavor)?
| | | +--:(lowest) | | | +--:(lowest)
| | | | +--rw use-lowest-jitter? | | | | +--rw use-lowest-jitter?
| | | | empty | | | | empty
| | | +--:(boundary) | | | +--:(boundary)
| | | +--rw latency-boundary? | | | +--rw latency-boundary?
| | | uint32 | | | uint32
| | +--rw bandwidth | | +--rw bandwidth
| | +--rw guaranteed-bw-percent | | +--rw guaranteed-bw-percent
| | | decimal64 | | | decimal64
| | +--rw end-to-end? | | +--rw end-to-end?
| | empty | | empty
| +--rw carrierscarrier {carrierscarrier}? | +--rw carrierscarrier {carrierscarrier}?
| | +--rw signalling-type? enumeration | | +--rw signalling-type? enumeration
| +--rw multicast {multicast}? | +--rw multicast {multicast}?
| +--rw multicast-site-type? enumeration | +--rw multicast-site-type? enumeration
skipping to change at page 22, line 32 skipping to change at page 22, line 32
The model defined in this document implements many features that The model defined in this document implements many features that
allow implementations to be modular. As an example, an allow implementations to be modular. As an example, an
implementation may support only IPv4 VPNs (IPv4 feature), IPv6 VPNs implementation may support only IPv4 VPNs (IPv4 feature), IPv6 VPNs
(IPv6 feature), or both (by advertising both features). The routing (IPv6 feature), or both (by advertising both features). The routing
protocols proposed to the customer may also be enabled through protocols proposed to the customer may also be enabled through
features. This model also defines some features for options that are features. This model also defines some features for options that are
more advanced, such as support for extranet VPNs (Section 6.2.4), more advanced, such as support for extranet VPNs (Section 6.2.4),
site diversity (Section 6.6), and QoS (Section 6.12.3). site diversity (Section 6.6), and QoS (Section 6.12.3).
In addition, as for any YANG model, this service model can be In addition, as for any YANG data model, this service model can be
augmented to implement new behaviors or specific features. For augmented to implement new behaviors or specific features. For
example, this model uses different options for IP address example, this model uses different options for IP address
assignments; if those options do not fulfill all requirements, new assignments; if those options do not fulfill all requirements, new
options can be added through augmentation. options can be added through augmentation.
6.2. VPN Service Overview 6.2. VPN Service Overview
A vpn-service list item contains generic information about the VPN A vpn-service list item contains generic information about the VPN
service. The "vpn-id" provided in the vpn-service list refers to an service. The "vpn-id" provided in the vpn-service list refers to an
internal reference for this VPN service, while the customer name internal reference for this VPN service, while the customer name
skipping to change at page 41, line 28 skipping to change at page 41, line 28
6.5.2.1. Referencing a VPN 6.5.2.1. Referencing a VPN
Referencing a vpn-id provides an easy way to attach a particular Referencing a vpn-id provides an easy way to attach a particular
logical access to a VPN. This is the best way in the case of a logical access to a VPN. This is the best way in the case of a
single VPN attachment or subVPN with a single VPN attachment per single VPN attachment or subVPN with a single VPN attachment per
logical access. When referencing a vpn-id, the site-role setting logical access. When referencing a vpn-id, the site-role setting
must be added to express the role of the site in the target VPN must be added to express the role of the site in the target VPN
service topology. service topology.
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPNA</vpn-id> <vpn-id>VPNA</vpn-id>
</vpn-service> </vpn-service>
<vpn-service> <vpn-service>
<vpn-id>VPNB</vpn-id> <vpn-id>VPNB</vpn-id>
</vpn-service> </vpn-service>
</vpn-services> </vpn-services>
<sites> <sites>
<site> <site>
<site-id>SITE1</site-id> <site-id>SITE1</site-id>
<locations> <locations>
<location> <location>
<location-id>L1</location-id> <location-id>L1</location-id>
</location> </location>
</locations> </locations>
<management> <management>
<type>customer-managed</type> <type>customer-managed</type>
</management> </management>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<site-network-accesses> <site-network-accesses>
<site-network-access> <site-network-access>
<site-network-access-id>LA1</site-network-access-id> <site-network-access-id>LA1</site-network-access-id>
<ip-connection> <ip-connection>
<ipv4> <ipv4>
<address-allocation-type>provider-dhcp</address-allocation-type> <address-allocation-type>
</ipv4> provider-dhcp
<ipv6> </address-allocation-type>
<address-allocation-type>provider-dhcp</address-allocation-type> </ipv4>
</ipv6> <ipv6>
</ip-connection> <address-allocation-type>
<service> provider-dhcp
<svc-mtu>1514</svc-mtu> </address-allocation-type>
<svc-input-bandwidth>10000000</svc-input-bandwidth> </ipv6>
<svc-output-bandwidth>10000000</svc-output-bandwidth> </ip-connection>
</service> <service>
<security> <svc-mtu>1514</svc-mtu>
<encryption> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<layer>layer3</layer> <svc-output-bandwidth>10000000</svc-output-bandwidth>
</encryption> </service>
</security> <security>
<location-reference>L1</location-reference> <encryption>
<vpn-attachment> <layer>layer3</layer>
<vpn-id>VPNA</vpn-id> </encryption>
<site-role>spoke-role</site-role> </security>
</vpn-attachment> <location-reference>L1</location-reference>
</site-network-access> <vpn-attachment>
<site-network-access> <vpn-id>VPNA</vpn-id>
<site-network-access-id>LA2</site-network-access-id> <site-role>spoke-role</site-role>
<ip-connection> </vpn-attachment>
<ipv4> </site-network-access>
<address-allocation-type>provider-dhcp</address-allocation-type> <site-network-access>
</ipv4> <site-network-access-id>LA2</site-network-access-id>
<ipv6> <ip-connection>
<address-allocation-type>provider-dhcp</address-allocation-type> <ipv4>
</ipv6> <address-allocation-type>
</ip-connection> provider-dhcp
<service> </address-allocation-type>
<svc-mtu>1514</svc-mtu> </ipv4>
<svc-input-bandwidth>10000000</svc-input-bandwidth> <ipv6>
<svc-output-bandwidth>10000000</svc-output-bandwidth> <address-allocation-type>
</service> provider-dhcp
<security> </address-allocation-type>
<encryption> </ipv6>
<layer>layer3</layer> </ip-connection>
</encryption> <service>
</security> <svc-mtu>1514</svc-mtu>
<location-reference>L1</location-reference> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<vpn-attachment> <svc-output-bandwidth>10000000</svc-output-bandwidth>
<vpn-id>VPNB</vpn-id> </service>
<site-role>spoke-role</site-role> <security>
</vpn-attachment> <encryption>
</site-network-access> <layer>layer3</layer>
</site-network-accesses> </encryption>
</site> </security>
</sites> <location-reference>L1</location-reference>
</l3vpn-svc> <vpn-attachment>
<vpn-id>VPNB</vpn-id>
<site-role>spoke-role</site-role>
</vpn-attachment>
</site-network-access>
</site-network-accesses>
</site>
</sites>
</l3vpn-svc>
The example of a corresponding XML snippet above describes a subVPN The example of a corresponding XML snippet above describes a subVPN
case where a site (SITE1) has two logical accesses (LA1 and LA2), case where a site (SITE1) has two logical accesses (LA1 and LA2),
with LA1 attached to VPNA and LA2 attached to VPNB. with LA1 attached to VPNA and LA2 attached to VPNB.
6.5.2.2. VPN Policy 6.5.2.2. VPN Policy
The "vpn-policy" list helps express a multiVPN scenario where a The "vpn-policy" list helps express a multiVPN scenario where a
logical access belongs to multiple VPNs. Multiple VPN policies can logical access belongs to multiple VPNs. Multiple VPN policies can
be created to handle the subVPN case where each logical access is be created to handle the subVPN case where each logical access is
skipping to change at page 44, line 9 skipping to change at page 44, line 25
| | | | | |
| (VPN3) | | | (VPN3) | |
+------------------------------------------------------------+ | +------------------------------------------------------------+ |
| | | |
+---------------------------+ +---------------------------+
In the example above, Site5 is part of two VPNs: VPN3 and VPN2. It In the example above, Site5 is part of two VPNs: VPN3 and VPN2. It
will play a Hub role in VPN2 and an any-to-any role in VPN3. We can will play a Hub role in VPN2 and an any-to-any role in VPN3. We can
express such a multiVPN scenario with the following XML snippet: express such a multiVPN scenario with the following XML snippet:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPN2</vpn-id> <vpn-id>VPN2</vpn-id>
</vpn-service> </vpn-service>
<vpn-service> <vpn-service>
<vpn-id>VPN3</vpn-id> <vpn-id>VPN3</vpn-id>
</vpn-service> </vpn-service>
</vpn-services> </vpn-services>
<sites> <sites>
<site> <site>
<site-id>Site5</site-id> <site-id>Site5</site-id>
<devices> <devices>
<device> <device>
<device-id>D1</device-id> <device-id>D1</device-id>
</device> </device>
</devices> </devices>
<management> <management>
<type>provider-managed</type> <type>provider-managed</type>
</management> </management>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<vpn-policies> <vpn-policies>
<vpn-policy> <vpn-policy>
<vpn-policy-id>POLICY1</vpn-policy-id> <vpn-policy-id>POLICY1</vpn-policy-id>
<entries> <entries>
<id>ENTRY1</id> <id>ENTRY1</id>
<vpn> <vpn>
<vpn-id>VPN2</vpn-id> <vpn-id>VPN2</vpn-id>
<site-role>hub-role</site-role> <site-role>hub-role</site-role>
</vpn> </vpn>
</entries> </entries>
<entries> <entries>
<id>ENTRY2</id> <id>ENTRY2</id>
<vpn> <vpn>
<vpn-id>VPN3</vpn-id> <vpn-id>VPN3</vpn-id>
<site-role>any-to-any-role</site-role> <site-role>any-to-any-role</site-role>
</vpn> </vpn>
</entries> </entries>
</vpn-policy> </vpn-policy>
</vpn-policies>
<site-network-accesses>
<site-network-access>
<site-network-access-id>LA1</site-network-access-id>
<device-reference>D1</device-reference>
<ip-connection>
<ipv4>
<address-allocation-type>
provider-dhcp
</address-allocation-type>
</ipv4>
<ipv6>
<address-allocation-type>
provider-dhcp
</address-allocation-type>
</ipv6>
</ip-connection>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<vpn-attachment>
<vpn-policy-id>POLICY1</vpn-policy-id>
</vpn-attachment>
</site-network-access>
</vpn-policies> </site-network-accesses>
<site-network-accesses> </site>
<site-network-access> </sites>
<site-network-access-id>LA1</site-network-access-id> </l3vpn-svc>
<device-reference>D1</device-reference>
<ip-connection>
<ipv4>
<address-allocation-type>provider-dhcp</address-allocation-type>
</ipv4>
<ipv6>
<address-allocation-type>provider-dhcp</address-allocation-type>
</ipv6>
</ip-connection>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<vpn-attachment>
<vpn-policy-id>POLICY1</vpn-policy-id>
</vpn-attachment>
</site-network-access>
</site-network-accesses>
</site>
</sites>
</l3vpn-svc>
Now, if a more-granular VPN attachment is necessary, filtering can be Now, if a more-granular VPN attachment is necessary, filtering can be
used. For example, if only LAN1 from Site5 must be attached to VPN2 used. For example, if only LAN1 from Site5 must be attached to VPN2
as a Hub and only LAN2 must be attached to VPN3, the following XML as a Hub and only LAN2 must be attached to VPN3, the following XML
snippet can be used: snippet can be used:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
skipping to change at page 51, line 30 skipping to change at page 52, line 4
same PE as the targeted site-network-accesses. same PE as the targeted site-network-accesses.
o same-bearer: The current site-network-access MUST be connected o same-bearer: The current site-network-access MUST be connected
using the same bearer as the targeted site-network-accesses. using the same bearer as the targeted site-network-accesses.
These constraint-types can be extended through augmentation. These constraint-types can be extended through augmentation.
Each constraint is expressed as "The site-network-access S must be Each constraint is expressed as "The site-network-access S must be
<constraint-type> (e.g., pe-diverse, pop-diverse) from these <target> <constraint-type> (e.g., pe-diverse, pop-diverse) from these <target>
site-network-accesses." site-network-accesses."
The group-id used to target some site-network-accesses may be the The group-id used to target some site-network-accesses may be the
same as the one used by the current site-network-access. This eases same as the one used by the current site-network-access. This eases
the configuration of scenarios where a group of site-network-access the configuration of scenarios where a group of site-network-access
points has a constraint between the access points in the group. As points has a constraint between the access points in the group. As
an example, if we want a set of sites (Site#1 to Site#5) to be an example, if we want a set of sites (Site#1 to Site#5) to be
connected on different PEs, we can tag them with the same group-id connected on different PEs, we can tag them with the same group-id
and express a pe-diverse constraint for this group-id with the and express a pe-diverse constraint for this group-id with the
following XML snippet: following XML snippet:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPNA</vpn-id> <vpn-id>VPNA</vpn-id>
</vpn-service> </vpn-service>
</vpn-services> </vpn-services>
<sites> <sites>
<site> <site>
<site-id>SITE1</site-id> <site-id>SITE1</site-id>
<locations> <locations>
<location> <location>
<location-id>L1</location-id> <location-id>L1</location-id>
</location>
</location> </locations>
</locations> <management>
<management> <type>customer-managed</type>
<type>customer-managed</type> </management>
</management> <site-network-accesses>
<site-network-accesses> <site-network-access>
<site-network-access> <site-network-access-id>1</site-network-access-id>
<site-network-access-id>1</site-network-access-id> <ip-connection>
<ip-connection> <ipv4>
<ipv4> <address-allocation-type>
<address-allocation-type>provider-dhcp</address-allocation-type> provider-dhcp
</ipv4> </address-allocation-type>
<ipv6> </ipv4>
<address-allocation-type>provider-dhcp</address-allocation-type> <ipv6>
</ipv6> <address-allocation-type>
</ip-connection> provider-dhcp
<service> </address-allocation-type>
<svc-mtu>1514</svc-mtu> </ipv6>
<svc-input-bandwidth>10000000</svc-input-bandwidth> </ip-connection>
<svc-output-bandwidth>10000000</svc-output-bandwidth> <service>
</service> <svc-mtu>1514</svc-mtu>
<security> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<encryption> <svc-output-bandwidth>10000000</svc-output-bandwidth>
<layer>layer3</layer> </service>
</encryption> <security>
</security> <encryption>
<location-reference>L1</location-reference> <layer>layer3</layer>
<access-diversity> </encryption>
<groups> </security>
<group> <location-reference>L1</location-reference>
<group-id>10</group-id> <access-diversity>
</group> <groups>
</groups> <group>
<constraints> <group-id>10</group-id>
<constraint> </group>
<constraint-type>pe-diverse</constraint-type> </groups>
<target> <constraints>
<group> <constraint>
<group-id>10</group-id> <constraint-type>pe-diverse</constraint-type>
</group> <target>
</target> <group>
</constraint> <group-id>10</group-id>
</constraints> </group>
</access-diversity> </target>
<vpn-attachment> </constraint>
<vpn-id>VPNA</vpn-id> </constraints>
<site-role>spoke-role</site-role> </access-diversity>
</vpn-attachment> <vpn-attachment>
<vpn-id>VPNA</vpn-id>
</site-network-access> <site-role>spoke-role</site-role>
</site-network-accesses> </vpn-attachment>
</site> </site-network-access>
<site> </site-network-accesses>
<site-id>SITE2</site-id> </site>
<locations> <site>
<location> <site-id>SITE2</site-id>
<location-id>L1</location-id> <locations>
</location> <location>
</locations> <location-id>L1</location-id>
<management> </location>
<type>customer-managed</type> </locations>
</management> <management>
<security> <type>customer-managed</type>
<encryption> </management>
<layer>layer3</layer> <security>
</encryption> <encryption>
</security> <layer>layer3</layer>
<site-network-accesses> </encryption>
<site-network-access> </security>
<site-network-access-id>1</site-network-access-id> <site-network-accesses>
<ip-connection> <site-network-access>
<ipv4> <site-network-access-id>1</site-network-access-id>
<address-allocation-type>provider-dhcp</address-allocation-type> <ip-connection>
</ipv4> <ipv4>
<ipv6> <address-allocation-type>
<address-allocation-type>provider-dhcp</address-allocation-type> provider-dhcp
</ipv6> </address-allocation-type>
</ip-connection> </ipv4>
<service> <ipv6>
<svc-mtu>1514</svc-mtu> <address-allocation-type>
<svc-input-bandwidth>10000000</svc-input-bandwidth> provider-dhcp
<svc-output-bandwidth>10000000</svc-output-bandwidth> </address-allocation-type>
</service> </ipv6>
<security> </ip-connection>
<encryption> <service>
<layer>layer3</layer> <svc-mtu>1514</svc-mtu>
</encryption> <svc-input-bandwidth>10000000</svc-input-bandwidth>
</security> <svc-output-bandwidth>10000000</svc-output-bandwidth>
<location-reference>L1</location-reference> </service>
<access-diversity> <security>
<groups> <encryption>
<group> <layer>layer3</layer>
<group-id>10</group-id> </encryption>
</group> </security>
</groups> <location-reference>L1</location-reference>
<constraints> <access-diversity>
<constraint> <groups>
<constraint-type>pe-diverse</constraint-type> <group>
<target> <group-id>10</group-id>
<group> </group>
<group-id>10</group-id> </groups>
</group> <constraints>
</target> <constraint>
</constraint> <constraint-type>pe-diverse</constraint-type>
</constraints> <target>
</access-diversity> <group>
<vpn-attachment> <group-id>10</group-id>
<vpn-id>VPNA</vpn-id> </group>
<site-role>spoke-role</site-role> </target>
</vpn-attachment> </constraint>
</site-network-access> </constraints>
</site-network-accesses> </access-diversity>
</site> <vpn-attachment>
... <vpn-id>VPNA</vpn-id>
<site> <site-role>spoke-role</site-role>
<site-id>SITE5</site-id> </vpn-attachment>
<locations> </site-network-access>
<location> </site-network-accesses>
<location-id>L1</location-id> </site>
</location> ...
</locations> <site>
<management> <site-id>SITE5</site-id>
<type>customer-managed</type> <locations>
</management> <location>
<security> <location-id>L1</location-id>
<encryption> </location>
<layer>layer3</layer> </locations>
</encryption> <management>
</security> <type>customer-managed</type>
<site-network-accesses> </management>
<site-network-access> <security>
<site-network-access-id>1</site-network-access-id> <encryption>
<ip-connection> <layer>layer3</layer>
<ipv4> </encryption>
<address-allocation-type>provider-dhcp</address-allocation-type> </security>
</ipv4> <site-network-accesses>
<ipv6> <site-network-access>
<address-allocation-type>provider-dhcp</address-allocation-type> <site-network-access-id>1</site-network-access-id>
</ipv6> <ip-connection>
</ip-connection> <ipv4>
<service> <address-allocation-type>
<svc-mtu>1514</svc-mtu> provider-dhcp
<svc-input-bandwidth>10000000</svc-input-bandwidth> </address-allocation-type>
<svc-output-bandwidth>10000000</svc-output-bandwidth> </ipv4>
</service> <ipv6>
<security> <address-allocation-type>
<encryption> provider-dhcp
<layer>layer3</layer> </address-allocation-type>
</encryption> </ipv6>
</security> </ip-connection>
<location-reference>L1</location-reference> <service>
<access-diversity> <svc-mtu>1514</svc-mtu>
<groups> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<group> <svc-output-bandwidth>10000000</svc-output-bandwidth>
<group-id>10</group-id> </service>
</group> <security>
</groups> <encryption>
<constraints> <layer>layer3</layer>
<constraint> </encryption>
<constraint-type>pe-diverse</constraint-type> </security>
<target> <location-reference>L1</location-reference>
<group> <access-diversity>
<group-id>10</group-id> <groups>
</group> <group>
</target> <group-id>10</group-id>
</constraint> </group>
</constraints> </groups>
</access-diversity> <constraints>
<vpn-attachment> <constraint>
<vpn-id>VPNA</vpn-id> <constraint-type>pe-diverse</constraint-type>
<site-role>spoke-role</site-role> <target>
</vpn-attachment> <group>
</site-network-access> <group-id>10</group-id>
</site-network-accesses> </group>
</site> </target>
</sites> </constraint>
</l3vpn-svc> </constraints>
</access-diversity>
<vpn-attachment>
<vpn-id>VPNA</vpn-id>
<site-role>spoke-role</site-role>
</vpn-attachment>
</site-network-access>
</site-network-accesses>
</site>
</sites>
</l3vpn-svc>
The group-id used to target some site-network-accesses may also be The group-id used to target some site-network-accesses may also be
different than the one used by the current site-network-access. This different than the one used by the current site-network-access. This
can be used to express that a group of sites has some constraints can be used to express that a group of sites has some constraints
against another group of sites, but there is no constraint within the against another group of sites, but there is no constraint within the
group. For example, we consider a set of six sites and two groups; group. For example, we consider a set of six sites and two groups;
we want to ensure that a site in the first group must be pop-diverse we want to ensure that a site in the first group must be pop-diverse
from a site in the second group. The example of a corresponding XML from a site in the second group. The example of a corresponding XML
snippet is described as follows: snippet is described as follows:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPNA</vpn-id> <vpn-id>VPNA</vpn-id>
</vpn-service>
</vpn-service> </vpn-services>
</vpn-services> <sites>
<sites> <site>
<site> <site-id>SITE1</site-id>
<site-id>SITE1</site-id> <site-network-accesses>
<site-network-accesses> <site-network-access>
<site-network-access> <site-network-access-id>1</site-network-access-id>
<site-network-access-id>1</site-network-access-id> <access-diversity>
<access-diversity> <groups>
<groups> <group>
<group> <group-id>10</group-id>
<group-id>10</group-id> </group>
</group> </groups>
</groups> <constraints>
<constraints> <constraint>
<constraint> <constraint-type>pop-diverse</constraint-type>
<constraint-type>pop-diverse</constraint-type> <target>
<target> <group>
<group> <group-id>20</group-id>
<group-id>20</group-id> </group>
</group> </target>
</target> </constraint>
</constraint> </constraints>
</constraints> </access-diversity>
</access-diversity> <vpn-attachment>
<vpn-attachment> <vpn-id>VPNA</vpn-id>
<vpn-id>VPNA</vpn-id> <site-role>spoke-role</site-role>
<site-role>spoke-role</site-role> </vpn-attachment>
</vpn-attachment> </site-network-access>
</site-network-access> </site-network-accesses>
</site-network-accesses> </site>
</site> <site>
<site> <site-id>SITE2</site-id>
<site-id>SITE2</site-id> <site-network-accesses>
<site-network-accesses> <site-network-access>
<site-network-access> <site-network-access-id>1</site-network-access-id>
<site-network-access-id>1</site-network-access-id> <access-diversity>
<access-diversity> <groups>
<groups> <group>
<group> <group-id>10</group-id>
<group-id>10</group-id> </group>
</group> </groups>
</groups> <constraints>
<constraints> <constraint>
<constraint> <constraint-type>pop-diverse</constraint-type>
<constraint-type>pop-diverse</constraint-type> <target>
<target> <group>
<group> <group-id>20</group-id>
<group-id>20</group-id> </group>
</group> </target>
</target> </constraint>
</constraint> </constraints>
</constraints> </access-diversity>
</access-diversity> <vpn-attachment>
<vpn-attachment> <vpn-id>VPNA</vpn-id>
<vpn-id>VPNA</vpn-id> <site-role>spoke-role</site-role>
<site-role>spoke-role</site-role> </vpn-attachment>
</vpn-attachment> </site-network-access>
</site-network-access> </site-network-accesses>
</site-network-accesses> </site>
</site> ...
...
<site>
<site-id>SITE5</site-id>
<site-network-accesses>
<site-network-access>
<site-network-access-id>1</site-network-access-id>
<access-diversity>
<groups>
<group>
<group-id>20</group-id>
</group>
</groups>
<constraints>
<constraint>
<constraint-type>pop-diverse</constraint-type>
<target>
<group>
<group-id>10</group-id>
</group>
</target>
</constraint>
</constraints>
</access-diversity>
<vpn-attachment>
<vpn-id>VPNA</vpn-id>
<site-role>spoke-role</site-role>
</vpn-attachment>
</site-network-access>
</site-network-accesses>
</site>
<site>
<site-id>SITE6</site-id>
<locations>
<location>
<location-id>L1</location-id>
</location>
</locations>
<management>
<type>customer-managed</type>
</management>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<site-network-accesses>
<site-network-access>
<site-network-access-id>1</site-network-access-id>
<ip-connection>
<ipv4>
<address-allocation-type>provider-dhcp</address-allocation-type>
</ipv4>
<ipv6>
<address-allocation-type>provider-dhcp</address-allocation-type>
</ipv6>
</ip-connection>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<access-diversity>
<groups>
<group>
<group-id>20</group-id>
</group>
</groups>
<constraints>
<constraint>
<constraint-type>pop-diverse</constraint-type>
<target>
<group>
<group-id>10</group-id>
</group>
</target>
</constraint>
</constraints>
</access-diversity> <site>
<vpn-attachment> <site-id>SITE5</site-id>
<vpn-id>VPNA</vpn-id> <site-network-accesses>
<site-role>spoke-role</site-role> <site-network-access>
</vpn-attachment> <site-network-access-id>1</site-network-access-id>
</site-network-access> <access-diversity>
</site-network-accesses> <groups>
</site> <group>
</sites> <group-id>20</group-id>
</l3vpn-svc> </group>
</groups>
<constraints>
<constraint>
<constraint-type>pop-diverse</constraint-type>
<target>
<group>
<group-id>10</group-id>
</group>
</target>
</constraint>
</constraints>
</access-diversity>
<vpn-attachment>
<vpn-id>VPNA</vpn-id>
<site-role>spoke-role</site-role>
</vpn-attachment>
</site-network-access>
</site-network-accesses>
</site>
<site>
<site-id>SITE6</site-id>
<locations>
<location>
<location-id>L1</location-id>
</location>
</locations>
<management>
<type>customer-managed</type>
</management>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<site-network-accesses>
<site-network-access>
<site-network-access-id>1</site-network-access-id>
<ip-connection>
<ipv4>
<address-allocation-type>
provider-dhcp
</address-allocation-type>
</ipv4>
<ipv6>
<address-allocation-type>
provider-dhcp
</address-allocation-type>
</ipv6>
</ip-connection>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<access-diversity>
<groups>
<group>
<group-id>20</group-id>
</group>
</groups>
<constraints>
<constraint>
<constraint-type>pop-diverse</constraint-type>
<target>
<group>
<group-id>10</group-id>
</group>
</target>
</constraint>
</constraints>
</access-diversity>
<vpn-attachment>
<vpn-id>VPNA</vpn-id>
<site-role>spoke-role</site-role>
</vpn-attachment>
</site-network-access>
</site-network-accesses>
</site>
</sites>
</l3vpn-svc>
6.6.5. Infeasible Access Placement 6.6.5. Infeasible Access Placement
Some infeasible access placement scenarios could be created via the Some infeasible access placement scenarios could be created via the
proposed configuration framework. Such infeasible access placement proposed configuration framework. Such infeasible access placement
scenarios could result from constraints that are too restrictive, scenarios could result from constraints that are too restrictive,
leading to infeasible access placement in the network or conflicting leading to infeasible access placement in the network or conflicting
constraints that would also lead to infeasible access placement. An constraints that would also lead to infeasible access placement. An
example of conflicting rules would be to request that site-network- example of conflicting rules would be to request that site-network-
access#1 be pe-diverse from site-network-access#2 and to request at access#1 be pe-diverse from site-network-access#2 and to request at
skipping to change at page 60, line 22 skipping to change at page 60, line 45
| | POP#2 | | POP#2
| | +---------+ | | +---------+
| | | PE4 | | | | PE4 |
| |---site-network-access#2----| PE5 | | |---site-network-access#2----| PE5 |
| | | PE6 | | | | PE6 |
| | +---------+ | | +---------+
+-------+ +-------+
This scenario can be expressed with the following XML snippet: This scenario can be expressed with the following XML snippet:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPNA</vpn-id> <vpn-id>VPNA</vpn-id>
</vpn-service> </vpn-service>
</vpn-services> </vpn-services>
<sites> <sites>
<site> <site>
<site-id>SITE1</site-id> <site-id>SITE1</site-id>
<locations> <locations>
<location> <location>
<location-id>L1</location-id> <location-id>L1</location-id>
</location> </location>
</locations> </locations>
<management> <management>
<type>customer-managed</type> <type>customer-managed</type>
</management> </management>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<site-network-accesses> <site-network-accesses>
<site-network-access> <site-network-access>
<site-network-access-id>1</site-network-access-id> <site-network-access-id>1</site-network-access-id>
<ip-connection> <ip-connection>
<ipv4> <ipv4>
<address-allocation-type>provider-dhcp</address-allocation-type> <address-allocation-type>
</ipv4> provider-dhcp
<ipv6> </address-allocation-type>
<address-allocation-type>provider-dhcp</address-allocation-type> </ipv4>
</ipv6> <ipv6>
</ip-connection> <address-allocation-type>
<service> provider-dhcp
<svc-mtu>1514</svc-mtu> </address-allocation-type>
<svc-input-bandwidth>10000000</svc-input-bandwidth> </ipv6>
<svc-output-bandwidth>10000000</svc-output-bandwidth> </ip-connection>
</service> <service>
<security> <svc-mtu>1514</svc-mtu>
<encryption> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<layer>layer3</layer> <svc-output-bandwidth>10000000</svc-output-bandwidth>
</encryption> </service>
</security> <security>
<location-reference>L1</location-reference> <encryption>
<access-diversity> <layer>layer3</layer>
<groups> </encryption>
<group> </security>
<group-id>10</group-id> <location-reference>L1</location-reference>
</group> <access-diversity>
</groups> <groups>
<constraints> <group>
<constraint> <group-id>10</group-id>
<constraint-type>pop-diverse</constraint-type> </group>
<target> </groups>
<group> <constraints>
<group-id>20</group-id> <constraint>
</group> <constraint-type>pop-diverse</constraint-type>
</target> <target>
</constraint> <group>
</constraints> <group-id>20</group-id>
</access-diversity> </group>
<vpn-attachment> </target>
<vpn-id>VPNA</vpn-id> </constraint>
<site-role>spoke-role</site-role> </constraints>
</vpn-attachment> </access-diversity>
</site-network-access> <vpn-attachment>
<site-network-access> <vpn-id>VPNA</vpn-id>
<site-network-access-id>2</site-network-access-id> <site-role>spoke-role</site-role>
<ip-connection> </vpn-attachment>
<ipv4> </site-network-access>
<address-allocation-type>provider-dhcp</address-allocation-type> <site-network-access>
</ipv4> <site-network-access-id>2</site-network-access-id>
<ipv6> <ip-connection>
<address-allocation-type>provider-dhcp</address-allocation-type> <ipv4>
</ipv6> <address-allocation-type>
</ip-connection> provider-dhcp
<service> </address-allocation-type>
<svc-mtu>1514</svc-mtu> </ipv4>
<svc-input-bandwidth>10000000</svc-input-bandwidth> <ipv6>
<svc-output-bandwidth>10000000</svc-output-bandwidth> <address-allocation-type>
</service> provider-dhcp
<security> </address-allocation-type>
<encryption> </ipv6>
<layer>layer3</layer> </ip-connection>
</encryption> <service>
</security> <svc-mtu>1514</svc-mtu>
<location-reference>L1</location-reference> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<access-diversity> <svc-output-bandwidth>10000000</svc-output-bandwidth>
<groups> </service>
<group> <security>
<group-id>20</group-id> <encryption>
</group> <layer>layer3</layer>
</groups> </encryption>
<constraints> </security>
<constraint> <location-reference>L1</location-reference>
<constraint-type>pop-diverse</constraint-type> <access-diversity>
<target> <groups>
<group> <group>
<group-id>10</group-id> <group-id>20</group-id>
</group> </group>
</target> </groups>
</constraint> <constraints>
</constraints> <constraint>
</access-diversity> <constraint-type>pop-diverse</constraint-type>
<vpn-attachment> <target>
<vpn-id>VPNA</vpn-id> <group>
<site-role>spoke-role</site-role> <group-id>10</group-id>
</vpn-attachment> </group>
</site-network-access> </target>
</site-network-accesses> </constraint>
</site> </constraints>
</sites> </access-diversity>
</l3vpn-svc> <vpn-attachment>
<vpn-id>VPNA</vpn-id>
<site-role>spoke-role</site-role>
</vpn-attachment>
</site-network-access>
</site-network-accesses>
</site>
</sites>
</l3vpn-svc>
But it can also be expressed with the following XML snippet: But it can also be expressed with the following XML snippet:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPNA</vpn-id> <vpn-id>VPNA</vpn-id>
</vpn-service> </vpn-service>
</vpn-services> </vpn-services>
skipping to change at page 64, line 37 skipping to change at page 65, line 32
o We need to create two groups of sites: Group#10, which is composed o We need to create two groups of sites: Group#10, which is composed
of Office#1, Office#2, and Office#3; and Group#20, which is of Office#1, Office#2, and Office#3; and Group#20, which is
composed of Office#4, Office#5, and Office#6. composed of Office#4, Office#5, and Office#6.
o Sites within Group#10 must be pop-diverse from sites within o Sites within Group#10 must be pop-diverse from sites within
Group#20, and vice versa. Group#20, and vice versa.
o Sites within Group#10 must be linecard-diverse from other sites in o Sites within Group#10 must be linecard-diverse from other sites in
Group#10 (same for Group#20). Group#10 (same for Group#20).
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPNA</vpn-id> <vpn-id>VPNA</vpn-id>
</vpn-service> </vpn-service>
</vpn-services> </vpn-services>
<sites> <sites>
<site> <site>
<site-id>Office1</site-id> <site-id>Office1</site-id>
<locations> <locations>
<location> <location>
<location-id>L1</location-id> <location-id>L1</location-id>
</location> </location>
</locations> </locations>
<management> <management>
<type>customer-managed</type> <type>customer-managed</type>
</management> </management>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<site-network-accesses>
<site-network-access>
<site-network-access-id>1</site-network-access-id>
<ip-connection>
<ipv4>
<address-allocation-type>provider-dhcp</address-allocation-type>
</ipv4>
<ipv6>
<address-allocation-type>provider-dhcp</address-allocation-type>
</ipv6>
</ip-connection>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<location-reference>L1</location-reference> <site-network-accesses>
<access-diversity> <site-network-access>
<groups> <site-network-access-id>1</site-network-access-id>
<group> <ip-connection>
<group-id>10</group-id> <ipv4>
</group> <address-allocation-type>
</groups> provider-dhcp
<constraints> </address-allocation-type>
<constraint> </ipv4>
<constraint-type>pop-diverse</constraint-type> <ipv6>
<target> <address-allocation-type>
<group> provider-dhcp
<group-id>20</group-id> </address-allocation-type>
</group> </ipv6>
</target> </ip-connection>
</constraint> <service>
<constraint> <svc-mtu>1514</svc-mtu>
<constraint-type>linecard-diverse</constraint-type> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<target> <svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<access-diversity>
<groups>
<group> <group>
<group-id>10</group-id> <group-id>10</group-id>
</group> </group>
</target> </groups>
</constraint> <constraints>
</constraints> <constraint>
</access-diversity> <constraint-type>pop-diverse</constraint-type>
<vpn-attachment> <target>
<vpn-id>VPNA</vpn-id> <group>
<site-role>spoke-role</site-role> <group-id>20</group-id>
</vpn-attachment> </group>
</site-network-access> </target>
</site-network-accesses> </constraint>
</site> <constraint>
<site> <constraint-type>linecard-diverse</constraint-type>
<site-id>Office2</site-id> <target>
<locations> <group>
<location> <group-id>10</group-id>
<location-id>L1</location-id> </group>
</location> </target>
</locations> </constraint>
<management> </constraints>
<type>customer-managed</type> </access-diversity>
</management> <vpn-attachment>
<security> <vpn-id>VPNA</vpn-id>
<encryption> <site-role>spoke-role</site-role>
<layer>layer3</layer> </vpn-attachment>
</encryption> </site-network-access>
</security> </site-network-accesses>
<site-network-accesses> </site>
<site-network-access> <site>
<site-network-access-id>1</site-network-access-id> <site-id>Office2</site-id>
<ip-connection> <locations>
<ipv4> <location>
<address-allocation-type>provider-dhcp</address-allocation-type> <location-id>L1</location-id>
</ipv4> </location>
<ipv6> </locations>
<address-allocation-type>provider-dhcp</address-allocation-type> <management>
</ipv6> <type>customer-managed</type>
</ip-connection> </management>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<location-reference>L1</location-reference> <site-network-accesses>
<access-diversity> <site-network-access>
<groups> <site-network-access-id>1</site-network-access-id>
<group> <ip-connection>
<group-id>10</group-id> <ipv4>
</group> <address-allocation-type>
</groups> provider-dhcp
<constraints> </address-allocation-type>
<constraint> </ipv4>
<constraint-type>pop-diverse</constraint-type> <ipv6>
<target> <address-allocation-type>
<group> provider-dhcp
<group-id>20</group-id> </address-allocation-type>
</group> </ipv6>
</target> </ip-connection>
</constraint> <service>
<constraint> <svc-mtu>1514</svc-mtu>
<constraint-type>linecard-diverse</constraint-type> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<target> <svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<access-diversity>
<groups>
<group> <group>
<group-id>10</group-id> <group-id>10</group-id>
</group> </group>
</target> </groups>
</constraint> <constraints>
</constraints> <constraint>
</access-diversity> <constraint-type>pop-diverse</constraint-type>
<vpn-attachment> <target>
<vpn-id>VPNA</vpn-id> <group>
<site-role>spoke-role</site-role> <group-id>20</group-id>
</vpn-attachment> </group>
</site-network-access> </target>
</site-network-accesses> </constraint>
</site> <constraint>
<site> <constraint-type>linecard-diverse</constraint-type>
<site-id>Office3</site-id> <target>
<locations> <group>
<location> <group-id>10</group-id>
<location-id>L1</location-id> </group>
</location> </target>
</locations> </constraint>
<management> </constraints>
<type>customer-managed</type> </access-diversity>
</management> <vpn-attachment>
<security> <vpn-id>VPNA</vpn-id>
<encryption> <site-role>spoke-role</site-role>
<layer>layer3</layer> </vpn-attachment>
</site-network-access>
</encryption> </site-network-accesses>
</security> </site>
<site-network-accesses> <site>
<site-network-access> <site-id>Office3</site-id>
<site-network-access-id>1</site-network-access-id> <locations>
<ip-connection> <location>
<ipv4> <location-id>L1</location-id>
<address-allocation-type>provider-dhcp</address-allocation-type> </location>
</ipv4> </locations>
<ipv6> <management>
<address-allocation-type>provider-dhcp</address-allocation-type> <type>customer-managed</type>
</ipv6> </management>
</ip-connection>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<location-reference>L1</location-reference> <site-network-accesses>
<access-diversity> <site-network-access>
<groups> <site-network-access-id>1</site-network-access-id>
<group> <ip-connection>
<group-id>10</group-id> <ipv4>
</group> <address-allocation-type>
</groups> provider-dhcp
<constraints> </address-allocation-type>
<constraint> </ipv4>
<constraint-type>pop-diverse</constraint-type> <ipv6>
<target> <address-allocation-type>
<group> provider-dhcp
<group-id>20</group-id> </address-allocation-type>
</group> </ipv6>
</target> </ip-connection>
</constraint> <service>
<constraint> <svc-mtu>1514</svc-mtu>
<constraint-type>linecard-diverse</constraint-type> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<target> <svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<access-diversity>
<groups>
<group> <group>
<group-id>10</group-id> <group-id>10</group-id>
</group> </group>
</target> </groups>
</constraint> <constraints>
</constraints> <constraint>
<constraint-type>pop-diverse</constraint-type>
</access-diversity> <target>
<vpn-attachment> <group>
<vpn-id>VPNA</vpn-id> <group-id>20</group-id>
<site-role>spoke-role</site-role> </group>
</vpn-attachment> </target>
</site-network-access> </constraint>
</site-network-accesses> <constraint>
</site> <constraint-type>linecard-diverse</constraint-type>
<site> <target>
<site-id>Office4</site-id> <group>
<locations> <group-id>10</group-id>
<location> </group>
<location-id>L1</location-id> </target>
</location> </constraint>
</locations> </constraints>
<management> </access-diversity>
<type>customer-managed</type> <vpn-attachment>
</management> <vpn-id>VPNA</vpn-id>
<security> <site-role>spoke-role</site-role>
<encryption> </vpn-attachment>
<layer>layer3</layer> </site-network-access>
</encryption> </site-network-accesses>
</security> </site>
<site-network-accesses> <site>
<site-network-access> <site-id>Office4</site-id>
<site-network-access-id>1</site-network-access-id> <locations>
<ip-connection> <location>
<ipv4> <location-id>L1</location-id>
<address-allocation-type>provider-dhcp</address-allocation-type> </location>
</ipv4> </locations>
<ipv6> <management>
<address-allocation-type>provider-dhcp</address-allocation-type> <type>customer-managed</type>
</ipv6> </management>
</ip-connection>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<location-reference>L1</location-reference> <site-network-accesses>
<access-diversity> <site-network-access>
<groups> <site-network-access-id>1</site-network-access-id>
<group> <ip-connection>
<group-id>20</group-id> <ipv4>
</group> <address-allocation-type>
</groups> provider-dhcp
<constraints> </address-allocation-type>
<constraint> </ipv4>
<constraint-type>pop-diverse</constraint-type> <ipv6>
<target> <address-allocation-type>
<group> provider-dhcp
<group-id>10</group-id> </address-allocation-type>
</group> </ipv6>
</target> </ip-connection>
</constraint> <service>
<constraint> <svc-mtu>1514</svc-mtu>
<constraint-type>linecard-diverse</constraint-type> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<target> <svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<access-diversity>
<groups>
<group> <group>
<group-id>20</group-id> <group-id>20</group-id>
</group> </group>
</target> </groups>
</constraint> <constraints>
</constraints> <constraint>
</access-diversity> <constraint-type>pop-diverse</constraint-type>
<vpn-attachment> <target>
<vpn-id>VPNA</vpn-id> <group>
<site-role>spoke-role</site-role> <group-id>10</group-id>
</vpn-attachment> </group>
</site-network-access> </target>
</site-network-accesses> </constraint>
</site> <constraint>
<site> <constraint-type>linecard-diverse</constraint-type>
<site-id>Office5</site-id> <target>
<locations> <group>
<location> <group-id>20</group-id>
<location-id>L1</location-id> </group>
</location> </target>
</locations> </constraint>
<management> </constraints>
<type>customer-managed</type> </access-diversity>
</management> <vpn-attachment>
<security> <vpn-id>VPNA</vpn-id>
<encryption> <site-role>spoke-role</site-role>
<layer>layer3</layer> </vpn-attachment>
</encryption> </site-network-access>
</security> </site-network-accesses>
<site-network-accesses> </site>
<site-network-access> <site>
<site-network-access-id>1</site-network-access-id> <site-id>Office5</site-id>
<ip-connection> <locations>
<ipv4> <location>
<address-allocation-type>provider-dhcp</address-allocation-type> <location-id>L1</location-id>
</ipv4> </location>
<ipv6> </locations>
<address-allocation-type>provider-dhcp</address-allocation-type> <management>
</ipv6> <type>customer-managed</type>
</ip-connection> </management>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<location-reference>L1</location-reference> <site-network-accesses>
<access-diversity> <site-network-access>
<groups> <site-network-access-id>1</site-network-access-id>
<group> <ip-connection>
<group-id>20</group-id> <ipv4>
</group> <address-allocation-type>
</groups> provider-dhcp
<constraints> </address-allocation-type>
<constraint> </ipv4>
<constraint-type>pop-diverse</constraint-type> <ipv6>
<target> <address-allocation-type>
<group> provider-dhcp
<group-id>10</group-id> </address-allocation-type>
</group> </ipv6>
</target> </ip-connection>
</constraint> <service>
<constraint> <svc-mtu>1514</svc-mtu>
<constraint-type>linecard-diverse</constraint-type> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<target> <svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<access-diversity>
<groups>
<group> <group>
<group-id>20</group-id> <group-id>20</group-id>
</group> </group>
</target> </groups>
</constraint> <constraints>
</constraints> <constraint>
</access-diversity> <constraint-type>pop-diverse</constraint-type>
<vpn-attachment> <target>
<vpn-id>VPNA</vpn-id> <group>
<site-role>spoke-role</site-role> <group-id>10</group-id>
</vpn-attachment> </group>
</site-network-access> </target>
</constraint>
</site-network-accesses> <constraint>
</site> <constraint-type>linecard-diverse</constraint-type>
<site> <target>
<site-id>Office6</site-id> <group>
<locations> <group-id>20</group-id>
<location> </group>
<location-id>L1</location-id> </target>
</location> </constraint>
</locations> </constraints>
<management> </access-diversity>
<type>customer-managed</type> <vpn-attachment>
</management> <vpn-id>VPNA</vpn-id>
<security> <site-role>spoke-role</site-role>
<encryption> </vpn-attachment>
<layer>layer3</layer> </site-network-access>
</encryption> </site-network-accesses>
</security> </site>
<site-network-accesses> <site>
<site-network-access> <site-id>Office6</site-id>
<site-network-access-id>1</site-network-access-id> <locations>
<ip-connection> <location>
<ipv4> <location-id>L1</location-id>
<address-allocation-type>provider-dhcp</address-allocation-type> </location>
</ipv4> </locations>
<ipv6> <management>
<address-allocation-type>provider-dhcp</address-allocation-type> <type>customer-managed</type>
</ipv6> </management>
</ip-connection>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<location-reference>L1</location-reference> <site-network-accesses>
<access-diversity> <site-network-access>
<groups> <site-network-access-id>1</site-network-access-id>
<group> <ip-connection>
<group-id>20</group-id> <ipv4>
</group> <address-allocation-type>
</groups> provider-dhcp
<constraints> </address-allocation-type>
<constraint> </ipv4>
<constraint-type>pop-diverse</constraint-type> <ipv6>
<target> <address-allocation-type>
<group> provider-dhcp
<group-id>10</group-id> </address-allocation-type>
</group> </ipv6>
</target> </ip-connection>
</constraint> <service>
<constraint> <svc-mtu>1514</svc-mtu>
<constraint-type>linecard-diverse</constraint-type> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<target> <svc-output-bandwidth>10000000</svc-output-bandwidth>
</service>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<access-diversity>
<groups>
<group> <group>
<group-id>20</group-id> <group-id>20</group-id>
</group> </group>
</target> </groups>
</constraint> <constraints>
</constraints> <constraint>
</access-diversity> <constraint-type>pop-diverse</constraint-type>
<vpn-attachment> <target>
<vpn-id>VPNA</vpn-id> <group>
<site-role>spoke-role</site-role> <group-id>10</group-id>
</vpn-attachment> </group>
</site-network-access> </target>
</site-network-accesses> </constraint>
</site> <constraint>
</sites> <constraint-type>linecard-diverse</constraint-type>
</l3vpn-svc> <target>
<group>
<group-id>20</group-id>
</group>
</target>
</constraint>
</constraints>
</access-diversity>
<vpn-attachment>
<vpn-id>VPNA</vpn-id>
<site-role>spoke-role</site-role>
</vpn-attachment>
</site-network-access>
</site-network-accesses>
</site>
</sites>
</l3vpn-svc>
6.6.6.3. Parallel Links 6.6.6.3. Parallel Links
To increase its site bandwidth at lower cost, a customer wants to To increase its site bandwidth at lower cost, a customer wants to
order two parallel site-network-accesses that will be connected to order two parallel site-network-accesses that will be connected to
the same PE. the same PE.
*******site-network-access#1********** *******site-network-access#1**********
Site 1 *******site-network-access#2********** PE1 Site 1 *******site-network-access#2********** PE1
skipping to change at page 75, line 50 skipping to change at page 77, line 37
between them. between them.
o Site-network-access#2 and site-network-access#4 will correspond to o Site-network-access#2 and site-network-access#4 will correspond to
the multihoming of subVPN C. A PE-diverse constraint is required the multihoming of subVPN C. A PE-diverse constraint is required
between them. between them.
o To ensure proper usage of the same bearer for the subVPN, site- o To ensure proper usage of the same bearer for the subVPN, site-
network-access#1 and site-network-access#2 must share the same network-access#1 and site-network-access#2 must share the same
bearer as site-network-access#3 and site-network-access#4. bearer as site-network-access#3 and site-network-access#4.
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPNB</vpn-id> <vpn-id>VPNB</vpn-id>
</vpn-service> </vpn-service>
<vpn-service> <vpn-service>
<vpn-id>VPNC</vpn-id> <vpn-id>VPNC</vpn-id>
</vpn-service> </vpn-service>
</vpn-services> </vpn-services>
<sites> <sites>
<site> <site>
<site-id>SITE1</site-id> <site-id>SITE1</site-id>
<locations> <locations>
<location> <location>
<location-id>L1</location-id> <location-id>L1</location-id>
</location> </location>
</locations> </locations>
<management> <management>
<type>customer-managed</type> <type>customer-managed</type>
</management> </management>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<site-network-accesses> <site-network-accesses>
<site-network-access> <site-network-access>
<site-network-access-id>1</site-network-access-id> <site-network-access-id>1</site-network-access-id>
<ip-connection> <ip-connection>
<ipv4> <ipv4>
<address-allocation-type>provider-dhcp</address-allocation-type> <address-allocation-type>
</ipv4> provider-dhcp
<ipv6> </address-allocation-type>
<address-allocation-type>provider-dhcp</address-allocation-type> </ipv4>
</ipv6> <ipv6>
</ip-connection> <address-allocation-type>
<service> provider-dhcp
<svc-mtu>1514</svc-mtu> </address-allocation-type>
<svc-input-bandwidth>10000000</svc-input-bandwidth> </ipv6>
<svc-output-bandwidth>10000000</svc-output-bandwidth> </ip-connection>
</service> <service>
<security> <svc-mtu>1514</svc-mtu>
<encryption> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<layer>layer3</layer> <svc-output-bandwidth>10000000</svc-output-bandwidth>
</encryption> </service>
</security> <security>
<location-reference>L1</location-reference> <encryption>
<access-diversity> <layer>layer3</layer>
<groups> </encryption>
<group> </security>
<group-id>dualhomed-1</group-id> <location-reference>L1</location-reference>
</group> <access-diversity>
</groups> <groups>
<constraints> <group>
<constraint> <group-id>dualhomed-1</group-id>
<constraint-type>pe-diverse</constraint-type> </group>
<target> </groups>
<group> <constraints>
<group-id>dualhomed-2</group-id> <constraint>
</group> <constraint-type>pe-diverse</constraint-type>
</target> <target>
</constraint> <group>
<constraint> <group-id>dualhomed-2</group-id>
<constraint-type>same-bearer</constraint-type> </group>
<target> </target>
<group> </constraint>
<group-id>dualhomed-1</group-id> <constraint>
</group> <constraint-type>same-bearer</constraint-type>
</target> <target>
</constraint> <group>
</constraints> <group-id>dualhomed-1</group-id>
</access-diversity> </group>
<vpn-attachment> </target>
<vpn-id>VPNB</vpn-id> </constraint>
<site-role>spoke-role</site-role> </constraints>
</vpn-attachment> </access-diversity>
</site-network-access> <vpn-attachment>
<site-network-access> <vpn-id>VPNB</vpn-id>
<site-network-access-id>2</site-network-access-id> <site-role>spoke-role</site-role>
<access-diversity> </vpn-attachment>
<groups> </site-network-access>
<group> <site-network-access>
<group-id>dualhomed-1</group-id> <site-network-access-id>2</site-network-access-id>
</group> <access-diversity>
</groups> <groups>
<constraints> <group>
<constraint> <group-id>dualhomed-1</group-id>
<constraint-type>pe-diverse</constraint-type> </group>
<target> </groups>
<group> <constraints>
<group-id>dualhomed-2</group-id> <constraint>
</group> <constraint-type>pe-diverse</constraint-type>
</target> <target>
</constraint> <group>
<constraint> <group-id>dualhomed-2</group-id>
<constraint-type>same-bearer</constraint-type> </group>
<target> </target>
<group> </constraint>
<group-id>dualhomed-1</group-id> <constraint>
</group> <constraint-type>same-bearer</constraint-type>
</target> <target>
</constraint> <group>
</constraints> <group-id>dualhomed-1</group-id>
</access-diversity> </group>
<vpn-attachment> </target>
<vpn-id>VPNC</vpn-id> </constraint>
<site-role>spoke-role</site-role> </constraints>
</vpn-attachment> </access-diversity>
</site-network-access> <vpn-attachment>
<site-network-access> <vpn-id>VPNC</vpn-id>
<site-network-access-id>3</site-network-access-id> <site-role>spoke-role</site-role>
<ip-connection> </vpn-attachment>
<ipv4> </site-network-access>
<address-allocation-type>provider-dhcp</address-allocation-type> <site-network-access>
</ipv4> <site-network-access-id>3</site-network-access-id>
<ipv6> <ip-connection>
<address-allocation-type>provider-dhcp</address-allocation-type> <ipv4>
</ipv6> <address-allocation-type>
</ip-connection> provider-dhcp
<service> </address-allocation-type>
<svc-mtu>1514</svc-mtu> </ipv4>
<svc-input-bandwidth>10000000</svc-input-bandwidth> <ipv6>
<svc-output-bandwidth>10000000</svc-output-bandwidth> <address-allocation-type>
</service> provider-dhcp
<security> </address-allocation-type>
<encryption> </ipv6>
<layer>layer3</layer> </ip-connection>
</encryption> <service>
</security> <svc-mtu>1514</svc-mtu>
<location-reference>L1</location-reference> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<access-diversity> <svc-output-bandwidth>10000000</svc-output-bandwidth>
<groups> </service>
<group> <security>
<group-id>dualhomed-2</group-id> <encryption>
</group> <layer>layer3</layer>
</groups> </encryption>
<constraints> </security>
<constraint> <location-reference>L1</location-reference>
<constraint-type>pe-diverse</constraint-type> <access-diversity>
<target> <groups>
<group> <group>
<group-id>dualhomed-1</group-id> <group-id>dualhomed-2</group-id>
</group> </group>
</target> </groups>
<constraints>
<constraint>
<constraint-type>pe-diverse</constraint-type>
<target>
<group>
<group-id>dualhomed-1</group-id>
</group>
</target>
</constraint>
<constraint>
<constraint-type>same-bearer</constraint-type>
<target>
<group>
<group-id>dualhomed-2</group-id>
</constraint> </group>
<constraint> </target>
<constraint-type>same-bearer</constraint-type> </constraint>
<target> </constraints>
<group> </access-diversity>
<group-id>dualhomed-2</group-id> <vpn-attachment>
</group> <vpn-id>VPNB</vpn-id>
</target> <site-role>spoke-role</site-role>
</constraint> </vpn-attachment>
</constraints> </site-network-access>
</access-diversity> <site-network-access>
<vpn-attachment> <site-network-access-id>4</site-network-access-id>
<vpn-id>VPNB</vpn-id> <ip-connection>
<site-role>spoke-role</site-role> <ipv4>
</vpn-attachment> <address-allocation-type>
</site-network-access> provider-dhcp
<site-network-access> </address-allocation-type>
<site-network-access-id>4</site-network-access-id> </ipv4>
<ip-connection> <ipv6>
<ipv4> <address-allocation-type>
<address-allocation-type>provider-dhcp</address-allocation-type> provider-dhcp
</ipv4> </address-allocation-type>
<ipv6> </ipv6>
<address-allocation-type>provider-dhcp</address-allocation-type> </ip-connection>
</ipv6> <service>
</ip-connection> <svc-mtu>1514</svc-mtu>
<service> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-mtu>1514</svc-mtu> <svc-output-bandwidth>10000000</svc-output-bandwidth>
<svc-input-bandwidth>10000000</svc-input-bandwidth> </service>
<svc-output-bandwidth>10000000</svc-output-bandwidth> <security>
</service> <encryption>
<security> <layer>layer3</layer>
<encryption> </encryption>
<layer>layer3</layer> </security>
</encryption> <location-reference>L1</location-reference>
</security> <access-diversity>
<location-reference>L1</location-reference> <groups>
<access-diversity> <group>
<groups> <group-id>dualhomed-2</group-id>
<group> </group>
<group-id>dualhomed-2</group-id> </groups>
</group> <constraints>
</groups> <constraint>
<constraints> <constraint-type>pe-diverse</constraint-type>
<constraint> <target>
<constraint-type>pe-diverse</constraint-type> <group>
<target> <group-id>dualhomed-1</group-id>
<group> </group>
<group-id>dualhomed-1</group-id>
</group> </target>
</target> </constraint>
</constraint> <constraint>
<constraint> <constraint-type>same-bearer</constraint-type>
<constraint-type>same-bearer</constraint-type> <target>
<target> <group>
<group> <group-id>dualhomed-2</group-id>
<group-id>dualhomed-2</group-id> </group>
</group> </target>
</target> </constraint>
</constraint> </constraints>
</constraints> </access-diversity>
</access-diversity> <vpn-attachment>
<vpn-attachment> <vpn-id>VPNC</vpn-id>
<vpn-id>VPNC</vpn-id> <site-role>spoke-role</site-role>
<site-role>spoke-role</site-role> </vpn-attachment>
</vpn-attachment> </site-network-access>
</site-network-access> </site-network-accesses>
</site-network-accesses> </site>
</site> </sites>
</sites> </l3vpn-svc>
</l3vpn-svc>
6.6.7. Route Distinguisher and VRF Allocation 6.6.7. Route Distinguisher and VRF Allocation
The route distinguisher (RD) is a critical parameter of PE-based The route distinguisher (RD) is a critical parameter of PE-based
L3VPNs as described in [RFC4364] that provides the ability to L3VPNs as described in [RFC4364] that provides the ability to
distinguish common addressing plans in different VPNs. As for route distinguish common addressing plans in different VPNs. As for route
targets (RTs), a management system is expected to allocate a VRF on targets (RTs), a management system is expected to allocate a VRF on
the target PE and an RD for this VRF. the target PE and an RD for this VRF.
If a VRF already exists on the target PE and the VRF fulfills the If a VRF already exists on the target PE and the VRF fulfills the
skipping to change at page 97, line 44 skipping to change at page 99, line 44
reservation) is out of scope for this document. reservation) is out of scope for this document.
In addition, due to network conditions, some constraints may not be In addition, due to network conditions, some constraints may not be
completely fulfilled by the SP; in this case, the SP should advise completely fulfilled by the SP; in this case, the SP should advise
the customer about the limitations. How this communication is done the customer about the limitations. How this communication is done
is out of scope for this document. is out of scope for this document.
Example of service configuration using a standard QoS profile with Example of service configuration using a standard QoS profile with
the following corresponding XML snippet: the following corresponding XML snippet:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-profiles> <vpn-profiles>
<valid-provider-identifiers> <valid-provider-identifiers>
<qos-profile-identifier> <qos-profile-identifier>
<id>GOLD</id> <id>GOLD</id>
</qos-profile-identifier> </qos-profile-identifier>
<qos-profile-identifier> <qos-profile-identifier>
<id>PLATINUM</id> <id>PLATINUM</id>
</qos-profile-identifier>
</valid-provider-identifiers>
</vpn-profiles>
<vpn-services>
<vpn-service>
<vpn-id>VPNA</vpn-id>
</vpn-service>
</vpn-services>
<sites>
<site>
<site-id>SITE1</site-id>
<locations>
<location>
<location-id>L1</location-id>
</location>
</locations>
<site-network-accesses>
<site-network-access>
<site-network-access-id>1245HRTFGJGJ154654</site-network-access-id>
<vpn-attachment>
<vpn-id>VPNA</vpn-id>
<site-role>spoke-role</site-role>
</vpn-attachment>
<ip-connection>
<ipv4>
<address-allocation-type>provider-dhcp</address-allocation-type>
</ipv4>
<ipv6>
<address-allocation-type>provider-dhcp</address-allocation-type>
</ipv6>
</ip-connection>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<service>
<svc-input-bandwidth>100000000</svc-input-bandwidth>
<svc-output-bandwidth>100000000</svc-output-bandwidth>
<svc-mtu>1514</svc-mtu>
<qos>
<qos-profile>
<profile>PLATINUM</profile>
</qos-profile>
</qos>
</service>
<location-reference>L1</location-reference>
</site-network-access> </qos-profile-identifier>
<site-network-access> </valid-provider-identifiers>
<site-network-access-id>555555AAAA2344</site-network-access-id> </vpn-profiles>
<vpn-attachment> <vpn-services>
<vpn-id>VPNA</vpn-id> <vpn-service>
<site-role>spoke-role</site-role> <vpn-id>VPNA</vpn-id>
</vpn-attachment> </vpn-service>
<ip-connection> </vpn-services>
<ipv4> <sites>
<address-allocation-type>provider-dhcp</address-allocation-type> <site>
</ipv4> <site-id>SITE1</site-id>
<ipv6> <locations>
<address-allocation-type>provider-dhcp</address-allocation-type> <location>
</ipv6> <location-id>L1</location-id>
</ip-connection> </location>
<security> </locations>
<encryption> <site-network-accesses>
<layer>layer3</layer> <site-network-access>
</encryption> <site-network-access-id>
</security> 1245HRTFGJGJ154654
<location-reference>L1</location-reference> </site-network-access-id>
<service> <vpn-attachment>
<svc-input-bandwidth>2000000</svc-input-bandwidth> <vpn-id>VPNA</vpn-id>
<svc-output-bandwidth>2000000</svc-output-bandwidth> <site-role>spoke-role</site-role>
<svc-mtu>1514</svc-mtu> </vpn-attachment>
<qos> <ip-connection>
<qos-profile> <ipv4>
<profile>GOLD</profile> <address-allocation-type>
</qos-profile> provider-dhcp
</qos> </address-allocation-type>
</service> </ipv4>
</site-network-access> <ipv6>
</site-network-accesses> <address-allocation-type>
</site> provider-dhcp
</sites> </address-allocation-type>
</l3vpn-svc> </ipv6>
</ip-connection>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<service>
<svc-input-bandwidth>100000000</svc-input-bandwidth>
<svc-output-bandwidth>100000000</svc-output-bandwidth>
<svc-mtu>1514</svc-mtu>
<qos>
<qos-profile>
<profile>PLATINUM</profile>
</qos-profile>
</qos>
</service>
</site-network-access>
<site-network-access>
<site-network-access-id>
555555AAAA2344
</site-network-access-id>
<vpn-attachment>
<vpn-id>VPNA</vpn-id>
<site-role>spoke-role</site-role>
</vpn-attachment>
<ip-connection>
<ipv4>
<address-allocation-type>
provider-dhcp
</address-allocation-type>
</ipv4>
<ipv6>
<address-allocation-type>
provider-dhcp
</address-allocation-type>
</ipv6>
</ip-connection>
<security>
<encryption>
<layer>layer3</layer>
</encryption>
</security>
<location-reference>L1</location-reference>
<service>
<svc-input-bandwidth>2000000</svc-input-bandwidth>
<svc-output-bandwidth>2000000</svc-output-bandwidth>
<svc-mtu>1514</svc-mtu>
<qos>
<qos-profile>
<profile>GOLD</profile>
</qos-profile>
</qos>
</service>
</site-network-access>
</site-network-accesses>
</site>
</sites>
</l3vpn-svc>
Example of service configuration using a custom QoS profile with the Example of service configuration using a custom QoS profile with the
following corresponding XML snippet: following corresponding XML snippet:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-profiles> <vpn-profiles>
<valid-provider-identifiers> <valid-provider-identifiers>
<qos-profile-identifier> <qos-profile-identifier>
<id>GOLD</id> <id>GOLD</id>
</qos-profile-identifier>
<qos-profile-identifier>
<id>PLATINUM</id>
</qos-profile-identifier>
</valid-provider-identifiers>
</vpn-profiles>
<vpn-services>
<vpn-service>
<vpn-id>VPNA</vpn-id>
</vpn-service>
</vpn-services>
<sites>
<site>
<site-id>SITE1</site-id>
<locations>
<location>
<location-id>L1</location-id>
</location>
</locations>
<site-network-accesses>
<site-network-access>
<site-network-access-id>Site1</site-network-access-id>
<location-reference>L1</location-reference>
<ip-connection>
<ipv4>
<address-allocation-type>
provider-dhcp
</address-allocation-type>
</ipv4>
<ipv6>
<address-allocation-type>
provider-dhcp
</address-allocation-type>
</ipv6>
</ip-connection>
<service>
<svc-mtu>1514</svc-mtu>
<svc-input-bandwidth>10000000</svc-input-bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth>
</qos-profile-identifier> </service>
<qos-profile-identifier> <security>
<id>PLATINUM</id> <encryption>
</qos-profile-identifier> <layer>layer3</layer>
</valid-provider-identifiers> </encryption>
</vpn-profiles> </security>
<vpn-services> <location-reference>L1</location-reference>
<vpn-service> <vpn-attachment>
<vpn-id>VPNA</vpn-id> <vpn-id>VPNA</vpn-id>
</vpn-service> <site-role>spoke-role</site-role>
</vpn-services> </vpn-attachment>
<sites> <service>
<site> <svc-input-bandwidth>100000000</svc-input-bandwidth>
<site-id>SITE1</site-id> <svc-output-bandwidth>100000000</svc-output-bandwidth>
<locations> <qos>
<location> <qos-profile>
<location-id>L1</location-id> <classes>
</location> <class>
</locations> <class-id>REAL_TIME</class-id>
<site-network-accesses> <direction>both</direction>
<site-network-access> <rate-limit>10</rate-limit>
<site-network-access-id>Site1</site-network-access-id> <latency>
<location-reference>L1</location-reference> <use-lowest-latency/>
<ip-connection> </latency>
<ipv4> <bandwidth>
<address-allocation-type>provider-dhcp</address-allocation-type> <guaranteed-bw-percent>80</guaranteed-bw-percent>
</ipv4> </bandwidth>
<ipv6> </class>
<address-allocation-type>provider-dhcp</address-allocation-type> <class>
</ipv6> <class-id>DATA1</class-id>
</ip-connection> <latency>
<service> <latency-boundary>70</latency-boundary>
<svc-mtu>1514</svc-mtu> </latency>
<svc-input-bandwidth>10000000</svc-input-bandwidth> <bandwidth>
<svc-output-bandwidth>10000000</svc-output-bandwidth> <guaranteed-bw-percent>80</guaranteed-bw-percent>
</service> </bandwidth>
<security> </class>
<encryption> <class>
<layer>layer3</layer> <class-id>DATA2</class-id>
</encryption> <latency>
</security> <latency-boundary>200</latency-boundary>
<location-reference>L1</location-reference> </latency>
<vpn-attachment> <bandwidth>
<vpn-id>VPNA</vpn-id> <guaranteed-bw-percent>5</guaranteed-bw-percent>
<site-role>spoke-role</site-role> <end-to-end/>
</vpn-attachment> </bandwidth>
<service> </class>
<svc-input-bandwidth>100000000</svc-input-bandwidth> </classes>
<svc-output-bandwidth>100000000</svc-output-bandwidth>
<qos> </qos-profile>
<qos-profile> </qos>
<classes> </service>
<class> </site-network-access>
<class-id>REAL_TIME</class-id> </site-network-accesses>
<direction>both</direction> </site>
<rate-limit>10</rate-limit> </sites>
<latency> </l3vpn-svc>
<use-lowest-latency/>
</latency>
<bandwidth>
<guaranteed-bw-percent>80</guaranteed-bw-percent>
</bandwidth>
</class>
<class>
<class-id>DATA1</class-id>
<latency>
<latency-boundary>70</latency-boundary>
</latency>
<bandwidth>
<guaranteed-bw-percent>80</guaranteed-bw-percent>
</bandwidth>
</class>
<class>
<class-id>DATA2</class-id>
<latency>
<latency-boundary>200</latency-boundary>
</latency>
<bandwidth>
<guaranteed-bw-percent>5</guaranteed-bw-percent>
<end-to-end/>
</bandwidth>
</class>
</classes>
</qos-profile>
</qos>
</service>
</site-network-access>
</site-network-accesses>
</site>
</sites>
</l3vpn-svc>
The custom QoS profile for Site1 defines a REAL_TIME class with a The custom QoS profile for Site1 defines a REAL_TIME class with a
latency constraint expressed as the lowest possible latency. It also latency constraint expressed as the lowest possible latency. It also
defines two data classes -- DATA1 and DATA2. The two classes express defines two data classes -- DATA1 and DATA2. The two classes express
a latency boundary constraint as well as a bandwidth reservation, as a latency boundary constraint as well as a bandwidth reservation, as
the REAL_TIME class is rate-limited to 10% of the service bandwidth the REAL_TIME class is rate-limited to 10% of the service bandwidth
(10% of 100 Mbps = 10 Mbps). In cases where congestion occurs, the (10% of 100 Mbps = 10 Mbps). In cases where congestion occurs, the
REAL_TIME traffic can go up to 10 Mbps (let's assume that only 5 Mbps REAL_TIME traffic can go up to 10 Mbps (let's assume that only 5 Mbps
are consumed). DATA1 and DATA2 will share the remaining bandwidth are consumed). DATA1 and DATA2 will share the remaining bandwidth
(95 Mbps) according to their percentage. So, the DATA1 class will be (95 Mbps) according to their percentage. So, the DATA1 class will be
skipping to change at page 107, line 41 skipping to change at page 109, line 41
To create the VPN connectivity, the CSP or the customer may use the To create the VPN connectivity, the CSP or the customer may use the
L3VPN service model that SP B exposes. We could consider that, as L3VPN service model that SP B exposes. We could consider that, as
the NNI is shared, the physical connection (bearer) between CSP A and the NNI is shared, the physical connection (bearer) between CSP A and
SP B already exists. CSP A may request through a service model the SP B already exists. CSP A may request through a service model the
creation of a new site with a single site-network-access (single- creation of a new site with a single site-network-access (single-
homing is used in the figure). As a placement constraint, CSP A may homing is used in the figure). As a placement constraint, CSP A may
use the existing bearer reference it has from SP A to force the use the existing bearer reference it has from SP A to force the
placement of the VPN NNI on the existing link. The XML snippet below placement of the VPN NNI on the existing link. The XML snippet below
illustrates a possible configuration request to SP B: illustrates a possible configuration request to SP B:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-profiles> <vpn-profiles>
<valid-provider-identifiers> <valid-provider-identifiers>
<qos-profile-identifier> <qos-profile-identifier>
<id>GOLD</id> <id>GOLD</id>
</qos-profile-identifier> </qos-profile-identifier>
<qos-profile-identifier> <qos-profile-identifier>
<id>PLATINUM</id> <id>PLATINUM</id>
</qos-profile-identifier> </qos-profile-identifier>
</valid-provider-identifiers> </valid-provider-identifiers>
</vpn-profiles> </vpn-profiles>
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPN1</vpn-id> <vpn-id>VPN1</vpn-id>
</vpn-service> </vpn-service>
</vpn-services> </vpn-services>
<sites> <sites>
<site> <site>
<site-id>CSP_A_attachment</site-id> <site-id>CSP_A_attachment</site-id>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<locations> <locations>
<location> <location>
<location-id>L1</location-id> <location-id>L1</location-id>
</location> </location>
</locations> </locations>
<locations> <locations>
<location> <location>
<location-id>1</location-id> <location-id>1</location-id>
<city>NY</city> <city>NY</city>
<country-code>US</country-code> <country-code>US</country-code>
</location> </location>
</locations> </locations>
<site-vpn-flavor>site-vpn-flavor-nni</site-vpn-flavor> <site-vpn-flavor>site-vpn-flavor-nni</site-vpn-flavor>
<routing-protocols> <routing-protocols>
<routing-protocol> <routing-protocol>
<type>bgp</type> <type>bgp</type>
<bgp> <bgp>
<autonomous-system>500</autonomous-system> <autonomous-system>500</autonomous-system>
<address-family>ipv4</address-family> <address-family>ipv4</address-family>
</bgp> </bgp>
</routing-protocol> </routing-protocol>
</routing-protocols> </routing-protocols>
<site-network-accesses> <site-network-accesses>
<site-network-access> <site-network-access>
<site-network-access-id>CSP_A_VN1</site-network-access-id> <site-network-access-id>CSP_A_VN1</site-network-access-id>
<location-reference>L1</location-reference> <location-reference>L1</location-reference>
<ip-connection> <ip-connection>
<ipv4> <ipv4>
<address-allocation-type>provider-dhcp</address-allocation-type> <address-allocation-type>
</ipv4> provider-dhcp
<ipv6> </address-allocation-type>
<address-allocation-type>provider-dhcp</address-allocation-type> </ipv4>
</ipv6> <ipv6>
</ip-connection> <address-allocation-type>
<ip-connection> provider-dhcp
<ipv4> </address-allocation-type>
<address-allocation-type> </ipv6>
static-address </ip-connection>
</address-allocation-type> <ip-connection>
<addresses> <ipv4>
<provider-address>203.0.113.1</provider-address> <address-allocation-type>
<customer-address>203.0.113.2</customer-address> static-address
<prefix-length>30</prefix-length> </address-allocation-type>
</addresses> <addresses>
</ipv4> <provider-address>203.0.113.1</provider-address>
</ip-connection> <customer-address>203.0.113.2</customer-address>
<service> <prefix-length>30</prefix-length>
<svc-input-bandwidth>450000000</svc-input-bandwidth> </addresses>
<svc-output-bandwidth>450000000</svc-output-bandwidth> </ipv4>
<svc-mtu>1514</svc-mtu> </ip-connection>
</service> <service>
<security> <svc-input-bandwidth>450000000</svc-input-bandwidth>
<encryption> <svc-output-bandwidth>450000000</svc-output-bandwidth>
<layer>layer3</layer> <svc-mtu>1514</svc-mtu>
</encryption> </service>
</security> <security>
<vpn-attachment> <encryption>
<vpn-id>VPN1</vpn-id> <layer>layer3</layer>
<site-role>any-to-any-role</site-role> </encryption>
</vpn-attachment> </security>
</site-network-access> <vpn-attachment>
</site-network-accesses> <vpn-id>VPN1</vpn-id>
<management> <site-role>any-to-any-role</site-role>
<type>customer-managed</type> </vpn-attachment>
</management> </site-network-access>
</site> </site-network-accesses>
</sites> <management>
</l3vpn-svc> <type>customer-managed</type>
</management>
</site>
</sites>
</l3vpn-svc>
The case described above is different from a scenario using the The case described above is different from a scenario using the
cloud-accesses container, as the cloud-access provides a public cloud cloud-accesses container, as the cloud-access provides a public cloud
access while this example enables access to private resources located access while this example enables access to private resources located
in a CSP network. in a CSP network.
6.15.2. Defining an NNI with the Option B Flavor 6.15.2. Defining an NNI with the Option B Flavor
AS A AS B AS A AS B
------------------- ------------------- ------------------- -------------------
/ \ / \ / \ / \
| | | | | | | |
| ++++++++ Inter-AS link ++++++++ | | ++++++++ Inter-AS link ++++++++ |
| + +_______________+ + | | + +_______________+ + |
| + + + + | | + + + + |
| + ASBR +<---MP-BGP---->+ ASBR + | | + ASBR +<---MP-BGP---->+ ASBR + |
| + + + + | | + + + + |
| + +_______________+ + | | + +_______________+ + |
skipping to change at page 120, line 43 skipping to change at page 123, line 43
lines. In the NETCONF/YANG ecosystem, we expect NETCONF/YANG to be lines. In the NETCONF/YANG ecosystem, we expect NETCONF/YANG to be
used between the configuration component and network elements to used between the configuration component and network elements to
configure the requested services on those elements. configure the requested services on those elements.
In this framework, specifications are expected to provide specific In this framework, specifications are expected to provide specific
YANG modeling of service components on network elements. There will YANG modeling of service components on network elements. There will
be a strong relationship between the abstracted view provided by this be a strong relationship between the abstracted view provided by this
service model and the detailed configuration view that will be service model and the detailed configuration view that will be
provided by specific configuration models for network elements. provided by specific configuration models for network elements.
The authors of this document anticipate definitions of YANG models The authors of this document anticipate definitions of YANG modules
for the network elements listed below. Note that this list is not for the network elements listed below. Note that this list is not
exhaustive: exhaustive:
o VRF definition, including VPN policy expression. o VRF definition, including VPN policy expression.
o Physical interface. o Physical interface.
o IP layer (IPv4, IPv6). o IP layer (IPv4, IPv6).
o QoS: classification, profiles, etc. o QoS: classification, profiles, etc.
skipping to change at page 121, line 18 skipping to change at page 124, line 18
listed in the document, as well as routing policies associated listed in the document, as well as routing policies associated
with those protocols. with those protocols.
o Multicast VPN. o Multicast VPN.
o Network address translation. o Network address translation.
Example of a corresponding XML snippet with a VPN site request at the Example of a corresponding XML snippet with a VPN site request at the
service level, using this model: service level, using this model:
<?xml version="1.0"?> <?xml version="1.0"?>
<l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc"> <l3vpn-svc xmlns="urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc">
<vpn-profiles> <vpn-profiles>
<valid-provider-identifiers> <valid-provider-identifiers>
<qos-profile-identifier> <qos-profile-identifier>
<id>GOLD</id> <id>GOLD</id>
</qos-profile-identifier> </qos-profile-identifier>
<qos-profile-identifier> <qos-profile-identifier>
<id>PLATINUM</id> <id>PLATINUM</id>
</qos-profile-identifier> </qos-profile-identifier>
</valid-provider-identifiers> </valid-provider-identifiers>
</vpn-profiles> </vpn-profiles>
<vpn-services> <vpn-services>
<vpn-service> <vpn-service>
<vpn-id>VPN1</vpn-id> <vpn-id>VPN1</vpn-id>
<vpn-service-topology>hub-spoke</vpn-service-topology> <vpn-service-topology>hub-spoke</vpn-service-topology>
</vpn-service> </vpn-service>
</vpn-services> </vpn-services>
<sites> <sites>
<site> <site>
<site-id>Site A</site-id> <site-id>Site A</site-id>
<security> <security>
<encryption> <encryption>
<layer>layer3</layer> <layer>layer3</layer>
</encryption> </encryption>
</security> </security>
<locations> <locations>
<location> <location>
<location-id>L1</location-id> <location-id>L1</location-id>
</location> </location>
</locations> </locations>
<site-network-accesses> <site-network-accesses>
<site-network-access> <site-network-access>
<site-network-access-id>1</site-network-access-id> <site-network-access-id>1</site-network-access-id>
<ip-connection> <ip-connection>
<ipv4> <ipv4>
<address-allocation-type> <address-allocation-type>
static-address static-address
</address-allocation-type> </address-allocation-type>
<addresses> <addresses>
<provider-address>203.0.113.254</provider-address> <provider-address>203.0.113.254</provider-address>
<customer-address>203.0.113.2</customer-address> <customer-address>203.0.113.2</customer-address>
<prefix-length>24</prefix-length> <prefix-length>24</prefix-length>
</addresses> </addresses>
</ipv4> </ipv4>
<ipv6> <ipv6>
<address-allocation-type>provider-dhcp</address-allocation-type> <address-allocation-type>
</ipv6> provider-dhcp
</ip-connection> </address-allocation-type>
<service> </ipv6>
<svc-mtu>1514</svc-mtu> </ip-connection>
<svc-input-bandwidth>10000000</svc-input-bandwidth> <service>
<svc-output-bandwidth>10000000</svc-output-bandwidth> <svc-mtu>1514</svc-mtu>
</service> <svc-input-bandwidth>10000000</svc-input-bandwidth>
<location-reference>L1</location-reference> <svc-output-bandwidth>10000000</svc-output-bandwidth>
<vpn-attachment> </service>
<vpn-policy-id>VPNPOL1</vpn-policy-id> <location-reference>L1</location-reference>
</vpn-attachment> <vpn-attachment>
</site-network-access> <vpn-policy-id>VPNPOL1</vpn-policy-id>
</site-network-accesses> </vpn-attachment>
<routing-protocols> </site-network-access>
<routing-protocol> </site-network-accesses>
<type>static</type> <routing-protocols>
<static> <routing-protocol>
<cascaded-lan-prefixes> <type>static</type>
<ipv4-lan-prefixes> <static>
<lan>198.51.100.0/30</lan> <cascaded-lan-prefixes>
<next-hop>203.0.113.2</next-hop> <ipv4-lan-prefixes>
</ipv4-lan-prefixes> <lan>198.51.100.0/30</lan>
</cascaded-lan-prefixes> <next-hop>203.0.113.2</next-hop>
</static> </ipv4-lan-prefixes>
</routing-protocol> </cascaded-lan-prefixes>
</routing-protocols> </static>
<management> </routing-protocol>
<type>customer-managed</type> </routing-protocols>
</management> <management>
<vpn-policies> <type>customer-managed</type>
<vpn-policy> </management>
<vpn-policy-id>VPNPOL1</vpn-policy-id> <vpn-policies>
<entries> <vpn-policy>
<id>1</id> <vpn-policy-id>VPNPOL1</vpn-policy-id>
<vpn> <entries>
<vpn-id>VPN1</vpn-id> <id>1</id>
<site-role>any-to-any-role</site-role> <vpn>
</vpn> <vpn-id>VPN1</vpn-id>
</entries> <site-role>any-to-any-role</site-role>
</vpn-policy> </vpn>
</vpn-policies> </entries>
</site> </vpn-policy>
</sites> </vpn-policies>
</l3vpn-svc> </site>
</sites>
</l3vpn-svc>
In the service example above, the service component is expected to In the service example above, the service component is expected to
request that the configuration component of the management system request that the configuration component of the management system
provide the configuration of the service elements. If we consider provide the configuration of the service elements. If we consider
that the service component selected a PE (PE A) as the target PE for that the service component selected a PE (PE A) as the target PE for
the site, the configuration component will need to push the the site, the configuration component will need to push the
configuration to PE A. The configuration component will use several configuration to PE A. The configuration component will use several
YANG data models to define the configuration to be applied to PE A. YANG data models to define the configuration to be applied to PE A.
The XML snippet configuration of PE A might look like this: The XML snippet configuration of PE A might look like this:
skipping to change at page 183, line 7 skipping to change at page 186, line 8
"Container for sites."; "Container for sites.";
} }
description description
"Main container for L3VPN service configuration."; "Main container for L3VPN service configuration.";
} }
} }
<CODE ENDS> <CODE ENDS>
10. Security Considerations 10. Security Considerations
The YANG module defined in this document MAY be accessed via the The YANG module specified in this document defines a schema for data
RESTCONF protocol [RFC8040] or the NETCONF protocol [RFC6241]. The that is designed to be accessed via network management protocols such
lowest RESTCONF or NETCONF layer requires that the transport-layer as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
protocol provide both data integrity and confidentiality; see is the secure transport layer, and the mandatory-to-implement secure
Section 2 in [RFC8040] and Section 2 in [RFC6241]. The client MUST transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
carefully examine the certificate presented by the server to is HTTPS, and the mandatory-to-implement secure transport is TLS
determine if it meets the client's expectations, and the server MUST [RFC5246].
authenticate client and authorize access to any protected resource.
The client identity derived from the authentication mechanism used is
subject to the NETCONF Access Control Model (NACM) [RFC6536]. Other
protocols that are used to access this YANG module are also required
to support similar security mechanisms.
The data nodes defined in the "ietf-l3vpn-svc" YANG module MUST be The NETCONF access control model [RFC6536]provides the means to
carefully created, read, updated, or deleted as appropriate, which restrict access for particular NETCONF or RESTCONF users to a
indirectly lead to creation or modification of the network. The preconfigured subset of all available NETCONF or RESTCONF protocol
entries in the lists below include customer-proprietary or operations and content.
confidential information, e.g., customer-name; therefore, access to
confidential information MUST be limited to authorized clients, and There are a number of data nodes defined in this YANG module that are
other clients MUST NOT be permitted to access the information. writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability:
o /l3vpn-svc/vpn-services/vpn-service o /l3vpn-svc/vpn-services/vpn-service
The entries in the list above include the whole vpn service
configurations which the customer subscribes, and indirectly
create or modify the PE and CE device configurations. These
unexpected changes lead to the service disruption and/or network
misbehavior.
o /l3vpn-svc/sites/site
The entries in the list above include the customer site
configurations. As same as above, these unexpected changes lead
to the service disruption and/or network misbehavior.
Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability:
o /l3vpn-svc/vpn-services/vpn-service
o /l3vpn-svc/sites/site o /l3vpn-svc/sites/site
The entries in the lists above include customer-proprietary or
confidential information, e.g., customer-name, site location, what
service the customer subscribes.
The data model defines some security parameters than can be extended The data model defines some security parameters than can be extended
via augmentation as part of the customer service request; those via augmentation as part of the customer service request; those
parameters are described in Section 6.9. parameters are described in Section 6.9.
11. IANA Considerations 11. IANA Considerations
IANA has assigned a new URI from the "IETF XML Registry" [RFC3688]. IANA has assigned a new URI from the "IETF XML Registry" [RFC3688].
URI: urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc URI: urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc
Registrant Contact: The IESG Registrant Contact: The IESG
skipping to change at page 184, line 41 skipping to change at page 188, line 23
[RFC4577] Rosen, E., Psenak, P., and P. Pillay-Esnault, "OSPF as the [RFC4577] Rosen, E., Psenak, P., and P. Pillay-Esnault, "OSPF as the
Provider/Customer Edge Protocol for BGP/MPLS IP Virtual Provider/Customer Edge Protocol for BGP/MPLS IP Virtual
Private Networks (VPNs)", RFC 4577, DOI 10.17487/RFC4577, Private Networks (VPNs)", RFC 4577, DOI 10.17487/RFC4577,
June 2006, <https://www.rfc-editor.org/info/rfc4577>. June 2006, <https://www.rfc-editor.org/info/rfc4577>.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, Address Autoconfiguration", RFC 4862,
DOI 10.17487/RFC4862, September 2007, DOI 10.17487/RFC4862, September 2007,
<https://www.rfc-editor.org/info/rfc4862>. <https://www.rfc-editor.org/info/rfc4862>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008,
<https://www.rfc-editor.org/info/rfc5246>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020, the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>. <https://www.rfc-editor.org/info/rfc6020>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>. <https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/
BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February
2012, <https://www.rfc-editor.org/info/rfc6513>. 2012, <https://www.rfc-editor.org/info/rfc6513>.
[RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
Protocol (NETCONF) Access Control Model", RFC 6536, Protocol (NETCONF) Access Control Model", RFC 6536,
DOI 10.17487/RFC6536, March 2012, DOI 10.17487/RFC6536, March 2012,
<https://www.rfc-editor.org/info/rfc6536>. <https://www.rfc-editor.org/info/rfc6536>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
 End of changes. 52 change blocks. 
1683 lines changed or deleted 1801 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/