idnits 2.17.00 (12 Aug 2021) /tmp/idnits35714/draft-jags-spring-sr-service-programming-yang-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 61 instances of too long lines in the document, the longest one being 12 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 292 has weird spacing: '...nstance uin...' == Line 323 has weird spacing: '...nstance uin...' == Line 484 has weird spacing: '...ce-name str...' == Line 491 has weird spacing: '...s-label rt-...' == Line 496 has weird spacing: '...rv6-sid srv...' == (6 more instances...) == The document doesn't use any RFC 2119 keywords, yet has text resembling RFC 2119 boilerplate text. -- The document date (25 January 2022) is 109 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-policy-14 Summary: 1 error (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SPRING Working Group J. Rajamanickam 3 Internet-Draft K. Raza 4 Intended status: Standards Track Cisco Systems 5 Expires: 29 July 2022 D. Bernier 6 Bell Canada 7 G. Dawra 8 LinkedIn 9 C. Li 10 Huawei 11 25 January 2022 13 YANG Data Model for SR Service Programming 14 draft-jags-spring-sr-service-programming-yang-03 16 Abstract 18 This document describes a YANG data model for Segment Routing (SR) 19 Service Programming. The model serves as a base framework for 20 configuring and managing an SR based service programming. 21 Additionally, this document specifies the model for a Service Proxy 22 for SR-unaware services. 24 The YANG modules in this document conform to the Network Management 25 Datastore Architecture (NMDA). 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on 29 July 2022. 44 Copyright Notice 46 Copyright (c) 2022 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 51 license-info) in effect on the date of publication of this document. 52 Please review these documents carefully, as they describe your rights 53 and restrictions with respect to this document. Code Components 54 extracted from this document must include Revised BSD License text as 55 described in Section 4.e of the Trust Legal Provisions and are 56 provided without warranty as described in the Revised BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Specification of Requirements . . . . . . . . . . . . . . . . 4 62 3. YANG Model . . . . . . . . . . . . . . . . . . . . . . . . . 4 63 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 64 3.2. Service Function Types . . . . . . . . . . . . . . . . . 5 65 3.3. SR Service Programming Types . . . . . . . . . . . . . . 5 66 3.4. SR Service Programming Base . . . . . . . . . . . . . . . 5 67 3.4.1. Configuration . . . . . . . . . . . . . . . . . . . . 6 68 3.4.2. Operational State . . . . . . . . . . . . . . . . . . 8 69 3.4.3. Notification . . . . . . . . . . . . . . . . . . . . 10 70 3.5. SR Service Proxy . . . . . . . . . . . . . . . . . . . . 10 71 3.5.1. Static Proxy . . . . . . . . . . . . . . . . . . . . 11 72 3.5.2. Dynamic Proxy . . . . . . . . . . . . . . . . . . . . 13 73 3.5.3. Masquerading Proxy . . . . . . . . . . . . . . . . . 14 74 4. YANG Specification . . . . . . . . . . . . . . . . . . . . . 15 75 4.1. Service Types . . . . . . . . . . . . . . . . . . . . . . 15 76 4.2. SR Service Programming Types . . . . . . . . . . . . . . 17 77 4.3. SR Service Programming Base . . . . . . . . . . . . . . . 22 78 4.4. SR Service Proxy . . . . . . . . . . . . . . . . . . . . 32 79 5. Security Considerations . . . . . . . . . . . . . . . . . . . 39 80 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39 81 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 41 82 8. Normative References . . . . . . . . . . . . . . . . . . . . 41 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 43 85 1. Introduction 87 The Network Configuration Protocol (NETCONF) [RFC6241] is one of the 88 network management protocols that defines mechanisms to manage 89 network devices. YANG [RFC6020] is a modular language that 90 represents data structures in an XML tree format, and is used as a 91 data modeling language for the NETCONF. 93 Segment Routing is an architecture based on the source routing 94 paradigm that seeks the right balance between distributed 95 intelligence and centralized programmability. SR can be used with an 96 MPLS or an IPv6 data plane to steer packets through an ordered list 97 of instructions, called segments. These segments may encode simple 98 routing instructions for forwarding packets along a specific network 99 path, but also steer them through Virtual Network Function (VNF) or 100 physical service appliances available in the network. 102 In an SR network, each of these services, running either on a 103 physical appliance or in a virtual environment, are associated with a 104 segment identifier (SID). These service SIDs are then leveraged as 105 part of a SID-list to steer packets through the desired services in 106 the service chain. Service SIDs may be combined together in a SID- 107 list to achieve the service programming, but also with other types of 108 segments as defined in [RFC8402]. SR thus provides a fully 109 integrated solution for overlay, underlay and service programming. 110 Furthermore, the IPv6 instantiation of SR (SRv6) supports metadata 111 transportation in the Segment Routing header [RFC8754], either 112 natively in the tag field or with extensions such as TLVs. 114 This document describes how a service can be associated with a SID, 115 including legacy services with no SR capabilities, and how these 116 service SIDs are integrated within an SR policy. The definition of 117 an SR Policy and the traffic steering mechanisms are covered in 118 [I-D.ietf-spring-segment-routing-policy] and hence outside the scope 119 of this document. 121 This document introduces a YANG data model for the SR based service 122 programming configuration and management. Furthermore, this document 123 also covers the basic SR unaware behaviours as defined in 124 [I-D.ietf-spring-sr-service-programming]. 126 This document does not cover the following: 128 * SR-aware service specific management parameters 130 The model currently defines the following constructs that are used 131 for managing SR based service programming: 133 * Configuration 135 * Operational State 137 * Notifications 139 2. Specification of Requirements 141 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 142 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 143 document are to be interpreted as described in BCP 14 [RFC2119] 144 [RFC8174] when, and only when, they appear in all capitals, as shown 145 here. 147 3. YANG Model 149 3.1. Overview 151 This document defines the following four new YANG modules: 153 * ietf-service-function-types: Defines common service function types 155 * ietf-sr-service-programming-types: Defines common type definitions 156 used for SR based service programming YANG model 158 * ietf-sr-service-programming: Defines management model for SR based 159 service programming framework. This is a base and common 160 framework for both SR-aware and SR-unaware services. 162 * ietf-sr-service-programming-proxy: Defines management model for SR 163 service proxy for SR unaware services 165 The modelling in this document complies with the Network Management 166 Datastore Architecture (NMDA) defined in [RFC8342]. The operational 167 state data is combined with the associated configuration data in the 168 same hierarchy [RFC8407]. When protocol states are retrieved from 169 the NMDA operational state datastore, the returned states cover all 170 "config true" (rw) and "config false" (ro) nodes defined in the 171 schema. 173 In this document, when a simplified graphical representation of YANG 174 model is presented in a tree diagram, the meaning of the symbols in 175 these tree diagrams is defined in [RFC8340]. 177 In this document, the SR service programming YANG model is split 178 based on dynamic SID allocation and static SID allocation. In the 179 case of dynamic SID allocation, new SR service programming tree would 180 be used. In the case of static MPLS SID allocation for the SR 181 service programming, the existing SR MPLS YANG model [RFC9020] would 182 be augmented with the SR MPLS service programming specific 183 parameters. Similarly the static SRv6 base YANG model (TBD) would be 184 augmented with the SRv6 service programming specific parameters. 186 3.2. Service Function Types 188 A service is identified by (type, variant, instance). The type 189 represents the type of service functions (such as Firewall, DPI IPS 190 etc.), The variant value is a unique identifier which could identify 191 the vendor and its product informations, The instance is used to 192 refer to a specific instance of the same (service, variant). 194 We define a new YANG module ietf-service-function-types to specify 195 common definitions and types for service and service function. The 196 types and definitions are generic and hence can be used in any (SR 197 based or non-SR) YANG models. 199 The main definitions and types defined in ietf-service-function-types 200 module include: 202 * service-function-type: A new identity type to specify service 203 function types, such as firewall, dpi etc. Other identities can 204 be define by other modules in future. 206 3.3. SR Service Programming Types 208 The types required to model SR based service programming are defined 209 in a new module ietf-sr-service-programming-types. 211 The main types defined in this module includes: 213 * service-program-behaviour-type: Defines SR service program 214 behaviours like sr-aware, static-proxy etc... 216 * service-program-oper-status-type: Defines SR service programming 217 operational status. This includes the reason for down status as 218 well 220 * service-proxy-inner-pkt-type: Defines SR service proxy inner 221 packet types 223 3.4. SR Service Programming Base 225 The base model and framework for SR based service programming using 226 dynamic SID allocation is defined in a new module ietf-sr-service- 227 programming. 229 In the case of static MPLS SID allocation for the SR service 230 programming, the existing SR MPLS YANG model [RFC9020] would be 231 augmented with the SR MPLS service programming specific parameters. 233 In the case of static SRv6 based YANG model (TBD) would be augmented 234 with the SRv6 service programming specific parameters. 236 This module provides a common base for both the SR-aware and SR- 237 unaware service programming in terms of configuration, operation 238 state and notifications. 240 The ietf-sr-service-programming module hangs off main SR parent by 241 augmenting "/rt:routing/sr:segment-routing". 243 3.4.1. Configuration 245 This module defines some fundamental items required to configure SR 246 based service programming. In particular, it defines service program 247 provisioning as follows: 249 * service program behaviour: Defining a service program behaviour 251 * service offered: Defining a specific service (type, variant, 252 instance) offered this service programming 254 * Assigning a SR service SID: Defining SID data plane, method to 255 allocate the SID etc.. 257 * service program enablement: Administratively Enable/Disable a 258 service program 260 * SR services: Defining a base container which could be augmented to 261 define SR-aware or SR-unaware (via service-proxy) service specific 262 parameters 264 Following is a simplified graphical tree representation of the data 265 model for SR service programming (Dynamic SID allocation) base 266 configuration only 268 module: ietf-sr-service-programming 269 augment /rt:routing/sr:segment-routing: 270 +--rw service-programming 271 +--rw service-program* [name] 272 +--rw name -> /rt:routing/ 273 sr:segment-routing/ 274 sr-svc-pgm:service-programming/ 275 service-program/ 276 service-programming-info/ 277 service-name 278 +--rw sid-binding 279 | +--ro alloc-mode? sr-svc-pgm-types:sid-alloc-mode-type 280 | +--rw mpls 281 | | +--ro sid? rt-types:mpls-label 282 | +--rw srv6 283 | +--ro sid? srv6-types:srv6-sid 284 | +--rw locator? -> /rt:routing/sr:segment-routing/ 285 | srv6:srv6/locators/locator/name 286 +--rw service-programming-info 287 +--rw behaviour identityref 288 +--rw dataplane sr-svc-pgm-types:dataplane-type 289 +--rw service-name string 290 +--rw service-type identityref 291 +--rw service-variant string 292 +--rw service-instance uint32 293 +--rw admin-status? sr-svc-pgm-types:admin-status-type 294 +--rw sr-services 296 Figure 1: SR Service Programming Config Tree - Dynamic SID allocation 298 Following is a simplified graphical tree representation of the data 299 model for SR service programming (Static SR MPLS SID allocation) base 300 configuration only. In this case SR MPLS base YANG model has been 301 augmented to support SR service programming using static SR MPLS SID 302 allocation. This has been done for the user convince to program all 303 the SR service programming parameters from the based SR MPLS YANG 304 itself 306 module: ietf-sr-service-programming 307 augment /rt:routing/sr:segment-routing/sr-mpls:sr-mpls/sr-mpls:bindings: 308 +--rw mpls-static-service-programming 309 +--rw service-program* [name] 310 +--rw name -> /rt:routing/ 311 sr:segment-routing/ 312 sr-svc-pgm:service-programming/ 313 service-program/ 314 service-programming-info/ 315 service-name 316 +--rw sid rt-types:mpls-label 317 +--rw service-programming-info 318 +--rw behaviour identityref 319 +--ro dataplane? sr-svc-pgm-types:dataplane-type 320 +--rw service-name string 321 +--rw service-type identityref 322 +--rw service-variant string 323 +--rw service-instance uint32 324 +--rw admin-status? sr-svc-pgm-types:admin-status-type 325 +--rw sr-services 327 Figure 2: SR Service Programming Config Tree - Static SR MPLS SID 328 allocation 330 Following is a simplified graphical tree representation of the data 331 model for SR service programming (Static SRv6 SID allocation) base 332 configuration only. TBD (Once the based SRv6 static model is 333 available, this section will be filled) 335 3.4.2. Operational State 337 As per NMDA model, the state related to configuration items specified 338 in above section Section 3.4.1 can be retrieved from the same tree. 339 This section defines other operational state items related to SR 340 based service programming. 342 The operational state corresponding to an SR based service program 343 includes: 345 * Operational status: Provides detail information on the operational 346 state of the SR service program. 348 * statistics: Provides the statistics details such as number of 349 packets/bytes received, processed and dropped corresponding to a 350 SR service program. 352 Following is a simplified graphical tree representation of the data 353 model for the SR service programming base operational state (for 354 read-only items): 356 Dynamic SID allocation case: 358 module: ietf-sr-service-programming 359 augment /rt:routing/sr:segment-routing: 360 +--rw service-programming 361 +--rw service-program* [name] 362 +--rw service-programming-info 363 +--ro oper-status? identityref 364 +--ro statistics 365 +--ro in-packet-count? yang:counter64 366 +--ro in-bytes-count? yang:counter64 367 +--ro out-packet-count? yang:counter64 368 +--ro out-bytes-count? yang:counter64 369 +--ro in-drop-packet-count? yang:counter64 370 +--ro out-drop-packet-count? yang:counter64 372 Static SR MPLS SID allocation case: 374 module: ietf-sr-service-programming 375 augment /rt:routing/sr:segment-routing/sr-mpls:sr-mpls/sr-mpls:bindings: 376 +--rw mpls-static-service-programming 377 +--rw service-program* [name] 378 +--rw service-programming-info 379 +--ro oper-status? identityref 380 +--ro statistics 381 +--ro in-packet-count? yang:counter64 382 +--ro in-bytes-count? yang:counter64 383 +--ro out-packet-count? yang:counter64 384 +--ro out-bytes-count? yang:counter64 385 +--ro in-drop-packet-count? yang:counter64 386 +--ro out-drop-packet-count? yang:counter64 388 Static SRv6 SID allocation case: 390 TBD 392 Figure 3: SR Service Programming Operational State Tree 394 3.4.3. Notification 396 This model defines a list of notifications to inform an operator of 397 important events detected during the SR service programming 398 operation. These events are: 400 * SR service program operational state changes: This would also give 401 the reason for the state change when it is down 403 Following is a simplified graphical tree representation of the data 404 model for the SR service programming notification: 406 module: ietf-sr-service-programming 407 notifications: 408 +---n service-program-oper-status 409 +--ro name -> /rt:routing/sr:segment-routing/ 410 sr-svc-pgm:service-programming/ 411 service-program/name 412 +--ro oper-status -> /rt:routing/sr:segment-routing/ 413 sr-svc-pgm:service-programming/ 414 service-program/oper-status 416 Figure 4: SR Service Programming Notification Tree 418 3.5. SR Service Proxy 420 This document also defines a separate and new YANG data model for 421 Service Proxy for SR unaware services. The model defines the 422 configuration and operational state related to different proxy 423 behaviours defined earlier in ietf-sr-service-programming-types. The 424 model is defined in a new module ietf-sr-service-programming proxy. 426 To support SR service programming proxy for dynamic SID 427 allocation,this module augments the SR service program tree 428 (/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming/ sr- 429 svc-pgm:service-program/sr-svc-pgm:sr-services) as defined earlier in 430 ietf-sr-service-programming module. 432 To support SR service programming proxy for static SR MPLS SID 433 allocation, this module augments the base SR MPLS YANG mode defined 434 in the RFC [RFC9020] (/rt:routing/sr:segment-routing/sr-mpls:sr-mpls/ 435 sr-mpls:bindings/ sr-svc-pgm:mpls-static-service-programming/ sr-svc- 436 pgm:service-program/sr-svc-pgm:service-programming-info/ sr-svc- 437 pgm:sr-services:) 439 To support SR service programming proxy for static SRv6 SID 440 allocation, this module augments the base static SRv6 model - TBD 441 The following sections describe different types of proxy behaviours 442 and associated YANG modelling constructs. 444 3.5.1. Static Proxy 446 The static proxy is an SR endpoint behaviour for processing SR-MPLS 447 or SRv6 encapsulated traffic on behalf of an SR-unaware services. 449 The following parameters are required to provision the SR static 450 proxy: 452 * inner-packet-type: Inner packet type 454 * next-hop: Next hop Ethernet address (only for the inner type is 455 IPv4 or IPv6) 457 * out-interface-name: Local interface for sending traffic towards 458 the service Endpoint 460 * in-interface-name: Local interface receiving traffic coming back 461 from the service Endpoint 463 * packet-cache-info: SR information to be attached on the traffic 464 coming back from the service. This could be list of MPLS Label 465 stack or SRv6 SIDs 467 Following is a simplified graphical tree representation of the data 468 model for the SR static proxy: 470 Dynamic SID allocation case: 472 module: ietf-sr-service-programming-proxy 473 augment /rt:routing/sr:segment-routing/ 474 sr-svc-pgm:service-programming/ 475 sr-svc-pgm:service-program/ 476 sr-svc-pgm:service-programming-info/ 477 sr-svc-pgm:sr-services: 478 +--rw service-proxy 479 +--rw (proxy-type) 480 +--:(static) 481 +--rw static-proxy 482 +--rw inner-packet-type identityref 483 +--rw next-hop? yang:mac-address 484 +--rw out-interface-name string 485 +--rw in-interface-name string 486 +--rw packet-cache-info 487 +--rw (cache-type) 488 +--:(mpls) 489 | +--rw mpls-sids* [index] 490 | +--rw index uint8 491 | +--rw mpls-label rt-types:mpls-label 492 +--:(srv6) 493 +--rw ipv6-source-address? inet:ipv6-address 494 +--rw srv6-sids* [index] 495 +--rw index uint8 496 +--rw srv6-sid srv6-types:srv6-sid 498 Static SR MPLS SID allocation case: 500 module: ietf-sr-service-programming-proxy 501 augment /rt:routing/sr:segment-routing/ 502 sr-mpls:sr-mpls/sr-mpls:bindings/ 503 sr-svc-pgm:mpls-static-service-programming/ 504 sr-svc-pgm:service-program/ 505 sr-svc-pgm:service-programming-info/ 506 sr-svc-pgm:sr-services: 507 +--rw static-mpls-service-proxy 508 +--rw (proxy-type) 509 +--:(static) 510 +--rw static-proxy 511 +--rw inner-packet-type identityref 512 +--rw next-hop? yang:mac-address 513 +--rw out-interface-name string 514 +--rw in-interface-name string 515 +--rw packet-cache-info 516 +--rw (cache-type) 517 +--:(mpls) 518 | +--rw mpls-sids* [index] 519 | +--rw index uint8 520 | +--rw mpls-label rt-types:mpls-label 521 +--:(srv6) 522 +--rw ipv6-source-address? inet:ipv6-address 523 +--rw srv6-sids* [index] 524 +--rw index uint8 525 +--rw srv6-sid srv6-types:srv6-sid 527 Static SRv6 SID allocation case: 528 TDB 530 Figure 5: SR Static Proxy Tree 532 3.5.2. Dynamic Proxy 534 The dynamic proxy is an improvement over the static proxy that 535 dynamically learns the SR information before removing it from the 536 incoming traffic. The same information can be re-attached to the 537 traffic returning from the service Endpoints. The dynamic proxy 538 relies on the local caching. 540 The following parameters are required to provision the SR dynamic 541 proxy: 543 * out-interface-name: Local interface for sending traffic towards 544 the service Endpoint 546 * in-interface-name: Local interface receiving traffic coming back 547 from the service Endpoint 549 Following is a simplified graphical tree representation of the data 550 model for the SR static proxy: 552 Dynamic SID allocation case: 554 module: ietf-sr-service-programming-proxy 555 augment /rt:routing/sr:segment-routing/ 556 sr-svc-pgm:service-programming/ 557 sr-svc-pgm:service-program/ 558 sr-svc-pgm:service-programming-info/ 559 sr-svc-pgm:sr-services: 560 +--rw service-proxy 561 +--rw (proxy-type) 562 +--:(dynamic) 563 +--rw dynamic-proxy 564 +--rw out-interface-name string 565 +--rw in-interface-name string 567 Static SR MPLS SID allocation case: 569 module: ietf-sr-service-programming-proxy 570 augment /rt:routing/sr:segment-routing/ 571 sr-mpls:sr-mpls/sr-mpls:bindings/ 572 sr-svc-pgm:mpls-static-service-programming/ 573 sr-svc-pgm:service-program/ 574 sr-svc-pgm:service-programming-info/ 575 sr-svc-pgm:sr-services: 576 +--rw static-mpls-service-proxy 577 +--rw (proxy-type) 578 +--:(dynamic) 579 +--rw dynamic-proxy 580 +--rw out-interface-name string 581 +--rw in-interface-name string 583 Static SRv6 SID allocation case: 584 TBD 586 Figure 6: SR Dynamic Proxy Tree 588 3.5.3. Masquerading Proxy 590 The masquerading proxy is an SR endpoint behaviour for processing 591 SRv6 traffic on behalf of an SR-unaware service. This masquerading 592 behaviour is independent from the inner payload type. 594 The following parameters are required to provision the SR 595 masquerading proxy 597 * next-hop: Next hop Ethernet address 599 * out-interface-name: Local interface for sending traffic towards 600 the service Endpoint 602 * in-interface-name: Local interface receiving traffic coming back 603 from the service Endpoint 605 Following is a simplified graphical tree representation of the data 606 model for the SR masquerading proxy: 608 Dynamic SID allocation case: 610 module: ietf-sr-service-programming-proxy 611 augment /rt:routing/sr:segment-routing/ 612 sr-svc-pgm:service-programming/ 613 sr-svc-pgm:service-program/ 614 sr-svc-pgm:service-programming-info/ 615 sr-svc-pgm:sr-services: 616 +--rw service-proxy 617 +--rw (proxy-type) 618 +--:(masquerading) 619 +--rw masquerading-proxy 620 +--rw next-hop? yang:mac-address 621 +--rw out-interface-name string 622 +--rw in-interface-name string 624 Static SRv6 SID allocation case: 626 TBD 628 Figure 7: SR masquerading Proxy Tree 630 4. YANG Specification 632 Following are actual YANG definition for SR service programming 633 modules defined earlier in the document. 635 4.1. Service Types 637 Following are the Service Types definitions. 639 file "ietf-service-function-types.yang" 640 --> 642 module ietf-service-function-types { 643 yang-version 1.1; 645 namespace "urn:ietf:params:xml:ns:yang:ietf-service-function-types"; 646 prefix "service-types"; 648 organization "IETF SPRING Working Group"; 650 contact 651 "WG Web: 652 WG List: 654 Editor: Jaganbabu Rajamanickam 655 657 Editor: Kamran Raza 658 660 Editor: Daniel Bernier 661 663 Editor: Gaurav Dawra 664 666 Editor: Cheng Li 667 "; 669 /* 670 * Below are the definition for the service types 671 * Any new service type could added by extending 672 * this identity 673 */ 674 identity service-function-type { 675 description 676 "Base identity from which specific service function 677 types are derived."; 678 } 680 identity firewall { 681 base service-function-type; 682 description 683 "Firewall Service type"; 684 } 686 identity dpi { 687 base service-function-type; 688 description 689 "Deep Packet Inspection Service type"; 690 } 692 identity napt44 { 693 base service-function-type; 694 description 695 "Network Address and Port Translation 44 696 Service type"; 697 } 699 identity classifier { 700 base service-function-type; 701 description 702 "classifier Service type"; 703 } 705 identity load-balancer { 706 base service-function-type; 707 description 708 "load-balancer Service type"; 709 } 711 identity ips { 712 base service-function-type; 713 description 714 "Intrusion Prevention System Service type (Ex: Snort)"; 715 } 717 } 718 720 Figure 8: ietf-service-function-types.yang 722 4.2. SR Service Programming Types 724 Following are the SR service programming specific types definitions. 726 file "ietf-sr-service-programming-types.yang" 727 --> 729 module ietf-sr-service-programming-types { 730 yang-version 1.1; 732 namespace "urn:ietf:params:xml:ns:yang:ietf-sr-service-programming-types"; 733 prefix "sr-service-types"; 734 organization "IETF SPRING Working Group"; 736 contact 737 "WG Web: 738 WG List: 740 Editor: Jaganbabu Rajamanickam 741 743 Editor: Kamran Raza 744 746 Editor: Daniel Bernier 747 749 Editor: Gaurav Dawra 750 752 Editor: Cheng Li 753 "; 755 /* 756 * SR Service programming behaviour 757 */ 758 identity service-program-behaviour-type { 759 description 760 "Base identity for SR service programming behaviour"; 761 } 763 identity sr-aware { 764 base service-program-behaviour-type; 765 description 766 "SR aware native applications."; 767 } 769 identity static-proxy { 770 base service-program-behaviour-type; 771 description 772 "Static Proxy"; 773 } 775 identity dynamic-proxy { 776 base service-program-behaviour-type; 777 description 778 "Dynamic Proxy"; 779 } 781 identity Masquerading-proxy { 782 base service-program-behaviour-type; 783 description 784 "Masquerading Proxy"; 785 } 787 identity Masquerading-NAT-proxy { 788 base service-program-behaviour-type; 789 description 790 "Masquerading Proxy with NAT flavor"; 791 } 793 identity Masquerading-caching-proxy { 794 base service-program-behaviour-type; 795 description 796 "Masquerading Proxy with caching flavor"; 797 } 799 identity Masquerading-NAT-caching-proxy { 800 base service-program-behaviour-type; 801 description 802 "Masquerading Proxy with caching flavor"; 803 } 805 /* 806 * Below are the definition for the service proxy inner packet types 807 * Any new service proxy inner packet type could added by extending 808 * this identity 809 */ 810 identity service-proxy-inner-pkt-type { 811 description 812 "Base identity from which SR service proxy types are derived."; 813 } 815 identity Ethernet { 816 base service-proxy-inner-pkt-type; 817 description 818 "Expected inner packet type as Ethernet - derived from 819 service-proxy-inner-pkt-type"; 820 } 822 identity IPv4 { 823 base service-proxy-inner-pkt-type; 824 description 825 "Expected inner packet type as IPv4 - derived from 826 service-proxy-inner-pkt-type"; 827 } 828 identity IPv6 { 829 base service-proxy-inner-pkt-type; 830 description 831 "Expected inner packet type as IPv6 - derived from 832 service-proxy-inner-pkt-type"; 833 } 835 /* 836 * SR Service SID operational status 837 */ 838 identity service-program-oper-status-type { 839 description 840 "Base identity from which SR service program operational 841 status types are derived."; 842 } 844 identity up { 845 base service-program-oper-status-type; 846 description 847 "Service program status is operational"; 848 } 850 identity down-unknown { 851 base service-program-oper-status-type; 852 description 853 "Service program status is down because of unknown reason"; 854 } 856 identity sid-allocation-pending { 857 base service-program-oper-status-type; 858 description 859 "Service program status is down because of SID allocation is pending"; 860 } 862 identity sid-allocation-conflict { 863 base service-program-oper-status-type; 864 description 865 "Service program status is down because of SID conflict"; 866 } 868 identity sid-out-of-bound { 869 base service-program-oper-status-type; 870 description 871 "Service program status is down because of SID is out of bound"; 872 } 874 identity interface-down { 875 base service-program-oper-status-type; 876 description 877 "Service program status is down because of out/in interface is down"; 878 } 880 identity admin-forced-down { 881 base service-program-oper-status-type; 882 description 883 "Service program status is administratively forced down"; 884 } 886 /* 887 * Typedefs 888 */ 889 typedef admin-status-type { 890 type enumeration { 891 enum up { 892 description "Admin Up"; 893 } 894 enum down { 895 description "Admin Down"; 896 } 897 } 898 } 900 typedef dataplane-type { 901 type enumeration { 902 enum mpls { 903 description "MPLS dataplane"; 904 } 905 enum srv6 { 906 description "SRv6 dataplane"; 907 } 908 } 909 } 911 typedef sid-alloc-mode-type { 912 type enumeration { 913 enum static { 914 description "Static SID allocation"; 915 } 916 enum dynamic { 917 description "Dynamic SID allocation"; 918 } 919 } 920 } 921 } 922 923 Figure 9: ietf-sr-service-programming-types.yang 925 4.3. SR Service Programming Base 927 Following are the SR service programming base model definition. 929 file "ietf-sr-service-programming.yang" 930 --> 932 module ietf-sr-service-programming { 933 yang-version 1.1; 935 namespace "urn:ietf:params:xml:ns:yang:ietf-sr-service-programming"; 936 prefix "sr-svc-pgm"; 938 import ietf-yang-types { 939 prefix "yang"; 940 } 942 import ietf-srv6-base { 943 prefix "srv6"; 944 } 946 import ietf-routing { 947 prefix rt; 948 reference "RFC 8349: A YANG Data Model for Routing 949 Management (NMDA Version)"; 950 } 952 import ietf-service-function-types { 953 prefix "service-types"; 954 } 956 import ietf-segment-routing { 957 prefix sr; 958 } 960 import ietf-segment-routing-mpls { 961 prefix srmpls; 962 } 964 import ietf-sr-service-programming-types { 965 prefix "sr-svc-pgm-types"; 966 } 968 import ietf-routing-types { 969 prefix "rt-types"; 970 } 971 import ietf-srv6-types { 972 prefix "srv6-types"; 973 } 975 organization "IETF SPRING Working Group"; 977 contact 978 "WG Web: 979 WG List: 981 Editor: Jaganbabu Rajamanickam 982 984 Editor: Kamran Raza 985 987 Editor: Daniel Bernier 988 990 Editor: Gaurav Dawra 991 993 Editor: Cheng Li 994 "; 996 grouping service-statistics { 998 container statistics { 1000 config false; 1001 description "Service statistics"; 1003 leaf in-packet-count { 1004 type yang:counter64; 1005 description 1006 "Total number of packets processed by this service"; 1007 } 1009 leaf in-bytes-count { 1010 type yang:counter64; 1011 description 1012 "Total number of bytes processed by this service"; 1013 } 1015 leaf out-packet-count { 1016 type yang:counter64; 1017 description 1018 "Total number of packets end out after processing by this service"; 1020 } 1022 leaf out-bytes-count { 1023 type yang:counter64; 1024 description 1025 "Total number of bytes end out after processing by this service"; 1026 } 1028 leaf in-drop-packet-count { 1029 type yang:counter64; 1030 description 1031 "Total number of packets dropped while processing by this service"; 1032 } 1034 leaf out-drop-packet-count { 1035 type yang:counter64; 1036 description 1037 "Total number of packets dropped while this service try to 1038 forward to its destination"; 1039 } 1040 } 1041 } 1043 grouping service-mpls-sid-binding { 1044 container mpls { 1045 description 1046 "MPLS Service SID binding Container"; 1048 when "../../service-programming-info/dataplane = 'mpls'"; 1050 leaf sid { 1051 config false; 1052 type rt-types:mpls-label; 1053 description 1054 "MPLS SID value."; 1055 } 1056 } 1057 } 1059 grouping service-srv6-sid-binding { 1060 container srv6 { 1061 description 1062 "SRv6 Service SID binding Container"; 1064 when "../../service-programming-info/dataplane = 'srv6'"; 1066 leaf sid { 1067 config false; 1068 type srv6-types:srv6-sid; 1069 description 1070 "SRv6 SID value."; 1071 } 1073 leaf locator { 1074 type leafref { 1075 path "/rt:routing/sr:segment-routing" 1076 + "/srv6:srv6/srv6:locators/srv6:locator/srv6:name"; 1077 } 1078 description 1079 "Reference to a SRv6 locator. This is valid only when 1080 the SID allocation mode is dynamic"; 1081 } 1082 } 1083 } 1085 grouping service-sid-binding { 1086 container sid-binding { 1087 description 1088 "Service SID binding Container"; 1090 leaf alloc-mode { 1091 config false; 1092 default dynamic; 1093 type sr-svc-pgm-types:sid-alloc-mode-type; 1094 description 1095 "Service SID allocation mode"; 1096 } 1098 uses service-mpls-sid-binding; 1099 uses service-srv6-sid-binding; 1100 } 1101 } 1103 grouping service-programming-infos { 1104 container service-programming-info { 1106 leaf behaviour { 1107 mandatory true; 1108 type identityref { 1109 base sr-svc-pgm-types:service-program-behaviour-type; 1110 } 1111 description 1112 "SR program behaviour"; 1113 } 1115 leaf dataplane { 1116 mandatory true; 1117 type sr-svc-pgm-types:dataplane-type; 1118 description 1119 "Service SID dataplane."; 1120 } 1122 leaf service-name { 1123 mandatory true; 1124 type string; 1125 description 1126 "Service program name to identify a specific program."; 1127 } 1129 leaf service-type { 1130 mandatory true; 1131 type identityref { 1132 base service-types:service-function-type; 1133 } 1134 description 1135 "Service-Type defined by IANA Service Type Table (STT). Like 1136 Firewall, DPI etc..."; 1137 } 1139 leaf service-variant { 1140 mandatory true; 1141 type string; 1142 description 1143 "This identifies the variant of the service. This value should 1144 be unique in the given network. Example Format: 1145 --."; 1146 } 1148 leaf service-instance { 1149 mandatory true; 1150 type uint32; 1151 description 1152 "Service instance which differentiates the same service -- e.g. 1153 same vendors Firewall service could have several instances 1154 available. This could be used to differentiate the VPN 1155 customers or for load sharing purposes."; 1156 } 1158 leaf admin-status { 1159 type sr-svc-pgm-types:admin-status-type; 1160 default down; 1161 description 1162 "Admin Status"; 1163 } 1164 leaf oper-status { 1165 config false; 1166 type identityref { 1167 base sr-svc-pgm-types:service-program-oper-status-type; 1168 } 1169 description 1170 "Service SID operational mode."; 1171 } 1173 uses service-statistics; 1175 container sr-services { 1177 description 1178 "Any SR-aware or AR-unaware services could augment this container"; 1179 reference "Segment Routing Service Programming Architecture."; 1180 } 1181 } 1182 } 1184 grouping service-programmings { 1185 container service-programming { 1186 description 1187 "service programming container. 1188 Any new services programming added could augment 1189 this container to support that specific services. 1190 Currently in this model, only service proxy 1191 is defined. (i.e) For example if 1192 a Firewall services needs to be added then 1193 they could augment this container and 1194 extend this model"; 1196 list service-program { 1197 key "name"; 1198 description 1199 "Service program is keyed by the service program name"; 1201 leaf name { 1202 mandatory true; 1203 type leafref { 1204 path "/rt:routing/sr:segment-routing/" 1205 + "sr-svc-pgm:service-programming/" 1206 + "sr-svc-pgm:service-program/" 1207 + "sr-svc-pgm:service-programming-info/" 1208 + "sr-svc-pgm:service-name"; 1209 } 1210 } 1211 uses service-sid-binding; 1212 uses service-programming-infos; 1213 } 1214 } 1215 } 1217 /* 1218 * MPLS/SRv6 SR service programming using dynamic SID allocation 1219 */ 1220 augment "/rt:routing/sr:segment-routing" { 1221 description 1222 "Augmenting the segment-routing to add SR service programming"; 1224 uses service-programmings; 1225 } 1227 /* 1228 * MPLS SR service programming using static MPLS binding SID 1229 */ 1230 augment "/rt:routing/sr:segment-routing/srmpls:sr-mpls/srmpls:bindings" { 1231 description 1232 "Augmenting the segment-routing MPLS static binding to add static 1233 MPLS SR service programming"; 1235 container mpls-static-service-programming { 1236 description 1237 "Augmenting the MPLS segment-routing bindings with the SR service 1238 programming"; 1239 list service-program { 1240 key "name"; 1241 description 1242 "Service program is keyed by the service program name"; 1244 leaf name { 1245 mandatory true; 1246 type leafref { 1247 path "/rt:routing/sr:segment-routing/" 1248 + "sr-svc-pgm:service-programming/" 1249 + "sr-svc-pgm:service-program/" 1250 + "sr-svc-pgm:service-programming-info/" 1251 + "sr-svc-pgm:service-name"; 1252 } 1253 } 1255 leaf sid { 1256 mandatory true; 1257 type rt-types:mpls-label; 1258 description 1259 "MPLS SID value."; 1260 } 1262 uses service-programming-infos { 1263 /* 1264 * In the case of MPLs static binding configuration 1265 * the dataplane is set to mpls and not allowed to 1266 * configure 1267 */ 1268 refine service-programming-info/dataplane { 1269 mandatory false; 1270 default mpls; 1271 config false; 1272 } 1273 } 1274 } 1275 } 1277 } 1279 /* 1280 * SRv6 SR service programming using static SRv6 binding SID 1281 */ 1282 augment "/rt:routing/sr:segment-routing/srv6:srv6/srv6:locators/srv6:locator" { 1283 description 1284 "Augmenting the segment-routing SRv6 static to add static binding to 1285 SRv6 SR service programming"; 1287 container end-AS { 1288 description 1289 "End.AS - Static Proxy SID behaviour"; 1290 list service-program { 1291 key "name"; 1292 description 1293 "Service program is keyed by the service program name"; 1295 leaf name { 1296 mandatory true; 1297 type leafref { 1298 path "/rt:routing/sr:segment-routing/" 1299 + "sr-svc-pgm:service-programming/" 1300 + "sr-svc-pgm:service-program/" 1301 + "sr-svc-pgm:service-programming-info/" 1302 + "sr-svc-pgm:service-name"; 1303 } 1304 } 1306 uses service-programming-infos { 1307 /* 1308 * In the case of SRv6 static binding configuration 1309 * the dataplane is set to mpls and not allowed to 1310 * configure 1311 */ 1312 refine service-programming-info/dataplane { 1313 config false; 1314 mandatory false; 1315 default srv6; 1316 } 1317 refine service-programming-info/behaviour { 1318 config false; 1319 //when "service-programming-info/dataplane = 'srv6'"; 1320 mandatory false; 1321 default sr-svc-pgm-types:static-proxy; 1322 } 1324 } 1325 } 1326 } 1328 container end-AD { 1329 description 1330 "End.AD - Dynamic Proxy SID behaviour"; 1331 list service-program { 1332 key "name"; 1333 description 1334 "Service program is keyed by the service program name"; 1336 leaf name { 1337 mandatory true; 1338 type leafref { 1339 path "/rt:routing/sr:segment-routing/" 1340 + "sr-svc-pgm:service-programming/" 1341 + "sr-svc-pgm:service-program/" 1342 + "sr-svc-pgm:service-programming-info/" 1343 + "sr-svc-pgm:service-name"; 1344 } 1345 } 1347 uses service-programming-infos { 1349 refine service-programming-info/dataplane { 1350 config false; 1351 mandatory false; 1352 default srv6; 1353 } 1354 refine service-programming-info/behaviour { 1355 //when "service-programming-info/dataplane = 'srv6'"; 1356 config false; 1357 mandatory false; 1358 default sr-svc-pgm-types:dynamic-proxy; 1359 } 1361 } 1362 } 1363 } 1365 container end-AM { 1366 description 1367 "End.AD - Masquerading Proxy SID behaviour"; 1368 list service-program { 1369 key "name"; 1370 description 1371 "Service program is keyed by the service program name"; 1373 leaf name { 1374 mandatory true; 1375 type leafref { 1376 path "/rt:routing/sr:segment-routing/" 1377 + "sr-svc-pgm:service-programming/" 1378 + "sr-svc-pgm:service-program/" 1379 + "sr-svc-pgm:service-programming-info/" 1380 + "sr-svc-pgm:service-name"; 1381 } 1382 } 1384 uses service-programming-infos { 1386 refine service-programming-info/dataplane { 1387 config false; 1388 mandatory false; 1389 default srv6; 1390 } 1391 refine service-programming-info/behaviour { 1392 //when "service-programming-info/dataplane = 'srv6'"; 1393 mandatory false; 1394 default sr-svc-pgm-types:Masquerading-proxy; 1395 } 1397 } 1398 } 1399 } 1401 } 1402 notification service-program-oper-status { 1403 description 1404 "This notification is sent when there is a change in the service 1405 program oper status."; 1406 leaf name { 1407 mandatory true; 1408 type leafref { 1409 path "/rt:routing/sr:segment-routing/" 1410 + "sr-svc-pgm:service-programming/" 1411 + "sr-svc-pgm:service-program/" 1412 + "sr-svc-pgm:name"; 1413 } 1414 description 1415 "Service program name to identify a specific programming."; 1416 } 1418 leaf oper-status { 1419 mandatory true; 1420 type leafref { 1421 path "/rt:routing/sr:segment-routing/" 1422 + "sr-svc-pgm:service-programming/" 1423 + "sr-svc-pgm:service-program/" 1424 + "sr-svc-pgm:service-programming-info/" 1425 + "sr-svc-pgm:oper-status"; 1426 } 1427 description 1428 "Service program operational status."; 1429 } 1431 } 1432 } 1433 1435 Figure 10: ietf-sr-service-programming.yang 1437 4.4. SR Service Proxy 1439 Following are the SR service programming service proxy model 1440 definition. 1442 file "ietf-sr-service-programming-proxy.yang" 1443 --> 1444 module ietf-sr-service-programming-proxy { 1445 yang-version 1.1; 1447 namespace "urn:ietf:params:xml:ns:yang:ietf-sr-service-programming-proxy"; 1448 prefix "sr-svc-proxy"; 1449 import ietf-yang-types { 1450 prefix yang; 1451 } 1453 import ietf-routing { 1454 prefix rt; 1455 reference "RFC 8349: A YANG Data Model for Routing 1456 Management (NMDA Version)"; 1457 } 1459 import ietf-inet-types { 1460 prefix "inet"; 1461 } 1463 import ietf-segment-routing { 1464 prefix sr; 1465 } 1467 import ietf-sr-service-programming { 1468 prefix "sr-svc-pgm"; 1469 } 1471 import ietf-sr-service-programming-types { 1472 prefix "sr-svc-pgm-types"; 1473 } 1475 import ietf-routing-types { 1476 prefix "rt-types"; 1477 } 1479 import ietf-srv6-types { 1480 prefix "srv6-types"; 1481 } 1483 import ietf-segment-routing-mpls { 1484 prefix sr-mpls; 1485 } 1487 organization "IETF SPRING Working Group"; 1489 contact 1490 "WG Web: 1491 WG List: 1493 Editor: Jaganbabu Rajamanickam 1494 1496 Editor: Kamran Raza 1497 1499 Editor: Daniel Bernier 1500 1502 Editor: Gaurav Dawra 1503 1505 Editor: Cheng Li 1506 "; 1508 grouping service-proxy-parameters { 1510 leaf out-interface-name { 1511 mandatory true; 1512 type string; 1513 description 1514 "Interface name on which the packet sent to the service endpoint"; 1515 } 1517 leaf in-interface-name { 1518 mandatory true; 1519 type string; 1520 description 1521 "Interface name on which the packet received from the service endpoint"; 1522 } 1523 } 1525 grouping mpls-packet-cache-info { 1526 description 1527 "MPLS Label stack"; 1529 list mpls-sids { 1530 key "index"; 1532 leaf index { 1533 type uint8 { 1534 range "1..16"; 1535 } 1536 description 1537 "cache index - MPLS Label stack index"; 1538 } 1540 leaf mpls-label { 1541 mandatory true; 1542 type rt-types:mpls-label; 1543 description 1544 "MPLS Label value."; 1546 } 1547 } 1548 } 1550 grouping srv6-packet-cache-info { 1551 description 1552 "SRv6 SID stack"; 1554 leaf ipv6-source-address { 1555 type inet:ipv6-address; 1556 description 1557 "IPv6 source address that needs in the case if SRv6."; 1558 } 1559 list srv6-sids { 1560 key "index"; 1562 leaf index { 1563 type uint8 { 1564 range "1..16"; 1565 } 1566 description 1567 "cache index - SRv6 SID index"; 1568 } 1570 leaf srv6-sid { 1571 mandatory true; 1572 type srv6-types:srv6-sid; 1573 description 1574 "SRv6 SID."; 1575 } 1576 } 1577 } 1579 grouping service-proxy-packet-cache-info { 1580 description 1581 "SRv6 Proxy header cache"; 1583 container packet-cache-info { 1585 choice cache-type { 1586 mandatory true; 1587 case mpls { 1589 when "/rt:routing/sr:segment-routing 1590 /sr-svc-pgm:service-programming 1591 /sr-svc-pgm:service-program 1592 /sr-svc-pgm:service-programming-info 1593 /sr-svc-pgm:dataplane = 'mpls'"; 1595 uses mpls-packet-cache-info; 1596 } 1597 case srv6 { 1599 when "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming 1600 /sr-svc-pgm:service-program 1601 /sr-svc-pgm:service-programming-info 1602 /sr-svc-pgm:dataplane = 'srv6'"; 1604 uses srv6-packet-cache-info; 1605 } 1606 } 1607 } 1608 } 1610 grouping static-service-proxy { 1611 container static-proxy { 1612 when "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming 1613 /sr-svc-pgm:service-program 1614 /sr-svc-pgm:service-programming-info 1615 /sr-svc-pgm:behaviour = 'static-proxy'"; 1616 description 1617 "Parameters related to static service proxy"; 1619 leaf inner-packet-type { 1620 mandatory true; 1621 type identityref { 1622 base sr-svc-pgm-types:service-proxy-inner-pkt-type; 1623 } 1624 description 1625 "Defines the expected inner packet type"; 1626 } 1628 leaf next-hop { 1629 when "(../inner-packet-type = 'IPv4' or ../inner-packet-type = 'IPv6')"; 1630 type yang:mac-address; 1631 description 1632 "Nexthop Ethernet address for inner packet type IPv4/IPv6"; 1633 } 1634 uses service-proxy-parameters; 1635 uses service-proxy-packet-cache-info; 1636 } 1637 } 1639 grouping dynamic-service-proxy { 1640 container dynamic-proxy { 1641 when "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming 1642 /sr-svc-pgm:service-program 1643 /sr-svc-pgm:service-programming-info 1644 /sr-svc-pgm:behaviour = 'dynamic-proxy'"; 1645 description 1646 "Parameters related to dynamic service proxy"; 1647 uses service-proxy-parameters; 1648 } 1649 } 1651 grouping masquerading-service-parameters { 1653 leaf next-hop { 1654 type yang:mac-address; 1655 description 1656 "Nexthop Ethernet address"; 1657 } 1658 uses service-proxy-parameters; 1659 } 1661 grouping masquerading-service-proxy { 1662 container masquerading-proxy { 1663 description 1664 "Parameters related to masquerading service proxy"; 1666 when "/rt:routing/sr:segment-routing 1667 /sr-svc-pgm:service-programming 1668 /sr-svc-pgm:service-program 1669 /sr-svc-pgm:service-programming-info 1670 /sr-svc-pgm:dataplane = 'srv6' and /rt:routing 1671 /sr:segment-routing/sr-svc-pgm:service-programming 1672 /sr-svc-pgm:service-program 1673 /sr-svc-pgm:service-programming-info 1674 /sr-svc-pgm:behaviour = 'Masquerading-proxy'"; 1676 uses masquerading-service-parameters; 1677 } 1678 } 1680 grouping service-proxy-programming { 1681 container service-proxy { 1683 choice proxy-type { 1684 mandatory true; 1685 case static { 1686 uses static-service-proxy; 1687 } 1688 case dynamic { 1689 uses dynamic-service-proxy; 1690 } 1691 case masquerading { 1692 uses masquerading-service-proxy; 1693 } 1694 } 1695 } 1697 } 1699 augment "/rt:routing/sr:segment-routing/ 1700 sr-svc-pgm:service-programming/ 1701 sr-svc-pgm:service-program/ 1702 sr-svc-pgm:service-programming-info/ 1703 sr-svc-pgm:sr-services" { 1704 description 1705 "Augmenting the segment-routing bindings to add SR-unaware 1706 service programming"; 1708 uses service-proxy-programming; 1709 } 1711 grouping static-mpls-service-proxy-programming { 1712 container static-mpls-service-proxy { 1714 choice proxy-type { 1715 mandatory true; 1716 case static { 1717 uses static-service-proxy; 1718 } 1719 case dynamic { 1720 uses dynamic-service-proxy; 1721 } 1722 } 1723 } 1725 } 1727 augment "/rt:routing/sr:segment-routing/ 1728 sr-mpls:sr-mpls/sr-mpls:bindings/ 1729 sr-svc-pgm:mpls-static-service-programming/ 1730 sr-svc-pgm:service-program/ 1731 sr-svc-pgm:service-programming-info/ 1732 sr-svc-pgm:sr-services" { 1733 uses static-mpls-service-proxy-programming; 1734 } 1736 } 1737 1738 Figure 11: ietf-sr-service-programming-proxy.yang 1740 5. Security Considerations 1742 The YANG module specified in this document defines a schema for data 1743 that is designed to be accessed via network management protocols such 1744 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1745 is the secure transport layer, and the mandatory-to-implement secure 1746 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 1747 is HTTPS, and the mandatory-to-implement secure transport is TLS 1748 [RFC8446]. 1750 The Network Configuration Access Control Model (NACM) [RFC8341] 1751 provides the means to restrict access for particular NETCONF or 1752 RESTCONF users to a preconfigured subset of all available NETCONF or 1753 RESTCONF protocol operations and content. 1755 There are a number of data nodes defined in this YANG module that are 1756 writable/creatable/ deletable (i.e., config true, which is the 1757 default). These data nodes may be considered sensitive or vulnerable 1758 in some network environments. Write operations (e.g., edit-config) 1759 to these data nodes without proper protection can have a negative 1760 effect on network operations. 1762 Some of the readable data nodes in this YANG module may be considered 1763 sensitive or vulnerable in some network environments. It is thus 1764 important to control read access (e.g., via get, get-config, or 1765 notification) to these data nodes. 1767 It goes without saying that this specification also inherits the 1768 security considerations captured in the SRv6 specification document 1769 [I-D.ietf-spring-sr-service-programming]. 1771 6. IANA Considerations 1773 This document requests the registration of the following URIs in the 1774 IETF "XML registry" [RFC3688]: 1776 +===================================+============+=====+ 1777 | URI | Registrant | XML | 1778 +===================================+============+=====+ 1779 | urn:ietf:params:xml:ns:yang:ietf- | The IESG | N/A | 1780 | service-function-types | | | 1781 +-----------------------------------+------------+-----+ 1782 | urn:ietf:params:xml:ns:yang:ietf- | The IESG | N/A | 1783 | sr-service-programming-types | | | 1784 +-----------------------------------+------------+-----+ 1785 +-----------------------------------+------------+-----+ 1786 | urn:ietf:params:xml:ns:yang:ietf- | The IESG | N/A | 1787 | sr-service-programming | | | 1788 +-----------------------------------+------------+-----+ 1789 | urn:ietf:params:xml:ns:yang:ietf- | The IESG | N/A | 1790 | sr-service-programming-proxy | | | 1791 +-----------------------------------+------------+-----+ 1793 Table 1 1795 This document requests the registration of the following YANG modules 1796 in the "YANG Module Names" registry [RFC6020]: 1798 +============+=================================+============+=========+ 1799 |Name |Namespace |Prefix |Reference| 1800 +============+=================================+============+=========+ 1801 |ietf- |urn:ietf:params:xml:ns:yang:ietf-|service- |This | 1802 |service- |service-function-types |function- |document | 1803 |function- | |types | | 1804 |types | | | | 1805 +------------+---------------------------------+------------+---------+ 1806 +------------+---------------------------------+------------+---------+ 1807 |ietf-sr- |urn:ietf:params:xml:ns:yang:ietf-|ietf-sr- |This | 1808 |service- |sr-service-programming-types |service- |document | 1809 |programming-| |programming-| | 1810 |types | |types | | 1811 +------------+---------------------------------+------------+---------+ 1812 +------------+---------------------------------+------------+---------+ 1813 |ietf-sr- |urn:ietf:params:xml:ns:yang:ietf-|ietf-sr- |This | 1814 |service- |sr-service-programming |service- |document | 1815 |programming | |programming | | 1816 +------------+---------------------------------+------------+---------+ 1817 +------------+---------------------------------+------------+---------+ 1818 |ietf-sr- |urn:ietf:params:xml:ns:yang:ietf-|ietf-sr- |This | 1819 |service- |sr-service-programming-proxy |service- |document | 1820 |programming-| |programming-| | 1821 |proxy | |proxy | | 1822 +------------+---------------------------------+------------+---------+ 1824 Table 2 1826 -- RFC Editor: Replace "This document" with the document RFC number 1827 at time of publication, and remove this note. 1829 7. Acknowledgments 1831 The authors would like to acknowledge Francois Clad, Ketan 1832 Talaulikar, and Darren Dukes for their review of some of the contents 1833 in this document. 1835 8. Normative References 1837 [I-D.ietf-spring-segment-routing-policy] 1838 Filsfils, C., Talaulikar, K., Voyer, D., Bogdanov, A., and 1839 P. Mattes, "Segment Routing Policy Architecture", Work in 1840 Progress, Internet-Draft, draft-ietf-spring-segment- 1841 routing-policy-14, 25 October 2021, 1842 . 1845 [I-D.ietf-spring-sr-service-programming] 1846 Clad, F., Xu, X., Filsfils, C., Bernier, D., Li, C., 1847 Decraene, B., Ma, S., Yadlapalli, C., Henderickx, W., and 1848 S. Salsano, "Service Programming with Segment Routing", 1849 Work in Progress, Internet-Draft, draft-ietf-spring-sr- 1850 service-programming-05, 10 September 2021, 1851 . 1854 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1855 Requirement Levels", BCP 14, RFC 2119, 1856 DOI 10.17487/RFC2119, March 1997, 1857 . 1859 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1860 DOI 10.17487/RFC3688, January 2004, 1861 . 1863 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1864 the Network Configuration Protocol (NETCONF)", RFC 6020, 1865 DOI 10.17487/RFC6020, October 2010, 1866 . 1868 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1869 and A. Bierman, Ed., "Network Configuration Protocol 1870 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1871 . 1873 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1874 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1875 . 1877 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1878 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1879 . 1881 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1882 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1883 May 2017, . 1885 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1886 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1887 . 1889 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1890 Access Control Model", STD 91, RFC 8341, 1891 DOI 10.17487/RFC8341, March 2018, 1892 . 1894 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1895 and R. Wilton, "Network Management Datastore Architecture 1896 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1897 . 1899 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 1900 Decraene, B., Litkowski, S., and R. Shakir, "Segment 1901 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 1902 July 2018, . 1904 [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of 1905 Documents Containing YANG Data Models", BCP 216, RFC 8407, 1906 DOI 10.17487/RFC8407, October 2018, 1907 . 1909 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1910 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1911 . 1913 [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., 1914 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 1915 (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, 1916 . 1918 [RFC9020] Litkowski, S., Qu, Y., Lindem, A., Sarkar, P., and J. 1919 Tantsura, "YANG Data Model for Segment Routing", RFC 9020, 1920 DOI 10.17487/RFC9020, May 2021, 1921 . 1923 Authors' Addresses 1925 Jaganbabu Rajamanickam 1926 Cisco Systems 1928 Email: jrajaman@cisco.com 1930 Kamran Raza 1931 Cisco Systems 1933 Email: skraza@cisco.com 1935 Daniel Bernier 1936 Bell Canada 1938 Email: daniel.bernier@bell.ca 1939 Gaurav Dawra 1940 LinkedIn 1942 Email: gdawra.ietf@gmail.com 1944 Cheng Li 1945 Huawei 1947 Email: c.l@huawei.com