]> A YANG Data Model for Augmenting VPN Service and Network Models with Attachment Circuits Orange
mohamed.boucadair@orange.com
Juniper
rroberts@juniper.net
Nokia
samier.barguil_giraldo@nokia.com
Telefonica
oscar.gonzalezdedios@telefonica.com
Operations and Management OPSAWG Slice Service L3VPN L2VPN The document specifies a module that updates existing service and network VPN modules with the required information to bind specific services to ACs that are created using the Attachment Circuit (AC) service and network models. Discussion Venues Discussion of this document takes place on the Operations and Management Area Working Group Working Group mailing list (opsawg@ietf.org), which is archived at . Source for this draft and an issue tracker can be found at .
Introduction The document specifies a YANG module () that updates existing service and network Virtual Private Network (VPN) modules with the required information to bind specific services to Attachment Circuits (ACs) that are created using the AC service model , specifically the following modules are augmented:
  • The Layer 2 Service Model (L2SM)
  • The Layer 3 Service Model (L3SM)
  • The Layer 2 Network Model (L2NM)
  • The Layer 3 Network Model (L3NM)
Likewise, the document augments the L2NM and L3NM with references to the ACs that are managed using the AC network model . The YANG data model in this document conforms to the Network Management Datastore Architecture (NMDA) defined in . An example to illustrate the use of the model is provided in .
Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. The meanings of the symbols in the YANG tree diagrams are defined in . This document uses terms defined in . LxSM refers to both the L2SM and the L3SM. LxNM refers to both the L2NM and the L3NM.
Sample Uses of the Data Models
ACs Terminated by One or Multiple Customer Edges (CEs) depicts two target topology flavors that involve ACs. These topologies have the following characteristics:
  • A Customer Edges (CEs) can be either a physical device or a logical entity. Such logical entity is typically a software component (e.g., a virtual service function that is hosted within the provider's network or a third-party infrastructure). A CE is seen by the network as a peer Service Attachment Point (SAP) .
  • An AC service request may include one or multiple ACs, which may be associated to a single CE or multiple CEs.
  • CEs may be either dedicated to one single connectivity service or host multiple connectivity services (e.g., CEs with roles of service functions ).
  • A network provider may bind a single AC to one or multiple peer SAPs (e.g., CE#1 and CE#2 are tagged as peer SAPs for the same AC). For example, and as discussed in , multiple CEs can be attached to a PE over the same attachment circuit. This scenario is typically implemented when the Layer 2 infrastructure between the CE and the network is a multipoint service.
  • A single CE may terminate multiple ACs, which can be associated with the same bearer or distinct bearers.
  • Customers may request protection schemes in which the ACs associated with their endpoints are terminated by the same PE (e.g., CE#3), distinct PEs (e.g., CE#34), etc. The network provider uses this request to decide where to terminate the AC in the network provider network and also whether to enable specific capabilities (e.g., Virtual Router Redundancy Protocol (VRRP)).
Examples of ACs AC CE#1 AC CE#3 AC Network CE#2 AC CE#4 AC
Separate AC Provisioning vs. Actual VPN Service Provisioning The procedure to provision a service in a service provider network may depend on the practices adopted by a service provider. This includes the flow put in place for the provisioning of advanced network services and how they are bound to an attachment circuit. For example, a single attachment circuit may be used to host multiple connectivity services. In order to avoid service interference and redundant information in various locations, a service provider may expose an interface to manage ACs network-wide. Customers can then request a bearer or an attachment circuit to be put in place, and then refer to that bearer or AC when requesting VPN services that are bound to the bearer or AC. shows the positioning of the AC service model is the overall service delivery process.
An Example of AC Model Usage Customer Customer Service Model e.g., slice-svc, ac-svc, and bearer-svc Service Orchestration Network Model e.g., l3vpn-ntw, sap, and ac-ntw Network Orchestration Network Configuration Model Domain Domain Orchestration Orchestration Device Configuration Model Config Manager NETCONF/CLI................ . | Bearer Bearer CE#1 Network CE#2 Site A Site B
Module Tree Structure specifies that a "site-network-access" attachment is achieved through a "bearer" with an "ip-connection" on top. From that standpoint, a "site-network-access" is mapped to an attachment circuit with both Layer 2 and 3 properties as per . specifies that a "site-network-access" represents an logical layer 2 connection to a site. A "site-network-access" can thus be mapped to an attachment circuit with Layer 2 properties . Similarly, "vpn-network-access" defined in both and is mapped to an attachment circuit as per or . As such, ACs created using the "ietf-ac-svc" module can be referenced in other VPN-related modules (e.g., L2SM, L3SM, L2NM, and L3NM). Also, ACs managed using "ietf-ac-ntw" can be referenced in VPN-related network modules (mainly, L2NM and L3NM). The required augmentations to that aim as shown in .
AC Glue Tree Structure
When an AC is referenced within a specific network access, then that AC information takes precedence over any overlapping information that is also enclosed for this network access.
  • This approach is consistent with the design in where an AC service reference, called 'ac-svc-name', is used to indicate the names of AC services. As per , when both 'ac-svc-name' and the attributes of 'attachment-circuits' are defined, the 'ac-svc-name' takes precedence.
The module includes provisions to reference AC within or outside an VPN network access to accommodate deployment contexts where an AC reference may be created before or after a VPN instance is created. illustrates how an AC reference can be enclosed as part of a specific VPN network access, while shows how AC references can be indicated outside individual VPN network access entries.
The AC Glue ("ietf-ac-glue") YANG Module WG List: Editor: Mohamed Boucadair Author: Richard Roberts Author: Samier Barguil Author: Oscar Gonzalez de Dios "; description "This YANG module defines a YANG model for augmenting the LxSM and the LxNM with attachment circuit references. Copyright (c) 2023 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision 2023-11-13 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for Augmenting VPN Service and Network Models with Attachment Circuits"; } feature ac-glue { description "The VPN implementation supports binding a specific VPN network access or site access to an attachment circuit."; } grouping single-ac-svc-ref { description "A grouping with single reference to a service AC."; leaf ac-svc-ref { type ac-svc:attachment-circuit-reference; description "A reference to the AC as exposed at the service that was provisionned using the ACaaS module."; } } grouping single-ac-svc-ntw-ref { description "A grouping with single AC references."; leaf ac-svc-ref { type ac-svc:attachment-circuit-reference; description "A reference to the AC as exposed at the service that was provisionned using the ACaaS module."; } leaf ac-ntw-ref { type ac-ntw:attachment-circuit-reference; description "A reference to the AC that was provisionned using the AC network module."; } } grouping ac-svc-ref { description "A set of service-specific AC-related data."; leaf-list ac-svc-ref { type ac-svc:attachment-circuit-reference; description "A reference to the AC as exposed at the service that was provisionned using the ACaaS module."; } } grouping ac-svc-ntw-ref { description "A set of AC-related data."; leaf-list ac-svc-ref { type ac-svc:attachment-circuit-reference; description "A reference to the AC as exposed at the service that was provisionned using the ACaaS module."; } leaf-list ac-ntw-ref { type ac-ntw:attachment-circuit-reference; description "A reference to the AC that was provisionned using the AC network module."; } } augment "/l2vpn-svc:l2vpn-svc" + "/l2vpn-svc:sites/l2vpn-svc:site" + "/l2vpn-svc:site-network-accesses" { description "Augments VPN site network access with AC provisioning details."; uses ac-svc-ref; } augment "/l2vpn-svc:l2vpn-svc" + "/l2vpn-svc:sites/l2vpn-svc:site" + "/l2vpn-svc:site-network-accesses" + "/l2vpn-svc:site-network-access" { if-feature "ac-glue"; description "Augments VPN site network access with a reference to a service AC."; uses single-ac-svc-ref; } augment "/l3vpn-svc:l3vpn-svc" + "/l3vpn-svc:sites/l3vpn-svc:site" + "/l3vpn-svc:site-network-accesses" { description "Augments VPN network access with AC provisioning details."; uses ac-svc-ref; } augment "/l3vpn-svc:l3vpn-svc" + "/l3vpn-svc:sites/l3vpn-svc:site" + "/l3vpn-svc:site-network-accesses" + "/l3vpn-svc:site-network-access" { if-feature "ac-glue"; description "Augments VPN site network access with a reference to a service AC."; uses single-ac-svc-ref; } augment "/l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service" + "/l2nm:vpn-nodes/l2nm:vpn-node" + "/l2nm:vpn-network-accesses" { description "Augments VPN network access with AC provisioning details."; uses ac-svc-ntw-ref; } augment "/l2nm:l2vpn-ntw/l2nm:vpn-services/l2nm:vpn-service" + "/l2nm:vpn-nodes/l2nm:vpn-node" + "/l2nm:vpn-network-accesses" + "/l2nm:vpn-network-access" { if-feature "ac-glue"; description "Augments VPN network access with service and network references to an AC."; uses single-ac-svc-ntw-ref; } augment "/l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service" + "/l3nm:vpn-nodes/l3nm:vpn-node" + "/l3nm:vpn-network-accesses" { description "Augments VPN network access with AC provisioning details."; uses ac-svc-ntw-ref; } augment "/l3nm:l3vpn-ntw/l3nm:vpn-services/l3nm:vpn-service" + "/l3nm:vpn-nodes/l3nm:vpn-node" + "/l3nm:vpn-network-accesses" + "/l3nm:vpn-network-access" { if-feature "ac-glue"; description "Augments VPN network access with service and network references to an AC."; uses single-ac-svc-ntw-ref; } } ]]>
Security Considerations The YANG module specified in this document defines schema for data that is designed to be accessed via network management protocols such as NETCONF or RESTCONF . The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) . The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS . The Network Configuration Access Control Model (NACM) provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) and delete operations to these data nodes without proper protection or authentication can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/ vulnerability in the "ietf-ac-glue" module:
'ac-svc-ref' and 'ac-ntw-ref':
An attacker who is able to access network nodes can undertake various attacks, such as deleting a running VPN service, interrupting all the traffic of a client. Specifically, an attacker may modify (including delete) the ACs that are bound to a running service, leading to malfunctioning of the service and therefore to Service Level Agreement (SLA) violations. : Such activity can be detected by adequately monitoring and tracking network configuration changes.
Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability in the "ietf-ac-glue" module:
'ac-svc-ref' and 'ac-ntw-ref':
These references do not expose per se privacy-related information, however 'ac-svc-ref' may be used to track the set of VPN instances in which a given customer is involved.
Note that, unlike 'ac-svc-ref', 'ac-ntw-ref' is unique within the scope of a node and may multiplex many peer CEs.
IANA Considerations IANA is requested to register the following URI in the "ns" subregistry within the "IETF XML Registry" : IANA is requested to register the following YANG module in the "YANG Module Names" registry within the "YANG Parameters" registry group:
References Normative References YANG Data Models for 'Attachment Circuits'-as-a-Service (ACaaS) Orange Juniper Telefonica Nokia Huawei Technologies This document specifies a YANG service data model for Attachment Circuits (ACs). This model can be used for the provisioning of ACs before or during service provisioning (e.g., Network Slice Service). The document also specifies a service model for managing bearers over which ACs are established. Also, the document specifies a set of reusable groupings. Whether other service models reuse structures defined in the AC models or simply include an AC reference is a design choice of these service models. Utilizing the AC service model to manage ACs over which a service is delivered has the advantage of decoupling service management from upgrading AC components to incorporate recent AC technologies or features. A YANG Data Model for Layer 2 Virtual Private Network (L2VPN) Service Delivery This document defines a YANG data model that can be used to configure a Layer 2 provider-provisioned VPN service. It is up to a management system to take this as an input and generate specific configuration models to configure the different network elements to deliver the service. How this configuration of network elements is done is out of scope for this document. The YANG data model defined in this document includes support for point-to-point Virtual Private Wire Services (VPWSs) and multipoint Virtual Private LAN Services (VPLSs) that use Pseudowires signaled using the Label Distribution Protocol (LDP) and the Border Gateway Protocol (BGP) as described in RFCs 4761 and 6624. The YANG data model defined in this document conforms to the Network Management Datastore Architecture defined in RFC 8342. YANG Data Model for L3VPN Service Delivery This document defines a YANG data model that can be used for communication between customers and network operators and to deliver a Layer 3 provider-provisioned VPN service. This document is limited to BGP PE-based VPNs as described in RFCs 4026, 4110, and 4364. This model is intended to be instantiated at the management system to deliver the overall service. It is not a configuration model to be used directly on network elements. This model provides an abstracted view of the Layer 3 IP VPN service configuration components. It will be up to the management system to take this model as input and use specific configuration models to configure the different network elements to deliver the service. How the configuration of network elements is done is out of scope for this document. This document obsoletes RFC 8049; it replaces the unimplementable module in that RFC with a new module with the same name that is not backward compatible. The changes are a series of small fixes to the YANG module and some clarifications to the text. A YANG Network Data Model for Layer 2 VPNs This document defines an L2VPN Network Model (L2NM) that can be used to manage the provisioning of Layer 2 Virtual Private Network (L2VPN) services within a network (e.g., a service provider network). The L2NM complements the L2VPN Service Model (L2SM) by providing a network-centric view of the service that is internal to a service provider. The L2NM is particularly meant to be used by a network controller to derive the configuration information that will be sent to relevant network devices. Also, this document defines a YANG module to manage Ethernet segments and the initial versions of two IANA-maintained modules that include a set of identities of BGP Layer 2 encapsulation types and pseudowire types. A YANG Network Data Model for Layer 3 VPNs As a complement to the Layer 3 Virtual Private Network Service Model (L3SM), which is used for communication between customers and service providers, this document defines an L3VPN Network Model (L3NM) that can be used for the provisioning of Layer 3 Virtual Private Network (L3VPN) services within a service provider network. The model provides a network-centric view of L3VPN services. The L3NM is meant to be used by a network controller to derive the configuration information that will be sent to relevant network devices. The model can also facilitate communication between a service orchestrator and a network controller/orchestrator. A Network YANG Data Model for Attachment Circuits Orange Juniper Telefonica Nokia Huawei Technologies This document specifies a network model for attachment circuits. The model can be used for the provisioning of attachment circuits prior or during service provisioning (e.g., Network Slice Service). A companion service model is specified in I-D.ietf-opsawg-teas- attachment-circuit. The module augments the Service Attachment Point (SAP) model with the detailed information for the provisioning of attachment circuits in Provider Edges (PEs). Network Management Datastore Architecture (NMDA) Datastores are a fundamental concept binding the data models written in the YANG data modeling language to network management protocols such as the Network Configuration Protocol (NETCONF) and RESTCONF. This document defines an architectural framework for datastores based on the experience gained with the initial simpler model, addressing requirements that were not well supported in the initial model. This document updates RFC 7950. Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Network Configuration Protocol (NETCONF) The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs). This document obsoletes RFC 4741. [STANDARDS-TRACK] RESTCONF Protocol This document describes an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in the Network Configuration Protocol (NETCONF). Using the NETCONF Protocol over Secure Shell (SSH) This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. This document obsoletes RFC 4742. [STANDARDS-TRACK] The Transport Layer Security (TLS) Protocol Version 1.3 This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations. Network Configuration Access Control Model The standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) or the RESTCONF protocol requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF or RESTCONF protocol access for particular users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. This document defines such an access control model. This document obsoletes RFC 6536. The IETF XML Registry This document describes an IANA maintained registry for IETF standards which use Extensible Markup Language (XML) related items such as Namespaces, Document Type Declarations (DTDs), Schemas, and Resource Description Framework (RDF) Schemas. YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF) YANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications. [STANDARDS-TRACK] Informative References YANG Tree Diagrams This document captures the current syntax used in YANG module tree diagrams. The purpose of this document is to provide a single location for this definition. This syntax may be updated from time to time based on the evolution of the YANG language. A YANG Network Data Model for Service Attachment Points (SAPs) This document defines a YANG data model for representing an abstract view of the provider network topology that contains the points from which its services can be attached (e.g., basic connectivity, VPN, network slices). Also, the model can be used to retrieve the points where the services are actually being delivered to customers (including peer networks). This document augments the 'ietf-network' data model defined in RFC 8345 by adding the concept of Service Attachment Points (SAPs). The SAPs are the network reference points to which network services, such as Layer 3 Virtual Private Network (L3VPN) or Layer 2 Virtual Private Network (L2VPN), can be attached. One or multiple services can be bound to the same SAP. Both User-to-Network Interface (UNI) and Network-to-Network Interface (NNI) are supported in the SAP data model. Service Function Chaining (SFC) Architecture This document describes an architecture for the specification, creation, and ongoing maintenance of Service Function Chains (SFCs) in a network. It includes architectural concepts, principles, and components used in the construction of composite services through deployment of SFCs, with a focus on those to be standardized in the IETF. This document does not propose solutions, protocols, or extensions to existing protocols. BGP/MPLS IP Virtual Private Networks (VPNs) This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers' edge routers (CE routers) send their routes to the Service Provider's edge routers (PE routers); there is no "overlay" visible to the customer's routing algorithm, and CE routers at different sites do not peer with each other. Data packets are tunneled through the backbone, so that the core routers do not need to know the VPN routes. [STANDARDS-TRACK] A YANG Data Model for the IETF Network Slice Service Huawei Technologies Huawei Technologies Ciena Cisco Systems, Inc Cisco Systems, Inc This document defines a YANG data model for the IETF Network Slice Service. The model can be used in the IETF Network Slice Service interface between a customer and a provider that offers IETF Network Slice Services. Framework for Layer 2 Virtual Private Networks (L2VPNs) This document provides a framework for Layer 2 Provider Provisioned Virtual Private Networks (L2VPNs). This framework is intended to aid in standardizing protocols and mechanisms to support interoperable L2VPNs. This memo provides information for the Internet community.
Examples
A Service AC Reference within The VPN Network Access Let's consider the example depicted in which is inspired from . Each PE is servicing two CEs. Let's also assume that service references to the identify attachment circuits with these CEs are shown in the figure.
VPWS Topology Example
As shown in , the service AC references can be explicitly indicated in the L2NM query for the realization of the Virtual Private Wire Service (VPWS) ).
Example of VPWS Creation with AC Service References
Network and Service AC References Let's consider the example depicted in with two customer terminating points (CE1 and CE2). Let's also assume that the bearers to attach these CEs to the provider network are already in place. References to the identify these bearers are shown in the figure.
Topology Example
The AC service model can be used by the provider to manage and expose the ACs over existing bearers as shown in .
ACs Created Using ACaaS
Let's now consider that the customer wants to request a VPLS service between the sites as shown in .
Example of VPLS
To that aim, existing ACs are referenced during the creation of the VPLS instance using the L2NM and the "ietf-ac-glue" as shown in .
Example of a VPLS Request Using L2NM and AC Glue (Message Body)
Note that before implementing the VPLS creation request, the provider service orchestrator may first check if the VPLS service can be provided to the customer using the target delivery locations. The orchestrator will use the SAP model as exemplified in . This example assumes that the query concerns only PE1. A similar query can be issued for PE2.
Example of SAP Response (Message Body)
The response in indicates that the VPLS service can be delivered to CE1. can be also used to access AC-related details that are bound to the target SAP ().
Example of AC Network Response (Message Body)
Acknowledgments Thanks to Bo Wu for the review and comments.