draft-ietf-softwire-dslite-yang-07.txt   draft-ietf-softwire-dslite-yang-08.txt 
Network Working Group M. Boucadair Network Working Group M. Boucadair
Internet-Draft C. Jacquenet Internet-Draft C. Jacquenet
Intended status: Standards Track Orange Intended status: Standards Track Orange
Expires: April 12, 2018 S. Sivakumar Expires: May 16, 2018 S. Sivakumar
Cisco Systems Cisco Systems
October 9, 2017 November 12, 2017
YANG Data Modules for the DS-Lite YANG Data Modules for Dual-Stack Lite (DS-Lite)
draft-ietf-softwire-dslite-yang-07 draft-ietf-softwire-dslite-yang-08
Abstract Abstract
This document defines YANG modules for the DS-Lite Address Family This document defines YANG modules for the DS-Lite Address Family
Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements . Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements.
Editorial Note (To be removed by RFC Editor)
Please update these statements with the RFC number to be assigned to
this document:
o "This version of this YANG module is part of RFC XXXX;"
o "RFC XXXX: YANG Data Modules for Dual-Stack Lite (DS-Lite)";
o "reference: RFC XXXX"
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 12, 2018. This Internet-Draft will expire on May 16, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 4
2. DS-Lite YANG Modules: An Overview . . . . . . . . . . . . . . 4 2. DS-Lite YANG Modules: An Overview . . . . . . . . . . . . . . 4
3. DS-Lite AFTR YANG Module . . . . . . . . . . . . . . . . . . 7 3. DS-Lite AFTR YANG Module . . . . . . . . . . . . . . . . . . 7
4. DS-Lite B4 YANG Module . . . . . . . . . . . . . . . . . . . 13 4. DS-Lite B4 YANG Module . . . . . . . . . . . . . . . . . . . 12
5. Security Considerations . . . . . . . . . . . . . . . . . . . 16 5. Security Considerations . . . . . . . . . . . . . . . . . . . 15
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
8.1. Normative references . . . . . . . . . . . . . . . . . . 17 8.1. Normative references . . . . . . . . . . . . . . . . . . 17
8.2. Informative references . . . . . . . . . . . . . . . . . 18 8.2. Informative references . . . . . . . . . . . . . . . . . 18
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 20 Appendix A. B4 Example . . . . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 Appendix B. AFTR Examples . . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction 1. Introduction
This document defines data models for DS-Lite [RFC6333], using the This document defines data models for DS-Lite [RFC6333], using the
YANG data modeling language [RFC7950]. Both the Address Family YANG data modeling language [RFC7950]. Both the Address Family
Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements
are covered by this specification. As a reminder, Figure 1 are covered by this specification.
illustrates an overview of the DS-Lite architecture that involves
AFTR and B4 elements. As a reminder, Figure 1 illustrates an overview of the DS-Lite
architecture that involves AFTR and B4 elements.
+-----------+ +-----------+
| Host | | Host |
+-----+-----+ +-----+-----+
|10.0.0.1 |192.0.2.1
| |
| |
|10.0.0.2 |192.0.2.2
+---------|---------+ +---------|---------+
| | | | | |
| Home router | | Home router |
|+--------+--------+| |+--------+--------+|
|| B4 || || B4 ||
|+--------+--------+| |+--------+--------+|
+--------|||--------+ +--------|||--------+
|||2001:db8:0:1::1 |||2001:db8:0:1::1
||| |||
|||<-IPv4-in-IPv6 softwire |||<-IPv4-in-IPv6 softwire
skipping to change at page 3, line 38 skipping to change at page 3, line 38
||| |||
|||2001:db8:0:2::1 |||2001:db8:0:2::1
+--------|||--------+ +--------|||--------+
| AFTR | | AFTR |
|+--------+--------+| |+--------+--------+|
|| Concentrator || || Concentrator ||
|+--------+--------+| |+--------+--------+|
| |NAT| | | |NAT| |
| +-+-+ | | +-+-+ |
+---------|---------+ +---------|---------+
|192.0.2.1 |198.51.100.1
| |
--------|-------- --------|--------
/ | \ / | \
| Internet | | Internet |
\ | / \ | /
--------|-------- --------|--------
| |
|198.51.100.1 |203.0.113.1
+-----+-----+ +-----+-----+
| IPv4 Host | | IPv4 Host |
+-----------+ +-----------+
Figure 1: DS-Lite Base Architecture Figure 1: DS-Lite Base Architecture
DS-Lite deployment considerations are discussed in [RFC6908]. DS-Lite deployment considerations are discussed in [RFC6908].
This document follows the guidelines of [RFC6087], uses the common This document follows the guidelines of [RFC6087], uses the common
YANG types defined in [RFC6991], and adopts Network Management YANG types defined in [RFC6991], and adopts the Network Management
Datastore Architecture (NMDA). Datastore Architecture (NMDA).
1.1. Terminology 1.1. Terminology
This document makes use of the terms defined in Section 3 of This document makes use of the terms defined in Section 3 of
[RFC6333]. [RFC6333].
The terminology for describing YANG data modules is defined in The terminology for describing YANG data modules is defined in
[RFC7950]. [RFC7950].
The meaning of the symbols in tree diagrams is defined in 1.2. Tree Diagrams
[I-D.ietf-netmod-yang-tree-diagrams].
The meaning of the symbols in these diagrams is as follows:
o Brackets "[" and "]" enclose list keys.
o Curly braces "{" and "}" contain names of optional features that
make the corresponding node conditional.
o Abbreviations before data node names: "rw" means configuration
(read-write), "ro" state data (read-only).
o Symbols after data node names: "?" means an optional node, "!" a
container with presence, and "*" denotes a "list" or "leaf-list".
o Parentheses enclose choice and case nodes, and case nodes are also
marked with a colon (":").
o Ellipsis ("...") stands for contents of subtrees that are not
shown.
2. DS-Lite YANG Modules: An Overview 2. DS-Lite YANG Modules: An Overview
As shown in Figure 1: As shown in Figure 1:
o The AFTR element is a combination of an IPv4-in-IPv6 o The AFTR element is a combination of an IPv4-in-IPv6 tunnel and a
encapsualtion/decapsulation function and a NAT function. NAPT function (Section 2.2 of [RFC3022]).
o The B4 element is an IPv4-in-IPv6 encapsulation function. o The B4 element is an IPv4-in-IPv6 tunnel.
Therefore, the AFTR YANG module is designed to augment both the Therefore, the AFTR YANG module is designed to augment both the
Interfaces YANG module [RFC7223] and the NAT YANG module Interfaces YANG module [RFC7223] and the NAT YANG module
[I-D.ietf-opsawg-nat-yang] with DS-Lite specific features. The B4 [I-D.ietf-opsawg-nat-yang] with DS-Lite specific features. The B4
YANG module augments the interfaces YANG module. YANG module augments the interfaces YANG module.
Concretely, the AFTR YANG module (Figure 2) augments the Interfaces Concretely, the AFTR YANG module (Figure 2) augments the Interfaces
YANG module with the following: YANG module with the following:
o An IPv6 address used by the AFTR for sending and receiving IPv4- o An IPv6 address used by the AFTR for sending and receiving IPv4-
in-IPv6 packets (aftr-ipv6-address). in-IPv6 packets (aftr-ipv6-address).
o An IPv4 address that is used by the AFTR for troubleshooting o An IPv4 address that is used by the AFTR for troubleshooting
purposes (aftr-ipv4-address): According to [RFC6333], that address purposes (aftr-ipv4-address).
can be used to report ICMP problems and will appear in traceroute
outputs.
o The tunnel MTU to avoid fragmentation (tunnel-mtu): Since using an o The tunnel MTU, used to avoid fragmentation (tunnel-mtu).
IPv4-in-IPv6 encapsulation to carry IPv4 traffic over IPv6 reduces
the effective MTU of the datagram, operators should be able to
increase the MTU size by at least 40 bytes to accommodate both the
IPv6 encapsulation header and the IPv4 datagram without
fragmenting the IPv6 packet (Section 2.2 of [RFC6908]).
o A policy to limit the number of DS-Lite softwires per subscriber o A policy to limit the number of DS-Lite softwires per subscriber
(max-softwire-per-subscriber): This policy aims to prevent a (max-softwire-per-subscriber).
misbehaving subscriber from mounting several DS-Lite softwires
that would consume additional AFTR resources (e.g., get more
external ports if the quota were enforced on a per-softwire basis,
consume extra processing due to a large number of active
softwires) [RFC7785].
o A DSCP marking policy to be followed when encapsulating/ o A policy to instruct the AFTR whether it must preserve DSCP
decapsulating packets (v6-v4-dscp-preservation): Section 2.10 of marking when encapsulating/decapsulating packets (v6-v4-dscp-
[RFC6908] discusses the uniform model which assumes that preservation).
implementations of this model copy the DSCP value to the outer IP
header at encapsulation and copy the outer header's DSCP value to
the inner IP header at decapsulation. Operators should configure
the AFTR so that it copies the DSCP value in the IPv4 header to
the Traffic Class field in the IPv6 header, and vice versa.
In addition, the AFTR YANG module augments the NAT YANG module (nat- In addition, the AFTR YANG module augments the NAT YANG module
policy, in particular) with the following: (policy, in particular) with the following:
o A policy to instruct the AFTR whether a state can be automatically o A policy to instruct the AFTR whether a state can be automatically
migrated (state-migrate): This policy avoids stale mappings at the migrated (state-migrate).
AFTR and minimizes the risk of service disruption for subscribers.
According to [RFC7785], the AFTR should migrate existing state to o Further, in order to prevent a denial-of-service by frequently
be bound to the new IPv6 address in the event a new IPv6 address changing the source IPv6 address, 'b4-address-change-limit' is
is assigned to the B4 element. This operation ensures that used to rate-lmite such changes.
traffic destined to the previous B4's IPv6 address will be
redirected to the newer B4's IPv6 address.
o An instruction to rewrite the TCP Maximum Segment Size (MSS) o An instruction to rewrite the TCP Maximum Segment Size (MSS)
option (mss-clamping) to avoid TCP fragmentation. option (mss-clamping) to avoid TCP fragmentation.
Given that the NAT44 table of the AFTR element is extended to include Given that the NAPT table of the AFTR element is extended to include
the source IPv6 address of incoming packets, the AFTR YANG module the source IPv6 address of incoming packets, the AFTR YANG module
augments the NAT mapping-entry with the following: augments the NAPT44 mapping-entry with the following:
o b4-ipv6-address which is used to record the source IPv6 address of o b4-ipv6-address which is used to record the source IPv6 address of
a packet received from a B4 element. This IPv6 address is a packet received from a B4 element. This IPv6 address is
required to disambiguate between the overlapping IPv4 address required to disambiguate between the overlapping IPv4 address
space of customers. space of subscribers.
o The value of the Traffic Class field in the IPv6 header as o The value of the Traffic Class field in the IPv6 header as
received from a B4 element (v6-dscp): This information is used to received from a B4 element (v6-dscp): This information is used to
preserve DSCP marking when encapsulating/decapsulationg at the preserve DSCP marking when encapsulating/decapsulationg at the
AFTR. AFTR.
o The IPv4 DSCP marking of the IPv4 packet received from a B4 o The IPv4 DSCP marking of the IPv4 packet received from a B4
element (internal-v4-dscp): This information can be used by the element (internal-v4-dscp): This information can be used by the
AFTR fro enforcing the poi AFTR for setting the DSCP of packets relayed to a B4 element.
o The IPv4 DSCP marking as set by the AFTR in its external interface o The IPv4 DSCP marking as set by the AFTR in its external interface
(external-v4-dscp): An AFTR can be instructed to preserve the same (external-v4-dscp): An AFTR can be instructed to preserve the same
marking or to set it to another value when forwarding an IPv4 marking or to set it to another value when forwarding an IPv4
packet upstream. packet upstream.
Access Control List (ACL) and Quality of Service (QoS) policies
discussed in Section 2.5 of [RFC6908] are out of scope. A YANG
module for ACLs is documented in [I-D.ietf-netmod-acl-model].
Likewise, PCP-related considerations discussed in Section 8.5 of
[RFC6333] are out of scope. A YANG module for PCP is documented in
[I-D.boucadair-pcp-yang].
module: ietf-dslite-aftr module: ietf-dslite-aftr
augment /if:interfaces/if:interface: augment /if:interfaces/if:interface:
+--rw aftr-ipv6-address? inet:ipv6-address +--rw aftr-ipv6-address? inet:ipv6-address
+--rw aftr-ipv4-address? inet:ipv4-address +--rw aftr-ipv4-address? inet:ipv4-address
+--rw tunnel-mtu? uint16 +--rw tunnel-mtu? uint16
+--rw max-softwire-per-subscriber? uint8 +--rw max-softwire-per-subscriber? uint8
+--rw v6-v4-dscp-preservation? boolean +--rw v6-v4-dscp-preservation? boolean
augment /nat:nat-module/nat:nat-instances/nat:nat-instance/nat:nat-policy: augment /nat:nat/nat:instances/nat:instance/nat:policy:
+--rw state-migrate? boolean +--rw state-migrate? boolean
+--rw b4-address-change-limit? uint32
+--rw mss-clamping +--rw mss-clamping
+--rw mss-clamping-enable? boolean +--rw enable? boolean
+--rw mss-value? uint16 +--rw mss-value? uint16
augment /nat:nat-module/nat:nat-instances/nat:nat-instance/nat:mapping-table/nat:mapping-entry: augment /nat:nat/nat:instances/nat:instance/nat:mapping-table/nat:mapping-entry:
+--rw b4-ipv6-address? inet:ipv6-address +--rw b4-ipv6-address? inet:ipv6-address
+--rw v6-dscp? uint8 +--rw v6-dscp? uint8
+--rw internal-v4-dscp? uint8 +--rw internal-v4-dscp? uint8
+--rw external-v4-dscp? uint8 +--rw external-v4-dscp? uint8
Figure 2: YANG Module for DS-Lite AFTR Figure 2: YANG Module for DS-Lite AFTR
Examples to illustrate the use of this module are provided in Examples to illustrate the use of this module are provided in
Appendix A. Appendix B.
The B4 YANG module (Figure 3) augments the Interfaces YANG module The B4 YANG module (Figure 3) augments the Interfaces YANG module
with the following: with the following:
o An IPv6 address used by a B4 element for sending and receiving o An IPv6 address used by a B4 element for sending and receiving
IPv4-in-IPv6 packets (b4-ipv6-address). IPv4-in-IPv6 packets (b4-ipv6-address).
o The IPv6 address of the AFTR to use by a B4 element (aftr- o The IPv6 address of the AFTR to use by a B4 element (aftr-
ipv6-addr). ipv6-addr).
o An IPv4 address that is used by a B4 element for troubleshooting o An IPv4 address that is used by a B4 element for troubleshooting
purposes (b4-ipv4-address). purposes (b4-ipv4-address).
o The tunnel MTU at the B4 side to avoid fragmentation (tunnel-mtu). o The tunnel MTU at the B4 side to avoid fragmentation (tunnel-mtu).
o An instruction whether DSCP marking is to preserved when o An instruction whether DSCP marking is to be preserved when
encapsulating an IPv4 packet in an IPv6 packet (v6-v4-dscp- encapsulating an IPv4 packet in an IPv6 packet (v6-v4-dscp-
preservation). preservation).
module: ietf-dslite-b4 module: ietf-dslite-b4
augment /if:interfaces/if:interface: augment /if:interfaces/if:interface:
+--rw b4-ipv6-address? inet:ipv6-address +--rw b4-ipv6-address? inet:ipv6-address
+--rw aftr-ipv6-addr? inet:ipv6-address +--rw aftr-ipv6-addr? inet:ipv6-address
+--rw b4-ipv4-address? inet:ipv4-address +--rw b4-ipv4-address? inet:ipv4-address
+--rw tunnel-mtu? uint16 +--rw tunnel-mtu? uint16
+--rw v6-v4-dscp-preservation? boolean +--rw v6-v4-dscp-preservation? boolean
Figure 3: YANG Module for DS-Lite B4 Figure 3: YANG Module for DS-Lite B4
PCP-related considerations are out of scope of the document. A YANG An example to illustrate the use of this module is provided in
module for PCP is documented in [I-D.boucadair-pcp-yang]. Appendix A.
3. DS-Lite AFTR YANG Module 3. DS-Lite AFTR YANG Module
<CODE BEGINS> file "ietf-dslite-aftr@2017-10-09.yang" <CODE BEGINS> file "ietf-dslite-aftr@2017-11-13.yang"
module ietf-dslite-aftr {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-dslite-aftr";
prefix dslite-aftr;
import ietf-inet-types { prefix inet; }
import ietf-interfaces { prefix if; }
import iana-if-type { prefix ianaift; }
import ietf-nat {prefix nat;}
organization "Softwire Working Group";
contact
"Mohamed Boucadair <mohamed.boucadair@orange.com>
Christian Jacquenet <christian.jacquenet@orange.com>
Senthil Sivakumar <ssenthil@cisco.com>";
description
"This module is a YANG module for DS-Lite AFTR
implementations.
Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or module ietf-dslite-aftr {
without modification, is permitted pursuant to, and subject yang-version 1.1;
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see namespace "urn:ietf:params:xml:ns:yang:ietf-dslite-aftr";
the RFC itself for full legal notices."; prefix dslite-aftr;
revision 2017-10-09 { import ietf-inet-types { prefix inet; }
description "Early yangdoctors review."; import ietf-interfaces { prefix if; }
reference "-ietf-07"; import iana-if-type { prefix ianaift; }
} import ietf-nat {prefix nat;}
revision 2017-08-10 { organization "IETF Softwire Working Group";
description "The module augments also the Interface module.";
reference "-ietf-04";
}
revision 2017-07-27 { contact
description "Redesign the module as an augment of the NAT YANG module.";
reference "-ietf-04";
}
revision 2017-07-03 { "WG Web: <https://datatracker.ietf.org/wg/softwire/>
description "Fix some minor points."; WG List: <mailto:softwires@ietf.org>
reference "-ietf-03";
}
revision 2017-01-03 { WG Chair: Ian Farrer
description "Fixed a compilation error: <mailto:ianfarrer@gmx.com>
https://github.com/mbj4668/pyang/issues/296.";
reference "-ietf-02";
}
revision 2016-11-14 { WG Chair: Yong Cui
description "Integrates the comments from Ian: <mailto:cuiyong@tsinghua.edu.cn>
add B4 module, add an MSS leaf, add more details about
logging protocols, and other edits.";
reference "-ietf-01";
}
revision 2016-07-27 { Editor: Mohamed Boucadair
description "-00 IETF version."; <mailto:mohamed.boucadair@orange.com>
reference "-ietf-00";
}
revision 2016-06-13 { Editor: Christian Jacquenet
description "Update the module."; <mailto:christian.jacquenet@orange.com>
reference "-04";
} Editor: Senthil Sivakumar
<mailto:ssenthil@cisco.com>";
revision 2015-12-16 { description
description "Fix an error."; "This module is a YANG module for DS-Lite AFTR
reference "-03"; implementations.
}
revision 2015-09-01 { Copyright (c) 2017 IETF Trust and the persons identified as
description "Add port threshold notifications."; authors of the code. All rights reserved.
reference "-02";
}
revision 2015-08-31 { Redistribution and use in source and binary forms, with or
description "Fix a timeout issue."; without modification, is permitted pursuant to, and subject
reference "-01"; to the license terms contained in, the Simplified BSD License
} set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
revision 2015-08-17 { This version of this YANG module is part of RFC XXXX; see
description "First spec."; the RFC itself for full legal notices.";
reference "-00";
}
// Augment Interface module with DS-Lite Softwire revision 2017-11-13 {
description
"Initial revision.";
reference
"RFC XXXX: YANG Data Modules for Dual-Stack Lite (DS-Lite)";
}
augment "/if:interfaces/if:interface" { augment "/if:interfaces/if:interface" {
when "if:type = 'ianaift:tunnel'"; when "if:type = 'ianaift:tunnel'";
description description
"Augments Interface module with AFTR parameters. "Augments Interface module with AFTR parameters.
IANA interface types are maintained at this registery: IANA interface types are maintained at this registry:
https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib. https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib.
tunnel (131), -- Encapsulation interface"; tunnel (131), -- Encapsulation interface";
leaf aftr-ipv6-address { leaf aftr-ipv6-address {
type inet:ipv6-address; type inet:ipv6-address;
description
description "IPv6 address of the DS-Lite AFTR.";
"IPv6 address of the DS-Lite AFTR."; reference
"RFC 6333: Dual-Stack Lite Broadband Deployments Following
reference IPv4 Exhaustion";
"RFC 6333.";
}
leaf aftr-ipv4-address {
type inet:ipv4-address;
default "192.0.0.1";
description
"IPv4 address of the DS-Lite AFTR.
192.0.0.1 is reserved for the AFTR element.
This address can be used to report ICMP
problems and will appear in traceroute
outputs.";
reference
"RFC 6333.";
}
leaf tunnel-mtu {
type uint16;
description
"Configures a tunnel MTU.
[RFC6908] specifies that since
fragmentation and reassembly is not
optimal, the operator should do
everything possible to eliminate
the need for it. If the operator uses
simple IPv4-in-IPv6 softwire, it is
recommended that the MTU size of the IPv6
network between the B4 and the AFTR
accounts for the additional overhead
(40 bytes).";
reference
"RFC 6908.";
}
leaf max-softwire-per-subscriber {
type uint8;
default 1;
description }
"Configures the maximum softwires per subscriber
feature.
A subscriber is uniquely identified by means leaf aftr-ipv4-address {
of subscriber-mask. type inet:ipv4-address;
default "192.0.0.1";
description
"IPv4 address of the DS-Lite AFTR.
This policy aims to prevent a misbehaving 192.0.0.1 is reserved for the AFTR element.
subscriber from mounting several DS-Lite
softwires that would consume additional AFTR
resources (e.g., get more external ports if
the quota were enforced on a per-softwire basis,
consume extra processing due to a large number
of active softwires).";
reference This address can be used to report ICMP problems and will
"Section 4 of RFC 7785."; appear in traceroute outputs.";
} reference
"RFC 6333: Dual-Stack Lite Broadband Deployments Following
IPv4 Exhaustion";
}
leaf v6-v4-dscp-preservation { leaf tunnel-mtu {
type boolean; type uint16;
description
"Configures a tunnel MTU.
[RFC6908] specifies that since fragmentation and reassembly
is not optimal, the operator should do everything possible
to eliminate the need for it. If the operator uses simple
IPv4-in-IPv6 softwire, it is recommended that the MTU size
of the IPv6 network between the B4 and the AFTR accounts for
the additional overhead (40 bytes).";
reference
"RFC 6908: Deployment Considerations for Dual-Stack Lite";
}
description leaf max-softwire-per-subscriber {
"Copies the DSCP value from the IPv6 header type uint8;
and vice versa. default 1;
description
"Configures the maximum softwires per subscriber feature.
According to Section 2.10 of [RFC6908], A subscriber is uniquely identified by means
operators should use this model of subscriber-mask.
by provisioning the network such that
the AFTR copies the DSCP value in the IPv4
header to the Traffic Class field in
the IPv6 header, after the encapsulation
for the downstream traffic.";
reference This policy aims to prevent a misbehaving subscriber from
"Section 2.10 of RFC 6908."; mounting several DS-Lite softwires that would consume
} additional AFTR resources (e.g., get more external ports
} if the quota were enforced on a per-softwire basis,
consume extra processing due to a large number of active
softwires).";
// Augment NAT module with AFTR parameters reference
"Section 4 of RFC 7785.";
}
augment "/nat:nat-module/nat:nat-instances/"+ leaf v6-v4-dscp-preservation {
"nat:nat-instance/nat:nat-policy" { type boolean;
description
"Copies the DSCP value from the IPv6 header and vice versa.
when "../nat:nat-capabilities/nat:nat-flavor = 'nat:nat44'"; According to Section 2.10 of [RFC6908], operators should
use this model by provisioning the network such that the AFTR
copies the DSCP value in the IPv4 header to the Traffic Class
field in the IPv6 header, after the encapsulation for
the downstream traffic.";
reference
"Section 2.10 of RFC 6908.";
}
}
augment "/nat:nat/nat:instances/"+
"nat:instance/nat:policy" {
description description
"Augments the NAT44 module with AFTR parameters."; "Augments the NAPT44 module with AFTR parameters.";
leaf state-migrate { leaf state-migrate {
type boolean; type boolean;
default true; default true;
description
"State migration is enabled by default.
description In the event a new IPv6 address is assigned to the B4 element,
"State migration is enabled by default. the AFTR should migrate existing state to be bound to the new
IPv6 address. This operation ensures that traffic destined to
the previous B4's IPv6 address will be redirected to the newer
B4's IPv6 address. The destination IPv6 address for tunneling
return traffic from the AFTR should be the last seen as the B4's
IPv6 source address from the CPE.
In the event a new IPv6 address is assigned to the B4 element, The AFTR uses the subscriber-mask to determine whether two
the AFTR should migrate existing state to be bound to the new IPv6 addresses belong to the same CPE (e.g., if the
IPv6 address. This operation ensures that traffic destined to subscriber-mask is set to 56, the AFTR concludes that
the previous B4's IPv6 address will be redirected to the newer 2001:db8:100:100::1 and 2001:db8:100:100::2 belong to the same
B4's IPv6 address. The destination IPv6 address for tunneling CPE assigned with 2001:db8:100:100::/56).";
return traffic from the AFTR should be the last seen as the B4's
IPv6 source address from the CPE.
The AFTR uses the subscriber-mask to determine whether two reference
IPv6 addresses belong to the same CPE (e.g., if the "RFC 7785: Recommendations for Prefix Binding in the Context
subscriber-mask is set to 56, the AFTR concludes that of Softwire Dual-Stack Lite";
2001:db8:100:100::1 and 2001:db8:100:100::2 belong to the same }
CPE assigned with 2001:db8:100:100::/56)."; leaf b4-address-change-limit {
type uint32;
units "seconds";
default '1800';
description
"Minimum number of seconds between successive B4's IPv6 address
change from the same prefix.
reference Changing the source B4's IPv6 address may be used as an attack
"RFC 7785."; vector. Packets with a new B4's IPv6 address from the same
} prefix should be rate-limited.
container mss-clamping { It is recommended to set this rate limit to 30 minutes; other
description values can be set on a per-deployment basis.";
"MSS rewriting configuration to avoid IPv6
fragmentation.";
leaf mss-clamping-enable { reference
type boolean; "RFC 7785: Recommendations for Prefix Binding in the Context
of Softwire Dual-Stack Lite";
}
description container mss-clamping {
"Enable/disable MSS rewriting feature."; description
} "MSS rewriting configuration to avoid IPv6 fragmentation.";
leaf mss-value { leaf enable {
type uint16; type boolean;
units "octets"; description
"Enable/disable MSS rewriting feature.";
}
description leaf mss-value {
"Sets the MSS value to be used for type uint16;
MSS rewriting."; units "octets";
} description
"Sets the MSS value to be used for MSS rewriting.";
} }
} }
}
// Augment NAT mapping entry: Extended NAT44 mapping Entry augment "/nat:nat/nat:instances/nat:instance/"+
"nat:mapping-table/nat:mapping-entry"{
description
"Augments the NAPT44 mapping table with DS-Lite specifics.";
augment "/nat:nat-module/nat:nat-instances/nat:nat-instance/"+ leaf b4-ipv6-address {
"nat:mapping-table/nat:mapping-entry"{ type inet:ipv6-address;
description
"Corresponds to the IPv6 address used by the B4 element.";
when "../../nat:nat-capabilities/nat:nat-flavor = 'nat:nat44'"; reference
"RFC 6333: Dual-Stack Lite Broadband Deployments Following
IPv4 Exhaustion";
}
description leaf v6-dscp {
"Augments the NAT44 mapping table with DS-Lite specifics."; when "/if:interfaces/if:interface/" +
"dslite-aftr:v6-v4-dscp-preservation='true'";
type uint8;
description
"DSCP value used at the softwire level (i.e., IPv6 header).";
}
leaf b4-ipv6-address { leaf internal-v4-dscp {
type inet:ipv6-address; when "/if:interfaces/if:interface/" +
"dslite-aftr:v6-v4-dscp-preservation='true'";
type uint8;
description
"DSCP value of the encapsulated IPv4 packet.";
}
description leaf external-v4-dscp {
"Corresponds to the IPv6 address when "/if:interfaces/if:interface/" +
used by the B4 element."; "dslite-aftr:v6-v4-dscp-preservation='true'";
type uint8;
description
"DSCP value of the translated IPv4 packet as marked by
the AFTR.";
}
}
}
<CODE ENDS>
reference 4. DS-Lite B4 YANG Module
"RFC 6333.";
}
leaf v6-dscp { <CODE BEGINS> file "ietf-dslite-b4@2017-11-13.yang"
type uint8;
description module ietf-dslite-b4 {
"DSCP value used at the softwire level yang-version 1.1;
(i.e., IPv6 header)."; namespace "urn:ietf:params:xml:ns:yang:ietf-dslite-b4";
} prefix dslite-b4;
leaf internal-v4-dscp { import ietf-inet-types { prefix inet; }
type uint8; import ietf-interfaces { prefix if; }
import iana-if-type { prefix ianaift; }
description organization "IETF Softwire Working Group";
"DSCP value of the encapsulated IPv4 packet."; contact
}
leaf external-v4-dscp { "WG Web: <https://datatracker.ietf.org/wg/softwire/>
type uint8; WG List: <mailto:softwires@ietf.org>
description WG Chair: Ian Farrer
"DSCP value of the translated IPv4 packet <mailto:ianfarrer@gmx.com>
as marked by the AFTR.";
}
}
}
<CODE ENDS>
4. DS-Lite B4 YANG Module WG Chair: Yong Cui
<mailto:cuiyong@tsinghua.edu.cn>
<CODE BEGINS> file "ietf-dslite-b4@2017-10-09.yang" Editor: Mohamed Boucadair
<mailto:mohamed.boucadair@orange.com>
module ietf-dslite-b4 { Editor: Christian Jacquenet
yang-version 1.1; <mailto:christian.jacquenet@orange.com>
namespace "urn:ietf:params:xml:ns:yang:ietf-dslite-b4";
prefix dslite-b4;
import ietf-inet-types { prefix inet; } Editor: Senthil Sivakumar
import ietf-interfaces { prefix if; } <mailto:ssenthil@cisco.com>";
import iana-if-type { prefix ianaift; }
organization "Softwire Working Group";
contact
"Mohamed Boucadair <mohamed.boucadair@orange.com>
Christian Jacquenet <christian.jacquenet@orange.com>
Senthil Sivakumar <ssenthil@cisco.com>";
description description
"This module is a YANG module for DS-Lite B4 implementations. "This module is a YANG module for DS-Lite B4 implementations.
Copyright (c) 2017 IETF Trust and the persons identified as Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision 2017-10-09 { revision 2017-11-13 {
description "Early yangdoctors review."; description
reference "-ietf-07"; "Initial revision.";
} reference
"RFC XXXX: YANG Data Modules for Dual-Stack Lite (DS-Lite)";
}
revision 2017-08-10 { augment "/if:interfaces/if:interface" {
description "Augment the interfaces YANG module."; when "if:type = 'ianaift:tunnel'";
reference "-ietf-05"; description
} "Augments Interface module with B4 parameters.
IANA interface types are maintained at this registry:
revision 2017-07-27 { https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib.
description "Separate B4 from AFTR.";
reference "-ietf-04";
}
// Augment Interface module with DS-Lite Softwire tunnel (131), -- Encapsulation interface";
augment "/if:interfaces/if:interface" { leaf b4-ipv6-address {
when "if:type = 'ianaift:tunnel'"; type inet:ipv6-address;
description
"The IPv6 address used by the B4 element.";
reference
"RFC 6333: Dual-Stack Lite Broadband Deployments Following
IPv4 Exhaustion";
}
description leaf aftr-ipv6-addr {
"Augments Interface module with B4 parameters. type inet:ipv6-address;
IANA interface types are maintained at this registry: description
https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib. "The AFTR's IPv6 address.";
reference
"RFC 6333: Dual-Stack Lite Broadband Deployments Following
IPv4 Exhaustion";
}
tunnel (131), -- Encapsulation interface"; leaf b4-ipv4-address {
type inet:ipv4-address;
default "192.0.0.2";
description
"IPv4 address of the DS-Lite B4.
leaf b4-ipv6-address { 192.0.0.0/29 is reserved for the B4 element.
type inet:ipv6-address;
description This address can be used to report ICMP problems and will
"The IPv6 address used by the B4 element."; appear in traceroute outputs.";
reference
"RFC 6333: Dual-Stack Lite Broadband Deployments Following
IPv4 Exhaustion";
}
reference leaf tunnel-mtu {
"RFC 6333."; type uint16;
} description
"Configures a tunnel MTU.
leaf aftr-ipv6-addr { [RFC6908] specifies that since fragmentation and reassembly is
type inet:ipv6-address; not optimal, the operator should do everything possible to
eliminate the need for it. If the operator uses simple
IPv4-in-IPv6 softwire, it is recommended that the MTU size of
the IPv6 network between the B4 and the AFTR accounts for
the additional overhead (40 bytes).";
description reference
"The AFTR's IPv6 address."; "RFC 6908: Deployment Considerations for Dual-Stack Lite";
}
reference leaf v6-v4-dscp-preservation {
"RFC 6333."; type boolean;
} description
"Copies the DSCP value from the IPv6 header and vice versa.
leaf b4-ipv4-address { Operators should use this model by provisioning the network such
type inet:ipv4-address; that the AFTR copies the DSCP value in the IPv4 header to
default "192.0.0.2"; the Traffic Class field in the IPv6 header, after the
encapsulation for the downstream traffic.";
reference
"Section 2.10 of RFC 6908.";
}
}
}
<CODE ENDS>
description 5. Security Considerations
"IPv4 address of the DS-Lite B4.
192.0.0.0/29 is reserved for the B4 element.
This address can be used to report ICMP
problems and will appear in traceroute
outputs.";
reference The YANG module defined in this document is designed to be accessed
"RFC 6333."; via network management protocols such as NETCONF [RFC6241] or
} RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport
layer, and the mandatory-to-implement secure transport is Secure
Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the
mandatory-to-implement secure transport is TLS [RFC5246].
leaf tunnel-mtu { The NETCONF access control model [RFC6536] provides the means to
type uint16; restrict access for particular NETCONF or RESTCONF users to a
preconfigured subset of all available NETCONF or RESTCONF protocol
operations and content.
description All data nodes defined in the YANG module which can be created,
"Configures a tunnel MTU. modified and deleted (i.e., config true, which is the default) are
[RFC6908] specifies that since considered sensitive. Write operations (e.g., edit-config) applied
fragmentation and reassembly is not to these data nodes without proper protection can negatively affect
optimal, the operator should do network operations. An attacker who is able to access to the B4/AFTR
everything possible to eliminate can undertake various attacks, such as:
the need for it. If the operator uses
simple IPv4-in-IPv6 softwire, it is
recommended that the MTU size of the IPv6
network between the B4 and the AFTR
accounts for the additional overhead
(40 bytes).";
reference o Set the value of 'aftr-ipv6-addr' on the B4 to point to an
"RFC 6908."; illegitimate AFTR so that it can intercept all the traffic sent by
} a B4. Illegitimately intercepting users' traffic is a attack with
severe implications on privacy.
leaf v6-v4-dscp-preservation { o Set the MTU to a low value which may increase the number of
type boolean; fragments (tunnel-mtu for both B4 and AFTR).
description o Set 'max-softwire-per-subscriber' to an arbitrary high value,
"Copies the DSCP value from the IPv6 header which will be exploited by a misbehaving user to grab more
and vice versa. resources (by mounting as many softwires as required to get more
Operators should use this model external IP addresses/ports) or to perform a Denial-of-Service on
by provisioning the network such that the AFTR by mounting a massive number of softwires.
the AFTR copies the DSCP value in the IPv4
header to the Traffic Class field in
the IPv6 header, after the encapsulation
for the downstream traffic.";
reference o Set 'state-migrate' to 'false' on the AFTR. This action may lead
"Section 2.10 of RFC 6908."; to a service degradation for the users.
}
}
}
<CODE ENDS>
5. Security Considerations o Set 'b4-address-change-limit" to an arbitrary low value can ease
DoS attacks based on frequent change of B4 IPv6 address.
The YANG module defined in this memo is designed to be accessed via o Set 'v6-v4-dscp-preservation' to 'false" may lead to a service
the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the degradation if some policies are applied on the network based on
secure transport layer and the support of SSH is mandatory to the DSCP value.
implement secure transport [RFC6242]. The NETCONF access control
model [RFC6536] provides means to restrict access for particular
NETCONF users to a pre-configured subset of all available NETCONF
protocol operations and contents.
All data nodes defined in the YANG module which can be created, Additional security considerations are discussed in
modified and deleted (i.e., config true, which is the default). [I-D.ietf-opsawg-nat-yang].
These data nodes are considered sensitive. Write operations (e.g.,
edit-config) applied to these data nodes without proper protection Security considerations related to DS-Lite are discussed in
can negatively affect network operations. [RFC6333].
6. IANA Considerations 6. IANA Considerations
This document requests IANA to register the following URIs in the This document requests IANA to register the following URIs in the
"IETF XML Registry" [RFC3688]: "IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:ietf-dslite-aftr URI: urn:ietf:params:xml:ns:yang:ietf-dslite-aftr
Registrant Contact: The IESG. Registrant Contact: The IESG.
XML: N/A; the requested URI is an XML namespace. XML: N/A; the requested URI is an XML namespace.
skipping to change at page 17, line 28 skipping to change at page 17, line 7
prefix: dslite-aftr prefix: dslite-aftr
reference: RFC XXXX reference: RFC XXXX
name: ietf-dslite-b4 name: ietf-dslite-b4
namespace: urn:ietf:params:xml:ns:yang:ietf-dslite-b4 namespace: urn:ietf:params:xml:ns:yang:ietf-dslite-b4
prefix: dslite-b4 prefix: dslite-b4
reference: RFC XXXX reference: RFC XXXX
7. Acknowledgements 7. Acknowledgements
Thanks to Q. Wu for identifying a compiling error. Mahesh Thanks to Qin Wu for identifying a compiling error. Mahesh
Jethanandani provided an eraly ynagdoctors review; many thanks to Jethanandani provided an early yangdoctors review; many thanks to
him. him.
Many thanks to Ian Farrer for the review and comments Many thanks to Ian Farrer for the review and comments.
8. References 8. References
8.1. Normative references 8.1. Normative references
[I-D.ietf-opsawg-nat-yang] [I-D.ietf-opsawg-nat-yang]
Boucadair, M., Sivakumar, S., Jacquenet, C., Vinapamula, Boucadair, M., Sivakumar, S., Jacquenet, C., Vinapamula,
S., and Q. Wu, "A YANG Data Model for Network Address S., and Q. Wu, "A YANG Data Model for Network Address
Translation (NAT) and Network Prefix Translation (NPT)", Translation (NAT) and Network Prefix Translation (NPT)",
draft-ietf-opsawg-nat-yang-05 (work in progress), October draft-ietf-opsawg-nat-yang-06 (work in progress), October
2017. 2017.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008,
<https://www.rfc-editor.org/info/rfc5246>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>. <https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>. <https://www.rfc-editor.org/info/rfc6242>.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
skipping to change at page 18, line 36 skipping to change at page 18, line 17
<https://www.rfc-editor.org/info/rfc6991>. <https://www.rfc-editor.org/info/rfc6991>.
[RFC7223] Bjorklund, M., "A YANG Data Model for Interface [RFC7223] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, Management", RFC 7223, DOI 10.17487/RFC7223, May 2014,
<https://www.rfc-editor.org/info/rfc7223>. <https://www.rfc-editor.org/info/rfc7223>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016, RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>. <https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
8.2. Informative references 8.2. Informative references
[I-D.boucadair-pcp-yang] [I-D.boucadair-pcp-yang]
Boucadair, M., Jacquenet, C., Sivakumar, S., and S. Boucadair, M., Jacquenet, C., Sivakumar, S., and S.
Vinapamula, "YANG Data Models for the Port Control Vinapamula, "YANG Modules for the Port Control Protocol
Protocol (PCP)", draft-boucadair-pcp-yang-04 (work in (PCP)", draft-boucadair-pcp-yang-05 (work in progress),
progress), May 2017. October 2017.
[I-D.ietf-netmod-yang-tree-diagrams] [I-D.ietf-netmod-acl-model]
Bjorklund, M. and L. Berger, "YANG Tree Diagrams", draft- Jethanandani, M., Huang, L., Agarwal, S., and D. Blair,
ietf-netmod-yang-tree-diagrams-01 (work in progress), June "Network Access Control List (ACL) YANG Data Model",
draft-ietf-netmod-acl-model-14 (work in progress), October
2017. 2017.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022,
DOI 10.17487/RFC3022, January 2001,
<https://www.rfc-editor.org/info/rfc3022>.
[RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG
Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, Data Model Documents", RFC 6087, DOI 10.17487/RFC6087,
January 2011, <https://www.rfc-editor.org/info/rfc6087>. January 2011, <https://www.rfc-editor.org/info/rfc6087>.
[RFC6908] Lee, Y., Maglione, R., Williams, C., Jacquenet, C., and M. [RFC6908] Lee, Y., Maglione, R., Williams, C., Jacquenet, C., and M.
Boucadair, "Deployment Considerations for Dual-Stack Boucadair, "Deployment Considerations for Dual-Stack
Lite", RFC 6908, DOI 10.17487/RFC6908, March 2013, Lite", RFC 6908, DOI 10.17487/RFC6908, March 2013,
<https://www.rfc-editor.org/info/rfc6908>. <https://www.rfc-editor.org/info/rfc6908>.
[RFC7785] Vinapamula, S. and M. Boucadair, "Recommendations for [RFC7785] Vinapamula, S. and M. Boucadair, "Recommendations for
Prefix Binding in the Context of Softwire Dual-Stack Prefix Binding in the Context of Softwire Dual-Stack
Lite", RFC 7785, DOI 10.17487/RFC7785, February 2016, Lite", RFC 7785, DOI 10.17487/RFC7785, February 2016,
<https://www.rfc-editor.org/info/rfc7785>. <https://www.rfc-editor.org/info/rfc7785>.
Appendix A. Examples Appendix A. B4 Example
The following example shows an AFTR that is reachable at 2001:db8::2. The following example shows a B4 element (2001:db8:0:1::1) that is
Also, this XML snippet indicates that the AFTR is provided with an configured with an AFTR element (2001:db8:0:2::1). The B4 element is
IPv4 address (192.0.0.1) to be used for troubleshooting purposes such also instructed to preserve the DSCP marking.
as reporting problems to B4s. Moreover, the AFTR is instructed to
limit the number of softwires per subscriber to '1'. <interface>
<name>myB4</name>
<type>ianaift:tunnel</type>
<enabled>true</enabled>
<b4-ipv6-address>2001:db8:0:1::1</b4-ipv6-address>
<aftr-ipv6-addr>2001:db8:0:2::1</aftr-ipv6-addr>
<v6-v4-dscp-preservation>true</v6-v4-dscp-preservation>
</interface>
Appendix B. AFTR Examples
The following example shows an AFTR that is reachable at
2001:db8:0:2::1. Also, this XML snippet indicates that the AFTR is
provided with an IPv4 address (192.0.0.1) to be used for
troubleshooting purposes such as reporting problems to B4s.
Moreover, the AFTR is instructed to limit the number of softwires per
subscriber to '1'.
Note that a subscriber is identified by a subscriber-mask ([RFC7785])
that can be configured by means of [I-D.ietf-opsawg-nat-yang].
<interface> <interface>
<name>myAFTR</name> <name>myAFTR</name>
<type>ianaift:tunnel</type> <type>ianaift:tunnel</type>
<enabled>true</enabled> <enabled>true</enabled>
<aftr-ipv6-address>2001:db8::2</aftr-ipv6-address> <aftr-ipv6-address>2001:db8:0:2::1</aftr-ipv6-address>
<aftr-ipv4-address>192.0.0.1</aftr-ipv4-address> <aftr-ipv4-address>192.0.0.1</aftr-ipv4-address>
<max-softwire-per-subscriber>1</max-softwire-per-subscriber> <max-softwire-per-subscriber>1</max-softwire-per-subscriber>
</interface> </interface>
The following shows an XML excerpt depicting a dynamic UDP mapping The following shows an XML excerpt depicting a dynamic UDP mapping
entry maintained by a DS-Lite AFTR. In reference to this example, entry maintained by a DS-Lite AFTR for a packet received from the B4
the UDP packet received with a source IPv6 address (2001:db8::1), a element introduced in Appendix A. Concretely, this UDP packet
source IPv4 address (192.0.2.1) and source port number (1568) is received with a source IPv6 address (2001:db8:0:1::1), a source IPv4
translated into a UDP packet having a source IPv4 address address (192.0.2.1), and source port number (1568) is translated into
(198.51.100.1) and source port (15000). The lifetime of this mapping a UDP packet having a source IPv4 address (198.51.100.1) and source
is 300 seconds. port number (15000). The remaining lifetime of this mapping is 300
seconds.
<mapping-entry> <mapping-entry>
<index>15</index> <index>15</index>
<type> <type>
dynamic-explicit dynamic-explicit
</type> </type>
<transport-protocol> <transport-protocol>
17 17
</transport-protocol> </transport-protocol>
<b4-ipv6-address> <b4-ipv6-address>
2001:db8::1 2001:db8:0:1::1
</b4-ipv6-address> </b4-ipv6-address>
<internal-src-address> <internal-src-address>
192.0.2.1 192.0.2.1
</internal-dst-address> </internal-src-address>
<internal-src-port> <internal-src-port>
<single-port-number> <start-port-number>
1568 1568
</single-port-number> </start-port-number>
</internal-dst-port> </internal-src-port>
<external-dst-address> <external-src-address>
198.51.100.1 198.51.100.1
</external-dst-address> </external-src-address>
<external-dst-port> <external-src-port>
<single-port-number> <start-port-number>
15000 15000
</single-port-number> </start-port-number>
</external-dst-port> </external-src-port>
<lifetime> <lifetime>
300 300
</lifetime> </lifetime>
</mapping-entry> </mapping-entry>
Authors' Addresses Authors' Addresses
Mohamed Boucadair Mohamed Boucadair
Orange Orange
Rennes 35000 Rennes 35000
 End of changes. 142 change blocks. 
462 lines changed or deleted 499 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/