draft-ietf-softwire-dslite-yang-15.txt   draft-ietf-softwire-dslite-yang-16.txt 
Network Working Group M. Boucadair Network Working Group M. Boucadair
Internet-Draft C. Jacquenet Internet-Draft C. Jacquenet
Intended status: Standards Track Orange Intended status: Standards Track Orange
Expires: August 30, 2018 S. Sivakumar Expires: November 25, 2018 S. Sivakumar
Cisco Systems Cisco Systems
February 26, 2018 May 24, 2018
A YANG Data Module for Dual-Stack Lite (DS-Lite) A YANG Data Module for Dual-Stack Lite (DS-Lite)
draft-ietf-softwire-dslite-yang-15 draft-ietf-softwire-dslite-yang-16
Abstract Abstract
This document defines a YANG module for the DS-Lite Address Family This document defines a YANG module for the DS-Lite Address Family
Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements. Transition Router (AFTR) and Basic Bridging BroadBand (B4) elements.
Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
Please update these statements with the RFC number to be assigned to Please update these statements in the document with the RFC number to
this document: be assigned to this document:
o "This version of this YANG module is part of RFC XXXX;" o "This version of this YANG module is part of RFC XXXX;"
o "RFC XXXX: A YANG Data Module for Dual-Stack Lite (DS-Lite)"; o "RFC XXXX: A YANG Data Module for Dual-Stack Lite (DS-Lite)";
o "reference: RFC XXXX" o "reference: RFC XXXX"
Please update the "revision" date of the YANG module. Please update the "revision" date of the YANG module.
Also, update this sentence with the RFC number to be assigned to this Also, update this sentence with the RFC number to be assigned to I-
document: D.ietf-opsawg-nat-yang:
o "RFC YYYY: A YANG Module for Network Address Translation (NAT) and o "RFC YYYY: A YANG Module for Network Address Translation (NAT) and
Network Prefix Translation (NPT)" Network Prefix Translation (NPT)"
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 30, 2018. This Internet-Draft will expire on November 25, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 19 skipping to change at page 4, line 19
Datastore Architecture (NMDA). Datastore Architecture (NMDA).
1.1. Terminology 1.1. Terminology
This document makes use of the terms defined in Section 3 of This document makes use of the terms defined in Section 3 of
[RFC6333]. [RFC6333].
The terminology for describing YANG data modules is defined in The terminology for describing YANG data modules is defined in
[RFC7950]. [RFC7950].
The meaning of the symbols in tree diagrams is defined in The meaning of the symbols in tree diagrams is defined in [RFC8340].
[I-D.ietf-netmod-yang-tree-diagrams].
2. DS-Lite YANG Module: An Overview 2. DS-Lite YANG Module: An Overview
As shown in Figure 1: As shown in Figure 1:
o The AFTR element is a combination of an IPv4-in-IPv6 tunnel and a o The AFTR element is a combination of an IPv4-in-IPv6 tunnel and a
NAPT function (Section 2.2 of [RFC3022]). NAPT function (Section 2.2 of [RFC3022]).
o The B4 element is an IPv4-in-IPv6 tunnel. o The B4 element is an IPv4-in-IPv6 tunnel.
Therefore, the DS-Lite YANG module is designed to augment both the Therefore, the DS-Lite YANG module is designed to augment both the
Interfaces YANG module [I-D.ietf-netmod-rfc7223bis] and the NAT YANG Interfaces YANG module [RFC8343] and the NAT YANG module
module [I-D.ietf-opsawg-nat-yang] with DS-Lite specific features. [I-D.ietf-opsawg-nat-yang] with DS-Lite specific features.
The YANG "feature" statement is used to distinguish which of the DS- The YANG "feature" statement is used to distinguish which of the DS-
Lite elements ('aftr' or 'b4') is relevant for a specific data node. Lite elements ('aftr' or 'b4') is relevant for a specific data node.
Concretely, the DS-Lite YANG module (Figure 2) augments the Concretely, the DS-Lite YANG module (Figure 2) augments the
Interfaces YANG module with the following: Interfaces YANG module with the following:
o An IPv6 address used by the tunnel endpoint (AFTR or B4) for o An IPv6 address used by the tunnel endpoint (AFTR or B4) for
sending and receiving IPv4-in-IPv6 packets (ipv6-address). sending and receiving IPv4-in-IPv6 packets (ipv6-address).
skipping to change at page 5, line 46 skipping to change at page 5, line 46
preserve DSCP marking when encapsulating/decapsulationg at the preserve DSCP marking when encapsulating/decapsulationg at the
AFTR. AFTR.
o The IPv4 DSCP marking of the IPv4 packet received from a B4 o The IPv4 DSCP marking of the IPv4 packet received from a B4
element (internal-v4-dscp): This information can be used by the element (internal-v4-dscp): This information can be used by the
AFTR for setting the DSCP of packets relayed to a B4 element. AFTR for setting the DSCP of packets relayed to a B4 element.
o The IPv4 DSCP marking as set by the AFTR in its external interface o The IPv4 DSCP marking as set by the AFTR in its external interface
(external-v4-dscp): An AFTR can be instructed to preserve the same (external-v4-dscp): An AFTR can be instructed to preserve the same
marking or to set it to another value when forwarding an IPv4 marking or to set it to another value when forwarding an IPv4
packet upstream. packet destined to a remote IPv4 host.
Access Control List (ACL) and Quality of Service (QoS) policies Access Control List (ACL) and Quality of Service (QoS) policies
discussed in Section 2.5 of [RFC6908] are out of scope. A YANG discussed in Section 2.5 of [RFC6908] are out of scope. A YANG
module for ACLs is documented in [I-D.ietf-netmod-acl-model]. module for ACLs is documented in [I-D.ietf-netmod-acl-model].
Likewise, PCP-related considerations discussed in Section 8.5 of Likewise, Port Control Protocol (PCP) related considerations
[RFC6333] are out of scope. A YANG module for PCP is documented in discussed in Section 8.5 of [RFC6333] are out of scope. A YANG
[I-D.boucadair-pcp-yang]. module for PCP is documented in [I-D.boucadair-pcp-yang].
The YANG module "ietf-dslite" has the following structure: The YANG module "ietf-dslite" has the following structure:
module: ietf-dslite module: ietf-dslite
augment /if:interfaces/if:interface: augment /if:interfaces/if:interface:
+--rw ipv6-address? inet:ipv6-address +--rw ipv6-address? inet:ipv6-address
+--rw ipv4-address? inet:ipv4-address +--rw ipv4-address? inet:ipv4-address
+--rw aftr-ipv6-addr? inet:ipv6-address {b4}? +--rw aftr-ipv6-addr? inet:ipv6-address {b4}?
+--rw tunnel-mtu? uint16 +--rw tunnel-mtu? uint16
+--rw v6-v4-dscp-preservation? boolean +--rw v6-v4-dscp-preservation? boolean
skipping to change at page 6, line 30 skipping to change at page 6, line 30
+--rw state-migrate? boolean {aftr}? +--rw state-migrate? boolean {aftr}?
+--rw b4-address-change-limit? uint32 {aftr}? +--rw b4-address-change-limit? uint32 {aftr}?
+--rw mss-clamping {aftr}? +--rw mss-clamping {aftr}?
+--rw enable? boolean +--rw enable? boolean
+--rw mss-value? uint16 +--rw mss-value? uint16
augment /nat:nat/nat:instances/nat:instance augment /nat:nat/nat:instances/nat:instance
/nat:mapping-table/nat:mapping-entry: /nat:mapping-table/nat:mapping-entry:
+--rw b4-ipv6-address {aftr}? +--rw b4-ipv6-address {aftr}?
| +--rw address? inet:ipv6-address | +--rw address? inet:ipv6-address
| +--rw last-address-change? yang:date-and-time | +--rw last-address-change? yang:date-and-time
+--rw v6-dscp? uint8 {aftr}? +--rw v6-dscp? inet:dscp {aftr}?
+--rw internal-v4-dscp? uint8 {aftr}? +--rw internal-v4-dscp? inet:dscp {aftr}?
+--rw external-v4-dscp? uint8 {aftr}? +--rw external-v4-dscp? inet:dscp {aftr}?
augment /nat:nat/nat:instances/nat:instance augment /nat:nat/nat:instances/nat:instance
/nat:statistics/nat:mappings-statistics: /nat:statistics/nat:mappings-statistics:
+--ro active-softwires? yang:gauge32 {aftr}? +--ro active-softwires? yang:gauge32 {aftr}?
notifications: notifications:
+---n b4-address-change-limit-policy-violation {aftr}? +---n b4-address-change-limit-policy-violation {aftr}?
+--ro id -> /nat:nat/instances/instance/id +--ro id -> /nat:nat/instances/instance/id
+--ro policy-id -> /nat:nat/instances/instance/policy/id +--ro policy-id -> /nat:nat/instances/instance/policy/id
+--ro address inet:ipv6-address +--ro address inet:ipv6-address
skipping to change at page 10, line 31 skipping to change at page 10, line 31
leaf v6-v4-dscp-preservation { leaf v6-v4-dscp-preservation {
type boolean; type boolean;
description description
"Copies the DSCP value from the IPv6 header and vice versa. "Copies the DSCP value from the IPv6 header and vice versa.
According to Section 2.10 of [RFC6908], operators should According to Section 2.10 of [RFC6908], operators should
use this model by provisioning the network such that the use this model by provisioning the network such that the
AFTR/B4 copies the DSCP value in the IPv4 header to AFTR/B4 copies the DSCP value in the IPv4 header to
the Traffic Class field in the IPv6 header, after the the Traffic Class field in the IPv6 header, after the
encapsulation for the downstream traffic."; IPv4-in-IPv6 encapsulation.";
reference reference
"Section 2.10 of RFC 6908."; "Section 2.10 of RFC 6908.";
} }
} }
augment "/nat:nat/nat:instances/nat:instance/nat:policy" { augment "/nat:nat/nat:instances/nat:instance/nat:policy" {
when "derived-from-or-self(/nat:nat/nat:instances/nat:instance/" + when "derived-from-or-self(/nat:nat/nat:instances/nat:instance/" +
"nat:type, 'nat:napt44')" + "nat:type, 'nat:napt44')" +
" and /nat:nat/nat:instances/nat:instance/" + " and /nat:nat/nat:instances/nat:instance/" +
"nat:per-interface-binding='dslite'"; "nat:per-interface-binding='dslite'";
skipping to change at page 13, line 20 skipping to change at page 13, line 20
leaf last-address-change { leaf last-address-change {
type yang:date-and-time; type yang:date-and-time;
description description
"Records the last time when the address changed."; "Records the last time when the address changed.";
} }
} }
leaf v6-dscp { leaf v6-dscp {
when "/if:interfaces/if:interface/" + when "/if:interfaces/if:interface/" +
"dslite:v6-v4-dscp-preservation='true'"; "dslite:v6-v4-dscp-preservation='true'";
type uint8; type inet:dscp;
description description
"DSCP value used at the softwire level (i.e., IPv6 header)."; "DSCP value used at the softwire level (i.e., IPv6 header).";
} }
leaf internal-v4-dscp { leaf internal-v4-dscp {
when "/if:interfaces/if:interface/" + when "/if:interfaces/if:interface/" +
"dslite:v6-v4-dscp-preservation='true'"; "dslite:v6-v4-dscp-preservation='true'";
type uint8; type inet:dscp;
description description
"DSCP value of the encapsulated IPv4 packet."; "DSCP value of the encapsulated IPv4 packet.";
} }
leaf external-v4-dscp { leaf external-v4-dscp {
when "/if:interfaces/if:interface/" + when "/if:interfaces/if:interface/" +
"dslite:v6-v4-dscp-preservation='true'"; "dslite:v6-v4-dscp-preservation='true'";
type uint8; type inet:dscp;
description description
"DSCP value of the translated IPv4 packet as marked by "DSCP value of the translated IPv4 packet as marked by
the AFTR."; the AFTR.";
} }
} }
augment "/nat:nat/nat:instances/nat:instance/nat:statistics/" + augment "/nat:nat/nat:instances/nat:instance/nat:statistics/" +
"nat:mappings-statistics" { "nat:mappings-statistics" {
if-feature aftr; if-feature aftr;
description description
skipping to change at page 15, line 13 skipping to change at page 15, line 13
<CODE ENDS> <CODE ENDS>
4. Security Considerations 4. Security Considerations
The YANG module defined in this document is designed to be accessed The YANG module defined in this document is designed to be accessed
via network management protocols such as NETCONF [RFC6241] or via network management protocols such as NETCONF [RFC6241] or
RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport
layer, and the mandatory-to-implement secure transport is Secure layer, and the mandatory-to-implement secure transport is Secure
Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the
mandatory-to-implement secure transport is TLS [RFC5246]. mandatory-to-implement secure transport is TLS [RFC5246].
The NETCONF access control model [I-D.ietf-netconf-rfc6536bis] The NETCONF access control model [RFC8341] provides the means to
provides the means to restrict access for particular NETCONF or restrict access for particular NETCONF or RESTCONF users to a
RESTCONF users to a preconfigured subset of all available NETCONF or preconfigured subset of all available NETCONF or RESTCONF protocol
RESTCONF protocol operations and content. operations and content.
All data nodes defined in the YANG module which can be created, All data nodes defined in the YANG module which can be created,
modified and deleted (i.e., config true, which is the default) are modified and deleted (i.e., config true, which is the default) are
considered sensitive. Write operations (e.g., edit-config) applied considered sensitive. Write operations (e.g., edit-config) applied
to these data nodes without proper protection can negatively affect to these data nodes without proper protection can negatively affect
network operations. An attacker who is able to access to the B4/AFTR network operations. An attacker who is able to access to the B4/AFTR
can undertake various attacks, such as: can undertake various attacks, such as:
o Set the value of 'aftr-ipv6-addr' on the B4 to point to an o Set the value of 'aftr-ipv6-addr' on the B4 to point to an
illegitimate AFTR so that it can intercept all the traffic sent by illegitimate AFTR so that it can intercept all the traffic sent by
skipping to change at page 16, line 37 skipping to change at page 16, line 37
Thanks to Qin Wu, Benoit Claise, and Andy Bierman who helped for Thanks to Qin Wu, Benoit Claise, and Andy Bierman who helped for
identifying compiling errors. Mahesh Jethanandani provided early identifying compiling errors. Mahesh Jethanandani provided early
yangdoctors reviews; many thanks to him. yangdoctors reviews; many thanks to him.
Many thanks to Ian Farrer and Tom Petch for the review and comments. Many thanks to Ian Farrer and Tom Petch for the review and comments.
7. References 7. References
7.1. Normative references 7.1. Normative references
[I-D.ietf-netconf-rfc6536bis]
Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Module", draft-ietf-netconf-rfc6536bis-09
(work in progress), December 2017.
[I-D.ietf-netmod-rfc7223bis]
Bjorklund, M., "A YANG Data Model for Interface
Management", draft-ietf-netmod-rfc7223bis-03 (work in
progress), January 2018.
[I-D.ietf-opsawg-nat-yang] [I-D.ietf-opsawg-nat-yang]
Boucadair, M., Sivakumar, S., Jacquenet, C., Vinapamula, Boucadair, M., Sivakumar, S., Jacquenet, C., Vinapamula,
S., and Q. Wu, "A YANG Module for Network Address S., and Q. Wu, "A YANG Module for Network Address
Translation (NAT) and Network Prefix Translation (NPT)", Translation (NAT) and Network Prefix Translation (NPT)",
draft-ietf-opsawg-nat-yang-13 (work in progress), February draft-ietf-opsawg-nat-yang-14 (work in progress), March
2018. 2018.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, (TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008, DOI 10.17487/RFC5246, August 2008,
<https://www.rfc-editor.org/info/rfc5246>. <https://www.rfc-editor.org/info/rfc5246>.
skipping to change at page 17, line 44 skipping to change at page 17, line 35
<https://www.rfc-editor.org/info/rfc7224>. <https://www.rfc-editor.org/info/rfc7224>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016, RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>. <https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>. <https://www.rfc-editor.org/info/rfc8040>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>.
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
<https://www.rfc-editor.org/info/rfc8343>.
7.2. Informative references 7.2. Informative references
[I-D.boucadair-pcp-yang] [I-D.boucadair-pcp-yang]
Boucadair, M., Jacquenet, C., Sivakumar, S., and S. Boucadair, M., Jacquenet, C., Sivakumar, S., and S.
Vinapamula, "YANG Modules for the Port Control Protocol Vinapamula, "YANG Modules for the Port Control Protocol
(PCP)", draft-boucadair-pcp-yang-05 (work in progress), (PCP)", draft-boucadair-pcp-yang-05 (work in progress),
October 2017. October 2017.
[I-D.ietf-netmod-acl-model] [I-D.ietf-netmod-acl-model]
Jethanandani, M., Huang, L., Agarwal, S., and D. Blair, Jethanandani, M., Huang, L., Agarwal, S., and D. Blair,
"Network Access Control List (ACL) YANG Data Model", "Network Access Control List (ACL) YANG Data Model",
draft-ietf-netmod-acl-model-16 (work in progress), draft-ietf-netmod-acl-model-19 (work in progress), April
February 2018. 2018.
[I-D.ietf-netmod-yang-tree-diagrams]
Bjorklund, M. and L. Berger, "YANG Tree Diagrams", draft-
ietf-netmod-yang-tree-diagrams-06 (work in progress),
February 2018.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, Address Translator (Traditional NAT)", RFC 3022,
DOI 10.17487/RFC3022, January 2001, DOI 10.17487/RFC3022, January 2001,
<https://www.rfc-editor.org/info/rfc3022>. <https://www.rfc-editor.org/info/rfc3022>.
[RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG
Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, Data Model Documents", RFC 6087, DOI 10.17487/RFC6087,
January 2011, <https://www.rfc-editor.org/info/rfc6087>. January 2011, <https://www.rfc-editor.org/info/rfc6087>.
[RFC6908] Lee, Y., Maglione, R., Williams, C., Jacquenet, C., and M. [RFC6908] Lee, Y., Maglione, R., Williams, C., Jacquenet, C., and M.
Boucadair, "Deployment Considerations for Dual-Stack Boucadair, "Deployment Considerations for Dual-Stack
Lite", RFC 6908, DOI 10.17487/RFC6908, March 2013, Lite", RFC 6908, DOI 10.17487/RFC6908, March 2013,
<https://www.rfc-editor.org/info/rfc6908>. <https://www.rfc-editor.org/info/rfc6908>.
[RFC7785] Vinapamula, S. and M. Boucadair, "Recommendations for [RFC7785] Vinapamula, S. and M. Boucadair, "Recommendations for
Prefix Binding in the Context of Softwire Dual-Stack Prefix Binding in the Context of Softwire Dual-Stack
Lite", RFC 7785, DOI 10.17487/RFC7785, February 2016, Lite", RFC 7785, DOI 10.17487/RFC7785, February 2016,
<https://www.rfc-editor.org/info/rfc7785>. <https://www.rfc-editor.org/info/rfc7785>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>.
Appendix A. B4 Example Appendix A. B4 Example
The following example shows a B4 element (2001:db8:0:1::1) that is The following example shows a B4 element (2001:db8:0:1::1) that is
configured with an AFTR element (2001:db8:0:2::1). The B4 element is configured with an AFTR element (2001:db8:0:2::1). The B4 element is
also instructed to preserve the DSCP marking. also instructed to preserve the DSCP marking.
<interfaces> <interfaces>
<interface> <interface>
<name>myB4</name> <name>myB4</name>
<type>ianaift:tunnel</type> <type>ianaift:tunnel</type>
 End of changes. 21 change blocks. 
45 lines changed or deleted 42 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/