TEAS Working Group D. Dhody Internet-Draft Huawei Technologies Intended status: Standards Track 24 October 2022 Expires: 27 April 2023 Traffic Mapping YANG model for Traffic Engineering (TE) draft-dhody-teas-te-traffic-yang-03 Abstract This document provides a YANG data model to map traffic to Traffic Engineering (TE) paths. This model providers operator a seamless control and management of which traffic to send on the underlying TE resources. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 27 April 2023. Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Dhody Expires 27 April 2023 [Page 1] Internet-Draft Traffic-TE-YANG October 2022 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Prefixes in Data Node Names . . . . . . . . . . . . . . . 4 2.3. References in the Model . . . . . . . . . . . . . . . . . 5 3. Discussion Items . . . . . . . . . . . . . . . . . . . . . . 5 4. Tree Structure . . . . . . . . . . . . . . . . . . . . . . . 5 5. YANG Model . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 8.1. Normative References . . . . . . . . . . . . . . . . . . 13 8.2. Informative References . . . . . . . . . . . . . . . . . 15 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 15 Appendix B. Examples . . . . . . . . . . . . . . . . . . . . . . 15 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15 1. Introduction Data models are a representation of objects that can be configured or monitored within a system. Within the IETF, YANG [RFC7950] is the language of choice for documenting data models, and YANG models have been produced to allow configuration or modeling of a variety of network devices, protocol instances, and network services. There are various YANG models to establish paths in the network, such as: * TE Tunnels [I-D.ietf-teas-yang-te] * Segment Routing (SR) Policy [I-D.ietf-spring-sr-policy-yang] * Service Function Chaining (SFC) * Virtual Network (VN) * IETF Network Slice These models do not include an exact mechanism to describe the traffic that needs to be mapped to the paths. Thus an operator lacks a way to simply use the YANG model to tell requirements such as the traffic from source X on port Y should go on a TE path with delay less than Z. The YANG model defined in this document fills this gap. To achieve this goal, the YANG model defined in this document utilizes the concept borrowed from: Dhody Expires 27 April 2023 [Page 2] Internet-Draft Traffic-TE-YANG October 2022 * BGP FlowSpec: Where the description of traffic flows is done by the combination of multiple Flow Specification Components and their dissemination as traffic flow specifications (Flow Specifications) is described for BGP in [RFC8955]. In BGP, a Flow Specification is comprised of traffic filtering rules and is associated with actions to perform on the packets that match the Flow Specification. The BGP routers that receive a Flow Specification can classify received packets according to the traffic filtering rules and can direct packets based on the associated actions. * Path Computation Element (PCE) FlowSpec: Extends the idea to PCE Communication Protocol (PCEP) [RFC9168]. * Access Control List (ACL): A basic elements used to configure device-forwarding behavior in form of a user-ordered set of rules that is used to filter traffic on a networking device. Each rule is represented by an Access Control Entry (ACE). Each ACE has a group of match criteria and a group of actions [RFC8519]. * Flow: Elements in the packet in IP/UDP/TCP header to match particular flows. The YANG model includes two key concepts: * Traffic Description: The various fields that needs to be matched to identify a traffic flow. * Action: The associated action that needs to be taken. For the purpose of this YANG model the action is to simply point to the TE resource in form of the TE tunnel, SR Policy etc. Note: The RFC Editor will replace XXXX with the number assigned to the RFC once this draft becomes an RFC. 2. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2.1. Tree Diagrams A simplified graphical representation of the data model is used in this document. The meaning of the symbols in these diagrams is defined in [RFC8340]. Dhody Expires 27 April 2023 [Page 3] Internet-Draft Traffic-TE-YANG October 2022 2.2. Prefixes in Data Node Names In this document, names of data nodes and other data model objects are often used without a prefix, as long as it is clear from the context in which YANG module each name is defined. Otherwise, names are prefixed using the standard prefix associated with the corresponding YANG module, as shown in Table 1. +=========+==========+=============================================+ | Prefix | YANG | Reference | | | module | | +=========+==========+=============================================+ | inet | ietf- | [RFC6991] | | | inet- | | | | types | | +---------+----------+---------------------------------------------+ | yang | ietf- | [RFC6991] | | | yang- | | | | types | | +---------+----------+---------------------------------------------+ | te | ietf-te | [I-D.ietf-teas-yang-te] | +---------+----------+---------------------------------------------+ | rt | ietf- | [RFC8349] | | | routing | | +---------+----------+---------------------------------------------+ | sr- | ietf-sr- | [I-D.ietf-spring-sr-policy-yang] | | policy | policy | | +---------+----------+---------------------------------------------+ | ietf- | ietf- | [I-D.ietf-teas-ietf-network-slice-nbi-yang] | | nss | network- | | | | slice- | | | | service | | +---------+----------+---------------------------------------------+ | acl | ietf- | [RFC8519] | | | access- | | | | control- | | | | list | | +---------+----------+---------------------------------------------+ | packet- | ietf- | [RFC8519] | | fields | packet- | | | | fields | | +---------+----------+---------------------------------------------+ | vpn- | ietf- | [RFC9181] | | common | vpn- | | | | common | | +---------+----------+---------------------------------------------+ Table 1 Dhody Expires 27 April 2023 [Page 4] Internet-Draft Traffic-TE-YANG October 2022 2.3. References in the Model Following documents are referenced in the model defined in this document - +=============================+==================================+ | Document | Reference | +=============================+==================================+ | YANG Data Model for Network | [RFC8519] | | Access Control Lists (ACLs) | | +-----------------------------+----------------------------------+ | A YANG Data Model for | [I-D.ietf-teas-yang-te] | | Traffic Engineering Tunnels | | | and Interfaces | | +-----------------------------+----------------------------------+ | YANG Data Model for Segment | [I-D.ietf-spring-sr-policy-yang] | | Routing Policy | | +-----------------------------+----------------------------------+ Table 2 3. Discussion Items For describing the traffic, currently the YANG models uses: * The match criteria grouping from the [I-D.ietf-teas-ietf-network-slice-nbi-yang]. If this document gets WG backing, then it might be a good idea to move the grouping to this document instead. * The ACL Name. Should that be ACE instead? * The match action granularity in case of IETF network slice and VN needs to be discussed. * The match action for SFC is not handled yet. 4. Tree Structure Dhody Expires 27 April 2023 [Page 5] Internet-Draft Traffic-TE-YANG October 2022 module: ietf-traffic-map +--rw traffic-map +--rw maps* [id] +--rw id string +--rw traffic | +--rw id? string | +--rw (type)? | +--:(match-criteria) | | +--rw match-criterion* [index] | | +--rw index uint32 | | +--rw match-type identityref | | +--rw value* string | +--:(acl) | | +--rw acl? -> /acl:acls/acl/name | +--:(flowspec) | +--:(interface) | | +--rw node? string | | +--rw if-name? string | +--:(flow) | | +--rw (l3)? | | | +--:(ipv4) | | | | +--rw ipv4 | | | | ... | | | +--:(ipv6) | | | +--rw ipv6 | | | ... | | +--rw (l4)? | | +--:(tcp) | | | +--rw tcp | | | ... | | +--:(udp) | | +--rw udp | | ... | +--:(other) +--rw action | +--rw te-tunnel* te:tunnel-ref | +--rw sr-policy* [headend policy-color-ref policy-endpoint-ref] | | +--rw headend inet:ip-address-no-zone | | +--rw policy-color-ref leafref | | +--rw policy-endpoint-ref leafref | +--rw other +--ro stats +--ro matched-packets? yang:counter64 +--ro matched-octets? yang:counter64 5. YANG Model Dhody Expires 27 April 2023 [Page 6] Internet-Draft Traffic-TE-YANG October 2022 file "ietf-traffic-map@2022-10-24.yang" module ietf-traffic-map { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-traffic-map"; prefix tm; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; } import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-te { prefix te; reference "I-D.ietf-teas-yang-te: A YANG Data Model for Traffic Engineering Tunnels and Interfaces"; } import ietf-routing { prefix rt; reference "RFC8349: A YANG Data Model for Routing Management"; } import ietf-sr-policy { prefix sr-policy; reference "I-D.ietf-spring-sr-policy-yang: YANG Data Model for Segment Routing Policy"; } import ietf-network-slice-service { prefix ietf-nss; reference "I-D.ietf-teas-ietf-network-slice-nbi-yang: IETF Network Slice Service YANG Model"; } import ietf-packet-fields { prefix packet-fields; reference "RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } import ietf-access-control-list { prefix acl; reference Dhody Expires 27 April 2023 [Page 7] Internet-Draft Traffic-TE-YANG October 2022 "RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } import ietf-vpn-common { prefix vpn-common; reference "RFC 9181: A Common YANG Data Model for Layer 2 and Layer 3 VPNs"; } organization "IETF Traffic Engineering Architecture and Signaling (TEAS) Working Group"; contact "WG Web: WG List: Editor: Dhruv Dhody "; description "This module contains a YANG module to map traffic to Traffic Engineering (TE) paths. Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision 2022-10-24 { description "initial version."; reference "RFC XXXX: Traffic Mapping YANG model for Traffic Engineering (TE)"; } grouping traffic-description { description "The traffic description"; leaf id { type string; description Dhody Expires 27 April 2023 [Page 8] Internet-Draft Traffic-TE-YANG October 2022 "The identifier for Traffic Description"; } choice type { description "The various ways the traffic can be described"; case match-criteria { description "Use the match criteria"; list match-criterion { key "index"; description "List of traffic match criteria."; leaf index { type uint32; description "The entry index."; } leaf match-type { type identityref { base ietf-nss:service-match-type; } mandatory true; description "Identifies an entry in the list of the match criteria."; } leaf-list value { type string; description "Describes the slice service match criteria, e.g. IP address, VLAN, etc."; } } } case acl { description "Reference to ACL"; leaf acl { type leafref { path "/acl:acls/acl:acl/acl:name"; } description "The ACL Name. The action part of the ACL is not used."; reference "RFC8519: YANG Data Model for Network Access Control Lists (ACLs)"; } Dhody Expires 27 April 2023 [Page 9] Internet-Draft Traffic-TE-YANG October 2022 } case flowspec { description "Based on FlowSpec component type - TODO"; } case interface { description "All traffic received on an interface"; leaf node { type string; description "The node identifier"; } leaf if-name { type string; description "The interface name on the node"; } } case flow { description "Match particular flows"; choice l3 { description "Either IPv4 or IPv6."; container ipv4 { description "Rule set that matches the IPv4 header."; uses packet-fields:acl-ip-header-fields; uses packet-fields:acl-ipv4-header-fields; } container ipv6 { description "Rule set that matches the IPv6 header."; uses packet-fields:acl-ip-header-fields; uses packet-fields:acl-ipv6-header-fields; } } choice l4 { description "Includes Layer-4-specific information. This version focuses on TCP and UDP."; container tcp { description "Rule set that matches the TCP header."; uses packet-fields:acl-tcp-header-fields; uses vpn-common:ports; } Dhody Expires 27 April 2023 [Page 10] Internet-Draft Traffic-TE-YANG October 2022 container udp { description "Rule set that matches the UDP header."; uses packet-fields:acl-udp-header-fields; uses vpn-common:ports; } } } case other { description "TODO"; } } } grouping te-ref { description "Reference to TE paths"; leaf-list te-tunnel { type te:tunnel-ref; description "Reference to TE Tunnels"; reference "I-D.ietf-teas-yang-te: A YANG Data Model for Traffic Engineering Tunnels and Interfaces"; } list sr-policy { key "headend policy-color-ref policy-endpoint-ref"; description "SR Policy"; reference "I-D.ietf-spring-sr-policy-yang: YANG Data Model for Segment Routing Policy"; /*Headend needs to be added*/ leaf headend { type inet:ip-address-no-zone; description "SR Policy headend"; } leaf policy-color-ref { type leafref { path "/rt:routing/sr-policy:segment-routing" + "/sr-policy:traffic-engineering/sr-policy:policies" + "/sr-policy:policy/sr-policy:color"; } description "Reference to sr-policy color"; } Dhody Expires 27 April 2023 [Page 11] Internet-Draft Traffic-TE-YANG October 2022 leaf policy-endpoint-ref { type leafref { path "/rt:routing/sr-policy:segment-routing" + "/sr-policy:traffic-engineering/sr-policy:policies" + "/sr-policy:policy/sr-policy:endpoint"; } description "Reference to sr-policy endpoint"; } } container other { description "To dp - VN, IETF Network Slice, SFC etc"; } } /* Configuration data nodes */ container traffic-map { description "AP configurations"; list maps { key "id"; description "traffic map identifier"; leaf id { type string; description "The identifier for Traffic Maps"; } container traffic { description "The traffic description"; uses traffic-description; } container action { description "The action is limited to identifying the TE resource"; uses te-ref; } container stats { config false; description "Statistics"; leaf matched-packets { type yang:counter64; description "The number of packets that matched the traffic Dhody Expires 27 April 2023 [Page 12] Internet-Draft Traffic-TE-YANG October 2022 description"; } leaf matched-octets { type yang:counter64; description "The number of octets (byte) that matched the traffic description"; } } } } } 6. Security Considerations TBD 7. IANA Considerations IANA is requested to make the following allocation for the URIs in the "ns" subregistry within the "IETF XML Registry" [RFC3688]: -------------------------------------------------------------------- URI: urn:ietf:params:xml:ns:yang:ietf-traffic-map Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace. -------------------------------------------------------------------- IANA is requested to make the following allocation for the YANG module in the "YANG Module Names" registry [RFC6020]: -------------------------------------------------------------------- name: ietf-traffic-map namespace: urn:ietf:params:xml:ns:yang:ietf-traffic-map prefix: tm reference: RFC XXXX -------------------------------------------------------------------- 8. References 8.1. Normative References [I-D.ietf-spring-sr-policy-yang] Raza, S., Sawaya, R., Shunwan, Z., Voyer, D., Durrani, M., Matsushima, S., and V. P. Beeram, "YANG Data Model for Segment Routing Policy", Work in Progress, Internet-Draft, Dhody Expires 27 April 2023 [Page 13] Internet-Draft Traffic-TE-YANG October 2022 draft-ietf-spring-sr-policy-yang-02, 23 September 2022, . [I-D.ietf-teas-ietf-network-slice-nbi-yang] Wu, B., Dhody, D., Rokui, R., Saad, T., Han, L., and J. Mullooly, "IETF Network Slice Service YANG Model", Work in Progress, Internet-Draft, draft-ietf-teas-ietf-network- slice-nbi-yang-03, 24 October 2022, . [I-D.ietf-teas-yang-te] Saad, T., Gandhi, R., Liu, X., Beeram, V. P., Bryskin, I., and O. G. de Dios, "A YANG Data Model for Traffic Engineering Tunnels, Label Switched Paths and Interfaces", Work in Progress, Internet-Draft, draft-ietf-teas-yang-te- 31, 24 October 2022, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, . [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010, . [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, DOI 10.17487/RFC6991, July 2013, . [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . Dhody Expires 27 April 2023 [Page 14] Internet-Draft Traffic-TE-YANG October 2022 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, . [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for Routing Management (NMDA Version)", RFC 8349, DOI 10.17487/RFC8349, March 2018, . [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, "YANG Data Model for Network Access Control Lists (ACLs)", RFC 8519, DOI 10.17487/RFC8519, March 2019, . [RFC9181] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M., Ed., and Q. Wu, "A Common YANG Data Model for Layer 2 and Layer 3 VPNs", RFC 9181, DOI 10.17487/RFC9181, February 2022, . 8.2. Informative References [RFC8955] Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M. Bacher, "Dissemination of Flow Specification Rules", RFC 8955, DOI 10.17487/RFC8955, December 2020, . [RFC9168] Dhody, D., Farrel, A., and Z. Li, "Path Computation Element Communication Protocol (PCEP) Extension for Flow Specification", RFC 9168, DOI 10.17487/RFC9168, January 2022, . Appendix A. Acknowledgments Thanks to Adrian Farrel for the motivation behind this document. Appendix B. Examples TO be added in future revisions. Author's Address Dhruv Dhody Huawei Technologies Divyashree Techno Park, Whitefield Bangalore 560066 India Email: dhruv.ietf@gmail.com Dhody Expires 27 April 2023 [Page 15]