SPRING Working Group J. Rajamanickam Internet-Draft K. Raza Intended status: Standards Track Cisco Systems Expires: May 6, 2021 D. Bernier Bell Canada November 2, 2020 YANG Data Model for SR Service Programming draft-jags-spring-sr-service-programming-yang-00 Abstract This document describes a YANG data model for Segment Routing (SR) Service Programming. The model serves as a base framework for configuring and managing an SR based service programming. Additionally, this document specifies the model for a Service Proxy for SR-unaware services. The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA). Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 6, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Rajamanickam, et al. Expires May 6, 2021 [Page 1] Internet-Draft YANG Data Model for SR Service Programming November 2020 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Specification of Requirements . . . . . . . . . . . . . . . . 3 3. YANG Model . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. Service Function Types . . . . . . . . . . . . . . . . . 4 3.3. SR Service Programming Types . . . . . . . . . . . . . . 5 3.4. SR Service Programming Base . . . . . . . . . . . . . . . 5 3.4.1. Configuration . . . . . . . . . . . . . . . . . . . . 5 3.4.2. Operational State . . . . . . . . . . . . . . . . . . 6 3.4.3. Notification . . . . . . . . . . . . . . . . . . . . 7 3.5. SR Service Proxy . . . . . . . . . . . . . . . . . . . . 7 3.5.1. Static Proxy . . . . . . . . . . . . . . . . . . . . 8 3.5.2. Dynamic Proxy . . . . . . . . . . . . . . . . . . . . 9 3.5.3. Masquerading Proxy . . . . . . . . . . . . . . . . . 10 4. YANG Specification . . . . . . . . . . . . . . . . . . . . . 11 4.1. Service Types . . . . . . . . . . . . . . . . . . . . . . 11 4.2. SR Service Programming Types . . . . . . . . . . . . . . 13 4.3. SR Service Programming Base . . . . . . . . . . . . . . . 17 4.4. SR Service Proxy . . . . . . . . . . . . . . . . . . . . 23 5. Security Considerations . . . . . . . . . . . . . . . . . . . 28 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 30 8. Normative References . . . . . . . . . . . . . . . . . . . . 30 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 1. Introduction The Network Configuration Protocol (NETCONF) [RFC6241] is one of the network management protocols that defines mechanisms to manage network devices. YANG [RFC6020] is a modular language that represents data structures in an XML tree format, and is used as a data modeling language for the NETCONF. Segment Routing is an architecture based on the source routing paradigm that seeks the right balance between distributed intelligence and centralized programmability. SR can be used with an MPLS or an IPv6 data plane to steer packets through an ordered list of instructions, called segments. These segments may encode simple routing instructions for forwarding packets along a specific network Rajamanickam, et al. Expires May 6, 2021 [Page 2] Internet-Draft YANG Data Model for SR Service Programming November 2020 path, but also steer them through Virtual Network Function (VNF) or physical service appliances available in the network. In an SR network, each of these services, running either on a physical appliance or in a virtual environment, are associated with a segment identifier (SID). These service SIDs are then leveraged as part of a SID-list to steer packets through the desired services in the service chain. Service SIDs may be combined together in a SID- list to achieve the service programming, but also with other types of segments as defined in [RFC8402]. SR thus provides a fully integrated solution for overlay, underlay and service programming. Furthermore, the IPv6 instantiation of SR (SRv6) supports metadata transportation in the Segment Routing header [RFC8754], either natively in the tag field or with extensions such as TLVs. This document describes how a service can be associated with a SID, including legacy services with no SR capabilities, and how these service SIDs are integrated within an SR policy. The definition of an SR Policy and the traffic steering mechanisms are covered in [I-D.ietf-spring-segment-routing-policy] and hence outside the scope of this document. This document introduces a YANG data model for the SR based service programming configuration and management. Furthermore, this document also covers the basic SR unaware behaviours as defined in [I-D.ietf-spring-sr-service-programming]. This document does not cover the following: o SR-aware service specific management parameters The model currently defines the following constructs that are used for managing SR based service programming: o Configuration o Operational State o Notifications 2. Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Rajamanickam, et al. Expires May 6, 2021 [Page 3] Internet-Draft YANG Data Model for SR Service Programming November 2020 3. YANG Model 3.1. Overview This document defines the following four new YANG modules: o ietf-service-function-types: Defines common service function types o ietf-sr-service-programming-types: Defines common type definitions used for SR based service programming YANG model o ietf-sr-service-programming: Defines management model for SR based service programming framework. This is a base and common framework for both SR-aware and SR-unaware services. o ietf-sr-service-programming-proxy: Defines management model for SR service proxy for SR unaware services The modelling in this document complies with the Network Management Datastore Architecture (NMDA) defined in [RFC8342]. The operational state data is combined with the associated configuration data in the same hierarchy [RFC8407]. When protocol states are retrieved from the NMDA operational state datastore, the returned states cover all "config true" (rw) and "config false" (ro) nodes defined in the schema. In this document, when a simplified graphical representation of YANG model is presented in a tree diagram, the meaning of the symbols in these tree diagrams is defined in [RFC8340]. 3.2. Service Function Types A service is identified by (type, instance). The type represents the type of service functions (such as Firewall, DPI IPS etc.), whereas instance is used to refer to a specific instance of the same service. We define a new YANG module ietf-service-function-types to specify common definitions and types for service and service function. The types and definitions are generic and hence can be used in any (SR based or non-SR) YANG models. The main definitions and types defined in ietf-service-function-types module include: o service-function-type: A new identity type to specify service function types, such as firewall, dpi etc. Other identities can be define by other modules in future. Rajamanickam, et al. Expires May 6, 2021 [Page 4] Internet-Draft YANG Data Model for SR Service Programming November 2020 3.3. SR Service Programming Types The types required to model SR based service programming are defined in a new module ietf-sr-service-programming-types. The main types defined in this module includes: o service-program-behaviour-type: Defines SR service program behaviours like sr-aware, static-proxy etc... o service-program-oper-status-type: Defines SR service programming operational status. This includes the reason for down status as well o service-proxy-inner-pkt-type: Defines SR service proxy inner packet types 3.4. SR Service Programming Base The base model and framework for SR based service programming is defined in a new module ietf-sr-service-programming. This module provides a common base for both the SR-aware and SR-unaware service programming in terms of configuration, operation state and notifications. The ietf-sr-service-programming module hangs off main SR parent by augmenting "/rt:routing/sr:segment-routing". 3.4.1. Configuration This module defines some fundamental items required to configure SR based service programming. In particular, it defins service program provisioning as follows: o service program behaviour: Defining a service program behaviour o service offered: Defining a specific service (type, instance) offered this service programming o Assigning a SR service SID: Defining SID data plane, method to allocate the SID etc.. o service program enablement: Administratively Enable/Disable a service program o SR services: Defining a base container which could be augmented to define SR-aware or SR-unaware (via service-proxy) service specific parameters Rajamanickam, et al. Expires May 6, 2021 [Page 5] Internet-Draft YANG Data Model for SR Service Programming November 2020 Following is a simplified graphical tree representation of the data model for SR service programming base configuration only module: ietf-sr-service-programming augment /rt:routing/sr:segment-routing: +--rw service-programming +--rw service-program* [name] +--rw name string +--rw behaviour identityref +--rw service-type identityref +--rw service-instance uint32 +--rw dataplane sr-svc-pgm-types:dataplane-type +--rw admin-status? sr-svc-pgm-types:admin-status-type +--rw sid-binding | +--rw alloc-mode sr-svc-pgm-types:sid-alloc-mode-type | +--rw mpls | | +--rw sid? rt-types:mpls-label | +--rw srv6 | +--rw sid? srv6-types:srv6-sid | +--rw locator? -> /rt:routing/sr:segment-routing/ | srv6:srv6/locators/locator/name | +--rw sr-services Figure 1: SR Service Programming Config Tree 3.4.2. Operational State As per NMDA model, the state related to configuration items specified in above section Section 3.4.1 can be retrieved from the same tree. This section defines other operational state items related to SR based service programming. The operational state corresponding to an SR based service program includes: o Operational status: Provides detail information on the operational state of the SR service program. o statistics: Provides the statistics details such as number of packets/bytes received, processed and dropped corresponding to a SR service program. Following is a simplified graphical tree representation of the data model for the SR service programming base operational state (for read-only items): Rajamanickam, et al. Expires May 6, 2021 [Page 6] Internet-Draft YANG Data Model for SR Service Programming November 2020 module: ietf-sr-service-programming augment /rt:routing/sr:segment-routing: +--rw service-programming +--rw service-program* [name] +--ro oper-status? identityref +--ro statistics +--ro in-packet-count? yang:counter64 +--ro in-bytes-count? yang:counter64 +--ro out-packet-count? yang:counter64 +--ro out-bytes-count? yang:counter64 +--ro in-drop-packet-count? yang:counter64 +--ro out-drop-packet-count? yang:counter64 Figure 2: SR Service Programming Operational State Tree 3.4.3. Notification This model defines a list of notifications to inform an operator of important events detected during the SR service programming operation. These events are: o SR service program operational state changes: This would also give the reason for the state change when it is down Following is a simplified graphical tree representation of the data model for the SR service programming notification: module: ietf-sr-service-programming notifications: +---n service-program-oper-status +--ro name -> /rt:routing/sr:segment-routing/ sr-svc-pgm:service-programming/ service-program/name +--ro oper-status -> /rt:routing/sr:segment-routing/ sr-svc-pgm:service-programming/ service-program/oper-status Figure 3: SR Service Programming Notification Tree 3.5. SR Service Proxy This document also defines a separate and new YANG data model for Service Proxy for SR unaware services. The model defines the configuration and operational state related to different proxy behaviours defined earlier in ietf-sr-service-programming-types. The Rajamanickam, et al. Expires May 6, 2021 [Page 7] Internet-Draft YANG Data Model for SR Service Programming November 2020 model is defined in a new module ietf-sr-service-programming proxy. This module augments the SR service program tree (/rt:routing/ sr:segment-routing/sr-svc-pgm:service-programming/ sr-svc- pgm:service-program/sr-svc-pgm:sr-services) as defined earlier in ietf-sr-service-programming module. The following sections describe different types of proxy behaviours and associated YANG modelling constructs. 3.5.1. Static Proxy The static proxy is an SR endpoint behaviour for processing SR-MPLS or SRv6 encapsulated traffic on behalf of an SR-unaware services. The following parameters are required to provision the SR static proxy: o inner-packet-type: Inner packet type o next-hop: Next hop Ethernet address (only for the inner type is IPv4 or IPv6) o out-interface-name: Local interface for sending traffic towards the service Endpoint o in-interface-name: Local interface receiving traffic coming back from the service Endpoint o packet-cache-info: SR information to be attached on the traffic coming back from the service. This could be list of MPLS Label stack or SRv6 SIDs Following is a simplified graphical tree representation of the data model for the SR static proxy: Rajamanickam, et al. Expires May 6, 2021 [Page 8] Internet-Draft YANG Data Model for SR Service Programming November 2020 module: ietf-sr-service-programming-proxy augment /rt:routing/sr:segment-routing/ sr-svc-pgm:service-programming/ sr-svc-pgm:service-program/ sr-svc-pgm:sr-services: +--rw service-proxy +--rw (proxy-type) +--:(static) +--rw static-proxy +--rw inner-packet-type identityref +--rw next-hop? yang:mac-address +--rw out-interface-name string +--rw in-interface-name string +--rw packet-cache-info +--rw (cache-type) +--:(mpls) | +--rw mpls-sids* [index] | +--rw index uint8 | +--rw mpls-label rt-types:mpls-label +--:(srv6) +--rw ipv6-source-address? inet:ipv6-address +--rw srv6-sids* [index] +--rw index uint8 +--rw srv6-sid srv6-types:srv6-sid Figure 4: SR Static Proxy Tree 3.5.2. Dynamic Proxy The dynamic proxy is an improvement over the static proxy that dynamically learns the SR information before removing it from the incoming traffic. The same information can be re-attached to the traffic returning from the service Endpoints. The dynamic proxy relies on the local caching. The following parameters are required to provision the SR dynamic proxy: o out-interface-name: Local interface for sending traffic towards the service Endpoint o in-interface-name: Local interface receiving traffic coming back from the service Endpoint Following is a simplified graphical tree representation of the data model for the SR static proxy: Rajamanickam, et al. Expires May 6, 2021 [Page 9] Internet-Draft YANG Data Model for SR Service Programming November 2020 module: ietf-sr-service-programming-proxy augment /rt:routing/sr:segment-routing/ sr-svc-pgm:service-programming/ sr-svc-pgm:service-program/ sr-svc-pgm:sr-services: +--rw service-proxy +--rw (proxy-type) +--:(dynamic) +--rw dynamic-proxy +--rw out-interface-name string +--rw in-interface-name string Figure 5: SR Dynamic Proxy Tree 3.5.3. Masquerading Proxy The masquerading proxy is an SR endpoint behaviour for processing SRv6 traffic on behalf of an SR-unaware service. This masquerading behaviour is independent from the inner payload type. The following parameters are required to provision the SR masquerading proxy o next-hop: Next hop Ethernet address o out-interface-name: Local interface for sending traffic towards the service Endpoint o in-interface-name: Local interface receiving traffic coming back from the service Endpoint Following is a simplified graphical tree representation of the data model for the SR masquerading proxy: Rajamanickam, et al. Expires May 6, 2021 [Page 10] Internet-Draft YANG Data Model for SR Service Programming November 2020 module: ietf-sr-service-programming-proxy augment /rt:routing/sr:segment-routing/ sr-svc-pgm:service-programming/ sr-svc-pgm:service-program/ sr-svc-pgm:sr-services: +--rw service-proxy +--rw (proxy-type) +--:(masquerading) +--rw masquerading-proxy +--rw next-hop? yang:mac-address +--rw out-interface-name string +--rw in-interface-name string Figure 6: SR masquerading Proxy Tree 4. YANG Specification Following are actual YANG definition for SR service programming modules defined earlier in the document. 4.1. Service Types Following are the Service Types definitions. file "ietf-service-function-types.yang" --> module ietf-service-function-types { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-service-function-types"; prefix "service-types"; organization "IETF SPRING Working Group"; contact "WG Web: WG List: Editor: Jaganbabu Rajamanickam Editor: Kamran Raza Editor: Daniel Bernier "; Rajamanickam, et al. Expires May 6, 2021 [Page 11] Internet-Draft YANG Data Model for SR Service Programming November 2020 /* * Below are the definition for the service types * Any new service type could added by extending * this identity */ identity service-function-type { description "Base identity from which specific service function types are derived."; } identity firewall { base service-function-type; description "Firewall Service type"; } identity dpi { base service-function-type; description "Deep Packet Inspection Service type"; } identity napt44 { base service-function-type; description "Network Address and Port Translation 44 Service type"; } identity classifier { base service-function-type; description "classifier Service type"; } identity load-balancer { base service-function-type; description "load-balancer Service type"; } identity ips { base service-function-type; description "Intrusion Prevention System Service type (Ex: Snort)"; } Rajamanickam, et al. Expires May 6, 2021 [Page 12] Internet-Draft YANG Data Model for SR Service Programming November 2020 } Figure 7: ietf-service-function-types.yang 4.2. SR Service Programming Types Following are the SR service programming specific types definitions. file "ietf-sr-service-programming-types.yang" --> module ietf-sr-service-programming-types { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-sr-service-programming-types"; prefix "sr-service-types"; organization "IETF SPRING Working Group"; contact "WG Web: WG List: Editor: Jaganbabu Rajamanickam Editor: Kamran Raza Editor: Daniel Bernier "; /* * SR Service programming behaviour */ identity service-program-behaviour-type { description "Base identity for SR service programming behaviour"; } identity sr-aware { base service-program-behaviour-type; description "SR aware native applications."; } Rajamanickam, et al. Expires May 6, 2021 [Page 13] Internet-Draft YANG Data Model for SR Service Programming November 2020 identity static-proxy { base service-program-behaviour-type; description "Static Proxy"; } identity dynamic-proxy { base service-program-behaviour-type; description "Dynamic Proxy"; } identity Masquerading-proxy { base service-program-behaviour-type; description "Masquerading Proxy"; } identity Masquerading-NAT-proxy { base service-program-behaviour-type; description "Masquerading Proxy with NAT flavor"; } identity Masquerading-caching-proxy { base service-program-behaviour-type; description "Masquerading Proxy with caching flavor"; } identity Masquerading-NAT-caching-proxy { base service-program-behaviour-type; description "Masquerading Proxy with caching flavor"; } /* * Below are the definition for the service proxy inner packet types * Any new service proxy inner packet type could added by extending * this identity */ identity service-proxy-inner-pkt-type { description "Base identity from which SR service proxy types are derived."; } identity Ethernet { Rajamanickam, et al. Expires May 6, 2021 [Page 14] Internet-Draft YANG Data Model for SR Service Programming November 2020 base service-proxy-inner-pkt-type; description "Expected inner packet type as Ethernet - derived from service-proxy-inner-pkt-type"; } identity IPv4 { base service-proxy-inner-pkt-type; description "Expected inner packet type as IPv4 - derived from service-proxy-inner-pkt-type"; } identity IPv6 { base service-proxy-inner-pkt-type; description "Expected inner packet type as IPv6 - derived from service-proxy-inner-pkt-type"; } /* * SR Service SID operational status */ identity service-program-oper-status-type { description "Base identity from which SR service program operational status types are derived."; } identity up { base service-program-oper-status-type; description "Service program status is operational"; } identity down-unknown { base service-program-oper-status-type; description "Service program status is down because of unknown reason"; } identity sid-allocation-pending { base service-program-oper-status-type; description "Service program status is down because of SID allocation is pending"; } Rajamanickam, et al. Expires May 6, 2021 [Page 15] Internet-Draft YANG Data Model for SR Service Programming November 2020 identity sid-allocation-conflict { base service-program-oper-status-type; description "Service program status is down because of SID conflict"; } identity sid-out-of-bound { base service-program-oper-status-type; description "Service program status is down because of SID is out of bound"; } identity interface-down { base service-program-oper-status-type; description "Service program status is down because of out/in interface is down"; } identity admin-forced-down { base service-program-oper-status-type; description "Service program status is administratively forced down"; } /* * Typedefs */ typedef admin-status-type { type enumeration { enum up { description "Admin Up"; } enum down { description "Admin Down"; } } } typedef dataplane-type { type enumeration { enum mpls { description "MPLS dataplane"; } enum srv6 { description "SRv6 dataplane"; } } } Rajamanickam, et al. Expires May 6, 2021 [Page 16] Internet-Draft YANG Data Model for SR Service Programming November 2020 typedef sid-alloc-mode-type { type enumeration { enum static { description "Static SID allocation"; } enum dynamic { description "Dynamic SID allocation"; } } } } Figure 8: ietf-sr-service-programming-types.yang 4.3. SR Service Programming Base Following are the SR service programming base model definition. file "ietf-sr-service-programming.yang" --> module ietf-sr-service-programming { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-sr-service-programming"; prefix "sr-svc-pgm"; import ietf-yang-types { prefix "yang"; } import ietf-srv6-base { prefix "srv6"; } import ietf-routing { prefix rt; reference "RFC 8349: A YANG Data Model for Routing Management (NMDA Version)"; } import ietf-service-function-types { prefix "service-types"; } Rajamanickam, et al. Expires May 6, 2021 [Page 17] Internet-Draft YANG Data Model for SR Service Programming November 2020 import ietf-segment-routing { prefix sr; } import ietf-sr-service-programming-types { prefix "sr-svc-pgm-types"; } import ietf-routing-types { prefix "rt-types"; } import ietf-srv6-types { prefix "srv6-types"; } organization "IETF SPRING Working Group"; contact "WG Web: WG List: Editor: Jaganbabu Rajamanickam Editor: Kamran Raza Editor: Daniel Bernier "; grouping service-statistics { container statistics { config false; description "Service statistics"; leaf in-packet-count { type yang:counter64; description "Total number of packets processed by this service"; } leaf in-bytes-count { type yang:counter64; description "Total number of bytes processed by this service"; Rajamanickam, et al. Expires May 6, 2021 [Page 18] Internet-Draft YANG Data Model for SR Service Programming November 2020 } leaf out-packet-count { type yang:counter64; description "Total number of packets end out after processing by this service"; } leaf out-bytes-count { type yang:counter64; description "Total number of bytes end out after processing by this service"; } leaf in-drop-packet-count { type yang:counter64; description "Total number of packets dropped while processing by this service"; } leaf out-drop-packet-count { type yang:counter64; description "Total number of packets dropped while this service try to forward to its destination"; } } } grouping service-mpls-sid-binding { container mpls { description "MPLS Service SID binding Container"; when "../../dataplane = 'mpls'"; leaf sid { type rt-types:mpls-label; description "MPLS SID value."; } } } grouping service-srv6-sid-binding { container srv6 { description "SRv6 Service SID binding Container"; Rajamanickam, et al. Expires May 6, 2021 [Page 19] Internet-Draft YANG Data Model for SR Service Programming November 2020 when "../../dataplane = 'srv6'"; leaf sid { type srv6-types:srv6-sid; description "SRv6 SID value."; } leaf locator { type leafref { path "/rt:routing/sr:segment-routing" + "/srv6:srv6/srv6:locators/srv6:locator/srv6:name"; } description "Reference to a SRv6 locator. This is valid only when the SID allocation mode is dynamic"; } } } grouping service-sid-binding { container sid-binding { description "Service SID binding Container"; leaf alloc-mode { mandatory true; type sr-svc-pgm-types:sid-alloc-mode-type; description "Service SID allocation mode"; } uses service-mpls-sid-binding; uses service-srv6-sid-binding; } } grouping service-programming { container service-programming { description "service programming container. Any new services programming added could augment this container to support that specific services. Currently in this model, only service proxy is defined. (i.e) For example if a Firewall services needs to be added then they could augment this container and extend this model"; Rajamanickam, et al. Expires May 6, 2021 [Page 20] Internet-Draft YANG Data Model for SR Service Programming November 2020 list service-program { key "name"; description "Service program is keyed by the service program name"; leaf name { type string; description "Service program name to identify a specific program."; } leaf behaviour { mandatory true; type identityref { base sr-svc-pgm-types:service-program-behaviour-type; } description "SR program behaviour"; } leaf service-type { mandatory true; type identityref { base service-types:service-function-type; } description "Service-Type defined by IANA (STT). This is either the SR-aware service of SR-unaware service offered by an SR proxy"; } leaf service-instance { mandatory true; type uint32; description "Service instance which differentiates the same service -- e.g. same Firewall service could have several instances available. The type and the instance would describe a specific instance which the application would like to choose"; } leaf dataplane { mandatory true; type sr-svc-pgm-types:dataplane-type; description "Service SID dataplane."; } Rajamanickam, et al. Expires May 6, 2021 [Page 21] Internet-Draft YANG Data Model for SR Service Programming November 2020 leaf admin-status { type sr-svc-pgm-types:admin-status-type; default down; description "Admin Status"; } leaf oper-status { config false; type identityref { base sr-svc-pgm-types:service-program-oper-status-type; } description "Service SID operational mode."; } uses service-sid-binding; uses service-statistics; container sr-services { description "Any SR-aware or AR-unaware services could augment this container"; reference "Segment Routing Service Programming Architecture."; } } } } augment "/rt:routing/sr:segment-routing" { description "Augmenting the segment-routing bindings to add SR service programming"; uses service-programming; } notification service-program-oper-status { description "This notification is sent when there is a change in the service program oper status."; leaf name { mandatory true; type leafref { path "/rt:routing/sr:segment-routing/" + "sr-svc-pgm:service-programming/" + "sr-svc-pgm:service-program/" + "sr-svc-pgm:name"; } Rajamanickam, et al. Expires May 6, 2021 [Page 22] Internet-Draft YANG Data Model for SR Service Programming November 2020 description "Service program name to identify a specific programming."; } leaf oper-status { mandatory true; type leafref { path "/rt:routing/sr:segment-routing/" + "sr-svc-pgm:service-programming/" + "sr-svc-pgm:service-program/" + "sr-svc-pgm:oper-status"; } description "Service program operational status."; } } } Figure 9: ietf-sr-service-programming.yang 4.4. SR Service Proxy Following are the SR service programming service proxy model definition. file "ietf-sr-service-programming-proxy.yang" --> module ietf-sr-service-programming-proxy { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-sr-service-programming-proxy"; prefix "sr-svc-proxy"; import ietf-yang-types { prefix yang; } import ietf-routing { prefix rt; reference "RFC 8349: A YANG Data Model for Routing Management (NMDA Version)"; } import ietf-inet-types { Rajamanickam, et al. Expires May 6, 2021 [Page 23] Internet-Draft YANG Data Model for SR Service Programming November 2020 prefix "inet"; } import ietf-segment-routing { prefix sr; } import ietf-sr-service-programming { prefix "sr-svc-pgm"; } import ietf-sr-service-programming-types { prefix "sr-svc-pgm-types"; } import ietf-routing-types { prefix "rt-types"; } import ietf-srv6-types { prefix "srv6-types"; } organization "IETF SPRING Working Group"; contact "WG Web: WG List: Editor: Jaganbabu Rajamanickam Editor: Kamran Raza Editor: Daniel Bernier "; grouping service-proxy-parameters { leaf out-interface-name { mandatory true; type string; description "Interface name on which the packet sent to the service endpoint"; } leaf in-interface-name { Rajamanickam, et al. Expires May 6, 2021 [Page 24] Internet-Draft YANG Data Model for SR Service Programming November 2020 mandatory true; type string; description "Interface name on which the packet received from the service endpoint"; } } grouping mpls-packet-cache-info { description "MPLS Label stack"; list mpls-sids { key "index"; leaf index { type uint8 { range "1..16"; } description "cache index - MPLS Label stack index"; } leaf mpls-label { mandatory true; type rt-types:mpls-label; description "MPLS Label value."; } } } grouping srv6-packet-cache-info { description "SRv6 SID stack"; leaf ipv6-source-address { type inet:ipv6-address; description "IPv6 source address that needs in the case if SRv6."; } list srv6-sids { key "index"; leaf index { type uint8 { range "1..16"; } description Rajamanickam, et al. Expires May 6, 2021 [Page 25] Internet-Draft YANG Data Model for SR Service Programming November 2020 "cache index - SRv6 SID index"; } leaf srv6-sid { mandatory true; type srv6-types:srv6-sid; description "SRv6 SID."; } } } grouping service-proxy-packet-cache-info { description "SRv6 Proxy header cache"; container packet-cache-info { choice cache-type { mandatory true; case mpls { when "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming /sr-svc-pgm:service-program /sr-svc-pgm:dataplane = 'mpls'"; uses mpls-packet-cache-info; } case srv6 { when "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming /sr-svc-pgm:service-program /sr-svc-pgm:dataplane = 'srv6'"; uses srv6-packet-cache-info; } } // uses mpls-packet-cache-info; // uses srv6-packet-cache-info; } } grouping static-service-proxy { container static-proxy { description "Parameters related to static service proxy"; leaf inner-packet-type { Rajamanickam, et al. Expires May 6, 2021 [Page 26] Internet-Draft YANG Data Model for SR Service Programming November 2020 mandatory true; type identityref { base sr-svc-pgm-types:service-proxy-inner-pkt-type; } description "Defines the expected inner packet type"; } leaf next-hop { when "(../inner-packet-type = 'IPv4' or ../inner-packet-type = 'IPv6')"; type yang:mac-address; description "Nexthop Ethernet address for inner packet type IPv4/IPv6"; } uses service-proxy-parameters; uses service-proxy-packet-cache-info; } } grouping dynamic-service-proxy { container dynamic-proxy { description "Parameters related to dynamic service proxy"; uses service-proxy-parameters; } } grouping masquerading-service-parameters { leaf next-hop { mandatory true; type yang:mac-address; description "Nexthop Ethernet address"; } uses service-proxy-parameters; } grouping masquerading-service-proxy { container masquerading-proxy { description "Parameters related to masquerading service proxy"; when "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming /sr-svc-pgm:service-program /sr-svc-pgm:dataplane = 'srv6'"; uses masquerading-service-parameters; Rajamanickam, et al. Expires May 6, 2021 [Page 27] Internet-Draft YANG Data Model for SR Service Programming November 2020 } } grouping service-proxy-programming { container service-proxy { choice proxy-type { mandatory true; case static { when "/rt:routing/sr:segment-routing/ sr-svc-pgm:service-programming /sr-svc-pgm:service-program /sr-svc-pgm:dataplane = 'srv6'"; uses static-service-proxy; } case dynamic { uses dynamic-service-proxy; } case masquerading { uses masquerading-service-proxy; } } //uses dynamic-service-proxy; } } augment "/rt:routing/sr:segment-routing/sr-svc-pgm:service-programming/sr-svc-pgm:service-program/sr-svc-pgm:sr-services" { description "Augmenting the segment-routing bindings to add SR-unaware service programming"; uses service-proxy-programming; } } Figure 10: ietf-sr-service-programming-proxy.yang 5. Security Considerations The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure Rajamanickam, et al. Expires May 6, 2021 [Page 28] Internet-Draft YANG Data Model for SR Service Programming November 2020 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446]. The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. There are a number of data nodes defined in this YANG module that are writable/creatable/ deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. It goes without saying that this specification also inherits the security considerations captured in the SRv6 specification document [I-D.ietf-spring-sr-service-programming]. 6. IANA Considerations This document requests the registration of the following URIs in the IETF "XML registry" [RFC3688]: +--------------------------------------------------+----------+-----+ | URI | Registra | XML | | | nt | | +--------------------------------------------------+----------+-----+ | urn:ietf:params:xml:ns:yang:ietf-service- | The IESG | N/A | | function-types | | | | urn:ietf:params:xml:ns:yang:ietf-sr-service- | The IESG | N/A | | programming-types | | | | | | | | urn:ietf:params:xml:ns:yang:ietf-sr-service- | The IESG | N/A | | programming | | | | urn:ietf:params:xml:ns:yang:ietf-sr-service- | The IESG | N/A | | programming-proxy | | | +--------------------------------------------------+----------+-----+ This document requests the registration of the following YANG modules in the "YANG Module Names" registry [RFC6020]: Rajamanickam, et al. Expires May 6, 2021 [Page 29] Internet-Draft YANG Data Model for SR Service Programming November 2020 +---------------+--------------------------+----------------+-------+ | Name | Namespace | Prefix | Refer | | | | | ence | +---------------+--------------------------+----------------+-------+ | ietf-service- | urn:ietf:params:xml:ns:y | service- | This | | function- | ang:ietf-service- | function-types | docum | | types | function-types | | ent | | | | | | | ietf-sr- | urn:ietf:params:xml:ns:y | ietf-sr- | This | | service- | ang:ietf-sr-service- | service- | docum | | programming- | programming-types | programming- | ent | | types | | types | | | | | | | | ietf-sr- | urn:ietf:params:xml:ns:y | ietf-sr- | This | | service- | ang:ietf-sr-service- | service- | docum | | programming | programming | programming | ent | | | | | | | ietf-sr- | urn:ietf:params:xml:ns:y | ietf-sr- | This | | service- | ang:ietf-sr-service- | service- | docum | | programming- | programming-proxy | programming- | ent | | proxy | | proxy | | +---------------+--------------------------+----------------+-------+ -- RFC Editor: Replace "This document" with the document RFC number at time of publication, and remove this note. 7. Acknowledgments The authors would like to acknowledge Francois Clad, Ketan Talaulikar, and Darren Dukes for their review of some of the contents in this document. 8. Normative References [I-D.ietf-spring-segment-routing-policy] Filsfils, C., Talaulikar, K., Voyer, D., Bogdanov, A., and P. Mattes, "Segment Routing Policy Architecture", draft- ietf-spring-segment-routing-policy-09 (work in progress), November 2020. [I-D.ietf-spring-sr-service-programming] Clad, F., Xu, X., Filsfils, C., daniel.bernier@bell.ca, d., Li, C., Decraene, B., Ma, S., Yadlapalli, C., Henderickx, W., and S. Salsano, "Service Programming with Segment Routing", draft-ietf-spring-sr-service- programming-03 (work in progress), September 2020. Rajamanickam, et al. Expires May 6, 2021 [Page 30] Internet-Draft YANG Data Model for SR Service Programming November 2020 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, . [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010, . [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, . [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, . [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, . [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, March 2018, . [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, . Rajamanickam, et al. Expires May 6, 2021 [Page 31] Internet-Draft YANG Data Model for SR Service Programming November 2020 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, July 2018, . [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of Documents Containing YANG Data Models", BCP 216, RFC 8407, DOI 10.17487/RFC8407, October 2018, . [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, . [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, . Authors' Addresses Jaganbabu Rajamanickam Cisco Systems Email: jrajaman@cisco.com Kamran Raza Cisco Systems Email: skraza@cisco.com Daniel Bernier Bell Canada Email: daniel.bernier@bell.ca Rajamanickam, et al. Expires May 6, 2021 [Page 32]