draft-ietf-opsawg-model-automation-framework-07.txt   draft-ietf-opsawg-model-automation-framework-08.txt 
OPSAWG Q. Wu, Ed. OPSAWG Q. Wu, Ed.
Internet-Draft Huawei Internet-Draft Huawei
Intended status: Informational M. Boucadair, Ed. Intended status: Informational M. Boucadair, Ed.
Expires: April 14, 2021 Orange Expires: April 26, 2021 Orange
D. Lopez D. Lopez
Telefonica I+D Telefonica I+D
C. Xie C. Xie
China Telecom China Telecom
L. Geng L. Geng
China Mobile China Mobile
October 11, 2020 October 23, 2020
A Framework for Automating Service and Network Management with YANG A Framework for Automating Service and Network Management with YANG
draft-ietf-opsawg-model-automation-framework-07 draft-ietf-opsawg-model-automation-framework-08
Abstract Abstract
Data models provide a programmatic approach to represent services and Data models provide a programmatic approach to represent services and
networks. Concretely, they can be used to derive configuration networks. Concretely, they can be used to derive configuration
information for network and service components, and state information information for network and service components, and state information
that will be monitored and tracked. Data models can be used during that will be monitored and tracked. Data models can be used during
the service and network management life cycle, such as service the service and network management life cycle, such as service
instantiation, provisioning, optimization, monitoring, diagnostic, instantiation, provisioning, optimization, monitoring, diagnostic,
and assurance. Data models are also instrumental in the automation and assurance. Data models are also instrumental in the automation
of network management, and they can provide closed-loop control for of network management, and they can provide closed-loop control for
adaptive and deterministic service creation, delivery, and adaptive and deterministic service creation, delivery, and
maintenance. maintenance.
This document describes an architecture for service and network This document describes a framework for service and network
management automation that takes advantage of YANG modeling management automation that takes advantage of YANG modeling
technologies. This architecture is drawn from a network operator technologies. This framework is drawn from a network operator
perspective irrespective of the origin of a data model; it can thus perspective irrespective of the origin of a data model; it can thus
accommodate modules that are developed outside the IETF. accommodate YANG modules that are developed outside the IETF.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 14, 2021. This Internet-Draft will expire on April 26, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 32 skipping to change at page 2, line 32
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Acronyms . . . . . . . . . . . . . . . . . . 5 2. Terminology and Acronyms . . . . . . . . . . . . . . . . . . 5
2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
2.2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Architectural Concepts and Goals . . . . . . . . . . . . . . 7 3. Architectural Concepts and Goals . . . . . . . . . . . . . . 7
3.1. Data Models: Layering and Representation . . . . . . . . 7 3.1. Data Models: Layering and Representation . . . . . . . . 7
3.2. Automation of Service Delivery Procedures . . . . . . . . 11 3.2. Automation of Service Delivery Procedures . . . . . . . . 12
3.3. Service Fullfillment Automation . . . . . . . . . . . . . 12 3.3. Service Fulfillment Automation . . . . . . . . . . . . . 13
3.4. YANG Modules Integration . . . . . . . . . . . . . . . . 12 3.4. YANG Modules Integration . . . . . . . . . . . . . . . . 13
4. Functional Blocks and Interactions . . . . . . . . . . . . . 13 4. Functional Blocks and Interactions . . . . . . . . . . . . . 14
4.1. Service Lifecycle Management Procedure . . . . . . . . . 13 4.1. Service Lifecycle Management Procedure . . . . . . . . . 15
4.1.1. Service Exposure . . . . . . . . . . . . . . . . . . 14 4.1.1. Service Exposure . . . . . . . . . . . . . . . . . . 15
4.1.2. Service Creation/Modification . . . . . . . . . . . . 14 4.1.2. Service Creation/Modification . . . . . . . . . . . . 15
4.1.3. Service Assurance . . . . . . . . . . . . . . . . . . 15 4.1.3. Service Assurance . . . . . . . . . . . . . . . . . . 16
4.1.4. Service Optimization . . . . . . . . . . . . . . . . 15 4.1.4. Service Optimization . . . . . . . . . . . . . . . . 16
4.1.5. Service Diagnosis . . . . . . . . . . . . . . . . . . 15 4.1.5. Service Diagnosis . . . . . . . . . . . . . . . . . . 16
4.1.6. Service Decommission . . . . . . . . . . . . . . . . 16 4.1.6. Service Decommission . . . . . . . . . . . . . . . . 17
4.2. Service Fullfillment Management Procedure . . . . . . . . 16 4.2. Service Fullfillment Management Procedure . . . . . . . . 17
4.2.1. Intended Configuration Provision . . . . . . . . . . 16 4.2.1. Intended Configuration Provision . . . . . . . . . . 17
4.2.2. Configuration Validation . . . . . . . . . . . . . . 17 4.2.2. Configuration Validation . . . . . . . . . . . . . . 18
4.2.3. Performance Monitoring/Model-driven Telemetry . . . . 17 4.2.3. Performance Monitoring . . . . . . . . . . . . . . . 18
4.2.4. Fault Diagnostic . . . . . . . . . . . . . . . . . . 17 4.2.4. Fault Diagnostic . . . . . . . . . . . . . . . . . . 19
4.3. Multi-Layer/Multi-Domain Service Mapping . . . . . . . . 18 4.3. Multi-Layer/Multi-Domain Service Mapping . . . . . . . . 19
4.4. Service Decomposing . . . . . . . . . . . . . . . . . . . 18 4.4. Service Decomposition . . . . . . . . . . . . . . . . . . 19
5. YANG Data Model Integration Examples . . . . . . . . . . . . 18 5. YANG Data Model Integration Examples . . . . . . . . . . . . 20
5.1. L2VPN/L3VPN Service Delivery . . . . . . . . . . . . . . 18 5.1. L2VPN/L3VPN Service Delivery . . . . . . . . . . . . . . 20
5.2. VN Lifecycle Management . . . . . . . . . . . . . . . . . 21 5.2. VN Lifecycle Management . . . . . . . . . . . . . . . . . 22
5.3. Event-based Telemetry in the Device Self Management . . . 22 5.3. Event-based Telemetry in the Device Self Management . . . 23
6. Security Considerations . . . . . . . . . . . . . . . . . . . 23 6. Security Considerations . . . . . . . . . . . . . . . . . . . 24
6.1. Service Level . . . . . . . . . . . . . . . . . . . . . . 24 6.1. Service Level . . . . . . . . . . . . . . . . . . . . . . 25
6.2. Network Level . . . . . . . . . . . . . . . . . . . . . . 24 6.2. Network Level . . . . . . . . . . . . . . . . . . . . . . 26
6.3. Device Level . . . . . . . . . . . . . . . . . . . . . . 25 6.3. Device Level . . . . . . . . . . . . . . . . . . . . . . 26
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 25 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 25 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 27
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 27
10.1. Normative References . . . . . . . . . . . . . . . . . . 26 10.1. Normative References . . . . . . . . . . . . . . . . . . 27
10.2. Informative References . . . . . . . . . . . . . . . . . 27 10.2. Informative References . . . . . . . . . . . . . . . . . 28
Appendix A. Layered YANG Modules Examples Overview . . . . . . . 35 Appendix A. Layered YANG Modules Examples Overview . . . . . . . 37
A.1. Service Models: Definition and Samples . . . . . . . . . 36 A.1. Service Models: Definition and Samples . . . . . . . . . 37
A.2. Schema Mount . . . . . . . . . . . . . . . . . . . . . . 36 A.2. Schema Mount . . . . . . . . . . . . . . . . . . . . . . 38
A.3. Network Models: Samples . . . . . . . . . . . . . . . . . 37 A.3. Network Models: Samples . . . . . . . . . . . . . . . . . 38
A.4. Device Models: Samples . . . . . . . . . . . . . . . . . 39 A.4. Device Models: Samples . . . . . . . . . . . . . . . . . 41
A.4.1. Model Composition . . . . . . . . . . . . . . . . . . 41 A.4.1. Model Composition . . . . . . . . . . . . . . . . . . 43
A.4.2. Device Management . . . . . . . . . . . . . . . . . . 41 A.4.2. Device Management . . . . . . . . . . . . . . . . . . 43
A.4.3. Interface Management . . . . . . . . . . . . . . . . 41 A.4.3. Interface Management . . . . . . . . . . . . . . . . 43
A.4.4. Some Device Model Examples . . . . . . . . . . . . . 41 A.4.4. Some Device Model Examples . . . . . . . . . . . . . 43
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46
1. Introduction 1. Introduction
Service management systems usually comprise service activation/ Service management systems usually comprise service activation/
provision and service operation. Current service delivery provision and service operation. Current service delivery
procedures, from the processing of customer's requirements and orders procedures, from the processing of customer requirements and orders
to service delivery and operation, typically assume the manipulation to service delivery and operation, typically assume the manipulation
of data sequentially into multiple Operations Support System (OSS) or of data sequentially into multiple Operations Support System (OSS) or
Business Support System (BSS) applications that may be managed by Business Support System (BSS) applications that may be managed by
different departments within the service provider's organization different departments within the service provider's organization
(e.g., billing factory, design factory, network operation center). (e.g., billing factory, design factory, network operation center).
In addition, many of these applications have been developed in-house Many of these applications have been developed in-house over the
over the years and operate in a silo mode: years and operate in a silo mode:
o The lack of standard data input/output (i.e., data model) raises o The lack of standard data input/output (i.e., data model) raises
many challenges in system integration and often results in manual many challenges in system integration and often results in manual
configuration tasks. configuration tasks.
o Service fulfillment systems might have a limited visibility on the o Service fulfillment systems might have a limited visibility on the
network state and therefore have slow response to network changes. network state and therefore have slow response to network changes.
Software Defined Networking (SDN) becomes crucial to address these Software Defined Networking (SDN) becomes crucial to address these
challenges. SDN techniques are meant to automate the overall service challenges. SDN techniques are meant to automate the overall service
skipping to change at page 4, line 36 skipping to change at page 4, line 36
Models are key for each of the aforementioned four technical items. Models are key for each of the aforementioned four technical items.
Service and network management automation is an important step to Service and network management automation is an important step to
improve the agility of network operations. Models are also important improve the agility of network operations. Models are also important
to ease integrating multi-vendor solutions. to ease integrating multi-vendor solutions.
YANG [RFC7950] module developers have taken both top-down and bottom- YANG [RFC7950] module developers have taken both top-down and bottom-
up approaches to develop modules [RFC8199] and to establish a mapping up approaches to develop modules [RFC8199] and to establish a mapping
between a network technology and customer requirements at the top or between a network technology and customer requirements at the top or
abstracting common constructs from various network technologies at abstracting common constructs from various network technologies at
the bottom. At the time of writing this document (2020), there are the bottom. At the time of writing this document (2020), there are
many YANG data models including configuration and Service Models that many YANG data models including configuration and service models that
have been specified or are being specified by the IETF. They cover have been specified or are being specified by the IETF. They cover
many of the networking protocols and techniques. However, how these many of the networking protocols and techniques. However, how these
models work together to configure a function, manage a set of devices models work together to configure a function, manage a set of devices
involved in a service, or provide a service is something that is not involved in a service, or provide a service is something that is not
currently documented either within the IETF or other Standards currently documented either within the IETF or other Standards
Development Organizations (SDOs). Development Organizations (SDOs).
Many of the YANG modules listed in this document are used to exchange Many of the YANG modules listed in this document are used to exchange
data between a NETCONF/RESTCONF clients and servers data between NETCONF/RESTCONF clients and servers [RFC6241][RFC8040].
[RFC6241][RFC8040]. Nevertheless, YANG is transport independent data Nevertheless, YANG is transport-independent data modeling language.
modeling language. It can thus be used independently of NETCONF/ It can thus be used independently of NETCONF/RESTOCNF. For example,
RESTOCNF. For example, YANG can be used to define abstract data YANG can be used to define abstract data structures [RFC8791] that
structures [RFC8791] that can be manipulated by other protocols can be manipulated by other protocols (e.g.,
(e.g., [I-D.ietf-dots-rfc8782-bis]). [I-D.ietf-dots-rfc8782-bis]).
This document describes an architectural framework for service and This document describes an architectural framework for service and
network management automation (Section 3) that takes advantage of network management automation (Section 3) that takes advantage of
YANG modeling technologies and investigates how different layer YANG YANG modeling technologies and investigates how YANG data models at
data models interact with each other (e.g., service mapping, model different layers interact with each other (e.g., service mapping,
composing) in the context of service delivery and fulfillment model composition) in the context of service delivery and fulfillment
(Section 4). Concretely, the following benefits can be provided: (Section 4). Concretely, the following benefits can be provided:
o Allow for vendor-agnostic interfaces to manage a service and the o Allow for vendor-agnostic interfaces to manage a service and the
underlying network. underlying network.
o Move from deployment schemes where vendor-specific network o Move from deployment schemes where vendor-specific network
managers are required to a scheme where the entities that are managers are required to a scheme where the entities that are
responsible for orchestrating and controlling services and network responsible for orchestrating and controlling services and network
resources provided by multi-vendor devices are unified. resources provided by multi-vendor devices are unified.
o Ease data inheritance and reusability among the various o Ease data inheritance and reusability among the various
architecture layers promoting thus a network-wise provisioning architecture layers thus promoting a network-wise provisioning
instead of device-specific configuration. instead of device-specific configuration.
o Dynamically fed a decision-making process (e.g., Controllers, o Dynamically feed a decision-making process (e.g., Controllers,
Orchestrators) with notifications that will trigger appropriate Orchestrators) with notifications that will trigger appropriate
actions allowing thus to continuously adjust a network (and thus actions, allowing that decision-making process to continuously
involved resources) to comply the intended service to deliver. adjust a network (and thus, the involved resources) to deliver the
service that conforms to the intended parameters (service
objectives).
This framework is drawn from a network operator perspective This framework is drawn from a network operator perspective
irrespective of the origin of a data model; it can also accommodate irrespective of the origin of a data model; it can also accommodate
modules that are developed outside the IETF. The document covers YANG modules that are developed outside the IETF. The document
Service Models that are used by an operator to expose its services covers service models that are used by an operator to expose its
and capture service requirements from the customers (including other services and capture service requirements from the customers
operators). Nevertheless, the document does not elaborate on the (including other operators). Nevertheless, the document does not
communication protocol(s) that makes use of these Service Models in elaborate on the communication protocol(s) that makes use of these
order to request and deliver a service. Such considerations are out service models in order to request and deliver a service. Such
of the scope. considerations are out of scope.
The document identifies a list of use cases to exemplify the proposed The document identifies a list of use cases to exemplify the proposed
approach (Section 5), but it does not claim nor aim to be exhaustive. approach (Section 5), but it does not claim nor aim to be exhaustive.
Appendix A lists some examples to illustrate the layered YANG modules Appendix A lists some examples to illustrate the layered YANG modules
view. view.
2. Terminology and Acronyms 2. Terminology and Acronyms
2.1. Terminology 2.1. Terminology
skipping to change at page 6, line 20 skipping to change at page 6, line 23
o Service Model o Service Model
o Network Element Module o Network Element Module
In addition, the document makes use of the following terms: In addition, the document makes use of the following terms:
Network Model: Describes a network level abstraction (or a subset of Network Model: Describes a network level abstraction (or a subset of
aspects of a network infrastructure), including devices and their aspects of a network infrastructure), including devices and their
subsystems, and relevant protocols operating at the link and subsystems, and relevant protocols operating at the link and
network layers across multiple devices. This model corresponds to network layers across multiple devices. This model corresponds to
the Network Configuration Model discussed in [RFC8309]. the network configuration model discussed in [RFC8309].
It can be used by a network operator to allocate resources (e.g., It can be used by a network operator to allocate resources (e.g.,
tunnel resource, topology resource) for the service or schedule tunnel resource, topology resource) for the service or schedule
resources to meet the service requirements defined in a Service resources to meet the service requirements defined in a service
Model. model.
Network Domain: Refers to a network partitioning that is usually Network Domain: Refers to a network partitioning that is usually
followed by network operators to delimit parts of their network. followed by network operators to delimit parts of their network.
"access network" and "core network" are examples of network "access network" and "core network" are examples of network
domains. domains.
Device Model: Refers to the Network Element YANG data model Device Model: Refers to the Network Element YANG data model
described in [RFC8199] or the Device Configuration Model discussed described in [RFC8199] or the device configuration model discussed
in [RFC8309]. in [RFC8309].
Device Models are also used to refer to model a function embedded Device models are also used to refer to model a function embedded
in a device (e.g., Network Address Translation (NAT) [RFC8512], in a device (e.g., Network Address Translation (NAT) [RFC8512],
Access Control Lists (ACLs) [RFC8519]). Access Control Lists (ACLs) [RFC8519]).
Pipe: Refers to a communication scope where only one-to-one (1:1) Pipe: Refers to a communication scope where only one-to-one (1:1)
communications are allowed. The scope can be identified between communications are allowed. The scope can be identified between
ingress and egress nodes, two service sites, etc. ingress and egress nodes, two service sites, etc.
Hose: Refers to a communication scope where one-to-many (1:N) Hose: Refers to a communication scope where one-to-many (1:N)
communications are allowed (e.g., one site to multiple sites). communications are allowed (e.g., one site to multiple sites).
Funnel: Refers to a communication scope where many-to-one (N:1) Funnel: Refers to a communication scope where many-to-one (N:1)
communications are allowed. communications are allowed.
2.2. Acronyms 2.2. Acronyms
The following acronyms are used in the document: The following acronyms are used in the document:
ACL Access Control List ACL Access Control List
AS Autonomous System AS Autonomous System
AP Access Point
CE Customer Edge CE Customer Edge
DBE Data Border Element DBE Data Border Element
E2E End-to-End E2E End-to-End
ECA Event Condition Action ECA Event Condition Action
L2VPN Layer 2 Virtual Private Network L2VPN Layer 2 Virtual Private Network
L3VPN Layer 3 Virtual Private Network L3VPN Layer 3 Virtual Private Network
L3SM L3VPN Service Model L3SM L3VPN Service Model
L3NM L3VPN Network Model L3NM L3VPN Network Model
NAT Network Address Translation NAT Network Address Translation
OAM Operations, Administration, and Maintenance OAM Operations, Administration, and Maintenance
OWD One-Way Delay OWD One-Way Delay
PE Provider Edge PE Provider Edge
PM Performance Monitoring
QoS Quality of Service QoS Quality of Service
RD Route Distinguisher RD Route Distinguisher
RT Route Target RT Route Target
SBE Session Border Element SBE Session Border Element
SDN Software Defined Networking SDN Software Defined Networking
SP Service Provider SP Service Provider
TE Traffic Engineering TE Traffic Engineering
VN Virtual Network VN Virtual Network
VPN Virtual Private Network VPN Virtual Private Network
VRF Virtual Routing and Forwarding VRF Virtual Routing and Forwarding
3. Architectural Concepts and Goals 3. Architectural Concepts and Goals
3.1. Data Models: Layering and Representation 3.1. Data Models: Layering and Representation
As described in Section 2 of [RFC8199], layering of modules allows As described in Section 2 of [RFC8199], layering of modules allows
for better reusability of lower-layer modules by higher-level modules for better reusability of lower-layer modules by higher-level modules
while limiting duplication of features across layers. while limiting duplication of features across layers.
Data models in the context of network management can be classified Data models in the context of network management can be classified
into Service, Network, and Device Models. Different Service Models into service, network, and device models. Different service models
may rely on the same set of Network and/or Device Models. may rely on the same set of network and/or device models.
Service Models traditionally follow a top-down approach and are Service models traditionally follow a top-down approach and are
mostly customer-facing YANG modules providing a common model mostly customer-facing YANG modules providing a common model
construct for higher level network services (e.g., Layer 3 Virtual construct for higher level network services (e.g., Layer 3 Virtual
Private Network (L3VPN)). Such modules can be mapped to network Private Network (L3VPN)). Such modules can be mapped to network
technology-specific modules at lower layers (e.g., tunnel, routing, technology-specific modules at lower layers (e.g., tunnel, routing,
Quality of Service (QoS), security). For example, Service Models can Quality of Service (QoS), security). For example, service models can
be used to characterise the network service(s) to be ensured between be used to characterise the network service(s) to be ensured between
service nodes (ingress/egress) such as: service nodes (ingress/egress) such as:
o the communication scope (pipe, hose, funnel, ...), o the communication scope (pipe, hose, funnel, ...),
o the directionality (inbound/outbound), o the directionality (inbound/outbound),
o the traffic performance guarantees expressed using metrics such as o the traffic performance guarantees expressed using metrics such as
One-Way Delay (OWD) [RFC7679] or One-Way Loss [RFC7680]; a summary One-Way Delay (OWD) [RFC7679] or One-Way Loss [RFC7680]; a summary
of performance metrics maintained by IANA can be found in [IPPM], of performance metrics maintained by IANA can be found in [IPPM],
o link capacity [RFC5136] [I-D.ietf-ippm-capacity-metric-method], o link capacity [RFC5136] [I-D.ietf-ippm-capacity-metric-method],
o etc. o etc.
Figure 1 depicts the example of a VoIP service that relies upon Figure 1 depicts the example of a VoIP service that relies upon
connectivity services offered by a network operator. In this connectivity services offered by a network operator. In this
example, the VoIP service is offered to the network operator's example, the VoIP service is offered to the network operator's
customers by Service Provider (SP1). In order to provide global VoIP customers by Service Provider (SP1). In order to provide global VoIP
reachability, SP1 service site interconnects with other Service reachability, SP1 service site interconnects with other Service
Providers service sites typically by interconnecting Session Border Providers service sites typically by interconnecting Session Border
Elements (SBEs) and Data Border Elements (DBEs) [RFC5486][RFC6406]. Elements (SBEs) and Data Border Elements (DBEs) [RFC5486][RFC6406].
For other VoIP destinations, sessions are forwarded over the For other VoIP destinations, sessions are forwarded over the
Internet. These connectivity services can be captured in a YANG Internet. These connectivity services can be captured in a YANG
Service Model that reflects the service attributes that are shown in service model that reflects the service attributes that are shown in
Figure 2. This example follows the IP Connectivity Provisioning Figure 2. This example follows the IP Connectivity Provisioning
Profile template defined in [RFC7297]. Profile template defined in [RFC7297].
In reference to Figure 2, "Full traffic performance guarantees class"
refers to a service class where all traffic performance metrics
included in the service model (OWD, loss, delay variation) are
guaranteed, while "Delay traffic performance guarantees class" refers
to a service class where only OWD is guaranteed.
,--,--,--. ,--,--,--. ,--,--,--. ,--,--,--.
,-' SP1 `-. ,-' SP2 `-. ,-' SP1 `-. ,-' SP2 `-.
( Service Site ) ( Service Site ) ( Service Site ) ( Service Site )
`-. ,-' `-. ,-' `-. ,-' `-. ,-'
`--'--'--' `--'--'--' `--'--'--' `--'--'--'
x | o * * | x | o * * |
(2)x | o * * | (2)x | o * * |
,x-,--o-*-. (1) ,--,*-,--. ,x-,--o-*-. (1) ,--,*-,--.
,-' x o * * * * * * * * * `-. ,-' x o * * * * * * * * * `-.
( x o +----( Internet ) ( x o +----( Internet )
User---(x x x o o o o o o o o o o o o o o o o o o User---(x x x o o o o o o o o o o o o o o o o o o
`-. ,-' `-. ,-' (3) `-. ,-' `-. ,-' (3)
`--'--'--' `--'--'--' `--'--'--' `--'--'--'
Network Operator Network Operator
**** (1) Inter-SP connectivity **** (1) Inter-SP connectivity
xxxx (2) Customer to SP connectivity xxxx (2) Customer to SP connectivity
oooo (3) SP to any destination connectivity oooo (3) SP to any destination connectivity
Figure 1: An Example of Service Connectivty Components Figure 1: An Example of Service Connectivity Components
Connectivity: Scope and Guarantees Connectivity: Scope and Guarantees
(1) Inter-SP connectivity (1) Inter-SP connectivity
- Pipe scope from the local to the remote SBE/DBE - Pipe scope from the local to the remote SBE/DBE
- Full guarantees class - Full traffic performance guarantees class
(2) Customer to SP connectivity (2) Customer to SP connectivity
- Hose/Funnel scope connecting the local SBE/DBE - Hose/Funnel scope connecting the local SBE/DBE
to the customer access points to the customer access points
- Full guarantees class - Full traffic performance guarantees class
(3) SP to any destination connectivity (3) SP to any destination connectivity
- Hose/Funnel scope from the local SBE/DBE to the - Hose/Funnel scope from the local SBE/DBE to the
Internet gateway Internet gateway
- Delay guarantees class - Delay traffic performance guarantees class
Flow Identification Flow Identification
* Destination IP address (SBE, DBE) * Destination IP address (SBE, DBE)
* DSCP marking * DSCP marking
Traffic Isolation Traffic Isolation
* VPN * VPN
Routing & Forwarding Routing & Forwarding
* Routing rule to exclude some ASes from the inter-domain * Routing rule to exclude some ASes from the inter-domain
paths paths
Notifications (including feedback) Notifications (including feedback)
* Statistics on aggregate traffic to adjust capacity * Statistics on aggregate traffic to adjust capacity
* Failures * Failures
* Planned maintenance operations * Planned maintenance operations
* Triggered by thresholds * Triggered by thresholds
Figure 2: Sample Attributes Captured in a Service Model Figure 2: Sample Attributes Captured in a Service Model
Network Models are mainly network resource-facing modules; they Network models are mainly network resource-facing modules; they
describe various aspects of a network infrastructure, including describe various aspects of a network infrastructure, including
devices and their subsystems, and relevant protocols operating at the devices and their subsystems, and relevant protocols operating at the
link and network layers across multiple devices (e.g., network link and network layers across multiple devices (e.g., network
topology and traffic-engineering tunnel modules). topology and traffic-engineering tunnel modules).
Device (and function) Models usually follow a bottom-up approach and Device (and function) models usually follow a bottom-up approach and
are mostly technology-specific modules used to realize a service are mostly technology-specific modules used to realize a service
(e.g., BGP, NAT). (e.g., BGP, ACL).
Each level maintains a view of the supported YANG modules provided by Each level maintains a view of the supported YANG modules provided by
low-levels (see for example, Appendix A). lower levels (see for example, Appendix A). Mechanisms such as YANG
library [RFC8525] can be used to expose which YANG modules are
supported by nodes in lower levels.
Figure 3 illustrates the overall layering model. The reader may Figure 3 illustrates the overall layering model. The reader may
refer to Section 4 of [RFC8309] for an overview of "Orchestrator" and refer to Section 4 of [RFC8309] for an overview of "Orchestrator" and
"Controller" elements. All these elements (i.e., Orchestrator(s), "Controller" elements. All these elements (i.e., Orchestrator(s),
Controller(s), device(s)) are under the responsibility of the same Controller(s), device(s)) are under the responsibility of the same
operator. operator.
+-----------------------------------------------------------------+ +-----------------------------------------------------------------+
| Hierarchy Abstraction | | Hierarchy Abstraction |
| | | |
| +-----------------------+ Service Model | | +-----------------------+ Service Model |
| | Orchestrator | (Customer Oriented) | | | Orchestrator | (Customer Oriented) |
| |+---------------------+| Scope: "1:1" Pipe model | | |+---------------------+| Scope: "1:1" Pipe model |
| || Service Modeling || | | || Service Modeling || |
| |+---------------------+| | | |+---------------------+| |
| | | Bidirectional | | | | Bidirectional |
| |+---------------------+| +-+ Capacity,OWD +-+ | | |+---------------------+| +-+ Capacity, OWD +-+ |
| ||Service Orchestration|| | +----------------+ | | | ||Service Orchestration|| | +----------------+ | |
| |+---------------------+| +-+ +-+ | | |+---------------------+| +-+ +-+ |
| +-----------------------+ Ingress Egress | | +-----------------------+ Ingress Egress |
| | | |
| | | |
| +-----------------------+ Network Model | | +-----------------------+ Network Model |
| | Controller | (Operator Oriented) | | | Controller | (Operator Oriented) |
| |+---------------------+| +-+ +--+ +---+ +-+ | | |+---------------------+| +-+ +--+ +---+ +-+ |
| || Network Modeling || | | | | | | | | | | || Network Modeling || | | | | | | | | |
| |+---------------------+| | o----o--o----o---o---o | | | |+---------------------+| | o----o--o----o---o---o | |
skipping to change at page 11, line 13 skipping to change at page 12, line 13
flows bound to a composite service. flows bound to a composite service.
The layering model depicted in Figure 3 does not make any assumption The layering model depicted in Figure 3 does not make any assumption
about the location of the various entities (e.g., controller, about the location of the various entities (e.g., controller,
orchestrator) within the network. As such, the architecture does not orchestrator) within the network. As such, the architecture does not
preclude deployments where, for example, the controller is embedded preclude deployments where, for example, the controller is embedded
on a device that hosts other functions that are controlled via YANG on a device that hosts other functions that are controlled via YANG
modules. modules.
In order to ease the mapping between layers and data reuse, this In order to ease the mapping between layers and data reuse, this
document focuses on Service Models that are modelled using YANG. document focuses on service models that are modelled using YANG.
Nevertheless, fully compliant with Section 3 of [RFC8309], Figure 3 Nevertheless, fully compliant with Section 3 of [RFC8309], Figure 3
does not preclude Service Models to be modelled using other data does not preclude service models to be modelled using other data
modelling languages than YANG. modelling languages than YANG.
3.2. Automation of Service Delivery Procedures 3.2. Automation of Service Delivery Procedures
Service Models can be used by a network operator to expose its Service models can be used by a network operator to expose its
services to its customers. Exposing such models allows to automate services to its customers. Exposing such models allows to automate
the activation of service orders and thus the service delivery. One the activation of service orders and thus the service delivery. One
or more monolithic Service Models can be used in the context of a or more monolithic service models can be used in the context of a
composite service activation request (e.g., delivery of a caching composite service activation request (e.g., delivery of a caching
infrastructure over a VPN). Such models are used to feed a decision- infrastructure over a VPN). Such models are used to feed a decision-
making intelligence to adequately accommodate customer's needs. making intelligence to adequately accommodate customer's needs.
Also, such models may be used jointly with services that require Also, such models may be used jointly with services that require
dynamic invocation. An example is provided by the service modules dynamic invocation. An example is provided by the service modules
defined by the DOTS WG to dynamically trigger requests to handle defined by the DOTS WG to dynamically trigger requests to handle
Distributed Denial-of-Service (DDoS) attacks [RFC8783]. The service Distributed Denial-of-Service (DDoS) attacks [RFC8783]. The service
filtering request modelled using [RFC8783] will be translated into filtering request modelled using [RFC8783] will be translated into
device-specific filtering (e.g., ACLs defined in [RFC8519]) that to device-specific filtering (e.g., ACLs defined in [RFC8519]) that
fulfil the service request. fulfils the service request.
Network Models can be derived from Service Models and used to Network models can be derived from service models and used to
provision, monitor, instantiate the service, and provide lifecycle provision, monitor, instantiate the service, and provide lifecycle
management of network resources. Doing so is meant to: management of network resources. Doing so is meant to:
o expose network resources to customers (including other network o expose network resources to customers (including other network
operators) to provide service fulfillment and assurance. operators) to provide service fulfillment and assurance.
o allow customers (or network operators) to dynamically adjust the o allow customers (or network operators) to dynamically adjust the
network resources based on service requirements as described in network resources based on service requirements as described in
Service Models (e.g., Figure 2) and the current network service models (e.g., Figure 2) and the current network
performance information described in the telemetry modules. performance information described in the telemetry modules.
Note that it is out of the scope of this document to elaborate on the Note that it is out of the scope of this document to elaborate on the
communication protocols that are used to implement the interface communication protocols that are used to implement the interface
between the service ordering (customer) and service order handling between the service ordering (customer) and service order handling
(provider). (provider).
3.3. Service Fullfillment Automation 3.3. Service Fulfillment Automation
To operate a service, the settings of the parameters in the Device To operate a service, the settings of the parameters in the device
Models are derived from Service Models and/or Network Models and are models are derived from service models and/or network models and are
used to: used to:
o Provision each involved network function/device with the proper o Provision each involved network function/device with the proper
configuration information. configuration information.
o Operate the network based on service requirements as described in o Operate the network based on service requirements as described in
the Service Model(s) and local operational guidelines. the service model(s) and local operational guidelines.
In addition, the operational state including configuration that is in In addition, the operational state including configuration that is in
effect together with statistics should be exposed to upper layers to effect together with statistics should be exposed to upper layers to
provide better network visibility and assess to what extent the provide better network visibility and assess to what extent the
derived low level modules are consistent with the upper level inputs. derived low level modules are consistent with the upper level inputs.
Filters are enforced on the notifications that are communicated to Filters are enforced on the notifications that are communicated to
Service layers. The type and frequency of notifications may be Service layers. The type and frequency of notifications may be
agreed in the Service Model. agreed in the service model.
Note that it is important to correlate telemetry data with Note that it is important to correlate telemetry data with
configuration data to be used for closed loops at the different configuration data to be used for closed loops at the different
stages of service delivery, from resource allocation to service stages of service delivery, from resource allocation to service
operation, in particular. operation, in particular.
3.4. YANG Modules Integration 3.4. YANG Modules Integration
To support top-down service delivery, YANG modules at different To support top-down service delivery, YANG modules at different
levels or at the same level need to be integrated together for proper levels or at the same level need to be integrated together for proper
service delivery (including, proper network setup). For example, the service delivery (including, proper network setup). For example, the
service parameters captured in Service Models need to be decomposed service parameters captured in service models need to be decomposed
into a set of configuration/notification parameters that may be into a set of configuration/notification parameters that may be
specific to one or more technologies; these technology-specific specific to one or more technologies; these technology-specific
parameters are grouped together to define technology-specific device parameters are grouped together to define technology-specific device
level models or network level models. level models or network level models.
In addition, these technology-specific Device or Network Models can In addition, these technology-specific device or network models can
be further integrated with each other using the schema mount be further integrated with each other using the schema mount
mechanism [RFC8528] to provision each involved network function/ mechanism [RFC8528] to provision each involved network function/
device or each involved network domain to support newly added module device or each involved network domain to support newly added modules
or features. A collection of Device Models integrated together can or features. A collection of device models integrated together can
be loaded and validated during implementation. be loaded and validated during implementation.
High-level policies can be defined at Service or Network Models High-level policies can be defined at service or network models
(e.g., "Autonomous System Number (ASN) Exclude" in the example (e.g., "Autonomous System Number (ASN) Exclude" in the example
depicted in Figure 2). Device Models will be tweaked accordingly to depicted in Figure 2). Device models will be tweaked accordingly to
provide policy-based management. Policies can also be used for provide policy-based management. Policies can also be used for
telemetry automation, e.g., policies that contain conditions to telemetry automation, e.g., policies that contain conditions to
trigger the generation and pushing of new telemetry data. trigger the generation and pushing of new telemetry data.
4. Functional Blocks and Interactions 4. Functional Blocks and Interactions
The architectural considerations described in Section 3 lead to the The architectural considerations described in Section 3 lead to the
architecture described in this section and illustrated in Figure 4. lifecycle management architecture illustrated in Figure 4 and
described in the following subsections.
+------------------+ +------------------+
................. | | ................. | |
Service level | | Service level | |
V | V |
E2E E2E E2E E2E E2E E2E E2E E2E
Service --> Service ---------> Service -----> Service -----+ Service --> Service ---------> Service ------------> Service
Exposure Creation ^ Optimization ^ Diagnosis | Exposure Creation ^ Optimization ^ Diagnosis
/Modification | | | /Modification | | |
| |Diff | V ^ | |Diff | |
Multi-layer | | E2E | E2E E2E | | | E2E | |
Multi-domain | | Service | Service Service ----+ | | Service | |
Service Mapping| +------ Assurance --+ Decommission Decommission | +------ Assurance --+ |
| ^ | ^ |
................. |<-----------------+ | Multi-layer | | |
Network level | | +-------+ Multi-domain | | |
V | | Service Mapping| | |
Specific Specific | ................. |<-----------------+ | |
Service --------> Service <--+ | Network level | | +-------+ v
Creation ^ Optimization | | V | | Specific
/Modification | | | Specific Specific | Service
| |Diff | | Service --------> Service <--+ | Diagnosis
| | Specific --+ | Creation ^ Optimization | | |
Service | | Service | /Modification | | | |
Decomposing | +----- Assurance ----+ | |Diff | | |
| ^ | | Specific --+ | |
................. | | Aggregation Service | | Service | |
Device level | +------------+ Decomposition | +----- Assurance ----+ |
V | | ^ |
Service Intent | ................. | | Aggregation |
Device level | +------------+ |
V | |
Service Intent | v
Fulfillment Config ----> Config ----> Performance ----> Fault Fulfillment Config ----> Config ----> Performance ----> Fault
Provision Validation Monitoring Diagnostic Provision Validation Monitoring Diagnostic
Figure 4: Service and Network Lifecycle Management Figure 4: Service and Network Lifecycle Management
4.1. Service Lifecycle Management Procedure 4.1. Service Lifecycle Management Procedure
Service lifecycle management includes end-to-end service lifecycle Service lifecycle management includes end-to-end service lifecycle
management at the service level and technology specific network management at the service level and technology specific network
lifecycle management at the network level. lifecycle management at the network level.
skipping to change at page 14, line 24 skipping to change at page 15, line 30
Service) is some form of connectivity between customer sites and the Service) is some form of connectivity between customer sites and the
Internet or between customer sites across the operator's network and Internet or between customer sites across the operator's network and
across the Internet. across the Internet.
Service exposure is used to capture services offered to customers Service exposure is used to capture services offered to customers
(ordering and order handling). One typical example is that a (ordering and order handling). One typical example is that a
customer can use a L3VPN Service Model (L3SM) to request L3VPN customer can use a L3VPN Service Model (L3SM) to request L3VPN
service by providing the abstract technical characterization of the service by providing the abstract technical characterization of the
intended service between customer sites. intended service between customer sites.
Service Model catalogs can be created along to expose the various Service model catalogs can be created along to expose the various
services and the information needed to invoke/order a given service. services and the information needed to invoke/order a given service.
4.1.2. Service Creation/Modification 4.1.2. Service Creation/Modification
A customer is usually unaware of the technology that the network A customer is usually unaware of the technology that the network
operator has available to deliver the service, so the customer does operator has available to deliver the service, so the customer does
not make requests specific to the underlying technology but is not make requests specific to the underlying technology but is
limited to making requests specific to the service that is to be limited to making requests specific to the service that is to be
delivered. This service request can be filled using a Service Model. delivered. This service request can be filled using a service model.
Upon receiving a service request, and assuming that appropriate Upon receiving a service request, and assuming that appropriate
authentication and authorization checks have been made with success, authentication and authorization checks have been made with success,
the service orchestrator/management system should verify whether the the service orchestrator/management system should verify whether the
service requirements in the service request can be met (i.e., whether service requirements in the service request can be met (i.e., whether
there is sufficient resources that can be allocated with the there are sufficient resources that can be allocated with the
requested guarantees). requested guarantees).
If the request is accepted, the service orchestrator/management If the request is accepted, the service orchestrator/management
system maps such service request to its view. This view can be system maps such service request to its view. This view can be
described as a technology specific Network Model or a set of described as a technology specific network model or a set of
technology specific Device Models and this mapping may include a technology specific device models and this mapping may include a
choice of which networks and technologies to use depending on which choice of which networks and technologies to use depending on which
service features have been requested. service features have been requested.
In addition, a customer may require to change the underlying network In addition, a customer may require to change the underlying network
infrastructure to adapt to new customer's needs and service infrastructure to adapt to new customer's needs and service
requirements. This service modification can be issued following the requirements (e.g., service a new customer site, add a new access
same Service Model used by the service request. link, provide disjoint paths). This service modification can be
issued following the same service model used by the service request.
Withdrawing a service is discussed in Section 4.1.6.
4.1.3. Service Assurance 4.1.3. Service Assurance
Performance measurement telemetry (Section 4.2) can be used to The performance measurement telemetry (Section 4.2) can be used to
provide service assurance at Service and/or Network levels. provide service assurance at Service and/or Network levels.
Performance measurement telemetry model can tie with Service or Performance measurement telemetry model can tie with service or
Network Models to monitor network performance or Service Level network models to monitor network performance or Service Level
Agreement. Agreement.
4.1.4. Service Optimization 4.1.4. Service Optimization
Service optimization is a technique that gets the configuration of Service optimization is a technique that gets the configuration of
the network updated due to network changes, incidents mitigation, or the network updated due to network changes, incident mitigation, or
new service requirements. One typical example is once a tunnel or a new service requirements. One typical example is once a tunnel or a
VPN is setup, Performance monitoring information or telemetry VPN is setup, Performance monitoring information or telemetry
information per tunnel (or per VPN) can be collected and fed into the information per tunnel (or per VPN) can be collected and fed into the
management system. If the network performance doesn't meet the management system. If the network performance doesn't meet the
service requirements, the management system can create new VPN service requirements, the management system can create new VPN
policies capturing network service requirements and populate them policies capturing network service requirements and populate them
into the network. into the network.
Both network performance information and policies can be modelled Both network performance information and policies can be modelled
using YANG. With Policy-based management, self-configuration and using YANG. With Policy-based management, self-configuration and
skipping to change at page 16, line 9 skipping to change at page 17, line 21
pinpoint the problem and provide recommendations (or instructions) pinpoint the problem and provide recommendations (or instructions)
for the network recovery. for the network recovery.
The service diagnosis information can be modelled as technology- The service diagnosis information can be modelled as technology-
independent Remote Procedure Call (RPC) operations for OAM protocols independent Remote Procedure Call (RPC) operations for OAM protocols
and technology-independent abstraction of key OAM constructs for OAM and technology-independent abstraction of key OAM constructs for OAM
protocols [RFC8531][RFC8533]. These models can be used to provide protocols [RFC8531][RFC8533]. These models can be used to provide
consistent configuration, reporting, and presentation for the OAM consistent configuration, reporting, and presentation for the OAM
mechanisms used to manage the network. mechanisms used to manage the network.
Refer to Section 4.2.4 for the device-specific side.
4.1.6. Service Decommission 4.1.6. Service Decommission
Service decommission allows a customer to stop the service by Service decommission allows a customer to stop the service by
removing the service from active status and thus releasing the removing the service from active status and thus releasing the
network resources that were allocated to the service. Customers can network resources that were allocated to the service. Customers can
also use the Service Model to withdraw the registration to a service. also use the service model to withdraw the subscription to a service.
4.2. Service Fullfillment Management Procedure 4.2. Service Fullfillment Management Procedure
4.2.1. Intended Configuration Provision 4.2.1. Intended Configuration Provision
Intended configuration at the device level is derived from Network Intended configuration at the device level is derived from network
Models at the network level or Service Model at the service level and models at the network level or service model at the service level and
represents the configuration that the system attempts to apply. Take represents the configuration that the system attempts to apply. Take
L3SM as a Service Model example to deliver a L3VPN service, there is L3SM as a service model example to deliver a L3VPN service, there is
a need to map the L3VPN service view defined in the Service Model a need to map the L3VPN service view defined in the service model
into a detailed intended configuration view defined by specific into a detailed intended configuration view defined by specific
configuration models for network elements; the configuration configuration models for network elements; the configuration
information includes: information includes:
o Virtual Routing and Forwarding (VRF) definition, including VPN o Virtual Routing and Forwarding (VRF) definition, including VPN
policy expression policy expression
o Physical Interface(s) o Physical Interface(s)
o IP layer (IPv4, IPv6) o IP layer (IPv4, IPv6)
o QoS features such as classification, profiles, etc. o QoS features such as classification, profiles, etc.
o Routing protocols: support of configuration of all protocols o Routing protocols: support of configuration of all protocols
listed in a service request, as well as routing policies listed in a service request, as well as routing policies
associated with those protocols. associated with those protocols.
o Multicast support o Multicast support
o Address sharing (e.g., NAT) o Address sharing
o Security o Security (e.g., access control, authentication, encryption)
These specific configuration models can be used to configure Provider These specific configuration models can be used to configure Provider
Edge (PE) and Customer Edge (CE) devices within a site, e.g., a BGP Edge (PE) and Customer Edge (CE) devices within a site, e.g., a BGP
policy model can be used to establish VPN membership between sites policy model can be used to establish VPN membership between sites
and VPN Service Topology. and VPN Service Topology.
Note that in networks with legacy devices (that support proprietary Note that in networks with legacy devices (that support proprietary
modules or do not support YANG at all), an adaptation layer is likely modules or do not support YANG at all), an adaptation layer is likely
to be required at the network level so that these devices can be to be required at the network level so that these devices can be
involved in the delivery of the network services. involved in the delivery of the network services.
This interface is also used to handle service withdrawal
(Section 4.1.6).
4.2.2. Configuration Validation 4.2.2. Configuration Validation
Configuration validation is used to validate intended configuration Configuration validation is used to validate intended configuration
and ensure the configuration take effect. and ensure the configuration take effect.
For example, a customer creates an interface "eth-0/0/0" but the For example, if a customer creates an interface "eth-0/0/0" but the
interface does not physically exist at this point, then configuration interface does not physically exist at this point, then configuration
data appears in the <intended> status but does not appear in data appears in the <intended> status but does not appear in the
<operational> datastore. <operational> datastore. More details about <intended> and
<operational> datastores can be found in Section 5.1 of [RFC8342].
4.2.3. Performance Monitoring/Model-driven Telemetry 4.2.3. Performance Monitoring
When a configuration is in effect in a device, <operational> When a configuration is in effect in a device, <operational>
datastore holds the complete operational state of the device datastore holds the complete operational state of the device
including learned, system, default configuration, and system state. including learned, system, default configuration, and system state.
However, the configurations and state of a particular device does not However, the configurations and state of a particular device does not
have the visibility on the whole network or how packets are going to have the visibility on the whole network or how packets are going to
be forwarded through the entire network. Therefore, it becomes more be forwarded through the entire network. Therefore, it becomes more
difficult to operate the entire network without understanding the difficult to operate the entire network without understanding the
current status of the network. current status of the network.
The management system should subscribe to updates of a YANG datastore The management system should subscribe to updates of a YANG datastore
in all the network devices for performance monitoring purposes and in all the network devices for performance monitoring purposes and
build a full topological visibility of the network by aggregating build a full topological visibility of the network by aggregating
(and filtering) these operational state from different sources. (and filtering) these operational state from different sources.
4.2.4. Fault Diagnostic 4.2.4. Fault Diagnostic
When configuration is in effect in a device, some devices may be mis- When configuration is in effect in a device, some devices may be mis-
configured (e.g., device links are not consistent in both sides of configured (e.g., device links are not consistent in both sides of
the network connection) or network resources be mis-allocated. the network connection) or network resources might be mis-allocated.
Therefore, services may be negatively affected without knowing the Therefore, services may be negatively affected without knowing the
root cause in the network. root cause in the network.
Technology-dependent nodes and RPC commands are defined in Technology-dependent nodes and RPC commands are defined in
technology-specific YANG data models which can use and extend the technology-specific YANG data models which can use and extend the
base model described in Section 4.1.5 to deal with these issues. base model described in Section 4.1.5 to deal with these issues.
These RPC commands received in the technology-dependent node can be These RPC commands received in the technology-dependent node can be
used to trigger technology-specific OAM message exchanges for fault used to trigger technology-specific OAM message exchanges for fault
verification and fault isolation. For example, TRILL Multicast Tree verification and fault isolation. For example, TRILL Multicast Tree
skipping to change at page 18, line 18 skipping to change at page 19, line 37
Multi-layer/Multi-domain Service Mapping allows to map an end-to-end Multi-layer/Multi-domain Service Mapping allows to map an end-to-end
abstract view of the service segmented at different layers and/or abstract view of the service segmented at different layers and/or
different network domains into domain-specific views. different network domains into domain-specific views.
One example is to map service parameters in the L3SM into One example is to map service parameters in the L3SM into
configuration parameters such as Route Distinguisher (RD), Route configuration parameters such as Route Distinguisher (RD), Route
Target (RT), and VRF in the L3VPN Network Model (L3NM). Target (RT), and VRF in the L3VPN Network Model (L3NM).
Another example is to map service parameters in the L3SM into Traffic Another example is to map service parameters in the L3SM into Traffic
Engineered (TE) tunnel parameter (e.g., Tunnel ID) in TE model and Engineered (TE) tunnel parameters (e.g., Tunnel ID) in TE model and
Virtual Network (VN) parameters (e.g., Access Point (AP) list, VN Virtual Network (VN) parameters (e.g., Access Point (AP) list, VN
members) in the YANG data model for VN operation members) in the YANG data model for VN operation
[I-D.ietf-teas-actn-vn-yang]. [I-D.ietf-teas-actn-vn-yang].
4.4. Service Decomposing 4.4. Service Decomposition
Service Decomposing allows to decompose Service Models at the service Service Decomposition allows to decompose service models at the
level or Network Models at the network level into a set of Device service level or network models at the network level into a set of
Models at the device level. These Device Models may be tied to device models at the device level. These device models may be tied
specific device types or classified into a collection of related YANG to specific device types or classified into a collection of related
modules based on service types and features offered, and load at the YANG modules based on service types and features offered, and load at
implementation time before configuration is loaded and validated. the implementation time before configuration is loaded and validated.
5. YANG Data Model Integration Examples 5. YANG Data Model Integration Examples
The following subsections provide some YANG data models integration The following subsections provide some YANG data models integration
examples. examples.
5.1. L2VPN/L3VPN Service Delivery 5.1. L2VPN/L3VPN Service Delivery
In reference to Figure 5, the following steps are performed to In reference to Figure 5, the following steps are performed to
deliver the L3VPN service within the network management automation deliver the L3VPN service within the network management automation
skipping to change at page 19, line 17 skipping to change at page 20, line 36
delay = 60 ms. delay = 60 ms.
2. The Orchestrator extracts the service parameters from the L3SM. 2. The Orchestrator extracts the service parameters from the L3SM.
Then, it uses them as input to the Service Mapping in Section 4.3 Then, it uses them as input to the Service Mapping in Section 4.3
to translate them into an orchestrated configuration parameters to translate them into an orchestrated configuration parameters
(e.g., RD, RT, VRF) that are part of the L3NM specified in (e.g., RD, RT, VRF) that are part of the L3NM specified in
[I-D.ietf-opsawg-l3sm-l3nm]. [I-D.ietf-opsawg-l3sm-l3nm].
3. The Controller takes the orchestrated configuration parameters in 3. The Controller takes the orchestrated configuration parameters in
the L3NM and translates them into orchestrated (Service the L3NM and translates them into orchestrated (Service
Decomposing in Section 4.4) configuration of network elements Decomposition in Section 4.4) configuration of network elements
that are part of, e.g., BGP, QoS, Network Instance, IP that are part of, e.g., BGP, QoS, Network Instance, IP
management, and interface models. management, and interface models.
[I-D.ogondio-opsawg-uni-topology] can be used for representing, [I-D.ogondio-opsawg-uni-topology] can be used for representing,
managing, and controlling the User Network Interface (UNI) topology. managing, and controlling the User Network Interface (UNI) topology.
L3SM | L3SM |
Service | Service |
Model | Model |
+----------------------+--------------------------+ +------------------------+------------------------+
| +--------V--------+ | | +--------V--------+ |
| | Service Mapping | | | | Service Mapping | |
| +--------+--------+ | | +--------+--------+ |
| Orchestrator | | | Orchestrator | |
+----------------------+--------------------------+ +------------------------+------------------------+
L3NM | ^ UNI Topology Model L3NM | ^ UNI Topology Model
Network| | Network | |
Model | | Model | |
+----------------------+--------------------------+ +------------------------+------------------------+
| +----------V-----------+ | | +-----------V-----------+ |
| | Service Decomposing | | | | Service Decomposition | |
| +---++--------------++-+ | | +--++---------------++--+ |
| || || | | || || |
| Controller || || | | Controller || || |
+---------------++--------------++----------------+ +---------------++---------------++---------------+
|| || || ||
|| BGP, || || BGP, ||
|| QoS, || || QoS, ||
|| Interface, || || Interface, ||
+------------+| NI, |+--------------+ +------------+| NI, |+------------+
| | IP | | | | IP | |
+--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+
| CE1 +-------+ PE1 | | PE2 +---------+ CE2 | | CE1 +-------+ PE1 | | PE2 +-------+ CE2 |
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
Figure 5: L3VPN Service Delivery Example (Current) Figure 5: L3VPN Service Delivery Example (Current)
L3NM inherits some of data elements from the L3SM. Nevertheless, the L3NM inherits some of data elements from the L3SM. Nevertheless, the
L3NM does not expose some information to the above layer such as the L3NM as currently designed in [I-D.ietf-opsawg-l3sm-l3nm] does not
capabilities of an underlying network (which can be used to drive expose some information to the above layer such as the capabilities
service order handling) or notifications (to notify subscribers about of an underlying network (which can be used to drive service order
specific events or degradations as per agreed SLAs). Some of this handling) or notifications (to notify subscribers about specific
information can be provided using, e.g., events or degradations as per agreed SLAs). Some of this information
[I-D.www-bess-yang-vpn-service-pm]. A target overall model is can be provided using, e.g., [I-D.www-opsawg-yang-vpn-service-pm]. A
depicted in Figure 6. target overall model is depicted in Figure 6.
L3SM | ^ L3SM | ^
Service | | Notifications Service | | Notifications
Model | | Model | |
+----------------------+--------------------------+ +------------------------+------------------------+
| +--------V--------+ | | +--------V--------+ |
| | Service Mapping | | | | Service Mapping | |
| +--------+--------+ | | +--------+--------+ |
| Orchestrator | | | Orchestrator | |
+----------------------+--------------------------+ +------------------------+------------------------+
L3NM | ^ UNI Topology Model L3NM | ^ UNI Topology Model
Network| | L3NM Notifications Network| | L3NM Notifications
Model | | L3NM Capabilities Model | | L3NM Capabilities
+----------------------+--------------------------+ +------------------------+------------------------+
| +----------V-----------+ | | +-----------V-----------+ |
| | Service Decomposing | | | | Service Decomposition | |
| +---++--------------++-+ | | +--++---------------++--+ |
| || || | | || || |
| Controller || || | | Controller || || |
+---------------++--------------++----------------+ +---------------++---------------++---------------+
|| || || ||
|| BGP, || || BGP, ||
|| QoS, || || QoS, ||
|| Interface, || || Interface, ||
+------------+| NI, |+--------------+ +------------+| NI, |+------------+
| | IP | | | | IP | |
+--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+
| CE1 +-------+ PE1 | | PE2 +---------+ CE2 | | CE1 +-------+ PE1 | | PE2 +-------+ CE2 |
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
Figure 6: L3VPN Service Delivery Example (Target) Figure 6: L3VPN Service Delivery Example (Target)
Note that a similar analysis can be performed for Layer 2 VPNs Note that a similar analysis can be performed for Layer 2 VPNs
(L2VPNs). A L2VPN Service Model (L2SM) is defined in [RFC8466], (L2VPNs). A L2VPN Service Model (L2SM) is defined in [RFC8466],
while the L2VPN Network YANG Model (L2NM) is specified in while the L2VPN Network YANG Model (L2NM) is specified in
[I-D.ietf-opsawg-l2nm]. [I-D.ietf-opsawg-l2nm].
5.2. VN Lifecycle Management 5.2. VN Lifecycle Management
skipping to change at page 22, line 6 skipping to change at page 23, line 6
architecture defined in Section 4: architecture defined in Section 4:
1. A customer makes a request (Service Exposure in Section 4.1.1) to 1. A customer makes a request (Service Exposure in Section 4.1.1) to
create a VN. The association between the VN, APs, and VN members create a VN. The association between the VN, APs, and VN members
is defined in the VN YANG module [I-D.ietf-teas-actn-vn-yang]. is defined in the VN YANG module [I-D.ietf-teas-actn-vn-yang].
2. The Orchestrator creates the single abstract node topology based 2. The Orchestrator creates the single abstract node topology based
on the information captured in the request. on the information captured in the request.
3. The customer exchanges with the Orchestrator the connectivity 3. The customer exchanges with the Orchestrator the connectivity
matrix on the abstract node and explicit paths using the TE matrix on the abstract node topology and explicit paths using the
topology model [RFC8795]. This information can be used to TE topology model [RFC8795]. This information can be used to
instantiate the VN and setup tunnels between source and instantiate the VN and setup tunnels between source and
destination endpoints (Service Creation in Section 4.1.2). destination endpoints (Service Creation in Section 4.1.2).
4. The telemetry model which augments the VN model and corresponding 4. In order to provide service assurance (Service Optimization in
TE tunnel model can be used to subscribe to performance Section 4.1.4), the telemetry model which augments the VN model
measurement data and notify all the parameter changes and network and corresponding TE tunnel model can be used by the Orchestrator
performance changes related to VN topology or Tunnel to subscribe to performance measurement data. The Controller
[I-D.ietf-teas-actn-pm-telemetry-autonomics] and provide service will then notify the Orchestrator with all the parameter changes
assurance (Service Optimization in Section 4.1.4). and network performance changes related to the VN topology and
the tunnels [I-D.ietf-teas-actn-pm-telemetry-autonomics].
| |
VN | VN |
Service | Service |
Model | Model |
+----------------------|--------------------------+ +----------------------|--------------------------+
| Orchestrator | | | Orchestrator | |
| +--------V--------+ | | +--------V--------+ |
| | Service Mapping | | | | Service Mapping | |
| +-----------------+ | | +-----------------+ |
skipping to change at page 23, line 18 skipping to change at page 24, line 19
[I-D.wwx-netmod-event-yang]). [I-D.wwx-netmod-event-yang]).
2. To provide rapid autonomic response that can exhibit self- 2. To provide rapid autonomic response that can exhibit self-
management properties, the Controller pushes the ECA policy to management properties, the Controller pushes the ECA policy to
the network device and delegates the network control logic to the the network device and delegates the network control logic to the
network device. network device.
3. The network device uses the ECA model to subscribe to the event 3. The network device uses the ECA model to subscribe to the event
source, e.g., an event stream or datastore state data conveyed to source, e.g., an event stream or datastore state data conveyed to
the server via YANG Push subscription [RFC8641], monitors state the server via YANG Push subscription [RFC8641], monitors state
parameters, and takes simple and instant actions when associated parameters, and takes simple and instant actions when an
event condition on state parameters is met. ECA notifications associated event condition on state parameters is met. ECA
can be generated as the result of actions based on event stream notifications can be generated as the result of actions based on
subscription or datastore subscription (model-driven telemetry event stream subscription or datastore subscription (model-driven
operation discussed in Section 4.2.3). telemetry operation discussed in Section 4.2.3).
+----------------+ +----------------+
| <----+ | <----+
| Controller | | | Controller | |
+-------+--------+ | +-------+--------+ |
| | | |
| | | |
ECA | | ECA ECA | | ECA
Model | | Notification Model | | Notification
| | | |
skipping to change at page 23, line 46 skipping to change at page 24, line 47
| +-------+ +---------+ +--+---+ | | +-------+ +---------+ +--+---+ |
| | Event +-> Event +->Event | | | | Event +-> Event +->Event | |
| | Source| |Condition| |Action| | | | Source| |Condition| |Action| |
| +-------+ +---------+ +------+ | | +-------+ +---------+ +------+ |
+--------------------------------+ +--------------------------------+
Figure 8: Event-based Telemetry Figure 8: Event-based Telemetry
6. Security Considerations 6. Security Considerations
The YANG modules cited in this document define schema for data that Many of the YANG modules cited in this document define schema for
are designed to be accessed via network management protocols such as data that are designed to be accessed via network management
NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The
the secure transport layer, and the mandatory-to-implement secure lowest NETCONF layer is the secure transport layer, and the
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer mandatory-to-implement secure transport is Secure Shell (SSH)
is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC8446]. [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-
implement secure transport is TLS [RFC8446].
The NETCONF access control model [RFC8341] provides the means to The NETCONF access control model [RFC8341] provides the means to
restrict access for particular NETCONF or RESTCONF users to a restrict access for particular NETCONF or RESTCONF users to a
preconfigured subset of all available NETCONF or RESTCONF protocol preconfigured subset of all available NETCONF or RESTCONF protocol
operations and content. operations and content.
Security considerations specific to each of the technologies and Security considerations specific to each of the technologies and
protocols listed in the document are discussed in the specification protocols listed in the document are discussed in the specification
documents of each of these protocols. documents of each of these protocols.
In order to prevent leaking sensitive information, special care In order to prevent leaking sensitive information and "confused
should be considered when translating between the various layers in deputy" problem [Hardy] in general, special care should be considered
Section 4 or when aggregating data retrieved from various sources. when translating between the various layers in Section 4 or when
The network operator must enforce means to protect privacy-related aggregating data retrieved from various sources. Typically,
information included in customer-facing models. authorization and authentication checks should be performed to ensure
that a data is available to an authorized entity. The network
operator must enforce means to protect privacy-related information
included in customer-facing models.
To detect misalignment between layers that might be induced by To detect misalignment between layers that might be induced by
misbehaving nodes, upper layers should continuously monitor the misbehaving nodes, upper layers should continuously monitor the
perceived service (Section 4.1.4) and should proceed with checks to perceived service (Section 4.1.4) and should proceed with checks to
assess that the provided service complies with the expected service assess that the provided service complies with the expected service
and that the data reported by an underlying layer is matching the and that the data reported by an underlying layer is matching the
perceived service by the above layer. Typically, such checks are the perceived service by the above layer. Typically, such checks are the
responsibility of the service diagnosis (Section 4.1.5). responsibility of the service diagnosis (Section 4.1.5).
When a YANG module includes security-related parameters, it is
recommended to include the relevant information as part of the
service assurance to track the correct functioning of the security
mechanisms.
Additional considerations are discussed in the following subsections. Additional considerations are discussed in the following subsections.
6.1. Service Level 6.1. Service Level
A provider may rely on services offered by other providers to build A provider may rely on services offered by other providers to build
composite services. Appropriate mechanisms should be enabled by the composite services. Appropriate mechanisms should be enabled by the
provider to monitor and detect a service disruption from these provider to monitor and detect a service disruption from these
providers. The characterization of a service disruption (including, providers. The characterization of a service disruption (including,
mean time between failures, mean time to repair), the escalation mean time between failures, mean time to repair), the escalation
procedure, and penalties are usually documented in contractual procedure, and penalties are usually documented in contractual
agreements (e.g., Section 2.1 of [RFC4176]). Misbehaving peer agreements (e.g., as described in Section 2.1 of [RFC4176]).
providers will thus be identified and appropriate countermeasures Misbehaving peer providers will thus be identified and appropriate
will be applied. countermeasures will be applied.
The communication protocols that make use of a service model between
a customer and an operator are out of scope. Relevant security
considerations should be discussed in the specification documents of
these protocols.
6.2. Network Level 6.2. Network Level
Security considerations specific to the network level are listed Security considerations specific to the network level are listed
below: below:
o A controller may create forwarding loops by mis-configuring the o A controller may create forwarding loops by mis-configuring the
underlying network nodes. It is recommended to proceed with tests underlying network nodes. It is recommended to proceed with tests
to check the status of forwarding paths regularly or whenever to check the status of forwarding paths regularly or whenever
changes are made to routing or forwarding processes. Such checks changes are made to routing or forwarding processes. Such checks
may be triggered from the service level owing to the means may be triggered from the service level owing to the means
discussed in Section 4.1.5. discussed in Section 4.1.5.
o Some Service Models may include a traffic isolation clause, o Some service models may include a traffic isolation clause that is
appropriate technology-specific actions must be enforced at the passed down to the network level so that appropriate technology-
underlying network (and thus involved network devices) to avoid specific actions must be enforced at the underlying network (and
that such traffic is accessible to non-authorized parties. thus involved network devices) to avoid that such traffic is
accessible to non-authorized parties. In particular, network
models may indicate whether encryption is enabled and if so,
expose a list of supported encryption schemes and parameters.
Refer for example to the encryption feature defined in
[I-D.ietf-opsawg-vpn-common] and its use in
[I-D.ietf-opsawg-l3sm-l3nm].
6.3. Device Level 6.3. Device Level
Network operators should monitor and audit their networks to detect Network operators should monitor and audit their networks to detect
misbehaving nodes and abnormal behaviors. For example, OAM discussed misbehaving nodes and abnormal behaviors. For example, OAM discussed
in Section 4.1.5 can be used for that purpose. in Section 4.1.5 can be used for that purpose.
Access to some data requires specific access privilege levels.
Devices must check that a required access privilege is provided
before granting access to specific data or performing specific
actions.
7. IANA Considerations 7. IANA Considerations
There are no IANA requests or assignments included in this document. There are no IANA requests or assignments included in this document.
8. Acknowledgements 8. Acknowledgements
Thanks to Joe Clark, Greg Mirsky, Shunsuke Homma, Brian Carpenter, Thanks to Joe Clark, Greg Mirsky, Shunsuke Homma, Brian Carpenter,
Adrian Farrel, Christian Huitema, Tommy Pauly, Ines Robles, and Adrian Farrel, Christian Huitema, Tommy Pauly, Ines Robles, and
Olivier Augizeau for the review. Olivier Augizeau for the review.
Many thanks to Robert Wilton for the detailed AD review. Many thanks to Robert Wilton for the detailed AD review.
Thanks to Eric Vyncke, Roman Danyliw, Erik Kline, and Benjamin Kaduk
for the IESG review.
9. Contributors 9. Contributors
Christian Jacquenet Christian Jacquenet
Orange Orange
Rennes, 35000 Rennes, 35000
France France
Email: Christian.jacquenet@orange.com Email: Christian.jacquenet@orange.com
Luis Miguel Contreras Murillo Luis Miguel Contreras Murillo
Telifonica Telifonica
Email: luismiguel.contrerasmurillo@telefonica.com Email: luismiguel.contrerasmurillo@telefonica.com
skipping to change at page 27, line 16 skipping to change at page 28, line 24
Access Control Model", STD 91, RFC 8341, Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018, DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>. <https://www.rfc-editor.org/info/rfc8341>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
10.2. Informative References 10.2. Informative References
[Hardy] Hardy, N., "The Confused Deputy: (or why capabilities
might have been invented)", October 1988,
<https://dl.acm.org/doi/10.1145/54289.871709>.
[I-D.clacla-netmod-model-catalog] [I-D.clacla-netmod-model-catalog]
Clarke, J. and B. Claise, "YANG module for Clarke, J. and B. Claise, "YANG module for
yangcatalog.org", draft-clacla-netmod-model-catalog-03 yangcatalog.org", draft-clacla-netmod-model-catalog-03
(work in progress), April 2018. (work in progress), April 2018.
[I-D.ietf-bess-evpn-yang] [I-D.ietf-bess-evpn-yang]
Brissette, P., Shah, H., Hussain, I., Tiruveedhula, K., Brissette, P., Shah, H., Hussain, I., Tiruveedhula, K.,
and J. Rabadan, "Yang Data Model for EVPN", draft-ietf- and J. Rabadan, "Yang Data Model for EVPN", draft-ietf-
bess-evpn-yang-07 (work in progress), March 2019. bess-evpn-yang-07 (work in progress), March 2019.
skipping to change at page 29, line 10 skipping to change at page 30, line 25
[I-D.ietf-opsawg-l2nm] [I-D.ietf-opsawg-l2nm]
barguil, s., Dios, O., Boucadair, M., Munoz, L., Jalil, barguil, s., Dios, O., Boucadair, M., Munoz, L., Jalil,
L., and J. Ma, "A Layer 2 VPN Network YANG Model", draft- L., and J. Ma, "A Layer 2 VPN Network YANG Model", draft-
ietf-opsawg-l2nm-00 (work in progress), July 2020. ietf-opsawg-l2nm-00 (work in progress), July 2020.
[I-D.ietf-opsawg-l3sm-l3nm] [I-D.ietf-opsawg-l3sm-l3nm]
barguil, s., Dios, O., Boucadair, M., Munoz, L., and A. barguil, s., Dios, O., Boucadair, M., Munoz, L., and A.
Aguado, "A Layer 3 VPN Network YANG Model", draft-ietf- Aguado, "A Layer 3 VPN Network YANG Model", draft-ietf-
opsawg-l3sm-l3nm-04 (work in progress), October 2020. opsawg-l3sm-l3nm-04 (work in progress), October 2020.
[I-D.ietf-opsawg-vpn-common]
barguil, s., Dios, O., Boucadair, M., and Q. WU, "A Layer
2/3 VPN Common YANG Model", draft-ietf-opsawg-vpn-
common-01 (work in progress), September 2020.
[I-D.ietf-pim-igmp-mld-snooping-yang] [I-D.ietf-pim-igmp-mld-snooping-yang]
Zhao, H., Liu, X., Liu, Y., Sivakumar, M., and A. Peter, Zhao, H., Liu, X., Liu, Y., Sivakumar, M., and A. Peter,
"A Yang Data Model for IGMP and MLD Snooping", draft-ietf- "A Yang Data Model for IGMP and MLD Snooping", draft-ietf-
pim-igmp-mld-snooping-yang-18 (work in progress), August pim-igmp-mld-snooping-yang-18 (work in progress), August
2020. 2020.
[I-D.ietf-pim-yang] [I-D.ietf-pim-yang]
Liu, X., McAllister, P., Peter, A., Sivakumar, M., Liu, Liu, X., McAllister, P., Peter, A., Sivakumar, M., Liu,
Y., and f. hu, "A YANG Data Model for Protocol Independent Y., and f. hu, "A YANG Data Model for Protocol Independent
Multicast (PIM)", draft-ietf-pim-yang-17 (work in Multicast (PIM)", draft-ietf-pim-yang-17 (work in
skipping to change at page 30, line 35 skipping to change at page 32, line 5
and H. Weiguo, "YANG Data Model for TRILL Operations, and H. Weiguo, "YANG Data Model for TRILL Operations,
Administration, and Maintenance (OAM)", draft-ietf-trill- Administration, and Maintenance (OAM)", draft-ietf-trill-
yang-oam-05 (work in progress), March 2017. yang-oam-05 (work in progress), March 2017.
[I-D.ogondio-opsawg-uni-topology] [I-D.ogondio-opsawg-uni-topology]
Dios, O., barguil, s., WU, Q., and M. Boucadair, "A YANG Dios, O., barguil, s., WU, Q., and M. Boucadair, "A YANG
Model for User-Network Interface (UNI) Topologies", draft- Model for User-Network Interface (UNI) Topologies", draft-
ogondio-opsawg-uni-topology-01 (work in progress), April ogondio-opsawg-uni-topology-01 (work in progress), April
2020. 2020.
[I-D.www-bess-yang-vpn-service-pm] [I-D.www-opsawg-yang-vpn-service-pm]
WU, Q., Boucadair, M., Dios, O., Wen, B., Liu, C., and H. Bo, W., WU, Q., Boucadair, M., Dios, O., Wen, B., Liu, C.,
Xu, "A YANG Model for Network and VPN Service Performance and H. Xu, "A YANG Model for Network and VPN Service
Monitoring", draft-www-bess-yang-vpn-service-pm-06 (work Performance Monitoring", draft-www-opsawg-yang-vpn-
in progress), April 2020. service-pm-01 (work in progress), July 2020.
[I-D.wwx-netmod-event-yang] [I-D.wwx-netmod-event-yang]
Bierman, A., WU, Q., Bryskin, I., Birkholz, H., Liu, X., Bierman, A., WU, Q., Bryskin, I., Birkholz, H., Liu, X.,
and B. Claise, "A YANG Data model for ECA Policy and B. Claise, "A YANG Data model for ECA Policy
Management", draft-wwx-netmod-event-yang-09 (work in Management", draft-wwx-netmod-event-yang-09 (work in
progress), July 2020. progress), July 2020.
[IPPM] IANA, "Performance Metrics", March 2020, [IPPM] IANA, "Performance Metrics", March 2020,
<https://www.iana.org/assignments/performance-metrics/ <https://www.iana.org/assignments/performance-metrics/
performance-metrics.xhtml>. performance-metrics.xhtml>.
skipping to change at page 33, line 18 skipping to change at page 34, line 37
[RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, [RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki,
"YANG Data Model for L3VPN Service Delivery", RFC 8299, "YANG Data Model for L3VPN Service Delivery", RFC 8299,
DOI 10.17487/RFC8299, January 2018, DOI 10.17487/RFC8299, January 2018,
<https://www.rfc-editor.org/info/rfc8299>. <https://www.rfc-editor.org/info/rfc8299>.
[RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models [RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models
Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018, Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018,
<https://www.rfc-editor.org/info/rfc8309>. <https://www.rfc-editor.org/info/rfc8309>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>.
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface [RFC8343] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
<https://www.rfc-editor.org/info/rfc8343>. <https://www.rfc-editor.org/info/rfc8343>.
[RFC8345] Clemm, A., Medved, J., Varga, R., Bahadur, N., [RFC8345] Clemm, A., Medved, J., Varga, R., Bahadur, N.,
Ananthakrishnan, H., and X. Liu, "A YANG Data Model for Ananthakrishnan, H., and X. Liu, "A YANG Data Model for
Network Topologies", RFC 8345, DOI 10.17487/RFC8345, March Network Topologies", RFC 8345, DOI 10.17487/RFC8345, March
2018, <https://www.rfc-editor.org/info/rfc8345>. 2018, <https://www.rfc-editor.org/info/rfc8345>.
[RFC8346] Clemm, A., Medved, J., Varga, R., Liu, X., [RFC8346] Clemm, A., Medved, J., Varga, R., Liu, X.,
skipping to change at page 34, line 15 skipping to change at page 35, line 41
[RFC8513] Boucadair, M., Jacquenet, C., and S. Sivakumar, "A YANG [RFC8513] Boucadair, M., Jacquenet, C., and S. Sivakumar, "A YANG
Data Model for Dual-Stack Lite (DS-Lite)", RFC 8513, Data Model for Dual-Stack Lite (DS-Lite)", RFC 8513,
DOI 10.17487/RFC8513, January 2019, DOI 10.17487/RFC8513, January 2019,
<https://www.rfc-editor.org/info/rfc8513>. <https://www.rfc-editor.org/info/rfc8513>.
[RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair,
"YANG Data Model for Network Access Control Lists (ACLs)", "YANG Data Model for Network Access Control Lists (ACLs)",
RFC 8519, DOI 10.17487/RFC8519, March 2019, RFC 8519, DOI 10.17487/RFC8519, March 2019,
<https://www.rfc-editor.org/info/rfc8519>. <https://www.rfc-editor.org/info/rfc8519>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", RFC 8525,
DOI 10.17487/RFC8525, March 2019,
<https://www.rfc-editor.org/info/rfc8525>.
[RFC8528] Bjorklund, M. and L. Lhotka, "YANG Schema Mount", [RFC8528] Bjorklund, M. and L. Lhotka, "YANG Schema Mount",
RFC 8528, DOI 10.17487/RFC8528, March 2019, RFC 8528, DOI 10.17487/RFC8528, March 2019,
<https://www.rfc-editor.org/info/rfc8528>. <https://www.rfc-editor.org/info/rfc8528>.
[RFC8529] Berger, L., Hopps, C., Lindem, A., Bogdanovic, D., and X. [RFC8529] Berger, L., Hopps, C., Lindem, A., Bogdanovic, D., and X.
Liu, "YANG Data Model for Network Instances", RFC 8529, Liu, "YANG Data Model for Network Instances", RFC 8529,
DOI 10.17487/RFC8529, March 2019, DOI 10.17487/RFC8529, March 2019,
<https://www.rfc-editor.org/info/rfc8529>. <https://www.rfc-editor.org/info/rfc8529>.
[RFC8530] Berger, L., Hopps, C., Lindem, A., Bogdanovic, D., and X. [RFC8530] Berger, L., Hopps, C., Lindem, A., Bogdanovic, D., and X.
skipping to change at page 35, line 44 skipping to change at page 37, line 29
[RFC8795] Liu, X., Bryskin, I., Beeram, V., Saad, T., Shah, H., and [RFC8795] Liu, X., Bryskin, I., Beeram, V., Saad, T., Shah, H., and
O. Gonzalez de Dios, "YANG Data Model for Traffic O. Gonzalez de Dios, "YANG Data Model for Traffic
Engineering (TE) Topologies", RFC 8795, Engineering (TE) Topologies", RFC 8795,
DOI 10.17487/RFC8795, August 2020, DOI 10.17487/RFC8795, August 2020,
<https://www.rfc-editor.org/info/rfc8795>. <https://www.rfc-editor.org/info/rfc8795>.
Appendix A. Layered YANG Modules Examples Overview Appendix A. Layered YANG Modules Examples Overview
This appendix lists a set of YANG data models that can be used for This appendix lists a set of YANG data models that can be used for
the delivery of connectivity services. These models can be the delivery of connectivity services. These models can be
classified as Service, Network, or Device Models. classified as service, network, or device models.
It is not the intent of this appendix to provide an inventory of It is not the intent of this appendix to provide an inventory of
tools and mechanisms used in specific network and service management tools and mechanisms used in specific network and service management
domains; such inventory can be found in documents such as [RFC7276]. domains; such inventory can be found in documents such as [RFC7276].
The reader may refer to the YANG Catalog The reader may refer to the YANG Catalog
(<https://www.yangcatalog.org>) or the public Github YANG repository (<https://www.yangcatalog.org>) or the public Github YANG repository
(<https://github.com/YangModels/yang>) to query existing YANG models. (<https://github.com/YangModels/yang>) to query existing YANG models.
The YANG Catalog includes some metadata to indicate the module type The YANG Catalog includes some metadata to indicate the module type
('module-classification') [I-D.clacla-netmod-model-catalog]. Note ('module-classification') [I-D.clacla-netmod-model-catalog]. Note
that the mechanism defined in [I-D.ietf-netmod-module-tags] allows to that the mechanism defined in [I-D.ietf-netmod-module-tags] allows to
associate tags with YANG modules in order to help classifying the associate tags with YANG modules in order to help classifying the
modules. modules.
A.1. Service Models: Definition and Samples A.1. Service Models: Definition and Samples
As described in [RFC8309], the service is "some form of connectivity As described in [RFC8309], the service is "some form of connectivity
between customer sites and the Internet and/or between customer sites between customer sites and the Internet and/or between customer sites
skipping to change at page 36, line 36 skipping to change at page 38, line 20
o The L3SM [RFC8299] defines the L3VPN service ordered by a customer o The L3SM [RFC8299] defines the L3VPN service ordered by a customer
from a network operator. from a network operator.
o The L2SM [RFC8466] defines the L2VPN service ordered by a customer o The L2SM [RFC8466] defines the L2VPN service ordered by a customer
from a network operator. from a network operator.
o The Virtual Network (VN) model [I-D.ietf-teas-actn-vn-yang] o The Virtual Network (VN) model [I-D.ietf-teas-actn-vn-yang]
provides a YANG data model applicable to any mode of VN operation. provides a YANG data model applicable to any mode of VN operation.
L2SM and L3SM are customer Service Models as per [RFC8309]. L2SM and L3SM are customer service models as per [RFC8309].
A.2. Schema Mount A.2. Schema Mount
Modularity and extensibility were among the leading design principles Modularity and extensibility were among the leading design principles
of the YANG data modeling language. As a result, the same YANG of the YANG data modeling language. As a result, the same YANG
module can be combined with various sets of other modules and thus module can be combined with various sets of other modules and thus
form a data model that is tailored to meet the requirements of a form a data model that is tailored to meet the requirements of a
specific use case. [RFC8528] defines a mechanism, denoted schema specific use case. [RFC8528] defines a mechanism, denoted schema
mount, that allows for mounting one data model consisting of any mount, that allows for mounting one data model consisting of any
number of YANG modules at a specified location of another (parent) number of YANG modules at a specified location of another (parent)
schema. schema.
A.3. Network Models: Samples A.3. Network Models: Samples
L2NM [I-D.ietf-opsawg-l2nm] and L3NM [I-D.ietf-opsawg-l3sm-l3nm] are L2NM [I-D.ietf-opsawg-l2nm] and L3NM [I-D.ietf-opsawg-l3sm-l3nm] are
examples of YANG Network Models. examples of YANG network models.
Figure 9 depicts a set of additional Network Models such as topology Figure 9 depicts a set of additional network models such as topology
and tunnel models: and tunnel models:
+-------------------------------+-------------------------------+ +-------------------------------+-------------------------------+
| Topology YANG modules | Tunnel YANG modules | | Topology YANG modules | Tunnel YANG modules |
+-------------------------------+-------------------------------+ +-------------------------------+-------------------------------+
| +------------------+ | | | +------------------+ | |
| |Network Topologies| | +------+ +-----------+ | | |Network Topologies| | +------+ +-----------+ |
| | Model | | |Other | | TE Tunnel | | | | Model | | |Other | | TE Tunnel | |
| +--------+---------+ | |Tunnel| +----+------+ | | +--------+---------+ | |Tunnel| +----+------+ |
| | +---------+ | +------+ | | | | +---------+ | +------+ | |
skipping to change at page 37, line 44 skipping to change at page 39, line 36
| |Topology | | | | |Topology | | |
| +---------+ | | | +---------+ | |
+-------------------------------+-------------------------------+ +-------------------------------+-------------------------------+
Figure 9: Sample Resource Facing Network Models Figure 9: Sample Resource Facing Network Models
Examples of topology YANG modules are listed below: Examples of topology YANG modules are listed below:
o Network Topologies Model: [RFC8345] defines a base model for o Network Topologies Model: [RFC8345] defines a base model for
network topology and inventories. Network topology data include network topology and inventories. Network topology data include
link resource, node resource, and terminate-point resources. link, node, and terminate-point resources.
o TE Topology Model: [RFC8795] defines a YANG data model for o TE Topology Model: [RFC8795] defines a YANG data model for
representing and manipulating TE topologies. representing and manipulating TE topologies.
This module is extended from network topology model defined in This module is extended from network topology model defined in
[RFC8345] with TE topologies related content. This model contains [RFC8345] with TE topologies related content. This model contains
technology-agnostic TE Topology building blocks that can be technology-agnostic TE Topology building blocks that can be
augmented and used by other technology-specific TE topology augmented and used by other technology-specific TE topology
models. models.
skipping to change at page 38, line 48 skipping to change at page 40, line 39
[I-D.ietf-teas-yang-te] augments the TE generic and MPLS-TE [I-D.ietf-teas-yang-te] augments the TE generic and MPLS-TE
model(s) and defines a YANG module for MPLS-TE configurations, model(s) and defines a YANG module for MPLS-TE configurations,
state, RPC and notifications. state, RPC and notifications.
o RSVP-TE MPLS Model: o RSVP-TE MPLS Model:
[I-D.ietf-teas-yang-rsvp-te] augments the RSVP-TE generic module [I-D.ietf-teas-yang-rsvp-te] augments the RSVP-TE generic module
with parameters to configure and manage signaling of MPLS RSVP-TE with parameters to configure and manage signaling of MPLS RSVP-TE
LSPs. LSPs.
Other sample Network Models are listed hereafter: Other sample network models are listed hereafter:
o Path Computation API Model: o Path Computation API Model:
[I-D.ietf-teas-yang-path-computation] YANG module for a stateless [I-D.ietf-teas-yang-path-computation] YANG module for a stateless
RPC which complements the stateful solution defined in RPC which complements the stateful solution defined in
[I-D.ietf-teas-yang-te]. [I-D.ietf-teas-yang-te].
o OAM Models (including Fault Management (FM) and Performance o OAM Models (including Fault Management (FM) and Performance
Monitoring): Monitoring):
skipping to change at page 39, line 27 skipping to change at page 41, line 16
provide consistent reporting, configuration, and representation provide consistent reporting, configuration, and representation
for connection-less OAM and Connection oriented OAM separately. for connection-less OAM and Connection oriented OAM separately.
Alarm monitoring is a fundamental part of monitoring the network. Alarm monitoring is a fundamental part of monitoring the network.
Raw alarms from devices do not always tell the status of the Raw alarms from devices do not always tell the status of the
network services or necessarily point to the root cause. network services or necessarily point to the root cause.
[RFC8632] defines a YANG module for alarm management. [RFC8632] defines a YANG module for alarm management.
A.4. Device Models: Samples A.4. Device Models: Samples
Network Element models (Figure 10) are used to describe how a service Network Element models (listed in Figure 10) are used to describe how
can be implemented by activating and tweaking a set of functions a service can be implemented by activating and tweaking a set of
(enabled in one or multiple devices, or hosted in cloud functions (enabled in one or multiple devices, or hosted in cloud
infrastructures) that are involved in the service delivery. infrastructures) that are involved in the service delivery. For
example, the L3VPN service will involve many PEs and require
manipulating the following modules:
o Routing management [RFC8349]
o BGP [I-D.ietf-idr-bgp-model]
o PIM [I-D.ietf-pim-yang]
o NAT management [RFC8512]
o QoS management [I-D.ietf-rtgwg-qos-model]
o ACLs [RFC8519]
Figure 10 uses IETF-defined data models as an example. Figure 10 uses IETF-defined data models as an example.
+------------------------+ +------------------------+
+-+ Device Model | +-+ Device Model |
| +------------------------+ | +------------------------+
| +------------------------+ | +------------------------+
+---------------+ | | Logical Network | +---------------+ | | Logical Network |
| | +-+ Element Model | | | +-+ Element Model |
| Architecture | | +------------------------+ | Architecture | | +------------------------+
| | | +------------------------+ | | | +------------------------+
skipping to change at page 41, line 50 skipping to change at page 43, line 50
The following provides some YANG modules that can be used for The following provides some YANG modules that can be used for
interface management: interface management:
o [RFC7224]: defines a YANG module for interface type definitions. o [RFC7224]: defines a YANG module for interface type definitions.
o [RFC8343]: defines a YANG module for the management of network o [RFC8343]: defines a YANG module for the management of network
interfaces. interfaces.
A.4.4. Some Device Model Examples A.4.4. Some Device Model Examples
The following provides an overview of some Device Models that can be The following provides an overview of some device models that can be
used within a network. This list is not comprehensive. used within a network. This list is not comprehensive.
L2VPN: [I-D.ietf-bess-l2vpn-yang] defines a YANG module for MPLS L2VPN: [I-D.ietf-bess-l2vpn-yang] defines a YANG module for MPLS
based Layer 2 VPN services (L2VPN) [RFC4664] and includes based Layer 2 VPN services (L2VPN) [RFC4664] and includes
switching between the local attachment circuits. The switching between the local attachment circuits. The
L2VPN model covers point-to-point VPWS and Multipoint VPLS L2VPN model covers point-to-point VPWS and Multipoint VPLS
services. These services use signaling of Pseudowires services. These services use signaling of Pseudowires
across MPLS networks using LDP [RFC8077][RFC4762] or BGP across MPLS networks using LDP [RFC8077][RFC4762] or BGP
[RFC4761]. [RFC4761].
 End of changes. 106 change blocks. 
281 lines changed or deleted 369 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/