draft-ietf-opsawg-yang-vpn-service-pm-07.txt   draft-ietf-opsawg-yang-vpn-service-pm-08.txt 
OPSAWG Working Group B. Wu, Ed. OPSAWG Working Group B. Wu, Ed.
Internet-Draft Q. Wu, Ed. Internet-Draft Q. Wu, Ed.
Intended status: Standards Track Huawei Intended status: Standards Track Huawei
Expires: 27 October 2022 M. Boucadair, Ed. Expires: 6 November 2022 M. Boucadair, Ed.
Orange Orange
O. Gonzalez de Dios O. Gonzalez de Dios
Telefonica Telefonica
B. Wen B. Wen
Comcast Comcast
25 April 2022 5 May 2022
A YANG Model for Network and VPN Service Performance Monitoring A YANG Model for Network and VPN Service Performance Monitoring
draft-ietf-opsawg-yang-vpn-service-pm-07 draft-ietf-opsawg-yang-vpn-service-pm-08
Abstract Abstract
The data model for network topologies defined in RFC 8345 introduces The data model for network topologies defined in RFC 8345 introduces
vertical layering relationships between networks that can be vertical layering relationships between networks that can be
augmented to cover network and service topologies. This document augmented to cover network and service topologies. This document
defines a YANG module for performance monitoring (PM) of both defines a YANG module for performance monitoring (PM) of both
networks and VPN services that can be used to monitor and manage networks and VPN services that can be used to monitor and manage
network performance on the topology at higher layer or the service network performance on the topology at higher layer or the service
topology between VPN sites. topology between VPN sites.
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 27 October 2022. This Internet-Draft will expire on 6 November 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 28 skipping to change at page 2, line 28
2.1. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Network and VPN Service Performance Monitoring Model Usage . 4 3. Network and VPN Service Performance Monitoring Model Usage . 4
3.1. Collecting Data via Pub/Sub Mechanism . . . . . . . . . . 5 3.1. Collecting Data via Pub/Sub Mechanism . . . . . . . . . . 5
3.2. Collecting Data On-demand . . . . . . . . . . . . . . . . 6 3.2. Collecting Data On-demand . . . . . . . . . . . . . . . . 6
4. Description of The Data Model . . . . . . . . . . . . . . . . 6 4. Description of The Data Model . . . . . . . . . . . . . . . . 6
4.1. Layering Relationship between Multiple Layers of 4.1. Layering Relationship between Multiple Layers of
Topology . . . . . . . . . . . . . . . . . . . . . . . . 6 Topology . . . . . . . . . . . . . . . . . . . . . . . . 6
4.2. Network Level . . . . . . . . . . . . . . . . . . . . . . 9 4.2. Network Level . . . . . . . . . . . . . . . . . . . . . . 9
4.3. Node Level . . . . . . . . . . . . . . . . . . . . . . . 9 4.3. Node Level . . . . . . . . . . . . . . . . . . . . . . . 9
4.4. Link and Termination Point Level . . . . . . . . . . . . 10 4.4. Link and Termination Point Level . . . . . . . . . . . . 10
5. Network and VPN Service Performance Monitoring YANG Module . 15 5. Network and VPN Service Performance Monitoring YANG Module . 14
6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 31 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 31
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 31
10.1. Normative References . . . . . . . . . . . . . . . . . . 31 10.1. Normative References . . . . . . . . . . . . . . . . . . 31
10.2. Informative References . . . . . . . . . . . . . . . . . 33 10.2. Informative References . . . . . . . . . . . . . . . . . 34
Appendix A. Illustrative Examples . . . . . . . . . . . . . . . 35 Appendix A. Illustrative Examples . . . . . . . . . . . . . . . 35
A.1. VPN Performance Subscription Example . . . . . . . . . . 35 A.1. VPN Performance Subscription Example . . . . . . . . . . 35
A.2. Example of VPN Performance Snapshot . . . . . . . . . . . 36 A.2. Example of VPN Performance Snapshot . . . . . . . . . . . 37
A.3. Example of Percentile Monitoring . . . . . . . . . . . . 38 A.3. Example of Percentile Monitoring . . . . . . . . . . . . 39
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39
1. Introduction 1. Introduction
[RFC8969] describes a framework for automating service and network [RFC8969] describes a framework for automating service and network
management with YANG [RFC6020] models. It defines that the management with YANG [RFC6020] models. It defines that the
performance measurement telemetry model should be tied to the performance measurement telemetry model should be tied to the
services (such as a Layer 3 VPN or Layer 2 VPN) or to the network services (such as a Layer 3 VPN or Layer 2 VPN) or to the network
models to monitor the overall network performance and the Service models to monitor the overall network performance and the Service
Level Agreements (SLAs). Level Agreements (SLAs).
skipping to change at page 5, line 22 skipping to change at page 5, line 22
[I-D.ietf-opsawg-sap] or VPN information from [RFC9182], [I-D.ietf-opsawg-sap] or VPN information from [RFC9182],
[I-D.ietf-opsawg-l2nm]. Then the controller derives network or VPN [I-D.ietf-opsawg-l2nm]. Then the controller derives network or VPN
level performance data by aggregating (and filtering) lower-level level performance data by aggregating (and filtering) lower-level
data collected via monitoring counters of the involved devices. data collected via monitoring counters of the involved devices.
The network or VPN performance data can be based on different The network or VPN performance data can be based on different
sources. For example, the performance monitoring data per link in sources. For example, the performance monitoring data per link in
the underlying network can be collected using a network performance the underlying network can be collected using a network performance
measurement method such as One-Way Active Measurement Protocol measurement method such as One-Way Active Measurement Protocol
(OWAMP) [RFC4656], Two-Way Active Measurement Protocol (TWAMP) (OWAMP) [RFC4656], Two-Way Active Measurement Protocol (TWAMP)
[RFC5357], and Multiprotocol Label Switching (MPLS) Loss and Delay [RFC5357], Simple Two-way Active Measurement Protocol(STAMP)
[RFC8762], and Multiprotocol Label Switching (MPLS) Loss and Delay
Measurement [RFC6374]. The performance monitoring information Measurement [RFC6374]. The performance monitoring information
reflecting the quality of the network or VPN service (e.g., end-to- reflecting the quality of the network or VPN service (e.g., end-to-
end network performance data between source node and destination node end network performance data between source node and destination node
in the network or between VPN sites) can be computed and aggregated, in the network or between VPN sites) can be computed and aggregated,
for example, using the information from the Traffic Engineering for example, using the information from the Traffic Engineering
Database (TED), [RFC7471] [RFC8570] [RFC8571] or LMAP [RFC8194]. Database (TED), [RFC7471] [RFC8570] [RFC8571] or LMAP [RFC8194].
The measurement and report intervals that are associated with these The measurement and report intervals that are associated with these
performance data usually depend on the configuration of the specific performance data usually depend on the configuration of the specific
measurement method or collection method or various combinations. measurement method or collection method or various combinations.
skipping to change at page 11, line 51 skipping to change at page 11, line 51
| | +--ro low-delay-percentile? yang:gauge64 | | +--ro low-delay-percentile? yang:gauge64
| | +--ro intermediate-delay-percentile? yang:gauge64 | | +--ro intermediate-delay-percentile? yang:gauge64
| | +--ro high-delay-percentile? yang:gauge64 | | +--ro high-delay-percentile? yang:gauge64
| +--ro jitter-statistics | +--ro jitter-statistics
| +--ro unit-value? identityref | +--ro unit-value? identityref
| +--ro min-jitter-value? yang:gauge64 | +--ro min-jitter-value? yang:gauge64
| +--ro max-jitter-value? yang:gauge64 | +--ro max-jitter-value? yang:gauge64
| +--ro low-jitter-percentile? yang:gauge64 | +--ro low-jitter-percentile? yang:gauge64
| +--ro intermediate-jitter-percentile? yang:gauge64 | +--ro intermediate-jitter-percentile? yang:gauge64
| +--ro high-jitter-percentile? yang:gauge64 | +--ro high-jitter-percentile? yang:gauge64
+--rw (vpn-pm-type)? +--rw vpn-pm-type
+--:(inter-vpn-access-interface) +--rw inter-vpn-access-interface
| +--rw inter-vpn-access-interface? empty | +--rw inter-vpn-access-interface? empty
+--:(underlay-tunnel) +--rw underlay-tunnel!
+--ro vpn-underlay-transport-type? identityref +--ro vpn-underlay-transport-type? identityref
augment /nw:networks/nw:network/nw:node/nt:termination-point: augment /nw:networks/nw:network/nw:node/nt:termination-point:
+--ro pm-statistics +--ro pm-statistics
+--ro reference-time? yang:date-and-time +--ro reference-time? yang:date-and-time
+--ro inbound-octets? yang:counter64 +--ro inbound-octets? yang:counter64
+--ro inbound-unicast? yang:counter64 +--ro inbound-unicast? yang:counter64
+--ro inbound-nunicast? yang:counter64 +--ro inbound-nunicast? yang:counter64
+--ro inbound-discards? yang:counter64 +--ro inbound-discards? yang:counter64
+--ro inbound-errors? yang:counter64 +--ro inbound-errors? yang:counter64
+--ro inbound-unknown-protocol? yang:counter64 +--ro inbound-unknown-protocol? yang:counter64
skipping to change at page 14, line 14 skipping to change at page 14, line 14
erformance measurement statistics for the topology link or the erformance measurement statistics for the topology link or the
abstract underlay link between VPN PEs with given "class-id" abstract underlay link between VPN PEs with given "class-id"
names. The list is defined separately from "one-way-pm- names. The list is defined separately from "one-way-pm-
statistics", which is used to collect generic metrics for statistics", which is used to collect generic metrics for
unspecified "class-id" names. unspecified "class-id" names.
VPN PM type ("vpn-pm-type"): Indicates the VPN performance type, VPN PM type ("vpn-pm-type"): Indicates the VPN performance type,
which can be inter-vpn-access-interface PM or VPN underlay-tunnel which can be inter-vpn-access-interface PM or VPN underlay-tunnel
PM. These two methods are common VPN measurement methods. The PM. These two methods are common VPN measurement methods. The
inter-VPN-access-interface PM is to monitor the performance of inter-VPN-access-interface PM is to monitor the performance of
logical point-to-point connections between a source and a logical point-to-point VPN connections between a source and a
destination VPN access interfaces. And the underlay-tunnel PM is destination VPN access interfaces. And the underlay-tunnel PM is
to monitor the performance of underlay tunnels of VPNs. The to monitor the performance of underlay tunnels of VPNs. The
inter-VPN-access-interface PM includes PE-PE monitoring. inter-VPN-access-interface PM includes PE-PE monitoring.
Therefore, only one of the two methods is needed , and the model Therefore, usually only one of the two methods is used. The
defines "choice" to indicate these two methods, which also allows inter-VPN-access-interface PM is defined as an empty leaf, which
other methods to be extended. The inter-VPN-access-interface PM is not bound to a specific VPN access interface. The source or
is defined as an empty leaf, which is not bound to a specific VPN destination VPN access interface of the measurement can be
access interface. The source or destination VPN access interface augmented as needed.
of the measurement can be augmented as needed.
VPN underlay transport type ("vpn-underlay-transport-type"): Indicat VPN underlay transport type ("vpn-underlay-transport-type"): Indicat
es the abstract link protocol-type of a VPN, such as GRE or IP-in- es the abstract link protocol-type of a VPN, such as GRE or IP-in-
IP. The leaf refers to an identifier of the "underlay-transport" IP. The leaf refers to an identifier of the "underlay-transport"
defined in [RFC9181], which describes the transport technology to defined in [RFC9181], which describes the transport technology to
carry the traffic of the VPN service. carry the traffic of the VPN service.
For the data nodes of 'termination-point' depicted in Figure 7, the For the data nodes of 'termination-point' depicted in Figure 7, the
module defines the following minimal set of statistics: module defines the following minimal set of statistics:
skipping to change at page 15, line 10 skipping to change at page 15, line 5
network access defined in [RFC9182] or [I-D.ietf-opsawg-l2nm]. network access defined in [RFC9182] or [I-D.ietf-opsawg-l2nm].
When multiple VPN network accesses are created using the same When multiple VPN network accesses are created using the same
physical port, finer-grained metrics can be monitored. If a TP is physical port, finer-grained metrics can be monitored. If a TP is
associated with only a single VPN, this list is not required. associated with only a single VPN, this list is not required.
5. Network and VPN Service Performance Monitoring YANG Module 5. Network and VPN Service Performance Monitoring YANG Module
The "ietf-network-vpn-pm" module uses types defined in [RFC8345], The "ietf-network-vpn-pm" module uses types defined in [RFC8345],
[RFC6991], [RFC8532], and [RFC9181]. [RFC6991], [RFC8532], and [RFC9181].
<CODE BEGINS> file "ietf-network-vpn-pm@2022-04-25.yang" <CODE BEGINS> file "ietf-network-vpn-pm@2022-05-05.yang"
module ietf-network-vpn-pm { module ietf-network-vpn-pm {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-network-vpn-pm"; namespace "urn:ietf:params:xml:ns:yang:ietf-network-vpn-pm";
prefix nvp; prefix nvp;
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
reference reference
"RFC 6991: Common YANG Types"; "RFC 6991: Common YANG Types";
} }
skipping to change at page 16, line 37 skipping to change at page 16, line 32
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices."; for full legal notices.";
// RFC Ed.: update the date below with the date of RFC // RFC Ed.: update the date below with the date of RFC
// publication and remove this note. // publication and remove this note.
// RFC Ed.: replace XXXX with actual RFC number and remove // RFC Ed.: replace XXXX with actual RFC number and remove
// this note. // this note.
revision 2022-04-25 { revision 2022-05-05 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Model for Network and VPN Service "RFC XXXX: A YANG Model for Network and VPN Service
Performance Monitoring"; Performance Monitoring";
} }
identity node-type { identity node-type {
description description
"Base identity for node type"; "Base identity for node type";
} }
identity pe { identity pe {
base node-type; base node-type;
description description
"Provider Edge (PE) node type."; "Provider Edge (PE) node type. A PE is the name of the device
reference or set of devices at the edge of the provider network with the
"RFC 4026: Provider Provisioned functionality that is needed to interface with the customer.";
Virtual Private Network (VPN) Terminology";
} }
identity p { identity p {
base node-type; base node-type;
description description
"Provider router node type."; "Provider router node type. That is, a router
reference in the core network that does not have interfaces
"RFC 4026: Provider Provisioned directly toward a customer.";
Virtual Private Network (VPN) Terminology";
} }
identity asbr { identity asbr {
base node-type; base node-type;
description description
"Autonomous System Border Router (ASBR) node type."; "Autonomous System Border Router (ASBR) node type.";
reference reference
"RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)"; "RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)";
} }
skipping to change at page 18, line 4 skipping to change at page 17, line 43
} }
identity pm-source-owamp { identity pm-source-owamp {
base pm-source-type; base pm-source-type;
description description
"Indicates One-Way Active Measurement Protocol(OWAMP) "Indicates One-Way Active Measurement Protocol(OWAMP)
as the performance monitoring metric source."; as the performance monitoring metric source.";
reference reference
"RFC 4656: A One-Way Active Measurement Protocol (OWAMP)"; "RFC 4656: A One-Way Active Measurement Protocol (OWAMP)";
} }
identity pm-source-twamp { identity pm-source-twamp {
base pm-source-type; base pm-source-type;
description description
"Indicates Two-Way Active Measurement Protocol(TWAMP) "Indicates Two-Way Active Measurement Protocol(TWAMP)
as the performance monitoring metric source."; as the performance monitoring metric source.";
reference reference
"RFC 5357: A Two-Way Active Measurement Protocol (TWAMP)"; "RFC 5357: A Two-Way Active Measurement Protocol (TWAMP)";
} }
identity pm-source-stamp {
base pm-source-type;
description
"Indicates Simple Two-way Active Measurement Protocol(STAMP)
as the performance monitoring metric source.";
reference
"RFC 8762: Simple Two-Way Active Measurement Protocol";
}
identity pm-source-y-1731 { identity pm-source-y-1731 {
base pm-source-type; base pm-source-type;
description description
"Indicates Ethernet OAM Y.1731 as the performance monitoring "Indicates Ethernet OAM Y.1731 as the performance monitoring
metric source."; metric source.";
reference reference
"ITU-T Y.1731: Operations, administration and "ITU-T Y.1731: Operations, administration and
maintenance (OAM) functions and mechanisms maintenance (OAM) functions and mechanisms
for Ethernet-based networks"; for Ethernet-based networks";
skipping to change at page 27, line 49 skipping to change at page 27, line 49
} }
augment "/nw:networks/nw:network/nt:link/pm-attributes" { augment "/nw:networks/nw:network/nt:link/pm-attributes" {
when '../../nw:network-types/nvp:service-type' { when '../../nw:network-types/nvp:service-type' {
description description
"Augments only for VPN Network topology."; "Augments only for VPN Network topology.";
} }
description description
"Augments the network topology link with VPN service "Augments the network topology link with VPN service
performance monitoring attributes."; performance monitoring attributes.";
choice vpn-pm-type { container vpn-pm-type {
description description
"The VPN PM type of this logical point-to-point "The VPN PM type of this logical point-to-point
unidirectional VPN link."; unidirectional VPN link.";
case inter-vpn-access-interface { container inter-vpn-access-interface {
description
"Indicates inter-vpn-access-interface PM, which is to
monitor the performance of logical point-to-point VPN
connections between a source and a destination
VPN access interfaces.";
leaf inter-vpn-access-interface { leaf inter-vpn-access-interface {
type empty; type empty;
description description
"This is a placeholder for inter-vpn-access-interface PM, "This is a placeholder for inter-vpn-access-interface PM,
which is not bound to a specific VPN access interface. which is not bound to a specific VPN access interface.
The source or destination VPN access interface The source or destination VPN access interface
of the measurement can be augmented as needed."; of the measurement can be augmented as needed.";
} }
} }
case underlay-tunnel { container underlay-tunnel {
presence "Enables VPN underlay tunnel PM";
description
"Indicates underlay-tunnel PM, which is to monitor
the performance of underlay tunnels of VPNs.";
leaf vpn-underlay-transport-type { leaf vpn-underlay-transport-type {
type identityref { type identityref {
base vpn-common:protocol-type; base vpn-common:protocol-type;
} }
config false; config false;
description description
"The leaf indicates the underlay transport type of "The leaf indicates the underlay transport type of
a VPN service, e.g., GRE, LDP, etc."; a VPN service, e.g., GRE, LDP, etc.";
} }
} }
skipping to change at page 29, line 20 skipping to change at page 29, line 30
access, e.g. L3VPN or VPLS."; access, e.g. L3VPN or VPLS.";
} }
uses tp-svc-telemetry; uses tp-svc-telemetry;
} }
} }
} }
<CODE ENDS> <CODE ENDS>
6. Security Considerations 6. Security Considerations
The YANG modules defined in this document MAY be accessed via the The YANG module specified in this document defines a schema for data
RESTCONF protocol [RFC8040] or NETCONF protocol [RFC6241]. The that is designed to be accessed via network management protocols such
lowest RESTCONF or NETCONF layer requires that the transport-layer as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
protocol provides both data integrity and confidentiality, see is the secure transport layer, and the mandatory-to-implement secure
Section 2 in [RFC8040] and [RFC6241]. The lowest NETCONF layer is
the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC8446]. [RFC8446].
The NETCONF access control model [RFC8341] provides the means to The Network Configuration Access Control Model (NACM) [RFC8341]
restrict access for particular NETCONF or RESTCONF users to a provides the means to restrict access for particular NETCONF or
preconfigured subset of all available NETCONF or RESTCONF protocol RESTCONF users to a preconfigured subset of all available NETCONF or
operations and content. RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config) in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees with the write effect on network operations. These are the subtrees and data nodes
operation that can be exploited to impact the network monitoring: and their sensitivity/vulnerability:
* "/nw:networks/nw:network/nw:network-types" * "/nw:networks/nw:network/nw:network-types": This subtree specifies
the VPN service type. Unauthorized access to this subtree may
render the VPN service type invalid.
* "/nw:networks/nw:network/nvp:vpn-pm-attributes" * "/nw:networks/nw:network/nvp:vpn-pm-attributes": This subtree
specifies the VPN service identifier and VPN service topology.
Unauthorized access to this subtree may disable the the VPN PM or
render the VPN service topology invalid.
* "/nw:networks/nw:network/nw:node/nvp:pm-attributes" * "/nw:networks/nw:network/nw:node/nvp:pm-attributes": This subtree
specifies the network node type and VPN service topology role.
Unauthorized access to this subtree may render the node type or
VPN service topology invalid.
* /nw:networks/nw:network/nt:link/nvp:pm-attributes" * /nw:networks/nw:network/nt:link/nvp:pm-attributes": This subtree
* /nw:networks/nw:network/nw:node/nt:termination-point/nvp:pm- specifies the PM of the network link and VPN link. Unauthorized
statistics" access to this subtree can impact the network and VPN monitoring.
Some of the readable data nodes in this YANG module may be considered Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. The nodes sensitive or vulnerable in some network environments. It is thus
reveals the quality of a service that is operated by an operator. It important to control read access (e.g., via get, get-config, or
is thus important to control read access (e.g., via get, get-config, notification) to these data nodes. These are the subtrees and data
or notification) to these data nodes. These are the subtrees and nodes and their sensitivity/vulnerability:
data nodes and their sensitivity/vulnerability:
* "/nw:networks/nw:network/nw:node/nvp:pm-attributes/nvp:vpn- * "/nw:networks/nw:network/nw:node/nvp:pm-attributes/nvp:vpn-
summary-statistics": Unauthorized access to this subtree can summary-statistics": Unauthorized access to this subtree can
disclose the operational state information of VPN instances. disclose the operational state information of VPN instances.
* "/nw:networks/nw:network/nt:link/nvp:pm-attributes/nvp:one-way-pm- * "/nw:networks/nw:network/nt:link/nvp:pm-attributes/nvp:one-way-pm-
statistics": Unauthorized access to this subtree can disclose the statistics": Unauthorized access to this subtree can disclose the
operational state information of network links or VPN abstract operational state information of network links or VPN abstract
links. links.
skipping to change at page 31, line 29 skipping to change at page 31, line 40
Roni Even Roni Even
Huawei Huawei
Email: ron.even.tlv@gmail.com Email: ron.even.tlv@gmail.com
Change Liu Change Liu
China Unicom China Unicom
Email: liuc131@chinaunicom.cn Email: liuc131@chinaunicom.cn
Honglei Xu Honglei Xu
China Telecom China Telecom
Email: xuhl.bri@chinatelecom.cn Email: xuhl6@chinatelecom.cn
10. References 10. References
10.1. Normative References 10.1. Normative References
[ITU-T-Y-1731] [ITU-T-Y-1731]
ITU-T, "Operator Ethernet Service Definition", August ITU-T, "Operator Ethernet Service Definition", August
2015, <https://www.itu.int/rec/T-REC-Y.1731/en>. 2015, <https://www.itu.int/rec/T-REC-Y.1731/en>.
[RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation [RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation
Metric for IP Performance Metrics (IPPM)", RFC 3393, Metric for IP Performance Metrics (IPPM)", RFC 3393,
DOI 10.17487/RFC3393, November 2002, DOI 10.17487/RFC3393, November 2002,
<https://www.rfc-editor.org/info/rfc3393>. <https://www.rfc-editor.org/info/rfc3393>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
[RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned Virtual
Private Network (VPN) Terminology", RFC 4026,
DOI 10.17487/RFC4026, March 2005,
<https://www.rfc-editor.org/info/rfc4026>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <https://www.rfc-editor.org/info/rfc4364>. 2006, <https://www.rfc-editor.org/info/rfc4364>.
[RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. [RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M.
Zekauskas, "A One-way Active Measurement Protocol Zekauskas, "A One-way Active Measurement Protocol
(OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006, (OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006,
<https://www.rfc-editor.org/info/rfc4656>. <https://www.rfc-editor.org/info/rfc4656>.
[RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. [RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J.
skipping to change at page 32, line 46 skipping to change at page 33, line 9
<https://www.rfc-editor.org/info/rfc6374>. <https://www.rfc-editor.org/info/rfc6374>.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
RFC 6991, DOI 10.17487/RFC6991, July 2013, RFC 6991, DOI 10.17487/RFC6991, July 2013,
<https://www.rfc-editor.org/info/rfc6991>. <https://www.rfc-editor.org/info/rfc6991>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016, RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>. <https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>. <https://www.rfc-editor.org/info/rfc8340>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341, Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018, DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>. <https://www.rfc-editor.org/info/rfc8341>.
[RFC8345] Clemm, A., Medved, J., Varga, R., Bahadur, N., [RFC8345] Clemm, A., Medved, J., Varga, R., Bahadur, N.,
skipping to change at page 33, line 36 skipping to change at page 33, line 48
[RFC8571] Ginsberg, L., Ed., Previdi, S., Wu, Q., Tantsura, J., and [RFC8571] Ginsberg, L., Ed., Previdi, S., Wu, Q., Tantsura, J., and
C. Filsfils, "BGP - Link State (BGP-LS) Advertisement of C. Filsfils, "BGP - Link State (BGP-LS) Advertisement of
IGP Traffic Engineering Performance Metric Extensions", IGP Traffic Engineering Performance Metric Extensions",
RFC 8571, DOI 10.17487/RFC8571, March 2019, RFC 8571, DOI 10.17487/RFC8571, March 2019,
<https://www.rfc-editor.org/info/rfc8571>. <https://www.rfc-editor.org/info/rfc8571>.
[RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications [RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications
for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641, for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641,
September 2019, <https://www.rfc-editor.org/info/rfc8641>. September 2019, <https://www.rfc-editor.org/info/rfc8641>.
[RFC8762] Mirsky, G., Jun, G., Nydell, H., and R. Foote, "Simple
Two-Way Active Measurement Protocol", RFC 8762,
DOI 10.17487/RFC8762, March 2020,
<https://www.rfc-editor.org/info/rfc8762>.
[RFC9181] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M., [RFC9181] Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M.,
Ed., and Q. Wu, "A Common YANG Data Model for Layer 2 and Ed., and Q. Wu, "A Common YANG Data Model for Layer 2 and
Layer 3 VPNs", RFC 9181, DOI 10.17487/RFC9181, February Layer 3 VPNs", RFC 9181, DOI 10.17487/RFC9181, February
2022, <https://www.rfc-editor.org/info/rfc9181>. 2022, <https://www.rfc-editor.org/info/rfc9181>.
10.2. Informative References 10.2. Informative References
[I-D.ietf-netmod-node-tags] [I-D.ietf-netmod-node-tags]
Wu, Q., Claise, B., Liu, P., Du, Z., and M. Boucadair, Wu, Q., Claise, B., Liu, P., Du, Z., and M. Boucadair,
"Self-Describing Data Object Tags in YANG Data Models", "Data Node Tags in YANG Modules", Work in Progress,
Work in Progress, Internet-Draft, draft-ietf-netmod-node- Internet-Draft, draft-ietf-netmod-node-tags-07, 29 April
tags-06, 21 February 2022, 2022, <https://www.ietf.org/archive/id/draft-ietf-netmod-
<https://www.ietf.org/archive/id/draft-ietf-netmod-node- node-tags-07.txt>.
tags-06.txt>.
[I-D.ietf-opsawg-l2nm] [I-D.ietf-opsawg-l2nm]
Boucadair, M., Dios, O. G. D., Barguil, S., and L. A. Boucadair, M., Dios, O. G. D., Barguil, S., and L. A.
Munoz, "A YANG Network Data Model for Layer 2 VPNs", Work Munoz, "A YANG Network Data Model for Layer 2 VPNs", Work
in Progress, Internet-Draft, draft-ietf-opsawg-l2nm-13, 14 in Progress, Internet-Draft, draft-ietf-opsawg-l2nm-15, 29
April 2022, <https://www.ietf.org/archive/id/draft-ietf- April 2022, <https://www.ietf.org/archive/id/draft-ietf-
opsawg-l2nm-13.txt>. opsawg-l2nm-15.txt>.
[I-D.ietf-opsawg-sap] [I-D.ietf-opsawg-sap]
Boucadair, M., Dios, O. G. D., Barguil, S., Wu, Q., and V. Boucadair, M., Dios, O. G. D., Barguil, S., Wu, Q., and V.
Lopez, "A Network YANG Model for Service Attachment Points Lopez, "A Network YANG Model for Service Attachment Points
(SAPs)", Work in Progress, Internet-Draft, draft-ietf- (SAPs)", Work in Progress, Internet-Draft, draft-ietf-
opsawg-sap-04, 11 April 2022, opsawg-sap-04, 11 April 2022,
<https://www.ietf.org/archive/id/draft-ietf-opsawg-sap- <https://www.ietf.org/archive/id/draft-ietf-opsawg-sap-
04.txt>. 04.txt>.
[RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned Virtual
Private Network (VPN) Terminology", RFC 4026,
DOI 10.17487/RFC4026, March 2005,
<https://www.rfc-editor.org/info/rfc4026>.
[RFC5277] Chisholm, S. and H. Trevino, "NETCONF Event [RFC5277] Chisholm, S. and H. Trevino, "NETCONF Event
Notifications", RFC 5277, DOI 10.17487/RFC5277, July 2008, Notifications", RFC 5277, DOI 10.17487/RFC5277, July 2008,
<https://www.rfc-editor.org/info/rfc5277>. <https://www.rfc-editor.org/info/rfc5277>.
[RFC7471] Giacalone, S., Ward, D., Drake, J., Atlas, A., and S. [RFC7471] Giacalone, S., Ward, D., Drake, J., Atlas, A., and S.
Previdi, "OSPF Traffic Engineering (TE) Metric Previdi, "OSPF Traffic Engineering (TE) Metric
Extensions", RFC 7471, DOI 10.17487/RFC7471, March 2015, Extensions", RFC 7471, DOI 10.17487/RFC7471, March 2015,
<https://www.rfc-editor.org/info/rfc7471>. <https://www.rfc-editor.org/info/rfc7471>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8194] Schoenwaelder, J. and V. Bajpai, "A YANG Data Model for [RFC8194] Schoenwaelder, J. and V. Bajpai, "A YANG Data Model for
LMAP Measurement Agents", RFC 8194, DOI 10.17487/RFC8194, LMAP Measurement Agents", RFC 8194, DOI 10.17487/RFC8194,
August 2017, <https://www.rfc-editor.org/info/rfc8194>. August 2017, <https://www.rfc-editor.org/info/rfc8194>.
[RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models [RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models
Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018, Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018,
<https://www.rfc-editor.org/info/rfc8309>. <https://www.rfc-editor.org/info/rfc8309>.
[RFC8570] Ginsberg, L., Ed., Previdi, S., Ed., Giacalone, S., Ward, [RFC8570] Ginsberg, L., Ed., Previdi, S., Ed., Giacalone, S., Ward,
D., Drake, J., and Q. Wu, "IS-IS Traffic Engineering (TE) D., Drake, J., and Q. Wu, "IS-IS Traffic Engineering (TE)
skipping to change at page 38, line 34 skipping to change at page 39, line 34
"one-way-pm-statistics": { "one-way-pm-statistics": {
"delay-statistics": { "delay-statistics": {
"unit-value": "lime:milliseconds", "unit-value": "lime:milliseconds",
"min-delay-value": "43", "min-delay-value": "43",
"max-delay-value": "99", "max-delay-value": "99",
"low-delay-percentile": "64", "low-delay-percentile": "64",
"intermediate-delay-percentile": "77", "intermediate-delay-percentile": "77",
"high-delay-percentile": "98" "high-delay-percentile": "98"
} }
}, },
"inter-vpn-access-interface": [null] "vpn-pm-type": {
"inter-vpn-access-interface": [null]
}
} }
} }
] ]
} }
Authors' Addresses Authors' Addresses
Bo Wu (editor) Bo Wu (editor)
Huawei Huawei
101 Software Avenue, Yuhua District 101 Software Avenue, Yuhua District
 End of changes. 39 change blocks. 
76 lines changed or deleted 102 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/