tech-invite   World Map
3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search

RFC 8049

 
 
 

YANG Data Model for L3VPN Service Delivery

Part 6 of 6, p. 127 to 157
Prev Section

 


prevText      Top      ToC       Page 127 
     leaf svc-mtu {
      type uint16;
      units bytes;
      description
       "MTU at service level.  If the service is IP,
       it refers to the IP MTU.";
     }
     description
      "Defines basic service parameters for a site.";
    }
    grouping site-protection {
     container traffic-protection {
      if-feature fast-reroute;
      leaf enabled {
       type boolean;
       default false;
       description
        "Enables traffic protection of access link.";
      }
      description
       "Fast Reroute service parameters for the site.";
     }
     description
      "Defines protection service parameters for a site.";
    }
    grouping site-service-mpls {
     container carrierscarrier {
      if-feature carrierscarrier;
      leaf signalling-type {
       type enumeration {
        enum "ldp" {
         description
          "Use LDP as the signalling protocol
          between the PE and the CE.";
        }
        enum "bgp" {
         description
          "Use BGP (as per RFC 3107) as the signalling protocol
          between the PE and the CE.
          In this case, BGP must also be configured as
          the routing protocol.";
        }
       }
       description
        "MPLS signalling type.";
      }

Top      Up      ToC       Page 128 
      description
       "This container is used when the customer provides
       MPLS-based services.  This is used in the case of CsC.";
     }
     description
      "Defines MPLS service parameters for a site.";
    }
    grouping site-service-qos-profile {
     container qos {
      if-feature qos;
      container qos-classification-policy {
       list rule {
        key id;
        ordered-by user;

        leaf id {
         type uint16;
         description
          "ID of the rule.";
        }

        choice match-type {
         case match-flow {
          uses flow-definition;
         }
         case match-application {
          leaf match-application {
           type identityref {
            base customer-application;
           }
           description
            "Defines the application to match.";
          }
         }
         description
          "Choice for classification.";
        }

        leaf target-class-id {
         type string;
         description
          "Identification of the class of service.
          This identifier is internal to the administration.";
        }

        description
         "List of marking rules.";
       }

Top      Up      ToC       Page 129 
       description
        "Configuration of the traffic classification policy.";
      }
      container qos-profile {

       choice qos-profile {
        description
         "Choice for QoS profile.
         Can be standard profile or custom.";
        case standard {
         leaf profile {
          type string;
          description
           "QoS profile to be used.";
         }
        }
        case custom {
         container classes {
          if-feature qos-custom;
          list class {
           key class-id;

           leaf class-id {
            type string;
            description
             "Identification of the class of service.
             This identifier is internal to the administration.";
           }
           leaf rate-limit {
            type uint8;
            units percent;
            description
             "To be used if the class must be rate-limited.
             Expressed as percentage of the service bandwidth.";
           }
           container latency {
            choice flavor {
             case lowest {
              leaf use-lowest-latency {
               type empty;
               description
                "The traffic class should use the path with the
                lowest latency.";
              }
             }

Top      Up      ToC       Page 130 
             case boundary {
              leaf latency-boundary {
               type uint16;
               units msec;
               description
                "The traffic class should use a path with a
                defined maximum latency.";
              }
             }
             description
              "Latency constraint on the traffic class.";
            }
            description
             "Latency constraint on the traffic class.";
           }
           container jitter {
            choice flavor {
             case lowest {
              leaf use-lowest-jitter {
               type empty;
               description
                "The traffic class should use the path with the
                lowest jitter.";
              }
             }
             case boundary {
              leaf latency-boundary {
               type uint32;
               units usec;
               description
                "The traffic class should use a path with a
                defined maximum jitter.";
              }
             }
             description
              "Jitter constraint on the traffic class.";
            }
            description
             "Jitter constraint on the traffic class.";
           }
           container bandwidth {
            leaf guaranteed-bw-percent {
             type uint8;
             units percent;
             description
              "To be used to define the guaranteed bandwidth
              as a percentage of the available service bandwidth.";
            }

Top      Up      ToC       Page 131 
            leaf end-to-end {
             type empty;
             description
              "Used if the bandwidth reservation
              must be done on the MPLS network too.";
            }
            description
             "Bandwidth constraint on the traffic class.";
           }
           description
            "List of classes of services.";
          }
          description
           "Container for list of classes of services.";
         }

        }

       }
       description
        "QoS profile configuration.";
      }
      description
       "QoS configuration.";
     }
     description
      "This grouping defines QoS parameters for a site.";
    }

    grouping site-security-authentication {
     container authentication {
      description
       "Authentication parameters.";
     }
     description
      "This grouping defines authentication parameters for a site.";

    }
    grouping site-security-encryption {
     container encryption {
      if-feature encryption;
      leaf enabled {
       type boolean;
       default false;
       description
        "If true, access encryption is required.";
      }

Top      Up      ToC       Page 132 
      leaf layer {
       type enumeration {
        enum layer2 {
         description
          "Encryption will occur at Layer 2.";
        }
        enum layer3 {
         description
          "Encryption will occur at Layer 3.
          For example, IPsec may be used.";
        }
       }
       mandatory true;
       description
        "Layer on which encryption is applied.";
      }
      container encryption-profile {
       choice profile {
        case provider-profile {
         leaf profile-name {
          type string;
          description
           "Name of the SP profile to be applied.";
         }
        }
        case customer-profile {
         leaf algorithm {
          type string;
          description
           "Encryption algorithm to be used.";
         }
         choice key-type {
          case psk {
           leaf preshared-key {
            type string;
            description
             "Key coming from customer.";
           }
          }
          case pki {

          }
          description
           "Type of keys to be used.";
         }
        }

Top      Up      ToC       Page 133 
        description
         "Choice of profile.";
       }
       description
        "Profile of encryption to be applied.";
      }
      description
       "Encryption parameters.";
     }
     description
      "This grouping defines encryption parameters for a site.";
    }

    grouping site-attachment-bearer {
     container bearer {
      container requested-type {
       if-feature requested-type;
       leaf requested-type {
        type string;
        description
         "Type of requested bearer: Ethernet, DSL,
         Wireless, etc.  Operator specific.";
       }
       leaf strict {
        type boolean;
        default false;
        description
         "Defines whether requested-type is a preference
         or a strict requirement.";
       }
       description
        "Container for requested-type.";
      }
      leaf always-on {
       if-feature always-on;
       type boolean;
       default true;
       description
        "Request for an always-on access type.
        For example, this could mean no dial access type.";
      }
      leaf bearer-reference {
       if-feature bearer-reference;
       type string;
       description
        "This is an internal reference for the SP.";
      }

Top      Up      ToC       Page 134 
      description
       "Bearer-specific parameters.
       To be augmented.";
     }
     description
      "Defines physical properties of a site attachment.";
    }

    grouping site-routing {
     container routing-protocols {
      list routing-protocol {
       key type;

       leaf type {
        type identityref {
         base routing-protocol-type;
        }
        description
         "Type of routing protocol.";
       }

       container ospf {
        when "../type = 'ospf'" {
         description
          "Only applies when protocol is OSPF.";
        }
        if-feature rtg-ospf;
        leaf-list address-family {
         type address-family;

         description
          "Address family to be activated.";
        }
        leaf area-address {
         type yang:dotted-quad;
         description
          "Area address.";
        }
        leaf metric {
         type uint16;
         description
          "Metric of the PE-CE link.";
        }

Top      Up      ToC       Page 135 
        container sham-links {
         if-feature rtg-ospf-sham-link;
         list sham-link {
          key target-site;

          leaf target-site {
           type svc-id;
           description
            "Target site for the sham link connection.
            The site is referred to by its ID.";
          }
          leaf metric {
           type uint16;
           description
            "Metric of the sham link.";
          }
          description
           "Creates a sham link with another site.";
         }
         description
          "List of sham links.";
        }
        description
         "OSPF-specific configuration.";
       }

       container bgp {

        when "../type = 'bgp'" {
         description
          "Only applies when protocol is BGP.";
        }
        if-feature rtg-bgp;
        leaf autonomous-system {
         type uint32;
         description
          "AS number.";
        }
        leaf-list address-family {
         type address-family;

         description
          "Address family to be activated.";
        }
        description
         "BGP-specific configuration.";
       }

Top      Up      ToC       Page 136 
       container static {
        when "../type = 'static'" {
         description
          "Only applies when protocol is static.";
        }

        container cascaded-lan-prefixes {
         list ipv4-lan-prefixes {
          if-feature ipv4;
          key "lan next-hop";

          leaf lan {
           type inet:ipv4-prefix;
           description
            "LAN prefixes.";
          }
          leaf lan-tag {
           type string;
           description
            "Internal tag to be used in VPN policies.";
          }
          leaf next-hop {
           type inet:ipv4-address;
           description
            "Next-hop address to use on the customer side.";
          }
          description
           "List of LAN prefixes for the site.";
         }
         list ipv6-lan-prefixes {
          if-feature ipv6;
          key "lan next-hop";

          leaf lan {
           type inet:ipv6-prefix;
           description
            "LAN prefixes.";
          }
          leaf lan-tag {
           type string;
           description
            "Internal tag to be used in VPN policies.";
          }
          leaf next-hop {
           type inet:ipv6-address;
           description
            "Next-hop address to use on the customer side.";
          }

Top      Up      ToC       Page 137 
          description
           "List of LAN prefixes for the site.";
         }
         description
          "LAN prefixes from the customer.";
        }
        description
         "Configuration specific to static routing.";
       }
       container rip {

        when "../type = 'rip'" {
         description
          "Only applies when protocol is RIP.";
        }
        if-feature rtg-rip;
        leaf-list address-family {
         type address-family;

         description
          "Address family to be activated.";
        }

        description
         "Configuration specific to RIP routing.";
       }

       container vrrp {

        when "../type = 'vrrp'" {
         description
          "Only applies when protocol is VRRP.";
        }
        if-feature rtg-vrrp;
        leaf-list address-family {
         type address-family;

         description
          "Address family to be activated.";
        }
        description
         "Configuration specific to VRRP routing.";
       }

       description
        "List of routing protocols used on
        the site.  This list can be augmented.";
      }

Top      Up      ToC       Page 138 
      description
       "Defines routing protocols.";
     }
     description
      "Grouping for routing protocols.";
    }

    grouping site-attachment-ip-connection {
     container ip-connection {
      container ipv4 {
       if-feature ipv4;
       leaf address-allocation-type {
        type identityref {
         base address-allocation-type;
        }
        default "static-address";
        description
         "Defines how addresses are allocated.";
       }

       leaf number-of-dynamic-address {
        when "../address-allocation-type = 'provider-dhcp'" {
         description
          "Only applies when addresses are allocated by DHCP.";
        }
        type uint8;
        default 1;
        description
         "Describes the number of IP addresses the customer requires.";
       }
       container dhcp-relay {
        when "../address-allocation-type = 'provider-dhcp-relay'" {
         description
          "Only applies when provider is required to implement
          DHCP relay function.";
        }
        container customer-dhcp-servers {
         leaf-list server-ip-address {
          type inet:ipv4-address;
          description
           "IP address of customer DHCP server.";
         }
         description
          "Container for list of customer DHCP servers.";
        }
        description
         "DHCP relay provided by operator.";
       }

Top      Up      ToC       Page 139 
       container addresses {
        when "../address-allocation-type = 'static-address'" {
         description
          "Only applies when protocol allocation type is static.";
        }
        leaf provider-address {
         type inet:ipv4-address;
         description
          "Address of provider side.";
        }
        leaf customer-address {
         type inet:ipv4-address;
         description
          "Address of customer side.";
        }
        leaf mask {
         type uint8 {
          range "0..31";
         }
         description
          "Subnet mask expressed in bits.";
        }
        description
         "Describes IP addresses used.";
       }

       description
        "IPv4-specific parameters.";

      }
      container ipv6 {
       if-feature ipv6;
       leaf address-allocation-type {
        type identityref {
         base address-allocation-type;
        }
        default "static-address";
        description
         "Defines how addresses are allocated.";
       }
       leaf number-of-dynamic-address {
        when
        "../address-allocation-type = 'provider-dhcp' "+
        "or ../address-allocation-type "+
        "= 'provider-dhcp-slaac'" {
         description
          "Only applies when addresses are allocated by DHCP.";
        }

Top      Up      ToC       Page 140 
        type uint8;
        default 1;
        description
         "Describes the number of IP addresses the customer requires.";
       }
       container dhcp-relay {
        when "../address-allocation-type = 'provider-dhcp-relay'" {
         description
          "Only applies when provider is required to implement
          DHCP relay function.";
        }
        container customer-dhcp-servers {
         leaf-list server-ip-address {
          type inet:ipv6-address;
          description
           "IP address of customer DHCP server.";
         }
         description
          "Container for list of customer DHCP servers.";
        }
        description
         "DHCP relay provided by operator.";
       }
       container addresses {
        when "../address-allocation-type = 'static-address'" {
         description
          "Only applies when protocol allocation type is static.";
        }
        leaf provider-address {
         type inet:ipv6-address;
         description
          "Address of provider side.";
        }
        leaf customer-address {
         type inet:ipv6-address;
         description
          "Address of customer side.";
        }
        leaf mask {
         type uint8 {
          range "0..127";
         }
         description
          "Subnet mask expressed in bits.";
        }
        description
         "Describes IP addresses used.";
       }

Top      Up      ToC       Page 141 
       description
        "IPv6-specific parameters.";

      }
      container oam {
       container bfd {
        if-feature bfd;
        leaf enabled {
         type boolean;
         default false;
         description
          "BFD activation.";
        }

        choice holdtime {
         case profile {
          leaf profile-name {
           type string;
           description
            "Well-known SP profile.";
          }
          description
           "Well-known SP profile.";
         }
         case fixed {
          leaf fixed-value {
           type uint32;
           units msec;
           description
            "Expected holdtime expressed in msec.";
          }
         }
         description
          "Choice for holdtime flavor.";
        }
        description
         "Container for BFD.";
       }
       description
        "Defines the OAM mechanisms used on the connection.";
      }
      description
       "Defines connection parameters.";
     }
     description
      "This grouping defines IP connection parameters.";
    }

Top      Up      ToC       Page 142 
    grouping site-service-multicast {
     container multicast {
      if-feature multicast;
      leaf multicast-site-type {
       type enumeration {
        enum receiver-only {
         description
          "The site only has receivers.";
        }
        enum source-only {
         description
          "The site only has sources.";
        }
        enum source-receiver {
         description
          "The site has both sources and receivers.";
        }
       }
       default "source-receiver";
       description
        "Type of multicast site.";
      }
      container multicast-address-family {
       leaf ipv4 {
        if-feature ipv4;
        type boolean;
        default true;
        description
         "Enables IPv4 multicast.";
       }
       leaf ipv6 {
        if-feature ipv6;
        type boolean;
        default false;
        description
         "Enables IPv6 multicast.";
       }
       description
        "Defines protocol to carry multicast.";
      }
      leaf protocol-type {
       type enumeration {
        enum host {
         description
          "Hosts are directly connected to the provider network.
          Host protocols such as IGMP or MLD are required.";
        }

Top      Up      ToC       Page 143 
        enum router {
         description
          "Hosts are behind a customer router.
          PIM will be implemented.";
        }
        enum both {
         description
          "Some hosts are behind a customer router, and some others
          are directly connected to the provider network.
          Both host and routing protocols must be used.
          Typically, IGMP and PIM will be implemented.";
        }
       }
       default "both";
       description
        "Multicast protocol type to be used with the customer site.";
      }

      description
       "Multicast parameters for the site.";
     }
     description
      "Multicast parameters for the site.";
    }

    grouping site-management {
     container management {
      leaf type {
       type identityref {
        base management;
       }
       description
        "Management type of the connection.";
      }
      description
       "Management configuration.";
     }
     description
      "Management parameters for the site.";
    }

Top      Up      ToC       Page 144 
    grouping site-devices {
     container devices {
      must "/l3vpn-svc/sites/site/management/type = "+
       "'provider-managed' or "+
       "/l3vpn-svc/sites/site/management/type = "+
       "'co-managed'" {
        description
         "Applicable only for provider-managed or co-managed device.";
       }
      list device {
       key device-id;

       leaf device-id {
        type svc-id;
        description
         "Identifier for the device.";
       }
       leaf location {
        type leafref {
         path "/l3vpn-svc/sites/site/locations/"+
          "location/location-id";
        }
        description
         "Location of the device.";
       }
       container management {
        must "/l3vpn-svc/sites/site/management/type"+
         "= 'co-managed'" {
          description
           "Applicable only for co-managed device.";
         }
        leaf address-family {
         type address-family;

         description
          "Address family used for management.";
        }
        leaf address {
         type inet:ip-address;
         description
          "Management address.";
        }
        description
         "Management configuration.  Applicable only for
         co-managed device.";
       }

Top      Up      ToC       Page 145 
       description
        "Device configuration.";
      }
      description
       "List of devices requested by customer.";
     }
     description
      "Grouping for device allocation.";
    }
    grouping site-vpn-flavor {
     leaf site-vpn-flavor {
      type identityref {
       base site-vpn-flavor;
      }
      default site-vpn-flavor-single;
      description
       "Defines whether the site is, for example,
       a single VPN site or a multiVPN.";
     }
     description
      "Grouping for site VPN flavor.";
    }

    grouping site-vpn-policy {
     container vpn-policies {
      list vpn-policy {
       key vpn-policy-id;

       leaf vpn-policy-id {
        type svc-id;
        description
         "Unique identifier for the VPN policy.";
       }

       list entries {
        key id;

        leaf id {
          type svc-id;
          description
           "Unique identifier for the policy entry.";
        }

Top      Up      ToC       Page 146 
        container filter {
         choice lan {
          case prefixes {
           leaf-list ipv4-lan-prefix {
            if-feature ipv4;
            type inet:ipv4-prefix;
            description
             "List of IPv4 prefixes to be matched.";
           }
           leaf-list ipv6-lan-prefix {
            if-feature ipv6;
            type inet:ipv6-prefix;
            description
             "List of IPv6 prefixes to be matched.";
           }
          }
          case lan-tag {
           leaf-list lan-tag {
            type string;
            description
             "List of 'lan-tag' items to be matched.";
           }
          }
          description
           "Choice of ways to do LAN matching.";
         }
         description
          "If used, it permits the splitting of
          site LANs among multiple VPNs.
          If no filter is used, all the LANs will be
          part of the same VPNs with the same role.";
        }
        container vpn {
         leaf vpn-id {
          type leafref {
           path "/l3vpn-svc/vpn-services/"+
           "vpn-service/vpn-id";
          }
          mandatory true;
          description
           "Reference to an IP VPN.";
         }

Top      Up      ToC       Page 147 
         leaf site-role {
          type identityref {
           base site-role;
          }
          default any-to-any-role;
          description
           "Role of the site in the IP VPN.";
         }
         description
          "List of VPNs the LAN is associated with.";
        }
        description
         "List of entries for export policy.";
       }
       description
        "List of VPN policies.";
      }
      description
       "VPN policy.";
     }
     description
      "VPN policy parameters for the site.";
    }

    grouping site-maximum-routes {
     container maximum-routes {
      list address-family {
       key af;

       leaf af {
        type address-family;

        description
         "Address family.";
       }
       leaf maximum-routes {
        type uint32;
        description
         "Maximum prefixes the VRF can accept for this address family.";
       }
       description
        "List of address families.";
      }

      description
       "Defines 'maximum-routes' for the VRF.";
     }

Top      Up      ToC       Page 148 
     description
      "Defines 'maximum-routes' for the site.";
    }

    grouping site-security {
     container security {
      uses site-security-authentication;
      uses site-security-encryption;

      description
       "Site-specific security parameters.";
     }
     description
      "Grouping for security parameters.";
    }

    grouping site-service {
     container service {
      uses site-service-qos-profile;
      uses site-service-mpls;
      uses site-service-multicast;

      description
       "Service parameters on the attachment.";
     }
     description
      "Grouping for service parameters.";
    }

    grouping site-network-access-service {
     container service {
      uses site-service-basic;
      uses site-service-qos-profile;
      uses site-service-mpls;
      uses site-service-multicast;

      description
       "Service parameters on the attachment.";
     }
     description
      "Grouping for service parameters.";
    }

Top      Up      ToC       Page 149 
    grouping vpn-extranet {
     container extranet-vpns {
      if-feature extranet-vpn;
      list extranet-vpn {
       key vpn-id;

       leaf vpn-id {
        type svc-id;
        description
         "Identifies the target VPN.";
       }
       leaf local-sites-role {
        type identityref {
         base site-role;

        }
        default any-to-any-role;
        description
         "This describes the role of the
         local sites in the target VPN topology.";
       }
       description
        "List of extranet VPNs the local VPN is attached to.";
      }
      description
       "Container for extranet VPN configuration.";
     }
     description
      "Grouping for extranet VPN configuration.
      This provides an easy way to interconnect
      all sites from two VPNs.";
    }

    grouping site-attachment-availability {
     container availability {
      leaf access-priority {
       type uint32;
       default 1;
       description
        "Defines the priority for the access.
        The higher the access-priority value,
        the higher the preference of the access will be.";
      }
      description
       "Availability parameters (used for multihoming).";
     }

Top      Up      ToC       Page 150 
     description
      "Defines availability parameters for a site.";
    }

    grouping access-vpn-policy {
     container vpn-attachment {

      choice attachment-flavor {
       case vpn-policy-id {
        leaf vpn-policy-id {
         type leafref {
          path "/l3vpn-svc/sites/site/"+
          "vpn-policies/vpn-policy/"+
          "vpn-policy-id";
         }
         description
          "Reference to a VPN policy.";
        }
       }
       case vpn-id {
        leaf vpn-id {
         type leafref {
          path "/l3vpn-svc/vpn-services"+
          "/vpn-service/vpn-id";
         }
         description
          "Reference to a VPN.";
        }
        leaf site-role {
         type identityref {
           base site-role;
          }
         default any-to-any-role;
         description
          "Role of the site in the IP VPN.";
        }
       }
       mandatory true;
       description
        "Choice for VPN attachment flavor.";
      }
      description
       "Defines VPN attachment of a site.";
     }
     description
      "Defines the VPN attachment rules for a site's logical access.";
    }

Top      Up      ToC       Page 151 
    grouping vpn-svc-cfg {
     leaf vpn-id {
       type svc-id;
       description
        "VPN identifier.  Local administration meaning.";
      }
      leaf customer-name {
       type string;
       description
        "Name of the customer.";
      }
     leaf vpn-service-topology {
      type identityref {
       base vpn-topology;
      }
      default "any-to-any";
      description
       "VPN service topology.";
     }

     uses vpn-service-cloud-access;
     uses vpn-service-multicast;
     uses vpn-service-mpls;
     uses vpn-extranet;

     description
      "Grouping for VPN service configuration.";
    }

    grouping site-top-level-cfg {
     uses operational-requirements;
     uses customer-location-info;
     uses site-devices;
     uses site-diversity;
     uses site-management;
     uses site-vpn-policy;
     uses site-vpn-flavor;
     uses site-maximum-routes;
     uses site-security;
     uses site-service;
     uses site-protection;
     uses site-routing;

     description
      "Grouping for site top-level configuration.";
    }

Top      Up      ToC       Page 152 
    grouping site-network-access-top-level-cfg {
     leaf site-network-access-type {
      type identityref {
       base site-network-access-type;
      }
      default "point-to-point";
      description
       "Describes the type of connection, e.g.,
       point-to-point or multipoint.";
     }

     choice location-flavor {
      case location {
       when "/l3vpn-svc/sites/site/management/type = "+
         "'customer-managed'" {
          description
           "Applicable only for customer-managed device.";
        }
       leaf location-reference {
        type leafref {
         path "/l3vpn-svc/sites/site/locations/"+
            "location/location-id";
        }
        description
         "Location of the site-network-access.";
       }
      }
      case device {
       when "/l3vpn-svc/sites/site/management/type = "+
         "'provider-managed' or "+
         "/l3vpn-svc/sites/site/management/type = "+
         "'co-managed'" {
          description
           "Applicable only for provider-managed or co-managed device.";
        }
       leaf device-reference {
        type leafref {
         path "/l3vpn-svc/sites/site/devices/"+
            "device/device-id";
        }
        description
         "Identifier of CE to use.";
       }
      }
      mandatory true;
      description
       "Choice of how to describe the site's location.";
     }

Top      Up      ToC       Page 153 
     uses access-diversity;
     uses site-attachment-bearer;
     uses site-attachment-ip-connection;
     uses site-security;
     uses site-network-access-service;
     uses site-routing;
     uses site-attachment-availability;
     uses access-vpn-policy;

     description
      "Grouping for site network access top-level configuration.";
    }

    /* Main blocks */

    container l3vpn-svc {
     container vpn-services {
      list vpn-service {
       key vpn-id;

       uses vpn-svc-cfg;

       description
        "List of VPN services.";
      }
      description
       "Top-level container for the VPN services.";
     }

     container sites {
      list site {
       key site-id;

       leaf site-id {
        type svc-id;
        description
         "Identifier of the site.";
       }

       uses site-top-level-cfg;
       uses operational-requirements-ops;

Top      Up      ToC       Page 154 
       container site-network-accesses {
        list site-network-access {
         key site-network-access-id;

         leaf site-network-access-id {
          type svc-id;
          description
           "Identifier for the access.";
         }
         uses site-network-access-top-level-cfg;

         description
          "List of accesses for a site.";
        }
        description
         "List of accesses for a site.";
       }

       description
        "List of sites.";
      }
      description
       "Container for sites.";
     }

     description
      "Main container for L3VPN service configuration.";
    }

   }
   <CODE ENDS>

10.  Security Considerations

   The YANG module defined in this document MAY be accessed via the
   RESTCONF protocol [RFC8040] or the NETCONF protocol [RFC6241].  The
   lowest RESTCONF or NETCONF layer requires that the transport-layer
   protocol provide both data integrity and confidentiality; see
   Section 2 in [RFC8040] and Section 2 in [RFC6241].  The client MUST
   carefully examine the certificate presented by the server to
   determine if it meets the client's expectations, and the server MUST
   authenticate client access to any protected resource.  The client
   identity derived from the authentication mechanism used is subject to
   the NETCONF Access Control Model (NACM) [RFC6536].  Other protocols
   that are used to access this YANG module are also required to support
   similar security mechanisms.

Top      Up      ToC       Page 155 
   The data nodes defined in the "ietf-l3vpn-svc" YANG module MUST be
   carefully created, read, updated, or deleted as appropriate.  The
   entries in the lists below include customer-proprietary or
   confidential information; therefore, access to confidential
   information MUST be limited to authorized clients, and other clients
   MUST NOT be permitted to access the information.

   o  /l3vpn-svc/vpn-services/vpn-service

   o  /l3vpn-svc/sites/site

   The data model proposes some security parameters than can be extended
   via augmentation as part of the customer service request; those
   parameters are described in Section 6.9.

11.  IANA Considerations

   IANA has assigned a new URI from the "IETF XML Registry" [RFC3688].

      URI: urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc
      Registrant Contact: The IESG
      XML: N/A; the requested URI is an XML namespace.

   This document adds a new YANG module name in the "YANG Module Names"
   registry [RFC6020]:

      Name: ietf-l3vpn-svc
      Namespace: urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc
      Prefix: l3vpn-svc
      Reference: RFC 8049

12.  References

12.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
              DOI 10.17487/RFC3688, January 2004,
              <http://www.rfc-editor.org/info/rfc3688>.

   [RFC4026]  Andersson, L. and T. Madsen, "Provider Provisioned Virtual
              Private Network (VPN) Terminology", RFC 4026,
              DOI 10.17487/RFC4026, March 2005,
              <http://www.rfc-editor.org/info/rfc4026>.

Top      Up      ToC       Page 156 
   [RFC4364]  Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
              Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364,
              February 2006, <http://www.rfc-editor.org/info/rfc4364>.

   [RFC4577]  Rosen, E., Psenak, P., and P. Pillay-Esnault, "OSPF as the
              Provider/Customer Edge Protocol for BGP/MPLS IP Virtual
              Private Networks (VPNs)", RFC 4577, DOI 10.17487/RFC4577,
              June 2006, <http://www.rfc-editor.org/info/rfc4577>.

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862,
              DOI 10.17487/RFC4862, September 2007,
              <http://www.rfc-editor.org/info/rfc4862>.

   [RFC6020]  Bjorklund, M., Ed., "YANG - A Data Modeling Language for
              the Network Configuration Protocol (NETCONF)", RFC 6020,
              DOI 10.17487/RFC6020, October 2010,
              <http://www.rfc-editor.org/info/rfc6020>.

   [RFC6241]  Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
              and A. Bierman, Ed., "Network Configuration Protocol
              (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
              <http://www.rfc-editor.org/info/rfc6241>.

   [RFC6513]  Rosen, E., Ed., and R. Aggarwal, Ed., "Multicast in
              MPLS/BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513,
              February 2012, <http://www.rfc-editor.org/info/rfc6513>.

   [RFC6536]  Bierman, A. and M. Bjorklund, "Network Configuration
              Protocol (NETCONF) Access Control Model", RFC 6536,
              DOI 10.17487/RFC6536, March 2012,
              <http://www.rfc-editor.org/info/rfc6536>.

   [RFC7950]  Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
              RFC 7950, DOI 10.17487/RFC7950, August 2016,
              <http://www.rfc-editor.org/info/rfc7950>.

   [RFC8040]  Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
              Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
              <http://www.rfc-editor.org/info/rfc8040>.

Top      Up      ToC       Page 157 
12.2.  Informative References

   [RFC4110]  Callon, R. and M. Suzuki, "A Framework for Layer 3
              Provider-Provisioned Virtual Private Networks (PPVPNs)",
              RFC 4110, DOI 10.17487/RFC4110, July 2005,
              <http://www.rfc-editor.org/info/rfc4110>.

   [RFC4760]  Bates, T., Chandra, R., Katz, D., and Y. Rekhter,
              "Multiprotocol Extensions for BGP-4", RFC 4760,
              DOI 10.17487/RFC4760, January 2007,
              <http://www.rfc-editor.org/info/rfc4760>.

Acknowledgements

   Thanks to Qin Wu, Maxim Klyus, Luis Miguel Contreras, Gregory Mirsky,
   Zitao Wang, Jing Zhao, Kireeti Kompella, Eric Rosen, Aijun Wang,
   Michael Scharf, Xufeng Liu, David Ball, Lucy Yong, Jean-Philippe
   Landry, and Andrew Leu for their contributions to this document.

Contributors

   The authors would like to thank Rob Shakir for his major
   contributions to the initial modeling and use cases.

Authors' Addresses

   Stephane Litkowski
   Orange Business Services

   Email: stephane.litkowski@orange.com


   Luis Tomotaki
   Verizon

   Email: luis.tomotaki@verizon.com


   Kenichi Ogaki
   KDDI Corporation

   Email: ke-oogaki@kddi.com