tech-invite   World Map
3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search     Home

RFC 8049

Proposed STD
Pages: 157
Top     in Index     Prev     Next
in Group Index     No Prev: Lowest Number in Group     No Next: Highest Number in Group     Group: L3SM

YANG Data Model for L3VPN Service Delivery

Part 1 of 6, p. 1 to 18
None       Next Section

 


Top       ToC       Page 1 
Internet Engineering Task Force (IETF)                      S. Litkowski
Request for Comments: 8049                      Orange Business Services
Category: Standards Track                                    L. Tomotaki
ISSN: 2070-1721                                                  Verizon
                                                                K. Ogaki
                                                        KDDI Corporation
                                                           February 2017


               YANG Data Model for L3VPN Service Delivery

Abstract

   This document defines a YANG data model that can be used for
   communication between customers and network operators and to deliver
   a Layer 3 provider-provisioned VPN service.  This document is limited
   to BGP PE-based VPNs as described in RFCs 4026, 4110, and 4364.  This
   model is intended to be instantiated at the management system to
   deliver the overall service.  It is not a configuration model to be
   used directly on network elements.  This model provides an abstracted
   view of the Layer 3 IP VPN service configuration components.  It will
   be up to the management system to take this model as input and use
   specific configuration models to configure the different network
   elements to deliver the service.  How the configuration of network
   elements is done is out of scope for this document.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc8049.

Top      ToC       Page 2 
Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction ....................................................4
      1.1. Terminology ................................................4
      1.2. Requirements Language ......................................5
      1.3. Tree Diagrams ..............................................5
   2. Acronyms ........................................................5
   3. Definitions .....................................................7
   4. Layer 3 IP VPN Service Model ....................................8
   5. Service Data Model Usage ........................................9
   6. Design of the Data Model .......................................10
      6.1. Features and Augmentation .................................18
      6.2. VPN Service Overview ......................................18
           6.2.1. VPN Service Topology ...............................18
                  6.2.1.1. Route Target Allocation ...................19
                  6.2.1.2. Any-to-Any ................................20
                  6.2.1.3. Hub and Spoke .............................20
                  6.2.1.4. Hub and Spoke Disjoint ....................21
           6.2.2. Cloud Access .......................................22
           6.2.3. Multicast Service ..................................24
           6.2.4. Extranet VPNs ......................................26
      6.3. Site Overview .............................................27
           6.3.1. Devices and Locations ..............................29
           6.3.2. Site Network Accesses ..............................30
                  6.3.2.1. Bearer ....................................30
                  6.3.2.2. Connection ................................31
                  6.3.2.3. Inheritance of Parameters Defined at
                           Site Level and Site Network Access Level ..32
      6.4. Site Role .................................................32

Top      ToC       Page 3 
      6.5. Site Belonging to Multiple VPNs ...........................33
           6.5.1. Site VPN Flavor ....................................33
                  6.5.1.1. Single VPN Attachment:
                           site-vpn-flavor-single ....................33
                  6.5.1.2. MultiVPN Attachment:
                           site-vpn-flavor-multi .....................33
                  6.5.1.3. SubVPN Attachment: site-vpn-flavor-sub ....34
                  6.5.1.4. NNI: site-vpn-flavor-nni ..................36
           6.5.2. Attaching a Site to a VPN ..........................37
                  6.5.2.1. Referencing a VPN .........................37
                  6.5.2.2. VPN Policy ................................38
      6.6. Deciding Where to Connect the Site ........................40
           6.6.1. Constraint: Device .................................41
           6.6.2. Constraint/Parameter: Site Location ................41
           6.6.3. Constraint/Parameter: Access Type ..................42
           6.6.4. Constraint: Access Diversity .......................43
           6.6.5. Infeasible Access Placement ........................49
           6.6.6. Examples of Access Placement .......................50
                  6.6.6.1. Multihoming ...............................50
                  6.6.6.2. Site Offload ..............................53
                  6.6.6.3. Parallel Links ............................59
                  6.6.6.4. SubVPN with Multihoming ...................60
           6.6.7. Route Distinguisher and VRF Allocation .............64
      6.7. Site Network Access Availability ..........................64
      6.8. Traffic Protection ........................................66
      6.9. Security ..................................................66
           6.9.1. Authentication .....................................67
           6.9.2. Encryption .........................................67
      6.10. Management ...............................................68
      6.11. Routing Protocols ........................................68
           6.11.1. Handling of Dual Stack ............................69
           6.11.2. LAN Directly Connected to SP Network ..............70
           6.11.3. LAN Directly Connected to SP Network with
                   Redundancy ........................................70
           6.11.4. Static Routing ....................................70
           6.11.5. RIP Routing .......................................71
           6.11.6. OSPF Routing ......................................71
           6.11.7. BGP Routing .......................................73
      6.12. Service ..................................................75
           6.12.1. Bandwidth .........................................75
           6.12.2. QoS ...............................................75
                  6.12.2.1. QoS Classification .......................75
                  6.12.2.2. QoS Profile ..............................78
           6.12.3. Multicast .........................................81
      6.13. Enhanced VPN Features ....................................82
           6.13.1. Carriers' Carriers ................................82
      6.14. External ID References ...................................83

Top      ToC       Page 4 
      6.15. Defining NNIs ............................................83
           6.15.1. Defining an NNI with the Option A Flavor ..........85
           6.15.2. Defining an NNI with the Option B Flavor ..........88
           6.15.3. Defining an NNI with the Option C Flavor ..........91
   7. Service Model Usage Example ....................................92
   8. Interaction with Other YANG Modules ............................98
   9. YANG Module ...................................................102
   10. Security Considerations ......................................154
   11. IANA Considerations ..........................................155
   12. References ...................................................155
      12.1. Normative References ....................................155
      12.2. Informative References ..................................157
   Acknowledgements .................................................157
   Contributors .....................................................157
   Authors' Addresses ...............................................157

1.  Introduction

   This document defines a Layer 3 VPN service data model written in
   YANG.  The model defines service configuration elements that can be
   used in communication protocols between customers and network
   operators.  Those elements can also be used as input to automated
   control and configuration applications.

1.1.  Terminology

   The following terms are defined in [RFC6241] and are not redefined
   here:

   o  client

   o  configuration data

   o  server

   o  state data

   The following terms are defined in [RFC7950] and are not redefined
   here:

   o  augment

   o  data model

   o  data node

Top      ToC       Page 5 
   The terminology for describing YANG data models is found in
   [RFC7950].

   This document presents some configuration examples using XML
   representation.

1.2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

1.3.  Tree Diagrams

   A simplified graphical representation of the data model is presented
   in Section 6.

   The meanings of the symbols in these diagrams are as follows:

   o  Brackets "[" and "]" enclose list keys.

   o  Curly braces "{" and "}" contain names of optional features that
      make the corresponding node conditional.

   o  Abbreviations before data node names: "rw" means configuration
      data (read-write), and "ro" means state data (read-only).

   o  Symbols after data node names: "?" means an optional node, and "*"
      denotes a "list" or "leaf-list".

   o  Parentheses enclose choice and case nodes, and case nodes are also
      marked with a colon (":").

   o  Ellipsis ("...") stands for contents of subtrees that are not
      shown.

2.  Acronyms

   AAA: Authentication, Authorization, and Accounting.

   ACL: Access Control List.

   ADSL: Asymmetric DSL.

   AH: Authentication Header.

   AS: Autonomous System.

Top      ToC       Page 6 
   ASBR: Autonomous System Border Router.

   ASM: Any-Source Multicast.

   BAS: Broadband Access Switch.

   BFD: Bidirectional Forwarding Detection.

   BGP: Border Gateway Protocol.

   BSR: Bootstrap Router.

   CE: Customer Edge.

   CLI: Command Line Interface.

   CsC: Carriers' Carriers.

   CSP: Cloud Service Provider.

   DHCP: Dynamic Host Configuration Protocol.

   DSLAM: Digital Subscriber Line Access Multiplexer.

   ESP: Encapsulating Security Payload.

   GRE: Generic Routing Encapsulation.

   IGMP: Internet Group Management Protocol.

   LAN: Local Area Network.

   MLD: Multicast Listener Discovery.

   MTU: Maximum Transmission Unit.

   NAT: Network Address Translation.

   NETCONF: Network Configuration Protocol.

   NNI: Network-to-Network Interface.

   OAM: Operations, Administration, and Maintenance.

   OSPF: Open Shortest Path First.

   OSS: Operations Support System.

Top      ToC       Page 7 
   PE: Provider Edge.

   PIM: Protocol Independent Multicast.

   POP: Point of Presence.

   QoS: Quality of Service.

   RD: Route Distinguisher.

   RIP: Routing Information Protocol.

   RP: Rendezvous Point.

   RT: Route Target.

   SFTP: Secure FTP.

   SLA: Service Level Agreement.

   SLAAC: Stateless Address Autoconfiguration.

   SP: Service Provider.

   SPT: Shortest Path Tree.

   SSM: Source-Specific Multicast.

   VM: Virtual Machine.

   VPN: Virtual Private Network.

   VRF: VPN Routing and Forwarding.

   VRRP: Virtual Router Redundancy Protocol.

3.  Definitions

   Customer Edge (CE) Device: A CE is equipment dedicated to a
   particular customer; it is directly connected (at Layer 3) to one or
   more PE devices via attachment circuits.  A CE is usually located at
   the customer premises and is usually dedicated to a single VPN,
   although it may support multiple VPNs if each one has separate
   attachment circuits.

Top      ToC       Page 8 
   Provider Edge (PE) Device: A PE is equipment managed by the SP; it
   can support multiple VPNs for different customers and is directly
   connected (at Layer 3) to one or more CE devices via attachment
   circuits.  A PE is usually located at an SP point of presence (POP)
   and is managed by the SP.

   PE-Based VPNs: The PE devices know that certain traffic is VPN
   traffic.  They forward the traffic (through tunnels) based on the
   destination IP address of the packet and, optionally, based on other
   information in the IP header of the packet.  The PE devices are
   themselves the tunnel endpoints.  The tunnels may make use of various
   encapsulations to send traffic over the SP network (such as, but not
   restricted to, GRE, IP-in-IP, IPsec, or MPLS tunnels).

4.  Layer 3 IP VPN Service Model

   A Layer 3 IP VPN service is a collection of sites that are authorized
   to exchange traffic between each other over a shared IP
   infrastructure.  This Layer 3 VPN service model aims at providing a
   common understanding of how the corresponding IP VPN service is to be
   deployed over the shared infrastructure.  This service model is
   limited to BGP PE-based VPNs as described in [RFC4026], [RFC4110],
   and [RFC4364].

Top      ToC       Page 9 
5.  Service Data Model Usage

                l3vpn-svc |
                  Model   |
                          |
                   +------------------+         +-----+
                   |   Orchestration  | < --- > | OSS |
                   +------------------+         +-----+
                      |            |
              +----------------+   |
              | Config manager |   |
              +----------------+   |
                      |            |
                      | NETCONF/CLI ...
                      |            |
        +------------------------------------------------+
                             Network

                           +++++++
                           + AAA +
                           +++++++

   ++++++++   Bearer    ++++++++           ++++++++      ++++++++
   + CE A + ----------- + PE A +           + PE B + ---- + CE B +
   ++++++++  Connection ++++++++           ++++++++      ++++++++

              Site A                               Site B

   The idea of the L3 IP VPN service model is to propose an abstracted
   interface between customers and network operators to manage
   configuration of components of an L3VPN service.  A typical scenario
   would be to use this model as an input for an orchestration layer
   that will be responsible for translating it to an orchestrated
   configuration of network elements that will be part of the service.
   The network elements can be routers but can also be servers (like
   AAA); the network's configuration is not limited to these examples.
   The configuration of network elements can be done via the CLI,
   NETCONF/RESTCONF [RFC6241] [RFC8040] coupled with YANG data models of
   a specific configuration (BGP, VRF, BFD, etc.), or some other
   technique, as preferred by the operator.

   The usage of this service model is not limited to this example; it
   can be used by any component of the management system but not
   directly by network elements.

Top      ToC       Page 10 
6.  Design of the Data Model

   The YANG module is divided into two main containers: "vpn-services"
   and "sites".

   The "vpn-service" list under the vpn-services container defines
   global parameters for the VPN service for a specific customer.

   A "site" is composed of at least one "site-network-access" and, in
   the case of multihoming, may have multiple site-network-access
   points.  The site-network-access attachment is done through a
   "bearer" with an "ip-connection" on top.  The bearer refers to
   properties of the attachment that are below Layer 3, while the
   connection refers to properties oriented to the Layer 3 protocol.
   The bearer may be allocated dynamically by the SP, and the customer
   may provide some constraints or parameters to drive the placement of
   the access.

   Authorization of traffic exchange is done through what we call a VPN
   policy or VPN service topology defining routing exchange rules
   between sites.

   The figure below describes the overall structure of the YANG module:

   module: ietf-l3vpn-svc
     +--rw l3vpn-svc
      +--rw vpn-services
      | +--rw vpn-service* [vpn-id]
      |   +--rw vpn-id         svc-id
      |   +--rw customer-name?     string
      |   +--rw vpn-service-topology?  identityref
      |   +--rw cloud-accesses {cloud-access}?
      |   | +--rw cloud-access* [cloud-identifier]
      |   |   +--rw cloud-identifier    string
      |   |   +--rw (list-flavor)?
      |   |   | +--:(permit-any)
      |   |   | | +--rw permit-any?      empty
      |   |   | +--:(deny-any-except)
      |   |   | | +--rw permit-site*      leafref
      |   |   | +--:(permit-any-except)
      |   |   |   +--rw deny-site*       leafref
      |   |   +--rw authorized-sites
      |   |   | +--rw authorized-site* [site-id]
      |   |   |   +--rw site-id  leafref
      |   |   +--rw denied-sites
      |   |   | +--rw denied-site* [site-id]
      |   |   |   +--rw site-id  leafref
      |   |   +--rw address-translation

Top      ToC       Page 11 
      |   |    +--rw nat44
      |   |      +--rw enabled?         boolean
      |   |      +--rw nat44-customer-address?  inet:ipv4-address
      |   +--rw multicast {multicast}?
      |   | +--rw enabled?         boolean
      |   | +--rw customer-tree-flavors
      |   | | +--rw tree-flavor*  identityref
      |   | +--rw rp
      |   |   +--rw rp-group-mappings
      |   |   | +--rw rp-group-mapping* [id]
      |   |   |   +--rw id         uint16
      |   |   |   +--rw provider-managed
      |   |   |   | +--rw enabled?          boolean
      |   |   |   | +--rw rp-redundancy?       boolean
      |   |   |   | +--rw optimal-traffic-delivery?  boolean
      |   |   |   +--rw rp-address?     inet:ip-address
      |   |   |   +--rw groups
      |   |   |    +--rw group* [id]
      |   |   |      +--rw id        uint16
      |   |   |      +--rw (group-format)?
      |   |   |       +--:(startend)
      |   |   |       | +--rw group-start?   inet:ip-address
      |   |   |       | +--rw group-end?    inet:ip-address
      |   |   |       +--:(singleaddress)
      |   |   |         +--rw group-address?  inet:ip-address
      |   |   +--rw rp-discovery
      |   |    +--rw rp-discovery-type?  identityref
      |   |    +--rw bsr-candidates
      |   |      +--rw bsr-candidate-address*  inet:ip-address
      |   +--rw carrierscarrier?    boolean {carrierscarrier}?
      |   +--rw extranet-vpns {extranet-vpn}?
      |    +--rw extranet-vpn* [vpn-id]
      |      +--rw vpn-id       svc-id
      |      +--rw local-sites-role?  identityref
      +--rw sites
        +--rw site* [site-id]
         +--rw site-id         svc-id
         +--rw requested-site-start?  yang:date-and-time
         +--rw requested-site-stop?   yang:date-and-time
         +--rw locations
         | +--rw location* [location-id]
         |   +--rw location-id   svc-id
         |   +--rw address?    string
         |   +--rw postal-code?  string
         |   +--rw state?     string
         |   +--rw city?      string
         |   +--rw country-code?  string

Top      ToC       Page 12 
         +--rw devices
         | +--rw device* [device-id]
         |   +--rw device-id   svc-id
         |   +--rw location?   leafref
         |   +--rw management
         |    +--rw address-family?  address-family
         |    +--rw address?     inet:ip-address
         +--rw site-diversity {site-diversity}?
         | +--rw groups
         |   +--rw group* [group-id]
         |    +--rw group-id  string
         +--rw management
         | +--rw type?  identityref
         +--rw vpn-policies
         | +--rw vpn-policy* [vpn-policy-id]
         |   +--rw vpn-policy-id  svc-id
         |   +--rw entries* [id]
         |    +--rw id    svc-id
         |    +--rw filter
         |    | +--rw (lan)?
         |    |   +--:(prefixes)
         |    |   | +--rw ipv4-lan-prefix*  inet:ipv4-prefix {ipv4}?
         |    |   | +--rw ipv6-lan-prefix*  inet:ipv6-prefix {ipv6}?
         |    |   +--:(lan-tag)
         |    |    +--rw lan-tag*      string
         |    +--rw vpn
         |      +--rw vpn-id    leafref
         |      +--rw site-role?  identityref
         +--rw site-vpn-flavor?     identityref
         +--rw maximum-routes
         | +--rw address-family* [af]
         |   +--rw af        address-family
         |   +--rw maximum-routes?  uint32
         +--rw security
         | +--rw authentication
         | +--rw encryption {encryption}?
         |   +--rw enabled?       boolean
         |   +--rw layer         enumeration
         |   +--rw encryption-profile
         |    +--rw (profile)?
         |      +--:(provider-profile)
         |      | +--rw profile-name?  string
         |      +--:(customer-profile)
         |       +--rw algorithm?    string
         |       +--rw (key-type)?
         |         +--:(psk)
         |         | +--rw preshared-key?  string
         |         +--:(pki)

Top      ToC       Page 13 
         +--rw service
         | +--rw qos {qos}?
         | | +--rw qos-classification-policy
         | | | +--rw rule* [id]
         | | |   +--rw id          uint16
         | | |   +--rw (match-type)?
         | | |   | +--:(match-flow)
         | | |   | | +--rw match-flow
         | | |   | |   +--rw dscp?        inet:dscp
         | | |   | |   +--rw dot1p?        uint8
         | | |   | |   +--rw ipv4-src-prefix?   inet:ipv4-prefix
         | | |   | |   +--rw ipv6-src-prefix?   inet:ipv6-prefix
         | | |   | |   +--rw ipv4-dst-prefix?   inet:ipv4-prefix
         | | |   | |   +--rw ipv6-dst-prefix?   inet:ipv6-prefix
         | | |   | |   +--rw l4-src-port?     inet:port-number
         | | |   | |   +--rw target-sites*    svc-id
         | | |   | |   +--rw l4-src-port-range
         | | |   | |   | +--rw lower-port?  inet:port-number
         | | |   | |   | +--rw upper-port?  inet:port-number
         | | |   | |   +--rw l4-dst-port?     inet:port-number
         | | |   | |   +--rw l4-dst-port-range
         | | |   | |   | +--rw lower-port?  inet:port-number
         | | |   | |   | +--rw upper-port?  inet:port-number
         | | |   | |   +--rw protocol-field?   union
         | | |   | +--:(match-application)
         | | |   |   +--rw match-application?  identityref
         | | |   +--rw target-class-id?   string
         | | +--rw qos-profile
         | |   +--rw (qos-profile)?
         | |    +--:(standard)
         | |    | +--rw profile?  string
         | |    +--:(custom)
         | |      +--rw classes {qos-custom}?
         | |       +--rw class* [class-id]
         | |         +--rw class-id   string
         | |         +--rw rate-limit?  uint8
         | |         +--rw latency
         | |         | +--rw (flavor)?
         | |         |    ...
         | |         +--rw jitter
         | |         | +--rw (flavor)?
         | |         |    ...
         | |         +--rw bandwidth
         | |          +--rw guaranteed-bw-percent?  uint8
         | |          +--rw end-to-end?       empty
         | +--rw carrierscarrier {carrierscarrier}?
         | | +--rw signalling-type?  enumeration

Top      ToC       Page 14 
         | +--rw multicast {multicast}?
         |   +--rw multicast-site-type?    enumeration
         |   +--rw multicast-address-family
         |   | +--rw ipv4?  boolean {ipv4}?
         |   | +--rw ipv6?  boolean {ipv6}?
         |   +--rw protocol-type?       enumeration
         +--rw traffic-protection {fast-reroute}?
         | +--rw enabled?  boolean
         +--rw routing-protocols
         | +--rw routing-protocol* [type]
         |   +--rw type   identityref
         |   +--rw ospf {rtg-ospf}?
         |   | +--rw address-family*  address-family
         |   | +--rw area-address?   yang:dotted-quad
         |   | +--rw metric?      uint16
         |   | +--rw sham-links {rtg-ospf-sham-link}?
         |   |   +--rw sham-link* [target-site]
         |   |    +--rw target-site  svc-id
         |   |    +--rw metric?    uint16
         |   +--rw bgp {rtg-bgp}?
         |   | +--rw autonomous-system?  uint32
         |   | +--rw address-family*   address-family
         |   +--rw static
         |   | +--rw cascaded-lan-prefixes
         |   |   +--rw ipv4-lan-prefixes* [lan next-hop] {ipv4}?
         |   |   | +--rw lan     inet:ipv4-prefix
         |   |   | +--rw lan-tag?  string
         |   |   | +--rw next-hop  inet:ipv4-address
         |   |   +--rw ipv6-lan-prefixes* [lan next-hop] {ipv6}?
         |   |    +--rw lan     inet:ipv6-prefix
         |   |    +--rw lan-tag?  string
         |   |    +--rw next-hop  inet:ipv6-address
         |   +--rw rip {rtg-rip}?
         |   | +--rw address-family*  address-family
         |   +--rw vrrp {rtg-vrrp}?
         |    +--rw address-family*  address-family
         +--ro actual-site-start?    yang:date-and-time
         +--ro actual-site-stop?    yang:date-and-time
         +--rw site-network-accesses
           +--rw site-network-access* [site-network-access-id]
            +--rw site-network-access-id   svc-id
            +--rw site-network-access-type?  identityref
            +--rw (location-flavor)
            | +--:(location)
            | | +--rw location-reference?     leafref
            | +--:(device)
            |   +--rw device-reference?      leafref

Top      ToC       Page 15 
            +--rw access-diversity {site-diversity}?
            | +--rw groups
            | | +--rw group* [group-id]
            | |   +--rw group-id  string
            | +--rw constraints
            |   +--rw constraint* [constraint-type]
            |    +--rw constraint-type  identityref
            |    +--rw target
            |      +--rw (target-flavor)?
            |       +--:(id)
            |       | +--rw group* [group-id]
            |       |    ...
            |       +--:(all-accesses)
            |       | +--rw all-other-accesses?  empty
            |       +--:(all-groups)
            |         +--rw all-other-groups?   empty
            +--rw bearer
            | +--rw requested-type {requested-type}?
            | | +--rw requested-type?  string
            | | +--rw strict?      boolean
            | +--rw always-on?     boolean {always-on}?
            | +--rw bearer-reference?  string {bearer-reference}?
            +--rw ip-connection
            | +--rw ipv4 {ipv4}?
            | | +--rw address-allocation-type?   identityref
            | | +--rw number-of-dynamic-address?  uint8
            | | +--rw dhcp-relay
            | | | +--rw customer-dhcp-servers
            | | |   +--rw server-ip-address*  inet:ipv4-address
            | | +--rw addresses
            | |   +--rw provider-address?  inet:ipv4-address
            | |   +--rw customer-address?  inet:ipv4-address
            | |   +--rw mask?        uint8
            | +--rw ipv6 {ipv6}?
            | | +--rw address-allocation-type?   identityref
            | | +--rw number-of-dynamic-address?  uint8
            | | +--rw dhcp-relay
            | | | +--rw customer-dhcp-servers
            | | |   +--rw server-ip-address*  inet:ipv6-address
            | | +--rw addresses
            | |   +--rw provider-address?  inet:ipv6-address
            | |   +--rw customer-address?  inet:ipv6-address
            | |   +--rw mask?        uint8

Top      ToC       Page 16 
            | +--rw oam
            |   +--rw bfd {bfd}?
            |    +--rw enabled?    boolean
            |    +--rw (holdtime)?
            |      +--:(profile)
            |      | +--rw profile-name?  string
            |      +--:(fixed)
            |       +--rw fixed-value?  uint32
            +--rw security
            | +--rw authentication
            | +--rw encryption {encryption}?
            |   +--rw enabled?       boolean
            |   +--rw layer         enumeration
            |   +--rw encryption-profile
            |    +--rw (profile)?
            |      +--:(provider-profile)
            |      | +--rw profile-name?  string
            |      +--:(customer-profile)
            |       +--rw algorithm?    string
            |       +--rw (key-type)?
            |         +--:(psk)
            |         |   ...
            |         +--:(pki)
            +--rw service
            | +--rw svc-input-bandwidth?  uint32
            | +--rw svc-output-bandwidth?  uint32
            | +--rw svc-mtu?        uint16
            | +--rw qos {qos}?
            | | +--rw qos-classification-policy
            | | | +--rw rule* [id]
            | | |   +--rw id          uint16
            | | |   +--rw (match-type)?
            | | |   | +--:(match-flow)
            | | |   | | +--rw match-flow
            | | |   | |    ...
            | | |   | +--:(match-application)
            | | |   |   +--rw match-application?  identityref
            | | |   +--rw target-class-id?   string
            | | +--rw qos-profile
            | |   +--rw (qos-profile)?
            | |    +--:(standard)
            | |    | +--rw profile?  string
            | |    +--:(custom)
            | |      +--rw classes {qos-custom}?
            | |       +--rw class* [class-id]
            | |          ...

Top      ToC       Page 17 
            | +--rw carrierscarrier {carrierscarrier}?
            | | +--rw signalling-type?  enumeration
            | +--rw multicast {multicast}?
            |   +--rw multicast-site-type?    enumeration
            |   +--rw multicast-address-family
            |   | +--rw ipv4?  boolean {ipv4}?
            |   | +--rw ipv6?  boolean {ipv6}?
            |   +--rw protocol-type?       enumeration
            +--rw routing-protocols
            | +--rw routing-protocol* [type]
            |   +--rw type   identityref
            |   +--rw ospf {rtg-ospf}?
            |   | +--rw address-family*  address-family
            |   | +--rw area-address?   yang:dotted-quad
            |   | +--rw metric?      uint16
            |   | +--rw sham-links {rtg-ospf-sham-link}?
            |   |   +--rw sham-link* [target-site]
            |   |    +--rw target-site  svc-id
            |   |    +--rw metric?    uint16
            |   +--rw bgp {rtg-bgp}?
            |   | +--rw autonomous-system?  uint32
            |   | +--rw address-family*   address-family
            |   +--rw static
            |   | +--rw cascaded-lan-prefixes
            |   |   +--rw ipv4-lan-prefixes* [lan next-hop] {ipv4}?
            |   |   | +--rw lan     inet:ipv4-prefix
            |   |   | +--rw lan-tag?  string
            |   |   | +--rw next-hop  inet:ipv4-address
            |   |   +--rw ipv6-lan-prefixes* [lan next-hop] {ipv6}?
            |   |    +--rw lan     inet:ipv6-prefix
            |   |    +--rw lan-tag?  string
            |   |    +--rw next-hop  inet:ipv6-address
            |   +--rw rip {rtg-rip}?
            |   | +--rw address-family*  address-family
            |   +--rw vrrp {rtg-vrrp}?
            |    +--rw address-family*  address-family
            +--rw availability
            | +--rw access-priority?  uint32
            +--rw vpn-attachment
              +--rw (attachment-flavor)
               +--:(vpn-policy-id)
               | +--rw vpn-policy-id?  leafref
               +--:(vpn-id)
                 +--rw vpn-id?     leafref
                 +--rw site-role?    identityref

Top      ToC       Page 18 
6.1.  Features and Augmentation

   The model defined in this document implements many features that
   allow implementations to be modular.  As an example, an
   implementation may support only IPv4 VPNs (IPv4 feature), IPv6 VPNs
   (IPv6 feature), or both (by advertising both features).  The routing
   protocols proposed to the customer may also be enabled through
   features.  This model also proposes some features for options that
   are more advanced, such as support for extranet VPNs (Section 6.2.4),
   site diversity (Section 6.6), and QoS (Section 6.12.2).

   In addition, as for any YANG model, this service model can be
   augmented to implement new behaviors or specific features.  For
   example, this model proposes different options for IP address
   assignments; if those options do not fulfill all requirements, new
   options can be added through augmentation.



(page 18 continued on part 2)

Next Section