PIM Working Group H. Zhao
Internet Draft Ericsson
Intended status: Standards Track Y. Liu
Expires: September 03, 2024 China Mobile
X. Liu
Alef Edge
M. Panchanathan
Cisco
M. Sivakumar
Juniper
March 04, 2024Yang Data Model for EVPN multicast draft-ietf-pim-evpn-multicast-yang-01.txt
Abstract
This document describes a YANG data model for EVPN multicast services. The model is agnostic of the underlay as well as RFC 9251. This document mainly focuses on EVPN instance framework.
Status of this Memo
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on September 03, 2024.
Zhao & Liu, etc [Page 1]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01
Copyright NoticeCopyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction...................................................3
1.1. Terminology...............................................3
1.2. Tree Diagrams.............................................3
1.3. Prefixes in Data Node Names...............................3
2. Module Structure...............................................3
2.1. Attributes to control new BGP EVPN routes.................4
2.2. New BGP EVPN routes.......................................4
3. EVPN Multicast Yang Module.....................................5
4. Security Considerations........................................9
5. IANA Considerations...........................................10
5.1. XML Registry.............................................10
5.2. YANG Module Names Registry...............................10
6. References....................................................10
6.1. Normative References.....................................10
6.2. Informative References...................................11
Authors' Addresses...............................................12
Zhao & Liu, etc [Page 2]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01 1. IntroductionThis document describes a YANG data model for EVPN multicast services. Its name is ietf-evpn-multicast. [RFC9251] introduces three new BGP EVPN routes to carry IGMP Membership Reports. The module ietf-evpn-multicast defines the three new BGP EVPN routes in it. It also defines other attributes for EVPN multicast services.
1.1. Terminology
The terminology for describing YANG data models is found in [RFC6020] and [RFC7950], including: * augment * data model * data node * module
1.2. Tree Diagrams
Tree diagrams used in this document follow the notation defined in[RFC8340].
1.3. Prefixes in Data Node Names
In this document, names of data nodes, actions, and other data model objects are often used without a prefix, as long as it is clear from the context in which YANG module each name is defined. Otherwise, names are prefixed using the standard prefix associated with the corresponding YANG module, as shown in Table 1.+----------+-----------------------+---------------------------------+ | Prefix | YANG module | Reference | +==========+=======================+=================================+ | inet | ietf-inet-types | [RFC6991] | +----------+-----------------------+---------------------------------+ | rt-types | ietf-routing-types | [RFC8294] | +----------+-----------------------+---------------------------------+ | evpn | ietf-evpn | [draft-ietf-bess-evpn-yang] | +----------+-----------------------+---------------------------------+ | es | ietf-ethernet-segment | [draft-ietf-bess-evpn-yang] | +----------+-----------------------+---------------------------------+
Table 1: Prefixes and Corresponding YANG Modules
2. Module Structure
This module extends ietf-evpn data model specified in [draft-ietf-bess- evpn-yang] to configure and show EVPN multicast service. This module conforms to the Network Management Datastore Architecture (NMDA) [RFC8342]. The operational state data is combined with the associated configuration data in the same hierarchy [RFC8407].
Zhao & Liu, etc [Page 3]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01 2.1. Attributes to control new BGP EVPN routesThis module augments /evpn:evpn/evpn:evpn-instances/evpn:evpn-instance to add some attributes to control the three new BGP EVPN routes to carry IGMP Membership Reports.
If evpn-igmp-proxy is enabled, Trigger an IMET route update with Multicast Flags Extended Community and IGMP proxy bit is set [RFC 9251].
If evpn-mld-proxy is enabled, Trigger an IMET route update with Multicast Flags Extended Community and MLD proxy bit is set [RFC 9251].
augment /evpn:evpn/evpn:evpn-instances/evpn:evpn-instance:
+--rw evpn-igmp-proxy? boolean {evpn-igmp-proxy}? +--rw evpn-mld-proxy? boolean {evpn-mld-proxy}?
2.2. New BGP EVPN routes
This module augments /evpn:evpn/evpn:evpn-instances/evpn:evpn- instance/evpn:routes to add three new BGP EVPN routes to carry IGMP Membership Reports [RFC 9251]. The route types are known as:6 - Selective Multicast Ethernet Tag Route
7 - Multicast Membership Report Synch Route
8 - Multicast Leave Synch Route
augment /evpn:evpn/evpn:evpn-instances/evpn:evpn-instance/evpn:routes:
+--ro selective-multicast-ethernet-tag-route*
| +--ro rd-rt* [route-distinguisher] | | +--ro route-distinguisher rt-types:route-distinguisher | | +--ro vpn-target* [route-target] | | +--ro route-target rt-types:route-target | +--ro ethernet-tag? uint32| +--ro multicast-source-address? inet:ip-address | +--ro multicast-group-address? rt-types:ip-multicast-group-address | +--ro originator-ip-prefix? inet:ip-prefix +--ro multicast-membership-report-synch-route*
| +--ro rd-rt* [route-distinguisher] | | +--ro route-distinguisher rt-types:route-distinguisher | | +--ro vpn-target* [route-target] | | +--ro route-target rt-types:route-target | +--ro ethernet-segment-identifier? yang:hex-string| +--ro ethernet-tag? uint32 | +--ro multicast-source-address? inet:ip-address
Zhao & Liu, etc [Page 4]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01
| +--ro multicast-group-address? rt-types:ip-multicast-group-address
| +--ro originator-ip-prefix? inet:ip-prefix
+--ro multicast-leave-synch-route*
+--ro rd-rt* [route-distinguisher] | +--ro route-distinguisher rt-types:route-distinguisher | +--ro vpn-target* [route-target] | +--ro route-target rt-types:route-target +--ro ethernet-segment-identifier? yang:hex-string +--ro ethernet-tag? uint32 +--ro multicast-source-address? inet:ip-address
+--ro multicast-group-address? rt-types:ip-multicast-group-address
+--ro originator-ip-prefix? inet:ip-prefix
+--ro maximum-response-time? uint16
3. EVPN Multicast Yang Module
This module references [RFC6991],[RFC8294],[draft-ietf-bess-evpn-yang].<CODE BEGINS> file ietf-evpn-multicast@2024-03-04.yang
module ietf-evpn-multicast {
namespace "urn:ietf:params:xml:ns:yang:ietf-evpn-multicast";
prefix "evpn-multicast";
import ietf-inet-types {
prefix "inet";
}
import ietf-routing-types {
prefix "rt-types";
}
import ietf-yang-types {
prefix yang;
}
import ietf-evpn {
prefix "evpn";
}
organization "ietf";
contact "ietf";
description "evpn multicast";
revision "2024-03-04" { description "Initial draft"; reference ""; } /* * Features */
Zhao & Liu, etc [Page 5]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01
feature evpn-igmp-proxy {description
"Support IGMP Proxy for EVPN.";
reference
"RFC 9251";
}
feature evpn-mld-proxy {
description
"Support MLD Proxy for EVPN.";
reference
"RFC 9251";
}
/* Groupings */
grouping route-rd-rt-grp {
description "A grouping for a route's route distinguishers " +
"and route targets";
list rd-rt {
key "route-distinguisher"; leaf route-distinguisher { type rt-types:route-distinguisher; description "Route distinguisher"; } list vpn-target { key "route-target"; leaf route-target { type rt-types:route-target; description "BGP route target"; } description "A list of route targets"; } description "A list of route distinguishers and " +
"corresponding VPN route targets";
}
}
/* augments */
augment "/evpn:evpn/evpn:evpn-instances/evpn:evpn-instance" { description ""; leaf evpn-igmp-proxy { if-feature "evpn-igmp-proxy"; type boolean; description "Trigger an IMET route update with Multicast
Flags Extended Community and IGMP proxy bit is set.";
Zhao & Liu, etc [Page 6]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01
} leaf evpn-mld-proxy { if-feature "evpn-mld-proxy"; type boolean; description "Trigger an IMET route update with MulticastFlags Extended Community and MLD proxy bit is set.";
}
}
augment "/evpn:evpn/evpn:evpn-instances/evpn:evpn-
instance/evpn:routes" {
if-feature "evpn-igmp-proxy or evpn-mld-proxy"; description "Type6~8 route"; list selective-multicast-ethernet-tag-route { uses route-rd-rt-grp; leaf ethernet-tag { type uint32; description "An ethernet tag (etag) indentifying a " +
"broadcast domain";
} leaf multicast-source-address { type inet:ip-address; description
"";
} leaf multicast-group-address { type rt-types:ip-multicast-group-address; description
"Multicast group address.";
}
leaf originator-ip-prefix {
type inet:ip-prefix; description "originator-ip-prefix"; } description "SMET route (type6)";
}
list multicast-membership-report-synch-route {
uses route-rd-rt-grp; leaf ethernet-segment-identifier {
type yang:hex-string {
length "29";
} description "Ethernet segment identifier (esi)"; } leaf ethernet-tag { type uint32; description "An ethernet tag (etag) indentifying a " +
"broadcast domain";
} leaf multicast-source-address { type inet:ip-address; description
Zhao & Liu, etc [Page 7]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01
"";} leaf multicast-group-address { type rt-types:ip-multicast-group-address; description
"Multicast group address.";
}
leaf originator-ip-prefix {
type inet:ip-prefix; description "originator-ip-prefix"; } description "type7 route";
}
list multicast-leave-synch-route {
uses route-rd-rt-grp; leaf ethernet-segment-identifier {
type yang:hex-string {
length "29";
} description "Ethernet segment identifier (esi)"; } leaf ethernet-tag { type uint32; description "An ethernet tag (etag) indentifying a " +
"broadcast domain";
} leaf multicast-source-address { type inet:ip-address; description
"";
} leaf multicast-group-address { type rt-types:ip-multicast-group-address; description
"Multicast group address.";
}
leaf originator-ip-prefix {
type inet:ip-prefix; description "originator-ip-prefix"; } leaf maximum-response-time { type uint16; units "seconds"; description
"Query maximum response time specifies the maximum time
allowed before sending a responding report.";
reference
"Sections 4.1.1, 8.3 of RFC 3376: Internet Group
Management Protocol, Version 3";
} description "type8 route";
}
Zhao & Liu, etc [Page 8]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01
}}
<CODE ENDS>
4. Security Considerations
The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446].The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:
Under /evpn:evpn/evpn:evpn-instances/evpn:evpn-instance:/
evpn-multicast:evpn-igmp-proxy
evpn-multicast:evpn-mld-proxy
Unauthorized access to any data node of these subtrees can adversely affect the EVPN multicast service of both the local device and the network. This may lead to network malfunctions, delivery of packets to inappropriate destinations, and other problems.
Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:
Under /evpn:evpn/evpn:evpn-instances/evpn:evpn-instance:/
evpn-multicast:evpn-igmp-proxy
evpn-multicast:evpn-mld-proxy
Under augment /evpn:evpn/evpn:evpn-instances/evpn:evpn- instance/evpn:routes:/ evpn-multicast:selective-multicast-ethernet-tag-route
Zhao & Liu, etc [Page 9]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01
evpn-multicast:multicast-membership-report-synch-routeevpn-multicast:multicast-leave-synch-route
Unauthorized access to any data node of these subtrees can disclose the operational state information of EVPN multicast service on this device.
5. IANA Considerations
RFC Ed.: In this section, replace all occurrences of 'XXXX' with the actual RFC number (and remove this note).
5.1. XML Registry
This document registers the following namespace URIs in the IETF XMLregistry [RFC3688]:
-------------------------------------------------------------------- URI: urn:ietf:params:xml:ns:yang:ietf-evpn-multicast Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace. --------------------------------------------------------------------
5.2. YANG Module Names Registry
This document registers the following YANG modules in the YANG Module Names registry [RFC7950]: -------------------------------------------------------------------- name: ietf-evpn-multicast namespace: urn:ietf:params:xml:ns:yang:ietf-evpn-multicast prefix: evpn-multicast reference: RFC XXXX --------------------------------------------------------------------6. References 6.1. Normative References[RFC3688] Mealling, M., "The IETF XML Registry", RFC 3688, January
2004.
Zhao & Liu, etc [Page 10]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language forthe Network Configuration Protocol (NETCONF)", RFC 6020, October 2010.
[RFC6241] R. Enns, Ed., M. Bjorklund, Ed., J. Schoenwaelder, Ed., A.
Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, June 2011.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, June 2011.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991,
July 2013.
[RFC7950] M. Bjorklund, Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, August 2016.
[RFC8040] A. Bierman, M. Bjorklund, K. Watsen, "RESTCONF Protocol",
RFC 8040, January 2017.
[RFC8294] X. Liu, Y. Qu, A. Lindem, C. Hopps, L. Berger, "Common YANG
Data Types for the Routing Area", RFC 8294, December 2017.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access
Control Model", RFC 8341, March 2018.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, August 2018.
[RFC9251] A. Sajassi, S. Thoria, M. Mishra, K. Patel, J. Drake, W.
Lin, "Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Proxies for Ethernet VPN (EVPN)", RFC 9251, June 2022.
[draft-ietf-bess-evpn-yang] P. Brissette, H. Shah, I. Chen, I.
Hussain, K. Tiruveedhula, J. Rabadan, "Yang Data Model for EVPN", draft-ietf-bess-evpn-yang-07, March 2019.
6.2. Informative References
[RFC8407] A. Bierman, "Guidelines for Authors and Reviewers ofDocuments Containing YANG Data Models", RFC 8407, October 2018.
Zhao & Liu, etc [Page 11]
DRAFT-IETF-PIM-EVPN-MULTICAST-YANG-01
Authors' AddressesHongji Zhao Ericsson (China) Communications Company Ltd. Ericsson Tower, No. 5 Lize East Street, Chaoyang District Beijing 100102, China Email: hongji.zhao@ericsson.com
Yisong Liu China Mobile China Email: liuyisong@chinamobile.com
Xufeng Liu Alef Edge United States of America EMail: xufeng.liu.ietf@gmail.com
Mani Panchanathan Cisco Systems, Inc. 3625 Cisco Way San Jose, CA United States of America Email: mapancha@cisco.com
Mahesh Sivakumar Juniper Networks 1133 Innovation Way Sunnyvale, CA United States of America Email: sivakumar.mahesh@gmail.com
Zhao & Liu, etc [Page 12]