L3SM Working Group R. Gu
Internet-Draft C. Li
Intended status: Standards Track China Mobile
Expires: June 13, 2016 Y. Zhuang
Z. Wang
Huawei
December 11, 2015
YANG Data Model for Value Added Service (VAS)
draft-gu-l3sm-vas-service-model-01
Abstract
L3SM defines a YANG data model for L3VPN service model that can be
used to configure and manage L3VPN network. This document discusses
generic VAS model that can be applied to L3VPN network and other
Cloud VPN networks. The YANG model provides common structure for
various VAS service components.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 13, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Gu, et al. Expires June 13, 2016 [Page 1]
Internet-Draft VAS Service Model December 2015
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3
2.1. Terminologies . . . . . . . . . . . . . . . . . . . . . . 3
3. Value Added Service (VAS) service model . . . . . . . . . . . 4
3.1. Service data model usage . . . . . . . . . . . . . . . . 4
4. Design of the Data Model . . . . . . . . . . . . . . . . . . 5
4.1. VAS service overview . . . . . . . . . . . . . . . . . . 8
4.1.1. Service component type . . . . . . . . . . . . . . . 8
4.1.2. The VAS policy . . . . . . . . . . . . . . . . . . . 8
4.1.3. Service availability . . . . . . . . . . . . . . . . 8
4.1.4. Management . . . . . . . . . . . . . . . . . . . . . 9
4.1.5. rpcs . . . . . . . . . . . . . . . . . . . . . . . . 9
5. Service model usage example . . . . . . . . . . . . . . . . . 9
6. VAS YANG Module . . . . . . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 27
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
9. Normative References . . . . . . . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction
By using Network Function Virtualization (NFV), telecommunication's
networks, currently built out of customized hardware with a specific
function, can be built upon general servers with network service
functions provided by software. Services can span everything
including managed router, firewall, security (such as intrusion and
malware detection), unified communications, and application
performance management et al. Such service can be referred to as a
value added service (VAS). A customized VAS can be created and
managed by operators for customers by adding it dynamically to the
customers' data path in service chaining in conjunction.
This document defines a YANG data model for Generic Value Added
Service (VAS) configuration and operation which provides common
structure for various VAS service components, such as firewall, load
balancing et al.
This service model can be applied to L3VPN network in conjunction
with L3VPN service model defined in [draft-ietf-l3sm-l3vpn-service-
model] to configure and manage L3VPN network and other Cloud VPN
networks.
Gu, et al. Expires June 13, 2016 [Page 2]
Internet-Draft VAS Service Model December 2015
2. Conventions and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
The following notations are used within the data tree and carry the
meaning as below.
Each node is printed as:
<status> <flags> <name> <opts> <type>
<status> is one of:
+ for current
x for deprecated
o for obsolete
<flags> is one of:
rw for configuration data
ro for non-configuration data
-x for rpcs
-n for notifications
<name> is the name of the node
If the node is augmented into the tree from another module, its name
is printed as <prefix>:<name>.
<opts> is one of:
? for an optional leaf or choice
! for a presence container
* for a leaf-list or list
[<keys>] for a list's keys
<type> is the name of the type for leafs and leaf-lists
In this document, these words will appear with that interpretation
only when in ALL CAPS. Lower case uses of these words are not to be
interpreted as carrying RFC-2119 significance.
2.1. Terminologies
NFV Network Function Virtualization
L3SM Layer 3 VPN Service Model
Gu, et al. Expires June 13, 2016 [Page 3]
Internet-Draft VAS Service Model December 2015
3. Value Added Service (VAS) service model
A value added service is a network function provided by the service
operator. The Value Added Service (VAS) service model is to provide
a common understanding on what the value added network service
includes when deployed onto network for customers.
3.1. Service data model usage
+--------------------------------------------------------------+
| |
| Application |
| |
| |
+------------|-----------------------------------|-------------+
| |
| |
| | VAS Service Model
| |
| |
| |
| +--|---------------------+
| +-------V----------------+ |
+------------V----------------+ +------------------------+ | |
| | | | | |
| | | | | |
| Controller | | VNF Manager | |----+
| | | |-|- +
+------------|----------------+ +---|-------|------------+ |
| | | |
| | | CLI/Netconf |.
| | | |
| Openflow/Ovsdb | | |
| /Netconf... | | |
| | | |
+--------|-----------+ | | |
+---------V----------+| +++++++V+++ +++V+++++++ ++++V++++++
+--------------------+|| + + + + + +
| ||| + vLB + + vFW + + vFW +
| Device ||+ + + + + + +
| |+ +++++++++++ +++++++++++ +++++++++++
+--------------------+
The purpose of the VAS service model is to propose a generic
interface to manage and deploy configuration of a VAS service
component, for example firewall et al. A typical usage is to use
this model as an input of Virtual Network Function Manager (VNFM)
derived from NFV service component on application layer to configure
Gu, et al. Expires June 13, 2016 [Page 4]
Internet-Draft VAS Service Model December 2015
and manage the VNFM to create and delete virtual Load Balancing (vLB)
and virtual Firewall (vFW) instances for customers, so as to provide
value added services for tenant networks. The configuration of VNF
such as vLBs and vFWs MAY be done by CLI, or by NetConf/RestConf.
The usage of this service model is not limited to this example, it
can be used by any component of the management system but not
directly by network elements.
4. Design of the Data Model
The YANG module includes two parts: vas-service-components and vas-
component-management. The vas-service-components defines parameters
for value added service component for a specific customer, which is
used by service providers onto VNFM to create/delete VAS service for
tenants. The vas-component-management is rps model to facilitate
issuing commands to a NETCONF server (in this case to the VNFM
component to mange a VAS) and get a response. rpc model here
abstracts specific commands for various value added services,
including load balancing and firewall services. There are two rpc
commands defined here for the management of VASs, that are component
management and policy management.
The figure below describe the overall structure of the YANG module:
module: ietf-vas-svc
+--rw vas-service-components
+--rw service-component* [name]
+--rw name string
+--rw id? uint32
+--rw admin-status? enumeration
+--rw enable? boolean
+--rw isvirtual? boolean
+--rw tenant-id? string
+--rw provider? string
+--rw service-component-type? identityref
+--rw vas-policy
| +--rw vas-classification-policy
| | +--rw rules* [id]
| | +--rw id string
| | +--rw match-flow
| | +--rw (type)?
| | +--:(ip)
| | | +--rw (ip-version)?
| | | +--:(ipv4)
| | | | +--rw src-ipv4-network? inet:ipv4-prefix
| | | | +--rw dst-ipv4-network? inet:ipv4-prefix
| | | +--:(ipv6)
Gu, et al. Expires June 13, 2016 [Page 5]
Internet-Draft VAS Service Model December 2015
| | | +--rw src-ipv6-network? inet:ipv6-prefix
| | | +--rw dst-ipv6-network? inet:ipv6-prefix
| | | +--rw flow-label? inet:ipv6-flow-label
| | | +--rw dscp? inet:dscp
| | | +--rw protocol? uint8
| | | +--rw source-port-range
| | | | +--rw lower-port? inet:port-number
| | | | +--rw upper-port? inet:port-number
| | | +--rw destination-port-range
| | | +--rw lower-port inet:port-number
| | | +--rw upper-port? inet:port-number
| | +--:(eth)
| | +--rw src-mac-address? yang:mac-address
| | +--rw dst-mac-address? yang:mac-address
| | +--rw src-mac-address-mask? yang:mac-address
| | +--rw dst-mac-address-mask? yang:mac-address
| +--rw std-vas-profile? string
+--rw availability
| +--rw service-type? identityref
+--rw management
+--rw management-url? string
+--rw vas-instance-id? uint32
+--rw vlan-id uint32
rpcs:
+---x vas-component-management
| +--ro input
| | +--ro service-component
| | +--ro name? string
| | +--ro admin-status? enumeration
| | +--ro operation-type? identityref
| | +--ro isvirtual? boolean
| | +--ro tenant-id? string
| | +--ro provider? string
| | +--ro service-component-type? identityref
| | +--ro vas-policy
| | +--ro id? string
| +--ro output
| +--ro service-component
| +--ro name? string
| +--ro admin-status? enumeration
| +--ro operation-type? identityref
| +--ro isvirtual? boolean
| +--ro tenant-id? string
| +--ro provider? string
| +--ro service-component-type? identityref
| +--ro vas-policy
| | +--ro id? string
| +--ro management
Gu, et al. Expires June 13, 2016 [Page 6]
Internet-Draft VAS Service Model December 2015
| +--ro management-url? string
| +--ro vas-instance-id? uint32
+---x vas-policy-management
+--ro input
| +--ro service-component
| +--ro name? string
| +--ro isvirtual? boolean
| +--ro tenant-id? string
| +--ro provider? string
| +--ro service-component-type? identityref
| +--ro vas-policy
| +--ro id? string
+--ro output
+--ro service-component
+--ro name? string
+--ro isvirtual? boolean
+--ro tenant-id? string
+--ro provider? string
+--ro service-component-type? identityref
+--ro vas-policy
| +--ro vas-classification-policy
| | +--ro rules* [id]
| | +--ro id string
| | +--ro match-flow
| | +--ro (type)?
| | +--:(ip)
| | | +--ro (ip-version)?
| | | +--:(ipv4)
| | | | +--ro src-ipv4-network? inet:ipv4-prefix
| | | | +--ro dst-ipv4-network? inet:ipv4-prefix
| | | +--:(ipv6)
| | | +--ro src-ipv6-network? inet:ipv6-prefix
| | | +--ro dst-ipv6-network? inet:ipv6-prefix
| | | +--ro flow-label? inet:ipv6-flow-label
| | | +--ro dscp? inet:dscp
| | | +--ro protocol? uint8
| | | +--ro source-port-range
| | | | +--ro lower-port? inet:port-number
| | | | +--ro upper-port? inet:port-number
| | | +--ro destination-port-range
| | | +--ro lower-port inet:port-number
| | | +--ro upper-port? inet:port-number
| | +--:(eth)
| | +--ro src-mac-address? yang:mac-address
| | +--ro dst-mac-address? yang:mac-address
| | +--ro src-mac-address-mask? yang:mac-address
| | +--ro dst-mac-address-mask? yang:mac-address
| +--ro std-vas-profile? string
Gu, et al. Expires June 13, 2016 [Page 7]
Internet-Draft VAS Service Model December 2015
+--ro management
+--ro management-url? string
+--ro vas-instance-id? uint32
4.1. VAS service overview
The vas-service-components top container includes generic information
about the value added service. The name of the vas-service-
components refers to an internal reference for the VAS, while the id
is also the identifier of this service component used by systems.
This identifier is purely internal to the service provider that
offers this service. The admin-status indicates the administration
of this value added service component. Besides, tenant-id is defined
to indicate the customer that requires this service and presents for
the service provider for this VAS.
4.1.1. Service component type
The type of VAS service component is to indicate the type of service
component, so as to indicate its virtual network function. Current
proposal includes: firewall and loadbalancing. New VAS component
could be added by augmentation.
4.1.2. The VAS policy
Policies of the VAS are required for configuration, which shows the
rules for customer traffic flows, so as to achieve their required
value added services. The policy id refers to the set of rules
within the configuration and management system, while the match-flow
defines the applied traffic flows. The policies can be defined by
service providers themselves by using policy models proposed in SUPA
or other policy related groups.
The std-vas-profile can also be used to show the provider standard
vas profile to be applied. This is a reference to a well known
profile in Service provider administration, e.g. PLATIUM for VIP.
4.1.3. Service availability
The service availability, along with service-component-redundancy,
shows the VAS redundancy. Within the availability container, the
model proposes three models of redundancy: single (no redundancy
required), primary-backup (one is primary while it goes down, the
traffic goes to the backup component to process) and loadsharing
(both components are used at the same time, while how to implement
the service loadsharing is out of the scope).
Gu, et al. Expires June 13, 2016 [Page 8]
Internet-Draft VAS Service Model December 2015
Also, the availability defines four access-types to indicate the role
of the service component in the service availability system, which
includes: single-access (single component for the function), primary-
access (the primary component in the primary-backup service type),
backup-access (the backup access in the primary-backup service type)
and loadsharing-access (any access in loadsharing service type).
4.1.4. Management
The management container contains the management information of this
service component. There can use a management url to indicate where
to fetch the management script. Also a vas-instance-id is referred
to a virtual network function instance that runs.
4.1.5. rpcs
The applications can also use defined rpc commands to a NETCONF
server (in this case to the VNF manager) to configure and manage the
vas components and vas policies for customers and obtains a response.
As well, rpc here abstracts vas parameters in a technology
independent manner. The YANG module defines two rpc commands for vas
component management and vas policy management.
5. Service model usage example
As explained in section 4, this service model is intended to be
instantiated at a management layer and dispatched onto a VNF Manager
to further manage resources on network elements for value added
service components for customers. The management system serves as a
NFV orchestrator to allocate and orchestrate the required value added
services for customers.
This section provides an example on how a management system can use
this generic model to configure the required value added services for
a customer. The customer (which can also be considered as a tenant)
requires firewall service and load balancing for his private cloud
network provided by a service provider.
Gu, et al. Expires June 13, 2016 [Page 9]
Internet-Draft VAS Service Model December 2015
<vas-service-components>
<service-component>
<name>tenant_1_fw_01</name>
<isvirtual>true</isvirtual>
<provider> hillstone</provider>
<service-component-type>firewall</service-component-type>
<vas-policy>
<rules>
<id> c69933c1-b472-44f9-8226-30dc4ffd454c</id>
</rules>
</vas-policy>
</service-component>
<vas-service-components>
<service-component>
<name>tenant_1_Pool_1</name>
<id>8032909d-47a1-4715-90af-5153ffe39861</id>
<isvirtual>true</isvirtual>
<provider> hillstone</provider>
<service-component-type>load_balance</service-component-type>
<vas-policy>
<rules>
<id> c69933c1-b472-44f9-8226-30dc4ffd454c</id>
</rules>
</vas-policy>
</service-component>
The following XML describes the configuration of firewall service and
load balancing service for a customer.
6. VAS YANG Module
<CODE BEGINS> file "ietf-vas-svc.yang"
module ietf-vas-svc {
namespace "urn:ietf:params:xml:ns:yang:ietf-vas-svc";
prefix vas-svc;
import ietf-inet-types {
prefix inet;
}
import ietf-yang-types {
prefix yang;
}
organization
Gu, et al. Expires June 13, 2016 [Page 10]
Internet-Draft VAS Service Model December 2015
"IETF L3SM Working Group";
contact
"TBD";
description
"The YANG module defines a generic value added service configuration
model.";
revision 2015-10-12 {
description
"TBD";
reference
"draft-gu-l3sm-vas-service-model-00";}
identity vas-service-types{
description
"Base identity for vas service component type.";
}
identity firewall{
base vas-service-types;
description
"identity for firewall service component type.";
}
identity loadbalance{
base vas-service-types;
description
"identity for firewall service component type.";
}
identity vas-operation-type{
description
"Base identity for vas operation type.";
}
identity create{
base vas-operation-type;
description
"Identity for create service.";
}
identity delete{
base vas-operation-type;
description
"Identity for delete service.";
}
identity update{
Gu, et al. Expires June 13, 2016 [Page 11]
Internet-Draft VAS Service Model December 2015
base vas-operation-type;
description
"Identity for update service.";
}
identity service-availability {
description
"Base identity for site availability.";
}
identity loadsharing {
base service-availability;
description
"Identity for loadsharing.";
}
identity primary {
base service-availability;
description
"Identity for primary.";
}
identity backup {
base service-availability;
description
"Identity for backup.";
}
grouping vas-availability {
container availability {
leaf service-type {
type identityref {
base service-availability;
}
description
"Type of service availability";
}
description
"Service availability parameters.";
}
description
"This grouping defines service availability
parameters";
}
container vas-service-components{
description
Gu, et al. Expires June 13, 2016 [Page 12]
Internet-Draft VAS Service Model December 2015
"this container contains several value-added-service components.";
list service-component{
key "name";
description
"this container present a value-added-service component.";
leaf name{
type string;
description
"the name of value added service.";
}
leaf id{
type uint32;
description
"the vas id";
}
leaf admin-status{
type enumeration {
enum up {
value 1;
description
"admin status up.";
}
enum down {
value 2;
description
"admin status down.";
}
enum testing {
value 3;
description
"testing.";
}
}
description
"admin status";
}
leaf enable{
type boolean;
description
"enable this vas service.";
}
leaf isvirtual{
Gu, et al. Expires June 13, 2016 [Page 13]
Internet-Draft VAS Service Model December 2015
type boolean;
description
"if it is set to true, it indicate the vas
is a virtual service";
}
leaf tenant-id{
type string;
description
"tenant id";
}
leaf provider{
type string;
description
"provider name";
}
leaf service-component-type{
type identityref{
base vas-service-types;
}
description
"indicate the service component type.";
}
container vas-policy{
description
"vas policy container.";
container vas-classification-policy{
description
"container of classification policy";
list rules{
key "id";
description
"list of rules";
leaf id{
type uint16;
description
"rule id";
}
container match-flow{
description
"match flow.";
choice type{
Gu, et al. Expires June 13, 2016 [Page 14]
Internet-Draft VAS Service Model December 2015
description
"match flow type";
case ip{
choice ip-version{
case ipv4{
leaf src-ipv4-network{
type inet:ipv4-prefix;
description
"source ip.";
}
leaf dst-ipv4-network{
type inet:ipv4-prefix;
description
"destination ip.";
}
description
"ipv4";
}
case ipv6{
leaf src-ipv6-network{
type inet:ipv6-prefix;
description
"source ip.";
}
leaf dst-ipv6-network{
type inet:ipv6-prefix;
description
"destination ip.";
}
leaf flow-label{
type inet:ipv6-flow-label;
description
"flow label.";
}
leaf dscp{
type inet:dscp;
description
"Differentiated Services Code Point";
}
leaf protocol{
type uint8;
description
"Internet Protocol number.";
}
container source-port-range {
description
Gu, et al. Expires June 13, 2016 [Page 15]
Internet-Draft VAS Service Model December 2015
"Inclusive range representing source ports to be used.
When only lower-port is present, it represents a single port.";
leaf lower-port {
type inet:port-number;
description
"Lower boundary for port.";
}
leaf upper-port {
type inet:port-number;
must ". >= ../lower-port" {
error-message
"The upper-port must be greater than or equal to lower-port";
description
"must statement.";
}
description
"Upper boundary for port . If existing, the upper port
must be greater or equal to lower-port.";
}
}
container destination-port-range {
description
"Inclusive range representing destination ports to be used. When
only lower-port is present, it represents a single port.";
leaf lower-port {
type inet:port-number;
mandatory true;
description
"Lower boundary for port.";
}
leaf upper-port {
type inet:port-number;
must ". >= ../lower-port" {
error-message
"The upper-port must be greater than or equal to lower-port";
description
"must statement.";
}
description
"Upper boundary for port . If existing, the upper port
must be greater or equal to lower-port.";
}
}
description
"ipv6 case";
}
description
Gu, et al. Expires June 13, 2016 [Page 16]
Internet-Draft VAS Service Model December 2015
"choice of ip version.";
}
}
case eth{
leaf src-mac-address{
type yang:mac-address;
description
"source mac address.";
}
leaf dst-mac-address{
type yang:mac-address;
description
"destination mac address.";
}
leaf src-mac-address-mask{
type yang:mac-address;
description
"source mac address mask.";
}
leaf dst-mac-address-mask{
type yang:mac-address;
description
"destination mac address mask.";
}
}
}
}
}
}
leaf std-vas-profile{
type string;
description
"standard vas profile.";
}
}
leaf service-component-redundancy{
type boolean;
description
"service component redundancy.";
}
uses vas-availability;
container management{
description
Gu, et al. Expires June 13, 2016 [Page 17]
Internet-Draft VAS Service Model December 2015
"vas management.";
leaf management-url{
type string;
description
"management url.";
}
leaf vas-instance-id{
type uint32;
description
"vas instance id";
}
leaf vlan-id{
type uint32;
description
"vlan id";
}
}
}
}
rpc vas-component-management{
description
"vas component management.";
input{
container service-component{
description
"service component.";
leaf name{
type string;
description
"name of service component.";
}
leaf admin-status{
type enumeration {
enum up {
value 1;
description
"admin status up.";
}
enum down {
value 2;
description
"admin status down.";
}
enum testing {
value 3;
description
Gu, et al. Expires June 13, 2016 [Page 18]
Internet-Draft VAS Service Model December 2015
"testing";
}
}
description
"admin status.";
}
leaf operation-type{
type identityref{
base vas-operation-type;
}
description
"operation type such as create, delete, update, etc.";
}
leaf isvirtual{
type boolean;
description
"if it is set to true, it indicate the vas
is a virtual service";
}
leaf tenant-id{
type string;
description
"tenant identity";
}
leaf provider{
type string;
description
"provider name";
}
leaf service-component-type{
type identityref{
base vas-service-types;
}
description
"service component type.";
}
container vas-policy{
description
"value added service policy.";
leaf id{
type string;
description
"policy id.";
}
}
}
}
Gu, et al. Expires June 13, 2016 [Page 19]
Internet-Draft VAS Service Model December 2015
output{
container service-component{
description
"service component.";
leaf name{
type string;
description
"name of service component.";
}
leaf admin-status{
type enumeration {
enum up {
value 1;
description
"admin status up.";
}
enum down {
value 2;
description
"admin status down.";
}
enum testing {
value 3;
description
"testing";
}
}
description
"admin status.";
}
leaf operation-type{
type identityref{
base vas-operation-type;
}
description
"operation type such as create, delete, update, etc.";
}
leaf isvirtual{
type boolean;
description
"if it is set to true, it indicate the vas
is a virtual service";
}
leaf tenant-id{
type string;
description
"tenant identity";
Gu, et al. Expires June 13, 2016 [Page 20]
Internet-Draft VAS Service Model December 2015
}
leaf provider{
type string;
description
"provider name";
}
leaf service-component-type{
type identityref{
base vas-service-types;
}
description
"service component type.";
}
container vas-policy{
description
"value added service policy.";
leaf id{
type string;
description
"policy id.";
}
}
container management{
description
"vas management.";
leaf management-url{
type string;
description
"management url.";
}
leaf vas-instance-id{
type uint32;
description
"vas instance id";
}
}
}
}
}
rpc vas-policy-management{
description
"vas policy management.";
input{
container service-component{
description
"service component.";
Gu, et al. Expires June 13, 2016 [Page 21]
Internet-Draft VAS Service Model December 2015
leaf name{
type string;
description
"name of service-component.";
}
leaf isvirtual{
type boolean;
description
"if it is set to true, it indicate the vas
is a virtual service";
}
leaf tenant-id{
type string;
description
"tenant id";
}
leaf provider{
type string;
description
"provider name";
}
leaf service-component-type{
type identityref{
base vas-service-types;
}
description
"indicate the service component type.";
}
container vas-policy{
description
"value added service policy.";
leaf id{
type string;
description
"policy id.";
}
}
}
}
output{
container service-component{
description
"service component.";
leaf name{
Gu, et al. Expires June 13, 2016 [Page 22]
Internet-Draft VAS Service Model December 2015
type string;
description
"name of service-component.";
}
leaf isvirtual{
type boolean;
description
"if it is set to true, it indicate the vas
is a virtual service";
}
leaf tenant-id{
type string;
description
"tenant id";
}
leaf provider{
type string;
description
"provider name";
}
leaf service-component-type{
type identityref{
base vas-service-types;
}
description
"indicate the service component type.";
}
container vas-policy{
description
"vas policy.";
container vas-classification-policy{
description
"vas classification policy";
list rules{
key "id";
description
"list of rules.";
leaf id{
type string;
description
"rule id";
}
container match-flow{
description
Gu, et al. Expires June 13, 2016 [Page 23]
Internet-Draft VAS Service Model December 2015
"match flow.";
choice type{
description
"match flow type";
case ip{
choice ip-version{
case ipv4{
leaf src-ipv4-network{
type inet:ipv4-prefix;
description
"source ip.";
}
leaf dst-ipv4-network{
type inet:ipv4-prefix;
description
"destination ip.";
}
description
"case of ipv4";
}
case ipv6{
leaf src-ipv6-network{
type inet:ipv6-prefix;
description
"source ip.";
}
leaf dst-ipv6-network{
type inet:ipv6-prefix;
description
"destination ip.";
}
leaf flow-label{
type inet:ipv6-flow-label;
description
"flow label.";
}
leaf dscp{
type inet:dscp;
description
"Differentiated Services Code Point";
}
leaf protocol{
type uint8;
description
"Internet Protocol number.";
Gu, et al. Expires June 13, 2016 [Page 24]
Internet-Draft VAS Service Model December 2015
}
container source-port-range {
description
"Inclusive range representing source ports to be used.
When only lower-port is present, it represents a single port.";
leaf lower-port {
type inet:port-number;
description
"Lower boundary for port.";
}
leaf upper-port {
type inet:port-number;
must ". >= ../lower-port" {
error-message
"The upper-port must be greater than or equal to lower-port";
description
"must statement.";
}
description
"Upper boundary for port . If existing, the upper port
must be greater or equal to lower-port.";
}
}
container destination-port-range {
description
"Inclusive range representing destination ports to be used. When
only lower-port is present, it represents a single port.";
leaf lower-port {
type inet:port-number;
mandatory true;
description
"Lower boundary for port.";
}
leaf upper-port {
type inet:port-number;
must ". >= ../lower-port" {
error-message
"The upper-port must be greater than or equal to lower-port";
description
"must statement.";
}
description
"Upper boundary for port . If existing, the upper port
must be greater or equal to lower-port.";
}
}
description
Gu, et al. Expires June 13, 2016 [Page 25]
Internet-Draft VAS Service Model December 2015
"case of ipv6";
}
description
"choice of ip version.";
}
description
"case of ip.";
}
case eth{
leaf src-mac-address{
type yang:mac-address;
description
"source mac address.";
}
leaf dst-mac-address{
type yang:mac-address;
description
"destination mac address.";
}
leaf src-mac-address-mask{
type yang:mac-address;
description
"source mac address mask.";
}
leaf dst-mac-address-mask{
type yang:mac-address;
description
"destination mac address mask.";
}
description
"case of ethernet";
}
}
}
}
}
leaf std-vas-profile{
type string;
description
"standard vas profile.";
}
}
container management{
description
Gu, et al. Expires June 13, 2016 [Page 26]
Internet-Draft VAS Service Model December 2015
"vas management.";
leaf management-url{
type string;
description
"management url.";
}
leaf vas-instance-id{
type uint32;
description
"vas instance id";
}
}
}
}
}
}
<CODE ENDS>
7. Security Considerations
TBC.
8. IANA Considerations
TBC.
9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", March 1997.
Authors' Addresses
Rong Gu
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: gurong@chinamobile.com
Gu, et al. Expires June 13, 2016 [Page 27]
Internet-Draft VAS Service Model December 2015
Chen Li
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: lichenyj@chinamobile.com
Yan Zhuang
Huawei
101 Software Avenue, Yuhua District
Nanjing, Jiangsu 210012
China
Email: zhuangyan.zhuang@huawei.com
Zitao Wang
Huawei
101 Software Avenue, Yuhua District
Nanjing, Jiangsu 210012
China
Email: wangzitao@huawei.com
Gu, et al. Expires June 13, 2016 [Page 28]