I2RS working group S. Hares
Internet-Draft Huawei
Intended status: Standards Track S. Kini
Expires: July 7, 2016 Ericsson
L. Dunbar
Huawei
A. Ghanwani
R. Krishnan
Dell
D. Bogdanovic
Juniper Networks
J. Tantsura
R. White
Ericsson
January 4, 2016
Filter-Based RIB Data Model
draft-hares-i2rs-fb-rib-data-model-01
Abstract
This document defines a data model for the I2RS Filter-based Routing
Information Base (RIB) Yang data model. A routing system uses the
Filter-based RIBto program FIB entries that process incoming packets
by matching on multiple fields within the packet and then performing
a specified action on it. The FB-RIB can also specify an action to
forward the packet according to the FIB entries programmed using the
RIBs of its routing instance.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 7, 2016.
Hares, et al. Expires July 7, 2016 [Page 1]
Internet-Draft Filter-Base RIB DM January 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Definition of I2RS Filter Based RIB . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 4
4. The Top-level Yang structure for the FB-RIB . . . . . . . . . 4
5. yang models . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Filter-Based RIB types . . . . . . . . . . . . . . . . . 6
5.2. FB-RIB . . . . . . . . . . . . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
7. Security Considerations . . . . . . . . . . . . . . . . . . . 13
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
8.1. Normative References: . . . . . . . . . . . . . . . . . . 13
8.2. Informative References . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction
The Interface to the Routing System (I2RS)
[I-D.ietf-i2rs-architecture] architecture provides dynamic read and
write access to the information and state within the routing
elements. The I2RS client interacts with the I2RS agent in one or
more network routing systems.
This document provides a yang module for the I2RS filter Based
Routing Information Base (FB-RIB) and describes the I2RS interaction
with routing filters within a routing element. The informational
model for the FB-RIB is in [I-D.kini-i2rs-fb-rib-info-model]
Hares, et al. Expires July 7, 2016 [Page 2]
Internet-Draft Filter-Base RIB DM January 2016
1.1. Definition of I2RS Filter Based RIB
Filter-based routing is a technique used to make packet forwarding
decisions based on a filter that is matched to the incoming packets
and the specified action. It should be noted that that this is
distinct from the static routes in the RIB
[I-D.ietf-i2rs-rib-info-model] where the routing is destination
ddress based.
A Filter-Based RIB (Routing Information Base) is contained in a
routing instance (defined in [I-D.ietf-i2rs-rib-info-model]). It
contains a list of filters (match-action conditions), a list of
interface the filter-based forwarding operates on. Filter-based RIBs
(FB-RIBs) operate only on the interface the FB-RIB are configured on.
A Filter Based RIB uses Event-Condition-Action policy. A Filter-
based RIB entry specifies matches on fields in a packet (which may
include layer 2 fields, IP header fields, transport or application
fields) or size of the packet or interface received on. The matches
are contained in an ordered list of filters which contain pairs of
match condition-action (aka event-condition-action).
If all matches fail, default action is to forward the packet using
FIB entries that were programmed by the Routing Informational Base
(RIB) manager described in [I-D.ietf-i2rs-rib-info-model].
Actions in the condition-action pair may impact forwarding or set
something in the packet that will impact forwarding. Policy actions
are typically applied before applying QoS constraints since policy
actions may override QoS constraint.
The Filter-Based RIB resides in ephemeral state as does the I2RS RIB
and I2RS topology models.
2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
In this document, these words will appear with that interpretation
only when in ALL CAPS. Lower case uses of these words are not to be
interpreted as carrying RFC-2119 significance.
Hares, et al. Expires July 7, 2016 [Page 3]
Internet-Draft Filter-Base RIB DM January 2016
3. Definitions and Acronyms
CLI
Command Line Interface
FB-RIB
Filter-Based Routing Information Base
FB-Route
The policy rules in the filter-based RIB are prescriptive of the
Event-Condition-Action form which is often represented by if
Condition then action".
Policy Group
Policy Groups are groups of policy rules. The groups of policy in
the basic network policy [I-D.hares-i2rs-bnp-info-model] allow
grouping of policy by name. This name allow easier management of
customer-based or provider based filters.
RIB IM
RIB Informational Model (RIB IM) [I-D.ietf-i2rs-rib-info-model]
Routing instance
A routing instance, in the context of the FB-FIB is a collection
of RIBs, interfaces, and routing parameters. A routing instance
creates a logical slice of the router and allows different logical
slices; across a set of routers; to communicate with each other.
4. The Top-level Yang structure for the FB-RIB
The Top-level Yang structure for the FB-RIB types is:
Hares, et al. Expires July 7, 2016 [Page 4]
Internet-Draft Filter-Base RIB DM January 2016
module: FB-RIB
fb-rib-types module
+--rw fib-ribs
+--rw fb-rib* [rib-name]
| +--rw rib-name string
| +--rw rib-afi inet:afi
| +--rw fb-rib-intf* if:interface-ref
| +--rw default-i2rs-rib rt:rt-2rs-rib:name
| +--rw fb-rib-status-info
| | +--rw fb-rib-update-ref uint64
| +--rw instance-using*
| | device:networking-instance:networking-instance-name
| +--rw fb-rib-Group* [name]
| | +--rw name string
| | +--rw order-number uint64
| | +--rw filter-type identityref // acl, eca
| | +--rw acl-policy
| | | +--rw group*
| | | acl:access_lists:access-list-entries
| | +--rw eca-policy* bnp-eca:rule-group:name
| | +--rw fb-rib-group-order_status
+--rw default-group-order uint16
+--rw group-refcnt uint16
+--rw group-installed uint16
Figure 4: FB RIB Type Structure
The Top-level Yang structure for a global FB-RIB types (similar to
acl) is:
ietf-fb-rib module
+--rw ietf-fb-rib
+--rw default-instance-name string
+--rw default-router-id rt:router-id
uses fb-ribs
Figure 5: Global FB RIB Yang Structure
The Top-level Yang structure for an instance fb-rib is:
Hares, et al. Expires July 7, 2016 [Page 5]
Internet-Draft Filter-Base RIB DM January 2016
instance-fb-rib-model:
imports fb-rib-types (fb-rib-t)
augments rt:logical-network-elements:\
logical-network-element:network-instances: \
network-instance
uses fb-ribs-t:fb-ribs
Figure 6: Instance FB RIB Yang Structure
5. yang models
5.1. Filter-Based RIB types
//<CODE BEGINS> file "ietf-fb-rib-types@2016-01-03.yang"
module ietf-fb-rib-types {
yang-version "1";
// namespace
namespace "urn:ietf:params:xml:ns:yang:ietf-fb-rib-types";
prefix "fb-rib-t";
import ietf-interfaces {prefix "if";}
import ietf-access-control-list {prefix "acl";}
import ietf-routing {prefix "rt";}
// meta
organization
"IETF";
contact
"email: sriganesh.kini@ericsson.com
email: cengiz@packetdesign.com
email: anoop@ieee.duke.edu
email: ivandean@gmal.org
email: shares@ndzh.com;
email: linda.dunbar@huawei.com;
email: russ@riw.com;
email: Jeff.Tantsura@ericsson.com;
";
description
"This module describes a YANG model for the I2RS
Filter-based RIB Types. These types
specify types for the Filter-Based RIB.
Copyright (c) 2015 IETF Trust and the persons identified as
the document authors. All rights reserved.
Hares, et al. Expires July 7, 2016 [Page 6]
Internet-Draft Filter-Base RIB DM January 2016
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).";
revision "2016-01-03" {
description
"Filter-Based RIB protocol ";
reference "draft-hares-i2rs-fb-rib-data-model-01";
}
typedef fb-rib-policy-type-def {
type identityref {
base "fb-rib-policy-type";
}
description
"This type is used to refer to FB-RIB type";
}
identity fb-rib-policy-type {
description
"Types of filter-based policies
acl and eca";
}
identity fb-rib-acl {
base fb-rib-policy-type;
description
"filter based policy based on access-lists";
}
identity fb-bnp-eca-rules {
base fb-rib-policy-type;
description
"filter based policy based on qos forwarding rules";
}
typedef fb-rules-status {
type identityref {
base "fb-rule-opstat";
}
description
"This type is used to refer to FB-RIB type";
}
Hares, et al. Expires July 7, 2016 [Page 7]
Internet-Draft Filter-Base RIB DM January 2016
identity fb-rule-opstat {
description
"operational statues for filter rules
inactive and active";
}
identity fb-rule-inactive {
base fb-rule-opstat;
description
"policy rule is inactive";
}
identity fb-rule-active {
base fb-rule-opstat;
description
"policy rule is active";
}
grouping fb-rib-rule-order-status {
leaf statement-order {
type uint16;
description "order identifier";
}
leaf statement-oper_status {
type fb-rules-status;
description "status of rule";
}
description "filter-rib
policy rule order and status";
}
grouping fb-rib-group-order-status {
leaf group-order{
type uint16;
description "group order";
}
leaf group-refcnt {
type uint16;
description "refcnt for this group";
}
leaf group-installed {
type uint16;
description "number of rules installed";
}
description "fb-rib group list order
and status info.";
}
Hares, et al. Expires July 7, 2016 [Page 8]
Internet-Draft Filter-Base RIB DM January 2016
grouping fb-rib-status-info {
leaf fb-rib-update-ref {
type uint64;
description
"number of updates to this FB RIB
since last reboot";
}
description "FB-RIB update info";
}
grouping default-fb-rib {
leaf default-rib {
type string;
description "default ribs for
normal and ephemeral filter-based rib
should use rt:routing:routing-instance:name";
}
leaf i2rs-instance {
type string;
description "default I2RS RIB
should use
i2rs-rib:routing-instance:name";
}
leaf rib-name {
type string;
description "name of RIB";
}
leaf fb-rib-update-ref {
type uint64;
description " number of
updates to this FB RIB
since last reboot";
}
description "I2RS RIB which will be used
even if none of the policy match";
}
grouping fb-ribs {
list fib-rib {
key fb-rib-name;
leaf fb-rib-name {
type string;
mandatory true;
description "RIB name";
}
Hares, et al. Expires July 7, 2016 [Page 9]
Internet-Draft Filter-Base RIB DM January 2016
uses rt:address-family;
list fb-rib-intf {
key "name";
leaf name {
type if:interface-ref;
description
"A reference to the name of a
configured network layer
interface.";
}
description "This represents
the list of interfaces
associated with this routing instance.
The interface list helps constrain the
boundaries of packet forwarding.
Packets coming on these interfaces are
directly associated with the given routing
instance. The interface list contains a
list of identifiers, with each identifier
uniquely identifying an interface.";
}
uses default-fb-rib;
list instance-using {
key instance-name;
leaf instance-name {
type string;
description
" name of instance using this fb-rib
rt:routing-instance";
}
description "instances using
this fb-rib";
}
list fb-rib-group {
key group-name;
leaf group-name {
type string;
description "policy-group name";
}
leaf fb-group-policy-type {
type fb-rib-policy-type-def;
description "Policy type (acl/eca)";
}
list acl-group {
key name;
leaf name {
type string;
description "name of access
Hares, et al. Expires July 7, 2016 [Page 10]
Internet-Draft Filter-Base RIB DM January 2016
list group";
}
list acls {
key fb-acl-name;
leaf fb-acl-name {
type acl:access-control-list-ref;
description "acl list name
associated with FB-RIB list";
}
leaf fb-acl-type {
type acl:acl-type;
description "acl type";
}
description "list of acls";
}
description "acl group entry";
}
list eca-group {
key name;
leaf eca-group-name {
type string;
description "name of eca
group (?? should it
link 5o bnp-eca group
name)";
}
description "list of eca groups";
}
uses fb-rib-group-order-status;
description "list of ordered policy
groups ";
}
description "Configuration of
an filter-based rib list";
}
description "fb-rib group";
}
}
// <CODE ENDS>
5.2. FB-RIB
//<CODE BEGINS> file "ietf-fb-rib@2016-01-03.yang"
module ietf-fb-rib {
yang-version "1";
// namespace
Hares, et al. Expires July 7, 2016 [Page 11]
Internet-Draft Filter-Base RIB DM January 2016
namespace "urn:ietf:params:xml:ns:yang:ietf-fb-rib";
// replace with iana namespace when assigned
prefix "fb-rib";
// import some basic inet types
import ietf-yang-types {prefix "yang";}
import ietf-routing { prefix "rt"; }
import fb-rib-types { prefix "fb-rib-t";}
// meta
organization
"IETF";
contact
"email: sriganesh.kini@ericsson.com
email: cengiz@packetdesign.com
email: anoop@ieee.duke.edu
email: ivandean@gmal.org
email: shares@ndzh.com;
email: linda.dunbar@huawei.com;
email: russ@riw.com;
email: Jeff.Tantsura@ericsson.com;
";
description
"This Top level module describes a
YANG model for the I2RS Filter-based RIB
which is an global protocol independent FB RIB module.";
revision "2016-01-03" {
description "initial revision";
reference "draft-hares-i2rs-fb-rib-data-model-01";
}
container ietf-fb-rib {
presence "top-level structure";
leaf default-instance-name {
type string;
mandatory true;
description
"A routing instance is identified by its name,
INSTANCE_name. This MUST be unique across all routing
instances in a given network device.";
}
leaf default-router-id {
type yang:dotted-quad;
description "Default router id";
}
Hares, et al. Expires July 7, 2016 [Page 12]
Internet-Draft Filter-Base RIB DM January 2016
uses fb-rib-t:fb-ribs;
description "i2rs FB-RIB";
}
augment "/rt:routing/rt:routing-instance" {
when "FB-RIB=='true'";
container instance-fb-fib {
uses fb-rib-t:fb-ribs;
description "instance filter-based rib";
}
description "fb-rib augments routing instance";
}
}
//<CODE ENDS>
6. IANA Considerations
TBD
7. Security Considerations
A I2RS RIB is ephemeral data store that will dyanamically change
traffic paths set by the routing configuration. An I2RS FB-RIB
provides dynamic Event-Condition-Action policy that will further
change the operation of forwarding by allow dyanmic policy and
ephemeral RIBs to alter the traffic paths set by routing
configuration. Care must be taken in deployments to use the
appropriate security and operational control to make use of the tools
the I2RS RIB and I2RS FB-RIB provide.
8. References
8.1. Normative References:
[I-D.hares-i2rs-bnp-info-model]
Hares, S., Wu, Q., Tantsura, J., and R. White, "An
Information Model for Basic Network Policy and Filter
Rules", draft-hares-i2rs-bnp-info-model-02 (work in
progress), March 2015.
[I-D.ietf-i2rs-architecture]
Atlas, A., Halpern, J., Hares, S., Ward, D., and T.
Nadeau, "An Architecture for the Interface to the Routing
System", draft-ietf-i2rs-architecture-12 (work in
progress), December 2015.
Hares, et al. Expires July 7, 2016 [Page 13]
Internet-Draft Filter-Base RIB DM January 2016
[I-D.ietf-i2rs-rib-data-model]
Wang, L., Ananthakrishnan, H., Chen, M.,
amit.dass@ericsson.com, a., Kini, S., and N. Bahadur, "A
YANG Data Model for Routing Information Base (RIB)",
draft-ietf-i2rs-rib-data-model-04 (work in progress),
November 2015.
[I-D.ietf-i2rs-rib-info-model]
Bahadur, N., Kini, S., and J. Medved, "Routing Information
Base Info Model", draft-ietf-i2rs-rib-info-model-08 (work
in progress), October 2015.
[I-D.ietf-netmod-acl-model]
Bogdanovic, D., Koushik, K., Huang, L., and D. Blair,
"Network Access Control List (ACL) YANG Data Model",
draft-ietf-netmod-acl-model-06 (work in progress),
December 2015.
[I-D.kini-i2rs-fb-rib-info-model]
Kini, S., Hares, S., Dunbar, L., Ghanwani, A., Krishnan,
R., Bogdanovic, D., Tantsura, J., and R. White, "Filter-
Based RIB Information Model", draft-kini-i2rs-fb-rib-info-
model-02 (work in progress), October 2015.
8.2. Informative References
[I-D.ietf-i2rs-usecase-reqs-summary]
Hares, S. and M. Chen, "Summary of I2RS Use Case
Requirements", draft-ietf-i2rs-usecase-reqs-summary-01
(work in progress), May 2015.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
Authors' Addresses
Susan Hares
Huawei
7453 Hickory Hill
Saline, MI 48176
USA
Email: shares@ndzh.com
Hares, et al. Expires July 7, 2016 [Page 14]
Internet-Draft Filter-Base RIB DM January 2016
Sriganesh Kini
Ericsson
Email: sriganesh.kini@ericsson.com
Linda Dunbar
Huawei
USA
Email: linda.dunbar@huawei.com
Anoop Ghanwani
Dell
Email: anoop@alumni.duke.edu
Ram Krishnan
Dell
Email: Ramkri123@gmail.com
Dean Bogdanovic
Juniper Networks
Westford, MA
Email: deanb@juniper.net
Jeff Tantsura
Ericsson
Email: jeff.tantsura@ericsson.com
Russ White
Ericsson
Email: russ@riw.us
Hares, et al. Expires July 7, 2016 [Page 15]