Skip to main content

Last Call Review of draft-ietf-opsawg-teas-attachment-circuit-14
review-ietf-opsawg-teas-attachment-circuit-14-yangdoctors-lc-aries-2024-08-05-00

Request Review of draft-ietf-opsawg-teas-attachment-circuit-14
Requested revision 14 (document currently at 17)
Type Last Call Review
Team YANG Doctors (yangdoctors)
Deadline 2024-08-25
Requested 2024-08-04
Requested by Mahesh Jethanandani
Authors Mohamed Boucadair , Richard Roberts , Oscar Gonzalez de Dios , Samier Barguil , Bo Wu
I-D last updated 2024-08-05
Completed reviews Rtgdir Last Call review of -11 by Donald E. Eastlake 3rd (diff)
Rtgdir Early review of -07 by Donald E. Eastlake 3rd (diff)
Yangdoctors Early review of -03 by Ebben Aries (diff)
Secdir Last Call review of -15 by Tero Kivinen (diff)
Yangdoctors Last Call review of -14 by Ebben Aries (diff)
Comments
The YANG doctors reviewed -03 version of this document as part of an early review. Since the document has had several revisions after that, it would be worthwhile re-reviewing it for correctness both in itself and the examples provided.

SECDIR should review this document because the document is trying to specify how and where the security should be enabled for services requested by the customer. It is trying to specify that data plane traffic between two Service Access Points (SAP) should be enabled by specifying the security profile specified by the customer. See Section 5.2.5.5.
Assignment Reviewer Ebben Aries
State Completed
Request Last Call review on draft-ietf-opsawg-teas-attachment-circuit by YANG Doctors Assigned
Posted at https://mailarchive.ietf.org/arch/msg/yang-doctors/gDBZJp5dDErkubUy3MSmphZvTnM
Reviewed revision 14 (document currently at 17)
Result On the right track
Completed 2024-08-05
review-ietf-opsawg-teas-attachment-circuit-14-yangdoctors-lc-aries-2024-08-05-00
2 modules in this draft:
- ietf-ac-svc@2023-11-13.yang
- ietf-bearer-svc@2023-11-13.yang

YANG compiler errors or warnings (pyang 2.6.0, yanglint 3.1.0)
- No compiler errors or warnings for tree outputs/instance-data validation

Summary:

This is a last-call review to a previous early review of these related modules
from 2024-01-10.  For the most part the modules are in good shape but there
have been some changes needing clarification (below) between the -03 and -14
versions of the draft.

These modules were reviewed and validated (stub instance-data) in conjunction
with draft-ietf-opsawg-teas-common-ac-12

General comments on the modules:
- ietf-bearer-svc: There is a top-level container added named `locations`.
  Should this not be a keyed list rather?  In addition, no need to repeat the
  prefix `location-` in `location-name` as we already know this is a list of
  locations.  `name` is sufficient here.
- ietf-bearer-svc: Is the `type` for the leaf-list `bearer-lag-member` correct
  in referencing another bearer is all? (Same as bearer-parent-ref)
- Nit: Feel free to update the revision dates with each publish
- Nit: ietf-ac-svc: Why not remain consistent and name
  `s/child-ac-ref/ac-child-ref/` to align with the other `ac-hierarchy`
  leaf-list of `ac-parent-ref`?
- Nit: ietf-ac-svc: container `bgp-max-prefix` is already nested under BGP.
  No reason to prefix as such so if you want to encapsulate in a container for
  future growth, I would suggest something like `./prefix-limit/max-prefixes`.
  In addition, is this fine to be this generic and not per AFI/SAFI?
- Nit: ietf-bearer-svc: For the addition of the 2 new identities
  (syncPHY-type, syncE), is there any reason to diverge casing?
- Nit: ietf-bearer-svc L#154 `s/Reusabel/reusable/`

Example Validated Instance Data:

Features enabled:
*
ietf-vpn-common:ipv4,ipv6,rtg-bgp,rtg-vrrp,rtg-rip,rtg-isis,rtg-ospf,bfd,encryption,inbound-bw,outbound-bw,qos,placement-diversity
* ietf-ac-common:layer2-ac,layer3-ac,server-assigned-reference

<key-chains xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain">
  <key-chain>
    <name>KC1</name>
    <description>KC1 Description</description>
    <key>
      <key-id>131001</key-id>
      <lifetime>
        <send-accept-lifetime>
          <always/>
        </send-accept-lifetime>
      </lifetime>
      <crypto-algorithm>hmac-sha-512</crypto-algorithm>
    </key>
  </key-chain>
</key-chains>
<attachment-circuits xmlns="urn:ietf:params:xml:ns:yang:ietf-ac-svc">
  <ac-group-profile>
    <name>AGP1</name>
    <service-profile>SPP1</service-profile>
    <service-profile>SPP2</service-profile>
    <l2-connection>
      <encapsulation>
        <type
        xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:ethernet-type</type>
      </encapsulation>
    </l2-connection>
  </ac-group-profile>
  <ac-group-profile>
    <name>AGP2</name>
    <service-profile>SPP1</service-profile>
    <ip-connection>
      <ipv4>
        <local-address>1.1.1.1</local-address>
        <virtual-address>2.2.2.2</virtual-address>
        <prefix-length>31</prefix-length>
        <address-allocation-type
        xmlns:ac-common="urn:ietf:params:xml:ns:yang:ietf-ac-common">ac-common:static-address</address-allocation-type>
        <address>
          <address-id>ID1</address-id>
          <customer-address>10.1.1.1</customer-address>
        </address>
      </ipv4>
      <ipv6>
        <local-address>2001:db8:1000::1</local-address>
        <virtual-address>2001:db8:ffff::ffff</virtual-address>
        <prefix-length>127</prefix-length>
        <address-allocation-type
        xmlns:ac-common="urn:ietf:params:xml:ns:yang:ietf-ac-common">ac-common:static-address</address-allocation-type>
        <address>
          <address-id>ID1</address-id>
          <customer-address>2001:db8:dead::beef</customer-address>
        </address>
      </ipv6>
    </ip-connection>
    <routing-protocols>
      <routing-protocol>
        <id>RP1</id>
        <type
        xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:bgp-routing</type>
        <routing-profiles>
          <id>EPI5</id>
          <type
          xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:import-export</type>
        </routing-profiles>
        <bgp>
          <peer-groups>
            <peer-group>
              <name>PG1</name>
              <local-as>65000</local-as>
              <peer-as>65001</peer-as>
              <address-family
              xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:ipv4</address-family>
              <local-address>10.1.1.1</local-address> <authentication>
                <enabled>true</enabled>
                <keying-material>
                  <enable-ao>true</enable-ao>
                  <ao-keychain>KC1</ao-keychain>
                </keying-material>
              </authentication>
            </peer-group>
          </peer-groups>
          <neighbor>
            <id>N1</id>
            <server-reference>SR1</server-reference>
            <remote-address>10.2.2.2</remote-address>
            <local-address>10.1.1.1</local-address>
            <peer-group>PG1</peer-group>
            <status>
              <admin-status>
                <status
                xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:admin-up</status>
                <last-change>2023-12-30T15:02:11.353Z</last-change>
              </admin-status>
              <oper-status>
                <status
                xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:op-up</status>
                <last-change>2023-12-30T15:02:11.353Z</last-change>
              </oper-status>
            </status>
          </neighbor>
        </bgp>
      </routing-protocol>
      <routing-protocol>
        <id>RP2</id>
        <type
        xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:vrrp-routing</type>
        <vrrp>
          <address-family
          xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:ipv4</address-family>
        </vrrp>
      </routing-protocol>
      <routing-protocol>
        <id>RP3</id>
        <type
        xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:rip-routing</type>
        <rip>
          <address-family
          xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:ipv4</address-family>
        </rip>
      </routing-protocol>
      <routing-protocol>
        <id>RP4</id>
        <type
        xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:isis-routing</type>
        <isis>
          <address-family
          xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:ipv4</address-family>
          <area-address>49.0000.0001.0000</area-address>
        </isis>
      </routing-protocol>
      <routing-protocol>
        <id>RP5</id>
        <type
        xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:ospf-routing</type>
        <ospf>
          <address-family
          xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:ipv4</address-family>
          <area-id>0.0.0.0</area-id> <metric>100</metric>
        </ospf>
      </routing-protocol>
      <routing-protocol>
        <id>RP6</id>
        <type
        xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:static-routing</type>
        <static>
          <cascaded-lan-prefixes>
            <ipv6-lan-prefix>
              <lan>2001:db8:1234:ffff::/64</lan>
              <lan-tag>LT1</lan-tag>
              <next-hop
              xmlns:ac-common="urn:ietf:params:xml:ns:yang:ietf-ac-common">ac-common:local-link</next-hop>
            </ipv6-lan-prefix>
          </cascaded-lan-prefixes>
        </static>
      </routing-protocol>
    </routing-protocols>
    <oam>
      <bfd>
        <session>
          <id>SID1</id>
          <local-address>10.1.1.1</local-address>
          <remote-address>10.2.1.1</remote-address>
          <profile>EPI3</profile>
          <holdtime>180</holdtime>
          <status>
            <admin-status>
              <status
              xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:admin-up</status>
              <last-change>2023-12-30T15:02:11.353Z</last-change>
            </admin-status>
            <oper-status>
              <status
              xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:op-up</status>
              <last-change>2023-12-30T15:02:11.353Z</last-change>
            </oper-status>
          </status>
        </session>
      </bfd>
    </oam>
    <security>
      <encryption>
        <enabled>true</enabled>
        <layer>layer3</layer>
      </encryption>
      <encryption-profile>
        <customer-key-chain>KC1</customer-key-chain>
      </encryption-profile>
    </security>
    <service>
      <mtu>9000</mtu>
      <svc-pe-to-ce-bandwidth>
        <bandwidth>
          <bw-type
          xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:bw-per-service</bw-type>
          <cir>10000</cir> <cbs>10000</cbs> <eir>10000</eir> <ebs>10000</ebs>
          <pir>10000</pir> <pbs>10000</pbs>
        </bandwidth>
      </svc-pe-to-ce-bandwidth>
    </service>
  </ac-group-profile>
  <placement-constraints>
    <constraint>
      <constraint-type
      xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:pop-diverse</constraint-type>
      <target>
        <group>
          <group-id>GID1</group-id>
        </group>
      </target>
    </constraint>
  </placement-constraints>
  <ac>
    <name>AC1</name>
    <customer-name>CUSTOMER1</customer-name>
    <description>Attachment Circuit #1</description>
    <requested-start>2023-12-30T14:52:51.353Z</requested-start>
    <requested-stop>2025-12-30T00:00:00.000Z</requested-stop>
    <actual-start>2023-12-30T15:02:10.003Z</actual-start>
    <role
    xmlns:ac-common="urn:ietf:params:xml:ns:yang:ietf-ac-common">ac-common:nni</role>
    <peer-sap-id>PSID1</peer-sap-id>
    <ac-group-profile-ref>AGP2</ac-group-profile-ref>
    <ac-parent-ref>AC2</ac-parent-ref> <child-ac-ref>AC3</child-ac-ref> <group>
      <group-id>GID1</group-id>
      <precedence
      xmlns:ac-common="urn:ietf:params:xml:ns:yang:ietf-ac-common">ac-common:primary</precedence>
    </group>
    <service-ref>
      <service-type
      xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:l3vpn</service-type>
      <service-id>SID1</service-id>
    </service-ref>
    <server-reference>SAR1</server-reference>
    <service-profile>SPP1</service-profile>
    <ip-connection>
      <ipv6>
        <local-address>2001:db8::1</local-address>
        <virtual-address>2001:db8::2</virtual-address>
        <prefix-length>128</prefix-length>
        <address-allocation-type
        xmlns:ac-common="urn:ietf:params:xml:ns:yang:ietf-ac-common">ac-common:static-address</address-allocation-type>
      </ipv6>
    </ip-connection>
    <service>
      <qos>
        <qos-profiles>
          <qos-profile>
            <profile>EPI2</profile>
            <direction
            xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:both</direction>
          </qos-profile>
        </qos-profiles>
      </qos>
      <access-control-list>
        <acl-profiles>
          <acl-profile>
            <profile>EPI4</profile>
          </acl-profile>
        </acl-profiles>
      </access-control-list>
    </service>
  </ac>
  <ac>
    <name>AC2</name>
  </ac>
  <ac>
    <name>AC3</name>
  </ac>
</attachment-circuits>
<specific-provisioning-profiles xmlns="urn:ietf:params:xml:ns:yang:ietf-ac-svc">
  <valid-provider-identifiers>
    <encryption-profile-identifier>
      <id>EPI1</id>
    </encryption-profile-identifier>
    <qos-profile-identifier>
      <id>EPI2</id>
    </qos-profile-identifier>
    <failure-detection-profile-identifier>
      <id>EPI3</id>
    </failure-detection-profile-identifier>
    <forwarding-profile-identifier>
      <id>EPI4</id>
    </forwarding-profile-identifier>
    <routing-profile-identifier>
      <id>EPI5</id>
    </routing-profile-identifier>
  </valid-provider-identifiers>
</specific-provisioning-profiles>
<service-provisioning-profiles xmlns="urn:ietf:params:xml:ns:yang:ietf-ac-svc">
  <service-profile-identifier>
    <id>SPP1</id>
  </service-profile-identifier>
  <service-profile-identifier>
    <id>SPP2</id>
  </service-profile-identifier>
</service-provisioning-profiles>
<locations xmlns="urn:ietf:params:xml:ns:yang:ietf-bearer-svc">
  <customer-name>CN1</customer-name>
  <role
  xmlns:ac-common="urn:ietf:params:xml:ns:yang:ietf-ac-common">ac-common:nni</role>
  <local-as>65000</local-as> <peer-as>1000</peer-as> <location>
    <location-name>LOC1</location-name>
  </location>
</locations>
<bearers xmlns="urn:ietf:params:xml:ns:yang:ietf-bearer-svc">
  <placement-constraints>
    <constraint>
      <constraint-type>network-termination-hint</constraint-type>
      <target>
        <group>
          <group-id>G1</group-id>
        </group>
      </target>
    </constraint>
    <constraint>
      <constraint-type
      xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:pop-diverse</constraint-type>
      <target>
        <all-other-bearers/>
      </target>
    </constraint>
    <constraint>
      <constraint-type
      xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:pe-diverse</constraint-type>
      <target>
        <all-other-groups/>
      </target>
    </constraint>
  </placement-constraints>
  <bearer>
    <name>B1</name>
    <description>Description for B1</description>
    <groups>
      <group>
        <group-id>G1</group-id>
      </group>
    </groups>
    <op-comment>Op comment</op-comment>
    <bearer-parent-ref>B2</bearer-parent-ref>
    <bearer-lag-member>B2</bearer-lag-member>
    <sync-phy-capable>true</sync-phy-capable>
    <sync-phy-enabled>true</sync-phy-enabled>
    <sync-phy-type>syncE</sync-phy-type>
    <provider-location-reference>LR1</provider-location-reference>
    <customer-point>
      <identified-by>site-and-device-id</identified-by>
      <device>
        <device-id>devid1</device-id>
        <location>
          <location-name>SJC01</location-name>
          <address>555 Anystreet</address>
          <postal-code>95123</postal-code>
          <state>CA</state>
          <city>San Jose</city>
          <country-code>US</country-code>
        </location>
      </device>
    </customer-point>
    <type>ethernet</type>
    <ac-svc-ref>AC1</ac-svc-ref>
    <requested-start>2023-12-30T14:52:51.353Z</requested-start>
    <requested-stop>2025-12-30T00:00:00.000Z</requested-stop>
    <actual-start>2023-12-30T15:02:10.003Z</actual-start>
    <status>
      <admin-status>
        <status
        xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:admin-up</status>
        <last-change>2023-12-30T15:02:11.353Z</last-change>
      </admin-status>
      <oper-status>
        <status
        xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn-common">vpn-common:op-up</status>
        <last-change>2023-12-30T15:02:11.353Z</last-change>
      </oper-status>
    </status>
  </bearer>
  <bearer>
    <name>B2</name>
  </bearer>
</bearers>