2 namespace "urn:huawei:params:xml:ns:yang:l3vpn";
3 // replace with IANA namespace when assigned
8 //draft-zhdankin-netmod-bgp-cfg
10 import ietf-interfaces {
12 //rfc7223-YANG Interface Management
15 import ietf-inet-types {
20 import ietf-yang-types {
26 "This YANG module defines the generic configuration data for L3VPN service.
30 BGP (bgp): Border Gateway Protocol
31 IPv4 (ipv4):Internet Protocol Version 4
32 IPv6 (ipv6): Internet Protocol Version 6
39 reference "RFC4271, RFC4364, RFC4760";
42 grouping augment-bgp-af-vpn-config {
44 "A set of configuration parameters that is applicable to both BGP-VPNv4
45 and BGP-VPNv6 address family.";
47 leaf apply-label-per-nexthop {
49 "The apply-label per-nexthop command enables the ASBR to allocate
50 labels for IPv4 VPN routes or IPv6 VPN routes based on the next hop.";
61 "Specify peer as UPE.";
71 grouping bgp-af-vpn-instance-config {
75 "The router-id command configures router ID for BGP VPN instance IPv4
76 or IPv6 address family.
77 By default, no router ID is configured for BGP VPN instance IPv4 or
78 IPv6 address family, and the BGP router ID is used as the router ID.";
88 "Specifies the router ID of a BGP VPN instance IPv4 address
89 family. The router ID is expressed in the IPv4 address format.
97 leaf enable-auto-select {
99 "Configures automatic route ID selection for the current BGP VPN
100 instance address family.";
112 "The auto-frr command enables BGP Auto FRR.";
122 max-elements "unbounded";
125 "BGP Peer configure class";
129 "The nerighbor address";
131 type inet:ip-address;
136 description "peerGroupName";
143 description "Specifies the AS number of the peer.";
153 "specifies the description. The description is a string of letters
154 or figures. The value ranges from 1 to 80 characters without
165 "The peer soo command configures the Site of Origin (SoO)
166 attribute for an EBGP peer in a BGP VPN instance. Format is ASN:nn
175 leaf substituteAsEnable {
177 "Using the peer substitute-as command, you can substitute the AS
178 number of the specified peer in the as-path with the local AS
191 grouping vpn-af-config {
193 "A set of configuration parameters that is applicable to both IPv4 and
194 IPv6 address family for a VPN instance .";
196 leaf route-distinguisher {
198 "The route-distinguisher command configures a route distinguisher (RD)
199 for the IPv4 or IPv6 address family of a VPN instance.
201 Format is ASN:nn or IP-address:nn.";
209 container vpnTargets {
211 "The vpn-target command configures the export or import VPN target
212 extended community attribute for the VPN instance IPv4/IPv6 address
214 Format is ASN:nn or IP-address:nn.";
218 max-elements "unbounded";
221 "L3vpn vpntarget configure class";
226 "Vpn-target: adds VPN target extended community attribute to the
227 export or import VPN target extended community list. The
228 vpn-target can be expressed in either of the following formats:
229 (1)16-bit AS number:32-bit user-defined number
230 For example, 1:3. The AS number ranges from 0 to 65535. The
231 user-defined number ranges from 0 to 4294967295. The AS number
232 and the user-defined number cannot be 0s at the same time.
233 That is, a VPN target cannot be 0:0.
234 (2)32-bit IP address:16-bit user-defined number
235 For example, 192.168.122.15:1. The IP address ranges from
236 0.0.0.0 to 255.255.255.255. The user-defined number ranges from
238 (3)32-bit IP address:16-bit user-defined number
239 For example, 192.168.122.15:1. An IP address ranges from
240 0.0.0.0 to 255.255.255.255. A user-defined number ranges from 0
252 "Specifies the vpn target type, export-extcommunity:
253 specifies the extended community attributes carried in routing
254 information to be sent. import-extcommunity: receives routing
255 information carrying specified extended community attributes.";
259 enum export_extcommunity {
261 description "export-extcommunity:";
263 enum import_extcommunity {
265 description "import-extcommunity:";
269 description "export-extcommunity & import-extcommunity:";
276 container apply-label {
278 "Apply one label mode for the VPN instance route.";
280 choice apply-label-mode {
283 "The apply-label per-route command enables the one-label-per-route
284 mode. The VPN instance IPv4/IPv6 address family assigns a unique
285 label to each route to be sent to the peer PE.";
287 leaf apply-label-per-route {
294 "The apply-label per-instance command applies one label to all VPN
295 instance IPv4 address family or IPv6 address family routes to a
298 leaf apply-label-per-instance {
304 }//End of "container apply-label"
306 leaf import-route-policy {
308 "The import route-policy command associates a VPN instance enabled
309 with the IPv4 or IPv6 address family with an import routing policy.
310 Only one import routing policy can be associated with a VPN instance
311 enabled with the IPv4 or IPv6 address family. If the import
312 route-policy command is run more than once, the latest configuration
313 overrides the previous ones.";
321 leaf export-route-policy {
323 "The export route-policy command associates a VPN instance enabled
324 with the IPv4 or IPv6 address family with an export routing policy.
325 Only one export routing policy can be associated with a VPN instance
326 enabled with the IPv4 or IPv6 address family. If the export
327 route-policy command is run more than once, the latest configuration
328 overrides the previous ones.";
337 container prefix-limit {
339 "The prefix limit command sets a limit on the maximum number of
340 prefixes supported in the existing VPN instance, preventing the
341 PE from importing excessive VPN route prefixes.";
343 leaf prefix-limit-number {
345 "Specifies the maximum number of prefixes supported in the VPN
348 instance IPv4 or IPv6 address family.";
351 range "1..4294967295";
355 choice prefix-limit-action {
356 case enable-alert-percent {
357 leaf alert-percent-value {
359 "Specifies the proportion of the alarm threshold to the maximum
360 number of prefixes.";
365 leaf route-unchanged {
367 "Indicates that the routing table remains unchanged. By default,
368 route-unchanged is not configured. When the number of prefixes
369 in the routing table is greater than the value of the parameter
370 number, routes are processed as follows:
371 (1)If route-unchanged is configured, routes in the routing table
373 (2)If route-unchanged is not configured, all routes in the
374 routing table are deleted and then re-added.";
381 case enable-simple-alert {
384 "Indicates that when the number of VPN route prefixes exceeds
385 number, prefixes can still join the VPN routing table and
386 alarms are displayed.";
398 container routing-table-limit {
400 "The routing-table limit command sets a limit on the maximum number of
401 routes that the IPv4 or IPv6 address family of a VPN instance can
403 By default, there is no limit on the maximum number of routes that the
404 IPv4 or IPv6 address family of a VPN instance can support, but the
405 total number of private network and public network routes on a device
406 cannot exceed the allowed maximum number of unicast routes.";
408 leaf routing-table-limit-number {
410 "Specifies the maximum number of routes supported by a VPN instance.
415 range "1..4294967295";
418 choice routing-table-limit-action {
419 case enable-alert-percent {
420 leaf alert-percent-value {
422 "Specifies the percentage of the maximum number of routes. When
423 the maximum number of routes that join the VPN instance is up
424 to the value (number*alert-percent)/100, the system prompts
425 alarms. The VPN routes can be still added to the routing table,
426 but after the number of routes reaches number, the subsequent
427 routes are dropped.";
435 case enable-simple-alert {
438 "Indicates that when VPN routes exceed number, routes can still
439 be added into the routing table, but the system prompts alarms.
440 However, after the total number of VPN routes and network public
441 routes reaches the unicast route limit specified in the License,
442 the subsequent VPN routes are dropped.";
454 "Enable VPN FRR in the VPN instance address family view.
455 If a PE is connected to two other PEs, running the vpn frr command in
456 the VPN instance address family view of the PE enables VPN FRR and
457 improves network reliability. After VPN FRR is configured, traffic can
458 switch to the secondary LSP immediately after the primary LSP becomes
469 container l3vpnVrfPipe {
471 "The diffserv-mode command configures the mode of the MPLS
472 differentiated service (Diff-Serv) for ensuring end-to-end QoS.";
482 "pipe: Indicates that the Pipe MPLS Diff-Serv mode is adopted.";
487 "shortPipe: Indicates that the Short-pipe MPLS Diff-Serv mode
493 "uniform: Indicates that the Uniform MPLS Diff-Serv mode is
503 "Service Class, Specifies the service type when the packet enters the
504 public network from the private network. The values are cs7, cs6, ef,
505 af4, af3, af2, af1, be.";
547 "Specifies a color for marking the discard priority of a packet
548 transferred from a private network to a public network. The values
549 are green, yellow, and red.";
554 description "green:";
558 description "yellow:";
570 "Specifies the DS domain name of the specified Per-Hop Behavior (PHB)
571 applied to the egress in Short pipe mode. It is a string of 1 to 31
579 container l3vpnTtlMode {
581 "The ttl-mode command enables MPLS to process the TTL in a specified
582 mode. By default, MPLS processes the TTL in pipe mode.";
585 description "TTL mode";
591 "pipe: Enables MPLS to process the TTL in pipe mode.";
598 "uniform: Enables MPLS to process the TTL in uniform mode.";
606 "The tnl-policy command associates the IPv4 or IPv6 address family of
607 a VPN instance with a tunnel policy.";
614 container importRibs {
616 "Import route class";
620 "Specifies the protocol from which routes are imported.
621 At present, In the IPv4 unicast address family view, the protocol
622 can be IS-IS,static, direct and BGP.";
631 description "Direct:";
645 description "Static:";
657 description "OSPFV3:";
661 description "RIPNG:";
665 description "INVALID:";
672 "Specifies the process ID if the protocol from routes are imported is
677 range "0..4294967295";
681 leaf bgp-valid-route {
687 "Policy Id for import routes";
695 leaf traffic-statistics {
697 "The traffic-statistics enable command enables traffic statistics
698 for a VPN instance.";
710 container vpn-instances {
712 "VPN instances configuration parameters.
713 VPN instances support both the IPv4 and IPv6 address families.";
716 max-elements "unbounded";
718 key "vpn-instance-name";
720 "Specifies the name of the VPN instance. It is a string of 1 to 31
721 case-sensitive characters.";
723 leaf vpn-instance-name {
729 "The name of the vpn-instance.";
734 "A textual description of VPN instance, the VPN instance description
735 helps users memorize the VPN instance.";
746 container ipv4-family {
748 "The IPv4 address family is enabled for the VPN instance.";
753 container ipv6-family {
755 "The IPv6 address family is enabled for the VPN instance.";
767 * Binding Interfaces to a VPN Instance.
770 container vpn-interfaces {
772 "VPN is enabled on interfaces.";
776 max-elements "unbounded";
780 path "/if:interfaces/if:interface/if:name";
783 leaf vpn-instance-name {
793 "Display the information of the vrf.
796 It is intended that this container may be augmented by vendors to
797 reflect the vendor-specific operational state parameters.";
801 "CreateTime of the vrf.";
808 "UpTime period of the vrf.";
829 description "vrf up.";
833 description "vrf down.";
841 * augment some bgp vpn functions in bgp module.
843 augment "/bgp:bgp-router/bgp:vpnv4/bgp:unicast" {
845 uses augment-bgp-af-vpn-config;
849 augment "/bgp:bgp-router/bgp:vpnv6/bgp:unicast" {
850 uses augment-bgp-af-vpn-config;
854 augment "/bgp:bgp-router" {
856 container bgp-af-ipv4-vpn-instances {
858 "vpn-instances ipv4 address family.";
859 list bgp-af-ipv4-vpn-instance {
860 key "vpn-instance-name";
861 max-elements "unbounded";
863 leaf vpn-instance-name {
866 uses bgp-af-vpn-instance-config;
870 container bgp-af-ipv6-vpn-instances {
872 "vpn-instances ipv6 address family.";
873 list bgp-af-ipv6-vpn-instance {
874 key "vpn-instance-name";
875 max-elements "unbounded";
877 leaf vpn-instance-name {
880 uses bgp-af-vpn-instance-config;