--- /dev/null
+module l3vpn {
+ namespace "urn:huawei:params:xml:ns:yang:l3vpn";
+// replace with IANA namespace when assigned
+ prefix "l3vpn";
+
+ import bgp {
+ prefix bgp;
+ //draft-zhdankin-netmod-bgp-cfg
+ }
+ import ietf-interfaces {
+ prefix if;
+ //rfc7223-YANG Interface Management
+ }
+
+ import ietf-inet-types {
+ prefix inet;
+ //RFC6991
+ }
+
+ import ietf-yang-types {
+ prefix yang;
+ //RFC6991
+ }
+
+ description
+ "This YANG module defines the generic configuration data for L3VPN service.
+
+ Terms and Acronyms
+
+ BGP (bgp): Border Gateway Protocol
+ IPv4 (ipv4):Internet Protocol Version 4
+ IPv6 (ipv6): Internet Protocol Version 6
+
+ ";
+
+ revision 2014-08-15 {
+ description
+ "Initial revision.";
+ reference "RFC4271, RFC4364, RFC4760";
+ }
+
+ grouping augment-bgp-af-vpn-config {
+ description
+ "A set of configuration parameters that is applicable to both BGP-VPNv4
+ and BGP-VPNv6 address family.";
+
+ leaf apply-label-per-nexthop {
+ description
+ "The apply-label per-nexthop command enables the ASBR to allocate
+ labels for IPv4 VPN routes or IPv6 VPN routes based on the next hop.";
+
+
+
+ config "true";
+ type boolean;
+ default "false";
+ }
+
+ leaf upeEnable {
+ description
+ "Specify peer as UPE.";
+
+ config "true";
+ type boolean;
+ default "false";
+ }
+
+ }
+
+
+ grouping bgp-af-vpn-instance-config {
+
+ container router-id {
+ description
+ "The router-id command configures router ID for BGP VPN instance IPv4
+ or IPv6 address family.
+ By default, no router ID is configured for BGP VPN instance IPv4 or
+ IPv6 address family, and the BGP router ID is used as the router ID.";
+
+ leaf enable {
+ type boolean;
+ }
+
+ choice config-type {
+ case static {
+ leaf ip-address {
+ description
+ "Specifies the router ID of a BGP VPN instance IPv4 address
+ family. The router ID is expressed in the IPv4 address format.
+ ";
+
+ config "true";
+ type inet:ip-address;
+ }
+ }
+ case auto-select {
+ leaf enable-auto-select {
+ description
+ "Configures automatic route ID selection for the current BGP VPN
+ instance address family.";
+
+
+ config "true";
+ type boolean;
+ }
+ }
+ }
+ }
+
+ leaf auto-frr {
+ description
+ "The auto-frr command enables BGP Auto FRR.";
+
+ config "true";
+ type boolean;
+ default "false";
+ }
+
+ container bgpPeers {
+ list bgpPeer {
+ key "peerAddr";
+ max-elements "unbounded";
+ min-elements "0";
+ description
+ "BGP Peer configure class";
+
+ leaf peerAddr {
+ description
+ "The nerighbor address";
+ config "true";
+ type inet:ip-address;
+ mandatory true;
+ }
+
+ leaf groupName {
+ description "peerGroupName";
+ config "true";
+ type string {
+ length "1..47";
+ }
+ }
+ leaf remoteAs {
+ description "Specifies the AS number of the peer.";
+ config "true";
+ type string {
+ length "1..11";
+ }
+ }
+
+ leaf description {
+
+ description
+ "specifies the description. The description is a string of letters
+ or figures. The value ranges from 1 to 80 characters without
+ spaces.";
+ config "true";
+ type string {
+ length "1..80";
+ pattern "([^?]*)";
+ }
+ }
+
+ leaf soo {
+ description
+ "The peer soo command configures the Site of Origin (SoO)
+ attribute for an EBGP peer in a BGP VPN instance. Format is ASN:nn
+ or IP-address:nn.";
+
+ config "true";
+ type string {
+ length "3..21";
+ }
+ }
+
+ leaf substituteAsEnable {
+ description
+ "Using the peer substitute-as command, you can substitute the AS
+ number of the specified peer in the as-path with the local AS
+ number.";
+
+ config "true";
+ type boolean;
+ default "false";
+ }
+
+ }
+ }
+
+ }
+
+ grouping vpn-af-config {
+ description
+ "A set of configuration parameters that is applicable to both IPv4 and
+ IPv6 address family for a VPN instance .";
+
+ leaf route-distinguisher {
+ description
+ "The route-distinguisher command configures a route distinguisher (RD)
+ for the IPv4 or IPv6 address family of a VPN instance.
+
+ Format is ASN:nn or IP-address:nn.";
+
+ config "true";
+ type string {
+ length "3..21";
+ }
+ }
+
+ container vpnTargets {
+ description
+ "The vpn-target command configures the export or import VPN target
+ extended community attribute for the VPN instance IPv4/IPv6 address
+ family.
+ Format is ASN:nn or IP-address:nn.";
+
+ list vpnTarget {
+ key "vrfRTValue";
+ max-elements "unbounded";
+ min-elements "0";
+ description
+ "L3vpn vpntarget configure class";
+
+ leaf vrfRTValue {
+
+ description
+ "Vpn-target: adds VPN target extended community attribute to the
+ export or import VPN target extended community list. The
+ vpn-target can be expressed in either of the following formats:
+ (1)16-bit AS number:32-bit user-defined number
+ For example, 1:3. The AS number ranges from 0 to 65535. The
+ user-defined number ranges from 0 to 4294967295. The AS number
+ and the user-defined number cannot be 0s at the same time.
+ That is, a VPN target cannot be 0:0.
+ (2)32-bit IP address:16-bit user-defined number
+ For example, 192.168.122.15:1. The IP address ranges from
+ 0.0.0.0 to 255.255.255.255. The user-defined number ranges from
+ 0 to 65535.
+ (3)32-bit IP address:16-bit user-defined number
+ For example, 192.168.122.15:1. An IP address ranges from
+ 0.0.0.0 to 255.255.255.255. A user-defined number ranges from 0
+ to 65535.";
+
+ config "true";
+ mandatory "true";
+ type string {
+ length "3..21";
+ }
+ }
+
+ leaf vrfRTType {
+ description
+ "Specifies the vpn target type, export-extcommunity:
+ specifies the extended community attributes carried in routing
+ information to be sent. import-extcommunity: receives routing
+ information carrying specified extended community attributes.";
+
+ mandatory "true";
+ type enumeration {
+ enum export_extcommunity {
+ value "0";
+ description "export-extcommunity:";
+ }
+ enum import_extcommunity {
+ value "1";
+ description "import-extcommunity:";
+ }
+ enum both {
+ value "2";
+ description "export-extcommunity & import-extcommunity:";
+ }
+ }
+ }
+ }
+ }
+
+ container apply-label {
+ description
+ "Apply one label mode for the VPN instance route.";
+
+ choice apply-label-mode {
+ case per-route {
+ description
+ "The apply-label per-route command enables the one-label-per-route
+ mode. The VPN instance IPv4/IPv6 address family assigns a unique
+ label to each route to be sent to the peer PE.";
+
+ leaf apply-label-per-route {
+ type boolean;
+ default "true";
+ }
+ }
+ case per-instance {
+ description
+ "The apply-label per-instance command applies one label to all VPN
+ instance IPv4 address family or IPv6 address family routes to a
+ peer PE.";
+
+ leaf apply-label-per-instance {
+ type boolean;
+ default "false";
+ }
+ }
+ }
+ }//End of "container apply-label"
+
+ leaf import-route-policy {
+ description
+ "The import route-policy command associates a VPN instance enabled
+ with the IPv4 or IPv6 address family with an import routing policy.
+ Only one import routing policy can be associated with a VPN instance
+ enabled with the IPv4 or IPv6 address family. If the import
+ route-policy command is run more than once, the latest configuration
+ overrides the previous ones.";
+
+ config "true";
+ type string {
+ length "1..40";
+ }
+ }
+
+ leaf export-route-policy {
+ description
+ "The export route-policy command associates a VPN instance enabled
+ with the IPv4 or IPv6 address family with an export routing policy.
+ Only one export routing policy can be associated with a VPN instance
+ enabled with the IPv4 or IPv6 address family. If the export
+ route-policy command is run more than once, the latest configuration
+ overrides the previous ones.";
+
+ config "true";
+ type string {
+ length "1..40";
+ }
+ }
+
+
+ container prefix-limit {
+ description
+ "The prefix limit command sets a limit on the maximum number of
+ prefixes supported in the existing VPN instance, preventing the
+ PE from importing excessive VPN route prefixes.";
+
+ leaf prefix-limit-number {
+ description
+ "Specifies the maximum number of prefixes supported in the VPN
+
+
+ instance IPv4 or IPv6 address family.";
+
+ type uint32 {
+ range "1..4294967295";
+ }
+ }
+
+ choice prefix-limit-action {
+ case enable-alert-percent {
+ leaf alert-percent-value {
+ description
+ "Specifies the proportion of the alarm threshold to the maximum
+ number of prefixes.";
+ type uint8 {
+ range "1..100";
+ }
+ }
+ leaf route-unchanged {
+ description
+ "Indicates that the routing table remains unchanged. By default,
+ route-unchanged is not configured. When the number of prefixes
+ in the routing table is greater than the value of the parameter
+ number, routes are processed as follows:
+ (1)If route-unchanged is configured, routes in the routing table
+ remain unchanged.
+ (2)If route-unchanged is not configured, all routes in the
+ routing table are deleted and then re-added.";
+
+ config "true";
+ type boolean;
+ default "false";
+ }
+ }
+ case enable-simple-alert {
+ leaf simple-alert {
+ description
+ "Indicates that when the number of VPN route prefixes exceeds
+ number, prefixes can still join the VPN routing table and
+ alarms are displayed.";
+
+ config "true";
+ type boolean;
+ default "false";
+ }
+ }
+ }
+ }
+
+
+
+ container routing-table-limit {
+ description
+ "The routing-table limit command sets a limit on the maximum number of
+ routes that the IPv4 or IPv6 address family of a VPN instance can
+ support.
+ By default, there is no limit on the maximum number of routes that the
+ IPv4 or IPv6 address family of a VPN instance can support, but the
+ total number of private network and public network routes on a device
+ cannot exceed the allowed maximum number of unicast routes.";
+
+ leaf routing-table-limit-number {
+ description
+ "Specifies the maximum number of routes supported by a VPN instance.
+ ";
+
+ config "true";
+ type uint32 {
+ range "1..4294967295";
+ }
+ }
+ choice routing-table-limit-action {
+ case enable-alert-percent {
+ leaf alert-percent-value {
+ description
+ "Specifies the percentage of the maximum number of routes. When
+ the maximum number of routes that join the VPN instance is up
+ to the value (number*alert-percent)/100, the system prompts
+ alarms. The VPN routes can be still added to the routing table,
+ but after the number of routes reaches number, the subsequent
+ routes are dropped.";
+
+ config "true";
+ type uint8 {
+ range "1..100";
+ }
+ }
+ }
+ case enable-simple-alert {
+ leaf simple-alert {
+ description
+ "Indicates that when VPN routes exceed number, routes can still
+ be added into the routing table, but the system prompts alarms.
+ However, after the total number of VPN routes and network public
+ routes reaches the unicast route limit specified in the License,
+ the subsequent VPN routes are dropped.";
+
+ config "true";
+ type boolean;
+
+ }
+ }
+ }
+ }
+
+ leaf vpn-frr {
+ description
+ "Enable VPN FRR in the VPN instance address family view.
+ If a PE is connected to two other PEs, running the vpn frr command in
+ the VPN instance address family view of the PE enables VPN FRR and
+ improves network reliability. After VPN FRR is configured, traffic can
+ switch to the secondary LSP immediately after the primary LSP becomes
+ faulty.";
+
+ type boolean;
+ default "false";
+ }
+
+
+ /*
+ * VPN QoS.
+ */
+ container l3vpnVrfPipe {
+ description
+ "The diffserv-mode command configures the mode of the MPLS
+ differentiated service (Diff-Serv) for ensuring end-to-end QoS.";
+
+ leaf pipeMode {
+ description
+ "Pipe mode";
+
+ type enumeration {
+ enum pipe {
+ value "0";
+ description
+ "pipe: Indicates that the Pipe MPLS Diff-Serv mode is adopted.";
+ }
+ enum shortPipe {
+ value "1";
+ description
+ "shortPipe: Indicates that the Short-pipe MPLS Diff-Serv mode
+ is adopted.";
+ }
+ enum uniform {
+ value "2";
+ description
+ "uniform: Indicates that the Uniform MPLS Diff-Serv mode is
+ adopted.";
+ }
+ }
+ default "uniform";
+
+ }
+
+ leaf serviceClass {
+ description
+ "Service Class, Specifies the service type when the packet enters the
+ public network from the private network. The values are cs7, cs6, ef,
+ af4, af3, af2, af1, be.";
+
+ type enumeration {
+ enum be {
+ value "0";
+ description "be:";
+ }
+ enum af1 {
+ value "1";
+ description "af1:";
+ }
+ enum af2 {
+ value "2";
+ description "af2:";
+ }
+ enum af3 {
+ value "3";
+ description "af3:";
+ }
+ enum af4 {
+ value "4";
+ description "af4:";
+ }
+ enum ef {
+ value "5";
+ description "ef:";
+ }
+ enum cs6 {
+ value "6";
+ description "cs6:";
+ }
+ enum cs7 {
+ value "7";
+ description "cs7:";
+ }
+ }
+ default "be";
+ }
+
+
+ leaf color {
+ description
+ "Specifies a color for marking the discard priority of a packet
+ transferred from a private network to a public network. The values
+ are green, yellow, and red.";
+
+ type enumeration {
+ enum green {
+ value "0";
+ description "green:";
+ }
+ enum yellow {
+ value "1";
+ description "yellow:";
+ }
+ enum red {
+ value "2";
+ description "red:";
+ }
+ }
+ default "green";
+ }
+
+ leaf dsName {
+ description
+ "Specifies the DS domain name of the specified Per-Hop Behavior (PHB)
+ applied to the egress in Short pipe mode. It is a string of 1 to 31
+ characters.";
+
+ type string;
+ default "default";
+ }
+ }
+
+ container l3vpnTtlMode {
+ description
+ "The ttl-mode command enables MPLS to process the TTL in a specified
+ mode. By default, MPLS processes the TTL in pipe mode.";
+
+ leaf ttlMode {
+ description "TTL mode";
+ default "pipe";
+ type enumeration {
+ enum pipe {
+ value "0";
+ description
+ "pipe: Enables MPLS to process the TTL in pipe mode.";
+ }
+
+
+ enum uniform {
+ value "1";
+ description
+ "uniform: Enables MPLS to process the TTL in uniform mode.";
+ }
+ }
+ }
+ }
+
+ leaf tunnel-policy {
+ description
+ "The tnl-policy command associates the IPv4 or IPv6 address family of
+ a VPN instance with a tunnel policy.";
+
+ type string {
+ length "1..39";
+ }
+ }
+
+ container importRibs {
+ description
+ "Import route class";
+
+ leaf protocol {
+ description
+ "Specifies the protocol from which routes are imported.
+ At present, In the IPv4 unicast address family view, the protocol
+ can be IS-IS,static, direct and BGP.";
+
+ type enumeration {
+ enum ALL {
+ value "0";
+ description "ALL:";
+ }
+ enum Direct {
+ value "1";
+ description "Direct:";
+ }
+ enum OSPF {
+ value "2";
+ description "OSPF:";
+ }
+ enum ISIS {
+ value "3";
+ description "ISIS:";
+ }
+ enum Static {
+ value "4";
+
+
+ description "Static:";
+ }
+ enum RIP {
+ value "5";
+ description "RIP:";
+ }
+ enum BGP {
+ value "6";
+ description "BGP:";
+ }
+ enum OSPFV3 {
+ value "7";
+ description "OSPFV3:";
+ }
+ enum RIPNG {
+ value "8";
+ description "RIPNG:";
+ }
+ enum INVALID {
+ value "9";
+ description "INVALID:";
+ }
+ }
+ }
+
+ leaf processId {
+ description
+ "Specifies the process ID if the protocol from routes are imported is
+ IS-IS.";
+
+ default "0";
+ type uint32 {
+ range "0..4294967295";
+ }
+ }
+
+ leaf bgp-valid-route {
+ type boolean;
+ }
+
+ leaf policyName {
+ description
+ "Policy Id for import routes";
+ type string {
+ }
+ }
+
+ }
+
+
+ leaf traffic-statistics {
+ description
+ "The traffic-statistics enable command enables traffic statistics
+ for a VPN instance.";
+
+ type boolean;
+ default "false";
+ }
+
+ }
+
+
+ /*
+ * VPN instance view.
+ */
+ container vpn-instances {
+ description
+ "VPN instances configuration parameters.
+ VPN instances support both the IPv4 and IPv6 address families.";
+
+ list vpn-instance {
+ max-elements "unbounded";
+ min-elements "0";
+ key "vpn-instance-name";
+ description
+ "Specifies the name of the VPN instance. It is a string of 1 to 31
+ case-sensitive characters.";
+
+ leaf vpn-instance-name {
+ mandatory "true";
+ type string {
+ length "1..31";
+ }
+ description
+ "The name of the vpn-instance.";
+ }
+
+ leaf description {
+ description
+ "A textual description of VPN instance, the VPN instance description
+ helps users memorize the VPN instance.";
+
+ type string {
+ length "1..242";
+ pattern "([^?]*)";
+ }
+ }
+
+
+
+
+ container ipv4-family {
+ description
+ "The IPv4 address family is enabled for the VPN instance.";
+
+ uses vpn-af-config;
+ }
+
+ container ipv6-family {
+ description
+ "The IPv6 address family is enabled for the VPN instance.";
+
+ uses vpn-af-config;
+ }
+
+
+ }
+ }
+
+
+
+ /*
+ * Binding Interfaces to a VPN Instance.
+ */
+
+ container vpn-interfaces {
+ description
+ "VPN is enabled on interfaces.";
+
+ list vpn-interface {
+ key "name";
+ max-elements "unbounded";
+ min-elements "0";
+ leaf name {
+ type leafref {
+ path "/if:interfaces/if:interface/if:name";
+ }
+ }
+ leaf vpn-instance-name {
+ type string {
+ length "1..40";
+ }
+ }
+ }
+ }
+
+ container vrfInfo {
+ description
+ "Display the information of the vrf.
+
+
+ It is intended that this container may be augmented by vendors to
+ reflect the vendor-specific operational state parameters.";
+
+ leaf vrfCreateTime {
+ description
+ "CreateTime of the vrf.";
+ config "false";
+ type yang:timestamp;
+ }
+
+ leaf vrfUpTime {
+ description
+ "UpTime period of the vrf.";
+ config "false";
+ type yang:timeticks;
+ }
+
+ leaf label {
+ description
+ "Label of the vrf.";
+ config "false";
+ type uint32 {
+ range "16..1048574";
+ }
+ }
+
+ leaf vrfStatus {
+ description
+ "vrf status.";
+ config "false";
+ type enumeration {
+ enum up {
+ value "0";
+ description "vrf up.";
+ }
+ enum down {
+ value "1";
+ description "vrf down.";
+ }
+ }
+ }
+ }
+
+
+ /*
+ * augment some bgp vpn functions in bgp module.
+ */
+ augment "/bgp:bgp-router/bgp:vpnv4/bgp:unicast" {
+
+ uses augment-bgp-af-vpn-config;
+
+ }
+
+ augment "/bgp:bgp-router/bgp:vpnv6/bgp:unicast" {
+ uses augment-bgp-af-vpn-config;
+
+ }
+
+ augment "/bgp:bgp-router" {
+
+ container bgp-af-ipv4-vpn-instances {
+ description
+ "vpn-instances ipv4 address family.";
+ list bgp-af-ipv4-vpn-instance {
+ key "vpn-instance-name";
+ max-elements "unbounded";
+ min-elements "0";
+ leaf vpn-instance-name {
+ type string;
+ }
+ uses bgp-af-vpn-instance-config;
+ }
+ }
+
+ container bgp-af-ipv6-vpn-instances {
+ description
+ "vpn-instances ipv6 address family.";
+ list bgp-af-ipv6-vpn-instance {
+ key "vpn-instance-name";
+ max-elements "unbounded";
+ min-elements "0";
+ leaf vpn-instance-name {
+ type string;
+ }
+ uses bgp-af-vpn-instance-config;
+ }
+ }
+
+ }
+
+
+}
Code Review / vpnservice.git / blobdiff