]> YANG Data Model for Configuration Interface of Control-Plane and User-Plane separation BNG ZTE Corporation
No.50, Software Avenue Nanjing Jiangsu 210012 China huang.guangping@zte.com.cn
China Mobile
32 Xuanwumen West Ave, Xicheng District Beijing 100053 China shujun_hu@outlook.com
China Mobile
32 Xuanwumen West Ave, Xicheng District Beijing Beijing 100053 China qinfengwei@chinamobile.com
Routing IETF RTGWG CU Separation, Yang This document defines the YANG data model for management of Control-Plane and User-Plane separation of BNGs (Broadband Network Gateways).
The main idea of Broadband Network Gateway (BNG) Control-Plane and User-Plane separation is to extract and centralize the user management functions of multiple BNG devices, forming a unified and centralized control plane (CP), while the traditional router's control and forwarding information are both preserved on BNG devices in the form of a user plane (UP). We call the Control-Plane and User-plane separation BNG a vBNG (virtual BNG). The architecture of Control-plane and User-plane separated BNG is shown as the following figure.
There are three interfaces between vBNG-CP(vBNG Control Plane) and vBNG-UP(vBNG User Plane): Service interface, control interface and management interface. The service interface is used to carry PPPoE/IPoE dialup packets between user plane and control plane. The requirements and possible solution are defined in the . The control interface is used for setting forwarding entries of the user plane using Simple CUSP (S-CUSP) or other protocols. The management interface is used by vBNG-CP to carry out related configurations of vBNG-UP through NETCONF protocol . This document defines the YANG data model for vBNG(vBNG-CP and vBNG-UP). There are three types of YANG data model for vBNG in this document: The YANG data models for vBNG-CP, the YANG data models for direct network management of vBNG-UP, and the YANG data models for BNG-UP through the management interfaces among the vBNG-UP and vBNG-CP.
BNG: Broadband Network Gateway. A broadband remote access server routes traffic to and from broadband remote access devices such as digital subscriber line access multiplexers (DSLAM) on an Internet service provider's (ISP) network. CUSP: Control-plane and User-plane Separation Protocol. S-CUSP: Simple CUSP. vBNG: Virtualization Broadband Network Gateway. An vBNG is to extract and centralize the user management functions of multiple BNG devices, and to form an unified and centralized control plane (CP). The vBNG devices include vBNG-UP and vBNG-CP. vBNG-CP: vBNG Control Plane. The vBNG-CP is a user control management component which support to manage UP's resources such as the user entry and forwarding policy. vBNG-UP: vBNG User Plane. vBNG-UP is a network edge and user policy implementation component.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
The vBNG-UP or vBNG-CP part can be a physical or virtualized network element. The LNE model is augmented to define the YANG data models for vBNG-UP and vBNG-CP in this document. The YANG data model for vBNG through the management interface includes vBNG-UP interface configuration, control channel and service channel configuration, ACL and QoS. The vBNG-UP interface configuration is to configure the basic interface informations of a vBNG-UP element, such as interface name, the VLAN parameters for the sub-interface. The control channel is to configure the S-CUSP parameters. The control channel parameters include: name, id, port, S-CUSP version, hello interval, dead time, and keepalive time. The VXLAN tunnel is the suggested service interface protocol between vBNG-CP and vBNG-UP. The VXLAN tunnel parameters include: tunnel-source-ip,tunnel-destination-ip, vxlan-id, vxlan-tunnel-id, vxlan-tunnel-name, etc. The ACL information includes ipv4-acl,ipv6-acl,link-acl,etc. The YANG data model for ACL refers to The QoS information includes IP-DSCP, MPLS,VPLS, VPWS etc. The YANG data model for QoS refers to
The ietf-vbng-cp module is to configure vBNG-CP. The YANG data model includes: vbng-cp-name, netconf-server and PPPoE parameters, etc.
The ietf-vbng-up module is to configure the vBNG-UP. The YANG data model includes: shelf-number, vbng-up-name, netconf-client and keepalive-sink , etc.
file "ietf-vbng@2019-03-08.yang" module ietf-vbng{ namespace "urn:ietf:params:xml:ns:yang:ietf-vbng"; prefix "vbng"; import ietf-inet-types { prefix "inet"; } import ietf-interfaces { prefix if; } import ietf-logical-network-element { prefix lne; } organization "IETF NETCONF Working Group"; contact " WG List: Editor: Guangping Huang "; description "The YANG module defines a generic configuration model for vbng"; revision 2019-03-08{ description "Initial a new vbng control and user plane separation yang data model, it includes ietf-vbng, ietf-vbng-cp,and ietf-vbng-up, this module is ietf-vbng"; reference "draft-cuspdt-rtgwg-cu-separation-yang-model-02"; } /* Typedefs */ typedef vlan-id { type uint16 { range "0..4094"; } description "Typedef for VLAN ID."; } typedef vxlan-id { type uint32; description "Typedef for VxLAN ID."; } typedef address-family-type { type enumeration { enum ipv4 { description "IPv4"; } enum ipv6 { description "IPv6"; } } description "Typedef for address family type."; } /* Configuration Data */ augment /lne:logical-network-elements/lne:logical-network-element { container ietf-vbng{ container interfaces { list interface { key name; leaf name { type if:interface-ref; description "interface name"; } container ethernet { leaf lacp { type boolean; description "enable lacp function"; } description "configure ethernet interface"; } leaf mac-offset { type uint32; description "configure mac offset"; } container vlans { list tag { key index; max-elements 2; leaf index { type uint8 { range "0..1"; } must ". = 0 or count(../../tag[index = 0]/index) > 0" { error-message "An inner tag can only be specified if anouter tag has also been specified"; description "Ensure that an inner tag cannot be specified without an outer tag'"; } description "The index into the tag stack, outermost tag assigned index 0"; } container tag{ leaf tag-type { type string; description "tag type"; } leaf vlan-id { type vlan-id; description "vlan id value"; } description "tag"; } description "tag list"; } description "vlans"; } description "interfaces list"; } description "interface container"; } container control-channel { leaf name { type string; description "control channel protocol logical name"; } leaf id { type uint32; description "the s-cusp session id"; } leaf port { type uint32; description "s-cusp tcp connection port number"; } leaf version { type uint8; description "s-cusp version number"; } leaf hellointerval { type uint32; description "s-cusp hello interval"; } leaf deadtime { type uint32; description "s-cusp dead time"; } leaf keepalivetime { type uint32; description "s-cusp keepalive time"; } description "configure s-cusp parameters"; } list service-channel{ key vxlan-tunnel-id; leaf vxlan-tunnel-id { type uint32; description "Static VxLAN tunnel ID."; } leaf vxlan-tunnel-name { type string; description "Name of the static VxLAN tunnel."; } list address-family { key "af"; leaf af { type address-family-type; description "Address family type value."; } leaf tunnel-source-ip { type inet:ip-address; description "Source IP address for the static VxLAN tunnel"; } leaf tunnel-destination-ip { type inet:ip-address; description "Destination IP address for the static VxLAN tunnel"; } list bind-vxlan-id { key vxlan-id; leaf vxlan-id { type vxlan-id; description "VxLAN ID."; } description "VxLAN ID list for the VTEP."; } description "Per-af params."; } description "Configure VxLAN channel"; } description "ietf-bng configuration!"; } description "augment lne model"; } } ]]>
file "ietf-vbng-cp@2019-03-08.yang" module ietf-vbng-cp{ namespace "urn:ietf:params:xml:ns:yang:ietf-vbng-cp"; prefix "vbng-cp"; import ietf-inet-types { prefix "inet"; } import ietf-interfaces { prefix if; } import ietf-logical-network-element { prefix lne; } organization "IETF NETCONF Working Group"; contact " WG List: Editor: Guangping Huang "; description "The YANG module defines a generic configuration model for vbng-cp"; revision 2019-03-08{ description "Initial a new vbng control and user plane separation yang data model, it includes ietf-vbng, ietf-vbng-cp,and ietf-vbng-up, this is ietf-vbng-cp"; reference "draft-cuspdt-rtgwg-cu-separation-yang-model-02"; } /* Typedefs */ typedef address-family-type { type enumeration { enum ipv4 { description "IPv4"; } enum ipv6 { description "IPv6"; } } description "Typedef for address family type."; } /* Configuration Data */ augment /lne:logical-network-elements/lne:logical-network-element { container ietf-vbng-cp{ leaf bng-cp-name { type string; description "configure vbng-cp name"; } leaf enable { type boolean; description "'true' to support vbng separation"; } container netconf-server { presence netconf-server ; list address-family { key "af"; leaf af { type address-family-type; description "Address family type value."; } leaf ip { type inet:ip-address; mandatory true ; description 'Configure ip address of netconf server.'; } description "address family list"; } leaf user-name { type string { length 1..65 ; } description 'configure user name, default: "who".'; } leaf password { type string { length 3..32 ; } description 'configure password, default: "who".'; } leaf port { type uint32; description 'Configure port.'; } description 'Configure netconf server.'; } container vbng-pppoe { container pppoe-switch { leaf delay-time { type uint16 { range 1..300 ; } description 'Trigger user offline when VCC phys-interface down'; } leaf keepalive-timer { type enumeration { enum start { value 1 ; description "start keepalive timer"; } enum stop { value 0 ; description "stop keepalive timer"; } } default start ; description 'Start or stop send keepalive packet'; } leaf ppp-max-payload { type enumeration { enum disable { value 0 ; description "disable ppp max payload"; } enum enable { value 1 ; description "enable ppp max payload"; } } default disable ; description 'Enable or disable pppoe ppp-max-payload'; } leaf service { type enumeration { enum advertise{ value 1 ; description "enable ppp service!"; } enum disable { value 0 ; description "disable ppp service!"; } } default advertise ; description 'Open or close pppoe service'; } leaf ppp-mru-verify { type enumeration { enum open { value 1 ; description "enable ppp mru verify!"; } enum close { value 0 ; description "disable ppp mru!"; } } default close ; description 'set ppp lcp mru verify when mru over 1492'; } leaf keepalive-fast-reply { type enumeration { enum enable { value 1 ; description 'Enable keepalive fast reply!'; } enum disable { value 0 ; description 'Disable keepalive fast reply!'; } } description 'Set keepalive fast reply flag.'; } description 'Configuration about pppoe switch.'; } list pppoe-cfg { key template ; leaf template { type uint32 { range 1..1000 ; } description 'PPPoX template number'; } leaf ppp-authentication { type enumeration { enum pap { value 1 ; description "configure pap authentication!"; } enum chap { value 2 ; description "configure chap authentication!"; } enum mschapv1 { value 6 ; description "configure mschapv1 authentication!"; } enum mschapv2 { value 7 ; description "configure mschapv2 tication!"; } enum pap-chap { value 21 ; description "configure pap-chap authentication!"; } } default pap-chap ; description 'Set ppp authentication'; } leaf ppp-check-magic-num { type enumeration { enum disable { value 0 ; description 'disable ppp magic check'; } enum enable { value 1 ; description 'enable ppp magic check'; } } default enable ; description 'Check magic number or not'; } leaf ppp-mru { type uint32 { range 320..9000 ; } default 1492 ; description 'Set mru value'; } leaf pppoe-ac-name { type string ; description 'Set ac-name'; } leaf pppoe-service-name-omit { type enumeration { enum disable { value 0 ; description "disable pppoe service name omit"; } enum enable { value 1 ; description "enable pppoe service name omit"; } } default disable ; description 'Check service-name value'; } leaf pppoe-ac-cookie-check { type enumeration { enum disable { value 0 ; description "disable pppoe ac cookie check"; } enum enable { value 1 ; description "enable pppoe ac cookie check"; } } default enable ; description 'Check options'; } leaf pppoe-password-string { type string ; description 'Set authentication failure password string'; } leaf pppoe-username-string { type string ; description 'Set authentication failure username error string'; } choice ppp-quick-redial { case quick-redial-disable { leaf ppp-quick-redial-disable { type enumeration { enum disable { value 0 ; description "disable ppp quick redial"; } } default disable ; description 'disable quick-redial'; } description 'disable quick-redial'; } case fast-response { leaf ppp-fast-response { type enumeration { enum diable { value 0 ; description "disable ppp fast response"; } enum enable { value 1 ; description "enable ppp fast response"; } } description 'set Response the access request immediately'; } leaf ppp-quick-redial-enable { type enumeration { enum enable { value 1 ; description "enable ppp quick redial"; } } default enable ; description 'Enable quick-redial'; } description 'set quick-redial or Response the access request immediately'; } default quick-redial-disable ; description 'Enable or disable quick-redial'; } container ppp-keepalive { leaf ppp-keepalive-timer { type uint32 { range 10..14400 ; } default 60 ; description 'Set keepalive time(unit:seconds)'; } leaf ppp-keepalive-count { type uint16 { range 1..10 ; } default 3 ; description 'Set keepalive counter'; } description 'Set keepalive time and counter'; } container ppp-timeout { leaf ppp-timeout-negtimeoutsec { type uint8 { range 1..10 ; } default 3 ; description 'Set ppp negtimeoutsec timeout(unit:seconds)'; } leaf ppp-timeout-authentication { type uint8 { range 1..10 ; } default 3 ; description 'Set ppp authentication timeout(unit:seconds)'; } description 'Set ppp negtimeoutsec and authentication timeout'; } description 'Configuration pppoe template'; } description 'Configuration vBRAS PPPoE.'; } description "configure bng-cp"; } description "augment lne model"; } } ]]>
file "ietf-vbng-up@2019-03-08.yang" module ietf-vbng-up{ namespace "urn:ietf:params:xml:ns:yang:ietf-vbng-up"; prefix "vbng-up"; import ietf-inet-types { prefix "inet"; } import ietf-logical-network-element { prefix lne; } organization "IETF NETCONF Working Group"; contact " WG List: Editor: Guangping Huang "; description "The YANG module defines a generic configuration model for vbng"; revision 2019-03-08{ description "Initial a new vbng control and user plane separation yang data model, it includes ietf-vbng, ietf-vbng-cp,and ietf-vbng-up, this is ietf-vbng-up"; reference "draft-cuspdt-rtgwg-cu-separation-yang-model-02"; } /* Typedefs */ typedef address-family-type { type enumeration { enum ipv4 { description "IPv4"; } enum ipv6 { description "IPv6"; } } description "Typedef for address family type."; } /* Configuration Data */ augment /lne:logical-network-elements/lne:logical-network-element { container ietf-vbng-up{ list vbng-up { key shelf-no ; leaf shelf-no { type uint8 { range 1..127 ; } description 'Configure shelf-no of forwarder,1-127.'; } leaf vbng-up-name { type string { length 1..31 ; } description 'Configure bng up name.' ; } container netconf-client { presence netconf-client ; list address-family { key "af"; leaf af { type address-family-type; description "Address family type value."; } leaf ip { type inet:ip-address; mandatory true ; description 'Configure ip address of netconf server.'; } description "address family list"; } leaf user-name { type string { length 1..65 ; } description 'configure user name, default: "who".'; } leaf password { type string { length 3..32 ; } description 'configure password, default: "who".'; } leaf port { type uint32; description 'Configure port.'; } description 'Configure netconf server.'; } leaf keepalive-sink { type enumeration { enum enable { value 1 ; description 'enable the keepalive-sink function'; } enum disable { value 0 ; description 'disable keepalive-sink function'; } } description "configure keepalive-sink"; } description "configure vbng-up list"; } description "vbng-up configuration!"; } description "augment lne model"; } } ]]>
The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF or RESTCONF . The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH). The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS . The NETCONF access control model provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. vBNG(vBNG-CP, vBNG-UP) represents device and network configuration information based on the LNE. As such, the security of this information is important, but it is fundamentally no different than any other interface or device configuration information that has already been covered in other documents such as . The vulnerable "config true" parameters and subtree are the following: lne:logical-network-elements/lne:logical-network-element/ietf-vbng/interfaces: this subtree specifies vBNG-UP interface parameters configuration. Modify the configuration can cause the vBNG-UP interfaces disable. lne:logical-network-elements/lne:logical-network-element/ietf-vbng/control-channel: this subtree specifies control channel parameters configuration. Modify the configuration can cause the S-CUSP protocol sessions interrupted among the vBNG-CPs and vBNG-UPs. lne:logical-network-elements/lne:logical-network-element/ietf-vbng/service-channel: this subtree specifies the service channel parameters configuration among vbng user planes and control plane. Modify the configuration can cause the VxLAN session interrupted among vBGN-UPs and vBNG-CPs. lne:logical-network-elements/lne:logical-network-element/ietf-vbng-cp/netconf-server: this subtree specifies netconf parameters of vBNG-CP. Modify the configuration can cause the netconf session among vBNG-CPs and vBNG-UPs interrupted. lne:logical-network-elements/lne:logical-network-element/ietf-vbng-cp/vbng-pppoe: this subtree specifies PPPoE parameters of vBNG-CP. Modify the configuration can cause the PPPoE session interrupted. lne:logical-network-elements/lne:logical-network-element/ietf-vbng-cp/netconf-client: this subtree specifies netconf parameters of vBNG-UP. Modify the configuration can cause the netconf session among vBNG-CP and vBNG-UP interrupted. Unauthorized access to any of these lists can adversely affect the security of both the local device and the network. This may lead to network malfunctions, delivery of packets to inappropriate destinations, and other problems.
This document registers three URI in the IETF XML registry . Following the format in , the following registrations are requested to be made. URI: urn:ietf:params:xml:ns:yang:ietf-vbng. Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace. URI: urn:ietf:params:xml:ns:yang:ietf-vbng-cp. Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace. URI: urn:ietf:params:xml:ns:yang:ietf-vbng-up. Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace. This document registers three YANG modules in the YANG Module Names registry .