RFC 9182: A YANG Network Data Model for Layer 3 VPNs
- S. Barguil,
- O. Gonzalez de Dios, Ed.,
- M. Boucadair, Ed.,
- L. Munoz,
- A. Aguado
Abstract
As a complement to the Layer 3 Virtual Private Network Service Model (L3SM), which is used for communication between customers and service providers, this document defines an L3VPN Network Model (L3NM) that can be used for the provisioning of Layer 3 Virtual Private Network (L3VPN) services within a service provider network. The model provides a network-centric view of L3VPN services.¶
The L3NM is meant to be used by a network controller to derive the
configuration information that will be sent to relevant network devices.
The model can also facilitate communication between a service
orchestrator and a network controller
Status of This Memo
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
https://
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://
1. Introduction
[RFC8299] defines a YANG Layer 3 Virtual Private Network Service Model (L3SM) that can be used for communication between customers and service providers. Such a model focuses on describing the customer view of the Virtual Private Network (VPN) services and provides an abstracted view of the customer's requested services. That approach limits the usage of the L3SM to the role of a customer service model (as per [RFC8309]).¶
This document defines a YANG module called the "L3VPN Network Model"
(L3NM). The L3NM is aimed at providing a network-centric view of Layer 3
(L3) VPN services. This data model can be used to facilitate
communication between the service orchestrator and the network
controller
This document uses the common VPN YANG module defined in [RFC9181].¶
This document does not obsolete [RFC8299]. These two modules are used for similar objectives but with different scopes and views.¶
The L3NM YANG module was initially built with a "prune and extend"
approach, taking as a starting point the YANG module described in [RFC8299]. Nevertheless, the L3NM is not defined as an
augment to the L3SM, because a specific structure is required to meet
network
Some information captured in the L3SM can be passed by the orchestrator in the L3NM (e.g., customer) or be used to feed some L3NM attributes (e.g., actual forwarding policies). Also, some information captured in the L3SM may be maintained locally within the orchestrator, which is in charge of maintaining the correlation between a customer view and its network instantiation. Likewise, some information captured and exposed using the L3NM can feed the service layer (e.g., capabilities) to drive VPN service order handling and thus the L3SM.¶
Section 5.1 of [RFC8969] illustrates how the L3NM can be used within the network management automation architecture.¶
The L3NM does not attempt to address all deployment cases, especially
those where L3VPN connectivity is supported through the coordination
of different VPNs in different underlying networks. More complex
deployment scenarios involving the coordination of different VPN
instances and different technologies to provide end-to-end VPN
connectivity are addressed by complementary YANG modules, e.g., [YANG
The L3NM focuses on Layer 3 VPNs based on BGP Provider Edges (PEs) as described in [RFC4026], [RFC4110], and [RFC4364]; and Multicast VPNs as described in [RFC6037] and [RFC6513].¶
The YANG data model in this document conforms to the Network Management Datastore Architecture (NMDA) defined in [RFC8342].¶
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document assumes that the reader is familiar with the contents of [RFC6241], [RFC7950], [RFC8299], [RFC8309], and [RFC8453] and uses the terminology defined in those documents.¶
This document uses the term "network model" as defined in Section 2.1 of [RFC8969].¶
The meanings of the symbols in the tree diagrams are defined in [RFC8340].¶
This document makes use of the following terms:¶
- Layer 3 VPN Service Model (L3SM):
- A YANG data model that describes the service requirements of an L3VPN that interconnects a set of sites from the point of view of the customer. The customer service model does not provide details on the service provider network. The L3VPN customer service model is defined in [RFC8299].¶
- Layer 3 VPN Network Model (L3NM):
- A YANG data model that describes a VPN service in the service provider network. It contains information on the service provider network and might include allocated resources. It can be used by network controllers to manage and control the VPN service configuration in the service provider network. The corresponding YANG module can be used by a service orchestrator to request a VPN service to a network controller.¶
- Service orchestrator:
- A functional entity that interacts with the customer of an L3VPN. The service orchestrator interacts with the customer using the L3SM. The service orchestrator is responsible for the Customer Edge to Provider Edge (CE-PE) attachment circuits, the PE selection, and requesting the VPN service to the network controller.¶
- Network orchestrator:
- A functional entity that is hierarchically intermediate between a service orchestrator and network controllers. A network orchestrator can manage one or several network controllers.¶
- Network controller:
- A functional entity responsible for the control and management of the service provider network.¶
- VPN node:
- An abstraction that represents a set of policies applied on a PE and belonging to a single VPN service. A VPN service involves one or more VPN nodes. As it is an abstraction, the network controller will decide how to implement a VPN node. For example, in a BGP-based VPN, a VPN node could typically be mapped to a Virtual Routing and Forwarding (VRF) instance.¶
- VPN network access:
- An abstraction that represents the network interfaces that are associated with a given VPN node. Traffic coming from the VPN network access belongs to the VPN. The attachment circuits (bearers) between CEs and PEs are terminated in the VPN network access. A reference to the bearer is maintained to allow keeping the link between the L3SM and L3NM when both models are used in a given deployment.¶
- VPN site:
- A VPN customer's location that is connected to the service provider network via a CE-PE link, which can access at least one VPN [RFC4176].¶
- VPN service provider:
- A service provider that offers VPN-related services [RFC4176].¶
- Service provider network:
- A network that is able to provide VPN-related services.¶
This document is aimed at modeling BGP PE-based VPNs in a service provider network, so the terms defined in [RFC4026] and [RFC4176] are used in this document as well.¶
3. Acronyms and Abbreviations
The following acronyms and abbreviations are used in this document:¶
- ACL
- Access Control List¶
- AS
- Autonomous System¶
- ASM
- Any-Source Multicast¶
- ASN
- AS Number¶
- BFD
- Bidirectional Forwarding Detection¶
- BGP
- Border Gateway Protocol¶
- BSR
- Bootstrap Router¶
- CE
- Customer Edge¶
- CsC
- Carriers' Carriers¶
- IGMP
- Internet Group Management Protocol¶
- L3NM
- L3VPN Network Model¶
- L3SM
- L3VPN Service Model¶
- L3VPN
- Layer 3 Virtual Private Network¶
- MLD
- Multicast Listener Discovery¶
- MSDP
- Multicast Source Discovery Protocol¶
- MVPN
- Multicast VPN¶
- NAT
- Network Address Translation¶
- OAM
- Operations, Administration, and Maintenance¶
- OSPF
- Open Shortest Path First¶
- PE
- Provider Edge¶
- PIM
- Protocol Independent Multicast¶
- QoS
- Quality of Service¶
- RD
- Route Distinguisher¶
- RP
- Rendezvous Point¶
- RT
- Route Target¶
- SA
- Security Association¶
- SSM
- Source-Specific Multicast¶
- VPN
- Virtual Private Network¶
- VRF
- Virtual Routing and Forwarding¶
4. L3NM Reference Architecture
Figure 1 depicts the reference architecture for the L3NM. The figure is an expansion of the architecture presented in Section 5 of [RFC8299]; it decomposes the box marked "orchestration" in that section into three separate functional components: service orchestration, network orchestration, and domain orchestration.¶
Although some deployments may choose to construct a monolithic orchestration component (covering both service and network matters), this document advocates for a clear separation between service and network orchestration components for the sake of better flexibility. Such a design adheres to the L3VPN reference architecture defined in Section 1.3 of [RFC4176]. This separation relies upon a dedicated communication interface between these components and appropriate YANG modules that reflect network-related information. Such information is hidden from customers.¶
The intelligence for translating customer-facing information into network-centric information (and vice versa) is implementation specific.¶
The terminology from [RFC8309] is used here to show the distinction between the customer service model, the service delivery model, the network configuration model, and the device configuration model. In that context, the "domain orchestration" and "config manager" roles may be performed by "controllers".¶
The customer may use a variety of means to request a service that may
trigger the instantiation of an L3NM. The customer may use the L3SM or
more abstract models to request a service that relies upon an L3VPN
service. For example, the customer may supply an IP Connectivity
Provisioning Profile (CPP) that characterizes the requested service
[RFC7297], an enhanced VPN (VPN+) service [Enhanced
Note also that both the L3SM and the L3NM may be used in the context of the Abstraction and Control of TE Networks (ACTN) framework [RFC8453]. Figure 2 shows the Customer Network Controller (CNC), the Multi-Domain Service Coordinator (MDSC), the Provisioning Network Controller (PNC) components, and the interfaces where the L3SM and L3NM are used.¶
5. Relationship to Other YANG Data Models
The "ietf
In order to avoid data duplication and to ease passing data between
layers when required (service layer to network layer and vice versa),
early versions of the L3NM reused many of the data nodes that are
defined in [RFC8299]. Nevertheless, that approach
was abandoned in favor of the "ietf
As discussed in Section 4, the L3NM is meant to manage L3VPN services within a service provider network. The module provides a network view of the service. Such a view is only visible within the service provider and is not exposed outside (to customers, for example). The items below discuss how the L3NM interfaces with other YANG modules:¶
- L3SM:
-
The L3NM is not a customer service model.¶
The internal view of the service (i.e., the L3NM) may be mapped to an external view that is visible to customers: the L3VPN Service Model (L3SM) [RFC8299].¶
The L3NM can be fed with inputs that are requested by customers. Such requests typically rely upon an L3SM template. Concretely, some parts of the L3SM module can be directly mapped to the L3NM, while other parts are generated as a function of the requested service and local guidelines. Some other parts are local to the service provider and do not map directly to the L3SM.¶
Note that using the L3NM within a service provider does not assume, nor does it preclude, exposing the VPN service via the L3SM. This is deployment specific. Nevertheless, the design of the L3NM tries to align as much as possible with the features supported by the L3SM to ease the grafting of both the L3NM and the L3SM for the sake of highly automated VPN service provisioning and delivery.¶
- Network Topology Modules:
- An L3VPN involves nodes that are part of a topology managed by the service provider network. The topology can be represented using the network topology YANG module defined in [RFC8345] or its extension, such as a network YANG module for Service Attachment Points (SAPs) [YANG-SAPs].¶
- Device Modules:
-
The L3NM is not a device model.¶
Once a global VPN service is captured by means of the L3NM, the actual activation and provisioning of the VPN service will involve a variety of device modules to tweak the required functions for the delivery of the service. These functions are supported by the VPN nodes and can be managed using device YANG modules. A non
-comprehensive list of such device YANG modules is provided below:¶ How the L3NM is used to derive device-specific actions is implementation specific.¶
6. Sample Uses of the L3NM Data Model
This section provides a non-exhaustive list of examples that illustrate contexts where the L3NM can be used.¶
6.1. Enterprise Layer 3 VPN Services
Enterprise L3VPNs are one of the most demanded services for
carriers; therefore, L3NM can be useful for automating the
provisioning and maintenance of these VPNs. Templates and batch
processes can be built, and as a result many parameters are needed for
the creation from scratch of a VPN that can be abstracted to the upper
Software
A common function that is supported by VPNs is the addition or removal of VPN nodes. Workflows can use the L3NM in these scenarios to add or prune nodes from the network data model as required.¶
6.2. Multi-Domain Resource Management
The implementation of L3VPN services that span
administrativel
For example, route targets (RTs) shall be synchronized between PEs. When all PEs are controlled by the same management system, RT allocation can be performed by that management system. In cases where the service spans multiple management systems, the task of allocating RTs has to be aligned across the domains; therefore, the network model must provide a way to specify RTs. In addition, route distinguishers (RDs) must also be synchronized to avoid collisions of RD allocations between separate management systems. An incorrect allocation might lead to the same RD and IP prefixes being exported by different PEs.¶
6.3. Management of Multicast Services
Multicast services over L3VPNs can be implemented using dual PIM MVPNs (also known as the draft-rosen model) [RFC6037] or MVPNs based on Multiprotocol BGP (MP-BGP) [RFC6513] [RFC6514]. Both methods are supported and equally effective, but the main difference is that MP-BGP-based MVPNs do not require multicast configuration on the service provider network. MP-BGP MVPNs employ the intra-AS BGP control plane and PIM Sparse Mode [RFC7761] as the data plane. The PIM state information is maintained between PEs using the same architecture that is used for unicast VPNs.¶
On the other hand, [RFC6037] has limitations,
such as reduced options for transport, control plane scalability,
availability, operational inconsistency, and the need to maintain
state in the backbone. Because of these limitations, MP-BGP MVPNs provide the
architectural model that has been taken as the base for implementing
multicast services in L3VPNs. In this scenario, BGP is used to
autodiscover MVPN PE members and the customer PIM signaling is sent
across the provider's core through MP-BGP. The multicast traffic is
transported on MPLS Point
7. Description of the L3NM YANG Module
The L3NM
The full tree diagram of the module can be generated using the "pyang" tool [PYANG]. That tree is not included here because it is too long (Section 3.3 of [RFC8340]). Instead, subtrees are provided for the reader's convenience.¶
7.1. Overall Structure of the Module
The "ietf
The 'vpn-profiles' container is used by the provider to maintain a set of common VPN profiles that apply to one or several VPN services (Section 7.2).¶
The 'vpn-services' container maintains the set of VPN services managed within the service provider network. The 'vpn-service' is the data structure that abstracts a VPN service (Section 7.3).¶
Some of the data nodes are keyed by the address family. For the sake of data representation compactness, it is RECOMMENDED to use the dual-stack address family for data nodes that have the same value for both IPv4 and IPv6. If, for some reason, a data node is present for both dual-stack and IPv4 (or IPv6), the value that is indicated under dual-stack takes precedence over the value that is indicated under IPv4 (or IPv6).¶
7.2. VPN Profiles
The 'vpn-profiles' container (Figure 4) allows the VPN service provider to define and maintain a set of VPN profiles [RFC9181] that apply to one or several VPN services.¶
This document does not make any assumption about the exact definition of these profiles. The exact definition of the profiles is local to each VPN service provider. The model only includes an identifier for these profiles in order to facilitate identifying and binding local policies when building a VPN service. As shown in Figure 4, the following identifiers can be included:¶
- 'external
-connectivity -identifier' : - This identifier refers to a profile that defines the external connectivity provided to a VPN service (or a subset of VPN sites). External connectivity may be access to the Internet or restricted connectivity, such as access to a public/private cloud.¶
- 'encryption
-profile -identifier' : - An encryption profile refers to a set of policies related to the encryption schemes and setup that can be applied when building and offering a VPN service.¶
- 'qos
-profile -identifier' : - A Quality of Service (QoS) profile refers to a set of policies, such as classification, marking, and actions (e.g., [RFC3644]).¶
- 'bfd
-profile -identifier' : - A Bidirectional Forwarding Detection (BFD) profile refers to a set of BFD policies [RFC5880] that can be invoked when building a VPN service.¶
- 'forwarding
-profile -identifier' : - A forwarding profile refers to the policies that apply to the forwarding of packets conveyed within a VPN. Such policies may consist, for example, of applying Access Control Lists (ACLs).¶
- 'routing
-profile -identifier' : - A routing profile refers to a set of routing policies that will be invoked (e.g., BGP policies) when delivering the VPN service.¶
7.3. VPN Services
The 'vpn-service' is the data structure that abstracts a VPN service in the service provider network. Each 'vpn-service' is uniquely identified by an identifier: 'vpn-id'. Such a 'vpn-id' is only meaningful locally (e.g., the network controller). The subtree of the 'vpn-services' is shown in Figure 5.¶
The descriptions of the VPN service data nodes that are depicted in Figure 5 are as follows:¶
- 'vpn-id':
- An identifier that is used to uniquely identify the L3VPN service within the L3NM scope.¶
- 'vpn-name':
- Associates a name with the service in order to facilitate the identification of the service.¶
- 'vpn
-description' : -
Includes a textual description of the service.¶
The internal structure of a VPN description is local to each VPN service provider.¶
- 'customer-name':
- Indicates the name of the customer who ordered the service.¶
- 'parent
-service -id' : - Refers to an identifier of the parent service (e.g., L3SM, IETF network slice, VPN+) that triggered the creation of the VPN service. This identifier is used to easily correlate the (network) service as built in the network with a service order. A controller can use that correlation to enrich or populate some fields (e.g., description fields) as a function of local deployments.¶
- 'vpn-type':
- Indicates the VPN type. The values are taken from [RFC9181]. For the L3NM, this is typically set to "BGP/MPLS L3VPN", but other values may be defined to support specific Layer 3 VPN capabilities (e.g., [RFC9136]).¶
- 'vpn
-service -topology' : - Indicates the network topology for the service: 'hub-spoke', 'any-to-any', or 'custom'. The network implementation of this attribute is defined by the correct usage of import and export targets (Section 4.3.5 of [RFC4364]).¶
- 'status':
-
Used to track the service status of a given VPN service. Both operational status and administrative status are maintained together with a timestamp. For example, a service can be created but not put into effect.¶
Administrative status and operational status can be used as a trigger to detect service anomalies. For example, a service that is declared active at the service layer but is still inactive at the network layer may be an indication that network provision actions are needed to align the observed service status with the expected service status.¶
- 'vpn
-instance -profiles' : -
Defines reusable parameters for the same 'vpn-service'.¶
More details are provided in Section 7.4.¶
- 'underlay
-transport' : -
Describes the preference for the transport technology to carry the traffic of the VPN service. This preference is especially useful in networks with multiple domains and Network
-to -Network Interface (NNI) types. The underlay transport can be expressed as an abstract transport instance (e.g., an identifier of a VPN+ instance, a virtual network identifier, or a network slice name) or as an ordered list of the actual protocols to be enabled in the network.¶ A rich set of protocol identifiers that can be used to refer to an underlay transport are defined in [RFC9181].¶
- 'external
-connectivity' : -
Indicates whether/how external connectivity is provided to the VPN service. For example, a service provider may provide external connectivity to a VPN customer (e.g., to a public cloud). Such a service may involve tweaking both filtering and NAT rules (e.g., binding a Virtual Routing and Forwarding (VRF) interface with a NAT instance as discussed in Section 2.10 of [RFC8512]). These value-added features may be bound to all, or a subset of, network accesses. Some of these value-added features may be implemented in a PE or in nodes other than PEs (e.g., a P node or even a dedicated node that hosts the NAT function).¶
Only a pointer to a local profile that defines the external
-connectivity feature is supported in this document.¶ - 'vpn-node':
-
An abstraction that represents a set of policies applied to a network node and belonging to a single 'vpn-service'. A VPN service is typically built by adding instances of 'vpn-node' to the 'vpn-nodes' container.¶
A 'vpn-node' contains 'vpn
-network -accesses', which are the interfaces attached to the VPN by which the customer traffic is received. Therefore, the customer sites are connected to the 'vpn -network -accesses' .¶ Note that because this is a network data model, information about customers' sites is not required in the model. Rather, such information is relevant in the L3SM. Whether that information is included in the L3NM, e.g., to populate the various 'description' data nodes, is implementation specific.¶
More details are provided in Section 7.5.¶
7.4. VPN Instance Profiles
VPN instance profiles are meant to factorize data nodes that are used at many levels of the model. Generic VPN instance profiles are defined at the VPN service level and then called at the VPN node and VPN network access levels. Each VPN instance profile is identified by 'profile-id'. This identifier is then referenced for one or multiple VPN nodes (Section 7.5) so that the controller can identify generic resources (e.g., RTs and RDs) to be configured for a given VRF instance.¶
The subtree of the 'vpn
The descriptions of the listed data nodes are as follows:¶
- 'profile-id':
- Used to uniquely identify a VPN instance profile.¶
- 'role':
- Indicates the role of the VPN instance
profile in the VPN. Role values are defined in [RFC9181] (e.g.,
'any
-to -any -role', 'spoke-role', 'hub-role').¶ - 'local-as':
- Indicates the Autonomous System Number (ASN) that is configured for the VPN node.¶
- 'rd':
-
As defined in [RFC9181], the following RD assignment modes are supported: direct assignment, full automatic assignment, automatic assignment from a given pool, and no assignment. For illustration purposes, the following modes can be used in the deployment cases:¶
- 'directly
-assigned' : - The VPN service provider (service orchestrator) assigns RDs explicitly. This case will fit with a brownfield scenario where some existing services need to be updated by the VPN service provider.¶
- 'full-auto':
- The network controller auto-assigns RDs. This can apply for the deployment of new services.¶
- 'no-rd':
- The VPN service provider (service orchestrator) explicitly wants no RD to be assigned. This case can be used for CE testing within the network or for troubleshooting proposes.¶
Also, the module accommodates deployments where only the Assigned Number subfield of RDs (Section 4.2 of [RFC4364]) is assigned from a pool while the Administrator subfield is set to, for example, the Router ID that is assigned to a VPN node. The module supports these modes for managing the Assigned Number subfield: explicit assignment, auto-assignment from a pool, and full auto
-assignment .¶ - 'directly
- 'address
-family' : -
Includes a set of data nodes per address family:¶
- 'address
-family' : - Identifies the address family. It can be set to 'ipv4', 'ipv6', or 'dual-stack'.¶
- 'vpn-targets':
- Specifies RT import/export rules for the VPN service (Section 4.3 of [RFC4364]).¶
- 'maximum
-routes' : - Indicates the maximum number of prefixes that the VPN node can accept for a given routing protocol. If 'protocol' is set to 'any', this means that the maximum value applies to each active routing protocol.¶
- 'address
- 'multicast':
- Enables multicast traffic in the VPN service. Refer to Section 7.7.¶
7.5. VPN Nodes
The 'vpn-node' is an abstraction that represents a set of common policies applied on a given network node (typically, a PE) and belonging to one L3VPN service. The 'vpn-node' includes a parameter to indicate the network node on which it is applied. In the case that the 'ne-id' points to a specific PE, the 'vpn-node' will likely be mapped to a VRF instance in the node. However, the model also allows pointing to an abstract node. In this case, the network controller will decide how to split the 'vpn-node' into VRF instances.¶
The VPN node subtree structure is shown in Figure 7.¶
The descriptions of the 'vpn-node' data nodes (Figure 7) are as follows:¶
- 'vpn-node-id':
- An identifier that uniquely identifies a node that enables a VPN network access.¶
- 'description':
- Provides a textual description of the VPN node.¶
- 'ne-id':
- Includes a unique identifier of the network element where the VPN node is deployed.¶
- 'local-as':
- Indicates the ASN that is configured for the VPN node.¶
- 'router-id':
- Indicates a 32-bit number that is used to uniquely identify a router within an AS.¶
- 'active
-vpn -instance -profiles' : -
Lists the set of active VPN instance profiles for this VPN node. Concretely, one or more VPN instance profiles that are defined at the VPN service level can be enabled at the VPN node level; each of these profiles is uniquely identified by means of 'profile-id'. The structure of 'active
-vpn -instance -profiles' is the same as the structure discussed in Section 7.4, except that the structure of 'active -vpn -instance -profiles' includes 'router-id' but does not include the 'role' leaf. The value of 'router-id' indicated under 'active -vpn -instance -profiles' takes precedence over the 'router-id' under the 'vpn-node' for the indicated address family. For example, Router IDs can be configured per address family. This capability can be used, for example, to configure an IPv6 address as a Router ID when such a capability is supported by involved routers.¶ Values defined in 'active
-vpn -instance -profiles' override the values defined at the VPN service level. An example is shown in Appendix A.3.¶ - 'msdp':
- For redundancy purposes, the Multicast Source Discovery Protocol (MSDP) [RFC3618] may be enabled and used to share state information about sources between multiple Rendezvous Points (RPs). The purpose of MSDP in this context is to enhance the robustness of the multicast service. MSDP may be configured on non-RP routers; this is useful in a domain that does not support multicast sources but does support multicast transit.¶
- 'groups':
- Lists the groups to which a VPN node belongs [RFC9181]. For example, the 'group-id' is used to associate redundancy or protection constraints with VPN nodes.¶
- 'status':
- Tracks the status of a node involved in a VPN service. Both operational status and administrative status are maintained. A mismatch between the administrative status vs. the operational status can be used as a trigger to detect anomalies.¶
- 'vpn
-network -accesses' : -
Represents the point to which sites are connected.¶
Note that unlike the L3SM, the L3NM does not need to model the customer site -- only the points that receive traffic from the site (i.e., the PE side of Provider Edge to Customer Edge (PE-CE) connections). Hence, the VPN network access contains the connectivity information between the provider's network and the customer premises. The VPN profiles
('vpn -profiles' ) have a set of routing policies that can be applied during the service creation.¶ See Section 7.6 for more details.¶
7.6. VPN Network Accesses
The 'vpn
A 'vpn
- 'id':
- An identifier of the VPN network access.¶
- 'interface-id':
- Indicates the physical or logical interface on which the VPN network access is bound.¶
- 'description':
- Includes a textual description of the VPN network access.¶
- 'vpn
-network -access -type' : -
Used to select the type of network interface to be deployed in the devices. The available defined values are as follows:¶
- 'point
-to -point' : - Represents a direct connection
between the endpoints. The controller must keep the
association between a logical or physical interface on the
device with the 'id' of the 'vpn
-network -access' .¶ - 'multipoint':
- Represents a multipoint connection
between the customer site and the PEs. The controller must
keep the association between a logical or physical interface
on the device with the 'id' of the 'vpn
-network -access' .¶ - 'irb':
- Represents a connection coming from an
L2VPN service. An identifier of such a service ('l2vpn-id') may
be included in the 'connection' container, as depicted in Figure 9 (Section 7.6.1). The controller must keep
the relationship between the logical tunnels or bridges on the
devices with the 'id' of the 'vpn
-network -access' .¶ - 'loopback':
- Represents the creation of a logical interface on a device. An example that illustrates how a loopback interface can be used in the L3NM is provided in Appendix A.2.¶
- 'point
- 'vpn
-instance -profile' : - Provides a pointer to an active VPN instance profile at the VPN node level. Referencing an active VPN instance profile implies that all associated data nodes will be inherited by the VPN network access. However, some inherited data nodes (e.g., multicast) can be overridden at the VPN network access level. In such a case, adjusted values take precedence over inherited values.¶
- 'status':
- Indicates both operational status and administrative status of a VPN network access.¶
- 'connection':
- Represents and groups the set of Layer 2 connectivity from where the traffic of the L3VPN in a particular VPN network access is coming. See Section 7.6.1.¶
- 'ip-connection':
- Contains Layer 3 connectivity information on a VPN network access (e.g., IP addressing). See Section 7.6.2.¶
- 'routing
-protocols' : - Includes the CE-PE routing configuration information. See Section 7.6.3.¶
- 'oam':
- Specifies the Operations, Administration, and Maintenance (OAM) mechanisms used for a VPN network access. See Section 7.6.4.¶
- 'security':
- Specifies the authentication and the encryption to be applied for a given VPN network access. See Section 7.6.5.¶
- 'service':
- Specifies the service parameters (e.g., QoS, multicast) to apply for a given VPN network access. See Section 7.6.6.¶
7.6.1. Connection
The 'connection' container represents the Layer 2 connectivity to the L3VPN for a particular VPN network access. As shown in the tree depicted in Figure 9, the 'connection' container defines protocols and parameters to enable such connectivity at Layer 2.¶
The traffic can enter the VPN with or without encapsulation (e.g., VLAN, QinQ). The 'encapsulation' container specifies the Layer 2 encapsulation to use (if any) and allows the configuration of the relevant tags.¶
The interface that is attached to the L3VPN is identified by the
'interface-id' at the 'vpn
If a Layer 2 tunnel is needed to terminate the service in the
CE-PE connection, the 'l2
As discussed in Section 7.6, 'l2vpn-id' is used to identify the L2VPN service that is associated with an Integrated Routing and Bridging (IRB) interface.¶
To accommodate implementations that require internal bridging, a
local bridge reference can be specified in 'local
A site, as per [RFC4176], represents a VPN
customer's location that is connected to the service provider
network via a CE-PE link, which can access at least one VPN. The
connection from the site to the service provider network is the
bearer. Every site is associated with a list of bearers. A bearer is
the Layer 2 connection with the site. In the L3NM, it is assumed
that the bearer has been allocated by the service provider at the
service orchestration stage. The bearer is associated with a network
element and a port. Hence, a bearer is just a 'bearer
The L3NM can be used to create a Link Aggregation Group (LAG) interface for a given L3VPN
service
7.6.2. IP Connection
This container is used to group Layer 3 connectivity information,
particularly the IP addressing information, of a VPN network access.
The allocated address represents the PE interface address
configuration. Note that a distinct Layer 3 interface other than the
interface indicated under the 'connection' container may be needed to
terminate the Layer 3 service. The identifier of such an interface is
included in 'l3
As shown in Figure 10, the 'ip-connection' container can include IPv4, IPv6, or both if dual-stack is enabled.¶
For both IPv4 and IPv6, the IP connection supports three IP
address assignment modes for customer addresses: provider DHCP, DHCP
relay, and static addressing. Note that for the IPv6 case, Stateless Address Autoconfigurati
When 'address
Figure 11 shows the structure of the dynamic IPv4 address assignment (i.e., by means of DHCP).¶
Figure 12 shows the structure of the
dynamic IPv6 address assignment (i.e., DHCPv6 and/or SLAAC). Note
that if 'address
In the case of static addressing (Figure 13), the model supports the
assignment of several IP addresses in the same 'vpn
7.6.3. CE-PE Routing Protocols
A VPN service provider can configure one or more routing
protocols associated with a particular 'vpn
The subtree of the 'routing
Multiple routing instances can be defined, each uniquely
identified by an 'id'. The type of routing instance is indicated in
'type'. The values of these attributes are those defined in [RFC9181] (the 'routing
Configuring multiple instances of the same routing protocol does not automatically imply that, from a device configuration perspective, there will be parallel instances (e.g., multiple processes) running on the PE-CE link. It is up to each implementation (typically, network orchestration, as shown in Figure 1) to decide on the appropriate configuration as a function of underlying capabilities and service provider operational guidelines. As an example, when multiple BGP peers need to be implemented, multiple instances of BGP must be configured as part of this model. However, from a device configuration point of view, this could be implemented as:¶
Routing configuration does not include low-level policies. Such
policies are handled at the device configuration level. Local
policies of a service provider (e.g., filtering) are implemented as
part of the device configuration; these are not captured in the
L3NM, but the model allows local profiles to be associated with
routing instances
7.6.3.1. Static Routing
The L3NM supports the configuration of one or more IPv4/IPv6 static routes. Since the same structure is used for both IPv4 and IPv6, using one single container to group both static entries independently of their address family was considered at one time, but that design was abandoned to ease the mapping, using the structure provided in [RFC8299].¶
The static routing subtree structure is shown in Figure 15.¶
As depicted in Figure 15, the following data nodes can be defined for a given IP prefix:¶
- 'lan-tag':
- Indicates a local tag (e.g.,
"myfavorite
-lan" ) that is used to enforce local policies.¶ - 'next-hop':
- Indicates the next hop to be used for the static route. It can be identified by an IP address, a predefined next-hop type (e.g., 'discard' or 'local-link'), etc.¶
- 'bfd-enable':
- Indicates whether BFD is enabled or disabled for this static route entry.¶
- 'metric':
- Indicates the metric associated with the static route entry. This metric is used when the route is exported into an IGP.¶
- 'preference':
- Indicates the preference associated with the static route entry. This preference is used to select a preferred route among routes to the same destination prefix.¶
- 'status':
- Used to convey the status of a static route entry. This data node can also be used to control the (de)activation of individual static route entries.¶
7.6.3.2. BGP
The L3NM allows the configuration of a BGP neighbor, including a set of parameters that are pertinent to be tweaked at the network level for service customization purposes. The 'bgp' container does not aim to include every BGP parameter; a comprehensive set of parameters belongs more to the BGP device model.¶
The BGP routing subtree structure is shown in Figure 16.¶
The following data nodes are captured in Figure 16. It is up to the implementation (e.g., network orchestrator) to derive the corresponding BGP device configuration:¶
- 'description':
- Includes a description of the BGP session.¶
- 'local-as':
- Indicates a local AS Number (ASN), if a distinct ASN is required other than the ASN configured at the VPN node level.¶
- 'peer-as':
- Conveys the customer's ASN.¶
- 'address
-family' : -
Indicates the address family of the peer. It can be set to 'ipv4', 'ipv6', or 'dual-stack'.¶
This address family will be used together with the 'vpn-type' to derive the appropriate Address Family Identifiers (AFIs) / Subsequent Address Family Identifiers (SAFIs) that will be part of the derived device configurations (e.g., unicast IPv4 MPLS L3VPN (AFI,SAFI = 1,128) as defined in Section 4.3.4 of [RFC4364]).¶
- 'local-address':
- Specifies an address or a reference to an interface to use when establishing the BGP transport session.¶
- 'neighbor':
- Can indicate two neighbors (each for
a given address family) or one neighbor (if the 'address
-family' attribute is set to 'dual-stack'). A list of IP address(es) of the BGP neighbor(s) can then be conveyed in this data node.¶ - 'multihop':
- Indicates the number of allowed IP hops between a PE and its BGP peer.¶
- 'as-override':
- If set, this parameter indicates whether ASN override is enabled, i.e., replacing the ASN of the customer specified in the AS_PATH BGP attribute with the ASN identified in the 'local-as' attribute.¶
- 'allow-own-as':
- Used in some topologies (e.g., hub-and-spoke) to allow the provider's ASN to be included in the AS_PATH BGP attribute received from a CE. Loops are prevented by setting 'allow-own-as' to a maximum number of the provider's ASN occurrences. By default, this parameter is set to '0' (that is, reject any AS_PATH attribute that includes the provider's ASN).¶
- 'prepend
-global -as' : - When distinct ASNs are configured at the VPN node and network access levels, this parameter controls whether the ASN provided at the VPN node level is prepended to the AS_PATH attribute.¶
- 'send
-default -route' : - Controls whether default routes can be advertised to the peer.¶
- 'site
-of -origin' : - Meant to uniquely identify the set of routes learned from a site via a particular CE-PE connection. It is used to prevent routing loops (Section 7 of [RFC4364]). The Site of Origin attribute is encoded as a Route Origin Extended Community.¶
- 'ipv6
-site -of -origin' : - Carries an IPv6 Address Specific BGP Extended Community that is used to indicate the Site of Origin for VRF information [RFC5701]. It is used to prevent routing loops.¶
- 'redistribute
-connected' : - Controls whether the PE-CE link is advertised to other PEs.¶
- 'bgp
-max -prefix' : -
Controls the behavior when a prefix maximum is reached.¶
- 'max-prefix':
- Indicates the maximum number
of BGP prefixes allowed in the BGP session. If the limit
is reached, the action indicated in 'violate
-action' will be followed.¶ - 'warning
-threshold' : - A warning notification is triggered when this limit is reached.¶
- 'violate
-action' : - Indicates which action to execute when the maximum number of BGP prefixes is reached. Examples of such actions include sending a warning message, discarding extra paths from the peer, or restarting the session.¶
- 'restart-timer':
- Indicates, in seconds, the time interval after which the BGP session will be reestablished.¶
- 'bgp-timers':
- Two timers can be captured in this container: (1) 'hold-time', which is the time interval that will be used for the Hold Timer (Section 4.2 of [RFC4271]) when establishing a BGP session and (2) 'keepalive', which is the time interval for the KeepaliveTimer between a PE and a BGP peer (Section 4.4 of [RFC4271]). Both timers are expressed in seconds.¶
- 'authentication'
: -
The module adheres to the recommendations in Section 13.2 of [RFC4364], as it allows enabling the TCP Authentication Option (TCP-AO) [RFC5925] and accommodates the installed base that makes use of MD5. In addition, the module includes a provision for using IPsec.¶
This version of the L3NM assumes that parameters specific to the TCP-AO are preconfigured as part of the key chain that is referenced in the L3NM. No assumption is made about how such a key chain is preconfigured. However, the structure of the key chain should cover data nodes beyond those in [RFC8177], mainly SendID and RecvID (Section 3.1 of [RFC5925]).¶
- 'status':
- Indicates the status of the BGP routing instance.¶
7.6.3.3. OSPF
OSPF can be configured to run as a routing protocol on the
'vpn
The OSPF routing subtree structure is shown in Figure 17.¶
The following data nodes are captured in Figure 17:¶
- 'address
-family' : -
Indicates whether IPv4, IPv6, or both address families are to be activated.¶
When the IPv4 or dual-stack address family is requested, it is up to the implementation (e.g., network orchestrator) to decide whether OSPFv2 [RFC4577] or OSPFv3 [RFC6565] is used to announce IPv4 routes. Such a decision will typically be reflected in the device configurations that will be derived to implement the L3VPN.¶
- 'area-id':
- Indicates the OSPF Area ID.¶
- 'metric':
- Associates a metric with OSPF routes.¶
- 'sham-links':
- Used to create OSPF sham links between two VPN network accesses sharing the same area and having a backdoor link (Section 4.2.7 of [RFC4577] and Section 5 of [RFC6565]).¶
- 'max-lsa':
- Sets the maximum number of Link State Advertisements (LSAs) that the OSPF instance will accept.¶
- 'authentication'
: - Controls the authentication schemes to be enabled for the OSPF instance. The following options are supported: IPsec for OSPFv3 authentication [RFC4552], and the Authentication Trailer for OSPFv2 [RFC5709] [RFC7474] and OSPFv3 [RFC7166].¶
- 'status':
- Indicates the status of the OSPF routing instance.¶
7.6.3.4. IS-IS
The model allows the user
to configure IS-IS [ISO10589] [RFC1195] [RFC5308] to run on
the 'vpn
The following IS-IS data nodes are supported:¶
- 'address
-family' : - Indicates whether IPv4, IPv6, or both address families are to be activated.¶
- 'area-address':
- Indicates the IS-IS area address.¶
- 'level':
- Indicates the IS-IS level: Level 1, Level 2, or both.¶
- 'metric':
- Associates a metric with IS-IS routes.¶
- 'mode':
- Indicates the IS-IS interface mode type. It can be set to 'active' (that is, send or receive IS-IS protocol control packets) or 'passive' (that is, suppress the sending of IS-IS updates through the interface).¶
- 'authentication'
: - Controls the authentication schemes to be enabled for the IS-IS instance. Both the specification of a key chain [RFC8177] and the direct specification of key and authentication algorithms are supported.¶
- 'status':
- Indicates the status of the IS-IS routing instance.¶
7.6.3.5. RIP
The model allows the user to
configure RIP to run on the 'vpn
As shown in Figure 19, the following RIP data nodes are supported:¶
- 'address
-family' : - Indicates whether IPv4, IPv6, or both address families are to be activated. This parameter is used to determine whether RIPv2 [RFC2453], RIP Next Generation (RIPng), or both are to be enabled [RFC2080].¶
- 'timers':
-
Indicates the following timers:¶
- 'update
-interval' : - The interval at which RIP updates are sent.¶
- 'invalid
-interval' : - The interval before a RIP route is declared invalid.¶
- 'holddown
-interval' : - The interval before better RIP routes are released.¶
- 'flush
-interval' : - The interval before a route is removed from the routing table.¶
These timers are expressed in seconds.¶
- 'update
- 'default
-metric' : - Sets the default RIP metric.¶
- 'authentication'
: - Controls the authentication schemes to be enabled for the RIP instance.¶
- 'status':
- Indicates the status of the RIP routing instance.¶
7.6.3.6. VRRP
The model allows enabling the Virtual Router Redundancy Protocol (VRRP) on
the 'vpn
The following data nodes are supported:¶
- 'address
-family' : - Indicates whether IPv4, IPv6, or both address families are to be activated. Note that VRRP version 3 [RFC5798] supports both IPv4 and IPv6.¶
- 'vrrp-group':
- Used to identify the VRRP group.¶
- 'backup-peer':
- Carries the IP address of the peer.¶
- 'virtual
-ip -address' : - Includes virtual IP addresses for a single VRRP group.¶
- 'priority':
- Assigns the VRRP election priority for the backup virtual router.¶
- 'ping-reply':
- Controls whether the VRRP speaker should reply to ping requests.¶
- 'status':
- Indicates the status of the VRRP instance.¶
Note that no authentication data node is included for VRRP, as there isn't any type of VRRP authentication at this time (see Section 9 of [RFC5798]).¶
7.6.4. OAM
This container (Figure 21) defines the Operations, Administration, and Maintenance (OAM) mechanisms used for a VPN network access. In the current version of the L3NM, only BFD is supported.¶
The following OAM data nodes can be specified:¶
- 'session-type':
- Indicates which BFD flavor is used to set up the session (e.g., classic BFD [RFC5880], Seamless BFD [RFC7880]). By default, it is assumed that the BFD session will follow the behavior specified in [RFC5880].¶
- 'desired
-min -tx -interval' : - The minimum interval, in microseconds, that a PE would like to use when transmitting BFD Control packets, less any jitter applied.¶
- 'required
-min -rx -interval' : - The minimum interval, in microseconds, between received BFD Control packets that a PE is capable of supporting, less any jitter applied by the sender.¶
- 'local
-multiplier' : - The negotiated transmit interval, multiplied by this value, provides the detection time for the peer.¶
- 'holdtime':
- Used to indicate the expected BFD holddown time, in milliseconds. This value may be inherited from the service request (see Section 6.3.2.2.2 of [RFC8299]).¶
- 'profile':
- Refers to a BFD profile (Section 7.2). Such a profile can be set by the provider or inherited from the service request (see Section 6.3.2.2.2 of [RFC8299]).¶
- 'authentication'
: - Includes the required information to enable the BFD authentication modes discussed in Section 6.7 of [RFC5880]. In particular, 'meticulous' controls the activation of meticulous mode as discussed in Sections 6.7.3 and 6.7.4 of [RFC5880].¶
- 'status':
- Indicates the status of BFD.¶
7.6.5. Security
The 'security' container specifies the authentication and the encryption to be applied to traffic for a given VPN network access. As depicted in the subtree shown in Figure 22, the L3NM can be used to directly control the encryption to be applied (e.g., Layer 2 or Layer 3 encryption) or invoke a local encryption profile.¶
7.6.6. Services
7.6.6.1. Overview
The 'service' container specifies the service parameters to apply for a given VPN network access (Figure 23).¶
The following data nodes are defined:¶
- 'pe
-to -ce -bandwidth' : - Indicates, in bits per second (bps), the inbound bandwidth of the connection (i.e., the download bandwidth from the service provider to the site).¶
- 'ce
-to -pe -bandwidth' : - Indicates, in bps, the outbound bandwidth of the connection (i.e., the upload bandwidth from the site to the service provider).¶
- 'mtu':
- Indicates the MTU at the service level.¶
- 'qos':
- Used to define a set of QoS policies to apply on a given connection (refer to Section 7.6.6.2 for more details).¶
- 'carriers
-carrier' : - Groups a set of parameters that are used when Carriers' Carriers (CsC) is enabled, such as using BGP for signaling purposes [RFC8277].¶
- 'ntp':
- Time synchronization may be needed in some VPNs, such as infrastructure and management VPNs. This container is used to enable the NTP service [RFC5905].¶
- 'multicast':
- Specifies the multicast mode and other data nodes, such as the address family. Refer to Section 7.7.¶
7.6.6.2. QoS
The 'qos' container is used to define a set of QoS policies to
apply on a given connection (Figure 24). A
QoS policy may be a classification or an action policy. For
example, a QoS action can be defined to rate-limit
inbound
QoS classification can be based on many criteria, such as the following:¶
- Layer 3:
- As shown in Figure 25, classification can be based on any IP header field or a combination thereof. Both IPv4 and IPv6 are supported.¶
- Layer 4:
-
As discussed in [RFC9181], any Layer 4 protocol can be indicated in the 'protocol' data node under 'l3' (Figure 25), but only TCP- and UDP-specific match criteria are elaborated in this version, as these protocols are widely used in the context of VPN services. Augmentations can be considered in the future to add other Layer
-4 -specific data nodes, if needed.¶ TCP- or UDP-related match criteria can be specified in the L3NM, as shown in Figure 26.¶
As discussed in [RFC9181], some transport protocols use existing protocols (e.g., TCP or UDP) as the substrate. The match criteria for such protocols may rely upon the 'protocol' setting under 'l3', TCP/UDP match criteria as shown in Figure 26, part of the TCP/UDP payload, or a combination thereof. This version of the module does not support such advanced match criteria. Future revisions of the VPN common module or augmentations to the L3NM may consider adding match criteria based on the transport protocol payload (e.g., by means of a bitmask match).¶
7.7. Multicast
Multicast may be enabled for a particular VPN at the VPN node and VPN network access levels (see Figure 27). Some data nodes (e.g., max-groups (Figure 28)) can be controlled at various levels: VPN service, VPN node level, or VPN network access.¶
Multicast
The model supports a single type of tree per VPN access
When ASM is used, the model supports the configuration of
Rendezvous Points (RPs). RP discovery may be 'static', 'bsr-rp', or
'auto-rp'. When set to 'static', RP
The model supports RP redundancy through the 'rp-redundancy' leaf. How the redundancy is achieved is out of scope.¶
When a particular VPN using ASM requires traffic
delivery that is more optimal (e.g., requested per the guidance in [RFC8299]),
'optimal
When configuring multicast
Multicast
8. L3NM YANG Module
This module uses types defined in [RFC6991], [RFC8343], and [RFC9181]. It also uses groupings defined in [RFC8519], [RFC8177], and [RFC8294].¶
9. Security Considerations
The YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040].
The lowest NETCONF layer is the secure transport layer, and the
mandatory
The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.¶
There are a number of data nodes defined in this YANG module that are
writable
- 'vpn-profiles':
- This container includes a set of sensitive data
that influence how the L3VPN service is delivered. For example, an
attacker who has access to these data nodes may be able to
manipulate routing policies, QoS policies, or encryption properties.
These data nodes are defined with "nacm
:default -deny -write" tagging [RFC9181].¶ - 'vpn-services':
- An attacker who is able to access network nodes can undertake various attacks, such as deleting a running L3VPN service, interrupting all the traffic of a client. In addition, an attacker may modify the attributes of a running service (e.g., QoS, bandwidth, routing protocols, keying material), leading to malfunctioning of the service and therefore to Service Level Agreement (SLA) violations. In addition, an attacker could attempt to create an L3VPN service or add a new network access. In addition to using NACM to prevent unauthorized access, such activity can be detected by adequately monitoring and tracking network configuration changes.¶
Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus important to
control read access (e.g., via get, get-config, or notification) to these data
nodes. These are the subtrees and data nodes and their
sensitivity
- 'customer-name' and 'ip
-connection' : - An attacker can retrieve
privacy-related information, which can be used to track a customer.
Disclosing such information may be considered a violation of the
customer
-provider trust relationship.¶ - 'keying
-material' : - An attacker can retrieve the cryptographic keys protecting the underlying VPN service (CE-PE routing, in particular). These keys could be used to inject spoofed routing advertisements.¶
Several data nodes ('bgp', 'ospf', 'isis', 'rip', and 'bfd') rely upon [RFC8177] for authentication purposes. Therefore, this module inherits the security considerations discussed in Section 5 of [RFC8177]. Also, these data nodes support supplying explicit keys as strings in ASCII format. The use of keys in hexadecimal string format would afford greater key entropy with the same number of key-string octets. However, such a format is not included in this version of the L3NM, because it is not supported by the underlying device modules (e.g., [RFC8695]).¶
As discussed in Section 7.6.3, the module supports MD5 to basically accommodate the installed BGP base. MD5 suffers from the security weaknesses discussed in Section 2 of [RFC6151] and Section 2.1 of [RFC6952].¶
[RFC8633] describes best current practices to be considered in VPNs making use of NTP. Moreover, a mechanism to provide cryptographic security for NTP is specified in [RFC8915].¶
10. IANA Considerations
IANA has registered the following URI in the "ns" subregistry within the "IETF XML Registry" [RFC3688]:¶
- URI:
- urn
:ietf :params :xml :ns :yang :ietf -l3vpn -ntw¶ - Registrant Contact:
- The IESG.¶
- XML:
- N/A; the requested URI is an XML namespace.¶
IANA has registered the following YANG module in the "YANG Module Names" subregistry [RFC6020] within the "YANG Parameters" registry.¶
11. References
11.1. Normative References
- [ISO10589]
-
ISO, "Information technology - Telecommunicati
ons and information exchange between systems - Intermediate System to Intermediate System intra-domain routeing information exchange protocol for use in conjunction with the protocol for providing the connectionless , ISO/IEC 10589:2002, , <https://-mode network service (ISO 8473)" www >..iso .org /standard /30932 .html - [RFC1112]
-
Deering, S., "Host extensions for IP multicasting", STD 5, RFC 1112, DOI 10
.17487 , , <https:///RFC1112 www >..rfc -editor .org /info /rfc1112 - [RFC1195]
-
Callon, R., "Use of OSI IS-IS for routing in TCP/IP and dual environments", RFC 1195, DOI 10
.17487 , , <https:///RFC1195 www >..rfc -editor .org /info /rfc1195 - [RFC2080]
-
Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080, DOI 10
.17487 , , <https:///RFC2080 www >..rfc -editor .org /info /rfc2080 - [RFC2119]
-
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10
.17487 , , <https:///RFC2119 www >..rfc -editor .org /info /rfc2119 - [RFC2236]
-
Fenner, W., "Internet Group Management Protocol, Version 2", RFC 2236, DOI 10
.17487 , , <https:///RFC2236 www >..rfc -editor .org /info /rfc2236 - [RFC2453]
-
Malkin, G., "RIP Version 2", STD 56, RFC 2453, DOI 10
.17487 , , <https:///RFC2453 www >..rfc -editor .org /info /rfc2453 - [RFC2710]
-
Deering, S., Fenner, W., and B. Haberman, "Multicast Listener Discovery (MLD) for IPv6", RFC 2710, DOI 10
.17487 , , <https:///RFC2710 www >..rfc -editor .org /info /rfc2710 - [RFC3376]
-
Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. Thyagarajan, "Internet Group Management Protocol, Version 3", RFC 3376, DOI 10
.17487 , , <https:///RFC3376 www >..rfc -editor .org /info /rfc3376 - [RFC3688]
-
Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10
.17487 , , <https:///RFC3688 www >..rfc -editor .org /info /rfc3688 - [RFC3810]
-
Vida, R., Ed. and L. Costa, Ed., "Multicast Listener Discovery Version 2 (MLDv2) for IPv6", RFC 3810, DOI 10
.17487 , , <https:///RFC3810 www >..rfc -editor .org /info /rfc3810 - [RFC4271]
-
Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 10
.17487 , , <https:///RFC4271 www >..rfc -editor .org /info /rfc4271 - [RFC4364]
-
Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, DOI 10
.17487 , , <https:///RFC4364 www >..rfc -editor .org /info /rfc4364 - [RFC4552]
-
Gupta, M. and N. Melam, "Authentication
/Confidentiality for OSPFv3" , RFC 4552, DOI 10.17487 , , <https:///RFC4552 www >..rfc -editor .org /info /rfc4552 - [RFC4577]
-
Rosen, E., Psenak, P., and P. Pillay-Esnault, "OSPF as the Provider
/Customer Edge Protocol for BGP/MPLS IP Virtual Private Networks (VPNs)" , RFC 4577, DOI 10.17487 , , <https:///RFC4577 www >..rfc -editor .org /info /rfc4577 - [RFC5308]
-
Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, DOI 10
.17487 , , <https:///RFC5308 www >..rfc -editor .org /info /rfc5308 - [RFC5701]
-
Rekhter, Y., "IPv6 Address Specific BGP Extended Community Attribute", RFC 5701, DOI 10
.17487 , , <https:///RFC5701 www >..rfc -editor .org /info /rfc5701 - [RFC5709]
-
Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M., Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic Authentication", RFC 5709, DOI 10
.17487 , , <https:///RFC5709 www >..rfc -editor .org /info /rfc5709 - [RFC5798]
-
Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6", RFC 5798, DOI 10
.17487 , , <https:///RFC5798 www >..rfc -editor .org /info /rfc5798 - [RFC5880]
-
Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, DOI 10
.17487 , , <https:///RFC5880 www >..rfc -editor .org /info /rfc5880 - [RFC5905]
-
Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification", RFC 5905, DOI 10
.17487 , , <https:///RFC5905 www >..rfc -editor .org /info /rfc5905 - [RFC5925]
-
Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, DOI 10
.17487 , , <https:///RFC5925 www >..rfc -editor .org /info /rfc5925 - [RFC6020]
-
Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10
.17487 , , <https:///RFC6020 www >..rfc -editor .org /info /rfc6020 - [RFC6241]
-
Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10
.17487 , , <https:///RFC6241 www >..rfc -editor .org /info /rfc6241 - [RFC6242]
-
Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10
.17487 , , <https:///RFC6242 www >..rfc -editor .org /info /rfc6242 - [RFC6513]
-
Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/BGP IP VPNs", RFC 6513, DOI 10
.17487 , , <https:///RFC6513 www >..rfc -editor .org /info /rfc6513 - [RFC6514]
-
Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP Encodings and Procedures for Multicast in MPLS/BGP IP VPNs", RFC 6514, DOI 10
.17487 , , <https:///RFC6514 www >..rfc -editor .org /info /rfc6514 - [RFC6565]
-
Pillay-Esnault, P., Moyer, P., Doyle, J., Ertekin, E., and M. Lundberg, "OSPFv3 as a Provider Edge to Customer Edge (PE-CE) Routing Protocol", RFC 6565, DOI 10
.17487 , , <https:///RFC6565 www >..rfc -editor .org /info /rfc6565 - [RFC6991]
-
Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, DOI 10
.17487 , , <https:///RFC6991 www >..rfc -editor .org /info /rfc6991 - [RFC7166]
-
Bhatia, M., Manral, V., and A. Lindem, "Supporting Authentication Trailer for OSPFv3", RFC 7166, DOI 10
.17487 , , <https:///RFC7166 www >..rfc -editor .org /info /rfc7166 - [RFC7474]
-
Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., "Security Extension for OSPFv2 When Using Manual Key Management", RFC 7474, DOI 10
.17487 , , <https:///RFC7474 www >..rfc -editor .org /info /rfc7474 - [RFC7761]
-
Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)", STD 83, RFC 7761, DOI 10
.17487 , , <https:///RFC7761 www >..rfc -editor .org /info /rfc7761 - [RFC7950]
-
Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10
.17487 , , <https:///RFC7950 www >..rfc -editor .org /info /rfc7950 - [RFC8040]
-
Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10
.17487 , , <https:///RFC8040 www >..rfc -editor .org /info /rfc8040 - [RFC8174]
-
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10
.17487 , , <https:///RFC8174 www >..rfc -editor .org /info /rfc8174 - [RFC8177]
-
Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. Zhang, "YANG Data Model for Key Chains", RFC 8177, DOI 10
.17487 , , <https:///RFC8177 www >..rfc -editor .org /info /rfc8177 - [RFC8294]
-
Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, "Common YANG Data Types for the Routing Area", RFC 8294, DOI 10
.17487 , , <https:///RFC8294 www >..rfc -editor .org /info /rfc8294 - [RFC8341]
-
Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10
.17487 , , <https:///RFC8341 www >..rfc -editor .org /info /rfc8341 - [RFC8343]
-
Bjorklund, M., "A YANG Data Model for Interface Management", RFC 8343, DOI 10
.17487 , , <https:///RFC8343 www >..rfc -editor .org /info /rfc8343 - [RFC8446]
-
Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10
.17487 , , <https:///RFC8446 www >..rfc -editor .org /info /rfc8446 - [RFC8466]
-
Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG Data Model for Layer 2 Virtual Private Network (L2VPN) Service Delivery", RFC 8466, DOI 10
.17487 , , <https:///RFC8466 www >..rfc -editor .org /info /rfc8466 - [RFC8519]
-
Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, "YANG Data Model for Network Access Control Lists (ACLs)", RFC 8519, DOI 10
.17487 , , <https:///RFC8519 www >..rfc -editor .org /info /rfc8519 - [RFC9181]
-
Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M., Ed., and Q. Wu, "A Common YANG Data Model for Layer 2 and Layer 3 VPNs", RFC 9181, DOI 10
.17487 , , <https:///RFC9181 www >..rfc -editor .org /info /rfc9181
11.2. Informative References
- [BGP-YANG]
-
Jethanandani, M., Patel, K., Hares, S., and J. Haas, "BGP YANG Model for Service Provider Networks", Work in Progress, Internet-Draft, draft
-ietf , , <https://-idr -bgp -model -12 datatracker >..ietf .org /doc /html /draft -ietf -idr -bgp -model -12 - [Enhanced
-VPN -Framework] -
Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A Framework for Enhanced Virtual Private Network (VPN+) Services", Work in Progress, Internet-Draft, draft
-ietf , , <https://-teas -enhanced -vpn -09 datatracker >..ietf .org /doc /html /draft -ietf -teas -enhanced -vpn -09 - [IEEE802.1AX]
-
IEEE, "802.1AX-2020 - IEEE Standard for Local and Metropolitan Area Networks--Link Aggregation", IEEE Std 802.1AX-2020, <https://
ieeexplore >..ieee .org /document /9105034 - [Network
-Slices -Framework] -
Farrel, A., Ed., Gray, E., Drake, J., Rokui, R., Homma, S., Makhijani, K., Contreras, LM., and J. Tantsura, "Framework for IETF Network Slices", Work in Progress, Internet-Draft, draft
-ietf , , <https://-teas -ietf -network -slices -05 datatracker >..ietf .org /doc /html /draft -ietf -teas -ietf -network -slices -05 - [PIM-YANG]
-
Liu, X., McAllister, P., Peter, A., Sivakumar, M., Liu, Y., and F. Hu, "A YANG Data Model for Protocol Independent Multicast (PIM)", Work in Progress, Internet-Draft, draft
-ietf , , <https://-pim -yang -17 datatracker >..ietf .org /doc /html /draft -ietf -pim -yang -17 - [PYANG]
-
"pyang", commit 524cf61, , <https://
github >..com /mbj4668 /pyang - [QoS-YANG]
-
Choudhary, A., Jethanandani, M., Aries, E., and I. Chen, "A YANG Data Model for Quality of Service (QoS)", Work in Progress, Internet-Draft, draft
-ietf , , <https://-rtgwg -qos -model -06 datatracker >..ietf .org /doc /html /draft -ietf -rtgwg -qos -model -06 - [RFC3618]
-
Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source Discovery Protocol (MSDP)", RFC 3618, DOI 10
.17487 , , <https:///RFC3618 www >..rfc -editor .org /info /rfc3618 - [RFC3644]
-
Snir, Y., Ramberg, Y., Strassner, J., Cohen, R., and B. Moore, "Policy Quality of Service (QoS) Information Model", RFC 3644, DOI 10
.17487 , , <https:///RFC3644 www >..rfc -editor .org /info /rfc3644 - [RFC4026]
-
Andersson, L. and T. Madsen, "Provider Provisioned Virtual Private Network (VPN) Terminology", RFC 4026, DOI 10
.17487 , , <https:///RFC4026 www >..rfc -editor .org /info /rfc4026 - [RFC4110]
-
Callon, R. and M. Suzuki, "A Framework for Layer 3 Provider
-Provisioned Virtual Private Networks (PPVPNs)" , RFC 4110, DOI 10.17487 , , <https:///RFC4110 www >..rfc -editor .org /info /rfc4110 - [RFC4176]
-
El Mghazli, Y., Ed., Nadeau, T., Boucadair, M., Chan, K., and A. Gonguet, "Framework for Layer 3 Virtual Private Networks (L3VPN) Operations and Management", RFC 4176, DOI 10
.17487 , , <https:///RFC4176 www >..rfc -editor .org /info /rfc4176 - [RFC4862]
-
Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfigurati
on" , RFC 4862, DOI 10.17487 , , <https:///RFC4862 www >..rfc -editor .org /info /rfc4862 - [RFC6037]
-
Rosen, E., Ed., Cai, Y., Ed., and IJ. Wijnands, "Cisco Systems' Solution for Multicast in BGP/MPLS IP VPNs", RFC 6037, DOI 10
.17487 , , <https:///RFC6037 www >..rfc -editor .org /info /rfc6037 - [RFC6151]
-
Turner, S. and L. Chen, "Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 6151, DOI 10
.17487 , , <https:///RFC6151 www >..rfc -editor .org /info /rfc6151 - [RFC6952]
-
Jethanandani, M., Patel, K., and L. Zheng, "Analysis of BGP, LDP, PCEP, and MSDP Issues According to the Keying and Authentication for Routing Protocols (KARP) Design Guide", RFC 6952, DOI 10
.17487 , , <https:///RFC6952 www >..rfc -editor .org /info /rfc6952 - [RFC7149]
-
Boucadair, M. and C. Jacquenet, "Software
-Defined Networking: A Perspective from within a Service Provider Environment" , RFC 7149, DOI 10.17487 , , <https:///RFC7149 www >..rfc -editor .org /info /rfc7149 - [RFC7297]
-
Boucadair, M., Jacquenet, C., and N. Wang, "IP Connectivity Provisioning Profile (CPP)", RFC 7297, DOI 10
.17487 , , <https:///RFC7297 www >..rfc -editor .org /info /rfc7297 - [RFC7426]
-
Haleplidis, E., Ed., Pentikousis, K., Ed., Denazis, S., Hadi Salim, J., Meyer, D., and O. Koufopavlou, "Software
-Defined Networking (SDN): Layers and Architecture Terminology" , RFC 7426, DOI 10.17487 , , <https:///RFC7426 www >..rfc -editor .org /info /rfc7426 - [RFC7880]
-
Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S. Pallagatti, "Seamless Bidirectional Forwarding Detection (S-BFD)", RFC 7880, DOI 10
.17487 , , <https:///RFC7880 www >..rfc -editor .org /info /rfc7880 - [RFC8077]
-
Martini, L., Ed. and G. Heron, Ed., "Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)", STD 84, RFC 8077, DOI 10
.17487 , , <https:///RFC8077 www >..rfc -editor .org /info /rfc8077 - [RFC8277]
-
Rosen, E., "Using BGP to Bind MPLS Labels to Address Prefixes", RFC 8277, DOI 10
.17487 , , <https:///RFC8277 www >..rfc -editor .org /info /rfc8277 - [RFC8299]
-
Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, "YANG Data Model for L3VPN Service Delivery", RFC 8299, DOI 10
.17487 , , <https:///RFC8299 www >..rfc -editor .org /info /rfc8299 - [RFC8309]
-
Wu, Q., Liu, W., and A. Farrel, "Service Models Explained", RFC 8309, DOI 10
.17487 , , <https:///RFC8309 www >..rfc -editor .org /info /rfc8309 - [RFC8340]
-
Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10
.17487 , , <https:///RFC8340 www >..rfc -editor .org /info /rfc8340 - [RFC8342]
-
Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10
.17487 , , <https:///RFC8342 www >..rfc -editor .org /info /rfc8342 - [RFC8345]
-
Clemm, A., Medved, J., Varga, R., Bahadur, N., Ananthakrishnan, H., and X. Liu, "A YANG Data Model for Network Topologies", RFC 8345, DOI 10
.17487 , , <https:///RFC8345 www >..rfc -editor .org /info /rfc8345 - [RFC8349]
-
Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for Routing Management (NMDA Version)", RFC 8349, DOI 10
.17487 , , <https:///RFC8349 www >..rfc -editor .org /info /rfc8349 - [RFC8453]
-
Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for Abstraction and Control of TE Networks (ACTN)", RFC 8453, DOI 10
.17487 , , <https:///RFC8453 www >..rfc -editor .org /info /rfc8453 - [RFC8512]
-
Boucadair, M., Ed., Sivakumar, S., Jacquenet, C., Vinapamula, S., and Q. Wu, "A YANG Module for Network Address Translation (NAT) and Network Prefix Translation (NPT)", RFC 8512, DOI 10
.17487 , , <https:///RFC8512 www >..rfc -editor .org /info /rfc8512 - [RFC8633]
-
Reilly, D., Stenn, H., and D. Sibold, "Network Time Protocol Best Current Practices", BCP 223, RFC 8633, DOI 10
.17487 , , <https:///RFC8633 www >..rfc -editor .org /info /rfc8633 - [RFC8695]
-
Liu, X., Sarda, P., and V. Choudhary, "A YANG Data Model for the Routing Information Protocol (RIP)", RFC 8695, DOI 10
.17487 , , <https:///RFC8695 www >..rfc -editor .org /info /rfc8695 - [RFC8792]
-
Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, "Handling Long Lines in Content of Internet-Drafts and RFCs", RFC 8792, DOI 10
.17487 , , <https:///RFC8792 www >..rfc -editor .org /info /rfc8792 - [RFC8915]
-
Franke, D., Sibold, D., Teichel, K., Dansarie, M., and R. Sundblad, "Network Time Security for the Network Time Protocol", RFC 8915, DOI 10
.17487 , , <https:///RFC8915 www >..rfc -editor .org /info /rfc8915 - [RFC8969]
-
Wu, Q., Ed., Boucadair, M., Ed., Lopez, D., Xie, C., and L. Geng, "A Framework for Automating Service and Network Management with YANG", RFC 8969, DOI 10
.17487 , , <https:///RFC8969 www >..rfc -editor .org /info /rfc8969 - [RFC9136]
-
Rabadan, J., Ed., Henderickx, W., Drake, J., Lin, W., and A. Sajassi, "IP Prefix Advertisement in Ethernet VPN (EVPN)", RFC 9136, DOI 10
.17487 , , <https:///RFC9136 www >..rfc -editor .org /info /rfc9136 - [YANG
-Composed -VPN] -
Even, R., Wu, B., Wu, Q., and Y. Cheng, "YANG Data Model for Composed VPN Service Delivery", Work in Progress, Internet-Draft, draft
-evenwu , , <https://-opsawg -yang -composed -vpn -03 datatracker >..ietf .org /doc /html /draft -evenwu -opsawg -yang -composed -vpn -03 - [YANG-SAPs]
-
Gonzalez de Dios, O., Barguil, S., Wu, Q., Boucadair, M., and V. Lopez, "A Network YANG Model for Service Attachment Points", Work in Progress, Internet-Draft, draft
-ietf , , <https://-opsawg -sap -00 datatracker >..ietf .org /doc /html /draft -ietf -opsawg -sap -00
Appendix A. L3VPN Examples
A.1. 4G VPN Provisioning Example
L3VPNs are widely used to deploy 3G/4G, fixed, and enterprise services, mainly because several traffic discrimination policies can be applied within the network to deliver to the mobile customers a service that meets the SLA requirements.¶
Typically, and as shown in Figure 31,
an eNodeB (CE) is directly connected to the access routers
of the mobile backhaul and their logical interfaces (one or many,
according to the service type) are configured in a VPN that transports
the packets to the mobile core platforms. In this example, a
'vpn-node' is created with two 'vpn
To create an L3VPN service using the L3NM, the following steps can be followed.¶
First, create the 4G VPN service (Figure 32).¶
Second, create a VPN node, as depicted in Figure 33. In this type of service, the VPN node
is equivalent to VRF configured in the physical device
Finally, two VPN network accesses are created using the same
physical port
A.2. Loopback Interface
An example of a loopback interface is depicted in Figure 35.¶
A.3. Overriding VPN Instance Profile Parameters
Figure 36 shows a simplified example to
illustrate how some information that is provided at the VPN service
level (particularly as part of the 'vpn
A.4. Multicast VPN Provisioning Example
IPTV is mainly distributed through multicast over the LANs. In the following example, PIM - Sparse Mode (PIM-SM) is enabled and functional between the PE and the CE. The PE receives multicast traffic from a CE that is directly connected to the multicast source. The signaling between the PE and the CE is achieved using BGP. Also, the RP is statically configured for a multicast group.¶
Figure 38 illustrates how to configure a multicast L3VPN service using the L3NM.¶
First, the multicast service is created together with a generic VPN instance profile (see the excerpt of the request message body shown in Figure 38).¶
Then, the VPN nodes are created (see the excerpt of the request message body shown in Figure 39). In this example, the VPN node will represent VRF configured in the physical device.¶
Finally, create the VPN network access with multicast enabled (see the excerpt of the request message body shown in Figure 40).¶
Acknowledgements
During the discussions of this work, helpful comments, suggestions, and reviews were received from (listed alphabetically) Raul Arco, Miguel Cros Cecilia, Joe Clarke, Dhruv Dhody, Adrian Farrel, Roque Gagliano, Christian Jacquenet, Kireeti Kompella, Julian Lucek, Greg Mirsky, and Tom Petch. Many thanks to them. Thanks to Philip Eardley for the review of an early draft version of the document.¶
Daniel King, Daniel Voyer, Luay Jalil, and Stephane Litkowski contributed to early draft versions of this document. Many thanks to Robert Wilton for the AD review. Thanks to Andrew Malis for the routing directorate review, Rifaat Shekh-Yusef for the security directorate review, Qin Wu for the opsdir review, and Pete Resnick for the genart directorate review. Thanks to Michael Scharf for the discussion on the TCP-AO. Thanks to Martin Duke, Lars Eggert, Zaheduzzaman Sarker, Roman Danyliw, Erik Kline, Benjamin Kaduk, Francesca Palombini, and Éric Vyncke for the IESG review.¶
This work was supported in part by the European Commission