module ietf-lisp {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-lisp";
prefix lisp;
import ietf-interfaces {
prefix if;
reference
"RFC 8343: A YANG Data Model for Interface Management";
}
// RFC Ed.: replace occurrences of XXXX with actual RFC number
// and remove this note
import ietf-lisp-address-types {
prefix lisp-at;
reference "RFC XXXX: LISP YANG model";
}
import ietf-yang-types {
prefix yang;
reference "RFC 6991: Common YANG Data Types";
}
import ietf-routing {
prefix "rt";
reference
"RFC 8349: A YANG Data Model for Routing Management
(NMDA version)";
}
import ietf-network-instance {
prefix "ni";
reference
"RFC 8529: YANG Model for Network Instances";
}
organization
"IETF LISP (Locator/ID Separation Protocol) Working Group";
contact
"WG Web:
WG List:
Editor: Vina Ermagan
Editor: Alberto Rodriguez-Natal
Editor: Reshad Rahman
";
description
"This YANG module defines the generic parameters for LISP.
The module can be extended by vendors to define vendor-specific
LISP parameters and policies.
Copyright (c) 2018 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.
";
reference "RFC XXXX";
revision 2021-02-22 {
description
"Initial revision.";
reference
"https://tools.ietf.org/html/rfc6830";
}
/*
* Identity definitions
*/
identity lisp {
base "rt:control-plane-protocol";
description "LISP protocol.";
reference
"RFC 6830: The Locator/ID Separation Protocol (LISP).";
}
identity lisp-role {
description
"LISP router role.";
}
identity itr {
base lisp-role;
description
"LISP ITR.";
}
identity pitr {
base lisp-role;
description
"LISP PITR.";
}
identity etr {
base lisp-role;
description
"LISP ETR.";
}
identity petr {
base lisp-role;
description
"LISP PETR.";
}
identity mapping-system {
description
"Mapping System interface";
}
identity single-node-mapping-system {
base mapping-system;
description
"logically singular Map Server";
}
identity map-reply-act {
description
"Defines the lisp map-cache ACT type";
reference
"https://www.iana.org/assignments/lisp-parameters"
+ "/lisp-parameters.xhtml#lisp-act-value";
}
identity no-action {
base map-reply-act;
description
"Mapping is kept alive and no encapsulation
occurs.";
}
identity natively-forward {
base map-reply-act;
description
"Matching packets are not encapsulated or
dropped but natively forwarded.";
}
identity send-map-request {
base map-reply-act;
description
"Matching packets invoke Map-Requests.";
}
identity drop-no-reason {
base map-reply-act;
description
"Matching packets are dropped.";
}
identity drop-policy-denied {
base map-reply-act;
description
"Matching packets are dropped (due to policy).";
}
identity drop-auth-failure {
base map-reply-act;
description
"Matching packets are dropped (due to authentication
failure).";
}
identity auth-algorithm {
description
"Base identity for the authentication mechanisms supported by
LISP.";
reference
"https://www.iana.org/assignments/lisp-parameters"
+ "/lisp-parameters.xhtml#lisp-key-id-numbers";
}
identity no-auth-algorithm {
base auth-algorithm;
description
"No authentication.";
}
identity hmac-sha-1-96-none {
base auth-algorithm;
description
"MAC = HMAC-SHA-1-96 (RFC2404), KDF = none";
}
identity hmac-sha-256-128-none {
base auth-algorithm;
description
"MAC = HMAC-SHA-256-128 (RFC4868), KDF = none";
}
identity hmac-sha-256-128-HKDF-SHA2562 {
base auth-algorithm;
description
"MAC = HMAC-SHA-256-128, KDF = HKDF-SHA2562 (RFC4868)";
}
typedef mapping-system-ref {
type identityref {
base mapping-system;
}
description
"Mapping System reference";
}
typedef lisp-role-ref {
type identityref {
base lisp-role;
}
description
"LISP role reference";
}
typedef map-reply-action {
type identityref {
base map-reply-act;
}
description
"Map-Reply action reference";
}
typedef eid-id {
type string {
pattern '[a-zA-Z0-9\-_.:]*';
}
description
"Type encoding of lisp-addresses to be generally used in EID
keyed lists.";
}
typedef auth-algorithm-type {
type identityref {
base auth-algorithm;
}
description
"Authentication algorithm reference";
}
typedef xtr-id-type {
type binary {
length "16";
}
description
"128-bit xTR identifier.";
}
grouping locator-properties {
description
"Properties of a RLOC";
leaf priority {
type uint8;
description
"Locator priority.";
}
leaf weight {
type uint8;
description
"Locator weight.";
}
leaf multicast-priority {
type uint8;
description
"Locator's multicast priority";
}
leaf multicast-weight {
type uint8;
description
"Locator's multicast weight";
}
}
grouping locators-grouping {
description
"Grouping that defines a list of LISP locators.";
list locator {
key "locator-id";
description
"List of routing locators";
leaf locator-id {
type string {
length "1..64";
pattern '[a-zA-Z0-9\-_.:]*';
}
description
"Locator id";
}
container locator-address {
uses lisp-at:lisp-address;
description
"The locator address provided in LISP canonincal
address format.";
}
uses locator-properties;
}
}
grouping local-locators-grouping {
description
"Grouping that defines a list of LISP locators.";
list interface {
key "interface-ref";
description
"The address type of the locator";
leaf interface-ref {
type if:interface-ref;
description
"The name of the interface supporting the locator.";
}
uses locator-properties;
}
}
grouping mapping {
description
"Grouping that defines a LISP mapping.";
container eid {
uses lisp-at:lisp-address;
description
"End-host Identifier (EID) to be mapped to a list of
locators";
}
leaf time-to-live {
type uint32;
units minutes;
description
"Mapping validity period in minutes (as per RF6830).";
}
leaf creation-time {
type yang:date-and-time;
config false;
description
"Time when the mapping was created.";
}
leaf authoritative {
type bits {
bit A {
description
"Authoritative bit.";
}
}
description
"Bit that indicates if mapping comes from an
authoritative source.";
}
leaf static {
type boolean;
default "false";
description
"This leaf should be true if the mapping is static.";
}
choice locator-list {
description
"list of locartors are either negative, or positive.";
case negative-mapping {
leaf map-reply-action {
type map-reply-action;
description
"Forwarding action for a negative mapping.";
}
}
case positive-mapping {
container rlocs {
uses locators-grouping;
description
"List of locators for a positive mapping.";
}
}
}
}
grouping mappings {
description
"Grouping that defines a list of LISP mappings.";
list vpn {
key "instance-id";
description
"VPN to which the mappings belong.";
leaf instance-id {
type leafref {
path "/rt:routing/rt:control-plane-protocols"
+ "/rt:control-plane-protocol/lisp:lisp"
+ "/lisp:vpns/lisp:vpn"
+ "/lisp:instance-id";
}
description
"VPN identifier.";
}
container mappings {
description
"Mappings within the VPN.";
list mapping {
key "eid-id";
description
"List of EID to RLOCs mappings.";
leaf eid-id {
type eid-id;
description
"Id that uniquely identifies a mapping.";
}
uses mapping;
}
}
}
}
grouping auth-key {
description "Grouping that defines authentication keys.";
container authentication-keys {
description "Multiple authentication keys can be defined.";
list authentication-key {
key "auth-key-id";
description
"Authentication key parameters.";
leaf auth-key-id {
type string {
pattern '[a-zA-Z0-9\-_.:]*';
}
description
"Identifier of the authentication key.";
}
leaf-list auth-algorithm-id {
type lisp:auth-algorithm-type;
description
"Authentication algorithm used with the key.";
}
leaf auth-key-value {
type string;
description
"Clear text authentication key.";
}
}
}
}
augment "/rt:routing/rt:control-plane-protocols"
+ "/rt:control-plane-protocol" {
when "derived-from-or-self(rt:type, 'lisp:lisp')" {
description
"This augmentation is only valid for a control-plane protocol
instance of LISP.";
}
description "LISP protocol ietf-routing module
control-plane-protocol augmentation.";
container lisp {
description
"Parameters for the LISP subsystem.";
container locator-sets {
description
"Container that defines a named locator set which can be
referenced elsewhere.";
list locator-set {
key "locator-set-name";
description
"Multiple locator sets can be defined.";
leaf locator-set-name {
type string {
length "1..64";
pattern '[a-zA-Z0-9\-_.:]*';
}
description
"Locator set name";
}
choice locator-type {
description
"Locator sets can be based on local interfaces, or
general locators.";
case local-interface {
uses local-locators-grouping;
description
"List of locators in this set based on local
interfaces.";
}
case general-locator {
uses locators-grouping;
description
"List of locators in this set based on
lisp-address.";
}
}
}
}
list lisp-role {
key lisp-role-type;
description
"List of lisp device roles such as MS, MR, ITR,
PITR, ETR or PETR.";
leaf lisp-role-type {
type lisp-role-ref;
description
"The type of LISP device - identity derived from the
'lisp-device' base identity.";
}
}
container lisp-router-id {
when "../lisp-role/lisp-role-type = 'lisp:itr' or
../lisp-role/lisp-role-type = 'lisp:pitr' or
../lisp-role/lisp-role-type = 'lisp:etr' or
../lisp-role/lisp-role-type = 'lisp:petr'" {
description "Only when ITR, PITR, ETR or PETR.";
}
description
"Site-ID and xTR-ID of the device.";
leaf site-id {
type uint64;
description "Site ID";
}
leaf xtr-id {
type lisp:xtr-id-type;
description "xTR ID";
}
}
container vpns {
when "../lisp-role/lisp-role-type = 'lisp:itr' or
../lisp-role/lisp-role-type = 'lisp:pitr' or
../lisp-role/lisp-role-type = 'lisp:etr' or
../lisp-role/lisp-role-type = 'lisp:petr'" {
description "Only when ITR, PITR, ETR or PETR.";
}
description "VPNs";
list vpn {
key instance-id;
unique "iid-name";
description "List of VPNs";
leaf instance-id {
type lisp-at:instance-id-type;
description
"VPN identifier. The value 0 for instance-id must be
used for the default VRF.";
}
leaf iid-name {
type leafref {
path "/ni:network-instances/ni:network-instance"
+ "/ni:name";
}
mandatory true;
description
"Name of VPN (e.g. VRF) to which an instance-id is
bound. Each instance-id is bound to a different VPN";
}
}
}
}
}
}