| Internet-Draft | UDP Tunnel Attachment Circuit as a Servi | September 2025 |
| Kaippallimalil, et al. | Expires 13 March 2026 | [Page] |
Delivery of network services over a Layer 3 tunnel bearer assumes that the appropriate setup is provisioned over links that connect the customer termination points and provider network. The setup needed to allow successful data exchange over these links is referred to as an attachment circuit (AC) while the underlying link for carrying network services is referred to as "bearer", in this case a Layer 3 UDP tunnel.¶
This document specifies an extension for UDP tunnel as Layer 3 bearer to the YANG service data model for AC defined in [I-D.ietf-opsawg-teas-attachment-circuit].¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 13 March 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Connectivity services provided by networks to customers ensure the transfer of data between termination points in the network. The objectives of the connectivity service can be negotiated and agreed between customer and network provider. To facilitate data transfer within the provider network, it is assumed that the appropriate setup is provisioned over links that connect customer termination points and provider network (usually via Provider Edges (PEs)). This is referred to as attachment circuit (AC) and the underlying link defined in this document is a UDP tunnel as Layer 3 bearer. In general, a bearer can be described as a physical or logical link that connects a customer node (or site) to a provider network. [I-D.ietf-opsawg-teas-attachment-circuit] describes further details of bearers and 'Attachment Circuits'-as-a-service.¶
[I-D.ietf-opsawg-teas-attachment-circuit] describes YANG data models for bearers and 'Attachment circuits'-as-a-service ACaaS). Layer 3 UDP tunnel as bearer is not defined there and is an extension defined in this document. Section 2 describes the data module ietf-ac-udpt for Layer 3 UDP tunnel service. Section 3 describes the UDP tunnel YANG model.¶
[I-D.ietf-opsawg-teas-attachment-circuit] defines YANG service model for AC to an IETF slice [RFC9543] based on layer 2 bearers. This document extends the YANG service model for AC in [I-D.ietf-opsawg-teas-attachment-circuit] to support UDP tunnels.¶
The 'l3-service' and 'l3-tunnel-service' in the AC structure in [I-D.ietf-opsawg-teas-attachment-circuit] is used to configure the relevant layer 3 tunnel properties of a UDP tunnel AC. IPv4 and IPv6 properties of the UDP tunnel AC are provided in "ip-connection" and the extension below adds source port number and range for the UDP tunnel.¶
module: ietf-ac-udpt
augment /ac-svc:attachment-circuits/ac-svc:ac/ac-svc:ip-connection
/ac-svc:l3-service/ac-svc:l3-tunnel-service
/ac-svc:l3-tunnel-service:
+--rw (udp-port)?
+--:(port-range-or-operator)
+--rw source-port-range-or-operator
+--rw (port-range-or-operator)?
+--:(range)
| +--rw lower-port inet:port-number
| +--rw upper-port inet:port-number
+--:(operator)
+--rw operator? operator
+--rw port inet:port-number
'l3-tunnel-service' in [I-D.ietf-opsawg-teas-attachment-circuit] is extended in this document to carry UDP source port number/range.¶
The "ietf-ac-udp-tunnel" module uses definitions in [I-D.ietf-opsawg-teas-attachment-circuit] and [RFC8519].¶
module ietf-ac-udp-tunnel {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-ac-udp-tunnel";
prefix ac-udpt;
import ietf-ac-common {
prefix ac-common;
reference
"RFC SSSS: YANG Data Models for Bearers and 'Attachment
Circuits'-as-a-Service (ACaaS)";
}
import ietf-ac-svc {
prefix ac-svc;
reference
"RFC SSSS: YANG Data Models for Bearers and 'Attachment
Circuits'-as-a-Service (ACaaS)";
}
import ietf-packet-fields {
prefix packet-fields;
reference
"RFC 8519: YANG Data Model for Network Access
Control Lists (ACLs), Section 4.2";
}
organization
"IETF DMM (Distributed Mobility Management)";
contact
"WG Web: <https://datatracker.ietf.org/wg/dmm/>
WG List: <mailto:dmm@ietf.org>
Author: John Kaippallimalil
<mailto:john.kaippallimalil@futurewei.com>";
description
"This YANG module defines a YANG model for augmenting the ACaaS
service model with UDP Encapsulation as Layer 3 tunnel service.
Copyright (c) 2024 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see the
RFC itself for full legal notices.";
revision 2023-11-13 {
description
"Initial revision.";
reference
"RFC XXXX: UDP Attachment Circuit as a Service";
}
identity udp {
base ac-common:l3-tunnel-type;
description
"UDP Encapsulation.";
reference
"RFC 8085: UDP Usage Guidelines, Section 3.1.11";
}
augment "/ac-svc:attachment-circuits/ac-svc:ac"
+ "/ac-svc:ip-connection/ac-svc:l3-service"
+ "/ac-svc:l3-tunnel-service/ac-svc:l3-tunnel-service" {
when "derived-from-or-self(./type, 'ac-udpt:udp')" {
description
"Only applicable if l3 service type is UDP encapsualtion.";
}
description
"Augments Layer 3 AC service with required data nodes for
UDP encapsulation support.";
choice udp-port {
description
"Choice of specifying the source port number or referring
to a group of port numbers.";
container source-port-range-or-operator {
description
"Indicates a set of source ports numbers.";
uses packet-fields:port-range-or-operator;
}
}
}
}
Note to RFC Editor:¶
Replace "RFC XXXX" with the RFC number to be assigned to this document.¶
Replace "RFC SSSS" with the RFC number to be assigned to [I-D.ietf-opsawg-teas-attachment-circuit].¶
Mohamed Boucadair helped with Yang structures for the ietf-ac-udp-tunnel attachment circuit in this document.¶
This section is modeled after the template described in Section 3.7 of [I-D.ietf-netmod-rfc8407bis].¶
The "ietf-ac-udp-tunnel" YANG module defines a data model that is designed to be accessed via YANG-based management protocols, such as NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols have to use a secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446] or QUIC [RFC9000] and have to use mutual authentication.¶
Servers MUST verify that requesting clients are entitled to access and manipulate a given bearer or AC. For example, a given customer must not have access to bearers (attachment circuits) of other customers. The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.¶
The data nodes in the YANG model in this document inherits from [I-D.ietf-opsawg-teas-attachment-circuit], and the security constraints to the data structures there apply. Data nodes defined in the ietf-ac-udp-tunnel YANG module are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) and delete operations to these data nodes without proper protection or authentication can have a negative effect on network operations. The 'udp-port' information may be used to track a customer of the slice service and may be considered a violation of the customer-provider trust relationship.¶
IANA is requested to register the following URI in the "ns" subregistry within the "IETF XML Registry" [RFC3688]:¶
URI: urn:ietf:params:xml:ns:yang:ietf-ac-udp-tunnel¶
Registrant Contact: The IESG.¶
XML: N/A; the requested URI is an XML namespace.¶
IANA is requested to register the following YANG module in the "YANG Module Names" subregistry [RFC6020] within the "YANG parameters" registry.¶