I2RS working group S. Hares
Internet-Draft Huawei
Intended status: Standards Track S. Kini
Expires: July 7, 2016 Ericsson
L. Dunbar
Huawei
A. Ghanwani
R. Krishnan
Dell
D. Bogdanovic
Juniper Networks
J. Tantsura
R. White
Ericsson
January 4, 2016

Filter-Based RIB Data Model
draft-hares-i2rs-fb-rib-data-model-01

Abstract

This document defines a data model for the I2RS Filter-based Routing Information Base (RIB) Yang data model. A routing system uses the Filter-based RIBto program FIB entries that process incoming packets by matching on multiple fields within the packet and then performing a specified action on it. The FB-RIB can also specify an action to forward the packet according to the FIB entries programmed using the RIBs of its routing instance.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on July 7, 2016.

Copyright Notice

Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

The Interface to the Routing System (I2RS) [I-D.ietf-i2rs-architecture] architecture provides dynamic read and write access to the information and state within the routing elements. The I2RS client interacts with the I2RS agent in one or more network routing systems.

This document provides a yang module for the I2RS filter Based Routing Information Base (FB-RIB) and describes the I2RS interaction with routing filters within a routing element. The informational model for the FB-RIB is in [I-D.kini-i2rs-fb-rib-info-model]

1.1. Definition of I2RS Filter Based RIB

Filter-based routing is a technique used to make packet forwarding decisions based on a filter that is matched to the incoming packets and the specified action. It should be noted that that this is distinct from the static routes in the RIB [I-D.ietf-i2rs-rib-info-model] where the routing is destination ddress based.

A Filter-Based RIB (Routing Information Base) is contained in a routing instance (defined in [I-D.ietf-i2rs-rib-info-model]). It contains a list of filters (match-action conditions), a list of interface the filter-based forwarding operates on. Filter-based RIBs (FB-RIBs) operate only on the interface the FB-RIB are configured on.

A Filter Based RIB uses Event-Condition-Action policy. A Filter-based RIB entry specifies matches on fields in a packet (which may include layer 2 fields, IP header fields, transport or application fields) or size of the packet or interface received on. The matches are contained in an ordered list of filters which contain pairs of match condition-action (aka event-condition-action).

If all matches fail, default action is to forward the packet using FIB entries that were programmed by the Routing Informational Base (RIB) manager described in [I-D.ietf-i2rs-rib-info-model].

Actions in the condition-action pair may impact forwarding or set something in the packet that will impact forwarding. Policy actions are typically applied before applying QoS constraints since policy actions may override QoS constraint.

The Filter-Based RIB resides in ephemeral state as does the I2RS RIB and I2RS topology models.

2. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

In this document, these words will appear with that interpretation only when in ALL CAPS. Lower case uses of these words are not to be interpreted as carrying RFC-2119 significance.

3. Definitions and Acronyms

CLI


Command Line Interface
FB-RIB


Filter-Based Routing Information Base
FB-Route


The policy rules in the filter-based RIB are prescriptive of the Event-Condition-Action form which is often represented by if Condition then action".
Policy Group


Policy Groups are groups of policy rules. The groups of policy in the basic network policy [I-D.hares-i2rs-bnp-info-model] allow grouping of policy by name. This name allow easier management of customer-based or provider based filters.
RIB IM


RIB Informational Model (RIB IM) [I-D.ietf-i2rs-rib-info-model]
Routing instance


A routing instance, in the context of the FB-FIB is a collection of RIBs, interfaces, and routing parameters. A routing instance creates a logical slice of the router and allows different logical slices; across a set of routers; to communicate with each other.

4. The Top-level Yang structure for the FB-RIB

 module: FB-RIB
 fb-rib-types module
 +--rw fib-ribs 
    +--rw fb-rib*  [rib-name]
    |  +--rw rib-name string
    |  +--rw rib-afi inet:afi 
    |  +--rw fb-rib-intf* if:interface-ref
    |  +--rw default-i2rs-rib rt:rt-2rs-rib:name
    |  +--rw fb-rib-status-info 
    |  |  +--rw fb-rib-update-ref uint64
	|  +--rw instance-using* 
    |  | device:networking-instance:networking-instance-name    
    |  +--rw fb-rib-Group* [name]
    |  |  +--rw name string
    |  |  +--rw order-number uint64
	|  |  +--rw filter-type identityref // acl, eca
    |  |  +--rw acl-policy 
    |  |  |  +--rw group* 
	|  |  |       acl:access_lists:access-list-entries
	|  |  +--rw eca-policy* bnp-eca:rule-group:name
    |  |  +--rw fb-rib-group-order_status
             +--rw default-group-order uint16
             +--rw group-refcnt uint16 
	         +--rw group-installed uint16 
			 
	  Figure 4: FB RIB Type Structure   

The Top-level Yang structure for the FB-RIB types is:

ietf-fb-rib module 
 +--rw ietf-fb-rib  
	+--rw default-instance-name string 
    +--rw default-router-id rt:router-id 
	   uses fb-ribs
	   
    Figure 5: Global FB RIB Yang Structure  

The Top-level Yang structure for a global FB-RIB types (similar to acl) is:

  instance-fb-rib-model: 
    imports fb-rib-types (fb-rib-t) 

    augments rt:logical-network-elements:\
       logical-network-element:network-instances: \
	   network-instance 
	 uses fb-ribs-t:fb-ribs 
  
			
	 Figure 6: Instance FB RIB Yang Structure   
			

The Top-level Yang structure for an instance fb-rib is:

5. yang models

5.1. Filter-Based RIB types

//<CODE BEGINS> file "ietf-fb-rib-types@2016-01-03.yang"
 module ietf-fb-rib-types {
   yang-version "1";

  // namespace
 namespace "urn:ietf:params:xml:ns:yang:ietf-fb-rib-types";
 prefix "fb-rib-t";
 import ietf-interfaces {prefix "if";}
 import ietf-access-control-list {prefix "acl";}
 import ietf-routing {prefix "rt";}

  // meta
  organization
    "IETF";

  contact
     "email: sriganesh.kini@ericsson.com
      email: cengiz@packetdesign.com
      email: anoop@ieee.duke.edu
      email: ivandean@gmal.org
      email: shares@ndzh.com;	 
      email: linda.dunbar@huawei.com;
      email: russ@riw.com;
      email: Jeff.Tantsura@ericsson.com;	  
	 ";

  description
    "This module describes a YANG model for the I2RS 
    Filter-based RIB Types.  These types 
    specify types for the Filter-Based RIB.  
	
	Copyright (c) 2015 IETF Trust and the persons identified as
    the document authors.  All rights reserved.

    Redistribution and use in source and binary forms, with or
    without modification, is permitted pursuant to, and subject
    to the license terms contained in, the Simplified BSD
    License set forth in Section 4.c of the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info).";

   
  revision "2016-01-03" {
      description
        "Filter-Based RIB protocol ";
        reference "draft-hares-i2rs-fb-rib-data-model-01";
  }
  
    typedef fb-rib-policy-type-def {
	   type identityref {
	     base "fb-rib-policy-type";
		 }
		description 
		"This type is used to refer to FB-RIB type";
     }
	 
	identity fb-rib-policy-type {
	     description 
	     "Types of filter-based policies
		  acl and eca";
	 }
	  
	   identity fb-rib-acl {
	   	  base fb-rib-policy-type;
	      description  
          "filter based policy based on access-lists";
	    }
				
  	   identity fb-bnp-eca-rules {
	   	  base fb-rib-policy-type;
	      description  
          "filter based policy based on qos forwarding rules";
	    }
		
	typedef fb-rules-status  {
	   type identityref {
	     base "fb-rule-opstat";
		 }
		description 
		"This type is used to refer to FB-RIB type";
	 }
	 
	  identity fb-rule-opstat {
		description 
		"operational statues for filter rules
		 inactive and active";
		 }
	 
	  identity fb-rule-inactive {
		base fb-rule-opstat;
		description
		"policy rule is inactive";
	   }
		
	  identity fb-rule-active {
		base fb-rule-opstat;
		description
		"policy rule is active";
	   }
		
	  grouping fb-rib-rule-order-status {
	  leaf statement-order {
	  	  type uint16;
	  	  description "order identifier";
	   }
	   leaf statement-oper_status {
		   type fb-rules-status;
   		   description "status of rule";
		}
		description "filter-rib 
		  policy rule order and status";
	}
	
     grouping fb-rib-group-order-status {
	  leaf group-order{ 
	    type uint16;
	    description "group order";
	   }
	  leaf group-refcnt {
	    type uint16; 
	    description "refcnt for this group";
		}
	   leaf group-installed {
	    type uint16;
	    description "number of rules installed";
		}
		description "fb-rib group list order
		   and status info.";
	  }
	  
	grouping fb-rib-status-info {
	   leaf fb-rib-update-ref {
   		 type uint64;
	     description 
		 "number of updates to this FB RIB
		  since last reboot";
	   }
	   description "FB-RIB update info";
	 }	 
	 
	grouping default-fb-rib {

		leaf default-rib {
			type string; 
			description "default ribs for 
			  normal and ephemeral filter-based rib
			  should use rt:routing:routing-instance:name"; 
		}
		
		leaf i2rs-instance {
			type string;
		    description "default I2RS RIB
			  should use 
               i2rs-rib:routing-instance:name"; 
		} 
		leaf rib-name {
			type string;
   	        description "name of RIB";
		}

		leaf fb-rib-update-ref {
			type uint64;
			description " number of 
			  updates to this FB RIB
		      since last reboot";
		   }
	    description "I2RS RIB which will be used
		   even if none of the policy match";
    }			
	
    grouping fb-ribs {
	  list fib-rib {
		   key fb-rib-name;   
		   leaf fb-rib-name {
		        type string;
				mandatory true;
		        description "RIB name";
           }
		  uses rt:address-family;			
	      list fb-rib-intf {
			  key "name";
			  leaf name {
				type if:interface-ref;
			    description
			     "A reference to the name of a 
				 configured network layer
			     interface.";
			   }
			  description "This represents 
			    the list of interfaces 
			    associated with this routing instance.  
			    The interface list helps constrain the 
			    boundaries of packet forwarding.
			    Packets coming on these interfaces are 
			    directly associated with the given routing 
			    instance. The interface list contains a 
			    list of identifiers, with each identifier 
			    uniquely identifying an interface.";
	        }
			uses default-fb-rib;
	        list instance-using {
			  key instance-name;
			  leaf instance-name {
			    type string;
			    description 
				" name of instance using this fb-rib
				 rt:routing-instance";
			   }
			  description "instances using
			   this fb-rib";
			}  
			list fb-rib-group {
			   key group-name;
 		       leaf group-name {
			     type string; 
			     description "policy-group name";
			   }
			   leaf fb-group-policy-type {
			    type fb-rib-policy-type-def;
			    description "Policy type (acl/eca)";
			   }
		       list acl-group {
			    key name;
				leaf name {
				  type string;
				  description "name of access
 		 		   list group";
				 }
				list acls {
				  key fb-acl-name;
				  leaf fb-acl-name {
				    type acl:access-control-list-ref;
				    description "acl list name
					  associated with FB-RIB list";
				  }
				  leaf fb-acl-type {
					type acl:acl-type;
					description "acl type";
				  }
                  description "list of acls";			  
				}
                description "acl group entry";				
			  } 
			  list eca-group {
			    key name; 
			    leaf eca-group-name {
			       type string;
			       description "name of eca 
				   group (?? should it 
				   link 5o bnp-eca group 
				   name)";
				 }
				description "list of eca groups";
			  }
			  uses fb-rib-group-order-status; 
			  description "list of ordered policy 
			    groups ";
		    }
		description  "Configuration of 
		   an filter-based rib list";
	   }
	description "fb-rib group";
   }
 } 
// <CODE ENDS>

5.2. FB-RIB

//<CODE BEGINS> file "ietf-fb-rib@2016-01-03.yang"
module ietf-fb-rib {
  yang-version "1";

  // namespace
  namespace "urn:ietf:params:xml:ns:yang:ietf-fb-rib";
  // replace with iana namespace when assigned
    prefix "fb-rib";

  // import some basic inet types
  import ietf-yang-types {prefix "yang";}
  import ietf-routing { prefix "rt"; }
  import fb-rib-types { prefix "fb-rib-t";}
  
  // meta
  organization
    "IETF";

  contact
     "email: sriganesh.kini@ericsson.com
      email: cengiz@packetdesign.com
      email: anoop@ieee.duke.edu
      email: ivandean@gmal.org
      email: shares@ndzh.com;	 
      email: linda.dunbar@huawei.com;	
      email: russ@riw.com;
      email: Jeff.Tantsura@ericsson.com;	  
	 ";

  description
    "This Top level module describes a 
     YANG model for the I2RS Filter-based RIB 
     which is an global protocol independent FB RIB module.";

     revision "2016-01-03" {
       description "initial revision";
       reference "draft-hares-i2rs-fb-rib-data-model-01";
     }
 	
	 container ietf-fb-rib {
	   presence "top-level structure";
       leaf default-instance-name {
	     type string;
		 mandatory true;
        description
          "A routing instance is identified by its name,
           INSTANCE_name.  This MUST be unique across all routing
           instances in a given network device.";
         }
	     leaf default-router-id {
		    type yang:dotted-quad; 
		    description "Default router id";
		}
		 uses fb-rib-t:fb-ribs; 
       description "i2rs FB-RIB";
	  }
	  
	  augment "/rt:routing/rt:routing-instance" {
	    when "FB-RIB=='true'";
	  	container instance-fb-fib {
		uses fb-rib-t:fb-ribs;
	    description "instance filter-based rib";
        }
	   description "fb-rib augments routing instance";
	 }
}
	
//<CODE ENDS>

6. IANA Considerations

TBD

7. Security Considerations

A I2RS RIB is ephemeral data store that will dyanamically change traffic paths set by the routing configuration. An I2RS FB-RIB provides dynamic Event-Condition-Action policy that will further change the operation of forwarding by allow dyanmic policy and ephemeral RIBs to alter the traffic paths set by routing configuration. Care must be taken in deployments to use the appropriate security and operational control to make use of the tools the I2RS RIB and I2RS FB-RIB provide.

8. References

8.1. Normative References:

[I-D.hares-i2rs-bnp-info-model] Hares, S., Wu, Q., Tantsura, J. and R. White, "An Information Model for Basic Network Policy and Filter Rules", Internet-Draft draft-hares-i2rs-bnp-info-model-02, March 2015.
[I-D.ietf-i2rs-architecture] Atlas, A., Halpern, J., Hares, S., Ward, D. and T. Nadeau, "An Architecture for the Interface to the Routing System", Internet-Draft draft-ietf-i2rs-architecture-12, December 2015.
[I-D.ietf-i2rs-rib-data-model] Wang, L., Ananthakrishnan, H., Chen, M., amit.dass@ericsson.com, a., Kini, S. and N. Bahadur, "A YANG Data Model for Routing Information Base (RIB)", Internet-Draft draft-ietf-i2rs-rib-data-model-04, November 2015.
[I-D.ietf-i2rs-rib-info-model] Bahadur, N., Kini, S. and J. Medved, "Routing Information Base Info Model", Internet-Draft draft-ietf-i2rs-rib-info-model-08, October 2015.
[I-D.ietf-netmod-acl-model] Bogdanovic, D., Koushik, K., Huang, L. and D. Blair, "Network Access Control List (ACL) YANG Data Model", Internet-Draft draft-ietf-netmod-acl-model-06, December 2015.
[I-D.kini-i2rs-fb-rib-info-model] Kini, S., Hares, S., Dunbar, L., Ghanwani, A., Krishnan, R., Bogdanovic, D., Tantsura, J. and R. White, "Filter-Based RIB Information Model", Internet-Draft draft-kini-i2rs-fb-rib-info-model-02, October 2015.

8.2. Informative References

[I-D.ietf-i2rs-usecase-reqs-summary] Hares, S. and M. Chen, "Summary of I2RS Use Case Requirements", Internet-Draft draft-ietf-i2rs-usecase-reqs-summary-01, May 2015.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.

Authors' Addresses

Susan Hares Huawei 7453 Hickory Hill Saline, MI 48176 USA EMail: shares@ndzh.com
Sriganesh Kini Ericsson EMail: sriganesh.kini@ericsson.com
Linda Dunbar Huawei USA EMail: linda.dunbar@huawei.com
Anoop Ghanwani Dell EMail: anoop@alumni.duke.edu
Ram Krishnan Dell EMail: Ramkri123@gmail.com
Dean Bogdanovic Juniper Networks Westford, MA, EMail: deanb@juniper.net
Jeff Tantsura Ericsson EMail: jeff.tantsura@ericsson.com
Russ White Ericsson EMail: russ@riw.us