A Service YANG Data Model for dynamic-L3VPNChina Telecomfufengc@chinatelecom.cnChina Telecomhuangcanc@chinatelecom.cnHuaweilana.wubo@huawei.comChina Telecomxiechf@chinatelecom.cnONSEN Working GroupThis document defines extensions to the Layer 3 VPN Service Model
(L3SM) defined in RFC8299 to support dynamic L3VPN
services. The extensions enable (1) dynamic network provisioning with
temporary connectivity, (2) dynamic bandwidth adjustment, and (3) integration
of Slice Service Templates for enhanced Service Level Objective (SLO) specification.
These capabilities address operational requirements for data-intensive workloads
that are not supported by the base L3SM model, which assumes static connectivity and fixed bandwidth
allocations.This is the first submission of this document to the IETF, submitted
on February 11, 2026. No pre-RFC5378 disclaimer is required as this
submission is post-RFC5378.This Internet-Draft is submitted in full conformance with the provisions
of BCP 78 and BCP 79. Internet-Drafts are working documents of the
Internet Engineering Task Force (IETF). Note that other groups may also
distribute working documents. The list of current Internet-Drafts is at
https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft
documents valid for a maximum of six months and may be updated, replaced,
or obsoleted by other documents at any time. It is inappropriate to use
Internet-Drafts as reference material or to cite them other than as
"work in progress." This Internet-Draft will expire on 14 August 2026.Copyright (c) 2026 IETF Trust and the persons identified as the document
authors. All rights reserved. This document is subject to BCP 78 and the
IETF Trust's Legal Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents carefully,
as they describe your rights and restrictions with respect to this
document. Code Components extracted from this document must include
Revised BSD License text as described in Section 4.e of the Trust Legal
Provisions and are provided without warranty as described in the Revised
BSD License. RFC 8299 defines the Layer 3 VPN Service Model (L3SM), which
provides a customer-facing abstraction for Layer 3 VPN services.
L3SM assumes relatively static service characteristics: persistent
connectivity between fixed sites with bandwidth parameters specified
at service creation time. Operational experience with data-intensive workloads (e.g., large-
scale data transfer, temporary compute clusters) has identified
requirements not addressed by the base L3SM model:Dynamic network provisioning: The ability to establish and tear
down connectivity on demand, rather than maintaining persistent
connections. Conventional
L3VPN services must perform frequent network reconfigurations to support
such dynamic networking. Frequent reconfigurations for dynamic networking
may introduce potential risks to network stability and are generally
unacceptable for network operations.Dynamic bandwidth adjustment: The ability to modify bandwidth
allocations within seconds or minutes, rather than through
configuration changes that may take hours or days.These operational requirements create corresponding gaps in the
service model:L3SM does not support temporary connectivity with explicit
activation/deactivation time windows.L3SM does not provide parameters for elastic bandwidth ranges or
adjustment time constraints.L3SM lacks integration with network slicing constructs (Slice
Service Templates) needed for differentiated service tiers.This document defines YANG augmentations to RFC 8299 to address these
gaps. The extensions are designed to be backward compatible:
implementations that do not require dynamic capabilities can ignore
the new parameters.The scope of this document is limited to service model extensions.
Implementation details of underlying mechanisms (e.g., signaling
protocols, encryption algorithms) are out of scope. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.This document uses the following terms:AC: Attachment Circuit, as defined in .CE: Customer Edge, as defined in .COA: Change of Authorization, as defined in .Dynamic-L3VPN: A Layer 3 VPN service supporting dynamic network
provisioning and/or dynamic bandwidth adjustment.L3SM: Layer 3 VPN Service Model, as defined in .L3VPN: Layer 3 Virtual Private Network, as defined in .PE: Provider Edge, as defined in .Slice Service Template (SST): A reusable policy container defining
Service Level Objectives (SLOs) and Service Level Expectations
(SLEs) for network slices, as defined in
[I-D.ietf-teas-ietf-network-slice-nbi-yang].Several IETF Working Groups have developed multiple YANG modules in
order to communicate between customers and network operators and to
deliver VPN service. A set of these models is listed here: defines the Layer 3 Virtual Private Network
Service Model (L3SM), which is used for communication between customers
and service providers. This model provides an abstracted view of the
Layer 3 IP VPN service configuration components. It will be up to the
management system to take this model as input and use specific
configuration models to configure the different network elements to
deliver the service. documents a YANG Data Models for Bearers and
Attachment Circuits as a Service for managing ACs that are exposed by
a network to its customers. Exposing Attachment Circuits as a Service
(ACaaS) greatly simplifies the provisioning of services delivered over
an AC. defines YANG Data Models for Network Resource
Partition (NRP), which is closely related to network slicing technology.
The model provides a standardized way to model, provision and manage
isolated network resource partitions, supporting the requirement of
service-specific resource isolation, and is highly relevant to the
network slicing capability designed in this document.The dynamic-L3VPN service delivery example is shown in Figure 1. As an
end-to-end service, dynamic-L3VPN connection may consist of multiple
segments, which may be defined by different RFCs.The dynamic-L3VPN can be established either between CEs or between CEs
and DC-GWs.Dynamic-L3VPN Service Delivery ExampleThe extensions are defined in the module
ietf-l3vpn-svc-dynamic-ext, which augments the base L3SM module
(ietf-l3vpn-svc) at the following locations:/l3vpn-svc/vpn-profiles: Adds profiles for bandwidth adjustment
ranges, and SLO/SLE templates./l3vpn-svc/sites/site: Adds temporary connection indicators, and
effective time windows./l3vpn-svc/sites/site/site-network-accesses/site-network-access/
service: Adds dynamic bandwidth indicators and adjustment ranges./l3vpn-svc/sites/site/security/encryption: Adds quantum
encryption parameters.Figure 2 illustrates the module augmentation structure.Augmentation Structure of ietf-l3vpn-svc-dynamic-ext
/l3vpn-svc:l3vpn-svc
/vpn-profiles
/l3vpn-svc-dyn:maximum-adjustment-profiles
/maximum-adjustment-profile/id
+--rw slo-policy
| +--rw metric-bound* [metric-type]
| | +--rw metric-type identityref
| | +--rw metric-unit? string
| | +--rw value-description? string
| | +--rw percentile-value? uint8
| | +--rw bound? uint64
| +--rw availability? identityref
| +--rw mtu? uint32
+--rw sle-policy
+--rw security* identityref
+--rw isolation* identityref
+--rw max-occupancy-level? uint8
+--rw path-constraints
+--rw service-functions? string
+--rw diversity
+--rw diversity-type? identityref
augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site:
+--rw temporary-connection-indicator? boolean
+--rw effective-time-window? yang:date-and-time
+--rw service
| +--rw qos
| +--rw qos-profile
| +--rw slo-sle-profile? ->
/l3vpn-svc:l3vpn-svc
/vpn-profiles
/l3vpn-svc-dyn:slo-sle-profiles
/slo-sle-profile/id
| +--rw qos-profile-enabled? boolean
+--rw security-encryption
+--rw quantum-encryption-enable? boolean
+--rw quantum-encryption-mode? uint8
+--ro quantum-encryption-status? enumeration
augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site
/l3vpn-svc:site-network-accesses
/l3vpn-svc:site-network-access:
+--rw service
| +--rw dynamic-bandwidth-indicator? boolean
| +--rw effective-time-window? yang:date-and-time
| +--rw maximum-adjustment-bandwidth-range? ->
/l3vpn-svc:l3vpn-svc
/vpn-profiles
/l3vpn-svc-dyn:maximum-adjustment-profiles
/maximum-adjustment-profile/id
+--rw ip-connection-security
+--rw quantum-encryption-enable? boolean
+--rw quantum-encryption-mode? uint8
+--ro quantum-encryption-status? enumeration
+--rw service
+--rw qos
+--rw qos-profile
+--rw slo-sle-profile? ->
/l3vpn-svc:l3vpn-svc
/vpn-profiles
/l3vpn-svc-dyn:slo-sle-profiles
/slo-sle-profile/id
+--rw qos-profile-enabled? boolean
]]>Requirement: Support on-demand establishment and release of VPN
connectivity between specified endpoints, with activation times
ranging from seconds (for pre-configured tunnels) to minutes (for
configuration-driven setup).Gap in : L3SM assumes persistent connectivity; it provides no
mechanism to specify temporary connections or activation time
constraints. Extensions:temporary-connection-indicator: Boolean flag indicating whether a
site connection is temporary (default false).effective-time-window: Time range parameter specifying when the
connection must be active. When sub-minute activation is
required, this indicates that pre-configured tunnels with dynamic
authorization (e.g., RADIUS COA ) should be used.Requirement: Support modification of bandwidth allocations within
customer-specified time windows, ranging from seconds to hours. Gap in : L3SM specifies static bandwidth parameters
(input-bandwidth, output-bandwidth) without support for elastic
ranges or adjustment constraints. Extensions:dynamic-bandwidth-indicator: Boolean flag indicating whether
bandwidth adjustment is supported (default false).maximum-adjustment-bandwidth-range (bandwidth context): Maximum allowed
duration to complete a bandwidth modificationeffective-time-window (bandwidth context): Maximum allowed
duration to complete a bandwidth modificationRequirement: Enable binding of L3VPN services to predefined service
tiers with specific performance guarantees (latency, bandwidth,
isolation), decoupling service catalog definition from resource
allocation.Gap in : L3SM provides basic QoS profiles but lacks
integration with network slicing constructs and parameterized SLO/SLE
specifications. Extensions:slo-sle-profile: Reference to a Slice Service Template defining
quantitative SLOs (metric bounds, availability) and qualitative
SLEs (security, isolation, path constraints).The SLO/SLE profile structure aligns with
[I-D.ietf-teas-ietf-network-slice-nbi-yang], enabling consistent
policy application across VPN and slice services.Requirement: Support quantum-safe encryption for high-security data
transmission scenarios.Gap in : L3SM defines basic encryption enablement but lacks
parameters for quantum key distribution (QKD) and post-quantum
cryptography (PQC) integration. Extensions:quantum-encryption-enable: Boolean flag for quantum-enhanced
security activation.quantum-encryption-mode: Failover behavior when quantum key
acquisition fails (fallback to conventional crypto or terminate).quantum-encryption-status: Operational state monitoring
(read-only).This modules augments the L3SM.
module ietf-l3vpn-svc-dynamic-ext {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc-dynamic-ext";
prefix l3vpn-svc-dyn;
import ietf-l3vpn-svc {
prefix l3vpn-svc;
revision-date 2018-01-19;
}
import ietf-yang-types {
prefix yang;
revision-date 2013-07-15;
}
organization
"IETF ONSEN Working Group";
contact
"Editor: Fengchao Fu
<fufengc@chinatelecom.cn>
Cancan Huang
<huangcanc@chinatelecom.cn>
Bo Wu
<lana.wubo@huawei.com>
Chongfeng Xie
<xiechf@chinatelecom.cn>";
description
"This module defines extensions to the L3VPN service model
for supporting dynamic bandwidth adjustment, SLO/SLE profile
binding, quantum-safe encryption, and QoS enhancement.
Copyright (c) 2026 IETF Trust and the persons identified
as authors of the code.
All rights reserved.";
revision 2026-02-11 {
description
"Initial revision with dynamic bandwidth, SLO/SLE,
and quantum encryption extensions.
Compatible with RFC 7950 (YANG 1.1).";
reference "I-D: draft-fu-onions-update-l3sm-service-models-00";
}
identity metric-type-base {
description "Base identity for performance metric types";
}
identity latency {
base metric-type-base;
description "End-to-end latency metric";
}
identity bandwidth {
base metric-type-base;
description "Available bandwidth metric";
}
identity availability-level-base {
description "Base identity for service availability levels";
}
identity security-policy-base {
description "Base identity for security policy types";
}
identity isolation-level-base {
description "Base identity for isolation levels";
}
identity te-link-disjoint {
description "Link-disjoint path diversity
(IETF TE type semantics)";
}
augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:vpn-profiles {
container maximum-adjustment-profiles {
description "Collection of maximum adjustment profiles
for dynamic bandwidth";
list maximum-adjustment-profile {
key "id";
description "Single maximum adjustment profile
for dynamic bandwidth";
leaf id {
type string;
description "Unique identifier
for the maximum adjustment profile";
}
}
}
container slo-sle-profiles {
description "Reusable SLO/SLE profiles
for Dynamic-L3VPN QoS binding";
list slo-sle-profile {
key "id";
description "SLO/SLE profile defining performance
and experience constraints";
leaf id {
type string;
description "Unique identifier for the SLO/SLE profile";
}
leaf description {
type string;
mandatory false;
description "Human-readable description
of the SLO/SLE profile";
}
leaf profile-ref {
type leafref {
path "/l3vpn-svc:l3vpn-svc/
l3vpn-svc:vpn-profiles/
l3vpn-svc-dyn:maximum-adjustment-profiles/
l3vpn-svc-dyn:maximum-adjustment-profile/id";
}
mandatory false;
description "Reference to an associated
network slice profile";
}
container slo-policy {
description "Service Level Objective (SLO)
policy constraints";
list metric-bound {
key "metric-type";
description "Bound on a specific performance metric";
leaf metric-type {
type identityref {
base metric-type-base;
}
description "Type of performance metric
(latency, bandwidth, etc.)";
}
leaf metric-unit {
type string;
description "Unit of measurement for the metric
(ms, Mbps, %)";
}
leaf value-description {
type string;
mandatory false;
description "Additional context for the metric value";
}
leaf percentile-value {
type uint8;
mandatory false;
description "Percentile for the metric bound (0-100)";
}
leaf bound {
type uint64;
mandatory false;
description "Threshold value
for the performance metric";
}
}
leaf availability {
type identityref {
base availability-level-base;
}
mandatory false;
description "Required service availability level
(99.999%, etc.)";
}
leaf mtu {
type uint32;
mandatory false;
description "Maximum Transmission Unit (bytes)
for the service";
}
}
container sle-policy {
description "Service Level Experience
(SLE) policy constraints";
leaf-list security {
type identityref {
base security-policy-base;
}
description "Security policies applied
(TLS 1.3, IPsec, etc.)";
}
leaf-list isolation {
type identityref {
base isolation-level-base;
}
description "Isolation requirements
(network, tenant, etc.)";
}
leaf max-occupancy-level {
type uint8;
mandatory false;
description "Maximum resource occupancy level
(0-255, percentage scale)";
}
container path-constraints {
description "Constraints on data path selection";
leaf service-functions {
type string;
description "Required service functions on the path
(firewall, IDS, etc.)";
}
container diversity {
description "Path diversity requirements
for redundancy";
leaf diversity-type {
type identityref {
base te-link-disjoint;
}
mandatory false;
description "Type of path disjointness
(link-disjoint)";
}
}
}
}
}
}
}
augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site {
leaf temporary-connection-indicator {
type boolean;
default false;
description "Indicator if this site has
a temporary connection";
}
leaf effective-time-window {
type yang:date-and-time;
mandatory false;
when "../l3vpn-svc-dyn:temporary-connection-indicator
= 'true'";
description "Time window for temporary connection validity";
}
container service {
container qos {
container qos-profile {
leaf slo-sle-profile {
type leafref {
path "/l3vpn-svc:l3vpn-svc/
l3vpn-svc:vpn-profiles/
l3vpn-svc-dyn:slo-sle-profiles/
l3vpn-svc-dyn:slo-sle-profile/id";
}
mandatory false;
when "../qos-profile-enabled = 'true'";
description "Reference to SLO/SLE profile
for site-level QoS binding";
}
leaf qos-profile-enabled {
type boolean;
default false;
description "QoS profile enable flag";
}
}
}
}
container security-encryption {
leaf quantum-encryption-enable {
type boolean;
default false;
description "Enable quantum-resistant encryption
for site security";
}
leaf quantum-encryption-mode {
type uint8;
default 1;
mandatory false;
when "../quantum-encryption-enable = 'true'";
description "Quantum encryption mode
(1=default, 2=enhanced)";
}
leaf quantum-encryption-status {
type enumeration {
enum idle {
description "Quantum encryption not active";
}
enum active {
description "Quantum encryption in use";
}
enum error {
description "Quantum encryption error state";
}
}
config false;
description "Operational status of quantum encryption
(read-only)";
}
}
}
augment "/l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site"
+"/l3vpn-svc:site-network-accesses"
+"/l3vpn-svc:site-network-access" {
container service {
leaf dynamic-bandwidth-indicator {
type boolean;
default false;
description "Enable dynamic bandwidth adjustment
for this service";
}
leaf effective-time-window {
type yang:date-and-time;
mandatory false;
when "../dynamic-bandwidth-indicator = 'true'";
description "Time window for dynamic bandwidth validity";
}
leaf maximum-adjustment-bandwidth-range {
type leafref {
path "/l3vpn-svc:l3vpn-svc
/l3vpn-svc:vpn-profiles
/l3vpn-svc-dyn:maximum-adjustment-profiles
/l3vpn-svc-dyn:maximum-adjustment-profile/id";
}
mandatory false;
when "../dynamic-bandwidth-indicator = 'true'";
description "Reference to maximum adjustment
bandwidth profile";
}
}
container ip-connection-security {
leaf quantum-encryption-enable {
type boolean;
default false;
description "Enable quantum-resistant encryption
for IP connection security";
}
leaf quantum-encryption-mode {
type uint8;
default 1;
mandatory false;
when "../quantum-encryption-enable = 'true'";
description "Quantum encryption mode
(1=default, 2=enhanced)";
}
leaf quantum-encryption-status {
type enumeration {
enum idle {
description "Quantum encryption not active";
}
enum active {
description "Quantum encryption in use";
}
enum error {
description "Quantum encryption error state";
}
}
config false;
description "Operational status of quantum encryption
(read-only)";
}
container service {
container qos {
container qos-profile {
leaf slo-sle-profile {
type leafref {
path "/l3vpn-svc:l3vpn-svc
/l3vpn-svc:vpn-profiles
/l3vpn-svc-dyn:slo-sle-profiles
/l3vpn-svc-dyn:slo-sle-profile/id";
}
mandatory false;
when "../qos-profile-enabled = 'true'";
description "Reference to SLO/SLE profile
for IP connection-level QoS binding";
}
leaf qos-profile-enabled {
type boolean;
default false;
description "QoS profile enable flag";
}
}
}
}
}
}
}
This document requests IANA to register the following URI in the
"IETF XML Registry":URI: urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc-dynamic-ext
Registrant Contact: The IESG
XML: N/A; the requested URI is an XML namespace. This document requests IANA to register the following YANG module in
the "YANG Module Names" registry:Name: ietf-l3vpn-svc-dynamic-ext
Namespace: urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc-dynamic-ext
Prefix: l3vpn-svc-dyn
Reference: RFC XXXXThe extensions defined in this document inherit the security
considerations of RFC 8299.Additional considerations:Dynamic provisioning mechanisms (e.g., RADIUS COA) MUST be
secured using mutual authentication and integrity protection.Quantum encryption parameters are sensitive; access to these
configuration nodes SHOULD be restricted to authorized
administrators.Communication between customers and service orchestrators SHOULD
use TLS 1.3 or equivalent encryption.Key words for use in RFCs to Indicate Requirement LevelsHarvard UniversityBGP/MPLS VPN TerminologyBGP/MPLS IP Virtual Private Networks (VPNs)Dynamic Authorization Extensions to RADIUSAmbiguity of Uppercase vs Lowercase in RFC 2119 Key WordsIBMA YANG Data Model for Layer 3 VPN Services (L3SM)A Common YANG Data Model for Attachment CircuitsA Service YANG Data Model for Attachment CircuitsSegment Routing over IPv6 (SRv6) Network ProgrammingYANG Data Models for Network Resource Partition (NRP)BGP Overlay Services Based on Segment Routing over IPv6 (SRv6)The VPN instances on the PE devices may be pre-configured as defined in
, with the VPN instance bound to an AC only when
establishing end-to-end VPN connectivity. Alternatively, the VPN instance
may also be dynamically configured via configuration commands based on
customer requirements.The dynamic-L3VPN service provisioning and lifecycle procedure is as
follows, and we take customer A ordering dynamic-L3VPN service as an example.Dynamic-L3VPN Service Orchestration Procedure| | | |
| | | | |
| 2. Submit VPN Service Info | | |
| (Peer, BW, Start, End) | | |
+------------->| | | |
| | | | |
| | 3. Configure CE | |
| +------------->| | |
| | | | |
| | | 4. Connect to PE |
| | +---------->| |
| | | | |
| | | 5. Bind AC to VPN
| | | |<-------------+
| | | | |
| 6. Submit Dynamic BW Request| | |
+------------->| | | |
| | | | |
| | 7. Update Bandwidth (PE) | |
| +------------------------->| |
| | | | |
| 8. Request Add User to VPN | | |
+------------->| | | |
| | | | |
| | 9. Config New CE & PE | |
| +------------------------->| |
| | | | |
| 10. Request Remove User | | |
+------------->| | | |
| | | | |
| | 11. Config: Remove AC | |
| +------------->| | |
| | | | |
| | 12. Config:Remove AC from PE |
| +------------------------->| |
| | | | |
]]>The procedure consists of 12 key steps covering the full lifecycle of
dynamic-L3VPN: registration, initial service provisioning, dynamic
bandwidth adjustment, peer addition/removal, and resource cleanup. The
Network Controller coordinates configuration across CEs and PEs to ensure
end-to-end service delivery, while the Ordering System acts as the
interface between customers and the network infrastructure. SRv6 (defined
in and ) may be used for
path optimization in dynamic-L3VPN.Customer A registers in the service ordering system.Customer A enters VPN service parameters into the ordering system,
including peer VPN customers, bandwidth requirement, start time, and
end time, etc.The Network controller provisions configuration to the CE devices of
the involved customers.Each CE device establishes a connection to its attached PE device.The Network controller sends configuration or signaling to the PE
devices to bind the customer's AC to the VPN instance.Customer A submits an elastic bandwidth adjustment request via the
ordering system.The Network controller delivers configuration or signaling to the PE
devices to modify the bandwidth of the VPN service.Customer A submits a request via the ordering system to add one or
more new customers to the VPN.The Network controller provisions the new customers' CE device and
sends configuration or signaling to the corresponding PE devices.Customer A submits a request via the ordering system to remove one
or more existing customers from the VPN.The Network controller updates the configuration of the removed
customers' CE devices.The Network controller sends configuration or signaling to the
corresponding PE devices to delete the associated AC from the VPN.The authors wish to thank Mingjiang Fu, Zhuojun Huang, Zhenlin Tan,
Wenkuan Qu of China Telecom for their contributions to the
dynamic L3VPN operational requirements.