From abba9293800de056022d333d9c79dd43c5be9c56 Mon Sep 17 00:00:00 2001 From: tengyiG <108433002+tengyiG@users.noreply.github.com> Date: Tue, 27 Aug 2024 14:32:47 -0700 Subject: [PATCH 1/3] Update openconfig-keychain-types.yang (#1173) --- .../keychain/openconfig-keychain-types.yang | 26 ++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/release/models/keychain/openconfig-keychain-types.yang b/release/models/keychain/openconfig-keychain-types.yang index d84b1f54c..c923f9ea1 100644 --- a/release/models/keychain/openconfig-keychain-types.yang +++ b/release/models/keychain/openconfig-keychain-types.yang @@ -21,7 +21,13 @@ module openconfig-keychain-types { "This module contains general data definitions for use in keychain-based authentication."; - oc-ext:openconfig-version "0.2.0"; + oc-ext:openconfig-version "0.3.0"; + + revision "2024-08-27" { + description + "Added AES_128_CMAC and AES_256_CMAC"; + reference "0.3.0"; + } revision "2022-03-01" { description @@ -137,4 +143,22 @@ module openconfig-keychain-types { reference "RFC 4494 - The AES-CMAC-96 Algorithm and Its Use with IPsec"; } + + identity AES_128_CMAC { + base CRYPTO_TYPE; + description + "AES-128-CMAC keyed hash function based on a AES-128 block + cipher."; + reference + "RFC 4493 - The AES-CMAC Algorithm and Its Use with IPsec"; + } + + identity AES_256_CMAC { + base CRYPTO_TYPE; + description + "AES-256-CMAC keyed hash function based on a AES-256 block + cipher."; + reference + "RFC 4493 - The AES-CMAC Algorithm and Its Use with IPsec"; + } } From b9845f14fa4c2f6f6c4975dcf9f264f94bc910ae Mon Sep 17 00:00:00 2001 From: Aaron Bamberger Date: Wed, 28 Aug 2024 18:34:04 -0500 Subject: [PATCH 2/3] Updates to network-instance EVPN models for VLAN-aware-bundle support (#1124) * Add a new conditional leaf-lest, "vni-list", to the EVI Vxlan model, to allow the configuration of VLAN-aware-bundle MACVRFs * Make the existing "vni" leaf conditional on the MACVRF being a VLAN-based MACVRF. Since this is the only type of MACVRF currently supported by the model, this is a backwards compatible change Co-authored-by: Darren Loher --- .../network-instance/openconfig-evpn.yang | 24 ++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/release/models/network-instance/openconfig-evpn.yang b/release/models/network-instance/openconfig-evpn.yang index b9870e461..ab110a894 100644 --- a/release/models/network-instance/openconfig-evpn.yang +++ b/release/models/network-instance/openconfig-evpn.yang @@ -40,7 +40,14 @@ module openconfig-evpn { domains, this is not currently supported and requires an extension of the model."; - oc-ext:openconfig-version "0.9.0"; + oc-ext:openconfig-version "0.10.0"; + + revision "2024-06-07" { + description + "Add new vni-list leaf list to EVI config to support VLAN-aware-bundle + MACVRFs. Make existing vni leaf conditional on MACVRF type being VLAN-based"; + reference "0.10.0"; + } revision "2024-05-14" { description @@ -676,12 +683,27 @@ module openconfig-evpn { Using Ethernet VPN"; leaf vni { + when "../../../config/service-type = 'oc-evpn-types:VLAN_BASED' or + ../../../config/service-type = 'oc-evpn-types:VLAN_BUNDLE'" { + description + "For VLAN-based and VLAN-bundle EVIs, use a single VNI"; + } type oc-evpn-types:vni-id; description "Virtual Network Identifier (VNI) associated to the EVI. This VNI is used for ingress and egress in the VXLAN domain."; } + leaf-list vni-list { + when "../../../config/service-type = 'oc-evpn-types:VLAN_AWARE'" { + description + "For VLAN-aware-bundle EVIs, use a list of VNIs"; + } + type oc-evpn-types:vni-id; + description + "List of VNIs participating in a VLAN-aware-bundle EVI"; + } + leaf overlay-endpoint-network-instance { type leafref { path "/network-instances/network-instance/name"; From 6b19efbb170259b6fda5e1faa43188cb8a98337c Mon Sep 17 00:00:00 2001 From: Aaron Bamberger Date: Wed, 28 Aug 2024 20:48:44 -0500 Subject: [PATCH 3/3] Updates to network instance models for VLAN-VNI and VRF-VNI mappings (#1125) * Introduce new container "local-endpoint-vnis" in Vxlan endpoint model to allow the local configuration of VLAN-to-VNI and VRF-to-VNI mappings --- .../network-instance/openconfig-evpn.yang | 117 ++++++++++++------ 1 file changed, 81 insertions(+), 36 deletions(-) diff --git a/release/models/network-instance/openconfig-evpn.yang b/release/models/network-instance/openconfig-evpn.yang index ab110a894..a3fd800e3 100644 --- a/release/models/network-instance/openconfig-evpn.yang +++ b/release/models/network-instance/openconfig-evpn.yang @@ -40,7 +40,14 @@ module openconfig-evpn { domains, this is not currently supported and requires an extension of the model."; - oc-ext:openconfig-version "0.10.0"; + oc-ext:openconfig-version "0.11.0"; + + revision "2024-08-14" { + description + "Add new local-endpoint-vnis config container to Vxlan connection point to allow + configuration of local VNI-to-VLAN and VNI-to-VRF maps"; + reference "0.11.0"; + } revision "2024-06-07" { description @@ -1046,6 +1053,7 @@ module openconfig-evpn { config false; description "Container for state parameters related to this L2VNI or L3VNI"; + uses evpn-endpoint-vni-config; uses evpn-endpoint-vni-state; } @@ -1053,6 +1061,39 @@ module openconfig-evpn { uses ipv6-top; } } + + container local-endpoint-vnis { + description + "Top level container for local configuration related to Layer 2 virtual + network identifiers (L2VNIs) and Layer 3 virtual network identifiers + (L3VNIs) in the default network instance"; + + list local-endpoint-vni { + key "vni"; + description "List of L2VNIs and L3VNIs configured on the local VTEP"; + + leaf vni { + type leafref { + path '../config/vni'; + } + description "L2VNI or L3VNI Identifier"; + } + + container config { + description + "Container for configuration parameters related to this local L2VNI or + L3VNI"; + uses evpn-endpoint-vni-config; + } + + container state { + config false; + description + "Container for state parameters related to this local L2VNI or L3VNI"; + uses evpn-endpoint-vni-config; + } + } + } } grouping evpn-endpoint-peer-state { @@ -1197,16 +1238,52 @@ module openconfig-evpn { } } - grouping evpn-endpoint-vni-state { + grouping evpn-endpoint-vni-config { description - "Grouping for L2VNI and L3VNI state information learned on the - local VXLAN Tunnel End Point from remote VTEPs"; + "Grouping for L2VNI and L3VNI configuration parameters"; leaf vni { type oc-evpn-types:evi-id; description "L2VNI or L3VNI Identifier"; } + leaf vni-type { + type enumeration { + enum L2 { + description + "This is a Layer 2 service virtual network identifier (L2VNI) + that is used for communication within the same subnet or + broadcast domain"; + } + enum L3 { + description + "This is a Layer 3 service virtual network identifier (L3VNI) + or VRF VNI that is used for communication between subnets"; + } + } + description "The type of virtual network identfier"; + } + + leaf bridge-domain { + type uint32; + description + "This reflects the configured VLAN or Bridge Domain that maps to this + L2VNI in the VXLAN fabric"; + } + + leaf l3-vrf-name { + type string; + description + "This refects the configured VRF instance that maps to this L3VNI + that is used for routing between subnets in the VXLAN fabric"; + } + } + + grouping evpn-endpoint-vni-state { + description + "Grouping for L2VNI and L3VNI state information learned on the + local VXLAN Tunnel End Point from remote VTEPs"; + leaf multidestination-traffic { type union { type oc-inet:ip-address; @@ -1240,23 +1317,6 @@ module openconfig-evpn { control-plane or data-plane"; } - leaf vni-type { - type enumeration { - enum L2 { - description - "This is a Layer 2 service virtual network identifier (L2VNI) - that is used for communication within the same subnet or - broadcast domain"; - } - enum L3 { - description - "This is a Layer 3 service virtual network identifier (L3VNI) - or VRF VNI that is used for communication between subnets"; - } - } - description "The type of virtual network identfier"; - } - leaf vni-state { type enumeration { enum UP { @@ -1290,20 +1350,5 @@ module openconfig-evpn { "Operational status of the SVI mapped to the L3VNI that is used for routing between subnets in the VXLAN fabric"; } - - leaf bridge-domain { - type uint32; - description - "This reflects the configured VLAN or Bridge Domain that maps to this - L2VNI in the VXLAN fabric"; - } - - leaf l3-vrf-name { - type string; - description - "This refects the configured VRF instance that maps to this L3VNI - that is used for routing between subnets in the VXLAN fabric"; - } - } }