Re: [netmod] Comments on draft-ietf-netmod-sub-intf-vlan-model-05

Don Fedyk <> Mon, 03 August 2020 18:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 50E453A0A38 for <>; Mon, 3 Aug 2020 11:46:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (768-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UnR3RDpt1VK5 for <>; Mon, 3 Aug 2020 11:46:28 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 721263A0A36 for <>; Mon, 3 Aug 2020 11:46:28 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTP id 3C831175D70 for <>; Mon, 3 Aug 2020 12:46:19 -0600 (MDT)
Received: from ([]) by cmsmtp with ESMTP id 2fTWkXYTgDlyd2fTWkjWct; Mon, 03 Aug 2020 12:46:19 -0600
X-Authority-Reason: nr=8
X-Authority-Analysis: v=2.3 cv=fPQXI6Se c=1 sm=1 tr=0 a=h1BC+oY+fLhyFmnTBx92Jg==:117 a=h1BC+oY+fLhyFmnTBx92Jg==:17 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=y4yBn9ojGxQA:10:nop_rcvd_month_year a=Vy_oeq2dmq0A:10:endurance_base64_authed_username_1 a=DAwyPP_o2Byb1YXLmDAA:9 a=48vgC7mUAAAA:8 a=AUd_NHdVAAAA:8 a=wU2YTnxGAAAA:8 a=BK2RO_FG-GCO79w6zr4A:9 a=FyCIpaGzyvaidS9A:21 a=-Gi4oS3v7Rn3xxEI:21 a=CjuIK1q_8ugA:10:nop_charset_2 a=-RoEEKskQ1sA:10:nop_election2020_name_body a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=G3X1vUvfRJtinPPIGdoA:9 a=BUhCQ1X0kzG5nvLT:21 a=JqWLmNUUXIuufhCv:21 a=oIM-5_uPqXhxvvCV:21 a=gKO2Hq4RSVkA:10:nop_mshtml a=UiCQ7L4-1S4A:10:nop_mshtml_css_classes a=hTZeC7Yk6K0A:10:nop_msword_html a=frz4AuCg-hUA:10:nop_css_in_html a=w1C3t2QeGrPiZgrLijVG:22 a=Yz9wTY_ffGCQnEDHKrcv:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To: References:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=AJLIqOfdFGg0rBjKvrLg8K2hOUpJVgc1/VODr6Jw/7A=; b=uPP04TP9pJZH84JmKCBRJsG1BU 8E6xcxbz2QTLraoCleAVTpQdi8EUHQg9ZPts5x69QP9tqy/8rLXCq4pvlyl5L6gjGiPdhTMP9lJv9 BIqKNP8+zZcrcc7GGiluVod2v;
Received: from ([]:53209 helo=FedykLabn) by with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <>) id 1k2fTW-000KaK-HO; Mon, 03 Aug 2020 12:46:18 -0600
From: Don Fedyk <>
To: "'Rob Wilton (rwilton)'" <>,
References: <000801d56fb6$9d76fe90$d864fbb0$> <>
In-Reply-To: <>
Date: Mon, 03 Aug 2020 14:46:18 -0400
Message-ID: <003901d669c6$607798a0$2166c9e0$>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_003A_01D669A4.D9684290"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQK4JVzBYwHCp3qb71szA2GdTBxnyAHxcCc6p08ZUqA=
Content-Language: en-us
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-BWhitelist: no
X-Source-L: No
X-Exim-ID: 1k2fTW-000KaK-HO
X-Source-Sender: (FedykLabn) []:53209
X-Email-Count: 3
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <>
Subject: Re: [netmod] Comments on draft-ietf-netmod-sub-intf-vlan-model-05
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 03 Aug 2020 18:46:31 -0000

Hi Rob


Here is my feedback. -07 draft


The one hole I see is that there is no mention of priority mapping.  VLAN
tags have priority. (see additional behavior in the 802.1 model below). 

For Priority: 

One might  assume the traffic is 1:1 mapped for Ethernet  ingress and egress
vlans the PCP & DE being preserved.  But the document should state what
happens.  (L2 case).

1:1 mapping is not usually true for S-VLAN tag being added to C-VLAN tag
case.  Usually a C-VLAN does not access all of the outer tag priorities. 

When you add any VLAN  tag to an untagged frame there would typically be a
mapping from IP DSCP to VLAN PCP & DE. (L3 Case)

For this document you should say priority mapping is not specified or point
to where it is specified.


Comments on the IEEE Model:  Note this is based on the Model and how it is
supposed to work I know the industry has a wide range of equipment that can
us a hybrid models that are in between. My comments are about how the IEEE
has structured the YANG model.  

ix-A.2> A.2.  IEEE 802.1Q Bridge Configuration Model Overview (original

   The key features of the IEEE 802.1Q bridge configuration model can be
   summarized as:
   o  Each VLAN bridge component has a set of Ethernet interfaces that
      are members of that bridge.  Sub-interfaces are not used, nor
      required in the 802.1Q bridge model.
   o  Within a VLAN bridge component, the VLAN tag in the packet is
      used, along with the destination MAC address, to determine how to
      forward the packet.  Other forwarding paradigms are not supported
      by the 802.1Q model.
[Don] Partially true
   o  Classification of traffic to a VLAN bridge component is based only
      on the Ethernet interface that it arrived on.
[Don] Classification is not the correct term. Mapping   
   o  VLAN Identifiers are scoped to a VLAN bridge component.  Often
      devices only support a single bridge component and hence VLANs are
      scoped globally within the device.
[Don] See comments below. It is not that devices are small why there is
little VLAN Identifier config it is because a large part of VLAN Identifiers
is control plane driven for large devices. 
   o  Feature configuration is specified in the context of the bridge,
      or particular VLANs on a bridge.

[Don] Oversimplifies. 


Here is my view of how VLANs are configured in 802.1.  Feel free to use any
or all of it.  

The main point is that the 802.1 VLAN model is quite different. 


ix-A.2> A.2.  IEEE 802.1Q Bridge Configuration Model Overview (suggested by

Note that Bridges range from very simple devices to carrier class high
performance switches and the concepts of bridging covers a vast range of
devices used for data transport, video, audio and industrial control. VLAN
configuration is hierarchical in nature. Interfaces are mapped to bridge
components that support a VLAN.  VLANs are refined by VLAN tags which
contain type, VLAN identifiers and Priority information.
VLAN configuration is intentionally a high level and is often not specified
to each specific VLAN identifier on a bridge, since the control plane allows
VLAN tags to be dynamically configured. Devices also vary in how they are
configured - the following is a description of some key features of the IEEE
802.1Q bridge configuration model:
*        IEEE Yang Modeling follows the bridge architecture of IEEE 802.1Q.
Each VLAN bridge has one or more Ethernet interfaces that are mapped to that
component.  Sub-interfaces are not used, nor required in the 802.1Q bridge
*        802.1 Bridges maintain an active topology for each VLAN and the
VLAN identified traffic follows that topology. A Bridge is composed of
bridge components of different types. 
*        Bridges use forwarding and filtering rules to refine the traffic in
the VLAN. Bridges have properties and features that are configured on a VLAN
basis. Example data functions per component are encryption, priority
mapping, time sensitive forwarding, policing and shaping etc. 
*        Configuration maps interfaces to bridges allowing traffic received
and transmitted to be part of the VLAN. (Interfaces may be single links or
link aggregation groups - multiple links between devices that behave as one
large link.) 
*        The VLAN represents a group of traffic that uses VLAN tags to
further refine the connectivity and behavior within that VLAN. VLAN tags
identify the traffic and are used forward and filter traffic and typical
VLAN identifier configuration on the bridge includes or excludes those VLANs
or more commonly leaves the configuration to be dynamically controlled by
the control plane. 
*        Traffic on the interface may arrive with no VLAN tag or several
VLAN tag types. VLAN tags types determine the inclusion in the VLAN and the
treatment. The typical VLAN types are priority tagged, customer VLAN tagged
or provider/backbone VLAN tagged. If the interface receives a type other
than what it is expecting it will treat the traffic as untagged and flow the
rules for that interface. This is one way that multiple tags can occur on a
*        Within a VLAN on a learning bridge, MAC addresses are learned,
either shared across the VLAN identifiers or shared amongst one or more sets
of VLAN identifiers (This part is configurable by VLAN identifier/Forwarding
Identifier tables but is usually specified simply as shared learning or
independent learning for the whole VLAN). Unicast addresses are learned by
interface. Multicast addresses follow the active topology in the VLAN but
may be pruned further by other protocols.  
*        Traffic and forwarding rules are bidirectionally congruent such
that if a VLAN tag is added at an interface in the forward direction, it is
removed in the reverse direction. 
*        VLAN tags contain priority information that determines the traffic
treatment as it is forwarded. (Within a VLAN traffic streams may be used to
refine the traffic behavior further if the device supports stream filters.)
*        As a rule, each Bridge component considers only the outer VLAN tag
however Bridge components can be cascaded within Ethernet switches or
between switches to handle multiple VLAN tags such as required by provider
bridging or provider backbone bridging. 
*        Many Ethernet bridge devices support VID translation on interfaces.
This is a capability that is localized to an interface mapping VLAN
identifiers to other VLAN identifiers. This capability is primarily used to
prevent VLAN Identifier number conflicts between networks run by different
*        Per interface the VLAN Identifiers are scoped to a VLAN bridge
component, but switches may vary in the numbers bridge components and
interfaces supported. The same VLAN identifiers may be reused in disjoint



I also found errors in the XML config examples.  I used Yanglint and the
attached xml - the etfSubInterface identity is required to be configured by
the xpath when statement. 

There is also some confusion with  prefixes used. ietf-if-extensions
replaces ietf-interfaces-common ?

Yanglint did not like one of the IPv6 addresses  and I'm pretty sure there
is a typo where the parent interface should be eth1 but yanglint does not

As far as I can tell the YANG modules are OK but the config examples are
outdated and do not validate. 


I'm not sure about the format config statement in the xml - I used the
following yanglint commands to validate the attached config.

> load iana-if-type

> load ieee802-dot1q-types

> load ietf-if-flexible-encapsulation  

> load ietf-if-vlan-encapsulation

> load ietf-network-instance

> load ietf-l2vpn

> feature  ietf-if-flexible-encapsulation --enable *

> feature  ietf-if-extensions --enable *

> data  -t config   -f json ietf-flex-test1.xml

> data  -t config   -f json ietf-flex-test2.xml


List of the loaded models:

              i ietf-yang-metadata@2016-08-05

              I yang@2017-02-20

              i ietf-inet-types@2013-07-15

              i ietf-yang-types@2013-07-15

              i ietf-datastores@2018-02-14

              I ietf-yang-library@2019-01-04

              I ietf-interfaces@2018-02-20

              I iana-if-type@2017-01-19

              I ieee802-dot1q-types@2018-03-07

              I ietf-if-extensions@2019-11-04

              I ietf-if-flexible-encapsulation@2020-07-13

              I ietf-if-l3-vlan@2019-11-04

              I ietf-ip@2018-02-22

              i ietf-yang-schema-mount@2019-01-14

              I ietf-network-instance@2019-01-21

              i ietf-routing-types@2017-12-04

              I ietf-pseudowires@2018-10-22

              I ietf-l2vpn@2019-05-28





From: Rob Wilton (rwilton) <> 
Sent: Monday, July 13, 2020 5:54 PM
To: Don Fedyk <>;
Subject: RE: [netmod] Comments on draft-ietf-netmod-sub-intf-vlan-model-05


Hi Don,


Apologies for being so slow to get back to you on these comments.


As you are aware, I have added some examples to the document, and tweaked a
little bit of the introduction text to hopefully help make it a bit more
clear about how this YANG module is used in conjunction with IP or L2VPN
YANG models.


If you have time, please can you take a look at the latest draft version
<> to
see if you think the text is sufficient, or further explanation is required?





From: netmod < <> > On
Behalf Of Don Fedyk
Sent: 20 September 2019 14:24
To: <> 
Subject: [netmod] Comments on draft-ietf-netmod-sub-intf-vlan-model-05


Some comments on the draft :


On the content of the draft L3 Section:  

Overall the draft assumes quite a bit of knowledge about L3 service
configuration.  I don't know where L3 service to interfaces in the IETF
models.  I'd guess it is routing to interfaces and IP forwarding based on
routing but if it is defined, pointers in the draft would help.  From what I
understand this draft allows a L3 service interface to terminate to an
Ethernet with any combination of 2 VLAN tags.  The draft does not state it
but I assume this encapsulation is symmetric.  (Symmetrical/Asymmetrical is
only mentioned for L2).   Note the implied service context (what you get
when you strip the tags) allows for symmetric traffic . For  L3 this is
typically MPLS or IP 5 tuple etc. 


On the layer 2 section:  

For the L2VPN case there is already a YANG file that describes the Service
VLAN tagging.   I'm trying to figure you what your draft brings to this
case.  It seems to me this draft allows (more) flexible tagging for the
unqualified/unqualified learning VPNs.  By allowing translation and possibly
carrying more tags a single VLAN can carry more diverse traffic.  However
there are subtleties in doing VLAN translation.  Without examples of
applications I'm left guessing how this is intended to be applied.  Also it
is not as easy for me to understand the service context as with L3 above.
How do you identify untagged traffic (or is it a tag swapping model?) In L2
VPNs the classic case of qualified learning (also called independent VLAN
learning in IEEE) removes the (one) outer tag and carries the second tag in
the MPLS frame.  The MPLS label stack is the context for the service. The
second tag is assumed unique in the qualified domain. In Unqualified
learning (or shared VLAN learning) removing the one outer tag and means the
possibility collisions in the second tag space - no unique context is
maintained this is where VLAN translation has typically been used.  In both
cases the second tag is not changed.  One application of your draft implies
to me that you support he same models but the second tag can be changed. Can
you support both unqualified and qualified with the flexible tagging and
does it change any of the established capabilities?  Or something else?  It
would be really great clarify.   Some text on applicability with concrete
L2VPN examples would help and what it offers over the current L2VPN Yang. 



Therefore my suggestion is that the draft say something to the effect that: 

.             The draft is limited to the a port/service interface/access

.             The draft is agnostic to the full range of the Ethernet
functions that rely on the IEEE 802.1 component model. 

.             The draft uses Ethernet compatible Tagging to allow bridging
in between endpoints or interworking with bridges in a with a subset


*Note the draft is adding some other functionally that is
outside/alternative to the IEEE 802.1 functions but it interworks with
Ethernet on a subset. 

I think you do have to revisit some the language around compatibility with
compliant bridges with respect to the above points. 



Best regards