<?xml version="1.0" encoding="utf-8"?>

<?xml-model href="rfc7991bis.rnc"?>
<!DOCTYPE rfc [
  <!ENTITY nbsp "&#160;">
  <!ENTITY zwsp "&#8203;">
  <!ENTITY nbhy "&#8209;">
  <!ENTITY wj "&#8288;">
]>

<rfc
  xmlns:xi="http://www.w3.org/2001/XInclude"
  category="std"
  docName="draft-zw-idr-bgp-orf-yang-model-00"
  ipr="trust200902"
  obsoletes=""
  updates=""
  submissionType="IETF"
  consensus="true"
  xml:lang="en"
  version="3">

  <front>
    <title abbrev="ORF YANG model">YANG Data Model for BGP Outbound Route Filtering</title>

    <author fullname="Fan Zhang" initials="F" surname="Zhang">
      <organization>China Telecom</organization>
      <address>
        <email>zhangf52@chinatelecom.cn</email>
      </address>
    </author>

    <author fullname="Aijun Wang" initials="A." surname="Wang">
      <organization>China Telecom</organization>
      <address>
        <email>wangaj3@chinatelecom.cn</email>
      </address>
    </author>

    <author fullname="Changwang Lin" initials="C." surname="Lin">
      <organization>New H3C Technologies</organization>
      <address>
        <postal>
          <!-- Reorder these if your country does things differently -->
          <country>China</country>
        </postal>
        <email>linchangwang.04414@h3c.com</email>
      </address>
    </author>

    <date year="2026" />

    <!-- Meta-data Declarations -->

    <area>Routing Area</area>

    <workgroup>IDR</workgroup>

    <keyword>YANG</keyword>
    <keyword>ORF</keyword>
    <keyword>BGP</keyword>

    <abstract>
      <t>
        This document defines YANG data models for managing
        BGP Outbound Route Filter (ORF), including Address Prefix ORF and
        VPN Prefix ORF.
      </t>
    </abstract>
  </front>

  <middle>
    <section anchor="intro" title="Introduction">
      <t><xref target="RFC5291" /> defines a BGP-based mechanism that allows a BGP speaker
        to send Outbound Route Filters (ORFs) to a peer so that the peer
        can constrain outbound route advertisements to that speaker. The
        Outbound Route Filtering Capability, defined in Section 5 of <xref target="RFC5291" />,
        is negotiated per AFI/SAFI and per ORF Type.</t>

      <t>Existing ORF types include Address Prefix ORF and VPN
        Prefix ORF. The Address Prefix ORF can be used to perform
        address-prefix-based route filtering. The VPN Prefix ORF introduces VPN-specific semantics
        including Route Distinguisher, Route Target, Source PE, per-VRF
        quota, and overload handling.</t>

      <t>This document defines YANG data models to manage BGP ORF mechanism.</t>

      <section title="Terminology">
        <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD
          NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
          interpreted as described in BCP 14 <xref target="RFC2119" /> <xref target="RFC8174" />
          when, and only when, they appear in all capitals, as shown here.</t>

        <t>The following terms are defined in <xref target="RFC4760" />:</t>
        <ul spacing="normal">
          <li> AFI: Address Family Identifier.</li>

          <li> SAFI: Subsequent Address Family Identifier.</li>
        </ul>

        <t>The following terms are defined in <xref target="RFC5291" />:</t>


        <ul spacing="normal">
          <li> ORF: Outbound Route Filtering.</li>

          <li> ORF Type: 
            The ORF Type value maintained in the IANA BGP Outbound Route
            Filtering (ORF) Types registry.</li>
        </ul>


        <t>The following terms are defined in <xref target="RFC5292" />:</t>
        <ul spacing="normal">

          <li>
            Address Prefix ORF: Address Prefix Outbound Route Filter.</li>
        </ul>


        <t>The following terms are defined in <xref target="I-D.ietf-idr-vpn-prefix-orf" />:</t>


        <ul spacing="normal">

          <li>
            VPN Prefix ORF:
            VPN Prefix Outbound Route Filter.</li>

          <li> Source PE:
            The PE from which VPN routes are originated.</li>

          <li> Quota:
            The maximum number of VPN routes permitted for a configured
            scope, such as a VRF, RD, Source PE, or &lt;RD, Source PE&gt; pair.</li>

        </ul>

        <t>The following terms are defined in <xref target="RFC8342" />: </t>
        <ul spacing="normal">
          <li>configuration</li>
          <li>system state</li>
          <li>operational state</li>
        </ul>

        <t>The following terms are defined in <xref target="RFC7950" />: </t>
        <ul spacing="normal">
          <li>augment</li>
          <li>container</li>
          <li>data model</li>
          <li>data node</li>
          <li>leaf</li>
          <li>list</li>
          <li>module</li>
          <li>schema tree</li>
        </ul>

      </section>

      <section title="Tree Diagrams">
        <t>Tree diagrams used in this document follow the notation defined in <xref target="RFC8340" />.</t>
      </section>
    </section>

    <section anchor="design" title="Data Model Overview">
      <t>The BGP ORF data models provides methods to manage BGP ORF mechanism for address families,
         covering both generic ORF capabilities and specific ORF types (Address Prefix ORF and VPN Prefix ORF).
      </t>
      <t>This document defines two YANG modules: "ietf-bgp-orf" and "ietf-bgp-vpn-prefix-orf".</t>

      <t>The YANG module "ietf-bgp-orf" contains generic ORF capability <xref target="RFC5291" /> and
         Address Prefix ORF <xref target="RFC5292" /> function.</t>
      <ul spacing="normal">
         <li>The generic ORF capability consists of a list of ORF capabilities to specify the supports
             of different ORF types and whether the speaker supports receiving ORF entries, or sending ORF entries,
             or both as defined in <xref target="RFC5291" />.</li>
         <li>The Address Prefix ORF function consists of a list of Address Prefix ORF entries configured
             and sent by the speaker, and a list of Address Prefix ORF entries received from peers.</li>
       </ul>
      <t>The YANG module "ietf-bgp-vpn-prefix-orf" contains only VPN Prefix ORF <xref target="I-D.ietf-idr-vpn-prefix-orf" /> function,
         including the VPN Prefix ORF quotas and entries.</t>
      <ul spacing="normal">
         <li>The VPN Prefix ORF quotas consist of a list of ORF quotas.
             Configuring per-&lt;Route Distinguisher, Source PE&gt; quotas enables the granular mode of the VPN Prefix ORF mechanism.
             Otherwise, the VPN Prefix ORF mechanism operates in basic mode, in which a speaker sends a VPN Prefix ORF only
             when all VRFs importing the same Route Target(s) have exceeded their respective prefix limits.
             The ORF quota entry also specifies the overload VPN routes process method.</li>
         <li>The VPN Prefix ORF entries consist of a list of VPN Prefix ORF entries generated and sent by the speaker,
             and a list of VPN Prefix entries received from peers.</li>
      </ul>
    </section>

    <section title="Trees View">
      <section title="Generic ORF Tree">

        <t>The tree structure of the YANG module "ietf-bgp-orf" is shown below.</t>

        <t>The "ietf-bgp-orf" YANG module augments the YANG module "ietf-bgp" specified
           in <xref target="I-D.ietf-idr-bgp-model" />.</t>

<sourcecode type="yangtree" markers="false">
<![CDATA[
module: ietf-bgp-orf

  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:neighbors
          /bgp:neighbor/bgp:afi-safis/bgp:afi-safi/bgp:ipv4-unicast:
    +--rw capability* [orf-type] {address-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw address-prefix-orf-entries-sent {address-prefix-orf}?
    |  +--rw address-prefix-orf-entry* [sequence]
    |     +--rw sequence     uint32
    |     +--rw match?       enumeration
    |     +--rw prefix?      inet:ip-prefix
    |     +--rw minlen?      uint8
    |     +--rw maxlen?      uint8
    +--ro address-prefix-orf-entries-received {address-prefix-orf}?
       +--ro address-prefix-orf-entry* [sequence]
          +--ro sequence     uint32
          +--ro match?       enumeration
          +--ro prefix?      inet:ip-prefix
          +--ro minlen?      uint8
          +--ro maxlen?      uint8
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:neighbors
          /bgp:neighbor/bgp:afi-safis/bgp:afi-safi/bgp:ipv6-unicast:
    +--rw capability* [orf-type] {address-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw address-prefix-orf-entries-sent {address-prefix-orf}?
    |  +--rw address-prefix-orf-entry* [sequence]
    |     +--rw sequence     uint32
    |     +--rw match?       enumeration
    |     +--rw prefix?      inet:ip-prefix
    |     +--rw minlen?      uint8
    |     +--rw maxlen?      uint8
    +--ro address-prefix-orf-entries-received {address-prefix-orf}?
       +--ro address-prefix-orf-entry* [sequence]
          +--ro sequence     uint32
          +--ro match?       enumeration
          +--ro prefix?      inet:ip-prefix
          +--ro minlen?      uint8
          +--ro maxlen?      uint8
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:peer-groups
          /bgp:peer-group/bgp:afi-safis/bgp:afi-safi
          /bgp:ipv4-unicast:
    +--rw capability* [orf-type] {address-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw address-prefix-orf-entry* [sequence] {address-prefix-orf}?
    |  +--rw sequence     uint32
    |  +--rw match?       enumeration
    |  +--rw prefix?      inet:ip-prefix
    |  +--rw minlen?      uint8
    |  +--rw maxlen?      uint8
    +--rw address-prefix-orf-entries-sent {address-prefix-orf}?
       +--rw address-prefix-orf-entry* [sequence]
          +--rw sequence     uint32
          +--rw match?       enumeration
          +--rw prefix?      inet:ip-prefix
          +--rw minlen?      uint8
          +--rw maxlen?      uint8
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:peer-groups
          /bgp:peer-group/bgp:afi-safis/bgp:afi-safi
          /bgp:ipv6-unicast:
    +--rw capability* [orf-type] {address-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw address-prefix-orf-entries-sent {address-prefix-orf}?
       +--rw address-prefix-orf-entry* [sequence]
          +--rw sequence     uint32
          +--rw match?       enumeration
          +--rw prefix?      inet:ip-prefix
          +--rw minlen?      uint8
          +--rw maxlen?      uint8
      ]]>
</sourcecode>
      </section>
      <section title="VPN Prefix ORF Tree">
        <t>The tree structure of the YANG module "ietf-bgp-vpn-prefix-orf" is shown below.</t>

        <t>The "ietf-bgp-vpn-prefix-orf" YANG module also augments the YANG module "ietf-bgp" specified
           in <xref target="I-D.ietf-idr-bgp-model" />.</t>

<sourcecode type="yangtree" markers="false">
<![CDATA[
module: ietf-bgp-vpn-prefix-orf

  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:neighbors
          /bgp:neighbor/bgp:afi-safis/bgp:afi-safi
          /bgp:l3vpn-ipv4-unicast:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
    |  +--rw vpn-prefix-orf-quota* [rd source-pe]
    |     +--rw rd                   rt-types:route-distinguisher
    |     +--rw source-pe            union
    |     +--rw quota-value?         uint32
    |     +--rw overload-process-method?
    |                                overload-process-method-type
    +--ro vpn-prefix-orf-entries-sent {vpn-prefix-orf}?
    |  +--ro vpn-prefix-orf-entry* [sequence]
    |     +--ro sequence             uint32
    |     +--ro match?               enumeration
    |     +--ro rd?                  rt-types:route-distinguisher
    |     +--ro overload-process-method?
    |     |                          overload-process-method-type
    |     +--ro (source-pe)?
    |     |  +--:(ipv4)
    |     |  |  +--ro ipv4-address?           inet:ipv4-address
    |     |  +--:(ipv6)
    |     |  |  +--ro ipv6-address?           inet:ipv6-address
    |     |  +--:(identifier)
    |     |     +--ro source-pe-identifier?   source-pe-identifier
    |     +--ro route-target*                 rt-types:route-target
    |     +--ro route-type?                   uint8
    +--ro vpn-prefix-orf-entries-received {vpn-prefix-orf}?
       +--ro vpn-prefix-orf-entry* [sequence]
          +--ro sequence             uint32
          +--ro match?               enumeration
          +--ro rd?                  rt-types:route-distinguisher
          +--ro overload-process-method?
          |                          overload-process-method-type
          +--ro (source-pe)?
          |  +--:(ipv4)
          |  |  +--ro ipv4-address?           inet:ipv4-address
          |  +--:(ipv6)
          |  |  +--ro ipv6-address?           inet:ipv6-address
          |  +--:(identifier)
          |     +--ro source-pe-identifier?   source-pe-identifier
          +--ro route-target*                 rt-types:route-target
          +--ro route-type?                   uint8
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:neighbors
          /bgp:neighbor/bgp:afi-safis/bgp:afi-safi
          /bgp:l3vpn-ipv6-unicast:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
    |  +--rw vpn-prefix-orf-quota* [rd source-pe]
    |     +--rw rd                  rt-types:route-distinguisher
    |     +--rw source-pe           union
    |     +--rw quota-value?        uint32
    |     +--rw overload-process-method? 
    |                               overload-process-method-type
    +--ro vpn-prefix-orf-entries-send {vpn-prefix-orf}?
    |  +--ro vpn-prefix-orf-entry* [sequence]
    |     +--ro sequence             uint32
    |     +--ro match?               enumeration
    |     +--ro rd?                  rt-types:route-distinguisher
    |     +--ro overload-process-method? 
    |     |                          overload-process-method-type
    |     +--ro (source-pe)?
    |     |  +--:(ipv4)
    |     |  |  +--ro ipv4-address?           inet:ipv4-address
    |     |  +--:(ipv6)
    |     |  |  +--ro ipv6-address?           inet:ipv6-address
    |     |  +--:(identifier)
    |     |     +--ro source-pe-identifier?   source-pe-identifier
    |     +--ro route-target*                 rt-types:route-target
    |     +--ro route-type?                   uint8
    +--ro vpn-prefix-orf-entries-received {vpn-prefix-orf}?
       +--ro vpn-prefix-orf-entry* [sequence]
          +--ro sequence             uint32
          +--ro match?               enumeration
          +--ro rd?                  rt-types:route-distinguisher
          +--ro overload-process-method? 
          |                          overload-process-method-type
          +--ro (source-pe)?
          |  +--:(ipv4)
          |  |  +--ro ipv4-address?           inet:ipv4-address
          |  +--:(ipv6)
          |  |  +--ro ipv6-address?           inet:ipv6-address
          |  +--:(identifier)
          |     +--ro source-pe-identifier?   source-pe-identifier
          +--ro route-target*                 rt-types:route-target
          +--ro route-type?                   uint8
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:neighbors
          /bgp:neighbor/bgp:afi-safis/bgp:afi-safi
          /bgp:l3vpn-ipv4-multicast:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
    |  +--rw vpn-prefix-orf-quota* [rd source-pe]
    |     +--rw rd                   rt-types:route-distinguisher
    |     +--rw source-pe            union
    |     +--rw quota-value?         uint32
    |     +--rw overload-process-method?
    |                                overload-process-method-type
    +--ro vpn-prefix-orf-entries-sent {vpn-prefix-orf}?
    |  +--ro vpn-prefix-orf-entry* [sequence]
    |     +--ro sequence             uint32
    |     +--ro match?               enumeration
    |     +--ro rd?                  rt-types:route-distinguisher
    |     +--ro overload-process-method?
    |     |                          overload-process-method-type
    |     +--ro (source-pe)?
    |     |  +--:(ipv4)
    |     |  |  +--ro ipv4-address?           inet:ipv4-address
    |     |  +--:(ipv6)
    |     |  |  +--ro ipv6-address?           inet:ipv6-address
    |     |  +--:(identifier)
    |     |     +--ro source-pe-identifier?   source-pe-identifier
    |     +--ro route-target*                 rt-types:route-target
    |     +--ro route-type?                   uint8
    +--ro vpn-prefix-orf-entries-received {vpn-prefix-orf}?
       +--ro vpn-prefix-orf-entry* [sequence]
          +--ro sequence             uint32
          +--ro match?               enumeration
          +--ro rd?                  rt-types:route-distinguisher
          +--ro overload-process-method?
          |                          overload-process-method-type
          +--ro (source-pe)?
          |  +--:(ipv4)
          |  |  +--ro ipv4-address?           inet:ipv4-address
          |  +--:(ipv6)
          |  |  +--ro ipv6-address?           inet:ipv6-address
          |  +--:(identifier)
          |     +--ro source-pe-identifier?   source-pe-identifier
          +--ro route-target*                 rt-types:route-target
          +--ro route-type?                   uint8
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:neighbors
          /bgp:neighbor/bgp:afi-safis/bgp:afi-safi
          /bgp:l3vpn-ipv6-multicast:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
    |  +--rw vpn-prefix-orf-quota* [rd source-pe]
    |     +--rw rd                   rt-types:route-distinguisher
    |     +--rw source-pe            union
    |     +--rw quota-value?         uint32
    |     +--rw overload-process-method? 
    |                                overload-process-method-type
    +--ro vpn-prefix-orf-entries-send {vpn-prefix-orf}?
    |  +--ro vpn-prefix-orf-entry* [sequence]
    |     +--ro sequence             uint32
    |     +--ro match?               enumeration
    |     +--ro rd?                  rt-types:route-distinguisher
    |     +--ro overload-process-method?
    |     |                          overload-process-method-type
    |     +--ro (source-pe)?
    |     |  +--:(ipv4)
    |     |  |  +--ro ipv4-address?           inet:ipv4-address
    |     |  +--:(ipv6)
    |     |  |  +--ro ipv6-address?           inet:ipv6-address
    |     |  +--:(identifier)
    |     |     +--ro source-pe-identifier?   source-pe-identifier
    |     +--ro route-target*                 rt-types:route-target
    |     +--ro route-type?                   uint8
    +--ro vpn-prefix-orf-entries-received {vpn-prefix-orf}?
       +--ro vpn-prefix-orf-entry* [sequence]
          +--ro sequence             uint32
          +--ro match?               enumeration
          +--ro rd?                  rt-types:route-distinguisher
          +--ro overload-process-method?
          |                          overload-process-method-type
          +--ro (source-pe)?
          |  +--:(ipv4)
          |  |  +--ro ipv4-address?           inet:ipv4-address
          |  +--:(ipv6)
          |  |  +--ro ipv6-address?           inet:ipv6-address
          |  +--:(identifier)
          |     +--ro source-pe-identifier?   source-pe-identifier
          +--ro route-target*                 rt-types:route-target
          +--ro route-type?                   uint8
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:neighbors
          /bgp:neighbor/bgp:afi-safis/bgp:afi-safi/bgp:l2vpn-vpls:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
    |  +--rw vpn-prefix-orf-quota* [rd source-pe]
    |     +--rw rd                   rt-types:route-distinguisher
    |     +--rw source-pe            union
    |     +--rw quota-value?         uint32
    |     +--rw overload-process-method?
    |                                overload-process-method-type
    +--ro vpn-prefix-orf-entries-sent {vpn-prefix-orf}?
    |  +--ro vpn-prefix-orf-entry* [sequence]
    |     +--ro sequence             uint32
    |     +--ro match?               enumeration
    |     +--ro rd?                  rt-types:route-distinguisher
    |     +--ro overload-process-method?
    |     |                          overload-process-method-type
    |     +--ro (source-pe)?
    |     |  +--:(ipv4)
    |     |  |  +--ro ipv4-address?           inet:ipv4-address
    |     |  +--:(ipv6)
    |     |  |  +--ro ipv6-address?           inet:ipv6-address
    |     |  +--:(identifier)
    |     |     +--ro source-pe-identifier?   source-pe-identifier
    |     +--ro route-target*                 rt-types:route-target
    |     +--ro route-type?                   uint8
    +--ro vpn-prefix-orf-entries-received {vpn-prefix-orf}?
       +--ro vpn-prefix-orf-entry* [sequence]
          +--ro sequence             uint32
          +--ro match?               enumeration
          +--ro rd?                  rt-types:route-distinguisher
          +--ro overload-process-method?
          |                          overload-process-method-type
          +--ro (source-pe)?
          |  +--:(ipv4)
          |  |  +--ro ipv4-address?           inet:ipv4-address
          |  +--:(ipv6)
          |  |  +--ro ipv6-address?           inet:ipv6-address
          |  +--:(identifier)
          |     +--ro source-pe-identifier?   source-pe-identifier
          +--ro route-target*                 rt-types:route-target
          +--ro route-type?                   uint8
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:neighbors
          /bgp:neighbor/bgp:afi-safis/bgp:afi-safi/bgp:l2vpn-evpn:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
    |  +--rw vpn-prefix-orf-quota* [rd source-pe]
    |     +--rw rd                   rt-types:route-distinguisher
    |     +--rw source-pe            union
    |     +--rw quota-value?         uint32
    |     +--rw overload-process-method?
    |                                overload-process-method-type
    +--ro vpn-prefix-orf-entries-send {vpn-prefix-orf}?
    |  +--ro vpn-prefix-orf-entry* [sequence]
    |     +--ro sequence             uint32
    |     +--ro match?               enumeration
    |     +--ro rd?                  rt-types:route-distinguisher
    |     +--ro overload-process-method?
    |     |                          overload-process-method-type
    |     +--ro (source-pe)?
    |     |  +--:(ipv4)
    |     |  |  +--ro ipv4-address?           inet:ipv4-address
    |     |  +--:(ipv6)
    |     |  |  +--ro ipv6-address?           inet:ipv6-address
    |     |  +--:(identifier)
    |     |     +--ro source-pe-identifier?   source-pe-identifier
    |     +--ro route-target*                 rt-types:route-target
    |     +--ro route-type?                   uint8
    +--ro vpn-prefix-orf-entries-received {vpn-prefix-orf}?
       +--ro vpn-prefix-orf-entry* [sequence]
          +--ro sequence             uint32
          +--ro match?               enumeration
          +--ro rd?                  rt-types:route-distinguisher
          +--ro overload-process-method?
          |                          overload-process-method-type
          +--ro (source-pe)?
          |  +--:(ipv4)
          |  |  +--ro ipv4-address?           inet:ipv4-address
          |  +--:(ipv6)
          |  |  +--ro ipv6-address?           inet:ipv6-address
          |  +--:(identifier)
          |     +--ro source-pe-identifier?   source-pe-identifier
          +--ro route-target*                 rt-types:route-target
          +--ro route-type?                   uint8
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:peer-groups
          /bgp:peer-group/bgp:afi-safis/bgp:afi-safi
          /bgp:l3vpn-ipv4-unicast:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
       +--rw vpn-prefix-orf-quota* [rd source-pe]
          +--rw rd                   rt-types:route-distinguisher
          +--rw source-pe            union
          +--rw quota-value?         uint32
          +--rw overload-process-method?
                                     overload-process-method-type
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:peer-groups
          /bgp:peer-group/bgp:afi-safis/bgp:afi-safi
          /bgp:l3vpn-ipv6-unicast:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
       +--rw vpn-prefix-orf-quota* [rd source-pe]
          +--rw rd                  rt-types:route-distinguisher
          +--rw source-pe           union
          +--rw quota-value?        uint32
          +--rw overload-process-method?
                                    overload-process-method-type
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:peer-groups
          /bgp:peer-group/bgp:afi-safis/bgp:afi-safi
          /bgp:l3vpn-ipv4-multicast:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
       +--rw vpn-prefix-orf-quota* [rd source-pe]
          +--rw rd                   rt-types:route-distinguisher
          +--rw source-pe            union
          +--rw quota-value?         uint32
          +--rw overload-process-method?
                                     overload-process-method-type
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:peer-groups
          /bgp:peer-group/bgp:afi-safis/bgp:afi-safi
          /bgp:l3vpn-ipv6-multicast:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
       +--rw vpn-prefix-orf-quota* [rd source-pe]
          +--rw rd                   rt-types:route-distinguisher
          +--rw source-pe            union
          +--rw quota-value?         uint32
          +--rw overload-process-method?
                                     overload-process-method-type
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:peer-groups
          /bgp:peer-group/bgp:afi-safis/bgp:afi-safi/bgp:l2vpn-vpls:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
       +--rw vpn-prefix-orf-quota* [rd source-pe]
          +--rw rd                   rt-types:route-distinguisher
          +--rw source-pe            union
          +--rw quota-value?         uint32
          +--rw overload-process-method?
                                     overload-process-method-type
  augment /rt:routing/rt:control-plane-protocols
          /rt:control-plane-protocol/bgp:bgp/bgp:peer-groups
          /bgp:peer-group/bgp:afi-safis/bgp:afi-safi/bgp:l2vpn-evpn:
    +--rw capability* [orf-type] {vpn-prefix-orf}?
    |  +--rw orf-type        identityref
    |  +--rw send-receive?   orf-send-receive
    +--rw vpn-prefix-orf-quotas {vpn-prefix-orf}?
       +--rw vpn-prefix-orf-quota* [rd source-pe]
          +--rw rd                   rt-types:route-distinguisher
          +--rw source-pe            union
          +--rw quota-value?         uint32
          +--rw overload-process-method?
                                     overload-process-method-type
      ]]>
      </sourcecode>
      </section>
    </section>

    <section anchor="yangmodel" title="YANG Modules">

    <section anchor="orfyangmodel" title="Generic ORF YANG Module">
    <t>The Generic ORF YANG Module imports modules defined in <xref target="RFC9911" />, <xref target="RFC8349" />,
    and <xref target="I-D.ietf-idr-bgp-model" />.</t>

<sourcecode name="ietf-bgp-orf@2026-06-18.yang" type="yang" markers="true">
<![CDATA[
module ietf-bgp-orf {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-bgp-orf";
  prefix orf;

  import ietf-routing {
    prefix rt;
    reference
      "RFC 8349: A YANG Data Model for Routing Management
                 (NMDA Version)";
  }
  import ietf-inet-types {
    prefix inet;
    reference
      "RFC 9911: Common YANG Data Types";
  }
  import ietf-bgp {
    prefix bgp;
    reference
      "RFC XXXX: YANG Model for Border Gateway Protocol (BGP-4)";
  }

  organization
    "IETF Inter-Domain Routing (IDR) Working Group";
  contact
    "WG Web:   https://datatracker.ietf.org/wg/idr
     WG List:  IDR <mailto:idr@ietf.org>

     Editor:   Fan Zhang
               <mailto:zhangf52@chinatelecom.cn>
     Editor:   Aijun Wang
               <mailto:wangaj3@chinatelecom.cn>
     Editor:   Changwang Lin
               <mailto:linchangwang.04414@h3c.com>";
  description
    "This YANG module defines a generic configurtion and management
     for the BGP Outbound Route Filtering (ORF). Type-specific ORF
     modules may augment this module.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
     'MAY', and 'OPTIONAL' in this document are to be interpreted as
     described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
     they appear in all capitals, as shown here.

     Copyright (c) 2026 IETF Trust and the persons identified as
     authors of the code. All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Revised BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     All revisions of IETF and IANA published modules can be found
     at the YANG Parameters registry group
     (https://www.iana.org/assignments/yang-parameters).

     This version of this YANG module is part of RFC XXXX; see
     the RFC itself for full legal notices.";

  revision 2026-06-18 {
    description
      "Initial revision.";
    reference
      "RFC 5291: Outbound Route Filtering Capability for BGP-4
       RFC 5292: Address-Prefix-Based Outbound Route Filter for
                 BGP-4";
  }

  /*
   * Features
   */

  feature address-prefix-orf {
    description
      "Support for Address Prefix ORF for BGP-4.";
    reference
      "RFC 5292: Address-Prefix-Based Outbound Route Filter for
                 BGP-4";
  }

  /*
   * Identities
   */  

  identity orf-type {
    description
      "Base ORF type.";
    reference
      "RFC 5291: Outbound Route Filtering Capability for BGP-4";
  }

  identity address-prefix-orf {
    base orf-type;
    description
      "Address Prefix ORF.";
    reference
      "RFC 5292: Address-Prefix-Based Outbound Route Filter for
                 BGP-4";
  }

  identity vpn-prefix-orf {
    base orf-type;
    description
      "VPN Prefix ORF.";
    reference
      "RFC XXXX: VPN Prefix Outbound Route Filter (VPN Prefix ORF)
                 for BGP-4";
  }

  /*
   * Typedefs
   */  

  typedef orf-send-receive {
    type enumeration {
      enum receive {
        value 1;
        description
          "The local speaker is willing to receive ORF entries from
           its peer.";
      }
      enum send {
        value 2;
        description
          "The local speaker would like to send ORF entries to its
           peer.";
      }
      enum both {
        value 3;
        description
          "The local speaker supports both sending and receiving ORF
           entries.";
      }
    }
    description
      "ORF Send/Receive field.";
    reference
      "RFC 5291: Outbound Route Filtering Capability for BGP-4,
                 Section 5";
  }

  /*
   * Groupings
   */

  grouping orf-capability {
    description
      "Grouping for ORF Capabilities for a bgp speaker.";
    list capability {
      key "orf-type";
      description
        "List of ORF capabilities for each ORF types.";
      leaf orf-type {
        type identityref {
          base orf-type;
        }
        description
          "The ORF type supoorted by the BGP speaker.";
      }
      leaf send-receive {
        type orf-send-receive;
        default "both";
        description
          "Indicating whether the sender supports receiving ORF
           entries, or sending ORF entries, or both.";
      }
    }
    reference
      "RFC 5291: Outbound Route Filtering Capability for BGP-4,
                 Section 5";
  }

  grouping address-prefix-orf-entries {
    description
      "Grouping for Address Prefix ORF entries for BGP";
    list address-prefix-orf-entry {
      key "sequence";
      description
        "List of Address Prefix ORF entries of an address family.";
      leaf sequence {
        type uint32;
        description
          "Sequence number of the Address Prefix ORF entries.";
      }
      leaf match {
        type enumeration {
          enum permit {
            description
              "Permit the peer to pass updates for the set of routes
               that match the ORF entry.";
          }
          enum deny {
            description
              "Deny the peer to pass the updates for the set of  
               routes that match the ORF entry.";
          }
        }
        description
          "Specifiying whether this entry is PERMIT or DENY.";
      }
      leaf prefix {
        type inet:ip-prefix;
        description
          "IP prefix to be matched by the Address Prefix ORF entry.";
      }
      leaf minlen {
        type uint8;
        description
          "Minimum prefix length (in bits) for matching.
           A value of 0 indicates that the field is unspecified.";
      }
      leaf maxlen {
        type uint8;
        description
          "Maximum prefix length (in bits) for matching.
           A value of 0 indicates that the field is unspecified.";
      }
      reference
        "RFC 5292: Address-Prefix-Based Outbound Route Filter for
                   BGP-4, Section 2";
    }
  }

  /*
   * Data nodes
   */

  augment
    "/rt:routing/rt:control-plane-protocols"
  + "/rt:control-plane-protocol/bgp:bgp/bgp:neighbors/bgp:neighbor"
  + "/bgp:afi-safis/bgp:afi-safi/bgp:ipv4-unicast" {
    if-feature "address-prefix-orf";
    description
      "Address Prefix ORF augmentation for the IPv4 unicast address
       family of a BGP neighbor.";
    uses orf-capability;
    container address-prefix-orf-entries-sent {
      description
        "Address Prefix ORF entries sent";
      uses address-prefix-orf-entries {
        refine "address-prefix-orf-entry/minlen" {
          must '. <= 32';
        }
        refine "address-prefix-orf-entry/maxlen" {
          must '. <= 32';
        }
      }
    }
    container address-prefix-orf-entries-received {
      config false;
      description
        "Address Prefix ORF entries received";
      uses address-prefix-orf-entries {
        refine "address-prefix-orf-entry/minlen" {
          must '. <= 32';
        }
        refine "address-prefix-orf-entry/maxlen" {
          must '. <= 32';
        }
      }
    }
  }

  augment
    "/rt:routing/rt:control-plane-protocols"
  + "/rt:control-plane-protocol/bgp:bgp/bgp:neighbors/bgp:neighbor"
  + "/bgp:afi-safis/bgp:afi-safi/bgp:ipv6-unicast" {
    if-feature "address-prefix-orf";
    description
      "Address Prefix ORF augmentation for the IPv6 unicast address
       family of a BGP neighbor.";
    uses orf-capability;
    container address-prefix-orf-entries-sent {
      description
        "Address Prefix ORF entries sent";
      uses address-prefix-orf-entries {
        refine "address-prefix-orf-entry/minlen" {
          must '. <= 128';
        }
        refine "address-prefix-orf-entry/maxlen" {
          must '. <= 128';
        }
      }
    }
    container address-prefix-orf-entries-received {
      config false;
      description
        "Address Prefix ORF entries received";
      uses address-prefix-orf-entries {
        refine "address-prefix-orf-entry/minlen" {
          must '. <= 128';
        }
        refine "address-prefix-orf-entry/maxlen" {
          must '. <= 128';
        }
      }
    }
  }

  augment
    "/rt:routing/rt:control-plane-protocols"
  + "/rt:control-plane-protocol/bgp:bgp/bgp:peer-groups"
  + "/bgp:peer-group/bgp:afi-safis/bgp:afi-safi/bgp:ipv4-unicast" {
    if-feature "address-prefix-orf";
    description
      "Address Prefix ORF augmentation for the IPv4 unicast address
       family of a BGP peer group.";
    uses orf-capability;
    uses address-prefix-orf-entries {
      refine "address-prefix-orf-entry/minlen" {
        must '. <= 32';
      }
      refine "address-prefix-orf-entry/maxlen" {
        must '. <= 32';
      }
    }
    container address-prefix-orf-entries-sent {
      description
        "Address Prefix ORF entries sent";
      uses address-prefix-orf-entries {
        refine "address-prefix-orf-entry/minlen" {
          must '. <= 32';
        }
        refine "address-prefix-orf-entry/maxlen" {
          must '. <= 32';
        }
      }
    }
  }

  augment
    "/rt:routing/rt:control-plane-protocols"
  + "/rt:control-plane-protocol/bgp:bgp/bgp:peer-groups"
  + "/bgp:peer-group/bgp:afi-safis/bgp:afi-safi/bgp:ipv6-unicast" {
    if-feature "address-prefix-orf";
    description
      "Address Prefix ORF augmentation for the IPv6 unicast address
       family of a BGP peer group.";
    uses orf-capability;
    container address-prefix-orf-entries-sent {
      description
        "Address Prefix ORF entries sent";
      uses address-prefix-orf-entries {
        refine "address-prefix-orf-entry/minlen" {
          must '. <= 128';
        }
        refine "address-prefix-orf-entry/maxlen" {
          must '. <= 128';
        }
      }
    }
  }
}
]]>
      </sourcecode>
    </section>
    <section anchor="vpnyangmodel" title="VPN Prefix ORF YANG Module">
    <t>The VPN Prefix ORF YANG Module imports modules defined in <xref target="RFC9911" />, <xref target="RFC8349" />, <xref target="RFC8529" />,
       <xref target="RFC8294" />, <xref target="I-D.ietf-idr-bgp-model" />, and <xref target="I-D.ietf-idr-vpn-prefix-orf" />.</t>

<sourcecode name="ietf-bgp-vpn-prefix-orf@2026-06-18.yang" type="yang" markers="true">
<![CDATA[
module ietf-bgp-vpn-prefix-orf {
  yang-version 1.1;
  namespace
    "urn:ietf:params:xml:ns:yang:ietf-bgp-vpn-prefix-orf";
  prefix vporf;

  import ietf-routing-types {
    prefix rt-types;
    reference
      "RFC 8294: Common YANG Data Types for the Routing Area";
  }
  import ietf-routing {
    prefix rt;
    reference
      "RFC 8349: A YANG Data Model for Routing Management
                 (NMDA Version)";
  }
  import ietf-inet-types {
    prefix inet;
    reference
      "RFC 9911: Common YANG Data Types";
  }
  import ietf-bgp {
    prefix bgp;
    reference
      "RFC XXXX: YANG Model for Border Gateway Protocol (BGP-4)";
  }
  import ietf-bgp-orf {
    prefix orf;
    reference
      "RFC XXXX: YANG Data Model for BGP Outbound Route Filtering";
  }  

  organization
    "IETF Inter-Domain Routing (IDR) Working Group";

  contact
    "WG Web:   https://datatracker.ietf.org/wg/idr
     WG List:  IDR <mailto:idr@ietf.org>

     Editor:   Fan Zhang
               <mailto:zhangf52@chinatelecom.cn>
     Editor:   Aijun Wang
               <mailto:wangaj3@chinatelecom.cn>
     Editor:   Changwang Lin
               <mailto:linchangwang.04414@h3c.com>";
  description
    "This YANG module defines a generic configuration and operational
     state for VPN Prefix ORF, including VPN Prefix ORF quota and
     overload handling.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
     'MAY', and 'OPTIONAL' in this document are to be interpreted as
     described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
     they appear in all capitals, as shown here.

     Copyright (c) 2026 IETF Trust and the persons identified as
     authors of the code. All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Revised BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     All revisions of IETF and IANA published modules can be found
     at the YANG Parameters registry group
     (https://www.iana.org/assignments/yang-parameters).

     This version of this YANG module is part of RFC XXXX; see
     the RFC itself for full legal notices.";

  revision 2026-06-18 {
    description
      "Initial revision.";
    reference
      "RFC XXXX: VPN Prefix Outbound Route Filter (VPN Prefix ORF)
                 for BGP-4";
  }

  /*
   * Features
   */

  feature vpn-prefix-orf {
    description
      "Support for VPN Prefix ORF for BGP-4.";
    reference
      "RFC XXXX: VPN Prefix Outbound Route Filter (VPN Prefix ORF)
                 for BGP-4";    
  }
  
  /*
   * Identities
   */  

  identity vpn-prefix-orf {
    base orf:orf-type;
    description
      "VPN Prefix ORF.";
    reference
      "RFC XXXX: VPN Prefix Outbound Route Filter (VPN Prefix ORF)
                 for BGP-4";    
  }

  /*
   * Typedefs
   */

  typedef source-pe-identifier {
    type uint32;
    description
      "Source PE identifier carried by VPN Prefix ORF.";
  }

  typedef overload-process-method-type {
    type enumeration {
      enum withdraw-overload-routes {
        value 0;
        description
          "The receiver of VPN Prefix ORF message MUST withdraw all
           previously advertised overload VPN routes that match the
           ORF's type-specific part.";
      }
      enum refuse-overload-routes {
        value 1;
        description
          "The sender of the VPN Prefix ORF message will refuse to
           accept VPN routes matching the overload criteria and that
           the receiver of the VPN Prefix ORF message MUST NOT
           announce VPN routes matching the overload criteria.";
      }
      
    }
    description
      "Overload VPN routes process method";
    reference
      "RFC XXXX: VPN Prefix Outbound Route Filter (VPN Prefix ORF)
                 for BGP-4,Section 4";      
  }

  /*
   * Groupings
   */

  grouping vpn-prefix-orf-quotas {
    description
      "Grouping of VPN Prefix ORF quotas.";
    container vpn-prefix-orf-quotas {
      description
        "Quota configuration for granular mode.
         If no quota entries are configured, VPN Prefix ORF operates
         in basic mode.";
      list vpn-prefix-orf-quota {
        key "rd source-pe";
        description
          "List of quotas per <RD, Source PE>.";
        leaf rd {
          type rt-types:route-distinguisher;
          description 
            "Route distinguisher for which the quota applies.";
        }
        leaf source-pe {
          type union {
            type inet:ip-address;
            type uint32;
          }
          description
            "Source PE for which the quota applies.";          
        }
        leaf quota-value {
          type uint32;
          description
            "Threshold to limit the number of VPN routes";
        }
        leaf overload-process-method {
          type overload-process-method-type;
          default "withdraw-overload-routes";
          description
            "Overload VPN routes process method";
        }
        reference
          "RFC XXXX: VPN Prefix Outbound Route Filter
                     (VPN Prefix ORF) for BGP-4, Section 7.2";
      }
    }
  }

  grouping vpn-prefix-orf-entries {
    description
      "Grouping of VPN Prefix ORF entries";
    list vpn-prefix-orf-entry {
      key "sequence";
      description
        "List of VPN Prefix ORF entries of an address family.";
      leaf sequence {        
        type uint32;
        description
          "The relative ordering of the entry among all the VPN
           Prefix ORF entries.";
      }
      leaf match {
        type enumeration {
          enum permit {
            description
              "Permit the peer to pass updates for the set of routes
               that match the ORF entry.";
          }
          enum deny {
            description
              "Deny the peer to pass updates for the set of routes
               that match the ORF entry.";
          }
        }
        description
          "Specifiying whether this entry is PERMIT or DENY. VPN
           Prefix ORF entry is only valid when its Match field is
           DENY.";
      }
      leaf rd {
        type rt-types:route-distinguisher;
        description "Route distinguisher";
      }
      leaf overload-process-method {
        type overload-process-method-type;
        description
          "Overload VPN routes process method";
        reference
          "RFC XXXX: VPN Prefix Outbound Route Filter
                     (VPN Prefix ORF) for BGP-4, Section 4";
      }
      choice source-pe {
        description
          "Source PE information associated with the ORF entry.";

        case ipv4 {
          leaf ipv4-address {
            type inet:ipv4-address;
            description
              "IPv4 Source PE TLV.";
          }
        }

        case ipv6 {
          leaf ipv6-address {
            type inet:ipv6-address;
            description
              "IPv6 Source PE TLV.";
          }
        }

        case identifier {
          leaf source-pe-identifier {
            type source-pe-identifier;
            description
              "Source PE identifier TLV.";
          }
        }
        reference
          "RFC XXXX: VPN Prefix Outbound Route Filter
                     (VPN Prefix ORF) for BGP-4, Section 4.1";
      }      
      leaf-list route-target {
        type rt-types:route-target;
        
        description
          "Optional Route Target match criteria of the VPN Prefix
           ORF entry. When present, only VPN routes carrying one
           of the specified Route Target values are matched.";
        reference
          "RFC XXXX: VPN Prefix Outbound Route Filter
                     (VPN Prefix ORF) for BGP-4, Section 4.2";
      }
      leaf route-type {
        type uint8;
        description
          "The route type value carried in the Route Type TLV.";
        reference
          "RFC XXXX: VPN Prefix Outbound Route Filter
                     (VPN Prefix ORF) for BGP-4, Section 4.3";
      }  
    }
  }

  /*
   * Data nodes
   */  

  augment 
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:neighbors/bgp:neighbor"
  +"/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv4-unicast" {
    if-feature "vpn-prefix-orf";
    description
      "VPN Prefix ORF augmentation for the L3VPN IPv4 unicast
       address family of a BGP neighbor.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
    container vpn-prefix-orf-entries-sent {
      config false;
      description
        "VPN Prefix ORF entries sent";
      uses vpn-prefix-orf-entries;
    }
    container vpn-prefix-orf-entries-received {
      config false;
      
      description
        "VPN Prefix ORF entries received";
      uses vpn-prefix-orf-entries;
    }
  }  
  
  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:neighbors/bgp:neighbor"
  +"/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv6-unicast" {
    if-feature "vpn-prefix-orf";        
    description
      "VPN Prefix ORF augmentation for the L3VPN IPv6 unicast
       address family of a BGP neighbor.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
    container vpn-prefix-orf-entries-send {
      config false;
      description
        "VPN Prefix ORF entries sent";
      uses vpn-prefix-orf-entries;
    }
    container vpn-prefix-orf-entries-received {
      config false;
      
      description
        "VPN Prefix ORF entries received";
      uses vpn-prefix-orf-entries;
    }
  }

  augment 
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:neighbors/bgp:neighbor"
  +"/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv4-multicast" {
    if-feature "vpn-prefix-orf";
    description
      "VPN Prefix ORF augmentation for the L3VPN IPv4 multicast
       address family of a BGP neighbor.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
    container vpn-prefix-orf-entries-sent {
      config false;
      description
        "VPN Prefix ORF entries sent";
      uses vpn-prefix-orf-entries;
    }
    container vpn-prefix-orf-entries-received {
      config false;
      
      description
        "VPN Prefix ORF entries received";
      uses vpn-prefix-orf-entries;
    }
  }  
  
  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:neighbors/bgp:neighbor"
  +"/bgp:afi-safis/bgp:afi-safi/bgp:l3vpn-ipv6-multicast" {
    if-feature "vpn-prefix-orf";        
    description
      "VPN Prefix ORF augmentation for the L3VPN IPv6 multicast
       address family of a BGP neighbor.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
    container vpn-prefix-orf-entries-send {
      config false;
      description
        "VPN Prefix ORF entries sent";
      uses vpn-prefix-orf-entries;
    }
    container vpn-prefix-orf-entries-received {
      config false;
      
      description
        "VPN Prefix ORF entries received";
      uses vpn-prefix-orf-entries;
    }
  }

  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:neighbors/bgp:neighbor"
  +"/bgp:afi-safis/bgp:afi-safi/bgp:l2vpn-vpls" {
    if-feature "vpn-prefix-orf";
    description
      "VPN Prefix ORF augmentation for the L2VPN VPLS address family
       of a BGP neighbor.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
    container vpn-prefix-orf-entries-sent {
      config false;
      description
        "VPN Prefix ORF entries sent";
      uses vpn-prefix-orf-entries;
    }
    container vpn-prefix-orf-entries-received {
      config false;
      
      description
        "VPN Prefix ORF entries received";
      uses vpn-prefix-orf-entries;
    }
  }  
  
  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:neighbors/bgp:neighbor"
  +"/bgp:afi-safis/bgp:afi-safi/bgp:l2vpn-evpn" {
    if-feature "vpn-prefix-orf";        
    description
      "VPN Prefix ORF augmentation for the L2VPN EVPN address family
       of a BGP neighbor.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
    container vpn-prefix-orf-entries-send {
      config false;
      description
        "VPN Prefix ORF entries sent";
      uses vpn-prefix-orf-entries;
    }
    container vpn-prefix-orf-entries-received {
      config false;
      
      description
        "VPN Prefix ORF entries received";
      uses vpn-prefix-orf-entries;
    }
  }   
  
  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:peer-groups"
  +"/bgp:peer-group/bgp:afi-safis/bgp:afi-safi"
  +"/bgp:l3vpn-ipv4-unicast" {
    if-feature "vpn-prefix-orf";
    description
      "VPN Prefix ORF augmentation for the L3VPN IPv4 unicast
       address family of a BGP peer group.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
  }  
  
  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:peer-groups"
  +"/bgp:peer-group/bgp:afi-safis/bgp:afi-safi"
  +"/bgp:l3vpn-ipv6-unicast" {
    if-feature "vpn-prefix-orf";        
    description
      "VPN Prefix ORF augmentation for the L3VPN IPv6 unicast
       address family of a BGP peer group.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
  }
  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:peer-groups"
  +"/bgp:peer-group/bgp:afi-safis/bgp:afi-safi"
  +"/bgp:l3vpn-ipv4-multicast" {
    if-feature "vpn-prefix-orf";
    description
      "VPN Prefix ORF augmentation for the L3VPN IPv4 multicast
       address family of a BGP peer group.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
  }  
  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:peer-groups"
  +"/bgp:peer-group/bgp:afi-safis/bgp:afi-safi"
  +"/bgp:l3vpn-ipv6-multicast" {
    if-feature "vpn-prefix-orf";        
    description
      "VPN Prefix ORF augmentation for the L3VPN IPv6 multicast
       address family of a BGP peer group.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
  }  
  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:peer-groups"
  +"/bgp:peer-group/bgp:afi-safis/bgp:afi-safi/bgp:l2vpn-vpls" {
    if-feature "vpn-prefix-orf";
    description
      "VPN Prefix ORF augmentation for the L2VPN VPLS address family
       of a BGP peer group.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
  }  
  
  augment
   "/rt:routing/rt:control-plane-protocols"
  +"/rt:control-plane-protocol/bgp:bgp/bgp:peer-groups"
  +"/bgp:peer-group/bgp:afi-safis/bgp:afi-safi/bgp:l2vpn-evpn" {
    if-feature "vpn-prefix-orf";        
    description
      "VPN Prefix ORF augmentation for the L2VPN EVPN address family
       of a BGP peer group.";
    uses orf:orf-capability;
    uses vpn-prefix-orf-quotas;
  }  
}
]]>

      </sourcecode>
    </section>
    </section>

    <section title="IANA Considerations">
      <t>IANA is requested to register the following URIs in the "ns"
         registry within the "IETF XML Registry" group <xref target="RFC3688" />:</t>

      <artwork><![CDATA[
    URI: urn:ietf:params:xml:ns:yang:ietf-bgp-orf
    Registrant Contact: The IESG.
    XML: N/A; the requested URI is an XML namespace.

    URI: urn:ietf:params:xml:ns:yang:ietf-bgp-vpn-prefix-orf
    Registrant Contact: The IESG.
    XML: N/A; the requested URI is an XML namespace.
              ]]></artwork>

      <t>IANA is requested to register the following YANG module in the "YANG
         Module Names" registry <xref target="RFC6020" /> within the "YANG Parameters"
         registry group.</t>

      <artwork><![CDATA[
    name: ietf-bgp-orf
    Maintained by IANA?  N
    namespace: urn:ietf:params:xml:ns:yang:ietf-bgp-orf
    prefix: orf
    reference: RFC XXXX

    name: ietf-bgp-vpn-prefix-orf
    Maintained by IANA?  N
    namespace: urn:ietf:params:xml:ns:yang:ietf-bgp-vpn-prefix-orf
    prefix: vporf
    reference: RFC XXXX
              ]]></artwork>
    </section>

    <section anchor="security" title="Security Considerations">
      <t>This section is modeled after the template described in Section 3.7.1 of <xref target="RFC9907" />.</t>

      <t>The "ietf-bgp-orf" and "ietf-bgp-vpn-prefix-orf" YANG modules define data models that are designed to be accessed via
        YANG-based management protocols, such as the Network Configuration Protocol (NETCONF) <xref
          target="RFC6241" /> and RESTCONF <xref target="RFC8040" />. These YANG-based management
        protocols (1) have to use a secure transport layer (e.g., Secure Shell (SSH) <xref
          target="RFC4252" />, TLS <xref target="RFC8446" />, and QUIC <xref target="RFC9000" />)
        and (2) have to use mutual authentication.</t>

      <t>The Network Configuration Access Control Model (NACM) <xref target="RFC8341" /> provides
        the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured
        subset of all available NETCONF or RESTCONF protocol operations and content.</t>

      <t>TBD.</t>

    </section>

    <section anchor="ack" title="Acknowledgments">
      <t>TBD.</t>
    </section>

  </middle>

  <back>

    <references title="Normative References">
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.3688.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.4760.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5291.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5292.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.6020.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.7950.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8294.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8341.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8342.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8349.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8529.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.9911.xml" />
      <xi:include
        href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-idr-bgp-model.xml" />
    </references>

    <references title="Informative References">
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.4252.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.6241.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8040.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8340.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8446.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.9000.xml" />
      <xi:include href="http://xml.resource.org/public/rfc/bibxml/reference.RFC.9907.xml" />
      <xi:include
        href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-idr-vpn-prefix-orf.xml" />
    </references>

    <!-- appendix -->
    <!-- <section anchor="datamodel" title="Data Model Examples">
      <section anchor="configAPORF" title="Configuration of Address Prefix ORF Entry">
        <t>TBD. </t>
        <sourcecode type="xml" markers="false"><![CDATA[ 

]]>
          </sourcecode>

        <t>The following is the same example using JSON format.</t>
        <sourcecode type="xml" markers="false"><![CDATA[

]]>
          </sourcecode>

      </section>

      <section anchor="configVPNORF" title="Configuration of VPN Prefix ORF Quota">
        <t>TBD. </t>
        <sourcecode type="xml" markers="false"><![CDATA[ 

]]>
          </sourcecode>

        <t>The following is the same example using JSON format.</t>
        <sourcecode type="xml" markers="false"><![CDATA[

]]>
          </sourcecode>

      </section>

    </section> -->

  </back>
</rfc>