SF and SFF "dictionary" mismatch not validated or checked, misconfiguration allowed

SF:
{
"service-functions": {
"service-function": [
{
"name": "firewall-72",
"ip-mgmt-address": "192.168.50.72",
"type": "service-function-type:firewall",
"nsh-aware": true,
"sf-data-plane-locator": [

{ "name": "2", "port": 6633, "ip": "192.168.50.72", "transport": "service-locator:vxlan-gpe", "service-function-forwarder": "SFF1" }

]
},
{
"name": "dpi-74",
"ip-mgmt-address": "192.168.50.74",
"type": "service-function-type:dpi",
"nsh-aware": true,
"sf-data-plane-locator": [

{ "name": "3", "port": 6633, "ip": "192.168.50.74", "transport": "service-locator:vxlan-gpe", "service-function-forwarder": "SFF1" }

]
}
]
}
}

SFF:
{
"service-function-forwarders": {
"service-function-forwarder": [
{
"name": "SFF1",
"service-node": "OVSDB2",
"service-function-forwarder-ovs:ovs-bridge":

{ "bridge-name": "sw2" }

,
"service-function-dictionary": [
{
"name": "firewall-72",
"type": "service-function-type:firewall",
"sff-sf-data-plane-locator":

{ "port": 6633, "ip": "192.168.50.71", "transport": "service-locator:vxlan-gpe" }

}
],
"sff-data-plane-locator": [
{
"name": "sfc-tun2",
"data-plane-locator":

{ "transport": "service-locator:vxlan-gpe", "port": 6633, "ip": "192.168.50.71" }

,
"service-function-forwarder-ovs:ovs-options":

{ "remote-ip": "flow", "dst-port": "6633", "key": "flow", "nsp": "flow", "nsi": "flow", "nshc1": "flow", "nshc2": "flow", "nshc3": "flow", "nshc4": "flow" }

}
]
},
{
"name": "SFF2",
"service-node": "OVSDB2",
"service-function-forwarder-ovs:ovs-bridge":

{ "bridge-name": "sw4" }

,
"service-function-dictionary": [
{
"name": "dpi-74",
"type": "service-function-type:dpi",
"sff-sf-data-plane-locator":

{ "port": 6633, "ip": "192.168.50.73", "transport": "service-locator:vxlan-gpe" }

}
],
"sff-data-plane-locator": [
{
"name": "sfc-tun4",
"data-plane-locator":

{ "transport": "service-locator:vxlan-gpe", "port": 6633, "ip": "192.168.50.73" }

,
"service-function-forwarder-ovs:ovs-options":

{ "remote-ip": "flow", "dst-port": "6633", "key": "flow", "nsp": "flow", "nsi": "flow", "nshc1": "flow", "nshc2": "flow", "nshc3": "flow", "nshc4": "flow" }

}
]
}
]
}
}

SFC:
{
"service-function-chains": {
"service-function-chain": [
{
"name": "SFCGBP",
"symmetric": false,
"sfc-service-function": [

{ "name": "firewall-abstract1", "type": "service-function-type:firewall" }

,

{ "name": "dpi-abstract1", "type": "service-function-type:dpi" }

]
}
]
}
}

SFP:
{
"service-function-paths": {
"service-function-path": [

{ "name": "SFCGBP-Path", "service-chain-name": "SFCGBP", "starting-index": 255, "symmetric": false }

]
}
}

RSP:
{
"input":

{ "name": "SFCGBP-Path-RSP", "parent-service-function-path": "SFCGBP-Path", "symmetric": false }

}

RSP goes into OPER and SFCOFL2 gets notification:
{
"rendered-service-paths": {
"rendered-service-path": [
{
"name": "SFCGBP-Path-RSP",
"parent-service-function-path": "SFCGBP-Path",
"rendered-service-path-hop": [

{ "hop-number": 0, "service-index": 255, "service-function-forwarder-locator": "sfc-tun2", "service-function-name": "firewall-72", "service-function-forwarder": "SFF1" }

,

{ "hop-number": 1, "service-index": 254, "service-function-forwarder-locator": "sfc-tun2", "service-function-name": "dpi-74", "service-function-forwarder": "SFF1" }

],
"service-chain-name": "SFCGBP",
"path-id": 36,
"starting-index": 255,
"transport-type": "service-locator:vxlan-gpe"
}
]
}
}

RESULT:

Partial config, SFF1 creates flows for SF1 but not SF2, SFF2 does nothing. Error in log.

Suggested fix: remove all individual references in:

• SF model to SFF
• SFF model to SF

SF model can have multiple DPLs as can SFF.

This should be kept in a separate map, where it can be configured as SF-DPL <-> SFF-DPL relationship or it can be discovered.

This can also be validated to ensure that transport/DPL type between SF and SFF matches. service-function-mapping.yang doesn't appear in use anywhere, so I'd like to modify it for this purpose.