diff --git a/config/__init__.py b/config/__init__.py
index 4b6d4fc..77b3db2 100644
--- a/config/__init__.py
+++ b/config/__init__.py
@@ -30,6 +30,7 @@ from config.bondethernet import validate_bondethernets
 from config.interface import validate_interfaces
 from config.bridgedomain import validate_bridgedomains
 from config.vxlan_tunnel import validate_vxlan_tunnels
+from config.schema import yamale_schema
 
 from yamale.validators import DefaultValidators, Validator
 import ipaddress
@@ -73,23 +74,24 @@ class Validator(object):
         if not yaml:
             return ret_rv, ret_msgs
 
-        if self.schema:
-            try:
+        try:
+            validators = DefaultValidators.copy()
+            validators[IPInterfaceWithPrefixLength.tag] = IPInterfaceWithPrefixLength
+            if self.schema:
                 self.logger.debug("Validating against schema %s" % self.schema)
-                validators = DefaultValidators.copy()
-                validators[IPInterfaceWithPrefixLength.tag] = IPInterfaceWithPrefixLength
                 schema = yamale.make_schema(self.schema, validators=validators)
-                data = yamale.make_data(content=str(yaml))
-                yamale.validate(schema, data)
-                self.logger.debug("Schema correctly validated by yamale")
-            except ValueError as e:
-                ret_rv = False
-                for result in e.results:
-                    for error in result.errors:
-                        ret_msgs.extend(['yamale: %s' % error])
-                return ret_rv, ret_msgs
-        else:
-            self.logger.warning("Schema validation disabled")
+            else:
+                self.logger.debug("Validating against built-in schema")
+                schema = yamale.make_schema(content=yamale_schema, validators=validators)
+            data = yamale.make_data(content=str(yaml))
+            yamale.validate(schema, data)
+            self.logger.debug("Schema correctly validated by yamale")
+        except ValueError as e:
+            ret_rv = False
+            for result in e.results:
+                for error in result.errors:
+                    ret_msgs.extend(['yamale: %s' % error])
+            return ret_rv, ret_msgs
 
         self.logger.debug("Validating Semantics...")
 
diff --git a/config/schema.py b/config/schema.py
new file mode 100644
index 0000000..64c57d6
--- /dev/null
+++ b/config/schema.py
@@ -0,0 +1,68 @@
+#
+# Copyright (c) 2022 Pim van Pelt
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#     http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+### NOTE(pim): The source of truth of this string lives in ../schema.yaml
+###            Make sure to include it here, verbatim, if it ever changes.
+yamale_schema = r"""
+interfaces: map(include('interface'),key=str(),required=False)
+bondethernets: map(include('bondethernet'),key=str(matches='BondEthernet[0-9]+'),required=False)
+loopbacks: map(include('loopback'),key=str(matches='loop[0-9]+'),required=False)
+bridgedomains: map(include('bridgedomain'),key=str(matches='bd[0-9]+'),required=False)
+vxlan_tunnels: map(include('vxlan'),key=str(matches='vxlan_tunnel[0-9]+'),required=False)
+---
+vxlan:
+  description: str(exclude='\'"',len=64,required=False)
+  local: ip()
+  remote: ip()
+  vni: int(min=1,max=16777215)
+---
+bridgedomain:
+  description: str(exclude='\'"',len=64,required=False)
+  mtu: int(min=128,max=9216,required=False)
+  bvi: str(matches='loop[0-9]+',required=False)
+  interfaces: list(str(),required=False)
+---
+loopback:
+  description: str(exclude='\'"',len=64,required=False)
+  lcp: str(max=15,matches='[a-z]+[a-z0-9-]*',required=False)
+  mtu: int(min=128,max=9216,required=False)
+  addresses: list(ip_interface(),min=1,max=6,required=False)
+---
+bondethernet:
+  description: str(exclude='\'"',len=64,required=False)
+  interfaces: list(str(matches='.*GigabitEthernet[0-9]+/[0-9]+/[0-9]+'))
+---
+interface:
+  description: str(exclude='\'"',len=64,required=False)
+  mac: mac(required=False)
+  lcp: str(max=15,matches='[a-z]+[a-z0-9-]*',required=False)
+  mtu: int(min=128,max=9216,required=False)
+  addresses: list(ip_interface(),min=1,max=6,required=False)
+  sub-interfaces: map(include('sub-interface'),key=int(min=1,max=4294967295),required=False)
+  l2xc: str(required=False)
+---
+sub-interface:
+  description: str(exclude='\'"',len=64,required=False)
+  lcp: str(max=15,matches='[a-z]+[a-z0-9-]*',required=False)
+  mtu: int(min=128,max=9216,required=False)
+  addresses: list(ip_interface(),required=False)
+  encapsulation: include('encapsulation',required=False)
+  l2xc: str(required=False)
+---
+encapsulation:
+  dot1q: int(min=1,max=4095,required=False)
+  dot1ad: int(min=1,max=4095,required=False)
+  inner-dot1q: int(min=1,max=4095,required=False)
+  exact-match: bool(required=False)
+"""
diff --git a/schema.yaml b/schema.yaml
index 254f27d..995652a 100644
--- a/schema.yaml
+++ b/schema.yaml
@@ -1,3 +1,6 @@
+### NOTE(pim): This file is the source of truth for the Yamale schema validator.
+###            Make sure to copy this file into config/schema.py's yamale_schema
+###            when it is changed here.
 interfaces: map(include('interface'),key=str(),required=False)
 bondethernets: map(include('bondethernet'),key=str(matches='BondEthernet[0-9]+'),required=False)
 loopbacks: map(include('loopback'),key=str(matches='loop[0-9]+'),required=False)
diff --git a/vppcfg b/vppcfg
index 5e2226e..4d94a4b 100755
--- a/vppcfg
+++ b/vppcfg
@@ -36,18 +36,18 @@ def main():
 
     subparsers = parser.add_subparsers(dest='command')
     check_p = subparsers.add_parser('check', help="check given YAML config for validity (no VPP)")
-    check_p.add_argument('-s', '--schema', dest='schema', type=str, default='./schema.yaml', help="""YAML schema validation file""")
+    check_p.add_argument('-s', '--schema', dest='schema', type=str, help="""YAML schema validation file, default to use built-in""")
     check_p.add_argument('-c', '--config', dest='config', required=True, type=str, help="""YAML configuration file for vppcfg""")
 
     dump_p = subparsers.add_parser('dump', help="dump current running VPP configuration (VPP readonly)")
 
     plan_p = subparsers.add_parser('plan', help="plan changes from current VPP dataplane to target config (VPP readonly)")
-    plan_p.add_argument('-s', '--schema', dest='schema', type=str, default='./schema.yaml', help="""YAML schema validation file""")
+    plan_p.add_argument('-s', '--schema', dest='schema', type=str, help="""YAML schema validation file, default to use built-in""")
     plan_p.add_argument('-c', '--config', dest='config', required=True, type=str, help="""YAML configuration file for vppcfg""")
     plan_p.add_argument('-o', '--output', dest='outfile', required=False, default='-', type=str, help="""Output file for VPP CLI commands, default stdout""")
 
     apply_p = subparsers.add_parser('apply', help="apply changes from current VPP dataplane to target config")
-    apply_p.add_argument('-s', '--schema', dest='schema', type=str, default='./schema.yaml', help="""YAML schema validation file""")
+    apply_p.add_argument('-s', '--schema', dest='schema', type=str, help="""YAML schema validation file, default to use built-in""")
     apply_p.add_argument('-c', '--config', dest='config', required=True, type=str, help="""YAML configuration file for vppcfg""")
 
     args = parser.parse_args()