summaryrefslogtreecommitdiffstats
path: root/nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang
diff options
context:
space:
mode:
authorMarek Gradzki <mgradzki@cisco.com>2018-07-04 10:14:34 +0200
committerMarek Gradzki <mgradzki@cisco.com>2018-07-04 10:21:00 +0200
commit0461747b7d4e2c395a04501cddfa492c4f75ef7c (patch)
treed0561d57db12590a4697a46c0ba2c9d908eca3f6 /nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang
parent85cc9659e42eb637d25a0a456353149b63fcac93 (diff)
HC2VPP-367: update ietf-nat model from 2018-02-23 to 2018-06-28
The 2018-06-28 revision: - removes mandatory statement for limit-per-subscriber (previously commented out due to HC2VPP-328), - removes logging-enable leaf that was not supported by hc2vpp Change-Id: I36c2b05029331db03e37c016a31b32d6abf4ac06 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Diffstat (limited to 'nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang')
-rw-r--r--nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang2388
1 files changed, 0 insertions, 2388 deletions
diff --git a/nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang b/nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang
deleted file mode 100644
index 5eec4c609..000000000
--- a/nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang
+++ /dev/null
@@ -1,2388 +0,0 @@
-module ietf-nat {
- yang-version 1.1;
- namespace "urn:ietf:params:xml:ns:yang:ietf-nat";
- prefix "nat";
-
- import ietf-inet-types {
- prefix inet;
- reference
- "Section 4 of RFC 6991";
- }
-
- import ietf-yang-types {
- prefix yang;
- reference
- "Section 3 of RFC 6991";
- }
-
- import ietf-interfaces {
- prefix if;
- reference
- "RFC 8343: A YANG Data Model for Interface Management";
- }
-
- organization
- "IETF OPSAWG (Operations and Management Area Working Group)";
-
- contact
-
- "WG Web: <https://datatracker.ietf.org/wg/opsawg/>
- WG List: <mailto:opsawg@ietf.org>
-
- Editor: Mohamed Boucadair
- <mailto:mohamed.boucadair@orange.com>
-
- Editor: Senthil Sivakumar
- <mailto:ssenthil@cisco.com>
-
- Editor: Christian Jacquenet
- <mailto:christian.jacquenet@orange.com>
-
- Editor: Suresh Vinapamula
- <mailto:sureshk@juniper.net>
-
- Editor: Qin Wu
- <mailto:bill.wu@huawei.com>";
-
- description
- "This module is a YANG module for NAT implementations.
-
- NAT44, Network Address and Protocol Translation from IPv6
- Clients to IPv4 Servers (NAT64), Customer-side transLATor (CLAT),
- Stateless IP/ICMP Translation (SIIT), Explicit Address Mappings
- for Stateless IP/ICMP Translation (SIIT EAM), IPv6 Network
- Prefix Translation (NPTv6), and Destination NAT are covered.
-
- Copyright (c) 2018 IETF Trust and the persons identified as
- authors of the code. All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, is permitted pursuant to, and subject
- to the license terms contained in, the Simplified BSD License
- set forth in Section 4.c of the IETF Trust's Legal Provisions
- Relating to IETF Documents
- (http://trustee.ietf.org/license-info).
-
- This version of this YANG module is part of RFC XXXX; see
- the RFC itself for full legal notices.";
-
- revision 2018-02-23 {
- description
- "Initial revision.";
- reference
- "RFC XXXX: A YANG Module for Network Address Translation
- (NAT) and Network Prefix Translation (NPT)";
- }
-
- /*
- * Definitions
- */
-
- typedef percent {
- type uint8 {
- range "0 .. 100";
- }
- description
- "Percentage";
- }
-
- /*
- * Features
- */
-
- feature basic-nat44{
- description
- "Basic NAT44 translation is limited to IP addresses alone.";
- reference
- "RFC 3022: Traditional IP Network Address Translator
- (Traditional NAT)";
- }
-
- feature napt44 {
- description
- "Network Address/Port Translator (NAPT): translation is
- extended to include IP addresses and transport identifiers
- (such as a TCP/UDP port or ICMP query ID).
-
- If the internal IP address is not sufficient to uniquely
- disambiguate NAPT44 mappings, an additional attribute is
- required. For example, that additional attribute may
- be an IPv6 address (a.k.a., DS-Lite) or
- a Layer 2 identifier (a.k.a., Per-Interface NAT)";
- reference
- "RFC 3022: Traditional IP Network Address Translator
- (Traditional NAT)";
- }
-
- feature dst-nat {
- description
- "Destination NAT is a translation that acts on the destination
- IP address and/or destination port number. This flavor is
- usually deployed in load balancers or at devices
- in front of public servers.";
- }
-
- feature nat64 {
- description
- "NAT64 translation allows IPv6-only clients to contact IPv4
- servers using unicast UDP, TCP, or ICMP. One or more
- public IPv4 addresses assigned to a NAT64 translator are
- shared among several IPv6-only clients.";
- reference
- "RFC 6146: Stateful NAT64: Network Address and Protocol
- Translation from IPv6 Clients to IPv4 Servers";
- }
-
- feature siit {
- description
- "The Stateless IP/ICMP Translation Algorithm (SIIT), which
- translates between IPv4 and IPv6 packet headers (including
- ICMP headers).
-
- In the stateless mode, an IP/ICMP translator converts IPv4
- addresses to IPv6 and vice versa solely based on the
- configuration of the stateless IP/ICMP translator and
- information contained within the packet being translated.
-
- The translator must support the stateless address mapping
- algorithm defined in RFC6052, which is the default behavior.";
- reference
- "RFC 7915: IP/ICMP Translation Algorithm";
- }
-
- feature clat {
- description
- "CLAT is customer-side translator that algorithmically
- translates 1:1 private IPv4 addresses to global IPv6 addresses,
- and vice versa.
-
- When a dedicated /64 prefix is not available for translation
- from DHCPv6-PD, the CLAT may perform NAT44 for all IPv4 LAN
- packets so that all the LAN-originated IPv4 packets appear
- from a single IPv4 address and are then statelessly translated
- to one interface IPv6 address that is claimed by the CLAT via
- the Neighbor Discovery Protocol (NDP) and defended with
- Duplicate Address Detection.";
- reference
- "RFC 6877: 464XLAT: Combination of Stateful and Stateless
- Translation";
- }
-
- feature eam {
- description
- "Explicit Address Mapping (EAM) is a bidirectional coupling
- between an IPv4 Prefix and an IPv6 Prefix.";
- reference
- "RFC 7757: Explicit Address Mappings for Stateless IP/ICMP
- Translation";
- }
-
- feature nptv6 {
- description
- "NPTv6 is a stateless transport-agnostic IPv6-to-IPv6
- prefix translation.";
- reference
- "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";
- }
-
- /*
- * Identities
- */
-
- identity nat-type {
- description
- "Base identity for nat type.";
- }
-
- identity basic-nat44 {
- base nat:nat-type;
- description
- "Identity for Basic NAT support.";
- reference
- "RFC 3022: Traditional IP Network Address Translator
- (Traditional NAT)";
- }
-
- identity napt44 {
- base nat:nat-type;
- description
- "Identity for NAPT support.";
- reference
- "RFC 3022: Traditional IP Network Address Translator
- (Traditional NAT)";
- }
-
- identity dst-nat {
- base nat:nat-type;
- description
- "Identity for Destination NAT support.";
- }
-
- identity nat64 {
- base nat:nat-type;
- description
- "Identity for NAT64 support.";
- reference
- "RFC 6146: Stateful NAT64: Network Address and Protocol
- Translation from IPv6 Clients to IPv4 Servers";
- }
-
- identity siit {
- base nat:nat-type;
- description
- "Identity for SIIT support.";
- reference
- "RFC 7915: IP/ICMP Translation Algorithm";
- }
-
- identity clat {
- base nat:nat-type;
- description
- "Identity for CLAT support.";
- reference
- "RFC 6877: 464XLAT: Combination of Stateful and Stateless
- Translation";
- }
-
- identity eam {
- base nat:nat-type;
- description
- "Identity for EAM support.";
- reference
- "RFC 7757: Explicit Address Mappings for Stateless IP/ICMP
- Translation";
- }
-
- identity nptv6 {
- base nat:nat-type;
- description
- "Identity for NPTv6 support.";
- reference
- "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";
- }
-
- /*
- * Grouping
- */
-
- grouping port-number {
- description
- "Individual port or a range of ports.
- When only start-port-number is present,
- it represents a single port number.";
-
- leaf start-port-number {
- type inet:port-number;
- description
- "Beginning of the port range.";
- reference
- "Section 3.2.9 of RFC 8045.";
- }
-
- leaf end-port-number {
- type inet:port-number;
-
- must ". >= ../start-port-number"
- {
- error-message
- "The end-port-number must be greater than or
- equal to start-port-number.";
- }
- description
- "End of the port range.";
- reference
- "Section 3.2.10 of RFC 8045.";
- }
- }
-
- grouping port-set {
- description
- "Indicates a set of ports.
-
- It may be a simple port range, or use the Port Set ID (PSID)
- algorithm to represent a range of transport layer
- ports which will be used by a NAPT.";
-
- choice port-type {
- default port-range;
- description
- "Port type: port-range or port-set-algo.";
- case port-range {
- uses port-number;
- }
-
- case port-set-algo {
- leaf psid-offset {
- type uint8 {
- range 0..15;
- }
-
- description
- "The number of offset bits (a.k.a., 'a' bits).
-
- Specifies the numeric value for the excluded port
- range/offset bits.
-
- Allowed values are between 0 and 15 ";
-
- reference
- "Section 5.1 of RFC 7597";
- }
-
- leaf psid-len {
- type uint8 {
- range 0..15;
- }
- mandatory true;
-
- description
- "The length of PSID, representing the sharing
- ratio for an IPv4 address.
-
- (also known as 'k').
-
- The address-sharing ratio would be 2^k.";
- reference
- "Section 5.1 of RFC 7597";
- }
-
- leaf psid {
- type uint16;
- mandatory true;
- description
- "Port Set Identifier (PSID) value, which
- identifies a set of ports algorithmically.";
- reference
- "Section 5.1 of RFC 7597";
- }
- }
- reference
- "Section 7597: Mapping of Address and Port with
- Encapsulation (MAP-E)";
- }
- }
-
- grouping mapping-entry {
- description
- "NAT mapping entry.
-
- If an attribute is not stored in the mapping/session table,
- this means the corresponding fields of a packet that
- matches this entry is not rewritten by the NAT or this
- information is not required for NAT filtering purposes.";
-
- leaf index {
- type uint32;
- description
- "A unique identifier of a mapping entry. This identifier can be
- automatically assigned by the NAT instance or be explicitly
- configured.";
- }
-
- leaf type {
- type enumeration {
- enum "static" {
- description
- "The mapping entry is explicitly configured
- (e.g., via command-line interface).";
- }
-
- enum "dynamic-implicit" {
- description
- "This mapping is created implicitly as a side effect
- of processing a packet that requires a new mapping.";
-
- }
-
- enum "dynamic-explicit" {
- description
- "This mapping is created as a result of an explicit
- request, e.g., a PCP message.";
-
- }
- }
- description
- "Indicates the type of a mapping entry. E.g.,
- a mapping can be: static, implicit dynamic
- or explicit dynamic.";
- }
-
- leaf transport-protocol {
- type uint8;
- description
- "Upper-layer protocol associated with this mapping.
- Values are taken from the IANA protocol registry.
- For example, this field contains 6 (TCP) for a TCP
- mapping or 17 (UDP) for a UDP mapping.
-
- If this leaf is not instantiated, then the mapping
- applies to any protocol.";
- }
-
- leaf internal-src-address {
- type inet:ip-prefix;
- description
- "Corresponds to the source IPv4/IPv6 address/prefix
- of the packet received on an internal
- interface.";
- }
-
- container internal-src-port {
- description
- "Corresponds to the source port of the packet received
- on an internal interface.
-
- It is used also to indicate the internal source ICMP
- identifier.
-
- As a reminder, all the ICMP Query messages contain
- an 'Identifier' field, which is referred to in this
- document as the 'ICMP Identifier'.";
-
- uses port-number;
- }
-
- leaf external-src-address {
- type inet:ip-prefix;
- description
- "Source IP address/prefix of the packet sent on an
- external interface of the NAT.";
- }
-
- container external-src-port {
- description
- "Source port of the packet sent on an external
- interface of the NAT.
- It is used also to indicate the external source ICMP
- identifier.";
-
- uses port-number;
- }
-
- leaf internal-dst-address {
- type inet:ip-prefix;
- description
- "Corresponds to the destination IP address/prefix
- of the packet received on an internal interface
- of the NAT.
-
- For example, some NAT implementations support
- the translation of both source and destination
- addresses and ports, sometimes referred to
- as 'Twice NAT'.";
- }
-
- container internal-dst-port {
- description
- "Corresponds to the destination port of the
- IP packet received on the internal interface.
-
- It is used also to include the internal
- destination ICMP identifier.";
-
- uses port-number;
- }
-
- leaf external-dst-address {
- type inet:ip-prefix;
- description
- "Corresponds to the destination IP address/prefix
- of the packet sent on an external interface
- of the NAT.";
- }
-
- container external-dst-port {
- description
- "Corresponds to the destination port number of
- the packet sent on the external interface
- of the NAT.
-
- It is used also to include the external
- destination ICMP identifier.";
-
- uses port-number;
- }
-
- leaf lifetime {
- type uint32;
- units "seconds";
- description
- "When specified, it is used to track the connection that is
- fully-formed (e.g., once the three-way handshake
- TCP is completed) or the duration for maintaining
- an explicit mapping alive. The mapping entry will be
- removed by the NAT instance once this lifetime is expired.
-
- When reported in a get operation, the lifetime indicates
- the remaining validity lifetime.
-
- Static mappings may not be associated with a
- lifetime. If no lifetime is associated with a
- static mapping, an explicit action is required to
- remove that mapping.";
- }
- }
-
- /*
- * NAT Module
- */
-
- container nat {
- description
- "NAT module";
-
- container instances {
- description
- "NAT instances";
-
- list instance {
- key "id";
-
- description
- "A NAT instance. This identifier can be automatically assigned
- or explicitly configured.";
-
- leaf id {
- type uint32;
- must ". >= 1";
- description
- "NAT instance identifier.
-
- The identifier must be greater than zero.";
- reference
- "RFC 7659: Definitions of Managed Objects for Network
- Address Translators (NATs)";
- }
-
- leaf name {
- type string;
- description
- "A name associated with the NAT instance.";
- reference
- "RFC 7659: Definitions of Managed Objects for Network
- Address Translators (NATs)";
- }
-
- leaf enable {
- type boolean;
- description
- "Status of the NAT instance.";
- }
-
- container capabilities {
- config false;
-
- description
- "NAT capabilities";
-
- leaf-list nat-flavor {
- type identityref {
- base nat-type;
- }
- description
- "Supported translation type(s).";
- }
-
- leaf-list per-interface-binding {
- type enumeration {
- enum "unsupported" {
- description
- "No capability to associate a NAT binding with
- an extra identifier.";
- }
-
- enum "layer-2" {
- description
- "The NAT instance is able to associate a mapping with
- a layer-2 identifier.";
- }
-
- enum "dslite" {
- description
- "The NAT instance is able to associate a mapping with
- an IPv6 address (a.k.a., DS-Lite).";
- }
- }
- description
- "Indicates the capability of a NAT to associate a particular
- NAT session not only with the five tuples used for the
- transport connection on both sides of the NAT but also with
- the internal interface on which the user device is
- connected to the NAT.";
- reference
- "Section 4 of RFC 6619";
- }
-
- list transport-protocols {
- key protocol-id;
-
- description
- "List of supported protocols.";
-
- leaf protocol-id {
- type uint8;
- mandatory true;
- description
- "Upper-layer protocol associated with this mapping.
-
- Values are taken from the IANA protocol registry:
- https://www.iana.org/assignments/protocol-numbers/
- protocol-numbers.xhtml
-
- For example, this field contains 6 (TCP) for a TCP
- mapping or 17 (UDP) for a UDP mapping.";
- }
-
- leaf protocol-name {
- type string;
- description
- "The name of the Upper-layer protocol associated
- with this mapping.
-
- Values are taken from the IANA protocol registry:
- https://www.iana.org/assignments/protocol-numbers/
- protocol-numbers.xhtml
-
- For example, TCP, UDP, DCCP, and SCTP.";
- }
- }
-
- leaf restricted-port-support {
- type boolean;
- description
- "Indicates source port NAT restriction support.";
- reference
- "RFC 7596: Lightweight 4over6: An Extension to
- the Dual-Stack Lite Architecture.";
- }
-
- leaf static-mapping-support {
- type boolean;
- description
- "Indicates whether static mappings are supported.";
- }
-
- leaf port-randomization-support {
- type boolean;
- description
- "Indicates whether port randomization is supported.";
- reference
- "Section 4.2.1 of RFC 4787.";
- }
-
- leaf port-range-allocation-support {
- type boolean;
- description
- "Indicates whether port range allocation is supported.";
- reference
- "Section 1.1 of RFC 7753.";
- }
-
- leaf port-preservation-suport {
- type boolean;
- description
- "Indicates whether port preservation is supported.";
- reference
- "Section 4.2.1 of RFC 4787.";
- }
-
- leaf port-parity-preservation-support {
- type boolean;
- description
- "Indicates whether port parity preservation is
- supported.";
- reference
- "Section 8 of RFC 7857.";
- }
-
- leaf address-roundrobin-support {
- type boolean;
- description
- "Indicates whether address allocation round robin is
- supported.";
- }
-
- leaf paired-address-pooling-support {
- type boolean;
- description
- "Indicates whether paired-address-pooling is
- supported";
- reference
- "REQ-2 of RFC 4787.";
- }
-
- leaf endpoint-independent-mapping-support {
- type boolean;
- description
- "Indicates whether endpoint-independent-
- mapping is supported.";
- reference
- "Section 4 of RFC 4787.";
- }
-
- leaf address-dependent-mapping-support {
- type boolean;
- description
- "Indicates whether address-dependent-mapping is
- supported.";
- reference
- "Section 4 of RFC 4787.";
- }
-
- leaf address-and-port-dependent-mapping-support {
- type boolean;
- description
- "Indicates whether address-and-port-dependent-mapping is
- supported.";
- reference
- "Section 4 of RFC 4787.";
- }
-
- leaf endpoint-independent-filtering-support {
- type boolean;
- description
- "Indicates whether endpoint-independent-filtering is
- supported.";
- reference
- "Section 5 of RFC 4787.";
- }
-
- leaf address-dependent-filtering {
- type boolean;
- description
- "Indicates whether address-dependent-filtering is
- supported.";
- reference
- "Section 5 of RFC 4787.";
- }
-
- leaf address-and-port-dependent-filtering {
- type boolean;
- description
- "Indicates whether address-and-port-dependent is
- supported.";
- reference
- "Section 5 of RFC 4787.";
- }
-
- leaf fragment-behavior {
- type enumeration {
- enum "unsupported" {
- description
- "No capability to translate incoming fragments.
- All received fragments are dropped.";
- }
-
- enum "in-order" {
- description
- "The NAT instance is able to translate fragments only if
- they are received in order. That is, in particular the
- header is in the first packet. Fragments received
- out of order are dropped. ";
- }
-
- enum "out-of-order" {
- description
- "The NAT instance is able to translate a fragment even
- if it is received out of order.
-
- This behavior is recommended.";
- reference
- "REQ-14 of RFC 4787";
- }
- }
- description
- "The fragment behavior is the NAT instance's capability to
- translate fragments received on the external interface of
- the NAT.";
- }
- }
-
- leaf type {
- type identityref {
- base nat-type;
- }
- description
- "Specify the translation type. Particularly useful when
- multiple translation flavors are supported.
-
- If one type is supported by a NAT, this parameter is by
- default set to that type.";
- }
-
- leaf per-interface-binding {
- type enumeration {
- enum "disabled" {
- description
- "Disable the capability to associate an extra identifier
- with NAT mappings.";
- }
-
- enum "layer-2" {
- description
- "The NAT instance is able to associate a mapping with
- a layer-2 identifier.";
- }
-
- enum "dslite" {
- description
- "The NAT instance is able to associate a mapping with
- an IPv6 address (a.k.a., DS-Lite).";
- }
- }
- description
- "A NAT that associates a particular NAT session not only with
- the five tuples used for the transport connection on both
- sides of the NAT but also with the internal interface on
- which the user device is connected to the NAT.
-
- If supported, this mode of operation should be configurable,
- and it should be disabled by default in general-purpose NAT
- devices.
-
- If one single per-interface binding behavior is supported by
- a NAT, this parameter is by default set to that behavior.";
- reference
- "Section 4 of RFC 6619";
- }
-
- list nat-pass-through {
- if-feature "basic-nat44 or napt44 or dst-nat";
- key id;
-
- description
- "IP prefix NAT pass through.";
-
- leaf id {
- type uint32;
- description
- "An identifier of the IP prefix pass through.";
- }
-
- leaf prefix {
- type inet:ip-prefix;
- mandatory true;
- description
- "The IP addresses that match should not be translated.
-
- It must be possible to administratively turn
- off translation for specific destination addresses
- and/or ports.";
- reference
- "REQ#6 of RFC 6888.";
- }
-
- leaf port {
- type inet:port-number;
- description
- "It must be possible to administratively turn off
- translation for specific destination addresses
- and/or ports.
-
- If no prefix is defined, the NAT pass through bound
- to a given port applies for any destination address.";
- reference
- "REQ#6 of RFC 6888.";
- }
- }
-
- list policy {
- key id;
- description
- "NAT parameters for a given instance";
-
- leaf id {
- type uint32;
- description
- "An identifier of the NAT policy. It must be unique
- within the NAT instance.";
- }
-
- container clat-parameters {
- if-feature clat;
- description
- "CLAT parameters.";
-
- list clat-ipv6-prefixes {
- key ipv6-prefix;
- description
- "464XLAT double translation treatment is stateless when a
- dedicated /64 is available for translation on the CLAT.
- Otherwise, the CLAT will have both stateful and stateless
- since it requires NAT44 from the LAN to a single IPv4
- address and then stateless translation to a single
- IPv6 address.";
- reference
- "RFC 6877: 464XLAT: Combination of Stateful and Stateless
- Translation";
-
- leaf ipv6-prefix {
- type inet:ipv6-prefix;
- description
- "An IPv6 prefix used for CLAT.";
- }
- }
-
- list ipv4-prefixes {
- key ipv4-prefix;
- description
- "Pool of IPv4 addresses used for CLAT.
- 192.0.0.0/29 is the IPv4 service continuity prefix.";
- reference
- "RFC 7335: IPv4 Service Continuity Prefix";
-
- leaf ipv4-prefix {
- type inet:ipv4-prefix;
- description
- "464XLAT double translation treatment is
- stateless when a dedicated /64 is available
- for translation on the CLAT. Otherwise, the
- CLAT will have both stateful and stateless
- since it requires NAT44 from the LAN to
- a single IPv4 address and then stateless
- translation to a single IPv6 address.
- The CLAT performs NAT44 for all IPv4 LAN
- packets so that all the LAN-originated IPv4
- packets appear from a single IPv4 address
- and are then statelessly translated to one
- interface IPv6 address that is claimed by
- the CLAT.
-
- An IPv4 address from this pool is also
- provided to an application that makes
- use of literals.";
-
- reference
- "RFC 6877: 464XLAT: Combination of Stateful and Stateless
- Translation";
- }
- }
- }
-
- list nptv6-prefixes {
- if-feature nptv6;
- key internal-ipv6-prefix ;
- description
- "Provides one or a list of (internal IPv6 prefix,
- external IPv6 prefix) required for NPTv6.
-
- In its simplest form, NPTv6 interconnects two network
- links, one of which is an 'internal' network link
- attached to a leaf network within a single
- administrative domain and the other of which is an
- 'external' network with connectivity to the global
- Internet.";
- reference
- "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";
-
- leaf internal-ipv6-prefix {
- type inet:ipv6-prefix;
- mandatory true;
- description
- "An IPv6 prefix used by an internal interface of NPTv6.";
- reference
- "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";
- }
-
- leaf external-ipv6-prefix {
- type inet:ipv6-prefix;
- mandatory true;
- description
- "An IPv6 prefix used by the external interface of NPTv6.";
- reference
- "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";
- }
- }
-
- list eam {
- if-feature eam;
- key ipv4-prefix;
- description
- "The Explicit Address Mapping Table, a conceptual
- table in which each row represents an EAM.
-
- Each EAM describes a mapping between IPv4 and IPv6
- prefixes/addresses.";
- reference
- "Section 3.1 of RFC 7757.";
-
- leaf ipv4-prefix {
- type inet:ipv4-prefix;
- mandatory true;
- description
- "The IPv4 prefix of an EAM.";
- reference
- "Section 3.2 of RFC 7757.";
- }
-
- leaf ipv6-prefix {
- type inet:ipv6-prefix;
- mandatory true;
- description
- "The IPv6 prefix of an EAM.";
- reference
- "Section 3.2 of RFC 7757.";
- }
- }
-
- list nat64-prefixes {
- if-feature "siit or nat64 or clat";
- key nat64-prefix;
- description
- "Provides one or a list of NAT64 prefixes
- with or without a list of destination IPv4 prefixes.
- It allows mapping IPv4 address ranges to IPv6 prefixes.
-
- For example:
- 192.0.2.0/24 is mapped to 2001:db8:122:300::/56.
- 198.51.100.0/24 is mapped to 2001:db8:122::/48.";
- reference
- "Section 5.1 of RFC 7050.";
-
- leaf nat64-prefix {
- type inet:ipv6-prefix;
- mandatory true;
- description
- "A NAT64 prefix. Can be Network-Specific Prefix (NSP) or
- Well-Known Prefix (WKP).
-
- Organizations deploying stateless IPv4/IPv6 translation
- should assign a Network-Specific Prefix to their
- IPv4/IPv6 translation service.
-
- For stateless NAT64, IPv4-translatable IPv6 addresses
- must use the selected Network-Specific Prefix.
-
- Both IPv4-translatable IPv6 addresses and IPv4-converted
- IPv6 addresses should use the same prefix.";
- reference
- "Sections 3.3 and 3.4 of RFC 6052.";
- }
-
- list destination-ipv4-prefix {
- key ipv4-prefix;
- description
- "An IPv4 prefix/address.";
-
- leaf ipv4-prefix {
- type inet:ipv4-prefix;
- description
- "An IPv4 address/prefix.";
- }
- }
-
- leaf stateless-enable {
- type boolean;
- default false;
- description
- "Enable explicitly stateless NAT64.";
- }
- }
-
- list external-ip-address-pool {
- if-feature "basic-nat44 or napt44 or nat64";
- key pool-id;
-
- description
- "Pool of external IP addresses used to service internal
- hosts.
-
- A pool is a set of IP prefixes.";
-
- leaf pool-id {
- type uint32;
- must ". >= 1";
- description
- "An identifier that uniquely identifies the address pool
- within a NAT instance.
-
- The identifier must be greater than zero.";
- reference
- "RFC 7659: Definitions of Managed Objects for
- Network Address Translators (NATs)";
- }
-
- leaf external-ip-pool {
- type inet:ipv4-prefix;
- mandatory true;
- description
- "An IPv4 prefix used for NAT purposes.";
- }
- }
-
- container port-set-restrict {
- if-feature "napt44 or nat64";
- description
- "Configures contiguous and non-contiguous port ranges.
-
- The port set is used to restrict the external source
- port numbers used by the translator.";
-
- uses port-set;
- }
-
- leaf dst-nat-enable {
- if-feature "basic-nat44 or napt44";
- type boolean;
- default false;
- description
- "Enable/Disable destination NAT.
- A NAT44 may be configured to enable Destination
- NAT, too.";
- }
-
- list dst-ip-address-pool {
- if-feature dst-nat;
- key pool-id;
- description
- "Pool of IP addresses used for destination NAT.";
-
- leaf pool-id {
- type uint32;
- description
- "An identifier of the address pool.";
- }
-
- leaf dst-in-ip-pool {
- type inet:ip-prefix;
- description
- "Is used to identify an internal destination
- IP prefix/address to be translated.";
- }
-
- leaf dst-out-ip-pool {
- type inet:ip-prefix;
- mandatory true;
- description
- "IP address/prefix used for destination NAT.";
- }
- }
-
- list transport-protocols {
- if-feature "napt44 or nat64 or dst-nat";
- key protocol-id;
-
- description
- "Configure the transport protocols to be handled by
- the translator.
-
- TCP and UDP are supported by default.";
-
- leaf protocol-id {
- type uint8;
- mandatory true;
- description
- "Upper-layer protocol associated with this mapping.
-
- Values are taken from the IANA protocol registry:
- https://www.iana.org/assignments/protocol-numbers/
- protocol-numbers.xhtml
-
- For example, this field contains 6 (TCP) for a TCP
- mapping or 17 (UDP) for a UDP mapping.";
- }
-
- leaf protocol-name {
- type string;
- description
- "The name of the Upper-layer protocol associated
- with this mapping.
-
- Values are taken from the IANA protocol registry:
- https://www.iana.org/assignments/protocol-numbers/
- protocol-numbers.xhtml
-
- For example, TCP, UDP, DCCP, and SCTP.";
- }
- }
-
- leaf subscriber-mask-v6 {
- type uint8 {
- range "0 .. 128";
- }
-
- description
- "The subscriber mask is an integer that indicates
- the length of significant bits to be applied on
- the source IPv6 address (internal side) to
- unambiguously identify a user device (e.g., CPE).
-
- Subscriber mask is a system-wide configuration
- parameter that is used to enforce generic
- per-subscriber policies (e.g., port-quota).
-
- The enforcement of these generic policies does not
- require the configuration of every subscriber's
- prefix.
-
- Example: suppose the 2001:db8:100:100::/56 prefix
- is assigned to a NAT64 serviced CPE. Suppose also
- that 2001:db8:100:100::1 is the IPv6 address used
- by the client that resides in that CPE. When the
- NAT64 receives a packet from this client,
- it applies the subscriber-mask-v6 (e.g., 56) on
- the source IPv6 address to compute the associated
- prefix for this client (2001:db8:100:100::/56).
- Then, the NAT64 enforces policies based on that
- prefix (2001:db8:100:100::/56), not on the exact
- source IPv6 address.";
- }
-
- list subscriber-match {
- if-feature "basic-nat44 or napt44 or dst-nat";
- key match-id;
-
- description
- "IP prefix match.
- A subscriber is identified by a subnet.";
-
- leaf match-id {
- type uint32;
- description
- "An identifier of the subscriber match.";
- }
-
- leaf subnet {
- type inet:ip-prefix;
- mandatory true;
- description
- "The IP address subnets that match
- should be translated. E.g., all addresses
- that belong to the 192.0.2.0/24 prefix must
- be processed by the NAT.";
- }
- }
-
- leaf address-allocation-type {
- type enumeration {
- enum "arbitrary" {
- if-feature "basic-nat44 or napt44 or nat64";
- description
- "Arbitrary pooling behavior means that the NAT
- instance may create the new port mapping using any
- address in the pool that has a free port for the
- protocol concerned.";
- }
-
- enum "roundrobin" {
- if-feature "basic-nat44 or napt44 or nat64";
- description
- "Round robin allocation.";
- }
-
- enum "paired" {
- if-feature "napt44 or nat64";
- description
- "Paired address pooling informs the NAT
- that all the flows from an internal IP
- address must be assigned the same external
- address. This is the recommended behavior for
- NAPT/NAT64.";
- reference
- "RFC 4787: Network Address Translation (NAT)
- Behavioral Requirements for Unicast UDP";
- }
- }
- description
- "Specifies how external IP addresses are allocated.";
- }
-
- leaf port-allocation-type {
- if-feature "napt44 or nat64";
- type enumeration {
- enum "random" {
- description
- "Port randomization is enabled. A NAT port allocation
- scheme should make it hard for attackers to guess
- port numbers";
- reference
- "REQ-15 of RFC 6888";
- }
-
- enum "port-preservation" {
- description
- "Indicates whether the NAT should preserve the internal
- port number.";
- }
-
- enum "port-parity-preservation" {
- description
- "Indicates whether the NAT should preserve the port
- parity of the internal port number.";
- }
-
- enum "port-range-allocation" {
- description
- "Indicates whether the NAT assigns a range of ports
- for an internal host. This scheme allows to minimize
- log volume.";
- reference
- "REQ-14 of RFC 6888";
- }
- }
- description
- "Indicates the type of port allocation.";
- }
-
- leaf mapping-type {
- if-feature "napt44 or nat64";
- type enumeration {
- enum "eim" {
- description
- "endpoint-independent-mapping.";
- reference
- "Section 4 of RFC 4787.";
- }
-
- enum "adm" {
- description
- "address-dependent-mapping.";
- reference
- "Section 4 of RFC 4787.";
- }
-
- enum "edm" {
- description
- "address-and-port-dependent-mapping.";
- reference
- "Section 4 of RFC 4787.";
- }
- }
- description
- "Indicates the type of a NAT mapping.";
- }
-
- leaf filtering-type {
- if-feature "napt44 or nat64";
- type enumeration {
- enum "eif" {
- description
- "endpoint-independent-filtering.";
- reference
- "Section 5 of RFC 4787.";
- }
-
- enum "adf" {
- description
- "address-dependent-filtering.";
- reference
- "Section 5 of RFC 4787.";
- }
-
- enum "edf" {
- description
- "address-and-port-dependent-filtering";
- reference
- "Section 5 of RFC 4787.";
- }
- }
- description
- "Indicates the type of a NAT filtering.";
- }
-
- leaf fragment-behavior {
- if-feature "napt44 or nat64";
- type enumeration {
- enum "drop-all" {
- description
- "All received fragments are dropped.";
- }
-
- enum "in-order" {
- description
- "Translate fragments only if they are received
- in order.";
- }
-
- enum "out-of-order" {
- description
- "Translate a fragment even if it is received out
- of order.
-
- This behavior is recommended.";
- reference
- "REQ-14 of RFC 4787";
- }
- }
- description
- "The fragment behavior instructs the NAT about the
- behavior to follow to translate fragments received
- on the external interface of the NAT.";
- }
-
- list port-quota {
- if-feature "napt44 or nat64";
- key quota-type;
- description
- "Configures a port quota to be assigned per subscriber.
- It corresponds to the maximum number of ports to be
- used by a subscriber.";
-
- leaf port-limit {
- type uint16;
- description
- "Configures a port quota to be assigned per subscriber.
- It corresponds to the maximum number of ports to be
- used by a subscriber.";
- reference
- "REQ-4 of RFC 6888.";
- }
-
- leaf quota-type {
- type uint8;
- description
- "Indicates whether the port quota applies to
- all protocols (0) or to a specific protocol.";
- }
- }
-
- container port-set {
-
- when "../port-allocation-type = 'port-range-allocation'";
-
- if-feature "napt44 or nat64";
- description
- "Manages port-set assignments.";
-
- leaf port-set-size {
- type uint16;
- // TODO(HC2VPP-328)
- // mandatory true;
- description
- "Indicates the size of assigned port sets.";
- }
-
- leaf port-set-timeout {
- type uint32;
- units "seconds";
- description
- "inactivity timeout for port sets.";
- }
- }
-
- container timers {
- if-feature "napt44 or nat64";
- description
- "Configure values of various timeouts.";
-
- leaf udp-timeout {
- type uint32;
- units "seconds";
- default 300;
- description
- "UDP inactivity timeout. That is the time a mapping
- will stay active without packets traversing the NAT.";
- reference
- "RFC 4787: Network Address Translation (NAT)
- Behavioral Requirements for Unicast UDP";
- }
-
- leaf tcp-idle-timeout {
- type uint32;
- units "seconds";
- default 7440;
- description
- "TCP Idle timeout should be 2 hours and 4 minutes.";
- reference
- "RFC 5382: NAT Behavioral Requirements for TCP";
- }
-
- leaf tcp-trans-open-timeout {
- type uint32;
- units "seconds";
- default 240;
- description
- "The value of the transitory open connection
- idle-timeout.
-
- A NAT should provide different configurable
- parameters for configuring the open and
- closing idle timeouts.
-
- To accommodate deployments that consider
- a partially open timeout of 4 minutes as being
- excessive from a security standpoint, a NAT may
- allow the configured timeout to be less than
- 4 minutes.
-
- However, a minimum default transitory connection
- idle-timeout of 4 minutes is recommended.";
- reference
- "Section 2.1 of RFC 7857.";
- }
-
- leaf tcp-trans-close-timeout {
- type uint32;
- units "seconds";
- default 240;
- description
- "The value of the transitory close connection
- idle-timeout.
-
- A NAT should provide different configurable
- parameters for configuring the open and
- closing idle timeouts.";
- reference
- "Section 2.1 of RFC 7857.";
- }
-
- leaf tcp-in-syn-timeout {
- type uint32;
- units "seconds";
- default 6;
- description
- "A NAT must not respond to an unsolicited
- inbound SYN packet for at least 6 seconds
- after the packet is received. If during
- this interval the NAT receives and translates
- an outbound SYN for the connection the NAT
- must silently drop the original unsolicited
- inbound SYN packet.";
- reference
- "RFC 5382 NAT Behavioral Requirements for TCP";
- }
-
- leaf fragment-min-timeout {
- when "../../fragment-behavior='out-of-order'";
- type uint32;
- units "seconds";
- default 2;
- description
- "As long as the NAT has available resources,
- the NAT allows the fragments to arrive
- over fragment-min-timeout interval.
- The default value is inspired from RFC6146.";
- }
-
- leaf icmp-timeout {
- type uint32;
- units "seconds";
- default 60;
- description
- "An ICMP Query session timer must not expire
- in less than 60 seconds. It is recommended
- that the ICMP Query session timer be made
- configurable";
- reference
- "RFC 5508: NAT Behavioral Requirements for ICMP";
- }
-
- list per-port-timeout {
- key port-number;
- description
- "Some NATs are configurable with short timeouts
- for some ports, e.g., as 10 seconds on
- port 53 (DNS) and 123 (NTP) and longer timeouts
- on other ports.";
-
- leaf port-number {
- type inet:port-number;
- description
- "A port number.";
- }
-
- leaf timeout {
- type uint32;
- units "seconds";
- mandatory true;
- description
- "Timeout for this port number";
- }
- }
-
- leaf hold-down-timeout {
- type uint32;
- units "seconds";
- default 120;
- description
- "Hold down timer.
-
- Ports in the hold down pool are not reassigned until
- hold-down-timeout expires.
-
- The length of time and the maximum number of ports in
- this state must be configurable by the administrator.
-
- This is necessary in order to prevent collisions
- between old and new mappings and sessions. It ensures
- that all established sessions are broken instead of
- redirected to a different peer.";
- reference
- "REQ#8 of RFC 6888.";
- }
-
- leaf hold-down-max {
- type uint32;
- description
- "Maximum ports in the Hold down timer pool.
-
- Ports in the hold down pool are not reassigned
- until hold-down-timeout expires.
-
- The length of time and the maximum
- number of ports in this state must be
- configurable by the administrator.
- This is necessary in order
- to prevent collisions between old
- and new mappings and sessions. It ensures
- that all established sessions are broken
- instead of redirected to a different peer.";
- reference
- "REQ#8 of RFC 6888.";
- }
- }
-
- leaf fragments-limit{
- when "../fragment-behavior='out-of-order'";
- type uint32;
- description
- "Limits the number of out of order fragments that can
- be handled.";
- reference
- "Section 11 of RFC 4787.";
- }
-
- list algs {
- key name;
- description
- "ALG-related features.";
-
- leaf name {
- type string;
- description
- "The name of the ALG.";
- }
-
- leaf transport-protocol {
- type uint32;
- description
- "The transport protocol used by the ALG
- (e.g., TCP, UDP).";
- }
-
- container dst-transport-port {
- uses port-number;
- description
- "The destination port number(s) used by the ALG.
- For example,
- - 21 for the FTP ALG
- - 53 for the DNS ALG.";
- }
-
- container src-transport-port {
- uses port-number;
- description
- "The source port number(s) used by the ALG.";
- }
-
- leaf status {
- type boolean;
- description
- "Enable/disable the ALG.";
- }
- }
-
- leaf all-algs-enable {
- type boolean;
- description
- "Enable/disable all ALGs.
-
- When specified, this parameter overrides the one
- that may be indicated, eventually, by the 'status'
- of an individual ALG.";
- }
-
- container notify-pool-usage {
- if-feature "basic-nat44 or napt44 or nat64";
- description
- "Notification of pool usage when certain criteria
- are met.";
-
- leaf pool-id {
- type uint32;
- description
- "Pool-ID for which the notification criteria
- is defined";
- }
-
- leaf high-threshold {
- type percent;
- description
- "Notification must be generated when the defined high
- threshold is reached.
-
- For example, if a notification is required when the
- pool utilization reaches 90%, this configuration
- parameter must be set to 90.
-
- 0% indicates that no high threshold is enabled.";
- }
-
- leaf low-threshold {
- type percent;
- must ". >= ../high-threshold" {
- error-message
- "The upper port number must be greater than or
- equal to lower port number.";
- }
- description
- "Notification must be generated when the defined low
- threshold is reached.
-
- For example, if a notification is required when the
- pool utilization reaches below 10%, this
- configuration parameter must be set to 10";
- }
-
- leaf notify-interval {
- type uint32 {
- range "1 .. 3600";
- }
- units "seconds";
- default '20';
- description
- "Minimum number of seconds between successive
- notifications for this pool.";
-
- reference
- "RFC 7659: Definitions of Managed Objects for
- Network Address Translators (NATs)";
- }
- }
-
- container external-realm {
- description
- "Identifies the external realm of the NAT instance.";
-
- choice realm-type {
- description
- "Can be an interface, VRF instance, etc.";
-
- case interface {
- description
- "External interface.";
-
- leaf external-interface {
- type if:interface-ref;
- description
- "Name of the external interface.";
- }
- }
- }
- }
- }
-
- container mapping-limits {
- if-feature "napt44 or nat64";
- description
- "Information about the configuration parameters that
- limits the mappings based upon various criteria.";
-
- leaf limit-subscribers {
- type uint32;
- description
- "Maximum number of subscribers that can be serviced
- by a NAT instance.
-
- A subscriber is identified by a given prefix.";
- reference
- "RFC 7659: Definitions of Managed Objects for
- Network Address Translators (NATs)";
- }
-
- leaf limit-address-mappings {
- type uint32;
- description
- "Maximum number of address mappings that can be
- handled by a NAT instance.
-
- When this limit is reached, packets that would
- normally trigger translation, will be dropped.";
- reference
- "RFC 7659: Definitions of Managed Objects
- for Network Address Translators
- (NATs)";
- }
-
- leaf limit-port-mappings {
- type uint32;
- description
- "Maximum number of port mappings that can be handled
- by a NAT instance.
-
- When this limit is reached, packets that would
- normally trigger translation, will be dropped.";
- reference
- "RFC 7659: Definitions of Managed Objects for
- Network Address Translators (NATs)";
- }
-
- list limit-per-protocol {
- if-feature "napt44 or nat64 or dst-nat";
- key protocol-id;
-
- description
- "Configure limits per transport protocol";
-
- leaf protocol-id {
- type uint8;
- mandatory true;
- description
- "Upper-layer protocol associated with this mapping.
-
- Values are taken from the IANA protocol registry:
- https://www.iana.org/assignments/protocol-numbers/
- protocol-numbers.xhtml
-
- For example, this field contains 6 (TCP) for a TCP
- mapping or 17 (UDP) for a UDP mapping.";
- }
-
- leaf limit {
- type uint32;
- description
- "Maximum number of protocol-specific NAT mappings
- per instance.";
- }
- }
- }
-
- container connection-limits {
- if-feature "basic-nat44 or napt44 or nat64";
- description
- "Information about the configuration parameters that
- rate limit the translation based upon various criteria.";
-
- leaf limit-per-subscriber {
- type uint32;
- units "bits/second";
- description
- "Rate-limit the number of new mappings and sessions
- per subscriber.";
- }
-
- leaf limit-per-instance {
- type uint32;
- units "bits/second";
- // TODO(HC2VPP-328)
- // mandatory true;
- description
- "Rate-limit the number of new mappings and sessions
- per instance.";
- }
-
- list limit-per-protocol {
- if-feature "napt44 or nat64";
- key protocol-id;
- description
- "Configure limits per transport protocol";
-
- leaf protocol-id {
- type uint8;
- mandatory true;
- description
- "Upper-layer protocol associated with this mapping.
-
- Values are taken from the IANA protocol registry:
- https://www.iana.org/assignments/protocol-numbers/
- protocol-numbers.xhtml
-
- For example, this field contains 6 (TCP) for a TCP
- mapping or 17 (UDP) for a UDP mapping.";
- }
-
- leaf limit {
- type uint32;
- description
- "Rate-limit the number of protocol-specific mappings
- and sessions per instance.";
- }
- }
- }
-
- container notification-limits {
- description "Sets notification limits.";
-
- leaf notify-interval {
- if-feature "basic-nat44 or napt44 or nat64";
- type uint32 {
- range "1 .. 3600";
- }
- units "seconds";
- default '10';
- description
- "Minimum number of seconds between successive
- notifications for this NAT instance.";
- reference
- "RFC 7659: Definitions of Managed Objects
- for Network Address Translators (NATs)";
- }
-
- leaf notify-addresses-usage {
- if-feature "basic-nat44 or napt44 or nat64";
- type percent;
- description
- "Notification of address mappings usage over
- the whole NAT instance.
-
- Notification must be generated when the defined
- threshold is reached.
-
- For example, if a notification is required when
- the address mappings utilization reaches 90%,
- this configuration parameter must be set
- to 90.";
- }
-
- leaf notify-ports-usage {
- if-feature "napt44 or nat64";
- type percent;
- description
- "Notification of port mappings usage over the
- whole NAT instance.
-
- Notification must be generated when the defined
- threshold is reached.
-
- For example, if a notification is required when
- the port mappings utilization reaches 90%, this
- configuration parameter must be set to 90.";
- }
-
- leaf notify-subscribers-limit {
- if-feature "basic-nat44 or napt44 or nat64";
- type uint32;
- description
- "Notification of active subscribers per NAT
- instance.
-
- Notification must be generated when the defined
- threshold is reached.";
- }
- }
-
- leaf logging-enable {
- if-feature "basic-nat44 or napt44 or nat64";
- type boolean;
- description
- "Enable logging features.";
- reference
- "Section 2.3 of RFC 6908 and REQ-12 of RFC 6888.";
- }
-
- container mapping-table {
- if-feature "basic-nat44 or napt44 " +
- "or nat64 or clat or dst-nat";
- description
- "NAT mapping table. Applicable for functions which maintain
- static and/or dynamic mappings, such as NAT44, Destination
- NAT, NAT64, or CLAT.";
-
- list mapping-entry {
- key "index";
- description "NAT mapping entry.";
- uses mapping-entry;
- }
- }
-
- container statistics {
- config false;
-
- description
- "Statistics related to the NAT instance.";
-
- leaf discontinuity-time {
- type yang:date-and-time;
- mandatory true;
- description
- "The time on the most recent occasion at which the NAT
- instance suffered a discontinuity. This must be
- initialized when the NAT instance is configured
- or rebooted.";
- }
-
- container traffic-statistics {
- description
- "Generic traffic statistics.";
-
- leaf sent-packets {
- type yang:zero-based-counter64;
- description
- "Number of packets sent.";
- }
-
- leaf sent-bytes {
- type yang:zero-based-counter64;
- units 'bytes';
- description
- "Counter for sent traffic in bytes.";
- }
-
- leaf rcvd-packets {
- type yang:zero-based-counter64;
- description
- "Number of received packets.";
- }
-
- leaf rcvd-bytes {
- type yang:zero-based-counter64;
- units 'bytes';
- description
- "Counter for received traffic in bytes.";
- }
-
- leaf dropped-packets {
- type yang:zero-based-counter64;
- description
- "Number of dropped packets.";
- }
-
- leaf dropped-bytes {
- type yang:zero-based-counter64;
- units 'bytes';
- description
- "Counter for dropped traffic in bytes.";
- }
-
- leaf dropped-fragments {
- if-feature "napt44 or nat64";
- type yang:zero-based-counter64;
- description
- "Number of dropped fragments on the external realm.";
- }
-
- leaf dropped-address-limit-packets {
- if-feature "basic-nat44 or napt44 or nat64";
- type yang:zero-based-counter64;
- description
- "Number of dropped packets because an address limit
- is reached.";
- }
-
- leaf dropped-address-limit-bytes {
- if-feature "basic-nat44 or napt44 or nat64";
- type yang:zero-based-counter64;
- units 'bytes';
- description
- "Counter of dropped packets because an address limit
- is reached, in bytes.";
- }
-
- leaf dropped-address-packets {
- if-feature "basic-nat44 or napt44 or nat64";
- type yang:zero-based-counter64;
- description
- "Number of dropped packets because no address is
- available for allocation.";
- }
-
- leaf dropped-address-bytes {
- if-feature "basic-nat44 or napt44 or nat64";
- type yang:zero-based-counter64;
- units 'bytes';
- description
- "Counter of dropped packets because no address is
- available for allocation, in bytes.";
- }
-
- leaf dropped-port-limit-packets {
- if-feature "napt44 or nat64";
- type yang:zero-based-counter64;
- description
- "Number of dropped packets because a port limit
- is reached.";
- }
-
- leaf dropped-port-limit-bytes {
- if-feature "napt44 or nat64";
- type yang:zero-based-counter64;
- units 'bytes';
- description
- "Counter of dropped packets because a port limit
- is reached, in bytes.";
- }
-
- leaf dropped-port-packets {
- if-feature "napt44 or nat64";
- type yang:zero-based-counter64;
- description
- "Number of dropped packets because no port is
- available for allocation.";
- }
-
- leaf dropped-port-bytes {
- if-feature "napt44 or nat64";
- type yang:zero-based-counter64;
- units 'bytes';
- description
- "Counter of dropped packets because no port is
- available for allocation, in bytes.";
- }
-
- leaf dropped-subscriber-limit-packets {
- if-feature "basic-nat44 or napt44 or nat64";
- type yang:zero-based-counter64;
- description
- "Number of dropped packets because the subscriber
- limit per instance is reached.";
- }
-
- leaf dropped-subscriber-limit-bytes {
- if-feature "basic-nat44 or napt44 or nat64";
- type yang:zero-based-counter64;
- units 'bytes';
- description
- "Counter of dropped packets because the subscriber
- limit per instance is reached, in bytes.";
- }
- }
-
- container mappings-statistics {
- description
- "Mappings statistics.";
-
- leaf total-active-subscribers {
- if-feature "basic-nat44 or napt44 or nat64";
- type yang:gauge32;
- description
- "Total number of active subscribers (that is,
- subscribers for which the NAT maintains active
- mappings.
-
- A subscriber is identified by a subnet,
- subscriber-mask, etc.";
- }
-
- leaf total-address-mappings {
- if-feature "basic-nat44 or napt44 " +
- "or nat64 or clat or dst-nat";
- type yang:gauge32;
- description
- "Total number of address mappings present at a given
- time. It includes both static and dynamic mappings.";
- reference
- "Section 3.3.8 of RFC 7659";
- }
-
- leaf total-port-mappings {
- if-feature "napt44 or nat64";
- type yang:gauge32;
- description
- "Total number of NAT port mappings present at
- a given time. It includes both static and dynamic
- mappings.";
- reference
- "Section 3.3.9 of RFC 7659";
- }
-
- list total-per-protocol {
- if-feature "napt44 or nat64";
- key protocol-id;
- description
- "Total mappings for each enabled/supported protocol.";
-
- leaf protocol-id {
- type uint8;
- mandatory true;
- description
- "Upper-layer protocol associated with this mapping.
- For example, this field contains 6 (TCP) for a TCP
- mapping or 17 (UDP) for a UDP mapping.";
- }
-
- leaf total {
- type yang:gauge32;
- description
- "Total number of a protocol-specific mappings present
- at a given time. The protocol is identified by
- protocol-id.";
- }
- }
- }
-
- container pools-stats {
- if-feature "basic-nat44 or napt44 or nat64";
- description
- "Statistics related to address/prefix pools
- usage";
-
- leaf addresses-allocated {
- type yang:gauge32;
- description
- "Number of all allocated addresses.";
- }
-
- leaf addresses-free {
- type yang:gauge32;
- description
- "Number of unallocated addresses of all pools at
- a given time. The sum of unallocated and allocated
- addresses is the total number of addresses of
- the pools.";
- }
-
- container ports-stats {
- if-feature "napt44 or nat64";
-
- description
- "Statistics related to port numbers usage.";
-
- leaf ports-allocated {
- type yang:gauge32;
- description
- "Number of allocated ports from all pools.";
- }
-
- leaf ports-free {
- type yang:gauge32;
- description
- "Number of unallocated addresses from all pools.";
- }
- }
-
- list per-pool-stats {
- if-feature "basic-nat44 or napt44 or nat64";
- key "pool-id";
- description
- "Statistics related to address/prefix pool usage";
-
- leaf pool-id {
- type uint32;
- description
- "Unique Identifier that represents a pool of
- addresses/prefixes.";
- }
-
- leaf discontinuity-time {
- type yang:date-and-time;
- mandatory true;
- description
- "The time on the most recent occasion at which this
- pool counters suffered a discontinuity. This must
- be initialized when the address pool is
- configured.";
- }
-
- container pool-stats {
- description
- "Statistics related to address/prefix pool usage";
-
- leaf addresses-allocated {
- type yang:gauge32;
- description
- "Number of allocated addresses from this pool.";
- }
-
- leaf addresses-free {
- type yang:gauge32;
- description
- "Number of unallocated addresses in this pool.";
- }
- }
-
- container port-stats {
- if-feature "napt44 or nat64";
- description
- "Statistics related to port numbers usage.";
-
- leaf ports-allocated {
- type yang:gauge32;
- description
- "Number of allocated ports from this pool.";
- }
-
- leaf ports-free {
- type yang:gauge32;
- description
- "Number of unallocated addresses from this pool.";
- }
- }
- }
- }
- }
- }
- }
- }
-
- /*
- * Notifications
- */
-
- notification nat-pool-event {
- if-feature "basic-nat44 or napt44 or nat64";
- description
- "Notifications must be generated when the defined high/low
- threshold is reached. Related configuration parameters
- must be provided to trigger the notifications.";
-
- leaf id {
- type leafref {
- path "/nat/instances/instance/id";
- }
- mandatory true;
- description
- "NAT instance Identifier.";
- }
-
- leaf policy-id {
- type leafref {
- path "/nat/instances/instance/policy/id";
- }
-
- description
- "Policy Identifier.";
- }
-
- leaf pool-id {
- type leafref {
- path "/nat/instances/instance/policy/" +
- "external-ip-address-pool/pool-id";
- }
- mandatory true;
- description
- "Pool Identifier.";
- }
-
- leaf notify-pool-threshold {
- type percent;
- mandatory true;
- description
- "A threshold (high-threshold or low-threshold) has
- been fired.";
- }
- }
-
- notification nat-instance-event {
- if-feature "basic-nat44 or napt44 or nat64";
- description
- "Notifications must be generated when notify-addresses-usage
- and/or notify-ports-usage threshold are reached.";
-
- leaf id {
- type leafref {
- path "/nat/instances/instance/id";
- }
- mandatory true;
- description
- "NAT instance Identifier.";
- }
-
- leaf notify-subscribers-threshold {
- type uint32;
- description
- "The notify-subscribers-limit threshold has been fired.";
- }
-
- leaf notify-addresses-threshold {
- type percent;
- description
- "The notify-addresses-usage threshold has been fired.";
- }
-
- leaf notify-ports-threshold {
- type percent;
- description
- "The notify-ports-usage threshold has been fired.";
- }
- }
-}