diff options
Diffstat (limited to 'nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang')
-rw-r--r-- | nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang | 2388 |
1 files changed, 0 insertions, 2388 deletions
diff --git a/nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang b/nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang deleted file mode 100644 index 5eec4c609..000000000 --- a/nat/nat-api/src/main/yang/ietf-nat@2018-02-23.yang +++ /dev/null @@ -1,2388 +0,0 @@ -module ietf-nat { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:ietf-nat"; - prefix "nat"; - - import ietf-inet-types { - prefix inet; - reference - "Section 4 of RFC 6991"; - } - - import ietf-yang-types { - prefix yang; - reference - "Section 3 of RFC 6991"; - } - - import ietf-interfaces { - prefix if; - reference - "RFC 8343: A YANG Data Model for Interface Management"; - } - - organization - "IETF OPSAWG (Operations and Management Area Working Group)"; - - contact - - "WG Web: <https://datatracker.ietf.org/wg/opsawg/> - WG List: <mailto:opsawg@ietf.org> - - Editor: Mohamed Boucadair - <mailto:mohamed.boucadair@orange.com> - - Editor: Senthil Sivakumar - <mailto:ssenthil@cisco.com> - - Editor: Christian Jacquenet - <mailto:christian.jacquenet@orange.com> - - Editor: Suresh Vinapamula - <mailto:sureshk@juniper.net> - - Editor: Qin Wu - <mailto:bill.wu@huawei.com>"; - - description - "This module is a YANG module for NAT implementations. - - NAT44, Network Address and Protocol Translation from IPv6 - Clients to IPv4 Servers (NAT64), Customer-side transLATor (CLAT), - Stateless IP/ICMP Translation (SIIT), Explicit Address Mappings - for Stateless IP/ICMP Translation (SIIT EAM), IPv6 Network - Prefix Translation (NPTv6), and Destination NAT are covered. - - Copyright (c) 2018 IETF Trust and the persons identified as - authors of the code. All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD License - set forth in Section 4.c of the IETF Trust's Legal Provisions - Relating to IETF Documents - (http://trustee.ietf.org/license-info). - - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; - - revision 2018-02-23 { - description - "Initial revision."; - reference - "RFC XXXX: A YANG Module for Network Address Translation - (NAT) and Network Prefix Translation (NPT)"; - } - - /* - * Definitions - */ - - typedef percent { - type uint8 { - range "0 .. 100"; - } - description - "Percentage"; - } - - /* - * Features - */ - - feature basic-nat44{ - description - "Basic NAT44 translation is limited to IP addresses alone."; - reference - "RFC 3022: Traditional IP Network Address Translator - (Traditional NAT)"; - } - - feature napt44 { - description - "Network Address/Port Translator (NAPT): translation is - extended to include IP addresses and transport identifiers - (such as a TCP/UDP port or ICMP query ID). - - If the internal IP address is not sufficient to uniquely - disambiguate NAPT44 mappings, an additional attribute is - required. For example, that additional attribute may - be an IPv6 address (a.k.a., DS-Lite) or - a Layer 2 identifier (a.k.a., Per-Interface NAT)"; - reference - "RFC 3022: Traditional IP Network Address Translator - (Traditional NAT)"; - } - - feature dst-nat { - description - "Destination NAT is a translation that acts on the destination - IP address and/or destination port number. This flavor is - usually deployed in load balancers or at devices - in front of public servers."; - } - - feature nat64 { - description - "NAT64 translation allows IPv6-only clients to contact IPv4 - servers using unicast UDP, TCP, or ICMP. One or more - public IPv4 addresses assigned to a NAT64 translator are - shared among several IPv6-only clients."; - reference - "RFC 6146: Stateful NAT64: Network Address and Protocol - Translation from IPv6 Clients to IPv4 Servers"; - } - - feature siit { - description - "The Stateless IP/ICMP Translation Algorithm (SIIT), which - translates between IPv4 and IPv6 packet headers (including - ICMP headers). - - In the stateless mode, an IP/ICMP translator converts IPv4 - addresses to IPv6 and vice versa solely based on the - configuration of the stateless IP/ICMP translator and - information contained within the packet being translated. - - The translator must support the stateless address mapping - algorithm defined in RFC6052, which is the default behavior."; - reference - "RFC 7915: IP/ICMP Translation Algorithm"; - } - - feature clat { - description - "CLAT is customer-side translator that algorithmically - translates 1:1 private IPv4 addresses to global IPv6 addresses, - and vice versa. - - When a dedicated /64 prefix is not available for translation - from DHCPv6-PD, the CLAT may perform NAT44 for all IPv4 LAN - packets so that all the LAN-originated IPv4 packets appear - from a single IPv4 address and are then statelessly translated - to one interface IPv6 address that is claimed by the CLAT via - the Neighbor Discovery Protocol (NDP) and defended with - Duplicate Address Detection."; - reference - "RFC 6877: 464XLAT: Combination of Stateful and Stateless - Translation"; - } - - feature eam { - description - "Explicit Address Mapping (EAM) is a bidirectional coupling - between an IPv4 Prefix and an IPv6 Prefix."; - reference - "RFC 7757: Explicit Address Mappings for Stateless IP/ICMP - Translation"; - } - - feature nptv6 { - description - "NPTv6 is a stateless transport-agnostic IPv6-to-IPv6 - prefix translation."; - reference - "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; - } - - /* - * Identities - */ - - identity nat-type { - description - "Base identity for nat type."; - } - - identity basic-nat44 { - base nat:nat-type; - description - "Identity for Basic NAT support."; - reference - "RFC 3022: Traditional IP Network Address Translator - (Traditional NAT)"; - } - - identity napt44 { - base nat:nat-type; - description - "Identity for NAPT support."; - reference - "RFC 3022: Traditional IP Network Address Translator - (Traditional NAT)"; - } - - identity dst-nat { - base nat:nat-type; - description - "Identity for Destination NAT support."; - } - - identity nat64 { - base nat:nat-type; - description - "Identity for NAT64 support."; - reference - "RFC 6146: Stateful NAT64: Network Address and Protocol - Translation from IPv6 Clients to IPv4 Servers"; - } - - identity siit { - base nat:nat-type; - description - "Identity for SIIT support."; - reference - "RFC 7915: IP/ICMP Translation Algorithm"; - } - - identity clat { - base nat:nat-type; - description - "Identity for CLAT support."; - reference - "RFC 6877: 464XLAT: Combination of Stateful and Stateless - Translation"; - } - - identity eam { - base nat:nat-type; - description - "Identity for EAM support."; - reference - "RFC 7757: Explicit Address Mappings for Stateless IP/ICMP - Translation"; - } - - identity nptv6 { - base nat:nat-type; - description - "Identity for NPTv6 support."; - reference - "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; - } - - /* - * Grouping - */ - - grouping port-number { - description - "Individual port or a range of ports. - When only start-port-number is present, - it represents a single port number."; - - leaf start-port-number { - type inet:port-number; - description - "Beginning of the port range."; - reference - "Section 3.2.9 of RFC 8045."; - } - - leaf end-port-number { - type inet:port-number; - - must ". >= ../start-port-number" - { - error-message - "The end-port-number must be greater than or - equal to start-port-number."; - } - description - "End of the port range."; - reference - "Section 3.2.10 of RFC 8045."; - } - } - - grouping port-set { - description - "Indicates a set of ports. - - It may be a simple port range, or use the Port Set ID (PSID) - algorithm to represent a range of transport layer - ports which will be used by a NAPT."; - - choice port-type { - default port-range; - description - "Port type: port-range or port-set-algo."; - case port-range { - uses port-number; - } - - case port-set-algo { - leaf psid-offset { - type uint8 { - range 0..15; - } - - description - "The number of offset bits (a.k.a., 'a' bits). - - Specifies the numeric value for the excluded port - range/offset bits. - - Allowed values are between 0 and 15 "; - - reference - "Section 5.1 of RFC 7597"; - } - - leaf psid-len { - type uint8 { - range 0..15; - } - mandatory true; - - description - "The length of PSID, representing the sharing - ratio for an IPv4 address. - - (also known as 'k'). - - The address-sharing ratio would be 2^k."; - reference - "Section 5.1 of RFC 7597"; - } - - leaf psid { - type uint16; - mandatory true; - description - "Port Set Identifier (PSID) value, which - identifies a set of ports algorithmically."; - reference - "Section 5.1 of RFC 7597"; - } - } - reference - "Section 7597: Mapping of Address and Port with - Encapsulation (MAP-E)"; - } - } - - grouping mapping-entry { - description - "NAT mapping entry. - - If an attribute is not stored in the mapping/session table, - this means the corresponding fields of a packet that - matches this entry is not rewritten by the NAT or this - information is not required for NAT filtering purposes."; - - leaf index { - type uint32; - description - "A unique identifier of a mapping entry. This identifier can be - automatically assigned by the NAT instance or be explicitly - configured."; - } - - leaf type { - type enumeration { - enum "static" { - description - "The mapping entry is explicitly configured - (e.g., via command-line interface)."; - } - - enum "dynamic-implicit" { - description - "This mapping is created implicitly as a side effect - of processing a packet that requires a new mapping."; - - } - - enum "dynamic-explicit" { - description - "This mapping is created as a result of an explicit - request, e.g., a PCP message."; - - } - } - description - "Indicates the type of a mapping entry. E.g., - a mapping can be: static, implicit dynamic - or explicit dynamic."; - } - - leaf transport-protocol { - type uint8; - description - "Upper-layer protocol associated with this mapping. - Values are taken from the IANA protocol registry. - For example, this field contains 6 (TCP) for a TCP - mapping or 17 (UDP) for a UDP mapping. - - If this leaf is not instantiated, then the mapping - applies to any protocol."; - } - - leaf internal-src-address { - type inet:ip-prefix; - description - "Corresponds to the source IPv4/IPv6 address/prefix - of the packet received on an internal - interface."; - } - - container internal-src-port { - description - "Corresponds to the source port of the packet received - on an internal interface. - - It is used also to indicate the internal source ICMP - identifier. - - As a reminder, all the ICMP Query messages contain - an 'Identifier' field, which is referred to in this - document as the 'ICMP Identifier'."; - - uses port-number; - } - - leaf external-src-address { - type inet:ip-prefix; - description - "Source IP address/prefix of the packet sent on an - external interface of the NAT."; - } - - container external-src-port { - description - "Source port of the packet sent on an external - interface of the NAT. - It is used also to indicate the external source ICMP - identifier."; - - uses port-number; - } - - leaf internal-dst-address { - type inet:ip-prefix; - description - "Corresponds to the destination IP address/prefix - of the packet received on an internal interface - of the NAT. - - For example, some NAT implementations support - the translation of both source and destination - addresses and ports, sometimes referred to - as 'Twice NAT'."; - } - - container internal-dst-port { - description - "Corresponds to the destination port of the - IP packet received on the internal interface. - - It is used also to include the internal - destination ICMP identifier."; - - uses port-number; - } - - leaf external-dst-address { - type inet:ip-prefix; - description - "Corresponds to the destination IP address/prefix - of the packet sent on an external interface - of the NAT."; - } - - container external-dst-port { - description - "Corresponds to the destination port number of - the packet sent on the external interface - of the NAT. - - It is used also to include the external - destination ICMP identifier."; - - uses port-number; - } - - leaf lifetime { - type uint32; - units "seconds"; - description - "When specified, it is used to track the connection that is - fully-formed (e.g., once the three-way handshake - TCP is completed) or the duration for maintaining - an explicit mapping alive. The mapping entry will be - removed by the NAT instance once this lifetime is expired. - - When reported in a get operation, the lifetime indicates - the remaining validity lifetime. - - Static mappings may not be associated with a - lifetime. If no lifetime is associated with a - static mapping, an explicit action is required to - remove that mapping."; - } - } - - /* - * NAT Module - */ - - container nat { - description - "NAT module"; - - container instances { - description - "NAT instances"; - - list instance { - key "id"; - - description - "A NAT instance. This identifier can be automatically assigned - or explicitly configured."; - - leaf id { - type uint32; - must ". >= 1"; - description - "NAT instance identifier. - - The identifier must be greater than zero."; - reference - "RFC 7659: Definitions of Managed Objects for Network - Address Translators (NATs)"; - } - - leaf name { - type string; - description - "A name associated with the NAT instance."; - reference - "RFC 7659: Definitions of Managed Objects for Network - Address Translators (NATs)"; - } - - leaf enable { - type boolean; - description - "Status of the NAT instance."; - } - - container capabilities { - config false; - - description - "NAT capabilities"; - - leaf-list nat-flavor { - type identityref { - base nat-type; - } - description - "Supported translation type(s)."; - } - - leaf-list per-interface-binding { - type enumeration { - enum "unsupported" { - description - "No capability to associate a NAT binding with - an extra identifier."; - } - - enum "layer-2" { - description - "The NAT instance is able to associate a mapping with - a layer-2 identifier."; - } - - enum "dslite" { - description - "The NAT instance is able to associate a mapping with - an IPv6 address (a.k.a., DS-Lite)."; - } - } - description - "Indicates the capability of a NAT to associate a particular - NAT session not only with the five tuples used for the - transport connection on both sides of the NAT but also with - the internal interface on which the user device is - connected to the NAT."; - reference - "Section 4 of RFC 6619"; - } - - list transport-protocols { - key protocol-id; - - description - "List of supported protocols."; - - leaf protocol-id { - type uint8; - mandatory true; - description - "Upper-layer protocol associated with this mapping. - - Values are taken from the IANA protocol registry: - https://www.iana.org/assignments/protocol-numbers/ - protocol-numbers.xhtml - - For example, this field contains 6 (TCP) for a TCP - mapping or 17 (UDP) for a UDP mapping."; - } - - leaf protocol-name { - type string; - description - "The name of the Upper-layer protocol associated - with this mapping. - - Values are taken from the IANA protocol registry: - https://www.iana.org/assignments/protocol-numbers/ - protocol-numbers.xhtml - - For example, TCP, UDP, DCCP, and SCTP."; - } - } - - leaf restricted-port-support { - type boolean; - description - "Indicates source port NAT restriction support."; - reference - "RFC 7596: Lightweight 4over6: An Extension to - the Dual-Stack Lite Architecture."; - } - - leaf static-mapping-support { - type boolean; - description - "Indicates whether static mappings are supported."; - } - - leaf port-randomization-support { - type boolean; - description - "Indicates whether port randomization is supported."; - reference - "Section 4.2.1 of RFC 4787."; - } - - leaf port-range-allocation-support { - type boolean; - description - "Indicates whether port range allocation is supported."; - reference - "Section 1.1 of RFC 7753."; - } - - leaf port-preservation-suport { - type boolean; - description - "Indicates whether port preservation is supported."; - reference - "Section 4.2.1 of RFC 4787."; - } - - leaf port-parity-preservation-support { - type boolean; - description - "Indicates whether port parity preservation is - supported."; - reference - "Section 8 of RFC 7857."; - } - - leaf address-roundrobin-support { - type boolean; - description - "Indicates whether address allocation round robin is - supported."; - } - - leaf paired-address-pooling-support { - type boolean; - description - "Indicates whether paired-address-pooling is - supported"; - reference - "REQ-2 of RFC 4787."; - } - - leaf endpoint-independent-mapping-support { - type boolean; - description - "Indicates whether endpoint-independent- - mapping is supported."; - reference - "Section 4 of RFC 4787."; - } - - leaf address-dependent-mapping-support { - type boolean; - description - "Indicates whether address-dependent-mapping is - supported."; - reference - "Section 4 of RFC 4787."; - } - - leaf address-and-port-dependent-mapping-support { - type boolean; - description - "Indicates whether address-and-port-dependent-mapping is - supported."; - reference - "Section 4 of RFC 4787."; - } - - leaf endpoint-independent-filtering-support { - type boolean; - description - "Indicates whether endpoint-independent-filtering is - supported."; - reference - "Section 5 of RFC 4787."; - } - - leaf address-dependent-filtering { - type boolean; - description - "Indicates whether address-dependent-filtering is - supported."; - reference - "Section 5 of RFC 4787."; - } - - leaf address-and-port-dependent-filtering { - type boolean; - description - "Indicates whether address-and-port-dependent is - supported."; - reference - "Section 5 of RFC 4787."; - } - - leaf fragment-behavior { - type enumeration { - enum "unsupported" { - description - "No capability to translate incoming fragments. - All received fragments are dropped."; - } - - enum "in-order" { - description - "The NAT instance is able to translate fragments only if - they are received in order. That is, in particular the - header is in the first packet. Fragments received - out of order are dropped. "; - } - - enum "out-of-order" { - description - "The NAT instance is able to translate a fragment even - if it is received out of order. - - This behavior is recommended."; - reference - "REQ-14 of RFC 4787"; - } - } - description - "The fragment behavior is the NAT instance's capability to - translate fragments received on the external interface of - the NAT."; - } - } - - leaf type { - type identityref { - base nat-type; - } - description - "Specify the translation type. Particularly useful when - multiple translation flavors are supported. - - If one type is supported by a NAT, this parameter is by - default set to that type."; - } - - leaf per-interface-binding { - type enumeration { - enum "disabled" { - description - "Disable the capability to associate an extra identifier - with NAT mappings."; - } - - enum "layer-2" { - description - "The NAT instance is able to associate a mapping with - a layer-2 identifier."; - } - - enum "dslite" { - description - "The NAT instance is able to associate a mapping with - an IPv6 address (a.k.a., DS-Lite)."; - } - } - description - "A NAT that associates a particular NAT session not only with - the five tuples used for the transport connection on both - sides of the NAT but also with the internal interface on - which the user device is connected to the NAT. - - If supported, this mode of operation should be configurable, - and it should be disabled by default in general-purpose NAT - devices. - - If one single per-interface binding behavior is supported by - a NAT, this parameter is by default set to that behavior."; - reference - "Section 4 of RFC 6619"; - } - - list nat-pass-through { - if-feature "basic-nat44 or napt44 or dst-nat"; - key id; - - description - "IP prefix NAT pass through."; - - leaf id { - type uint32; - description - "An identifier of the IP prefix pass through."; - } - - leaf prefix { - type inet:ip-prefix; - mandatory true; - description - "The IP addresses that match should not be translated. - - It must be possible to administratively turn - off translation for specific destination addresses - and/or ports."; - reference - "REQ#6 of RFC 6888."; - } - - leaf port { - type inet:port-number; - description - "It must be possible to administratively turn off - translation for specific destination addresses - and/or ports. - - If no prefix is defined, the NAT pass through bound - to a given port applies for any destination address."; - reference - "REQ#6 of RFC 6888."; - } - } - - list policy { - key id; - description - "NAT parameters for a given instance"; - - leaf id { - type uint32; - description - "An identifier of the NAT policy. It must be unique - within the NAT instance."; - } - - container clat-parameters { - if-feature clat; - description - "CLAT parameters."; - - list clat-ipv6-prefixes { - key ipv6-prefix; - description - "464XLAT double translation treatment is stateless when a - dedicated /64 is available for translation on the CLAT. - Otherwise, the CLAT will have both stateful and stateless - since it requires NAT44 from the LAN to a single IPv4 - address and then stateless translation to a single - IPv6 address."; - reference - "RFC 6877: 464XLAT: Combination of Stateful and Stateless - Translation"; - - leaf ipv6-prefix { - type inet:ipv6-prefix; - description - "An IPv6 prefix used for CLAT."; - } - } - - list ipv4-prefixes { - key ipv4-prefix; - description - "Pool of IPv4 addresses used for CLAT. - 192.0.0.0/29 is the IPv4 service continuity prefix."; - reference - "RFC 7335: IPv4 Service Continuity Prefix"; - - leaf ipv4-prefix { - type inet:ipv4-prefix; - description - "464XLAT double translation treatment is - stateless when a dedicated /64 is available - for translation on the CLAT. Otherwise, the - CLAT will have both stateful and stateless - since it requires NAT44 from the LAN to - a single IPv4 address and then stateless - translation to a single IPv6 address. - The CLAT performs NAT44 for all IPv4 LAN - packets so that all the LAN-originated IPv4 - packets appear from a single IPv4 address - and are then statelessly translated to one - interface IPv6 address that is claimed by - the CLAT. - - An IPv4 address from this pool is also - provided to an application that makes - use of literals."; - - reference - "RFC 6877: 464XLAT: Combination of Stateful and Stateless - Translation"; - } - } - } - - list nptv6-prefixes { - if-feature nptv6; - key internal-ipv6-prefix ; - description - "Provides one or a list of (internal IPv6 prefix, - external IPv6 prefix) required for NPTv6. - - In its simplest form, NPTv6 interconnects two network - links, one of which is an 'internal' network link - attached to a leaf network within a single - administrative domain and the other of which is an - 'external' network with connectivity to the global - Internet."; - reference - "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; - - leaf internal-ipv6-prefix { - type inet:ipv6-prefix; - mandatory true; - description - "An IPv6 prefix used by an internal interface of NPTv6."; - reference - "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; - } - - leaf external-ipv6-prefix { - type inet:ipv6-prefix; - mandatory true; - description - "An IPv6 prefix used by the external interface of NPTv6."; - reference - "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; - } - } - - list eam { - if-feature eam; - key ipv4-prefix; - description - "The Explicit Address Mapping Table, a conceptual - table in which each row represents an EAM. - - Each EAM describes a mapping between IPv4 and IPv6 - prefixes/addresses."; - reference - "Section 3.1 of RFC 7757."; - - leaf ipv4-prefix { - type inet:ipv4-prefix; - mandatory true; - description - "The IPv4 prefix of an EAM."; - reference - "Section 3.2 of RFC 7757."; - } - - leaf ipv6-prefix { - type inet:ipv6-prefix; - mandatory true; - description - "The IPv6 prefix of an EAM."; - reference - "Section 3.2 of RFC 7757."; - } - } - - list nat64-prefixes { - if-feature "siit or nat64 or clat"; - key nat64-prefix; - description - "Provides one or a list of NAT64 prefixes - with or without a list of destination IPv4 prefixes. - It allows mapping IPv4 address ranges to IPv6 prefixes. - - For example: - 192.0.2.0/24 is mapped to 2001:db8:122:300::/56. - 198.51.100.0/24 is mapped to 2001:db8:122::/48."; - reference - "Section 5.1 of RFC 7050."; - - leaf nat64-prefix { - type inet:ipv6-prefix; - mandatory true; - description - "A NAT64 prefix. Can be Network-Specific Prefix (NSP) or - Well-Known Prefix (WKP). - - Organizations deploying stateless IPv4/IPv6 translation - should assign a Network-Specific Prefix to their - IPv4/IPv6 translation service. - - For stateless NAT64, IPv4-translatable IPv6 addresses - must use the selected Network-Specific Prefix. - - Both IPv4-translatable IPv6 addresses and IPv4-converted - IPv6 addresses should use the same prefix."; - reference - "Sections 3.3 and 3.4 of RFC 6052."; - } - - list destination-ipv4-prefix { - key ipv4-prefix; - description - "An IPv4 prefix/address."; - - leaf ipv4-prefix { - type inet:ipv4-prefix; - description - "An IPv4 address/prefix."; - } - } - - leaf stateless-enable { - type boolean; - default false; - description - "Enable explicitly stateless NAT64."; - } - } - - list external-ip-address-pool { - if-feature "basic-nat44 or napt44 or nat64"; - key pool-id; - - description - "Pool of external IP addresses used to service internal - hosts. - - A pool is a set of IP prefixes."; - - leaf pool-id { - type uint32; - must ". >= 1"; - description - "An identifier that uniquely identifies the address pool - within a NAT instance. - - The identifier must be greater than zero."; - reference - "RFC 7659: Definitions of Managed Objects for - Network Address Translators (NATs)"; - } - - leaf external-ip-pool { - type inet:ipv4-prefix; - mandatory true; - description - "An IPv4 prefix used for NAT purposes."; - } - } - - container port-set-restrict { - if-feature "napt44 or nat64"; - description - "Configures contiguous and non-contiguous port ranges. - - The port set is used to restrict the external source - port numbers used by the translator."; - - uses port-set; - } - - leaf dst-nat-enable { - if-feature "basic-nat44 or napt44"; - type boolean; - default false; - description - "Enable/Disable destination NAT. - A NAT44 may be configured to enable Destination - NAT, too."; - } - - list dst-ip-address-pool { - if-feature dst-nat; - key pool-id; - description - "Pool of IP addresses used for destination NAT."; - - leaf pool-id { - type uint32; - description - "An identifier of the address pool."; - } - - leaf dst-in-ip-pool { - type inet:ip-prefix; - description - "Is used to identify an internal destination - IP prefix/address to be translated."; - } - - leaf dst-out-ip-pool { - type inet:ip-prefix; - mandatory true; - description - "IP address/prefix used for destination NAT."; - } - } - - list transport-protocols { - if-feature "napt44 or nat64 or dst-nat"; - key protocol-id; - - description - "Configure the transport protocols to be handled by - the translator. - - TCP and UDP are supported by default."; - - leaf protocol-id { - type uint8; - mandatory true; - description - "Upper-layer protocol associated with this mapping. - - Values are taken from the IANA protocol registry: - https://www.iana.org/assignments/protocol-numbers/ - protocol-numbers.xhtml - - For example, this field contains 6 (TCP) for a TCP - mapping or 17 (UDP) for a UDP mapping."; - } - - leaf protocol-name { - type string; - description - "The name of the Upper-layer protocol associated - with this mapping. - - Values are taken from the IANA protocol registry: - https://www.iana.org/assignments/protocol-numbers/ - protocol-numbers.xhtml - - For example, TCP, UDP, DCCP, and SCTP."; - } - } - - leaf subscriber-mask-v6 { - type uint8 { - range "0 .. 128"; - } - - description - "The subscriber mask is an integer that indicates - the length of significant bits to be applied on - the source IPv6 address (internal side) to - unambiguously identify a user device (e.g., CPE). - - Subscriber mask is a system-wide configuration - parameter that is used to enforce generic - per-subscriber policies (e.g., port-quota). - - The enforcement of these generic policies does not - require the configuration of every subscriber's - prefix. - - Example: suppose the 2001:db8:100:100::/56 prefix - is assigned to a NAT64 serviced CPE. Suppose also - that 2001:db8:100:100::1 is the IPv6 address used - by the client that resides in that CPE. When the - NAT64 receives a packet from this client, - it applies the subscriber-mask-v6 (e.g., 56) on - the source IPv6 address to compute the associated - prefix for this client (2001:db8:100:100::/56). - Then, the NAT64 enforces policies based on that - prefix (2001:db8:100:100::/56), not on the exact - source IPv6 address."; - } - - list subscriber-match { - if-feature "basic-nat44 or napt44 or dst-nat"; - key match-id; - - description - "IP prefix match. - A subscriber is identified by a subnet."; - - leaf match-id { - type uint32; - description - "An identifier of the subscriber match."; - } - - leaf subnet { - type inet:ip-prefix; - mandatory true; - description - "The IP address subnets that match - should be translated. E.g., all addresses - that belong to the 192.0.2.0/24 prefix must - be processed by the NAT."; - } - } - - leaf address-allocation-type { - type enumeration { - enum "arbitrary" { - if-feature "basic-nat44 or napt44 or nat64"; - description - "Arbitrary pooling behavior means that the NAT - instance may create the new port mapping using any - address in the pool that has a free port for the - protocol concerned."; - } - - enum "roundrobin" { - if-feature "basic-nat44 or napt44 or nat64"; - description - "Round robin allocation."; - } - - enum "paired" { - if-feature "napt44 or nat64"; - description - "Paired address pooling informs the NAT - that all the flows from an internal IP - address must be assigned the same external - address. This is the recommended behavior for - NAPT/NAT64."; - reference - "RFC 4787: Network Address Translation (NAT) - Behavioral Requirements for Unicast UDP"; - } - } - description - "Specifies how external IP addresses are allocated."; - } - - leaf port-allocation-type { - if-feature "napt44 or nat64"; - type enumeration { - enum "random" { - description - "Port randomization is enabled. A NAT port allocation - scheme should make it hard for attackers to guess - port numbers"; - reference - "REQ-15 of RFC 6888"; - } - - enum "port-preservation" { - description - "Indicates whether the NAT should preserve the internal - port number."; - } - - enum "port-parity-preservation" { - description - "Indicates whether the NAT should preserve the port - parity of the internal port number."; - } - - enum "port-range-allocation" { - description - "Indicates whether the NAT assigns a range of ports - for an internal host. This scheme allows to minimize - log volume."; - reference - "REQ-14 of RFC 6888"; - } - } - description - "Indicates the type of port allocation."; - } - - leaf mapping-type { - if-feature "napt44 or nat64"; - type enumeration { - enum "eim" { - description - "endpoint-independent-mapping."; - reference - "Section 4 of RFC 4787."; - } - - enum "adm" { - description - "address-dependent-mapping."; - reference - "Section 4 of RFC 4787."; - } - - enum "edm" { - description - "address-and-port-dependent-mapping."; - reference - "Section 4 of RFC 4787."; - } - } - description - "Indicates the type of a NAT mapping."; - } - - leaf filtering-type { - if-feature "napt44 or nat64"; - type enumeration { - enum "eif" { - description - "endpoint-independent-filtering."; - reference - "Section 5 of RFC 4787."; - } - - enum "adf" { - description - "address-dependent-filtering."; - reference - "Section 5 of RFC 4787."; - } - - enum "edf" { - description - "address-and-port-dependent-filtering"; - reference - "Section 5 of RFC 4787."; - } - } - description - "Indicates the type of a NAT filtering."; - } - - leaf fragment-behavior { - if-feature "napt44 or nat64"; - type enumeration { - enum "drop-all" { - description - "All received fragments are dropped."; - } - - enum "in-order" { - description - "Translate fragments only if they are received - in order."; - } - - enum "out-of-order" { - description - "Translate a fragment even if it is received out - of order. - - This behavior is recommended."; - reference - "REQ-14 of RFC 4787"; - } - } - description - "The fragment behavior instructs the NAT about the - behavior to follow to translate fragments received - on the external interface of the NAT."; - } - - list port-quota { - if-feature "napt44 or nat64"; - key quota-type; - description - "Configures a port quota to be assigned per subscriber. - It corresponds to the maximum number of ports to be - used by a subscriber."; - - leaf port-limit { - type uint16; - description - "Configures a port quota to be assigned per subscriber. - It corresponds to the maximum number of ports to be - used by a subscriber."; - reference - "REQ-4 of RFC 6888."; - } - - leaf quota-type { - type uint8; - description - "Indicates whether the port quota applies to - all protocols (0) or to a specific protocol."; - } - } - - container port-set { - - when "../port-allocation-type = 'port-range-allocation'"; - - if-feature "napt44 or nat64"; - description - "Manages port-set assignments."; - - leaf port-set-size { - type uint16; - // TODO(HC2VPP-328) - // mandatory true; - description - "Indicates the size of assigned port sets."; - } - - leaf port-set-timeout { - type uint32; - units "seconds"; - description - "inactivity timeout for port sets."; - } - } - - container timers { - if-feature "napt44 or nat64"; - description - "Configure values of various timeouts."; - - leaf udp-timeout { - type uint32; - units "seconds"; - default 300; - description - "UDP inactivity timeout. That is the time a mapping - will stay active without packets traversing the NAT."; - reference - "RFC 4787: Network Address Translation (NAT) - Behavioral Requirements for Unicast UDP"; - } - - leaf tcp-idle-timeout { - type uint32; - units "seconds"; - default 7440; - description - "TCP Idle timeout should be 2 hours and 4 minutes."; - reference - "RFC 5382: NAT Behavioral Requirements for TCP"; - } - - leaf tcp-trans-open-timeout { - type uint32; - units "seconds"; - default 240; - description - "The value of the transitory open connection - idle-timeout. - - A NAT should provide different configurable - parameters for configuring the open and - closing idle timeouts. - - To accommodate deployments that consider - a partially open timeout of 4 minutes as being - excessive from a security standpoint, a NAT may - allow the configured timeout to be less than - 4 minutes. - - However, a minimum default transitory connection - idle-timeout of 4 minutes is recommended."; - reference - "Section 2.1 of RFC 7857."; - } - - leaf tcp-trans-close-timeout { - type uint32; - units "seconds"; - default 240; - description - "The value of the transitory close connection - idle-timeout. - - A NAT should provide different configurable - parameters for configuring the open and - closing idle timeouts."; - reference - "Section 2.1 of RFC 7857."; - } - - leaf tcp-in-syn-timeout { - type uint32; - units "seconds"; - default 6; - description - "A NAT must not respond to an unsolicited - inbound SYN packet for at least 6 seconds - after the packet is received. If during - this interval the NAT receives and translates - an outbound SYN for the connection the NAT - must silently drop the original unsolicited - inbound SYN packet."; - reference - "RFC 5382 NAT Behavioral Requirements for TCP"; - } - - leaf fragment-min-timeout { - when "../../fragment-behavior='out-of-order'"; - type uint32; - units "seconds"; - default 2; - description - "As long as the NAT has available resources, - the NAT allows the fragments to arrive - over fragment-min-timeout interval. - The default value is inspired from RFC6146."; - } - - leaf icmp-timeout { - type uint32; - units "seconds"; - default 60; - description - "An ICMP Query session timer must not expire - in less than 60 seconds. It is recommended - that the ICMP Query session timer be made - configurable"; - reference - "RFC 5508: NAT Behavioral Requirements for ICMP"; - } - - list per-port-timeout { - key port-number; - description - "Some NATs are configurable with short timeouts - for some ports, e.g., as 10 seconds on - port 53 (DNS) and 123 (NTP) and longer timeouts - on other ports."; - - leaf port-number { - type inet:port-number; - description - "A port number."; - } - - leaf timeout { - type uint32; - units "seconds"; - mandatory true; - description - "Timeout for this port number"; - } - } - - leaf hold-down-timeout { - type uint32; - units "seconds"; - default 120; - description - "Hold down timer. - - Ports in the hold down pool are not reassigned until - hold-down-timeout expires. - - The length of time and the maximum number of ports in - this state must be configurable by the administrator. - - This is necessary in order to prevent collisions - between old and new mappings and sessions. It ensures - that all established sessions are broken instead of - redirected to a different peer."; - reference - "REQ#8 of RFC 6888."; - } - - leaf hold-down-max { - type uint32; - description - "Maximum ports in the Hold down timer pool. - - Ports in the hold down pool are not reassigned - until hold-down-timeout expires. - - The length of time and the maximum - number of ports in this state must be - configurable by the administrator. - This is necessary in order - to prevent collisions between old - and new mappings and sessions. It ensures - that all established sessions are broken - instead of redirected to a different peer."; - reference - "REQ#8 of RFC 6888."; - } - } - - leaf fragments-limit{ - when "../fragment-behavior='out-of-order'"; - type uint32; - description - "Limits the number of out of order fragments that can - be handled."; - reference - "Section 11 of RFC 4787."; - } - - list algs { - key name; - description - "ALG-related features."; - - leaf name { - type string; - description - "The name of the ALG."; - } - - leaf transport-protocol { - type uint32; - description - "The transport protocol used by the ALG - (e.g., TCP, UDP)."; - } - - container dst-transport-port { - uses port-number; - description - "The destination port number(s) used by the ALG. - For example, - - 21 for the FTP ALG - - 53 for the DNS ALG."; - } - - container src-transport-port { - uses port-number; - description - "The source port number(s) used by the ALG."; - } - - leaf status { - type boolean; - description - "Enable/disable the ALG."; - } - } - - leaf all-algs-enable { - type boolean; - description - "Enable/disable all ALGs. - - When specified, this parameter overrides the one - that may be indicated, eventually, by the 'status' - of an individual ALG."; - } - - container notify-pool-usage { - if-feature "basic-nat44 or napt44 or nat64"; - description - "Notification of pool usage when certain criteria - are met."; - - leaf pool-id { - type uint32; - description - "Pool-ID for which the notification criteria - is defined"; - } - - leaf high-threshold { - type percent; - description - "Notification must be generated when the defined high - threshold is reached. - - For example, if a notification is required when the - pool utilization reaches 90%, this configuration - parameter must be set to 90. - - 0% indicates that no high threshold is enabled."; - } - - leaf low-threshold { - type percent; - must ". >= ../high-threshold" { - error-message - "The upper port number must be greater than or - equal to lower port number."; - } - description - "Notification must be generated when the defined low - threshold is reached. - - For example, if a notification is required when the - pool utilization reaches below 10%, this - configuration parameter must be set to 10"; - } - - leaf notify-interval { - type uint32 { - range "1 .. 3600"; - } - units "seconds"; - default '20'; - description - "Minimum number of seconds between successive - notifications for this pool."; - - reference - "RFC 7659: Definitions of Managed Objects for - Network Address Translators (NATs)"; - } - } - - container external-realm { - description - "Identifies the external realm of the NAT instance."; - - choice realm-type { - description - "Can be an interface, VRF instance, etc."; - - case interface { - description - "External interface."; - - leaf external-interface { - type if:interface-ref; - description - "Name of the external interface."; - } - } - } - } - } - - container mapping-limits { - if-feature "napt44 or nat64"; - description - "Information about the configuration parameters that - limits the mappings based upon various criteria."; - - leaf limit-subscribers { - type uint32; - description - "Maximum number of subscribers that can be serviced - by a NAT instance. - - A subscriber is identified by a given prefix."; - reference - "RFC 7659: Definitions of Managed Objects for - Network Address Translators (NATs)"; - } - - leaf limit-address-mappings { - type uint32; - description - "Maximum number of address mappings that can be - handled by a NAT instance. - - When this limit is reached, packets that would - normally trigger translation, will be dropped."; - reference - "RFC 7659: Definitions of Managed Objects - for Network Address Translators - (NATs)"; - } - - leaf limit-port-mappings { - type uint32; - description - "Maximum number of port mappings that can be handled - by a NAT instance. - - When this limit is reached, packets that would - normally trigger translation, will be dropped."; - reference - "RFC 7659: Definitions of Managed Objects for - Network Address Translators (NATs)"; - } - - list limit-per-protocol { - if-feature "napt44 or nat64 or dst-nat"; - key protocol-id; - - description - "Configure limits per transport protocol"; - - leaf protocol-id { - type uint8; - mandatory true; - description - "Upper-layer protocol associated with this mapping. - - Values are taken from the IANA protocol registry: - https://www.iana.org/assignments/protocol-numbers/ - protocol-numbers.xhtml - - For example, this field contains 6 (TCP) for a TCP - mapping or 17 (UDP) for a UDP mapping."; - } - - leaf limit { - type uint32; - description - "Maximum number of protocol-specific NAT mappings - per instance."; - } - } - } - - container connection-limits { - if-feature "basic-nat44 or napt44 or nat64"; - description - "Information about the configuration parameters that - rate limit the translation based upon various criteria."; - - leaf limit-per-subscriber { - type uint32; - units "bits/second"; - description - "Rate-limit the number of new mappings and sessions - per subscriber."; - } - - leaf limit-per-instance { - type uint32; - units "bits/second"; - // TODO(HC2VPP-328) - // mandatory true; - description - "Rate-limit the number of new mappings and sessions - per instance."; - } - - list limit-per-protocol { - if-feature "napt44 or nat64"; - key protocol-id; - description - "Configure limits per transport protocol"; - - leaf protocol-id { - type uint8; - mandatory true; - description - "Upper-layer protocol associated with this mapping. - - Values are taken from the IANA protocol registry: - https://www.iana.org/assignments/protocol-numbers/ - protocol-numbers.xhtml - - For example, this field contains 6 (TCP) for a TCP - mapping or 17 (UDP) for a UDP mapping."; - } - - leaf limit { - type uint32; - description - "Rate-limit the number of protocol-specific mappings - and sessions per instance."; - } - } - } - - container notification-limits { - description "Sets notification limits."; - - leaf notify-interval { - if-feature "basic-nat44 or napt44 or nat64"; - type uint32 { - range "1 .. 3600"; - } - units "seconds"; - default '10'; - description - "Minimum number of seconds between successive - notifications for this NAT instance."; - reference - "RFC 7659: Definitions of Managed Objects - for Network Address Translators (NATs)"; - } - - leaf notify-addresses-usage { - if-feature "basic-nat44 or napt44 or nat64"; - type percent; - description - "Notification of address mappings usage over - the whole NAT instance. - - Notification must be generated when the defined - threshold is reached. - - For example, if a notification is required when - the address mappings utilization reaches 90%, - this configuration parameter must be set - to 90."; - } - - leaf notify-ports-usage { - if-feature "napt44 or nat64"; - type percent; - description - "Notification of port mappings usage over the - whole NAT instance. - - Notification must be generated when the defined - threshold is reached. - - For example, if a notification is required when - the port mappings utilization reaches 90%, this - configuration parameter must be set to 90."; - } - - leaf notify-subscribers-limit { - if-feature "basic-nat44 or napt44 or nat64"; - type uint32; - description - "Notification of active subscribers per NAT - instance. - - Notification must be generated when the defined - threshold is reached."; - } - } - - leaf logging-enable { - if-feature "basic-nat44 or napt44 or nat64"; - type boolean; - description - "Enable logging features."; - reference - "Section 2.3 of RFC 6908 and REQ-12 of RFC 6888."; - } - - container mapping-table { - if-feature "basic-nat44 or napt44 " + - "or nat64 or clat or dst-nat"; - description - "NAT mapping table. Applicable for functions which maintain - static and/or dynamic mappings, such as NAT44, Destination - NAT, NAT64, or CLAT."; - - list mapping-entry { - key "index"; - description "NAT mapping entry."; - uses mapping-entry; - } - } - - container statistics { - config false; - - description - "Statistics related to the NAT instance."; - - leaf discontinuity-time { - type yang:date-and-time; - mandatory true; - description - "The time on the most recent occasion at which the NAT - instance suffered a discontinuity. This must be - initialized when the NAT instance is configured - or rebooted."; - } - - container traffic-statistics { - description - "Generic traffic statistics."; - - leaf sent-packets { - type yang:zero-based-counter64; - description - "Number of packets sent."; - } - - leaf sent-bytes { - type yang:zero-based-counter64; - units 'bytes'; - description - "Counter for sent traffic in bytes."; - } - - leaf rcvd-packets { - type yang:zero-based-counter64; - description - "Number of received packets."; - } - - leaf rcvd-bytes { - type yang:zero-based-counter64; - units 'bytes'; - description - "Counter for received traffic in bytes."; - } - - leaf dropped-packets { - type yang:zero-based-counter64; - description - "Number of dropped packets."; - } - - leaf dropped-bytes { - type yang:zero-based-counter64; - units 'bytes'; - description - "Counter for dropped traffic in bytes."; - } - - leaf dropped-fragments { - if-feature "napt44 or nat64"; - type yang:zero-based-counter64; - description - "Number of dropped fragments on the external realm."; - } - - leaf dropped-address-limit-packets { - if-feature "basic-nat44 or napt44 or nat64"; - type yang:zero-based-counter64; - description - "Number of dropped packets because an address limit - is reached."; - } - - leaf dropped-address-limit-bytes { - if-feature "basic-nat44 or napt44 or nat64"; - type yang:zero-based-counter64; - units 'bytes'; - description - "Counter of dropped packets because an address limit - is reached, in bytes."; - } - - leaf dropped-address-packets { - if-feature "basic-nat44 or napt44 or nat64"; - type yang:zero-based-counter64; - description - "Number of dropped packets because no address is - available for allocation."; - } - - leaf dropped-address-bytes { - if-feature "basic-nat44 or napt44 or nat64"; - type yang:zero-based-counter64; - units 'bytes'; - description - "Counter of dropped packets because no address is - available for allocation, in bytes."; - } - - leaf dropped-port-limit-packets { - if-feature "napt44 or nat64"; - type yang:zero-based-counter64; - description - "Number of dropped packets because a port limit - is reached."; - } - - leaf dropped-port-limit-bytes { - if-feature "napt44 or nat64"; - type yang:zero-based-counter64; - units 'bytes'; - description - "Counter of dropped packets because a port limit - is reached, in bytes."; - } - - leaf dropped-port-packets { - if-feature "napt44 or nat64"; - type yang:zero-based-counter64; - description - "Number of dropped packets because no port is - available for allocation."; - } - - leaf dropped-port-bytes { - if-feature "napt44 or nat64"; - type yang:zero-based-counter64; - units 'bytes'; - description - "Counter of dropped packets because no port is - available for allocation, in bytes."; - } - - leaf dropped-subscriber-limit-packets { - if-feature "basic-nat44 or napt44 or nat64"; - type yang:zero-based-counter64; - description - "Number of dropped packets because the subscriber - limit per instance is reached."; - } - - leaf dropped-subscriber-limit-bytes { - if-feature "basic-nat44 or napt44 or nat64"; - type yang:zero-based-counter64; - units 'bytes'; - description - "Counter of dropped packets because the subscriber - limit per instance is reached, in bytes."; - } - } - - container mappings-statistics { - description - "Mappings statistics."; - - leaf total-active-subscribers { - if-feature "basic-nat44 or napt44 or nat64"; - type yang:gauge32; - description - "Total number of active subscribers (that is, - subscribers for which the NAT maintains active - mappings. - - A subscriber is identified by a subnet, - subscriber-mask, etc."; - } - - leaf total-address-mappings { - if-feature "basic-nat44 or napt44 " + - "or nat64 or clat or dst-nat"; - type yang:gauge32; - description - "Total number of address mappings present at a given - time. It includes both static and dynamic mappings."; - reference - "Section 3.3.8 of RFC 7659"; - } - - leaf total-port-mappings { - if-feature "napt44 or nat64"; - type yang:gauge32; - description - "Total number of NAT port mappings present at - a given time. It includes both static and dynamic - mappings."; - reference - "Section 3.3.9 of RFC 7659"; - } - - list total-per-protocol { - if-feature "napt44 or nat64"; - key protocol-id; - description - "Total mappings for each enabled/supported protocol."; - - leaf protocol-id { - type uint8; - mandatory true; - description - "Upper-layer protocol associated with this mapping. - For example, this field contains 6 (TCP) for a TCP - mapping or 17 (UDP) for a UDP mapping."; - } - - leaf total { - type yang:gauge32; - description - "Total number of a protocol-specific mappings present - at a given time. The protocol is identified by - protocol-id."; - } - } - } - - container pools-stats { - if-feature "basic-nat44 or napt44 or nat64"; - description - "Statistics related to address/prefix pools - usage"; - - leaf addresses-allocated { - type yang:gauge32; - description - "Number of all allocated addresses."; - } - - leaf addresses-free { - type yang:gauge32; - description - "Number of unallocated addresses of all pools at - a given time. The sum of unallocated and allocated - addresses is the total number of addresses of - the pools."; - } - - container ports-stats { - if-feature "napt44 or nat64"; - - description - "Statistics related to port numbers usage."; - - leaf ports-allocated { - type yang:gauge32; - description - "Number of allocated ports from all pools."; - } - - leaf ports-free { - type yang:gauge32; - description - "Number of unallocated addresses from all pools."; - } - } - - list per-pool-stats { - if-feature "basic-nat44 or napt44 or nat64"; - key "pool-id"; - description - "Statistics related to address/prefix pool usage"; - - leaf pool-id { - type uint32; - description - "Unique Identifier that represents a pool of - addresses/prefixes."; - } - - leaf discontinuity-time { - type yang:date-and-time; - mandatory true; - description - "The time on the most recent occasion at which this - pool counters suffered a discontinuity. This must - be initialized when the address pool is - configured."; - } - - container pool-stats { - description - "Statistics related to address/prefix pool usage"; - - leaf addresses-allocated { - type yang:gauge32; - description - "Number of allocated addresses from this pool."; - } - - leaf addresses-free { - type yang:gauge32; - description - "Number of unallocated addresses in this pool."; - } - } - - container port-stats { - if-feature "napt44 or nat64"; - description - "Statistics related to port numbers usage."; - - leaf ports-allocated { - type yang:gauge32; - description - "Number of allocated ports from this pool."; - } - - leaf ports-free { - type yang:gauge32; - description - "Number of unallocated addresses from this pool."; - } - } - } - } - } - } - } - } - - /* - * Notifications - */ - - notification nat-pool-event { - if-feature "basic-nat44 or napt44 or nat64"; - description - "Notifications must be generated when the defined high/low - threshold is reached. Related configuration parameters - must be provided to trigger the notifications."; - - leaf id { - type leafref { - path "/nat/instances/instance/id"; - } - mandatory true; - description - "NAT instance Identifier."; - } - - leaf policy-id { - type leafref { - path "/nat/instances/instance/policy/id"; - } - - description - "Policy Identifier."; - } - - leaf pool-id { - type leafref { - path "/nat/instances/instance/policy/" + - "external-ip-address-pool/pool-id"; - } - mandatory true; - description - "Pool Identifier."; - } - - leaf notify-pool-threshold { - type percent; - mandatory true; - description - "A threshold (high-threshold or low-threshold) has - been fired."; - } - } - - notification nat-instance-event { - if-feature "basic-nat44 or napt44 or nat64"; - description - "Notifications must be generated when notify-addresses-usage - and/or notify-ports-usage threshold are reached."; - - leaf id { - type leafref { - path "/nat/instances/instance/id"; - } - mandatory true; - description - "NAT instance Identifier."; - } - - leaf notify-subscribers-threshold { - type uint32; - description - "The notify-subscribers-limit threshold has been fired."; - } - - leaf notify-addresses-threshold { - type percent; - description - "The notify-addresses-usage threshold has been fired."; - } - - leaf notify-ports-threshold { - type percent; - description - "The notify-ports-usage threshold has been fired."; - } - } -} |