diff options
| author |   Andrej Kozemcak <andrej.kozemcak@pantheon.tech> | 2019-01-15 15:46:31 +0100 |
|---|---|---|
| committer |   Hongjun Ni <hongjun.ni@intel.com> | 2019-03-11 12:20:37 +0000 |
| commit | 10d169e7883d78a61a2db923559c79f4621fc886 (patch) | |
| tree | 0074480efaaa637f879effed180b4dc134b5446d | |
| parent | 3b2275f5570fc11f17301ccf080df21a6a0573a6 (diff) | |
Add ietf NAT yang module
Change-Id: I28e1ce057e9e778529e9be2f526cf8040afd8e61
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@pantheon.tech>
| -rw-r--r-- | src/plugins/yang/ietf/ietf-nat@2017-11-16.yang | 2368 |
1 files changed, 2368 insertions, 0 deletions
diff --git a/src/plugins/yang/ietf/ietf-nat@2017-11-16.yang b/src/plugins/yang/ietf/ietf-nat@2017-11-16.yang new file mode 100644 index 0000000..bb7e3a1 --- /dev/null +++ b/src/plugins/yang/ietf/ietf-nat@2017-11-16.yang @@ -0,0 +1,2368 @@ +module ietf-nat { + + yang-version 1.1; + + namespace + "urn:ietf:params:xml:ns:yang:ietf-nat"; + + prefix nat; + + import ietf-inet-types { + prefix inet; + } + import ietf-yang-types { + prefix yang; + } + import ietf-interfaces { + prefix if; + } + + organization + "IETF OPSAWG (Operations and Management Area Working Group)"; + + contact + "WG Web: <https://datatracker.ietf.org/wg/opsawg/> + WG List: <mailto:opsawg@ietf.org> + + Editor: Mohamed Boucadair + <mailto:mohamed.boucadair@orange.com> + + Editor: Senthil Sivakumar + <mailto:ssenthil@cisco.com> + + Editor: Christian Jacquenet + <mailto:christian.jacquenet@orange.com> + + Editor: Suresh Vinapamula + <mailto:sureshk@juniper.net> + + Editor: Qin Wu + <mailto:bill.wu@huawei.com>"; + + description + "This module is a YANG module for NAT implementations. + + NAT44, Network Address and Protocol Translation from IPv6 + Clients to IPv4 Servers (NAT64), Customer-side transLATor (CLAT), + Stateless IP/ICMP Translation (SIIT), Explicit Address Mappings + for Stateless IP/ICMP Translation (SIIT EAM), and IPv6 Network + Prefix Translation (NPTv6) are covered. + + Copyright (c) 2017 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices."; + + revision "2017-11-16" { + description "Initial revision."; + reference + "RFC XXXX: A YANG Data Model for Network Address Translation + (NAT) and Network Prefix Translation (NPT)"; + + } + + + typedef percent { + type uint8 { + range "0 .. 100"; + } + description "Percentage"; + } + + feature basic-nat44 { + description + "Basic NAT44 translation is limited to IP addresses alone."; + reference + "RFC 3022: Traditional IP Network Address Translator + (Traditional NAT)"; + + } + + feature napt44 { + description + "Network Address/Port Translator (NAPT): translation is + extended to include IP addresses and transport identifiers + (such as a TCP/UDP port or ICMP query ID). + + If the internal IP address is not sufficient to uniquely + disambiguate NAPT44 mappings, an additional attribute is + required. For example, that additional attribute may + be an IPv6 address (a.k.a., DS-Lite (RFC 6333)) or + a Layer 2 identifier (a.k.a., Per-Interface NAT + (RFC 6619))"; + reference + "RFC 3022: Traditional IP Network Address Translator + (Traditional NAT)"; + + } + + feature dst-nat { + description + "Destination NAT is a translation that acts on the destination + IP address and/or destination port number. This flavor is + usually deployed in load balancers or at devices + in front of public servers."; + } + + feature nat64 { + description + "NAT64 translation allows IPv6-only clients to contact IPv4 + servers using unicast UDP, TCP, or ICMP. One or more + public IPv4 addresses assigned to a NAT64 translator are + shared among several IPv6-only clients."; + reference + "RFC 6146: Stateful NAT64: Network Address and Protocol + Translation from IPv6 Clients to IPv4 Servers"; + + } + + feature siit { + description + "The Stateless IP/ICMP Translation Algorithm (SIIT), which + translates between IPv4 and IPv6 packet headers (including + ICMP headers). + + In the stateless mode, an IP/ICMP translator converts IPv4 + addresses to IPv6 and vice versa solely based on the + configuration of the stateless IP/ICMP translator and + information contained within the packet being translated. + + The translator must support the stateless address mapping + algorithm defined in RFC6052, which is the default behavior."; + reference + "RFC 7915: IP/ICMP Translation Algorithm"; + + } + + feature clat { + description + "CLAT is customer-side translator that algorithmically + translates 1:1 private IPv4 addresses to global IPv6 addresses, + and vice versa. + + When a dedicated /64 prefix is not available for translation + from DHCPv6-PD, the CLAT may perform NAT44 for all IPv4 LAN + packets so that all the LAN-originated IPv4 packets appear + from a single IPv4 address and are then statelessly translated + to one interface IPv6 address that is claimed by the CLAT via + the Neighbor Discovery Protocol (NDP) and defended with + Duplicate Address Detection."; + reference + "RFC 6877: 464XLAT: Combination of Stateful and Stateless + Translation"; + + } + + feature eam { + description + "Explicit Address Mapping (EAM) is a bidirectional coupling + between an IPv4 Prefix and an IPv6 Prefix."; + reference + "RFC 7757: Explicit Address Mappings for Stateless IP/ICMP + Translation"; + + } + + feature nptv6 { + description + "NPTv6 is a stateless transport-agnostic IPv6-to-IPv6 + prefix translation."; + reference + "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; + + } + + identity nat-type { +// base + description + "Base identity for nat type."; + } + + identity basic-nat44 { + base nat:nat-type; + description + "Identity for Basic NAT support."; + reference + "RFC 3022: Traditional IP Network Address Translator + (Traditional NAT)"; + + } + + identity napt44 { + base nat:nat-type; + description + "Identity for NAPT support."; + reference + "RFC 3022: Traditional IP Network Address Translator + (Traditional NAT)"; + + } + + identity dst-nat { + base nat:nat-type; + description + "Identity for Destination NAT support."; + } + + identity nat64 { + base nat:nat-type; + description + "Identity for NAT64 support."; + reference + "RFC 6146: Stateful NAT64: Network Address and Protocol + Translation from IPv6 Clients to IPv4 Servers"; + + } + + identity siit { + base nat:nat-type; + description + "Identity for SIIT support."; + reference + "RFC 7915: IP/ICMP Translation Algorithm"; + + } + + identity clat { + base nat:nat-type; + description + "Identity for CLAT support."; + reference + "RFC 6877: 464XLAT: Combination of Stateful and Stateless + Translation"; + + } + + identity eam { + base nat:nat-type; + description + "Identity for EAM support."; + reference + "RFC 7757: Explicit Address Mappings for Stateless IP/ICMP + Translation"; + + } + + identity nptv6 { + base nat:nat-type; + description + "Identity for NPTv6 support."; + reference + "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; + + } + + grouping port-number { + description + "Individual port or a range of ports. + When only start-port-number is present, + it represents a single port."; + leaf start-port-number { + type inet:port-number; + description + "Begining of the port range."; + reference + "Section 3.2.9 of RFC 8045."; + + } + + leaf end-port-number { + type inet:port-number; + must ". >= ../start-port-number" { + error-message + "The end-port-number must be greater than or + equal to start-port-number."; + } + description "End of the port range."; + reference + "Section 3.2.10 of RFC 8045."; + + } + } // grouping port-number + + grouping port-set { + description + "Indicates a set of ports. + + It may be a simple port range, or use the Port Set ID (PSID) + algorithm to represent a range of transport layer + ports which will be used by a NAPT."; + choice port-type { + default 'port-range'; + description + "Port type: port-range or port-set-algo."; + reference + "Section 7597: Mapping of Address and Port with + Encapsulation (MAP-E)"; + + case port-range { + uses port-number; + } // case port-range + + case port-set-algo { + leaf psid-offset { + type uint8 { + range "0..15"; + } + description + "The number of offset bits (a.k.a., 'a' bits). + Specifies the numeric value for the excluded port + range/offset bits. + + Allowed values are between 0 and 15 "; + reference + "Section 5.1 of RFC 7597"; + + } + + leaf psid-len { + type uint8 { + range "0..15"; + } + mandatory true; + description + "The length of PSID, representing the sharing + ratio for an IPv4 address. + + (also known as 'k'). + + The address-sharing ratio would be 2^k."; + reference + "Section 5.1 of RFC 7597"; + + } + + leaf psid { + type uint16; + mandatory true; + description + "Port Set Identifier (PSID) value, which + identifies a set of ports algorithmically."; + reference + "Section 5.1 of RFC 7597"; + + } + } // case port-set-algo + } // choice port-type + } // grouping port-set + + grouping mapping-entry { + description + "NAT mapping entry. + + If an attribute is not stored in the mapping/session table, + this means the corresponding fields of a packet that + matches this entry is not rewritten by the NAT or this + information is not required for NAT filtering purposes."; + leaf index { + type uint32; + description + "A unique identifier of a mapping entry. This identifier can be + automatically assigned by the NAT instance or be explicitly + configured."; + } + + leaf type { + type enumeration { + enum "static" { + value 0; + description + "The mapping entry is explicitly configured + (e.g., via command-line interface)."; + } + enum "dynamic-implicit" { + value 1; + description + "This mapping is created implicitly as a side effect + of processing a packet that requires a new mapping."; + } + enum "dynamic-explicit" { + value 2; + description + "This mapping is created as a result of an explicit + request, e.g., a PCP message."; + } + } + description + "Indicates the type of a mapping entry. E.g., + a mapping can be: static, implicit dynamic + or explicit dynamic."; + } + + leaf transport-protocol { + type uint8; + description + "Upper-layer protocol associated with this mapping. + Values are taken from the IANA protocol registry. + For example, this field contains 6 (TCP) for a TCP + mapping or 17 (UDP) for a UDP mapping. + + If this leaf is not instantiated, then the mapping + applies to any protocol."; + } + + leaf internal-src-address { + type inet:ip-prefix; + description + "Corresponds to the source IPv4/IPv6 address/prefix + of the packet received on an internal + interface."; + } + + container internal-src-port { + description + "Corresponds to the source port of the packet received + on an internal interface. + + It is used also to indicate the internal source ICMP + identifier. + + As a reminder, all the ICMP Query messages contain + an 'Identifier' field, which is referred to in this + document as the 'ICMP Identifier'."; + uses port-number; + } // container internal-src-port + + leaf external-src-address { + type inet:ip-prefix; + description + "Source IP address/prefix of the packet sent on an + external interface of the NAT."; + } + + container external-src-port { + description + "Source port of the packet sent on an external + interface of the NAT. + + It is used also to indicate the external source ICMP + identifier."; + uses port-number; + } // container external-src-port + + leaf internal-dst-address { + type inet:ip-prefix; + description + "Corresponds to the destination IP address/prefix + of the packet received on an internal interface + of the NAT. + + For example, some NAT implementations support + the translation of both source and destination + addresses and ports, sometimes referred to + as 'Twice NAT'."; + } + + container internal-dst-port { + description + "Corresponds to the destination port of the + IP packet received on the internal interface. + + It is used also to include the internal + destination ICMP identifier."; + uses port-number; + } // container internal-dst-port + + leaf external-dst-address { + type inet:ip-prefix; + description + "Corresponds to the destination IP address/prefix + of the packet sent on an external interface + of the NAT."; + } + + container external-dst-port { + description + "Corresponds to the destination port number of + the packet sent on the external interface + of the NAT. + + It is used also to include the external + destination ICMP identifier."; + uses port-number; + } // container external-dst-port + + leaf lifetime { + type uint32; + units "seconds"; + description + "When specified, it is used to track the connection that is + fully-formed (e.g., once the three-way handshake + TCP is completed) or the duration for maintaining + an explicit mapping alive. The mapping entry will be + removed by the NAT instance once this lifetime is expired. + + When reported in a get operation, the lifetime indicates + the remaining validity lifetime. + + Static mappings may not be associated with a + lifetime. If no lifetime is associated with a + static mapping, an explicit action is required to + remove that mapping."; + } + } // grouping mapping-entry + + container nat { + description "NAT module"; + container instances { + description "NAT instances"; + list instance { + key "id"; + description + "A NAT instance. This identifier can be automatically assigned + or explicitly configured."; + leaf id { + type uint32; + must ". >= 1"; + description + "NAT instance identifier. + + The identifier must be greater than zero as per RFC 7659."; + reference + "RFC 7659: Definitions of Managed Objects for Network + Address Translators (NATs)"; + + } + + leaf name { + type string; + description + "A name associated with the NAT instance."; + reference + "RFC 7659: Definitions of Managed Objects for Network + Address Translators (NATs)"; + + } + + leaf enable { + type boolean; + description + "Status of the NAT instance."; + } + + container capabilities { + config false; + description "NAT capabilities"; + leaf-list nat-flavor { + type identityref { + base nat-type; + } + description + "Supported translation type(s)."; + } + + leaf-list per-interface-binding { + type enumeration { + enum "unsupported" { + value 0; + description + "No capability to associate a NAT binding with + an extra identifier."; + } + enum "layer-2" { + value 1; + description + "The NAT instance is able to associate a mapping with + a layer-2 identifier."; + } + enum "dslite" { + value 2; + description + "The NAT instance is able to associate a mapping with + an IPv6 address (a.k.a., DS-Lite)."; + } + } + description + "Indicates the capability of a NAT to associate a particular + NAT session not only with the five tuples used for the + transport connection on both sides of the NAT but also with + the internal interface on which the user device is + connected to the NAT."; + reference + "Section 4 of RFC 6619"; + + } + + list transport-protocols { + key "protocol-id"; + description + "List of supported protocols."; + leaf protocol-id { + type uint8; + mandatory true; + description + "Upper-layer protocol associated with this mapping. + + Values are taken from the IANA protocol registry: + https://www.iana.org/assignments/protocol-numbers/ + protocol-numbers.xhtml + + For example, this field contains 6 (TCP) for a TCP + mapping or 17 (UDP) for a UDP mapping."; + } + + leaf protocol-name { + type string; + description + "The name of the Upper-layer protocol associated + with this mapping. + + Values are taken from the IANA protocol registry: + https://www.iana.org/assignments/protocol-numbers/ + protocol-numbers.xhtml + + For example, TCP, UDP, DCCP, and SCTP."; + } + } // list transport-protocols + + leaf restricted-port-support { + type boolean; + description + "Indicates source port NAT restriction support."; + reference + "RFC 7596: Lightweight 4over6: An Extension to + the Dual-Stack Lite Architecture."; + + } + + leaf static-mapping-support { + type boolean; + description + "Indicates whether static mappings are supported."; + } + + leaf port-randomization-support { + type boolean; + description + "Indicates whether port randomization is supported."; + reference + "Section 4.2.1 of RFC 4787."; + + } + + leaf port-range-allocation-support { + type boolean; + description + "Indicates whether port range allocation is supported."; + reference + "Section 1.1 of RFC 7753."; + + } + + leaf port-preservation-suport { + type boolean; + description + "Indicates whether port preservation is supported."; + reference + "Section 4.2.1 of RFC 4787."; + + } + + leaf port-parity-preservation-support { + type boolean; + description + "Indicates whether port parity preservation is + supported."; + reference + "Section 8 of RFC 7857."; + + } + + leaf address-roundrobin-support { + type boolean; + description + "Indicates whether address allocation round robin is + supported."; + } + + leaf paired-address-pooling-support { + type boolean; + description + "Indicates whether paired-address-pooling is + supported"; + reference + "REQ-2 of RFC 4787."; + + } + + leaf endpoint-independent-mapping-support { + type boolean; + description + "Indicates whether endpoint-independent- + mapping in Section 4 of RFC 4787 is + supported."; + reference + "Section 4 of RFC 4787."; + + } + + leaf address-dependent-mapping-support { + type boolean; + description + "Indicates whether address-dependent-mapping is + supported."; + reference + "Section 4 of RFC 4787."; + + } + + leaf address-and-port-dependent-mapping-support { + type boolean; + description + "Indicates whether address-and-port-dependent-mapping is + supported."; + reference + "Section 4 of RFC 4787."; + + } + + leaf endpoint-independent-filtering-support { + type boolean; + description + "Indicates whether endpoint-independent-filtering is + supported."; + reference + "Section 5 of RFC 4787."; + + } + + leaf address-dependent-filtering { + type boolean; + description + "Indicates whether address-dependent-filtering is + supported."; + reference + "Section 5 of RFC 4787."; + + } + + leaf address-and-port-dependent-filtering { + type boolean; + description + "Indicates whether address-and-port-dependent is + supported."; + reference + "Section 5 of RFC 4787."; + + } + + leaf fragment-behavior { + type enumeration { + enum "unsupported" { + value 0; + description + "No capability to translate incoming fragments. + All received fragments are dropped."; + } + enum "in-order" { + value 1; + description + "The NAT instance is able to translate fragments only if + they are received in order. That is, in particular the + header is in the first packet. Fragments received + out of order are dropped. "; + } + enum "out-of-order" { + value 2; + description + "The NAT instance is able to translate a fragment even + if it is received out of order. + + This behavior is the one recommended in RFC4787."; + reference + "REQ-14 of RFC 4787"; + + } + } + description + "The fragment behavior is the NAT instance's capability to + translate fragments received on the external interface of + the NAT."; + } + } // container capabilities + + leaf type { + type identityref { + base nat-type; + } + description + "Specify the translation type. Particularly useful when + multiple translation flavors are supported. + + If one type is supported by a NAT, this parameter is by + default set to that type."; + } + + leaf per-interface-binding { + type enumeration { + enum "disabled" { + value 0; + description + "Disable the capability to associate an extra identifier + with NAT mappings."; + } + enum "layer-2" { + value 1; + description + "The NAT instance is able to associate a mapping with + a layer-2 identifier."; + } + enum "dslite" { + value 2; + description + "The NAT instance is able to associate a mapping with + an IPv6 address (a.k.a., DS-Lite)."; + } + } + description + "A NAT that associates a particular NAT session not only with + the five tuples used for the transport connection on both + sides of the NAT but also with the internal interface on + which the user device is connected to the NAT. + + If supported, this mode of operation should be configurable, + and it should be disabled by default in general-purpose NAT + devices. + + If one single per-interface binding behavior is supported by + a NAT, this parameter is by default set to that behavior."; + reference + "Section 4 of RFC 6619"; + + } + + list nat-pass-through { +// if-feature basic-nat44 or napt44 or dst-nat; + key "id"; + description + "IP prefix NAT pass through."; + leaf id { + type uint32; + description + "An identifier of the IP prefix pass through."; + } + + leaf prefix { + type inet:ip-prefix; + mandatory true; + description + "The IP addresses that match should not be translated. + + According to REQ#6 of RFC6888, it must be possible to + administratively turn off translation for specific + destination addresses and/or ports."; + reference + "REQ#6 of RFC6888."; + + } + + leaf port { + type inet:port-number; + description + "According to REQ#6 of RFC6888, it must be possible to + administratively turn off translation for specific + destination addresses and/or ports. + + If no prefix is defined, the NAT pass through bound + to a given port applies for any destination address."; + reference + "REQ#6 of RFC6888."; + + } + } // list nat-pass-through + + list policy { + key "id"; + description + "NAT parameters for a given instance"; + leaf id { + type uint32; + description + "An identifier of the NAT policy. It must be unique + within the NAT instance."; + } + + container clat-parameters { + if-feature clat; + description "CLAT parameters."; + list clat-ipv6-prefixes { + key "ipv6-prefix"; + description + "464XLAT double translation treatment is stateless when a + dedicated /64 is available for translation on the CLAT. + Otherwise, the CLAT will have both stateful and stateless + since it requires NAT44 from the LAN to a single IPv4 + address and then stateless translation to a single + IPv6 address."; + reference + "RFC 6877: 464XLAT: Combination of Stateful and Stateless + Translation"; + + leaf ipv6-prefix { + type inet:ipv6-prefix; + description + "An IPv6 prefix used for CLAT."; + } + } // list clat-ipv6-prefixes + + list ipv4-prefixes { + key "ipv4-prefix"; + description + "Pool of IPv4 addresses used for CLAT. + 192.0.0.0/29 is the IPv4 service continuity prefix."; + reference + "RFC 7335: IPv4 Service Continuity Prefix"; + + leaf ipv4-prefix { + type inet:ipv4-prefix; + description + "464XLAT double translation treatment is + stateless when a dedicated /64 is available + for translation on the CLAT. Otherwise, the + CLAT will have both stateful and stateless + since it requires NAT44 from the LAN to + a single IPv4 address and then stateless + translation to a single IPv6 address. + The CLAT performs NAT44 for all IPv4 LAN + packets so that all the LAN-originated IPv4 + packets appear from a single IPv4 address + and are then statelessly translated to one + interface IPv6 address that is claimed by + the CLAT. + + An IPv4 address from this pool is also + provided to an application that makes + use of literals."; + reference + "RFC 6877: 464XLAT: Combination of Stateful and Stateless + Translation"; + + } + } // list ipv4-prefixes + } // container clat-parameters + + list nptv6-prefixes { + if-feature nptv6; + key "internal-ipv6-prefix"; + description + "Provides one or a list of (internal IPv6 prefix, + external IPv6 prefix) required for NPTv6. + + In its simplest form, NPTv6 interconnects two network + links, one of which is an 'internal' network link + attached to a leaf network within a single + administrative domain and the other of which is an + 'external' network with connectivity to the global + Internet."; + reference + "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; + + leaf internal-ipv6-prefix { + type inet:ipv6-prefix; + mandatory true; + description + "An IPv6 prefix used by an internal interface of NPTv6."; + reference + "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; + + } + + leaf external-ipv6-prefix { + type inet:ipv6-prefix; + mandatory true; + description + "An IPv6 prefix used by the external interface of NPTv6."; + reference + "RFC 6296: IPv6-to-IPv6 Network Prefix Translation"; + + } + } // list nptv6-prefixes + + list eam { + if-feature eam; + key "ipv4-prefix"; + description + "The Explicit Address Mapping Table, a conceptual + table in which each row represents an EAM. + + Each EAM describes a mapping between IPv4 and IPv6 + prefixes/addresses."; + reference + "Section 3.1 of RFC 7757."; + + leaf ipv4-prefix { + type inet:ipv4-prefix; + mandatory true; + description + "The IPv4 prefix of an EAM."; + reference + "Section 3.2 of RFC 7757."; + + } + + leaf ipv6-prefix { + type inet:ipv6-prefix; + mandatory true; + description + "The IPv6 prefix of an EAM."; + reference + "Section 3.2 of RFC 7757."; + + } + } // list eam + + list nat64-prefixes { +// if-feature siit or nat64 or clat; + key "nat64-prefix"; + description + "Provides one or a list of NAT64 prefixes + with or without a list of destination IPv4 prefixes. + + Destination-based Pref64::/n is discussed in + Section 5.1 of [RFC7050]). For example: + 192.0.2.0/24 is mapped to 2001:db8:122:300::/56. + 198.51.100.0/24 is mapped to 2001:db8:122::/48."; + reference + "Section 5.1 of RFC7050."; + + leaf nat64-prefix { + type inet:ipv6-prefix; + mandatory true; + description + "A NAT64 prefix. Can be Network-Specific Prefix (NSP) or + Well-Known Prefix (WKP). + + Organizations deploying stateless IPv4/IPv6 translation + should assign a Network-Specific Prefix to their + IPv4/IPv6 translation service. + + For stateless NAT64, IPv4-translatable IPv6 addresses + must use the selected Network-Specific Prefix. + + Both IPv4-translatable IPv6 addresses and IPv4-converted + IPv6 addresses should use the same prefix."; + reference + "Sections 3.3 and 3.4 of RFC 6052."; + + } + + list destination-ipv4-prefix { + key "ipv4-prefix"; + description + "An IPv4 prefix/address."; + leaf ipv4-prefix { + type inet:ipv4-prefix; + description + "An IPv4 address/prefix."; + } + } // list destination-ipv4-prefix + + leaf stateless-enable { + type boolean; + default 'false'; + description + "Enable explicitly stateless NAT64."; + } + } // list nat64-prefixes + + list external-ip-address-pool { +// if-feature basic-nat44 or napt44 or nat64; + key "pool-id"; + description + "Pool of external IP addresses used to service internal + hosts. + + A pool is a set of IP prefixes."; + leaf pool-id { + type uint32; + must ". >= 1"; + description + "An identifier that uniquely identifies the address pool + within a NAT instance. + + The identifier must be greater than zero as per + RFC 7659."; + reference + "RFC 7659: Definitions of Managed Objects for + Network Address Translators (NATs)"; + + } + + leaf external-ip-pool { + type inet:ipv4-prefix; + mandatory true; + description + "An IPv4 prefix used for NAT purposes."; + } + } // list external-ip-address-pool + + container port-set-restrict { +// if-feature napt44 or nat64; + description + "Configures contiguous and non-contiguous port ranges. + + The port set is used to restrict the external source + port numbers used by the translator."; + uses port-set; + } // container port-set-restrict + + leaf dst-nat-enable { +// if-feature basic-nat44 or napt44; + type boolean; + default 'false'; + description + "Enable/Disable destination NAT. + + A NAT44 may be configured to enable Destination + NAT, too."; + } + + list dst-ip-address-pool { +// if-feature dst-nat; + key "pool-id"; + description + "Pool of IP addresses used for destination NAT."; + leaf pool-id { + type uint32; + description + "An identifier of the address pool."; + } + + leaf dst-in-ip-pool { + type inet:ip-prefix; + description + "Is used to identify an internal IP prefix/address + to be translated."; + } + + leaf dst-out-ip-pool { + type inet:ip-prefix; + mandatory true; + description + "IP address/prefix used for destination NAT."; + } + } // list dst-ip-address-pool + + list transport-protocols { +// if-feature napt44 or nat64 or dst-nat; + key "protocol-id"; + description + "Configure the transport protocols to be handled by + the translator. + + TCP and UDP are supported by default."; + leaf protocol-id { + type uint8; + mandatory true; + description + "Upper-layer protocol associated with this mapping. + + Values are taken from the IANA protocol registry: + https://www.iana.org/assignments/protocol-numbers/ + protocol-numbers.xhtml + + For example, this field contains 6 (TCP) for a TCP + mapping or 17 (UDP) for a UDP mapping."; + } + + leaf protocol-name { + type string; + description + "The name of the Upper-layer protocol associated + with this mapping. + + Values are taken from the IANA protocol registry: + https://www.iana.org/assignments/protocol-numbers/ + protocol-numbers.xhtml + + For example, TCP, UDP, DCCP, and SCTP."; + } + } // list transport-protocols + + leaf subscriber-mask-v6 { + type uint8 { + range "0 .. 128"; + } + description + "The subscriber mask is an integer that indicates + the length of significant bits to be applied on + the source IPv6 address (internal side) to + unambiguously identify a user device (e.g., CPE). + + Subscriber mask is a system-wide configuration + parameter that is used to enforce generic + per-subscriber policies (e.g., port-quota). + + The enforcement of these generic policies does not + require the configuration of every subscriber's + prefix. + + Example: suppose the 2001:db8:100:100::/56 prefix + is assigned to a NAT64 serviced CPE. Suppose also + that 2001:db8:100:100::1 is the IPv6 address used + by the client that resides in that CPE. When the + NAT64 receives a packet from this client, + it applies the subscriber-mask-v6 (e.g., 56) on + the source IPv6 address to compute the associated + prefix for this client (2001:db8:100:100::/56). + Then, the NAT64 enforces policies based on that + prefix (2001:db8:100:100::/56), not on the exact + source IPv6 address."; + } + + list subscriber-match { +// if-feature basic-nat44 or napt44 or dst-nat; + key "match-id"; + description + "IP prefix match. + A subscriber is identified by a subnet."; + leaf match-id { + type uint32; + description + "An identifier of the subscriber match."; + } + + leaf subnet { + type inet:ip-prefix; + mandatory true; + description + "The IP address subnets that match + should be translated. E.g., all addresses + that belong to the 192.0.2.0/24 prefix must + be processed by the NAT."; + } + } // list subscriber-match + + leaf address-allocation-type { + type enumeration { + enum "arbitrary" { + value 0; + description + "Arbitrary pooling behavior means that the NAT + instance may create the new port mapping using any + address in the pool that has a free port for the + protocol concerned."; + } + enum "roundrobin" { + value 1; + description + "Round robin allocation."; + } + enum "paired" { + value 2; + description + "Paired address pooling informs the NAT + that all the flows from an internal IP + address must be assigned the same external + address. This is the recommended behavior for + NAPT/NAT64."; + reference + "RFC 4787: Network Address Translation (NAT) + Behavioral Requirements for Unicast UDP"; + + } + } + description + "Specifies how external IP addresses are allocated."; + } + + leaf port-allocation-type { +// if-feature napt44 or nat64; + type enumeration { + enum "random" { + value 0; + description + "Port randomization is enabled. A NAT port allocation + scheme should make it hard for attackers to guess + port numbers"; + reference + "REQ-15 of RFC 6888"; + + } + enum "port-preservation" { + value 1; + description + "Indicates whether the NAT should preserve the internal + port number."; + } + enum + "port-parity-preservation" { + value 2; + description + "Indicates whether the NAT should preserve the port + parity of the internal port number."; + } + enum "port-range-allocation" { + value 3; + description + "Indicates whether the NAT assigns a range of ports + for an internal host. This scheme allows to minimize + log volume."; + reference + "REQ-14 of RFC 6888"; + + } + } + description + "Indicates the type of port allocation."; + } + + leaf mapping-type { +// if-feature napt44 or nat64; + type enumeration { + enum "eim" { + value 0; + description + "endpoint-independent-mapping."; + reference + "Section 4 of RFC 4787."; + + } + enum "adm" { + value 1; + description + "address-dependent-mapping."; + reference + "Section 4 of RFC 4787."; + + } + enum "edm" { + value 2; + description + "address-and-port-dependent-mapping."; + reference + "Section 4 of RFC 4787."; + + } + } + description + "Indicates the type of a NAT mapping."; + } + + leaf filtering-type { +// if-feature napt44 or nat64; + type enumeration { + enum "eif" { + value 0; + description + "endpoint-independent-filtering."; + reference + "Section 5 of RFC 4787."; + + } + enum "adf" { + value 1; + description + "address-dependent-filtering."; + reference + "Section 5 of RFC 4787."; + + } + enum "edf" { + value 2; + description + "address-and-port-dependent-filtering"; + reference + "Section 5 of RFC 4787."; + + } + } + description + "Indicates the type of a NAT filtering."; + } + + leaf fragment-behavior { +// if-feature napt44 or nat64; + type enumeration { + enum "drop-all" { + value 0; + description + "All received fragments are dropped."; + } + enum "in-order" { + value 1; + description + "Translate fragments only if they are received + in order."; + } + enum "out-of-order" { + value 2; + description + "Translate a fragment even if it is received out + of order. + + This behavior is the recommended behavior."; + reference + "REQ-14 of RFC 4787"; + + } + } + description + "The fragment behavior instructs the NAT about the + behavior to follow to translate fragments received + on the external interface of the NAT."; + } + + list port-quota { +// if-feature napt44 or nat64; + key "quota-type"; + description + "Configures a port quota to be assigned per subscriber. + It corresponds to the maximum number of ports to be + used by a subscriber."; + leaf port-limit { + type uint16; + description + "Configures a port quota to be assigned per subscriber. + It corresponds to the maximum number of ports to be + used by a subscriber."; + reference + "REQ-4 of RFC 6888."; + + } + + leaf quota-type { + type uint8; + description + "Indicates whether the port quota applies to + all protocols (0) or to a specific protocol."; + } + } // list port-quota + + container port-set { + when + "../port-allocation-type = 'port-range-allocation'"; +// if-feature napt44 or nat64; + description + "Manages port-set assignments."; + leaf port-set-size { + type uint16; + mandatory true; + description + "Indicates the size of assigned port sets."; + } + + leaf port-set-timeout { + type uint32; + units "seconds"; + description + "inactivity timeout for port sets."; + } + } // container port-set + + container timers { +// if-feature napt44 or nat64; + description + "Configure values of various timeouts."; + leaf udp-timeout { + type uint32; + units "seconds"; + default '300'; + description + "UDP inactivity timeout. That is the time a mapping + will stay active without packets traversing the NAT."; + reference + "RFC 4787: Network Address Translation (NAT) + Behavioral Requirements for Unicast UDP"; + + } + + leaf tcp-idle-timeout { + type uint32; + units "seconds"; + default '7440'; + description + "TCP Idle timeout should be 2 hours and 4 minutes."; + reference + "RFC 5382: NAT Behavioral Requirements for TCP"; + + } + + leaf tcp-trans-open-timeout { + type uint32; + units "seconds"; + default '240'; + description + "The value of the transitory open connection + idle-timeout. + + Section 2.1 of [RFC7857] clarifies that a NAT + should provide different configurable + parameters for configuring the open and + closing idle timeouts. + + To accommodate deployments that consider + a partially open timeout of 4 minutes as being + excessive from a security standpoint, a NAT may + allow the configured timeout to be less than + 4 minutes. + + However, a minimum default transitory connection + idle-timeout of 4 minutes is recommended."; + reference + "Section 2.1 of RFC 7857."; + + } + + leaf tcp-trans-close-timeout { + type uint32; + units "seconds"; + default '240'; + description + "The value of the transitory close connection + idle-timeout. + Section 2.1 of [RFC7857] clarifies that a NAT + should provide different configurable + parameters for configuring the open and + closing idle timeouts."; + reference + "Section 2.1 of RFC 7857."; + + } + + leaf tcp-in-syn-timeout { + type uint32; + units "seconds"; + default '6'; + description + "A NAT must not respond to an unsolicited + inbound SYN packet for at least 6 seconds + after the packet is received. If during + this interval the NAT receives and translates + an outbound SYN for the connection the NAT + must silently drop the original unsolicited + inbound SYN packet."; + reference + "RFC 5382 NAT Behavioral Requirements for TCP"; + + } + + leaf fragment-min-timeout { + when + "../../fragment-behavior='out-of-order'"; + type uint32; + units "seconds"; + default '2'; + description + "As long as the NAT has available resources, + the NAT allows the fragments to arrive + over fragment-min-timeout interval. + The default value is inspired from RFC6146."; + } + + leaf icmp-timeout { + type uint32; + units "seconds"; + default '60'; + description + "An ICMP Query session timer must not expire + in less than 60 seconds. It is recommended + that the ICMP Query session timer be made + configurable"; + reference + "RFC 5508: NAT Behavioral Requirements for ICMP"; + + } + + list per-port-timeout { + key "port-number"; + description + "Some NATs are configurable with short timeouts + for some ports, e.g., as 10 seconds on + port 53 (DNS) and 123 (NTP) and longer timeouts + on other ports."; + leaf port-number { + type inet:port-number; + description + "A port number."; + } + + leaf timeout { + type uint32; + units "seconds"; + mandatory true; + description + "Timeout for this port number"; + } + } // list per-port-timeout + + leaf hold-down-timeout { + type uint32; + units "seconds"; + default '120'; + description + "Hold down timer. + + Ports in the hold down pool are not reassigned until + hold-down-timeout expires. + + The length of time and the maximum number of ports in + this state must be configurable by the administrator. + + This is necessary in order to prevent collisions + between old and new mappings and sessions. It ensures + that all established sessions are broken instead of + redirected to a different peer."; + reference + "REQ#8 of RFC 6888."; + + } + + leaf hold-down-max { + type uint32; + description + "Maximum ports in the Hold down timer pool. + Ports in the hold down pool are not reassigned + until hold-down-timeout expires. + + The length of time and the maximum + number of ports in this state must be + configurable by the administrator. + This is necessary in order + to prevent collisions between old + and new mappings and sessions. It ensures + that all established sessions are broken + instead of redirected to a different peer."; + reference + "REQ#8 of RFC 6888."; + + } + } // container timers + + leaf fragments-limit { + when + "../fragment-behavior='out-of-order'"; + type uint32; + description + "Limits the number of out of order fragments that can + be handled."; + reference + "Section 11 of RFC 4787."; + + } + + list algs { + key "name"; + description + "ALG-related features."; + leaf name { + type string; + description + "The name of the ALG."; + } + + leaf transport-protocol { + type uint32; + description + "The transport protocol used by the ALG + (e.g., TCP, UDP)."; + } + + container dst-transport-port { + description + "The destination port number(s) used by the ALG. + For example, + - 21 for the FTP ALG + - 53 for the DNS ALG."; + uses port-number; + } // container dst-transport-port + + container src-transport-port { + description + "The source port number(s) used by the ALG."; + uses port-number; + } // container src-transport-port + + leaf status { + type boolean; + description + "Enable/disable the ALG."; + } + } // list algs + + leaf all-algs-enable { + type boolean; + description + "Enable/disable all ALGs. + + When specified, this parameter overrides the one + that may be indicated, eventually, by the 'status' + of an individual ALG."; + } + + container notify-pool-usage { +// if-feature basic-nat44 or napt44 or nat64; + description + "Notification of pool usage when certain criteria + are met."; + leaf pool-id { + type uint32; + description + "Pool-ID for which the notification criteria + is defined"; + } + + leaf high-threshold { + type percent; + description + "Notification must be generated when the defined high + threshold is reached. + + For example, if a notification is required when the + pool utilization reaches 90%, this configuration + parameter must be set to 90. + + 0% indicates that no high threshold is enabled."; + } + + leaf low-threshold { + type percent; + must + ". >= ../high-threshold" { + error-message + "The upper port number must be greater than or + equal to lower port number."; + } + description + "Notification must be generated when the defined low + threshold is reached. + + For example, if a notification is required when the + pool utilization reaches below 10%, this + configuration parameter must be set to 10"; + } + + leaf notify-interval { + type uint32 { + range "1 .. 3600"; + } + units "seconds"; + default '20'; + description + "Minimum number of seconds between successive + notifications for this pool."; + reference + "RFC 7659: Definitions of Managed Objects for + Network Address Translators (NATs)"; + + } + } // container notify-pool-usage + + container external-realm { + description + "Identifies the external realm of the NAT instance."; + choice realm-type { + description + "Can be an interface, VRF instance, etc."; + case interface { + description + "External interface."; + leaf external-interface { + type if:interface-ref; + description + "Name of the external interface."; + } + } // case interface + } // choice realm-type + } // container external-realm + } // list policy + + container mapping-limits { +// if-feature napt44 or nat64; + description + "Information about the configuration parameters that + limits the mappings based upon various criteria."; + leaf limit-subscribers { + type uint32; + description + "Maximum number of subscribers that can be serviced + by a NAT instance. + + A subscriber is identified by a given prefix."; + reference + "RFC 7659: Definitions of Managed Objects for + Network Address Translators (NATs)"; + + } + + leaf limit-address-mapings { + type uint32; + description + "Maximum number of address mappings that can be + handled by a NAT instance. + + When this limit is reached, packets that would + normally trigger translation, will be dropped."; + reference + "RFC 7659: Definitions of Managed Objects + for Network Address Translators + (NATs)"; + + } + + leaf limit-port-mappings { + type uint32; + description + "Maximum number of port mappings that can be handled + by a NAT instance. + + When this limit is reached, packets that would + normally trigger translation, will be dropped."; + reference + "RFC 7659: Definitions of Managed Objects for + Network Address Translators (NATs)"; + + } + + list limit-per-protocol { +// if-feature napt44 or nat64 or dst-nat; + key "protocol-id"; + description + "Configure limits per transport protocol"; + leaf protocol-id { + type uint8; + mandatory true; + description + "Upper-layer protocol associated with this mapping. + + Values are taken from the IANA protocol registry: + https://www.iana.org/assignments/protocol-numbers/ + protocol-numbers.xhtml + + For example, this field contains 6 (TCP) for a TCP + mapping or 17 (UDP) for a UDP mapping."; + } + + leaf limit { + type uint32; + description + "Maximum number of protocol-specific NAT mappings + per instance."; + } + } // list limit-per-protocol + } // container mapping-limits + + container connection-limits { +// if-feature basic-nat44 or napt44 or nat64; + description + "Information about the configuration parameters that + rate limit the translation based upon various criteria."; + leaf limit-per-subscriber { + type uint32; + units "bits/second"; + description + "Rate-limit the number of new mappings and sessions + per subscriber."; + } + + leaf limit-per-instance { + type uint32; + units "bits/second"; + mandatory true; + description + "Rate-limit the number of new mappings and sessions + per instance."; + } + + list limit-per-protocol { +// if-feature napt44 or nat64; + key "protocol-id"; + description + "Configure limits per transport protocol"; + leaf protocol-id { + type uint8; + mandatory true; + description + "Upper-layer protocol associated with this mapping. + + Values are taken from the IANA protocol registry: + https://www.iana.org/assignments/protocol-numbers/ + protocol-numbers.xhtml + + For example, this field contains 6 (TCP) for a TCP + mapping or 17 (UDP) for a UDP mapping."; + } + + leaf limit { + type uint32; + description + "Rate-limit the number of protocol-specific mappings + and sessions per instance."; + } + } // list limit-per-protocol + } // container connection-limits + + container notification-limits { + description + "Sets notification limits."; + leaf notify-interval { +// if-feature basic-nat44 or napt44 or nat64; + type uint32 { + range "1 .. 3600"; + } + units "seconds"; + default '10'; + description + "Minimum number of seconds between successive + notifications for this NAT instance."; + reference + "RFC 7659: Definitions of Managed Objects + for Network Address Translators (NATs)"; + + } + + leaf notify-addresses-usage { +// if-feature basic-nat44 or napt44 or nat64; + type percent; + description + "Notification of address mappings usage over + the whole NAT instance. + + Notification must be generated when the defined + threshold is reached. + + For example, if a notification is required when + the address mappings utilization reaches 90%, + this configuration parameter must be set + to 90."; + } + + leaf notify-ports-usage { +// if-feature napt44 or nat64; + type percent; + description + "Notification of port mappings usage over the + whole NAT instance. + + Notification must be generated when the defined + threshold is reached. + + For example, if a notification is required when + the port mappings utilization reaches 90%, this + configuration parameter must be set to 90."; + } + + leaf notify-subscribers-limit { +// if-feature basic-nat44 or napt44 or nat64; + type uint32; + description + "Notification of active subscribers per NAT + instance. + + Notification must be generated when the defined + threshold is reached."; + } + } // container notification-limits + + leaf logging-enable { +// if-feature basic-nat44 or napt44 or nat64; + type boolean; + description + "Enable logging features."; + reference + "Section 2.3 of RFC 6908 and REQ-12 of RFC6888."; + + } + + container mapping-table { +// if-feature basic-nat44 or napt44 or nat64 or clat or dst-nat; + description + "NAT mapping table. Applicable for functions which maintain + static and/or dynamic mappings, such as NAT44, Destination + NAT, NAT64, or CLAT."; + list mapping-entry { + key "index"; + description + "NAT mapping entry."; + uses mapping-entry; + } // list mapping-entry + } // container mapping-table + + container statistics { + config false; + description + "Statistics related to the NAT instance."; + leaf discontinuity-time { + type yang:date-and-time; + mandatory true; + description + "The time on the most recent occasion at which the NAT + instance suffered a discontinuity. This must be + initialized when the NAT instance is configured + or rebooted."; + } + + container traffic-statistics { + description + "Generic traffic statistics."; + leaf sent-packets { + type yang:zero-based-counter64; + description + "Number of packets sent."; + } + + leaf sent-bytes { + type yang:zero-based-counter64; + units "bytes"; + description + "Counter for sent traffic in bytes."; + } + + leaf rcvd-packets { + type yang:zero-based-counter64; + description + "Number of received packets."; + } + + leaf rcvd-bytes { + type yang:zero-based-counter64; + units "bytes"; + description + "Counter for received traffic in bytes."; + } + + leaf dropped-packets { + type yang:zero-based-counter64; + description + "Number of dropped packets."; + } + + leaf dropped-bytes { + type yang:zero-based-counter64; + units "bytes"; + description + "Counter for dropped traffic in bytes."; + } + + leaf dropped-fragments { +// if-feature napt44 or nat64; + type yang:zero-based-counter64; + description + "Number of dropped fragments on the external realm."; + } + + leaf dropped-address-limit-packets { +// if-feature basic-nat44 or napt44 or nat64; + type yang:zero-based-counter64; + description + "Number of dropped packets because an address limit + is reached."; + } + + leaf dropped-address-limit-bytes { +// if-feature basic-nat44 or napt44 or nat64; + type yang:zero-based-counter64; + units "bytes"; + description + "Counter of dropped packets because an address limit + is reached, in bytes."; + } + + leaf dropped-address-packets { +// if-feature basic-nat44 or napt44 or nat64; + type yang:zero-based-counter64; + description + "Number of dropped packets because no address is + available for allocation."; + } + + leaf dropped-address-bytes { +// if-feature basic-nat44 or napt44 or nat64; + type yang:zero-based-counter64; + units "bytes"; + description + "Counter of dropped packets because no address is + available for allocation, in bytes."; + } + + leaf dropped-port-limit-packets { +// if-feature napt44 or nat64; + type yang:zero-based-counter64; + description + "Number of dropped packets because a port limit + is reached."; + } + + leaf dropped-port-limit-bytes { +// if-feature napt44 or nat64; + type yang:zero-based-counter64; + units "bytes"; + description + "Counter of dropped packets because a port limit + is reached, in bytes."; + } + + leaf dropped-port-packets { +// if-feature napt44 or nat64; + type yang:zero-based-counter64; + description + "Number of dropped packets because no port is + available for allocation."; + } + + leaf dropped-port-bytes { +// if-feature napt44 or nat64; + type yang:zero-based-counter64; + units "bytes"; + description + "Counter of dropped packets because no port is + available for allocation, in bytes."; + } + + leaf dropped-subscriber-limit-packets { +// if-feature basic-nat44 or napt44 or nat64; + type yang:zero-based-counter64; + description + "Number of dropped packets because the subscriber + limit per instance is reached."; + } + + leaf dropped-subscriber-limit-bytes { +// if-feature basic-nat44 or napt44 or nat64; + type yang:zero-based-counter64; + units "bytes"; + description + "Counter of dropped packets because the subscriber + limit per instance is reached, in bytes."; + } + } // container traffic-statistics + + container mappings-statistics { + description + "Mappings statistics."; + leaf total-active-subscribers { +// if-feature basic-nat44 or napt44 or nat64; + type yang:gauge32; + description + "Total number of active subscribers (that is, subscribers + for which the NAT maintains active mappings. + + A subscriber is identified by a subnet, subscriber-mask, + etc."; + } + + leaf total-address-mappings { +// if-feature basic-nat44 or napt44 or nat64 or clat or dst-nat; + type yang:gauge32; + description + "Total number of address mappings present at a given + time. It includes both static and dynamic mappings."; + reference + "Section 3.3.8 of RFC 7659"; + + } + + leaf total-port-mappings { +// if-feature napt44 or nat64; + type yang:gauge32; + description + "Total number of NAT port mappings present at + a given time. It includes both static and dynamic + mappings."; + reference + "Section 3.3.9 of RFC 7659"; + + } + + list total-per-protocol { +// if-feature napt44 or nat64; + key "protocol-id"; + description + "Total mappings for each enabled/supported protocol."; + leaf protocol-id { + type uint8; + mandatory true; + description + "Upper-layer protocol associated with this mapping. + For example, this field contains 6 (TCP) for a TCP + mapping or 17 (UDP) for a UDP mapping."; + } + + leaf total { + type yang:gauge32; + description + "Total number of a protocol-specific mappings present + at a given time. The protocol is identified by + protocol-id."; + } + } // list total-per-protocol + } // container mappings-statistics + + container pools-stats { +// if-feature basic-nat44 or napt44 or nat64; + description + "Statistics related to address/prefix pools + usage"; + leaf addresses-allocated { + type yang:gauge32; + description + "Number of all allocated addresses."; + } + + leaf addresses-free { + type yang:gauge32; + description + "Number of unallocated addresses of all pools at + a given time. The sum of unallocated and allocated + addresses is the total number of addresses of + the pools."; + } + + container ports-stats { +// if-feature napt44 or nat64; + description + "Statistics related to port numbers usage."; + leaf ports-allocated { + type yang:gauge32; + description + "Number of allocated ports from all pools."; + } + + leaf ports-free { + type yang:gauge32; + description + "Number of unallocated addresses from all pools."; + } + } // container ports-stats + + list per-pool-stats { +// if-feature basic-nat44 or napt44 or nat64; + key "pool-id"; + description + "Statistics related to address/prefix pool usage"; + leaf pool-id { + type uint32; + description + "Unique Identifier that represents a pool of + addresses/prefixes."; + } + + leaf discontinuity-time { + type yang:date-and-time; + mandatory true; + description + "The time on the most recent occasion at which this + pool counters suffered a discontinuity. This must + be initialized when the address pool is + configured."; + } + + container pool-stats { + description + "Statistics related to address/prefix pool usage"; + leaf addresses-allocated { + type yang:gauge32; + description + "Number of allocated addresses from this pool."; + } + + leaf addresses-free { + type yang:gauge32; + description + "Number of unallocated addresses in this pool."; + } + } // container pool-stats + + container port-stats { +// if-feature napt44 or nat64; + description + "Statistics related to port numbers usage."; + leaf ports-allocated { + type yang:gauge32; + description + "Number of allocated ports from this pool."; + } + + leaf ports-free { + type yang:gauge32; + description + "Number of unallocated addresses from this pool."; + } + } // container port-stats + } // list per-pool-stats + } // container pools-stats + } // container statistics + } // list instance + } // container instances + } // container nat + + notification nat-pool-event { +// if-feature basic-nat44 or napt44 or nat64; + description + "Notifications must be generated when the defined high/low + threshold is reached. Related configuration parameters + must be provided to trigger the notifications."; + leaf id { + type leafref { + path "/nat/instances/instance/id"; + } + mandatory true; + description + "NAT instance Identifier."; + } + + leaf policy-id { + type leafref { + path "/nat/instances/instance/policy/id"; + } + description "Policy Identifier."; + } + + leaf pool-id { + type leafref { + path "/nat/instances/instance/policy/external-ip-address-pool/pool-id"; + } + mandatory true; + description "Pool Identifier."; + } + + leaf notify-pool-threshold { + type percent; + mandatory true; + description + "A threshold (high-threshold or low-threshold) has + been fired."; + } + } // notification nat-pool-event + + notification nat-instance-event { +// if-feature basic-nat44 or napt44 or nat64; + description + "Notifications must be generated when notify-addresses-usage + and/or notify-ports-usage threshold are reached."; + leaf id { + type leafref { + path "/nat/instances/instance/id"; + } + mandatory true; + description + "NAT instance Identifier."; + } + + leaf notify-subscribers-threshold { + type uint32; + description + "The notify-subscribers-limit threshold has been fired."; + } + + leaf notify-addresses-threshold { + type percent; + description + "The notify-addresses-usage threshold has been fired."; + } + + leaf notify-ports-threshold { + type percent; + description + "The notify-ports-usage threshold has been fired."; + } + } // notification nat-instance-event + } // module ietf-nat |