diff options
Diffstat (limited to 'src/plugins/yang/openconfig/openconfig-pf-forwarding-policies.yang')
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-pf-forwarding-policies.yang | 385 |
1 files changed, 385 insertions, 0 deletions
diff --git a/src/plugins/yang/openconfig/openconfig-pf-forwarding-policies.yang b/src/plugins/yang/openconfig/openconfig-pf-forwarding-policies.yang new file mode 100644 index 0000000..6b08c87 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-pf-forwarding-policies.yang @@ -0,0 +1,385 @@ +submodule openconfig-pf-forwarding-policies { + belongs-to openconfig-policy-forwarding { + prefix "oc-pf"; + } + + import openconfig-extensions { prefix "oc-ext"; } + import openconfig-packet-match { prefix "oc-pmatch"; } + import openconfig-yang-types { prefix "oc-yang"; } + import openconfig-inet-types { prefix "oc-inet"; } + + include openconfig-pf-path-groups; + + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This submodule contains configuration and operational state + relating to the definition of policy-forwarding policies."; + + oc-ext:openconfig-version "0.2.0"; + + revision "2017-06-21" { + description + "Amend policy forwarding model based on ACL changes."; + reference "0.2.0"; + } + + revision "2017-02-28" { + description + "Initial public release of policy forwarding."; + reference "0.1.0"; + } + + revision "2016-11-08" { + description + "Initial revision"; + reference "0.0.1"; + } + + grouping pf-forwarding-policy-structural { + description + "Structural grouping defining forwarding policies under the + policy- forwarding module."; + + container policies { + description + "Forwarding policies defined to enact policy-based forwarding + on the local system."; + + list policy { + key "policy-id"; + + description + "A forwarding policy is defined to have a set of match + criteria, allowing particular fields of a packet's header to + be matched, and a set of forwarding actions which determines + how the local system should forward the packet."; + + leaf policy-id { + type leafref { + path "../config/policy-id"; + } + description + "Reference to the identifier for the forwarding-policy."; + } + + container config { + description + "Configuration options relating to the forwarding + policy."; + uses pf-forwarding-policy-config; + } + + container state { + config false; + description + "Operational state parameters relating to the forwarding + policy."; + uses pf-forwarding-policy-config; + } + + container rules { + description + "The criteria that should be matched for a packet to be + forwarded according to the policy action."; + + list rule { + key "sequence-id"; + + description + "A match rule for the policy. In the case that multiple + criteria are specified within a single rule, all criteria + must be met for the rule to be applied to a packet."; + + leaf sequence-id { + type leafref { + path "../config/sequence-id"; + } + description + "A unique sequence identifier for the match rule."; + } + + container config { + description + "Configuration parameters relating to the match + rule."; + uses pf-forwarding-policy-rule-config; + } + + container state { + config false; + description + "Operational state parameters relating to the match + rule."; + uses pf-forwarding-policy-rule-config; + uses pf-forwarding-policy-rule-state; + } + + uses oc-pmatch:ethernet-header-top; + uses oc-pmatch:ipv4-protocol-fields-top; + uses oc-pmatch:ipv6-protocol-fields-top; + uses oc-pmatch:transport-fields-top; + + container action { + description + "The forwarding policy action to be applied for + packets matching the rule."; + + container config { + description + "Configuration parameters relating to the forwarding + rule's action."; + uses pf-forwarding-policy-action-config; + } + + container state { + config false; + description + "Operational state parameters relating to the + forwarding rule's action."; + uses pf-forwarding-policy-action-config; + } + + uses pf-forwarding-policy-action-encapsulate-gre; + } + } + } + } + } + } + + grouping pf-forwarding-policy-config { + description + "Configuration parameters relating to the forwarding policy."; + + leaf policy-id { + type string; + description + "A unique name identifying the forwarding policy. This name is + used when applying the policy to a particular interface."; + } + } + + grouping pf-forwarding-policy-rule-config { + description + "Configuration parameters relating to a policy rule."; + + leaf sequence-id { + type uint32; + description + "Unique sequence number for the policy rule."; + } + } + + grouping pf-forwarding-policy-rule-state { + description + "Operational state parameters relating to a policy rule."; + + leaf matched-pkts { + type oc-yang:counter64; + description + "Number of packets matched by the rule."; + } + + leaf matched-octets { + type oc-yang:counter64; + description + "Bytes matched by the rule."; + } + } + + grouping pf-forwarding-policy-action-config { + description + "Forwarding policy action configuration parameters."; + + leaf discard { + type boolean; + default false; + description + "When this leaf is set to true, the local system should drop + packets that match the rule."; + } + + leaf decapsulate-gre { + type boolean; + default false; + description + "When this leaf is set to true, the local system should remove + the GRE header from the packet matching the rule. Following + the decapsulation it should subsequently forward the + encapsulated packet according to the relevant lookup (e.g., if + the encapsulated packet is IP, the packet should be routed + according to the IP destination)."; + } + + leaf network-instance { + type leafref { + + // We are at: + // $NIROOT/policy-forwarding/policies/ + // policy/rules/rule/action/config/ + // network-instance + path "../../../../../../../../config/name"; + } + description + "When this leaf is set, packets matching the match criteria + for the forwarding rule should be looked up in the + network-instance that is referenced rather than the + network-instance with which the interface is associated. + Such configuration allows policy-routing into multiple + sub-topologies from a single ingress access interface, or + different send and receive contexts for a particular + interface (sometimes referred to as half-duplex VRF)."; + } + + leaf path-selection-group { + type leafref { + // We are at: + // $NIROOT/policy-forwarding/policies/ + // policy/rules/rule/action/config/to-path-group + path "../../../../../../../path-selection-groups/" + + "path-selection-group/config/group-id"; + } + description + "When path-selection-group is set, packets matching the + match criteria for the forwarding rule should be forwarded + only via one of the paths that is specified within the + referenced path-selection-group. The next-hop of the packet + within the routing context should be used to determine between + multiple paths that are specified within the group."; + } + + leaf next-hop { + type oc-inet:ip-address; + description + "When an IP next-hop is specified in the next-hop field, + packets matching the match criteria for the forwarding rule + should be forwarded to the next-hop IP address, bypassing any + lookup on the local system."; + } + } + + grouping pf-forwarding-policy-action-encapsulate-gre { + description + "Structural grouping covering the encapsulate-gre action of the + policy forwarding rule."; + + container encapsulate-gre { + description + "Packets matching the policy rule should be GRE encapsulated + towards the set of targets defined within the target list. Where + more than one target is specified, or the target subnet expands + to more than one endpoint, packets should be load-balanced across + the destination addresses within the subnets."; + + container config { + description + "Configuration parameters for the GRE encapsulation rules action."; + uses pf-forwarding-policy-action-gre-config; + } + + container state { + description + "Operational state parameters for the GRE encapsulation rule + action."; + config false; + uses pf-forwarding-policy-action-gre-config; + } + + container targets { + description + "Surrounding container for the list of GRE tunnel targets that + should be encapsulated towards."; + + list target { + key "id"; + + leaf id { + type leafref { + path "../config/id"; + } + description + "Reference to the unique identifier for the target."; + } + + description + "Each target specified within this list should be treated as a + endpoint to which packets should be GRE encapsulated. Where the + set of destinations described within a single entry expands to + more than one destination IP address, packets should be load + shared across the destination using the local system's ECMP hashing + mechanisms."; + + container config { + description + "Configuration parameters for the GRE target."; + uses pf-forwarding-policy-action-gre-target-config; + } + + container state { + description + "Operational state parameters for the GRE target."; + config false; + uses pf-forwarding-policy-action-gre-target-config; + } + } + } + } + } + + grouping pf-forwarding-policy-action-gre-config { + description + "Configuration parameters for the encapsulate-gre forwarding + policy action."; + + leaf identifying-prefix { + type oc-inet:ip-prefix; + description + "An IP prefix that can be used to identify the group of + GRE endpoints that are being encapsulated towards. Systems + that require an IP identifier for the tunnel set + should use this prefix as the next-hop identifier."; + } + } + + grouping pf-forwarding-policy-action-gre-target-config { + description + "Configuration parameters for each target of a GRE Encapsulation + rule"; + + leaf id { + type string; + description + "A unique identifier for the target."; + } + + leaf source { + type oc-inet:ip-address; + description + "The source IP address that should be used when encapsulating + packets from the local system."; + } + + leaf destination { + type oc-inet:ip-prefix; + description + "The set of destination addresses that should be encapsulated towards. + Where a subnet is specified, each address within the subnet should be + treated as an independent destination for encapsulated traffic. Packets + should be distributed with ECMP across the set of tunnel destination + addresses."; + } + + leaf ip-ttl { + type uint8; + description + "The TTL that should be specified in the IP header of the GRE packet + encapsulating the packet matching the rule."; + } + } +} |