< draft-ietf-rtgwg-policy-model-10.txt   draft-ietf-rtgwg-policy-model-11.txt >
RTGWG Y. Qu RTGWG Y. Qu
Internet-Draft Futurewei Internet-Draft Futurewei
Intended status: Standards Track J. Tantsura Intended status: Standards Track J. Tantsura
Expires: November 23, 2020 Apstra Expires: November 27, 2020 Apstra
A. Lindem A. Lindem
Cisco Cisco
X. Liu X. Liu
Volta Networks Volta Networks
May 22, 2020 May 26, 2020
A YANG Data Model for Routing Policy Management A YANG Data Model for Routing Policy Management
draft-ietf-rtgwg-policy-model-10 draft-ietf-rtgwg-policy-model-11
Abstract Abstract
This document defines a YANG data model for configuring and managing This document defines a YANG data model for configuring and managing
routing policies in a vendor-neutral way and based on actual routing policies in a vendor-neutral way and based on actual
operational practice. The model provides a generic policy framework operational practice. The model provides a generic policy framework
which can be augmented with protocol-specific policy configuration. which can be augmented with protocol-specific policy configuration.
Status of This Memo Status of This Memo
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 23, 2020. This Internet-Draft will expire on November 27, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Goals and approach . . . . . . . . . . . . . . . . . . . 2 1.1. Goals and approach . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3 2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3
2.1. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 4
2.2. Prefixes in Data Node Names . . . . . . . . . . . . . . . 4 2.2. Prefixes in Data Node Names . . . . . . . . . . . . . . . 4
3. Model overview . . . . . . . . . . . . . . . . . . . . . . . 5 3. Model overview . . . . . . . . . . . . . . . . . . . . . . . 5
4. Route policy expression . . . . . . . . . . . . . . . . . . . 5 4. Route policy expression . . . . . . . . . . . . . . . . . . . 5
4.1. Defined sets for policy matching . . . . . . . . . . . . 6 4.1. Defined sets for policy matching . . . . . . . . . . . . 6
4.2. Policy conditions . . . . . . . . . . . . . . . . . . . . 7 4.2. Policy conditions . . . . . . . . . . . . . . . . . . . . 7
4.3. Policy actions . . . . . . . . . . . . . . . . . . . . . 8 4.3. Policy actions . . . . . . . . . . . . . . . . . . . . . 8
4.4. Policy subroutines . . . . . . . . . . . . . . . . . . . 9 4.4. Policy subroutines . . . . . . . . . . . . . . . . . . . 9
5. Policy evaluation . . . . . . . . . . . . . . . . . . . . . . 10 5. Policy evaluation . . . . . . . . . . . . . . . . . . . . . . 10
6. Applying routing policy . . . . . . . . . . . . . . . . . . . 10 6. Applying routing policy . . . . . . . . . . . . . . . . . . . 10
7. Routing protocol-specific policies . . . . . . . . . . . . . 11 7. Routing protocol-specific policies . . . . . . . . . . . . . 11
8. Security Considerations . . . . . . . . . . . . . . . . . . . 13 8. Security Considerations . . . . . . . . . . . . . . . . . . . 13
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
10. YANG modules . . . . . . . . . . . . . . . . . . . . . . . . 14 10. YANG modules . . . . . . . . . . . . . . . . . . . . . . . . 14
10.1. Routing policy model . . . . . . . . . . . . . . . . . . 15 10.1. Routing policy model . . . . . . . . . . . . . . . . . . 15
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 11. Policy examples . . . . . . . . . . . . . . . . . . . . . . . 35
11.1. Normative references . . . . . . . . . . . . . . . . . . 36 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 36
11.2. Informative references . . . . . . . . . . . . . . . . . 37 12.1. Normative references . . . . . . . . . . . . . . . . . . 36
12.2. Informative references . . . . . . . . . . . . . . . . . 38
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 38 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 38
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38
1. Introduction 1. Introduction
This document describes a YANG [RFC7950] data model for routing This document describes a YANG [RFC7950] data model for routing
policy configuration based on operational usage and best practices in policy configuration based on operational usage and best practices in
a variety of service provider networks. The model is intended to be a variety of service provider networks. The model is intended to be
vendor-neutral, in order to allow operators to manage policy vendor-neutral, in order to allow operators to manage policy
configuration in a consistent, intuitive way in heterogeneous configuration in a consistent, intuitive way in heterogeneous
skipping to change at page 5, line 5 skipping to change at page 5, line 5
[RFC8340]. [RFC8340].
2.2. Prefixes in Data Node Names 2.2. Prefixes in Data Node Names
In this document, names of data nodes, actions, and other data model In this document, names of data nodes, actions, and other data model
objects are often used without a prefix, as long as it is clear from objects are often used without a prefix, as long as it is clear from
the context in which YANG module each name is defined. Otherwise, the context in which YANG module each name is defined. Otherwise,
names are prefixed using the standard prefix associated with the names are prefixed using the standard prefix associated with the
corresponding YANG module, as shown in Table 1. corresponding YANG module, as shown in Table 1.
+-----------+------------------+------------------------------------+ +------------+--------------------+----------------------+
| Prefix | YANG module | Reference | | Prefix | YANG module | Reference |
+-----------+------------------+------------------------------------+ +------------+--------------------+----------------------+
| if | ietf-interfaces | [RFC8343] | | if | ietf-interfaces | [RFC8343] |
| | | | | | | |
| rt | ietf-routing | [RFC8349] | | rt | ietf-routing | [RFC8349] |
| | | | | | | |
| yang | ietf-yang-types | [RFC6991] | | yang | ietf-yang-types | [RFC6991] |
| | | | | | | |
| inet | ietf-inet-types | [RFC6991] | | inet | ietf-inet-types | [RFC6991] |
| | | | | | | |
| if-ext | ietf-if- | [I-D.ietf-netmod-intf-ext-yang] | | if-ext | ietf-if-extensions | [INTF-EXT-YANG] |
| | extensions | | | | | |
| | | | | if-l3-vlan | ietf-if-l3-vlan | [SUB-INTF-VLAN-YANG] |
| if-l3-vla | ietf-if-l3-vlan | [I-D.ietf-netmod-sub-intf-vlan-mod | +------------+--------------------+----------------------+
| n | | el] |
+-----------+------------------+------------------------------------+
Table 1: Prefixes and Corresponding YANG Modules Table 1: Prefixes and Corresponding YANG Modules
3. Model overview 3. Model overview
The routing policy module has three main parts: The routing policy module has three main parts:
o A generic framework to express policies as sets of related o A generic framework to express policies as sets of related
conditions and actions. This includes match sets and actions that conditions and actions. This includes match sets and actions that
are useful across many routing protocols. are useful across many routing protocols.
skipping to change at page 12, line 29 skipping to change at page 12, line 29
| +--rw match-prefix-set | +--rw match-prefix-set
| | +--rw prefix-set? prefix-set/name | | +--rw prefix-set? prefix-set/name
| | +--rw match-set-options? match-set-options-type | | +--rw match-set-options? match-set-options-type
| +--rw match-neighbor-set | +--rw match-neighbor-set
| | +--rw neighbor-set? | | +--rw neighbor-set?
| +--rw match-tag-set | +--rw match-tag-set
| | +--rw tag-set? | | +--rw tag-set?
| | +--rw match-set-options? match-set-options-type | | +--rw match-set-options? match-set-options-type
| +--rw match-proto-route-type* identityref | +--rw match-proto-route-type* identityref
| +--rw bp:bgp-conditions | +--rw bp:bgp-conditions
| +--rw bp:med-eq? uint32 | +--rw bp:med-eq? uint32
| +--rw bp:origin-eq? bt:bgp-origin-attr-type | +--rw bp:origin-eq? bt:bgp-origin-attr-type
| +--rw bp:next-hop-in* inet:ip-address-no-zone | +--rw bp:next-hop-in* inet:ip-address-no-zone
| +--rw bp:afi-safi-in* identityref | +--rw bp:afi-safi-in* identityref
| +--rw bp:local-pref-eq? uint32 | +--rw bp:local-pref-eq? uint32
| +--rw bp:route-type? enumeration | +--rw bp:route-type? enumeration
| +--rw bp:community-count | +--rw bp:community-count
| +--rw bp:as-path-length | +--rw bp:as-path-length
| +--rw bp:match-community-set | +--rw bp:match-community-set
| | +--rw bp:community-set? | | +--rw bp:community-set?
| | +--rw bp:match-set-options? match-set-options-type | | +--rw bp:match-set-options?
| +--rw bp:match-ext-community-set | +--rw bp:match-ext-community-set
| | +--rw bp:ext-community-set? | | +--rw bp:ext-community-set?
| | +--rw bp:match-set-options? match-set-options-type | | +--rw bp:match-set-options?
| +--rw bp:match-as-path-set | +--rw bp:match-as-path-set
| +--rw bp:as-path-set? | +--rw bp:as-path-set?
| +--rw bp:match-set-options? match-set-options-type | +--rw bp:match-set-options?
+--rw actions +--rw actions
+--rw policy-result? policy-result-type +--rw policy-result? policy-result-type
+--rw set-metric +--rw set-metric
| +--rw metric-modification? metric-modification-type | +--rw metric-modification?
| +--rw metric? uint32 | +--rw metric? uint32
+--rw set-metric-type +--rw set-metric-type
| +--rw metric-type? identityref | +--rw metric-type? identityref
+--rw set-import-level +--rw set-import-level
| +--rw import-level? identityref | +--rw import-level? identityref
+--rw set-preference? uint16 +--rw set-preference? uint16
+--rw set-tag? tag-type +--rw set-tag? tag-type
+--rw set-application-tag? tag-type +--rw set-application-tag? tag-type
+--rw bp:bgp-actions +--rw bp:bgp-actions
+--rw bp:set-route-origin? bt:bgp-origin-attr-type +--rw bp:set-route-origin?bt:bgp-origin-attr-type
+--rw bp:set-local-pref? uint32 +--rw bp:set-local-pref? uint32
+--rw bp:set-next-hop? bgp-next-hop-type +--rw bp:set-next-hop? bgp-next-hop-type
+--rw bp:set-med? bgp-set-med-type +--rw bp:set-med? bgp-set-med-type
+--rw bp:set-as-path-prepend +--rw bp:set-as-path-prepend
| +--rw bp:repeat-n? uint8 | +--rw bp:repeat-n? uint8
+--rw bp:set-community +--rw bp:set-community
| +--rw bp:method? enumeration | +--rw bp:method? enumeration
| +--rw bp:options? bgp-set-community-option-type | +--rw bp:options?
| +--rw bp:inline | +--rw bp:inline
| | +--rw bp:communities* union | | +--rw bp:communities* union
| +--rw bp:reference | +--rw bp:reference
| +--rw bp:community-set-ref? | +--rw bp:community-set-ref?
+--rw bp:set-ext-community +--rw bp:set-ext-community
+--rw bp:method? enumeration +--rw bp:method? enumeration
+--rw bp:options? bgp-set-community-option-type +--rw bp:options?
+--rw bp:inline +--rw bp:inline
| +--rw bp:communities* union | +--rw bp:communities* union
+--rw bp:reference +--rw bp:reference
+--rw bp:ext-community-set-ref? +--rw bp:ext-community-set-ref?
8. Security Considerations 8. Security Considerations
The YANG modules specified in this document define a schema for data The YANG modules specified in this document define a schema for data
that is designed to be accessed via network management protocols such that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
skipping to change at page 15, line 7 skipping to change at page 15, line 7
prefix: rt-pol prefix: rt-pol
reference: RFC XXXX reference: RFC XXXX
10. YANG modules 10. YANG modules
The routing policy model is described by the YANG modules in the The routing policy model is described by the YANG modules in the
sections below. sections below.
10.1. Routing policy model 10.1. Routing policy model
<CODE BEGINS> file "ietf-routing-policy@2020-05-20.yang" <CODE BEGINS> file "ietf-routing-policy@2020-05-26.yang"
module ietf-routing-policy { module ietf-routing-policy {
yang-version "1.1";
namespace "urn:ietf:params:xml:ns:yang:ietf-routing-policy";
prefix rt-pol;
import ietf-inet-types {
prefix "inet";
reference "RFC 6991: Common YANG Data Types";
}
import ietf-yang-types {
prefix "yang";
reference "RFC 6991: Common YANG Data Types";
}
import ietf-interfaces {
prefix "if";
reference "RFC 8343: A YANG Data Model for Interface
Management (NMDA Version)";
}
import ietf-routing {
prefix "rt";
reference "RFC 8343: A YANG Data Model for Interface
Management (NMDA Version)";
}
import ietf-if-extensions {
prefix if-ext;
reference "RFC YYYY: Common Interface Extension YANG
Data Models. Please replace YYYY with
published RFC number for
draft-ietf-netmod-intf-ext-yang.";
}
import ietf-if-l3-vlan {
prefix "if-l3-vlan";
reference "RFC XXXX: Sub-interface VLAN YANG Data Models.
Please replace XXXX with published RFC number
for draft-ietf-netmod-sub-intf-vlan-model.";
}
organization
"IETF RTGWG - Routing Area Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/rtgwg/>
WG List: <mailto:rtgwg@ietf.org>
Editor: Yingzhen Qu
<mailto:yingzhen.qu@futurewei.com>
Jeff Tantsura
<mailto:jefftant.ietf@gmail.com>
Acee Lindem
<mailto:acee@cisco.com>
Xufeng Liu
<mailto:xufeng.liu.ietf@gmail.com>";
description
"This module describes a YANG model for routing policy
configuration. It is a limited subset of all of the policy
configuration parameters available in the variety of vendor
implementations, but supports widely used constructs for
managing how routes are imported, exported, and modified across
different routing protocols. This module is intended to be
used in conjunction with routing protocol configuration modules
(e.g., BGP) defined in other models.
Route policy expression:
Policies are expressed as a set of top-level policy
definitions, each of which consists of a sequence of policy
statements. Policy statements consist of simple
condition-action tuples. Conditions may include multiple match
or comparison operations, and similarly actions may be
multitude of changes to route attributes or a final disposition
of accepting or rejecting the route.
Route policy evaluation:
Policy definitions are referenced in routing protocol
configurations using import and export configuration
statements. The arguments are members of an ordered list of
named policy definitions which comprise a policy chain, and
optionally, an explicit default policy action (i.e., reject
or accept).
Evaluation of each policy definition proceeds by evaluating its
corresponding individual policy statements in order. When a
condition statement in a policy statement is satisfied, the
corresponding action statement is executed. If the action
statement has either accept-route or reject-route actions,
policy evaluation of the current policy definition stops, and
no further policy definitions in the chain are evaluated.
If the condition is not satisfied, then evaluation proceeds to
the next policy statement. If none of the policy statement
conditions are satisfied, then evaluation of the current policy
definition stops, and the next policy definition in the chain
is evaluated. When the end of the policy chain is reached, the
default route disposition action is performed (i.e.,
reject-route unless an alternate default action is specified
for the chain).
Policy 'subroutines' (or nested policies) are supported by
allowing policy statement conditions to reference another
policy definition which applies conditions and actions from
the referenced policy before returning to the calling policy
statement and resuming evaluation. If the called policy
results in an accept-route (either explicit or by default),
then the subroutine returns an effective true value to the
calling policy. Similarly, a reject-route action returns
false. If the subroutine returns true, the calling policy
continues to evaluate the remaining conditions (using a
modified route if the subroutine performed any changes to the
route).
Copyright (c) 2020 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
This version of this YANG module is part of RFC XXXX;
see the RFC itself for full legal notices.";
revision "2020-05-20" { yang-version "1.1";
description
"Initial revision.";
reference
"RFC XXXX: Routing Policy Configuration Model for Service
Provider Networks";
}
/* Identities */ namespace "urn:ietf:params:xml:ns:yang:ietf-routing-policy";
prefix rt-pol;
identity metric-type { import ietf-inet-types {
description prefix "inet";
"Base identity for route metric types."; reference "RFC 6991: Common YANG Data Types";
} }
identity ospf-type-1-metric { import ietf-yang-types {
base metric-type; prefix "yang";
description reference "RFC 6991: Common YANG Data Types";
"Identity for the OSPF type 1 external metric types. It }
is only applicable to OSPF routes.";
}
identity ospf-type-2-metric { import ietf-interfaces {
base metric-type; prefix "if";
description reference "RFC 8343: A YANG Data Model for Interface
"Identity for the OSPF type 2 external metric types. It Management (NMDA Version)";
is only applicable to OSPF routes."; }
}
identity isis-internal-metric { import ietf-routing {
base metric-type; prefix "rt";
description reference "RFC 8349: A YANG Data Model for Routing
"Identity for the IS-IS internal metric types. It is only Management (NMDA Version)";
applicable to IS-IS routes."; }
}
identity isis-external-metric { import ietf-if-extensions {
base metric-type; prefix "if-ext";
description reference "RFC YYYY: Common Interface Extension YANG
"Identity for the IS-IS external metric types. It is only Data Models. Please replace YYYY with
applicable to IS-IS routes."; published RFC number for
} draft-ietf-netmod-intf-ext-yang.";
}
identity import-level { import ietf-if-l3-vlan {
description prefix "if-l3-vlan";
"Base identity for route import level."; reference "RFC XXXX: Sub-interface VLAN YANG Data Models.
} Please replace XXXX with published RFC number
for draft-ietf-netmod-sub-intf-vlan-model.";
}
identity ospf-normal { organization
base import-level; "IETF RTGWG - Routing Area Working Group";
description contact
"Identity for OSPF importation into normal areas "WG Web: <http://tools.ietf.org/wg/rtgwg/>
It is only applicable to routes imported WG List: <Email: rtgwg@ietf.org>
into the OSPF protocol.";
}
identity ospf-nssa-only { Editor: Yingzhen Qu
base import-level; <Email: yingzhen.qu@futurewei.com>
description Jeff Tantsura
"Identity for the OSPF NSSA area importation. It is only <Email: jefftant.ietf@gmail.com>
applicable to routes imported into the OSPF protocol."; Acee Lindem
} <Email: acee@cisco.com>
Xufeng Liu
<Email: xufeng.liu.ietf@gmail.com>";
identity ospf-normal-nssa {
base import-level;
description description
"Identity for OSPF importation into both normal and NSSA "This module describes a YANG model for routing policy
areas, It is only applicable to routes imported into configuration. It is a limited subset of all of the policy
the OSPF protocol."; configuration parameters available in the variety of vendor
} implementations, but supports widely used constructs for
managing how routes are imported, exported, and modified across
different routing protocols. This module is intended to be
used in conjunction with routing protocol configuration modules
(e.g., BGP) defined in other models.
identity isis-level-1 { Route policy expression:
base import-level;
description
"Identity for IS-IS Level 1 area importation. It is only
applicable to routes imported into the IS-IS protocol.";
}
identity isis-level-2 { Policies are expressed as a set of top-level policy
base import-level; definitions, each of which consists of a sequence of policy
description statements. Policy statements consist of simple
"Identity for IS-IS Level 2 area importation. It is only condition-action tuples. Conditions may include multiple match
applicable to routes imported into the IS-IS protocol."; or comparison operations, and similarly actions may be
} multitude of changes to route attributes or a final disposition
of accepting or rejecting the route.
identity isis-level-1-2 { Route policy evaluation:
base import-level;
description
"Identity for IS-IS Level 1 and Level 2 area importation. It
is only applicable to routes imported into the IS-IS
protocol.";
}
identity proto-route-type {
description
"Base identity for route type within a protocol.";
}
identity isis-level-1-type { Policy definitions are referenced in routing protocol
base proto-route-type; configurations using import and export configuration
description statements. The arguments are members of an ordered list of
"Identity for IS-IS Level 1 route type. It is only named policy definitions which comprise a policy chain, and
applicable to IS-IS routes."; optionally, an explicit default policy action (i.e., reject
} or accept).
identity isis-level-2-type { Evaluation of each policy definition proceeds by evaluating its
base proto-route-type; corresponding individual policy statements in order. When a
description condition statement in a policy statement is satisfied, the
"Identity for IS-IS Level 2 route type. It is only corresponding action statement is executed. If the action
applicable to IS-IS routes."; statement has either accept-route or reject-route actions,
} policy evaluation of the current policy definition stops, and
no further policy definitions in the chain are evaluated.
identity ospf-internal-type { If the condition is not satisfied, then evaluation proceeds to
base proto-route-type; the next policy statement. If none of the policy statement
description conditions are satisfied, then evaluation of the current policy
"Identity for OSPF intra-area or inter-area route type. definition stops, and the next policy definition in the chain
It is only applicable to OSPF routes."; is evaluated. When the end of the policy chain is reached, the
} default route disposition action is performed (i.e.,
reject-route unless an alternate default action is specified
for the chain).
identity ospf-external-type { Policy 'subroutines' (or nested policies) are supported by
base proto-route-type; allowing policy statement conditions to reference another
description policy definition which applies conditions and actions from
"Identity for OSPF external type 1/2 route type. the referenced policy before returning to the calling policy
It is only applicable to OSPF routes."; statement and resuming evaluation. If the called policy
} results in an accept-route (either explicit or by default),
then the subroutine returns an effective true value to the
calling policy. Similarly, a reject-route action returns
false. If the subroutine returns true, the calling policy
continues to evaluate the remaining conditions (using a
modified route if the subroutine performed any changes to the
route).
identity ospf-external-t1 { Copyright (c) 2020 IETF Trust and the persons identified as
base ospf-external-type; authors of the code. All rights reserved.
description
"Identity for OSPF external type 1 route type.
It is only applicable to OSPF routes.";
}
identity ospf-external-t2-type { Redistribution and use in source and binary forms, with or
base ospf-external-type; without modification, is permitted pursuant to, and subject to
description the license terms contained in, the Simplified BSD License set
"Identity for OSPF external type 2 route type. forth in Section 4.c of the IETF Trust's Legal Provisions
It is only applicable to OSPF routes."; Relating to IETF Documents
} (https://trustee.ietf.org/license-info).
identity ospf-nssa-type { This version of this YANG module is part of RFC XXXX
base proto-route-type; (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
description for full legal notices.
"Identity for OSPF NSSA type 1/2 route type.
It is only applicable to OSPF routes.";
}
identity ospf-nssa-t1 { The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
base ospf-nssa-type; NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
description 'MAY', and 'OPTIONAL' in this document are to be interpreted as
"Identity for OSPF NSSA type 1 route type. described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
It is only applicable to OSPF routes."; they appear in all capitals, as shown here.
}
identity ospf-nssa-t2 { This version of this YANG module is part of RFC XXXX;
base ospf-nssa-type; see the RFC itself for full legal notices.";
description
"Identity for OSPF NSSA type 2 route type.
It is only applicable to OSPF routes.";
}
identity bgp-local { revision "2020-05-26" {
base proto-route-type; description
description "Initial revision.";
"Identity for BGP local route type. reference
It is only applicable to BGP routes."; "RFC XXXX: Routing Policy Configuration Model for Service
} Provider Networks";
}
identity bgp-external { /* Identities */
base proto-route-type;
description
"Identity for BGP external route type.
It is only applicable to BGP routes.";
}
/* Type Definitions */ identity metric-type {
description
"Base identity for route metric types.";
}
typedef default-policy-type { identity ospf-type-1-metric {
type enumeration { base metric-type;
enum accept-route { description
description "Identity for the OSPF type 1 external metric types. It
"Default policy to accept the route."; is only applicable to OSPF routes.";
}
enum reject-route {
description
"Default policy to reject the route.";
}
} }
description
"Type used to specify route disposition in
a policy chain. This typedef retained for
name compatibility with default import and
export policy.";
}
typedef policy-result-type { identity ospf-type-2-metric {
type enumeration { base metric-type;
enum accept-route { description
description "Identity for the OSPF type 2 external metric types. It
"Policy accepts the route."; is only applicable to OSPF routes.";
}
enum reject-route {
description
"Policy rejects the route.";
}
} }
description
"Type used to specify route disposition in
a policy chain.";
}
typedef tag-type { identity isis-internal-metric {
type union { base metric-type;
type uint32; description
type yang:hex-string; "Identity for the IS-IS internal metric types. It is only
applicable to IS-IS routes.";
} }
description
"Type for expressing route tags on a local system,
including IS-IS and OSPF; may be expressed as either decimal
or hexadecimal integer.";
reference
"RFC 2178 - OSPF Version 2
RFC 5130 - A Policy Control Mechanism in IS-IS Using
Administrative Tags";
}
typedef match-set-options-type { identity isis-external-metric {
type enumeration { base metric-type;
enum any { description
description "Identity for the IS-IS external metric types. It is only
"Match is true if given value matches any member applicable to IS-IS routes.";
of the defined set."; }
}
enum all {
description
"Match is true if given value matches all
members of the defined set.";
} identity import-level {
enum invert { description
description "Base identity for route import level.";
"Match is true if given value does not match any }
member of the defined set."; identity ospf-normal {
} base import-level;
description
"Identity for OSPF importation into normal areas
It is only applicable to routes imported
into the OSPF protocol.";
} }
default any;
description
"Options that govern the behavior of a match statement. The
default behavior is any, i.e., the given value matches any
of the members of the defined set.";
}
typedef metric-modification-type { identity ospf-nssa-only {
type enumeration { base import-level;
enum set-metric { description
description "Identity for the OSPF NSSA area importation. It is only
"Set the metric to the specified value."; applicable to routes imported into the OSPF protocol.";
}
enum add-metric {
description
"Add the specified value to the existing metric.
If the result would exceed the the maximum metric
(0xffffffff), set the metric to the maximum.";
}
enum subtract-metric {
description
"Subtract the specified value to the existing metric.
If the result would be less than 0, set the metric to 0.";
}
} }
description
"Type used to specify how to set the metric given the
specified value.";
}
/* Groupings */ identity ospf-normal-nssa {
base import-level;
description
"Identity for OSPF importation into both normal and NSSA
areas, It is only applicable to routes imported into
the OSPF protocol.";
}
grouping prefix-set { identity isis-level-1 {
description base import-level;
"Configuration data for prefix sets used in policy description
definitions."; "Identity for IS-IS Level 1 area importation. It is only
applicable to routes imported into the IS-IS protocol.";
}
leaf name { identity isis-level-2 {
type string; base import-level;
description description
"Name of the prefix set -- this is used as a label to "Identity for IS-IS Level 2 area importation. It is only
reference the set in match conditions."; applicable to routes imported into the IS-IS protocol.";
} }
leaf mode { identity isis-level-1-2 {
type enumeration { base import-level;
enum ipv4 {
description
"Prefix set contains IPv4 prefixes only.";
}
enum ipv6 {
description
"Prefix set contains IPv6 prefixes only.";
}
enum mixed {
description
"Prefix set contains mixed IPv4 and IPv6 prefixes.";
}
}
description description
"Indicates the mode of the prefix set, in terms of which "Identity for IS-IS Level 1 and Level 2 area importation. It
address families (IPv4, IPv6, or both) are present. The is only applicable to routes imported into the IS-IS
mode provides a hint, but the device must validate that all protocol.";
prefixes are of the indicated type, and is expected to
reject the configuration if there is a discrepancy. The
MIXED mode may not be supported on devices that require
prefix sets to be of only one address family.";
} }
} identity proto-route-type {
description
"Base identity for route type within a protocol.";
grouping prefix { }
description
"Configuration data for a prefix definition.";
leaf ip-prefix { identity isis-level-1-type {
type inet:ip-prefix; base proto-route-type;
mandatory true;
description description
"The prefix member in CIDR notation -- while the "Identity for IS-IS Level 1 route type. It is only
prefix may be either IPv4 or IPv6, most applicable to IS-IS routes.";
implementations require all members of the prefix set
to be the same address family. Mixing address types in
the same prefix set is likely to cause an error.";
} }
leaf mask-length-lower { identity isis-level-2-type {
type uint8; base proto-route-type;
description description
"Mask length range lower bound."; "Identity for IS-IS Level 2 route type. It is only
applicable to IS-IS routes.";
} }
leaf mask-length-upper {
type uint8 {
range "1..128";
}
must "../mask-length-upper >= ../mask-length-lower" {
error-message "The upper bound should not be less"
+ "than lower bound.";
}
description
"Mask length range upper bound.
The combination of mask-length-lower and mask-length-upper identity ospf-internal-type {
define a range for the mask length, or single 'exact' base proto-route-type;
length if mask-length-lower and mask-length-upper are equal. description
"Identity for OSPF intra-area or inter-area route type.
Example: 192.0.2.0/24 through 192.0.2.0/26 would be It is only applicable to OSPF routes.";
expressed as prefix: 192.0.2.0/24,
mask-length-lower=24,
mask-length-upper=26
Example: 192.0.2.0/24 (an exact match) would be
expressed as prefix: 192.0.2.0/24,
mask-length-lower=24,
mask-length-upper=24";
} }
}
grouping neighbor-set { identity ospf-external-type {
description base proto-route-type;
"This grouping provides neighbor set definitions."; description
"Identity for OSPF external type 1/2 route type.
It is only applicable to OSPF routes.";
}
leaf name { identity ospf-external-t1 {
type string; base ospf-external-type;
description description
"Name of the neighbor set -- this is used as a label "Identity for OSPF external type 1 route type.
to reference the set in match conditions."; It is only applicable to OSPF routes.";
} }
leaf-list address { identity ospf-external-t2-type {
type inet:ip-address; base ospf-external-type;
description description
"List of IP addresses in the neighbor set."; "Identity for OSPF external type 2 route type.
It is only applicable to OSPF routes.";
} }
}
grouping tag-set { identity ospf-nssa-type {
description base proto-route-type;
"This grouping provides tag set definitions."; description
"Identity for OSPF NSSA type 1/2 route type.
leaf name { It is only applicable to OSPF routes.";
type string; }
identity ospf-nssa-t1 {
base ospf-nssa-type;
description description
"Name of the tag set -- this is used as a label to reference "Identity for OSPF NSSA type 1 route type.
the set in match conditions."; It is only applicable to OSPF routes.";
} }
leaf-list tag-value { identity ospf-nssa-t2 {
type tag-type; base ospf-nssa-type;
description description
"Value of the tag set member."; "Identity for OSPF NSSA type 2 route type.
It is only applicable to OSPF routes.";
} }
}
grouping match-set-options-group { identity bgp-local {
description base proto-route-type;
"Grouping containing options relating to how a particular set description
should be matched."; "Identity for BGP local route type.
It is only applicable to BGP routes.";
}
leaf match-set-options { identity bgp-external {
type match-set-options-type; base proto-route-type;
description description
"Optional parameter that governs the behavior of the "Identity for BGP external route type.
match operation."; It is only applicable to BGP routes.";
} }
}
grouping match-set-options-restricted-group { /* Type Definitions */
description
"Grouping for a restricted set of match operation modifiers.";
leaf match-set-options { typedef default-policy-type {
type match-set-options-type { type enumeration {
enum any { enum accept-route {
description description
"Match is true if given value matches any "Default policy to accept the route.";
member of the defined set.";
} }
enum invert { enum reject-route {
description description
"Match is true if given value does not match "Default policy to reject the route.";
any member of the defined set.";
} }
} }
description description
"Optional parameter that governs the behavior of the "Type used to specify route disposition in
match operation. This leaf only supports matching on a policy chain. This typedef retained for
'any' member of the set or 'invert' the match. name compatibility with default import and
Matching on 'all' is not supported."; export policy.";
} }
}
grouping match-interface-condition { typedef policy-result-type {
description type enumeration {
"This grouping provides interface match condition."; enum accept-route {
description
container match-interface { "Policy accepts the route.";
leaf interface {
type leafref {
path "/if:interfaces/if:interface/if:name";
} }
description enum reject-route {
"Reference to a base interface. If a reference to a description
subinterface is required, this leaf must be specified "Policy rejects the route.";
to indicate the base interface.";
}
leaf subinterface {
type leafref {
path "/if:interfaces/if:interface/if-ext:encapsulation"
+ "/if-l3-vlan:dot1q-vlan"
+ "/if-l3-vlan:outer-tag/if-l3-vlan:vlan-id";
} }
description
"Reference to a subinterface -- this requires the base
interface to be specified using the interface leaf in
this container. If only a reference to a base interface
is required, this leaf should not be set.";
} }
description description
"Container for interface match conditions"; "Type used to specify route disposition in
a policy chain.";
} }
}
grouping match-proto-route-type-condition { typedef tag-type {
description type union {
"This grouping provides route-type match condition"; type uint32;
type yang:hex-string;
leaf-list match-proto-route-type { }
type identityref { description
base proto-route-type; "Type for expressing route tags on a local system,
} including IS-IS and OSPF; may be expressed as either decimal
description or hexadecimal integer.";
"Condition to check the protocol specific type reference
of route. This is normally used during route "RFC 2178 - OSPF Version 2
importation to select routes or to set protocol RFC 5130 - A Policy Control Mechanism in IS-IS Using
specific attributes based on the route type."; Administrative Tags";
} }
}
grouping prefix-set-condition { typedef match-set-options-type {
description type enumeration {
"This grouping provides prefix-set conditions."; enum any {
description
container match-prefix-set { "Match is true if given value matches any member
leaf prefix-set { of the defined set.";
type leafref { }
path "../../../../../../../defined-sets/" + enum all {
"prefix-sets/prefix-set/name"; description
"Match is true if given value matches all
members of the defined set.";
}
enum invert {
description
"Match is true if given value does not match any
member of the defined set.";
} }
description
"References a defined prefix set.";
} }
uses match-set-options-restricted-group; default any;
description description
"Match a referenced prefix-set according to the logic "Options that govern the behavior of a match statement. The
defined in the match-set-options leaf."; default behavior is any, i.e., the given value matches any
of the members of the defined set.";
} }
}
grouping neighbor-set-condition {
description
"This grouping provides neighbor-set conditions.";
container match-neighbor-set { typedef metric-modification-type {
leaf neighbor-set { type enumeration {
type leafref { enum set-metric {
path "../../../../../../../defined-sets/neighbor-sets/" + description
"neighbor-set/name"; "Set the metric to the specified value.";
require-instance true; }
enum add-metric {
description
"Add the specified value to the existing metric.
If the result would exceed the the maximum metric
(0xffffffff), set the metric to the maximum.";
}
enum subtract-metric {
description
"Subtract the specified value to the existing metric.
If the result would be less than 0, set the metric to 0.";
} }
description
"References a defined neighbor set.";
} }
description description
"Match a referenced neighbor set according to the logic "Type used to specify how to set the metric given the
defined in the match-set-options-leaf."; specified value.";
} }
}
grouping tag-set-condition {
description
"This grouping provides tag-set conditions.";
container match-tag-set { /* Groupings */
leaf tag-set {
type leafref { grouping prefix {
path "../../../../../../../defined-sets/tag-sets" + description
"/tag-set/name"; "Configuration data for a prefix definition.";
require-instance true;
} leaf ip-prefix {
type inet:ip-prefix;
mandatory true;
description description
"References a defined tag set."; "The prefix member in CIDR notation -- while the
prefix may be either IPv4 or IPv6, most
implementations require all members of the prefix set
to be the same address family. Mixing address types in
the same prefix set is likely to cause an error.";
} }
uses match-set-options-restricted-group;
description leaf mask-length-lower {
"Match a referenced tag set according to the logic defined type uint8;
in the match-options-set leaf."; description
} "Mask length range lower bound.";
} }
leaf mask-length-upper {
type uint8 {
range "1..128";
}
must "../mask-length-upper >= ../mask-length-lower" {
error-message "The upper bound should not be less"
+ "than lower bound.";
}
description
"Mask length range upper bound.
grouping generic-conditions { The combination of mask-length-lower and mask-length-upper
description define a range for the mask length, or single 'exact'
"Condition statement definitions for checking length if mask-length-lower and mask-length-upper are equal.
membership in a generic defined set.";
uses match-interface-condition; Example: 192.0.2.0/24 through 192.0.2.0/26 would be
uses prefix-set-condition; expressed as prefix: 192.0.2.0/24,
uses neighbor-set-condition; mask-length-lower=24,
uses tag-set-condition; mask-length-upper=26
uses match-proto-route-type-condition;
} Example: 192.0.2.0/24 (an exact match) would be
expressed as prefix: 192.0.2.0/24,
mask-length-lower=24,
mask-length-upper=24";
}
}
grouping policy-conditions { grouping match-set-options-group {
description description
"Data for general policy conditions, i.e., those "Grouping containing options relating to how a particular set
not related to match-sets."; should be matched.";
leaf call-policy { leaf match-set-options {
type leafref { type match-set-options-type;
path "../../../../../../" +
"rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
description description
"Applies the statements from the specified policy "Optional parameter that governs the behavior of the
definition and then returns control the current match operation.";
policy statement. Note that the called policy may
itself call other policies (subject to
implementation limitations). This is intended to
provide a policy 'subroutine' capability. The
called policy should contain an explicit or a
default route disposition that returns an
effective true (accept-route) or false
(reject-route), otherwise the behavior may be
ambiguous and implementation dependent.";
} }
}
grouping match-set-options-restricted-group {
description
"Grouping for a restricted set of match operation modifiers.";
leaf source-protocol { leaf match-set-options {
type identityref { type match-set-options-type {
base rt:control-plane-protocol; enum any {
description
"Match is true if given value matches any
member of the defined set.";
}
enum invert {
description
"Match is true if given value does not match
any member of the defined set.";
}
} }
description description
"Condition to check the protocol / method used to install "Optional parameter that governs the behavior of the
the route into the local routing table."; match operation. This leaf only supports matching on
'any' member of the set or 'invert' the match.
Matching on 'all' is not supported.";
} }
} }
grouping policy-actions {
description
"Top-level grouping for policy actions.";
container actions { grouping match-interface-condition {
description description
"Top-level container for policy action statements."; "This grouping provides interface match condition.";
leaf policy-result { container match-interface {
type policy-result-type; leaf interface {
description type leafref {
"Select the final disposition for the route, either path "/if:interfaces/if:interface/if:name";
accept or reject."; }
}
container set-metric {
leaf metric-modification {
type metric-modification-type;
description description
"Indicates how to modify the metric."; "Reference to a base interface. If a reference to a
subinterface is required, this leaf must be specified
to indicate the base interface.";
} }
leaf metric { leaf subinterface {
type uint32; type leafref {
path "/if:interfaces/if:interface/if-ext:encapsulation"
+ "/if-l3-vlan:dot1q-vlan"
+ "/if-l3-vlan:outer-tag/if-l3-vlan:vlan-id";
}
description description
"Metric value to set, add, or subtract."; "Reference to a subinterface -- this requires the base
interface to be specified using the interface leaf in
this container. If only a reference to a base interface
is required, this leaf should not be set.";
} }
description description
"Set the metric for the route."; "Container for interface match conditions";
} }
container set-metric-type { }
leaf metric-type {
grouping match-proto-route-type-condition {
description
"This grouping provides route-type match condition";
leaf-list match-proto-route-type {
type identityref { type identityref {
base metric-type; base proto-route-type;
} }
description description
"Route metric type."; "Condition to check the protocol specific type
of route. This is normally used during route
importation to select routes or to set protocol
specific attributes based on the route type.";
}
}
grouping prefix-set-condition {
description
"This grouping provides prefix-set conditions.";
container match-prefix-set {
leaf prefix-set {
type leafref {
path "../../../../../../../defined-sets/" +
"prefix-sets/prefix-set/name";
}
description
"References a defined prefix set.";
} }
uses match-set-options-restricted-group;
description description
"Set the metric type for the route."; "Match a referenced prefix-set according to the logic
defined in the match-set-options leaf.";
} }
container set-import-level { }
leaf import-level {
type identityref { grouping neighbor-set-condition {
base import-level; description
"This grouping provides neighbor-set conditions.";
container match-neighbor-set {
leaf neighbor-set {
type leafref {
path "../../../../../../../defined-sets/neighbor-sets/" +
"neighbor-set/name";
require-instance true;
} }
description description
"Route importation level."; "References a defined neighbor set.";
} }
description description
"Set the import level for importation of routes."; "Match a referenced neighbor set according to the logic
defined in the match-set-options-leaf.";
} }
leaf set-preference { }
type uint16;
grouping tag-set-condition {
description
"This grouping provides tag-set conditions.";
container match-tag-set {
leaf tag-set {
type leafref {
path "../../../../../../../defined-sets/tag-sets" +
"/tag-set/name";
require-instance true;
}
description
"References a defined tag set.";
}
uses match-set-options-restricted-group;
description description
"Set the preference for the route."; "Match a referenced tag set according to the logic defined
in the match-options-set leaf.";
} }
leaf set-tag { }
type tag-type;
grouping apply-policy-import {
description
"Grouping for applying import policies.";
leaf-list import-policy {
type leafref {
path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
ordered-by user;
description description
"Set the tag for the route."; "List of policy names in sequence to be applied on
receiving a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
} }
leaf set-application-tag {
type tag-type; leaf default-import-policy {
type default-policy-type;
default reject-route;
description description
"Set the application tag for the route."; "Explicitly set a default policy if no policy definition
in the import policy chain is satisfied.";
} }
} }
}
grouping apply-policy-import { grouping apply-policy-export {
description description
"Grouping for applying import policies."; "Grouping for applying export policies.";
leaf-list import-policy { leaf-list export-policy {
type leafref { type leafref {
path "/rt-pol:routing-policy/rt-pol:policy-definitions/" + path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name"; "rt-pol:policy-definition/rt-pol:name";
require-instance true; require-instance true;
}
ordered-by user;
description
"List of policy names in sequence to be applied on
sending a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
} }
ordered-by user;
description
"List of policy names in sequence to be applied on
receiving a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
}
leaf default-import-policy { leaf default-export-policy {
type default-policy-type; type default-policy-type;
default reject-route; default reject-route;
description description
"Explicitly set a default policy if no policy definition "Explicitly set a default policy if no policy definition
in the import policy chain is satisfied."; in the export policy chain is satisfied.";
}
} }
grouping apply-policy-group {
description
"Top level container for routing policy applications. This
grouping is intended to be used in routing models where
needed.";
} container apply-policy {
description
"Anchor point for routing policies in the model.
Import and export policies are with respect to the local
routing table, i.e., export (send) and import (receive),
depending on the context.";
grouping apply-policy-export { uses apply-policy-import;
description uses apply-policy-export;
"Grouping for applying export policies.";
leaf-list export-policy {
type leafref {
path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
} }
ordered-by user;
description
"List of policy names in sequence to be applied on
sending a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
} }
leaf default-export-policy { container routing-policy {
type default-policy-type;
default reject-route;
description description
"Explicitly set a default policy if no policy definition "Top-level container for all routing policy.";
in the export policy chain is satisfied.";
}
}
grouping apply-policy {
description
"Configuration data for routing policies.";
uses apply-policy-import; container defined-sets {
uses apply-policy-export; description
} "Predefined sets of attributes used in policy match
statements.";
grouping apply-policy-group { container prefix-sets {
description description
"Top level container for routing policy applications. This "Data definitions for a list of IPv4 or IPv6
grouping is intended to be used in routing models where prefixes which are matched as part of a policy.";
needed."; list prefix-set {
key "name";
description
"List of the defined prefix sets";
container apply-policy { leaf name {
description type string;
"Anchor point for routing policies in the model. description
Import and export policies are with respect to the local "Name of the prefix set -- this is used as a label to
routing table, i.e., export (send) and import (receive), reference the set in match conditions.";
depending on the context."; }
uses apply-policy; leaf mode {
type enumeration {
enum ipv4 {
description
"Prefix set contains IPv4 prefixes only.";
}
enum ipv6 {
description
"Prefix set contains IPv6 prefixes only.";
}
enum mixed {
description
"Prefix set contains mixed IPv4 and IPv6 prefixes.";
}
}
description
"Indicates the mode of the prefix set, in terms of which
address families (IPv4, IPv6, or both) are present. The
mode provides a hint, but the device must validate that
all prefixes are of the indicated type, and is expected
to reject the configuration if there is a discrepancy.
The MIXED mode may not be supported on devices that
require prefix sets to be of only one address family.";
}
} container prefixes {
} description
"Container for the list of prefixes in a policy
prefix list.";
container routing-policy { list prefix-list {
description key "ip-prefix mask-length-lower mask-length-upper";
"Top-level container for all routing policy."; description
"List of prefixes in the prefix set.";
container defined-sets { uses prefix;
description }
"Predefined sets of attributes used in policy match }
statements."; }
}
container prefix-sets { container neighbor-sets {
description
"Data definitions for a list of IPv4 or IPv6
prefixes which are matched as part of a policy.";
list prefix-set {
key "name";
description description
"List of the defined prefix sets"; "Data definition for a list of IPv4 or IPv6
neighbors which can be matched in a routing policy.";
uses prefix-set; list neighbor-set {
container prefixes { key "name";
description description
"Container for the list of prefixes in a policy "List of defined neighbor sets for use in policies.";
prefix list.";
list prefix-list { leaf name {
key "ip-prefix mask-length-lower mask-length-upper"; type string;
description description
"List of prefixes in the prefix set."; "Name of the neighbor set -- this is used as a label
to reference the set in match conditions.";
}
uses prefix; leaf-list address {
type inet:ip-address;
description
"List of IP addresses in the neighbor set.";
} }
} }
} }
}
container neighbor-sets { container tag-sets {
description
"Data definition for a list of IPv4 or IPv6
neighbors which can be matched in a routing policy.";
list neighbor-set {
key "name";
description description
"List of defined neighbor sets for use in policies."; "Data definitions for a list of tags which can
be matched in policies.";
uses neighbor-set; list tag-set {
} key "name";
} description
"List of tag set definitions.";
container tag-sets { leaf name {
description type string;
"Data definitions for a list of tags which can description
be matched in policies."; "Name of the tag set -- this is used as a label to
reference the set in match conditions.";
}
list tag-set { leaf-list tag-value {
key "name"; type tag-type;
description description
"List of tag set definitions."; "Value of the tag set member.";
uses tag-set; }
}
} }
} }
}
container policy-definitions { container policy-definitions {
description
"Enclosing container for the list of top-level policy
definitions.";
list policy-definition {
key "name";
description description
"List of top-level policy definitions, keyed by unique "Enclosing container for the list of top-level policy
name. These policy definitions are expected to be definitions.";
referenced (by name) in policy chains specified in import
or export configuration statements.";
leaf name { list policy-definition {
type string; key "name";
description description
"Name of the top-level policy definition -- this name "List of top-level policy definitions, keyed by unique
is used in references to the current policy."; name. These policy definitions are expected to be
} referenced (by name) in policy chains specified in import
or export configuration statements.";
container statements { leaf name {
description type string;
"Enclosing container for policy statements."; description
"Name of the top-level policy definition -- this name
is used in references to the current policy.";
}
list statement { container statements {
key "name";
ordered-by user;
description description
"Policy statements group conditions and actions "Enclosing container for policy statements.";
within a policy definition. They are evaluated in
the order specified (see the description of policy
evaluation at the top of this module.";
leaf name { list statement {
type string; key "name";
ordered-by user;
description description
"Name of the policy statement."; "Policy statements group conditions and actions
} within a policy definition. They are evaluated in
the order specified (see the description of policy
evaluation at the top of this module.";
container conditions { leaf name {
description type string;
"Condition statements for the current policy statement."; description
"Name of the policy statement.";
}
uses policy-conditions; container conditions {
uses generic-conditions; description
} "Condition statements for the current policy
statement.";
uses policy-actions; leaf call-policy {
type leafref {
path "../../../../../../" +
"rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
description
"Applies the statements from the specified policy
definition and then returns control the current
policy statement. Note that the called policy may
itself call other policies (subject to
implementation limitations). This is intended to
provide a policy 'subroutine' capability. The
called policy should contain an explicit or a
default route disposition that returns an
effective true (accept-route) or false
(reject-route), otherwise the behavior may be
ambiguous and implementation dependent.";
}
leaf source-protocol {
type identityref {
base rt:control-plane-protocol;
}
description
"Condition to check the protocol / method used to
install the route into the local routing table.";
}
uses match-interface-condition;
uses prefix-set-condition;
uses neighbor-set-condition;
uses tag-set-condition;
uses match-proto-route-type-condition;
}
container actions {
description
"Top-level container for policy action statements.";
leaf policy-result {
type policy-result-type;
description
"Select the final disposition for the route, either
accept or reject.";
}
container set-metric {
leaf metric-modification {
type metric-modification-type;
description
"Indicates how to modify the metric.";
}
leaf metric {
type uint32;
description
"Metric value to set, add, or subtract.";
}
description
"Set the metric for the route.";
}
container set-metric-type {
leaf metric-type {
type identityref {
base metric-type;
}
description
"Route metric type.";
}
description
"Set the metric type for the route.";
}
container set-import-level {
leaf import-level {
type identityref {
base import-level;
}
description
"Route importation level.";
}
description
"Set the import level for importation of routes.";
}
leaf set-preference {
type uint16;
description
"Set the preference for the route.";
}
leaf set-tag {
type tag-type;
description
"Set the tag for the route.";
}
leaf set-application-tag {
type tag-type;
description
"Set the application tag for the route.";
}
}
}
} }
} }
} }
} }
} }
<CODE ENDS>
} 11. Policy examples
<CODE ENDS>
11. References Below we show an example of XML-encoded configuration data using the
routing policy and BGP models to illustrate both how policies are
defined, and also how they can be applied. Note that the XML has
been simplified for readability.
11.1. Normative references <config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<routing-policy
xmlns="urn:ietf:params:xml:ns:yang:ietf-routing-policy">
[I-D.ietf-netmod-intf-ext-yang] <defined-sets>
Wilton, R., Ball, D., tapsingh@cisco.com, t., and S. <prefix-sets>
Sivaraj, "Common Interface Extension YANG Data Models", <prefix-set>
draft-ietf-netmod-intf-ext-yang-08 (work in progress), <name>prefix-set-A</name>
November 2019. <prefixes>
<prefix-list>
<ip-prefix>192.0.2.0/24</ip-prefix>
<mask-length-lower>24</mask-length-lower>
<mask-length-upper>32</mask-length-upper>
</prefix-list>
<prefix-list>
<ip-prefix>10.0.0.0/16</ip-prefix>
<mask-length-lower>16</mask-length-lower>
<mask-length-upper>32</mask-length-upper>
</prefix-list>
</prefixes>
</prefix-set>
</prefix-sets>
<tag-sets>
<tag-set>
<name>cust-tag1</name>
<tag-value>10</tag-value>
</tag-set>
</tag-sets>
</defined-sets>
[I-D.ietf-netmod-sub-intf-vlan-model] <policy-definitions>
<policy-definition>
<name>export-tagged-BGP</name>
<statements>
<statement>
<name>term-0</name>
<conditions>
<source-protocol>bgp</source-protocol>
<match-tag-set>
<tag-set>cust-tag1</tag-set>
</match-tag-set>
</conditions>
<actions>
<policy-result>accept-route</policy-result>
</actions>
</statement>
</statements>
</policy-definition>
</policy-definitions>
</routing-policy>
</config>
12. References
12.1. Normative references
[INTF-EXT-YANG]
Wilton, R., Ball, D., tapsingh@cisco.com, t., and S. Wilton, R., Ball, D., tapsingh@cisco.com, t., and S.
Sivaraj, "Sub-interface VLAN YANG Data Models", draft- Sivaraj,, "Common Interface Extension YANG Data Models",
ietf-netmod-sub-intf-vlan-model-06 (work in progress), 2019, <https://datatracker.ietf.org/doc/draft-ietf-netmod-
November 2019. intf-ext-yang/>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
skipping to change at page 37, line 48 skipping to change at page 38, line 5
[RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for
Routing Management (NMDA Version)", RFC 8349, Routing Management (NMDA Version)", RFC 8349,
DOI 10.17487/RFC8349, March 2018, DOI 10.17487/RFC8349, March 2018,
<https://www.rfc-editor.org/info/rfc8349>. <https://www.rfc-editor.org/info/rfc8349>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
11.2. Informative references [SUB-INTF-VLAN-YANG]
Wilton, R., Ball, D., tapsingh@cisco.com, t., and S.
Sivaraj, "Sub-interface VLAN YANG Data Model", 2019,
<https://datatracker.ietf.org/doc/draft-ietf-netmod-sub-
intf-vlan-model/>.
12.2. Informative references
[I-D.ietf-idr-bgp-model] [I-D.ietf-idr-bgp-model]
Jethanandani, M., Patel, K., Hares, S., and J. Haas, "BGP Jethanandani, M., Patel, K., Hares, S., and J. Haas, "BGP
YANG Model for Service Provider Networks", draft-ietf-idr- YANG Model for Service Provider Networks", draft-ietf-idr-
bgp-model-08 (work in progress), February 2020. bgp-model-08 (work in progress), February 2020.
Appendix A. Acknowledgements Appendix A. Acknowledgements
The routing policy module defined in this draft is based on the The routing policy module defined in this draft is based on the
OpenConfig route policy model. The authors would like to thank to OpenConfig route policy model. The authors would like to thank to
 End of changes. 201 change blocks. 
862 lines changed or deleted 870 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/