| < draft-ietf-rtgwg-policy-model-12.txt | draft-ietf-rtgwg-policy-model-13.txt > | |||
|---|---|---|---|---|
| RTGWG Y. Qu | RTGWG Y. Qu | |||
| Internet-Draft Futurewei | Internet-Draft Futurewei | |||
| Intended status: Standards Track J. Tantsura | Intended status: Standards Track J. Tantsura | |||
| Expires: November 30, 2020 Apstra | Expires: December 1, 2020 Apstra | |||
| A. Lindem | A. Lindem | |||
| Cisco | Cisco | |||
| X. Liu | X. Liu | |||
| Volta Networks | Volta Networks | |||
| May 29, 2020 | May 30, 2020 | |||
| A YANG Data Model for Routing Policy Management | A YANG Data Model for Routing Policy Management | |||
| draft-ietf-rtgwg-policy-model-12 | draft-ietf-rtgwg-policy-model-13 | |||
| Abstract | Abstract | |||
| This document defines a YANG data model for configuring and managing | This document defines a YANG data model for configuring and managing | |||
| routing policies in a vendor-neutral way and based on actual | routing policies in a vendor-neutral way and based on actual | |||
| operational practice. The model provides a generic policy framework | operational practice. The model provides a generic policy framework | |||
| which can be augmented with protocol-specific policy configuration. | which can be augmented with protocol-specific policy configuration. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 30, 2020. | This Internet-Draft will expire on December 1, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 21 ¶ | skipping to change at page 3, line 21 ¶ | |||
| protocols. The model development approach has been to examine actual | protocols. The model development approach has been to examine actual | |||
| policy configurations in use across a number of operator networks. | policy configurations in use across a number of operator networks. | |||
| Hence the focus is on enabling policy configuration capabilities and | Hence the focus is on enabling policy configuration capabilities and | |||
| structure that are in wide use. | structure that are in wide use. | |||
| Despite the differences in details of policy expressions and | Despite the differences in details of policy expressions and | |||
| conventions in various vendor implementations, the model reflects the | conventions in various vendor implementations, the model reflects the | |||
| observation that a relatively simple condition-action approach can be | observation that a relatively simple condition-action approach can be | |||
| readily mapped to several existing vendor implementations, and also | readily mapped to several existing vendor implementations, and also | |||
| gives operators an intuitive and straightforward way to express | gives operators an intuitive and straightforward way to express | |||
| policy without sacrificing flexibility. A side affect of this design | policy without sacrificing flexibility. A side effect of this design | |||
| decision is that legacy methods for expressing policies are not | decision is that legacy methods for expressing policies are not | |||
| considered. Such methods could be added as an augmentation to the | considered. Such methods could be added as an augmentation to the | |||
| model if needed. | model if needed. | |||
| Consistent with the goal to produce a data model that is vendor | Consistent with the goal to produce a data model that is vendor | |||
| neutral, only policy expressions that are deemed to be widely | neutral, only policy expressions that are deemed to be widely | |||
| available in existing major implementations are included in the | available in existing major implementations are included in the | |||
| model. Those configuration items that are only available from a | model. Those configuration items that are only available from a | |||
| single implementation are omitted from the model with the expectation | single implementation are omitted from the model with the expectation | |||
| they will be available in separate vendor-provided modules that | they will be available in separate vendor-provided modules that | |||
| skipping to change at page 3, line 43 ¶ | skipping to change at page 3, line 43 ¶ | |||
| 2. Terminology and Notation | 2. Terminology and Notation | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| Routing Policy: A routing policy defines how routes are imported, | Routing Policy: A routing policy defines how routes are imported, | |||
| exported, and modified across different routing protocols. | exported, modified, and advertised between routing protocols | |||
| instances or within a single routing protocol instance. | ||||
| The following terms are defined in [RFC8342]: | The following terms are defined in [RFC8342]: | |||
| o client | o client | |||
| o server | o server | |||
| o configuration | o configuration | |||
| o system state | o system state | |||
| skipping to change at page 9, line 13 ¶ | skipping to change at page 9, line 13 ¶ | |||
| These are shown below. | These are shown below. | |||
| +--rw routing-policy | +--rw routing-policy | |||
| +--rw policy-definitions | +--rw policy-definitions | |||
| +--rw policy-definition* [name] | +--rw policy-definition* [name] | |||
| +--rw statements | +--rw statements | |||
| +--rw statement* [name] | +--rw statement* [name] | |||
| +--rw actions | +--rw actions | |||
| +--rw policy-result? policy-result-type | +--rw policy-result? policy-result-type | |||
| +--rw set-metric | +--rw set-metric | |||
| | +--rw metric-modificatiion? | | +--rw metric-modification? | |||
| | | metric-modification-type | | | metric-modification-type | |||
| | +--rw metric? uint32 | | +--rw metric? uint32 | |||
| +--rw set-metric-type | +--rw set-metric-type | |||
| | +--rw metric-type? identityref | | +--rw metric-type? identityref | |||
| +--rw set-import-level | +--rw set-import-level | |||
| | +--rw import-level? identityref | | +--rw import-level? identityref | |||
| +--rw set-preference? uint16 | +--rw set-preference? uint16 | |||
| +--rw set-tag? tag-type | +--rw set-tag? tag-type | |||
| +--rw set-application-tag? tag-type | +--rw set-application-tag? tag-type | |||
| skipping to change at page 11, line 22 ¶ | skipping to change at page 11, line 22 ¶ | |||
| policy configuration. The routing policy model assumes that | policy configuration. The routing policy model assumes that | |||
| additional defined sets, conditions, and actions may all be added by | additional defined sets, conditions, and actions may all be added by | |||
| other models. | other models. | |||
| An example of this is shown below, in which the BGP configuration | An example of this is shown below, in which the BGP configuration | |||
| model in [I-D.ietf-idr-bgp-model] adds new defined sets to match on | model in [I-D.ietf-idr-bgp-model] adds new defined sets to match on | |||
| community values or AS paths. The model similarly augments BGP- | community values or AS paths. The model similarly augments BGP- | |||
| specific conditions and actions in the corresponding sections of the | specific conditions and actions in the corresponding sections of the | |||
| routing policy model. | routing policy model. | |||
| module: ietf-routing-policy | module: ietf-routing-policy | |||
| +--rw routing-policy | +--rw routing-policy | |||
| +--rw defined-sets | +--rw defined-sets | |||
| | +--rw prefix-sets | | +--rw prefix-sets | |||
| | | +--rw prefix-set* [name] | | | +--rw prefix-set* [name] | |||
| | | +--rw name string | | | +--rw name string | |||
| | | +--rw mode? enumeration | | | +--rw mode? enumeration | |||
| | | +--rw prefixes | | | +--rw prefixes | |||
| | | +--rw prefix-list* [ip-prefix mask-length-lower | | | +--rw prefix-list* [ip-prefix mask-length-lower | |||
| | | mask-length-upper] | | | mask-length-upper] | |||
| | | +--rw ip-prefix inet:ip-prefix | | | +--rw ip-prefix inet:ip-prefix | |||
| | | +--rw mask-length-lower uint8 | | | +--rw mask-length-lower uint8 | |||
| skipping to change at page 15, line 7 ¶ | skipping to change at page 15, line 7 ¶ | |||
| prefix: rt-pol | prefix: rt-pol | |||
| reference: RFC XXXX | reference: RFC XXXX | |||
| 10. YANG modules | 10. YANG modules | |||
| The routing policy model is described by the YANG modules in the | The routing policy model is described by the YANG modules in the | |||
| sections below. | sections below. | |||
| 10.1. Routing policy model | 10.1. Routing policy model | |||
| <CODE BEGINS> file "ietf-routing-policy@2020-05-26.yang" | <CODE BEGINS> file "ietf-routing-policy@2020-05-26.yang" | |||
| module ietf-routing-policy { | module ietf-routing-policy { | |||
| yang-version "1.1"; | yang-version "1.1"; | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-routing-policy"; | namespace "urn:ietf:params:xml:ns:yang:ietf-routing-policy"; | |||
| prefix rt-pol; | prefix rt-pol; | |||
| import ietf-inet-types { | import ietf-inet-types { | |||
| prefix "inet"; | prefix "inet"; | |||
| reference "RFC 6991: Common YANG Data Types"; | reference "RFC 6991: Common YANG Data Types"; | |||
| } | } | |||
| import ietf-yang-types { | import ietf-yang-types { | |||
| prefix "yang"; | prefix "yang"; | |||
| reference "RFC 6991: Common YANG Data Types"; | reference "RFC 6991: Common YANG Data Types"; | |||
| } | } | |||
| import ietf-interfaces { | import ietf-interfaces { | |||
| prefix "if"; | prefix "if"; | |||
| reference "RFC 8343: A YANG Data Model for Interface | reference "RFC 8343: A YANG Data Model for Interface | |||
| Management (NMDA Version)"; | Management (NMDA Version)"; | |||
| } | } | |||
| import ietf-routing { | import ietf-routing { | |||
| prefix "rt"; | prefix "rt"; | |||
| reference "RFC 8349: A YANG Data Model for Routing | reference "RFC 8349: A YANG Data Model for Routing | |||
| Management (NMDA Version)"; | Management (NMDA Version)"; | |||
| } | } | |||
| import ietf-if-extensions { | import ietf-if-extensions { | |||
| prefix "if-ext"; | prefix "if-ext"; | |||
| reference "RFC YYYY: Common Interface Extension YANG | reference "RFC YYYY: Common Interface Extension YANG | |||
| Data Models. Please replace YYYY with | Data Models. Please replace YYYY with | |||
| published RFC number for | published RFC number for | |||
| draft-ietf-netmod-intf-ext-yang."; | draft-ietf-netmod-intf-ext-yang."; | |||
| } | } | |||
| import ietf-if-l3-vlan { | import ietf-if-l3-vlan { | |||
| prefix "if-l3-vlan"; | prefix "if-l3-vlan"; | |||
| reference "RFC XXXX: Sub-interface VLAN YANG Data Models. | reference "RFC XXXX: Sub-interface VLAN YANG Data Models. | |||
| Please replace XXXX with published RFC number | Please replace XXXX with published RFC number | |||
| for draft-ietf-netmod-sub-intf-vlan-model."; | for draft-ietf-netmod-sub-intf-vlan-model."; | |||
| } | } | |||
| organization | organization | |||
| "IETF RTGWG - Routing Area Working Group"; | "IETF RTGWG - Routing Area Working Group"; | |||
| contact | contact | |||
| "WG Web: <http://tools.ietf.org/wg/rtgwg/> | "WG Web: <http://tools.ietf.org/wg/rtgwg/> | |||
| WG List: <Email: rtgwg@ietf.org> | WG List: <Email: rtgwg@ietf.org> | |||
| Editor: Yingzhen Qu | Editor: Yingzhen Qu | |||
| <Email: yingzhen.qu@futurewei.com> | <Email: yingzhen.qu@futurewei.com> | |||
| Jeff Tantsura | Jeff Tantsura | |||
| <Email: jefftant.ietf@gmail.com> | <Email: jefftant.ietf@gmail.com> | |||
| Acee Lindem | Acee Lindem | |||
| <Email: acee@cisco.com> | <Email: acee@cisco.com> | |||
| Xufeng Liu | Xufeng Liu | |||
| <Email: xufeng.liu.ietf@gmail.com>"; | <Email: xufeng.liu.ietf@gmail.com>"; | |||
| description | description | |||
| "This module describes a YANG model for routing policy | "This module describes a YANG model for routing policy | |||
| configuration. It is a limited subset of all of the policy | configuration. It is a limited subset of all of the policy | |||
| configuration parameters available in the variety of vendor | configuration parameters available in the variety of vendor | |||
| implementations, but supports widely used constructs for | implementations, but supports widely used constructs for | |||
| managing how routes are imported, exported, and modified across | managing how routes are imported, exported, modified and | |||
| different routing protocols. This module is intended to be | advertised across different routing protocol instances or | |||
| used in conjunction with routing protocol configuration modules | within a single routing protocol instance. This module is | |||
| (e.g., BGP) defined in other models. | intended to be used in conjunction with routing protocol | |||
| configuration modules (e.g., BGP) defined in other models. | ||||
| Route policy expression: | Route policy expression: | |||
| Policies are expressed as a set of top-level policy | Policies are expressed as a set of top-level policy | |||
| definitions, each of which consists of a sequence of policy | definitions, each of which consists of a sequence of policy | |||
| statements. Policy statements consist of simple | statements. Policy statements consist of simple | |||
| condition-action tuples. Conditions may include multiple match | condition-action tuples. Conditions may include multiple match | |||
| or comparison operations, and similarly actions may be | or comparison operations, and similarly actions may be | |||
| multitude of changes to route attributes or a final disposition | multitude of changes to route attributes or a final | |||
| of accepting or rejecting the route. | disposition of accepting or rejecting the route. | |||
| Route policy evaluation: | Route policy evaluation: | |||
| Policy definitions are referenced in routing protocol | Policy definitions are referenced in routing protocol | |||
| configurations using import and export configuration | configurations using import and export configuration | |||
| statements. The arguments are members of an ordered list of | statements. The arguments are members of an ordered list of | |||
| named policy definitions which comprise a policy chain, and | named policy definitions which comprise a policy chain, and | |||
| optionally, an explicit default policy action (i.e., reject | optionally, an explicit default policy action (i.e., reject | |||
| or accept). | or accept). | |||
| Evaluation of each policy definition proceeds by evaluating its | Evaluation of each policy definition proceeds by evaluating | |||
| corresponding individual policy statements in order. When a | its corresponding individual policy statements in order. When | |||
| condition statement in a policy statement is satisfied, the | a condition statement in a policy statement is satisfied, the | |||
| corresponding action statement is executed. If the action | corresponding action statement is executed. If the action | |||
| statement has either accept-route or reject-route actions, | statement has either accept-route or reject-route actions, | |||
| policy evaluation of the current policy definition stops, and | policy evaluation of the current policy definition stops, and | |||
| no further policy definitions in the chain are evaluated. | no further policy definitions in the chain are evaluated. | |||
| If the condition is not satisfied, then evaluation proceeds to | If the condition is not satisfied, then evaluation proceeds to | |||
| the next policy statement. If none of the policy statement | the next policy statement. If none of the policy statement | |||
| conditions are satisfied, then evaluation of the current policy | conditions are satisfied, then evaluation of the current | |||
| definition stops, and the next policy definition in the chain | policy definition stops, and the next policy definition in the | |||
| is evaluated. When the end of the policy chain is reached, the | chain is evaluated. When the end of the policy chain is | |||
| default route disposition action is performed (i.e., | reached, the default route disposition action is performed | |||
| reject-route unless an alternate default action is specified | (i.e., reject-route unless an alternate default action is | |||
| for the chain). | specified for the chain). | |||
| Policy 'subroutines' (or nested policies) are supported by | Policy 'subroutines' (or nested policies) are supported by | |||
| allowing policy statement conditions to reference another | allowing policy statement conditions to reference another | |||
| policy definition which applies conditions and actions from | policy definition which applies conditions and actions from | |||
| the referenced policy before returning to the calling policy | the referenced policy before returning to the calling policy | |||
| statement and resuming evaluation. If the called policy | statement and resuming evaluation. If the called policy | |||
| results in an accept-route (either explicit or by default), | results in an accept-route (either explicit or by default), | |||
| then the subroutine returns an effective true value to the | then the subroutine returns an effective true value to the | |||
| calling policy. Similarly, a reject-route action returns | calling policy. Similarly, a reject-route action returns | |||
| false. If the subroutine returns true, the calling policy | false. If the subroutine returns true, the calling policy | |||
| continues to evaluate the remaining conditions (using a | continues to evaluate the remaining conditions (using a | |||
| modified route if the subroutine performed any changes to the | modified route if the subroutine performed any changes to the | |||
| route). | route). | |||
| Copyright (c) 2020 IETF Trust and the persons identified as | Copyright (c) 2020 IETF Trust and the persons identified as | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject to | without modification, is permitted pursuant to, and subject to | |||
| the license terms contained in, the Simplified BSD License set | the license terms contained in, the Simplified BSD License set | |||
| forth in Section 4.c of the IETF Trust's Legal Provisions | forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info). | (https://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX | This version of this YANG module is part of RFC XXXX | |||
| (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself | (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself | |||
| for full legal notices. | for full legal notices. | |||
| The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL | The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL | |||
| NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', | NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT | |||
| 'MAY', and 'OPTIONAL' in this document are to be interpreted as | RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be | |||
| described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, | interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, | |||
| they appear in all capitals, as shown here. | and only when, they appear in all capitals, as shown here. | |||
| This version of this YANG module is part of RFC XXXX; | This version of this YANG module is part of RFC XXXX; | |||
| see the RFC itself for full legal notices."; | see the RFC itself for full legal notices."; | |||
| revision "2020-05-26" { | revision "2020-05-26" { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: Routing Policy Configuration Model for Service | "RFC XXXX: Routing Policy Configuration Model for Service | |||
| Provider Networks"; | Provider Networks"; | |||
| } | } | |||
| /* Identities */ | /* Identities */ | |||
| identity metric-type { | identity metric-type { | |||
| description | description | |||
| "Base identity for route metric types."; | "Base identity for route metric types."; | |||
| } | } | |||
| identity ospf-type-1-metric { | identity ospf-type-1-metric { | |||
| base metric-type; | base metric-type; | |||
| description | description | |||
| "Identity for the OSPF type 1 external metric types. It | "Identity for the OSPF type 1 external metric types. It | |||
| is only applicable to OSPF routes."; | is only applicable to OSPF routes."; | |||
| } | } | |||
| identity ospf-type-2-metric { | identity ospf-type-2-metric { | |||
| base metric-type; | base metric-type; | |||
| description | description | |||
| "Identity for the OSPF type 2 external metric types. It | "Identity for the OSPF type 2 external metric types. It | |||
| is only applicable to OSPF routes."; | is only applicable to OSPF routes."; | |||
| } | } | |||
| identity isis-internal-metric { | identity isis-internal-metric { | |||
| base metric-type; | base metric-type; | |||
| description | description | |||
| "Identity for the IS-IS internal metric types. It is only | "Identity for the IS-IS internal metric types. It is only | |||
| applicable to IS-IS routes."; | applicable to IS-IS routes."; | |||
| } | } | |||
| identity isis-external-metric { | identity isis-external-metric { | |||
| base metric-type; | base metric-type; | |||
| description | description | |||
| "Identity for the IS-IS external metric types. It is only | "Identity for the IS-IS external metric types. It is only | |||
| applicable to IS-IS routes."; | applicable to IS-IS routes."; | |||
| } | } | |||
| identity import-level { | identity import-level { | |||
| description | description | |||
| "Base identity for route import level."; | "Base identity for route import level."; | |||
| } | } | |||
| identity ospf-normal { | identity ospf-normal { | |||
| base import-level; | base import-level; | |||
| description | description | |||
| "Identity for OSPF importation into normal areas | "Identity for OSPF importation into normal areas | |||
| It is only applicable to routes imported | It is only applicable to routes imported | |||
| into the OSPF protocol."; | into the OSPF protocol."; | |||
| } | } | |||
| identity ospf-nssa-only { | identity ospf-nssa-only { | |||
| base import-level; | base import-level; | |||
| description | description | |||
| "Identity for the OSPF NSSA area importation. It is only | "Identity for the OSPF NSSA area importation. It is only | |||
| applicable to routes imported into the OSPF protocol."; | applicable to routes imported into the OSPF protocol."; | |||
| } | } | |||
| identity ospf-normal-nssa { | identity ospf-normal-nssa { | |||
| base import-level; | base import-level; | |||
| description | description | |||
| "Identity for OSPF importation into both normal and NSSA | "Identity for OSPF importation into both normal and NSSA | |||
| areas, It is only applicable to routes imported into | areas, it is only applicable to routes imported into | |||
| the OSPF protocol."; | the OSPF protocol."; | |||
| } | } | |||
| identity isis-level-1 { | identity isis-level-1 { | |||
| base import-level; | base import-level; | |||
| description | description | |||
| "Identity for IS-IS Level 1 area importation. It is only | "Identity for IS-IS Level 1 area importation. It is only | |||
| applicable to routes imported into the IS-IS protocol."; | applicable to routes imported into the IS-IS protocol."; | |||
| } | } | |||
| identity isis-level-2 { | identity isis-level-2 { | |||
| base import-level; | base import-level; | |||
| description | description | |||
| "Identity for IS-IS Level 2 area importation. It is only | "Identity for IS-IS Level 2 area importation. It is only | |||
| applicable to routes imported into the IS-IS protocol."; | applicable to routes imported into the IS-IS protocol."; | |||
| } | } | |||
| identity isis-level-1-2 { | identity isis-level-1-2 { | |||
| base import-level; | base import-level; | |||
| description | description | |||
| "Identity for IS-IS Level 1 and Level 2 area importation. It | "Identity for IS-IS Level 1 and Level 2 area importation. It | |||
| is only applicable to routes imported into the IS-IS | is only applicable to routes imported into the IS-IS | |||
| protocol."; | protocol."; | |||
| } | } | |||
| identity proto-route-type { | identity proto-route-type { | |||
| description | description | |||
| "Base identity for route type within a protocol."; | "Base identity for route type within a protocol."; | |||
| } | } | |||
| identity isis-level-1-type { | identity isis-level-1-type { | |||
| base proto-route-type; | base proto-route-type; | |||
| description | description | |||
| "Identity for IS-IS Level 1 route type. It is only | "Identity for IS-IS Level 1 route type. It is only | |||
| applicable to IS-IS routes."; | applicable to IS-IS routes."; | |||
| } | } | |||
| identity isis-level-2-type { | identity isis-level-2-type { | |||
| base proto-route-type; | base proto-route-type; | |||
| description | description | |||
| "Identity for IS-IS Level 2 route type. It is only | "Identity for IS-IS Level 2 route type. It is only | |||
| applicable to IS-IS routes."; | applicable to IS-IS routes."; | |||
| } | } | |||
| identity ospf-internal-type { | identity ospf-internal-type { | |||
| base proto-route-type; | base proto-route-type; | |||
| description | description | |||
| "Identity for OSPF intra-area or inter-area route type. | "Identity for OSPF intra-area or inter-area route type. | |||
| It is only applicable to OSPF routes."; | It is only applicable to OSPF routes."; | |||
| } | } | |||
| identity ospf-external-type { | identity ospf-external-type { | |||
| base proto-route-type; | base proto-route-type; | |||
| description | description | |||
| "Identity for OSPF external type 1/2 route type. | "Identity for OSPF external type 1/2 route type. | |||
| It is only applicable to OSPF routes."; | It is only applicable to OSPF routes."; | |||
| } | } | |||
| identity ospf-external-t1 { | identity ospf-external-t1 { | |||
| base ospf-external-type; | base ospf-external-type; | |||
| description | description | |||
| "Identity for OSPF external type 1 route type. | "Identity for OSPF external type 1 route type. | |||
| It is only applicable to OSPF routes."; | It is only applicable to OSPF routes."; | |||
| } | } | |||
| identity ospf-external-t2-type { | identity ospf-external-t2-type { | |||
| base ospf-external-type; | base ospf-external-type; | |||
| description | description | |||
| "Identity for OSPF external type 2 route type. | "Identity for OSPF external type 2 route type. | |||
| It is only applicable to OSPF routes."; | It is only applicable to OSPF routes."; | |||
| } | } | |||
| identity ospf-nssa-type { | identity ospf-nssa-type { | |||
| base proto-route-type; | base proto-route-type; | |||
| description | description | |||
| "Identity for OSPF NSSA type 1/2 route type. | "Identity for OSPF NSSA type 1/2 route type. | |||
| It is only applicable to OSPF routes."; | It is only applicable to OSPF routes."; | |||
| } | } | |||
| identity ospf-nssa-t1 { | identity ospf-nssa-t1 { | |||
| base ospf-nssa-type; | base ospf-nssa-type; | |||
| description | description | |||
| "Identity for OSPF NSSA type 1 route type. | "Identity for OSPF NSSA type 1 route type. | |||
| It is only applicable to OSPF routes."; | It is only applicable to OSPF routes."; | |||
| } | } | |||
| identity ospf-nssa-t2 { | identity ospf-nssa-t2 { | |||
| base ospf-nssa-type; | base ospf-nssa-type; | |||
| description | description | |||
| "Identity for OSPF NSSA type 2 route type. | "Identity for OSPF NSSA type 2 route type. | |||
| It is only applicable to OSPF routes."; | It is only applicable to OSPF routes."; | |||
| } | } | |||
| identity bgp-local { | identity bgp-local { | |||
| base proto-route-type; | base proto-route-type; | |||
| description | description | |||
| "Identity for BGP local route type. | "Identity for BGP local route type. | |||
| It is only applicable to BGP routes."; | It is only applicable to BGP routes."; | |||
| } | } | |||
| identity bgp-external { | identity bgp-external { | |||
| base proto-route-type; | base proto-route-type; | |||
| description | description | |||
| "Identity for BGP external route type. | "Identity for BGP external route type. | |||
| It is only applicable to BGP routes."; | It is only applicable to BGP routes."; | |||
| } | } | |||
| /* Type Definitions */ | /* Type Definitions */ | |||
| typedef default-policy-type { | typedef default-policy-type { | |||
| type enumeration { | type enumeration { | |||
| enum accept-route { | enum accept-route { | |||
| description | description | |||
| "Default policy to accept the route."; | "Default policy to accept the route."; | |||
| } | } | |||
| enum reject-route { | enum reject-route { | |||
| description | description | |||
| "Default policy to reject the route."; | "Default policy to reject the route."; | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "Type used to specify route disposition in | "Type used to specify route disposition in | |||
| a policy chain. This typedef retained for | a policy chain. This typedef retained for | |||
| name compatibility with default import and | name compatibility with default import and | |||
| export policy."; | export policy."; | |||
| } | } | |||
| typedef policy-result-type { | typedef policy-result-type { | |||
| type enumeration { | type enumeration { | |||
| enum accept-route { | enum accept-route { | |||
| description | description | |||
| "Policy accepts the route."; | "Policy accepts the route."; | |||
| } | } | |||
| enum reject-route { | enum reject-route { | |||
| description | description | |||
| "Policy rejects the route."; | "Policy rejects the route."; | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "Type used to specify route disposition in | "Type used to specify route disposition in | |||
| a policy chain."; | a policy chain."; | |||
| } | } | |||
| typedef tag-type { | typedef tag-type { | |||
| type union { | type union { | |||
| type uint32; | type uint32; | |||
| type yang:hex-string; | type yang:hex-string; | |||
| } | } | |||
| description | description | |||
| "Type for expressing route tags on a local system, | "Type for expressing route tags on a local system, | |||
| including IS-IS and OSPF; may be expressed as either decimal | including IS-IS and OSPF; may be expressed as either decimal | |||
| or hexadecimal integer."; | or hexadecimal integer."; | |||
| reference | reference | |||
| "RFC 2178 - OSPF Version 2 | "RFC 2178 - OSPF Version 2 | |||
| RFC 5130 - A Policy Control Mechanism in IS-IS Using | RFC 5130 - A Policy Control Mechanism in IS-IS Using | |||
| Administrative Tags"; | Administrative Tags"; | |||
| } | } | |||
| typedef match-set-options-type { | typedef match-set-options-type { | |||
| type enumeration { | type enumeration { | |||
| enum any { | enum any { | |||
| description | description | |||
| "Match is true if given value matches any member | "Match is true if given value matches any member | |||
| of the defined set."; | of the defined set."; | |||
| } | } | |||
| enum all { | enum all { | |||
| description | description | |||
| "Match is true if given value matches all | "Match is true if given value matches all | |||
| members of the defined set."; | members of the defined set."; | |||
| } | } | |||
| enum invert { | enum invert { | |||
| description | description | |||
| "Match is true if given value does not match any | "Match is true if given value does not match any | |||
| member of the defined set."; | member of the defined set."; | |||
| } | } | |||
| } | } | |||
| default any; | default any; | |||
| description | description | |||
| "Options that govern the behavior of a match statement. The | "Options that govern the behavior of a match statement. The | |||
| default behavior is any, i.e., the given value matches any | default behavior is any, i.e., the given value matches any | |||
| of the members of the defined set."; | of the members of the defined set."; | |||
| } | } | |||
| typedef metric-modification-type { | typedef metric-modification-type { | |||
| type enumeration { | type enumeration { | |||
| enum set-metric { | enum set-metric { | |||
| description | description | |||
| "Set the metric to the specified value."; | "Set the metric to the specified value."; | |||
| } | } | |||
| enum add-metric { | enum add-metric { | |||
| description | description | |||
| "Add the specified value to the existing metric. | "Add the specified value to the existing metric. | |||
| If the result would exceed the the maximum metric | If the result would exceed the maximum metric | |||
| (0xffffffff), set the metric to the maximum."; | (0xffffffff), set the metric to the maximum."; | |||
| } | } | |||
| enum subtract-metric { | enum subtract-metric { | |||
| description | description | |||
| "Subtract the specified value to the existing metric. | "Subtract the specified value to the existing metric. If | |||
| If the result would be less than 0, set the metric to 0."; | the result would be less than 0, set the metric to 0."; | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "Type used to specify how to set the metric given the | "Type used to specify how to set the metric given the | |||
| specified value."; | specified value."; | |||
| } | } | |||
| /* Groupings */ | /* Groupings */ | |||
| grouping prefix { | grouping prefix { | |||
| description | description | |||
| "Configuration data for a prefix definition."; | "Configuration data for a prefix definition."; | |||
| leaf ip-prefix { | leaf ip-prefix { | |||
| type inet:ip-prefix; | type inet:ip-prefix; | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "The prefix member in CIDR notation -- while the | "The prefix member in CIDR notation -- while the | |||
| prefix may be either IPv4 or IPv6, most | prefix may be either IPv4 or IPv6, most | |||
| implementations require all members of the prefix set | implementations require all members of the prefix set | |||
| to be the same address family. Mixing address types in | to be the same address family. Mixing address types in | |||
| the same prefix set is likely to cause an error."; | the same prefix set is likely to cause an error."; | |||
| } | } | |||
| leaf mask-length-lower { | leaf mask-length-lower { | |||
| type uint8; | type uint8; | |||
| description | description | |||
| "Mask length range lower bound."; | "Mask length range lower bound."; | |||
| } | } | |||
| leaf mask-length-upper { | leaf mask-length-upper { | |||
| type uint8 { | type uint8 { | |||
| range "1..128"; | range "1..128"; | |||
| } | } | |||
| must "../mask-length-upper >= ../mask-length-lower" { | must "../mask-length-upper >= ../mask-length-lower" { | |||
| error-message "The upper bound should not be less" | error-message "The upper bound should not be less" | |||
| + "than lower bound."; | + "than lower bound."; | |||
| } | } | |||
| description | description | |||
| "Mask length range upper bound. | "Mask length range upper bound. | |||
| The combination of mask-length-lower and mask-length-upper | The combination of mask-length-lower and mask-length-upper | |||
| define a range for the mask length, or single 'exact' | define a range for the mask length, or single 'exact' | |||
| length if mask-length-lower and mask-length-upper are equal. | length if mask-length-lower and mask-length-upper are | |||
| equal. | ||||
| Example: 192.0.2.0/24 through 192.0.2.0/26 would be | Example: 192.0.2.0/24 through 192.0.2.0/26 would be | |||
| expressed as prefix: 192.0.2.0/24, | expressed as prefix: 192.0.2.0/24, | |||
| mask-length-lower=24, | mask-length-lower=24, | |||
| mask-length-upper=26 | mask-length-upper=26 | |||
| Example: 192.0.2.0/24 (an exact match) would be | Example: 192.0.2.0/24 (an exact match) would be | |||
| expressed as prefix: 192.0.2.0/24, | expressed as prefix: 192.0.2.0/24, | |||
| mask-length-lower=24, | mask-length-lower=24, | |||
| mask-length-upper=24"; | mask-length-upper=24"; | |||
| } | } | |||
| } | } | |||
| grouping match-set-options-group { | grouping match-set-options-group { | |||
| description | description | |||
| "Grouping containing options relating to how a particular set | "Grouping containing options relating to how a particular set | |||
| should be matched."; | should be matched."; | |||
| leaf match-set-options { | leaf match-set-options { | |||
| type match-set-options-type; | type match-set-options-type; | |||
| description | description | |||
| "Optional parameter that governs the behavior of the | "Optional parameter that governs the behavior of the | |||
| match operation."; | match operation."; | |||
| } | } | |||
| } | } | |||
| grouping match-set-options-restricted-group { | grouping match-set-options-restricted-group { | |||
| description | description | |||
| "Grouping for a restricted set of match operation modifiers."; | "Grouping for a restricted set of match operation | |||
| modifiers."; | ||||
| leaf match-set-options { | leaf match-set-options { | |||
| type match-set-options-type { | type match-set-options-type { | |||
| enum any { | enum any { | |||
| description | description | |||
| "Match is true if given value matches any | "Match is true if given value matches any | |||
| member of the defined set."; | member of the defined set."; | |||
| } | } | |||
| enum invert { | enum invert { | |||
| description | description | |||
| "Match is true if given value does not match | "Match is true if given value does not match | |||
| any member of the defined set."; | any member of the defined set."; | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "Optional parameter that governs the behavior of the | "Optional parameter that governs the behavior of the | |||
| match operation. This leaf only supports matching on | match operation. This leaf only supports matching on | |||
| 'any' member of the set or 'invert' the match. | 'any' member of the set or 'invert' the match. | |||
| Matching on 'all' is not supported."; | Matching on 'all' is not supported."; | |||
| } | } | |||
| } | } | |||
| grouping match-interface-condition { | grouping match-interface-condition { | |||
| description | description | |||
| "This grouping provides interface match condition."; | "This grouping provides interface match condition."; | |||
| container match-interface { | container match-interface { | |||
| leaf interface { | leaf interface { | |||
| type leafref { | type leafref { | |||
| path "/if:interfaces/if:interface/if:name"; | path "/if:interfaces/if:interface/if:name"; | |||
| } | } | |||
| description | description | |||
| "Reference to a base interface. If a reference to a | "Reference to a base interface. If a reference to a | |||
| subinterface is required, this leaf must be specified | subinterface is required, this leaf must be specified | |||
| to indicate the base interface."; | to indicate the base interface."; | |||
| } | } | |||
| leaf subinterface { | leaf subinterface { | |||
| type leafref { | type leafref { | |||
| path "/if:interfaces/if:interface/if-ext:encapsulation" | path "/if:interfaces/if:interface/if-ext:encapsulation" | |||
| + "/if-l3-vlan:dot1q-vlan" | + "/if-l3-vlan:dot1q-vlan" | |||
| + "/if-l3-vlan:outer-tag/if-l3-vlan:vlan-id"; | + "/if-l3-vlan:outer-tag/if-l3-vlan:vlan-id"; | |||
| } | } | |||
| description | description | |||
| "Reference to a subinterface -- this requires the base | "Reference to a subinterface -- this requires the base | |||
| interface to be specified using the interface leaf in | interface to be specified using the interface leaf in | |||
| this container. If only a reference to a base interface | this container. If only a reference to a base interface | |||
| is required, this leaf should not be set."; | is required, this leaf should not be set."; | |||
| } | } | |||
| description | description | |||
| "Container for interface match conditions"; | "Container for interface match conditions"; | |||
| } | } | |||
| } | } | |||
| grouping match-proto-route-type-condition { | grouping match-proto-route-type-condition { | |||
| description | description | |||
| "This grouping provides route-type match condition"; | "This grouping provides route-type match condition"; | |||
| leaf-list match-proto-route-type { | leaf-list match-proto-route-type { | |||
| type identityref { | type identityref { | |||
| base proto-route-type; | base proto-route-type; | |||
| } | } | |||
| description | description | |||
| "Condition to check the protocol specific type | "Condition to check the protocol specific type | |||
| of route. This is normally used during route | of route. This is normally used during route | |||
| importation to select routes or to set protocol | importation to select routes or to set protocol | |||
| specific attributes based on the route type."; | specific attributes based on the route type."; | |||
| } | } | |||
| } | } | |||
| grouping prefix-set-condition { | grouping prefix-set-condition { | |||
| description | description | |||
| "This grouping provides prefix-set conditions."; | "This grouping provides prefix-set conditions."; | |||
| container match-prefix-set { | container match-prefix-set { | |||
| leaf prefix-set { | leaf prefix-set { | |||
| type leafref { | type leafref { | |||
| path "../../../../../../../defined-sets/" + | path "../../../../../../../defined-sets/" + | |||
| "prefix-sets/prefix-set/name"; | "prefix-sets/prefix-set/name"; | |||
| } | } | |||
| description | description | |||
| "References a defined prefix set."; | "References a defined prefix set."; | |||
| } | } | |||
| uses match-set-options-restricted-group; | uses match-set-options-restricted-group; | |||
| description | description | |||
| "Match a referenced prefix-set according to the logic | "Match a referenced prefix-set according to the logic | |||
| defined in the match-set-options leaf."; | defined in the match-set-options leaf."; | |||
| } | } | |||
| } | } | |||
| grouping neighbor-set-condition { | grouping neighbor-set-condition { | |||
| description | description | |||
| "This grouping provides neighbor-set conditions."; | "This grouping provides neighbor-set conditions."; | |||
| container match-neighbor-set { | container match-neighbor-set { | |||
| leaf neighbor-set { | leaf neighbor-set { | |||
| type leafref { | type leafref { | |||
| path "../../../../../../../defined-sets/neighbor-sets/" + | path "../../../../../../../defined-sets/neighbor-sets/" + | |||
| "neighbor-set/name"; | "neighbor-set/name"; | |||
| require-instance true; | require-instance true; | |||
| } | } | |||
| description | description | |||
| "References a defined neighbor set."; | "References a defined neighbor set."; | |||
| } | } | |||
| description | description | |||
| "Match a referenced neighbor set according to the logic | "Match a referenced neighbor set according to the logic | |||
| defined in the match-set-options-leaf."; | defined in the match-set-options-leaf."; | |||
| } | } | |||
| } | } | |||
| grouping tag-set-condition { | grouping tag-set-condition { | |||
| description | description | |||
| "This grouping provides tag-set conditions."; | "This grouping provides tag-set conditions."; | |||
| container match-tag-set { | container match-tag-set { | |||
| leaf tag-set { | leaf tag-set { | |||
| type leafref { | type leafref { | |||
| path "../../../../../../../defined-sets/tag-sets" + | path "../../../../../../../defined-sets/tag-sets" + | |||
| "/tag-set/name"; | "/tag-set/name"; | |||
| require-instance true; | require-instance true; | |||
| } | } | |||
| description | description | |||
| "References a defined tag set."; | "References a defined tag set."; | |||
| } | } | |||
| uses match-set-options-restricted-group; | uses match-set-options-restricted-group; | |||
| description | description | |||
| "Match a referenced tag set according to the logic defined | "Match a referenced tag set according to the logic defined | |||
| in the match-options-set leaf."; | in the match-options-set leaf."; | |||
| } | } | |||
| } | } | |||
| grouping apply-policy-import { | grouping apply-policy-import { | |||
| description | description | |||
| "Grouping for applying import policies."; | "Grouping for applying import policies."; | |||
| leaf-list import-policy { | leaf-list import-policy { | |||
| type leafref { | type leafref { | |||
| path "/rt-pol:routing-policy/rt-pol:policy-definitions/" + | path "/rt-pol:routing-policy/rt-pol:policy-definitions/" + | |||
| "rt-pol:policy-definition/rt-pol:name"; | "rt-pol:policy-definition/rt-pol:name"; | |||
| require-instance true; | require-instance true; | |||
| } | } | |||
| ordered-by user; | ordered-by user; | |||
| description | description | |||
| "List of policy names in sequence to be applied on | "List of policy names in sequence to be applied on | |||
| receiving a routing update in the current context, e.g., | receiving a routing update in the current context, e.g., | |||
| for the current peer group, neighbor, address family, | for the current peer group, neighbor, address family, | |||
| etc."; | etc."; | |||
| } | } | |||
| leaf default-import-policy { | leaf default-import-policy { | |||
| type default-policy-type; | type default-policy-type; | |||
| default reject-route; | default reject-route; | |||
| description | description | |||
| "Explicitly set a default policy if no policy definition | "Explicitly set a default policy if no policy definition | |||
| in the import policy chain is satisfied."; | in the import policy chain is satisfied."; | |||
| } | } | |||
| } | } | |||
| grouping apply-policy-export { | grouping apply-policy-export { | |||
| description | description | |||
| "Grouping for applying export policies."; | "Grouping for applying export policies."; | |||
| leaf-list export-policy { | leaf-list export-policy { | |||
| type leafref { | type leafref { | |||
| path "/rt-pol:routing-policy/rt-pol:policy-definitions/" + | path "/rt-pol:routing-policy/rt-pol:policy-definitions/" + | |||
| "rt-pol:policy-definition/rt-pol:name"; | "rt-pol:policy-definition/rt-pol:name"; | |||
| require-instance true; | require-instance true; | |||
| } | } | |||
| ordered-by user; | ordered-by user; | |||
| description | description | |||
| "List of policy names in sequence to be applied on | "List of policy names in sequence to be applied on | |||
| sending a routing update in the current context, e.g., | sending a routing update in the current context, e.g., | |||
| for the current peer group, neighbor, address family, | for the current peer group, neighbor, address family, | |||
| etc."; | etc."; | |||
| } | } | |||
| leaf default-export-policy { | leaf default-export-policy { | |||
| type default-policy-type; | type default-policy-type; | |||
| default reject-route; | default reject-route; | |||
| description | description | |||
| "Explicitly set a default policy if no policy definition | "Explicitly set a default policy if no policy definition | |||
| in the export policy chain is satisfied."; | in the export policy chain is satisfied."; | |||
| } | } | |||
| } | } | |||
| grouping apply-policy-group { | grouping apply-policy-group { | |||
| description | description | |||
| "Top level container for routing policy applications. This | "Top level container for routing policy applications. This | |||
| grouping is intended to be used in routing models where | grouping is intended to be used in routing models where | |||
| needed."; | needed."; | |||
| container apply-policy { | container apply-policy { | |||
| description | description | |||
| "Anchor point for routing policies in the model. | "Anchor point for routing policies in the model. | |||
| Import and export policies are with respect to the local | Import and export policies are with respect to the local | |||
| routing table, i.e., export (send) and import (receive), | routing table, i.e., export (send) and import (receive), | |||
| depending on the context."; | depending on the context."; | |||
| uses apply-policy-import; | uses apply-policy-import; | |||
| uses apply-policy-export; | uses apply-policy-export; | |||
| } | } | |||
| } | } | |||
| container routing-policy { | container routing-policy { | |||
| description | description | |||
| "Top-level container for all routing policy."; | "Top-level container for all routing policy."; | |||
| container defined-sets { | container defined-sets { | |||
| description | description | |||
| "Predefined sets of attributes used in policy match | "Predefined sets of attributes used in policy match | |||
| statements."; | statements."; | |||
| container prefix-sets { | container prefix-sets { | |||
| description | description | |||
| "Data definitions for a list of IPv4 or IPv6 | "Data definitions for a list of IPv4 or IPv6 | |||
| prefixes which are matched as part of a policy."; | prefixes which are matched as part of a policy."; | |||
| list prefix-set { | list prefix-set { | |||
| key "name"; | key "name"; | |||
| description | description | |||
| "List of the defined prefix sets"; | "List of the defined prefix sets"; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "Name of the prefix set -- this is used as a label to | "Name of the prefix set -- this is used as a label to | |||
| reference the set in match conditions."; | reference the set in match conditions."; | |||
| } | } | |||
| leaf mode { | leaf mode { | |||
| type enumeration { | type enumeration { | |||
| enum ipv4 { | enum ipv4 { | |||
| description | description | |||
| "Prefix set contains IPv4 prefixes only."; | "Prefix set contains IPv4 prefixes only."; | |||
| } | } | |||
| enum ipv6 { | enum ipv6 { | |||
| description | description | |||
| "Prefix set contains IPv6 prefixes only."; | "Prefix set contains IPv6 prefixes only."; | |||
| } | } | |||
| enum mixed { | enum mixed { | |||
| description | description | |||
| "Prefix set contains mixed IPv4 and IPv6 prefixes."; | "Prefix set contains mixed IPv4 and IPv6 | |||
| } | prefixes."; | |||
| } | } | |||
| description | } | |||
| "Indicates the mode of the prefix set, in terms of which | description | |||
| address families (IPv4, IPv6, or both) are present. The | "Indicates the mode of the prefix set, in terms of | |||
| mode provides a hint, but the device must validate that | which address families (IPv4, IPv6, or both) are | |||
| all prefixes are of the indicated type, and is expected | present. The mode provides a hint, but the device | |||
| to reject the configuration if there is a discrepancy. | must validate that all prefixes are of the indicated | |||
| The MIXED mode may not be supported on devices that | type, and is expected to reject the configuration if | |||
| require prefix sets to be of only one address family."; | there is a discrepancy. The MIXED mode may not be | |||
| } | supported on devices that require prefix sets to be | |||
| of only one address family."; | ||||
| } | ||||
| container prefixes { | container prefixes { | |||
| description | description | |||
| "Container for the list of prefixes in a policy | "Container for the list of prefixes in a policy | |||
| prefix list."; | prefix list."; | |||
| list prefix-list { | list prefix-list { | |||
| key "ip-prefix mask-length-lower mask-length-upper"; | key "ip-prefix mask-length-lower mask-length-upper"; | |||
| description | description | |||
| "List of prefixes in the prefix set."; | "List of prefixes in the prefix set."; | |||
| uses prefix; | uses prefix; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| container neighbor-sets { | container neighbor-sets { | |||
| description | description | |||
| "Data definition for a list of IPv4 or IPv6 | "Data definition for a list of IPv4 or IPv6 | |||
| neighbors which can be matched in a routing policy."; | neighbors which can be matched in a routing policy."; | |||
| list neighbor-set { | list neighbor-set { | |||
| key "name"; | key "name"; | |||
| description | description | |||
| "List of defined neighbor sets for use in policies."; | "List of defined neighbor sets for use in policies."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "Name of the neighbor set -- this is used as a label | "Name of the neighbor set -- this is used as a label | |||
| to reference the set in match conditions."; | to reference the set in match conditions."; | |||
| } | } | |||
| leaf-list address { | leaf-list address { | |||
| type inet:ip-address; | type inet:ip-address; | |||
| description | description | |||
| "List of IP addresses in the neighbor set."; | "List of IP addresses in the neighbor set."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| container tag-sets { | container tag-sets { | |||
| description | description | |||
| "Data definitions for a list of tags which can | "Data definitions for a list of tags which can | |||
| be matched in policies."; | be matched in policies."; | |||
| list tag-set { | list tag-set { | |||
| key "name"; | key "name"; | |||
| description | description | |||
| "List of tag set definitions."; | "List of tag set definitions."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "Name of the tag set -- this is used as a label to | "Name of the tag set -- this is used as a label to | |||
| reference the set in match conditions."; | reference the set in match conditions."; | |||
| } | } | |||
| leaf-list tag-value { | leaf-list tag-value { | |||
| type tag-type; | type tag-type; | |||
| description | description | |||
| "Value of the tag set member."; | "Value of the tag set member."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| container policy-definitions { | container policy-definitions { | |||
| description | description | |||
| "Enclosing container for the list of top-level policy | "Enclosing container for the list of top-level policy | |||
| definitions."; | definitions."; | |||
| list policy-definition { | list policy-definition { | |||
| key "name"; | key "name"; | |||
| description | description | |||
| "List of top-level policy definitions, keyed by unique | "List of top-level policy definitions, keyed by unique | |||
| name. These policy definitions are expected to be | name. These policy definitions are expected to be | |||
| referenced (by name) in policy chains specified in import | referenced (by name) in policy chains specified in | |||
| or export configuration statements."; | import or export configuration statements."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "Name of the top-level policy definition -- this name | "Name of the top-level policy definition -- this name | |||
| is used in references to the current policy."; | is used in references to the current policy."; | |||
| } | } | |||
| container statements { | container statements { | |||
| description | description | |||
| "Enclosing container for policy statements."; | "Enclosing container for policy statements."; | |||
| list statement { | list statement { | |||
| key "name"; | key "name"; | |||
| ordered-by user; | ordered-by user; | |||
| description | description | |||
| "Policy statements group conditions and actions | "Policy statements group conditions and actions | |||
| within a policy definition. They are evaluated in | within a policy definition. They are evaluated in | |||
| the order specified (see the description of policy | the order specified (see the description of policy | |||
| evaluation at the top of this module."; | evaluation at the top of this module."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "Name of the policy statement."; | "Name of the policy statement."; | |||
| } | } | |||
| container conditions { | container conditions { | |||
| description | description | |||
| "Condition statements for the current policy | "Condition statements for the current policy | |||
| statement."; | statement."; | |||
| leaf call-policy { | leaf call-policy { | |||
| type leafref { | type leafref { | |||
| path "../../../../../../" + | path "../../../../../../" + | |||
| "rt-pol:policy-definitions/" + | "rt-pol:policy-definitions/" + | |||
| "rt-pol:policy-definition/rt-pol:name"; | "rt-pol:policy-definition/rt-pol:name"; | |||
| require-instance true; | require-instance true; | |||
| } | } | |||
| description | description | |||
| "Applies the statements from the specified policy | "Applies the statements from the specified policy | |||
| definition and then returns control the current | definition and then returns control the current | |||
| policy statement. Note that the called policy may | policy statement. Note that the called policy | |||
| itself call other policies (subject to | may itself call other policies (subject to | |||
| implementation limitations). This is intended to | implementation limitations). This is intended to | |||
| provide a policy 'subroutine' capability. The | provide a policy 'subroutine' capability. The | |||
| called policy should contain an explicit or a | called policy should contain an explicit or a | |||
| default route disposition that returns an | default route disposition that returns an | |||
| effective true (accept-route) or false | effective true (accept-route) or false | |||
| (reject-route), otherwise the behavior may be | (reject-route), otherwise the behavior may be | |||
| ambiguous and implementation dependent."; | ambiguous and implementation dependent."; | |||
| } | } | |||
| leaf source-protocol { | leaf source-protocol { | |||
| type identityref { | type identityref { | |||
| base rt:control-plane-protocol; | base rt:control-plane-protocol; | |||
| } | } | |||
| description | description | |||
| "Condition to check the protocol / method used to | "Condition to check the protocol / method used to | |||
| install the route into the local routing table."; | install the route into the local routing table."; | |||
| } | } | |||
| uses match-interface-condition; | uses match-interface-condition; | |||
| uses prefix-set-condition; | uses prefix-set-condition; | |||
| uses neighbor-set-condition; | uses neighbor-set-condition; | |||
| uses tag-set-condition; | uses tag-set-condition; | |||
| uses match-proto-route-type-condition; | uses match-proto-route-type-condition; | |||
| } | } | |||
| container actions { | container actions { | |||
| description | description | |||
| "Top-level container for policy action statements."; | "Top-level container for policy action | |||
| leaf policy-result { | statements."; | |||
| type policy-result-type; | leaf policy-result { | |||
| description | type policy-result-type; | |||
| "Select the final disposition for the route, either | description | |||
| accept or reject."; | "Select the final disposition for the route, | |||
| } | either accept or reject."; | |||
| container set-metric { | } | |||
| leaf metric-modification { | container set-metric { | |||
| type metric-modification-type; | leaf metric-modification { | |||
| description | type metric-modification-type; | |||
| "Indicates how to modify the metric."; | description | |||
| } | "Indicates how to modify the metric."; | |||
| leaf metric { | } | |||
| type uint32; | leaf metric { | |||
| description | type uint32; | |||
| "Metric value to set, add, or subtract."; | description | |||
| } | "Metric value to set, add, or subtract."; | |||
| description | } | |||
| "Set the metric for the route."; | description | |||
| } | "Set the metric for the route."; | |||
| container set-metric-type { | } | |||
| leaf metric-type { | container set-metric-type { | |||
| type identityref { | leaf metric-type { | |||
| base metric-type; | type identityref { | |||
| } | base metric-type; | |||
| description | } | |||
| "Route metric type."; | description | |||
| } | "Route metric type."; | |||
| description | } | |||
| "Set the metric type for the route."; | description | |||
| } | "Set the metric type for the route."; | |||
| container set-import-level { | } | |||
| leaf import-level { | container set-import-level { | |||
| type identityref { | leaf import-level { | |||
| base import-level; | type identityref { | |||
| } | base import-level; | |||
| description | } | |||
| "Route importation level."; | description | |||
| } | "Route importation level."; | |||
| description | } | |||
| "Set the import level for importation of routes."; | description | |||
| } | "Set the import level for importation of | |||
| leaf set-preference { | routes."; | |||
| type uint16; | } | |||
| description | leaf set-preference { | |||
| "Set the preference for the route."; | type uint16; | |||
| } | description | |||
| leaf set-tag { | "Set the preference for the route."; | |||
| type tag-type; | } | |||
| description | leaf set-tag { | |||
| "Set the tag for the route."; | type tag-type; | |||
| } | description | |||
| leaf set-application-tag { | "Set the tag for the route."; | |||
| type tag-type; | } | |||
| description | leaf set-application-tag { | |||
| "Set the application tag for the route."; | type tag-type; | |||
| } | description | |||
| } | "Set the application tag for the route."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| <CODE ENDS> | } | |||
| } | ||||
| <CODE ENDS> | ||||
| 11. Policy examples | 11. Policy examples | |||
| Below we show an example of XML-encoded configuration data using the | Below we show an example of XML-encoded configuration data using the | |||
| routing policy and BGP models to illustrate both how policies are | routing policy and BGP models to illustrate both how policies are | |||
| defined, and also how they can be applied. Note that the XML has | defined, and also how they can be applied. Note that the XML has | |||
| been simplified for readability. | been simplified for readability. | |||
| <config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
| <routing-policy | <routing-policy | |||
| skipping to change at page 36, line 22 ¶ | skipping to change at page 36, line 22 ¶ | |||
| </routing-policy> | </routing-policy> | |||
| </config> | </config> | |||
| 12. References | 12. References | |||
| 12.1. Normative references | 12.1. Normative references | |||
| [INTF-EXT-YANG] | [INTF-EXT-YANG] | |||
| Wilton, R., Ball, D., tapsingh@cisco.com, t., and S. | Wilton, R., Ball, D., tapsingh@cisco.com, t., and S. | |||
| Sivaraj,, "Common Interface Extension YANG Data Models", | Sivaraj,, "Common Interface Extension YANG Data Models", | |||
| 2019, <https://datatracker.ietf.org/doc/draft-ietf-netmod- | 2019, <https://datatracker.ietf.org/doc/ | |||
| intf-ext-yang/>. | draft-ietf-netmod-intf-ext-yang/>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | |||
| DOI 10.17487/RFC3688, January 2004, | DOI 10.17487/RFC3688, January 2004, | |||
| <https://www.rfc-editor.org/info/rfc3688>. | <https://www.rfc-editor.org/info/rfc3688>. | |||
| skipping to change at page 38, line 8 ¶ | skipping to change at page 38, line 8 ¶ | |||
| DOI 10.17487/RFC8349, March 2018, | DOI 10.17487/RFC8349, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8349>. | <https://www.rfc-editor.org/info/rfc8349>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [SUB-INTF-VLAN-YANG] | [SUB-INTF-VLAN-YANG] | |||
| Wilton, R., Ball, D., tapsingh@cisco.com, t., and S. | Wilton, R., Ball, D., tapsingh@cisco.com, t., and S. | |||
| Sivaraj, "Sub-interface VLAN YANG Data Model", 2019, | Sivaraj, "Sub-interface VLAN YANG Data Model", 2019, | |||
| <https://datatracker.ietf.org/doc/draft-ietf-netmod-sub- | <https://datatracker.ietf.org/doc/ | |||
| intf-vlan-model/>. | draft-ietf-netmod-sub-intf-vlan-model/>. | |||
| 12.2. Informative references | 12.2. Informative references | |||
| [I-D.ietf-idr-bgp-model] | [I-D.ietf-idr-bgp-model] | |||
| Jethanandani, M., Patel, K., Hares, S., and J. Haas, "BGP | Jethanandani, M., Patel, K., Hares, S., and J. Haas, "BGP | |||
| YANG Model for Service Provider Networks", draft-ietf-idr- | YANG Model for Service Provider Networks", draft-ietf-idr- | |||
| bgp-model-08 (work in progress), February 2020. | bgp-model-08 (work in progress), February 2020. | |||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| skipping to change at page 38, line 31 ¶ | skipping to change at page 38, line 31 ¶ | |||
| OpenConfig route policy model. The authors would like to thank to | OpenConfig route policy model. The authors would like to thank to | |||
| OpenConfig for their contributions, especially Anees Shaikh, Rob | OpenConfig for their contributions, especially Anees Shaikh, Rob | |||
| Shakir, Kevin D'Souza, and Chris Chase. | Shakir, Kevin D'Souza, and Chris Chase. | |||
| The authors are grateful for valuable contributions to this document | The authors are grateful for valuable contributions to this document | |||
| and the associated models from: Ebben Aires, Luyuan Fang, Josh | and the associated models from: Ebben Aires, Luyuan Fang, Josh | |||
| George, Stephane Litkowski, Ina Minei, Carl Moberg, Eric Osborne, | George, Stephane Litkowski, Ina Minei, Carl Moberg, Eric Osborne, | |||
| Steve Padgett, Juergen Schoenwaelder, Jim Uttaro, Russ White, and | Steve Padgett, Juergen Schoenwaelder, Jim Uttaro, Russ White, and | |||
| John Heasley. | John Heasley. | |||
| Thanks to Mahesh Jethanandani for valuable comments. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Yingzhen Qu | Yingzhen Qu | |||
| Futurewei | Futurewei | |||
| 2330 Central Expressway | 2330 Central Expressway | |||
| Santa Clara CA 95050 | Santa Clara CA 95050 | |||
| USA | USA | |||
| Email: yingzhen.qu@futurewei.com | Email: yingzhen.qu@futurewei.com | |||
| Jeff Tantsura | Jeff Tantsura | |||
| Apstra | Apstra | |||
| Email: jefftant.ietf@gmail.com | Email: jefftant.ietf@gmail.com | |||
| Acee Lindem | Acee Lindem | |||
| Cisco | Cisco | |||
| 301 Mindenhall Way | 301 Midenhall Way | |||
| Cary, NC 27513 | Cary, NC 27513 | |||
| US | US | |||
| Email: acee@cisco.com | Email: acee@cisco.com | |||
| Xufeng Liu | Xufeng Liu | |||
| Volta Networks | Volta Networks | |||
| Email: xufeng.liu.ietf@gmail.com | Email: xufeng.liu.ietf@gmail.com | |||
| End of changes. 130 change blocks. | ||||
| 851 lines changed or deleted | 861 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||