idnits 2.17.1 draft-ietf-i2rs-pkt-eca-data-model-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 1 character in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 346 has weird spacing: '...on-info strin...' == Line 424 has weird spacing: '... +--rw ecq-q...' == Line 437 has weird spacing: '...ext-hop rib-n...' == Line 483 has weird spacing: '...dentity match...' == Line 635 has weird spacing: '... base servi...' -- The document date (July 1, 2016) is 2856 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.ietf-i2rs-architecture' is defined on line 1914, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-i2rs-rib-info-model' is defined on line 1920, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-netconf-restconf' is defined on line 1925, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-netmod-acl-model' is defined on line 1930, but no explicit reference was found in the text == Unused Reference: 'RFC2119' is defined on line 1936, but no explicit reference was found in the text == Outdated reference: A later version (-17) exists of draft-ietf-i2rs-rib-info-model-08 == Outdated reference: A later version (-18) exists of draft-ietf-netconf-restconf-14 == Outdated reference: A later version (-21) exists of draft-ietf-netmod-acl-model-07 Summary: 1 error (**), 0 flaws (~~), 14 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 I2RS working group S. Hares 3 Internet-Draft Q. Wu 4 Intended status: Standards Track Huawei 5 Expires: January 2, 2017 R. White 6 Ericsson 7 July 1, 2016 9 Filter-Based Packet Forwarding ECA Policy 10 draft-ietf-i2rs-pkt-eca-data-model-01.txt 12 Abstract 14 This document describes the yang data model for packet forwarding 15 policy that filters received packets and forwards (or drops) the 16 packets. Prior to forwarding the packets out other interfaces, some 17 of the fields in the packets may be modified. If one considers the 18 packet reception an event, this packet policy is a minimalistic 19 Event-Match Condition-Action policy. This policy controls forwarding 20 of packets received by a routing device on one or more interfaces on 21 which this policy is enabled. The policy is composed of an ordered 22 list of policy rules. Each policy policy rule contains a set of 23 match conditions that filters for packets plus a set of actions to 24 modify the packet and forward packets. The match conditions can 25 match tuples in multiple layers (L1-L4, application), interface 26 received on, and and other conditions regarding the packet (size of 27 packet, time of day). The modify packet actions allow for setting 28 things within the packet plus decapsulation and encapsulation packet. 29 The forwarding actions include forwarding via interfaces, tunnels, or 30 nexthops and dropping the packet. The policy model can be used with 31 the session ephemeral (BGP Flow Specifications), reboot ephemeral 32 state (I2RS ephemeral), and non-ephemeral routing/forwarding state 33 (e.g. configuration state ). 35 Status of This Memo 37 This Internet-Draft is submitted in full conformance with the 38 provisions of BCP 78 and BCP 79. 40 Internet-Drafts are working documents of the Internet Engineering 41 Task Force (IETF). Note that other groups may also distribute 42 working documents as Internet-Drafts. The list of current Internet- 43 Drafts is at http://datatracker.ietf.org/drafts/current/. 45 Internet-Drafts are draft documents valid for a maximum of six months 46 and may be updated, replaced, or obsoleted by other documents at any 47 time. It is inappropriate to use Internet-Drafts as reference 48 material or to cite them other than as "work in progress." 49 This Internet-Draft will expire on January 2, 2017. 51 Copyright Notice 53 Copyright (c) 2016 IETF Trust and the persons identified as the 54 document authors. All rights reserved. 56 This document is subject to BCP 78 and the IETF Trust's Legal 57 Provisions Relating to IETF Documents 58 (http://trustee.ietf.org/license-info) in effect on the date of 59 publication of this document. Please review these documents 60 carefully, as they describe your rights and restrictions with respect 61 to this document. Code Components extracted from this document must 62 include Simplified BSD License text as described in Section 4.e of 63 the Trust Legal Provisions and are provided without warranty as 64 described in the Simplified BSD License. 66 Table of Contents 68 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 69 1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 3 70 1.2. Antecedents this Policy in IETF . . . . . . . . . . . . . 3 71 2. Generic Route Filters/Policy Overview . . . . . . . . . . . . 4 72 3. BNP Rule Groups . . . . . . . . . . . . . . . . . . . . . . . 5 73 4. BNP Generic Info Model in High Level Yang . . . . . . . . . . 7 74 5. i2rs-eca-policy Yang module . . . . . . . . . . . . . . . . . 11 75 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 41 76 7. Security Considerations . . . . . . . . . . . . . . . . . . . 41 77 8. Informative References . . . . . . . . . . . . . . . . . . . 42 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42 80 1. Introduction 82 This document describes the yang data model for packet forwarding 83 policy that filters received packets and forwards (or drops) the 84 packets. Prior to forwarding the packets out other interfaces, some 85 of the fields in the packets may be modified. If one considers the 86 reception of a packet as an event, this minimalistic Event-Match 87 Condition-Action policy. If one considers the reception of packets 88 containing Layer 1 to Layer 4 + application data a single packet, 89 then this minimalistic policy can be called a packet-only ECA policy. 90 This document will use the term packet-only ECA policy for this model 91 utilizing the term "packet" in this fashion. 93 This packet-only ECA policy data model supports an ordered list of 94 ECA policy rules where each policy rule has a name. The match 95 condition filters include matches on 96 o packet headers for layer 1 to layer 4, 98 o application protocol data and headers, 100 o interfaces the packet was received on, 102 o time packet was received, and 104 o size of packet. 106 The actions include packet modify actions and forwarding options. 107 The modify options allow for the following: 109 o setting fields in the packet header at Layer 2 (L2) to Layer 4 110 (L4), and 112 o encapsulation and decapsulation the packet. 114 The forwardingng actions allow forwardsing the packet via interfaces, 115 tunnels, next-hops, or dropping the packet. setting things within 116 the packet at Layer 2 (L2) to layer 4 (L4) plus overlay or 117 application data. 119 The first section of this draft contains an overview of the policy 120 structure. The second provides a high-level yang module. The third 121 contains the yang module. 123 1.1. Definitions and Acronyms 125 INSTANCE: Routing Code often has the ability to spin up multiple 126 copies of itself into virtual machines. Each Routing code 127 instance or each protocol instance is denoted as Foo_INSTANCE in 128 the text below. 130 NETCONF: The Network Configuration Protocol 132 PCIM - Policy Core Information Model 134 RESTconf - http programmatic protocol to access yang modules 136 1.2. Antecedents this Policy in IETF 138 Antecedents to this generic policy are the generic policy work done 139 in PCIM WG. The PCIM work contains a Policy Core Information Model 140 (PCIM) [RFC3060], Policy Core Informational Model Extensions 141 [RFC3460] and the Quality of Service (QoS) Policy Information Model 142 (QPIM) ([RFC3644]) From PCIM comes the concept that policy rules 143 which are combined into policy groups. PCIM also refined a concept 144 of policy sets that allowed the nesting and aggregation of policy 145 groups. This generic model did not utilize the concept of sets of 146 groups, but could be expanded to include sets of groups in the 147 future. 149 2. Generic Route Filters/Policy Overview 151 This generic policy model represents filter or routing policies as 152 rules and groups of rules. 154 The basic concept are: 156 Rule Group 158 A rule group is is an ordered set of rules . 160 Rule 162 A Rule is represented by the semantics "If Condition then Action". 163 A Rule may have a priority assigned to it. 165 +-----------+ +------------+ 166 |Rule Group | | Rule Group | 167 +-----------+ +------------+ 168 ^ ^ 169 | | 170 | | 171 +--------^-------+ +-------^-------+ 172 | Rule | | Rule | 173 +----------------+ +---------------+ 174 : : 175 : : 176 ......: :..... 177 : : 178 +---------V---------+ +-V-------------+ 179 | Rule Condition | | Rule Action | 180 +-------------------+ +---------------+ 181 : : : : : : 182 .....: . :..... .....: . :..... 183 : : : : : : 184 +----V---+ +---V----+ +--V---+ +-V------++--V-----++--V---+ 185 | Match | | match | |match | | Action || action ||action| 186 |Operator| |Variable| |Value | |Operator||Variable|| Value| 187 +--------+ +--------+ +------+ +--------++--------++------+ 189 Figure 1: ECA rule structure 191 3. BNP Rule Groups 193 The pkt ECA policy is an order set of pkt-ECA policy rules. The 194 rules assume the event is the reception of a packet on the machine on 195 a set of interfaces. This policy is associated with a set of 196 interfaces on a routing device (physical or virtual). 198 A Rule group allows for the easy combination of rules for management 199 stations or users. A Rule group has the following elements: 201 o name that identifies the grouping of policy rules 203 o module reference - reference to a yang module(s) in the yang 204 module library that this group of policy writes policy to 206 o list of rules 208 Rule groups may have multiple policy groups at specific orders. For 209 example, policy gorup 1 could have three policy rules at rule order 1 210 and four policy rules at rule order 5. 212 The rule has the following elements: name, order, status, priority, 213 reference cnt, and match condition, and action as shown as shown in 214 figure 2. The order indicates the order of the rule within the the 215 complete list. The status of the rule is (active, inactive). The 216 priority is the priority within a specific order of policy/filter 217 rules. A reference count (refcnt) indicates the number of entities 218 (E.g. network modules) using this policy. The generic rule match- 219 action conditions have match operator, a match variable and a match 220 value. The rule actions have an action operator, action variable, 221 and an action value. 223 Rules can exist with the same rule order and same priority. Rules 224 with the same rule order and same priority are not guaranteed to be 225 at any specific ordering. The order number and priority have 226 sufficient depth that administrators who wish order can specify it. 228 Figure 2 - Rule Group 229 +--------------------------------------+ 230 | Rule Group | 231 +--------------------------------------+ 232 * * * 233 | | | 234 | | | 235 | | | 236 +------+ +-------------------+ 237 | Name | | Rule_list | 238 | | | | 239 +------+ +------|------------+ 240 +----------------|-----------------------------+ 241 | rule | 242 |-|------|----------|-----------|------------|-+ 243 | | | | | 244 +---|--+ +-|----+ +---|-------+ +-|------+ +-------+ 245 | Name | |rule | | ECA | |rule | |ref-cnt| 246 +------+ |order | | match | |priority| +-------+ 247 |number| |qos-actions| +--------+ 248 +------+ |fwd-actions| 249 +-----------+ 251 The generic match conditions are specific to a particular layer are 252 refined by matches to a specific layer (as figure 3 shows), and 253 figure 5's high-level yang defines. The general actions may be 254 generic actions that are specific to a particular layer (L1, L2, L3, 255 service layer) or time of day or packet size. The qos actions can be 256 setting fields in the packet at any layer (L1-L4, service) or 257 encapsulating or decapsulating the packet at a layer. The fwd- 258 actions are forwarding functions that forward on an interface or to a 259 next-hop. The rule status is the operational status per rule. 261 Figure 3 262 +-------------+ 263 | Match | 264 | Condition | 265 +-------|-----+ 266 | 267 +-------------+-|-----------+-----------+ 268 | | | | 269 V V V V 270 ............ ............ ............ ........... 271 : L1 : : L2 : : L3 : : Service : . . . 272 : match : : match : : match : : match : 273 '''''''''''' '''''''''''' '''''''''''' ''''''''''' 275 4. BNP Generic Info Model in High Level Yang 277 Below is the high level inclusion 279 Figure 5 280 module:pkt-eca-policy 281 import ietf-inet-types {prefix "inet"} 282 import ietf-interface {prefix "if"} 283 import ietf-i2rs-rib {prefix "i2rs-rib"} 285 import ietf-interfaces { 286 prefix "if"; 287 } 288 import ietf-inet-types { 289 prefix inet; 290 //rfc6991 291 } 293 import ietf-i2rs-rib { 294 prefix "i2rs-rib"; 296 Below is the high level yang diagram 298 module ietf-pkt-eca-policy 299 +--rw pkt-eca-policy-cfg 300 | +--rw pkt-eca-policy-set 301 | +--rw groups* [group-name] 302 | | +--rw group-name string 303 | | +--rw vrf-name string 304 | | +--rw address-family 305 | | +--rw group-rule-list* [rule-name] 306 | | | +--rw rule-name 307 | | | +--rw rule-order-id 308 | | | +--rw default-action-id integer 309 | | | +--rw default-resolution-strategy-id integer 310 | +--rw rules* [order-id rule-name] 311 | +--rw order-id 312 | +--rw rule-name 313 | +--rw cfg-rule-conditions [cfgr-cnd-id] 314 | | +--rw cfgr-cnd-id integer 315 | | +--rw eca-event-match 316 | | | +--rw time-event-match* 317 | | | | .. (time of day) 318 | | +--rw eca-condition-match 319 | | | +--rw eca-pkt-matches* 320 | | | | ... (L1-L4 matches) 321 | | | +--rw eca-user-matches* 322 | | | | (user, schedule, region, target, 323 | | | | state, direction) 324 | +--rw cfg-rule-actions [cfgr-action-id] 325 | | +--rw cfgr-action-id 326 | | +--rw eca-actions* [action-id] 327 | | | +--rw action-id uint32 328 | | | +--rw eca-ingress-act* 329 | | | | ... (permit, deny, mirror) 330 | | | +--rw eca-fwd-actions* 331 | | | | ... (invoke, tunnel encap, fwd) 332 | | | +--rw eca-egress-act* 333 | | | | .. . 334 | | | +--rw eca-qos-actions* 335 | | | | ... 336 | | | +--rw eca-security-actions* 337 | +--rw pc-resolution-strategies* [strategy-id] 338 | | +--rw strategy-id integer 339 | | +--rw filter-strategy identityref 340 | | | .. FMR, ADTP, Longest-match 341 | | +--rw global-strategy identityref 342 | | +--rw mandatory-strategy identityref 343 | | +--rw local-strategy identityref 344 | | +--rw resolution-fcn uint32 345 | | +--rw resolution-value uint32 346 | | +--rw resolution-info string 347 | | +--rw associated-ext-data* 348 | | | +--rw ext-data-id integer 349 | +--rw cfg-external-data* [cfg-ext-data-id] 350 | | +--rw cfg-ext-data-id integer 351 | | +--rw data-type integer 352 | | +--rw priority uint64 353 | | | uses external-data-forms 354 | | ... (other external data) 355 +--rw pkt-eca-policy-opstate 356 +--rw pkt-eca-opstate 357 +--rw groups* [group-name] 358 | +--rw rules-installed; 359 | +--rw rules_status* [rule-name] 360 | +--rw strategy-used [strategy-id] 361 | +--rw 362 +--rw rule-group-link* [rule-name] 363 | +--rw group-name 364 +--rw rules_opstate* [rule-order rule-name] 365 | +--rw status 366 | +--rw rule-inactive-reason 367 | +--rw rule-install-reason 368 | +--rw rule-installer 369 | +--rw refcnt 370 +--rw rules_op-stats* [rule-order rule-name] 371 | +--rw pkts-matched 372 | +--rw pkts-modified 373 | +--rw pkts-forward 374 +--rw op-external-data [op-ext-data-id] 375 | +--rw op-ext-data-id integer 376 | +--rw type identityref 377 | +--rw installed-priority integer 378 | | (other details on external data ) 380 The three levels of policy are expressed as: 382 Config Policy definitions 383 ======================================= 384 Policy level: pkt-eca-policy-set 385 group level: pkt-eca-policy-set:groups 386 rule level: pkt-eca-policy-set:rules 387 external id: pkt-eca-policy-set:cfg-external-data 389 Operational State for Policy 390 ======================================= 391 Policy level: pkt-eca-policy-opstate 392 group level: pkt-eca-opstate:groups 393 group-rule: pkt-eca-opstate:rule-group-link* 394 rule level: pkt-eca_opstate:rules_opstate* 395 pkt-eca_op-stats 397 figure 399 The filter matches struture is shown below 400 module:i2rs-pkt-eca-policy 401 +--rw pkt-eca-policy-cfg 402 | +--rw pkt-eca-policy-set 403 | +--rw groups* [group-name] 404 | | ... 405 | +--rw rules [order-id rule-name] 406 | +--rw eca-matches 407 | | | +--case: interface-match 408 | | | +--case: L1-header-match 409 | | | +--case: L2-header-match 410 | | | +--case: L3-header-match 411 | | | +--case: L4-header-match 412 | | | +--case: Service-header-match 413 | | | +--case: packet-size 414 | | | +--case: time-of-day 416 module:i2rs-pkt-eca-policy 417 +--rw pkt-eca-policy-cfg 418 | +--rw pkt-eca-policy-set 419 | +--rw groups* [group-name] 420 | | ... 421 | +--rw rules* [order-id rule-name] 422 | +--rw eca-matches 423 | | . . . 424 | +--rw ecq-qos-actions 425 | | +--rw cnt-actions 426 | | +--rw mod-actions 427 | | | +--case interface-actions 428 | | | +--case L1-action 429 | | | +--case L2-action 430 | | | +--case L3-action 431 | | | +--case L4-action 432 | | | +--case service-action 433 | +--rw eca-fwd-actions 434 | | +--rw num-fwd-actions 435 | | +--rw fwd-actions 436 | | | +--rw interface interface-ref 437 | | | +--rw next-hop rib-nexthop-ref 438 | | | +--rw route-attributes 439 | | | +--rw rib-route-attributes-ref 440 | | | +--rw fb-std-drop 442 5. i2rs-eca-policy Yang module 444 file "ietf-pkt-eca-policy@2016-02-09.yang" 445 module ietf-pkt-eca-policy { 446 namespace "urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy"; 447 // replace with iana namespace when assigned 448 prefix "pkt-eca-policy"; 450 import ietf-routing { 451 prefix "rt"; 452 } 453 import ietf-interfaces { 454 prefix "if"; 455 } 456 import ietf-inet-types { 457 prefix inet; 458 //rfc6991 459 } 461 import ietf-i2rs-rib { 462 prefix "i2rs-rib"; 463 } 465 // meta 466 organization "IETF I2RS WG"; 468 contact 469 "email: shares@ndzh.com 470 email: russ.white@riw.com 471 email: linda.dunbar@huawei.com 472 email: bill.wu@huawei.com"; 474 description 475 "This module describes a basic network policy 476 model with filter per layer."; 478 revision "2016-06-26" { 479 description "sec ond revision"; 480 reference "draft-ietf-i2rs-pkt-eca-policy-dm-03"; 481 } 483 // interfaces - no identity matches 485 // L1 header match identities 486 identity l1-header-match-type { 487 description 488 " L1 header type for match "; 489 } 491 identity l1-hdr-sonet-type { 492 base l1-header-match-type; 493 description 494 " L1 header sonet match "; 495 } 497 identity l1-hdr-OTN-type { 498 base l1-header-match-type; 499 description 500 " L1 header OTN match "; 501 } 503 identity l1-hdr-dwdm-type { 504 base l1-header-match-type; 505 description 506 " L1 header DWDM match "; 507 } 509 // L2 header match identities 510 identity l2-header-match-type { 511 description 512 " l2 header type for match "; 513 } 515 identity l2-802-1Q { 516 base l2-header-match-type; 517 description 518 " l2 header type for 802.1Q match "; 519 } 521 identity l2-802-11 { 522 base l2-header-match-type; 523 description 524 " l2 header type for 802.11 match "; 525 } 527 identity l2-802-15 { 528 base l2-header-match-type; 529 description 530 " l2 header type for 802.15 match "; 531 } 533 identity l2-NVGRE { 534 base l2-header-match-type; 535 description 536 " l2 header type for NVGRE match "; 537 } 538 identity l2-mpls { 539 base l2-header-match-type; 540 description 541 " l2 header type for MPLS match "; 542 } 544 identity l2-VXLAN { 545 base l2-header-match-type; 546 description 547 " l2 header type for VXLAN match "; 548 } 550 // L3 header match identities 551 identity l3-header-match-type { 552 description 553 " l3 header type for match "; 554 } 556 identity l3-ipv4-hdr { 557 base l3-header-match-type; 558 description 559 " l3 header type for IPv4 match "; 560 } 562 identity l3-ipv6-hdr { 563 base l3-header-match-type; 564 description 565 " l3 header type for IPv6 match "; 566 } 568 identity l3-gre-tunnel { 569 base l3-header-match-type; 570 description "l3 header r 571 type for GRE tunnel match "; 572 } 574 identity l3-icmp-header { 575 base l3-header-match-type; 576 description "L3 header match for ICMP"; 577 } 579 identity l3-ipsec-ah-header { 580 base l3-header-match-type; 581 description "AH IPSEC header "; 582 } 584 identity l3-ipsec-esp-header { 585 base l3-header-match-type; 586 description "AH IPSEC header "; 587 } 589 // L4 header match identities 591 identity l4-header-match-type { 592 description "L4 header 593 match types. (TCP, UDP, 594 SCTP, UDPLite, etc. )"; 595 } 597 identity l4-tcp-header { 598 base l4-header-match-type; 599 description "L4 header for TCP"; 600 } 602 identity l4-udp-header { 603 base l4-header-match-type; 604 description "L4 header match for UDP"; 605 } 607 identity l4-udplite { 608 base l4-header-match-type; 609 description "L4 header match for 610 UDP lite"; 611 } 613 identity l4-sctp-header { 614 base l4-header-match-type; 615 description "L4 header match for SCTP"; 616 } 618 // Service header identities 620 identity service-header-match-type { 621 description "service header 622 match types: service function path 623 (sf-path)), SF-chain, sf-discovery, 624 and others (added here)"; 625 } 627 identity sf-chain-meta-match { 628 base service-header-match-type; 629 description "service header match for 630 meta-match header"; 632 } 634 identity sf-path-meta-match { 635 base service-header-match-type; 636 description "service header match for 637 path-match header"; 638 } 640 identity rule-status-type { 641 description "status 642 values for rule: invalid (0), 643 valid (1), valid and installed (2)"; 644 } 646 identity rule-status-invalid { 647 base rule-status-type; 648 description "invalid rule status."; 649 } 651 identity rule-status-valid { 652 base rule-status-type; 653 description "This status indicates 654 a valid rule."; 656 } 658 identity rule-status-valid-installed { 659 base rule-status-type; 660 description "This status indicates 661 an installed rule."; 662 } 663 identity rule-status-valid-inactive { 664 base rule-status-type; 665 description "This status indicates 666 a valid ruled that is not installed."; 667 } 669 identity rule-cr-type { 670 description "status 671 values for rule: FMR (0), ADTP (1), 672 Longest-match (2)"; 673 } 675 identity rule-cr-FMR { 676 base rule-cr-type; 677 description "first match resolution."; 678 } 679 identity rule-cr-ADTP { 680 base rule-cr-type; 681 description "ADTP resolution."; 682 } 684 identity rule-cr-longest { 685 base rule-cr-type; 686 description "longest match resolution."; 687 } 689 grouping interface-match { 690 leaf match-if-name { 691 type if:interface-ref; 692 description "match on interface name"; 693 } 694 description "interface 695 has name, description, type, enabled 696 as potential matches"; 697 } 699 grouping interface-actions { 700 description 701 "interface action up/down and 702 enable/disable"; 703 leaf interface-up { 704 type boolean; 705 description 706 "action to put interface up"; 707 } 708 leaf interface-down { 709 type boolean; 710 description 711 "action to put interface down"; 712 } 713 leaf interface-enable { 714 type boolean; 715 description 716 "action to enable interface"; 717 } 718 leaf interface-disable { 719 type boolean; 720 description 721 "action to disable interface"; 722 } 723 } 724 grouping L1-header-match { 725 choice l1-header-match-type { 726 case l1-hdr-sonet-type { 727 // sonet matches 728 } 729 case L1-hdr-OTN-type { 730 // OTN matches 731 } 732 case L1-hdr-dwdm-type { 733 // DWDM matches 734 } 735 description 736 "The Layer 1 header match choices"; 737 } 738 description 739 "The Layer 1 header match includes 740 any reference to L1 technology"; 741 } 743 grouping L1-header-actions { 744 leaf l1-hdr-sonet-act { 745 type uint8; 746 description "sonet actions"; 747 } 748 leaf l1-hdr-OTN-act { 749 type uint8; 750 description "OTN actions"; 751 } 752 leaf l1-hdr-dwdm-act { 753 type uint8; 754 description "DWDM actions"; 755 } 756 description "L1 header match 757 types"; 758 } 760 grouping L2-802-1Q-header { 761 description 762 "This is short-term 802.1 header 763 match which will be replaced 764 by reference to IEEE yang when 765 it arrives. Qtag 1 is 802.1Q 766 Qtag2 is 802.1AD"; 768 leaf vlan-present { 769 type boolean; 770 description " Include VLAN in header"; 771 } 773 leaf qtag1-present { 774 type boolean; 775 description " This flag value indicates 776 inclusion of one 802.1Q tag in header"; 777 } 778 leaf qtag2-present{ 779 type boolean; 780 description "This flag indicates the 781 inclusion of second 802.1Q tag in header"; 782 } 784 leaf dest-mac { 785 type uint64; //change to uint48 786 description "IEEE destination MAC value 787 from the header"; 788 } 789 leaf src-mac { 790 type uint64; //change to uint48 791 description "IEEE source MAC 792 from the header"; 794 } 795 leaf vlan-tag { 796 type uint16; 797 description "IEEE VLAN Tag 798 from the header"; 799 } 800 leaf qtag1 { 801 type uint32; 802 description "Qtag1 value 803 from the header"; 804 } 805 leaf qtag2 { 806 type uint32; 807 description "Qtag1 value 808 from the header"; 809 } 810 leaf L2-ethertype { 811 type uint16; 812 description "Ether type 813 from the header"; 814 } 815 } 817 grouping L2-VXLAN-header { 818 container vxlan-header { 819 uses i2rs-rib:ipv4-header; 820 leaf vxlan-network-id { 821 type uint32; 822 description "VLAN network id"; 823 } 824 description " choices for 825 L2-VLAN header matches. 826 Outer-header only. 827 Need to fix inner header. "; 828 } 829 description 830 "This VXLAN header may 831 be replaced by actual VXLAN yang 832 module reference"; 833 } 835 grouping L2-NVGRE-header { 837 container nvgre-header { 838 uses L2-802-1Q-header; 839 uses i2rs-rib:ipv4-header; 840 leaf gre-version { 841 type uint8; 842 description "L2-NVGRE GRE version"; 843 } 844 leaf gre-proto { 845 type uint16; 846 description "L2-NVGRE protocol value"; 847 } 848 leaf virtual-subnet-id { 849 type uint32; 850 description "L2-NVGRE subnet id value"; 851 } 852 leaf flow-id { 853 type uint16; 854 description "L2-NVGRE Flow id value"; 855 } 856 // uses L2-802-1Q-header; 857 description 858 "This NVGRE header may 859 be replaced by actual NVGRE yang 860 module reference"; 861 } 862 description "Grouping for 863 L2 NVGRE header."; 864 } 866 grouping L2-header-match { 867 choice l2-header-match-type { 868 case l2-802-1Q { 869 uses L2-802-1Q-header; 870 } 871 case l2-802-11 { 872 // matches for 802.11 headers 873 } 874 case l2-802-15 { 875 // matches for 802.1 Ethernet 876 } 877 case l2-NVGRE { 878 // matches for NVGRE 879 uses L2-NVGRE-header; 880 } 881 case l2-VXLAN-header { 882 uses L2-VXLAN-header; 883 } 884 case l2-mpls-header { 885 uses i2rs-rib:mpls-header; 886 } 887 description "Choice of L2 888 headers for L2 match"; 889 } 890 description 891 " The layer 2 header match includes 892 any reference to L2 technology"; 893 } 895 grouping L2-NVGRE-mod-acts { 896 // actions for NVGRE 897 leaf set-vsid { 898 type boolean; 899 description 900 "Boolean flag to set VSID in packet"; 901 } 902 leaf set-flowid { 903 type boolean; 904 description 905 "Boolean flag to set VSID in packet"; 906 } 907 leaf vsi { 908 type uint32; 909 description 910 "VSID value to set in packet"; 911 } 912 leaf flow-id { 913 type uint16; 914 description 915 "flow-id value to set in packet"; 916 } 917 description "L2-NVRE Actions"; 918 } 920 grouping L2-VXLAN-mod-acts { 921 leaf set-network-id { 922 type boolean; 923 description 924 "flag to set network id in packet"; 925 } 926 leaf network-id { 927 type uint32; 928 description 929 "network id value to set in packet"; 930 } 931 description "VXLAN header 932 modification actions."; 933 } 935 grouping L2-mpls-mod-acts { 936 leaf pop { 937 type boolean; 938 description 939 "Boolean flag to pop mpls header"; 940 } 941 leaf push { 942 type boolean; 943 description 944 "Boolean flag to push value into 945 mpls header"; 946 } 947 leaf mpls-label { 948 type uint32; 949 description 950 "mpls label to push in header"; 951 } 952 description "MPLS modify 953 header actions"; 954 } 956 grouping l2-header-mod-actions { 957 leaf l2-802-1Q { 958 type uint8; 959 description "actions for 802.1Q"; 960 } 961 leaf l2-802-11 { 962 type uint8; 963 description "actions for 802.11"; 964 } 965 leaf l2-802-15 { 966 type uint8; 967 description "ations for 802.15"; 968 } 970 uses L2-NVGRE-mod-acts; 971 uses L2-VXLAN-mod-acts; 972 uses L2-mpls-mod-acts; 974 description 975 " The layer 2 header match includes 976 any reference to L2 technology"; 977 } 979 grouping L3-header-match { 981 choice L3-header-match-type { 982 case l3-ipv4-hdr { 983 uses i2rs-rib:ipv4-header; 984 } 985 case l3-ipv6-hdr { 986 uses i2rs-rib:ipv6-header; 987 } 988 case L3-gre-tunnel { 989 uses i2rs-rib:gre-header; 990 } 991 description "match for L3 992 headers for IPv4, IPv6, 993 and GRE tunnels"; 994 } 995 description "match for L3 headers"; 996 } 998 grouping ipv4-encapsulate-gre { 999 leaf encapsulate { 1000 type boolean; 1001 description "flag to encapsulate headers"; 1002 } 1003 leaf ipv4-dest-address { 1004 type inet:ipv4-address; 1005 description "Destination Address for GRE header"; 1006 } 1007 leaf ipv4-source-address { 1008 type inet:ipv4-address; 1009 description "Source Address for GRE header"; 1011 } 1012 description "encapsulation actions for IPv4 headers"; 1013 } 1015 grouping L3-header-actions { 1016 choice l3-header-act-type { 1017 case l3-ipv4-hdr { 1018 leaf set-ttl { 1019 type boolean; 1020 description "flag to set TTL"; 1021 } 1022 leaf set-dscp { 1023 type boolean; 1024 description "flag to set DSCP"; 1025 } 1026 leaf ttl-value { 1027 type uint8; 1028 description "TTL value to set"; 1029 } 1030 leaf dscp-val { 1031 type uint8; 1032 description "dscp value to set"; 1033 } 1034 } 1035 case l3-ipv6-hdr { 1036 leaf set-next-header { 1037 type boolean; 1038 description 1039 "flag to set next routing 1040 header in IPv6 header"; 1041 } 1042 leaf set-traffic-class { 1043 type boolean; 1044 description 1045 "flag to set traffic class 1046 in IPv6 header"; 1048 } 1049 leaf set-flow-label { 1050 type boolean; 1051 description 1052 "flag to set flow label 1053 in IPv6 header"; 1054 } 1055 leaf set-hop-limit { 1056 type boolean; 1057 description "flag 1058 to set hop limit in 1059 L3 packet"; 1060 } 1061 leaf ipv6-next-header { 1062 type uint8; 1063 description "value to 1064 set in next IPv6 header"; 1065 } 1066 leaf ipv6-traffic-class { 1067 type uint8; 1068 description "value to set 1069 in traffic class"; 1071 } 1072 leaf ipv6-flow-label { 1073 type uint16; 1074 description "value to set 1075 in IPOv6 flow label"; 1076 } 1077 leaf ipv6-hop-limit { 1078 type uint8; 1079 description "value to set 1080 in hop count"; 1081 } 1082 } 1084 case L3-gre-tunnel { 1085 leaf decapsulate { 1086 type boolean; 1087 description "flag to 1088 decapsulate GRE packet"; 1089 } 1090 description "GRE tunnel 1091 actions" ; 1092 } 1093 description "actions that can 1094 be performed on L3 header"; 1095 } 1096 description "actions to 1097 be performed on L3 header"; 1098 } 1100 grouping tcp-header-match { 1101 leaf tcp-src-port { 1102 type uint16; 1103 description "source port match value"; 1104 } 1105 leaf tcp-dst-port { 1106 type uint16; 1107 description "dest port value 1108 to match"; 1109 } 1110 leaf sequence-number { 1111 type uint32; 1112 description "sequence number 1113 value to match"; 1114 } 1115 leaf ack-number { 1116 type uint32; 1117 description "action value to 1118 match"; 1119 } 1120 description "match for TCP 1121 header"; 1122 } 1124 grouping tcp-header-action { 1125 leaf set-tcp-src-port { 1126 type boolean; 1127 description "flag to set 1128 source port value"; 1129 } 1130 leaf set-tcp-dst-port { 1131 type boolean; 1132 description "flag to set source port value"; 1133 } 1135 leaf tcp-s-port { 1136 type uint16; 1137 description "source port match value"; 1138 } 1139 leaf tcp-d-port { 1140 type uint16; 1141 description "dest port value 1142 to match"; 1143 } 1144 leaf seq-num { 1145 type uint32; 1146 description "sequence number 1147 value to match"; 1148 } 1149 leaf ack-num { 1150 type uint32; 1151 description "action value to 1152 match"; 1153 } 1155 description "Actions to 1156 modify TCP header"; 1157 } 1159 grouping udp-header-match { 1160 leaf udp-src-port { 1161 type uint16; 1162 description "UDP source 1163 port match value"; 1164 } 1165 leaf udp-dst-port { 1166 type uint16; 1167 description "UDP Destination 1168 port match value"; 1169 } 1170 description "match values for 1171 UDP header"; 1173 } 1175 grouping udp-header-action { 1176 leaf set-udp-src-port { 1177 type boolean; 1178 description "flag to set 1179 UDP source port match value"; 1180 } 1181 leaf set-udp-dst-port { 1182 type boolean; 1183 description 1184 "flag to set UDP destination port match value"; 1185 } 1186 leaf udp-s-port { 1187 type uint16; 1188 description "UDP source 1189 port match value"; 1190 } 1191 leaf udp-d-port { 1192 type uint16; 1193 description "UDP Destination 1194 port match value"; 1195 } 1197 description "actions to set 1198 values in UDP header"; 1199 } 1201 grouping sctp-chunk { 1202 leaf chunk-type { 1203 type uint8; 1204 description "sctp chunk type value"; 1205 } 1206 leaf chunk-flag { 1207 type uint8; 1208 description "sctp chunk type 1209 flag value"; 1210 } 1212 leaf chunk-length { 1213 type uint16; 1214 description "sctp chunk length"; 1215 } 1217 leaf chunk-data-byte-zero { 1218 type uint32; 1219 description "byte zero of 1220 stcp chunk data"; 1221 } 1222 description "sctp chunck 1223 header match fields"; 1224 } 1226 grouping sctp-header-match { 1227 uses sctp-chunk; 1228 leaf stcp-src-port { 1229 type uint16; 1230 description "sctp header match 1231 source port value"; 1232 } 1233 leaf sctp-dst-port { 1234 type uint16; 1235 description "sctp header match 1236 destination port value"; 1237 } 1238 leaf sctp-verify-tag { 1239 type uint32; 1240 description "sctp header match 1241 verification tag value"; 1242 } 1243 description "SCTP header 1244 match values"; 1245 } 1247 grouping sctp-header-action { 1248 leaf set-stcp-src-port { 1249 type boolean; 1250 description "set source port in sctp header"; 1251 } 1252 leaf set-stcp-dst-port { 1253 type boolean; 1254 description "set destination port in sctp header"; 1255 } 1256 leaf set-stcp-chunk1 { 1257 type boolean; 1258 description "set chunk value in sctp header"; 1259 } 1260 leaf chunk-type-value { 1261 type uint8; 1262 description "sctp chunk type value"; 1263 } 1264 leaf chunk-flag-value { 1265 type uint8; 1266 description "sctp chunk type 1267 flag value"; 1268 } 1270 leaf chunk-len { 1271 type uint16; 1272 description "sctp chunk length"; 1273 } 1275 leaf chunk-data-bzero { 1276 type uint32; 1277 description "byte zero of 1278 stcp chunk data"; 1279 } 1280 description "sctp qos actions"; 1281 } 1283 grouping L4-header-match { 1284 choice l4-header-match-type { 1285 case l4-tcp-header { 1286 uses tcp-header-match; 1287 } 1288 case l4-udp-header { 1289 uses udp-header-match; 1290 } 1291 case l4-sctp { 1292 uses sctp-header-match; 1293 } 1294 description "L4 match 1295 header choices"; 1296 } 1297 description "L4 header 1298 match type"; 1299 } 1301 grouping L4-header-actions { 1302 uses tcp-header-action; 1303 uses udp-header-action; 1304 uses sctp-header-action; 1305 description "L4 header matches"; 1306 } 1308 grouping service-header-match { 1309 choice service-header-match-type { 1310 case sf-chain-meta-match { 1311 description "uses 1312 sfc-sfc:service-function-chain-grouping: 1313 + sfc-sfc:service-function-chain"; 1314 } 1315 case sf-path-meta-match { 1316 description "uses 1317 sfc-spf:service-function-paths: 1318 + sfc-spf:service-function-path"; 1319 } 1320 description "SFC header match 1321 choices"; 1322 } 1323 description "SFC header and path 1324 matches"; 1325 } 1327 grouping sfc-header-actions { 1328 choice service-header-match-type { 1329 case sf-chain-meta-match { 1330 leaf set-chain { 1331 type boolean; 1332 description "flag to set 1333 chain in sfc. Should 1334 be amended to use SFC service 1335 chain matching. 1336 uses sfc-sfc:service-function-chain-grouping: 1337 + sfc-sfc:service-function-chain"; 1338 } 1339 } 1340 case sf-path-meta-match { 1341 leaf set-path { 1342 type boolean; 1343 description "flag to set path in 1344 sfc header. Amend to use sfc-spf 1345 function headers. Uses 1346 sfc-spf:service-function-paths: 1347 + sfc-spf:service-function-path."; 1348 } 1349 } 1350 description "choices in SFC for 1351 chain match and path match."; 1352 } 1353 description "modify action for 1354 SFC header."; 1355 } 1357 grouping rule_status { 1358 leaf rule-status { 1359 type string; 1360 description "status information 1361 free form string."; 1362 } 1363 leaf rule-inactive-reason { 1364 type string; 1365 description "description of 1366 why rule is inactive"; 1367 } 1368 leaf rule-install-reason { 1369 type string; 1370 description "response on rule installed"; 1371 } 1372 leaf rule-installer { 1373 type string; 1374 description "client id of installer"; 1375 } 1376 leaf refcnt { 1377 type uint16; 1378 description "reference count on rule. "; 1379 } 1380 description 1381 "rule operational status"; 1382 } 1384 // group status 1385 grouping groups-status { 1386 list group_opstate { 1387 key "grp-name"; 1388 leaf grp-name { 1389 type string; 1390 description "eca group name"; 1391 } 1392 leaf rules-installed { 1393 type uint32; 1394 description "rules in 1395 group installed"; 1396 } 1397 list rules_status { 1398 key "rule-name"; 1399 leaf rule-name { 1400 type string; 1401 description "name of rule "; 1402 } 1403 leaf rule-order { 1404 type uint32; 1405 description "rule-order"; 1406 } 1407 description "rules per 1408 group"; 1409 } 1410 description "group operational 1411 status"; 1412 } 1413 description "group to rules 1414 list"; 1415 } 1417 // links between rule to group 1419 grouping rule-group-link { 1420 list rule-group { 1421 key rule-name; 1422 leaf rule-name { 1423 type string; 1424 description "rule name"; 1425 } 1426 leaf group-name { 1427 type string; 1428 description "group name"; 1429 } 1430 description "link between 1431 group and link"; 1432 } 1433 description "rule-name to 1434 group link"; 1435 } 1437 // rule status by name 1438 grouping rules_opstate { 1439 list rules_status { 1440 key "rule-order rule-name"; 1441 leaf rule-order { 1442 type uint32; 1443 description "order of rules"; 1444 } 1445 leaf rule-name { 1446 type string; 1447 description "rule name"; 1448 } 1449 uses rule_status; 1450 description "eca rule list"; 1451 } 1452 description "rules 1453 operational state"; 1454 } 1456 // rule statistics by name and order 1457 grouping rules_opstats { 1458 list rule-stat { 1459 key "rule-order rule-name"; 1460 leaf rule-order { 1461 type uint32; 1462 description "order of rules"; 1463 } 1464 leaf rule-name { 1465 type string; 1466 description "name of rule"; 1467 } 1468 leaf pkts-matched { 1469 type uint64; 1470 description "number of 1471 packets that matched filter"; 1472 } 1473 leaf pkts-modified { 1474 type uint64; 1475 description "number of 1476 packets that filter caused 1477 to be modified"; 1478 } 1479 leaf pkts-dropped { 1480 type uint64; 1481 description "number of 1482 packets that filter caused 1483 to be modified"; 1484 } 1485 leaf bytes-dropped { 1486 type uint64; 1487 description "number of 1488 packets that filter caused 1489 to be modified"; 1490 } 1491 leaf pkts-forwarded { 1492 type uint64; 1493 description "number of 1494 packets that filter caused 1495 to be forwarded."; 1496 } 1497 leaf bytes-forwarded { 1498 type uint64; 1499 description "number of 1500 packets that filter caused 1501 to be forwarded."; 1502 } 1504 description "list of 1505 operational statistics for each 1506 rule."; 1507 } 1508 description "statistics 1509 on packet filter matches, and 1510 based on matches on many were 1511 modified and/or forwarded"; 1512 } 1514 grouping packet-size-match { 1515 leaf l1-size-match { 1516 type uint32; 1517 description "L1 packet match size."; 1518 } 1519 leaf l2-size-match { 1520 type uint32; 1521 description "L2 packet match size."; 1522 } 1523 leaf l3-size-match { 1524 type uint32; 1525 description "L3 packet match size."; 1526 } 1527 leaf l4-size-match { 1528 type uint32; 1529 description "L4 packet match size."; 1530 } 1531 leaf service-meta-size { 1532 type uint32; 1533 description "service meta info match size."; 1534 } 1535 leaf service-meta-payload { 1536 type uint32; 1537 description "service meta-play match size"; 1538 } 1539 description "packet size by layer 1540 only non-zero values are matched"; 1541 } 1543 grouping time-day-match { 1545 leaf hour { 1546 type uint8; 1547 description "hour 1548 of day in 24 hours. 1549 (add range)"; 1550 } 1551 leaf minute { 1552 type uint8; 1553 description 1554 "minute in day."; 1555 } 1556 leaf second { 1557 type uint8; 1558 description 1559 "second in day."; 1560 } 1562 description "matches for 1563 time of day."; 1565 } 1567 grouping user-event-match { 1568 leaf user-name { 1569 type string; 1570 description "name of user 1571 event"; 1572 } 1573 leaf match-string { 1574 type string; 1575 description "user match 1576 string"; 1577 } 1579 description "matches for 1580 time of day."; 1582 } 1584 grouping eca-event-matches { 1585 uses time-day-match; 1586 uses user-event-match; 1587 description "matches for events 1588 which include: 1589 time of day, and 1590 user specified matches."; 1592 } 1594 grouping eca-pkt-matches { 1595 uses interface-match; 1596 uses L1-header-match; 1597 uses L2-header-match; 1598 uses L3-header-match; 1599 uses L4-header-match; 1600 uses service-header-match; 1601 uses packet-size-match; 1602 description "ECA matches"; 1603 } 1605 grouping user-status-matches { 1606 leaf user { 1607 type string; 1608 description "user"; 1609 } 1610 leaf region { 1611 type string; 1612 description "region"; 1613 } 1614 leaf state { 1615 type string; 1616 description "state"; 1617 } 1619 leaf user-status { 1620 type string; 1621 description "status of user"; 1622 } 1624 description "user status 1625 matches - region, 1626 target, location"; 1627 } 1628 grouping eca-condition-matches { 1629 uses eca-pkt-matches; 1630 uses user-status-matches; 1631 description "pkt 1632 and user status matches"; 1633 } 1635 grouping eca-qos-actions { 1636 leaf cnt-actions { 1637 type uint32; 1638 description "count of ECA actions"; 1639 } 1640 list qos-actions { 1641 key "action-id"; 1642 leaf action-id { 1643 type uint32; 1644 description "action id"; 1645 } 1646 uses interface-actions; 1647 uses L1-header-actions; 1648 uses l2-header-mod-actions; 1649 uses L3-header-actions; 1650 uses L4-header-actions; 1652 description "ECA set or change 1653 packet Actions. Actions may be 1654 added here for interface, 1655 L1, L2, L3, L4 nad service forwarding 1656 headers."; 1657 } 1658 description "eca- qos actions"; 1659 } 1661 grouping ip-next-fwd { 1662 leaf rib-name { 1663 type string; 1664 description "name of RIB"; 1665 } 1666 leaf next-hop-name { 1667 type string; 1668 description "name of next hop"; 1669 } 1670 description "ECA set or change 1671 packet Actions"; 1672 } 1674 grouping eca-ingress-actions { 1675 leaf permit { 1676 type boolean; 1677 description "permit ingress 1678 traffic. False 1679 means to deny."; 1680 } 1681 leaf mirror { 1682 type boolean; 1683 description "copy bytes 1684 ingressed to mirror port"; 1685 } 1686 description "ingress eca match"; 1687 } 1689 grouping eca-fwd-actions { 1690 leaf interface-fwd { 1691 type if:interface-ref; 1692 description "name of interface to forward on"; 1693 } 1694 uses i2rs-rib:nexthop; 1695 uses ip-next-fwd; 1696 leaf drop-packet { 1697 type boolean; 1698 description "drop packet flag"; 1699 } 1700 description "ECA forwarding actions"; 1701 } 1703 grouping eca-security-actions { 1704 leaf actions-exist { 1705 type boolean; 1706 description "existance of 1707 eca security actions"; 1708 } 1709 description "content actions 1710 for security. Needs more 1711 description."; 1712 } 1714 grouping eca-egress-actions { 1715 leaf packet-rate { 1716 type uint32; 1717 description "maximum packet-rate"; 1718 } 1719 leaf byte-rate { 1720 type uint64; 1721 description "maximum byte-rate "; 1722 } 1723 description "packet security actions"; 1725 } 1727 grouping policy-conflict-resolution { 1728 list resolution-strategy { 1729 key "strategy-id"; 1730 leaf strategy-id { 1731 type uint32; 1732 description "Id for strategy"; 1733 } 1734 leaf stategy-name { 1735 type string; 1736 description "name of strategy"; 1737 } 1738 leaf filter-strategy { 1739 type string; 1740 description "type of resolution"; 1742 } 1743 leaf global-strategy { 1744 type boolean; 1745 description "global strategy"; 1746 } 1747 leaf mandatory-strategy { 1748 type boolean; 1749 description "required strategy"; 1750 } 1751 leaf local-strategy { 1752 type boolean; 1753 description "local strategy"; 1754 } 1755 leaf resolution-fcn { 1756 type uint64; 1757 description "resolution function id "; 1758 } 1759 leaf resolution-value { 1760 type uint64; 1761 description "resolution value"; 1762 } 1763 leaf resolution-info { 1764 type string; 1765 description "resolution info"; 1766 } 1767 list associate-ext-data { 1768 key "ext-data-id"; 1769 leaf ext-data-id { 1770 type uint64; 1771 description "ID of external data"; 1773 } 1774 leaf ext-data { 1775 type string; 1776 description "external data"; 1777 } 1778 description "linked external data"; 1779 } 1780 description "list of strategies"; 1781 } 1782 description "policy conflict 1783 resolution strategies"; 1784 } 1786 grouping cfg-external-data { 1787 list cfg-ext-data { 1788 key "cfg-ext-data-id"; 1789 leaf cfg-ext-data-id { 1790 type uint64; 1791 description "id for external data"; 1792 } 1793 leaf data-type { 1794 type uint32; 1795 description "external data type ID"; 1796 } 1797 leaf priority { 1798 type uint64; 1799 description "priority of data"; 1800 } 1801 leaf other-data { 1802 type string; 1803 description "string 1804 external data"; 1805 } 1806 description "external data"; 1807 } 1808 description "external data list"; 1809 } 1811 grouping pkt-eca-policy-set { 1812 list groups { 1813 key "group-name"; 1814 leaf group-name { 1815 type string; 1816 description 1817 "name of group of rules"; 1818 } 1820 leaf vrf-name { 1821 type string; 1822 description "VRF name"; 1823 } 1824 uses rt:address-family; 1825 list group-rule-list { 1826 key "rule-name"; 1827 leaf rule-name { 1828 type string; 1829 description "name of rule"; 1830 } 1831 leaf rule-order-id { 1832 type uint16; 1833 description "rule-order-id"; 1834 } 1835 description "rules per group"; 1836 } 1837 description "pkt eca rule groups"; 1838 } 1839 list eca-rules { 1840 key "order-id"; 1841 ordered-by user; 1842 leaf order-id { 1843 type uint16; 1844 description "Number of order 1845 in ordered list (ascending)"; 1846 } 1847 leaf eca-rule-name { 1848 type string; 1849 description "name of rule"; 1850 } 1851 leaf installer { 1852 type string; 1853 description 1854 "Id of I2RS client 1855 that installs this rule."; 1856 } 1857 uses eca-event-matches; 1858 uses eca-ingress-actions; 1859 uses eca-qos-actions; 1860 uses eca-security-actions; 1861 uses eca-fwd-actions; 1862 uses eca-egress-actions; 1863 uses cfg-external-data; 1864 uses policy-conflict-resolution; 1866 description "ECA rules"; 1867 } // end of rule 1869 description "Policy sets."; 1870 } 1872 grouping pkt-eca-opstate { 1873 uses groups-status; 1874 uses rule-group-link; 1875 uses rules_opstate; 1876 uses rules_opstats; 1877 description "pkt eca policy 1878 op-state main"; 1879 } 1881 container pkt-eca-policy-opstate { 1882 config "false"; 1883 uses pkt-eca-opstate; 1884 description "operational state"; 1885 } 1887 } 1889 1891 6. IANA Considerations 1893 This draft requests IANA Assign a urn in the IETF yang module space 1894 for: 1896 "urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy"; 1898 associated prefix "pkt-eca"; 1900 7. Security Considerations 1902 These generic filters are used in the I2RS FB-RIBs to filter packets 1903 in a traffic stream, act to modify packets, and forward data packets. 1904 These I2RS filters operate dynamically at same level as currently 1905 deployed configured filter-based RIBs to filter, change, and forward 1906 traffic. The dynamic nature of this protocol requires that I2RS 1907 Filters track the installer of group information and rules. 1909 This section will be augmented after a discussion with security 1910 experts. 1912 8. Informative References 1914 [I-D.ietf-i2rs-architecture] 1915 Atlas, A., Halpern, J., Hares, S., Ward, D., and T. 1916 Nadeau, "An Architecture for the Interface to the Routing 1917 System", draft-ietf-i2rs-architecture-15 (work in 1918 progress), April 2016. 1920 [I-D.ietf-i2rs-rib-info-model] 1921 Bahadur, N., Kini, S., and J. Medved, "Routing Information 1922 Base Info Model", draft-ietf-i2rs-rib-info-model-08 (work 1923 in progress), October 2015. 1925 [I-D.ietf-netconf-restconf] 1926 Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1927 Protocol", draft-ietf-netconf-restconf-14 (work in 1928 progress), June 2016. 1930 [I-D.ietf-netmod-acl-model] 1931 Bogdanovic, D., Koushik, K., Huang, L., and D. Blair, 1932 "Network Access Control List (ACL) YANG Data Model", 1933 draft-ietf-netmod-acl-model-07 (work in progress), March 1934 2016. 1936 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1937 Requirement Levels", BCP 14, RFC 2119, 1938 DOI 10.17487/RFC2119, March 1997, 1939 . 1941 [RFC3060] Moore, B., Ellesson, E., Strassner, J., and A. Westerinen, 1942 "Policy Core Information Model -- Version 1 1943 Specification", RFC 3060, DOI 10.17487/RFC3060, February 1944 2001, . 1946 [RFC3460] Moore, B., Ed., "Policy Core Information Model (PCIM) 1947 Extensions", RFC 3460, DOI 10.17487/RFC3460, January 2003, 1948 . 1950 [RFC3644] Snir, Y., Ramberg, Y., Strassner, J., Cohen, R., and B. 1951 Moore, "Policy Quality of Service (QoS) Information 1952 Model", RFC 3644, DOI 10.17487/RFC3644, November 2003, 1953 . 1955 Authors' Addresses 1956 Susan Hares 1957 Huawei 1958 7453 Hickory Hill 1959 Saline, MI 48176 1960 USA 1962 Email: shares@ndzh.com 1964 Qin Wu 1965 Huawei 1966 101 Software Avenue, Yuhua District 1967 Nanjing, Jiangsu 210012 1968 China 1970 Email: bill.wu@huawei.com 1972 Russ White 1973 Ericsson 1975 Email: russw@riw.us