module nokia-conf { yang-version "1.1"; namespace "urn:nokia.com:sros:ns:yang:sr:conf"; prefix "conf"; import ietf-inet-types { prefix "inet"; } import ietf-yang-types { prefix "yang"; } import nokia-sros-yang-extensions { prefix "sros-ext"; } import nokia-types-application-assurance { prefix "types-aa"; } import nokia-types-bgp { prefix "types-bgp"; } import nokia-types-card { prefix "types-card"; } import nokia-types-cellular { prefix "types-cellular"; } import nokia-types-cflowd { prefix "types-cflowd"; } import nokia-types-chassis { prefix "types-chassis"; } import nokia-types-dhcp { prefix "types-dhcp"; } import nokia-types-diameter { prefix "types-diam"; } import nokia-types-eth-cfm { prefix "types-eth-cfm"; } import nokia-types-filter { prefix "types-filter"; } import nokia-types-igmp { prefix "types-igmp"; } import nokia-types-igp { prefix "types-igp"; } import nokia-types-ipsec { prefix "types-ipsec"; } import nokia-types-isa { prefix "types-isa"; } import nokia-types-isis { prefix "types-isis"; } import nokia-types-l2tp { prefix "types-l2tp"; } import nokia-types-ldp { prefix "types-ldp"; } import nokia-types-lldp { prefix "types-lldp"; } import nokia-types-log { prefix "types-log"; } import nokia-types-mcast-cac { prefix "types-mcast-cac"; } import nokia-types-mcast-mgmt { prefix "types-mcast-mgmt"; } import nokia-types-mcr { prefix "types-mcr"; } import nokia-types-mpls { prefix "types-mpls"; } import nokia-types-nat { prefix "types-nat"; } import nokia-types-oam { prefix "types-oam"; } import nokia-types-ospf { prefix "types-ospf"; } import nokia-types-policy { prefix "types-policy"; } import nokia-types-port { prefix "types-port"; } import nokia-types-ppp { prefix "types-ppp"; } import nokia-types-ptp { prefix "types-ptp"; } import nokia-types-qos { prefix "types-qos"; } import nokia-types-radius { prefix "types-radius"; } import nokia-types-redundancy { prefix "types-redundancy"; } import nokia-types-rip { prefix "types-rip"; } import nokia-types-ripng { prefix "types-ripng"; } import nokia-types-router { prefix "types-router"; } import nokia-types-rsvp { prefix "types-rsvp"; } import nokia-types-security { prefix "types-security"; } import nokia-types-services { prefix "types-services"; } import nokia-types-sfm { prefix "types-sfm"; } import nokia-types-sros { prefix "types-sros"; } import nokia-types-subscriber-mgmt { prefix "types-submgt"; } import nokia-types-system { prefix "types-system"; } import nokia-types-vrrp { prefix "types-vrrp"; } import nokia-types-wlan { prefix "types-wlan"; } import nokia-types-wlangw { prefix "types-wlangw"; } sros-ext:sros-major-release "rel20"; organization "Nokia"; contact "Nokia SR OS Support Web: "; description "Nokia YANG Data model to configure all data on SR OS based routers. Copyright 2016 Nokia. All rights reserved. Reproduction of this document is authorized on the condition that the foregoing copyright notice is included. This nokia-conf YANG module embodies Nokia's proprietary intellectual property. Nokia retains all title and ownership in the specification, including any revisions. Nokia grants all interested parties a non-exclusive license to use and distribute an unmodified copy of this specification in connection with management of Nokia products, and without fee, provided this copyright notice and license appear on all copies. This specification is supplied `as is', and Nokia makes no warranty, either express or implied, as to the use, operation, condition, or performance of the specification."; revision "2020-03-16"; container configure { container aaa { description "Enter the aaa context"; leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container radius { description "Enter the radius context"; leaf coa-port { type inet:port-number { range "1647|1700|1812|3799"; } default "3799"; description "Radius CoA port"; } list acct-on-off-group { key "name"; max-elements 32; description "Enter the acct-on-off-group list instance"; leaf name { type types-sros:named-item; description "Accounting on/off group name"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list acct-on-off-group list server-policy { key "name"; max-elements 32; description "Enter the server-policy list instance"; leaf name { type types-sros:named-item; description "RADIUS script policy name"; } leaf description { type types-sros:description; description "Text description"; } leaf python-policy { type leafref { path "../../../../python/python-policy/name"; } description "Python policy to modify the RADIUS messages"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container servers { description "Enter the servers context"; leaf timeout { type types-sros:time-duration { range "1..340"; } units "seconds"; default "5"; description "Time until the next retry to the RADIUS server"; } leaf retry-count { type uint32 { range "1..256"; } default "3"; description "Number of retries for contacting the RADIUS server"; } leaf hold-down-time { type types-sros:time-duration { range "30..86400"; } units "seconds"; default "30"; description "Hold time before re-using a RADIUS server that was down"; } leaf router-instance { type string; description "RADIUS routing instance"; } leaf source-address { type types-sros:ipv4-address; description "Source address of RADIUS messages"; } leaf ipv6-source-address { type types-sros:ipv6-address; description "Source address for IPv6 RADIUS datagrams"; } leaf access-algorithm { type types-radius:server-selection-algo; description "Algorithm to access the set of RADIUS servers"; } leaf stickiness { type boolean; default "true"; description "Allow stickiness in a multi-server application"; } list server { key "server-index"; max-elements 32; description "Enter the server list instance"; leaf server-index { type uint32 { range "1..16"; } description "RADIUS server index"; } leaf server-name { type types-sros:named-item; mandatory true; description "RADIUS server name"; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list server container buffering { description "Enter the buffering context"; container acct-interim { presence "acct-interim"; description "Enter the acct-interim context"; leaf min { type types-sros:time-duration { range "1..3600"; } units "seconds"; mandatory true; description "Minimum time between accounting message resend attempts"; } leaf max { type types-sros:time-duration { range "1..3600"; } units "seconds"; mandatory true; description "Maximum time between accounting message resend attempts"; } leaf lifetime { type types-sros:time-duration { range "1..25"; } units "hours"; mandatory true; description "Time accounting message can be in retransmission buffer"; } } // container acct-interim container acct-stop { presence "acct-stop"; description "Enter the acct-stop context"; leaf min { type types-sros:time-duration { range "1..3600"; } units "seconds"; mandatory true; description "Minimum time between accounting message resend attempts"; } leaf max { type types-sros:time-duration { range "1..3600"; } units "seconds"; mandatory true; description "Maximum time between accounting message resend attempts"; } leaf lifetime { type types-sros:time-duration { range "1..25"; } units "hours"; mandatory true; description "Time accounting message can be in retransmission buffer"; } } // container acct-stop } // container buffering container health-check { description "Enter the health-check context"; leaf down-timeout { type types-sros:time-duration { range "1..340"; } units "seconds"; description "Wait time before declaring RADIUS server out-of-service"; } container test-account { description "Enter the test-account context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of health check state"; } leaf interval { type types-sros:time-duration { range "1..60"; } units "seconds"; default "3"; description "Time for health check"; } leaf user-name { type types-sros:display-string { length "1..64"; } description "Username for health check"; } leaf password { type types-sros:encrypted-leaf { length "1..115"; } description "Password for health check"; } } // container test-account } // container health-check } // container servers container acct-on-off { presence "Acct-On/Off"; description "Enter the acct-on-off context"; leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice mode { case monitor { leaf monitor { type leafref { path "../../../acct-on-off-group/name"; } sros-ext:immutable; description "Accounting on/off group name"; } } case oper-state-change { container oper-state-change { presence "change operational state"; description "Enter the oper-state-change context"; leaf group { type leafref { path "../../../../acct-on-off-group/name"; } sros-ext:immutable; description "Change of operational state for a group"; } } // container oper-state-change } } } // container acct-on-off } // list server-policy list route-downloader { key "name"; max-elements 1; description "Enter the route-downloader list instance"; leaf name { type types-sros:named-item; description "Route downloader name"; } leaf description { type types-sros:description; description "Text description"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of this Route Downloader"; } leaf radius-server-policy { type leafref { path "../../server-policy/name"; } description "RADIUS server policy used by this route downloader"; } leaf download-interval { type uint32 { range "1..1440"; } units "minutes"; default "720"; description "Time for system to wait between two consecutive runs of route-download process"; } leaf default-metric { type uint32 { range "0..254"; } default "2"; description "Default metric of this route downloader"; } leaf default-tag { type uint32 { range "0..4294967295"; } default "0"; description "Default tag of this route downloader"; } leaf max-routes { type uint32 { range "1..200000"; } default "200000"; description "Maximum routes imported by this route downloader"; } leaf base-user-name { type types-sros:named-item; description "Prefix of the username used by this route downloader"; } leaf password { type types-sros:encrypted-leaf { length "1..71"; } description "Route downloader password"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container retry-interval { description "Enter the retry-interval context"; leaf min { type uint32 { range "1..1440"; } units "minutes"; default "10"; description "Specifies the minimum duration of the retry interval. This duration grows exponentially after each sequential failure."; } leaf max { type uint32 { range "1..1440"; } units "minutes"; default "20"; description "Specifies the maximum duration of the retry interval. This duration grows exponentially after each sequential failure"; } } // container retry-interval } // list route-downloader list l2tp-accounting-policy { key "name"; max-elements 32; description "Enter the l2tp-accounting-policy list instance"; leaf name { type types-sros:named-item; description "Name for L2TP RADIUS accounting policy"; } leaf description { type types-sros:description; description "Text description"; } leaf acct-tunnel-connection-fmt { type types-sros:display-string { length "1..253"; pattern "([^%]+|%[nsStTcC%])+"; } default "%n"; description "Accounting tunnel connection ASCII specification"; } leaf radius-server-policy { type leafref { path "../../server-policy/name"; } description "RADIUS server policy"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container accounting-type { description "Enter the accounting-type context"; leaf session { type boolean; default "true"; description "Enable/disable per session accounting"; } leaf tunnel { type boolean; default "true"; description "Enable/disable per tunnel accounting"; } } // container accounting-type container include-radius-attribute { description "Enter the include-radius-attribute context"; leaf calling-station-id { type boolean; default "false"; description "Include the calling station ID attribute"; } leaf nas-identifier { type boolean; default "false"; description "Include the NAS-Identifier attribute"; } container nas-port { presence "Include the NAS-Port attribute"; description "Enter the nas-port context"; leaf bit-spec { type types-sros:binary-specification { pattern "([01]|(\\*[0123456789]+)?[oismpvc])+"; } mandatory true; description "RADIUS NAS-Port attribute"; } } // container nas-port container nas-port-id { presence "Include the NAS-Port-Id attribute"; description "Enter the nas-port-id context"; leaf prefix-string { type types-sros:string-not-all-spaces { length "1..8"; } description "Specifies NAS-Port-Id prefix string"; } leaf suffix { type enumeration { enum "circuit-id" { value 1; } enum "remote-id" { value 2; } } description "NAS-Port-Id suffix"; } } // container nas-port-id container nas-port-type { presence "Include the NAS-Port-Type attribute"; description "Enter the nas-port-type context"; leaf type { type union { type enumeration { enum "rfc-aligned" { value 1000; } } type uint32 { range "0..255"; } } default "rfc-aligned"; description "Value for RADIUS NAS-Port-Type attribute"; } } // container nas-port-type } // container include-radius-attribute } // list l2tp-accounting-policy list isa-policy { key "name"; max-elements 8; description "Enter the isa-policy list instance"; leaf name { type types-sros:named-item; description "Policy name"; } leaf description { type types-sros:description; description "Text description"; } leaf password { type types-sros:encrypted-leaf { length "1..42"; } description "Password used in the RADIUS access requests"; } leaf nas-ip-address-origin { type enumeration { enum "system-ip" { value 0; } enum "isa-ip" { value 1; } } default "system-ip"; description "NAS-IP-Address attribute"; } leaf python-policy { type leafref { path "../../../../python/python-policy/name"; } description "Python policy used for modifying RADIUS messages"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container accounting { description "Enter the accounting context"; container include-attributes { description "Enter the include-attributes context"; leaf acct-delay-time { type boolean; default "false"; description "Include the Acct-Delay-Time attribute"; } leaf acct-triggered-reason { type boolean; default "false"; description "Include Alc-Acct-Triggered-Reason attribute"; } leaf called-station-id { type boolean; default "false"; description "Include the Called-Station-Id attribute"; } leaf calling-station-id { type boolean; default "false"; description "Include the Calling-Station-Id attribute"; } leaf circuit-id { type boolean; default "false"; description "Include the Circuit-Id attribute"; } leaf class { type boolean; default "false"; description "Include the Class attribute"; } leaf dhcp-options { type boolean; default "false"; description "Include the Alc-ToServer-Dhcp-Options attribute"; } leaf dhcp-vendor-class-id { type boolean; default "false"; description "Include the Alc-DHCP-Vendor-Class-Id attribute"; } leaf frame-counters { type boolean; default "false"; description "Include the Acct-Input-Packets and Acct-Output-Packets attributes"; } leaf framed-ip-address { type boolean; default "false"; description "Include the Framed-IP-Address attribute"; } leaf framed-ip-netmask { type boolean; default "false"; description "Include the Framed-IP-Netmask attribute"; } leaf framed-ipv6-prefix { type boolean; default "false"; description "Include the Framed-IPv6-Prefix attribute"; } leaf hardware-timestamp { type boolean; default "false"; description "Include the Event-Timestamp attribute"; } leaf ipv6-address { type boolean; default "false"; description "Include the IPv6-Address attribute"; } leaf mac-address { type boolean; default "false"; description "Include the Alc-Client-Hardware-Addr attribute"; } leaf multi-session-id { type boolean; default "false"; description "Include the Acct-Multi-Session-Id attribute"; } leaf nas-identifier { type boolean; default "false"; description "Include the NAS-Identifier attribute"; } leaf nas-ip-address { type boolean; default "false"; description "Include the NAS-IP-Address attribute"; } leaf nas-port { type boolean; default "false"; description "Include the NAS-Port attribute"; } leaf nas-port-id { type boolean; default "false"; description "Include the NAS-Port-Id attribute"; } leaf nas-port-type { type boolean; default "false"; description "Include the NAS-Port-Type attribute"; } leaf nat-inside-service-id { type boolean; default "false"; description "Include the NAT inside service ID in Alc-Serv-Id attribute"; } leaf nat-outside-ip-address { type boolean; default "false"; description "Include the Alc-Nat-Outside-Ip-Addr attribute"; } leaf nat-outside-service-id { type boolean; default "false"; description "Include the NAT outside service ID in the Alc-Serv-Id attribute"; } leaf nat-port-range-block { type boolean; default "false"; description "Include the Alc-Nat-Port-Range attribute"; } leaf nat-subscriber-string { type boolean; default "false"; description "Include the Alc-Subsc-ID-Str attribute"; } leaf octet-counters { type boolean; default "false"; description "Include the Acct-Input-Octets and Acct-Output-Octets attributes"; } leaf proxied-subscriber-data { type boolean; default "false"; description "Include subscriber data as RADIUS attributes that are passed into RADIUS accounting messages"; } leaf release-reason { type boolean; default "false"; description "Include the reason of NAT release in the Acct-Terminate-Cause attribute"; } leaf remote-id { type boolean; default "false"; description "Include the Remote-Id attribute"; } leaf rssi { type boolean; default "false"; description "Include the Alc-RSSI attribute"; } leaf session-time { type boolean; default "false"; description "Include the Acct-Session-Time attribute"; } leaf subscriber-id { type boolean; default "false"; description "Include the Alc-Subsc-ID-Str attribute"; } leaf toserver-dhcp6-options { type boolean; default "false"; description "Include the Alc-ToServer-Dhcp6-Options attribute"; } leaf ue-creation-type { type boolean; default "false"; description "Include the Alc-Wlan-Ue-Creation-Type attribute"; } leaf user-name { type boolean; default "false"; description "Include the User-Name attribute"; } leaf wlan-ssid-vlan { type boolean; default "false"; description "Include the per-SSID VLAN tag in Alc-Wlan-SSID-VLAN attribute"; } leaf xconnect-tunnel-local-ipv6-address { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Local-Ipv6 attribute"; } leaf xconnect-tunnel-remote-ipv6-address { type boolean; default "false"; description "Include the cross-connect tunnel remote IPv6 address attribute"; } leaf xconnect-tunnel-service { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Service attribute"; } leaf xconnect-tunnel-type { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Type attribute"; } leaf xconnect-tunnel-home-address { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Home-Ipv6 attribute"; } } // container include-attributes container update-triggers { description "Enter the update-triggers context"; leaf address-state { type boolean; default "false"; description "Send an Interim-Update when DHCP/DHCP6/SLAAC state is created or removed"; } } // container update-triggers container nat-periodic-update { description "Enter the nat-periodic-update context"; leaf interval { type types-sros:time-duration { range "1..72"; } units "hours"; description "Interval for periodic RADIUS Interim-Update messages"; } leaf rate-limit { type union { type uint32 { range "1..100000"; } type enumeration { enum "unlimited" { value 0; } } } units "packets per second"; default "unlimited"; description "Rate limit for periodic RADIUS Interim-Update messages"; } } // container nat-periodic-update } // container accounting container authentication { description "Enter the authentication context"; container include-attributes { description "Enter the include-attributes context"; leaf called-station-id { type boolean; default "false"; description "Include the Called-Station-Id attribute"; } leaf calling-station-id { type boolean; default "false"; description "Include the Calling-Station-Id attribute"; } leaf circuit-id { type boolean; default "false"; description "Include the Agent-Circuit-Id attribute"; } leaf toserver-dhcp-options { type boolean; default "false"; description "Include the Alc-ToServer-Dhcp-Options attribute"; } leaf dhcp-vendor-class-id { type boolean; default "false"; description "Include the Dhcp-Vendor-Class-Id attribute"; } leaf framed-ip-address { type boolean; default "false"; description "Include the Framed-IP-Address attribute"; } leaf ipv6-address { type boolean; default "false"; description "Include the Alc-Ipv6-Address attribute"; } leaf mac-address { type boolean; default "false"; description "Include the Alc-Client-Hardware-Addr attribute"; } leaf nas-identifier { type boolean; default "false"; description "Include the NAS-Identifier attribute"; } leaf nas-ip-address { type boolean; default "true"; description "Include the NAS-IP-Address attribute"; } leaf nas-port { type boolean; default "false"; description "Include the NAS-Port attribute"; } leaf nas-port-id { type boolean; default "false"; description "Include the NAS-Port-Id attribute"; } leaf nas-port-type { type boolean; default "false"; description "Include the NAS-Port-Type attribute"; } leaf remote-id { type boolean; default "false"; description "Include the Agent-Remote-Id attribute"; } leaf toserver-dhcp6-options { type boolean; default "false"; description "Include the Alc-ToServer-Dhcp6-Options attribute"; } leaf wlan-ssid-vlan { type boolean; default "false"; description "Include the per-SSID VLAN ID in Alc-Wlan-SSID-VLAN attribute"; } leaf xconnect-tunnel-home-address { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Home-Ipv6 attribute"; } } // container include-attributes } // container authentication container user-name { description "Enter the user-name context"; leaf format { type enumeration { enum "mac" { value 1; } enum "mac-ip" { value 2; } enum "dhcp-vendor" { value 3; } enum "circuit-id" { value 4; } } default "mac"; description "How user is represented when contacting RADIUS server"; } leaf mac-format { type types-nat:mac-format; description "How the MAC address gets formatted"; } } // container user-name container servers { description "Enter the servers context"; leaf source-address-range { type types-sros:ipv4-unicast-address; description "Starting source address of RADIUS messages; end depends on number of ISAs in the system"; } leaf timeout { type types-sros:time-duration { range "1..90"; } units "seconds"; default "5"; description "Timeout for a response from the RADIUS server"; } leaf total-tries { type uint32 { range "1..10"; } default "3"; description "Maximum number of tries toward the same RADIUS server"; } leaf router-instance { type string; description "The routing instance"; } leaf access-algorithm { type types-radius:isa-server-selection-algo; description "Algorithm that accesses the RADIUS servers"; } list server { key "index"; max-elements 10; description "Enter the server list instance"; leaf index { type uint32 { range "1..10"; } description "RADIUS server index that determines sequence in which servers are queried for auth requests"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the ISA RADIUS server"; } leaf ip-address { type types-sros:ipv4-unicast-address; description "Destination IP address to reach RADIUS server"; } leaf secret { type types-sros:encrypted-leaf { length "1..115"; } description "Shared secret to authenticate messages and encrypt attributes to or from this server"; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container purpose { description "Enter the purpose context"; container accounting { presence "Accounting"; description "Enter the accounting context"; leaf udp-port { type types-sros:tcp-udp-port-non-zero; default "1813"; description "ISA RADIUS server accounting UDP port"; } } // container accounting container authentication { presence "Authentication"; description "Enter the authentication context"; leaf udp-port { type types-sros:tcp-udp-port-non-zero; default "1812"; description "ISA RADIUS server authentication UDP port"; } } // container authentication container coa { presence "Change of Authorization"; description "Enter the coa context"; leaf udp-port { type types-sros:tcp-udp-port-non-zero; default "3799"; description "ISA RADIUS server change of authorization UDP port"; } } // container coa } // container purpose } // list server } // container servers } // list isa-policy } // container radius container diameter { description "Enter the diameter context"; list node { key "origin-host"; max-elements 32; description "Enter the node list instance"; leaf origin-host { type types-diam:diam-fqdn; description "Origin-Host AVP"; } leaf description { type types-sros:description; description "Text description"; } leaf origin-realm { type types-diam:diam-fqdn; sros-ext:immutable; description "Origin-realm name"; } leaf python-policy { type leafref { path "../../../../python/python-policy/name"; } description "Python policy for received or sent Diameter messages"; } leaf router-instance { type string; default "Base"; description "Router in which this node connects to its peers"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container connection { description "Enter the connection context"; leaf timer { type types-sros:time-duration { range "1..1000"; } units "seconds"; default "30"; description "Wait time before attempting reconnection to peer"; } container ipv4 { description "Enter the ipv4 context"; leaf local-address { type types-sros:ipv4-unicast-address; description "Local address of IPv4 TCP peer connection"; } leaf allow-connections { type boolean; default "false"; description "Listen on local address for incoming peer connections"; } } // container ipv4 container ipv6 { description "Enter the ipv6 context"; leaf local-address { type types-sros:ipv6-unicast-address; description "Local address of IPv6 TCP peer connection"; } leaf allow-connections { type boolean; default "false"; description "Listen on local address for incoming peer connections"; } } // container ipv6 } // container connection list peer { key "index"; max-elements 5; description "Enter the peer list instance"; leaf index { type uint32 { range "1..5"; } description "Index of peer within the node"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the Diameter peer"; } leaf address { type types-sros:ip-unicast-address; description "Diameter peer address"; } leaf destination-host { type types-diam:diam-fqdn; sros-ext:immutable; mandatory true; description "Destination-Host AVP string for Diameter messages"; } leaf connection-timer { type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Wait time before attempting reconnection to peer"; } leaf preference { type uint32 { range "1..100"; } default "50"; description "Preference of this peer, lower is more preferred"; } leaf watchdog-timer { type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Time between consecutive watchdog messages"; } leaf default-peer { type boolean; default "false"; description "Use the peer as default route for realm-based routing"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list peer } // list node list peer-policy { status deprecated; key "name"; max-elements 32; description "Enter the peer-policy list instance"; leaf name { status deprecated; type types-sros:named-item; description "Diameter peer policy name"; } leaf description { status deprecated; type types-sros:description; description "Text description"; } leaf origin-host { status deprecated; type string { length "1..80"; } description "Origin-Host AVP sent in all Diameter messages"; } leaf origin-realm { status deprecated; type string { length "1..80"; } description "Origin-Realm AVP sent in all Diameter messages"; } leaf router-instance { status deprecated; type string; default "Base"; description "Diameter peer policy router"; } leaf ipv4-source-address { status deprecated; type types-sros:ipv4-unicast-address; description "IPv4 source address for peering connection"; } leaf ipv6-source-address { status deprecated; type types-sros:ipv6-unicast-address; description "IPv6 source address for IPv6-reachable peering"; } leaf watchdog-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; default "30"; description "Time between consecutive watchdog messages"; } leaf connection-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; default "30"; description "Wait time before attempting reconnection to peer"; } leaf transaction-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; default "30"; description "Timeout for base Diameter messages (DWR, CER, DPR)"; } leaf vendor-support { status deprecated; type types-diam:diam-vendor-support; default "three-gpp"; description "Vendor support announced in the capability exchange"; } leaf python-policy { status deprecated; type leafref { path "../../../../python/python-policy/name"; } description "Name of python policy for Diameter processing"; } leaf role { status deprecated; type enumeration { enum "client" { value 0; } enum "proxy" { value 1; } } sros-ext:immutable; default "client"; description "Client or proxy role of a Diameter peer policy"; } leaf-list apply-groups { status deprecated; type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container applications { status deprecated; description "Enter the applications context"; leaf gx { status deprecated; type boolean; default "false"; description "Advertise Gx application support in CER messages"; } leaf gy { status deprecated; type boolean; default "false"; description "Advertise Gy application support in CER messages"; } leaf nasreq { status deprecated; type boolean; default "false"; description "Advertise NASREQ application support in CER messages"; } } // container applications list peer { status deprecated; key "peer-name"; max-elements 5; description "Enter the peer list instance"; leaf peer-name { status deprecated; type types-sros:named-item; description "Name of peer in Diameter peer policy"; } leaf admin-state { status deprecated; type types-sros:admin-state; default "disable"; description "Administrative state of the peer"; } leaf address { status deprecated; type types-sros:ip-unicast-address; description "Diameter peer address"; } leaf destination-host { status deprecated; type types-sros:string-not-all-spaces { length "1..80"; } description "Destination-Host AVP string for Diameter messages"; } leaf destination-realm { status deprecated; type types-sros:string-not-all-spaces { length "1..80"; } description "Destination-Realm AVP string"; } leaf watchdog-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Time between consecutive watchdog messages"; } leaf connection-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Wait time before attempting reconnection to peer"; } leaf transaction-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Timeout for base Diameter messages (DWR, CER, DPR)"; } leaf preference { status deprecated; type uint32 { range "1..100"; } default "50"; description "Peer preference of the Diameter peer policy"; } leaf-list apply-groups { status deprecated; type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container transport { status deprecated; description "Enter the transport context"; leaf port-number { status deprecated; type uint32 { range "1..65535"; } default "3868"; description "Transport protocol port number used toward policy peer"; } } // container transport container statistics { status deprecated; description "Add a list entry for statistics"; } // container statistics } // list peer container proxy { status deprecated; when "../role = 'proxy'"; description "Enter the proxy context"; leaf admin-state { status deprecated; type types-sros:admin-state; default "disable"; description "Administrative state of Diameter proxy"; } leaf router-instance { status deprecated; type string; description "Routing context associated with Diameter proxy"; } leaf local-address { status deprecated; type types-sros:ip-unicast-address; description "Source IP address on which Diameter proxy listens"; } container mcs-peer { status deprecated; presence "Multi-Chassis Synchronization peer in Diameter multi-chassis redundancy"; description "Enter the mcs-peer context"; leaf address { status deprecated; type leafref { path "../../../../../../redundancy/multi-chassis/peer/ip-address"; } sros-ext:immutable; mandatory true; description "MCS peer address"; } leaf sync-tag { status deprecated; type types-sros:named-item; sros-ext:immutable; mandatory true; description "Synchronization tag shared by MCS peers"; } leaf-list apply-groups { status deprecated; type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // container mcs-peer } // container proxy } // list peer-policy } // container diameter container wpp { description "Enter the wpp context"; leaf system-name { type string { length "1..16"; } description "System name used in WPP protocol messages"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list portal-group { key "group-name"; description "Enter the portal-group list instance"; leaf group-name { type types-sros:named-item; description "Portal group name"; } leaf description { type types-sros:description; description "Text description"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the portal group"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list portal { key "router-instance name"; max-elements 8; description "Add a list entry for portal"; leaf router-instance { type string; description "Router on which the portal is configured"; } leaf name { type types-sros:named-item; description "Portal name"; } } // list portal } // list portal-group } // container wpp } // container aaa container bfd { description "Enter the bfd context"; leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list bfd-template { key "name"; description "Enter the bfd-template list instance"; leaf name { type types-sros:named-item; description "BFD template name"; } leaf echo-receive { type uint32 { range "100..100000"; } units "milliseconds"; default "100"; description "Echo receive interval"; } leaf multiplier { type uint32 { range "1..20"; } default "3"; description "Detection multiplier value"; } leaf receive-interval { type uint32 { range "10..100000"; } units "milliseconds"; default "100"; description "Receive interval"; } leaf transmit-interval { type uint32 { range "10..100000"; } units "milliseconds"; default "100"; description "Transmit interval"; } leaf type { type enumeration { enum "cpm-np" { value 1; } } description "Local termination point for the BFD session"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list bfd-template container seamless-bfd { description "Enter the seamless-bfd context"; list reflector { key "name"; max-elements 1; description "Enter the reflector list instance"; leaf name { type types-sros:named-item; description "S-BFD reflector name"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Enable/disable the S-BFD reflector"; } leaf discriminator { type uint32 { range "524288..526335"; } description "Discriminator of the seamless BFD reflector"; } leaf description { type types-sros:description; description "Text description"; } leaf local-state { type enumeration { enum "admin-down" { value 0; } enum "up" { value 3; } } default "up"; description "Local state of the seamless BFD reflector"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list reflector } // container seamless-bfd } // container bfd container bmp { description "Enter the bmp context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the BMP operation"; } leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container collector { description "Enter the collector context"; leaf admin-state { type types-sros:admin-state; sros-ext:auto-restart-to-modify; default "disable"; description "Administrative state of the BMP collector."; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; sros-ext:auto-restart-to-modify; description "Apply a configuration group at this level"; } container connection { sros-ext:auto-restart-to-modify; description "Enter the connection context"; container ipv4 { sros-ext:auto-restart-to-modify; description "Enter the ipv4 context"; leaf address { type types-sros:ipv4-unicast-address; sros-ext:auto-restart-to-modify; description "IPv4 address."; } leaf port { type types-sros:tcp-udp-port-non-zero; sros-ext:auto-restart-to-modify; default "4210"; description "IPv4 TCP port."; } } // container ipv4 container ipv6 { sros-ext:auto-restart-to-modify; description "Enter the ipv6 context"; leaf address { type types-sros:ipv6-unicast-address; sros-ext:auto-restart-to-modify; description "IPv6 address."; } leaf port { type types-sros:tcp-udp-port-non-zero; sros-ext:auto-restart-to-modify; default "4210"; description "IPv6 TCP port."; } } // container ipv6 } // container connection } // container collector list station { key "name"; max-elements 8; description "Enter the station list instance"; leaf name { type types-sros:named-item; description "BMP monitoring station name"; } leaf description { type types-sros:description; description "Text description"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the BMP monitoring station"; } leaf initiation-message { type string { length "1..255"; } description "Free form initiation message for a type 0 TLV to be sent to the BMP monitoring station"; } leaf stats-report-interval { type types-sros:time-duration { range "15..65535"; } units "seconds"; description "Frequency of statistics reporting messages sent to the BMP monitoring station"; } leaf report-local-routes { type boolean; default "false"; description "Allow local route reporting to the BMP monitoring station"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container connection { description "Enter the connection context"; leaf connect-retry { type types-sros:time-duration { range "1..65535"; } units "seconds"; default "120"; description "Maximum time between connection attempts"; } leaf local-address { type types-sros:ip-unicast-address; description "Local IP address to communicate with the BMP monitoring station"; } leaf router-instance { type string; default "Base"; description "Router instance used to reach the BMP station"; } container station-address { description "Enter the station-address context"; leaf ip-address { type types-sros:ip-unicast-address; description "IP address of the BMP monitoring station"; } leaf port { type types-sros:tcp-udp-port-non-zero; description "Port of the BMP monitoring station"; } } // container station-address container tcp-keepalive { description "Enter the tcp-keepalive context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of TCP keepalive"; } leaf keep-idle { type types-sros:time-duration { range "1..100000"; } units "seconds"; default "600"; description "Time until the first TCP keepalive probe is sent."; } leaf keep-interval { type types-sros:time-duration { range "1..100000"; } units "seconds"; default "15"; description "Time between two TCP keepalive probes"; } leaf keep-count { type uint32 { range "3..100"; } default "4"; description "Number of missed keepalives before the TCP connection is declared down"; } } // container tcp-keepalive } // container connection container family { description "Enter the family context"; leaf ipv4 { type boolean; default "true"; description "Support IPv4 address family"; } leaf ipv6 { type boolean; default "false"; description "Support IPv6 address family"; } leaf label-ipv4 { type boolean; default "false"; description "Support labeled IPv4 address family"; } leaf label-ipv6 { type boolean; default "false"; description "Support labeled IPv6 address family"; } leaf mcast-ipv4 { type boolean; default "false"; description "Support IPv4 multicast address family"; } leaf mcast-ipv6 { type boolean; default "false"; description "Support IPv6 multicast address family"; } leaf vpn-ipv4 { type boolean; default "false"; description "Support VPN IPv4 address family"; } leaf vpn-ipv6 { type boolean; default "false"; description "Support VPN IPv6 address family"; } leaf mcast-vpn-ipv4 { type boolean; default "false"; description "Support IPv4 VPN multicast address family"; } leaf mcast-vpn-ipv6 { type boolean; default "false"; description "Support IPv6 VPN multicast address family"; } leaf evpn { type boolean; default "false"; description "Support EVPN address family"; } leaf l2-vpn { type boolean; default "false"; description "Support L2 VPN address family"; } } // container family } // list station } // container bmp container call-trace { description "Enter the call-trace context"; leaf max-files-number { type uint32 { range "1..1024"; } default "200"; description "Maximum number of all call trace log files stored on all compact flash cards"; } leaf primary-cf { type enumeration { enum "cf1" { value 1; } enum "cf2" { value 2; } } default "cf1"; description "Compact flash card to be used as primary local storage location to save the call trace log files"; } leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list location { key "location-type"; description "Enter the location list instance"; leaf location-type { type enumeration { enum "cf1" { value 1; } enum "cf2" { value 2; } } description "ID of the compact flash card to be used"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of compact flash for log storage"; } leaf size-limit { type union { type uint32 { range "1..65536"; } type enumeration { enum "unlimited" { value 0; } } } default "1000"; description "Maximum cumulative size of all local call trace log files stored on the given compact flash card"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list location list trace-profile { key "name"; description "Enter the trace-profile list instance"; leaf name { type types-sros:named-item; description "Unique name for the call trace profile"; } leaf description { type types-sros:description; description "Text description"; } leaf size-limit { type uint32 { range "1..1000"; } units "megabytes"; default "10"; description "Maximum data volume generated by a single call trace job to the output"; } leaf time-limit { type types-sros:time-duration { range "1..604800"; } default "86400"; description "Maximum time for a single call trace job"; } leaf events { type enumeration { enum "public-only" { value 2; } enum "all" { value 3; } } description "Events to include in the captured trace"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container applications { description "Enter the applications context"; leaf connectivity-management { type boolean; default "true"; description "Allow tracing for connectivity protocols"; } leaf radius-auth { type boolean; default "true"; description "Allow tracing for messages and events related to RADIUS authentication"; } leaf radius-acct { type boolean; default "true"; description "Allow tracing for messages and events related to RADIUS-based accounting"; } leaf python { type boolean; default "true"; description "Allow tracing for Python script execution"; } leaf ludb { type boolean; default "true"; description "Allow tracing for local user database lookups"; } leaf msap { type boolean; default "true"; description "Allow tracing for MSAP creation events"; } } // container applications container output { description "Enter the output context"; choice destination { default "local-storage"; case local-storage { leaf local-storage { type empty; description "Default destination for output"; } } case debug { leaf debug { type empty; description "Trace log generated by a call trace job to be decoded as test and sent to debug logging"; } } case live { container live { presence "Live output"; description "Enter the live context"; leaf port { type types-nat:port-number; default "29770"; description "TCP IP port"; } leaf router-instance { type string; default "Base"; description "Router instance or VPRN service name"; } choice live { mandatory true; case ip-address { leaf ip-address { type types-sros:ip-address; description "IP address of the live output destination"; } } case fqdn { leaf fqdn { type string { length "1..255"; } description "Fully qualified domain name of the live output destination"; } } } } // container live } } } // container output } // list trace-profile } // container call-trace list card { key "slot-number"; description "Enter the card list instance"; leaf slot-number { type types-card:iom-card-slot; description "IOM slot within a chassis"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the I/O module"; } leaf card-type { type types-card:sros-iom-type; sros-ext:immutable; description "Card type"; } leaf fail-on-error { type boolean; default "false"; description "Set the Operational State of the card to Failed when an error is detected"; } leaf reset-on-recoverable-error { type boolean; default "false"; description "Reset card for fatal memory parity error on a Q-chip of the card, regardless of fail-on-error setting"; } leaf level { type types-card:sros-iom-level; sros-ext:immutable; description "Functional level of I/O module for slot"; } leaf power-save { type boolean; default "false"; description "Keeps the card in a low-power, unloaded state when set."; } leaf filter-profile { type types-card:filter-profile; sros-ext:auto-restart-to-modify; default "none"; description "The filter allocation profile for the card."; } leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list upgrade { key "upgrade-index"; description "Enter the upgrade list instance"; leaf upgrade-index { type uint32 { range "1..6"; } description "The unique value which identifies the functional upgrade number on this card on the system."; } leaf path { type types-card:sros-iom-level-upgrade-path; sros-ext:immutable; mandatory true; description "Provisions the functional level upgrade path of the I/O module for this slot."; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list upgrade container virtual-scheduler-adjustment { description "Enter the virtual-scheduler-adjustment context"; leaf internal-scheduler-weight-mode { type types-qos:internal-scheduler-weight-mode; default "auto"; description "Internal scheduler weight mode"; } leaf slow-queue-threshold-rate { type uint32 { range "0..1000000"; } units "kilobps"; default "1000"; description "Rate of the slow queue threshold"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container interval { description "Enter the interval context"; leaf scheduler-run-minimum { type decimal64 { range "0.01..1000.00"; fraction-digits 2; } units "percent"; default "100.00"; description "Minimum time of the scheduler run"; } leaf task-scheduling { type decimal64 { range "0.01..1000.00"; fraction-digits 2; } units "percent"; default "100.00"; description "Task scheduling interval"; } container rate-calculation-minimum { description "Enter the rate-calculation-minimum context"; leaf fast-queue { type decimal64 { range "0.01..1000.00"; fraction-digits 2; } units "percent"; default "100.00"; description "Default minimum rate calculation time for fast queues"; } leaf slow-queue { type decimal64 { range "0.01..1000.00"; fraction-digits 2; } units "percent"; default "100.00"; description "Default minimum rate calculation time for slow queues"; } } // container rate-calculation-minimum } // container interval } // container virtual-scheduler-adjustment list mda { key "mda-slot"; description "Enter the mda list instance"; leaf mda-slot { type uint32 { range "1..6"; } description "MDA slot"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of MDA"; } leaf fail-on-error { type boolean; default "false"; description "Set the Operational State of the MDA to Failed when threshold of egress XPL errors is reached"; } leaf mda-type { type types-card:sros-mda-type; sros-ext:immutable; description "MDA configuration for slot"; } leaf power-priority-level { type uint32 { range "1..200"; } default "150"; description "Power priority value, lower value has higher priority"; } leaf reset-on-recoverable-error { type boolean; default "false"; description "Reset MDA for fatal memory parity error on a Q-chip of the MDA, regardless of fail-on-error setting"; } leaf sync-e { type enumeration { enum "true" { value 1; } enum "false" { value 2; } } description "Synchronous Ethernet"; } leaf level { type types-card:sros-mda-level; sros-ext:immutable; description "Functional level of MDA for slot"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container clock-mode { description "Enter the clock-mode context"; leaf mode { type enumeration { enum "adaptive" { value 1; } enum "differential" { value 2; } } description "Clock mode"; } leaf timestamp-freq { type uint32 { range "19440|77760|103680"; } description "Differential timestamp frequency"; } } // container clock-mode container egress-xpl { description "Enter the egress-xpl context"; leaf threshold { type uint32 { range "1..1000000"; } units "xpl errors"; default "1000"; description "Threshold value for egress XPL errors"; } leaf window { type uint32 { range "1..1440"; } units "minutes"; default "60"; description "Time interval to measure frequency of egress XPL errors against threshold value"; } } // container egress-xpl container ingress-xpl { description "Enter the ingress-xpl context"; leaf threshold { type uint32 { range "1..1000000"; } units "xpl errors"; default "1000"; description "Threshold value for ingress XPL errors"; } leaf window { type uint32 { range "1..1440"; } units "minutes"; default "60"; description "Time interval to measure frequency of ingress XPL errors against threshold value"; } } // container ingress-xpl list upgrade { key "upgrade-index"; description "Enter the upgrade list instance"; leaf upgrade-index { type uint32 { range "1..6"; } description "The unique value which identifies the functional upgrade number on this MDA on the system."; } leaf path { type types-card:sros-mda-level-upgrade-path; sros-ext:immutable; mandatory true; description "Provisions the functional level upgrade path of the MDA for this slot."; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list upgrade container access { description "Enter the access context"; leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container egress { description "Enter the egress context"; leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list pool { key "name"; description "Enter the pool list instance"; leaf name { type types-sros:named-item; description "Unique pool name for MDA"; } leaf amber-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Configure amber alarm threshold allowed on over-subscription."; } leaf red-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Configure red alarm threshold allowed on over-subscription."; } leaf slope-policy { type leafref { path "../../../../../../qos/slope-policy/slope-policy-name"; } description "Configure the slope policy."; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container resv-cbs { description "Enter the resv-cbs context"; leaf cbs { type int32 { range "0..100"; } units "percent"; description "Configure the percentage of pool size reserved for CBS. For network, the default value is computed as the sum of the CBS request by the entities using the pool. For access, the default value is 30%."; } container amber-alarm-action { description "Enter the amber-alarm-action context"; leaf step { type uint32 { range "1..100"; } units "percent"; description "Configure the step-size percentage for the reserved CBS size of the pool. When set to a value of zero (0), the adaptive CBS sizing is disabled. To enable adaptive CBS sizing, both this leaf and amber-alarm-action/max must be set to non-default values. Adaptive CBS sizing can only be enabled when resv-cbs is non-default."; } leaf max { type uint32 { range "1..100"; } units "percent"; description "Configure the maximum percentage for the reserved CBS size of the pool. When set to a value of zero (0), the adaptive CBS sizing is disabled. To enable adaptive CBS sizing, both this leaf and amber-alarm-action/step must be set to non-default values. Adaptive CBS sizing can only be enabled when resv-cbs is non-default. This value must not be more than resv-cbs."; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container egress container ingress { description "Enter the ingress context"; leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list pool { key "name"; description "Enter the pool list instance"; leaf name { type types-sros:named-item; description "Unique pool name for MDA"; } leaf amber-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Amber alarm threshold allowed on over-subscription"; } leaf red-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Red alarm threshold allowed on over-subscription"; } leaf slope-policy { type leafref { path "../../../../../../qos/slope-policy/slope-policy-name"; } description "Slope policy name"; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container resv-cbs { description "Enter the resv-cbs context"; leaf cbs { type int32 { range "0..100"; } units "percent"; description "Percentage of pool size reserved for CBS"; } container amber-alarm-action { description "Enter the amber-alarm-action context"; leaf step { type uint32 { range "1..100"; } units "percent"; description "Step-size percentage for reserved CBS size of the pool"; } leaf max { type uint32 { range "1..100"; } units "percent"; description "Maximum percentage for reserved CBS size of the pool"; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container ingress } // container access container egress { description "Enter the egress context"; leaf hsmda-pool-policy { type leafref { path "../../../../qos/hsmda-pool-policy/hsmda-pool-policy-name"; } description "Egress HSMDA pool policy"; } container hsmda-aggregate-queue-burst { description "Enter the hsmda-aggregate-queue-burst context"; leaf high-burst-increase { type int32 { range "0..65536"; } units "bytes"; description "High burst increase"; } leaf low-burst-multiplier { type int32 { range "1..65536"; } description "Low burst multiplier"; } } // container hsmda-aggregate-queue-burst } // container egress list event { key "type"; description "Enter the event list instance"; leaf type { type types-chassis:hw-event-type; description "The unique value which identifies the event type to be monitored on this MDA in the system."; } leaf action { type types-chassis:hw-event-action; description "Provisions action to be taken on the MDA when the event is detected."; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list event container network { description "Enter the network context"; leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container egress { description "Enter the egress context"; leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list pool { key "name"; description "Enter the pool list instance"; leaf name { type types-sros:named-item; description "Unique pool name for MDA"; } leaf amber-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Configure amber alarm threshold allowed on over-subscription."; } leaf red-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Configure red alarm threshold allowed on over-subscription."; } leaf slope-policy { type leafref { path "../../../../../../qos/slope-policy/slope-policy-name"; } description "Configure the slope policy."; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container resv-cbs { description "Enter the resv-cbs context"; leaf cbs { type int32 { range "0..100"; } units "percent"; description "Configure the percentage of pool size reserved for CBS. For network, the default value is computed as the sum of the CBS request by the entities using the pool. For access, the default value is 30%."; } container amber-alarm-action { description "Enter the amber-alarm-action context"; leaf step { type uint32 { range "1..100"; } units "percent"; description "Configure the step-size percentage for the reserved CBS size of the pool. When set to a value of zero (0), the adaptive CBS sizing is disabled. To enable adaptive CBS sizing, both this leaf and amber-alarm-action/max must be set to non-default values. Adaptive CBS sizing can only be enabled when resv-cbs is non-default."; } leaf max { type uint32 { range "1..100"; } units "percent"; description "Configure the maximum percentage for the reserved CBS size of the pool. When set to a value of zero (0), the adaptive CBS sizing is disabled. To enable adaptive CBS sizing, both this leaf and amber-alarm-action/step must be set to non-default values. Adaptive CBS sizing can only be enabled when resv-cbs is non-default. This value must not be more than resv-cbs."; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container egress container ingress { description "Enter the ingress context"; leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } leaf queue-policy { status obsolete; type leafref { path "../../../../../qos/network-queue/network-queue-policy"; } description "Network-queue policy"; } list pool { status obsolete; key "name"; description "Enter the pool list instance"; leaf name { status obsolete; type types-sros:named-item; description "Unique pool name for MDA"; } leaf amber-alarm-threshold { status obsolete; type uint32 { range "1..1000"; } units "percent"; description "Amber alarm threshold allowed on over-subscription"; } leaf red-alarm-threshold { status obsolete; type uint32 { range "1..1000"; } units "percent"; description "Red alarm threshold allowed on over-subscription"; } leaf slope-policy { status obsolete; type leafref { path "../../../../../../qos/slope-policy/slope-policy-name"; } description "Slope policy name"; } leaf-list apply-groups { status obsolete; type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container resv-cbs { status obsolete; description "Enter the resv-cbs context"; leaf cbs { status obsolete; type int32 { range "0..100"; } units "percent"; description "Percentage of pool size reserved for CBS"; } container amber-alarm-action { status obsolete; description "Enter the amber-alarm-action context"; leaf step { status obsolete; type uint32 { range "1..100"; } units "percent"; description "Step-size percentage for reserved CBS size of the pool"; } leaf max { status obsolete; type uint32 { range "1..100"; } units "percent"; description "Maximum percentage for reserved CBS size of the pool"; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container ingress } // container network } // list mda list xiom { key "xiom-slot"; description "Enter the xiom list instance"; leaf xiom-slot { type string { length "2"; pattern "x[1-2]" { error-message "Invalid xiom-slot."; } } description "The unique value which identifies this XIOM slot within a specific IOM card in the system."; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the XIOM"; } leaf fail-on-error { type boolean; default "false"; description "Configure the behavior of the XIOM state when an error is detected."; } leaf level { type types-card:sros-xiom-level; sros-ext:immutable; description "Provisions the functional level of the XIOM in this slot."; } leaf reset-on-recoverable-error { type boolean; default "false"; description "Configure the behavior of the XIOM state when a fatal memory parity error is detected on a Q-chip of the XIOM."; } leaf xiom-type { type types-card:sros-xiom-type; sros-ext:immutable; description "Provisions/de-provisions an XIOM to/from the device configuration for the slot."; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list mda { key "mda-slot"; description "Enter the mda list instance"; leaf mda-slot { type uint32 { range "1..2"; } description "The unique value which identifies this MDA slot within a specific XIOM card in the system."; } leaf mda-type { type types-card:sros-xiom-mda-type; sros-ext:immutable; description "Provisions/de-provisions an MDA to/from the device configuration for the XIOM slot."; } leaf power-priority-level { type uint32 { range "1..200"; } default "150"; description "Configure the power priority level of the XIOM MDA."; } leaf sync-e { type enumeration { enum "true" { value 1; } enum "false" { value 2; } } description "Enable/Disable Synchronous Ethernet."; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of MDA"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list mda list upgrade { key "upgrade-index"; description "Enter the upgrade list instance"; leaf upgrade-index { type uint32 { range "1..6"; } description "The unique value which identifies the functional upgrade number on this XIOM on the system."; } leaf path { type types-card:sros-xiom-level-upgrade-path; sros-ext:immutable; mandatory true; description "Provisions the functional level upgrade path of the XIOM for this slot."; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list upgrade } // list xiom list fp { key "fp-number"; description "Enter the fp list instance"; leaf fp-number { type uint32 { range "1..8"; } description "Forwarding plane within a specific IOM card"; } leaf ingress-buffer-allocation { type decimal64 { range "20.00..80.00"; fraction-digits 2; } units "percent"; default "50.00"; description "Ingress buffer pool percentage for forwarding plane"; } leaf init-extract-prio-mode { type enumeration { enum "uniform" { value 1; } enum "l3-classify" { value 2; } } default "uniform"; description "Scheme to select initial drop priority of extracted control plane traffic"; } leaf policy-accounting { type uint32 { range "1000..128000"; } description "Number of stats resources for policy accounting for the forwarding plane"; } leaf stable-pool-sizing { type boolean; default "false"; description "Use a stable buffer pool allocation environment for all default port buffer pools on an FP"; } leaf fp-resource-policy { type leafref { path "../../../qos/fp-resource-policy/fp-resource-policy-name"; } sros-ext:card-auto-reset-on-modify; description "Configure the qos fp resource policy."; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container dist-cpu-protection { description "Enter the dist-cpu-protection context"; leaf dynamic-enforcement-policer-pool { type uint32 { range "1000..32000"; } description "Number of policers reserved for use as dynamic enforcement policers on forwarding plane"; } } // container dist-cpu-protection container egress { description "Enter the egress context"; leaf hs-fixed-high-thresh-delta { type int32 { range "0..65536"; } description "High threshold delta on forwarding plane"; } leaf hs-pool-policy { type leafref { path "../../../../qos/hs-pool-policy/name"; } description "HS pool policy"; } container wred-queue-control { description "Enter the wred-queue-control context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of WRED queue control"; } leaf buffer-allocation { type decimal64 { range "0.01..99.99"; fraction-digits 2; } units "percent"; default "25.00"; description "Configure the WRED queue aggregate buffer allocation which will be set aside for WRED queue buffer pools"; } leaf reserved-cbs { type decimal64 { range "0.01..99.99"; fraction-digits 2; } units "percent"; default "25.00"; description "Configure the buffers within the WRED pool that will be set aside for WRED queues operating within their configured CBS thresholds."; } leaf slope-policy { type leafref { path "../../../../../qos/slope-policy/slope-policy-name"; } description "Egress WRED queue control slope policy for forwarding plane"; } } // container wred-queue-control } // container egress container hi-bw-mcast-src { presence "Enable/disable high bandwidth multicast source functionality."; description "Enter the hi-bw-mcast-src context"; leaf alarm { type boolean; default "false"; description "Raise an alarm when more than one high bandwidth multicast traffic taps share a plane"; } leaf group { type uint32 { range "0..32"; } default "0"; description "Logical MSFP group of the MDA"; } leaf default-paths-only { type boolean; default "false"; description "Allocate only the two default paths (one high priority and one low priority) to dedicated MSFPs"; } } // container hi-bw-mcast-src container ingress { description "Enter the ingress context"; container access { description "Enter the access context"; list queue-group { key "queue-group-name instance-id"; description "Enter the queue-group list instance"; leaf queue-group-name { type leafref { path "../../../../../../qos/queue-group-templates/ingress/queue-group/ingress-queue-group-name"; } description "Queue group name"; } leaf instance-id { type uint16 { range "1..65535"; } description "Instance ID"; } leaf accounting-policy { type leafref { path "../../../../../../log/accounting-policy/policy-id"; } description "Accounting policy for the FP ingress queue group"; } leaf collect-stats { type boolean; default "false"; description "Collect statistics on FP ingress queue group"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container policer-control-policy { description "Enter the policer-control-policy context"; leaf policy-name { type leafref { path "../../../../../../../qos/policer-control-policy/policer-control-policy-name"; } description "Policer control policy"; } container overrides { presence "Enable policer control policy overrides."; description "Enter the overrides context"; leaf max-rate { type types-qos:queue-pir-rate-override; units "kilobps"; description "Maximum rate override"; } leaf-list apply-groups { type leafref { path "../../../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container priority-mbs-thresholds { description "Enter the priority-mbs-thresholds context"; leaf min-threshold-separation { type types-qos:policer-burst-size-override; units "bytes"; description "Minimum threshold separation override"; } list priority { key "level"; description "Enter the priority list instance"; leaf level { type types-qos:hierarchy-level; description "Priority level"; } leaf mbs-contribution { type types-qos:policer-burst-size-override; units "bytes"; description "MBS contribution size override"; } leaf-list apply-groups { type leafref { path "../../../../../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list priority } // container priority-mbs-thresholds } // container overrides } // container policer-control-policy container policer-overrides { description "Enter the policer-overrides context"; list policer { key "policer-id"; description "Enter the policer list instance"; leaf policer-id { type leafref { path "../../../../../../../../qos/queue-group-templates/ingress/queue-group[ingress-queue-group-name=current()/../../../queue-group-name]/policer/policer-id"; } description "Policer identifier"; } leaf cbs { type types-qos:policer-burst-size-override; units "bytes"; description "CBS parameter override"; } leaf mbs { type types-qos:policer-burst-size-override; units "bytes"; description "MBS parameter override"; } leaf packet-byte-offset { type types-qos:ingress-per-packet-offset-override; description "Size of each packet handled by the policer"; } leaf stat-mode { type types-qos:ingress-policer-stat-mode; description "Stat mode for the policer"; } leaf-list apply-groups { type leafref { path "../../../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container rate { description "Enter the rate context"; leaf cir { type types-qos:queue-cir-rate-override; description "CIR rate"; } leaf pir { type types-qos:queue-pir-rate-override; description "PIR rate"; } } // container rate } // list policer } // container policer-overrides } // list queue-group } // container access container mcast-path-management { description "Enter the mcast-path-management context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of ingress MCAST path management"; } leaf bandwidth-policy { type leafref { path "../../../../../multicast-management/bandwidth-policy/policy-name"; } description "Bandwidth policy associated with the MDA or forwarding plane for ingress multicast path management"; } } // container mcast-path-management container network { description "Enter the network context"; leaf queue-policy { type leafref { path "../../../../../qos/network-queue/network-queue-policy"; } description "Network policy queue policy"; } list queue-group { key "queue-group-name instance-id"; description "Enter the queue-group list instance"; leaf queue-group-name { type leafref { path "../../../../../../qos/queue-group-templates/ingress/queue-group/ingress-queue-group-name"; } description "Queue group name"; } leaf instance-id { type uint16 { range "1..65535"; } description "Instance ID"; } leaf accounting-policy { type leafref { path "../../../../../../log/accounting-policy/policy-id"; } description "Accounting policy for the FP ingress queue group"; } leaf collect-stats { type boolean; default "false"; description "Collect statistics on FP ingress queue group"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container policer-control-policy { description "Enter the policer-control-policy context"; leaf policy-name { type leafref { path "../../../../../../../qos/policer-control-policy/policer-control-policy-name"; } description "Policer control policy"; } container overrides { presence "Enable policer control policy overrides."; description "Enter the overrides context"; leaf max-rate { type types-qos:queue-pir-rate-override; units "kilobps"; description "Maximum rate override"; } leaf-list apply-groups { type leafref { path "../../../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container priority-mbs-thresholds { description "Enter the priority-mbs-thresholds context"; leaf min-threshold-separation { type types-qos:policer-burst-size-override; units "bytes"; description "Minimum threshold separation override"; } list priority { key "level"; description "Enter the priority list instance"; leaf level { type types-qos:hierarchy-level; description "Priority level"; } leaf mbs-contribution { type types-qos:policer-burst-size-override; units "bytes"; description "MBS contribution size override"; } leaf-list apply-groups { type leafref { path "../../../../../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list priority } // container priority-mbs-thresholds } // container overrides } // container policer-control-policy container policer-overrides { description "Enter the policer-overrides context"; list policer { key "policer-id"; description "Enter the policer list instance"; leaf policer-id { type leafref { path "../../../../../../../../qos/queue-group-templates/ingress/queue-group[ingress-queue-group-name=current()/../../../queue-group-name]/policer/policer-id"; } description "Policer identifier"; } leaf cbs { type types-qos:policer-burst-size-override; units "bytes"; description "CBS parameter override"; } leaf mbs { type types-qos:policer-burst-size-override; units "bytes"; description "MBS parameter override"; } leaf packet-byte-offset { type types-qos:ingress-per-packet-offset-override; description "Size of each packet handled by the policer"; } leaf stat-mode { type types-qos:ingress-policer-stat-mode; description "Stat mode for the policer"; } leaf-list apply-groups { type leafref { path "../../../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container rate { description "Enter the rate context"; leaf cir { type types-qos:queue-cir-rate-override; description "CIR rate"; } leaf pir { type types-qos:queue-pir-rate-override; description "PIR rate"; } } // container rate } // list policer } // container policer-overrides } // list queue-group list pool { key "name"; description "Enter the pool list instance"; leaf name { type types-sros:named-item; description "Unique pool name for the FP"; } leaf amber-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Amber alarm threshold allowed on over-subscription"; } leaf red-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Red alarm threshold allowed on over-subscription"; } leaf slope-policy { type leafref { path "../../../../../../qos/slope-policy/slope-policy-name"; } description "Slope policy name"; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container resv-cbs { description "Enter the resv-cbs context"; leaf cbs { type int32 { range "0..100"; } units "percent"; description "Percentage of pool size reserved for CBS"; } container amber-alarm-action { description "Enter the amber-alarm-action context"; leaf step { type uint32 { range "1..100"; } units "percent"; description "Step-size percentage for reserved CBS size of the pool"; } leaf max { type uint32 { range "1..100"; } units "percent"; description "Maximum percentage for reserved CBS size of the pool"; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container network } // container ingress } // list fp } // list card container cflowd { presence "cflowd"; description "Enter the cflowd context"; leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of Cflowd sampling"; } leaf analyze-gre-payload { type boolean; default "false"; description "Perform Cflowd analysis on the inner IP packet within a GRE packet"; } leaf analyze-l2tp-traffic { type boolean; default "false"; description "Perform Cflowd analysis on the inner header within an L2TP packet."; } leaf analyze-v4overv6-traffic { type boolean; default "false"; description "Perform Cflowd analysis on the inner IPv4 packet within an IPv6 packet."; } leaf cache-size { type uint32 { range "1000..1500000"; } units "flows"; description "Maximum number of active flows in the flow cache table"; } leaf enhanced-distribution { type boolean; default "false"; description "Include ingress port ID in the hashing algorithm used to distribute Cflowd sample traffic"; } leaf export-mode { type enumeration { enum "automatic" { value 1; } enum "manual" { value 2; } } default "automatic"; description "Export mode for flow data"; } leaf inband-collector-export-only { type boolean; default "false"; description "Export the traffic to all collectors only via in-band interfaces"; } leaf overflow { type uint32 { range "1..50"; } units "percent"; default "1"; description "Percentage of entries to remove from Cflowd cache when the maximum number of entries is exceeded"; } leaf template-retransmit { type uint32 { range "10..600"; } units "seconds"; default "600"; description "Time to resend template information"; } leaf use-vrtr-if-index { type boolean; default "false"; description "Export flow data using virtual router interface indexes"; } leaf active-flow-timeout { type uint32 { range "60..36000"; } units "seconds"; default "1800"; description "Specifies the maximum amount of time, in seconds, before an active flow will be exported. If an individual flow is active for this amount of time, the flow is exported and a new flow is created."; } leaf inactive-flow-timeout { type uint32 { range "10..600"; } units "seconds"; default "15"; description "Specifies the amount of time, in seconds, that must elapse without a packet matching a flow before the flow is considered inactive."; } leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } leaf active-timeout { status obsolete; type uint32 { range "1..600"; } units "minutes"; default "30"; description "Maximum time before an active flow is exported"; } leaf inactive-timeout { status obsolete; type uint32 { range "10..600"; } units "seconds"; default "15"; description "Time before the flow is considered inactive"; } leaf rate { status obsolete; type uint32 { range "1..10000"; } units "packets"; default "1000"; description "Rate at which traffic is sampled and sent for Cflowd analysis"; } list sample-profile { key "profile-id"; max-elements 5; description "Enter the sample-profile list instance"; leaf profile-id { type uint32 { range "1..5"; } description "The unique specifier of this sample-profile"; } leaf sample-rate { type uint32 { range "1..10000"; } default "1000"; description "The cflowd sampling rate for this profile"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list sample-profile list collector { key "ip-address port"; max-elements 8; description "Enter the collector list instance"; leaf ip-address { type types-sros:ip-unicast-address; description "IP address of a remote Cflowd collector host to receive the exported Cflowd data"; } leaf port { type types-qos:tcp-udp-match-port { range "1..65535"; } description "UDP port number on the remote Cflowd collector host to receive the exported Cflowd data"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this Cflowd collector"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 1; } enum "peer" { value 2; } } default "origin"; description "Basis of the AS information included in flow data"; } leaf description { type types-sros:description; description "Text description"; } leaf router-instance { type string; default "management"; description "Router context for the flow data for this Cflowd collector"; } leaf template-set { type enumeration { enum "not-applicable" { value 0; } enum "basic" { value 1; } enum "mpls-ip" { value 2; } enum "l2-ip" { value 3; } enum "mpls-transport" { value 4; } } description "Template set for this Cflowd collector"; } leaf version { type types-cflowd:collector-version; sros-ext:immutable; mandatory true; description "Flow data collector version"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container aggregation { description "Enter the aggregation context"; leaf as-matrix { type boolean; default "false"; description "Base aggregation data on autonomous system (AS) information"; } leaf protocol-port { type boolean; default "false"; description "Aggregate flows based on the IP protocol, source port number, and destination port number"; } leaf source-prefix { type boolean; default "false"; description "Aggregate flows based on the source prefix information"; } leaf destination-prefix { type boolean; default "false"; description "Aggregate data based on the destination prefix information"; } leaf source-destination-prefix { type boolean; default "false"; description "Aggregate data based on the source and destination prefix information"; } leaf raw { type boolean; default "false"; description "Export flow data without aggregation"; } } // container aggregation container export-filter { when "../version = 9 or ../version = 10"; description "Enter the export-filter context"; container family { description "Enter the family context"; leaf ipv4 { type boolean; default "false"; description "Filter IPv4 flow data from being sent to the associated collector"; } leaf ipv6 { type boolean; default "false"; description "Filter IPv6 flow data from being sent to the associated collector"; } leaf mcast-ipv4 { type boolean; default "false"; description "Filter multicast IPv4 flow data from being sent to the associated collector"; } leaf mcast-ipv6 { type boolean; default "false"; description "Filter multicast IPv6 flow data from being sent to the associated collector"; } leaf l2-ip { type boolean; default "false"; description "Filter Layer 2 IP flow data from being sent to the associated collector"; } leaf mpls { type boolean; default "false"; description "Filter MPLS flow data from being sent to the associated collector"; } } // container family list router { key "router-instance"; description "Add a list entry for router"; leaf router-instance { type string; description "Router instance ID"; } } // list router container interface-list { description "Enter the interface-list context"; list router { key "router-name interface-name"; description "Add a list entry for router"; leaf router-name { type leafref { path "../../../../../../router/router-name"; } description "Name of router associated with the interface"; } leaf interface-name { type leafref { path "../../../../../../router[router-name=current()/../router-name]/interface/interface-name"; } description "Interface name"; } } // list router container service { description "Enter the service context"; list ies-interface { key "service-name interface-name"; description "Add a list entry for ies-interface"; leaf service-name { type leafref { path "../../../../../../../service/ies/service-name"; } description "IES service name"; } leaf interface-name { type leafref { path "../../../../../../../service/ies[service-name=current()/../service-name]/interface/interface-name"; } description "ies interface name"; } } // list ies-interface list ies-group-interface { key "service-name subscriber-interface-name group-interface-name"; description "Add a list entry for ies-group-interface"; leaf service-name { type leafref { path "../../../../../../../service/ies/service-name"; } description "IES service name"; } leaf subscriber-interface-name { type leafref { path "../../../../../../../service/ies[service-name=current()/../service-name]/subscriber-interface/interface-name"; } description "IES subscriber-interface name"; } leaf group-interface-name { type leafref { path "../../../../../../../service/ies[service-name=current()/../service-name]/subscriber-interface[interface-name=current()/../subscriber-interface-name]/group-interface/group-interface-name"; } description "IES group-interface name"; } } // list ies-group-interface list vprn-interface { key "service-name interface-name"; description "Add a list entry for vprn-interface"; leaf service-name { type leafref { path "../../../../../../../service/vprn/service-name"; } description "VPRN service name"; } leaf interface-name { type leafref { path "../../../../../../../service/vprn[service-name=current()/../service-name]/interface/interface-name"; } description "vprn interface name"; } } // list vprn-interface list vprn-network-interface { key "service-name network-interface-name"; description "Add a list entry for vprn-network-interface"; leaf service-name { type leafref { path "../../../../../../../service/vprn/service-name"; } description "VPRN service name"; } leaf network-interface-name { type leafref { path "../../../../../../../service/vprn[service-name=current()/../service-name]/network-interface/interface-name"; } description "VPRN network-interface name"; } } // list vprn-network-interface list vprn-group-interface { key "service-name subscriber-interface-name group-interface-name"; description "Add a list entry for vprn-group-interface"; leaf service-name { type leafref { path "../../../../../../../service/vprn/service-name"; } description "VPRN service name"; } leaf subscriber-interface-name { type leafref { path "../../../../../../../service/vprn[service-name=current()/../service-name]/subscriber-interface/interface-name"; } description "VPRN subscriber-interface name"; } leaf group-interface-name { type leafref { path "../../../../../../../service/vprn[service-name=current()/../service-name]/subscriber-interface[interface-name=current()/../subscriber-interface-name]/group-interface/group-interface-name"; } description "vprn group-interface name"; } } // list vprn-group-interface } // container service } // container interface-list } // container export-filter } // list collector } // container cflowd list chassis { key "chassis-class chassis-number"; description "Enter the chassis list instance"; leaf chassis-class { type types-chassis:chassis-class; description "Functional use of the physical chassis"; } leaf chassis-number { type uint32 { range "1..100"; } description "Unique index to identify this physical chassis"; } leaf monitor-filter-door { type boolean; default "false"; description "The value of monitor-filter-door specifies whether or not a filter door open or missing condition will be monitored by the system."; } leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list power-supply { key "power-supply-id"; description "Enter the power-supply list instance"; leaf power-supply-id { type uint32 { range "1..31"; } description "Unique identifier index for a power supply tray in the chassis"; } leaf power-supply-type { type enumeration { enum "none" { value 0; } enum "dc-single" { value 1; } enum "ac-single" { value 2; } enum "ac-multiple" { value 3; } enum "auto" { value 4; } enum "dc-multiple" { value 5; } } default "auto"; description "Power supply type"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list power-supply list peq { key "peq-slot"; description "Enter the peq list instance"; leaf peq-slot { type uint32 { range "1..31"; } description "Unique identifier index for a power supply tray in the chassis"; } leaf input-power-mode { type uint32 { range "60|80"; } units "amperes"; description "Input power mode of the PEQ"; } leaf peq-type { type types-system:peq-type; sros-ext:immutable; description "APEQ type"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of PEQ"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list peq list power-connection-module { key "pcm-slot"; description "Enter the power-connection-module list instance"; leaf pcm-slot { type uint32 { range "1..12"; } description "Unique identifier index for a power control module in the chassis"; } leaf pcm-type { type types-chassis:pcm-type; sros-ext:immutable; description "PCM type"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list power-connection-module list power-module { key "power-module-id"; description "Enter the power-module list instance"; leaf power-module-id { type uint32 { range "1..12"; } description "Unique identifier index for a power shelf in chassis"; } leaf power-module-type { type types-chassis:power-module-type; sros-ext:immutable; description "Power module type"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the power module"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list power-module list power-shelf { key "power-shelf-id"; description "Enter the power-shelf list instance"; leaf power-shelf-id { type uint32 { range "1..2"; } description "Unique identifier index for a power shelf in chassis"; } leaf power-shelf-type { type types-chassis:power-shelf-type; sros-ext:immutable; description "Power shelf type"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the power shelf"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list power-module { key "power-module-id"; description "Enter the power-module list instance"; leaf power-module-id { type uint32 { range "1..12"; } description "Unique identifier index for a power shelf in chassis"; } leaf power-module-type { type types-chassis:power-module-type; sros-ext:immutable; description "Power module type"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the power module"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list power-module } // list power-shelf } // list chassis container connection-profile { description "Enter the connection-profile context"; leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list vlan { key "connection-profile-id"; description "Enter the vlan list instance"; leaf connection-profile-id { type uint32 { range "1..8000"; } description "Identifier of this connection profile"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list qtag-range { key "start"; max-elements 32; description "Enter the qtag-range list instance"; leaf start { type int32 { range "1..4094"; } description "Specifies the start vlan range of this connection profile."; } leaf end { type int32 { range "1..4094"; } sros-ext:immutable; description "Specifies the end vlan range of this connection profile."; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list qtag-range } // list vlan } // container connection-profile container eth-cfm { description "Enter the eth-cfm context"; leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list domain { key "md-admin-name"; description "Enter the domain list instance"; leaf md-admin-name { type types-eth-cfm:admin-name; description "Unique domain name"; } leaf level { type types-eth-cfm:mp-level; sros-ext:immutable; mandatory true; description "Maintenance Domain Level (MD Level)"; } leaf md-index { type uint32 { range "1..max"; } sros-ext:immutable; description "The index of the Maintenance Domain (MD)"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice md-name { mandatory true; case dns { leaf dns { type string { length "1..43"; } sros-ext:immutable; description "Domain name like text string derived from a DNS name"; } } case mac { leaf mac { type string { length "13..23"; pattern "[0-9a-fA-F]{1,2}(:[0-9a-fA-F]{1,2}){5}-[0-9]{1,5}"; } sros-ext:immutable; description "Maintenance domain MAC name"; } } case name { leaf name { type string { length "1..43"; } sros-ext:immutable; description "Maintenance domain name as an ASCII string"; } } case format { leaf format { type enumeration { enum "none" { value 0; } } sros-ext:immutable; description "Maintenance domain name not to be provided"; } } } list association { key "ma-admin-name"; description "Enter the association list instance"; leaf ma-admin-name { type types-eth-cfm:admin-name; description "Unique domain association name"; } leaf ma-index { type uint32 { range "1..max"; } sros-ext:immutable; description "The index to the Maintenance Association (MA) table."; } leaf ccm-interval { type types-eth-cfm:ccm-interval-type; description "CCM transmission interval for all MEPs in the association"; } leaf auto-mep-discovery { type boolean; default "false"; description "Enable the ability to auto-discover remote MEPs in the network"; } leaf facility-id-permission { type types-eth-cfm:facility-id-permission-type; default "none"; description "Sender ID TLV information for facility base MEPs"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice ma-name { mandatory true; description "The Maintenance Domain Association name It is the part of the Maintenance Association Identifier which is unique within the Maintenance Domain Name and is appended to the Maintenance Domain Name to form the Maintenance Association Identifier (MAID)."; case icc-based { leaf icc-based { type string { length "8..13"; } sros-ext:immutable; description "Format type applicable to Y.1731 context of the maintenance association"; } } case integer { leaf integer { type uint32 { range "0..65535"; } sros-ext:immutable; description "Format type of the maintenance association"; } } case string { leaf string { type string { length "1..45"; } sros-ext:immutable; description "Format type for the string of the maintenance association"; } } case vid { leaf vid { type uint32 { range "0..4094"; } sros-ext:immutable; description "Primary VLAN ID"; } } case vpn-id { leaf vpn-id { type string { length "0..15"; pattern "[0-9A-F]{6}(:[0-9A-F]{8})"; } sros-ext:immutable; description "Primary VPN ID"; } } } container ccm-hold-time { description "Enter the ccm-hold-time context"; leaf down { when "../../ccm-interval = '10ms' or ../../ccm-interval = '100ms'"; type uint32 { range "1..1000"; } units "centiseconds"; description "Additional time before a MEP declares a fault, in CCM timeout conditions"; } } // container ccm-hold-time list bridge-identifier { key "bridge-name"; max-elements 1; description "Enter the bridge-identifier list instance"; leaf bridge-name { type types-services:service-name; description "Bridge name for this association"; } leaf vlan { type int32 { range "1..4094"; } description "VLAN ID for the default domain index"; } leaf mhf-creation { type types-eth-cfm:tmnx-mhf-creation-type; default "none"; description "MIP method of creation"; } leaf id-permission { type types-eth-cfm:facility-id-permission-type; default "none"; description "Sender ID TLV information to include for installed MEPs and MIPs"; } leaf mip-ltr-priority { type types-eth-cfm:frame-priority; default "7"; description "Priority of the Linktrace Response Message (ETH-LTR) from a MIP"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list bridge-identifier list remote-mep { key "mep-id"; description "Enter the remote-mep list instance"; leaf mep-id { type types-eth-cfm:mep-id-type; description "Remote MEP ID"; } leaf remote-mac { type types-sros:mac-unicast-address-no-zero; description "Remote MAC Address for transmitting CFM packets to remote MEPs"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list remote-mep } // list association } // list domain } // container eth-cfm container filter { description "Enter the filter context"; leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list redirect-policy { key "redirect-policy-name"; description "Enter the redirect-policy list instance"; leaf redirect-policy-name { type types-sros:named-item; description "Redirect policy name"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the policy"; } leaf description { type types-sros:description; description "Text description"; } leaf router-instance { type string; description "Routing context to use for route lookup"; } leaf sticky-dest { type types-filter:filter-sticky-dest; units "seconds"; description "Time required by system before applying the current best destination as active destination"; } leaf notify-dest-change { type boolean; default "false"; description "The value of the object indicates whether to send tFilterRPActiveDestChangeEvent notification for this redirect policy active destination changes."; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list destination { key "destination-address"; description "Enter the destination list instance"; leaf destination-address { type types-sros:ip-unicast-address; description "IP address and type of destination"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the destination"; } leaf description { type types-sros:description; description "Text description"; } leaf priority { type uint32 { range "1..255"; } default "100"; description "Priority for this destination"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container ping-test { presence "Ping-test configuration."; sros-ext:auto-restart-to-modify; description "Enter the ping-test context"; leaf source-address { type types-sros:ip-address; description "Source address to use in the IP packet of the ping test"; } leaf interval { type uint32 { range "1..60"; } units "seconds"; default "1"; description "Time between consecutive requests which are sent to the far end host"; } leaf timeout { type uint32 { range "1..60"; } units "seconds"; default "1"; description "Time required to receive a response from the far end host"; } leaf drop-count { type uint32 { range "1..60"; } default "3"; description "Number of consecutive requests that fail before destination is declared unreachable"; } leaf hold-down { type uint32 { range "0..86400"; } units "seconds"; default "0"; description "Time for the system to be held down if this test has marked it unreachable"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // container ping-test container unicast-rt-test { presence "Unicast-rt-test configuration."; description "Add a list entry for unicast-rt-test"; } // container unicast-rt-test } // list destination } // list redirect-policy list redirect-policy-binding { key "binding-name"; max-elements 16; description "Enter the redirect-policy-binding list instance"; leaf binding-name { type types-sros:named-item; description "Binding name"; } leaf binding-operator { type types-filter:filter-binding-operator; default "and"; description "The value of the this object indicates the logical operator to use when combining result of different destinations' tests."; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list redirect-policy { key "redirect-policy-name"; description "Enter the redirect-policy list instance"; leaf redirect-policy-name { type leafref { path "../../../redirect-policy/redirect-policy-name"; } description "The redirect-policy identifier."; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list destination { key "destination-address"; min-elements 1; description "Add a list entry for destination"; leaf destination-address { type leafref { path "../../../../redirect-policy[redirect-policy-name=current()/../../redirect-policy-name]/destination/destination-address"; } description "IP address of redirect policy destination to binding"; } } // list destination } // list redirect-policy } // list redirect-policy-binding list log { key "log-id"; description "Enter the log list instance"; leaf log-id { type types-filter:filter-log-id; description "Filter log identifier"; } leaf description { type types-sros:description-or-empty; description "Text description"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of filter logging"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container destination { description "Enter the destination context"; choice destination { default "memory"; case memory { container memory { description "Enter the memory context"; leaf max-entries { type uint32 { range "1..50000"; } default "1000"; description "Maximum number of memory entries that the log can store"; } leaf stop-on-full { type boolean; default "false"; description "Stop logging when maximum number of memory entries is reached or wrap-around is used"; } } // container memory } case syslog { container syslog { description "Enter the syslog context"; leaf syslog-id { type leafref { path "../../../../../log/syslog/syslog-id"; } description "ID of the Syslog server definition for filter logs"; } container summary { description "Enter the summary context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the summarization of filter log entries"; } leaf summary-crit { type types-filter:filter-log-summary-criterion; default "src-addr"; description "Summary for filter log entries"; } } // container summary } // container syslog } } } // container destination } // list log container match-list { description "Enter the match-list context"; leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list ip-prefix-list { key "prefix-list-name"; description "Enter the ip-prefix-list list instance"; leaf prefix-list-name { type types-sros:named-item; description "Prefix list name that is used for this prefix list"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container apply-path { description "Enter the apply-path context"; list bgp-peers { key "criterion-index"; description "Enter the bgp-peers list instance"; leaf criterion-index { type uint32 { range "1..255"; } description "Value of the enumerating BGP peers autogeneration configuration within list"; } leaf group { type types-sros:regular-expression-not-all-spaces; sros-ext:immutable; mandatory true; description "Regular expression to match against the base router BGP instance group configuration"; } leaf neighbor { type types-sros:regular-expression-not-all-spaces; sros-ext:immutable; mandatory true; description "Regular expression to match against the base router BGP instance neighbor configuration"; } leaf router-instance { type string; sros-ext:immutable; default "Base"; description "Target routing instance"; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list bgp-peers } // container apply-path list prefix { key "ip-prefix"; max-elements 8192; description "Add a list entry for prefix"; leaf ip-prefix { type types-sros:ipv4-prefix; description "IPv4 prefix to be added to the prefix list"; } } // list prefix list prefix-exclude { key "ip-prefix"; max-elements 512; description "Add a list entry for prefix-exclude"; leaf ip-prefix { type types-sros:ipv4-prefix; description "IPv4 prefix to be added to the prefix list"; } } // list prefix-exclude } // list ip-prefix-list list ipv6-prefix-list { key "prefix-list-name"; description "Enter the ipv6-prefix-list list instance"; leaf prefix-list-name { type types-sros:named-item; description "Prefix list name that is used for this prefix list"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container apply-path { description "Enter the apply-path context"; list bgp-peers { key "criterion-index"; description "Enter the bgp-peers list instance"; leaf criterion-index { type uint32 { range "1..255"; } description "Value of the enumerating BGP peers autogeneration configuration within list"; } leaf group { type types-sros:regular-expression-not-all-spaces; sros-ext:immutable; mandatory true; description "Regular expression to match against the base router BGP instance group configuration"; } leaf neighbor { type types-sros:regular-expression-not-all-spaces; sros-ext:immutable; mandatory true; description "Regular expression to match against the base router BGP instance neighbor configuration"; } leaf router-instance { type string; sros-ext:immutable; default "Base"; description "Target routing instance"; } leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list bgp-peers } // container apply-path list prefix { key "ipv6-prefix"; max-elements 8192; description "Add a list entry for prefix"; leaf ipv6-prefix { type types-sros:ipv6-prefix; description "Add IPv6 prefix to the list."; } } // list prefix list prefix-exclude { key "ipv6-prefix"; max-elements 512; description "Add a list entry for prefix-exclude"; leaf ipv6-prefix { type types-sros:ipv6-prefix; description "Add IPv6 prefix to the list."; } } // list prefix-exclude } // list ipv6-prefix-list list port-list { key "port-list-name"; max-elements 1024; description "Enter the port-list list instance"; leaf port-list-name { type types-sros:named-item; description "Port list name"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list port { key "value"; description "Add a list entry for port"; leaf value { type int32 { range "0..65535"; } description "Port value"; } } // list port list range { key "start end"; description "Add a list entry for range"; leaf start { type int32 { range "0..65534"; } description "Highest value for TCP/UDP port range"; } leaf end { type int32 { range "1..65535"; } description "Highest value for TCP/UDP port range"; } } // list range } // list port-list } // container match-list list ip-filter { key "filter-name"; description "Enter the ip-filter list instance"; leaf filter-name { type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } description "Name of the object to associate"; } leaf default-action { type types-filter:filter-default-action; default "drop"; description "Action for packets that do not match any entry"; } leaf description { type types-sros:description; description "Text description"; } leaf scope { type types-filter:filter-scope; sros-ext:immutable; default "template"; description "Scope of this filter definition"; } leaf type { type enumeration { enum "normal" { value 0; } enum "src-mac" { value 1; } enum "packet-length" { value 2; } } default "normal"; description "Filter policy type"; } leaf chain-to-system-filter { type boolean; default "false"; description "Chain filter policy to the active IPvX system filter policy"; } leaf filter-id { type types-filter:filter-id; sros-ext:immutable; description "IP filter ID"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container subscriber-mgmt { description "Enter the subscriber-mgmt context"; container host-specific-entry { description "Enter the host-specific-entry context"; container filter-rule { description "Enter the filter-rule context"; container range { presence "Exclusive range for DIAMETER or RADIUS filter rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; mandatory true; description "Lower bound of range for subscriber host filter-rule entries from RADIUS/Diameter"; } leaf end { type types-filter:entry-id; mandatory true; description "Upper bound of range for filter-rule entries from RADIUS/Diameter"; } } // container range } // container filter-rule container credit-control { description "Enter the credit-control context"; container range { presence "Exclusive range for credit-control entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; mandatory true; description "Lower bound of range for entries from Credit Control"; } leaf end { type types-filter:entry-id; mandatory true; description "Upper bound of range for entries from Credit Control"; } } // container range } // container credit-control container watermark { description "Enter the watermark context"; leaf low { type int32 { range "0..100"; } default "90"; description "Low watermark for host-specific entries, to clear a table full alarm"; } leaf high { type int32 { range "0..100"; } default "95"; description "High watermark for host-specific entries, to raise a table full alarm"; } } // container watermark } // container host-specific-entry container shared-entry { description "Enter the shared-entry context"; container filter-rule { description "Enter the filter-rule context"; container range { presence "Exclusive range for DIAMETER or RADIUS shared filter rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; mandatory true; description "Lower bound of range for shared filter-rules from RADIUS"; } leaf end { type types-filter:entry-id; mandatory true; description "Upper bound of range for shared-filter rules from RADIUS"; } } // container range } // container filter-rule container pcc-rule { description "Enter the pcc-rule context"; container range { presence "Exclusive range for PCC rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; mandatory true; description "Lower bound of range for pcc-rule filter entries from Diameter"; } leaf end { type types-filter:entry-id; mandatory true; description "Upper bound of range for pcc-rule filter entries from Diameter"; } } // container range } // container pcc-rule container watermark { presence "Alarm will be raised by the system when number of filters created by subscriber management shared entries oversteps specified boundaries."; description "Enter the watermark context"; leaf low { type int32 { range "0..7999"; } mandatory true; description "Limit of RADIUS or Diameter shared filters before clearing high watermark notification"; } leaf high { type int32 { range "1..8000"; } mandatory true; description "Limit of RADIUS shared filters before generating high watermark notification"; } } // container watermark } // container shared-entry } // container subscriber-mgmt list entry { key "entry-id"; description "Enter the entry list instance"; leaf entry-id { type types-filter:entry-id; description "Secondary index for this entry"; } leaf description { type types-sros:description; description "Text description"; } leaf log { type leafref { path "../../../log/log-id"; } description "Log that is used for packets matching this entry"; } leaf pbr-down-action-override { type types-filter:filter-pbr-down-action-ovr; description "Action when PBR or PBF target for this entry is not available"; } leaf sticky-dest { type types-filter:filter-sticky-dest; units "seconds"; description "Time before action with available PBR or PBF destination and highest priority"; } leaf egress-pbr { type types-filter:filter-egress-pbr; sros-ext:immutable; description "PBR that has an effect when this filter is applied on egress"; } leaf filter-sample { type boolean; default "false"; description "Sample matching traffic if IP interface is set to cflowd ACL mode"; } leaf interface-sample { type boolean; default "true"; description "Sample matching traffic if IP interface is set to cflowd interface mode"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container match { description "Enter the match context"; leaf protocol { type types-sros:ipv4-match-protocol; description "IP protocol used as an IP filter match criterion"; } leaf dscp { type types-qos:dscp-name; description "DSCP used as an IP filter match criterion"; } leaf fragment { type enumeration { enum "false" { value 2; } enum "true" { value 3; } enum "first-only" { value 4; } enum "non-first-only" { value 5; } } description "Match criterion for fragmented packets"; } leaf multiple-option { type boolean; description "Match based on presence of multiple options in header"; } leaf option-present { type boolean; description "Match on the presence of any IP option in the packet"; } leaf src-route-option { type boolean; description "Match based on presence of source route option"; } choice port-selector { case src-dst-port { container src-port { description "Enter the src-port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } mandatory true; description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } mandatory true; description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type leafref { path "../../../../../match-list/port-list/port-list-name"; } description "Parameter port-list as match criterion"; } } } } // container src-port container dst-port { description "Enter the dst-port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } mandatory true; description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } mandatory true; description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type leafref { path "../../../../../match-list/port-list/port-list-name"; } description "Parameter port-list as match criterion"; } } } } // container dst-port } case port { container port { description "Enter the port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } mandatory true; description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } mandatory true; description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type leafref { path "../../../../../match-list/port-list/port-list-name"; } description "Parameter port-list as match criterion"; } } } } // container port } } container ip-option { presence "Enable matching the specified option value in the first option of the IPv4 packet."; description "Enter the ip-option context"; leaf type { type types-filter:filter-match-ip-option; mandatory true; description "Specific IP option to match"; } leaf mask { type types-filter:filter-match-ip-option { range "1..255"; } default "255"; description "Mask that is ANDed with ip-option value in the packet header"; } } // container ip-option container src-ip { description "Enter the src-ip context"; choice match-address-choice { case address-and-prefix-or-mask { leaf address { type union { type types-sros:ipv4-address; type types-sros:ipv4-prefix-with-host-bits; } description "IP address to match"; } leaf mask { type types-sros:ipv4-address; description "Mask as an AND to the IP address"; } } case ip-prefix-list { leaf ip-prefix-list { type leafref { path "../../../../../match-list/ip-prefix-list/prefix-list-name"; } description "IP prefix list as match criterion for IP address"; } } } } // container src-ip container dst-ip { description "Enter the dst-ip context"; choice match-address-choice { case address-and-prefix-or-mask { leaf address { type union { type types-sros:ipv4-address; type types-sros:ipv4-prefix-with-host-bits; } description "IP address to match"; } leaf mask { type types-sros:ipv4-address; description "Mask as an AND to the IP address"; } } case ip-prefix-list { leaf ip-prefix-list { type leafref { path "../../../../../match-list/ip-prefix-list/prefix-list-name"; } description "IP prefix list as match criterion for IP address"; } } } } // container dst-ip container src-mac { presence "Enable source MAC address match criteria."; description "Enter the src-mac context"; leaf address { type yang:mac-address; mandatory true; description "MAC address used as MAC filter match criterion"; } leaf mask { type yang:mac-address; default "ff:ff:ff:ff:ff:ff"; description "MAC address mask"; } } // container src-mac container icmp { description "Enter the icmp context"; choice icmp-code { case code { leaf code { type types-filter:ipv4-match-icmp-codes; description "ICMP code value to match"; } } } choice icmp-type { case type { leaf type { type types-filter:ipv4-match-icmp-types; description "ICMP type value to match"; } } } } // container icmp container tcp-flags { description "Enter the tcp-flags context"; leaf ack { type boolean; description "Match TCP ACK as per value of the ACK TCP flag bit"; } leaf syn { type boolean; description "Match TCP SYN as per value of the SYN TCP flag bit"; } leaf fin { type boolean; description "Match TCP FIN as per value of the FIN TCP flag bit"; } leaf rst { type boolean; description "Match TCP RST as per value of the RST TCP flag bit"; } leaf psh { type boolean; description "Match TCP PSH as per value of the PSH TCP flag bit"; } leaf urg { type boolean; description "Match TCP URG as per value of the URG TCP flag bit"; } leaf ece { type boolean; description "Match TCP ECE as per value of the ECE TCP flag bit"; } leaf cwr { type boolean; description "Match TCP CWR as per value of the CWR TCP flag bit"; } leaf ns { type boolean; description "Match TCP NS as per value of the NS TCP flag bit"; } } // container tcp-flags container packet-length { presence "Enable packet length match criteria."; description "Enter the packet-length context"; choice packet-length { mandatory true; case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of packet-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; mandatory true; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; mandatory true; description "Upper bound of the range"; } } // container range } } } // container packet-length } // container match container action { presence "Action to be taken on a packet matching the IP filter entry match criteria."; description "Enter the action context"; leaf fc { type types-sros:fc-name; description "Class name to be forwarded for matching packets"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice action { mandatory true; case ignore-match { leaf ignore-match { type empty; description "Ignore match criteria for the entry"; } } case drop { leaf drop { type empty; description "Drop a packet matching this entry"; } } case forward { container forward { description "Enter the forward context"; choice forward-action { case bonding-connection { leaf bonding-connection { type types-submgt:bonding-connection-index; description "Connection ID over which packet is forwarded"; } } case esi-l2 { container esi-l2 { presence "A packet matching the entry will be forwarded to ESI identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel in the specified VPLS service."; description "Enter the esi-l2 context"; leaf esi-value { type types-services:ethernet-segment-id; mandatory true; description "ID of first ESI identified appliance in Nuage service chain"; } leaf vpls { type leafref { path "../../../../../../../service/vpls/service-name"; } mandatory true; description "Specifies the identifier of the VPLS used for VPN/DC connectivity."; } } // container esi-l2 } case esi-l3 { container esi-l3 { presence "A packet matching the entry will be forwarded to ESI/SF-IP identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel over the configured VAS interface in the specified VPRN service."; description "Enter the esi-l3 context"; leaf sf-ip { type types-sros:ipv4-address; sros-ext:immutable; mandatory true; description "IP address of the service function to forward traffic"; } leaf esi-value { type types-services:ethernet-segment-id; sros-ext:immutable; mandatory true; description "Specifies the ethernet segment identifier (ESI) of the first ESI identified appliance in Nuage service chain."; } leaf vas-interface { type leafref { path "../../../../../../../service/vprn[service-name=current()/../vprn]/interface/interface-name"; } sros-ext:immutable; mandatory true; description "VRI index of VPRN RVPLS interface for VPN DC connectivity"; } leaf vprn { type leafref { path "../../../../../../../service/vprn/service-name"; } sros-ext:immutable; mandatory true; description "Routing context for lookup to derive VPRN service label"; } } // container esi-l3 } case router { leaf router-instance { type string; sros-ext:immutable; description "Specifies the routing context used for route lookup."; } } case next-hop { container next-hop { presence "A packet matching the entry will be forwarded using the specified next-hop."; description "Enter the next-hop context"; choice next-hop { mandatory true; case nh-ip { container nh-ip { presence "A packet matching the entry will be forwarded in the routing context of the incoming interface using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf address { type types-sros:ipv4-address; sros-ext:immutable; mandatory true; description "IPv4 address of next hop to forward matching packets"; } } // container nh-ip } case nh-interface { leaf interface-name { type types-sros:named-item; description "Local interface that forwards the packet matchin this entry"; } } case nh-ip-vrf { container nh-ip-vrf { presence "A packet matching the entry will be forwarded in the specified routing context using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip-vrf context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf router-instance { type string; sros-ext:immutable; mandatory true; description "Routing context for route lookup for forwarding packets"; } leaf address { type types-sros:ipv4-address; sros-ext:immutable; mandatory true; description "IPv4 address of next hop to forward matching packets"; } } // container nh-ip-vrf } } } // container next-hop } case lsp { leaf lsp { type types-sros:named-item-64; description "LSP that is specified to forward a packet matching this entry"; } } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type leafref { path "../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; mandatory true; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type leafref { path "../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS associated with the SAP"; } leaf sap-id { type leafref { path "../../../../../../../service/vpls[service-name=current()/../vpls]/sap/sap-id"; } mandatory true; description "VPLS Ethernet SAP ID used to forward matching packets"; } } // container sap } case redirect-policy { leaf redirect-policy { type leafref { path "../../../../../redirect-policy/redirect-policy-name"; } sros-ext:immutable; description "Next hop or forward next hop router that forwards a packet that matches this entry"; } } case vprn-target { container vprn-target { presence "A packet matching the filter entry will be forwarded using specified tunnel."; description "Enter the vprn-target context"; leaf bgp-nh { type types-sros:ipv4-address; mandatory true; description "Target BGP next hop IP address"; } leaf vprn { type leafref { path "../../../../../../../service/vprn/service-name"; } mandatory true; description "Routing context used for route lookup"; } leaf lsp { type types-sros:named-item-64; description "LSP that is specified to forward a packet matching this entry"; } leaf adv-prefix { type types-sros:ipv4-prefix; description "Advertised IP prefix for target destination"; } } // container vprn-target } case gre-tunnel { leaf gre-tunnel { type leafref { path "../../../../../gre-tunnel-template/gre-tunnel-template-name"; } description "GRE tunnel template ID that sets the location where an encapsulated matching packet is transported"; } } case mpls-policy { container mpls-policy { presence "ipv4-filter entry action forward mpls-policy"; description "Enter the mpls-policy context"; leaf endpoint { type types-sros:ipv4-unicast-address; mandatory true; description "The MPLS forwarding policy endpoint IPv4 address"; } } // container mpls-policy } case srte-policy { container srte-policy { presence "ipv4-filter entry action forward srte-policy"; description "Enter the srte-policy context"; leaf endpoint { type types-sros:ipv4-unicast-or-zero-address; mandatory true; description "The SR-TE policy endpoint IPv4 address"; } leaf color { type int64 { range "0..4294967295"; } mandatory true; description "The SR-TE policy color value"; } } // container srte-policy } } } // container forward } case http-redirect { container http-redirect { presence "An HTTP GET packet matching the entry is forwarded to CPM for HTTP captive portal processing."; description "Enter the http-redirect context"; leaf url { type types-sros:http-redirect-url; sros-ext:immutable; mandatory true; description "URL that is used for redirecting"; } leaf allow-override { type boolean; default "false"; description "Override http-redirect by a RADIUS VSA"; } } // container http-redirect } case nat { container nat { presence "A packet matching the entry will be forwarded to NAT."; description "Enter the nat context"; leaf nat-policy { type leafref { path "../../../../../../service/nat/nat-policy/name"; } sros-ext:isa-auto-clear-on-modify; description "NAT policy name when action is NAT"; } } // container nat } case reassemble { leaf reassemble { type empty; description "Forward matching packets to reassembly function"; } } case gtp-local-breakout { leaf gtp-local-breakout { type empty; description "Break out matching traffic locally from a GTP tunnel for GTP-subscriber-hosts, or forward for other entities"; } } case tcp-mss-adjust { leaf tcp-mss-adjust { type empty; description "Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context"; } } case accept { leaf accept { type empty; description "Accept regular routing to forward a packet that matches this entry"; } } } container remark { presence "DSCP value of packets matching the entry will be remarked."; description "Enter the remark context"; leaf dscp { type types-qos:dscp-name; mandatory true; description "Destination SAP"; } } // container remark container rate-limit { presence "Packet rate of packets matching the entry will be limited to value specified by pir."; description "Enter the rate-limit context"; leaf pir { type types-filter:rate-limit; units "kilobps"; mandatory true; description "Peak information rate"; } choice criterion-1 { case ttl { container ttl { presence "A packet matching the entry will be subjected to the configured action only if 'Time-to-live' field of packet's IPv4 header meets the configured condition."; description "Enter the ttl context"; choice ttl { mandatory true; case eq { leaf eq { type types-filter:ttl-or-hop-limit-value; description "Value to compare against 'equal' condition for entry match criteria"; } } case lt { leaf lt { type types-filter:ttl-or-hop-limit-lt-value; description "Value to compare against 'less than' condition for entry match criteria"; } } case gt { leaf gt { type types-filter:ttl-or-hop-limit-gt-value; description "Value to compare against 'greater than' condition for entry match criteria"; } } case range { container range { presence "Range of ttl values."; description "Enter the range context"; leaf start { type types-filter:ttl-or-hop-limit-gt-value; mandatory true; description "Lower bound value"; } leaf end { type types-filter:ttl-or-hop-limit-lt-value; mandatory true; description "Upper bound value"; } } // container range } } } // container ttl } case packet-length { container packet-length { presence "A packet matching the entry will be dropped only if 'Total Length' field of packet's IPv4 header meets the configured condition."; description "Enter the packet-length context"; choice packet-length { mandatory true; case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of packet-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; mandatory true; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; mandatory true; description "Upper bound of the range"; } } // container range } } } // container packet-length } } container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } mandatory true; description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } mandatory true; description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } mandatory true; description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } mandatory true; description "Offset value for the pattern expression"; } } // container pattern } // container rate-limit container drop-when { presence "Packets which meet the specified condition will be dropped."; description "Enter the drop-when context"; choice criterion-1 { case ttl { container ttl { presence "A packet matching the entry will be subjected to the configured action only if 'Time-to-live' field of packet's IPv4 header meets the configured condition."; description "Enter the ttl context"; choice ttl { mandatory true; case eq { leaf eq { type types-filter:ttl-or-hop-limit-value; description "Value to compare against 'equal' condition for entry match criteria"; } } case lt { leaf lt { type types-filter:ttl-or-hop-limit-lt-value; description "Value to compare against 'less than' condition for entry match criteria"; } } case gt { leaf gt { type types-filter:ttl-or-hop-limit-gt-value; description "Value to compare against 'greater than' condition for entry match criteria"; } } case range { container range { presence "Range of ttl values."; description "Enter the range context"; leaf start { type types-filter:ttl-or-hop-limit-gt-value; mandatory true; description "Lower bound value"; } leaf end { type types-filter:ttl-or-hop-limit-lt-value; mandatory true; description "Upper bound value"; } } // container range } } } // container ttl } case packet-length { container packet-length { presence "A packet matching the entry will be dropped only if 'Total Length' field of packet's IPv4 header meets the configured condition."; description "Enter the packet-length context"; choice packet-length { mandatory true; case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of packet-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; mandatory true; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; mandatory true; description "Upper bound of the range"; } } // container range } } } // container packet-length } } choice criterion-2 { case extracted-traffic { leaf extracted-traffic { type empty; description "Drop traffic extracted to CPM"; } } } container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } mandatory true; description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } mandatory true; description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } mandatory true; description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } mandatory true; description "Offset value for the pattern expression"; } } // container pattern } // container drop-when container accept-when { presence "Packets which meet the specified condition will be accepted."; description "Enter the accept-when context"; container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } mandatory true; description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } mandatory true; description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } mandatory true; description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } mandatory true; description "Offset value for the pattern expression"; } } // container pattern } // container accept-when container secondary { presence "Secondary (backup) action to be taken on a packet matching the filter entry."; description "Enter the secondary context"; leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice action { mandatory true; case forward { container forward { description "Enter the forward context"; choice forward-action { case next-hop { container next-hop { presence "A packet matching the entry will be forwarded using the specified next-hop."; description "Enter the next-hop context"; choice next-hop { mandatory true; case nh-ip-vrf { container nh-ip-vrf { presence "A packet matching the entry will be forwarded in the specified routing context using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip-vrf context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf router-instance { type string; sros-ext:immutable; mandatory true; description "Routing context for route lookup for forwarding packets"; } leaf address { type types-sros:ipv4-address; sros-ext:immutable; mandatory true; description "IPv4 address of next hop to forward matching packets"; } } // container nh-ip-vrf } } } // container next-hop } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type leafref { path "../../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; sros-ext:immutable; mandatory true; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type leafref { path "../../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS the sdp-bind-id belongs to"; } leaf sap-id { type leafref { path "../../../../../../../../service/vpls[service-name=current()/../vpls]/sap/sap-id"; } sros-ext:immutable; mandatory true; description "A packet matching the entry will be forwarded using the specified SAP"; } } // container sap } } } // container forward } } container remark { presence "DSCP value of packets matching the entry will be remarked."; description "Enter the remark context"; leaf dscp { type types-qos:dscp-name; mandatory true; description "Destination SAP"; } } // container remark } // container secondary } // container action } // list entry container embed { description "Enter the embed context"; list filter { key "name offset"; description "Enter the filter list instance"; leaf name { type leafref { path "../../../filter-name"; } description "ID of the filter to insert"; } leaf offset { type types-filter:embed-offset { range "0..2097150"; } description "Offset of the inserted entries"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list filter list flowspec { key "offset"; description "Enter the flowspec list instance"; leaf offset { type types-filter:embed-offset; description "Offset of the inserted entries"; } leaf group { type uint32 { range "0..16383"; } sros-ext:immutable; description "Interface group ID for an external configured set of flowspec rules"; } leaf router-instance { type string; sros-ext:immutable; mandatory true; description "Virtual router for an external configured set of flowspec rules"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list flowspec list openflow { key "of-switch offset"; description "Enter the openflow list instance"; leaf of-switch { type leafref { path "../../../../../openflow/of-switch/name"; } description "Openflow switch which contains the flowtable to be inserted in the parent filter"; } leaf offset { type types-filter:embed-offset { range "0..2097150"; } description "Offset of the inserted entries"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice context { default "grt"; description "Specifies the context in which the openflow embedding is inserted into filter. When no context is present, this object is set to grt value."; case grt { leaf grt { type empty; sros-ext:immutable; description "Global routing context"; } } case system { leaf system { type empty; sros-ext:immutable; description "System context"; } } case vprn { leaf vprn { type leafref { path "../../../../../service/vprn/service-name"; } sros-ext:immutable; description "VPRN context"; } } case vpls { leaf vpls { type leafref { path "../../../../../service/vpls/service-name"; } sros-ext:immutable; description "VPLS context"; } leaf sap { type leafref { path "../../../../../service/vpls[service-name=current()/../vpls]/sap/sap-id"; } sros-ext:immutable; description "SAP context"; } } } } // list openflow } // container embed } // list ip-filter list ipv6-filter { key "filter-name"; description "Enter the ipv6-filter list instance"; leaf filter-name { type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } description "Name of the object to associate"; } leaf default-action { type types-filter:filter-default-action; default "drop"; description "Action for packets that do not match any entry"; } leaf description { type types-sros:description; description "Text description"; } leaf scope { type types-filter:filter-scope; sros-ext:immutable; default "template"; description "Scope of this filter definition"; } leaf type { type enumeration { enum "normal" { value 0; } enum "src-mac" { value 1; } enum "packet-length" { value 2; } } default "normal"; description "Filter policy type"; } leaf chain-to-system-filter { type boolean; default "false"; description "Chain filter policy to the active IPvX system filter policy"; } leaf filter-id { type types-filter:filter-id; sros-ext:immutable; description "IPv6 filter identifier"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container subscriber-mgmt { description "Enter the subscriber-mgmt context"; container host-specific-entry { description "Enter the host-specific-entry context"; container filter-rule { description "Enter the filter-rule context"; container range { presence "Exclusive range for DIAMETER or RADIUS filter rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; mandatory true; description "Lower bound of range for subscriber host filter-rule entries from RADIUS/Diameter"; } leaf end { type types-filter:entry-id; mandatory true; description "Upper bound of range for filter-rule entries from RADIUS/Diameter"; } } // container range } // container filter-rule container credit-control { description "Enter the credit-control context"; container range { presence "Exclusive range for credit-control entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; mandatory true; description "Lower bound of range for entries from Credit Control"; } leaf end { type types-filter:entry-id; mandatory true; description "Upper bound of range for entries from Credit Control"; } } // container range } // container credit-control container watermark { description "Enter the watermark context"; leaf low { type int32 { range "0..100"; } default "90"; description "Low watermark for host-specific entries, to clear a table full alarm"; } leaf high { type int32 { range "0..100"; } default "95"; description "High watermark for host-specific entries, to raise a table full alarm"; } } // container watermark } // container host-specific-entry container shared-entry { description "Enter the shared-entry context"; container filter-rule { description "Enter the filter-rule context"; container range { presence "Exclusive range for DIAMETER or RADIUS shared filter rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; mandatory true; description "Lower bound of range for shared filter-rules from RADIUS"; } leaf end { type types-filter:entry-id; mandatory true; description "Upper bound of range for shared-filter rules from RADIUS"; } } // container range } // container filter-rule container pcc-rule { description "Enter the pcc-rule context"; container range { presence "Exclusive range for PCC rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; mandatory true; description "Lower bound of range for pcc-rule filter entries from Diameter"; } leaf end { type types-filter:entry-id; mandatory true; description "Upper bound of range for pcc-rule filter entries from Diameter"; } } // container range } // container pcc-rule container watermark { presence "Alarm will be raised by the system when number of filters created by subscriber management shared entries oversteps specified boundaries."; description "Enter the watermark context"; leaf low { type int32 { range "0..7999"; } mandatory true; description "Limit of RADIUS or Diameter shared filters before clearing high watermark notification"; } leaf high { type int32 { range "1..8000"; } mandatory true; description "Limit of RADIUS shared filters before generating high watermark notification"; } } // container watermark } // container shared-entry } // container subscriber-mgmt list entry { key "entry-id"; description "Enter the entry list instance"; leaf entry-id { type types-filter:entry-id; description "Secondary index for this entry"; } leaf description { type types-sros:description; description "Text description"; } leaf log { type leafref { path "../../../log/log-id"; } description "Log that is used for packets matching this entry"; } leaf pbr-down-action-override { type types-filter:filter-pbr-down-action-ovr; description "Action when PBR or PBF target for this entry is not available"; } leaf sticky-dest { type types-filter:filter-sticky-dest; units "seconds"; description "Time before action with available PBR or PBF destination and highest priority"; } leaf egress-pbr { type types-filter:filter-egress-pbr; sros-ext:immutable; description "PBR that has an effect when this filter is applied on egress"; } leaf filter-sample { type boolean; default "false"; description "Sample matching traffic if IP interface is set to cflowd ACL mode"; } leaf interface-sample { type boolean; default "true"; description "Sample matching traffic if IP interface is set to cflowd interface mode"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container match { description "Enter the match context"; leaf next-header { type types-sros:ipv6-match-protocol; description "IPv6 next header to match"; } leaf dscp { type types-qos:dscp-name; description "DSCP used as an IP filter match criterion"; } leaf fragment { type enumeration { enum "false" { value 2; } enum "true" { value 3; } enum "first-only" { value 4; } enum "non-first-only" { value 5; } } description "Match criterion for fragmented packages"; } choice port-selector { case src-dst-port { container src-port { description "Enter the src-port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } mandatory true; description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } mandatory true; description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type leafref { path "../../../../../match-list/port-list/port-list-name"; } description "Parameter port-list as match criterion"; } } } } // container src-port container dst-port { description "Enter the dst-port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } mandatory true; description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } mandatory true; description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type leafref { path "../../../../../match-list/port-list/port-list-name"; } description "Parameter port-list as match criterion"; } } } } // container dst-port } case port { container port { description "Enter the port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } mandatory true; description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } mandatory true; description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type leafref { path "../../../../../match-list/port-list/port-list-name"; } description "Parameter port-list as match criterion"; } } } } // container port } } container src-ip { description "Enter the src-ip context"; choice match-address-choice { case address-and-prefix-or-mask { leaf address { type union { type types-sros:ipv6-address; type types-sros:ipv6-prefix-with-host-bits; } description "IPv6 address used as a filter policy match criterion"; } leaf mask { type types-sros:ipv6-address; description "Mask as an AND to IPv6 address"; } } case ipv6-prefix-list { leaf ipv6-prefix-list { type leafref { path "../../../../../match-list/ipv6-prefix-list/prefix-list-name"; } description "IP prefix list as match criterion for IP address"; } } } } // container src-ip container dst-ip { description "Enter the dst-ip context"; choice match-address-choice { case address-and-prefix-or-mask { leaf address { type union { type types-sros:ipv6-address; type types-sros:ipv6-prefix-with-host-bits; } description "IPv6 address used as a filter policy match criterion"; } leaf mask { type types-sros:ipv6-address; description "Mask as an AND to IPv6 address"; } } case ipv6-prefix-list { leaf ipv6-prefix-list { type leafref { path "../../../../../match-list/ipv6-prefix-list/prefix-list-name"; } description "IP prefix list as match criterion for IP address"; } } } } // container dst-ip container src-mac { presence "Enable source MAC address match criteria."; description "Enter the src-mac context"; leaf address { type yang:mac-address; mandatory true; description "MAC address used as MAC filter match criterion"; } leaf mask { type yang:mac-address; default "ff:ff:ff:ff:ff:ff"; description "MAC address mask"; } } // container src-mac container extension-header { description "Enter the extension-header context"; leaf ah { type boolean; description "Match a packet as per the existence of an AH Extension Header"; } leaf esp { type boolean; description "Match a packet as per the existence of an Encapsulation security payload extension header"; } leaf hop-by-hop { type boolean; description "Match on Hop-by-Hop Options Extension Header existence"; } leaf routing-type0 { type boolean; description "Match a packet as per the existence of a routing Extension Header"; } } // container extension-header container flow-label { presence "Flow-label match criteria."; description "Enter the flow-label context"; leaf value { type types-filter:filter-match-flow-label; mandatory true; description "Flow label as match criterion"; } leaf mask { type types-filter:filter-match-flow-label { range "1..1048575"; } default "1048575"; description "Flow label mask for this policy IP filter entry"; } } // container flow-label container icmp { description "Enter the icmp context"; choice icmp-code { case code { leaf code { type types-filter:ipv6-match-icmp-codes; description "ICMPv6 code value to match"; } } } choice icmp-type { case type { leaf type { type types-filter:ipv6-match-icmp-types; description "ICMPv6 type value to match"; } } } } // container icmp container tcp-flags { description "Enter the tcp-flags context"; leaf ack { type boolean; description "Match TCP ACK as per value of the ACK TCP flag bit"; } leaf syn { type boolean; description "Match TCP SYN as per value of the SYN TCP flag bit"; } leaf fin { type boolean; description "Match TCP FIN as per value of the FIN TCP flag bit"; } leaf rst { type boolean; description "Match TCP RST as per value of the RST TCP flag bit"; } leaf psh { type boolean; description "Match TCP PSH as per value of the PSH TCP flag bit"; } leaf urg { type boolean; description "Match TCP URG as per value of the URG TCP flag bit"; } leaf ece { type boolean; description "Match TCP ECE as per value of the ECE TCP flag bit"; } leaf cwr { type boolean; description "Match TCP CWR as per value of the CWR TCP flag bit"; } leaf ns { type boolean; description "Match TCP NS as per value of the NS TCP flag bit"; } } // container tcp-flags container packet-length { presence "Enable packet length match criteria."; description "Enter the packet-length context"; choice packet-length { mandatory true; case eq { leaf eq { type types-filter:ipv6-match-packet-length-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:ipv6-match-packet-length-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:ipv6-match-packet-length-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of packet-length values."; description "Enter the range context"; leaf start { type types-filter:ipv6-match-packet-length-gt-value; mandatory true; description "Lower bound of the range"; } leaf end { type types-filter:ipv6-match-packet-length-lt-value; mandatory true; description "Upper bound of the range"; } } // container range } } } // container packet-length } // container match container action { presence "Action to be taken on a packet matching the IPv6 filter entry match criteria."; description "Enter the action context"; leaf fc { type types-sros:fc-name; description "Class name to be forwarded for matching packets"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice action { mandatory true; case ignore-match { leaf ignore-match { type empty; description "Ignore match criteria for the entry"; } } case drop { leaf drop { type empty; description "Drop a packet matching this entry"; } } case forward { container forward { description "Enter the forward context"; choice forward-action { case bonding-connection { leaf bonding-connection { type types-submgt:bonding-connection-index; description "Connection ID over which packet is forwarded"; } } case esi-l2 { container esi-l2 { presence "A packet matching the entry will be forwarded to ESI identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel in the specified VPLS service."; description "Enter the esi-l2 context"; leaf esi-value { type types-services:ethernet-segment-id; mandatory true; description "ID of first ESI identified appliance in Nuage service chain"; } leaf vpls { type leafref { path "../../../../../../../service/vpls/service-name"; } mandatory true; description "Specifies the identifier of the VPLS used for VPN/DC connectivity."; } } // container esi-l2 } case esi-l3 { container esi-l3 { presence "A packet matching the entry will be forwarded to ESI/SF-IP identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel over the configured VAS interface in the specified VPRN service."; description "Enter the esi-l3 context"; leaf sf-ip { type types-sros:ipv6-address; sros-ext:immutable; mandatory true; description "IP address of the service function to forward traffic"; } leaf esi-value { type types-services:ethernet-segment-id; sros-ext:immutable; mandatory true; description "Specifies the ethernet segment identifier (ESI) of the first ESI identified appliance in Nuage service chain."; } leaf vas-interface { type leafref { path "../../../../../../../service/vprn[service-name=current()/../vprn]/interface/interface-name"; } sros-ext:immutable; mandatory true; description "VRI index of VPRN RVPLS interface for VPN DC connectivity"; } leaf vprn { type leafref { path "../../../../../../../service/vprn/service-name"; } sros-ext:immutable; mandatory true; description "Routing context for lookup to derive VPRN service label"; } } // container esi-l3 } case router { leaf router-instance { type string; sros-ext:immutable; description "Specifies the routing context used for route lookup."; } } case next-hop { container next-hop { presence "A packet matching the entry will be forwarded using the specified next-hop."; description "Enter the next-hop context"; choice next-hop { mandatory true; case nh-ip { container nh-ip { presence "A packet matching the entry will be forwarded in the routing context of the incoming interface using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf address { type types-sros:ipv6-address; mandatory true; description "IPv6 address of next hop to forward matching packets"; } } // container nh-ip } case nh-ip-vrf { container nh-ip-vrf { presence "A packet matching the entry will be forwarded in the specified routing context using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip-vrf context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf router-instance { type string; sros-ext:immutable; mandatory true; description "Routing context for route lookup for forwarding packets"; } leaf address { type types-sros:ipv6-address; mandatory true; description "IPv6 address of next hop to forward matching packets"; } } // container nh-ip-vrf } } } // container next-hop } case lsp { leaf lsp { type types-sros:named-item-64; description "LSP that is specified to forward a packet matching this entry"; } } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type leafref { path "../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; mandatory true; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type leafref { path "../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS associated with the SAP"; } leaf sap-id { type leafref { path "../../../../../../../service/vpls[service-name=current()/../vpls]/sap/sap-id"; } mandatory true; description "VPLS Ethernet SAP ID used to forward matching packets"; } } // container sap } case redirect-policy { leaf redirect-policy { type leafref { path "../../../../../redirect-policy/redirect-policy-name"; } sros-ext:immutable; description "Next hop or forward next hop router that forwards a packet that matches this entry"; } } case vprn-target { container vprn-target { presence "A packet matching the filter entry will be forwarded using specified tunnel."; description "Enter the vprn-target context"; leaf bgp-nh { type types-sros:ipv4-address; mandatory true; description "Target BGP next hop IP address"; } leaf vprn { type leafref { path "../../../../../../../service/vprn/service-name"; } mandatory true; description "Routing context used for route lookup"; } leaf lsp { type types-sros:named-item-64; description "LSP that is specified to forward a packet matching this entry"; } leaf adv-prefix { type types-sros:ipv6-prefix; description "Advertised IP prefix for target destination"; } } // container vprn-target } case gre-tunnel { leaf gre-tunnel { type leafref { path "../../../../../gre-tunnel-template/gre-tunnel-template-name"; } description "GRE tunnel template ID that sets the location where an encapsulated matching packet is transported"; } } case mpls-policy { container mpls-policy { presence "ipv6-filter entry action forward mpls-policy"; description "Enter the mpls-policy context"; leaf endpoint { type types-sros:ipv6-unicast-address; mandatory true; description "The MPLS forwarding policy endpoint IPv6 address"; } } // container mpls-policy } case srte-policy { container srte-policy { presence "ipv6-filter entry action forward srte-policy"; description "Enter the srte-policy context"; leaf endpoint { type types-sros:ipv6-unicast-or-zero-address; mandatory true; description "The SR-TE policy endpoint IPv6 address"; } leaf color { type int64 { range "0..4294967295"; } mandatory true; description "The SR-TE policy color value"; } } // container srte-policy } } } // container forward } case http-redirect { container http-redirect { presence "An HTTP GET packet matching the entry is forwarded to CPM for HTTP captive portal processing."; description "Enter the http-redirect context"; leaf url { type types-sros:http-redirect-url; sros-ext:immutable; mandatory true; description "URL that is used for redirecting"; } leaf allow-override { type boolean; default "false"; description "Override http-redirect by a RADIUS VSA"; } } // container http-redirect } case nat { container nat { presence "A packet matching the entry will be forwarded to NAT."; description "Enter the nat context"; leaf nat-policy { type leafref { path "../../../../../../service/nat/nat-policy/name"; } sros-ext:isa-auto-clear-on-modify; description "NAT policy name when action is NAT"; } leaf nat-type { type types-filter:nat-type; sros-ext:isa-auto-clear-on-modify; mandatory true; description "NAT type to assign when action is NAT"; } } // container nat } case tcp-mss-adjust { leaf tcp-mss-adjust { type empty; description "Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context"; } } case accept { leaf accept { type empty; description "Accept regular routing to forward a packet that matches this entry"; } } } container remark { presence "DSCP value of packets matching the entry will be remarked."; description "Enter the remark context"; leaf dscp { type types-qos:dscp-name; mandatory true; description "Destination SAP"; } } // container remark container rate-limit { presence "Packet rate of packets matching the entry will be limited to value specified by pir."; description "Enter the rate-limit context"; leaf pir { type types-filter:rate-limit; units "kilobps"; mandatory true; description "Peak information rate"; } choice criterion-1 { case hop-limit { container hop-limit { presence "A packet matching the entry will be subjected to the configured action only if 'Hop-Limit' field of packet's IPv6 header meets the configured condition."; description "Enter the hop-limit context"; choice hop-limit { mandatory true; case eq { leaf eq { type types-filter:ttl-or-hop-limit-value; description "Value to compare against 'equal' condition for entry match criteria"; } } case lt { leaf lt { type types-filter:ttl-or-hop-limit-lt-value; description "Value to compare against 'less than' condition for entry match criteria"; } } case gt { leaf gt { type types-filter:ttl-or-hop-limit-gt-value; description "Value to compare against 'greater than' condition for entry match criteria"; } } case range { container range { presence "Range of hop-limit values."; description "Enter the range context"; leaf start { type types-filter:ttl-or-hop-limit-gt-value; mandatory true; description "Lower bound value"; } leaf end { type types-filter:ttl-or-hop-limit-lt-value; mandatory true; description "Upper bound value"; } } // container range } } } // container hop-limit } case payload-length { container payload-length { presence "A packet matching the entry will be dropped only if 'Payload Length' field of packet's IPv6 header field meets the configured condition."; description "Enter the payload-length context"; choice payload-length { mandatory true; case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of payload-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; mandatory true; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; mandatory true; description "Upper bound of the range"; } } // container range } } } // container payload-length } } container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } mandatory true; description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } mandatory true; description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } mandatory true; description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } mandatory true; description "Offset value for the pattern expression"; } } // container pattern } // container rate-limit container drop-when { presence "Packets which meet the specified condition will be dropped."; description "Enter the drop-when context"; choice criterion-1 { case hop-limit { container hop-limit { presence "A packet matching the entry will be subjected to the configured action only if 'Hop-Limit' field of packet's IPv6 header meets the configured condition."; description "Enter the hop-limit context"; choice hop-limit { mandatory true; case eq { leaf eq { type types-filter:ttl-or-hop-limit-value; description "Value to compare against 'equal' condition for entry match criteria"; } } case lt { leaf lt { type types-filter:ttl-or-hop-limit-lt-value; description "Value to compare against 'less than' condition for entry match criteria"; } } case gt { leaf gt { type types-filter:ttl-or-hop-limit-gt-value; description "Value to compare against 'greater than' condition for entry match criteria"; } } case range { container range { presence "Range of hop-limit values."; description "Enter the range context"; leaf start { type types-filter:ttl-or-hop-limit-gt-value; mandatory true; description "Lower bound value"; } leaf end { type types-filter:ttl-or-hop-limit-lt-value; mandatory true; description "Upper bound value"; } } // container range } } } // container hop-limit } case payload-length { container payload-length { presence "A packet matching the entry will be dropped only if 'Payload Length' field of packet's IPv6 header field meets the configured condition."; description "Enter the payload-length context"; choice payload-length { mandatory true; case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of payload-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; mandatory true; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; mandatory true; description "Upper bound of the range"; } } // container range } } } // container payload-length } } choice criterion-2 { case extracted-traffic { leaf extracted-traffic { type empty; description "Drop traffic extracted to CPM"; } } } container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } mandatory true; description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } mandatory true; description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } mandatory true; description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } mandatory true; description "Offset value for the pattern expression"; } } // container pattern } // container drop-when container accept-when { presence "Packets which meet the specified condition will be accepted."; description "Enter the accept-when context"; container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } mandatory true; description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } mandatory true; description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } mandatory true; description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } mandatory true; description "Offset value for the pattern expression"; } } // container pattern } // container accept-when container secondary { presence "Secondary (backup) action to be taken on a packet matching the filter entry."; description "Enter the secondary context"; leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice action { mandatory true; case forward { container forward { description "Enter the forward context"; choice forward-action { case next-hop { container next-hop { presence "A packet matching the entry will be forwarded using the specified next-hop."; description "Enter the next-hop context"; choice next-hop { mandatory true; case nh-ip-vrf { container nh-ip-vrf { presence "A packet matching the entry will be forwarded in the specified routing context using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip-vrf context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf router-instance { type string; sros-ext:immutable; mandatory true; description "Routing context for route lookup for forwarding packets"; } leaf address { type types-sros:ipv6-address; mandatory true; description "IPv6 address of next hop to forward matching packets"; } } // container nh-ip-vrf } } } // container next-hop } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type leafref { path "../../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; sros-ext:immutable; mandatory true; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type leafref { path "../../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS the sdp-bind-id belongs to"; } leaf sap-id { type leafref { path "../../../../../../../../service/vpls[service-name=current()/../vpls]/sap/sap-id"; } sros-ext:immutable; mandatory true; description "A packet matching the entry will be forwarded using the specified SAP"; } } // container sap } } } // container forward } } container remark { presence "DSCP value of packets matching the entry will be remarked."; description "Enter the remark context"; leaf dscp { type types-qos:dscp-name; mandatory true; description "Destination SAP"; } } // container remark } // container secondary } // container action } // list entry container embed { description "Enter the embed context"; list filter { key "name offset"; description "Enter the filter list instance"; leaf name { type leafref { path "../../../filter-name"; } description "ID of the filter to insert"; } leaf offset { type types-filter:embed-offset { range "0..2097150"; } description "Offset of the inserted entries"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list filter list flowspec { key "offset"; description "Enter the flowspec list instance"; leaf offset { type types-filter:embed-offset; description "Offset of the inserted entries"; } leaf group { type uint32 { range "0..16383"; } sros-ext:immutable; description "Interface group ID for an external configured set of flowspec rules"; } leaf router-instance { type string; sros-ext:immutable; mandatory true; description "Virtual router for an external configured set of flowspec rules"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // list flowspec list openflow { key "of-switch offset"; description "Enter the openflow list instance"; leaf of-switch { type leafref { path "../../../../../openflow/of-switch/name"; } description "Openflow switch which contains the flowtable to be inserted in the parent filter"; } leaf offset { type types-filter:embed-offset { range "0..2097150"; } description "Offset of the inserted entries"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice context { default "grt"; description "Specifies the context in which the openflow embedding is inserted into filter. When no context is present, this object is set to grt value."; case grt { leaf grt { type empty; sros-ext:immutable; description "Global routing context"; } } case system { leaf system { type empty; sros-ext:immutable; description "System context"; } } case vprn { leaf vprn { type leafref { path "../../../../../service/vprn/service-name"; } sros-ext:immutable; description "VPRN context"; } } case vpls { leaf vpls { type leafref { path "../../../../../service/vpls/service-name"; } sros-ext:immutable; description "VPLS context"; } leaf sap { type leafref { path "../../../../../service/vpls[service-name=current()/../vpls]/sap/sap-id"; } sros-ext:immutable; description "SAP context"; } } } } // list openflow } // container embed } // list ipv6-filter list mac-filter { key "filter-name"; description "Enter the mac-filter list instance"; leaf filter-name { type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } description "Name of the object to associate"; } leaf default-action { type types-filter:filter-default-action; default "drop"; description "Action for packets that do not match any entry"; } leaf description { type types-sros:description; description "Text description"; } leaf scope { type types-filter:filter-scope; sros-ext:immutable; default "template"; description "Scope of this filter definition"; } leaf type { type types-qos:mac-filter-type; sros-ext:immutable; default "normal"; description "MAC filter policy"; } leaf filter-id { type types-filter:filter-id; sros-ext:immutable; description "MAC filter ID"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list entry { key "entry-id"; description "Enter the entry list instance"; leaf entry-id { type types-filter:entry-id; description "Secondary index for this entry"; } leaf description { type types-sros:description; description "Text description"; } leaf log { type leafref { path "../../../log/log-id"; } description "Log that is used for packets matching this entry"; } leaf pbr-down-action-override { type types-filter:filter-pbr-down-action-ovr; description "Action when PBR or PBF target for this entry is not available"; } leaf sticky-dest { type types-filter:filter-sticky-dest; units "seconds"; description "Time before action with available PBR or PBF destination and highest priority"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container match { description "Enter the match context"; leaf frame-type { type types-filter:mac-frame-type; description "MAC frame as match criteria"; } leaf etype { type types-services:etype-value; description "Ethernet type"; } leaf snap-pid { type int32 { range "0..65535"; } description "Parameter snap-pid as a MAC filter match criteria"; } leaf snap-oui { type enumeration { enum "zero" { value 2; } enum "non-zero" { value 3; } } description "Parameter snap-oui as a MAC filter match criteria"; } container src-mac { presence "Enable source MAC address match criteria."; description "Enter the src-mac context"; leaf address { type yang:mac-address; mandatory true; description "MAC address used as MAC filter match criterion"; } leaf mask { type yang:mac-address; default "ff:ff:ff:ff:ff:ff"; description "MAC address mask"; } } // container src-mac container dst-mac { presence "Enable destination MAC address match criteria."; description "Enter the dst-mac context"; leaf address { type yang:mac-address; mandatory true; description "MAC address used as MAC filter match criterion"; } leaf mask { type yang:mac-address; default "ff:ff:ff:ff:ff:ff"; description "MAC address mask"; } } // container dst-mac container dot1p { presence "Enable 802.1P Priority Match Criteria."; description "Enter the dot1p context"; leaf priority { type types-qos:dot1p-priority; mandatory true; description "IEEE 802.1p value used as a MAC filter match criterion"; } leaf mask { type types-qos:dot1p-priority { range "1..7"; } default "7"; description "802.1p mask value used as a MAC filter match criterion"; } } // container dot1p container llc-ssap { presence "Enable SSAP criteria matching."; description "Enter the llc-ssap context"; leaf ssap { type types-qos:service-access-point; mandatory true; description "Source or destination SAP value"; } leaf mask { type types-qos:service-access-point { range "1..255"; } default "255"; description "Source SAP mask"; } } // container llc-ssap container llc-dsap { presence "Enable DSAP criteria matching."; description "Enter the llc-dsap context"; leaf dsap { type types-qos:service-access-point; mandatory true; description "DSAP value"; } leaf mask { type types-qos:service-access-point { range "1..255"; } default "255"; description "Destination SAP mask"; } } // container llc-dsap container inner-tag { presence "Enable inner tag criteria matching."; description "Enter the inner-tag context"; leaf tag { type int32 { range "0..4095"; } mandatory true; description "Matching value against VID of the second or first VLAN tag in the packet carried transparently"; } leaf mask { type uint32 { range "1..4095"; } default "4095"; description "Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value"; } } // container inner-tag container outer-tag { presence "Enable outer tag criteria matching."; description "Enter the outer-tag context"; leaf tag { type int32 { range "0..4095"; } mandatory true; description "Matching value against VID of the second or first VLAN tag in the packet carried transparently"; } leaf mask { type uint32 { range "1..4095"; } default "4095"; description "Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value"; } } // container outer-tag container isid { description "Enter the isid context"; choice isid { case isid-value { leaf value { type types-sros:svc-isid; description "Lowest value of 24-bit service instance identifier for the service matching this entry"; } } case isid-range { container range { presence "Enable isid range matching"; description "Enter the range context"; leaf start { type types-sros:svc-isid; mandatory true; description "Lowest value of 24-bit service instance identifier for the service matching this entry"; } leaf end { type types-sros:svc-isid; mandatory true; description "Highest value of 24-bit service instance identifier for the service matching this entry"; } } // container range } } } // container isid } // container match container action { presence "Action to be taken on a packet matching the MAC filter entry match criteria."; description "Enter the action context"; leaf-list apply-groups { type leafref { path "../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice action { mandatory true; case ignore-match { leaf ignore-match { type empty; description "Ignore match criteria for the entry"; } } case drop { leaf drop { type empty; description "Drop a packet matching this entry"; } } case forward { container forward { description "Enter the forward context"; choice forward-action { case esi-l2 { container esi-l2 { presence "A packet matching the entry will be forwarded to ESI identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel in the specified VPLS service."; description "Enter the esi-l2 context"; leaf esi-value { type types-services:ethernet-segment-id; mandatory true; description "ID of first ESI identified appliance in Nuage service chain"; } leaf vpls { type leafref { path "../../../../../../../service/vpls/service-name"; } mandatory true; description "Specifies the identifier of the VPLS used for VPN/DC connectivity."; } } // container esi-l2 } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type leafref { path "../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; mandatory true; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type leafref { path "../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS associated with the SAP"; } leaf sap-id { type leafref { path "../../../../../../../service/vpls[service-name=current()/../vpls]/sap/sap-id"; } mandatory true; description "VPLS Ethernet SAP ID used to forward matching packets"; } } // container sap } } } // container forward } case http-redirect { container http-redirect { presence "An HTTP GET packet matching the entry is forwarded to CPM for HTTP captive portal processing."; description "Enter the http-redirect context"; leaf url { type types-sros:http-redirect-url; sros-ext:immutable; mandatory true; description "URL that is used for redirecting"; } } // container http-redirect } case accept { leaf accept { type empty; description "Accept regular routing to forward a packet that matches this entry"; } } } container rate-limit { presence "Packet rate of packets matching the entry will be limited to value specified by pir."; description "Enter the rate-limit context"; leaf pir { type types-filter:rate-limit; units "kilobps"; mandatory true; description "Peak information rate"; } } // container rate-limit container secondary { presence "Secondary (backup) action to be taken on a packet matching the filter entry."; description "Enter the secondary context"; leaf-list apply-groups { type leafref { path "../../../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } choice action { mandatory true; case forward { container forward { description "Enter the forward context"; choice forward-action { case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type leafref { path "../../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; sros-ext:immutable; mandatory true; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type leafref { path "../../../../../../../../service/vpls/service-name"; } mandatory true; description "VPLS the sdp-bind-id belongs to"; } leaf sap-id { type leafref { path "../../../../../../../../service/vpls[service-name=current()/../vpls]/sap/sap-id"; } sros-ext:immutable; mandatory true; description "A packet matching the entry will be forwarded using the specified SAP"; } } // container sap } } } // container forward } } } // container secondary } // container action } // list entry container embed { description "Add a list entry for embed"; } // container embed } // list mac-filter container system-filter { description "Enter the system-filter context"; leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } list ip { key "ip-filter"; max-elements 1; description "Add a list entry for ip"; leaf ip-filter { type leafref { path "../../../ip-filter/filter-name"; } description "The name of the IPv4 filter policy to be selected as the active system filter policy"; } } // list ip list ipv6 { key "ipv6-filter"; max-elements 1; description "Add a list entry for ipv6"; leaf ipv6-filter { type leafref { path "../../../ipv6-filter/filter-name"; } description "The name of the IPv6 filter policy to be selected as the active system filter policy"; } } // list ipv6 } // container system-filter list gre-tunnel-template { key "gre-tunnel-template-name"; max-elements 1023; description "Enter the gre-tunnel-template list instance"; leaf gre-tunnel-template-name { type types-sros:named-item; description "GRE tunnel template identifier"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container ipv4 { description "Enter the ipv4 context"; leaf source-address { type types-sros:ipv4-address; default "0.0.0.0"; description "Source IP address of the GRE encapsulated"; } leaf gre-key { type types-filter:filter-gre-tunnel-gre-key; description "GRE key"; } leaf skip-ttl-decrement { type boolean; default "false"; description "Decrement TTL"; } list destination-address { key "address"; max-elements 32; description "Add a list entry for destination-address"; leaf address { type types-sros:ipv4-address; description "Destination IP address"; } } // list destination-address } // container ipv4 } // list gre-tunnel-template container md-auto-id { description "Enter the md-auto-id context"; container filter-id-range { presence "Filter Id range for MD Auto assignment"; description "Enter the filter-id-range context"; leaf start { type types-filter:filter-id; sros-ext:immutable; mandatory true; description "Lower value of the ID range, must be less than or equal to end value"; } leaf end { type types-filter:filter-id; sros-ext:immutable; mandatory true; description "Upper value of the ID range, must be greater than or equal to start value"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // container filter-id-range } // container md-auto-id list dhcp-filter { key "filter-id"; description "Enter the dhcp-filter list instance"; leaf filter-id { type uint32 { range "1..65535"; } description "Unique DHCP filter policy ID"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container default-action { presence "Enables DHCP filter default action configuration."; description "Enter the default-action context"; choice action { mandatory true; description "The action to take for DHCP host creation requests that match this filter entry. If not set host creation proceeds as usual"; case bypass-host-creation { leaf bypass-host-creation { type empty; description "Host creation options to bypass"; } } case drop { leaf drop { type empty; description "DHCP host creation when the filter entry is matched"; } } } } // container default-action list entry { key "entry-id"; max-elements 10; description "Enter the entry list instance"; leaf entry-id { type uint32 { range "1..65535"; } description "DHCP filter entry index"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container action { presence "Enables DHCP filter entry action configuration."; description "Enter the action context"; choice action { mandatory true; description "The action to take for DHCP host creation requests that match this filter entry. If not set host creation proceeds as usual"; case bypass-host-creation { leaf bypass-host-creation { type empty; description "Host creation options to bypass"; } } case drop { leaf drop { type empty; description "DHCP host creation when the filter entry is matched"; } } } } // container action container option { presence "Enables DHCP option match criteria configuration."; description "Enter the option context"; leaf number { type int32 { range "0..255"; } mandatory true; description "Number for DHCP or DHCPv6 option to filter on"; } choice option-match { mandatory true; case present { leaf present { type empty; description "Require the presence of related option"; } } case absent { leaf absent { type empty; description "Require the absence of related option"; } } case match { container match { presence "Enables complex matching parameters."; description "Enter the match context"; leaf exact { type boolean; default "false"; description "Use an exact match pattern (not partial)"; } leaf invert { type boolean; default "false"; description "Invert (partial) matching criteria"; } choice option-value { mandatory true; case string { leaf string { type string { length "1..127"; } description "Matching pattern for the filtered option"; } } case hex { leaf hex { type string { length "1..256"; pattern "0x[0-9a-fA-F]+"; } description "Matching pattern for the filtered option"; } } } } // container match } } } // container option } // list entry } // list dhcp-filter list dhcp6-filter { key "filter-id"; description "Enter the dhcp6-filter list instance"; leaf filter-id { type uint32 { range "1..65535"; } description "Unique DHCP filter policy ID"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container default-action { presence "Enables DHCP6 filter default action configuration."; description "Enter the default-action context"; choice action { mandatory true; description "The action to take for DHCP6 host creation requests that match this filter entry. If not set host creation proceeds as usual"; case bypass-host-creation { container bypass-host-creation { presence "Enables DHCP6 filter entry action configuration."; description "Enter the bypass-host-creation context"; leaf na { type boolean; default "true"; description "Bypass the DHCPv6 NA host creation"; } leaf pd { type boolean; default "true"; description "Bypass the DHCPv6 PD host creation"; } } // container bypass-host-creation } case drop { leaf drop { type empty; description "Drop DHCPv6 message (do not process)"; } } } } // container default-action list entry { key "entry-id"; max-elements 10; description "Enter the entry list instance"; leaf entry-id { type uint32 { range "1..65535"; } description "DHCP filter entry index"; } leaf-list apply-groups { type leafref { path "../../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container action { presence "Enables DHCP6 filter entry action configuration."; description "Enter the action context"; choice action { mandatory true; description "The action to take for DHCP6 host creation requests that match this filter entry. If not set host creation proceeds as usual"; case bypass-host-creation { container bypass-host-creation { presence "Enables DHCP6 filter entry action configuration."; description "Enter the bypass-host-creation context"; leaf na { type boolean; default "true"; description "Bypass the DHCPv6 NA host creation"; } leaf pd { type boolean; default "true"; description "Bypass the DHCPv6 PD host creation"; } } // container bypass-host-creation } case drop { leaf drop { type empty; description "Drop DHCPv6 message (do not process)"; } } } } // container action container option { presence "Enables DHCP6 option match criteria configuration."; description "Enter the option context"; leaf number { type int32 { range "0..255"; } mandatory true; description "Number for DHCP or DHCPv6 option to filter on"; } choice option-match { mandatory true; case present { leaf present { type empty; description "Require the presence of related option"; } } case absent { leaf absent { type empty; description "Require the absence of related option"; } } case match { container match { presence "Enables complex matching parameters."; description "Enter the match context"; leaf exact { type boolean; default "false"; description "Use an exact match pattern (not partial)"; } leaf invert { type boolean; default "false"; description "Invert (partial) matching criteria"; } choice option-value { mandatory true; case string { leaf string { type string { length "1..127"; } description "Matching pattern for the filtered option"; } } case hex { leaf hex { type string { length "1..256"; pattern "0x[0-9a-fA-F]+"; } description "Matching pattern for the filtered option"; } } } } // container match } } } // container option } // list entry } // list dhcp6-filter } // container filter container fwd-path-ext { description "Enter the fwd-path-ext context"; leaf-list apply-groups { type leafref { path "../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container sdp-id-range { presence "The FPE SDP ID range."; description "Enter the sdp-id-range context"; leaf start { type types-services:sdp-id; mandatory true; description "Start of range"; } leaf end { type types-services:sdp-id; mandatory true; description "End of range"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } } // container sdp-id-range list fpe { key "fpe-id"; description "Enter the fpe list instance"; leaf fpe-id { type uint32 { range "1..64"; } description "FPE used to associate the application with a PXC"; } leaf description { type types-sros:description; description "Text description"; } leaf-list apply-groups { type leafref { path "../../../groups/group/name"; } max-elements 8; ordered-by user; description "Apply a configuration group at this level"; } container path { description "Enter the path context"; choice path-type { case port-xc { leaf pxc { type leafref { path "../../../../port-xc/pxc/pxc-id"; } description "Cross connect port identifier associated with this entry"; } } case lag { leaf xc-lag-a { type leafref { path "../../../../lag/lag-index"; } description "LAG identifier A value"; } leaf xc-lag-b { type leafref { path "../../../../lag/lag-index"; } description "LAG identifier B value"; } } } } // container path container application { description "Enter the application context"; leaf pw-port { type boolean; default "false"; description "Use FPE to set up FPE PW cross-connect"; } leaf sub-mgmt-extension { type boolean; default "false"; description "Reserve FPE for hybrid access bonding"; } container vxlan-termination { presence "VXLAN termination information."; description "Enter the vxlan-termination context"; leaf router-instance { type string; default "Base"; description "Routing context that provides reachability to the tunnel configured"; } } // container vxlan-termination } // container application } // list fpe } // container fwd-path-ext container groups { description "Enter the groups context"; list group { key "name"; max-elements 64; description "Enter the group list instance"; leaf name { type types-sros:named-item-64; description "The name of this configuration group."; } container aaa { description "Enter the aaa context"; container radius { description "Enter the radius context"; leaf coa-port { type inet:port-number { range "1647|1700|1812|3799"; } default "3799"; description "Radius CoA port"; } list acct-on-off-group { key "name"; max-elements 32; description "Enter the acct-on-off-group list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Accounting on/off group name"; } leaf description { type types-sros:description; description "Text description"; } } // list acct-on-off-group list server-policy { key "name"; max-elements 32; description "Enter the server-policy list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "RADIUS script policy name"; } leaf description { type types-sros:description; description "Text description"; } leaf python-policy { type types-sros:named-item; description "Python policy to modify the RADIUS messages"; } container servers { description "Enter the servers context"; leaf timeout { type types-sros:time-duration { range "1..340"; } units "seconds"; default "5"; description "Time until the next retry to the RADIUS server"; } leaf retry-count { type uint32 { range "1..256"; } default "3"; description "Number of retries for contacting the RADIUS server"; } leaf hold-down-time { type types-sros:time-duration { range "30..86400"; } units "seconds"; default "30"; description "Hold time before re-using a RADIUS server that was down"; } leaf router-instance { type string; description "RADIUS routing instance"; } leaf source-address { type types-sros:ipv4-address; description "Source address of RADIUS messages"; } leaf ipv6-source-address { type types-sros:ipv6-address; description "Source address for IPv6 RADIUS datagrams"; } leaf access-algorithm { type types-radius:server-selection-algo; description "Algorithm to access the set of RADIUS servers"; } leaf stickiness { type boolean; default "true"; description "Allow stickiness in a multi-server application"; } list server { key "server-index"; max-elements 32; description "Enter the server list instance"; leaf server-index { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..16"; } } description "RADIUS server index"; } leaf server-name { type types-sros:named-item; description "RADIUS server name"; } } // list server container buffering { description "Enter the buffering context"; container acct-interim { presence "acct-interim"; description "Enter the acct-interim context"; leaf min { type types-sros:time-duration { range "1..3600"; } units "seconds"; description "Minimum time between accounting message resend attempts"; } leaf max { type types-sros:time-duration { range "1..3600"; } units "seconds"; description "Maximum time between accounting message resend attempts"; } leaf lifetime { type types-sros:time-duration { range "1..25"; } units "hours"; description "Time accounting message can be in retransmission buffer"; } } // container acct-interim container acct-stop { presence "acct-stop"; description "Enter the acct-stop context"; leaf min { type types-sros:time-duration { range "1..3600"; } units "seconds"; description "Minimum time between accounting message resend attempts"; } leaf max { type types-sros:time-duration { range "1..3600"; } units "seconds"; description "Maximum time between accounting message resend attempts"; } leaf lifetime { type types-sros:time-duration { range "1..25"; } units "hours"; description "Time accounting message can be in retransmission buffer"; } } // container acct-stop } // container buffering container health-check { description "Enter the health-check context"; leaf down-timeout { type types-sros:time-duration { range "1..340"; } units "seconds"; description "Wait time before declaring RADIUS server out-of-service"; } container test-account { description "Enter the test-account context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of health check state"; } leaf interval { type types-sros:time-duration { range "1..60"; } units "seconds"; default "3"; description "Time for health check"; } leaf user-name { type types-sros:display-string { length "1..64"; } description "Username for health check"; } leaf password { type types-sros:encrypted-leaf { length "1..115"; } description "Password for health check"; } } // container test-account } // container health-check } // container servers container acct-on-off { presence "Acct-On/Off"; description "Enter the acct-on-off context"; choice mode { case monitor { leaf monitor { type types-sros:named-item; sros-ext:immutable; description "Accounting on/off group name"; } } case oper-state-change { container oper-state-change { presence "change operational state"; description "Enter the oper-state-change context"; leaf group { type types-sros:named-item; sros-ext:immutable; description "Change of operational state for a group"; } } // container oper-state-change } } } // container acct-on-off } // list server-policy list route-downloader { key "name"; max-elements 1; description "Enter the route-downloader list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Route downloader name"; } leaf description { type types-sros:description; description "Text description"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of this Route Downloader"; } leaf radius-server-policy { type types-sros:named-item; description "RADIUS server policy used by this route downloader"; } leaf download-interval { type uint32 { range "1..1440"; } units "minutes"; default "720"; description "Time for system to wait between two consecutive runs of route-download process"; } leaf default-metric { type uint32 { range "0..254"; } default "2"; description "Default metric of this route downloader"; } leaf default-tag { type uint32 { range "0..4294967295"; } default "0"; description "Default tag of this route downloader"; } leaf max-routes { type uint32 { range "1..200000"; } default "200000"; description "Maximum routes imported by this route downloader"; } leaf base-user-name { type types-sros:named-item; description "Prefix of the username used by this route downloader"; } leaf password { type types-sros:encrypted-leaf { length "1..71"; } description "Route downloader password"; } container retry-interval { description "Enter the retry-interval context"; leaf min { type uint32 { range "1..1440"; } units "minutes"; default "10"; description "Specifies the minimum duration of the retry interval. This duration grows exponentially after each sequential failure."; } leaf max { type uint32 { range "1..1440"; } units "minutes"; default "20"; description "Specifies the maximum duration of the retry interval. This duration grows exponentially after each sequential failure"; } } // container retry-interval } // list route-downloader list l2tp-accounting-policy { key "name"; max-elements 32; description "Enter the l2tp-accounting-policy list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Name for L2TP RADIUS accounting policy"; } leaf description { type types-sros:description; description "Text description"; } leaf acct-tunnel-connection-fmt { type types-sros:display-string { length "1..253"; pattern "([^%]+|%[nsStTcC%])+"; } default "%n"; description "Accounting tunnel connection ASCII specification"; } leaf radius-server-policy { type types-sros:named-item; description "RADIUS server policy"; } container accounting-type { description "Enter the accounting-type context"; leaf session { type boolean; default "true"; description "Enable/disable per session accounting"; } leaf tunnel { type boolean; default "true"; description "Enable/disable per tunnel accounting"; } } // container accounting-type container include-radius-attribute { description "Enter the include-radius-attribute context"; leaf calling-station-id { type boolean; default "false"; description "Include the calling station ID attribute"; } leaf nas-identifier { type boolean; default "false"; description "Include the NAS-Identifier attribute"; } container nas-port { presence "Include the NAS-Port attribute"; description "Enter the nas-port context"; leaf bit-spec { type types-sros:binary-specification { pattern "([01]|(\\*[0123456789]+)?[oismpvc])+"; } description "RADIUS NAS-Port attribute"; } } // container nas-port container nas-port-id { presence "Include the NAS-Port-Id attribute"; description "Enter the nas-port-id context"; leaf prefix-string { type types-sros:string-not-all-spaces { length "1..8"; } description "Specifies NAS-Port-Id prefix string"; } leaf suffix { type enumeration { enum "circuit-id" { value 1; } enum "remote-id" { value 2; } } description "NAS-Port-Id suffix"; } } // container nas-port-id container nas-port-type { presence "Include the NAS-Port-Type attribute"; description "Enter the nas-port-type context"; leaf type { type union { type enumeration { enum "rfc-aligned" { value 1000; } } type uint32 { range "0..255"; } } default "rfc-aligned"; description "Value for RADIUS NAS-Port-Type attribute"; } } // container nas-port-type } // container include-radius-attribute } // list l2tp-accounting-policy list isa-policy { key "name"; max-elements 8; description "Enter the isa-policy list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Policy name"; } leaf description { type types-sros:description; description "Text description"; } leaf password { type types-sros:encrypted-leaf { length "1..42"; } description "Password used in the RADIUS access requests"; } leaf nas-ip-address-origin { type enumeration { enum "system-ip" { value 0; } enum "isa-ip" { value 1; } } default "system-ip"; description "NAS-IP-Address attribute"; } leaf python-policy { type types-sros:named-item; description "Python policy used for modifying RADIUS messages"; } container accounting { description "Enter the accounting context"; container include-attributes { description "Enter the include-attributes context"; leaf acct-delay-time { type boolean; default "false"; description "Include the Acct-Delay-Time attribute"; } leaf acct-triggered-reason { type boolean; default "false"; description "Include Alc-Acct-Triggered-Reason attribute"; } leaf called-station-id { type boolean; default "false"; description "Include the Called-Station-Id attribute"; } leaf calling-station-id { type boolean; default "false"; description "Include the Calling-Station-Id attribute"; } leaf circuit-id { type boolean; default "false"; description "Include the Circuit-Id attribute"; } leaf class { type boolean; default "false"; description "Include the Class attribute"; } leaf dhcp-options { type boolean; default "false"; description "Include the Alc-ToServer-Dhcp-Options attribute"; } leaf dhcp-vendor-class-id { type boolean; default "false"; description "Include the Alc-DHCP-Vendor-Class-Id attribute"; } leaf frame-counters { type boolean; default "false"; description "Include the Acct-Input-Packets and Acct-Output-Packets attributes"; } leaf framed-ip-address { type boolean; default "false"; description "Include the Framed-IP-Address attribute"; } leaf framed-ip-netmask { type boolean; default "false"; description "Include the Framed-IP-Netmask attribute"; } leaf framed-ipv6-prefix { type boolean; default "false"; description "Include the Framed-IPv6-Prefix attribute"; } leaf hardware-timestamp { type boolean; default "false"; description "Include the Event-Timestamp attribute"; } leaf ipv6-address { type boolean; default "false"; description "Include the IPv6-Address attribute"; } leaf mac-address { type boolean; default "false"; description "Include the Alc-Client-Hardware-Addr attribute"; } leaf multi-session-id { type boolean; default "false"; description "Include the Acct-Multi-Session-Id attribute"; } leaf nas-identifier { type boolean; default "false"; description "Include the NAS-Identifier attribute"; } leaf nas-ip-address { type boolean; default "false"; description "Include the NAS-IP-Address attribute"; } leaf nas-port { type boolean; default "false"; description "Include the NAS-Port attribute"; } leaf nas-port-id { type boolean; default "false"; description "Include the NAS-Port-Id attribute"; } leaf nas-port-type { type boolean; default "false"; description "Include the NAS-Port-Type attribute"; } leaf nat-inside-service-id { type boolean; default "false"; description "Include the NAT inside service ID in Alc-Serv-Id attribute"; } leaf nat-outside-ip-address { type boolean; default "false"; description "Include the Alc-Nat-Outside-Ip-Addr attribute"; } leaf nat-outside-service-id { type boolean; default "false"; description "Include the NAT outside service ID in the Alc-Serv-Id attribute"; } leaf nat-port-range-block { type boolean; default "false"; description "Include the Alc-Nat-Port-Range attribute"; } leaf nat-subscriber-string { type boolean; default "false"; description "Include the Alc-Subsc-ID-Str attribute"; } leaf octet-counters { type boolean; default "false"; description "Include the Acct-Input-Octets and Acct-Output-Octets attributes"; } leaf proxied-subscriber-data { type boolean; default "false"; description "Include subscriber data as RADIUS attributes that are passed into RADIUS accounting messages"; } leaf release-reason { type boolean; default "false"; description "Include the reason of NAT release in the Acct-Terminate-Cause attribute"; } leaf remote-id { type boolean; default "false"; description "Include the Remote-Id attribute"; } leaf rssi { type boolean; default "false"; description "Include the Alc-RSSI attribute"; } leaf session-time { type boolean; default "false"; description "Include the Acct-Session-Time attribute"; } leaf subscriber-id { type boolean; default "false"; description "Include the Alc-Subsc-ID-Str attribute"; } leaf toserver-dhcp6-options { type boolean; default "false"; description "Include the Alc-ToServer-Dhcp6-Options attribute"; } leaf ue-creation-type { type boolean; default "false"; description "Include the Alc-Wlan-Ue-Creation-Type attribute"; } leaf user-name { type boolean; default "false"; description "Include the User-Name attribute"; } leaf wlan-ssid-vlan { type boolean; default "false"; description "Include the per-SSID VLAN tag in Alc-Wlan-SSID-VLAN attribute"; } leaf xconnect-tunnel-local-ipv6-address { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Local-Ipv6 attribute"; } leaf xconnect-tunnel-remote-ipv6-address { type boolean; default "false"; description "Include the cross-connect tunnel remote IPv6 address attribute"; } leaf xconnect-tunnel-service { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Service attribute"; } leaf xconnect-tunnel-type { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Type attribute"; } leaf xconnect-tunnel-home-address { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Home-Ipv6 attribute"; } } // container include-attributes container update-triggers { description "Enter the update-triggers context"; leaf address-state { type boolean; default "false"; description "Send an Interim-Update when DHCP/DHCP6/SLAAC state is created or removed"; } } // container update-triggers container nat-periodic-update { description "Enter the nat-periodic-update context"; leaf interval { type types-sros:time-duration { range "1..72"; } units "hours"; description "Interval for periodic RADIUS Interim-Update messages"; } leaf rate-limit { type union { type uint32 { range "1..100000"; } type enumeration { enum "unlimited" { value 0; } } } units "packets per second"; default "unlimited"; description "Rate limit for periodic RADIUS Interim-Update messages"; } } // container nat-periodic-update } // container accounting container authentication { description "Enter the authentication context"; container include-attributes { description "Enter the include-attributes context"; leaf called-station-id { type boolean; default "false"; description "Include the Called-Station-Id attribute"; } leaf calling-station-id { type boolean; default "false"; description "Include the Calling-Station-Id attribute"; } leaf circuit-id { type boolean; default "false"; description "Include the Agent-Circuit-Id attribute"; } leaf toserver-dhcp-options { type boolean; default "false"; description "Include the Alc-ToServer-Dhcp-Options attribute"; } leaf dhcp-vendor-class-id { type boolean; default "false"; description "Include the Dhcp-Vendor-Class-Id attribute"; } leaf framed-ip-address { type boolean; default "false"; description "Include the Framed-IP-Address attribute"; } leaf ipv6-address { type boolean; default "false"; description "Include the Alc-Ipv6-Address attribute"; } leaf mac-address { type boolean; default "false"; description "Include the Alc-Client-Hardware-Addr attribute"; } leaf nas-identifier { type boolean; default "false"; description "Include the NAS-Identifier attribute"; } leaf nas-ip-address { type boolean; default "true"; description "Include the NAS-IP-Address attribute"; } leaf nas-port { type boolean; default "false"; description "Include the NAS-Port attribute"; } leaf nas-port-id { type boolean; default "false"; description "Include the NAS-Port-Id attribute"; } leaf nas-port-type { type boolean; default "false"; description "Include the NAS-Port-Type attribute"; } leaf remote-id { type boolean; default "false"; description "Include the Agent-Remote-Id attribute"; } leaf toserver-dhcp6-options { type boolean; default "false"; description "Include the Alc-ToServer-Dhcp6-Options attribute"; } leaf wlan-ssid-vlan { type boolean; default "false"; description "Include the per-SSID VLAN ID in Alc-Wlan-SSID-VLAN attribute"; } leaf xconnect-tunnel-home-address { type boolean; default "false"; description "Include the Alc-Xconnect-Tunnel-Home-Ipv6 attribute"; } } // container include-attributes } // container authentication container user-name { description "Enter the user-name context"; leaf format { type enumeration { enum "mac" { value 1; } enum "mac-ip" { value 2; } enum "dhcp-vendor" { value 3; } enum "circuit-id" { value 4; } } default "mac"; description "How user is represented when contacting RADIUS server"; } leaf mac-format { type types-nat:mac-format; description "How the MAC address gets formatted"; } } // container user-name container servers { description "Enter the servers context"; leaf source-address-range { type types-sros:ipv4-unicast-address; description "Starting source address of RADIUS messages; end depends on number of ISAs in the system"; } leaf timeout { type types-sros:time-duration { range "1..90"; } units "seconds"; default "5"; description "Timeout for a response from the RADIUS server"; } leaf total-tries { type uint32 { range "1..10"; } default "3"; description "Maximum number of tries toward the same RADIUS server"; } leaf router-instance { type string; description "The routing instance"; } leaf access-algorithm { type types-radius:isa-server-selection-algo; description "Algorithm that accesses the RADIUS servers"; } list server { key "index"; max-elements 10; description "Enter the server list instance"; leaf index { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..10"; } } description "RADIUS server index that determines sequence in which servers are queried for auth requests"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the ISA RADIUS server"; } leaf ip-address { type types-sros:ipv4-unicast-address; description "Destination IP address to reach RADIUS server"; } leaf secret { type types-sros:encrypted-leaf { length "1..115"; } description "Shared secret to authenticate messages and encrypt attributes to or from this server"; } container purpose { description "Enter the purpose context"; container accounting { presence "Accounting"; description "Enter the accounting context"; leaf udp-port { type types-sros:tcp-udp-port-non-zero; default "1813"; description "ISA RADIUS server accounting UDP port"; } } // container accounting container authentication { presence "Authentication"; description "Enter the authentication context"; leaf udp-port { type types-sros:tcp-udp-port-non-zero; default "1812"; description "ISA RADIUS server authentication UDP port"; } } // container authentication container coa { presence "Change of Authorization"; description "Enter the coa context"; leaf udp-port { type types-sros:tcp-udp-port-non-zero; default "3799"; description "ISA RADIUS server change of authorization UDP port"; } } // container coa } // container purpose } // list server } // container servers } // list isa-policy } // container radius container diameter { description "Enter the diameter context"; list node { key "origin-host"; max-elements 32; description "Enter the node list instance"; leaf origin-host { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-diam:diam-fqdn; } description "Origin-Host AVP"; } leaf description { type types-sros:description; description "Text description"; } leaf origin-realm { type types-diam:diam-fqdn; sros-ext:immutable; description "Origin-realm name"; } leaf python-policy { type types-sros:named-item; description "Python policy for received or sent Diameter messages"; } leaf router-instance { type string; default "Base"; description "Router in which this node connects to its peers"; } container connection { description "Enter the connection context"; leaf timer { type types-sros:time-duration { range "1..1000"; } units "seconds"; default "30"; description "Wait time before attempting reconnection to peer"; } container ipv4 { description "Enter the ipv4 context"; leaf local-address { type types-sros:ipv4-unicast-address; description "Local address of IPv4 TCP peer connection"; } leaf allow-connections { type boolean; default "false"; description "Listen on local address for incoming peer connections"; } } // container ipv4 container ipv6 { description "Enter the ipv6 context"; leaf local-address { type types-sros:ipv6-unicast-address; description "Local address of IPv6 TCP peer connection"; } leaf allow-connections { type boolean; default "false"; description "Listen on local address for incoming peer connections"; } } // container ipv6 } // container connection list peer { key "index"; max-elements 5; description "Enter the peer list instance"; leaf index { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..5"; } } description "Index of peer within the node"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the Diameter peer"; } leaf address { type types-sros:ip-unicast-address; description "Diameter peer address"; } leaf destination-host { type types-diam:diam-fqdn; sros-ext:immutable; description "Destination-Host AVP string for Diameter messages"; } leaf connection-timer { type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Wait time before attempting reconnection to peer"; } leaf preference { type uint32 { range "1..100"; } default "50"; description "Preference of this peer, lower is more preferred"; } leaf watchdog-timer { type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Time between consecutive watchdog messages"; } leaf default-peer { type boolean; default "false"; description "Use the peer as default route for realm-based routing"; } } // list peer } // list node list peer-policy { status deprecated; key "name"; max-elements 32; description "Enter the peer-policy list instance"; leaf name { status deprecated; type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Diameter peer policy name"; } leaf description { status deprecated; type types-sros:description; description "Text description"; } leaf origin-host { status deprecated; type string { length "1..80"; } description "Origin-Host AVP sent in all Diameter messages"; } leaf origin-realm { status deprecated; type string { length "1..80"; } description "Origin-Realm AVP sent in all Diameter messages"; } leaf router-instance { status deprecated; type string; default "Base"; description "Diameter peer policy router"; } leaf ipv4-source-address { status deprecated; type types-sros:ipv4-unicast-address; description "IPv4 source address for peering connection"; } leaf ipv6-source-address { status deprecated; type types-sros:ipv6-unicast-address; description "IPv6 source address for IPv6-reachable peering"; } leaf watchdog-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; default "30"; description "Time between consecutive watchdog messages"; } leaf connection-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; default "30"; description "Wait time before attempting reconnection to peer"; } leaf transaction-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; default "30"; description "Timeout for base Diameter messages (DWR, CER, DPR)"; } leaf vendor-support { status deprecated; type types-diam:diam-vendor-support; default "three-gpp"; description "Vendor support announced in the capability exchange"; } leaf python-policy { status deprecated; type types-sros:named-item; description "Name of python policy for Diameter processing"; } leaf role { status deprecated; type enumeration { enum "client" { value 0; } enum "proxy" { value 1; } } sros-ext:immutable; default "client"; description "Client or proxy role of a Diameter peer policy"; } container applications { status deprecated; description "Enter the applications context"; leaf gx { status deprecated; type boolean; default "false"; description "Advertise Gx application support in CER messages"; } leaf gy { status deprecated; type boolean; default "false"; description "Advertise Gy application support in CER messages"; } leaf nasreq { status deprecated; type boolean; default "false"; description "Advertise NASREQ application support in CER messages"; } } // container applications list peer { status deprecated; key "peer-name"; max-elements 5; description "Enter the peer list instance"; leaf peer-name { status deprecated; type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Name of peer in Diameter peer policy"; } leaf admin-state { status deprecated; type types-sros:admin-state; default "disable"; description "Administrative state of the peer"; } leaf address { status deprecated; type types-sros:ip-unicast-address; description "Diameter peer address"; } leaf destination-host { status deprecated; type types-sros:string-not-all-spaces { length "1..80"; } description "Destination-Host AVP string for Diameter messages"; } leaf destination-realm { status deprecated; type types-sros:string-not-all-spaces { length "1..80"; } description "Destination-Realm AVP string"; } leaf watchdog-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Time between consecutive watchdog messages"; } leaf connection-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Wait time before attempting reconnection to peer"; } leaf transaction-timer { status deprecated; type types-sros:time-duration { range "1..1000"; } units "seconds"; description "Timeout for base Diameter messages (DWR, CER, DPR)"; } leaf preference { status deprecated; type uint32 { range "1..100"; } default "50"; description "Peer preference of the Diameter peer policy"; } container transport { status deprecated; description "Enter the transport context"; leaf port-number { status deprecated; type uint32 { range "1..65535"; } default "3868"; description "Transport protocol port number used toward policy peer"; } } // container transport container statistics { status deprecated; description "Add a list entry for statistics"; } // container statistics } // list peer container proxy { status deprecated; description "Enter the proxy context"; leaf admin-state { status deprecated; type types-sros:admin-state; default "disable"; description "Administrative state of Diameter proxy"; } leaf router-instance { status deprecated; type string; description "Routing context associated with Diameter proxy"; } leaf local-address { status deprecated; type types-sros:ip-unicast-address; description "Source IP address on which Diameter proxy listens"; } container mcs-peer { status deprecated; presence "Multi-Chassis Synchronization peer in Diameter multi-chassis redundancy"; description "Enter the mcs-peer context"; leaf address { status deprecated; type types-sros:ip-unicast-address; sros-ext:immutable; description "MCS peer address"; } leaf sync-tag { status deprecated; type types-sros:named-item; sros-ext:immutable; description "Synchronization tag shared by MCS peers"; } } // container mcs-peer } // container proxy } // list peer-policy } // container diameter container wpp { description "Enter the wpp context"; leaf system-name { type string { length "1..16"; } description "System name used in WPP protocol messages"; } list portal-group { key "group-name"; description "Enter the portal-group list instance"; leaf group-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Portal group name"; } leaf description { type types-sros:description; description "Text description"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the portal group"; } list portal { key "router-instance name"; max-elements 8; description "Add a list entry for portal"; leaf router-instance { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item-64 { pattern ".{1,32}" { error-message "vRtrName needs to be extended to 64 to support this name"; } } } description "Router on which the portal is configured"; } leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Portal name"; } } // list portal } // list portal-group } // container wpp } // container aaa container bfd { description "Enter the bfd context"; list bfd-template { key "name"; description "Enter the bfd-template list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "BFD template name"; } leaf echo-receive { type uint32 { range "100..100000"; } units "milliseconds"; default "100"; description "Echo receive interval"; } leaf multiplier { type uint32 { range "1..20"; } default "3"; description "Detection multiplier value"; } leaf receive-interval { type uint32 { range "10..100000"; } units "milliseconds"; default "100"; description "Receive interval"; } leaf transmit-interval { type uint32 { range "10..100000"; } units "milliseconds"; default "100"; description "Transmit interval"; } leaf type { type enumeration { enum "cpm-np" { value 1; } } description "Local termination point for the BFD session"; } } // list bfd-template container seamless-bfd { description "Enter the seamless-bfd context"; list reflector { key "name"; max-elements 1; description "Enter the reflector list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "S-BFD reflector name"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Enable/disable the S-BFD reflector"; } leaf discriminator { type uint32 { range "524288..526335"; } description "Discriminator of the seamless BFD reflector"; } leaf description { type types-sros:description; description "Text description"; } leaf local-state { type enumeration { enum "admin-down" { value 0; } enum "up" { value 3; } } default "up"; description "Local state of the seamless BFD reflector"; } } // list reflector } // container seamless-bfd } // container bfd container bmp { description "Enter the bmp context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the BMP operation"; } container collector { description "Enter the collector context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the BMP collector."; } container connection { description "Enter the connection context"; container ipv4 { description "Enter the ipv4 context"; leaf address { type types-sros:ipv4-unicast-address; description "IPv4 address."; } leaf port { type types-sros:tcp-udp-port-non-zero; default "4210"; description "IPv4 TCP port."; } } // container ipv4 container ipv6 { description "Enter the ipv6 context"; leaf address { type types-sros:ipv6-unicast-address; description "IPv6 address."; } leaf port { type types-sros:tcp-udp-port-non-zero; default "4210"; description "IPv6 TCP port."; } } // container ipv6 } // container connection } // container collector list station { key "name"; max-elements 8; description "Enter the station list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "BMP monitoring station name"; } leaf description { type types-sros:description; description "Text description"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the BMP monitoring station"; } leaf initiation-message { type string { length "1..255"; } description "Free form initiation message for a type 0 TLV to be sent to the BMP monitoring station"; } leaf stats-report-interval { type types-sros:time-duration { range "15..65535"; } units "seconds"; description "Frequency of statistics reporting messages sent to the BMP monitoring station"; } leaf report-local-routes { type boolean; default "false"; description "Allow local route reporting to the BMP monitoring station"; } container connection { description "Enter the connection context"; leaf connect-retry { type types-sros:time-duration { range "1..65535"; } units "seconds"; default "120"; description "Maximum time between connection attempts"; } leaf local-address { type types-sros:ip-unicast-address; description "Local IP address to communicate with the BMP monitoring station"; } leaf router-instance { type string; default "Base"; description "Router instance used to reach the BMP station"; } container station-address { description "Enter the station-address context"; leaf ip-address { type types-sros:ip-unicast-address; description "IP address of the BMP monitoring station"; } leaf port { type types-sros:tcp-udp-port-non-zero; description "Port of the BMP monitoring station"; } } // container station-address container tcp-keepalive { description "Enter the tcp-keepalive context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of TCP keepalive"; } leaf keep-idle { type types-sros:time-duration { range "1..100000"; } units "seconds"; default "600"; description "Time until the first TCP keepalive probe is sent."; } leaf keep-interval { type types-sros:time-duration { range "1..100000"; } units "seconds"; default "15"; description "Time between two TCP keepalive probes"; } leaf keep-count { type uint32 { range "3..100"; } default "4"; description "Number of missed keepalives before the TCP connection is declared down"; } } // container tcp-keepalive } // container connection container family { description "Enter the family context"; leaf ipv4 { type boolean; default "true"; description "Support IPv4 address family"; } leaf ipv6 { type boolean; default "false"; description "Support IPv6 address family"; } leaf label-ipv4 { type boolean; default "false"; description "Support labeled IPv4 address family"; } leaf label-ipv6 { type boolean; default "false"; description "Support labeled IPv6 address family"; } leaf mcast-ipv4 { type boolean; default "false"; description "Support IPv4 multicast address family"; } leaf mcast-ipv6 { type boolean; default "false"; description "Support IPv6 multicast address family"; } leaf vpn-ipv4 { type boolean; default "false"; description "Support VPN IPv4 address family"; } leaf vpn-ipv6 { type boolean; default "false"; description "Support VPN IPv6 address family"; } leaf mcast-vpn-ipv4 { type boolean; default "false"; description "Support IPv4 VPN multicast address family"; } leaf mcast-vpn-ipv6 { type boolean; default "false"; description "Support IPv6 VPN multicast address family"; } leaf evpn { type boolean; default "false"; description "Support EVPN address family"; } leaf l2-vpn { type boolean; default "false"; description "Support L2 VPN address family"; } } // container family } // list station } // container bmp container call-trace { description "Enter the call-trace context"; leaf max-files-number { type uint32 { range "1..1024"; } default "200"; description "Maximum number of all call trace log files stored on all compact flash cards"; } leaf primary-cf { type enumeration { enum "cf1" { value 1; } enum "cf2" { value 2; } } default "cf1"; description "Compact flash card to be used as primary local storage location to save the call trace log files"; } list location { key "location-type"; description "Enter the location list instance"; leaf location-type { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type enumeration { enum "cf1" { value 1; } enum "cf2" { value 2; } } } description "ID of the compact flash card to be used"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of compact flash for log storage"; } leaf size-limit { type union { type uint32 { range "1..65536"; } type enumeration { enum "unlimited" { value 0; } } } default "1000"; description "Maximum cumulative size of all local call trace log files stored on the given compact flash card"; } } // list location list trace-profile { key "name"; description "Enter the trace-profile list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Unique name for the call trace profile"; } leaf description { type types-sros:description; description "Text description"; } leaf size-limit { type uint32 { range "1..1000"; } units "megabytes"; default "10"; description "Maximum data volume generated by a single call trace job to the output"; } leaf time-limit { type types-sros:time-duration { range "1..604800"; } default "86400"; description "Maximum time for a single call trace job"; } leaf events { type enumeration { enum "public-only" { value 2; } enum "all" { value 3; } } description "Events to include in the captured trace"; } container applications { description "Enter the applications context"; leaf connectivity-management { type boolean; default "true"; description "Allow tracing for connectivity protocols"; } leaf radius-auth { type boolean; default "true"; description "Allow tracing for messages and events related to RADIUS authentication"; } leaf radius-acct { type boolean; default "true"; description "Allow tracing for messages and events related to RADIUS-based accounting"; } leaf python { type boolean; default "true"; description "Allow tracing for Python script execution"; } leaf ludb { type boolean; default "true"; description "Allow tracing for local user database lookups"; } leaf msap { type boolean; default "true"; description "Allow tracing for MSAP creation events"; } } // container applications container output { description "Enter the output context"; choice destination { default "local-storage"; case local-storage { leaf local-storage { type empty; description "Default destination for output"; } } case debug { leaf debug { type empty; description "Trace log generated by a call trace job to be decoded as test and sent to debug logging"; } } case live { container live { presence "Live output"; description "Enter the live context"; leaf port { type types-nat:port-number; default "29770"; description "TCP IP port"; } leaf router-instance { type string; default "Base"; description "Router instance or VPRN service name"; } choice live { case ip-address { leaf ip-address { type types-sros:ip-address; description "IP address of the live output destination"; } } case fqdn { leaf fqdn { type string { length "1..255"; } description "Fully qualified domain name of the live output destination"; } } } } // container live } } } // container output } // list trace-profile } // container call-trace list card { key "slot-number"; description "Enter the card list instance"; leaf slot-number { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-card:iom-card-slot; } description "IOM slot within a chassis"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the I/O module"; } leaf card-type { type types-card:sros-iom-type; sros-ext:immutable; description "Card type"; } leaf fail-on-error { type boolean; default "false"; description "Set the Operational State of the card to Failed when an error is detected"; } leaf reset-on-recoverable-error { type boolean; default "false"; description "Reset card for fatal memory parity error on a Q-chip of the card, regardless of fail-on-error setting"; } leaf level { type types-card:sros-iom-level; sros-ext:immutable; description "Functional level of I/O module for slot"; } leaf power-save { type boolean; default "false"; description "Keeps the card in a low-power, unloaded state when set."; } leaf filter-profile { type types-card:filter-profile; default "none"; description "The filter allocation profile for the card."; } list upgrade { key "upgrade-index"; description "Enter the upgrade list instance"; leaf upgrade-index { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..6"; } } description "The unique value which identifies the functional upgrade number on this card on the system."; } leaf path { type types-card:sros-iom-level-upgrade-path; sros-ext:immutable; description "Provisions the functional level upgrade path of the I/O module for this slot."; } } // list upgrade container virtual-scheduler-adjustment { description "Enter the virtual-scheduler-adjustment context"; leaf internal-scheduler-weight-mode { type types-qos:internal-scheduler-weight-mode; default "auto"; description "Internal scheduler weight mode"; } leaf slow-queue-threshold-rate { type uint32 { range "0..1000000"; } units "kilobps"; default "1000"; description "Rate of the slow queue threshold"; } container interval { description "Enter the interval context"; leaf scheduler-run-minimum { type decimal64 { range "0.01..1000.00"; fraction-digits 2; } units "percent"; default "100.00"; description "Minimum time of the scheduler run"; } leaf task-scheduling { type decimal64 { range "0.01..1000.00"; fraction-digits 2; } units "percent"; default "100.00"; description "Task scheduling interval"; } container rate-calculation-minimum { description "Enter the rate-calculation-minimum context"; leaf fast-queue { type decimal64 { range "0.01..1000.00"; fraction-digits 2; } units "percent"; default "100.00"; description "Default minimum rate calculation time for fast queues"; } leaf slow-queue { type decimal64 { range "0.01..1000.00"; fraction-digits 2; } units "percent"; default "100.00"; description "Default minimum rate calculation time for slow queues"; } } // container rate-calculation-minimum } // container interval } // container virtual-scheduler-adjustment list mda { key "mda-slot"; description "Enter the mda list instance"; leaf mda-slot { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..6"; } } description "MDA slot"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of MDA"; } leaf fail-on-error { type boolean; default "false"; description "Set the Operational State of the MDA to Failed when threshold of egress XPL errors is reached"; } leaf mda-type { type types-card:sros-mda-type; sros-ext:immutable; description "MDA configuration for slot"; } leaf power-priority-level { type uint32 { range "1..200"; } default "150"; description "Power priority value, lower value has higher priority"; } leaf reset-on-recoverable-error { type boolean; default "false"; description "Reset MDA for fatal memory parity error on a Q-chip of the MDA, regardless of fail-on-error setting"; } leaf sync-e { type enumeration { enum "true" { value 1; } enum "false" { value 2; } } description "Synchronous Ethernet"; } leaf level { type types-card:sros-mda-level; sros-ext:immutable; description "Functional level of MDA for slot"; } container clock-mode { description "Enter the clock-mode context"; leaf mode { type enumeration { enum "adaptive" { value 1; } enum "differential" { value 2; } } description "Clock mode"; } leaf timestamp-freq { type uint32 { range "19440|77760|103680"; } description "Differential timestamp frequency"; } } // container clock-mode container egress-xpl { description "Enter the egress-xpl context"; leaf threshold { type uint32 { range "1..1000000"; } units "xpl errors"; default "1000"; description "Threshold value for egress XPL errors"; } leaf window { type uint32 { range "1..1440"; } units "minutes"; default "60"; description "Time interval to measure frequency of egress XPL errors against threshold value"; } } // container egress-xpl container ingress-xpl { description "Enter the ingress-xpl context"; leaf threshold { type uint32 { range "1..1000000"; } units "xpl errors"; default "1000"; description "Threshold value for ingress XPL errors"; } leaf window { type uint32 { range "1..1440"; } units "minutes"; default "60"; description "Time interval to measure frequency of ingress XPL errors against threshold value"; } } // container ingress-xpl list upgrade { key "upgrade-index"; description "Enter the upgrade list instance"; leaf upgrade-index { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..6"; } } description "The unique value which identifies the functional upgrade number on this MDA on the system."; } leaf path { type types-card:sros-mda-level-upgrade-path; sros-ext:immutable; description "Provisions the functional level upgrade path of the MDA for this slot."; } } // list upgrade container access { description "Enter the access context"; container egress { description "Enter the egress context"; list pool { key "name"; description "Enter the pool list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Unique pool name for MDA"; } leaf amber-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Configure amber alarm threshold allowed on over-subscription."; } leaf red-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Configure red alarm threshold allowed on over-subscription."; } leaf slope-policy { type types-sros:named-item; description "Configure the slope policy."; } container resv-cbs { description "Enter the resv-cbs context"; leaf cbs { type int32 { range "0..100"; } units "percent"; description "Configure the percentage of pool size reserved for CBS. For network, the default value is computed as the sum of the CBS request by the entities using the pool. For access, the default value is 30%."; } container amber-alarm-action { description "Enter the amber-alarm-action context"; leaf step { type uint32 { range "1..100"; } units "percent"; description "Configure the step-size percentage for the reserved CBS size of the pool. When set to a value of zero (0), the adaptive CBS sizing is disabled. To enable adaptive CBS sizing, both this leaf and amber-alarm-action/max must be set to non-default values. Adaptive CBS sizing can only be enabled when resv-cbs is non-default."; } leaf max { type uint32 { range "1..100"; } units "percent"; description "Configure the maximum percentage for the reserved CBS size of the pool. When set to a value of zero (0), the adaptive CBS sizing is disabled. To enable adaptive CBS sizing, both this leaf and amber-alarm-action/step must be set to non-default values. Adaptive CBS sizing can only be enabled when resv-cbs is non-default. This value must not be more than resv-cbs."; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container egress container ingress { description "Enter the ingress context"; list pool { key "name"; description "Enter the pool list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Unique pool name for MDA"; } leaf amber-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Amber alarm threshold allowed on over-subscription"; } leaf red-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Red alarm threshold allowed on over-subscription"; } leaf slope-policy { type types-sros:named-item; description "Slope policy name"; } container resv-cbs { description "Enter the resv-cbs context"; leaf cbs { type int32 { range "0..100"; } units "percent"; description "Percentage of pool size reserved for CBS"; } container amber-alarm-action { description "Enter the amber-alarm-action context"; leaf step { type uint32 { range "1..100"; } units "percent"; description "Step-size percentage for reserved CBS size of the pool"; } leaf max { type uint32 { range "1..100"; } units "percent"; description "Maximum percentage for reserved CBS size of the pool"; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container ingress } // container access container egress { description "Enter the egress context"; leaf hsmda-pool-policy { type types-sros:named-item; description "Egress HSMDA pool policy"; } container hsmda-aggregate-queue-burst { description "Enter the hsmda-aggregate-queue-burst context"; leaf high-burst-increase { type int32 { range "0..65536"; } units "bytes"; description "High burst increase"; } leaf low-burst-multiplier { type int32 { range "1..65536"; } description "Low burst multiplier"; } } // container hsmda-aggregate-queue-burst } // container egress list event { key "type"; description "Enter the event list instance"; leaf type { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-chassis:hw-event-type; } description "The unique value which identifies the event type to be monitored on this MDA in the system."; } leaf action { type types-chassis:hw-event-action; description "Provisions action to be taken on the MDA when the event is detected."; } } // list event container network { description "Enter the network context"; container egress { description "Enter the egress context"; list pool { key "name"; description "Enter the pool list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Unique pool name for MDA"; } leaf amber-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Configure amber alarm threshold allowed on over-subscription."; } leaf red-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Configure red alarm threshold allowed on over-subscription."; } leaf slope-policy { type types-sros:named-item; description "Configure the slope policy."; } container resv-cbs { description "Enter the resv-cbs context"; leaf cbs { type int32 { range "0..100"; } units "percent"; description "Configure the percentage of pool size reserved for CBS. For network, the default value is computed as the sum of the CBS request by the entities using the pool. For access, the default value is 30%."; } container amber-alarm-action { description "Enter the amber-alarm-action context"; leaf step { type uint32 { range "1..100"; } units "percent"; description "Configure the step-size percentage for the reserved CBS size of the pool. When set to a value of zero (0), the adaptive CBS sizing is disabled. To enable adaptive CBS sizing, both this leaf and amber-alarm-action/max must be set to non-default values. Adaptive CBS sizing can only be enabled when resv-cbs is non-default."; } leaf max { type uint32 { range "1..100"; } units "percent"; description "Configure the maximum percentage for the reserved CBS size of the pool. When set to a value of zero (0), the adaptive CBS sizing is disabled. To enable adaptive CBS sizing, both this leaf and amber-alarm-action/step must be set to non-default values. Adaptive CBS sizing can only be enabled when resv-cbs is non-default. This value must not be more than resv-cbs."; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container egress container ingress { description "Enter the ingress context"; leaf queue-policy { status obsolete; type types-sros:named-item; description "Network-queue policy"; } list pool { status obsolete; key "name"; description "Enter the pool list instance"; leaf name { status obsolete; type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Unique pool name for MDA"; } leaf amber-alarm-threshold { status obsolete; type uint32 { range "1..1000"; } units "percent"; description "Amber alarm threshold allowed on over-subscription"; } leaf red-alarm-threshold { status obsolete; type uint32 { range "1..1000"; } units "percent"; description "Red alarm threshold allowed on over-subscription"; } leaf slope-policy { status obsolete; type types-sros:named-item; description "Slope policy name"; } container resv-cbs { status obsolete; description "Enter the resv-cbs context"; leaf cbs { status obsolete; type int32 { range "0..100"; } units "percent"; description "Percentage of pool size reserved for CBS"; } container amber-alarm-action { status obsolete; description "Enter the amber-alarm-action context"; leaf step { status obsolete; type uint32 { range "1..100"; } units "percent"; description "Step-size percentage for reserved CBS size of the pool"; } leaf max { status obsolete; type uint32 { range "1..100"; } units "percent"; description "Maximum percentage for reserved CBS size of the pool"; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container ingress } // container network } // list mda list xiom { key "xiom-slot"; description "Enter the xiom list instance"; leaf xiom-slot { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type string { length "2"; pattern "x[1-2]" { error-message "Invalid xiom-slot."; } } } description "The unique value which identifies this XIOM slot within a specific IOM card in the system."; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the XIOM"; } leaf fail-on-error { type boolean; default "false"; description "Configure the behavior of the XIOM state when an error is detected."; } leaf level { type types-card:sros-xiom-level; sros-ext:immutable; description "Provisions the functional level of the XIOM in this slot."; } leaf reset-on-recoverable-error { type boolean; default "false"; description "Configure the behavior of the XIOM state when a fatal memory parity error is detected on a Q-chip of the XIOM."; } leaf xiom-type { type types-card:sros-xiom-type; sros-ext:immutable; description "Provisions/de-provisions an XIOM to/from the device configuration for the slot."; } list mda { key "mda-slot"; description "Enter the mda list instance"; leaf mda-slot { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..2"; } } description "The unique value which identifies this MDA slot within a specific XIOM card in the system."; } leaf mda-type { type types-card:sros-xiom-mda-type; sros-ext:immutable; description "Provisions/de-provisions an MDA to/from the device configuration for the XIOM slot."; } leaf power-priority-level { type uint32 { range "1..200"; } default "150"; description "Configure the power priority level of the XIOM MDA."; } leaf sync-e { type enumeration { enum "true" { value 1; } enum "false" { value 2; } } description "Enable/Disable Synchronous Ethernet."; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of MDA"; } } // list mda list upgrade { key "upgrade-index"; description "Enter the upgrade list instance"; leaf upgrade-index { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..6"; } } description "The unique value which identifies the functional upgrade number on this XIOM on the system."; } leaf path { type types-card:sros-xiom-level-upgrade-path; sros-ext:immutable; description "Provisions the functional level upgrade path of the XIOM for this slot."; } } // list upgrade } // list xiom list fp { key "fp-number"; description "Enter the fp list instance"; leaf fp-number { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..8"; } } description "Forwarding plane within a specific IOM card"; } leaf ingress-buffer-allocation { type decimal64 { range "20.00..80.00"; fraction-digits 2; } units "percent"; default "50.00"; description "Ingress buffer pool percentage for forwarding plane"; } leaf init-extract-prio-mode { type enumeration { enum "uniform" { value 1; } enum "l3-classify" { value 2; } } default "uniform"; description "Scheme to select initial drop priority of extracted control plane traffic"; } leaf policy-accounting { type uint32 { range "1000..128000"; } description "Number of stats resources for policy accounting for the forwarding plane"; } leaf stable-pool-sizing { type boolean; default "false"; description "Use a stable buffer pool allocation environment for all default port buffer pools on an FP"; } leaf fp-resource-policy { type types-qos:qos-policy-name; sros-ext:card-auto-reset-on-modify; description "Configure the qos fp resource policy."; } container dist-cpu-protection { description "Enter the dist-cpu-protection context"; leaf dynamic-enforcement-policer-pool { type uint32 { range "1000..32000"; } description "Number of policers reserved for use as dynamic enforcement policers on forwarding plane"; } } // container dist-cpu-protection container egress { description "Enter the egress context"; leaf hs-fixed-high-thresh-delta { type int32 { range "0..65536"; } description "High threshold delta on forwarding plane"; } leaf hs-pool-policy { type types-sros:named-item; description "HS pool policy"; } container wred-queue-control { description "Enter the wred-queue-control context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of WRED queue control"; } leaf buffer-allocation { type decimal64 { range "0.01..99.99"; fraction-digits 2; } units "percent"; default "25.00"; description "Configure the WRED queue aggregate buffer allocation which will be set aside for WRED queue buffer pools"; } leaf reserved-cbs { type decimal64 { range "0.01..99.99"; fraction-digits 2; } units "percent"; default "25.00"; description "Configure the buffers within the WRED pool that will be set aside for WRED queues operating within their configured CBS thresholds."; } leaf slope-policy { type types-sros:named-item; description "Egress WRED queue control slope policy for forwarding plane"; } } // container wred-queue-control } // container egress container hi-bw-mcast-src { presence "Enable/disable high bandwidth multicast source functionality."; description "Enter the hi-bw-mcast-src context"; leaf alarm { type boolean; default "false"; description "Raise an alarm when more than one high bandwidth multicast traffic taps share a plane"; } leaf group { type uint32 { range "0..32"; } default "0"; description "Logical MSFP group of the MDA"; } leaf default-paths-only { type boolean; default "false"; description "Allocate only the two default paths (one high priority and one low priority) to dedicated MSFPs"; } } // container hi-bw-mcast-src container ingress { description "Enter the ingress context"; container access { description "Enter the access context"; list queue-group { key "queue-group-name instance-id"; description "Enter the queue-group list instance"; leaf queue-group-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Queue group name"; } leaf instance-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint16 { range "1..65535"; } } description "Instance ID"; } leaf accounting-policy { type types-log:log-policy-id; description "Accounting policy for the FP ingress queue group"; } leaf collect-stats { type boolean; default "false"; description "Collect statistics on FP ingress queue group"; } leaf description { type types-sros:description; description "Text description"; } container policer-control-policy { description "Enter the policer-control-policy context"; leaf policy-name { type types-sros:named-item; description "Policer control policy"; } container overrides { presence "Enable policer control policy overrides."; description "Enter the overrides context"; leaf max-rate { type types-qos:queue-pir-rate-override; units "kilobps"; description "Maximum rate override"; } container priority-mbs-thresholds { description "Enter the priority-mbs-thresholds context"; leaf min-threshold-separation { type types-qos:policer-burst-size-override; units "bytes"; description "Minimum threshold separation override"; } list priority { key "level"; description "Enter the priority list instance"; leaf level { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-qos:hierarchy-level; } description "Priority level"; } leaf mbs-contribution { type types-qos:policer-burst-size-override; units "bytes"; description "MBS contribution size override"; } } // list priority } // container priority-mbs-thresholds } // container overrides } // container policer-control-policy container policer-overrides { description "Enter the policer-overrides context"; list policer { key "policer-id"; description "Enter the policer list instance"; leaf policer-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-qos:ingress-policer-id { range "1..32"; } } description "Policer identifier"; } leaf cbs { type types-qos:policer-burst-size-override; units "bytes"; description "CBS parameter override"; } leaf mbs { type types-qos:policer-burst-size-override; units "bytes"; description "MBS parameter override"; } leaf packet-byte-offset { type types-qos:ingress-per-packet-offset-override; description "Size of each packet handled by the policer"; } leaf stat-mode { type types-qos:ingress-policer-stat-mode; description "Stat mode for the policer"; } container rate { description "Enter the rate context"; leaf cir { type types-qos:queue-cir-rate-override; description "CIR rate"; } leaf pir { type types-qos:queue-pir-rate-override; description "PIR rate"; } } // container rate } // list policer } // container policer-overrides } // list queue-group } // container access container mcast-path-management { description "Enter the mcast-path-management context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of ingress MCAST path management"; } leaf bandwidth-policy { type types-sros:named-item; description "Bandwidth policy associated with the MDA or forwarding plane for ingress multicast path management"; } } // container mcast-path-management container network { description "Enter the network context"; leaf queue-policy { type types-sros:named-item; description "Network policy queue policy"; } list queue-group { key "queue-group-name instance-id"; description "Enter the queue-group list instance"; leaf queue-group-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Queue group name"; } leaf instance-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint16 { range "1..65535"; } } description "Instance ID"; } leaf accounting-policy { type types-log:log-policy-id; description "Accounting policy for the FP ingress queue group"; } leaf collect-stats { type boolean; default "false"; description "Collect statistics on FP ingress queue group"; } leaf description { type types-sros:description; description "Text description"; } container policer-control-policy { description "Enter the policer-control-policy context"; leaf policy-name { type types-sros:named-item; description "Policer control policy"; } container overrides { presence "Enable policer control policy overrides."; description "Enter the overrides context"; leaf max-rate { type types-qos:queue-pir-rate-override; units "kilobps"; description "Maximum rate override"; } container priority-mbs-thresholds { description "Enter the priority-mbs-thresholds context"; leaf min-threshold-separation { type types-qos:policer-burst-size-override; units "bytes"; description "Minimum threshold separation override"; } list priority { key "level"; description "Enter the priority list instance"; leaf level { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-qos:hierarchy-level; } description "Priority level"; } leaf mbs-contribution { type types-qos:policer-burst-size-override; units "bytes"; description "MBS contribution size override"; } } // list priority } // container priority-mbs-thresholds } // container overrides } // container policer-control-policy container policer-overrides { description "Enter the policer-overrides context"; list policer { key "policer-id"; description "Enter the policer list instance"; leaf policer-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-qos:ingress-policer-id { range "1..32"; } } description "Policer identifier"; } leaf cbs { type types-qos:policer-burst-size-override; units "bytes"; description "CBS parameter override"; } leaf mbs { type types-qos:policer-burst-size-override; units "bytes"; description "MBS parameter override"; } leaf packet-byte-offset { type types-qos:ingress-per-packet-offset-override; description "Size of each packet handled by the policer"; } leaf stat-mode { type types-qos:ingress-policer-stat-mode; description "Stat mode for the policer"; } container rate { description "Enter the rate context"; leaf cir { type types-qos:queue-cir-rate-override; description "CIR rate"; } leaf pir { type types-qos:queue-pir-rate-override; description "PIR rate"; } } // container rate } // list policer } // container policer-overrides } // list queue-group list pool { key "name"; description "Enter the pool list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Unique pool name for the FP"; } leaf amber-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Amber alarm threshold allowed on over-subscription"; } leaf red-alarm-threshold { type uint32 { range "1..1000"; } units "percent"; description "Red alarm threshold allowed on over-subscription"; } leaf slope-policy { type types-sros:named-item; description "Slope policy name"; } container resv-cbs { description "Enter the resv-cbs context"; leaf cbs { type int32 { range "0..100"; } units "percent"; description "Percentage of pool size reserved for CBS"; } container amber-alarm-action { description "Enter the amber-alarm-action context"; leaf step { type uint32 { range "1..100"; } units "percent"; description "Step-size percentage for reserved CBS size of the pool"; } leaf max { type uint32 { range "1..100"; } units "percent"; description "Maximum percentage for reserved CBS size of the pool"; } } // container amber-alarm-action } // container resv-cbs } // list pool } // container network } // container ingress } // list fp } // list card container cflowd { presence "cflowd"; description "Enter the cflowd context"; leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of Cflowd sampling"; } leaf analyze-gre-payload { type boolean; default "false"; description "Perform Cflowd analysis on the inner IP packet within a GRE packet"; } leaf analyze-l2tp-traffic { type boolean; default "false"; description "Perform Cflowd analysis on the inner header within an L2TP packet."; } leaf analyze-v4overv6-traffic { type boolean; default "false"; description "Perform Cflowd analysis on the inner IPv4 packet within an IPv6 packet."; } leaf cache-size { type uint32 { range "1000..1500000"; } units "flows"; description "Maximum number of active flows in the flow cache table"; } leaf enhanced-distribution { type boolean; default "false"; description "Include ingress port ID in the hashing algorithm used to distribute Cflowd sample traffic"; } leaf export-mode { type enumeration { enum "automatic" { value 1; } enum "manual" { value 2; } } default "automatic"; description "Export mode for flow data"; } leaf inband-collector-export-only { type boolean; default "false"; description "Export the traffic to all collectors only via in-band interfaces"; } leaf overflow { type uint32 { range "1..50"; } units "percent"; default "1"; description "Percentage of entries to remove from Cflowd cache when the maximum number of entries is exceeded"; } leaf template-retransmit { type uint32 { range "10..600"; } units "seconds"; default "600"; description "Time to resend template information"; } leaf use-vrtr-if-index { type boolean; default "false"; description "Export flow data using virtual router interface indexes"; } leaf active-flow-timeout { type uint32 { range "60..36000"; } units "seconds"; default "1800"; description "Specifies the maximum amount of time, in seconds, before an active flow will be exported. If an individual flow is active for this amount of time, the flow is exported and a new flow is created."; } leaf inactive-flow-timeout { type uint32 { range "10..600"; } units "seconds"; default "15"; description "Specifies the amount of time, in seconds, that must elapse without a packet matching a flow before the flow is considered inactive."; } leaf active-timeout { status obsolete; type uint32 { range "1..600"; } units "minutes"; default "30"; description "Maximum time before an active flow is exported"; } leaf inactive-timeout { status obsolete; type uint32 { range "10..600"; } units "seconds"; default "15"; description "Time before the flow is considered inactive"; } leaf rate { status obsolete; type uint32 { range "1..10000"; } units "packets"; default "1000"; description "Rate at which traffic is sampled and sent for Cflowd analysis"; } list sample-profile { key "profile-id"; max-elements 5; description "Enter the sample-profile list instance"; leaf profile-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..5"; } } description "The unique specifier of this sample-profile"; } leaf sample-rate { type uint32 { range "1..10000"; } default "1000"; description "The cflowd sampling rate for this profile"; } } // list sample-profile list collector { key "ip-address port"; max-elements 8; description "Enter the collector list instance"; leaf ip-address { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:ip-unicast-address; } description "IP address of a remote Cflowd collector host to receive the exported Cflowd data"; } leaf port { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-qos:tcp-udp-match-port { range "1..65535"; } } description "UDP port number on the remote Cflowd collector host to receive the exported Cflowd data"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this Cflowd collector"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 1; } enum "peer" { value 2; } } default "origin"; description "Basis of the AS information included in flow data"; } leaf description { type types-sros:description; description "Text description"; } leaf router-instance { type string; default "management"; description "Router context for the flow data for this Cflowd collector"; } leaf template-set { type enumeration { enum "not-applicable" { value 0; } enum "basic" { value 1; } enum "mpls-ip" { value 2; } enum "l2-ip" { value 3; } enum "mpls-transport" { value 4; } } description "Template set for this Cflowd collector"; } leaf version { type types-cflowd:collector-version; sros-ext:immutable; description "Flow data collector version"; } container aggregation { description "Enter the aggregation context"; leaf as-matrix { type boolean; default "false"; description "Base aggregation data on autonomous system (AS) information"; } leaf protocol-port { type boolean; default "false"; description "Aggregate flows based on the IP protocol, source port number, and destination port number"; } leaf source-prefix { type boolean; default "false"; description "Aggregate flows based on the source prefix information"; } leaf destination-prefix { type boolean; default "false"; description "Aggregate data based on the destination prefix information"; } leaf source-destination-prefix { type boolean; default "false"; description "Aggregate data based on the source and destination prefix information"; } leaf raw { type boolean; default "false"; description "Export flow data without aggregation"; } } // container aggregation container export-filter { description "Enter the export-filter context"; container family { description "Enter the family context"; leaf ipv4 { type boolean; default "false"; description "Filter IPv4 flow data from being sent to the associated collector"; } leaf ipv6 { type boolean; default "false"; description "Filter IPv6 flow data from being sent to the associated collector"; } leaf mcast-ipv4 { type boolean; default "false"; description "Filter multicast IPv4 flow data from being sent to the associated collector"; } leaf mcast-ipv6 { type boolean; default "false"; description "Filter multicast IPv6 flow data from being sent to the associated collector"; } leaf l2-ip { type boolean; default "false"; description "Filter Layer 2 IP flow data from being sent to the associated collector"; } leaf mpls { type boolean; default "false"; description "Filter MPLS flow data from being sent to the associated collector"; } } // container family list router { key "router-instance"; description "Add a list entry for router"; leaf router-instance { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-services:service-name; } description "Router instance ID"; } } // list router container interface-list { description "Enter the interface-list context"; list router { key "router-name interface-name"; description "Add a list entry for router"; leaf router-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item-64 { pattern ".{1,32}" { error-message "vRtrName needs to be extended to 64 to support this name"; } } } description "Name of router associated with the interface"; } leaf interface-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:interface-name; } description "Interface name"; } } // list router container service { description "Enter the service context"; list ies-interface { key "service-name interface-name"; description "Add a list entry for ies-interface"; leaf service-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-services:service-name; } description "IES service name"; } leaf interface-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:interface-name; } description "ies interface name"; } } // list ies-interface list ies-group-interface { key "service-name subscriber-interface-name group-interface-name"; description "Add a list entry for ies-group-interface"; leaf service-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-services:service-name; } description "IES service name"; } leaf subscriber-interface-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:interface-name; } description "IES subscriber-interface name"; } leaf group-interface-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:interface-name; } description "IES group-interface name"; } } // list ies-group-interface list vprn-interface { key "service-name interface-name"; description "Add a list entry for vprn-interface"; leaf service-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-services:service-name; } description "VPRN service name"; } leaf interface-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:interface-name; } description "vprn interface name"; } } // list vprn-interface list vprn-network-interface { key "service-name network-interface-name"; description "Add a list entry for vprn-network-interface"; leaf service-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-services:service-name; } description "VPRN service name"; } leaf network-interface-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:interface-name; } description "VPRN network-interface name"; } } // list vprn-network-interface list vprn-group-interface { key "service-name subscriber-interface-name group-interface-name"; description "Add a list entry for vprn-group-interface"; leaf service-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-services:service-name; } description "VPRN service name"; } leaf subscriber-interface-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:interface-name; } description "VPRN subscriber-interface name"; } leaf group-interface-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:interface-name; } description "vprn group-interface name"; } } // list vprn-group-interface } // container service } // container interface-list } // container export-filter } // list collector } // container cflowd list chassis { key "chassis-class chassis-number"; description "Enter the chassis list instance"; leaf chassis-class { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-chassis:chassis-class; } description "Functional use of the physical chassis"; } leaf chassis-number { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..100"; } } description "Unique index to identify this physical chassis"; } leaf monitor-filter-door { type boolean; default "false"; description "The value of monitor-filter-door specifies whether or not a filter door open or missing condition will be monitored by the system."; } list power-supply { key "power-supply-id"; description "Enter the power-supply list instance"; leaf power-supply-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..31"; } } description "Unique identifier index for a power supply tray in the chassis"; } leaf power-supply-type { type enumeration { enum "none" { value 0; } enum "dc-single" { value 1; } enum "ac-single" { value 2; } enum "ac-multiple" { value 3; } enum "auto" { value 4; } enum "dc-multiple" { value 5; } } default "auto"; description "Power supply type"; } } // list power-supply list peq { key "peq-slot"; description "Enter the peq list instance"; leaf peq-slot { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..31"; } } description "Unique identifier index for a power supply tray in the chassis"; } leaf input-power-mode { type uint32 { range "60|80"; } units "amperes"; description "Input power mode of the PEQ"; } leaf peq-type { type types-system:peq-type; sros-ext:immutable; description "APEQ type"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of PEQ"; } } // list peq list power-connection-module { key "pcm-slot"; description "Enter the power-connection-module list instance"; leaf pcm-slot { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..12"; } } description "Unique identifier index for a power control module in the chassis"; } leaf pcm-type { type types-chassis:pcm-type; sros-ext:immutable; description "PCM type"; } } // list power-connection-module list power-module { key "power-module-id"; description "Enter the power-module list instance"; leaf power-module-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..12"; } } description "Unique identifier index for a power shelf in chassis"; } leaf power-module-type { type types-chassis:power-module-type; sros-ext:immutable; description "Power module type"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the power module"; } } // list power-module list power-shelf { key "power-shelf-id"; description "Enter the power-shelf list instance"; leaf power-shelf-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..2"; } } description "Unique identifier index for a power shelf in chassis"; } leaf power-shelf-type { type types-chassis:power-shelf-type; sros-ext:immutable; description "Power shelf type"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the power shelf"; } leaf description { type types-sros:description; description "Text description"; } list power-module { key "power-module-id"; description "Enter the power-module list instance"; leaf power-module-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..12"; } } description "Unique identifier index for a power shelf in chassis"; } leaf power-module-type { type types-chassis:power-module-type; sros-ext:immutable; description "Power module type"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of the power module"; } } // list power-module } // list power-shelf } // list chassis container connection-profile { description "Enter the connection-profile context"; list vlan { key "connection-profile-id"; description "Enter the vlan list instance"; leaf connection-profile-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..8000"; } } description "Identifier of this connection profile"; } leaf description { type types-sros:description; description "Text description"; } list qtag-range { key "start"; max-elements 32; description "Enter the qtag-range list instance"; leaf start { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type int32 { range "1..4094"; } } description "Specifies the start vlan range of this connection profile."; } leaf end { type int32 { range "1..4094"; } sros-ext:immutable; description "Specifies the end vlan range of this connection profile."; } } // list qtag-range } // list vlan } // container connection-profile container eth-cfm { description "Enter the eth-cfm context"; list domain { key "md-admin-name"; description "Enter the domain list instance"; leaf md-admin-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-eth-cfm:admin-name; } description "Unique domain name"; } leaf level { type types-eth-cfm:mp-level; sros-ext:immutable; description "Maintenance Domain Level (MD Level)"; } leaf md-index { type uint32 { range "1..max"; } sros-ext:immutable; description "The index of the Maintenance Domain (MD)"; } choice md-name { case dns { leaf dns { type string { length "1..43"; } sros-ext:immutable; description "Domain name like text string derived from a DNS name"; } } case mac { leaf mac { type string { length "13..23"; pattern "[0-9a-fA-F]{1,2}(:[0-9a-fA-F]{1,2}){5}-[0-9]{1,5}"; } sros-ext:immutable; description "Maintenance domain MAC name"; } } case name { leaf name { type string { length "1..43"; } sros-ext:immutable; description "Maintenance domain name as an ASCII string"; } } case format { leaf format { type enumeration { enum "none" { value 0; } } sros-ext:immutable; description "Maintenance domain name not to be provided"; } } } list association { key "ma-admin-name"; description "Enter the association list instance"; leaf ma-admin-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-eth-cfm:admin-name; } description "Unique domain association name"; } leaf ma-index { type uint32 { range "1..max"; } sros-ext:immutable; description "The index to the Maintenance Association (MA) table."; } leaf ccm-interval { type types-eth-cfm:ccm-interval-type; description "CCM transmission interval for all MEPs in the association"; } leaf auto-mep-discovery { type boolean; default "false"; description "Enable the ability to auto-discover remote MEPs in the network"; } leaf facility-id-permission { type types-eth-cfm:facility-id-permission-type; default "none"; description "Sender ID TLV information for facility base MEPs"; } choice ma-name { description "The Maintenance Domain Association name It is the part of the Maintenance Association Identifier which is unique within the Maintenance Domain Name and is appended to the Maintenance Domain Name to form the Maintenance Association Identifier (MAID)."; case icc-based { leaf icc-based { type string { length "8..13"; } sros-ext:immutable; description "Format type applicable to Y.1731 context of the maintenance association"; } } case integer { leaf integer { type uint32 { range "0..65535"; } sros-ext:immutable; description "Format type of the maintenance association"; } } case string { leaf string { type string { length "1..45"; } sros-ext:immutable; description "Format type for the string of the maintenance association"; } } case vid { leaf vid { type uint32 { range "0..4094"; } sros-ext:immutable; description "Primary VLAN ID"; } } case vpn-id { leaf vpn-id { type string { length "0..15"; pattern "[0-9A-F]{6}(:[0-9A-F]{8})"; } sros-ext:immutable; description "Primary VPN ID"; } } } container ccm-hold-time { description "Enter the ccm-hold-time context"; leaf down { type uint32 { range "1..1000"; } units "centiseconds"; description "Additional time before a MEP declares a fault, in CCM timeout conditions"; } } // container ccm-hold-time list bridge-identifier { key "bridge-name"; max-elements 1; description "Enter the bridge-identifier list instance"; leaf bridge-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-services:service-name; } description "Bridge name for this association"; } leaf vlan { type int32 { range "1..4094"; } description "VLAN ID for the default domain index"; } leaf mhf-creation { type types-eth-cfm:tmnx-mhf-creation-type; default "none"; description "MIP method of creation"; } leaf id-permission { type types-eth-cfm:facility-id-permission-type; default "none"; description "Sender ID TLV information to include for installed MEPs and MIPs"; } leaf mip-ltr-priority { type types-eth-cfm:frame-priority; default "7"; description "Priority of the Linktrace Response Message (ETH-LTR) from a MIP"; } } // list bridge-identifier list remote-mep { key "mep-id"; description "Enter the remote-mep list instance"; leaf mep-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-eth-cfm:mep-id-type; } description "Remote MEP ID"; } leaf remote-mac { type types-sros:mac-unicast-address-no-zero; description "Remote MAC Address for transmitting CFM packets to remote MEPs"; } } // list remote-mep } // list association } // list domain } // container eth-cfm container filter { description "Enter the filter context"; list redirect-policy { key "redirect-policy-name"; description "Enter the redirect-policy list instance"; leaf redirect-policy-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Redirect policy name"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the policy"; } leaf description { type types-sros:description; description "Text description"; } leaf router-instance { type string; description "Routing context to use for route lookup"; } leaf sticky-dest { type types-filter:filter-sticky-dest; units "seconds"; description "Time required by system before applying the current best destination as active destination"; } leaf notify-dest-change { type boolean; default "false"; description "The value of the object indicates whether to send tFilterRPActiveDestChangeEvent notification for this redirect policy active destination changes."; } list destination { key "destination-address"; description "Enter the destination list instance"; leaf destination-address { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:ip-unicast-address; } description "IP address and type of destination"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the destination"; } leaf description { type types-sros:description; description "Text description"; } leaf priority { type uint32 { range "1..255"; } default "100"; description "Priority for this destination"; } container ping-test { presence "Ping-test configuration."; description "Enter the ping-test context"; leaf source-address { type types-sros:ip-address; description "Source address to use in the IP packet of the ping test"; } leaf interval { type uint32 { range "1..60"; } units "seconds"; default "1"; description "Time between consecutive requests which are sent to the far end host"; } leaf timeout { type uint32 { range "1..60"; } units "seconds"; default "1"; description "Time required to receive a response from the far end host"; } leaf drop-count { type uint32 { range "1..60"; } default "3"; description "Number of consecutive requests that fail before destination is declared unreachable"; } leaf hold-down { type uint32 { range "0..86400"; } units "seconds"; default "0"; description "Time for the system to be held down if this test has marked it unreachable"; } } // container ping-test container unicast-rt-test { presence "Unicast-rt-test configuration."; description "Add a list entry for unicast-rt-test"; } // container unicast-rt-test } // list destination } // list redirect-policy list redirect-policy-binding { key "binding-name"; max-elements 16; description "Enter the redirect-policy-binding list instance"; leaf binding-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Binding name"; } leaf binding-operator { type types-filter:filter-binding-operator; default "and"; description "The value of the this object indicates the logical operator to use when combining result of different destinations' tests."; } list redirect-policy { key "redirect-policy-name"; description "Enter the redirect-policy list instance"; leaf redirect-policy-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "The redirect-policy identifier."; } list destination { key "destination-address"; min-elements 1; description "Add a list entry for destination"; leaf destination-address { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:ip-unicast-address; } description "IP address of redirect policy destination to binding"; } } // list destination } // list redirect-policy } // list redirect-policy-binding list log { key "log-id"; description "Enter the log list instance"; leaf log-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:filter-log-id; } description "Filter log identifier"; } leaf description { type types-sros:description-or-empty; description "Text description"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of filter logging"; } container destination { description "Enter the destination context"; choice destination { default "memory"; case memory { container memory { description "Enter the memory context"; leaf max-entries { type uint32 { range "1..50000"; } default "1000"; description "Maximum number of memory entries that the log can store"; } leaf stop-on-full { type boolean; default "false"; description "Stop logging when maximum number of memory entries is reached or wrap-around is used"; } } // container memory } case syslog { container syslog { description "Enter the syslog context"; leaf syslog-id { type int32 { range "1..10"; } description "ID of the Syslog server definition for filter logs"; } container summary { description "Enter the summary context"; leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the summarization of filter log entries"; } leaf summary-crit { type types-filter:filter-log-summary-criterion; default "src-addr"; description "Summary for filter log entries"; } } // container summary } // container syslog } } } // container destination } // list log container match-list { description "Enter the match-list context"; list ip-prefix-list { key "prefix-list-name"; description "Enter the ip-prefix-list list instance"; leaf prefix-list-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Prefix list name that is used for this prefix list"; } leaf description { type types-sros:description; description "Text description"; } container apply-path { description "Enter the apply-path context"; list bgp-peers { key "criterion-index"; description "Enter the bgp-peers list instance"; leaf criterion-index { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..255"; } } description "Value of the enumerating BGP peers autogeneration configuration within list"; } leaf group { type types-sros:regular-expression-not-all-spaces; sros-ext:immutable; description "Regular expression to match against the base router BGP instance group configuration"; } leaf neighbor { type types-sros:regular-expression-not-all-spaces; sros-ext:immutable; description "Regular expression to match against the base router BGP instance neighbor configuration"; } leaf router-instance { type string; sros-ext:immutable; default "Base"; description "Target routing instance"; } } // list bgp-peers } // container apply-path list prefix { key "ip-prefix"; max-elements 8192; description "Add a list entry for prefix"; leaf ip-prefix { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:ipv4-prefix; } description "IPv4 prefix to be added to the prefix list"; } } // list prefix list prefix-exclude { key "ip-prefix"; max-elements 512; description "Add a list entry for prefix-exclude"; leaf ip-prefix { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:ipv4-prefix; } description "IPv4 prefix to be added to the prefix list"; } } // list prefix-exclude } // list ip-prefix-list list ipv6-prefix-list { key "prefix-list-name"; description "Enter the ipv6-prefix-list list instance"; leaf prefix-list-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Prefix list name that is used for this prefix list"; } leaf description { type types-sros:description; description "Text description"; } container apply-path { description "Enter the apply-path context"; list bgp-peers { key "criterion-index"; description "Enter the bgp-peers list instance"; leaf criterion-index { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..255"; } } description "Value of the enumerating BGP peers autogeneration configuration within list"; } leaf group { type types-sros:regular-expression-not-all-spaces; sros-ext:immutable; description "Regular expression to match against the base router BGP instance group configuration"; } leaf neighbor { type types-sros:regular-expression-not-all-spaces; sros-ext:immutable; description "Regular expression to match against the base router BGP instance neighbor configuration"; } leaf router-instance { type string; sros-ext:immutable; default "Base"; description "Target routing instance"; } } // list bgp-peers } // container apply-path list prefix { key "ipv6-prefix"; max-elements 8192; description "Add a list entry for prefix"; leaf ipv6-prefix { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:ipv6-prefix; } description "Add IPv6 prefix to the list."; } } // list prefix list prefix-exclude { key "ipv6-prefix"; max-elements 512; description "Add a list entry for prefix-exclude"; leaf ipv6-prefix { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:ipv6-prefix; } description "Add IPv6 prefix to the list."; } } // list prefix-exclude } // list ipv6-prefix-list list port-list { key "port-list-name"; max-elements 1024; description "Enter the port-list list instance"; leaf port-list-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Port list name"; } leaf description { type types-sros:description; description "Text description"; } list port { key "value"; description "Add a list entry for port"; leaf value { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type int32 { range "0..65535"; } } description "Port value"; } } // list port list range { key "start end"; description "Add a list entry for range"; leaf start { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type int32 { range "0..65534"; } } description "Highest value for TCP/UDP port range"; } leaf end { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type int32 { range "1..65535"; } } description "Highest value for TCP/UDP port range"; } } // list range } // list port-list } // container match-list list ip-filter { key "filter-name"; description "Enter the ip-filter list instance"; leaf filter-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } } description "Name of the object to associate"; } leaf default-action { type types-filter:filter-default-action; default "drop"; description "Action for packets that do not match any entry"; } leaf description { type types-sros:description; description "Text description"; } leaf scope { type types-filter:filter-scope; sros-ext:immutable; default "template"; description "Scope of this filter definition"; } leaf type { type enumeration { enum "normal" { value 0; } enum "src-mac" { value 1; } enum "packet-length" { value 2; } } default "normal"; description "Filter policy type"; } leaf chain-to-system-filter { type boolean; default "false"; description "Chain filter policy to the active IPvX system filter policy"; } leaf filter-id { type types-filter:filter-id; sros-ext:immutable; description "IP filter ID"; } container subscriber-mgmt { description "Enter the subscriber-mgmt context"; container host-specific-entry { description "Enter the host-specific-entry context"; container filter-rule { description "Enter the filter-rule context"; container range { presence "Exclusive range for DIAMETER or RADIUS filter rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; description "Lower bound of range for subscriber host filter-rule entries from RADIUS/Diameter"; } leaf end { type types-filter:entry-id; description "Upper bound of range for filter-rule entries from RADIUS/Diameter"; } } // container range } // container filter-rule container credit-control { description "Enter the credit-control context"; container range { presence "Exclusive range for credit-control entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; description "Lower bound of range for entries from Credit Control"; } leaf end { type types-filter:entry-id; description "Upper bound of range for entries from Credit Control"; } } // container range } // container credit-control container watermark { description "Enter the watermark context"; leaf low { type int32 { range "0..100"; } default "90"; description "Low watermark for host-specific entries, to clear a table full alarm"; } leaf high { type int32 { range "0..100"; } default "95"; description "High watermark for host-specific entries, to raise a table full alarm"; } } // container watermark } // container host-specific-entry container shared-entry { description "Enter the shared-entry context"; container filter-rule { description "Enter the filter-rule context"; container range { presence "Exclusive range for DIAMETER or RADIUS shared filter rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; description "Lower bound of range for shared filter-rules from RADIUS"; } leaf end { type types-filter:entry-id; description "Upper bound of range for shared-filter rules from RADIUS"; } } // container range } // container filter-rule container pcc-rule { description "Enter the pcc-rule context"; container range { presence "Exclusive range for PCC rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; description "Lower bound of range for pcc-rule filter entries from Diameter"; } leaf end { type types-filter:entry-id; description "Upper bound of range for pcc-rule filter entries from Diameter"; } } // container range } // container pcc-rule container watermark { presence "Alarm will be raised by the system when number of filters created by subscriber management shared entries oversteps specified boundaries."; description "Enter the watermark context"; leaf low { type int32 { range "0..7999"; } description "Limit of RADIUS or Diameter shared filters before clearing high watermark notification"; } leaf high { type int32 { range "1..8000"; } description "Limit of RADIUS shared filters before generating high watermark notification"; } } // container watermark } // container shared-entry } // container subscriber-mgmt list entry { key "entry-id"; description "Enter the entry list instance"; leaf entry-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:entry-id; } description "Secondary index for this entry"; } leaf description { type types-sros:description; description "Text description"; } leaf log { type types-filter:filter-log-id; description "Log that is used for packets matching this entry"; } leaf pbr-down-action-override { type types-filter:filter-pbr-down-action-ovr; description "Action when PBR or PBF target for this entry is not available"; } leaf sticky-dest { type types-filter:filter-sticky-dest; units "seconds"; description "Time before action with available PBR or PBF destination and highest priority"; } leaf egress-pbr { type types-filter:filter-egress-pbr; sros-ext:immutable; description "PBR that has an effect when this filter is applied on egress"; } leaf filter-sample { type boolean; default "false"; description "Sample matching traffic if IP interface is set to cflowd ACL mode"; } leaf interface-sample { type boolean; default "true"; description "Sample matching traffic if IP interface is set to cflowd interface mode"; } container match { description "Enter the match context"; leaf protocol { type types-sros:ipv4-match-protocol; description "IP protocol used as an IP filter match criterion"; } leaf dscp { type types-qos:dscp-name; description "DSCP used as an IP filter match criterion"; } leaf fragment { type enumeration { enum "false" { value 2; } enum "true" { value 3; } enum "first-only" { value 4; } enum "non-first-only" { value 5; } } description "Match criterion for fragmented packets"; } leaf multiple-option { type boolean; description "Match based on presence of multiple options in header"; } leaf option-present { type boolean; description "Match on the presence of any IP option in the packet"; } leaf src-route-option { type boolean; description "Match based on presence of source route option"; } choice port-selector { case src-dst-port { container src-port { description "Enter the src-port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type types-sros:named-item; description "Parameter port-list as match criterion"; } } } } // container src-port container dst-port { description "Enter the dst-port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type types-sros:named-item; description "Parameter port-list as match criterion"; } } } } // container dst-port } case port { container port { description "Enter the port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type types-sros:named-item; description "Parameter port-list as match criterion"; } } } } // container port } } container ip-option { presence "Enable matching the specified option value in the first option of the IPv4 packet."; description "Enter the ip-option context"; leaf type { type types-filter:filter-match-ip-option; description "Specific IP option to match"; } leaf mask { type types-filter:filter-match-ip-option { range "1..255"; } default "255"; description "Mask that is ANDed with ip-option value in the packet header"; } } // container ip-option container src-ip { description "Enter the src-ip context"; choice match-address-choice { case address-and-prefix-or-mask { leaf address { type union { type types-sros:ipv4-address; type types-sros:ipv4-prefix-with-host-bits; } description "IP address to match"; } leaf mask { type types-sros:ipv4-address; description "Mask as an AND to the IP address"; } } case ip-prefix-list { leaf ip-prefix-list { type types-sros:named-item; description "IP prefix list as match criterion for IP address"; } } } } // container src-ip container dst-ip { description "Enter the dst-ip context"; choice match-address-choice { case address-and-prefix-or-mask { leaf address { type union { type types-sros:ipv4-address; type types-sros:ipv4-prefix-with-host-bits; } description "IP address to match"; } leaf mask { type types-sros:ipv4-address; description "Mask as an AND to the IP address"; } } case ip-prefix-list { leaf ip-prefix-list { type types-sros:named-item; description "IP prefix list as match criterion for IP address"; } } } } // container dst-ip container src-mac { presence "Enable source MAC address match criteria."; description "Enter the src-mac context"; leaf address { type yang:mac-address; description "MAC address used as MAC filter match criterion"; } leaf mask { type yang:mac-address; default "ff:ff:ff:ff:ff:ff"; description "MAC address mask"; } } // container src-mac container icmp { description "Enter the icmp context"; choice icmp-code { case code { leaf code { type types-filter:ipv4-match-icmp-codes; description "ICMP code value to match"; } } } choice icmp-type { case type { leaf type { type types-filter:ipv4-match-icmp-types; description "ICMP type value to match"; } } } } // container icmp container tcp-flags { description "Enter the tcp-flags context"; leaf ack { type boolean; description "Match TCP ACK as per value of the ACK TCP flag bit"; } leaf syn { type boolean; description "Match TCP SYN as per value of the SYN TCP flag bit"; } leaf fin { type boolean; description "Match TCP FIN as per value of the FIN TCP flag bit"; } leaf rst { type boolean; description "Match TCP RST as per value of the RST TCP flag bit"; } leaf psh { type boolean; description "Match TCP PSH as per value of the PSH TCP flag bit"; } leaf urg { type boolean; description "Match TCP URG as per value of the URG TCP flag bit"; } leaf ece { type boolean; description "Match TCP ECE as per value of the ECE TCP flag bit"; } leaf cwr { type boolean; description "Match TCP CWR as per value of the CWR TCP flag bit"; } leaf ns { type boolean; description "Match TCP NS as per value of the NS TCP flag bit"; } } // container tcp-flags container packet-length { presence "Enable packet length match criteria."; description "Enter the packet-length context"; choice packet-length { case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of packet-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; description "Upper bound of the range"; } } // container range } } } // container packet-length } // container match container action { presence "Action to be taken on a packet matching the IP filter entry match criteria."; description "Enter the action context"; leaf fc { type types-sros:fc-name; description "Class name to be forwarded for matching packets"; } choice action { case ignore-match { leaf ignore-match { type empty; description "Ignore match criteria for the entry"; } } case drop { leaf drop { type empty; description "Drop a packet matching this entry"; } } case forward { container forward { description "Enter the forward context"; choice forward-action { case bonding-connection { leaf bonding-connection { type types-submgt:bonding-connection-index; description "Connection ID over which packet is forwarded"; } } case esi-l2 { container esi-l2 { presence "A packet matching the entry will be forwarded to ESI identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel in the specified VPLS service."; description "Enter the esi-l2 context"; leaf esi-value { type types-services:ethernet-segment-id; description "ID of first ESI identified appliance in Nuage service chain"; } leaf vpls { type types-services:service-name; description "Specifies the identifier of the VPLS used for VPN/DC connectivity."; } } // container esi-l2 } case esi-l3 { container esi-l3 { presence "A packet matching the entry will be forwarded to ESI/SF-IP identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel over the configured VAS interface in the specified VPRN service."; description "Enter the esi-l3 context"; leaf sf-ip { type types-sros:ipv4-address; sros-ext:immutable; description "IP address of the service function to forward traffic"; } leaf esi-value { type types-services:ethernet-segment-id; sros-ext:immutable; description "Specifies the ethernet segment identifier (ESI) of the first ESI identified appliance in Nuage service chain."; } leaf vas-interface { type types-sros:interface-name; sros-ext:immutable; description "VRI index of VPRN RVPLS interface for VPN DC connectivity"; } leaf vprn { type types-services:service-name; sros-ext:immutable; description "Routing context for lookup to derive VPRN service label"; } } // container esi-l3 } case router { leaf router-instance { type string; sros-ext:immutable; description "Specifies the routing context used for route lookup."; } } case next-hop { container next-hop { presence "A packet matching the entry will be forwarded using the specified next-hop."; description "Enter the next-hop context"; choice next-hop { case nh-ip { container nh-ip { presence "A packet matching the entry will be forwarded in the routing context of the incoming interface using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf address { type types-sros:ipv4-address; sros-ext:immutable; description "IPv4 address of next hop to forward matching packets"; } } // container nh-ip } case nh-interface { leaf interface-name { type types-sros:named-item; description "Local interface that forwards the packet matchin this entry"; } } case nh-ip-vrf { container nh-ip-vrf { presence "A packet matching the entry will be forwarded in the specified routing context using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip-vrf context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf router-instance { type string; sros-ext:immutable; description "Routing context for route lookup for forwarding packets"; } leaf address { type types-sros:ipv4-address; sros-ext:immutable; description "IPv4 address of next hop to forward matching packets"; } } // container nh-ip-vrf } } } // container next-hop } case lsp { leaf lsp { type types-sros:named-item-64; description "LSP that is specified to forward a packet matching this entry"; } } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type types-services:service-name; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type types-services:service-name; description "VPLS associated with the SAP"; } leaf sap-id { type types-sros:sap; description "VPLS Ethernet SAP ID used to forward matching packets"; } } // container sap } case redirect-policy { leaf redirect-policy { type types-sros:named-item; sros-ext:immutable; description "Next hop or forward next hop router that forwards a packet that matches this entry"; } } case vprn-target { container vprn-target { presence "A packet matching the filter entry will be forwarded using specified tunnel."; description "Enter the vprn-target context"; leaf bgp-nh { type types-sros:ipv4-address; description "Target BGP next hop IP address"; } leaf vprn { type types-services:service-name; description "Routing context used for route lookup"; } leaf lsp { type types-sros:named-item-64; description "LSP that is specified to forward a packet matching this entry"; } leaf adv-prefix { type types-sros:ipv4-prefix; description "Advertised IP prefix for target destination"; } } // container vprn-target } case gre-tunnel { leaf gre-tunnel { type types-sros:named-item; description "GRE tunnel template ID that sets the location where an encapsulated matching packet is transported"; } } case mpls-policy { container mpls-policy { presence "ipv4-filter entry action forward mpls-policy"; description "Enter the mpls-policy context"; leaf endpoint { type types-sros:ipv4-unicast-address; description "The MPLS forwarding policy endpoint IPv4 address"; } } // container mpls-policy } case srte-policy { container srte-policy { presence "ipv4-filter entry action forward srte-policy"; description "Enter the srte-policy context"; leaf endpoint { type types-sros:ipv4-unicast-or-zero-address; description "The SR-TE policy endpoint IPv4 address"; } leaf color { type int64 { range "0..4294967295"; } description "The SR-TE policy color value"; } } // container srte-policy } } } // container forward } case http-redirect { container http-redirect { presence "An HTTP GET packet matching the entry is forwarded to CPM for HTTP captive portal processing."; description "Enter the http-redirect context"; leaf url { type types-sros:http-redirect-url; sros-ext:immutable; description "URL that is used for redirecting"; } leaf allow-override { type boolean; default "false"; description "Override http-redirect by a RADIUS VSA"; } } // container http-redirect } case nat { container nat { presence "A packet matching the entry will be forwarded to NAT."; description "Enter the nat context"; leaf nat-policy { type types-sros:external-named-item; sros-ext:isa-auto-clear-on-modify; description "NAT policy name when action is NAT"; } } // container nat } case reassemble { leaf reassemble { type empty; description "Forward matching packets to reassembly function"; } } case gtp-local-breakout { leaf gtp-local-breakout { type empty; description "Break out matching traffic locally from a GTP tunnel for GTP-subscriber-hosts, or forward for other entities"; } } case tcp-mss-adjust { leaf tcp-mss-adjust { type empty; description "Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context"; } } case accept { leaf accept { type empty; description "Accept regular routing to forward a packet that matches this entry"; } } } container remark { presence "DSCP value of packets matching the entry will be remarked."; description "Enter the remark context"; leaf dscp { type types-qos:dscp-name; description "Destination SAP"; } } // container remark container rate-limit { presence "Packet rate of packets matching the entry will be limited to value specified by pir."; description "Enter the rate-limit context"; leaf pir { type types-filter:rate-limit; units "kilobps"; description "Peak information rate"; } choice criterion-1 { case ttl { container ttl { presence "A packet matching the entry will be subjected to the configured action only if 'Time-to-live' field of packet's IPv4 header meets the configured condition."; description "Enter the ttl context"; choice ttl { case eq { leaf eq { type types-filter:ttl-or-hop-limit-value; description "Value to compare against 'equal' condition for entry match criteria"; } } case lt { leaf lt { type types-filter:ttl-or-hop-limit-lt-value; description "Value to compare against 'less than' condition for entry match criteria"; } } case gt { leaf gt { type types-filter:ttl-or-hop-limit-gt-value; description "Value to compare against 'greater than' condition for entry match criteria"; } } case range { container range { presence "Range of ttl values."; description "Enter the range context"; leaf start { type types-filter:ttl-or-hop-limit-gt-value; description "Lower bound value"; } leaf end { type types-filter:ttl-or-hop-limit-lt-value; description "Upper bound value"; } } // container range } } } // container ttl } case packet-length { container packet-length { presence "A packet matching the entry will be dropped only if 'Total Length' field of packet's IPv4 header meets the configured condition."; description "Enter the packet-length context"; choice packet-length { case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of packet-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; description "Upper bound of the range"; } } // container range } } } // container packet-length } } container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } description "Offset value for the pattern expression"; } } // container pattern } // container rate-limit container drop-when { presence "Packets which meet the specified condition will be dropped."; description "Enter the drop-when context"; choice criterion-1 { case ttl { container ttl { presence "A packet matching the entry will be subjected to the configured action only if 'Time-to-live' field of packet's IPv4 header meets the configured condition."; description "Enter the ttl context"; choice ttl { case eq { leaf eq { type types-filter:ttl-or-hop-limit-value; description "Value to compare against 'equal' condition for entry match criteria"; } } case lt { leaf lt { type types-filter:ttl-or-hop-limit-lt-value; description "Value to compare against 'less than' condition for entry match criteria"; } } case gt { leaf gt { type types-filter:ttl-or-hop-limit-gt-value; description "Value to compare against 'greater than' condition for entry match criteria"; } } case range { container range { presence "Range of ttl values."; description "Enter the range context"; leaf start { type types-filter:ttl-or-hop-limit-gt-value; description "Lower bound value"; } leaf end { type types-filter:ttl-or-hop-limit-lt-value; description "Upper bound value"; } } // container range } } } // container ttl } case packet-length { container packet-length { presence "A packet matching the entry will be dropped only if 'Total Length' field of packet's IPv4 header meets the configured condition."; description "Enter the packet-length context"; choice packet-length { case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of packet-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; description "Upper bound of the range"; } } // container range } } } // container packet-length } } choice criterion-2 { case extracted-traffic { leaf extracted-traffic { type empty; description "Drop traffic extracted to CPM"; } } } container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } description "Offset value for the pattern expression"; } } // container pattern } // container drop-when container accept-when { presence "Packets which meet the specified condition will be accepted."; description "Enter the accept-when context"; container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } description "Offset value for the pattern expression"; } } // container pattern } // container accept-when container secondary { presence "Secondary (backup) action to be taken on a packet matching the filter entry."; description "Enter the secondary context"; choice action { case forward { container forward { description "Enter the forward context"; choice forward-action { case next-hop { container next-hop { presence "A packet matching the entry will be forwarded using the specified next-hop."; description "Enter the next-hop context"; choice next-hop { case nh-ip-vrf { container nh-ip-vrf { presence "A packet matching the entry will be forwarded in the specified routing context using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip-vrf context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf router-instance { type string; sros-ext:immutable; description "Routing context for route lookup for forwarding packets"; } leaf address { type types-sros:ipv4-address; sros-ext:immutable; description "IPv4 address of next hop to forward matching packets"; } } // container nh-ip-vrf } } } // container next-hop } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type types-services:service-name; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; sros-ext:immutable; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type types-services:service-name; description "VPLS the sdp-bind-id belongs to"; } leaf sap-id { type types-sros:sap; sros-ext:immutable; description "A packet matching the entry will be forwarded using the specified SAP"; } } // container sap } } } // container forward } } container remark { presence "DSCP value of packets matching the entry will be remarked."; description "Enter the remark context"; leaf dscp { type types-qos:dscp-name; description "Destination SAP"; } } // container remark } // container secondary } // container action } // list entry container embed { description "Enter the embed context"; list filter { key "name offset"; description "Enter the filter list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } } description "ID of the filter to insert"; } leaf offset { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:embed-offset { range "0..2097150"; } } description "Offset of the inserted entries"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } } // list filter list flowspec { key "offset"; description "Enter the flowspec list instance"; leaf offset { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:embed-offset; } description "Offset of the inserted entries"; } leaf group { type uint32 { range "0..16383"; } sros-ext:immutable; description "Interface group ID for an external configured set of flowspec rules"; } leaf router-instance { type string; sros-ext:immutable; description "Virtual router for an external configured set of flowspec rules"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } } // list flowspec list openflow { key "of-switch offset"; description "Enter the openflow list instance"; leaf of-switch { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Openflow switch which contains the flowtable to be inserted in the parent filter"; } leaf offset { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:embed-offset { range "0..2097150"; } } description "Offset of the inserted entries"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } choice context { default "grt"; description "Specifies the context in which the openflow embedding is inserted into filter. When no context is present, this object is set to grt value."; case grt { leaf grt { type empty; sros-ext:immutable; description "Global routing context"; } } case system { leaf system { type empty; sros-ext:immutable; description "System context"; } } case vprn { leaf vprn { type types-services:service-name; sros-ext:immutable; description "VPRN context"; } } case vpls { leaf vpls { type types-services:service-name; sros-ext:immutable; description "VPLS context"; } leaf sap { type types-sros:sap; sros-ext:immutable; description "SAP context"; } } } } // list openflow } // container embed } // list ip-filter list ipv6-filter { key "filter-name"; description "Enter the ipv6-filter list instance"; leaf filter-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } } description "Name of the object to associate"; } leaf default-action { type types-filter:filter-default-action; default "drop"; description "Action for packets that do not match any entry"; } leaf description { type types-sros:description; description "Text description"; } leaf scope { type types-filter:filter-scope; sros-ext:immutable; default "template"; description "Scope of this filter definition"; } leaf type { type enumeration { enum "normal" { value 0; } enum "src-mac" { value 1; } enum "packet-length" { value 2; } } default "normal"; description "Filter policy type"; } leaf chain-to-system-filter { type boolean; default "false"; description "Chain filter policy to the active IPvX system filter policy"; } leaf filter-id { type types-filter:filter-id; sros-ext:immutable; description "IPv6 filter identifier"; } container subscriber-mgmt { description "Enter the subscriber-mgmt context"; container host-specific-entry { description "Enter the host-specific-entry context"; container filter-rule { description "Enter the filter-rule context"; container range { presence "Exclusive range for DIAMETER or RADIUS filter rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; description "Lower bound of range for subscriber host filter-rule entries from RADIUS/Diameter"; } leaf end { type types-filter:entry-id; description "Upper bound of range for filter-rule entries from RADIUS/Diameter"; } } // container range } // container filter-rule container credit-control { description "Enter the credit-control context"; container range { presence "Exclusive range for credit-control entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; description "Lower bound of range for entries from Credit Control"; } leaf end { type types-filter:entry-id; description "Upper bound of range for entries from Credit Control"; } } // container range } // container credit-control container watermark { description "Enter the watermark context"; leaf low { type int32 { range "0..100"; } default "90"; description "Low watermark for host-specific entries, to clear a table full alarm"; } leaf high { type int32 { range "0..100"; } default "95"; description "High watermark for host-specific entries, to raise a table full alarm"; } } // container watermark } // container host-specific-entry container shared-entry { description "Enter the shared-entry context"; container filter-rule { description "Enter the filter-rule context"; container range { presence "Exclusive range for DIAMETER or RADIUS shared filter rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; description "Lower bound of range for shared filter-rules from RADIUS"; } leaf end { type types-filter:entry-id; description "Upper bound of range for shared-filter rules from RADIUS"; } } // container range } // container filter-rule container pcc-rule { description "Enter the pcc-rule context"; container range { presence "Exclusive range for PCC rule entries."; description "Enter the range context"; leaf start { type types-filter:entry-id; description "Lower bound of range for pcc-rule filter entries from Diameter"; } leaf end { type types-filter:entry-id; description "Upper bound of range for pcc-rule filter entries from Diameter"; } } // container range } // container pcc-rule container watermark { presence "Alarm will be raised by the system when number of filters created by subscriber management shared entries oversteps specified boundaries."; description "Enter the watermark context"; leaf low { type int32 { range "0..7999"; } description "Limit of RADIUS or Diameter shared filters before clearing high watermark notification"; } leaf high { type int32 { range "1..8000"; } description "Limit of RADIUS shared filters before generating high watermark notification"; } } // container watermark } // container shared-entry } // container subscriber-mgmt list entry { key "entry-id"; description "Enter the entry list instance"; leaf entry-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:entry-id; } description "Secondary index for this entry"; } leaf description { type types-sros:description; description "Text description"; } leaf log { type types-filter:filter-log-id; description "Log that is used for packets matching this entry"; } leaf pbr-down-action-override { type types-filter:filter-pbr-down-action-ovr; description "Action when PBR or PBF target for this entry is not available"; } leaf sticky-dest { type types-filter:filter-sticky-dest; units "seconds"; description "Time before action with available PBR or PBF destination and highest priority"; } leaf egress-pbr { type types-filter:filter-egress-pbr; sros-ext:immutable; description "PBR that has an effect when this filter is applied on egress"; } leaf filter-sample { type boolean; default "false"; description "Sample matching traffic if IP interface is set to cflowd ACL mode"; } leaf interface-sample { type boolean; default "true"; description "Sample matching traffic if IP interface is set to cflowd interface mode"; } container match { description "Enter the match context"; leaf next-header { type types-sros:ipv6-match-protocol; description "IPv6 next header to match"; } leaf dscp { type types-qos:dscp-name; description "DSCP used as an IP filter match criterion"; } leaf fragment { type enumeration { enum "false" { value 2; } enum "true" { value 3; } enum "first-only" { value 4; } enum "non-first-only" { value 5; } } description "Match criterion for fragmented packages"; } choice port-selector { case src-dst-port { container src-port { description "Enter the src-port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type types-sros:named-item; description "Parameter port-list as match criterion"; } } } } // container src-port container dst-port { description "Enter the dst-port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type types-sros:named-item; description "Parameter port-list as match criterion"; } } } } // container dst-port } case port { container port { description "Enter the port context"; choice port { case eq { leaf eq { type uint16 { range "0..65535"; } description "Equal to specified value"; } } case lt { leaf lt { type uint16 { range "1..65535"; } description "Less than specified value"; } } case gt { leaf gt { type uint16 { range "0..65534"; } description "Greater than specified value"; } } case range { container range { presence "Enables port range matching."; description "Enter the range context"; leaf start { type uint16 { range "0..65534"; } description "Lower bound port to match"; } leaf end { type uint16 { range "1..65535"; } description "Lower bound port to match"; } } // container range } case port-list { leaf port-list { type types-sros:named-item; description "Parameter port-list as match criterion"; } } } } // container port } } container src-ip { description "Enter the src-ip context"; choice match-address-choice { case address-and-prefix-or-mask { leaf address { type union { type types-sros:ipv6-address; type types-sros:ipv6-prefix-with-host-bits; } description "IPv6 address used as a filter policy match criterion"; } leaf mask { type types-sros:ipv6-address; description "Mask as an AND to IPv6 address"; } } case ipv6-prefix-list { leaf ipv6-prefix-list { type types-sros:named-item; description "IP prefix list as match criterion for IP address"; } } } } // container src-ip container dst-ip { description "Enter the dst-ip context"; choice match-address-choice { case address-and-prefix-or-mask { leaf address { type union { type types-sros:ipv6-address; type types-sros:ipv6-prefix-with-host-bits; } description "IPv6 address used as a filter policy match criterion"; } leaf mask { type types-sros:ipv6-address; description "Mask as an AND to IPv6 address"; } } case ipv6-prefix-list { leaf ipv6-prefix-list { type types-sros:named-item; description "IP prefix list as match criterion for IP address"; } } } } // container dst-ip container src-mac { presence "Enable source MAC address match criteria."; description "Enter the src-mac context"; leaf address { type yang:mac-address; description "MAC address used as MAC filter match criterion"; } leaf mask { type yang:mac-address; default "ff:ff:ff:ff:ff:ff"; description "MAC address mask"; } } // container src-mac container extension-header { description "Enter the extension-header context"; leaf ah { type boolean; description "Match a packet as per the existence of an AH Extension Header"; } leaf esp { type boolean; description "Match a packet as per the existence of an Encapsulation security payload extension header"; } leaf hop-by-hop { type boolean; description "Match on Hop-by-Hop Options Extension Header existence"; } leaf routing-type0 { type boolean; description "Match a packet as per the existence of a routing Extension Header"; } } // container extension-header container flow-label { presence "Flow-label match criteria."; description "Enter the flow-label context"; leaf value { type types-filter:filter-match-flow-label; description "Flow label as match criterion"; } leaf mask { type types-filter:filter-match-flow-label { range "1..1048575"; } default "1048575"; description "Flow label mask for this policy IP filter entry"; } } // container flow-label container icmp { description "Enter the icmp context"; choice icmp-code { case code { leaf code { type types-filter:ipv6-match-icmp-codes; description "ICMPv6 code value to match"; } } } choice icmp-type { case type { leaf type { type types-filter:ipv6-match-icmp-types; description "ICMPv6 type value to match"; } } } } // container icmp container tcp-flags { description "Enter the tcp-flags context"; leaf ack { type boolean; description "Match TCP ACK as per value of the ACK TCP flag bit"; } leaf syn { type boolean; description "Match TCP SYN as per value of the SYN TCP flag bit"; } leaf fin { type boolean; description "Match TCP FIN as per value of the FIN TCP flag bit"; } leaf rst { type boolean; description "Match TCP RST as per value of the RST TCP flag bit"; } leaf psh { type boolean; description "Match TCP PSH as per value of the PSH TCP flag bit"; } leaf urg { type boolean; description "Match TCP URG as per value of the URG TCP flag bit"; } leaf ece { type boolean; description "Match TCP ECE as per value of the ECE TCP flag bit"; } leaf cwr { type boolean; description "Match TCP CWR as per value of the CWR TCP flag bit"; } leaf ns { type boolean; description "Match TCP NS as per value of the NS TCP flag bit"; } } // container tcp-flags container packet-length { presence "Enable packet length match criteria."; description "Enter the packet-length context"; choice packet-length { case eq { leaf eq { type types-filter:ipv6-match-packet-length-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:ipv6-match-packet-length-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:ipv6-match-packet-length-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of packet-length values."; description "Enter the range context"; leaf start { type types-filter:ipv6-match-packet-length-gt-value; description "Lower bound of the range"; } leaf end { type types-filter:ipv6-match-packet-length-lt-value; description "Upper bound of the range"; } } // container range } } } // container packet-length } // container match container action { presence "Action to be taken on a packet matching the IPv6 filter entry match criteria."; description "Enter the action context"; leaf fc { type types-sros:fc-name; description "Class name to be forwarded for matching packets"; } choice action { case ignore-match { leaf ignore-match { type empty; description "Ignore match criteria for the entry"; } } case drop { leaf drop { type empty; description "Drop a packet matching this entry"; } } case forward { container forward { description "Enter the forward context"; choice forward-action { case bonding-connection { leaf bonding-connection { type types-submgt:bonding-connection-index; description "Connection ID over which packet is forwarded"; } } case esi-l2 { container esi-l2 { presence "A packet matching the entry will be forwarded to ESI identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel in the specified VPLS service."; description "Enter the esi-l2 context"; leaf esi-value { type types-services:ethernet-segment-id; description "ID of first ESI identified appliance in Nuage service chain"; } leaf vpls { type types-services:service-name; description "Specifies the identifier of the VPLS used for VPN/DC connectivity."; } } // container esi-l2 } case esi-l3 { container esi-l3 { presence "A packet matching the entry will be forwarded to ESI/SF-IP identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel over the configured VAS interface in the specified VPRN service."; description "Enter the esi-l3 context"; leaf sf-ip { type types-sros:ipv6-address; sros-ext:immutable; description "IP address of the service function to forward traffic"; } leaf esi-value { type types-services:ethernet-segment-id; sros-ext:immutable; description "Specifies the ethernet segment identifier (ESI) of the first ESI identified appliance in Nuage service chain."; } leaf vas-interface { type types-sros:interface-name; sros-ext:immutable; description "VRI index of VPRN RVPLS interface for VPN DC connectivity"; } leaf vprn { type types-services:service-name; sros-ext:immutable; description "Routing context for lookup to derive VPRN service label"; } } // container esi-l3 } case router { leaf router-instance { type string; sros-ext:immutable; description "Specifies the routing context used for route lookup."; } } case next-hop { container next-hop { presence "A packet matching the entry will be forwarded using the specified next-hop."; description "Enter the next-hop context"; choice next-hop { case nh-ip { container nh-ip { presence "A packet matching the entry will be forwarded in the routing context of the incoming interface using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf address { type types-sros:ipv6-address; description "IPv6 address of next hop to forward matching packets"; } } // container nh-ip } case nh-ip-vrf { container nh-ip-vrf { presence "A packet matching the entry will be forwarded in the specified routing context using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip-vrf context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf router-instance { type string; sros-ext:immutable; description "Routing context for route lookup for forwarding packets"; } leaf address { type types-sros:ipv6-address; description "IPv6 address of next hop to forward matching packets"; } } // container nh-ip-vrf } } } // container next-hop } case lsp { leaf lsp { type types-sros:named-item-64; description "LSP that is specified to forward a packet matching this entry"; } } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type types-services:service-name; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type types-services:service-name; description "VPLS associated with the SAP"; } leaf sap-id { type types-sros:sap; description "VPLS Ethernet SAP ID used to forward matching packets"; } } // container sap } case redirect-policy { leaf redirect-policy { type types-sros:named-item; sros-ext:immutable; description "Next hop or forward next hop router that forwards a packet that matches this entry"; } } case vprn-target { container vprn-target { presence "A packet matching the filter entry will be forwarded using specified tunnel."; description "Enter the vprn-target context"; leaf bgp-nh { type types-sros:ipv4-address; description "Target BGP next hop IP address"; } leaf vprn { type types-services:service-name; description "Routing context used for route lookup"; } leaf lsp { type types-sros:named-item-64; description "LSP that is specified to forward a packet matching this entry"; } leaf adv-prefix { type types-sros:ipv6-prefix; description "Advertised IP prefix for target destination"; } } // container vprn-target } case gre-tunnel { leaf gre-tunnel { type types-sros:named-item; description "GRE tunnel template ID that sets the location where an encapsulated matching packet is transported"; } } case mpls-policy { container mpls-policy { presence "ipv6-filter entry action forward mpls-policy"; description "Enter the mpls-policy context"; leaf endpoint { type types-sros:ipv6-unicast-address; description "The MPLS forwarding policy endpoint IPv6 address"; } } // container mpls-policy } case srte-policy { container srte-policy { presence "ipv6-filter entry action forward srte-policy"; description "Enter the srte-policy context"; leaf endpoint { type types-sros:ipv6-unicast-or-zero-address; description "The SR-TE policy endpoint IPv6 address"; } leaf color { type int64 { range "0..4294967295"; } description "The SR-TE policy color value"; } } // container srte-policy } } } // container forward } case http-redirect { container http-redirect { presence "An HTTP GET packet matching the entry is forwarded to CPM for HTTP captive portal processing."; description "Enter the http-redirect context"; leaf url { type types-sros:http-redirect-url; sros-ext:immutable; description "URL that is used for redirecting"; } leaf allow-override { type boolean; default "false"; description "Override http-redirect by a RADIUS VSA"; } } // container http-redirect } case nat { container nat { presence "A packet matching the entry will be forwarded to NAT."; description "Enter the nat context"; leaf nat-policy { type types-sros:external-named-item; sros-ext:isa-auto-clear-on-modify; description "NAT policy name when action is NAT"; } leaf nat-type { type types-filter:nat-type; sros-ext:isa-auto-clear-on-modify; description "NAT type to assign when action is NAT"; } } // container nat } case tcp-mss-adjust { leaf tcp-mss-adjust { type empty; description "Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context"; } } case accept { leaf accept { type empty; description "Accept regular routing to forward a packet that matches this entry"; } } } container remark { presence "DSCP value of packets matching the entry will be remarked."; description "Enter the remark context"; leaf dscp { type types-qos:dscp-name; description "Destination SAP"; } } // container remark container rate-limit { presence "Packet rate of packets matching the entry will be limited to value specified by pir."; description "Enter the rate-limit context"; leaf pir { type types-filter:rate-limit; units "kilobps"; description "Peak information rate"; } choice criterion-1 { case hop-limit { container hop-limit { presence "A packet matching the entry will be subjected to the configured action only if 'Hop-Limit' field of packet's IPv6 header meets the configured condition."; description "Enter the hop-limit context"; choice hop-limit { case eq { leaf eq { type types-filter:ttl-or-hop-limit-value; description "Value to compare against 'equal' condition for entry match criteria"; } } case lt { leaf lt { type types-filter:ttl-or-hop-limit-lt-value; description "Value to compare against 'less than' condition for entry match criteria"; } } case gt { leaf gt { type types-filter:ttl-or-hop-limit-gt-value; description "Value to compare against 'greater than' condition for entry match criteria"; } } case range { container range { presence "Range of hop-limit values."; description "Enter the range context"; leaf start { type types-filter:ttl-or-hop-limit-gt-value; description "Lower bound value"; } leaf end { type types-filter:ttl-or-hop-limit-lt-value; description "Upper bound value"; } } // container range } } } // container hop-limit } case payload-length { container payload-length { presence "A packet matching the entry will be dropped only if 'Payload Length' field of packet's IPv6 header field meets the configured condition."; description "Enter the payload-length context"; choice payload-length { case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of payload-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; description "Upper bound of the range"; } } // container range } } } // container payload-length } } container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } description "Offset value for the pattern expression"; } } // container pattern } // container rate-limit container drop-when { presence "Packets which meet the specified condition will be dropped."; description "Enter the drop-when context"; choice criterion-1 { case hop-limit { container hop-limit { presence "A packet matching the entry will be subjected to the configured action only if 'Hop-Limit' field of packet's IPv6 header meets the configured condition."; description "Enter the hop-limit context"; choice hop-limit { case eq { leaf eq { type types-filter:ttl-or-hop-limit-value; description "Value to compare against 'equal' condition for entry match criteria"; } } case lt { leaf lt { type types-filter:ttl-or-hop-limit-lt-value; description "Value to compare against 'less than' condition for entry match criteria"; } } case gt { leaf gt { type types-filter:ttl-or-hop-limit-gt-value; description "Value to compare against 'greater than' condition for entry match criteria"; } } case range { container range { presence "Range of hop-limit values."; description "Enter the range context"; leaf start { type types-filter:ttl-or-hop-limit-gt-value; description "Lower bound value"; } leaf end { type types-filter:ttl-or-hop-limit-lt-value; description "Upper bound value"; } } // container range } } } // container hop-limit } case payload-length { container payload-length { presence "A packet matching the entry will be dropped only if 'Payload Length' field of packet's IPv6 header field meets the configured condition."; description "Enter the payload-length context"; choice payload-length { case eq { leaf eq { type types-filter:pkt-len-or-payload-len-value; description "Equal to value assigned as match condition"; } } case lt { leaf lt { type types-filter:pkt-len-or-payload-len-lt-value; description "Less than value assigned as match condition"; } } case gt { leaf gt { type types-filter:pkt-len-or-payload-len-gt-value; description "Greater than value assigned as match condition"; } } case range { container range { presence "Range of payload-length values."; description "Enter the range context"; leaf start { type types-filter:pkt-len-or-payload-len-gt-value; description "Lower bound of the range"; } leaf end { type types-filter:pkt-len-or-payload-len-lt-value; description "Upper bound of the range"; } } // container range } } } // container payload-length } } choice criterion-2 { case extracted-traffic { leaf extracted-traffic { type empty; description "Drop traffic extracted to CPM"; } } } container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } description "Offset value for the pattern expression"; } } // container pattern } // container drop-when container accept-when { presence "Packets which meet the specified condition will be accepted."; description "Enter the accept-when context"; container pattern { presence "Enable pattern matching"; description "Enter the pattern context"; leaf expression { type types-sros:hex-string { length "3..18"; } description "Pattern expression to match"; } leaf mask { type types-sros:hex-string { length "3..18"; pattern "0x[a-fA-F0-9]*[a-fA-F1-9]+[a-fA-F0-9]*" { error-message "The value has to be in hex-string format with prefix '0x' and must not be all zeros."; } } description "Mask for the pattern expression"; } leaf offset-type { type enumeration { enum "layer-3" { value 1; } enum "layer-4" { value 2; } enum "data" { value 3; } enum "dns-qtype" { value 4; } } description "Starting point reference for offset value of pattern"; } leaf offset-value { type int32 { range "0..255"; } description "Offset value for the pattern expression"; } } // container pattern } // container accept-when container secondary { presence "Secondary (backup) action to be taken on a packet matching the filter entry."; description "Enter the secondary context"; choice action { case forward { container forward { description "Enter the forward context"; choice forward-action { case next-hop { container next-hop { presence "A packet matching the entry will be forwarded using the specified next-hop."; description "Enter the next-hop context"; choice next-hop { case nh-ip-vrf { container nh-ip-vrf { presence "A packet matching the entry will be forwarded in the specified routing context using direct or indirect IP address in the routing lookup."; description "Enter the nh-ip-vrf context"; leaf indirect { type boolean; default "false"; description "Allow next hop to be indirectly reachable"; } leaf router-instance { type string; sros-ext:immutable; description "Routing context for route lookup for forwarding packets"; } leaf address { type types-sros:ipv6-address; description "IPv6 address of next hop to forward matching packets"; } } // container nh-ip-vrf } } } // container next-hop } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type types-services:service-name; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; sros-ext:immutable; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type types-services:service-name; description "VPLS the sdp-bind-id belongs to"; } leaf sap-id { type types-sros:sap; sros-ext:immutable; description "A packet matching the entry will be forwarded using the specified SAP"; } } // container sap } } } // container forward } } container remark { presence "DSCP value of packets matching the entry will be remarked."; description "Enter the remark context"; leaf dscp { type types-qos:dscp-name; description "Destination SAP"; } } // container remark } // container secondary } // container action } // list entry container embed { description "Enter the embed context"; list filter { key "name offset"; description "Enter the filter list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } } description "ID of the filter to insert"; } leaf offset { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:embed-offset { range "0..2097150"; } } description "Offset of the inserted entries"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } } // list filter list flowspec { key "offset"; description "Enter the flowspec list instance"; leaf offset { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:embed-offset; } description "Offset of the inserted entries"; } leaf group { type uint32 { range "0..16383"; } sros-ext:immutable; description "Interface group ID for an external configured set of flowspec rules"; } leaf router-instance { type string; sros-ext:immutable; description "Virtual router for an external configured set of flowspec rules"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } } // list flowspec list openflow { key "of-switch offset"; description "Enter the openflow list instance"; leaf of-switch { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Openflow switch which contains the flowtable to be inserted in the parent filter"; } leaf offset { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:embed-offset { range "0..2097150"; } } description "Offset of the inserted entries"; } leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of this embedding"; } choice context { default "grt"; description "Specifies the context in which the openflow embedding is inserted into filter. When no context is present, this object is set to grt value."; case grt { leaf grt { type empty; sros-ext:immutable; description "Global routing context"; } } case system { leaf system { type empty; sros-ext:immutable; description "System context"; } } case vprn { leaf vprn { type types-services:service-name; sros-ext:immutable; description "VPRN context"; } } case vpls { leaf vpls { type types-services:service-name; sros-ext:immutable; description "VPLS context"; } leaf sap { type types-sros:sap; sros-ext:immutable; description "SAP context"; } } } } // list openflow } // container embed } // list ipv6-filter list mac-filter { key "filter-name"; description "Enter the mac-filter list instance"; leaf filter-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } } description "Name of the object to associate"; } leaf default-action { type types-filter:filter-default-action; default "drop"; description "Action for packets that do not match any entry"; } leaf description { type types-sros:description; description "Text description"; } leaf scope { type types-filter:filter-scope; sros-ext:immutable; default "template"; description "Scope of this filter definition"; } leaf type { type types-qos:mac-filter-type; sros-ext:immutable; default "normal"; description "MAC filter policy"; } leaf filter-id { type types-filter:filter-id; sros-ext:immutable; description "MAC filter ID"; } list entry { key "entry-id"; description "Enter the entry list instance"; leaf entry-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:entry-id; } description "Secondary index for this entry"; } leaf description { type types-sros:description; description "Text description"; } leaf log { type types-filter:filter-log-id; description "Log that is used for packets matching this entry"; } leaf pbr-down-action-override { type types-filter:filter-pbr-down-action-ovr; description "Action when PBR or PBF target for this entry is not available"; } leaf sticky-dest { type types-filter:filter-sticky-dest; units "seconds"; description "Time before action with available PBR or PBF destination and highest priority"; } container match { description "Enter the match context"; leaf frame-type { type types-filter:mac-frame-type; description "MAC frame as match criteria"; } leaf etype { type types-services:etype-value; description "Ethernet type"; } leaf snap-pid { type int32 { range "0..65535"; } description "Parameter snap-pid as a MAC filter match criteria"; } leaf snap-oui { type enumeration { enum "zero" { value 2; } enum "non-zero" { value 3; } } description "Parameter snap-oui as a MAC filter match criteria"; } container src-mac { presence "Enable source MAC address match criteria."; description "Enter the src-mac context"; leaf address { type yang:mac-address; description "MAC address used as MAC filter match criterion"; } leaf mask { type yang:mac-address; default "ff:ff:ff:ff:ff:ff"; description "MAC address mask"; } } // container src-mac container dst-mac { presence "Enable destination MAC address match criteria."; description "Enter the dst-mac context"; leaf address { type yang:mac-address; description "MAC address used as MAC filter match criterion"; } leaf mask { type yang:mac-address; default "ff:ff:ff:ff:ff:ff"; description "MAC address mask"; } } // container dst-mac container dot1p { presence "Enable 802.1P Priority Match Criteria."; description "Enter the dot1p context"; leaf priority { type types-qos:dot1p-priority; description "IEEE 802.1p value used as a MAC filter match criterion"; } leaf mask { type types-qos:dot1p-priority { range "1..7"; } default "7"; description "802.1p mask value used as a MAC filter match criterion"; } } // container dot1p container llc-ssap { presence "Enable SSAP criteria matching."; description "Enter the llc-ssap context"; leaf ssap { type types-qos:service-access-point; description "Source or destination SAP value"; } leaf mask { type types-qos:service-access-point { range "1..255"; } default "255"; description "Source SAP mask"; } } // container llc-ssap container llc-dsap { presence "Enable DSAP criteria matching."; description "Enter the llc-dsap context"; leaf dsap { type types-qos:service-access-point; description "DSAP value"; } leaf mask { type types-qos:service-access-point { range "1..255"; } default "255"; description "Destination SAP mask"; } } // container llc-dsap container inner-tag { presence "Enable inner tag criteria matching."; description "Enter the inner-tag context"; leaf tag { type int32 { range "0..4095"; } description "Matching value against VID of the second or first VLAN tag in the packet carried transparently"; } leaf mask { type uint32 { range "1..4095"; } default "4095"; description "Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value"; } } // container inner-tag container outer-tag { presence "Enable outer tag criteria matching."; description "Enter the outer-tag context"; leaf tag { type int32 { range "0..4095"; } description "Matching value against VID of the second or first VLAN tag in the packet carried transparently"; } leaf mask { type uint32 { range "1..4095"; } default "4095"; description "Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value"; } } // container outer-tag container isid { description "Enter the isid context"; choice isid { case isid-value { leaf value { type types-sros:svc-isid; description "Lowest value of 24-bit service instance identifier for the service matching this entry"; } } case isid-range { container range { presence "Enable isid range matching"; description "Enter the range context"; leaf start { type types-sros:svc-isid; description "Lowest value of 24-bit service instance identifier for the service matching this entry"; } leaf end { type types-sros:svc-isid; description "Highest value of 24-bit service instance identifier for the service matching this entry"; } } // container range } } } // container isid } // container match container action { presence "Action to be taken on a packet matching the MAC filter entry match criteria."; description "Enter the action context"; choice action { case ignore-match { leaf ignore-match { type empty; description "Ignore match criteria for the entry"; } } case drop { leaf drop { type empty; description "Drop a packet matching this entry"; } } case forward { container forward { description "Enter the forward context"; choice forward-action { case esi-l2 { container esi-l2 { presence "A packet matching the entry will be forwarded to ESI identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel in the specified VPLS service."; description "Enter the esi-l2 context"; leaf esi-value { type types-services:ethernet-segment-id; description "ID of first ESI identified appliance in Nuage service chain"; } leaf vpls { type types-services:service-name; description "Specifies the identifier of the VPLS used for VPN/DC connectivity."; } } // container esi-l2 } case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type types-services:service-name; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type types-services:service-name; description "VPLS associated with the SAP"; } leaf sap-id { type types-sros:sap; description "VPLS Ethernet SAP ID used to forward matching packets"; } } // container sap } } } // container forward } case http-redirect { container http-redirect { presence "An HTTP GET packet matching the entry is forwarded to CPM for HTTP captive portal processing."; description "Enter the http-redirect context"; leaf url { type types-sros:http-redirect-url; sros-ext:immutable; description "URL that is used for redirecting"; } } // container http-redirect } case accept { leaf accept { type empty; description "Accept regular routing to forward a packet that matches this entry"; } } } container rate-limit { presence "Packet rate of packets matching the entry will be limited to value specified by pir."; description "Enter the rate-limit context"; leaf pir { type types-filter:rate-limit; units "kilobps"; description "Peak information rate"; } } // container rate-limit container secondary { presence "Secondary (backup) action to be taken on a packet matching the filter entry."; description "Enter the secondary context"; choice action { case forward { container forward { description "Enter the forward context"; choice forward-action { case sdp { container sdp { presence "A packet matching this entry will be forwarded to the specified sdp-bind-id."; description "Enter the sdp context"; leaf vpls { type types-services:service-name; description "VPLS associated with the SDP"; } leaf sdp-bind-id { type types-services:sdp-bind-id; sros-ext:immutable; description "VPLS SDP bind ID used to forward matching packets"; } } // container sdp } case sap { container sap { presence "A packet matching this entry will be forwarded to the specified sap."; description "Enter the sap context"; leaf vpls { type types-services:service-name; description "VPLS the sdp-bind-id belongs to"; } leaf sap-id { type types-sros:sap; sros-ext:immutable; description "A packet matching the entry will be forwarded using the specified SAP"; } } // container sap } } } // container forward } } } // container secondary } // container action } // list entry container embed { description "Add a list entry for embed"; } // container embed } // list mac-filter container system-filter { description "Enter the system-filter context"; list ip { key "ip-filter"; max-elements 1; description "Add a list entry for ip"; leaf ip-filter { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } } description "The name of the IPv4 filter policy to be selected as the active system filter policy"; } } // list ip list ipv6 { key "ipv6-filter"; max-elements 1; description "Add a list entry for ipv6"; leaf ipv6-filter { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-filter:filter-name { pattern "(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])|(([^f0-9_ ]|f($|[^S]|S($|[^p]|p($|[^e]|e($|[^c]|c($|[^\\-]|-($|[^0-9]+)))))))\\P{C}*))"; } } description "The name of the IPv6 filter policy to be selected as the active system filter policy"; } } // list ipv6 } // container system-filter list gre-tunnel-template { key "gre-tunnel-template-name"; max-elements 1023; description "Enter the gre-tunnel-template list instance"; leaf gre-tunnel-template-name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "GRE tunnel template identifier"; } leaf description { type types-sros:description; description "Text description"; } container ipv4 { description "Enter the ipv4 context"; leaf source-address { type types-sros:ipv4-address; default "0.0.0.0"; description "Source IP address of the GRE encapsulated"; } leaf gre-key { type types-filter:filter-gre-tunnel-gre-key; description "GRE key"; } leaf skip-ttl-decrement { type boolean; default "false"; description "Decrement TTL"; } list destination-address { key "address"; max-elements 32; description "Add a list entry for destination-address"; leaf address { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:ipv4-address; } description "Destination IP address"; } } // list destination-address } // container ipv4 } // list gre-tunnel-template container md-auto-id { description "Enter the md-auto-id context"; container filter-id-range { presence "Filter Id range for MD Auto assignment"; description "Enter the filter-id-range context"; leaf start { type types-filter:filter-id; sros-ext:immutable; description "Lower value of the ID range, must be less than or equal to end value"; } leaf end { type types-filter:filter-id; sros-ext:immutable; description "Upper value of the ID range, must be greater than or equal to start value"; } } // container filter-id-range } // container md-auto-id list dhcp-filter { key "filter-id"; description "Enter the dhcp-filter list instance"; leaf filter-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..65535"; } } description "Unique DHCP filter policy ID"; } leaf description { type types-sros:description; description "Text description"; } container default-action { presence "Enables DHCP filter default action configuration."; description "Enter the default-action context"; choice action { description "The action to take for DHCP host creation requests that match this filter entry. If not set host creation proceeds as usual"; case bypass-host-creation { leaf bypass-host-creation { type empty; description "Host creation options to bypass"; } } case drop { leaf drop { type empty; description "DHCP host creation when the filter entry is matched"; } } } } // container default-action list entry { key "entry-id"; max-elements 10; description "Enter the entry list instance"; leaf entry-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..65535"; } } description "DHCP filter entry index"; } container action { presence "Enables DHCP filter entry action configuration."; description "Enter the action context"; choice action { description "The action to take for DHCP host creation requests that match this filter entry. If not set host creation proceeds as usual"; case bypass-host-creation { leaf bypass-host-creation { type empty; description "Host creation options to bypass"; } } case drop { leaf drop { type empty; description "DHCP host creation when the filter entry is matched"; } } } } // container action container option { presence "Enables DHCP option match criteria configuration."; description "Enter the option context"; leaf number { type int32 { range "0..255"; } description "Number for DHCP or DHCPv6 option to filter on"; } choice option-match { case present { leaf present { type empty; description "Require the presence of related option"; } } case absent { leaf absent { type empty; description "Require the absence of related option"; } } case match { container match { presence "Enables complex matching parameters."; description "Enter the match context"; leaf exact { type boolean; default "false"; description "Use an exact match pattern (not partial)"; } leaf invert { type boolean; default "false"; description "Invert (partial) matching criteria"; } choice option-value { case string { leaf string { type string { length "1..127"; } description "Matching pattern for the filtered option"; } } case hex { leaf hex { type string { length "1..256"; pattern "0x[0-9a-fA-F]+"; } description "Matching pattern for the filtered option"; } } } } // container match } } } // container option } // list entry } // list dhcp-filter list dhcp6-filter { key "filter-id"; description "Enter the dhcp6-filter list instance"; leaf filter-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..65535"; } } description "Unique DHCP filter policy ID"; } leaf description { type types-sros:description; description "Text description"; } container default-action { presence "Enables DHCP6 filter default action configuration."; description "Enter the default-action context"; choice action { description "The action to take for DHCP6 host creation requests that match this filter entry. If not set host creation proceeds as usual"; case bypass-host-creation { container bypass-host-creation { presence "Enables DHCP6 filter entry action configuration."; description "Enter the bypass-host-creation context"; leaf na { type boolean; default "true"; description "Bypass the DHCPv6 NA host creation"; } leaf pd { type boolean; default "true"; description "Bypass the DHCPv6 PD host creation"; } } // container bypass-host-creation } case drop { leaf drop { type empty; description "Drop DHCPv6 message (do not process)"; } } } } // container default-action list entry { key "entry-id"; max-elements 10; description "Enter the entry list instance"; leaf entry-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..65535"; } } description "DHCP filter entry index"; } container action { presence "Enables DHCP6 filter entry action configuration."; description "Enter the action context"; choice action { description "The action to take for DHCP6 host creation requests that match this filter entry. If not set host creation proceeds as usual"; case bypass-host-creation { container bypass-host-creation { presence "Enables DHCP6 filter entry action configuration."; description "Enter the bypass-host-creation context"; leaf na { type boolean; default "true"; description "Bypass the DHCPv6 NA host creation"; } leaf pd { type boolean; default "true"; description "Bypass the DHCPv6 PD host creation"; } } // container bypass-host-creation } case drop { leaf drop { type empty; description "Drop DHCPv6 message (do not process)"; } } } } // container action container option { presence "Enables DHCP6 option match criteria configuration."; description "Enter the option context"; leaf number { type int32 { range "0..255"; } description "Number for DHCP or DHCPv6 option to filter on"; } choice option-match { case present { leaf present { type empty; description "Require the presence of related option"; } } case absent { leaf absent { type empty; description "Require the absence of related option"; } } case match { container match { presence "Enables complex matching parameters."; description "Enter the match context"; leaf exact { type boolean; default "false"; description "Use an exact match pattern (not partial)"; } leaf invert { type boolean; default "false"; description "Invert (partial) matching criteria"; } choice option-value { case string { leaf string { type string { length "1..127"; } description "Matching pattern for the filtered option"; } } case hex { leaf hex { type string { length "1..256"; pattern "0x[0-9a-fA-F]+"; } description "Matching pattern for the filtered option"; } } } } // container match } } } // container option } // list entry } // list dhcp6-filter } // container filter container fwd-path-ext { description "Enter the fwd-path-ext context"; container sdp-id-range { presence "The FPE SDP ID range."; description "Enter the sdp-id-range context"; leaf start { type types-services:sdp-id; description "Start of range"; } leaf end { type types-services:sdp-id; description "End of range"; } } // container sdp-id-range list fpe { key "fpe-id"; description "Enter the fpe list instance"; leaf fpe-id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..64"; } } description "FPE used to associate the application with a PXC"; } leaf description { type types-sros:description; description "Text description"; } container path { description "Enter the path context"; choice path-type { case port-xc { leaf pxc { type uint32 { range "1..64"; } description "Cross connect port identifier associated with this entry"; } } case lag { leaf xc-lag-a { type types-sros:lag-interface; description "LAG identifier A value"; } leaf xc-lag-b { type types-sros:lag-interface; description "LAG identifier B value"; } } } } // container path container application { description "Enter the application context"; leaf pw-port { type boolean; default "false"; description "Use FPE to set up FPE PW cross-connect"; } leaf sub-mgmt-extension { type boolean; default "false"; description "Reserve FPE for hybrid access bonding"; } container vxlan-termination { presence "VXLAN termination information."; description "Enter the vxlan-termination context"; leaf router-instance { type string; default "Base"; description "Routing context that provides reachability to the tunnel configured"; } } // container vxlan-termination } // container application } // list fpe } // container fwd-path-ext container ipsec { description "Enter the ipsec context"; leaf show-ipsec-keys { type boolean; default "false"; description "Show IPsec IKE and ESP keys."; } list cert-profile { key "name"; max-elements 10200; description "Enter the cert-profile list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Certificate profile name."; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the certificate profile."; } list entry { key "id"; max-elements 8; description "Enter the entry list instance"; leaf id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..8"; } } description "Certificate profile entry ID"; } leaf cert { type types-security:pki-file-name; description "Certificate file name for the certificate profile entry"; } leaf key { type types-security:pki-file-name; description "File name of imported key used for authentication"; } leaf rsa-signature { type enumeration { enum "pkcs1" { value 1; } enum "pss" { value 2; } } default "pkcs1"; description "Signature scheme for the RSA key"; } container send-chain { description "Enter the send-chain context"; leaf-list ca-profile { type types-sros:named-item; max-elements 7; description "CA certificate to send to the peer"; } } // container send-chain } // list entry } // list cert-profile list client-db { key "name"; max-elements 1000; description "Enter the client-db list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "IPsec client database name."; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the client database."; } leaf description { type types-sros:description; description "Text description"; } container match-list { description "Enter the match-list context"; leaf idi { type boolean; default "false"; description "Use IDi type in the IPsec client matching process"; } leaf peer-ip-prefix { type boolean; default "false"; description "Use the peer's tunnel IP address in matching process"; } } // container match-list list client { key "id"; description "Enter the client list instance"; leaf id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..8000"; } } description "Client ID"; } leaf admin-state { type types-sros:admin-state; default "disable"; description "Administrative state of the database client."; } leaf client-name { type types-sros:named-item; description "Client name"; } leaf private-interface { type types-sros:named-item; description "Private interface name used for tunnel setup"; } leaf private-service-name { type types-services:service-name; description "Name of the private service used for tunnel setup"; } leaf ts-list { type types-sros:named-item; description "Traffic selector list used by the tunnel"; } leaf tunnel-template { type uint32 { range "1..2048"; } description "Tunnel template ID"; } container credential { description "Enter the credential context"; leaf pre-shared-key { type types-sros:encrypted-leaf-hex-without-prefix { length "1..115"; } description "Pre-shared key used to authenticate peers"; } } // container credential container identification { description "Enter the identification context"; container idi { presence "Use the Identification Initiator (IDi) field in the client ID."; description "Enter the idi context"; choice idi { case any { leaf any { type boolean; description "Accept any IDi value as a match"; } } case ipv4-prefix { leaf ipv4-prefix { type types-sros:ipv4-prefix; description "IPv4 prefix used as the match criteria for the IDi"; } } case ipv4-prefix-any { leaf ipv4-prefix-any { type boolean; description "Accept any valid IPv4 prefix as a match for the IDi"; } } case ipv6-prefix { leaf ipv6-prefix { type types-sros:ipv6-prefix; description "IPv6 prefix used as the match criteria for the IDi"; } } case ipv6-prefix-any { leaf ipv6-prefix-any { type boolean; description "Accept any valid IPv6 prefix as a match for the IDi"; } } case fqdn { leaf fqdn { type types-sros:display-string-or-empty; description "FQDN used as the match criteria for the IDi"; } } case fqdn-suffix { leaf fqdn-suffix { type types-sros:display-string-or-empty; description "FQDN suffix used as the match criteria for the IDi"; } } case rfc822 { leaf rfc822 { type types-sros:display-string-or-empty; description "Email address (RFC 822) used as match criteria for IDi"; } } case rfc822-suffix { leaf rfc822-suffix { type types-sros:display-string-or-empty; description "Email address domain (RFC 822) as IDi match criteria"; } } } } // container idi container peer-ip-prefix { presence "Use the peer IP prefix field in the client ID."; description "Enter the peer-ip-prefix context"; choice prefix { case ipv4-only { leaf ipv4-only { type boolean; description "Accept any valid IPv4 address as a match"; } } case ipv6-only { leaf ipv6-only { type boolean; description "Accept any valid IPv6 address as a match"; } } case ip-prefix { leaf ip-prefix { type types-sros:ip-prefix; description "IP prefix used as the match criteria"; } } } } // container peer-ip-prefix } // container identification } // list client } // list client-db list ike-policy { key "id"; max-elements 2048; description "Enter the ike-policy list instance"; leaf id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-ipsec:ike-policy-id; } description "The unique identifier of an IKE policy."; } leaf description { type types-sros:description; description "Text description"; } leaf ipsec-lifetime { type types-ipsec:lifetime; default "3600"; description "Phase 1 lifetime for the IKE transform session"; } leaf match-peer-id-to-cert { type boolean; default "false"; description "Check IKE peer's ID during certificate authentication"; } leaf-list ike-transform { type types-ipsec:ike-transform-id; max-elements 4; description "IKE transform instance associated with the IKE policy"; } choice ike-version { default "version-1"; case version-1 { container ike-version-1 { description "Enter the ike-version-1 context"; leaf auth-method { type enumeration { enum "psk" { value 1; } enum "plain-psk-xauth" { value 4; } } default "psk"; description "Authentication method used with the IKE policy"; } leaf own-auth-method { type enumeration { enum "symmetric" { value 0; } } default "symmetric"; description "Authentication method used with policy on its own side"; } leaf ike-mode { type enumeration { enum "main" { value 1; } enum "aggressive" { value 2; } } default "main"; description "Mode of operation"; } leaf ph1-responder-delete-notify { type boolean; default "true"; description "Send delete notification for IKEv1 phase 1 removal"; } } // container ike-version-1 } case version-2 { container ike-version-2 { presence "IKE version 1."; description "Enter the ike-version-2 context"; leaf auth-method { type enumeration { enum "psk" { value 1; } enum "cert" { value 5; } enum "psk-radius" { value 6; } enum "cert-radius" { value 7; } enum "eap" { value 8; } enum "auto-eap-radius" { value 9; } enum "auto-eap" { value 10; } } default "psk"; description "Authentication method used with the IKE policy"; } leaf own-auth-method { type enumeration { enum "symmetric" { value 0; } enum "psk" { value 1; } enum "cert" { value 5; } enum "eap-only" { value 8; } } default "symmetric"; description "Authentication method used with IKE policy on own side"; } leaf auto-eap-method { type enumeration { enum "psk" { value 1; } enum "cert" { value 2; } enum "psk-or-cert" { value 3; } } default "cert"; description "Authentication method"; } leaf own-auto-eap-method { type enumeration { enum "psk" { value 1; } enum "cert" { value 2; } } default "cert"; description "Authentication method"; } leaf send-idr-after-eap-success { type boolean; default "true"; description "Send IDr payload in last IKE authentication response"; } container ikev2-fragment { presence "IKEv2 fragmentation."; description "Enter the ikev2-fragment context"; leaf mtu { type uint32 { range "512..9000"; } units "octets"; default "1500"; description "MTU of the IKEv2 messages"; } leaf reassembly-timeout { type uint32 { range "1..5"; } units "seconds"; default "2"; description "Timeout for reassembly of IKEv2 message fragments"; } } // container ikev2-fragment } // container ike-version-2 } } container limit-init-exchange { description "Enter the limit-init-exchange context"; leaf admin-state { type types-sros:admin-state; default "enable"; description "Administrative state of limiting initial IKE exchanges"; } leaf reduced-max-exchange-timeout { type union { type uint32 { range "2..60"; } type enumeration { enum "none" { value 0; } } } units "seconds"; default "2"; description "Max timeout for the in-progress initial IKE exchange"; } } // container limit-init-exchange container dpd { presence "Dead Peer Detection (DPD)."; description "Enter the dpd context"; leaf reply-only { type boolean; default "false"; description "Initiate DPD request for incoming ESP or IKE packets"; } leaf interval { type uint32 { range "10..300"; } units "seconds"; default "30"; description "DPD interval"; } leaf max-retries { type uint32 { range "2..5"; } default "3"; description "Maximum number of retries before the tunnel is removed"; } } // container dpd container nat-traversal { presence "Network Address Translation Traversal (NAT-T)."; description "Enter the nat-traversal context"; leaf force { type boolean; default "false"; description "Force NAT-T to be enabled."; } leaf keep-alive-interval { type uint32 { range "120..600"; } units "seconds"; description "The keep alive interval for NAT-T."; } leaf force-keep-alive { type boolean; default "true"; description "Send the keep alive packets only when behind a NAT."; } } // container nat-traversal container lockout { presence "IPsec client lockout."; description "Enter the lockout context"; leaf failed-attempts { type uint32 { range "1..64"; } default "3"; description "Maximum failed authentications allowed in the duration"; } leaf duration { type uint32 { range "1..60"; } units "minutes"; default "5"; description "Time interval in which failed attempts must be exceeded"; } leaf block { type union { type uint32 { range "1..1440"; } type enumeration { enum "infinite" { value 0; } } } units "minutes"; default "10"; description "Time a client is blocked for failed authentications"; } leaf max-port-per-ip { type uint32 { range "1..32000"; } default "16"; description "Max number of ports allowed behind the same IP address"; } } // container lockout container pfs { presence "Perfect Forward Secrecy (PFS) for the IPsec tunnels using this IKE policy."; description "Enter the pfs context"; leaf dh-group { type types-ipsec:dh-group; default "group-2"; description "The new Diffie-Hellman (DH) group used when each time the SA(Security Association) key is renegotiated."; } } // container pfs container relay-unsolicited-cfg-attribute { description "Enter the relay-unsolicited-cfg-attribute context"; leaf internal-ip4-address { type boolean; default "false"; description "IPv4 address attribute."; } leaf internal-ip4-netmask { type boolean; default "false"; description "IPv4 netmask attribute."; } leaf internal-ip4-dns { type boolean; default "false"; description "IPv4 DNS attribute."; } leaf internal-ip6-address { type boolean; default "false"; description "IPv6 address attribute."; } leaf internal-ip6-dns { type boolean; default "false"; description "IPv6 DNS attribute."; } } // container relay-unsolicited-cfg-attribute } // list ike-policy list ike-transform { key "id"; max-elements 4096; description "Enter the ike-transform list instance"; leaf id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-ipsec:ike-transform-id; } description "The unique identifier of an IKE transform."; } leaf dh-group { type types-ipsec:dh-group; default "group-2"; description "Diffie-Helman group used to calculate session keys"; } leaf ike-auth-algorithm { type types-ipsec:ike-auth-algorithms; default "sha-1"; description "IKE authentication algorithm for IKE transform instance"; } leaf ike-encryption-algorithm { type types-ipsec:ike-encryption-algorithms; default "aes-128"; description "IKE encryption algorith for the IKE transform instance"; } leaf ike-prf-algorithm { type types-ipsec:prf-algorithms; default "same-as-auth"; description "PRF algorithm for the IKE transform instance"; } leaf isakmp-lifetime { type types-ipsec:lifetime; default "86400"; description "Phase 1 lifetime for the IKE transform instance"; } } // list ike-transform list ipsec-transform { key "id"; max-elements 2048; description "Enter the ipsec-transform list instance"; leaf id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..2048"; } } description "IPsec transform ID."; } leaf esp-auth-algorithm { type types-ipsec:auth-algorithms; default "sha-1"; description "The authentication algorithm for this IPsec transform."; } leaf esp-encryption-algorithm { type types-ipsec:encryption-algorithms; default "aes-128"; description "Encryption algorithm for the IPsec transform session"; } leaf ipsec-lifetime { type types-ipsec:lifetime; description "Phase 2 lifetime for the IPsec transform session"; } leaf pfs-dh-group { type enumeration { enum "none" { value 0; } enum "group-1" { value 1; } enum "group-2" { value 2; } enum "group-5" { value 5; } enum "group-14" { value 14; } enum "group-15" { value 15; } enum "group-19" { value 19; } enum "group-20" { value 20; } enum "group-21" { value 21; } } description "Diffie-Hellman group used for PFS compilation"; } } // list ipsec-transform list static-sa { key "name"; max-elements 1000; description "Enter the static-sa list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "Static Security Association (SA) name."; } leaf description { type types-sros:named-item; description "Text description"; } leaf direction { type enumeration { enum "inbound" { value 1; } enum "outbound" { value 2; } enum "bidirectional" { value 3; } } default "bidirectional"; description "Direction to which the static SA entry can be applied"; } leaf protocol { type enumeration { enum "ah" { value 1; } enum "esp" { value 2; } } default "esp"; description "IPsec protocol used with the static SA"; } leaf spi { type uint32 { range "256..16383"; } description "Security Parameter Index (SPI) for the static SA"; } container authentication { presence "Authentication algorithm and key for this static SA.."; description "Enter the authentication context"; leaf algorithm { type enumeration { enum "md5" { value 2; } enum "sha1" { value 3; } } description "Authentication algorithm used for an IPsec manual SA"; } leaf key { type types-sros:encrypted-leaf { length "1..54"; } description "Key used for the authentication algorithm"; } } // container authentication } // list static-sa list ts-list { key "name"; max-elements 32768; description "Enter the ts-list list instance"; leaf name { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type types-sros:named-item; } description "IPsec Traffic Selector (TS) list name."; } container local { description "Enter the local context"; list entry { key "id"; description "Enter the entry list instance"; leaf id { type union { type string { length "1..64"; pattern "<.*>" { error-message "Config Groups Regex Pattern"; } } type uint32 { range "1..32"; } } description "The unique ID of this TS list entry."; } container address { presence "The IP addresses accepted by the TS list."; description "Enter the address context"; choice address-range { case prefix { leaf prefix { type types-sros:ip-prefix; description "IP prefix for address range in IKEv2 traffic selector"; } } case range { container range { presence "The begin and end IP of the supported address range."; description "Enter the range context"; leaf begin { type types-sros:ip-address; description "Beginning IP address of the range for the entry"; } leaf end { type types-sros:ip-address; description "The end IP address."; } } // container range } } } // container address container protocol { presence "The protocol ID and its port range accepted by the TS list."; description "Enter the protocol context"; choice range { case any { leaf any { type empty; description "Match any protocol ID"; } } case id { container id { presence "The accepted protocol ID and its port range."; description "Enter the id context"; choice id { case tcp { container tcp { description "Enter the tcp context"; choice port { case opaque-port { leaf opaque { type empty; description "Match OPAQUE ports"; } } case port-range { container port-range { presence "The accepted begin and end ports."; description "Enter the port-range context"; leaf begin { type uint32 { range "0..65535"; } description "Lower bound of the port range"; } leaf end { type uint32 { range "0..65535"; } description "Upper bound of the port range"; } } // container port-range } } } // container tcp } case udp { container udp { description "Enter the udp context"; choice port { case opaque-port { leaf opaque { type empty; description "Match OPAQUE ports"; } } case port-range { container port-range { presence "The accepted begin and end ports."; description "Enter the port-range context"; leaf begin { type uint32 { range "0..65535"; } description "Lower bound of the port range"; } leaf end { type uint32 { range "0..65535"; } description "Upper bound of the port range"; } } // container port-range } } } // container udp } case sctp { container sctp { description "Enter the sctp context"; choice port { case opaque-port { leaf opaque { type empty; description "Match OPAQUE ports"; } } case port-range { container port-range { presence "The accepted begin and end ports."; description "Enter the port-range context"; leaf begin { type uint32 { range "0..65535"; } description "Lower bound of the port range"; } leaf end { type uint32 { range "0..65535"; } description "Upper bound of the port range"; } } // container port-range } } } // container sctp } case icmp { container icmp { description "Enter the icmp context"; choice port { case opaque-port { leaf opaque { type empty; description "Match OPAQUE ports"; } } case port-range { container port-range { presence "The accepted begin and end ICMP ports (type and code)."; description "Enter the port-range context"; leaf begin-icmp-type { type uint16 { range "0..255"; } description "Lower bound of the ICMP type range"; } leaf begin-icmp-code { type uint16 { range "0..255"; } description "Lower bound of the ICMP code range"; } leaf end-icmp-type { type uint16 { range "0..255"; } description "Upper bound of the ICMP type range"; } leaf end-icmp-code { type uint16 { range "0..255"; } description "Upper bound of the ICMP code range"; } } // container port-range } } } // container icmp } case icmp6 { container icmp6 { description "Enter the icmp6 context"; choice port { case opaque-port { leaf opaque { type empty; description "Match OPAQUE ports"; } } case port-range {