From 137ce8dd46d313f15ee93ddbb5428d702aa61ed8 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 06:24:34 +0200 Subject: Merging upstream version 10.0. Signed-off-by: Daniel Baumann --- yang/frr-affinity-map.yang | 11 + yang/frr-bgp-neighbor.yang | 2 +- yang/frr-bgp-route-map.yang | 6 + yang/frr-eigrpd.yang | 5 + yang/frr-filter.yang | 194 ++++--- yang/frr-interface.yang | 9 +- yang/frr-ripd.yang | 11 +- yang/frr-ripngd.yang | 11 +- yang/frr-route-types.yang | 56 +- yang/frr-test-module.yang | 18 + yang/frr-zebra.yang | 787 ++++++++++++++++++++++++- yang/ietf/ietf-netconf-acm.yang | 464 +++++++++++++++ yang/ietf/ietf-netconf-with-defaults.yang | 139 +++++ yang/ietf/ietf-netconf.yang | 933 ++++++++++++++++++++++++++++++ yang/subdir.am | 3 + 15 files changed, 2533 insertions(+), 116 deletions(-) create mode 100644 yang/ietf/ietf-netconf-acm.yang create mode 100644 yang/ietf/ietf-netconf-with-defaults.yang create mode 100644 yang/ietf/ietf-netconf.yang (limited to 'yang') diff --git a/yang/frr-affinity-map.yang b/yang/frr-affinity-map.yang index c4377e6..f1d9e44 100644 --- a/yang/frr-affinity-map.yang +++ b/yang/frr-affinity-map.yang @@ -53,12 +53,22 @@ module frr-affinity-map { "Initial revision"; } + typedef affinity-map-ref { + type leafref { + path "/frr-affinity-map:lib/frr-affinity-map:affinity-maps/frr-affinity-map:affinity-map/frr-affinity-map:name"; + require-instance true; + } + description + "Reference to an affinity map"; + } + container lib { container affinity-maps { description "Affinity Mapping Table"; list affinity-map { key "name"; + unique "value"; description "Affinity Mapping configuration"; leaf name { @@ -69,6 +79,7 @@ module frr-affinity-map { "Affinity Name"; } leaf value { + mandatory true; type uint16 { range "0..1023"; } diff --git a/yang/frr-bgp-neighbor.yang b/yang/frr-bgp-neighbor.yang index 5a4c379..b199ab9 100644 --- a/yang/frr-bgp-neighbor.yang +++ b/yang/frr-bgp-neighbor.yang @@ -76,7 +76,7 @@ submodule frr-bgp-neighbor { leaf enforce-first-as { type boolean; - default "false"; + default "true"; description "When set to 'true' it will enforce the first AS for EBGP routes."; } diff --git a/yang/frr-bgp-route-map.yang b/yang/frr-bgp-route-map.yang index c50c513..c679f3b 100644 --- a/yang/frr-bgp-route-map.yang +++ b/yang/frr-bgp-route-map.yang @@ -379,6 +379,7 @@ identity set-extcommunity-color { grouping extcommunity-non-transitive-types { leaf two-octet-as-specific { type boolean; + default false; description "Non-Transitive Two-Octet AS-Specific Extended Community"; } @@ -769,6 +770,7 @@ identity set-extcommunity-color { + "derived-from-or-self(/frr-route-map:lib/frr-route-map:route-map/frr-route-map:entry/frr-route-map:match-condition/frr-route-map:condition, 'frr-bgp-route-map:match-extcommunity')"; container comm-list { leaf comm-list-name { + mandatory true; type bgp-filter:bgp-list-name; } @@ -872,11 +874,13 @@ identity set-extcommunity-color { description "Value of the ext-community."; leaf lb-type { + mandatory true; type frr-bgp-route-map:extcommunity-lb-type; } leaf bandwidth { when "../lb-type = 'explicit-bandwidth'"; + mandatory true; type uint16 { range "1..25600"; } @@ -1108,12 +1112,14 @@ identity set-extcommunity-color { container aggregator { leaf aggregator-asn { type asn-type; + mandatory true; description "ASN of the aggregator"; } leaf aggregator-address { type inet:ipv4-address; + mandatory true; description "IPv4 address of the aggregator"; } diff --git a/yang/frr-eigrpd.yang b/yang/frr-eigrpd.yang index e9071c8..f672dd5 100644 --- a/yang/frr-eigrpd.yang +++ b/yang/frr-eigrpd.yang @@ -22,6 +22,9 @@ module frr-eigrpd { import frr-route-types { prefix frr-route-types; } + import frr-filter { + prefix frr-filter; + } organization "FRRouting"; contact @@ -224,6 +227,8 @@ module frr-eigrpd { type inet:ipv4-address; } + uses frr-filter:distribute-list-group; + list redistribute { description "Redistribute routes learned from other routing protocols"; diff --git a/yang/frr-filter.yang b/yang/frr-filter.yang index a1946d8..9b65fcc 100644 --- a/yang/frr-filter.yang +++ b/yang/frr-filter.yang @@ -10,6 +10,9 @@ module frr-filter { import ietf-yang-types { prefix yang; } + import frr-interface { + prefix frr-interface; + } organization "FRRouting"; contact @@ -45,35 +48,95 @@ module frr-filter { revision 2019-07-04 { description "Initial revision"; + reference "FRRouting"; } /* * Types. */ typedef access-list-name { - description "Access list name formatting"; type string { length 1..128; } + description "Access list name formatting"; } typedef access-list-sequence { - description "Access list sequence number"; type uint32 { range "1..4294967295"; } + description "Access list sequence number"; } typedef access-list-action { - description "Access list return action on match"; type enumeration { enum deny { - description "Deny an entry"; value 0; + description "Deny an entry"; } enum permit { - description "Accept an entry"; value 1; + description "Accept an entry"; + } + } + description "Access list return action on match"; + } + + typedef access-list-ref { + type leafref { + path "/frr-filter:lib/frr-filter:access-list/frr-filter:name"; + require-instance false; + } + description "IPv4 or IPv6 access list reference"; + } + + typedef prefix-list-ref { + type leafref { + path "/frr-filter:lib/frr-filter:prefix-list/frr-filter:name"; + require-instance false; + } + description "IPv4 or IPv6 prefix list reference"; + } + + /* + * Grouping. + */ + grouping distribute-list-group { + description "Distribute list grouping"; + list distribute-list { + key "interface"; + description "Distribute list configuration"; + + leaf interface { + type union { + type frr-interface:interface-ref; + type empty; + } + description + "Interface to attach list to or empty for global."; + } + + container in { + description "Inbound filter list"; + leaf access-list { + type access-list-ref; + description "inbound access list"; + } + leaf prefix-list { + type prefix-list-ref; + description "inbound prefix list"; + } + } + container out { + description "Outbound filter list"; + leaf access-list { + type access-list-ref; + description "outbound access list"; + } + leaf prefix-list { + type prefix-list-ref; + description "outbound prefix list"; + } } } } @@ -82,77 +145,74 @@ module frr-filter { * Configuration data. */ container lib { + description "Filter library"; list access-list { - description "Access list instance"; - key "type name"; + description "Access list instance"; leaf type { - description "Access list content type"; type enumeration { enum ipv4 { - description "Internet Protocol address version 4"; - value 0; - } - enum ipv6 { - description "Internet Protocol address version 6"; - value 1; + value 0; + description "Internet Protocol address version 4"; + } + enum ipv6 { + value 1; + description "Internet Protocol address version 6"; } enum mac { - description "Media Access Control address"; value 2; + description "Media Access Control address"; } } + description "Access list content type"; } leaf name { - description "Access list name"; type access-list-name; + description "Access list name"; } leaf remark { - description "Access list remark"; type string; + description "Access list remark"; } list entry { - description "Access list entry"; - key "sequence"; - + description "Access list entry"; leaf sequence { - description "Access list sequence value"; type access-list-sequence; + description "Access list sequence value"; } - leaf action { - description "Access list action on match"; type access-list-action; mandatory true; + description "Access list action on match"; } choice value { - description "Access list value to match"; mandatory true; + description "Access list value to match"; case ipv4-prefix { when "../type = 'ipv4'"; choice style { - description "Access list entry style selection: zebra or cisco."; mandatory true; + description "Access list entry style selection: zebra or cisco."; case zebra { leaf ipv4-prefix { - description "Configure IPv4 prefix to match"; type inet:ipv4-prefix; mandatory true; + description "Configure IPv4 prefix to match"; } leaf ipv4-exact-match { - description "Exact match of prefix"; type boolean; default false; + description "Exact match of prefix"; } } case cisco { @@ -160,19 +220,20 @@ module frr-filter { description "Source value to match"; leaf host { - description "Host to match"; type inet:ipv4-address; + description "Host to match"; } container network { + description "Network to match"; leaf address { + type inet:ipv4-address; mandatory true; description "Network address part."; - type inet:ipv4-address; } leaf mask { + type inet:ipv4-address; mandatory true; description "Network mask/wildcard part."; - type inet:ipv4-address; } } leaf source-any { @@ -180,8 +241,8 @@ module frr-filter { * Was `any`, however it conflicts with `any` leaf * outside this choice. */ - description "Match any"; type empty; + description "Match any"; } } @@ -189,24 +250,25 @@ module frr-filter { description "Destination value to match"; leaf destination-host { - description "Host to match"; type inet:ipv4-address; + description "Host to match"; } container destination-network { + description "Destination network to match"; leaf address { + type inet:ipv4-address; mandatory true; description "Network address part."; - type inet:ipv4-address; } leaf mask { + type inet:ipv4-address; mandatory true; description "Network mask/wildcard part."; - type inet:ipv4-address; } } leaf destination-any { - description "Match any"; type empty; + description "Match any"; } } } @@ -216,29 +278,29 @@ module frr-filter { when "../type = 'ipv6'"; leaf ipv6-prefix { - description "Configure IPv6 prefix to match"; type inet:ipv6-prefix; mandatory true; + description "Configure IPv6 prefix to match"; } leaf ipv6-exact-match { - description "Exact match of prefix"; type boolean; default false; + description "Exact match of prefix"; } } case mac { when "../type = 'mac'"; leaf mac { - description "Configure MAC address to match"; type yang:mac-address; + description "Configure MAC address to match"; } } case any { leaf any { - description "Match anything"; type empty; + description "Match anything"; } } } @@ -246,108 +308,104 @@ module frr-filter { } list prefix-list { - description "Prefix list instance"; - key "type name"; - + description "Prefix list instance"; leaf type { - description "Prefix list type"; type enumeration { enum ipv4 { - description "Internet Protocol address version 4"; value 0; + description "Internet Protocol address version 4"; } enum ipv6 { - description "Internet Protocol address version 6"; value 1; + description "Internet Protocol address version 6"; } } + description "Prefix list type"; } leaf name { - description "Prefix list name"; type access-list-name; + description "Prefix list name"; } leaf remark { - description "Prefix list user description"; type string; + description "Prefix list user description"; } list entry { - description "Prefix list entry"; - key "sequence"; - + description "Prefix list entry"; leaf sequence { - description "Prefix list sequence value"; type access-list-sequence; + description "Prefix list sequence value"; } leaf action { - description "Prefix list action on match"; type access-list-action; mandatory true; + description "Prefix list action on match"; } choice value { - description "Prefix list value to match"; mandatory true; + description "Prefix list value to match"; case ipv4-prefix { leaf ipv4-prefix { - description "Configure IPv4 prefix to match"; type inet:ipv4-prefix; mandatory true; + description "Configure IPv4 prefix to match"; } leaf ipv4-prefix-length-greater-or-equal { - description - "Specifies if matching prefixes with length greater than - or equal to value"; type uint8 { range "0..32"; } + description + "Specifies if matching prefixes with length greater than + or equal to value"; } leaf ipv4-prefix-length-lesser-or-equal { - description - "Specifies if matching prefixes with length lesser than - or equal to value"; type uint8 { range "0..32"; } + description + "Specifies if matching prefixes with length lesser than + or equal to value"; } } case ipv6-prefix { leaf ipv6-prefix { - description "Configure IPv6 prefix to match"; type inet:ipv6-prefix; mandatory true; + description "Configure IPv6 prefix to match"; } leaf ipv6-prefix-length-greater-or-equal { - description - "Specifies if matching prefixes with length greater than - or equal to value"; type uint8 { range "0..128"; } + description + "Specifies if matching prefixes with length greater than + or equal to value"; } leaf ipv6-prefix-length-lesser-or-equal { - description - "Specifies if matching prefixes with length lesser than - or equal to value"; type uint8 { range "0..128"; } + description + "Specifies if matching prefixes with length lesser than + or equal to value"; } } case any { leaf any { - description "Match anything"; type empty; + description "Match anything"; } } } diff --git a/yang/frr-interface.yang b/yang/frr-interface.yang index 012c96b..fc5a290 100644 --- a/yang/frr-interface.yang +++ b/yang/frr-interface.yang @@ -241,17 +241,18 @@ module frr-interface { } leaf mtu { - type uint16; + type uint32; description - "The size of the largest IPV4 packet that the interface - will send and receive."; + "The size of the largest IPV4 packet that the interface will send. + Normally this will never be larger than 65535; however, some devices + (e.g., vrf) can have larger values"; } leaf mtu6 { type uint32; description "The size of the largest IPV6 packet that the interface - will send and receive."; + will send."; } leaf speed { diff --git a/yang/frr-ripd.yang b/yang/frr-ripd.yang index 5f85a4c..d65ee48 100644 --- a/yang/frr-ripd.yang +++ b/yang/frr-ripd.yang @@ -16,6 +16,9 @@ module frr-ripd { import frr-bfdd { prefix frr-bfdd; } + import frr-filter { + prefix frr-filter; + } import frr-interface { prefix frr-interface; } @@ -258,6 +261,9 @@ module frr-ripd { "A list of interfaces where the sending of RIP packets is enabled."; } + + uses frr-filter:distribute-list-group; + list redistribute { key "protocol"; description @@ -380,9 +386,9 @@ module frr-ripd { } leaf default-bfd-profile { + type frr-bfdd:profile-ref; description "Use this BFD profile for all peers by default."; - type frr-bfdd:profile-ref; } /* @@ -691,12 +697,13 @@ module frr-ripd { container bfd-monitoring { presence "Present if BFD is configured for RIP peers in this interface."; + description "Configure BFD use in RIPD"; leaf enable { type boolean; + default false; description "Enable/disable BFD monitoring."; - default false; } leaf profile { diff --git a/yang/frr-ripngd.yang b/yang/frr-ripngd.yang index 4aeaf36..383b45f 100644 --- a/yang/frr-ripngd.yang +++ b/yang/frr-ripngd.yang @@ -13,6 +13,9 @@ module frr-ripngd { import frr-if-rmap { prefix frr-if-rmap; } + import frr-filter { + prefix frr-filter; + } import frr-interface { prefix frr-interface; } @@ -63,6 +66,7 @@ module frr-ripngd { description "Changed interface references to use frr-interface:interface-ref typedef"; + reference "FRRouting"; } revision 2018-11-27 { description @@ -72,6 +76,7 @@ module frr-ripngd { } container ripngd { + description "ripng routing instance data"; /* * Routing instance configuration. */ @@ -169,15 +174,18 @@ module frr-ripngd { "A list of interfaces where the sending of RIPng packets is disabled."; } + + uses frr-filter:distribute-list-group; + list redistribute { key "protocol"; description "Redistributes routes learned from other routing protocols."; leaf protocol { type frr-route-types:frr-route-types-v6; + must '. != "ripng"'; description "Routing protocol."; - must '. != "ripng"'; } leaf route-map { type frr-route-map:route-map-ref; @@ -330,6 +338,7 @@ module frr-ripngd { * Per-interface configuration data */ augment "/frr-interface:lib/frr-interface:interface" { + description "RIPng interface augmentation."; container ripng { description "RIPng interface parameters."; diff --git a/yang/frr-route-types.yang b/yang/frr-route-types.yang index 728607c..aa676ce 100644 --- a/yang/frr-route-types.yang +++ b/yang/frr-route-types.yang @@ -54,44 +54,47 @@ module frr-route-types { enum connected { value 2; } - enum static { + enum local { value 3; } - enum rip { + enum static { value 4; } + enum rip { + value 5; + } enum ospf { - value 6; + value 7; } enum isis { - value 8; + value 9; } enum bgp { - value 9; + value 10; } enum eigrp { - value 11; + value 12; } enum nhrp { - value 12; + value 13; } enum table { - value 15; + value 16; } enum vnc { - value 17; + value 18; } enum vnc-direct { - value 18; + value 19; } enum babel { - value 22; + value 23; } enum sharp { - value 23; + value 24; } enum openfabric { - value 26; + value 27; } } } @@ -104,41 +107,44 @@ module frr-route-types { enum connected { value 2; } - enum static { + enum local { value 3; } + enum static { + value 4; + } enum ripng { - value 5; + value 6; } enum ospf6 { - value 7; + value 8; } enum isis { - value 8; + value 9; } enum bgp { - value 9; + value 10; } enum nhrp { - value 12; + value 13; } enum table { - value 15; + value 16; } enum vnc { - value 17; + value 18; } enum vnc-direct { - value 18; + value 19; } enum babel { - value 22; + value 23; } enum sharp { - value 23; + value 24; } enum openfabric { - value 26; + value 27; } } } diff --git a/yang/frr-test-module.yang b/yang/frr-test-module.yang index d6e7188..6cc60e8 100644 --- a/yang/frr-test-module.yang +++ b/yang/frr-test-module.yang @@ -82,5 +82,23 @@ module frr-test-module { } } } + choice achoice { + description "a choice statement"; + case case1 { + leaf c1value { + type uint8; + description "A uint8 value for case 1"; + } + } + case case2 { + container c2cont { + description "case 2 container"; + leaf c2value { + type uint32; + description "A uint32 value for case 2"; + } + } + } + } } } diff --git a/yang/frr-zebra.yang b/yang/frr-zebra.yang index 3c6e451..c338a23 100644 --- a/yang/frr-zebra.yang +++ b/yang/frr-zebra.yang @@ -81,6 +81,16 @@ module frr-zebra { "Initial revision."; } + feature ipv6-router-advertisements { + description + "Support for IPv6 Router Advertisements."; + } + + feature ptm-bfd { + description + "Using an external PTM daemon that implements BFD."; + } + typedef unix-timestamp { type uint32; units "seconds"; @@ -1935,19 +1945,23 @@ module frr-zebra { description "Extends interface model with Zebra-related parameters."; container zebra { - list ip-addrs { - key "address-family ip-prefix"; + list ipv4-addrs { + key "ip prefix-length"; description - "IP prefixes for an interface."; - uses frr-rt:address-family { + "The list of configured IPv4 addresses on the interface."; + + leaf ip { + type inet:ipv4-address-no-zone; description - "Address family of the RIB."; + "The IPv4 address on the interface."; } - leaf ip-prefix { - type inet:ip-prefix; + leaf prefix-length { + type uint8 { + range "0..32"; + } description - "IP address prefix."; + "The length of the subnet prefix."; } leaf label { @@ -1955,12 +1969,57 @@ module frr-zebra { description "Optional string label for the address."; } + } + + list ipv4-p2p-addrs { + key "ip peer-ip peer-prefix-length"; + description + "The list of configured peer-to-peer IPv4 addresses on the interface."; + + leaf ip { + type inet:ipv4-address-no-zone; + description + "The IPv4 address on the interface."; + } + + leaf peer-ip { + type inet:ipv4-address-no-zone; + description + "Peer address."; + } + + leaf peer-prefix-length { + type uint8 { + range "0..32"; + } + description + "The length of the peer subnet prefix."; + } - leaf ip4-peer { - when "derived-from-or-self(../address-family, 'frr-rt:ipv4')"; - type inet:ipv4-prefix; + leaf label { + type string; description - "Peer prefix, for peer-to-peer interfaces."; + "Optional string label for the address."; + } + } + + list ipv6-addrs { + key "ip prefix-length"; + description + "The list of configured IPv6 addresses on the interface."; + + leaf ip { + type inet:ipv6-address-no-zone; + description + "The IPv6 address on the interface."; + } + + leaf prefix-length { + type uint8 { + range "0..128"; + } + description + "The length of the subnet prefix."; } } @@ -1972,11 +2031,12 @@ module frr-zebra { leaf link-detect { type boolean; + default "true"; description "Link-detection for the interface."; } - leaf shutdown { + leaf enabled { type boolean; description "Interface admin status."; @@ -1990,14 +2050,69 @@ module frr-zebra { leaf bandwidth { type uint32 { - range "1..100000"; + range "1..1000000"; } + units "megabits/sec"; description "Link bandwidth informational parameter, in megabits."; } container link-params { + presence "Activates link parameters on this interface."; description "link-params for Traffic-Engineering (TE) use in IGP extensions."; + leaf metric { + type uint32; + description + "Link metric for MPLS-TE purpose."; + } + leaf max-bandwidth { + type rt-types:bandwidth-ieee-float32; + description + "Maximum bandwidth."; + } + leaf max-reservable-bandwidth { + type rt-types:bandwidth-ieee-float32; + description + "Maximum reservable bandwidth."; + } + container unreserved-bandwidths { + description + "All unreserved bandwidths."; + list unreserved-bandwidth { + key "priority"; + leaf priority { + type uint8 { + range "0 .. 7"; + } + description + "Priority from 0 to 7."; + } + leaf unreserved-bandwidth { + type rt-types:bandwidth-ieee-float32; + mandatory true; + description + "Unreserved bandwidth."; + } + description + "List of unreserved bandwidths for different + priorities."; + } + } + leaf residual-bandwidth { + type rt-types:bandwidth-ieee-float32; + description + "Unidirectional residual bandwidth."; + } + leaf available-bandwidth { + type rt-types:bandwidth-ieee-float32; + description + "Unidirectional available bandwidth."; + } + leaf utilized-bandwidth { + type rt-types:bandwidth-ieee-float32; + description + "Unidirectional utilized bandwidth."; + } choice admin-group-mode { description "Admin-group mode"; case legacy { @@ -2011,8 +2126,11 @@ module frr-zebra { case affinity { container affinities { leaf-list affinity { - type string; + type frr-affinity-map:affinity-map-ref; max-elements "256"; + must '../../affinity-mode != "standard" or /frr-affinity-map:lib/frr-affinity-map:affinity-maps/frr-affinity-map:affinity-map[frr-affinity-map:name=current()]/frr-affinity-map:value < 32' { + error-message "Affinity bit-position must be less than 32 when used with standard affinity mode"; + } description "Array of Attribute Names"; } @@ -2041,9 +2159,526 @@ module frr-zebra { } } } + container neighbor { + description "Remote ASBR information (RFC 5316 & RFC 5392)"; + presence "Activates neighbor information on this interface."; + leaf remote-as { + type inet:as-number; + mandatory true; + description + "Remote AS Number (RFC 5316 & RFC 5392)"; + } + leaf ipv4-remote-id { + type inet:ipv4-address; + mandatory true; + description + "IPv4 Remote ASBR ID (RFC 5316 & RFC 5392)"; + } + } + leaf delay { + type uint32 { + range "0..16777215"; + } + description + "Average Unidirectional Link Delay"; + } + container min-max-delay { + description + "Min/Max Unidirectional Link Delay"; + presence "Activates min/max delay."; + leaf delay-min { + type uint32 { + range "0..16777215"; + } + must '. <= ../../delay' { + error-message "Min delay must be less than or equal to delay"; + } + mandatory true; + description + "Min Delay"; + } + leaf delay-max { + type uint32 { + range "0..16777215"; + } + must '. >= ../../delay' { + error-message "Max delay must be greater than or equal to delay"; + } + mandatory true; + description + "Max Delay"; + } + } + leaf delay-variation { + type uint32 { + range "0..16777215"; + } + description + "Unidirectional Delay Variation"; + } + leaf packet-loss { + type decimal64 { + fraction-digits 6; + range "0..50.331642"; + } + description + "Unidirectional Link Packet Loss"; + } // TODO -- other link-params options // for (experimental/partial TE use in IGP extensions) } + container evpn-mh { + description "EVPN multihoming configuration"; + choice esi-choice { + description "ESI type"; + container type-0 { + leaf esi { + type yang:hex-string { + length "29"; + } + description + "10-octet ESI."; + } + } + container type-3 { + leaf system-mac { + type yang:mac-address; + description + "System MAC address."; + } + leaf local-discriminator { + type uint32 { + range "1..16777215"; + } + description + "Local discriminator."; + } + } + } + leaf df-preference { + type uint16; + default "32767"; + description + "Preference value used for DF election."; + } + leaf bypass { + type boolean; + default "false"; + description + "Bypass mode."; + } + leaf uplink { + type boolean; + default "false"; + description + "Uplink to the VxLAN core."; + } + } + container ipv6-router-advertisements { + if-feature "ipv6-router-advertisements"; + description + "Support for IPv6 Router Advertisements."; + leaf send-advertisements { + type boolean; + default "false"; + description + "A flag indicating whether or not the router sends + periodic Router Advertisements and responds to + Router Solicitations."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - AdvSendAdvertisements"; + } + leaf max-rtr-adv-interval { + type uint32 { + range "70..1800000"; + } + units "milliseconds"; + default "600000"; + description + "The maximum time allowed between sending unsolicited + multicast Router Advertisements from the interface."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - MaxRtrAdvInterval + RFC 6275: Mobility Support in IPv6"; + } + // Setting this value is not yet supported by the actual code. + /* + leaf min-rtr-adv-interval { + type uint32 { + range "30..1350000"; + } + units "milliseconds"; + must ". <= 0.75 * ../max-rtr-adv-interval" { + description + "The value MUST NOT be greater than 75% of + 'max-rtr-adv-interval'."; + } + description + "The minimum time allowed between sending unsolicited + multicast Router Advertisements from the interface. + + The default value to be used operationally if this + leaf is not configured is determined as follows: + + - if max-rtr-adv-interval >= 9 seconds, the default + value is 0.33 * max-rtr-adv-interval; + + - otherwise, it is 0.75 * max-rtr-adv-interval."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - MaxRtrAdvInterval + RFC 6275: Mobility Support in IPv6"; + } + */ + leaf managed-flag { + type boolean; + default "false"; + description + "The value to be placed in the 'Managed address + configuration' flag field in the Router + Advertisement."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - AdvManagedFlag"; + } + leaf other-config-flag { + type boolean; + default "false"; + description + "The value to be placed in the 'Other configuration' + flag field in the Router Advertisement."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - AdvOtherConfigFlag"; + } + leaf home-agent-flag { + type boolean; + default "false"; + description + "The value to be placed in the 'Home Agent' + flag field in the Router Advertisement."; + reference + "RFC 6275: Mobility Support in IPv6"; + } + leaf link-mtu { + type uint32; + default "0"; + description + "The value to be placed in MTU options sent by the + router. A value of zero indicates that no MTU options + are sent."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - AdvLinkMTU"; + } + leaf reachable-time { + type uint32 { + range "0..3600000"; + } + units "milliseconds"; + default "0"; + description + "The value to be placed in the Reachable Time field in + the Router Advertisement messages sent by the router. + A value of zero means unspecified (by this router)."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - AdvReachableTime"; + } + leaf retrans-timer { + type uint32; + units "milliseconds"; + default "0"; + description + "The value to be placed in the Retrans Timer field in + the Router Advertisement messages sent by the router. + A value of zero means unspecified (by this router)."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - AdvRetransTimer"; + } + leaf cur-hop-limit { + type uint8; + description + "The value to be placed in the Cur Hop Limit field in + the Router Advertisement messages sent by the router. + A value of zero means unspecified (by this router). + + If this parameter is not configured, the device SHOULD + use the IANA-specified value for the default IPv4 + Time to Live (TTL) parameter that was in effect at the + time of implementation."; + reference + "RFC 3232: Assigned Numbers: RFC 1700 is Replaced by + an On-line Database + RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - AdvCurHopLimit + IANA: IP Parameters + (https://www.iana.org/assignments/ip-parameters)"; + } + leaf default-lifetime { + type uint16 { + range "0..9000"; + } + units "seconds"; + must ". = 0 or . * 1000 >= ../max-rtr-adv-interval" { + description + "The value MUST NOT be less than max-rtr-adv-interval."; + } + description + "The value to be placed in the Router Lifetime field of + Router Advertisements sent from the interface, in + seconds. It MUST be either zero or between + max-rtr-adv-interval and 9000 seconds. A value of zero + indicates that the router is not to be used as a + default router. These limits may be overridden by + specific documents that describe how IPv6 operates over + different link layers. + + If this parameter is not configured, the device SHOULD + use a value of 3 * max-rtr-adv-interval."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - AdvDefaultLifetime"; + } + leaf fast-retransmit { + type boolean; + default "true"; + description + "Allow sending unsolicited multicast Router Advertisements + more frequently than once every 3 seconds as required by + RFC 4861."; + } + leaf advertisement-interval-option { + type boolean; + default "false"; + description + "Enable sending the Advertisement Interval Option in + Router Advertisements."; + reference + "RFC 6275: Mobility Support in IPv6"; + } + leaf home-agent-preference { + type uint16; + description + "The value to be placed in the Home Agent Preference + field in the Router Advertisement messages sent by the + router."; + reference + "RFC 6275: Mobility Support in IPv6"; + } + leaf home-agent-lifetime { + type uint16; + description + "The value to be placed in the Home Agent Lifetime + field in the Router Advertisement messages sent by the + router."; + reference + "RFC 6275: Mobility Support in IPv6"; + } + leaf default-router-preference { + type enumeration { + enum high { + value 1; /* 01 */ + description + "High preference."; + } + enum medium { + value 0; /* 00 */ + description + "Medium preference."; + } + enum low { + value 3; /* 11 */ + description + "Low preference."; + } + } + default "medium"; + description + "The value to be placed in the Default Router + Preference field in the Router Advertisement messages + sent by the router."; + reference + "RFC 4191: Default Router Preferences and More-Specific + Routes"; + } + container prefix-list { + description + "Support for prefixes to be placed in Prefix + Information options in Router Advertisement messages + sent from the interface. + + Prefixes that are advertised by default but do not + have their entries in the child 'prefix' list are + advertised with the default values of all parameters. + + The link-local prefix SHOULD NOT be included in the + list of advertised prefixes."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + - AdvPrefixList"; + list prefix { + key "prefix-spec"; + description + "Support for an advertised prefix entry."; + leaf prefix-spec { + type inet:ipv6-prefix; + description + "IPv6 address prefix."; + } + // FRR doesn't support 'no-advertise'. Keeping the code + // here for future reference. + /* + choice control-adv-prefixes { + default "advertise"; + description + "Either (1) the prefix is explicitly removed from the + set of advertised prefixes or (2) the parameters with + which the prefix is advertised are specified (default + case)."; + leaf no-advertise { + type empty; + description + "The prefix will not be advertised. + + This can be used for removing the prefix from + the default set of advertised prefixes."; + } + case advertise { + */ + leaf valid-lifetime { + type uint32; + units "seconds"; + default "2592000"; + description + "The value to be placed in the Valid Lifetime + in the Prefix Information option. The + designated value of all 1's (0xffffffff) + represents infinity."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 + (IPv6) - AdvValidLifetime"; + } + leaf on-link-flag { + type boolean; + default "true"; + description + "The value to be placed in the on-link flag + ('L-bit') field in the Prefix Information + option."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 + (IPv6) - AdvOnLinkFlag"; + } + leaf preferred-lifetime { + type uint32; + units "seconds"; + must ". <= ../valid-lifetime" { + description + "This value MUST NOT be greater than + valid-lifetime."; + } + default "604800"; + description + "The value to be placed in the Preferred + Lifetime in the Prefix Information option. + The designated value of all 1's (0xffffffff) + represents infinity."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 + (IPv6) - AdvPreferredLifetime"; + } + leaf autonomous-flag { + type boolean; + default "true"; + description + "The value to be placed in the Autonomous Flag + field in the Prefix Information option."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 + (IPv6) - AdvAutonomousFlag"; + } + leaf router-address-flag { + type boolean; + default "false"; + description + "The value to be placed in the Router Address + flag field in the Prefix Information option."; + reference + "RFC 6275: Mobility Support in IPv6"; + } + /* + } + } + */ + // This is closing brackets for `case advertise` and + // `choice control-adv-prefixes`. + } + } + container rdnss { + description + "A list of recursive DNS server addresses that are placed + in Recursive DNS Server (RDNSS) options in Router + Advertisement messages sent from the interface."; + reference + "RFC 8106: IPv6 Router Advertisement Options for DNS + Configuration"; + list rdnss-address { + key "address"; + description + "Recursive DNS server address."; + leaf address { + type inet:ipv6-address; + description + "IPv6 address of a recursive DNS server."; + } + leaf lifetime { + type uint32; + units "seconds"; + description + "The value that is placed in the Lifetime field in the + RDNSS option. The designated value of all 1's + (0xffffffff) represents infinity."; + } + } + } + container dnssl { + description + "A list of domain names that are placed in DNS Search List (DNSSL) + options in Router Advertisement messages sent from the interface."; + reference + "RFC 8106: IPv6 Router Advertisement Options for DNS + Configuration"; + list dnssl-domain { + key "domain"; + description + "Domain name for the search list."; + leaf domain { + type inet:domain-name; + description + "Domain name for the search list."; + } + leaf lifetime { + type uint32; + units "seconds"; + description + "The value that is placed in the Lifetime field in the + DNSSL option. The designated value of all 1's + (0xffffffff) represents infinity."; + } + } + } + } + leaf ptm-enable { + if-feature ptm-bfd; + type boolean; + default "true"; + description + "Enable PTM on the interface."; + } container state { config false; description @@ -2108,6 +2743,112 @@ module frr-zebra { container zebra { description "Zebra's vrf specific configuration and operational model."; + + leaf router-id { + type yang:dotted-quad; + description + "A 32-bit number in the form of a dotted quad that is used by + some routing protocols identifying a router."; + } + + leaf ipv6-router-id { + type inet:ipv6-address-no-zone; + description + "A 128-bit number in the form of an IPv6 address that is used by + some routing protocols identifying a router."; + } + + list filter-protocol { + key "afi-safi protocol"; + description + "Filter routing info exchanged between zebra and protocol."; + leaf afi-safi { + type identityref { + base frr-rt:afi-safi-type; + } + description + "AFI-SAFI type."; + } + leaf protocol { + // This should be identityref to frr-rt:control-plane-protocol someday + type string; + description + "The protocol to filter."; + } + leaf route-map { + type frr-route-map:route-map-ref; + mandatory true; + description + "A route-map to filter routes."; + } + } + + list filter-nht { + key "afi-safi protocol"; + description + "Filter next hop tracking route resolution."; + leaf afi-safi { + type identityref { + base frr-rt:afi-safi-type; + } + description + "AFI-SAFI type."; + } + leaf protocol { + // This should be identityref to frr-rt:control-plane-protocol someday + type string; + description + "The protocol to filter."; + } + leaf route-map { + type frr-route-map:route-map-ref; + mandatory true; + description + "A route-map to filter nexthops."; + } + } + + leaf resolve-via-default { + type boolean; + description + "Resolve IPv4 nexthops via the default route. This is true by default + for traditional profile and false by default for datacenter profile. + Removing the leaf sets it back to the default value for the profile."; + } + + leaf ipv6-resolve-via-default { + type boolean; + description + "Resolve IPv4 nexthops via the default route. This is true by default + for traditional profile and false by default for datacenter profile. + Removing the leaf sets it back to the default value for the profile."; + } + + container netns { + description + "Configuration for netns VRF backend."; + container table-range { + presence "Activates table-range configuration."; + description + "The range of tables to use for this netns."; + leaf start { + type uint32; + mandatory true; + description + "The first table to use."; + } + leaf end { + type uint32; + mandatory true; + must ". >= ../start" { + error-message "End table must be greater than or equal to start table"; + } + description + "The last table to use."; + } + } + } + uses ribs; uses vrf-vni-mapping; @@ -2213,6 +2954,22 @@ module frr-zebra { description "Limit on the number of updates queued to the dataplane subsystem."; } + leaf ptm-enable { + if-feature ptm-bfd; + type boolean; + default "false"; + description + "Enable PTM globally."; + } + leaf route-map-delay { + type uint32 { + range "0..600"; + } + units "seconds"; + default "5"; + description + "Time to wait before route-map updates are processed."; + } /* * Debug options */ diff --git a/yang/ietf/ietf-netconf-acm.yang b/yang/ietf/ietf-netconf-acm.yang new file mode 100644 index 0000000..f7e02f2 --- /dev/null +++ b/yang/ietf/ietf-netconf-acm.yang @@ -0,0 +1,464 @@ +module ietf-netconf-acm { + + namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm"; + + prefix nacm; + + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + + Author: Andy Bierman + + + Author: Martin Bjorklund + "; + + description + "Network Configuration Access Control Model. + + Copyright (c) 2012 - 2018 IETF Trust and the persons + identified as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8341; see + the RFC itself for full legal notices."; + + revision 2018-02-14 { + description + "Added support for YANG 1.1 actions and notifications tied to + data nodes. Clarified how NACM extensions can be used by + other data models."; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + revision 2012-02-22 { + description + "Initial version."; + reference + "RFC 6536: Network Configuration Protocol (NETCONF) + Access Control Model"; + } + + /* + * Extension statements + */ + + extension default-deny-write { + description + "Used to indicate that the data model node + represents a sensitive security system parameter. + + If present, the NETCONF server will only allow the designated + 'recovery session' to have write access to the node. An + explicit access control rule is required for all other users. + + If the NACM module is used, then it must be enabled (i.e., + /nacm/enable-nacm object equals 'true'), or this extension + is ignored. + + The 'default-deny-write' extension MAY appear within a data + definition statement. It is ignored otherwise."; + } + + extension default-deny-all { + description + "Used to indicate that the data model node + controls a very sensitive security system parameter. + + If present, the NETCONF server will only allow the designated + 'recovery session' to have read, write, or execute access to + the node. An explicit access control rule is required for all + other users. + + If the NACM module is used, then it must be enabled (i.e., + /nacm/enable-nacm object equals 'true'), or this extension + is ignored. + + The 'default-deny-all' extension MAY appear within a data + definition statement, 'rpc' statement, or 'notification' + statement. It is ignored otherwise."; + } + + /* + * Derived types + */ + + typedef user-name-type { + type string { + length "1..max"; + } + description + "General-purpose username string."; + } + + typedef matchall-string-type { + type string { + pattern '\*'; + } + description + "The string containing a single asterisk '*' is used + to conceptually represent all possible values + for the particular leaf using this data type."; + } + + typedef access-operations-type { + type bits { + bit create { + description + "Any protocol operation that creates a + new data node."; + } + bit read { + description + "Any protocol operation or notification that + returns the value of a data node."; + } + bit update { + description + "Any protocol operation that alters an existing + data node."; + } + bit delete { + description + "Any protocol operation that removes a data node."; + } + bit exec { + description + "Execution access to the specified protocol operation."; + } + } + description + "Access operation."; + } + + typedef group-name-type { + type string { + length "1..max"; + pattern '[^\*].*'; + } + description + "Name of administrative group to which + users can be assigned."; + } + + typedef action-type { + type enumeration { + enum permit { + description + "Requested action is permitted."; + } + enum deny { + description + "Requested action is denied."; + } + } + description + "Action taken by the server when a particular + rule matches."; + } + + typedef node-instance-identifier { + type yang:xpath1.0; + description + "Path expression used to represent a special + data node, action, or notification instance-identifier + string. + + A node-instance-identifier value is an + unrestricted YANG instance-identifier expression. + All the same rules as an instance-identifier apply, + except that predicates for keys are optional. If a key + predicate is missing, then the node-instance-identifier + represents all possible server instances for that key. + + This XML Path Language (XPath) expression is evaluated in the + following context: + + o The set of namespace declarations are those in scope on + the leaf element where this type is used. + + o The set of variable bindings contains one variable, + 'USER', which contains the name of the user of the + current session. + + o The function library is the core function library, but + note that due to the syntax restrictions of an + instance-identifier, no functions are allowed. + + o The context node is the root node in the data tree. + + The accessible tree includes actions and notifications tied + to data nodes."; + } + + /* + * Data definition statements + */ + + container nacm { + nacm:default-deny-all; + + description + "Parameters for NETCONF access control model."; + + leaf enable-nacm { + type boolean; + default "true"; + description + "Enables or disables all NETCONF access control + enforcement. If 'true', then enforcement + is enabled. If 'false', then enforcement + is disabled."; + } + + leaf read-default { + type action-type; + default "permit"; + description + "Controls whether read access is granted if + no appropriate rule is found for a + particular read request."; + } + + leaf write-default { + type action-type; + default "deny"; + description + "Controls whether create, update, or delete access + is granted if no appropriate rule is found for a + particular write request."; + } + + leaf exec-default { + type action-type; + default "permit"; + description + "Controls whether exec access is granted if no appropriate + rule is found for a particular protocol operation request."; + } + + leaf enable-external-groups { + type boolean; + default "true"; + description + "Controls whether the server uses the groups reported by the + NETCONF transport layer when it assigns the user to a set of + NACM groups. If this leaf has the value 'false', any group + names reported by the transport layer are ignored by the + server."; + } + + leaf denied-operations { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that a + protocol operation request was denied."; + } + + leaf denied-data-writes { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that a + protocol operation request to alter + a configuration datastore was denied."; + } + + leaf denied-notifications { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that + a notification was dropped for a subscription because + access to the event type was denied."; + } + + container groups { + description + "NETCONF access control groups."; + + list group { + key name; + + description + "One NACM group entry. This list will only contain + configured entries, not any entries learned from + any transport protocols."; + + leaf name { + type group-name-type; + description + "Group name associated with this entry."; + } + + leaf-list user-name { + type user-name-type; + description + "Each entry identifies the username of + a member of the group associated with + this entry."; + } + } + } + + list rule-list { + key name; + ordered-by user; + description + "An ordered collection of access control rules."; + + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule-list."; + } + leaf-list group { + type union { + type matchall-string-type; + type group-name-type; + } + description + "List of administrative groups that will be + assigned the associated access rights + defined by the 'rule' list. + + The string '*' indicates that all groups apply to the + entry."; + } + + list rule { + key name; + ordered-by user; + description + "One access control rule. + + Rules are processed in user-defined order until a match is + found. A rule matches if 'module-name', 'rule-type', and + 'access-operations' match the request. If a rule + matches, the 'action' leaf determines whether or not + access is granted."; + + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule."; + } + + leaf module-name { + type union { + type matchall-string-type; + type string; + } + default "*"; + description + "Name of the module associated with this rule. + + This leaf matches if it has the value '*' or if the + object being accessed is defined in the module with the + specified module name."; + } + choice rule-type { + description + "This choice matches if all leafs present in the rule + match the request. If no leafs are present, the + choice matches all requests."; + case protocol-operation { + leaf rpc-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if + its value equals the requested protocol operation + name."; + } + } + case notification { + leaf notification-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if its + value equals the requested notification name."; + } + } + + case data-node { + leaf path { + type node-instance-identifier; + mandatory true; + description + "Data node instance-identifier associated with the + data node, action, or notification controlled by + this rule. + + Configuration data or state data + instance-identifiers start with a top-level + data node. A complete instance-identifier is + required for this type of path value. + + The special value '/' refers to all possible + datastore contents."; + } + } + } + + leaf access-operations { + type union { + type matchall-string-type; + type access-operations-type; + } + default "*"; + description + "Access operations associated with this rule. + + This leaf matches if it has the value '*' or if the + bit corresponding to the requested operation is set."; + } + + leaf action { + type action-type; + mandatory true; + description + "The access control action associated with the + rule. If a rule has been determined to match a + particular request, then this object is used + to determine whether to permit or deny the + request."; + } + + leaf comment { + type string; + description + "A textual description of the access rule."; + } + } + } + } +} diff --git a/yang/ietf/ietf-netconf-with-defaults.yang b/yang/ietf/ietf-netconf-with-defaults.yang new file mode 100644 index 0000000..05ff399 --- /dev/null +++ b/yang/ietf/ietf-netconf-with-defaults.yang @@ -0,0 +1,139 @@ +module ietf-netconf-with-defaults { + + namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults"; + + prefix ncwd; + + import ietf-netconf { prefix nc; } + + organization + "IETF NETCONF (Network Configuration Protocol) Working Group"; + + contact + "WG Web: + + WG List: + + WG Chair: Bert Wijnen + + + WG Chair: Mehmet Ersue + + + Editor: Andy Bierman + + + Editor: Balazs Lengyel + "; + + description + "This module defines an extension to the NETCONF protocol + that allows the NETCONF client to control how default + values are handled by the server in particular NETCONF + operations. + + Copyright (c) 2011 IETF Trust and the persons identified as + the document authors. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 6243; see + the RFC itself for full legal notices."; + + revision 2011-06-01 { + description + "Initial version."; + reference + "RFC 6243: With-defaults Capability for NETCONF"; + } + + typedef with-defaults-mode { + description + "Possible modes to report default data."; + reference + "RFC 6243; Section 3."; + type enumeration { + enum report-all { + description + "All default data is reported."; + reference + "RFC 6243; Section 3.1"; + } + enum report-all-tagged { + description + "All default data is reported. + Any nodes considered to be default data + will contain a 'default' XML attribute, + set to 'true' or '1'."; + reference + "RFC 6243; Section 3.4"; + } + enum trim { + description + "Values are not reported if they contain the default."; + reference + "RFC 6243; Section 3.2"; + } + enum explicit { + description + "Report values that contain the definition of + explicitly set data."; + reference + "RFC 6243; Section 3.3"; + } + } + } + + grouping with-defaults-parameters { + description + "Contains the parameter for control + of defaults in NETCONF retrieval operations."; + + leaf with-defaults { + description + "The explicit defaults processing mode requested."; + reference + "RFC 6243; Section 4.5.1"; + + type with-defaults-mode; + } + } + + // extending the get-config operation + augment /nc:get-config/nc:input { + description + "Adds the parameter to the + input of the NETCONF operation."; + reference + "RFC 6243; Section 4.5.1"; + + uses with-defaults-parameters; + } + + // extending the get operation + augment /nc:get/nc:input { + description + "Adds the parameter to + the input of the NETCONF operation."; + reference + "RFC 6243; Section 4.5.1"; + + uses with-defaults-parameters; + } + + // extending the copy-config operation + augment /nc:copy-config/nc:input { + description + "Adds the parameter to + the input of the NETCONF operation."; + reference + "RFC 6243; Section 4.5.1"; + + uses with-defaults-parameters; + } +} diff --git a/yang/ietf/ietf-netconf.yang b/yang/ietf/ietf-netconf.yang new file mode 100644 index 0000000..93927f1 --- /dev/null +++ b/yang/ietf/ietf-netconf.yang @@ -0,0 +1,933 @@ +module ietf-netconf { + + // the namespace for NETCONF XML definitions is unchanged + // from RFC 4741, which this document replaces + namespace "urn:ietf:params:xml:ns:netconf:base:1.0"; + + prefix nc; + + import ietf-inet-types { + prefix inet; + } + + import ietf-netconf-acm { prefix nacm; } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + + WG Chair: Bert Wijnen + + + WG Chair: Mehmet Ersue + + + Editor: Martin Bjorklund + + + Editor: Juergen Schoenwaelder + + + Editor: Andy Bierman + "; + description + "NETCONF Protocol Data Types and Protocol Operations. + + Copyright (c) 2011 IETF Trust and the persons identified as + the document authors. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 6241; see + the RFC itself for full legal notices."; + + revision 2011-06-01 { + description + "Initial revision; + 2013-09-29: Updated to include NACM attributes, + as specified in RFC 6536: sec 3.2.5 and 3.2.8"; + reference + "RFC 6241: Network Configuration Protocol"; + } + + extension get-filter-element-attributes { + description + "If this extension is present within an 'anyxml' + statement named 'filter', which must be conceptually + defined within the RPC input section for the + and protocol operations, then the + following unqualified XML attribute is supported + within the element, within a or + protocol operation: + + type : optional attribute with allowed + value strings 'subtree' and 'xpath'. + If missing, the default value is 'subtree'. + + If the 'xpath' feature is supported, then the + following unqualified XML attribute is + also supported: + + select: optional attribute containing a + string representing an XPath expression. + The 'type' attribute must be equal to 'xpath' + if this attribute is present."; + } + + // NETCONF capabilities defined as features + feature writable-running { + description + "NETCONF :writable-running capability; + If the server advertises the :writable-running + capability for a session, then this feature must + also be enabled for that session. Otherwise, + this feature must not be enabled."; + reference "RFC 6241, Section 8.2"; + } + + feature candidate { + description + "NETCONF :candidate capability; + If the server advertises the :candidate + capability for a session, then this feature must + also be enabled for that session. Otherwise, + this feature must not be enabled."; + reference "RFC 6241, Section 8.3"; + } + + feature confirmed-commit { + if-feature candidate; + description + "NETCONF :confirmed-commit:1.1 capability; + If the server advertises the :confirmed-commit:1.1 + capability for a session, then this feature must + also be enabled for that session. Otherwise, + this feature must not be enabled."; + + reference "RFC 6241, Section 8.4"; + } + + feature rollback-on-error { + description + "NETCONF :rollback-on-error capability; + If the server advertises the :rollback-on-error + capability for a session, then this feature must + also be enabled for that session. Otherwise, + this feature must not be enabled."; + reference "RFC 6241, Section 8.5"; + } + + feature validate { + description + "NETCONF :validate:1.1 capability; + If the server advertises the :validate:1.1 + capability for a session, then this feature must + also be enabled for that session. Otherwise, + this feature must not be enabled."; + reference "RFC 6241, Section 8.6"; + } + + feature startup { + description + "NETCONF :startup capability; + If the server advertises the :startup + capability for a session, then this feature must + also be enabled for that session. Otherwise, + this feature must not be enabled."; + reference "RFC 6241, Section 8.7"; + } + + feature url { + description + "NETCONF :url capability; + If the server advertises the :url + capability for a session, then this feature must + also be enabled for that session. Otherwise, + this feature must not be enabled."; + reference "RFC 6241, Section 8.8"; + } + + feature xpath { + description + "NETCONF :xpath capability; + If the server advertises the :xpath + capability for a session, then this feature must + also be enabled for that session. Otherwise, + this feature must not be enabled."; + reference "RFC 6241, Section 8.9"; + } + + // NETCONF Simple Types + + typedef session-id-type { + type uint32 { + range "1..max"; + } + description + "NETCONF Session Id"; + } + + typedef session-id-or-zero-type { + type uint32; + description + "NETCONF Session Id or Zero to indicate none"; + } + typedef error-tag-type { + type enumeration { + enum in-use { + description + "The request requires a resource that + already is in use."; + } + enum invalid-value { + description + "The request specifies an unacceptable value for one + or more parameters."; + } + enum too-big { + description + "The request or response (that would be generated) is + too large for the implementation to handle."; + } + enum missing-attribute { + description + "An expected attribute is missing."; + } + enum bad-attribute { + description + "An attribute value is not correct; e.g., wrong type, + out of range, pattern mismatch."; + } + enum unknown-attribute { + description + "An unexpected attribute is present."; + } + enum missing-element { + description + "An expected element is missing."; + } + enum bad-element { + description + "An element value is not correct; e.g., wrong type, + out of range, pattern mismatch."; + } + enum unknown-element { + description + "An unexpected element is present."; + } + enum unknown-namespace { + description + "An unexpected namespace is present."; + } + enum access-denied { + description + "Access to the requested protocol operation or + data model is denied because authorization failed."; + } + enum lock-denied { + description + "Access to the requested lock is denied because the + lock is currently held by another entity."; + } + enum resource-denied { + description + "Request could not be completed because of + insufficient resources."; + } + enum rollback-failed { + description + "Request to roll back some configuration change (via + rollback-on-error or operations) + was not completed for some reason."; + + } + enum data-exists { + description + "Request could not be completed because the relevant + data model content already exists. For example, + a 'create' operation was attempted on data that + already exists."; + } + enum data-missing { + description + "Request could not be completed because the relevant + data model content does not exist. For example, + a 'delete' operation was attempted on + data that does not exist."; + } + enum operation-not-supported { + description + "Request could not be completed because the requested + operation is not supported by this implementation."; + } + enum operation-failed { + description + "Request could not be completed because the requested + operation failed for some reason not covered by + any other error condition."; + } + enum partial-operation { + description + "This error-tag is obsolete, and SHOULD NOT be sent + by servers conforming to this document."; + } + enum malformed-message { + description + "A message could not be handled because it failed to + be parsed correctly. For example, the message is not + well-formed XML or it uses an invalid character set."; + } + } + description "NETCONF Error Tag"; + reference "RFC 6241, Appendix A"; + } + + typedef error-severity-type { + type enumeration { + enum error { + description "Error severity"; + } + enum warning { + description "Warning severity"; + } + } + description "NETCONF Error Severity"; + reference "RFC 6241, Section 4.3"; + } + + typedef edit-operation-type { + type enumeration { + enum merge { + description + "The configuration data identified by the + element containing this attribute is merged + with the configuration at the corresponding + level in the configuration datastore identified + by the target parameter."; + } + enum replace { + description + "The configuration data identified by the element + containing this attribute replaces any related + configuration in the configuration datastore + identified by the target parameter. If no such + configuration data exists in the configuration + datastore, it is created. Unlike a + operation, which replaces the + entire target configuration, only the configuration + actually present in the config parameter is affected."; + } + enum create { + description + "The configuration data identified by the element + containing this attribute is added to the + configuration if and only if the configuration + data does not already exist in the configuration + datastore. If the configuration data exists, an + element is returned with an + value of 'data-exists'."; + } + enum delete { + description + "The configuration data identified by the element + containing this attribute is deleted from the + configuration if and only if the configuration + data currently exists in the configuration + datastore. If the configuration data does not + exist, an element is returned with + an value of 'data-missing'."; + } + enum remove { + description + "The configuration data identified by the element + containing this attribute is deleted from the + configuration if the configuration + data currently exists in the configuration + datastore. If the configuration data does not + exist, the 'remove' operation is silently ignored + by the server."; + } + } + default "merge"; + description "NETCONF 'operation' attribute values"; + reference "RFC 6241, Section 7.2"; + } + + // NETCONF Standard Protocol Operations + + rpc get-config { + description + "Retrieve all or part of a specified configuration."; + + reference "RFC 6241, Section 7.1"; + + input { + container source { + description + "Particular configuration to retrieve."; + + choice config-source { + mandatory true; + description + "The configuration to retrieve."; + leaf candidate { + if-feature candidate; + type empty; + description + "The candidate configuration is the config source."; + } + leaf running { + type empty; + description + "The running configuration is the config source."; + } + leaf startup { + if-feature startup; + type empty; + description + "The startup configuration is the config source. + This is optional-to-implement on the server because + not all servers will support filtering for this + datastore."; + } + } + } + + anyxml filter { + description + "Subtree or XPath filter to use."; + nc:get-filter-element-attributes; + } + } + + output { + anyxml data { + description + "Copy of the source datastore subset that matched + the filter criteria (if any). An empty data container + indicates that the request did not produce any results."; + } + } + } + + rpc edit-config { + description + "The operation loads all or part of a specified + configuration to the specified target configuration."; + + reference "RFC 6241, Section 7.2"; + + input { + container target { + description + "Particular configuration to edit."; + + choice config-target { + mandatory true; + description + "The configuration target."; + + leaf candidate { + if-feature candidate; + type empty; + description + "The candidate configuration is the config target."; + } + leaf running { + if-feature writable-running; + type empty; + description + "The running configuration is the config source."; + } + } + } + + leaf default-operation { + type enumeration { + enum merge { + description + "The default operation is merge."; + } + enum replace { + description + "The default operation is replace."; + } + enum none { + description + "There is no default operation."; + } + } + default "merge"; + description + "The default operation to use."; + } + + leaf test-option { + if-feature validate; + type enumeration { + enum test-then-set { + description + "The server will test and then set if no errors."; + } + enum set { + description + "The server will set without a test first."; + } + + enum test-only { + description + "The server will only test and not set, even + if there are no errors."; + } + } + default "test-then-set"; + description + "The test option to use."; + } + + leaf error-option { + type enumeration { + enum stop-on-error { + description + "The server will stop on errors."; + } + enum continue-on-error { + description + "The server may continue on errors."; + } + enum rollback-on-error { + description + "The server will roll back on errors. + This value can only be used if the 'rollback-on-error' + feature is supported."; + } + } + default "stop-on-error"; + description + "The error option to use."; + } + + choice edit-content { + mandatory true; + description + "The content for the edit operation."; + + anyxml config { + description + "Inline Config content."; + } + leaf url { + if-feature url; + type inet:uri; + description + "URL-based config content."; + } + } + } + } + + rpc copy-config { + description + "Create or replace an entire configuration datastore with the + contents of another complete configuration datastore."; + + reference "RFC 6241, Section 7.3"; + + input { + container target { + description + "Particular configuration to copy to."; + + choice config-target { + mandatory true; + description + "The configuration target of the copy operation."; + + leaf candidate { + if-feature candidate; + type empty; + description + "The candidate configuration is the config target."; + } + leaf running { + if-feature writable-running; + type empty; + description + "The running configuration is the config target. + This is optional-to-implement on the server."; + } + leaf startup { + if-feature startup; + type empty; + description + "The startup configuration is the config target."; + } + leaf url { + if-feature url; + type inet:uri; + description + "The URL-based configuration is the config target."; + } + } + } + + container source { + description + "Particular configuration to copy from."; + + choice config-source { + mandatory true; + description + "The configuration source for the copy operation."; + + leaf candidate { + if-feature candidate; + type empty; + description + "The candidate configuration is the config source."; + } + leaf running { + type empty; + description + "The running configuration is the config source."; + } + leaf startup { + if-feature startup; + type empty; + description + "The startup configuration is the config source."; + } + leaf url { + if-feature url; + type inet:uri; + description + "The URL-based configuration is the config source."; + } + anyxml config { + description + "Inline Config content: element. Represents + an entire configuration datastore, not + a subset of the running datastore."; + } + } + } + } + } + + rpc delete-config { + nacm:default-deny-all; + description + "Delete a configuration datastore."; + + reference "RFC 6241, Section 7.4"; + + input { + container target { + description + "Particular configuration to delete."; + + choice config-target { + mandatory true; + description + "The configuration target to delete."; + + leaf startup { + if-feature startup; + type empty; + description + "The startup configuration is the config target."; + } + leaf url { + if-feature url; + type inet:uri; + description + "The URL-based configuration is the config target."; + } + } + } + } + } + + rpc lock { + description + "The lock operation allows the client to lock the configuration + system of a device."; + + reference "RFC 6241, Section 7.5"; + + input { + container target { + description + "Particular configuration to lock."; + + choice config-target { + mandatory true; + description + "The configuration target to lock."; + + leaf candidate { + if-feature candidate; + type empty; + description + "The candidate configuration is the config target."; + } + leaf running { + type empty; + description + "The running configuration is the config target."; + } + leaf startup { + if-feature startup; + type empty; + description + "The startup configuration is the config target."; + } + } + } + } + } + + rpc unlock { + description + "The unlock operation is used to release a configuration lock, + previously obtained with the 'lock' operation."; + + reference "RFC 6241, Section 7.6"; + + input { + container target { + description + "Particular configuration to unlock."; + + choice config-target { + mandatory true; + description + "The configuration target to unlock."; + + leaf candidate { + if-feature candidate; + type empty; + description + "The candidate configuration is the config target."; + } + leaf running { + type empty; + description + "The running configuration is the config target."; + } + leaf startup { + if-feature startup; + type empty; + description + "The startup configuration is the config target."; + } + } + } + } + } + + rpc get { + description + "Retrieve running configuration and device state information."; + + reference "RFC 6241, Section 7.7"; + + input { + anyxml filter { + description + "This parameter specifies the portion of the system + configuration and state data to retrieve."; + nc:get-filter-element-attributes; + } + } + + output { + anyxml data { + description + "Copy of the running datastore subset and/or state + data that matched the filter criteria (if any). + An empty data container indicates that the request did not + produce any results."; + } + } + } + + rpc close-session { + description + "Request graceful termination of a NETCONF session."; + + reference "RFC 6241, Section 7.8"; + } + + rpc kill-session { + nacm:default-deny-all; + description + "Force the termination of a NETCONF session."; + + reference "RFC 6241, Section 7.9"; + + input { + leaf session-id { + type session-id-type; + mandatory true; + description + "Particular session to kill."; + } + } + } + + rpc commit { + if-feature candidate; + + description + "Commit the candidate configuration as the device's new + current configuration."; + + reference "RFC 6241, Section 8.3.4.1"; + + input { + leaf confirmed { + if-feature confirmed-commit; + type empty; + description + "Requests a confirmed commit."; + reference "RFC 6241, Section 8.3.4.1"; + } + + leaf confirm-timeout { + if-feature confirmed-commit; + type uint32 { + range "1..max"; + } + units "seconds"; + default "600"; // 10 minutes + description + "The timeout interval for a confirmed commit."; + reference "RFC 6241, Section 8.3.4.1"; + } + + leaf persist { + if-feature confirmed-commit; + type string; + description + "This parameter is used to make a confirmed commit + persistent. A persistent confirmed commit is not aborted + if the NETCONF session terminates. The only way to abort + a persistent confirmed commit is to let the timer expire, + or to use the operation. + + The value of this parameter is a token that must be given + in the 'persist-id' parameter of or + operations in order to confirm or cancel + the persistent confirmed commit. + + The token should be a random string."; + reference "RFC 6241, Section 8.3.4.1"; + } + + leaf persist-id { + if-feature confirmed-commit; + type string; + description + "This parameter is given in order to commit a persistent + confirmed commit. The value must be equal to the value + given in the 'persist' parameter to the operation. + If it does not match, the operation fails with an + 'invalid-value' error."; + reference "RFC 6241, Section 8.3.4.1"; + } + + } + } + + rpc discard-changes { + if-feature candidate; + + description + "Revert the candidate configuration to the current + running configuration."; + reference "RFC 6241, Section 8.3.4.2"; + } + + rpc cancel-commit { + if-feature confirmed-commit; + description + "This operation is used to cancel an ongoing confirmed commit. + If the confirmed commit is persistent, the parameter + 'persist-id' must be given, and it must match the value of the + 'persist' parameter."; + reference "RFC 6241, Section 8.4.4.1"; + + input { + leaf persist-id { + type string; + description + "This parameter is given in order to cancel a persistent + confirmed commit. The value must be equal to the value + given in the 'persist' parameter to the operation. + If it does not match, the operation fails with an + 'invalid-value' error."; + } + } + } + + rpc validate { + if-feature validate; + + description + "Validates the contents of the specified configuration."; + + reference "RFC 6241, Section 8.6.4.1"; + + input { + container source { + description + "Particular configuration to validate."; + + choice config-source { + mandatory true; + description + "The configuration source to validate."; + + leaf candidate { + if-feature candidate; + type empty; + description + "The candidate configuration is the config source."; + } + leaf running { + type empty; + description + "The running configuration is the config source."; + } + leaf startup { + if-feature startup; + type empty; + description + "The startup configuration is the config source."; + } + leaf url { + if-feature url; + type inet:uri; + description + "The URL-based configuration is the config source."; + } + anyxml config { + description + "Inline Config content: element. Represents + an entire configuration datastore, not + a subset of the running datastore."; + } + } + } + } + } +} diff --git a/yang/subdir.am b/yang/subdir.am index eb17c38..0bdf937 100644 --- a/yang/subdir.am +++ b/yang/subdir.am @@ -38,6 +38,9 @@ dist_yangmodels_DATA += yang/frr-routing.yang dist_yangmodels_DATA += yang/ietf/ietf-routing-types.yang dist_yangmodels_DATA += yang/ietf/ietf-interfaces.yang dist_yangmodels_DATA += yang/ietf/ietf-bgp-types.yang +dist_yangmodels_DATA += yang/ietf/ietf-netconf-acm.yang +dist_yangmodels_DATA += yang/ietf/ietf-netconf.yang +dist_yangmodels_DATA += yang/ietf/ietf-netconf-with-defaults.yang if BFDD dist_yangmodels_DATA += yang/frr-bfdd.yang -- cgit v1.2.3