1108 lines
28 KiB
YANG
1108 lines
28 KiB
YANG
module openconfig-routing-policy {
|
|
|
|
yang-version "1";
|
|
|
|
// namespace
|
|
namespace "http://openconfig.net/yang/routing-policy";
|
|
|
|
prefix "oc-rpol";
|
|
|
|
// import some basic types
|
|
import openconfig-inet-types { prefix oc-inet; }
|
|
import openconfig-interfaces { prefix oc-if; }
|
|
import openconfig-policy-types { prefix oc-pol-types; }
|
|
import openconfig-extensions { prefix oc-ext; }
|
|
|
|
// meta
|
|
organization
|
|
"OpenConfig working group";
|
|
|
|
contact
|
|
"OpenConfig working group
|
|
netopenconfig@googlegroups.com";
|
|
|
|
description
|
|
"This module describes a YANG model for routing policy
|
|
configuration. It is a limited subset of all of the policy
|
|
configuration parameters available in the variety of vendor
|
|
implementations, but supports widely used constructs for managing
|
|
how routes are imported, exported, and modified across different
|
|
routing protocols. This module is intended to be used in
|
|
conjunction with routing protocol configuration models (e.g.,
|
|
BGP) defined in other modules.
|
|
|
|
Route policy expression:
|
|
|
|
Policies are expressed as a set of top-level policy definitions,
|
|
each of which consists of a sequence of policy statements. Policy
|
|
statements consist of simple condition-action tuples. Conditions
|
|
may include mutiple match or comparison operations, and similarly
|
|
actions may be multitude of changes to route attributes or a
|
|
final disposition of accepting or rejecting the route.
|
|
|
|
Route policy evaluation:
|
|
|
|
Policy definitions are referenced in routing protocol
|
|
configurations using import and export configuration statements.
|
|
The arguments are members of an ordered list of named policy
|
|
definitions which comprise a policy chain, and optionally, an
|
|
explicit default policy action (i.e., reject or accept).
|
|
|
|
Evaluation of each policy definition proceeds by evaluating its
|
|
corresponding individual policy statements in order. When a
|
|
condition statement in a policy statement is satisfied, the
|
|
corresponding action statement is executed. If the action
|
|
statement has either accept-route or reject-route actions, policy
|
|
evaluation of the current policy definition stops, and no further
|
|
policy definitions in the chain are evaluated.
|
|
|
|
If the condition is not satisfied, then evaluation proceeds to
|
|
the next policy statement. If none of the policy statement
|
|
conditions are satisfied, then evaluation of the current policy
|
|
definition stops, and the next policy definition in the chain is
|
|
evaluated. When the end of the policy chain is reached, the
|
|
default route disposition action is performed (i.e., reject-route
|
|
unless an an alternate default action is specified for the
|
|
chain).
|
|
|
|
Policy 'subroutines' (or nested policies) are supported by
|
|
allowing policy statement conditions to reference another policy
|
|
definition which applies conditions and actions from the
|
|
referenced policy before returning to the calling policy
|
|
statement and resuming evaluation. If the called policy
|
|
results in an accept-route (either explicit or by default), then
|
|
the subroutine returns an effective true value to the calling
|
|
policy. Similarly, a reject-route action returns false. If the
|
|
subroutine returns true, the calling policy continues to evaluate
|
|
the remaining conditions (using a modified route if the
|
|
subroutine performed any changes to the route).";
|
|
|
|
oc-ext:openconfig-version "3.1.1";
|
|
|
|
revision "2018-11-21" {
|
|
description
|
|
"Add OpenConfig module metadata extensions.";
|
|
reference "3.1.1";
|
|
}
|
|
|
|
revision "2018-06-05" {
|
|
description
|
|
"Add PIM, IGMP to INSTALL_PROTOCOL_TYPES identity";
|
|
reference "3.1.0";
|
|
}
|
|
|
|
revision "2017-07-14" {
|
|
description
|
|
"Replace policy choice node/type with policy-result
|
|
enumeration;simplified defined set naming;removed generic
|
|
IGP actions; migrate to OpenConfig types; added mode for
|
|
prefix sets";
|
|
reference "3.0.0";
|
|
}
|
|
|
|
revision "2016-05-12" {
|
|
description
|
|
"OpenConfig public release";
|
|
reference "2.0.1";
|
|
}
|
|
|
|
// OpenConfig specific extensions for module metadata.
|
|
oc-ext:regexp-posix;
|
|
oc-ext:catalog-organization "openconfig";
|
|
oc-ext:origin "openconfig";
|
|
|
|
// typedef statements
|
|
|
|
typedef default-policy-type {
|
|
// this typedef retained for name compatibiity with default
|
|
// import and export policy
|
|
type enumeration {
|
|
enum ACCEPT_ROUTE {
|
|
description
|
|
"Default policy to accept the route";
|
|
}
|
|
enum REJECT_ROUTE {
|
|
description
|
|
"Default policy to reject the route";
|
|
}
|
|
}
|
|
description
|
|
"Type used to specify route disposition in
|
|
a policy chain";
|
|
}
|
|
|
|
typedef policy-result-type {
|
|
type enumeration {
|
|
enum ACCEPT_ROUTE {
|
|
description "Policy accepts the route";
|
|
}
|
|
enum REJECT_ROUTE {
|
|
description "Policy rejects the route";
|
|
}
|
|
}
|
|
description
|
|
"Type used to specify route disposition in
|
|
a policy chain";
|
|
}
|
|
|
|
|
|
// grouping statements
|
|
|
|
grouping prefix-set-config {
|
|
description
|
|
"Configuration data for prefix sets used in policy
|
|
definitions.";
|
|
|
|
leaf name {
|
|
type string;
|
|
description
|
|
"name / label of the prefix set -- this is used to
|
|
reference the set in match conditions";
|
|
}
|
|
|
|
leaf mode {
|
|
type enumeration {
|
|
enum IPV4 {
|
|
description
|
|
"Prefix set contains IPv4 prefixes only";
|
|
}
|
|
enum IPV6 {
|
|
description
|
|
"Prefix set contains IPv6 prefixes only";
|
|
}
|
|
enum MIXED {
|
|
description
|
|
"Prefix set contains mixed IPv4 and IPv6 prefixes";
|
|
}
|
|
}
|
|
description
|
|
"Indicates the mode of the prefix set, in terms of which
|
|
address families (IPv4, IPv6, or both) are present. The
|
|
mode provides a hint, but the device must validate that all
|
|
prefixes are of the indicated type, and is expected to
|
|
reject the configuration if there is a discrepancy. The
|
|
MIXED mode may not be supported on devices that require
|
|
prefix sets to be of only one address family.";
|
|
}
|
|
|
|
}
|
|
|
|
grouping prefix-set-state {
|
|
description
|
|
"Operational state data for prefix sets";
|
|
}
|
|
|
|
grouping prefix-set-top {
|
|
description
|
|
"Top-level data definitions for a list of IPv4 or IPv6
|
|
prefixes which are matched as part of a policy";
|
|
|
|
container prefix-sets {
|
|
description
|
|
"Enclosing container ";
|
|
|
|
list prefix-set {
|
|
key "name";
|
|
description
|
|
"List of the defined prefix sets";
|
|
|
|
leaf name {
|
|
type leafref {
|
|
path "../config/name";
|
|
}
|
|
description
|
|
"Reference to prefix name list key";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for prefix sets";
|
|
|
|
uses prefix-set-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data ";
|
|
|
|
uses prefix-set-config;
|
|
uses prefix-set-state;
|
|
}
|
|
|
|
uses prefix-top;
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping prefix-config {
|
|
description
|
|
"Configuration data for a prefix definition";
|
|
|
|
leaf ip-prefix {
|
|
type oc-inet:ip-prefix;
|
|
mandatory true;
|
|
description
|
|
"The prefix member in CIDR notation -- while the
|
|
prefix may be either IPv4 or IPv6, most
|
|
implementations require all members of the prefix set
|
|
to be the same address family. Mixing address types in
|
|
the same prefix set is likely to cause an error.";
|
|
}
|
|
|
|
leaf masklength-range {
|
|
type string {
|
|
pattern '^([0-9]+\.\.[0-9]+)|exact$';
|
|
}
|
|
description
|
|
"Defines a range for the masklength, or 'exact' if
|
|
the prefix has an exact length.
|
|
|
|
Example: 10.3.192.0/21 through 10.3.192.0/24 would be
|
|
expressed as prefix: 10.3.192.0/21,
|
|
masklength-range: 21..24.
|
|
|
|
Example: 10.3.192.0/21 would be expressed as
|
|
prefix: 10.3.192.0/21,
|
|
masklength-range: exact";
|
|
}
|
|
}
|
|
|
|
grouping prefix-state {
|
|
description
|
|
"Operational state data for prefix definitions";
|
|
}
|
|
|
|
grouping prefix-top {
|
|
description
|
|
"Top-level grouping for prefixes in a prefix list";
|
|
|
|
container prefixes {
|
|
description
|
|
"Enclosing container for the list of prefixes in a policy
|
|
prefix list";
|
|
|
|
list prefix {
|
|
key "ip-prefix masklength-range";
|
|
description
|
|
"List of prefixes in the prefix set";
|
|
|
|
leaf ip-prefix {
|
|
type leafref {
|
|
path "../config/ip-prefix";
|
|
}
|
|
description
|
|
"Reference to the ip-prefix list key.";
|
|
}
|
|
|
|
leaf masklength-range {
|
|
type leafref {
|
|
path "../config/masklength-range";
|
|
}
|
|
description
|
|
"Reference to the masklength-range list key";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for prefix definition";
|
|
|
|
uses prefix-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for prefix definition";
|
|
|
|
uses prefix-config;
|
|
uses prefix-state;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping neighbor-set-config {
|
|
description
|
|
"Configuration data for neighbor set definitions";
|
|
|
|
leaf name {
|
|
type string;
|
|
description
|
|
"name / label of the neighbor set -- this is used to
|
|
reference the set in match conditions";
|
|
}
|
|
|
|
leaf-list address {
|
|
type oc-inet:ip-address;
|
|
description
|
|
"List of IP addresses in the neighbor set";
|
|
}
|
|
}
|
|
|
|
grouping neighbor-set-state {
|
|
description
|
|
"Operational state data for neighbor set definitions";
|
|
}
|
|
|
|
grouping neighbor-set-top {
|
|
description
|
|
"Top-level data definition for a list of IPv4 or IPv6
|
|
neighbors which can be matched in a routing policy";
|
|
|
|
container neighbor-sets {
|
|
description
|
|
"Enclosing container for the list of neighbor set
|
|
definitions";
|
|
|
|
list neighbor-set {
|
|
key "name";
|
|
description
|
|
"List of defined neighbor sets for use in policies.";
|
|
|
|
leaf name {
|
|
type leafref {
|
|
path "../config/name";
|
|
}
|
|
description
|
|
"Reference to the neighbor set name list key.";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for neighbor sets.";
|
|
|
|
uses neighbor-set-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for neighbor sets.";
|
|
|
|
uses neighbor-set-config;
|
|
uses neighbor-set-state;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping tag-set-config {
|
|
description
|
|
"Configuration data for tag set definitions.";
|
|
|
|
leaf name {
|
|
type string;
|
|
description
|
|
"name / label of the tag set -- this is used to reference
|
|
the set in match conditions";
|
|
}
|
|
|
|
leaf-list tag-value {
|
|
type oc-pol-types:tag-type;
|
|
description
|
|
"Value of the tag set member";
|
|
}
|
|
}
|
|
|
|
grouping tag-set-state {
|
|
description
|
|
"Operational state data for tag set definitions.";
|
|
}
|
|
|
|
grouping tag-set-top {
|
|
description
|
|
"Top-level data definitions for a list of tags which can
|
|
be matched in policies";
|
|
|
|
container tag-sets {
|
|
description
|
|
"Enclosing container for the list of tag sets.";
|
|
|
|
list tag-set {
|
|
key "name";
|
|
description
|
|
"List of tag set definitions.";
|
|
|
|
leaf name {
|
|
type leafref {
|
|
path "../config/name";
|
|
}
|
|
description
|
|
"Reference to the tag set name list key";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for tag sets";
|
|
|
|
uses tag-set-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for tag sets";
|
|
|
|
uses tag-set-config;
|
|
uses tag-set-state;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping generic-defined-sets {
|
|
description
|
|
"Data definitions for pre-defined sets of attributes used in
|
|
policy match conditions. These sets are generic and can
|
|
be used in matching conditions in different routing
|
|
protocols.";
|
|
|
|
uses prefix-set-top;
|
|
uses neighbor-set-top;
|
|
uses tag-set-top;
|
|
}
|
|
|
|
grouping match-set-options-group {
|
|
description
|
|
"Grouping containing options relating to how a particular set
|
|
should be matched";
|
|
|
|
leaf match-set-options {
|
|
type oc-pol-types:match-set-options-type;
|
|
description
|
|
"Optional parameter that governs the behaviour of the
|
|
match operation";
|
|
}
|
|
}
|
|
|
|
grouping match-set-options-restricted-group {
|
|
description
|
|
"Grouping for a restricted set of match operation modifiers";
|
|
|
|
leaf match-set-options {
|
|
type oc-pol-types:match-set-options-restricted-type;
|
|
description
|
|
"Optional parameter that governs the behaviour of the
|
|
match operation. This leaf only supports matching on ANY
|
|
member of the set or inverting the match. Matching on ALL is
|
|
not supported";
|
|
}
|
|
}
|
|
|
|
grouping match-interface-condition-config {
|
|
description
|
|
"Configuration data for interface match condition";
|
|
|
|
uses oc-if:interface-ref-common;
|
|
}
|
|
|
|
grouping match-interface-condition-state {
|
|
description
|
|
"Operational state data for interface match condition";
|
|
}
|
|
|
|
grouping match-interface-condition-top {
|
|
description
|
|
"Top-level grouping for the interface match condition";
|
|
|
|
container match-interface {
|
|
description
|
|
"Top-level container for interface match conditions";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for interface match conditions";
|
|
|
|
uses match-interface-condition-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for interface match conditions";
|
|
|
|
uses match-interface-condition-config;
|
|
uses match-interface-condition-state;
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
grouping prefix-set-condition-config {
|
|
description
|
|
"Configuration data for prefix-set conditions";
|
|
|
|
leaf prefix-set {
|
|
type leafref {
|
|
path "../../../../../../../../defined-sets/" +
|
|
"prefix-sets/prefix-set/config/name";
|
|
}
|
|
description "References a defined prefix set";
|
|
}
|
|
uses match-set-options-restricted-group;
|
|
}
|
|
|
|
|
|
grouping prefix-set-condition-state {
|
|
description
|
|
"Operational state data for prefix-set conditions";
|
|
}
|
|
|
|
grouping prefix-set-condition-top {
|
|
description
|
|
"Top-level grouping for prefix-set conditions";
|
|
|
|
container match-prefix-set {
|
|
description
|
|
"Match a referenced prefix-set according to the logic
|
|
defined in the match-set-options leaf";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for a prefix-set condition";
|
|
|
|
uses prefix-set-condition-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for a prefix-set condition";
|
|
|
|
uses prefix-set-condition-config;
|
|
uses prefix-set-condition-state;
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping neighbor-set-condition-config {
|
|
description
|
|
"Configuration data for neighbor-set conditions";
|
|
|
|
leaf neighbor-set {
|
|
type leafref {
|
|
path "../../../../../../../../defined-sets/neighbor-sets/" +
|
|
"neighbor-set/name";
|
|
//TODO: require-instance should be added when it's
|
|
//supported in YANG 1.1
|
|
//require-instance true;
|
|
}
|
|
description "References a defined neighbor set";
|
|
}
|
|
|
|
uses match-set-options-restricted-group;
|
|
}
|
|
|
|
grouping neighbor-set-condition-state {
|
|
description
|
|
"Operational state data for neighbor-set conditions";
|
|
}
|
|
|
|
grouping neighbor-set-condition-top {
|
|
description
|
|
"Top-level grouping for neighbor-set conditions";
|
|
|
|
container match-neighbor-set {
|
|
description
|
|
"Match a referenced neighbor set according to the logic
|
|
defined in the match-set-options-leaf";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data ";
|
|
|
|
uses neighbor-set-condition-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data ";
|
|
|
|
uses neighbor-set-condition-config;
|
|
uses neighbor-set-condition-state;
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping tag-set-condition-config {
|
|
description
|
|
"Configuration data for tag-set condition statements";
|
|
|
|
leaf tag-set {
|
|
type leafref {
|
|
path "../../../../../../../../defined-sets/tag-sets/tag-set" +
|
|
"/name";
|
|
//TODO: require-instance should be added when it's
|
|
//supported in YANG 1.1
|
|
//require-instance true;
|
|
}
|
|
description "References a defined tag set";
|
|
}
|
|
uses match-set-options-restricted-group;
|
|
}
|
|
|
|
grouping tag-set-condition-state {
|
|
description
|
|
"Operational state data for tag-set condition statements";
|
|
}
|
|
|
|
grouping tag-set-condition-top {
|
|
description
|
|
"Top-level grouping for tag-set conditions";
|
|
|
|
container match-tag-set {
|
|
description
|
|
"Match a referenced tag set according to the logic defined
|
|
in the match-options-set leaf";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for tag-set conditions";
|
|
|
|
uses tag-set-condition-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data tag-set conditions";
|
|
|
|
uses tag-set-condition-config;
|
|
uses tag-set-condition-state;
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping generic-conditions {
|
|
description "Condition statement definitions for checking
|
|
membership in a generic defined set";
|
|
|
|
uses match-interface-condition-top;
|
|
uses prefix-set-condition-top;
|
|
uses neighbor-set-condition-top;
|
|
uses tag-set-condition-top;
|
|
|
|
}
|
|
|
|
grouping generic-actions {
|
|
description
|
|
"Definitions for common set of policy action statements that
|
|
manage the disposition or control flow of the policy";
|
|
|
|
leaf policy-result {
|
|
type policy-result-type;
|
|
description
|
|
"Select the final disposition for the route, either
|
|
accept or reject.";
|
|
}
|
|
}
|
|
|
|
|
|
grouping policy-conditions-config {
|
|
description
|
|
"Configuration data for general policy conditions, i.e., those
|
|
not related to match-sets";
|
|
|
|
leaf call-policy {
|
|
type leafref {
|
|
path "../../../../../../../" +
|
|
"oc-rpol:policy-definitions/" +
|
|
"oc-rpol:policy-definition/oc-rpol:name";
|
|
//TODO: require-instance should be added when
|
|
//it is supported in YANG 1.1
|
|
//require-instance true;
|
|
}
|
|
description
|
|
"Applies the statements from the specified policy
|
|
definition and then returns control the current
|
|
policy statement. Note that the called policy may
|
|
itself call other policies (subject to
|
|
implementation limitations). This is intended to
|
|
provide a policy 'subroutine' capability. The
|
|
called policy should contain an explicit or a
|
|
default route disposition that returns an
|
|
effective true (accept-route) or false
|
|
(reject-route), otherwise the behavior may be
|
|
ambiguous and implementation dependent";
|
|
}
|
|
|
|
leaf install-protocol-eq {
|
|
type identityref {
|
|
base oc-pol-types:INSTALL_PROTOCOL_TYPE;
|
|
}
|
|
description
|
|
"Condition to check the protocol / method used to install
|
|
the route into the local routing table";
|
|
}
|
|
}
|
|
|
|
grouping policy-conditions-state {
|
|
description
|
|
"Operational state data for policy conditions";
|
|
}
|
|
|
|
grouping policy-conditions-top {
|
|
description
|
|
"Top-level grouping for policy conditions";
|
|
|
|
container conditions {
|
|
description
|
|
"Condition statements for the current policy statement";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for policy conditions";
|
|
|
|
uses policy-conditions-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for policy conditions";
|
|
|
|
uses policy-conditions-config;
|
|
uses policy-conditions-state;
|
|
}
|
|
uses generic-conditions;
|
|
}
|
|
}
|
|
|
|
grouping policy-statements-config {
|
|
description
|
|
"Configuration data for policy statements";
|
|
|
|
leaf name {
|
|
type string;
|
|
description
|
|
"name of the policy statement";
|
|
}
|
|
}
|
|
|
|
grouping policy-statements-state {
|
|
description
|
|
"Operational state data for policy statements";
|
|
}
|
|
|
|
|
|
|
|
grouping policy-actions-config {
|
|
description
|
|
"Configuration data for policy actions";
|
|
|
|
uses generic-actions;
|
|
}
|
|
|
|
grouping policy-actions-state {
|
|
description
|
|
"Operational state data for policy actions";
|
|
}
|
|
|
|
grouping policy-actions-top {
|
|
description
|
|
"Top-level grouping for policy actions";
|
|
|
|
container actions {
|
|
description
|
|
"Top-level container for policy action statements";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for policy actions";
|
|
|
|
uses policy-actions-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for policy actions";
|
|
|
|
uses policy-actions-config;
|
|
uses policy-actions-state;
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping policy-statements-top {
|
|
description
|
|
"Top-level grouping for the policy statements list";
|
|
|
|
container statements {
|
|
description
|
|
"Enclosing container for policy statements";
|
|
|
|
list statement {
|
|
key "name";
|
|
// TODO: names of policy statements within a policy
|
|
// definition should probably be optional, however, YANG
|
|
// requires a unique id for lists
|
|
ordered-by user;
|
|
description
|
|
"Policy statements group conditions and actions
|
|
within a policy definition. They are evaluated in
|
|
the order specified (see the description of policy
|
|
evaluation at the top of this module.";
|
|
|
|
leaf name {
|
|
type leafref {
|
|
path "../config/name";
|
|
}
|
|
description
|
|
"Reference to list key";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for policy statements";
|
|
|
|
uses policy-statements-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for policy statements";
|
|
|
|
uses policy-statements-config;
|
|
uses policy-statements-state;
|
|
}
|
|
|
|
uses policy-conditions-top;
|
|
uses policy-actions-top;
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping defined-sets-top {
|
|
description
|
|
"Top-level grouping for defined set definitions";
|
|
|
|
container defined-sets {
|
|
description
|
|
"Predefined sets of attributes used in policy match
|
|
statements";
|
|
|
|
uses generic-defined-sets;
|
|
}
|
|
}
|
|
|
|
grouping policy-definitions-config {
|
|
description
|
|
"Configuration data for policy definitions";
|
|
|
|
leaf name {
|
|
type string;
|
|
description
|
|
"Name of the top-level policy definition -- this name
|
|
is used in references to the current policy";
|
|
}
|
|
}
|
|
|
|
grouping policy-definitions-state {
|
|
description
|
|
"Operational state data for policy definitions";
|
|
}
|
|
|
|
grouping policy-definitions-top {
|
|
description
|
|
"Top-level grouping for the policy definition list";
|
|
|
|
container policy-definitions {
|
|
description
|
|
"Enclosing container for the list of top-level policy
|
|
definitions";
|
|
|
|
list policy-definition {
|
|
key "name";
|
|
description
|
|
"List of top-level policy definitions, keyed by unique
|
|
name. These policy definitions are expected to be
|
|
referenced (by name) in policy chains specified in import
|
|
or export configuration statements.";
|
|
|
|
leaf name {
|
|
type leafref {
|
|
path "../config/name";
|
|
}
|
|
description
|
|
"Reference to the list key";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for policy defintions";
|
|
|
|
uses policy-definitions-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for policy definitions";
|
|
|
|
uses policy-definitions-config;
|
|
uses policy-definitions-state;
|
|
}
|
|
|
|
uses policy-statements-top;
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping routing-policy-top {
|
|
description
|
|
"Top level container for OpenConfig routing policy";
|
|
|
|
container routing-policy {
|
|
description
|
|
"Top-level container for all routing policy configuration";
|
|
|
|
|
|
uses defined-sets-top;
|
|
|
|
uses policy-definitions-top;
|
|
}
|
|
}
|
|
|
|
grouping apply-policy-import-config {
|
|
description
|
|
"Configuration data for applying import policies";
|
|
|
|
leaf-list import-policy {
|
|
type leafref {
|
|
path "/oc-rpol:routing-policy/oc-rpol:policy-definitions/" +
|
|
"oc-rpol:policy-definition/oc-rpol:name";
|
|
//TODO: require-instance should be added when it's
|
|
//supported in YANG 1.1
|
|
//require-instance true;
|
|
}
|
|
ordered-by user;
|
|
description
|
|
"list of policy names in sequence to be applied on
|
|
receiving a routing update in the current context, e.g.,
|
|
for the current peer group, neighbor, address family,
|
|
etc.";
|
|
}
|
|
|
|
leaf default-import-policy {
|
|
type default-policy-type;
|
|
default REJECT_ROUTE;
|
|
description
|
|
"explicitly set a default policy if no policy definition
|
|
in the import policy chain is satisfied.";
|
|
}
|
|
|
|
}
|
|
|
|
grouping apply-policy-export-config {
|
|
description
|
|
"Configuration data for applying export policies";
|
|
|
|
leaf-list export-policy {
|
|
type leafref {
|
|
path "/oc-rpol:routing-policy/oc-rpol:policy-definitions/" +
|
|
"oc-rpol:policy-definition/oc-rpol:name";
|
|
//TODO: require-instance should be added when it's
|
|
//supported in YANG 1.1
|
|
//require-instance true;
|
|
}
|
|
ordered-by user;
|
|
description
|
|
"list of policy names in sequence to be applied on
|
|
sending a routing update in the current context, e.g.,
|
|
for the current peer group, neighbor, address family,
|
|
etc.";
|
|
}
|
|
|
|
leaf default-export-policy {
|
|
type default-policy-type;
|
|
default REJECT_ROUTE;
|
|
description
|
|
"explicitly set a default policy if no policy definition
|
|
in the export policy chain is satisfied.";
|
|
}
|
|
}
|
|
|
|
|
|
grouping apply-policy-config {
|
|
description
|
|
"Configuration data for routing policies";
|
|
|
|
uses apply-policy-import-config;
|
|
uses apply-policy-export-config;
|
|
|
|
}
|
|
|
|
|
|
|
|
grouping apply-policy-state {
|
|
description
|
|
"Operational state associated with routing policy";
|
|
|
|
//TODO: identify additional state data beyond the intended
|
|
//policy configuration.
|
|
}
|
|
|
|
grouping apply-policy-group {
|
|
description
|
|
"Top level container for routing policy applications. This
|
|
grouping is intended to be used in routing models where
|
|
needed.";
|
|
|
|
container apply-policy {
|
|
description
|
|
"Anchor point for routing policies in the model.
|
|
Import and export policies are with respect to the local
|
|
routing table, i.e., export (send) and import (receive),
|
|
depending on the context.";
|
|
|
|
container config {
|
|
description
|
|
"Policy configuration data.";
|
|
|
|
uses apply-policy-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
description
|
|
"Operational state for routing policy";
|
|
|
|
uses apply-policy-config;
|
|
uses apply-policy-state;
|
|
}
|
|
}
|
|
}
|
|
|
|
uses routing-policy-top;
|
|
|
|
}
|