netconfcentral logo

ietf-dots-data-channel

HTML

ietf-dots-data-channel@2017-12-08



  module ietf-dots-data-channel {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-dots-data-channel";

    prefix data-channel;

    import ietf-inet-types {
      prefix inet;
    }
    import ietf-access-control-list {
      prefix ietf-acl;
    }

    organization "IETF DOTS Working Group";

    contact
      "Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
     Mohamed Boucadair <mohamed.boucadair@orange.com>
     Kaname Nishizuka <kaname@nttv6.jp>
     Liang Xia <frank.xialiang@huawei.com>
     Prashanth Patil <praspati@cisco.com>
     Andrew Mortensen <amortensen@arbor.net>
     Nik Teague <nteague@verisign.com>";

    description
      "This module contains YANG definition for configuring
     identifiers for resources and filtering rules using DOTS
     data channel.

     Copyright (c) 2017 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the Simplified BSD License
     set forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (http://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX; see
     the RFC itself for full legal notices.";

    revision "2017-12-08" {
      description "Initial revision.";
      reference
        "RFC XXXX: Distributed Denial-of-Service Open Threat
        	  Signaling (DOTS) Data Channel";

    }


    container identifier {
      description
        "Top level container for identifiers";
      leaf-list client-identifier {
        type binary;
        description
          "A client identifier conveyed by a
         DOTS gateway to a remote DOTS server.";
        reference
          "I-D.itef-dots-signal-channel: Distributed Denial-of-Service
          	     Open Threat Signaling (DOTS) Signal Channel";

      }

      list alias {
        key "alias-name";
        description "List of identifiers";
        leaf alias-name {
          type string;
          description "alias name";
        }

        leaf-list target-ip {
          type inet:ip-address;
          description
            "IPv4 or IPv6 address identifying the target.";
        }

        leaf-list target-prefix {
          type inet:ip-prefix;
          description
            "IPv4 or IPv6 prefix identifying the target.";
        }

        list target-port-range {
          key "lower-port upper-port";
          description
            "Port range. When only lower-port is
           present, it represents a single port.";
          leaf lower-port {
            type inet:port-number;
            mandatory true;
            description "Lower port number.";
          }

          leaf upper-port {
            type inet:port-number;
            must ". >= ../lower-port" {
              error-message
                "The upper port number must be greater than
                or equal to lower port number.";
            }
            description "Upper port number.";
          }
        }  // list target-port-range

        leaf-list target-protocol {
          type uint8;
          description
            "Identifies the target protocol number.

           The value '0' means 'all protocols'.

           Values are taken from the IANA protocol registry:
           https://www.iana.org/assignments/protocol-numbers/
           protocol-numbers.xhtml

           For example, 6 for a TCP or 17 for UDP.";
        }

        leaf-list target-fqdn {
          type inet:domain-name;
          description
            "FQDN identifying the target.";
        }

        leaf-list target-uri {
          type inet:uri;
          description
            "URI identifying the target.";
        }
      }  // list alias
    }  // container identifier

    augment /ietf-acl:access-lists {
      description
        "client-identifier parameter.";
      leaf-list client-identifier {
        type binary;
        description
          "A client identifier conveyed by a DOTS gateway
         to a remote DOTS server.";
      }
    }

    augment /ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/ietf-acl:ace/ietf-acl:actions {
      description "rate-limit action";
      leaf rate-limit {
        when
          "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/"
            + "ietf-acl:ace/ietf-acl:actions/"
            + "ietf-acl:forwarding = 'ietf-acl:accept'" {
          description
            "rate-limit valid only when accept action is used";
        }
        type decimal64 {
          fraction-digits 2;
        }
        description "rate-limit traffic";
      }
    }

    augment /ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/ietf-acl:ace/ietf-acl:matches/ietf-acl:ipv4-acl {
      description
        "Handle non-initial and initial fragments for IPv4 packets.";
      leaf fragments {
        type empty;
        description "Handle fragments.";
      }
    }

    augment /ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/ietf-acl:ace/ietf-acl:matches/ietf-acl:ipv6-acl {
      description
        "Handle non-initial and initial fragments for IPv6 packets.";
      leaf fragments {
        type empty;
        description "Handle fragments.";
      }
    }

    augment /ietf-acl:access-lists {
      description
        "Handle ordering of ACLs from a DOTS client";
      container dots-acl-order {
        description
          "Enclosing container for ordering
         the ACLs from a DOTS client";
        list acl-set {
          key "set-name type";
          ordered-by user;
          description "List of ACLs";
          leaf set-name {
            type leafref {
              path
                "/ietf-acl:access-lists/ietf-acl:acl"
                  + "/ietf-acl:acl-name";
            }
            description
              "Reference to the ACL set name";
          }

          leaf type {
            type leafref {
              path
                "/ietf-acl:access-lists/ietf-acl:acl"
                  + "/ietf-acl:acl-type";
            }
            description
              "Reference to the ACL set type";
          }
        }  // list acl-set
      }  // container dots-acl-order
    }
  }  // module ietf-dots-data-channel

Summary

  
  
Organization IETF DOTS Working Group
  
Module ietf-dots-data-channel
Version 2017-12-08
File ietf-dots-data-channel@2017-12-08.yang
  
Prefix data-channel
Namespace urn:ietf:params:xml:ns:yang:ietf-dots-data-channel
  
Cooked /cookedmodules/ietf-dots-data-channel/2017-12-08
YANG /src/ietf-dots-data-channel@2017-12-08.yang
XSD /xsd/ietf-dots-data-channel@2017-12-08.xsd
  
Abstract This module contains YANG definition for configuring identifiers for resources and filtering rules using DOTS data channel. Cop...
  
Contact
Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
Mohamed Boucadair <mohamed.boucadair@orange.com>
Kaname Nishizuka <kaname@nttv6.jp>
Liang Xia <frank.xialiang@huawei.com>
Prashanth Patil <praspati@cisco.com>
Andrew Mortensen <amortensen@arbor.net>
Nik Teague <nteague@verisign.com>

Description

 
This module contains YANG definition for configuring
identifiers for resources and filtering rules using DOTS
data channel.

Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code.  All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
identifier container Top level container for identifiers
   alias list List of identifiers
      alias-name leaf alias name
      target-fqdn leaf-list FQDN identifying the target.
      target-ip leaf-list IPv4 or IPv6 address identifying the target.
      target-port-range list Port range. When only lower-port is present, it represents a single port.
         lower-port leaf Lower port number.
         upper-port leaf Upper port number.
      target-prefix leaf-list IPv4 or IPv6 prefix identifying the target.
      target-protocol leaf-list Identifies the target protocol number. The value '0' means 'all protocols'. Values are taken from the IANA protocol registry: https://www.iana.org/assignments/protocol-numbers/ protocol-numbers.xhtml For example, 6 for a TCP or 17 for UDP.
      target-uri leaf-list URI identifying the target.
   client-identifier leaf-list A client identifier conveyed by a DOTS gateway to a remote DOTS server.