module ietf-pcp {
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-pcp";
prefix pcp;
import ietf-inet-types {
prefix inet;
}
import ietf-yang-types {
prefix yang;
}
organization "xxx Working Group";
contact
"Mohamed Boucadair <mohamed.boucadair@orange.com>
Christian Jacquenet <christian.jacquenet@orange.com>";
description
"This module embeds the core PCP characteristics, including
the description of PCP operations, options and mapping entries.
Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.";
revision "2017-10-17" {
description "Align with NMDA";
reference
"-05";
}
revision "2015-08-05" {
description "Changes tbc.";
reference
"-00";
}
identity c_function {
base
description
"Base identity for controlled function.";
reference
"RFC 3022.";
}
identity nat44 {
base pcp:c_function;
description
"Base identity for NAT44 type.";
reference
"RFC 3022.";
}
identity nat64 {
base pcp:c_function;
description
"Base identity for NAT64 type.";
reference
"RFC 6146.";
}
identity dslite {
base pcp:c_function;
description
"Base identity for DS-Lite type.";
reference
"RFC 6333.";
}
identity nptv6 {
base pcp:c_function;
description
"Base identity for NPTv6 type.";
reference
"RFC 6296.";
}
identity ipv4-firewall {
base pcp:c_function;
description
"Base identity for IPv4 firewall type.";
}
identity ipv6-firewall {
base pcp:c_function;
description
"Base identity for IPv6 firewall type.";
}
identity port-range-router {
base pcp:c_function;
description
"Base identity for Port Range Router type.";
reference
"RFC 6346.";
}
grouping description-option {
description
"used to configure DESCRIPTION option.";
leaf description-enabled {
type boolean;
description
"Enable/disable DESCRIPTION option.";
reference
"RFC 7220";
}
leaf max-description {
type uint32;
description
"Indicates the maximum length of the description
associated with a mapping.";
reference
"RFC 7220";
}
} // grouping description-option
grouping filter-option {
description "FILTER option";
leaf filter-enabled {
type boolean;
description
"Enable/disable FILTER option.";
reference
"RFC 6887";
}
leaf max-filters {
type uint32;
description
"Indicates the maximum number of filters
associated with a mapping.";
reference
"RFC 6887";
}
} // grouping filter-option
grouping port-set-option {
description "PORT_SET option.";
leaf port-set-enable {
type boolean;
description
"Enable/disable PORT_SET option.";
reference
"RFC 7753";
}
leaf default-port-set-size {
type uint16;
description
"Indicates the default size of a port set.";
reference
"RFC 7753";
}
leaf maximum-port-set-size {
type uint16;
description
"Indicates the maximum size of a port set.";
reference
"RFC 7753";
}
} // grouping port-set-option
grouping opcode {
description
"Indicates the set of supported/enabled PCP opcodes.";
leaf map {
type boolean;
description "MAP opcode";
reference
"RFC 6887";
}
leaf peer {
type boolean;
description "PEER opcode";
reference
"RFC 6887";
}
leaf announce {
type boolean;
description "ANNOUNCE opcode.";
reference
"RFC 6887";
}
} // grouping opcode
grouping option {
description "a set of PCP options.";
leaf third-party {
type boolean;
description
"THIRD_PARTY option is used when a PCP client wants
to control a mapping to an internal host other
than itself.";
reference
"RFC 6887";
}
leaf prefer-failure {
type boolean;
description
"This option indicates that if the PCP server is unable
to map both the suggested external port and suggested
external address, the PCP server should not create
a mapping. This differs from the behavior without this
option, which is to create a mapping.
PREFER_FAILURE is never necessary for a PCP client to
manage mappings for itself, and its use causes
additional work in the PCP client and in the PCP
server. See Section 13.2 of [RFC6887].";
reference
"Section 13.2 ofRFC 6887";
}
container filter {
description
"This option indicates that filtering incoming packets
is desired.";
uses filter-option;
} // container filter
leaf port-set {
type boolean;
description
"Indicates whether PORT_SET is supported/enabled.";
}
container description {
description
"Associates a description with a mapping.";
reference
"RFC 7220";
uses description-option;
} // container description
leaf prefix64 {
type boolean;
description "PREFIX64 PCP option.";
reference
"RFC 7225";
}
} // grouping option
grouping port-number {
description
"Individual port or a range of ports.
When only start-port-numbert is present,
it represents a single port.";
leaf start-port-number {
type inet:port-number;
description
"Begining of the port range.";
reference
"Section 3.2.9 of RFC 8045.";
}
leaf end-port-number {
type inet:port-number;
must ". >= ../start-port-number" {
error-message
"The end-port-number must be greater than or
equal to start-port-number.";
}
description "End of the port range.";
reference
"Section 3.2.10 of RFC 8045.";
}
} // grouping port-number
grouping filter {
description
"The remote peer IP address and remote peer port of
the FILTER option indicate the permitted remote peer's
source IP address and source port for packets from
the Internet; other traffic from other addresses
is blocked.";
leaf filter-id {
type uint32;
description
"An identifier of the filter.";
}
leaf remote-ip-prefix {
type inet:ipv6-prefix;
description
"The IP address of the remote peer.";
}
leaf remote-port-number {
type inet:port-number;
description
"The port number of the remote peer. Value 0
indicates 'all ports'.";
}
} // grouping filter
grouping mapping-entry {
description "A PCP mapping entry.";
leaf index {
type uint32;
description
"A unique identifier of a mapping entry.";
}
leaf status {
type enumeration {
enum "disabled" {
value 0;
description
"The mapping entry is not in use (Disabled).";
}
enum "requested" {
value 1;
description
"A PCP request has been sent for this mapping.
Still waiting for a response from the server.";
}
enum "assigned" {
value 2;
description
"This mapping has been granted by the server.";
}
enum "stale" {
value 3;
description
"This is a stale mapping (case of reboot).";
}
}
description
"Indicates the status of a mapping entry.";
}
leaf mapping-nonce {
type string;
description
"A random value chosen by the PCP client";
}
leaf internal-ip-address {
type inet:ipv6-prefix;
description
"Corresponds to the PCP Client's IP Address
defined in [RFC6887].";
}
container internal-port {
description
"Internal port for the mapping. Value 0 indicates
'all ports', and is legal when the lifetime is zero
(a delete request), if the protocol does not use
16-bit port numbers, or the client is requesting
'all ports'. If the protocol is zero
(meaning 'all protocols'), then internal port
is set to zero.";
uses port-number;
} // container internal-port
leaf external-ip-address {
type inet:ipv6-prefix;
description
"External IP address. Can be 'Suggested' or 'Assigned'.
It can be set by a client to stale-ip-address, if available
or to (::) (for requesting external IPv6 addresses)
or (::ffff:0:0) (for requesting external IPv4 addresses).";
}
container external-port {
description
"External port number. Can be 'Suggested' or 'Assigned'.";
uses port-number;
} // container external-port
leaf protocol {
type uint8;
description
"Upper-layer protocol associated with this Opcode.
Values are taken from the IANA protocol registry.
For example, this field contains 6 (TCP) if the Opcode
is intended to create a TCP mapping. This field contains
17 (UDP) if the Opcode is intended to create a UDP mapping.
The value 0 has a special meaning for 'all protocols'.";
}
leaf lifetime {
type uint32;
description
"Lifetime of the mapping.
Can be requested/assigned/remaining";
}
leaf third-party-address {
type inet:ipv6-prefix;
description
"used to indicate the internal IP address
when THIRD_PARTY is in use.";
}
list filter {
key "filter-id";
description
"a list of filters associated with the mapping.";
uses filter;
} // list filter
leaf description {
type string;
description
"a description string associated with the mapping.";
}
leaf prefer-failure-tagged {
type boolean;
description
"a tag which indicates whether PREFER_FAILURE
is (to be) used.";
}
} // grouping mapping-entry
grouping status-code {
description
"stores the result status code";
leaf status-code {
type enumeration {
enum "SUCCESS" {
value 0;
description "Success";
}
enum "unsupported-version" {
value 1;
description
"The version number at the start of the PCP Request
header is not recognized by this PCP server.
This is a long lifetime error.";
}
enum "not-authorized" {
value 2;
description
"The requested operation is disabled for this PCP
client, or the PCP client requested an operation
that cannot be fulfilled by the PCP server's
security policy.
This is a long lifetime error.";
}
enum "malformed-request" {
value 3;
description
"The request could not be successfully parsed.
This is a long lifetime error.";
}
enum "unsupported-opcode" {
value 4;
description
"Unsupported Opcode.
This is a long lifetime error.";
}
enum "unsupported-option" {
value 5;
description
"Unsupported option. This error only occurs if
the option is in the mandatory-to-process range.
This is a long lifetime error.";
}
enum "malformed-option" {
value 6;
description
"Malformed option (e.g., appears too many times,
invalid length).
This is a long lifetime error.";
}
enum "network-failure" {
value 7;
description
"The PCP server or the device it controls is
experiencing a network failure of some sort
(e.g., has not yet obtained an external
IP address).
This is a short lifetime error.";
}
enum "no-resources" {
value 8;
description
"Request is well-formed and valid, but the server
has insufficient resources to complete
the requested operation at this time.
For example, the NAT device cannot create more
mappings at this time, is short of CPU cycles
or memory, or is unable to handle the request
due to some other temporary condition.
The same request may succeed in the future.
This is a system-wide error, different from
USER_EX_QUOTA. This can be used as a
catch-all error, should no other error
message be suitable.
This is a short lifetime error.";
}
enum "unsupported-protocol" {
value 9;
description
"Unsupported transport protocol, e.g.,
SCTP in a NAT that handles only UDP and TCP.
This is a long lifetime error.";
}
enum "ex-quota" {
value 10;
description
"This attempt to create a new mapping would
exceed this subscriber's port quota.
This is a short lifetime error.";
}
enum "cannot-provide-external" {
value 11;
description
"The suggested external port and/or
external address cannot be provided.
This error must only be returned for:
* MAP requests that included the
PREFER_FAILURE option
* MAP requests for the SCTP protocol
(PREFER_FAILURE is implied)
* PEER requests.";
}
enum "address-mismatch" {
value 12;
description
"The source IP address of the request
packet does not match the contents of the
PCP Client's IP Address field, due to an
unexpected NAT on the path between the PCP
client and the PCP-controlled NAT or firewall.
This is a long lifetime error.";
}
enum "extensive-remote-peer" {
value 13;
description
"The PCP server was not able to create the
filters in this request. This result code must
only be returned if the MAP request contained
the FILTER option.
This is a long lifetime error.";
}
}
description "result status code.";
}
} // grouping status-code
grouping pcp-server-address {
description
"A list of PCP servers. Each PCP server can be identified
by one or multiple IP addresses.";
leaf pcp-server-id {
type uint32;
description "A unique identifier.";
}
list pcp-server-ip-address {
key "address-id";
description
"a list of IP addresses of a PCP server";
leaf address-id {
type uint32;
description "An identifier";
}
leaf ip-address {
type inet:ipv6-address;
description
"An IP address of a PCP server.";
}
} // list pcp-server-ip-address
leaf external-address-familly {
type inet:ip-version;
description
"The address family of the external address(es)
managed by the PCP server.
Can be IPv4, IPv6 or both.";
}
leaf stale-external-ip-address {
type inet:ipv6-prefix;
description
"A stale address that can be used by the PCP client
to be assigned the same address upon reboot
or other failure events.";
}
} // grouping pcp-server-address
grouping pcp-server-address-status {
description
"Groups the status of the communication between
a PCP client a server.";
uses pcp-server-address;
leaf source {
type enumeration {
enum "manual-configuration" {
value 0;
description
"The server has been manually configured.";
}
enum "dhcpv6" {
value 1;
description
"Retrieved from DHCPv6 [RFC7291].";
}
enum "dhcpv4" {
value 2;
description
"Retrieved from DHCPv4 [RFC7291].";
}
enum "else" {
value 3;
description
"Else (e.g., TR-96.)";
}
}
description
"source of the PCP server reachability information.";
}
leaf in-use {
type boolean;
description
"Indicates whether this in-use instance of the server
is the result of the selection
process defined in [RFC7488].";
}
leaf server-epoch {
type uint32;
description
"The PCP server's Epoch.";
}
leaf client-epoch {
type uint32;
description
"The PCP client's Epoch.";
}
leaf current-version {
type uint8;
description
"The version that is selected as per the version negotiation
procedure specified in Section 9 of [RFC6877].";
}
} // grouping pcp-server-address-status
grouping pcp-controlled-function {
description
"A set of PCP-controlled functions.
One or multiple functions can be controlled
by the same PCP server. ";
leaf-list pcp-controlled-function {
type identityref {
base c_function;
}
description "Type of NAT.";
}
} // grouping pcp-controlled-function
grouping traffic-stat {
description
"Groups a set of statistics.";
container traffic-statistics {
description
"Generic traffic statistics.";
leaf sent-packet {
type yang:zero-based-counter64;
description "Packets sent";
}
leaf sent-byte {
type yang:zero-based-counter64;
description
"Counter for sent traffic in bytes.";
}
leaf rcvd-packet {
type yang:zero-based-counter64;
description
"Counter for received packets.";
}
leaf rcvd-byte {
type yang:zero-based-counter64;
description
"Counter for received traffic in bytes.";
}
leaf dropped-packet {
type yang:zero-based-counter64;
description
"Counter for dropped packets.";
}
leaf dropped-byte {
type yang:zero-based-counter64;
description
"Counter for dropped traffic in bytes.";
}
} // container traffic-statistics
container opcode-statistics {
description
"Opcode-related statistics.";
leaf sent-map {
type yang:zero-based-counter64;
description
"Counter for sent MAP messages";
}
leaf rcvd-map {
type yang:zero-based-counter64;
description
"Counter for received MAP messages";
}
leaf sent-peer {
type yang:zero-based-counter64;
description
"Counter for sent PEER messages";
}
leaf rcvd-peer {
type yang:zero-based-counter64;
description
"Counter for received PEER messages";
}
leaf sent-annonce {
type yang:zero-based-counter64;
description
"Counter for sent ANNOUNCE messages";
}
leaf rcvd-announce {
type yang:zero-based-counter64;
description
"Counter for received ANNOUNCED messages";
}
leaf rcvd-unknown {
type yang:zero-based-counter64;
description
"Counter for received unknown opcodes";
}
leaf rcvd-malformed {
type yang:zero-based-counter64;
description
"Counter for received malformed opcodes";
}
} // container opcode-statistics
} // grouping traffic-stat
grouping mapping-table-stats {
description
"PCP mapping table related statistics.";
leaf current-mt-size {
type yang:zero-based-counter64;
description
"Size of the mapping table";
}
leaf max-mt-size {
type uint32;
description
"Maximum configured size of the mapping table.";
}
} // grouping mapping-table-stats
grouping pcp-version {
description "PCP version(s)";
leaf version {
type uint8;
description
"Indicates a PCP server.
Current versions are: 0, 1, and 2.";
}
} // grouping pcp-version
} // module ietf-pcp