netconfcentral logo

ietf-pkt-eca-policy

HTML

ietf-pkt-eca-policy@2017-03-13



  module ietf-pkt-eca-policy {

    yang-version 1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy";

    prefix pkt-eca-policy;

    import ietf-routing {
      prefix rt;
    }
    import ietf-interfaces {
      prefix if;
    }
    import ietf-inet-types {
      prefix inet;
    }
    import ietf-i2rs-rib {
      prefix iir;
    }

    organization "IETF I2RS WG";

    contact
      "email: shares@ndzh.com
         email: russ.white@riw.com
         email: linda.dunbar@huawei.com
     email: bill.wu@huawei.com";

    description
      "This module describes a basic network policy
       model with filter per layer.";

    revision "2017-03-13" {
      description "third revision";
      reference
        "draft-ietf-i2rs-pkt-eca-policy-dm-03";

    }


    identity l2-header-match-type {
      base 
      description
        " l2 header type for match ";
    }

    identity l2-802-1Q {
      base l2-header-match-type;
      description
        " l2 header type for 802.1Q match ";
    }

    identity l2-802-11 {
      base l2-header-match-type;
      description
        " l2 header type for 802.11 match ";
    }

    identity l2-802-15 {
      base l2-header-match-type;
      description
        " l2 header type for 802.15 match ";
    }

    identity l2-NVGRE {
      base l2-header-match-type;
      description
        " l2 header type for NVGRE match ";
    }

    identity l2-mpls {
      base l2-header-match-type;
      description
        " l2 header type for MPLS match ";
    }

    identity l2-VXLAN {
      base l2-header-match-type;
      description
        " l2 header type for VXLAN match ";
    }

    identity l3-header-match-type {
      base 
      description
        " l3 header type for match ";
    }

    identity l3-ipv4-hdr {
      base l3-header-match-type;
      description
        " l3 header type for IPv4 match ";
    }

    identity l3-ipv6-hdr {
      base l3-header-match-type;
      description
        " l3 header type for IPv6 match ";
    }

    identity l3-gre-tunnel {
      base l3-header-match-type;
      description
        "l3 header r
          type for GRE tunnel match ";
    }

    identity l3-icmp-header {
      base l3-header-match-type;
      description "L3 header match for ICMP";
    }

    identity l3-ipsec-ah-header {
      base l3-header-match-type;
      description "AH IPSEC header ";
    }

    identity l3-ipsec-esp-header {
      base l3-header-match-type;
      description "AH IPSEC header ";
    }

    identity l4-header-match-type {
      base 
      description
        "L4 header
        match types. (TCP, UDP,
        SCTP, UDPLite, etc. )";
    }

    identity l4-tcp-header {
      base l4-header-match-type;
      description "L4 header for TCP";
    }

    identity l4-udp-header {
      base l4-header-match-type;
      description "L4 header match for UDP";
    }

    identity l4-udplite {
      base l4-header-match-type;
      description
        "L4 header match for
           UDP lite";
    }

    identity l4-sctp-header {
      base l4-header-match-type;
      description "L4 header match for SCTP";
    }

    identity rule-status-type {
      base 
      description
        "status
        values for rule: invalid (0),
        valid (1), valid and installed (2)";
    }

    identity rule-status-invalid {
      base rule-status-type;
      description "invalid rule status.";
    }

    identity rule-status-valid {
      base rule-status-type;
      description
        "This status indicates
           a valid rule.";
    }

    identity rule-status-valid-installed {
      base rule-status-type;
      description
        "This status indicates
       an installed rule.";
    }

    identity rule-status-valid-inactive {
      base rule-status-type;
      description
        "This status indicates
               a valid ruled that is not installed.";
    }

    grouping interface-match {
      description
        "interface
          has name, description, type, enabled
          as potential matches";
      leaf match-if-name {
        type if:interface-ref;
        description
          "match on interface name";
      }
    }  // grouping interface-match

    grouping interface-actions {
      description
        "interface action up/down and
           enable/disable";
      leaf interface-up {
        type boolean;
        description
          "action to put interface up";
      }

      leaf interface-down {
        type boolean;
        description
          "action to put interface down";
      }

      leaf interface-enable {
        type boolean;
        description
          "action to enable interface";
      }

      leaf interface-disable {
        type boolean;
        description
          "action to disable interface";
      }
    }  // grouping interface-actions

    grouping L2-802-1Q-header {
      description
        "This is short-term 802.1 header
                 match which will be replaced
                 by reference to IEEE yang when
                 it arrives. Qtag 1 is 802.1Q
                 Qtag2 is 802.1AD";
      leaf vlan-present {
        type boolean;
        description
          " Include VLAN in header";
      }

      leaf qtag1-present {
        type boolean;
        description
          " This flag value indicates
                        inclusion of one 802.1Q tag in header";
      }

      leaf qtag2-present {
        type boolean;
        description
          "This flag indicates the
                          inclusion of second 802.1Q tag in header";
      }

      leaf dest-mac {
        type uint64;
        description
          "IEEE destination MAC value
                     from the header";
      }

      leaf src-mac {
        type uint64;
        description
          "IEEE source MAC
                   from the header";
      }

      leaf vlan-tag {
        type uint16;
        description
          "IEEE VLAN Tag
                   from the header";
      }

      leaf qtag1 {
        type uint32;
        description
          "Qtag1 value
                        from the header";
      }

      leaf qtag2 {
        type uint32;
        description
          "Qtag1 value
                        from the header";
      }

      leaf L2-ethertype {
        type uint16;
        description
          "Ether type
                       from the header";
      }
    }  // grouping L2-802-1Q-header

    grouping L2-VXLAN-header {
      description
        "This VXLAN header may
               be replaced by actual VXLAN yang
               module reference";
      container vxlan-header {
        description
          " choices for
                   L2-VLAN header matches.
                       Outer-header only.
                       Need to fix inner header. ";
        uses iir:ipv4-header;

        leaf vxlan-network-id {
          type uint32;
          description "VLAN network id";
        }
      }  // container vxlan-header
    }  // grouping L2-VXLAN-header

    grouping L2-NVGRE-header {
      description
        "Grouping for
                  L2 NVGRE header.";
      container nvgre-header {
        description
          "This NVGRE header may
                 be replaced by actual NVGRE yang
                  module reference";
        uses L2-802-1Q-header;

        uses iir:ipv4-header;

        leaf gre-version {
          type uint8;
          description "L2-NVGRE GRE version";
        }

        leaf gre-proto {
          type uint16;
          description
            "L2-NVGRE protocol value";
        }

        leaf virtual-subnet-id {
          type uint32;
          description
            "L2-NVGRE subnet id value";
        }

        leaf flow-id {
          type uint16;
          description
            "L2-NVGRE Flow id value";
        }
      }  // container nvgre-header
    }  // grouping L2-NVGRE-header

    grouping L2-header-match {
      description
        " The layer 2 header match includes
                  any reference to L2 technology";
      choice l2-header-match-type {
        description
          "Choice of L2
                   headers for L2 match";
        case l2-802-1Q {
          uses L2-802-1Q-header;
        }  // case l2-802-1Q

        case l2-802-11 {
        }  // case l2-802-11

        case l2-802-15 {
        }  // case l2-802-15

        case l2-NVGRE {
          uses L2-NVGRE-header;
        }  // case l2-NVGRE

        case l2-VXLAN-header {
          uses L2-VXLAN-header;
        }  // case l2-VXLAN-header

        case l2-mpls-header {
          uses iir:mpls-header;
        }  // case l2-mpls-header
      }  // choice l2-header-match-type
    }  // grouping L2-header-match

    grouping L2-NVGRE-mod-acts {
      description "L2-NVRE Actions";
      leaf set-vsid {
        type boolean;
        description
          "Boolean flag to set VSID in packet";
      }

      leaf set-flowid {
        type boolean;
        description
          "Boolean flag to set VSID in packet";
      }

      leaf vsi {
        type uint32;
        description
          "VSID value to set in packet";
      }

      leaf flow-id {
        type uint16;
        description
          "flow-id value to set in packet";
      }
    }  // grouping L2-NVGRE-mod-acts

    grouping L2-VXLAN-mod-acts {
      description
        "VXLAN header
            modification actions.";
      leaf set-network-id {
        type boolean;
        description
          "flag to set network id in packet";
      }

      leaf network-id {
        type uint32;
        description
          "network id value to set in packet";
      }
    }  // grouping L2-VXLAN-mod-acts

    grouping L2-mpls-mod-acts {
      description
        "MPLS modify
                header actions";
      leaf pop {
        type boolean;
        description
          "Boolean flag to pop mpls header";
      }

      leaf push {
        type boolean;
        description
          "Boolean flag to push value into
                mpls header";
      }

      leaf mpls-label {
        type uint32;
        description
          "mpls label to push in header";
      }
    }  // grouping L2-mpls-mod-acts

    grouping l2-header-mod-actions {
      description
        " The layer 2 header match includes
                  any reference to L2 technology";
      leaf l2-802-1Q {
        type uint8;
        description "actions for 802.1Q";
      }

      leaf l2-802-11 {
        type uint8;
        description "actions for 802.11";
      }

      leaf l2-802-15 {
        type uint8;
        description "ations for 802.15";
      }

      uses L2-NVGRE-mod-acts;

      uses L2-VXLAN-mod-acts;

      uses L2-mpls-mod-acts;
    }  // grouping l2-header-mod-actions

    grouping L3-header-match {
      description "match for L3 headers";
      choice L3-header-match-type {
        description
          "match for L3
                        headers for IPv4, IPv6,
                         and GRE tunnels";
        case l3-ipv4-hdr {
          uses iir:ipv4-header;
        }  // case l3-ipv4-hdr

        case l3-ipv6-hdr {
          uses iir:ipv6-header;
        }  // case l3-ipv6-hdr

        case L3-gre-tunnel {
          uses iir:gre-header;
        }  // case L3-gre-tunnel
      }  // choice L3-header-match-type
    }  // grouping L3-header-match

    grouping ipv4-encapsulate-gre {
      description
        "encapsulation actions for IPv4 headers";
      leaf encapsulate {
        type boolean;
        description
          "flag to encapsulate headers";
      }

      leaf ipv4-dest-address {
        type inet:ipv4-address;
        description
          "Destination Address for GRE header";
      }

      leaf ipv4-source-address {
        type inet:ipv4-address;
        description
          "Source Address for GRE header";
      }
    }  // grouping ipv4-encapsulate-gre

    grouping L3-header-actions {
      description
        "actions to
          be performed on L3 header";
      choice l3-header-act-type {
        description
          "actions that can
                  be performed on L3 header";
        case l3-ipv4-hdr {
          leaf set-ttl {
            type boolean;
            description "flag to set TTL";
          }

          leaf set-dscp {
            type boolean;
            description "flag to set DSCP";
          }

          leaf ttl-value {
            type uint8;
            description "TTL value to set";
          }

          leaf dscp-val {
            type uint8;
            description "dscp value to set";
          }
        }  // case l3-ipv4-hdr

        case l3-ipv6-hdr {
          leaf set-next-header {
            type boolean;
            description
              "flag to set next routing
                          header in IPv6 header";
          }

          leaf set-traffic-class {
            type boolean;
            description
              "flag to set traffic class
                          in IPv6 header";
          }

          leaf set-flow-label {
            type boolean;
            description
              "flag to set flow label
                            in IPv6 header";
          }

          leaf set-hop-limit {
            type boolean;
            description
              "flag
                           to set hop limit in
                               L3 packet";
          }

          leaf ipv6-next-header {
            type uint8;
            description
              "value to
                          set in next IPv6 header";
          }

          leaf ipv6-traffic-class {
            type uint8;
            description
              "value to set
                               in traffic class";
          }

          leaf ipv6-flow-label {
            type uint16;
            description
              "value to set
                                 in IPOv6 flow label";
          }

          leaf ipv6-hop-limit {
            type uint8;
            description
              "value to set
                            in hop count";
          }
        }  // case l3-ipv6-hdr

        case L3-gre-tunnel {
          description
            "GRE tunnel
                actions";
          leaf decapsulate {
            type boolean;
            description
              "flag to
                           decapsulate GRE packet";
          }
        }  // case L3-gre-tunnel
      }  // choice l3-header-act-type
    }  // grouping L3-header-actions

    grouping tcp-header-match {
      description
        "match for TCP
                header";
      leaf tcp-src-port {
        type uint16;
        description
          "source port match value";
      }

      leaf tcp-dst-port {
        type uint16;
        description
          "dest port value
                 to match";
      }

      leaf sequence-number {
        type uint32;
        description
          "sequence number
                  value to match";
      }

      leaf ack-number {
        type uint32;
        description
          "action value to
                 match";
      }
    }  // grouping tcp-header-match

    grouping tcp-header-action {
      description
        "Actions to
             modify TCP header";
      leaf set-tcp-src-port {
        type boolean;
        description
          "flag to set
                  source port value";
      }

      leaf set-tcp-dst-port {
        type boolean;
        description
          "flag to set source port value";
      }

      leaf tcp-s-port {
        type uint16;
        description
          "source port match value";
      }

      leaf tcp-d-port {
        type uint16;
        description
          "dest port value
                 to match";
      }

      leaf seq-num {
        type uint32;
        description
          "sequence number
                  value to match";
      }

      leaf ack-num {
        type uint32;
        description
          "action value to
                 match";
      }
    }  // grouping tcp-header-action

    grouping udp-header-match {
      description
        "match values for
                 UDP header";
      leaf udp-src-port {
        type uint16;
        description
          "UDP source
                  port match value";
      }

      leaf udp-dst-port {
        type uint16;
        description
          "UDP Destination
                   port match value";
      }
    }  // grouping udp-header-match

    grouping udp-header-action {
      description
        "actions to set
           values in UDP header";
      leaf set-udp-src-port {
        type boolean;
        description
          "flag to set
                  UDP source port match value";
      }

      leaf set-udp-dst-port {
        type boolean;
        description
          "flag to set UDP destination port match value";
      }

      leaf udp-s-port {
        type uint16;
        description
          "UDP source
                  port match value";
      }

      leaf udp-d-port {
        type uint16;
        description
          "UDP Destination
                   port match value";
      }
    }  // grouping udp-header-action

    grouping sctp-chunk {
      description
        "sctp chunck
           header match fields";
      leaf chunk-type {
        type uint8;
        description "sctp chunk type value";
      }

      leaf chunk-flag {
        type uint8;
        description
          "sctp chunk type
                  flag value";
      }

      leaf chunk-length {
        type uint16;
        description "sctp chunk length";
      }

      leaf chunk-data-byte-zero {
        type uint32;
        description
          "byte zero of
                  stcp chunk data";
      }
    }  // grouping sctp-chunk

    grouping sctp-header-match {
      description
        "SCTP header
                    match values";
      uses sctp-chunk;

      leaf stcp-src-port {
        type uint16;
        description
          "sctp header match
                  source port value";
      }

      leaf sctp-dst-port {
        type uint16;
        description
          "sctp header match
                 destination port value";
      }

      leaf sctp-verify-tag {
        type uint32;
        description
          "sctp header match
                  verification tag value";
      }
    }  // grouping sctp-header-match

    grouping sctp-header-action {
      description "sctp qos actions";
      leaf set-stcp-src-port {
        type boolean;
        description
          "set source port in sctp header";
      }

      leaf set-stcp-dst-port {
        type boolean;
        description
          "set destination port in sctp header";
      }

      leaf set-stcp-chunk1 {
        type boolean;
        description
          "set chunk value in sctp header";
      }

      leaf chunk-type-value {
        type uint8;
        description "sctp chunk type value";
      }

      leaf chunk-flag-value {
        type uint8;
        description
          "sctp chunk type
                  flag value";
      }

      leaf chunk-len {
        type uint16;
        description "sctp chunk length";
      }

      leaf chunk-data-bzero {
        type uint32;
        description
          "byte zero of
                  stcp chunk data";
      }
    }  // grouping sctp-header-action

    grouping L4-header-match {
      description
        "L4 header
                 match type";
      choice l4-header-match-type {
        description
          "L4 match
                header choices";
        case l4-tcp-header {
          uses tcp-header-match;
        }  // case l4-tcp-header

        case l4-udp-header {
          uses udp-header-match;
        }  // case l4-udp-header

        case l4-sctp {
          uses sctp-header-match;
        }  // case l4-sctp
      }  // choice l4-header-match-type
    }  // grouping L4-header-match

    grouping L4-header-actions {
      description "L4 header matches";
      uses tcp-header-action;

      uses udp-header-action;

      uses sctp-header-action;
    }  // grouping L4-header-actions

    grouping rule_status {
      description "rule operational status";
      leaf rule-status {
        type string;
        description
          "status information
                free form string.";
      }

      leaf rule-inactive-reason {
        type string;
        description
          "description of
               why rule is inactive";
      }

      leaf rule-install-reason {
        type string;
        description
          "response on rule installed";
      }

      leaf rule-installer {
        type string;
        description "client id of installer";
      }

      leaf refcnt {
        type uint16;
        description
          "reference count on rule. ";
      }
    }  // grouping rule_status

    grouping groups-status {
      description
        "group to rules
            list";
      list group_opstate {
        key "grp-name";
        description
          "group operational
            status";
        leaf grp-name {
          type string;
          description "eca group name";
        }

        leaf rules-installed {
          type uint32;
          description
            "rules in
                 group installed";
        }

        list rules_status {
          key "rule-name";
          description
            "rules per
                group";
          leaf rule-name {
            type string;
            description "name of rule ";
          }

          leaf rule-order {
            type uint32;
            description "rule-order";
          }
        }  // list rules_status
      }  // list group_opstate
    }  // grouping groups-status

    grouping rule-group-link {
      description
        "rule-name to
           group link";
      list rule-group {
        key "rule-name";
        description
          "link between
             group and link";
        leaf rule-name {
          type string;
          description "rule name";
        }

        leaf group-name {
          type string;
          description "group name";
        }
      }  // list rule-group
    }  // grouping rule-group-link

    grouping rules_opstate {
      description
        "rules
                operational state";
      list rules_status {
        key "rule-order rule-name";
        description "eca rule list";
        leaf rule-order {
          type uint32;
          description "order of rules";
        }

        leaf rule-name {
          type string;
          description "rule name";
        }

        uses rule_status;
      }  // list rules_status
    }  // grouping rules_opstate

    grouping rules_opstats {
      description
        "statistics
                    on packet filter matches, and
                    based on matches on many were
                    modified and/or forwarded";
      list rule-stat {
        key "rule-order rule-name";
        description
          "list of
                        operational statistics for each
                        rule.";
        leaf rule-order {
          type uint32;
          description "order of rules";
        }

        leaf rule-name {
          type string;
          description "name of rule";
        }

        leaf pkts-matched {
          type uint64;
          description
            "number of
                     packets that matched filter";
        }

        leaf pkts-modified {
          type uint64;
          description
            "number of
                     packets that filter caused
                     to be modified";
        }

        leaf pkts-dropped {
          type uint64;
          description
            "number of
                     packets that filter caused
                     to be modified";
        }

        leaf bytes-dropped {
          type uint64;
          description
            "number of
                     packets that filter caused
                     to be modified";
        }

        leaf pkts-forwarded {
          type uint64;
          description
            "number of
                     packets that filter caused
                     to be forwarded.";
        }

        leaf bytes-forwarded {
          type uint64;
          description
            "number of
                     packets that filter caused
                     to be forwarded.";
        }
      }  // list rule-stat
    }  // grouping rules_opstats

    grouping packet-size-match {
      description
        "packet size by layer
         only non-zero values are matched";
      leaf l2-size-match {
        type uint32;
        description "L2 packet match size.";
      }

      leaf l3-size-match {
        type uint32;
        description "L3 packet match size.";
      }

      leaf l4-size-match {
        type uint32;
        description "L4 packet match size.";
      }
    }  // grouping packet-size-match

    grouping time-day-match {
      description
        "matches for
          time of day.";
      leaf hour {
        type uint8;
        description
          "hour
                of day in 24  hours.
                (add range)";
      }

      leaf minute {
        type uint8;
        description "minute in day.";
      }

      leaf second {
        type uint8;
        description "second in day.";
      }
    }  // grouping time-day-match

    grouping eca-event-matches {
      description
        "matches for events
            which include:
                time of day.";
      uses time-day-match;
    }  // grouping eca-event-matches

    grouping eca-pkt-matches {
      description "ECA matches";
      uses interface-match;

      uses L2-header-match;

      uses L3-header-match;

      uses L4-header-match;

      uses packet-size-match;
    }  // grouping eca-pkt-matches

    grouping user-status-matches {
      description
        "user status
          matches - region,
          target, location";
      leaf user {
        type string;
        description "user";
      }

      leaf region {
        type string;
        description "region";
      }

      leaf state {
        type string;
        description "state";
      }

      leaf user-status {
        type string;
        description "status of user";
      }
    }  // grouping user-status-matches

    grouping eca-condition-matches {
      description
        "pkt
            and user status matches";
      uses eca-pkt-matches;

      uses user-status-matches;
    }  // grouping eca-condition-matches

    grouping eca-qos-actions {
      description "eca- qos actions";
      leaf cnt-actions {
        type uint32;
        description "count of ECA actions";
      }

      list qos-actions {
        key "action-id";
        description
          "ECA set or change
             packet Actions. Actions may be
                 added here for interface,
                 L2, L3, and L4
                 headers.";
        leaf action-id {
          type uint32;
          description "action id";
        }

        uses interface-actions;

        uses l2-header-mod-actions;

        uses L3-header-actions;

        uses L4-header-actions;
      }  // list qos-actions
    }  // grouping eca-qos-actions

    grouping ip-next-fwd {
      description
        "ECA set or change
                packet Actions";
      leaf rib-name {
        type string;
        description "name of RIB";
      }

      leaf next-hop-name {
        type string;
        description "name of next hop";
      }
    }  // grouping ip-next-fwd

    grouping eca-ingress-actions {
      description "ingress eca match";
      leaf permit {
        type boolean;
        description
          "permit ingress
            traffic.  False
                means to deny.";
      }

      leaf mirror {
        type boolean;
        description
          "copy bytes
            ingressed to mirror port";
      }
    }  // grouping eca-ingress-actions

    grouping eca-fwd-actions {
      description "ECA forwarding actions";
      leaf interface-fwd {
        type if:interface-ref;
        description
          "name of interface to forward on";
      }

      uses iir:nexthop;

      uses ip-next-fwd;

      leaf drop-packet {
        type boolean;
        description "drop packet flag";
      }
    }  // grouping eca-fwd-actions

    grouping eca-security-actions {
      description
        "content actions
          for security. Needs more
          description.";
      leaf actions-exist {
        type boolean;
        description
          "existance of
         eca security actions";
      }
    }  // grouping eca-security-actions

    grouping eca-egress-actions {
      description "packet security actions";
      leaf packet-rate {
        type uint32;
        description "maximum packet-rate";
      }

      leaf byte-rate {
        type uint64;
        description "maximum byte-rate ";
      }
    }  // grouping eca-egress-actions

    grouping policy-conflict-resolution {
      description
        "policy conflict
            resolution strategies";
      list resolution-strategy {
        key "strategy-id";
        description "list of strategies";
        leaf strategy-id {
          type uint32;
          description "Id for strategy";
        }

        leaf stategy-name {
          type string;
          description "name of strategy";
        }

        leaf filter-strategy {
          type string;
          description "type of resolution";
        }

        leaf global-strategy {
          type boolean;
          description "global strategy";
        }

        leaf mandatory-strategy {
          type boolean;
          description "required strategy";
        }

        leaf local-strategy {
          type boolean;
          description "local strategy";
        }

        leaf resolution-fcn {
          type uint64;
          description
            "resolution function id ";
        }

        leaf resolution-value {
          type uint64;
          description "resolution value";
        }

        leaf resolution-info {
          type string;
          description "resolution info";
        }

        list associate-ext-data {
          key "ext-data-id";
          description "linked external data";
          leaf ext-data-id {
            type uint64;
            description
              "ID of external data";
          }

          leaf ext-data {
            type string;
            description "external data";
          }
        }  // list associate-ext-data
      }  // list resolution-strategy
    }  // grouping policy-conflict-resolution

    grouping cfg-external-data {
      description "external data list";
      list cfg-ext-data {
        key "cfg-ext-data-id";
        description "external data";
        leaf cfg-ext-data-id {
          type uint64;
          description "id for external data";
        }

        leaf data-type {
          type uint32;
          description
            "external data type ID";
        }

        leaf priority {
          type uint64;
          description "priority of data";
        }

        leaf other-data {
          type string;
          description
            "string
                  external data";
        }
      }  // list cfg-ext-data
    }  // grouping cfg-external-data

    grouping pkt-eca-policy-set {
      description "Policy sets.";
      list groups {
        key "group-name";
        description "pkt eca rule groups";
        leaf group-name {
          type string;
          description
            "name of group of rules";
        }

        leaf vrf-name {
          type string;
          description "VRF name";
        }

        uses rt:address-family;

        list group-rule-list {
          key "rule-name";
          description "rules per group";
          leaf rule-name {
            type string;
            description "name of rule";
          }

          leaf rule-order-id {
            type uint16;
            description "rule-order-id";
          }
        }  // list group-rule-list
      }  // list groups

      list eca-rules {
        key "order-id";
        ordered-by user;
        description "ECA rules";
        leaf order-id {
          type uint16;
          description
            "Number of order
                    in ordered list (ascending)";
        }

        leaf eca-rule-name {
          type string;
          description "name of rule";
        }

        leaf installer {
          type string;
          description
            "Id of I2RS client
                          that installs this rule.";
        }

        uses eca-event-matches;

        uses eca-ingress-actions;

        uses eca-qos-actions;

        uses eca-security-actions;

        uses eca-fwd-actions;

        uses eca-egress-actions;

        uses cfg-external-data;

        uses policy-conflict-resolution;
      }  // list eca-rules
    }  // grouping pkt-eca-policy-set

    grouping pkt-eca-opstate {
      description
        "pkt eca policy
          op-state main";
      uses groups-status;

      uses rule-group-link;

      uses rules_opstate;

      uses rules_opstats;
    }  // grouping pkt-eca-opstate

    container pkt-eca-policy-opstate {
      config false;
      description "operational state";
      uses pkt-eca-opstate;
    }  // container pkt-eca-policy-opstate
  }  // module ietf-pkt-eca-policy

Summary

  
  
Organization IETF I2RS WG
  
Module ietf-pkt-eca-policy
Version 2017-03-13
File ietf-pkt-eca-policy@2017-03-13.yang
  
Prefix pkt-eca-policy
Namespace urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy
  
Cooked /cookedmodules/ietf-pkt-eca-policy/2017-03-13
YANG /src/ietf-pkt-eca-policy@2017-03-13.yang
XSD /xsd/ietf-pkt-eca-policy@2017-03-13.xsd
  
Abstract This module describes a basic network policy model with filter per layer.
  
Contact
email: shares@ndzh.com
    email: russ.white@riw.com
    email: linda.dunbar@huawei.com
email: bill.wu@huawei.com

Description

 
This module describes a basic network policy
   model with filter per layer.

Groupings

Grouping Objects Abstract
cfg-external-data cfg-ext-data external data list
eca-condition-matches match-if-name l2-header-match-type L3-header-match-type l4-header-match-type l2-size-match l3-size-match l4-size-matchuser region state user-status pkt and user status matches
eca-egress-actions packet-rate byte-rate packet security actions
eca-event-matches hour minute second matches for events which include: time of day.
eca-fwd-actions interface-fwd nexthop-id sharing-flag nexthop-typerib-name next-hop-namedrop-packet ECA forwarding actions
eca-ingress-actions permit mirror ingress eca match
eca-pkt-matches match-if-namel2-header-match-typeL3-header-match-typel4-header-match-typel2-size-match l3-size-match l4-size-match ECA matches
eca-qos-actions cnt-actions qos-actions eca- qos actions
eca-security-actions actions-exist content actions for security. Needs more description.
groups-status group_opstate group to rules list
interface-actions interface-up interface-down interface-enable interface-disable interface action up/down and enable/disable
interface-match match-if-name interface has name, description, type, enabled as potential matches
ip-next-fwd rib-name next-hop-name ECA set or change packet Actions
ipv4-encapsulate-gre encapsulate ipv4-dest-address ipv4-source-address encapsulation actions for IPv4 headers
L2-802-1Q-header vlan-present qtag1-present qtag2-present dest-mac src-mac vlan-tag qtag1 qtag2 L2-ethertype This is short-term 802.1 header match which will be replaced by reference to IEEE yang when it arrives. Qtag 1 is 802.1Q Qtag2 is 802.1AD
L2-header-match l2-header-match-type The layer 2 header match includes any reference to L2 technology
l2-header-mod-actions l2-802-1Q l2-802-11 l2-802-15 set-vsid set-flowid vsi flow-idset-network-id network-idpop push mpls-label The layer 2 header match includes any reference to L2 technology
L2-mpls-mod-acts pop push mpls-label MPLS modify header actions
L2-NVGRE-header nvgre-header Grouping for L2 NVGRE header.
L2-NVGRE-mod-acts set-vsid set-flowid vsi flow-id L2-NVRE Actions
L2-VXLAN-header vxlan-header This VXLAN header may be replaced by actual VXLAN yang module reference
L2-VXLAN-mod-acts set-network-id network-id VXLAN header modification actions.
L3-header-actions l3-header-act-type actions to be performed on L3 header
L3-header-match L3-header-match-type match for L3 headers
L4-header-actions set-tcp-src-port set-tcp-dst-port tcp-s-port tcp-d-port seq-num ack-numset-udp-src-port set-udp-dst-port udp-s-port udp-d-portset-stcp-src-port set-stcp-dst-port set-stcp-chunk1 chunk-type-value chunk-flag-value chunk-len chunk-data-bzero L4 header matches
L4-header-match l4-header-match-type L4 header match type
packet-size-match l2-size-match l3-size-match l4-size-match packet size by layer only non-zero values are matched
pkt-eca-opstate group_opstaterule-grouprules_statusrule-stat pkt eca policy op-state main
pkt-eca-policy-set groups eca-rules Policy sets.
policy-conflict-resolution resolution-strategy policy conflict resolution strategies
rule-group-link rule-group rule-name to group link
rules_opstate rules_status rules operational state
rules_opstats rule-stat statistics on packet filter matches, and based on matches on many were modified and/or forwarded
rule_status rule-status rule-inactive-reason rule-install-reason rule-installer refcnt rule operational status
sctp-chunk chunk-type chunk-flag chunk-length chunk-data-byte-zero sctp chunck header match fields
sctp-header-action set-stcp-src-port set-stcp-dst-port set-stcp-chunk1 chunk-type-value chunk-flag-value chunk-len chunk-data-bzero sctp qos actions
sctp-header-match chunk-type chunk-flag chunk-length chunk-data-byte-zerostcp-src-port sctp-dst-port sctp-verify-tag SCTP header match values
tcp-header-action set-tcp-src-port set-tcp-dst-port tcp-s-port tcp-d-port seq-num ack-num Actions to modify TCP header
tcp-header-match tcp-src-port tcp-dst-port sequence-number ack-number match for TCP header
time-day-match hour minute second matches for time of day.
udp-header-action set-udp-src-port set-udp-dst-port udp-s-port udp-d-port actions to set values in UDP header
udp-header-match udp-src-port udp-dst-port match values for UDP header
user-status-matches user region state user-status user status matches - region, target, location

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
pkt-eca-policy-opstate container operational state
   group_opstate list group operational status
      grp-name leaf eca group name
      rules-installed leaf rules in group installed
      rules_status list rules per group
         rule-name leaf name of rule
         rule-order leaf rule-order
   rule-group list link between group and link
      group-name leaf group name
      rule-name leaf rule name
   rule-stat list list of operational statistics for each rule.
      bytes-dropped leaf number of packets that filter caused to be modified
      bytes-forwarded leaf number of packets that filter caused to be forwarded.
      pkts-dropped leaf number of packets that filter caused to be modified
      pkts-forwarded leaf number of packets that filter caused to be forwarded.
      pkts-matched leaf number of packets that matched filter
      pkts-modified leaf number of packets that filter caused to be modified
      rule-name leaf name of rule
      rule-order leaf order of rules
   rules_status list eca rule list
      refcnt leaf reference count on rule.
      rule-inactive-reason leaf description of why rule is inactive
      rule-install-reason leaf response on rule installed
      rule-installer leaf client id of installer
      rule-name leaf rule name
      rule-order leaf order of rules
      rule-status leaf status information free form string.