netconfcentral logo

openconfig-routing-policy

HTML

openconfig-routing-policy@2017-07-14



  module openconfig-routing-policy {

    yang-version 1;

    namespace
      "http://openconfig.net/yang/routing-policy";

    prefix oc-rpol;

    import openconfig-inet-types {
      prefix oc-inet;
    }
    import openconfig-interfaces {
      prefix oc-if;
    }
    import openconfig-policy-types {
      prefix oc-pol-types;
    }
    import openconfig-extensions {
      prefix oc-ext;
    }

    organization "OpenConfig working group";

    contact
      "OpenConfig working group
    netopenconfig@googlegroups.com";

    description
      "This module describes a YANG model for routing policy
    configuration. It is a limited subset of all of the policy
    configuration parameters available in the variety of vendor
    implementations, but supports widely used constructs for managing
    how routes are imported, exported, and modified across different
    routing protocols.  This module is intended to be used in
    conjunction with routing protocol configuration models (e.g.,
    BGP) defined in other modules.

    Route policy expression:

    Policies are expressed as a set of top-level policy definitions,
    each of which consists of a sequence of policy statements. Policy
    statements consist of simple condition-action tuples. Conditions
    may include mutiple match or comparison operations, and similarly
    actions may be multitude of changes to route attributes or a
    final disposition of accepting or rejecting the route.

    Route policy evaluation:

    Policy definitions are referenced in routing protocol
    configurations using import and export configuration statements.
    The arguments are members of an ordered list of named policy
    definitions which comprise a policy chain, and optionally, an
    explicit default policy action (i.e., reject or accept).

    Evaluation of each policy definition proceeds by evaluating its
    corresponding individual policy statements in order.  When a
    condition statement in a policy statement is satisfied, the
    corresponding action statement is executed.  If the action
    statement has either accept-route or reject-route actions, policy
    evaluation of the current policy definition stops, and no further
    policy definitions in the chain are evaluated.

    If the condition is not satisfied, then evaluation proceeds to
    the next policy statement.  If none of the policy statement
    conditions are satisfied, then evaluation of the current policy
    definition stops, and the next policy definition in the chain is
    evaluated.  When the end of the policy chain is reached, the
    default route disposition action is performed (i.e., reject-route
    unless an an alternate default action is specified for the
    chain).

    Policy 'subroutines' (or nested policies) are supported by
    allowing policy statement conditions to reference another policy
    definition which applies conditions and actions from the
    referenced policy before returning to the calling policy
    statement and resuming evaluation.  If the called policy
    results in an accept-route (either explicit or by default), then
    the subroutine returns an effective true value to the calling
    policy.  Similarly, a reject-route action returns false.  If the
    subroutine returns true, the calling policy continues to evaluate
    the remaining conditions (using a modified route if the
    subroutine performed any changes to the route).";

    revision "2017-07-14" {
      description
        "Replace policy choice node/type with policy-result
      enumeration;simplified defined set naming;removed generic
      IGP actions; migrate to OpenConfig types; added mode for
      prefix sets";
      reference
        "3.0.0";

    }

    revision "2016-05-12" {
      description
        "OpenConfig public release";
      reference
        "2.0.1";

    }

    oc-ext:openconfig-version "3.0.0";

    typedef default-policy-type {
      type enumeration {
        enum "ACCEPT_ROUTE" {
          value 0;
          description
            "Default policy to accept the route";
        }
        enum "REJECT_ROUTE" {
          value 1;
          description
            "Default policy to reject the route";
        }
      }
      description
        "Type used to specify route disposition in
      a policy chain";
    }

    typedef policy-result-type {
      type enumeration {
        enum "ACCEPT_ROUTE" {
          value 0;
          description
            "Policy accepts the route";
        }
        enum "REJECT_ROUTE" {
          value 1;
          description
            "Policy rejects the route";
        }
      }
      description
        "Type used to specify route disposition in
      a policy chain";
    }

    grouping prefix-set-config {
      description
        "Configuration data for prefix sets used in policy
      definitions.";
      leaf name {
        type string;
        description
          "name / label of the prefix set -- this is used to
        reference the set in match conditions";
      }

      leaf mode {
        type enumeration {
          enum "IPV4" {
            value 0;
            description
              "Prefix set contains IPv4 prefixes only";
          }
          enum "IPV6" {
            value 1;
            description
              "Prefix set contains IPv6 prefixes only";
          }
          enum "MIXED" {
            value 2;
            description
              "Prefix set contains mixed IPv4 and IPv6 prefixes";
          }
        }
        description
          "Indicates the mode of the prefix set, in terms of which
        address families (IPv4, IPv6, or both) are present.  The
        mode provides a hint, but the device must validate that all
        prefixes are of the indicated type, and is expected to
        reject the configuration if there is a discrepancy.  The
        MIXED mode may not be supported on devices that require
        prefix sets to be of only one address family.";
      }
    }  // grouping prefix-set-config

    grouping prefix-set-state {
      description
        "Operational state data for prefix sets";
    }  // grouping prefix-set-state

    grouping prefix-set-top {
      description
        "Top-level data definitions for a list of IPv4 or IPv6
      prefixes which are matched as part of a policy";
      container prefix-sets {
        description "Enclosing container ";
        list prefix-set {
          key "name";
          description
            "List of the defined prefix sets";
          leaf name {
            type leafref {
              path "../config/name";
            }
            description
              "Reference to prefix name list key";
          }

          container config {
            description
              "Configuration data for prefix sets";
            uses prefix-set-config;
          }  // container config

          container state {
            config false;
            description
              "Operational state data ";
            uses prefix-set-config;

            uses prefix-set-state;
          }  // container state

          uses prefix-top;
        }  // list prefix-set
      }  // container prefix-sets
    }  // grouping prefix-set-top

    grouping prefix-config {
      description
        "Configuration data for a prefix definition";
      leaf ip-prefix {
        type oc-inet:ip-prefix;
        mandatory true;
        description
          "The prefix member in CIDR notation -- while the
        prefix may be either IPv4 or IPv6, most
        implementations require all members of the prefix set
        to be the same address family.  Mixing address types in
        the same prefix set is likely to cause an error.";
      }

      leaf masklength-range {
        type string {
          pattern
            '^([0-9]+\.\.[0-9]+)|exact$';
        }
        description
          "Defines a range for the masklength, or 'exact' if
        the prefix has an exact length.

        Example: 10.3.192.0/21 through 10.3.192.0/24 would be
        expressed as prefix: 10.3.192.0/21,
        masklength-range: 21..24.

        Example: 10.3.192.0/21 would be expressed as
        prefix: 10.3.192.0/21,
        masklength-range: exact";
      }
    }  // grouping prefix-config

    grouping prefix-state {
      description
        "Operational state data for prefix definitions";
    }  // grouping prefix-state

    grouping prefix-top {
      description
        "Top-level grouping for prefixes in a prefix list";
      container prefixes {
        description
          "Enclosing container for the list of prefixes in a policy
        prefix list";
        list prefix {
          key "ip-prefix masklength-range";
          description
            "List of prefixes in the prefix set";
          leaf ip-prefix {
            type leafref {
              path "../config/ip-prefix";
            }
            description
              "Reference to the ip-prefix list key.";
          }

          leaf masklength-range {
            type leafref {
              path
                "../config/masklength-range";
            }
            description
              "Reference to the masklength-range list key";
          }

          container config {
            description
              "Configuration data for prefix definition";
            uses prefix-config;
          }  // container config

          container state {
            config false;
            description
              "Operational state data for prefix definition";
            uses prefix-config;

            uses prefix-state;
          }  // container state
        }  // list prefix
      }  // container prefixes
    }  // grouping prefix-top

    grouping neighbor-set-config {
      description
        "Configuration data for neighbor set definitions";
      leaf name {
        type string;
        description
          "name / label of the neighbor set -- this is used to
          reference the set in match conditions";
      }

      leaf-list address {
        type oc-inet:ip-address;
        description
          "List of IP addresses in the neighbor set";
      }
    }  // grouping neighbor-set-config

    grouping neighbor-set-state {
      description
        "Operational state data for neighbor set definitions";
    }  // grouping neighbor-set-state

    grouping neighbor-set-top {
      description
        "Top-level data definition for a list of IPv4 or IPv6
      neighbors which can be matched in a routing policy";
      container neighbor-sets {
        description
          "Enclosing container for the list of neighbor set
        definitions";
        list neighbor-set {
          key "name";
          description
            "List of defined neighbor sets for use in policies.";
          leaf name {
            type leafref {
              path "../config/name";
            }
            description
              "Reference to the neighbor set name list key.";
          }

          container config {
            description
              "Configuration data for neighbor sets.";
            uses neighbor-set-config;
          }  // container config

          container state {
            config false;
            description
              "Operational state data for neighbor sets.";
            uses neighbor-set-config;

            uses neighbor-set-state;
          }  // container state
        }  // list neighbor-set
      }  // container neighbor-sets
    }  // grouping neighbor-set-top

    grouping tag-set-config {
      description
        "Configuration data for tag set definitions.";
      leaf name {
        type string;
        description
          "name / label of the tag set -- this is used to reference
        the set in match conditions";
      }

      leaf-list tag-value {
        type oc-pol-types:tag-type;
        description
          "Value of the tag set member";
      }
    }  // grouping tag-set-config

    grouping tag-set-state {
      description
        "Operational state data for tag set definitions.";
    }  // grouping tag-set-state

    grouping tag-set-top {
      description
        "Top-level data definitions for a list of tags which can
      be matched in policies";
      container tag-sets {
        description
          "Enclosing container for the list of tag sets.";
        list tag-set {
          key "name";
          description
            "List of tag set definitions.";
          leaf name {
            type leafref {
              path "../config/name";
            }
            description
              "Reference to the tag set name list key";
          }

          container config {
            description
              "Configuration data for tag sets";
            uses tag-set-config;
          }  // container config

          container state {
            config false;
            description
              "Operational state data for tag sets";
            uses tag-set-config;

            uses tag-set-state;
          }  // container state
        }  // list tag-set
      }  // container tag-sets
    }  // grouping tag-set-top

    grouping generic-defined-sets {
      description
        "Data definitions for pre-defined sets of attributes used in
      policy match conditions.  These sets are generic and can
      be used in matching conditions in different routing
      protocols.";
      uses prefix-set-top;

      uses neighbor-set-top;

      uses tag-set-top;
    }  // grouping generic-defined-sets

    grouping match-set-options-group {
      description
        "Grouping containing options relating to how a particular set
      should be matched";
      leaf match-set-options {
        type oc-pol-types:match-set-options-type;
        description
          "Optional parameter that governs the behaviour of the
        match operation";
      }
    }  // grouping match-set-options-group

    grouping match-set-options-restricted-group {
      description
        "Grouping for a restricted set of match operation modifiers";
      leaf match-set-options {
        type oc-pol-types:match-set-options-restricted-type;
        description
          "Optional parameter that governs the behaviour of the
        match operation.  This leaf only supports matching on ANY
        member of the set or inverting the match.  Matching on ALL is
        not supported";
      }
    }  // grouping match-set-options-restricted-group

    grouping match-interface-condition-config {
      description
        "Configuration data for interface match condition";
      uses oc-if:interface-ref-common;
    }  // grouping match-interface-condition-config

    grouping match-interface-condition-state {
      description
        "Operational state data for interface match condition";
    }  // grouping match-interface-condition-state

    grouping match-interface-condition-top {
      description
        "Top-level grouping for the interface match condition";
      container match-interface {
        description
          "Top-level container for interface match conditions";
        container config {
          description
            "Configuration data for interface match conditions";
          uses match-interface-condition-config;
        }  // container config

        container state {
          config false;
          description
            "Operational state data for interface match conditions";
          uses match-interface-condition-config;

          uses match-interface-condition-state;
        }  // container state
      }  // container match-interface
    }  // grouping match-interface-condition-top

    grouping prefix-set-condition-config {
      description
        "Configuration data for prefix-set conditions";
      leaf prefix-set {
        type leafref {
          path
            "../../../../../../../../defined-sets/"
              + "prefix-sets/prefix-set/config/name";
        }
        description
          "References a defined prefix set";
      }

      uses match-set-options-restricted-group;
    }  // grouping prefix-set-condition-config

    grouping prefix-set-condition-state {
      description
        "Operational state data for prefix-set conditions";
    }  // grouping prefix-set-condition-state

    grouping prefix-set-condition-top {
      description
        "Top-level grouping for prefix-set conditions";
      container match-prefix-set {
        description
          "Match a referenced prefix-set according to the logic
        defined in the match-set-options leaf";
        container config {
          description
            "Configuration data for a prefix-set condition";
          uses prefix-set-condition-config;
        }  // container config

        container state {
          config false;
          description
            "Operational state data for a prefix-set condition";
          uses prefix-set-condition-config;

          uses prefix-set-condition-state;
        }  // container state
      }  // container match-prefix-set
    }  // grouping prefix-set-condition-top

    grouping neighbor-set-condition-config {
      description
        "Configuration data for neighbor-set conditions";
      leaf neighbor-set {
        type leafref {
          path
            "../../../../../../../../defined-sets/neighbor-sets/"
              + "neighbor-set/name";
        }
        description
          "References a defined neighbor set";
      }

      uses match-set-options-restricted-group;
    }  // grouping neighbor-set-condition-config

    grouping neighbor-set-condition-state {
      description
        "Operational state data for neighbor-set conditions";
    }  // grouping neighbor-set-condition-state

    grouping neighbor-set-condition-top {
      description
        "Top-level grouping for neighbor-set conditions";
      container match-neighbor-set {
        description
          "Match a referenced neighbor set according to the logic
        defined in the match-set-options-leaf";
        container config {
          description "Configuration data ";
          uses neighbor-set-condition-config;
        }  // container config

        container state {
          config false;
          description
            "Operational state data ";
          uses neighbor-set-condition-config;

          uses neighbor-set-condition-state;
        }  // container state
      }  // container match-neighbor-set
    }  // grouping neighbor-set-condition-top

    grouping tag-set-condition-config {
      description
        "Configuration data for tag-set condition statements";
      leaf tag-set {
        type leafref {
          path
            "../../../../../../../../defined-sets/tag-sets/tag-set"
              + "/name";
        }
        description
          "References a defined tag set";
      }

      uses match-set-options-restricted-group;
    }  // grouping tag-set-condition-config

    grouping tag-set-condition-state {
      description
        "Operational state data for tag-set condition statements";
    }  // grouping tag-set-condition-state

    grouping tag-set-condition-top {
      description
        "Top-level grouping for tag-set conditions";
      container match-tag-set {
        description
          "Match a referenced tag set according to the logic defined
        in the match-options-set leaf";
        container config {
          description
            "Configuration data for tag-set conditions";
          uses tag-set-condition-config;
        }  // container config

        container state {
          config false;
          description
            "Operational state data tag-set conditions";
          uses tag-set-condition-config;

          uses tag-set-condition-state;
        }  // container state
      }  // container match-tag-set
    }  // grouping tag-set-condition-top

    grouping generic-conditions {
      description
        "Condition statement definitions for checking
    membership in a generic defined set";
      uses match-interface-condition-top;

      uses prefix-set-condition-top;

      uses neighbor-set-condition-top;

      uses tag-set-condition-top;
    }  // grouping generic-conditions

    grouping generic-actions {
      description
        "Definitions for common set of policy action statements that
      manage the disposition or control flow of the policy";
      leaf policy-result {
        type policy-result-type;
        description
          "Select the final disposition for the route, either
        accept or reject.";
      }
    }  // grouping generic-actions

    grouping policy-conditions-config {
      description
        "Configuration data for general policy conditions, i.e., those
      not related to match-sets";
      leaf call-policy {
        type leafref {
          path
            "../../../../../../../"
              + "oc-rpol:policy-definitions/"
              + "oc-rpol:policy-definition/oc-rpol:name";
        }
        description
          "Applies the statements from the specified policy
          definition and then returns control the current
          policy statement. Note that the called policy may
          itself call other policies (subject to
          implementation limitations). This is intended to
          provide a policy 'subroutine' capability.  The
          called policy should contain an explicit or a
          default route disposition that returns an
          effective true (accept-route) or false
          (reject-route), otherwise the behavior may be
          ambiguous and implementation dependent";
      }

      leaf install-protocol-eq {
        type identityref {
          base oc-pol-types:INSTALL_PROTOCOL_TYPE;
        }
        description
          "Condition to check the protocol / method used to install
          the route into the local routing table";
      }
    }  // grouping policy-conditions-config

    grouping policy-conditions-state {
      description
        "Operational state data for policy conditions";
    }  // grouping policy-conditions-state

    grouping policy-conditions-top {
      description
        "Top-level grouping for policy conditions";
      container conditions {
        description
          "Condition statements for the current policy statement";
        container config {
          description
            "Configuration data for policy conditions";
          uses policy-conditions-config;
        }  // container config

        container state {
          config false;
          description
            "Operational state data for policy conditions";
          uses policy-conditions-config;

          uses policy-conditions-state;
        }  // container state

        uses generic-conditions;
      }  // container conditions
    }  // grouping policy-conditions-top

    grouping policy-statements-config {
      description
        "Configuration data for policy statements";
      leaf name {
        type string;
        description
          "name of the policy statement";
      }
    }  // grouping policy-statements-config

    grouping policy-statements-state {
      description
        "Operational state data for policy statements";
    }  // grouping policy-statements-state

    grouping policy-actions-config {
      description
        "Configuration data for policy actions";
      uses generic-actions;
    }  // grouping policy-actions-config

    grouping policy-actions-state {
      description
        "Operational state data for policy actions";
    }  // grouping policy-actions-state

    grouping policy-actions-top {
      description
        "Top-level grouping for policy actions";
      container actions {
        description
          "Top-level container for policy action statements";
        container config {
          description
            "Configuration data for policy actions";
          uses policy-actions-config;
        }  // container config

        container state {
          config false;
          description
            "Operational state data for policy actions";
          uses policy-actions-config;

          uses policy-actions-state;
        }  // container state
      }  // container actions
    }  // grouping policy-actions-top

    grouping policy-statements-top {
      description
        "Top-level grouping for the policy statements list";
      container statements {
        description
          "Enclosing container for policy statements";
        list statement {
          key "name";
          ordered-by user;
          description
            "Policy statements group conditions and actions
          within a policy definition.  They are evaluated in
          the order specified (see the description of policy
          evaluation at the top of this module.";
          leaf name {
            type leafref {
              path "../config/name";
            }
            description
              "Reference to list key";
          }

          container config {
            description
              "Configuration data for policy statements";
            uses policy-statements-config;
          }  // container config

          container state {
            config false;
            description
              "Operational state data for policy statements";
            uses policy-statements-config;

            uses policy-statements-state;
          }  // container state

          uses policy-conditions-top;

          uses policy-actions-top;
        }  // list statement
      }  // container statements
    }  // grouping policy-statements-top

    grouping defined-sets-top {
      description
        "Top-level grouping for defined set definitions";
      container defined-sets {
        description
          "Predefined sets of attributes used in policy match
        statements";
        uses generic-defined-sets;
      }  // container defined-sets
    }  // grouping defined-sets-top

    grouping policy-definitions-config {
      description
        "Configuration data for policy definitions";
      leaf name {
        type string;
        description
          "Name of the top-level policy definition -- this name
        is used in references to the current policy";
      }
    }  // grouping policy-definitions-config

    grouping policy-definitions-state {
      description
        "Operational state data for policy definitions";
    }  // grouping policy-definitions-state

    grouping policy-definitions-top {
      description
        "Top-level grouping for the policy definition list";
      container policy-definitions {
        description
          "Enclosing container for the list of top-level policy
          definitions";
        list policy-definition {
          key "name";
          description
            "List of top-level policy definitions, keyed by unique
          name.  These policy definitions are expected to be
          referenced (by name) in policy chains specified in import
          or export configuration statements.";
          leaf name {
            type leafref {
              path "../config/name";
            }
            description
              "Reference to the list key";
          }

          container config {
            description
              "Configuration data for policy defintions";
            uses policy-definitions-config;
          }  // container config

          container state {
            config false;
            description
              "Operational state data for policy definitions";
            uses policy-definitions-config;

            uses policy-definitions-state;
          }  // container state

          uses policy-statements-top;
        }  // list policy-definition
      }  // container policy-definitions
    }  // grouping policy-definitions-top

    grouping routing-policy-top {
      description
        "Top level container for OpenConfig routing policy";
      container routing-policy {
        description
          "Top-level container for all routing policy configuration";
        uses defined-sets-top;

        uses policy-definitions-top;
      }  // container routing-policy
    }  // grouping routing-policy-top

    grouping apply-policy-import-config {
      description
        "Configuration data for applying import policies";
      leaf-list import-policy {
        type leafref {
          path
            "/oc-rpol:routing-policy/oc-rpol:policy-definitions/"
              + "oc-rpol:policy-definition/oc-rpol:name";
        }
        ordered-by user;
        description
          "list of policy names in sequence to be applied on
        receiving a routing update in the current context, e.g.,
        for the current peer group, neighbor, address family,
        etc.";
      }

      leaf default-import-policy {
        type default-policy-type;
        default 'REJECT_ROUTE';
        description
          "explicitly set a default policy if no policy definition
        in the import policy chain is satisfied.";
      }
    }  // grouping apply-policy-import-config

    grouping apply-policy-export-config {
      description
        "Configuration data for applying export policies";
      leaf-list export-policy {
        type leafref {
          path
            "/oc-rpol:routing-policy/oc-rpol:policy-definitions/"
              + "oc-rpol:policy-definition/oc-rpol:name";
        }
        ordered-by user;
        description
          "list of policy names in sequence to be applied on
        sending a routing update in the current context, e.g.,
        for the current peer group, neighbor, address family,
        etc.";
      }

      leaf default-export-policy {
        type default-policy-type;
        default 'REJECT_ROUTE';
        description
          "explicitly set a default policy if no policy definition
        in the export policy chain is satisfied.";
      }
    }  // grouping apply-policy-export-config

    grouping apply-policy-config {
      description
        "Configuration data for routing policies";
      uses apply-policy-import-config;

      uses apply-policy-export-config;
    }  // grouping apply-policy-config

    grouping apply-policy-state {
      description
        "Operational state associated with routing policy";
    }  // grouping apply-policy-state

    grouping apply-policy-group {
      description
        "Top level container for routing policy applications. This
      grouping is intended to be used in routing models where
      needed.";
      container apply-policy {
        description
          "Anchor point for routing policies in the model.
        Import and export policies are with respect to the local
        routing table, i.e., export (send) and import (receive),
        depending on the context.";
        container config {
          description
            "Policy configuration data.";
          uses apply-policy-config;
        }  // container config

        container state {
          config false;
          description
            "Operational state for routing policy";
          uses apply-policy-config;

          uses apply-policy-state;
        }  // container state
      }  // container apply-policy
    }  // grouping apply-policy-group

    uses routing-policy-top;
  }  // module openconfig-routing-policy

Summary

  
  
Organization OpenConfig working group
  
Module openconfig-routing-policy
Version 2017-07-14
File openconfig-routing-policy.yang
  
Prefix oc-rpol
Namespace http://openconfig.net/yang/routing-policy
  
Cooked /cookedmodules/openconfig-routing-policy/2017-07-14
YANG /src/openconfig-routing-policy@2017-07-14.yang
XSD /xsd/openconfig-routing-policy@2017-07-14.xsd
  
Abstract This module describes a YANG model for routing policy configuration. It is a limited subset of all of the policy configuration p...
  
Contact
OpenConfig working group
netopenconfig@googlegroups.com

Description

 
This module describes a YANG model for routing policy
configuration. It is a limited subset of all of the policy
configuration parameters available in the variety of vendor
implementations, but supports widely used constructs for managing
how routes are imported, exported, and modified across different
routing protocols.  This module is intended to be used in
conjunction with routing protocol configuration models (e.g.,
BGP) defined in other modules.

Route policy expression:

Policies are expressed as a set of top-level policy definitions,
each of which consists of a sequence of policy statements. Policy
statements consist of simple condition-action tuples. Conditions
may include mutiple match or comparison operations, and similarly
actions may be multitude of changes to route attributes or a
final disposition of accepting or rejecting the route.

Route policy evaluation:

Policy definitions are referenced in routing protocol
configurations using import and export configuration statements.
The arguments are members of an ordered list of named policy
definitions which comprise a policy chain, and optionally, an
explicit default policy action (i.e., reject or accept).

Evaluation of each policy definition proceeds by evaluating its
corresponding individual policy statements in order.  When a
condition statement in a policy statement is satisfied, the
corresponding action statement is executed.  If the action
statement has either accept-route or reject-route actions, policy
evaluation of the current policy definition stops, and no further
policy definitions in the chain are evaluated.

If the condition is not satisfied, then evaluation proceeds to
the next policy statement.  If none of the policy statement
conditions are satisfied, then evaluation of the current policy
definition stops, and the next policy definition in the chain is
evaluated.  When the end of the policy chain is reached, the
default route disposition action is performed (i.e., reject-route
unless an an alternate default action is specified for the
chain).

Policy 'subroutines' (or nested policies) are supported by
allowing policy statement conditions to reference another policy
definition which applies conditions and actions from the
referenced policy before returning to the calling policy
statement and resuming evaluation.  If the called policy
results in an accept-route (either explicit or by default), then
the subroutine returns an effective true value to the calling
policy.  Similarly, a reject-route action returns false.  If the
subroutine returns true, the calling policy continues to evaluate
the remaining conditions (using a modified route if the
subroutine performed any changes to the route).

Typedefs

Typedef Base type Abstract
default-policy-type enumeration Type used to specify route disposition in a policy chain
policy-result-type enumeration Type used to specify route disposition in a policy chain

Groupings

Grouping Objects Abstract
apply-policy-config import-policy default-import-policyexport-policy default-export-policy Configuration data for routing policies
apply-policy-export-config export-policy default-export-policy Configuration data for applying export policies
apply-policy-group apply-policy Top level container for routing policy applications. This grouping is intended to be used in routing models where needed.
apply-policy-import-config import-policy default-import-policy Configuration data for applying import policies
apply-policy-state Operational state associated with routing policy
defined-sets-top defined-sets Top-level grouping for defined set definitions
generic-actions policy-result Definitions for common set of policy action statements that manage the disposition or control flow of the policy
generic-conditions match-interfacematch-prefix-setmatch-neighbor-setmatch-tag-set Condition statement definitions for checking membership in a generic defined set
generic-defined-sets prefix-setsneighbor-setstag-sets Data definitions for pre-defined sets of attributes used in policy match conditions. These sets are generic and can be used in matching conditions in different routing protocols.
match-interface-condition-config interface subinterface Configuration data for interface match condition
match-interface-condition-state Operational state data for interface match condition
match-interface-condition-top match-interface Top-level grouping for the interface match condition
match-set-options-group match-set-options Grouping containing options relating to how a particular set should be matched
match-set-options-restricted-group match-set-options Grouping for a restricted set of match operation modifiers
neighbor-set-condition-config neighbor-set match-set-options Configuration data for neighbor-set conditions
neighbor-set-condition-state Operational state data for neighbor-set conditions
neighbor-set-condition-top match-neighbor-set Top-level grouping for neighbor-set conditions
neighbor-set-config name address Configuration data for neighbor set definitions
neighbor-set-state Operational state data for neighbor set definitions
neighbor-set-top neighbor-sets Top-level data definition for a list of IPv4 or IPv6 neighbors which can be matched in a routing policy
policy-actions-config policy-result Configuration data for policy actions
policy-actions-state Operational state data for policy actions
policy-actions-top actions Top-level grouping for policy actions
policy-conditions-config call-policy install-protocol-eq Configuration data for general policy conditions, i.e., those not related to match-sets
policy-conditions-state Operational state data for policy conditions
policy-conditions-top conditions Top-level grouping for policy conditions
policy-definitions-config name Configuration data for policy definitions
policy-definitions-state Operational state data for policy definitions
policy-definitions-top policy-definitions Top-level grouping for the policy definition list
policy-statements-config name Configuration data for policy statements
policy-statements-state Operational state data for policy statements
policy-statements-top statements Top-level grouping for the policy statements list
prefix-config ip-prefix masklength-range Configuration data for a prefix definition
prefix-set-condition-config prefix-set match-set-options Configuration data for prefix-set conditions
prefix-set-condition-state Operational state data for prefix-set conditions
prefix-set-condition-top match-prefix-set Top-level grouping for prefix-set conditions
prefix-set-config name mode Configuration data for prefix sets used in policy definitions.
prefix-set-state Operational state data for prefix sets
prefix-set-top prefix-sets Top-level data definitions for a list of IPv4 or IPv6 prefixes which are matched as part of a policy
prefix-state Operational state data for prefix definitions
prefix-top prefixes Top-level grouping for prefixes in a prefix list
routing-policy-top routing-policy Top level container for OpenConfig routing policy
tag-set-condition-config tag-set match-set-options Configuration data for tag-set condition statements
tag-set-condition-state Operational state data for tag-set condition statements
tag-set-condition-top match-tag-set Top-level grouping for tag-set conditions
tag-set-config name tag-value Configuration data for tag set definitions.
tag-set-state Operational state data for tag set definitions.
tag-set-top tag-sets Top-level data definitions for a list of tags which can be matched in policies

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
routing-policy container Top-level container for all routing policy configuration
   defined-sets container Predefined sets of attributes used in policy match statements
      neighbor-sets container Enclosing container for the list of neighbor set definitions
         neighbor-set list List of defined neighbor sets for use in policies.
            config container Configuration data for neighbor sets.
               address leaf-list List of IP addresses in the neighbor set
               name leaf name / label of the neighbor set -- this is used to reference the set in match conditions
            name leaf Reference to the neighbor set name list key.
            state container Operational state data for neighbor sets.
               address leaf-list List of IP addresses in the neighbor set
               name leaf name / label of the neighbor set -- this is used to reference the set in match conditions
      prefix-sets container Enclosing container
         prefix-set list List of the defined prefix sets
            config container Configuration data for prefix sets
               mode leaf Indicates the mode of the prefix set, in terms of which address families (IPv4, IPv6, or both) are present. The mode provides a hint, but the device must validate that all prefixes are of the indicated type, and is expected to reject the configuration if...
               name leaf name / label of the prefix set -- this is used to reference the set in match conditions
            name leaf Reference to prefix name list key
            prefixes container Enclosing container for the list of prefixes in a policy prefix list
               prefix list List of prefixes in the prefix set
                  config container Configuration data for prefix definition
                     ip-prefix leaf The prefix member in CIDR notation -- while the prefix may be either IPv4 or IPv6, most implementations require all members of the prefix set to be the same address family. Mixing address types in the same prefix set is likely to cause an error.
                     masklength-range leaf Defines a range for the masklength, or 'exact' if the prefix has an exact length. Example: 10.3.192.0/21 through 10.3.192.0/24 would be expressed as prefix: 10.3.192.0/21, masklength-range: 21..24. Example: 10.3.192.0/21 would be expressed as prefix: 10...
                  ip-prefix leaf Reference to the ip-prefix list key.
                  masklength-range leaf Reference to the masklength-range list key
                  state container Operational state data for prefix definition
                     ip-prefix leaf The prefix member in CIDR notation -- while the prefix may be either IPv4 or IPv6, most implementations require all members of the prefix set to be the same address family. Mixing address types in the same prefix set is likely to cause an error.
                     masklength-range leaf Defines a range for the masklength, or 'exact' if the prefix has an exact length. Example: 10.3.192.0/21 through 10.3.192.0/24 would be expressed as prefix: 10.3.192.0/21, masklength-range: 21..24. Example: 10.3.192.0/21 would be expressed as prefix: 10...
            state container Operational state data
               mode leaf Indicates the mode of the prefix set, in terms of which address families (IPv4, IPv6, or both) are present. The mode provides a hint, but the device must validate that all prefixes are of the indicated type, and is expected to reject the configuration if...
               name leaf name / label of the prefix set -- this is used to reference the set in match conditions
      tag-sets container Enclosing container for the list of tag sets.
         tag-set list List of tag set definitions.
            config container Configuration data for tag sets
               name leaf name / label of the tag set -- this is used to reference the set in match conditions
               tag-value leaf-list Value of the tag set member
            name leaf Reference to the tag set name list key
            state container Operational state data for tag sets
               name leaf name / label of the tag set -- this is used to reference the set in match conditions
               tag-value leaf-list Value of the tag set member
   policy-definitions container Enclosing container for the list of top-level policy definitions
      policy-definition list List of top-level policy definitions, keyed by unique name. These policy definitions are expected to be referenced (by name) in policy chains specified in import or export configuration statements.
         config container Configuration data for policy defintions
            name leaf Name of the top-level policy definition -- this name is used in references to the current policy
         name leaf Reference to the list key
         state container Operational state data for policy definitions
            name leaf Name of the top-level policy definition -- this name is used in references to the current policy
         statements container Enclosing container for policy statements
            statement list Policy statements group conditions and actions within a policy definition. They are evaluated in the order specified (see the description of policy evaluation at the top of this module.
               actions container Top-level container for policy action statements
                  config container Configuration data for policy actions
                     policy-result leaf Select the final disposition for the route, either accept or reject.
                  state container Operational state data for policy actions
                     policy-result leaf Select the final disposition for the route, either accept or reject.
               conditions container Condition statements for the current policy statement
                  config container Configuration data for policy conditions
                     call-policy leaf Applies the statements from the specified policy definition and then returns control the current policy statement. Note that the called policy may itself call other policies (subject to implementation limitations). This is intended to provide a policy 'su...
                     install-protocol-eq leaf Condition to check the protocol / method used to install the route into the local routing table
                  match-interface container Top-level container for interface match conditions
                     config container Configuration data for interface match conditions
                        interface leaf Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface.
                        subinterface leaf Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set.
                     state container Operational state data for interface match conditions
                        interface leaf Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface.
                        subinterface leaf Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set.
                  match-neighbor-set container Match a referenced neighbor set according to the logic defined in the match-set-options-leaf
                     config container Configuration data
                        match-set-options leaf Optional parameter that governs the behaviour of the match operation. This leaf only supports matching on ANY member of the set or inverting the match. Matching on ALL is not supported
                        neighbor-set leaf References a defined neighbor set
                     state container Operational state data
                        match-set-options leaf Optional parameter that governs the behaviour of the match operation. This leaf only supports matching on ANY member of the set or inverting the match. Matching on ALL is not supported
                        neighbor-set leaf References a defined neighbor set
                  match-prefix-set container Match a referenced prefix-set according to the logic defined in the match-set-options leaf
                     config container Configuration data for a prefix-set condition
                        match-set-options leaf Optional parameter that governs the behaviour of the match operation. This leaf only supports matching on ANY member of the set or inverting the match. Matching on ALL is not supported
                        prefix-set leaf References a defined prefix set
                     state container Operational state data for a prefix-set condition
                        match-set-options leaf Optional parameter that governs the behaviour of the match operation. This leaf only supports matching on ANY member of the set or inverting the match. Matching on ALL is not supported
                        prefix-set leaf References a defined prefix set
                  match-tag-set container Match a referenced tag set according to the logic defined in the match-options-set leaf
                     config container Configuration data for tag-set conditions
                        match-set-options leaf Optional parameter that governs the behaviour of the match operation. This leaf only supports matching on ANY member of the set or inverting the match. Matching on ALL is not supported
                        tag-set leaf References a defined tag set
                     state container Operational state data tag-set conditions
                        match-set-options leaf Optional parameter that governs the behaviour of the match operation. This leaf only supports matching on ANY member of the set or inverting the match. Matching on ALL is not supported
                        tag-set leaf References a defined tag set
                  state container Operational state data for policy conditions
                     call-policy leaf Applies the statements from the specified policy definition and then returns control the current policy statement. Note that the called policy may itself call other policies (subject to implementation limitations). This is intended to provide a policy 'su...
                     install-protocol-eq leaf Condition to check the protocol / method used to install the route into the local routing table
               config container Configuration data for policy statements
                  name leaf name of the policy statement
               name leaf Reference to list key
               state container Operational state data for policy statements
                  name leaf name of the policy statement