netconfcentral logo

ietf-dots-data-channel@2017-12-08



  module ietf-dots-data-channel {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-dots-data-channel";

    prefix data-channel;

    import ietf-inet-types {
      prefix inet;
    }
    import ietf-access-control-list {
      prefix ietf-acl;
    }

    organization "IETF DOTS Working Group";

    contact
      "Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
     Mohamed Boucadair <mohamed.boucadair@orange.com>
     Kaname Nishizuka <kaname@nttv6.jp>
     Liang Xia <frank.xialiang@huawei.com>
     Prashanth Patil <praspati@cisco.com>
     Andrew Mortensen <amortensen@arbor.net>
     Nik Teague <nteague@verisign.com>";

    description
      "This module contains YANG definition for configuring
     identifiers for resources and filtering rules using DOTS
     data channel.

     Copyright (c) 2017 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the Simplified BSD License
     set forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (http://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX; see
     the RFC itself for full legal notices.";

    revision "2017-12-08" {
      description "Initial revision.";
      reference
        "RFC XXXX: Distributed Denial-of-Service Open Threat
        	  Signaling (DOTS) Data Channel";

    }


    container identifier {
      description
        "Top level container for identifiers";
      leaf-list client-identifier {
        type binary;
        description
          "A client identifier conveyed by a
         DOTS gateway to a remote DOTS server.";
        reference
          "I-D.itef-dots-signal-channel: Distributed Denial-of-Service
          	     Open Threat Signaling (DOTS) Signal Channel";

      }

      list alias {
        key "alias-name";
        description "List of identifiers";
        leaf alias-name {
          type string;
          description "alias name";
        }

        leaf-list target-ip {
          type inet:ip-address;
          description
            "IPv4 or IPv6 address identifying the target.";
        }

        leaf-list target-prefix {
          type inet:ip-prefix;
          description
            "IPv4 or IPv6 prefix identifying the target.";
        }

        list target-port-range {
          key "lower-port upper-port";
          description
            "Port range. When only lower-port is
           present, it represents a single port.";
          leaf lower-port {
            type inet:port-number;
            mandatory true;
            description "Lower port number.";
          }

          leaf upper-port {
            type inet:port-number;
            must ". >= ../lower-port" {
              error-message
                "The upper port number must be greater than
                or equal to lower port number.";
            }
            description "Upper port number.";
          }
        }  // list target-port-range

        leaf-list target-protocol {
          type uint8;
          description
            "Identifies the target protocol number.

           The value '0' means 'all protocols'.

           Values are taken from the IANA protocol registry:
           https://www.iana.org/assignments/protocol-numbers/
           protocol-numbers.xhtml

           For example, 6 for a TCP or 17 for UDP.";
        }

        leaf-list target-fqdn {
          type inet:domain-name;
          description
            "FQDN identifying the target.";
        }

        leaf-list target-uri {
          type inet:uri;
          description
            "URI identifying the target.";
        }
      }  // list alias
    }  // container identifier

    augment /ietf-acl:access-lists {
      description
        "client-identifier parameter.";
      leaf-list client-identifier {
        type binary;
        description
          "A client identifier conveyed by a DOTS gateway
         to a remote DOTS server.";
      }
    }

    augment /ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/ietf-acl:ace/ietf-acl:actions {
      description "rate-limit action";
      leaf rate-limit {
        when
          "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/"
            + "ietf-acl:ace/ietf-acl:actions/"
            + "ietf-acl:forwarding = 'ietf-acl:accept'" {
          description
            "rate-limit valid only when accept action is used";
        }
        type decimal64 {
          fraction-digits 2;
        }
        description "rate-limit traffic";
      }
    }

    augment /ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/ietf-acl:ace/ietf-acl:matches/ietf-acl:ipv4-acl {
      description
        "Handle non-initial and initial fragments for IPv4 packets.";
      leaf fragments {
        type empty;
        description "Handle fragments.";
      }
    }

    augment /ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/ietf-acl:ace/ietf-acl:matches/ietf-acl:ipv6-acl {
      description
        "Handle non-initial and initial fragments for IPv6 packets.";
      leaf fragments {
        type empty;
        description "Handle fragments.";
      }
    }

    augment /ietf-acl:access-lists {
      description
        "Handle ordering of ACLs from a DOTS client";
      container dots-acl-order {
        description
          "Enclosing container for ordering
         the ACLs from a DOTS client";
        list acl-set {
          key "set-name type";
          ordered-by user;
          description "List of ACLs";
          leaf set-name {
            type leafref {
              path
                "/ietf-acl:access-lists/ietf-acl:acl"
                  + "/ietf-acl:acl-name";
            }
            description
              "Reference to the ACL set name";
          }

          leaf type {
            type leafref {
              path
                "/ietf-acl:access-lists/ietf-acl:acl"
                  + "/ietf-acl:acl-type";
            }
            description
              "Reference to the ACL set type";
          }
        }  // list acl-set
      }  // container dots-acl-order
    }
  }  // module ietf-dots-data-channel