This module contains a collection of YANG definitions of SSL proxy operational data for Application Quality of Experience (APPQO...
Version: 2021-07-01
module Cisco-IOS-XE-appqoe-sslproxy-oper { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XE-appqoe-sslproxy-oper"; prefix appqoe-sslproxy-xe-oper; import cisco-semver { prefix cisco-semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 Tel: +1 1800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions of SSL proxy operational data for Application Quality of Experience (APPQOE). This includes SSL proxy configuration, status and statistics. Copyright (c) 2020-2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-07-01" { description "Initial revision"; reference "1.0.0"; } cisco-semver:module-version "1.0.0"; typedef appqoe-sslproxy-cert-validation-action { type enumeration { enum "cert-valid-action-drop" { value 0; description "Drop the flow"; } enum "cert-valid-action-decrypt" { value 1; description "Decrypt the flow"; } enum "cert-valid-action-unknown" { value 2; description "Certificate validation action unknown"; } } description "APPQOE SSL proxy certificate validation actions"; } typedef appqoe-sslproxy-unsupported-mode-action { type enumeration { enum "unsup-mode-action-drop" { value 0; description "Drop the flow"; } enum "unsup-mode-action-no-decrypt" { value 1; description "Push down the flow"; } enum "unsup-mode-action-unknown" { value 2; description "Unsupported mode action unknown"; } } description "APPQOE SSL proxy unsupported mode actions"; } typedef appqoe-sslproxy-failure-mode-action { type enumeration { enum "failure-mode-action-open" { value 0; description "Push down the flow"; } enum "failure-mode-action-close" { value 1; description "Close the flow"; } enum "failure-mode-action-unknown" { value 2; description "Failure mode action unknown"; } } description "APPQOE SSL proxy failure mode actions"; } typedef appqoe-sslproxy-cert-revocation-check { type enumeration { enum "cert-rev-ocsp" { value 0; description "Use Online Certificate Status Protocol (OCSP) for certificate revocation check"; } enum "cert-rev-none" { value 1; description "No certificate revocation check"; } enum "cert-rev-unknown" { value 2; description "Certificate revocation check is unknown"; } } description "APPQOE SSL proxy certificate revocation check"; } typedef appqoe-sslproxy-min-tls-version { type enumeration { enum "tls-ver-1" { value 0; description "TLS version 1.0"; } enum "tls-ver-1-1" { value 1; description "TLS version 1.1"; } enum "tls-ver-1-2" { value 2; description "TLS version 1.2"; } enum "tls-ver-unknown" { value 3; description "TLS version unknown"; } } description "APPQOE SSL proxy minimum TLS version"; } typedef appqoe-sslproxy-ec-key-type { type enumeration { enum "ec-key-p256" { value 0; description "Elliptic curve P256"; } enum "ec-key-p384" { value 1; description "Elliptic curve P384"; } enum "ec-key-p521" { value 2; description "Elliptic curve P521"; } enum "ec-key-unknown" { value 3; description "Elliptic curve key type unknown"; } } description "APPQOE SSL proxy elliptic curve key type"; } grouping appqoe-sslproxy-status { description "APPQOE SSL proxy configuration and status details"; leaf ca-cert-bundle { type string; description "Filename of CA certificate bundle"; } leaf ca-tp-label { type string; description "Default trustpoint label for SSL proxy"; } leaf cert-lifetime-in-days { type uint32; description "Certificate lifetime in days"; } leaf ec-key-type { type appqoe-sslproxy-ec-key-type; description "Elliptic curve key type for SSL Proxy"; } leaf rsa-key-mod { type uint32; units "bits"; description "RSA key length"; } leaf cert-revocation { type appqoe-sslproxy-cert-revocation-check; description "Use OCSP for certificate revocation or none"; } leaf expired-cert { type appqoe-sslproxy-cert-validation-action; description "Action for expired certificate"; } leaf untrusted-cert { type appqoe-sslproxy-cert-validation-action; description "Action for untrusted certificate"; } leaf unknown-status { type appqoe-sslproxy-cert-validation-action; description "Action for unknown status"; } leaf unsup-protocol-version { type appqoe-sslproxy-unsupported-mode-action; description "Action for unsupported protocol version"; } leaf unsup-cipher-suite { type appqoe-sslproxy-unsupported-mode-action; description "Action for unsupported cipher suite"; } leaf failure-mode { type appqoe-sslproxy-failure-mode-action; description "Action for failure mode"; } leaf minimum-tls-version { type appqoe-sslproxy-min-tls-version; description "Minimum TLS version for SSL Proxy"; } leaf clear-mode { type boolean; description "Clear mode"; } leaf dual-side-opt { type boolean; description "Enable/Disable dual-side optimization"; } } // grouping appqoe-sslproxy-status grouping appqoe-sslproxy-stats { description "APPQOE SSL proxy statistics details"; leaf tot-conn { type uint64; description "Total connections"; } leaf proxied-conn { type uint64; description "Proxied connections"; } leaf non-proxied-conn { type uint64; description "Non-proxied connections"; } leaf clear-conn { type uint64; description "Clear connections"; } leaf active-proxied-conn { type uint64; description "Active proxied connections"; } leaf active-non-proxied-conn { type uint64; description "Active non-proxied connections"; } leaf active-clear-conn { type uint64; description "Active clear connections"; } leaf max-conc-proxied-conn { type uint64; description "Maximum concurrent proxied connections"; } leaf max-conc-non-proxied-conn { type uint64; description "Maximum concurrent non-proxied connections"; } leaf max-conc-clear-conn { type uint64; description "Maximum concurrent clear connections"; } leaf tot-closed-conn { type uint64; description "Total closed connections"; } leaf unsup-cipher { type uint64; description "Non-proxied connections due to unsupported cipher"; } leaf unsup-ssl-version { type uint64; description "Non-proxied connections due to unsupported SSL version"; } leaf min-tls-version { type uint64; description "Non-proxied connections due to unsupported TLS version"; } leaf non-ssl-traffic { type uint64; description "Non-proxied connections due to non-ssl traffic"; } leaf mem-alloc-fail { type uint64; description "Non-proxied connections due to memory allocation fail"; } leaf mem-access-issue { type uint64; description "Non-proxied connections due to memory access fail"; } leaf hs-unsupported { type uint64; description "Non-proxied connections due to handshake unsupported"; } leaf ssl-parse-failure { type uint64; description "Non-proxied connections due to SSL parse fail"; } leaf ssl-error { type uint64; description "Non-proxied connections due to SSL error"; } leaf unexpected-packet { type uint64; description "Non-proxied connections due to unexpected packet"; } leaf error-state { type uint64; description "Non-proxied connections due to error state"; } leaf exception { type uint64; description "Non-proxied connections due to exception"; } leaf endpoint-alert { type uint64; description "Non-proxied connections due to endpoint alert"; } leaf tcp-close-before-hs { type uint64; description "Non-proxied connections due to TCP close before handshake"; } leaf peer-pd { type uint64; description "Non-proxied connections due to peer push down"; } leaf ism-flow-create-fail { type uint64; description "Non-proxied connections due to ISM flow create fail"; } leaf unknown-reasons { type uint64; description "Non-proxied connections due to unknown reasons"; } leaf drop-unable-to-get-pr-cert { type uint64; description "Drop connections due to unable to get proxy certificate"; } leaf drop-expired-cert { type uint64; description "Drop connections due to expired certificate"; } leaf drop-tcp-close-before-hs { type uint64; description "Drop connections due to TCP close before handshake"; } leaf drop-mempool-get-fail { type uint64; description "Drop connections due to memory pool get fail"; } leaf drop-ocsp-cert-verify-fail { type uint64; description "Drop connections due to OCSP certificate verify fail"; } leaf drop-invalid-ssl-rec { type uint64; description "Drop connections due to invalid SSL record"; } leaf drop-ssl-parse-abort { type uint64; description "Drop connections due to SSL parse abort"; } leaf drop-mem-alloc-fail { type uint64; description "Drop connections due to memory allocation fail"; } leaf drop-mem-access-issue { type uint64; description "Drop connections due to memory access fail"; } leaf drop-nop-read-fn { type uint64; description "Drop connections due to no operation read function"; } leaf drop-invalid-fsm-evt { type uint64; description "Drop connections due to invalid FSM event"; } leaf drop-invalid-msg-type { type uint64; description "Drop connections due to invalid message type"; } leaf drop-de-handle-data-fail { type uint64; description "Drop connections due to decrypt or encrypt data fail"; } leaf drop-load-key-packet-fail { type uint64; description "Drop connections due to load key packet fail"; } leaf drop-ism-flow-create-fail { type uint64; description "Drop connections due to flow create fail"; } leaf drop-hs-unsupported { type uint64; description "Drop connections due to handshake unsupported"; } leaf drop-endpoint-alert { type uint64; description "Drop connections due to endpoint alert"; } leaf drop-key-pkt-snd-fail { type uint64; description "Drop connections due to key packet send fail"; } leaf drop-invalid-fs-type { type uint64; description "Drop connections due to invalid flow segment type"; } leaf drop-null-ch-buf { type uint64; description "Drop connections due to null client hello buffer"; } leaf drop-inv-evt-in-fsm-state { type uint64; description "Drop connections due to invalid event in FSM state"; } leaf drop-other-side-key-pend { type uint64; description "Drop connections due to key pending from other side"; } leaf drop-null-ssl-rec { type uint64; description "Drop connections due to null SSL record"; } leaf drop-send-ism-hs-msg-fail { type uint64; description "Drop connections due to Interposer Session Manager (ISM) handshake message send fail"; } leaf alert-genrtd-c2s { type uint64; description "Alert generated from proxy client"; } leaf alert-genrtd-s2c { type uint64; description "Alert generated from proxy server"; } leaf alert-recvd-c2s { type uint64; description "Alert received from client"; } leaf alert-recvd-s2c { type uint64; description "Alert received from server"; } leaf c2s-fin-rec { type uint64; description "FIN received from client at proxy server"; } leaf c2s-fin-rec-after-hs { type uint64; description "FIN received from client after handshake at proxy server"; } leaf c2s-fin-rec-during-hs { type uint64; description "FIN received from client during handshake at proxy server"; } leaf c2s-fin-rec-non-ssl { type uint64; description "FIN received from client for non SSL connection at proxy server"; } leaf c2s-fin-sent-to-sc { type uint64; description "FIN sent to service chain from proxy server"; } leaf c2s-fin-rec-from-sc { type uint64; description "FIN received from service chain at proxy client"; } leaf c2s-fin-sent { type uint64; description "FIN sent to server from proxy client"; } leaf c2s-rst-rec { type uint64; description "RST received from client at proxy server"; } leaf c2s-rst-generated { type uint64; description "RST generated at proxy client"; } leaf c2s-rst-sent-to-sc { type uint64; description "RST sent to service chain from proxy server"; } leaf c2s-rst-rec-from-sc { type uint64; description "RST received from service chain at proxy client"; } leaf c2s-rst-sent { type uint64; description "RST sent to server from proxy client"; } leaf c2s-cn-rec { type uint64; description "Close notify received from client at proxy server"; } leaf c2s-cn-sent-to-sc { type uint64; description "Close notify sent to service chain from proxy server"; } leaf c2s-cn-rec-from-sc { type uint64; description "Close notify received from service chain at proxy client"; } leaf c2s-cn-sent { type uint64; description "Close notify sent to server from proxy client"; } leaf s2c-fin-rec { type uint64; description "FIN received from server at proxy client"; } leaf s2c-fin-rec-after-hs { type uint64; description "FIN received from server after handshake at proxy client"; } leaf s2c-fin-rec-during-hs { type uint64; description "FIN received from server during handshake at proxy client"; } leaf s2c-fin-rec-non-ssl { type uint64; description "FIN received from server for non SSL connection at proxy client"; } leaf s2c-fin-sent-to-sc { type uint64; description "FIN sent to service chain from proxy client"; } leaf s2c-fin-rec-from-sc { type uint64; description "FIN received from service chain at proxy server"; } leaf s2c-fin-sent { type uint64; description "FIN sent to client from proxy server"; } leaf s2c-rst-rec { type uint64; description "RST received from server at proxy client"; } leaf s2c-rst-generated { type uint64; description "RST generated at proxy server"; } leaf s2c-rst-sent-to-sc { type uint64; description "RST sent to service chain from proxy client"; } leaf s2c-rst-rec-from-sc { type uint64; description "RST received from service chain at proxy server"; } leaf s2c-rst-sent { type uint64; description "RST sent to client from proxy server"; } leaf s2c-cn-rec { type uint64; description "Close notify received from server at proxy client"; } leaf s2c-cn-sent-to-sc { type uint64; description "Close notify sent to service chain from proxy client"; } leaf s2c-cn-rec-from-sc { type uint64; description "Close notify received from service chain at proxy server"; } leaf s2c-cn-sent { type uint64; description "Close notify sent to client from proxy server"; } leaf ps-lwssl-flow-create { type uint64; description "Flows created at proxy server"; } leaf ps-lwssl-flow-delete { type uint64; description "Flows deleted at proxy server"; } leaf ps-fs-mem-alloc-fail { type uint64; description "Flow segment memory allocation failed at proxy server"; } leaf ps-fin-rec-from-sc { type uint64; description "FIN received from service chain at proxy server"; } leaf ps-rst-rec-from-sc { type uint64; description "RST received from service chain at proxy server"; } leaf ps-cn-sent { type uint64; description "Close notify generated at proxy server"; } leaf pc-lwssl-flow-create { type uint64; description "Flows created at proxy client"; } leaf pc-lwssl-flow-delete { type uint64; description "Flows deleted at proxy client"; } leaf pc-fs-mem-alloc-fail { type uint64; description "Flow segment memory allocation failed at proxy client"; } leaf pc-fin-rec-from-sc { type uint64; description "FIN received from service chain at proxy client"; } leaf pc-rst-rec-from-sc { type uint64; description "RST received from service chain at proxy client"; } leaf pc-cn-sent { type uint64; description "Close notify generated at proxy client"; } leaf ism-flow-create { type uint64; description "Flows created at ISM"; } leaf ism-flow-delete { type uint64; description "Flows deleted at ISM"; } leaf ism-fifo-enqueue-failed { type uint64; description "ISM FIFO enqueue fail"; } leaf ism-sem-post-failed { type uint64; description "ISM semaphore operation failed"; } leaf lwssl-send-msg-toism-fail { type uint64; description "Light weight SSL failed to send message to ISM"; } leaf ism-msg-mem-alloc-failed { type uint64; description "Memory allocation failed for ISM message"; } leaf rm-session-alloc-success { type uint64; description "Resource manager session allocation success"; } leaf rm-session-alloc-failures { type uint64; description "Resource manager session allocation fail"; } leaf rm-session-free-success { type uint64; description "Resource manager session free success"; } leaf rm-session-free-failures { type uint64; description "Resource manager session free fail"; } leaf app-ocsp-reqs { type uint64; description "Application OCSP requests"; } leaf app-ocsp-res { type uint64; description "Application OCSP responses"; } leaf app-ocsp-timeout { type uint64; description "Application OCSP status timeout"; } leaf app-ocsp-failures { type uint64; description "Application OCSP status fail"; } leaf app-ocsp-good { type uint64; description "Application OCSP status good"; } leaf app-ocsp-revoked { type uint64; description "Application OCSP status revoked"; } leaf app-ocsp-unknown { type uint64; description "Application OCSP status unknown"; } leaf app-ocsp-req-int-error { type uint64; description "Application OCSP status internal error"; } leaf client-ocsp-reqs { type uint64; description "Client OCSP requests"; } leaf client-ocsp-res { type uint64; description "Client OCSP responses"; } leaf client-ocsp-timeout { type uint64; description "Client OCSP status timeout"; } leaf client-ocsp-failures { type uint64; description "Client OCSP status fail"; } leaf client-ocsp-good { type uint64; description "Client OCSP status good"; } leaf client-ocsp-revoked { type uint64; description "Client OCSP status revoked"; } leaf client-ocsp-unknown { type uint64; description "Client OCSP status unknown"; } leaf client-ocsp-req-int-error { type uint64; description "Client OCSP status internal error"; } leaf ocsp-stap-reqs { type uint64; description "OCSP stapling requests"; } leaf ocsp-stap-resp { type uint64; description "OCSP stapling responses"; } leaf ocsp-stap-valid-resp { type uint64; description "OCSP stapling status valid"; } leaf ocsp-stap-revoked-resp { type uint64; description "OCSP stapling status revoked"; } leaf ocsp-stap-unknown-resp { type uint64; description "OCSP stapling status unknown"; } leaf ocsp-stap-resp-val-fail { type uint64; description "OCSP stapling response validation fail"; } leaf tot-req-sslv2-flows { type uint64; description "Flows requested SSLv2"; } leaf tot-req-sslv3-flows { type uint64; description "Flows requested SSLv3"; } leaf tot-req-tls1-0-flows { type uint64; description "Flows requested TLS1.0"; } leaf tot-req-tls1-1-flows { type uint64; description "Flows requested TLS1.1"; } leaf tot-req-tls1-2-flows { type uint64; description "Flow requested TLS1.2"; } leaf tot-req-tls1-3-flows { type uint64; description "Flows requested TLS1.3"; } leaf tot-select-tls1-0-flows { type uint64; description "Flows selected TLS1.0"; } leaf tot-select-tls1-1-flows { type uint64; description "Flows selected TLS1.1"; } leaf tot-select-tls1-2-flows { type uint64; description "Flows selected TLS1.2"; } leaf che-pushdown { type uint64; description "Push down due to client hello extension is not supported"; } leaf che-bypass { type uint64; description "Client hello extension is bypass"; } leaf che-strip { type uint64; description "Client hello extension is stripped"; } leaf che-process { type uint64; description "Client hello extension is processed"; } leaf tot-ssl-hs-started { type uint64; description "Total handshakes started"; } leaf tot-ssl-hs-completed { type uint64; description "Total handshakes completed"; } leaf tot-full-ssl-hs { type uint64; description "Total full SSL handshakes"; } leaf tot-ssl-resump { type uint64; description "Total SSL resumption"; } leaf tot-ssl-resump-ses-id { type uint64; description "SSL resumption with session id"; } leaf tot-ssl-resump-ses-tkt { type uint64; description "SSL resumption with session ticket"; } leaf tot-ssl-fb-full-hs { type uint64; description "SSL fallback to full handshake"; } leaf tot-ssl-renego { type uint64; description "SSL renegotiation"; } leaf tot-failed-renego { type uint64; description "SSL renegotiation failed"; } leaf tot-server-cert-val-req { type uint64; description "Server certificate validation requests"; } leaf tot-server-cert-val-succes { type uint64; description "Server certificate validation success"; } leaf tot-server-cert-expired { type uint64; description "Server certificate expired"; } leaf tot-server-cert-untrusted { type uint64; description "Server certificate untrusted"; } leaf tot-client-cert-val-req { type uint64; description "Client certificate validation requests"; } leaf tot-client-cert-val-succes { type uint64; description "Client certificate validation success"; } leaf tot-client-cert-expired { type uint64; description "Client certificate expired"; } leaf tot-client-cert-untrusted { type uint64; description "Client certificate untrusted"; } leaf drop-exp-cert { type uint64; description "Policy drop for expired certificate"; } leaf drop-fail-mode { type uint64; description "Policy drop for failure mode"; } leaf drop-unknown-status { type uint64; description "Policy drop for unknown status"; } leaf drop-unsup-cipher { type uint64; description "Policy drop for unsupported cipher suites"; } leaf drop-unsup-prot-vers { type uint64; description "Policy drop for unsupported protocol version"; } leaf drop-untrusted-cert { type uint64; description "Policy drop for untrusted certificate"; } leaf decrypt-exp-cert { type uint64; description "Policy decrypt for expired certificate"; } leaf decrypt-fail-mode { type uint64; description "Policy decrypt for failure mode"; } leaf decrypt-unknown-status { type uint64; description "Policy decrypt for unknown status"; } leaf nodecrypt-unsup-cipher { type uint64; description "Policy no decrypt for unsupported cipher suites"; } leaf nodecrypt-unsup-prot-vers { type uint64; description "Policy no decrypt for unsupported protocol version"; } leaf decrypt-untrusted-cert { type uint64; description "Policy decrypt for untrusted certificate"; } leaf ps-pkt-rec-from-client { type uint64; description "Packets received from client at proxy server"; } leaf ps-pkt-sent-to-client { type uint64; description "Packets sent to client from proxy server"; } leaf ps-pkt-rec-from-sc { type uint64; description "Packets received from service chain at proxy server"; } leaf ps-pkt-sent-to-sc { type uint64; description "Packets sent to service chain from proxy server"; } leaf pc-pkt-rec-from-server { type uint64; description "Packets received from server at proxy client"; } leaf pc-pkt-sent-to-server { type uint64; description "Packets sent to server from proxy client"; } leaf pc-pkt-rec-from-sc { type uint64; description "Packets received from service chain at proxy client"; } leaf pc-pkt-sent-to-sc { type uint64; description "Packets sent to service chain from proxy client"; } leaf ps-clr-pkt-rec-from-client { type uint64; description "Clear packets received from client at proxy server"; } leaf pc-clr-pkt-rec-from-server { type uint64; description "Clear packets received from server at proxy client"; } leaf ps-clr-pkt-sent-to-sc { type uint64; description "Clear packets sent to service chain from proxy server"; } leaf ps-clr-pkt-rec-from-sc { type uint64; description "Clear packets received from service chain at proxy server"; } leaf pc-clr-pkt-sent-to-sc { type uint64; description "Clear packets sent to service chain from proxy client"; } leaf pc-clr-pkt-rec-from-sc { type uint64; description "Clear packets received from service chain at proxy client"; } leaf ps-clr-pkt-to-client { type uint64; description "Clear packets sent to client from proxy server"; } leaf pc-clr-pkt-to-server { type uint64; description "Clear packets sent to server from proxy client"; } leaf c2s-pkt-drop-deny-verdict { type uint64; description "Deny verdict received from service chain at proxy server"; } leaf s2c-pkt-drop-deny-verdict { type uint64; description "Deny verdict received from service chain at proxy client"; } } // grouping appqoe-sslproxy-stats container appqoe-sslproxy-oper-data { config false; description "APPQOE SSL proxy operational data"; container appqoe-sslproxy-status { presence "appqoe-sslproxy-status"; description "APPQOE SSL proxy configuration and status"; uses appqoe-sslproxy-xe-oper:appqoe-sslproxy-status; } // container appqoe-sslproxy-status container appqoe-sslproxy-stats { presence "appqoe-sslproxy-stats"; description "APPQOE SSL proxy statistics"; uses appqoe-sslproxy-xe-oper:appqoe-sslproxy-stats; } // container appqoe-sslproxy-stats } // container appqoe-sslproxy-oper-data } // module Cisco-IOS-XE-appqoe-sslproxy-oper
© 2023 YumaWorks, Inc. All rights reserved.