This submodule contains a collection of YANG definitions for Cisco IOS-XR crypto-macsec-mka package operational data. Copyright...
Version: 2021-04-15
submodule Cisco-IOS-XR-crypto-macsec-mka-oper-sub1 { yang-version 1; belongs-to Cisco-IOS-XR-crypto-macsec-mka-oper { prefix Cisco-IOS-XR-crypto-macsec-mka-oper; } import cisco-semver { prefix semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This submodule contains a collection of YANG definitions for Cisco IOS-XR crypto-macsec-mka package operational data. Copyright (c) 2013-2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-04-15" { description "Modified to display session stats 2021-02-17 Modified to display port power status 2021-01-19 show_mka.bag dormant entry remove 2020-08-24 MKA PPK"; } revision "2019-05-27" { description "MKA ISSU"; } revision "2019-04-05" { description "MKA ISSU"; } revision "2015-11-09" { description "IOS XR 6.0 revision."; } semver:module-version "2.0.0"; semver:module-version "1.1.0"; semver:module-version "1.1.0"; typedef Mka-authentication-mode { type enumeration { enum "auth-mode-invalid" { value 0; description "Invalid authentication mode"; } enum "auth-mode-psk" { value 1; description "Preshared Key"; } enum "auth-mode-eap" { value 2; description "EAP"; } } description "Mka authentication mode"; } typedef Macsec-service-port { type enumeration { enum "macsec-service-port-none" { value 0; description "Macsec Service not enabled"; } enum "macsec-service-port-encryption" { value 1; description "Macsec Service Encryption Port"; } enum "macsec-service-port-decryption" { value 2; description "Macsec Service Decryption Port"; } } description "Macsec service port"; } typedef Macsec-cipher-suite { type enumeration { enum "cipher-suite-none" { value 0; description "Invalid MACsec cipher"; } enum "cipher-suite-gcm-aes-128" { value 1; description "128 bit GCM_AES MACsec cipher suite"; } enum "cipher-suite-gcm-aes-256" { value 2; description "256 bit GCM_AES MACsec cipher suite"; } enum "cipher-suite-gcm-aes-128-xpn" { value 3; description "128 bit GCM_AES MACsec XPN cipher suite"; } enum "cipher-suite-gcm-aes-256-xpn" { value 4; description "256 bit GCM_AES MACsec XPN cipher suite"; } } description "Macsec cipher suite"; } grouping MKA-INTERFACE-SUMMARY { description "MKA INTERFACE SUMMARY"; leaf interface-name { type string; description "macsec configured interface"; } leaf short-name { type string; description "Short Name String"; } leaf key-chain { type string; description "Name of the Key chain"; } leaf policy { type string; description "Policy name"; } leaf macsec-svc-port { type boolean; description "Is macsec-service port or not"; } leaf macsec-svc-port-type { type Macsec-service-port; description "Macsec-service Encryption / Decryption port"; } leaf svcport-short-name { type string; description "Macsec Service paired port Short Name String"; } leaf mka-mode { type Mka-authentication-mode; description "MKA authentication mode"; } leaf fallback-keychain { type string; description "fallback Keychain name"; } leaf macsec-shutdown { type boolean; description "MacsecShutdown"; } } // grouping MKA-INTERFACE-SUMMARY grouping MKA-INTERFACE-INFO { description "MKA INTERFACE INFO"; container interface-summary { description "MKA Interface Summary"; uses MKA-INTERFACE-SUMMARY; } // container interface-summary } // grouping MKA-INTERFACE-INFO grouping MKA-CA-PPK-FAILURE { description "MKA CA PPK FAILURE"; leaf ppk-id-null-recv { type uint32; description "PPK ID NULL recv"; } leaf ppk-id-mismatch { type uint32; description "PPK ID mismatch"; } leaf ppk-req-timeout { type uint32; description "PPK Request timeout"; } leaf ppk-tuple-fail { type uint32; description "PPK Tuple Fail"; } leaf ppk-retrieval-fail { type uint32; description "PPK retrieval fail"; } leaf ppk-retry-fail { type uint32; description "PPK retry fail"; } leaf ppk-tid-mismatch { type uint32; description "PPK TID mismatch"; } leaf ppk-aipc-conn-down { type uint32; description "PPK Aipc conn down"; } } // grouping MKA-CA-PPK-FAILURE grouping MKPDU-CA-RX-FAIL { description "MKPDU CA RX FAIL"; leaf rx-icv-validation-fail { type uint32; description "Rx ICV validation fail"; } leaf rx-bad-peer-mn { type uint32; description "Rx Bad Peer MN"; } leaf rx-non-recent-peerlist-mn { type uint32; description "Rx non-recent peerlist MN"; } leaf rx-sak-use-kn-mismatch { type uint32; description "Rx SAK USE KN mismatch"; } leaf rx-sak-use-rx-not-set { type uint32; description "Rx SAK USE rx not set"; } leaf rx-sak-use-key-mi-mismatch { type uint32; description "Rx SAK USE Key MI mismatch"; } leaf rx-sak-use-an-not-in-use { type uint32; description "Rx SAK USE AN not in use"; } leaf rx-sak-use-ks-rx-tx-not-set { type uint32; description "Rx SAK USE KS RX/TX not set"; } leaf ppk-id-nak { type uint32; description "PPK ID NAK"; } leaf ppk-id-not-found { type uint32; description "PPK id not found"; } } // grouping MKPDU-CA-RX-FAIL grouping MKPDU-CA-RX { description "MKPDU CA RX"; leaf mkpdu-received { type uint32; description "MKPDU Received"; } leaf dist-sak { type uint32; description "Distributed SAK"; } leaf dist-ppk { type uint32; description "Distributed PPK"; } leaf dist-cak { type uint32; description "Distributed CAK"; } leaf ppk-capable { type uint32; description "PPK Cabable"; } } // grouping MKPDU-CA-RX grouping MKPDU-CA-TX { description "MKPDU CA TX"; leaf mkpdu-transmitted { type uint32; description "MKPDU Transmitted"; } leaf dist-sak { type uint32; description "Distributed SAK"; } leaf dist-ppk { type uint32; description "Distributed PPK"; } leaf dist-cak { type uint32; description "Distributed CAK"; } leaf ppk-capable { type uint32; description "PPK Cabable"; } } // grouping MKPDU-CA-TX grouping MKA-MKPDU-CA-STATS { description "MKA MKPDU CA STATS"; container ca-tx { description "MKPDU CA tx stats"; uses MKPDU-CA-TX; } // container ca-tx container ca-rx { description "MKPDU CA rx stats"; uses MKPDU-CA-RX; } // container ca-rx container ca-rx-fail { description "CA Rx Fail"; uses MKPDU-CA-RX-FAIL; } // container ca-rx-fail } // grouping MKA-MKPDU-CA-STATS grouping MKA-KEY-DERIVATION-STATS { description "MKA KEY DERIVATION STATS"; leaf sak-generated { type uint32; description "SAK Generated"; } leaf sak-rekeyed { type uint32; description "SAK Rekeyed"; } leaf sak-received { type uint32; description "SAK Received"; } leaf sak-resp-rvcd { type uint32; description "SAK Respone Received"; } leaf ppk-tuple-generated { type uint32; description "PPK Tuple Generated"; } leaf ppk-retrieved { type uint32; description "PPK Retrieved"; } leaf pairwise-cak-derived { type uint32; description "Pairwise CAK derived"; } leaf pairwise-cak-rekey { type uint32; description "Pairwise CAK rekey"; } } // grouping MKA-KEY-DERIVATION-STATS grouping MKA-INTF-CA-STATS { description "MKA INTF CA STATS"; container key-derivation-stats { description "MKA Key derivation stats"; uses MKA-KEY-DERIVATION-STATS; } // container key-derivation-stats container mkpdu-stats { description "MKA MKPDU CA stats"; uses MKA-MKPDU-CA-STATS; } // container mkpdu-stats container ppk-failure { description "CA PPK Failure"; uses MKA-CA-PPK-FAILURE; } // container ppk-failure leaf ckn { type string; description "CKN"; } leaf ca-type { type string; description "CA type"; } } // grouping MKA-INTF-CA-STATS grouping MKA-MACSEC-FAILURE { description "MKA MACSEC FAILURE"; leaf rx-sc-creation { type uint32; description "Rx SC creation failure"; } leaf tx-sc-creation { type uint32; description "Tx SC creation failure"; } leaf rx-sa-install { type uint32; description "Rx SA install failure"; } leaf tx-sa-install { type uint32; description "Tx SA install failure"; } } // grouping MKA-MACSEC-FAILURE grouping MKA-IDB-PPK-FAILURE { description "MKA IDB PPK FAILURE"; leaf ppk-id-null-recv { type uint32; description "PPK ID NULL recv"; } leaf ppk-id-mismatch { type uint32; description "PPK ID mismatch"; } leaf ppk-req-timeout { type uint32; description "PPK Request timeout"; } leaf ppk-tuple-fail { type uint32; description "PPK Tuple Fail"; } leaf ppk-retrieval-fail { type uint32; description "PPK retrieval fail"; } leaf ppk-retry-fail { type uint32; description "PPK retry fail"; } leaf ppk-tid-mismatch { type uint32; description "PPK TID mismatch"; } leaf ppk-hash-key-gen { type uint32; description "PPK Hash key generation fail"; } leaf ppk-id-encr-wrap { type uint32; description "PPK Id encryption/Wrap fail"; } leaf ppk-id-decr-unwrap { type uint32; description "PPK id decryption/unwrap fail"; } leaf ppk-aipc-conn-down { type uint32; description "PPK Aipc conn down"; } } // grouping MKA-IDB-PPK-FAILURE grouping MKA-SAK-FAILURE { description "MKA SAK FAILURE"; leaf sak-gen { type uint32; description "SAK gen failure"; } leaf hash-key-gen { type uint32; description "Hash key gen failure"; } leaf sak-encr-wrap { type uint32; description "SAK Encryption/Wrap Failure"; } leaf sak-decr-unwrap { type uint32; description "SAK Decryption/Unwrap Failure"; } } // grouping MKA-SAK-FAILURE grouping MKA-IDB-FAILURE-STATS { description "MKA IDB FAILURE STATS"; container sak-failure { description "MKA IDB SAK Failure"; uses MKA-SAK-FAILURE; } // container sak-failure container ppk-failure { description "MKA IDB PPK Failure"; uses MKA-IDB-PPK-FAILURE; } // container ppk-failure container macsec-failure { description "MKA IDB MACsec Failure"; uses MKA-MACSEC-FAILURE; } // container macsec-failure } // grouping MKA-IDB-FAILURE-STATS grouping MKPDU-OPER-STATS { description "MKPDU OPER STATS"; leaf tx-success { type uint32; description "MKPDU Tx Success"; } leaf rx-success { type uint32; description "MKPDU Rx Success"; } leaf tx-force-suspended { type uint32; description "MKPDU Tx force suspended"; } leaf rx-force-suspended { type uint32; description "MKPDU Rx force suspended"; } leaf no-tx-on-intf-down { type uint32; description "No Tx on intf down"; } leaf no-rx-on-intf-down { type uint32; description "No Rx on intf down"; } leaf tx-fail { type uint32; description "Tx Fail"; } leaf tx-pkt-build-fail { type uint32; description "Tx Pkt Build Fail"; } leaf rx-ca-not-found { type uint32; description "Rx CA not found"; } leaf rx-error { type uint32; description "Rx Error"; } leaf rx-invalid-length { type uint32; description "Rx Invalid length"; } leaf rx-invalid-ckn { type uint32; description "Rx invalid ckn"; } leaf rx-icv-validation-fail { type uint32; description "Rx ICV validation fail"; } leaf rx-bad-peer-mn { type uint32; description "Rx Bad Peer MN"; } leaf rx-non-recent-peerlist-mn { type uint32; description "Rx non-recent peerlist MN"; } leaf rx-sak-use-kn-mismatch { type uint32; description "Rx SAK USE KN mismatch"; } leaf rx-sak-use-rx-not-set { type uint32; description "Rx SAK USE rx not set"; } leaf rx-sak-use-key-mi-mismatch { type uint32; description "Rx SAK USE Key MI mismatch"; } leaf rx-sak-use-an-not-in-use { type uint32; description "Rx SAK USE AN not in use"; } leaf rx-sak-use-ks-rx-tx-not-set { type uint32; description "Rx SAK USE KS RX/TX not set"; } leaf rx-pkt-sak-use-ethertype-mismatch { type uint32; description "RX Packet ethertype mismatch"; } leaf rx-pkt-source-mac-null { type uint32; description "Rx Packet Source mac null"; } leaf rx-pkt-dest-mac-null { type uint32; description "Rx Packet dest mac null"; } leaf rx-pkt-pyld-null { type uint32; description "Rx Packet Payload Null"; } leaf ppk-id-nak { type uint32; description "PPK ID NAK"; } leaf ppk-id-not-found { type uint32; description "PPK id not found"; } } // grouping MKPDU-OPER-STATS grouping MKA-INTF-IDB-STATS { description "MKA INTF IDB STATS"; container mkpdu-stats { description "MKPDU Stats"; uses MKPDU-OPER-STATS; } // container mkpdu-stats container failure-stats { description "MKA IDB Failure Stats"; uses MKA-IDB-FAILURE-STATS; } // container failure-stats } // grouping MKA-INTF-IDB-STATS grouping LAST-SAK-DATA { description "LAST SAK DATA"; leaf an { type string; description "AN"; } leaf sa-install-time { type string; description "SA Install Time"; } } // grouping LAST-SAK-DATA grouping MKA-INTF-SESSION-STATS { description "MKA INTF SESSION STATS"; container sak-data { description "Last SAK Data"; uses LAST-SAK-DATA; } // container sak-data leaf link-secure-up-time { type string; description "Link Secure Uptime"; } leaf session-up-time { type string; description "Session Uptime"; } leaf sak-rekey-count-ha { type uint32; description "Number of SAK Rekeys (since link secured)"; } leaf sak-rekey-count { type uint32; description "Number of SAK Rekeys"; } } // grouping MKA-INTF-SESSION-STATS grouping MKA-INTF-STATISTICS { description "MKA INTF STATISTICS"; container session-stats { description "Session Stats for interface"; uses MKA-INTF-SESSION-STATS; } // container session-stats container idb-stats { description "IDB stats for interface"; uses MKA-INTF-IDB-STATS; } // container idb-stats leaf interface-name { type string; description "Interface Name"; } list ca-stat { description "List of CA stats"; uses MKA-INTF-CA-STATS; } // list ca-stat } // grouping MKA-INTF-STATISTICS grouping SUSPEND-PEER-DATA { description "SUSPEND PEER DATA"; leaf rx-sci { type uint64; description "RX SCI"; } leaf rx-ssci { type uint32; description "RX SSCI"; } } // grouping SUSPEND-PEER-DATA grouping PEER-DATA { description "PEER DATA"; leaf mi { type string; description "Member ID"; } leaf sci { type string; description "Rx SCI"; } leaf mn { type uint32; description "Message Number"; } leaf priority { type uint32; description "KS Priority"; } leaf ssci { type uint32; description "Peer SSCI"; } } // grouping PEER-DATA grouping CA-DATA { description "CA DATA"; container peers-status { description "Peers Status"; uses PEERS-STATUS-DATA; } // container peers-status leaf is-key-server { type boolean; description "Is Key Server"; } leaf status { type string; description "Session Status [Secured/Not Secured]"; } leaf num-live-peers { type uint32; description "Number of Live Peers"; } leaf first-ca { type boolean; description "Is First CA"; } leaf peer-sci { type string; description "Peer SCI(MAC)"; } leaf num-live-peers-responded { type uint32; description "Number of Live Peers responded"; } leaf ckn { type string; description "CKN"; } leaf my-mi { type string; description "Member Identifier"; } leaf my-mn { type uint32; description "Message Number"; } leaf authenticator { type boolean; description "authenticator"; } leaf num-suspend-request { type uint32; description "Number of Suspend Request"; } leaf status-description { type string; description "Status Description"; } leaf authentication-mode { type string; description "CA Authentication Mode :PRIMARY-PSK/FALLBACK-PSK/EAP"; } leaf key-chain { type string; description "Key Chain name"; } list live-peer { description "Live Peer List"; uses PEER-DATA; } // list live-peer list potential-peer { description "Potential Peer List"; uses PEER-DATA; } // list potential-peer list suspend-peer { description "Suspend Peer List"; uses SUSPEND-PEER-DATA; } // list suspend-peer } // grouping CA-DATA grouping PEER-STATUS-DATA-INTERNAL { description "PEER STATUS DATA INTERNAL"; leaf mi { type string { length "0..25"; } description "Member ID"; } leaf icv-status { type string { length "0..10"; } description "ICV Status"; } leaf icv-check-timestamp { type string { length "0..128"; } description "ICV Check Timestamp"; } } // grouping PEER-STATUS-DATA-INTERNAL grouping PEER-STATUS-DATA { description "PEER STATUS DATA"; container peer-data { description "Peer Status Data"; uses PEER-STATUS-DATA-INTERNAL; } // container peer-data leaf sci { type string { length "0..17"; } description "Rx SCI"; } } // grouping PEER-STATUS-DATA grouping PEERS-STATUS-DATA { description "PEERS STATUS DATA"; leaf tx-mkpdu-timestamp { type string { length "0..128"; } description "Tx MKPDU Timestamp"; } leaf peer-count { type uint32; description "Peer Count"; } list peer { description "Peer List"; uses PEER-STATUS-DATA; } // list peer } // grouping PEERS-STATUS-DATA grouping FALLBACK-KEEPALIVE-DATA { description "FALLBACK KEEPALIVE DATA"; container peers-status { description "Peers Status"; uses PEERS-STATUS-DATA; } // container peers-status leaf ckn { type string { length "0..65"; } description "CKN"; } leaf mi { type string { length "0..25"; } description "Member Identifier"; } leaf mn { type uint32; description "Message Number"; } } // grouping FALLBACK-KEEPALIVE-DATA grouping VP-DATA { description "VP DATA"; leaf my-sci { type string; description "Local SCI(MAC)"; } leaf virtual-port-id { type uint32; description "Virtual Port ID"; } leaf latest-rx { type boolean; description "Latest Rx status"; } leaf latest-tx { type boolean; description "Latest Tx status"; } leaf latest-an { type uint32; description "Latest SAK AN"; } leaf latest-ki { type string; description "Latest SAK KI"; } leaf latest-kn { type uint32; description "Latest SAK KN"; } leaf old-rx { type boolean; description "Old Rx status"; } leaf old-tx { type boolean; description "Old Tx status"; } leaf old-an { type uint32; description "Old SAK AN"; } leaf old-ki { type string; description "Old SAK KI"; } leaf old-kn { type uint32; description "Old SAK KN"; } leaf wait-time { type uint32; description "SAK Transmit Wait Time"; } leaf retire-time { type uint32; description "SAK Retire time"; } leaf macsec-cipher-suite { type Macsec-cipher-suite; description "SAK Cipher Suite"; } leaf ssci { type uint32; description "SSCI of the Local TxSC"; } leaf time-to-sak-rekey { type string; description "Next SAK Rekey time in Sec"; } leaf time-to-exit-suspension { type string; description "Time to exit suspension"; } leaf sak-gen-mode { type string; description "SAK gen mode"; } list fallback-keepalive { description "Fallback Keepalive"; uses FALLBACK-KEEPALIVE-DATA; } // list fallback-keepalive } // grouping VP-DATA grouping MKA-VLAN-TAG { description "MKA VLAN TAG"; leaf ether-type { type uint16; description "EtherType"; } leaf priority { type uint8; description "Priority"; } leaf cfi { type uint8; description "Cannonical Format Identifier"; } leaf vlan-id { type uint16; description "Vlan Id"; } } // grouping MKA-VLAN-TAG grouping MKA-SESSION-SUMMARY { description "MKA SESSION SUMMARY"; container outer-tag { description "VLAN Outer TAG"; uses MKA-VLAN-TAG; } // container outer-tag container inner-tag { description "VLAN Inner TAG"; uses MKA-VLAN-TAG; } // container inner-tag leaf interface-name { type string; description "macsec configured interface"; } leaf inherited-policy { type boolean; description "Is Inherited Policy"; } leaf policy { type string; description "Policy Name"; } leaf priority { type uint32; description "Key Server Priority"; } leaf my-mac { type string; description "My MAC"; } leaf delay-protection { type boolean; description "Delay Protect"; } leaf replay-protect { type boolean; description "Replay Protect"; } leaf window-size { type uint32; description "Replay Window Size"; } leaf include-icv-indicator { type boolean; description "IncludeICVIndicator"; } leaf confidentiality-offset { type uint32; description "Confidentiality Offset"; } leaf algo-agility { type uint32; description "Alogorithm Agility"; } leaf capability { type uint32; description "MACSec Capability"; } leaf mka-cipher-suite { type string; description "MKA Cipher Suite"; } leaf configured-mac-sec-cipher-suite { type string; description "configured cipher suite"; } leaf mac-sec-desired { type boolean; description "MACSec Desired"; } } // grouping MKA-SESSION-SUMMARY grouping MKA-SESSION { description "MKA SESSION"; container session-summary { description "Session summary"; uses MKA-SESSION-SUMMARY; } // container session-summary container vp { description "Virtual Pointer Info"; uses VP-DATA; } // container vp list ca { description "CA List for a Session"; uses CA-DATA; } // list ca } // grouping MKA-SESSION } // submodule Cisco-IOS-XR-crypto-macsec-mka-oper-sub1
© 2023 YumaWorks, Inc. All rights reserved.