Junos forwarding-options configuration module
Version: 2019-01-01
module junos-nfx-conf-forwarding-options { yang-version 1; namespace "http://yang.juniper.net/junos-nfx/conf/forwarding-options"; prefix jc-forwarding-options; import junos-common-ddl-extensions { prefix junos; revision-date "2019-01-01"; } import junos-common-types { prefix jt; revision-date "2019-01-01"; } import junos-nfx-conf-root { prefix jc; revision-date "2019-01-01"; } organization "Juniper Networks, Inc."; contact "yang-support@juniper.net"; description "Junos forwarding-options configuration module"; revision "2019-01-01" { description "Junos: 21.3R1.9"; } augment /jc:configuration { uses forwarding-options-group; } augment /jc:configuration/jc:groups { uses forwarding-options-group; } grouping forwarding-options-group { container forwarding-options { description "Configure options to control packet forwarding"; uses juniper-forwarding-options; } // container forwarding-options } // grouping forwarding-options-group grouping juniper-forwarding-options { uses apply-advanced; list storm-control-profiles { key "name"; description "Storm control profile for this instance"; leaf name { junos:must "("forwarding-options storm-control-profiles $$ all")"; junos:must-message "Only aggregate profiles supported"; type string { length "1 .. 127"; } description "Storm control profile name"; } uses apply-advanced; container all { presence "enable all"; description "For all BUM traffic"; uses apply-advanced; choice bandwidth { leaf bandwidth-percentage { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } description "Percentage of link bandwidth"; } leaf bandwidth-level { type union { type string { pattern "<.*>|$.*"; } type uint32; } units "kbps"; description "Link bandwidth"; } } // choice bandwidth leaf burst-size { type union { type string { pattern "<.*>|$.*"; } type uint32; } units "bytes"; description "Burst size"; } leaf no-broadcast { type empty; description "Disable broadcast storm control"; } leaf no-unknown-unicast { type empty; description "Disable unknown unicast storm control"; } choice no-multicast-choices { leaf no-multicast { type empty; description "Disable multicast storm control"; } leaf no-registered-multicast { type empty; description "Disable registered multicast storm control"; } leaf no-unregistered-multicast { type empty; description "Disable unregistered multicast storm control"; } } // choice no-multicast-choices } // container all leaf action-shutdown { type empty; description "Disable port for excessive storm control errors"; } } // list storm-control-profiles container tunnels { presence "enable tunnels"; description "Tunnel port profile"; uses apply-advanced; container udp { presence "enable udp"; uses apply-advanced; container payload-port-profile { presence "enable payload-port-profile"; description "Tunnel payload port profile udp, only 1 can exist"; uses apply-advanced; leaf profile-name { type string; description "Payload port profile name"; } leaf inet { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } description "Tunnel port profile udp inet port"; } leaf inet6 { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } description "Tunnel port profile udp inet6 port"; } leaf mpls { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } description "Tunnel port profile udp mpls port"; } leaf iso { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } description "Tunnel port profile udp iso port"; } } // container payload-port-profile } // container udp } // container tunnels list mirror-profile { key "name"; description "Mirror profile of mirror instance"; uses mirror-profile-attributes; } // list mirror-profile choice sampling-or-packet-capture { container sampling { description "Statistical traffic sampling options"; uses juniper-sampling-options; } // container sampling container packet-capture { description "Packet capture options"; uses juniper-packet-capture-options; } // container packet-capture } // choice sampling-or-packet-capture list monitoring { key "name"; description "Configure lawful interception of traffic"; uses juniper-monitoring-options; } // list monitoring list accounting { key "name"; description "Configure accounting of traffic"; uses juniper-packet-accounting-options; } // list accounting list analyzer { key "name"; max-elements 64; description "Analyzer options"; uses smpl-analyzer-type; } // list analyzer container port-mirroring { description "Configure port mirroring of traffic"; uses juniper-port-mirror-options; } // container port-mirroring container evpn-vxlan { description "EVPN VXLAN configurations"; uses apply-advanced; leaf shared-tunnels { type empty; description "Create VTEP tunnels to EVPN PE"; } container reroute-address { description "Reroute IP address for vxlan encapsulation"; choice family { container inet { presence "enable inet"; description "IPv4 address family"; uses apply-advanced; leaf address { type jt:ipv4addr; description "Reroute address for IPV4 FRR"; } } // container inet container inet6 { presence "enable inet6"; description "IPv6 address family"; uses apply-advanced; leaf address { type jt:ipv6addr; description "Reroute address for IPV6 FRR"; } } // container inet6 } // choice family } // container reroute-address } // container evpn-vxlan container multicast-replication { description "Set mode of multicast replication"; uses apply-advanced; leaf ingress { junos:must "("chassis network-services enhanced-ip")"; junos:must-message "Enhanced IP must be configured for using multicast-replication features"; type empty; description "Complete ingress replication"; } leaf local-latency-fairness { junos:must "("chassis network-services enhanced-ip")"; junos:must-message "Enhanced IP must be configured for using multicast-replication features"; type empty; description "Complete parallel replication"; } container evpn { description "EVPN IRB multicast related options"; uses apply-advanced; leaf irb { type enumeration { enum "local-only" { value 0; description "Multicast forward in local-only mode"; } enum "local-remote" { value 1; description "Multicast forward in local-remote mode"; } enum "oism" { value 2; description "Optimized inter subnet multicast mode"; } } } leaf smet-nexthop-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10000 .. 40000"; } } description "Flood traffic to all egress when count goes above limit"; } } // container evpn } // container multicast-replication container load-balance { description "Configure load-balancing attributes on the forwarding path"; uses apply-advanced; leaf ecmp-local-bias { type empty; description "Apply locality bias for ecmp nexthops"; } container indexed-load-balance { presence "enable indexed-load-balance"; description "Use indexed permuted next hop lists for unilist and aggregate next hops"; uses apply-advanced; } // container indexed-load-balance container per-flow { uses apply-advanced; leaf hash-seed { type empty; description "Enable per flow seed value on packet forwarding engine"; } } // container per-flow container per-prefix { presence "enable per-prefix"; uses apply-advanced; leaf hash-seed { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "0 .. 65534"; } } default "0"; description "Specifies per-router input value for per-prefix load-balancing hash function"; } } // container per-prefix } // container load-balance container hash-key { description "Select data used in the hash key"; uses junos_hash_key; } // container hash-key container local-bias { presence "enable local-bias"; description "Turn on local bias functionality"; uses apply-advanced; leaf disable { type empty; description "Disable local-bias"; } } // container local-bias container enhanced-hash-key { description "Select data used in the hash key for Enhanced IP Forwarding Engines"; uses apply-advanced; leaf use-trunk-max-links { type empty; description "Use 8 links in trunk programming instead of actual links"; } leaf ecmp-resilient-hash { junos:must "(!(".. ecmp-dlb"))"; junos:must-message "RH and DLB cannot be configured together"; type empty; description "Set resilient hashing for ECMP"; } container lag-dlb { presence "enable lag-dlb"; description "Setting dynamic load balancing options for LAG"; uses apply-advanced; container ether-type { presence "enable ether-type"; description "Setting ether type for LAG DLB"; uses apply-advanced; leaf ipv4 { type empty; description "Ether type is ipv4"; } leaf ipv6 { type empty; description "Ether type is ipv6"; } leaf mpls { type empty; description "Ether type is mpls"; } } // container ether-type } // container lag-dlb container fabric-load-balance { presence "enable fabric-load-balance"; status deprecated; description "Set load balancing options for VC-Fabric forwarding"; uses apply-advanced; choice mode { container flowlet { presence "enable flowlet"; status deprecated; description "Inactivity-based flowlet link assignment (default)"; uses apply-advanced; leaf inactivity-interval { type enumeration { enum "16us" { value 0; status deprecated; description "16 microseconds (default)"; } enum "64us" { value 1; status deprecated; description "64 microseconds"; } enum "512us" { value 2; status deprecated; description "512 microseconds"; } enum "32ms" { value 3; status deprecated; description "32 milliseconds"; } } status deprecated; description "Minimum inactivity interval for flowlet detection"; } } // container flowlet leaf per-packet { type empty; status deprecated; description "Per-packet optimal spraying"; } } // choice mode } // container fabric-load-balance container ecmp-dlb { junos:must "(!(".. ecmp-resilient-hash"))"; junos:must-message "RH and DLB cannot be configured together"; description "Set load balancing options for VC-Fabric forwarding"; uses apply-advanced; choice mode { leaf assigned-flow { type empty; description "Flow-based fixed link assignment"; } container flowlet { presence "enable flowlet"; description "Inactivity-based flowlet link assignment (default)"; uses apply-advanced; leaf inactivity-interval { type union { type string { pattern "<.*>|$.*"; } type uint32; } default "256"; description "Minimum inactivity interval in micro-seconds for flowlet detection"; } } // container flowlet leaf per-packet { type empty; description "Per-packet optimal spraying"; } } // choice mode container ether-type { presence "enable ether-type"; description "Ether type"; uses apply-advanced; leaf ipv4 { type empty; description "Set DLB for ipv4"; } leaf ipv6 { type empty; description "Set DLB for ipv6"; } leaf mpls { type empty; description "Set DLB for mpls"; } } // container ether-type } // container ecmp-dlb container hash-mode { description "Hashing mode"; uses apply-advanced; choice instance { leaf layer2-header { type empty; description "Only layer2 header fields are considered for hashing"; } leaf layer2-payload { type empty; description "Only layer2 payload fields are considered for hashing"; } leaf gtp-header-offset { type union { type uint8; type string { pattern "<.*>|$.*"; } } description "Gtp header first byte offset"; } } // choice instance } // container hash-mode container hash-parameters { description "Set traffic hashing parameters"; uses apply-advanced; container ecmp { description "Configure hashing parameters for ECMP Traffic"; uses apply-advanced; leaf offset { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 199"; } } description "Set hashing offset for ECMP Traffic"; } container preprocess { description "Enable/Disable the preprocess parameter for ECMP traffic"; uses apply-advanced; choice instance { leaf enable { type empty; description "Enable preprocess for ECMP"; } leaf disable { type empty; description "Disable preprocess for ECMP"; } } // choice instance } // container preprocess container function { description "Configure hash functions for ECMP traffic"; uses apply-advanced; choice instance { leaf crc16-bisync { type empty; description "Use CRC16-BISYNC function for ECMP traffic rcvd on xe"; } leaf crc16-ccitt { type empty; description "Use CRC16-CCITT function for ECMP traffic rcvd on xe"; } leaf crc32-hi { type empty; description "Use CRC32-HI function for ECMP traffic rcvd on xe"; } leaf crc32-lo { type empty; description "Use CRC32-LO function for ECMP traffic rcvd on xe"; } } // choice instance } // container function } // container ecmp container lag { description "Configure hashing parameters for LAG Traffic"; uses apply-advanced; leaf offset { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 199"; } } description "Set hashing offset for LAG Traffic"; } container preprocess { description "Enable/Disable the preprocess parameter for LAG traffic"; uses apply-advanced; choice instance { leaf enable { type empty; description "Enable preprocess for LAG"; } leaf disable { type empty; description "Disable preprocess for LAG"; } } // choice instance } // container preprocess container function { description "Configure hash functions for LAG traffic"; uses apply-advanced; choice instance { leaf crc16-bisync { type empty; description "Use CRC16-BISYNC function for LAG traffic rcvd on xe"; } leaf crc16-ccitt { type empty; description "Use CRC16-CCITT function for LAG traffic rcvd on xe"; } leaf crc32-hi { type empty; description "Use CRC32-HI function for LAG traffic rcvd on xe"; } leaf crc32-lo { type empty; description "Use CRC32-LO function for LAG traffic rcvd on xe"; } } // choice instance } // container function } // container lag } // container hash-parameters container hash-seed { presence "enable hash-seed"; description "Hash seed"; uses apply-advanced; leaf seed-value { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 4294967295"; } } description "Hash seed value"; } } // container hash-seed container resilient-hash-seed { presence "enable resilient-hash-seed"; description "Resilient hash seed"; uses apply-advanced; leaf resilient-seed-value { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 4294967295"; } } description "Hash seed value for resilient ECMP and LAG"; } } // container resilient-hash-seed container mpls { description "Configure mpls fields"; uses apply-advanced; leaf no-incoming-port { type empty; description "Exclude incoming port from the hash key"; } leaf no-incoming-device { type empty; description "Exclude incoming device from the hash key"; } } // container mpls container layer2 { description "Configure layer2 fields"; uses apply-advanced; leaf no-incoming-port { type empty; description "Exclude incoming port from the hash key"; } leaf no-incoming-device { type empty; description "Exclude incoming device from the hash key"; } leaf no-source-mac-address { type empty; description "Exclude source MAC address from the hash key"; } leaf source-mac-address { type empty; description "Include source MAC address from the hash key"; } leaf no-destination-mac-address { type empty; description "Exclude destination MAC address from the hash key"; } leaf destination-mac-address { type empty; description "Include destination MAC address from the hash key"; } leaf no-ether-type { type empty; description "Exclude ether type from the hash key"; } leaf vlan-id { type empty; description "Include incoming vlan-id in hash key"; } leaf no-vlan-id { type empty; description "Not include vlan-id in hash key"; } leaf inner-vlan-id { type empty; description "Include incoming inner-vlan-id in hash key"; } } // container layer2 container inet { description "Configure inet4 fields"; uses apply-advanced; leaf no-incoming-port { type empty; description "Exclude incoming port from the hash key"; } leaf no-incoming-device { type empty; description "Exclude incoming device from the hash key"; } leaf no-l4-source-port { type empty; description "Exclude l4 source port from the hash key"; } leaf no-l4-destination-port { type empty; description "Exclude l4 dest port from the hash key"; } leaf no-protocol { type empty; description "Exclude protocol from the hash key"; } leaf no-ipv4-source-address { type empty; description "Exclude IPv4 source address"; } leaf no-ipv4-destination-address { type empty; description "Exclude IPv4 destination address"; } leaf vlan-id { type empty; description "Include incoming vlan-id in hash key"; } } // container inet container inet6 { description "Configure inet6 fields"; uses apply-advanced; leaf no-incoming-port { type empty; description "Exclude incoming port from the hash key"; } leaf no-incoming-device { type empty; description "Exclude incoming device from the hash key"; } leaf no-l4-source-port { type empty; description "Exclude l4 source port from the hash key"; } leaf no-l4-destination-port { type empty; description "Exclude l4 dest port from the hash key"; } leaf ipv6-flow-label { type empty; description "Include IPv6 flow label"; } leaf no-next-header { type empty; description "Exclude next header from the hash key"; } leaf no-ipv6-source-address { type empty; description "Exclude IPv6 source address"; } leaf no-ipv6-destination-address { type empty; description "Exclude IPv6 destination address"; } leaf vlan-id { type empty; description "Include vlan-id in hash key"; } } // container inet6 leaf no-mpls { type empty; description "Disable mpls in hash key"; } container gre { description "Configure for GRE "; uses apply-advanced; leaf key { type empty; description "Include key in hash key"; } leaf protocol { type empty; description "Include protocol in hash key"; } } // container gre leaf vxlan-vnid { type empty; description "Enable vxlan-vnid"; } container symmetric-hash { description "Enable symmetric hash for load-balancing"; uses apply-advanced; leaf inet { type empty; description "Enable symmetric hash on ipv4 flows"; } leaf inet6 { type empty; description "Enable symmetric hash on ipv6 flows"; } } // container symmetric-hash container services-loadbalancing { description "Select key to load balance across service PICs"; uses apply-advanced; container family { description "Protocol family"; container inet { description "IPv4 protocol family"; uses apply-advanced; container layer-3-services { description "Include Layer 3 (IP) data in the hash key"; uses apply-advanced; leaf source-address { type empty; description "Include IP source address in the hash key"; } leaf destination-address { type empty; description "Include IP destination address in the hash key"; } leaf incoming-interface-index { type empty; description "Include incoming interface index in the hash key"; } } // container layer-3-services } // container inet container inet6 { description "IPv6 protocol family"; uses apply-advanced; container layer-3-services { description "Include Layer 3 (IP) data in the hash key"; uses apply-advanced; leaf source-address { type empty; description "Include IP source address in the hash key"; } leaf destination-address { type empty; description "Include IP destination address in the hash key"; } leaf incoming-interface-index { type empty; description "Include incoming interface index in the hash key"; } leaf src-prefix-len { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "56 .. 127"; } } units "bits"; default "127"; description "Enhanced hash key inet6 source prefix length"; } } // container layer-3-services } // container inet6 } // container family } // container services-loadbalancing container source-destination-only-loadbalancing { description "Configure key for source/destination-ip-only load balancing"; uses apply-advanced; container family { description "Protocol family"; container inet { description "IPv4 protocol family"; uses apply-advanced; leaf prefix-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 32"; } } units "bits"; default "32"; description "Source/Destination Only Load-Balancing inet prefix length"; } } // container inet container inet6 { description "IPv6 protocol family"; uses apply-advanced; leaf prefix-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 128"; } } units "bits"; default "128"; description "Source/Destination Only Load-Balancing inet6 prefix length"; } } // container inet6 } // container family } // container source-destination-only-loadbalancing container family { description "Protocol family"; container any { description "Applicable to all protocol families"; uses apply-advanced; leaf incoming-interface-index { type empty; description "Include incoming interface index in the hash key"; } leaf no-tunnel-payload { type empty; description "Omit tunnel payload in the hash key"; } } // container any container inet { description "IPv4 protocol family"; uses apply-advanced; leaf incoming-interface-index { type empty; description "Include incoming interface index in the hash key"; } leaf no-destination-port { type empty; description "Omit IP destination port in the hash key"; } leaf no-source-port { type empty; description "Omit IP source port in the hash key"; } leaf type-of-service { type empty; description "Include TOS byte in the hash key"; } leaf gtp-tunnel-endpoint-identifier { type empty; description "Include TEID in the hash key for GTP-U packets"; } leaf l2tp-tunnel-session-identifier { type empty; description "Include TID SID in the hash key for L2TP packets"; } leaf session-id { type empty; description "Include session ID in the enhanced hash key"; } } // container inet container inet6 { description "IPv6 protocol family"; uses apply-advanced; leaf incoming-interface-index { type empty; description "Include incoming interface index in the hash key"; } leaf traffic-class { type empty; description "Include Traffic Class byte in the hash key"; } leaf no-destination-port { type empty; description "Omit IP destination port in the hash key"; } leaf no-source-port { type empty; description "Omit IP source port in the hash key"; } leaf gtp-tunnel-endpoint-identifier { type empty; description "Include TEID in the hash key for GTP-U packets"; } leaf session-id { type empty; description "Include session ID in the enhanced hash key"; } leaf no-flow-label { type empty; description "Omit Flow label in the hash key"; } leaf type-of-service { type empty; description "Include TOS byte in the hash key"; } } // container inet6 container mpls { description "MPLS protocol family"; uses apply-advanced; leaf label-1-exp { type empty; description "Include EXP of first MPLS label from the hash key"; } leaf incoming-interface-index { type empty; description "Include incoming interface index in the hash key"; } choice pseudowire_option { leaf no-ether-pseudowire { type empty; description "Omit IP payload over ethernet PW from the hash-key"; } container ether-pseudowire { description "Load-balance IP over ethernet PW"; leaf zero-control-word { type empty; description "Parse zero control word in packet header"; } } // container ether-pseudowire } // choice pseudowire_option leaf no-labels { type empty; description "Exclude all MPLS labels from hash key"; } leaf no-payload { type empty; description "Omit MPLS payload data from the hash key"; } } // container mpls container multiservice { description "Multiservice protocol (bridged/CCC/VPLS) family"; uses apply-advanced; leaf incoming-interface-index { type empty; description "Include incoming interface index in hash key"; } leaf outer-priority { type empty; description "Include Outer 802.1 Priority bits in the hash key"; } leaf no-payload { type empty; description "Omit payload data from the hash key"; } leaf no-mac-addresses { type empty; description "Omit source and destination MAC addresses from the hash key"; } } // container multiservice } // container family container hash-function { description "Configure hash functions"; uses apply-advanced; choice instance { leaf CRC16-CCITT { type empty; description "16-bit CRC16 using CCITT polynomial"; } leaf CRC16 { type empty; description "16-bit CRC16 calculated using the BISYNC polynomial"; } leaf CRC16XOR1 { type empty; description "Upper 8 bits BISYNC CRC16 and 8 bit XOR1"; } leaf CRC16XOR2 { type empty; description "Upper 8 bit BISYNC CRC16 and 8 bit XOR2"; } leaf CRC16XOR4 { type empty; description "Upper 8 bit BISYNC CRC16 and 8 bit XOR4"; } leaf CRC16XOR8 { type empty; description "Upper 8 bit BISYNC CRC16 and 8 bit XOR8"; } leaf CRC32HI { type empty; description "16 LSBs of computed CRC32"; } leaf CRC32LO { type empty; description "16 MSBs of computed CRC32"; } container xor { presence "enable xor"; description "XOR based hashing"; uses apply-advanced; leaf no-L3-L4-headers { type empty; description "Exclude source IP, dest IP, source L4 port, dest L4 port addresses from hashing"; } leaf no-L4-ports { type empty; description "Exclude source L4 port and dest L4 port addresses from hashing"; } leaf mac-addresses { type empty; description "Include source and destination MAC addresses in IPv4/IPv6 packet hashing"; } leaf no-mpls-hash { type empty; description "Exclude MPLS information from hashing"; } leaf no-ipv4-source-address { type empty; description "Exclude source IPv4 address from hashing"; } leaf no-ipv4-destination-address { type empty; description "Exclude dest IPv4 address from hashing"; } leaf no-ipv6-source-address { type empty; description "Exclude source IPv6 address from hashing"; } leaf no-ipv6-destination-address { type empty; description "Exclude dest IPv6 address from hashing"; } leaf no-ip6-flow-label { type empty; description "Exclude IPv6 flow label from hashing"; } leaf en-ip-over-mpls { type empty; description "Enable parsing of IP in MPLS packets"; } leaf no-mpls-label0 { type empty; description "Exclude MPLS Label 0 from hashing"; } leaf no-mpls-label1 { type empty; description "Exclude MPLS Label 1 from hashing"; } leaf no-source-mac-address { type empty; description "Exclude source MAC address from hashing"; } leaf no-destination-mac-address { type empty; description "Exclude dest MAC address from hashing"; } leaf no-l4-source-port { type empty; description "Exclude l4 source port from the hash key"; } leaf no-l4-destination-port { type empty; description "Exclude l4 dest port from the hash key"; } } // container xor leaf ingress-port { type empty; description "Ingress port based hashing"; } container crc6 { presence "enable crc6"; description "CRC6 based hashing"; uses apply-advanced; leaf crc6-seed { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 63"; } } description "CRC6 seed value"; } leaf en-ip-over-mpls { type empty; description "Enable parsing of IP in MPLS packets"; } leaf no-source-mac-address { type empty; description "Exclude source MAC address from hashing"; } leaf no-destination-mac-address { type empty; description "Exclude dest MAC address from hashing"; } leaf no-mpls-label0 { type empty; description "Exclude MPLS Label 0 from hashing"; } leaf no-mpls-label1 { type empty; description "Exclude MPLS Label 1 from hashing"; } leaf no-l4-source-port { type empty; description "Exclude l4 source port from the hash key"; } leaf no-l4-destination-port { type empty; description "Exclude l4 dest port from the hash key"; } leaf no-ip-source-address { type empty; description "Exclude source IPv4/IPv6 address from hashing"; } leaf no-ip-destination-address { type empty; description "Exclude dest IPv4/IPv6 address from hashing"; } leaf no-ip6-flow-label { type empty; description "Exclude IPv6 flow label from hashing"; } } // container crc6 container crc16 { presence "enable crc16"; description "CRC16 based hashing"; uses apply-advanced; leaf crc16-seed { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 65535"; } } description "CRC16 seed value"; } leaf en-ip-over-mpls { type empty; description "Enable parsing of IP in MPLS packets"; } leaf no-source-mac-address { type empty; description "Exclude source MAC address from hashing"; } leaf no-destination-mac-address { type empty; description "Exclude dest MAC address from hashing"; } leaf no-mpls-label0 { type empty; description "Exclude MPLS Label 0 from hashing"; } leaf no-mpls-label1 { type empty; description "Exclude MPLS Label 1 from hashing"; } leaf no-l4-source-port { type empty; description "Exclude l4 source port from the hash key"; } leaf no-l4-destination-port { type empty; description "Exclude l4 dest port from the hash key"; } leaf no-ip-source-address { type empty; description "Exclude source IPv4/IPv6 address from hashing"; } leaf no-ip-destination-address { type empty; description "Exclude dest IPv4/IPv6 address from hashing"; } leaf no-ip6-flow-label { type empty; description "Exclude IPv6 flow label from hashing"; } } // container crc16 } // choice instance } // container hash-function container vxlan { description "Vxlan traffic"; uses apply-advanced; leaf no-inner-payload { type empty; description "To enable load-balancing on Vxlan traffic based on outer IP/UDP header"; } } // container vxlan list conditional-match { key "name"; ordered-by user; description "Configures a conditional match"; leaf name { type string; description "Name identifier"; } uses apply-advanced; container offset1 { presence "enable offset1"; description "Configure offset 1"; uses apply-advanced; leaf base-offset1 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset1-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf matchdata1 { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Data to be matched"; } leaf matchdata1-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Matchdata mask"; } } // container offset1 container offset2 { presence "enable offset2"; description "Configure offset 2"; uses apply-advanced; leaf base-offset2 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset2-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf matchdata2 { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Data to be matched"; } leaf matchdata2-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Matchdata mask"; } } // container offset2 container offset3 { presence "enable offset3"; description "Configure offset 3"; uses apply-advanced; leaf base-offset3 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset3-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf matchdata3 { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Data to be matched"; } leaf matchdata3-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Matchdata mask"; } } // container offset3 container offset4 { presence "enable offset4"; description "Configure offset 4"; uses apply-advanced; leaf base-offset4 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset4-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf matchdata4 { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Data to be matched"; } leaf matchdata4-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Matchdata mask"; } } // container offset4 } // list conditional-match list flex-hashing { key "name"; ordered-by user; description "Set flex hashing"; leaf name { type string; description "Name identifier"; } uses apply-advanced; container ethtype { presence "enable ethtype"; description "Configure ether-type of packet"; uses apply-advanced; container inet { description "Enable flex-hashing on ipv4"; uses apply-advanced; leaf interface { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Incoming interface name. This is optional parameter"; } leaf conditional-match { type string; description "Conditional match to be matched in the packet"; } container hash-offset { description "Configure the offsets for hashing"; uses apply-advanced; container offset1 { presence "enable offset1"; description "Configure offset 1 value"; uses apply-advanced; leaf base-offset1 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset1-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf offset1-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Mask for the hash data extracted. 2 byte mask"; } container offset2 { presence "enable offset2"; description "Configure offset 2 value"; uses apply-advanced; leaf base-offset2 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset2-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf offset2-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Mask for the hash data extracted. 2 byte mask"; } } // container offset2 } // container offset1 } // container hash-offset } // container inet container inet6 { description "Enable flex-hashing on ipv6"; uses apply-advanced; leaf interface { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Incoming interface name. This is optional parameter"; } leaf conditional-match { type string; description "Conditional match to be matched in the packet"; } container hash-offset { description "Configure the offsets for hashing"; uses apply-advanced; container offset1 { presence "enable offset1"; description "Configure offset 1 value"; uses apply-advanced; leaf base-offset1 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset1-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf offset1-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Mask for the hash data extracted. 2 byte mask"; } container offset2 { presence "enable offset2"; description "Configure offset 2 value"; uses apply-advanced; leaf base-offset2 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset2-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf offset2-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Mask for the hash data extracted. 2 byte mask"; } } // container offset2 } // container offset1 } // container hash-offset } // container inet6 container mpls { description "Configure number of MPLS labels"; uses apply-advanced; leaf num-labels { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "1 .. 5"; } } description "Configure number of MPLS labels"; } leaf interface { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Incoming interface name. This is optional parameter"; } leaf conditional-match { type string; description "Conditional match to be matched in the packet"; } container hash-offset { description "Configure the offsets for hashing"; uses apply-advanced; container offset1 { presence "enable offset1"; description "Configure offset 1 value"; uses apply-advanced; leaf base-offset1 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset1-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf offset1-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Mask for the hash data extracted. 2 byte mask"; } container offset2 { presence "enable offset2"; description "Configure offset 2 value"; uses apply-advanced; leaf base-offset2 { type enumeration { enum "start-of-L2Header" { value 0; description "Offset will be extracted from start of L2 header"; } enum "start-of-L3-OuterHeader" { value 1; description "Offset will be extracted from start of outer L3 header"; } enum "start-of-L3-InnerHeader" { value 2; description "Offset will be extracted from start of inner L3 header"; } enum "start-of-L4-Header" { value 3; description "Offset will be extracted from start of L4 header"; } } description "Configure base-offset"; } leaf offset2-value { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 126"; } } description "Offset of the data to be extracted from the base offset. Only even number"; } leaf offset2-mask { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "4"; } description "Mask for the hash data extracted. 2 byte mask"; } } // container offset2 } // container offset1 } // container hash-offset } // container mpls } // container ethtype } // list flex-hashing leaf symmetric { type empty; description "Enable symmetric load-balancing"; } } // container enhanced-hash-key container next-hop { description "Next hop throttle"; uses apply-advanced; leaf arp-throttle { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "10 .. 100"; } } description "Change the arp throttling time(seconds)"; } leaf arp-detect { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100000"; } } description "Change the arp throttling detect time(milliseconds)"; } } // container next-hop container sflow { description "Sflow related"; uses apply-advanced; container egress-multicast { description "Sflow for egress multicast"; uses apply-advanced; leaf enable { type empty; description "To enable sflow for egress multicast"; } leaf max-replication-rate { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 2000"; } } description "To configure max replication rate (0 to 2K pps)"; } } // container egress-multicast } // container sflow container multicast { description "Multicast resolve and mismatch rate"; uses apply-advanced; leaf resolve-rate { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "100 .. 1000"; } } units "per second"; description "Multicast resolve rate"; } leaf mismatch-rate { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "50 .. 1000"; } } units "per second"; description "Multicast interface mismatch rate"; } container policer { presence "enable policer"; uses apply-advanced; leaf bandwidth-limit { type string; units "bits per second"; description "Bandwidth limit"; } leaf burst-size-limit { type string; units "bytes"; description "Burst size limit"; } } // container policer } // container multicast container packet-capture-telemetry { description "Packet capture telemetry options"; uses apply-advanced; container egress { description "Egress options"; uses packet-capture-egress-intf-type; } // container egress } // container packet-capture-telemetry container rpf-loose-mode-discard { description "Configure rpf loose mode behavior"; uses apply-advanced; container family { description "Protocol family"; uses apply-advanced; leaf inet { type empty; description "Configure rpf loose mode behavior for IPv4"; } leaf inet6 { type empty; description "Configure rpf loose mode behavior for IPv6"; } } // container family } // container rpf-loose-mode-discard leaf l2circuit-control-passthrough { type empty; description "Configure passthrough for control protocol packets on L2 Circuit"; } container explicit-null-cos { presence "enable explicit-null-cos"; description "Configure to use MPLS explicit null exp for COS classification"; uses apply-advanced; leaf inet { type empty; description "Include family inet"; } leaf inet6 { type empty; description "Include family inet6"; } } // container explicit-null-cos container helpers { description "Port forwarding configuration"; uses apply-advanced; container traceoptions { description "Trace options for helper"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of UDP forwarding helper process on which to enable debugging output"; leaf name { type enumeration { enum "trace" { value 0; description "Trace tracing code"; } enum "address" { value 1; description "Trace address management code"; } enum "main" { value 2; description "Trace main loop code"; } enum "config" { value 3; description "Trace configuration code"; } enum "ifdb" { value 4; description "Trace interface database code"; } enum "io" { value 5; description "Trace I/O code"; } enum "rtsock" { value 6; description "Trace routing socket code"; } enum "ui" { value 7; description "Trace user interface code"; } enum "util" { value 8; description "Trace miscellaneous utility code"; } enum "gencfg" { value 9; description "Trace fud gencfg message"; } enum "domain" { value 10; description "Trace DNS service-specific code"; } enum "tftp" { value 11; description "Trace TFTP service-specific code"; } enum "bootp" { value 12; description "Trace BOOTP/DHCP service-specific code"; } enum "port" { value 13; description "Trace arbitrary protocol code"; } enum "if-rtsdb" { value 14; description "Trace interface hierarchy rtsdb"; } enum "all" { value 15; description "Trace all areas of code"; } } } } // list flag } // container traceoptions container rtsdb-client-traceoptions { presence "enable rtsdb-client-traceoptions"; status deprecated; description "SHM rtsock database client library trace options"; uses apply-advanced; container if-rtsdb { presence "enable if-rtsdb"; description "Trace interface hierarchy rtsdb"; uses apply-advanced; list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "init" { value 0; description "Trace initialization"; } enum "routing-socket" { value 1; description "Trace routing socket messages"; } enum "map" { value 2; description "Trace shared memory mapping"; } enum "all" { value 3; description "Trace all"; } } } leaf disable { type empty; description "Disable this trace flag"; } } // list flag } // container if-rtsdb } // container rtsdb-client-traceoptions container domain { description "Incoming DNS request forwarding configuration"; uses apply-advanced; leaf description { type string; description "Text description of server"; } container server { description "Server information"; leaf address { type jt:ipv4addr; description "Name or address of server to which to forward"; } choice instance { container logical-system { description "Logical system of server to which to forward"; leaf logical-system-name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system"; } leaf routing-instance { type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // container logical-system leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // choice instance } // container server list interface { key "name"; ordered-by user; description "Incoming DNS request forwarding interface configuration"; leaf name { type union { type jt:interface-wildcard; type string { pattern "<.*>|$.*"; } } description "Name of interface or group of interfaces"; } uses apply-advanced; leaf no-listen { type empty; description "Do not listen on this interface"; } leaf broadcast { type empty; description "If the layer 2 interface is unknown then broadcast"; } leaf description { type string; description "Text description of server"; } container server { description "Server information"; leaf address { type jt:ipv4addr; description "Name or address of server to which to forward"; } choice instance { container logical-system { description "Logical system of server to which to forward"; leaf logical-system-name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system"; } leaf routing-instance { type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // container logical-system leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // choice instance } // container server } // list interface } // container domain container tftp { description "Incoming TFTP request forwarding configuration"; uses apply-advanced; leaf description { type string; description "Text description of server"; } container server { description "Server information"; leaf address { type jt:ipv4addr; description "Name or address of server to which to forward"; } choice instance { container logical-system { description "Logical system of server to which to forward"; leaf logical-system-name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system"; } leaf routing-instance { type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // container logical-system leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // choice instance } // container server list interface { key "name"; ordered-by user; description "Incoming TFTP request forwarding interface configuration"; leaf name { type union { type jt:interface-wildcard; type string { pattern "<.*>|$.*"; } } description "Name of interface or group of interfaces"; } uses apply-advanced; leaf no-listen { type empty; description "Do not listen on this interface"; } leaf broadcast { type empty; description "If the layer 2 interface is unknown then broadcast"; } leaf description { type string; description "Text description of server"; } container server { description "Server information"; leaf address { type jt:ipv4addr; description "Name or address of server to which to forward"; } choice instance { container logical-system { description "Logical system of server to which to forward"; leaf logical-system-name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system"; } leaf routing-instance { type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // container logical-system leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // choice instance } // container server } // list interface } // container tftp container bootp { junos:must "(!("system autoinstallation"))"; junos:must-message "incompatible with 'system autoinstallation'"; description "Incoming BOOTP/DHCP request forwarding configuration"; uses apply-advanced; leaf relay-agent-option { type empty; description "Use DHCP Relay Agent option in relayed BOOTP/DHCP messages"; } container dhcp-option82 { junos:must "(!("forwarding-options helpers bootp relay-agent-option"))"; junos:must-message "incompatible with relay-agent-option"; presence "enable dhcp-option82"; description "Configure DHCP option 82"; uses dhcp-option82-type; } // container dhcp-option82 leaf description { type string; description "Text description of servers"; } list server { key "name"; ordered-by user; description "Server information"; leaf name { type jt:ipv4addr; description "Name or address of servers to which to forward"; } uses apply-advanced; list logical-system { key "name"; ordered-by user; description "Logical system of server to which to forward"; leaf name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system"; } leaf-list routing-instance { type string; ordered-by user; description "Routing instance of server to which to forward"; } } // list logical-system leaf-list routing-instance { type string; ordered-by user; description "Routing instance of server to which to forward"; } } // list server leaf maximum-hop-count { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16"; } } default "4"; description "Maximum number of hops per packet"; } leaf minimum-wait-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 30000"; } } default "0"; description "Minimum number of seconds before requests are forwarded"; } leaf client-response-ttl { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "IP time-to-live value to set in responses to client"; } leaf source-address-giaddr { type empty; description "Use GIADDR as the source IP address for relayed packets"; } leaf vpn { type empty; description "Enable vpn encryption "; } leaf apply-secondary-as-giaddr { type empty; description "Enable DHCP relay to use secondary gateway ip on all interfaces"; } list interface { key "name"; ordered-by user; description "Incoming BOOTP/DHCP request forwarding interface configuration"; leaf name { type union { type jt:interface-wildcard; type string { pattern "<.*>|$.*"; } } description "Name of interface or group of interfaces"; } uses apply-advanced; leaf no-listen { type empty; description "Do not listen on this interface"; } leaf broadcast { type empty; description "If the layer 2 interface is unknown then broadcast"; } leaf description { type string; description "Text description of servers"; } list server { key "name"; ordered-by user; description "Server information"; leaf name { type jt:ipv4addr; description "Name or address of servers to which to forward"; } uses apply-advanced; list logical-system { key "name"; ordered-by user; description "Logical system of server to which to forward"; leaf name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system"; } leaf-list routing-instance { type string; ordered-by user; description "Routing instance of server to which to forward"; } } // list logical-system leaf-list routing-instance { type string; ordered-by user; description "Routing instance of server to which to forward"; } } // list server leaf maximum-hop-count { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16"; } } default "4"; description "Maximum number of hops per packet"; } leaf minimum-wait-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 30000"; } } default "0"; description "Minimum number of seconds before requests are forwarded"; } leaf client-response-ttl { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "IP time-to-live value to set in responses to client"; } leaf source-address-giaddr { type empty; description "Use GIADDR as the source IP address for relayed packets"; } leaf vpn { type empty; description "Enable vpn encryption "; } container dhcp-option82 { presence "enable dhcp-option82"; description "Configure DHCP option 82"; uses dhcp-option82-type; } // container dhcp-option82 leaf apply-secondary-as-giaddr { type empty; description "Enable DHCP relay to use secondary gateway ip on this interface"; } } // list interface } // container bootp list port { key "name"; ordered-by user; description "Incoming arbitrary protocol request forwarding configuration"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } description "Port number of the protocol to listen"; } uses apply-advanced; leaf description { type string; description "Text description of server"; } list server { key "name"; ordered-by user; description "Server information"; leaf name { type jt:ipv4addr; description "Name or address of server to which to forward"; } uses apply-advanced; choice instance { container logical-system { description "Logical system of server to which to forward"; leaf logical-system-name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system"; } leaf routing-instance { type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // container logical-system leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // choice instance } // list server list interface { key "name"; ordered-by user; description "Incoming request forwarding interface configuration"; leaf name { type union { type jt:interface-wildcard; type string { pattern "<.*>|$.*"; } } description "Name of interface or group of interfaces"; } uses apply-advanced; leaf no-listen { type empty; description "Do not listen on this interface"; } leaf broadcast { type empty; description "If the layer 2 interface is unknown then broadcast"; } leaf description { type string; description "Text description of server"; } list server { key "name"; ordered-by user; description "Server information"; leaf name { type jt:ipv4addr; description "Name or address of server to which to forward"; } uses apply-advanced; choice instance { container logical-system { description "Logical system of server to which to forward"; leaf logical-system-name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system"; } leaf routing-instance { type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // container logical-system leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance of server to which to forward"; } } // choice instance } // list server } // list interface } // list port } // container helpers container family { description "Protocol family"; container inet { description "IPv4 parameters"; uses apply-advanced; container filter { description "Filtering for forwarding table"; uses apply-advanced; leaf input { type string; description "Name of input filter to apply for forwarded packets"; } leaf output { type string; description "Name of output filter to apply for forwarded packets"; } } // container filter leaf route-accounting { type empty; description "Enable IPv4 route accounting"; } } // container inet container inet6 { description "IPv6 parameters"; uses apply-advanced; container filter { description "Filtering for forwarding table"; uses apply-advanced; leaf input { type string; description "Name of input filter to apply for forwarded packets"; } leaf output { type string; description "Name of output filter to apply for forwarded packets"; } } // container filter leaf route-accounting { type empty; description "Enable IPv6 route accounting"; } leaf source-checking { type empty; description "Discard IPv6 packet when source address type is unspecified, loopback, multicast or link-local "; } } // container inet6 container mpls { description "MPLS parameters"; uses apply-advanced; container filter { description "Filtering for forwarding table"; uses apply-advanced; leaf input { type string; description "Name of input filter to apply for forwarded packets"; } leaf output { type string; description "Name of output filter to apply for forwarded packets"; } } // container filter } // container mpls container vpls { description "VPLS parameters"; uses apply-advanced; container filter { description "Filtering for VPLS DMAC forwarding table"; uses apply-advanced; leaf input { type string; description "Name of input filter to apply for forwarded packets"; } } // container filter container flood { description "Filtering for VPLS flood table"; uses apply-advanced; leaf input { type string; description "Name of input filter to apply for VPLS flood packets"; } } // container flood } // container vpls container evpn { description "EVPN parameters"; uses apply-advanced; container filter { description "Filtering for EVPN DMAC forwarding table"; uses apply-advanced; leaf input { type string; description "Name of input filter to apply for forwarded packets"; } } // container filter container flood { description "Filtering for EVPN flood table"; uses apply-advanced; leaf input { type string; description "Name of input filter to apply for EVPN flood packets"; } } // container flood } // container evpn } // container family list next-hop-group { key "name"; description "Next hop group forwarding option"; uses juniper-next-hop-group-options; } // list next-hop-group container dhcp-relay { junos:must "(!("system services dhcp"))"; junos:must-message "Incompatible with 'set system services dhcp'"; junos:must "(!(".. .. instance-type virtual-switch"))"; junos:must-message "forwarding-options dhcp-relay incompatible with routing-instances instance-type virtual-switch'"; description "Dynamic Host Configuration Protocol relay configuration"; uses jdhcp-relay-type; } // container dhcp-relay choice load-balance-label-capability-choice { leaf load-balance-label-capability { type empty; description "Load balance label capability"; } leaf no-load-balance-label-capability { type empty; description "Don't load balance label capability"; } } // choice load-balance-label-capability-choice leaf fast-reroute-priority { junos:must "(".. .. instance-type vpls")"; junos:must-message "'fast-reroute-priority' configuration can only be used for 'instance-type vpls'"; type enumeration { enum "low" { value 0; description "Set priority to low"; } enum "medium" { value 1; description "Set priority to medium"; } enum "high" { value 2; description "Set priority to high"; } } description "Fast-reroute repair priority"; } list ip-options-protocol-queue { key "name"; ordered-by user; description "IP Options protocol logical queue parameters"; leaf name { type string; description "Protocol name"; } uses apply-advanced; leaf protocol-id { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "1 .. 254"; } } description "Protocol Identifier"; } leaf queue-depth { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 807"; } } description "Size of the protocol logical options queue"; } } // list ip-options-protocol-queue leaf link-layer-broadcast-inet-check { type empty; description "Enable destination mac and destination ip address check"; } leaf cut-through { type empty; description "Enable cut-through forwarding"; } container storm-control { presence "enable storm-control"; description "Storm control config"; uses apply-advanced; leaf enhanced { type empty; description "Enable enhanced storm control feature"; } } // container storm-control leaf vrf-fallback { type empty; description "Enable vrf-fallback forwarding. This will restart PFE"; } leaf mpls-tunnel-extend { type empty; description "Extend MPLS Tunnel table usage. This config will restart PFE"; } leaf vxlan-disable-copy-tos-encap { type empty; description "Disable copy of TOS bits from Outer IP to Inner IP at VxLAN Tunnel Encap"; } leaf vxlan-disable-copy-tos-decap { type empty; description "Disable copy of TOS bits from Outer IP to Inner IP at VxLAN Tunnel Decap"; } leaf no-hierarchical-ecmp { type empty; description "Disable hierarchical ecmp. This will restart PFE"; } leaf ipmc-miss-do-l2mc { type empty; description "Do L2MC forwarding when IPMC miss"; } choice hyper-mode-choice { leaf hyper-mode { type empty; description "Enable hyper mode"; } leaf no-hyper-mode { type empty; description "Don't enable hyper mode"; } } // choice hyper-mode-choice leaf ecmp-do-local-lookup { type empty; description "Do ECMP local lookup only"; } container access-security { description "Access security configuration"; uses jdhcp-access-security-type; } // container access-security list forwarding-sandbox { key "name"; max-elements 8; description "Create forwarding sandbox"; uses juniper-forwarding-sandbox-options; } // list forwarding-sandbox container vxlan-routing { description "VXLAN Routing forwarding options"; uses apply-advanced; leaf next-hop { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Next-hop. Must be multiple of 4096. This will restart PFE"; } leaf interface-num { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Interface. Must be multiple of 2048. This will restart PFE"; } leaf overlay-ecmp { type empty; description "Enable overlay ecmp for vxlan L3. This will restart PFE"; } leaf loopback-port { junos:must "(all "interfaces $$ unit <*> family ethernet-switching interface-mode trunk")"; junos:must-message "Interface-mode trunk needs to be enabled for loopback AE"; junos:must "("chassis aggregated-devices ethernet device-count")"; junos:must-message "Ethernet device-count needs to be configured for loopback AE"; junos:must "("interfaces $$ aggregated-ether-options loopback")"; junos:must-message "Loopback needs to be enabled on the AE interface"; type string; description "AE loopback interface used for VXLAN routing. This will restart PFE"; } } // container vxlan-routing container satellite { description "Satellite forwarding options"; uses apply-advanced; container traceoptions { description "Global tracing options for satellite control plane"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "all" { value 0; description "Trace everything"; } enum "bd" { value 1; description "Trace BD events"; } enum "config-internal" { value 2; description "Trace configuration internals"; } enum "interface" { value 3; description "Trace interface events"; } enum "interface-vlan" { value 4; description "Trace IFBD events"; } enum "ipc" { value 5; description "Trace internal IPC messages"; } enum "kernel" { value 6; description "Trace Kernel messages"; } enum "krt" { value 7; description "Trace communication over routing socket"; } enum "mac" { value 8; description "Trace MAC events "; } enum "nh" { value 9; description "Trace NH events"; } enum "normal" { value 10; description "Trace normal events"; } enum "parse" { value 11; description "Trace configuration parsing"; } enum "stp" { value 12; description "Trace STP events"; } enum "task" { value 13; description "Trace task processing"; } enum "timer" { value 14; description "Trace task timer processing"; } enum "firewall" { value 15; description "Trace firewall processing"; } enum "l3" { value 16; description "Trace Layer-3 processing"; } enum "fip-snooping" { value 17; description "Trace FIP-Snooping processing"; } } } } // list flag } // container traceoptions leaf local-replication { type empty; description "Enable satellite multicast replication"; } list fpc { key "name"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "65 .. 254"; } } description "Satellite slot identifier"; } uses apply-advanced; choice local-switching-mode-choice { container local-switching { presence "enable local-switching"; description "Enable local-switching on Satellite device"; uses apply-advanced; leaf l3 { type empty; description "Enable L3 local switching on the Satellite device"; } } // container local-switching container selective-vlan-switching { description "Enable selective-vlan-switching on Satellite device"; uses apply-advanced; leaf routing-instance { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Associated Routing instance name"; } } // container selective-vlan-switching } // choice local-switching-mode-choice } // list fpc container vlan-auto-sense { description "Vlan-auto-sense attributes provisioning"; uses apply-advanced; leaf expiry-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30 .. 3600"; } } units "seconds"; default "600"; description "Expiry time (in seconds) after last MAC aged out"; } } // container vlan-auto-sense container analyzer-vlan { description "Output VLAN for Analyzer"; uses apply-advanced; leaf vlan-name { type string; description "Name of the analyzer VLAN"; } } // container analyzer-vlan choice disable-heartbeat-choice { leaf disable-heartbeat { type empty; description "Disable heartbeat between Aggregation and Satellite"; } leaf no-disable-heartbeat { type empty; description "Don't disable heartbeat between Aggregation and Satellite"; } } // choice disable-heartbeat-choice } // container satellite } // grouping juniper-forwarding-options grouping apply-advanced { description "Apply advanced configuration logic"; leaf-list apply-groups { type string; ordered-by user; description "Groups from which to inherit configuration data"; } leaf-list apply-groups-except { type string; ordered-by user; description "Don't inherit configuration data from these groups"; } list apply-macro { key "name"; ordered-by user; description "Macro and parameters for commit script expansion"; uses apply-macro-type; } // list apply-macro } // grouping apply-advanced grouping apply-macro-type { description "Macro data for commit-script expansion"; leaf name { type string; description "Name of the macro to be expanded"; } list data { key "name"; uses macro-data-type; } // list data } // grouping apply-macro-type grouping dhcp-option82-type { uses apply-advanced; leaf disable { type empty; description "Disable DHCP option 82 on this VLAN"; } container circuit-id { presence "enable circuit-id"; description "Configure DHCP option 82 circuit id"; uses apply-advanced; leaf prefix { type enumeration { enum "hostname" { value 0; description "Set hostname as the prefix"; } } description "Configure DHCP option 82 circuit id prefix"; } leaf use-interface-description { type empty; description "Use interface description instead of name"; } leaf use-vlan-id { type empty; description "Use VLAN id instead of name"; } } // container circuit-id container remote-id { presence "enable remote-id"; description "Configure DHCP option 82 remote id"; uses apply-advanced; leaf prefix { type enumeration { enum "none" { value 0; description "Set no prefix"; } enum "hostname" { value 1; description "Set hostname as the prefix"; } enum "mac" { value 2; description "Set chassis MAC as the prefix"; } } description "Configure DHCP option 82 remote id prefix"; } leaf use-interface-description { type empty; description "Use interface description instead of name"; } leaf use-string { junos:must "(!(".. use-interface-description"))"; junos:must-message "use-string and use-interface-description cannot be configured together"; type string; description "Use raw string instead of the default remote id"; } } // container remote-id container vendor-id { presence "enable vendor-id"; description "Configure DHCP option 82 vendor id"; uses apply-advanced; leaf use-string { type string; description "Use raw string instead of the default vendor id"; } } // container vendor-id } // grouping dhcp-option82-type grouping jdhcp-access-security-type { description "Access security configuration"; uses apply-advanced; container slaac-snooping { description "Stateless address auto configuration options"; uses slaacd-config-type; } // container slaac-snooping container router-advertisement-guard { presence "enable router-advertisement-guard"; description "Router Advertisement Guard Configuration"; uses apply-advanced; list policy { key "name"; ordered-by user; description "Router Advertisement Guard policy"; leaf name { type string { length "1 .. 64"; } description "Router Advertisement Guard policy name"; } uses apply-advanced; container discard { description "Discard parameters"; uses apply-advanced; leaf source-ip-address-list { type string; description "IPv6 Source address list name"; } leaf source-mac-address-list { type string; description "Source mac address list name"; } leaf prefix-list-name { type string; description "Prefix-list Name"; } } // container discard container accept { description "Accept parameters"; uses apply-advanced; container match-list { description "List of parameters to check"; uses apply-advanced; leaf source-ip-address-list { type string; description "IPv6 Source address list name"; } leaf source-mac-address-list { type string; description "Source mac address list name"; } leaf prefix-list-name { type string; description "Prefix-list Name"; } leaf match-criteria { type enumeration { enum "match-all" { value 0; description "A match from every list"; } enum "match-any" { value 1; description "A match from any list"; } } description "Match Criteria"; } } // container match-list container match-options { presence "enable match-options"; description "List of Options to check"; uses apply-advanced; container hop-limit { description "Hop limit"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "Maximum hop limit"; } leaf minimum { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "Minimum hop limit"; } } // container hop-limit container route-preference { description "Accept route preference"; uses apply-advanced; leaf maximum { type enumeration { enum "low" { value 0; description "Route preference low"; } enum "medium" { value 1; description "Route preference medium"; } enum "high" { value 2; description "Route preference high"; } } description "Maximum route preference"; } } // container route-preference leaf managed-config-flag { type empty; description "Check Managed config flag"; } leaf other-config-flag { type empty; description "Check Other config flag"; } } // container match-options } // container accept } // list policy container interface { description "RA Guard config on Interface"; uses apply-advanced; list intf-config { key "name"; description "Interface Configuration"; uses interface-policy; } // list intf-config } // container interface container vlans { description "RA Guard config on Vlan"; uses apply-advanced; list vlan-config { key "name"; description "Virtual LAN Configuration"; uses vlan-policy; } // list vlan-config } // container vlans } // container router-advertisement-guard } // grouping jdhcp-access-security-type grouping interface-policy { description "Interface Name"; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface Name"; } uses apply-advanced; container policy { description "Attach policy"; uses apply-advanced; leaf policy-name { type string; description "Router Advertisement Guard policy name"; } choice policy-type { leaf stateful { type empty; description "Stateful router advertisement guard"; } leaf stateless { type empty; description "Stateless router advertisement guard"; } } // choice policy-type } // container policy container mark-interface { description "Mark interface"; uses apply-advanced; choice mark-intf-type { leaf trusted { junos:must "(!(".. .. policy"))"; junos:must-message "Trusted interfaces cannot have policy attached"; type empty; description "Mark interface trusted"; } leaf block { junos:must "(!(".. .. policy"))"; junos:must-message "Blocked interfaces cannot have policy attached"; type empty; description "Block router-advertisement"; } } // choice mark-intf-type } // container mark-interface } // grouping interface-policy grouping jdhcp-relay-type { description "Dynamic Host Configuration Protocol relay configuration"; uses apply-advanced; container traceoptions { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "Incompatible with 'forwarding-options helpers bootp'"; junos:must "(!("system services dhcp"))"; junos:must-message "Incompatible with 'set system services dhcp'"; status deprecated; description "DHCP relay trace options"; uses jdhcp-traceoptions-type; } // container traceoptions container persistent-storage { description "Trigger to enable flat file storage"; leaf automatic { type empty; description "Trigger automatically"; } } // container persistent-storage leaf duplicate-clients-on-interface { type empty; status deprecated; description "Allow duplicate clients on different interfaces in a subnet"; } container duplicate-clients-in-subnet { junos:must "(!(".. duplicate-clients-on-interface"))"; junos:must-message "Cannot specify duplicate-clients-in-subnet with duplicate-clients-on-interface"; description "Allow duplicate clients in a subnet"; uses jdhcp-duplicate-clients-in-subnet-type; } // container duplicate-clients-in-subnet container interface-traceoptions { status deprecated; description "DHCP relay interface trace options"; uses jdhcp-interface-traceoptions-type; } // container interface-traceoptions container dhcpv6 { description "DHCPv6 configuration"; uses dhcpv6-relay-type; } // container dhcpv6 leaf arp-inspection { type empty; description "Enable Dynamic ARP Inspection"; } container forward-snooped-clients { junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))"; junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured"; description "Forward snooped (unicast) packets"; choice interface-type { leaf configured-interfaces { type empty; description "Forward snooped (unicast) packets on configured interfaces"; } leaf non-configured-interfaces { type empty; description "Forward snooped (unicast) packets on non-configured interfaces"; } leaf all-interfaces { type empty; description "Forward snooped (unicast) packets on configured and non-configured interfaces"; } } // choice interface-type } // container forward-snooped-clients container authentication { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'authentication' statement cannot be included along with 'forwarding-options helpers bootp' statement"; description "DHCP authentication"; uses authentication-type; } // container authentication container liveness-detection { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'liveness-detection' statement cannot be included along with 'forwarding-options helpers bootp' statement"; description "DHCP client liveness detection processing"; uses dhcp-liveness-detection-type; } // container liveness-detection container dynamic-profile { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'dynamic-profile' statement cannot be included along with 'forwarding-options helpers bootp' statement"; description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'access-profile' statement cannot be included along with 'forwarding-options helpers bootp' statement"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container overrides { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'overrides' statement cannot be included along with 'forwarding-options helpers bootp' statement"; presence "enable overrides"; description "DHCP override processing"; uses override-type; } // container overrides container relay-option { junos:must "((!(".. relay-option-60") && !(any ".. group <*> relay-option-60")))"; junos:must-message "Cannot specify relay-option-60 with relay-option"; presence "enable relay-option"; description "DHCP option processing"; uses dhcp-generic-v4-option; } // container relay-option container server-match { description "Server match processing"; uses apply-advanced; container default-action { presence "enable default-action"; description "Server match default action"; uses server-match-action-choice; } // container default-action list address { key "name"; ordered-by user; description "Server address"; leaf name { type jt:ipv4prefix; description "Server address for matching"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list address } // container server-match container relay-option-60 { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'relay-option-60' statement cannot be included along with 'forwarding-options helpers bootp' statement"; junos:must "((!(".. relay-option") && !(any ".. group <*> relay-option")))"; junos:must-message "Cannot specify relay-option with relay-option-60 "; presence "enable relay-option-60"; status deprecated; description "DHCP option-60 processing"; uses relay-option-60-type-top; } // container relay-option-60 container relay-option-82 { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'relay-option-82' statement cannot be included along with 'forwarding-options helpers bootp' statement"; presence "enable relay-option-82"; description "DHCP option-82 processing"; uses relay-option-82-type; } // container relay-option-82 container forward-only { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'forward-only' statement cannot be included along with 'forwarding-options helpers bootp' statement"; presence "enable forward-only"; description "Forward DHCP packets without creating binding"; uses forward-only-to-rc-type; } // container forward-only leaf description { type string; description "Text description of servers"; } leaf maximum-hop-count { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16"; } } description "Maximum number of hops per packet"; } leaf minimum-wait-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 30000"; } } description "Minimum number of seconds before requests are forwarded"; } leaf client-response-ttl { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "IP time-to-live value to set in responses to client"; } leaf source-ip-change { type empty; description "Use address of egress interface as source ip"; } leaf forward-only-replies { type empty; description "Forward-only replies from server to appropriate logical-system:routing-instance based on options"; } container server-group { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'server-group' statement cannot be included along with 'forwarding-options helpers bootp' statement"; description "Define a DHCP server group"; uses server-group-type; } // container server-group container active-server-group { description "Name of DHCP server group"; uses dhcpv4-gbl-active-sg-type; } // container active-server-group container route-suppression { junos:must "(!(".. liveness-detection method layer2-liveness-detection"))"; junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection"; junos:must "(!(".. overrides no-arp"))"; junos:must-message "Cannot specify route-suppression with overrides no-arp"; description "Suppress access-internal and/or destination route addition"; uses dhcp-route-suppression-type; } // container route-suppression list group { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'group' statement cannot be included along with 'forwarding-options helpers bootp' statement"; key "name"; ordered-by user; description "Define a DHCP group"; uses dhcp-group; } // list group list dual-stack-group { key "name"; description "Define a DHCP dual stack group"; uses dhcp-dual-stack-group; } // list dual-stack-group leaf no-snoop { junos:must "(!("legacy-snooping"))"; junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement"; type empty; description "Do not snoop DHCP packets"; } leaf server-response-time { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Number of seconds in a period of activity between the last server response and an unaswered request"; } container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation in seconds"; } container violation-action { description "Lease time validation violation action"; leaf drop { type empty; description "Drop dhcpv4 offer and ack packets"; } } // container violation-action } // container lease-time-validation container leasequery { junos:must "(".. overrides always-write-option-82")"; junos:must-message "Must configure [overrides always-write-option-82] to overwrite circuit-id"; junos:must "((".. relay-option-82 circuit-id" && (!(".. relay-option-82 circuit-id use-interface-description") && !(".. relay-option-82 circuit-id require-interface-description"))))"; junos:must-message "Must configure [relay-option-82 circuit-id] without description to insert circuit-id"; presence "enable leasequery"; description "DHCP leasequery configuration"; uses relay-leasequery-type; } // container leasequery container bulk-leasequery { presence "enable bulk-leasequery"; description "DHCP bulk leasequery configuration"; uses relay-bulk-leasequery-v4-type; } // container bulk-leasequery container active-leasequery { junos:must "(".. bulk-leasequery")"; junos:must-message "Must configure bulk-leasequery"; presence "enable active-leasequery"; description "DHCPv4 active leasequery configuration"; uses relay-active-leasequery-v4-type; } // container active-leasequery container remote-id-mismatch { presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch } // grouping jdhcp-relay-type grouping authentication-type { description "DHCP authentication"; uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf mac-address { type empty; description "Include MAC address"; } container option-82 { presence "enable option-82"; description "Include option 82"; leaf circuit-id { type empty; description "Include option 82 circuit-id (sub option 1)"; } leaf remote-id { type empty; description "Include option 82 remote-id (sub option 2)"; } } // container option-82 leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } container client-id { presence "enable client-id"; description "Include client ID"; leaf exclude-headers { type empty; description "Exclude all the headers"; } leaf use-automatic-ascii-hex-encoding { type empty; description "Use automatic ascii hex username encoding"; } } // container client-id leaf option-60 { type empty; description "Include option 60"; } leaf circuit-type { type empty; description "Include circuit type"; } leaf interface-name { type empty; description "Include interface name"; } leaf interface-description { type enumeration { enum "device" { value 0; description "Add the device interface description"; } enum "logical" { value 1; description "Add the logical interface description"; } } description "Include interface description"; } leaf vlan-tags { type empty; description "Include the vlan tag(s)"; } } // container username-include } // grouping authentication-type grouping dhcp-dual-stack-group { description "DHCP dual stack groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Dual stack group name"; } uses apply-advanced; container authentication { description "DHCP authentication"; uses dual-stack-authentication-type; } // container authentication leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { type string { length "1 .. 128"; } description "Access profile to be used for jdhcpd"; } container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile container liveness-detection { description "DHCP client liveness detection processing"; uses dhcp-liveness-detection-dualstack-type; } // container liveness-detection container relay-agent-interface-id { presence "enable relay-agent-interface-id"; description "Interface-id option processing"; uses v6-relay-option-interface-id-type; } // container relay-agent-interface-id container relay-agent-remote-id { presence "enable relay-agent-remote-id"; description "Remote-id option processing"; uses v6-relay-option-remote-id-type; } // container relay-agent-remote-id container classification-key { junos:must "(".. dynamic-profile")"; junos:must-message "dynamic profile configuration in dual-stack-group is must for configuring classification-type"; description "Classification key for identifying dual stack household"; uses classification-types; } // container classification-key leaf dual-stack-interface-client-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 500000"; } } description "Limit the number of client allowed on an interface"; } container protocol-master { description "Select family as protocol master"; uses jdhcp-dual-stack-protocol-mstr-type; } // container protocol-master container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection } // grouping dhcp-dual-stack-group grouping classification-types { description "Different mechanisms to identify a single household"; uses apply-advanced; leaf mac-address { type empty; description "MAC address of client"; } leaf circuit-id { type empty; description "Circuit-id as key"; } leaf remote-id { type empty; description "Remote-id as key"; } } // grouping classification-types grouping dhcp-generic-v4-option { description "Generic DHCP options processing"; uses apply-advanced; leaf option-number { type enumeration { enum "60" { value 0; status deprecated; description "Option 60"; } enum "77" { value 1; status deprecated; description "Option 77"; } } status deprecated; description "Option number"; } container equals { status deprecated; description "Generic option equals"; uses relay-v4-option-ascii-hex; } // container equals container default-action { status deprecated; description "Generic option default action"; uses dhcp-v4-option-default-action; } // container default-action container starts-with { status deprecated; description "Generic option starts with"; uses relay-v4-option-ascii-hex; } // container starts-with container option-60 { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-60 with option-number"; presence "enable option-60"; description "Add option 60 processing"; uses dhcp-generic-v4-option-type; } // container option-60 container option-77 { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-77 with option-number"; presence "enable option-77"; description "Add option 77 processing"; uses dhcp-generic-v4-option-type; } // container option-77 list option-order { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-order with option-number"; key "name"; ordered-by user; description "Options precedence order"; leaf name { type enumeration { enum "60" { value 0; description "Option 60"; } enum "77" { value 1; description "Option 77"; } } description "Option number"; } uses apply-advanced; } // list option-order } // grouping dhcp-generic-v4-option grouping dhcp-generic-v4-option-type { uses apply-advanced; container equals { description "Generic option equals"; uses relay-v4-option-ascii-hex; } // container equals container default-action { description "Generic option default action"; uses dhcp-v4-option-default-action; } // container default-action container starts-with { description "Generic option starts with"; uses relay-v4-option-ascii-hex; } // container starts-with } // grouping dhcp-generic-v4-option-type grouping dhcp-group { description "DHCP groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Group name"; } uses apply-advanced; container active-server-group { description "Name of DHCP server group"; uses dhcpv4-gp-active-sg-type; } // container active-server-group container authentication { description "DHCP authentication"; uses authentication-type; } // container authentication container liveness-detection { description "DHCP client liveness detection processing"; uses dhcp-liveness-detection-type; } // container liveness-detection container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container overrides { presence "enable overrides"; description "DHCP override processing"; uses override-type; } // container overrides container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container server-match { description "Server match processing"; uses apply-advanced; container default-action { presence "enable default-action"; description "Server match default action"; uses server-match-action-choice; } // container default-action list address { key "name"; ordered-by user; description "Server address"; leaf name { type jt:ipv4prefix; description "Server address for matching"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list address } // container server-match container relay-option { junos:must "((!(".. relay-option-60") && !(".. .. relay-option-60")))"; junos:must-message "Cannot specify relay-option-60 with relay-option"; presence "enable relay-option"; description "DHCP option processing"; uses dhcp-generic-v4-option; } // container relay-option container relay-option-60 { junos:must "((!(".. relay-option") && !(".. .. relay-option")))"; junos:must-message "Cannot specify relay-option with relay-option-60"; presence "enable relay-option-60"; status deprecated; description "DHCP option-60 processing"; uses relay-option-60-type-group; } // container relay-option-60 container relay-option-82 { presence "enable relay-option-82"; description "DHCP option-82 processing"; uses relay-option-82-type; } // container relay-option-82 container forward-only { presence "enable forward-only"; description "Forward DHCP packets without creating binding"; uses forward-only-to-rc-type; } // container forward-only container route-suppression { junos:must "(!(".. liveness-detection method layer2-liveness-detection"))"; junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection"; junos:must "((!(".. overrides no-arp") && !(".. .. overrides no-arp")))"; junos:must-message "Cannot specify route-suppression with overrides no-arp"; description "Suppress access-internal and/or destination route addition"; uses dhcp-route-suppression-type; } // container route-suppression leaf description { type string; description "Text description of servers"; } leaf maximum-hop-count { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16"; } } description "Maximum number of hops per packet"; } leaf minimum-wait-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 30000"; } } description "Minimum number of seconds before requests are forwarded"; } leaf client-response-ttl { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "IP time-to-live value to set in responses to client"; } leaf source-ip-change { type empty; description "Use address of egress interface as source ip"; } list interface { key "name"; description "One or more interfaces"; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; leaf upto { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface up to"; } leaf exclude { type empty; description "Exclude this interface range"; } leaf trace { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify tracing with exclude"; type empty; description "Enable tracing for this interface"; } container overrides { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "DHCP override processing"; uses override-type; } // container overrides container dynamic-profile { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection } // list interface container remote-id-mismatch { presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation in seconds"; } container violation-action { description "Lease time validation violation action"; leaf drop { type empty; description "Drop dhcpv4 offer and ack packets"; } } // container violation-action } // container lease-time-validation } // grouping dhcp-group grouping dhcp-liveness-detection-dualstack-type { description "DHCP client liveness detection processing"; uses apply-advanced; container failure-action { description "Liveness detection failure action options"; uses dhcp-liveness-detection-failure-action-type; } // container failure-action container method { description "Liveness detection method options"; uses apply-advanced; choice method-choice { container layer2-liveness-detection { junos:must "((!(".. .. route-suppression") && (!(".. .. .. route-suppression") && !(".. .. .. .. route-suppression"))))"; junos:must-message "Method not allowed with route-suppression enabled"; description "Address resolution options"; uses dhcp-arp-nud-liveness-detection-type; } // container layer2-liveness-detection } // choice method-choice } // container method } // grouping dhcp-liveness-detection-dualstack-type grouping dhcp-arp-nud-liveness-detection-type { description "Address Resolution detection options"; uses apply-advanced; leaf transmit-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "300 .. 1800"; } } units "seconds"; default "300"; description "Transmit interval for address resolution"; } leaf max-consecutive-retries { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "3 .. 6"; } } default "3"; description "Retry attempts"; } } // grouping dhcp-arp-nud-liveness-detection-type grouping dhcp-liveness-detection-failure-action-type { description "Liveness detection failure action options"; uses apply-advanced; choice failure-action-type { leaf clear-binding { type empty; description "Clear the client binding"; } leaf clear-binding-if-interface-up { type empty; description "Clear the client binding only if the incoming interface is up"; } leaf log-only { type empty; description "Maintain the client binding and log the failure event"; } } // choice failure-action-type } // grouping dhcp-liveness-detection-failure-action-type grouping dhcp-liveness-detection-type { description "DHCP client liveness detection processing"; uses apply-advanced; container failure-action { description "Liveness detection failure action options"; uses dhcp-liveness-detection-failure-action-type; } // container failure-action container method { description "Liveness detection method options"; uses apply-advanced; choice method-choice { container bfd { description "Bidirectional Forwarding Detection (BFD) options"; uses dhcp-bfd-liveness-detection-type; } // container bfd container layer2-liveness-detection { junos:must "((!(".. .. route-suppression") && (!(".. .. .. route-suppression") && !(".. .. .. .. route-suppression"))))"; junos:must-message "Method not allowed with route-suppression enabled"; description "Address resolution options"; uses dhcp-arp-nud-liveness-detection-type; } // container layer2-liveness-detection } // choice method-choice } // container method } // grouping dhcp-liveness-detection-type grouping dhcp-bfd-liveness-detection-type { description "Bidirectional Forwarding Detection (BFD) options"; uses apply-advanced; leaf version { type enumeration { enum "0" { value 0; description "BFD version 0 (deprecated)"; } enum "1" { value 1; description "BFD version 1"; } enum "automatic" { value 2; description "Choose BFD version automatically"; } } default "automatic"; description "BFD protocol version number"; } leaf minimum-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; description "Minimum transmit and receive interval"; } leaf minimum-transmit-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; status deprecated; description "Minimum transmit interval"; } leaf minimum-receive-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; description "Minimum receive interval"; } leaf multiplier { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } default "3"; description "Detection time multiplier"; } choice adaptation-choice { leaf no-adaptation { type empty; description "Disable adaptation"; } } // choice adaptation-choice container transmit-interval { description "Transmit-interval options"; uses apply-advanced; leaf minimum-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; description "Minimum transmit interval"; } leaf threshold { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "milliseconds"; description "High transmit interval triggering a trap"; } } // container transmit-interval container detection-time { description "Detection-time options"; uses apply-advanced; leaf threshold { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "milliseconds"; description "High detection-time triggering a trap"; } } // container detection-time leaf session-mode { type enumeration { enum "automatic" { value 0; description "Choose session-mode automatically"; } enum "single-hop" { value 1; description "Use single-hop"; } enum "multihop" { value 2; description "Use multihop"; } } default "automatic"; description "BFD single-hop or multihop session-mode"; } leaf holddown-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 255000"; } } units "milliseconds"; default "0"; description "Time to hold the session-UP notification to the client"; } } // grouping dhcp-bfd-liveness-detection-type grouping dhcp-remote-id-mismatch-type { description "DHCP client remote-id-mismatch processing"; uses apply-advanced; leaf disconnect { type empty; description "Disconnect session on remote-id mismatch"; } } // grouping dhcp-remote-id-mismatch-type grouping dhcp-route-suppression-type { uses apply-advanced; choice dhcp-route-suppression-choice { leaf access-internal { type empty; description "Suppress access-internal and destination route addition"; } leaf destination { type empty; description "Suppress destination route addition"; } } // choice dhcp-route-suppression-choice } // grouping dhcp-route-suppression-type grouping dhcp-v4-option-default-action { description "Default action"; uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "((".. .. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. system services dhcp-local-server group $$" || ".. .. .. .. .. system services dhcp-local-server group $$"))))"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // grouping dhcp-v4-option-default-action grouping dhcpv4-gbl-active-sg-type { leaf active-server-group { junos:must "(".. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP server group"; } leaf allow-server-change { type empty; description "Accept DHCP-ACK from any server in this group"; } } // grouping dhcpv4-gbl-active-sg-type grouping dhcpv4-gp-active-sg-type { leaf active-server-group { junos:must "(".. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP server group"; } leaf allow-server-change { type empty; description "Accept DHCP-ACK from any server in this group"; } } // grouping dhcpv4-gp-active-sg-type grouping dhcpv6-relay-type { description "DHCPv6 relay configuration"; uses apply-advanced; container authentication { description "DHCPv6 authentication"; uses dhcpv6-authentication-type; } // container authentication container persistent-storage { description "Trigger to enable flat file storage"; leaf automatic { type empty; description "Trigger automatically"; } } // container persistent-storage container liveness-detection { description "DHCPv6 client liveness detection processing"; uses dhcpv6-liveness-detection-type; } // container liveness-detection container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container overrides { presence "enable overrides"; description "DHCPv6 override processing"; uses dhcpv6-override-relay-type; } // container overrides container relay-option { presence "enable relay-option"; description "DHCPv6 option processing"; uses dhcp-generic-v6-option; } // container relay-option leaf exclude-relay-agent-identifier { type empty; description "Exclude relay agent identifier from packets to server"; } container server-match { description "Server match processing"; uses apply-advanced; container default-action { description "Server match default action"; uses server-match-action-choice; } // container default-action container duid { description "Match duid processing"; uses apply-advanced; container equals { description "Duid equals"; uses server-match-v6-ascii-hex; } // container equals container starts-with { description "Duid starts with"; uses server-match-v6-ascii-hex; } // container starts-with } // container duid list address { key "name"; ordered-by user; description "Server ipv6 address"; leaf name { type jt:ipv6prefix; description "Server ipv6 address for matching"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list address } // container server-match leaf relay-agent-option-79 { type empty; description "Add the client MAC address to the Relay Forward header."; } container vendor-specific-information { description "DHCPv6 option 17 vendor-specific processing"; uses jdhcp-vendor-specific-type; } // container vendor-specific-information container forward-only { presence "enable forward-only"; description "Forward DHCPv6 packets without creating binding"; uses forward-only-to-rc-type; } // container forward-only leaf forward-only-replies { type empty; description "Forward-only replies from server to appropriate logical-system:routing-instance based on options"; } container forward-snooped-clients { junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))"; junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured"; description "Forward snooped (unicast) packets"; choice interface-type { leaf configured-interfaces { type empty; description "Forward snooped (unicast) packets on configured interfaces"; } leaf non-configured-interfaces { type empty; description "Forward snooped (unicast) packets on non-configured interfaces"; } leaf all-interfaces { type empty; description "Forward snooped (unicast) packets on configured and non-configured interfaces"; } } // choice interface-type } // container forward-snooped-clients container route-suppression { description "Suppress access-internal and/or access route addition"; uses dhcpv6-route-suppression-type; } // container route-suppression list group { key "name"; ordered-by user; description "Define a DHCPv6 relay group"; uses dhcpv6-relay-group; } // list group container relay-agent-interface-id { presence "enable relay-agent-interface-id"; description "DHCPv6 interface-id option processing"; uses v6-relay-option-interface-id-type; } // container relay-agent-interface-id container relay-agent-remote-id { presence "enable relay-agent-remote-id"; description "DHCPv6 remote-id option processing"; uses v6-relay-option-remote-id-type; } // container relay-agent-remote-id container server-group { description "Define a DHCPv6 server group"; uses v6-server-group-type; } // container server-group container active-server-group { description "Name of DHCPv6 server group"; uses dhcpv6-gbl-active-sg-type; } // container active-server-group leaf server-response-time { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Number of seconds in a period of activity between the last server response and an unaswered request"; } container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation in seconds"; } container violation-action { description "Lease time validation violation action"; leaf drop { type empty; description "Drop dhcpv6 advertise and reply packets"; } } // container violation-action } // container lease-time-validation leaf no-snoop { junos:must "(!("legacy-snooping"))"; junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement"; type empty; description "Do not snoop DHCPV6 packets"; } container leasequery { junos:must "(".. relay-agent-interface-id")"; junos:must-message "Must configure [relay-agent-interface-id] to insert interface-id"; presence "enable leasequery"; description "DHCPv6 leasequery configuration"; uses relay-leasequery-type; } // container leasequery container bulk-leasequery { junos:must "(".. relay-agent-interface-id")"; junos:must-message "Must configure [relay-agent-interface-id] to insert interface-id"; presence "enable bulk-leasequery"; description "DHCPv6 bulk leasequery configuration"; uses relay-bulk-leasequery-v6-type; } // container bulk-leasequery container active-leasequery { junos:must "(".. bulk-leasequery")"; junos:must-message "Must configure bulk-leasequery"; presence "enable active-leasequery"; description "DHCPv6 active leasequery configuration"; uses relay-active-leasequery-v6-type; } // container active-leasequery container remote-id-mismatch { presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container duplicate-clients { description "Allow duplicate clients"; uses dhcpv6-duplicate-clients-type; } // container duplicate-clients } // grouping dhcpv6-relay-type grouping dhcp-generic-v6-option { description "Generic DHCPv6 options processing"; uses apply-advanced; leaf option-number { type enumeration { enum "15" { value 0; status deprecated; description "Option 15"; } enum "16" { value 1; status deprecated; description "Option 16"; } } status deprecated; description "Option number"; } container equals { status deprecated; description "Generic option equals"; uses relay-v6-option-ascii-hex; } // container equals container default-action { status deprecated; description "Generic option default action"; uses dhcp-v6-option-default-action; } // container default-action container starts-with { status deprecated; description "Generic option starts with"; uses relay-v6-option-ascii-hex; } // container starts-with container option-15 { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-15 with option-number"; presence "enable option-15"; description "Add option 15 processing"; uses dhcp-generic-v6-option-type; } // container option-15 container option-16 { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-16 with option-number"; presence "enable option-16"; description "Add option 16 processing"; uses dhcp-generic-v6-option-type; } // container option-16 list option-order { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-order with option-number"; key "name"; ordered-by user; description "Options precedence order"; leaf name { type enumeration { enum "15" { value 0; description "Option 15"; } enum "16" { value 1; description "Option 16"; } } description "Option number"; } uses apply-advanced; } // list option-order } // grouping dhcp-generic-v6-option grouping dhcp-generic-v6-option-type { uses apply-advanced; container equals { description "Generic option equals"; uses relay-v6-option-ascii-hex; } // container equals container default-action { description "Generic option default action"; uses dhcp-v6-option-default-action; } // container default-action container starts-with { description "Generic option starts with"; uses relay-v6-option-ascii-hex; } // container starts-with } // grouping dhcp-generic-v6-option-type grouping dhcp-v6-option-default-action { description "Default action"; uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // grouping dhcp-v6-option-default-action grouping dhcpv6-authentication-type { description "DHCPv6 authentication"; uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf mac-address { type empty; description "Include MAC address"; } container client-id { presence "enable client-id"; description "Include client ID"; leaf exclude-headers { type empty; description "Exclude all the headers"; } leaf use-automatic-ascii-hex-encoding { type empty; description "Use automatic ascii hex username encoding"; } } // container client-id container relay-agent-remote-id { presence "enable relay-agent-remote-id"; description "Include the relay agent remote ID"; uses apply-advanced; choice relay-agent-remote-id-choice { leaf enterprise-id { type empty; status deprecated; description "Only use enterprise-id portion of option-37"; } leaf remote-id { type empty; status deprecated; description "Only use remote-id portion of option-37"; } } // choice relay-agent-remote-id-choice } // container relay-agent-remote-id leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } leaf relay-agent-subscriber-id { type empty; description "Include the relay agent subscriber ID"; } leaf relay-agent-interface-id { type empty; description "Include the relay agent interface ID"; } leaf circuit-type { type empty; description "Include circuit type"; } leaf interface-name { type empty; description "Include interface name"; } leaf interface-description { type enumeration { enum "device" { value 0; description "Add the device interface description"; } enum "logical" { value 1; description "Add the logical interface description"; } } description "Include interface description"; } leaf vlan-tags { type empty; description "Include the vlan tag(s)"; } } // container username-include } // grouping dhcpv6-authentication-type grouping dhcpv6-duplicate-clients-type { description "Allow duplicate clients"; choice distinguish-with { leaf incoming-interface { type empty; description "Allow duplicate clients on different underlying interfaces"; } } // choice distinguish-with } // grouping dhcpv6-duplicate-clients-type grouping dhcpv6-gbl-active-sg-type { uses apply-advanced; leaf active-server-group { junos:must "(".. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCPv6 server group"; } } // grouping dhcpv6-gbl-active-sg-type grouping dhcpv6-liveness-detection-type { description "DHCPv6 client liveness detection processing"; uses apply-advanced; container failure-action { description "Liveness detection failure action options"; uses dhcp-liveness-detection-failure-action-type; } // container failure-action container method { description "Liveness detection method options"; uses apply-advanced; choice method-choice { container bfd { description "Bidirectional Forwarding Detection (BFD) options"; uses dhcp-bfd-liveness-detection-type; } // container bfd container layer2-liveness-detection { description "Neighbor discovery options"; uses dhcp-arp-nud-liveness-detection-type; } // container layer2-liveness-detection } // choice method-choice } // container method } // grouping dhcpv6-liveness-detection-type grouping dhcpv6-override-relay-type { description "DHCPv6 relay override processing"; uses apply-advanced; choice allow-snooped-clients-choice { leaf allow-snooped-clients { type empty; description "Allow client creation from snooped PDUs"; } leaf no-allow-snooped-clients { type empty; description "Don't allow client creation from snooped PDUs"; } } // choice allow-snooped-clients-choice leaf delay-authentication { type empty; description "Delay subscriber authentication in DHCP protocol processing until request packet"; } leaf interface-client-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 500000"; } } description "Limit the number of clients allowed on an interface"; } leaf dual-stack { type string { length "1 .. 64"; } description "Dual stack group to use."; } leaf no-bind-on-request { type empty; description "Do not bind if stray DHCPv6 RENEW, REBIND is received"; } container client-negotiation-match { description "Use secondary match criteria for SOLICIT PDU"; choice match-with { leaf incoming-interface { type empty; description "Use incoming interface"; } } // choice match-with } // container client-negotiation-match leaf send-release-on-delete { type empty; description "Always send RELEASE to the server when a binding is deleted"; } leaf always-process-option-request-option { type empty; description "Always process option even after address allocation failure"; } leaf relay-source { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface for relay source"; } leaf delete-binding-on-renegotiation { type empty; description "Delete binding on renegotiation"; } leaf asymmetric-lease-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Use a reduced lease time for the client. In seconds"; } leaf asymmetric-prefix-lease-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Use a reduced prefix lease time for the client. In seconds"; } } // grouping dhcpv6-override-relay-type grouping dhcpv6-relay-group { description "DHCPv6 groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Group name"; } uses apply-advanced; container active-server-group { description "Name of DHCPv6 server group"; uses dhcpv6-gp-active-sg-type; } // container active-server-group list dual-stack-group { key "name"; description "Define a DHCP dual stack group"; uses dhcp-dual-stack-group; } // list dual-stack-group container authentication { description "DHCPv6 authentication"; uses dhcpv6-authentication-type; } // container authentication container liveness-detection { description "DHCPv6 client liveness detection processing"; uses dhcpv6-liveness-detection-type; } // container liveness-detection container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container overrides { presence "enable overrides"; description "DHCPv6 override processing"; uses dhcpv6-override-relay-type; } // container overrides container relay-option { presence "enable relay-option"; description "DHCPv6 option processing"; uses dhcp-generic-v6-option; } // container relay-option container vendor-specific-information { description "DHCPv6 option 17 vendor-specific processing"; uses jdhcp-vendor-specific-type; } // container vendor-specific-information container forward-only { presence "enable forward-only"; description "Forward DHCPv6 packets without creating binding"; uses forward-only-to-rc-type; } // container forward-only container relay-agent-interface-id { presence "enable relay-agent-interface-id"; description "DHCPv6 interface-id option processing"; uses v6-relay-option-interface-id-type; } // container relay-agent-interface-id container relay-agent-remote-id { presence "enable relay-agent-remote-id"; description "DHCPv6 remote-id option processing"; uses v6-relay-option-remote-id-type; } // container relay-agent-remote-id container route-suppression { description "Suppress access-internal and/or access route addition"; uses dhcpv6-route-suppression-type; } // container route-suppression leaf relay-agent-option-79 { type empty; description "Add the client MAC address to the Relay Forward header."; } list interface { key "name"; description "One or more interfaces"; leaf name { junos:must "((unique "forwarding-options dhcp-relay dhcpv6 group <*> interface $$" && !(any "system services dhcp-local-server dhcpv6 group <*> interface $$")))"; junos:must-message "Interface used in other relay or server group"; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; leaf upto { junos:must "(!(".. .. interface $$"))"; junos:must-message "Range end point must not equal start"; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface up to"; } leaf exclude { type empty; description "Exclude this interface range"; } leaf trace { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify tracing with exclude"; type empty; description "Enable tracing for this interface"; } container overrides { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "DHCPv6 override processing"; uses dhcpv6-override-relay-type; } // container overrides container dynamic-profile { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify dynamic-profile with exclude"; description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection } // list interface container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation in seconds"; } container violation-action { description "Lease time validation violation action"; leaf drop { type empty; description "Drop dhcpv6 advertise and reply packets"; } } // container violation-action } // container lease-time-validation container remote-id-mismatch { presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container server-match { description "Server match processing"; uses apply-advanced; container default-action { description "Server match default action"; uses server-match-action-choice; } // container default-action container duid { description "Match duid processing"; uses apply-advanced; container equals { description "Duid equals"; uses server-match-v6-ascii-hex; } // container equals container starts-with { description "Duid starts with"; uses server-match-v6-ascii-hex; } // container starts-with } // container duid list address { key "name"; ordered-by user; description "Server ipv6 address"; leaf name { type jt:ipv6prefix; description "Server ipv6 address for matching"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list address } // container server-match } // grouping dhcpv6-relay-group grouping dhcpv6-gp-active-sg-type { uses apply-advanced; leaf active-server-group { junos:must "(".. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCPv6 server group"; } } // grouping dhcpv6-gp-active-sg-type grouping dhcpv6-route-suppression-type { description "Suppress access-internal and/or access route addition"; leaf access { type empty; description "Suppress access route addition"; } leaf access-internal { type empty; description "Suppress access-internal route addition"; } } // grouping dhcpv6-route-suppression-type grouping dual-stack-authentication-type { description "DHCP dual stack authentication"; uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf mac-address { type empty; description "Include MAC address"; } container client-id { presence "enable client-id"; description "Include client ID"; leaf exclude-headers { type empty; description "Exclude all the headers"; } leaf use-automatic-ascii-hex-encoding { type empty; description "Use automatic ascii hex username encoding"; } } // container client-id leaf relay-agent-remote-id { type empty; description "Include the relay agent remote ID"; } leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } leaf relay-agent-interface-id { type empty; description "Include the relay agent interface ID"; } leaf interface-name { type empty; description "Include interface name"; } leaf interface-description { type enumeration { enum "device" { value 0; description "Add the device interface description"; } enum "logical" { value 1; description "Add the logical interface description"; } } description "Include interface description"; } leaf circuit-type { type empty; description "Include circuit type"; } leaf vlan-tags { type empty; description "Include the vlan tag(s)"; } } // container username-include } // grouping dual-stack-authentication-type grouping dynamic-profile-type { description "Dynamic profile to use"; uses apply-advanced; leaf dynamic-profile { junos:must "("dynamic-profiles $$")"; junos:must-message "Dynamic profile must be defined"; type string { length "1 .. 80"; } description "Dynamic profile to use"; } choice dynamic-profile-type-choice { leaf use-primary { junos:must "("dynamic-profiles $$")"; junos:must-message "Dynamic profile must be defined"; type string { length "1 .. 80"; } description "Dynamic profile to use on the primary interface"; } container aggregate-clients { presence "enable aggregate-clients"; description "Aggregate client profiles"; uses apply-advanced; choice aggregate-type { leaf merge { type empty; description "Merge the client dynamic profiles"; } leaf replace { type empty; description "Replace client dynamic profiles"; } } // choice aggregate-type } // container aggregate-clients } // choice dynamic-profile-type-choice } // grouping dynamic-profile-type grouping forward-only-to-rc-type { description "Forward DHCP packets without creating binding"; uses apply-advanced; leaf logical-system { type string; default "current"; } leaf routing-instance { type string; default "current"; } } // grouping forward-only-to-rc-type grouping jdhcp-dual-stack-protocol-mstr-type { description "Select family as protocol master"; choice addr-fam { leaf inet { type empty; description "INET family has protocol master behavior"; } leaf inet6 { type empty; description "INET6 family has protocol master behavior"; } } // choice addr-fam } // grouping jdhcp-dual-stack-protocol-mstr-type grouping jdhcp-duplicate-clients-in-subnet-type { description "Allow duplicate clients in a subnet"; choice distinguish-with { leaf incoming-interface { type empty; description "Allow duplicate clients on different interfaces in a subnet"; } leaf option-82 { type empty; description "Allow duplicate clients using different option-82 options in a subnet"; } } // choice distinguish-with } // grouping jdhcp-duplicate-clients-in-subnet-type grouping jdhcp-interface-traceoptions-type { description "Interface trace options for DHCP"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Interface trace categories"; leaf name { type enumeration { enum "state" { value 0; description "State-transition operations"; } enum "packet" { value 1; description "Packet-decoding operations"; } enum "flow" { value 2; description "Flow-decoding operations"; } enum "packet-option" { value 3; description "DHCP option-decoding operations"; } enum "dhcpv6-state" { value 4; description "State-transition operations for dhcpv6"; } enum "dhcpv6-packet" { value 5; description "Packet-decoding operations for dhcpv6"; } enum "dhcpv6-packet-option" { value 6; description "DHCP option-decoding operations for dhcpv6"; } enum "all" { value 7; description "All operations"; } } } } // list flag } // grouping jdhcp-interface-traceoptions-type grouping jdhcp-traceoptions-type { description "Trace options for DHCP"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "DHCP operations to include in debugging trace"; leaf name { type enumeration { enum "state" { value 0; description "State-transition operations"; } enum "packet" { value 1; description "Packet-decoding operations"; } enum "flow" { value 2; description "Flow-decoding operations"; } enum "packet-option" { value 3; description "DHCP option-decoding operations"; } enum "dhcpv6-state" { value 4; description "State-transition operations for dhcpv6"; } enum "dhcpv6-packet" { value 5; description "Packet-decoding operations for dhcpv6"; } enum "dhcpv6-packet-option" { value 6; description "DHCP option-decoding operations for dhcpv6"; } enum "all" { value 7; description "All operations"; } enum "database" { value 8; description "Database operations"; } enum "persistent" { value 9; description "Persitent file operations"; } enum "lockout-db" { value 10; description "Lockout database operations"; } enum "interface" { value 11; description "Interface operations"; } enum "rtsock" { value 12; description "Routing socket operations"; } enum "flow-notify" { value 13; description "Flow notification operations"; } enum "io" { value 14; description "I/O operations"; } enum "ha" { value 15; description "High Availability-related operations"; } enum "ui" { value 16; description "User Interface operations"; } enum "general" { value 17; description "Miscellaneous operations"; } enum "fwd" { value 18; description "Firewall process operations"; } enum "rpd" { value 19; description "Routing Protocol process operations"; } enum "auth" { value 20; description "Authentication operations"; } enum "profile" { value 21; description "Profile operations"; } enum "session-db" { value 22; description "Session database operations"; } enum "performance" { value 23; description "Performance measurement operations"; } enum "statistics" { value 24; description "Baseline statistics operations"; } enum "dhcpv6-io" { value 25; description "I/O operations for dhcpv6"; } enum "dhcpv6-rpd" { value 26; description "Routing Protocol process operations for dhcpv6"; } enum "dhcpv6-session-db" { value 27; description "Session database operations for dhcpv6"; } enum "dhcpv6-general" { value 28; description "Miscellaneous operations for dhcpv6"; } enum "liveness-detection" { value 29; description "Liveness detection operations"; } enum "security-persistence" { value 30; description "Liveness detection operations"; } enum "mclag" { value 31; description "Multichassis LAG"; } enum "ra-guard" { value 32; description "DHCP RA guard option for dhcpv6"; } } } } // list flag } // grouping jdhcp-traceoptions-type grouping jdhcp-vendor-specific-type { description "Add vendor-specific option processing"; uses apply-advanced; leaf host-name { type empty; description "Add router host name"; } leaf location { type empty; description "Add location information expressed as interface name format"; } } // grouping jdhcp-vendor-specific-type grouping juniper-forwarding-sandbox-options { leaf name { junos:must "(".. port")"; junos:must-message "At least one port is required for port configuration"; type string; description "Sandbox name"; } uses apply-advanced; leaf size { type enumeration { enum "small" { value 0; description "Sandbox size small"; } enum "medium" { value 1; description "Sandbox size medium"; } enum "large" { value 2; description "Sandbox size large"; } } default "small"; description "Size of the sandbox"; } list port { key "name"; max-elements 64; description "Sandbox port"; uses juniper-forwarding-sandbox-port-options; } // list port } // grouping juniper-forwarding-sandbox-options grouping juniper-forwarding-sandbox-port-options { leaf name { junos:must "(".. interface")"; junos:must-message "At least one interface is required for port configuration"; type string; description "Port name"; } uses apply-advanced; list interface { key "name"; max-elements 1; ordered-by user; description "Interface to which the port is mapped"; leaf name { junos:must "(!("interfaces $$ unit"))"; junos:must-message "Interface must not have configuration defined for adding to a forwarding sandbox"; type union { type jt:interface-device; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; } // list interface } // grouping juniper-forwarding-sandbox-port-options grouping juniper-monitoring-options { leaf name { type string; description "Name for monitoring group"; } uses apply-advanced; container family { description "Address family of packets to monitor"; container inet { presence "enable inet"; description "Monitor IPv4 packets"; uses apply-advanced; container input { presence "enable input"; status deprecated; description "Monitor data acquisition"; uses monitoring_input_type; } // container input container output { presence "enable output"; description "Monitoring data disposition"; uses monitoring_output_type; } // container output } // container inet } // container family } // grouping juniper-monitoring-options grouping juniper-next-hop-group-options { leaf name { type string; description "Next hop group name"; } uses apply-advanced; leaf group-type { type enumeration { enum "inet" { value 0; description "Group of family inet next-hops"; } enum "layer-2" { value 1; description "Layer-2 next-hop group"; } enum "inet6" { value 2; description "Group of family inet6 next-hops"; } } default "inet"; description "Next hop group type"; } list interface { key "name"; description "Interfaces through which to send sampled traffic"; uses next_hop_group_intf_type; } // list interface list next-hop-subgroup { key "name"; description "Group of interfaces through which to send sampled traffic"; uses juniper-next-hop-subgroup-options; } // list next-hop-subgroup } // grouping juniper-next-hop-group-options grouping juniper-next-hop-subgroup-options { leaf name { junos:must "(".. interface")"; junos:must-message "At least two interfaces are required for next-hop-subgroup configuration"; type string; description "Next-hop sub-group name"; } uses apply-advanced; list interface { key "name"; max-elements 16; description "Interface through which to send the sampled traffic"; uses next_hop_subgroup_intf_type; } // list interface } // grouping juniper-next-hop-subgroup-options grouping juniper-packet-accounting-options { leaf name { type string; description "Name for accounting group"; } uses apply-advanced; container output { description "Accounting data disposition"; uses packet_accounting_output_type; } // container output } // grouping juniper-packet-accounting-options grouping juniper-packet-capture-options { description "Packet capture options"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable packet-capture"; } } // choice enable-disable container file { description "Parameters for file that contains captured packets"; leaf filename { type string { junos:posix-pattern "![/ %.]"; junos:pattern-message "Must not contain '/', '%', '.' or a space"; length "1 .. 900"; } description "Name of file"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 10000"; } } default "10"; description "Maximum number of files"; } leaf size { type string; description "Maximum file size"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read packet-capture files"; } leaf no-world-readable { type empty; description "Don't allow any user to read packet-capture files"; } } // choice world-readable-choice } // container file leaf maximum-capture-size { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "68 .. 1520"; } } units "bytes"; default "68"; description "Maximum packet size to capture"; } } // grouping juniper-packet-capture-options grouping juniper-port-mirror-options { uses apply-advanced; container traceoptions { description "Port-mirroring trace options"; uses sampling_traceoptions_type; } // container traceoptions leaf disable { type empty; description "Disable the global port-mirroring instance"; } leaf disable-all-instances { type empty; description "Disable the all port-mirroring instances"; } leaf mirror-once { type empty; description "Sample the packet for port mirroring only once"; } leaf no-preserve-ingress-tag { type empty; description "Mirror the packet retaining tag value before normalization"; } leaf remote-port-mirroring { type empty; description "Flag to specify about remote-port-mirroring"; } container input { description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container family { description "Address family of packets to mirror"; container inet { description "Mirror IPv4 packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "One or more next hops for port-mirrored packets"; uses inet_pm_family_output_type; } // container output } // container inet container inet6 { description "Mirror IPv6 packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "One or more next hops for port-mirrored packets"; uses inet6_pm_family_output_type; } // container output } // container inet6 container mpls { description "Mirror MPLS packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "One or more next hops for port-mirrored packets"; uses mpls_pm_family_output_type; } // container output } // container mpls container any { description "Mirror any packets"; uses apply-advanced; container output { description "One or more next hops for port-mirrored packets"; uses any_pm_family_output_type; } // container output } // container any container vpls { description "Mirror Layer-2 bridged/vpls packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "Destination for port-mirrored packets"; uses layer2_pm_family_output_type; } // container output } // container vpls container ethernet-switching { description "Mirror Layer-2 ethernet-switched packets"; uses apply-advanced; container output { description "Destination for port-mirrored packets"; uses layer2_pm_family_output_type; } // container output } // container ethernet-switching container ccc { description "Mirror layer-2 ccc packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "Destination for port-mirrored packets"; uses layer2_pm_family_output_type; } // container output } // container ccc } // container family list instance { key "name"; ordered-by user; description "Instance of port-mirroring parameters"; leaf name { type string { junos:posix-pattern "!^((__.*)|(.{65,}))$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 63"; } description "Name for port-mirroring instance"; } uses apply-advanced; leaf disable { type empty; description "Disable the this port-mirroring instance"; } choice input_params_or_instance { container input { description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input leaf input-parameters-instance { junos:must "("forwarding-options port-mirroring instance $$")"; junos:must-message "Referenced port-mirroring instance does not exist"; type string; description "Name of port-mirroring instance to use for input parameters"; } } // choice input_params_or_instance container output { description "One or more next hops for port-mirrored packets"; uses inet_pm_output_type; } // container output container family { description "Address family of packets to mirror"; container inet { description "Mirror IPv4 packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "One or more next hops for port-mirrored packets"; uses inet_pm_family_output_type; } // container output } // container inet container inet6 { description "Mirror IPv6 packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "One or more next hops for port-mirrored packets"; uses inet6_pm_family_output_type; } // container output } // container inet6 container mpls { description "Mirror MPLS packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "One or more next hops for port-mirrored packets"; uses mpls_pm_family_output_type; } // container output } // container mpls container any { description "Mirror any packets"; uses apply-advanced; container output { description "One or more next hops for port-mirrored packets"; uses any_pm_family_output_type; } // container output } // container any container vpls { description "Mirror Layer-2 bridged/vpls packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "Destination for port-mirrored packets"; uses layer2_pm_family_output_type; } // container output } // container vpls container ethernet-switching { description "Mirror Layer-2 ethernet-switched packets"; uses apply-advanced; container output { description "Destination for port-mirrored packets"; uses layer2_pm_family_output_type; } // container output } // container ethernet-switching container ccc { description "Mirror layer-2 ccc packets"; uses apply-advanced; container input { junos:must "(!(".. .. .. input"))"; junos:must-message "input parameters under family and outside family are mutually exclusive"; status deprecated; description "Settings for sampling of input packets"; uses pm_family_input_type; } // container input container output { description "Destination for port-mirrored packets"; uses layer2_pm_family_output_type; } // container output } // container ccc } // container family container mirror-profile { description "Mirror profile to be attached to the instance"; uses apply-advanced; leaf profile-name { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; length "1 .. 63"; } description "Name of profile"; } } // container mirror-profile } // list instance } // grouping juniper-port-mirror-options grouping any_pm_family_output_type { uses apply-advanced; choice interface-or-next-hop-index { list interface { key "name"; description "Interfaces through which to send sampled traffic"; uses any_pm_intf_type; } // list interface leaf next-hop-group { junos:must "(!(".. no-filter-check"))"; junos:must-message "no-filter-check is not allowed with next-hop-group"; junos:must "("forwarding-options next-hop-group $$ group-type layer-2")"; junos:must-message "Referenced next-hop-group must be defined as layer-2 group"; type string; description "Next-hop-group through which to send port-mirror traffic"; } } // choice interface-or-next-hop-index leaf no-filter-check { type empty; description "Do not check for filters on port-mirroring interface"; } container hosted-service { description "Configure Hosted Service"; uses apply-advanced; leaf server-profile { junos:must "("services hosted-services server-profile $$")"; junos:must-message "Only server profiles configured under [services hosted-services server-profile] can be configured here"; type string { length "3 .. 32"; } description "Server profile name"; } } // container hosted-service } // grouping any_pm_family_output_type grouping any_pm_intf_type { leaf name { junos:must "(!(("interfaces $$-IFL family inet" || "interfaces $$-IFL family inet6")))"; junos:must-message "An interface configured as family inet/inet6 cannot be configured as output interface"; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface through which to send sampled traffic"; } uses apply-advanced; list next-hop { key "name"; ordered-by user; description "Address of next hop through which to send sampled traffic"; uses inet_next_hop_type; } // list next-hop } // grouping any_pm_intf_type grouping inet6_pm_family_output_type { uses apply-advanced; choice interface-or-next-hop-index { list interface { key "name"; description "Interfaces through which to send sampled traffic"; uses inet6_pm_intf_type; } // list interface leaf next-hop-group { junos:must "(!(".. no-filter-check"))"; junos:must-message "no-filter-check is not allowed with next-hop-group"; junos:must "("forwarding-options next-hop-group $$ group-type inet6")"; junos:must-message "Referenced next-hop-group must be defined as inet6 group"; type string; description "Next-hop-group through which to send port-mirror traffic"; } } // choice interface-or-next-hop-index leaf policer { junos:must "("firewall policer $$")"; junos:must-message "Referenced firewall policer does not exist"; type string { junos:posix-pattern "!^((__.*)|(.{65,}))$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; } description "Name of policer to use to rate-limit traffic"; } leaf forwarding-class { junos:must "("class-of-service forwarding-classes class $$")"; junos:must-message "Referenced forwarding-class does not exist"; type string { length "1 .. 64"; } description "Forwarding-class for TOS"; } leaf no-filter-check { type empty; description "Do not check for filters on port-mirroring interface"; } leaf ipv6-address { type jt:ipv6addr; description "ERSPAN Destination IPv6 Address"; } list routing-instance { key "name"; max-elements 1; description "Routing instances"; uses inet6_pm_output-routing-instance-type; } // list routing-instance leaf server-profile { junos:must "(("services hosted-services server-profile $$" && ("services hosted-services server-profile $$ server-address" && "services hosted-services server-profile $$ client-address")))"; junos:must-message "Only complete server profiles configured under [services hosted-services server-profile] can be configured here"; type string { length "3 .. 32"; } description "Server profile name"; } } // grouping inet6_pm_family_output_type grouping inet6_pm_intf_type { leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface through which to send sampled traffic"; } uses apply-advanced; list next-hop { key "name"; ordered-by user; description "Address of next hop through which to send sampled traffic"; uses inet6_next_hop_type; } // list next-hop } // grouping inet6_pm_intf_type grouping inet6_next_hop_type { description "Address of next hop through which to send sampled traffic"; leaf name { type jt:ipv6addr; } uses apply-advanced; } // grouping inet6_next_hop_type grouping inet6_pm_output-routing-instance-type { leaf name { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance name"; } uses apply-advanced; leaf ipv6-address { type jt:ipv6addr; description "ERSPAN Destination IPv6 Address"; } } // grouping inet6_pm_output-routing-instance-type grouping inet_next_hop_type { description "Address of next hop through which to send sampled traffic"; leaf name { type jt:ipv4addr; } uses apply-advanced; } // grouping inet_next_hop_type grouping inet_pm_family_output_type { uses apply-advanced; choice interface-or-next-hop-index { list interface { key "name"; description "Interfaces through which to send sampled traffic"; uses inet_pm_intf_type; } // list interface leaf next-hop-group { junos:must "(!(".. no-filter-check"))"; junos:must-message "no-filter-check is not allowed with next-hop-group"; junos:must "("forwarding-options next-hop-group $$ group-type inet")"; junos:must-message "Referenced next-hop-group must be defined as inet group"; type string; description "Next-hop-group through which to send port-mirror traffic"; } } // choice interface-or-next-hop-index leaf no-filter-check { type empty; description "Do not check for filters on port-mirroring interface"; } leaf ip-address { type jt:ipv4addr; description "ERSPAN Destination IP Address"; } list routing-instance { key "name"; max-elements 1; description "Routing instances"; uses inet_pm_output-routing-instance-type; } // list routing-instance leaf server-profile { junos:must "(("services hosted-services server-profile $$" && ("services hosted-services server-profile $$ server-address" && "services hosted-services server-profile $$ client-address")))"; junos:must-message "Only complete server profiles configured under [services hosted-services server-profile] can be configured here"; type string { length "3 .. 32"; } description "Server profile name"; } leaf policer { junos:must "("firewall policer $$")"; junos:must-message "Referenced firewall policer does not exist"; type string { junos:posix-pattern "!^((__.*)|(.{65,}))$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; } description "Name of policer to use to rate-limit traffic"; } leaf forwarding-class { junos:must "("class-of-service forwarding-classes class $$")"; junos:must-message "Referenced forwarding-class does not exist"; type string { length "1 .. 64"; } description "Forwarding-class for TOS"; } } // grouping inet_pm_family_output_type grouping inet_pm_intf_type { leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface through which to send sampled traffic"; } uses apply-advanced; list next-hop { key "name"; ordered-by user; description "Address of next hop through which to send sampled traffic"; uses inet_next_hop_type; } // list next-hop } // grouping inet_pm_intf_type grouping inet_pm_output-routing-instance-type { leaf name { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance name"; } uses apply-advanced; leaf ip-address { type jt:ipv4addr; description "ERSPAN Destination IP Address"; } } // grouping inet_pm_output-routing-instance-type grouping inet_pm_output_type { uses apply-advanced; leaf ip-source-address { type jt:ipv4addr; description "IP source address"; } leaf ip-destination-address { type jt:ipv4addr; description "IP destination address"; } leaf policer { junos:must "("firewall policer $$")"; junos:must-message "Referenced firewall policer does not exist"; type string { junos:posix-pattern "!^((__.*)|(.{65,}))$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; } description "Name of policer to use to rate-limit traffic"; } leaf dscp { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "("class-of-service forwarding-classes class $$")"; junos:must-message "Referenced forwarding-class does not exist"; type string { length "1 .. 64"; } description "Forwarding-class for TOS"; } } // grouping inet_pm_output_type grouping juniper-sampling-options { uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable global sampling instance"; } } // choice enable-disable container traceoptions { description "Traffic sampling trace options"; uses sampling_traceoptions_type; } // container traceoptions leaf sample-once { type empty; description "Sample the packet for active-monitoring only once"; } leaf pre-rewrite-tos { type empty; description "Sample the packet retaining tos value before normalization"; } container input { description "Traffic Sampling data acquisition"; uses sampling_input_type; } // container input container output { junos:must "(!(".. family"))"; junos:must-message " 'sampling family <*> ' and 'sampling output' are mutually exclusive"; junos:must "("forwarding-options sampling input")"; junos:must-message "Sampling input configuration is not specified"; status deprecated; description "Traffic sampling data disposition"; uses sampling_output_type; } // container output container family { description "Address family of packets to sample"; container inet { description "Sample IPv4 packets"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable sampling family inet"; } } // choice enable-disable container input { junos:must "(!(".. .. .. input"))"; junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive"; description "Settings for sampling of input packets"; uses sampling_family_input_type; } // container input container output { junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))"; junos:must-message "output configuration mismatch with old deprecated input configuration"; junos:must "((".. .. .. input rate" || " .. input rate"))"; junos:must-message "sampling input rate is not specified"; junos:must "((".. .. .. input" || ".. input"))"; junos:must-message "Sampling input configuration is not specified"; description "Traffic sampling data disposition"; uses sampling_instance_inet_global_output_type; } // container output } // container inet container inet6 { description "Sample IPv6 packets"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable sampling family inet6"; } } // choice enable-disable container input { junos:must "(!(".. .. .. input"))"; junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive"; description "Settings for sampling of input packets"; uses sampling_family_input_type; } // container input container output { junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))"; junos:must-message "output configuration mismatch with old deprecated input configuration"; junos:must "((".. .. .. input" || ".. input"))"; junos:must-message "Sampling input configuration is not specified"; description "Traffic sampling data disposition"; uses sampling_family_inet6_output_type; } // container output } // container inet6 container mpls { description "Sample mpls packets"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable sampling family mpls"; } } // choice enable-disable container input { junos:must "(!(".. .. .. input"))"; junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive"; description "Settings for sampling of input packets"; uses sampling_family_input_type; } // container input container output { junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))"; junos:must-message "output configuration mismatch with old deprecated input configuration"; junos:must "((".. .. .. input" || ".. input"))"; junos:must-message "Sampling input configuration is not specified"; description "Traffic sampling data disposition"; uses sampling_global_mpls_output_type; } // container output } // container mpls } // container family list instance { key "name"; ordered-by user; description "Instance of sampling parameters"; leaf name { junos:must "(!("forwarding-options port-mirroring instance $$"))"; junos:must-message "Instance $$ is also defined under port-mirroring hierarchy"; type string; description "Name for sampling instance"; } uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable sampling instance"; } } // choice enable-disable container input { description "Traffic Sampling data acquisition"; uses sampling_instance_input_type; } // container input container family { description "Address family of packets to sample"; container inet { description "Sample IPv4 packets"; uses apply-advanced; choice enable-disable { leaf disable { type empty; status deprecated; description "Disable instance family inet"; } } // choice enable-disable container input { junos:must "(!(".. .. .. input"))"; junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive"; description "Settings for sampling of input packets"; uses sampling_family_input_type; } // container input container output { junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))"; junos:must-message "output configuration mismatch with old deprecated input configuration"; junos:must "((".. .. .. input" || ".. input"))"; junos:must-message "Sampling input configuration is not specified"; description "Traffic sampling data disposition"; uses sampling_instance_inet_output_type; } // container output } // container inet container inet6 { description "Sample IPv6 packets"; uses apply-advanced; choice enable-disable { leaf disable { type empty; status deprecated; description "Disable instance family inet6"; } } // choice enable-disable container input { junos:must "(!(".. .. .. input"))"; junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive"; description "Settings for sampling of input packets"; uses sampling_family_input_type; } // container input container output { junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))"; junos:must-message "output configuration mismatch with old deprecated input configuration"; junos:must "((".. .. .. input" || ".. input"))"; junos:must-message "Sampling input configuration is not specified"; description "Traffic sampling data disposition"; uses sampling_instance_inet6_output_type; } // container output } // container inet6 container mpls { description "Sample mpls packets"; uses apply-advanced; choice enable-disable { leaf disable { type empty; status deprecated; description "Disable instance family mpls"; } } // choice enable-disable container input { junos:must "(!(".. .. .. input"))"; junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive"; description "Settings for sampling of input packets"; uses sampling_family_input_type; } // container input container output { junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))"; junos:must-message "output configuration mismatch with old deprecated input configuration"; junos:must "((".. .. .. input" || ".. input"))"; junos:must-message "Sampling input configuration is not specified"; description "Traffic sampling data disposition"; uses sampling_instance_mpls_output_type; } // container output } // container mpls container vpls { status deprecated; description "Sample vpls packets"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable instance family vpls"; } } // choice enable-disable container input { junos:must "(!(".. .. .. input"))"; junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive"; description "Settings for sampling of input packets"; uses sampling_family_input_type; } // container input container output { junos:must "((".. .. .. input" || ".. input"))"; junos:must-message "Sampling input configuration is not specified"; description "Traffic sampling data disposition"; uses sampling_instance_vpls_output_type; } // container output } // container vpls container bridge { junos:must "(!(".. .. family vpls"))"; junos:must-message "bridge and vpls families are mutually exclusive"; description "Sample bridge packets"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable instance family bridge"; } } // choice enable-disable container input { junos:must "(!(".. .. .. input"))"; junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive"; description "Settings for sampling of input packets"; uses sampling_family_input_type; } // container input container output { junos:must "((".. .. .. input" || ".. input"))"; junos:must-message "Sampling input configuration is not specified"; description "Traffic sampling data disposition"; uses sampling_instance_bridge_output_type; } // container output } // container bridge } // container family } // list instance container jflow-service { description "Jflow service configuration"; uses apply-advanced; container traceoptions { description "Jflow service trace options"; uses jflow_service_traceoptions; } // container traceoptions } // container jflow-service container route-record { description "Sampling route record configuration"; uses apply-advanced; container traceoptions { description "Sampling route record trace options"; uses route_record_traceoptions; } // container traceoptions } // container route-record } // grouping juniper-sampling-options grouping jflow_service_traceoptions { description "Traceoptions for jflow-service"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of jflow-service to enable debuging output"; leaf name { type enumeration { enum "parse" { value 0; description "Trace parsing code"; } enum "rtsock" { value 1; description "Trace rtsock code"; } enum "sm" { value 2; description "Trace State machine code"; } enum "all" { value 3; description "Trace all area of jflow-service code"; } } } } // list flag } // grouping jflow_service_traceoptions grouping junos_hash_key { description "Select data used in the hash key"; uses apply-advanced; container family { description "Protocol family"; container fcoe { description "FCoE protocol family"; uses apply-advanced; container ethernet-interfaces { description "FCoE hash-key configuration on ethernet interfaces"; uses apply-advanced; leaf oxid { type enumeration { enum "enable" { value 0; description "Include Originator Exchange ID in the hash key"; } enum "disable" { value 1; description "Do not include Originator Exchange ID in the hash key"; } } description "Originator Exchange ID"; } } // container ethernet-interfaces container fabric-interfaces { description "FCoE hash-key configuration on fabric interfaces"; uses apply-advanced; leaf oxid { type enumeration { enum "enable" { value 0; description "Include Originator Exchange ID in the hash key"; } enum "disable" { value 1; description "Do not include Originator Exchange ID in the hash key"; } } description "Originator Exchange ID"; } } // container fabric-interfaces leaf oxid { type enumeration { enum "enable" { value 0; description "Include Originator Exchange ID in the hash key"; } enum "disable" { value 1; description "Do not include Originator Exchange ID in the hash key"; } } description "Originator Exchange ID"; } } // container fcoe container inet { description "IPv4 protocol family"; uses apply-advanced; container layer-3 { presence "enable layer-3"; description "Include Layer 3 (IP) data in the hash key"; uses apply-advanced; leaf destination-address { type empty; description "Include IP destination address in the hash key"; } } // container layer-3 container layer-4 { presence "enable layer-4"; description "Include Layer 4 (TCP or UDP) data in the hash key"; uses apply-advanced; leaf gtp-tunnel-endpoint-identifier { type empty; description "Include GTP TEID in the hash key"; } } // container layer-4 leaf session-id { type empty; description "Include session ID in the hash key"; } container symmetric-hash { junos:must "(("forwarding-options hash-key family inet layer-3" || "forwarding-options hash-key family inet layer-4"))"; junos:must-message "layer-3 and/or layer-4 to be configured for symmetric/complement Hash"; presence "enable symmetric-hash"; description "Create symmetric hash-key with source & destination ports"; uses apply-advanced; leaf complement { type empty; description "Create complement of symmetric hash-key"; } } // container symmetric-hash leaf no-incoming-port { type empty; description "Exclude incoming port from the hash key"; } } // container inet container inet6 { description "IPv6 protocol family"; uses apply-advanced; container layer-3 { presence "enable layer-3"; description "Include Layer 3 (IP) data in the hash key"; uses apply-advanced; leaf destination-address { type empty; description "Include IP destination address in the hash key"; } leaf incoming-interface-index { type empty; description "Include incoming interface index in the hash key"; } leaf next-header { type empty; description "Include IP Next Header field in the hash key"; } leaf source-address { type empty; description "Include IP source address in the hash key"; } leaf traffic-class { type empty; description "Include Traffic Class field in the hash key"; } leaf ipv6-flow-label { type empty; description "Include IPV6 flow label field in the hash key"; } } // container layer-3 container layer-4 { presence "enable layer-4"; description "Include Layer 4 (TCP or UDP) data in the hash key"; uses apply-advanced; leaf destination-port { type empty; description "Include IP destination port in the hash key"; } leaf source-port { type empty; description "Include IP source port in the hash key"; } leaf gtp-tunnel-endpoint-identifier { type empty; description "Include GTP TEID in the hash key"; } } // container layer-4 leaf session-id { type empty; description "Include session ID in the hash key"; } leaf no-incoming-port { type empty; description "Exclude incoming port from the hash key"; } } // container inet6 container mpls { description "MPLS protocol family"; uses apply-advanced; choice label { leaf label-1 { type empty; description "Include the first MPLS label in the hash key"; } leaf all-labels { type empty; description "Include all MPLS labels in hash key"; } leaf no-labels { type empty; description "Exclude all MPLS labels from hash key"; } leaf bottom-label-1 { type empty; description "Include the first MPLS label from bottom-of-stack in the hash key"; } } // choice label leaf label-2 { junos:must "(".. label-1")"; junos:must-message "Must also specify label 1;"; type empty; description "Include the second MPLS label in the hash key"; } leaf label-3 { junos:must "(".. label-2")"; junos:must-message "Must also specify label 2;"; type empty; description "Include the third MPLS label in the hash key"; } leaf bottom-label-2 { junos:must "(".. bottom-label-1")"; junos:must-message "Must also specify bottom-label-1. Cannot use top-of-stack labels."; type empty; description "Include the second MPLS label from bottom-of-stack in the hash key"; } leaf bottom-label-3 { junos:must "(".. bottom-label-2")"; junos:must-message "Must also specify bottom-label-2. Cannot use top-of-stack labels."; type empty; description "Include the third MPLS label from bottom-of-stack in the hash key"; } leaf no-label-1-exp { junos:must "((".. label-1" || ".. no-labels"))"; junos:must-message "Either label-1 or no-labels statement is mandatory"; type empty; description "Omit EXP bits of first MPLS label from the hash key"; } container payload { junos:must "((".. label-1" || (".. no-labels" || (".. all-labels" || ".. bottom-label-1"))))"; junos:must-message "Either label-1, bottom-label-1, all-labels or no-labels statement is mandatory"; description "Include payload data in the hash key"; uses apply-advanced; container ether-pseudowire { presence "enable ether-pseudowire"; description "Load-balance IP over ethernet PW"; uses apply-advanced; leaf zero-control-word { type empty; description "MPLS ether-pseudowire payload with zero-control-word preceding ethernet packet"; } } // container ether-pseudowire container ip { presence "enable ip"; description "Include IPv4 or IPv6 payload data in the hash key"; uses apply-advanced; choice layer-4-select { choice ip-payload { leaf layer-3-only { type empty; description "Include only layer-3 IP information"; } leaf enable { type empty; description "Include layer3/4 IP payload in the hash key"; } leaf disable { type empty; description "Exclude layer3/4 IP payload in the hash key"; } } // choice ip-payload container port-data { presence "enable port-data"; uses apply-advanced; leaf source-msb { type empty; description "Include the most significant byte of the source port"; } leaf source-lsb { type empty; description "Include the least significant byte of the source port"; } leaf destination-msb { type empty; description "Include the most significant byte of the destination port"; } leaf destination-lsb { type empty; description "Include the least significant byte of the destination port"; } } // container port-data } // choice layer-4-select } // container ip } // container payload } // container mpls container multiservice { description "Multiservice protocol family"; uses apply-advanced; leaf source-mac { type empty; description "Include source MAC address in hash key"; } leaf destination-mac { type empty; description "Include destination MAC address in hash key"; } leaf label-1 { type empty; description "Include the first MPLS label in the hash key"; } leaf label-2 { junos:must "(".. label-1")"; junos:must-message "Must also specify label 1;"; type empty; description "Include the second MPLS label in the hash key"; } container payload { description "Include payload data in the hash key"; uses apply-advanced; container ip { description "Include IPv4 payload data in the hash key"; uses apply-advanced; container layer-3 { presence "enable layer-3"; description "Include layer-3 ip info for VPLS/Bridge"; uses apply-advanced; choice layer-3-options { leaf source-ip-only { type empty; description "Include source IP only in hash-key"; } leaf destination-ip-only { type empty; description "Include desintation IP only in hash-key"; } } // choice layer-3-options } // container layer-3 leaf layer-4 { type empty; description "Include layer-4 IP information for VPLS/Bridge"; } leaf layer-3-only { type empty; description "Include only layer-3 IP information"; } } // container ip } // container payload container symmetric-hash { junos:must "(("forwarding-options hash-key family multiservice payload" || ("forwarding-options hash-key family multiservice source-mac" || "forwarding-options hash-key family multiservice destination-mac")))"; junos:must-message "Payload and/or source-MAC and/or destination-MAC to be configured for symmetric/complement Hash"; presence "enable symmetric-hash"; description "Create a/symmetric hash-key with any attributes"; uses apply-advanced; leaf complement { type empty; description "Create complement of symmetric hash-key"; } } // container symmetric-hash } // container multiservice } // container family container resilient-hash-seed { presence "enable resilient-hash-seed"; description "Resilient hash seed"; uses apply-advanced; leaf resilient-seed-value { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 4294967295"; } } description "Hash seed value for resilient ECMP and LAG"; } } // container resilient-hash-seed } // grouping junos_hash_key grouping layer2_pm_family_output_type { uses apply-advanced; choice interface-or-next-hop-index { leaf interface { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface through which to send sampled traffic"; } leaf next-hop-group { junos:must "(!(".. no-filter-check"))"; junos:must-message "no-filter-check is not allowed with next-hop-group"; junos:must "("forwarding-options next-hop-group $$ group-type layer-2")"; junos:must-message "Referenced next-hop-group must be defined as layer-2 group"; type string; description "Next-hop-group through which to send port-mirror traffic"; } list routing-instance { key "name"; max-elements 1; description "Routing instances"; uses layer2_pm_output-routing-instance-type; } // list routing-instance list vlan { key "name"; max-elements 1; description "Outgoing VLAN for mirrored packets"; uses pm-rspan-vlan; } // list vlan list bridge-domain { key "name"; max-elements 1; description "Outgoing bridge-domain for mirrored packets"; uses pm-rspan-bridge-domain; } // list bridge-domain } // choice interface-or-next-hop-index leaf no-filter-check { type empty; description "Do not check for filters on port-mirroring interface"; } } // grouping layer2_pm_family_output_type grouping layer2_pm_output-routing-instance-type { leaf name { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance name"; } uses apply-advanced; list vlan { key "name"; max-elements 1; description "Outgoing VLAN for mirrored packets"; uses pm-rspan-vlan; } // list vlan list bridge-domain { key "name"; max-elements 1; description "Outgoing bridge-domain for mirrored packets"; uses pm-rspan-bridge-domain; } // list bridge-domain } // grouping layer2_pm_output-routing-instance-type grouping macro-data-type { leaf name { type string; description "Keyword part of the keyword-value pair"; } leaf value { type string; description "Value part of the keyword-value pair"; } } // grouping macro-data-type grouping mirror-profile-attributes { description "Mirror profile attributes"; leaf name { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; length "1 .. 63"; } description "Mirror profile name"; } uses apply-advanced; leaf ptp-packet-timestamp { junos:must "(".. collector")"; junos:must-message "configure collector details when packet-timestamp is enabled"; type empty; description "Enable precision-time-protocol packet timestamp"; } container collector { description "Send mirrored traffic to collector"; uses apply-advanced; leaf ip-address { type jt:ipaddr; description "Collector destination ip-address"; } leaf l4-port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "Layer 4 UDP/TCP port number of the collector"; } container routing-instance { presence "enable routing-instance"; description "Routing instances"; uses apply-advanced; leaf routing-instance-name { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance name"; } leaf ip-address { type jt:ipaddr; description "Collector destination ip-address"; } leaf l4-port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "Layer 4 UDP/TCP port number of the collector"; } } // container routing-instance } // container collector leaf observation-domain-id { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "Observation domain Id"; } } // grouping mirror-profile-attributes grouping monitoring_input_type { uses apply-advanced; list interface { key "name"; ordered-by user; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface which will be monitored"; } uses apply-advanced; } // list interface } // grouping monitoring_input_type grouping monitoring_output_type { uses apply-advanced; leaf export-format { type enumeration { enum "cflowd-version-5" { value 0; description "Export in cflowd version 5 format"; } } description "Format for sending monitoring information"; } leaf destination-address { type jt:ipv4addr; status deprecated; description "Address to which monitored packets will be sent"; } leaf destination-port { type union { type uint16; type string { pattern "<.*>|$.*"; } } status deprecated; description "Port to which monitored packets will be sent"; } leaf source-address { type jt:ipv4addr; status deprecated; description "Address to use for generating monitored packets"; } leaf flow-active-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1800"; } } units "seconds"; default "1800"; description "Interval after which an active flow is exported"; } leaf flow-inactive-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1800"; } } units "seconds"; default "60"; description "Interval of inactivity that marks a flow inactive"; } leaf flow-export-destination { type enumeration { enum "collector-pic" { value 0; description "Send flow information to collector PIC"; } enum "cflowd-collector" { value 1; description "Send flow information to cflowd collector"; } } description "Destination for flow export"; } list cflowd { junos:must "(!(".. flow-export-destination collector-pic"))"; junos:must-message "cflowd cannot be configured when flow collection mode is set"; key "name"; description "Collector destination where flow records are sent"; uses cflowd_monitoring_type; } // list cflowd list interface { key "name"; description "Interfaces used to send monitored information"; uses monitor_export_intf_type; } // list interface } // grouping monitoring_output_type grouping cflowd_monitoring_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } } // grouping cflowd_monitoring_type grouping monitor_export_intf_type { leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface to be used for sending monitored information"; } uses apply-advanced; leaf engine-id { type union { type uint8; type string { pattern "<.*>|$.*"; } } description "Identity (number) of this monitoring interface"; } leaf engine-type { type union { type uint8; type string { pattern "<.*>|$.*"; } } description "Type (number) of this monitoring interface"; } leaf input-interface-index { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Input interface index for records from this interface"; } leaf output-interface-index { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Output interface index for records from this interface"; } leaf source-address { type jt:ipv4addr; description "Address to use for generating monitored packets"; } } // grouping monitor_export_intf_type grouping mpls_pm_family_output_type { uses apply-advanced; leaf server-profile { junos:must "(("services hosted-services server-profile $$" && ("services hosted-services server-profile $$ server-address" && "services hosted-services server-profile $$ client-address")))"; junos:must-message "Only complete server profiles configured under [services hosted-services server-profile] can be configured here"; type string { length "3 .. 32"; } description "Server profile name"; } } // grouping mpls_pm_family_output_type grouping next_hop_group_intf_type { leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface through which to send sampled traffic"; } uses apply-advanced; list next-hop { junos:must "((".. .. group-type inet" || ".. .. group-type inet6"))"; junos:must-message "Next-hop can be specified only for group-type inet or inet6"; key "name"; ordered-by user; description "Address of next hop through which to send sampled traffic"; uses next_hop_type; } // list next-hop } // grouping next_hop_group_intf_type grouping next_hop_subgroup_intf_type { leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface through which to send sampled traffic"; } uses apply-advanced; list next-hop { junos:must "((".. .. .. group-type inet" || ".. .. .. group-type inet6"))"; junos:must-message "Next-hop can be specified only for group-type inet or inet6"; key "name"; ordered-by user; description "Address of next hop through which to send sampled traffic"; uses next_hop_type; } // list next-hop } // grouping next_hop_subgroup_intf_type grouping next_hop_type { description "Address of next hop through which to send sampled traffic"; leaf name { type jt:ipaddr; } uses apply-advanced; } // grouping next_hop_type grouping override-type { description "DHCP override processing"; uses apply-advanced; leaf no-unicast-replies { junos:must "(!(".. layer2-unicast-replies"))"; junos:must-message "no-unicast-replies cannot be configured with layer2-unicast-replies"; type empty; description "Overwrite unicast bit in incoming packet, when present"; } choice allow-snooped-clients-choice { leaf allow-snooped-clients { type empty; description "Allow client creation from snooped PDUs"; } leaf no-allow-snooped-clients { type empty; description "Don't allow client creation from snooped PDUs"; } } // choice allow-snooped-clients-choice leaf allow-no-end-option { type empty; description "Allow packets without end-of-option"; } leaf always-write-giaddr { type empty; description "Overwrite existing 'giaddr' field, when present"; } container always-write-option-82 { presence "enable always-write-option-82"; description "Overwrite existing value of option 82, when present"; uses write-option-82-type; } // container always-write-option-82 leaf user-defined-option-82 { type string { length "1 .. 252"; } description "Set user defined description for option-82"; } leaf layer2-unicast-replies { junos:must "(!(".. no-unicast-replies"))"; junos:must-message "layer2-unicast-replies cannot be configured with no-unicast-replies"; type empty; description "Do not broadcast client responses"; } leaf trust-option-82 { type empty; description "Trust options-82 option"; } leaf delay-authentication { type empty; description "Delay subscriber authentication in DHCP protocol processing until request packet"; } leaf disable-relay { type empty; description "Disable DHCP relay processing"; } leaf no-bind-on-request { type empty; description "Do not bind if stray DHCP request is received"; } leaf interface-client-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 500000"; } } description "Limit the number of client allowed on an interface"; } leaf no-arp { junos:must "((!(".. route-suppression destination") && !(".. route-suppression access-internal")))"; junos:must-message "Cannot specify route-suppression with overrides no-arp"; type empty; status deprecated; description "Disable DHCP ARP table population"; } leaf bootp-support { type empty; description "Allows relay of bootp req and reply"; } leaf dual-stack { type string { length "1 .. 64"; } description "Dual stack group to use."; } container client-discover-match { presence "enable client-discover-match"; description "Use secondary match criteria for DISCOVER PDU"; choice match-with { leaf option60-and-option82 { type empty; description "Use option 60 and option 82"; } leaf incoming-interface { type empty; description "Use incoming interface"; } } // choice match-with } // container client-discover-match container proxy-mode { presence "enable proxy-mode"; description "Put the relay in proxy mode"; } // container proxy-mode leaf asymmetric-lease-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Use a reduced lease time for the client. In seconds"; } container replace-ip-source-with { description "Replace IP source address in request and release packets"; choice replacement-type { leaf giaddr { type empty; description "Replace IP source address with giaddr"; } } // choice replacement-type } // container replace-ip-source-with leaf send-release-on-delete { type empty; description "Always send RELEASE to the server when a binding is deleted"; } leaf apply-secondary-as-giaddr { type empty; description "Enable DHCP relay to use secondary gateway ip for relay interfaces"; } leaf relay-source { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface for relay source"; } leaf delete-binding-on-renegotiation { type empty; description "Delete binding on rengotiation"; } } // grouping override-type grouping packet-capture-egress-intf-type { uses apply-advanced; list interface { key "name"; description "Interface options"; leaf name { type union { type jt:interface-device; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; } // list interface } // grouping packet-capture-egress-intf-type grouping packet_accounting_output_type { uses apply-advanced; leaf aggregate-export-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "90 .. 1800"; } } units "seconds"; default "90"; description "Interval of exporting aggregate accounting information"; } leaf flow-inactive-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1800"; } } units "seconds"; default "60"; description "Interval of inactivity that marks a flow inactive"; } leaf flow-active-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1800"; } } units "seconds"; default "1800"; description "Interval after which an active flow is exported"; } list cflowd { junos:must "(all ".. interface <*> source-address")"; junos:must-message "'forwarding-options accounting output interface source-address' must be specified with 'flow-server' and 'interface'"; junos:must "(any ".. interface <*>")"; junos:must-message "'forwarding-options accounting output interface' must be specified"; key "name"; description "Cflowd collector where flow records are sent"; uses cflowd_packet_accounting_type; } // list cflowd list interface { key "name"; description "Interfaces used to send monitored information"; uses packet_export_intf_type; } // list interface } // grouping packet_accounting_output_type grouping cflowd_packet_accounting_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } leaf version { type enumeration { enum "5" { value 0; description "Export cflowd aggregates in version 5 format"; } enum "8" { value 1; description "Export cflowd aggregates in version 8 format"; } } default "5"; description "Format of exported cflowd aggregates"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 0; description "Export origin-AS numbers"; } enum "peer" { value 1; description "Export peer-AS numbers"; } } default "origin"; description "Type of autonomous system number to export"; } container aggregation { description "Aggregations to perform for exported flows (version 8 only)"; uses aggregation_type; } // container aggregation } // grouping cflowd_packet_accounting_type grouping aggregation_type { uses apply-advanced; leaf autonomous-system { type empty; description "Aggregate by autonomous system number"; } leaf protocol-port { type empty; description "Aggregate by protocol and port number"; } leaf source-prefix { type empty; description "Aggregate by source prefix"; } leaf destination-prefix { type empty; description "Aggregate by destination prefix"; } container source-destination-prefix { presence "enable source-destination-prefix"; description "Aggregate by source and destination prefix"; uses apply-advanced; leaf caida-compliant { type empty; description "Compatible with Caida record format for prefix aggregation (v8)"; } } // container source-destination-prefix } // grouping aggregation_type grouping packet_export_intf_type { leaf name { type union { type jt:interface-unit; type string { pattern "<.*>|$.*"; } } description "Interfaces used to send monitored information"; } uses apply-advanced; leaf engine-id { type union { type uint8; type string { pattern "<.*>|$.*"; } } description "Identity (number) of this accounting interface"; } leaf engine-type { type union { type uint8; type string { pattern "<.*>|$.*"; } } description "Type (number) of this accounting interface"; } leaf source-address { type jt:ipaddr; description "Address to use for generating monitored packets"; } container export-port { presence "enable export-port"; description "Jflow export port configuration"; uses export_port_address_type; } // container export-port } // grouping packet_export_intf_type grouping export_port_address_type { uses apply-advanced; leaf address { type jt:ipv4prefix; description "Address to use for jflow export port"; } leaf gateway { type jt:ipv4addr; description "Gateway address to reach jflow server"; } } // grouping export_port_address_type grouping pm-rspan-bridge-domain { description "RSPAN bridge-domain for pm"; leaf name { junos:must "(!("vlans $$ forwarding-options filter"))"; junos:must-message "A vlan cannot both be an analyzer output vlan and have a filter applied to it."; type string; description "Bridge domain name or VLAN id"; } uses apply-advanced; } // grouping pm-rspan-bridge-domain grouping pm-rspan-vlan { description "RSPAN vlan for pm"; leaf name { junos:must "(!("vlans $$ forwarding-options filter"))"; junos:must-message "A vlan cannot both be an analyzer output vlan and have a filter applied to it."; type string; description "VLAN name or VLAN id"; } uses apply-advanced; leaf no-tag { type empty; description "Removes extra RSPAN tag from mirrored packets"; } } // grouping pm-rspan-vlan grouping pm_family_input_type { description "Input options for port mirroring"; uses apply-advanced; leaf rate { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Ratio of packets to be sampled (1 out of N)"; } leaf run-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 20"; } } description "Number of samples after initial trigger"; } leaf maximum-packet-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 9216"; } } units "bytes"; default "0"; description "Maximum length of the mirrored packet"; } } // grouping pm_family_input_type grouping relay-active-leasequery-v4-type { description "Configure active leasequery"; uses apply-advanced; leaf topology-discover { junos:must "(".. peer-address")"; junos:must-message "Must configure [peer-address] to configure topology-discover"; type empty; description "Topology discovery"; } list peer-address { key "name"; ordered-by user; description "Server ip address"; leaf name { type jt:ipaddr; description "Peer ip address"; } uses apply-advanced; } // list peer-address leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "120"; description "Read/write timeout in seconds"; } leaf idle-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "60"; description "Idle timeout in seconds"; } } // grouping relay-active-leasequery-v4-type grouping relay-active-leasequery-v6-type { description "Configure active leasequery"; uses apply-advanced; leaf topology-discover { junos:must "(".. peer-address")"; junos:must-message "Must configure [peer-address] to configure topology-discover"; type empty; description "Topology discovery"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "120"; description "Read/write timeout in seconds"; } leaf idle-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "60"; description "Idle timeout in seconds"; } list peer-address { key "name"; ordered-by user; description "Peer ipv6 address"; leaf name { type jt:ipv6addr; description "Peer ipv6 address"; } uses apply-advanced; } // list peer-address } // grouping relay-active-leasequery-v6-type grouping relay-bulk-leasequery-v4-type { junos:must "(".. overrides always-write-option-82")"; junos:must-message "Must configure [overrides always-write-option-82] to overwrite circuit-id for bulk-leasequery"; junos:must "((".. relay-option-82 circuit-id" && !((".. relay-option-82 circuit-id use-interface-description" || ".. relay-option-82 circuit-id require-interface-description"))))"; junos:must-message "Must configure [relay-option-82 circuit-id] without description to insert circuit-id for bulk-leasequery"; description "Configure bulk leasequery"; uses apply-advanced; leaf attempts { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 720"; } } default "360"; description "Number of retry attempts"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } units "seconds"; default "10"; description "Number of seconds"; } } // grouping relay-bulk-leasequery-v4-type grouping relay-bulk-leasequery-v6-type { junos:must "(".. relay-agent-interface-id")"; junos:must-message "Must configure [relay-agent-interface-id] to insert interface-id for bulk-leasequery"; description "Configure bulk leasequery"; uses apply-advanced; leaf attempts { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } default "6"; description "Number of retry attempts"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } units "seconds"; default "10"; description "Number of seconds"; } container trigger { description "Trigger for bulk leasequery"; leaf automatic { type empty; description "Trigger automatically"; } } // container trigger } // grouping relay-bulk-leasequery-v6-type grouping relay-leasequery-type { description "Configure leasequery"; uses apply-advanced; leaf attempts { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } default "6"; description "Number of retry attempts"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } units "seconds"; default "10"; description "Number of seconds"; } } // grouping relay-leasequery-type grouping relay-option-60-type-group { description "DHCP option-60 processing"; uses apply-advanced; container vendor-option { description "Add vendor option"; uses apply-advanced; container equals { description "Option 60 equals"; uses relay-option-60-match-group; } // container equals container not-equals { status deprecated; description "Option 60 does not equal"; uses relay-option-60-match-group; } // container not-equals container starts-with { description "Option 60 starts with"; uses relay-option-60-match-group; } // container starts-with choice server-group-choice { leaf default-relay-server-group { junos:must "(".. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is not made"; } leaf default-local-server-group { junos:must "(".. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is not made"; } leaf drop { type empty; description "Discard when a match is not made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is not made"; } } // choice server-group-choice } // container vendor-option } // grouping relay-option-60-type-group grouping relay-option-60-match-group { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "(".. .. .. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "(".. .. .. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "(".. .. .. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "(".. .. .. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list hexadecimal } // grouping relay-option-60-match-group grouping relay-option-60-type-top { description "DHCP option-60 processing"; uses apply-advanced; container vendor-option { description "Add vendor option"; uses apply-advanced; container equals { description "Option 60 equals"; uses relay-option-60-match-top; } // container equals container not-equals { status deprecated; description "Option 60 does not equal"; uses relay-option-60-match-top; } // container not-equals container starts-with { description "Option 60 starts with"; uses relay-option-60-match-top; } // container starts-with choice server-group-choice { leaf default-relay-server-group { junos:must "(".. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is not made"; } leaf default-local-server-group { junos:must "(".. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is not made"; } leaf drop { type empty; description "Discard when a match is not made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is not made"; } } // choice server-group-choice } // container vendor-option } // grouping relay-option-60-type-top grouping relay-option-60-match-top { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "(".. .. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "(".. .. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "(".. .. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "(".. .. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list hexadecimal } // grouping relay-option-60-match-top grouping relay-option-82-type { description "DHCP option-82 processing"; uses apply-advanced; container circuit-id { presence "enable circuit-id"; description "Add circuit identifier"; uses apply-advanced; container prefix { description "Add prefix to circuit/interface-id or remote-id"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to circuit / interface-id or remote-id"; } leaf logical-system-name { type empty; description "Add logical system name to circuit / interface-id or remote-id"; } leaf routing-instance-name { type empty; description "Add routing instance name to circuit / interface-id or remote-id"; } } // container prefix leaf use-interface-description { junos:must "(!(".. require-interface-description"))"; junos:must-message "use-interface-description may not be set with require-interface-desciption"; type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of circuit identifier"; } leaf use-vlan-id { junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))"; junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured"; type empty; description "Use VLAN id instead of name"; } container vlan-id-only { junos:must "(!((".. include-irb-and-l2" || (".. keep-incoming-circuit-id" || (".. user-defined" || (".. no-vlan-interface-name" || (".. use-interface-description" || (".. use-vlan-id" || (".. prefix" || ".. require-interface-description")))))))))"; junos:must-message "Vlan-id-only cannot be clubbed along with any other option-82 knob"; presence "enable vlan-id-only"; description "Use only VLAN id"; uses apply-advanced; } // container vlan-id-only leaf no-vlan-interface-name { type empty; description "Not include vlan or interface name"; } leaf include-irb-and-l2 { type empty; description "Include IRB and L2 interface name"; } leaf user-defined { junos:must "(!((".. include-irb-and-l2" || (".. keep-incoming-circuit-id" || (".. no-vlan-interface-name" || (".. use-interface-description" || (".. use-vlan-id" || (".. prefix" || ".. require-interface-description"))))))))"; junos:must-message "The user defined description for option 82 must be defined in order to see the usage and doesnt coexist with prefix"; type empty; description "Include user defined string"; } leaf keep-incoming-circuit-id { type empty; description "Keep incoming circuit identifier"; } } // container circuit-id container remote-id { presence "enable remote-id"; description "Add remote identifier"; uses apply-advanced; container prefix { description "Add prefix to circuit/interface-id or remote-id"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to circuit / interface-id or remote-id"; } leaf logical-system-name { type empty; description "Add logical system name to circuit / interface-id or remote-id"; } leaf routing-instance-name { type empty; description "Add routing instance name to circuit / interface-id or remote-id"; } } // container prefix leaf use-interface-description { junos:must "(!(".. require-interface-description"))"; junos:must-message "use-interface-description may not be set with require-interface-desciption"; type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of circuit identifier"; } leaf use-vlan-id { junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))"; junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured"; type empty; description "Use VLAN id instead of name"; } leaf no-vlan-interface-name { type empty; description "Not include vlan or interface name"; } leaf include-irb-and-l2 { type empty; description "Include IRB and L2 interface name"; } container hostname-only { junos:must "(!((".. include-irb-and-l2" || (".. keep-incoming-remote-id" || (".. no-vlan-interface-name" || (".. use-interface-description" || (".. use-vlan-id" || (".. prefix" || ".. use-string"))))))))"; junos:must-message "Hostname-only cannot be clubbed with any other sub-option"; presence "enable hostname-only"; description "Include hostname only"; uses apply-advanced; } // container hostname-only leaf keep-incoming-remote-id { type empty; description "Keep incoming remote identifier"; } leaf use-string { junos:must "(!((".. use-interface-description" || (".. require-interface-description" || (".. include-irb-and-l2" || (".. keep-incoming-circuit-id" || (".. no-vlan-interface-name" || ".. use-vlan-id")))))))"; junos:must-message "use-string can only coexist with prefix"; type string; description "Use raw string instead of the default remote id"; } } // container remote-id leaf server-id-override { junos:must "(!(".. link-selection"))"; junos:must-message "server-id-override cannot be configured with link-selection"; type empty; description "Add link-selection and server-id sub-options on packets to server"; } leaf link-selection { junos:must "(!(".. server-id-override"))"; junos:must-message "link-selection cannot be configured with server-id-override"; type empty; description "Add link-selection suboption on packets to server"; } leaf exclude-relay-agent-identifier { type empty; description "Exclude relay agent identifier from packets to server"; } container vendor-specific { description "Add vendor-specific information"; uses jdhcp-vendor-specific-type; } // container vendor-specific } // grouping relay-option-82-type grouping relay-v4-option-ascii-hex { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "((".. .. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. system services dhcp-local-server group $$" || ".. .. .. .. .. system services dhcp-local-server group $$"))))"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "((".. .. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. system services dhcp-local-server group $$" || ".. .. .. .. .. system services dhcp-local-server group $$"))))"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list hexadecimal } // grouping relay-v4-option-ascii-hex grouping relay-v6-option-ascii-hex { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list hexadecimal } // grouping relay-v6-option-ascii-hex grouping route_record_traceoptions { description "Traceoptions for sampling route record"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of route-record to enable debuging output"; leaf name { type enumeration { enum "parse" { value 0; description "Trace parsing code"; } enum "all" { value 1; description "Trace all area of jflow-service code"; } } } } // list flag } // grouping route_record_traceoptions grouping sampling_family_inet6_output_type { description "Configure output options for packet sampling"; uses apply-advanced; leaf aggregate-export-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "90 .. 1800"; } } units "seconds"; default "90"; description "Interval of exporting aggregate accounting information"; } leaf flow-inactive-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1800"; } } units "seconds"; default "60"; description "Interval of inactivity that marks a flow inactive"; } leaf flow-active-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1800"; } } units "seconds"; default "1800"; description "Interval after which an active flow is exported"; } list flow-server { junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))"; junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'"; key "name"; max-elements 8; description "Configure sending traffic aggregates in cflowd format"; uses cflowd_sampling_inet6_sampling_type; } // list flow-server list interface { junos:must "((any ".. flow-server <*>" || any ".. extension-service <*>"))"; junos:must-message "'flow-server' or 'extension-service' must be specified with 'interface'"; key "name"; max-elements 1; description "Interfaces used to send monitored information"; uses packet_export_intf_type; } // list interface container inline-jflow { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with the inline Jflow"; presence "enable inline-jflow"; description "Inline processing of sampled packets"; uses packet_export_inline; } // container inline-jflow list extension-service { junos:must "(!(".. flow-active-timeout"))"; junos:must-message "'.. flow-active-timeout' is not needed with 'extension-service'"; junos:must "(!(".. flow-inactive-timeout"))"; junos:must-message "'.. flow-inactive-timeout' is not valid for 'extension-service'"; junos:must "(!(".. aggregate-export-interval"))"; junos:must-message "'.. aggregate-export-interval' is not valid for 'extension-service'"; junos:must "(!(any ".. flow-server <*>"))"; junos:must-message "'.. flow-server' is not needed with 'extension-service'"; junos:must "(!(any ".. interface <*> source-address"))"; junos:must-message "'.. interface source-address' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-id"))"; junos:must-message "'.. interface engine-id' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-type"))"; junos:must-message "'.. interface engine-type' is not valid for 'extension-service'"; junos:must "(any ".. interface <*>")"; junos:must-message "'.. interface' must be specified with 'extension-service'"; key "name"; ordered-by user; description "Define the customer specific sampling configuration"; leaf name { type string { length "1 .. 63"; } description "Customer prefixed sampling service name"; } uses apply-advanced; } // list extension-service } // grouping sampling_family_inet6_output_type grouping cflowd_sampling_inet6_sampling_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 0; description "Export origin-AS numbers"; } enum "peer" { value 1; description "Export peer-AS numbers"; } } default "origin"; description "Type of autonomous system number to export"; } container aggregation { junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; description "Aggregations to perform for exported flows (version 8 only)"; uses aggregation_type; } // container aggregation choice local-dump-choice { leaf local-dump { type empty; description "Dump cflowd records to log file before exporting"; } leaf no-local-dump { type empty; description "Don't dump cflowd records to log file before exporting"; } } // choice local-dump-choice leaf source-address { type jt:ipv4addr; description "Source IPv4 address for cflowd packets"; } container version9 { junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))"; junos:must-message "Select only one version or configure only RE based samping under family inet"; junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))"; junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9"; presence "enable version9"; description "Export data in version 9 format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "("services flow-monitoring version9 template $$ ipv6-template")"; junos:must-message "Template type must match input protocol"; type string; description "Template name"; } } // container template } // container version9 } // grouping cflowd_sampling_inet6_sampling_type grouping packet_export_inline { uses apply-advanced; leaf source-address { type jt:ipaddr; description "Address to use for generating monitored packets"; } leaf flow-export-rate { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 3200"; } } description "Flow export rate of monitored packets in kpps"; } } // grouping packet_export_inline grouping sampling_family_input_type { description "Configure input options for packet sampling"; uses apply-advanced; leaf rate { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Ratio of packets to be sampled (1 out of N)"; } leaf run-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 20"; } } default "0"; description "Number of samples after initial trigger"; } leaf max-packets-per-second { type union { type uint16; type string { pattern "<.*>|$.*"; } } default "1000"; description "Threshold of samples per second before dropping"; } leaf maximum-packet-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 9192"; } } units "bytes"; default "0"; description "Maximum length of the sampled packet"; } } // grouping sampling_family_input_type grouping sampling_global_mpls_output_type { description "Configure output options for packet sampling"; uses apply-advanced; leaf aggregate-export-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "90 .. 1800"; } } units "seconds"; default "90"; description "Interval of exporting aggregate accounting information"; } leaf flow-inactive-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1800"; } } units "seconds"; default "60"; description "Interval of inactivity that marks a flow inactive"; } leaf flow-active-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1800"; } } units "seconds"; default "1800"; description "Interval after which an active flow is exported"; } list flow-server { junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))"; junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'"; key "name"; max-elements 8; description "Configure sending traffic aggregates in cflowd format"; uses cflowd_global_mpls_sampling_type; } // list flow-server list interface { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with 'interface'"; key "name"; max-elements 1; description "Interfaces used to send monitored information"; uses packet_export_intf_type; } // list interface } // grouping sampling_global_mpls_output_type grouping cflowd_global_mpls_sampling_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 0; description "Export origin-AS numbers"; } enum "peer" { value 1; description "Export peer-AS numbers"; } } default "origin"; description "Type of autonomous system number to export"; } container aggregation { junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; description "Aggregations to perform for exported flows (version 8 only)"; uses aggregation_type; } // container aggregation choice local-dump-choice { leaf local-dump { type empty; description "Dump cflowd records to log file before exporting"; } leaf no-local-dump { type empty; description "Don't dump cflowd records to log file before exporting"; } } // choice local-dump-choice leaf source-address { type jt:ipv4addr; description "Source IPv4 address for cflowd packets"; } container version9 { junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))"; junos:must-message "Select only one version or configure only RE based samping under family inet"; junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))"; junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9"; presence "enable version9"; description "Export data in version 9 format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "(("services flow-monitoring version9 template $$ mpls-template" || ("services flow-monitoring version9 template $$ mpls-ipv4-template" || "services flow-monitoring version9 template $$ mpls-ipvx-template")))"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version9 template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version9 } // grouping cflowd_global_mpls_sampling_type grouping sampling_input_type { description "Configure input options for packet sampling"; uses apply-advanced; leaf rate { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Ratio of packets to be sampled (1 out of N)"; } leaf run-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 20"; } } default "0"; description "Number of samples after initial trigger"; } leaf max-packets-per-second { type union { type uint16; type string { pattern "<.*>|$.*"; } } default "1000"; description "Threshold of samples per second before dropping"; } leaf maximum-packet-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 9192"; } } units "bytes"; default "0"; description "Maximum length of the sampled packet"; } container family { presence "enable family"; status deprecated; description "Protocol family"; container inet { description "Sampling parameters for IPv4"; uses apply-advanced; leaf rate { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Ratio of packets to be sampled (1 out of N)"; } leaf run-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 20"; } } default "0"; description "Number of samples after initial trigger"; } leaf max-packets-per-second { type union { type uint16; type string { pattern "<.*>|$.*"; } } default "1000"; description "Threshold of samples per second before dropping"; } leaf maximum-packet-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 9192"; } } units "bytes"; default "0"; description "Maximum length of the sampled packet"; } } // container inet container mpls { description "Sampling parameters for MPLS"; uses apply-advanced; leaf rate { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Ratio of packets to be sampled (1 out of N)"; } leaf run-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 20"; } } default "0"; description "Number of samples after initial trigger"; } leaf max-packets-per-second { type union { type uint16; type string { pattern "<.*>|$.*"; } } default "1000"; description "Threshold of samples per second before dropping"; } leaf maximum-packet-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 9192"; } } units "bytes"; default "0"; description "Maximum length of the sampled packet"; } } // container mpls container inet6 { description "Sampling parameters for IPv6"; uses apply-advanced; leaf rate { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Ratio of packets to be sampled (1 out of N)"; } leaf run-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 20"; } } default "0"; description "Number of samples after initial trigger"; } leaf max-packets-per-second { type union { type uint16; type string { pattern "<.*>|$.*"; } } default "1000"; description "Threshold of samples per second before dropping"; } leaf maximum-packet-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 9192"; } } units "bytes"; default "0"; description "Maximum length of the sampled packet"; } } // container inet6 } // container family } // grouping sampling_input_type grouping sampling_instance_bridge_output_type { description "Configure output options for packet sampling"; uses apply-advanced; list flow-server { junos:must "(".. inline-jflow")"; junos:must-message "Output 'inline Jflow' should be configured with flow-server"; key "name"; max-elements 8; description "Configure sending traffic aggregates in cflowd format"; uses cflowd_instance_bridge_sampling_type; } // list flow-server container inline-jflow { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with the inline Jflow"; presence "enable inline-jflow"; description "Inline processing of sampled packets"; uses packet_export_inline_instance; } // container inline-jflow } // grouping sampling_instance_bridge_output_type grouping cflowd_instance_bridge_sampling_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } container version9 { junos:must "(".. .. inline-jflow")"; junos:must-message "inline Jflow must be specified for version9"; presence "enable version9"; description "Export data in version 9 format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "("services flow-monitoring version9 template $$ bridge-template")"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version9 template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version9 container version-ipfix { junos:must "(".. .. inline-jflow")"; junos:must-message "inline Jflow must be specified for version-ipfix"; presence "enable version-ipfix"; description "Export data in version ipfix format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "("services flow-monitoring version-ipfix template $$ bridge-template")"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version-ipfix } // grouping cflowd_instance_bridge_sampling_type grouping packet_export_inline_instance { uses apply-advanced; leaf source-address { type jt:ipaddr; description "Address to use for generating monitored packets"; } leaf flow-export-rate { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 3200"; } } description "Flow export rate of monitored packets in kpps"; } } // grouping packet_export_inline_instance grouping sampling_instance_inet6_output_type { description "Configure output options for packet sampling"; uses apply-advanced; leaf aggregate-export-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "90 .. 1800"; } } units "seconds"; default "90"; description "Interval of exporting aggregate accounting information"; } leaf flow-inactive-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1800"; } } units "seconds"; default "60"; description "Interval of inactivity that marks a flow inactive"; } leaf flow-active-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1800"; } } units "seconds"; default "1800"; description "Interval after which an active flow is exported"; } list flow-server { junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))"; junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'"; key "name"; max-elements 8; description "Configure sending traffic aggregates in cflowd format"; uses cflowd_instance_inet6_sampling_type; } // list flow-server list interface { junos:must "((any ".. flow-server <*>" || any ".. extension-service <*>"))"; junos:must-message "'flow-server' or 'extension-service' must be specified with 'interface'"; key "name"; max-elements 1; description "Interfaces used to send monitored information"; uses packet_export_intf_type; } // list interface container inline-jflow { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with the inline Jflow"; presence "enable inline-jflow"; description "Inline processing of sampled packets"; uses packet_export_inline_instance; } // container inline-jflow list extension-service { junos:must "(!(".. flow-active-timeout"))"; junos:must-message "'.. flow-active-timeout' is not needed with 'extension-service'"; junos:must "(!(".. flow-inactive-timeout"))"; junos:must-message "'.. flow-inactive-timeout' is not valid for 'extension-service'"; junos:must "(!(".. aggregate-export-interval"))"; junos:must-message "'.. aggregate-export-interval' is not valid for 'extension-service'"; junos:must "(!(any ".. flow-server <*>"))"; junos:must-message "'.. flow-server' is not needed with 'extension-service'"; junos:must "(!(any ".. interface <*> source-address"))"; junos:must-message "'.. interface source-address' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-id"))"; junos:must-message "'.. interface engine-id' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-type"))"; junos:must-message "'.. interface engine-type' is not valid for 'extension-service'"; junos:must "(any ".. interface <*>")"; junos:must-message "'.. interface' must be specified with 'extension-service'"; key "name"; ordered-by user; description "Define the customer specific sampling configuration"; leaf name { type string { length "1 .. 63"; } description "Customer prefixed sampling service name"; } uses apply-advanced; } // list extension-service } // grouping sampling_instance_inet6_output_type grouping cflowd_instance_inet6_sampling_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 0; description "Export origin-AS numbers"; } enum "peer" { value 1; description "Export peer-AS numbers"; } } default "origin"; description "Type of autonomous system number to export"; } container aggregation { junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; description "Aggregations to perform for exported flows (version 8 only)"; uses aggregation_type; } // container aggregation choice local-dump-choice { leaf local-dump { type empty; description "Dump cflowd records to log file before exporting"; } leaf no-local-dump { type empty; description "Don't dump cflowd records to log file before exporting"; } } // choice local-dump-choice leaf source-address { type jt:ipv4addr; description "Source IPv4 address for cflowd packets"; } container version9 { junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))"; junos:must-message "Select only one version or configure only RE based samping under family inet"; junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))"; junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9"; presence "enable version9"; description "Export data in version 9 format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "("services flow-monitoring version9 template $$ ipv6-template")"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version9 template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version9 container version-ipfix { junos:must "(".. .. inline-jflow")"; junos:must-message "inline Jflow must be specified for version-ipfix"; presence "enable version-ipfix"; description "Export data in version ipfix format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "("services flow-monitoring version-ipfix template $$ ipv6-template")"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version-ipfix } // grouping cflowd_instance_inet6_sampling_type grouping sampling_instance_inet_global_output_type { description "Configure output options for packet sampling"; uses apply-advanced; leaf aggregate-export-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "90 .. 1800"; } } units "seconds"; default "90"; description "Interval of exporting aggregate accounting information"; } leaf flow-inactive-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1800"; } } units "seconds"; default "60"; description "Interval of inactivity that marks a flow inactive"; } leaf flow-active-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1800"; } } units "seconds"; default "1800"; description "Interval after which an active flow is exported"; } container file { junos:must "(!(any ".. extension-service <*>"))"; junos:must-message "This configuration is not required with 'extension-service'"; description "Configure parameters for dumping sampled packets"; choice enable-disable { leaf disable { type empty; description "Disable sampled packet dumps"; } } // choice enable-disable leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file to contain sampled packet dumps"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 10000"; } } default "10"; description "Maximum number of sampled packet dump files"; } leaf size { type string; description "Maximum sample dump file size"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the sampled dump"; } leaf no-world-readable { type empty; description "Don't allow any user to read the sampled dump"; } } // choice world-readable-choice choice stamp-choice { leaf stamp { type empty; description "Timestamp every packet in the dump"; } leaf no-stamp { type empty; description "Don't timestamp every packet in the dump"; } } // choice stamp-choice } // container file container port-mirroring { junos:must "(!(any ".. extension-service <*>"))"; junos:must-message "This configuration is not required with 'extension-service'"; presence "enable port-mirroring"; description "Configure sending sampled traffic out through an interface"; uses inet_pm_family_output_type; } // container port-mirroring list flow-server { junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))"; junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'"; key "name"; max-elements 8; description "Configure sending traffic aggregates in cflowd format"; uses cflowd_sampling_inet_type; } // list flow-server list interface { junos:must "((any ".. flow-server <*>" || any ".. extension-service <*>"))"; junos:must-message "'flow-server' or 'extension-service' must be specified with 'interface'"; key "name"; max-elements 1; description "Interfaces used to send monitored information"; uses packet_export_intf_type; } // list interface container inline-jflow { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with the inline Jflow"; presence "enable inline-jflow"; description "Inline processing of sampled packets"; uses packet_export_inline; } // container inline-jflow list extension-service { junos:must "(!(".. flow-active-timeout"))"; junos:must-message "'.. flow-active-timeout' is not needed with 'extension-service'"; junos:must "(!(".. flow-inactive-timeout"))"; junos:must-message "'.. flow-inactive-timeout' is not valid for 'extension-service'"; junos:must "(!(".. aggregate-export-interval"))"; junos:must-message "'.. aggregate-export-interval' is not valid for 'extension-service'"; junos:must "(!(any ".. flow-server <*>"))"; junos:must-message "'.. flow-server' is not needed with 'extension-service'"; junos:must "(!(any ".. interface <*> source-address"))"; junos:must-message "'.. interface source-address' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-id"))"; junos:must-message "'.. interface engine-id' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-type"))"; junos:must-message "'.. interface engine-type' is not valid for 'extension-service'"; junos:must "(any ".. interface <*>")"; junos:must-message "'.. interface' must be specified with 'extension-service'"; key "name"; ordered-by user; description "Define the customer specific sampling configuration"; leaf name { type string { length "1 .. 63"; } description "Customer prefixed sampling service name"; } uses apply-advanced; } // list extension-service } // grouping sampling_instance_inet_global_output_type grouping cflowd_sampling_inet_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 0; description "Export origin-AS numbers"; } enum "peer" { value 1; description "Export peer-AS numbers"; } } default "origin"; description "Type of autonomous system number to export"; } container aggregation { junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; description "Aggregations to perform for exported flows (version 8 only)"; uses aggregation_type; } // container aggregation choice local-dump-choice { leaf local-dump { type empty; description "Dump cflowd records to log file before exporting"; } leaf no-local-dump { type empty; description "Don't dump cflowd records to log file before exporting"; } } // choice local-dump-choice leaf source-address { type jt:ipv4addr; description "Source IPv4 address for cflowd packets"; } container version9 { junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))"; junos:must-message "Select only one version or configure only RE based samping under family inet"; junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))"; junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9"; presence "enable version9"; description "Export data in version 9 format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "(("services flow-monitoring version9 template $$ ipv4-template" || "services flow-monitoring version9 template $$ peer-as-billing-template"))"; junos:must-message "Template type must match input protocol"; type string; description "Template name"; } } // container template } // container version9 container version-ipfix { presence "enable version-ipfix"; status deprecated; description "Export data in version ipfix format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { type string; description "Template name"; } } // container template } // container version-ipfix leaf version { junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; type enumeration { enum "5" { junos:must "("system ntp")"; junos:must-message " NTP must be configured for sampling v5/8/500 to work properly"; value 0; description "Export cflowd aggregates in version 5 format"; } enum "8" { junos:must "("system ntp")"; junos:must-message " NTP must be configured for sampling v5/8/500 to work properly"; value 1; description "Export cflowd aggregates in version 8 format"; } enum "500" { junos:must "(!(".. .. interface"))"; junos:must-message "This feature is only supported for RE based sampling"; junos:must "("system ntp")"; junos:must-message " NTP must be configured for sampling v5/8/500 to work properly"; value 2; description "Export cflowd aggregates in ASN 500 format"; } } default "5"; description "Format of exported cflowd aggregates"; } } // grouping cflowd_sampling_inet_type grouping sampling_instance_inet_output_type { description "Configure output options for packet sampling"; uses apply-advanced; leaf aggregate-export-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "90 .. 1800"; } } units "seconds"; default "90"; description "Interval of exporting aggregate accounting information"; } leaf flow-inactive-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1800"; } } units "seconds"; default "60"; description "Interval of inactivity that marks a flow inactive"; } leaf flow-active-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1800"; } } units "seconds"; default "1800"; description "Interval after which an active flow is exported"; } list flow-server { junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))"; junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'"; junos:must "((".. interface" || ".. inline-jflow"))"; junos:must-message "Output 'interface' or 'inline Jflow' should be configured with flow-server"; key "name"; max-elements 8; description "Configure sending traffic aggregates in cflowd format"; uses cflowd_instance_inet_sampling_type; } // list flow-server list interface { junos:must "((any ".. flow-server <*>" || any ".. extension-service <*>"))"; junos:must-message "'flow-server' or 'extension-service' must be specified with 'interface'"; key "name"; max-elements 1; description "Interfaces used to send monitored information"; uses packet_export_intf_type; } // list interface container inline-jflow { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with the inline Jflow"; presence "enable inline-jflow"; description "Inline processing of sampled packets"; uses packet_export_inline_instance; } // container inline-jflow list extension-service { junos:must "(!(".. flow-active-timeout"))"; junos:must-message "'.. flow-active-timeout' is not needed with 'extension-service'"; junos:must "(!(".. flow-inactive-timeout"))"; junos:must-message "'.. flow-inactive-timeout' is not valid for 'extension-service'"; junos:must "(!(".. aggregate-export-interval"))"; junos:must-message "'.. aggregate-export-interval' is not valid for 'extension-service'"; junos:must "(!(any ".. flow-server <*>"))"; junos:must-message "'.. flow-server' is not needed with 'extension-service'"; junos:must "(!(any ".. interface <*> source-address"))"; junos:must-message "'.. interface source-address' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-id"))"; junos:must-message "'.. interface engine-id' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-type"))"; junos:must-message "'.. interface engine-type' is not valid for 'extension-service'"; junos:must "(any ".. interface <*>")"; junos:must-message "'.. interface' must be specified with 'extension-service'"; key "name"; ordered-by user; description "Define the customer specific sampling configuration"; leaf name { type string { length "1 .. 63"; } description "Customer prefixed sampling service name"; } uses apply-advanced; } // list extension-service } // grouping sampling_instance_inet_output_type grouping cflowd_instance_inet_sampling_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 0; description "Export origin-AS numbers"; } enum "peer" { value 1; description "Export peer-AS numbers"; } } default "origin"; description "Type of autonomous system number to export"; } container aggregation { junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; description "Aggregations to perform for exported flows (version 8 only)"; uses aggregation_type; } // container aggregation choice local-dump-choice { leaf local-dump { type empty; description "Dump cflowd records to log file before exporting"; } leaf no-local-dump { type empty; description "Don't dump cflowd records to log file before exporting"; } } // choice local-dump-choice leaf source-address { type jt:ipv4addr; description "Source IPv4 address for cflowd packets"; } container version9 { junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))"; junos:must-message "Select only one version or configure only RE based samping under family inet"; junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))"; junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9"; presence "enable version9"; description "Export data in version 9 format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "("services flow-monitoring version9 template $$ ipv4-template")"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version9 template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version9 container version-ipfix { junos:must "(".. .. inline-jflow")"; junos:must-message "inline Jflow must be specified for version-ipfix"; presence "enable version-ipfix"; description "Export data in version ipfix format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "("services flow-monitoring version-ipfix template $$ ipv4-template")"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version-ipfix leaf version { junos:must "(!(any ".. .. .. .. .. family mpls output flow-server <*> version9"))"; junos:must-message "Select only one version"; junos:must "(!(any ".. .. .. .. .. family inet6 output flow-server <*> version9"))"; junos:must-message "Select only one version"; junos:must "(!(any ".. .. .. .. .. family inet output flow-server <*> version9"))"; junos:must-message "Select only one version"; junos:must "(!(any ".. .. flow-server <*> version-ipfix"))"; junos:must-message "Select only one version"; junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; type enumeration { enum "5" { junos:must "("system ntp")"; junos:must-message " NTP must be configured for sampling v5/8/500 to work properly"; value 0; description "Export cflowd aggregates in version 5 format"; } enum "8" { junos:must "("system ntp")"; junos:must-message " NTP must be configured for sampling v5/8/500 to work properly"; value 1; description "Export cflowd aggregates in version 8 format"; } } default "5"; description "Format of exported cflowd aggregates"; } } // grouping cflowd_instance_inet_sampling_type grouping sampling_instance_input_type { description "Configure input options for packet sampling"; uses apply-advanced; leaf rate { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Ratio of packets to be sampled (1 out of N)"; } leaf run-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 20"; } } default "0"; description "Number of samples after initial trigger"; } leaf max-packets-per-second { type union { type uint16; type string { pattern "<.*>|$.*"; } } default "1000"; description "Threshold of samples per second before dropping"; } leaf maximum-packet-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 9192"; } } units "bytes"; default "0"; description "Maximum length of the sampled packet"; } } // grouping sampling_instance_input_type grouping sampling_instance_mpls_output_type { description "Configure output options for packet sampling"; uses apply-advanced; leaf aggregate-export-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "90 .. 1800"; } } units "seconds"; default "90"; description "Interval of exporting aggregate accounting information"; } leaf flow-inactive-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1800"; } } units "seconds"; default "60"; description "Interval of inactivity that marks a flow inactive"; } leaf flow-active-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1800"; } } units "seconds"; default "1800"; description "Interval after which an active flow is exported"; } list flow-server { junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))"; junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'"; junos:must "((".. interface" || ".. inline-jflow"))"; junos:must-message "Output 'interface' or 'inline Jflow' should be configured with flow-server"; key "name"; max-elements 8; description "Configure sending traffic aggregates in cflowd format"; uses cflowd_instance_mpls_sampling_type; } // list flow-server list interface { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with 'interface'"; key "name"; max-elements 1; description "Interfaces used to send monitored information"; uses packet_export_intf_type; } // list interface container inline-jflow { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with the inline Jflow"; presence "enable inline-jflow"; description "Inline processing of sampled packets"; uses packet_export_inline_instance; } // container inline-jflow } // grouping sampling_instance_mpls_output_type grouping cflowd_instance_mpls_sampling_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 0; description "Export origin-AS numbers"; } enum "peer" { value 1; description "Export peer-AS numbers"; } } default "origin"; description "Type of autonomous system number to export"; } container aggregation { junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; description "Aggregations to perform for exported flows (version 8 only)"; uses aggregation_type; } // container aggregation choice local-dump-choice { leaf local-dump { type empty; description "Dump cflowd records to log file before exporting"; } leaf no-local-dump { type empty; description "Don't dump cflowd records to log file before exporting"; } } // choice local-dump-choice leaf source-address { type jt:ipv4addr; description "Source IPv4 address for cflowd packets"; } container version9 { junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))"; junos:must-message "Select only one version or configure only RE based samping under family inet"; junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))"; junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9"; presence "enable version9"; description "Export data in version 9 format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "(("services flow-monitoring version9 template $$ mpls-template" || ("services flow-monitoring version9 template $$ mpls-ipv4-template" || "services flow-monitoring version9 template $$ mpls-ipvx-template")))"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version9 template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version9 container version-ipfix { junos:must "(".. .. inline-jflow")"; junos:must-message "inline Jflow must be specified for version-ipfix"; presence "enable version-ipfix"; description "Export data in version ipfix format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "(("services flow-monitoring version-ipfix template $$ mpls-template" || ("services flow-monitoring version-ipfix template $$ mpls-ipv4-template" || "services flow-monitoring version-ipfix template $$ mpls-ipvx-template")))"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version-ipfix } // grouping cflowd_instance_mpls_sampling_type grouping sampling_instance_vpls_output_type { description "Configure output options for packet sampling"; uses apply-advanced; list flow-server { junos:must "(".. inline-jflow")"; junos:must-message "Output 'inline Jflow' should be configured with flow-server"; key "name"; max-elements 8; description "Configure sending traffic aggregates in cflowd format"; uses cflowd_instance_vpls_sampling_type; } // list flow-server container inline-jflow { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with the inline Jflow"; presence "enable inline-jflow"; description "Inline processing of sampled packets"; uses packet_export_inline_instance; } // container inline-jflow } // grouping sampling_instance_vpls_output_type grouping cflowd_instance_vpls_sampling_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } container version9 { junos:must "(".. .. inline-jflow")"; junos:must-message "inline Jflow must be specified for version9"; presence "enable version9"; description "Export data in version 9 format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "("services flow-monitoring version9 template $$ vpls-template")"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version9 template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version9 container version-ipfix { junos:must "(".. .. inline-jflow")"; junos:must-message "inline Jflow must be specified for version-ipfix"; presence "enable version-ipfix"; description "Export data in version ipfix format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "("services flow-monitoring version-ipfix template $$ vpls-template")"; junos:must-message "Template type must match input protocol"; junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))"; junos:must-message "All the collector under same family should share the same template in Inline-Jflow"; type string; description "Template name"; } } // container template } // container version-ipfix } // grouping cflowd_instance_vpls_sampling_type grouping sampling_output_type { description "Configure output options for packet sampling"; uses apply-advanced; leaf aggregate-export-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "90 .. 1800"; } } units "seconds"; default "90"; description "Interval of exporting aggregate accounting information"; } leaf flow-inactive-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1800"; } } units "seconds"; default "60"; description "Interval of inactivity that marks a flow inactive"; } leaf flow-active-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1800"; } } units "seconds"; default "1800"; description "Interval after which an active flow is exported"; } container file { junos:must "(!(any ".. extension-service <*>"))"; junos:must-message "This configuration is not required with 'extension-service'"; description "Configure parameters for dumping sampled packets"; choice enable-disable { leaf disable { type empty; description "Disable sampled packet dumps"; } } // choice enable-disable leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file to contain sampled packet dumps"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 10000"; } } default "10"; description "Maximum number of sampled packet dump files"; } leaf size { type string; description "Maximum sample dump file size"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the sampled dump"; } leaf no-world-readable { type empty; description "Don't allow any user to read the sampled dump"; } } // choice world-readable-choice choice stamp-choice { leaf stamp { type empty; description "Timestamp every packet in the dump"; } leaf no-stamp { type empty; description "Don't timestamp every packet in the dump"; } } // choice stamp-choice } // container file container port-mirroring { junos:must "(!(any ".. extension-service <*>"))"; junos:must-message "This configuration is not required with 'extension-service'"; presence "enable port-mirroring"; description "Configure sending sampled traffic out through an interface"; uses inet_pm_family_output_type; } // container port-mirroring list flow-server { junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))"; junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'"; key "name"; max-elements 8; description "Configure sending traffic aggregates in cflowd format"; uses cflowd_sampling_type; } // list flow-server list interface { junos:must "((any ".. flow-server <*>" || any ".. extension-service <*>"))"; junos:must-message "'flow-server' or 'extension-service' must be specified with 'interface'"; key "name"; max-elements 1; description "Interfaces used to send monitored information"; uses packet_export_intf_type; } // list interface container inline-jflow { junos:must "(any ".. flow-server <*>")"; junos:must-message "'flow-server' must be specified with the inline Jflow"; presence "enable inline-jflow"; description "Inline processing of sampled packets"; uses packet_export_inline; } // container inline-jflow list extension-service { junos:must "(!(".. flow-active-timeout"))"; junos:must-message "'.. flow-active-timeout' is not needed with 'extension-service'"; junos:must "(!(".. flow-inactive-timeout"))"; junos:must-message "'.. flow-inactive-timeout' is not valid for 'extension-service'"; junos:must "(!(".. aggregate-export-interval"))"; junos:must-message "'.. aggregate-export-interval' is not valid for 'extension-service'"; junos:must "(!(any ".. flow-server <*>"))"; junos:must-message "'.. flow-server' is not needed with 'extension-service'"; junos:must "(!(any ".. interface <*> source-address"))"; junos:must-message "'.. interface source-address' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-id"))"; junos:must-message "'.. interface engine-id' is not valid for 'extension-service'"; junos:must "(!(any ".. interface <*> engine-type"))"; junos:must-message "'.. interface engine-type' is not valid for 'extension-service'"; junos:must "(any ".. interface <*>")"; junos:must-message "'.. interface' must be specified with 'extension-service'"; key "name"; ordered-by user; description "Define the customer specific sampling configuration"; leaf name { type string { length "1 .. 63"; } description "Customer prefixed sampling service name"; } uses apply-advanced; } // list extension-service } // grouping sampling_output_type grouping cflowd_sampling_type { leaf name { type jt:ipaddr; description "Name of host collecting cflowd packets"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "UDP port number on host collecting cflowd packets"; } leaf dscp { junos:must "(".. .. inline-jflow")"; junos:must-message "DSCP can be configured for inline-jflow"; type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 63"; } } default "0"; description "Numeric DSCP value in the range 0 to 63"; } leaf forwarding-class { junos:must "(".. .. inline-jflow")"; junos:must-message "forwarding-class can be configured for inline-jflow"; type string { length "1 .. 64"; } description "Forwarding-class for exported jflow packets, applicable only for inline-jflow"; } leaf routing-instance { junos:must "(".. .. inline-jflow")"; junos:must-message "Routing Instances can be configured for inline-jflow"; junos:must "("routing-instances $$ instance-type vrf")"; junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)"; type string; description "Name of routing instance on which flow collector is reachable"; } leaf autonomous-system-type { type enumeration { enum "origin" { value 0; description "Export origin-AS numbers"; } enum "peer" { value 1; description "Export peer-AS numbers"; } } default "origin"; description "Type of autonomous system number to export"; } container aggregation { junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; description "Aggregations to perform for exported flows (version 8 only)"; uses aggregation_type; } // container aggregation choice local-dump-choice { leaf local-dump { type empty; description "Dump cflowd records to log file before exporting"; } leaf no-local-dump { type empty; description "Don't dump cflowd records to log file before exporting"; } } // choice local-dump-choice leaf source-address { type jt:ipv4addr; description "Source IPv4 address for cflowd packets"; } container version9 { junos:must "(!(any ".. .. flow-server <*> version"))"; junos:must-message "Select only one version"; junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))"; junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9"; presence "enable version9"; description "Export data in version 9 format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { junos:must "((("services flow-monitoring version9 template $$ ipv4-template" && "forwarding-options sampling input family inet") || (("services flow-monitoring version9 template $$ ipv6-template" && "forwarding-options sampling input family inet6") || (("services flow-monitoring version9 template $$ mpls-template" && "forwarding-options sampling input family mpls") || (("services flow-monitoring version9 template $$ mpls-ipv4-template" && "forwarding-options sampling input family mpls") || ("services flow-monitoring version9 template $$ mpls-ipvx-template" && "forwarding-options sampling input family mpls"))))))"; junos:must-message "Template type must match input protocol"; type string; description "Template name"; } } // container template } // container version9 container version-ipfix { presence "enable version-ipfix"; status deprecated; description "Export data in version ipfix format"; uses apply-advanced; container template { description "Template configuration"; uses apply-advanced; leaf template-name { type string; description "Template name"; } } // container template } // container version-ipfix leaf version { junos:must "("forwarding-options sampling input family inet")"; junos:must-message "input 'family inet' must be configured"; junos:must "(!(any ".. .. flow-server <*> version9"))"; junos:must-message "Select only one version"; type enumeration { enum "5" { junos:must "("system ntp")"; junos:must-message " NTP must be configured for sampling v5/8/500 to work properly"; value 0; description "Export cflowd aggregates in version 5 format"; } enum "8" { junos:must "("system ntp")"; junos:must-message " NTP must be configured for sampling v5/8/500 to work properly"; value 1; description "Export cflowd aggregates in version 8 format"; } enum "500" { junos:must "(!(".. .. interface"))"; junos:must-message "This feature is only supported for RE based sampling"; junos:must "("system ntp")"; junos:must-message " NTP must be configured for sampling v5/8/500 to work properly"; value 2; description "Export cflowd aggregates in ASN 500 format"; } } default "5"; description "Format of exported cflowd aggregates"; } } // grouping cflowd_sampling_type grouping sampling_traceoptions_type { description "Configure packet sampling traceoptions"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file } // grouping sampling_traceoptions_type grouping server-group-type { uses apply-advanced; list server-group { key "name"; ordered-by user; description "One or more server groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Server group name"; } uses apply-advanced; list address { key "name"; max-elements 32; ordered-by user; description "IP Address of one or more DHCP servers"; leaf name { type jt:ipaddr; description "IP Address of DHCP server"; } uses apply-advanced; } // list address } // list server-group } // grouping server-group-type grouping server-match-action-choice { uses apply-advanced; choice v4-action-choice { leaf forward-only { type empty; description "Forward without subscriber services"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice v4-action-choice } // grouping server-match-action-choice grouping server-match-v6-ascii-hex { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list hexadecimal } // grouping server-match-v6-ascii-hex grouping slaacd-config-type { description "Slaacd configuration options"; uses apply-advanced; container vlans { description "Slaac config on vlan"; uses apply-advanced; list vlan-config { key "name"; description "Virtual LAN configuration"; uses vlan-slaacd; } // list vlan-config } // container vlans container interface { description "Slaac config on interface"; uses apply-advanced; list intf-config { key "name"; description "Interface configuration"; uses slaacd-interface; } // list intf-config } // container interface container link-local-expiry-interval { description "Link local address expiry interval"; uses apply-advanced; leaf interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 86400"; } } units "seconds"; default "86400"; description "Expiry interval"; } } // container link-local-expiry-interval container traceoptions { description "Slaac Snooping trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; description "Tracing parameters"; leaf name { type enumeration { enum "configuration" { value 0; description "Log configuration events"; } enum "init" { value 1; description "Trace init message events"; } enum "state" { value 2; description "Trace state message events"; } enum "rtsock" { value 3; description "Trace rtsock message events"; } enum "packet" { value 4; description "Trace packet events"; } enum "fsm" { value 5; description "Trace fsm update events"; } enum "io" { value 6; description "Trace io events"; } enum "verbose" { value 7; description "Trace verbose events"; } enum "task" { value 8; description "Trace TASK related events"; } enum "all" { value 9; description "Trace all events"; } } } } // list flag } // container traceoptions } // grouping slaacd-config-type grouping slaacd-interface { description "Interface name"; leaf name { type string; description "Interface name"; } uses apply-advanced; container mark-interface { description "Mark interface"; uses apply-advanced; leaf trusted { type empty; description "Mark interface trusted"; } } // container mark-interface container max-allowed-contention { description "Maximum allowed contention count(will be valid only for un-trusted ports)"; uses apply-advanced; leaf count { junos:must "(".. duration")"; junos:must-message "Duration cannot be zero for non-zero count."; type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 10"; } } description "Contention count"; } leaf duration { junos:must "(".. count")"; junos:must-message "Count cannot be zero for non-zero duration."; type union { type string { pattern "<.*>|$.*"; } type uint16 { range "60 .. 3600"; } } units "seconds"; description "Contention duration"; } } // container max-allowed-contention container auto-dad { description "Auto duplicate address detection"; uses apply-advanced; leaf retries { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 3"; } } default "1"; description "DAD retry value"; } leaf retrans-interval { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 6"; } } units "seconds"; default "1"; description "DAD re-transmission interval"; } } // container auto-dad } // grouping slaacd-interface grouping smpl-analyzer-type { leaf name { junos:must "(!("forwarding-options sampling instance $$"))"; junos:must-message "analyzer must not have the same name as of any other sampling instance"; junos:must "(!("forwarding-options port-mirroring instance $$"))"; junos:must-message "analyzer must not have the same name as of any other port mirror instance"; type string { junos:posix-pattern "^[[:alpha:]][[:alnum:]_-]+$"; junos:pattern-message "Must be a string beginning with a letter and consisting of letters, numbers, dashes, and underscores"; length "1 .. 63"; } description "Analyzer name"; } uses apply-advanced; container input { description "Ports and VLANs to monitor"; uses smpl-analyzer-input-type; } // container input container output { description "Outgoing port or VLAN for mirrored packets"; uses smpl-analyzer-output-type; } // container output } // grouping smpl-analyzer-type grouping smpl-analyzer-input-type { uses apply-advanced; leaf rate { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } description "Ratio of packets to be sampled (1 out of N)"; } leaf maximum-packet-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 9216"; } } units "bytes"; description "Maximum length of the mirrored packet"; } container ingress { description "Ports and VLANs to monitor incoming traffic"; uses smpl-analyzer-ingress-type; } // container ingress container egress { description "Ports and VLANs to monitor outgoing traffic"; uses smpl-analyzer-egress-type; } // container egress } // grouping smpl-analyzer-input-type grouping smpl-analyzer-egress-type { uses apply-advanced; list interface { key "name"; ordered-by user; description "Port to monitor outgoing traffic"; uses analyzer-egress-interface-type; } // list interface list routing-instance { key "name"; description "Routing instances"; uses analyzer-egress-routing-instance-type; } // list routing-instance list vlan { key "name"; ordered-by user; description "VLAN to monitor outgoing traffic"; uses analyzer-egress-vlan-type; } // list vlan list bridge-domain { key "name"; ordered-by user; description "Bridge-domain to monitor outgoing traffic"; uses analyzer-egress-bridge-domain-type; } // list bridge-domain } // grouping smpl-analyzer-egress-type grouping analyzer-egress-bridge-domain-type { leaf name { junos:must "(!(any "forwarding-options analyzer <*> output bridge-domain $$"))"; junos:must-message "bridge-domain must not be output of any analyzer session"; junos:must "(unique "forwarding-options analyzer <*> input egress bridge-domain $$")"; junos:must-message "bridge-domain must not be input egress to any other analyzer"; type string; description "Bridge domain name, VLAN id or VLAN range string"; } uses apply-advanced; } // grouping analyzer-egress-bridge-domain-type grouping analyzer-egress-interface-type { leaf name { type string; description "Logical interface name"; } uses apply-advanced; } // grouping analyzer-egress-interface-type grouping analyzer-egress-routing-instance-type { leaf name { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance name"; } uses apply-advanced; list vlan { key "name"; ordered-by user; description "VLAN to monitor outgoing traffic"; uses analyzer-egress-vlan-type; } // list vlan list bridge-domain { key "name"; ordered-by user; description "Bridge-domain to monitor outgoing traffic"; uses analyzer-egress-bridge-domain-type; } // list bridge-domain } // grouping analyzer-egress-routing-instance-type grouping analyzer-egress-vlan-type { leaf name { junos:must "(!(any "forwarding-options analyzer <*> output vlan $$"))"; junos:must-message "vlan must not be output of any analyzer session"; junos:must "(unique "forwarding-options analyzer <*> input egress vlan $$")"; junos:must-message "vlan must not be input egress to any other analyzer"; type string; description "VLAN name, VLAN id or VLAN range string"; } uses apply-advanced; } // grouping analyzer-egress-vlan-type grouping smpl-analyzer-ingress-type { uses apply-advanced; list interface { key "name"; ordered-by user; description "Port to monitor incoming traffic"; uses analyzer-ingress-interface-type; } // list interface list routing-instance { key "name"; description "Routing instances"; uses analyzer-ingress-routing-instance-type; } // list routing-instance list vlan { key "name"; ordered-by user; description "VLAN to monitor incoming traffic"; uses analyzer-ingress-vlan-type; } // list vlan list bridge-domain { key "name"; ordered-by user; description "Bridge-domain to monitor incoming traffic"; uses analyzer-ingress-bridge-domain-type; } // list bridge-domain } // grouping smpl-analyzer-ingress-type grouping analyzer-ingress-bridge-domain-type { leaf name { junos:must "(!(any "forwarding-options analyzer <*> output bridge-domain $$"))"; junos:must-message "vlan must not be output of any analyzer session"; junos:must "(unique "forwarding-options analyzer <*> input ingress bridge-domain $$")"; junos:must-message "vlan must not be input ingress to any other analyzer"; junos:must "(!("vlans $$ vlan-id-list"))"; junos:must-message "vlan-id-list cannot be configured on forwarding-options analyzer"; type string; description "Bridge domain name, VLAN id or VLAN range string"; } uses apply-advanced; } // grouping analyzer-ingress-bridge-domain-type grouping analyzer-ingress-interface-type { leaf name { type string; description "Logical interface name"; } uses apply-advanced; } // grouping analyzer-ingress-interface-type grouping analyzer-ingress-routing-instance-type { leaf name { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance name"; } uses apply-advanced; list vlan { key "name"; ordered-by user; description "VLAN to monitor incoming traffic"; uses analyzer-ingress-vlan-type; } // list vlan list bridge-domain { key "name"; ordered-by user; description "Bridge-domain to monitor incoming traffic"; uses analyzer-ingress-bridge-domain-type; } // list bridge-domain } // grouping analyzer-ingress-routing-instance-type grouping analyzer-ingress-vlan-type { leaf name { junos:must "(!(any "forwarding-options analyzer <*> output vlan $$"))"; junos:must-message "vlan must not be output of any analyzer session"; junos:must "(unique "forwarding-options analyzer <*> input ingress vlan $$")"; junos:must-message "vlan must not be input ingress to any other analyzer"; junos:must "(!("vlans $$ vlan-id-list"))"; junos:must-message "vlan-id-list cannot be configured on forwarding-options analyzer"; type string; description "VLAN name, VLAN id or VLAN range string"; } uses apply-advanced; } // grouping analyzer-ingress-vlan-type grouping smpl-analyzer-output-type { uses apply-advanced; choice interface_or_vlan { leaf interface { junos:must "(!("interfaces $$-IFL family inet"))"; junos:must-message "An interface configured as family inet cannot be configured as analyzer output interface"; junos:must "(!(("interfaces $$-IFL family inet" || "interfaces $$-IFL family inet6")))"; junos:must-message "An interface configured as family inet/inet6 cannot be configured as analyzer output interface"; junos:must "(!(("interfaces $$-IFL family ethernet-switching filter" || ("interfaces $$-IFL family inet filter" || "interfaces $$-IFL family inet6 filter"))))"; junos:must-message "An interface cannot both be an analyzer output interface and have a filter applied to it."; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Outgoing port for mirrored packets"; } leaf ip-address { type jt:ipv4addr; description "ERSPAN Destination IP Address"; } leaf ipv6-address { type jt:ipv6addr; description "ERSPAN Destination IPv6 Address"; } leaf next-hop-group { junos:must "("forwarding-options next-hop-group $$ group-type layer-2")"; junos:must-message "Referenced next-hop-group must be defined as layer-2 group"; type string; description "Next-hop-group through which to send port-mirror traffic"; } list routing-instance { key "name"; max-elements 1; description "Routing instances"; uses output-routing-instance-type; } // list routing-instance list vlan { key "name"; max-elements 1; description "Outgoing VLAN for mirrored packets"; uses pm-rspan-vlan; } // list vlan list bridge-domain { key "name"; max-elements 1; description "Outgoing bridge-domain for mirrored packets"; uses pm-rspan-bridge-domain; } // list bridge-domain } // choice interface_or_vlan } // grouping smpl-analyzer-output-type grouping output-routing-instance-type { leaf name { type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance name"; } uses apply-advanced; choice ipaddr_or_vlan { leaf ip-address { type jt:ipv4addr; description "ERSPAN Destination IP Address"; } leaf ipv6-address { type jt:ipv6addr; description "ERSPAN Destination IPv6 Address"; } list vlan { key "name"; max-elements 1; description "Outgoing VLAN for mirrored packets"; uses pm-rspan-vlan; } // list vlan list bridge-domain { key "name"; max-elements 1; description "Outgoing bridge-domain for mirrored packets"; uses pm-rspan-bridge-domain; } // list bridge-domain } // choice ipaddr_or_vlan } // grouping output-routing-instance-type grouping v6-relay-option-interface-id-type { description "Interface ID processing"; uses apply-advanced; container prefix { description "Add prefix to circuit/interface-id or remote-id"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to circuit / interface-id or remote-id"; } leaf logical-system-name { type empty; description "Add logical system name to circuit / interface-id or remote-id"; } leaf routing-instance-name { type empty; description "Add routing instance name to circuit / interface-id or remote-id"; } } // container prefix leaf use-interface-description { junos:must "(!(".. require-interface-description"))"; junos:must-message "use-interface-description may not be set with require-interface-desciption"; type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of circuit identifier"; } leaf use-vlan-id { junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))"; junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured"; type empty; description "Use VLAN id instead of name"; } leaf no-vlan-interface-name { type empty; description "Not include vlan or interface name"; } leaf include-irb-and-l2 { type empty; description "Include IRB and L2 interface name"; } container use-option-82 { presence "enable use-option-82"; description "Use option-82 circuit-id for interface-id"; uses v6-relay-option-cid-rid-action; } // container use-option-82 container keep-incoming-interface-id { presence "enable keep-incoming-interface-id"; description "Keep incoming interface identifier"; uses v6-relay-option-cid-rid-action; } // container keep-incoming-interface-id } // grouping v6-relay-option-interface-id-type grouping v6-relay-option-cid-rid-action { uses apply-advanced; leaf strict { type empty; description "Drop packet if id not present"; } } // grouping v6-relay-option-cid-rid-action grouping v6-relay-option-remote-id-type { description "Remote ID processing"; uses apply-advanced; container prefix { description "Add prefix to circuit/interface-id or remote-id"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to circuit / interface-id or remote-id"; } leaf logical-system-name { type empty; description "Add logical system name to circuit / interface-id or remote-id"; } leaf routing-instance-name { type empty; description "Add routing instance name to circuit / interface-id or remote-id"; } } // container prefix leaf use-interface-description { junos:must "(!(".. require-interface-description"))"; junos:must-message "use-interface-description may not be set with require-interface-desciption"; type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of circuit identifier"; } leaf use-vlan-id { junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))"; junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured"; type empty; description "Use VLAN id instead of name"; } leaf no-vlan-interface-name { type empty; description "Not include vlan or interface name"; } leaf include-irb-and-l2 { type empty; description "Include IRB and L2 interface name"; } container use-option-82 { presence "enable use-option-82"; description "Use option-82 remote-id for v6 remote-id"; uses v6-relay-option-cid-rid-action; } // container use-option-82 leaf keep-incoming-remote-id { type empty; description "Keep incoming remote identifier"; } } // grouping v6-relay-option-remote-id-type grouping v6-server-group-type { uses apply-advanced; list server-group { key "name"; ordered-by user; description "One or more server groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "DHCPv6 Server group name"; } uses apply-advanced; list address { key "name"; max-elements 32; ordered-by user; description "IP Address of one or more DHCP servers"; leaf name { type jt:ipaddr; description "IP Address of DHCP server"; } uses apply-advanced; } // list address } // list server-group } // grouping v6-server-group-type grouping vlan-policy { description "Virtual LAN"; leaf name { type string; description "VLAN id"; } uses apply-advanced; container policy { description "Attach policy"; uses apply-advanced; leaf policy-name { type string; description "Router Advertisement Guard policy name"; } choice policy-type { leaf stateful { type empty; description "Stateful router advertisement guard"; } leaf stateless { type empty; description "Stateless router advertisement guard"; } } // choice policy-type } // container policy } // grouping vlan-policy grouping vlan-slaacd { description "Virtual LAN"; leaf name { type string; description "VLAN id"; } uses apply-advanced; } // grouping vlan-slaacd grouping write-option-82-type { uses apply-advanced; } // grouping write-option-82-type } // module junos-nfx-conf-forwarding-options
© 2023 YumaWorks, Inc. All rights reserved.