This model adds the configurations for incoming and outgoing management services. Copyright (c) 2015-2019 by Dell EMC, All righ...
Version: 2019-01-02
module vrf-firewall { yang-version 1; namespace "http://www.dellemc.com/networking/os10/dell-base-vrf-firewall"; prefix vrf-firewall; import dell-base-common { prefix base-cmn; } import ietf-network-instance { prefix ni; } import ietf-yang-types { prefix yang; } organization "Dell EMC"; contact "http://www.dell.com/support"; description "This model adds the configurations for incoming and outgoing management services. Copyright (c) 2015-2019 by Dell EMC, All rights reserved."; revision "2019-01-02" { description "Added new enumeration value for ICMPv6 protocol type."; reference "Network Platform Abstraction"; } revision "2018-08-17" { description "Fixing pyang IETF errors and adding documentation to the model."; reference "Network Platform Abstraction"; } revision "2018-07-09" { description "Added packet and byte counter attributes to ns-incoming-service model to retrieve counters on number of packets, bytes that matched the rule."; reference "Network Platform Abstraction"; } revision "2018-06-18" { description "Added destination IP address and prefix length attributes to ns-incoming-service configuration to support destination host or subnet match."; reference "Network Platform Abstraction"; } revision "2018-05-23" { description "Added interface name attribute to ns-incoming-service configuration to support rule configuration on a specific port."; reference "Network Platform Abstraction"; } revision "2018-05-17" { description "Added attributes to ns-incoming-service configuration to support L4 destination port range."; reference "Network Platform Abstraction"; } revision "2018-03-20" { description "Changed ns-incoming-service list key and added attributes to suport VTY ACL"; reference "Network Platform Abstraction"; } revision "2017-09-29" { description "Initial version."; reference "Network Platform Abstraction"; } typedef ip-protocols { type enumeration { enum "tcp" { value 1; description "Transmission Control Protocol (TCP) Transport Protocol."; } enum "udp" { value 2; description "User Datagram Protocol (UDP) Transport Protocol"; } enum "icmp" { value 3; description "Internet Control Message Protocol (ICMP) Transport " + "Protocol"; } enum "all" { value 4; description "All Internet Protocols"; } enum "icmpv6" { value 5; description "Internet Control Message Protocol (ICMP) for IPv6"; } } description "Enumeration of different types IP protocols ."; } typedef protocol-action { type enumeration { enum "ALLOW" { value 1; description "Allow protocol packets."; } enum "DENY" { value 2; description "Deny protocol packets."; } } description "Enumeration of possible actions to be taken on the packets"; } list ns-incoming-service { must "(number(upper-dst-ports) > number(lower-dst-port))" { error-message "upper destination port should be greater than the lower destination port."; } key "id"; description "Provide list of incoming management services and their attributes."; leaf id { type base-cmn:base-obj-id-type; description "Unique ID generated by the system, during the service creation. Subsequent Modify or Delete requests required this ID."; } leaf ni-name { type leafref { path "/ni:network-instances/ni:network-instance/ni:name"; } description "Device scoped identifier for the network instance."; } leaf af { type base-cmn:af-type; description "Address Family."; } leaf src-ip { type base-cmn:ip-address; description "Source IPv4 or IPv6 address prefix to specify matched host or subnet."; } leaf src-prefix-len { type uint32; description "Source IP address prefix length to specify matched subnet."; } leaf dst-ip { type base-cmn:ip-address; description "Destination IPv4 or IPv6 address prefix to specify matched host or subnet."; } leaf dst-prefix-len { type uint32; description "Destination IP address prefix length to specify matched subnet."; } leaf protocol { type ip-protocols; description "IP protocols."; } leaf dst-port { when "../protocol = 'tcp' or ../protocol = 'udp'"; type uint32; description "Destination port."; } leaf lower-dst-port { when "../protocol = 'tcp' or ../protocol = 'udp'"; type uint32; description "Lower destination port number in the range of destination ports (inclusive). This should be configured with upper-dst-port. When the destination ports are not contiguous, use dst-port attribute to configure individual rules."; } leaf upper-dst-port { when "../protocol = 'tcp' or ../protocol = 'udp'"; type uint32; description "Upper destination port number in the range of destination ports (inclusive). This should be configured with lower-dst-port."; } leaf ifname { type string; description "Its presence means that this rule should ONLY be applied on the specified interface."; } leaf seq-num { type uint32; description "Unique sequence number to order the rules in list. Rule with the lower number will have the higher preference order."; } leaf action { type protocol-action; description "Allow/Deny the protocol packets."; } leaf matched-packets { type yang:counter64; config false; description "Number of packets that have matched this rule."; } leaf matched-bytes { type yang:counter64; config false; description "Number of bytes that have matched this rule."; } } // list ns-incoming-service list ns-outgoing-service { key "id"; description "Provide list of outgoing management services and their attributes.. It is used for following services: - IP service binding between management namespace and default namespace, by mapping for public destination IP, public destination port with the private IP and private port to handle multiple different public IP destinations with same/different destination port for applications like rsyslog, SNMP traps..etc in the default namespace to remote destinations through management namespace. - Source address translation for outgoing services across different services, like tacacs, rsyslog, SNMP traps..etc."; leaf id { type base-cmn:base-obj-id-type; description "Unique ID that was generated if not given upon Create request. Subsequent Modify or Delete requests require the ID to be passed in."; } leaf ni-name { type leafref { path "/ni:network-instances/ni:network-instance/ni:name"; } description "Device scoped identifier for the network instance."; } leaf af { type base-cmn:af-type; description "Address Family"; } leaf public-ip { type base-cmn:ip-address; description "Public destination IP address."; } leaf protocol { type ip-protocols; description "IP protocols type."; } leaf public-port { type uint32; description "Public destination port."; } leaf private-ip { type base-cmn:ip-address; config false; description "Private destination IP address (vEth end point IP in the management namespace), this will be replaced with the actual public IP in the management namespace."; } leaf private-port { type uint32; config false; description "Private destination port, this will be replaced with the actual public port in the management namespace."; } leaf outgoing-source-ip { type base-cmn:ip-address; description "Translated Source IP address to be used for the outgoing connections. Outgoing connections for a given name-space and address family can be identified using one or more of the attributes like public-ip or protocol and public-port."; } } // list ns-outgoing-service } // module vrf-firewall
© 2023 YumaWorks, Inc. All rights reserved.