module ietf-routing-policy {
yang-version "1.1";
namespace "urn:ietf:params:xml:ns:yang:ietf-routing-policy";
prefix rt-pol;
import ietf-inet-types {
prefix "inet";
}
import ietf-yang-types {
prefix "yang";
}
import ietf-interfaces {
prefix "if";
}
import ietf-routing {
prefix "rt";
}
import ietf-interfaces-common {
prefix if-cmn;
}
import ietf-if-l3-vlan {
prefix "if-l3-vlan";
}
organization
"IETF RTGWG - Routing Area Working Group";
contact
"WG Web:
WG List:
Editor: Yingzhen Qu
Jeff Tantsura
Acee Lindem
Xufeng Liu
Anees Shaikh
";
description
"This module describes a YANG model for routing policy
configuration. It is a limited subset of all of the policy
configuration parameters available in the variety of vendor
implementations, but supports widely used constructs for
managing how routes are imported, exported, and modified across
different routing protocols. This module is intended to be used
in conjunction with routing protocol configuration modules
(e.g., BGP) defined in other models.
Route policy expression:
Policies are expressed as a set of top-level policy definitions,
each of which consists of a sequence of policy statements.
Policy statements consist of simple condition-action tuples.
Conditions may include mutiple match or comparison operations,
and similarly actions may be multitude of changes to route
attributes or a final disposition of accepting or rejecting the
route.
Route policy evaluation:
Policy definitions are referenced in routing protocol
configurations using import and export configuration statements.
The arguments are members of an ordered list of named policy
definitions which comprise a policy chain, and optionally, an
explicit default policy action (i.e., reject or accept).
Evaluation of each policy definition proceeds by evaluating its
corresponding individual policy statements in order. When a
condition statement in a policy statement is satisfied, the
corresponding action statement is executed. If the action
statement has either accept-route or reject-route actions,
policy evaluation of the current policy definition stops, and
no further policy definitions in the chain are evaluated.
If the condition is not satisfied, then evaluation proceeds to
the next policy statement. If none of the policy statement
conditions are satisfied, then evaluation of the current policy
definition stops, and the next policy definition in the chain is
evaluated. When the end of the policy chain is reached, the
default route disposition action is performed (i.e.,
reject-route unless an alternate default action is specified
for the chain).
Policy 'subroutines' (or nested policies) are supported by
allowing policy statement conditions to reference another policy
definition which applies conditions and actions from the
referenced policy before returning to the calling policy
statement and resuming evaluation. If the called policy
results in an accept-route (either explicit or by default), then
the subroutine returns an effective true value to the calling
policy. Similarly, a reject-route action returns false. If the
subroutine returns true, the calling policy continues to
evaluate the remaining conditions (using a modified route if the
subroutine performed any changes to the route).";
revision "2018-06-25" {
description
"Initial revision.";
reference
"RFC XXXX: Routing Policy Configuration Model for Service
Provider Networks";
}
// typedef statements
typedef default-policy-type {
// this typedef retained for name compatibiity with default
// import and export policy
type enumeration {
enum accept-route {
description
"Default policy to accept the route";
}
enum reject-route {
description
"Default policy to reject the route";
}
}
description
"Type used to specify route disposition in
a policy chain";
}
typedef policy-result-type {
type enumeration {
enum accept-route {
description "Policy accepts the route";
}
enum reject-route {
description "Policy rejects the route";
}
}
description
"Type used to specify route disposition in
a policy chain";
}
typedef tag-type {
type union {
type uint32;
type yang:hex-string;
}
description "Type for expressing route tags on a local system,
including IS-IS and OSPF; may be expressed as either decimal
or hexadecimal integer";
reference
"RFC 2178 - OSPF Version 2
RFC 5130 - A Policy Control Mechanism in IS-IS Using
Administrative Tags";
}
typedef match-set-options-type {
type enumeration {
enum any {
description "Match is true if given value matches any member
of the defined set";
}
enum all {
description "Match is true if given value matches all
members of the defined set";
}
enum invert {
description "Match is true if given value does not match any
member of the defined set";
}
}
default any;
description
"Options that govern the behavior of a match statement. The
default behavior is any, i.e., the given value matches any
of the members of the defined set";
}
// grouping statements
grouping prefix-set {
description
"Configuration data for prefix sets used in policy
definitions.";
leaf name {
type string;
description
"Name of the prefix set -- this is used as a label to
reference the set in match conditions";
}
leaf mode {
type enumeration {
enum ipv4 {
description
"Prefix set contains IPv4 prefixes only";
}
enum ipv6 {
description
"Prefix set contains IPv6 prefixes only";
}
enum mixed {
description
"Prefix set contains mixed IPv4 and IPv6 prefixes";
}
}
description
"Indicates the mode of the prefix set, in terms of which
address families (IPv4, IPv6, or both) are present. The
mode provides a hint, but the device must validate that all
prefixes are of the indicated type, and is expected to
reject the configuration if there is a discrepancy. The
MIXED mode may not be supported on devices that require
prefix sets to be of only one address family.";
}
}
grouping prefix-set-top {
description
"Top-level data definitions for a list of IPv4 or IPv6
prefixes which are matched as part of a policy";
container prefix-sets {
description
"Enclosing container ";
list prefix-set {
key "name";
description
"List of the defined prefix sets";
uses prefix-set;
uses prefix-top;
}
}
}
grouping prefix {
description
"Configuration data for a prefix definition";
leaf ip-prefix {
type inet:ip-prefix;
mandatory true;
description
"The prefix member in CIDR notation -- while the
prefix may be either IPv4 or IPv6, most
implementations require all members of the prefix set
to be the same address family. Mixing address types in
the same prefix set is likely to cause an error.";
}
leaf masklength-lower {
type uint8;
description
"Masklength range lower bound.";
}
leaf masklength-upper {
type uint8 {
range "1..128";
}
must "../masklength-upper >= ../masklength-lower" {
error-message "The upper bound should not be less"
+ "than lower bound.";
}
description
"Masklength range upper bound.
The combination of masklength-lower and masklength-upper
define a range for the mask length, or single 'exact'
length if masklength-lower and masklenght-upper are equal.
Example: 10.3.192.0/21 through 10.3.192.0/24 would be
expressed as prefix: 10.3.192.0/21,
masklength-lower=21,
masklength-upper=24
Example: 10.3.192.0/21 (an exact match) would be
expressed as prefix: 10.3.192.0/21,
masklength-lower=21,
masklength-upper=21";
}
}
grouping prefix-top {
description
"Top-level grouping for prefixes in a prefix list";
container prefixes {
description
"Enclosing container for the list of prefixes in a policy
prefix list";
list prefix-list {
key "ip-prefix masklength-lower masklength-upper";
description
"List of prefixes in the prefix set";
uses prefix;
}
}
}
grouping neighbor-set {
description
"This grouping provides neighbor set definitions";
leaf name {
type string;
description
"Name of the neighbor set -- this is used as a label
to reference the set in match conditions";
}
leaf-list address {
type inet:ip-address;
description
"List of IP addresses in the neighbor set";
}
}
grouping neighbor-set-top {
description
"Top-level data definition for a list of IPv4 or IPv6
neighbors which can be matched in a routing policy";
container neighbor-sets {
description
"Enclosing container for the list of neighbor set
definitions";
list neighbor-set {
key "name";
description
"List of defined neighbor sets for use in policies.";
uses neighbor-set;
}
}
}
grouping tag-set {
description
"This grouping provides tag set definitions.";
leaf name {
type string;
description
"Name of the tag set -- this is used as a label to reference
the set in match conditions";
}
leaf-list tag-value {
type tag-type;
description
"Value of the tag set member";
}
}
grouping tag-set-top {
description
"Top-level data definitions for a list of tags which can
be matched in policies";
container tag-sets {
description
"Enclosing container for the list of tag sets.";
list tag-set {
key "name";
description
"List of tag set definitions.";
uses tag-set;
}
}
}
grouping match-set-options-group {
description
"Grouping containing options relating to how a particular set
should be matched";
leaf match-set-options {
type match-set-options-type;
description
"Optional parameter that governs the behavior of the
match operation";
}
}
grouping match-set-options-restricted-group {
description
"Grouping for a restricted set of match operation modifiers";
leaf match-set-options {
type match-set-options-type {
enum any {
description "Match is true if given value matches any
member of the defined set";
}
enum invert {
description "Match is true if given value does not match
any member of the defined set";
}
}
description
"Optional parameter that governs the behavior of the
match operation. This leaf only supports matching on ANY
member of the set or inverting the match. Matching on ALL
is not supported";
}
}
grouping match-interface-condition {
description
"This grouping provides interface match condition";
container match-interface {
leaf interface {
type leafref {
path "/if:interfaces/if:interface/if:name";
}
description
"Reference to a base interface. If a reference to a
subinterface is required, this leaf must be specified
to indicate the base interface.";
}
leaf subinterface {
type leafref {
path "/if:interfaces/if:interface/if-cmn:encapsulation"
+ "/if-l3-vlan:dot1q-vlan"
+ "/if-l3-vlan:outer-tag/if-l3-vlan:vlan-id";
}
description
"Reference to a subinterface -- this requires the base
interface to be specified using the interface leaf in
this container. If only a reference to a base interface
is requuired, this leaf should not be set.";
}
description
"Container for interface match conditions";
}
}
grouping prefix-set-condition {
description
"This grouping provides prefix-set conditions";
container match-prefix-set {
leaf prefix-set {
type leafref {
path "../../../../../../../defined-sets/" +
"prefix-sets/prefix-set/name";
}
description "References a defined prefix set";
}
uses match-set-options-restricted-group;
description
"Match a referenced prefix-set according to the logic
defined in the match-set-options leaf";
}
}
grouping neighbor-set-condition {
description
"This grouping provides neighbor-set conditions";
container match-neighbor-set {
leaf neighbor-set {
type leafref {
path "../../../../../../../defined-sets/neighbor-sets/" +
"neighbor-set/name";
require-instance true;
}
description "References a defined neighbor set";
}
description
"Match a referenced neighbor set according to the logic
defined in the match-set-options-leaf";
}
}
grouping tag-set-condition {
description
"This grouping provides tag-set conditions";
container match-tag-set {
leaf tag-set {
type leafref {
path "../../../../../../../defined-sets/tag-sets/tag-set" +
"/name";
require-instance true;
}
description "References a defined tag set";
}
uses match-set-options-restricted-group;
description
"Match a referenced tag set according to the logic defined
in the match-options-set leaf";
}
}
grouping generic-conditions {
description "Condition statement definitions for checking
membership in a generic defined set";
uses match-interface-condition;
uses prefix-set-condition;
uses neighbor-set-condition;
uses tag-set-condition;
}
grouping policy-conditions {
description
"Data for general policy conditions, i.e., those
not related to match-sets";
leaf call-policy {
type leafref {
path "../../../../../../" +
"rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
description
"Applies the statements from the specified policy
definition and then returns control the current
policy statement. Note that the called policy may
itself call other policies (subject to
implementation limitations). This is intended to
provide a policy 'subroutine' capability. The
called policy should contain an explicit or a
default route disposition that returns an
effective true (accept-route) or false
(reject-route), otherwise the behavior may be
ambiguous and implementation dependent";
}
leaf source-protocol {
type identityref {
base rt:control-plane-protocol;
}
description
"Condition to check the protocol / method used to install
the route into the local routing table";
}
}
grouping policy-conditions-top {
description
"Top-level grouping for policy conditions";
container conditions {
description
"Condition statements for the current policy statement";
uses policy-conditions;
uses generic-conditions;
}
}
grouping policy-statements {
description
"Data for policy statements";
leaf name {
type string;
description
"Name of the policy statement";
}
}
grouping policy-actions {
description
"Top-level grouping for policy actions";
container actions {
description
"Top-level container for policy action statements";
leaf policy-result {
type policy-result-type;
description
"Select the final disposition for the route, either
accept or reject.";
}
leaf set-metric {
type uint16;
description
"Set a new metric for the route.";
}
leaf set-preference {
type uint8;
description
"Set a new preference for the route.";
}
}
}
grouping policy-statements-top {
description
"Top-level grouping for the policy statements list";
container statements {
description
"Enclosing container for policy statements";
list statement {
key "name";
ordered-by user;
description
"Policy statements group conditions and actions
within a policy definition. They are evaluated in
the order specified (see the description of policy
evaluation at the top of this module.";
uses policy-statements;
uses policy-conditions-top;
uses policy-actions;
}
}
}
grouping policy-definitions {
description
"This grouping provides policy definitions";
leaf name {
type string;
description
"Name of the top-level policy definition -- this name
is used in references to the current policy";
}
}
grouping apply-policy-import {
description
"Grouping for applying import policies";
leaf-list import-policy {
type leafref {
path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
ordered-by user;
description
"List of policy names in sequence to be applied on
receiving a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
}
leaf default-import-policy {
type default-policy-type;
default reject-route;
description
"Explicitly set a default policy if no policy definition
in the import policy chain is satisfied.";
}
}
grouping apply-policy-export {
description
"Grouping for applying export policies";
leaf-list export-policy {
type leafref {
path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
ordered-by user;
description
"List of policy names in sequence to be applied on
sending a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
}
leaf default-export-policy {
type default-policy-type;
default reject-route;
description
"Explicitly set a default policy if no policy definition
in the export policy chain is satisfied.";
}
}
grouping apply-policy {
description
"Configuration data for routing policies";
uses apply-policy-import;
uses apply-policy-export;
container apply-policy-state {
description
"Operational state associated with routing policy";
//TODO: identify additional state data beyond the intended
//policy configuration.
}
}
grouping apply-policy-group {
description
"Top level container for routing policy applications. This
grouping is intended to be used in routing models where
needed.";
container apply-policy {
description
"Anchor point for routing policies in the model.
Import and export policies are with respect to the local
routing table, i.e., export (send) and import (receive),
depending on the context.";
uses apply-policy;
}
}
container routing-policy {
description
"Top-level container for all routing policy";
container defined-sets {
description
"Predefined sets of attributes used in policy match
statements";
uses prefix-set-top;
uses neighbor-set-top;
uses tag-set-top;
}
container policy-definitions {
description
"Enclosing container for the list of top-level policy
definitions";
list policy-definition {
key "name";
description
"List of top-level policy definitions, keyed by unique
name. These policy definitions are expected to be
referenced (by name) in policy chains specified in import
or export configuration statements.";
uses policy-definitions;
uses policy-statements-top;
}
}
}
}