Addition of common model.
Change-Id: If5fd6bae01a59ebf9d27f8369ac3403c83f70fad
diff --git a/models/common/BUCK b/models/common/BUCK
new file mode 100644
index 0000000..ee0d73a
--- /dev/null
+++ b/models/common/BUCK
@@ -0,0 +1,5 @@
+
+yang_model (
+ app_name = 'org.onosproject.models.common',
+ title = 'Common YANG Models',
+)
diff --git a/models/common/src/main/yang/iana-crypt-hash@2014-08-06.yang b/models/common/src/main/yang/iana-crypt-hash@2014-08-06.yang
new file mode 100644
index 0000000..44c4674
--- /dev/null
+++ b/models/common/src/main/yang/iana-crypt-hash@2014-08-06.yang
@@ -0,0 +1,120 @@
+module iana-crypt-hash {
+ namespace "urn:ietf:params:xml:ns:yang:iana-crypt-hash";
+ prefix ianach;
+
+ organization "IANA";
+ contact
+ " Internet Assigned Numbers Authority
+
+ Postal: ICANN
+ 12025 Waterfront Drive, Suite 300
+ Los Angeles, CA 90094-2536
+ United States
+
+ Tel: +1 310 301 5800
+ E-Mail: iana@iana.org>";
+ description
+ "This YANG module defines a type for storing passwords
+ using a hash function and features to indicate which hash
+ functions are supported by an implementation.
+
+ The latest revision of this YANG module can be obtained from
+ the IANA web site.
+
+ Requests for new values should be made to IANA via
+ email (iana@iana.org).
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ The initial version of this YANG module is part of RFC 7317;
+ see the RFC itself for full legal notices.";
+
+ revision 2014-08-06 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7317: A YANG Data Model for System Management";
+ }
+
+ typedef crypt-hash {
+ type string {
+ pattern
+ '$0$.*'
+ + '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}'
+ + '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}'
+ + '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}';
+ }
+ description
+ "The crypt-hash type is used to store passwords using
+ a hash function. The algorithms for applying the hash
+ function and encoding the result are implemented in
+ various UNIX systems as the function crypt(3).
+
+ A value of this type matches one of the forms:
+
+ $0$<clear text password>
+ $<id>$<salt>$<password hash>
+ $<id>$<parameter>$<salt>$<password hash>
+
+ The '$0$' prefix signals that the value is clear text. When
+ such a value is received by the server, a hash value is
+ calculated, and the string '$<id>$<salt>$' or
+ $<id>$<parameter>$<salt>$ is prepended to the result. This
+ value is stored in the configuration data store.
+ If a value starting with '$<id>$', where <id> is not '0', is
+ received, the server knows that the value already represents a
+ hashed value and stores it 'as is' in the data store.
+
+ When a server needs to verify a password given by a user, it
+ finds the stored password hash string for that user, extracts
+ the salt, and calculates the hash with the salt and given
+ password as input. If the calculated hash value is the same
+ as the stored value, the password given by the client is
+ accepted.
+
+ This type defines the following hash functions:
+
+ id | hash function | feature
+ ---+---------------+-------------------
+ 1 | MD5 | crypt-hash-md5
+ 5 | SHA-256 | crypt-hash-sha-256
+ 6 | SHA-512 | crypt-hash-sha-512
+
+ The server indicates support for the different hash functions
+ by advertising the corresponding feature.";
+ reference
+ "IEEE Std 1003.1-2008 - crypt() function
+ RFC 1321: The MD5 Message-Digest Algorithm
+ FIPS.180-4.2012: Secure Hash Standard (SHS)";
+ }
+
+ feature crypt-hash-md5 {
+ description
+ "Indicates that the device supports the MD5
+ hash function in 'crypt-hash' values.";
+ reference "RFC 1321: The MD5 Message-Digest Algorithm";
+ }
+
+ feature crypt-hash-sha-256 {
+ description
+ "Indicates that the device supports the SHA-256
+ hash function in 'crypt-hash' values.";
+ reference "FIPS.180-4.2012: Secure Hash Standard (SHS)";
+ }
+
+ feature crypt-hash-sha-512 {
+ description
+ "Indicates that the device supports the SHA-512
+ hash function in 'crypt-hash' values.";
+ reference "FIPS.180-4.2012: Secure Hash Standard (SHS)";
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-complex-types@2011-03-15.yang b/models/common/src/main/yang/ietf-complex-types@2011-03-15.yang
new file mode 100644
index 0000000..dd967ba
--- /dev/null
+++ b/models/common/src/main/yang/ietf-complex-types@2011-03-15.yang
@@ -0,0 +1,91 @@
+module ietf-complex-types {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-complex-types";
+ prefix "ct";
+
+ organization
+ "NETMOD WG";
+
+ contact
+ "Editor: Bernd Linowski
+ <bernd.linowski.ext@nsn.com>
+ Editor: Mehmet Ersue
+ <mehmet.ersue@nsn.com>
+ Editor: Siarhei Kuryla
+ <s.kuryla@gmail.com>";
+
+ description
+ "YANG extensions for complex types and typed instance
+ identifiers.
+
+ Copyright (c) 2011 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6095; see
+ the RFC itself for full legal notices.";
+
+ revision 2011-03-15 {
+ description "Initial revision.";
+ }
+
+ extension complex-type {
+ description "Defines a complex-type.";
+ reference "Section 2.2, complex-type Extension Statement";
+ argument type-identifier {
+ yin-element true;
+ }
+ }
+
+ extension extends {
+ description "Defines the base type of a complex-type.";
+ reference "Section 2.5, extends Extension Statement";
+ argument base-type-identifier {
+ yin-element true;
+ }
+ }
+ extension abstract {
+ description "Makes the complex-type abstract.";
+ reference "Section 2.6, abstract Extension Statement";
+ argument status;
+ }
+
+ extension instance {
+ description "Declares an instance of the given
+ complex type.";
+ reference "Section 2.3, instance Extension Statement";
+ argument ct-instance-identifier {
+ yin-element true;
+ }
+ }
+
+ extension instance-list {
+ description "Declares a list of instances of the given
+ complex type";
+ reference "Section 2.4, instance-list Extension Statement";
+ argument ct-instance-identifier {
+ yin-element true;
+ }
+ }
+
+ extension instance-type {
+ description "Tells to which type instance the instance
+ identifier refers.";
+ reference "Section 3.2, instance-type Extension Statement";
+ argument target-type-identifier {
+ yin-element true;
+ }
+ }
+
+ feature complex-types {
+ description "Indicates that the server supports
+ complex types and instance identifiers.";
+ }
+
+ }
diff --git a/models/common/src/main/yang/ietf-inet-types@2013-07-15.yang b/models/common/src/main/yang/ietf-inet-types@2013-07-15.yang
new file mode 100644
index 0000000..eacefb6
--- /dev/null
+++ b/models/common/src/main/yang/ietf-inet-types@2013-07-15.yang
@@ -0,0 +1,458 @@
+module ietf-inet-types {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-inet-types";
+ prefix "inet";
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: David Kessens
+ <mailto:david.kessens@nsn.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This module contains a collection of generally useful derived
+ YANG data types for Internet addresses and related things.
+
+ Copyright (c) 2013 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6991; see
+ the RFC itself for full legal notices.";
+
+ revision 2013-07-15 {
+ description
+ "This revision adds the following new data types:
+ - ip-address-no-zone
+ - ipv4-address-no-zone
+ - ipv6-address-no-zone";
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+
+ revision 2010-09-24 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 6021: Common YANG Data Types";
+ }
+
+ /*** collection of types related to protocol fields ***/
+
+ typedef ip-version {
+ type enumeration {
+ enum unknown {
+ value "0";
+ description
+ "An unknown or unspecified version of the Internet
+ protocol.";
+ }
+ enum ipv4 {
+ value "1";
+ description
+ "The IPv4 protocol as defined in RFC 791.";
+ }
+ enum ipv6 {
+ value "2";
+ description
+ "The IPv6 protocol as defined in RFC 2460.";
+ }
+ }
+ description
+ "This value represents the version of the IP protocol.
+
+ In the value set and its semantics, this type is equivalent
+ to the InetVersion textual convention of the SMIv2.";
+ reference
+ "RFC 791: Internet Protocol
+ RFC 2460: Internet Protocol, Version 6 (IPv6) Specification
+ RFC 4001: Textual Conventions for Internet Network Addresses";
+ }
+
+ typedef dscp {
+ type uint8 {
+ range "0..63";
+ }
+ description
+ "The dscp type represents a Differentiated Services Code Point
+ that may be used for marking packets in a traffic stream.
+ In the value set and its semantics, this type is equivalent
+ to the Dscp textual convention of the SMIv2.";
+ reference
+ "RFC 3289: Management Information Base for the Differentiated
+ Services Architecture
+ RFC 2474: Definition of the Differentiated Services Field
+ (DS Field) in the IPv4 and IPv6 Headers
+ RFC 2780: IANA Allocation Guidelines For Values In
+ the Internet Protocol and Related Headers";
+ }
+
+ typedef ipv6-flow-label {
+ type uint32 {
+ range "0..1048575";
+ }
+ description
+ "The ipv6-flow-label type represents the flow identifier or Flow
+ Label in an IPv6 packet header that may be used to
+ discriminate traffic flows.
+
+ In the value set and its semantics, this type is equivalent
+ to the IPv6FlowLabel textual convention of the SMIv2.";
+ reference
+ "RFC 3595: Textual Conventions for IPv6 Flow Label
+ RFC 2460: Internet Protocol, Version 6 (IPv6) Specification";
+ }
+
+ typedef port-number {
+ type uint16 {
+ range "0..65535";
+ }
+ description
+ "The port-number type represents a 16-bit port number of an
+ Internet transport-layer protocol such as UDP, TCP, DCCP, or
+ SCTP. Port numbers are assigned by IANA. A current list of
+ all assignments is available from <http://www.iana.org/>.
+
+ Note that the port number value zero is reserved by IANA. In
+ situations where the value zero does not make sense, it can
+ be excluded by subtyping the port-number type.
+ In the value set and its semantics, this type is equivalent
+ to the InetPortNumber textual convention of the SMIv2.";
+ reference
+ "RFC 768: User Datagram Protocol
+ RFC 793: Transmission Control Protocol
+ RFC 4960: Stream Control Transmission Protocol
+ RFC 4340: Datagram Congestion Control Protocol (DCCP)
+ RFC 4001: Textual Conventions for Internet Network Addresses";
+ }
+
+ /*** collection of types related to autonomous systems ***/
+
+ typedef as-number {
+ type uint32;
+ description
+ "The as-number type represents autonomous system numbers
+ which identify an Autonomous System (AS). An AS is a set
+ of routers under a single technical administration, using
+ an interior gateway protocol and common metrics to route
+ packets within the AS, and using an exterior gateway
+ protocol to route packets to other ASes. IANA maintains
+ the AS number space and has delegated large parts to the
+ regional registries.
+
+ Autonomous system numbers were originally limited to 16
+ bits. BGP extensions have enlarged the autonomous system
+ number space to 32 bits. This type therefore uses an uint32
+ base type without a range restriction in order to support
+ a larger autonomous system number space.
+
+ In the value set and its semantics, this type is equivalent
+ to the InetAutonomousSystemNumber textual convention of
+ the SMIv2.";
+ reference
+ "RFC 1930: Guidelines for creation, selection, and registration
+ of an Autonomous System (AS)
+ RFC 4271: A Border Gateway Protocol 4 (BGP-4)
+ RFC 4001: Textual Conventions for Internet Network Addresses
+ RFC 6793: BGP Support for Four-Octet Autonomous System (AS)
+ Number Space";
+ }
+
+ /*** collection of types related to IP addresses and hostnames ***/
+
+ typedef ip-address {
+ type union {
+ type inet:ipv4-address;
+ type inet:ipv6-address;
+ }
+ description
+ "The ip-address type represents an IP address and is IP
+ version neutral. The format of the textual representation
+ implies the IP version. This type supports scoped addresses
+ by allowing zone identifiers in the address format.";
+ reference
+ "RFC 4007: IPv6 Scoped Address Architecture";
+ }
+
+ typedef ipv4-address {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'
+ + '(%[\p{N}\p{L}]+)?';
+ }
+ description
+ "The ipv4-address type represents an IPv4 address in
+ dotted-quad notation. The IPv4 address may include a zone
+ index, separated by a % sign.
+
+ The zone index is used to disambiguate identical address
+ values. For link-local addresses, the zone index will
+ typically be the interface index number or the name of an
+ interface. If the zone index is not present, the default
+ zone of the device will be used.
+
+ The canonical format for the zone index is the numerical
+ format";
+ }
+
+ typedef ipv6-address {
+ type string {
+ pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}'
+ + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|'
+ + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}'
+ + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))'
+ + '(%[\p{N}\p{L}]+)?';
+ pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|'
+ + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)'
+ + '(%.+)?';
+ }
+ description
+ "The ipv6-address type represents an IPv6 address in full,
+ mixed, shortened, and shortened-mixed notation. The IPv6
+ address may include a zone index, separated by a % sign.
+
+ The zone index is used to disambiguate identical address
+ values. For link-local addresses, the zone index will
+ typically be the interface index number or the name of an
+ interface. If the zone index is not present, the default
+ zone of the device will be used.
+
+ The canonical format of IPv6 addresses uses the textual
+ representation defined in Section 4 of RFC 5952. The
+ canonical format for the zone index is the numerical
+ format as described in Section 11.2 of RFC 4007.";
+ reference
+ "RFC 4291: IP Version 6 Addressing Architecture
+ RFC 4007: IPv6 Scoped Address Architecture
+ RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ typedef ip-address-no-zone {
+ type union {
+ type inet:ipv4-address-no-zone;
+ type inet:ipv6-address-no-zone;
+ }
+ description
+ "The ip-address-no-zone type represents an IP address and is
+ IP version neutral. The format of the textual representation
+ implies the IP version. This type does not support scoped
+ addresses since it does not allow zone identifiers in the
+ address format.";
+ reference
+ "RFC 4007: IPv6 Scoped Address Architecture";
+ }
+
+ typedef ipv4-address-no-zone {
+ type inet:ipv4-address {
+ pattern '[0-9\.]*';
+ }
+ description
+ "An IPv4 address without a zone index. This type, derived from
+ ipv4-address, may be used in situations where the zone is
+ known from the context and hence no zone index is needed.";
+ }
+
+ typedef ipv6-address-no-zone {
+ type inet:ipv6-address {
+ pattern '[0-9a-fA-F:\.]*';
+ }
+ description
+ "An IPv6 address without a zone index. This type, derived from
+ ipv6-address, may be used in situations where the zone is
+ known from the context and hence no zone index is needed.";
+ reference
+ "RFC 4291: IP Version 6 Addressing Architecture
+ RFC 4007: IPv6 Scoped Address Architecture
+ RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ typedef ip-prefix {
+ type union {
+ type inet:ipv4-prefix;
+ type inet:ipv6-prefix;
+ }
+ description
+ "The ip-prefix type represents an IP prefix and is IP
+ version neutral. The format of the textual representations
+ implies the IP version.";
+ }
+
+ typedef ipv4-prefix {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'
+ + '/(([0-9])|([1-2][0-9])|(3[0-2]))';
+ }
+ description
+ "The ipv4-prefix type represents an IPv4 address prefix.
+ The prefix length is given by the number following the
+ slash character and must be less than or equal to 32.
+
+ A prefix length value of n corresponds to an IP address
+ mask that has n contiguous 1-bits from the most
+ significant bit (MSB) and all other bits set to 0.
+
+ The canonical format of an IPv4 prefix has all bits of
+ the IPv4 address set to zero that are not part of the
+ IPv4 prefix.";
+ }
+
+ typedef ipv6-prefix {
+ type string {
+ pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}'
+ + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|'
+ + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}'
+ + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))'
+ + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))';
+ pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|'
+ + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)'
+ + '(/.+)';
+ }
+
+ description
+ "The ipv6-prefix type represents an IPv6 address prefix.
+ The prefix length is given by the number following the
+ slash character and must be less than or equal to 128.
+
+ A prefix length value of n corresponds to an IP address
+ mask that has n contiguous 1-bits from the most
+ significant bit (MSB) and all other bits set to 0.
+
+ The IPv6 address should have all bits that do not belong
+ to the prefix set to zero.
+
+ The canonical format of an IPv6 prefix has all bits of
+ the IPv6 address set to zero that are not part of the
+ IPv6 prefix. Furthermore, the IPv6 address is represented
+ as defined in Section 4 of RFC 5952.";
+ reference
+ "RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ /*** collection of domain name and URI types ***/
+
+ typedef domain-name {
+ type string {
+ pattern
+ '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*'
+ + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)'
+ + '|\.';
+ length "1..253";
+ }
+ description
+ "The domain-name type represents a DNS domain name. The
+ name SHOULD be fully qualified whenever possible.
+
+ Internet domain names are only loosely specified. Section
+ 3.5 of RFC 1034 recommends a syntax (modified in Section
+ 2.1 of RFC 1123). The pattern above is intended to allow
+ for current practice in domain name use, and some possible
+ future expansion. It is designed to hold various types of
+ domain names, including names used for A or AAAA records
+ (host names) and other records, such as SRV records. Note
+ that Internet host names have a stricter syntax (described
+ in RFC 952) than the DNS recommendations in RFCs 1034 and
+ 1123, and that systems that want to store host names in
+ schema nodes using the domain-name type are recommended to
+ adhere to this stricter standard to ensure interoperability.
+
+ The encoding of DNS names in the DNS protocol is limited
+ to 255 characters. Since the encoding consists of labels
+ prefixed by a length bytes and there is a trailing NULL
+ byte, only 253 characters can appear in the textual dotted
+ notation.
+
+ The description clause of schema nodes using the domain-name
+ type MUST describe when and how these names are resolved to
+ IP addresses. Note that the resolution of a domain-name value
+ may require to query multiple DNS records (e.g., A for IPv4
+ and AAAA for IPv6). The order of the resolution process and
+ which DNS record takes precedence can either be defined
+ explicitly or may depend on the configuration of the
+ resolver.
+
+ Domain-name values use the US-ASCII encoding. Their canonical
+ format uses lowercase US-ASCII characters. Internationalized
+ domain names MUST be A-labels as per RFC 5890.";
+ reference
+ "RFC 952: DoD Internet Host Table Specification
+ RFC 1034: Domain Names - Concepts and Facilities
+ RFC 1123: Requirements for Internet Hosts -- Application
+ and Support
+ RFC 2782: A DNS RR for specifying the location of services
+ (DNS SRV)
+ RFC 5890: Internationalized Domain Names in Applications
+ (IDNA): Definitions and Document Framework";
+ }
+
+ typedef host {
+ type union {
+ type inet:ip-address;
+ type inet:domain-name;
+ }
+ description
+ "The host type represents either an IP address or a DNS
+ domain name.";
+ }
+
+ typedef uri {
+ type string;
+ description
+ "The uri type represents a Uniform Resource Identifier
+ (URI) as defined by STD 66.
+
+ Objects using the uri type MUST be in US-ASCII encoding,
+ and MUST be normalized as described by RFC 3986 Sections
+ 6.2.1, 6.2.2.1, and 6.2.2.2. All unnecessary
+ percent-encoding is removed, and all case-insensitive
+ characters are set to lowercase except for hexadecimal
+ digits, which are normalized to uppercase as described in
+ Section 6.2.2.1.
+
+ The purpose of this normalization is to help provide
+ unique URIs. Note that this normalization is not
+ sufficient to provide uniqueness. Two URIs that are
+ textually distinct after this normalization may still be
+ equivalent.
+
+ Objects using the uri type may restrict the schemes that
+ they permit. For example, 'data:' and 'urn:' schemes
+ might not be appropriate.
+
+ A zero-length URI is not a valid URI. This can be used to
+ express 'URI absent' where required.
+
+ In the value set and its semantics, this type is equivalent
+ to the Uri SMIv2 textual convention defined in RFC 5017.";
+ reference
+ "RFC 3986: Uniform Resource Identifier (URI): Generic Syntax
+ RFC 3305: Report from the Joint W3C/IETF URI Planning Interest
+ Group: Uniform Resource Identifiers (URIs), URLs,
+ and Uniform Resource Names (URNs): Clarifications
+ and Recommendations
+ RFC 5017: MIB Textual Conventions for Uniform Resource
+ Identifiers (URIs)";
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-ipfix-psamp@2012-09-05.yang b/models/common/src/main/yang/ietf-ipfix-psamp@2012-09-05.yang
new file mode 100644
index 0000000..744f096
--- /dev/null
+++ b/models/common/src/main/yang/ietf-ipfix-psamp@2012-09-05.yang
@@ -0,0 +1,2232 @@
+module ietf-ipfix-psamp {
+ namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp";
+ prefix ipfix;
+
+ import ietf-yang-types { prefix yang; }
+ import ietf-inet-types { prefix inet; }
+
+ organization
+ "IETF IPFIX Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/ipfix/>
+ WG List: <ipfix@ietf.org>
+
+ WG Chair: Nevil Brownlee
+ <n.brownlee@auckland.ac.nz>
+
+ WG Chair: Juergen Quittek
+ <quittek@neclab.eu>
+
+ Editor: Gerhard Muenz
+ <muenz@net.in.tum.de>";
+
+ description
+ "IPFIX/PSAMP Configuration Data Model
+
+ Copyright (c) 2012 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).";
+
+ revision 2012-09-05 {
+ description "Initial version";
+ reference "RFC 6728: Configuration Data Model for the IP Flow
+ Information Export (IPFIX) and Packet Sampling (PSAMP)
+ Protocols";
+ }
+
+ /*****************************************************************
+ * Features
+ *****************************************************************/
+
+ feature exporter {
+ description "If supported, the Monitoring Device can be used as
+ an Exporter. Exporting Processes can be configured.";
+ }
+
+ feature collector {
+ description "If supported, the Monitoring Device can be used as
+ a Collector. Collecting Processes can be configured.";
+ }
+
+ feature meter {
+ description "If supported, Observation Points, Selection
+ Processes, and Caches can be configured.";
+ }
+
+ feature psampSampCountBased {
+ description "If supported, the Monitoring Device supports
+ count-based Sampling. The Selector method sampCountBased can
+ be configured.";
+ }
+
+ feature psampSampTimeBased {
+ description "If supported, the Monitoring Device supports
+ time-based Sampling. The Selector method sampTimeBased can
+ be configured.";
+ }
+
+ feature psampSampRandOutOfN {
+ description "If supported, the Monitoring Device supports
+ random n-out-of-N Sampling. The Selector method
+ sampRandOutOfN can be configured.";
+ }
+
+ feature psampSampUniProb {
+ description "If supported, the Monitoring Device supports
+ uniform probabilistic Sampling. The Selector method
+ sampUniProb can be configured.";
+ }
+
+ feature psampFilterMatch {
+ description "If supported, the Monitoring Device supports
+ property match Filtering. The Selector method filterMatch
+ can be configured.";
+ }
+
+ feature psampFilterHash {
+ description "If supported, the Monitoring Device supports
+ hash-based Filtering. The Selector method filterHash can be
+ configured.";
+ }
+
+ feature immediateCache {
+ description "If supported, the Monitoring Device supports
+ Caches generating PSAMP Packet Reports by configuration with
+ immediateCache.";
+ }
+
+ feature timeoutCache {
+ description "If supported, the Monitoring Device supports
+ Caches generating IPFIX Flow Records by configuration with
+ timeoutCache.";
+ }
+
+ feature naturalCache {
+ description "If supported, the Monitoring Device supports
+ Caches generating IPFIX Flow Records by configuration with
+ naturalCache.";
+ }
+
+ feature permanentCache {
+ description "If supported, the Monitoring Device supports
+ Caches generating IPFIX Flow Records by configuration with
+ permanentCache.";
+ }
+
+ feature udpTransport {
+ description "If supported, the Monitoring Device supports UDP
+ as the transport protocol.";
+ }
+
+ feature tcpTransport {
+ description "If supported, the Monitoring Device supports TCP
+ as the transport protocol.";
+ }
+
+ feature fileReader {
+ description "If supported, the Monitoring Device supports the
+ configuration of Collecting Processes as File Readers.";
+ }
+
+ feature fileWriter {
+ description "If supported, the Monitoring Device supports the
+ configuration of Exporting Processes as File Writers.";
+ }
+
+ /*****************************************************************
+ * Identities
+ *****************************************************************/
+
+ /*** Hash function identities ***/
+ identity hashFunction {
+ description "Base identity for all hash functions used for
+ hash-based packet Filtering. Identities derived from
+ this base are used by the leaf
+ /ipfix/selectionProcess/selector/filterHash/hashFunction.";
+ }
+ identity BOB {
+ base "hashFunction";
+ description "BOB hash function";
+ reference "RFC 5475, Section 6.2.4.1.";
+ }
+ identity IPSX {
+ base "hashFunction";
+ description "IPSX hash function";
+ reference "RFC 5475, Section 6.2.4.1.";
+ }
+ identity CRC {
+ base "hashFunction";
+ description "CRC hash function";
+ reference "RFC 5475, Section 6.2.4.1.";
+ }
+
+ /*** Export mode identities ***/
+ identity exportMode {
+ description "Base identity for different usages of export
+ destinations configured for an Exporting Process.
+ Identities derived from this base are used by the leaf
+ /ipfix/exportingProcess/exportMode.";
+ }
+ identity parallel {
+ base "exportMode";
+ description "Parallel export of Data Records to all
+ destinations configured for the Exporting Process.";
+ }
+ identity loadBalancing {
+ base "exportMode";
+ description "Load-balancing between the different destinations
+ configured for the Exporting Process.";
+ }
+ identity fallback {
+ base "exportMode";
+ description "Export to the primary destination (i.e., the first
+ SCTP, UDP, TCP, or file destination configured for the
+ Exporting Process). If the export to the primary destination
+ fails, the Exporting Process tries to export to the secondary
+ destination. If the secondary destination fails as well, it
+ continues with the tertiary, etc.";
+ }
+
+ /*** Options type identities ***/
+ identity optionsType {
+ description "Base identity for report types exported with
+ options. Identities derived from this base are used by the leaf
+ /ipfix/exportingProcess/options/optionsType.";
+ }
+ identity meteringStatistics {
+ base "optionsType";
+ description "Metering Process Statistics.";
+ reference "RFC 5101, Section 4.1.";
+ }
+ identity meteringReliability {
+ base "optionsType";
+ description "Metering Process Reliability Statistics.";
+ reference "RFC 5101, Section 4.2.";
+ }
+ identity exportingReliability {
+ base "optionsType";
+ description "Exporting Process Reliability
+ Statistics.";
+ reference "RFC 5101, Section 4.3.";
+ }
+ identity flowKeys {
+ base "optionsType";
+ description "Flow Keys.";
+ reference "RFC 5101, Section 4.4.";
+ }
+ identity selectionSequence {
+ base "optionsType";
+ description "Selection Sequence and Selector Reports.";
+ reference "RFC 5476, Sections 6.5.1 and 6.5.2.";
+ }
+ identity selectionStatistics {
+ base "optionsType";
+ description "Selection Sequence Statistics Report.";
+ reference "RFC 5476, Sections 6.5.3.";
+ }
+ identity accuracy {
+ base "optionsType";
+ description "Accuracy Report.";
+ reference "RFC 5476, Section 6.5.4.";
+ }
+ identity reducingRedundancy {
+ base "optionsType";
+ description "Enables the utilization of Options Templates to
+ reduce redundancy in the exported Data Records.";
+ reference "RFC 5473.";
+ }
+ identity extendedTypeInformation {
+ base "optionsType";
+ description "Export of extended type information for
+ enterprise-specific Information Elements used in the
+ exported Templates.";
+ reference "RFC 5610.";
+ }
+
+ /*****************************************************************
+ * Type definitions
+ *****************************************************************/
+
+ typedef ieNameType {
+ type string {
+ length "1..max";
+ pattern "\S+";
+ }
+ description "Type for Information Element names. Whitespaces
+ are not allowed.";
+ }
+
+ typedef ieIdType {
+ type uint16 {
+ range "1..32767" {
+ description "Valid range of Information Element
+ identifiers.";
+ reference "RFC 5102, Section 4.";
+ }
+ }
+ description "Type for Information Element identifiers.";
+ }
+
+ typedef nameType {
+ type string {
+ length "1..max";
+ pattern "\S(.*\S)?";
+ }
+ description "Type for 'name' leafs, which are used to identify
+ specific instances within lists, etc.
+ Leading and trailing whitespaces are not allowed.";
+ }
+
+ typedef ifNameType {
+ type string {
+ length "1..255";
+ }
+ description "This corresponds to the DisplayString textual
+ convention of SNMPv2-TC, which is used for ifName in the IF
+ MIB module.";
+ reference "RFC 2863 (ifName).";
+ }
+
+ typedef direction {
+ type enumeration {
+ enum ingress {
+ description "This value is used for monitoring incoming
+ packets.";
+ }
+ enum egress {
+ description "This value is used for monitoring outgoing
+ packets.";
+ }
+ enum both {
+ description "This value is used for monitoring incoming and
+ outgoing packets.";
+ }
+ }
+ description "Direction of packets going through an interface or
+ linecard.";
+ }
+
+ typedef transportSessionStatus {
+ type enumeration {
+ enum inactive {
+ description "This value MUST be used for Transport Sessions
+ that are specified in the system but currently not active.
+ The value can be used for Transport Sessions that are
+ backup (secondary) sessions.";
+ }
+ enum active {
+ description "This value MUST be used for Transport Sessions
+ that are currently active and transmitting or receiving
+ data.";
+ }
+ enum unknown {
+ description "This value MUST be used if the status of the
+ Transport Sessions cannot be detected by the device. This
+ value should be avoided as far as possible.";
+ }
+ }
+ description "Status of a Transport Session.";
+ reference "RFC 6615, Section 8 (ipfixTransportSessionStatus).";
+ }
+
+ /*****************************************************************
+ * Groupings
+ *****************************************************************/
+
+ grouping observationPointParameters {
+ description "Interface as input to Observation Point.";
+ leaf observationPointId {
+ type uint32;
+ config false;
+ description "Observation Point ID (i.e., the value of the
+ Information Element observationPointId) assigned by the
+ Monitoring Device.";
+ reference "IANA registry for IPFIX Entities,
+ http://www.iana.org/assignments/ipfix.";
+ }
+ leaf observationDomainId {
+ type uint32;
+ mandatory true;
+ description "The Observation Domain ID associates the
+ Observation Point to an Observation Domain. Observation
+ Points with identical Observation Domain IDs belong to the
+ same Observation Domain.
+ Note that this parameter corresponds to
+ ipfixObservationPointObservationDomainId in the IPFIX MIB
+ module.";
+ reference "RFC 5101; RFC 6615, Section 8
+ (ipfixObservationPointObservationDomainId).";
+ }
+ leaf-list ifName {
+ type ifNameType;
+ description "List of names identifying interfaces of the
+ Monitoring Device. The Observation Point observes packets at
+ the specified interfaces.";
+ }
+ leaf-list ifIndex {
+ type uint32;
+ description "List of ifIndex values pointing to entries in the
+ ifTable of the IF-MIB module maintained by the Monitoring
+ Device. The Observation Point observes packets at the
+ specified interfaces.
+ This parameter SHOULD only be used if an SNMP agent enables
+ access to the ifTable.
+ Note that this parameter corresponds to
+ ipfixObservationPointPhysicalInterface in the IPFIX MIB
+ module.";
+ reference "RFC 2863; RFC 6615, Section 8
+ (ipfixObservationPointPhysicalInterface).";
+ }
+ leaf-list entPhysicalName {
+ type string;
+ description "List of names identifying physical entities of the
+ Monitoring Device. The Observation Point observes packets at
+ the specified entities.";
+ }
+ leaf-list entPhysicalIndex {
+ type uint32;
+ description "List of entPhysicalIndex values pointing to
+ entries in the entPhysicalTable of the ENTITY-MIB module
+ maintained by the Monitoring Device. The Observation Point
+ observes packets at the specified entities.
+ This parameter SHOULD only be used if an SNMP agent enables
+ access to the entPhysicalTable.
+ Note that this parameter corresponds to
+ ipfixObservationPointPhysicalEntity in the IPFIX MIB
+ module.";
+ reference "RFC 4133; RFC 6615, Section 8
+ (ipfixObservationPointPhysicalInterface).";
+ }
+ leaf direction {
+ type direction;
+ default both;
+ description "Direction of packets. If not applicable (e.g., in
+ the case of a sniffing interface in promiscuous mode), this
+ parameter is ignored.";
+ }
+ }
+
+ grouping sampCountBasedParameters {
+ description "Configuration parameters of a Selector applying
+ systematic count-based packet Sampling to the packet
+ stream.";
+ reference "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.1.";
+ leaf packetInterval {
+ type uint32;
+ units packets;
+ mandatory true;
+ description "The number of packets that are consecutively
+ sampled between gaps of length packetSpace.
+ This parameter corresponds to the Information Element
+ samplingPacketInterval and to psampSampCountBasedInterval
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.2.2; RFC 6727, Section 6
+ (psampSampCountBasedInterval).";
+ }
+ leaf packetSpace {
+ type uint32;
+ units packets;
+ mandatory true;
+ description "The number of unsampled packets between two
+ Sampling intervals.
+ This parameter corresponds to the Information Element
+ samplingPacketSpace and to psampSampCountBasedSpace
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.2.3; RFC 6727, Section 6
+ (psampSampCountBasedSpace).";
+ }
+ }
+
+ grouping sampTimeBasedParameters {
+ description "Configuration parameters of a Selector applying
+ systematic time-based packet Sampling to the packet
+ stream.";
+ reference "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.2.";
+ leaf timeInterval {
+ type uint32;
+ units microseconds;
+ mandatory true;
+ description "The time interval in microseconds during
+ which all arriving packets are sampled between gaps
+ of length timeSpace.
+ This parameter corresponds to the Information Element
+ samplingTimeInterval and to psampSampTimeBasedInterval
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.2.4; RFC 6727, Section 6
+ (psampSampTimeBasedInterval).";
+ }
+ leaf timeSpace {
+ type uint32;
+ units microseconds;
+ mandatory true;
+ description "The time interval in microseconds during
+ which no packets are sampled between two Sampling
+ intervals specified by timeInterval.
+ This parameter corresponds to the Information Element
+ samplingTimeInterval and to psampSampTimeBasedSpace
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.2.5; RFC 6727, Section 6
+ (psampSampTimeBasedSpace).";
+ }
+ }
+
+ grouping sampRandOutOfNParameters {
+ description "Configuration parameters of a Selector applying
+ n-out-of-N packet Sampling to the packet stream.";
+ reference "RFC 5475, Section 5.2.1; RFC 5476, Section 6.5.2.3.";
+ leaf size {
+ type uint32;
+ units packets;
+ mandatory true;
+ description "The number of elements taken from the parent
+ population.
+ This parameter corresponds to the Information Element
+ samplingSize and to psampSampRandOutOfNSize in the PSAMP
+ MIB module.";
+ reference "RFC 5477, Section 8.2.6; RFC 6727, Section 6
+ (psampSampRandOutOfNSize).";
+ }
+ leaf population {
+ type uint32;
+ units packets;
+ mandatory true;
+ description "The number of elements in the parent
+ population.
+ This parameter corresponds to the Information Element
+ samplingPopulation and to psampSampRandOutOfNPopulation
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.2.7; RFC 6727, Section 6
+ (psampSampRandOutOfNPopulation).";
+ }
+ }
+
+ grouping sampUniProbParameters {
+ description "Configuration parameters of a Selector applying
+ uniform probabilistic packet Sampling (with equal
+ probability per packet) to the packet stream.";
+ reference "RFC 5475, Section 5.2.2.1;
+ RFC 5476, Section 6.5.2.4.";
+ leaf probability {
+ type decimal64 {
+ fraction-digits 18;
+ range "0..1";
+ }
+ mandatory true;
+ description "Probability that a packet is sampled,
+ expressed as a value between 0 and 1. The probability
+ is equal for every packet.
+ This parameter corresponds to the Information Element
+ samplingProbability and to psampSampUniProbProbability
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.2.8; RFC 6727, Section 6
+ (psampSampUniProbProbability).";
+ }
+ }
+
+ grouping filterMatchParameters {
+ description "Configuration parameters of a Selector applying
+ property match Filtering to the packet stream.
+ The field to be matched is specified as an Information
+ Element.";
+ reference "RFC 5475, Section 6.1; RFC 5476, Section 6.5.2.5.";
+ choice nameOrId {
+ mandatory true;
+ description "The field to be matched is specified by
+ either the name or the identifier of the Information
+ Element.";
+ leaf ieName {
+ type ieNameType;
+ description "Name of the Information Element.";
+ }
+ leaf ieId {
+ type ieIdType;
+ description "Identifier of the Information Element.";
+ }
+ }
+ leaf ieEnterpriseNumber {
+ type uint32;
+ default 0;
+ description "If this parameter is zero, the Information
+ Element is registered in the IANA registry of IPFIX
+ Information Elements.
+ If this parameter is configured with a non-zero private
+ enterprise number, the Information Element is
+ enterprise-specific.";
+ reference "IANA registry for Private Enterprise Numbers,
+ http://www.iana.org/assignments/enterprise-numbers;
+ IANA registry for IPFIX Entities,
+ http://www.iana.org/assignments/ipfix.";
+ }
+ leaf value {
+ type string;
+ mandatory true;
+ description "Matching value of the Information Element.";
+ }
+ }
+
+ grouping filterHashParameters {
+ description "Configuration parameters of a Selector applying
+ hash-based Filtering to the packet stream.";
+ reference "RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6.";
+ leaf hashFunction {
+ type identityref {
+ base "hashFunction";
+ }
+ default BOB;
+ description "Hash function to be applied. According to
+ RFC 5475, Section 6.2.4.1, 'BOB' must be used in order to
+ be compliant with PSAMP.
+ This parameter functionally corresponds to
+ psampFiltHashFunction in the PSAMP MIB module.";
+ reference "RFC 6727, Section 6 (psampFiltHashFunction)";
+ }
+ leaf initializerValue {
+ type uint64;
+ description "Initializer value to the hash function.
+ If not configured by the user, the Monitoring Device
+ arbitrarily chooses an initializer value.
+ This parameter corresponds to the Information Element
+ hashInitialiserValue and to psampFiltHashInitializerValue
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.3.9; RFC 6727, Section 6
+ (psampFiltHashInitializerValue).";
+ }
+ leaf ipPayloadOffset {
+ type uint64;
+ units octets;
+ default 0;
+ description "IP payload offset indicating the position of
+ the first payload byte considered as input to the hash
+ function.
+ Default value 0 corresponds to the minimum offset that
+ must be configurable according to RFC 5476, Section
+ 6.5.2.6.
+ This parameter corresponds to the Information Element
+ hashIPPayloadOffset and to psampFiltHashIpPayloadOffset
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.3.2; RFC 6727, Section 6
+ (psampFiltHashIpPayloadOffset).";
+ }
+ leaf ipPayloadSize {
+ type uint64;
+ units octets;
+ default 8;
+ description "Number of IP payload bytes used as input to
+ the hash function, counted from the payload offset.
+ If the IP payload is shorter than the payload range,
+ all available payload octets are used as input.
+ Default value 8 corresponds to the minimum IP payload
+ size that must be configurable according to RFC 5476,
+ Section 6.5.2.6.
+ This parameter corresponds to the Information Element
+ hashIPPayloadSize and to psampFiltHashIpPayloadSize
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.3.3; RFC 6727, Section 6
+ (psampFiltHashIpPayloadSize).";
+ }
+ leaf digestOutput {
+ type boolean;
+ default false;
+ description "If true, the output from this Selector is
+ included in the Packet Report as a packet digest.
+ Therefore, the configured Cache Layout needs to contain
+ a digestHashValue field.
+ This parameter corresponds to the Information Element
+ hashDigestOutput.";
+ reference "RFC 5477, Section 8.3.8.";
+ }
+ leaf outputRangeMin {
+ type uint64;
+ config false;
+ description "Beginning of the hash function's potential
+ range.
+ This parameter corresponds to the Information Element
+ hashOutputRangeMin and to psampFiltHashOutputRangeMin
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.3.4; RFC 6727, Section 6
+ (psampFiltHashOutputRangeMin).";
+ }
+ leaf outputRangeMax {
+ type uint64;
+ config false;
+ description "End of the hash function's potential range.
+ This parameter corresponds to the Information Element
+ hashOutputRangeMax and to psampFiltHashOutputRangeMax
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.3.5; RFC 6727, Section 6
+ (psampFiltHashOutputRangeMax).";
+ }
+ list selectedRange {
+ key name;
+ min-elements 1;
+ description "List of hash function return ranges for
+ which packets are selected.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ leaf min {
+ type uint64;
+ description "Beginning of the hash function's selected
+ range.
+ This parameter corresponds to the Information Element
+ hashSelectedRangeMin and to psampFiltHashSelectedRangeMin
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.3.6; RFC 6727, Section 6
+ (psampFiltHashSelectedRangeMin).";
+ }
+ leaf max {
+ type uint64;
+ description "End of the hash function's selected range.
+ This parameter corresponds to the Information Element
+ hashSelectedRangeMax and to psampFiltHashSelectedRangeMax
+ in the PSAMP MIB module.";
+ reference "RFC 5477, Section 8.3.7; RFC 6727, Section 6
+ (psampFiltHashSelectedRangeMax).";
+ }
+ }
+ }
+
+ grouping selectorParameters {
+ description "Configuration and state parameters of a Selector.";
+ choice Method {
+ mandatory true;
+ description "Packet selection method applied by the Selector.";
+ leaf selectAll {
+ type empty;
+ description "Method that selects all packets.";
+ }
+ container sampCountBased {
+ if-feature psampSampCountBased;
+ description "Systematic count-based packet Sampling.";
+ uses sampCountBasedParameters;
+ }
+ container sampTimeBased {
+ if-feature psampSampTimeBased;
+ description "Systematic time-based packet Sampling.";
+ uses sampTimeBasedParameters;
+ }
+ container sampRandOutOfN {
+ if-feature psampSampRandOutOfN;
+ description "n-out-of-N packet Sampling.";
+ uses sampRandOutOfNParameters;
+ }
+ container sampUniProb {
+ if-feature psampSampUniProb;
+ description "Uniform probabilistic packet Sampling.";
+ uses sampUniProbParameters;
+ }
+ container filterMatch {
+ if-feature psampFilterMatch;
+ description "Property match Filtering.";
+ uses filterMatchParameters;
+ }
+ container filterHash {
+ if-feature psampFilterHash;
+ description "Hash-based Filtering.";
+ uses filterHashParameters;
+ }
+ }
+ leaf packetsObserved {
+ type yang:counter64;
+ config false;
+ description "The number of packets observed at the input of
+ the Selector.
+ If this is the first Selector in the Selection Process,
+ this counter corresponds to the total number of packets in
+ all Observed Packet Streams at the input of the Selection
+ Process. Otherwise, the counter corresponds to the total
+ number of packets at the output of the preceding Selector.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ selectorDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixSelectorStatsPacketsObserved in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixSelectorStatsPacketsObserved).";
+ }
+ leaf packetsDropped {
+ type yang:counter64;
+ config false;
+ description "The total number of packets discarded by the
+ Selector.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ selectorDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixSelectorStatsPacketsDropped in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixSelectorStatsPacketsDropped).";
+ }
+ leaf selectorDiscontinuityTime {
+ type yang:date-and-time;
+ config false;
+ description "Timestamp of the most recent occasion at which
+ one or more of the Selector counters suffered a
+ discontinuity.
+ Note that this parameter functionally corresponds to
+ ipfixSelectionProcessStatsDiscontinuityTime in the IPFIX
+ MIB module. In contrast to
+ ipfixSelectionProcessStatsDiscontinuityTime, the time is
+ absolute and not relative to sysUpTime.";
+ reference "RFC 6615, Section 8
+ (ipfixSelectionProcessStatsDiscontinuityTime).";
+ }
+ }
+ grouping cacheLayoutParameters {
+ description "Cache Layout parameters used by immediateCache,
+ timeoutCache, naturalCache, and permanentCache.";
+ container cacheLayout {
+ description "Cache Layout parameters.";
+ list cacheField {
+ key name;
+ min-elements 1;
+ description "Superset of fields that are included in the
+ Packet Reports or Flow Records generated by the Cache.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ choice nameOrId {
+ mandatory true;
+ description "Name or identifier of the Information
+ Element.";
+ reference "RFC 5102, Section 2; IANA registry for IPFIX
+ Entities, http://www.iana.org/assignments/ipfix.";
+ leaf ieName {
+ type ieNameType;
+ description "Name of the Information Element.";
+ }
+ leaf ieId {
+ type ieIdType;
+ description "Identifier of the Information Element.";
+ }
+ }
+ leaf ieLength {
+ type uint16;
+ units octets;
+ description "Length of the field in which the Information
+ Element is encoded. A value of 65535 specifies a
+ variable-length Information Element. For Information
+ Elements of integer and float type, the field length MAY
+ be set to a smaller value than the standard length of
+ the abstract data type if the rules of reduced size
+ encoding are fulfilled.
+ If not configured by the user, this parameter is set by
+ the Monitoring Device.";
+ reference "RFC 5101, Section 6.2.";
+ }
+ leaf ieEnterpriseNumber {
+ type uint32;
+ default 0;
+ description "If this parameter is zero, the Information
+ Element is registered in the IANA registry of IPFIX
+ Information Elements.
+ If this parameter is configured with a non-zero private
+ enterprise number, the Information Element is
+ enterprise-specific.
+ If the enterprise number is set to 29305, this field
+ contains a Reverse Information Element. In this case,
+ the Cache MUST generate Data Records in accordance to
+ RFC 5103.";
+ reference "RFC 5101; RFC 5103;
+ IANA registry for Private Enterprise Numbers,
+ http://www.iana.org/assignments/enterprise-numbers;
+ IANA registry for IPFIX Entities,
+ http://www.iana.org/assignments/ipfix.";
+ }
+ leaf isFlowKey {
+ when "(name(../../..) != 'immediateCache')
+ and
+ ((count(../ieEnterpriseNumber) = 0)
+ or
+ (../ieEnterpriseNumber != 29305))" {
+ description "This parameter is not available for
+ Reverse Information Elements (which have enterprise
+ number 29305). It is also not available for
+ immediateCache.";
+ }
+ type empty;
+ description "If present, this is a flow key.";
+ }
+ }
+ }
+ }
+
+ grouping flowCacheParameters {
+ description "Configuration and state parameters of a Cache
+ generating Flow Records.";
+ leaf maxFlows {
+ type uint32;
+ units flows;
+ description "This parameter configures the maximum number of
+ Flows in the Cache, which is the maximum number of Flows
+ that can be measured simultaneously.
+ The Monitoring Device MUST ensure that sufficient resources
+ are available to store the configured maximum number of
+ Flows.
+ If the maximum number of Flows is measured, an additional
+ Flow can be measured only if an existing entry is removed.
+ However, traffic that pertains to existing Flows can
+ continue to be measured.";
+ }
+ leaf activeTimeout {
+ when "(name(..) = 'timeoutCache') or
+ (name(..) = 'naturalCache')" {
+ description "This parameter is only available for
+ timeoutCache and naturalCache.";
+ }
+ type uint32;
+ units seconds;
+ description "This parameter configures the time in
+ seconds after which a Flow is expired even though packets
+ matching this Flow are still received by the Cache.
+ The parameter value zero indicates infinity, meaning that
+ there is no active timeout.
+ If not configured by the user, the Monitoring Device sets
+ this parameter.
+ Note that this parameter corresponds to
+ ipfixMeteringProcessCacheActiveTimeout in the IPFIX
+ MIB module.";
+ reference "RFC 6615, Section 8
+ (ipfixMeteringProcessCacheActiveTimeout).";
+ }
+ leaf idleTimeout {
+ when "(name(..) = 'timeoutCache') or
+ (name(..) = 'naturalCache')" {
+ description "This parameter is only available for
+ timeoutCache and naturalCache.";
+ }
+ type uint32;
+ units seconds;
+ description "This parameter configures the time in
+ seconds after which a Flow is expired if no more packets
+ matching this Flow are received by the Cache.
+ The parameter value zero indicates infinity, meaning that
+ there is no idle timeout.
+ If not configured by the user, the Monitoring Device sets
+ this parameter.
+ Note that this parameter corresponds to
+ ipfixMeteringProcessCacheIdleTimeout in the IPFIX
+ MIB module.";
+ reference "RFC 6615, Section 8
+ (ipfixMeteringProcessCacheIdleTimeout).";
+ }
+ leaf exportInterval {
+ when "name(..) = 'permanentCache'" {
+ description "This parameter is only available for
+ permanentCache.";
+ }
+ type uint32;
+ units seconds;
+ description "This parameter configures the interval (in
+ seconds) for periodical export of Flow Records.
+ If not configured by the user, the Monitoring Device sets
+ this parameter.";
+ }
+ leaf activeFlows {
+ type yang:gauge32;
+ units flows;
+ config false;
+ description "The number of Flows currently active in this
+ Cache.
+ Note that this parameter corresponds to
+ ipfixMeteringProcessCacheActiveFlows in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixMeteringProcessCacheActiveFlows).";
+ }
+ leaf unusedCacheEntries {
+ type yang:gauge32;
+ units flows;
+ config false;
+ description "The number of unused Cache entries in this
+ Cache.
+ Note that this parameter corresponds to
+ ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX
+ MIB module.";
+ reference "RFC 6615, Section 8
+ (ipfixMeteringProcessCacheUnusedCacheEntries).";
+ }
+ }
+
+ grouping exportingProcessParameters {
+ description "Parameters of an Exporting Process.";
+ leaf exportingProcessId {
+ type uint32;
+ config false;
+ description "The identifier of the Exporting Process.
+ This parameter corresponds to the Information Element
+ exportingProcessId. Its occurrence helps to associate
+ Exporting Process parameters with Exporing Process
+ statistics exported by the Monitoring Device using the
+ Exporting Process Reliability Statistics Template as
+ defined by the IPFIX protocol specification.";
+ reference "RFC 5101, Section 4.3; IANA registry for IPFIX
+ Entities, http://www.iana.org/assignments/ipfix.";
+ }
+ leaf exportMode {
+ type identityref {
+ base "exportMode";
+ }
+ default parallel;
+ description "This parameter determines to which configured
+ destination(s) the incoming Data Records are exported.";
+ }
+ list destination {
+ key name;
+ min-elements 1;
+ description "List of export destinations.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ choice DestinationParameters {
+ mandatory true;
+ description "Configuration parameters depend on whether
+ SCTP, UDP, or TCP is used as transport protocol, and
+ whether the destination is a file.";
+ container sctpExporter {
+ description "SCTP parameters.";
+ uses sctpExporterParameters;
+ }
+ container udpExporter {
+ if-feature udpTransport;
+ description "UDP parameters.";
+ uses udpExporterParameters;
+ }
+ container tcpExporter {
+ if-feature tcpTransport;
+ description "TCP parameters.";
+ uses tcpExporterParameters;
+ }
+ container fileWriter {
+ if-feature fileWriter;
+ description "File Writer parameters.";
+ uses fileWriterParameters;
+ }
+ }
+ }
+ list options {
+ key name;
+ description "List of options reported by the Exporting
+ Process.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ uses optionsParameters;
+ }
+ }
+
+ grouping commonExporterParameters {
+ description "Parameters of en export destination that are
+ common to all transport protocols.";
+ leaf ipfixVersion {
+ type uint16;
+ default 10;
+ description "IPFIX version number.";
+ reference "RFC 5101.";
+ }
+ leaf destinationPort {
+ type inet:port-number;
+ description "If not configured by the user, the Monitoring
+ Device uses the default port number for IPFIX, which is
+ 4739 without TLS or DTLS and 4740 if TLS or DTLS is
+ activated.";
+ }
+ choice indexOrName {
+ description "Index or name of the interface as stored in the
+ ifTable of IF-MIB.
+ If configured, the Exporting Process MUST use the given
+ interface to export IPFIX Messages to the export
+ destination.
+ If omitted, the Exporting Process selects the outgoing
+ interface based on local routing decision and accepts
+ return traffic, such as transport-layer acknowledgments,
+ on all available interfaces.";
+ reference "RFC 2863.";
+ leaf ifIndex {
+ type uint32;
+ description "Index of an interface as stored in the ifTable
+ of IF-MIB.";
+ reference "RFC 2863.";
+ }
+ leaf ifName {
+ type string;
+ description "Name of an interface as stored in the ifTable
+ of IF-MIB.";
+ reference "RFC 2863.";
+ }
+ }
+ leaf sendBufferSize {
+ type uint32;
+ units bytes;
+ description "Size of the socket send buffer.
+ If not configured by the user, this parameter is set by
+ the Monitoring Device.";
+ }
+ leaf rateLimit {
+ type uint32;
+ units "bytes per second";
+ description "Maximum number of bytes per second the Exporting
+ Process may export to the given destination. The number of
+ bytes is calculated from the lengths of the IPFIX Messages
+ exported. If not configured, no rate limiting is performed.";
+ reference "RFC 5476, Section 6.3.";
+ }
+ container transportLayerSecurity {
+ presence "If transportLayerSecurity is present, DTLS is
+ enabled if the transport protocol is SCTP or UDP, and TLS
+ is enabled if the transport protocol is TCP.";
+ description "TLS or DTLS configuration.";
+ uses transportLayerSecurityParameters;
+ }
+ container transportSession {
+ config false;
+ description "State parameters of the Transport Session
+ directed to the given destination.";
+ uses transportSessionParameters;
+ }
+ }
+
+ grouping sctpExporterParameters {
+ description "SCTP-specific export destination parameters.";
+ uses commonExporterParameters;
+ leaf-list sourceIPAddress {
+ type inet:ip-address;
+ description "List of source IP addresses used by the
+ Exporting Process.
+ If configured, the specified addresses are eligible local
+ IP addresses of the multihomed SCTP endpoint.
+ If not configured, all locally assigned IP addresses are
+ eligible local IP addresses.";
+ reference "RFC 4960, Section 6.4.";
+ }
+ leaf-list destinationIPAddress {
+ type inet:ip-address;
+ min-elements 1;
+ description "One or more IP addresses of the Collecting
+ Process to which IPFIX Messages are sent.
+ The user MUST ensure that all configured IP addresses
+ belong to the same Collecting Process.
+ The Exporting Process tries to establish an SCTP
+ association to any of the configured destination IP
+ addresses.";
+ reference "RFC 4960, Section 6.4.";
+ }
+ leaf timedReliability {
+ type uint32;
+ units milliseconds;
+ default 0;
+ description "Lifetime in milliseconds until an IPFIX
+ Message containing Data Sets only is 'abandoned' due to
+ the timed reliability mechanism of PR-SCTP.
+ If this parameter is set to zero, reliable SCTP
+ transport is used for all Data Records.
+ Regardless of the value of this parameter, the Exporting
+ Process MAY use reliable SCTP transport for Data Sets
+ associated with Options Templates.";
+ reference "RFC 3758; RFC 4960.";
+ }
+ }
+
+ grouping udpExporterParameters {
+ description "Parameters of a UDP export destination.";
+ uses commonExporterParameters;
+ leaf sourceIPAddress {
+ type inet:ip-address;
+ description "Source IP address used by the Exporting Process.
+ If not configured, the IP address assigned to the outgoing
+ interface is used as source IP address.";
+ }
+ leaf destinationIPAddress {
+ type inet:ip-address;
+ mandatory true;
+ description "IP address of the Collection Process to which
+ IPFIX Messages are sent.";
+ }
+ leaf maxPacketSize {
+ type uint16;
+ units octets;
+ description "This parameter specifies the maximum size of
+ IP packets sent to the Collector. If set to zero, the
+ Exporting Device MUST derive the maximum packet size
+ from path MTU discovery mechanisms.
+ If not configured by the user, this parameter is set by
+ the Monitoring Device.";
+ }
+ leaf templateRefreshTimeout {
+ type uint32;
+ units seconds;
+ default 600;
+ description "Sets time after which Templates are resent in the
+ UDP Transport Session.
+ Note that the configured lifetime MUST be adapted to the
+ templateLifeTime parameter value at the receiving Collecting
+ Process.
+ Note that this parameter corresponds to
+ ipfixTransportSessionTemplateRefreshTimeout in the IPFIX
+ MIB module.";
+ reference "RFC 5101, Section 10.3.6; RFC 6615, Section 8
+ (ipfixTransportSessionTemplateRefreshTimeout).";
+ }
+ leaf optionsTemplateRefreshTimeout {
+ type uint32;
+ units seconds;
+ default 600;
+ description "Sets time after which Options Templates are
+ resent in the UDP Transport Session.
+ Note that the configured lifetime MUST be adapted to the
+ optionsTemplateLifeTime parameter value at the receiving
+ Collecting Process.
+ Note that this parameter corresponds to
+ ipfixTransportSessionOptionsTemplateRefreshTimeout in the
+ IPFIX MIB module.";
+ reference "RFC 5101, Section 10.3.6; RFC 6615, Section 8
+ (ipfixTransportSessionOptionsTemplateRefreshTimeout).";
+ }
+ leaf templateRefreshPacket {
+ type uint32;
+ units "IPFIX Messages";
+ description "Sets number of IPFIX Messages after which
+ Templates are resent in the UDP Transport Session.
+ Note that this parameter corresponds to
+ ipfixTransportSessionTemplateRefreshPacket in the IPFIX
+ MIB module.
+ If omitted, Templates are only resent after timeout.";
+ reference "RFC 5101, Section 10.3.6; RFC 6615, Section 8
+ (ipfixTransportSessionTemplateRefreshPacket).";
+ }
+ leaf optionsTemplateRefreshPacket {
+ type uint32;
+ units "IPFIX Messages";
+ description "Sets number of IPFIX Messages after which
+ Options Templates are resent in the UDP Transport Session
+ protocol.
+ Note that this parameter corresponds to
+ ipfixTransportSessionOptionsTemplateRefreshPacket in the
+ IPFIX MIB module.
+ If omitted, Templates are only resent after timeout.";
+ reference "RFC 5101, Section 10.3.6; RFC 6615, Section 8
+ (ipfixTransportSessionOptionsTemplateRefreshPacket).";
+ }
+ }
+
+ grouping tcpExporterParameters {
+ description "Parameters of a TCP export destination.";
+ uses commonExporterParameters;
+ leaf sourceIPAddress {
+ type inet:ip-address;
+ description "Source IP address used by the Exporting Process.
+ If not configured by the user, this parameter is set by
+ the Monitoring Device to an IP address assigned to the
+ outgoing interface.";
+ }
+ leaf destinationIPAddress {
+ type inet:ip-address;
+ mandatory true;
+ description "IP address of the Collection Process to which
+ IPFIX Messages are sent.";
+ }
+ }
+
+ grouping fileWriterParameters {
+ description "File Writer parameters.";
+ leaf ipfixVersion {
+ type uint16;
+ default 10;
+ description "IPFIX version number.";
+ reference "RFC 5101.";
+ }
+ leaf file {
+ type inet:uri;
+ mandatory true;
+ description "URI specifying the location of the file.";
+ }
+ leaf bytes {
+ type yang:counter64;
+ units octets;
+ config false;
+ description "The number of bytes written by the File Writer.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileWriterDiscontinuityTime.";
+ }
+ leaf messages {
+ type yang:counter64;
+ units "IPFIX Messages";
+ config false;
+ description "The number of IPFIX Messages written by the File
+ Writer.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileWriterDiscontinuityTime.";
+ }
+ leaf discardedMessages {
+ type yang:counter64;
+ units "IPFIX Messages";
+ config false;
+ description "The number of IPFIX Messages that could not be
+ written by the File Writer due to internal buffer
+ overflows, limited storage capacity, etc.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileWriterDiscontinuityTime.";
+ }
+ leaf records {
+ type yang:counter64;
+ units "Data Records";
+ config false;
+ description "The number of Data Records written by the File
+ Writer.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileWriterDiscontinuityTime.";
+ }
+ leaf templates {
+ type yang:counter32;
+ units "Templates";
+ config false;
+ description "The number of Template Records (excluding
+ Options Template Records) written by the File Writer.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileWriterDiscontinuityTime.";
+ }
+ leaf optionsTemplates {
+ type yang:counter32;
+ units "Options Templates";
+ config false;
+ description "The number of Options Template Records written
+ by the File Writer.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileWriterDiscontinuityTime.";
+ }
+ leaf fileWriterDiscontinuityTime {
+ type yang:date-and-time;
+ config false;
+ description "Timestamp of the most recent occasion at which
+ one or more File Writer counters suffered a discontinuity.
+ In contrast to discontinuity times in the IPFIX MIB module,
+ the time is absolute and not relative to sysUpTime.";
+ }
+ list template {
+ config false;
+ description "This list contains the Templates and Options
+ Templates that have been written by the File Reader.
+ Withdrawn or invalidated (Options) Templates MUST be removed
+ from this list.";
+ uses templateParameters;
+ }
+ }
+
+ grouping optionsParameters {
+ description "Parameters specifying the data export using an
+ Options Template.";
+ leaf optionsType {
+ type identityref {
+ base "optionsType";
+ }
+ mandatory true;
+ description "Type of the exported options data.";
+ }
+ leaf optionsTimeout {
+ type uint32;
+ units milliseconds;
+ description "Time interval for periodic export of the options
+ data. If set to zero, the export is triggered when the
+ options data has changed.
+ If not configured by the user, this parameter is set by the
+ Monitoring Device.";
+ }
+ }
+
+ grouping collectingProcessParameters {
+ description "Parameters of a Collecting Process.";
+ list sctpCollector {
+ key name;
+ description "List of SCTP receivers (sockets) on which the
+ Collecting Process receives IPFIX Messages.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ uses sctpCollectorParameters;
+ }
+ list udpCollector {
+ if-feature udpTransport;
+ key name;
+ description "List of UDP receivers (sockets) on which the
+ Collecting Process receives IPFIX Messages.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ uses udpCollectorParameters;
+ }
+ list tcpCollector {
+ if-feature tcpTransport;
+ key name;
+ description "List of TCP receivers (sockets) on which the
+ Collecting Process receives IPFIX Messages.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ uses tcpCollectorParameters;
+ }
+ list fileReader {
+ if-feature fileReader;
+ key name;
+ description "List of File Readers from which the Collecting
+ Process reads IPFIX Messages.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ uses fileReaderParameters;
+ }
+ }
+
+ grouping commonCollectorParameters {
+ description "Parameters of a Collecting Process that are
+ common to all transport protocols.";
+ leaf localPort {
+ type inet:port-number;
+ description "If not configured, the Monitoring Device uses the
+ default port number for IPFIX, which is 4739 without
+ TLS or DTLS and 4740 if TLS or DTLS is activated.";
+ }
+ container transportLayerSecurity {
+ presence "If transportLayerSecurity is present, DTLS is enabled
+ if the transport protocol is SCTP or UDP, and TLS is enabled
+ if the transport protocol is TCP.";
+ description "TLS or DTLS configuration.";
+ uses transportLayerSecurityParameters;
+ }
+ list transportSession {
+ config false;
+ description "This list contains the currently established
+ Transport Sessions terminating at the given socket.";
+ uses transportSessionParameters;
+ }
+ }
+
+ grouping sctpCollectorParameters {
+ description "Parameters of a listening SCTP socket at a
+ Collecting Process.";
+ uses commonCollectorParameters;
+ leaf-list localIPAddress {
+ type inet:ip-address;
+ description "List of local IP addresses on which the
+ Collecting Process listens for IPFIX Messages. The IP
+ addresses are used as eligible local IP addresses of the
+ multihomed SCTP endpoint.";
+ reference "RFC 4960, Section 6.4.";
+ }
+ }
+
+ grouping udpCollectorParameters {
+ description "Parameters of a listening UDP socket at a
+ Collecting Process.";
+ uses commonCollectorParameters;
+ leaf-list localIPAddress {
+ type inet:ip-address;
+ description "List of local IP addresses on which the Collecting
+ Process listens for IPFIX Messages.";
+ }
+ leaf templateLifeTime {
+ type uint32;
+ units seconds;
+ default 1800;
+ description "Sets the lifetime of Templates for all UDP
+ Transport Sessions terminating at this UDP socket.
+ Templates that are not received again within the configured
+ lifetime become invalid at the Collecting Process.
+ As specified in RFC 5101, the Template lifetime MUST be at
+ least three times higher than the templateRefreshTimeout
+ parameter value configured on the corresponding Exporting
+ Processes.
+ Note that this parameter corresponds to
+ ipfixTransportSessionTemplateRefreshTimeout in the IPFIX
+ MIB module.";
+ reference "RFC 5101, Section 10.3.7; RFC 6615, Section 8
+ (ipfixTransportSessionTemplateRefreshTimeout).";
+ }
+ leaf optionsTemplateLifeTime {
+ type uint32;
+ units seconds;
+ default 1800;
+ description "Sets the lifetime of Options Templates for all
+ UDP Transport Sessions terminating at this UDP socket.
+ Options Templates that are not received again within the
+ configured lifetime become invalid at the Collecting
+ Process.
+ As specified in RFC 5101, the Options Template lifetime MUST
+ be at least three times higher than the
+ optionsTemplateRefreshTimeout parameter value configured on
+ the corresponding Exporting Processes.
+ Note that this parameter corresponds to
+ ipfixTransportSessionOptionsTemplateRefreshTimeout in the
+ IPFIX MIB module.";
+ reference "RFC 5101, Section 10.3.7; RFC 6615, Section 8
+ (ipfixTransportSessionOptionsTemplateRefreshTimeout).";
+ }
+ leaf templateLifePacket {
+ type uint32;
+ units "IPFIX Messages";
+ description "If this parameter is configured, Templates
+ defined in a UDP Transport Session become invalid if they
+ are neither included in a sequence of more than this number
+ of IPFIX Messages nor received again within the period of
+ time specified by templateLifeTime.
+ Note that this parameter corresponds to
+ ipfixTransportSessionTemplateRefreshPacket in the IPFIX
+ MIB module.";
+ reference "RFC 5101, Section 10.3.7; RFC 6615, Section 8
+ (ipfixTransportSessionTemplateRefreshPacket).";
+ }
+ leaf optionsTemplateLifePacket {
+ type uint32;
+ units "IPFIX Messages";
+ description "If this parameter is configured, Options
+ Templates defined in a UDP Transport Session become
+ invalid if they are neither included in a sequence of more
+ than this number of IPFIX Messages nor received again
+ within the period of time specified by
+ optionsTemplateLifeTime.
+ Note that this parameter corresponds to
+ ipfixTransportSessionOptionsTemplateRefreshPacket in the
+ IPFIX MIB module.";
+ reference "RFC 5101, Section 10.3.7; RFC 6615, Section 8
+ (ipfixTransportSessionOptionsTemplateRefreshPacket).";
+ }
+ }
+
+ grouping tcpCollectorParameters {
+ description "Parameters of a listening TCP socket at a
+ Collecting Process.";
+ uses commonCollectorParameters;
+ leaf-list localIPAddress {
+ type inet:ip-address;
+ description "List of local IP addresses on which the Collecting
+ Process listens for IPFIX Messages.";
+ }
+ }
+
+ grouping fileReaderParameters {
+ description "File Reader parameters.";
+ leaf file {
+ type inet:uri;
+ mandatory true;
+ description "URI specifying the location of the file.";
+ }
+ leaf bytes {
+ type yang:counter64;
+ units octets;
+ config false;
+ description "The number of bytes read by the File Reader.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileReaderDiscontinuityTime.";
+ }
+ leaf messages {
+ type yang:counter64;
+ units "IPFIX Messages";
+ config false;
+ description "The number of IPFIX Messages read by the File
+ Reader.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileReaderDiscontinuityTime.";
+ }
+ leaf records {
+ type yang:counter64;
+ units "Data Records";
+ config false;
+ description "The number of Data Records read by the File
+ Reader.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileReaderDiscontinuityTime.";
+ }
+ leaf templates {
+ type yang:counter32;
+ units "Templates";
+ config false;
+ description "The number of Template Records (excluding
+ Options Template Records) read by the File Reader.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileReaderDiscontinuityTime.";
+ }
+ leaf optionsTemplates {
+ type yang:counter32;
+ units "Options Templates";
+ config false;
+ description "The number of Options Template Records read by
+ the File Reader.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ fileReaderDiscontinuityTime.";
+ }
+ leaf fileReaderDiscontinuityTime {
+ type yang:date-and-time;
+ config false;
+ description "Timestamp of the most recent occasion at which
+ one or more File Reader counters suffered a discontinuity.
+ In contrast to discontinuity times in the IPFIX MIB module,
+ the time is absolute and not relative to sysUpTime.";
+ }
+ list template {
+ config false;
+ description "This list contains the Templates and Options
+ Templates that have been read by the File Reader.
+ Withdrawn or invalidated (Options) Template MUST be removed
+ from this list.";
+ uses templateParameters;
+ }
+ }
+
+ grouping transportLayerSecurityParameters {
+ description "TLS or DTLS parameters.";
+ leaf-list localCertificationAuthorityDN {
+ type string;
+ description "Distinguished names of certification authorities
+ whose certificates may be used to identify the local
+ endpoint.";
+ reference "RFC 5280.";
+ }
+ leaf-list localSubjectDN {
+ type string;
+ description "Distinguished names that may be used in the
+ certificates to identify the local endpoint.";
+ reference "RFC 5280.";
+ }
+ leaf-list localSubjectFQDN {
+ type inet:domain-name;
+ description "Fully qualified domain names that may be used to
+ in the certificates to identify the local endpoint.";
+ reference "RFC 5280.";
+ }
+ leaf-list remoteCertificationAuthorityDN {
+ type string;
+ description "Distinguished names of certification authorities
+ whose certificates are accepted to authorize remote
+ endpoints.";
+ reference "RFC 5280.";
+ }
+ leaf-list remoteSubjectDN {
+ type string;
+ description "Distinguished names which are accepted in
+ certificates to authorize remote endpoints.";
+ reference "RFC 5280.";
+ }
+ leaf-list remoteSubjectFQDN {
+ type inet:domain-name;
+ description "Fully qualified domain names that are accepted in
+ certificates to authorize remote endpoints.";
+ reference "RFC 5280.";
+ }
+ }
+
+ grouping templateParameters {
+ description "State parameters of a Template used by an Exporting
+ Process or received by a Collecting Process in a specific
+ Transport Session. Parameter names and semantics correspond to
+ the managed objects in IPFIX-MIB";
+ reference "RFC 5101; RFC 6615, Section 8 (ipfixTemplateEntry,
+ ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)";
+ leaf observationDomainId {
+ type uint32;
+ description "The ID of the Observation Domain for which this
+ Template is defined.
+ Note that this parameter corresponds to
+ ipfixTemplateObservationDomainId in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8
+ (ipfixTemplateObservationDomainId).";
+ }
+ leaf templateId {
+ type uint16 {
+ range "256..65535" {
+ description "Valid range of Template IDs.";
+ reference "RFC 5101";
+ }
+ }
+ description "This number indicates the Template ID in the IPFIX
+ message.
+ Note that this parameter corresponds to ipfixTemplateId in
+ the IPFIX MIB module.";
+ reference "RFC 6615, Section 8 (ipfixTemplateId).";
+ }
+ leaf setId {
+ type uint16;
+ description "This number indicates the Set ID of the Template.
+ Currently, there are two values defined. The value 2 is used
+ for Sets containing Template definitions. The value 3 is
+ used for Sets containing Options Template definitions.
+ Note that this parameter corresponds to ipfixTemplateSetId
+ in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8 (ipfixTemplateSetId).";
+ }
+ leaf accessTime {
+ type yang:date-and-time;
+ description "Used for Exporting Processes, this parameter
+ contains the time when this (Options) Template was last
+ sent to the Collector(s) or written to the file.
+ Used for Collecting Processes, this parameter contains the
+ time when this (Options) Template was last received from the
+ Exporter or read from the file.
+ Note that this parameter corresponds to
+ ipfixTemplateAccessTime in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8 (ipfixTemplateAccessTime).";
+ }
+ leaf templateDataRecords {
+ type yang:counter64;
+ description "The number of transmitted or received Data
+ Records defined by this (Options) Template.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ templateDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixTemplateDataRecords in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8 (ipfixTemplateDataRecords).";
+ }
+ leaf templateDiscontinuityTime {
+ type yang:date-and-time;
+ description "Timestamp of the most recent occasion at which
+ the counter templateDataRecords suffered a discontinuity.
+ Note that this parameter functionally corresponds to
+ ipfixTemplateDiscontinuityTime in the IPFIX MIB module.
+ In contrast to ipfixTemplateDiscontinuityTime, the time
+ is absolute and not relative to sysUpTime.";
+ reference "RFC 6615, Section 8
+ (ipfixTemplateDiscontinuityTime).";
+ }
+ list field {
+ description "This list contains the (Options) Template
+ fields of which the (Options) Template is defined.
+ The order of the list corresponds to the order of the fields
+ in the (Option) Template Record.";
+ leaf ieId {
+ type ieIdType;
+ description "This parameter indicates the Information
+ Element identifier of the field.
+ Note that this parameter corresponds to
+ ipfixTemplateDefinitionIeId in the IPFIX MIB module.";
+ reference "RFC 5101; RFC 6615, Section 8
+ (ipfixTemplateDefinitionIeId).";
+ }
+ leaf ieLength {
+ type uint16;
+ units octets;
+ description "This parameter indicates the length of the
+ Information Element of the field.
+ Note that this parameter corresponds to
+ ipfixTemplateDefinitionIeLength in the IPFIX MIB
+ module.";
+ reference "RFC 5101; RFC 6615, Section 8
+ (ipfixTemplateDefinitionIeLength).";
+ }
+ leaf ieEnterpriseNumber {
+ type uint32;
+ description "This parameter indicates the IANA enterprise
+ number of the authority defining the Information Element
+ identifier.
+ If the Information Element is not enterprise-specific,
+ this state parameter is zero.
+ Note that this parameter corresponds to
+ ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX
+ MIB module.";
+ reference "RFC 6615, Section 8
+ (ipfixTemplateDefinitionIeEnterpriseNumber);
+ IANA registry for Private Enterprise Numbers,
+ http://www.iana.org/assignments/enterprise-numbers.";
+ }
+ leaf isFlowKey {
+ when "../../setId = 2" {
+ description "This parameter is available for non-Options
+ Templates (Set ID is 2).";
+ }
+ type empty;
+ description "If present, this is a Flow Key field.
+ Note that this corresponds to flowKey(1) being set in
+ ipfixTemplateDefinitionFlags.";
+ reference "RFC 6615, Section 8
+ (ipfixTemplateDefinitionFlags).";
+ }
+ leaf isScope {
+ when "../../setId = 3" {
+ description "This parameter is available for Options
+ Templates (Set ID is 3).";
+ }
+ type empty;
+ description "If present, this is a scope field.
+ Note that this corresponds to scope(0) being set in
+ ipfixTemplateDefinitionFlags.";
+ reference "RFC 6615, Section 8
+ (ipfixTemplateDefinitionFlags).";
+ }
+ }
+ }
+
+ grouping transportSessionParameters {
+ description "State parameters of a Transport Session originating
+ from an Exporting Process or terminating at a Collecting
+ Process. Parameter names and semantics correspond to the
+ managed objects in IPFIX-MIB.";
+ reference "RFC 5101; RFC 6615, Section 8
+ (ipfixTransportSessionEntry,
+ ipfixTransportSessionStatsEntry).";
+ leaf ipfixVersion {
+ type uint16;
+ description "Used for Exporting Processes, this parameter
+ contains the version number of the IPFIX protocol that the
+ Exporter uses to export its data in this Transport Session.
+ Hence, it is identical to the value of the configuration
+ parameter ipfixVersion of the outer SctpExporter,
+ UdpExporter, or TcpExporter node.
+ Used for Collecting Processes, this parameter contains the
+ version number of the IPFIX protocol it receives for
+ this Transport Session. If IPFIX Messages of different
+ IPFIX protocol versions are received, this parameter
+ contains the maximum version number.
+ Note that this parameter corresponds to
+ ipfixTransportSessionIpfixVersion in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionIpfixVersion).";
+ }
+ leaf sourceAddress {
+ type inet:ip-address;
+ description "The source address of the Exporter of the
+ IPFIX Transport Session.
+ If the transport protocol is SCTP, this is one of the
+ potentially many IP addresses of the Exporter.
+ Preferably, the source IP address of the path that is
+ usually selected by the Exporter to send IPFIX Messages to
+ the Collector SHOULD be used.
+ Note that this parameter functionally corresponds to
+ ipfixTransportSessionSourceAddressType and
+ ipfixTransportSessionSourceAddress in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionSourceAddressType,
+ ipfixTransportSessionSourceAddress);
+ RFC 4960, Section 6.4.";
+ }
+ leaf destinationAddress {
+ type inet:ip-address;
+ description "The destination address of the Collector of
+ the IPFIX Transport Session.
+ If the transport protocol is SCTP, this is one of the
+ potentially many IP addresses of the Collector.
+ Preferably, the destination IP address of the path that is
+ usually selected by the Exporter to send IPFIX Messages to
+ the Collector SHOULD be used.
+ Note that this parameter functionally corresponds to
+ ipfixTransportSessionDestinationAddressType and
+ ipfixTransportSessionDestinationAddress in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionDestinationAddressType,
+ ipfixTransportSessionDestinationAddress);
+ RFC 4960, Section 6.4.";
+ }
+ leaf sourcePort {
+ type inet:port-number;
+ description "The transport-protocol port number of the
+ Exporter of the IPFIX Transport Session.
+ Note that this parameter corresponds to
+ ipfixTransportSessionSourcePort in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionSourcePort).";
+ }
+ leaf destinationPort {
+ type inet:port-number;
+ description "The transport-protocol port number of the
+ Collector of the IPFIX Transport Session.
+ Note that this parameter corresponds to
+ ipfixTransportSessionDestinationPort in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionDestinationPort).";
+ }
+ leaf sctpAssocId {
+ type uint32;
+ description "The association ID used for the SCTP session
+ between the Exporter and the Collector of the IPFIX
+ Transport Session. It is equal to the sctpAssocId entry
+ in the sctpAssocTable defined in the SCTP-MIB.
+ This parameter is only available if the transport protocol
+ is SCTP and if an SNMP agent on the same Monitoring Device
+ enables access to the corresponding MIB objects in the
+ sctpAssocTable.
+ Note that this parameter corresponds to
+ ipfixTransportSessionSctpAssocId in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionSctpAssocId);
+ RFC 3871";
+ }
+ leaf status {
+ type transportSessionStatus;
+ description "Status of the Transport Session.
+ Note that this parameter corresponds to
+ ipfixTransportSessionStatus in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8 (ipfixTransportSessionStatus).";
+ }
+ leaf rate {
+ type yang:gauge32;
+ units "bytes per second";
+ description "The number of bytes per second transmitted by the
+ Exporting Process or received by the Collecting Process.
+ This parameter is updated every second.
+ Note that this parameter corresponds to
+ ipfixTransportSessionRate in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8 (ipfixTransportSessionRate).";
+ }
+ leaf bytes {
+ type yang:counter64;
+ units bytes;
+ description "The number of bytes transmitted by the
+ Exporting Process or received by the Collecting Process.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ transportSessionDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixTransportSessionBytes in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8 (ipfixTransportSessionBytes).";
+ }
+ leaf messages {
+ type yang:counter64;
+ units "IPFIX Messages";
+ description "The number of messages transmitted by the
+ Exporting Process or received by the Collecting Process.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ transportSessionDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixTransportSessionMessages in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionMessages).";
+ }
+ leaf discardedMessages {
+ type yang:counter64;
+ units "IPFIX Messages";
+ description "Used for Exporting Processes, this parameter
+ indicates the number of messages that could not be sent due
+ to internal buffer overflows, network congestion, routing
+ issues, etc. Used for Collecting Process, this parameter
+ indicates the number of received IPFIX Message that are
+ malformed, cannot be decoded, are received in the wrong
+ order or are missing according to the sequence number.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ transportSessionDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixTransportSessionDiscardedMessages in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionDiscardedMessages).";
+ }
+ leaf records {
+ type yang:counter64;
+ units "Data Records";
+ description "The number of Data Records transmitted by the
+ Exporting Process or received by the Collecting Process.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ transportSessionDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixTransportSessionRecords in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionRecords).";
+ }
+ leaf templates {
+ type yang:counter32;
+ units "Templates";
+ description "The number of Templates transmitted by the
+ Exporting Process or received by the Collecting Process.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ transportSessionDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixTransportSessionTemplates in the IPFIX MIB module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionTemplates).";
+ }
+ leaf optionsTemplates {
+ type yang:counter32;
+ units "Options Templates";
+ description "The number of Option Templates transmitted by the
+ Exporting Process or received by the Collecting Process.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ transportSessionDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixTransportSessionOptionsTemplates in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionOptionsTemplates).";
+ }
+ leaf transportSessionStartTime {
+ type yang:date-and-time;
+ description "Timestamp of the start of the given Transport
+ Session.
+ This state parameter does not correspond to any object in
+ the IPFIX MIB module.";
+ }
+ leaf transportSessionDiscontinuityTime {
+ type yang:date-and-time;
+ description "Timestamp of the most recent occasion at which
+ one or more of the Transport Session counters suffered a
+ discontinuity.
+ Note that this parameter functionally corresponds to
+ ipfixTransportSessionDiscontinuityTime in the IPFIX MIB
+ module. In contrast to
+ ipfixTransportSessionDiscontinuityTime, the time is
+ absolute and not relative to sysUpTime.";
+ reference "RFC 6615, Section 8
+ (ipfixTransportSessionDiscontinuityTime).";
+ }
+ list template {
+ description "This list contains the Templates and Options
+ Templates that are transmitted by the Exporting Process
+ or received by the Collecting Process.
+ Withdrawn or invalidated (Options) Templates MUST be removed
+ from this list.";
+ uses templateParameters;
+ }
+ }
+
+ /*****************************************************************
+ * Main container
+ *****************************************************************/
+
+ container ipfix {
+ description "Top-level node of the IPFIX/PSAMP configuration
+ data model.";
+ list collectingProcess {
+ if-feature collector;
+ key name;
+ description "Collecting Process of the Monitoring Device.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ uses collectingProcessParameters;
+ leaf-list exportingProcess {
+ if-feature exporter;
+ type leafref { path "/ipfix/exportingProcess/name"; }
+ description "Export of received records without any
+ modifications. Records are processed by all Exporting
+ Processes in the list.";
+ }
+ }
+
+ list observationPoint {
+ if-feature meter;
+ key name;
+ description "Observation Point of the Monitoring Device.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ uses observationPointParameters;
+ leaf-list selectionProcess {
+ type leafref { path "/ipfix/selectionProcess/name"; }
+ description "Selection Processes in this list process
+ packets in parallel.";
+ }
+ }
+
+ list selectionProcess {
+ if-feature meter;
+ key name;
+ description "Selection Process of the Monitoring Device.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ list selector {
+ key name;
+ min-elements 1;
+ ordered-by user;
+ description "List of Selectors that define the action of the
+ Selection Process on a single packet. The Selectors are
+ serially invoked in the same order as they appear in this
+ list.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ uses selectorParameters;
+ }
+ list selectionSequence {
+ config false;
+ description "This list contains the Selection Sequence IDs
+ that are assigned by the Monitoring Device to distinguish
+ different Selection Sequences passing through the
+ Selection Process.
+ As Selection Sequence IDs are unique per Observation
+ Domain, the corresponding Observation Domain IDs are
+ included as well.
+ With this information, it is possible to associate
+ Selection Sequence (Statistics) Report Interpretations
+ exported according to the PSAMP protocol with a Selection
+ Process in the configuration data.";
+ reference "RFC 5476.";
+ leaf observationDomainId {
+ type uint32;
+ description "Observation Domain ID for which the
+ Selection Sequence ID is assigned.";
+ }
+ leaf selectionSequenceId {
+ type uint64;
+ description "Selection Sequence ID used in the Selection
+ Sequence (Statistics) Report Interpretation.";
+ }
+ }
+ leaf cache {
+ type leafref { path "/ipfix/cache/name"; }
+ description "Cache that receives the output of the
+ Selection Process.";
+ }
+ }
+
+ list cache {
+ if-feature meter;
+ key name;
+ description "Cache of the Monitoring Device.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ leaf meteringProcessId {
+ type uint32;
+ config false;
+ description "The identifier of the Metering Process this
+ Cache belongs to.
+ This parameter corresponds to the Information Element
+ meteringProcessId. Its occurrence helps to associate
+ Cache parameters with Metering Process statistics
+ exported by the Monitoring Device using the Metering
+ Process (Reliability) Statistics Template as
+ defined by the IPFIX protocol specification.";
+ reference "RFC 5101, Sections 4.1 and 4.2;
+ IANA registry for IPFIX Entities,
+ http://www.iana.org/assignments/ipfix.";
+ }
+ leaf dataRecords {
+ type yang:counter64;
+ units "Data Records";
+ config false;
+ description "The number of Data Records generated by this
+ Cache.
+ Discontinuities in the value of this counter can occur at
+ re-initialization of the management system, and at other
+ times as indicated by the value of
+ cacheDiscontinuityTime.
+ Note that this parameter corresponds to
+ ipfixMeteringProcessDataRecords in the IPFIX MIB
+ module.";
+ reference "RFC 6615, Section 8
+ (ipfixMeteringProcessDataRecords).";
+ }
+ leaf cacheDiscontinuityTime {
+ type yang:date-and-time;
+ config false;
+ description "Timestamp of the most recent occasion at which
+ the counter dataRecords suffered a discontinuity.
+ Note that this parameter functionally corresponds to
+ ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB
+ module. In contrast to
+ ipfixMeteringProcessDiscontinuityTime, the time is
+ absolute and not relative to sysUpTime.";
+ reference "RFC 6615, Section 8
+ (ipfixMeteringProcessDiscontinuityTime).";
+ }
+ choice CacheType {
+ mandatory true;
+ description "Type of Cache and specific parameters.";
+ container immediateCache {
+ if-feature immediateCache;
+ description "Flow expiration after the first packet;
+ generation of Packet Records.";
+ uses cacheLayoutParameters;
+ }
+ container timeoutCache {
+ if-feature timeoutCache;
+ description "Flow expiration after active and idle
+ timeout; generation of Flow Records.";
+ uses flowCacheParameters;
+ uses cacheLayoutParameters;
+ }
+ container naturalCache {
+ if-feature naturalCache;
+ description "Flow expiration after active and idle
+ timeout, or on natural termination (e.g., TCP FIN or
+ TCP RST) of the Flow; generation of Flow Records.";
+ uses flowCacheParameters;
+ uses cacheLayoutParameters;
+ }
+ container permanentCache {
+ if-feature permanentCache;
+ description "No flow expiration, periodical export with
+ time interval exportInterval; generation of Flow
+ Records.";
+ uses flowCacheParameters;
+ uses cacheLayoutParameters;
+ }
+ }
+ leaf-list exportingProcess {
+ if-feature exporter;
+ type leafref { path "/ipfix/exportingProcess/name"; }
+ description "Records are exported by all Exporting Processes
+ in the list.";
+ }
+ }
+
+ list exportingProcess {
+ if-feature exporter;
+ key name;
+ description "Exporting Process of the Monitoring Device.";
+ leaf name {
+ type nameType;
+ description "Key of this list.";
+ }
+ uses exportingProcessParameters;
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-netconf-acm@2012-02-22.yang b/models/common/src/main/yang/ietf-netconf-acm@2012-02-22.yang
new file mode 100644
index 0000000..93ac229
--- /dev/null
+++ b/models/common/src/main/yang/ietf-netconf-acm@2012-02-22.yang
@@ -0,0 +1,449 @@
+module ietf-netconf-acm {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm";
+
+ prefix "nacm";
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ organization
+ "IETF NETCONF (Network Configuration) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netconf/>
+ WG List: <mailto:netconf@ietf.org>
+
+ WG Chair: Mehmet Ersue
+ <mailto:mehmet.ersue@nsn.com>
+
+ WG Chair: Bert Wijnen
+ <mailto:bertietf@bwijnen.net>
+
+ Editor: Andy Bierman
+ <mailto:andy@yumaworks.com>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>";
+
+ description
+ "NETCONF Access Control Model.
+
+ Copyright (c) 2012 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's
+ Legal Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6536; see
+ the RFC itself for full legal notices.";
+
+ revision "2012-02-22" {
+ description
+ "Initial version";
+ reference
+ "RFC 6536: Network Configuration Protocol (NETCONF)
+ Access Control Model";
+ }
+
+ /*
+ * Extension statements
+ */
+
+ extension default-deny-write {
+ description
+ "Used to indicate that the data model node
+ represents a sensitive security system parameter.
+
+ If present, and the NACM module is enabled (i.e.,
+ /nacm/enable-nacm object equals 'true'), the NETCONF server
+ will only allow the designated 'recovery session' to have
+ write access to the node. An explicit access control rule is
+ required for all other users.
+
+ The 'default-deny-write' extension MAY appear within a data
+ definition statement. It is ignored otherwise.";
+ }
+
+ extension default-deny-all {
+ description
+ "Used to indicate that the data model node
+ controls a very sensitive security system parameter.
+
+ If present, and the NACM module is enabled (i.e.,
+ /nacm/enable-nacm object equals 'true'), the NETCONF server
+ will only allow the designated 'recovery session' to have
+ read, write, or execute access to the node. An explicit
+ access control rule is required for all other users.
+
+ The 'default-deny-all' extension MAY appear within a data
+ definition statement, 'rpc' statement, or 'notification'
+ statement. It is ignored otherwise.";
+ }
+
+ /*
+ * Derived types
+ */
+
+ typedef user-name-type {
+ type string {
+ length "1..max";
+ }
+ description
+ "General Purpose Username string.";
+ }
+
+ typedef matchall-string-type {
+ type string {
+ pattern "\*";
+ }
+ description
+ "The string containing a single asterisk '*' is used
+ to conceptually represent all possible values
+ for the particular leaf using this data type.";
+ }
+
+ typedef access-operations-type {
+ type bits {
+ bit create {
+ description
+ "Any protocol operation that creates a
+ new data node.";
+ }
+ bit read {
+ description
+ "Any protocol operation or notification that
+ returns the value of a data node.";
+ }
+ bit update {
+ description
+ "Any protocol operation that alters an existing
+ data node.";
+ }
+ bit delete {
+ description
+ "Any protocol operation that removes a data node.";
+ }
+ bit exec {
+ description
+ "Execution access to the specified protocol operation.";
+ }
+ }
+ description
+ "NETCONF Access Operation.";
+ }
+
+ typedef group-name-type {
+ type string {
+ length "1..max";
+ pattern "[^\*].*";
+ }
+ description
+ "Name of administrative group to which
+ users can be assigned.";
+ }
+
+ typedef action-type {
+ type enumeration {
+ enum permit {
+ description
+ "Requested action is permitted.";
+ }
+ enum deny {
+ description
+ "Requested action is denied.";
+ }
+ }
+ description
+ "Action taken by the server when a particular
+ rule matches.";
+ }
+
+ typedef node-instance-identifier {
+ type yang:xpath1.0;
+ description
+ "Path expression used to represent a special
+ data node instance identifier string.
+
+ A node-instance-identifier value is an
+ unrestricted YANG instance-identifier expression.
+ All the same rules as an instance-identifier apply
+ except predicates for keys are optional. If a key
+ predicate is missing, then the node-instance-identifier
+ represents all possible server instances for that key.
+
+ This XPath expression is evaluated in the following context:
+
+ o The set of namespace declarations are those in scope on
+ the leaf element where this type is used.
+
+ o The set of variable bindings contains one variable,
+ 'USER', which contains the name of the user of the current
+ session.
+
+ o The function library is the core function library, but
+ note that due to the syntax restrictions of an
+ instance-identifier, no functions are allowed.
+
+ o The context node is the root node in the data tree.";
+ }
+
+ /*
+ * Data definition statements
+ */
+
+ container nacm {
+ nacm:default-deny-all;
+
+ description
+ "Parameters for NETCONF Access Control Model.";
+
+ leaf enable-nacm {
+ type boolean;
+ default true;
+ description
+ "Enables or disables all NETCONF access control
+ enforcement. If 'true', then enforcement
+ is enabled. If 'false', then enforcement
+ is disabled.";
+ }
+
+ leaf read-default {
+ type action-type;
+ default "permit";
+ description
+ "Controls whether read access is granted if
+ no appropriate rule is found for a
+ particular read request.";
+ }
+
+ leaf write-default {
+ type action-type;
+ default "deny";
+ description
+ "Controls whether create, update, or delete access
+ is granted if no appropriate rule is found for a
+ particular write request.";
+ }
+
+ leaf exec-default {
+ type action-type;
+ default "permit";
+ description
+ "Controls whether exec access is granted if no appropriate
+ rule is found for a particular protocol operation request.";
+ }
+
+ leaf enable-external-groups {
+ type boolean;
+ default true;
+ description
+ "Controls whether the server uses the groups reported by the
+ NETCONF transport layer when it assigns the user to a set of
+ NACM groups. If this leaf has the value 'false', any group
+ names reported by the transport layer are ignored by the
+ server.";
+ }
+
+ leaf denied-operations {
+ type yang:zero-based-counter32;
+ config false;
+ mandatory true;
+ description
+ "Number of times since the server last restarted that a
+ protocol operation request was denied.";
+ }
+
+ leaf denied-data-writes {
+ type yang:zero-based-counter32;
+ config false;
+ mandatory true;
+ description
+ "Number of times since the server last restarted that a
+ protocol operation request to alter
+ a configuration datastore was denied.";
+ }
+
+ leaf denied-notifications {
+ type yang:zero-based-counter32;
+ config false;
+ mandatory true;
+ description
+ "Number of times since the server last restarted that
+ a notification was dropped for a subscription because
+ access to the event type was denied.";
+ }
+
+ container groups {
+ description
+ "NETCONF Access Control Groups.";
+
+ list group {
+ key name;
+
+ description
+ "One NACM Group Entry. This list will only contain
+ configured entries, not any entries learned from
+ any transport protocols.";
+
+ leaf name {
+ type group-name-type;
+ description
+ "Group name associated with this entry.";
+ }
+
+ leaf-list user-name {
+ type user-name-type;
+ description
+ "Each entry identifies the username of
+ a member of the group associated with
+ this entry.";
+ }
+ }
+ }
+
+ list rule-list {
+ key "name";
+ ordered-by user;
+ description
+ "An ordered collection of access control rules.";
+
+ leaf name {
+ type string {
+ length "1..max";
+ }
+ description
+ "Arbitrary name assigned to the rule-list.";
+ }
+ leaf-list group {
+ type union {
+ type matchall-string-type;
+ type group-name-type;
+ }
+ description
+ "List of administrative groups that will be
+ assigned the associated access rights
+ defined by the 'rule' list.
+
+ The string '*' indicates that all groups apply to the
+ entry.";
+ }
+
+ list rule {
+ key "name";
+ ordered-by user;
+ description
+ "One access control rule.
+
+ Rules are processed in user-defined order until a match is
+ found. A rule matches if 'module-name', 'rule-type', and
+ 'access-operations' match the request. If a rule
+ matches, the 'action' leaf determines if access is granted
+ or not.";
+
+ leaf name {
+ type string {
+ length "1..max";
+ }
+ description
+ "Arbitrary name assigned to the rule.";
+ }
+
+ leaf module-name {
+ type union {
+ type matchall-string-type;
+ type string;
+ }
+ default "*";
+ description
+ "Name of the module associated with this rule.
+
+ This leaf matches if it has the value '*' or if the
+ object being accessed is defined in the module with the
+ specified module name.";
+ }
+ choice rule-type {
+ description
+ "This choice matches if all leafs present in the rule
+ match the request. If no leafs are present, the
+ choice matches all requests.";
+ case protocol-operation {
+ leaf rpc-name {
+ type union {
+ type matchall-string-type;
+ type string;
+ }
+ description
+ "This leaf matches if it has the value '*' or if
+ its value equals the requested protocol operation
+ name.";
+ }
+ }
+ case notification {
+ leaf notification-name {
+ type union {
+ type matchall-string-type;
+ type string;
+ }
+ description
+ "This leaf matches if it has the value '*' or if its
+ value equals the requested notification name.";
+ }
+ }
+ case data-node {
+ leaf path {
+ type node-instance-identifier;
+ mandatory true;
+ description
+ "Data Node Instance Identifier associated with the
+ data node controlled by this rule.
+
+ Configuration data or state data instance
+ identifiers start with a top-level data node. A
+ complete instance identifier is required for this
+ type of path value.
+
+ The special value '/' refers to all possible
+ datastore contents.";
+ }
+ }
+ }
+
+ leaf access-operations {
+ type union {
+ type matchall-string-type;
+ type access-operations-type;
+ }
+ default "*";
+ description
+ "Access operations associated with this rule.
+
+ This leaf matches if it has the value '*' or if the
+ bit corresponding to the requested operation is set.";
+ }
+
+ leaf action {
+ type action-type;
+ mandatory true;
+ description
+ "The access control action associated with the
+ rule. If a rule is determined to match a
+ particular request, then this object is used
+ to determine whether to permit or deny the
+ request.";
+ }
+
+ leaf comment {
+ type string;
+ description
+ "A textual description of the access rule.";
+ }
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-netconf-monitoring@2010-10-04.yang b/models/common/src/main/yang/ietf-netconf-monitoring@2010-10-04.yang
new file mode 100644
index 0000000..8193cf3
--- /dev/null
+++ b/models/common/src/main/yang/ietf-netconf-monitoring@2010-10-04.yang
@@ -0,0 +1,561 @@
+module ietf-netconf-monitoring {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring";
+ prefix "ncm";
+
+ import ietf-yang-types { prefix yang; }
+ import ietf-inet-types { prefix inet; }
+
+ organization
+ "IETF NETCONF (Network Configuration) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netconf/>
+ WG List: <mailto:netconf@ietf.org>
+
+ WG Chair: Mehmet Ersue
+ <mailto:mehmet.ersue@nsn.com>
+
+ WG Chair: Bert Wijnen
+ <mailto:bertietf@bwijnen.net>
+
+ Editor: Mark Scott
+ <mailto:mark.scott@ericsson.com>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>";
+
+ description
+ "NETCONF Monitoring Module.
+ All elements in this module are read-only.
+
+ Copyright (c) 2010 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's
+ Legal Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6022; see
+ the RFC itself for full legal notices.";
+
+ revision 2010-10-04 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 6022: YANG Module for NETCONF Monitoring";
+ }
+
+ typedef netconf-datastore-type {
+ type enumeration {
+ enum running;
+ enum candidate;
+ enum startup;
+ }
+ description
+ "Enumeration of possible NETCONF datastore types.";
+ reference
+ "RFC 4741: NETCONF Configuration Protocol";
+ }
+
+ identity transport {
+ description
+ "Base identity for NETCONF transport types.";
+ }
+
+ identity netconf-ssh {
+ base transport;
+ description
+ "NETCONF over Secure Shell (SSH).";
+ reference
+ "RFC 4742: Using the NETCONF Configuration Protocol
+ over Secure SHell (SSH)";
+ }
+
+ identity netconf-soap-over-beep {
+ base transport;
+ description
+ "NETCONF over Simple Object Access Protocol (SOAP) over
+ Blocks Extensible Exchange Protocol (BEEP).";
+
+ reference
+ "RFC 4743: Using NETCONF over the Simple Object
+ Access Protocol (SOAP)";
+ }
+
+ identity netconf-soap-over-https {
+ base transport;
+ description
+ "NETCONF over Simple Object Access Protocol (SOAP)
+ over Hypertext Transfer Protocol Secure (HTTPS).";
+ reference
+ "RFC 4743: Using NETCONF over the Simple Object
+ Access Protocol (SOAP)";
+ }
+
+ identity netconf-beep {
+ base transport;
+ description
+ "NETCONF over Blocks Extensible Exchange Protocol (BEEP).";
+ reference
+ "RFC 4744: Using the NETCONF Protocol over the
+ Blocks Extensible Exchange Protocol (BEEP)";
+ }
+
+ identity netconf-tls {
+ base transport;
+ description
+ "NETCONF over Transport Layer Security (TLS).";
+ reference
+ "RFC 5539: NETCONF over Transport Layer Security (TLS)";
+ }
+
+ identity schema-format {
+ description
+ "Base identity for data model schema languages.";
+ }
+
+ identity xsd {
+ base schema-format;
+ description
+ "W3C XML Schema Definition.";
+ reference
+ "W3C REC REC-xmlschema-1-20041028:
+ XML Schema Part 1: Structures";
+ }
+
+ identity yang {
+ base schema-format;
+ description
+ "The YANG data modeling language for NETCONF.";
+ reference
+ "RFC 6020: YANG - A Data Modeling Language for the
+ Network Configuration Protocol (NETCONF)";
+ }
+
+ identity yin {
+ base schema-format;
+ description
+ "The YIN syntax for YANG.";
+ reference
+ "RFC 6020: YANG - A Data Modeling Language for the
+ Network Configuration Protocol (NETCONF)";
+ }
+
+ identity rng {
+ base schema-format;
+ description
+ "Regular Language for XML Next Generation (RELAX NG).";
+ reference
+ "ISO/IEC 19757-2:2008: RELAX NG";
+ }
+
+ identity rnc {
+ base schema-format;
+ description
+ "Relax NG Compact Syntax";
+ reference
+ "ISO/IEC 19757-2:2008: RELAX NG";
+ }
+
+ grouping common-counters {
+ description
+ "Counters that exist both per session, and also globally,
+ accumulated from all sessions.";
+
+ leaf in-rpcs {
+ type yang:zero-based-counter32;
+ description
+ "Number of correct <rpc> messages received.";
+ }
+ leaf in-bad-rpcs {
+ type yang:zero-based-counter32;
+
+ description
+ "Number of messages received when an <rpc> message was expected,
+ that were not correct <rpc> messages. This includes XML parse
+ errors and errors on the rpc layer.";
+ }
+ leaf out-rpc-errors {
+ type yang:zero-based-counter32;
+ description
+ "Number of <rpc-reply> messages sent that contained an
+ <rpc-error> element.";
+ }
+ leaf out-notifications {
+ type yang:zero-based-counter32;
+ description
+ "Number of <notification> messages sent.";
+ }
+ }
+
+ container netconf-state {
+ config false;
+ description
+ "The netconf-state container is the root of the monitoring
+ data model.";
+
+ container capabilities {
+ description
+ "Contains the list of NETCONF capabilities supported by the
+ server.";
+
+ leaf-list capability {
+ type inet:uri;
+ description
+ "List of NETCONF capabilities supported by the server.";
+ }
+ }
+
+ container datastores {
+ description
+ "Contains the list of NETCONF configuration datastores.";
+
+ list datastore {
+ key name;
+ description
+ "List of NETCONF configuration datastores supported by
+ the NETCONF server and related information.";
+
+ leaf name {
+ type netconf-datastore-type;
+ description
+ "Name of the datastore associated with this list entry.";
+ }
+ container locks {
+ presence
+ "This container is present only if the datastore
+ is locked.";
+ description
+ "The NETCONF <lock> and <partial-lock> operations allow
+ a client to lock specific resources in a datastore. The
+ NETCONF server will prevent changes to the locked
+ resources by all sessions except the one that acquired
+ the lock(s).
+
+ Monitoring information is provided for each datastore
+ entry including details such as the session that acquired
+ the lock, the type of lock (global or partial) and the
+ list of locked resources. Multiple locks per datastore
+ are supported.";
+
+ grouping lock-info {
+ description
+ "Lock related parameters, common to both global and
+ partial locks.";
+
+ leaf locked-by-session {
+ type uint32;
+ mandatory true;
+ description
+ "The session ID of the session that has locked
+ this resource. Both a global lock and a partial
+ lock MUST contain the NETCONF session-id.
+
+ If the lock is held by a session that is not managed
+ by the NETCONF server (e.g., a CLI session), a session
+ id of 0 (zero) is reported.";
+ reference
+ "RFC 4741: NETCONF Configuration Protocol";
+ }
+ leaf locked-time {
+ type yang:date-and-time;
+ mandatory true;
+ description
+ "The date and time of when the resource was
+ locked.";
+ }
+ }
+
+ choice lock-type {
+ description
+ "Indicates if a global lock or a set of partial locks
+ are set.";
+
+ container global-lock {
+ description
+ "Present if the global lock is set.";
+ uses lock-info;
+ }
+
+ list partial-lock {
+ key lock-id;
+ description
+ "List of partial locks.";
+ reference
+ "RFC 5717: Partial Lock Remote Procedure Call (RPC) for
+ NETCONF";
+
+ leaf lock-id {
+ type uint32;
+ description
+ "This is the lock id returned in the <partial-lock>
+ response.";
+ }
+ uses lock-info;
+ leaf-list select {
+ type yang:xpath1.0;
+ min-elements 1;
+ description
+ "The xpath expression that was used to request
+ the lock. The select expression indicates the
+ original intended scope of the lock.";
+ }
+ leaf-list locked-node {
+ type instance-identifier;
+ description
+ "The list of instance-identifiers (i.e., the
+ locked nodes).
+
+ The scope of the partial lock is defined by the list
+ of locked nodes.";
+ }
+ }
+ }
+ }
+ }
+ }
+ container schemas {
+ description
+ "Contains the list of data model schemas supported by the
+ server.";
+
+ list schema {
+ key "identifier version format";
+
+ description
+ "List of data model schemas supported by the server.";
+
+ leaf identifier {
+ type string;
+ description
+ "Identifier to uniquely reference the schema. The
+ identifier is used in the <get-schema> operation and may
+ be used for other purposes such as file retrieval.
+
+ For modeling languages that support or require a data
+ model name (e.g., YANG module name) the identifier MUST
+ match that name. For YANG data models, the identifier is
+ the name of the module or submodule. In other cases, an
+ identifier such as a filename MAY be used instead.";
+ }
+ leaf version {
+ type string;
+ description
+ "Version of the schema supported. Multiple versions MAY be
+ supported simultaneously by a NETCONF server. Each
+ version MUST be reported individually in the schema list,
+ i.e., with same identifier, possibly different location,
+ but different version.
+
+ For YANG data models, version is the value of the most
+ recent YANG 'revision' statement in the module or
+ submodule, or the empty string if no 'revision' statement
+ is present.";
+ }
+ leaf format {
+ type identityref {
+ base schema-format;
+ }
+ description
+ "The data modeling language the schema is written
+ in (currently xsd, yang, yin, rng, or rnc).
+
+ For YANG data models, 'yang' format MUST be supported and
+ 'yin' format MAY also be provided.";
+ }
+ leaf namespace {
+ type inet:uri;
+ mandatory true;
+ description
+ "The XML namespace defined by the data model.
+
+ For YANG data models, this is the module's namespace.
+ If the list entry describes a submodule, this field
+ contains the namespace of the module to which the
+ submodule belongs.";
+ }
+ leaf-list location {
+ type union {
+ type enumeration {
+ enum "NETCONF";
+ }
+ type inet:uri;
+ }
+ description
+ "One or more locations from which the schema can be
+ retrieved. This list SHOULD contain at least one
+ entry per schema.
+
+ A schema entry may be located on a remote file system
+ (e.g., reference to file system for ftp retrieval) or
+ retrieved directly from a server supporting the
+ <get-schema> operation (denoted by the value 'NETCONF').";
+ }
+ }
+ }
+
+ container sessions {
+ description
+ "The sessions container includes session-specific data for
+ NETCONF management sessions. The session list MUST include
+ all currently active NETCONF sessions.";
+
+ list session {
+ key session-id;
+ description
+ "All NETCONF sessions managed by the NETCONF server
+ MUST be reported in this list.";
+
+ leaf session-id {
+ type uint32 {
+ range "1..max";
+ }
+ description
+ "Unique identifier for the session. This value is the
+ NETCONF session identifier, as defined in RFC 4741.";
+ reference
+ "RFC 4741: NETCONF Configuration Protocol";
+ }
+ leaf transport {
+ type identityref {
+ base transport;
+ }
+ mandatory true;
+ description
+ "Identifies the transport for each session, e.g.,
+ 'netconf-ssh', 'netconf-soap', etc.";
+ }
+ leaf username {
+ type string;
+ mandatory true;
+ description
+ "The username is the client identity that was authenticated
+ by the NETCONF transport protocol. The algorithm used to
+ derive the username is NETCONF transport protocol specific
+ and in addition specific to the authentication mechanism
+ used by the NETCONF transport protocol.";
+ }
+ leaf source-host {
+ type inet:host;
+ description
+ "Host identifier of the NETCONF client. The value
+ returned is implementation specific (e.g., hostname,
+ IPv4 address, IPv6 address)";
+ }
+ leaf login-time {
+ type yang:date-and-time;
+ mandatory true;
+ description
+ "Time at the server at which the session was established.";
+ }
+ uses common-counters {
+ description
+ "Per-session counters. Zero based with following reset
+ behaviour:
+ - at start of a session
+ - when max value is reached";
+ }
+ }
+ }
+
+ container statistics {
+ description
+ "Statistical data pertaining to the NETCONF server.";
+
+ leaf netconf-start-time {
+ type yang:date-and-time;
+ description
+ "Date and time at which the management subsystem was
+ started.";
+ }
+ leaf in-bad-hellos {
+ type yang:zero-based-counter32;
+ description
+ "Number of sessions silently dropped because an
+ invalid <hello> message was received. This includes <hello>
+ messages with a 'session-id' attribute, bad namespace, and
+ bad capability declarations.";
+ }
+ leaf in-sessions {
+ type yang:zero-based-counter32;
+ description
+ "Number of sessions started. This counter is incremented
+ when a <hello> message with a <session-id> is sent.
+
+ 'in-sessions' - 'in-bad-hellos' =
+ 'number of correctly started netconf sessions'";
+ }
+ leaf dropped-sessions {
+ type yang:zero-based-counter32;
+
+ description
+ "Number of sessions that were abnormally terminated, e.g.,
+ due to idle timeout or transport close. This counter is not
+ incremented when a session is properly closed by a
+ <close-session> operation, or killed by a <kill-session>
+ operation.";
+ }
+ uses common-counters {
+ description
+ "Global counters, accumulated from all sessions.
+ Zero based with following reset behaviour:
+ - re-initialization of NETCONF server
+ - when max value is reached";
+ }
+ }
+ }
+
+ rpc get-schema {
+ description
+ "This operation is used to retrieve a schema from the
+ NETCONF server.
+
+ Positive Response:
+ The NETCONF server returns the requested schema.
+
+ Negative Response:
+ If requested schema does not exist, the <error-tag> is
+ 'invalid-value'.
+
+ If more than one schema matches the requested parameters, the
+ <error-tag> is 'operation-failed', and <error-app-tag> is
+ 'data-not-unique'.";
+
+ input {
+ leaf identifier {
+ type string;
+ mandatory true;
+ description
+ "Identifier for the schema list entry.";
+ }
+ leaf version {
+ type string;
+ description
+ "Version of the schema requested. If this parameter is not
+ present, and more than one version of the schema exists on
+ the server, a 'data-not-unique' error is returned, as
+ described above.";
+ }
+ leaf format {
+ type identityref {
+ base schema-format;
+ }
+ description
+ "The data modeling language of the schema. If this
+ parameter is not present, and more than one formats of
+ the schema exists on the server, a 'data-not-unique' error
+ is returned, as described above.";
+ }
+ }
+ output {
+ anyxml data {
+ description
+ "Contains the schema content.";
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-netconf-notifications@2012-02-06.yang b/models/common/src/main/yang/ietf-netconf-notifications@2012-02-06.yang
new file mode 100644
index 0000000..e0b49a6
--- /dev/null
+++ b/models/common/src/main/yang/ietf-netconf-notifications@2012-02-06.yang
@@ -0,0 +1,336 @@
+module ietf-netconf-notifications {
+
+ namespace
+ "urn:ietf:params:xml:ns:yang:ietf-netconf-notifications";
+
+ prefix ncn;
+
+ import ietf-inet-types { prefix inet; }
+ import ietf-netconf { prefix nc; }
+
+ organization
+ "IETF NETCONF (Network Configuration Protocol) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netconf/>
+ WG List: <mailto:netconf@ietf.org>
+
+ WG Chair: Bert Wijnen
+ <mailto:bertietf@bwijnen.net>
+
+ WG Chair: Mehmet Ersue
+ <mailto:mehmet.ersue@nsn.com>
+
+ Editor: Andy Bierman
+ <mailto:andy@netconfcentral.org>";
+
+ description
+ "This module defines a YANG data model for use with the
+ NETCONF protocol that allows the NETCONF client to
+ receive common NETCONF base event notifications.
+
+ Copyright (c) 2012 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6470; see
+ the RFC itself for full legal notices.";
+
+ revision "2012-02-06" {
+ description
+ "Initial version.";
+ reference
+ "RFC 6470: NETCONF Base Notifications";
+ }
+
+ grouping common-session-parms {
+ description
+ "Common session parameters to identify a
+ management session.";
+
+ leaf username {
+ type string;
+ mandatory true;
+ description
+ "Name of the user for the session.";
+ }
+
+ leaf session-id {
+ type nc:session-id-or-zero-type;
+ mandatory true;
+ description
+ "Identifier of the session.
+ A NETCONF session MUST be identified by a non-zero value.
+ A non-NETCONF session MAY be identified by the value zero.";
+ }
+
+ leaf source-host {
+ type inet:ip-address;
+ description
+ "Address of the remote host for the session.";
+ }
+ }
+
+ grouping changed-by-parms {
+ description
+ "Common parameters to identify the source
+ of a change event, such as a configuration
+ or capability change.";
+
+ container changed-by {
+ description
+ "Indicates the source of the change.
+ If caused by internal action, then the
+ empty leaf 'server' will be present.
+ If caused by a management session, then
+ the name, remote host address, and session ID
+ of the session that made the change will be reported.";
+ choice server-or-user {
+ mandatory true;
+ leaf server {
+ type empty;
+ description
+ "If present, the change was caused
+ by the server.";
+ }
+
+ case by-user {
+ uses common-session-parms;
+ }
+ } // choice server-or-user
+ } // container changed-by-parms
+ }
+
+ notification netconf-config-change {
+ description
+ "Generated when the NETCONF server detects that the
+ <running> or <startup> configuration datastore
+ has been changed by a management session.
+ The notification summarizes the edits that
+ have been detected.
+
+ The server MAY choose to also generate this
+ notification while loading a datastore during the
+ boot process for the device.";
+
+ uses changed-by-parms;
+
+ leaf datastore {
+ type enumeration {
+ enum running {
+ description "The <running> datastore has changed.";
+ }
+ enum startup {
+ description "The <startup> datastore has changed";
+ }
+ }
+ default "running";
+ description
+ "Indicates which configuration datastore has changed.";
+ }
+
+ list edit {
+ description
+ "An edit record SHOULD be present for each distinct
+ edit operation that the server has detected on
+ the target datastore. This list MAY be omitted
+ if the detailed edit operations are not known.
+ The server MAY report entries in this list for
+ changes not made by a NETCONF session (e.g., CLI).";
+
+ leaf target {
+ type instance-identifier;
+ description
+ "Topmost node associated with the configuration change.
+ A server SHOULD set this object to the node within
+ the datastore that is being altered. A server MAY
+ set this object to one of the ancestors of the actual
+ node that was changed, or omit this object, if the
+ exact node is not known.";
+ }
+
+ leaf operation {
+ type nc:edit-operation-type;
+ description
+ "Type of edit operation performed.
+ A server MUST set this object to the NETCONF edit
+ operation performed on the target datastore.";
+ }
+ } // list edit
+ } // notification netconf-config-change
+
+ notification netconf-capability-change {
+ description
+ "Generated when the NETCONF server detects that
+ the server capabilities have changed.
+ Indicates which capabilities have been added, deleted,
+ and/or modified. The manner in which a server
+ capability is changed is outside the scope of this
+ document.";
+
+ uses changed-by-parms;
+
+ leaf-list added-capability {
+ type inet:uri;
+ description
+ "List of capabilities that have just been added.";
+ }
+
+ leaf-list deleted-capability {
+ type inet:uri;
+ description
+ "List of capabilities that have just been deleted.";
+ }
+
+ leaf-list modified-capability {
+ type inet:uri;
+ description
+ "List of capabilities that have just been modified.
+ A capability is considered to be modified if the
+ base URI for the capability has not changed, but
+ one or more of the parameters encoded at the end of
+ the capability URI have changed.
+ The new modified value of the complete URI is returned.";
+ }
+ } // notification netconf-capability-change
+
+ notification netconf-session-start {
+ description
+ "Generated when a NETCONF server detects that a
+ NETCONF session has started. A server MAY generate
+ this event for non-NETCONF management sessions.
+ Indicates the identity of the user that started
+ the session.";
+ uses common-session-parms;
+ } // notification netconf-session-start
+
+ notification netconf-session-end {
+ description
+ "Generated when a NETCONF server detects that a
+ NETCONF session has terminated.
+ A server MAY optionally generate this event for
+ non-NETCONF management sessions. Indicates the
+ identity of the user that owned the session,
+ and why the session was terminated.";
+
+ uses common-session-parms;
+
+ leaf killed-by {
+ when "../termination-reason = 'killed'";
+ type nc:session-id-type;
+ description
+ "The ID of the session that directly caused this session
+ to be abnormally terminated. If this session was abnormally
+ terminated by a non-NETCONF session unknown to the server,
+ then this leaf will not be present.";
+ }
+
+ leaf termination-reason {
+ type enumeration {
+ enum "closed" {
+ description
+ "The session was terminated by the client in normal
+ fashion, e.g., by the NETCONF <close-session>
+ protocol operation.";
+ }
+ enum "killed" {
+ description
+ "The session was terminated in abnormal
+ fashion, e.g., by the NETCONF <kill-session>
+ protocol operation.";
+ }
+ enum "dropped" {
+ description
+ "The session was terminated because the transport layer
+ connection was unexpectedly closed.";
+ }
+ enum "timeout" {
+ description
+ "The session was terminated because of inactivity,
+ e.g., waiting for the <hello> message or <rpc>
+ messages.";
+ }
+
+ enum "bad-hello" {
+ description
+ "The client's <hello> message was invalid.";
+ }
+ enum "other" {
+ description
+ "The session was terminated for some other reason.";
+ }
+ }
+ mandatory true;
+ description
+ "Reason the session was terminated.";
+ }
+ } // notification netconf-session-end
+
+ notification netconf-confirmed-commit {
+ description
+ "Generated when a NETCONF server detects that a
+ confirmed-commit event has occurred. Indicates the event
+ and the current state of the confirmed-commit procedure
+ in progress.";
+ reference
+ "RFC 6241, Section 8.4";
+
+ uses common-session-parms {
+ when "../confirm-event != 'timeout'";
+ }
+
+ leaf confirm-event {
+ type enumeration {
+ enum "start" {
+ description
+ "The confirmed-commit procedure has started.";
+ }
+ enum "cancel" {
+ description
+ "The confirmed-commit procedure has been canceled,
+ e.g., due to the session being terminated, or an
+ explicit <cancel-commit> operation.";
+ }
+ enum "timeout" {
+ description
+ "The confirmed-commit procedure has been canceled
+ due to the confirm-timeout interval expiring.
+ The common session parameters will not be present
+ in this sub-mode.";
+ }
+ enum "extend" {
+ description
+ "The confirmed-commit timeout has been extended,
+ e.g., by a new <confirmed-commit> operation.";
+ }
+ enum "complete" {
+ description
+ "The confirmed-commit procedure has been completed.";
+ }
+ }
+ mandatory true;
+ description
+ "Indicates the event that caused the notification.";
+ }
+
+ leaf timeout {
+ when
+ "../confirm-event = 'start' or ../confirm-event = 'extend'";
+ type uint32;
+ units "seconds";
+ description
+ "The configured timeout value if the event type
+ is 'start' or 'extend'. This value represents
+ the approximate number of seconds from the event
+ time when the 'timeout' event might occur.";
+ }
+ } // notification netconf-confirmed-commit
+
+}
diff --git a/models/common/src/main/yang/ietf-netconf-partial-lock@2009-10-19.yang b/models/common/src/main/yang/ietf-netconf-partial-lock@2009-10-19.yang
new file mode 100644
index 0000000..31b6e73
--- /dev/null
+++ b/models/common/src/main/yang/ietf-netconf-partial-lock@2009-10-19.yang
@@ -0,0 +1,77 @@
+module ietf-netconf-partial-lock {
+
+ namespace urn:ietf:params:xml:ns:netconf:partial-lock:1.0;
+ prefix pl;
+
+ organization "IETF Network Configuration (netconf) Working Group";
+
+ contact
+ "Netconf Working Group
+ Mailing list: netconf@ietf.org
+ Web: http://www.ietf.org/html.charters/netconf-charter.html
+
+ Balazs Lengyel
+ Ericsson
+ balazs.lengyel@ericsson.com";
+
+ description
+ "This YANG module defines the <partial-lock> and
+ <partial-unlock> operations.";
+
+ revision 2009-10-19 {
+ description
+ "Initial version, published as RFC 5717.";
+ }
+
+ typedef lock-id-type {
+ type uint32;
+ description
+ "A number identifying a specific partial-lock granted to a session.
+ It is allocated by the system, and SHOULD be used in the
+ partial-unlock operation.";
+ }
+
+ rpc partial-lock {
+ description
+ "A NETCONF operation that locks parts of the running datastore.";
+ input {
+ leaf-list select {
+ type string;
+ min-elements 1;
+ description
+ "XPath expression that specifies the scope of the lock.
+ An Instance Identifier expression MUST be used unless the
+ :xpath capability is supported, in which case any XPath 1.0
+ expression is allowed.";
+ }
+ }
+ output {
+ leaf lock-id {
+ type lock-id-type;
+ description
+ "Identifies the lock, if granted. The lock-id SHOULD be
+ used in the partial-unlock rpc.";
+ }
+ leaf-list locked-node {
+ type instance-identifier;
+ min-elements 1;
+ description
+ "List of locked nodes in the running datastore";
+ }
+ }
+ }
+
+ rpc partial-unlock {
+ description
+ "A NETCONF operation that releases a previously acquired
+ partial-lock.";
+ input {
+ leaf lock-id {
+ type lock-id-type;
+ description
+ "Identifies the lock to be released. MUST be the value
+ received in the response to a partial-lock operation.";
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-netconf-with-defaults@2011-06-01.yang b/models/common/src/main/yang/ietf-netconf-with-defaults@2011-06-01.yang
new file mode 100644
index 0000000..8a7be8c
--- /dev/null
+++ b/models/common/src/main/yang/ietf-netconf-with-defaults@2011-06-01.yang
@@ -0,0 +1,138 @@
+module ietf-netconf-with-defaults {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults";
+
+ prefix ncwd;
+
+ import ietf-netconf { prefix nc; }
+
+ organization
+ "IETF NETCONF (Network Configuration Protocol) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netconf/>
+
+ WG List: <netconf@ietf.org>
+
+ WG Chair: Bert Wijnen
+ <bertietf@bwijnen.net>
+
+ WG Chair: Mehmet Ersue
+ <mehmet.ersue@nsn.com>
+
+ Editor: Andy Bierman
+ <andy.bierman@brocade.com>
+
+ Editor: Balazs Lengyel
+ <balazs.lengyel@ericsson.com>";
+
+ description
+ "This module defines an extension to the NETCONF protocol
+ that allows the NETCONF client to control how default
+ values are handled by the server in particular NETCONF
+ operations.
+
+ Copyright (c) 2011 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6243; see
+ the RFC itself for full legal notices.";
+ revision 2011-06-01 {
+ description
+ "Initial version.";
+ reference
+ "RFC 6243: With-defaults Capability for NETCONF";
+ }
+
+ typedef with-defaults-mode {
+ description
+ "Possible modes to report default data.";
+ reference
+ "RFC 6243; Section 3.";
+ type enumeration {
+ enum report-all {
+ description
+ "All default data is reported.";
+ reference
+ "RFC 6243; Section 3.1";
+ }
+ enum report-all-tagged {
+ description
+ "All default data is reported.
+ Any nodes considered to be default data
+ will contain a 'default' XML attribute,
+ set to 'true' or '1'.";
+ reference
+ "RFC 6243; Section 3.4";
+ }
+ enum trim {
+ description
+ "Values are not reported if they contain the default.";
+ reference
+ "RFC 6243; Section 3.2";
+ }
+ enum explicit {
+ description
+ "Report values that contain the definition of
+ explicitly set data.";
+ reference
+ "RFC 6243; Section 3.3";
+ }
+ }
+ }
+
+ grouping with-defaults-parameters {
+ description
+ "Contains the <with-defaults> parameter for control
+ of defaults in NETCONF retrieval operations.";
+ leaf with-defaults {
+ description
+ "The explicit defaults processing mode requested.";
+ reference
+ "RFC 6243; Section 4.5.1";
+
+ type with-defaults-mode;
+ }
+ }
+
+ // extending the get-config operation
+ augment /nc:get-config/nc:input {
+ description
+ "Adds the <with-defaults> parameter to the
+ input of the NETCONF <get-config> operation.";
+ reference
+ "RFC 6243; Section 4.5.1";
+
+ uses with-defaults-parameters;
+ }
+
+ // extending the get operation
+ augment /nc:get/nc:input {
+ description
+ "Adds the <with-defaults> parameter to
+ the input of the NETCONF <get> operation.";
+ reference
+ "RFC 6243; Section 4.5.1";
+
+ uses with-defaults-parameters;
+ }
+
+ // extending the copy-config operation
+ augment /nc:copy-config/nc:input {
+ description
+ "Adds the <with-defaults> parameter to
+ the input of the NETCONF <copy-config> operation.";
+ reference
+ "RFC 6243; Section 4.5.1";
+
+ uses with-defaults-parameters;
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-netconf@2011-06-01.yang b/models/common/src/main/yang/ietf-netconf@2011-06-01.yang
new file mode 100644
index 0000000..44c19c3
--- /dev/null
+++ b/models/common/src/main/yang/ietf-netconf@2011-06-01.yang
@@ -0,0 +1,927 @@
+module ietf-netconf {
+
+ // the namespace for NETCONF XML definitions is unchanged
+ // from RFC 4741, which this document replaces
+ namespace "urn:ietf:params:xml:ns:netconf:base:1.0";
+
+ prefix nc;
+
+ import ietf-inet-types {
+ prefix inet;
+ }
+
+ organization
+ "IETF NETCONF (Network Configuration) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netconf/>
+ WG List: <netconf@ietf.org>
+
+ WG Chair: Bert Wijnen
+ <bertietf@bwijnen.net>
+
+ WG Chair: Mehmet Ersue
+ <mehmet.ersue@nsn.com>
+
+ Editor: Martin Bjorklund
+ <mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <j.schoenwaelder@jacobs-university.de>
+
+ Editor: Andy Bierman
+ <andy.bierman@brocade.com>";
+ description
+ "NETCONF Protocol Data Types and Protocol Operations.
+
+ Copyright (c) 2011 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6241; see
+ the RFC itself for full legal notices.";
+ revision 2011-06-01 {
+ description
+ "Initial revision";
+ reference
+ "RFC 6241: Network Configuration Protocol";
+ }
+
+ extension get-filter-element-attributes {
+ description
+ "If this extension is present within an 'anyxml'
+ statement named 'filter', which must be conceptually
+ defined within the RPC input section for the <get>
+ and <get-config> protocol operations, then the
+ following unqualified XML attribute is supported
+ within the <filter> element, within a <get> or
+ <get-config> protocol operation:
+
+ type : optional attribute with allowed
+ value strings 'subtree' and 'xpath'.
+ If missing, the default value is 'subtree'.
+
+ If the 'xpath' feature is supported, then the
+ following unqualified XML attribute is
+ also supported:
+
+ select: optional attribute containing a
+ string representing an XPath expression.
+ The 'type' attribute must be equal to 'xpath'
+ if this attribute is present.";
+ }
+
+ // NETCONF capabilities defined as features
+ feature writable-running {
+ description
+ "NETCONF :writable-running capability;
+ If the server advertises the :writable-running
+ capability for a session, then this feature must
+ also be enabled for that session. Otherwise,
+ this feature must not be enabled.";
+ reference "RFC 6241, Section 8.2";
+ }
+
+ feature candidate {
+ description
+ "NETCONF :candidate capability;
+ If the server advertises the :candidate
+ capability for a session, then this feature must
+ also be enabled for that session. Otherwise,
+ this feature must not be enabled.";
+ reference "RFC 6241, Section 8.3";
+ }
+
+ feature confirmed-commit {
+ if-feature candidate;
+ description
+ "NETCONF :confirmed-commit:1.1 capability;
+ If the server advertises the :confirmed-commit:1.1
+ capability for a session, then this feature must
+ also be enabled for that session. Otherwise,
+ this feature must not be enabled.";
+
+ reference "RFC 6241, Section 8.4";
+ }
+
+ feature rollback-on-error {
+ description
+ "NETCONF :rollback-on-error capability;
+ If the server advertises the :rollback-on-error
+ capability for a session, then this feature must
+ also be enabled for that session. Otherwise,
+ this feature must not be enabled.";
+ reference "RFC 6241, Section 8.5";
+ }
+
+ feature validate {
+ description
+ "NETCONF :validate:1.1 capability;
+ If the server advertises the :validate:1.1
+ capability for a session, then this feature must
+ also be enabled for that session. Otherwise,
+ this feature must not be enabled.";
+ reference "RFC 6241, Section 8.6";
+ }
+
+ feature startup {
+ description
+ "NETCONF :startup capability;
+ If the server advertises the :startup
+ capability for a session, then this feature must
+ also be enabled for that session. Otherwise,
+ this feature must not be enabled.";
+ reference "RFC 6241, Section 8.7";
+ }
+
+ feature url {
+ description
+ "NETCONF :url capability;
+ If the server advertises the :url
+ capability for a session, then this feature must
+ also be enabled for that session. Otherwise,
+ this feature must not be enabled.";
+ reference "RFC 6241, Section 8.8";
+ }
+
+ feature xpath {
+ description
+ "NETCONF :xpath capability;
+ If the server advertises the :xpath
+ capability for a session, then this feature must
+ also be enabled for that session. Otherwise,
+ this feature must not be enabled.";
+ reference "RFC 6241, Section 8.9";
+ }
+
+ // NETCONF Simple Types
+
+ typedef session-id-type {
+ type uint32 {
+ range "1..max";
+ }
+ description
+ "NETCONF Session Id";
+ }
+
+ typedef session-id-or-zero-type {
+ type uint32;
+ description
+ "NETCONF Session Id or Zero to indicate none";
+ }
+ typedef error-tag-type {
+ type enumeration {
+ enum in-use {
+ description
+ "The request requires a resource that
+ already is in use.";
+ }
+ enum invalid-value {
+ description
+ "The request specifies an unacceptable value for one
+ or more parameters.";
+ }
+ enum too-big {
+ description
+ "The request or response (that would be generated) is
+ too large for the implementation to handle.";
+ }
+ enum missing-attribute {
+ description
+ "An expected attribute is missing.";
+ }
+ enum bad-attribute {
+ description
+ "An attribute value is not correct; e.g., wrong type,
+ out of range, pattern mismatch.";
+ }
+ enum unknown-attribute {
+ description
+ "An unexpected attribute is present.";
+ }
+ enum missing-element {
+ description
+ "An expected element is missing.";
+ }
+ enum bad-element {
+ description
+ "An element value is not correct; e.g., wrong type,
+ out of range, pattern mismatch.";
+ }
+ enum unknown-element {
+ description
+ "An unexpected element is present.";
+ }
+ enum unknown-namespace {
+ description
+ "An unexpected namespace is present.";
+ }
+ enum access-denied {
+ description
+ "Access to the requested protocol operation or
+ data model is denied because authorization failed.";
+ }
+ enum lock-denied {
+ description
+ "Access to the requested lock is denied because the
+ lock is currently held by another entity.";
+ }
+ enum resource-denied {
+ description
+ "Request could not be completed because of
+ insufficient resources.";
+ }
+ enum rollback-failed {
+ description
+ "Request to roll back some configuration change (via
+ rollback-on-error or <discard-changes> operations)
+ was not completed for some reason.";
+
+ }
+ enum data-exists {
+ description
+ "Request could not be completed because the relevant
+ data model content already exists. For example,
+ a 'create' operation was attempted on data that
+ already exists.";
+ }
+ enum data-missing {
+ description
+ "Request could not be completed because the relevant
+ data model content does not exist. For example,
+ a 'delete' operation was attempted on
+ data that does not exist.";
+ }
+ enum operation-not-supported {
+ description
+ "Request could not be completed because the requested
+ operation is not supported by this implementation.";
+ }
+ enum operation-failed {
+ description
+ "Request could not be completed because the requested
+ operation failed for some reason not covered by
+ any other error condition.";
+ }
+ enum partial-operation {
+ description
+ "This error-tag is obsolete, and SHOULD NOT be sent
+ by servers conforming to this document.";
+ }
+ enum malformed-message {
+ description
+ "A message could not be handled because it failed to
+ be parsed correctly. For example, the message is not
+ well-formed XML or it uses an invalid character set.";
+ }
+ }
+ description "NETCONF Error Tag";
+ reference "RFC 6241, Appendix A";
+ }
+
+ typedef error-severity-type {
+ type enumeration {
+ enum error {
+ description "Error severity";
+ }
+ enum warning {
+ description "Warning severity";
+ }
+ }
+ description "NETCONF Error Severity";
+ reference "RFC 6241, Section 4.3";
+ }
+
+ typedef edit-operation-type {
+ type enumeration {
+ enum merge {
+ description
+ "The configuration data identified by the
+ element containing this attribute is merged
+ with the configuration at the corresponding
+ level in the configuration datastore identified
+ by the target parameter.";
+ }
+ enum replace {
+ description
+ "The configuration data identified by the element
+ containing this attribute replaces any related
+ configuration in the configuration datastore
+ identified by the target parameter. If no such
+ configuration data exists in the configuration
+ datastore, it is created. Unlike a
+ <copy-config> operation, which replaces the
+ entire target configuration, only the configuration
+ actually present in the config parameter is affected.";
+ }
+ enum create {
+ description
+ "The configuration data identified by the element
+ containing this attribute is added to the
+ configuration if and only if the configuration
+ data does not already exist in the configuration
+ datastore. If the configuration data exists, an
+ <rpc-error> element is returned with an
+ <error-tag> value of 'data-exists'.";
+ }
+ enum delete {
+ description
+ "The configuration data identified by the element
+ containing this attribute is deleted from the
+ configuration if and only if the configuration
+ data currently exists in the configuration
+ datastore. If the configuration data does not
+ exist, an <rpc-error> element is returned with
+ an <error-tag> value of 'data-missing'.";
+ }
+ enum remove {
+ description
+ "The configuration data identified by the element
+ containing this attribute is deleted from the
+ configuration if the configuration
+ data currently exists in the configuration
+ datastore. If the configuration data does not
+ exist, the 'remove' operation is silently ignored
+ by the server.";
+ }
+ }
+ default "merge";
+ description "NETCONF 'operation' attribute values";
+ reference "RFC 6241, Section 7.2";
+ }
+
+ // NETCONF Standard Protocol Operations
+
+ rpc get-config {
+ description
+ "Retrieve all or part of a specified configuration.";
+
+ reference "RFC 6241, Section 7.1";
+
+ input {
+ container source {
+ description
+ "Particular configuration to retrieve.";
+
+ choice config-source {
+ mandatory true;
+ description
+ "The configuration to retrieve.";
+ leaf candidate {
+ if-feature candidate;
+ type empty;
+ description
+ "The candidate configuration is the config source.";
+ }
+ leaf running {
+ type empty;
+ description
+ "The running configuration is the config source.";
+ }
+ leaf startup {
+ if-feature startup;
+ type empty;
+ description
+ "The startup configuration is the config source.
+ This is optional-to-implement on the server because
+ not all servers will support filtering for this
+ datastore.";
+ }
+ }
+ }
+
+ anyxml filter {
+ description
+ "Subtree or XPath filter to use.";
+ nc:get-filter-element-attributes;
+ }
+ }
+
+ output {
+ anyxml data {
+ description
+ "Copy of the source datastore subset that matched
+ the filter criteria (if any). An empty data container
+ indicates that the request did not produce any results.";
+ }
+ }
+ }
+
+ rpc edit-config {
+ description
+ "The <edit-config> operation loads all or part of a specified
+ configuration to the specified target configuration.";
+
+ reference "RFC 6241, Section 7.2";
+
+ input {
+ container target {
+ description
+ "Particular configuration to edit.";
+
+ choice config-target {
+ mandatory true;
+ description
+ "The configuration target.";
+
+ leaf candidate {
+ if-feature candidate;
+ type empty;
+ description
+ "The candidate configuration is the config target.";
+ }
+ leaf running {
+ if-feature writable-running;
+ type empty;
+ description
+ "The running configuration is the config source.";
+ }
+ }
+ }
+
+ leaf default-operation {
+ type enumeration {
+ enum merge {
+ description
+ "The default operation is merge.";
+ }
+ enum replace {
+ description
+ "The default operation is replace.";
+ }
+ enum none {
+ description
+ "There is no default operation.";
+ }
+ }
+ default "merge";
+ description
+ "The default operation to use.";
+ }
+
+ leaf test-option {
+ if-feature validate;
+ type enumeration {
+ enum test-then-set {
+ description
+ "The server will test and then set if no errors.";
+ }
+ enum set {
+ description
+ "The server will set without a test first.";
+ }
+
+ enum test-only {
+ description
+ "The server will only test and not set, even
+ if there are no errors.";
+ }
+ }
+ default "test-then-set";
+ description
+ "The test option to use.";
+ }
+
+ leaf error-option {
+ type enumeration {
+ enum stop-on-error {
+ description
+ "The server will stop on errors.";
+ }
+ enum continue-on-error {
+ description
+ "The server may continue on errors.";
+ }
+ enum rollback-on-error {
+ description
+ "The server will roll back on errors.
+ This value can only be used if the 'rollback-on-error'
+ feature is supported.";
+ }
+ }
+ default "stop-on-error";
+ description
+ "The error option to use.";
+ }
+
+ choice edit-content {
+ mandatory true;
+ description
+ "The content for the edit operation.";
+
+ anyxml config {
+ description
+ "Inline Config content.";
+ }
+ leaf url {
+ if-feature url;
+ type inet:uri;
+ description
+ "URL-based config content.";
+ }
+ }
+ }
+ }
+
+ rpc copy-config {
+ description
+ "Create or replace an entire configuration datastore with the
+ contents of another complete configuration datastore.";
+
+ reference "RFC 6241, Section 7.3";
+
+ input {
+ container target {
+ description
+ "Particular configuration to copy to.";
+
+ choice config-target {
+ mandatory true;
+ description
+ "The configuration target of the copy operation.";
+
+ leaf candidate {
+ if-feature candidate;
+ type empty;
+ description
+ "The candidate configuration is the config target.";
+ }
+ leaf running {
+ if-feature writable-running;
+ type empty;
+ description
+ "The running configuration is the config target.
+ This is optional-to-implement on the server.";
+ }
+ leaf startup {
+ if-feature startup;
+ type empty;
+ description
+ "The startup configuration is the config target.";
+ }
+ leaf url {
+ if-feature url;
+ type inet:uri;
+ description
+ "The URL-based configuration is the config target.";
+ }
+ }
+ }
+
+ container source {
+ description
+ "Particular configuration to copy from.";
+
+ choice config-source {
+ mandatory true;
+ description
+ "The configuration source for the copy operation.";
+
+ leaf candidate {
+ if-feature candidate;
+ type empty;
+ description
+ "The candidate configuration is the config source.";
+ }
+ leaf running {
+ type empty;
+ description
+ "The running configuration is the config source.";
+ }
+ leaf startup {
+ if-feature startup;
+ type empty;
+ description
+ "The startup configuration is the config source.";
+ }
+ leaf url {
+ if-feature url;
+ type inet:uri;
+ description
+ "The URL-based configuration is the config source.";
+ }
+ anyxml config {
+ description
+ "Inline Config content: <config> element. Represents
+ an entire configuration datastore, not
+ a subset of the running datastore.";
+ }
+ }
+ }
+ }
+ }
+
+ rpc delete-config {
+ description
+ "Delete a configuration datastore.";
+
+ reference "RFC 6241, Section 7.4";
+
+ input {
+ container target {
+ description
+ "Particular configuration to delete.";
+
+ choice config-target {
+ mandatory true;
+ description
+ "The configuration target to delete.";
+
+ leaf startup {
+ if-feature startup;
+ type empty;
+ description
+ "The startup configuration is the config target.";
+ }
+ leaf url {
+ if-feature url;
+ type inet:uri;
+ description
+ "The URL-based configuration is the config target.";
+ }
+ }
+ }
+ }
+ }
+
+ rpc lock {
+ description
+ "The lock operation allows the client to lock the configuration
+ system of a device.";
+
+ reference "RFC 6241, Section 7.5";
+
+ input {
+ container target {
+ description
+ "Particular configuration to lock.";
+
+ choice config-target {
+ mandatory true;
+ description
+ "The configuration target to lock.";
+
+ leaf candidate {
+ if-feature candidate;
+ type empty;
+ description
+ "The candidate configuration is the config target.";
+ }
+ leaf running {
+ type empty;
+ description
+ "The running configuration is the config target.";
+ }
+ leaf startup {
+ if-feature startup;
+ type empty;
+ description
+ "The startup configuration is the config target.";
+ }
+ }
+ }
+ }
+ }
+
+ rpc unlock {
+ description
+ "The unlock operation is used to release a configuration lock,
+ previously obtained with the 'lock' operation.";
+
+ reference "RFC 6241, Section 7.6";
+
+ input {
+ container target {
+ description
+ "Particular configuration to unlock.";
+
+ choice config-target {
+ mandatory true;
+ description
+ "The configuration target to unlock.";
+
+ leaf candidate {
+ if-feature candidate;
+ type empty;
+ description
+ "The candidate configuration is the config target.";
+ }
+ leaf running {
+ type empty;
+ description
+ "The running configuration is the config target.";
+ }
+ leaf startup {
+ if-feature startup;
+ type empty;
+ description
+ "The startup configuration is the config target.";
+ }
+ }
+ }
+ }
+ }
+
+ rpc get {
+ description
+ "Retrieve running configuration and device state information.";
+
+ reference "RFC 6241, Section 7.7";
+
+ input {
+ anyxml filter {
+ description
+ "This parameter specifies the portion of the system
+ configuration and state data to retrieve.";
+ nc:get-filter-element-attributes;
+ }
+ }
+
+ output {
+ anyxml data {
+ description
+ "Copy of the running datastore subset and/or state
+ data that matched the filter criteria (if any).
+ An empty data container indicates that the request did not
+ produce any results.";
+ }
+ }
+ }
+
+ rpc close-session {
+ description
+ "Request graceful termination of a NETCONF session.";
+
+ reference "RFC 6241, Section 7.8";
+ }
+
+ rpc kill-session {
+ description
+ "Force the termination of a NETCONF session.";
+
+ reference "RFC 6241, Section 7.9";
+
+ input {
+ leaf session-id {
+ type session-id-type;
+ mandatory true;
+ description
+ "Particular session to kill.";
+ }
+ }
+ }
+
+ rpc commit {
+ if-feature candidate;
+
+ description
+ "Commit the candidate configuration as the device's new
+ current configuration.";
+
+ reference "RFC 6241, Section 8.3.4.1";
+
+ input {
+ leaf confirmed {
+ if-feature confirmed-commit;
+ type empty;
+ description
+ "Requests a confirmed commit.";
+ reference "RFC 6241, Section 8.3.4.1";
+ }
+
+ leaf confirm-timeout {
+ if-feature confirmed-commit;
+ type uint32 {
+ range "1..max";
+ }
+ units "seconds";
+ default "600"; // 10 minutes
+ description
+ "The timeout interval for a confirmed commit.";
+ reference "RFC 6241, Section 8.3.4.1";
+ }
+
+ leaf persist {
+ if-feature confirmed-commit;
+ type string;
+ description
+ "This parameter is used to make a confirmed commit
+ persistent. A persistent confirmed commit is not aborted
+ if the NETCONF session terminates. The only way to abort
+ a persistent confirmed commit is to let the timer expire,
+ or to use the <cancel-commit> operation.
+
+ The value of this parameter is a token that must be given
+ in the 'persist-id' parameter of <commit> or
+ <cancel-commit> operations in order to confirm or cancel
+ the persistent confirmed commit.
+
+ The token should be a random string.";
+ reference "RFC 6241, Section 8.3.4.1";
+ }
+
+ leaf persist-id {
+ if-feature confirmed-commit;
+ type string;
+ description
+ "This parameter is given in order to commit a persistent
+ confirmed commit. The value must be equal to the value
+ given in the 'persist' parameter to the <commit> operation.
+ If it does not match, the operation fails with an
+ 'invalid-value' error.";
+ reference "RFC 6241, Section 8.3.4.1";
+ }
+
+ }
+ }
+
+ rpc discard-changes {
+ if-feature candidate;
+
+ description
+ "Revert the candidate configuration to the current
+ running configuration.";
+ reference "RFC 6241, Section 8.3.4.2";
+ }
+
+ rpc cancel-commit {
+ if-feature confirmed-commit;
+ description
+ "This operation is used to cancel an ongoing confirmed commit.
+ If the confirmed commit is persistent, the parameter
+ 'persist-id' must be given, and it must match the value of the
+ 'persist' parameter.";
+ reference "RFC 6241, Section 8.4.4.1";
+
+ input {
+ leaf persist-id {
+ type string;
+ description
+ "This parameter is given in order to cancel a persistent
+ confirmed commit. The value must be equal to the value
+ given in the 'persist' parameter to the <commit> operation.
+ If it does not match, the operation fails with an
+ 'invalid-value' error.";
+ }
+ }
+ }
+
+ rpc validate {
+ if-feature validate;
+
+ description
+ "Validates the contents of the specified configuration.";
+
+ reference "RFC 6241, Section 8.6.4.1";
+
+ input {
+ container source {
+ description
+ "Particular configuration to validate.";
+
+ choice config-source {
+ mandatory true;
+ description
+ "The configuration source to validate.";
+
+ leaf candidate {
+ if-feature candidate;
+ type empty;
+ description
+ "The candidate configuration is the config source.";
+ }
+ leaf running {
+ type empty;
+ description
+ "The running configuration is the config source.";
+ }
+ leaf startup {
+ if-feature startup;
+ type empty;
+ description
+ "The startup configuration is the config source.";
+ }
+ leaf url {
+ if-feature url;
+ type inet:uri;
+ description
+ "The URL-based configuration is the config source.";
+ }
+ anyxml config {
+ description
+ "Inline Config content: <config> element. Represents
+ an entire configuration datastore, not
+ a subset of the running datastore.";
+ }
+ }
+ }
+ }
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-snmp-common@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-common@2014-12-10.yang
new file mode 100644
index 0000000..a7d27c2
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-common@2014-12-10.yang
@@ -0,0 +1,184 @@
+submodule ietf-snmp-common {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of common YANG definitions
+ for configuring SNMP engines.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ /* Collection of SNMP-specific data types */
+
+ typedef admin-string {
+ type string {
+ length "0..255";
+ }
+ description
+ "Represents SnmpAdminString as defined in RFC 3411.
+
+ Note that the size of an SnmpAdminString is measured in
+ octets, not characters.";
+
+ reference
+ "RFC 3411: An Architecture for Describing Simple Network
+ Management Protocol (SNMP) Management Frameworks.
+ SNMP-FRAMEWORK-MIB.SnmpAdminString";
+ }
+
+ typedef identifier {
+ type admin-string {
+ length "1..32";
+ }
+ description
+ "Identifiers are used to name items in the SNMP configuration
+ datastore.";
+ }
+
+ typedef context-name {
+ type admin-string {
+ length "0..32";
+ }
+ description
+ "The context type represents an SNMP context name.";
+ reference
+ "RFC 3411: An Architecture for Describing Simple Network
+ Management Protocol (SNMP) Management Frameworks";
+ }
+
+ typedef security-name {
+ type admin-string {
+ length "1..32";
+ }
+ description
+ "The security-name type represents an SNMP security name.";
+ reference
+ "RFC 3411: An Architecture for Describing Simple Network
+ Management Protocol (SNMP) Management Frameworks";
+ }
+
+ typedef security-model {
+ type union {
+ type enumeration {
+ enum v1 { value 1; }
+ enum v2c { value 2; }
+ enum usm { value 3; }
+ enum tsm { value 4; }
+ }
+ type int32 {
+ range "1..2147483647";
+ }
+ }
+ reference
+ "RFC 3411: An Architecture for Describing Simple Network
+ Management Protocol (SNMP) Management Frameworks";
+ }
+
+ typedef security-model-or-any {
+ type union {
+ type enumeration {
+ enum any { value 0; }
+ }
+ type security-model;
+ }
+ reference
+ "RFC 3411: An Architecture for Describing Simple Network
+ Management Protocol (SNMP) Management Frameworks";
+ }
+
+ typedef security-level {
+ type enumeration {
+ enum no-auth-no-priv { value 1; }
+ enum auth-no-priv { value 2; }
+ enum auth-priv { value 3; }
+ }
+ reference
+ "RFC 3411: An Architecture for Describing Simple Network
+ Management Protocol (SNMP) Management Frameworks";
+ }
+
+ typedef engine-id {
+ type yang:hex-string {
+ pattern '([0-9a-fA-F]){2}(:([0-9a-fA-F]){2}){4,31}';
+ }
+ description
+ "The engine ID specified as a list of colon-specified
+ hexadecimal octets, e.g., '80:00:02:b8:04:61:62:63'.";
+ reference
+ "RFC 3411: An Architecture for Describing Simple Network
+ Management Protocol (SNMP) Management Frameworks";
+ }
+
+ typedef wildcard-object-identifier {
+ type string;
+ description
+ "The wildcard-object-identifier type represents an SNMP object
+ identifier where subidentifiers can be given either as a label,
+ in numeric form, or a wildcard, represented by an asterisk
+ ('*').";
+ }
+
+ typedef tag-value {
+ type string {
+ length "0..255";
+ }
+ description
+ "Represents SnmpTagValue as defined in RFC 3413.
+
+ Note that the size of an SnmpTagValue is measured in
+ octets, not characters.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP)
+ Applications.
+ SNMP-TARGET-MIB.SnmpTagValue";
+ }
+
+ container snmp {
+ description
+ "Top-level container for SNMP-related configuration and
+ status objects.";
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-snmp-community@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-community@2014-12-10.yang
new file mode 100644
index 0000000..6bddf1a
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-community@2014-12-10.yang
@@ -0,0 +1,241 @@
+submodule ietf-snmp-community {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ import ietf-netconf-acm {
+ prefix nacm;
+ }
+
+ include ietf-snmp-common;
+ include ietf-snmp-target;
+ include ietf-snmp-proxy;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions
+ for configuring community-based SNMP.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2, and
+ Version 3 of the Internet-standard Network
+ Management Framework";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ augment /snmp:snmp {
+
+ list community {
+ key index;
+
+ description
+ "List of communities.";
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2,
+ and Version 3 of the Internet-standard
+ Network Management Framework.
+ SNMP-COMMUNITY-MIB.snmpCommunityTable";
+
+ leaf index {
+ type snmp:identifier;
+ description
+ "Index into the community list.";
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2,
+ and Version 3 of the Internet-standard
+ Network Management Framework.
+ SNMP-COMMUNITY-MIB.snmpCommunityIndex";
+ }
+ choice name {
+ nacm:default-deny-all;
+ description
+ "The community name, specified as either a string or
+ a binary value. The binary name is used when the
+ community name contains characters that are not legal
+ in a string.
+
+ If not set, the value of 'security-name' is operationally
+ used as the snmpCommunityName.";
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2,
+ and Version 3 of the Internet-standard
+ Network Management Framework.
+ SNMP-COMMUNITY-MIB.snmpCommunityName";
+ leaf text-name {
+ type string;
+ description
+ "A community name that can be represented as a
+ YANG string.";
+ }
+ leaf binary-name {
+ type binary;
+ description
+ "A community name represented as a binary value.";
+ }
+ }
+ leaf security-name {
+ type snmp:security-name;
+ mandatory true;
+ nacm:default-deny-all;
+ description
+ "The snmpCommunitySecurityName of this entry.";
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2,
+ and Version 3 of the Internet-standard
+ Network Management Framework.
+ SNMP-COMMUNITY-MIB.snmpCommunitySecurityName";
+ }
+ leaf engine-id {
+ if-feature snmp:proxy;
+ type snmp:engine-id;
+ description
+ "If not set, the value of the local SNMP engine is
+ operationally used by the device.";
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2,
+ and Version 3 of the Internet-standard
+ Network Management Framework.
+ SNMP-COMMUNITY-MIB.snmpCommunityContextEngineID";
+ }
+ leaf context {
+ type snmp:context-name;
+ default "";
+ description
+ "The context in which management information is accessed
+ when using the community string specified by this entry.";
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2,
+ and Version 3 of the Internet-standard
+ Network Management Framework.
+ SNMP-COMMUNITY-MIB.snmpCommunityContextName";
+ }
+ leaf target-tag {
+ type snmp:tag-value;
+ description
+ "Used to limit access for this community to the specified
+ targets.
+
+ Implementations MAY restrict the values of this leaf
+ to be one of the available values of /snmp/target/tag in
+ a valid configuration.";
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2,
+ and Version 3 of the Internet-standard
+ Network Management Framework.
+ SNMP-COMMUNITY-MIB.snmpCommunityTransportTag";
+ }
+ }
+ }
+
+ grouping v1-target-params {
+ container v1 {
+ description
+ "SNMPv1 parameters type.
+ Represents snmpTargetParamsMPModel '0',
+ snmpTargetParamsSecurityModel '1', and
+ snmpTargetParamsSecurityLevel 'noAuthNoPriv'.";
+ leaf security-name {
+ type snmp:security-name;
+ mandatory true;
+ description
+ "Implementations MAY restrict the values of this leaf
+ to be one of the available values of
+ /snmp/community/security-name in a valid configuration.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetParamsSecurityName";
+ }
+ }
+ }
+
+ grouping v2c-target-params {
+ container v2c {
+ description
+ "SNMPv2 community parameters type.
+ Represents snmpTargetParamsMPModel '1',
+ snmpTargetParamsSecurityModel '2', and
+ snmpTargetParamsSecurityLevel 'noAuthNoPriv'.";
+ leaf security-name {
+ type snmp:security-name;
+ mandatory true;
+ description
+ "Implementations MAY restrict the values of this leaf
+ to be one of the available values of
+ /snmp/community/security-name in a valid configuration.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetParamsSecurityName";
+ }
+ }
+ }
+
+ augment /snmp:snmp/snmp:target-params/snmp:params {
+ case v1 {
+ uses v1-target-params;
+ }
+ case v2c {
+ uses v2c-target-params;
+ }
+ }
+
+ augment /snmp:snmp/snmp:target {
+ when "snmp:v1 or snmp:v2c";
+ leaf mms {
+ type union {
+ type enumeration {
+ enum "unknown" { value 0; }
+ }
+ type int32 {
+ range "484..max";
+ }
+ }
+ default "484";
+ description
+ "The maximum message size.";
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2,
+ and Version 3 of the Internet-standard
+ Network Management Framework.
+ SNMP-COMMUNITY-MIB.snmpTargetAddrMMS";
+ }
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-snmp-engine@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-engine@2014-12-10.yang
new file mode 100644
index 0000000..4b412ae
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-engine@2014-12-10.yang
@@ -0,0 +1,155 @@
+submodule ietf-snmp-engine {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ import ietf-inet-types {
+ prefix inet;
+ }
+
+ include ietf-snmp-common;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions
+ for configuring SNMP engines.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ augment /snmp:snmp {
+
+ container engine {
+
+ description
+ "Configuration of the SNMP engine.";
+
+ leaf enabled {
+ type boolean;
+ default "false";
+ description
+ "Enables the SNMP engine.";
+ }
+
+ list listen {
+ key "name";
+ description
+ "Configuration of the transport endpoints on which the
+ engine listens.";
+
+ leaf name {
+ type snmp:identifier;
+ description
+ "An arbitrary name for the list entry.";
+ }
+
+ choice transport {
+ mandatory true;
+ description
+ "The transport-protocol-specific parameters for this
+ endpoint. Submodules providing configuration for
+ additional transports are expected to augment this
+ choice.";
+ case udp {
+ container udp {
+ leaf ip {
+ type inet:ip-address;
+ mandatory true;
+ description
+ "The IPv4 or IPv6 address on which the engine
+ listens.";
+ }
+ leaf port {
+ type inet:port-number;
+ description
+ "The UDP port on which the engine listens.
+
+ If the port is not configured, an engine that
+ acts as a Command Responder uses port 161, and
+ an engine that acts as a Notification Receiver
+ uses port 162.";
+ }
+ }
+ }
+ }
+ }
+
+ container version {
+ description
+ "SNMP version used by the engine.";
+ leaf v1 {
+ type empty;
+ }
+ leaf v2c {
+ type empty;
+ }
+ leaf v3 {
+ type empty;
+ }
+ }
+
+ leaf engine-id {
+ type snmp:engine-id;
+ description
+ "The local SNMP engine's administratively assigned unique
+ identifier.
+
+ If this leaf is not set, the device automatically
+ calculates an engine ID, as described in RFC 3411. A
+ server MAY initialize this leaf with the automatically
+ created value.";
+ reference
+ "RFC 3411: An Architecture for Describing Simple Network
+ Management Protocol (SNMP) Management
+ Frameworks.
+ SNMP-FRAMEWORK-MIB.snmpEngineID";
+ }
+
+ leaf enable-authen-traps {
+ type boolean;
+ description
+ "Indicates whether the SNMP entity is permitted to
+ generate authenticationFailure traps.";
+ reference
+ "RFC 3418: Management Information Base (MIB) for the
+ Simple Network Management Protocol (SNMP)
+ SNMPv2-MIB.snmpEnableAuthenTraps";
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-snmp-notification@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-notification@2014-12-10.yang
new file mode 100644
index 0000000..ea4a86c
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-notification@2014-12-10.yang
@@ -0,0 +1,204 @@
+submodule ietf-snmp-notification {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ include ietf-snmp-common;
+ include ietf-snmp-target;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions
+ for configuring SNMP notifications.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP)
+ Applications";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ feature notification-filter {
+ description
+ "A server implements this feature if it supports SNMP
+ notification filtering.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP)
+ Applications";
+ }
+
+ augment /snmp:snmp {
+
+ list notify {
+ key name;
+ description
+ "Targets that will receive notifications.
+
+ Entries in this list are mapped 1-1 to entries in
+ snmpNotifyTable, except that if an entry in snmpNotifyTable
+ has an snmpNotifyTag for which no snmpTargetAddrEntry
+ exists, then the snmpNotifyTable entry is not mapped to an
+ entry in this list.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyTable";
+
+ leaf name {
+ type snmp:identifier;
+ description
+ "An arbitrary name for the list entry.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyName";
+ }
+ leaf tag {
+ type snmp:tag-value;
+ mandatory true;
+ description
+ "Target tag, selects a set of notification targets.
+
+ Implementations MAY restrict the values of this leaf
+ to be one of the available values of /snmp/target/tag in
+ a valid configuration.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyTag";
+ }
+ leaf type {
+ type enumeration {
+ enum trap { value 1; }
+ enum inform { value 2; }
+ }
+ default trap;
+ description
+ "Defines the notification type to be generated.";
+
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyType";
+ }
+ }
+
+ list notify-filter-profile {
+ if-feature snmp:notification-filter;
+ key name;
+
+ description
+ "Notification filter profiles.
+
+ The leaf /snmp/target/notify-filter-profile is used
+ to associate a filter profile with a target.
+
+ If an entry in this list is referred to by one or more
+ /snmp/target/notify-filter-profile items, each such
+ notify-filter-profile is represented by one
+ snmpNotifyFilterProfileEntry.
+
+ If an entry in this list is not referred to by any
+ /snmp/target/notify-filter-profile, the entry is not mapped
+ to snmpNotifyFilterProfileTable.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterProfileTable
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterTable";
+
+ leaf name {
+ type snmp:identifier;
+ description
+ "Name of the filter profile.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterProfileName";
+ }
+
+ leaf-list include {
+ type snmp:wildcard-object-identifier;
+ description
+ "A family of subtrees included in this filter.";
+
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterSubtree
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterMask
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterType";
+ }
+
+ leaf-list exclude {
+ type snmp:wildcard-object-identifier;
+ description
+ "A family of subtrees excluded from this filter.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterSubtree
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterMask
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterType";
+ }
+ }
+
+ }
+
+ augment /snmp:snmp/snmp:target-params {
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterProfileTable";
+ leaf notify-filter-profile {
+ if-feature snmp:notification-filter;
+ type leafref {
+ path "/snmp/notify-filter-profile/name";
+ }
+ description
+ "This leafref leaf is used to represent the sparse
+ relationship between the /snmp/target-params list and the
+ /snmp/notify-filter-profile list.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-NOTIFICATION-MIB.snmpNotifyFilterProfileName";
+ }
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-snmp-proxy@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-proxy@2014-12-10.yang
new file mode 100644
index 0000000..a28ff5c
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-proxy@2014-12-10.yang
@@ -0,0 +1,155 @@
+submodule ietf-snmp-proxy {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ include ietf-snmp-common;
+ include ietf-snmp-target;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions
+ for configuring SNMP proxies.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP)
+ Applications";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ feature proxy {
+ description
+ "A server implements this feature if it can act as an
+ SNMP proxy.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP)
+ Applications";
+ }
+
+ augment /snmp:snmp {
+ if-feature snmp:proxy;
+
+ list proxy {
+ key name;
+
+ description
+ "List of proxy parameters.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-PROXY-MIB.snmpProxyTable";
+
+ leaf name {
+ type snmp:identifier;
+ description
+ "Identifies the proxy parameter entry.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-PROXY-MIB.snmpProxyName";
+ }
+ leaf type {
+ type enumeration {
+ enum read { value 1; }
+ enum write { value 2; }
+ enum trap { value 3; }
+ enum inform { value 4; }
+ }
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-PROXY-MIB.snmpProxyType";
+ }
+ leaf context-engine-id {
+ type snmp:engine-id;
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-PROXY-MIB.snmpProxyContextEngineID";
+ }
+ leaf context-name {
+ type snmp:context-name;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-PROXY-MIB.snmpProxyContextName";
+ }
+ leaf target-params-in {
+ type snmp:identifier;
+ description
+ "The name of a target parameters list entry.
+
+ Implementations MAY restrict the values of this
+ leaf to be one of the available values of
+ /snmp/target-params/name in a valid configuration.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-PROXY-MIB.snmpProxyTargetParamsIn";
+ }
+ leaf single-target-out {
+ when "../type = 'read' or ../type = 'write'";
+ type snmp:identifier;
+ description
+ "Implementations MAY restrict the values of this leaf
+ to be one of the available values of /snmp/target/name in
+ a valid configuration.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-PROXY-MIB.snmpProxySingleTargetOut";
+ }
+
+ leaf multiple-target-out {
+ when "../type = 'trap' or ../type = 'inform'";
+ type snmp:tag-value;
+ description
+ "Implementations MAY restrict the values of this leaf
+ to be one of the available values of /snmp/target/tag in
+ a valid configuration.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-PROXY-MIB.snmpProxyMultipleTargetOut";
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-snmp-ssh@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-ssh@2014-12-10.yang
new file mode 100644
index 0000000..e7a5eac
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-ssh@2014-12-10.yang
@@ -0,0 +1,145 @@
+submodule ietf-snmp-ssh {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ import ietf-inet-types {
+ prefix inet;
+ }
+
+ include ietf-snmp-common;
+ include ietf-snmp-engine;
+ include ietf-snmp-target;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions for
+ configuring the Secure Shell Transport Model (SSHTM)
+ of SNMP.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 5592: Secure Shell Transport Model for the
+ Simple Network Management Protocol (SNMP)";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ feature sshtm {
+ description
+ "A server implements this feature if it supports the
+ Secure Shell Transport Model for SNMP.";
+ reference
+ "RFC 5592: Secure Shell Transport Model for the
+ Simple Network Management Protocol (SNMP)";
+ }
+
+ augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport {
+ if-feature sshtm;
+ case ssh {
+ container ssh {
+ description
+ "The IPv4 or IPv6 address and port to which the
+ engine listens for SNMP messages over SSH.";
+
+ leaf ip {
+ type inet:ip-address;
+ mandatory true;
+ description
+ "The IPv4 or IPv6 address on which the engine listens
+ for SNMP messages over SSH.";
+ }
+ leaf port {
+ type inet:port-number;
+ description
+ "The TCP port on which the engine listens for SNMP
+ messages over SSH.
+
+ If the port is not configured, an engine that
+ acts as a Command Responder uses port 5161, and
+ an engine that acts as a Notification Receiver
+ uses port 5162.";
+ }
+ }
+ }
+ }
+
+ augment /snmp:snmp/snmp:target/snmp:transport {
+ if-feature sshtm;
+ case ssh {
+ reference
+ "RFC 5592: Secure Shell Transport Model for the
+ Simple Network Management Protocol (SNMP).
+ SNMP-SSH-TM-MIB.snmpSSHDomain";
+ container ssh {
+ leaf ip {
+ type inet:host;
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress
+ RFC 5592: Secure Shell Transport Model for the
+ Simple Network Management Protocol (SNMP).
+ SNMP-SSH-TM-MIB.SnmpSSHAddress";
+ }
+ leaf port {
+ type inet:port-number;
+ default 5161;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress
+ RFC 5592: Secure Shell Transport Model for the
+ Simple Network Management Protocol (SNMP).
+ SNMP-SSH-TM-MIB.SnmpSSHAddress";
+ }
+ leaf username {
+ type string;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress
+ RFC 5592: Secure Shell Transport Model for the
+ Simple Network Management Protocol (SNMP).
+ SNMP-SSH-TM-MIB.SnmpSSHAddress";
+ }
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-snmp-target@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-target@2014-12-10.yang
new file mode 100644
index 0000000..9b1d6d1
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-target@2014-12-10.yang
@@ -0,0 +1,207 @@
+submodule ietf-snmp-target {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ import ietf-inet-types {
+ prefix inet;
+ }
+
+ include ietf-snmp-common;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions
+ for configuring SNMP targets.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP)
+ Applications";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ augment /snmp:snmp {
+
+ list target {
+ key name;
+ description
+ "List of targets.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP)
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTable";
+
+ leaf name {
+ type snmp:identifier;
+ description
+ "Identifies the target.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP)
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrName";
+ }
+ choice transport {
+ mandatory true;
+ description
+ "Transport address of the target.
+
+ The snmpTargetAddrTDomain and snmpTargetAddrTAddress
+ objects are mapped to transport-specific YANG nodes. Each
+ transport is configured as a separate case in this
+ choice. Submodules providing configuration for additional
+ transports are expected to augment this choice.";
+
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP)
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTDomain
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress";
+ case udp {
+ reference
+ "RFC 3417: Transport Mappings for the Simple Network
+ Management Protocol (SNMP).
+ SNMPv2-TM.snmpUDPDomain
+ RFC 3419: Textual Conventions for Transport Addresses.
+ TRANSPORT-ADDRESS-MIB.transportDomainUdpIpv4
+ TRANSPORT-ADDRESS-MIB.transportDomainUdpIpv4z
+ TRANSPORT-ADDRESS-MIB.transportDomainUdpIpv6
+ TRANSPORT-ADDRESS-MIB.transportDomainUdpIpv6z";
+ container udp {
+ leaf ip {
+ type inet:ip-address;
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress";
+ }
+ leaf port {
+ type inet:port-number;
+ default 162;
+ description
+ "UDP port number.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress";
+ }
+ leaf prefix-length {
+ type uint8;
+ description
+ "The value of this leaf must match the value of
+ ../snmp:ip. If ../snmp:ip contains an IPv4 address,
+ this leaf must be less than or equal to 32. If it
+ contains an IPv6 address, it must be less than or
+ equal to 128.
+
+ Note that the prefix-length is currently only used
+ by the Community-based Security Model to filter
+ incoming messages. Furthermore, the prefix-length
+ filtering does not cover all possible filters
+ supported by the corresponding MIB object.";
+
+ reference
+ "RFC 3584: Coexistence between Version 1, Version 2,
+ and Version 3 of the Internet-standard
+ Network Management Framework.
+ SNMP-COMMUNITY-MIB.snmpTargetAddrTMask";
+ }
+ }
+ }
+ }
+ leaf-list tag {
+ type snmp:tag-value;
+ description
+ "List of tag values used to select target addresses.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTagList";
+ }
+ leaf timeout {
+ type uint32;
+ units "0.01 seconds";
+ default 1500;
+ description
+ "Needed only if this target can receive
+ InformRequest-PDUs.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTimeout";
+ }
+ leaf retries {
+ type uint8;
+ default 3;
+ description
+ "Needed only if this target can receive
+ InformRequest-PDUs.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrRetryCount";
+ }
+ leaf target-params {
+ type snmp:identifier;
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrParams";
+ }
+ }
+
+ list target-params {
+ key name;
+ description
+ "List of target parameters.";
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetParamsTable";
+
+ leaf name {
+ type snmp:identifier;
+ }
+ choice params {
+ description
+ "This choice is augmented with case nodes containing
+ configuration parameters specific to the security model.";
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-snmp-tls@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-tls@2014-12-10.yang
new file mode 100644
index 0000000..e8ed5f7
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-tls@2014-12-10.yang
@@ -0,0 +1,222 @@
+submodule ietf-snmp-tls {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ import ietf-inet-types {
+ prefix inet;
+ }
+ import ietf-x509-cert-to-name {
+ prefix x509c2n;
+ }
+
+ include ietf-snmp-common;
+ include ietf-snmp-engine;
+ include ietf-snmp-target;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions for
+ configuring the Transport Layer Security Transport Model (TLSTM)
+ of SNMP.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model for
+ the Simple Network Management Protocol (SNMP)";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ feature tlstm {
+ description
+ "A server implements this feature if it supports the
+ Transport Layer Security Transport Model for SNMP.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model for
+ the Simple Network Management Protocol (SNMP)";
+ }
+
+ augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport {
+ if-feature tlstm;
+ case tls {
+ container tls {
+ description
+ "A list of IPv4 and IPv6 addresses and ports to which the
+ engine listens for SNMP messages over TLS.";
+
+ leaf ip {
+ type inet:ip-address;
+ mandatory true;
+ description
+ "The IPv4 or IPv6 address on which the engine listens
+ for SNMP messages over TLS.";
+ }
+ leaf port {
+ type inet:port-number;
+ description
+ "The TCP port on which the engine listens for SNMP
+ messages over TLS.
+
+ If the port is not configured, an engine that
+ acts as a Command Responder uses port 10161, and
+ an engine that acts as a Notification Receiver
+ uses port 10162.";
+ }
+ }
+ }
+ case dtls {
+ container dtls {
+ description
+ "A list of IPv4 and IPv6 addresses and ports to which the
+ engine listens for SNMP messages over DTLS.";
+
+ leaf ip {
+ type inet:ip-address;
+ mandatory true;
+ description
+ "The IPv4 or IPv6 address on which the engine listens
+ for SNMP messages over DTLS.";
+ }
+ leaf port {
+ type inet:port-number;
+ description
+ "The UDP port on which the engine listens for SNMP
+ messages over DTLS.
+
+ If the port is not configured, an engine that
+ acts as a Command Responder uses port 10161, and
+ an engine that acts as a Notification Receiver
+ uses port 10162.";
+ }
+ }
+ }
+ }
+
+ augment /snmp:snmp {
+ if-feature tlstm;
+ container tlstm {
+ uses x509c2n:cert-to-name {
+ description
+ "Defines how certificates are mapped to names. The
+ resulting name is used as a security name.";
+ refine cert-to-name/map-type {
+ description
+ "Mappings that use the snmpTlstmCertToTSNData column
+ need to augment the cert-to-name list with
+ additional configuration objects corresponding
+ to the snmpTlstmCertToTSNData value. Such objects
+ should use the 'when' statement to make them
+ conditional based on the map-type.";
+ }
+ }
+ }
+ }
+
+ grouping tls-transport {
+ leaf ip {
+ type inet:host;
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress
+ RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.SnmpTLSAddress";
+ }
+ leaf port {
+ type inet:port-number;
+ default 10161;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress
+ RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.SnmpTLSAddress";
+ }
+ leaf client-fingerprint {
+ type x509c2n:tls-fingerprint;
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmParamsClientFingerprint";
+ }
+ leaf server-fingerprint {
+ type x509c2n:tls-fingerprint;
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmAddrServerFingerprint";
+ }
+ leaf server-identity {
+ type snmp:admin-string;
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmAddrServerIdentity";
+ }
+ }
+
+ augment /snmp:snmp/snmp:target/snmp:transport {
+ if-feature tlstm;
+ case tls {
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTLSTCPDomain";
+ container tls {
+ uses tls-transport;
+ }
+ }
+ }
+
+ augment /snmp:snmp/snmp:target/snmp:transport {
+ if-feature tlstm;
+ case dtls {
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpDTLSUDPDomain";
+ container dtls {
+ uses tls-transport;
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-snmp-tsm@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-tsm@2014-12-10.yang
new file mode 100644
index 0000000..3bf9699
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-tsm@2014-12-10.yang
@@ -0,0 +1,116 @@
+submodule ietf-snmp-tsm {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ include ietf-snmp-common;
+ include ietf-snmp-target;
+ include ietf-snmp-proxy;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions for
+ configuring the Transport Security Model (TSM) of SNMP.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 5591: Transport Security Model for the
+ Simple Network Management Protocol (SNMP)";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ feature tsm {
+ description
+ "A server implements this feature if it supports the
+ Transport Security Model for SNMP.";
+ reference
+ "RFC 5591: Transport Security Model for the
+ Simple Network Management Protocol (SNMP)";
+ }
+ augment /snmp:snmp {
+ if-feature tsm;
+ container tsm {
+ description
+ "Configuration of the Transport Security Model.";
+
+ leaf use-prefix {
+ type boolean;
+ default false;
+ reference
+ "RFC 5591: Transport Security Model for the Simple
+ Network Management Protocol (SNMP).
+ SNMP-TSM-MIB.snmpTsmConfigurationUsePrefix";
+ }
+ }
+ }
+
+ grouping tsm-target-params {
+ container tsm {
+ description
+ "Transport-based security SNMPv3 parameters type.
+
+ Represents snmpTargetParamsMPModel '3' and
+ snmpTargetParamsSecurityModel '4'.";
+ leaf security-name {
+ type snmp:security-name;
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetParamsSecurityName";
+ }
+ leaf security-level {
+ type snmp:security-level;
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetParamsSecurityLevel";
+ }
+ }
+ }
+
+ augment /snmp:snmp/snmp:target-params/snmp:params {
+ if-feature tsm;
+ case tsm {
+ uses tsm-target-params;
+ }
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-snmp-usm@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-usm@2014-12-10.yang
new file mode 100644
index 0000000..17024a3
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-usm@2014-12-10.yang
@@ -0,0 +1,216 @@
+submodule ietf-snmp-usm {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+ import ietf-netconf-acm {
+ prefix nacm;
+ }
+
+ include ietf-snmp-common;
+ include ietf-snmp-target;
+ include ietf-snmp-proxy;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions for
+ configuring the User-based Security Model (USM) of SNMP.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 3414: User-based Security Model (USM) for version 3 of the
+ Simple Network Management Protocol (SNMPv3)";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ grouping key {
+ leaf key {
+ type yang:hex-string;
+ mandatory true;
+ nacm:default-deny-all;
+ description
+ "Localized key specified as a list of colon-specified
+ hexadecimal octets.";
+ }
+ }
+
+ grouping user-list {
+ list user {
+ key "name";
+
+ reference
+ "RFC 3414: User-based Security Model (USM) for version 3
+ of the Simple Network Management Protocol (SNMPv3).
+ SNMP-USER-BASED-SM-MIB.usmUserTable";
+
+ leaf name {
+ type snmp:identifier;
+ reference
+ "RFC 3414: User-based Security Model (USM) for version 3
+ of the Simple Network Management Protocol (SNMPv3).
+ SNMP-USER-BASED-SM-MIB.usmUserName";
+ }
+ container auth {
+ presence "enables authentication";
+ description
+ "Enables authentication of the user.";
+ choice protocol {
+ mandatory true;
+ reference
+ "RFC 3414: User-based Security Model (USM) for version 3
+ of the Simple Network Management Protocol (SNMPv3).
+ SNMP-USER-BASED-SM-MIB.usmUserAuthProtocol";
+ container md5 {
+ uses key;
+ reference
+ "RFC 3414: User-based Security Model (USM) for
+ version 3 of the Simple Network Management Protocol
+ (SNMPv3).
+ SNMP-USER-BASED-SM-MIB.usmHMACMD5AuthProtocol";
+ }
+ container sha {
+ uses key;
+ reference
+ "RFC 3414: User-based Security Model (USM) for
+ version 3 of the Simple Network Management Protocol
+ (SNMPv3).
+ SNMP-USER-BASED-SM-MIB.usmHMACSHAAuthProtocol";
+ }
+ }
+ }
+ container priv {
+ must "../auth" {
+ error-message
+ "when privacy (confidentiality) is used, "
+ + "authentication must also be used";
+ }
+ presence "enables encryption";
+ description
+ "Enables encryption of SNMP messages.";
+
+ choice protocol {
+ mandatory true;
+ reference
+ "RFC 3414: User-based Security Model (USM) for version 3
+ of the Simple Network Management Protocol (SNMPv3).
+ SNMP-USER-BASED-SM-MIB.usmUserPrivProtocol";
+ container des {
+ uses key;
+ reference
+ "RFC 3414: User-based Security Model (USM) for
+ version 3 of the Simple Network Management Protocol
+ (SNMPv3).
+ SNMP-USER-BASED-SM-MIB.usmDESPrivProtocol";
+ }
+ container aes {
+ uses key;
+
+ reference
+ "RFC 3826: The Advanced Encryption Standard (AES)
+ Cipher Algorithm in the SNMP User-based Security
+ Model.
+ SNMP-USM-AES-MIB.usmAesCfb128Protocol";
+ }
+ }
+ }
+ }
+ }
+
+ augment /snmp:snmp {
+
+ container usm {
+ description
+ "Configuration of the User-based Security Model.";
+ container local {
+ uses user-list;
+ }
+
+ list remote {
+ key "engine-id";
+
+ leaf engine-id {
+ type snmp:engine-id;
+ reference
+ "RFC 3414: User-based Security Model (USM) for version 3
+ of the Simple Network Management Protocol (SNMPv3).
+ SNMP-USER-BASED-SM-MIB.usmUserEngineID";
+ }
+
+ uses user-list;
+ }
+ }
+ }
+
+ grouping usm-target-params {
+ container usm {
+ description
+ "User-based SNMPv3 parameters type.
+
+ Represents snmpTargetParamsMPModel '3' and
+ snmpTargetParamsSecurityModel '3'.";
+ leaf user-name {
+ type snmp:security-name;
+ mandatory true;
+
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetParamsSecurityName";
+ }
+ leaf security-level {
+ type snmp:security-level;
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetParamsSecurityLevel";
+ }
+ }
+ }
+
+ augment /snmp:snmp/snmp:target-params/snmp:params {
+ case usm {
+ uses usm-target-params;
+ }
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-snmp-vacm@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-vacm@2014-12-10.yang
new file mode 100644
index 0000000..c3e659c
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-vacm@2014-12-10.yang
@@ -0,0 +1,291 @@
+submodule ietf-snmp-vacm {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ include ietf-snmp-common;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions
+ for configuring the View-based Access Control Model (VACM)
+ of SNMP.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for the
+ Simple Network Management Protocol (SNMP)";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ typedef view-name {
+ type snmp:identifier;
+ description
+ "The view-name type represents an SNMP VACM view name.";
+ }
+
+ typedef group-name {
+ type snmp:identifier;
+ description
+ "The group-name type represents an SNMP VACM group name.";
+ }
+
+ augment /snmp:snmp {
+
+ container vacm {
+ description
+ "Configuration of the View-based Access Control Model.";
+
+ list group {
+ key name;
+ description
+ "VACM groups.
+
+ This data model has a different structure than the MIB.
+ Groups are explicitly defined in this list, and group
+ members are defined in the 'member' list (mapped to
+ vacmSecurityToGroupTable), and access for the group is
+ defined in the 'access' list (mapped to
+ vacmAccessTable).";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for the
+ Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmSecurityToGroupTable
+ SNMP-VIEW-BASED-ACM-MIB.vacmAccessTable";
+
+ leaf name {
+ type group-name;
+ description
+ "The name of this VACM group.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for the
+ Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmGroupName";
+ }
+
+ list member {
+ key "security-name";
+ description
+ "A member of this VACM group.
+
+ A specific combination of security-name and
+ security-model MUST NOT be present in more than
+ one group.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for the
+ Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmSecurityToGroupTable";
+
+ leaf security-name {
+ type snmp:security-name;
+ description
+ "The securityName of a group member.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmSecurityName";
+ }
+
+ leaf-list security-model {
+ type snmp:security-model;
+ min-elements 1;
+ description
+ "The security models under which this security-name
+ is a member of this group.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmSecurityModel";
+ }
+ }
+
+ list access {
+ key "context security-model security-level";
+ description
+ "Definition of access right for groups.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmAccessTable";
+
+ leaf context {
+ type snmp:context-name;
+ description
+ "The context (prefix) under which the access rights
+ apply.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmAccessContextPrefix";
+ }
+
+ leaf context-match {
+ type enumeration {
+ enum exact { value 1; }
+ enum prefix { value 2; }
+ }
+ default exact;
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmAccessContextMatch";
+ }
+
+ leaf security-model {
+ type snmp:security-model-or-any;
+ description
+ "The security model under which the access rights
+ apply.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmAccessSecurityModel";
+ }
+
+ leaf security-level {
+ type snmp:security-level;
+ description
+ "The minimum security level under which the access
+ rights apply.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmAccessSecurityLevel";
+ }
+
+ leaf read-view {
+ type view-name;
+ description
+ "The name of the MIB view of the SNMP context
+ authorizing read access. If this leaf does not
+ exist in a configuration, it maps to a zero-length
+ vacmAccessReadViewName.
+
+ Implementations MAY restrict the values of this
+ leaf to be one of the available values of
+ /snmp/vacm/view/name in a valid configuration.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmAccessReadViewName";
+ }
+
+ leaf write-view {
+ type view-name;
+ description
+ "The name of the MIB view of the SNMP context
+ authorizing write access. If this leaf does not
+ exist in a configuration, it maps to a zero-length
+ vacmAccessWriteViewName.
+
+ Implementations MAY restrict the values of this
+ leaf to be one of the available values of
+ /snmp/vacm/view/name in a valid configuration.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmAccessWriteViewName";
+ }
+
+ leaf notify-view {
+ type view-name;
+ description
+ "The name of the MIB view of the SNMP context
+ authorizing notify access. If this leaf does not
+ exist in a configuration, it maps to a zero-length
+ vacmAccessNotifyViewName.
+
+ Implementations MAY restrict the values of this
+ leaf to be one of the available values of
+ /snmp/vacm/view/name in a valid configuration.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmAccessNotifyViewName";
+ }
+ }
+ }
+
+ list view {
+ key name;
+ description
+ "Definition of MIB views.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyTable";
+
+ leaf name {
+ type view-name;
+ description
+ "The name of this VACM MIB view.";
+
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyName";
+ }
+
+ leaf-list include {
+ type snmp:wildcard-object-identifier;
+ description
+ "A family of subtrees included in this MIB view.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilySubtree
+ SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyMask
+ SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyType";
+ }
+
+ leaf-list exclude {
+ type snmp:wildcard-object-identifier;
+ description
+ "A family of subtrees excluded from this MIB view.";
+ reference
+ "RFC 3415: View-based Access Control Model (VACM) for
+ the Simple Network Management Protocol (SNMP).
+ SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilySubtree
+ SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyMask
+ SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyType";
+ }
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-snmp@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp@2014-12-10.yang
new file mode 100644
index 0000000..60237a6
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp@2014-12-10.yang
@@ -0,0 +1,82 @@
+module ietf-snmp {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-snmp";
+ prefix snmp;
+
+ include ietf-snmp-common {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-engine {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-target {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-notification {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-proxy {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-community {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-usm {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-tsm {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-vacm {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-tls {
+ revision-date 2014-12-10;
+ }
+ include ietf-snmp-ssh {
+ revision-date 2014-12-10;
+ }
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+ description
+ "This module contains a collection of YANG definitions for
+ configuring SNMP engines.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-system@2014-08-06.yang b/models/common/src/main/yang/ietf-system@2014-08-06.yang
new file mode 100644
index 0000000..1618242
--- /dev/null
+++ b/models/common/src/main/yang/ietf-system@2014-08-06.yang
@@ -0,0 +1,800 @@
+module ietf-system {
+ namespace "urn:ietf:params:xml:ns:yang:ietf-system";
+ prefix "sys";
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ import ietf-inet-types {
+ prefix inet;
+ }
+
+ import ietf-netconf-acm {
+ prefix nacm;
+ }
+
+ import iana-crypt-hash {
+ prefix ianach;
+ }
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Andy Bierman
+ <mailto:andy@yumaworks.com>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>";
+
+ description
+ "This module contains a collection of YANG definitions for the
+ configuration and identification of some common system
+ properties within a device containing a NETCONF server. This
+ includes data node definitions for system identification,
+ time-of-day management, user management, DNS resolver
+ configuration, and some protocol operations for system
+ management.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7317; see
+ the RFC itself for full legal notices.";
+
+ revision 2014-08-06 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7317: A YANG Data Model for System Management";
+ }
+
+ /*
+ * Typedefs
+ */
+
+ typedef timezone-name {
+ type string;
+ description
+ "A time zone name as used by the Time Zone Database,
+ sometimes referred to as the 'Olson Database'.
+
+ The exact set of valid values is an implementation-specific
+ matter. Client discovery of the exact set of time zone names
+ for a particular server is out of scope.";
+ reference
+ "RFC 6557: Procedures for Maintaining the Time Zone Database";
+ }
+
+ /*
+ * Features
+ */
+
+ feature radius {
+ description
+ "Indicates that the device can be configured as a RADIUS
+ client.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
+ }
+
+ feature authentication {
+ description
+ "Indicates that the device supports configuration of
+ user authentication.";
+ }
+
+ feature local-users {
+ if-feature authentication;
+ description
+ "Indicates that the device supports configuration of
+ local user authentication.";
+ }
+
+ feature radius-authentication {
+ if-feature radius;
+ if-feature authentication;
+ description
+ "Indicates that the device supports configuration of user
+ authentication over RADIUS.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
+ RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
+ Authorization for Network Access Server (NAS)
+ Management";
+ }
+
+ feature ntp {
+ description
+ "Indicates that the device can be configured to use one or
+ more NTP servers to set the system date and time.";
+ }
+
+ feature ntp-udp-port {
+ if-feature ntp;
+ description
+ "Indicates that the device supports the configuration of
+ the UDP port for NTP servers.
+
+ This is a 'feature', since many implementations do not support
+ any port other than the default port.";
+ }
+
+ feature timezone-name {
+ description
+ "Indicates that the local time zone on the device
+ can be configured to use the TZ database
+ to set the time zone and manage daylight saving time.";
+ reference
+ "RFC 6557: Procedures for Maintaining the Time Zone Database";
+ }
+
+ feature dns-udp-tcp-port {
+ description
+ "Indicates that the device supports the configuration of
+ the UDP and TCP port for DNS servers.
+
+ This is a 'feature', since many implementations do not support
+ any port other than the default port.";
+ }
+
+ /*
+ * Identities
+ */
+
+ identity authentication-method {
+ description
+ "Base identity for user authentication methods.";
+ }
+
+ identity radius {
+ base authentication-method;
+ description
+ "Indicates user authentication using RADIUS.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
+ RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
+ Authorization for Network Access Server (NAS)
+ Management";
+ }
+
+ identity local-users {
+ base authentication-method;
+ description
+ "Indicates password-based authentication of locally
+ configured users.";
+ }
+
+ identity radius-authentication-type {
+ description
+ "Base identity for RADIUS authentication types.";
+ }
+
+ identity radius-pap {
+ base radius-authentication-type;
+ description
+ "The device requests Password Authentication Protocol (PAP)
+ authentication from the RADIUS server.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
+ }
+
+ identity radius-chap {
+ base radius-authentication-type;
+ description
+ "The device requests Challenge Handshake Authentication
+ Protocol (CHAP) authentication from the RADIUS server.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
+ }
+
+ /*
+ * Configuration data nodes
+ */
+
+ container system {
+ description
+ "System group configuration.";
+
+ leaf contact {
+ type string;
+ description
+ "The administrator contact information for the system.
+
+ A server implementation MAY map this leaf to the sysContact
+ MIB object. Such an implementation needs to use some
+ mechanism to handle the differences in size and characters
+ allowed between this leaf and sysContact. The definition of
+ such a mechanism is outside the scope of this document.";
+ reference
+ "RFC 3418: Management Information Base (MIB) for the
+ Simple Network Management Protocol (SNMP)
+ SNMPv2-MIB.sysContact";
+ }
+ leaf hostname {
+ type inet:domain-name;
+ description
+ "The name of the host. This name can be a single domain
+ label or the fully qualified domain name of the host.";
+ }
+ leaf location {
+ type string;
+ description
+ "The system location.
+
+ A server implementation MAY map this leaf to the sysLocation
+ MIB object. Such an implementation needs to use some
+ mechanism to handle the differences in size and characters
+ allowed between this leaf and sysLocation. The definition
+ of such a mechanism is outside the scope of this document.";
+ reference
+ "RFC 3418: Management Information Base (MIB) for the
+ Simple Network Management Protocol (SNMP)
+ SNMPv2-MIB.sysLocation";
+ }
+
+ container clock {
+ description
+ "Configuration of the system date and time properties.";
+
+ choice timezone {
+ description
+ "The system time zone information.";
+
+ case timezone-name {
+ if-feature timezone-name;
+ leaf timezone-name {
+ type timezone-name;
+ description
+ "The TZ database name to use for the system, such
+ as 'Europe/Stockholm'.";
+ }
+ }
+ case timezone-utc-offset {
+ leaf timezone-utc-offset {
+ type int16 {
+ range "-1500 .. 1500";
+ }
+ units "minutes";
+ description
+ "The number of minutes to add to UTC time to
+ identify the time zone for this system. For example,
+ 'UTC - 8:00 hours' would be represented as '-480'.
+ Note that automatic daylight saving time adjustment
+ is not provided if this object is used.";
+ }
+ }
+ }
+ }
+
+ container ntp {
+ if-feature ntp;
+ presence
+ "Enables the NTP client unless the 'enabled' leaf
+ (which defaults to 'true') is set to 'false'";
+ description
+ "Configuration of the NTP client.";
+
+ leaf enabled {
+ type boolean;
+ default true;
+ description
+ "Indicates that the system should attempt to
+ synchronize the system clock with an NTP server
+ from the 'ntp/server' list.";
+ }
+ list server {
+ key name;
+ description
+ "List of NTP servers to use for system clock
+ synchronization. If '/system/ntp/enabled'
+ is 'true', then the system will attempt to
+ contact and utilize the specified NTP servers.";
+
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the NTP server.";
+ }
+ choice transport {
+ mandatory true;
+ description
+ "The transport-protocol-specific parameters for this
+ server.";
+
+ case udp {
+ container udp {
+ description
+ "Contains UDP-specific configuration parameters
+ for NTP.";
+ leaf address {
+ type inet:host;
+ mandatory true;
+ description
+ "The address of the NTP server.";
+ }
+ leaf port {
+ if-feature ntp-udp-port;
+ type inet:port-number;
+ default 123;
+ description
+ "The port number of the NTP server.";
+ }
+ }
+ }
+ }
+ leaf association-type {
+ type enumeration {
+ enum server {
+ description
+ "Use client association mode. This device
+ will not provide synchronization to the
+ configured NTP server.";
+ }
+ enum peer {
+ description
+ "Use symmetric active association mode.
+ This device may provide synchronization
+ to the configured NTP server.";
+ }
+ enum pool {
+ description
+ "Use client association mode with one or
+ more of the NTP servers found by DNS
+ resolution of the domain name given by
+ the 'address' leaf. This device will not
+ provide synchronization to the servers.";
+ }
+ }
+ default server;
+ description
+ "The desired association type for this NTP server.";
+ }
+ leaf iburst {
+ type boolean;
+ default false;
+ description
+ "Indicates whether this server should enable burst
+ synchronization or not.";
+ }
+ leaf prefer {
+ type boolean;
+ default false;
+ description
+ "Indicates whether this server should be preferred
+ or not.";
+ }
+ }
+ }
+
+ container dns-resolver {
+ description
+ "Configuration of the DNS resolver.";
+
+ leaf-list search {
+ type inet:domain-name;
+ ordered-by user;
+ description
+ "An ordered list of domains to search when resolving
+ a host name.";
+ }
+ list server {
+ key name;
+ ordered-by user;
+ description
+ "List of the DNS servers that the resolver should query.
+
+ When the resolver is invoked by a calling application, it
+ sends the query to the first name server in this list. If
+ no response has been received within 'timeout' seconds,
+ the resolver continues with the next server in the list.
+ If no response is received from any server, the resolver
+ continues with the first server again. When the resolver
+ has traversed the list 'attempts' times without receiving
+ any response, it gives up and returns an error to the
+ calling application.
+
+ Implementations MAY limit the number of entries in this
+ list.";
+
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the DNS server.";
+ }
+ choice transport {
+ mandatory true;
+ description
+ "The transport-protocol-specific parameters for this
+ server.";
+
+ case udp-and-tcp {
+ container udp-and-tcp {
+ description
+ "Contains UDP- and TCP-specific configuration
+ parameters for DNS.";
+ reference
+ "RFC 1035: Domain Names - Implementation and
+ Specification
+ RFC 5966: DNS Transport over TCP - Implementation
+ Requirements";
+
+ leaf address {
+ type inet:ip-address;
+ mandatory true;
+ description
+ "The address of the DNS server.";
+ }
+ leaf port {
+ if-feature dns-udp-tcp-port;
+ type inet:port-number;
+ default 53;
+ description
+ "The UDP and TCP port number of the DNS server.";
+ }
+ }
+ }
+ }
+ }
+ container options {
+ description
+ "Resolver options. The set of available options has been
+ limited to those that are generally available across
+ different resolver implementations and generally useful.";
+ leaf timeout {
+ type uint8 {
+ range "1..max";
+ }
+ units "seconds";
+ default "5";
+ description
+ "The amount of time the resolver will wait for a
+ response from each remote name server before
+ retrying the query via a different name server.";
+ }
+ leaf attempts {
+ type uint8 {
+ range "1..max";
+ }
+ default "2";
+ description
+ "The number of times the resolver will send a query to
+ all of its name servers before giving up and returning
+ an error to the calling application.";
+ }
+ }
+ }
+
+ container radius {
+ if-feature radius;
+
+ description
+ "Configuration of the RADIUS client.";
+
+ list server {
+ key name;
+ ordered-by user;
+ description
+ "List of RADIUS servers used by the device.
+
+ When the RADIUS client is invoked by a calling
+ application, it sends the query to the first server in
+ this list. If no response has been received within
+ 'timeout' seconds, the client continues with the next
+ server in the list. If no response is received from any
+ server, the client continues with the first server again.
+ When the client has traversed the list 'attempts' times
+ without receiving any response, it gives up and returns an
+ error to the calling application.";
+
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the RADIUS server.";
+ }
+ choice transport {
+ mandatory true;
+ description
+ "The transport-protocol-specific parameters for this
+ server.";
+
+ case udp {
+ container udp {
+ description
+ "Contains UDP-specific configuration parameters
+ for RADIUS.";
+ leaf address {
+ type inet:host;
+ mandatory true;
+ description
+ "The address of the RADIUS server.";
+ }
+
+ leaf authentication-port {
+ type inet:port-number;
+ default "1812";
+ description
+ "The port number of the RADIUS server.";
+ }
+ leaf shared-secret {
+ type string;
+ mandatory true;
+ nacm:default-deny-all;
+ description
+ "The shared secret, which is known to both the
+ RADIUS client and server.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User
+ Service (RADIUS)";
+ }
+ }
+ }
+ }
+ leaf authentication-type {
+ type identityref {
+ base radius-authentication-type;
+ }
+ default radius-pap;
+ description
+ "The authentication type requested from the RADIUS
+ server.";
+ }
+ }
+ container options {
+ description
+ "RADIUS client options.";
+
+ leaf timeout {
+ type uint8 {
+ range "1..max";
+ }
+ units "seconds";
+ default "5";
+ description
+ "The number of seconds the device will wait for a
+ response from each RADIUS server before trying with a
+ different server.";
+ }
+
+ leaf attempts {
+ type uint8 {
+ range "1..max";
+ }
+ default "2";
+ description
+ "The number of times the device will send a query to
+ all of its RADIUS servers before giving up.";
+ }
+ }
+ }
+
+ container authentication {
+ nacm:default-deny-write;
+ if-feature authentication;
+
+ description
+ "The authentication configuration subtree.";
+
+ leaf-list user-authentication-order {
+ type identityref {
+ base authentication-method;
+ }
+ must '(. != "sys:radius" or ../../radius/server)' {
+ error-message
+ "When 'radius' is used, a RADIUS server"
+ + " must be configured.";
+ description
+ "When 'radius' is used as an authentication method,
+ a RADIUS server must be configured.";
+ }
+ ordered-by user;
+
+ description
+ "When the device authenticates a user with a password,
+ it tries the authentication methods in this leaf-list in
+ order. If authentication with one method fails, the next
+ method is used. If no method succeeds, the user is
+ denied access.
+
+ An empty user-authentication-order leaf-list still allows
+ authentication of users using mechanisms that do not
+ involve a password.
+
+ If the 'radius-authentication' feature is advertised by
+ the NETCONF server, the 'radius' identity can be added to
+ this list.
+
+ If the 'local-users' feature is advertised by the
+ NETCONF server, the 'local-users' identity can be
+ added to this list.";
+ }
+
+ list user {
+ if-feature local-users;
+ key name;
+ description
+ "The list of local users configured on this device.";
+
+ leaf name {
+ type string;
+ description
+ "The user name string identifying this entry.";
+ }
+ leaf password {
+ type ianach:crypt-hash;
+ description
+ "The password for this entry.";
+ }
+ list authorized-key {
+ key name;
+ description
+ "A list of public SSH keys for this user. These keys
+ are allowed for SSH authentication, as described in
+ RFC 4253.";
+ reference
+ "RFC 4253: The Secure Shell (SSH) Transport Layer
+ Protocol";
+
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the SSH key.";
+ }
+
+ leaf algorithm {
+ type string;
+ mandatory true;
+ description
+ "The public key algorithm name for this SSH key.
+
+ Valid values are the values in the IANA 'Secure Shell
+ (SSH) Protocol Parameters' registry, Public Key
+ Algorithm Names.";
+ reference
+ "IANA 'Secure Shell (SSH) Protocol Parameters'
+ registry, Public Key Algorithm Names";
+ }
+ leaf key-data {
+ type binary;
+ mandatory true;
+ description
+ "The binary public key data for this SSH key, as
+ specified by RFC 4253, Section 6.6, i.e.:
+
+ string certificate or public key format
+ identifier
+ byte[n] key/certificate data.";
+ reference
+ "RFC 4253: The Secure Shell (SSH) Transport Layer
+ Protocol";
+ }
+ }
+ }
+ }
+ }
+
+ /*
+ * Operational state data nodes
+ */
+
+ container system-state {
+ config false;
+ description
+ "System group operational state.";
+
+ container platform {
+ description
+ "Contains vendor-specific information for
+ identifying the system platform and operating system.";
+ reference
+ "IEEE Std 1003.1-2008 - sys/utsname.h";
+
+ leaf os-name {
+ type string;
+ description
+ "The name of the operating system in use -
+ for example, 'Linux'.";
+ reference
+ "IEEE Std 1003.1-2008 - utsname.sysname";
+ }
+ leaf os-release {
+ type string;
+ description
+ "The current release level of the operating
+ system in use. This string MAY indicate
+ the OS source code revision.";
+ reference
+ "IEEE Std 1003.1-2008 - utsname.release";
+ }
+ leaf os-version {
+ type string;
+ description
+ "The current version level of the operating
+ system in use. This string MAY indicate
+ the specific OS build date and target variant
+ information.";
+ reference
+ "IEEE Std 1003.1-2008 - utsname.version";
+ }
+ leaf machine {
+ type string;
+ description
+ "A vendor-specific identifier string representing
+ the hardware in use.";
+ reference
+ "IEEE Std 1003.1-2008 - utsname.machine";
+ }
+ }
+
+ container clock {
+ description
+ "Monitoring of the system date and time properties.";
+
+ leaf current-datetime {
+ type yang:date-and-time;
+ description
+ "The current system date and time.";
+ }
+
+ leaf boot-datetime {
+ type yang:date-and-time;
+ description
+ "The system date and time when the system last restarted.";
+ }
+ }
+ }
+
+ rpc set-current-datetime {
+ nacm:default-deny-all;
+ description
+ "Set the /system-state/clock/current-datetime leaf
+ to the specified value.
+
+ If the system is using NTP (i.e., /system/ntp/enabled
+ is set to 'true'), then this operation will fail with
+ error-tag 'operation-failed' and error-app-tag value of
+ 'ntp-active'.";
+ input {
+ leaf current-datetime {
+ type yang:date-and-time;
+ mandatory true;
+ description
+ "The current system date and time.";
+ }
+ }
+ }
+
+ rpc system-restart {
+ nacm:default-deny-all;
+ description
+ "Request that the entire system be restarted immediately.
+ A server SHOULD send an rpc reply to the client before
+ restarting the system.";
+ }
+
+ rpc system-shutdown {
+ nacm:default-deny-all;
+ description
+ "Request that the entire system be shut down immediately.
+ A server SHOULD send an rpc reply to the client before
+ shutting down the system.";
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-template@2010-05-18.yang b/models/common/src/main/yang/ietf-template@2010-05-18.yang
new file mode 100644
index 0000000..873b995
--- /dev/null
+++ b/models/common/src/main/yang/ietf-template@2010-05-18.yang
@@ -0,0 +1,83 @@
+module ietf-template {
+
+ // replace this string with a unique namespace URN value
+ namespace
+ "urn:ietf:params:xml:ns:yang:ietf-template";
+
+ // replace this string, and try to pick a unique prefix
+ prefix "temp";
+
+ // import statements here: e.g.,
+ // import ietf-yang-types { prefix yang; }
+ // import ietf-inet-types { prefix inet; }
+
+ // identify the IETF working group if applicable
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ // update this contact statement with your info
+ contact
+ "WG Web: <http://tools.ietf.org/wg/your-wg-name/>
+ WG List: <mailto:your-wg-name@ietf.org>
+
+ WG Chair: your-WG-chair
+ <mailto:your-WG-chair@example.com>
+
+ Editor: your-name
+ <mailto:your-email@example.com>";
+
+ // replace the first sentence in this description statement.
+ // replace the copyright notice with the most recent
+ // version, if it has been updated since the publication
+ // of this document
+ description
+ "This module defines a template for other YANG modules.
+
+ Copyright (c) <insert year> IETF Trust and the persons
+ identified as authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC XXXX; see
+ the RFC itself for full legal notices.";
+
+ // RFC Ed.: replace XXXX with actual RFC number and remove this note
+
+ reference "RFC XXXX";
+
+ // RFC Ed.: remove this note
+ // Note: extracted from RFC 6087
+
+ // replace '2010-05-18' with the module publication date
+ // The format is (year-month-day)
+ revision "2010-05-18" {
+ description
+ "Initial version";
+ }
+
+ // extension statements
+
+ // feature statements
+
+ // identity statements
+
+ // typedef statements
+
+ // grouping statements
+
+ // data definition statements
+
+ // augment statements
+
+ // rpc statements
+
+ // notification statements
+
+ // DO NOT put deviation statements in a published module
+
+}
diff --git a/models/common/src/main/yang/ietf-x509-cert-to-name@2014-12-10.yang b/models/common/src/main/yang/ietf-x509-cert-to-name@2014-12-10.yang
new file mode 100644
index 0000000..cbc9be2
--- /dev/null
+++ b/models/common/src/main/yang/ietf-x509-cert-to-name@2014-12-10.yang
@@ -0,0 +1,303 @@
+module ietf-x509-cert-to-name {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name";
+ prefix x509c2n;
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This module contains a collection of YANG definitions for
+ extracting a name from an X.509 certificate.
+ The algorithm used to extract a name from an X.509 certificate
+ was first defined in RFC 6353.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model for
+ the Simple Network Management Protocol (SNMP)";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+
+ }
+
+ typedef tls-fingerprint {
+ type yang:hex-string {
+ pattern '([0-9a-fA-F]){2}(:([0-9a-fA-F]){2}){0,254}';
+ }
+ description
+ "A fingerprint value that can be used to uniquely reference
+ other data of potentially arbitrary length.
+
+ A tls-fingerprint value is composed of a 1-octet hashing
+ algorithm identifier followed by the fingerprint value. The
+ first octet value identifying the hashing algorithm is taken
+ from the IANA 'TLS HashAlgorithm Registry' (RFC 5246). The
+ remaining octets are filled using the results of the hashing
+ algorithm.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.SnmpTLSFingerprint";
+ }
+
+ /* Identities */
+
+ identity cert-to-name {
+ description
+ "Base identity for algorithms to derive a name from a
+ certificate.";
+ }
+
+ identity specified {
+ base cert-to-name;
+ description
+ "Directly specifies the name to be used for the certificate.
+ The value of the leaf 'name' in the cert-to-name list is
+ used.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertSpecified";
+ }
+
+ identity san-rfc822-name {
+ base cert-to-name;
+ description
+ "Maps a subjectAltName's rfc822Name to a name. The local part
+ of the rfc822Name is passed unaltered, but the host-part of
+ the name must be passed in lowercase. For example, the
+ rfc822Name field FooBar@Example.COM is mapped to name
+ FooBar@example.com.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertSANRFC822Name";
+ }
+
+ identity san-dns-name {
+ base cert-to-name;
+ description
+ "Maps a subjectAltName's dNSName to a name after first
+ converting it to all lowercase (RFC 5280 does not specify
+ converting to lowercase, so this involves an extra step).
+ This mapping results in a 1:1 correspondence between
+ subjectAltName dNSName values and the name values.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertSANDNSName";
+ }
+
+ identity san-ip-address {
+ base cert-to-name;
+ description
+ "Maps a subjectAltName's iPAddress to a name by
+ transforming the binary-encoded address as follows:
+
+ 1) for IPv4, the value is converted into a
+ decimal-dotted quad address (e.g., '192.0.2.1').
+
+ 2) for IPv6 addresses, the value is converted into a
+ 32-character, all-lowercase hexadecimal string
+ without any colon separators.
+
+ This mapping results in a 1:1 correspondence between
+ subjectAltName iPAddress values and the name values.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertSANIpAddress";
+ }
+
+ identity san-any {
+ base cert-to-name;
+ description
+ "Maps any of the following fields using the corresponding
+ mapping algorithms:
+
+ +------------+-----------------+
+ | Type | Algorithm |
+ |------------+-----------------|
+ | rfc822Name | san-rfc822-name |
+ | dNSName | san-dns-name |
+ | iPAddress | san-ip-address |
+ +------------+-----------------+
+
+ The first matching subjectAltName value found in the
+ certificate of the above types MUST be used when deriving
+ the name. The mapping algorithm specified in the
+ 'Algorithm' column MUST be used to derive the name.
+
+ This mapping results in a 1:1 correspondence between
+ subjectAltName values and name values. The three sub-mapping
+ algorithms produced by this combined algorithm cannot produce
+ conflicting results between themselves.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertSANAny";
+ }
+
+ identity common-name {
+ base cert-to-name;
+ description
+ "Maps a certificate's CommonName to a name after converting
+ it to a UTF-8 encoding. The usage of CommonNames is
+ deprecated, and users are encouraged to use subjectAltName
+ mapping methods instead. This mapping results in a 1:1
+ correspondence between certificate CommonName values and name
+ values.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertCommonName";
+ }
+
+ /*
+ * Groupings
+ */
+
+ grouping cert-to-name {
+ description
+ "Defines nodes for mapping certificates to names. Modules
+ that use this grouping should describe how the resulting
+ name is used.";
+
+ list cert-to-name {
+ key id;
+ description
+ "This list defines how certificates are mapped to names.
+ The name is derived by considering each cert-to-name
+ list entry in order. The cert-to-name entry's fingerprint
+ determines whether the list entry is a match:
+
+ 1) If the cert-to-name list entry's fingerprint value
+ matches that of the presented certificate, then consider
+ the list entry a successful match.
+
+ 2) If the cert-to-name list entry's fingerprint value
+ matches that of a locally held copy of a trusted CA
+ certificate, and that CA certificate was part of the CA
+ certificate chain to the presented certificate, then
+ consider the list entry a successful match.
+
+ Once a matching cert-to-name list entry has been found, the
+ map-type is used to determine how the name associated with
+ the certificate should be determined. See the map-type
+ leaf's description for details on determining the name value.
+ If it is impossible to determine a name from the cert-to-name
+ list entry's data combined with the data presented in the
+ certificate, then additional cert-to-name list entries MUST
+ be searched to look for another potential match.
+
+ Security administrators are encouraged to make use of
+ certificates with subjectAltName fields that can be mapped to
+ names so that a single root CA certificate can allow all
+ child certificates' subjectAltName fields to map directly to
+ a name via a 1:1 transformation.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertToTSNEntry";
+
+ leaf id {
+ type uint32;
+ description
+ "The id specifies the order in which the entries in the
+ cert-to-name list are searched. Entries with lower
+ numbers are searched first.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol
+ (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertToTSNID";
+ }
+
+ leaf fingerprint {
+ type x509c2n:tls-fingerprint;
+ mandatory true;
+ description
+ "Specifies a value with which the fingerprint of the
+ full certificate presented by the peer is compared. If
+ the fingerprint of the full certificate presented by the
+ peer does not match the fingerprint configured, then the
+ entry is skipped, and the search for a match continues.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol
+ (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertToTSNFingerprint";
+ }
+
+ leaf map-type {
+ type identityref {
+ base cert-to-name;
+ }
+ mandatory true;
+ description
+ "Specifies the algorithm used to map the certificate
+ presented by the peer to a name.
+
+ Mappings that need additional configuration objects should
+ use the 'when' statement to make them conditional based on
+ the map-type.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol
+ (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertToTSNMapType";
+ }
+
+ leaf name {
+ when "../map-type = 'x509c2n:specified'";
+ type string;
+ mandatory true;
+ description
+ "Directly specifies the NETCONF username when the
+ map-type is 'specified'.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol
+ (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmCertToTSNData";
+ }
+ }
+ }
+}
diff --git a/models/common/src/main/yang/ietf-yang-library@2016-06-21.yang b/models/common/src/main/yang/ietf-yang-library@2016-06-21.yang
new file mode 100644
index 0000000..e6221a6
--- /dev/null
+++ b/models/common/src/main/yang/ietf-yang-library@2016-06-21.yang
@@ -0,0 +1,244 @@
+module ietf-yang-library {
+ namespace "urn:ietf:params:xml:ns:yang:ietf-yang-library";
+ prefix "yanglib";
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+ import ietf-inet-types {
+ prefix inet;
+ }
+
+ organization
+ "IETF NETCONF (Network Configuration) Working Group";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netconf/>
+ WG List: <mailto:netconf@ietf.org>
+
+ WG Chair: Mehmet Ersue
+ <mailto:mehmet.ersue@nsn.com>
+
+ WG Chair: Mahesh Jethanandani
+ <mailto:mjethanandani@gmail.com>
+
+ Editor: Andy Bierman
+ <mailto:andy@yumaworks.com>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Kent Watsen
+ <mailto:kwatsen@juniper.net>";
+
+ description
+ "This module contains monitoring information about the YANG
+ modules and submodules that are used within a YANG-based
+ server.
+
+ Copyright (c) 2016 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7895; see
+ the RFC itself for full legal notices.";
+
+ revision 2016-06-21 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7895: YANG Module Library.";
+ }
+
+ /*
+ * Typedefs
+ */
+
+ typedef revision-identifier {
+ type string {
+ pattern '\d{4}-\d{2}-\d{2}';
+ }
+ description
+ "Represents a specific date in YYYY-MM-DD format.";
+ }
+
+ /*
+ * Groupings
+ */
+
+ grouping module-list {
+ description
+ "The module data structure is represented as a grouping
+ so it can be reused in configuration or another monitoring
+ data structure.";
+
+ grouping common-leafs {
+ description
+ "Common parameters for YANG modules and submodules.";
+
+ leaf name {
+ type yang:yang-identifier;
+ description
+ "The YANG module or submodule name.";
+ }
+ leaf revision {
+ type union {
+ type revision-identifier;
+ type string { length 0; }
+ }
+ description
+ "The YANG module or submodule revision date.
+ A zero-length string is used if no revision statement
+ is present in the YANG module or submodule.";
+ }
+ }
+
+ grouping schema-leaf {
+ description
+ "Common schema leaf parameter for modules and submodules.";
+
+ leaf schema {
+ type inet:uri;
+ description
+ "Contains a URL that represents the YANG schema
+ resource for this module or submodule.
+
+ This leaf will only be present if there is a URL
+ available for retrieval of the schema for this entry.";
+ }
+ }
+
+ list module {
+ key "name revision";
+ description
+ "Each entry represents one revision of one module
+ currently supported by the server.";
+
+ uses common-leafs;
+ uses schema-leaf;
+
+ leaf namespace {
+ type inet:uri;
+ mandatory true;
+ description
+ "The XML namespace identifier for this module.";
+ }
+ leaf-list feature {
+ type yang:yang-identifier;
+ description
+ "List of YANG feature names from this module that are
+ supported by the server, regardless of whether they are
+ defined in the module or any included submodule.";
+ }
+ list deviation {
+ key "name revision";
+ description
+ "List of YANG deviation module names and revisions
+ used by this server to modify the conformance of
+ the module associated with this entry. Note that
+ the same module can be used for deviations for
+ multiple modules, so the same entry MAY appear
+ within multiple 'module' entries.
+
+ The deviation module MUST be present in the 'module'
+ list, with the same name and revision values.
+ The 'conformance-type' value will be 'implement' for
+ the deviation module.";
+ uses common-leafs;
+ }
+ leaf conformance-type {
+ type enumeration {
+ enum implement {
+ description
+ "Indicates that the server implements one or more
+ protocol-accessible objects defined in the YANG module
+ identified in this entry. This includes deviation
+ statements defined in the module.
+
+ For YANG version 1.1 modules, there is at most one
+ module entry with conformance type 'implement' for a
+ particular module name, since YANG 1.1 requires that,
+ at most, one revision of a module is implemented.
+
+ For YANG version 1 modules, there SHOULD NOT be more
+ than one module entry for a particular module name.";
+ }
+ enum import {
+ description
+ "Indicates that the server imports reusable definitions
+ from the specified revision of the module but does
+ not implement any protocol-accessible objects from
+ this revision.
+
+ Multiple module entries for the same module name MAY
+ exist. This can occur if multiple modules import the
+ same module but specify different revision dates in
+ the import statements.";
+ }
+ }
+ mandatory true;
+ description
+ "Indicates the type of conformance the server is claiming
+ for the YANG module identified by this entry.";
+ }
+ list submodule {
+ key "name revision";
+ description
+ "Each entry represents one submodule within the
+ parent module.";
+ uses common-leafs;
+ uses schema-leaf;
+ }
+ }
+ }
+
+ /*
+ * Operational state data nodes
+ */
+
+ container modules-state {
+ config false;
+ description
+ "Contains YANG module monitoring information.";
+
+ leaf module-set-id {
+ type string;
+ mandatory true;
+ description
+ "Contains a server-specific identifier representing
+ the current set of modules and submodules. The
+ server MUST change the value of this leaf if the
+ information represented by the 'module' list instances
+ has changed.";
+ }
+
+ uses module-list;
+ }
+
+ /*
+ * Notifications
+ */
+
+ notification yang-library-change {
+ description
+ "Generated when the set of modules and submodules supported
+ by the server has changed.";
+ leaf module-set-id {
+ type leafref {
+ path "/yanglib:modules-state/yanglib:module-set-id";
+ }
+ mandatory true;
+ description
+ "Contains the module-set-id value representing the
+ set of modules and submodules supported at the server at
+ the time the notification is generated.";
+ }
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-yang-smiv2@2012-06-22.yang b/models/common/src/main/yang/ietf-yang-smiv2@2012-06-22.yang
new file mode 100644
index 0000000..5127e22
--- /dev/null
+++ b/models/common/src/main/yang/ietf-yang-smiv2@2012-06-22.yang
@@ -0,0 +1,146 @@
+module ietf-yang-smiv2 {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-yang-smiv2";
+ prefix "smiv2";
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: David Kessens
+ <mailto:david.kessens@nsn.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This module defines YANG extensions that are used to translate
+ SMIv2 concepts into YANG.
+
+ Copyright (c) 2012 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6643; see
+ the RFC itself for full legal notices.";
+
+ revision 2012-06-22 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 6643: Translation of Structure of Management Information
+ Version 2 (SMIv2) MIB Modules to YANG Modules";
+ }
+
+ identity object-identity {
+ description
+ "Base identity for all SMIv2 OBJECT-IDENTITYs.";
+ }
+
+ typedef opaque {
+ type binary;
+ description
+ "The Opaque type supports the capability to pass arbitrary ASN.1
+ syntax. A value is encoded using the ASN.1 Basic Encoding Rules
+ into a string of octets. This, in turn, is encoded as an OCTET
+ STRING, in effect 'double-wrapping' the original ASN.1 value.
+
+ In the value set and its semantics, this type is equivalent to
+ the Opaque type of the SMIv2. This type exists in the SMIv2
+ solely for backward-compatibility reasons and this is also
+ true for this YANG data type.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2 (SMIv2)";
+ }
+
+ extension display-hint {
+ argument "format";
+ description
+ "The display-hint statement takes as an argument the DISPLAY-HINT
+ assigned to an SMIv2 textual convention.";
+ reference
+ "RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ extension max-access {
+ argument "access";
+ description
+ "The max-access statement takes as an argument the MAX-ACCESS
+ assigned to an SMIv2 object definition.
+
+ The MAX-ACCESS value is SMIv2 specific and has no impact on
+ the access provided to YANG objects through protocols such
+ as NETCONF.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2 (SMIv2)";
+ }
+
+ extension defval {
+ argument "value";
+ description
+ "The defval statement takes as an argument a default value
+ defined by an SMIv2 DEFVAL clause. Note that the value is in
+ the SMIv2 value space defined by the SMIv2 syntax of the
+ corresponding object and not in the YANG value space
+ defined by the corresponding YANG data type.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2 (SMIv2)";
+ }
+
+ extension implied {
+ argument "index";
+ description
+ "If an SMIv2 INDEX object is preceded by the IMPLIED keyword, then
+ the implied statement is present in the YANG module and takes as
+ an argument the name of the IMPLIED index object.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2 (SMIv2)";
+ }
+
+ extension alias {
+ argument "descriptor";
+ description
+ "The alias statement introduces an SMIv2 descriptor. The body of
+ the alias statement is expected to contain an oid statement that
+ provides the numeric OID associated with the descriptor.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2 (SMIv2)";
+ }
+
+ extension oid {
+ argument "value";
+ description
+ "The oid statement takes as an argument the object identifier
+ assigned to an SMIv2 definition. The object identifier value
+ is written in decimal dotted notation.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2 (SMIv2)";
+ }
+
+ extension subid {
+ argument "value";
+ description
+ "The subid statement takes as an argument the last sub-identifier
+ of the object identifier assigned to an SMIv2 definition. The
+ sub-identifier value is a single positive decimal natural number.
+ The subid statement may not be used as a substatement to any
+ top-level node in a YANG document. The subid substatement may
+ be used only as a substatement to a node having a parent node
+ defined with either an smiv2:oid or smiv2:subid substatement.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2 (SMIv2)";
+ }
+
+}
diff --git a/models/common/src/main/yang/ietf-yang-types@2013-07-15.yang b/models/common/src/main/yang/ietf-yang-types@2013-07-15.yang
new file mode 100644
index 0000000..ee58fa3
--- /dev/null
+++ b/models/common/src/main/yang/ietf-yang-types@2013-07-15.yang
@@ -0,0 +1,474 @@
+module ietf-yang-types {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-yang-types";
+ prefix "yang";
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: David Kessens
+ <mailto:david.kessens@nsn.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This module contains a collection of generally useful derived
+ YANG data types.
+
+ Copyright (c) 2013 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6991; see
+ the RFC itself for full legal notices.";
+
+ revision 2013-07-15 {
+ description
+ "This revision adds the following new data types:
+ - yang-identifier
+ - hex-string
+ - uuid
+ - dotted-quad";
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+
+ revision 2010-09-24 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 6021: Common YANG Data Types";
+ }
+
+ /*** collection of counter and gauge types ***/
+
+ typedef counter32 {
+ type uint32;
+ description
+ "The counter32 type represents a non-negative integer
+ that monotonically increases until it reaches a
+ maximum value of 2^32-1 (4294967295 decimal), when it
+ wraps around and starts increasing again from zero.
+
+ Counters have no defined 'initial' value, and thus, a
+ single value of a counter has (in general) no information
+ content. Discontinuities in the monotonically increasing
+ value normally occur at re-initialization of the
+ management system, and at other times as specified in the
+ description of a schema node using this type. If such
+ other times can occur, for example, the creation of
+ a schema node of type counter32 at times other than
+ re-initialization, then a corresponding schema node
+ should be defined, with an appropriate type, to indicate
+ the last discontinuity.
+
+ The counter32 type should not be used for configuration
+ schema nodes. A default statement SHOULD NOT be used in
+ combination with the type counter32.
+
+ In the value set and its semantics, this type is equivalent
+ to the Counter32 type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef zero-based-counter32 {
+ type yang:counter32;
+ default "0";
+ description
+ "The zero-based-counter32 type represents a counter32
+ that has the defined 'initial' value zero.
+
+ A schema node of this type will be set to zero (0) on creation
+ and will thereafter increase monotonically until it reaches
+ a maximum value of 2^32-1 (4294967295 decimal), when it
+ wraps around and starts increasing again from zero.
+
+ Provided that an application discovers a new schema node
+ of this type within the minimum time to wrap, it can use the
+ 'initial' value as a delta. It is important for a management
+ station to be aware of this minimum time and the actual time
+ between polls, and to discard data if the actual time is too
+ long or there is no defined minimum time.
+
+ In the value set and its semantics, this type is equivalent
+ to the ZeroBasedCounter32 textual convention of the SMIv2.";
+ reference
+ "RFC 4502: Remote Network Monitoring Management Information
+ Base Version 2";
+ }
+
+ typedef counter64 {
+ type uint64;
+ description
+ "The counter64 type represents a non-negative integer
+ that monotonically increases until it reaches a
+ maximum value of 2^64-1 (18446744073709551615 decimal),
+ when it wraps around and starts increasing again from zero.
+
+ Counters have no defined 'initial' value, and thus, a
+ single value of a counter has (in general) no information
+ content. Discontinuities in the monotonically increasing
+ value normally occur at re-initialization of the
+ management system, and at other times as specified in the
+ description of a schema node using this type. If such
+ other times can occur, for example, the creation of
+ a schema node of type counter64 at times other than
+ re-initialization, then a corresponding schema node
+ should be defined, with an appropriate type, to indicate
+ the last discontinuity.
+
+ The counter64 type should not be used for configuration
+ schema nodes. A default statement SHOULD NOT be used in
+ combination with the type counter64.
+
+ In the value set and its semantics, this type is equivalent
+ to the Counter64 type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef zero-based-counter64 {
+ type yang:counter64;
+ default "0";
+ description
+ "The zero-based-counter64 type represents a counter64 that
+ has the defined 'initial' value zero.
+
+ A schema node of this type will be set to zero (0) on creation
+ and will thereafter increase monotonically until it reaches
+ a maximum value of 2^64-1 (18446744073709551615 decimal),
+ when it wraps around and starts increasing again from zero.
+
+ Provided that an application discovers a new schema node
+ of this type within the minimum time to wrap, it can use the
+ 'initial' value as a delta. It is important for a management
+ station to be aware of this minimum time and the actual time
+ between polls, and to discard data if the actual time is too
+ long or there is no defined minimum time.
+
+ In the value set and its semantics, this type is equivalent
+ to the ZeroBasedCounter64 textual convention of the SMIv2.";
+ reference
+ "RFC 2856: Textual Conventions for Additional High Capacity
+ Data Types";
+ }
+
+ typedef gauge32 {
+ type uint32;
+ description
+ "The gauge32 type represents a non-negative integer, which
+ may increase or decrease, but shall never exceed a maximum
+ value, nor fall below a minimum value. The maximum value
+ cannot be greater than 2^32-1 (4294967295 decimal), and
+ the minimum value cannot be smaller than 0. The value of
+ a gauge32 has its maximum value whenever the information
+ being modeled is greater than or equal to its maximum
+ value, and has its minimum value whenever the information
+ being modeled is smaller than or equal to its minimum value.
+ If the information being modeled subsequently decreases
+ below (increases above) the maximum (minimum) value, the
+ gauge32 also decreases (increases).
+
+ In the value set and its semantics, this type is equivalent
+ to the Gauge32 type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef gauge64 {
+ type uint64;
+ description
+ "The gauge64 type represents a non-negative integer, which
+ may increase or decrease, but shall never exceed a maximum
+ value, nor fall below a minimum value. The maximum value
+ cannot be greater than 2^64-1 (18446744073709551615), and
+ the minimum value cannot be smaller than 0. The value of
+ a gauge64 has its maximum value whenever the information
+ being modeled is greater than or equal to its maximum
+ value, and has its minimum value whenever the information
+ being modeled is smaller than or equal to its minimum value.
+ If the information being modeled subsequently decreases
+ below (increases above) the maximum (minimum) value, the
+ gauge64 also decreases (increases).
+
+ In the value set and its semantics, this type is equivalent
+ to the CounterBasedGauge64 SMIv2 textual convention defined
+ in RFC 2856";
+ reference
+ "RFC 2856: Textual Conventions for Additional High Capacity
+ Data Types";
+ }
+
+ /*** collection of identifier-related types ***/
+
+ typedef object-identifier {
+ type string {
+ pattern '(([0-1](\.[1-3]?[0-9]))|(2\.(0|([1-9]\d*))))'
+ + '(\.(0|([1-9]\d*)))*';
+ }
+ description
+ "The object-identifier type represents administratively
+ assigned names in a registration-hierarchical-name tree.
+
+ Values of this type are denoted as a sequence of numerical
+ non-negative sub-identifier values. Each sub-identifier
+ value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers
+ are separated by single dots and without any intermediate
+ whitespace.
+
+ The ASN.1 standard restricts the value space of the first
+ sub-identifier to 0, 1, or 2. Furthermore, the value space
+ of the second sub-identifier is restricted to the range
+ 0 to 39 if the first sub-identifier is 0 or 1. Finally,
+ the ASN.1 standard requires that an object identifier
+ has always at least two sub-identifiers. The pattern
+ captures these restrictions.
+
+ Although the number of sub-identifiers is not limited,
+ module designers should realize that there may be
+ implementations that stick with the SMIv2 limit of 128
+ sub-identifiers.
+
+ This type is a superset of the SMIv2 OBJECT IDENTIFIER type
+ since it is not restricted to 128 sub-identifiers. Hence,
+ this type SHOULD NOT be used to represent the SMIv2 OBJECT
+ IDENTIFIER type; the object-identifier-128 type SHOULD be
+ used instead.";
+ reference
+ "ISO9834-1: Information technology -- Open Systems
+ Interconnection -- Procedures for the operation of OSI
+ Registration Authorities: General procedures and top
+ arcs of the ASN.1 Object Identifier tree";
+ }
+
+ typedef object-identifier-128 {
+ type object-identifier {
+ pattern '\d*(\.\d*){1,127}';
+ }
+ description
+ "This type represents object-identifiers restricted to 128
+ sub-identifiers.
+
+ In the value set and its semantics, this type is equivalent
+ to the OBJECT IDENTIFIER type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef yang-identifier {
+ type string {
+ length "1..max";
+ pattern '[a-zA-Z_][a-zA-Z0-9\-_.]*';
+ pattern '.|..|[^xX].*|.[^mM].*|..[^lL].*';
+ }
+ description
+ "A YANG identifier string as defined by the 'identifier'
+ rule in Section 12 of RFC 6020. An identifier must
+ start with an alphabetic character or an underscore
+ followed by an arbitrary sequence of alphabetic or
+ numeric characters, underscores, hyphens, or dots.
+
+ A YANG identifier MUST NOT start with any possible
+ combination of the lowercase or uppercase character
+ sequence 'xml'.";
+ reference
+ "RFC 6020: YANG - A Data Modeling Language for the Network
+ Configuration Protocol (NETCONF)";
+ }
+
+ /*** collection of types related to date and time***/
+
+ typedef date-and-time {
+ type string {
+ pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?'
+ + '(Z|[\+\-]\d{2}:\d{2})';
+ }
+ description
+ "The date-and-time type is a profile of the ISO 8601
+ standard for representation of dates and times using the
+ Gregorian calendar. The profile is defined by the
+ date-time production in Section 5.6 of RFC 3339.
+
+ The date-and-time type is compatible with the dateTime XML
+ schema type with the following notable exceptions:
+
+ (a) The date-and-time type does not allow negative years.
+
+ (b) The date-and-time time-offset -00:00 indicates an unknown
+ time zone (see RFC 3339) while -00:00 and +00:00 and Z
+ all represent the same time zone in dateTime.
+
+ (c) The canonical format (see below) of data-and-time values
+ differs from the canonical format used by the dateTime XML
+ schema type, which requires all times to be in UTC using
+ the time-offset 'Z'.
+
+ This type is not equivalent to the DateAndTime textual
+ convention of the SMIv2 since RFC 3339 uses a different
+ separator between full-date and full-time and provides
+ higher resolution of time-secfrac.
+
+ The canonical format for date-and-time values with a known time
+ zone uses a numeric time zone offset that is calculated using
+ the device's configured known offset to UTC time. A change of
+ the device's offset to UTC time will cause date-and-time values
+ to change accordingly. Such changes might happen periodically
+ in case a server follows automatically daylight saving time
+ (DST) time zone offset changes. The canonical format for
+ date-and-time values with an unknown time zone (usually
+ referring to the notion of local time) uses the time-offset
+ -00:00.";
+ reference
+ "RFC 3339: Date and Time on the Internet: Timestamps
+ RFC 2579: Textual Conventions for SMIv2
+ XSD-TYPES: XML Schema Part 2: Datatypes Second Edition";
+ }
+
+ typedef timeticks {
+ type uint32;
+ description
+ "The timeticks type represents a non-negative integer that
+ represents the time, modulo 2^32 (4294967296 decimal), in
+ hundredths of a second between two epochs. When a schema
+ node is defined that uses this type, the description of
+ the schema node identifies both of the reference epochs.
+
+ In the value set and its semantics, this type is equivalent
+ to the TimeTicks type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef timestamp {
+ type yang:timeticks;
+ description
+ "The timestamp type represents the value of an associated
+ timeticks schema node at which a specific occurrence
+ happened. The specific occurrence must be defined in the
+ description of any schema node defined using this type. When
+ the specific occurrence occurred prior to the last time the
+ associated timeticks attribute was zero, then the timestamp
+ value is zero. Note that this requires all timestamp values
+ to be reset to zero when the value of the associated timeticks
+ attribute reaches 497+ days and wraps around to zero.
+
+ The associated timeticks schema node must be specified
+ in the description of any schema node using this type.
+
+ In the value set and its semantics, this type is equivalent
+ to the TimeStamp textual convention of the SMIv2.";
+ reference
+ "RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ /*** collection of generic address types ***/
+
+ typedef phys-address {
+ type string {
+ pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?';
+ }
+
+ description
+ "Represents media- or physical-level addresses represented
+ as a sequence octets, each octet represented by two hexadecimal
+ numbers. Octets are separated by colons. The canonical
+ representation uses lowercase characters.
+
+ In the value set and its semantics, this type is equivalent
+ to the PhysAddress textual convention of the SMIv2.";
+ reference
+ "RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ typedef mac-address {
+ type string {
+ pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}';
+ }
+ description
+ "The mac-address type represents an IEEE 802 MAC address.
+ The canonical representation uses lowercase characters.
+
+ In the value set and its semantics, this type is equivalent
+ to the MacAddress textual convention of the SMIv2.";
+ reference
+ "IEEE 802: IEEE Standard for Local and Metropolitan Area
+ Networks: Overview and Architecture
+ RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ /*** collection of XML-specific types ***/
+
+ typedef xpath1.0 {
+ type string;
+ description
+ "This type represents an XPATH 1.0 expression.
+
+ When a schema node is defined that uses this type, the
+ description of the schema node MUST specify the XPath
+ context in which the XPath expression is evaluated.";
+ reference
+ "XPATH: XML Path Language (XPath) Version 1.0";
+ }
+
+ /*** collection of string types ***/
+
+ typedef hex-string {
+ type string {
+ pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?';
+ }
+ description
+ "A hexadecimal string with octets represented as hex digits
+ separated by colons. The canonical representation uses
+ lowercase characters.";
+ }
+
+ typedef uuid {
+ type string {
+ pattern '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-'
+ + '[0-9a-fA-F]{4}-[0-9a-fA-F]{12}';
+ }
+ description
+ "A Universally Unique IDentifier in the string representation
+ defined in RFC 4122. The canonical representation uses
+ lowercase characters.
+
+ The following is an example of a UUID in string representation:
+ f81d4fae-7dec-11d0-a765-00a0c91e6bf6
+ ";
+ reference
+ "RFC 4122: A Universally Unique IDentifier (UUID) URN
+ Namespace";
+ }
+
+ typedef dotted-quad {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])';
+ }
+ description
+ "An unsigned 32-bit number expressed in the dotted-quad
+ notation, i.e., four octets written as decimal numbers
+ and separated with the '.' (full stop) character.";
+ }
+}