models/openconfig/src/main/yang/policy-forwarding/openconfig-pf-forwarding-policies.yang

submodule openconfig-pf-forwarding-policies {
  belongs-to openconfig-policy-forwarding {
    prefix "oc-pf";
  }

  import openconfig-extensions { prefix "oc-ext"; }
  import openconfig-packet-match { prefix "oc-pmatch"; }
  import ietf-yang-types { prefix "yang"; }
  import ietf-inet-types { prefix "inet"; }

  include openconfig-pf-path-groups;

  organization
    "OpenConfig working group";

  contact
    "OpenConfig working group
    www.openconfig.net";

  description
    "This submodule contains configuration and operational state
    relating to the definition of policy-forwarding policies.";

  oc-ext:openconfig-version "0.2.0";

  revision "2017-06-21" {
    description
      "Amend policy forwarding model based on ACL changes.";
    reference "0.2.0";
  }

  revision "2017-02-28" {
    description
      "Initial public release of policy forwarding.";
    reference "0.1.0";
  }

  revision "2016-11-08" {
    description
      "Initial revision";
    reference "0.0.1";
  }

  grouping pf-forwarding-policy-structural {
    description
      "Structural grouping defining forwarding policies under the
      policy- forwarding module.";

    container policies {
      description
        "Forwarding policies defined to enact policy-based forwarding
        on the local system.";

      list policy {
        key "policy-id";

        description
          "A forwarding policy is defined to have a set of match
          criteria, allowing particular fields of a packet's header to
          be matched, and a set of forwarding actions which determines
          how the local system should forward the packet.";

        leaf policy-id {
          type leafref {
            path "../config/policy-id";
          }
          description
            "Reference to the identifier for the forwarding-policy.";
        }

        container config {
          description
            "Configuration options relating to the forwarding
            policy.";
          uses pf-forwarding-policy-config;
        }

        container state {
          config false;
          description
            "Operational state parameters relating to the forwarding
            policy.";
          uses pf-forwarding-policy-config;
        }

        container rules {
          description
            "The criteria that should be matched for a packet to be
            forwarded according to the policy action.";

          list rule {
            key "sequence-id";

            description
              "A match rule for the policy. In the case that multiple
              criteria are specified within a single ";

            leaf sequence-id {
              type leafref {
                path "../config/sequence-id";
              }
              description
                "A unique sequence identifier for the match rule.";
            }

            container config {
              description
                "Configuration parameters relating to the match
                rule.";
              uses pf-forwarding-policy-rule-config;
            }

            container state {
              config false;
              description
                "Operational state parameters relating to the match
                rule.";
              uses pf-forwarding-policy-rule-config;
              uses pf-forwarding-policy-rule-state;
            }

            uses oc-pmatch:ethernet-header-top;
            uses oc-pmatch:ipv4-protocol-fields-top;
            uses oc-pmatch:ipv6-protocol-fields-top;
            uses oc-pmatch:transport-fields-top;

            container action {
              description
                "The forwarding policy action to be applied for
                packets matching the rule.";

              container config {
                description
                  "Configuration parameters relating to the forwarding
                  rule's action.";
                uses pf-forwarding-policy-action-config;
              }

              container state {
                config false;
                description
                  "Operational state parameters relating to the
                  forwarding rule's action.";
                uses pf-forwarding-policy-action-config;
              }

            }
          }
        }
      }
    }
  }

  grouping pf-forwarding-policy-config {
    description
      "Configuration parameters relating to the forwarding policy.";

    leaf policy-id {
      type string;
      description
        "A unique name identifying the forwarding policy. This name is
        used when applying the policy to a particular interface.";
    }
  }

  grouping pf-forwarding-policy-rule-config {
    description
      "Configuration parameters relating to a policy rule.";

    leaf sequence-id {
      type uint32;
      description
        "Unique sequence number for the policy rule.";
    }
  }

  grouping pf-forwarding-policy-rule-state {
    description
      "Operational state parameters relating to a policy rule.";

    leaf matched-pkts {
      type yang:counter64;
      description
        "Number of packets matched by the rule.";
    }

    leaf matched-octets {
      type yang:counter64;
      description
        "Bytes matched by the rule.";
    }
  }

  grouping pf-forwarding-policy-action-config {
    description
      "Forwarding policy action configuration parameters.";

    leaf discard {
      type boolean;
      default false;
      description
        "When this leaf is set to true, the local system should drop
        packets that match the rule.";
    }

    leaf decapsulate-gre {
      type boolean;
      default false;
      description
        "When this leaf is set to true, the local system should remove
        the GRE header from the packet matching the rule. Following
        the decapsulation it should subsequently forward the
        encapsulated packet according to the relevant lookup (e.g., if
        the encapsulated packet is IP, the packet should be routed
        according to the IP destination).";
    }

    leaf network-instance {
      type leafref {

        // We are at:
        // $NIROOT/policy-forwarding/policies/
        // policy/rules/rule/action/config/
        // network-instance
        path "../../../../../../../../config/name";
      }
      description
        "When this leaf is set, packets matching the match criteria
        for the forwarding rule should be looked up in the
        network-instance that is referenced rather than the
        network-instance with which the interface is associated.
        Such configuration allows policy-routing into multiple
        sub-topologies from a single ingress access interface, or
        different send and receive contexts for a particular
        interface (sometimes referred to as half-duplex VRF).";
    }

    leaf path-selection-group {
      type leafref {
        // We are at:
        // $NIROOT/policy-forwarding/policies/
        // policy/rules/rule/action/config/to-path-group
        path "../../../../../../../path-selection-groups/" +
             "path-selection-group/config/group-id";
      }
      description
        "When path-selection-group is set, packets matching the
        match criteria for the forwarding rule should be forwarded
        only via one of the paths that is specified within the
        referenced path-selection-group. The next-hop of the packet
        within the routing context should be used to determine between
        multiple paths that are specified within the group.";
    }

    leaf next-hop {
      type inet:ip-address-no-zone;
      description
        "When an IP next-hop is specified in the next-hop field,
        packets matching the match criteria for the forwarding rule
        should be forwarded to the next-hop IP address, bypassing any
        lookup on the local system.";
    }
  }
}