3 namespace "urn:opendaylight:params:xml:ns:yang:v3po";
6 revision "2016-12-14" {
8 "This revision adds the following new features:
9 - ingress/egress ACLs support
10 - interface-mode type as a part of ietf-acl configuration";
13 revision "2015-01-05" {
14 description "Initial revision of v3po model";
20 import ietf-interfaces {
23 import ietf-yang-types {
26 import ietf-inet-types {
35 import vpp-classifier {
36 prefix "vpp-classifier";
38 import ietf-access-control-list {
42 typedef bridge-domain-ref {
44 path "/vpp/bridge-domains/bridge-domain/name";
47 "This type is used by to reference a bridge domain table";
50 typedef bridged-virtual-interface-ref {
52 path "/if:interfaces/if:interface/l2/bridged-virtual-interface";
55 "This type is used by to reference a bridged virtual interface";
58 identity vxlan-tunnel {
59 base if:interface-type;
63 base if:interface-type;
67 base if:interface-type;
71 base if:interface-type;
74 identity l2-fib-action {
75 description "Base identity for l2-fib actions";
78 identity l2-fib-forward {
81 "Forwards packet with configured mac address";
84 identity l2-fib-filter {
87 "Drops packet with configured mac address";
90 typedef l2-fib-action {
94 description "Identifies a specific L2 FIB action";
98 // FIXME: should be in a vxlan-specific model
99 description "VNI used in a VXLAN tunnel";
105 typedef vhost-user-role {
112 identity vxlan-gpe-tunnel {
113 base if:interface-type;
116 typedef vxlan-gpe-vni {
117 description "VNI used in a VXLAN-GPE tunnel";
123 typedef vxlan-gpe-next-protocol {
140 typedef interface-mode {
147 grouping bridge-domain-attributes {
152 "Enable/disable L2 flooding.";
158 "Enable/disable L2 forwarding.";
164 "Enable/disable L2 learning.";
166 leaf unknown-unicast-flood {
170 leaf arp-termination {
175 container arp-termination-table {
176 when "../v3po:arp-termination = 'true'";
178 // TODO(HONEYCOMB-133): add support for read (after VPP-230 is done)
179 list arp-termination-table-entry {
180 key "ip-address phys-address";
182 // FIXME: change to ip-address-no-zone after https://bugs.opendaylight.org/show_bug.cgi?id=6413 is resolved
183 type inet:ip-address;
186 type yang:phys-address;
192 // TODO express constraints for L2 FIB entries in YANG if possible
193 grouping l2-fib-attributes {
194 container l2-fib-table {
199 type yang:phys-address;
202 leaf outgoing-interface {
205 // mandatory for forward action
206 // FIXME VPP's CLI does not require to set iface id for filter action
207 // VPP's binary api in constrast to CLI does some checks on the iface id value,
208 // so currently it has to be set for all actions
210 "One of interfaces assigned to the FIB table's bridge-domain.";
216 "Static entries cannot be overridden by mac learning.";
222 "L2 FIB action. For filter action, entry must be configured as static.";
224 leaf bridged-virtual-interface {
225 when "../action = 'forward'";
227 config false; // FIXME setting bvi is currently not supported by VPP's binary api
233 grouping tap-interface-base-attributes {
236 pattern "[a-zA-Z0-9\-;.+@$#^&*!_()=\[\]]*";
241 grouping tap-interface-config-attributes {
243 type yang:phys-address;
245 description "Mac address to be set for the tap interface. Random will be used if not configured";
248 leaf device-instance {
251 description "Custom device instance. Autogenerated will be used if not configured";
255 grouping ethernet-base-attributes {
263 "The size, in octets, of the largest packet that the
264 hardware interface will send and receive.";
268 grouping ethernet-state-attributes {
269 leaf manufacturer-description {
282 grouping vhost-user-interface-base-attributes {
289 type vhost-user-role;
292 description "vhost-user settings";
295 grouping vhost-user-interface-state-attributes {
300 leaf virtio-net-hdr-size {
304 leaf num-memory-regions {
314 grouping vxlan-base-attributes {
315 // FIXME: this should be in an vxlan-specific extension
318 type inet:ip-address;
322 type inet:ip-address;
333 grouping gre-base-attributes {
336 type inet:ip-address;
340 type inet:ip-address;
347 grouping vxlan-gpe-base-attributes {
350 type inet:ip-address;
354 type inet:ip-address;
361 type vxlan-gpe-next-protocol;
371 grouping l2-base-attributes {
373 "Parameters for configuring Layer2 features on interfaces.";
375 choice interconnection {
376 case xconnect-based {
377 leaf xconnect-outgoing-interface {
378 /* Don't allow selection of this interface */
379 must "../../if:name != current()";
380 type if:interface-ref; // todo use interface-state-ref for operational data?
387 type bridge-domain-ref;
390 "Interfaces in a bridge-domain forward packets to other
391 interfaces in the same bridge-domain based on
392 destination mac address.";
394 leaf split-horizon-group {
395 when "../bridge-domain";
399 default 0; //no split horizon group
401 "Interface's split-horizon group. Interfaces in the same
402 bridge-domain and split-horizon group can not forward
403 packets between each other. ";
405 leaf bridged-virtual-interface {
406 when "../bridge-domain";
410 "Interface forward packets in the bridge-domain
411 associated with the BVI.";
417 grouping proxy-arp-attributes {
419 "Parameters for configuring Proxy ARP on interfaces.";
426 type inet:ipv4-address;
429 type inet:ipv4-address;
433 grouping acl-base-attributes {
435 "Defines references to classify tables.
436 At least one table reference should be specified.";
438 leaf classify-table {
439 type vpp-classifier:classify-table-ref;
445 leaf classify-table {
446 type vpp-classifier:classify-table-ref;
452 leaf classify-table {
453 type vpp-classifier:classify-table-ref;
460 grouping ietf-acl-base-attributes {
462 "Provides limited support for ietf-acl model.";
464 container access-lists {
466 "Defines references to ietf-acl lists. Before assignment to interface,
467 ACL lists are merged into 3 type of acls (eth0, ip4 and ip6) that are supported by vpp.
468 Then corresponding tables and sessions are created and assigned to the interface.
470 All ACEs for all assigned ACLs have to use the same packet-handling action (either deny or parmit).
472 Assignment update/delete removes all created tables and sessions and repeats process described above.
473 Update/delete of ACL lists referenced here is not permitted (assignment needs to be removed first).
475 Read is supported only for acls that were created and assigned by Honeycomb agent
476 (corresponding metadata are present).
478 Limitations (due to vpp limitations):
479 - egress rules are currently ignored (HONEYCOMB-234)
480 - L4 rules are currently not supported (limited support will by provided by HONEYCOMB-218)
481 - mixing L2/L3/L4 rules is currently not supported (limited support will by provided by HONEYCOMB-233)
482 - L2 only rules on L3 interfaces are not supported (not allowed by vpp,
483 in the future defining L2/L3 pairs should be partially supported)
484 - vlan tags are supported only for sub-interfaces defined as exact-match";
493 type acl:access-control-list-ref;
501 "The way ACLs are translated depends on the interface mode.
502 In case of L2 interfaces (bridge/interconnection)
503 classify tables are assigned as l2_table using input_acl_set_interface (ether type matching is automatically
504 added in case of L3 rules).
505 In case of L3 interfaces, classify tables are assigned as ip4/ip6 tables.
507 It is the user responsibility to choose mode that matches target interface.
513 augment /if:interfaces/if:interface {
514 ext:augment-identifier "vpp-interface-augmentation";
516 // FIXME using ietf-interfaces model for vpp interfaces makes it hard to implement because:
517 // 1. The link between interface type and this augmentation is unclear
518 // 2. Only this augmentation with combination of ifc type is trigger to do something for vpp, what if user only configures base interface stuff ? + We need to get leaves defined by ietf-interfaces when we are processing this augment
519 // 3. The ietf-interfaces model does not define groupings which makes types reuse difficult
522 when "../if:type = 'v3po:tap'";
523 uses tap-interface-base-attributes;
524 uses tap-interface-config-attributes;
528 when "../if:type = 'ianaift:ethernetCsmacd'";
529 uses ethernet-base-attributes;
533 leaf vrf-id { // todo no routing info for oper, is it possible to get it from the vpp?
539 container vhost-user {
540 when "../if:type = 'v3po:vhost-user'";
541 uses vhost-user-interface-base-attributes;
545 when "../if:type = 'v3po:vxlan-tunnel'";
546 uses vxlan-base-attributes;
550 when "../if:type = 'v3po:gre-tunnel'";
551 uses gre-base-attributes;
555 must "(not (../if:ipv4[if:enabled = 'true']/if:address/if:ip) and " +
556 "not (../if:ipv6[if:enabled = 'true']/if:address/if:ip))";
558 uses l2-base-attributes;
561 container vxlan-gpe {
562 when "../if:type = 'v3po:vxlan-gpe-tunnel'";
564 uses vxlan-gpe-base-attributes;
567 container proxy-arp {
568 uses proxy-arp-attributes;
573 uses acl-base-attributes;
576 uses acl-base-attributes;
582 uses ietf-acl-base-attributes;
585 uses ietf-acl-base-attributes;
594 container bridge-domains {
602 uses bridge-domain-attributes;
603 uses l2-fib-attributes;
606 "bridge-domain configuration";
611 augment /if:interfaces-state/if:interface {
612 ext:augment-identifier "vpp-interface-state-augmentation";
619 when "../if:type = 'v3po:tap'";
620 uses tap-interface-base-attributes;
624 when "../if:type = 'ianaift:ethernetCsmacd'";
625 uses ethernet-base-attributes;
626 uses ethernet-state-attributes;
629 container vhost-user {
630 when "../if:type = 'v3po:vhost-user'";
631 uses vhost-user-interface-base-attributes;
632 uses vhost-user-interface-state-attributes;
636 when "../if:type = 'v3po:vxlan-tunnel'";
637 uses vxlan-base-attributes;
639 container vxlan-gpe {
640 when "../if:type = 'v3po:vxlan-gpe-tunnel'";
642 uses vxlan-gpe-base-attributes;
646 when "../if:type = 'gre-tunnel'";
647 uses gre-base-attributes;
651 must "(not (../if:ipv4[if:enabled = 'true']/if:address/if:ip) and " +
652 "not (../if:ipv6[if:enabled = 'true']/if:address/if:ip))";
654 uses l2-base-attributes;
657 container proxy-arp {
658 uses proxy-arp-attributes;
663 uses acl-base-attributes;
666 uses acl-base-attributes;
672 uses ietf-acl-base-attributes;
675 uses ietf-acl-base-attributes;
680 augment /if:interfaces-state/if:interface/if:statistics {
681 ext:augment-identifier "vpp-interface-statistics-augmentation";
682 leaf in-errors-no-buf {
685 leaf in-errors-miss {
688 leaf out-discards-fifo-full {
693 container vpp-state {
697 "VPP operational data";
699 container bridge-domains {
700 // FIXME: Should this live in bridge-domain.yang in a modular fashion ?
708 uses bridge-domain-attributes;
709 uses l2-fib-attributes;
712 "bridge-domain operational data";
720 leaf build-directory {
736 typedef interface-status {
747 typedef interface-name-or-index {
754 notification interface-state-change {
756 type interface-name-or-index;
760 type interface-status;
764 type interface-status;
768 notification interface-deleted {
770 type interface-name-or-index;