--- /dev/null
+module ietf-routing-policy {
+
+ yang-version "1.1";
+ namespace "urn:ietf:params:xml:ns:yang:ietf-routing-policy";
+ prefix rt-pol;
+
+ import ietf-inet-types {
+ prefix "inet";
+ }
+
+ import ietf-yang-types {
+ prefix "yang";
+ }
+
+ import ietf-interfaces {
+ prefix "if";
+ }
+
+ import ietf-routing {
+ prefix "rt";
+ }
+
+ import ietf-interfaces-common {
+ prefix if-cmn;
+ }
+
+ import ietf-if-l3-vlan {
+ prefix "if-l3-vlan";
+ }
+
+
+ organization
+ "IETF RTGWG - Routing Area Working Group";
+ contact
+ "WG Web: <http://tools.ietf.org/wg/rtgwg/>
+ WG List: <mailto:rtgwg@ietf.org>
+
+
+ Editor: Yingzhen Qu
+ <mailto:yingzhen.qu@huawei.com>
+
+ Jeff Tantsura
+ <mailto:jefftant.ietf@gmail.com>
+ Acee Lindem
+ <mailto:acee@cisco.com>
+ Xufeng Liu
+ <mailto:xufeng_liu@jabil.com>
+ Anees Shaikh
+ <mailto:aashaikh@google.com>";
+
+ description
+ "This module describes a YANG model for routing policy
+ configuration. It is a limited subset of all of the policy
+ configuration parameters available in the variety of vendor
+ implementations, but supports widely used constructs for
+ managing how routes are imported, exported, and modified across
+ different routing protocols. This module is intended to be
+ used in conjunction with routing protocol configuration modules
+ (e.g., BGP) defined in other models.
+
+ Route policy expression:
+
+ Policies are expressed as a set of top-level policy
+ definitions, each of which consists of a sequence of policy
+ statements. Policy statements consist of simple
+ condition-action tuples. Conditions may include mutiple match
+ or comparison operations, and similarly actions may be
+ multitude of changes to route attributes or a final disposition
+ of accepting or rejecting the route.
+
+ Route policy evaluation:
+
+ Policy definitions are referenced in routing protocol
+ configurations using import and export configuration
+ statements. The arguments are members of an ordered list of
+ named policy definitions which comprise a policy chain, and
+ optionally, an explicit default policy action (i.e., reject
+ or accept).
+
+ Evaluation of each policy definition proceeds by evaluating its
+ corresponding individual policy statements in order. When a
+ condition statement in a policy statement is satisfied, the
+ corresponding action statement is executed. If the action
+ statement has either accept-route or reject-route actions,
+ policy evaluation of the current policy definition stops, and
+ no further policy definitions in the chain are evaluated.
+
+ If the condition is not satisfied, then evaluation proceeds to
+ the next policy statement. If none of the policy statement
+
+ conditions are satisfied, then evaluation of the current policy
+ definition stops, and the next policy definition in the chain
+ is evaluated. When the end of the policy chain is reached, the
+ default route disposition action is performed (i.e.,
+ reject-route unless an alternate default action is specified
+ for the chain).
+
+ Policy 'subroutines' (or nested policies) are supported by
+ allowing policy statement conditions to reference another
+ policy definition which applies conditions and actions from
+ the referenced policy before returning to the calling policy
+ statement and resuming evaluation. If the called policy
+ results in an accept-route (either explicit or by default),
+ then the subroutine returns an effective true value to the
+ calling policy. Similarly, a reject-route action returns
+ false. If the subroutine returns true, the calling policy
+ continues to evaluate the remaining conditions (using a
+ modified route if the subroutine performed any changes to the
+ route).";
+
+
+ revision "2019-03-06" {
+ description
+ "Initial revision.";
+ reference
+ "RFC XXXX: Routing Policy Configuration Model for Service
+ Provider Networks";
+ }
+
+
+ // typedef statements
+
+ typedef default-policy-type {
+ // this typedef retained for name compatibiity with default
+ // import and export policy
+ type enumeration {
+ enum accept-route {
+ description
+ "Default policy to accept the route";
+ }
+ enum reject-route {
+ description
+ "Default policy to reject the route";
+ }
+ }
+ description
+ "Type used to specify route disposition in
+ a policy chain";
+
+ }
+
+ typedef policy-result-type {
+ type enumeration {
+ enum accept-route {
+ description "Policy accepts the route";
+ }
+ enum reject-route {
+ description "Policy rejects the route";
+ }
+ }
+ description
+ "Type used to specify route disposition in
+ a policy chain";
+ }
+
+ typedef tag-type {
+ type union {
+ type uint32;
+ type yang:hex-string;
+ }
+ description "Type for expressing route tags on a local system,
+ including IS-IS and OSPF; may be expressed as either decimal
+ or hexadecimal integer";
+ reference
+ "RFC 2178 - OSPF Version 2
+ RFC 5130 - A Policy Control Mechanism in IS-IS Using
+ Administrative Tags";
+ }
+
+ typedef match-set-options-type {
+ type enumeration {
+ enum any {
+ description "Match is true if given value matches any member
+ of the defined set";
+ }
+ enum all {
+ description "Match is true if given value matches all
+ members of the defined set";
+ }
+ enum invert {
+ description "Match is true if given value does not match any
+ member of the defined set";
+ }
+ }
+ default any;
+ description
+ "Options that govern the behavior of a match statement. The
+
+ default behavior is any, i.e., the given value matches any
+ of the members of the defined set";
+ }
+
+
+ // grouping statements
+
+ grouping prefix-set {
+ description
+ "Configuration data for prefix sets used in policy
+ definitions.";
+
+ leaf name {
+ type string;
+ description
+ "Name of the prefix set -- this is used as a label to
+ reference the set in match conditions";
+ }
+
+ leaf mode {
+ type enumeration {
+ enum ipv4 {
+ description
+ "Prefix set contains IPv4 prefixes only";
+ }
+ enum ipv6 {
+ description
+ "Prefix set contains IPv6 prefixes only";
+ }
+ enum mixed {
+ description
+ "Prefix set contains mixed IPv4 and IPv6 prefixes";
+ }
+ }
+ description
+ "Indicates the mode of the prefix set, in terms of which
+ address families (IPv4, IPv6, or both) are present. The
+ mode provides a hint, but the device must validate that all
+ prefixes are of the indicated type, and is expected to
+ reject the configuration if there is a discrepancy. The
+ MIXED mode may not be supported on devices that require
+ prefix sets to be of only one address family.";
+ }
+
+ }
+
+ grouping prefix-set-top {
+ description
+
+ "Top-level data definitions for a list of IPv4 or IPv6
+ prefixes which are matched as part of a policy";
+
+ container prefix-sets {
+ description
+ "Enclosing container ";
+
+ list prefix-set {
+ key "name";
+ description
+ "List of the defined prefix sets";
+
+ uses prefix-set;
+
+ uses prefix-top;
+ }
+ }
+ }
+
+ grouping prefix {
+ description
+ "Configuration data for a prefix definition";
+
+ leaf ip-prefix {
+ type inet:ip-prefix;
+ mandatory true;
+ description
+ "The prefix member in CIDR notation -- while the
+ prefix may be either IPv4 or IPv6, most
+ implementations require all members of the prefix set
+ to be the same address family. Mixing address types in
+ the same prefix set is likely to cause an error.";
+ }
+
+ leaf masklength-lower {
+ type uint8;
+ description
+ "Masklength range lower bound.";
+ }
+ leaf masklength-upper {
+ type uint8 {
+ range "1..128";
+ }
+ must "../masklength-upper >= ../masklength-lower" {
+ error-message "The upper bound should not be less"
+ + "than lower bound.";
+ }
+ description
+
+ "Masklength range upper bound.
+
+ The combination of masklength-lower and masklength-upper
+ define a range for the mask length, or single 'exact'
+ length if masklength-lower and masklenght-upper are equal.
+
+ Example: 10.3.192.0/21 through 10.3.192.0/24 would be
+ expressed as prefix: 10.3.192.0/21,
+ masklength-lower=21,
+ masklength-upper=24
+
+ Example: 10.3.192.0/21 (an exact match) would be
+ expressed as prefix: 10.3.192.0/21,
+ masklength-lower=21,
+ masklength-upper=21";
+ }
+ }
+
+ grouping prefix-top {
+ description
+ "Top-level grouping for prefixes in a prefix list";
+
+ container prefixes {
+ description
+ "Enclosing container for the list of prefixes in a policy
+ prefix list";
+
+ list prefix-list {
+ key "ip-prefix masklength-lower masklength-upper";
+ description
+ "List of prefixes in the prefix set";
+
+ uses prefix;
+ }
+ }
+ }
+
+ grouping neighbor-set {
+ description
+ "This grouping provides neighbor set definitions";
+
+ leaf name {
+ type string;
+ description
+ "Name of the neighbor set -- this is used as a label
+ to reference the set in match conditions";
+ }
+
+ leaf-list address {
+ type inet:ip-address;
+ description
+ "List of IP addresses in the neighbor set";
+ }
+ }
+
+ grouping neighbor-set-top {
+ description
+ "Top-level data definition for a list of IPv4 or IPv6
+ neighbors which can be matched in a routing policy";
+
+ container neighbor-sets {
+ description
+ "Enclosing container for the list of neighbor set
+ definitions";
+
+ list neighbor-set {
+ key "name";
+ description
+ "List of defined neighbor sets for use in policies.";
+
+ uses neighbor-set;
+ }
+ }
+ }
+
+ grouping tag-set {
+ description
+ "This grouping provides tag set definitions.";
+
+ leaf name {
+ type string;
+ description
+ "Name of the tag set -- this is used as a label to reference
+ the set in match conditions";
+ }
+
+ leaf-list tag-value {
+ type tag-type;
+ description
+ "Value of the tag set member";
+ }
+ }
+
+ grouping tag-set-top {
+ description
+ "Top-level data definitions for a list of tags which can
+
+ be matched in policies";
+
+ container tag-sets {
+ description
+ "Enclosing container for the list of tag sets.";
+
+ list tag-set {
+ key "name";
+ description
+ "List of tag set definitions.";
+
+ uses tag-set;
+
+ }
+ }
+ }
+
+
+ grouping match-set-options-group {
+ description
+ "Grouping containing options relating to how a particular set
+ should be matched";
+
+ leaf match-set-options {
+ type match-set-options-type;
+ description
+ "Optional parameter that governs the behavior of the
+ match operation";
+ }
+ }
+
+ grouping match-set-options-restricted-group {
+ description
+ "Grouping for a restricted set of match operation modifiers";
+
+ leaf match-set-options {
+ type match-set-options-type {
+ enum any {
+ description "Match is true if given value matches any
+ member of the defined set";
+ }
+ enum invert {
+ description "Match is true if given value does not match
+ any member of the defined set";
+ }
+ }
+ description
+ "Optional parameter that governs the behavior of the
+
+ match operation. This leaf only supports matching on ANY
+ member of the set or inverting the match. Matching on ALL
+ is not supported";
+ }
+ }
+
+
+
+ grouping match-interface-condition {
+ description
+ "This grouping provides interface match condition";
+
+ container match-interface {
+ leaf interface {
+ type leafref {
+ path "/if:interfaces/if:interface/if:name";
+ }
+ description
+ "Reference to a base interface. If a reference to a
+ subinterface is required, this leaf must be specified
+ to indicate the base interface.";
+ }
+ leaf subinterface {
+ type leafref {
+ path "/if:interfaces/if:interface/if-cmn:encapsulation"
+ + "/if-l3-vlan:dot1q-vlan"
+ + "/if-l3-vlan:outer-tag/if-l3-vlan:vlan-id";
+ }
+ description
+ "Reference to a subinterface -- this requires the base
+ interface to be specified using the interface leaf in
+ this container. If only a reference to a base interface
+ is requuired, this leaf should not be set.";
+ }
+
+ description
+ "Container for interface match conditions";
+ }
+ }
+
+ grouping prefix-set-condition {
+ description
+ "This grouping provides prefix-set conditions";
+
+ container match-prefix-set {
+ leaf prefix-set {
+ type leafref {
+ path "../../../../../../../defined-sets/" +
+
+ "prefix-sets/prefix-set/name";
+ }
+ description "References a defined prefix set";
+ }
+ uses match-set-options-restricted-group;
+
+ description
+ "Match a referenced prefix-set according to the logic
+ defined in the match-set-options leaf";
+ }
+ }
+
+ grouping neighbor-set-condition {
+ description
+ "This grouping provides neighbor-set conditions";
+
+ container match-neighbor-set {
+ leaf neighbor-set {
+ type leafref {
+ path "../../../../../../../defined-sets/neighbor-sets/" +
+ "neighbor-set/name";
+ require-instance true;
+ }
+ description "References a defined neighbor set";
+ }
+
+ description
+ "Match a referenced neighbor set according to the logic
+ defined in the match-set-options-leaf";
+ }
+ }
+
+ grouping tag-set-condition {
+ description
+ "This grouping provides tag-set conditions";
+
+ container match-tag-set {
+ leaf tag-set {
+ type leafref {
+ path "../../../../../../../defined-sets/tag-sets" +
+ "/tag-set/name";
+ require-instance true;
+ }
+ description "References a defined tag set";
+ }
+ uses match-set-options-restricted-group;
+
+ description
+
+ "Match a referenced tag set according to the logic defined
+ in the match-options-set leaf";
+ }
+ }
+
+ grouping generic-conditions {
+ description "Condition statement definitions for checking
+ membership in a generic defined set";
+
+ uses match-interface-condition;
+ uses prefix-set-condition;
+ uses neighbor-set-condition;
+ uses tag-set-condition;
+
+ }
+
+ grouping policy-conditions {
+ description
+ "Data for general policy conditions, i.e., those
+ not related to match-sets";
+
+ leaf call-policy {
+ type leafref {
+ path "../../../../../../" +
+ "rt-pol:policy-definitions/" +
+ "rt-pol:policy-definition/rt-pol:name";
+ require-instance true;
+ }
+ description
+ "Applies the statements from the specified policy
+ definition and then returns control the current
+ policy statement. Note that the called policy may
+ itself call other policies (subject to
+ implementation limitations). This is intended to
+ provide a policy 'subroutine' capability. The
+ called policy should contain an explicit or a
+ default route disposition that returns an
+ effective true (accept-route) or false
+ (reject-route), otherwise the behavior may be
+ ambiguous and implementation dependent";
+ }
+
+ leaf source-protocol {
+ type identityref {
+ base rt:control-plane-protocol;
+ }
+ description
+ "Condition to check the protocol / method used to install
+
+ the route into the local routing table";
+ }
+ }
+
+ grouping policy-conditions-top {
+ description
+ "Top-level grouping for policy conditions";
+
+ container conditions {
+ description
+ "Condition statements for the current policy statement";
+
+ uses policy-conditions;
+
+ uses generic-conditions;
+ }
+ }
+
+ grouping policy-statements {
+ description
+ "Data for policy statements";
+
+ leaf name {
+ type string;
+ description
+ "Name of the policy statement";
+ }
+ }
+
+
+ grouping policy-actions {
+ description
+ "Top-level grouping for policy actions";
+
+ container actions {
+ description
+ "Top-level container for policy action statements";
+
+ leaf policy-result {
+ type policy-result-type;
+ description
+ "Select the final disposition for the route, either
+ accept or reject.";
+ }
+ leaf set-metric {
+ type uint32;
+ description
+ "Set a new metric for the route.";
+
+ }
+ leaf set-preference {
+ type uint16;
+ description
+ "Set a new preference for the route.";
+ }
+ }
+ }
+
+ grouping policy-statements-top {
+ description
+ "Top-level grouping for the policy statements list";
+
+ container statements {
+ description
+ "Enclosing container for policy statements";
+
+ list statement {
+ key "name";
+ ordered-by user;
+ description
+ "Policy statements group conditions and actions
+ within a policy definition. They are evaluated in
+ the order specified (see the description of policy
+ evaluation at the top of this module.";
+
+ uses policy-statements;
+
+ uses policy-conditions-top;
+ uses policy-actions;
+ }
+ }
+ }
+
+
+ grouping policy-definitions {
+ description
+ "This grouping provides policy definitions";
+
+ leaf name {
+ type string;
+ description
+ "Name of the top-level policy definition -- this name
+ is used in references to the current policy";
+ }
+ }
+
+ grouping apply-policy-import {
+
+ description
+ "Grouping for applying import policies";
+
+ leaf-list import-policy {
+ type leafref {
+ path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
+ "rt-pol:policy-definition/rt-pol:name";
+ require-instance true;
+ }
+ ordered-by user;
+ description
+ "List of policy names in sequence to be applied on
+ receiving a routing update in the current context, e.g.,
+ for the current peer group, neighbor, address family,
+ etc.";
+ }
+
+ leaf default-import-policy {
+ type default-policy-type;
+ default reject-route;
+ description
+ "Explicitly set a default policy if no policy definition
+ in the import policy chain is satisfied.";
+ }
+
+ }
+
+ grouping apply-policy-export {
+ description
+ "Grouping for applying export policies";
+
+ leaf-list export-policy {
+ type leafref {
+ path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
+ "rt-pol:policy-definition/rt-pol:name";
+ require-instance true;
+ }
+ ordered-by user;
+ description
+ "List of policy names in sequence to be applied on
+ sending a routing update in the current context, e.g.,
+ for the current peer group, neighbor, address family,
+ etc.";
+ }
+
+ leaf default-export-policy {
+ type default-policy-type;
+ default reject-route;
+
+ description
+ "Explicitly set a default policy if no policy definition
+ in the export policy chain is satisfied.";
+ }
+ }
+
+
+ grouping apply-policy {
+ description
+ "Configuration data for routing policies";
+
+ uses apply-policy-import;
+ uses apply-policy-export;
+
+ container apply-policy-state {
+ description
+ "Operational state associated with routing policy";
+
+ //TODO: identify additional state data beyond the intended
+ //policy configuration.
+ }
+
+ }
+
+
+ grouping apply-policy-group {
+ description
+ "Top level container for routing policy applications. This
+ grouping is intended to be used in routing models where
+ needed.";
+
+ container apply-policy {
+ description
+ "Anchor point for routing policies in the model.
+ Import and export policies are with respect to the local
+ routing table, i.e., export (send) and import (receive),
+ depending on the context.";
+
+ uses apply-policy;
+
+ }
+ }
+
+ container routing-policy {
+ description
+ "Top-level container for all routing policy";
+
+ container defined-sets {
+
+ description
+ "Predefined sets of attributes used in policy match
+ statements";
+
+ uses prefix-set-top;
+ uses neighbor-set-top;
+ uses tag-set-top;
+ }
+
+ container policy-definitions {
+ description
+ "Enclosing container for the list of top-level policy
+ definitions";
+
+ list policy-definition {
+ key "name";
+ description
+ "List of top-level policy definitions, keyed by unique
+ name. These policy definitions are expected to be
+ referenced (by name) in policy chains specified in import
+ or export configuration statements.";
+
+ uses policy-definitions;
+
+ uses policy-statements-top;
+ }
+ }
+ }
+}