draft-ietf-i2rs-pkt-eca-data-model-00.txt   draft-ietf-i2rs-pkt-eca-data-model-01.txt 
I2RS working group S. Hares I2RS working group S. Hares
Internet-Draft Q. Wu Internet-Draft Q. Wu
Intended status: Standards Track Huawei Intended status: Standards Track Huawei
Expires: December 18, 2016 R. White Expires: January 2, 2017 R. White
Ericsson Ericsson
June 16, 2016 July 1, 2016
Filter-Based Packet Forwarding ECA Policy Filter-Based Packet Forwarding ECA Policy
draft-ietf-i2rs-pkt-eca-data-model-00.txt draft-ietf-i2rs-pkt-eca-data-model-01.txt
Abstract Abstract
This document describes the yang data model for packet forwarding This document describes the yang data model for packet forwarding
policy that filters received packets and forwards (or drops) the policy that filters received packets and forwards (or drops) the
packets. Prior to forwarding the packets out other interfaces, some packets. Prior to forwarding the packets out other interfaces, some
of the fields in the packets may be modified. If one considers the of the fields in the packets may be modified. If one considers the
packet reception an event, this packet policy is a minimalistic packet reception an event, this packet policy is a minimalistic
Event-Match Condition-Action policy. This policy controls forwarding Event-Match Condition-Action policy. This policy controls forwarding
of packets received by a routing device on one or more interfaces on of packets received by a routing device on one or more interfaces on
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 18, 2016. This Internet-Draft will expire on January 2, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 29 skipping to change at page 2, line 29
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 3 1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 3
1.2. Antecedents this Policy in IETF . . . . . . . . . . . . . 3 1.2. Antecedents this Policy in IETF . . . . . . . . . . . . . 3
2. Generic Route Filters/Policy Overview . . . . . . . . . . . . 4 2. Generic Route Filters/Policy Overview . . . . . . . . . . . . 4
3. BNP Rule Groups . . . . . . . . . . . . . . . . . . . . . . . 5 3. BNP Rule Groups . . . . . . . . . . . . . . . . . . . . . . . 5
4. BNP Generic Info Model in High Level Yang . . . . . . . . . . 7 4. BNP Generic Info Model in High Level Yang . . . . . . . . . . 7
5. i2rs-eca-policy Yang module . . . . . . . . . . . . . . . . . 10 5. i2rs-eca-policy Yang module . . . . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 41
7. Security Considerations . . . . . . . . . . . . . . . . . . . 35 7. Security Considerations . . . . . . . . . . . . . . . . . . . 41
8. Informative References . . . . . . . . . . . . . . . . . . . 36 8. Informative References . . . . . . . . . . . . . . . . . . . 42
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42
1. Introduction 1. Introduction
This document describes the yang data model for packet forwarding This document describes the yang data model for packet forwarding
policy that filters received packets and forwards (or drops) the policy that filters received packets and forwards (or drops) the
packets. Prior to forwarding the packets out other interfaces, some packets. Prior to forwarding the packets out other interfaces, some
of the fields in the packets may be modified. If one considers the of the fields in the packets may be modified. If one considers the
reception of a packet as an event, this minimalistic Event-Match reception of a packet as an event, this minimalistic Event-Match
Condition-Action policy. If one considers the reception of packets Condition-Action policy. If one considers the reception of packets
containing Layer 1 to Layer 4 + application data a single packet, containing Layer 1 to Layer 4 + application data a single packet,
skipping to change at page 7, line 10 skipping to change at page 7, line 10
............ ............ ............ ........... ............ ............ ............ ...........
: L1 : : L2 : : L3 : : Service : . . . : L1 : : L2 : : L3 : : Service : . . .
: match : : match : : match : : match : : match : : match : : match : : match :
'''''''''''' '''''''''''' '''''''''''' ''''''''''' '''''''''''' '''''''''''' '''''''''''' '''''''''''
4. BNP Generic Info Model in High Level Yang 4. BNP Generic Info Model in High Level Yang
Below is the high level inclusion Below is the high level inclusion
Figure 5 Figure 5
module:bnp-eca-policy module:pkt-eca-policy
import ietf-inet-types {prefix "inet"} import ietf-inet-types {prefix "inet"}
import ietf-interface {prefix "if"} import ietf-interface {prefix "if"}
import ietf-i2rs-rib {prefix "i2rs-rib"} import ietf-i2rs-rib {prefix "i2rs-rib"}
import ietf-interfaces { import ietf-interfaces {
prefix "if"; prefix "if";
} }
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
//rfc6991 //rfc6991
} }
import ietf-i2rs-rib { import ietf-i2rs-rib {
prefix "i2rs-rib"; prefix "i2rs-rib";
Below is the high level yang diagram Below is the high level yang diagram
Packet Reception ECA policy
module ietf-pkt-eca-policy module ietf-pkt-eca-policy
+--rw pkt-eca-policy-cfg +--rw pkt-eca-policy-cfg
| +--rw pkt-eca-policy-set | +--rw pkt-eca-policy-set
| +--rw groups* [group-name] | +--rw groups* [group-name]
| | +--rw group-name string
| | +--rw vrf-name string | | +--rw vrf-name string
| | +--rw address-family | | +--rw address-family
| | +--rw group-rule-list* [rule-name] | | +--rw group-rule-list* [rule-name]
| | | +--rw rule-name | | | +--rw rule-name
| | | +--rw rule-order-id | | | +--rw rule-order-id
| | | +--rw default-action-id integer
| | | +--rw default-resolution-strategy-id integer
| +--rw rules* [order-id rule-name] | +--rw rules* [order-id rule-name]
| +--rw eca-matches | +--rw order-id
| | ... | +--rw rule-name
| +--rw eca-qos-actions | +--rw cfg-rule-conditions [cfgr-cnd-id]
| | ... | | +--rw cfgr-cnd-id integer
| +--rw eca-fwd-actions | | +--rw eca-event-match
| | ... | | | +--rw time-event-match*
| | | | .. (time of day)
| | +--rw eca-condition-match
| | | +--rw eca-pkt-matches*
| | | | ... (L1-L4 matches)
| | | +--rw eca-user-matches*
| | | | (user, schedule, region, target,
| | | | state, direction)
| +--rw cfg-rule-actions [cfgr-action-id]
| | +--rw cfgr-action-id
| | +--rw eca-actions* [action-id]
| | | +--rw action-id uint32
| | | +--rw eca-ingress-act*
| | | | ... (permit, deny, mirror)
| | | +--rw eca-fwd-actions*
| | | | ... (invoke, tunnel encap, fwd)
| | | +--rw eca-egress-act*
| | | | .. .
| | | +--rw eca-qos-actions*
| | | | ...
| | | +--rw eca-security-actions*
| +--rw pc-resolution-strategies* [strategy-id]
| | +--rw strategy-id integer
| | +--rw filter-strategy identityref
| | | .. FMR, ADTP, Longest-match
| | +--rw global-strategy identityref
| | +--rw mandatory-strategy identityref
| | +--rw local-strategy identityref
| | +--rw resolution-fcn uint32
| | +--rw resolution-value uint32
| | +--rw resolution-info string
| | +--rw associated-ext-data*
| | | +--rw ext-data-id integer
| +--rw cfg-external-data* [cfg-ext-data-id]
| | +--rw cfg-ext-data-id integer
| | +--rw data-type integer
| | +--rw priority uint64
| | | uses external-data-forms
| | ... (other external data)
+--rw pkt-eca-policy-opstate +--rw pkt-eca-policy-opstate
+--rw pkt-eca-opstate +--rw pkt-eca-opstate
+--rw groups* [group-name] +--rw groups* [group-name]
| +--rw rules-installed; | +--rw rules-installed;
| +--rw rules_status* [rule-name] | +--rw rules_status* [rule-name]
| +--rw strategy-used [strategy-id]
| +--rw
+--rw rule-group-link* [rule-name] +--rw rule-group-link* [rule-name]
| +--rw group-name | +--rw group-name
+--rw rules_opstate* [rule-order rule-name] +--rw rules_opstate* [rule-order rule-name]
| +--rw status | +--rw status
| +--rw rule-inactive-reason | +--rw rule-inactive-reason
| +--rw rule-install-reason | +--rw rule-install-reason
| +--rw rule-installer | +--rw rule-installer
| +--rw refcnt | +--rw refcnt
+--rw rules_op-stats* [rule-order rule-name] +--rw rules_op-stats* [rule-order rule-name]
+--rw pkts-matched | +--rw pkts-matched
+--rw pkts-modified | +--rw pkts-modified
+--rw pkts-forwarde | +--rw pkts-forward
+--rw op-external-data [op-ext-data-id]
| +--rw op-ext-data-id integer
| +--rw type identityref
| +--rw installed-priority integer
| | (other details on external data )
The three levels of policy are expressed as: The three levels of policy are expressed as:
Config Policy definitions Config Policy definitions
======================================= =======================================
Policy level: pkt-eca-policy-set Policy level: pkt-eca-policy-set
group level: pkt-eca-policy-set:groups group level: pkt-eca-policy-set:groups
rule level: bnp-eca-policy-set:rules rule level: pkt-eca-policy-set:rules
external id: pkt-eca-policy-set:cfg-external-data
Operational State for Policy Operational State for Policy
======================================= =======================================
Policy level: pkt-eca-policy-opstate Policy level: pkt-eca-policy-opstate
group level: pkt-eca-policy-opstate:groups-status group level: pkt-eca-opstate:groups
rule level: bnp-eca-policy-opstate:rules_opstate* group-rule: pkt-eca-opstate:rule-group-link*
bnp-eca-policy-opstate:rules_opstats* rule level: pkt-eca_opstate:rules_opstate*
pkt-eca_op-stats
figure figure
The filter matches struture is shown below The filter matches struture is shown below
module:i2rs-pkt-eca-policy module:i2rs-pkt-eca-policy
+--rw pkt-eca-policy-cfg +--rw pkt-eca-policy-cfg
| +--rw pkt-eca-policy-set | +--rw pkt-eca-policy-set
| +--rw groups* [group-name] | +--rw groups* [group-name]
| | ... | | ...
| +--rw rules [order-id rule-name] | +--rw rules [order-id rule-name]
| +--rw eca-matches | +--rw eca-matches
| | | +--case: interface-match | | | +--case: interface-match
| | | +--case: L1-header-match | | | +--case: L1-header-match
| | | +--case: L2-header-match | | | +--case: L2-header-match
skipping to change at page 10, line 34 skipping to change at page 11, line 8
| | +--rw fwd-actions | | +--rw fwd-actions
| | | +--rw interface interface-ref | | | +--rw interface interface-ref
| | | +--rw next-hop rib-nexthop-ref | | | +--rw next-hop rib-nexthop-ref
| | | +--rw route-attributes | | | +--rw route-attributes
| | | +--rw rib-route-attributes-ref | | | +--rw rib-route-attributes-ref
| | | +--rw fb-std-drop | | | +--rw fb-std-drop
5. i2rs-eca-policy Yang module 5. i2rs-eca-policy Yang module
<CODE BEGINS> file "ietf-pkt-eca-policy@2016-02-09.yang" <CODE BEGINS> file "ietf-pkt-eca-policy@2016-02-09.yang"
module ietf-pkt-eca-policy {
module ietf-pkt-eca-policy {
namespace "urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy"; namespace "urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy";
// replace with iana namespace when assigned // replace with iana namespace when assigned
prefix "pkt-eca-policy"; prefix "pkt-eca-policy";
import ietf-routing { import ietf-routing {
prefix "rt"; prefix "rt";
} }
import ietf-interfaces { import ietf-interfaces {
prefix "if"; prefix "if";
} }
skipping to change at page 11, line 21 skipping to change at page 11, line 41
contact contact
"email: shares@ndzh.com "email: shares@ndzh.com
email: russ.white@riw.com email: russ.white@riw.com
email: linda.dunbar@huawei.com email: linda.dunbar@huawei.com
email: bill.wu@huawei.com"; email: bill.wu@huawei.com";
description description
"This module describes a basic network policy "This module describes a basic network policy
model with filter per layer."; model with filter per layer.";
revision "2016-02-09" { revision "2016-06-26" {
description "initial revision"; description "sec ond revision";
reference "draft-hares-i2rs-pkt-eca-policy-dm-00"; reference "draft-ietf-i2rs-pkt-eca-policy-dm-03";
} }
// interfaces - no identity matches // interfaces - no identity matches
// L1 header match identities // L1 header match identities
identity l1-header-match-type { identity l1-header-match-type {
description description
" L1 header type for match "; " L1 header type for match ";
} }
skipping to change at page 13, line 18 skipping to change at page 13, line 38
} }
identity l3-ipv6-hdr { identity l3-ipv6-hdr {
base l3-header-match-type; base l3-header-match-type;
description description
" l3 header type for IPv6 match "; " l3 header type for IPv6 match ";
} }
identity l3-gre-tunnel { identity l3-gre-tunnel {
base l3-header-match-type; base l3-header-match-type;
description description "l3 header r
" l3 header type for GRE tunnel match "; type for GRE tunnel match ";
} }
identity l3-icmp-header {
base l3-header-match-type;
description "L3 header match for ICMP";
}
identity l3-ipsec-ah-header {
base l3-header-match-type;
description "AH IPSEC header ";
}
identity l3-ipsec-esp-header {
base l3-header-match-type;
description "AH IPSEC header ";
}
// L4 header match identities // L4 header match identities
identity l4-header-match-type { identity l4-header-match-type {
description "L4 header description "L4 header
match types. (TCP, UDP, match types. (TCP, UDP,
SCTP, etc. )"; SCTP, UDPLite, etc. )";
} }
identity l4-tcp-header { identity l4-tcp-header {
base l4-header-match-type; base l4-header-match-type;
description "L4 header for TCP"; description "L4 header for TCP";
} }
identity l4-udp-header { identity l4-udp-header {
base l4-header-match-type; base l4-header-match-type;
description "L4 header match for UDP"; description "L4 header match for UDP";
} }
identity l4-udplite {
base l4-header-match-type;
description "L4 header match for
UDP lite";
}
identity l4-sctp-header { identity l4-sctp-header {
base l4-header-match-type; base l4-header-match-type;
description "L4 header match for SCTP"; description "L4 header match for SCTP";
} }
// Service header identities // Service header identities
identity service-header-match-type { identity service-header-match-type {
description "service header description "service header
match types: service function path match types: service function path
(sf-path)), SF-chain, sf-discovery, (sf-path)), SF-chain, sf-discovery,
and others (added here)"; and others (added here)";
} }
identity sf-chain-meta-match { identity sf-chain-meta-match {
base service-header-match-type; base service-header-match-type;
description "service header match for description "service header match for
meta-match header"; meta-match header";
} }
identity sf-path-meta-match { identity sf-path-meta-match {
base service-header-match-type; base service-header-match-type;
description "service header match for description "service header match for
path-match header"; path-match header";
} }
identity rule-status-type { identity rule-status-type {
description "status description "status
skipping to change at page 14, line 48 skipping to change at page 15, line 42
base rule-status-type; base rule-status-type;
description "This status indicates description "This status indicates
an installed rule."; an installed rule.";
} }
identity rule-status-valid-inactive { identity rule-status-valid-inactive {
base rule-status-type; base rule-status-type;
description "This status indicates description "This status indicates
a valid ruled that is not installed."; a valid ruled that is not installed.";
} }
identity rule-cr-type {
description "status
values for rule: FMR (0), ADTP (1),
Longest-match (2)";
}
identity rule-cr-FMR {
base rule-cr-type;
description "first match resolution.";
}
identity rule-cr-ADTP {
base rule-cr-type;
description "ADTP resolution.";
}
identity rule-cr-longest {
base rule-cr-type;
description "longest match resolution.";
}
grouping interface-match { grouping interface-match {
leaf match-if-name { leaf match-if-name {
type if:interface-ref; type if:interface-ref;
description "match on interface name"; description "match on interface name";
} }
description "interface description "interface
has name, description, type, enabled has name, description, type, enabled
as potential matches"; as potential matches";
} }
skipping to change at page 32, line 43 skipping to change at page 34, line 15
leaf service-meta-payload { leaf service-meta-payload {
type uint32; type uint32;
description "service meta-play match size"; description "service meta-play match size";
} }
description "packet size by layer description "packet size by layer
only non-zero values are matched"; only non-zero values are matched";
} }
grouping time-day-match { grouping time-day-match {
leaf hour {
type uint8;
description "hour
of day in 24 hours.
(add range)";
}
leaf minute {
type uint8;
description
"minute in day.";
}
leaf second {
type uint8;
description
"second in day.";
}
description "matches for description "matches for
time of day."; time of day.";
} }
grouping eca-matches { grouping user-event-match {
leaf user-name {
type string;
description "name of user
event";
}
leaf match-string {
type string;
description "user match
string";
}
description "matches for
time of day.";
}
grouping eca-event-matches {
uses time-day-match;
uses user-event-match;
description "matches for events
which include:
time of day, and
user specified matches.";
}
grouping eca-pkt-matches {
uses interface-match; uses interface-match;
uses L1-header-match; uses L1-header-match;
uses L2-header-match; uses L2-header-match;
uses L3-header-match; uses L3-header-match;
uses L4-header-match; uses L4-header-match;
uses service-header-match; uses service-header-match;
uses packet-size-match; uses packet-size-match;
uses time-day-match;
description "ECA matches"; description "ECA matches";
} }
grouping user-status-matches {
leaf user {
type string;
description "user";
}
leaf region {
type string;
description "region";
}
leaf state {
type string;
description "state";
}
leaf user-status {
type string;
description "status of user";
}
description "user status
matches - region,
target, location";
}
grouping eca-condition-matches {
uses eca-pkt-matches;
uses user-status-matches;
description "pkt
and user status matches";
}
grouping eca-qos-actions { grouping eca-qos-actions {
leaf cnt-actions { leaf cnt-actions {
type uint32; type uint32;
description "count of ECA actions"; description "count of ECA actions";
} }
uses interface-actions; list qos-actions {
uses L1-header-actions; key "action-id";
uses l2-header-mod-actions; leaf action-id {
uses L3-header-actions; type uint32;
uses L4-header-actions; description "action id";
}
uses interface-actions;
uses L1-header-actions;
uses l2-header-mod-actions;
uses L3-header-actions;
uses L4-header-actions;
description "ECA set or change description "ECA set or change
packet Actions. Actions may be packet Actions. Actions may be
added here for interface, added here for interface,
L1, L2, L3, L4 nad service forwarding L1, L2, L3, L4 nad service forwarding
headers."; headers.";
}
description "eca- qos actions";
} }
grouping ip-next-fwd { grouping ip-next-fwd {
leaf rib-name { leaf rib-name {
type string; type string;
description "name of RIB"; description "name of RIB";
} }
leaf next-hop-name { leaf next-hop-name {
type string; type string;
description "name of next hop"; description "name of next hop";
} }
description "ECA set or change description "ECA set or change
packet Actions"; packet Actions";
} }
grouping eca-ingress-actions {
leaf permit {
type boolean;
description "permit ingress
traffic. False
means to deny.";
}
leaf mirror {
type boolean;
description "copy bytes
ingressed to mirror port";
}
description "ingress eca match";
}
grouping eca-fwd-actions { grouping eca-fwd-actions {
leaf interface-fwd { leaf interface-fwd {
type if:interface-ref; type if:interface-ref;
description "name of interface to forward on"; description "name of interface to forward on";
} }
uses i2rs-rib:nexthop; uses i2rs-rib:nexthop;
uses ip-next-fwd; uses ip-next-fwd;
leaf drop-packet { leaf drop-packet {
type boolean; type boolean;
description "drop packet flag"; description "drop packet flag";
} }
description "ECA forwarding actions"; description "ECA forwarding actions";
} }
grouping pkt-eca-policy-set { grouping eca-security-actions {
list groups { leaf actions-exist {
type boolean;
description "existance of
eca security actions";
}
description "content actions
for security. Needs more
description.";
}
grouping eca-egress-actions {
leaf packet-rate {
type uint32;
description "maximum packet-rate";
}
leaf byte-rate {
type uint64;
description "maximum byte-rate ";
}
description "packet security actions";
}
grouping policy-conflict-resolution {
list resolution-strategy {
key "strategy-id";
leaf strategy-id {
type uint32;
description "Id for strategy";
}
leaf stategy-name {
type string;
description "name of strategy";
}
leaf filter-strategy {
type string;
description "type of resolution";
}
leaf global-strategy {
type boolean;
description "global strategy";
}
leaf mandatory-strategy {
type boolean;
description "required strategy";
}
leaf local-strategy {
type boolean;
description "local strategy";
}
leaf resolution-fcn {
type uint64;
description "resolution function id ";
}
leaf resolution-value {
type uint64;
description "resolution value";
}
leaf resolution-info {
type string;
description "resolution info";
}
list associate-ext-data {
key "ext-data-id";
leaf ext-data-id {
type uint64;
description "ID of external data";
}
leaf ext-data {
type string;
description "external data";
}
description "linked external data";
}
description "list of strategies";
}
description "policy conflict
resolution strategies";
}
grouping cfg-external-data {
list cfg-ext-data {
key "cfg-ext-data-id";
leaf cfg-ext-data-id {
type uint64;
description "id for external data";
}
leaf data-type {
type uint32;
description "external data type ID";
}
leaf priority {
type uint64;
description "priority of data";
}
leaf other-data {
type string;
description "string
external data";
}
description "external data";
}
description "external data list";
}
grouping pkt-eca-policy-set {
list groups {
key "group-name"; key "group-name";
leaf group-name { leaf group-name {
type string; type string;
description description
"name of group of rules"; "name of group of rules";
} }
leaf vrf-name { leaf vrf-name {
type string; type string;
description "VRF name"; description "VRF name";
} }
uses rt:address-family; uses rt:address-family;
list group-rule-list { list group-rule-list {
key "rule-name"; key "rule-name";
leaf rule-name { leaf rule-name {
type string; type string;
description "name of rule"; description "name of rule";
skipping to change at page 34, line 32 skipping to change at page 40, line 20
list group-rule-list { list group-rule-list {
key "rule-name"; key "rule-name";
leaf rule-name { leaf rule-name {
type string; type string;
description "name of rule"; description "name of rule";
} }
leaf rule-order-id { leaf rule-order-id {
type uint16; type uint16;
description "rule-order-id"; description "rule-order-id";
} }
description "rules per group"; description "rules per group";
} }
description "pkt eca rule groups"; description "pkt eca rule groups";
} }
list eca-rules { list eca-rules {
key "order-id eca-rule-name"; key "order-id";
ordered-by user; ordered-by user;
leaf order-id { leaf order-id {
type uint16; type uint16;
description "Number of order description "Number of order
in ordered list (ascending)"; in ordered list (ascending)";
} }
leaf eca-rule-name { leaf eca-rule-name {
type string; type string;
description "name of rule"; description "name of rule";
} }
leaf installer { leaf installer {
type string; type string;
description description
"Id of I2RS client "Id of I2RS client
that installs this rule."; that installs this rule.";
} }
uses eca-matches; uses eca-event-matches;
uses eca-ingress-actions;
uses eca-qos-actions; uses eca-qos-actions;
uses eca-security-actions;
uses eca-fwd-actions; uses eca-fwd-actions;
uses eca-egress-actions;
uses cfg-external-data;
uses policy-conflict-resolution;
description "ECA rules"; description "ECA rules";
} // end of rule } // end of rule
description "Policy sets."; description "Policy sets.";
} }
grouping pkt-eca-opstate { grouping pkt-eca-opstate {
uses groups-status; uses groups-status;
uses rule-group-link; uses rule-group-link;
uses rules_opstate; uses rules_opstate;
uses rules_opstats; uses rules_opstats;
description "pkt eca policy description "pkt eca policy
op-state main"; op-state main";
skipping to change at page 36, line 23 skipping to change at page 42, line 20
System", draft-ietf-i2rs-architecture-15 (work in System", draft-ietf-i2rs-architecture-15 (work in
progress), April 2016. progress), April 2016.
[I-D.ietf-i2rs-rib-info-model] [I-D.ietf-i2rs-rib-info-model]
Bahadur, N., Kini, S., and J. Medved, "Routing Information Bahadur, N., Kini, S., and J. Medved, "Routing Information
Base Info Model", draft-ietf-i2rs-rib-info-model-08 (work Base Info Model", draft-ietf-i2rs-rib-info-model-08 (work
in progress), October 2015. in progress), October 2015.
[I-D.ietf-netconf-restconf] [I-D.ietf-netconf-restconf]
Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", draft-ietf-netconf-restconf-13 (work in Protocol", draft-ietf-netconf-restconf-14 (work in
progress), April 2016. progress), June 2016.
[I-D.ietf-netmod-acl-model] [I-D.ietf-netmod-acl-model]
Bogdanovic, D., Koushik, K., Huang, L., and D. Blair, Bogdanovic, D., Koushik, K., Huang, L., and D. Blair,
"Network Access Control List (ACL) YANG Data Model", "Network Access Control List (ACL) YANG Data Model",
draft-ietf-netmod-acl-model-07 (work in progress), March draft-ietf-netmod-acl-model-07 (work in progress), March
2016. 2016.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
 End of changes. 44 change blocks. 
57 lines changed or deleted 359 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/