This module defines common types for use in models requiring data definitions related to packet matches.
openconfig-inet-types
openconfig-extensions
description:
Port numbers may be represented as a single value,
an inclusive range as
type: union
type: string
type: oc-inet:port-number
type: enumeration
description:
The IP protocol number may be expressed as a valid protocol
number (integer) or using a protocol type defined by the
IP_PROTOCOL identity
type: union
type: uint8
type: identityref
description:
The Ethertype value may be expressed as a 16-bit number in
decimal notation, or using a type defined by the
ETHERTYPE identity
type: union
type: uint16
type: identityref
description:
Base identity for commonly used Ethertype values used
in packet header matches on Ethernet frames. The Ethertype
indicates which protocol is encapsulated in the Ethernet
payload.
description:
IPv4 protocol (0x0800)
base identity: ETHERTYPE
description:
Address resolution protocol (0x0806)
base identity: ETHERTYPE
description:
VLAN-tagged frame (as defined by IEEE 802.1q) (0x8100). Note
that this value is also used to represent Shortest Path
Bridging (IEEE 801.1aq) frames.
base identity: ETHERTYPE
description:
IPv6 protocol (0x86DD)
base identity: ETHERTYPE
description:
MPLS unicast (0x8847)
base identity: ETHERTYPE
description:
Link Layer Discovery Protocol (0x88CC)
base identity: ETHERTYPE
description:
RDMA over Converged Ethernet (0x8915)
base identity: ETHERTYPE
description:
Base identity for commonly used IP protocols used in
packet header matches
description:
Transmission Control Protocol (6)
base identity: IP_PROTOCOL
description:
User Datagram Protocol (17)
base identity: IP_PROTOCOL
description:
Internet Control Message Protocol (1)
base identity: IP_PROTOCOL
description:
Internet Group Membership Protocol (2)
base identity: IP_PROTOCOL
description:
Protocol Independent Multicast (103)
base identity: IP_PROTOCOL
description:
Resource Reservation Protocol (46)
base identity: IP_PROTOCOL
description:
Generic Routing Encapsulation (47)
base identity: IP_PROTOCOL
description:
Authentication header, e.g., for IPSEC (51)
base identity: IP_PROTOCOL
description:
Layer Two Tunneling Protocol v.3 (115)
base identity: IP_PROTOCOL
description:
IP-in-IP tunneling (4)
base identity: IP_PROTOCOL
description:
Common TCP flags used in packet header matches
description:
TCP SYN flag
base identity: TCP_FLAGS
description:
TCP FIN flag
base identity: TCP_FLAGS
description:
TCP RST flag
base identity: TCP_FLAGS
description:
TCP push flag
base identity: TCP_FLAGS
description:
TCP ACK flag
base identity: TCP_FLAGS
description:
TCP urgent flag
base identity: TCP_FLAGS
description:
TCP ECN-Echo flag. If the SYN flag is set, indicates that
the TCP peer is ECN-capable, otherwise indicates that a
packet with Congestion Experienced flag in the IP header
is set
base identity: TCP_FLAGS
description:
TCP Congestion Window Reduced flag
base identity: TCP_FLAGS
This module defines configuration and operational state data for network access control lists (i.e., filters, rules, etc.). ACLs are organized into ACL sets, with each set containing one or more ACL entries. ACL sets are identified by a unique name, while each entry within a set is assigned a sequence-id that determines the order in which the ACL rules are applied to a packet. Note that ACLs are evaluated in ascending order based on the sequence-id (low to high).
Individual ACL rules specify match criteria based on fields in the packet, along with an action that defines how matching packets should be handled. Entries have a type that indicates the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc.
openconfig-packet-match
openconfig-interfaces
openconfig-yang-types
openconfig-extensions
description:
Base identity for types of ACL sets
description:
IP-layer ACLs with IPv4 addresses
base identity: ACL_TYPE
description:
IP-layer ACLs with IPv6 addresses
base identity: ACL_TYPE
description:
MAC-layer ACLs
base identity: ACL_TYPE
description:
Mixed-mode ACL that specifies L2 and L3 protocol
fields. This ACL type is not implemented by many
routing/switching devices.
base identity: ACL_TYPE
description:
An ACL that matches on fields from the MPLS header.
base identity: ACL_TYPE
description:
Base identity for actions in the forwarding category
description:
Accept the packet
base identity: FORWARDING_ACTION
description:
Drop packet without sending any ICMP error message
base identity: FORWARDING_ACTION
description:
Drop the packet and send an ICMP error message to the source
base identity: FORWARDING_ACTION
description:
Base identity for defining the destination for logging
actions
description:
Log the packet in Syslog
base identity: LOG_ACTION
description:
No logging
base identity: LOG_ACTION
description:
Base identity for system to indicate how it is able to report
counters
description:
ACL counters are available and reported only per interface
base identity: ACL_COUNTER_CAPABILITY
description:
ACL counters are aggregated over all interfaces, and reported
only per ACL entry
base identity: ACL_COUNTER_CAPABILITY
description:
ACL counters are reported per interface, and also aggregated
and reported per ACL entry.
base identity: ACL_COUNTER_CAPABILITY
description:
Top level enclosing container for ACL model config
and operational state data
nodetype: container (rw)
description:
Global config data for ACLs
nodetype: container (rw)
description:
Global operational state data for ACLs
nodetype: container (ro)
description:
System reported indication of how ACL counters are reported
by the target
nodetype: leaf (ro)
type: identityref
description:
Access list entries variables enclosing container
nodetype: container (rw)
description:
List of ACL sets, each comprising of a list of ACL
entries
nodetype: list (rw)
description:
Reference to the name list key
nodetype: leaf (list key) (rw)
type: leafref
description:
Reference to the type list key
nodetype: leaf (list key) (rw)
type: leafref
description:
Access list config
nodetype: container (rw)
description:
The name of the access-list set
nodetype: leaf (rw)
type: string
description:
The type determines the fields allowed in the ACL entries
belonging to the ACL set (e.g., IPv4, IPv6, etc.)
nodetype: leaf (rw)
type: identityref
description:
Description, or comment, for the ACL set
nodetype: leaf (rw)
type: string
description:
Access list state information
nodetype: container (ro)
description:
The name of the access-list set
nodetype: leaf (ro)
type: string
description:
The type determines the fields allowed in the ACL entries
belonging to the ACL set (e.g., IPv4, IPv6, etc.)
nodetype: leaf (ro)
type: identityref
description:
Description, or comment, for the ACL set
nodetype: leaf (ro)
type: string
description:
Access list entries container
nodetype: container (rw)
description:
List of ACL entries comprising an ACL set
nodetype: list (rw)
list keys: [sequence-id]
description:
references the list key
nodetype: leaf (list key) (rw)
type: leafref
description:
Access list entries config
nodetype: container (rw)
description:
The sequence id determines the order in which ACL entries
are applied. The sequence id must be unique for each entry
in an ACL set. Target devices should apply the ACL entry
rules in ascending order determined by sequence id (low to
high), rather than the relying only on order in the list.
nodetype: leaf (rw)
type: uint32
description:
A user-defined description, or comment, for this Access List
Entry.
nodetype: leaf (rw)
type: string
description:
State information for ACL entries
nodetype: container (ro)
description:
The sequence id determines the order in which ACL entries
are applied. The sequence id must be unique for each entry
in an ACL set. Target devices should apply the ACL entry
rules in ascending order determined by sequence id (low to
high), rather than the relying only on order in the list.
nodetype: leaf (ro)
type: uint32
description:
A user-defined description, or comment, for this Access List
Entry.
nodetype: leaf (ro)
type: string
description:
Count of the number of packets matching the current ACL
entry.
An implementation should provide this counter on a
per-interface per-ACL-entry if possible.
If an implementation only supports ACL counters per entry
(i.e., not broken out per interface), then the value
should be equal to the aggregate count across all interfaces.
An implementation that provides counters per entry per
interface is not required to also provide an aggregate count,
e.g., per entry -- the user is expected to be able implement
the required aggregation if such a count is needed.
nodetype: leaf (ro)
type: oc-yang:counter64
description:
Count of the number of octets (bytes) matching the current
ACL entry.
An implementation should provide this counter on a
per-interface per-ACL-entry if possible.
If an implementation only supports ACL counters per entry
(i.e., not broken out per interface), then the value
should be equal to the aggregate count across all interfaces.
An implementation that provides counters per entry per
interface is not required to also provide an aggregate count,
e.g., per entry -- the user is expected to be able implement
the required aggregation if such a count is needed.
nodetype: leaf (ro)
type: oc-yang:counter64
description:
Ethernet header fields
nodetype: container (rw)
description:
Configuration data
nodetype: container (rw)
description:
Source IEEE 802 MAC address.
nodetype: leaf (rw)
type: oc-yang:mac-address
description:
Source IEEE 802 MAC address mask.
nodetype: leaf (rw)
type: oc-yang:mac-address
description:
Destination IEEE 802 MAC address.
nodetype: leaf (rw)
type: oc-yang:mac-address
description:
Destination IEEE 802 MAC address mask.
nodetype: leaf (rw)
type: oc-yang:mac-address
description:
Ethertype field to match in Ethernet packets
nodetype: leaf (rw)
type: oc-pkt-match-types:ethertype-type
description:
State Information.
nodetype: container (ro)
description:
Source IEEE 802 MAC address.
nodetype: leaf (ro)
type: oc-yang:mac-address
description:
Source IEEE 802 MAC address mask.
nodetype: leaf (ro)
type: oc-yang:mac-address
description:
Destination IEEE 802 MAC address.
nodetype: leaf (ro)
type: oc-yang:mac-address
description:
Destination IEEE 802 MAC address mask.
nodetype: leaf (ro)
type: oc-yang:mac-address
description:
Ethertype field to match in Ethernet packets
nodetype: leaf (ro)
type: oc-pkt-match-types:ethertype-type
description:
Top level container for IPv4 match field data
nodetype: container (rw)
description:
Configuration data for IPv4 match fields
nodetype: container (rw)
description:
Source IPv4 address prefix.
nodetype: leaf (rw)
type: oc-inet:ipv4-prefix
description:
Reference to a IPv4 address prefix Set
to match the source address
nodetype: leaf (rw)
type: leafref
description:
Destination IPv4 address prefix.
nodetype: leaf (rw)
type: oc-inet:ipv4-prefix
description:
Reference to a IPv4 address prefix set
to match the destination address
nodetype: leaf (rw)
type: leafref
description:
Value of diffserv codepoint.
nodetype: leaf (rw)
type: oc-inet:dscp
description:
A list of DSCP values to be matched for incoming packets. AN OR match should
be performed, such that a packet must match one of the values defined in this
list. If the field is left empty then any DSCP value matches unless the 'dscp'
leaf is specified. It is not valid to specify both 'dscp' and 'dscp-set together.'
nodetype: leaf-list (rw)
type: oc-inet:dscp
description:
In the IPv4 header field, this field is known as the Total
Length. Total Length is the length of the datagram, measured
in octets, including internet header and data.
In the IPv6 header field, this field is known as the Payload
Length, which is the length of the IPv6 payload, i.e., the rest
of the packet following the IPv6 header, in octets.
nodetype: leaf (rw)
type: uint16
description:
The protocol carried in the IP packet, expressed either
as its IP protocol number, or by a defined identity.
nodetype: leaf (rw)
type: oc-pkt-match-types:ip-protocol-type
description:
The IP packet's hop limit -- known as TTL (in hops) in
IPv4 packets, and hop limit in IPv6
nodetype: leaf (rw)
type: uint8
description:
State information for IPv4 match fields
nodetype: container (ro)
description:
Source IPv4 address prefix.
nodetype: leaf (ro)
type: oc-inet:ipv4-prefix
description:
Reference to a IPv4 address prefix Set
to match the source address
nodetype: leaf (ro)
type: leafref
description:
Destination IPv4 address prefix.
nodetype: leaf (ro)
type: oc-inet:ipv4-prefix
description:
Reference to a IPv4 address prefix set
to match the destination address
nodetype: leaf (ro)
type: leafref
description:
Value of diffserv codepoint.
nodetype: leaf (ro)
type: oc-inet:dscp
description:
A list of DSCP values to be matched for incoming packets. AN OR match should
be performed, such that a packet must match one of the values defined in this
list. If the field is left empty then any DSCP value matches unless the 'dscp'
leaf is specified. It is not valid to specify both 'dscp' and 'dscp-set together.'
nodetype: leaf-list (ro)
type: oc-inet:dscp
description:
In the IPv4 header field, this field is known as the Total
Length. Total Length is the length of the datagram, measured
in octets, including internet header and data.
In the IPv6 header field, this field is known as the Payload
Length, which is the length of the IPv6 payload, i.e., the rest
of the packet following the IPv6 header, in octets.
nodetype: leaf (ro)
type: uint16
description:
The protocol carried in the IP packet, expressed either
as its IP protocol number, or by a defined identity.
nodetype: leaf (ro)
type: oc-pkt-match-types:ip-protocol-type
description:
The IP packet's hop limit -- known as TTL (in hops) in
IPv4 packets, and hop limit in IPv6
nodetype: leaf (ro)
type: uint8
description:
Top container for ICMPv4 filtering
nodetype: container (rw)
description:
Configuration attributes for ICMPv4 filtering
nodetype: container (rw)
description:
ICMPv4 type to be matched.
nodetype: leaf (rw)
type: identityref
description:
ICMPv4 code to be matched.
nodetype: leaf (rw)
type: identityref
description:
State attributes for ICMPv4 filtering
nodetype: container (ro)
description:
ICMPv4 type to be matched.
nodetype: leaf (ro)
type: identityref
description:
ICMPv4 code to be matched.
nodetype: leaf (ro)
type: identityref
description:
MPLS header fields
nodetype: container (rw)
description:
Configuration parameters relating to fields within
the MPLS header.
nodetype: container (rw)
description:
The value of the MPLS traffic class (TC) bits,
formerly known as the EXP bits.
nodetype: leaf (rw)
type: oc-mpls:mpls-tc
description:
Match MPLS label value on the MPLS header.
The usage of this field indicated the upper
range value in the top of the stack.
The range that is used is inclusive. The match that
is done for a particular received pkt_label is:
start-label-value <= pkt_label <= end-label-value.
The 20-bit label value in an MPLS label
stack as specified in RFC 3032.
This label value does not include the
encodings of Traffic Class and TTL.
nodetype: leaf (rw)
type: oc-mpls:mpls-label
description:
Match MPLS label value on the MPLS header.
The usage of this field indicated the upper
range value in the top of the stack.
The range that is used is inclusive. The match that
is done for a particular received pkt_label is:
start-label-value <= pkt_label <= end-label-value.
The 20-bit label value in an MPLS label
stack as specified in RFC 3032.
This label value does not include the
encodings of Traffic Class and TTL.
nodetype: leaf (rw)
type: oc-mpls:mpls-label
description:
Time-to-live MPLS packet value match.
nodetype: leaf (rw)
type: uint8
description:
Operational state parameters relating to fields
within the MPLS header
nodetype: container (ro)
description:
The value of the MPLS traffic class (TC) bits,
formerly known as the EXP bits.
nodetype: leaf (ro)
type: oc-mpls:mpls-tc
description:
Match MPLS label value on the MPLS header.
The usage of this field indicated the upper
range value in the top of the stack.
The range that is used is inclusive. The match that
is done for a particular received pkt_label is:
start-label-value <= pkt_label <= end-label-value.
The 20-bit label value in an MPLS label
stack as specified in RFC 3032.
This label value does not include the
encodings of Traffic Class and TTL.
nodetype: leaf (ro)
type: oc-mpls:mpls-label
description:
Match MPLS label value on the MPLS header.
The usage of this field indicated the upper
range value in the top of the stack.
The range that is used is inclusive. The match that
is done for a particular received pkt_label is:
start-label-value <= pkt_label <= end-label-value.
The 20-bit label value in an MPLS label
stack as specified in RFC 3032.
This label value does not include the
encodings of Traffic Class and TTL.
nodetype: leaf (ro)
type: oc-mpls:mpls-label
description:
Time-to-live MPLS packet value match.
nodetype: leaf (ro)
type: uint8
description:
Top-level container for IPv6 match field data
nodetype: container (rw)
description:
Configuration data for IPv6 match fields
nodetype: container (rw)
description:
Source IPv6 address prefix.
nodetype: leaf (rw)
type: oc-inet:ipv6-prefix
description:
Reference to a IPv6 address prefix set
to match the source address
nodetype: leaf (rw)
type: leafref
description:
Source IPv6 Flow label.
nodetype: leaf (rw)
type: oc-inet:ipv6-flow-label
description:
Destination IPv6 address prefix.
nodetype: leaf (rw)
type: oc-inet:ipv6-prefix
description:
Reference to a IPv6 address prefix set
to match the destination address
nodetype: leaf (rw)
type: leafref
description:
Destination IPv6 Flow label.
nodetype: leaf (rw)
type: oc-inet:ipv6-flow-label
description:
Value of diffserv codepoint.
nodetype: leaf (rw)
type: oc-inet:dscp
description:
A list of DSCP values to be matched for incoming packets. AN OR match should
be performed, such that a packet must match one of the values defined in this
list. If the field is left empty then any DSCP value matches unless the 'dscp'
leaf is specified. It is not valid to specify both 'dscp' and 'dscp-set together.'
nodetype: leaf-list (rw)
type: oc-inet:dscp
description:
In the IPv4 header field, this field is known as the Total
Length. Total Length is the length of the datagram, measured
in octets, including internet header and data.
In the IPv6 header field, this field is known as the Payload
Length, which is the length of the IPv6 payload, i.e., the rest
of the packet following the IPv6 header, in octets.
nodetype: leaf (rw)
type: uint16
description:
The protocol carried in the IP packet, expressed either
as its IP protocol number, or by a defined identity.
nodetype: leaf (rw)
type: oc-pkt-match-types:ip-protocol-type
description:
The IP packet's hop limit -- known as TTL (in hops) in
IPv4 packets, and hop limit in IPv6
nodetype: leaf (rw)
type: uint8
description:
Operational state data for IPv6 match fields
nodetype: container (ro)
description:
Source IPv6 address prefix.
nodetype: leaf (ro)
type: oc-inet:ipv6-prefix
description:
Reference to a IPv6 address prefix set
to match the source address
nodetype: leaf (ro)
type: leafref
description:
Source IPv6 Flow label.
nodetype: leaf (ro)
type: oc-inet:ipv6-flow-label
description:
Destination IPv6 address prefix.
nodetype: leaf (ro)
type: oc-inet:ipv6-prefix
description:
Reference to a IPv6 address prefix set
to match the destination address
nodetype: leaf (ro)
type: leafref
description:
Destination IPv6 Flow label.
nodetype: leaf (ro)
type: oc-inet:ipv6-flow-label
description:
Value of diffserv codepoint.
nodetype: leaf (ro)
type: oc-inet:dscp
description:
A list of DSCP values to be matched for incoming packets. AN OR match should
be performed, such that a packet must match one of the values defined in this
list. If the field is left empty then any DSCP value matches unless the 'dscp'
leaf is specified. It is not valid to specify both 'dscp' and 'dscp-set together.'
nodetype: leaf-list (ro)
type: oc-inet:dscp
description:
In the IPv4 header field, this field is known as the Total
Length. Total Length is the length of the datagram, measured
in octets, including internet header and data.
In the IPv6 header field, this field is known as the Payload
Length, which is the length of the IPv6 payload, i.e., the rest
of the packet following the IPv6 header, in octets.
nodetype: leaf (ro)
type: uint16
description:
The protocol carried in the IP packet, expressed either
as its IP protocol number, or by a defined identity.
nodetype: leaf (ro)
type: oc-pkt-match-types:ip-protocol-type
description:
The IP packet's hop limit -- known as TTL (in hops) in
IPv4 packets, and hop limit in IPv6
nodetype: leaf (ro)
type: uint8
description:
Top container for ICMPv6 filtering
nodetype: container (rw)
description:
Configuration attributes for ICMPv6 filtering
nodetype: container (rw)
description:
ICMPv6 type to be matched.
nodetype: leaf (rw)
type: identityref
description:
ICMP code to be matched.
nodetype: leaf (rw)
type: identityref
description:
State attributes for ICMPv6 filtering
nodetype: container (ro)
description:
ICMPv6 type to be matched.
nodetype: leaf (ro)
type: identityref
description:
ICMP code to be matched.
nodetype: leaf (ro)
type: identityref
description:
Transport fields container
nodetype: container (rw)
description:
Configuration data
nodetype: container (rw)
description:
Source port or range
nodetype: leaf (rw)
type: oc-pkt-match-types:port-num-range
description:
Reference to a port set
to match the source port
nodetype: leaf (rw)
type: leafref
description:
Destination port or range
nodetype: leaf (rw)
type: oc-pkt-match-types:port-num-range
description:
Reference to a port set
to match the destination port
nodetype: leaf (rw)
type: leafref
description:
Mode that is used for matching detailed fields at the transport
layer. When EXPLICIT is specified, the implementation should
match based on the explicit flags that are specified in the
corresponding leaf. When BUILTIN is specified, the implementation
must expand the contents of the corresponding leaf to the flags
and/or fields that match the pre-defined built-in values.
nodetype: leaf (rw)
type: enumeration
description:
Specifies how the contents of the explicit-details-flags list
are to be treated. ANY implies that any of the flags may match,
where ALL indicates that all the flags must be matched.
nodetype: leaf (rw)
type: enumeration
description:
An explicit list of the TCP flags that are to be matched. The
mechanism for the match is specified by the explicit-detail-match-mode
leaf.
nodetype: leaf-list (rw)
type: identityref
description:
Specifies a built-in (alias) for a match condition that matches
multiple flags, or specifies particular logic as to the flag matches
to be implemented. This leaf is only valid when the detail-match-mode
leaf is BUILTIN.
nodetype: leaf (rw)
type: enumeration
description:
State data
nodetype: container (ro)
description:
Source port or range
nodetype: leaf (ro)
type: oc-pkt-match-types:port-num-range
description:
Reference to a port set
to match the source port
nodetype: leaf (ro)
type: leafref
description:
Destination port or range
nodetype: leaf (ro)
type: oc-pkt-match-types:port-num-range
description:
Reference to a port set
to match the destination port
nodetype: leaf (ro)
type: leafref
description:
Mode that is used for matching detailed fields at the transport
layer. When EXPLICIT is specified, the implementation should
match based on the explicit flags that are specified in the
corresponding leaf. When BUILTIN is specified, the implementation
must expand the contents of the corresponding leaf to the flags
and/or fields that match the pre-defined built-in values.
nodetype: leaf (ro)
type: enumeration
description:
Specifies how the contents of the explicit-details-flags list
are to be treated. ANY implies that any of the flags may match,
where ALL indicates that all the flags must be matched.
nodetype: leaf (ro)
type: enumeration
description:
An explicit list of the TCP flags that are to be matched. The
mechanism for the match is specified by the explicit-detail-match-mode
leaf.
nodetype: leaf-list (ro)
type: identityref
description:
Specifies a built-in (alias) for a match condition that matches
multiple flags, or specifies particular logic as to the flag matches
to be implemented. This leaf is only valid when the detail-match-mode
leaf is BUILTIN.
nodetype: leaf (ro)
type: enumeration
description:
Input interface container. The interface is resolved based
on the interface and subinterface leaves of the interface-ref
container, which are references to entries in the /interfaces
list.
nodetype: container (rw)
description:
Config data
nodetype: container (rw)
description:
State information
nodetype: container (ro)
description:
Reference to an interface or subinterface. The interface
that is being referenced is uniquely referenced based on
the specified interface and subinterface leaves. In contexts
where a Layer 3 interface is to be referenced, both the
interface and subinterface leaves must be populated, as
Layer 3 configuration within the OpenConfig models is
associated with a subinterface. In the case where a
Layer 2 interface is to be referenced, only the
interface is specified.
The interface/subinterface leaf tuple must be used as
the means by which the interface is specified, regardless
of any other context information (e.g., key in a list).
nodetype: container (rw)
description:
Configured reference to interface / subinterface
nodetype: container (rw)
description:
Reference to a base interface. If a reference to a
subinterface is required, this leaf must be specified
to indicate the base interface.
nodetype: leaf (rw)
type: leafref
description:
Reference to a subinterface -- this requires the base
interface to be specified using the interface leaf in
this container. If only a reference to a base interface
is requuired, this leaf should not be set.
nodetype: leaf (rw)
type: leafref
description:
Operational state for interface-ref
nodetype: container (ro)
description:
Reference to a base interface. If a reference to a
subinterface is required, this leaf must be specified
to indicate the base interface.
nodetype: leaf (ro)
type: leafref
description:
Reference to a subinterface -- this requires the base
interface to be specified using the interface leaf in
this container. If only a reference to a base interface
is requuired, this leaf should not be set.
nodetype: leaf (ro)
type: leafref
description:
Enclosing container for list of ACL actions associated
with an entry
nodetype: container (rw)
description:
Config data for ACL actions
nodetype: container (rw)
description:
Specifies the forwarding action. One forwarding action
must be specified for each ACL entry
nodetype: leaf (rw)
type: identityref
description:
Specifies the log action and destination for
matched packets. The default is not to log the
packet.
nodetype: leaf (rw)
type: identityref
default: LOG_NONE
description:
State information for ACL actions
nodetype: container (ro)
description:
Specifies the forwarding action. One forwarding action
must be specified for each ACL entry
nodetype: leaf (ro)
type: identityref
description:
Specifies the log action and destination for
matched packets. The default is not to log the
packet.
nodetype: leaf (ro)
type: identityref
default: LOG_NONE
description:
Enclosing container for the list of interfaces on which
ACLs are set
nodetype: container (rw)
description:
List of interfaces on which ACLs are set. The interface is resolved
based on the interface and subinterface leaves of the interface-ref
container, which are references to entries in the /interfaces
list. The key of the list is an arbitrary value that the
implementation should not use to resolve an interface name.
nodetype: list (rw)
list keys: [id]
description:
Reference to the interface id list key
nodetype: leaf (list key) (rw)
type: leafref
description:
Configuration for ACL per-interface data
nodetype: container (rw)
description:
User-defined identifier for the interface -- a common
convention could be '
nodetype: leaf (rw)
type: oc-if:interface-id
description:
Operational state for ACL per-interface data
nodetype: container (ro)
description:
User-defined identifier for the interface -- a common
convention could be '
nodetype: leaf (ro)
type: oc-if:interface-id
description:
Reference to an interface or subinterface. The interface
that is being referenced is uniquely referenced based on
the specified interface and subinterface leaves. In contexts
where a Layer 3 interface is to be referenced, both the
interface and subinterface leaves must be populated, as
Layer 3 configuration within the OpenConfig models is
associated with a subinterface. In the case where a
Layer 2 interface is to be referenced, only the
interface is specified.
The interface/subinterface leaf tuple must be used as
the means by which the interface is specified, regardless
of any other context information (e.g., key in a list).
nodetype: container (rw)
description:
Configured reference to interface / subinterface
nodetype: container (rw)
description:
Reference to a base interface. If a reference to a
subinterface is required, this leaf must be specified
to indicate the base interface.
nodetype: leaf (rw)
type: leafref
description:
Reference to a subinterface -- this requires the base
interface to be specified using the interface leaf in
this container. If only a reference to a base interface
is requuired, this leaf should not be set.
nodetype: leaf (rw)
type: leafref
description:
Operational state for interface-ref
nodetype: container (ro)
description:
Reference to a base interface. If a reference to a
subinterface is required, this leaf must be specified
to indicate the base interface.
nodetype: leaf (ro)
type: leafref
description:
Reference to a subinterface -- this requires the base
interface to be specified using the interface leaf in
this container. If only a reference to a base interface
is requuired, this leaf should not be set.
nodetype: leaf (ro)
type: leafref
description:
Enclosing container the list of ingress ACLs on the
interface
nodetype: container (rw)
description:
List of ingress ACLs on the interface
nodetype: list (rw)
description:
Reference to set name list key
nodetype: leaf (list key) (rw)
type: leafref
description:
Reference to type list key
nodetype: leaf (list key) (rw)
type: leafref
description:
Configuration data
nodetype: container (rw)
description:
Reference to the ACL set name applied on ingress
nodetype: leaf (rw)
type: leafref
description:
Reference to the ACL set type applied on ingress
nodetype: leaf (rw)
type: leafref
description:
Operational state data for interface ingress ACLs
nodetype: container (ro)
description:
Reference to the ACL set name applied on ingress
nodetype: leaf (ro)
type: leafref
description:
Reference to the ACL set type applied on ingress
nodetype: leaf (ro)
type: leafref
description:
Enclosing container for list of references to ACLs
nodetype: container (ro)
description:
List of ACL entries assigned to an interface
nodetype: list (ro)
list keys: [sequence-id]
description:
Reference to per-interface acl entry key
nodetype: leaf (list key) (ro)
type: leafref
description:
Operational state data for per-interface ACL entries
nodetype: container (ro)
description:
Reference to an entry in the ACL set applied to an
interface
nodetype: leaf (ro)
type: leafref
description:
Count of the number of packets matching the current ACL
entry.
An implementation should provide this counter on a
per-interface per-ACL-entry if possible.
If an implementation only supports ACL counters per entry
(i.e., not broken out per interface), then the value
should be equal to the aggregate count across all interfaces.
An implementation that provides counters per entry per
interface is not required to also provide an aggregate count,
e.g., per entry -- the user is expected to be able implement
the required aggregation if such a count is needed.
nodetype: leaf (ro)
type: oc-yang:counter64
description:
Count of the number of octets (bytes) matching the current
ACL entry.
An implementation should provide this counter on a
per-interface per-ACL-entry if possible.
If an implementation only supports ACL counters per entry
(i.e., not broken out per interface), then the value
should be equal to the aggregate count across all interfaces.
An implementation that provides counters per entry per
interface is not required to also provide an aggregate count,
e.g., per entry -- the user is expected to be able implement
the required aggregation if such a count is needed.
nodetype: leaf (ro)
type: oc-yang:counter64
description:
Enclosing container the list of egress ACLs on the
interface
nodetype: container (rw)
description:
List of egress ACLs on the interface
nodetype: list (rw)
description:
Reference to set name list key
nodetype: leaf (list key) (rw)
type: leafref
description:
Reference to type list key
nodetype: leaf (list key) (rw)
type: leafref
description:
Configuration data
nodetype: container (rw)
description:
Reference to the ACL set name applied on egress
nodetype: leaf (rw)
type: leafref
description:
Reference to the ACL set type applied on egress.
nodetype: leaf (rw)
type: leafref
description:
Operational state data for interface egress ACLs
nodetype: container (ro)
description:
Reference to the ACL set name applied on egress
nodetype: leaf (ro)
type: leafref
description:
Reference to the ACL set type applied on egress.
nodetype: leaf (ro)
type: leafref
description:
Enclosing container for list of references to ACLs
nodetype: container (ro)
description:
List of ACL entries assigned to an interface
nodetype: list (ro)
list keys: [sequence-id]
description:
Reference to per-interface acl entry key
nodetype: leaf (list key) (ro)
type: leafref
description:
Operational state data for per-interface ACL entries
nodetype: container (ro)
description:
Reference to an entry in the ACL set applied to an
interface
nodetype: leaf (ro)
type: leafref
description:
Count of the number of packets matching the current ACL
entry.
An implementation should provide this counter on a
per-interface per-ACL-entry if possible.
If an implementation only supports ACL counters per entry
(i.e., not broken out per interface), then the value
should be equal to the aggregate count across all interfaces.
An implementation that provides counters per entry per
interface is not required to also provide an aggregate count,
e.g., per entry -- the user is expected to be able implement
the required aggregation if such a count is needed.
nodetype: leaf (ro)
type: oc-yang:counter64
description:
Count of the number of octets (bytes) matching the current
ACL entry.
An implementation should provide this counter on a
per-interface per-ACL-entry if possible.
If an implementation only supports ACL counters per entry
(i.e., not broken out per interface), then the value
should be equal to the aggregate count across all interfaces.
An implementation that provides counters per entry per
interface is not required to also provide an aggregate count,
e.g., per entry -- the user is expected to be able implement
the required aggregation if such a count is needed.
nodetype: leaf (ro)
type: oc-yang:counter64