openconfig-packet-match-types

openconfig-version: 1.3.2

Description

This module defines common types for use in models requiring data definitions related to packet matches.

Imports

openconfig-inet-types
openconfig-extensions

Defined types

port-num-range

description:
Port numbers may be represented as a single value, an inclusive range as .., or as ANY to indicate a wildcard.

type: union

    type: string

    • pattern:
      (0{0,4}[0-9]|0{0,3}[1-9][0-9]|0{0,2}[1-9][0-9]{2}|0?[1-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])\.\.(0{0,4}[0-9]|0{0,3}[1-9][0-9]|0{0,2}[1-9][0-9]{2}|0?[1-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])

    type: oc-inet:port-number

    type: enumeration

    • ANY
      Indicates any valid port number (e.g., wildcard)

ip-protocol-type

description:
The IP protocol number may be expressed as a valid protocol number (integer) or using a protocol type defined by the IP_PROTOCOL identity

type: union

    type: uint8

    • range: 0..254

    type: identityref

    • base: IP_PROTOCOL

ethertype-type

description:
The Ethertype value may be expressed as a 16-bit number in decimal notation, or using a type defined by the ETHERTYPE identity

type: union

    type: uint16

    • range: 1536..65535

    type: identityref

    • base: ETHERTYPE

Identities

base: ETHERTYPE

description:
Base identity for commonly used Ethertype values used in packet header matches on Ethernet frames. The Ethertype indicates which protocol is encapsulated in the Ethernet payload.

ETHERTYPE_IPV4

description:
IPv4 protocol (0x0800)

base identity: ETHERTYPE

ETHERTYPE_ARP

description:
Address resolution protocol (0x0806)

base identity: ETHERTYPE

ETHERTYPE_VLAN

description:
VLAN-tagged frame (as defined by IEEE 802.1q) (0x8100). Note that this value is also used to represent Shortest Path Bridging (IEEE 801.1aq) frames.

base identity: ETHERTYPE

ETHERTYPE_IPV6

description:
IPv6 protocol (0x86DD)

base identity: ETHERTYPE

ETHERTYPE_MPLS

description:
MPLS unicast (0x8847)

base identity: ETHERTYPE

ETHERTYPE_LLDP

description:
Link Layer Discovery Protocol (0x88CC)

base identity: ETHERTYPE

ETHERTYPE_ROCE

description:
RDMA over Converged Ethernet (0x8915)

base identity: ETHERTYPE

base: IP_PROTOCOL

description:
Base identity for commonly used IP protocols used in packet header matches

IP_TCP

description:
Transmission Control Protocol (6)

base identity: IP_PROTOCOL

IP_UDP

description:
User Datagram Protocol (17)

base identity: IP_PROTOCOL

IP_ICMP

description:
Internet Control Message Protocol (1)

base identity: IP_PROTOCOL

IP_IGMP

description:
Internet Group Membership Protocol (2)

base identity: IP_PROTOCOL

IP_PIM

description:
Protocol Independent Multicast (103)

base identity: IP_PROTOCOL

IP_RSVP

description:
Resource Reservation Protocol (46)

base identity: IP_PROTOCOL

IP_GRE

description:
Generic Routing Encapsulation (47)

base identity: IP_PROTOCOL

IP_AUTH

description:
Authentication header, e.g., for IPSEC (51)

base identity: IP_PROTOCOL

IP_L2TP

description:
Layer Two Tunneling Protocol v.3 (115)

base identity: IP_PROTOCOL

IP_IN_IP

description:
IP-in-IP tunneling (4)

base identity: IP_PROTOCOL

base: TCP_FLAGS

description:
Common TCP flags used in packet header matches

TCP_SYN

description:
TCP SYN flag

base identity: TCP_FLAGS

TCP_FIN

description:
TCP FIN flag

base identity: TCP_FLAGS

TCP_RST

description:
TCP RST flag

base identity: TCP_FLAGS

TCP_PSH

description:
TCP push flag

base identity: TCP_FLAGS

TCP_ACK

description:
TCP ACK flag

base identity: TCP_FLAGS

TCP_URG

description:
TCP urgent flag

base identity: TCP_FLAGS

TCP_ECE

description:
TCP ECN-Echo flag. If the SYN flag is set, indicates that the TCP peer is ECN-capable, otherwise indicates that a packet with Congestion Experienced flag in the IP header is set

base identity: TCP_FLAGS

TCP_CWR

description:
TCP Congestion Window Reduced flag

base identity: TCP_FLAGS

Data elements

openconfig-acl

openconfig-version: 1.3.2

Description

This module defines configuration and operational state data for network access control lists (i.e., filters, rules, etc.). ACLs are organized into ACL sets, with each set containing one or more ACL entries. ACL sets are identified by a unique name, while each entry within a set is assigned a sequence-id that determines the order in which the ACL rules are applied to a packet. Note that ACLs are evaluated in ascending order based on the sequence-id (low to high).

Individual ACL rules specify match criteria based on fields in the packet, along with an action that defines how matching packets should be handled. Entries have a type that indicates the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc.

Imports

openconfig-packet-match
openconfig-interfaces
openconfig-yang-types
openconfig-extensions

Identities

base: ACL_TYPE

description:
Base identity for types of ACL sets

ACL_IPV4

description:
IP-layer ACLs with IPv4 addresses

base identity: ACL_TYPE

ACL_IPV6

description:
IP-layer ACLs with IPv6 addresses

base identity: ACL_TYPE

ACL_L2

description:
MAC-layer ACLs

base identity: ACL_TYPE

ACL_MIXED

description:
Mixed-mode ACL that specifies L2 and L3 protocol fields. This ACL type is not implemented by many routing/switching devices.

base identity: ACL_TYPE

ACL_MPLS

description:
An ACL that matches on fields from the MPLS header.

base identity: ACL_TYPE

base: FORWARDING_ACTION

description:
Base identity for actions in the forwarding category

ACCEPT

description:
Accept the packet

base identity: FORWARDING_ACTION

DROP

description:
Drop packet without sending any ICMP error message

base identity: FORWARDING_ACTION

REJECT

description:
Drop the packet and send an ICMP error message to the source

base identity: FORWARDING_ACTION

base: LOG_ACTION

description:
Base identity for defining the destination for logging actions

LOG_SYSLOG

description:
Log the packet in Syslog

base identity: LOG_ACTION

LOG_NONE

description:
No logging

base identity: LOG_ACTION

base: ACL_COUNTER_CAPABILITY

description:
Base identity for system to indicate how it is able to report counters

INTERFACE_ONLY

description:
ACL counters are available and reported only per interface

base identity: ACL_COUNTER_CAPABILITY

AGGREGATE_ONLY

description:
ACL counters are aggregated over all interfaces, and reported only per ACL entry

base identity: ACL_COUNTER_CAPABILITY

INTERFACE_AGGREGATE

description:
ACL counters are reported per interface, and also aggregated and reported per ACL entry.

base identity: ACL_COUNTER_CAPABILITY

Data elements

/
acl

description:
Top level enclosing container for ACL model config and operational state data

nodetype: container (rw)

/acl/
config

description:
Global config data for ACLs

nodetype: container (rw)

/acl/
state

description:
Global operational state data for ACLs

nodetype: container (ro)

/acl/state/
counter-capability

description:
System reported indication of how ACL counters are reported by the target

nodetype: leaf (ro)

type: identityref

  • base: ACL_COUNTER_CAPABILITY

/acl/
acl-sets

description:
Access list entries variables enclosing container

nodetype: container (rw)

/acl/acl-sets/
acl-set

description:
List of ACL sets, each comprising of a list of ACL entries

nodetype: list (rw)

list keys: [name] [type]

/acl/acl-sets/acl-set/
name

description:
Reference to the name list key

nodetype: leaf (list key) (rw)

type: leafref

  • path reference: ../config/name

/acl/acl-sets/acl-set/
type

description:
Reference to the type list key

nodetype: leaf (list key) (rw)

type: leafref

  • path reference: ../config/type

/acl/acl-sets/acl-set/
config

description:
Access list config

nodetype: container (rw)

/acl/acl-sets/acl-set/config/
name

description:
The name of the access-list set

nodetype: leaf (rw)

type: string

/acl/acl-sets/acl-set/config/
type

description:
The type determines the fields allowed in the ACL entries belonging to the ACL set (e.g., IPv4, IPv6, etc.)

nodetype: leaf (rw)

type: identityref

  • base: ACL_TYPE

/acl/acl-sets/acl-set/config/
description

description:
Description, or comment, for the ACL set

nodetype: leaf (rw)

type: string

/acl/acl-sets/acl-set/
state

description:
Access list state information

nodetype: container (ro)

/acl/acl-sets/acl-set/state/
name

description:
The name of the access-list set

nodetype: leaf (ro)

type: string

/acl/acl-sets/acl-set/state/
type

description:
The type determines the fields allowed in the ACL entries belonging to the ACL set (e.g., IPv4, IPv6, etc.)

nodetype: leaf (ro)

type: identityref

  • base: ACL_TYPE

/acl/acl-sets/acl-set/state/
description

description:
Description, or comment, for the ACL set

nodetype: leaf (ro)

type: string

/acl/acl-sets/acl-set/
acl-entries

description:
Access list entries container

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/
acl-entry

description:
List of ACL entries comprising an ACL set

nodetype: list (rw)

list keys: [sequence-id]

/acl/acl-sets/acl-set/acl-entries/acl-entry/
sequence-id

description:
references the list key

nodetype: leaf (list key) (rw)

type: leafref

  • path reference: ../config/sequence-id

/acl/acl-sets/acl-set/acl-entries/acl-entry/
config

description:
Access list entries config

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/config/
sequence-id

description:
The sequence id determines the order in which ACL entries are applied. The sequence id must be unique for each entry in an ACL set. Target devices should apply the ACL entry rules in ascending order determined by sequence id (low to high), rather than the relying only on order in the list.

nodetype: leaf (rw)

type: uint32

/acl/acl-sets/acl-set/acl-entries/acl-entry/config/
description

description:
A user-defined description, or comment, for this Access List Entry.

nodetype: leaf (rw)

type: string

/acl/acl-sets/acl-set/acl-entries/acl-entry/
state

description:
State information for ACL entries

nodetype: container (ro)

/acl/acl-sets/acl-set/acl-entries/acl-entry/state/
sequence-id

description:
The sequence id determines the order in which ACL entries are applied. The sequence id must be unique for each entry in an ACL set. Target devices should apply the ACL entry rules in ascending order determined by sequence id (low to high), rather than the relying only on order in the list.

nodetype: leaf (ro)

type: uint32

/acl/acl-sets/acl-set/acl-entries/acl-entry/state/
description

description:
A user-defined description, or comment, for this Access List Entry.

nodetype: leaf (ro)

type: string

/acl/acl-sets/acl-set/acl-entries/acl-entry/state/
matched-packets

description:
Count of the number of packets matching the current ACL entry. An implementation should provide this counter on a per-interface per-ACL-entry if possible. If an implementation only supports ACL counters per entry (i.e., not broken out per interface), then the value should be equal to the aggregate count across all interfaces. An implementation that provides counters per entry per interface is not required to also provide an aggregate count, e.g., per entry -- the user is expected to be able implement the required aggregation if such a count is needed.

nodetype: leaf (ro)

type: oc-yang:counter64

/acl/acl-sets/acl-set/acl-entries/acl-entry/state/
matched-octets

description:
Count of the number of octets (bytes) matching the current ACL entry. An implementation should provide this counter on a per-interface per-ACL-entry if possible. If an implementation only supports ACL counters per entry (i.e., not broken out per interface), then the value should be equal to the aggregate count across all interfaces. An implementation that provides counters per entry per interface is not required to also provide an aggregate count, e.g., per entry -- the user is expected to be able implement the required aggregation if such a count is needed.

nodetype: leaf (ro)

type: oc-yang:counter64

/acl/acl-sets/acl-set/acl-entries/acl-entry/
l2

description:
Ethernet header fields

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/
config

description:
Configuration data

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/config/
source-mac

description:
Source IEEE 802 MAC address.

nodetype: leaf (rw)

type: oc-yang:mac-address

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/config/
source-mac-mask

description:
Source IEEE 802 MAC address mask.

nodetype: leaf (rw)

type: oc-yang:mac-address

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/config/
destination-mac

description:
Destination IEEE 802 MAC address.

nodetype: leaf (rw)

type: oc-yang:mac-address

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/config/
destination-mac-mask

description:
Destination IEEE 802 MAC address mask.

nodetype: leaf (rw)

type: oc-yang:mac-address

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/config/
ethertype

description:
Ethertype field to match in Ethernet packets

nodetype: leaf (rw)

type: oc-pkt-match-types:ethertype-type

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/
state

description:
State Information.

nodetype: container (ro)

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/state/
source-mac

description:
Source IEEE 802 MAC address.

nodetype: leaf (ro)

type: oc-yang:mac-address

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/state/
source-mac-mask

description:
Source IEEE 802 MAC address mask.

nodetype: leaf (ro)

type: oc-yang:mac-address

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/state/
destination-mac

description:
Destination IEEE 802 MAC address.

nodetype: leaf (ro)

type: oc-yang:mac-address

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/state/
destination-mac-mask

description:
Destination IEEE 802 MAC address mask.

nodetype: leaf (ro)

type: oc-yang:mac-address

/acl/acl-sets/acl-set/acl-entries/acl-entry/l2/state/
ethertype

description:
Ethertype field to match in Ethernet packets

nodetype: leaf (ro)

type: oc-pkt-match-types:ethertype-type

/acl/acl-sets/acl-set/acl-entries/acl-entry/
ipv4

description:
Top level container for IPv4 match field data

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/
config

description:
Configuration data for IPv4 match fields

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/
source-address

description:
Source IPv4 address prefix.

nodetype: leaf (rw)

type: oc-inet:ipv4-prefix

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/
source-address-prefix-set

description:
Reference to a IPv4 address prefix Set to match the source address

nodetype: leaf (rw)

type: leafref

  • path reference: /defined-sets/ipv4-prefix-sets/ipv4-prefix-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/
destination-address

description:
Destination IPv4 address prefix.

nodetype: leaf (rw)

type: oc-inet:ipv4-prefix

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/
destination-address-prefix-set

description:
Reference to a IPv4 address prefix set to match the destination address

nodetype: leaf (rw)

type: leafref

  • path reference: /defined-sets/ipv4-prefix-sets/ipv4-prefix-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/
dscp

description:
Value of diffserv codepoint.

nodetype: leaf (rw)

type: oc-inet:dscp

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/
dscp-set

description:
A list of DSCP values to be matched for incoming packets. AN OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches unless the 'dscp' leaf is specified. It is not valid to specify both 'dscp' and 'dscp-set together.'

nodetype: leaf-list (rw)

type: oc-inet:dscp

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/
protocol

description:
The protocol carried in the IP packet, expressed either as its IP protocol number, or by a defined identity.

nodetype: leaf (rw)

type: oc-pkt-match-types:ip-protocol-type

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/
hop-limit

description:
The IP packet's hop limit -- known as TTL (in hops) in IPv4 packets, and hop limit in IPv6

nodetype: leaf (rw)

type: uint8

  • range: 0..255

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/
state

description:
State information for IPv4 match fields

nodetype: container (ro)

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/state/
source-address

description:
Source IPv4 address prefix.

nodetype: leaf (ro)

type: oc-inet:ipv4-prefix

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/state/
source-address-prefix-set

description:
Reference to a IPv4 address prefix Set to match the source address

nodetype: leaf (ro)

type: leafref

  • path reference: /defined-sets/ipv4-prefix-sets/ipv4-prefix-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/state/
destination-address

description:
Destination IPv4 address prefix.

nodetype: leaf (ro)

type: oc-inet:ipv4-prefix

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/state/
destination-address-prefix-set

description:
Reference to a IPv4 address prefix set to match the destination address

nodetype: leaf (ro)

type: leafref

  • path reference: /defined-sets/ipv4-prefix-sets/ipv4-prefix-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/state/
dscp

description:
Value of diffserv codepoint.

nodetype: leaf (ro)

type: oc-inet:dscp

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/state/
dscp-set

description:
A list of DSCP values to be matched for incoming packets. AN OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches unless the 'dscp' leaf is specified. It is not valid to specify both 'dscp' and 'dscp-set together.'

nodetype: leaf-list (ro)

type: oc-inet:dscp

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/state/
protocol

description:
The protocol carried in the IP packet, expressed either as its IP protocol number, or by a defined identity.

nodetype: leaf (ro)

type: oc-pkt-match-types:ip-protocol-type

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/state/
hop-limit

description:
The IP packet's hop limit -- known as TTL (in hops) in IPv4 packets, and hop limit in IPv6

nodetype: leaf (ro)

type: uint8

  • range: 0..255

/acl/acl-sets/acl-set/acl-entries/acl-entry/
mpls

description:
MPLS header fields

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/
config

description:
Configuration parameters relating to fields within the MPLS header.

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/config/
traffic-class

description:
The value of the MPLS traffic class (TC) bits, formerly known as the EXP bits.

nodetype: leaf (rw)

type: oc-mpls:mpls-tc

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/config/
start-label-value

description:
Match MPLS label value on the MPLS header. The usage of this field indicated the upper range value in the top of the stack. The range that is used is inclusive. The match that is done for a particular received pkt_label is: start-label-value <= pkt_label <= end-label-value. The 20-bit label value in an MPLS label stack as specified in RFC 3032. This label value does not include the encodings of Traffic Class and TTL.

nodetype: leaf (rw)

type: oc-mpls:mpls-label

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/config/
end-label-value

description:
Match MPLS label value on the MPLS header. The usage of this field indicated the upper range value in the top of the stack. The range that is used is inclusive. The match that is done for a particular received pkt_label is: start-label-value <= pkt_label <= end-label-value. The 20-bit label value in an MPLS label stack as specified in RFC 3032. This label value does not include the encodings of Traffic Class and TTL.

nodetype: leaf (rw)

type: oc-mpls:mpls-label

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/config/
ttl-value

description:
Time-to-live MPLS packet value match.

nodetype: leaf (rw)

type: uint8

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/
state

description:
Operational state parameters relating to fields within the MPLS header

nodetype: container (ro)

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/state/
traffic-class

description:
The value of the MPLS traffic class (TC) bits, formerly known as the EXP bits.

nodetype: leaf (ro)

type: oc-mpls:mpls-tc

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/state/
start-label-value

description:
Match MPLS label value on the MPLS header. The usage of this field indicated the upper range value in the top of the stack. The range that is used is inclusive. The match that is done for a particular received pkt_label is: start-label-value <= pkt_label <= end-label-value. The 20-bit label value in an MPLS label stack as specified in RFC 3032. This label value does not include the encodings of Traffic Class and TTL.

nodetype: leaf (ro)

type: oc-mpls:mpls-label

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/state/
end-label-value

description:
Match MPLS label value on the MPLS header. The usage of this field indicated the upper range value in the top of the stack. The range that is used is inclusive. The match that is done for a particular received pkt_label is: start-label-value <= pkt_label <= end-label-value. The 20-bit label value in an MPLS label stack as specified in RFC 3032. This label value does not include the encodings of Traffic Class and TTL.

nodetype: leaf (ro)

type: oc-mpls:mpls-label

/acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/state/
ttl-value

description:
Time-to-live MPLS packet value match.

nodetype: leaf (ro)

type: uint8

/acl/acl-sets/acl-set/acl-entries/acl-entry/
ipv6

description:
Top-level container for IPv6 match field data

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/
config

description:
Configuration data for IPv6 match fields

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
source-address

description:
Source IPv6 address prefix.

nodetype: leaf (rw)

type: oc-inet:ipv6-prefix

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
source-address-prefix-set

description:
Reference to a IPv6 address prefix set to match the source address

nodetype: leaf (rw)

type: leafref

  • path reference: /defined-sets/ipv6-prefix-sets/ipv6-prefix-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
source-flow-label

description:
Source IPv6 Flow label.

nodetype: leaf (rw)

type: oc-inet:ipv6-flow-label

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
destination-address

description:
Destination IPv6 address prefix.

nodetype: leaf (rw)

type: oc-inet:ipv6-prefix

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
destination-address-prefix-set

description:
Reference to a IPv6 address prefix set to match the destination address

nodetype: leaf (rw)

type: leafref

  • path reference: /defined-sets/ipv6-prefix-sets/ipv6-prefix-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
destination-flow-label

description:
Destination IPv6 Flow label.

nodetype: leaf (rw)

type: oc-inet:ipv6-flow-label

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
dscp

description:
Value of diffserv codepoint.

nodetype: leaf (rw)

type: oc-inet:dscp

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
dscp-set

description:
A list of DSCP values to be matched for incoming packets. AN OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches unless the 'dscp' leaf is specified. It is not valid to specify both 'dscp' and 'dscp-set together.'

nodetype: leaf-list (rw)

type: oc-inet:dscp

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
protocol

description:
The protocol carried in the IP packet, expressed either as its IP protocol number, or by a defined identity.

nodetype: leaf (rw)

type: oc-pkt-match-types:ip-protocol-type

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/
hop-limit

description:
The IP packet's hop limit -- known as TTL (in hops) in IPv4 packets, and hop limit in IPv6

nodetype: leaf (rw)

type: uint8

  • range: 0..255

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/
state

description:
Operational state data for IPv6 match fields

nodetype: container (ro)

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
source-address

description:
Source IPv6 address prefix.

nodetype: leaf (ro)

type: oc-inet:ipv6-prefix

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
source-address-prefix-set

description:
Reference to a IPv6 address prefix set to match the source address

nodetype: leaf (ro)

type: leafref

  • path reference: /defined-sets/ipv6-prefix-sets/ipv6-prefix-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
source-flow-label

description:
Source IPv6 Flow label.

nodetype: leaf (ro)

type: oc-inet:ipv6-flow-label

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
destination-address

description:
Destination IPv6 address prefix.

nodetype: leaf (ro)

type: oc-inet:ipv6-prefix

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
destination-address-prefix-set

description:
Reference to a IPv6 address prefix set to match the destination address

nodetype: leaf (ro)

type: leafref

  • path reference: /defined-sets/ipv6-prefix-sets/ipv6-prefix-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
destination-flow-label

description:
Destination IPv6 Flow label.

nodetype: leaf (ro)

type: oc-inet:ipv6-flow-label

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
dscp

description:
Value of diffserv codepoint.

nodetype: leaf (ro)

type: oc-inet:dscp

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
dscp-set

description:
A list of DSCP values to be matched for incoming packets. AN OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches unless the 'dscp' leaf is specified. It is not valid to specify both 'dscp' and 'dscp-set together.'

nodetype: leaf-list (ro)

type: oc-inet:dscp

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
protocol

description:
The protocol carried in the IP packet, expressed either as its IP protocol number, or by a defined identity.

nodetype: leaf (ro)

type: oc-pkt-match-types:ip-protocol-type

/acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/state/
hop-limit

description:
The IP packet's hop limit -- known as TTL (in hops) in IPv4 packets, and hop limit in IPv6

nodetype: leaf (ro)

type: uint8

  • range: 0..255

/acl/acl-sets/acl-set/acl-entries/acl-entry/
transport

description:
Transport fields container

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/
config

description:
Configuration data

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/
source-port

description:
Source port or range

nodetype: leaf (rw)

type: oc-pkt-match-types:port-num-range

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/
source-port-set

description:
Reference to a port set to match the source port

nodetype: leaf (rw)

type: leafref

  • path reference: /defined-sets/port-sets/port-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/
destination-port

description:
Destination port or range

nodetype: leaf (rw)

type: oc-pkt-match-types:port-num-range

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/
destination-port-set

description:
Reference to a port set to match the destination port

nodetype: leaf (rw)

type: leafref

  • path reference: /defined-sets/port-sets/port-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/
tcp-flags

description:
List of TCP flags to match

nodetype: leaf-list (rw)

type: identityref

  • base: oc-pkt-match-types:TCP_FLAGS

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/
state

description:
State data

nodetype: container (ro)

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/state/
source-port

description:
Source port or range

nodetype: leaf (ro)

type: oc-pkt-match-types:port-num-range

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/state/
source-port-set

description:
Reference to a port set to match the source port

nodetype: leaf (ro)

type: leafref

  • path reference: /defined-sets/port-sets/port-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/state/
destination-port

description:
Destination port or range

nodetype: leaf (ro)

type: oc-pkt-match-types:port-num-range

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/state/
destination-port-set

description:
Reference to a port set to match the destination port

nodetype: leaf (ro)

type: leafref

  • path reference: /defined-sets/port-sets/port-set/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/transport/state/
tcp-flags

description:
List of TCP flags to match

nodetype: leaf-list (ro)

type: identityref

  • base: oc-pkt-match-types:TCP_FLAGS

/acl/acl-sets/acl-set/acl-entries/acl-entry/
input-interface

description:
Input interface container

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/
config

description:
Config data

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/
state

description:
State information

nodetype: container (ro)

/acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/
interface-ref

description:
Reference to an interface or subinterface

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/interface-ref/
config

description:
Configured reference to interface / subinterface

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/interface-ref/config/
interface

description:
Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface.

nodetype: leaf (rw)

type: leafref

  • path reference: /interfaces/interface/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/interface-ref/config/
subinterface

description:
Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set.

nodetype: leaf (rw)

type: leafref

  • path reference: /interfaces/name=current()/../interface]/subinterfaces/subinterface/index

/acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/interface-ref/
state

description:
Operational state for interface-ref

nodetype: container (ro)

/acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/interface-ref/state/
interface

description:
Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface.

nodetype: leaf (ro)

type: leafref

  • path reference: /interfaces/interface/name

/acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/interface-ref/state/
subinterface

description:
Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set.

nodetype: leaf (ro)

type: leafref

  • path reference: /interfaces/name=current()/../interface]/subinterfaces/subinterface/index

/acl/acl-sets/acl-set/acl-entries/acl-entry/
actions

description:
Enclosing container for list of ACL actions associated with an entry

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/actions/
config

description:
Config data for ACL actions

nodetype: container (rw)

/acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/
forwarding-action

description:
Specifies the forwarding action. One forwarding action must be specified for each ACL entry

nodetype: leaf (rw)

type: identityref

  • base: FORWARDING_ACTION

/acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/
log-action

description:
Specifies the log action and destination for matched packets. The default is not to log the packet.

nodetype: leaf (rw)

type: identityref

  • base: LOG_ACTION

default: LOG_NONE

/acl/acl-sets/acl-set/acl-entries/acl-entry/actions/
state

description:
State information for ACL actions

nodetype: container (ro)

/acl/acl-sets/acl-set/acl-entries/acl-entry/actions/state/
forwarding-action

description:
Specifies the forwarding action. One forwarding action must be specified for each ACL entry

nodetype: leaf (ro)

type: identityref

  • base: FORWARDING_ACTION

/acl/acl-sets/acl-set/acl-entries/acl-entry/actions/state/
log-action

description:
Specifies the log action and destination for matched packets. The default is not to log the packet.

nodetype: leaf (ro)

type: identityref

  • base: LOG_ACTION

default: LOG_NONE

/acl/
interfaces

description:
Enclosing container for the list of interfaces on which ACLs are set

nodetype: container (rw)

/acl/interfaces/
interface

description:
List of interfaces on which ACLs are set

nodetype: list (rw)

list keys: [id]

/acl/interfaces/interface/
id

description:
Reference to the interface id list key

nodetype: leaf (list key) (rw)

type: leafref

  • path reference: ../config/id

/acl/interfaces/interface/
config

description:
Configuration for ACL per-interface data

nodetype: container (rw)

/acl/interfaces/interface/config/
id

description:
User-defined identifier for the interface -- a common convention could be '.'

nodetype: leaf (rw)

type: oc-if:interface-id

/acl/interfaces/interface/
state

description:
Operational state for ACL per-interface data

nodetype: container (ro)

/acl/interfaces/interface/state/
id

description:
User-defined identifier for the interface -- a common convention could be '.'

nodetype: leaf (ro)

type: oc-if:interface-id

/acl/interfaces/interface/
interface-ref

description:
Reference to an interface or subinterface

nodetype: container (rw)

/acl/interfaces/interface/interface-ref/
config

description:
Configured reference to interface / subinterface

nodetype: container (rw)

/acl/interfaces/interface/interface-ref/config/
interface

description:
Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface.

nodetype: leaf (rw)

type: leafref

  • path reference: /interfaces/interface/name

/acl/interfaces/interface/interface-ref/config/
subinterface

description:
Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set.

nodetype: leaf (rw)

type: leafref

  • path reference: /interfaces/name=current()/../interface]/subinterfaces/subinterface/index

/acl/interfaces/interface/interface-ref/
state

description:
Operational state for interface-ref

nodetype: container (ro)

/acl/interfaces/interface/interface-ref/state/
interface

description:
Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface.

nodetype: leaf (ro)

type: leafref

  • path reference: /interfaces/interface/name

/acl/interfaces/interface/interface-ref/state/
subinterface

description:
Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set.

nodetype: leaf (ro)

type: leafref

  • path reference: /interfaces/name=current()/../interface]/subinterfaces/subinterface/index

/acl/interfaces/interface/
ingress-acl-sets

description:
Enclosing container the list of ingress ACLs on the interface

nodetype: container (rw)

/acl/interfaces/interface/ingress-acl-sets/
ingress-acl-set

description:
List of ingress ACLs on the interface

nodetype: list (rw)

list keys: [set-name] [type]

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/
set-name

description:
Reference to set name list key

nodetype: leaf (list key) (rw)

type: leafref

  • path reference: ../config/set-name

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/
type

description:
Reference to type list key

nodetype: leaf (list key) (rw)

type: leafref

  • path reference: ../config/type

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/
config

description:
Configuration data

nodetype: container (rw)

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/config/
set-name

description:
Reference to the ACL set name applied on ingress

nodetype: leaf (rw)

type: leafref

  • path reference: ../../../../../../acl-sets/acl-set/config/name

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/config/
type

description:
Reference to the ACL set type applied on ingress

nodetype: leaf (rw)

type: leafref

  • path reference: ../../../../../../acl-sets/acl-set[name=current()/../set-name]/config/type

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/
state

description:
Operational state data for interface ingress ACLs

nodetype: container (ro)

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/state/
set-name

description:
Reference to the ACL set name applied on ingress

nodetype: leaf (ro)

type: leafref

  • path reference: ../../../../../../acl-sets/acl-set/config/name

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/state/
type

description:
Reference to the ACL set type applied on ingress

nodetype: leaf (ro)

type: leafref

  • path reference: ../../../../../../acl-sets/acl-set[name=current()/../set-name]/config/type

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/
acl-entries

description:
Enclosing container for list of references to ACLs

nodetype: container (ro)

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/acl-entries/
acl-entry

description:
List of ACL entries assigned to an interface

nodetype: list (ro)

list keys: [sequence-id]

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/acl-entries/acl-entry/
sequence-id

description:
Reference to per-interface acl entry key

nodetype: leaf (list key) (ro)

type: leafref

  • path reference: ../state/sequence-id

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/acl-entries/acl-entry/
state

description:
Operational state data for per-interface ACL entries

nodetype: container (ro)

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/acl-entries/acl-entry/state/
sequence-id

description:
Reference to an entry in the ACL set applied to an interface

nodetype: leaf (ro)

type: leafref

  • path reference: /acl/acl-sets/name=current()/../../../../type=current()/../../../../type]/acl-entries/acl-entry/sequence-id

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/acl-entries/acl-entry/state/
matched-packets

description:
Count of the number of packets matching the current ACL entry. An implementation should provide this counter on a per-interface per-ACL-entry if possible. If an implementation only supports ACL counters per entry (i.e., not broken out per interface), then the value should be equal to the aggregate count across all interfaces. An implementation that provides counters per entry per interface is not required to also provide an aggregate count, e.g., per entry -- the user is expected to be able implement the required aggregation if such a count is needed.

nodetype: leaf (ro)

type: oc-yang:counter64

/acl/interfaces/interface/ingress-acl-sets/ingress-acl-set/acl-entries/acl-entry/state/
matched-octets

description:
Count of the number of octets (bytes) matching the current ACL entry. An implementation should provide this counter on a per-interface per-ACL-entry if possible. If an implementation only supports ACL counters per entry (i.e., not broken out per interface), then the value should be equal to the aggregate count across all interfaces. An implementation that provides counters per entry per interface is not required to also provide an aggregate count, e.g., per entry -- the user is expected to be able implement the required aggregation if such a count is needed.

nodetype: leaf (ro)

type: oc-yang:counter64

/acl/interfaces/interface/
egress-acl-sets

description:
Enclosing container the list of egress ACLs on the interface

nodetype: container (rw)

/acl/interfaces/interface/egress-acl-sets/
egress-acl-set

description:
List of egress ACLs on the interface

nodetype: list (rw)

list keys: [set-name] [type]

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/
set-name

description:
Reference to set name list key

nodetype: leaf (list key) (rw)

type: leafref

  • path reference: ../config/set-name

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/
type

description:
Reference to type list key

nodetype: leaf (list key) (rw)

type: leafref

  • path reference: ../config/type

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/
config

description:
Configuration data

nodetype: container (rw)

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/config/
set-name

description:
Reference to the ACL set name applied on egress

nodetype: leaf (rw)

type: leafref

  • path reference: ../../../../../../acl-sets/acl-set/config/name

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/config/
type

description:
Reference to the ACL set type applied on egress.

nodetype: leaf (rw)

type: leafref

  • path reference: ../../../../../../acl-sets/acl-set[name=current()/../set-name]/config/type

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/
state

description:
Operational state data for interface egress ACLs

nodetype: container (ro)

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/state/
set-name

description:
Reference to the ACL set name applied on egress

nodetype: leaf (ro)

type: leafref

  • path reference: ../../../../../../acl-sets/acl-set/config/name

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/state/
type

description:
Reference to the ACL set type applied on egress.

nodetype: leaf (ro)

type: leafref

  • path reference: ../../../../../../acl-sets/acl-set[name=current()/../set-name]/config/type

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/
acl-entries

description:
Enclosing container for list of references to ACLs

nodetype: container (ro)

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/acl-entries/
acl-entry

description:
List of ACL entries assigned to an interface

nodetype: list (ro)

list keys: [sequence-id]

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/acl-entries/acl-entry/
sequence-id

description:
Reference to per-interface acl entry key

nodetype: leaf (list key) (ro)

type: leafref

  • path reference: ../state/sequence-id

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/acl-entries/acl-entry/
state

description:
Operational state data for per-interface ACL entries

nodetype: container (ro)

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/acl-entries/acl-entry/state/
sequence-id

description:
Reference to an entry in the ACL set applied to an interface

nodetype: leaf (ro)

type: leafref

  • path reference: /acl/acl-sets/name=current()/../../../../type=current()/../../../../type]/acl-entries/acl-entry/sequence-id

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/acl-entries/acl-entry/state/
matched-packets

description:
Count of the number of packets matching the current ACL entry. An implementation should provide this counter on a per-interface per-ACL-entry if possible. If an implementation only supports ACL counters per entry (i.e., not broken out per interface), then the value should be equal to the aggregate count across all interfaces. An implementation that provides counters per entry per interface is not required to also provide an aggregate count, e.g., per entry -- the user is expected to be able implement the required aggregation if such a count is needed.

nodetype: leaf (ro)

type: oc-yang:counter64

/acl/interfaces/interface/egress-acl-sets/egress-acl-set/acl-entries/acl-entry/state/
matched-octets

description:
Count of the number of octets (bytes) matching the current ACL entry. An implementation should provide this counter on a per-interface per-ACL-entry if possible. If an implementation only supports ACL counters per entry (i.e., not broken out per interface), then the value should be equal to the aggregate count across all interfaces. An implementation that provides counters per entry per interface is not required to also provide an aggregate count, e.g., per entry -- the user is expected to be able implement the required aggregation if such a count is needed.

nodetype: leaf (ro)

type: oc-yang:counter64