This module defines configuration and operational state data for Network Address Translation (NAT) functionality.
NAT enables translation of IP addresses and/or ports between different network domains.
The model supports: - Source NAT (SNAT) for outbound traffic translation - Destination NAT (DNAT) for inbound traffic translation - Static and dynamic address/port mappings - Policy-based NAT using ACLs - Active translation table showing current NAT entries - Multiple address families (IPv4/NAT44, IPv6/NAT66).
ietf-inet-types
ietf-yang-types
openconfig-interfaces
openconfig-extensions
openconfig-acl
description:
Protocol types supported for NAT translation.
type: enumeration
description:
Action to take for matching traffic.
type: enumeration
description:
Logging level for NAT operations.
type: enumeration
description:
NAT interface role: INSIDE or OUTSIDE.
type: enumeration
description:
Base identity for NAT types.
description:
Source NAT - translates source addresses/ports of outbound
traffic.
base identity: NAT_TYPE
description:
Destination NAT - translates destination addresses/ports
of inbound traffic.
base identity: NAT_TYPE
description:
Base identity for NAT address families.
description:
IPv4 address family for NAT44 translations.
base identity: ADDRESS_FAMILY
description:
IPv6 address family for NAT66 translations.
base identity: ADDRESS_FAMILY
description:
Top-level container for NAT.
nodetype: container (rw)
description:
Global NAT configuration parameters.
nodetype: container (rw)
description:
Default time a NAT translation entry remains active
without traffic for all NAT instances. Applies to all
traffic unless specific protocol timeouts are
configured.
nodetype: leaf (rw)
type: uint32
units: seconds
description:
Maximum number of concurrent translations globally across
all NAT instances. When this threshold is reached, new
translation requests are dropped until the total number
of active translations falls below this limit.
nodetype: leaf (rw)
type: uint64
description:
Global NAT logging level.
nodetype: leaf (rw)
type: log-level
description:
Global NAT operational state data.
nodetype: container (ro)
description:
Default time a NAT translation entry remains active
without traffic for all NAT instances. Applies to all
traffic unless specific protocol timeouts are
configured.
nodetype: leaf (ro)
type: uint32
units: seconds
description:
Maximum number of concurrent translations globally across
all NAT instances. When this threshold is reached, new
translation requests are dropped until the total number
of active translations falls below this limit.
nodetype: leaf (ro)
type: uint64
description:
Global NAT logging level.
nodetype: leaf (ro)
type: log-level
description:
Memory used by the NAT subsystem.
nodetype: leaf (ro)
type: uint32
units: kilobytes
description:
Counters for global NAT operations.
nodetype: container (ro)
description:
Total number of configured NAT instances.
nodetype: leaf (ro)
type: yang:counter32
description:
Number of currently active NAT instances.
nodetype: leaf (ro)
type: yang:counter32
description:
Total number of active translations across all
instances.
nodetype: leaf (ro)
type: yang:counter64
description:
Total number of translation failures across all
instances.
nodetype: leaf (ro)
type: yang:counter64
description:
NAT instance configuration and state.
nodetype: container (rw)
description:
List of NAT instances.
nodetype: list (rw)
list keys: [name]
description:
Reference to NAT instance name.
nodetype: leaf (list key) (rw)
type: leafref
description:
Configuration parameters for the NAT instance.
nodetype: container (rw)
description:
Unique name for the NAT instance.
nodetype: leaf (rw)
type: string
description:
Type of NAT translation to be performed.
nodetype: leaf (rw)
type: identityref
description:
Address family for NAT translations - IPv4 for NAT44,
IPv6 for NAT66.
nodetype: leaf (rw)
type: identityref
description:
Textual description of the NAT instance.
nodetype: leaf (rw)
type: string
description:
Operational state data for the NAT instance.
nodetype: container (ro)
description:
Unique name for the NAT instance.
nodetype: leaf (ro)
type: string
description:
Type of NAT translation to be performed.
nodetype: leaf (ro)
type: identityref
description:
Address family for NAT translations - IPv4 for NAT44,
IPv6 for NAT66.
nodetype: leaf (ro)
type: identityref
description:
Textual description of the NAT instance.
nodetype: leaf (ro)
type: string
description:
Counters for NAT instance operations.
nodetype: container (ro)
description:
Number of currently active NAT mappings.
nodetype: leaf (ro)
type: yang:counter64
description:
Total number of NAT mappings created since instance
startup.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of mapping creation failures.
nodetype: leaf (ro)
type: yang:counter64
description:
Interface configuration and state for NAT.
nodetype: container (rw)
description:
List of interfaces participating in NAT.
nodetype: list (rw)
list keys: [interface]
description:
Reference to interface list key.
nodetype: leaf (list key) (rw)
type: leafref
description:
Configuration parameters for the NAT interface.
nodetype: container (rw)
description:
Reference to the interface.
nodetype: leaf (rw)
type: oc-if:base-interface-ref
description:
Type of NAT interface - inside or outside.
nodetype: leaf (rw)
type: interface-type
description:
Operational state data for the NAT interface.
nodetype: container (ro)
description:
Reference to the interface.
nodetype: leaf (ro)
type: oc-if:base-interface-ref
description:
Type of NAT interface - inside or outside.
nodetype: leaf (ro)
type: interface-type
description:
Counters for NAT interface operations.
nodetype: container (ro)
description:
Number of packets that have been translated.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of bytes that have been translated.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of translation errors encountered.
nodetype: leaf (ro)
type: yang:counter64
description:
Dynamic NAT configuration and state.
nodetype: container (rw)
description:
List of dynamic NAT pools.
nodetype: list (rw)
list keys: [name]
description:
Reference to dynamic NAT pool name.
nodetype: leaf (list key) (rw)
type: leafref
description:
Configuration parameters for the dynamic NAT pool.
nodetype: container (rw)
description:
Unique name for the dynamic NAT pool.
nodetype: leaf (rw)
type: string
description:
Starting IP address of the address range. Must match the
address family configured for the NAT instance.
nodetype: leaf (rw)
type: inet:ip-address
description:
Ending IP address of the address range. Must match the
address family configured for the NAT instance.
nodetype: leaf (rw)
type: inet:ip-address
description:
Prefix length for the address range. For IPv4, valid range
is 1-32. For IPv6, valid range is 1-128.
nodetype: leaf (rw)
type: uint8
description:
Starting port number for NAPT translations.
nodetype: leaf (rw)
type: inet:port-number
description:
Ending port number for NAPT translations.
nodetype: leaf (rw)
type: inet:port-number
description:
Number of ports allocated per mapping.
nodetype: leaf (rw)
type: uint16
description:
Reference to ACL set that defines traffic
eligible for this dynamic NAT pool.
nodetype: leaf (rw)
type: leafref
description:
Maximum number of concurrent translations for this dynamic
NAT pool. When this threshold is reached, new translation
requests are dropped until the number of active translations
falls below this limit.
nodetype: leaf (rw)
type: uint64
description:
Enable address-only translation without port translation.
nodetype: leaf (rw)
type: boolean
description:
Default time a NAT translation entry remains active
without traffic. Applies to all traffic unless specific
protocol timeouts (TCP, UDP, ICMP) are configured.
nodetype: leaf (rw)
type: uint32
units: seconds
description:
Time a TCP NAT translation entry remains active
without traffic.
nodetype: leaf (rw)
type: uint32
units: seconds
description:
Time a UDP NAT translation entry remains active
without traffic.
nodetype: leaf (rw)
type: uint32
units: seconds
description:
Time an ICMP NAT translation entry remains active
without traffic.
nodetype: leaf (rw)
type: uint32
units: seconds
description:
Enable port overloading (PAT) allowing multiple internal
addresses to share the same external address with
different ports.
nodetype: leaf (rw)
type: boolean
description:
Enable logging of NAT translations.
nodetype: leaf (rw)
type: boolean
description:
Maximum number of concurrent translations per external
address.
nodetype: leaf (rw)
type: uint32
description:
Operational state data for the dynamic NAT pool.
nodetype: container (ro)
description:
Unique name for the dynamic NAT pool.
nodetype: leaf (ro)
type: string
description:
Starting IP address of the address range. Must match the
address family configured for the NAT instance.
nodetype: leaf (ro)
type: inet:ip-address
description:
Ending IP address of the address range. Must match the
address family configured for the NAT instance.
nodetype: leaf (ro)
type: inet:ip-address
description:
Prefix length for the address range. For IPv4, valid range
is 1-32. For IPv6, valid range is 1-128.
nodetype: leaf (ro)
type: uint8
description:
Starting port number for NAPT translations.
nodetype: leaf (ro)
type: inet:port-number
description:
Ending port number for NAPT translations.
nodetype: leaf (ro)
type: inet:port-number
description:
Number of ports allocated per mapping.
nodetype: leaf (ro)
type: uint16
description:
Reference to ACL set that defines traffic
eligible for this dynamic NAT pool.
nodetype: leaf (ro)
type: leafref
description:
Maximum number of concurrent translations for this dynamic
NAT pool. When this threshold is reached, new translation
requests are dropped until the number of active translations
falls below this limit.
nodetype: leaf (ro)
type: uint64
description:
Enable address-only translation without port translation.
nodetype: leaf (ro)
type: boolean
description:
Default time a NAT translation entry remains active
without traffic. Applies to all traffic unless specific
protocol timeouts (TCP, UDP, ICMP) are configured.
nodetype: leaf (ro)
type: uint32
units: seconds
description:
Time a TCP NAT translation entry remains active
without traffic.
nodetype: leaf (ro)
type: uint32
units: seconds
description:
Time a UDP NAT translation entry remains active
without traffic.
nodetype: leaf (ro)
type: uint32
units: seconds
description:
Time an ICMP NAT translation entry remains active
without traffic.
nodetype: leaf (ro)
type: uint32
units: seconds
description:
Enable port overloading (PAT) allowing multiple internal
addresses to share the same external address with
different ports.
nodetype: leaf (ro)
type: boolean
description:
Enable logging of NAT translations.
nodetype: leaf (ro)
type: boolean
description:
Maximum number of concurrent translations per external
address.
nodetype: leaf (ro)
type: uint32
description:
Counters for dynamic NAT pool operations.
nodetype: container (ro)
description:
Number of addresses currently allocated from this
dynamic NAT pool.
nodetype: leaf (ro)
type: yang:counter32
description:
Number of addresses available in this dynamic NAT pool.
nodetype: leaf (ro)
type: yang:counter32
description:
Number of currently active translations using this
dynamic NAT pool.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of packets matching the ACL set.
nodetype: leaf (ro)
type: yang:counter64
description:
Static NAT configuration and state.
nodetype: container (rw)
description:
List of static NAT mappings.
nodetype: list (rw)
list keys: [name]
description:
Reference to static NAT mapping name.
nodetype: leaf (list key) (rw)
type: leafref
description:
Configuration parameters for the static NAT mapping.
nodetype: container (rw)
description:
Unique name for the static NAT mapping.
nodetype: leaf (rw)
type: string
description:
Type of static NAT: source or destination.
nodetype: leaf (rw)
type: identityref
description:
Internal (source) IP address. Must match the address
family configured for the NAT instance.
nodetype: leaf (rw)
type: inet:ip-address
description:
External (destination) IP address. Must match the address
family configured for the NAT instance.
nodetype: leaf (rw)
type: inet:ip-address
description:
Internal port number for static NAPT mappings. When
specified, this option enables port forwarding, where both
the IP address and the port are translated. If omitted,
only the IP address is translated.
nodetype: leaf (rw)
type: inet:port-number
description:
External port number for static NAPT mappings. When
specified, this option enables port forwarding, where both
the IP address and the port are translated. If omitted,
only the IP address is translated.
nodetype: leaf (rw)
type: inet:port-number
description:
Protocol for the static NAT mapping.
nodetype: leaf (rw)
type: protocol-type
description:
Reference to ACL set for this static NAT mapping.
nodetype: leaf (rw)
type: leafref
description:
Maximum number of concurrent translations for this static
NAT mapping. When this threshold is reached, new translation
requests using this mapping are dropped until the number of
active translations falls below this limit.
nodetype: leaf (rw)
type: uint64
description:
Operational state data for the static NAT mapping.
nodetype: container (ro)
description:
Unique name for the static NAT mapping.
nodetype: leaf (ro)
type: string
description:
Type of static NAT: source or destination.
nodetype: leaf (ro)
type: identityref
description:
Internal (source) IP address. Must match the address
family configured for the NAT instance.
nodetype: leaf (ro)
type: inet:ip-address
description:
External (destination) IP address. Must match the address
family configured for the NAT instance.
nodetype: leaf (ro)
type: inet:ip-address
description:
Internal port number for static NAPT mappings. When
specified, this option enables port forwarding, where both
the IP address and the port are translated. If omitted,
only the IP address is translated.
nodetype: leaf (ro)
type: inet:port-number
description:
External port number for static NAPT mappings. When
specified, this option enables port forwarding, where both
the IP address and the port are translated. If omitted,
only the IP address is translated.
nodetype: leaf (ro)
type: inet:port-number
description:
Protocol for the static NAT mapping.
nodetype: leaf (ro)
type: protocol-type
description:
Reference to ACL set for this static NAT mapping.
nodetype: leaf (ro)
type: leafref
description:
Maximum number of concurrent translations for this static
NAT mapping. When this threshold is reached, new translation
requests using this mapping are dropped until the number of
active translations falls below this limit.
nodetype: leaf (ro)
type: uint64
description:
Timestamp when the static NAT mapping was created.
nodetype: leaf (ro)
type: yang:date-and-time
description:
Timestamp when the static NAT mapping was last used.
nodetype: leaf (ro)
type: yang:date-and-time
description:
Counters for static NAT mapping operations.
nodetype: container (ro)
description:
Number of currently active translations for this static
NAT mapping.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of packets translated using this static NAT
mapping.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of bytes translated using this static NAT mapping.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of packets matching the ACL set.
nodetype: leaf (ro)
type: yang:counter64
description:
Active NAT translation entries showing current
address/port mappings.
nodetype: container (ro)
description:
List of active NAT translation entries.
nodetype: list (ro)
list keys: [translation-id]
description:
Reference to translation entry identifier.
nodetype: leaf (list key) (ro)
type: leafref
description:
Operational state data for the NAT translation entry.
nodetype: container (ro)
description:
Unique identifier for the translation entry.
nodetype: leaf (ro)
type: uint64
description:
Internal (private) IP address being translated.
nodetype: leaf (ro)
type: inet:ip-address
description:
Internal port number being translated.
nodetype: leaf (ro)
type: inet:port-number
description:
External (public) IP address used for translation.
nodetype: leaf (ro)
type: inet:ip-address
description:
External port number used for translation.
nodetype: leaf (ro)
type: inet:port-number
description:
Protocol of the translation entry.
nodetype: leaf (ro)
type: protocol-type
description:
Timestamp when the translation entry was created.
nodetype: leaf (ro)
type: yang:date-and-time
description:
Timestamp of the last packet activity for this translation.
nodetype: leaf (ro)
type: yang:date-and-time
description:
Remaining time before this translation entry expires
due to inactivity.
nodetype: leaf (ro)
type: uint32
units: seconds
description:
Name of the dynamic NAT pool that allocated this
translation, if applicable.
nodetype: leaf (ro)
type: string
description:
Name of the static NAT mapping that created this translation,
if applicable.
nodetype: leaf (ro)
type: string
description:
Counters for NAT translation entry operations.
nodetype: container (ro)
description:
Number of inbound packets (external to internal) for
this translation.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of outbound packets (internal to external) for
this translation.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of inbound bytes (external to internal) for
this translation.
nodetype: leaf (ro)
type: yang:counter64
description:
Number of outbound bytes (internal to external) for
this translation.
nodetype: leaf (ro)
type: yang:counter64