description:
A password that is hashed based on the hash algorithm indicated by the prefix in the string. The string takes the following form, based on the Unix crypt function: $[$=(,=)*][$[$]] Common hash functions include: id | hash function ---+--------------- 1 | MD5 2a| Blowfish 2y| Blowfish (correct handling of 8-bit chars) 5 | SHA-256 6 | SHA-512 These may not all be supported by a target device.

type: string

Identities

base: AAA_SERVER_TYPE

description:
Base identity for types of AAA servers

base: SYSTEM_DEFINED_ROLES

description:
Base identity for system_defined roles that can be assigned to users.

SYSTEM_ROLE_ADMIN

description:
Built-in role that allows the equivalent of superuser permission for all configuration and operational commands on the device.

base identity: SYSTEM_DEFINED_ROLES

base: AAA_ACCOUNTING_EVENT_TYPE

description:
Base identity for specifying events types that should be sent to AAA server for accounting

AAA_ACCOUNTING_EVENT_COMMAND

description:
Specifies interactive command events for AAA accounting

base identity: AAA_ACCOUNTING_EVENT_TYPE

AAA_ACCOUNTING_EVENT_LOGIN

description:
Specifies login events for AAA accounting

base identity: AAA_ACCOUNTING_EVENT_TYPE

base: AAA_AUTHORIZATION_EVENT_TYPE

description:
Base identity for specifying activities that should be sent to AAA server for authorization

AAA_AUTHORIZATION_EVENT_COMMAND

description:
Specifies interactive command events for AAA authorization

base identity: AAA_AUTHORIZATION_EVENT_TYPE

AAA_AUTHORIZATION_EVENT_CONFIG

description:
Specifies configuration (e.g., EXEC) events for AAA authorization

base identity: AAA_AUTHORIZATION_EVENT_TYPE

base: AAA_METHOD_TYPE

description:
Base identity to define well-known methods for AAA operations

TACACS_ALL

description:
The group of all TACACS+ servers.

base identity: AAA_METHOD_TYPE

RADIUS_ALL

description:
The group of all RADIUS servers.

base identity: AAA_METHOD_TYPE

LOCAL

description:
Locally configured method for AAA operations.

base identity: AAA_METHOD_TYPE

Data elements

openconfig-alarms

openconfig-version: 0.3.2

Description

This module defines operational state data related to alarms that the device is reporting.

This model reuses some data items defined in the draft IETF YANG Alarm Module: https://tools.ietf.org/html/draft-vallin-netmod-alarm-module-02

Portions of this code were derived from the draft IETF YANG Alarm Module. Please reproduce this note if possible.

Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info).

Imports

openconfig-alarm-types
openconfig-extensions
openconfig-types
openconfig-platform

Data elements

openconfig-alarm-types

openconfig-version: 0.2.1

Description

This module defines operational state data related to alarms that the device is reporting.

This model reuses some data items defined in the draft IETF YANG Alarm Module: https://tools.ietf.org/html/draft-vallin-netmod-alarm-module-02

Portions of this code were derived from the draft IETF YANG Alarm Module. Please reproduce this note if possible.

Imports

openconfig-extensions

Identities

base: OPENCONFIG_ALARM_TYPE_ID

description:
Base identity for alarm type ID profiles

AIS

description:
Defines an alarm indication signal type of alarm

base identity: OPENCONFIG_ALARM_TYPE_ID

EQPT

description:
Defines an equipment related type of alarm that is specific to the physical hardware

base identity: OPENCONFIG_ALARM_TYPE_ID

LOS

description:
Defines a loss of signal type of alarm

base identity: OPENCONFIG_ALARM_TYPE_ID

OTS

description:
Defines a optical transport signal type of alarm

base identity: OPENCONFIG_ALARM_TYPE_ID

base: OPENCONFIG_ALARM_SEVERITY

description:
Base identity for alarm severity profiles. Derived identities are based on contents of the draft IETF YANG Alarm Module

UNKNOWN

description:
Indicates that the severity level could not be determined. This level SHOULD be avoided.

base identity: OPENCONFIG_ALARM_SEVERITY

MINOR

description:
Indicates the existence of a non-service affecting fault condition and that corrective action should be taken in order to prevent a more serious (for example, service affecting) fault. Such a severity can be reported, for example, when the detected alarm condition is not currently degrading the capacity of the resource

base identity: OPENCONFIG_ALARM_SEVERITY

WARNING

description:
Indicates the detection of a potential or impending service affecting fault, before any significant effects have been felt. Action should be taken to further diagnose (if necessary) and correct the problem in order to prevent it from becoming a more serious service affecting fault.

base identity: OPENCONFIG_ALARM_SEVERITY

MAJOR

description:
Indicates that a service affecting condition has developed and an urgent corrective action is required. Such a severity can be reported, for example, when there is a severe degradation in the capability of the resource and its full capability must be restored.

base identity: OPENCONFIG_ALARM_SEVERITY

CRITICAL

Portions of this code were derived from IETF RFC 7317. Please reproduce this note if possible.

Imports

openconfig-inet-types
openconfig-yang-types
openconfig-types
openconfig-extensions
openconfig-aaa
openconfig-system-logging
openconfig-system-terminal
openconfig-procmon
openconfig-platform
openconfig-alarms
openconfig-messages
openconfig-license
openconfig-network-instance

Defined types

timezone-name-type

description:
A time zone name as used by the Time Zone Database, sometimes referred to as the 'Olson Database'. The exact set of valid values is an implementation-specific matter. Client discovery of the exact set of time zone names for a particular server is out of scope.

type: string

Identities

base: NTP_AUTH_TYPE

description:
Base identity for encryption schemes supported for NTP authentication keys

NTP_AUTH_MD5

description:
MD5 encryption method

base identity: NTP_AUTH_TYPE

Data elements

/
system

nodetype: container (ro)

/system/state/
hostname

description:
The hostname of the device -- should be a single domain label, without the domain.

nodetype: leaf (ro)

type: oc-inet:domain-name

/system/state/
domain-name

description:
Specifies the domain name used to form fully qualified name for unqualified hostnames.

nodetype: leaf (ro)

type: oc-inet:domain-name

description:
The console login message displayed before the login prompt, i.e., before a user logs into the system.

nodetype: leaf (ro)

type: string

nodetype: leaf (ro)

type: string

description:
Operating system version of the currently active controller of the device. It is required that this value matches the value of the state/software-version leaf in the component of type OPERATING_SYSTEM.

nodetype: leaf (ro)

type: string

/system/state/
last-configuration-timestamp

description:
Indicates the monotonically increasing timestamp at which the last configuration change was made. This may may be through CLI, gNMI or some other mechanism. The value is the timestamp in nanoseconds relative to the Unix Epoch (Jan 1, 1970 00:00:00 UTC).

nodetype: leaf (ro)

type: oc-types:timeticks64

units: nanoseconds

/system/
mount-points

description:
When a system has a set of filesystems that are attached to a directory (i.e., mounted on the system) they are expected to be present in this list. If the system has the concept of mounting physical or virtual resources to a mount point within the root filesystem (/) they should also be included in this list.

nodetype: container (ro)

/system/mount-points/
mount-point

description:
List of mount points in the system.

nodetype: list (ro)

list keys: [name]

/system/mount-points/mount-point/
name

description:
Reference to the key for list of mount points.

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/name

/system/mount-points/mount-point/
state

description:
State of system mount point.

nodetype: container (ro)

/system/mount-points/mount-point/state/
name

description:
Mount point name.

nodetype: leaf (ro)

type: string

/system/mount-points/mount-point/state/
storage-component

description:
In the case that the filesystem that is mounted corresponds to a physical or logical component within the system, this leaf provides a reference to the hosting component within the /components hierarchy. The reference should be to the most specific component (e.g., if an entry for /dev/sda1 exists, then this should be referred to, otherwise a reference to /dev/sda may be provided.

nodetype: leaf (ro)

type: leafref

path reference: /components/component/name

/system/mount-points/mount-point/state/
size

description:
The total size of the initialised filesystem.

nodetype: leaf (ro)

type: uint64

units: megabytes

/system/mount-points/mount-point/state/
available

description:
The amount of unused space on the filesystem.

nodetype: leaf (ro)

type: uint64

units: megabytes

/system/mount-points/mount-point/state/
utilized

description:
The amount of space currently in use on the filesystem.

nodetype: leaf (ro)

description:
Ordered list of authentication methods for users. This can be either a reference to a server group, or a well- defined designation in the AAA_METHOD_TYPE identity. If authentication fails with one method, the next defined method is tried -- failure of all methods results in the user being denied access.

nodetype: leaf-list (rw)

type: union

type: identityref

base: oc-aaa-types:AAA_METHOD_TYPE

type: string

/system/aaa/authentication/
state

description:
Operational state data for global authentication services

nodetype: container (ro)

/system/aaa/authentication/state/
authentication-method

nodetype: leaf-list (ro)

type: union

type: identityref

base: oc-aaa-types:AAA_METHOD_TYPE

type: string

/system/aaa/authentication/
admin-user

description:
Top-level container for the system root or admin user configuration and operational state

nodetype: container (rw)

/system/aaa/authentication/admin-user/
config

description:
Configuration data for the root user account

nodetype: container (rw)

/system/aaa/authentication/admin-user/config/
admin-password

description:
The admin/root password, supplied as a cleartext string. The system should hash and only store the password as a hashed value.

nodetype: leaf (rw)

type: string

/system/aaa/authentication/admin-user/config/
admin-password-hashed

description:
The admin/root password, supplied as a hashed value using the notation described in the definition of the crypt-password-type.

nodetype: leaf (rw)

type: oc-aaa-types:crypt-password-type

description:
Enclosing container list of local users

nodetype: container (rw)

/system/aaa/authentication/users/
user

description:
List of local users on the system

nodetype: list (rw)

list keys: [username]

/system/aaa/authentication/users/user/
username

description:
References the configured username for the user

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/username

/system/aaa/authentication/users/user/
config

base: oc-aaa-types:SYSTEM_DEFINED_ROLES

/system/aaa/authentication/users/user/
state

base: oc-aaa-types:SYSTEM_DEFINED_ROLES

/system/aaa/
authorization

description:
Top-level container for AAA authorization configuration and operational state data

nodetype: container (rw)

/system/aaa/authorization/
config

description:
Configuration data for authorization based on AAA methods

nodetype: container (rw)

/system/aaa/authorization/config/
authorization-method

description:
Ordered list of methods for authorizing commands. The first method that provides a response (positive or negative) should be used. The list may contain a well-defined method such as the set of all TACACS or RADIUS servers, or the name of a defined AAA server group. The system must validate that the named server group exists.

nodetype: leaf-list (rw)

type: union

type: identityref

base: oc-aaa-types:AAA_METHOD_TYPE

type: string

/system/aaa/authorization/
state

description:
Operational state data for authorization based on AAA

nodetype: container (ro)

/system/aaa/authorization/state/
authorization-method

nodetype: leaf-list (ro)

type: union

type: identityref

base: oc-aaa-types:AAA_METHOD_TYPE

type: string

/system/aaa/authorization/state/
grpc-authz-policy-version

description:
The version of the gRPC authorization policy that is used by this system.

nodetype: leaf (ro)

type: version

/system/aaa/authorization/state/
grpc-authz-policy-created-on

description:
The timestamp of the moment when the gRPC authorization policy that is currently used by this system was created.

nodetype: leaf (ro)

type: created-on

/system/aaa/authorization/
events

description:
Enclosing container for the set of events subject to authorization

nodetype: container (rw)

/system/aaa/authorization/events/
event

description:
List of events subject to AAA authorization

nodetype: list (rw)

list keys: [event-type]

/system/aaa/authorization/events/event/
event-type

description:
Reference to the event-type list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/event-type

/system/aaa/authorization/events/event/
config

description:
Configuration data for each authorized event

nodetype: container (rw)

/system/aaa/authorization/events/event/config/
event-type

description:
The type of event to record at the AAA authorization server

nodetype: leaf (rw)

type: identityref

base: oc-aaa-types:AAA_AUTHORIZATION_EVENT_TYPE

/system/aaa/authorization/events/event/
state

description:
Operational state data for each authorized activity

nodetype: container (ro)

/system/aaa/authorization/events/event/state/
event-type

description:
The type of event to record at the AAA authorization server

nodetype: leaf (ro)

type: identityref

base: oc-aaa-types:AAA_AUTHORIZATION_EVENT_TYPE

/system/aaa/
accounting

description:
Top-level container for AAA accounting

nodetype: container (rw)

/system/aaa/accounting/
config

description:
Configuration data for user activity accounting.

nodetype: container (rw)

/system/aaa/accounting/config/
accounting-method

description:
An ordered list of methods used for AAA accounting for this event type. The method is defined by the destination for accounting data, which may be specified as the group of all TACACS+/RADIUS servers, a defined server group, or the local system.

nodetype: leaf-list (rw)

type: union

type: identityref

base: oc-aaa-types:AAA_METHOD_TYPE

type: string

/system/aaa/accounting/
state

description:
Operational state data for user accounting.

nodetype: container (ro)

/system/aaa/accounting/state/
accounting-method

nodetype: leaf-list (ro)

type: union

type: identityref

base: oc-aaa-types:AAA_METHOD_TYPE

type: string

/system/aaa/accounting/
events

description:
Enclosing container for defining handling of events for accounting

nodetype: container (rw)

/system/aaa/accounting/events/
event

description:
List of events subject to accounting

nodetype: list (rw)

list keys: [event-type]

/system/aaa/accounting/events/event/
event-type

description:
Reference to the event-type being logged at the accounting server

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/event-type

/system/aaa/accounting/events/event/
config

description:
Configuration data for accounting events

nodetype: container (rw)

/system/aaa/accounting/events/event/config/
event-type

description:
The type of activity to record at the AAA accounting server

nodetype: leaf (rw)

type: identityref

base: oc-aaa-types:AAA_ACCOUNTING_EVENT_TYPE

/system/aaa/accounting/events/event/config/
record

description:
Type of record to send to the accounting server for this activity type

nodetype: leaf (rw)

type: enumeration

START_STOP
Send START record to the accounting server at the beginning of the activity, and STOP record at the end of the activity.
STOP
Send STOP record to the accounting server when the user activity completes

/system/aaa/accounting/events/event/
state

description:
Operational state data for accounting events

nodetype: container (ro)

/system/aaa/accounting/events/event/state/
event-type

description:
The type of activity to record at the AAA accounting server

nodetype: leaf (ro)

type: identityref

base: oc-aaa-types:AAA_ACCOUNTING_EVENT_TYPE

/system/aaa/accounting/events/event/state/
record

description:
Type of record to send to the accounting server for this activity type

nodetype: leaf (ro)

type: enumeration

START_STOP
Send START record to the accounting server at the beginning of the activity, and STOP record at the end of the activity.
STOP
Send STOP record to the accounting server when the user activity completes

/system/aaa/
server-groups

description:
Enclosing container for AAA server groups

nodetype: container (rw)

/system/aaa/server-groups/
server-group

description:
List of AAA server groups. All servers in a group must have the same type as indicated by the server type.

nodetype: list (rw)

list keys: [name]

/system/aaa/server-groups/server-group/
name

description:
Reference to configured name of the server group

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/name

/system/aaa/server-groups/server-group/
config

description:
Configuration data for each server group

nodetype: container (rw)

/system/aaa/server-groups/server-group/config/
name

description:
Name for the server group

nodetype: leaf (rw)

type: string

/system/aaa/server-groups/server-group/config/
type

description:
AAA server type -- all servers in the group must be of this type

nodetype: leaf (rw)

type: identityref

base: oc-aaa-types:AAA_SERVER_TYPE

/system/aaa/server-groups/server-group/
state

description:
Operational state data for each server group

nodetype: container (ro)

/system/aaa/server-groups/server-group/state/
name

description:
Name for the server group

nodetype: leaf (ro)

type: string

/system/aaa/server-groups/server-group/state/
type

description:
AAA server type -- all servers in the group must be of this type

nodetype: leaf (ro)

type: identityref

base: oc-aaa-types:AAA_SERVER_TYPE

/system/aaa/server-groups/server-group/
servers

description:
Enclosing container the list of servers

nodetype: container (rw)

/system/aaa/server-groups/server-group/servers/
server

description:
List of AAA servers

nodetype: list (rw)

list keys: [address]

/system/aaa/server-groups/server-group/servers/server/
address

description:
Reference to the configured address of the AAA server

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/address

/system/aaa/server-groups/server-group/servers/server/
config

description:
Configuration data

nodetype: container (rw)

/system/aaa/server-groups/server-group/servers/server/config/
name

description:
Name assigned to the server

nodetype: leaf (rw)

type: string

/system/aaa/server-groups/server-group/servers/server/config/
address

description:
Address of the authentication server

nodetype: leaf (rw)

type: oc-inet:ip-address

/system/aaa/server-groups/server-group/servers/server/config/
timeout

description:
Set the timeout in seconds on responses from the AAA server

nodetype: leaf (rw)

type: uint16

units: seconds

/system/aaa/server-groups/server-group/servers/server/
state

description:
Operational state data

nodetype: container (ro)

/system/aaa/server-groups/server-group/servers/server/state/
name

description:
Name assigned to the server

nodetype: leaf (ro)

type: string

/system/aaa/server-groups/server-group/servers/server/state/
address

description:
Address of the authentication server

nodetype: leaf (ro)

type: oc-inet:ip-address

/system/aaa/server-groups/server-group/servers/server/state/
timeout

description:
Set the timeout in seconds on responses from the AAA server

description:
Number of error messages received from the server

nodetype: leaf (ro)

type: oc-yang:counter64

/system/aaa/server-groups/server-group/servers/server/
tacacs

description:
Top-level container for TACACS+ server data

nodetype: container (rw)

/system/aaa/server-groups/server-group/servers/server/tacacs/
config

description:
Configuration data for TACACS+ server

nodetype: container (rw)

/system/aaa/server-groups/server-group/servers/server/tacacs/config/
port

description:
The port number on which to contact the TACACS server

nodetype: leaf (rw)

type: oc-inet:port-number

default: 49

/system/aaa/server-groups/server-group/servers/server/
radius

description:
Top-level container for RADIUS server data

nodetype: container (rw)

/system/aaa/server-groups/server-group/servers/server/radius/
config

description:
Configuration data for RADIUS servers

nodetype: container (rw)

/system/aaa/server-groups/server-group/servers/server/radius/config/
auth-port

description:
Port number for authentication requests

nodetype: leaf (rw)

type: oc-inet:port-number

default: 1812

/system/aaa/server-groups/server-group/servers/server/radius/config/
acct-port

description:
Port number for accounting requests

nodetype: leaf (rw)

type: oc-inet:port-number

default: 1813

/system/aaa/server-groups/server-group/servers/server/radius/config/
secret-key

description:
The unencrypted shared key used between the authentication server and the device.

nodetype: leaf (rw)

type: oc-types:routing-password

default: 1813

/system/aaa/server-groups/server-group/servers/server/radius/state/
secret-key

description:
The unencrypted shared key used between the authentication server and the device.

nodetype: leaf (ro)

type: oc-types:routing-password

/system/aaa/server-groups/server-group/servers/server/radius/state/
secret-key-hashed

description:
The hashed shared key used between the authentication server and the device.

nodetype: leaf (ro)

type: oc-aaa-types:crypt-password-type

/system/aaa/server-groups/server-group/servers/server/radius/state/
source-address

description:
Source IP address to use in messages to the RADIUS server

nodetype: leaf (ro)

type: oc-inet:ip-address

/system/aaa/server-groups/server-group/servers/server/radius/state/
retransmit-attempts

description:
Number of times the system may resend a request to the RADIUS server when it is unresponsive

nodetype: leaf (ro)

type: uint8

/system/aaa/server-groups/server-group/servers/server/radius/state/
counters

description:
A collection of RADIUS related state objects.

nodetype: container (ro)

/system/aaa/server-groups/server-group/servers/server/radius/state/counters/
retried-access-requests

description:
Retransmitted Access-Request messages.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/aaa/server-groups/server-group/servers/server/radius/state/counters/
access-accepts

description:
Received Access-Accept messages.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/aaa/server-groups/server-group/servers/server/radius/state/counters/
access-rejects

description:
Received Access-Reject messages.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/aaa/server-groups/server-group/servers/server/radius/state/counters/
timeout-access-requests

description:
Access-Request messages that have timed-out, requiring retransmission.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/
alarms

description:
Top-level container for device alarms

nodetype: container (ro)

/system/alarms/
alarm

description:
List of alarms, keyed by a unique id

nodetype: list (ro)

list keys: [id]

/system/alarms/alarm/
id

description:
References the unique alarm id

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/id

/system/alarms/alarm/
config

description:
Configuration data for each alarm

nodetype: container (ro)

/system/alarms/alarm/
state

description:
Operational state data for a device alarm

nodetype: container (ro)

/system/alarms/alarm/state/
id

description:
Unique ID for the alarm -- this will not be a configurable parameter on many implementations

nodetype: leaf (ro)

type: string

/system/alarms/alarm/state/
resource

description:
The item that is under alarm within the device. The resource may be a reference to an item which is defined elsewhere in the model. For example, it may be a platform/component, interfaces/interface, terminal-device/logical-channels/channel, etc. In this case the system should match the name of the referenced item exactly. The referenced item could alternatively be the path of the item within the model.

nodetype: leaf (ro)

type: string

/system/alarms/alarm/state/
text

description:
The string used to inform operators about the alarm. This MUST contain enough information for an operator to be able to understand the problem. If this string contains structure, this format should be clearly documented for programs to be able to parse that information

nodetype: leaf (ro)

type: string

/system/alarms/alarm/state/
time-created

description:
The time at which the alarm was raised by the system. This value is expressed relative to the Unix Epoch.

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/alarms/alarm/state/
severity

description:
The severity level indicating the criticality and impact of the alarm

nodetype: leaf (ro)

type: identityref

base: oc-alarm-types:OPENCONFIG_ALARM_SEVERITY

/system/alarms/alarm/state/
type-id

description:
The abbreviated name of the alarm, for example LOS, EQPT, or OTS. Also referred to in different systems as condition type, alarm identifier, or alarm mnemonic. It is recommended to use the OPENCONFIG_ALARM_TYPE_ID identities where possible and only use the string type when the desired identityref is not yet defined

nodetype: leaf (ro)

type: union

type: string

type: identityref

base: oc-alarm-types:OPENCONFIG_ALARM_TYPE_ID

list keys: [facility] [severity]

/system/logging/console/selectors/selector/
facility

description:
Reference to facility list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/facility

/system/logging/console/selectors/selector/
severity

description:
Reference to severity list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/severity

/system/logging/console/selectors/selector/
config

description:
Configuration data

nodetype: container (rw)

/system/logging/console/selectors/selector/config/
facility

description:
Specifies the facility, or class of messages to log

nodetype: leaf (rw)

type: identityref

base: SYSLOG_FACILITY

/system/logging/console/selectors/selector/config/
severity

description:
Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged

nodetype: leaf (rw)

type: syslog-severity

/system/logging/console/selectors/selector/
state

description:
Operational state data

nodetype: container (ro)

/system/logging/console/selectors/selector/state/
facility

description:
Specifies the facility, or class of messages to log

nodetype: leaf (ro)

type: identityref

base: SYSLOG_FACILITY

/system/logging/console/selectors/selector/state/
severity

description:
Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged

nodetype: leaf (ro)

type: syslog-severity

/system/logging/
remote-servers

description:
Enclosing container for the list of remote log servers

nodetype: container (rw)

/system/logging/remote-servers/
remote-server

description:
List of remote log servers

nodetype: list (rw)

list keys: [host]

/system/logging/remote-servers/remote-server/
host

description:
Reference to the host list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/host

/system/logging/remote-servers/remote-server/
config

description:
Configuration data for remote log servers

nodetype: container (rw)

/system/logging/remote-servers/remote-server/config/
host

description:
Sets the destination port number for syslog UDP messages to the server. The default for syslog is 514.

nodetype: leaf (ro)

type: oc-inet:port-number

default: 514

/system/logging/remote-servers/remote-server/
selectors

description:
Enclosing container

nodetype: container (rw)

/system/logging/remote-servers/remote-server/selectors/
selector

description:
List of selectors for log messages

nodetype: list (rw)

list keys: [facility] [severity]

/system/logging/remote-servers/remote-server/selectors/selector/
facility

description:
Reference to facility list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/facility

/system/logging/remote-servers/remote-server/selectors/selector/
severity

description:
Reference to severity list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/severity

/system/logging/remote-servers/remote-server/selectors/selector/
config

description:
Configuration data

nodetype: container (rw)

/system/logging/remote-servers/remote-server/selectors/selector/config/
facility

description:
Specifies the facility, or class of messages to log

nodetype: leaf (rw)

type: identityref

base: SYSLOG_FACILITY

/system/logging/remote-servers/remote-server/selectors/selector/config/
severity

description:
Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged

nodetype: leaf (rw)

type: syslog-severity

/system/logging/remote-servers/remote-server/selectors/selector/
state

description:
Operational state data

nodetype: container (ro)

/system/logging/remote-servers/remote-server/selectors/selector/state/
facility

description:
Specifies the facility, or class of messages to log

nodetype: leaf (ro)

type: identityref

base: SYSLOG_FACILITY

/system/logging/remote-servers/remote-server/selectors/selector/state/
severity

description:
Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged

nodetype: leaf (ro)

type: syslog-severity

/system/logging/
files

description:
Enclosing container for the list of log files

nodetype: container (rw)

/system/logging/files/
file

description:
List of logfiles

nodetype: list (rw)

list keys: [path] [filename-prefix]

/system/logging/files/file/
filename-prefix

description:
Reference to the logfiles list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/filename-prefix

/system/logging/files/file/
path

description:
Reference to the logfiles list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/path

/system/logging/files/file/
config

description:
Configuration data for logfile

nodetype: container (rw)

/system/logging/files/file/config/
filename-prefix

description:
A name used for the file. It is expected that an implementation may append timestamp, serial-number or other identifier to the filename.

nodetype: leaf (rw)

type: string

nodetype: leaf (ro)

type: string

/system/logging/files/file/
selectors

description:
Enclosing container

nodetype: container (rw)

/system/logging/files/file/selectors/
selector

description:
List of selectors for log messages

nodetype: list (rw)

list keys: [facility] [severity]

/system/logging/files/file/selectors/selector/
facility

description:
Reference to facility list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/facility

/system/logging/files/file/selectors/selector/
severity

description:
Reference to severity list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/severity

/system/logging/files/file/selectors/selector/
config

description:
Configuration data

nodetype: container (rw)

/system/logging/files/file/selectors/selector/config/
facility

description:
Specifies the facility, or class of messages to log

nodetype: leaf (rw)

type: identityref

base: SYSLOG_FACILITY

/system/logging/files/file/selectors/selector/config/
severity

description:
Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged

nodetype: leaf (rw)

type: syslog-severity

/system/logging/files/file/selectors/selector/
state

description:
Operational state data

nodetype: container (ro)

/system/logging/files/file/selectors/selector/state/
facility

description:
Specifies the facility, or class of messages to log

nodetype: leaf (ro)

type: identityref

base: SYSLOG_FACILITY

/system/logging/files/file/selectors/selector/state/
severity

description:
Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged

/system/logging/vty/selectors/selector/
facility

description:
Reference to facility list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/facility

/system/logging/vty/selectors/selector/
severity

description:
Reference to severity list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/severity

/system/logging/vty/selectors/selector/
config

description:
Configuration data

nodetype: container (rw)

/system/logging/vty/selectors/selector/config/
facility

description:
Specifies the facility, or class of messages to log

nodetype: leaf (rw)

type: identityref

base: SYSLOG_FACILITY

/system/logging/vty/selectors/selector/config/
severity

description:
Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged

nodetype: leaf (rw)

type: syslog-severity

/system/logging/vty/selectors/selector/
state

description:
Operational state data

nodetype: container (ro)

/system/logging/vty/selectors/selector/state/
facility

description:
Specifies the facility, or class of messages to log

nodetype: leaf (ro)

type: identityref

base: SYSLOG_FACILITY

/system/logging/vty/selectors/selector/state/
severity

description:
Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged

nodetype: leaf (ro)

type: syslog-severity

/system/
processes

description:
Parameters related to all monitored processes

nodetype: container (rw)

/system/processes/
process

description:
List of monitored processes

nodetype: list (ro)

list keys: [pid]

/system/processes/process/
pid

description:
Reference to the process pid key

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/pid

/system/processes/process/
state

description:
State parameters related to monitored processes

nodetype: container (ro)

/system/processes/process/state/
pid

description:
The process pid

nodetype: leaf (ro)

type: uint64

/system/processes/process/state/
name

description:
The process name

nodetype: leaf (ro)

type: string

/system/processes/process/state/
args

description:
Current process command line arguments. Arguments with a parameter (e.g., --option 10 or -option=10) should be represented as a single element of the list with the argument name and parameter together. Flag arguments, i.e., those without a parameter should also be in their own list element.

nodetype: leaf-list (ro)

type: string

description:
The percentage of CPU that is being used by the process.

nodetype: leaf (ro)

type: oc-types:percentage

/system/processes/process/state/
memory-usage

description:
Bytes allocated and still in use by the process

nodetype: leaf (ro)

type: uint64

units: bytes

/system/processes/process/state/
memory-utilization

description:
The percentage of RAM that is being used by the process.

nodetype: leaf (ro)

type: oc-types:percentage

/system/
messages

description:
Top-level container for Syslog messages.

nodetype: container (rw)

/system/messages/
config

description:
Configuration data for Syslog messages.

nodetype: container (rw)

/system/messages/config/
severity

description:
Specifies that only messages of the given severity (or greater severity) are sent over the RPC. This is analogous to differentiating which severity is to be sent to legacy Syslog servers, as opposed to local buffer or files.

nodetype: leaf (rw)

type: oc-log:syslog-severity

/system/messages/
state

description:
Operational state data for a Syslog messages.

nodetype: container (ro)

/system/messages/state/
severity

nodetype: leaf (ro)

type: oc-log:syslog-severity

description:
Enclosing container for list of debugs to enable.

nodetype: container (rw)

/system/messages/debug-entries/
debug-service

description:
List of debugging entries.

nodetype: list (rw)

list keys: [service]

/system/messages/debug-entries/debug-service/
service

description:
Reference to the debug-enable service key.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/service

/system/messages/debug-entries/debug-service/
config

description:
Configuration data for debug service entries.

nodetype: container (rw)

/system/messages/debug-entries/debug-service/config/
service

description:
Enumeration of all services which can have debugging enabled. Vendors are to augment this base identity with their platform or OS specific debug options.

nodetype: leaf (rw)

type: identityref

base: DEBUG_SERVICE

/system/messages/debug-entries/debug-service/config/
enabled

description:
Enable and disable debugging.

nodetype: leaf (rw)

type: boolean

default: false

/system/messages/debug-entries/debug-service/
state

description:
Operational state data for enabled debugs.

nodetype: container (ro)

/system/messages/debug-entries/debug-service/state/
service

description:
Enumeration of all services which can have debugging enabled. Vendors are to augment this base identity with their platform or OS specific debug options.

nodetype: leaf (ro)

type: identityref

base: DEBUG_SERVICE

/system/messages/debug-entries/debug-service/state/
enabled

description:
Enable and disable debugging.

nodetype: leaf (ro)

type: boolean

default: false

/system/
license

description:
Container for license model

nodetype: container (rw)

/system/license/
licenses

description:
Enclosing container for list of licenses

nodetype: container (rw)

/system/license/licenses/
license

description:
List of licenses.

nodetype: list (rw)

list keys: [license-id]

/system/license/licenses/license/
license-id

description:
Reference to license id list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/license-id

/system/license/licenses/license/
config

description:
Configuration data for license

nodetype: container (rw)

/system/license/licenses/license/config/
license-id

description:
License ID. A string that uniquelly identifies the license. The platform should list all the licenses it supports being activated.

nodetype: leaf (rw)

type: string

/system/license/licenses/license/config/
license-data

description:
The contents of the licence (if required) - which may be supplied as a binary blob, or a simple string value. If this value is considered sensitive, it may be read as an empty value.

nodetype: leaf (rw)

type: union

type: binary

type: string

/system/license/licenses/license/config/
active

description:
The activation state of the license.

nodetype: leaf (rw)

type: boolean

default: false

/system/license/licenses/license/
state

description:
Operational state data for license.

nodetype: container (ro)

/system/license/licenses/license/state/
license-id

description:
License ID. A string that uniquelly identifies the license. The platform should list all the licenses it supports being activated.

nodetype: leaf (ro)

type: string

/system/license/licenses/license/state/
license-data

description:
The contents of the licence (if required) - which may be supplied as a binary blob, or a simple string value. If this value is considered sensitive, it may be read as an empty value.

nodetype: leaf (ro)

type: union

type: binary

type: string

/system/license/licenses/license/state/
active

description:
The activation state of the license.

description:
The license is valid. Can be activated in the system or platform.

nodetype: leaf (ro)

type: boolean

/system/
ssh-server

description:
Top-level container for ssh server

nodetype: container (rw)

/system/ssh-server/
config

description:
Configuration data for the system ssh server

nodetype: container (rw)

/system/ssh-server/config/
enable

description:
Enables the ssh server. The ssh server is enabled by default.

nodetype: leaf (rw)

type: boolean

default: true

/system/ssh-server/config/
protocol-version

description:
Set the protocol version for SSH connections to the system

nodetype: leaf (rw)

type: enumeration

V2
Use SSH v2 only
V1
Use SSH v1 only
V1_V2
Use either SSH v1 or v2

default: V2

/system/ssh-server/config/
timeout

description:
Set the idle timeout in seconds on terminal connections to the system for the protocol.

nodetype: leaf (rw)

type: uint16

units: seconds

/system/ssh-server/config/
rate-limit

description:
Set a limit on the number of connection attempts per minute to the system for the protocol.

nodetype: leaf (rw)

type: uint16

units: conn/min

/system/ssh-server/config/
session-limit

description:
Set a limit on the number of simultaneous active terminal sessions to the system for the protocol (e.g., ssh, telnet, ...)

nodetype: leaf (rw)

type: uint16

/system/ssh-server/
state

description:
Operational state data for the system ssh server

nodetype: container (ro)

/system/ssh-server/state/
enable

description:
Enables the ssh server. The ssh server is enabled by default.

nodetype: leaf (ro)

type: boolean

default: true

/system/ssh-server/state/
protocol-version

description:
Set the protocol version for SSH connections to the system

nodetype: leaf (ro)

type: enumeration

V2
Use SSH v2 only
V1
Use SSH v1 only
V1_V2
Use either SSH v1 or v2

default: V2

/system/ssh-server/state/
timeout

description:
Set the idle timeout in seconds on terminal connections to the system for the protocol.

nodetype: leaf (ro)

type: uint16

units: seconds

/system/ssh-server/state/
rate-limit

description:
Set a limit on the number of connection attempts per minute to the system for the protocol.

description:
A collection of counters collected while authorizing users accessing the target.

nodetype: container (ro)

/system/ssh-server/state/counters/
access-rejects

description:
The total number of times access to the target has been denied.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/ssh-server/state/counters/
last-access-reject

description:
A timestamp of the last time access to the target has been denied.

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/ssh-server/state/counters/
access-accepts

description:
The total number of times access to the target has been allowed.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/ssh-server/state/counters/
last-access-accept

description:
A timestamp of the last time access to the target has been allowed.

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/
telnet-server

description:
Top-level container for telnet terminal servers

nodetype: container (rw)

/system/telnet-server/
config

description:
Configuration data for telnet

nodetype: container (rw)

/system/telnet-server/config/
enable

description:
Enables the telnet server. Telnet is disabled by default

nodetype: leaf (rw)

type: boolean

default: false

/system/telnet-server/config/
timeout

description:
Set the idle timeout in seconds on terminal connections to the system for the protocol.

nodetype: leaf (rw)

type: uint16

units: seconds

/system/telnet-server/config/
rate-limit

description:
Set a limit on the number of connection attempts per minute to the system for the protocol.

nodetype: leaf (rw)

type: uint16

units: conn/min

/system/telnet-server/config/
session-limit

description:
Set a limit on the number of simultaneous active terminal sessions to the system for the protocol (e.g., ssh, telnet, ...)

nodetype: leaf (rw)

type: uint16

/system/telnet-server/
state

description:
Operational state data for telnet

nodetype: container (ro)

/system/telnet-server/state/
enable

description:
Enables the telnet server. Telnet is disabled by default

nodetype: leaf (ro)

type: boolean

default: false

/system/telnet-server/state/
timeout

description:
Set the idle timeout in seconds on terminal connections to the system for the protocol.

nodetype: leaf (ro)

type: uint16

units: seconds

/system/telnet-server/state/
rate-limit

description:
Set a limit on the number of connection attempts per minute to the system for the protocol.

nodetype: leaf (ro)

type: uint16

units: conn/min

/system/telnet-server/state/
session-limit

description:
Set a limit on the number of simultaneous active terminal sessions to the system for the protocol (e.g., ssh, telnet, ...)

nodetype: leaf (ro)

type: uint16

/system/
clock

description:
Top-level container for clock configuration data

nodetype: container (rw)

/system/clock/
config

description:
Configuration data for system clock

nodetype: container (rw)

/system/clock/config/
timezone-name

description:
The TZ database name to use for the system, such as 'Europe/Stockholm'.

nodetype: leaf (rw)

type: timezone-name-type

/system/clock/
state

description:
Operational state data for system clock

nodetype: container (ro)

/system/clock/state/
timezone-name

description:
The TZ database name to use for the system, such as 'Europe/Stockholm'.

nodetype: leaf (ro)

type: timezone-name-type

/system/
cpus

description:
Enclosing container for the list of CPU cores on the system

nodetype: container (ro)

/system/cpus/
cpu

description:
List of CPU cores on the system (including logical CPUs on hyperthreaded systems), keyed by either a numerical index, or the ALL value for an entry representing the aggregation across all CPUs.

nodetype: list (ro)

list keys: [index]

/system/cpus/cpu/
index

description:
Reference to list key

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/index

/system/cpus/cpu/
state

description:
Operational state data for the system CPU(s)

nodetype: container (ro)

/system/cpus/cpu/state/
index

description:
The CPU index for each processor core on the system. On a single-core system, the index should be zero. The ALL index signifies an aggregation of the CPU utilization statistics over all cores in the system.

nodetype: leaf (ro)

type: union

type: enumeration

ALL
Index value indicating all CPUs in the system

type: uint32

description:
The absolute time at which the maximum value occurred. The value is the timestamp in nanoseconds relative to the Unix Epoch (Jan 1, 1970 00:00:00 UTC).

nodetype: leaf (ro)

type: oc-types:timeticks64

description:
List of the DNS servers that the resolver should query. When the resolver is invoked by a calling application, it sends the query to the first name server in this list. If no response has been received within 'timeout' seconds, the resolver continues with the next server in the list. If no response is received from any server, the resolver continues with the first server again. When the resolver has traversed the list 'attempts' times without receiving any response, it gives up and returns an error to the calling application. Implementations MAY limit the number of entries in this list.

nodetype: list (rw)

list keys: [address]

/system/dns/servers/server/
address

description:
References the configured address of the DNS server

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/address

/system/dns/servers/server/
config

description:
Configuration data for each DNS resolver

nodetype: container (rw)

/system/dns/servers/server/config/
address

description:
The address of the DNS server, can be either IPv4 or IPv6.

nodetype: leaf (rw)

type: oc-inet:ip-address

/system/dns/servers/server/config/
port

description:
The port number of the DNS server.

nodetype: leaf (rw)

type: oc-inet:port-number

default: 53

/system/dns/servers/server/
state

description:
Operational state data for each DNS resolver

nodetype: container (ro)

/system/dns/servers/server/state/
address

description:
The address of the DNS server, can be either IPv4 or IPv6.

nodetype: leaf (ro)

type: oc-inet:ip-address

/system/dns/servers/server/state/
port

description:
The port number of the DNS server.

nodetype: leaf (ro)

type: oc-inet:port-number

default: 53

/system/dns/
host-entries

description:
Enclosing container for list of static host entries

nodetype: container (rw)

/system/dns/host-entries/
host-entry

description:
List of static host entries

nodetype: list (rw)

list keys: [hostname]

/system/dns/host-entries/host-entry/
hostname

description:
Reference to the hostname list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/hostname

/system/dns/host-entries/host-entry/
config

description:
Configuration data for static host entries

nodetype: container (rw)

/system/dns/host-entries/host-entry/config/
hostname

description:
Hostname for the static DNS entry

nodetype: leaf (rw)

type: string

/system/dns/host-entries/host-entry/config/
alias

description:
Additional aliases for the hostname

nodetype: leaf-list (rw)

type: string

/system/dns/host-entries/host-entry/config/
ipv4-address

description:
List of IPv4 addresses for the host entry

nodetype: leaf-list (rw)

type: oc-inet:ipv4-address

/system/dns/host-entries/host-entry/config/
ipv6-address

description:
List of IPv6 addresses for the host entry

nodetype: leaf-list (rw)

type: oc-inet:ipv6-address

/system/dns/host-entries/host-entry/
state

description:
Operational state data for static host entries

nodetype: container (ro)

/system/dns/host-entries/host-entry/state/
hostname

description:
Hostname for the static DNS entry

nodetype: leaf (ro)

type: string

/system/dns/host-entries/host-entry/state/
alias

description:
Additional aliases for the hostname

nodetype: leaf-list (ro)

type: string

/system/dns/host-entries/host-entry/state/
ipv4-address

description:
List of IPv4 addresses for the host entry

nodetype: leaf-list (ro)

type: oc-inet:ipv4-address

/system/dns/host-entries/host-entry/state/
ipv6-address

description:
List of IPv6 addresses for the host entry

nodetype: leaf-list (ro)

type: oc-inet:ipv6-address

/system/
mac-address

description:
Top-level container for system's MAC address configuration and state

nodetype: container (rw)

/system/mac-address/
config

description:
Configuration data for routing MAC address.

nodetype: container (rw)

/system/mac-address/config/
routing-mac

description:
Any packets destined to this MAC address must be sent through the routing pipeline by the system. This MAC address is used to identify routed packets in addition to any other MAC addresses that the system may already have been using to perform routing. It is not expected that this MAC address will be used as the source MAC address of any routed packet, as the source MAC address of any packets generated by the system, or a MAC address used in ARP response. This MAC address may not be allocated from the block of MAC address that system owns. For instance, it's allocation could be managed by an external controller.

nodetype: leaf (rw)

type: oc-yang:mac-address

/system/mac-address/
state

description:
Operational state data for routing MAC address.

nodetype: container (ro)

/system/mac-address/state/
routing-mac

nodetype: leaf (ro)

type: oc-yang:mac-address

/system/
memory

description:
Top-level container for system memory data

nodetype: container (rw)

/system/memory/
config

description:
Configuration data for system memory

nodetype: container (rw)

/system/memory/
state

description:
Operational state data for system memory

nodetype: container (ro)

/system/memory/state/
counters

description:
Counters for tracking system memory errors

nodetype: container (ro)

/system/memory/state/counters/
correctable-ecc-errors

description:
Count of correctable ECC errors. Systems with ECC memory are capable of correcting Single-bit ECC errors.

nodetype: leaf (ro)

type: uint64

/system/memory/state/counters/
uncorrectable-ecc-errors

description:
Count of uncorrectable ECC errors. Systems with ECC memory are capable of detecting multi-bit ECC errors, but cannot correct them.

nodetype: leaf (ro)

type: uint64

description:
Top-level container for NTP configuration and state

nodetype: container (rw)

/system/ntp/
config

description:
Configuration data for NTP client.

nodetype: container (rw)

/system/ntp/config/
enabled

description:
Enables and disables the NTP protocol and indicates that the system should attempt to synchronize the system clock with an NTP server from the servers defined in the 'ntp/server' list.

nodetype: leaf (rw)

type: boolean

default: false

/system/ntp/config/
enable-ntp-auth

description:
Enable or disable NTP authentication -- when enabled, the system will only use packets containing a trusted authentication key to synchronize the time.

nodetype: leaf (rw)

type: boolean

default: false

/system/ntp/
state

description:
Operational state data for NTP services.

nodetype: container (ro)

/system/ntp/state/
enabled

description:
Enables and disables the NTP protocol and indicates that the system should attempt to synchronize the system clock with an NTP server from the servers defined in the 'ntp/server' list.

nodetype: leaf (ro)

type: boolean

default: false

/system/ntp/state/
enable-ntp-auth

description:
Enable or disable NTP authentication -- when enabled, the system will only use packets containing a trusted authentication key to synchronize the time.

nodetype: leaf (ro)

type: boolean

default: false

/system/ntp/state/
auth-mismatch

description:
Count of the number of NTP packets received that were not processed due to authentication mismatch.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/ntp/
ntp-keys

description:
Enclosing container for list of NTP authentication keys

nodetype: container (rw)

/system/ntp/ntp-keys/
ntp-key

description:
List of NTP authentication keys

nodetype: list (rw)

list keys: [key-id]

/system/ntp/ntp-keys/ntp-key/
key-id

description:
Reference to auth key-id list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/key-id

/system/ntp/ntp-keys/ntp-key/
config

description:
Configuration data for NTP auth keys

nodetype: container (rw)

/system/ntp/ntp-keys/ntp-key/config/
key-id

description:
Integer identifier used by the client and server to designate a secret key. The client and server must use the same key id.

nodetype: leaf (rw)

type: uint16

/system/ntp/ntp-keys/ntp-key/config/
key-type

description:
Encryption type used for the NTP authentication key

nodetype: leaf (rw)

type: identityref

base: NTP_AUTH_TYPE

/system/ntp/ntp-keys/ntp-key/config/
key-value

description:
NTP authentication key value

nodetype: leaf (rw)

type: string

/system/ntp/ntp-keys/ntp-key/
state

description:
Operational state data for NTP auth keys

nodetype: container (ro)

/system/ntp/ntp-keys/ntp-key/state/
key-id

description:
Integer identifier used by the client and server to designate a secret key. The client and server must use the same key id.

nodetype: leaf (ro)

type: uint16

/system/ntp/ntp-keys/ntp-key/state/
key-type

description:
Encryption type used for the NTP authentication key

nodetype: leaf (ro)

type: identityref

base: NTP_AUTH_TYPE

/system/ntp/ntp-keys/ntp-key/state/
key-value

description:
NTP authentication key value

nodetype: leaf (ro)

type: string

/system/ntp/
servers

description:
Enclosing container for the list of NTP servers

nodetype: container (rw)

/system/ntp/servers/
server

description:
List of NTP servers to use for system clock synchronization. If '/system/ntp/enabled' is 'true', then the system will attempt to contact and utilize the specified NTP servers.

nodetype: list (rw)

list keys: [address]

/system/ntp/servers/server/
address

description:
References the configured address or hostname of the NTP server.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/address

/system/ntp/servers/server/
config

description:
Configuration data for an NTP server.

nodetype: container (rw)

/system/ntp/servers/server/config/
address

description:
The address or hostname of the NTP server.

nodetype: leaf (rw)

type: oc-inet:host

/system/ntp/servers/server/config/
port

description:
The port number of the NTP server.

nodetype: leaf (rw)

type: oc-inet:port-number

default: 123

/system/ntp/servers/server/config/
version

description:
Version number to put in outgoing NTP packets

nodetype: leaf (rw)

type: uint8

range: 1..4

default: 4

/system/ntp/servers/server/config/
association-type

description:
The desired association type for this NTP server.

nodetype: leaf (rw)

type: enumeration

SERVER
Use client association mode. This device will not provide synchronization to the configured NTP server.
PEER
Use symmetric active association mode. This device may provide synchronization to the configured NTP server.
POOL
Use client association mode with one or more of the NTP servers found by DNS resolution of the domain name given by the 'address' leaf. This device will not provide synchronization to the servers.

default: SERVER

/system/ntp/servers/server/config/
iburst

description:
Indicates whether this server should enable burst synchronization or not.

nodetype: leaf (rw)

type: boolean

default: false

/system/ntp/servers/server/config/
prefer

description:
Indicates whether this server should be preferred or not.

nodetype: leaf (rw)

type: boolean

default: false

/system/ntp/servers/server/config/
network-instance

description:
The network instance used to find this server.

nodetype: leaf (rw)

type: oc-ni:network-instance-ref

/system/ntp/servers/server/config/
source-address

description:
Source address to use on outgoing NTP packets

nodetype: leaf (rw)

type: oc-inet:ip-address

/system/ntp/servers/server/
state

description:
Operational state data for an NTP server.

nodetype: container (ro)

/system/ntp/servers/server/state/
address

description:
The address or hostname of the NTP server.

nodetype: leaf (ro)

type: oc-inet:host

/system/ntp/servers/server/state/
port

description:
The port number of the NTP server.

nodetype: leaf (ro)

type: oc-inet:port-number

default: 123

/system/ntp/servers/server/state/
version

description:
Version number to put in outgoing NTP packets

nodetype: leaf (ro)

type: uint8

range: 1..4

default: 4

/system/ntp/servers/server/state/
association-type

description:
The desired association type for this NTP server.

nodetype: leaf (ro)

type: enumeration

SERVER
Use client association mode. This device will not provide synchronization to the configured NTP server.
PEER
Use symmetric active association mode. This device may provide synchronization to the configured NTP server.
POOL
Use client association mode with one or more of the NTP servers found by DNS resolution of the domain name given by the 'address' leaf. This device will not provide synchronization to the servers.

default: SERVER

/system/ntp/servers/server/state/
iburst

description:
Indicates whether this server should enable burst synchronization or not.

nodetype: leaf (ro)

type: boolean

default: false

/system/ntp/servers/server/state/
prefer

description:
Indicates whether this server should be preferred or not.

nodetype: leaf (ro)

type: boolean

default: false

/system/ntp/servers/server/state/
network-instance

description:
The network instance used to find this server.

nodetype: leaf (ro)

type: oc-ni:network-instance-ref

/system/ntp/servers/server/state/
source-address

description:
Source address to use on outgoing NTP packets

nodetype: leaf (ro)

type: oc-inet:ip-address

description:
Container for Openflow model

nodetype: container (rw)

/system/openflow/
controllers

description:
Container for the Openflow controllers model

nodetype: container (rw)

/system/openflow/controllers/
controller

description:
The Openflow Switch connects to all Openflow controllers configured

nodetype: list (rw)

list keys: [name]

/system/openflow/controllers/controller/
name

description:
The name identifies the controller.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/name

/system/openflow/controllers/controller/
config

description:
Container for the Openflow controller config.

nodetype: container (rw)

/system/openflow/controllers/controller/config/
name

description:
Name of this Openflow controller. All connections for the same controller need to have the same name.

nodetype: leaf (rw)

type: string

/system/openflow/controllers/controller/
state

description:
Container for the Openflow controller state.

nodetype: container (ro)

/system/openflow/controllers/controller/state/
name

description:
Name of this Openflow controller. All connections for the same controller need to have the same name.

nodetype: leaf (ro)

type: string

/system/openflow/controllers/controller/
connections

description:
Enclosing container for list of controller connections

nodetype: container (rw)

/system/openflow/controllers/controller/connections/
connection

description:
List of connections to the OpenFlow controller. The Openflow switch always connects to configured Openflow controllers. Each controller can have more than one connection, called auxiliary Openflow connections.

nodetype: list (rw)

list keys: [aux-id]

/system/openflow/controllers/controller/connections/connection/
aux-id

description:
Reference to auxiliary id list key

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/aux-id

/system/openflow/controllers/controller/connections/connection/
config

description:
Configuration data for OpenFlow controller connections

nodetype: container (rw)

/system/openflow/controllers/controller/connections/connection/config/
aux-id

description:
Controller auxiliary ID. Must be 0 for the main controller. One controller may have multiple auxiliary connections as specified by the Openflow protocol. Besides configuring the main controller, it is also possible to configure auxiliary connections. The main controller must have the aux-id set to zero. All others must have an aux-id different from 0.

nodetype: leaf (rw)

type: of-types:auxiliary-id

/system/openflow/controllers/controller/connections/connection/config/
priority

description:
Optional value for servicing auxiliary connections with different priorities.

nodetype: leaf (rw)

type: uint8

description:
Certificate ID is used for TLS connections. When installed, certificates are associated with an ID. This ID specifies the certificate to use in a TLS connection.

nodetype: leaf (rw)

type: string

/system/openflow/controllers/controller/connections/connection/config/
source-interface

description:
Optionally specify the source interface for the controller connection.

nodetype: leaf (rw)

type: oc-if:base-interface-ref

/system/openflow/controllers/controller/connections/connection/
state

description:
Operational state data for OpenFlow controller connections

nodetype: container (ro)

description:
Controller port to use.

nodetype: leaf (ro)

type: oc-inet:port-number

default: 6653

/system/openflow/controllers/controller/connections/connection/state/
transport

description:
Controller transport protocol used.

nodetype: leaf (ro)

type: of-types:transport

default: TCP

/system/openflow/controllers/controller/connections/connection/state/
certificate-id

description:
Certificate ID is used for TLS connections. When installed, certificates are associated with an ID. This ID specifies the certificate to use in a TLS connection.

nodetype: leaf (ro)

type: string

/system/openflow/controllers/controller/connections/connection/state/
source-interface

description:
Optionally specify the source interface for the controller connection.

nodetype: leaf (ro)

type: oc-if:base-interface-ref

/system/openflow/controllers/controller/connections/connection/state/
connected

description:
When set to true, indicates the connection between the switch and controller is established.

nodetype: leaf (ro)

type: boolean

/system/openflow/
agent

description:
Container for the Openflow agent model.

nodetype: container (rw)

/system/openflow/agent/
config

description:
Container for the Openflow agent config.

nodetype: container (rw)

/system/openflow/agent/config/
datapath-id

description:
Datapath unique ID. The lower 48-bits are for a MAC address, while the upper 16-bits are implementer-defined.

nodetype: leaf (rw)

type: of-types:datapath-id

description:
Container for the Openflow agent state.

nodetype: container (ro)

/system/openflow/agent/state/
datapath-id

description:
Datapath unique ID. The lower 48-bits are for a MAC address, while the upper 16-bits are implementer-defined.

nodetype: leaf (ro)

type: of-types:datapath-id

description:
Container for Hashing algorithms and hashing policies

nodetype: container (rw)

/system/hashing/
algorithms

description:
Container for vendor supported hashing algorithms.

nodetype: container (rw)

/system/hashing/algorithms/
vendor

description:
Specify the vendor. Each vendor should have its own set of supported algorithms. For each supported algorithm, a name and a description should be defined. An implementation must augment this model using the schema described in the vendor_counter_guide reference. e.g. augment /system/hashing/vendor { container { container { uses hashing-algo-top; } } }

nodetype: container (rw)

/system/hashing/
hashing-policies

description:
Top level container for hashing, including configuration and state data.

nodetype: container (rw)

/system/hashing/hashing-policies/
hashing-policy

description:
The list of named policies to be used on the device.

nodetype: list (rw)

list keys: [name]

/system/hashing/hashing-policies/hashing-policy/
name

description:
References the name of the hashing policy.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/name

/system/hashing/hashing-policies/hashing-policy/
config

description:
Configurable items at the global hash policy level.

nodetype: container (rw)

/system/hashing/hashing-policies/hashing-policy/config/
name

description:
The name of the hashing policy. When a configured user-controlled policy is created by the system, it is instantiated with the same name in the /system/hashing-policies/hashing-policy/name list.

nodetype: leaf (rw)

type: string

/system/hashing/hashing-policies/hashing-policy/config/
seed

description:
The seed used to initialize the hash algorithm

nodetype: leaf (rw)

type: uint64

/system/hashing/hashing-policies/hashing-policy/config/
algorithm

description:
The name of hash algorithm. This algorithm MUST be a supported algorithm

nodetype: leaf (rw)

type: string

/system/hashing/hashing-policies/hashing-policy/
state

description:
Operational state data at the global hash policy level.

nodetype: container (ro)

description:
Container for specifying inputs to be used when calculating the hash.

nodetype: container (rw)

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/
config

description:
Configurable items at the hashing inputs level.

nodetype: container (rw)

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/config/
ingress-interface

description:
Include the ingress subinterface identified in the calculation of the hash.

nodetype: leaf (rw)

type: boolean

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/config/
ip-protocol-type

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/ipv4/config/
src-port

description:
Use the source port from the transport header in the calculation of the hash.

nodetype: leaf (rw)

type: boolean

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/ipv4/config/
dst-port

description:
Use the destination port from the transport header in the calculation of the hash.

nodetype: leaf (rw)

type: boolean

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/ipv4/
state

description:
Operational state data at the hashing inputs level for IPv4.

nodetype: container (ro)

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/ipv4/state/
src-addr

description:
Use the source address in the calculation of the hash.

nodetype: leaf (ro)

type: boolean

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/ipv4/state/
dst-addr

description:
Use the destination address in the calculation of the hash.

nodetype: leaf (ro)

type: boolean

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/ipv4/state/
src-port

description:
Use the source port from the transport header in the calculation of the hash.

nodetype: leaf (ro)

type: boolean

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/ipv4/state/
dst-port

description:
Use the destination port from the transport header in the calculation of the hash.

nodetype: leaf (ro)

type: boolean

/system/hashing/hashing-policies/hashing-policy/hash-field-modes/
ipv6

description:
The IPv6 fields that should be used to compute the hash.

nodetype: container (rw)

nodetype: container (rw)

/system/bootz/
state

description:
Operational state relating to the bootz service.

nodetype: container (ro)

/system/bootz/state/
checksum

description:
The current checksum of the bootz protocol buffer. This value should refect the current sha-512 of the bootz protocol buffer message BootstrapDataSigned. The protocol buffer serialization must be done by tag value for each field in the bootz protocol buffer. This will produce a determintistic marshalled value which can be checksummed.

nodetype: leaf (ro)

type: string

default:

/system/bootz/state/
error-count

description:
Total count of all bootz errors.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/bootz/state/
status

description:
The status of the bootz service. The general sequence for the flow would be: BOOTZ_UNSPECIFIED <- system initial state BOOTZ_SENT <- bootz request sent BOOTZ_RECEIVED <- bootz response received BOOTZ_OS_UPGRADE_IN_PROGRESS <- (if needed) BOOTZ_OS_UPGRADE_COMPLETE <- (if needed) BOOTZ_CONFIGURATION_APPLIED <- bootz configuration applied BOOTZ_OK <- bootz process successful If any error is encounter an error ENUM will be returned.

nodetype: leaf (ro)

type: enumeration

/system/bootz/state/
last-boot-attempt

description:
The timestamp of the last bootz attempt.

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/
control-plane-traffic

description:
Policies and configuration relating to the traffic destined towards the system control-plane.

nodetype: container (rw)

/system/control-plane-traffic/
ingress

description:
Control-plane traffic parameters relating to ingress traffic. This refers to traffic that is being received by the system's control plane from external-to-the-controlplane sources.

nodetype: container (rw)

/system/control-plane-traffic/ingress/
acl

description:
Configuration and operational state parameters relating to the access control list applied to control-plane traffic.

nodetype: container (rw)

/system/control-plane-traffic/ingress/acl/
acl-set

description:
List of the ACL that is to be applied in the specific ingress or egress context. The key of the list specifies the type of traffic to be matched, along with a reference to an ACL configured in the OpenConfig ACL model within the /acl hierarchy.

nodetype: list (rw)

list keys: [set-name] [type]

/system/control-plane-traffic/ingress/acl/acl-set/
set-name

description:
Reference to the name of the ACL-set to be applied.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/set-name

/system/control-plane-traffic/ingress/acl/acl-set/
type

description:
Reference to the type of the ACL-set to be applied.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/type

/system/control-plane-traffic/ingress/acl/acl-set/
config

description:
Configuration parameters relating to the ACL to be applied.

nodetype: container (rw)

/system/control-plane-traffic/ingress/acl/acl-set/config/
set-name

description:
Reference to the ACL to be applied to traffic in the specified context (ingress or egress).

nodetype: leaf (rw)

type: leafref

path reference: /acl/acl-sets/acl-set/config/name

/system/control-plane-traffic/ingress/acl/acl-set/config/
type

description:
Reference to the ACL set type applied to traffic in the specified context (ingress or egress).

nodetype: leaf (rw)

type: leafref

path reference: /acl/acl-sets/name=current()/../set-name]/config/type

/system/control-plane-traffic/ingress/acl/acl-set/
state

description:
Operational state parameters relating to the ACL to be applied.

nodetype: container (ro)

/system/control-plane-traffic/ingress/acl/acl-set/state/
set-name

description:
Reference to the ACL to be applied to traffic in the specified context (ingress or egress).

nodetype: leaf (ro)

type: leafref

path reference: /acl/acl-sets/acl-set/config/name

/system/control-plane-traffic/ingress/acl/acl-set/state/
type

description:
Reference to the ACL set type applied to traffic in the specified context (ingress or egress).

nodetype: leaf (ro)

type: leafref

path reference: /acl/acl-sets/name=current()/../set-name]/config/type

/system/control-plane-traffic/ingress/acl/acl-set/
acl-entries

description:
Enclosing container for list of references to ACLs

nodetype: container (ro)

/system/control-plane-traffic/ingress/acl/acl-set/acl-entries/
acl-entry

description:
List of ACL entries assigned to an interface

nodetype: list (ro)

list keys: [sequence-id]

/system/control-plane-traffic/ingress/acl/acl-set/acl-entries/acl-entry/
sequence-id

description:
Reference to per-interface acl entry key

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/sequence-id

/system/control-plane-traffic/ingress/acl/acl-set/acl-entries/acl-entry/
state

description:
Operational state data for per-interface ACL entries

nodetype: container (ro)

/system/control-plane-traffic/ingress/acl/acl-set/acl-entries/acl-entry/state/
sequence-id

description:
Reference to an entry in the ACL set applied to an interface

nodetype: leaf (ro)

type: leafref

path reference: /acl/acl-sets/name=current()/../../../../type=current()/../../../../type]/acl-entries/acl-entry/sequence-id

/system/control-plane-traffic/ingress/acl/acl-set/acl-entries/acl-entry/state/
matched-packets

description:
Count of the number of packets matching the current ACL entry. An implementation should provide this counter on a per-interface per-ACL-entry if possible. If an implementation only supports ACL counters per entry (i.e., not broken out per interface), then the value should be equal to the aggregate count across all interfaces. An implementation that provides counters per entry per interface is not required to also provide an aggregate count, e.g., per entry -- the user is expected to be able implement the required aggregation if such a count is needed.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/control-plane-traffic/ingress/acl/acl-set/acl-entries/acl-entry/state/
matched-octets

description:
Count of the number of octets (bytes) matching the current ACL entry. An implementation should provide this counter on a per-interface per-ACL-entry if possible. If an implementation only supports ACL counters per entry (i.e., not broken out per interface), then the value should be equal to the aggregate count across all interfaces. An implementation that provides counters per entry per interface is not required to also provide an aggregate count, e.g., per entry -- the user is expected to be able implement the required aggregation if such a count is needed.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/control-plane-traffic/ingress/
qos

description:
Configuration and operational state relating to QoS policies that are applied to control-plane traffic.

nodetype: container (rw)

/system/control-plane-traffic/ingress/qos/
classifier

description:
Configuration and state parameters relating to the QoS classifier that is applied to control plane traffic. A QoS classifier - defined in /qos/classifiers specifies how traffic is mapped to QoS queues. The classifier specified in this container and corresponding state allows for traffic towards the control-plane to be classified.

nodetype: container (rw)

/system/control-plane-traffic/ingress/qos/classifier/
config

description:
Configuration parameters relating to QoS classifier applied to match control plane traffic.

nodetype: container (rw)

/system/control-plane-traffic/ingress/qos/classifier/config/
name

description:
Reference to a classifier that is used to classify traffic destined to the control-plane of the system. This classifier determines how packets that match each terms are classified into forwarding groups, and subsequently into queues to be forwarded.

nodetype: leaf (rw)

type: leafref

path reference: /qos/classifiers/classifier/config/name

/system/control-plane-traffic/ingress/qos/classifier/
state

description:
Operational state parameters relating to the QoS classifier applied to match control plane traffic.

nodetype: container (ro)

/system/control-plane-traffic/ingress/qos/classifier/state/
name

nodetype: leaf (ro)

type: leafref

path reference: /qos/classifiers/classifier/config/name

/system/control-plane-traffic/ingress/qos/classifier/
terms

description:
Operational state and counters relating to the classifier applied to control-plane traffic.

nodetype: container (ro)

/system/control-plane-traffic/ingress/qos/classifier/terms/
term

description:
A list of the terms within the QoS classifier being applied for control-plane traffic. Each term has corresponding operational state parameters.

nodetype: list (ro)

list keys: [id]

/system/control-plane-traffic/ingress/qos/classifier/terms/term/
id

description:
Reference to the identifier for the classifier term.

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/id

/system/control-plane-traffic/ingress/qos/classifier/terms/term/
state

description:
Operational state parameters relating to a term within the applied control-plane classifier

nodetype: container (ro)

/system/control-plane-traffic/ingress/qos/classifier/terms/term/state/
id

description:
Reference to a term identifier within the configured control-plane classifier.

nodetype: leaf (ro)

type: leafref

path reference: /qos/classifiers/name=current()/../../../../config/name]/terms/term/config/id

/system/control-plane-traffic/ingress/qos/classifier/terms/term/state/
matched-packets

description:
Count of the number of packets matching this classifier match term on the interface.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/control-plane-traffic/ingress/qos/classifier/terms/term/state/
matched-octets

description:
Count of the number of octets (bytes) matching this classifier match term on the interface.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/control-plane-traffic/ingress/qos/
scheduler-policy

description:
Configuration and operational state relating to the QoS scheduler policy that is applied to control-plane traffic. The scheduler policy determines how traffic, classified by the specified control-plane classifier is rate-limited towards the control-plane. The scheduler policy is defined in /qos/scheduler-policies.

nodetype: container (rw)

/system/control-plane-traffic/ingress/qos/scheduler-policy/
config

description:
Configuration parameters relating to the scheduler-policy that is to be applied control-plane traffic.

nodetype: container (rw)

/system/control-plane-traffic/ingress/qos/scheduler-policy/config/
name

description:
Reference to a scheduler policy that determines rate limits, or shaping of packets towards the control-plane.

nodetype: leaf (rw)

type: leafref

path reference: /qos/scheduler-policies/scheduler-policy/config/name

/system/control-plane-traffic/ingress/qos/scheduler-policy/
state

description:
Operational state parameters relating to the scheduler policy applied to the control-plane traffic.

nodetype: container (ro)

/system/control-plane-traffic/ingress/qos/scheduler-policy/state/
name

description:
Reference to a scheduler policy that determines rate limits, or shaping of packets towards the control-plane.

nodetype: leaf (ro)

type: leafref

path reference: /qos/scheduler-policies/scheduler-policy/config/name

/system/control-plane-traffic/ingress/qos/scheduler-policy/
scheduler-statistics

description:
Operational state and counters relating to the scheduler-policy applied to control plane traffic.

nodetype: container (ro)

/system/control-plane-traffic/ingress/qos/scheduler-policy/scheduler-statistics/
scheduler

description:
List of the schedulers that are part of the scheduler-policy specified.

nodetype: list (ro)

list keys: [sequence]

/system/control-plane-traffic/ingress/qos/scheduler-policy/scheduler-statistics/scheduler/
sequence

description:
Reference to the sequence ID for the scheduler.

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/sequence

/system/control-plane-traffic/ingress/qos/scheduler-policy/scheduler-statistics/scheduler/
state

description:
Operational state parameters relating to the scheduler policy.

nodetype: container (ro)

/system/control-plane-traffic/ingress/qos/scheduler-policy/scheduler-statistics/scheduler/state/
sequence

description:
Reference to a scheduler within the configured scheduler policy.

nodetype: leaf (ro)

type: leafref

path reference: /qos/scheduler-policies/name=current()/../../../../config/name]/schedulers/scheduler/config/sequence

/system/control-plane-traffic/
egress

description:
Control-plane traffic parameters relating to egress traffic. This refers to traffic that is sent by the system's control plane to external-to-the-controlplane destinations.

nodetype: container (rw)

/system/control-plane-traffic/egress/
acl

description:
Configuration and operational state parameters relating to the access control list applied to control-plane traffic.

nodetype: container (rw)

/system/control-plane-traffic/egress/acl/
acl-set

nodetype: list (rw)

list keys: [set-name] [type]

/system/control-plane-traffic/egress/acl/acl-set/
set-name

description:
Reference to the name of the ACL-set to be applied.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/set-name

/system/control-plane-traffic/egress/acl/acl-set/
type

description:
Reference to the type of the ACL-set to be applied.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/type

/system/control-plane-traffic/egress/acl/acl-set/
config

description:
Configuration parameters relating to the ACL to be applied.

nodetype: container (rw)

/system/control-plane-traffic/egress/acl/acl-set/config/
set-name

description:
Reference to the ACL to be applied to traffic in the specified context (ingress or egress).

nodetype: leaf (rw)

type: leafref

path reference: /acl/acl-sets/acl-set/config/name

/system/control-plane-traffic/egress/acl/acl-set/config/
type

description:
Reference to the ACL set type applied to traffic in the specified context (ingress or egress).

nodetype: leaf (rw)

type: leafref

path reference: /acl/acl-sets/name=current()/../set-name]/config/type

/system/control-plane-traffic/egress/acl/acl-set/
state

description:
Operational state parameters relating to the ACL to be applied.

nodetype: container (ro)

/system/control-plane-traffic/egress/acl/acl-set/state/
set-name

description:
Reference to the ACL to be applied to traffic in the specified context (ingress or egress).

nodetype: leaf (ro)

type: leafref

path reference: /acl/acl-sets/acl-set/config/name

/system/control-plane-traffic/egress/acl/acl-set/state/
type

description:
Reference to the ACL set type applied to traffic in the specified context (ingress or egress).

nodetype: leaf (ro)

type: leafref

path reference: /acl/acl-sets/name=current()/../set-name]/config/type

/system/control-plane-traffic/egress/acl/acl-set/
acl-entries

description:
Enclosing container for list of references to ACLs

nodetype: container (ro)

/system/control-plane-traffic/egress/acl/acl-set/acl-entries/
acl-entry

description:
List of ACL entries assigned to an interface

nodetype: list (ro)

list keys: [sequence-id]

/system/control-plane-traffic/egress/acl/acl-set/acl-entries/acl-entry/
sequence-id

description:
Reference to per-interface acl entry key

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/sequence-id

/system/control-plane-traffic/egress/acl/acl-set/acl-entries/acl-entry/
state

description:
Operational state data for per-interface ACL entries

nodetype: container (ro)

/system/control-plane-traffic/egress/acl/acl-set/acl-entries/acl-entry/state/
sequence-id

description:
Reference to an entry in the ACL set applied to an interface

nodetype: leaf (ro)

type: leafref

path reference: /acl/acl-sets/name=current()/../../../../type=current()/../../../../type]/acl-entries/acl-entry/sequence-id

/system/control-plane-traffic/egress/acl/acl-set/acl-entries/acl-entry/state/
matched-packets

nodetype: leaf (ro)

type: oc-yang:counter64

/system/control-plane-traffic/egress/acl/acl-set/acl-entries/acl-entry/state/
matched-octets

nodetype: leaf (ro)

type: oc-yang:counter64

/system/
grpc-servers

description:
List of gRPC servers that can be configured on the device.

nodetype: container (rw)

/system/grpc-servers/
grpc-server

description:
The list of gRPC servers that are running on the device. Each instance within this list corresponds to an individual gRPC listener that listens on a single TCP port on the specified addresses. Where there are multiple services that run on a single port, these are enabled through the service leaf-list which uses the GRPC_SERVICE identity to list the supported service types.

nodetype: list (rw)

list keys: [name]

/system/grpc-servers/grpc-server/
name

description:
Reference to the name of the service that is to be enabled.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/name

/system/grpc-servers/grpc-server/
config

description:
Configuration parameters relating to the gRPC service.

nodetype: container (rw)

/system/grpc-servers/grpc-server/config/
name

description:
The name of the gRPC server instance that is running on the local system. If the operator does not designate a name for the protocol instance (e.g. config), the implementation should use the name of 'DEFAULT' (e.g. state). In addition, for implementations that support a single gRPC server instance, the default value is recommended for consistency.

nodetype: leaf (rw)

type: string

default: DEFAULT

/system/grpc-servers/grpc-server/config/
services

description:
The gRPC service definitions that should be enabled for the specified server. A target may support only specific sets of services being enabled on the same server (e.g., it may be possible to run gNMI and gNOI services on the same port, but not to run gRIBI and gNMI on the same port). The set of gRPC services that are available to be configured is defined through the GRPC_SERVICE identity, which can be extended for each protocol that is based on gRPC that is available on the device.

nodetype: leaf-list (rw)

type: identityref

base: GRPC_SERVICE

/system/grpc-servers/grpc-server/config/
enable

description:
When set to true, the gRPC server is enabled and runs on the local device.

nodetype: leaf (rw)

type: boolean

/system/grpc-servers/grpc-server/config/
port

description:
TCP port on which the gRPC server should listen.

nodetype: leaf (rw)

type: oc-inet:port-number

/system/grpc-servers/grpc-server/config/
transport-security

description:
Use gRPC transport security (e.g., SSL or TLS). Enabled by default. This leaf allows transport security to be disabled for use cases that are not supported, such as lab testing.

nodetype: leaf (rw)

type: boolean

default: true

/system/grpc-servers/grpc-server/config/
certificate-id

description:
Name of the certificate that is associated with the gRPC service. The certificate ID is provisioned through other interfaces to the device, such as the gNOI certificate management service.

nodetype: leaf (rw)

type: string

/system/grpc-servers/grpc-server/config/
metadata-authentication

description:
When set to true, metadata authentication is enabled for the gRPC server. In this mode of operation, gRPC metadata is used to carry authentication credentials as per the specification in https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-authentication.md#credentials-and-authentication.

nodetype: leaf (rw)

type: boolean

/system/grpc-servers/grpc-server/config/
listen-addresses

description:
The IP addresses that the gRPC server should listen on. This may be an IPv4 or an IPv6 address (or both).

nodetype: leaf-list (rw)

type: union

type: oc-inet:ip-address

type: enumeration

ANY
The gRPC server should listen on any address bound to an interface of the system.

/system/grpc-servers/grpc-server/config/
network-instance

description:
The network instance within which the gRPC server is listening. When unspecified, the DEFAULT_INSTANCE should be used.

nodetype: leaf (rw)

type: oc-ni:network-instance-ref

/system/grpc-servers/grpc-server/
state

description:
Operational state relating to the gRPC service.

nodetype: container (ro)

/system/grpc-servers/grpc-server/state/
name

nodetype: leaf (ro)

type: string

default: DEFAULT

/system/grpc-servers/grpc-server/state/
services

nodetype: leaf-list (ro)

type: identityref

base: GRPC_SERVICE

/system/grpc-servers/grpc-server/state/
enable

description:
When set to true, the gRPC server is enabled and runs on the local device.

nodetype: leaf (ro)

type: boolean

/system/grpc-servers/grpc-server/state/
port

description:
TCP port on which the gRPC server should listen.

nodetype: leaf (ro)

type: oc-inet:port-number

/system/grpc-servers/grpc-server/state/
transport-security

description:
Use gRPC transport security (e.g., SSL or TLS). Enabled by default. This leaf allows transport security to be disabled for use cases that are not supported, such as lab testing.

nodetype: leaf (ro)

type: boolean

default: true

/system/grpc-servers/grpc-server/state/
certificate-id

nodetype: leaf (ro)

type: string

/system/grpc-servers/grpc-server/state/
metadata-authentication

nodetype: leaf (ro)

type: boolean

/system/grpc-servers/grpc-server/state/
listen-addresses

description:
The IP addresses that the gRPC server should listen on. This may be an IPv4 or an IPv6 address (or both).

nodetype: leaf-list (ro)

type: union

type: oc-inet:ip-address

type: enumeration

ANY
The gRPC server should listen on any address bound to an interface of the system.

description:
The timestamp of the moment when the OpenConfig-path-based authorization policy that is currently used by this gNMI server was created.

nodetype: leaf (ro)

type: created-on

/system/grpc-servers/grpc-server/
acctz-counters

description:
A collection of counters from the gNSI.acctz module for acctz clients and sources.

nodetype: container (ro)

/system/grpc-servers/grpc-server/acctz-counters/
state

description:
Operational state relating to acctz-counters.

nodetype: container (ro)

/system/grpc-servers/grpc-server/acctz-counters/state/
counters-last-cleared

description:
The last time that the counters were cleared (reset to zero). This value is reported as nanoseconds since epoch (January 1st, 1970 00:00:00 GMT).

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/grpc-servers/grpc-server/acctz-counters/state/
client-counters

description:
A collection of counters that were collected by the gNSI.acctz module while servicing acctz clients.

nodetype: container (ro)

/system/grpc-servers/grpc-server/acctz-counters/state/client-counters/
history-istruncated

description:
The total number of times that a RecordRequest resulted in a RecordResponse being marked history-istruncated. ie: a request was made for a timestamp that did not exist in the history.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/grpc-servers/grpc-server/acctz-counters/state/client-counters/
idle-timeouts

description:
The total number of times that a client was disconnected due to missing keepalives (ie: RecordRequests).

nodetype: leaf (ro)

type: oc-yang:counter64

/system/grpc-servers/grpc-server/acctz-counters/state/client-counters/
record-requests

description:
The total number of RecordRequest RPCs that have been received.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/grpc-servers/grpc-server/acctz-counters/state/client-counters/
record-responses

description:
The total number of RecordResponse RPCs that have been sent.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/grpc-servers/grpc-server/acctz-counters/
source-counters

description:
A collection of counters for gNSI.acctz record production per service request type.

nodetype: container (ro)

/system/grpc-servers/grpc-server/acctz-counters/source-counters/
source-records

description:
The total number of times the gNSI.authz module denied access to a RPC.

nodetype: list (ro)

list keys: [service] [type]

/system/grpc-servers/grpc-server/acctz-counters/source-counters/source-records/
service

description:
service request type for the gNSI.acctz record.

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/service

/system/grpc-servers/grpc-server/acctz-counters/source-counters/source-records/
type

description:
service request application enum for the gNSI.acctz record.

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/type

/system/grpc-servers/grpc-server/acctz-counters/source-counters/source-records/
state

description:
Operational state for gNSI.acctz counters of record production per service request type.

nodetype: container (ro)

/system/grpc-servers/grpc-server/acctz-counters/source-counters/source-records/state/
service

description:
service request type for the gNSI.acctz record.

nodetype: leaf (ro)

type: service-request

/system/grpc-servers/grpc-server/acctz-counters/source-counters/source-records/state/
type

description:
service request application enum for the gNSI.acctz record.

nodetype: leaf (ro)

type: service-type

/system/grpc-servers/grpc-server/acctz-counters/source-counters/source-records/state/
records

description:
The total number of records produced for the service-request type.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/grpc-servers/grpc-server/
authz-policy-counters

description:
A collection of counters collected by the gNSI.authz module.

nodetype: container (ro)

/system/grpc-servers/grpc-server/authz-policy-counters/
rpcs

description:
A collection of counters collected by the gNSI.authz module for each RPC separately.

nodetype: container (ro)

/system/grpc-servers/grpc-server/authz-policy-counters/rpcs/
rpc

description:
A collection of counters collected by the gNSI.authz module for a RPC identified by the `name`.

nodetype: list (ro)

list keys: [name]

/system/grpc-servers/grpc-server/authz-policy-counters/rpcs/rpc/
name

description:
The name of the RPC the counters were collected for. The name MUST match the HTTP/2 Path header value in https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests For example, /gnmi.gNMI/Subscribe /gnoi.healthz.Healthz/Get

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/name

/system/grpc-servers/grpc-server/authz-policy-counters/rpcs/rpc/
state

description:
operational state for authz policy success/failure counters.

nodetype: container (ro)

description:
A collection of per-OpenConfig path counters.

nodetype: container (ro)

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/
paths

description:
Container for a collection of per-OpenConfig path counters.

nodetype: container (ro)

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/
path

description:
List for a collection of per-OpenConfig path counters.

nodetype: list (ro)

list keys: [name]

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/
name

description:
A OpenConfig schema path the counter were collected for. For documentation on the naming of paths, see https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-path-conventions.md

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/name

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/
state

description:
Operational state for per-OpenConfig path counters.

nodetype: container (ro)

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/
name

nodetype: leaf (ro)

type: string

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/
reads

description:
The counter were collected while performing a read operation on the schema path.

nodetype: container (ro)

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/reads/
access-rejects

description:
The total number of times the gNSI.pathz module denied access to an OpenConfig path.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/reads/
last-access-reject

description:
A timestamp of the last time the gNSI.pathz denied access to an OpenConfig path

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/reads/
access-accepts

description:
The total number of times the gNSI.pathz module allowed access to an OpenConfig path.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/reads/
last-access-accept

description:
A timestamp of the last time the gNSI.pathz allowed access to an OpenConfig path

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/
writes

description:
The counter were collected while performing a write operation on the schema path.

nodetype: container (ro)

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/writes/
access-rejects

description:
The total number of times the gNSI.pathz module denied access to an OpenConfig path.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/writes/
last-access-reject

description:
A timestamp of the last time the gNSI.pathz denied access to an OpenConfig path

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/writes/
access-accepts

description:
The total number of times the gNSI.pathz module allowed access to an OpenConfig path.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/grpc-servers/grpc-server/gnmi-pathz-policy-counters/paths/path/state/writes/
last-access-accept

description:
A timestamp of the last time the gNSI.pathz allowed access to an OpenConfig path

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/
utilization

description:
System wide resource utilization configuration.

nodetype: container (rw)

/system/utilization/
resources

description:
Enclosing container for the resources in the entire system. The system resource names should be aggregated from the following collections: * /components/component/chassis/utilization/resources/resource * /components/component/integrate-circuit/utilization/resources/resource * /components/component/linecard/utilization/resources/resource.

nodetype: container (rw)

/system/utilization/resources/
resource

description:
The list of all resources across all platform components keyed by resource name.

nodetype: list (rw)

list keys: [name]

/system/utilization/resources/resource/
name

description:
References the resource name.

nodetype: leaf (list key) (rw)

type: leafref

path reference: ../config/name

/system/utilization/resources/resource/
config

description:
Configuration data for resource utilization.

nodetype: container (rw)

/system/utilization/resources/resource/config/
name

description:
Resource name within the system.

nodetype: leaf (rw)

type: string

/system/utilization/resources/resource/config/
used-threshold-upper

description:
The used percentage value (used / (used + free) * 100) that when crossed will set utilization-threshold-exceeded to 'true'.

nodetype: leaf (rw)

type: oc-types:percentage

/system/utilization/resources/resource/config/
used-threshold-upper-clear

description:
The used percentage value (used / (used + free) * 100) that when crossed will set utilization-threshold-exceeded to 'false'.

nodetype: leaf (rw)

type: oc-types:percentage

/system/utilization/resources/resource/
state

description:
Operational state data for resource utilization.

nodetype: container (ro)

/system/utilization/resources/resource/state/
name

description:
Resource name within the system.

nodetype: leaf (ro)

type: string

/system/utilization/resources/resource/state/
used-threshold-upper

description:
The used percentage value (used / (used + free) * 100) that when crossed will set utilization-threshold-exceeded to 'true'.

nodetype: leaf (ro)

type: oc-types:percentage

/system/utilization/resources/resource/state/
used-threshold-upper-clear

description:
The used percentage value (used / (used + free) * 100) that when crossed will set utilization-threshold-exceeded to 'false'.

nodetype: leaf (ro)

type: oc-types:percentage

/system/utilization/resources/resource/state/
active-component-list

description:
List of references to each component which has this resource.

nodetype: leaf-list (ro)

type: leafref

path reference: /components/component/config/name

/system/
console

description:
Console-related configuration and state.

nodetype: container (rw)

/system/console/
config

description:
Console-related configuration.

nodetype: container (rw)

/system/console/
state

description:
Console-related state.

nodetype: container (ro)

/system/console/state/
counters

description:
A collection of counters collected while authorizing users accessing the target.

nodetype: container (ro)

/system/console/state/counters/
access-rejects

description:
The total number of times access to the target has been denied.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/console/state/counters/
last-access-reject

description:
A timestamp of the last time access to the target has been denied.

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/console/state/counters/
access-accepts

description:
The total number of times access to the target has been allowed.

nodetype: leaf (ro)

type: oc-yang:counter64

/system/console/state/counters/
last-access-accept

description:
A timestamp of the last time access to the target has been allowed.

nodetype: leaf (ro)

type: oc-types:timeticks64

/system/
gnmi-pathz-policies

description:
Collection of OpenConfig-path-based authorization policies that have been installed on the device using the gNSI OpenConfig- path-based authorization policy management service. Each policy listed here is identified by its status (either ACTIVE or SANDBOX) and has its version and creation date/time listed.

nodetype: container (ro)

/system/gnmi-pathz-policies/
policies

description:
Information about freshness of an OpenConfig-path-based authorization policy that have been installed on the device using the gNSI OpenConfig-path-based authorization policy management service.

nodetype: container (ro)

/system/gnmi-pathz-policies/policies/
policy

description:
Information about the OpenConfig-path-based authorization policy that is identified by the `instance`.

nodetype: list (ro)

list keys: [instance]

/system/gnmi-pathz-policies/policies/policy/
instance

description:
The ID of the OpenConfig-path-based authorization policy.

nodetype: leaf (list key) (ro)

type: leafref

path reference: ../state/instance

/system/gnmi-pathz-policies/policies/policy/
state

description:
Operational state data for an OpenConfig-path-based authorization policies.

nodetype: container (ro)

/system/gnmi-pathz-policies/policies/policy/state/
instance

description:
The instance identifier of the gNMI OpenConfig-path-based authorization policy.

nodetype: leaf (ro)

type: enumeration

ACTIVE
The policy that is currently used by the gNMI service to authorize access.
SANDBOX
The most recent policy that has been uploaded during the Rotation() RPC. If there is no Rotate() RPC in progress, then referring to this instance of the policy will result in an error.

/system/gnmi-pathz-policies/policies/policy/state/
version

description:
The version of the gNMI OpenConfig-path-based authorization policy.

nodetype: leaf (ro)

type: version

/system/gnmi-pathz-policies/policies/policy/state/
created-on

description:
The timestamp of the moment when the policy was created.

openconfig-extensions
openconfig-system
openconfig-inet-types
openconfig-network-instance

Identities

base: GRPC_SERVICE

description:
Base identity for a gRPC-based service.

GNMI

description:
gNMI: gRPC Network Management Interface

base identity: GRPC_SERVICE

Data elements

openconfig-system-logging

openconfig-version: 0.6.0

Description

This module defines configuration and operational state data for common logging facilities on network systems.

Imports

openconfig-extensions
openconfig-inet-types
openconfig-network-instance

Defined types

syslog-severity

description:
Syslog message severities

type: enumeration

EMERGENCY
Emergency: system is unusable (0)
ALERT
Alert: action must be taken immediately (1)
CRITICAL
Critical: critical conditions (2)
ERROR
Error: error conditions (3)
WARNING
Warning: warning conditions (4)
NOTICE
Notice: normal but significant condition(5)
INFORMATIONAL
Informational: informational messages (6)
DEBUG
Debug: debug-level messages (7)

Defined types

cmd-service

description:
enum CommandService.CmdServiceType

type: enumeration

grpc-service

description:
enum GrpcService.GrpcServiceType

type: enumeration

service-request

description:
enum RecordResponse.service_request

type: enumeration

service-type

description:
enum cmd or grpc service type

type: union

type: cmd-service

type: grpc-service

Data elements

openconfig-gnsi-authz

openconfig-version: 0.4.0

Description

This module provides a data model for the metadata of the gRPC authorization policies installed on a networking device.

Imports

openconfig-extensions
openconfig-system
openconfig-system-grpc
openconfig-types
openconfig-yang-types
openconfig-gnsi

Defined types

version

description:
The version ID of the gRPC authorization policy as provided by the gRPC Authorization Policy Manager when the policy was pushed. This leaf persists through a reboot.

type: string

created-on

description:
The creation time of the gRPC authorization policy as reported by the gRPC Authorization Policy manager when the policy was pushed to the device. This value is reported as nanoseconds since epoch (January 1st, 1970 00:00:00 GMT). This leaf persists through a reboot.

type: oc-types:timeticks64

Data elements

openconfig-gnsi-certz

openconfig-version: 0.6.0

Description

This module provides a data model for the metadata of gRPC credentials installed on a networking device.

Imports

openconfig-extensions
openconfig-system
openconfig-system-grpc
openconfig-types
openconfig-yang-types
openconfig-gnsi

Defined types

version

description:
The version ID of the credential as provided by the credential manager when the credential was pushed. This leaf persists through a reboot.

type: string

created-on

description:
The creation time of the credential as reported by the credential manager when the credential was pushed to the device. This value is reported as nanoseconds since epoch (January 1st, 1970 00:00:00 GMT). This leaf persists through a reboot.

type: oc-types:timeticks64

Data elements

openconfig-gnsi-credentialz

openconfig-version: 0.6.0

Description

This module provides a data model for the metadata of SSH and console credentials installed on a networking device.

The following leaves MUST be treated as invalid when the gNSI server is enabled and credentialz is supported by the implementation: /system/aaa/authentication/users/user/config/ssh-key /system/aaa/authentication/users/user/state/ssh-key /system/aaa/authentication/users/user/config/password /system/aaa/authentication/users/user/state/password /system/aaa/authentication/users/user/config/password-hashed /system/aaa/authentication/users/user/state/password-hashed

Imports

openconfig-extensions
openconfig-system
openconfig-types
openconfig-yang-types
openconfig-system-grpc
openconfig-gnsi

Defined types

version

description:
The version ID of the credential as provided by the credential manager when the credential was pushed. This leaf persists through a reboot.

type: string

created-on

type: oc-types:timeticks64

Data elements

openconfig-gnsi-pathz

openconfig-version: 0.3.0

Description

This module provides a data model for the metadata of OpenConfig-path-based authorization policies installed on a networking device.

Imports

openconfig-extensions
openconfig-system
openconfig-system-grpc
openconfig-types
openconfig-yang-types
openconfig-gnsi

Defined types

version

description:
The version ID of the OpenConfig-path-based authorization policy as provided by the OpenConfig-path-based Authorization Policy Manager when the policy was pushed. This leaf persists through a reboot.

type: string

created-on

description:
The creation time of the OpenConfig-path-based authorization policy as reported by the OpenConfig-path-based Authorization Policy manager when the policy was pushed to the device. This value is reported as nanoseconds since epoch (January 1st, 1970 00:00:00 GMT). This leaf persists through a reboot.

type: oc-types:timeticks64