module ietf-routing-policy {
yang-version "1.1";
namespace "urn:ietf:params:xml:ns:yang:ietf-routing-policy";
prefix rt-pol;
import ietf-inet-types {
prefix "inet";
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-yang-types {
prefix "yang";
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-interfaces {
prefix "if";
reference
"RFC 8343: A YANG Data Model for Interface
Management (NMDA Version)";
}
import ietf-routing {
prefix "rt";
reference
"RFC 8349: A YANG Data Model for Routing
Management (NMDA Version)";
}
organization
"IETF RTGWG - Routing Area Working Group";
contact
"WG Web:
WG List:
Editor: Yingzhen Qu
Jeff Tantsura
Acee Lindem
Xufeng Liu
";
description
"This module describes a YANG model for routing policy
configuration. It is a limited subset of all of the policy
configuration parameters available in the variety of vendor
implementations, but supports widely used constructs for
managing how routes are imported, exported, modified and
advertised across different routing protocol instances or
within a single routing protocol instance. This module is
intended to be used in conjunction with routing protocol
configuration modules (e.g., BGP) defined in other models.
This YANG module conforms to the Network Management
Datastore Architecture (NMDA), as described in RFC 8342.
Copyright (c) 2021 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX;
see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT
RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be
interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when,
and only when, they appear in all capitals, as shown here.";
reference "RFC XXXX: A YANG Data Model for Routing Policy.";
revision "2021-07-28" {
description
"Initial revision.";
reference
"RFC XXXX: A YANG Data Model for Routing Policy Management.";
}
/* Identities */
identity metric-type {
description
"Base identity for route metric types.";
}
identity ospf-type-1-metric {
base metric-type;
description
"Identity for the OSPF type 1 external metric types. It
is only applicable to OSPF routes.";
reference
"RFC 2328: OSPF Version 2";
}
identity ospf-type-2-metric {
base metric-type;
description
"Identity for the OSPF type 2 external metric types. It
is only applicable to OSPF routes.";
reference
"RFC 2328: OSPF Version 2";
}
identity isis-internal-metric {
base metric-type;
description
"Identity for the IS-IS internal metric types. It is only
applicable to IS-IS routes.";
reference
"RFC 5302: Domain-Wide Prefix Distribution with
Two-Level IS-IS";
}
identity isis-external-metric {
base metric-type;
description
"Identity for the IS-IS external metric types. It is only
applicable to IS-IS routes.";
reference
"RFC 5302: Domain-Wide Prefix Distribution with
Two-Level IS-IS";
}
identity route-level {
description
"Base identity for route import level.";
}
identity ospf-normal {
base route-level;
description
"Identity for OSPF importation into normal areas
It is only applicable to routes imported
into the OSPF protocol.";
reference
"RFC 2328: OSPF Version 2";
}
identity ospf-nssa-only {
base route-level;
description
"Identity for the OSPF Not-So-Stubby Area (NSSA) area
importation. It is only applicable to routes imported
into the OSPF protocol.";
reference
"RFC 3101: The OSPF Not-So-Stubby Area (NSSA) Option";
}
identity ospf-normal-nssa {
base route-level;
description
"Identity for OSPF importation into both normal and NSSA
areas, it is only applicable to routes imported into
the OSPF protocol.";
reference
"RFC 3101: The OSPF Not-So-Stubby Area (NSSA) Option";
}
identity isis-level-1 {
base route-level;
description
"Identity for IS-IS Level 1 area importation. It is only
applicable to routes imported into the IS-IS protocol.";
reference
"RFC 5302: Domain-Wide Prefix Distribution with
Two-Level IS-IS";
}
identity isis-level-2 {
base route-level;
description
"Identity for IS-IS Level 2 area importation. It is only
applicable to routes imported into the IS-IS protocol.";
reference
"RFC 5302: Domain-Wide Prefix Distribution with
Two-Level IS-IS";
}
identity isis-level-1-2 {
base route-level;
description
"Identity for IS-IS Level 1 and Level 2 area importation. It
is only applicable to routes imported into the IS-IS
protocol.";
reference
"RFC 5302: Domain-Wide Prefix Distribution with
Two-Level IS-IS";
}
identity proto-route-type {
description
"Base identity for route type within a protocol.";
}
identity isis-level-1-type {
base proto-route-type;
description
"Identity for IS-IS Level 1 route type. It is only
applicable to IS-IS routes.";
reference
"RFC 5302: Domain-Wide Prefix Distribution with
Two-Level IS-IS";
}
identity isis-level-2-type {
base proto-route-type;
description
"Identity for IS-IS Level 2 route type. It is only
applicable to IS-IS routes.";
reference
"RFC 5302: Domain-Wide Prefix Distribution with
Two-Level IS-IS";
}
identity ospf-internal-type {
base proto-route-type;
description
"Identity for OSPF intra-area or inter-area route type.
It is only applicable to OSPF routes.";
reference
"RFC 2328: OSPF Version 2";
}
identity ospf-external-type {
base proto-route-type;
description
"Identity for OSPF external type 1/2 route type.
It is only applicable to OSPF routes.";
reference
"RFC 2328: OSPF Version 2";
}
identity ospf-external-t1-type {
base ospf-external-type;
description
"Identity for OSPF external type 1 route type.
It is only applicable to OSPF routes.";
reference
"RFC 2328: OSPF Version 2";
}
identity ospf-external-t2-type {
base ospf-external-type;
description
"Identity for OSPF external type 2 route type.
It is only applicable to OSPF routes.";
reference
"RFC 2328: OSPF Version 2";
}
identity ospf-nssa-type {
base proto-route-type;
description
"Identity for OSPF NSSA type 1/2 route type.
It is only applicable to OSPF routes.";
reference
"RFC 3101: The OSPF Not-So-Stubby Area (NSSA) Option";
}
identity ospf-nssa-t1-type {
base ospf-nssa-type;
description
"Identity for OSPF NSSA type 1 route type.
It is only applicable to OSPF routes.";
reference
"RFC 3101: The OSPF Not-So-Stubby Area (NSSA) Option";
}
identity ospf-nssa-t2-type {
base ospf-nssa-type;
description
"Identity for OSPF NSSA type 2 route type.
It is only applicable to OSPF routes.";
reference
"RFC 3101: The OSPF Not-So-Stubby Area (NSSA) Option";
}
identity bgp-internal {
base proto-route-type;
description
"Identity for routes learned from internal BGP (IBGP).
It is only applicable to BGP routes.";
reference
"RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
}
identity bgp-external {
base proto-route-type;
description
"Identity for routes learned from external BGP (EBGP).
It is only applicable to BGP routes.";
reference
"RFC 4271: A Border Gateway Protocol 4 (BGP-4)";
}
/* Type Definitions */
typedef default-policy-type {
type enumeration {
enum accept-route {
description
"Default policy to accept the route.";
}
enum reject-route {
description
"Default policy to reject the route.";
}
}
description
"Type used to specify route disposition in
a policy chain. This typedef is used in
the default import and export policy.";
}
typedef policy-result-type {
type enumeration {
enum accept-route {
description
"Policy accepts the route.";
}
enum reject-route {
description
"Policy rejects the route.";
}
}
description
"Type used to specify route disposition in
a policy chain.";
}
typedef tag-type {
type union {
type uint32;
type yang:hex-string;
}
description
"Type for expressing route tags on a local system,
including IS-IS and OSPF; may be expressed as either decimal
or hexadecimal integer.";
reference
"RFC 2328: OSPF Version 2
RFC 5130: A Policy Control Mechanism in IS-IS Using
Administrative Tags";
}
typedef match-set-options-type {
type enumeration {
enum any {
description
"Match is true if given value matches any member
of the defined set.";
}
enum all {
description
"Match is true if given value matches all
members of the defined set.";
}
enum invert {
description
"Match is true if given value does not match any
member of the defined set.";
}
}
default any;
description
"Options that govern the behavior of a match statement. The
default behavior is any, i.e., the given value matches any
of the members of the defined set.";
}
typedef metric-modification-type {
type enumeration {
enum set-metric {
description
"Set the metric to the specified value.";
}
enum add-metric {
description
"Add the specified value to the existing metric.
If the result would overflow the maximum metric
(0xffffffff), set the metric to the maximum.";
}
enum subtract-metric {
description
"Subtract the specified value from the existing metric. If
the result would be less than 0, set the metric to 0.";
}
}
description
"Type used to specify how to set the metric given the
specified value.";
}
/* Groupings */
grouping prefix {
description
"Configuration data for a prefix definition.
The combination of mask-length-lower and mask-length-upper
define a range for the mask length, or single 'exact'
length if mask-length-lower and mask-length-upper are
equal.
Example: 192.0.2.0/24 through 192.0.2.0/26 would be
expressed as prefix: 192.0.2.0/24,
mask-length-lower=24,
mask-length-upper=26
Example: 192.0.2.0/24 (an exact match) would be
expressed as prefix: 192.0.2.0/24,
mask-length-lower=24,
mask-length-upper=24
Example: 2001:DB8::/32 through 2001:DB8::/64 would be
expressed as prefix: 2001:DB8::/32,
mask-length-lower=32,
mask-length-upper=64";
leaf ip-prefix {
type inet:ip-prefix;
mandatory true;
description
"The IP prefix represented as an IPv6 or IPv4 network
number followed by a prefix length with an intervening
slash character as a delimiter. All members of the
prefix-set MUST be of the same address family as the
prefix-set mode.";
}
leaf mask-length-lower {
type uint8 {
range "0..128";
}
description
"Mask length range lower bound. It MUST NOT be less than
the prefix length defined in ip-prefix.";
}
leaf mask-length-upper {
type uint8 {
range "1..128";
}
must "../mask-length-upper >= ../mask-length-lower" {
error-message "The upper bound MUST NOT be less"
+ "than lower bound.";
}
description
"Mask length range upper bound. It MUST NOT be less than
lower bound.";
}
}
grouping match-set-options-group {
description
"Grouping containing options relating to how a particular set
will be matched.";
leaf match-set-options {
type match-set-options-type;
description
"Optional parameter that governs the behavior of the
match operation.";
}
}
grouping match-set-options-restricted-group {
description
"Grouping for a restricted set of match operation
modifiers.";
leaf match-set-options {
type match-set-options-type {
enum any {
description
"Match is true if given value matches any
member of the defined set.";
}
enum invert {
description
"Match is true if given value does not match
any member of the defined set.";
}
}
description
"Optional parameter that governs the behavior of the
match operation. This leaf only supports matching on
'any' member of the set or 'invert' the match.
Matching on 'all' is not supported.";
}
}
grouping apply-policy-group {
description
"Top level container for routing policy applications. This
grouping is intended to be used in routing models where
needed.";
container apply-policy {
description
"Anchor point for routing policies in the model.
Import and export policies are with respect to the local
routing table, i.e., export (send) and import (receive),
depending on the context.";
leaf-list import-policy {
type leafref {
path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
ordered-by user;
description
"List of policy names in sequence to be applied on
receiving redistributed routes from another routing protocol
or receiving a routing update in the current context, e.g.,
for the current peer group, neighbor, address family, etc.";
}
leaf default-import-policy {
type default-policy-type;
default reject-route;
description
"Explicitly set a default policy if no policy definition
in the import policy chain is satisfied.";
}
leaf-list export-policy {
type leafref {
path "/rt-pol:routing-policy/rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
ordered-by user;
description
"List of policy names in sequence to be applied on
redistributing routes from one routing protocol to another
or sending a routing update in the current context, e.g.,
for the current peer group, neighbor, address family, etc.";
}
leaf default-export-policy {
type default-policy-type;
default reject-route;
description
"Explicitly set a default policy if no policy definition
in the export policy chain is satisfied.";
}
}
}
container routing-policy {
description
"Top-level container for all routing policy.";
container defined-sets {
description
"Predefined sets of attributes used in policy match
statements.";
container prefix-sets {
description
"Data definitions for a list of IPv4 or IPv6
prefixes which are matched as part of a policy.";
list prefix-set {
key "name mode";
description
"List of the defined prefix sets";
leaf name {
type string;
description
"Name of the prefix set -- this is used as a label to
reference the set in match conditions.";
}
leaf mode {
type enumeration {
enum ipv4 {
description
"Prefix set contains IPv4 prefixes only.";
}
enum ipv6 {
description
"Prefix set contains IPv6 prefixes only.";
}
}
description
"Indicates the mode of the prefix set, in terms of
which address families (IPv4 or IPv6) are present.
The mode provides a hint, all prefixes MUST be of
the indicated type. The device MUST validate that
all prefixes and reject the configuration if there
is a discrepancy.";
}
container prefixes {
description
"Container for the list of prefixes in a policy
prefix list. Since individual prefixes do not have
unique actions, the order in which the prefix in
prefix-list are matched has no impact on the outcome
and is left to the implementation. A given prefix-set
condition is satisfied if the input prefix matches
any of the prefixes in the prefix-set.";
list prefix-list {
key "ip-prefix mask-length-lower mask-length-upper";
description
"List of prefixes in the prefix set.";
uses prefix;
}
}
}
}
container neighbor-sets {
description
"Data definition for a list of IPv4 or IPv6
neighbors which can be matched in a routing policy.";
list neighbor-set {
key "name";
description
"List of defined neighbor sets for use in policies.";
leaf name {
type string;
description
"Name of the neighbor set -- this is used as a label
to reference the set in match conditions.";
}
leaf-list address {
type inet:ip-address;
description
"List of IP addresses in the neighbor set.";
}
}
}
container tag-sets {
description
"Data definitions for a list of tags which can
be matched in policies.";
list tag-set {
key "name";
description
"List of tag set definitions.";
leaf name {
type string;
description
"Name of the tag set -- this is used as a label to
reference the set in match conditions.";
}
leaf-list tag-value {
type tag-type;
description
"Value of the tag set member.";
}
}
}
}
container policy-definitions {
description
"Enclosing container for the list of top-level policy
definitions.";
leaf match-modified-attributes {
type boolean;
config false;
description
"This boolean value dictates whether matches are performed
on the actual route attributes or route attributes
modified by policy statements preceding the match.";
}
list policy-definition {
key "name";
description
"List of top-level policy definitions, keyed by unique
name. These policy definitions are expected to be
referenced (by name) in policy chains specified in
import or export configuration statements.";
leaf name {
type string;
description
"Name of the top-level policy definition -- this name
is used in references to the current policy.";
}
container statements {
description
"Enclosing container for policy statements.";
list statement {
key "name";
ordered-by user;
description
"Policy statements group conditions and actions
within a policy definition. They are evaluated in
the order specified.";
leaf name {
type string;
description
"Name of the policy statement.";
}
container conditions {
description
"Condition statements for the current policy
statement.";
leaf call-policy {
type leafref {
path "../../../../../../" +
"rt-pol:policy-definitions/" +
"rt-pol:policy-definition/rt-pol:name";
require-instance true;
}
description
"Applies the statements from the specified policy
definition and then returns control to the current
policy statement. Note that the called policy
may itself call other policies (subject to
implementation limitations). This is intended to
provide a policy 'subroutine' capability. The
called policy SHOULD contain an explicit or a
default route disposition that returns an
effective true (accept-route) or false
(reject-route), otherwise the behavior may be
ambiguous.";
}
leaf source-protocol {
type identityref {
base rt:control-plane-protocol;
}
description
"Condition to check the protocol / method used to
install the route into the local routing table.";
}
container match-interface {
leaf interface {
type leafref {
path "/if:interfaces/if:interface/if:name";
}
description
"Reference to a base interface.";
}
description
"Container for interface match conditions";
}
container match-prefix-set {
leaf prefix-set {
type leafref {
path "../../../../../../../defined-sets/" +
"prefix-sets/prefix-set/name";
}
description
"References a defined prefix set.";
}
uses match-set-options-restricted-group;
description
"Match a referenced prefix-set according to the
logic defined in the match-set-options leaf.";
}
container match-neighbor-set {
leaf neighbor-set {
type leafref {
path "../../../../../../../defined-sets/" +
"neighbor-sets/neighbor-set/name";
require-instance true;
}
description
"References a defined neighbor set.";
}
description
"Match a referenced neighbor set.";
}
container match-tag-set {
leaf tag-set {
type leafref {
path "../../../../../../../defined-sets/" +
"tag-sets/tag-set/name";
require-instance true;
}
description
"References a defined tag set.";
}
uses match-set-options-group;
description
"Match a referenced tag set according to the logic
defined in the match-set-options leaf.";
}
container match-route-type {
description
"This container provides route-type match condition";
leaf-list route-type {
type identityref {
base proto-route-type;
}
description
"Condition to check the protocol-specific type
of route. This is normally used during route
importation to select routes or to set protocol
specific attributes based on the route type.";
}
}
}
container actions {
description
"Top-level container for policy action
statements.";
leaf policy-result {
type policy-result-type;
default reject-route;
description
"Select the final disposition for the route,
either accept or reject.";
}
container set-metric {
leaf metric-modification {
type metric-modification-type;
description
"Indicates how to modify the metric.";
}
leaf metric {
type uint32;
description
"Metric value to set, add, or subtract.";
}
description
"Set the metric for the route.";
}
container set-metric-type {
leaf metric-type {
type identityref {
base metric-type;
}
description
"Route metric type.";
}
description
"Set the metric type for the route.";
}
container set-route-level {
leaf route-level {
type identityref {
base route-level;
}
description
"Route import level.";
}
description
"Set the level for importation or
exportation of routes.";
}
leaf set-route-preference {
type uint16;
description
"Set the preference for the route. It is also
known as 'administrative distance', allows for
selecting the preferred route among routes with
the same destination prefix. A smaller value is
more preferred.";
}
leaf set-tag {
type tag-type;
description
"Set the tag for the route.";
}
leaf set-application-tag {
type tag-type;
description
"Set the application tag for the route.
The application-specific tag is an additional tag
that can be used by applications that require
semantics and/or policy different from that of the
tag. For example, the tag is usually automatically
advertised in OSPF AS-External Link State
Advertisements (LSAs) while this application-specific
tag is not advertised implicitly.";
}
}
}
}
}
}
}
}