module ietf-pcp { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-pcp"; prefix pcp; import ietf-inet-types { prefix inet; } import ietf-yang-types { prefix yang; } organization "xxx Working Group"; contact "Mohamed Boucadair Christian Jacquenet "; description "This module embeds the core PCP characteristics, including the description of PCP operations, options and mapping entries. Copyright (c) 2017 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision 2017-10-17 { description "Align with NMDA"; reference "-05"; } revision 2015-08-05 { description "Changes tbc."; reference "-00"; } /* * Identities */ identity c_function { description "Base identity for controlled function."; reference "RFC 3022."; } identity nat44 { base pcp:c_function; description "Base identity for NAT44 type."; reference "RFC 3022."; } identity nat64 { base pcp:c_function; description "Base identity for NAT64 type."; reference "RFC 6146."; } identity dslite { base pcp:c_function; description "Base identity for DS-Lite type."; reference "RFC 6333."; } identity nptv6 { base pcp:c_function; description "Base identity for NPTv6 type."; reference "RFC 6296."; } identity ipv4-firewall { base pcp:c_function; description "Base identity for IPv4 firewall type."; } identity ipv6-firewall { base pcp:c_function; description "Base identity for IPv6 firewall type."; } identity port-range-router { base pcp:c_function; description "Base identity for Port Range Router type."; reference "RFC 6346."; } /* * Grouping */ //Description option grouping description-option { description "used to configure DESCRIPTION option."; leaf description-enabled { type boolean; description "Enable/disable DESCRIPTION option."; reference "RFC 7220"; } leaf max-description { type uint32; description "Indicates the maximum length of the description associated with a mapping."; reference "RFC 7220"; } } //Filter option grouping filter-option { description "FILTER option"; leaf filter-enabled { type boolean; description "Enable/disable FILTER option."; reference "RFC 6887"; } leaf max-filters { type uint32; description "Indicates the maximum number of filters associated with a mapping."; reference "RFC 6887"; } } // Port set option grouping port-set-option { description "PORT_SET option."; leaf port-set-enable { type boolean; description "Enable/disable PORT_SET option."; reference "RFC 7753"; } leaf default-port-set-size { type uint16; description "Indicates the default size of a port set."; reference "RFC 7753"; } leaf maximum-port-set-size { type uint16; description "Indicates the maximum size of a port set."; reference "RFC 7753"; } } //Opcodes grouping opcode { description "Indicates the set of supported/enabled PCP opcodes."; leaf map { type boolean; description "MAP opcode"; reference "RFC 6887"; } leaf peer { type boolean; description "PEER opcode"; reference "RFC 6887"; } leaf announce { type boolean; description "ANNOUNCE opcode."; reference "RFC 6887"; } } //Options grouping option { description "a set of PCP options."; leaf third-party { type boolean; description "THIRD_PARTY option is used when a PCP client wants to control a mapping to an internal host other than itself."; reference "RFC 6887"; } leaf prefer-failure { type boolean; description "This option indicates that if the PCP server is unable to map both the suggested external port and suggested external address, the PCP server should not create a mapping. This differs from the behavior without this option, which is to create a mapping. PREFER_FAILURE is never necessary for a PCP client to manage mappings for itself, and its use causes additional work in the PCP client and in the PCP server. See Section 13.2 of [RFC6887]."; reference "Section 13.2 ofRFC 6887"; } container filter { description "This option indicates that filtering incoming packets is desired."; uses filter-option; } leaf port-set { type boolean; description "Indicates whether PORT_SET is supported/enabled."; } container description { description "Associates a description with a mapping."; uses description-option; reference "RFC 7220"; } leaf prefix64 { type boolean; description "PREFIX64 PCP option."; reference "RFC 7225"; } } // port numbers: single or port range grouping port-number { description "Individual port or a range of ports. When only start-port-numbert is present, it represents a single port."; leaf start-port-number { type inet:port-number; description "Begining of the port range."; reference "Section 3.2.9 of RFC 8045."; } leaf end-port-number { type inet:port-number; must ". >= ../start-port-number" { error-message "The end-port-number must be greater than or equal to start-port-number."; } description "End of the port range."; reference "Section 3.2.10 of RFC 8045."; } } // Filter grouping filter { description "The remote peer IP address and remote peer port of the FILTER option indicate the permitted remote peer's source IP address and source port for packets from the Internet; other traffic from other addresses is blocked."; leaf filter-id { type uint32; description "An identifier of the filter."; } leaf remote-ip-prefix { type inet:ipv6-prefix; description "The IP address of the remote peer."; } leaf remote-port-number { type inet:port-number; description "The port number of the remote peer. Value 0 indicates 'all ports'."; } } // PCP mapping entry grouping mapping-entry { description "A PCP mapping entry."; leaf index { type uint32; description "A unique identifier of a mapping entry."; } leaf status { type enumeration { enum "disabled" { description "The mapping entry is not in use (Disabled)."; } enum "requested" { description "A PCP request has been sent for this mapping. Still waiting for a response from the server."; } enum "assigned" { description "This mapping has been granted by the server."; } enum "stale" { description "This is a stale mapping (case of reboot)."; } } description "Indicates the status of a mapping entry."; } leaf mapping-nonce { type string; description "A random value chosen by the PCP client"; } leaf internal-ip-address { type inet:ipv6-prefix; description "Corresponds to the PCP Client's IP Address defined in [RFC6887]."; } container internal-port { description "Internal port for the mapping. Value 0 indicates 'all ports', and is legal when the lifetime is zero (a delete request), if the protocol does not use 16-bit port numbers, or the client is requesting 'all ports'. If the protocol is zero (meaning 'all protocols'), then internal port is set to zero."; uses port-number; } leaf external-ip-address { type inet:ipv6-prefix; description "External IP address. Can be 'Suggested' or 'Assigned'. It can be set by a client to stale-ip-address, if available or to (::) (for requesting external IPv6 addresses) or (::ffff:0:0) (for requesting external IPv4 addresses)."; } container external-port { description "External port number. Can be 'Suggested' or 'Assigned'."; uses port-number; } leaf protocol { type uint8; description "Upper-layer protocol associated with this Opcode. Values are taken from the IANA protocol registry. For example, this field contains 6 (TCP) if the Opcode is intended to create a TCP mapping. This field contains 17 (UDP) if the Opcode is intended to create a UDP mapping. The value 0 has a special meaning for 'all protocols'."; } leaf lifetime { type uint32; description "Lifetime of the mapping. Can be requested/assigned/remaining"; } leaf third-party-address { type inet:ipv6-prefix; description "used to indicate the internal IP address when THIRD_PARTY is in use."; } list filter { key filter-id; description "a list of filters associated with the mapping."; uses filter; } leaf description { type string; description "a description string associated with the mapping."; } leaf prefer-failure-tagged { type boolean; description "a tag which indicates whether PREFER_FAILURE is (to be) used."; } } // PCP result code grouping status-code { description "stores the result status code"; leaf status-code { type enumeration { enum "SUCCESS" { description "Success"; } enum "unsupported-version" { description "The version number at the start of the PCP Request header is not recognized by this PCP server. This is a long lifetime error."; } enum "not-authorized" { description "The requested operation is disabled for this PCP client, or the PCP client requested an operation that cannot be fulfilled by the PCP server's security policy. This is a long lifetime error."; } enum "malformed-request" { description "The request could not be successfully parsed. This is a long lifetime error."; } enum "unsupported-opcode" { description "Unsupported Opcode. This is a long lifetime error."; } enum "unsupported-option" { description "Unsupported option. This error only occurs if the option is in the mandatory-to-process range. This is a long lifetime error."; } enum "malformed-option" { description "Malformed option (e.g., appears too many times, invalid length). This is a long lifetime error."; } enum "network-failure" { description "The PCP server or the device it controls is experiencing a network failure of some sort (e.g., has not yet obtained an external IP address). This is a short lifetime error."; } enum "no-resources" { description "Request is well-formed and valid, but the server has insufficient resources to complete the requested operation at this time. For example, the NAT device cannot create more mappings at this time, is short of CPU cycles or memory, or is unable to handle the request due to some other temporary condition. The same request may succeed in the future. This is a system-wide error, different from USER_EX_QUOTA. This can be used as a catch-all error, should no other error message be suitable. This is a short lifetime error."; } enum "unsupported-protocol" { description "Unsupported transport protocol, e.g., SCTP in a NAT that handles only UDP and TCP. This is a long lifetime error."; } enum "ex-quota" { description "This attempt to create a new mapping would exceed this subscriber's port quota. This is a short lifetime error."; } enum "cannot-provide-external" { description "The suggested external port and/or external address cannot be provided. This error must only be returned for: * MAP requests that included the PREFER_FAILURE option * MAP requests for the SCTP protocol (PREFER_FAILURE is implied) * PEER requests."; } enum "address-mismatch" { description "The source IP address of the request packet does not match the contents of the PCP Client's IP Address field, due to an unexpected NAT on the path between the PCP client and the PCP-controlled NAT or firewall. This is a long lifetime error."; } enum "extensive-remote-peer" { description "The PCP server was not able to create the filters in this request. This result code must only be returned if the MAP request contained the FILTER option. This is a long lifetime error."; } } description "result status code."; } } // PCP servers list grouping pcp-server-address { description "A list of PCP servers. Each PCP server can be identified by one or multiple IP addresses."; leaf pcp-server-id { type uint32; description "A unique identifier."; } list pcp-server-ip-address { key address-id; description "a list of IP addresses of a PCP server"; leaf address-id { type uint32; description "An identifier"; } leaf ip-address { type inet:ipv6-address; description "An IP address of a PCP server."; } } leaf external-address-familly { type inet:ip-version; description "The address family of the external address(es) managed by the PCP server. Can be IPv4, IPv6 or both."; } leaf stale-external-ip-address { type inet:ipv6-prefix; description "A stale address that can be used by the PCP client to be assigned the same address upon reboot or other failure events."; } } // status of the communication with configured PCP servers grouping pcp-server-address-status { description "Groups the status of the communication between a PCP client a server."; uses pcp-server-address; leaf source { type enumeration { enum "manual-configuration"{ description "The server has been manually configured."; } enum "dhcpv6"{ description "Retrieved from DHCPv6 [RFC7291]."; } enum "dhcpv4"{ description "Retrieved from DHCPv4 [RFC7291]."; } enum "else"{ description "Else (e.g., TR-96.)"; } } description "source of the PCP server reachability information."; } leaf in-use { type boolean; description "Indicates whether this in-use instance of the server is the result of the selection process defined in [RFC7488]."; } leaf server-epoch { type uint32; description "The PCP server's Epoch."; } leaf client-epoch { type uint32; description "The PCP client's Epoch."; } leaf current-version { type uint8; description "The version that is selected as per the version negotiation procedure specified in Section 9 of [RFC6877]."; } } // type of the PCP-controlled function. grouping pcp-controlled-function { description "A set of PCP-controlled functions. One or multiple functions can be controlled by the same PCP server. "; leaf-list pcp-controlled-function { type identityref { base c_function; } description "Type of NAT."; } } // traffic statistics grouping traffic-stat { description "Groups a set of statistics."; container traffic-statistics { description "Generic traffic statistics."; leaf sent-packet { type yang:zero-based-counter64; description "Packets sent"; } leaf sent-byte { type yang:zero-based-counter64; description "Counter for sent traffic in bytes."; } leaf rcvd-packet { type yang:zero-based-counter64; description "Counter for received packets."; } leaf rcvd-byte { type yang:zero-based-counter64; description "Counter for received traffic in bytes."; } leaf dropped-packet { type yang:zero-based-counter64; description "Counter for dropped packets."; } leaf dropped-byte { type yang:zero-based-counter64; description "Counter for dropped traffic in bytes."; } } container opcode-statistics { description "Opcode-related statistics."; leaf sent-map { type yang:zero-based-counter64; description "Counter for sent MAP messages"; } leaf rcvd-map { type yang:zero-based-counter64; description "Counter for received MAP messages"; } leaf sent-peer { type yang:zero-based-counter64; description "Counter for sent PEER messages"; } leaf rcvd-peer { type yang:zero-based-counter64; description "Counter for received PEER messages"; } leaf sent-annonce { type yang:zero-based-counter64; description "Counter for sent ANNOUNCE messages"; } leaf rcvd-announce { type yang:zero-based-counter64; description "Counter for received ANNOUNCED messages"; } leaf rcvd-unknown { type yang:zero-based-counter64; description "Counter for received unknown opcodes"; } leaf rcvd-malformed { type yang:zero-based-counter64; description "Counter for received malformed opcodes"; } } } // mapping table statistics grouping mapping-table-stats { description "PCP mapping table related statistics."; leaf current-mt-size { type yang:zero-based-counter64; description "Size of the mapping table"; } leaf max-mt-size { type uint32; description "Maximum configured size of the mapping table."; } } // PCP versions grouping pcp-version { description "PCP version(s)"; leaf version { type uint8; description "Indicates a PCP server. Current versions are: 0, 1, and 2."; } } }