Add NAT model #1335
Add NAT model #1335
Conversation
|
/gcbrun |
|
No major YANG version changes in commit 78ed184 |
| "Number of ports allocated per mapping"; | ||
| } | ||
|
|
||
| choice traffic-matcher { |
There was a problem hiding this comment.
OC style strongly prefers to avoid choice statements, but you could use when for enforcing some validations in the model. (So far we have not used choice in any OC model)
There was a problem hiding this comment.
Thanks @dplore, that was an oversight on our end. We replaced choice with when statements.
|
/gcbrun |
1 similar comment
|
/gcbrun |
|
Discussed in the OC Operators Meeting on July 15th. If we don't have a reason to use multiple implementations, we should try to choose a single means of configuration to help with vendor-neutral implementations. If we do actually have operational use cases for needing both ways of implementation, then this is fine. Sounds like ACL-based is supported by two vendors already; so, we may choose to only add the model for that subtree. |
Hi @dplore , would you trigger the cloud checks again? I believe we fixed the failing test. Thanks |
|
/gcbrun |
Change Scope
We use NAT instances to stay in line with RFC 8512.
NAT rules can match a
routing-policyoracl-setto accommodate different vendor implementations.module: openconfig-nat +--rw nat +--rw config | +--rw enabled? boolean | +--rw translation-timeout? uint32 | +--rw max-translations? uint32 | +--rw log-level? enumeration +--ro state | +--ro enabled? boolean | +--ro total-instances? uint32 | +--ro active-instances? uint32 | +--ro total-active-translations? yang:counter64 | +--ro total-translation-failures? yang:counter64 | +--ro memory-usage? uint32 | +--ro uptime? yang:timeticks +--rw instances +--rw instance* [name] +--rw name -> ../config/name +--rw config | +--rw name? string | +--rw type? identityref | +--rw enabled? boolean | +--rw description? string +--ro state | +--ro name? string | +--ro type? identityref | +--ro enabled? boolean | +--ro description? string | +--ro active-mappings? yang:counter64 | +--ro total-mappings? yang:counter64 | +--ro mapping-failures? yang:counter64 +--rw interfaces | +--rw interface* [interface] | +--rw interface -> ../config/interface | +--rw config | | +--rw interface? oc-if:base-interface-ref | | +--rw direction? nat-direction | +--ro state | +--ro interface? oc-if:base-interface-ref | +--ro direction? nat-direction | +--ro packets-translated? yang:counter64 | +--ro bytes-translated? yang:counter64 | +--ro translation-errors? yang:counter64 +--rw pools | +--rw pool* [name] | +--rw name -> ../config/name | +--rw config | | +--rw name? string | | +--rw start-address? inet:ipv4-address | | +--rw end-address? inet:ipv4-address | | +--rw port-range-start? inet:port-number | | +--rw port-range-end? inet:port-number | | +--rw port-block-size? uint16 | | +--rw (traffic-matcher)? | | | +--:(routing-policy) | | | | +--rw policy-definition? -> /oc-rpol:routing-policy/policy-definitions/policy-definition/name | | | +--:(access-list) | | | +--rw acl-set? -> /oc-acl:acl/acl-sets/acl-set/config/name | | +--rw persistent? boolean | | +--rw max-sessions? uint32 | | +--rw address-only? boolean | | +--rw timeout? uint32 | | +--rw tcp-timeout? uint32 | | +--rw udp-timeout? uint32 | | +--rw icmp-timeout? uint32 | | +--rw overload? boolean | | +--rw log-translations? boolean | | +--rw max-translations-per-address? uint32 | +--ro state | +--ro name? string | +--ro start-address? inet:ipv4-address | +--ro end-address? inet:ipv4-address | +--ro port-range-start? inet:port-number | +--ro port-range-end? inet:port-number | +--ro port-block-size? uint16 | +--ro (traffic-matcher)? | | +--:(routing-policy) | | | +--ro policy-definition? -> /oc-rpol:routing-policy/policy-definitions/policy-definition/name | | +--:(access-list) | | +--ro acl-set? -> /oc-acl:acl/acl-sets/acl-set/config/name | +--ro persistent? boolean | +--ro max-sessions? uint32 | +--ro address-only? boolean | +--ro timeout? uint32 | +--ro tcp-timeout? uint32 | +--ro udp-timeout? uint32 | +--ro icmp-timeout? uint32 | +--ro overload? boolean | +--ro log-translations? boolean | +--ro max-translations-per-address? uint32 | +--ro allocated-addresses? uint32 | +--ro available-addresses? uint32 | +--ro hit-count? yang:counter64 | +--ro active-sessions? uint32 +--rw mappings +--rw mapping* [name] +--rw name -> ../config/name +--rw config | +--rw name? string | +--rw internal-address? inet:ipv4-address | +--rw external-address? inet:ipv4-address | +--rw internal-port? inet:port-number | +--rw external-port? inet:port-number | +--rw protocol? protocol-type | +--rw (traffic-matcher)? | | +--:(routing-policy) | | | +--rw policy-definition? -> /oc-rpol:routing-policy/policy-definitions/policy-definition/name | | +--:(access-list) | | +--rw acl-set? -> /oc-acl:acl/acl-sets/acl-set/config/name | +--rw persistent? boolean | +--rw max-sessions? uint32 | +--rw bidirectional? boolean | +--rw enabled? boolean +--ro state +--ro name? string +--ro internal-address? inet:ipv4-address +--ro external-address? inet:ipv4-address +--ro internal-port? inet:port-number +--ro external-port? inet:port-number +--ro protocol? protocol-type +--ro (traffic-matcher)? | +--:(routing-policy) | | +--ro policy-definition? -> /oc-rpol:routing-policy/policy-definitions/policy-definition/name | +--:(access-list) | +--ro acl-set? -> /oc-acl:acl/acl-sets/acl-set/config/name +--ro persistent? boolean +--ro max-sessions? uint32 +--ro bidirectional? boolean +--ro enabled? boolean +--ro creation-time? yang:date-and-time +--ro last-used? yang:date-and-time +--ro packet-count? yang:counter64 +--ro byte-count? yang:counter64 +--ro hit-count? yang:counter64 +--ro active-sessions? uint32Platform Implementations