From 96709f00e01cb375d4711ed3b52a956d103fc5ab Mon Sep 17 00:00:00 2001 From: "Hosnieh (Sara)" Date: Sat, 9 Jan 2016 22:20:39 +0100 Subject: [PATCH 1/3] test --- drafts/of-config-sara.yang | 1810 ++++++++++++++++++++++++++++++++++++ 1 file changed, 1810 insertions(+) create mode 100755 drafts/of-config-sara.yang diff --git a/drafts/of-config-sara.yang b/drafts/of-config-sara.yang new file mode 100755 index 0000000..cacddf2 --- /dev/null +++ b/drafts/of-config-sara.yang @@ -0,0 +1,1810 @@ +module of-config { + namespace "urn:onf:config:yang"; + prefix of-config; + + import ietf-yang-types { prefix yang; } + import ietf-inet-types { prefix inet; } + + organization "ONF Config Management Group"; + + contact "mailto:info@opennetworking.org"; + + description + "This module contains a collection of YANG definitions for + configuring OpenFlow datapaths. It is part of the OF-CONFIG + specification."; + + revision 2014-06-01 { + description + "This version of this YANG Module is part of the OF-CONFIG + 1.3 specification; please see the specification itself for + details."; + + reference + "OF-CONFIG 1.3"; + } + + revision 2013-10-05 { + description + "This version of this YANG Module is part of the OF-CONFIG 1.2 + specification; please see the specification itself for details."; + + reference + "OF-CONFIG 1.2"; + } + + revision 2011-12-07 { + description + "First Version"; + + reference + "OF-CONFIG 1.1.1"; + } + +/***************************************************************** + * Type definitions + *****************************************************************/ + + typedef OFConfigIdType { + type string; + description + "Generic type of an identifier in OF-CONFIG"; + } + + typedef OFOpenFlowVersionType { + type enumeration { + enum "not-applicable"; + enum "1.0"; + enum "1.1"; + enum "1.2"; + enum "1.3"; + } + description + "This enumeration contains all OpenFlow major versions supported by + this module"; + } + + typedef OFDatapathIdType { + type string { + pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){7}'; + } + description + "The datapath-id type represents an OpenFlow + datapath identifier."; + } + + typedef OFTenthOfAPercentType { + type uint16 { + range "0..1000"; + } + units "1/10 of a percent"; + description + "This type defines a value in tenth of a percent."; + } + + typedef OFUpDownStateType { + + // XXX: Harmonize with ifAdminStatus and ietf-interface and make it boolean and inline? + type enumeration { + enum up; + enum down; + } + description + "Type to specify state information for a port or a + connection."; + } + + typedef OFPortRateType { + // XXX: This is a perfect example of something that should probably be an + // identity. Remember that enums are not extensible. + type enumeration { + enum 10Mb-HD; + enum 10Mb-FD; + enum 100Mb-HD; + enum 100Mb-FD; + enum 1Gb-HD; + enum 1Gb-FD; + enum 10Gb; + enum 40Gb; + enum 100Gb; + enum 1Tb; + enum other; + } + description + "Type to specify the rate of a port including the + duplex transmission feature. Possible rates are 10Mb, 100Mb, + 1Gb, 10Gb, 40Gb, 100Gb, 1Tb or other. Rates of 10Mb, 100Mb + and 1 Gb can support half or full duplex transmission."; + } + + typedef OFActionType { + type enumeration { + enum output; + enum copy-ttl-out; + enum copy-ttl-in; + enum set-mpls-ttl; + enum dec-mpls-ttl; + enum push-vlan; + enum pop-vlan; + enum push-mpls; + enum pop-mpls; + enum set-queue; + enum group; + enum set-nw-ttl; + enum dec-nw-ttl; + enum set-field; + } + description + "The types of actions defined in OpenFlow Switch + Specification versions 1.2, 1.3, and 1.3.1"; + } + + typedef OFInstructionType { + type enumeration { + enum apply-actions; + enum clear-actions; + enum write-actions; + enum write-metadata; + enum goto-table; + } + description + "The types of instructions defined in OpenFlow + Switch Specification versions 1.2, 1.3, and 1.3.1."; + } + + typedef OFMatchFieldType { + type enumeration { + enum input-port; + enum physical-input-port; + enum metadata; + enum ethernet-dest; + enum ethernet-src; + enum ethernet-frame-type; + enum vlan-id; + enum vlan-priority; + enum ip-dscp; + enum ip-ecn; + enum ip-protocol; + enum ipv4-src; + enum ipv4-dest; + enum tcp-src; + enum tcp-dest; + enum udp-src; + enum udp-dest; + enum sctp-src; + enum sctp-dest; + enum icmpv4-type; + enum icmpv4-code; + enum arp-op; + enum arp-src-ip-address; + enum arp-target-ip-address; + enum arp-src-hardware-address; + enum arp-target-hardware-address; + enum ipv6-src; + enum ipv6-dest; + enum ipv6-flow-label; + enum icmpv6-type; + enum icmpv6-code; + enum ipv6-nd-target; + enum ipv6-nd-source-link-layer; + enum ipv6-nd-target-link-layer; + enum mpls-label; + enum mpls-tc; + } + description + "The types of match field defined in OpenFlow Switch Specification + versions 1.2, 1.3, and 1.3.1."; + } + + typedef OFExperimenterId { + type uint32; + description + "The experimenter field is a 32-bit value that uniquely identifies the + experimenter. If the most significant byte is zero, the next + three bytes are the experimenter's IEEE OUI. If the most + significant byte is not zero, it is a value allocated by the + Open Networking Foundation."; + } + + typedef OFHexBinaryType { + type binary; + description + "Hex binary encoded string"; + reference + "http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/datatypes.html#hexBinary"; + } + +/***************************************************************** + * Groupings + *****************************************************************/ + + grouping OFResourceType { + description + "This element specifies a generic OpenFlow resource + that is used as a basis for specific resources. Even though + this element is not used on its own the following rules for + NETCONF operations MUST be obeyed also by elemnts using this + element."; + + leaf resource-id { + type inet:uri; + mandatory true; + description + "A unique but locally arbitrary identifier that uniquely identifies an + OpenFlow Port within the context of an OpenFlow Logical Switch. + It MUST be persistent across reboots of the OpenFlow Capable + Switch."; + } + } + + grouping OFPortBaseTunnelType { + description + "A group of common elements that are included in every supported tunnel + type. Tunnels are modeled as logical ports. + + One pair of local/remote endpoints must exist for a tunnel + configuration. + + Only elements from one choice must exist at a time."; + + choice endpoints { + mandatory true; + + case v4-endpoints { + leaf local-endpoint-ipv4-adress { + type inet:ipv4-address; + description + "The IPv4 address of the local tunnel endpoint."; + } + + leaf remote-endpoint-ipv4-adress { + type inet:ipv4-address; + description + "The IPv4 address of the remote tunnel endpoint."; + } + } + + case v6-endpoints { + leaf local-endpoint-ipv6-adress { + type inet:ipv6-address; + description + "The IPv6 address of the local tunnel endpoint."; + } + + leaf remote-endpoint-ipv6-adress { + type inet:ipv6-address; + description + "The IPv6 address of the remote tunnel endpoint."; + } + } + + case mac-endpoints { + leaf local-endpoint-mac-adress { + type yang:mac-address; + description + "The MAC address of the local tunnel endpoint."; + } + + leaf remote-endpoint-mac-adress { + type yang:mac-address; + description + "The MAC address of the remote tunnel endpoint."; + } + } + } + } + + + grouping OFPortOtherFeatureListType { + description + "The features of a port that are adertised, supported or advertised by + a peer port."; + + leaf-list rate { + type OFPortRateType; + min-elements 1; + description + "The transmission rate that is supported or advertised. Multiple + transmissions rates are allowed."; + } + + leaf auto-negotiate { + type boolean; + default true; + description + "Specifies if auto-negotiation of transmission parameters is enabled for + the port."; + } + + leaf-list medium { + type enumeration { + enum copper; + enum fiber; + } + min-elements 1; + description + "The transmission medium used by the port. Multiple media are allowed."; + } + + leaf pause { + type enumeration { + enum unsupported; + enum symmetric; + enum asymmetric; + } + mandatory true; + description + "Specifies if pausing of transmission is supported at all and if yes if + it is asymmetric or symmetric."; + } + } + + grouping OFFlowTableType { + } + +/***************************************************************** + * Main container + *****************************************************************/ + + container capable-switch { + description + "The OpenFlow Capable Switch serves as the root element for an OpenFlow + configuration. It contains logical switches and resources that + can be assigned to logical switches. It may have relations to + OpenFlow Configuration Points."; + + leaf id { + type string; + mandatory true; + description + "A unique but locally arbitrary identifier that uniquely identifies a + Capable Switch within the context of potential OpenFlow + Configuration Points. It MUST be persistent across reboots of + the OpenFlow Capable Switch."; + } + + leaf config-version { + type string; + config false; + description + "The maximum supported OF-CONFIG version that is supported by the + OpenFlow Capable Switch. For switches implementing this version + of the OF-CONFIG protocol this MUST always be 1.2. + + This object can be used to identify the OF-CONFIG version + a capable switch supports beginning with version 1.1.1 of + OF-CONFIG. In addtion the supported version can be + determined by the namespace the OpenFlow Capable Switch + returns to configuration request of an element (like + capable-switch) that is present in all OF-CONFIG versions + specified so far. This is the only possiblity to identify + OF-CONFIG versions prior to OF-CONFIG 1.1.1."; + } + + container resources { + description + "A lists containing all resources of the OpenFlow Capable Switch that can + be used by OpenFlow Logical Switches. Resources are listed here + independent of their actual assignment to OpenFlow Logical + Switches. They may be available to be assigned to an OpenFlow + Logical Switch or already in use by an OpenFlow Logical Switch."; + + list port { + // XXX: This is a list of configurable items, need to discuss how + // new ports are created. E.g. if there are physical ports on + // the device, are they pre-populated, and what does it mean + // to remove an enty in this list? Use cases will be helpful. + + // XXX: Making this list depend on ops data seems + // strange. Refactor or remove. + // + // must "features/current/rate != 'other' or " + + // "(count(current-rate) = 1 and count(max-rate) = 1 and " + + // " current-rate > 0 and max-rate > 0)" { + // error-message + // "current-rate and max-rate must be specified and greater than 0 if rate + // equals 'other'"; + // description + // "current-rate and max-rate can only be present if rate = 'other', see + // corresponding leaf descriptions. If rate = 'other', then + // both leafs must be set to values greater than zero."; + // } + + key "resource-id"; + + description + "The list contains all port resources of the OpenFlow Capable Switch. + It specifies all properties of an OpenFlow resource of type + OpenFlow Port. It represent a physical port or a logical + port of the OpenFlow Capable Switch and can be assigned for + exclusive use to an OpenFlow Logical Switch. A logical + port represents a tunnel endpoint as described in the + OpenFlow protocol specification versions 1.3 - 1.3.1."; + + // XXX: Let's revisit, I believe this is a remnant of the idea + // that resources need unique URLs, before we realized that we + // can use instance identifiers to identify a particular node + // in the tree. + uses OFResourceType; + + leaf number { + type uint64; + config false; + + // XXX: The description below makes little sense. This leaf + // is in the context of a list entry on the capable + // switch. Then there are leafrefs to it from the logical + // swith context + // (logical-switches/switch/resources/port). Should we move + // the port number to the logical-switch context? + description + "This number identifies the OpenFlow Port to OpenFlow Controllers. It + is assigned to an OpenFlow Port latest when the OpenFlow + Port is associated with an OpenFlow Logical Switch. If + the OpenFlow Port is associated with an OpenFlow Logical + Switch, this element MUST be unique within the context of + the OpenFlow Logical Switch. + + OpenFlow Capable Switch implementations may choose to + assign values to OpenFlow Ports that are unique within + the context of the OpenFlow Logical Switch. These + numbers can be used independent of assignments to + OpenFlow Logical Switches. + + Other implementations may assign values to this element + only if the OpenFlow Port is assigned to an OpenFlow + Logical Switch."; + } + + leaf requested-number { + type uint64 { + range "1..65279"; + } + // XXX: Need to understand the lifecycle here. Is it the + // case that this is populated on creation of the port. If + // not, what's the use of having it available as a + // configurable item during the port's lifecycle. What does + // it mean to change the value of requested number, is that + // asking to replace ../number? + + description + "This is the requested OpenFlow Port number for this interface. The + switch is expected to try and use the value of this lead + as the port number for the interface. If the switch is + unable to use the requested value or if this leaf is not + present, it will choose a free port to use."; + } + + leaf name { + // XXX: We should probably import and use if:interface-ref + // as an option (union?) here + type string { + length "1..16"; + } + config false; + + // XXX: This description field is tough to follow. For one thing, I don't + // think this is a config false field after having reread it a couple of + // times. This should also tie into a somewhat expanded discussion of the + // the lifecycle of logical switches. + description + "The name of configured interface on the device. This element assists + OpenFlow Controllers in identifying OpenFlow Ports. + + This element is not to be set by the OF-CONFIG protocol, + but it is set by the switch implementation. It may be + set at start-up time of an OpenFlow Capable Switch or + when the OpenFlow Port is assigned to an OpenFlow Logical + Switch. It MAY also be not set at all. If this element is + set to a value when being assigned to an OpenFlow Logical + Switch, then the value of this element MUST be unique + within the context of the OpenFlow Logical Switch."; + } + + leaf current-rate { + when "../features/current/rate='other'" { + // XXX: Having a must on state data seems dangerous here. Needs discussion. + description + "This element is only valid if the element rate of the current features + has value 'other'."; + } + type uint32; + units "kbit/s"; + config false; + description + "This element indicates the current bit rate of the port. Its values is + to be provided in units of kilobit per second + (kbit/s). This element is only valid if the element called + 'rate' in the current Port Features has a value of + 'other'."; + } + + leaf max-rate { + when "../features/current/rate='other'" { + // XXX: Having a must on state data seems dangerous here. Needs discussion. + description + "This element is only valid if the element rate of the current features + has value 'other'."; + } + type uint32; + units "kbit/s"; + config false; + + description + "This element indicates the maximum bit rate of the port. Its values is + to be provided in units of kilobit per second + (kbit/s). This element is only valid if the element called + 'rate' in the current Port Features has a value of + 'other'."; + } + + container configuration { + description + "This containter represents the general administrative configuration of + the OpenFlow Port."; + + leaf admin-state { + type OFUpDownStateType; + default 'up'; + description + "The administrative state of the port. If true, the port has been + administratively brought down and SHOULD not be used by + OpenFlow."; + } + + leaf no-receive { + type boolean; + default false; + description + // XXX: SHOULD -> MUST? + "If true, packets received at this OpenFlow port SHOULD be dropped."; + } + + leaf no-forward { + type boolean; + default false; + description + // XXX: SHOULD -> MUST? + "If true, packets forwarded to this OpenFlow port SHOULD be dropped."; + } + + leaf no-packet-in { + type boolean; + default false; + description + // XXX: should -> MUST? + "If true, packets received on that port that generate a table miss + should never trigger a packet-in message to the + OpenFlow Controller."; + } + } + + container state { + config false; + + description + "This element represents the general operational state of the OpenFlow + Port."; + + leaf oper-state { + type OFUpDownStateType; + description + "If the value of this element is 'down', it indicates that there is no + physical link present."; + } + + leaf blocked { + type boolean; + description + "If the value of this element is 'true', it indicates that a switch + protocol outside of OpenFlow, such as 802.1D Spanning + Tree, is preventing the use of this OpenFlow port for + OpenFlow flooding."; + } + + leaf live { + type boolean; + description + "If the value of this element is 'true', it indicates that this OpenFlow + Port is live and can be used for fast failover."; + } + } + + container features { + // XXX: So this container has containers for current, + // advertised, supported and advertised-peer with the same + // content. Which of those are actually configuration, which + // are system-managed on boot and which are state data + container current { + config false; + description + "The features (rates, duplex, etc.) of the port that are currently in + use."; + + leaf rate { + type OFPortRateType; + description + "The transmission rate that is currently used."; + } + + leaf auto-negotiate { + type boolean; + description + "Specifies the administrative state of the forwarding rate + auto-negotiation protocol on this OpenFlow Port."; + } + + leaf medium { + type enumeration { + enum copper; + enum fiber; + } + description + "This element MUST indicate a valid physical medium used by the OpenFlow + Port."; + } + + leaf pause { + type enumeration { + enum unsupported; + enum symmetric; + enum asymmetric; + } + description + "Specifies if pausing of transmission is supported at all and if yes if + it is asymmetric or symmetric."; + } + } + + container advertised { + // XXX: Is this really configuration data? + uses OFPortOtherFeatureListType; + description + "The features (rates, duplex, etc.) of the port that are advertised to + the peer port."; + } + + container supported { + uses OFPortOtherFeatureListType; + config false; + description + "The features (rates, duplex, etc.) of the port that are supported on + the port."; + } + + container advertised-peer { + uses OFPortOtherFeatureListType; + config false; + description + "The features (rates, duplex, etc.) that are currently advertised by the + peer port."; + } + } + + choice tunnel-type { + description + "Local tunnels endpoints are modeled as logical ports."; + + container tunnel { + description + "Properties of a basic IP-in-GRE tunnel."; + uses OFPortBaseTunnelType; + } + + container ipgre-tunnel { + description + "Properties of a IP-in-GRE tunnel with key, checksum, and sequence number + information."; + + uses OFPortBaseTunnelType; + + leaf checksum-present { + type boolean; + default true; + description + "Indicates presence of the GRE checksum."; + } + + leaf key-present { + type boolean; + default true; + description + "Indicates presence of the GRE key."; + } + + leaf key { + when "../key-present='true'" { + description + "This element is only relevant if element key-present of this IP GRE + Tunnel has value 'true'."; + } + type uint32; + mandatory true; + description + "The (optional) key of the GRE tunnel. It MAY be used to set the + OXM_OF_TUNNEL_ID match field metadata in the OpenFlow + protocol"; + } + + leaf sequence-number-present { + type boolean; + default false; + description + "Indicates presence of the GRE sequence number."; + } + } + + container vxlan-tunnel { + + description + "Properties of a VxLAN tunnel."; + uses OFPortBaseTunnelType; + + leaf vni-valid { + type boolean; + default true; + description + "Indicates how the corresponding flag should be set in packets sent on + the tunnel."; + } + + leaf vni { + type uint32; + description + "Virtual network identifier assigned to all packets sent on the tunnel. + A VxLAN implementation MAY use the this element to + set the OXM_OF_TUNNEL_ID match field metadata in the + OpenFlow protocol."; + } + + leaf vni-multicast-group { + type inet:ip-address; + description + "If IP multicast is used to support broadcast on the tunnel this + specifies the corresponding multicast IP address"; + } + + leaf udp-source-port { + type inet:port-number; + description + "Specifies the outer UDP source port number. If this element is absent, + the port number MAY be chosen dynamically."; + } + + leaf udp-dest-port { + type inet:port-number; + default 4789; + description + "Specifies the outer UDP destination port number. It SHOULD + be set to 4789, the port number reserved for VxLAN at IANA."; + } + + leaf udp-checksum { + type boolean; + default false; + description + "Boolean flag to indicate whether or not the outer UDP checksum should be + set"; + } + + } + + container nvgre-tunnel { + description + "Properties of an NVGRE tunnel."; + + uses OFPortBaseTunnelType; + + leaf vsid { + type uint32; + description + "Specifies the virtual subnet id used to identify packets belonging to + the NVGRE virtual layer-2 network (24 bit)"; + } + + leaf flow-id { + type uint8; + default 0; + description + "8-bit value that is used to provide per-flow entropy for flows in the same VSID"; + } + + } + } + } + + list queue { + key "resource-id"; + description + "The list contains all queue resources of the OpenFlow Capable Switch."; + uses OFResourceType; + + leaf id { + type uint64; + mandatory true; + description + "This id identifies the OpenFlow Queue to OpenFlow Controllers. It is + assigned to an OpenFlow Queue latest when the OpenFlow + Queue is associated with and OpenFlow Logical Switch. If + the OpenFlow Queue is associated with an OpenFlow Logical + Switch, this element MUST be unique within the context of + the OpenFlow Logical Switch. + + OpenFlow Capable Switch implementations may choose to + assign values to OpenFlow Queues that are unique within + the context of the OpenFlow Logical Switch. These id can + be used independent of assignments to OpenFlow Logical + Switches. + + Other implementations may assign values to this element + only if the OpenFlow Queue is assigned to an OpenFlow + Logical Switch."; + } + + leaf port { + type leafref { + path "/capable-switch/resources/port/resource-id"; + } + description + "Reference to port resources in the Capable Switch. + + This element associates an OpenFlow Queue with an + OpenFlow Port. If the OpenFlow Queue is associated with + an OpenFlow Logical Switch S and this element is present, + then it MUST be set to the value of element resource-id + of an OpenFlow Port which is associated with the OpenFlow + Logical Switch."; + } + + container properties { + description + "The queue properties currently configured."; + + leaf min-rate { + type OFTenthOfAPercentType; + description + "The minimal rate that is reserved for this queue in 1/10 of a percent of + the actual rate. + + This element is optional. If not present a min-rate is not + set."; + } + + leaf max-rate { + type OFTenthOfAPercentType; + description + "The maximum rate that is reserved for this queue in 1/10 of a percent of + the actual rate. + + This element is optional. If not present the max-rate is not + set."; + } + + leaf experimenter-id { + type OFExperimenterId; + description + "Experimenter ID of a currently configured experimenter."; + } + + leaf experimenter-data { + type OFHexBinaryType; + description + "This leaf contains the rest of the experimenter queue property body + and is arbitrarily defined by the corresponding + experimenter."; + } + } + } + + list owned-certificate { + key "resource-id"; + description + "The list contains all owned certificate resources of the OpenFlow + Capable Switch. It can be used by an OpenFlow Logical + Switch for authenticating itself to a controller when a TLS + connection is established."; + uses OFResourceType; + + leaf certificate { + type string; + mandatory true; + description + "An X.509 certificate in DER format base64 encoded."; + } + + container private-key { + + description + "This element contains the private key corresponding to the + certificate. The private key is encoded as specified in + XML-Signature Syntax and Processing + (http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/). + Currently the specification only support DSA and RSA + keys."; + + choice key-type { + mandatory true; + case dsa { + container DSAKeyValue { + description + "DSA keys and the DSA signature algorithm are specified in 'FIPS PUB + 186-2, Digital Signature Standard (DSS), + U.S. Department of Commerce/National Institute of + Standards and Technology, + http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf'. + DSA public key values can have the following + fields: + + P - a prime modulus meeting the requirements of the standard + above + Q - an integer in the range 2**159 < Q < 2**160 which is a + prime divisor of P-1 + G - an integer with certain properties with respect to P and Q + J - (P - 1) / Q + Y - G**X mod P (where X is part of the private key and not made + public) + seed - a DSA prime generation seed + pgenCounter - a DSA prime generation counter + + Parameter J is avilable for inclusion solely for + efficiency as it is calculatable from P and + Q. + + Parameters seed and pgenCounter are used in the DSA + prime number generation algorithm specified in the + above standard. As such, they are optional but MUST + either both be present or both be absent. This + prime generation algorithm is designed to provide + assurance that a weak prime is not being used and + it yields a P and Q value. + + Parameters P, Q, and G can be public and common to + a group of users. They might be known from + application context. As such, they are optional + but P and Q MUST either both appear or both be + absent. + + If all of P, Q, seed, and pgenCounter are present, + implementations are not required to check if they + are consistent and are free to use either P and Q + or seed and pgenCounter. + + All parameters are encoded as base64 values."; + + leaf P { + when "count(../Q) != 0"; + type binary; + mandatory true; + description + "A prime modulus meeting the requirements of the standard + above"; + } + + leaf Q { + when "count(../P) != 0"; + type binary; + mandatory true; + description + "An integer in the range 2**159 < Q < 2**160 which is a + prime divisor of P-1"; + } + + leaf J { + type binary; + description + "(P - 1) / Q"; + } + + leaf G { + type binary; + description + "An integer with certain properties with respect to P and Q"; + } + + leaf Y { + type binary; + mandatory true; + description + "G**X mod P (where X is part of the private key and not made public)"; + } + + leaf Seed { + when "count(../PgenCounter) != 0"; + type binary; + mandatory true; + description + "A DSA prime generation seed"; + + } + leaf PgenCounter { + when "count(../Seed) != 0"; + type binary; + mandatory true; + description + "A DSA prime generation counter"; + } + } + } + case rsa { + container RSAKeyValue { + description + "RSA key values have two fields: Modulus and Exponent."; + + leaf Modulus { + type binary; + mandatory true; + } + + leaf Exponent { + type binary; + mandatory true; + } + } + } + } + } + } + + list external-certificate { + key "resource-id"; + description + "The list contains all external certificate resources of the OpenFlow + Capable Switch for authenticating a controller when a TLS + connection is established."; + + uses OFResourceType; + + leaf certificate { + type string; + mandatory true; + description + "An X.509 certificate in DER format base64 encoded."; + } + } + + list flow-table { + key table-id; + description + "The list contains all flow table resources of the OpenFlow Capable + Switch."; + + uses OFResourceType; + + leaf table-id { + type uint8; + + description + "Identifier of table."; + } + + leaf name { + type string; + + description + "Table name"; + } + + leaf metadata-match { + type OFHexBinaryType { + length 16; + } + + description + "This element indicates the bits of the metadata field on which the + flow table can match on. It is represented as a 64-bit + integer in hexadecimal digits([0-9a-fA-F]) format."; + } + + leaf metadata-write { + type OFHexBinaryType { + length 16; + } + + description + "This element indicates the bits of the metadata field on which table + can write using the 'write-metadata' instruction. It is + represented as a 64-bit integer in hexadecimal + digits([0-9a-fA-F]) format."; + } + + leaf max-entries { + type uint32; + config false; + + description + "The maximum number of flow entries supported by the flow table."; + } + + container properties { + presence "This table exposes feature properties"; + + description + "Table feature properties representing all possible features of a + table. Each container represent a single table feature + property. + + According to the specification, clients should understand + that the properties with the -miss suffix may be omitted + if it is the same as the corresponding property for + regular flow entries."; + + container instructions { + leaf-list type { + type OFInstructionType; + + description + "The list of instruction types supported by this table for regular flow + entries"; + } + } + + container instructions-miss { + leaf-list type { + type OFInstructionType; + + description + "The list of all instruction types supported by this table for + table-miss flow entries"; + } + } + + container next-tables { + leaf-list table-id { + type uint8; + + description + "An array of resource-ids of all flow tables that can be directly + reached from this table using the 'goto-table' + instruction for regular flow entries."; + } + } + + container next-tables-miss { + leaf-list table-id { + type uint8; + + description + "An array of resource-ids of all flow tables that can be directly reached + from this table using the 'goto-table' instruction for the table-miss flow + entry."; + } + } + + container write-actions { + leaf-list type { + type OFActionType; + + description + "The list of all write action types supported by this table for regular + flow entries."; + } + } + + container write-actions-miss { + leaf-list type { + type OFActionType; + + description + "The list of all write action types supported by this table for table-miss + flow entries."; + } + } + + container apply-actions { + leaf-list type { + type OFActionType; + + description + "The list of all apply action types supported by the flow table for + regular flow entries."; + } + } + + container apply-actions-miss { + leaf-list type { + type OFActionType; + + description + "The list of all apply action types supported by the flow table for + table-miss flow entries."; + } + } + + container matches { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all match types supported by this table for regular + flow entries."; + } + } + + container wildcards { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all fields for which the table supports wildcarding."; + } + } + + container write-setfields { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all 'set-field' action types supported by this table using + write actions for regular flow entries."; + } + } + + container write-setfields-miss { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all 'set-field' action types supported by this table using + write actions for table-miss flow entries."; + } + } + + container apply-setfields { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all 'set-field' action types supported by the table using + apply actions for regular flow entries."; + } + } + + container apply-setfields-miss { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all 'set-field' action types supported by the table using + apply actions for table-miss flow entries."; + } + } + + container experimenter { + leaf-list experimenter-id { + type OFExperimenterId; + + description + "The list of all experimenters supported by the table for regular + flow entries."; + } + } + + container experimenter-miss { + leaf-list experimenter-id { + type OFExperimenterId; + + description + "The list of all experimenters supported by the table for table-miss + flow entries."; + } + } + } + } + } + + container logical-switches { + description + "This element contains a list of all OpenFlow Logical Switches available + at the OpenFlow Capable Switch."; + + list switch { + key "id"; + description + "The list of all OpenFlow Logical Switches on the OpenFlow Capable + Switch."; + + leaf id { + type OFConfigIdType; + mandatory true; + description + "A unique but locally arbitrary identifier that identifies a Logical + Switch within the context of an OpenFlow Capable + Switch. It MUST be persistent across reboots of the + OpenFlow Capable Switch."; + } + + container capabilities { + config false; + description + "This element contains all capability items that an OpenFlow Logical + Switch MAY implement."; + + leaf max-buffered-packets { + type uint32; + description + "The maximum number of packets the logical switch can buffer when + sending packets to the controller using packet-in + messages."; + } + + leaf max-tables { + type uint8; + description + "The number of flow tables supported by the logical switch."; + } + + leaf max-ports { + type uint32; + description + "The number of flow tables supported by the logical switch."; + } + + leaf flow-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports flow statistics."; + } + + leaf table-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports table statistics."; + } + + leaf port-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports port statistics."; + } + + leaf group-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports group statistics."; + } + + leaf queue-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports queue statistics."; + } + + leaf reassemble-ip-fragments { + type boolean; + default false; + description + "Specifies if the logical switch supports reassemble IP fragments."; + } + + leaf block-looping-ports { + type boolean; + default false; + description + "'true' indicates that a switch protocol outside of OpenFlow, such as + 802.1D Spanning Tree, will detect topology loops and + block ports to prevent packet loops."; + } + + container reserved-port-types { + description + "Specify generic forwarding actions such as sending to the controller, + flooding, or forwarding using non-OpenFlow methods, + such as 'normal' switch processing."; + + reference + "The types of reserved ports are defined in OpenFlow Switch + Specification versions 1.2, 1.3, and 1.3.1."; + + leaf-list type { + type enumeration { + enum all; + enum controller; + enum table; + enum inport; + enum any; + enum normal; + enum flood; + } + } + } + + container group-types { + description + "Specify the group types supported by the logical switch."; + + reference + "The types of groups are defined in OpenFlow Switch Specification + versions 1.2, 1.3, and 1.3.1."; + + leaf-list type { + type enumeration { + enum all; + enum select; + enum indirect; + enum fast-failover; + } + } + } + + container group-capabilities { + description + "Specify the group capabilities supported by the logical switch."; + + reference + "The types of group capability are defined in OpenFlow Switch + Specification versions 1.2, 1.3, and 1.3.1."; + + leaf-list capability { + type enumeration { + enum select-weight; + enum select-liveness; + enum chaining; + enum chaining-check; + } + } + } + + container action-types { + description + "Specify the action types supported by the logical switch."; + + leaf-list type { + type OFActionType; + } + } + + container instruction-types { + description + "Specify the instruction types supported by the logical switch."; + + leaf-list type { + type OFInstructionType; + } + } + } + + leaf datapath-id { + type OFDatapathIdType; + mandatory true; + description + "The datapath identifier of the Logical Switch that uniquely identifies + this Logical Switch within the context of all OpenFlow + Controllers associated with the OpenFlow Logical Switch. + The datapath identifier is a string value that MUST be + formatted as a sequence of 8 2-digit hexadecimal numbers + that are separated by colons, for example, + '01:23:45:67:89:ab:cd:ef'. When processing a datapath + identifier, the case of the decimal digits MUST be + ignored."; + } + + leaf enabled { + type boolean; + default false; + description + "This element indicates the administrative state of the OpenFlow + Logical Switch. A value of 'false' means the OpenFlow + Logical Switch MUST NOT communicate with any OpenFlow + Controllers, MUST NOT conduct any OpenFlow processing, + and SHOULD NOT be utilizing computational or network + resources of the underlying platform."; + } + + leaf check-controller-certificate { + type boolean; + default false; + description + "This element indicates the behavior of the OpenFlow Logical Switch + when connecting to an OpenFlow Controller. + + If set to value 'false', the logical switch will connect + to a controller without checking any controller certificate. + + If set to value 'true', then the logical switch will + connect to a controller with element set to + 'TLS', only if the controller provides a certificate that + can be verified with one of the certificates stored in + the list called external-certificates in the OpenFlow + Capable Switch. + + If a certificate cannot be validated, the OpenFlow + Logical Switch MUST terminate communication with the + corresponding OpenFlow Controller, MUST NOT conduct any + OpenFlow processing on requests of this OpenFlow + controller, and SHOULD NOT further utilize any + computational or network resources of for dealing with + this connection. + + If set to value 'true', the OpenFlow Logical Switch MUST + NOT connect to any OpenFlow Controller that does not + provide a certificate. This implies that it cannot + connect to an OpenFlow controller that has the value of + element protocol set to 'TCP'. Only connections with + protocol 'TLS' are possible in this case."; + } + + leaf lost-connection-behavior { + type enumeration { + enum failSecureMode; + enum failStandaloneMode; + } + default failSecureMode; + description + "This element indicates the the behavior of the OpenFlow Logical Switch + in case it loses contact with all OpenFlow Controllers. + There are two alternative modes in such a case: fails + secure mode and fail standalone mode as defined by the + OpenFlow protocol specification version 1.2, section 6.4. + These are the only allowed values for this + element. Default is the fail secure mode."; + } + + container controllers { + description + "The list of controllers for this Logical switch."; + + list controller { + key "id"; + description + "The list of OpenFlow Controllers that are assigned to the OpenFlow + Logical Switch. The switch MUST NOT connect to any + OpenFlow Controller that is not contained in this list."; + + leaf id { + type OFConfigIdType; + mandatory true; + description + "A unique but locally arbitrary identifier that uniquely identifies an + OpenFlow Controller within the context of an OpenFlow + Capable Switch. It MUST be persistent across reboots + of the OpenFlow Capable Switch."; + } + + leaf role { + type enumeration { + enum master; + enum slave; + enum equal; + } + default equal; + + description + "This element indicates the role of the OpenFlow Controller. Semantics + of these roles are specified in the OpenFlow + specifications 1.0 - 1.3.1. It is RECOMMENDED that + the roles of controllers are not configured by + OF-CONFIG 1.1.1 but determined using the OpenFlow + protocol. OpenFlow Controllers configured by + OF-CONFIG 1.1.1 have the default role 'equal'. A + role other than 'equal' MAY be assigned to a + controller. Roles 'slave' and 'equal' MAY be + assigned to multiple controllers. Role 'master' MUST + NOT be assigned to more than one controller."; + } + + leaf ip-address { + type inet:ip-address; + mandatory true; + description + "The IP address of the OpenFlow Controller. This IP address is used by + the OpenFlow Logical Switch when connecting to the + OpenFlow Controller."; + } + + leaf port { + type inet:port-number; + default 6633; + description + "The TCP port number at the OpenFlow Controller. This port number is + used by the OpenFlow Logical Switch when connecting + to the OpenFlow Controller using TCP or TLS. The + default value is 6633."; + } + + leaf local-ip-address { + type inet:ip-address; + description + "The local IP address of the OpenFlow Logical Switch when connecting to + this OpenFlow Controller. It is the source IP + address of packets sent to this OpenFlow Controller. + If present, this element overrides any default IP + address. + + This element is optional. Attempts to set this + element to an IP address that cannot be used by the + OpenFlow Logical Switch MUST result in an + 'bad-element' error with type 'application'. The + element MUST contain the name of this + element in the element."; + } + + leaf local-port { + type inet:port-number; + description + "The local TCP port number of the OpenFlow Logical Switch when + connecting to this OpenFlow Controller. It is the + source TCP port number of packets sent to this + OpenFlow Controller. If this element is not present, + then the port number is chosen arbitrarily by the + OpenFlow Logical Switch. + + This element is optional. Attempts to set this + element to a port number that cannot be used by the + OpenFlow Logical Switch MUST result in an + 'bad-element' error with type 'application'. The + element MUST contain the name of this + element in the element."; + } + + leaf protocol { + type enumeration { + enum "tcp"; + enum "tls"; + } + default "tls"; + description + "The default protocol that the OpenFlow Logical Switch uses to connect + to this OpenFlow Controller."; + } + + container state { + config false; + description + "This container holds connection state information that indicate the + connection state of the OpenFlow Logical Switch and + the OpenFlow protocol version used for the + connection."; + + leaf connection-state { + type OFUpDownStateType; + description + "This object indicates the connections state of the OpenFlow Logical + Switch to this controller."; + } + leaf current-version { + type OFOpenFlowVersionType; + description + "This object indicates the version of the OpenFlow protocol used + between the OpenFlow Logical Switch and this + Controller. If element connection-state has value + 'up', then this element indicates the actual + version in use. If element connection-state has + value 'down', then this element indicates the + version number of the last established connection + with this OpenFlow Controller. The value of this + element MAY be persistent across reboots of the + OpenFlow Logical Switch in such a case. If element + connection-state has value 'down'and there is no + information about previous connections to this + OpenFlow controller, then this element is not + present."; + } + + leaf-list supported-versions { + type OFOpenFlowVersionType; + description + "This list of elements includes one entry for each OpenFlow protocol + version that this OpenFlow controller supports. It + SHOULD contain all."; + } + + leaf local-ip-address-in-use { + type inet:ip-address; + description + "The local IP address of the OpenFlow Logical Switch when connecting to + this OpenFlow Controller. It is the source IP + address of packets sent to this OpenFlow + Controller. If present, this element overrides any + default IP address."; + } + + leaf local-port-in-use { + type inet:port-number; + description + "The local TCP port number of the OpenFlow Logical Switch. If element + connection-state has value 'up', then this element + indicates the actual port number in use. If + element connection-state has value 'down', then + this element indicates the port number used for the + last attempt to establish a connection with this + OpenFlow Controller.??? When connecting to this + OpenFlow Controller, it is the source TCP port + number of packets sent to this OpenFlow Controller. + If this element has its defaqult value 0, then port + number is chosen arbitrarily by the OpenFlow + Logical Switch."; + } + } + + } + } + + container resources { + description + "The list of identifiers of all resources of the OpenFlow Capable + Switch that the OpenFlow Logical Switch has exclusive or + non-exclusive access to. A resource is identified by the + value of its resource-identifier element. For each + resource identifier value in this list, there MUST be an + element with a matching resource identifier value in the + resources list of the OpenFlow Capable Switch. + + Identifiers of this list are contained in elements + indicating the type of resource: 'port', 'queue', + 'certificate', or 'flow-table'. Depending on the type, + different constraints apply. These are specified in + separate descriptions per type."; + + leaf-list port { + // XXX: This has uniqueness requirements. The values must be unique, + // i.e. there can not be two ports pointing to the same capable-switch + // port. Should probably have a must statement here, checking if there + // are other logical-switches/switch instances that references the same + // port. + + type leafref { + path "/capable-switch/resources/port/resource-id"; + } + description + "A resource identifier of a port of the OpenFlow Capable + Switch that the OpenFlow Logical Switch has exclusive access to. + + Elements in this list MUST be unique. This means each port + element can only be referenced once."; + } + + leaf-list queue { + type leafref { + path "/capable-switch/resources/queue/resource-id"; + } + description + "A resource identifier of a queue of the OpenFlow Capable Switch + that the OpenFlow Logical Switch has exclusive access to. + + Elements in this list MUST be unique. This means each + queue element can only be referenced once."; + } + + leaf certificate { + type leafref { + path "/capable-switch/resources/owned-certificate/resource-id"; + } + description + "The resource identifier of the owned certificate in the OpenFlow + Capable Switch that the OpenFlow Logical Switch uses to + identify itself. This element MUST NOT occur more than + once in an OpenFlow Logical Switch's resource list. + + If no such element is in an OpenFlow Logical Switch's + resource list, then the OpenFlow Logical Switch does + not authenticate itself towards an OpenFloe Controller + with a certificate. If this element is present, then + the OpenFlow Logical Switch MUST provide this + certificate for authentication to an OpenFlow + Controller when setting up a TLS connection. + + For TCP connections this element is irrelevant."; + } + + leaf-list flow-table { + type leafref { + path "/capable-switch/resources/flow-table/table-id"; + } + description + "A resource identifier of a flow table of the OpenFlow Capable Switch + that the OpenFlow Logical Switch has exclusive access + to. + + Elements in this list MUST be unique. This means each + flow-table element can only be referenced once."; + } + } + } + } + } +} From 416037ad37ec1ef6c4c1e3fd1b55cb5c3ec1dd39 Mon Sep 17 00:00:00 2001 From: "Hosnieh (Sara)" Date: Mon, 11 Jan 2016 20:09:24 +0100 Subject: [PATCH 2/3] of-config-sara.yang --- drafts/of-config-sara.yang | 67 ++++++++++++++++++++++++++++++-------- 1 file changed, 53 insertions(+), 14 deletions(-) mode change 100755 => 100644 drafts/of-config-sara.yang diff --git a/drafts/of-config-sara.yang b/drafts/of-config-sara.yang old mode 100755 new mode 100644 index cacddf2..76cc800 --- a/drafts/of-config-sara.yang +++ b/drafts/of-config-sara.yang @@ -14,6 +14,16 @@ module of-config { configuring OpenFlow datapaths. It is part of the OF-CONFIG specification."; + revision 2016-01-09 { + description + "This version of this YANG Module is part of the OF-CONFIG + 1.3 specification; please see the specification itself for + details."; + + reference + "OF-CONFIG 1.3"; + } + revision 2014-06-01 { description "This version of this YANG Module is part of the OF-CONFIG @@ -85,10 +95,8 @@ module of-config { typedef OFUpDownStateType { // XXX: Harmonize with ifAdminStatus and ietf-interface and make it boolean and inline? - type enumeration { - enum up; - enum down; - } + type boolean; + default "true"; description "Type to specify state information for a port or a connection."; @@ -545,7 +553,7 @@ module of-config { leaf admin-state { type OFUpDownStateType; - default 'up'; + default 'true'; description "The administrative state of the port. If true, the port has been administratively brought down and SHOULD not be used by @@ -1053,13 +1061,42 @@ module of-config { connection is established."; uses OFResourceType; - - leaf certificate { - type string; - mandatory true; - description - "An X.509 certificate in DER format base64 encoded."; - } + case localPKI{ + container node { + + leaf certificate { + type string; + mandatory true; + description + "An X.509 certificate in DER format base64 encoded."; + } + } + } + case DNSbasedPKI{ + container node { + + leaf DNSTLSA { + type string; + mandatory true; + description + "The TLSA record of a local DNS server in Der format. According to RFC https://tools.ietf.org/html/rfc6698"; + } + leaf certificate { + type string; + mandatory true; + description + "An X.509 certificate in DER format base64 encoded. This is the certificate of the component itself (switch, controlelr)"; + } + leaf private-key { + type string; + mandatory true; + description + "The private key relates to the certificate"; + } + + + } + } } list flow-table { @@ -1535,7 +1572,7 @@ module of-config { } default failSecureMode; description - "This element indicates the the behavior of the OpenFlow Logical Switch + "This element indicates the behavior of the OpenFlow Logical Switch in case it loses contact with all OpenFlow Controllers. There are two alternative modes in such a case: fails secure mode and fail standalone mode as defined by the @@ -1553,7 +1590,9 @@ module of-config { description "The list of OpenFlow Controllers that are assigned to the OpenFlow Logical Switch. The switch MUST NOT connect to any - OpenFlow Controller that is not contained in this list."; + OpenFlow Controller that is not contained in this list. + If the authenticaton is external-certificate and based on DNSbasedPKI + then this list may be retreived from the DNS server"; leaf id { type OFConfigIdType; From b2b13133821891f2f6c8e44a56cce08b3511f5a7 Mon Sep 17 00:00:00 2001 From: "Hosnieh (Sara)" Date: Mon, 25 Jan 2016 19:48:28 +0100 Subject: [PATCH 3/3] solve the syntax error --- drafts/of-config-sara.yang | 3698 ++++++++++++++++++------------------ 1 file changed, 1849 insertions(+), 1849 deletions(-) diff --git a/drafts/of-config-sara.yang b/drafts/of-config-sara.yang index 76cc800..81747c2 100644 --- a/drafts/of-config-sara.yang +++ b/drafts/of-config-sara.yang @@ -1,1849 +1,1849 @@ -module of-config { - namespace "urn:onf:config:yang"; - prefix of-config; - - import ietf-yang-types { prefix yang; } - import ietf-inet-types { prefix inet; } - - organization "ONF Config Management Group"; - - contact "mailto:info@opennetworking.org"; - - description - "This module contains a collection of YANG definitions for - configuring OpenFlow datapaths. It is part of the OF-CONFIG - specification."; - - revision 2016-01-09 { - description - "This version of this YANG Module is part of the OF-CONFIG - 1.3 specification; please see the specification itself for - details."; - - reference - "OF-CONFIG 1.3"; - } - - revision 2014-06-01 { - description - "This version of this YANG Module is part of the OF-CONFIG - 1.3 specification; please see the specification itself for - details."; - - reference - "OF-CONFIG 1.3"; - } - - revision 2013-10-05 { - description - "This version of this YANG Module is part of the OF-CONFIG 1.2 - specification; please see the specification itself for details."; - - reference - "OF-CONFIG 1.2"; - } - - revision 2011-12-07 { - description - "First Version"; - - reference - "OF-CONFIG 1.1.1"; - } - -/***************************************************************** - * Type definitions - *****************************************************************/ - - typedef OFConfigIdType { - type string; - description - "Generic type of an identifier in OF-CONFIG"; - } - - typedef OFOpenFlowVersionType { - type enumeration { - enum "not-applicable"; - enum "1.0"; - enum "1.1"; - enum "1.2"; - enum "1.3"; - } - description - "This enumeration contains all OpenFlow major versions supported by - this module"; - } - - typedef OFDatapathIdType { - type string { - pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){7}'; - } - description - "The datapath-id type represents an OpenFlow - datapath identifier."; - } - - typedef OFTenthOfAPercentType { - type uint16 { - range "0..1000"; - } - units "1/10 of a percent"; - description - "This type defines a value in tenth of a percent."; - } - - typedef OFUpDownStateType { - - // XXX: Harmonize with ifAdminStatus and ietf-interface and make it boolean and inline? - type boolean; - default "true"; - description - "Type to specify state information for a port or a - connection."; - } - - typedef OFPortRateType { - // XXX: This is a perfect example of something that should probably be an - // identity. Remember that enums are not extensible. - type enumeration { - enum 10Mb-HD; - enum 10Mb-FD; - enum 100Mb-HD; - enum 100Mb-FD; - enum 1Gb-HD; - enum 1Gb-FD; - enum 10Gb; - enum 40Gb; - enum 100Gb; - enum 1Tb; - enum other; - } - description - "Type to specify the rate of a port including the - duplex transmission feature. Possible rates are 10Mb, 100Mb, - 1Gb, 10Gb, 40Gb, 100Gb, 1Tb or other. Rates of 10Mb, 100Mb - and 1 Gb can support half or full duplex transmission."; - } - - typedef OFActionType { - type enumeration { - enum output; - enum copy-ttl-out; - enum copy-ttl-in; - enum set-mpls-ttl; - enum dec-mpls-ttl; - enum push-vlan; - enum pop-vlan; - enum push-mpls; - enum pop-mpls; - enum set-queue; - enum group; - enum set-nw-ttl; - enum dec-nw-ttl; - enum set-field; - } - description - "The types of actions defined in OpenFlow Switch - Specification versions 1.2, 1.3, and 1.3.1"; - } - - typedef OFInstructionType { - type enumeration { - enum apply-actions; - enum clear-actions; - enum write-actions; - enum write-metadata; - enum goto-table; - } - description - "The types of instructions defined in OpenFlow - Switch Specification versions 1.2, 1.3, and 1.3.1."; - } - - typedef OFMatchFieldType { - type enumeration { - enum input-port; - enum physical-input-port; - enum metadata; - enum ethernet-dest; - enum ethernet-src; - enum ethernet-frame-type; - enum vlan-id; - enum vlan-priority; - enum ip-dscp; - enum ip-ecn; - enum ip-protocol; - enum ipv4-src; - enum ipv4-dest; - enum tcp-src; - enum tcp-dest; - enum udp-src; - enum udp-dest; - enum sctp-src; - enum sctp-dest; - enum icmpv4-type; - enum icmpv4-code; - enum arp-op; - enum arp-src-ip-address; - enum arp-target-ip-address; - enum arp-src-hardware-address; - enum arp-target-hardware-address; - enum ipv6-src; - enum ipv6-dest; - enum ipv6-flow-label; - enum icmpv6-type; - enum icmpv6-code; - enum ipv6-nd-target; - enum ipv6-nd-source-link-layer; - enum ipv6-nd-target-link-layer; - enum mpls-label; - enum mpls-tc; - } - description - "The types of match field defined in OpenFlow Switch Specification - versions 1.2, 1.3, and 1.3.1."; - } - - typedef OFExperimenterId { - type uint32; - description - "The experimenter field is a 32-bit value that uniquely identifies the - experimenter. If the most significant byte is zero, the next - three bytes are the experimenter's IEEE OUI. If the most - significant byte is not zero, it is a value allocated by the - Open Networking Foundation."; - } - - typedef OFHexBinaryType { - type binary; - description - "Hex binary encoded string"; - reference - "http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/datatypes.html#hexBinary"; - } - -/***************************************************************** - * Groupings - *****************************************************************/ - - grouping OFResourceType { - description - "This element specifies a generic OpenFlow resource - that is used as a basis for specific resources. Even though - this element is not used on its own the following rules for - NETCONF operations MUST be obeyed also by elemnts using this - element."; - - leaf resource-id { - type inet:uri; - mandatory true; - description - "A unique but locally arbitrary identifier that uniquely identifies an - OpenFlow Port within the context of an OpenFlow Logical Switch. - It MUST be persistent across reboots of the OpenFlow Capable - Switch."; - } - } - - grouping OFPortBaseTunnelType { - description - "A group of common elements that are included in every supported tunnel - type. Tunnels are modeled as logical ports. - - One pair of local/remote endpoints must exist for a tunnel - configuration. - - Only elements from one choice must exist at a time."; - - choice endpoints { - mandatory true; - - case v4-endpoints { - leaf local-endpoint-ipv4-adress { - type inet:ipv4-address; - description - "The IPv4 address of the local tunnel endpoint."; - } - - leaf remote-endpoint-ipv4-adress { - type inet:ipv4-address; - description - "The IPv4 address of the remote tunnel endpoint."; - } - } - - case v6-endpoints { - leaf local-endpoint-ipv6-adress { - type inet:ipv6-address; - description - "The IPv6 address of the local tunnel endpoint."; - } - - leaf remote-endpoint-ipv6-adress { - type inet:ipv6-address; - description - "The IPv6 address of the remote tunnel endpoint."; - } - } - - case mac-endpoints { - leaf local-endpoint-mac-adress { - type yang:mac-address; - description - "The MAC address of the local tunnel endpoint."; - } - - leaf remote-endpoint-mac-adress { - type yang:mac-address; - description - "The MAC address of the remote tunnel endpoint."; - } - } - } - } - - - grouping OFPortOtherFeatureListType { - description - "The features of a port that are adertised, supported or advertised by - a peer port."; - - leaf-list rate { - type OFPortRateType; - min-elements 1; - description - "The transmission rate that is supported or advertised. Multiple - transmissions rates are allowed."; - } - - leaf auto-negotiate { - type boolean; - default true; - description - "Specifies if auto-negotiation of transmission parameters is enabled for - the port."; - } - - leaf-list medium { - type enumeration { - enum copper; - enum fiber; - } - min-elements 1; - description - "The transmission medium used by the port. Multiple media are allowed."; - } - - leaf pause { - type enumeration { - enum unsupported; - enum symmetric; - enum asymmetric; - } - mandatory true; - description - "Specifies if pausing of transmission is supported at all and if yes if - it is asymmetric or symmetric."; - } - } - - grouping OFFlowTableType { - } - -/***************************************************************** - * Main container - *****************************************************************/ - - container capable-switch { - description - "The OpenFlow Capable Switch serves as the root element for an OpenFlow - configuration. It contains logical switches and resources that - can be assigned to logical switches. It may have relations to - OpenFlow Configuration Points."; - - leaf id { - type string; - mandatory true; - description - "A unique but locally arbitrary identifier that uniquely identifies a - Capable Switch within the context of potential OpenFlow - Configuration Points. It MUST be persistent across reboots of - the OpenFlow Capable Switch."; - } - - leaf config-version { - type string; - config false; - description - "The maximum supported OF-CONFIG version that is supported by the - OpenFlow Capable Switch. For switches implementing this version - of the OF-CONFIG protocol this MUST always be 1.2. - - This object can be used to identify the OF-CONFIG version - a capable switch supports beginning with version 1.1.1 of - OF-CONFIG. In addtion the supported version can be - determined by the namespace the OpenFlow Capable Switch - returns to configuration request of an element (like - capable-switch) that is present in all OF-CONFIG versions - specified so far. This is the only possiblity to identify - OF-CONFIG versions prior to OF-CONFIG 1.1.1."; - } - - container resources { - description - "A lists containing all resources of the OpenFlow Capable Switch that can - be used by OpenFlow Logical Switches. Resources are listed here - independent of their actual assignment to OpenFlow Logical - Switches. They may be available to be assigned to an OpenFlow - Logical Switch or already in use by an OpenFlow Logical Switch."; - - list port { - // XXX: This is a list of configurable items, need to discuss how - // new ports are created. E.g. if there are physical ports on - // the device, are they pre-populated, and what does it mean - // to remove an enty in this list? Use cases will be helpful. - - // XXX: Making this list depend on ops data seems - // strange. Refactor or remove. - // - // must "features/current/rate != 'other' or " + - // "(count(current-rate) = 1 and count(max-rate) = 1 and " + - // " current-rate > 0 and max-rate > 0)" { - // error-message - // "current-rate and max-rate must be specified and greater than 0 if rate - // equals 'other'"; - // description - // "current-rate and max-rate can only be present if rate = 'other', see - // corresponding leaf descriptions. If rate = 'other', then - // both leafs must be set to values greater than zero."; - // } - - key "resource-id"; - - description - "The list contains all port resources of the OpenFlow Capable Switch. - It specifies all properties of an OpenFlow resource of type - OpenFlow Port. It represent a physical port or a logical - port of the OpenFlow Capable Switch and can be assigned for - exclusive use to an OpenFlow Logical Switch. A logical - port represents a tunnel endpoint as described in the - OpenFlow protocol specification versions 1.3 - 1.3.1."; - - // XXX: Let's revisit, I believe this is a remnant of the idea - // that resources need unique URLs, before we realized that we - // can use instance identifiers to identify a particular node - // in the tree. - uses OFResourceType; - - leaf number { - type uint64; - config false; - - // XXX: The description below makes little sense. This leaf - // is in the context of a list entry on the capable - // switch. Then there are leafrefs to it from the logical - // swith context - // (logical-switches/switch/resources/port). Should we move - // the port number to the logical-switch context? - description - "This number identifies the OpenFlow Port to OpenFlow Controllers. It - is assigned to an OpenFlow Port latest when the OpenFlow - Port is associated with an OpenFlow Logical Switch. If - the OpenFlow Port is associated with an OpenFlow Logical - Switch, this element MUST be unique within the context of - the OpenFlow Logical Switch. - - OpenFlow Capable Switch implementations may choose to - assign values to OpenFlow Ports that are unique within - the context of the OpenFlow Logical Switch. These - numbers can be used independent of assignments to - OpenFlow Logical Switches. - - Other implementations may assign values to this element - only if the OpenFlow Port is assigned to an OpenFlow - Logical Switch."; - } - - leaf requested-number { - type uint64 { - range "1..65279"; - } - // XXX: Need to understand the lifecycle here. Is it the - // case that this is populated on creation of the port. If - // not, what's the use of having it available as a - // configurable item during the port's lifecycle. What does - // it mean to change the value of requested number, is that - // asking to replace ../number? - - description - "This is the requested OpenFlow Port number for this interface. The - switch is expected to try and use the value of this lead - as the port number for the interface. If the switch is - unable to use the requested value or if this leaf is not - present, it will choose a free port to use."; - } - - leaf name { - // XXX: We should probably import and use if:interface-ref - // as an option (union?) here - type string { - length "1..16"; - } - config false; - - // XXX: This description field is tough to follow. For one thing, I don't - // think this is a config false field after having reread it a couple of - // times. This should also tie into a somewhat expanded discussion of the - // the lifecycle of logical switches. - description - "The name of configured interface on the device. This element assists - OpenFlow Controllers in identifying OpenFlow Ports. - - This element is not to be set by the OF-CONFIG protocol, - but it is set by the switch implementation. It may be - set at start-up time of an OpenFlow Capable Switch or - when the OpenFlow Port is assigned to an OpenFlow Logical - Switch. It MAY also be not set at all. If this element is - set to a value when being assigned to an OpenFlow Logical - Switch, then the value of this element MUST be unique - within the context of the OpenFlow Logical Switch."; - } - - leaf current-rate { - when "../features/current/rate='other'" { - // XXX: Having a must on state data seems dangerous here. Needs discussion. - description - "This element is only valid if the element rate of the current features - has value 'other'."; - } - type uint32; - units "kbit/s"; - config false; - description - "This element indicates the current bit rate of the port. Its values is - to be provided in units of kilobit per second - (kbit/s). This element is only valid if the element called - 'rate' in the current Port Features has a value of - 'other'."; - } - - leaf max-rate { - when "../features/current/rate='other'" { - // XXX: Having a must on state data seems dangerous here. Needs discussion. - description - "This element is only valid if the element rate of the current features - has value 'other'."; - } - type uint32; - units "kbit/s"; - config false; - - description - "This element indicates the maximum bit rate of the port. Its values is - to be provided in units of kilobit per second - (kbit/s). This element is only valid if the element called - 'rate' in the current Port Features has a value of - 'other'."; - } - - container configuration { - description - "This containter represents the general administrative configuration of - the OpenFlow Port."; - - leaf admin-state { - type OFUpDownStateType; - default 'true'; - description - "The administrative state of the port. If true, the port has been - administratively brought down and SHOULD not be used by - OpenFlow."; - } - - leaf no-receive { - type boolean; - default false; - description - // XXX: SHOULD -> MUST? - "If true, packets received at this OpenFlow port SHOULD be dropped."; - } - - leaf no-forward { - type boolean; - default false; - description - // XXX: SHOULD -> MUST? - "If true, packets forwarded to this OpenFlow port SHOULD be dropped."; - } - - leaf no-packet-in { - type boolean; - default false; - description - // XXX: should -> MUST? - "If true, packets received on that port that generate a table miss - should never trigger a packet-in message to the - OpenFlow Controller."; - } - } - - container state { - config false; - - description - "This element represents the general operational state of the OpenFlow - Port."; - - leaf oper-state { - type OFUpDownStateType; - description - "If the value of this element is 'down', it indicates that there is no - physical link present."; - } - - leaf blocked { - type boolean; - description - "If the value of this element is 'true', it indicates that a switch - protocol outside of OpenFlow, such as 802.1D Spanning - Tree, is preventing the use of this OpenFlow port for - OpenFlow flooding."; - } - - leaf live { - type boolean; - description - "If the value of this element is 'true', it indicates that this OpenFlow - Port is live and can be used for fast failover."; - } - } - - container features { - // XXX: So this container has containers for current, - // advertised, supported and advertised-peer with the same - // content. Which of those are actually configuration, which - // are system-managed on boot and which are state data - container current { - config false; - description - "The features (rates, duplex, etc.) of the port that are currently in - use."; - - leaf rate { - type OFPortRateType; - description - "The transmission rate that is currently used."; - } - - leaf auto-negotiate { - type boolean; - description - "Specifies the administrative state of the forwarding rate - auto-negotiation protocol on this OpenFlow Port."; - } - - leaf medium { - type enumeration { - enum copper; - enum fiber; - } - description - "This element MUST indicate a valid physical medium used by the OpenFlow - Port."; - } - - leaf pause { - type enumeration { - enum unsupported; - enum symmetric; - enum asymmetric; - } - description - "Specifies if pausing of transmission is supported at all and if yes if - it is asymmetric or symmetric."; - } - } - - container advertised { - // XXX: Is this really configuration data? - uses OFPortOtherFeatureListType; - description - "The features (rates, duplex, etc.) of the port that are advertised to - the peer port."; - } - - container supported { - uses OFPortOtherFeatureListType; - config false; - description - "The features (rates, duplex, etc.) of the port that are supported on - the port."; - } - - container advertised-peer { - uses OFPortOtherFeatureListType; - config false; - description - "The features (rates, duplex, etc.) that are currently advertised by the - peer port."; - } - } - - choice tunnel-type { - description - "Local tunnels endpoints are modeled as logical ports."; - - container tunnel { - description - "Properties of a basic IP-in-GRE tunnel."; - uses OFPortBaseTunnelType; - } - - container ipgre-tunnel { - description - "Properties of a IP-in-GRE tunnel with key, checksum, and sequence number - information."; - - uses OFPortBaseTunnelType; - - leaf checksum-present { - type boolean; - default true; - description - "Indicates presence of the GRE checksum."; - } - - leaf key-present { - type boolean; - default true; - description - "Indicates presence of the GRE key."; - } - - leaf key { - when "../key-present='true'" { - description - "This element is only relevant if element key-present of this IP GRE - Tunnel has value 'true'."; - } - type uint32; - mandatory true; - description - "The (optional) key of the GRE tunnel. It MAY be used to set the - OXM_OF_TUNNEL_ID match field metadata in the OpenFlow - protocol"; - } - - leaf sequence-number-present { - type boolean; - default false; - description - "Indicates presence of the GRE sequence number."; - } - } - - container vxlan-tunnel { - - description - "Properties of a VxLAN tunnel."; - uses OFPortBaseTunnelType; - - leaf vni-valid { - type boolean; - default true; - description - "Indicates how the corresponding flag should be set in packets sent on - the tunnel."; - } - - leaf vni { - type uint32; - description - "Virtual network identifier assigned to all packets sent on the tunnel. - A VxLAN implementation MAY use the this element to - set the OXM_OF_TUNNEL_ID match field metadata in the - OpenFlow protocol."; - } - - leaf vni-multicast-group { - type inet:ip-address; - description - "If IP multicast is used to support broadcast on the tunnel this - specifies the corresponding multicast IP address"; - } - - leaf udp-source-port { - type inet:port-number; - description - "Specifies the outer UDP source port number. If this element is absent, - the port number MAY be chosen dynamically."; - } - - leaf udp-dest-port { - type inet:port-number; - default 4789; - description - "Specifies the outer UDP destination port number. It SHOULD - be set to 4789, the port number reserved for VxLAN at IANA."; - } - - leaf udp-checksum { - type boolean; - default false; - description - "Boolean flag to indicate whether or not the outer UDP checksum should be - set"; - } - - } - - container nvgre-tunnel { - description - "Properties of an NVGRE tunnel."; - - uses OFPortBaseTunnelType; - - leaf vsid { - type uint32; - description - "Specifies the virtual subnet id used to identify packets belonging to - the NVGRE virtual layer-2 network (24 bit)"; - } - - leaf flow-id { - type uint8; - default 0; - description - "8-bit value that is used to provide per-flow entropy for flows in the same VSID"; - } - - } - } - } - - list queue { - key "resource-id"; - description - "The list contains all queue resources of the OpenFlow Capable Switch."; - uses OFResourceType; - - leaf id { - type uint64; - mandatory true; - description - "This id identifies the OpenFlow Queue to OpenFlow Controllers. It is - assigned to an OpenFlow Queue latest when the OpenFlow - Queue is associated with and OpenFlow Logical Switch. If - the OpenFlow Queue is associated with an OpenFlow Logical - Switch, this element MUST be unique within the context of - the OpenFlow Logical Switch. - - OpenFlow Capable Switch implementations may choose to - assign values to OpenFlow Queues that are unique within - the context of the OpenFlow Logical Switch. These id can - be used independent of assignments to OpenFlow Logical - Switches. - - Other implementations may assign values to this element - only if the OpenFlow Queue is assigned to an OpenFlow - Logical Switch."; - } - - leaf port { - type leafref { - path "/capable-switch/resources/port/resource-id"; - } - description - "Reference to port resources in the Capable Switch. - - This element associates an OpenFlow Queue with an - OpenFlow Port. If the OpenFlow Queue is associated with - an OpenFlow Logical Switch S and this element is present, - then it MUST be set to the value of element resource-id - of an OpenFlow Port which is associated with the OpenFlow - Logical Switch."; - } - - container properties { - description - "The queue properties currently configured."; - - leaf min-rate { - type OFTenthOfAPercentType; - description - "The minimal rate that is reserved for this queue in 1/10 of a percent of - the actual rate. - - This element is optional. If not present a min-rate is not - set."; - } - - leaf max-rate { - type OFTenthOfAPercentType; - description - "The maximum rate that is reserved for this queue in 1/10 of a percent of - the actual rate. - - This element is optional. If not present the max-rate is not - set."; - } - - leaf experimenter-id { - type OFExperimenterId; - description - "Experimenter ID of a currently configured experimenter."; - } - - leaf experimenter-data { - type OFHexBinaryType; - description - "This leaf contains the rest of the experimenter queue property body - and is arbitrarily defined by the corresponding - experimenter."; - } - } - } - - list owned-certificate { - key "resource-id"; - description - "The list contains all owned certificate resources of the OpenFlow - Capable Switch. It can be used by an OpenFlow Logical - Switch for authenticating itself to a controller when a TLS - connection is established."; - uses OFResourceType; - - leaf certificate { - type string; - mandatory true; - description - "An X.509 certificate in DER format base64 encoded."; - } - - container private-key { - - description - "This element contains the private key corresponding to the - certificate. The private key is encoded as specified in - XML-Signature Syntax and Processing - (http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/). - Currently the specification only support DSA and RSA - keys."; - - choice key-type { - mandatory true; - case dsa { - container DSAKeyValue { - description - "DSA keys and the DSA signature algorithm are specified in 'FIPS PUB - 186-2, Digital Signature Standard (DSS), - U.S. Department of Commerce/National Institute of - Standards and Technology, - http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf'. - DSA public key values can have the following - fields: - - P - a prime modulus meeting the requirements of the standard - above - Q - an integer in the range 2**159 < Q < 2**160 which is a - prime divisor of P-1 - G - an integer with certain properties with respect to P and Q - J - (P - 1) / Q - Y - G**X mod P (where X is part of the private key and not made - public) - seed - a DSA prime generation seed - pgenCounter - a DSA prime generation counter - - Parameter J is avilable for inclusion solely for - efficiency as it is calculatable from P and - Q. - - Parameters seed and pgenCounter are used in the DSA - prime number generation algorithm specified in the - above standard. As such, they are optional but MUST - either both be present or both be absent. This - prime generation algorithm is designed to provide - assurance that a weak prime is not being used and - it yields a P and Q value. - - Parameters P, Q, and G can be public and common to - a group of users. They might be known from - application context. As such, they are optional - but P and Q MUST either both appear or both be - absent. - - If all of P, Q, seed, and pgenCounter are present, - implementations are not required to check if they - are consistent and are free to use either P and Q - or seed and pgenCounter. - - All parameters are encoded as base64 values."; - - leaf P { - when "count(../Q) != 0"; - type binary; - mandatory true; - description - "A prime modulus meeting the requirements of the standard - above"; - } - - leaf Q { - when "count(../P) != 0"; - type binary; - mandatory true; - description - "An integer in the range 2**159 < Q < 2**160 which is a - prime divisor of P-1"; - } - - leaf J { - type binary; - description - "(P - 1) / Q"; - } - - leaf G { - type binary; - description - "An integer with certain properties with respect to P and Q"; - } - - leaf Y { - type binary; - mandatory true; - description - "G**X mod P (where X is part of the private key and not made public)"; - } - - leaf Seed { - when "count(../PgenCounter) != 0"; - type binary; - mandatory true; - description - "A DSA prime generation seed"; - - } - leaf PgenCounter { - when "count(../Seed) != 0"; - type binary; - mandatory true; - description - "A DSA prime generation counter"; - } - } - } - case rsa { - container RSAKeyValue { - description - "RSA key values have two fields: Modulus and Exponent."; - - leaf Modulus { - type binary; - mandatory true; - } - - leaf Exponent { - type binary; - mandatory true; - } - } - } - } - } - } - - list external-certificate { - key "resource-id"; - description - "The list contains all external certificate resources of the OpenFlow - Capable Switch for authenticating a controller when a TLS - connection is established."; - - uses OFResourceType; - case localPKI{ - container node { - - leaf certificate { - type string; - mandatory true; - description - "An X.509 certificate in DER format base64 encoded."; - } - } - } - case DNSbasedPKI{ - container node { - - leaf DNSTLSA { - type string; - mandatory true; - description - "The TLSA record of a local DNS server in Der format. According to RFC https://tools.ietf.org/html/rfc6698"; - } - leaf certificate { - type string; - mandatory true; - description - "An X.509 certificate in DER format base64 encoded. This is the certificate of the component itself (switch, controlelr)"; - } - leaf private-key { - type string; - mandatory true; - description - "The private key relates to the certificate"; - } - - - } - } - } - - list flow-table { - key table-id; - description - "The list contains all flow table resources of the OpenFlow Capable - Switch."; - - uses OFResourceType; - - leaf table-id { - type uint8; - - description - "Identifier of table."; - } - - leaf name { - type string; - - description - "Table name"; - } - - leaf metadata-match { - type OFHexBinaryType { - length 16; - } - - description - "This element indicates the bits of the metadata field on which the - flow table can match on. It is represented as a 64-bit - integer in hexadecimal digits([0-9a-fA-F]) format."; - } - - leaf metadata-write { - type OFHexBinaryType { - length 16; - } - - description - "This element indicates the bits of the metadata field on which table - can write using the 'write-metadata' instruction. It is - represented as a 64-bit integer in hexadecimal - digits([0-9a-fA-F]) format."; - } - - leaf max-entries { - type uint32; - config false; - - description - "The maximum number of flow entries supported by the flow table."; - } - - container properties { - presence "This table exposes feature properties"; - - description - "Table feature properties representing all possible features of a - table. Each container represent a single table feature - property. - - According to the specification, clients should understand - that the properties with the -miss suffix may be omitted - if it is the same as the corresponding property for - regular flow entries."; - - container instructions { - leaf-list type { - type OFInstructionType; - - description - "The list of instruction types supported by this table for regular flow - entries"; - } - } - - container instructions-miss { - leaf-list type { - type OFInstructionType; - - description - "The list of all instruction types supported by this table for - table-miss flow entries"; - } - } - - container next-tables { - leaf-list table-id { - type uint8; - - description - "An array of resource-ids of all flow tables that can be directly - reached from this table using the 'goto-table' - instruction for regular flow entries."; - } - } - - container next-tables-miss { - leaf-list table-id { - type uint8; - - description - "An array of resource-ids of all flow tables that can be directly reached - from this table using the 'goto-table' instruction for the table-miss flow - entry."; - } - } - - container write-actions { - leaf-list type { - type OFActionType; - - description - "The list of all write action types supported by this table for regular - flow entries."; - } - } - - container write-actions-miss { - leaf-list type { - type OFActionType; - - description - "The list of all write action types supported by this table for table-miss - flow entries."; - } - } - - container apply-actions { - leaf-list type { - type OFActionType; - - description - "The list of all apply action types supported by the flow table for - regular flow entries."; - } - } - - container apply-actions-miss { - leaf-list type { - type OFActionType; - - description - "The list of all apply action types supported by the flow table for - table-miss flow entries."; - } - } - - container matches { - leaf-list type { - type OFMatchFieldType; - - description - "The list of all match types supported by this table for regular - flow entries."; - } - } - - container wildcards { - leaf-list type { - type OFMatchFieldType; - - description - "The list of all fields for which the table supports wildcarding."; - } - } - - container write-setfields { - leaf-list type { - type OFMatchFieldType; - - description - "The list of all 'set-field' action types supported by this table using - write actions for regular flow entries."; - } - } - - container write-setfields-miss { - leaf-list type { - type OFMatchFieldType; - - description - "The list of all 'set-field' action types supported by this table using - write actions for table-miss flow entries."; - } - } - - container apply-setfields { - leaf-list type { - type OFMatchFieldType; - - description - "The list of all 'set-field' action types supported by the table using - apply actions for regular flow entries."; - } - } - - container apply-setfields-miss { - leaf-list type { - type OFMatchFieldType; - - description - "The list of all 'set-field' action types supported by the table using - apply actions for table-miss flow entries."; - } - } - - container experimenter { - leaf-list experimenter-id { - type OFExperimenterId; - - description - "The list of all experimenters supported by the table for regular - flow entries."; - } - } - - container experimenter-miss { - leaf-list experimenter-id { - type OFExperimenterId; - - description - "The list of all experimenters supported by the table for table-miss - flow entries."; - } - } - } - } - } - - container logical-switches { - description - "This element contains a list of all OpenFlow Logical Switches available - at the OpenFlow Capable Switch."; - - list switch { - key "id"; - description - "The list of all OpenFlow Logical Switches on the OpenFlow Capable - Switch."; - - leaf id { - type OFConfigIdType; - mandatory true; - description - "A unique but locally arbitrary identifier that identifies a Logical - Switch within the context of an OpenFlow Capable - Switch. It MUST be persistent across reboots of the - OpenFlow Capable Switch."; - } - - container capabilities { - config false; - description - "This element contains all capability items that an OpenFlow Logical - Switch MAY implement."; - - leaf max-buffered-packets { - type uint32; - description - "The maximum number of packets the logical switch can buffer when - sending packets to the controller using packet-in - messages."; - } - - leaf max-tables { - type uint8; - description - "The number of flow tables supported by the logical switch."; - } - - leaf max-ports { - type uint32; - description - "The number of flow tables supported by the logical switch."; - } - - leaf flow-statistics { - type boolean; - default false; - description - "Specifies if the logical switch supports flow statistics."; - } - - leaf table-statistics { - type boolean; - default false; - description - "Specifies if the logical switch supports table statistics."; - } - - leaf port-statistics { - type boolean; - default false; - description - "Specifies if the logical switch supports port statistics."; - } - - leaf group-statistics { - type boolean; - default false; - description - "Specifies if the logical switch supports group statistics."; - } - - leaf queue-statistics { - type boolean; - default false; - description - "Specifies if the logical switch supports queue statistics."; - } - - leaf reassemble-ip-fragments { - type boolean; - default false; - description - "Specifies if the logical switch supports reassemble IP fragments."; - } - - leaf block-looping-ports { - type boolean; - default false; - description - "'true' indicates that a switch protocol outside of OpenFlow, such as - 802.1D Spanning Tree, will detect topology loops and - block ports to prevent packet loops."; - } - - container reserved-port-types { - description - "Specify generic forwarding actions such as sending to the controller, - flooding, or forwarding using non-OpenFlow methods, - such as 'normal' switch processing."; - - reference - "The types of reserved ports are defined in OpenFlow Switch - Specification versions 1.2, 1.3, and 1.3.1."; - - leaf-list type { - type enumeration { - enum all; - enum controller; - enum table; - enum inport; - enum any; - enum normal; - enum flood; - } - } - } - - container group-types { - description - "Specify the group types supported by the logical switch."; - - reference - "The types of groups are defined in OpenFlow Switch Specification - versions 1.2, 1.3, and 1.3.1."; - - leaf-list type { - type enumeration { - enum all; - enum select; - enum indirect; - enum fast-failover; - } - } - } - - container group-capabilities { - description - "Specify the group capabilities supported by the logical switch."; - - reference - "The types of group capability are defined in OpenFlow Switch - Specification versions 1.2, 1.3, and 1.3.1."; - - leaf-list capability { - type enumeration { - enum select-weight; - enum select-liveness; - enum chaining; - enum chaining-check; - } - } - } - - container action-types { - description - "Specify the action types supported by the logical switch."; - - leaf-list type { - type OFActionType; - } - } - - container instruction-types { - description - "Specify the instruction types supported by the logical switch."; - - leaf-list type { - type OFInstructionType; - } - } - } - - leaf datapath-id { - type OFDatapathIdType; - mandatory true; - description - "The datapath identifier of the Logical Switch that uniquely identifies - this Logical Switch within the context of all OpenFlow - Controllers associated with the OpenFlow Logical Switch. - The datapath identifier is a string value that MUST be - formatted as a sequence of 8 2-digit hexadecimal numbers - that are separated by colons, for example, - '01:23:45:67:89:ab:cd:ef'. When processing a datapath - identifier, the case of the decimal digits MUST be - ignored."; - } - - leaf enabled { - type boolean; - default false; - description - "This element indicates the administrative state of the OpenFlow - Logical Switch. A value of 'false' means the OpenFlow - Logical Switch MUST NOT communicate with any OpenFlow - Controllers, MUST NOT conduct any OpenFlow processing, - and SHOULD NOT be utilizing computational or network - resources of the underlying platform."; - } - - leaf check-controller-certificate { - type boolean; - default false; - description - "This element indicates the behavior of the OpenFlow Logical Switch - when connecting to an OpenFlow Controller. - - If set to value 'false', the logical switch will connect - to a controller without checking any controller certificate. - - If set to value 'true', then the logical switch will - connect to a controller with element set to - 'TLS', only if the controller provides a certificate that - can be verified with one of the certificates stored in - the list called external-certificates in the OpenFlow - Capable Switch. - - If a certificate cannot be validated, the OpenFlow - Logical Switch MUST terminate communication with the - corresponding OpenFlow Controller, MUST NOT conduct any - OpenFlow processing on requests of this OpenFlow - controller, and SHOULD NOT further utilize any - computational or network resources of for dealing with - this connection. - - If set to value 'true', the OpenFlow Logical Switch MUST - NOT connect to any OpenFlow Controller that does not - provide a certificate. This implies that it cannot - connect to an OpenFlow controller that has the value of - element protocol set to 'TCP'. Only connections with - protocol 'TLS' are possible in this case."; - } - - leaf lost-connection-behavior { - type enumeration { - enum failSecureMode; - enum failStandaloneMode; - } - default failSecureMode; - description - "This element indicates the behavior of the OpenFlow Logical Switch - in case it loses contact with all OpenFlow Controllers. - There are two alternative modes in such a case: fails - secure mode and fail standalone mode as defined by the - OpenFlow protocol specification version 1.2, section 6.4. - These are the only allowed values for this - element. Default is the fail secure mode."; - } - - container controllers { - description - "The list of controllers for this Logical switch."; - - list controller { - key "id"; - description - "The list of OpenFlow Controllers that are assigned to the OpenFlow - Logical Switch. The switch MUST NOT connect to any - OpenFlow Controller that is not contained in this list. - If the authenticaton is external-certificate and based on DNSbasedPKI - then this list may be retreived from the DNS server"; - - leaf id { - type OFConfigIdType; - mandatory true; - description - "A unique but locally arbitrary identifier that uniquely identifies an - OpenFlow Controller within the context of an OpenFlow - Capable Switch. It MUST be persistent across reboots - of the OpenFlow Capable Switch."; - } - - leaf role { - type enumeration { - enum master; - enum slave; - enum equal; - } - default equal; - - description - "This element indicates the role of the OpenFlow Controller. Semantics - of these roles are specified in the OpenFlow - specifications 1.0 - 1.3.1. It is RECOMMENDED that - the roles of controllers are not configured by - OF-CONFIG 1.1.1 but determined using the OpenFlow - protocol. OpenFlow Controllers configured by - OF-CONFIG 1.1.1 have the default role 'equal'. A - role other than 'equal' MAY be assigned to a - controller. Roles 'slave' and 'equal' MAY be - assigned to multiple controllers. Role 'master' MUST - NOT be assigned to more than one controller."; - } - - leaf ip-address { - type inet:ip-address; - mandatory true; - description - "The IP address of the OpenFlow Controller. This IP address is used by - the OpenFlow Logical Switch when connecting to the - OpenFlow Controller."; - } - - leaf port { - type inet:port-number; - default 6633; - description - "The TCP port number at the OpenFlow Controller. This port number is - used by the OpenFlow Logical Switch when connecting - to the OpenFlow Controller using TCP or TLS. The - default value is 6633."; - } - - leaf local-ip-address { - type inet:ip-address; - description - "The local IP address of the OpenFlow Logical Switch when connecting to - this OpenFlow Controller. It is the source IP - address of packets sent to this OpenFlow Controller. - If present, this element overrides any default IP - address. - - This element is optional. Attempts to set this - element to an IP address that cannot be used by the - OpenFlow Logical Switch MUST result in an - 'bad-element' error with type 'application'. The - element MUST contain the name of this - element in the element."; - } - - leaf local-port { - type inet:port-number; - description - "The local TCP port number of the OpenFlow Logical Switch when - connecting to this OpenFlow Controller. It is the - source TCP port number of packets sent to this - OpenFlow Controller. If this element is not present, - then the port number is chosen arbitrarily by the - OpenFlow Logical Switch. - - This element is optional. Attempts to set this - element to a port number that cannot be used by the - OpenFlow Logical Switch MUST result in an - 'bad-element' error with type 'application'. The - element MUST contain the name of this - element in the element."; - } - - leaf protocol { - type enumeration { - enum "tcp"; - enum "tls"; - } - default "tls"; - description - "The default protocol that the OpenFlow Logical Switch uses to connect - to this OpenFlow Controller."; - } - - container state { - config false; - description - "This container holds connection state information that indicate the - connection state of the OpenFlow Logical Switch and - the OpenFlow protocol version used for the - connection."; - - leaf connection-state { - type OFUpDownStateType; - description - "This object indicates the connections state of the OpenFlow Logical - Switch to this controller."; - } - leaf current-version { - type OFOpenFlowVersionType; - description - "This object indicates the version of the OpenFlow protocol used - between the OpenFlow Logical Switch and this - Controller. If element connection-state has value - 'up', then this element indicates the actual - version in use. If element connection-state has - value 'down', then this element indicates the - version number of the last established connection - with this OpenFlow Controller. The value of this - element MAY be persistent across reboots of the - OpenFlow Logical Switch in such a case. If element - connection-state has value 'down'and there is no - information about previous connections to this - OpenFlow controller, then this element is not - present."; - } - - leaf-list supported-versions { - type OFOpenFlowVersionType; - description - "This list of elements includes one entry for each OpenFlow protocol - version that this OpenFlow controller supports. It - SHOULD contain all."; - } - - leaf local-ip-address-in-use { - type inet:ip-address; - description - "The local IP address of the OpenFlow Logical Switch when connecting to - this OpenFlow Controller. It is the source IP - address of packets sent to this OpenFlow - Controller. If present, this element overrides any - default IP address."; - } - - leaf local-port-in-use { - type inet:port-number; - description - "The local TCP port number of the OpenFlow Logical Switch. If element - connection-state has value 'up', then this element - indicates the actual port number in use. If - element connection-state has value 'down', then - this element indicates the port number used for the - last attempt to establish a connection with this - OpenFlow Controller.??? When connecting to this - OpenFlow Controller, it is the source TCP port - number of packets sent to this OpenFlow Controller. - If this element has its defaqult value 0, then port - number is chosen arbitrarily by the OpenFlow - Logical Switch."; - } - } - - } - } - - container resources { - description - "The list of identifiers of all resources of the OpenFlow Capable - Switch that the OpenFlow Logical Switch has exclusive or - non-exclusive access to. A resource is identified by the - value of its resource-identifier element. For each - resource identifier value in this list, there MUST be an - element with a matching resource identifier value in the - resources list of the OpenFlow Capable Switch. - - Identifiers of this list are contained in elements - indicating the type of resource: 'port', 'queue', - 'certificate', or 'flow-table'. Depending on the type, - different constraints apply. These are specified in - separate descriptions per type."; - - leaf-list port { - // XXX: This has uniqueness requirements. The values must be unique, - // i.e. there can not be two ports pointing to the same capable-switch - // port. Should probably have a must statement here, checking if there - // are other logical-switches/switch instances that references the same - // port. - - type leafref { - path "/capable-switch/resources/port/resource-id"; - } - description - "A resource identifier of a port of the OpenFlow Capable - Switch that the OpenFlow Logical Switch has exclusive access to. - - Elements in this list MUST be unique. This means each port - element can only be referenced once."; - } - - leaf-list queue { - type leafref { - path "/capable-switch/resources/queue/resource-id"; - } - description - "A resource identifier of a queue of the OpenFlow Capable Switch - that the OpenFlow Logical Switch has exclusive access to. - - Elements in this list MUST be unique. This means each - queue element can only be referenced once."; - } - - leaf certificate { - type leafref { - path "/capable-switch/resources/owned-certificate/resource-id"; - } - description - "The resource identifier of the owned certificate in the OpenFlow - Capable Switch that the OpenFlow Logical Switch uses to - identify itself. This element MUST NOT occur more than - once in an OpenFlow Logical Switch's resource list. - - If no such element is in an OpenFlow Logical Switch's - resource list, then the OpenFlow Logical Switch does - not authenticate itself towards an OpenFloe Controller - with a certificate. If this element is present, then - the OpenFlow Logical Switch MUST provide this - certificate for authentication to an OpenFlow - Controller when setting up a TLS connection. - - For TCP connections this element is irrelevant."; - } - - leaf-list flow-table { - type leafref { - path "/capable-switch/resources/flow-table/table-id"; - } - description - "A resource identifier of a flow table of the OpenFlow Capable Switch - that the OpenFlow Logical Switch has exclusive access - to. - - Elements in this list MUST be unique. This means each - flow-table element can only be referenced once."; - } - } - } - } - } -} +module of-config { + namespace "urn:onf:config:yang"; + prefix of-config; + + import ietf-yang-types { prefix yang; } + import ietf-inet-types { prefix inet; } + + organization "ONF Config Management Group"; + + contact "mailto:info@opennetworking.org"; + + description + "This module contains a collection of YANG definitions for + configuring OpenFlow datapaths. It is part of the OF-CONFIG + specification."; + + revision 2016-01-09 { + description + "This version of this YANG Module is part of the OF-CONFIG + 1.3 specification; please see the specification itself for + details."; + + reference + "OF-CONFIG 1.3"; + } + + revision 2014-06-01 { + description + "This version of this YANG Module is part of the OF-CONFIG + 1.3 specification; please see the specification itself for + details."; + + reference + "OF-CONFIG 1.3"; + } + + revision 2013-10-05 { + description + "This version of this YANG Module is part of the OF-CONFIG 1.2 + specification; please see the specification itself for details."; + + reference + "OF-CONFIG 1.2"; + } + + revision 2011-12-07 { + description + "First Version"; + + reference + "OF-CONFIG 1.1.1"; + } + +/***************************************************************** + * Type definitions + *****************************************************************/ + + typedef OFConfigIdType { + type string; + description + "Generic type of an identifier in OF-CONFIG"; + } + + typedef OFOpenFlowVersionType { + type enumeration { + enum "not-applicable"; + enum "1.0"; + enum "1.1"; + enum "1.2"; + enum "1.3"; + } + description + "This enumeration contains all OpenFlow major versions supported by + this module"; + } + + typedef OFDatapathIdType { + type string { + pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){7}'; + } + description + "The datapath-id type represents an OpenFlow + datapath identifier."; + } + + typedef OFTenthOfAPercentType { + type uint16 { + range "0..1000"; + } + units "1/10 of a percent"; + description + "This type defines a value in tenth of a percent."; + } + + typedef OFUpDownStateType { + + // XXX: Harmonize with ifAdminStatus and ietf-interface and make it boolean and inline? + type boolean; + default "true"; + description + "Type to specify state information for a port or a + connection."; + } + + typedef OFPortRateType { + // XXX: This is a perfect example of something that should probably be an + // identity. Remember that enums are not extensible. + type enumeration { + enum 10Mb-HD; + enum 10Mb-FD; + enum 100Mb-HD; + enum 100Mb-FD; + enum 1Gb-HD; + enum 1Gb-FD; + enum 10Gb; + enum 40Gb; + enum 100Gb; + enum 1Tb; + enum other; + } + description + "Type to specify the rate of a port including the + duplex transmission feature. Possible rates are 10Mb, 100Mb, + 1Gb, 10Gb, 40Gb, 100Gb, 1Tb or other. Rates of 10Mb, 100Mb + and 1 Gb can support half or full duplex transmission."; + } + + typedef OFActionType { + type enumeration { + enum output; + enum copy-ttl-out; + enum copy-ttl-in; + enum set-mpls-ttl; + enum dec-mpls-ttl; + enum push-vlan; + enum pop-vlan; + enum push-mpls; + enum pop-mpls; + enum set-queue; + enum group; + enum set-nw-ttl; + enum dec-nw-ttl; + enum set-field; + } + description + "The types of actions defined in OpenFlow Switch + Specification versions 1.2, 1.3, and 1.3.1"; + } + + typedef OFInstructionType { + type enumeration { + enum apply-actions; + enum clear-actions; + enum write-actions; + enum write-metadata; + enum goto-table; + } + description + "The types of instructions defined in OpenFlow + Switch Specification versions 1.2, 1.3, and 1.3.1."; + } + + typedef OFMatchFieldType { + type enumeration { + enum input-port; + enum physical-input-port; + enum metadata; + enum ethernet-dest; + enum ethernet-src; + enum ethernet-frame-type; + enum vlan-id; + enum vlan-priority; + enum ip-dscp; + enum ip-ecn; + enum ip-protocol; + enum ipv4-src; + enum ipv4-dest; + enum tcp-src; + enum tcp-dest; + enum udp-src; + enum udp-dest; + enum sctp-src; + enum sctp-dest; + enum icmpv4-type; + enum icmpv4-code; + enum arp-op; + enum arp-src-ip-address; + enum arp-target-ip-address; + enum arp-src-hardware-address; + enum arp-target-hardware-address; + enum ipv6-src; + enum ipv6-dest; + enum ipv6-flow-label; + enum icmpv6-type; + enum icmpv6-code; + enum ipv6-nd-target; + enum ipv6-nd-source-link-layer; + enum ipv6-nd-target-link-layer; + enum mpls-label; + enum mpls-tc; + } + description + "The types of match field defined in OpenFlow Switch Specification + versions 1.2, 1.3, and 1.3.1."; + } + + typedef OFExperimenterId { + type uint32; + description + "The experimenter field is a 32-bit value that uniquely identifies the + experimenter. If the most significant byte is zero, the next + three bytes are the experimenter's IEEE OUI. If the most + significant byte is not zero, it is a value allocated by the + Open Networking Foundation."; + } + + typedef OFHexBinaryType { + type binary; + description + "Hex binary encoded string"; + reference + "http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/datatypes.html#hexBinary"; + } + +/***************************************************************** + * Groupings + *****************************************************************/ + + grouping OFResourceType { + description + "This element specifies a generic OpenFlow resource + that is used as a basis for specific resources. Even though + this element is not used on its own the following rules for + NETCONF operations MUST be obeyed also by elemnts using this + element."; + + leaf resource-id { + type inet:uri; + mandatory true; + description + "A unique but locally arbitrary identifier that uniquely identifies an + OpenFlow Port within the context of an OpenFlow Logical Switch. + It MUST be persistent across reboots of the OpenFlow Capable + Switch."; + } + } + + grouping OFPortBaseTunnelType { + description + "A group of common elements that are included in every supported tunnel + type. Tunnels are modeled as logical ports. + + One pair of local/remote endpoints must exist for a tunnel + configuration. + + Only elements from one choice must exist at a time."; + + choice endpoints { + mandatory true; + + case v4-endpoints { + leaf local-endpoint-ipv4-adress { + type inet:ipv4-address; + description + "The IPv4 address of the local tunnel endpoint."; + } + + leaf remote-endpoint-ipv4-adress { + type inet:ipv4-address; + description + "The IPv4 address of the remote tunnel endpoint."; + } + } + + case v6-endpoints { + leaf local-endpoint-ipv6-adress { + type inet:ipv6-address; + description + "The IPv6 address of the local tunnel endpoint."; + } + + leaf remote-endpoint-ipv6-adress { + type inet:ipv6-address; + description + "The IPv6 address of the remote tunnel endpoint."; + } + } + + case mac-endpoints { + leaf local-endpoint-mac-adress { + type yang:mac-address; + description + "The MAC address of the local tunnel endpoint."; + } + + leaf remote-endpoint-mac-adress { + type yang:mac-address; + description + "The MAC address of the remote tunnel endpoint."; + } + } + } + } + + + grouping OFPortOtherFeatureListType { + description + "The features of a port that are adertised, supported or advertised by + a peer port."; + + leaf-list rate { + type OFPortRateType; + min-elements 1; + description + "The transmission rate that is supported or advertised. Multiple + transmissions rates are allowed."; + } + + leaf auto-negotiate { + type boolean; + default true; + description + "Specifies if auto-negotiation of transmission parameters is enabled for + the port."; + } + + leaf-list medium { + type enumeration { + enum copper; + enum fiber; + } + min-elements 1; + description + "The transmission medium used by the port. Multiple media are allowed."; + } + + leaf pause { + type enumeration { + enum unsupported; + enum symmetric; + enum asymmetric; + } + mandatory true; + description + "Specifies if pausing of transmission is supported at all and if yes if + it is asymmetric or symmetric."; + } + } + + grouping OFFlowTableType { + } + +/***************************************************************** + * Main container + *****************************************************************/ + + container capable-switch { + description + "The OpenFlow Capable Switch serves as the root element for an OpenFlow + configuration. It contains logical switches and resources that + can be assigned to logical switches. It may have relations to + OpenFlow Configuration Points."; + + leaf id { + type string; + mandatory true; + description + "A unique but locally arbitrary identifier that uniquely identifies a + Capable Switch within the context of potential OpenFlow + Configuration Points. It MUST be persistent across reboots of + the OpenFlow Capable Switch."; + } + + leaf config-version { + type string; + config false; + description + "The maximum supported OF-CONFIG version that is supported by the + OpenFlow Capable Switch. For switches implementing this version + of the OF-CONFIG protocol this MUST always be 1.2. + + This object can be used to identify the OF-CONFIG version + a capable switch supports beginning with version 1.1.1 of + OF-CONFIG. In addtion the supported version can be + determined by the namespace the OpenFlow Capable Switch + returns to configuration request of an element (like + capable-switch) that is present in all OF-CONFIG versions + specified so far. This is the only possiblity to identify + OF-CONFIG versions prior to OF-CONFIG 1.1.1."; + } + + container resources { + description + "A lists containing all resources of the OpenFlow Capable Switch that can + be used by OpenFlow Logical Switches. Resources are listed here + independent of their actual assignment to OpenFlow Logical + Switches. They may be available to be assigned to an OpenFlow + Logical Switch or already in use by an OpenFlow Logical Switch."; + + list port { + // XXX: This is a list of configurable items, need to discuss how + // new ports are created. E.g. if there are physical ports on + // the device, are they pre-populated, and what does it mean + // to remove an enty in this list? Use cases will be helpful. + + // XXX: Making this list depend on ops data seems + // strange. Refactor or remove. + // + // must "features/current/rate != 'other' or " + + // "(count(current-rate) = 1 and count(max-rate) = 1 and " + + // " current-rate > 0 and max-rate > 0)" { + // error-message + // "current-rate and max-rate must be specified and greater than 0 if rate + // equals 'other'"; + // description + // "current-rate and max-rate can only be present if rate = 'other', see + // corresponding leaf descriptions. If rate = 'other', then + // both leafs must be set to values greater than zero."; + // } + + key "resource-id"; + + description + "The list contains all port resources of the OpenFlow Capable Switch. + It specifies all properties of an OpenFlow resource of type + OpenFlow Port. It represent a physical port or a logical + port of the OpenFlow Capable Switch and can be assigned for + exclusive use to an OpenFlow Logical Switch. A logical + port represents a tunnel endpoint as described in the + OpenFlow protocol specification versions 1.3 - 1.3.1."; + + // XXX: Let's revisit, I believe this is a remnant of the idea + // that resources need unique URLs, before we realized that we + // can use instance identifiers to identify a particular node + // in the tree. + uses OFResourceType; + + leaf number { + type uint64; + config false; + + // XXX: The description below makes little sense. This leaf + // is in the context of a list entry on the capable + // switch. Then there are leafrefs to it from the logical + // swith context + // (logical-switches/switch/resources/port). Should we move + // the port number to the logical-switch context? + description + "This number identifies the OpenFlow Port to OpenFlow Controllers. It + is assigned to an OpenFlow Port latest when the OpenFlow + Port is associated with an OpenFlow Logical Switch. If + the OpenFlow Port is associated with an OpenFlow Logical + Switch, this element MUST be unique within the context of + the OpenFlow Logical Switch. + + OpenFlow Capable Switch implementations may choose to + assign values to OpenFlow Ports that are unique within + the context of the OpenFlow Logical Switch. These + numbers can be used independent of assignments to + OpenFlow Logical Switches. + + Other implementations may assign values to this element + only if the OpenFlow Port is assigned to an OpenFlow + Logical Switch."; + } + + leaf requested-number { + type uint64 { + range "1..65279"; + } + // XXX: Need to understand the lifecycle here. Is it the + // case that this is populated on creation of the port. If + // not, what's the use of having it available as a + // configurable item during the port's lifecycle. What does + // it mean to change the value of requested number, is that + // asking to replace ../number? + + description + "This is the requested OpenFlow Port number for this interface. The + switch is expected to try and use the value of this lead + as the port number for the interface. If the switch is + unable to use the requested value or if this leaf is not + present, it will choose a free port to use."; + } + + leaf name { + // XXX: We should probably import and use if:interface-ref + // as an option (union?) here + type string { + length "1..16"; + } + config false; + + // XXX: This description field is tough to follow. For one thing, I don't + // think this is a config false field after having reread it a couple of + // times. This should also tie into a somewhat expanded discussion of the + // the lifecycle of logical switches. + description + "The name of configured interface on the device. This element assists + OpenFlow Controllers in identifying OpenFlow Ports. + + This element is not to be set by the OF-CONFIG protocol, + but it is set by the switch implementation. It may be + set at start-up time of an OpenFlow Capable Switch or + when the OpenFlow Port is assigned to an OpenFlow Logical + Switch. It MAY also be not set at all. If this element is + set to a value when being assigned to an OpenFlow Logical + Switch, then the value of this element MUST be unique + within the context of the OpenFlow Logical Switch."; + } + + leaf current-rate { + when "../features/current/rate='other'" { + // XXX: Having a must on state data seems dangerous here. Needs discussion. + description + "This element is only valid if the element rate of the current features + has value 'other'."; + } + type uint32; + units "kbit/s"; + config false; + description + "This element indicates the current bit rate of the port. Its values is + to be provided in units of kilobit per second + (kbit/s). This element is only valid if the element called + 'rate' in the current Port Features has a value of + 'other'."; + } + + leaf max-rate { + when "../features/current/rate='other'" { + // XXX: Having a must on state data seems dangerous here. Needs discussion. + description + "This element is only valid if the element rate of the current features + has value 'other'."; + } + type uint32; + units "kbit/s"; + config false; + + description + "This element indicates the maximum bit rate of the port. Its values is + to be provided in units of kilobit per second + (kbit/s). This element is only valid if the element called + 'rate' in the current Port Features has a value of + 'other'."; + } + + container configuration { + description + "This containter represents the general administrative configuration of + the OpenFlow Port."; + + leaf admin-state { + type OFUpDownStateType; + default 'true'; + description + "The administrative state of the port. If true, the port has been + administratively brought down and SHOULD not be used by + OpenFlow."; + } + + leaf no-receive { + type boolean; + default false; + description + // XXX: SHOULD -> MUST? + "If true, packets received at this OpenFlow port SHOULD be dropped."; + } + + leaf no-forward { + type boolean; + default false; + description + // XXX: SHOULD -> MUST? + "If true, packets forwarded to this OpenFlow port SHOULD be dropped."; + } + + leaf no-packet-in { + type boolean; + default false; + description + // XXX: should -> MUST? + "If true, packets received on that port that generate a table miss + should never trigger a packet-in message to the + OpenFlow Controller."; + } + } + + container state { + config false; + + description + "This element represents the general operational state of the OpenFlow + Port."; + + leaf oper-state { + type OFUpDownStateType; + description + "If the value of this element is 'down', it indicates that there is no + physical link present."; + } + + leaf blocked { + type boolean; + description + "If the value of this element is 'true', it indicates that a switch + protocol outside of OpenFlow, such as 802.1D Spanning + Tree, is preventing the use of this OpenFlow port for + OpenFlow flooding."; + } + + leaf live { + type boolean; + description + "If the value of this element is 'true', it indicates that this OpenFlow + Port is live and can be used for fast failover."; + } + } + + container features { + // XXX: So this container has containers for current, + // advertised, supported and advertised-peer with the same + // content. Which of those are actually configuration, which + // are system-managed on boot and which are state data + container current { + config false; + description + "The features (rates, duplex, etc.) of the port that are currently in + use."; + + leaf rate { + type OFPortRateType; + description + "The transmission rate that is currently used."; + } + + leaf auto-negotiate { + type boolean; + description + "Specifies the administrative state of the forwarding rate + auto-negotiation protocol on this OpenFlow Port."; + } + + leaf medium { + type enumeration { + enum copper; + enum fiber; + } + description + "This element MUST indicate a valid physical medium used by the OpenFlow + Port."; + } + + leaf pause { + type enumeration { + enum unsupported; + enum symmetric; + enum asymmetric; + } + description + "Specifies if pausing of transmission is supported at all and if yes if + it is asymmetric or symmetric."; + } + } + + container advertised { + // XXX: Is this really configuration data? + uses OFPortOtherFeatureListType; + description + "The features (rates, duplex, etc.) of the port that are advertised to + the peer port."; + } + + container supported { + uses OFPortOtherFeatureListType; + config false; + description + "The features (rates, duplex, etc.) of the port that are supported on + the port."; + } + + container advertised-peer { + uses OFPortOtherFeatureListType; + config false; + description + "The features (rates, duplex, etc.) that are currently advertised by the + peer port."; + } + } + + choice tunnel-type { + description + "Local tunnels endpoints are modeled as logical ports."; + + container tunnel { + description + "Properties of a basic IP-in-GRE tunnel."; + uses OFPortBaseTunnelType; + } + + container ipgre-tunnel { + description + "Properties of a IP-in-GRE tunnel with key, checksum, and sequence number + information."; + + uses OFPortBaseTunnelType; + + leaf checksum-present { + type boolean; + default true; + description + "Indicates presence of the GRE checksum."; + } + + leaf key-present { + type boolean; + default true; + description + "Indicates presence of the GRE key."; + } + + leaf key { + when "../key-present='true'" { + description + "This element is only relevant if element key-present of this IP GRE + Tunnel has value 'true'."; + } + type uint32; + mandatory true; + description + "The (optional) key of the GRE tunnel. It MAY be used to set the + OXM_OF_TUNNEL_ID match field metadata in the OpenFlow + protocol"; + } + + leaf sequence-number-present { + type boolean; + default false; + description + "Indicates presence of the GRE sequence number."; + } + } + + container vxlan-tunnel { + + description + "Properties of a VxLAN tunnel."; + uses OFPortBaseTunnelType; + + leaf vni-valid { + type boolean; + default true; + description + "Indicates how the corresponding flag should be set in packets sent on + the tunnel."; + } + + leaf vni { + type uint32; + description + "Virtual network identifier assigned to all packets sent on the tunnel. + A VxLAN implementation MAY use the this element to + set the OXM_OF_TUNNEL_ID match field metadata in the + OpenFlow protocol."; + } + + leaf vni-multicast-group { + type inet:ip-address; + description + "If IP multicast is used to support broadcast on the tunnel this + specifies the corresponding multicast IP address"; + } + + leaf udp-source-port { + type inet:port-number; + description + "Specifies the outer UDP source port number. If this element is absent, + the port number MAY be chosen dynamically."; + } + + leaf udp-dest-port { + type inet:port-number; + default 4789; + description + "Specifies the outer UDP destination port number. It SHOULD + be set to 4789, the port number reserved for VxLAN at IANA."; + } + + leaf udp-checksum { + type boolean; + default false; + description + "Boolean flag to indicate whether or not the outer UDP checksum should be + set"; + } + + } + + container nvgre-tunnel { + description + "Properties of an NVGRE tunnel."; + + uses OFPortBaseTunnelType; + + leaf vsid { + type uint32; + description + "Specifies the virtual subnet id used to identify packets belonging to + the NVGRE virtual layer-2 network (24 bit)"; + } + + leaf flow-id { + type uint8; + default 0; + description + "8-bit value that is used to provide per-flow entropy for flows in the same VSID"; + } + + } + } + } + + list queue { + key "resource-id"; + description + "The list contains all queue resources of the OpenFlow Capable Switch."; + uses OFResourceType; + + leaf id { + type uint64; + mandatory true; + description + "This id identifies the OpenFlow Queue to OpenFlow Controllers. It is + assigned to an OpenFlow Queue latest when the OpenFlow + Queue is associated with and OpenFlow Logical Switch. If + the OpenFlow Queue is associated with an OpenFlow Logical + Switch, this element MUST be unique within the context of + the OpenFlow Logical Switch. + + OpenFlow Capable Switch implementations may choose to + assign values to OpenFlow Queues that are unique within + the context of the OpenFlow Logical Switch. These id can + be used independent of assignments to OpenFlow Logical + Switches. + + Other implementations may assign values to this element + only if the OpenFlow Queue is assigned to an OpenFlow + Logical Switch."; + } + + leaf port { + type leafref { + path "/capable-switch/resources/port/resource-id"; + } + description + "Reference to port resources in the Capable Switch. + + This element associates an OpenFlow Queue with an + OpenFlow Port. If the OpenFlow Queue is associated with + an OpenFlow Logical Switch S and this element is present, + then it MUST be set to the value of element resource-id + of an OpenFlow Port which is associated with the OpenFlow + Logical Switch."; + } + + container properties { + description + "The queue properties currently configured."; + + leaf min-rate { + type OFTenthOfAPercentType; + description + "The minimal rate that is reserved for this queue in 1/10 of a percent of + the actual rate. + + This element is optional. If not present a min-rate is not + set."; + } + + leaf max-rate { + type OFTenthOfAPercentType; + description + "The maximum rate that is reserved for this queue in 1/10 of a percent of + the actual rate. + + This element is optional. If not present the max-rate is not + set."; + } + + leaf experimenter-id { + type OFExperimenterId; + description + "Experimenter ID of a currently configured experimenter."; + } + + leaf experimenter-data { + type OFHexBinaryType; + description + "This leaf contains the rest of the experimenter queue property body + and is arbitrarily defined by the corresponding + experimenter."; + } + } + } + + list owned-certificate { + key "resource-id"; + description + "The list contains all owned certificate resources of the OpenFlow + Capable Switch. It can be used by an OpenFlow Logical + Switch for authenticating itself to a controller when a TLS + connection is established."; + uses OFResourceType; + + leaf certificate { + type string; + mandatory true; + description + "An X.509 certificate in DER format base64 encoded."; + } + + container private-key { + + description + "This element contains the private key corresponding to the + certificate. The private key is encoded as specified in + XML-Signature Syntax and Processing + (http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/). + Currently the specification only support DSA and RSA + keys."; + + choice key-type { + mandatory true; + case dsa { + container DSAKeyValue { + description + "DSA keys and the DSA signature algorithm are specified in 'FIPS PUB + 186-2, Digital Signature Standard (DSS), + U.S. Department of Commerce/National Institute of + Standards and Technology, + http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf'. + DSA public key values can have the following + fields: + + P - a prime modulus meeting the requirements of the standard + above + Q - an integer in the range 2**159 < Q < 2**160 which is a + prime divisor of P-1 + G - an integer with certain properties with respect to P and Q + J - (P - 1) / Q + Y - G**X mod P (where X is part of the private key and not made + public) + seed - a DSA prime generation seed + pgenCounter - a DSA prime generation counter + + Parameter J is avilable for inclusion solely for + efficiency as it is calculatable from P and + Q. + + Parameters seed and pgenCounter are used in the DSA + prime number generation algorithm specified in the + above standard. As such, they are optional but MUST + either both be present or both be absent. This + prime generation algorithm is designed to provide + assurance that a weak prime is not being used and + it yields a P and Q value. + + Parameters P, Q, and G can be public and common to + a group of users. They might be known from + application context. As such, they are optional + but P and Q MUST either both appear or both be + absent. + + If all of P, Q, seed, and pgenCounter are present, + implementations are not required to check if they + are consistent and are free to use either P and Q + or seed and pgenCounter. + + All parameters are encoded as base64 values."; + + leaf P { + when "count(../Q) != 0"; + type binary; + mandatory true; + description + "A prime modulus meeting the requirements of the standard + above"; + } + + leaf Q { + when "count(../P) != 0"; + type binary; + mandatory true; + description + "An integer in the range 2**159 < Q < 2**160 which is a + prime divisor of P-1"; + } + + leaf J { + type binary; + description + "(P - 1) / Q"; + } + + leaf G { + type binary; + description + "An integer with certain properties with respect to P and Q"; + } + + leaf Y { + type binary; + mandatory true; + description + "G**X mod P (where X is part of the private key and not made public)"; + } + + leaf Seed { + when "count(../PgenCounter) != 0"; + type binary; + mandatory true; + description + "A DSA prime generation seed"; + + } + leaf PgenCounter { + when "count(../Seed) != 0"; + type binary; + mandatory true; + description + "A DSA prime generation counter"; + } + } + } + case rsa { + container RSAKeyValue { + description + "RSA key values have two fields: Modulus and Exponent."; + + leaf Modulus { + type binary; + mandatory true; + } + + leaf Exponent { + type binary; + mandatory true; + } + } + } + } + } + } + + list external-certificate { + key "resource-id"; + description + "The list contains all external certificate resources of the OpenFlow + Capable Switch for authenticating a controller when a TLS + connection is established."; + + uses OFResourceType; + case localPKI{ + container node { + + leaf certificate { + type string; + mandatory true; + description + "An X.509 certificate in DER format base64 encoded."; + } + } + } + case DNSbasedPKI{ + container node { + + leaf DNSTLSA { + type string; + mandatory true; + description + "The TLSA record of a local DNS server in Der format. According to RFC https://tools.ietf.org/html/rfc6698"; + } + leaf certificate { + type string; + mandatory true; + description + "An X.509 certificate in DER format base64 encoded. This is the certificate of the component itself (switch, controlelr)"; + } + leaf private-key { + type string; + mandatory true; + description + "The private key relates to the certificate"; + } + + + } + } + } + + list flow-table { + key table-id; + description + "The list contains all flow table resources of the OpenFlow Capable + Switch."; + + uses OFResourceType; + + leaf table-id { + type uint8; + + description + "Identifier of table."; + } + + leaf name { + type string; + + description + "Table name"; + } + + leaf metadata-match { + type OFHexBinaryType { + length 16; + } + + description + "This element indicates the bits of the metadata field on which the + flow table can match on. It is represented as a 64-bit + integer in hexadecimal digits([0-9a-fA-F]) format."; + } + + leaf metadata-write { + type OFHexBinaryType { + length 16; + } + + description + "This element indicates the bits of the metadata field on which table + can write using the 'write-metadata' instruction. It is + represented as a 64-bit integer in hexadecimal + digits([0-9a-fA-F]) format."; + } + + leaf max-entries { + type uint32; + config false; + + description + "The maximum number of flow entries supported by the flow table."; + } + + container properties { + presence "This table exposes feature properties"; + + description + "Table feature properties representing all possible features of a + table. Each container represent a single table feature + property. + + According to the specification, clients should understand + that the properties with the -miss suffix may be omitted + if it is the same as the corresponding property for + regular flow entries."; + + container instructions { + leaf-list type { + type OFInstructionType; + + description + "The list of instruction types supported by this table for regular flow + entries"; + } + } + + container instructions-miss { + leaf-list type { + type OFInstructionType; + + description + "The list of all instruction types supported by this table for + table-miss flow entries"; + } + } + + container next-tables { + leaf-list table-id { + type uint8; + + description + "An array of resource-ids of all flow tables that can be directly + reached from this table using the 'goto-table' + instruction for regular flow entries."; + } + } + + container next-tables-miss { + leaf-list table-id { + type uint8; + + description + "An array of resource-ids of all flow tables that can be directly reached + from this table using the 'goto-table' instruction for the table-miss flow + entry."; + } + } + + container write-actions { + leaf-list type { + type OFActionType; + + description + "The list of all write action types supported by this table for regular + flow entries."; + } + } + + container write-actions-miss { + leaf-list type { + type OFActionType; + + description + "The list of all write action types supported by this table for table-miss + flow entries."; + } + } + + container apply-actions { + leaf-list type { + type OFActionType; + + description + "The list of all apply action types supported by the flow table for + regular flow entries."; + } + } + + container apply-actions-miss { + leaf-list type { + type OFActionType; + + description + "The list of all apply action types supported by the flow table for + table-miss flow entries."; + } + } + + container matches { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all match types supported by this table for regular + flow entries."; + } + } + + container wildcards { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all fields for which the table supports wildcarding."; + } + } + + container write-setfields { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all 'set-field' action types supported by this table using + write actions for regular flow entries."; + } + } + + container write-setfields-miss { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all 'set-field' action types supported by this table using + write actions for table-miss flow entries."; + } + } + + container apply-setfields { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all 'set-field' action types supported by the table using + apply actions for regular flow entries."; + } + } + + container apply-setfields-miss { + leaf-list type { + type OFMatchFieldType; + + description + "The list of all 'set-field' action types supported by the table using + apply actions for table-miss flow entries."; + } + } + + container experimenter { + leaf-list experimenter-id { + type OFExperimenterId; + + description + "The list of all experimenters supported by the table for regular + flow entries."; + } + } + + container experimenter-miss { + leaf-list experimenter-id { + type OFExperimenterId; + + description + "The list of all experimenters supported by the table for table-miss + flow entries."; + } + } + } + } + } + + container logical-switches { + description + "This element contains a list of all OpenFlow Logical Switches available + at the OpenFlow Capable Switch."; + + list switch { + key "id"; + description + "The list of all OpenFlow Logical Switches on the OpenFlow Capable + Switch."; + + leaf id { + type OFConfigIdType; + mandatory true; + description + "A unique but locally arbitrary identifier that identifies a Logical + Switch within the context of an OpenFlow Capable + Switch. It MUST be persistent across reboots of the + OpenFlow Capable Switch."; + } + + container capabilities { + config false; + description + "This element contains all capability items that an OpenFlow Logical + Switch MAY implement."; + + leaf max-buffered-packets { + type uint32; + description + "The maximum number of packets the logical switch can buffer when + sending packets to the controller using packet-in + messages."; + } + + leaf max-tables { + type uint8; + description + "The number of flow tables supported by the logical switch."; + } + + leaf max-ports { + type uint32; + description + "The number of flow tables supported by the logical switch."; + } + + leaf flow-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports flow statistics."; + } + + leaf table-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports table statistics."; + } + + leaf port-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports port statistics."; + } + + leaf group-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports group statistics."; + } + + leaf queue-statistics { + type boolean; + default false; + description + "Specifies if the logical switch supports queue statistics."; + } + + leaf reassemble-ip-fragments { + type boolean; + default false; + description + "Specifies if the logical switch supports reassemble IP fragments."; + } + + leaf block-looping-ports { + type boolean; + default false; + description + "'true' indicates that a switch protocol outside of OpenFlow, such as + 802.1D Spanning Tree, will detect topology loops and + block ports to prevent packet loops."; + } + + container reserved-port-types { + description + "Specify generic forwarding actions such as sending to the controller, + flooding, or forwarding using non-OpenFlow methods, + such as 'normal' switch processing."; + + reference + "The types of reserved ports are defined in OpenFlow Switch + Specification versions 1.2, 1.3, and 1.3.1."; + + leaf-list type { + type enumeration { + enum all; + enum controller; + enum table; + enum inport; + enum any; + enum normal; + enum flood; + } + } + } + + container group-types { + description + "Specify the group types supported by the logical switch."; + + reference + "The types of groups are defined in OpenFlow Switch Specification + versions 1.2, 1.3, and 1.3.1."; + + leaf-list type { + type enumeration { + enum all; + enum select; + enum indirect; + enum fast-failover; + } + } + } + + container group-capabilities { + description + "Specify the group capabilities supported by the logical switch."; + + reference + "The types of group capability are defined in OpenFlow Switch + Specification versions 1.2, 1.3, and 1.3.1."; + + leaf-list capability { + type enumeration { + enum select-weight; + enum select-liveness; + enum chaining; + enum chaining-check; + } + } + } + + container action-types { + description + "Specify the action types supported by the logical switch."; + + leaf-list type { + type OFActionType; + } + } + + container instruction-types { + description + "Specify the instruction types supported by the logical switch."; + + leaf-list type { + type OFInstructionType; + } + } + } + + leaf datapath-id { + type OFDatapathIdType; + mandatory true; + description + "The datapath identifier of the Logical Switch that uniquely identifies + this Logical Switch within the context of all OpenFlow + Controllers associated with the OpenFlow Logical Switch. + The datapath identifier is a string value that MUST be + formatted as a sequence of 8 2-digit hexadecimal numbers + that are separated by colons, for example, + '01:23:45:67:89:ab:cd:ef'. When processing a datapath + identifier, the case of the decimal digits MUST be + ignored."; + } + + leaf enabled { + type boolean; + default false; + description + "This element indicates the administrative state of the OpenFlow + Logical Switch. A value of 'false' means the OpenFlow + Logical Switch MUST NOT communicate with any OpenFlow + Controllers, MUST NOT conduct any OpenFlow processing, + and SHOULD NOT be utilizing computational or network + resources of the underlying platform."; + } + + leaf check-controller-certificate { + type boolean; + default false; + description + "This element indicates the behavior of the OpenFlow Logical Switch + when connecting to an OpenFlow Controller. + + If set to value 'false', the logical switch will connect + to a controller without checking any controller certificate. + + If set to value 'true', then the logical switch will + connect to a controller with element set to + 'TLS', only if the controller provides a certificate that + can be verified with one of the certificates stored in + the list called external-certificates in the OpenFlow + Capable Switch. + + If a certificate cannot be validated, the OpenFlow + Logical Switch MUST terminate communication with the + corresponding OpenFlow Controller, MUST NOT conduct any + OpenFlow processing on requests of this OpenFlow + controller, and SHOULD NOT further utilize any + computational or network resources of for dealing with + this connection. + + If set to value 'true', the OpenFlow Logical Switch MUST + NOT connect to any OpenFlow Controller that does not + provide a certificate. This implies that it cannot + connect to an OpenFlow controller that has the value of + element protocol set to 'TCP'. Only connections with + protocol 'TLS' are possible in this case."; + } + + leaf lost-connection-behavior { + type enumeration { + enum failSecureMode; + enum failStandaloneMode; + } + default failSecureMode; + description + "This element indicates the behavior of the OpenFlow Logical Switch + in case it loses contact with all OpenFlow Controllers. + There are two alternative modes in such a case: fails + secure mode and fail standalone mode as defined by the + OpenFlow protocol specification version 1.2, section 6.4. + These are the only allowed values for this + element. Default is the fail secure mode."; + } + + container controllers { + description + "The list of controllers for this Logical switch."; + + list controller { + key "id"; + description + "The list of OpenFlow Controllers that are assigned to the OpenFlow + Logical Switch. The switch MUST NOT connect to any + OpenFlow Controller that is not contained in this list. + If the authenticaton is external-certificate and based on DNSbasedPKI + then this list may be retreived from the DNS server"; + + leaf id { + type OFConfigIdType; + mandatory true; + description + "A unique but locally arbitrary identifier that uniquely identifies an + OpenFlow Controller within the context of an OpenFlow + Capable Switch. It MUST be persistent across reboots + of the OpenFlow Capable Switch."; + } + + leaf role { + type enumeration { + enum master; + enum slave; + enum equal; + } + default equal; + + description + "This element indicates the role of the OpenFlow Controller. Semantics + of these roles are specified in the OpenFlow + specifications 1.0 - 1.3.1. It is RECOMMENDED that + the roles of controllers are not configured by + OF-CONFIG 1.1.1 but determined using the OpenFlow + protocol. OpenFlow Controllers configured by + OF-CONFIG 1.1.1 have the default role 'equal'. A + role other than 'equal' MAY be assigned to a + controller. Roles 'slave' and 'equal' MAY be + assigned to multiple controllers. Role 'master' MUST + NOT be assigned to more than one controller."; + } + + leaf ip-address { + type inet:ip-address; + mandatory true; + description + "The IP address of the OpenFlow Controller. This IP address is used by + the OpenFlow Logical Switch when connecting to the + OpenFlow Controller."; + } + + leaf port { + type inet:port-number; + default 6633; + description + "The TCP port number at the OpenFlow Controller. This port number is + used by the OpenFlow Logical Switch when connecting + to the OpenFlow Controller using TCP or TLS. The + default value is 6633."; + } + + leaf local-ip-address { + type inet:ip-address; + description + "The local IP address of the OpenFlow Logical Switch when connecting to + this OpenFlow Controller. It is the source IP + address of packets sent to this OpenFlow Controller. + If present, this element overrides any default IP + address. + + This element is optional. Attempts to set this + element to an IP address that cannot be used by the + OpenFlow Logical Switch MUST result in an + 'bad-element' error with type 'application'. The + element MUST contain the name of this + element in the element."; + } + + leaf local-port { + type inet:port-number; + description + "The local TCP port number of the OpenFlow Logical Switch when + connecting to this OpenFlow Controller. It is the + source TCP port number of packets sent to this + OpenFlow Controller. If this element is not present, + then the port number is chosen arbitrarily by the + OpenFlow Logical Switch. + + This element is optional. Attempts to set this + element to a port number that cannot be used by the + OpenFlow Logical Switch MUST result in an + 'bad-element' error with type 'application'. The + element MUST contain the name of this + element in the element."; + } + + leaf protocol { + type enumeration { + enum "tcp"; + enum "tls"; + } + default "tls"; + description + "The default protocol that the OpenFlow Logical Switch uses to connect + to this OpenFlow Controller."; + } + + container state { + config false; + description + "This container holds connection state information that indicate the + connection state of the OpenFlow Logical Switch and + the OpenFlow protocol version used for the + connection."; + + leaf connection-state { + type OFUpDownStateType; + description + "This object indicates the connections state of the OpenFlow Logical + Switch to this controller."; + } + leaf current-version { + type OFOpenFlowVersionType; + description + "This object indicates the version of the OpenFlow protocol used + between the OpenFlow Logical Switch and this + Controller. If element connection-state has value + 'up', then this element indicates the actual + version in use. If element connection-state has + value 'down', then this element indicates the + version number of the last established connection + with this OpenFlow Controller. The value of this + element MAY be persistent across reboots of the + OpenFlow Logical Switch in such a case. If element + connection-state has value 'down'and there is no + information about previous connections to this + OpenFlow controller, then this element is not + present."; + } + + leaf-list supported-versions { + type OFOpenFlowVersionType; + description + "This list of elements includes one entry for each OpenFlow protocol + version that this OpenFlow controller supports. It + SHOULD contain all."; + } + + leaf local-ip-address-in-use { + type inet:ip-address; + description + "The local IP address of the OpenFlow Logical Switch when connecting to + this OpenFlow Controller. It is the source IP + address of packets sent to this OpenFlow + Controller. If present, this element overrides any + default IP address."; + } + + leaf local-port-in-use { + type inet:port-number; + description + "The local TCP port number of the OpenFlow Logical Switch. If element + connection-state has value 'up', then this element + indicates the actual port number in use. If + element connection-state has value 'down', then + this element indicates the port number used for the + last attempt to establish a connection with this + OpenFlow Controller.??? When connecting to this + OpenFlow Controller, it is the source TCP port + number of packets sent to this OpenFlow Controller. + If this element has its defaqult value 0, then port + number is chosen arbitrarily by the OpenFlow + Logical Switch."; + } + } + + } + } + + container resources { + description + "The list of identifiers of all resources of the OpenFlow Capable + Switch that the OpenFlow Logical Switch has exclusive or + non-exclusive access to. A resource is identified by the + value of its resource-identifier element. For each + resource identifier value in this list, there MUST be an + element with a matching resource identifier value in the + resources list of the OpenFlow Capable Switch. + + Identifiers of this list are contained in elements + indicating the type of resource: 'port', 'queue', + 'certificate', or 'flow-table'. Depending on the type, + different constraints apply. These are specified in + separate descriptions per type."; + + leaf-list port { + // XXX: This has uniqueness requirements. The values must be unique, + // i.e. there can not be two ports pointing to the same capable-switch + // port. Should probably have a must statement here, checking if there + // are other logical-switches/switch instances that references the same + // port. + + type leafref { + path "/capable-switch/resources/port/resource-id"; + } + description + "A resource identifier of a port of the OpenFlow Capable + Switch that the OpenFlow Logical Switch has exclusive access to. + + Elements in this list MUST be unique. This means each port + element can only be referenced once."; + } + + leaf-list queue { + type leafref { + path "/capable-switch/resources/queue/resource-id"; + } + description + "A resource identifier of a queue of the OpenFlow Capable Switch + that the OpenFlow Logical Switch has exclusive access to. + + Elements in this list MUST be unique. This means each + queue element can only be referenced once."; + } + + leaf certificate { + type leafref { + path "/capable-switch/resources/owned-certificate/resource-id"; + } + description + "The resource identifier of the owned certificate in the OpenFlow + Capable Switch that the OpenFlow Logical Switch uses to + identify itself. This element MUST NOT occur more than + once in an OpenFlow Logical Switch's resource list. + + If no such element is in an OpenFlow Logical Switch's + resource list, then the OpenFlow Logical Switch does + not authenticate itself towards an OpenFloe Controller + with a certificate. If this element is present, then + the OpenFlow Logical Switch MUST provide this + certificate for authentication to an OpenFlow + Controller when setting up a TLS connection. + + For TCP connections this element is irrelevant."; + } + + leaf-list flow-table { + type leafref { + path "/capable-switch/resources/flow-table/table-id"; + } + description + "A resource identifier of a flow table of the OpenFlow Capable Switch + that the OpenFlow Logical Switch has exclusive access + to. + + Elements in this list MUST be unique. This means each + flow-table element can only be referenced once."; + } + } + } + } + } +}