1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
|
module bgp-policy {
yang-version "1";
// namespace
// TODO: change to an ietf or other generic namespace
namespace "http://google.com/yang/google-bgp-policy-cfg";
prefix "bgp-policy";
// import some basic types
import ietf-inet-types { prefix inet; }
// meta
// TODO: add collaborating organizations
organization
"Google, AT&T, BT, Microsoft";
contact
"Google, Inc.
1600 Amphitheatre Way
Mountain View, CA 94043
AT&T Labs
200 S. Laurel Avenue
Middletown, NJ 07748
BT
pp. C3L, BT Centre
81, Newgate Street
London EC1A 7AJ
UK
Microsoft
205 108th Ave. NE, Suite 400
Bellevue, WA 98004";
description
"This module describes a YANG model for BGP policy
configuration. It is a limited subset of all of the policy
configuration parameters available in the variety of vendor
implementations, but supports widely used constructs for managing
how BGP routes are imported, exported, and modified. This module
works with the base BGP protocol configuration model defined in
google-bgp.
Route policy expression:
Policies are expressed as a set of top-level policy definitions,
each of which consists of a sequence of policy statements.
Policy statements are simple condition-action tuples. Conditions
may include mutiple match or comparison operations, and similarly
actions may be multitude of changes to route attributes and a
final disposition of accepting or> rejecting the route.
BGP
|
+->policy
+-> policy definitions
+-> policy statements
+-> conditions
+-> [ match conditions / comparison conditions ]
+-> actions
+-> [ set attribute actions / control-flow actions ]
Route policy evaluation:
Evaluation of a policy definition is expected to proceed by
evaluating the individual policy statements in the specified
order. When a condition statement in a policy statement is
satisfied, the corresponding action statement is executed.
If the action statement has either accept-route or reject-route
actions, policy evaluation stops. If the condition is not
satisfied, or if the action statement contains goto-next, then
evaluation proceeds to the next policy statement. If none of the
policy statement conditions are satisfied, then the default
action is applied.
Policy 'subroutines' are supported by allowing condition
statements to reference another policy definition which first
applies conditions from the referenced policy before
proceeding.";
revision "2014-09-30" {
description
"Initial revision";
reference "TBD";
}
// extension statements
// feature statements
// identity statements
identity bgp-attribute-comparison {
description
"base type for supported comparison operators on route
attributes";
}
identity attribute-eq {
base bgp-attribute-comparison;
description "== comparison";
}
identity attribute-ge {
base bgp-attribute-comparison;
description ">= comparison";
}
identity attribute-le {
base bgp-attribute-comparison;
description "<= comparison";
}
// typedef statements
typedef match-set-options-type {
type enumeration {
enum ANY {
description "match is true if given value matches any member
of the defined set";
}
enum ALL {
description "match is true if each given value matches a
member of the defined set";
}
enum INVERT {
description "match is true if given value does not match any
member of the defined set";
}
}
default ANY;
description
"Options that govern the behavior of a match statement. The
default behavior is ANY, i.e., the given value matches any
of the members of the defined set";
}
typedef as-path-prepend-option-repeat {
type uint32;
description
"Option for the as-prepend policy action. Prepends the local
AS number repeated n times";
}
typedef well-known-community-attr {
type enumeration {
enum INTERNET {
description "entire Internet community (0x00000000)";
}
enum NO_EXPORT {
// value 0xFFFFFF01;
description "no export";
}
enum NO_ADVERTISE {
description "no advertise (0xFFFFFF02)";
}
enum NO_EXPORT_SUBCONFED {
description "no export subconfed, equivalent to
local AS (0xFFFFFF03)";
}
}
description
"Type definition for well-known IETF community attribute
values";
reference "RFC 1997 - BGP Communities Attribute";
}
typedef std-community-attr-type {
// TODO: further refine restrictions and allowed patterns
// 4-octet value:
// <as number> 2 octets
// <community value> 2 octets
type union {
type uint32 {
// per RFC 1997, 0x00000000 - 0x0000FFFF and 0xFFFF0000 -
// 0xFFFFFFFF are reserved
range "65536..4294901759"; // 0x00010000..0xFFFEFFFF
}
type string {
pattern '([0-9]+:[0-9]+)';
}
}
description
"Type definition for standard commmunity attributes";
reference "RFC 1997 - BGP Communities Attribute";
}
typedef ext-community-attr-type {
// TODO: needs more work to make this more precise given the
// variability of extended community attribute specifications
// 8-octet value:
// <type> 2 octects
// <value> 6 octets
type string {
pattern '([0-9\.]+(:[0-9]+)?:[0-9]+)';
}
description
"Type definition for extended community attributes";
reference "RFC 4360 - BGP Extended Communities Attribute";
}
typedef community-regexp-type {
// TODO: needs more work to decide what format these regexps can
// take.
type string;
description
"Type definition for communities specified as regular
expression patterns";
}
typedef bgp-origin-attr-type {
type enumeration {
enum IGP {
value 0;
description "Origin of the NLRI is internal";
}
enum EGP {
value 1;
description "Origin of the NLRI is EGP";
}
enum INCOMPLETE {
value 2;
description "Origin of the NLRI is neither IGP or EGP";
}
}
description
"Type definition for standard BGP origin attribute";
reference "RFC 4271 - A Border Gateway Protocol 4 (BGP-4),
Sec 4.3";
}
typedef set-community-option-type {
type enumeration {
enum ADD {
description "add the specified communities to the existing
community attribute";
}
enum REMOVE {
description "remove the specified communities from the
existing community attribute";
}
enum REPLACE {
description "replace the existing community attribute with
the specified communities";
}
enum NULL {
description "set the community attribute to empty / NULL";
}
}
description
"Type definition for options when setting the community
attribute in a policy action";
}
typedef bgp-next-hop-type {
type union {
type inet:ip-address;
type enumeration {
enum SELF {
description "special designation for local router's own
address";
}
}
}
description "type definition for specifying next-hop in policy
actions";
}
// grouping statements
grouping defined-sets-definitions {
description
"Data definitions for pre-defined sets of attributes used in
policy match conditions";
list prefix-set {
key prefix-set-name;
description
"Definitions for prefix sets";
leaf prefix-set-name {
type string;
description
"name / label of the prefix set -- this is used to
reference the set in match conditions";
}
list prefix {
key "address masklength masklength-range";
description
"list of prefix expressions that are part of the set";
leaf address {
type inet:ip-address;
mandatory true;
description
"address portion of the prefix";
}
leaf masklength {
type uint8 {
// simple range covers both ipv4 and ipv6 --
// could separate this into different types
// for IPv4 and IPv6 prefixes
range 1..128;
}
mandatory true;
description
"masklength for the prefix specification";
}
leaf masklength-range {
type string {
// pattern modeled after ietf-inet-types
pattern '(([0-9])|([1-9][0-9])|(1[0-1][0-9])|'
+ '(12[0-8]))\.\.'
+ '(([0-9])|([1-9][0-9])|(1[0-1][0-9])|'
+ '(12[0-8]))';
}
description
"Defines an optional range for the masklength. Absence
of the masklength-length implies that the prefix has an
exact masklength given by the masklength parameter.
Example: 10.3.192.0/21 through 10.3.192.0/24 would be
expressed as address: 10.3.192.0, masklength: 21,
masklength-range: 21..24";
}
}
}
list community-set {
key community-set-name;
description
"Definitions for community sets";
leaf community-set-name {
type string;
mandatory true;
description
"name / label of the community set -- this is used to
reference the set in match conditions";
}
leaf-list community-members {
type union {
type std-community-attr-type;
type community-regexp-type;
type well-known-community-attr;
}
description
"members of the community set";
}
}
list ext-community-set {
key ext-community-set-name;
description
"Definitions for extended community sets";
leaf ext-community-set-name {
type string;
description
"name / label of the extended community set -- this is used
to reference the set in match conditions";
}
leaf-list ext-community-members {
type union {
type ext-community-attr-type;
// TODO: is regexp support needed for extended communities?
// TODO: is well-known needed for extended communities?
type community-regexp-type;
}
description
"members of the extended community set";
}
}
list as-path-set {
key as-path-set-name;
description
"Definitions for AS path sets";
leaf as-path-set-name {
type string;
description
"name of the AS path set -- this is used to reference the
the set in match conditions";
}
leaf-list as-path-set-members {
// TODO: need to refine typedef for AS path expressions
type string;
description
"AS path expression -- list of ASes in the set";
}
}
}
grouping condition-set-matches {
description
"Condition statement definitions for checking membership in a
defined set";
leaf match-community-set {
type leafref {
path "/bgp/policy/defined-sets/community-set/community-set-name";
require-instance true;
}
description
"References a defined community set";
}
leaf match-ext-community-set {
type leafref {
path "/bgp/policy/defined-sets/ext-community-set"
+ "/ext-community-set-name";
}
description "References a defined extended community set";
}
leaf match-as-path-set {
type leafref {
path "/bgp/policy/defined-sets/as-path-set/as-path-set-name";
}
description "References a defined AS path set";
}
leaf match-prefix-set {
type leafref {
path "/bgp/policy/defined-sets/prefix-set/prefix-set-name";
}
description "References a defined prefix set";
}
leaf match-set-options {
type match-set-options-type;
description
"Optional parameter that governs the behavior of the match
operation";
}
}
grouping condition-attribute-compare-operators {
description "common definitions for comparison operations in
condition statements";
leaf operator {
type identityref {
base bgp-attribute-comparison;
}
description
"type of comparison to be performed";
}
leaf value {
type uint32;
description
"value to compare with the community count";
}
}
grouping condition-attribute-comparisons {
description
"Condition statement definitions for comparing a route
attribute to a specified value";
leaf med-eq {
type uint32;
description
"Condition to check if the received MED value is equal to
the specified value";
}
leaf origin-eq {
type bgp-origin-attr-type;
description
"Condition to check if the route origin is equal to the
specified value";
}
leaf-list next-hop-in {
type inet:ip-address;
description
"List of next hop addresses to check for in the route
update";
}
leaf local-pref-eq {
type uint32;
// TODO: add support for other comparisons
description
"Condition to check if the local pref attribute is equal to
the specified value";
}
container community-count {
presence "node is present in the config data to indicate a
community-count condition";
description
"Value and comparison operations for conditions based on the
number of communities in the route update";
uses condition-attribute-compare-operators;
}
container as-path-length {
presence "node is present in the config data to indicate a
as-path-length condition";
description
"Value and comparison operations for conditions based on the
length of the AS path in the route update";
uses condition-attribute-compare-operators;
}
leaf route-type {
// TODO: verify extent of vendor support for this comparison
type enumeration {
enum INTERNAL {
description "route type is internal";
}
enum EXTERNAL {
description "route type is external";
}
}
description
"Condition to check the route type in the route update";
}
}
grouping set-attribute-actions {
description
"Definitions for base set of policy action statements that
change various attributes of the route";
container set-as-path-prepend {
presence "node is present in the config data to use the AS
prepend action";
description
"action to prepend local AS number to the AS-path a
specified number of times";
leaf repeat-n {
type uint8;
description "number of times to prepend the local AS number";
}
}
container set-community {
presence "node is present in the config data when set-community
action is used";
description
"action to set the community attributes of the route, along
with options to modify how the community is modified";
leaf-list communities {
type union {
type std-community-attr-type;
type well-known-community-attr;
}
description
"community values for the update";
}
leaf options {
type set-community-option-type;
description
"options for modifying the community attribute with the
specified values";
}
}
container set-ext-community {
presence "node is present in the config data when set-community
action is used";
description
"action to set the extended community attributes of the
route, along with options to modify how the community is
modified";
leaf-list communities {
type union {
type ext-community-attr-type;
type well-known-community-attr;
}
description
"community values for the update";
}
leaf options {
type set-community-option-type;
description
"options for modifying the community attribute with the
specified values";
}
}
leaf set-route-origin {
type bgp-origin-attr-type;
description "set the origin attribute to the specified value";
}
leaf set-local-pref {
type uint32;
description "set the local pref attribute on the route update";
}
leaf set-next-hop {
type bgp-next-hop-type;
description "set the next-hop attribute in the route update";
}
leaf set-med {
type uint32;
description "set the med metric attribute in the route update";
}
}
grouping control-flow-actions {
description
"Definitions for base set of policy action statements that
manage the disposition or control flow of the policy";
leaf accept-route {
type empty;
description "accepts the route into the routing table";
}
leaf reject-route {
type empty;
description "rejects the route";
}
leaf goto-next {
type empty;
description
"proceed to evaluate the next policy statement in the
policy definition";
}
leaf goto-policy {
type string;
description
"proceed to the named policy definition and continue
evaluating the policy";
}
}
grouping conditions {
description
"Condition statement definitions for policy statements";
leaf call-policy {
type string;
description
"Applies the conditions from the specified policy definition
in the current policy statement.";
}
uses condition-set-matches;
uses condition-attribute-comparisons;
}
grouping actions {
description
"Action statement definitions for policy statements";
uses set-attribute-actions;
uses control-flow-actions;
}
grouping apply-policy-group {
description
"top level configuration for applying policies at various
points in the configuration hierarchy";
container apply-policy {
description
"Anchor point for policies in the BGP configuration. Import
and export policies are with respect to the local routing
table, i.e., export (send) and import (receive).";
leaf-list import-policies {
type leafref {
path "/bgp/policy/policy-definitions/policy-definition"
+ "/name";
require-instance true;
}
description
"list of policy names in sequence to be applied on
receiving a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
}
leaf-list export-policies {
type leafref {
path "/bgp/policy/policy-definitions/policy-definition"
+ "/name";
require-instance true;
}
description
"list of policy names in sequence to be applied on
sending a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
}
}
}
grouping policy-definition-group {
description
"top level set of policy defined sets and policy definitions";
container policy {
description
"Top level container for BGP policy-related configuration
items";
container defined-sets {
presence "Container for sets defined for matching in policy
statements";
description
"Predefined sets of attributes used in policy match
statements";
uses defined-sets-definitions;
}
container policy-definitions {
presence "Container for the set of policy definitions";
description
"Top level container for policy definitions";
list policy-definition {
key name;
ordered-by user;
description
"List of top-level policy definitions, keyed by a unique
name";
leaf name {
type string;
description
"Name of the top-level policy definition -- this name
is used in references to the current policy";
}
list statements {
key name;
// TODO: names of policy statements withing a policy defn
// should be optional, however, YANG requires a unique id
// for lists; not sure that a compound key works either;
// need to investigate further.
ordered-by user;
description
"Name of this policy statement";
leaf name {
type string;
description "name of the policy statement";
}
container conditions {
description "Condition statements for this
policy statement";
uses conditions;
}
container actions {
description "Action statements for this policy
statement";
uses actions;
}
}
}
}
}
}
// augment statements
// rpc statements
// notification statements
}
|
