[mirror_frr.git] / yang / frr-bgp-rpki.yang

// SPDX-License-Identifier: BSD-2-Clause
module frr-bgp-rpki {
  yang-version 1.1;
  namespace "http://frrouting.org/yang/frr-bgp-rpki";
  prefix frr-bgp-rpki;

  import ietf-inet-types {
    prefix inet;
  }

  import frr-vrf {
    prefix frr-vrf;
  }

  organization
    "FRRouting";
  contact
    "FRR Users List: <mailto:frog@lists.frrouting.org> FRR Development
     List: <mailto:dev@lists.frrouting.org>";
  description
    "This module defines a model for managing FRR BGP RPKI.

     Copyright 2020 FRRouting

     Redistribution and use in source and binary forms, with or without
     modification, are permitted provided that the following conditions
     are met:

     1. Redistributions of source code must retain the above copyright notice,
     this list of conditions and the following disclaimer.

     2. Redistributions in binary form must reproduce the above copyright
     notice, this list of conditions and the following disclaimer in the
     documentation and/or other materials provided with the distribution.

     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.";

  revision 2019-12-03 {
    description
      "Initial revision.";
  }

  typedef transport-type {
    type enumeration {
      enum "TCP" {
        value 1;
        description
          "Connection to server is TCP based.";
      }
      enum "SSH" {
        value 2;
        description
          "Connection to server is SSH based.";
      }
    }
  }

  grouping bgp-rpki-timers {
    container rpki-timers {
      description
        "RPKI timers config.";
      leaf polling-time {
        type uint32 {
          range "1..86400";
        }
        units "seconds";
        default "3600";
        description
          "Set the number of seconds the router waits until the
           router asks the cache again for updated data.";
      }

      leaf expire-time {
        type uint32 {
          range "600..172800";
        }
        units "seconds";
        default "7200";
        description
          "Set the expire interval.";
      }

      leaf retry-time {
        type uint16 {
          range "1..7200";
        }
        units "seconds";
        default "600";
        description
          "Set the retry interval.";
      }
    }
  }

  grouping bgp-rpki-cache-server {
    container rpki-cache-server {
      description
        "Add a cache server to the socket.";
      list cache-list {
        key "preference";
        leaf preference {
          type uint8 {
            range "1..255";
          }
          description
            "Preference of the cache server.";
        }

        leaf cache-type {
          type transport-type;
          mandatory true;
          description
            "Specifies a transport method for the RPKI cache.";
        }

        choice server {
          case ip-address {
            leaf ip-address {
              type inet:ip-address;
              mandatory true;
            }
          }

          case host-name {
            leaf ip-host-address {
              type inet:host;
              mandatory true;
            }
          }
        }

        container transport {
          container tcp {
            when "../../cache-type = 'TCP'";
            description
              "TCP server details.";
            leaf tcp-port {
              type uint32;
            }
          }

          container ssh {
            when "../../cache-type = 'SSH'";
            description
              "SSH login details";
            leaf ssh-port {
              type uint32 {
                range "1..65535";
              }
              description
                "SSH port on which session gets opened.";
            }

            leaf user-name {
              type string;
              description
                "SSH username to establish an SSH connection to the
                 cache server.";
            }

            leaf private-key {
              type string;
              description
                "Local path that includes the private key file of the router.";
            }

            leaf public-key {
              type string;
              description
                "Local path that includes the public key file of the router.";
            }

            leaf server-public-ley {
              type string;
              description
                "Server public key.";
            }
          }
        }
      }
    }
  }

  augment "/frr-vrf:lib/frr-vrf:vrf" {
    container bgp-rpki {
      description
        "RPKI configuration parameters.";
      leaf enable {
        type boolean;
        default "false";
        description
          "When set to 'true' it enables the RPKI.";
      }

      uses bgp-rpki-timers;

      uses bgp-rpki-cache-server;
    }
  }
}
Commit	Line	Data
41db488c	1	// SPDX-License-Identifier: BSD-2-Clause
2228b116	2	module frr-bgp-rpki {
	3	yang-version 1.1;
	4	namespace "http://frrouting.org/yang/frr-bgp-rpki";
	5	prefix frr-bgp-rpki;
	6
	7	import ietf-inet-types {
	8	prefix inet;
	9	}
	10
	11	import frr-vrf {
	12	prefix frr-vrf;
	13	}
	14
	15	organization
	16	"FRRouting";
	17	contact
	18	"FRR Users List: <mailto:frog@lists.frrouting.org> FRR Development
	19	List: <mailto:dev@lists.frrouting.org>";
	20	description
	21	"This module defines a model for managing FRR BGP RPKI.
	22
	23	Copyright 2020 FRRouting
	24
	25	Redistribution and use in source and binary forms, with or without
	26	modification, are permitted provided that the following conditions
	27	are met:
	28
	29	1. Redistributions of source code must retain the above copyright notice,
	30	this list of conditions and the following disclaimer.
	31
	32	2. Redistributions in binary form must reproduce the above copyright
	33	notice, this list of conditions and the following disclaimer in the
	34	documentation and/or other materials provided with the distribution.
	35
	36	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	37	\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	38	LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	39	A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	40	HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	41	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	42	LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	43	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	44	THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	45	(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	46	OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.";
	47
	48	revision 2019-12-03 {
	49	description
	50	"Initial revision.";
	51	}
	52
	53	typedef transport-type {
	54	type enumeration {
	55	enum "TCP" {
	56	value 1;
	57	description
	58	"Connection to server is TCP based.";
	59	}
	60	enum "SSH" {
	61	value 2;
	62	description
	63	"Connection to server is SSH based.";
	64	}
	65	}
66	}
67
68	grouping bgp-rpki-timers {
69	container rpki-timers {
70	description
71	"RPKI timers config.";
72	leaf polling-time {
73	type uint32 {
74	range "1..86400";
75	}
76	units "seconds";
77	default "3600";
78	description
79	"Set the number of seconds the router waits until the
80	router asks the cache again for updated data.";
81	}
82
83	leaf expire-time {
84	type uint32 {
85	range "600..172800";
86	}
87	units "seconds";
88	default "7200";
89	description
90	"Set the expire interval.";
91	}
92
93	leaf retry-time {
94	type uint16 {
95	range "1..7200";
96	}
97	units "seconds";
98	default "600";
99	description
100	"Set the retry interval.";
101	}
102	}
103	}
104
105	grouping bgp-rpki-cache-server {
106	container rpki-cache-server {
107	description
108	"Add a cache server to the socket.";
109	list cache-list {
110	key "preference";
111	leaf preference {
112	type uint8 {
113	range "1..255";
114	}
115	description
116	"Preference of the cache server.";
117	}
118
119	leaf cache-type {
120	type transport-type;
121	mandatory true;
122	description
123	"Specifies a transport method for the RPKI cache.";
124	}
125
126	choice server {
127	case ip-address {
128	leaf ip-address {
129	type inet:ip-address;
130	mandatory true;
131	}
132	}
133
134	case host-name {
135	leaf ip-host-address {
136	type inet:host;
137	mandatory true;
138	}
139	}
140	}
141
142	container transport {
143	container tcp {
144	when "../../cache-type = 'TCP'";
145	description
146	"TCP server details.";
147	leaf tcp-port {
148	type uint32;
149	}
150	}
151
152	container ssh {
153	when "../../cache-type = 'SSH'";
154	description
155	"SSH login details";
156	leaf ssh-port {
157	type uint32 {
158	range "1..65535";
159	}
160	description
161	"SSH port on which session gets opened.";
162	}
163
164	leaf user-name {
165	type string;
166	description
167	"SSH username to establish an SSH connection to the
168	cache server.";
169	}
170
171	leaf private-key {
172	type string;
173	description
174	"Local path that includes the private key file of the router.";
175	}
176
177	leaf public-key {
178	type string;
179	description
180	"Local path that includes the public key file of the router.";
181	}
182
183	leaf server-public-ley {
184	type string;
185	description
186	"Server public key.";
187	}
188	}
189	}
190	}
191	}
192	}
193
194	augment "/frr-vrf:lib/frr-vrf:vrf" {
195	container bgp-rpki {
196	description
197	"RPKI configuration parameters.";
198	leaf enable {
199	type boolean;
200	default "false";
201	description
202	"When set to 'true' it enables the RPKI.";
203	}
204
205	uses bgp-rpki-timers;
206
207	uses bgp-rpki-cache-server;
208	}
209	}
210	}