Application Filtering
Change-Id: Idf4473fdd983708c092db45f0b820099d7688ac4
diff --git a/config-models/aether-4.x/CHANGELOG.md b/config-models/aether-4.x/CHANGELOG.md
index 6a855ed..0f09984 100644
--- a/config-models/aether-4.x/CHANGELOG.md
+++ b/config-models/aether-4.x/CHANGELOG.md
@@ -4,12 +4,15 @@
SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
-->
Differences from Aether-3.0.0
+=============================
VCS and Template:
* Containerized device MBR Uplink and Download to device.mbr.uplink and device.mbr.downlink
* Added slice.mbr.uplink and slice.mbr.downlink
* Remove link to AP-List
* All bitrates are now uint64 and have units "bps"
+ * Renamed the application section to "filter"
+ * Added priority to application filters
Site:
* Added link to AP-List
@@ -18,6 +21,7 @@
Application:
* Added mbr.uplink and mbr.downlink
+ * Moved address outside of the endpoint list
Traffic-Class:
* Removed pelr and pdb
@@ -30,3 +34,18 @@
* Added config-endpoint
Models prefixed with onf- throughout.
+
+Application Filtering
+=====================
+
+Application filtering is part of this release. A brief description of Application
+Filtering is below.
+
+* Each VCS contains a filter
+* The filter is a list of applications. Each application within the filter can
+ be set to Allow or Deny and can be given a priority.
+* The filter is executed in priority order. The first application to match a packet will
+ have its resulting action (Allow or Deny) executed for that packet.
+* Each application contains a single address and a set of endpoints.
+* Each endpoint is a port-range together with a maximum bitrate.
+
diff --git a/config-models/aether-4.x/Chart.yaml b/config-models/aether-4.x/Chart.yaml
index 3f4a1be..fbb3971 100644
--- a/config-models/aether-4.x/Chart.yaml
+++ b/config-models/aether-4.x/Chart.yaml
@@ -4,7 +4,7 @@
apiVersion: v2
name: config-model-aether
-version: 4.0.3
+version: 4.0.4
kubeVersion: ">=1.18.0"
appVersion: 4.0.0
description: Aether config model
diff --git a/config-models/aether-4.x/files/aether-4.0.0.tree b/config-models/aether-4.x/files/aether-4.0.0.tree
index 11038cc..ac616db 100644
--- a/config-models/aether-4.x/files/aether-4.0.0.tree
+++ b/config-models/aether-4.x/files/aether-4.0.0.tree
@@ -4,16 +4,16 @@
+--rw id application-id
+--rw display-name? string
+--rw description? at:description
+ +--rw address ietf:host
+--rw endpoint* [name]
| +--rw name string
- | +--rw address ietf:host
| +--rw port-start ietf:port-number
| +--rw port-end? ietf:port-number
| +--rw protocol? at:protocol
+ | +--rw mbr
+ | +--rw uplink? at:bitrate
+ | +--rw downlink? at:bitrate
+--rw enterprise -> /ent:enterprise/enterprise/id
- +--rw mbr
- +--rw uplink? at:bitrate
- +--rw downlink? at:bitrate
module: onf-connectivity-service
+--rw connectivity-service
@@ -128,8 +128,9 @@
| +--rw device-group -> /dg:device-group/device-group/id
| +--rw enable? boolean
+--rw template? -> /vt:template/template/id
- +--rw application* [application]
+ +--rw filter* [application]
| +--rw application -> /app:application/application/id
+ | +--rw priority? uint8
| +--rw allow? boolean
+--rw upf? -> /upf:upf/upf/id
+--rw description? at:description
diff --git a/config-models/aether-4.x/files/yang/onf-application.yang b/config-models/aether-4.x/files/yang/onf-application.yang
index 0f7d4b6..4c146c3 100755
--- a/config-models/aether-4.x/files/yang/onf-application.yang
+++ b/config-models/aether-4.x/files/yang/onf-application.yang
@@ -54,20 +54,20 @@
description "description of this application";
}
+ leaf address {
+ type ietf:host;
+ mandatory true;
+ description
+ "Address of this application. Either a hostname, an IP, or a subnet.";
+ }
+
list endpoint {
key "name";
- max-elements 1;
leaf name {
type string;
description
"Name of this endpoint";
}
- leaf address {
- type ietf:host;
- mandatory true;
- description
- "Address of this endpoint. Either a hostname, and IP, or a subnet.";
- }
leaf port-start {
type ietf:port-number;
mandatory true;
@@ -82,8 +82,22 @@
leaf protocol {
type at:protocol;
description
- "Name of this endpoint";
- }
+ "Protocol of this endpoint";
+ }
+ container mbr {
+ description "Maximum bitrate";
+ leaf uplink {
+ type at:bitrate;
+ units mbr;
+ description "Per-Device per-Application mbr uplink data rate in mbps";
+ }
+
+ leaf downlink {
+ type at:bitrate;
+ units mbr;
+ description "Per-Device per application mbr downlink data rate in mbps";
+ }
+ }
}
leaf enterprise {
@@ -94,21 +108,6 @@
description
"Link to enterprise that owns this Application. May be set to None if the application is global to all Enterprises.";
}
-
- container mbr {
- description "Maximum bitrate";
- leaf uplink {
- type at:bitrate;
- units mbr;
- description "Per-Application mbr uplink data rate in mbps";
- }
-
- leaf downlink {
- type at:bitrate;
- units mbr;
- description "Per-Application mbr downlink data rate in mbps";
- }
- }
}
- }
+ }
}
diff --git a/config-models/aether-4.x/files/yang/onf-vcs.yang b/config-models/aether-4.x/files/yang/onf-vcs.yang
index 7a7487d..db0e993 100755
--- a/config-models/aether-4.x/files/yang/onf-vcs.yang
+++ b/config-models/aether-4.x/files/yang/onf-vcs.yang
@@ -17,7 +17,7 @@
organization "Open Networking Foundation.";
contact "Scott Baker";
- description
+ description
"An Aether Virtual Cellular Service (VCS) is
used to connect devices with applications";
@@ -53,13 +53,13 @@
}
list device-group {
- key "device-group";
+ key "device-group";
leaf device-group {
type leafref {
path "/dg:device-group/dg:device-group/dg:id";
- }
+ }
description
- "Link to device group";
+ "Link to device group";
}
leaf enable {
type boolean;
@@ -70,19 +70,19 @@
description
"A list of device groups. Groups will only participate in
the VCS if the enable field is set to True";
- }
+ }
leaf template {
type leafref {
path "/vt:template/vt:template/vt:id";
- }
+ }
description
"Link to user vcs template that was used to initialize
this VCS";
}
- list application {
- key "application";
+ list filter {
+ key "application";
leaf application {
type leafref {
path "/app:application/app:application/app:id";
@@ -91,6 +91,12 @@
description
"Link to application";
}
+ leaf priority {
+ type uint8;
+ default 0;
+ description
+ "Priority of this application";
+ }
leaf allow {
type boolean;
default true;
@@ -98,15 +104,15 @@
"Allow or deny this application";
}
description
- "An ordered list of applications to allow and deny. The deny rules
- will be executed first, followed by the allow rules. The first rule
- to match is returned. An implicit DENY ALL lies at the end.";
- }
+ "A list of applications to allow and/or deny. Rules are executed in
+ priority order. The first rule to match will determine the fate
+ of the packet.";
+ }
leaf upf {
type leafref {
path "/upf:upf/upf:upf/upf:id";
- }
+ }
description
"Link to user plane that implements this vcf";
}
@@ -123,7 +129,7 @@
mandatory true;
description
"Link to enterprise that owns this VCS";
- }
+ }
// the following are populated from the template
leaf sst {
@@ -131,7 +137,7 @@
mandatory true;
description "Slice/Service type. Immutable.";
}
-
+
leaf sd {
type at:sd;
mandatory true;
@@ -184,5 +190,5 @@
}
// end of items populated from the template
}
- }
+ }
}