diff --git a/release/models/aft/.spec.yml b/release/models/aft/.spec.yml index 23c0d75b7b..249e3adec8 100644 --- a/release/models/aft/.spec.yml +++ b/release/models/aft/.spec.yml @@ -4,9 +4,11 @@ - yang/aft/openconfig-aft-counters.yang - yang/aft/openconfig-aft-types.yang - yang/aft/openconfig-aft-summary.yang + - yang/aft/openconfig-aft-global-filter.yang build: - yang/network-instance/openconfig-network-instance.yang - yang/aft/openconfig-aft-network-instance.yang - yang/aft/openconfig-aft-counters.yang - yang/aft/openconfig-aft-summary.yang + - yang/aft/openconfig-aft-global-filter.yang run-ci: true diff --git a/release/models/aft/openconfig-aft-common.yang b/release/models/aft/openconfig-aft-common.yang index 67beb166b3..a92e6c34d5 100644 --- a/release/models/aft/openconfig-aft-common.yang +++ b/release/models/aft/openconfig-aft-common.yang @@ -23,7 +23,13 @@ submodule openconfig-aft-common { "Submodule containing definitions of groupings that are re-used across multiple contexts within the AFT model."; - oc-ext:openconfig-version "3.2.0"; + oc-ext:openconfig-version "3.3.0"; + + revision "2026-03-10" { + description + "Add global-filter container to support per-network-instance AFT prefix filtering."; + reference "3.3.0"; + } revision "2025-08-07" { description @@ -194,6 +200,7 @@ submodule openconfig-aft-common { "Structural grouping describing a next-hop entry."; container next-hops { + config false; description "The list of next-hops that are to be used for entry within the AFT table. The structure of each next-hop is address @@ -868,6 +875,7 @@ submodule openconfig-aft-common { "Logical grouping for groups of next-hops."; container next-hop-groups { + config false; description "Surrounding container for groups of next-hops."; diff --git a/release/models/aft/openconfig-aft-ethernet.yang b/release/models/aft/openconfig-aft-ethernet.yang index af225feb8a..916e696d0f 100644 --- a/release/models/aft/openconfig-aft-ethernet.yang +++ b/release/models/aft/openconfig-aft-ethernet.yang @@ -20,7 +20,13 @@ submodule openconfig-aft-ethernet { "Submodule containing definitions of groupings for the abstract forwarding tables for Ethernet."; - oc-ext:openconfig-version "3.2.0"; + oc-ext:openconfig-version "3.3.0"; + + revision "2026-03-10" { + description + "Add global-filter container to support per-network-instance AFT prefix filtering."; + reference "3.3.0"; + } revision "2025-08-07" { description diff --git a/release/models/aft/openconfig-aft-global-filter.yang b/release/models/aft/openconfig-aft-global-filter.yang new file mode 100644 index 0000000000..cf4bf00047 --- /dev/null +++ b/release/models/aft/openconfig-aft-global-filter.yang @@ -0,0 +1,103 @@ +module openconfig-aft-global-filter { + namespace "http://openconfig.net/yang/aft/global-filter"; + prefix "oc-aft-gf"; + + import openconfig-extensions { prefix "oc-ext"; } + import openconfig-network-instance { prefix "oc-ni"; } + import openconfig-routing-policy { prefix "oc-rpol"; } + + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "Module containing definitions of groupings for the global + filter configuration applicable to abstract forwarding tables."; + + oc-ext:openconfig-version "3.3.0"; + + revision "2026-03-10" { + description + "Add global-filter container to support per-network-instance and per + AFT filtering, with routing policy split by address family."; + reference "3.3.0"; + } + + grouping aft-global-filter-config { + description + "Configuration parameters for the AFT global filter."; + leaf ipv6-policy { + type leafref { + path "/oc-rpol:routing-policy/oc-rpol:policy-definitions" + + "/oc-rpol:policy-definition/oc-rpol:config/oc-rpol:name"; + } + description + "Reference to a routing policy that is used to filter the + IPv6 prefixes that are present in the FIB. Only prefixes + that are accepted by the referenced policy are streamed. + The policy may, for example, use an explicit prefix set to + match prefixes, or match prefixes that are more specific than + a given prefix."; + } + + leaf ipv4-policy { + type leafref { + path "/oc-rpol:routing-policy/oc-rpol:policy-definitions" + + "/oc-rpol:policy-definition/oc-rpol:config/oc-rpol:name"; + } + description + "Reference to a routing policy that is used to filter the + IPv4 prefixes that are in the FIB. Only prefixes + that are accepted by the referenced policy are streamed. + The policy may, for example, use an explicit prefix set to + match prefixes, or match prefixes that are more specific than + a given prefix."; + } + } + + + grouping aft-global-filter-structural { + description + "Structural grouping defining the schema for the global filter + applied to the abstract forwarding tables."; + + container global-filter { + description + "Configuration and state for a global filter applied to the + AFT. The filter is used to restrict which prefixes from the + network instance's AFT are streamed via gNMI; it does not + affect which prefixes are installed in the forwarding plane + (hardware FIB). All gNMI clients subscribing to the IPv4 or + IPv6 AFT for this network instance will only receive data + corresponding to prefixes accepted by the configured + filter policy. Prefixes rejected by the policy are omitted + from the streamed AFT state for every subscriber, regardless + of the client."; + + container config { + description + "Configuration parameters for the AFT global filter."; + + uses aft-global-filter-config; + } + + container state { + config false; + description + "Operational state parameters for the AFT global filter."; + + uses aft-global-filter-config; + } + } + } + + augment "/oc-ni:network-instances/oc-ni:network-instance/oc-ni:afts" { + description + "Add global filter to AFT tree."; + + uses aft-global-filter-structural; + } +} diff --git a/release/models/aft/openconfig-aft-ipv4.yang b/release/models/aft/openconfig-aft-ipv4.yang index 2b913d8fe2..01d18b60bb 100644 --- a/release/models/aft/openconfig-aft-ipv4.yang +++ b/release/models/aft/openconfig-aft-ipv4.yang @@ -20,7 +20,13 @@ submodule openconfig-aft-ipv4 { "Submodule containing definitions of groupings for the abstract forwarding tables for IPv4."; - oc-ext:openconfig-version "3.2.0"; + oc-ext:openconfig-version "3.3.0"; + + revision "2026-03-10" { + description + "Add global-filter container to support per-network-instance AFT prefix filtering."; + reference "3.3.0"; + } revision "2025-08-07" { description diff --git a/release/models/aft/openconfig-aft-ipv6.yang b/release/models/aft/openconfig-aft-ipv6.yang index e1b2c6087c..64ced43b94 100644 --- a/release/models/aft/openconfig-aft-ipv6.yang +++ b/release/models/aft/openconfig-aft-ipv6.yang @@ -20,7 +20,13 @@ submodule openconfig-aft-ipv6 { "Submodule containing definitions of groupings for the abstract forwarding tables for IPv6."; - oc-ext:openconfig-version "3.2.0"; + oc-ext:openconfig-version "3.3.0"; + + revision "2026-03-10" { + description + "Add global-filter container to support per-network-instance AFT prefix filtering."; + reference "3.3.0"; + } revision "2025-08-07" { description diff --git a/release/models/aft/openconfig-aft-mpls.yang b/release/models/aft/openconfig-aft-mpls.yang index 79bd72391e..5fb556cab6 100644 --- a/release/models/aft/openconfig-aft-mpls.yang +++ b/release/models/aft/openconfig-aft-mpls.yang @@ -21,7 +21,13 @@ submodule openconfig-aft-mpls { "Submodule containing definitions of groupings for the abstract forwarding table for MPLS label forwarding."; - oc-ext:openconfig-version "3.2.0"; + oc-ext:openconfig-version "3.3.0"; + + revision "2026-03-10" { + description + "Add global-filter container to support per-network-instance AFT prefix filtering."; + reference "3.3.0"; + } revision "2025-08-07" { description diff --git a/release/models/aft/openconfig-aft-pf.yang b/release/models/aft/openconfig-aft-pf.yang index 67e3887c67..386c7166fc 100644 --- a/release/models/aft/openconfig-aft-pf.yang +++ b/release/models/aft/openconfig-aft-pf.yang @@ -28,7 +28,13 @@ submodule openconfig-aft-pf { fields other than the destination address that is used in other forwarding tables."; - oc-ext:openconfig-version "3.2.0"; + oc-ext:openconfig-version "3.3.0"; + + revision "2026-03-10" { + description + "Add global-filter container to support per-network-instance AFT prefix filtering."; + reference "3.3.0"; + } revision "2025-08-07" { description diff --git a/release/models/aft/openconfig-aft-state-synced.yang b/release/models/aft/openconfig-aft-state-synced.yang index b5563233f5..ba7a535c34 100644 --- a/release/models/aft/openconfig-aft-state-synced.yang +++ b/release/models/aft/openconfig-aft-state-synced.yang @@ -16,7 +16,13 @@ submodule openconfig-aft-state-synced { "Submodule containing definitions of groupings for the state synced signals corresponding to various abstract forwarding tables."; - oc-ext:openconfig-version "3.2.0"; + oc-ext:openconfig-version "3.3.0"; + + revision "2026-03-10" { + description + "Add global-filter container to support per-network-instance AFT prefix filtering."; + reference "3.3.0"; + } revision "2025-08-07" { description diff --git a/release/models/aft/openconfig-aft-summary.yang b/release/models/aft/openconfig-aft-summary.yang index 8a4cc1730c..3edd0ffdcb 100644 --- a/release/models/aft/openconfig-aft-summary.yang +++ b/release/models/aft/openconfig-aft-summary.yang @@ -20,7 +20,13 @@ module openconfig-aft-summary { "This module provides summary of aft entry counts per protocol type for each network instance."; - oc-ext:openconfig-version "0.2.0"; + oc-ext:openconfig-version "0.2.1"; + + revision "2026-03-11" { + description + "Add config false to protocols and state containers."; + reference "0.2.1"; + } revision "2024-01-12" { description @@ -49,7 +55,7 @@ module openconfig-aft-summary { container counters { description - "Enclosing container for aft entry counters"; + "Enclosing container for aft entry counters"; leaf aft-entries { description @@ -64,6 +70,7 @@ module openconfig-aft-summary { "A summary of aft entries by protocol type."; container protocols { + config false; description "Enclosing container for a list of protocols"; list protocol { @@ -81,6 +88,7 @@ module openconfig-aft-summary { } container state { + config false; description "State parameters for the aft entry list."; uses protocols-state; diff --git a/release/models/aft/openconfig-aft.yang b/release/models/aft/openconfig-aft.yang index 272bde5631..f673514092 100644 --- a/release/models/aft/openconfig-aft.yang +++ b/release/models/aft/openconfig-aft.yang @@ -42,7 +42,13 @@ module openconfig-aft { is referred to as an Abstract Forwarding Table (AFT), rather than the FIB."; - oc-ext:openconfig-version "3.2.0"; + oc-ext:openconfig-version "3.3.0"; + + revision "2026-03-10" { + description + "Add global-filter container to support per-network-instance AFT prefix filtering."; + reference "3.3.0"; + } revision "2025-08-07" { description @@ -222,7 +228,6 @@ module openconfig-aft { AFT."; container afts { - config false; description "The abstract forwarding tables (AFTs) that are associated with the network instance. An AFT is instantiated per-protocol @@ -234,6 +239,7 @@ module openconfig-aft { forwarding entry."; container ipv4-unicast { + config false; description "The abstract forwarding table for IPv4 unicast. Entries within this table are uniquely keyed on the IPv4 unicast @@ -248,6 +254,7 @@ module openconfig-aft { } container ipv6-unicast { + config false; description "The abstract forwarding table for IPv6 unicast. Entries within this table are uniquely keyed on the IPv6 unicast @@ -262,6 +269,7 @@ module openconfig-aft { } container policy-forwarding { + config false; description "The abstract forwarding table for policy-based forwarding entries. Since multiple match criteria can be utilised @@ -279,6 +287,7 @@ module openconfig-aft { } container mpls { + config false; description "The abstract forwarding table for MPLS label based forwarding entries. Entries within the table are keyed based @@ -289,6 +298,7 @@ module openconfig-aft { } container ethernet { + config false; description "The abstract forwarding table for Ethernet based forwarding entries. Entries within the table are keyed based on the @@ -298,6 +308,7 @@ module openconfig-aft { } container state-synced { + config false; description "In some cases AFT streaming (e.g., over gNMI) is an eventually consistent system. When the device updates an entry it is usually expected to