scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-29 17:22:23 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

OLS-319 incorporated most review comments, revised files

Browse Source
This commit is contained in:
Binny
2024-09-23 07:47:42 +00:00
parent 9a994374b5
commit 53c239b60d
12 changed files with 62 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
capabilities/connect.capabilities.yml
View File

@@ -175,7 +175,7 @@ properties:
- System-SwUpdate-Partial
- Port-Mirroring
# Security
- MAC-
- MAC-ACL
- Guest-VLAN
# Services
- Service-SSH

2
schema/ethernet.yml
View File

@@ -24,7 +24,7 @@ properties:
port. It may contain spaces and special characters, not exceeding 64 characters.
type: string
examples:
- 'cloud_uplink_port'
- cloud_uplink_port
speed:
description:
The link speed that shall be forced.

8
schema/interface.acl.yml
View File

@@ -20,9 +20,6 @@ items:
description: Tracks the number and type of packets that match the ingress ACL rules on an interface.
type: boolean
default: false
enum:
- true
- false
acl-inf-policy-egress:
description: Specifies the ACL policy that is applied to outgoing traffic from an interface.
type: string
@@ -33,7 +30,4 @@ items:
acl-inf-counters-egress:
description: Tracks the number and type of packets that match the egress ACL rules on an interface.
type: boolean
default: false
enum:
- true
- false
default: false

4
schema/interface.dhcp-snoop-port.yml
View File

@@ -5,14 +5,10 @@ properties:
description: "This parameter designates a switch port as trusted for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers"
type: boolean
default: false
enum:
- true
- false
dhcp-snoop-port-client-limit:
description: "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the networks IP address pool"
type: integer
minimum: 1
maximum: 16
dhcp-snoop-port-circuit-id:
description: "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting"
type: string

3
schema/interface.ipv4.yml
View File

@@ -200,9 +200,6 @@ properties:
description: "Enables DHCP Snooping on a VLAN"
type: boolean
default: false
enum:
- true
- false
dhcp:
$ref: "https://ucentral.io/schema/v1/interface/ipv4/dhcp/"
dhcp-leases:

31
schema/switch.yml
View File

@@ -250,9 +250,6 @@ properties:
description: "Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses"
type: boolean
default: false
enum:
- true
- false
dhcp-snoop-rate-limit:
description: "Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks"
type: integer
@@ -262,23 +259,14 @@ properties:
description: "This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security"
type: boolean
default: false
enum:
- true
- false
dhcp-snoop-inf-opt-82:
description: "This refers to the insertion of information option 82 in DHCP packets, which adds more details about the clients location and network information for tracking and control purposes"
type: boolean
default: false
enum:
- true
- false
dhcp-snoop-inf-opt-encode-subopt:
description: "This parameter allows for the encoding of sub-options within option 82 to further specify client information"
type: boolean
default: false
enum:
- true
- false
dhcp-snoop-inf-opt-remoteid:
description: "It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier"
type: string
@@ -354,7 +342,7 @@ properties:
minimum: 1
maximum: 4095
acl-ethertype:
description: Filters packets based on the custom EtherType field in the Ethernet frame
description: Filters packets based on the custom EtherType field (HEX) in the Ethernet frame
type: string
default: "800"
acl-ethertype-bitmask:
@@ -402,7 +390,7 @@ properties:
acl-ip-source-port:
description: Specifies the source port number for filtering
type: integer
minimum: 0
minimum: 1
maximum: 65535
acl-ip-source-port-bitmask:
description: The mask applied to the source port number
@@ -412,7 +400,7 @@ properties:
acl-ip-dest-port:
description: Specifies the destination port number for filtering
type: integer
minimum: 0
minimum: 1
maximum: 65535
acl-ip-dest-port-bitmask:
description: The mask applied to the destination port number
@@ -427,9 +415,6 @@ properties:
description: Enable/Disable MVR globally on the switch.
type: boolean
default: false
enum:
- true
- false
mvr-proxy-query-intvl:
description:
This command configures the interval (in seconds) at which the receiver port sends out general queries.
@@ -444,9 +429,6 @@ properties:
acts as an MVR router with querier service enabled.
type: boolean
default: false
enum:
- true
- false
mvr-robustness-val:
description:
Configure the expected packet loss, and thereby the number of times to generate report
@@ -483,9 +465,6 @@ properties:
description: Enable/disable Multicast VLAN Registration (MVR) for a specific domain.
type: boolean
default: false
enum:
- true
- false
mvr-domain-vlan-id:
description:
Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received.
@@ -498,7 +477,6 @@ properties:
description: Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain.
type: string
format: ipv4
default: 0.0.0.0
examples:
- 192.168.0.5
mvr-group-config:
@@ -521,13 +499,12 @@ properties:
format: ipv4
description: Statically configure all multicast group addresses that will join an MVR VLAN. Map a range of MVR group addresses to a profile
mvr-group-assoc-domain:
descpription: Map the MVR Group to a secific domain. There can be many profiles under a single domain
type: array
items:
type: integer
description: Map the MVR Group to a specific domain. There can be many profiles under a single domain
maximum: 10
minimum: 1
description: Configures the associated domains where this group is mapped to.
required:
- mvr-group-name
- mvr-group-range-start

10
state/interface.yml
View File

@@ -81,10 +81,6 @@ items:
mvr-intf-fwd-status:
description: Shows if MVR traffic is being forwarded or discarded.
type: boolean
default: false
enum:
- true
- false
mvr-intf-igmp-count-reports:
description: The number of IGMP membership reports received on this interface.
type: integer
@@ -130,14 +126,12 @@ items:
- ipv6Ext
- mac
- arp
default: None
acl-rule-action:
description: "Indicates the action (permit or deny) taken when an ACL rule is matched."
type: string
enum:
- permit
- deny
default: permit
acl-hit-count:
description: "The number of times an ACL rule has been matched by traffic."
type: number
@@ -174,9 +168,7 @@ items:
type: string
format: ipv4
dhcp-snoop-bind-lease-seconds:
description: >
This indicates the lease time in seconds for the IP address assigned
to the DHCP client, after which the IP address may be reassigned
description: This indicates the lease time in seconds for the IP address assigned to the DHCP client, after which the IP address may be reassigned
type: integer
dhcp-snoop-bind-type:
description: Specifies the type of binding entry, such as dynamic or static, indicating how the IP address was assigned to the client

2
ucentral.capabilities.pretty.json
View File

@@ -204,7 +204,7 @@
"System-SwUpdate",
"System-SwUpdate-Partial",
"Port-Mirroring",
"MAC-",
"MAC-ACL",
"Guest-VLAN",
"Service-SSH",
"Service-RSSH",

81
ucentral.schema.full.json
View File

@@ -1032,11 +1032,7 @@
"dhcp-snoop-enable": {
"description": "Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-rate-limit": {
"description": "Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks",
@@ -1047,29 +1043,17 @@
"dhcp-snoop-mac-verify": {
"description": "This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-inf-opt-82": {
"description": "This refers to the insertion of information option 82 in DHCP packets, which adds more details about the client\u2019s location and network information for tracking and control purposes",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-inf-opt-encode-subopt": {
"description": "This parameter allows for the encoding of sub-options within option 82 to further specify client information",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-inf-opt-remoteid": {
"description": "It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier",
@@ -1164,7 +1148,7 @@
"maximum": 4095
},
"acl-ethertype": {
"description": "Filters packets based on the custom EtherType field in the Ethernet frame",
"description": "Filters packets based on the custom EtherType field (HEX) in the Ethernet frame",
"type": "string",
"default": "800"
},
@@ -1223,7 +1207,7 @@
"acl-ip-source-port": {
"description": "Specifies the source port number for filtering",
"type": "integer",
"minimum": 0,
"minimum": 1,
"maximum": 65535
},
"acl-ip-source-port-bitmask": {
@@ -1235,7 +1219,7 @@
"acl-ip-dest-port": {
"description": "Specifies the destination port number for filtering",
"type": "integer",
"minimum": 0,
"minimum": 1,
"maximum": 65535
},
"acl-ip-dest-port-bitmask": {
@@ -1254,11 +1238,7 @@
"mvr-enable": {
"description": "Enable/Disable MVR globally on the switch.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"mvr-proxy-query-intvl": {
"description": "This command configures the interval (in seconds) at which the receiver port sends out general queries. The maximum value is determined based on 12 hours as maximum interval, and minimum as 1 second as allowed value.",
@@ -1270,11 +1250,7 @@
"mvr-proxy-switching": {
"description": "Enable the MVR proxy switching mode, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"mvr-robustness-val": {
"description": "Configure the expected packet loss, and thereby the number of times to generate report and group-specific queries when changes are learned about downstream groups, and the number of times group-specific queries are sent to downstream receiver ports. Right configuration ensures that multicast group memberships are correctly maintained even if some control messages are lost due to network issues.",
@@ -1310,11 +1286,7 @@
"mvr-domain-enable": {
"description": "Enable/disable Multicast VLAN Registration (MVR) for a specific domain.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"mvr-domain-vlan-id": {
"description": "Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received. This is the VLAN to which all source ports must be assigned.",
@@ -1327,7 +1299,6 @@
"description": "Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain.",
"type": "string",
"format": "ipv4",
"default": "0.0.0.0",
"examples": [
"192.168.0.5"
]
@@ -1358,14 +1329,13 @@
"description": "Statically configure all multicast group addresses that will join an MVR VLAN. Map a range of MVR group addresses to a profile"
},
"mvr-group-assoc-domain": {
"descpription": "Map the MVR Group to a secific domain. There can be many profiles under a single domain",
"type": "array",
"items": {
"type": "integer",
"description": "Map the MVR Group to a specific domain. There can be many profiles under a single domain",
"maximum": 10,
"minimum": 1
},
"description": "Configures the associated domains where this group is mapped to."
}
}
},
"required": [
@@ -2005,11 +1975,7 @@
"dhcp-snoop-vlan-enable": {
"description": "Enables DHCP Snooping on a VLAN",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp": {
"description": "This section describes the DHCP server configuration",
@@ -2334,11 +2300,7 @@
"acl-inf-counters-ingress": {
"description": "Tracks the number and type of packets that match the ingress ACL rules on an interface.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"acl-inf-policy-egress": {
"description": "Specifies the ACL policy that is applied to outgoing traffic from an interface.",
@@ -2352,11 +2314,7 @@
"acl-inf-counters-egress": {
"description": "Tracks the number and type of packets that match the egress ACL rules on an interface.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
}
}
}
@@ -2368,17 +2326,12 @@
"dhcp-snoop-port-trust": {
"description": "This parameter designates a switch port as \u2018trusted\u2019 for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-port-client-limit": {
"description": "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network\u2019s IP address pool",
"type": "integer",
"minimum": 1,
"maximum": 16
"minimum": 1
},
"dhcp-snoop-port-circuit-id": {
"description": "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting",

75
ucentral.schema.json
View File

@@ -770,11 +770,7 @@
"properties": {
"dhcp-snoop-enable": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-rate-limit": {
"type": "integer",
@@ -783,27 +779,15 @@
},
"dhcp-snoop-mac-verify": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-inf-opt-82": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-inf-opt-encode-subopt": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-inf-opt-remoteid": {
"type": "string",
@@ -933,7 +917,7 @@
},
"acl-ip-source-port": {
"type": "integer",
"minimum": 0,
"minimum": 1,
"maximum": 65535
},
"acl-ip-source-port-bitmask": {
@@ -943,7 +927,7 @@
},
"acl-ip-dest-port": {
"type": "integer",
"minimum": 0,
"minimum": 1,
"maximum": 65535
},
"acl-ip-dest-port-bitmask": {
@@ -959,11 +943,7 @@
"properties": {
"mvr-enable": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"mvr-proxy-query-intvl": {
"type": "integer",
@@ -973,11 +953,7 @@
},
"mvr-proxy-switching": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"mvr-robustness-val": {
"type": "integer",
@@ -1008,11 +984,7 @@
},
"mvr-domain-enable": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"mvr-domain-vlan-id": {
"type": "integer",
@@ -1023,7 +995,6 @@
"mvr-domain-upstream-sip": {
"type": "string",
"format": "ipv4",
"default": "0.0.0.0",
"examples": [
"192.168.0.5"
]
@@ -1050,6 +1021,7 @@
"format": "ipv4"
},
"mvr-group-assoc-domain": {
"descpription": "Map the MVR Group to a secific domain. There can be many profiles under a single domain",
"type": "array",
"items": {
"type": "integer",
@@ -1667,11 +1639,7 @@
},
"dhcp-snoop-vlan-enable": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
@@ -1873,11 +1841,7 @@
},
"acl-inf-counters-ingress": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"acl-inf-policy-egress": {
"type": "string",
@@ -1889,11 +1853,7 @@
},
"acl-inf-counters-egress": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
}
}
}
@@ -1903,16 +1863,11 @@
"properties": {
"dhcp-snoop-port-trust": {
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-port-client-limit": {
"type": "integer",
"minimum": 1,
"maximum": 16
"minimum": 1
},
"dhcp-snoop-port-circuit-id": {
"type": "string",

81
ucentral.schema.pretty.json
View File

@@ -883,11 +883,7 @@
"dhcp-snoop-enable": {
"description": "Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-rate-limit": {
"description": "Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks",
@@ -898,29 +894,17 @@
"dhcp-snoop-mac-verify": {
"description": "This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-inf-opt-82": {
"description": "This refers to the insertion of information option 82 in DHCP packets, which adds more details about the client\u2019s location and network information for tracking and control purposes",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-inf-opt-encode-subopt": {
"description": "This parameter allows for the encoding of sub-options within option 82 to further specify client information",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-inf-opt-remoteid": {
"description": "It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier",
@@ -1015,7 +999,7 @@
"maximum": 4095
},
"acl-ethertype": {
"description": "Filters packets based on the custom EtherType field in the Ethernet frame",
"description": "Filters packets based on the custom EtherType field (HEX) in the Ethernet frame",
"type": "string",
"default": "800"
},
@@ -1074,7 +1058,7 @@
"acl-ip-source-port": {
"description": "Specifies the source port number for filtering",
"type": "integer",
"minimum": 0,
"minimum": 1,
"maximum": 65535
},
"acl-ip-source-port-bitmask": {
@@ -1086,7 +1070,7 @@
"acl-ip-dest-port": {
"description": "Specifies the destination port number for filtering",
"type": "integer",
"minimum": 0,
"minimum": 1,
"maximum": 65535
},
"acl-ip-dest-port-bitmask": {
@@ -1105,11 +1089,7 @@
"mvr-enable": {
"description": "Enable/Disable MVR globally on the switch.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"mvr-proxy-query-intvl": {
"description": "This command configures the interval (in seconds) at which the receiver port sends out general queries. The maximum value is determined based on 12 hours as maximum interval, and minimum as 1 second as allowed value.",
@@ -1121,11 +1101,7 @@
"mvr-proxy-switching": {
"description": "Enable the MVR proxy switching mode, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"mvr-robustness-val": {
"description": "Configure the expected packet loss, and thereby the number of times to generate report and group-specific queries when changes are learned about downstream groups, and the number of times group-specific queries are sent to downstream receiver ports. Right configuration ensures that multicast group memberships are correctly maintained even if some control messages are lost due to network issues.",
@@ -1161,11 +1137,7 @@
"mvr-domain-enable": {
"description": "Enable/disable Multicast VLAN Registration (MVR) for a specific domain.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"mvr-domain-vlan-id": {
"description": "Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received. This is the VLAN to which all source ports must be assigned.",
@@ -1178,7 +1150,6 @@
"description": "Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain.",
"type": "string",
"format": "ipv4",
"default": "0.0.0.0",
"examples": [
"192.168.0.5"
]
@@ -1209,14 +1180,13 @@
"description": "Statically configure all multicast group addresses that will join an MVR VLAN. Map a range of MVR group addresses to a profile"
},
"mvr-group-assoc-domain": {
"descpription": "Map the MVR Group to a secific domain. There can be many profiles under a single domain",
"type": "array",
"items": {
"type": "integer",
"description": "Map the MVR Group to a specific domain. There can be many profiles under a single domain",
"maximum": 10,
"minimum": 1
},
"description": "Configures the associated domains where this group is mapped to."
}
}
},
"required": [
@@ -1913,11 +1883,7 @@
"dhcp-snoop-vlan-enable": {
"description": "Enables DHCP Snooping on a VLAN",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
@@ -2143,11 +2109,7 @@
"acl-inf-counters-ingress": {
"description": "Tracks the number and type of packets that match the ingress ACL rules on an interface.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"acl-inf-policy-egress": {
"description": "Specifies the ACL policy that is applied to outgoing traffic from an interface.",
@@ -2161,11 +2123,7 @@
"acl-inf-counters-egress": {
"description": "Tracks the number and type of packets that match the egress ACL rules on an interface.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
}
}
}
@@ -2177,17 +2135,12 @@
"dhcp-snoop-port-trust": {
"description": "This parameter designates a switch port as \u2018trusted\u2019 for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"default": false
},
"dhcp-snoop-port-client-limit": {
"description": "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network\u2019s IP address pool",
"type": "integer",
"minimum": 1,
"maximum": 16
"minimum": 1
},
"dhcp-snoop-port-circuit-id": {
"description": "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting",

15
ucentral.state.pretty.json
View File

@@ -820,12 +820,7 @@
"properties": {
"mvr-intf-fwd-status": {
"description": "Shows if MVR traffic is being forwarded or discarded.",
"type": "boolean",
"default": false,
"enum": [
true,
false
]
"type": "boolean"
},
"mvr-intf-igmp-count-reports": {
"description": "The number of IGMP membership reports received on this interface.",
@@ -882,8 +877,7 @@
"ipv6Ext",
"mac",
"arp"
],
"default": "None"
]
},
"acl-rule-action": {
"description": "Indicates the action (permit or deny) taken when an ACL rule is matched.",
@@ -891,8 +885,7 @@
"enum": [
"permit",
"deny"
],
"default": "permit"
]
},
"acl-hit-count": {
"description": "The number of times an ACL rule has been matched by traffic.",
@@ -942,7 +935,7 @@
"format": "ipv4"
},
"dhcp-snoop-bind-lease-seconds": {
"description": "This indicates the lease time in seconds for the IP address assigned to the DHCP client, after which the IP address may be reassigned\n",
"description": "This indicates the lease time in seconds for the IP address assigned to the DHCP client, after which the IP address may be reassigned",
"type": "integer"
},
"dhcp-snoop-bind-type": {