scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-30 01:32:26 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: scottk:Sprint-8-OLS---Rate-Limiting-schema
Branches Tags
scottk:main scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7
...
compare: scottk:v4.0.0-rc1
Branches Tags
scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:main scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7

7 Commits
Sprint-8-O ... v4.0.0-rc1

Author SHA1 Message Date
Mike Hansen
f394cb4019 Merge pull request #38 from Telecominfraproject/OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release 
[OLS-578] Tag ols-ucentral-client and ols-ucentral-schema 4.0.0 pre-r…
 2025-02-05 08:16:49 -05:00
Mike Hansen
5e345b22a3 [OLS-578] Tag ols-ucentral-client and ols-ucentral-schema 4.0.0 pre-release 
Update to 4.0.0

Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2025-02-04 12:21:40 -05:00
Mike Hansen
dcd935359c Merge pull request #36 from Telecominfraproject/Sprint-8-OLS-ARP-Inspect-Schema 
ols-556-sprint8-arp-inspect-schema-draft
 2025-02-04 12:09:05 -05:00
Mike Hansen
362e03a363 Resolving merge issues 2025-02-04 12:08:04 -05:00
Mike Hansen
51c5b1b9f4 Merge pull request #34 from Telecominfraproject/Sprint-8-OLS---Rate-Limiting-schema 
Sprint-8 OLS Rate Limiting Schema change
 2025-02-04 11:54:02 -05:00
Binny
1d052a18c2 created new files, and accomodated review comments 2025-01-29 15:36:13 +00:00
Binny
59ad89be0f ols-556-sprint8-arp-inspect-schema-draft 2025-01-22 14:48:04 +00:00
14 changed files with 313 additions and 10 deletions
Expand all files Collapse all files

8
docs/ucentral-schema.html
View File

File diff suppressed because one or more lines are too long

2
docs/ucentral-state.html
View File

File diff suppressed because one or more lines are too long

2
docs/ucentral.capabilities.html
View File

File diff suppressed because one or more lines are too long

6
schema.json
View File

@@ -1,5 +1,5 @@
{
"major": 3,
"minor": 2,
"patch": 7
"major": 4,
"minor": 0,
"patch": 0
}

12
schema/ethernet.yml
View File

@@ -368,6 +368,18 @@ properties:
type: boolean
description: Enables the transmission of SNMP trap notifications about LLDP changes.
default: false
ip-arp-inspect-port:
type: object
description: Configuration for ARP Inspection on specific interfaces or ports in the switch.
properties:
rate-limit-pps:
type: integer
description: Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.
minimum: 0
maximum: 65535
trusted:
type: boolean
description: Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks.
rate-limit-port:
type: object
description: Configuration for ingress and egress rate limiting on a specific port (in kbps)

14
schema/interface.ipv4.arp-inspect.yml Normal file
View File

@@ -0,0 +1,14 @@
type: object
description: Configuration for ARP Inspection on specific VLANs in the switch.
properties:
vlan-enable:
type: boolean
description: Enable or disable ARP Inspection for a specified VLAN.
vlan-acl-rule:
type: string
description: Specifies an ARP ACL to apply to one or more VLANs.
maxLength: 32
minLength: 1
vlan-acl-nodhcp-bindings:
type: boolean
description: Validate ARP packets against only the specified ACL without checking address bindings in the DHCP snooping database.

2
schema/interface.ipv4.yml
View File

@@ -200,6 +200,8 @@ properties:
description: "Enables DHCP Snooping on a VLAN"
type: boolean
default: false
ip-arp-inspect-vlan:
$ref: "https://ucentral.io/schema/v1/interface/ipv4/arp-inspect/"
dhcp:
$ref: "https://ucentral.io/schema/v1/interface/ipv4/dhcp/"
dhcp-leases:

19
schema/switch.arp-inspect.yml Normal file
View File

@@ -0,0 +1,19 @@
type: object
description: Global configuration for ARP Inspection on the switch.
properties:
ip-arp-inspect:
type: boolean
description: Enable or disable ARP Inspection globally.
default: false
validate-dst-mac:
type: boolean
description: Validate that the destination MAC address in the Ethernet header matches the target MAC address in the ARP body for ARP responses.
validate-ip:
type: boolean
description: Validate ARP packets for unexpected or invalid IP addresses, such as 0.0.0.0, 255.255.255.255, and IP multicast addresses.
validate-allow-zeros:
type: boolean
description: Allow ARP packets where the sender IP address is 0.0.0.0.
validate-src-mac:
type: boolean
description: Validate that the source MAC address in the Ethernet header matches the sender MAC address in the ARP body for both ARP requests and responses.

2
schema/switch.yml
View File

@@ -537,6 +537,8 @@ properties:
minLength: 1
examples:
- "A VoIP Phone"
arp-inspect:
$ref: "https://ucentral.io/schema/v1/switch/arp-inspect/"
ip-source-guard:
$ref: "https://ucentral.io/schema/v1/switch/ip-source-guard/"
rt-events:

30
state/state.yml
View File

@@ -60,6 +60,34 @@ properties:
type: string
description:
Current interface that serves as the Uplink. Example Ethernet2.
arp-inspect-stats:
type: object
description: Statistics related to ARP Inspection activity in the switch.
properties:
arp-pkt-rcvd:
type: integer
description: Total number of ARP packets received.
arp-pkt-dropped-rate-limit:
type: integer
description: Number of ARP packets dropped due to rate limiting.
arp-pkt-processed:
type: integer
description: Total number of ARP packets processed by ARP Inspection.
arp-pkt-dropped-src-mac:
type: integer
description: Number of ARP packets dropped due to source MAC address validation failures.
arp-pkt-dropped-dst-mac:
type: integer
description: Number of ARP packets dropped due to destination MAC address validation failures.
arp-pkt-dropped-ip:
type: integer
description: Number of ARP packets dropped due to IP address validation failures."
arp-pkt-dropped-acl:
type: integer
description: Number of ARP packets dropped due to ARP ACL rules.
arp-pkt-dropped-dhcp:
type: integer
description: Number of ARP packets dropped due to DHCP snooping validation failures.
ip-source-guard:
type: object
description: Represents the configuration and state of IP Source Guard.
@@ -85,4 +113,4 @@ properties:
maximum: 4095
blocked-interface:
type: string
description: The interface (e.g., port) where the blocked entry was detected.
description: The interface (e.g., port) where the blocked entry was detected.

63
ucentral.schema.full.json
View File

@@ -589,6 +589,22 @@
}
}
},
"ip-arp-inspect-port": {
"type": "object",
"description": "Configuration for ARP Inspection on specific interfaces or ports in the switch.",
"properties": {
"rate-limit-pps": {
"type": "integer",
"description": "Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.",
"minimum": 0,
"maximum": 65535
},
"trusted": {
"type": "boolean",
"description": "Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks."
}
}
},
"rate-limit-port": {
"type": "object",
"description": "Configuration for ingress and egress rate limiting on a specific port (in kbps)",
@@ -1363,6 +1379,33 @@
}
}
},
"arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",
"properties": {
"ip-arp-inspect": {
"type": "boolean",
"description": "Enable or disable ARP Inspection globally.",
"default": false
},
"validate-dst-mac": {
"type": "boolean",
"description": "Validate that the destination MAC address in the Ethernet header matches the target MAC address in the ARP body for ARP responses."
},
"validate-ip": {
"type": "boolean",
"description": "Validate ARP packets for unexpected or invalid IP addresses, such as 0.0.0.0, 255.255.255.255, and IP multicast addresses."
},
"validate-allow-zeros": {
"type": "boolean",
"description": "Allow ARP packets where the sender IP address is 0.0.0.0."
},
"validate-src-mac": {
"type": "boolean",
"description": "Validate that the source MAC address in the Ethernet header matches the sender MAC address in the ARP body for both ARP requests and responses."
}
}
},
"ip-source-guard": {
"type": "object",
"description": "Configuration for IP Source Guard global static bindings in a Layer 2 switch.",
@@ -2168,6 +2211,26 @@
"type": "boolean",
"default": false
},
"ip-arp-inspect-vlan": {
"type": "object",
"description": "Configuration for ARP Inspection on specific VLANs in the switch.",
"properties": {
"vlan-enable": {
"type": "boolean",
"description": "Enable or disable ARP Inspection for a specified VLAN."
},
"vlan-acl-rule": {
"type": "string",
"description": "Specifies an ARP ACL to apply to one or more VLANs.",
"maxLength": 32,
"minLength": 1
},
"vlan-acl-nodhcp-bindings": {
"type": "boolean",
"description": "Validate ARP packets against only the specified ACL without checking address bindings in the DHCP snooping database."
}
}
},
"dhcp": {
"description": "This section describes the DHCP server configuration",
"type": "object",

56
ucentral.schema.json
View File

@@ -529,6 +529,19 @@
}
}
},
"ip-arp-inspect-port": {
"type": "object",
"properties": {
"rate-limit-pps": {
"type": "integer",
"minimum": 0,
"maximum": 65535
},
"trusted": {
"type": "boolean"
}
}
},
"rate-limit-port": {
"type": "object",
"properties": {
@@ -658,6 +671,27 @@
}
}
},
"switch.arp-inspect": {
"type": "object",
"properties": {
"ip-arp-inspect": {
"type": "boolean",
"default": false
},
"validate-dst-mac": {
"type": "boolean"
},
"validate-ip": {
"type": "boolean"
},
"validate-allow-zeros": {
"type": "boolean"
},
"validate-src-mac": {
"type": "boolean"
}
}
},
"switch.ip-source-guard": {
"type": "object",
"properties": {
@@ -1519,6 +1553,9 @@
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},
"ip-source-guard": {
"$ref": "#/$defs/switch.ip-source-guard"
},
@@ -1624,6 +1661,22 @@
}
}
},
"interface.ipv4.arp-inspect": {
"type": "object",
"properties": {
"vlan-enable": {
"type": "boolean"
},
"vlan-acl-rule": {
"type": "string",
"maxLength": 32,
"minLength": 1
},
"vlan-acl-nodhcp-bindings": {
"type": "boolean"
}
}
},
"interface.ipv4.dhcp": {
"type": "object",
"properties": {
@@ -1928,6 +1981,9 @@
"type": "boolean",
"default": false
},
"ip-arp-inspect-vlan": {
"$ref": "#/$defs/interface.ipv4.arp-inspect"
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
},

69
ucentral.schema.pretty.json
View File

@@ -623,6 +623,22 @@
}
}
},
"ip-arp-inspect-port": {
"type": "object",
"description": "Configuration for ARP Inspection on specific interfaces or ports in the switch.",
"properties": {
"rate-limit-pps": {
"type": "integer",
"description": "Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.",
"minimum": 0,
"maximum": 65535
},
"trusted": {
"type": "boolean",
"description": "Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks."
}
}
},
"rate-limit-port": {
"type": "object",
"description": "Configuration for ingress and egress rate limiting on a specific port (in kbps)",
@@ -774,6 +790,33 @@
}
}
},
"switch.arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",
"properties": {
"ip-arp-inspect": {
"type": "boolean",
"description": "Enable or disable ARP Inspection globally.",
"default": false
},
"validate-dst-mac": {
"type": "boolean",
"description": "Validate that the destination MAC address in the Ethernet header matches the target MAC address in the ARP body for ARP responses."
},
"validate-ip": {
"type": "boolean",
"description": "Validate ARP packets for unexpected or invalid IP addresses, such as 0.0.0.0, 255.255.255.255, and IP multicast addresses."
},
"validate-allow-zeros": {
"type": "boolean",
"description": "Allow ARP packets where the sender IP address is 0.0.0.0."
},
"validate-src-mac": {
"type": "boolean",
"description": "Validate that the source MAC address in the Ethernet header matches the sender MAC address in the ARP body for both ARP requests and responses."
}
}
},
"switch.ip-source-guard": {
"type": "object",
"description": "Configuration for IP Source Guard global static bindings in a Layer 2 switch.",
@@ -1794,6 +1837,9 @@
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},
"ip-source-guard": {
"$ref": "#/$defs/switch.ip-source-guard"
},
@@ -1913,6 +1959,26 @@
}
}
},
"interface.ipv4.arp-inspect": {
"type": "object",
"description": "Configuration for ARP Inspection on specific VLANs in the switch.",
"properties": {
"vlan-enable": {
"type": "boolean",
"description": "Enable or disable ARP Inspection for a specified VLAN."
},
"vlan-acl-rule": {
"type": "string",
"description": "Specifies an ARP ACL to apply to one or more VLANs.",
"maxLength": 32,
"minLength": 1
},
"vlan-acl-nodhcp-bindings": {
"type": "boolean",
"description": "Validate ARP packets against only the specified ACL without checking address bindings in the DHCP snooping database."
}
}
},
"interface.ipv4.dhcp": {
"description": "This section describes the DHCP server configuration",
"type": "object",
@@ -2264,6 +2330,9 @@
"type": "boolean",
"default": false
},
"ip-arp-inspect-vlan": {
"$ref": "#/$defs/interface.ipv4.arp-inspect"
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
},

38
ucentral.state.pretty.json
View File

@@ -86,6 +86,44 @@
"type": "string",
"description": "Current interface that serves as the Uplink. Example Ethernet2."
},
"arp-inspect-stats": {
"type": "object",
"description": "Statistics related to ARP Inspection activity in the switch.",
"properties": {
"arp-pkt-rcvd": {
"type": "integer",
"description": "Total number of ARP packets received."
},
"arp-pkt-dropped-rate-limit": {
"type": "integer",
"description": "Number of ARP packets dropped due to rate limiting."
},
"arp-pkt-processed": {
"type": "integer",
"description": "Total number of ARP packets processed by ARP Inspection."
},
"arp-pkt-dropped-src-mac": {
"type": "integer",
"description": "Number of ARP packets dropped due to source MAC address validation failures."
},
"arp-pkt-dropped-dst-mac": {
"type": "integer",
"description": "Number of ARP packets dropped due to destination MAC address validation failures."
},
"arp-pkt-dropped-ip": {
"type": "integer",
"description": "Number of ARP packets dropped due to IP address validation failures.\""
},
"arp-pkt-dropped-acl": {
"type": "integer",
"description": "Number of ARP packets dropped due to ARP ACL rules."
},
"arp-pkt-dropped-dhcp": {
"type": "integer",
"description": "Number of ARP packets dropped due to DHCP snooping validation failures."
}
}
},
"ip-source-guard": {
"type": "object",
"description": "Represents the configuration and state of IP Source Guard.",